@celilo/cli 0.3.16 → 0.3.18

package/src/services/module-validator/workspace-deps.test.ts

@@ -0,0 +1,137 @@
+/**
+ * Workspace-dep checker tests.
+ *
+ * These are unit tests — npm metadata is stubbed via the injected
+ * fetcher. The orchestrator's integration test (in index.test.ts)
+ * exercises the same code path against fixture modules.
+ */
+
+import { describe, expect, test } from 'bun:test';
+import { mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import type { NpmMetadata } from './types';
+import { checkWorkspaceDeps } from './workspace-deps';
+
+function makeFixture(packageJson: Record<string, unknown>): string {
+  const dir = mkdtempSync(join(tmpdir(), 'celilo-workspace-deps-'));
+  writeFileSync(join(dir, 'package.json'), JSON.stringify(packageJson));
+  return dir;
+}
+
+function stubNpm(versions: Record<string, string>) {
+  return async (name: string): Promise<NpmMetadata | null> => {
+    const v = versions[name];
+    return v ? { name, latestVersion: v } : null;
+  };
+}
+
+describe('checkWorkspaceDeps', () => {
+  test('ok when no @celilo/* deps are declared', async () => {
+    const dir = makeFixture({ dependencies: { yaml: '^2.0.0' } });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({}));
+      expect(checks).toHaveLength(1);
+      expect(checks[0].status).toBe('ok');
+      expect(checks[0].message).toContain('no @celilo/* dependencies');
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('ok when no package.json exists', async () => {
+    const dir = mkdtempSync(join(tmpdir(), 'celilo-workspace-deps-'));
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({}));
+      expect(checks[0].status).toBe('ok');
+      expect(checks[0].message).toContain('no package.json');
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('ok when installed @celilo dep matches npm latest', async () => {
+    const dir = makeFixture({
+      dependencies: { '@celilo/capabilities': '^0.2.0' },
+    });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({ '@celilo/capabilities': '0.2.0' }));
+      expect(checks).toHaveLength(1);
+      expect(checks[0].status).toBe('ok');
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('warn for within-major drift (advisory)', async () => {
+    const dir = makeFixture({
+      dependencies: { '@celilo/capabilities': '^0.2.0' },
+    });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({ '@celilo/capabilities': '0.5.1' }));
+      expect(checks[0].status).toBe('warn');
+      expect(checks[0].suggestedValue).toBe('^0.5.1');
+      expect(checks[0].migrationUrl).toBeUndefined();
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('fail across a major bump, with migration URL', async () => {
+    const dir = makeFixture({
+      dependencies: { '@celilo/event-bus': '^0.1.4' },
+    });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({ '@celilo/event-bus': '1.0.0' }));
+      expect(checks[0].status).toBe('fail');
+      expect(checks[0].suggestedValue).toBe('^1.0.0');
+      expect(checks[0].migrationUrl).toBe('https://celilo.computer/docs/migrations/event-bus-1');
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('warn when npm is unreachable for every dep', async () => {
+    const dir = makeFixture({
+      dependencies: { '@celilo/capabilities': '^0.2.0' },
+    });
+    try {
+      // Stub returns null for everything — simulates offline.
+      const checks = await checkWorkspaceDeps(dir, async () => null);
+      expect(checks).toHaveLength(1);
+      expect(checks[0].status).toBe('warn');
+      expect(checks[0].message).toContain("couldn't reach npm");
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('partial-network: some deps resolved, others skipped', async () => {
+    const dir = makeFixture({
+      dependencies: {
+        '@celilo/capabilities': '^0.2.0',
+        '@celilo/event-bus': '^0.1.0',
+      },
+    });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({ '@celilo/capabilities': '0.2.0' }));
+      // One ok for capabilities, one synthetic warn for the missing one.
+      expect(checks.some((c) => c.status === 'ok')).toBe(true);
+      expect(checks.some((c) => c.status === 'warn' && c.message.includes('skipped'))).toBe(true);
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+
+  test('reads devDependencies as well as dependencies', async () => {
+    const dir = makeFixture({
+      devDependencies: { '@celilo/cli-display': '^0.1.0' },
+    });
+    try {
+      const checks = await checkWorkspaceDeps(dir, stubNpm({ '@celilo/cli-display': '0.1.0' }));
+      expect(checks[0].status).toBe('ok');
+    } finally {
+      rmSync(dir, { recursive: true, force: true });
+    }
+  });
+});

package/src/services/module-validator/workspace-deps.ts

@@ -0,0 +1,187 @@
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import type { Check, NpmMetadata } from './types';
+
+interface PackageJson {
+  dependencies?: Record<string, string>;
+  devDependencies?: Record<string, string>;
+}
+
+/**
+ * Real-npm fetcher used by default. Returns null when the package
+ * doesn't exist or the registry is unreachable; the orchestrator turns
+ * that into a synthetic offline-skip warning rather than failing.
+ */
+export async function defaultFetchNpmMetadata(packageName: string): Promise<NpmMetadata | null> {
+  try {
+    const res = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`);
+    if (!res.ok) return null;
+    const body = (await res.json()) as { 'dist-tags'?: { latest?: string } };
+    const latest = body['dist-tags']?.latest;
+    if (!latest) return null;
+    return { name: packageName, latestVersion: latest };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Strips a leading semver range operator (`^`, `~`, `>=`, etc.) from a
+ * version string. We only inspect the first major/minor/patch trio for
+ * drift comparisons; range semantics don't matter here.
+ */
+function stripRange(version: string): string {
+  return version.replace(/^[\^~>=<\s]+/, '').trim();
+}
+
+/**
+ * Splits a semver-like version into [major, minor, patch] integers.
+ * Returns null if the string doesn't have at least a major component.
+ */
+function parseVersion(version: string): [number, number, number] | null {
+  const stripped = stripRange(version);
+  const parts = stripped.split(/[+\-.]/, 3);
+  if (parts.length === 0) return null;
+  const [maj, min = '0', pat = '0'] = parts;
+  const M = Number.parseInt(maj, 10);
+  if (Number.isNaN(M)) return null;
+  return [M, Number.parseInt(min, 10) || 0, Number.parseInt(pat, 10) || 0];
+}
+
+function compareSemver(a: [number, number, number], b: [number, number, number]): number {
+  for (let i = 0; i < 3; i++) {
+    if (a[i] !== b[i]) return a[i] - b[i];
+  }
+  return 0;
+}
+
+/**
+ * Per-`@celilo/*`-dep freshness check.
+ *
+ * - `ok`   — installed version equals the npm latest.
+ * - `warn` — installed within the same major as latest but behind. A
+ *            within-major bump is painless; the user can take it whenever.
+ * - `fail` — latest is in a higher major than installed. Bumping is a
+ *            breaking change; the user needs to read the migration notes.
+ *
+ * Non-`@celilo/*` deps are not our problem — npm itself flags those.
+ *
+ * The npm fetch is injectable via the orchestrator; tests pass a stub
+ * so the suite isn't network-dependent.
+ */
+export async function checkWorkspaceDeps(
+  modulePath: string,
+  fetchNpmMetadata: (name: string) => Promise<NpmMetadata | null> = defaultFetchNpmMetadata,
+): Promise<Check[]> {
+  const pkgPath = join(modulePath, 'package.json');
+  let pkg: PackageJson;
+  try {
+    const raw = await readFile(pkgPath, 'utf-8');
+    pkg = JSON.parse(raw) as PackageJson;
+  } catch {
+    return [
+      {
+        category: 'workspace_dep',
+        name: 'package.json',
+        status: 'ok',
+        message: 'no package.json — skipping workspace-dep check',
+      },
+    ];
+  }
+
+  const allDeps = { ...(pkg.dependencies ?? {}), ...(pkg.devDependencies ?? {}) };
+  const celiloDeps = Object.entries(allDeps).filter(([name]) => name.startsWith('@celilo/'));
+
+  if (celiloDeps.length === 0) {
+    return [
+      {
+        category: 'workspace_dep',
+        name: '@celilo/*',
+        status: 'ok',
+        message: 'package.json declares no @celilo/* dependencies',
+      },
+    ];
+  }
+
+  const checks: Check[] = [];
+  let networkFailures = 0;
+
+  for (const [name, declared] of celiloDeps) {
+    const meta = await fetchNpmMetadata(name);
+    if (!meta) {
+      networkFailures++;
+      continue;
+    }
+    const installed = parseVersion(declared);
+    const latest = parseVersion(meta.latestVersion);
+    if (!installed || !latest) {
+      checks.push({
+        category: 'workspace_dep',
+        name,
+        status: 'warn',
+        message: `couldn't parse versions (${declared} vs ${meta.latestVersion}); skipping`,
+        currentValue: declared,
+        suggestedValue: meta.latestVersion,
+      });
+      continue;
+    }
+
+    const cmp = compareSemver(installed, latest);
+    if (cmp === 0) {
+      checks.push({
+        category: 'workspace_dep',
+        name,
+        status: 'ok',
+        message: `${name} ${declared} matches latest ${meta.latestVersion}`,
+        currentValue: declared,
+      });
+    } else if (installed[0] === latest[0]) {
+      checks.push({
+        category: 'workspace_dep',
+        name,
+        status: 'warn',
+        message: `${name} ${declared} is behind latest ${meta.latestVersion} (within-major bump available)`,
+        currentValue: declared,
+        suggestedValue: `^${meta.latestVersion}`,
+      });
+    } else if (installed[0] < latest[0]) {
+      const major = latest[0];
+      const shortName = name.replace(/^@celilo\//, '');
+      checks.push({
+        category: 'workspace_dep',
+        name,
+        status: 'fail',
+        message: `${name} ${declared} is across a major bump from latest ${meta.latestVersion} (BREAKING)`,
+        currentValue: declared,
+        suggestedValue: `^${meta.latestVersion}`,
+        migrationUrl: `https://celilo.computer/docs/migrations/${shortName}-${major}`,
+      });
+    } else {
+      checks.push({
+        category: 'workspace_dep',
+        name,
+        status: 'warn',
+        message: `${name} ${declared} is ahead of npm latest ${meta.latestVersion} (publishing in progress?)`,
+        currentValue: declared,
+      });
+    }
+  }
+
+  if (networkFailures > 0 && checks.length === 0) {
+    checks.push({
+      category: 'workspace_dep',
+      name: '@celilo/*',
+      status: 'warn',
+      message: `workspace-dep check skipped: couldn't reach npm for ${networkFailures} package(s)`,
+    });
+  } else if (networkFailures > 0) {
+    checks.push({
+      category: 'workspace_dep',
+      name: '@celilo/* (partial)',
+      status: 'warn',
+      message: `${networkFailures} package(s) skipped: couldn't reach npm`,
+    });
+  }
+
+  return checks;
+}

package/src/services/terminal-responder.ts

@@ -325,6 +325,13 @@ async function promptForSecret(payload: SecretRequiredPayload): Promise<string |
     : `${payload.module}.${payload.key}:`;
   const style = payload.style ?? 'user_provided';
 
+  // string-map: Record<string, string> gathered via add-loop, stored as
+  // JSON. Bypasses the style switch — string-map secrets are always
+  // collected key-by-key, never as a single masked input.
+  if (payload.type === 'string-map') {
+    return promptForStringMap(payload);
+  }
+
   if (style === 'user_password') {
     while (true) {
       const value = await promptPassword({
@@ -368,6 +375,74 @@ async function promptForSecret(payload: SecretRequiredPayload): Promise<string |
   return value;
 }
 
+/**
+ * Add-loop UX for `type: string-map` secrets. Collects key/value pairs
+ * one at a time (key via `promptText`, value via `promptPassword` since
+ * we're inside the secret responder), then JSON-stringifies the result
+ * for storage. The operator never has to type braces, quotes, or commas.
+ *
+ * Empty key terminates the loop. If `payload.required` and zero entries
+ * have been collected, we re-ask rather than ack-ing with an empty map —
+ * the alternative would be a successful "ack" that fails downstream
+ * validation, which is worse UX.
+ */
+async function promptForStringMap(payload: SecretRequiredPayload): Promise<string | undefined> {
+  const keyLabel = payload.key_label ?? 'key';
+  const valueLabel = payload.value_label ?? 'value';
+  const header = payload.description
+    ? `${payload.module}.${payload.key} — ${payload.description}`
+    : `${payload.module}.${payload.key}`;
+  log.message(header);
+  log.message(
+    `Add ${keyLabel.toLowerCase()} → ${valueLabel.toLowerCase()} entries one at a time. Press Enter on an empty ${keyLabel.toLowerCase()} when done.`,
+  );
+
+  const collected: Record<string, string> = {};
+
+  while (true) {
+    const count = Object.keys(collected).length;
+    const keyMessage = count === 0 ? `${keyLabel}:` : `${keyLabel} (or Enter to finish):`;
+
+    const key = await promptText({
+      message: keyMessage,
+      validate: () => undefined, // empty = finish
+    });
+    if (key === undefined) {
+      // User cancelled (Ctrl-C). Return undefined so the responder
+      // doesn't ack — the deploy stays paused.
+      return undefined;
+    }
+    const trimmedKey = key.trim();
+    if (trimmedKey === '') {
+      if (count === 0 && payload.required) {
+        log.error(
+          `At least one ${keyLabel.toLowerCase()} is required. Add an entry or Ctrl-C to cancel.`,
+        );
+        continue;
+      }
+      break;
+    }
+
+    if (collected[trimmedKey] !== undefined) {
+      log.warn(`${keyLabel} '${trimmedKey}' was already entered — overwriting previous value.`);
+    }
+
+    const value = await promptPassword({
+      message: `${valueLabel} for '${trimmedKey}':`,
+      validate: (val) => (!val || val.trim() === '' ? 'Required' : undefined),
+    });
+    if (value === undefined) {
+      // User cancelled mid-entry; abort the whole interview.
+      return undefined;
+    }
+
+    collected[trimmedKey] = value;
+    log.success(`Added ${trimmedKey}`);
+  }
+
+  return JSON.stringify(collected);
+}
+
 /**
  * Short hint shown in the prompt for non-string types so the operator
  * isn't guessing what shape we want. Returns null for plain strings —