npm - @celilo/cli - Versions diffs - 0.3.29 → 0.3.30 - Mend

@celilo/cli 0.3.29 → 0.3.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/cli/commands/module-upgrade.test.ts +59 -0
package/src/cli/commands/system-update.ts +96 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@celilo/cli",
-  "version": "0.3.29",
+  "version": "0.3.30",
   "description": "Celilo — home lab orchestration CLI",
   "type": "module",
   "bin": {

package/src/cli/commands/module-upgrade.test.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
+import { eq } from 'drizzle-orm';
 import { type DbClient, getDb } from '../../db/client';
 import { modules } from '../../db/schema';
 import { classifyVersionChange, upgradeOne } from './module-upgrade';
@@ -153,4 +154,62 @@ description: fixture
     if (quietResult.status !== 'success') return;
     expect(quietResult.newVersion).toBe('1.0.0');
   });
+  // Regression for the namecheap stale-findings problem: the upgrade
+  // path MUST overwrite manifestData with the new manifest — otherwise
+  // any subsequent audit (or any code path that reads from the DB)
+  // sees the OLD manifest's required vars even after the operator
+  // upgraded to a version that removed them. The user hit this on
+  // celilo-mgmt: namecheap@3.1.1+6 dropped the `domains` variable, but
+  // post-upgrade the audit still complained "required config 'domains'
+  // is not set" because the DB's manifestData hadn't been refreshed.
+  test('persists new manifest to modules.manifestData (not just .version)', async () => {
+    // Write a brand-new manifest.yml in srcDir that REMOVES a
+    // variable the old DB record had. After upgrade, the modules
+    // row's manifestData should reflect the removal.
+    writeFileSync(
+      join(srcDir, 'manifest.yml'),
+      `celilo_contract: "1.0"
+id: testmod
+name: Test Module Renamed
+version: 2.0.0
+description: fixture v2
+variables:
+  owns: []
+  imports: []
+`,
+    );
+    // Simulate the DB starting in a state where manifestData has a
+    // `variables.owns` array — the namecheap-3.1.0 → 3.1.1 case.
+    db.update(modules)
+      .set({
+        manifestData: {
+          celilo_contract: '1.0',
+          id: 'testmod',
+          name: 'Test Module',
+          version: '1.0.0',
+          variables: { owns: [{ name: 'domains', type: 'array', required: true }], imports: [] },
+        },
+      })
+      .where(eq(modules.id, 'testmod'))
+      .run();
+    const result = await upgradeOne(srcDir, db, {}, { quiet: true, displayVersion: '2.0.0+1' });
+    expect(result.status).toBe('success');
+    const row = db.select().from(modules).all()[0];
+    // version field updates (this part already worked):
+    expect(row.version).toBe('2.0.0+1');
+    expect(row.name).toBe('Test Module Renamed');
+    // manifestData reflects the NEW manifest — the dropped variable
+    // is gone. This is the regression assertion.
+    const manifest = row.manifestData as {
+      version: string;
+      name: string;
+      variables?: { owns: unknown[] };
+    };
+    expect(manifest.version).toBe('2.0.0');
+    expect(manifest.name).toBe('Test Module Renamed');
+    expect(manifest.variables?.owns ?? []).toEqual([]);
+  });
 });

package/src/cli/commands/system-update.ts CHANGED Viewed

@@ -685,6 +685,21 @@ export async function handleSystemUpdate(
     onlyModule,
   });
+  // The audit baked into `result.audit` ran BEFORE the orchestrator
+  // upgraded any modules. Its findings are now stale for whatever
+  // we just upgraded — `module_versions` drift, `module_configs`
+  // referencing the OLD manifest's required vars, `capability_abi`
+  // checking pre-upgrade providers. Re-query the modules table and
+  // re-run the audit so the displayed findings reflect post-upgrade
+  // reality. Only do this on a successful run (a partial-failure
+  // run keeps its original audit so the operator sees what the
+  // orchestrator was reacting to).
+  const successfulModuleSteps = result.modules.filter((m) => m.step === 'done');
+  if (result.ok && successfulModuleSteps.length > 0) {
+    const refreshedAudit = await runAudit(rebuildAuditDepsForRerun(auditDeps, db));
+    result.audit = refreshedAudit;
+  }
   if (json) {
     if (result.ok) {
       return { success: true, message: JSON.stringify(result, null, 2), rawOutput: true };
@@ -700,3 +715,84 @@ export async function handleSystemUpdate(
     error: `${formatResult(result)}\n\none or more modules failed; see output above`,
   };
 }
+type AuditDeps = Parameters<typeof runAudit>[0];
+/**
+ * Build a fresh AuditDeps object whose module-state-dependent
+ * sub-deps are re-queried from the DB. The non-module deps
+ * (cliVersion fetcher, migrations, terraform plan runner, registry
+ * fetcher, etc.) are reused from the original deps because they
+ * don't change during a single system-update run.
+ *
+ * Used by the post-orchestrator re-audit so displayed findings
+ * reflect post-upgrade reality (e.g., a module_versions drift
+ * finding for a module we just upgraded is no longer reported).
+ */
+export function rebuildAuditDepsForRerun(
+  original: AuditDeps,
+  db: ReturnType<typeof getDb>,
+): AuditDeps {
+  const installed = db.select().from(modules).all();
+  const upgradeEligibleStates = new Set(['INSTALLED', 'VERIFIED', 'IMPORTED']);
+  const upgradable = installed.filter((m) => upgradeEligibleStates.has(m.state));
+  const allConfigs = db.select().from(moduleConfigsTbl).all();
+  const configsByModule = new Map<string, Record<string, unknown>>();
+  for (const c of allConfigs) {
+    const m = configsByModule.get(c.moduleId) ?? {};
+    m[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
+    configsByModule.set(c.moduleId, m);
+  }
+  // Backup recency is unchanged across an orchestrator run (only
+  // celilo-DB snapshots happen, not per-module backup writes), so
+  // we look up each module's prior lastSuccessfulBackupAt by id
+  // rather than re-querying the backups table.
+  const priorBackupByModule = new Map<string, number | null>();
+  for (const b of original.backups.modules) {
+    priorBackupByModule.set(b.id, b.lastSuccessfulBackupAt);
+  }
+  return {
+    ...original,
+    capabilityAbi: {
+      modules: upgradable.map((m) => ({
+        id: m.id,
+        state: m.state,
+        manifest: m.manifestData as ModuleManifest,
+      })),
+    },
+    moduleVersions: {
+      ...original.moduleVersions,
+      installed: upgradable.map((m) => ({ id: m.id, version: m.version })),
+    },
+    moduleConfigs: {
+      modules: upgradable.map((m) => ({
+        id: m.id,
+        state: m.state,
+        manifest: m.manifestData as ModuleManifest,
+        configs: configsByModule.get(m.id) ?? {},
+      })),
+    },
+    backups: {
+      ...original.backups,
+      modules: upgradable.map((m) => ({
+        id: m.id,
+        state: m.state,
+        manifest: m.manifestData as ModuleManifest,
+        lastSuccessfulBackupAt: priorBackupByModule.get(m.id) ?? null,
+      })),
+    },
+    undeployedModules: {
+      modules: installed.map((m) => ({ id: m.id, state: m.state })),
+    },
+    unconfiguredModules: {
+      modules: installed.map((m) => ({
+        id: m.id,
+        state: m.state,
+        configCount: Object.keys(configsByModule.get(m.id) ?? {}).length,
+      })),
+    },
+  };
+}