@celilo/cli 0.3.30 → 0.4.0-alpha.0

package/src/cli/index.ts

@@ -21,6 +21,7 @@ import {
   handleEventsRepair,
   handleEventsRespond,
   handleEventsRun,
+  handleEventsRunHook,
   handleEventsShowDaemon,
   handleEventsStatus,
   handleEventsTail,
@@ -62,6 +63,7 @@ import { handleModuleTypesCheck, handleModuleTypesGenerate } from './commands/mo
 import { handleModuleUpgrade } from './commands/module-upgrade';
 import { moduleVerify } from './commands/module-verify';
 import { handlePackage } from './commands/package';
+import { main as runPublish } from './commands/publish';
 import { handleSecretList } from './commands/secret-list';
 import { handleSecretSet } from './commands/secret-set';
 import { handleServiceAddDigitalOcean } from './commands/service-add-digitalocean';
@@ -73,6 +75,13 @@ import { handleServiceReconfigure } from './commands/service-reconfigure';
 import { handleServiceRemove } from './commands/service-remove';
 import { handleServiceVerify } from './commands/service-verify';
 import { handleStatus } from './commands/status';
+import { handleSubscribersAdd } from './commands/subscribers-add';
+import { handleSubscribersList } from './commands/subscribers-list';
+import { handleSubscribersRemove } from './commands/subscribers-remove';
+import { handleSubscribersServe } from './commands/subscribers-serve';
+import { handleSubscribersStatus } from './commands/subscribers-status';
+import { handleSubscribersTest } from './commands/subscribers-test';
+import { handleSystemApplyConfig } from './commands/system-apply-config';
 import { handleSystemAudit } from './commands/system-audit';
 import { handleSystemConfigGet, handleSystemConfigSet } from './commands/system-config';
 import { handleSystemDoctor } from './commands/system-doctor';
@@ -157,9 +166,12 @@ Commands:
   service                  Manage container services (Proxmox, Digital Ocean)
   storage                  Manage backup storage destinations
   backup                   Create and manage backups
+  restore                  Restore a celilo-mgmt backup from a local file (fresh-bootstrap path)
   machine                  Manage machine pool (bring-your-own-hardware)
   system                   Manage system configuration
   ipam                     Manage IP address and VMID allocations and reservations
+  publish                  Publish workspace packages to npm and modules to celilo.computer
+  subscribers              Manage build-bus subscribers (cross-machine publish-event delivery)
   completion               Generate shell completion scripts (bash/zsh)
 
   help, --help, -h         Show this help message
@@ -271,6 +283,99 @@ Examples:
   return { success: true, message: helpText.trim() };
 }
 
+function displaySubscribersHelp(): CommandResult {
+  const helpText = `
+Celilo - Build-Bus Subscribers
+
+Usage:
+  celilo subscribers <subcommand> [args...] [options]
+
+Subcommands:
+  list                                 Show registered subscribers (truncated secret fingerprints)
+  add <url> --secret <hmac-secret>     Add a subscriber (replaces any with the same URL)
+       [--name <label>] [--registry <r>]
+       [--tag <t>] [--package-pattern <glob>]
+  remove <url>                         Remove a subscriber
+  test <url>                           Fire a synthetic event at a subscriber; report delivery
+  serve --secret <hmac-secret>         Run the receiver daemon (verifies + emits to local bus)
+       [--port <p>] [--no-dispatch]
+  status                               Per-subscriber delivery history (success rate, recent failures)
+  --help, -h                           Show this help
+
+Description:
+  Subscribers receive signed webhooks when 'celilo publish' ships a
+  new package version. Each subscriber has a per-target HMAC secret,
+  a target URL, and optional match filters (registry, dist-tag,
+  package name glob). The publisher signs every event with the
+  subscriber's secret; the receiver verifies before reacting.
+
+  This is the static-config first cut of v2/BUILD_BUS.md — operators
+  manage subscribers explicitly. Auto-discovery via the celilo
+  registry switchboard is a follow-on.
+
+Examples:
+  celilo subscribers add https://lunacycle.lab/build-bus --secret <hex> \\
+      --name "lunacycle build box" --registry npm --package-pattern '@celilo/*'
+  celilo subscribers list
+  celilo subscribers test https://lunacycle.lab/build-bus
+  celilo subscribers remove https://lunacycle.lab/build-bus
+`;
+  return { success: true, message: helpText.trim() };
+}
+
+function displayPublishHelp(): CommandResult {
+  const helpText = `
+Celilo - Publish Workspace Packages and Modules
+
+Usage:
+  celilo publish [options]
+
+Options:
+  --dry-run               Preflight report only — no publishing, no file changes
+  --release-touch         Auto-touch drifted module manifests with a fresh release marker
+  --allow-stale           Bypass workspace and module stale-version safeguards
+  -y, --yes               Auto-confirm every prompt (doesn't bypass safety gates)
+  --alpha                 Publish X.Y.Z-alpha.N to npm @alpha dist-tag
+  --track-alpha           Force-pin just-published alphas into bun global (with --alpha)
+  --alpha-modules         Also publish module +N revisions in alpha mode (with --alpha)
+  --promote <spec>        Graduate a named alpha to its base X.Y.Z (e.g. @celilo/e2e@0.7.14-alpha.3)
+  --skip-changesets       Skip the pending-changesets prompt at the top of normal-mode publishes
+  --help, -h              Show this help message
+
+Description:
+  Publishes @celilo/* workspace packages to npm, bumps consumer dependency pins,
+  updates the bun global install, and ships modules to celilo.computer. Runs four
+  phases: preflight + workspace publish, consumer pin bump, global install update,
+  module registry publish.
+
+  In normal mode, if pending changesets exist under .changeset/ (recorded by
+  'bun changeset' during dev), 'celilo publish' applies them via
+  'bunx changeset version' before planning. Skipped in alpha + promote modes.
+
+  --alpha mode publishes pre-release versions under the @alpha dist-tag so consumers
+  can opt into iteration via 'bun add @celilo/<pkg>@alpha' without disturbing @latest.
+  Auto-skips packages whose source hasn't changed since the prior alpha.
+
+  --promote graduates a vetted alpha to its real X.Y.Z and runs all four phases.
+
+Examples:
+  celilo publish                                        # Full publish flow
+  celilo publish --dry-run                              # Show plan, no side effects
+  celilo publish --alpha                                # Ship pre-release alphas
+  celilo publish --alpha --track-alpha                  # Alpha + pin into global install
+  celilo publish --promote @celilo/e2e@0.7.14-alpha.3   # Graduate alpha to real release
+  celilo publish --skip-changesets                      # Publish current versions; ignore .changeset/*.md
+
+Related Commands:
+  bun changeset                  Record a pending version bump (read by 'celilo publish')
+`;
+
+  return {
+    success: true,
+    message: helpText.trim(),
+  };
+}
+
 function displayCapabilityHelp(): CommandResult {
   const helpText = `
 Celilo - Capability Management
@@ -499,7 +604,7 @@ Usage:
   celilo backup <subcommand> [args...] [options]
 
 Subcommands:
-  create [module-id]       Create a backup (system state + modules, or specific module)
+  create [module-id]       (DEPRECATED) Create a backup. Use 'celilo module backup' instead.
     Options:
       --force              Ignore schedule, back up now
       --storage <id>       Use specific storage destination
@@ -541,11 +646,11 @@ Description:
   Use "celilo backup name" to assign human-readable names.
 
 Examples:
-  # Create a full backup (system + all due modules)
-  celilo backup create
+  # Create a full backup (system + all due modules) — canonical path:
+  celilo module backup
 
-  # Back up a specific module
-  celilo backup create authentik --force
+  # Back up a specific module — canonical path:
+  celilo module backup authentik --force
 
   # List recent backups
   celilo backup list
@@ -617,7 +722,7 @@ Examples:
   celilo storage remove local-backups --force
 
 Related Commands:
-  celilo backup create              Create a backup
+  celilo module backup <module-id>  Create a backup
   celilo backup list                List available backups
   celilo backup restore <id>        Restore from a backup
 `;
@@ -780,6 +885,10 @@ Usage:
 Subcommands:
   init [--accept-defaults] [key=val...] Initialize system with guided setup or defaults
 
+  apply-config <key=val>... | --from-stdin
+                                       Headless config write — designed for module
+                                       hooks (no prompts, no guidance, just writes).
+
   config set <key> <value>             Set system-wide configuration value
   config get [key]                     Get system configuration value(s)
 
@@ -991,6 +1100,26 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
     };
   }
 
+  if (parsed.command === 'publish') {
+    if (parsed.flags.help || parsed.flags.h) {
+      return displayPublishHelp();
+    }
+    const pubFlagError = checkFlags('publish', undefined, parsed.flags, parsed.args);
+    if (pubFlagError) return pubFlagError;
+    // Slice from `publish` onwards in the raw argv so the publish entry
+    // sees the operator's exact flag spelling (`-y` vs `--yes`, etc.).
+    // Falling back to args+flags reconstruction would lose short-form
+    // flag identity since the parser canonicalises those.
+    const publishIdx = process.argv.indexOf('publish');
+    const publishArgv = publishIdx >= 0 ? process.argv.slice(publishIdx + 1) : [...parsed.args];
+    await runPublish(publishArgv);
+    // runPublish handles its own console output (multi-phase, multi-line);
+    // returning an empty success message tells the outer CLI loop to skip
+    // the clack outro and exit 0 cleanly. Any failure inside runPublish
+    // calls process.exit() directly and never returns here.
+    return { success: true, message: '' };
+  }
+
   if (parsed.command === 'events') {
     if (parsed.flags.help || parsed.flags.h) {
       return displayEventsHelp();
@@ -1017,6 +1146,8 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
         return handleEventsDrain(parsed.args, parsed.flags);
       case 'run':
         return handleEventsRun(parsed.args, parsed.flags);
+      case 'run-hook':
+        return handleEventsRunHook(parsed.args);
       case 'emit':
         return handleEventsEmit(parsed.args, parsed.flags);
       case 'ack':
@@ -1155,6 +1286,14 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
       case 'validate':
         // Alias for `module deploy --preflight`
         return handleModuleDeploy(parsed.args, { ...parsed.flags, preflight: true });
+      case 'backup': {
+        // Canonical create-a-module-backup surface, matching the rest of
+        // the module CLI verbs (deploy, health, remove, ...). The legacy
+        // `celilo backup create <module>` still works but prints a
+        // deprecation banner.
+        const { handleBackupCreate } = await import('./commands/backup-create');
+        return handleBackupCreate(parsed.args, parsed.flags);
+      }
       case 'run-hook':
         return handleHookRun(parsed.args, parsed.flags);
       case 'terraform-unlock':
@@ -1267,6 +1406,41 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
     };
   }
 
+  if (parsed.command === 'subscribers') {
+    if (parsed.flags.help || parsed.flags.h) {
+      return displaySubscribersHelp();
+    }
+    if (!parsed.subcommand) {
+      return {
+        success: false,
+        error:
+          'Subscribers subcommand required (list, add, remove, test).\n\nRun "celilo subscribers --help" for usage.',
+      };
+    }
+    const subFlagError = checkFlags('subscribers', parsed.subcommand, parsed.flags, parsed.args);
+    if (subFlagError) return subFlagError;
+
+    switch (parsed.subcommand) {
+      case 'list':
+        return handleSubscribersList();
+      case 'add':
+        return handleSubscribersAdd(parsed.args, parsed.flags);
+      case 'remove':
+        return handleSubscribersRemove(parsed.args);
+      case 'test':
+        return handleSubscribersTest(parsed.args);
+      case 'serve':
+        return handleSubscribersServe(parsed.args, parsed.flags);
+      case 'status':
+        return handleSubscribersStatus();
+      default:
+        return {
+          success: false,
+          error: `Unknown subscribers subcommand: ${parsed.subcommand}\n\nRun "celilo subscribers --help" for usage.`,
+        };
+    }
+  }
+
   if (parsed.command === 'storage') {
     if (parsed.flags.help || parsed.flags.h) {
       return displayStorageHelp();
@@ -1350,6 +1524,17 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
     if (backupFlagError) return backupFlagError;
 
     if (parsed.subcommand === 'create') {
+      // Legacy surface — `celilo module backup <id>` is the canonical
+      // create command now (matches the module-namespaced verbs:
+      // deploy, health, remove). Print a one-line deprecation banner
+      // and forward to the same handler. Suppress via
+      // `CELILO_SUPPRESS_DEPRECATION=1` so tests / cron stay quiet.
+      if (process.env.CELILO_SUPPRESS_DEPRECATION !== '1') {
+        const target = parsed.args[0]
+          ? `celilo module backup ${parsed.args[0]}`
+          : 'celilo module backup';
+        console.warn(`⚠ "celilo backup create" is deprecated. Use: ${target}`);
+      }
       const { handleBackupCreate } = await import('./commands/backup-create');
       return handleBackupCreate(parsed.args, parsed.flags);
     }
@@ -1390,6 +1575,25 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
     };
   }
 
+  if (parsed.command === 'restore') {
+    // Phase 4 of v2/SYSTEM_BACKUP_TERRAFORM_STATE.md — top-level
+    // fresh-bootstrap restore. Distinct from `celilo backup restore
+    // <id>` (which restores from a configured storage destination
+    // using an existing backup record); this one takes a local file
+    // directly so it works before any storage is configured.
+    //
+    // `restore` has no subcommands but the parser eagerly captures
+    // the second positional as `subcommand`. Re-thread it as the
+    // first arg so `celilo restore <file>` works alongside
+    // `celilo restore --from <file>`.
+    const restoreArgs = parsed.subcommand ? [parsed.subcommand, ...parsed.args] : parsed.args;
+    const restoreFlagError = checkFlags('restore', undefined, parsed.flags, restoreArgs);
+    if (restoreFlagError) return restoreFlagError;
+
+    const { handleRestore } = await import('./commands/restore');
+    return handleRestore(restoreArgs, parsed.flags);
+  }
+
   if (parsed.command === 'machine') {
     // Handle machine --help
     if (parsed.flags.help || parsed.flags.h) {
@@ -1452,6 +1656,10 @@ export async function runCli(argv: string[]): Promise<CommandResult> {
       return handleSystemInit(parsed.args, parsed.flags);
     }
 
+    if (parsed.subcommand === 'apply-config') {
+      return handleSystemApplyConfig(parsed.args, parsed.flags);
+    }
+
     if (parsed.subcommand === 'config') {
       const configSubcommand = parsed.args[0];
       if (!configSubcommand) {

package/src/cli/interactive-config.test.ts

@@ -23,11 +23,30 @@ const celiloIntroMock = mock(() => undefined);
 // Install module mock BEFORE dynamically importing the SUT.
 // bun:test's mock.module is a runtime call (no hoisting), so the order
 // matters: anything that imports './prompts' AFTER this call gets the mock.
+//
+// IMPORTANT: mock.module replaces the module PROCESS-GLOBALLY for the
+// remainder of the test run. Every export from the real module needs a
+// stub here, or test files loaded after this one will fail with
+// `SyntaxError: Export named 'X' not found in module 'prompts.ts'` when
+// they try to import a missing one. The mocks below replace what this
+// test actively asserts on; the no-op stubs satisfy other modules that
+// import from prompts.ts just to use them as side-effects.
 mock.module('./prompts', () => ({
   celiloIntro: celiloIntroMock,
+  celiloOutro: async () => undefined,
   promptText: promptTextMock,
   promptPassword: promptPasswordMock,
   promptConfirm: promptConfirmMock,
+  showNote: () => undefined,
+  getActiveDisplay: () => undefined,
+  setActiveDisplay: () => undefined,
+  log: {
+    success: () => undefined,
+    error: () => undefined,
+    warn: () => undefined,
+    info: () => undefined,
+    message: () => undefined,
+  },
 }));
 
 // Dynamic import after the mock is installed.

package/src/cli/restore-command.test.ts

@@ -0,0 +1,131 @@
+/**
+ * Tests for the `celilo restore` top-level command (Phase 4 of
+ * v2/SYSTEM_BACKUP_TERRAFORM_STATE.md).
+ *
+ * Covers the CLI surface: routing, argument parsing, pre-flight
+ * gating, error propagation. The actual file-direct restore +
+ * system-file swap logic is tested in restore-from-file.test.ts;
+ * here we focus on what the user-facing command does (and refuses
+ * to do).
+ */
+
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { closeDb, getDb } from '../db/client';
+import { runMigrations } from '../db/migrate';
+import { modules } from '../db/schema';
+import { runCli } from './index';
+
+describe('celilo restore', () => {
+  let dir: string;
+
+  beforeEach(async () => {
+    dir = mkdtempSync(join(tmpdir(), 'celilo-restore-cmd-test-'));
+    process.env.CELILO_DB_PATH = join(dir, 'celilo.db');
+    process.env.CELILO_DATA_DIR = dir;
+    process.env.CELILO_MASTER_KEY_PATH = join(dir, 'master.key');
+    process.env.CELILO_SUPPRESS_DEPRECATION = '1';
+    await runMigrations(process.env.CELILO_DB_PATH);
+  });
+
+  afterEach(() => {
+    closeDb();
+    process.env.CELILO_DB_PATH = undefined;
+    process.env.CELILO_DATA_DIR = undefined;
+    process.env.CELILO_MASTER_KEY_PATH = undefined;
+    process.env.CELILO_SUPPRESS_DEPRECATION = undefined;
+    try {
+      rmSync(dir, { recursive: true, force: true });
+    } catch {
+      /* ignore */
+    }
+  });
+
+  test('errors when --from is missing', async () => {
+    const result = await runCli(['node', 'celilo', 'restore']);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    expect(err).toContain('--from');
+  });
+
+  test('errors when --from points at a non-existent file', async () => {
+    const result = await runCli([
+      'node',
+      'celilo',
+      'restore',
+      '--from',
+      '/tmp/does-not-exist-celilo-test.backup',
+    ]);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    expect(err).toContain('not found');
+  });
+
+  test('refuses when target DB has modules (non-empty)', async () => {
+    // Plant a fake module to simulate a populated target.
+    const db = getDb();
+    db.insert(modules)
+      .values({
+        id: 'fake-existing-mod',
+        name: 'fake',
+        version: '0.0.1',
+        sourcePath: '/tmp/fake',
+        manifestData: {} as Record<string, unknown>,
+      })
+      .run();
+
+    // Plant a phony artifact file so the path check passes.
+    const phonyArtifact = join(dir, 'phony.backup');
+    writeFileSync(phonyArtifact, '{}');
+
+    const result = await runCli(['node', 'celilo', 'restore', '--from', phonyArtifact]);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    expect(err).toContain('not empty');
+    expect(err).toContain('fake-existing-mod');
+    expect(err).toContain('--force');
+  });
+
+  test('refuses when target has terraform state on disk (non-empty)', async () => {
+    const tfDir = join(dir, 'modules', 'half-deployed', 'generated', 'terraform');
+    mkdirSync(tfDir, { recursive: true });
+    writeFileSync(join(tfDir, 'terraform.tfstate'), '{}');
+
+    const phonyArtifact = join(dir, 'phony.backup');
+    writeFileSync(phonyArtifact, '{}');
+
+    const result = await runCli(['node', 'celilo', 'restore', '--from', phonyArtifact]);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    expect(err).toContain('not empty');
+    expect(err).toContain('half-deployed');
+  });
+
+  test('routes to handleRestore when --from is provided (errors at decrypt of non-artifact)', async () => {
+    // No state in DB or disk, but the file isn't a real artifact —
+    // we expect to get PAST pre-flight and fail at the
+    // decrypt/manifest stage. That proves routing is wired up.
+    const notAnArtifact = join(dir, 'random.backup');
+    writeFileSync(notAnArtifact, 'this is not encrypted JSON');
+
+    const result = await runCli(['node', 'celilo', 'restore', '--from', notAnArtifact]);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    // Pre-flight passed (no mention of "not empty"); decryption failed.
+    expect(err).not.toContain('not empty');
+    expect(err.toLowerCase()).toMatch(/json|decrypt|artifact/);
+  });
+
+  test('accepts artifact path as positional too (not just --from)', async () => {
+    const notAnArtifact = join(dir, 'random2.backup');
+    writeFileSync(notAnArtifact, 'still not a real artifact');
+
+    const result = await runCli(['node', 'celilo', 'restore', notAnArtifact]);
+    expect(result.success).toBe(false);
+    const err = result.success ? '' : (result.error ?? '');
+    // Reached the decrypt stage = positional arg was honored.
+    expect(err).not.toContain('missing --from');
+  });
+});

package/src/db/client.ts

@@ -92,6 +92,23 @@ function needsMigration(sqlite: Database): boolean {
       )`,
       // Backup naming support
       'ALTER TABLE backups ADD name text',
+      // Module systems (v2/MODULE_SYSTEMS_ADDRESSING.md) — a module's 0..N
+      // deployed hosts. Fresh DBs get this via migration 0007; existing installs
+      // get it here. Replaces the scalar target_ip/vmid rows in module_configs.
+      `CREATE TABLE IF NOT EXISTS module_systems (
+        module_id text NOT NULL REFERENCES modules(id) ON DELETE cascade,
+        name text NOT NULL,
+        hostname text NOT NULL,
+        ipv4_address text NOT NULL,
+        zone text NOT NULL,
+        infra_type text NOT NULL,
+        machine_id text REFERENCES machines(id),
+        service_id text REFERENCES container_services(id),
+        vmid integer,
+        created_at integer DEFAULT (unixepoch()) NOT NULL,
+        updated_at integer DEFAULT (unixepoch()) NOT NULL,
+        PRIMARY KEY (module_id, name)
+      )`,
     ];
 
     for (const stmt of alterStatements) {
@@ -200,6 +217,31 @@ export function createDbClient(config?: Partial<DatabaseConfig>) {
     }
   }
 
+  // One-time upgrade backfill for the target_ip → module_systems refactor
+  // (v2/MODULE_SYSTEMS_ADDRESSING.md). Runs for both paths above: needsMigration
+  // has already ensured the module_systems table exists (via migration 0007 for
+  // a fresh DB, or the imperative CREATE for an existing install). A deployment
+  // created before the refactor has its host data only in module_configs /
+  // ip_allocations / module_infrastructure and an EMPTY module_systems, so its
+  // modules resolve to no system and the migrated hooks throw "No deployed
+  // system found". This lifts that state across. Idempotent (skips modules
+  // already recorded), so a no-op on a fresh DB and on every steady-state open.
+  // Logged so the upgrade is operator-visible, not silent magic.
+  if (!readonly) {
+    try {
+      const { backfillModuleSystems } = require('../services/deployed-systems');
+      const filled = backfillModuleSystems(db) as string[];
+      if (filled.length > 0) {
+        console.log(
+          `Backfilled module_systems for ${filled.length} module(s): ${filled.join(', ')}`,
+        );
+      }
+    } catch (error) {
+      console.error('Failed to backfill module_systems:', error);
+      throw error;
+    }
+  }
+
   return db;
 }
 

package/src/db/schema.test.ts

@@ -1,10 +1,11 @@
 import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
 import { existsSync } from 'node:fs';
 import { unlink } from 'node:fs/promises';
-import { eq } from 'drizzle-orm';
+import { and, eq } from 'drizzle-orm';
+import { upsertModuleConfig } from '../services/module-config';
 import { type DbClient, createDbClient } from './client';
 import { capabilities, moduleConfigs, modules, secrets } from './schema';
-import type { NewCapability, NewModule, NewModuleConfig, NewSecret } from './schema';
+import type { NewCapability, NewModule, NewSecret } from './schema';
 
 describe('Database Schema', () => {
   let db: DbClient;
@@ -118,16 +119,17 @@ describe('Database Schema', () => {
     };
     db.insert(modules).values(newModule).run();
 
-    // Insert config
-    const newConfig: NewModuleConfig = {
-      moduleId: 'homebridge',
-      key: 'target_ip',
-      value: '192.168.0.50',
-    };
+    // Insert config via the shared upsert helper
+    upsertModuleConfig(db, 'homebridge', 'target_ip', '192.168.0.50');
 
-    const result = db.insert(moduleConfigs).values(newConfig).returning().get();
+    const result = db
+      .select()
+      .from(moduleConfigs)
+      .where(and(eq(moduleConfigs.moduleId, 'homebridge'), eq(moduleConfigs.key, 'target_ip')))
+      .get();
 
     expect(result).toBeDefined();
+    if (!result) throw new Error('expected row');
     expect(result.moduleId).toBe('homebridge');
     expect(result.key).toBe('target_ip');
     expect(result.value).toBe('192.168.0.50');
@@ -203,13 +205,8 @@ describe('Database Schema', () => {
     };
     db.insert(modules).values(newModule).run();
 
-    // Insert config
-    const newConfig: NewModuleConfig = {
-      moduleId: 'homebridge',
-      key: 'target_ip',
-      value: '192.168.0.50',
-    };
-    db.insert(moduleConfigs).values(newConfig).run();
+    // Insert config via the shared upsert helper
+    upsertModuleConfig(db, 'homebridge', 'target_ip', '192.168.0.50');
 
     // Delete module
     db.delete(modules).where(eq(modules.id, 'homebridge')).run();