@celilo/cli 0.3.30 → 0.4.0-alpha.1

package/src/cli/commands/system-apply-config.ts

@@ -0,0 +1,130 @@
+/**
+ * `celilo system apply-config` — headless write to systemConfig.
+ *
+ * Phase 2 of v2/MANAGEMENT_AS_NETAPP.md: the celilo-mgmt module's
+ * on_install hook needs a CLI surface it can shell out to that writes
+ * the operator-chosen network/DNS/SSH config without the interactive
+ * framing of `celilo system init`. This is that command.
+ *
+ * Shape:
+ *
+ *   celilo system apply-config <key=value> ...
+ *   celilo system apply-config --from-stdin   # JSON map on stdin
+ *
+ * No prompts. No "next steps" guidance. Just writes the keys and
+ * reports a count. Suitable for module hooks, CI workflows, and any
+ * other automation that needs to seed systemConfig at deploy time.
+ *
+ * `celilo system init --accept-defaults` continues to work and now
+ * delegates to this same `initializeSystem()` plumbing — that's the
+ * operator-facing surface; this is the automation-facing surface.
+ */
+
+import { getDb } from '../../db/client';
+import { initializeSystem } from '../../services/system-init';
+import type { CommandResult } from '../types';
+
+interface ParsedInput {
+  overrides: Record<string, string>;
+  errors: string[];
+}
+
+/**
+ * Pure parser for the positional key=value arguments. Exported so the
+ * test suite can exercise it without spinning up the CLI.
+ *
+ *   - Keys must contain a literal `=`; bare positionals are errors.
+ *   - Empty values are allowed (`network.dmz.subnet=`) — caller decides
+ *     what to do with them (the writer skips them).
+ *   - Values containing `=` are preserved (split on FIRST `=` only).
+ */
+export function parseKeyValueArgs(args: string[]): ParsedInput {
+  const overrides: Record<string, string> = {};
+  const errors: string[] = [];
+  for (const arg of args) {
+    const eqIndex = arg.indexOf('=');
+    if (eqIndex <= 0) {
+      errors.push(`Expected key=value (got "${arg}"). Use --from-stdin for JSON input.`);
+      continue;
+    }
+    const key = arg.slice(0, eqIndex);
+    const value = arg.slice(eqIndex + 1);
+    overrides[key] = value;
+  }
+  return { overrides, errors };
+}
+
+/**
+ * Read JSON config from stdin. Returns the parsed key→value map; the
+ * caller validates structure. Values are coerced to strings to match
+ * systemConfig's schema (which stores everything as TEXT).
+ */
+async function readJsonStdin(): Promise<Record<string, string>> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk as Buffer);
+  }
+  const body = Buffer.concat(chunks).toString('utf-8').trim();
+  if (!body) return {};
+  const parsed = JSON.parse(body) as unknown;
+  if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+    throw new Error('--from-stdin expects a JSON object mapping config keys to values');
+  }
+  const out: Record<string, string> = {};
+  for (const [key, value] of Object.entries(parsed)) {
+    if (value === null || value === undefined) continue;
+    out[key] = String(value);
+  }
+  return out;
+}
+
+export async function handleSystemApplyConfig(
+  args: string[],
+  flags: Record<string, boolean | string> = {},
+): Promise<CommandResult> {
+  const fromStdin = flags['from-stdin'] === true;
+
+  let overrides: Record<string, string> = {};
+  if (fromStdin) {
+    try {
+      overrides = await readJsonStdin();
+    } catch (err) {
+      return {
+        success: false,
+        error: `Could not read --from-stdin: ${err instanceof Error ? err.message : String(err)}`,
+      };
+    }
+  } else {
+    const parsed = parseKeyValueArgs(args);
+    if (parsed.errors.length > 0) {
+      return {
+        success: false,
+        error: parsed.errors.join('\n'),
+      };
+    }
+    overrides = parsed.overrides;
+  }
+
+  if (Object.keys(overrides).length === 0) {
+    return {
+      success: false,
+      error:
+        'No config values supplied.\n\nUsage:\n  celilo system apply-config <key=value> ...\n  celilo system apply-config --from-stdin',
+    };
+  }
+
+  const db = getDb();
+  try {
+    const applied = initializeSystem(db, overrides);
+    const writtenCount = Object.keys(applied).length;
+    return {
+      success: true,
+      message: `Applied ${writtenCount} config value(s) to systemConfig.`,
+    };
+  } catch (err) {
+    return {
+      success: false,
+      error: `Config write failed: ${err instanceof Error ? err.message : String(err)}`,
+    };
+  }
+}

package/src/cli/commands/system-audit.ts

@@ -52,6 +52,7 @@ import type { TerraformPlanRunner } from '../../services/audit/terraform-plan';
 import { getServiceCredentials, listContainerServices } from '../../services/container-service';
 import { runAllHealthChecks } from '../../services/health-runner';
 import { listMachines } from '../../services/machine-pool';
+import { parseStoredConfigValue } from '../../services/module-config';
 import { buildTerraformEnvForModule } from '../../services/terraform-env';
 import { hasFlag } from '../parser';
 import type { CommandResult } from '../types';
@@ -183,7 +184,7 @@ async function buildAuditDeps(onProgress?: (msg: string) => void) {
   const configsByModule = new Map<string, Record<string, unknown>>();
   for (const c of allConfigs) {
     const map = configsByModule.get(c.moduleId) ?? {};
-    map[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
+    map[c.key] = parseStoredConfigValue(c);
     configsByModule.set(c.moduleId, map);
   }
 

package/src/cli/commands/system-init-deprecation.test.ts

@@ -0,0 +1,90 @@
+/**
+ * Phase 5 of v2/MANAGEMENT_AS_NETAPP.md — confirm `celilo system init`
+ * surfaces a deprecation banner pointing at the new paths
+ * (bootstrap.sh + `system apply-config`), and that
+ * CELILO_SUPPRESS_DEPRECATION=1 silences it.
+ *
+ * The banner is operator-facing UX; we verify the contract rather than
+ * pin specific wording.
+ */
+
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { handleSystemInit } from './system-init';
+
+interface CapturedStream {
+  out: string[];
+  restore: () => void;
+}
+
+function captureStderr(): CapturedStream {
+  const original = console.warn;
+  const captured: string[] = [];
+  console.warn = (...args: unknown[]) => {
+    captured.push(args.map(String).join(' '));
+  };
+  return {
+    out: captured,
+    restore: () => {
+      console.warn = original;
+    },
+  };
+}
+
+describe('celilo system init deprecation banner', () => {
+  let tmpDir: string;
+  let savedDbPath: string | undefined;
+  let savedSuppress: string | undefined;
+
+  beforeEach(() => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'celilo-deprecation-test-'));
+    savedDbPath = process.env.CELILO_DB_PATH;
+    savedSuppress = process.env.CELILO_SUPPRESS_DEPRECATION;
+    process.env.CELILO_DB_PATH = join(tmpDir, 'init.db');
+    process.env.CELILO_SUPPRESS_DEPRECATION = undefined;
+  });
+
+  afterEach(() => {
+    process.env.CELILO_DB_PATH = savedDbPath;
+    process.env.CELILO_SUPPRESS_DEPRECATION = savedSuppress;
+    rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  test('prints a deprecation banner on stderr by default', async () => {
+    const captured = captureStderr();
+    try {
+      await handleSystemInit([], { 'accept-defaults': true });
+    } finally {
+      captured.restore();
+    }
+    const all = captured.out.join('\n');
+    expect(all).toContain('deprecated');
+    expect(all).toContain('bootstrap.sh');
+    expect(all).toContain('apply-config');
+  });
+
+  test('CELILO_SUPPRESS_DEPRECATION=1 silences the banner', async () => {
+    process.env.CELILO_SUPPRESS_DEPRECATION = '1';
+    const captured = captureStderr();
+    try {
+      await handleSystemInit([], { 'accept-defaults': true });
+    } finally {
+      captured.restore();
+    }
+    const all = captured.out.join('\n');
+    expect(all).not.toContain('deprecated');
+  });
+
+  test('the command still executes successfully when the banner fires', async () => {
+    const captured = captureStderr();
+    let result: Awaited<ReturnType<typeof handleSystemInit>>;
+    try {
+      result = await handleSystemInit([], { 'accept-defaults': true });
+    } finally {
+      captured.restore();
+    }
+    expect(result.success).toBe(true);
+  });
+});

package/src/cli/commands/system-init.ts

@@ -16,12 +16,7 @@ import {
 } from '../../services/system-init';
 import { celiloIntro, celiloOutro, promptConfirm, promptText } from '../prompts';
 import type { CommandResult } from '../types';
-import {
-  validateIpAddress,
-  validateIpAddressList,
-  validateRequired,
-  validateSubnet,
-} from '../validators';
+import { validateRequired } from '../validators';
 
 /**
  * Parse key=value pairs from positional arguments
@@ -51,6 +46,28 @@ export async function handleSystemInit(
   const cliOverrides = parseOverrides(args);
   const db = getDb();
 
+  // Phase 5 of v2/MANAGEMENT_AS_NETAPP.md — surface that this command
+  // is on its way out so operators have time to migrate to the new
+  // paths. Keeps working unchanged; the banner just points at the
+  // replacements. CELILO_SUPPRESS_DEPRECATION=1 silences for callers
+  // that already know (e.g. the celilo-mgmt module's on_install hook
+  // — wait, that one shells to apply-config now, but other tooling
+  // that legitimately wants the interactive interview can still opt
+  // out of the banner).
+  if (process.env.CELILO_SUPPRESS_DEPRECATION !== '1') {
+    console.warn('⚠ celilo system init is deprecated.');
+    console.warn('  Recommended paths:');
+    console.warn(
+      '    • Fresh management server:  curl -fsSL https://celilo.computer/bootstrap.sh | bash',
+    );
+    console.warn(
+      '    • Headless config write (CI / hooks):  celilo system apply-config key=value ...',
+    );
+    console.warn(
+      '  This command still works; suppress this banner with CELILO_SUPPRESS_DEPRECATION=1.\n',
+    );
+  }
+
   // Check if already initialized
   const alreadyInitialized = isSystemInitialized(db);
   if (alreadyInitialized && !acceptDefaults && Object.keys(cliOverrides).length === 0) {
@@ -61,7 +78,7 @@ export async function handleSystemInit(
 
   try {
     if (acceptDefaults) {
-      return await initWithDefaults(cliOverrides);
+      return initWithDefaults(cliOverrides);
     }
     return await initInteractive(cliOverrides);
   } catch (error) {
@@ -91,8 +108,10 @@ function initWithDefaults(overrides: Record<string, string> = {}): CommandResult
 
   const sshKeyDetected = config['ssh.public_key'] !== undefined;
 
-  console.log('✓ Network zones (dmz, app, secure, internal)');
-  console.log('  - Gateway IPs auto-computed from subnets');
+  console.log('✓ Celilo state initialized');
+  console.log('  Network addressing is NOT defaulted: the `internal` zone is');
+  console.log('  discovered when you deploy celilo-mgmt, and dmz/app/secure');
+  console.log('  appear when you deploy a firewall module.');
 
   if (sshKeyDetected) {
     console.log('✓ SSH key (auto-detected)');
@@ -146,65 +165,12 @@ async function initInteractive(cliOverrides: Record<string, string> = {}): Promi
 
   await celiloIntro('🎛️  Welcome to Celilo System Setup');
 
-  // Network Configuration
-  if (!has('network.dmz.subnet')) {
-    overrides['network.dmz.subnet'] = await promptText({
-      message: 'DMZ network (public services)',
-      defaultValue: String(defaults['network.dmz.subnet']),
-      placeholder: String(defaults['network.dmz.subnet']) || '10.0.10.0/24',
-      validate: validateSubnet,
-    });
-  }
-
-  if (!has('network.app.subnet')) {
-    overrides['network.app.subnet'] = await promptText({
-      message: 'App network (internal apps)',
-      defaultValue: String(defaults['network.app.subnet']),
-      placeholder: String(defaults['network.app.subnet']) || '10.0.20.0/24',
-      validate: validateSubnet,
-    });
-  }
-
-  if (!has('network.secure.subnet')) {
-    overrides['network.secure.subnet'] = await promptText({
-      message: 'Secure network (databases, auth)',
-      defaultValue: String(defaults['network.secure.subnet']),
-      placeholder: String(defaults['network.secure.subnet']) || '10.0.30.0/24',
-      validate: validateSubnet,
-    });
-  }
-
-  if (!has('network.internal.subnet')) {
-    overrides['network.internal.subnet'] = await promptText({
-      message: 'Internal network (home devices)',
-      defaultValue: String(defaults['network.internal.subnet']),
-      placeholder: String(defaults['network.internal.subnet']) || '192.168.1.0/24',
-      validate: validateSubnet,
-    });
-  }
-
-  // System Settings
-  // primary_domain and admin.email are no longer system config — modules
-  // (dns_registrar, authentik, caddy) own those values directly. See
-  // design/TECHNICAL_DESIGN_MANIFEST_V2.md D9.
-
-  if (!has('dns.primary')) {
-    overrides['dns.primary'] = await promptText({
-      message: 'Primary DNS server',
-      defaultValue: String(defaults['dns.primary']),
-      placeholder: String(defaults['dns.primary']) || '1.1.1.1',
-      validate: validateIpAddress,
-    });
-  }
-
-  if (!has('dns.fallback')) {
-    overrides['dns.fallback'] = await promptText({
-      message: 'Fallback DNS servers (space-separated)',
-      defaultValue: String(defaults['dns.fallback']),
-      placeholder: String(defaults['dns.fallback']) || '8.8.8.8 1.1.1.1',
-      validate: validateIpAddressList,
-    });
-  }
+  // Network and DNS addressing are intentionally NOT prompted here.
+  // Network topology is no longer owned by `system init`
+  // (v2/NETWORK_CONFIG_TO_FIREWALL.md): the `internal` zone and DNS are
+  // discovered when celilo-mgmt is deployed, and `dmz`/`app`/`secure`
+  // come from a firewall module. The only thing left to capture
+  // interactively is the SSH key celilo uses to reach managed machines.
 
   // SSH Key — skip if provided via CLI
   if (!has('ssh.public_key')) {
@@ -311,8 +277,8 @@ async function initInteractive(cliOverrides: Record<string, string> = {}): Promi
     }
   }
 
-  // Apply configuration
-  const _config = initializeSystem(db, overrides);
+  // Apply configuration (called for its DB side effects).
+  initializeSystem(db, overrides);
 
   await celiloOutro('✅ System initialization complete!');
 

package/src/cli/commands/system-update.ts

@@ -30,6 +30,7 @@ import { fetchLatestCliVersion } from '../../services/audit/cli-version';
 import { makeJournalReader, readAppliedMigrations } from '../../services/audit/schema';
 import { createModuleBackup, createSystemStateBackup } from '../../services/backup-create';
 import { runAllHealthChecks, runModuleHealthCheck } from '../../services/health-runner';
+import { parseStoredConfigValue } from '../../services/module-config';
 import { deployModule } from '../../services/module-deploy';
 import { buildModuleGraph } from '../../services/update/dep-graph';
 import {
@@ -511,7 +512,7 @@ export async function handleSystemUpdate(
   const configsByModule = new Map<string, Record<string, unknown>>();
   for (const c of allConfigs) {
     const m = configsByModule.get(c.moduleId) ?? {};
-    m[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
+    m[c.key] = parseStoredConfigValue(c);
     configsByModule.set(c.moduleId, m);
   }
 
@@ -741,7 +742,7 @@ export function rebuildAuditDepsForRerun(
   const configsByModule = new Map<string, Record<string, unknown>>();
   for (const c of allConfigs) {
     const m = configsByModule.get(c.moduleId) ?? {};
-    m[c.key] = c.valueJson ? JSON.parse(c.valueJson) : c.value;
+    m[c.key] = parseStoredConfigValue(c);
     configsByModule.set(c.moduleId, m);
   }
 

package/src/cli/completion.ts

@@ -39,9 +39,12 @@ export async function getCompletions(words: string[], current: number): Promise<
       'machine',
       'module',
       'package',
+      'publish',
+      'restore',
       'service',
       'status',
       'storage',
+      'subscribers',
       'system',
       'version',
     ];
@@ -76,6 +79,7 @@ export async function getCompletions(words: string[], current: number): Promise<
       'list-pending',
       'drain',
       'run',
+      'run-hook',
       'emit',
       'ack',
       'fail',
@@ -130,6 +134,7 @@ export async function getCompletions(words: string[], current: number): Promise<
       'update',
       'verify',
       'audit',
+      'backup',
       'config',
       'show-config',
       'show-zone',
@@ -333,6 +338,7 @@ export async function getCompletions(words: string[], current: number): Promise<
       'logs',
       'remove',
       'build',
+      'backup',
       'run-hook',
       'status',
       'terraform-unlock',
@@ -362,6 +368,12 @@ export async function getCompletions(words: string[], current: number): Promise<
     }
   }
 
+  // Subscribers subcommands
+  if (command === 'subscribers' && currentIndex === 1) {
+    const subcommands = ['list', 'add', 'remove', 'test', 'serve', 'status'];
+    return filterSuggestions(subcommands, args[1] || '');
+  }
+
   // Storage subcommands
   if (command === 'storage' && currentIndex === 1) {
     const subcommands = ['add', 'list', 'remove', 'verify', 'set-default'];
@@ -431,7 +443,16 @@ export async function getCompletions(words: string[], current: number): Promise<
 
   // System subcommands
   if (command === 'system' && currentIndex === 1) {
-    const subcommands = ['init', 'config', 'secret', 'vault-password', 'audit', 'update', 'doctor'];
+    const subcommands = [
+      'init',
+      'apply-config',
+      'config',
+      'secret',
+      'vault-password',
+      'audit',
+      'update',
+      'doctor',
+    ];
     return filterSuggestions(subcommands, args[1] || '');
   }