@celilo/cli 0.5.0-alpha.4 → 0.5.0-alpha.6

package/src/manifest/validate.test.ts

@@ -77,6 +77,59 @@ variables:
     }
   });
 
+  test('requires.system.type defaults to lxc when omitted', () => {
+    const yaml = `
+${CONTRACT_LINE}
+id: homebridge
+name: Homebridge
+version: 1.0.0
+requires:
+  system:
+    cpu: 1
+    zone: app
+`;
+    const result = validateManifest(yaml);
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data.requires.system?.type).toBe('lxc');
+    }
+  });
+
+  test('requires.system.type accepts an explicit vm', () => {
+    const yaml = `
+${CONTRACT_LINE}
+id: forgejo-runner
+name: Forgejo Runner
+version: 1.0.0
+requires:
+  system:
+    cpu: 4
+    memory: 8192
+    type: vm
+    zone: dmz
+`;
+    const result = validateManifest(yaml);
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data.requires.system?.type).toBe('vm');
+    }
+  });
+
+  test('requires.system.type rejects an unknown infra type', () => {
+    const yaml = `
+${CONTRACT_LINE}
+id: homebridge
+name: Homebridge
+version: 1.0.0
+requires:
+  system:
+    type: container
+    zone: app
+`;
+    const result = validateManifest(yaml);
+    expect(result.success).toBe(false);
+  });
+
   test('should validate dns-external manifest with capability provider', () => {
     const yaml = `
 ${CONTRACT_LINE}

package/src/services/bus-interview.test.ts

@@ -42,7 +42,7 @@ describe('busInterview', () => {
     const watch = responderBus.watch('config.required.lunacycle.domain', (event) => {
       responderBus.emitRaw(
         `${event.type}.reply`,
-        { value: 'lunacycle.net' },
+        { value: 'example.net' },
         { replyFor: event.id, emittedBy: 'test-responder' },
       );
     });
@@ -58,7 +58,7 @@ describe('busInterview', () => {
       payload,
     );
 
-    expect(reply.value).toBe('lunacycle.net');
+    expect(reply.value).toBe('example.net');
 
     watch.close();
     responderBus.close();

package/src/services/bus-secret-flow.test.ts

@@ -350,7 +350,7 @@ describe('bus-mediated interviewForMissingSecrets', () => {
     const { seen, close } = startTestResponder(
       bus,
       'secret.required.testmod.ddns_passwords',
-      { value: JSON.stringify({ 'lunacycle.net': 'pw1', 'celilo.computer': 'pw2' }) },
+      { value: JSON.stringify({ 'example.net': 'pw1', 'celilo.computer': 'pw2' }) },
       testDb,
     );
 
@@ -380,7 +380,7 @@ describe('bus-mediated interviewForMissingSecrets', () => {
 
     const masterKey = await getOrCreateMasterKey();
     const stored = await readModuleSecretKey('testmod', 'ddns_passwords', testDb, masterKey);
-    expect(stored).toBe(JSON.stringify({ 'lunacycle.net': 'pw1', 'celilo.computer': 'pw2' }));
+    expect(stored).toBe(JSON.stringify({ 'example.net': 'pw1', 'celilo.computer': 'pw2' }));
 
     close();
   });

package/src/services/celilo-mgmt-hooks.test.ts

@@ -18,6 +18,7 @@ import { afterEach, beforeEach, describe, expect, it } from 'bun:test';
 import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
+import { skipIntegration } from '../test-utils/integration-guard';
 
 import type { HookContext } from '@celilo/capabilities';
 
@@ -77,7 +78,7 @@ function buildContext(extras: Record<string, unknown>): HookContext {
   } as HookContext;
 }
 
-describe('celilo-mgmt on_backup', () => {
+describe.skipIf(skipIntegration({ tools: ['wg'] }))('celilo-mgmt on_backup', () => {
   let dir: string;
   let backupDir: string;
   let crossModuleRoot: string;
@@ -214,7 +215,7 @@ describe('celilo-mgmt on_backup', () => {
   });
 });
 
-describe('celilo-mgmt on_restore', () => {
+describe.skipIf(skipIntegration({ tools: ['wg'] }))('celilo-mgmt on_restore', () => {
   let dir: string;
   let restoreDir: string;
   let crossModuleWriteRoot: string;

package/src/services/deploy-preflight.ts

@@ -29,6 +29,7 @@ import { capabilities, moduleConfigs, modules, secrets } from '../db/schema';
 import { type ModuleManifest, getSingularSystemSpec } from '../manifest/schema';
 import { buildResolutionContext } from '../variables/context';
 import { E2E_CONFLICT_FIX, runningE2eContainers } from './e2e-guard';
+import { describeCapabilityProblem, findBrokenCapabilityDerivations } from './fleet-checks';
 
 export interface PreflightResult {
   success: boolean;
@@ -232,6 +233,30 @@ export async function runPreflight(
         });
       }
     }
+
+    // 4b. Capability-derived variables resolve to a concrete value. The
+    // scan above only catches values that ARE present-but-templated; a
+    // required `source: capability` var whose chain is broken upstream is
+    // silently DROPPED during derivation (the hasUnresolved guard), so it's
+    // absent from selfConfig entirely and a template `$self:<x>` later dies
+    // with a cryptic "not found". Assert it here against the RESOLVED
+    // capabilities map so the operator gets the named missing link up front
+    // instead of at generate time (ISS-0095 / ISS-0115).
+    for (const problem of findBrokenCapabilityDerivations(
+      moduleId,
+      manifest,
+      context.capabilities,
+    )) {
+      errors.push({
+        category: problem.reason === 'no-provider' ? 'missing-capability' : 'unresolved-template',
+        message: describeCapabilityProblem(problem),
+        variable: problem.variable,
+        suggestion:
+          problem.reason === 'no-provider'
+            ? `Deploy a module that provides '${problem.capability}', then redeploy '${moduleId}'`
+            : `Redeploy '${problem.capability}'s provider so it populates ${problem.capability}.${problem.path}, then redeploy '${moduleId}'`,
+      });
+    }
   } catch (error) {
     // Resolution context may fail — that's informative too
     warnings.push({

package/src/services/deploy-validation.test.ts

@@ -265,8 +265,8 @@ describe('findMissingSecrets (shared)', () => {
     // The terminal-responder reads these off the bus payload to apply
     // input-time regex validation. Without manifest → MissingVariable
     // propagation, the responder never sees them and operators end
-    // up entering invalid keys (e.g. 'www.lunacycle.net' instead of
-    // the apex 'lunacycle.net').
+    // up entering invalid keys (e.g. 'www.example.net' instead of
+    // the apex 'example.net').
     const missing = await findMissingSecrets(
       'testmod',
       {

package/src/services/dns-internal-records.test.ts

@@ -0,0 +1,126 @@
+import { afterEach, beforeEach, describe, expect, it } from 'bun:test';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import type { DnsRecordRequest } from '@celilo/capabilities';
+import type { DbClient } from '../db/client';
+import { modules } from '../db/schema';
+import { setupTestDatabase } from '../test-utils/setup-test-db';
+import {
+  listDnsInternalRecords,
+  recordDnsInternalRecord,
+  removeDnsInternalRecord,
+  withDnsInternalLedger,
+} from './dns-internal-records';
+
+describe('dns-internal-records ledger', () => {
+  let dir: string;
+  let dbPath: string;
+  let db: DbClient;
+
+  beforeEach(async () => {
+    dir = mkdtempSync(join(tmpdir(), 'dns-int-'));
+    dbPath = join(dir, 'celilo.db');
+    process.env.CELILO_DB_PATH = dbPath;
+    db = await setupTestDatabase(dbPath);
+    // FK targets: provider + consumer modules.
+    for (const id of ['technitium', 'forgejo']) {
+      db.insert(modules)
+        .values({
+          id,
+          name: id,
+          version: '1.0.0',
+          state: 'VERIFIED',
+          manifestData: {},
+          sourcePath: `/src/${id}`,
+        })
+        .run();
+    }
+  });
+  afterEach(() => {
+    db.$client.close();
+    process.env.CELILO_DB_PATH = undefined;
+    try {
+      rmSync(dir, { recursive: true, force: true });
+    } catch {
+      /* ignore */
+    }
+  });
+
+  const ctx = () => ({ db, providerModuleId: 'technitium', consumerModuleId: 'forgejo' });
+
+  it('records, lists, and upserts by (provider, host)', () => {
+    recordDnsInternalRecord(db, { ...ctx(), host: 'git-ssh.x', ip: '10.0.20.14' });
+    let rows = listDnsInternalRecords(db);
+    expect(rows).toHaveLength(1);
+    expect(rows[0].ip).toBe('10.0.20.14');
+
+    // Same (provider, host) updates in place — the natIp fix re-registering.
+    recordDnsInternalRecord(db, { ...ctx(), host: 'git-ssh.x', ip: '192.168.0.253' });
+    rows = listDnsInternalRecords(db);
+    expect(rows).toHaveLength(1);
+    expect(rows[0].ip).toBe('192.168.0.253');
+  });
+
+  it('removes a record by (provider, host)', () => {
+    recordDnsInternalRecord(db, { ...ctx(), host: 'a.x', ip: '1.1.1.1' });
+    recordDnsInternalRecord(db, { ...ctx(), host: 'b.x', ip: '2.2.2.2' });
+    removeDnsInternalRecord(db, { providerModuleId: 'technitium', host: 'a.x' });
+    const rows = listDnsInternalRecords(db);
+    expect(rows.map((r) => r.host)).toEqual(['b.x']);
+  });
+
+  describe('withDnsInternalLedger', () => {
+    function fakeProvider() {
+      const calls: Array<['register' | 'delete', DnsRecordRequest]> = [];
+      const iface = {
+        async registerRecord(req: DnsRecordRequest) {
+          calls.push(['register', req]);
+        },
+        async deleteRecord(req: DnsRecordRequest) {
+          calls.push(['delete', req]);
+        },
+      };
+      return { iface, calls };
+    }
+
+    it('records A-record registrations and passes the call through', async () => {
+      const { iface, calls } = fakeProvider();
+      const wrapped = withDnsInternalLedger(iface, ctx());
+      await wrapped.registerRecord({ host: 'git-ssh.x', type: 'A', value: '192.168.0.253' });
+      expect(calls).toHaveLength(1); // underlying provider still called
+      const rows = listDnsInternalRecords(db);
+      expect(rows).toHaveLength(1);
+      expect(rows[0]).toMatchObject({ host: 'git-ssh.x', ip: '192.168.0.253' });
+    });
+
+    it('does NOT ledger non-A records', async () => {
+      const { iface } = fakeProvider();
+      const wrapped = withDnsInternalLedger(iface, ctx());
+      await wrapped.registerRecord({ host: 'mail.x', type: 'MX', value: 'mx.x' });
+      expect(listDnsInternalRecords(db)).toHaveLength(0);
+    });
+
+    it('removes the ledger row on A-record delete', async () => {
+      const { iface } = fakeProvider();
+      const wrapped = withDnsInternalLedger(iface, ctx());
+      await wrapped.registerRecord({ host: 'git-ssh.x', type: 'A', value: '192.168.0.253' });
+      await wrapped.deleteRecord({ host: 'git-ssh.x', type: 'A', value: '192.168.0.253' });
+      expect(listDnsInternalRecords(db)).toHaveLength(0);
+    });
+
+    it('does not write the ledger if the underlying register throws', async () => {
+      const iface = {
+        async registerRecord(): Promise<void> {
+          throw new Error('resolver down');
+        },
+        async deleteRecord(): Promise<void> {},
+      };
+      const wrapped = withDnsInternalLedger(iface, ctx());
+      await expect(
+        wrapped.registerRecord({ host: 'git-ssh.x', type: 'A', value: '1.2.3.4' }),
+      ).rejects.toThrow('resolver down');
+      expect(listDnsInternalRecords(db)).toHaveLength(0);
+    });
+  });
+});

package/src/services/dns-internal-records.ts

@@ -0,0 +1,119 @@
+/**
+ * Internal split-horizon DNS A-record ledger (designs/CELILO_DOCTOR_FLEET_DRIFT.md
+ * Phase 4, ISS-0094 / ISS-0111).
+ *
+ * The dns_internal capability (technitium/knot) registers records straight
+ * into the resolver's own DB, leaving celilo no offline record of what it
+ * asked to be served. This ledger — the internal-DNS sibling of
+ * `dns_registrations` — records every successful `registerRecord({type:'A'})`
+ * so `celilo system doctor` can assert, without a live resolver probe, that
+ * service hostnames resolve to the firewall natIp (LAN-reachable) rather than
+ * a zone-side container IP a LAN device can't route to.
+ *
+ * Row lifecycle is FK cascade — records die with their provider or consumer.
+ */
+
+import type { DnsInternalCapability, DnsRecordRequest } from '@celilo/capabilities';
+import { and, eq } from 'drizzle-orm';
+import type { DbClient } from '../db/client';
+import { dnsInternalRecords } from '../db/schema';
+
+export interface DnsInternalRecordRow {
+  host: string;
+  ip: string;
+  providerModuleId: string;
+  consumerModuleId: string;
+  registeredAt: Date;
+}
+
+export function listDnsInternalRecords(
+  db: DbClient,
+  options: { providerModuleId?: string } = {},
+): DnsInternalRecordRow[] {
+  const query = db
+    .select({
+      host: dnsInternalRecords.host,
+      ip: dnsInternalRecords.ip,
+      providerModuleId: dnsInternalRecords.providerModuleId,
+      consumerModuleId: dnsInternalRecords.consumerModuleId,
+      registeredAt: dnsInternalRecords.registeredAt,
+    })
+    .from(dnsInternalRecords);
+  return options.providerModuleId
+    ? query.where(eq(dnsInternalRecords.providerModuleId, options.providerModuleId)).all()
+    : query.all();
+}
+
+export function recordDnsInternalRecord(
+  db: DbClient,
+  record: { providerModuleId: string; consumerModuleId: string; host: string; ip: string },
+): void {
+  db.insert(dnsInternalRecords)
+    .values({
+      providerModuleId: record.providerModuleId,
+      consumerModuleId: record.consumerModuleId,
+      host: record.host,
+      ip: record.ip,
+      registeredAt: new Date(),
+    })
+    .onConflictDoUpdate({
+      target: [dnsInternalRecords.providerModuleId, dnsInternalRecords.host],
+      set: {
+        consumerModuleId: record.consumerModuleId,
+        ip: record.ip,
+        registeredAt: new Date(),
+      },
+    })
+    .run();
+}
+
+export function removeDnsInternalRecord(
+  db: DbClient,
+  record: { providerModuleId: string; host: string },
+): void {
+  db.delete(dnsInternalRecords)
+    .where(
+      and(
+        eq(dnsInternalRecords.providerModuleId, record.providerModuleId),
+        eq(dnsInternalRecords.host, record.host),
+      ),
+    )
+    .run();
+}
+
+/**
+ * Wrap a dns_internal interface so A-record register/delete calls are
+ * mirrored into the ledger. Only A records are tracked — they're the
+ * host→IP mapping the natIp drift check reasons about; CNAMEs/others pass
+ * through unrecorded. A throw from the underlying call propagates before
+ * any ledger write, so only a confirmed register/delete earns a row change.
+ */
+export function withDnsInternalLedger(
+  iface: DnsInternalCapability,
+  ctx: { db: DbClient; providerModuleId: string; consumerModuleId: string },
+): DnsInternalCapability {
+  const isA = (request: DnsRecordRequest) => request.type.toUpperCase() === 'A';
+  return {
+    ...iface,
+    async registerRecord(request: DnsRecordRequest): Promise<void> {
+      await iface.registerRecord(request);
+      if (isA(request)) {
+        recordDnsInternalRecord(ctx.db, {
+          providerModuleId: ctx.providerModuleId,
+          consumerModuleId: ctx.consumerModuleId,
+          host: request.host,
+          ip: request.value,
+        });
+      }
+    },
+    async deleteRecord(request: DnsRecordRequest): Promise<void> {
+      await iface.deleteRecord(request);
+      if (isA(request)) {
+        removeDnsInternalRecord(ctx.db, {
+          providerModuleId: ctx.providerModuleId,
+          host: request.host,
+        });
+      }
+    },
+  };
+}

package/src/services/dns-provider-backfill.test.ts

@@ -105,14 +105,14 @@ describe('backfillWebRouteDns (ISS-0029)', () => {
     seedFirewall('100.64.0.1');
     seedRoute('apt.celilo.computer', '/');
     seedRoute('apt.celilo.computer', '/-/publish'); // same host, different path → deduped
-    seedRoute('registry.lunacycle.net', '/');
+    seedRoute('registry.example.net', '/');
 
     const calls: DnsRecordRequest[] = [];
     await backfillWebRouteDns('technitium', getDb(), silentLogger, stubLoader(calls));
 
     expect(calls.map((c) => c.host).sort()).toEqual([
       'apt.celilo.computer',
-      'registry.lunacycle.net',
+      'registry.example.net',
     ]);
     expect(calls.every((c) => c.value === '100.64.0.1' && c.type === 'A')).toBe(true);
   });

package/src/services/dns-registrations.test.ts

@@ -50,19 +50,19 @@ describe('dns_registrations ledger', () => {
     recordDnsRegistration(db, {
       providerModuleId: 'namecheap',
       consumerModuleId: 'caddy',
-      fqdn: 'www.lunacycle.net',
+      fqdn: 'www.example.net',
       ip: '198.51.100.7',
     });
     recordDnsRegistration(db, {
       providerModuleId: 'namecheap',
       consumerModuleId: 'caddy',
-      fqdn: 'www.lunacycle.net',
+      fqdn: 'www.example.net',
       ip: '198.51.100.8',
     });
 
     const rows = listDnsRegistrations(db, { providerModuleId: 'namecheap' });
     expect(rows.length).toBe(1);
-    expect(rows[0].fqdn).toBe('www.lunacycle.net');
+    expect(rows[0].fqdn).toBe('www.example.net');
     expect(rows[0].ip).toBe('198.51.100.8');
     expect(rows[0].consumerModuleId).toBe('caddy');
     expect(rows[0].refreshedAt).toBeNull();
@@ -72,7 +72,7 @@ describe('dns_registrations ledger', () => {
     recordDnsRegistration(db, {
       providerModuleId: 'namecheap',
       consumerModuleId: 'caddy',
-      fqdn: 'git.lunacycle.net',
+      fqdn: 'git.example.net',
       ip: null,
     });
     stampDnsRegistrationsRefreshed(db, 'namecheap');
@@ -84,7 +84,7 @@ describe('dns_registrations ledger', () => {
     recordDnsRegistration(db, {
       providerModuleId: 'namecheap',
       consumerModuleId: 'caddy',
-      fqdn: 'www.lunacycle.net',
+      fqdn: 'www.example.net',
       ip: '198.51.100.7',
     });
     db.delete(modules).where(eq(modules.id, 'caddy')).run();
@@ -106,15 +106,15 @@ describe('dns_registrations ledger', () => {
       consumerModuleId: 'caddy',
     });
 
-    await wrapped.registerHost({ fqdn: 'www.lunacycle.net', ip: '198.51.100.7' });
-    await wrapped.registerHost({ fqdn: 'fail.lunacycle.net', ip: '198.51.100.7' });
-    await wrapped.registerHost({ fqdn: 'auto.lunacycle.net' });
+    await wrapped.registerHost({ fqdn: 'www.example.net', ip: '198.51.100.7' });
+    await wrapped.registerHost({ fqdn: 'fail.example.net', ip: '198.51.100.7' });
+    await wrapped.registerHost({ fqdn: 'auto.example.net' });
 
     expect(calls.length).toBe(3);
     const rows = listDnsRegistrations(db);
     const fqdns = rows.map((r) => r.fqdn).sort();
-    expect(fqdns).toEqual(['auto.lunacycle.net', 'www.lunacycle.net']);
-    const auto = rows.find((r) => r.fqdn === 'auto.lunacycle.net');
+    expect(fqdns).toEqual(['auto.example.net', 'www.example.net']);
+    const auto = rows.find((r) => r.fqdn === 'auto.example.net');
     expect(auto?.ip).toBeNull();
   });
 });