@celilo/cli 0.5.0-alpha.7 → 0.5.0-alpha.9

package/src/cli/commands/storage-add-local.ts

@@ -12,9 +12,9 @@ import {
   setDefaultBackupStorage,
   verifyBackupStorage,
 } from '../../services/backup-storage';
-import { celiloIntro, celiloOutro, promptConfirm, promptText } from '../prompts';
+import { askConfirm, askText, withInterviewSession } from '../../services/bus-interview';
+import { celiloIntro, celiloOutro } from '../prompts';
 import type { CommandResult } from '../types';
-import { validateRequired } from '../validators';
 
 /**
  * Best-effort write probe. Attempts to mkdir -p a `.celilo-write-probe`
@@ -52,122 +52,135 @@ export async function handleStorageAddLocal(
   _args: string[],
   flags: Record<string, boolean | string> = {},
 ): Promise<CommandResult> {
-  try {
-    celiloIntro('Add Local Backup Storage');
-
-    // Support non-interactive mode via flags
-    const flagName = typeof flags.name === 'string' ? flags.name : undefined;
-    const flagPath = typeof flags.path === 'string' ? flags.path : undefined;
-
-    const name =
-      flagName ??
-      (await promptText({
-        message: 'Human-readable name:',
-        defaultValue: 'Local Backups',
-        placeholder: 'Local Backups',
-        validate: validateRequired('Storage name'),
-      }));
-
-    // Default path lives under celilo's own data dir
-    // (~/.local/share/celilo/backups on Linux, ~/Library/Application
-    // Support/celilo/backups on macOS). The directory is owned by the
-    // running user, mkdir -p succeeds without sudo, and operators who
-    // want NAS / external paths can override at the prompt. This
-    // replaces the prior placeholder of "/var/backups/celilo" which
-    // looked authoritative but required root to write.
-    const defaultPath = join(getDataDir(), 'backups');
-
-    // Probe writability BEFORE saving the storage row. The previous
-    // flow (save → verify → fail with EACCES → leave dangling
-    // unverified row) was confusing and required the operator to know
-    // about `storage verify` to recover. Probing here means an
-    // unwriteable path never produces persistent state.
-    //
-    // Non-interactive (--name + --path): probe once, fail loud.
-    // Interactive: re-prompt until a writeable path is supplied.
-    let resolvedPath: string;
-    if (flagPath !== undefined) {
-      resolvedPath = resolve(expandTilde(flagPath));
-      const writeError = probePathWriteable(resolvedPath);
-      if (writeError !== null) {
-        return {
-          success: false,
-          error: `Path '${resolvedPath}' is not writeable: ${writeError}\n\nTry a path under your home directory (e.g. '${defaultPath}') or run with elevated permissions.`,
-        };
-      }
-    } else {
-      let candidate: string | undefined;
-      while (candidate === undefined) {
-        const typed = await promptText({
-          message: 'Storage directory path:',
-          defaultValue: defaultPath,
-          placeholder: defaultPath,
-          validate: validateRequired('Storage path'),
-        });
-        const resolved = resolve(expandTilde(typed));
-        const writeError = probePathWriteable(resolved);
-        if (writeError === null) {
-          candidate = resolved;
-          break;
+  // Non-secret prompts route through the bus interview (ISS-0127). Local
+  // storage has no secret credentials. `withInterviewSession` renders bus
+  // questions locally when stdin is a TTY.
+  const scope = 'storage-add:local';
+
+  return withInterviewSession(async () => {
+    try {
+      celiloIntro('Add Local Backup Storage');
+
+      // Support non-interactive mode via flags
+      const flagName = typeof flags.name === 'string' ? flags.name : undefined;
+      const flagPath = typeof flags.path === 'string' ? flags.path : undefined;
+
+      const name =
+        flagName ??
+        (await askText({
+          scope,
+          key: 'name',
+          message: 'Human-readable name',
+          defaultValue: 'Local Backups',
+          placeholder: 'Local Backups',
+          required: true,
+        }));
+
+      // Default path lives under celilo's own data dir
+      // (~/.local/share/celilo/backups on Linux, ~/Library/Application
+      // Support/celilo/backups on macOS). The directory is owned by the
+      // running user, mkdir -p succeeds without sudo, and operators who
+      // want NAS / external paths can override at the prompt. This
+      // replaces the prior placeholder of "/var/backups/celilo" which
+      // looked authoritative but required root to write.
+      const defaultPath = join(getDataDir(), 'backups');
+
+      // Probe writability BEFORE saving the storage row. The previous
+      // flow (save → verify → fail with EACCES → leave dangling
+      // unverified row) was confusing and required the operator to know
+      // about `storage verify` to recover. Probing here means an
+      // unwriteable path never produces persistent state.
+      //
+      // Non-interactive (--name + --path): probe once, fail loud.
+      // Interactive: re-prompt until a writeable path is supplied.
+      let resolvedPath: string;
+      if (flagPath !== undefined) {
+        resolvedPath = resolve(expandTilde(flagPath));
+        const writeError = probePathWriteable(resolvedPath);
+        if (writeError !== null) {
+          return {
+            success: false,
+            error: `Path '${resolvedPath}' is not writeable: ${writeError}\n\nTry a path under your home directory (e.g. '${defaultPath}') or run with elevated permissions.`,
+          };
         }
-        console.log(
-          `\n✗ Path '${resolved}' is not writeable: ${writeError}\nTry a path under your home directory (default '${defaultPath}' works without sudo).\n`,
-        );
-        // Loop continues — re-prompt with the same default suggestion.
+      } else {
+        let candidate: string | undefined;
+        while (candidate === undefined) {
+          const typed = await askText({
+            scope,
+            key: 'path',
+            message: 'Storage directory path',
+            defaultValue: defaultPath,
+            placeholder: defaultPath,
+            required: true,
+          });
+          const resolved = resolve(expandTilde(typed));
+          const writeError = probePathWriteable(resolved);
+          if (writeError === null) {
+            candidate = resolved;
+            break;
+          }
+          console.log(
+            `\n✗ Path '${resolved}' is not writeable: ${writeError}\nTry a path under your home directory (default '${defaultPath}' works without sudo).\n`,
+          );
+          // Loop continues — re-prompt with the same default suggestion.
+        }
+        resolvedPath = candidate;
       }
-      resolvedPath = candidate;
-    }
 
-    const storage = await addBackupStorage({
-      name,
-      providerName: 'local',
-      credentials: { path: resolvedPath },
-    });
-
-    console.log(`\nStorage '${storage.storageId}' saved`);
-    console.log('Testing storage access...');
+      const storage = await addBackupStorage({
+        name,
+        providerName: 'local',
+        credentials: { path: resolvedPath },
+      });
 
-    const { result } = await verifyBackupStorage(storage.id);
+      console.log(`\nStorage '${storage.storageId}' saved`);
+      console.log('Testing storage access...');
 
-    if (!result.success) {
-      // Should be unreachable in interactive mode (the pre-save probe
-      // covers the EACCES path); could still fire for less-common
-      // verify failures (full disk, etc.). Keep the dangling-row
-      // recovery hint as a safety net.
-      console.log(`\n✗ Verification failed: ${result.message}`);
-      celiloOutro(
-        `Storage '${storage.storageId}' added but not verified.\n\nFix the path and re-verify: celilo storage verify ${storage.storageId}`,
-      );
-      return { success: true, message: `Added storage: ${storage.storageId} (not verified)` };
-    }
+      const { result } = await verifyBackupStorage(storage.id);
 
-    console.log(`✓ ${result.message}`);
+      if (!result.success) {
+        // Should be unreachable in interactive mode (the pre-save probe
+        // covers the EACCES path); could still fire for less-common
+        // verify failures (full disk, etc.). Keep the dangling-row
+        // recovery hint as a safety net.
+        console.log(`\n✗ Verification failed: ${result.message}`);
+        celiloOutro(
+          `Storage '${storage.storageId}' added but not verified.\n\nFix the path and re-verify: celilo storage verify ${storage.storageId}`,
+        );
+        return { success: true, message: `Added storage: ${storage.storageId} (not verified)` };
+      }
 
-    if (flagName && flagPath) {
-      // Non-interactive: auto-set as default
-      setDefaultBackupStorage(storage.id);
-      console.log('✓ Set as default');
-    } else {
-      const makeDefault = await promptConfirm({
-        message: 'Set as default backup destination?',
-        initialValue: true,
-      });
+      console.log(`✓ ${result.message}`);
 
-      if (makeDefault) {
+      if (flagName && flagPath) {
+        // Non-interactive: auto-set as default
         setDefaultBackupStorage(storage.id);
         console.log('✓ Set as default');
+      } else {
+        const makeDefault = await askConfirm({
+          scope,
+          key: 'make_default',
+          message: 'Set as default backup destination?',
+          defaultValue: true,
+        });
+
+        if (makeDefault) {
+          setDefaultBackupStorage(storage.id);
+          console.log('✓ Set as default');
+        }
       }
-    }
 
-    celiloOutro(
-      `Storage '${storage.storageId}' (${name}) added and verified!\n\nStorage ID: ${storage.storageId}\nPath: ${resolvedPath}\n\nNext steps:\n  celilo module backup <module-id>  Create a backup\n  celilo storage list               List storage destinations`,
-    );
+      celiloOutro(
+        `Storage '${storage.storageId}' (${name}) added and verified!\n\nStorage ID: ${storage.storageId}\nPath: ${resolvedPath}\n\nNext steps:\n  celilo module backup <module-id>  Create a backup\n  celilo storage list               List storage destinations`,
+      );
 
-    return { success: true, message: `Added local storage: ${storage.storageId}` };
-  } catch (error) {
-    return {
-      success: false,
-      error: `Failed to add local storage: ${error instanceof Error ? error.message : String(error)}`,
-    };
-  }
+      return { success: true, message: `Added local storage: ${storage.storageId}` };
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to add local storage: ${error instanceof Error ? error.message : String(error)}`,
+      };
+    }
+  });
 }

package/src/cli/commands/storage-add-s3.ts

@@ -9,151 +9,165 @@ import {
   setDefaultBackupStorage,
   verifyBackupStorage,
 } from '../../services/backup-storage';
-import { celiloIntro, celiloOutro, promptConfirm, promptPassword, promptText } from '../prompts';
+import { askConfirm, askText, withInterviewSession } from '../../services/bus-interview';
+import { celiloIntro, celiloOutro } from '../prompts';
+import { resolveServiceCredential } from '../service-credential';
 import type { CommandResult } from '../types';
-import { validateRequired } from '../validators';
 
 export async function handleStorageAddS3(
   _args: string[],
   flags: Record<string, boolean | string> = {},
 ): Promise<CommandResult> {
-  try {
-    celiloIntro('Add S3 Backup Storage');
-
-    // Support non-interactive mode via flags (scriptable from docker-exec /
-    // automation). region + endpoint have sensible defaults; name, bucket, and
-    // the two credential flags are required for a fully non-interactive run.
-    const flagName = typeof flags.name === 'string' ? flags.name : undefined;
-    const flagBucket = typeof flags.bucket === 'string' ? flags.bucket : undefined;
-    const flagRegion = typeof flags.region === 'string' ? flags.region : undefined;
-    const flagEndpoint = typeof flags.endpoint === 'string' ? flags.endpoint : undefined;
-    const flagAccessKeyId =
-      typeof flags['access-key-id'] === 'string' ? flags['access-key-id'] : undefined;
-    const flagSecretAccessKey =
-      typeof flags['secret-access-key'] === 'string' ? flags['secret-access-key'] : undefined;
-
-    const nonInteractive = Boolean(
-      flagName && flagBucket && flagAccessKeyId && flagSecretAccessKey,
-    );
-
-    const name =
-      flagName ??
-      (await promptText({
-        message: 'Human-readable name:',
-        placeholder: 'e.g., Backblaze B2 Backups',
-        validate: validateRequired('Storage name'),
-      }));
-
-    const bucket =
-      flagBucket ??
-      (await promptText({
-        message: 'Bucket name:',
-        placeholder: 'e.g., homelab-backups',
-        validate: validateRequired('Bucket name'),
-      }));
-
-    const region =
-      flagRegion ??
-      (await promptText({
-        message: 'Region:',
-        defaultValue: 'us-east-1',
-        placeholder: 'us-east-1',
-        validate: validateRequired('Region'),
-      }));
-
-    const endpoint =
-      flagEndpoint ??
-      (await promptText({
-        message: 'Endpoint URL:',
-        defaultValue: 'https://s3.amazonaws.com',
-        placeholder: 'https://s3.amazonaws.com',
-        validate: (value) => {
-          const err = validateRequired('Endpoint URL')(value);
-          if (err) return err;
-          if (value && !value.startsWith('https://') && !value.startsWith('http://')) {
-            return 'Endpoint must start with https:// or http://';
-          }
-          return undefined;
+  // Non-secret prompts route through the bus interview (ISS-0127); the S3
+  // secret access key is a credential that travels by flag/env only (D7).
+  const scope = 'storage-add:s3';
+
+  return withInterviewSession(async () => {
+    try {
+      celiloIntro('Add S3 Backup Storage');
+
+      // Support non-interactive mode via flags (scriptable from docker-exec /
+      // automation). region + endpoint have sensible defaults; name, bucket, and
+      // the two credential flags are required for a fully non-interactive run.
+      const flagName = typeof flags.name === 'string' ? flags.name : undefined;
+      const flagBucket = typeof flags.bucket === 'string' ? flags.bucket : undefined;
+      const flagRegion = typeof flags.region === 'string' ? flags.region : undefined;
+      const flagEndpoint = typeof flags.endpoint === 'string' ? flags.endpoint : undefined;
+      const flagAccessKeyId =
+        typeof flags['access-key-id'] === 'string' ? flags['access-key-id'] : undefined;
+      const flagSecretAccessKey =
+        typeof flags['secret-access-key'] === 'string' ? flags['secret-access-key'] : undefined;
+
+      const nonInteractive = Boolean(
+        flagName && flagBucket && flagAccessKeyId && flagSecretAccessKey,
+      );
+
+      const name =
+        flagName ??
+        (await askText({
+          scope,
+          key: 'name',
+          message: 'Human-readable name',
+          placeholder: 'e.g., Backblaze B2 Backups',
+          required: true,
+        }));
+
+      const bucket =
+        flagBucket ??
+        (await askText({
+          scope,
+          key: 'bucket',
+          message: 'Bucket name',
+          placeholder: 'e.g., homelab-backups',
+          required: true,
+        }));
+
+      const region =
+        flagRegion ??
+        (await askText({
+          scope,
+          key: 'region',
+          message: 'Region',
+          defaultValue: 'us-east-1',
+          placeholder: 'us-east-1',
+          required: true,
+        }));
+
+      const endpoint =
+        flagEndpoint ??
+        (await askText({
+          scope,
+          key: 'endpoint',
+          message: 'Endpoint URL',
+          defaultValue: 'https://s3.amazonaws.com',
+          placeholder: 'https://s3.amazonaws.com',
+          required: true,
+          pattern: '^https?://',
+        }));
+
+      if (
+        flagEndpoint &&
+        !flagEndpoint.startsWith('https://') &&
+        !flagEndpoint.startsWith('http://')
+      ) {
+        return {
+          success: false,
+          error: `Invalid --endpoint '${flagEndpoint}': must start with https:// or http://`,
+        };
+      }
+
+      const accessKeyId =
+        flagAccessKeyId ??
+        (await askText({
+          scope,
+          key: 'access_key_id',
+          message: 'Access Key ID',
+          required: true,
+        }));
+
+      // Secret access key is a credential — flag/env only (D7).
+      const secretAccessKey = await resolveServiceCredential({
+        field: 'Secret Access Key',
+        flag: 'secret-access-key',
+        envVar: 'S3_SECRET_ACCESS_KEY',
+        flagValue: flagSecretAccessKey,
+      });
+
+      const storage = await addBackupStorage({
+        name,
+        providerName: 's3',
+        credentials: {
+          bucket,
+          region,
+          endpoint,
+          accessKeyId,
+          secretAccessKey,
         },
-      }));
+      });
 
-    if (
-      flagEndpoint &&
-      !flagEndpoint.startsWith('https://') &&
-      !flagEndpoint.startsWith('http://')
-    ) {
-      return {
-        success: false,
-        error: `Invalid --endpoint '${flagEndpoint}': must start with https:// or http://`,
-      };
-    }
+      console.log(`\nStorage '${storage.storageId}' saved`);
+      console.log('Testing connection...');
 
-    const accessKeyId =
-      flagAccessKeyId ??
-      (await promptText({
-        message: 'Access Key ID:',
-        validate: validateRequired('Access Key ID'),
-      }));
-
-    const secretAccessKey =
-      flagSecretAccessKey ??
-      (await promptPassword({
-        message: 'Secret Access Key:',
-        validate: validateRequired('Secret Access Key'),
-      }));
-
-    const storage = await addBackupStorage({
-      name,
-      providerName: 's3',
-      credentials: {
-        bucket,
-        region,
-        endpoint,
-        accessKeyId,
-        secretAccessKey,
-      },
-    });
-
-    console.log(`\nStorage '${storage.storageId}' saved`);
-    console.log('Testing connection...');
-
-    const { result } = await verifyBackupStorage(storage.id);
-
-    if (!result.success) {
-      console.log(`\n✗ Verification failed: ${result.message}`);
-      celiloOutro(
-        `Storage '${storage.storageId}' added but not verified.\n\nCheck credentials and re-verify: celilo storage verify ${storage.storageId}`,
-      );
-      return { success: true, message: `Added storage: ${storage.storageId} (not verified)` };
-    }
+      const { result } = await verifyBackupStorage(storage.id);
 
-    console.log(`✓ ${result.message}`);
+      if (!result.success) {
+        console.log(`\n✗ Verification failed: ${result.message}`);
+        celiloOutro(
+          `Storage '${storage.storageId}' added but not verified.\n\nCheck credentials and re-verify: celilo storage verify ${storage.storageId}`,
+        );
+        return { success: true, message: `Added storage: ${storage.storageId} (not verified)` };
+      }
 
-    if (nonInteractive) {
-      // Non-interactive: auto-set as default (matches storage-add-local).
-      setDefaultBackupStorage(storage.id);
-      console.log('✓ Set as default');
-    } else {
-      const makeDefault = await promptConfirm({
-        message: 'Set as default backup destination?',
-        initialValue: true,
-      });
+      console.log(`✓ ${result.message}`);
 
-      if (makeDefault) {
+      if (nonInteractive) {
+        // Non-interactive: auto-set as default (matches storage-add-local).
         setDefaultBackupStorage(storage.id);
         console.log('✓ Set as default');
+      } else {
+        const makeDefault = await askConfirm({
+          scope,
+          key: 'make_default',
+          message: 'Set as default backup destination?',
+          defaultValue: true,
+        });
+
+        if (makeDefault) {
+          setDefaultBackupStorage(storage.id);
+          console.log('✓ Set as default');
+        }
       }
-    }
 
-    celiloOutro(
-      `Storage '${storage.storageId}' (${name}) added and verified!\n\nStorage ID: ${storage.storageId}\nBucket: ${bucket}\nEndpoint: ${endpoint}\n\nNext steps:\n  celilo module backup <module-id>  Create a backup\n  celilo storage list               List storage destinations`,
-    );
-
-    return { success: true, message: `Added S3 storage: ${storage.storageId}` };
-  } catch (error) {
-    return {
-      success: false,
-      error: `Failed to add S3 storage: ${error instanceof Error ? error.message : String(error)}`,
-    };
-  }
+      celiloOutro(
+        `Storage '${storage.storageId}' (${name}) added and verified!\n\nStorage ID: ${storage.storageId}\nBucket: ${bucket}\nEndpoint: ${endpoint}\n\nNext steps:\n  celilo module backup <module-id>  Create a backup\n  celilo storage list               List storage destinations`,
+      );
+
+      return { success: true, message: `Added S3 storage: ${storage.storageId}` };
+    } catch (error) {
+      return {
+        success: false,
+        error: `Failed to add S3 storage: ${error instanceof Error ? error.message : String(error)}`,
+      };
+    }
+  });
 }

package/src/cli/commands/storage-remove.ts

@@ -3,8 +3,8 @@
  * Remove a backup storage destination
  */
 
-import * as p from '@clack/prompts';
 import { getBackupStorageByStorageId, removeBackupStorage } from '../../services/backup-storage';
+import { askConfirm, withInterviewSession } from '../../services/bus-interview';
 import { celiloIntro, celiloOutro } from '../prompts';
 import type { CommandResult } from '../types';
 
@@ -29,13 +29,16 @@ export async function handleStorageRemove(
     }
 
     if (!flags.force) {
-      const confirmed = await p.confirm({
-        message: `Remove storage '${storage.storageId}' (${storage.name})?`,
-        initialValue: false,
-      });
-
-      if (p.isCancel(confirmed) || !confirmed) {
-        p.cancel('Operation cancelled');
+      const confirmed = await withInterviewSession(() =>
+        askConfirm({
+          scope: `storage:${storage.storageId}`,
+          key: 'remove',
+          message: `Remove storage '${storage.storageId}' (${storage.name})?`,
+          defaultValue: false,
+        }),
+      );
+
+      if (!confirmed) {
         return { success: false, error: 'Cancelled by user' };
       }
     }