let s = import "../schema.ncl" in

s.Domain & {
  id          = "provisioning",
  name        = "Provisioning",
  repo_kinds  = ["DevWorkspace", "Mixed"],
  description = "Infrastructure workspace and platform commands for DevWorkspace and Mixed projects.",
  short_alias = "prov",
  required_extensions = [],

  commands = [
    { id = "state",                         description = "Current FSM position across all dimensions" },
    { id = "next",                          description = "Next valid transitions with blockers and catalysts" },
    { id = "validate <decision>",           description = "Check a decision against ontological invariants" },
    { id = "connections",                   description = "Upstream and downstream project dependency graph" },
    { id = "gates",                         description = "Membrane status and opening conditions" },
    { id = "card",                          description = "Workspace card — identity, clusters, status (DevWorkspace only)" },
    { id = "capabilities",                  description = "Platform capabilities from manifest" },
    { id = "backlog [--priority]",          description = "Backlog items filtered by High|Medium|Low (platform only)" },
    { id = "backlog show <id>",             description = "Full detail of a backlog item" },
    { id = "install [--mode] [--platform]", description = "Install provisioning platform services (platform only)" },

    # ── Ops contract (adr-037) — pending queue, signed commands, audit ──────
    { id = "ops list",                      description = "Pending and recent ops for the workspace (NATS ops.pending and ops.cmd subjects)" },
    { id = "ops describe <id>",             description = "Full detail of a single op including JWT claims, scopes, expected_state_version" },
    { id = "ops sign <id>",                 description = "Operator signs a pending op via keeper-cli (requires authorized signer key)" },
    { id = "ops history [--workspace]",     description = "Audit log of applied ops from <workspace>-state Radicle ledger" },

    # ── Playbooks — executable operational artifacts ────────────────────────
    { id = "playbook list",                 description = "Available playbooks for this workspace's repo_kind" },
    { id = "playbook describe <name>",      description = "Full definition (steps, params, preconditions) of a playbook" },
    { id = "playbook run <name>",           description = "Execute a playbook (use --dry-run first to simulate without side effects)" },
    { id = "playbook history",              description = "Past playbook executions, params, outcomes from audit ledger" },

    # ── Keeper (signing daemon) status and control ──────────────────────────
    { id = "keeper status",                 description = "Current keeper mode (auto | operator-only | down) and policy version" },
    { id = "keeper policy",                 description = "Show active keeper policy for this workspace from policy-<workspace> Radicle repo" },
    { id = "keeper switch <mode>",          description = "Switch keeper mode (delegates to switch_to_<mode> playbook)" },

    # ── Governance (adr-038) — Radicle delegation queries ────────────────────
    { id = "governance delegations",        description = "Current Radicle delegation set for the workspace's policy/desired/state repos" },
    { id = "governance signers",            description = "Active signers for ops and policy (M-of-N quorum status)" },

    # ── Registry (OCI / zot) ─────────────────────────────────────────────────
    { id = "i resolve-registry",            description = "Resolved OCI registry endpoint: PROVISIONING_REGISTRY env → capabilities.ncl → constant fallback" },
    { id = "i list",                        description = "Show resolved registry endpoint without querying live catalog" },
    { id = "i list --live",                 description = "Query _catalog on the resolved registry; list live domains/<participant>/<id> and modes/<participant>/<id>" },
  ],

  pages = [
    { id = "provisioning", route = "/<slug>/provisioning", title = "Provisioning (State · Connections · Gates)", template = "provisioning", nav_label = "Provisioning" },
  ],
}