# bootstrap.ncl — contract for NCL configs delivered via pipe to a process.
#
# A Bootstrapable config satisfies three properties:
#   1. Exportable to JSON by `nickel export` without side effects or system calls
#   2. Contains no secret values — secrets are injected at bootstrap time (SOPS/Vault)
#   3. Declares _bootstrapable = true as a machine-checkable marker
#
# Usage in a config file:
#   let B = import "ontology/schemas/bootstrap.ncl" in
#   { ... } | B.Bootstrapable

{
  # Secret reference — a placeholder that the bootstrap pipeline resolves via SOPS or Vault.
  # The NCL file stores only the reference, never the value.
  SecretRef = {
    _secret_ref | Bool | default = true,
    source      | [| 'sops, 'vault, 'env |],
    path        | String,
  },

  # Core contract: any config NCL to be used with ncl-bootstrap must satisfy this.
  Bootstrapable = {
    _bootstrapable | Bool | default = true,
  },

  # Pipeline stage descriptor — documents what each stage does.
  # Used in ADR rationale and tooling introspection.
  Stage = {
    name        | String,
    command     | String,
    purpose     | String,
    secrets     | Bool | default = false,
    required    | Bool | default = true,
  },

  # Full bootstrap pipeline declaration — optional, for self-documenting configs.
  Pipeline = {
    stages  | Array Stage,
    target  | String,   # the final process command
    stdin_flag | String | default = "--config-stdin",
  },
}