# .ontoref/

Runtime configuration for the `ontoref-daemon`.

## Registry

`registry.toml` is **derived** — do not edit it by hand.

The source of truth is `registry.ncl`, which carries a typed Nickel schema:

| Field | Type | Notes |
|-------|------|-------|
| `slug` | `String` | Unique project identifier |
| `root` | `String` | Absolute path to the project root |
| `keys` | `Array KeyEntry` | Optional. Each entry: `role` (`admin`\|`viewer`) + `hash` (Argon2id PHC) |

### Why not validate paths in Nickel

Nickel is a pure configuration language — no filesystem access.
Path existence is validated by the generator script at write time, not by the schema.
The schema enforces structure and types; the script enforces runtime semantics.

### Generating registry.toml

```sh
nu .ontoref/gen-registry.nu
# or via just:
just gen-registry
```

Projects whose `root` path does not exist are warned and skipped.
This is intentional: the registry may reference projects present on some machines but not others.

### Adding a key (HTTP auth)

```sh
# 1. Generate the hash
ontoref-daemon --hash-password <your-password>

# 2. Add the entry to registry.ncl under the target project's keys array
# 3. Regenerate
just gen-registry
```