provisioning/schemas/platform/constraints/constraints.toml

# Platform Services Configuration Constraints
# Single source of truth for validation limits across all services
# Used by: validators, TypeDialog forms, Nickel schemas
# Date: 2025-01-05

# ============================================================================
# ORCHESTRATOR CONSTRAINTS
# ============================================================================

[orchestrator.workers]
description = "Workflow engine worker thread count"
max = 32
min = 1

[orchestrator.queue.concurrent_tasks]
description = "Maximum concurrent tasks in workflow queue"
max = 100
min = 1

[orchestrator.queue.retry_attempts]
description = "Retry attempts for failed tasks"
max = 10
min = 0

[orchestrator.queue.retry_delay]
description = "Delay between retries in milliseconds (1s-60s)"
max = 60000
min = 1000

[orchestrator.queue.task_timeout]
description = "Task execution timeout in milliseconds (1min-24hrs)"
max = 86400000
min = 60000

[orchestrator.batch.parallel_limit]
description = "Batch workflow parallel operation limit"
max = 50
min = 1

[orchestrator.batch.operation_timeout]
description = "Batch operation timeout in milliseconds (1min-1hr)"
max = 3600000
min = 60000

[orchestrator.extensions.max_concurrent]
description = "Max concurrent extension operations"
max = 20
min = 1

# ============================================================================
# CONTROL CENTER CONSTRAINTS
# ============================================================================

[control_center.jwt.token_expiration]
description = "JWT token expiration in seconds (5min-7days)"
max = 604800
min = 300

[control_center.jwt.refresh_expiration]
description = "JWT refresh token expiration in seconds (1hr-30days)"
max = 2592000
min = 3600

[control_center.rate_limiting.max_requests]
description = "Rate limiting max requests per window"
max = 10000
min = 10

[control_center.rate_limiting.window_seconds]
description = "Rate limiting window in seconds"
max = 3600
min = 1

[control_center.session.max_duration]
description = "Session max duration in seconds (15min-30days)"
max = 2592000
min = 900

[control_center.mfa.max_attempts]
description = "MFA authentication max attempts before lockout"
max = 10
min = 1

[control_center.audit.retention_days]
description = "Audit log retention in days (1-10 years)"
max = 3650
min = 1

# ============================================================================
# MCP SERVER CONSTRAINTS
# ============================================================================

[mcp_server.tools.max_concurrent]
description = "Maximum concurrent tool executions"
max = 20
min = 1

[mcp_server.tools.timeout]
description = "Tool execution timeout in milliseconds (5s-10min)"
max = 600000
min = 5000

[mcp_server.resources.max_size]
description = "Maximum resource size in bytes (1MB-1GB)"
max = 1073741824
min = 1048576

[mcp_server.resources.cache_ttl]
description = "Resource cache TTL in seconds (1min-1hr)"
max = 3600
min = 60

[mcp_server.prompts.max_templates]
description = "Maximum custom prompt templates"
max = 100
min = 1

[mcp_server.sampling.max_tokens]
description = "Max tokens for sampling operations"
max = 100000
min = 100

# ============================================================================
# COMMON CONSTRAINTS
# ============================================================================

[common.server.port]
description = "Valid port range (avoid system ports < 1024)"
max = 65535
min = 1024

[common.server.workers]
description = "HTTP server worker thread count"
max = 32
min = 1

[common.server.max_connections]
description = "Maximum concurrent HTTP connections"
max = 10000
min = 10

[common.server.keep_alive]
description = "HTTP keep-alive timeout in seconds (0=disabled)"
max = 600
min = 0

[common.monitoring.metrics_interval]
description = "Metrics collection interval in seconds (10s-5min)"
max = 300
min = 10

[common.monitoring.health_check_interval]
description = "Health check interval in seconds (5s-5min)"
max = 300
min = 5

[common.monitoring.retention_days]
description = "Metrics retention in days (1-10 years)"
max = 3650
min = 1

[common.logging.max_file_size]
description = "Max log file size in bytes (1MB-1GB)"
max = 1073741824
min = 1048576

[common.logging.max_backups]
description = "Maximum log file backups to retain"
max = 100
min = 1

# ============================================================================
# DEPLOYMENT MODE: SOLO
# ============================================================================

[deployment.solo.cpu]
description = "Solo mode CPU cores (single developer)"
max = 4
min = 2

[deployment.solo.memory_mb]
description = "Solo mode memory allocation in MB (2GB-8GB)"
max = 8192
min = 2048

[deployment.solo.disk_gb]
description = "Solo mode disk allocation in GB (10GB-100GB)"
max = 100
min = 10

# ============================================================================
# DEPLOYMENT MODE: MULTIUSER
# ============================================================================

[deployment.multiuser.cpu]
description = "Multi-user mode CPU cores (team servers)"
max = 8
min = 4

[deployment.multiuser.memory_mb]
description = "Multi-user mode memory allocation in MB (4GB-16GB)"
max = 16384
min = 4096

[deployment.multiuser.disk_gb]
description = "Multi-user mode disk allocation in GB (50GB-500GB)"
max = 500
min = 50

[deployment.multiuser.postgres.max_connections]
description = "PostgreSQL max connections for multi-user"
max = 200
min = 20

# ============================================================================
# DEPLOYMENT MODE: CI/CD
# ============================================================================

[deployment.cicd.cpu]
description = "CI/CD mode CPU cores (pipeline servers)"
max = 16
min = 8

[deployment.cicd.memory_mb]
description = "CI/CD mode memory allocation in MB (8GB-32GB)"
max = 32768
min = 8192

[deployment.cicd.disk_gb]
description = "CI/CD mode disk allocation in GB (100GB-1TB) - ephemeral"
max = 1000
min = 100

# ============================================================================
# DEPLOYMENT MODE: ENTERPRISE
# ============================================================================

[deployment.enterprise.cpu]
description = "Enterprise mode CPU cores (production HA)"
max = 128
min = 16

[deployment.enterprise.memory_mb]
description = "Enterprise mode memory allocation in MB (32GB-256GB)"
max = 262144
min = 32768

[deployment.enterprise.disk_gb]
description = "Enterprise mode disk allocation in GB (500GB-10TB)"
max = 10000
min = 500

[deployment.enterprise.replicas]
description = "Enterprise HA replica count (minimum 3 for quorum)"
max = 10
min = 3

[deployment.enterprise.surrealdb.max_connections]
description = "SurrealDB cluster max connections for enterprise"
max = 1000
min = 100

# ============================================================================
# WORKSPACE CONSTRAINTS
# ============================================================================

[workspace.name]
description = "Workspace name: lowercase alphanumeric, underscore, hyphen, max 64 chars"
pattern = "^[a-z0-9_-]{1,64}$"

[workspace.path_min_length]
description = "Minimum workspace path length"
value = 1

[workspace.path_max_length]
description = "Maximum workspace path length"
value = 255

# ============================================================================
# SECURITY CONSTRAINTS
# ============================================================================

[security.password_min_length]
description = "Password minimum length for local auth"
max = 128
min = 8

[security.encryption_key_length]
description = "Encryption key length in bytes"
max = 64
min = 16

[security.rate_limit_lockout_minutes]
description = "Account lockout duration after max attempts (minutes)"
max = 60
min = 5

# ============================================================================
# BATCH WORKFLOW CONSTRAINTS
# ============================================================================

[batch_workflow.max_tasks_per_batch]
description = "Maximum tasks per batch workflow"
max = 1000
min = 1

[batch_workflow.max_parallel_operations]
description = "Maximum parallel operations in batch"
max = 100
min = 1

[batch_workflow.checkpoint_interval]
description = "Checkpoint interval in task count"
max = 1000
min = 1

[batch_workflow.max_checkpoints]
description = "Maximum checkpoints to retain per batch"
max = 100
min = 1

# ============================================================================
# VAULT SERVICE CONSTRAINTS
# ============================================================================

[vault_service.port]
description = "Vault service port number"
max = 65535
min = 1024

[vault_service.ha_enabled]
description = "High availability mode for enterprise deployments"

[vault_service.tls_verify]
description = "TLS certificate verification enabled"

# ============================================================================
# EXTENSION REGISTRY CONSTRAINTS
# ============================================================================

[registry.workers]
description = "Extension registry worker thread count"
max = 32
min = 1

[registry.cache_capacity]
description = "Cache capacity in number of entries"
max = 100000
min = 10

[registry.cache_ttl]
description = "Cache TTL in seconds (30s-1hr)"
max = 3600
min = 30

[registry.server_port]
description = "Extension registry server port"
max = 65535
min = 1024

# ============================================================================
# RAG SYSTEM CONSTRAINTS
# ============================================================================

[rag.embedding_dimensions]
allowed = [384, 768, 1536, 3072]
description = "Valid embedding vector dimensions"

[rag.chunk_size]
description = "Document chunk size in characters"
max = 4096
min = 128

[rag.chunk_overlap]
description = "Overlap between chunks in characters"
max = 1024
min = 0

[rag.top_k]
description = "Number of top results to retrieve"
max = 100
min = 1

[rag.similarity_threshold]
description = "Minimum similarity score (0.0-1.0)"
max = 1.0
min = 0.0

[rag.batch_size]
description = "Batch size for embedding operations"
max = 500
min = 1

# ============================================================================
# AI SERVICE CONSTRAINTS
# ============================================================================

[ai_service.workers]
description = "AI service worker thread count"
max = 32
min = 1

[ai_service.server_port]
description = "AI service server port"
max = 65535
min = 1024

[ai_service.max_concurrent_tasks]
description = "Maximum concurrent DAG task executions"
max = 100
min = 1

[ai_service.task_timeout]
description = "Task timeout in milliseconds (10s-1hr)"
max = 3600000
min = 10000

[ai_service.rag_timeout]
description = "RAG service call timeout in milliseconds (5s-10min)"
max = 600000
min = 5000

[ai_service.mcp_timeout]
description = "MCP service call timeout in milliseconds (5s-10min)"
max = 600000
min = 5000

# ============================================================================
# PROVISIONING DAEMON CONSTRAINTS
# ============================================================================

[daemon.poll_interval]
description = "Polling interval in seconds (5s-1hr)"
max = 3600
min = 5

[daemon.max_workers]
description = "Maximum worker threads for daemon operations"
max = 32
min = 1

[daemon.max_age]
description = "Maximum age for daemon state data in seconds (1hr-7days)"
max = 604800
min = 3600

[daemon.health_check_interval]
description = "Health check interval in seconds (10s-5min)"
max = 300
min = 10