provisioning/CHANGELOG.md

# Provisioning Repository - Changes

---

## 2026-05-12 — nickel branch consolidation

### ADR-025 Amendments: Eager function-body parse (2026-04-17)

**Decision**: Nushell parses `use` statements inside function bodies at module-load time. Subprocess boundary is the only true lazy-load mechanism.

**Constraints added/amended**:

- `bash-wrapper-has-no-runner-reference` — now permits `provisioning-cli.nu` as transitional fallback
- `universal-fallback-is-transitional` — 22 unmapped commands are explicit migration debt;
  must be resolved before lazy-load architecture is considered complete
- `every-registry-command-has-thin-handler` — made directional (progress metric, not gate)

**Rejected approach**: Single-entry `provisioning-cli.nu` for hot paths — measured at 3.1s vs 0.08–0.15s
for thin handlers. All 15 dispatcher wrappers fire at module-load regardless of invoked command.

**Files**: `adrs/adr-025-unified-lazy-loading.ncl`

---

### Platform Services Documentation (2026-02-03)

**All 10 platform services documented** with endpoint catalogue and local setup guide.

**Services**:

| Service | Endpoints | Notes |
| ------- | --------- | ----- |
| vault | 8 | Transit encryption, dynamic secrets |
| registry | 6 | OCI extension distribution |
| control-center | 12 | RBAC, audit, compliance |
| rag | 5 | Vector search, document ingestion |
| ai-service | 7 | Model routing, DAG execution |
| mcp-server | 4 | AI-powered config tools |
| daemon | 3 | State sync, health aggregation |
| orchestrator | 8 | Workflow execution, checkpoints |
| detector | 4 | Anomaly detection, alerts |
| ui | 3 | Web control center frontend |

**Added**:

- `docs/src/operations/platform-services-inventory.md` — 50+ endpoints
- `docs/src/operations/local-services-setup.md` — build, config, troubleshooting
- `scripts/start-local-binaries.nu` — dependency-ordered service startup automation

---

### TypeDialog Migration (2026-01-09)

**`forminquire` fully replaced** by TOML-driven `typedialog` with TTY wrappers.

**New form registry** (`.typedialog/`):

- `core/forms/auth-login.toml`
- `core/forms/mfa-enroll.toml`
- `core/forms/setup-wizard.toml`
- `core/forms/infrastructure/server_delete_confirm.toml`
- `core/forms/infrastructure/cluster_delete_confirm.toml`
- `core/forms/infrastructure/taskserv_delete_confirm.toml`
- `core/forms/infrastructure/generic_delete_confirm.toml`
- `platform/forms/ai-service-form.toml` (with Nickel fragment composition)
- `platform/forms/control-center-form.toml`
- `platform/forms/extension-registry-form.toml`

**Documentation**: `.typedialog/README.md`, `platform/forms/README.md`, `platform/forms/fragments/README.md`

**Architecture doc**: `docs/src/architecture/config-loading-architecture.md`

---

### Nushell 0.110.0 Compatibility (2026-01-21)

- Fixed `try`/`catch` syntax across `.typedialog/platform/scripts/`, `bootstrap/install.nu`, example deploy scripts
- Updated `external.nu`, `paths.nu`, `export-toml.nu` for Nu 0.110.0 API changes
- Removed stale session reports from `.coder/`
- Relocated `nickel-installation-guide.md` into `docs/src/setup/`

---

## 2026-01-08 — Nickel IaC migration complete

**Repository**: provisioning (standalone, nickel branch)
**Changes**: Nickel IaC migration complete — Legacy KCL and config cleanup

---

## 📋 Summary

Complete migration to Nickel-based infrastructure-as-code with consolidated configuration strategy.
Legacy KCL schemas, deprecated config files, and redundant documentation removed.
New project structure with `.cargo/`, `.github/`, and schema-driven configuration system.

---

## 📁 Changes by Directory

### ✅ REMOVED (Legacy KCL Ecosystem)

- **config/** - Deprecated TOML configs (config.defaults.toml, kms.toml, plugins.toml, etc.)
- **config/cedar-policies/** - Legacy Cedar policies (moved to Nickel schemas)
- **config/templates/** - Old Jinja2 templates (replaced by Nickel generator/)
- **config/installer-examples/** - KCL-based examples
- **docs/src/** - Legacy documentation (full migration to provisioning/docs/src/)
- **kcl/** - Complete removal (all workspaces migrated to Nickel)
- **tools/kcl-packager.nu** - KCL packaging system

### ✅ ADDED (Nickel IaC & New Structure)

- **.cargo/** - Rust build configuration (clippy settings, rustfmt.toml)
- **.github/** - GitHub Actions CI/CD workflows
- **schemas/** - Nickel schema definitions (primary IaC format)
  - main.ncl, provider-aws.ncl, provider-local.ncl, provider-upcloud.ncl
  - Infrastructure, deployment, services, operations schemas
- **docs/src/architecture/adr/** - ADR updates for Nickel migration
  - adr-010-configuration-format-strategy.md
  - adr-011-nickel-migration.md
  - adr-012-nushell-nickel-plugin-cli-wrapper.md

### 📝 UPDATED (Core System)

- **provisioning/docs/src/** - Comprehensive product documentation
  - API reference, architecture, guides, operations, security, testing
  - Nickel configuration guide with examples
  - Migrated from legacy KCL documentation

- **core/** - Updated with Nickel integration
  - Scripts, plugins, CLI updated for Nickel schema parsing

- **justfiles/** - Added ci.just for Nickel-aware CI/CD
- **README.md** - Complete restructure for Nickel-first approach
- **.gitignore** - Updated to ignore Nickel build artifacts

---

## 📊 Change Statistics

| Category | Removed | Added | Modified |
| ---------- | --------- | ------- | ---------- |
| Configuration | 50+ | 10+ | 3 |
| Documentation | 150+ | 200+ | 40+ |
| Infrastructure | 1 (kcl/) | - | - |
| Plugins | 1 | - | 5+ |
| Build System | 5 | 8+ | 3 |
| **Total** | **~220 files** | **~250 files** | **50+ files** |

## ⚠️ Breaking Changes

1. **KCL Sunset**: All KCL infrastructure code removed. Migrate workspaces using `nickel-kcl-bridge` or rewrite directly in Nickel.
2. **Config Format**: TOML configuration files moved to schema-driven Nickel system. Legacy config loading deprecated.
3. **Documentation**: Old KCL/legacy docs removed. Use `provisioning/docs/` for current product documentation.
4. **Plugin System**: Updated to Nickel-aware plugin API. Legacy Nushell plugins require recompilation.

## 🔧 Migration Path

```bash
# For existing workspaces:
provisioning workspace migrate --from-kcl <workspace-name>

# For custom configs:
nickel eval --format json <your-config.ncl> | jq '.'
```

## ✨ Key Features

- **Type-Safe**: Nickel schemas eliminate silent config errors
- **Composable**: Modular infrastructure definitions with lazy evaluation
- **Documented**: Schema validation built-in, IDE support via LSP
- **Validated**: All imports pre-checked, circular dependencies prevented
- **Bridge Available**: `nickel-kcl-bridge` for gradual KCL→Nickel migration

---

## 📝 Implementation Details

### Nickel Schema System

- **Three-tier architecture**: infrastructure, operations, deployment
- **Lazy evaluation**: Efficient resource binding and composition
- **Record merging**: Clean override patterns without duplication
- **Type validation**: LSP-aware with IDE auto-completion
- **Generator system**: Nickel-based dynamic configuration at runtime

### Documentation Reorganization

- **provisioning/docs/src/** (200+ files) - Customer-facing product docs
- **docs/src/** (20-30 files) - Architecture and development guidelines
- **.coder/** - Session files and implementation records
- Separation of concerns: Product docs isolated from session artifacts

### CI/CD Integration

- GitHub Actions workflows for Rust, Nickel, Nushell
- Automated schema validation pre-commit
- Cross-platform testing (Linux, macOS)
- Build artifact caching for fast iteration

---

## ⚠️ Compatibility Notes

**Breaking**: KCL workspaces require migration to Nickel. Use schema-aware tooling for validation.

**Migration support**: `nickel-kcl-bridge` tool and guides available in `provisioning/docs/src/development/`.

**Legacy configs**: Old TOML files no longer loaded. Migrate to Nickel schema format via CLI tool.

---

**Status**: Nickel migration complete. System is production-ready.
**Date**: 2026-01-08
**Branch**: nickel

---

*Last updated: 2026-05-12*