provisioning/schemas/platform/deployment/enterprise.ncl

# Enterprise Mode Schema
# Production-grade deployment with high availability, compliance, and extensive operations
# Resources: 16+ CPU, 32+ GB RAM, 500GB+ disk with HA setup

{
  EnterpriseModeConfig = {
    # Deployment mode identifier
    mode  | String = 'enterprise,

    # Resource allocation (distributed across replicas)
    resources = {
      cpu_cores | String,
      memory_mb | String,
      disk_gb | String,
      max_connections | String | optional,
    },

    # Service enablement (fully featured)
    services = {
      orchestrator = {
        enabled | String,
        storage_backend | String,
        workers | String | optional,
        queue_max_concurrent_tasks | String | optional,
        batch_parallel_limit | Number | optional,
        multi_workspace_enabled | String | optional,
        high_availability | String,
      },
      control_center = {
        enabled | String,
        database | String,
        high_availability | String,
        audit_logging | String,
        policy_caching_enabled | String | optional,
      },
      mcp_server = {
        enabled | String,
        protocol | String | optional,
        max_concurrent_tools | String | optional,
        caching_enabled | String | optional,
        replication_enabled | String | optional,
      },
      installer = {
        enabled | String | optional,
      },
      prometheus = {
        enabled | String,
        port | Number | optional,
        retention_days | Number | optional,
      },
      grafana = {
        enabled | String,
        port | Number | optional,
      },
      loki = {
        enabled | String,
        retention_days | Number | optional,
      },
      harbor = {
        enabled | String | optional,
        registry_url | String | optional,
      },
      postgresql = {
        enabled | String,
        replicas | String | optional,
        backup_enabled | String | optional,
        backup_schedule | String | optional,
      },
    },

    # High Availability (required)
    ha = {
      enabled | String,
      replicas | String,
      min_replicas | String | optional,
      max_replicas | String | optional,
      load_balancer | String,
      service_mesh | String | optional,
      database_replication | String | optional,
      backup_enabled | String,
      backup_schedule | String | optional,
      disaster_recovery_enabled | String | optional,
    },

    # Security configuration (comprehensive)
    security = {
      auto_generate_secrets | String,
      kms_backend | String,
      audit_logging | String,
      audit_log_retention_days | Number | optional,
      tls_enabled | String,
      tls_certificate_provider | String | optional,
      rbac_enabled | String,
      rbac_hierarchy | String | optional,
      mfa_enabled | String,
      mfa_method | String | optional,
      mfa_required_for_admin | String | optional,
      session_timeout | Number | optional,
      password_policy_enforced | String | optional,
      api_rate_limiting_enabled | String | optional,
    },

    # Compliance and governance
    compliance = {
      enabled | String,
      framework | String,
      data_retention_years | String | optional,
      encryption_at_rest | String,
      encryption_in_transit | String,
      field_level_encryption | String | optional,
      audit_trail_enabled | String,
      anonymization_enabled | String | optional,
    },

    # Multi-tenancy (optional)
    multi_tenancy = {
      enabled | String | optional,
      tenant_isolation | String | optional,
      tenant_limits_enabled | String | optional,
    },

    # Disaster recovery
    disaster_recovery = {
      enabled | String,
      rto_minutes | Number | optional,
      rpo_minutes | Number | optional,
      backup_location | String,
      cross_region_backup | String | optional,
    },

    # User and access management
    users = {
      ldap_enabled | String | optional,
      ldap_server_url | String | optional,
      oauth2_enabled | String | optional,
      oauth2_provider | String | optional,
      saml_enabled | String | optional,
      saml_idp_url | String | optional,
      max_active_sessions | String | optional,
      password_expiration_days | Number | optional,
      inactive_session_timeout | Number | optional,
    },

    # Networking (enterprise-grade)
    networking = {
      bind_localhost_only | String,
      expose_services | String,
      load_balancer | String,
      allowed_origins | Array String | optional,
      cors_enabled | String | optional,
      waf_enabled | String | optional,
      ddos_protection_enabled | String | optional,
      vpc_enabled | String | optional,
      network_segmentation | String | optional,
    },

    # Monitoring and observability (comprehensive)
    monitoring = {
      enabled | String,
      metrics_enabled | String,
      metrics_scrape_interval_seconds | Number | optional,
      metrics_retention_days | Number | optional,
      health_checks_enabled | String,
      health_check_interval_seconds | Number | optional,
      logging_level | String | optional,
      distributed_tracing_enabled | String,
      alerting_enabled | String | optional,
      alert_channels | Array String | optional,
      performance_profiling | String | optional,
      resource_usage_monitoring | String | optional,
    },

    # Support and operations
    operations = {
      support_level | String | optional,
      sla_enabled | String | optional,
      sla_uptime_percentage | Number | optional,
      incident_response_enabled | String | optional,
      runbook_enabled | String | optional,
      on_call_rotation_enabled | String | optional,
    },

    # Performance and optimization (production-ready)
    performance = {
      cache_enabled | String,
      cache_ttl_seconds | Number | optional,
      cache_size_mb | String | optional,
      batch_size | Number | optional,
      connection_pooling_enabled | String | optional,
      query_caching_enabled | String | optional,
    },
  },
}
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`# Enterprise Mode Schema`
			`# Production-grade deployment with high availability, compliance, and extensive operations`
			`# Resources: 16+ CPU, 32+ GB RAM, 500GB+ disk with HA setup`

			`{`
			`EnterpriseModeConfig = {`
			`# Deployment mode identifier`
			`mode \| String = 'enterprise,`

			`# Resource allocation (distributed across replicas)`
			`resources = {`
			`cpu_cores \| String,`
			`memory_mb \| String,`
			`disk_gb \| String,`
			`max_connections \| String \| optional,`
			`},`

			`# Service enablement (fully featured)`
			`services = {`
			`orchestrator = {`
			`enabled \| String,`
			`storage_backend \| String,`
			`workers \| String \| optional,`
			`queue_max_concurrent_tasks \| String \| optional,`
			`batch_parallel_limit \| Number \| optional,`
			`multi_workspace_enabled \| String \| optional,`
			`high_availability \| String,`
			`},`
			`control_center = {`
			`enabled \| String,`
			`database \| String,`
			`high_availability \| String,`
			`audit_logging \| String,`
			`policy_caching_enabled \| String \| optional,`
			`},`
			`mcp_server = {`
			`enabled \| String,`
			`protocol \| String \| optional,`
			`max_concurrent_tools \| String \| optional,`
			`caching_enabled \| String \| optional,`
			`replication_enabled \| String \| optional,`
			`},`
			`installer = {`
			`enabled \| String \| optional,`
			`},`
			`prometheus = {`
			`enabled \| String,`
			`port \| Number \| optional,`
			`retention_days \| Number \| optional,`
			`},`
			`grafana = {`
			`enabled \| String,`
			`port \| Number \| optional,`
			`},`
			`loki = {`
			`enabled \| String,`
			`retention_days \| Number \| optional,`
			`},`
			`harbor = {`
			`enabled \| String \| optional,`
			`registry_url \| String \| optional,`
			`},`
			`postgresql = {`
			`enabled \| String,`
			`replicas \| String \| optional,`
			`backup_enabled \| String \| optional,`
			`backup_schedule \| String \| optional,`
			`},`
			`},`

			`# High Availability (required)`
			`ha = {`
			`enabled \| String,`
			`replicas \| String,`
			`min_replicas \| String \| optional,`
			`max_replicas \| String \| optional,`
			`load_balancer \| String,`
			`service_mesh \| String \| optional,`
			`database_replication \| String \| optional,`
			`backup_enabled \| String,`
			`backup_schedule \| String \| optional,`
			`disaster_recovery_enabled \| String \| optional,`
			`},`

			`# Security configuration (comprehensive)`
			`security = {`
			`auto_generate_secrets \| String,`
			`kms_backend \| String,`
			`audit_logging \| String,`
			`audit_log_retention_days \| Number \| optional,`
			`tls_enabled \| String,`
			`tls_certificate_provider \| String \| optional,`
			`rbac_enabled \| String,`
			`rbac_hierarchy \| String \| optional,`
			`mfa_enabled \| String,`
			`mfa_method \| String \| optional,`
			`mfa_required_for_admin \| String \| optional,`
			`session_timeout \| Number \| optional,`
			`password_policy_enforced \| String \| optional,`
			`api_rate_limiting_enabled \| String \| optional,`
			`},`

			`# Compliance and governance`
			`compliance = {`
			`enabled \| String,`
			`framework \| String,`
			`data_retention_years \| String \| optional,`
			`encryption_at_rest \| String,`
			`encryption_in_transit \| String,`
			`field_level_encryption \| String \| optional,`
			`audit_trail_enabled \| String,`
			`anonymization_enabled \| String \| optional,`
			`},`

			`# Multi-tenancy (optional)`
			`multi_tenancy = {`
			`enabled \| String \| optional,`
			`tenant_isolation \| String \| optional,`
			`tenant_limits_enabled \| String \| optional,`
			`},`

			`# Disaster recovery`
			`disaster_recovery = {`
			`enabled \| String,`
			`rto_minutes \| Number \| optional,`
			`rpo_minutes \| Number \| optional,`
			`backup_location \| String,`
			`cross_region_backup \| String \| optional,`
			`},`

			`# User and access management`
			`users = {`
			`ldap_enabled \| String \| optional,`
			`ldap_server_url \| String \| optional,`
			`oauth2_enabled \| String \| optional,`
			`oauth2_provider \| String \| optional,`
			`saml_enabled \| String \| optional,`
			`saml_idp_url \| String \| optional,`
			`max_active_sessions \| String \| optional,`
			`password_expiration_days \| Number \| optional,`
			`inactive_session_timeout \| Number \| optional,`
			`},`

			`# Networking (enterprise-grade)`
			`networking = {`
			`bind_localhost_only \| String,`
			`expose_services \| String,`
			`load_balancer \| String,`
			`allowed_origins \| Array String \| optional,`
			`cors_enabled \| String \| optional,`
			`waf_enabled \| String \| optional,`
			`ddos_protection_enabled \| String \| optional,`
			`vpc_enabled \| String \| optional,`
			`network_segmentation \| String \| optional,`
			`},`

			`# Monitoring and observability (comprehensive)`
			`monitoring = {`
			`enabled \| String,`
			`metrics_enabled \| String,`
			`metrics_scrape_interval_seconds \| Number \| optional,`
			`metrics_retention_days \| Number \| optional,`
			`health_checks_enabled \| String,`
			`health_check_interval_seconds \| Number \| optional,`
			`logging_level \| String \| optional,`
			`distributed_tracing_enabled \| String,`
			`alerting_enabled \| String \| optional,`
			`alert_channels \| Array String \| optional,`
			`performance_profiling \| String \| optional,`
			`resource_usage_monitoring \| String \| optional,`
			`},`

			`# Support and operations`
			`operations = {`
			`support_level \| String \| optional,`
			`sla_enabled \| String \| optional,`
			`sla_uptime_percentage \| Number \| optional,`
			`incident_response_enabled \| String \| optional,`
			`runbook_enabled \| String \| optional,`
			`on_call_rotation_enabled \| String \| optional,`
			`},`

			`# Performance and optimization (production-ready)`
			`performance = {`
			`cache_enabled \| String,`
			`cache_ttl_seconds \| Number \| optional,`
			`cache_size_mb \| String \| optional,`
			`batch_size \| Number \| optional,`
			`connection_pooling_enabled \| String \| optional,`
			`query_caching_enabled \| String \| optional,`
			`},`
			`},`
			`}`