chore: update defs

.cargo/audit.toml

@@ -18,7 +18,7 @@ deny = ["unmaintained", "unsound", "yanked"]
 # Specific vulnerability IDs to ignore (in case of false positives)
 # You can use: https://rustsec.org/
 ignore = [
-    # Example: { id = "RUSTSEC-2023-XXXX", reason = "Not applicable to our use case" }
+  # Example: { id = "RUSTSEC-2023-XXXX", reason = "Not applicable to our use case" }
 ]
 
 # How to handle vulnerabilities based on severity

.cargo/config.toml

@@ -10,51 +10,51 @@ jobs = 4
 
 [profile.dev]
 # Development profile - fast compilation, debug info
-opt-level = 0
 debug = true
 debug-assertions = true
-overflow-checks = true
-lto = false
-panic = "unwind"
 incremental = true
+lto = false
+opt-level = 0
+overflow-checks = true
+panic = "unwind"
 
 [profile.release]
 # Release profile - slow compilation, optimized binary
-opt-level = 3
+codegen-units = 1
 debug = false
 debug-assertions = false
-overflow-checks = false
-lto = "thin"
-codegen-units = 1
-panic = "abort"
 incremental = false
+lto = "thin"
+opt-level = 3
+overflow-checks = false
+panic = "abort"
 strip = false
 
 [profile.test]
 # Test profile - inherits from dev but can be optimized
-opt-level = 1
 debug = true
 debug-assertions = true
-overflow-checks = true
-lto = false
 incremental = true
+lto = false
+opt-level = 1
+overflow-checks = true
 
 [profile.bench]
 # Benchmark profile - same as release
-opt-level = 3
+codegen-units = 1
 debug = false
 debug-assertions = false
-overflow-checks = false
-lto = "thin"
-codegen-units = 1
 incremental = false
+lto = "thin"
+opt-level = 3
+overflow-checks = false
 
 [term]
 # Terminal colors
 color = "auto"
-verbose = false
 progress.when = "auto"
 progress.width = 80
+verbose = false
 
 [net]
 # Network settings
@@ -68,5 +68,5 @@ offline = false
 # Custom cargo commands
 build-all = "build --all-targets"
 check-all = "check --all-targets --all-features"
-test-all = "test --all-features --workspace"
 doc-all = "doc --all-features --no-deps --open"
+test-all = "test --all-features --workspace"

.clippy.toml

@@ -3,8 +3,8 @@
 
 # Lint level thresholds
 cognitive-complexity-threshold = 25
-type-complexity-threshold = 500
 excessive-nesting-threshold = 5
+type-complexity-threshold = 500
 
 # Allowed patterns (prevent lints on specific code)
 # allow-expect-in-tests = true

.rustfmt.toml

@@ -4,19 +4,19 @@
 
 # Basic formatting options
 edition = "2021"
-max_width = 100
 hard_tabs = false
-tab_spaces = 4
+max_width = 100
 newline_style = "Unix"
+tab_spaces = 4
 
 # Code structure
 use_small_heuristics = "Default"
 
 # Imports
+group_imports = "StdExternalCrate"
+remove_nested_parens = true
 reorder_imports = true
 reorder_modules = true
-remove_nested_parens = true
-group_imports = "StdExternalCrate"
 
 # Match expressions
 match_block_trailing_comma = false
@@ -26,28 +26,28 @@ chain_width = 60
 
 # Comment formatting (nightly)
 comment_width = 80
-wrap_comments = true
 normalize_comments = true
 normalize_doc_attributes = true
+wrap_comments = true
 
 # Spaces and indentation (nightly)
-fn_single_line = false
 fn_params_layout = "Tall"
+fn_single_line = false
 where_single_line = false
 
 # Formatting (nightly)
-format_strings = true
 format_code_in_doc_comments = false
+format_strings = true
 
 # Spaces (nightly)
-space_before_colon = false
 space_after_colon = true
+space_before_colon = false
 spaces_around_ranges = false
 
 # Line breaks (nightly)
-match_arm_blocks = true
 blank_lines_lower_bound = 0
 blank_lines_upper_bound = 1
+match_arm_blocks = true
 
 # Enable nightly features
 unstable_features = true

deny.toml

@@ -6,22 +6,22 @@ db-path = "~/.cargo/advisory-db"
 db-urls = ["https://github.com/rustsec/advisory-db"]
 
 [licenses]
-unlicensed = "deny"
 allow = [
-    "MIT",
-    "MIT-0",
-    "Apache-2.0",
-    "Apache-2.0 WITH LLVM-exception",
-    "BSD-2-Clause",
-    "BSD-3-Clause",
-    "ISC",
-    "Unicode-DFS-2016",
+  "MIT",
+  "MIT-0",
+  "Apache-2.0",
+  "Apache-2.0 WITH LLVM-exception",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "ISC",
+  "Unicode-DFS-2016",
 ]
+unlicensed = "deny"
 
 [bans]
 multiple-versions = "warn"
 
 [sources]
-unknown-registry = "deny"
-unknown-git = "deny"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+unknown-git = "deny"
+unknown-registry = "deny"

docs/book.toml

@@ -1,10 +1,10 @@
 [book]
-title = "Provisioning Platform Documentation"
 authors = ["Provisioning Platform Team"]
 description = "Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust"
 language = "en"
 multilingual = false
 src = "src"
+title = "Provisioning Platform Documentation"
 
 [build]
 build-dir = "book"
@@ -15,56 +15,56 @@ create-missing = true
 
 [output.html]
 # theme = "theme"  # Commented out - using default mdbook theme
-default-theme = "ayu"
-preferred-dark-theme = "navy"
-smart-punctuation = true  # Renamed from curly-quotes
-mathjax-support = false
-copy-fonts = true
-no-section-label = false
-git-repository-url = "https://github.com/provisioning/provisioning-platform"
-git-repository-icon = "fa-github"
-edit-url-template = "https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/{path}"
-site-url = "/docs/"
 cname = "docs.provisioning.local"
+copy-fonts = true
+default-theme = "ayu"
+edit-url-template = "https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/{path}"
+git-repository-icon = "fa-github"
+git-repository-url = "https://github.com/provisioning/provisioning-platform"
+mathjax-support = false
+no-section-label = false
+preferred-dark-theme = "navy"
+site-url = "/docs/"
+smart-punctuation = true                                                                                       # Renamed from curly-quotes
 # input-404 = "404.md"  # Commented out - 404.md not created yet
 
-[output.html.print]
-enable = true
+  [output.html.print]
+  enable = true
 
-[output.html.fold]
-enable = true
-level = 1
+  [output.html.fold]
+  enable = true
+  level = 1
 
-[output.html.playground]
-editable = false
-copyable = true
-copy-js = true
-line-numbers = true
-runnable = false
+  [output.html.playground]
+  copy-js = true
+  copyable = true
+  editable = false
+  line-numbers = true
+  runnable = false
 
-[output.html.search]
-enable = true
-limit-results = 30
-teaser-word-count = 30
-use-boolean-and = true
-boost-title = 2
-boost-hierarchy = 1
-boost-paragraph = 1
-expand = true
-heading-split-level = 3
+  [output.html.search]
+  boost-hierarchy = 1
+  boost-paragraph = 1
+  boost-title = 2
+  enable = true
+  expand = true
+  heading-split-level = 3
+  limit-results = 30
+  teaser-word-count = 30
+  use-boolean-and = true
 
-[output.html.code.highlightjs]
-additional-languages = ["nushell", "toml", "yaml", "bash", "rust", "kcl"]
+  [output.html.code.highlightjs]
+  additional-languages = ["nushell", "toml", "yaml", "bash", "rust", "kcl"]
 
-[output.html.code]
-hidelines = {}
+  [output.html.code]
+  hidelines = {}
 
-[[output.html.code.highlightjs.theme]]
-light = "ayu-light"
-dark = "ayu-dark"
+    [[output.html.code.highlightjs.theme]]
+    dark = "ayu-dark"
+    light = "ayu-light"
 
-[output.html.redirect]
-# Add redirects for moved pages if needed
+  [output.html.redirect]
+  # Add redirects for moved pages if needed
 
 [rust]
 edition = "2021"

docs/src/development/examples/quick-start/local-development/config.toml

@@ -13,41 +13,41 @@ kloud = "."
 
 [debug]
 # Enable debug mode for learning and troubleshooting
+check = false
 enabled = true
 log_level = "debug"
 metadata = true
-check = false
-remote = false
 no_terminal = false
+remote = false
 
 [output]
 # Human-readable output formats for learning
-format = "yaml"
 file_viewer = "less"
+format = "yaml"
 
 # Provider configuration for local development
 [providers]
 default = "local"
 
-[providers.local]
-# Local provider settings
-interface = "CLI"
-container_runtime = "docker"  # or "podman"
-network_driver = "bridge"
+  [providers.local]
+  # Local provider settings
+  container_runtime = "docker" # or "podman"
+  interface = "CLI"
+  network_driver = "bridge"
 
-# Local development network settings
-network_cidr = "192.168.100.0/24"
-enable_port_forwarding = true
+  # Local development network settings
+  enable_port_forwarding = true
+  network_cidr = "192.168.100.0/24"
 
-# Resource limits for local development
-[providers.local.resource_limits]
-max_memory_per_server = "1GB"
-max_cpu_cores_per_server = 2
-max_storage_per_server = "20GB"
+    # Resource limits for local development
+    [providers.local.resource_limits]
+    max_cpu_cores_per_server = 2
+    max_memory_per_server = "1GB"
+    max_storage_per_server = "20GB"
 
 # SOPS configuration (simplified for local development)
 [sops]
-use_sops = false  # Disable encryption for local dev to keep things simple
+use_sops = false # Disable encryption for local dev to keep things simple
 # If you want to practice with SOPS locally, set to true and configure keys
 
 # Development-specific settings
@@ -57,18 +57,18 @@ auto_approve = true
 
 # Cleanup settings
 cleanup_on_error = true
-cleanup_on_shutdown = false  # Keep resources between sessions
+cleanup_on_shutdown = false # Keep resources between sessions
 
 # Development helper settings
+debug_on_error = true
 enable_dev_mode = true
 verbose_logging = true
-debug_on_error = true
 
 # Cache settings for development
 [cache]
-enabled = false  # Disable caching for development to see real-time changes
-path = "./.provisioning-cache"
+enabled = false                # Disable caching for development to see real-time changes
 max_size = "100MB"
+path = "./.provisioning-cache"
 
 # Task service runtime paths
 [taskservs]
@@ -79,8 +79,8 @@ run_path = "./run/clusters"
 
 # Generation settings
 [generation]
-dir_path = "./generated"
 defs_file = "defs.toml"
+dir_path = "./generated"
 
 # Local development notifications (disabled for quiet operation)
 [notifications]
@@ -94,41 +94,41 @@ use_tera_plugin = true
 
 # Environment overrides for development
 [environments.development]
+auto_approve = true
 debug.enabled = true
 debug.log_level = "debug"
 providers.default = "local"
-auto_approve = true
 
 # Validation settings for development
 [validation]
-strict_mode = false  # Relaxed validation for learning
-warn_on_missing = true
 fail_on_error = false
+strict_mode = false    # Relaxed validation for learning
+warn_on_missing = true
 
 # Development-specific limits and quotas
 [limits]
+max_concurrent_operations = 2
 max_servers = 5
 max_services_per_server = 10
-max_concurrent_operations = 2
 timeout_seconds = 300
 
 # Local development extensions
 [extensions]
-path = ""
 mode = "development"
+path = ""
 profile = "learning"
 
 # Security settings (relaxed for local development)
 [security]
-require_confirmation = false  # Speed up development workflow
-strict_validation = false
 log_sensitive_data = false
+require_confirmation = false # Speed up development workflow
+strict_validation = false
 
 # Performance settings for local development
 [performance]
-parallel_operations = 2  # Limit parallelism for local resources
 cache_enabled = false
-timeout_multiplier = 1.5  # Give more time for local operations
+parallel_operations = 2  # Limit parallelism for local resources
+timeout_multiplier = 1.5 # Give more time for local operations
 
 # Local development specific configurations
 [local_dev]
@@ -139,67 +139,67 @@ auto_cleanup_age = "7d"
 enable_aliases = true
 enable_shortcuts = true
 
-# Port ranges for development services
-[local_dev.port_ranges]
-web = "8000-8999"
-api = "9000-9999"
-database = "5000-5999"
-cache = "6000-6999"
+  # Port ranges for development services
+  [local_dev.port_ranges]
+  api = "9000-9999"
+  cache = "6000-6999"
+  database = "5000-5999"
+  web = "8000-8999"
 
-# Development database settings
-[local_dev.database_defaults]
-auto_create_dev_db = true
-enable_query_logging = true
-relaxed_security = true  # WARNING: Only for local development!
+  # Development database settings
+  [local_dev.database_defaults]
+  auto_create_dev_db = true
+  enable_query_logging = true
+  relaxed_security = true     # WARNING: Only for local development!
 
 # Container settings for local development
 [containers]
-auto_remove = true  # Clean up containers automatically
+auto_remove = true       # Clean up containers automatically
 enable_debug_mode = true
-mount_source_code = true  # Mount local directories for development
+mount_source_code = true # Mount local directories for development
 
 # Network settings for local development
 [network]
-enable_host_networking = true  # Allow easy access from host
 auto_assign_ports = true
+enable_host_networking = true   # Allow easy access from host
 enable_service_discovery = true
 
 # Monitoring settings (lightweight for local development)
 [monitoring]
+enable_alerts = false    # No alerts needed for local development
 enabled = true
-retention_period = "24h"  # Short retention for local dev
 metrics_interval = "30s"
-enable_alerts = false  # No alerts needed for local development
+retention_period = "24h" # Short retention for local dev
 
 # Backup settings for local development
 [backup]
-enabled = false  # No backups needed for disposable local environment
 auto_backup = false
+enabled = false     # No backups needed for disposable local environment
 
 # Integration settings
 [integration]
 # Enable integrations useful for development
 enable_git_hooks = false
-enable_ide_integration = true
 enable_hot_reload = true
+enable_ide_integration = true
 
 # Learning and documentation helpers
 [learning]
+enable_interactive_help = true
+include_examples = true
 show_helpful_tips = true
 verbose_explanations = true
-include_examples = true
-enable_interactive_help = true
 
 # Example-specific metadata
 [example]
-name = "local-development"
 description = "Basic local development environment setup"
 difficulty = "beginner"
 estimated_time = "15-30 minutes"
-requirements = ["docker", "4GB RAM", "10GB disk"]
 learning_objectives = [
-    "Understanding basic provisioning concepts",
-    "Setting up local infrastructure",
-    "Managing servers and services",
-    "Using the provisioning CLI"
+  "Understanding basic provisioning concepts",
+  "Setting up local infrastructure",
+  "Managing servers and services",
+  "Using the provisioning CLI",
 ]
+name = "local-development"
+requirements = ["docker", "4GB RAM", "10GB disk"]

examples/workspaces/cost-optimized/config.toml

@@ -2,174 +2,174 @@
 # Multi-provider cost optimization using provider specialization
 
 [workspace]
-name = "cost-optimized"
-environment = "production"
-owner = "platform-team"
 description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"
+environment = "production"
+name = "cost-optimized"
+owner = "platform-team"
 
 # Hetzner Configuration - Compute Tier (Best price/performance)
 [providers.hetzner]
-enabled = true
-token_env = "HCLOUD_TOKEN"
-default_location = "nbg1"
 default_datacenter = "nbg1-dc8"
+default_location = "nbg1"
+enabled = true
 provider_type = "primary_compute"
+token_env = "HCLOUD_TOKEN"
 
-[providers.hetzner.settings]
-enable_automount = false
-default_volume_format = "ext4"
-server_type_default = "cpx21"
-region_name = "eu-central"
+  [providers.hetzner.settings]
+  default_volume_format = "ext4"
+  enable_automount = false
+  region_name = "eu-central"
+  server_type_default = "cpx21"
 
 # AWS Configuration - Managed Services
 [providers.aws]
-enabled = true
-region = "us-east-1"
 access_key_env = "AWS_ACCESS_KEY_ID"
-secret_key_env = "AWS_SECRET_ACCESS_KEY"
+enabled = true
 provider_type = "managed_services"
+region = "us-east-1"
+secret_key_env = "AWS_SECRET_ACCESS_KEY"
 
-[providers.aws.settings]
-multi_az = true
-backup_retention_days = 30
-enable_performance_insights = true
-enable_enhanced_monitoring = true
-region_name = "us-east"
+  [providers.aws.settings]
+  backup_retention_days = 30
+  enable_enhanced_monitoring = true
+  enable_performance_insights = true
+  multi_az = true
+  region_name = "us-east"
 
 # DigitalOcean Configuration - CDN and Storage
 [providers.digitalocean]
-enabled = true
-token_env = "DIGITALOCEAN_TOKEN"
 default_region = "nyc3"
+enabled = true
 provider_type = "cdn_and_storage"
+token_env = "DIGITALOCEAN_TOKEN"
 
-[providers.digitalocean.settings]
-enable_monitoring = true
-enable_backups = false
-spaces_region = "nyc3"
-region_name = "us-east-cdn"
+  [providers.digitalocean.settings]
+  enable_backups = false
+  enable_monitoring = true
+  region_name = "us-east-cdn"
+  spaces_region = "nyc3"
 
 # Cost Tracking and Budgets
 [cost_tracking]
+budget_alert_threshold = 280
 enabled = true
 monthly_budget = 300
-budget_alert_threshold = 280
 
-[cost_tracking.regional_budgets]
-hetzner = 75
-aws = 120
-digitalocean = 65
+  [cost_tracking.regional_budgets]
+  aws = 120
+  digitalocean = 65
+  hetzner = 75
 
-[cost_tracking.optimization_targets]
-hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
-aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
-digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"
+  [cost_tracking.optimization_targets]
+  aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
+  digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"
+  hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
 
 # Deployment Configuration
 [deployment]
-strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
-rollback_on_failure = true
 order = ["hetzner", "aws", "digitalocean"]
+rollback_on_failure = true
+strategy = "rolling"
 
 # Networking Configuration
 [networking]
 enable_vpn_tunnels = true
-vpn_protocol = "ipsec"
-vpn_encryption = "aes-256"
 vpn_authentication = "sha256"
+vpn_encryption = "aes-256"
+vpn_protocol = "ipsec"
 
-[networking.cidr_blocks]
-hetzner = "10.0.0.0/16"
-aws = "10.1.0.0/16"
+  [networking.cidr_blocks]
+  aws = "10.1.0.0/16"
+  hetzner = "10.0.0.0/16"
 
 # Monitoring and Alerting
 [monitoring]
+alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
-alert_on_threshold_exceeded = true
 
-[monitoring.thresholds]
-cpu = 80
-memory = 85
-disk = 90
-queue_depth = 1000
+  [monitoring.thresholds]
+  cpu = 80
+  disk = 90
+  memory = 85
+  queue_depth = 1000
 
-[monitoring.critical_alerts]
-database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
-queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
-cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }
+  [monitoring.critical_alerts]
+  cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }
+  database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
+  queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
 
 # Backup Configuration
 [backup]
+compression = true
 enabled = true
+encryption = true
 frequency = "daily"
 retention_days = 30
-compression = true
-encryption = true
 
-[backup.strategies]
-rds = "AWS managed, 30-day retention"
-application = "Weekly Hetzner snapshots"
-cdn = "Weekly Spaces backups to secondary region"
+  [backup.strategies]
+  application = "Weekly Hetzner snapshots"
+  cdn = "Weekly Spaces backups to secondary region"
+  rds = "AWS managed, 30-day retention"
 
 # Performance Configuration
 [performance]
-enable_caching = true
 cache_ttl = 3600
 cdn_cache_ttl = 86400
+enable_caching = true
 
-[performance.optimization]
-database = "Use read replicas for read-heavy workloads"
-cache = "ElastiCache Redis for session and data caching"
-cdn = "Serve static assets from DigitalOcean CDN"
-queue = "SQS for async job processing"
+  [performance.optimization]
+  cache = "ElastiCache Redis for session and data caching"
+  cdn = "Serve static assets from DigitalOcean CDN"
+  database = "Use read replicas for read-heavy workloads"
+  queue = "SQS for async job processing"
 
 # Scaling Configuration
 [scaling]
 auto_scale_enabled = true
 
-[scaling.hetzner]
-min_instances = 2
-max_instances = 5
-scale_up_cpu_threshold = 80
-scale_down_cpu_threshold = 30
+  [scaling.hetzner]
+  max_instances = 5
+  min_instances = 2
+  scale_down_cpu_threshold = 30
+  scale_up_cpu_threshold = 80
 
-[scaling.aws]
-auto_scaling_enabled = false
-note = "RDS handles scaling automatically, SQS scales automatically"
+  [scaling.aws]
+  auto_scaling_enabled = false
+  note = "RDS handles scaling automatically, SQS scales automatically"
 
 # Security Configuration
 [security]
+backup_encryption = true
 enable_encryption = true
 enable_monitoring = true
-backup_encryption = true
 
-[security.vpn_tunnel]
-encryption_algorithm = "AES-256"
-authentication = "SHA256"
-dh_group = "Group 14"
-encryption_integrity = "enabled"
+  [security.vpn_tunnel]
+  authentication = "SHA256"
+  dh_group = "Group 14"
+  encryption_algorithm = "AES-256"
+  encryption_integrity = "enabled"
 
 # Application Settings
 [application]
 app_name = "cost-optimized-app"
 version = "1.0"
 
-[application.database]
-engine = "postgresql"
-version = "14.6"
-connection_pool = 20
-idle_timeout = 900
+  [application.database]
+  connection_pool = 20
+  engine = "postgresql"
+  idle_timeout = 900
+  version = "14.6"
 
-[application.cache]
-engine = "redis"
-version = "7.0"
-max_memory = "250MB"
-eviction_policy = "allkeys-lru"
+  [application.cache]
+  engine = "redis"
+  eviction_policy = "allkeys-lru"
+  max_memory = "250MB"
+  version = "7.0"
 
-[application.queue]
-max_message_size = 262144
-default_visibility_timeout = 300
-long_poll_interval = 20
+  [application.queue]
+  default_visibility_timeout = 300
+  long_poll_interval = 20
+  max_message_size = 262144

examples/workspaces/multi-provider-web-app/config.toml

@@ -2,81 +2,81 @@
 # Credentials and provider-specific settings
 
 [workspace]
-name = "multi-provider-web-app"
-environment = "production"
-owner = "platform-team"
 description = "Web application across DigitalOcean, AWS, and Hetzner"
+environment = "production"
+name = "multi-provider-web-app"
+owner = "platform-team"
 
 # DigitalOcean Configuration
 [providers.digitalocean]
+default_region = "nyc3"
 enabled = true
 token_env = "DIGITALOCEAN_TOKEN"
-default_region = "nyc3"
 
-[providers.digitalocean.settings]
-enable_monitoring = true
-enable_backups = true
-enable_ipv6 = true
+  [providers.digitalocean.settings]
+  enable_backups = true
+  enable_ipv6 = true
+  enable_monitoring = true
 
 # AWS Configuration
 [providers.aws]
+access_key_env = "AWS_ACCESS_KEY_ID"
 enabled = true
 region = "us-east-1"
-access_key_env = "AWS_ACCESS_KEY_ID"
 secret_key_env = "AWS_SECRET_ACCESS_KEY"
 
-[providers.aws.settings]
-multi_az = true
-backup_retention_days = 30
-enable_performance_insights = true
-enable_enhanced_monitoring = true
+  [providers.aws.settings]
+  backup_retention_days = 30
+  enable_enhanced_monitoring = true
+  enable_performance_insights = true
+  multi_az = true
 
 # Hetzner Configuration
 [providers.hetzner]
+default_datacenter = "nbg1-dc8"
+default_location = "nbg1"
 enabled = true
 token_env = "HCLOUD_TOKEN"
-default_location = "nbg1"
-default_datacenter = "nbg1-dc8"
 
-[providers.hetzner.settings]
-enable_automount = false
-default_volume_format = "ext4"
+  [providers.hetzner.settings]
+  default_volume_format = "ext4"
+  enable_automount = false
 
 # Deployment Settings
 [deployment]
-strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
 rollback_on_failure = true
+strategy = "rolling"
 
 # Monitoring Settings
 [monitoring]
+alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
-alert_on_threshold_exceeded = true
 
-[monitoring.thresholds]
-cpu = 80
-memory = 85
-disk = 90
-network = 1000
+  [monitoring.thresholds]
+  cpu = 80
+  disk = 90
+  memory = 85
+  network = 1000
 
 # Backup Settings
 [backup]
+compression = true
 enabled = true
+encryption = true
 frequency = "daily"
 retention_days = 30
-compression = true
-encryption = true
 
 # Network Settings
 [networking]
 enable_vpn_tunnels = true
-vpn_protocol = "ipsec"
 vpn_encryption = "aes-256"
+vpn_protocol = "ipsec"
 
 # Cost Tracking
 [cost_tracking]
-enabled = true
 budget_alert_threshold = 200
+enabled = true
 monthly_budget = 300

examples/workspaces/multi-region-ha/config.toml

@@ -2,150 +2,150 @@
 # Global deployment across 3 providers and 3 geographic regions
 
 [workspace]
-name = "multi-region-ha"
-environment = "production"
-owner = "platform-team"
 description = "High availability deployment across DigitalOcean (US), Hetzner (EU), and AWS (APAC)"
+environment = "production"
+name = "multi-region-ha"
+owner = "platform-team"
 
 # DigitalOcean Configuration - US East (Primary)
 [providers.digitalocean]
-enabled = true
-token_env = "DIGITALOCEAN_TOKEN"
 default_region = "nyc3"
+enabled = true
 region_name = "us-east"
+token_env = "DIGITALOCEAN_TOKEN"
 
-[providers.digitalocean.settings]
-enable_monitoring = true
-enable_backups = true
-enable_ipv6 = true
-failover_primary = true
+  [providers.digitalocean.settings]
+  enable_backups = true
+  enable_ipv6 = true
+  enable_monitoring = true
+  failover_primary = true
 
 # Hetzner Configuration - EU Central (Secondary)
 [providers.hetzner]
-enabled = true
-token_env = "HCLOUD_TOKEN"
-default_location = "nbg1"
 default_datacenter = "nbg1-dc8"
+default_location = "nbg1"
+enabled = true
 region_name = "eu-central"
+token_env = "HCLOUD_TOKEN"
 
-[providers.hetzner.settings]
-enable_automount = false
-default_volume_format = "ext4"
-failover_secondary = true
+  [providers.hetzner.settings]
+  default_volume_format = "ext4"
+  enable_automount = false
+  failover_secondary = true
 
 # AWS Configuration - Asia Pacific (Tertiary)
 [providers.aws]
+access_key_env = "AWS_ACCESS_KEY_ID"
 enabled = true
 region = "ap-southeast-1"
-access_key_env = "AWS_ACCESS_KEY_ID"
-secret_key_env = "AWS_SECRET_ACCESS_KEY"
 region_name = "asia-southeast"
+secret_key_env = "AWS_SECRET_ACCESS_KEY"
 
-[providers.aws.settings]
-multi_az = true
-backup_retention_days = 30
-enable_performance_insights = true
-failover_tertiary = true
+  [providers.aws.settings]
+  backup_retention_days = 30
+  enable_performance_insights = true
+  failover_tertiary = true
+  multi_az = true
 
 # Global DNS Configuration
 [dns]
-provider = "route53"
 domain = "api.example.com"
-ttl = 60
 health_check_interval = 30
+provider = "route53"
+ttl = 60
 
-# Regional DNS Records
-[dns.regions.us_east]
-subdomain = "us"
-endpoint = "us.api.example.com"
-health_check_path = "/health"
+  # Regional DNS Records
+  [dns.regions.us_east]
+  endpoint = "us.api.example.com"
+  health_check_path = "/health"
+  subdomain = "us"
 
-[dns.regions.eu_central]
-subdomain = "eu"
-endpoint = "eu.api.example.com"
-health_check_path = "/health"
+  [dns.regions.eu_central]
+  endpoint = "eu.api.example.com"
+  health_check_path = "/health"
+  subdomain = "eu"
 
-[dns.regions.asia_southeast]
-subdomain = "asia"
-endpoint = "asia.api.example.com"
-health_check_path = "/health"
+  [dns.regions.asia_southeast]
+  endpoint = "asia.api.example.com"
+  health_check_path = "/health"
+  subdomain = "asia"
 
 # Database Replication Configuration
 [database_replication]
+backup_retention_days = 30
+max_replication_slots = 5
+max_wal_senders = 5
 mode = "multi-master"
 primary_region = "us-east"
+replication_lag_tolerance_seconds = 300
 replication_method = "logical"
 wal_level = "logical"
-max_wal_senders = 5
-max_replication_slots = 5
-replication_lag_tolerance_seconds = 300
-backup_retention_days = 30
 
 # VPN and Networking
 [networking]
 enable_vpn_tunnels = true
-vpn_protocol = "ipsec"
-vpn_encryption = "aes-256"
 vpn_authentication = "sha256"
+vpn_encryption = "aes-256"
+vpn_protocol = "ipsec"
 
-[networking.vpn_tunnels]
-us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" }
-eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" }
-asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" }
+  [networking.vpn_tunnels]
+  asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" }
+  eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" }
+  us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" }
 
 # Deployment Settings
 [deployment]
-strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
-rollback_on_failure = true
 order = ["us-east", "eu-central", "asia-southeast"]
+rollback_on_failure = true
+strategy = "rolling"
 
 # Regional Monitoring Settings
 [monitoring]
+alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
-alert_on_threshold_exceeded = true
 
-[monitoring.thresholds]
-cpu = 80
-memory = 85
-disk = 90
-replication_lag = 600
+  [monitoring.thresholds]
+  cpu = 80
+  disk = 90
+  memory = 85
+  replication_lag = 600
 
-[monitoring.alerts]
-high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" }
-high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" }
-replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" }
-region_down = { condition = "health_check_failed", action = "failover", severity = "critical" }
+  [monitoring.alerts]
+  high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" }
+  high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" }
+  region_down = { condition = "health_check_failed", action = "failover", severity = "critical" }
+  replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" }
 
 # Backup and Disaster Recovery
 [backup]
+compression = true
 enabled = true
+encryption = true
 frequency = "daily"
 retention_days = 30
-compression = true
-encryption = true
 
-[backup.regions]
-us_east = { strategy = "automated", retention = "30 days" }
-eu_central = { strategy = "replica-backup", retention = "30 days" }
-asia_southeast = { strategy = "replica-backup", retention = "30 days" }
+  [backup.regions]
+  asia_southeast = { strategy = "replica-backup", retention = "30 days" }
+  eu_central = { strategy = "replica-backup", retention = "30 days" }
+  us_east = { strategy = "automated", retention = "30 days" }
 
 # Health Checks
 [health_checks]
-us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
-eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 asia_southeast = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
+eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
+us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 
 # Cost Tracking
 [cost_tracking]
-enabled = true
 budget_alert_threshold = 300
+enabled = true
 monthly_budget = 350
 
-[cost_tracking.regional_budgets]
-us_east = 102
-eu_central = 79
-asia_southeast = 130
-total_estimate = 311
+  [cost_tracking.regional_budgets]
+  asia_southeast = 130
+  eu_central = 79
+  total_estimate = 311
+  us_east = 102

generators/generate/defs.toml

@@ -1,15 +1,15 @@
 [[defs_values]]
-input_type = "text"
-numchar = 0
-msg = "Kloud title"
-var = "kloud_title"
 default_value = "$name"
+input_type = "text"
+msg = "Kloud title"
 not_empty = false
+numchar = 0
+var = "kloud_title"
 
 [[defs_values]]
-input_type = "text"
-numchar = 3
-msg = "Confirmar"
-var = "confirm"
 default_value = "yes"
+input_type = "text"
+msg = "Confirmar"
 not_empty = true
+numchar = 3
+var = "confirm"

schemas/platform/constraints/constraints.toml

@@ -8,325 +8,325 @@
 # ============================================================================
 
 [orchestrator.workers]
-min = 1
-max = 32
 description = "Workflow engine worker thread count"
+max = 32
+min = 1
 
 [orchestrator.queue.concurrent_tasks]
-min = 1
-max = 100
 description = "Maximum concurrent tasks in workflow queue"
+max = 100
+min = 1
 
 [orchestrator.queue.retry_attempts]
-min = 0
-max = 10
 description = "Retry attempts for failed tasks"
+max = 10
+min = 0
 
 [orchestrator.queue.retry_delay]
-min = 1000
-max = 60000
 description = "Delay between retries in milliseconds (1s-60s)"
+max = 60000
+min = 1000
 
 [orchestrator.queue.task_timeout]
-min = 60000
-max = 86400000
 description = "Task execution timeout in milliseconds (1min-24hrs)"
+max = 86400000
+min = 60000
 
 [orchestrator.batch.parallel_limit]
-min = 1
-max = 50
 description = "Batch workflow parallel operation limit"
+max = 50
+min = 1
 
 [orchestrator.batch.operation_timeout]
-min = 60000
-max = 3600000
 description = "Batch operation timeout in milliseconds (1min-1hr)"
+max = 3600000
+min = 60000
 
 [orchestrator.extensions.max_concurrent]
-min = 1
-max = 20
 description = "Max concurrent extension operations"
+max = 20
+min = 1
 
 # ============================================================================
 # CONTROL CENTER CONSTRAINTS
 # ============================================================================
 
 [control_center.jwt.token_expiration]
-min = 300
-max = 604800
 description = "JWT token expiration in seconds (5min-7days)"
+max = 604800
+min = 300
 
 [control_center.jwt.refresh_expiration]
-min = 3600
-max = 2592000
 description = "JWT refresh token expiration in seconds (1hr-30days)"
+max = 2592000
+min = 3600
 
 [control_center.rate_limiting.max_requests]
-min = 10
-max = 10000
 description = "Rate limiting max requests per window"
+max = 10000
+min = 10
 
 [control_center.rate_limiting.window_seconds]
-min = 1
-max = 3600
 description = "Rate limiting window in seconds"
+max = 3600
+min = 1
 
 [control_center.session.max_duration]
-min = 900
-max = 2592000
 description = "Session max duration in seconds (15min-30days)"
+max = 2592000
+min = 900
 
 [control_center.mfa.max_attempts]
-min = 1
-max = 10
 description = "MFA authentication max attempts before lockout"
+max = 10
+min = 1
 
 [control_center.audit.retention_days]
-min = 1
-max = 3650
 description = "Audit log retention in days (1-10 years)"
+max = 3650
+min = 1
 
 # ============================================================================
 # MCP SERVER CONSTRAINTS
 # ============================================================================
 
 [mcp_server.tools.max_concurrent]
-min = 1
-max = 20
 description = "Maximum concurrent tool executions"
+max = 20
+min = 1
 
 [mcp_server.tools.timeout]
-min = 5000
-max = 600000
 description = "Tool execution timeout in milliseconds (5s-10min)"
+max = 600000
+min = 5000
 
 [mcp_server.resources.max_size]
-min = 1048576
-max = 1073741824
 description = "Maximum resource size in bytes (1MB-1GB)"
+max = 1073741824
+min = 1048576
 
 [mcp_server.resources.cache_ttl]
-min = 60
-max = 3600
 description = "Resource cache TTL in seconds (1min-1hr)"
+max = 3600
+min = 60
 
 [mcp_server.prompts.max_templates]
-min = 1
-max = 100
 description = "Maximum custom prompt templates"
+max = 100
+min = 1
 
 [mcp_server.sampling.max_tokens]
-min = 100
-max = 100000
 description = "Max tokens for sampling operations"
+max = 100000
+min = 100
 
 # ============================================================================
 # COMMON CONSTRAINTS
 # ============================================================================
 
 [common.server.port]
-min = 1024
-max = 65535
 description = "Valid port range (avoid system ports < 1024)"
+max = 65535
+min = 1024
 
 [common.server.workers]
-min = 1
-max = 32
 description = "HTTP server worker thread count"
+max = 32
+min = 1
 
 [common.server.max_connections]
-min = 10
-max = 10000
 description = "Maximum concurrent HTTP connections"
+max = 10000
+min = 10
 
 [common.server.keep_alive]
-min = 0
-max = 600
 description = "HTTP keep-alive timeout in seconds (0=disabled)"
+max = 600
+min = 0
 
 [common.monitoring.metrics_interval]
-min = 10
-max = 300
 description = "Metrics collection interval in seconds (10s-5min)"
+max = 300
+min = 10
 
 [common.monitoring.health_check_interval]
-min = 5
-max = 300
 description = "Health check interval in seconds (5s-5min)"
+max = 300
+min = 5
 
 [common.monitoring.retention_days]
-min = 1
-max = 3650
 description = "Metrics retention in days (1-10 years)"
+max = 3650
+min = 1
 
 [common.logging.max_file_size]
-min = 1048576
-max = 1073741824
 description = "Max log file size in bytes (1MB-1GB)"
+max = 1073741824
+min = 1048576
 
 [common.logging.max_backups]
-min = 1
-max = 100
 description = "Maximum log file backups to retain"
+max = 100
+min = 1
 
 # ============================================================================
 # DEPLOYMENT MODE: SOLO
 # ============================================================================
 
 [deployment.solo.cpu]
-min = 2
-max = 4
 description = "Solo mode CPU cores (single developer)"
+max = 4
+min = 2
 
 [deployment.solo.memory_mb]
-min = 2048
-max = 8192
 description = "Solo mode memory allocation in MB (2GB-8GB)"
+max = 8192
+min = 2048
 
 [deployment.solo.disk_gb]
-min = 10
-max = 100
 description = "Solo mode disk allocation in GB (10GB-100GB)"
+max = 100
+min = 10
 
 # ============================================================================
 # DEPLOYMENT MODE: MULTIUSER
 # ============================================================================
 
 [deployment.multiuser.cpu]
-min = 4
-max = 8
 description = "Multi-user mode CPU cores (team servers)"
+max = 8
+min = 4
 
 [deployment.multiuser.memory_mb]
-min = 4096
-max = 16384
 description = "Multi-user mode memory allocation in MB (4GB-16GB)"
+max = 16384
+min = 4096
 
 [deployment.multiuser.disk_gb]
-min = 50
-max = 500
 description = "Multi-user mode disk allocation in GB (50GB-500GB)"
+max = 500
+min = 50
 
 [deployment.multiuser.postgres.max_connections]
-min = 20
-max = 200
 description = "PostgreSQL max connections for multi-user"
+max = 200
+min = 20
 
 # ============================================================================
 # DEPLOYMENT MODE: CI/CD
 # ============================================================================
 
 [deployment.cicd.cpu]
-min = 8
-max = 16
 description = "CI/CD mode CPU cores (pipeline servers)"
+max = 16
+min = 8
 
 [deployment.cicd.memory_mb]
-min = 8192
-max = 32768
 description = "CI/CD mode memory allocation in MB (8GB-32GB)"
+max = 32768
+min = 8192
 
 [deployment.cicd.disk_gb]
-min = 100
-max = 1000
 description = "CI/CD mode disk allocation in GB (100GB-1TB) - ephemeral"
+max = 1000
+min = 100
 
 # ============================================================================
 # DEPLOYMENT MODE: ENTERPRISE
 # ============================================================================
 
 [deployment.enterprise.cpu]
-min = 16
-max = 128
 description = "Enterprise mode CPU cores (production HA)"
+max = 128
+min = 16
 
 [deployment.enterprise.memory_mb]
-min = 32768
-max = 262144
 description = "Enterprise mode memory allocation in MB (32GB-256GB)"
+max = 262144
+min = 32768
 
 [deployment.enterprise.disk_gb]
-min = 500
-max = 10000
 description = "Enterprise mode disk allocation in GB (500GB-10TB)"
+max = 10000
+min = 500
 
 [deployment.enterprise.replicas]
-min = 3
-max = 10
 description = "Enterprise HA replica count (minimum 3 for quorum)"
+max = 10
+min = 3
 
 [deployment.enterprise.surrealdb.max_connections]
-min = 100
-max = 1000
 description = "SurrealDB cluster max connections for enterprise"
+max = 1000
+min = 100
 
 # ============================================================================
 # WORKSPACE CONSTRAINTS
 # ============================================================================
 
 [workspace.name]
-pattern = "^[a-z0-9_-]{1,64}$"
 description = "Workspace name: lowercase alphanumeric, underscore, hyphen, max 64 chars"
+pattern = "^[a-z0-9_-]{1,64}$"
 
 [workspace.path_min_length]
-value = 1
 description = "Minimum workspace path length"
+value = 1
 
 [workspace.path_max_length]
-value = 255
 description = "Maximum workspace path length"
+value = 255
 
 # ============================================================================
 # SECURITY CONSTRAINTS
 # ============================================================================
 
 [security.password_min_length]
-min = 8
-max = 128
 description = "Password minimum length for local auth"
+max = 128
+min = 8
 
 [security.encryption_key_length]
-min = 16
-max = 64
 description = "Encryption key length in bytes"
+max = 64
+min = 16
 
 [security.rate_limit_lockout_minutes]
-min = 5
-max = 60
 description = "Account lockout duration after max attempts (minutes)"
+max = 60
+min = 5
 
 # ============================================================================
 # BATCH WORKFLOW CONSTRAINTS
 # ============================================================================
 
 [batch_workflow.max_tasks_per_batch]
-min = 1
-max = 1000
 description = "Maximum tasks per batch workflow"
+max = 1000
+min = 1
 
 [batch_workflow.max_parallel_operations]
-min = 1
-max = 100
 description = "Maximum parallel operations in batch"
+max = 100
+min = 1
 
 [batch_workflow.checkpoint_interval]
-min = 1
-max = 1000
 description = "Checkpoint interval in task count"
+max = 1000
+min = 1
 
 [batch_workflow.max_checkpoints]
-min = 1
-max = 100
 description = "Maximum checkpoints to retain per batch"
+max = 100
+min = 1
 
 # ============================================================================
 # VAULT SERVICE CONSTRAINTS
 # ============================================================================
 
 [vault_service.port]
-min = 1024
-max = 65535
 description = "Vault service port number"
+max = 65535
+min = 1024
 
 [vault_service.ha_enabled]
 description = "High availability mode for enterprise deployments"
@@ -339,24 +339,24 @@ description = "TLS certificate verification enabled"
 # ============================================================================
 
 [registry.workers]
-min = 1
-max = 32
 description = "Extension registry worker thread count"
+max = 32
+min = 1
 
 [registry.cache_capacity]
-min = 10
-max = 100000
 description = "Cache capacity in number of entries"
+max = 100000
+min = 10
 
 [registry.cache_ttl]
-min = 30
-max = 3600
 description = "Cache TTL in seconds (30s-1hr)"
+max = 3600
+min = 30
 
 [registry.server_port]
-min = 1024
-max = 65535
 description = "Extension registry server port"
+max = 65535
+min = 1024
 
 # ============================================================================
 # RAG SYSTEM CONSTRAINTS
@@ -367,84 +367,84 @@ allowed = [384, 768, 1536, 3072]
 description = "Valid embedding vector dimensions"
 
 [rag.chunk_size]
-min = 128
-max = 4096
 description = "Document chunk size in characters"
+max = 4096
+min = 128
 
 [rag.chunk_overlap]
-min = 0
-max = 1024
 description = "Overlap between chunks in characters"
+max = 1024
+min = 0
 
 [rag.top_k]
-min = 1
-max = 100
 description = "Number of top results to retrieve"
+max = 100
+min = 1
 
 [rag.similarity_threshold]
-min = 0.0
-max = 1.0
 description = "Minimum similarity score (0.0-1.0)"
+max = 1.0
+min = 0.0
 
 [rag.batch_size]
-min = 1
-max = 500
 description = "Batch size for embedding operations"
+max = 500
+min = 1
 
 # ============================================================================
 # AI SERVICE CONSTRAINTS
 # ============================================================================
 
 [ai_service.workers]
-min = 1
-max = 32
 description = "AI service worker thread count"
+max = 32
+min = 1
 
 [ai_service.server_port]
-min = 1024
-max = 65535
 description = "AI service server port"
+max = 65535
+min = 1024
 
 [ai_service.max_concurrent_tasks]
-min = 1
-max = 100
 description = "Maximum concurrent DAG task executions"
+max = 100
+min = 1
 
 [ai_service.task_timeout]
-min = 10000
-max = 3600000
 description = "Task timeout in milliseconds (10s-1hr)"
+max = 3600000
+min = 10000
 
 [ai_service.rag_timeout]
-min = 5000
-max = 600000
 description = "RAG service call timeout in milliseconds (5s-10min)"
+max = 600000
+min = 5000
 
 [ai_service.mcp_timeout]
-min = 5000
-max = 600000
 description = "MCP service call timeout in milliseconds (5s-10min)"
+max = 600000
+min = 5000
 
 # ============================================================================
 # PROVISIONING DAEMON CONSTRAINTS
 # ============================================================================
 
 [daemon.poll_interval]
-min = 5
-max = 3600
 description = "Polling interval in seconds (5s-1hr)"
+max = 3600
+min = 5
 
 [daemon.max_workers]
-min = 1
-max = 32
 description = "Maximum worker threads for daemon operations"
+max = 32
+min = 1
 
 [daemon.max_age]
-min = 3600
-max = 604800
 description = "Maximum age for daemon state data in seconds (1hr-7days)"
+max = 604800
+min = 3600
 
 [daemon.health_check_interval]
-min = 10
-max = 300
 description = "Health check interval in seconds (10s-5min)"
+max = 300
+min = 10