chore: update defs

2026-01-12 05:18:28 +00:00 · 2026-01-12 05:18:28 +00:00 · 1508d9a96b
commit 1508d9a96b
parent 51b20e33ba
12 changed files with 492 additions and 492 deletions
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@ -18,7 +18,7 @@ deny = ["unmaintained", "unsound", "yanked"]
 # Specific vulnerability IDs to ignore (in case of false positives)
 # You can use: https://rustsec.org/
 ignore = [
-    # Example: { id = "RUSTSEC-2023-XXXX", reason = "Not applicable to our use case" }
+  # Example: { id = "RUSTSEC-2023-XXXX", reason = "Not applicable to our use case" }
 ]
 # How to handle vulnerabilities based on severity
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@ -10,51 +10,51 @@ jobs = 4
 [profile.dev]
 # Development profile - fast compilation, debug info
 opt-level = 0
 debug = true
 debug-assertions = true
 overflow-checks = true
 lto = false
 panic = "unwind"
 incremental = true
 lto = false
 opt-level = 0
 overflow-checks = true
 panic = "unwind"
 [profile.release]
 # Release profile - slow compilation, optimized binary
-opt-level = 3
+codegen-units = 1
 debug = false
 debug-assertions = false
 overflow-checks = false
 lto = "thin"
 codegen-units = 1
 panic = "abort"
 incremental = false
 lto = "thin"
 opt-level = 3
 overflow-checks = false
 panic = "abort"
 strip = false
 [profile.test]
 # Test profile - inherits from dev but can be optimized
 opt-level = 1
 debug = true
 debug-assertions = true
 overflow-checks = true
 lto = false
 incremental = true
 lto = false
 opt-level = 1
 overflow-checks = true
 [profile.bench]
 # Benchmark profile - same as release
-opt-level = 3
+codegen-units = 1
 debug = false
 debug-assertions = false
 overflow-checks = false
 lto = "thin"
 codegen-units = 1
 incremental = false
 lto = "thin"
 opt-level = 3
 overflow-checks = false
 [term]
 # Terminal colors
 color = "auto"
 verbose = false
 progress.when = "auto"
 progress.width = 80
 verbose = false
 [net]
 # Network settings
@ -68,5 +68,5 @@ offline = false
 # Custom cargo commands
 build-all = "build --all-targets"
 check-all = "check --all-targets --all-features"
 test-all = "test --all-features --workspace"
 doc-all = "doc --all-features --no-deps --open"
 test-all = "test --all-features --workspace"
--- a/.clippy.toml
+++ b/.clippy.toml
@ -3,8 +3,8 @@
 # Lint level thresholds
 cognitive-complexity-threshold = 25
 type-complexity-threshold = 500
 excessive-nesting-threshold = 5
 type-complexity-threshold = 500
 # Allowed patterns (prevent lints on specific code)
 # allow-expect-in-tests = true
--- a/.rustfmt.toml
+++ b/.rustfmt.toml
@ -4,19 +4,19 @@
 # Basic formatting options
 edition = "2021"
 max_width = 100
 hard_tabs = false
-tab_spaces = 4
+max_width = 100
 newline_style = "Unix"
 tab_spaces = 4
 # Code structure
 use_small_heuristics = "Default"
 # Imports
 group_imports = "StdExternalCrate"
 remove_nested_parens = true
 reorder_imports = true
 reorder_modules = true
 remove_nested_parens = true
 group_imports = "StdExternalCrate"
 # Match expressions
 match_block_trailing_comma = false
@ -26,28 +26,28 @@ chain_width = 60
 # Comment formatting (nightly)
 comment_width = 80
 wrap_comments = true
 normalize_comments = true
 normalize_doc_attributes = true
 wrap_comments = true
 # Spaces and indentation (nightly)
 fn_single_line = false
 fn_params_layout = "Tall"
 fn_single_line = false
 where_single_line = false
 # Formatting (nightly)
 format_strings = true
 format_code_in_doc_comments = false
 format_strings = true
 # Spaces (nightly)
 space_before_colon = false
 space_after_colon = true
 space_before_colon = false
 spaces_around_ranges = false
 # Line breaks (nightly)
 match_arm_blocks = true
 blank_lines_lower_bound = 0
 blank_lines_upper_bound = 1
 match_arm_blocks = true
 # Enable nightly features
 unstable_features = true
--- a/deny.toml
+++ b/deny.toml
@ -6,22 +6,22 @@ db-path = "~/.cargo/advisory-db"
 db-urls = ["https://github.com/rustsec/advisory-db"]
 [licenses]
 unlicensed = "deny"
 allow = [
-    "MIT",
+  "MIT",
-    "MIT-0",
+  "MIT-0",
-    "Apache-2.0",
+  "Apache-2.0",
-    "Apache-2.0 WITH LLVM-exception",
+  "Apache-2.0 WITH LLVM-exception",
-    "BSD-2-Clause",
+  "BSD-2-Clause",
-    "BSD-3-Clause",
+  "BSD-3-Clause",
-    "ISC",
+  "ISC",
-    "Unicode-DFS-2016",
+  "Unicode-DFS-2016",
 ]
 unlicensed = "deny"
 [bans]
 multiple-versions = "warn"
 [sources]
 unknown-registry = "deny"
 unknown-git = "deny"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 unknown-git = "deny"
 unknown-registry = "deny"
--- a/docs/book.toml
+++ b/docs/book.toml
@ -1,10 +1,10 @@
 [book]
 title = "Provisioning Platform Documentation"
 authors = ["Provisioning Platform Team"]
 description = "Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust"
 language = "en"
 multilingual = false
 src = "src"
 title = "Provisioning Platform Documentation"
 [build]
 build-dir = "book"
@ -15,56 +15,56 @@ create-missing = true
 [output.html]
 # theme = "theme"  # Commented out - using default mdbook theme
 default-theme = "ayu"
 preferred-dark-theme = "navy"
 smart-punctuation = true  # Renamed from curly-quotes
 mathjax-support = false
 copy-fonts = true
 no-section-label = false
 git-repository-url = "https://github.com/provisioning/provisioning-platform"
 git-repository-icon = "fa-github"
 edit-url-template = "https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/{path}"
 site-url = "/docs/"
 cname = "docs.provisioning.local"
 copy-fonts = true
 default-theme = "ayu"
 edit-url-template = "https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/{path}"
 git-repository-icon = "fa-github"
 git-repository-url = "https://github.com/provisioning/provisioning-platform"
 mathjax-support = false
 no-section-label = false
 preferred-dark-theme = "navy"
 site-url = "/docs/"
 smart-punctuation = true                                                                                       # Renamed from curly-quotes
 # input-404 = "404.md"  # Commented out - 404.md not created yet
-[output.html.print]
+  [output.html.print]
-enable = true
+  enable = true
-[output.html.fold]
+  [output.html.fold]
-enable = true
+  enable = true
-level = 1
+  level = 1
-[output.html.playground]
+  [output.html.playground]
-editable = false
+  copy-js = true
-copyable = true
+  copyable = true
-copy-js = true
+  editable = false
-line-numbers = true
+  line-numbers = true
-runnable = false
+  runnable = false
-[output.html.search]
+  [output.html.search]
-enable = true
+  boost-hierarchy = 1
-limit-results = 30
+  boost-paragraph = 1
-teaser-word-count = 30
+  boost-title = 2
-use-boolean-and = true
+  enable = true
-boost-title = 2
+  expand = true
-boost-hierarchy = 1
+  heading-split-level = 3
-boost-paragraph = 1
+  limit-results = 30
-expand = true
+  teaser-word-count = 30
-heading-split-level = 3
+  use-boolean-and = true
-[output.html.code.highlightjs]
+  [output.html.code.highlightjs]
-additional-languages = ["nushell", "toml", "yaml", "bash", "rust", "kcl"]
+  additional-languages = ["nushell", "toml", "yaml", "bash", "rust", "kcl"]
-[output.html.code]
+  [output.html.code]
-hidelines = {}
+  hidelines = {}
-[[output.html.code.highlightjs.theme]]
+    [[output.html.code.highlightjs.theme]]
-light = "ayu-light"
+    dark = "ayu-dark"
-dark = "ayu-dark"
+    light = "ayu-light"
-[output.html.redirect]
+  [output.html.redirect]
-# Add redirects for moved pages if needed
+  # Add redirects for moved pages if needed
 [rust]
 edition = "2021"
--- a/docs/src/development/examples/quick-start/local-development/config.toml
+++ b/docs/src/development/examples/quick-start/local-development/config.toml
@ -13,41 +13,41 @@ kloud = "."
 [debug]
 # Enable debug mode for learning and troubleshooting
 check = false
 enabled = true
 log_level = "debug"
 metadata = true
 check = false
 remote = false
 no_terminal = false
 remote = false
 [output]
 # Human-readable output formats for learning
 format = "yaml"
 file_viewer = "less"
 format = "yaml"
 # Provider configuration for local development
 [providers]
 default = "local"
-[providers.local]
+  [providers.local]
-# Local provider settings
+  # Local provider settings
-interface = "CLI"
+  container_runtime = "docker" # or "podman"
-container_runtime = "docker"  # or "podman"
+  interface = "CLI"
-network_driver = "bridge"
+  network_driver = "bridge"
-# Local development network settings
+  # Local development network settings
-network_cidr = "192.168.100.0/24"
+  enable_port_forwarding = true
-enable_port_forwarding = true
+  network_cidr = "192.168.100.0/24"
-# Resource limits for local development
+    # Resource limits for local development
-[providers.local.resource_limits]
+    [providers.local.resource_limits]
-max_memory_per_server = "1GB"
+    max_cpu_cores_per_server = 2
-max_cpu_cores_per_server = 2
+    max_memory_per_server = "1GB"
-max_storage_per_server = "20GB"
+    max_storage_per_server = "20GB"
 # SOPS configuration (simplified for local development)
 [sops]
-use_sops = false  # Disable encryption for local dev to keep things simple
+use_sops = false # Disable encryption for local dev to keep things simple
 # If you want to practice with SOPS locally, set to true and configure keys
 # Development-specific settings
@ -57,18 +57,18 @@ auto_approve = true
 # Cleanup settings
 cleanup_on_error = true
-cleanup_on_shutdown = false  # Keep resources between sessions
+cleanup_on_shutdown = false # Keep resources between sessions
 # Development helper settings
 debug_on_error = true
 enable_dev_mode = true
 verbose_logging = true
 debug_on_error = true
 # Cache settings for development
 [cache]
-enabled = false  # Disable caching for development to see real-time changes
+enabled = false                # Disable caching for development to see real-time changes
 path = "./.provisioning-cache"
 max_size = "100MB"
 path = "./.provisioning-cache"
 # Task service runtime paths
 [taskservs]
@ -79,8 +79,8 @@ run_path = "./run/clusters"
 # Generation settings
 [generation]
 dir_path = "./generated"
 defs_file = "defs.toml"
 dir_path = "./generated"
 # Local development notifications (disabled for quiet operation)
 [notifications]
@ -94,41 +94,41 @@ use_tera_plugin = true
 # Environment overrides for development
 [environments.development]
 auto_approve = true
 debug.enabled = true
 debug.log_level = "debug"
 providers.default = "local"
 auto_approve = true
 # Validation settings for development
 [validation]
 strict_mode = false  # Relaxed validation for learning
 warn_on_missing = true
 fail_on_error = false
 strict_mode = false    # Relaxed validation for learning
 warn_on_missing = true
 # Development-specific limits and quotas
 [limits]
 max_concurrent_operations = 2
 max_servers = 5
 max_services_per_server = 10
 max_concurrent_operations = 2
 timeout_seconds = 300
 # Local development extensions
 [extensions]
 path = ""
 mode = "development"
 path = ""
 profile = "learning"
 # Security settings (relaxed for local development)
 [security]
 require_confirmation = false  # Speed up development workflow
 strict_validation = false
 log_sensitive_data = false
 require_confirmation = false # Speed up development workflow
 strict_validation = false
 # Performance settings for local development
 [performance]
 parallel_operations = 2  # Limit parallelism for local resources
 cache_enabled = false
-timeout_multiplier = 1.5  # Give more time for local operations
+parallel_operations = 2  # Limit parallelism for local resources
 timeout_multiplier = 1.5 # Give more time for local operations
 # Local development specific configurations
 [local_dev]
@ -139,67 +139,67 @@ auto_cleanup_age = "7d"
 enable_aliases = true
 enable_shortcuts = true
-# Port ranges for development services
+  # Port ranges for development services
-[local_dev.port_ranges]
+  [local_dev.port_ranges]
-web = "8000-8999"
+  api = "9000-9999"
-api = "9000-9999"
+  cache = "6000-6999"
-database = "5000-5999"
+  database = "5000-5999"
-cache = "6000-6999"
+  web = "8000-8999"
-# Development database settings
+  # Development database settings
-[local_dev.database_defaults]
+  [local_dev.database_defaults]
-auto_create_dev_db = true
+  auto_create_dev_db = true
-enable_query_logging = true
+  enable_query_logging = true
-relaxed_security = true  # WARNING: Only for local development!
+  relaxed_security = true     # WARNING: Only for local development!
 # Container settings for local development
 [containers]
-auto_remove = true  # Clean up containers automatically
+auto_remove = true       # Clean up containers automatically
 enable_debug_mode = true
-mount_source_code = true  # Mount local directories for development
+mount_source_code = true # Mount local directories for development
 # Network settings for local development
 [network]
 enable_host_networking = true  # Allow easy access from host
 auto_assign_ports = true
 enable_host_networking = true   # Allow easy access from host
 enable_service_discovery = true
 # Monitoring settings (lightweight for local development)
 [monitoring]
 enable_alerts = false    # No alerts needed for local development
 enabled = true
 retention_period = "24h"  # Short retention for local dev
 metrics_interval = "30s"
-enable_alerts = false  # No alerts needed for local development
+retention_period = "24h" # Short retention for local dev
 # Backup settings for local development
 [backup]
 enabled = false  # No backups needed for disposable local environment
 auto_backup = false
 enabled = false     # No backups needed for disposable local environment
 # Integration settings
 [integration]
 # Enable integrations useful for development
 enable_git_hooks = false
 enable_ide_integration = true
 enable_hot_reload = true
 enable_ide_integration = true
 # Learning and documentation helpers
 [learning]
 enable_interactive_help = true
 include_examples = true
 show_helpful_tips = true
 verbose_explanations = true
 include_examples = true
 enable_interactive_help = true
 # Example-specific metadata
 [example]
 name = "local-development"
 description = "Basic local development environment setup"
 difficulty = "beginner"
 estimated_time = "15-30 minutes"
 requirements = ["docker", "4GB RAM", "10GB disk"]
 learning_objectives = [
-    "Understanding basic provisioning concepts",
+  "Understanding basic provisioning concepts",
-    "Setting up local infrastructure",
+  "Setting up local infrastructure",
-    "Managing servers and services",
+  "Managing servers and services",
-    "Using the provisioning CLI"
+  "Using the provisioning CLI",
 ]
 name = "local-development"
 requirements = ["docker", "4GB RAM", "10GB disk"]
--- a/examples/workspaces/cost-optimized/config.toml
+++ b/examples/workspaces/cost-optimized/config.toml
@ -2,174 +2,174 @@
 # Multi-provider cost optimization using provider specialization
 [workspace]
 name = "cost-optimized"
 environment = "production"
 owner = "platform-team"
 description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"
 environment = "production"
 name = "cost-optimized"
 owner = "platform-team"
 # Hetzner Configuration - Compute Tier (Best price/performance)
 [providers.hetzner]
 enabled = true
 token_env = "HCLOUD_TOKEN"
 default_location = "nbg1"
 default_datacenter = "nbg1-dc8"
 default_location = "nbg1"
 enabled = true
 provider_type = "primary_compute"
 token_env = "HCLOUD_TOKEN"
-[providers.hetzner.settings]
+  [providers.hetzner.settings]
-enable_automount = false
+  default_volume_format = "ext4"
-default_volume_format = "ext4"
+  enable_automount = false
-server_type_default = "cpx21"
+  region_name = "eu-central"
-region_name = "eu-central"
+  server_type_default = "cpx21"
 # AWS Configuration - Managed Services
 [providers.aws]
 enabled = true
 region = "us-east-1"
 access_key_env = "AWS_ACCESS_KEY_ID"
-secret_key_env = "AWS_SECRET_ACCESS_KEY"
+enabled = true
 provider_type = "managed_services"
 region = "us-east-1"
 secret_key_env = "AWS_SECRET_ACCESS_KEY"
-[providers.aws.settings]
+  [providers.aws.settings]
-multi_az = true
+  backup_retention_days = 30
-backup_retention_days = 30
+  enable_enhanced_monitoring = true
-enable_performance_insights = true
+  enable_performance_insights = true
-enable_enhanced_monitoring = true
+  multi_az = true
-region_name = "us-east"
+  region_name = "us-east"
 # DigitalOcean Configuration - CDN and Storage
 [providers.digitalocean]
 enabled = true
 token_env = "DIGITALOCEAN_TOKEN"
 default_region = "nyc3"
 enabled = true
 provider_type = "cdn_and_storage"
 token_env = "DIGITALOCEAN_TOKEN"
-[providers.digitalocean.settings]
+  [providers.digitalocean.settings]
-enable_monitoring = true
+  enable_backups = false
-enable_backups = false
+  enable_monitoring = true
-spaces_region = "nyc3"
+  region_name = "us-east-cdn"
-region_name = "us-east-cdn"
+  spaces_region = "nyc3"
 # Cost Tracking and Budgets
 [cost_tracking]
 budget_alert_threshold = 280
 enabled = true
 monthly_budget = 300
 budget_alert_threshold = 280
-[cost_tracking.regional_budgets]
+  [cost_tracking.regional_budgets]
-hetzner = 75
+  aws = 120
-aws = 120
+  digitalocean = 65
-digitalocean = 65
+  hetzner = 75
-[cost_tracking.optimization_targets]
+  [cost_tracking.optimization_targets]
-hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
+  aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
-aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
+  digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"
-digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"
+  hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
 # Deployment Configuration
 [deployment]
 strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
 rollback_on_failure = true
 order = ["hetzner", "aws", "digitalocean"]
 rollback_on_failure = true
 strategy = "rolling"
 # Networking Configuration
 [networking]
 enable_vpn_tunnels = true
 vpn_protocol = "ipsec"
 vpn_encryption = "aes-256"
 vpn_authentication = "sha256"
 vpn_encryption = "aes-256"
 vpn_protocol = "ipsec"
-[networking.cidr_blocks]
+  [networking.cidr_blocks]
-hetzner = "10.0.0.0/16"
+  aws = "10.1.0.0/16"
-aws = "10.1.0.0/16"
+  hetzner = "10.0.0.0/16"
 # Monitoring and Alerting
 [monitoring]
 alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
 alert_on_threshold_exceeded = true
-[monitoring.thresholds]
+  [monitoring.thresholds]
-cpu = 80
+  cpu = 80
-memory = 85
+  disk = 90
-disk = 90
+  memory = 85
-queue_depth = 1000
+  queue_depth = 1000
-[monitoring.critical_alerts]
+  [monitoring.critical_alerts]
-database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
+  cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }
-queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
+  database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
-cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }
+  queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
 # Backup Configuration
 [backup]
 compression = true
 enabled = true
 encryption = true
 frequency = "daily"
 retention_days = 30
 compression = true
 encryption = true
-[backup.strategies]
+  [backup.strategies]
-rds = "AWS managed, 30-day retention"
+  application = "Weekly Hetzner snapshots"
-application = "Weekly Hetzner snapshots"
+  cdn = "Weekly Spaces backups to secondary region"
-cdn = "Weekly Spaces backups to secondary region"
+  rds = "AWS managed, 30-day retention"
 # Performance Configuration
 [performance]
 enable_caching = true
 cache_ttl = 3600
 cdn_cache_ttl = 86400
 enable_caching = true
-[performance.optimization]
+  [performance.optimization]
-database = "Use read replicas for read-heavy workloads"
+  cache = "ElastiCache Redis for session and data caching"
-cache = "ElastiCache Redis for session and data caching"
+  cdn = "Serve static assets from DigitalOcean CDN"
-cdn = "Serve static assets from DigitalOcean CDN"
+  database = "Use read replicas for read-heavy workloads"
-queue = "SQS for async job processing"
+  queue = "SQS for async job processing"
 # Scaling Configuration
 [scaling]
 auto_scale_enabled = true
-[scaling.hetzner]
+  [scaling.hetzner]
-min_instances = 2
+  max_instances = 5
-max_instances = 5
+  min_instances = 2
-scale_up_cpu_threshold = 80
+  scale_down_cpu_threshold = 30
-scale_down_cpu_threshold = 30
+  scale_up_cpu_threshold = 80
-[scaling.aws]
+  [scaling.aws]
-auto_scaling_enabled = false
+  auto_scaling_enabled = false
-note = "RDS handles scaling automatically, SQS scales automatically"
+  note = "RDS handles scaling automatically, SQS scales automatically"
 # Security Configuration
 [security]
 backup_encryption = true
 enable_encryption = true
 enable_monitoring = true
 backup_encryption = true
-[security.vpn_tunnel]
+  [security.vpn_tunnel]
-encryption_algorithm = "AES-256"
+  authentication = "SHA256"
-authentication = "SHA256"
+  dh_group = "Group 14"
-dh_group = "Group 14"
+  encryption_algorithm = "AES-256"
-encryption_integrity = "enabled"
+  encryption_integrity = "enabled"
 # Application Settings
 [application]
 app_name = "cost-optimized-app"
 version = "1.0"
-[application.database]
+  [application.database]
-engine = "postgresql"
+  connection_pool = 20
-version = "14.6"
+  engine = "postgresql"
-connection_pool = 20
+  idle_timeout = 900
-idle_timeout = 900
+  version = "14.6"
-[application.cache]
+  [application.cache]
-engine = "redis"
+  engine = "redis"
-version = "7.0"
+  eviction_policy = "allkeys-lru"
-max_memory = "250MB"
+  max_memory = "250MB"
-eviction_policy = "allkeys-lru"
+  version = "7.0"
-[application.queue]
+  [application.queue]
-max_message_size = 262144
+  default_visibility_timeout = 300
-default_visibility_timeout = 300
+  long_poll_interval = 20
-long_poll_interval = 20
+  max_message_size = 262144
--- a/examples/workspaces/multi-provider-web-app/config.toml
+++ b/examples/workspaces/multi-provider-web-app/config.toml
@ -2,81 +2,81 @@
 # Credentials and provider-specific settings
 [workspace]
 name = "multi-provider-web-app"
 environment = "production"
 owner = "platform-team"
 description = "Web application across DigitalOcean, AWS, and Hetzner"
 environment = "production"
 name = "multi-provider-web-app"
 owner = "platform-team"
 # DigitalOcean Configuration
 [providers.digitalocean]
 default_region = "nyc3"
 enabled = true
 token_env = "DIGITALOCEAN_TOKEN"
 default_region = "nyc3"
-[providers.digitalocean.settings]
+  [providers.digitalocean.settings]
-enable_monitoring = true
+  enable_backups = true
-enable_backups = true
+  enable_ipv6 = true
-enable_ipv6 = true
+  enable_monitoring = true
 # AWS Configuration
 [providers.aws]
 access_key_env = "AWS_ACCESS_KEY_ID"
 enabled = true
 region = "us-east-1"
 access_key_env = "AWS_ACCESS_KEY_ID"
 secret_key_env = "AWS_SECRET_ACCESS_KEY"
-[providers.aws.settings]
+  [providers.aws.settings]
-multi_az = true
+  backup_retention_days = 30
-backup_retention_days = 30
+  enable_enhanced_monitoring = true
-enable_performance_insights = true
+  enable_performance_insights = true
-enable_enhanced_monitoring = true
+  multi_az = true
 # Hetzner Configuration
 [providers.hetzner]
 default_datacenter = "nbg1-dc8"
 default_location = "nbg1"
 enabled = true
 token_env = "HCLOUD_TOKEN"
 default_location = "nbg1"
 default_datacenter = "nbg1-dc8"
-[providers.hetzner.settings]
+  [providers.hetzner.settings]
-enable_automount = false
+  default_volume_format = "ext4"
-default_volume_format = "ext4"
+  enable_automount = false
 # Deployment Settings
 [deployment]
 strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
 rollback_on_failure = true
 strategy = "rolling"
 # Monitoring Settings
 [monitoring]
 alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
 alert_on_threshold_exceeded = true
-[monitoring.thresholds]
+  [monitoring.thresholds]
-cpu = 80
+  cpu = 80
-memory = 85
+  disk = 90
-disk = 90
+  memory = 85
-network = 1000
+  network = 1000
 # Backup Settings
 [backup]
 compression = true
 enabled = true
 encryption = true
 frequency = "daily"
 retention_days = 30
 compression = true
 encryption = true
 # Network Settings
 [networking]
 enable_vpn_tunnels = true
 vpn_protocol = "ipsec"
 vpn_encryption = "aes-256"
 vpn_protocol = "ipsec"
 # Cost Tracking
 [cost_tracking]
 enabled = true
 budget_alert_threshold = 200
 enabled = true
 monthly_budget = 300
--- a/examples/workspaces/multi-region-ha/config.toml
+++ b/examples/workspaces/multi-region-ha/config.toml
@ -2,150 +2,150 @@
 # Global deployment across 3 providers and 3 geographic regions
 [workspace]
 name = "multi-region-ha"
 environment = "production"
 owner = "platform-team"
 description = "High availability deployment across DigitalOcean (US), Hetzner (EU), and AWS (APAC)"
 environment = "production"
 name = "multi-region-ha"
 owner = "platform-team"
 # DigitalOcean Configuration - US East (Primary)
 [providers.digitalocean]
 enabled = true
 token_env = "DIGITALOCEAN_TOKEN"
 default_region = "nyc3"
 enabled = true
 region_name = "us-east"
 token_env = "DIGITALOCEAN_TOKEN"
-[providers.digitalocean.settings]
+  [providers.digitalocean.settings]
-enable_monitoring = true
+  enable_backups = true
-enable_backups = true
+  enable_ipv6 = true
-enable_ipv6 = true
+  enable_monitoring = true
-failover_primary = true
+  failover_primary = true
 # Hetzner Configuration - EU Central (Secondary)
 [providers.hetzner]
 enabled = true
 token_env = "HCLOUD_TOKEN"
 default_location = "nbg1"
 default_datacenter = "nbg1-dc8"
 default_location = "nbg1"
 enabled = true
 region_name = "eu-central"
 token_env = "HCLOUD_TOKEN"
-[providers.hetzner.settings]
+  [providers.hetzner.settings]
-enable_automount = false
+  default_volume_format = "ext4"
-default_volume_format = "ext4"
+  enable_automount = false
-failover_secondary = true
+  failover_secondary = true
 # AWS Configuration - Asia Pacific (Tertiary)
 [providers.aws]
 access_key_env = "AWS_ACCESS_KEY_ID"
 enabled = true
 region = "ap-southeast-1"
 access_key_env = "AWS_ACCESS_KEY_ID"
 secret_key_env = "AWS_SECRET_ACCESS_KEY"
 region_name = "asia-southeast"
 secret_key_env = "AWS_SECRET_ACCESS_KEY"
-[providers.aws.settings]
+  [providers.aws.settings]
-multi_az = true
+  backup_retention_days = 30
-backup_retention_days = 30
+  enable_performance_insights = true
-enable_performance_insights = true
+  failover_tertiary = true
-failover_tertiary = true
+  multi_az = true
 # Global DNS Configuration
 [dns]
 provider = "route53"
 domain = "api.example.com"
 ttl = 60
 health_check_interval = 30
 provider = "route53"
 ttl = 60
-# Regional DNS Records
+  # Regional DNS Records
-[dns.regions.us_east]
+  [dns.regions.us_east]
-subdomain = "us"
+  endpoint = "us.api.example.com"
-endpoint = "us.api.example.com"
+  health_check_path = "/health"
-health_check_path = "/health"
+  subdomain = "us"
-[dns.regions.eu_central]
+  [dns.regions.eu_central]
-subdomain = "eu"
+  endpoint = "eu.api.example.com"
-endpoint = "eu.api.example.com"
+  health_check_path = "/health"
-health_check_path = "/health"
+  subdomain = "eu"
-[dns.regions.asia_southeast]
+  [dns.regions.asia_southeast]
-subdomain = "asia"
+  endpoint = "asia.api.example.com"
-endpoint = "asia.api.example.com"
+  health_check_path = "/health"
-health_check_path = "/health"
+  subdomain = "asia"
 # Database Replication Configuration
 [database_replication]
 backup_retention_days = 30
 max_replication_slots = 5
 max_wal_senders = 5
 mode = "multi-master"
 primary_region = "us-east"
 replication_lag_tolerance_seconds = 300
 replication_method = "logical"
 wal_level = "logical"
 max_wal_senders = 5
 max_replication_slots = 5
 replication_lag_tolerance_seconds = 300
 backup_retention_days = 30
 # VPN and Networking
 [networking]
 enable_vpn_tunnels = true
 vpn_protocol = "ipsec"
 vpn_encryption = "aes-256"
 vpn_authentication = "sha256"
 vpn_encryption = "aes-256"
 vpn_protocol = "ipsec"
-[networking.vpn_tunnels]
+  [networking.vpn_tunnels]
-us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" }
+  asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" }
-eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" }
+  eu_to_asia = { name = "eu-asia-vpn", source_network = "10.1.0.0/16", destination_network = "10.2.0.0/16" }
-asia_to_us = { name = "asia-us-vpn", source_network = "10.2.0.0/16", destination_network = "10.0.0.0/16" }
+  us_to_eu = { name = "us-eu-vpn", source_network = "10.0.0.0/16", destination_network = "10.1.0.0/16" }
 # Deployment Settings
 [deployment]
 strategy = "rolling"
 batch_size = 1
 health_check_wait = 60
 rollback_on_failure = true
 order = ["us-east", "eu-central", "asia-southeast"]
 rollback_on_failure = true
 strategy = "rolling"
 # Regional Monitoring Settings
 [monitoring]
 alert_on_threshold_exceeded = true
 enabled = true
 metric_collection_interval = 60
 alert_on_threshold_exceeded = true
-[monitoring.thresholds]
+  [monitoring.thresholds]
-cpu = 80
+  cpu = 80
-memory = 85
+  disk = 90
-disk = 90
+  memory = 85
-replication_lag = 600
+  replication_lag = 600
-[monitoring.alerts]
+  [monitoring.alerts]
-high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" }
+  high_cpu = { condition = "cpu > 80%", action = "scale-up", severity = "warning" }
-high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" }
+  high_memory = { condition = "memory > 85%", action = "alert", severity = "warning" }
-replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" }
+  region_down = { condition = "health_check_failed", action = "failover", severity = "critical" }
-region_down = { condition = "health_check_failed", action = "failover", severity = "critical" }
+  replication_lag_critical = { condition = "replication_lag > 600s", action = "alert", severity = "critical" }
 # Backup and Disaster Recovery
 [backup]
 compression = true
 enabled = true
 encryption = true
 frequency = "daily"
 retention_days = 30
 compression = true
 encryption = true
-[backup.regions]
+  [backup.regions]
-us_east = { strategy = "automated", retention = "30 days" }
+  asia_southeast = { strategy = "replica-backup", retention = "30 days" }
-eu_central = { strategy = "replica-backup", retention = "30 days" }
+  eu_central = { strategy = "replica-backup", retention = "30 days" }
-asia_southeast = { strategy = "replica-backup", retention = "30 days" }
+  us_east = { strategy = "automated", retention = "30 days" }
 # Health Checks
 [health_checks]
 us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 asia_southeast = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 eu_central = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 us_east = { protocol = "HTTPS", port = 443, path = "/health", interval = 30 }
 # Cost Tracking
 [cost_tracking]
 enabled = true
 budget_alert_threshold = 300
 enabled = true
 monthly_budget = 350
-[cost_tracking.regional_budgets]
+  [cost_tracking.regional_budgets]
-us_east = 102
+  asia_southeast = 130
-eu_central = 79
+  eu_central = 79
-asia_southeast = 130
+  total_estimate = 311
-total_estimate = 311
+  us_east = 102
--- a/generators/generate/defs.toml
+++ b/generators/generate/defs.toml
@ -1,15 +1,15 @@
 [[defs_values]]
 input_type = "text"
 numchar = 0
 msg = "Kloud title"
 var = "kloud_title"
 default_value = "$name"
 input_type = "text"
 msg = "Kloud title"
 not_empty = false
 numchar = 0
 var = "kloud_title"
 [[defs_values]]
 input_type = "text"
 numchar = 3
 msg = "Confirmar"
 var = "confirm"
 default_value = "yes"
 input_type = "text"
 msg = "Confirmar"
 not_empty = true
 numchar = 3
 var = "confirm"
--- a/schemas/platform/constraints/constraints.toml
+++ b/schemas/platform/constraints/constraints.toml
@ -8,325 +8,325 @@
 # ============================================================================
 [orchestrator.workers]
 min = 1
 max = 32
 description = "Workflow engine worker thread count"
 max = 32
 min = 1
 [orchestrator.queue.concurrent_tasks]
 min = 1
 max = 100
 description = "Maximum concurrent tasks in workflow queue"
 max = 100
 min = 1
 [orchestrator.queue.retry_attempts]
 min = 0
 max = 10
 description = "Retry attempts for failed tasks"
 max = 10
 min = 0
 [orchestrator.queue.retry_delay]
 min = 1000
 max = 60000
 description = "Delay between retries in milliseconds (1s-60s)"
 max = 60000
 min = 1000
 [orchestrator.queue.task_timeout]
 min = 60000
 max = 86400000
 description = "Task execution timeout in milliseconds (1min-24hrs)"
 max = 86400000
 min = 60000
 [orchestrator.batch.parallel_limit]
 min = 1
 max = 50
 description = "Batch workflow parallel operation limit"
 max = 50
 min = 1
 [orchestrator.batch.operation_timeout]
 min = 60000
 max = 3600000
 description = "Batch operation timeout in milliseconds (1min-1hr)"
 max = 3600000
 min = 60000
 [orchestrator.extensions.max_concurrent]
 min = 1
 max = 20
 description = "Max concurrent extension operations"
 max = 20
 min = 1
 # ============================================================================
 # CONTROL CENTER CONSTRAINTS
 # ============================================================================
 [control_center.jwt.token_expiration]
 min = 300
 max = 604800
 description = "JWT token expiration in seconds (5min-7days)"
 max = 604800
 min = 300
 [control_center.jwt.refresh_expiration]
 min = 3600
 max = 2592000
 description = "JWT refresh token expiration in seconds (1hr-30days)"
 max = 2592000
 min = 3600
 [control_center.rate_limiting.max_requests]
 min = 10
 max = 10000
 description = "Rate limiting max requests per window"
 max = 10000
 min = 10
 [control_center.rate_limiting.window_seconds]
 min = 1
 max = 3600
 description = "Rate limiting window in seconds"
 max = 3600
 min = 1
 [control_center.session.max_duration]
 min = 900
 max = 2592000
 description = "Session max duration in seconds (15min-30days)"
 max = 2592000
 min = 900
 [control_center.mfa.max_attempts]
 min = 1
 max = 10
 description = "MFA authentication max attempts before lockout"
 max = 10
 min = 1
 [control_center.audit.retention_days]
 min = 1
 max = 3650
 description = "Audit log retention in days (1-10 years)"
 max = 3650
 min = 1
 # ============================================================================
 # MCP SERVER CONSTRAINTS
 # ============================================================================
 [mcp_server.tools.max_concurrent]
 min = 1
 max = 20
 description = "Maximum concurrent tool executions"
 max = 20
 min = 1
 [mcp_server.tools.timeout]
 min = 5000
 max = 600000
 description = "Tool execution timeout in milliseconds (5s-10min)"
 max = 600000
 min = 5000
 [mcp_server.resources.max_size]
 min = 1048576
 max = 1073741824
 description = "Maximum resource size in bytes (1MB-1GB)"
 max = 1073741824
 min = 1048576
 [mcp_server.resources.cache_ttl]
 min = 60
 max = 3600
 description = "Resource cache TTL in seconds (1min-1hr)"
 max = 3600
 min = 60
 [mcp_server.prompts.max_templates]
 min = 1
 max = 100
 description = "Maximum custom prompt templates"
 max = 100
 min = 1
 [mcp_server.sampling.max_tokens]
 min = 100
 max = 100000
 description = "Max tokens for sampling operations"
 max = 100000
 min = 100
 # ============================================================================
 # COMMON CONSTRAINTS
 # ============================================================================
 [common.server.port]
 min = 1024
 max = 65535
 description = "Valid port range (avoid system ports < 1024)"
 max = 65535
 min = 1024
 [common.server.workers]
 min = 1
 max = 32
 description = "HTTP server worker thread count"
 max = 32
 min = 1
 [common.server.max_connections]
 min = 10
 max = 10000
 description = "Maximum concurrent HTTP connections"
 max = 10000
 min = 10
 [common.server.keep_alive]
 min = 0
 max = 600
 description = "HTTP keep-alive timeout in seconds (0=disabled)"
 max = 600
 min = 0
 [common.monitoring.metrics_interval]
 min = 10
 max = 300
 description = "Metrics collection interval in seconds (10s-5min)"
 max = 300
 min = 10
 [common.monitoring.health_check_interval]
 min = 5
 max = 300
 description = "Health check interval in seconds (5s-5min)"
 max = 300
 min = 5
 [common.monitoring.retention_days]
 min = 1
 max = 3650
 description = "Metrics retention in days (1-10 years)"
 max = 3650
 min = 1
 [common.logging.max_file_size]
 min = 1048576
 max = 1073741824
 description = "Max log file size in bytes (1MB-1GB)"
 max = 1073741824
 min = 1048576
 [common.logging.max_backups]
 min = 1
 max = 100
 description = "Maximum log file backups to retain"
 max = 100
 min = 1
 # ============================================================================
 # DEPLOYMENT MODE: SOLO
 # ============================================================================
 [deployment.solo.cpu]
 min = 2
 max = 4
 description = "Solo mode CPU cores (single developer)"
 max = 4
 min = 2
 [deployment.solo.memory_mb]
 min = 2048
 max = 8192
 description = "Solo mode memory allocation in MB (2GB-8GB)"
 max = 8192
 min = 2048
 [deployment.solo.disk_gb]
 min = 10
 max = 100
 description = "Solo mode disk allocation in GB (10GB-100GB)"
 max = 100
 min = 10
 # ============================================================================
 # DEPLOYMENT MODE: MULTIUSER
 # ============================================================================
 [deployment.multiuser.cpu]
 min = 4
 max = 8
 description = "Multi-user mode CPU cores (team servers)"
 max = 8
 min = 4
 [deployment.multiuser.memory_mb]
 min = 4096
 max = 16384
 description = "Multi-user mode memory allocation in MB (4GB-16GB)"
 max = 16384
 min = 4096
 [deployment.multiuser.disk_gb]
 min = 50
 max = 500
 description = "Multi-user mode disk allocation in GB (50GB-500GB)"
 max = 500
 min = 50
 [deployment.multiuser.postgres.max_connections]
 min = 20
 max = 200
 description = "PostgreSQL max connections for multi-user"
 max = 200
 min = 20
 # ============================================================================
 # DEPLOYMENT MODE: CI/CD
 # ============================================================================
 [deployment.cicd.cpu]
 min = 8
 max = 16
 description = "CI/CD mode CPU cores (pipeline servers)"
 max = 16
 min = 8
 [deployment.cicd.memory_mb]
 min = 8192
 max = 32768
 description = "CI/CD mode memory allocation in MB (8GB-32GB)"
 max = 32768
 min = 8192
 [deployment.cicd.disk_gb]
 min = 100
 max = 1000
 description = "CI/CD mode disk allocation in GB (100GB-1TB) - ephemeral"
 max = 1000
 min = 100
 # ============================================================================
 # DEPLOYMENT MODE: ENTERPRISE
 # ============================================================================
 [deployment.enterprise.cpu]
 min = 16
 max = 128
 description = "Enterprise mode CPU cores (production HA)"
 max = 128
 min = 16
 [deployment.enterprise.memory_mb]
 min = 32768
 max = 262144
 description = "Enterprise mode memory allocation in MB (32GB-256GB)"
 max = 262144
 min = 32768
 [deployment.enterprise.disk_gb]
 min = 500
 max = 10000
 description = "Enterprise mode disk allocation in GB (500GB-10TB)"
 max = 10000
 min = 500
 [deployment.enterprise.replicas]
 min = 3
 max = 10
 description = "Enterprise HA replica count (minimum 3 for quorum)"
 max = 10
 min = 3
 [deployment.enterprise.surrealdb.max_connections]
 min = 100
 max = 1000
 description = "SurrealDB cluster max connections for enterprise"
 max = 1000
 min = 100
 # ============================================================================
 # WORKSPACE CONSTRAINTS
 # ============================================================================
 [workspace.name]
 pattern = "^[a-z0-9_-]{1,64}$"
 description = "Workspace name: lowercase alphanumeric, underscore, hyphen, max 64 chars"
 pattern = "^[a-z0-9_-]{1,64}$"
 [workspace.path_min_length]
 value = 1
 description = "Minimum workspace path length"
 value = 1
 [workspace.path_max_length]
 value = 255
 description = "Maximum workspace path length"
 value = 255
 # ============================================================================
 # SECURITY CONSTRAINTS
 # ============================================================================
 [security.password_min_length]
 min = 8
 max = 128
 description = "Password minimum length for local auth"
 max = 128
 min = 8
 [security.encryption_key_length]
 min = 16
 max = 64
 description = "Encryption key length in bytes"
 max = 64
 min = 16
 [security.rate_limit_lockout_minutes]
 min = 5
 max = 60
 description = "Account lockout duration after max attempts (minutes)"
 max = 60
 min = 5
 # ============================================================================
 # BATCH WORKFLOW CONSTRAINTS
 # ============================================================================
 [batch_workflow.max_tasks_per_batch]
 min = 1
 max = 1000
 description = "Maximum tasks per batch workflow"
 max = 1000
 min = 1
 [batch_workflow.max_parallel_operations]
 min = 1
 max = 100
 description = "Maximum parallel operations in batch"
 max = 100
 min = 1
 [batch_workflow.checkpoint_interval]
 min = 1
 max = 1000
 description = "Checkpoint interval in task count"
 max = 1000
 min = 1
 [batch_workflow.max_checkpoints]
 min = 1
 max = 100
 description = "Maximum checkpoints to retain per batch"
 max = 100
 min = 1
 # ============================================================================
 # VAULT SERVICE CONSTRAINTS
 # ============================================================================
 [vault_service.port]
 min = 1024
 max = 65535
 description = "Vault service port number"
 max = 65535
 min = 1024
 [vault_service.ha_enabled]
 description = "High availability mode for enterprise deployments"
@ -339,24 +339,24 @@ description = "TLS certificate verification enabled"
 # ============================================================================
 [registry.workers]
 min = 1
 max = 32
 description = "Extension registry worker thread count"
 max = 32
 min = 1
 [registry.cache_capacity]
 min = 10
 max = 100000
 description = "Cache capacity in number of entries"
 max = 100000
 min = 10
 [registry.cache_ttl]
 min = 30
 max = 3600
 description = "Cache TTL in seconds (30s-1hr)"
 max = 3600
 min = 30
 [registry.server_port]
 min = 1024
 max = 65535
 description = "Extension registry server port"
 max = 65535
 min = 1024
 # ============================================================================
 # RAG SYSTEM CONSTRAINTS
@ -367,84 +367,84 @@ allowed = [384, 768, 1536, 3072]
 description = "Valid embedding vector dimensions"
 [rag.chunk_size]
 min = 128
 max = 4096
 description = "Document chunk size in characters"
 max = 4096
 min = 128
 [rag.chunk_overlap]
 min = 0
 max = 1024
 description = "Overlap between chunks in characters"
 max = 1024
 min = 0
 [rag.top_k]
 min = 1
 max = 100
 description = "Number of top results to retrieve"
 max = 100
 min = 1
 [rag.similarity_threshold]
 min = 0.0
 max = 1.0
 description = "Minimum similarity score (0.0-1.0)"
 max = 1.0
 min = 0.0
 [rag.batch_size]
 min = 1
 max = 500
 description = "Batch size for embedding operations"
 max = 500
 min = 1
 # ============================================================================
 # AI SERVICE CONSTRAINTS
 # ============================================================================
 [ai_service.workers]
 min = 1
 max = 32
 description = "AI service worker thread count"
 max = 32
 min = 1
 [ai_service.server_port]
 min = 1024
 max = 65535
 description = "AI service server port"
 max = 65535
 min = 1024
 [ai_service.max_concurrent_tasks]
 min = 1
 max = 100
 description = "Maximum concurrent DAG task executions"
 max = 100
 min = 1
 [ai_service.task_timeout]
 min = 10000
 max = 3600000
 description = "Task timeout in milliseconds (10s-1hr)"
 max = 3600000
 min = 10000
 [ai_service.rag_timeout]
 min = 5000
 max = 600000
 description = "RAG service call timeout in milliseconds (5s-10min)"
 max = 600000
 min = 5000
 [ai_service.mcp_timeout]
 min = 5000
 max = 600000
 description = "MCP service call timeout in milliseconds (5s-10min)"
 max = 600000
 min = 5000
 # ============================================================================
 # PROVISIONING DAEMON CONSTRAINTS
 # ============================================================================
 [daemon.poll_interval]
 min = 5
 max = 3600
 description = "Polling interval in seconds (5s-1hr)"
 max = 3600
 min = 5
 [daemon.max_workers]
 min = 1
 max = 32
 description = "Maximum worker threads for daemon operations"
 max = 32
 min = 1
 [daemon.max_age]
 min = 3600
 max = 604800
 description = "Maximum age for daemon state data in seconds (1hr-7days)"
 max = 604800
 min = 3600
 [daemon.health_check_interval]
 min = 10
 max = 300
 description = "Health check interval in seconds (10s-5min)"
 max = 300
 min = 10