chore: add configs

config/ai.toml

@@ -78,8 +78,8 @@ max_tokens_per_minute = 100000
   # OpenAI GPT-4 API configuration
   api_key = "env:OPENAI_API_KEY"
   api_url = "https://api.openai.com/v1"
-organization_id = ""  # Optional
   max_retries = 3
+  organization_id = ""                  # Optional
   retry_delay_ms = 1000
 
   # Rate limits (per minute)
@@ -89,10 +89,10 @@ max_tokens_per_minute = 150000
   [ai.local]
   # Local LLM configuration (Ollama, LlamaCpp, vLLM)
   # Use for air-gapped deployments or privacy-critical scenarios
-model_path = "/opt/provisioning/models/llama-3-70b"
-server_url = "http://localhost:11434"  # Ollama default
   context_length = 8192
+  model_path = "/opt/provisioning/models/llama-3-70b"
   num_gpu_layers = 40                                 # GPU acceleration
+  server_url = "http://localhost:11434"               # Ollama default
 
   # ============================================================================
   # Model Context Protocol (MCP) Server
@@ -101,9 +101,9 @@ num_gpu_layers = 40  # GPU acceleration
   [ai.mcp]
   # MCP server configuration
   enabled = true
+  max_retries = 3
   server_url = "http://localhost:9000"
   timeout = 30
-max_retries = 3
 
     # Tool calling configuration
     [ai.mcp.tools]
@@ -130,19 +130,19 @@ enabled = true
 
   # Vector Store Configuration
   # Options: "qdrant" | "milvus" | "pgvector" | "chromadb"
+  collection_name = "provisioning-knowledge"
   vector_store = "qdrant"
   vector_store_url = "http://localhost:6333"
-collection_name = "provisioning-knowledge"
 
   # Embedding Model
   # OpenAI: "text-embedding-3-large", "text-embedding-3-small"
   # Local: "all-MiniLM-L6-v2", "bge-large-en-v1.5"
-embedding_model = "text-embedding-3-large"
   embedding_api_key = "env:OPENAI_API_KEY"   # For OpenAI embeddings
+  embedding_model = "text-embedding-3-large"
 
   # Document Chunking
-chunk_size = 512        # Characters per chunk
   chunk_overlap = 50        # Overlap between chunks
+  chunk_size = 512          # Characters per chunk
   max_chunks_per_query = 10 # Top-k retrieval
 
   # ============================================================================
@@ -208,10 +208,10 @@ audit_all_operations = true
     # Data sanitization before sending to LLM
     # Remove sensitive data from prompts
     [ai.security.sanitization]
-sanitize_secrets = true          # Remove secret values
-sanitize_pii = true              # Remove personally identifiable info
     sanitize_credentials = true   # Remove passwords, API keys
     sanitize_ip_addresses = false # Keep for troubleshooting
+    sanitize_pii = true           # Remove personally identifiable info
+    sanitize_secrets = true       # Remove secret values
 
     # Allowed data for LLM
     allowed_data = [
@@ -236,9 +236,9 @@ forbidden_data = [
 
   [ai.rate_limiting]
   # Per-user rate limits
-requests_per_minute = 60
-requests_per_hour = 500
   requests_per_day = 2000
+  requests_per_hour = 500
+  requests_per_minute = 60
 
   # Token limits (to control LLM API costs)
   tokens_per_day = 1000000    # 1M tokens/day
@@ -279,8 +279,8 @@ cache_strategy = "semantic"
   semantic_similarity_threshold = 0.95
 
   # Cache statistics
-track_hit_rate = true
   log_cache_misses = false
+  track_hit_rate = true
 
   # ============================================================================
   # Observability and Monitoring
@@ -296,8 +296,8 @@ log_level = "info"
   trace_all_requests = true
 
   # Store conversation history (for debugging and learning)
-store_conversations = true
   conversation_retention_days = 30
+  store_conversations = true
 
     # Metrics collection
     [ai.observability.metrics]
@@ -377,8 +377,8 @@ inject_best_practices = true
 
   # Template usage
   # Use pre-defined templates as starting points
-use_templates = true
   template_directory = "provisioning/templates"
+  use_templates = true
 
   # ============================================================================
   # Form Assistance (typdialog-ai)
@@ -408,28 +408,28 @@ nl_form_filling = true
 
   # Development environment
   [ai.environments.dev]
-enabled = true
-provider = "openai"  # Cheaper for dev
-model = "gpt-4-turbo"
-require_human_approval = false  # Faster iteration
   cost_limit_per_day = "10.00"
+  enabled = true
+  model = "gpt-4-turbo"
+  provider = "openai"            # Cheaper for dev
+  require_human_approval = false # Faster iteration
 
   # Staging environment
   [ai.environments.staging]
-enabled = true
-provider = "anthropic"
-model = "claude-sonnet-4"
-require_human_approval = true
   cost_limit_per_day = "50.00"
+  enabled = true
+  model = "claude-sonnet-4"
+  provider = "anthropic"
+  require_human_approval = true
 
   # Production environment
   [ai.environments.production]
-enabled = true
-provider = "anthropic"
-model = "claude-sonnet-4"
-require_human_approval = true  # ALWAYS true for production
   autonomous_agents = false     # NEVER enable in production
   cost_limit_per_day = "100.00"
+  enabled = true
+  model = "claude-sonnet-4"
+  provider = "anthropic"
+  require_human_approval = true # ALWAYS true for production
 
   # ============================================================================
   # Integration with Other Services
@@ -437,12 +437,12 @@ cost_limit_per_day = "100.00"
 
   [ai.integration]
   # Orchestrator integration
-orchestrator_url = "https://orchestrator.example.com"
   orchestrator_api_key = "env:ORCHESTRATOR_API_KEY"
+  orchestrator_url = "https://orchestrator.example.com"
 
   # SecretumVault integration (for secret name suggestions only)
-secretum_vault_url = "https://vault.example.com:8200"
   secretum_vault_token = "env:VAULT_TOKEN"
+  secretum_vault_url = "https://vault.example.com:8200"
   # AI can query secret names/paths but NEVER values
 
   # Typdialog Web UI integration
@@ -459,8 +459,8 @@ system_prompt_template = "provisioning/ai/prompts/system.txt"
   user_prompt_template = "provisioning/ai/prompts/user.txt"
 
   # Context window management
-max_context_tokens = 100000  # Claude Sonnet 4 context window
   context_truncation_strategy = "sliding_window" # "sliding_window" | "summarize"
+  max_context_tokens = 100000                    # Claude Sonnet 4 context window
 
   # Streaming responses
   enable_streaming = true
@@ -497,8 +497,8 @@ fine_tuning_dataset_path = "provisioning/ai/fine-tuning-data"
   data_residency = "us" # "us" | "eu" | "local"
 
   # GDPR compliance mode
-gdpr_mode = false
   gdpr_data_retention_days = 90
+  gdpr_mode = false
 
   # SOC 2 compliance logging
   soc2_logging = false

config/examples/extension-registry.enterprise.example.toml

@@ -2,85 +2,85 @@
 # High-availability, multi-source, multi-registry production deployment
 
 [server]
+enable_compression = true
+enable_cors = true
 host = "0.0.0.0"
 port = 8082
 workers = 8
-enable_cors = true
-enable_compression = true
 
 # Primary internal Gitea instance
 [[sources.gitea]]
 id = "primary-internal-gitea"
-url = "https://gitea.internal.company.com"
 organization = "platform-extensions"
-token_path = "/etc/secrets/gitea-primary-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-primary-token.txt"
+url = "https://gitea.internal.company.com"
 verify_ssl = true
 
 # Secondary internal Gitea (failover)
 [[sources.gitea]]
 id = "secondary-internal-gitea"
-url = "https://gitea-secondary.internal.company.com"
 organization = "platform-extensions"
-token_path = "/etc/secrets/gitea-secondary-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-secondary-token.txt"
+url = "https://gitea-secondary.internal.company.com"
 verify_ssl = true
 
 # Forgejo for community extensions
 [[sources.forgejo]]
 id = "enterprise-forgejo"
-url = "https://forge.company.com"
 organization = "platform"
-token_path = "/etc/secrets/forgejo-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/forgejo-token.txt"
+url = "https://forge.company.com"
 verify_ssl = true
 
 # GitHub organization
 [[sources.github]]
 id = "company-github"
 organization = "company-platform"
-token_path = "/etc/secrets/github-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/github-token.txt"
 verify_ssl = true
 
 # Primary enterprise OCI registry (Zot)
 [[distributions.oci]]
 id = "primary-oci-zot"
-registry = "zot.internal.company.com"
 namespace = "platform/extensions"
+registry = "zot.internal.company.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Secondary enterprise OCI registry (Harbor)
 [[distributions.oci]]
-id = "secondary-oci-harbor"
-registry = "harbor.internal.company.com"
-namespace = "platform"
 auth_token_path = "/etc/secrets/harbor-token.txt"
+id = "secondary-oci-harbor"
+namespace = "platform"
+registry = "harbor.internal.company.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public Docker Hub for external distribution
 [[distributions.oci]]
-id = "public-docker-hub"
-registry = "docker.io"
-namespace = "company-open-source"
 auth_token_path = "/etc/secrets/docker-hub-token.txt"
+id = "public-docker-hub"
+namespace = "company-open-source"
+registry = "docker.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public GHCR for open-source projects
 [[distributions.oci]]
-id = "public-ghcr"
-registry = "ghcr.io"
-namespace = "company-open-source"
 auth_token_path = "/etc/secrets/ghcr-token.txt"
+id = "public-ghcr"
+namespace = "company-open-source"
+registry = "ghcr.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Caching configuration for high-traffic enterprise environment
 [cache]
 capacity = 5000
-ttl_seconds = 600
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 600

config/examples/extension-registry.multi-backend.example.toml

@@ -3,87 +3,87 @@
 # multiple Git-based sources (Gitea, Forgejo, GitHub) and multiple OCI registries
 
 [server]
+enable_compression = true
+enable_cors = false
 host = "0.0.0.0"
 port = 8082
 workers = 4
-enable_cors = false
-enable_compression = true
 
 # Multiple Git-based source backends
 # Internal Gitea instance for private extensions
 [[sources.gitea]]
 id = "internal-gitea"
-url = "https://gitea.internal.example.com"
 organization = "provisioning"
-token_path = "/etc/secrets/gitea-internal-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-internal-token.txt"
+url = "https://gitea.internal.example.com"
 verify_ssl = true
 
 # Public Gitea instance for community extensions
 [[sources.gitea]]
 id = "public-gitea"
-url = "https://gitea.public.example.com"
 organization = "provisioning-extensions"
-token_path = "/etc/secrets/gitea-public-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-public-token.txt"
+url = "https://gitea.public.example.com"
 verify_ssl = true
 
 # Forgejo sources (Git-compatible)
 [[sources.forgejo]]
 id = "community-forgejo"
-url = "https://forgejo.community.example.com"
 organization = "provisioning"
-token_path = "/etc/secrets/forgejo-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/forgejo-token.txt"
+url = "https://forgejo.community.example.com"
 verify_ssl = true
 
 # GitHub sources
 [[sources.github]]
 id = "org-github"
 organization = "my-organization"
-token_path = "/etc/secrets/github-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/github-token.txt"
 verify_ssl = true
 
 # Multiple OCI distribution registries
 # Internal Zot registry
 [[distributions.oci]]
 id = "internal-zot"
-registry = "zot.internal.example.com"
 namespace = "provisioning/extensions"
+registry = "zot.internal.example.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public Harbor registry
 [[distributions.oci]]
-id = "public-harbor"
-registry = "harbor.public.example.com"
-namespace = "provisioning"
 auth_token_path = "/etc/secrets/harbor-token.txt"
+id = "public-harbor"
+namespace = "provisioning"
+registry = "harbor.public.example.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Docker Hub
 [[distributions.oci]]
-id = "docker-hub"
-registry = "docker.io"
-namespace = "myorg"
 auth_token_path = "/etc/secrets/docker-hub-token.txt"
+id = "docker-hub"
+namespace = "myorg"
+registry = "docker.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # GHCR (GitHub Container Registry)
 [[distributions.oci]]
-id = "ghcr"
-registry = "ghcr.io"
-namespace = "my-organization"
 auth_token_path = "/etc/secrets/ghcr-token.txt"
+id = "ghcr"
+namespace = "my-organization"
+registry = "ghcr.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Caching configuration
 [cache]
 capacity = 1000
-ttl_seconds = 300
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 300

config/examples/extension-registry.solo.example.toml

@@ -3,23 +3,23 @@
 # Old single-instance format (auto-migrated to multi-instance on startup)
 
 [server]
+enable_compression = true
+enable_cors = false
 host = "127.0.0.1"
 port = 8082
 workers = 2
-enable_cors = false
-enable_compression = true
 
 # Single Gitea backend (auto-migrated to sources.gitea[0])
 [gitea]
-url = "http://localhost:3000"
 organization = "provisioning"
-token_path = "/etc/secrets/gitea-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-token.txt"
+url = "http://localhost:3000"
 verify_ssl = false
 
 # Caching configuration
 [cache]
 capacity = 100
-ttl_seconds = 300
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 300