chore: add configs

config/examples/control-center.solo.example.toml

@@ -2,21 +2,21 @@
 enabled = false
 redact_sensitive = true
 
-[control_center.audit.storage]
-immutable = false
-retention_days = 90
+  [control_center.audit.storage]
+  immutable = false
+  retention_days = 90
 
 [control_center.compliance]
 enabled = false
 encryption_required = false
 
-[control_center.compliance.data_retention]
-audit_log_days = 2555
-policy_years = 7
+  [control_center.compliance.data_retention]
+  audit_log_days = 2555
+  policy_years = 7
 
-[control_center.compliance.validation]
-enabled = false
-interval_hours = 24
+  [control_center.compliance.validation]
+  enabled = false
+  interval_hours = 24
 
 [control_center.database]
 backend = "rocksdb"
@@ -40,78 +40,78 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
 
-[control_center.logging.fields]
-caller = false
-hostname = true
-pid = true
-service_name = true
-stack_trace = false
-timestamp = true
+  [control_center.logging.fields]
+  caller = false
+  hostname = true
+  pid = true
+  service_name = true
+  stack_trace = false
+  timestamp = true
 
-[control_center.logging.file]
-compress = false
-max_age = 30
-max_backups = 10
-max_size = 104857600
-path = "/var/log/provisioning/service.log"
+  [control_center.logging.file]
+  compress = false
+  max_age = 30
+  max_backups = 10
+  max_size = 104857600
+  path = "/var/log/provisioning/service.log"
 
-[control_center.logging.performance]
-enabled = false
-memory_info = false
-slow_threshold = 1000
+  [control_center.logging.performance]
+  enabled = false
+  memory_info = false
+  slow_threshold = 1000
 
-[control_center.logging.sampling]
-enabled = false
-initial = 100
-thereafter = 100
+  [control_center.logging.sampling]
+  enabled = false
+  initial = 100
+  thereafter = 100
 
-[control_center.logging.syslog]
-protocol = "udp"
+  [control_center.logging.syslog]
+  protocol = "udp"
 
 [control_center.monitoring]
 enabled = false
 
-[control_center.monitoring.alerting]
-enabled = false
+  [control_center.monitoring.alerting]
+  enabled = false
 
-[control_center.monitoring.health_check]
-enabled = false
-endpoint = "/health"
-healthy_threshold = 2
-interval = 30
-timeout = 5000
-type = "&"
-unhealthy_threshold = 3
+  [control_center.monitoring.health_check]
+  enabled = false
+  endpoint = "/health"
+  healthy_threshold = 2
+  interval = 30
+  timeout = 5000
+  type = "&"
+  unhealthy_threshold = 3
 
-[control_center.monitoring.metrics]
-buffer_size = 1000
-enabled = false
-interval = 60
-prometheus_path = "/metrics"
-retention_days = 30
+  [control_center.monitoring.metrics]
+  buffer_size = 1000
+  enabled = false
+  interval = 60
+  prometheus_path = "/metrics"
+  retention_days = 30
 
-[control_center.monitoring.resources]
-alert_threshold = 80
-cpu = false
-disk = false
-memory = false
-network = false
+  [control_center.monitoring.resources]
+  alert_threshold = 80
+  cpu = false
+  disk = false
+  memory = false
+  network = false
 
-[control_center.monitoring.tracing]
-enabled = false
-sample_rate = 0.1
+  [control_center.monitoring.tracing]
+  enabled = false
+  sample_rate = 0.1
 
 [control_center.policy]
 enabled = true
 
-[control_center.policy.cache]
-enabled = true
-max_policies = 10000
-ttl = 3600
+  [control_center.policy.cache]
+  enabled = true
+  max_policies = 10000
+  ttl = 3600
 
-[control_center.policy.versioning]
-enabled = true
-max_versions = 20
+  [control_center.policy.versioning]
+  enabled = true
+  max_versions = 20
 
 [control_center.rbac]
 attribute_based = false
@@ -120,10 +120,10 @@ dynamic_roles = false
 enabled = true
 hierarchy = true
 
-[control_center.rbac.roles]
-admin = true
-operator = true
-viewer = true
+  [control_center.rbac.roles]
+  admin = true
+  operator = true
+  viewer = true
 
 [control_center.security.cors]
 allow_credentials = false
@@ -176,15 +176,15 @@ workers = 4
 audit_enabled = false
 enabled = true
 
-[control_center.users.registration]
-auto_assign_role = "user"
-enabled = true
-requires_approval = false
+  [control_center.users.registration]
+  auto_assign_role = "user"
+  enabled = true
+  requires_approval = false
 
-[control_center.users.sessions]
-absolute_timeout = 86400
-idle_timeout = 3600
-max_active = 5
+  [control_center.users.sessions]
+  absolute_timeout = 86400
+  idle_timeout = 3600
+  max_active = 5
 
 [control_center.workspace]
 enabled = true

config/examples/extension-registry.enterprise.example.toml

@@ -2,85 +2,85 @@
 # High-availability, multi-source, multi-registry production deployment
 
 [server]
+enable_compression = true
+enable_cors = true
 host = "0.0.0.0"
 port = 8082
 workers = 8
-enable_cors = true
-enable_compression = true
 
 # Primary internal Gitea instance
 [[sources.gitea]]
 id = "primary-internal-gitea"
-url = "https://gitea.internal.company.com"
 organization = "platform-extensions"
-token_path = "/etc/secrets/gitea-primary-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-primary-token.txt"
+url = "https://gitea.internal.company.com"
 verify_ssl = true
 
 # Secondary internal Gitea (failover)
 [[sources.gitea]]
 id = "secondary-internal-gitea"
-url = "https://gitea-secondary.internal.company.com"
 organization = "platform-extensions"
-token_path = "/etc/secrets/gitea-secondary-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-secondary-token.txt"
+url = "https://gitea-secondary.internal.company.com"
 verify_ssl = true
 
 # Forgejo for community extensions
 [[sources.forgejo]]
 id = "enterprise-forgejo"
-url = "https://forge.company.com"
 organization = "platform"
-token_path = "/etc/secrets/forgejo-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/forgejo-token.txt"
+url = "https://forge.company.com"
 verify_ssl = true
 
 # GitHub organization
 [[sources.github]]
 id = "company-github"
 organization = "company-platform"
-token_path = "/etc/secrets/github-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/github-token.txt"
 verify_ssl = true
 
 # Primary enterprise OCI registry (Zot)
 [[distributions.oci]]
 id = "primary-oci-zot"
-registry = "zot.internal.company.com"
 namespace = "platform/extensions"
+registry = "zot.internal.company.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Secondary enterprise OCI registry (Harbor)
 [[distributions.oci]]
-id = "secondary-oci-harbor"
-registry = "harbor.internal.company.com"
-namespace = "platform"
 auth_token_path = "/etc/secrets/harbor-token.txt"
+id = "secondary-oci-harbor"
+namespace = "platform"
+registry = "harbor.internal.company.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public Docker Hub for external distribution
 [[distributions.oci]]
-id = "public-docker-hub"
-registry = "docker.io"
-namespace = "company-open-source"
 auth_token_path = "/etc/secrets/docker-hub-token.txt"
+id = "public-docker-hub"
+namespace = "company-open-source"
+registry = "docker.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public GHCR for open-source projects
 [[distributions.oci]]
-id = "public-ghcr"
-registry = "ghcr.io"
-namespace = "company-open-source"
 auth_token_path = "/etc/secrets/ghcr-token.txt"
+id = "public-ghcr"
+namespace = "company-open-source"
+registry = "ghcr.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Caching configuration for high-traffic enterprise environment
 [cache]
 capacity = 5000
-ttl_seconds = 600
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 600

config/examples/extension-registry.multi-backend.example.toml

@@ -3,87 +3,87 @@
 # multiple Git-based sources (Gitea, Forgejo, GitHub) and multiple OCI registries
 
 [server]
+enable_compression = true
+enable_cors = false
 host = "0.0.0.0"
 port = 8082
 workers = 4
-enable_cors = false
-enable_compression = true
 
 # Multiple Git-based source backends
 # Internal Gitea instance for private extensions
 [[sources.gitea]]
 id = "internal-gitea"
-url = "https://gitea.internal.example.com"
 organization = "provisioning"
-token_path = "/etc/secrets/gitea-internal-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-internal-token.txt"
+url = "https://gitea.internal.example.com"
 verify_ssl = true
 
 # Public Gitea instance for community extensions
 [[sources.gitea]]
 id = "public-gitea"
-url = "https://gitea.public.example.com"
 organization = "provisioning-extensions"
-token_path = "/etc/secrets/gitea-public-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-public-token.txt"
+url = "https://gitea.public.example.com"
 verify_ssl = true
 
 # Forgejo sources (Git-compatible)
 [[sources.forgejo]]
 id = "community-forgejo"
-url = "https://forgejo.community.example.com"
 organization = "provisioning"
-token_path = "/etc/secrets/forgejo-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/forgejo-token.txt"
+url = "https://forgejo.community.example.com"
 verify_ssl = true
 
 # GitHub sources
 [[sources.github]]
 id = "org-github"
 organization = "my-organization"
-token_path = "/etc/secrets/github-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/github-token.txt"
 verify_ssl = true
 
 # Multiple OCI distribution registries
 # Internal Zot registry
 [[distributions.oci]]
 id = "internal-zot"
-registry = "zot.internal.example.com"
 namespace = "provisioning/extensions"
+registry = "zot.internal.example.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Public Harbor registry
 [[distributions.oci]]
-id = "public-harbor"
-registry = "harbor.public.example.com"
-namespace = "provisioning"
 auth_token_path = "/etc/secrets/harbor-token.txt"
+id = "public-harbor"
+namespace = "provisioning"
+registry = "harbor.public.example.com"
 timeout_seconds = 30
 verify_ssl = true
 
 # Docker Hub
 [[distributions.oci]]
-id = "docker-hub"
-registry = "docker.io"
-namespace = "myorg"
 auth_token_path = "/etc/secrets/docker-hub-token.txt"
+id = "docker-hub"
+namespace = "myorg"
+registry = "docker.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # GHCR (GitHub Container Registry)
 [[distributions.oci]]
-id = "ghcr"
-registry = "ghcr.io"
-namespace = "my-organization"
 auth_token_path = "/etc/secrets/ghcr-token.txt"
+id = "ghcr"
+namespace = "my-organization"
+registry = "ghcr.io"
 timeout_seconds = 30
 verify_ssl = true
 
 # Caching configuration
 [cache]
 capacity = 1000
-ttl_seconds = 300
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 300

config/examples/extension-registry.solo.example.toml

@@ -3,23 +3,23 @@
 # Old single-instance format (auto-migrated to multi-instance on startup)
 
 [server]
+enable_compression = true
+enable_cors = false
 host = "127.0.0.1"
 port = 8082
 workers = 2
-enable_cors = false
-enable_compression = true
 
 # Single Gitea backend (auto-migrated to sources.gitea[0])
 [gitea]
-url = "http://localhost:3000"
 organization = "provisioning"
-token_path = "/etc/secrets/gitea-token.txt"
 timeout_seconds = 30
+token_path = "/etc/secrets/gitea-token.txt"
+url = "http://localhost:3000"
 verify_ssl = false
 
 # Caching configuration
 [cache]
 capacity = 100
-ttl_seconds = 300
-enable_metadata_cache = true
 enable_list_cache = true
+enable_metadata_cache = true
+ttl_seconds = 300

config/examples/orchestrator.enterprise.example.toml

@@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
 
-[orchestrator.batch.checkpointing]
-enabled = true
-interval = 100
-max_checkpoints = 10
+  [orchestrator.batch.checkpointing]
+  enabled = true
+  interval = 100
+  max_checkpoints = 10
 
-[orchestrator.batch.rollback]
-enabled = true
-max_rollback_depth = 5
-strategy = "checkpoint_based"
+  [orchestrator.batch.rollback]
+  enabled = true
+  max_rollback_depth = 5
+  strategy = "checkpoint_based"
 
 [orchestrator.extensions]
 auto_load = false
@@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
 
-[orchestrator.logging.fields]
-caller = false
-hostname = true
-pid = true
-service_name = true
-stack_trace = false
-timestamp = true
+  [orchestrator.logging.fields]
+  caller = false
+  hostname = true
+  pid = true
+  service_name = true
+  stack_trace = false
+  timestamp = true
 
-[orchestrator.logging.file]
-compress = false
-max_age = 30
-max_backups = 10
-max_size = 104857600
-path = "/var/log/provisioning/service.log"
+  [orchestrator.logging.file]
+  compress = false
+  max_age = 30
+  max_backups = 10
+  max_size = 104857600
+  path = "/var/log/provisioning/service.log"
 
-[orchestrator.logging.performance]
-enabled = false
-memory_info = false
-slow_threshold = 1000
+  [orchestrator.logging.performance]
+  enabled = false
+  memory_info = false
+  slow_threshold = 1000
 
-[orchestrator.logging.sampling]
-enabled = false
-initial = 100
-thereafter = 100
+  [orchestrator.logging.sampling]
+  enabled = false
+  initial = 100
+  thereafter = 100
 
-[orchestrator.logging.syslog]
-protocol = "udp"
+  [orchestrator.logging.syslog]
+  protocol = "udp"
 
 [orchestrator.monitoring]
 enabled = false
 
-[orchestrator.monitoring.alerting]
-enabled = false
+  [orchestrator.monitoring.alerting]
+  enabled = false
 
-[orchestrator.monitoring.health_check]
-enabled = false
-endpoint = "/health"
-healthy_threshold = 2
-interval = 30
-timeout = 5000
-type = "&"
-unhealthy_threshold = 3
+  [orchestrator.monitoring.health_check]
+  enabled = false
+  endpoint = "/health"
+  healthy_threshold = 2
+  interval = 30
+  timeout = 5000
+  type = "&"
+  unhealthy_threshold = 3
 
-[orchestrator.monitoring.metrics]
-buffer_size = 1000
-enabled = false
-interval = 60
-prometheus_path = "/metrics"
-retention_days = 30
+  [orchestrator.monitoring.metrics]
+  buffer_size = 1000
+  enabled = false
+  interval = 60
+  prometheus_path = "/metrics"
+  retention_days = 30
 
-[orchestrator.monitoring.resources]
-alert_threshold = 80
-cpu = false
-disk = false
-memory = false
-network = false
+  [orchestrator.monitoring.resources]
+  alert_threshold = 80
+  cpu = false
+  disk = false
+  memory = false
+  network = false
 
-[orchestrator.monitoring.tracing]
-enabled = false
-sample_rate = 0.1
+  [orchestrator.monitoring.tracing]
+  enabled = false
+  sample_rate = 0.1
 
 [orchestrator.queue]
 max_concurrent_tasks = 5
@@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
 
-[orchestrator.queue.dead_letter_queue]
-enabled = true
-max_size = 1000
+  [orchestrator.queue.dead_letter_queue]
+  enabled = true
+  max_size = 1000
 
 [orchestrator.server]
 graceful_shutdown = true
@@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
 
-[orchestrator.storage.cache]
-enabled = true
-eviction_policy = "lru"
-ttl = 3600
-type = "in_memory"
+  [orchestrator.storage.cache]
+  enabled = true
+  eviction_policy = "lru"
+  ttl = 3600
+  type = "in_memory"
 
 [orchestrator.workspace]
 enabled = true

config/examples/orchestrator.solo.example.toml

@@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
 
-[orchestrator.batch.checkpointing]
-enabled = true
-interval = 100
-max_checkpoints = 10
+  [orchestrator.batch.checkpointing]
+  enabled = true
+  interval = 100
+  max_checkpoints = 10
 
-[orchestrator.batch.rollback]
-enabled = true
-max_rollback_depth = 5
-strategy = "checkpoint_based"
+  [orchestrator.batch.rollback]
+  enabled = true
+  max_rollback_depth = 5
+  strategy = "checkpoint_based"
 
 [orchestrator.extensions]
 auto_load = false
@@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
 
-[orchestrator.logging.fields]
-caller = false
-hostname = true
-pid = true
-service_name = true
-stack_trace = false
-timestamp = true
+  [orchestrator.logging.fields]
+  caller = false
+  hostname = true
+  pid = true
+  service_name = true
+  stack_trace = false
+  timestamp = true
 
-[orchestrator.logging.file]
-compress = false
-max_age = 30
-max_backups = 10
-max_size = 104857600
-path = "/var/log/provisioning/service.log"
+  [orchestrator.logging.file]
+  compress = false
+  max_age = 30
+  max_backups = 10
+  max_size = 104857600
+  path = "/var/log/provisioning/service.log"
 
-[orchestrator.logging.performance]
-enabled = false
-memory_info = false
-slow_threshold = 1000
+  [orchestrator.logging.performance]
+  enabled = false
+  memory_info = false
+  slow_threshold = 1000
 
-[orchestrator.logging.sampling]
-enabled = false
-initial = 100
-thereafter = 100
+  [orchestrator.logging.sampling]
+  enabled = false
+  initial = 100
+  thereafter = 100
 
-[orchestrator.logging.syslog]
-protocol = "udp"
+  [orchestrator.logging.syslog]
+  protocol = "udp"
 
 [orchestrator.monitoring]
 enabled = false
 
-[orchestrator.monitoring.alerting]
-enabled = false
+  [orchestrator.monitoring.alerting]
+  enabled = false
 
-[orchestrator.monitoring.health_check]
-enabled = false
-endpoint = "/health"
-healthy_threshold = 2
-interval = 30
-timeout = 5000
-type = "&"
-unhealthy_threshold = 3
+  [orchestrator.monitoring.health_check]
+  enabled = false
+  endpoint = "/health"
+  healthy_threshold = 2
+  interval = 30
+  timeout = 5000
+  type = "&"
+  unhealthy_threshold = 3
 
-[orchestrator.monitoring.metrics]
-buffer_size = 1000
-enabled = false
-interval = 60
-prometheus_path = "/metrics"
-retention_days = 30
+  [orchestrator.monitoring.metrics]
+  buffer_size = 1000
+  enabled = false
+  interval = 60
+  prometheus_path = "/metrics"
+  retention_days = 30
 
-[orchestrator.monitoring.resources]
-alert_threshold = 80
-cpu = false
-disk = false
-memory = false
-network = false
+  [orchestrator.monitoring.resources]
+  alert_threshold = 80
+  cpu = false
+  disk = false
+  memory = false
+  network = false
 
-[orchestrator.monitoring.tracing]
-enabled = false
-sample_rate = 0.1
+  [orchestrator.monitoring.tracing]
+  enabled = false
+  sample_rate = 0.1
 
 [orchestrator.queue]
 max_concurrent_tasks = 5
@@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
 
-[orchestrator.queue.dead_letter_queue]
-enabled = true
-max_size = 1000
+  [orchestrator.queue.dead_letter_queue]
+  enabled = true
+  max_size = 1000
 
 [orchestrator.server]
 graceful_shutdown = true
@@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
 
-[orchestrator.storage.cache]
-enabled = true
-eviction_policy = "lru"
-ttl = 3600
-type = "in_memory"
+  [orchestrator.storage.cache]
+  enabled = true
+  eviction_policy = "lru"
+  ttl = 3600
+  type = "in_memory"
 
 [orchestrator.workspace]
 enabled = true