chore: update md

.markdownlint-cli2.jsonc

@@ -19,6 +19,9 @@
 
     // Code blocks - fenced only
     "MD046": { "style": "fenced" },  // code-block-style
+    // NOTE: MD040 only checks for missing language on opening fence.
+    // It does NOT catch malformed closing fences with language specifiers (e.g., ```plaintext).
+    // Custom pre-commit hook required to enforce proper closing fence syntax.
 
     // Formatting - strict whitespace
     "MD009": true,  // no-hard-tabs
@@ -73,7 +76,7 @@
     "MD035": false,  // hr-style (consistent)
     "MD036": false,  // no-emphasis-as-heading
     "MD044": false,  // proper-names
-    "MD060": false   // table-column-style (formatting preference)
+    "MD060": true    // table-column-style (enforce proper table formatting)
   },
 
   // Documentation patterns
@@ -93,6 +96,7 @@
     ".coder/**",
     ".claude/**",
     ".wrks/**",
-    ".vale/**"
+    ".vale/**",
+    "extensions/providers/*/kcl/docs/**"
   ]
 }

.typedialog/ci/README.md

@@ -209,7 +209,7 @@ Resources are searched in priority order:
 ### Affected Resources
 
 | Resource | Local Path | Tools Path |
-|----------|------------|------------|
+| ---------- | ------------ | ------------ |
 | Fragments | `.typedialog/ci/fragments/` | `$TOOLS_PATH/dev-system/ci/forms/fragments/` |
 | Schemas | `.typedialog/ci/schemas/` | `$TOOLS_PATH/dev-system/ci/schemas/` |
 | Validators | `.typedialog/ci/validators/` | `$TOOLS_PATH/dev-system/ci/validators/` |

.typedialog/platform/forms/fragments/constraint_interpolation_guide.md

@@ -32,7 +32,7 @@ prompt = "Field Label"
 ### Orchestrator Fragments
 
 | Fragment | Field | Constraint Path | Min | Max |
-|----------|-------|-----------------|-----|-----|
+| ---------- | ------- | ----------------- | ----- | ----- |
 | `queue-section.toml` | `queue_max_concurrent_tasks` | `orchestrator.queue.concurrent_tasks` | 1 | 100 |
 | `queue-section.toml` | `queue_retry_attempts` | `orchestrator.queue.retry_attempts` | 0 | 10 |
 | `queue-section.toml` | `queue_retry_delay` | `orchestrator.queue.retry_delay` | 1000 | 60000 |
@@ -54,7 +54,7 @@ prompt = "Field Label"
 ### Control Center Fragments
 
 | Fragment | Field | Constraint Path | Min | Max |
-|----------|-------|-----------------|-----|-----|
+| ---------- | ------- | ----------------- | ----- | ----- |
 | `security-section.toml` | `jwt_token_expiration` | `control_center.jwt.token_expiration` | 300 | 604800 |
 | `security-section.toml` | `jwt_refresh_expiration` | `control_center.jwt.refresh_expiration` | 3600 | 2592000 |
 | `security-section.toml` | `rate_limiting_max_requests` | `control_center.rate_limiting.max_requests` | 10 | 10000 |
@@ -77,7 +77,7 @@ prompt = "Field Label"
 ### MCP Server Fragments
 
 | Fragment | Field | Constraint Path | Min | Max |
-|----------|-------|-----------------|-----|-----|
+| ---------- | ------- | ----------------- | ----- | ----- |
 | `tools-section.toml` | `tools_max_concurrent` | `mcp_server.tools.max_concurrent` | 1 | 20 |
 | `tools-section.toml` | `tools_timeout` | `mcp_server.tools.timeout` | 5000 | 600000 |
 | `prompts-section.toml` | `prompts_max_templates` | `mcp_server.prompts.max_templates` | 1 | 100 |
@@ -94,7 +94,7 @@ prompt = "Field Label"
 ### Common/Shared Fragments
 
 | Fragment | Field | Constraint Path | Min | Max |
-|----------|-------|-----------------|-----|-----|
+| ---------- | ------- | ----------------- | ----- | ----- |
 | `server-section.toml` | `server_port` | `common.server.port` | 1024 | 65535 |
 | `server-section.toml` | `server_workers` | `common.server.workers` | 1 | 32 |
 | `server-section.toml` | `server_max_connections` | `common.server.max_connections` | 10 | 10000 |
@@ -115,7 +115,7 @@ prompt = "Field Label"
 ### Installer Fragments
 
 | Fragment | Field | Constraint Path | Min | Max |
-|----------|-------|-----------------|-----|-----|
+| ---------- | ------- | ----------------- | ----- | ----- |
 | `target-section.toml` | `remote_ssh_port` | `common.server.port` | 1024 | 65535 |
 | `preflight-section.toml` | `min_disk_gb` | `deployment.solo.disk_gb.min` (mode-dependent) | Variable | Variable |
 | `preflight-section.toml` | `min_memory_gb` | `deployment.solo.memory_mb.min` (mode-dependent) | Variable | Variable |

.vale/styles/write-good/README.md

@@ -24,4 +24,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-```plaintext
+```

.woodpecker/README.md

@@ -71,7 +71,7 @@ git push origin main
 ## Differences from GitHub Actions
 
 | Feature | GitHub Actions | Woodpecker CI |
-|---------|---------------|---------------|
+| --------- | --------------- | --------------- |
 | Matrix builds | ✅ 3 OS | ❌ Linux only* |
 | Caching | ✅ Built-in | ⚠️  Server-side** |
 

SECURITY.md

@@ -96,6 +96,6 @@ Security fixes are highlighted in CHANGELOG.md with [SECURITY] prefix.
 - [Rust Security](https://www.rust-lang.org/governance/security-disclosures)
 - [npm Security](https://docs.npmjs.com/about-npm/security)
 
-## Questions?
+## Questions
 
 If you have security questions (not vulnerabilities), open a discussion or issue with the `security` label.

bootstrap/README.md

@@ -14,7 +14,7 @@ cd provisioning
 
 # Run bootstrap
 ./provisioning/bootstrap/install.sh
-```plaintext
+```
 
 ### What it Does (7 Stages)
 
@@ -32,13 +32,13 @@ cd provisioning
 
 ```bash
 ./provisioning/bootstrap/install.sh
-```plaintext
+```
 
 ### Nushell Direct
 
 ```bash
 nu provisioning/bootstrap/install.nu $(pwd)
-```plaintext
+```
 
 ## Requirements
 
@@ -75,12 +75,12 @@ workspace_librecloud/
 ├── .providers/                    ← Provider state
 ├── .taskservs/                    ← Task service data
 └── .clusters/                     ← Cluster data
-```plaintext
+```
 
 ## Differences from Rust Installer
 
 | Feature | Rust Installer | Bash+Nushell Bootstrap |
-|---------|-----------------|------------------------|
+| --------- | ----------------- | ------------------------ |
 | **Requires compilation** | ✅ Yes (5+ min) | ❌ No |
 | **Flexible** | ⚠️ Limited | ✅ Fully scriptable |
 | **Source code** | ❌ Binary | ✅ Clear scripts |
@@ -105,13 +105,13 @@ sudo apt install nushell
 sudo yum install nushell
 
 # Or: https://nushell.sh/book/installation.html
-```plaintext
+```
 
 ### "Docker not installed"
 
 ```bash
 # https://docs.docker.com/get-docker/
-```plaintext
+```
 
 ### "Rust not installed"
 
@@ -119,7 +119,7 @@ sudo yum install nushell
 # https://rustup.rs/
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 rustup default stable
-```plaintext
+```
 
 ### "Configuration validation failed"
 
@@ -132,7 +132,7 @@ vim workspace_librecloud/config/config.ncl
 
 # Re-run bootstrap
 ./provisioning/bootstrap/install.sh
-```plaintext
+```
 
 ### "Orchestrator didn't start"
 
@@ -146,7 +146,7 @@ cd provisioning/platform/orchestrator
 
 # Check health
 curl http://localhost:9090/health
-```plaintext
+```
 
 ## After Bootstrap
 
@@ -191,7 +191,7 @@ print "────────────────────────
 
 print "  ✅ Done"
 print ""
-```plaintext
+```
 
 ### Modify Existing Stages
 
@@ -208,7 +208,7 @@ provisioning/bootstrap/
 ├── validators.nu           # Validation helpers (future)
 ├── generators.nu           # Generator helpers (future)
 └── README.md              # This file
-```plaintext
+```
 
 ## Comparison to Old Rust Installer
 

deny.toml

@@ -1,23 +1,12 @@
-# Generated by dev-system/ci
+# Cargo-deny configuration
-# Configuration for cargo-deny
 # See: https://embarkstudios.github.io/cargo-deny/
 
 [advisories]
-# The path where the advisory database is cloned/fetched into
 db-path = "~/.cargo/advisory-db"
-# The url(s) of the advisory databases to use
 db-urls = ["https://github.com/rustsec/advisory-db"]
-# How to handle crates with security vulnerabilities
-vulnerability = "deny"
-# How to handle unmaintained crates
-unmaintained = "warn"
-# How to handle crates that have been yanked from crates.io
-yanked = "warn"
 
 [licenses]
-# The lint level for crates which do not have a detectable license
 unlicensed = "deny"
-# List of explicitly allowed licenses
 allow = [
     "MIT",
     "MIT-0",
@@ -28,47 +17,11 @@ allow = [
     "ISC",
     "Unicode-DFS-2016",
 ]
-# List of explicitly disallowed licenses
-deny = [
-    "GPL-2.0",
-    "GPL-3.0",
-    "AGPL-3.0",
-]
-# Lint level for licenses considered copyleft
-copyleft = "warn"
-# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
-allow-osi-fsf-free = "both"
-# Lint level used when no other predicates are matched
-default = "deny"
 
 [bans]
-# Lint level for when multiple versions of the same crate are detected
 multiple-versions = "warn"
-# Lint level for when an allow-listed crate is detected without an exact version
-allow = [
-    # Each entry can be just the name and an optional wildcard version.
-    # This would ideally be pulled from Cargo.lock deps to keep up to date
-    # but that is more complex. It depends on the use case.
-]
-# Each entry must be a single version number
-deny = [
-    # Each entry is a crate name. Optionally with a version
-]
-# Certain crates/versions that will be skipped when doing duplicate detection
-skip = [
-    # { name = "ansi_term", version = "<= 0.11.0" }
-]
-# Similarly named crates that are allowed to coexist
-skip-tree = [
-    # { name = "windows", version = "<=0.46.0" }
-]
 
 [sources]
-# Lint level for what to happen when a crate from a crate registry that is not in the allow list is detected
 unknown-registry = "deny"
-# Lint level for what to happen when a crate from a Git repository that is not in the allow list is detected
 unknown-git = "deny"
-# The allow list of crate registries
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
-# The allow list of Git repositories
-allow-git = []

examples/complete-workflow.md

@@ -29,7 +29,7 @@ cd /Users/Akasha/project-provisioning
 
 # Verify installation
 kcl list packages | grep provisioning
-```plaintext
+```
 
 ## Step 2: Create Workspace
 
@@ -43,7 +43,7 @@ cd workspace/infra/production-k8s
 
 # Verify structure
 tree -a .
-```plaintext
+```
 
 Expected output:
 
@@ -61,7 +61,7 @@ Expected output:
 ├── tmp/
 ├── resources/
 └── clusters/
-```plaintext
+```
 
 ## Step 3: Discover Available Modules
 
@@ -77,7 +77,7 @@ Expected output:
 
 # Check output formats
 ../../../provisioning/core/cli/module-loader discover taskservs --format json
-```plaintext
+```
 
 ## Step 4: Load Required Modules
 
@@ -91,7 +91,7 @@ Expected output:
 # Verify loading
 ../../../provisioning/core/cli/module-loader list taskservs .
 ../../../provisioning/core/cli/module-loader list providers .
-```plaintext
+```
 
 Check generated files:
 
@@ -103,7 +103,7 @@ cat providers.k
 # Check manifest
 cat .manifest/taskservs.yaml
 cat .manifest/providers.yaml
-```plaintext
+```
 
 ## Step 5: Configure Infrastructure
 
@@ -284,7 +284,7 @@ production_servers: [server.Server] = [
     settings = k8s_settings
     servers = production_servers
 }
-```plaintext
+```
 
 ## Step 6: Validate Configuration
 
@@ -297,7 +297,7 @@ kcl run servers.k
 
 # Check workspace info
 ../../../provisioning/tools/workspace-init.nu . info
-```plaintext
+```
 
 ## Step 7: Configure Provider Credentials
 
@@ -335,7 +335,7 @@ upcloud_defaults: defaults.ServerDefaults = {
 
 upcloud_defaults
 EOF
-```plaintext
+```
 
 ## Step 8: Deploy Infrastructure
 
@@ -348,7 +348,7 @@ EOF
 
 # Monitor server creation
 ../../../provisioning/core/cli/provisioning server list --infra .
-```plaintext
+```
 
 ## Step 9: Install Taskservs
 
@@ -361,7 +361,7 @@ EOF
 
 # Install Cilium CNI
 ../../../provisioning/core/cli/provisioning taskserv create cilium --infra .
-```plaintext
+```
 
 ## Step 10: Verify Cluster
 
@@ -377,7 +377,7 @@ kubectl get services -A
 # Test Cilium connectivity
 cilium status
 cilium connectivity test
-```plaintext
+```
 
 ## Step 11: Deploy Sample Application
 
@@ -394,7 +394,7 @@ kubectl expose deployment nginx --port=80 --type=ClusterIP -n test-app
 # Verify deployment
 kubectl get pods -n test-app
 kubectl get services -n test-app
-```plaintext
+```
 
 ## Step 12: Cluster Management
 
@@ -408,7 +408,7 @@ kubectl get services -n test-app
 # Deploy monitoring stack
 ../../../provisioning/core/cli/provisioning taskserv create prometheus --infra .
 ../../../provisioning/core/cli/provisioning taskserv create grafana --infra .
-```plaintext
+```
 
 ## Step 13: Backup and Documentation
 
@@ -436,7 +436,7 @@ cat > cluster-info.md << 'EOF'
 - upcloud (cloud provider)
 
 ## Management Commands
-```bash
+```
 # SSH to master
 ../../../provisioning/core/cli/provisioning server ssh k8s-master-01 --infra .
 
@@ -455,7 +455,7 @@ cp -r . ../production-k8s-backup-$(date +%Y%m%d)
 git add .
 git commit -m "Initial Kubernetes cluster deployment with package system"
 
-```plaintext
+```
 
 ## Troubleshooting
 
@@ -467,7 +467,7 @@ git commit -m "Initial Kubernetes cluster deployment with package system"
 
 # Check generated imports
 cat taskservs.k
-```plaintext
+```
 
 ### KCL Compilation Issues
 
@@ -477,7 +477,7 @@ kcl check servers.k
 
 # Validate specific schemas
 kcl run --dry-run servers.k
-```plaintext
+```
 
 ### Provider Authentication Issues
 
@@ -487,7 +487,7 @@ cat .providers/upcloud/provision_upcloud.k
 
 # Verify credentials
 ../../../provisioning/core/cli/provisioning server price --provider upcloud
-```plaintext
+```
 
 ### Kubernetes Setup Issues
 
@@ -497,7 +497,7 @@ tail -f tmp/k8s-deployment/kubernetes-*.log
 
 # Verify SSH connectivity
 ../../../provisioning/core/cli/provisioning server ssh k8s-master-01 --infra . --command "systemctl status kubelet"
-```plaintext
+```
 
 ## Next Steps
 

examples/workspaces/multi-region-ha/README.md

@@ -588,7 +588,7 @@ aws ec2 start-instances --region ap-southeast-1 --instance-ids i-1234567890abcde
 ### Monthly Cost Breakdown
 
 | Component | US East | EU Central | Asia Pacific | Total |
-|-----------|---------|-----------|--------------|-------|
+| ----------- | --------- | ----------- | -------------- | ------- |
 | Compute | $72 | €62.70 | $80 | $242.70 |
 | Database | $30 | Read Replica | $30 | $60 |
 | Load Balancer | Free | ~$10 | ~$20 | ~$30 |