jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jesus:2157cd4df97b3b370d202a24acd6100a35ef1e95
Branches Tags
jesus:main
jesus:nickel
...
compare: jesus:8217d67e6a92296891928c3cc3adf0d5733448e0
Branches Tags
jesus:nickel
jesus:main

2 Commits
2157cd4df9 ... 8217d67e6a

Author SHA1 Message Date
Jesús Pérez
8217d67e6a
chore: review docs from scratch 2026-01-17 04:00:05 +00:00
Jesús Pérez
27dbc5cd08
chore: review docs from scratch 2026-01-17 03:58:28 +00:00
396 changed files with 70506 additions and 199541 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -8,6 +8,8 @@ kcl
*.k
old_config
docs/book
# === SEPARATE REPOSITORIES ===
# These are tracked in their own repos or pulled from external sources
extensions/

14
config/config.defaults.toml
View File

@ -81,6 +81,20 @@ enable_tls = false
cert_path = ""
key_path = ""
# Environment-Specific Configuration
# ⚠️ DEPRECATED: Environments are now defined in Nickel (ADR-003: Nickel as Source of Truth)
# Location: provisioning/schemas/config/environments/main.ncl
# The loader attempts to load from Nickel first, then falls back to this TOML section
# This section is kept for backward compatibility only - DO NOT USE for new configurations
#
# [environments]
# [environments.dev]
# debug_enabled = true
# debug_log_level = "debug"
# [environments.prod]
# debug_enabled = false
# debug_log_level = "warn"
# Configuration Notes
#
# 1. User Configuration Override

2
core

@ -1 +1 @@
Subproject commit 08563bc973423ea8ce4086c6f043ba47aac9a2f5
Subproject commit 825d1f0e88eaa37186ca91eb2016d04fce12f807

34
docs/.markdownlint-cli2.jsonc
View File

@ -1,5 +1,5 @@
// Markdownlint-cli2 Configuration for docs/
// Product documentation - inherits from parent with MD040 disabled
// Markdownlint-cli2 Configuration
// Documentation quality enforcement aligned with CLAUDE.md guidelines
// See: https://github.com/igorshubovych/markdownlint-cli2
{
@ -19,13 +19,11 @@
// Code blocks - fenced only
"MD046": { "style": "fenced" }, // code-block-style
// MD040 DISABLED FOR DOCS
// Product documentation has extensive code examples with context-dependent languages.
// Opening fence language detection is complex in large docs and would require
// intelligent parsing. Since core/ validates with proper languages, docs/
// inherits that validated content and pre-commit hooks catch malformed closing fences.
"MD040": false, // fenced-code-language (DISABLED - pre-commit validates closing fences)
// CRITICAL: MD040 only checks for missing language on opening fence.
// It does NOT catch malformed closing fences with language specifiers (e.g., ```plaintext).
// This is a CommonMark violation that must be caught by custom pre-commit hook.
// Pre-commit hook: check-malformed-fences (provisioning/core/.pre-commit-config.yaml)
// Script: provisioning/scripts/check-malformed-fences.nu
// Formatting - strict whitespace
"MD009": true, // no-hard-tabs
@ -49,6 +47,7 @@
// Links and references
"MD034": true, // no-bare-urls (links must be formatted)
"MD040": true, // fenced-code-language (code blocks need language)
"MD042": true, // no-empty-links
// HTML - allow for documentation formatting and images
@ -78,22 +77,27 @@
"MD032": false, // blanks-around-lists (flexible spacing)
"MD035": false, // hr-style (consistent)
"MD036": false, // no-emphasis-as-heading
"MD044": false // proper-names
"MD044": false, // proper-names
"MD060": true // table-column-style (enforce proper table formatting)
},
// Documentation patterns
"globs": [
"**/*.md",
"!node_modules/**",
"!build/**"
"docs/**/*.md",
"!docs/node_modules/**",
"!docs/build/**"
],
// Ignore build artifacts and external content
// Ignore build artifacts, external content, and operational directories
"ignores": [
"node_modules/**",
"target/**",
".git/**",
"build/**",
"dist/**"
"dist/**",
".coder/**",
".claude/**",
".wrks/**",
".vale/**"
]
}

138
docs/README.md
View File

@ -1,138 +0,0 @@
# Provisioning Platform Documentation
Complete documentation for the Provisioning Platform infrastructure automation system built with Nushell,
Nickel, and Rust.
## 📖 Browse Documentation
All documentation is **directly readable** as markdown files in Git/GitHub—mdBook is optional.
- **[Table of Contents](src/SUMMARY.md)** Complete documentation index (188+ pages)
- **[Browse src/ directory](src/)** All markdown files organized by topic
---
## 🚀 Quick Navigation
### For Users & Operators
- **[Getting Started](src/getting-started/)** Installation, setup, and first deployment
- **[Operations Guide](src/operations/)** Deployment, monitoring, orchestrator management
- **[Troubleshooting](src/troubleshooting/troubleshooting-guide.md)** Common issues and solutions
- **[Security](src/security/)** Authentication, encryption, secrets management
### For Developers & Architects
- **[Architecture Overview](src/architecture/)** System design and integration patterns
- **[Infrastructure Guide](src/infrastructure/)** CLI, configuration system, workspaces
- **[Development Guide](src/development/)** Extensions, providers, taskservs, build system
- **[API Reference](src/api-reference/)** REST API, WebSocket, SDKs, integration examples
### For Advanced Users
- **[Deployment Guides](src/guides/)** Multi-provider setup, customization, infrastructure examples
- **[Integration Guides](src/integration/)** Gitea, OCI, service mesh, secrets integration
- **[Testing](src/testing/)** Test environment setup and validation
---
## 📚 Documentation Structure
```bash
provisioning/docs/
├── README.md # This file navigation hub
├── book.toml # mdBook configuration
├── src/ # Source markdown files (version-controlled)
│ ├── SUMMARY.md # Complete table of contents
│ ├── getting-started/ # Installation and setup
│ ├── architecture/ # System design and ADRs
│ ├── infrastructure/ # CLI, configuration, workspaces
│ ├── operations/ # Deployment, orchestrator, monitoring
│ ├── development/ # Extensions, providers, build system
│ ├── api-reference/ # APIs and SDKs
│ ├── security/ # Authentication, secrets, encryption
│ ├── integration/ # Third-party integrations
│ ├── guides/ # How-to guides and examples
│ ├── troubleshooting/ # Common issues
│ └── ... # 12 other sections
├── book/ # Generated HTML output (Git-ignored)
└── examples/ # Example workspace configurations
```
### Why `src/` subdirectory
This is the **standard mdBook convention**:
- **Source (`src/`)**: Version-controlled markdown files, directly readable
- **Output (`book/`)**: Generated HTML/CSS/JS, Git-ignored (regenerated on build)
This separation allows the same source files to generate multiple output formats (HTML, PDF, EPUB) without
cluttering the version-controlled repository.
---
## 🔨 Building HTML with mdBook
If you prefer a formatted HTML website with search, themes, and copy buttons, build with mdBook:
### Prerequisites
```bash
cargo install mdbook
```
### Build & Serve
```bash
# Navigate to docs directory
cd provisioning/docs
# Build HTML to book/ directory
mdbook build
# Serve locally at http://localhost:3000 (with live reload)
mdbook serve
```
### Output
Generated HTML is available in `provisioning/docs/book/` after building.
**Note**: mdBook is entirely optional. The markdown files in `src/` work perfectly fine in any Git
viewer or text editor.
---
## 📖 Reading Markdown Directly
All documentation is standard GitHub Flavored Markdown. You can:
- **GitHub/GitLab**: Click `provisioning/docs/src/` and browse directly
- **Local Git**: Clone the repo and open any `.md` file in your editor
- **Text Search**: Use `grep` or your editor's search to find topics across all markdown files
- **mdBook (optional)**: Build HTML for formatted reading with search and theming
---
## 🔗 Key Reference Pages
| Document | Purpose |
| ------------------------------------------------------------------------------ | --------------------------------- |
| [System Overview](src/architecture/system-overview.md) | High-level architecture |
| [Installation Guide](src/getting-started/installation-guide.md) | Step-by-step setup |
| [CLI Reference](src/infrastructure/cli-reference.md) | Command reference |
| [Configuration System](src/infrastructure/configuration-system.md) | Config management |
| [Security System](src/security/security-system.md) | Authentication & encryption |
| [Orchestrator](src/operations/orchestrator.md) | Service orchestration |
| [Workspace Guide](src/infrastructure/workspaces/workspace-guide.md) | Infrastructure workspaces |
| [ADRs](src/architecture/adr/) | Architecture Decision Records |
---
## ❓ Questions
- **Getting started** → Start with [Installation Guide](src/getting-started/installation-guide.md)
- **Having issues** → Check [Troubleshooting](src/troubleshooting/troubleshooting-guide.md)
- **Looking for API docs** → See [API Reference](src/api-reference/)
- **Want architecture details** → Read [Architecture Overview](src/architecture/architecture-overview.md)
For complete navigation, see [Table of Contents](src/SUMMARY.md).

94
docs/book.toml
View File

@ -1,78 +1,48 @@
[book]
authors = ["Provisioning Platform Team"]
description = "Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust"
title = "Provisioning Platform Documentation"
authors = ["Provisioning Team"]
language = "en"
multilingual = false
src = "src"
title = "Provisioning Platform Documentation"
description = "Enterprise-grade Infrastructure as Code platform - Complete documentation"
[build]
build-dir = "book"
create-missing = true
[preprocessor.links]
# Enable link checking
[output.html]
# theme = "theme" # Commented out - using default mdbook theme
cname = "docs.provisioning.local"
copy-fonts = true
default-theme = "ayu"
edit-url-template = "https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/{path}"
git-repository-icon = "fa-github"
git-repository-url = "https://github.com/provisioning/provisioning-platform"
mathjax-support = false
no-section-label = false
default-theme = "rust"
preferred-dark-theme = "navy"
site-url = "/docs/"
smart-punctuation = true # Renamed from curly-quotes
# input-404 = "404.md" # Commented out - 404.md not created yet
smart-punctuation = true
mathjax-support = false
copy-fonts = true
no-section-label = false
git-repository-url = "https://github.com/your-org/provisioning"
git-repository-icon = "fa-github"
edit-url-template = "https://github.com/your-org/provisioning/edit/main/provisioning/docs/{path}"
site-url = "/provisioning/"
[output.html.print]
enable = true
[output.html.fold]
enable = true
level = 1
[output.html.fold]
enable = true
level = 1
[output.html.search]
enable = true
limit-results = 30
teaser-word-count = 30
use-boolean-and = true
boost-title = 2
boost-hierarchy = 1
boost-paragraph = 1
expand = true
[output.html.playground]
copy-js = true
copyable = true
editable = false
line-numbers = true
runnable = false
[output.html.playground]
editable = true
copyable = true
copy-js = true
line-numbers = true
runnable = false
[output.html.search]
boost-hierarchy = 1
boost-paragraph = 1
boost-title = 2
enable = true
expand = true
heading-split-level = 3
limit-results = 30
teaser-word-count = 30
use-boolean-and = true
[preprocessor.links]
[output.html.code.highlightjs]
additional-languages = ["nushell", "toml", "yaml", "bash", "rust", "nickel"]
[output.html.code]
hidelines = {}
[[output.html.code.highlightjs.theme]]
dark = "ayu-dark"
light = "ayu-light"
[output.html.redirect]
# Add redirects for moved pages if needed
[rust]
edition = "2021"
# Custom preprocessors for Nushell and KCL syntax highlighting
# Note: These preprocessors are not installed, commented out for now
# [preprocessor.nushell-highlighting]
# Enable custom highlighting for Nushell code blocks
# [preprocessor.kcl-highlighting]
# Enable custom highlighting for KCL code blocks
[preprocessor.index]

36
docs/book/404.html
View File

@ -1,15 +1,15 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<html lang="en" class="rust sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Page not found - Provisioning Platform Documentation</title>
<base href="/docs/">
<base href="/">
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="description" content="Enterprise-grade Infrastructure as Code platform - Complete documentation">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
@ -35,7 +35,7 @@
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "";
const default_light_theme = "ayu";
const default_light_theme = "rust";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
@ -77,7 +77,7 @@
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.remove('rust')
html.classList.add(theme);
html.classList.add("js");
</script>
@ -141,7 +141,7 @@
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<a href="https://github.com/your-org/provisioning" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
@ -190,13 +190,37 @@
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_line_numbers = true;
</script>
<script>
window.playground_copyable = true;
</script>
<script src="ace.js"></script>
<script src="mode-rust.js"></script>
<script src="editor.js"></script>
<script src="theme-dawn.js"></script>
<script src="theme-tomorrow_night.js"></script>
<script src="elasticlunr.min.js"></script>
<script src="mark.min.js"></script>

1
docs/book/CNAME
View File

@ -1 +0,0 @@
docs.provisioning.local

780
docs/book/architecture/adr/ADR-009-security-system-complete.html
View File

@ -1,780 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>ADR-009: Security System Complete - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../../favicon.svg">
<link rel="shortcut icon" href="../../favicon.png">
<link rel="stylesheet" href="../../css/variables.css">
<link rel="stylesheet" href="../../css/general.css">
<link rel="stylesheet" href="../../css/chrome.css">
<link rel="stylesheet" href="../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/architecture/adr/adr-009-security-system-complete.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="adr-009-complete-security-system-implementation"><a class="header" href="#adr-009-complete-security-system-implementation">ADR-009: Complete Security System Implementation</a></h1>
<p><strong>Status</strong>: Implemented
<strong>Date</strong>: 2025-10-08
<strong>Decision Makers</strong>: Architecture Team</p>
<hr />
<h2 id="context"><a class="header" href="#context">Context</a></h2>
<p>The Provisioning platform required a comprehensive, enterprise-grade security system covering authentication, authorization, secrets management, MFA,
compliance, and emergency access. The system needed to be production-ready, scalable, and compliant with GDPR, SOC2, and ISO 27001.</p>
<hr />
<h2 id="decision"><a class="header" href="#decision">Decision</a></h2>
<p>Implement a complete security architecture using 12 specialized components organized in 4 implementation groups.</p>
<hr />
<h2 id="implementation-summary"><a class="header" href="#implementation-summary">Implementation Summary</a></h2>
<h3 id="total-implementation"><a class="header" href="#total-implementation">Total Implementation</a></h3>
<ul>
<li><strong>39,699 lines</strong> of production-ready code</li>
<li><strong>136 files</strong> created/modified</li>
<li><strong>350+ tests</strong> implemented</li>
<li><strong>83+ REST endpoints</strong> available</li>
<li><strong>111+ CLI commands</strong> ready</li>
</ul>
<hr />
<h2 id="architecture-components"><a class="header" href="#architecture-components">Architecture Components</a></h2>
<h3 id="group-1-foundation-13485-lines"><a class="header" href="#group-1-foundation-13485-lines">Group 1: Foundation (13,485 lines)</a></h3>
<h4 id="1-jwt-authentication-1626-lines"><a class="header" href="#1-jwt-authentication-1626-lines">1. JWT Authentication (1,626 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/control-center/src/auth/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>RS256 asymmetric signing</li>
<li>Access tokens (15 min) + refresh tokens (7 d)</li>
<li>Token rotation and revocation</li>
<li>Argon2id password hashing</li>
<li>5 user roles (Admin, Developer, Operator, Viewer, Auditor)</li>
<li>Thread-safe blacklist</li>
</ul>
<p><strong>API</strong>: 6 endpoints
<strong>CLI</strong>: 8 commands
<strong>Tests</strong>: 30+</p>
<h4 id="2-cedar-authorization-5117-lines"><a class="header" href="#2-cedar-authorization-5117-lines">2. Cedar Authorization (5,117 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/config/cedar-policies/</code>, <code>provisioning/platform/orchestrator/src/security/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>Cedar policy engine integration</li>
<li>4 policy files (schema, production, development, admin)</li>
<li>Context-aware authorization (MFA, IP, time windows)</li>
<li>Hot reload without restart</li>
<li>Policy validation</li>
</ul>
<p><strong>API</strong>: 4 endpoints
<strong>CLI</strong>: 6 commands
<strong>Tests</strong>: 30+</p>
<h4 id="3-audit-logging-3434-lines"><a class="header" href="#3-audit-logging-3434-lines">3. Audit Logging (3,434 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/audit/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>Structured JSON logging</li>
<li>40+ action types</li>
<li>GDPR compliance (PII anonymization)</li>
<li>5 export formats (JSON, CSV, Splunk, ECS, JSON Lines)</li>
<li>Query API with advanced filtering</li>
</ul>
<p><strong>API</strong>: 7 endpoints
<strong>CLI</strong>: 8 commands
<strong>Tests</strong>: 25</p>
<h4 id="4-config-encryption-3308-lines"><a class="header" href="#4-config-encryption-3308-lines">4. Config Encryption (3,308 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/core/nulib/lib_provisioning/config/encryption.nu</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>SOPS integration</li>
<li>4 KMS backends (Age, AWS KMS, Vault, Cosmian)</li>
<li>Transparent encryption/decryption</li>
<li>Memory-only decryption</li>
<li>Auto-detection</li>
</ul>
<p><strong>CLI</strong>: 10 commands
<strong>Tests</strong>: 7</p>
<hr />
<h3 id="group-2-kms-integration-9331-lines"><a class="header" href="#group-2-kms-integration-9331-lines">Group 2: KMS Integration (9,331 lines)</a></h3>
<h4 id="5-kms-service-2483-lines"><a class="header" href="#5-kms-service-2483-lines">5. KMS Service (2,483 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/kms-service/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>HashiCorp Vault (Transit engine)</li>
<li>AWS KMS (Direct + envelope encryption)</li>
<li>Context-based encryption (AAD)</li>
<li>Key rotation support</li>
<li>Multi-region support</li>
</ul>
<p><strong>API</strong>: 8 endpoints
<strong>CLI</strong>: 15 commands
<strong>Tests</strong>: 20</p>
<h4 id="6-dynamic-secrets-4141-lines"><a class="header" href="#6-dynamic-secrets-4141-lines">6. Dynamic Secrets (4,141 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/secrets/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>AWS STS temporary credentials (15 min-12 h)</li>
<li>SSH key pair generation (Ed25519)</li>
<li>UpCloud API subaccounts</li>
<li>TTL manager with auto-cleanup</li>
<li>Vault dynamic secrets integration</li>
</ul>
<p><strong>API</strong>: 7 endpoints
<strong>CLI</strong>: 10 commands
<strong>Tests</strong>: 15</p>
<h4 id="7-ssh-temporal-keys-2707-lines"><a class="header" href="#7-ssh-temporal-keys-2707-lines">7. SSH Temporal Keys (2,707 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/ssh/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>Ed25519 key generation</li>
<li>Vault OTP (one-time passwords)</li>
<li>Vault CA (certificate authority signing)</li>
<li>Auto-deployment to authorized_keys</li>
<li>Background cleanup every 5 min</li>
</ul>
<p><strong>API</strong>: 7 endpoints
<strong>CLI</strong>: 10 commands
<strong>Tests</strong>: 31</p>
<hr />
<h3 id="group-3-security-features-8948-lines"><a class="header" href="#group-3-security-features-8948-lines">Group 3: Security Features (8,948 lines)</a></h3>
<h4 id="8-mfa-implementation-3229-lines"><a class="header" href="#8-mfa-implementation-3229-lines">8. MFA Implementation (3,229 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/control-center/src/mfa/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>TOTP (RFC 6238, 6-digit codes, 30 s window)</li>
<li>WebAuthn/FIDO2 (YubiKey, Touch ID, Windows Hello)</li>
<li>QR code generation</li>
<li>10 backup codes per user</li>
<li>Multiple devices per user</li>
<li>Rate limiting (5 attempts/5 min)</li>
</ul>
<p><strong>API</strong>: 13 endpoints
<strong>CLI</strong>: 15 commands
<strong>Tests</strong>: 85+</p>
<h4 id="9-orchestrator-auth-flow-2540-lines"><a class="header" href="#9-orchestrator-auth-flow-2540-lines">9. Orchestrator Auth Flow (2,540 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/middleware/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>Complete middleware chain (5 layers)</li>
<li>Security context builder</li>
<li>Rate limiting (100 req/min per IP)</li>
<li>JWT authentication middleware</li>
<li>MFA verification middleware</li>
<li>Cedar authorization middleware</li>
<li>Audit logging middleware</li>
</ul>
<p><strong>Tests</strong>: 53</p>
<h4 id="10-control-center-ui-3179-lines"><a class="header" href="#10-control-center-ui-3179-lines">10. Control Center UI (3,179 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/control-center/web/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>React/TypeScript UI</li>
<li>Login with MFA (2-step flow)</li>
<li>MFA setup (TOTP + WebAuthn wizards)</li>
<li>Device management</li>
<li>Audit log viewer with filtering</li>
<li>API token management</li>
<li>Security settings dashboard</li>
</ul>
<p><strong>Components</strong>: 12 React components
<strong>API Integration</strong>: 17 methods</p>
<hr />
<h3 id="group-4-advanced-features-7935-lines"><a class="header" href="#group-4-advanced-features-7935-lines">Group 4: Advanced Features (7,935 lines)</a></h3>
<h4 id="11-break-glass-emergency-access-3840-lines"><a class="header" href="#11-break-glass-emergency-access-3840-lines">11. Break-Glass Emergency Access (3,840 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/break_glass/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li>Multi-party approval (2+ approvers, different teams)</li>
<li>Emergency JWT tokens (4 h max, special claims)</li>
<li>Auto-revocation (expiration + inactivity)</li>
<li>Enhanced audit (7-year retention)</li>
<li>Real-time alerts</li>
<li>Background monitoring</li>
</ul>
<p><strong>API</strong>: 12 endpoints
<strong>CLI</strong>: 10 commands
<strong>Tests</strong>: 985 lines (unit + integration)</p>
<h4 id="12-compliance-4095-lines"><a class="header" href="#12-compliance-4095-lines">12. Compliance (4,095 lines)</a></h4>
<p><strong>Location</strong>: <code>provisioning/platform/orchestrator/src/compliance/</code></p>
<p><strong>Features</strong>:</p>
<ul>
<li><strong>GDPR</strong>: Data export, deletion, rectification, portability, objection</li>
<li><strong>SOC2</strong>: 9 Trust Service Criteria verification</li>
<li><strong>ISO 27001</strong>: 14 Annex A control families</li>
<li><strong>Incident Response</strong>: Complete lifecycle management</li>
<li><strong>Data Protection</strong>: 4-level classification, encryption controls</li>
<li><strong>Access Control</strong>: RBAC matrix with role verification</li>
</ul>
<p><strong>API</strong>: 35 endpoints
<strong>CLI</strong>: 23 commands
<strong>Tests</strong>: 11</p>
<hr />
<h2 id="security-architecture-flow"><a class="header" href="#security-architecture-flow">Security Architecture Flow</a></h2>
<h3 id="end-to-end-request-flow"><a class="header" href="#end-to-end-request-flow">End-to-End Request Flow</a></h3>
<pre><code class="language-plaintext">1. User Request
2. Rate Limiting (100 req/min per IP)
3. JWT Authentication (RS256, 15 min tokens)
4. MFA Verification (TOTP/WebAuthn for sensitive ops)
5. Cedar Authorization (context-aware policies)
6. Dynamic Secrets (AWS STS, SSH keys, 1h TTL)
7. Operation Execution (encrypted configs, KMS)
8. Audit Logging (structured JSON, GDPR-compliant)
9. Response
</code></pre>
<h3 id="emergency-access-flow"><a class="header" href="#emergency-access-flow">Emergency Access Flow</a></h3>
<pre><code class="language-plaintext">1. Emergency Request (reason + justification)
2. Multi-Party Approval (2+ approvers, different teams)
3. Session Activation (special JWT, 4h max)
4. Enhanced Audit (7-year retention, immutable)
5. Auto-Revocation (expiration/inactivity)
</code></pre>
<hr />
<h2 id="technology-stack"><a class="header" href="#technology-stack">Technology Stack</a></h2>
<h3 id="backend-rust"><a class="header" href="#backend-rust">Backend (Rust)</a></h3>
<ul>
<li><strong>axum</strong>: HTTP framework</li>
<li><strong>jsonwebtoken</strong>: JWT handling (RS256)</li>
<li><strong>cedar-policy</strong>: Authorization engine</li>
<li><strong>totp-rs</strong>: TOTP implementation</li>
<li><strong>webauthn-rs</strong>: WebAuthn/FIDO2</li>
<li><strong>aws-sdk-kms</strong>: AWS KMS integration</li>
<li><strong>argon2</strong>: Password hashing</li>
<li><strong>tracing</strong>: Structured logging</li>
</ul>
<h3 id="frontend-typescriptreact"><a class="header" href="#frontend-typescriptreact">Frontend (TypeScript/React)</a></h3>
<ul>
<li><strong>React 18</strong>: UI framework</li>
<li><strong>Leptos</strong>: Rust WASM framework</li>
<li><strong>@simplewebauthn/browser</strong>: WebAuthn client</li>
<li><strong>qrcode.react</strong>: QR code generation</li>
</ul>
<h3 id="cli-nushell"><a class="header" href="#cli-nushell">CLI (Nushell)</a></h3>
<ul>
<li><strong>Nushell 0.107</strong>: Shell and scripting</li>
<li><strong>nu_plugin_kcl</strong>: KCL integration</li>
</ul>
<h3 id="infrastructure"><a class="header" href="#infrastructure">Infrastructure</a></h3>
<ul>
<li><strong>HashiCorp Vault</strong>: Secrets management, KMS, SSH CA</li>
<li><strong>AWS KMS</strong>: Key management service</li>
<li><strong>PostgreSQL/SurrealDB</strong>: Data storage</li>
<li><strong>SOPS</strong>: Config encryption</li>
</ul>
<hr />
<h2 id="security-guarantees"><a class="header" href="#security-guarantees">Security Guarantees</a></h2>
<h3 id="authentication"><a class="header" href="#authentication">Authentication</a></h3>
<p>✅ RS256 asymmetric signing (no shared secrets)
✅ Short-lived access tokens (15 min)
✅ Token revocation support
✅ Argon2id password hashing (memory-hard)
✅ MFA enforced for production operations</p>
<h3 id="authorization"><a class="header" href="#authorization">Authorization</a></h3>
<p>✅ Fine-grained permissions (Cedar policies)
✅ Context-aware (MFA, IP, time windows)
✅ Hot reload policies (no downtime)
✅ Deny by default</p>
<h3 id="secrets-management"><a class="header" href="#secrets-management">Secrets Management</a></h3>
<p>✅ No static credentials stored
✅ Time-limited secrets (1h default)
✅ Auto-revocation on expiry
✅ Encryption at rest (KMS)
✅ Memory-only decryption</p>
<h3 id="audit--compliance"><a class="header" href="#audit--compliance">Audit &amp; Compliance</a></h3>
<p>✅ Immutable audit logs
✅ GDPR-compliant (PII anonymization)
✅ SOC2 controls implemented
✅ ISO 27001 controls verified
✅ 7-year retention for break-glass</p>
<h3 id="emergency-access"><a class="header" href="#emergency-access">Emergency Access</a></h3>
<p>✅ Multi-party approval required
✅ Time-limited sessions (4h max)
✅ Enhanced audit logging
✅ Auto-revocation
✅ Cannot be disabled</p>
<hr />
<h2 id="performance-characteristics"><a class="header" href="#performance-characteristics">Performance Characteristics</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Component</th><th>Latency</th><th>Throughput</th><th>Memory</th></tr></thead><tbody>
<tr><td>JWT Auth</td><td>&lt;5 ms</td><td>10,000/s</td><td>~10 MB</td></tr>
<tr><td>Cedar Authz</td><td>&lt;10 ms</td><td>5,000/s</td><td>~50 MB</td></tr>
<tr><td>Audit Log</td><td>&lt;5 ms</td><td>20,000/s</td><td>~100 MB</td></tr>
<tr><td>KMS Encrypt</td><td>&lt;50 ms</td><td>1,000/s</td><td>~20 MB</td></tr>
<tr><td>Dynamic Secrets</td><td>&lt;100 ms</td><td>500/s</td><td>~50 MB</td></tr>
<tr><td>MFA Verify</td><td>&lt;50 ms</td><td>2,000/s</td><td>~30 MB</td></tr>
</tbody></table>
</div>
<p><strong>Total Overhead</strong>: ~10-20 ms per request
<strong>Memory Usage</strong>: ~260 MB total for all security components</p>
<hr />
<h2 id="deployment-options"><a class="header" href="#deployment-options">Deployment Options</a></h2>
<h3 id="development"><a class="header" href="#development">Development</a></h3>
<pre><code class="language-bash"># Start all services
cd provisioning/platform/kms-service &amp;&amp; cargo run &amp;
cd provisioning/platform/orchestrator &amp;&amp; cargo run &amp;
cd provisioning/platform/control-center &amp;&amp; cargo run &amp;
</code></pre>
<h3 id="production"><a class="header" href="#production">Production</a></h3>
<pre><code class="language-bash"># Kubernetes deployment
kubectl apply -f k8s/security-stack.yaml
# Docker Compose
docker-compose up -d kms orchestrator control-center
# Systemd services
systemctl start provisioning-kms
systemctl start provisioning-orchestrator
systemctl start provisioning-control-center
</code></pre>
<hr />
<h2 id="configuration"><a class="header" href="#configuration">Configuration</a></h2>
<h3 id="environment-variables"><a class="header" href="#environment-variables">Environment Variables</a></h3>
<pre><code class="language-bash"># JWT
export JWT_ISSUER="control-center"
export JWT_AUDIENCE="orchestrator,cli"
export JWT_PRIVATE_KEY_PATH="/keys/private.pem"
export JWT_PUBLIC_KEY_PATH="/keys/public.pem"
# Cedar
export CEDAR_POLICIES_PATH="/config/cedar-policies"
export CEDAR_ENABLE_HOT_RELOAD=true
# KMS
export KMS_BACKEND="vault"
export VAULT_ADDR="https://vault.example.com"
export VAULT_TOKEN="..."
# MFA
export MFA_TOTP_ISSUER="Provisioning"
export MFA_WEBAUTHN_RP_ID="provisioning.example.com"
</code></pre>
<h3 id="config-files"><a class="header" href="#config-files">Config Files</a></h3>
<pre><code class="language-toml"># provisioning/config/security.toml
[jwt]
issuer = "control-center"
audience = ["orchestrator", "cli"]
access_token_ttl = "15m"
refresh_token_ttl = "7d"
[cedar]
policies_path = "config/cedar-policies"
hot_reload = true
reload_interval = "60s"
[mfa]
totp_issuer = "Provisioning"
webauthn_rp_id = "provisioning.example.com"
rate_limit = 5
rate_limit_window = "5m"
[kms]
backend = "vault"
vault_address = "https://vault.example.com"
vault_mount_point = "transit"
[audit]
retention_days = 365
retention_break_glass_days = 2555 # 7 years
export_format = "json"
pii_anonymization = true
</code></pre>
<hr />
<h2 id="testing"><a class="header" href="#testing">Testing</a></h2>
<h3 id="run-all-tests"><a class="header" href="#run-all-tests">Run All Tests</a></h3>
<pre><code class="language-bash"># Control Center (JWT, MFA)
cd provisioning/platform/control-center
cargo test
# Orchestrator (Cedar, Audit, Secrets, SSH, Break-Glass, Compliance)
cd provisioning/platform/orchestrator
cargo test
# KMS Service
cd provisioning/platform/kms-service
cargo test
# Config Encryption (Nushell)
nu provisioning/core/nulib/lib_provisioning/config/encryption_tests.nu
</code></pre>
<h3 id="integration-tests"><a class="header" href="#integration-tests">Integration Tests</a></h3>
<pre><code class="language-bash"># Full security flow
cd provisioning/platform/orchestrator
cargo test --test security_integration_tests
cargo test --test break_glass_integration_tests
</code></pre>
<hr />
<h2 id="monitoring--alerts"><a class="header" href="#monitoring--alerts">Monitoring &amp; Alerts</a></h2>
<h3 id="metrics-to-monitor"><a class="header" href="#metrics-to-monitor">Metrics to Monitor</a></h3>
<ul>
<li>Authentication failures (rate, sources)</li>
<li>Authorization denials (policies, resources)</li>
<li>MFA failures (attempts, users)</li>
<li>Token revocations (rate, reasons)</li>
<li>Break-glass activations (frequency, duration)</li>
<li>Secrets generation (rate, types)</li>
<li>Audit log volume (events/sec)</li>
</ul>
<h3 id="alerts-to-configure"><a class="header" href="#alerts-to-configure">Alerts to Configure</a></h3>
<ul>
<li>Multiple failed auth attempts (5+ in 5 min)</li>
<li>Break-glass session created</li>
<li>Compliance report non-compliant</li>
<li>Incident severity critical/high</li>
<li>Token revocation spike</li>
<li>KMS errors</li>
<li>Audit log export failures</li>
</ul>
<hr />
<h2 id="maintenance"><a class="header" href="#maintenance">Maintenance</a></h2>
<h3 id="daily"><a class="header" href="#daily">Daily</a></h3>
<ul>
<li>Monitor audit logs for anomalies</li>
<li>Review failed authentication attempts</li>
<li>Check break-glass sessions (should be zero)</li>
</ul>
<h3 id="weekly"><a class="header" href="#weekly">Weekly</a></h3>
<ul>
<li>Review compliance reports</li>
<li>Check incident response status</li>
<li>Verify backup code usage</li>
<li>Review MFA device additions/removals</li>
</ul>
<h3 id="monthly"><a class="header" href="#monthly">Monthly</a></h3>
<ul>
<li>Rotate KMS keys</li>
<li>Review and update Cedar policies</li>
<li>Generate compliance reports (GDPR, SOC2, ISO)</li>
<li>Audit access control matrix</li>
</ul>
<h3 id="quarterly"><a class="header" href="#quarterly">Quarterly</a></h3>
<ul>
<li>Full security audit</li>
<li>Penetration testing</li>
<li>Compliance certification review</li>
<li>Update security documentation</li>
</ul>
<hr />
<h2 id="migration-path"><a class="header" href="#migration-path">Migration Path</a></h2>
<h3 id="from-existing-system"><a class="header" href="#from-existing-system">From Existing System</a></h3>
<ol>
<li>
<p><strong>Phase 1</strong>: Deploy security infrastructure</p>
<ul>
<li>KMS service</li>
<li>Orchestrator with auth middleware</li>
<li>Control Center</li>
</ul>
</li>
<li>
<p><strong>Phase 2</strong>: Migrate authentication</p>
<ul>
<li>Enable JWT authentication</li>
<li>Migrate existing users</li>
<li>Disable old auth system</li>
</ul>
</li>
<li>
<p><strong>Phase 3</strong>: Enable MFA</p>
<ul>
<li>Require MFA enrollment for admins</li>
<li>Gradual rollout to all users</li>
</ul>
</li>
<li>
<p><strong>Phase 4</strong>: Enable Cedar authorization</p>
<ul>
<li>Deploy initial policies (permissive)</li>
<li>Monitor authorization decisions</li>
<li>Tighten policies incrementally</li>
</ul>
</li>
<li>
<p><strong>Phase 5</strong>: Enable advanced features</p>
<ul>
<li>Break-glass procedures</li>
<li>Compliance reporting</li>
<li>Incident response</li>
</ul>
</li>
</ol>
<hr />
<h2 id="future-enhancements"><a class="header" href="#future-enhancements">Future Enhancements</a></h2>
<h3 id="planned-not-implemented"><a class="header" href="#planned-not-implemented">Planned (Not Implemented)</a></h3>
<ul>
<li><strong>Hardware Security Module (HSM)</strong> integration</li>
<li><strong>OAuth2/OIDC</strong> federation</li>
<li><strong>SAML SSO</strong> for enterprise</li>
<li><strong>Risk-based authentication</strong> (IP reputation, device fingerprinting)</li>
<li><strong>Behavioral analytics</strong> (anomaly detection)</li>
<li><strong>Zero-Trust Network</strong> (service mesh integration)</li>
</ul>
<h3 id="under-consideration"><a class="header" href="#under-consideration">Under Consideration</a></h3>
<ul>
<li><strong>Blockchain audit log</strong> (immutable append-only log)</li>
<li><strong>Quantum-resistant cryptography</strong> (post-quantum algorithms)</li>
<li><strong>Confidential computing</strong> (SGX/SEV enclaves)</li>
<li><strong>Distributed break-glass</strong> (multi-region approval)</li>
</ul>
<hr />
<h2 id="consequences"><a class="header" href="#consequences">Consequences</a></h2>
<h3 id="positive"><a class="header" href="#positive">Positive</a></h3>
<p><strong>Enterprise-grade security</strong> meeting GDPR, SOC2, ISO 27001
<strong>Zero static credentials</strong> (all dynamic, time-limited)
<strong>Complete audit trail</strong> (immutable, GDPR-compliant)
<strong>MFA-enforced</strong> for sensitive operations
<strong>Emergency access</strong> with enhanced controls
<strong>Fine-grained authorization</strong> (Cedar policies)
<strong>Automated compliance</strong> (reports, incident response)</p>
<h3 id="negative"><a class="header" href="#negative">Negative</a></h3>
<p>⚠️ <strong>Increased complexity</strong> (12 components to manage)
⚠️ <strong>Performance overhead</strong> (~10-20 ms per request)
⚠️ <strong>Memory footprint</strong> (~260 MB additional)
⚠️ <strong>Learning curve</strong> (Cedar policy language, MFA setup)
⚠️ <strong>Operational overhead</strong> (key rotation, policy updates)</p>
<h3 id="mitigations"><a class="header" href="#mitigations">Mitigations</a></h3>
<ul>
<li>Comprehensive documentation (ADRs, guides, API docs)</li>
<li>CLI commands for all operations</li>
<li>Automated monitoring and alerting</li>
<li>Gradual rollout with feature flags</li>
<li>Training materials for operators</li>
</ul>
<hr />
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<ul>
<li><strong>JWT Auth</strong>: <code>docs/architecture/JWT_AUTH_IMPLEMENTATION.md</code></li>
<li><strong>Cedar Authz</strong>: <code>docs/architecture/CEDAR_AUTHORIZATION_IMPLEMENTATION.md</code></li>
<li><strong>Audit Logging</strong>: <code>docs/architecture/AUDIT_LOGGING_IMPLEMENTATION.md</code></li>
<li><strong>MFA</strong>: <code>docs/architecture/MFA_IMPLEMENTATION_SUMMARY.md</code></li>
<li><strong>Break-Glass</strong>: <code>docs/architecture/BREAK_GLASS_IMPLEMENTATION_SUMMARY.md</code></li>
<li><strong>Compliance</strong>: <code>docs/architecture/COMPLIANCE_IMPLEMENTATION_SUMMARY.md</code></li>
<li><strong>Config Encryption</strong>: <code>docs/user/CONFIG_ENCRYPTION_GUIDE.md</code></li>
<li><strong>Dynamic Secrets</strong>: <code>docs/user/DYNAMIC_SECRETS_QUICK_REFERENCE.md</code></li>
<li><strong>SSH Keys</strong>: <code>docs/user/SSH_TEMPORAL_KEYS_USER_GUIDE.md</code></li>
</ul>
<hr />
<h2 id="approval"><a class="header" href="#approval">Approval</a></h2>
<p><strong>Architecture Team</strong>: Approved
<strong>Security Team</strong>: Approved (pending penetration test)
<strong>Compliance Team</strong>: Approved (pending audit)
<strong>Engineering Team</strong>: Approved</p>
<hr />
<p><strong>Date</strong>: 2025-10-08
<strong>Version</strong>: 1.0.0
<strong>Status</strong>: Implemented and Production-Ready</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../architecture/adr/adr-008-cedar-authorization.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../architecture/adr/adr-010-configuration-format-strategy.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../architecture/adr/adr-008-cedar-authorization.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../architecture/adr/adr-010-configuration-format-strategy.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../../elasticlunr.min.js"></script>
<script src="../../mark.min.js"></script>
<script src="../../searcher.js"></script>
<script src="../../clipboard.min.js"></script>
<script src="../../highlight.js"></script>
<script src="../../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

599
docs/book/architecture/integration-patterns.html
View File

@ -1,5 +1,5 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<html lang="en" class="rust sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
@ -8,7 +8,7 @@
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="description" content="Enterprise-grade Infrastructure as Code platform - Complete documentation">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
@ -34,7 +34,7 @@
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_light_theme = "rust";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
@ -76,7 +76,7 @@
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.remove('rust')
html.classList.add(theme);
html.classList.add("js");
</script>
@ -140,10 +140,10 @@
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<a href="https://github.com/your-org/provisioning" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/architecture/integration-patterns.md" title="Suggest an edit" aria-label="Suggest an edit">
<a href="https://github.com/your-org/provisioning/edit/main/provisioning/docs/src/architecture/integration-patterns.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
@ -173,526 +173,61 @@
<div id="content" class="content">
<main>
<h1 id="integration-patterns"><a class="header" href="#integration-patterns">Integration Patterns</a></h1>
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>Provisioning implements sophisticated integration patterns to coordinate between its hybrid Rust/Nushell architecture, manage multi-provider
workflows, and enable extensible functionality. This document outlines the key integration patterns, their implementations, and best practices.</p>
<h2 id="core-integration-patterns"><a class="header" href="#core-integration-patterns">Core Integration Patterns</a></h2>
<h3 id="1-hybrid-language-integration"><a class="header" href="#1-hybrid-language-integration">1. Hybrid Language Integration</a></h3>
<h4 id="rust-to-nushell-communication-pattern"><a class="header" href="#rust-to-nushell-communication-pattern">Rust-to-Nushell Communication Pattern</a></h4>
<p><strong>Use Case</strong>: Orchestrator invoking business logic operations</p>
<p><strong>Implementation</strong>:</p>
<pre><code class="language-rust">use tokio::process::Command;
use serde_json;
pub async fn execute_nushell_workflow(
workflow: &amp;str,
args: &amp;[String]
) -&gt; Result&lt;WorkflowResult, Error&gt; {
let mut cmd = Command::new("nu");
cmd.arg("-c")
.arg(format!("use core/nulib/workflows/{}.nu *; {}", workflow, args.join(" ")));
let output = cmd.output().await?;
let result: WorkflowResult = serde_json::from_slice(&amp;output.stdout)?;
Ok(result)
}</code></pre>
<p><strong>Data Exchange Format</strong>:</p>
<pre><code class="language-json">{
"status": "success" | "error" | "partial",
"result": {
"operation": "server_create",
"resources": ["server-001", "server-002"],
"metadata": { ... }
},
"error": null | { "code": "ERR001", "message": "..." },
"context": { "workflow_id": "wf-123", "step": 2 }
}
</code></pre>
<h4 id="nushell-to-rust-communication-pattern"><a class="header" href="#nushell-to-rust-communication-pattern">Nushell-to-Rust Communication Pattern</a></h4>
<p><strong>Use Case</strong>: Business logic submitting workflows to orchestrator</p>
<p><strong>Implementation</strong>:</p>
<pre><code class="language-nushell">def submit-workflow [workflow: record] -&gt; record {
let payload = $workflow | to json
http post "http://localhost:9090/workflows/submit" {
headers: { "Content-Type": "application/json" }
body: $payload
}
| from json
}
</code></pre>
<p><strong>API Contract</strong>:</p>
<pre><code class="language-json">{
"workflow_id": "wf-456",
"name": "multi_cloud_deployment",
"operations": [...],
"dependencies": { ... },
"configuration": { ... }
}
</code></pre>
<h3 id="2-provider-abstraction-pattern"><a class="header" href="#2-provider-abstraction-pattern">2. Provider Abstraction Pattern</a></h3>
<h4 id="standard-provider-interface"><a class="header" href="#standard-provider-interface">Standard Provider Interface</a></h4>
<p><strong>Purpose</strong>: Uniform API across different cloud providers</p>
<p><strong>Interface Definition</strong>:</p>
<pre><code class="language-nushell"># Standard provider interface that all providers must implement
export def list-servers [] -&gt; table {
# Provider-specific implementation
}
export def create-server [config: record] -&gt; record {
# Provider-specific implementation
}
export def delete-server [id: string] -&gt; nothing {
# Provider-specific implementation
}
export def get-server [id: string] -&gt; record {
# Provider-specific implementation
}
</code></pre>
<p><strong>Configuration Integration</strong>:</p>
<pre><code class="language-toml">[providers.aws]
region = "us-west-2"
credentials_profile = "default"
timeout = 300
[providers.upcloud]
zone = "de-fra1"
api_endpoint = "https://api.upcloud.com"
timeout = 180
[providers.local]
docker_socket = "/var/run/docker.sock"
network_mode = "bridge"
</code></pre>
<h4 id="provider-discovery-and-loading"><a class="header" href="#provider-discovery-and-loading">Provider Discovery and Loading</a></h4>
<pre><code class="language-nushell">def load-providers [] -&gt; table {
let provider_dirs = glob "providers/*/nulib"
$provider_dirs
| each { |dir|
let provider_name = $dir | path basename | path dirname | path basename
let provider_config = get-provider-config $provider_name
{
name: $provider_name,
path: $dir,
config: $provider_config,
available: (test-provider-connectivity $provider_name)
}
}
}
</code></pre>
<h3 id="3-configuration-resolution-pattern"><a class="header" href="#3-configuration-resolution-pattern">3. Configuration Resolution Pattern</a></h3>
<h4 id="hierarchical-configuration-loading"><a class="header" href="#hierarchical-configuration-loading">Hierarchical Configuration Loading</a></h4>
<p><strong>Implementation</strong>:</p>
<pre><code class="language-nushell">def resolve-configuration [context: record] -&gt; record {
let base_config = open config.defaults.toml
let user_config = if ("config.user.toml" | path exists) {
open config.user.toml
} else { {} }
let env_config = if ($env.PROVISIONING_ENV? | is-not-empty) {
let env_file = $"config.($env.PROVISIONING_ENV).toml"
if ($env_file | path exists) { open $env_file } else { {} }
} else { {} }
let merged_config = $base_config
| merge $user_config
| merge $env_config
| merge ($context.runtime_config? | default {})
interpolate-variables $merged_config
}
</code></pre>
<h4 id="variable-interpolation-pattern"><a class="header" href="#variable-interpolation-pattern">Variable Interpolation Pattern</a></h4>
<pre><code class="language-nushell">def interpolate-variables [config: record] -&gt; record {
let interpolations = {
"{{paths.base}}": ($env.PWD),
"{{env.HOME}}": ($env.HOME),
"{{now.date}}": (date now | format date "%Y-%m-%d"),
"{{git.branch}}": (git branch --show-current | str trim)
}
$config
| to json
| str replace --all "{{paths.base}}" $interpolations."{{paths.base}}"
| str replace --all "{{env.HOME}}" $interpolations."{{env.HOME}}"
| str replace --all "{{now.date}}" $interpolations."{{now.date}}"
| str replace --all "{{git.branch}}" $interpolations."{{git.branch}}"
| from json
}
</code></pre>
<h3 id="4-workflow-orchestration-patterns"><a class="header" href="#4-workflow-orchestration-patterns">4. Workflow Orchestration Patterns</a></h3>
<h4 id="dependency-resolution-pattern"><a class="header" href="#dependency-resolution-pattern">Dependency Resolution Pattern</a></h4>
<p><strong>Use Case</strong>: Managing complex workflow dependencies</p>
<p><strong>Implementation (Rust)</strong>:</p>
<pre><code class="language-rust">use petgraph::{Graph, Direction};
use std::collections::HashMap;
pub struct DependencyResolver {
graph: Graph&lt;String, ()&gt;,
node_map: HashMap&lt;String, petgraph::graph::NodeIndex&gt;,
}
impl DependencyResolver {
pub fn resolve_execution_order(&amp;self) -&gt; Result&lt;Vec&lt;String&gt;, Error&gt; {
let mut topo = petgraph::algo::toposort(&amp;self.graph, None)
.map_err(|_| Error::CyclicDependency)?;
Ok(topo.into_iter()
.map(|idx| self.graph[idx].clone())
.collect())
}
pub fn add_dependency(&amp;mut self, from: &amp;str, to: &amp;str) {
let from_idx = self.get_or_create_node(from);
let to_idx = self.get_or_create_node(to);
self.graph.add_edge(from_idx, to_idx, ());
}
}</code></pre>
<h4 id="parallel-execution-pattern"><a class="header" href="#parallel-execution-pattern">Parallel Execution Pattern</a></h4>
<pre><code class="language-rust">use tokio::task::JoinSet;
use futures::stream::{FuturesUnordered, StreamExt};
pub async fn execute_parallel_batch(
operations: Vec&lt;Operation&gt;,
parallelism_limit: usize
) -&gt; Result&lt;Vec&lt;OperationResult&gt;, Error&gt; {
let semaphore = tokio::sync::Semaphore::new(parallelism_limit);
let mut join_set = JoinSet::new();
for operation in operations {
let permit = semaphore.clone();
join_set.spawn(async move {
let _permit = permit.acquire().await?;
execute_operation(operation).await
});
}
let mut results = Vec::new();
while let Some(result) = join_set.join_next().await {
results.push(result??);
}
Ok(results)
}</code></pre>
<h3 id="5-state-management-patterns"><a class="header" href="#5-state-management-patterns">5. State Management Patterns</a></h3>
<h4 id="checkpoint-based-recovery-pattern"><a class="header" href="#checkpoint-based-recovery-pattern">Checkpoint-Based Recovery Pattern</a></h4>
<p><strong>Use Case</strong>: Reliable state persistence and recovery</p>
<p><strong>Implementation</strong>:</p>
<pre><code class="language-rust">#[derive(Serialize, Deserialize)]
pub struct WorkflowCheckpoint {
pub workflow_id: String,
pub step: usize,
pub completed_operations: Vec&lt;String&gt;,
pub current_state: serde_json::Value,
pub metadata: HashMap&lt;String, String&gt;,
pub timestamp: chrono::DateTime&lt;chrono::Utc&gt;,
}
pub struct CheckpointManager {
checkpoint_dir: PathBuf,
}
impl CheckpointManager {
pub fn save_checkpoint(&amp;self, checkpoint: &amp;WorkflowCheckpoint) -&gt; Result&lt;(), Error&gt; {
let checkpoint_file = self.checkpoint_dir
.join(&amp;checkpoint.workflow_id)
.with_extension("json");
let checkpoint_data = serde_json::to_string_pretty(checkpoint)?;
std::fs::write(checkpoint_file, checkpoint_data)?;
Ok(())
}
pub fn restore_checkpoint(&amp;self, workflow_id: &amp;str) -&gt; Result&lt;Option&lt;WorkflowCheckpoint&gt;, Error&gt; {
let checkpoint_file = self.checkpoint_dir
.join(workflow_id)
.with_extension("json");
if checkpoint_file.exists() {
let checkpoint_data = std::fs::read_to_string(checkpoint_file)?;
let checkpoint = serde_json::from_str(&amp;checkpoint_data)?;
Ok(Some(checkpoint))
} else {
Ok(None)
}
}
}</code></pre>
<h4 id="rollback-pattern"><a class="header" href="#rollback-pattern">Rollback Pattern</a></h4>
<pre><code class="language-rust">pub struct RollbackManager {
rollback_stack: Vec&lt;RollbackAction&gt;,
}
#[derive(Clone, Debug)]
pub enum RollbackAction {
DeleteResource { provider: String, resource_id: String },
RestoreFile { path: PathBuf, content: String },
RevertConfiguration { key: String, value: serde_json::Value },
CustomAction { command: String, args: Vec&lt;String&gt; },
}
impl RollbackManager {
pub async fn execute_rollback(&amp;self) -&gt; Result&lt;(), Error&gt; {
// Execute rollback actions in reverse order
for action in self.rollback_stack.iter().rev() {
match action {
RollbackAction::DeleteResource { provider, resource_id } =&gt; {
self.delete_resource(provider, resource_id).await?;
}
RollbackAction::RestoreFile { path, content } =&gt; {
tokio::fs::write(path, content).await?;
}
// ... handle other rollback actions
}
}
Ok(())
}
}</code></pre>
<h3 id="6-event-and-messaging-patterns"><a class="header" href="#6-event-and-messaging-patterns">6. Event and Messaging Patterns</a></h3>
<h4 id="event-driven-architecture-pattern"><a class="header" href="#event-driven-architecture-pattern">Event-Driven Architecture Pattern</a></h4>
<p><strong>Use Case</strong>: Decoupled communication between components</p>
<p><strong>Event Definition</strong>:</p>
<pre><code class="language-rust">#[derive(Serialize, Deserialize, Clone, Debug)]
pub enum SystemEvent {
WorkflowStarted { workflow_id: String, name: String },
WorkflowCompleted { workflow_id: String, result: WorkflowResult },
WorkflowFailed { workflow_id: String, error: String },
ResourceCreated { provider: String, resource_type: String, resource_id: String },
ResourceDeleted { provider: String, resource_type: String, resource_id: String },
ConfigurationChanged { key: String, old_value: serde_json::Value, new_value: serde_json::Value },
}</code></pre>
<p><strong>Event Bus Implementation</strong>:</p>
<pre><code class="language-rust">use tokio::sync::broadcast;
pub struct EventBus {
sender: broadcast::Sender&lt;SystemEvent&gt;,
}
impl EventBus {
pub fn new(capacity: usize) -&gt; Self {
let (sender, _) = broadcast::channel(capacity);
Self { sender }
}
pub fn publish(&amp;self, event: SystemEvent) -&gt; Result&lt;(), Error&gt; {
self.sender.send(event)
.map_err(|_| Error::EventPublishFailed)?;
Ok(())
}
pub fn subscribe(&amp;self) -&gt; broadcast::Receiver&lt;SystemEvent&gt; {
self.sender.subscribe()
}
}</code></pre>
<h3 id="7-extension-integration-patterns"><a class="header" href="#7-extension-integration-patterns">7. Extension Integration Patterns</a></h3>
<h4 id="extension-discovery-and-loading"><a class="header" href="#extension-discovery-and-loading">Extension Discovery and Loading</a></h4>
<pre><code class="language-nushell">def discover-extensions [] -&gt; table {
let extension_dirs = glob "extensions/*/extension.toml"
$extension_dirs
| each { |manifest_path|
let extension_dir = $manifest_path | path dirname
let manifest = open $manifest_path
{
name: $manifest.extension.name,
version: $manifest.extension.version,
type: $manifest.extension.type,
path: $extension_dir,
manifest: $manifest,
valid: (validate-extension $manifest),
compatible: (check-compatibility $manifest.compatibility)
}
}
| where valid and compatible
}
</code></pre>
<h4 id="extension-interface-pattern"><a class="header" href="#extension-interface-pattern">Extension Interface Pattern</a></h4>
<pre><code class="language-nushell"># Standard extension interface
export def extension-info [] -&gt; record {
{
name: "custom-provider",
version: "1.0.0",
type: "provider",
description: "Custom cloud provider integration",
entry_points: {
cli: "nulib/cli.nu",
provider: "nulib/provider.nu"
}
}
}
export def extension-validate [] -&gt; bool {
# Validate extension configuration and dependencies
true
}
export def extension-activate [] -&gt; nothing {
# Perform extension activation tasks
}
export def extension-deactivate [] -&gt; nothing {
# Perform extension cleanup tasks
}
</code></pre>
<h3 id="8-api-design-patterns"><a class="header" href="#8-api-design-patterns">8. API Design Patterns</a></h3>
<h4 id="rest-api-standardization"><a class="header" href="#rest-api-standardization">REST API Standardization</a></h4>
<p><strong>Base API Structure</strong>:</p>
<pre><code class="language-rust">use axum::{
extract::{Path, State},
response::Json,
routing::{get, post, delete},
Router,
};
pub fn create_api_router(state: AppState) -&gt; Router {
Router::new()
.route("/health", get(health_check))
.route("/workflows", get(list_workflows).post(create_workflow))
.route("/workflows/:id", get(get_workflow).delete(delete_workflow))
.route("/workflows/:id/status", get(workflow_status))
.route("/workflows/:id/logs", get(workflow_logs))
.with_state(state)
}</code></pre>
<p><strong>Standard Response Format</strong>:</p>
<pre><code class="language-json">{
"status": "success" | "error" | "pending",
"data": { ... },
"metadata": {
"timestamp": "2025-09-26T12:00:00Z",
"request_id": "req-123",
"version": "3.1.0"
},
"error": null | {
"code": "ERR001",
"message": "Human readable error",
"details": { ... }
}
}
</code></pre>
<h2 id="error-handling-patterns"><a class="header" href="#error-handling-patterns">Error Handling Patterns</a></h2>
<h3 id="structured-error-pattern"><a class="header" href="#structured-error-pattern">Structured Error Pattern</a></h3>
<pre><code class="language-rust">#[derive(thiserror::Error, Debug)]
pub enum ProvisioningError {
#[error("Configuration error: {message}")]
Configuration { message: String },
#[error("Provider error [{provider}]: {message}")]
Provider { provider: String, message: String },
#[error("Workflow error [{workflow_id}]: {message}")]
Workflow { workflow_id: String, message: String },
#[error("Resource error [{resource_type}/{resource_id}]: {message}")]
Resource { resource_type: String, resource_id: String, message: String },
}</code></pre>
<h3 id="error-recovery-pattern"><a class="header" href="#error-recovery-pattern">Error Recovery Pattern</a></h3>
<pre><code class="language-nushell">def with-retry [operation: closure, max_attempts: int = 3] {
mut attempts = 0
mut last_error = null
while $attempts &lt; $max_attempts {
try {
return (do $operation)
} catch { |error|
$attempts = $attempts + 1
$last_error = $error
if $attempts &lt; $max_attempts {
let delay = (2 ** ($attempts - 1)) * 1000 # Exponential backoff
sleep $"($delay)ms"
}
}
}
error make { msg: $"Operation failed after ($max_attempts) attempts: ($last_error)" }
}
</code></pre>
<h2 id="performance-optimization-patterns"><a class="header" href="#performance-optimization-patterns">Performance Optimization Patterns</a></h2>
<h3 id="caching-strategy-pattern"><a class="header" href="#caching-strategy-pattern">Caching Strategy Pattern</a></h3>
<pre><code class="language-rust">use std::sync::Arc;
use tokio::sync::RwLock;
use std::collections::HashMap;
use chrono::{DateTime, Utc, Duration};
#[derive(Clone)]
pub struct CacheEntry&lt;T&gt; {
pub value: T,
pub expires_at: DateTime&lt;Utc&gt;,
}
pub struct Cache&lt;T&gt; {
store: Arc&lt;RwLock&lt;HashMap&lt;String, CacheEntry&lt;T&gt;&gt;&gt;&gt;,
default_ttl: Duration,
}
impl&lt;T: Clone&gt; Cache&lt;T&gt; {
pub async fn get(&amp;self, key: &amp;str) -&gt; Option&lt;T&gt; {
let store = self.store.read().await;
if let Some(entry) = store.get(key) {
if entry.expires_at &gt; Utc::now() {
Some(entry.value.clone())
} else {
None
}
} else {
None
}
}
pub async fn set(&amp;self, key: String, value: T) {
let expires_at = Utc::now() + self.default_ttl;
let entry = CacheEntry { value, expires_at };
let mut store = self.store.write().await;
store.insert(key, entry);
}
}</code></pre>
<h3 id="streaming-pattern-for-large-data"><a class="header" href="#streaming-pattern-for-large-data">Streaming Pattern for Large Data</a></h3>
<pre><code class="language-nushell">def process-large-dataset [source: string] -&gt; nothing {
# Stream processing instead of loading entire dataset
open $source
| lines
| each { |line|
# Process line individually
$line | process-record
}
| save output.json
}
</code></pre>
<h2 id="testing-integration-patterns"><a class="header" href="#testing-integration-patterns">Testing Integration Patterns</a></h2>
<h3 id="integration-test-pattern"><a class="header" href="#integration-test-pattern">Integration Test Pattern</a></h3>
<pre><code class="language-rust">#[cfg(test)]
mod integration_tests {
use super::*;
use tokio_test;
#[tokio::test]
async fn test_workflow_execution() {
let orchestrator = setup_test_orchestrator().await;
let workflow = create_test_workflow();
let result = orchestrator.execute_workflow(workflow).await;
assert!(result.is_ok());
assert_eq!(result.unwrap().status, WorkflowStatus::Completed);
}
}</code></pre>
<p>These integration patterns provide the foundation for the systems sophisticated multi-component architecture, enabling reliable, scalable, and
maintainable infrastructure automation.</p>
<p>Design patterns for extending and integrating with Provisioning.</p>
<h2 id="1-provider-integration-pattern"><a class="header" href="#1-provider-integration-pattern">1. Provider Integration Pattern</a></h2>
<p><strong>Pattern</strong>: Add a new cloud provider to Provisioning.</p>
<h2 id="2-task-service-integration-pattern"><a class="header" href="#2-task-service-integration-pattern">2. Task Service Integration Pattern</a></h2>
<p><strong>Pattern</strong>: Add infrastructure component.</p>
<h2 id="3-cluster-template-pattern"><a class="header" href="#3-cluster-template-pattern">3. Cluster Template Pattern</a></h2>
<p><strong>Pattern</strong>: Create pre-configured cluster template.</p>
<h2 id="4-batch-workflow-pattern"><a class="header" href="#4-batch-workflow-pattern">4. Batch Workflow Pattern</a></h2>
<p><strong>Pattern</strong>: Create automation workflow for complex operations.</p>
<h2 id="5-custom-extension-pattern"><a class="header" href="#5-custom-extension-pattern">5. Custom Extension Pattern</a></h2>
<p><strong>Pattern</strong>: Create custom Nushell library.</p>
<h2 id="6-authorization-policy-pattern"><a class="header" href="#6-authorization-policy-pattern">6. Authorization Policy Pattern</a></h2>
<p><strong>Pattern</strong>: Define fine-grained access control via Cedar.</p>
<h2 id="7-webhook-integration"><a class="header" href="#7-webhook-integration">7. Webhook Integration</a></h2>
<p><strong>Pattern</strong>: Trigger Provisioning from external systems.</p>
<h2 id="8-monitoring-integration"><a class="header" href="#8-monitoring-integration">8. Monitoring Integration</a></h2>
<p><strong>Pattern</strong>: Export metrics and logs to monitoring systems.</p>
<h2 id="9-cicd-integration"><a class="header" href="#9-cicd-integration">9. CI/CD Integration</a></h2>
<p><strong>Pattern</strong>: Use Provisioning in automated pipelines.</p>
<h2 id="10-mcp-tool-integration"><a class="header" href="#10-mcp-tool-integration">10. MCP Tool Integration</a></h2>
<p><strong>Pattern</strong>: Add AI-powered tool via MCP.</p>
<h2 id="integration-scenarios"><a class="header" href="#integration-scenarios">Integration Scenarios</a></h2>
<h3 id="multi-cloud-deployment"><a class="header" href="#multi-cloud-deployment">Multi-Cloud Deployment</a></h3>
<p>Deploy across UpCloud, AWS, and Hetzner in single workflow.</p>
<h3 id="gitops-workflow"><a class="header" href="#gitops-workflow">GitOps Workflow</a></h3>
<p>Git changes trigger infrastructure updates via webhooks.</p>
<h3 id="self-service-deployment"><a class="header" href="#self-service-deployment">Self-Service Deployment</a></h3>
<p>Non-technical users request infrastructure via natural language.</p>
<h2 id="best-practices"><a class="header" href="#best-practices">Best Practices</a></h2>
<ol>
<li>Use type-safe Nickel schemas</li>
<li>Implement proper error handling</li>
<li>Log all operations for audit trails</li>
<li>Test extensions before production</li>
<li>Document configuration &amp; usage</li>
<li>Version extensions independently</li>
<li>Support backward compatibility</li>
<li>Validate inputs &amp; encrypt credentials</li>
</ol>
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<ul>
<li><a href="system-overview.html">System Overview</a></li>
<li><a href="component-architecture.html">Component Architecture</a></li>
<li><a href="design-principles.html">Design Principles</a></li>
</ul>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../architecture/design-principles.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<a rel="prev" href="../architecture/component-architecture.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/orchestrator-integration-model.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next prefetch" href="../architecture/adr/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
@ -702,24 +237,48 @@ maintainable infrastructure automation.</p>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../architecture/design-principles.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<a rel="prev" href="../architecture/component-architecture.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/orchestrator-integration-model.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next prefetch" href="../architecture/adr/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_line_numbers = true;
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../ace.js"></script>
<script src="../mode-rust.js"></script>
<script src="../editor.js"></script>
<script src="../theme-dawn.js"></script>
<script src="../theme-tomorrow_night.js"></script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>

1109
docs/book/architecture/multi-repo-strategy.html
View File

File diff suppressed because it is too large Load Diff

756
docs/book/architecture/orchestrator-auth-integration.html
View File

@ -1,756 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Orchestrator Auth Integration - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/architecture/orchestrator-auth-integration.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="orchestrator-authentication--authorization-integration"><a class="header" href="#orchestrator-authentication--authorization-integration">Orchestrator Authentication &amp; Authorization Integration</a></h1>
<p><strong>Version</strong>: 1.0.0
<strong>Date</strong>: 2025-10-08
<strong>Status</strong>: Implemented</p>
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>Complete authentication and authorization flow integration for the Provisioning Orchestrator, connecting all security components (JWT validation, MFA
verification, Cedar authorization, rate limiting, and audit logging) into a cohesive security middleware chain.</p>
<h2 id="architecture"><a class="header" href="#architecture">Architecture</a></h2>
<h3 id="security-middleware-chain"><a class="header" href="#security-middleware-chain">Security Middleware Chain</a></h3>
<p>The middleware chain is applied in this specific order to ensure proper security:</p>
<pre><code class="language-plaintext">┌─────────────────────────────────────────────────────────────────┐
│ Incoming HTTP Request │
└────────────────────────┬────────────────────────────────────────┘
┌────────────────────────────────┐
│ 1. Rate Limiting Middleware │
│ - Per-IP request limits │
│ - Sliding window │
│ - Exempt IPs │
└────────────┬───────────────────┘
│ (429 if exceeded)
┌────────────────────────────────┐
│ 2. Authentication Middleware │
│ - Extract Bearer token │
│ - Validate JWT signature │
│ - Check expiry, issuer, aud │
│ - Check revocation │
└────────────┬───────────────────┘
│ (401 if invalid)
┌────────────────────────────────┐
│ 3. MFA Verification │
│ - Check MFA status in token │
│ - Enforce for sensitive ops │
│ - Production deployments │
│ - All DELETE operations │
└────────────┬───────────────────┘
│ (403 if required but missing)
┌────────────────────────────────┐
│ 4. Authorization Middleware │
│ - Build Cedar request │
│ - Evaluate policies │
│ - Check permissions │
│ - Log decision │
└────────────┬───────────────────┘
│ (403 if denied)
┌────────────────────────────────┐
│ 5. Audit Logging Middleware │
│ - Log complete request │
│ - User, action, resource │
│ - Authorization decision │
│ - Response status │
└────────────┬───────────────────┘
┌────────────────────────────────┐
│ Protected Handler │
│ - Access security context │
│ - Execute business logic │
└────────────────────────────────┘
</code></pre>
<h2 id="implementation-details"><a class="header" href="#implementation-details">Implementation Details</a></h2>
<h3 id="1-security-context-builder-middlewaresecurity_contextrs"><a class="header" href="#1-security-context-builder-middlewaresecurity_contextrs">1. Security Context Builder (<code>middleware/security_context.rs</code>)</a></h3>
<p><strong>Purpose</strong>: Build complete security context from authenticated requests.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Extracts JWT token claims</li>
<li>Determines MFA verification status</li>
<li>Extracts IP address (X-Forwarded-For, X-Real-IP)</li>
<li>Extracts user agent and session info</li>
<li>Provides permission checking methods</li>
</ul>
<p><strong>Lines of Code</strong>: 275</p>
<p><strong>Example</strong>:</p>
<pre><code class="language-rust">pub struct SecurityContext {
pub user_id: String,
pub token: ValidatedToken,
pub mfa_verified: bool,
pub ip_address: IpAddr,
pub user_agent: Option&lt;String&gt;,
pub permissions: Vec&lt;String&gt;,
pub workspace: String,
pub request_id: String,
pub session_id: Option&lt;String&gt;,
}
impl SecurityContext {
pub fn has_permission(&amp;self, permission: &amp;str) -&gt; bool { ... }
pub fn has_any_permission(&amp;self, permissions: &amp;[&amp;str]) -&gt; bool { ... }
pub fn has_all_permissions(&amp;self, permissions: &amp;[&amp;str]) -&gt; bool { ... }
}</code></pre>
<h3 id="2-enhanced-authentication-middleware-middlewareauthrs"><a class="header" href="#2-enhanced-authentication-middleware-middlewareauthrs">2. Enhanced Authentication Middleware (<code>middleware/auth.rs</code>)</a></h3>
<p><strong>Purpose</strong>: JWT token validation with revocation checking.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Bearer token extraction</li>
<li>JWT signature validation (RS256)</li>
<li>Expiry, issuer, audience checks</li>
<li>Token revocation status</li>
<li>Security context injection</li>
</ul>
<p><strong>Lines of Code</strong>: 245</p>
<p><strong>Flow</strong>:</p>
<ol>
<li>Extract <code>Authorization: Bearer &lt;token&gt;</code> header</li>
<li>Validate JWT with TokenValidator</li>
<li>Build SecurityContext</li>
<li>Inject into request extensions</li>
<li>Continue to next middleware or return 401</li>
</ol>
<p><strong>Error Responses</strong>:</p>
<ul>
<li><code>401 Unauthorized</code>: Missing/invalid token, expired, revoked</li>
<li><code>403 Forbidden</code>: Insufficient permissions</li>
</ul>
<h3 id="3-mfa-verification-middleware-middlewaremfars"><a class="header" href="#3-mfa-verification-middleware-middlewaremfars">3. MFA Verification Middleware (<code>middleware/mfa.rs</code>)</a></h3>
<p><strong>Purpose</strong>: Enforce MFA for sensitive operations.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Path-based MFA requirements</li>
<li>Method-based enforcement (all DELETEs)</li>
<li>Production environment protection</li>
<li>Clear error messages</li>
</ul>
<p><strong>Lines of Code</strong>: 290</p>
<p><strong>MFA Required For</strong>:</p>
<ul>
<li>Production deployments (<code>/production/</code>, <code>/prod/</code>)</li>
<li>All DELETE operations</li>
<li>Server operations (POST, PUT, DELETE)</li>
<li>Cluster operations (POST, PUT, DELETE)</li>
<li>Batch submissions</li>
<li>Rollback operations</li>
<li>Configuration changes (POST, PUT, DELETE)</li>
<li>Secret management</li>
<li>User/role management</li>
</ul>
<p><strong>Example</strong>:</p>
<pre><code class="language-rust">fn requires_mfa(method: &amp;str, path: &amp;str) -&gt; bool {
if path.contains("/production/") { return true; }
if method == "DELETE" { return true; }
if path.contains("/deploy") { return true; }
// ...
}</code></pre>
<h3 id="4-enhanced-authorization-middleware-middlewareauthzrs"><a class="header" href="#4-enhanced-authorization-middleware-middlewareauthzrs">4. Enhanced Authorization Middleware (<code>middleware/authz.rs</code>)</a></h3>
<p><strong>Purpose</strong>: Cedar policy evaluation with audit logging.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Builds Cedar authorization request from HTTP request</li>
<li>Maps HTTP methods to Cedar actions (GET→Read, POST→Create, etc.)</li>
<li>Extracts resource types from paths</li>
<li>Evaluates Cedar policies with context (MFA, IP, time, workspace)</li>
<li>Logs all authorization decisions to audit log</li>
<li>Non-blocking audit logging (tokio::spawn)</li>
</ul>
<p><strong>Lines of Code</strong>: 380</p>
<p><strong>Resource Mapping</strong>:</p>
<pre><code class="language-rust">/api/v1/servers/srv-123 → Resource::Server("srv-123")
/api/v1/taskserv/kubernetes → Resource::TaskService("kubernetes")
/api/v1/cluster/prod → Resource::Cluster("prod")
/api/v1/config/settings → Resource::Config("settings")</code></pre>
<p><strong>Action Mapping</strong>:</p>
<pre><code class="language-rust">GET → Action::Read
POST → Action::Create
PUT → Action::Update
DELETE → Action::Delete</code></pre>
<h3 id="5-rate-limiting-middleware-middlewarerate_limitrs"><a class="header" href="#5-rate-limiting-middleware-middlewarerate_limitrs">5. Rate Limiting Middleware (<code>middleware/rate_limit.rs</code>)</a></h3>
<p><strong>Purpose</strong>: Prevent API abuse with per-IP rate limiting.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Sliding window rate limiting</li>
<li>Per-IP request tracking</li>
<li>Configurable limits and windows</li>
<li>Exempt IP support</li>
<li>Automatic cleanup of old entries</li>
<li>Statistics tracking</li>
</ul>
<p><strong>Lines of Code</strong>: 420</p>
<p><strong>Configuration</strong>:</p>
<pre><code class="language-rust">pub struct RateLimitConfig {
pub max_requests: u32, // for example, 100
pub window_duration: Duration, // for example, 60 seconds
pub exempt_ips: Vec&lt;IpAddr&gt;, // for example, internal services
pub enabled: bool,
}
// Default: 100 requests per minute</code></pre>
<p><strong>Statistics</strong>:</p>
<pre><code class="language-rust">pub struct RateLimitStats {
pub total_ips: usize, // Number of tracked IPs
pub total_requests: u32, // Total requests made
pub limited_ips: usize, // IPs that hit the limit
pub config: RateLimitConfig,
}</code></pre>
<h3 id="6-security-integration-module-security_integrationrs"><a class="header" href="#6-security-integration-module-security_integrationrs">6. Security Integration Module (<code>security_integration.rs</code>)</a></h3>
<p><strong>Purpose</strong>: Helper module to integrate all security components.</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li><code>SecurityComponents</code> struct grouping all middleware</li>
<li><code>SecurityConfig</code> for configuration</li>
<li><code>initialize()</code> method to set up all components</li>
<li><code>disabled()</code> method for development mode</li>
<li><code>apply_security_middleware()</code> helper for router setup</li>
</ul>
<p><strong>Lines of Code</strong>: 265</p>
<p><strong>Usage Example</strong>:</p>
<pre><code class="language-rust">use provisioning_orchestrator::security_integration::{
SecurityComponents, SecurityConfig
};
// Initialize security
let config = SecurityConfig {
public_key_path: PathBuf::from("keys/public.pem"),
jwt_issuer: "control-center".to_string(),
jwt_audience: "orchestrator".to_string(),
cedar_policies_path: PathBuf::from("policies"),
auth_enabled: true,
authz_enabled: true,
mfa_enabled: true,
rate_limit_config: RateLimitConfig::new(100, 60),
};
let security = SecurityComponents::initialize(config, audit_logger).await?;
// Apply to router
let app = Router::new()
.route("/api/v1/servers", post(create_server))
.route("/api/v1/servers/:id", delete(delete_server));
let secured_app = apply_security_middleware(app, &amp;security);</code></pre>
<h2 id="integration-with-appstate"><a class="header" href="#integration-with-appstate">Integration with AppState</a></h2>
<h3 id="updated-appstate-structure"><a class="header" href="#updated-appstate-structure">Updated AppState Structure</a></h3>
<pre><code class="language-rust">pub struct AppState {
// Existing fields
pub task_storage: Arc&lt;dyn TaskStorage&gt;,
pub batch_coordinator: BatchCoordinator,
pub dependency_resolver: DependencyResolver,
pub state_manager: Arc&lt;WorkflowStateManager&gt;,
pub monitoring_system: Arc&lt;MonitoringSystem&gt;,
pub progress_tracker: Arc&lt;ProgressTracker&gt;,
pub rollback_system: Arc&lt;RollbackSystem&gt;,
pub test_orchestrator: Arc&lt;TestOrchestrator&gt;,
pub dns_manager: Arc&lt;DnsManager&gt;,
pub extension_manager: Arc&lt;ExtensionManager&gt;,
pub oci_manager: Arc&lt;OciManager&gt;,
pub service_orchestrator: Arc&lt;ServiceOrchestrator&gt;,
pub audit_logger: Arc&lt;AuditLogger&gt;,
pub args: Args,
// NEW: Security components
pub security: SecurityComponents,
}</code></pre>
<h3 id="initialization-in-mainrs"><a class="header" href="#initialization-in-mainrs">Initialization in main.rs</a></h3>
<pre><code class="language-rust">#[tokio::main]
async fn main() -&gt; Result&lt;()&gt; {
let args = Args::parse();
// Initialize AppState (creates audit_logger)
let state = Arc::new(AppState::new(args).await?);
// Initialize security components
let security_config = SecurityConfig {
public_key_path: PathBuf::from("keys/public.pem"),
jwt_issuer: env::var("JWT_ISSUER").unwrap_or("control-center".to_string()),
jwt_audience: "orchestrator".to_string(),
cedar_policies_path: PathBuf::from("policies"),
auth_enabled: env::var("AUTH_ENABLED").unwrap_or("true".to_string()) == "true",
authz_enabled: env::var("AUTHZ_ENABLED").unwrap_or("true".to_string()) == "true",
mfa_enabled: env::var("MFA_ENABLED").unwrap_or("true".to_string()) == "true",
rate_limit_config: RateLimitConfig::new(
env::var("RATE_LIMIT_MAX").unwrap_or("100".to_string()).parse().unwrap(),
env::var("RATE_LIMIT_WINDOW").unwrap_or("60".to_string()).parse().unwrap(),
),
};
let security = SecurityComponents::initialize(
security_config,
state.audit_logger.clone()
).await?;
// Public routes (no auth)
let public_routes = Router::new()
.route("/health", get(health_check));
// Protected routes (full security chain)
let protected_routes = Router::new()
.route("/api/v1/servers", post(create_server))
.route("/api/v1/servers/:id", delete(delete_server))
.route("/api/v1/taskserv", post(create_taskserv))
.route("/api/v1/cluster", post(create_cluster))
// ... more routes
;
// Apply security middleware to protected routes
let secured_routes = apply_security_middleware(protected_routes, &amp;security)
.with_state(state.clone());
// Combine routes
let app = Router::new()
.merge(public_routes)
.merge(secured_routes)
.layer(CorsLayer::permissive());
// Start server
let listener = tokio::net::TcpListener::bind("0.0.0.0:9090").await?;
axum::serve(listener, app).await?;
Ok(())
}</code></pre>
<h2 id="protected-endpoints"><a class="header" href="#protected-endpoints">Protected Endpoints</a></h2>
<h3 id="endpoint-categories"><a class="header" href="#endpoint-categories">Endpoint Categories</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Category</th><th>Example Endpoints</th><th>Auth Required</th><th>MFA Required</th><th>Cedar Policy</th></tr></thead><tbody>
<tr><td><strong>Health</strong></td><td><code>/health</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Read-Only</strong></td><td><code>GET /api/v1/servers</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Server Mgmt</strong></td><td><code>POST /api/v1/servers</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Server Delete</strong></td><td><code>DELETE /api/v1/servers/:id</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Taskserv Mgmt</strong></td><td><code>POST /api/v1/taskserv</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Cluster Mgmt</strong></td><td><code>POST /api/v1/cluster</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Production</strong></td><td><code>POST /api/v1/production/*</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Batch Ops</strong></td><td><code>POST /api/v1/batch/submit</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Rollback</strong></td><td><code>POST /api/v1/rollback</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Config Write</strong></td><td><code>POST /api/v1/config</code></td><td></td><td></td><td></td></tr>
<tr><td><strong>Secrets</strong></td><td><code>GET /api/v1/secret/*</code></td><td></td><td></td><td></td></tr>
</tbody></table>
</div>
<h2 id="complete-authentication-flow"><a class="header" href="#complete-authentication-flow">Complete Authentication Flow</a></h2>
<h3 id="step-by-step-flow"><a class="header" href="#step-by-step-flow">Step-by-Step Flow</a></h3>
<pre><code class="language-plaintext">1. CLIENT REQUEST
├─ Headers:
│ ├─ Authorization: Bearer &lt;jwt_token&gt;
│ ├─ X-Forwarded-For: 192.168.1.100
│ ├─ User-Agent: MyClient/1.0
│ └─ X-MFA-Verified: true
└─ Path: DELETE /api/v1/servers/prod-srv-01
2. RATE LIMITING MIDDLEWARE
├─ Extract IP: 192.168.1.100
├─ Check limit: 45/100 requests in window
├─ Decision: ALLOW (under limit)
└─ Continue →
3. AUTHENTICATION MIDDLEWARE
├─ Extract Bearer token
├─ Validate JWT:
│ ├─ Signature: ✅ Valid (RS256)
│ ├─ Expiry: ✅ Valid until 2025-10-09 10:00:00
│ ├─ Issuer: ✅ control-center
│ ├─ Audience: ✅ orchestrator
│ └─ Revoked: ✅ Not revoked
├─ Build SecurityContext:
│ ├─ user_id: "user-456"
│ ├─ workspace: "production"
│ ├─ permissions: ["read", "write", "delete"]
│ ├─ mfa_verified: true
│ └─ ip_address: 192.168.1.100
├─ Decision: ALLOW (valid token)
└─ Continue →
4. MFA VERIFICATION MIDDLEWARE
├─ Check endpoint: DELETE /api/v1/servers/prod-srv-01
├─ Requires MFA: ✅ YES (DELETE operation)
├─ MFA status: ✅ Verified
├─ Decision: ALLOW (MFA verified)
└─ Continue →
5. AUTHORIZATION MIDDLEWARE
├─ Build Cedar request:
│ ├─ Principal: User("user-456")
│ ├─ Action: Delete
│ ├─ Resource: Server("prod-srv-01")
│ └─ Context:
│ ├─ mfa_verified: true
│ ├─ ip_address: "192.168.1.100"
│ ├─ time: 2025-10-08T14:30:00Z
│ └─ workspace: "production"
├─ Evaluate Cedar policies:
│ ├─ Policy 1: Allow if user.role == "admin" ✅
│ ├─ Policy 2: Allow if mfa_verified == true ✅
│ └─ Policy 3: Deny if not business_hours ❌
├─ Decision: ALLOW (2 allow, 1 deny = allow)
├─ Log to audit: Authorization GRANTED
└─ Continue →
6. AUDIT LOGGING MIDDLEWARE
├─ Record:
│ ├─ User: user-456 (IP: 192.168.1.100)
│ ├─ Action: ServerDelete
│ ├─ Resource: prod-srv-01
│ ├─ Authorization: GRANTED
│ ├─ MFA: Verified
│ └─ Timestamp: 2025-10-08T14:30:00Z
└─ Continue →
7. PROTECTED HANDLER
├─ Execute business logic
├─ Delete server prod-srv-01
└─ Return: 200 OK
8. AUDIT LOGGING (Response)
├─ Update event:
│ ├─ Status: 200 OK
│ ├─ Duration: 1.234s
│ └─ Result: SUCCESS
└─ Write to audit log
9. CLIENT RESPONSE
└─ 200 OK: Server deleted successfully
</code></pre>
<h2 id="configuration"><a class="header" href="#configuration">Configuration</a></h2>
<h3 id="environment-variables"><a class="header" href="#environment-variables">Environment Variables</a></h3>
<pre><code class="language-bash"># JWT Configuration
JWT_ISSUER=control-center
JWT_AUDIENCE=orchestrator
PUBLIC_KEY_PATH=/path/to/keys/public.pem
# Cedar Policies
CEDAR_POLICIES_PATH=/path/to/policies
# Security Toggles
AUTH_ENABLED=true
AUTHZ_ENABLED=true
MFA_ENABLED=true
# Rate Limiting
RATE_LIMIT_MAX=100
RATE_LIMIT_WINDOW=60
RATE_LIMIT_EXEMPT_IPS=10.0.0.1,10.0.0.2
# Audit Logging
AUDIT_ENABLED=true
AUDIT_RETENTION_DAYS=365
</code></pre>
<h3 id="development-mode"><a class="header" href="#development-mode">Development Mode</a></h3>
<p>For development/testing, all security can be disabled:</p>
<pre><code class="language-rust">// In main.rs
let security = if env::var("DEVELOPMENT_MODE").unwrap_or("false".to_string()) == "true" {
SecurityComponents::disabled(audit_logger.clone())
} else {
SecurityComponents::initialize(security_config, audit_logger.clone()).await?
};</code></pre>
<h2 id="testing"><a class="header" href="#testing">Testing</a></h2>
<h3 id="integration-tests"><a class="header" href="#integration-tests">Integration Tests</a></h3>
<p>Location: <code>provisioning/platform/orchestrator/tests/security_integration_tests.rs</code></p>
<p><strong>Test Coverage</strong>:</p>
<ul>
<li>✅ Rate limiting enforcement</li>
<li>✅ Rate limit statistics</li>
<li>✅ Exempt IP handling</li>
<li>✅ Authentication missing token</li>
<li>✅ MFA verification for sensitive operations</li>
<li>✅ Cedar policy evaluation</li>
<li>✅ Complete security flow</li>
<li>✅ Security components initialization</li>
<li>✅ Configuration defaults</li>
</ul>
<p><strong>Lines of Code</strong>: 340</p>
<p><strong>Run Tests</strong>:</p>
<pre><code class="language-bash">cd provisioning/platform/orchestrator
cargo test security_integration_tests
</code></pre>
<h2 id="file-summary"><a class="header" href="#file-summary">File Summary</a></h2>
<div class="table-wrapper"><table><thead><tr><th>File</th><th>Purpose</th><th>Lines</th><th>Tests</th></tr></thead><tbody>
<tr><td><code>middleware/security_context.rs</code></td><td>Security context builder</td><td>275</td><td>8</td></tr>
<tr><td><code>middleware/auth.rs</code></td><td>JWT authentication</td><td>245</td><td>5</td></tr>
<tr><td><code>middleware/mfa.rs</code></td><td>MFA verification</td><td>290</td><td>15</td></tr>
<tr><td><code>middleware/authz.rs</code></td><td>Cedar authorization</td><td>380</td><td>4</td></tr>
<tr><td><code>middleware/rate_limit.rs</code></td><td>Rate limiting</td><td>420</td><td>8</td></tr>
<tr><td><code>middleware/mod.rs</code></td><td>Module exports</td><td>25</td><td>0</td></tr>
<tr><td><code>security_integration.rs</code></td><td>Integration helpers</td><td>265</td><td>2</td></tr>
<tr><td><code>tests/security_integration_tests.rs</code></td><td>Integration tests</td><td>340</td><td>11</td></tr>
<tr><td><strong>Total</strong></td><td></td><td><strong>2,240</strong></td><td><strong>53</strong></td></tr>
</tbody></table>
</div>
<h2 id="benefits"><a class="header" href="#benefits">Benefits</a></h2>
<h3 id="security"><a class="header" href="#security">Security</a></h3>
<ul>
<li>✅ Complete authentication flow with JWT validation</li>
<li>✅ MFA enforcement for sensitive operations</li>
<li>✅ Fine-grained authorization with Cedar policies</li>
<li>✅ Rate limiting prevents API abuse</li>
<li>✅ Complete audit trail for compliance</li>
</ul>
<h3 id="architecture-1"><a class="header" href="#architecture-1">Architecture</a></h3>
<ul>
<li>✅ Modular middleware design</li>
<li>✅ Clear separation of concerns</li>
<li>✅ Reusable security components</li>
<li>✅ Easy to test and maintain</li>
<li>✅ Configuration-driven behavior</li>
</ul>
<h3 id="operations"><a class="header" href="#operations">Operations</a></h3>
<ul>
<li>✅ Can enable/disable features independently</li>
<li>✅ Development mode for testing</li>
<li>✅ Comprehensive error messages</li>
<li>✅ Real-time statistics and monitoring</li>
<li>✅ Non-blocking audit logging</li>
</ul>
<h2 id="future-enhancements"><a class="header" href="#future-enhancements">Future Enhancements</a></h2>
<ol>
<li><strong>Token Refresh</strong>: Automatic token refresh before expiry</li>
<li><strong>IP Whitelisting</strong>: Additional IP-based access control</li>
<li><strong>Geolocation</strong>: Block requests from specific countries</li>
<li><strong>Advanced Rate Limiting</strong>: Per-user, per-endpoint limits</li>
<li><strong>Session Management</strong>: Track active sessions, force logout</li>
<li><strong>2FA Integration</strong>: Direct integration with TOTP/SMS providers</li>
<li><strong>Policy Hot Reload</strong>: Update Cedar policies without restart</li>
<li><strong>Metrics Dashboard</strong>: Real-time security metrics visualization</li>
</ol>
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<ul>
<li>Cedar Policy Language</li>
<li>JWT Token Management</li>
<li>MFA Setup Guide</li>
<li>Audit Log Format</li>
<li>Rate Limiting Best Practices</li>
</ul>
<h2 id="version-history"><a class="header" href="#version-history">Version History</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Version</th><th>Date</th><th>Changes</th></tr></thead><tbody>
<tr><td>1.0.0</td><td>2025-10-08</td><td>Initial implementation</td></tr>
</tbody></table>
</div>
<hr />
<p><strong>Maintained By</strong>: Security Team
<strong>Review Cycle</strong>: Quarterly
<strong>Last Reviewed</strong>: 2025-10-08</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../architecture/orchestrator-info.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/repo-dist-analysis.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../architecture/orchestrator-info.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/repo-dist-analysis.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

917
docs/book/architecture/orchestrator-integration-model.html
View File

@ -1,917 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Orchestrator Integration Model - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/architecture/orchestrator-integration-model.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="orchestrator-integration-model---deep-dive"><a class="header" href="#orchestrator-integration-model---deep-dive">Orchestrator Integration Model - Deep Dive</a></h1>
<p><strong>Date:</strong> 2025-10-01
<strong>Status:</strong> Clarification Document
<strong>Related:</strong> <a href="multi-repo-strategy.html">Multi-Repo Strategy</a>, <a href="../user/hybrid-orchestrator.html">Hybrid Orchestrator v3.0</a></p>
<h2 id="executive-summary"><a class="header" href="#executive-summary">Executive Summary</a></h2>
<p>This document clarifies <strong>how the Rust orchestrator integrates with Nushell core</strong> in both monorepo and multi-repo architectures. The orchestrator is
a <strong>critical performance layer</strong> that coordinates Nushell business logic execution, solving deep call stack limitations while preserving all existing
functionality.</p>
<hr />
<h2 id="current-architecture-hybrid-orchestrator-v30"><a class="header" href="#current-architecture-hybrid-orchestrator-v30">Current Architecture (Hybrid Orchestrator v3.0)</a></h2>
<h3 id="the-problem-being-solved"><a class="header" href="#the-problem-being-solved">The Problem Being Solved</a></h3>
<p><strong>Original Issue:</strong></p>
<pre><code class="language-plaintext">Deep call stack in Nushell (template.nu:71)
→ "Type not supported" errors
→ Cannot handle complex nested workflows
→ Performance bottlenecks with recursive calls
</code></pre>
<p><strong>Solution:</strong> Rust orchestrator provides:</p>
<ol>
<li><strong>Task queue management</strong> (file-based, reliable)</li>
<li><strong>Priority scheduling</strong> (intelligent task ordering)</li>
<li><strong>Deep call stack elimination</strong> (Rust handles recursion)</li>
<li><strong>Performance optimization</strong> (async/await, parallel execution)</li>
<li><strong>State management</strong> (workflow checkpointing)</li>
</ol>
<h3 id="how-it-works-today-monorepo"><a class="header" href="#how-it-works-today-monorepo">How It Works Today (Monorepo)</a></h3>
<pre><code class="language-plaintext">┌─────────────────────────────────────────────────────────────┐
│ User │
└───────────────────────────┬─────────────────────────────────┘
│ calls
┌───────────────┐
│ provisioning │ (Nushell CLI)
│ CLI │
└───────┬───────┘
┌───────────────────┼───────────────────┐
│ │ │
↓ ↓ ↓
┌───────────────┐ ┌───────────────┐ ┌──────────────┐
│ Direct Mode │ │Orchestrated │ │ Workflow │
│ (Simple ops) │ │ Mode │ │ Mode │
└───────────────┘ └───────┬───────┘ └──────┬───────┘
│ │
↓ ↓
┌────────────────────────────────┐
│ Rust Orchestrator Service │
│ (Background daemon) │
│ │
│ • Task Queue (file-based) │
│ • Priority Scheduler │
│ • Workflow Engine │
│ • REST API Server │
└────────┬───────────────────────┘
│ spawns
┌────────────────┐
│ Nushell │
│ Business Logic │
│ │
│ • servers.nu │
│ • taskservs.nu │
│ • clusters.nu │
└────────────────┘
</code></pre>
<h3 id="three-execution-modes"><a class="header" href="#three-execution-modes">Three Execution Modes</a></h3>
<h4 id="mode-1-direct-mode-simple-operations"><a class="header" href="#mode-1-direct-mode-simple-operations">Mode 1: Direct Mode (Simple Operations)</a></h4>
<pre><code class="language-bash"># No orchestrator needed
provisioning server list
provisioning env
provisioning help
# Direct Nushell execution
provisioning (CLI) → Nushell scripts → Result
</code></pre>
<h4 id="mode-2-orchestrated-mode-complex-operations"><a class="header" href="#mode-2-orchestrated-mode-complex-operations">Mode 2: Orchestrated Mode (Complex Operations)</a></h4>
<pre><code class="language-bash"># Uses orchestrator for coordination
provisioning server create --orchestrated
# Flow:
provisioning CLI → Orchestrator API → Task Queue → Nushell executor
Result back to user
</code></pre>
<h4 id="mode-3-workflow-mode-batch-operations"><a class="header" href="#mode-3-workflow-mode-batch-operations">Mode 3: Workflow Mode (Batch Operations)</a></h4>
<pre><code class="language-bash"># Complex workflows with dependencies
provisioning workflow submit server-cluster.ncl
# Flow:
provisioning CLI → Orchestrator Workflow Engine → Dependency Graph
Parallel task execution
Nushell scripts for each task
Checkpoint state
</code></pre>
<hr />
<h2 id="integration-patterns"><a class="header" href="#integration-patterns">Integration Patterns</a></h2>
<h3 id="pattern-1-cli-submits-tasks-to-orchestrator"><a class="header" href="#pattern-1-cli-submits-tasks-to-orchestrator">Pattern 1: CLI Submits Tasks to Orchestrator</a></h3>
<p><strong>Current Implementation:</strong></p>
<p><strong>Nushell CLI (<code>core/nulib/workflows/server_create.nu</code>):</strong></p>
<pre><code class="language-nushell"># Submit server creation workflow to orchestrator
export def server_create_workflow [
infra_name: string
--orchestrated
] {
if $orchestrated {
# Submit task to orchestrator
let task = {
type: "server_create"
infra: $infra_name
params: { ... }
}
# POST to orchestrator REST API
http post http://localhost:9090/workflows/servers/create $task
} else {
# Direct execution (old way)
do-server-create $infra_name
}
}
</code></pre>
<p><strong>Rust Orchestrator (<code>platform/orchestrator/src/api/workflows.rs</code>):</strong></p>
<pre><code class="language-rust">// Receive workflow submission from Nushell CLI
#[axum::debug_handler]
async fn create_server_workflow(
State(state): State&lt;Arc&lt;AppState&gt;&gt;,
Json(request): Json&lt;ServerCreateRequest&gt;,
) -&gt; Result&lt;Json&lt;WorkflowResponse&gt;, ApiError&gt; {
// Create task
let task = Task {
id: Uuid::new_v4(),
task_type: TaskType::ServerCreate,
payload: serde_json::to_value(&amp;request)?,
priority: Priority::Normal,
status: TaskStatus::Pending,
created_at: Utc::now(),
};
// Queue task
state.task_queue.enqueue(task).await?;
// Return immediately (async execution)
Ok(Json(WorkflowResponse {
workflow_id: task.id,
status: "queued",
}))
}</code></pre>
<p><strong>Flow:</strong></p>
<pre><code class="language-plaintext">User → provisioning server create --orchestrated
Nushell CLI prepares task
HTTP POST to orchestrator (localhost:9090)
Orchestrator queues task
Returns workflow ID immediately
User can monitor: provisioning workflow monitor &lt;id&gt;
</code></pre>
<h3 id="pattern-2-orchestrator-executes-nushell-scripts"><a class="header" href="#pattern-2-orchestrator-executes-nushell-scripts">Pattern 2: Orchestrator Executes Nushell Scripts</a></h3>
<p><strong>Orchestrator Task Executor (<code>platform/orchestrator/src/executor.rs</code>):</strong></p>
<pre><code class="language-rust">// Orchestrator spawns Nushell to execute business logic
pub async fn execute_task(task: Task) -&gt; Result&lt;TaskResult&gt; {
match task.task_type {
TaskType::ServerCreate =&gt; {
// Orchestrator calls Nushell script via subprocess
let output = Command::new("nu")
.arg("-c")
.arg(format!(
"use {}/servers/create.nu; create-server '{}'",
PROVISIONING_LIB_PATH,
task.payload.infra_name
))
.output()
.await?;
// Parse Nushell output
let result = parse_nushell_output(&amp;output)?;
Ok(TaskResult {
task_id: task.id,
status: if result.success { "completed" } else { "failed" },
output: result.data,
})
}
// Other task types...
}
}</code></pre>
<p><strong>Flow:</strong></p>
<pre><code class="language-plaintext">Orchestrator task queue has pending task
Executor picks up task
Spawns Nushell subprocess: nu -c "use servers/create.nu; create-server 'wuji'"
Nushell executes business logic
Returns result to orchestrator
Orchestrator updates task status
User monitors via: provisioning workflow status &lt;id&gt;
</code></pre>
<h3 id="pattern-3-bidirectional-communication"><a class="header" href="#pattern-3-bidirectional-communication">Pattern 3: Bidirectional Communication</a></h3>
<p><strong>Nushell Calls Orchestrator API:</strong></p>
<pre><code class="language-nushell"># Nushell script checks orchestrator status during execution
export def check-orchestrator-health [] {
let response = (http get http://localhost:9090/health)
if $response.status != "healthy" {
error make { msg: "Orchestrator not available" }
}
$response
}
# Nushell script reports progress to orchestrator
export def report-progress [task_id: string, progress: int] {
http post http://localhost:9090/tasks/$task_id/progress {
progress: $progress
status: "in_progress"
}
}
</code></pre>
<p><strong>Orchestrator Monitors Nushell Execution:</strong></p>
<pre><code class="language-rust">// Orchestrator tracks Nushell subprocess
pub async fn execute_with_monitoring(task: Task) -&gt; Result&lt;TaskResult&gt; {
let mut child = Command::new("nu")
.arg("-c")
.arg(&amp;task.script)
.stdout(Stdio::piped())
.stderr(Stdio::piped())
.spawn()?;
// Monitor stdout/stderr in real-time
let stdout = child.stdout.take().unwrap();
tokio::spawn(async move {
let reader = BufReader::new(stdout);
let mut lines = reader.lines();
while let Some(line) = lines.next_line().await.unwrap() {
// Parse progress updates from Nushell
if line.contains("PROGRESS:") {
update_task_progress(&amp;line);
}
}
});
// Wait for completion with timeout
let result = tokio::time::timeout(
Duration::from_secs(3600),
child.wait()
).await??;
Ok(TaskResult::from_exit_status(result))
}</code></pre>
<hr />
<h2 id="multi-repo-architecture-impact"><a class="header" href="#multi-repo-architecture-impact">Multi-Repo Architecture Impact</a></h2>
<h3 id="repository-split-doesnt-change-integration-model"><a class="header" href="#repository-split-doesnt-change-integration-model">Repository Split Doesnt Change Integration Model</a></h3>
<p><strong>In Multi-Repo Setup:</strong></p>
<p><strong>Repository: <code>provisioning-core</code></strong></p>
<ul>
<li>Contains: Nushell business logic</li>
<li>Installs to: <code>/usr/local/lib/provisioning/</code></li>
<li>Package: <code>provisioning-core-3.2.1.tar.gz</code></li>
</ul>
<p><strong>Repository: <code>provisioning-platform</code></strong></p>
<ul>
<li>Contains: Rust orchestrator</li>
<li>Installs to: <code>/usr/local/bin/provisioning-orchestrator</code></li>
<li>Package: <code>provisioning-platform-2.5.3.tar.gz</code></li>
</ul>
<p><strong>Runtime Integration (Same as Monorepo):</strong></p>
<pre><code class="language-plaintext">User installs both packages:
provisioning-core-3.2.1 → /usr/local/lib/provisioning/
provisioning-platform-2.5.3 → /usr/local/bin/provisioning-orchestrator
Orchestrator expects core at: /usr/local/lib/provisioning/
Core expects orchestrator at: http://localhost:9090/
No code dependencies, just runtime coordination!
</code></pre>
<h3 id="configuration-based-integration"><a class="header" href="#configuration-based-integration">Configuration-Based Integration</a></h3>
<p><strong>Core Package (<code>provisioning-core</code>) config:</strong></p>
<pre><code class="language-toml"># /usr/local/share/provisioning/config/config.defaults.toml
[orchestrator]
enabled = true
endpoint = "http://localhost:9090"
timeout = 60
auto_start = true # Start orchestrator if not running
[execution]
default_mode = "orchestrated" # Use orchestrator by default
fallback_to_direct = true # Fall back if orchestrator down
</code></pre>
<p><strong>Platform Package (<code>provisioning-platform</code>) config:</strong></p>
<pre><code class="language-toml"># /usr/local/share/provisioning/platform/config.toml
[orchestrator]
host = "127.0.0.1"
port = 8080
data_dir = "/var/lib/provisioning/orchestrator"
[executor]
nushell_binary = "nu" # Expects nu in PATH
provisioning_lib = "/usr/local/lib/provisioning"
max_concurrent_tasks = 10
task_timeout_seconds = 3600
</code></pre>
<h3 id="version-compatibility"><a class="header" href="#version-compatibility">Version Compatibility</a></h3>
<p><strong>Compatibility Matrix (<code>provisioning-distribution/versions.toml</code>):</strong></p>
<pre><code class="language-toml">[compatibility.platform."2.5.3"]
core = "^3.2" # Platform 2.5.3 compatible with core 3.2.x
min-core = "3.2.0"
api-version = "v1"
[compatibility.core."3.2.1"]
platform = "^2.5" # Core 3.2.1 compatible with platform 2.5.x
min-platform = "2.5.0"
orchestrator-api = "v1"
</code></pre>
<hr />
<h2 id="execution-flow-examples"><a class="header" href="#execution-flow-examples">Execution Flow Examples</a></h2>
<h3 id="example-1-simple-server-creation-direct-mode"><a class="header" href="#example-1-simple-server-creation-direct-mode">Example 1: Simple Server Creation (Direct Mode)</a></h3>
<p><strong>No Orchestrator Needed:</strong></p>
<pre><code class="language-bash">provisioning server list
# Flow:
CLI → servers/list.nu → Query state → Return results
(Orchestrator not involved)
</code></pre>
<h3 id="example-2-server-creation-with-orchestrator"><a class="header" href="#example-2-server-creation-with-orchestrator">Example 2: Server Creation with Orchestrator</a></h3>
<p><strong>Using Orchestrator:</strong></p>
<pre><code class="language-bash">provisioning server create --orchestrated --infra wuji
# Detailed Flow:
1. User executes command
2. Nushell CLI (provisioning binary)
3. Reads config: orchestrator.enabled = true
4. Prepares task payload:
{
type: "server_create",
infra: "wuji",
params: { ... }
}
5. HTTP POST → http://localhost:9090/workflows/servers/create
6. Orchestrator receives request
7. Creates task with UUID
8. Enqueues to task queue (file-based: /var/lib/provisioning/queue/)
9. Returns immediately: { workflow_id: "abc-123", status: "queued" }
10. User sees: "Workflow submitted: abc-123"
11. Orchestrator executor picks up task
12. Spawns Nushell subprocess:
nu -c "use /usr/local/lib/provisioning/servers/create.nu; create-server 'wuji'"
13. Nushell executes business logic:
- Reads Nickel config
- Calls provider API (UpCloud/AWS)
- Creates server
- Returns result
14. Orchestrator captures output
15. Updates task status: "completed"
16. User monitors: provisioning workflow status abc-123
→ Shows: "Server wuji created successfully"
</code></pre>
<h3 id="example-3-batch-workflow-with-dependencies"><a class="header" href="#example-3-batch-workflow-with-dependencies">Example 3: Batch Workflow with Dependencies</a></h3>
<p><strong>Complex Workflow:</strong></p>
<pre><code class="language-bash">provisioning batch submit multi-cloud-deployment.ncl
# Workflow contains:
- Create 5 servers (parallel)
- Install Kubernetes on servers (depends on server creation)
- Deploy applications (depends on Kubernetes)
# Detailed Flow:
1. CLI submits Nickel workflow to orchestrator
2. Orchestrator parses workflow
3. Builds dependency graph using petgraph (Rust)
4. Topological sort determines execution order
5. Creates tasks for each operation
6. Executes in parallel where possible:
[Server 1] [Server 2] [Server 3] [Server 4] [Server 5]
↓ ↓ ↓ ↓ ↓
(All execute in parallel via Nushell subprocesses)
↓ ↓ ↓ ↓ ↓
└──────────┴──────────┴──────────┴──────────┘
[All servers ready]
[Install Kubernetes]
(Nushell subprocess)
[Kubernetes ready]
[Deploy applications]
(Nushell subprocess)
[Complete]
7. Orchestrator checkpoints state at each step
8. If failure occurs, can retry from checkpoint
9. User monitors real-time: provisioning batch monitor &lt;id&gt;
</code></pre>
<hr />
<h2 id="why-this-architecture"><a class="header" href="#why-this-architecture">Why This Architecture</a></h2>
<h3 id="orchestrator-benefits"><a class="header" href="#orchestrator-benefits">Orchestrator Benefits</a></h3>
<ol>
<li>
<p><strong>Eliminates Deep Call Stack Issues</strong></p>
<pre><code class="language-text">
Without Orchestrator:
template.nu → calls → cluster.nu → calls → taskserv.nu → calls → provider.nu
(Deep nesting causes "Type not supported" errors)
With Orchestrator:
Orchestrator → spawns → Nushell subprocess (flat execution)
(No deep nesting, fresh Nushell context for each task)
</code></pre>
</li>
<li>
<p><strong>Performance Optimization</strong></p>
<pre><code class="language-rust">// Orchestrator executes tasks in parallel
let tasks = vec![task1, task2, task3, task4, task5];
let results = futures::future::join_all(
tasks.iter().map(|t| execute_task(t))
).await;
// 5 Nushell subprocesses run concurrently</code></pre>
</li>
<li>
<p><strong>Reliable State Management</strong></p>
</li>
</ol>
<pre><code class="language-plaintext"> Orchestrator maintains:
- Task queue (survives crashes)
- Workflow checkpoints (resume on failure)
- Progress tracking (real-time monitoring)
- Retry logic (automatic recovery)
</code></pre>
<ol>
<li><strong>Clean Separation</strong></li>
</ol>
<pre><code class="language-plaintext"> Orchestrator (Rust): Performance, concurrency, state
Business Logic (Nushell): Providers, taskservs, workflows
Each does what it's best at!
</code></pre>
<h3 id="why-not-pure-rust"><a class="header" href="#why-not-pure-rust">Why NOT Pure Rust</a></h3>
<p><strong>Question:</strong> Why not implement everything in Rust?</p>
<p><strong>Answer:</strong></p>
<ol>
<li>
<p><strong>Nushell is perfect for infrastructure automation:</strong></p>
<ul>
<li>Shell-like scripting for system operations</li>
<li>Built-in structured data handling</li>
<li>Easy template rendering</li>
<li>Readable business logic</li>
</ul>
</li>
<li>
<p><strong>Rapid iteration:</strong></p>
<ul>
<li>Change Nushell scripts without recompiling</li>
<li>Community can contribute Nushell modules</li>
<li>Template-based configuration generation</li>
</ul>
</li>
<li>
<p><strong>Best of both worlds:</strong></p>
<ul>
<li>Rust: Performance, type safety, concurrency</li>
<li>Nushell: Flexibility, readability, ease of use</li>
</ul>
</li>
</ol>
<hr />
<h2 id="multi-repo-integration-example"><a class="header" href="#multi-repo-integration-example">Multi-Repo Integration Example</a></h2>
<h3 id="installation"><a class="header" href="#installation">Installation</a></h3>
<p><strong>User installs bundle:</strong></p>
<pre><code class="language-bash">curl -fsSL https://get.provisioning.io | sh
# Installs:
1. provisioning-core-3.2.1.tar.gz
→ /usr/local/bin/provisioning (Nushell CLI)
→ /usr/local/lib/provisioning/ (Nushell libraries)
→ /usr/local/share/provisioning/ (configs, templates)
2. provisioning-platform-2.5.3.tar.gz
→ /usr/local/bin/provisioning-orchestrator (Rust binary)
→ /usr/local/share/provisioning/platform/ (platform configs)
3. Sets up systemd/launchd service for orchestrator
</code></pre>
<h3 id="runtime-coordination"><a class="header" href="#runtime-coordination">Runtime Coordination</a></h3>
<p><strong>Core package expects orchestrator:</strong></p>
<pre><code class="language-nushell"># core/nulib/lib_provisioning/orchestrator/client.nu
# Check if orchestrator is running
export def orchestrator-available [] {
let config = (load-config)
let endpoint = $config.orchestrator.endpoint
try {
let response = (http get $"($endpoint)/health")
$response.status == "healthy"
} catch {
false
}
}
# Auto-start orchestrator if needed
export def ensure-orchestrator [] {
if not (orchestrator-available) {
if (load-config).orchestrator.auto_start {
print "Starting orchestrator..."
^provisioning-orchestrator --daemon
sleep 2sec
}
}
}
</code></pre>
<p><strong>Platform package executes core scripts:</strong></p>
<pre><code class="language-rust">// platform/orchestrator/src/executor/nushell.rs
pub struct NushellExecutor {
provisioning_lib: PathBuf, // /usr/local/lib/provisioning
nu_binary: PathBuf, // nu (from PATH)
}
impl NushellExecutor {
pub async fn execute_script(&amp;self, script: &amp;str) -&gt; Result&lt;Output&gt; {
Command::new(&amp;self.nu_binary)
.env("NU_LIB_DIRS", &amp;self.provisioning_lib)
.arg("-c")
.arg(script)
.output()
.await
}
pub async fn execute_module_function(
&amp;self,
module: &amp;str,
function: &amp;str,
args: &amp;[String],
) -&gt; Result&lt;Output&gt; {
let script = format!(
"use {}/{}; {} {}",
self.provisioning_lib.display(),
module,
function,
args.join(" ")
);
self.execute_script(&amp;script).await
}
}</code></pre>
<hr />
<h2 id="configuration-examples"><a class="header" href="#configuration-examples">Configuration Examples</a></h2>
<h3 id="core-package-config"><a class="header" href="#core-package-config">Core Package Config</a></h3>
<p><strong><code>/usr/local/share/provisioning/config/config.defaults.toml</code>:</strong></p>
<pre><code class="language-toml">[orchestrator]
enabled = true
endpoint = "http://localhost:9090"
timeout_seconds = 60
auto_start = true
fallback_to_direct = true
[execution]
# Modes: "direct", "orchestrated", "auto"
default_mode = "auto" # Auto-detect based on complexity
# Operations that always use orchestrator
force_orchestrated = [
"server.create",
"cluster.create",
"batch.*",
"workflow.*"
]
# Operations that always run direct
force_direct = [
"*.list",
"*.show",
"help",
"version"
]
</code></pre>
<h3 id="platform-package-config"><a class="header" href="#platform-package-config">Platform Package Config</a></h3>
<p><strong><code>/usr/local/share/provisioning/platform/config.toml</code>:</strong></p>
<pre><code class="language-toml">[server]
host = "127.0.0.1"
port = 8080
[storage]
backend = "filesystem" # or "surrealdb"
data_dir = "/var/lib/provisioning/orchestrator"
[executor]
max_concurrent_tasks = 10
task_timeout_seconds = 3600
checkpoint_interval_seconds = 30
[nushell]
binary = "nu" # Expects nu in PATH
provisioning_lib = "/usr/local/lib/provisioning"
env_vars = { NU_LIB_DIRS = "/usr/local/lib/provisioning" }
</code></pre>
<hr />
<h2 id="key-takeaways"><a class="header" href="#key-takeaways">Key Takeaways</a></h2>
<h3 id="1-orchestrator-is-essential"><a class="header" href="#1-orchestrator-is-essential">1. <strong>Orchestrator is Essential</strong></a></h3>
<ul>
<li>Solves deep call stack problems</li>
<li>Provides performance optimization</li>
<li>Enables complex workflows</li>
<li>NOT optional for production use</li>
</ul>
<h3 id="2-integration-is-loose-but-coordinated"><a class="header" href="#2-integration-is-loose-but-coordinated">2. <strong>Integration is Loose but Coordinated</strong></a></h3>
<ul>
<li>No code dependencies between repos</li>
<li>Runtime integration via CLI + REST API</li>
<li>Configuration-driven coordination</li>
<li>Works in both monorepo and multi-repo</li>
</ul>
<h3 id="3-best-of-both-worlds"><a class="header" href="#3-best-of-both-worlds">3. <strong>Best of Both Worlds</strong></a></h3>
<ul>
<li>Rust: High-performance coordination</li>
<li>Nushell: Flexible business logic</li>
<li>Clean separation of concerns</li>
<li>Each technology does what its best at</li>
</ul>
<h3 id="4-multi-repo-doesnt-change-integration"><a class="header" href="#4-multi-repo-doesnt-change-integration">4. <strong>Multi-Repo Doesnt Change Integration</strong></a></h3>
<ul>
<li>Same runtime model as monorepo</li>
<li>Package installation sets up paths</li>
<li>Configuration enables discovery</li>
<li>Versioning ensures compatibility</li>
</ul>
<hr />
<h2 id="conclusion"><a class="header" href="#conclusion">Conclusion</a></h2>
<p>The confusing example in the multi-repo doc was <strong>oversimplified</strong>. The real architecture is:</p>
<pre><code class="language-plaintext">✅ Orchestrator IS USED and IS ESSENTIAL
✅ Platform (Rust) coordinates Core (Nushell) execution
✅ Loose coupling via CLI + REST API (not code dependencies)
✅ Works identically in monorepo and multi-repo
✅ Configuration-based integration (no hardcoded paths)
</code></pre>
<p>The orchestrator provides:</p>
<ul>
<li>Performance layer (async, parallel execution)</li>
<li>Workflow engine (complex dependencies)</li>
<li>State management (checkpoints, recovery)</li>
<li>Task queue (reliable execution)</li>
</ul>
<p>While Nushell provides:</p>
<ul>
<li>Business logic (providers, taskservs, clusters)</li>
<li>Template rendering (Jinja2 via nu_plugin_tera)</li>
<li>Configuration management (KCL integration)</li>
<li>User-facing scripting</li>
</ul>
<p><strong>Multi-repo just splits WHERE the code lives, not HOW it works together.</strong></p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../architecture/integration-patterns.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/multi-repo-architecture.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../architecture/integration-patterns.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../architecture/multi-repo-architecture.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

1189
docs/book/development/build-system.html
View File

File diff suppressed because it is too large Load Diff

1046
docs/book/development/distribution-process.html
View File

File diff suppressed because it is too large Load Diff

1020
docs/book/development/implementation-guide.html
View File

File diff suppressed because it is too large Load Diff

1302
docs/book/development/integration.html
View File

File diff suppressed because it is too large Load Diff

558
docs/book/development/project-structure.html
View File

@ -1,558 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Project Structure - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/development/project-structure.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="project-structure-guide"><a class="header" href="#project-structure-guide">Project Structure Guide</a></h1>
<p>This document provides a comprehensive overview of the provisioning projects structure after the major reorganization, explaining both the new
development-focused organization and the preserved existing functionality.</p>
<h2 id="table-of-contents"><a class="header" href="#table-of-contents">Table of Contents</a></h2>
<ol>
<li><a href="#overview">Overview</a></li>
<li><a href="#new-structure-vs-legacy">New Structure vs Legacy</a></li>
<li><a href="#core-directories">Core Directories</a></li>
<li><a href="#development-workspace">Development Workspace</a></li>
<li><a href="#file-naming-conventions">File Naming Conventions</a></li>
<li><a href="#navigation-guide">Navigation Guide</a></li>
<li><a href="#migration-path">Migration Path</a></li>
</ol>
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>The provisioning project has been restructured to support a dual-organization approach:</p>
<ul>
<li><strong><code>src/</code></strong>: Development-focused structure with build tools, distribution system, and core components</li>
<li><strong>Legacy directories</strong>: Preserved in their original locations for backward compatibility</li>
<li><strong><code>workspace/</code></strong>: Development workspace with tools and runtime management</li>
</ul>
<p>This reorganization enables efficient development workflows while maintaining full backward compatibility with existing deployments.</p>
<h2 id="new-structure-vs-legacy"><a class="header" href="#new-structure-vs-legacy">New Structure vs Legacy</a></h2>
<h3 id="new-development-structure-src"><a class="header" href="#new-development-structure-src">New Development Structure (<code>/src/</code>)</a></h3>
<pre><code class="language-plaintext">src/
├── config/ # System configuration
├── control-center/ # Control center application
├── control-center-ui/ # Web UI for control center
├── core/ # Core system libraries
├── docs/ # Documentation (new)
├── extensions/ # Extension framework
├── generators/ # Code generation tools
├── schemas/ # Nickel configuration schemas (migrated from kcl/)
├── orchestrator/ # Hybrid Rust/Nushell orchestrator
├── platform/ # Platform-specific code
├── provisioning/ # Main provisioning
├── templates/ # Template files
├── tools/ # Build and development tools
└── utils/ # Utility scripts
</code></pre>
<h3 id="legacy-structure-preserved"><a class="header" href="#legacy-structure-preserved">Legacy Structure (Preserved)</a></h3>
<pre><code class="language-plaintext">repo-cnz/
├── cluster/ # Cluster configurations (preserved)
├── core/ # Core system (preserved)
├── generate/ # Generation scripts (preserved)
├── schemas/ # Nickel schemas (migrated from kcl/)
├── klab/ # Development lab (preserved)
├── nushell-plugins/ # Plugin development (preserved)
├── providers/ # Cloud providers (preserved)
├── taskservs/ # Task services (preserved)
└── templates/ # Template files (preserved)
</code></pre>
<h3 id="development-workspace-workspace"><a class="header" href="#development-workspace-workspace">Development Workspace (<code>/workspace/</code>)</a></h3>
<pre><code class="language-plaintext">workspace/
├── config/ # Development configuration
├── extensions/ # Extension development
├── infra/ # Development infrastructure
├── lib/ # Workspace libraries
├── runtime/ # Runtime data
└── tools/ # Workspace management tools
</code></pre>
<h2 id="core-directories"><a class="header" href="#core-directories">Core Directories</a></h2>
<h3 id="srccore---core-development-libraries"><a class="header" href="#srccore---core-development-libraries"><code>/src/core/</code> - Core Development Libraries</a></h3>
<p><strong>Purpose</strong>: Development-focused core libraries and entry points</p>
<p><strong>Key Files</strong>:</p>
<ul>
<li><code>nulib/provisioning</code> - Main CLI entry point (symlinks to legacy location)</li>
<li><code>nulib/lib_provisioning/</code> - Core provisioning libraries</li>
<li><code>nulib/workflows/</code> - Workflow management (orchestrator integration)</li>
</ul>
<p><strong>Relationship to Legacy</strong>: Preserves original <code>core/</code> functionality while adding development enhancements</p>
<h3 id="srctools---build-and-development-tools"><a class="header" href="#srctools---build-and-development-tools"><code>/src/tools/</code> - Build and Development Tools</a></h3>
<p><strong>Purpose</strong>: Complete build system for the provisioning project</p>
<p><strong>Key Components</strong>:</p>
<pre><code class="language-plaintext">tools/
├── build/ # Build tools
│ ├── compile-platform.nu # Platform-specific compilation
│ ├── bundle-core.nu # Core library bundling
│ ├── validate-nickel.nu # Nickel schema validation
│ ├── clean-build.nu # Build cleanup
│ └── test-distribution.nu # Distribution testing
├── distribution/ # Distribution tools
│ ├── generate-distribution.nu # Main distribution generator
│ ├── prepare-platform-dist.nu # Platform-specific distribution
│ ├── prepare-core-dist.nu # Core distribution
│ ├── create-installer.nu # Installer creation
│ └── generate-docs.nu # Documentation generation
├── package/ # Packaging tools
│ ├── package-binaries.nu # Binary packaging
│ ├── build-containers.nu # Container image building
│ ├── create-tarball.nu # Archive creation
│ └── validate-package.nu # Package validation
├── release/ # Release management
│ ├── create-release.nu # Release creation
│ ├── upload-artifacts.nu # Artifact upload
│ ├── rollback-release.nu # Release rollback
│ ├── notify-users.nu # Release notifications
│ └── update-registry.nu # Package registry updates
└── Makefile # Main build system (40+ targets)
</code></pre>
<h3 id="srcorchestrator---hybrid-orchestrator"><a class="header" href="#srcorchestrator---hybrid-orchestrator"><code>/src/orchestrator/</code> - Hybrid Orchestrator</a></h3>
<p><strong>Purpose</strong>: Rust/Nushell hybrid orchestrator for solving deep call stack limitations</p>
<p><strong>Key Components</strong>:</p>
<ul>
<li><code>src/</code> - Rust orchestrator implementation</li>
<li><code>scripts/</code> - Orchestrator management scripts</li>
<li><code>data/</code> - File-based task queue and persistence</li>
</ul>
<p><strong>Integration</strong>: Provides REST API and workflow management while preserving all Nushell business logic</p>
<h3 id="srcprovisioning---enhanced-provisioning"><a class="header" href="#srcprovisioning---enhanced-provisioning"><code>/src/provisioning/</code> - Enhanced Provisioning</a></h3>
<p><strong>Purpose</strong>: Enhanced version of the main provisioning with additional features</p>
<p><strong>Key Features</strong>:</p>
<ul>
<li>Batch workflow system (v3.1.0)</li>
<li>Provider-agnostic design</li>
<li>Configuration-driven architecture (v2.0.0)</li>
</ul>
<h3 id="workspace---development-workspace"><a class="header" href="#workspace---development-workspace"><code>/workspace/</code> - Development Workspace</a></h3>
<p><strong>Purpose</strong>: Complete development environment with tools and runtime management</p>
<p><strong>Key Components</strong>:</p>
<ul>
<li><code>tools/workspace.nu</code> - Unified workspace management interface</li>
<li><code>lib/path-resolver.nu</code> - Smart path resolution system</li>
<li><code>config/</code> - Environment-specific development configurations</li>
<li><code>extensions/</code> - Extension development templates and examples</li>
<li><code>infra/</code> - Development infrastructure examples</li>
<li><code>runtime/</code> - Isolated runtime data per user</li>
</ul>
<h2 id="development-workspace"><a class="header" href="#development-workspace">Development Workspace</a></h2>
<h3 id="workspace-management"><a class="header" href="#workspace-management">Workspace Management</a></h3>
<p>The workspace provides a sophisticated development environment:</p>
<p><strong>Initialization</strong>:</p>
<pre><code class="language-bash">cd workspace/tools
nu workspace.nu init --user-name developer --infra-name my-infra
</code></pre>
<p><strong>Health Monitoring</strong>:</p>
<pre><code class="language-bash">nu workspace.nu health --detailed --fix-issues
</code></pre>
<p><strong>Path Resolution</strong>:</p>
<pre><code class="language-nushell">use lib/path-resolver.nu
let config = (path-resolver resolve_config "user" --workspace-user "john")
</code></pre>
<h3 id="extension-development"><a class="header" href="#extension-development">Extension Development</a></h3>
<p>The workspace provides templates for developing:</p>
<ul>
<li><strong>Providers</strong>: Custom cloud provider implementations</li>
<li><strong>Task Services</strong>: Infrastructure service components</li>
<li><strong>Clusters</strong>: Complete deployment solutions</li>
</ul>
<p>Templates are available in <code>workspace/extensions/{type}/template/</code></p>
<h3 id="configuration-hierarchy"><a class="header" href="#configuration-hierarchy">Configuration Hierarchy</a></h3>
<p>The workspace implements a sophisticated configuration cascade:</p>
<ol>
<li>Workspace user configuration (<code>workspace/config/{user}.toml</code>)</li>
<li>Environment-specific defaults (<code>workspace/config/{env}-defaults.toml</code>)</li>
<li>Workspace defaults (<code>workspace/config/dev-defaults.toml</code>)</li>
<li>Core system defaults (<code>config.defaults.toml</code>)</li>
</ol>
<h2 id="file-naming-conventions"><a class="header" href="#file-naming-conventions">File Naming Conventions</a></h2>
<h3 id="nushell-files-nu"><a class="header" href="#nushell-files-nu">Nushell Files (<code>.nu</code>)</a></h3>
<ul>
<li><strong>Commands</strong>: <code>kebab-case</code> - <code>create-server.nu</code>, <code>validate-config.nu</code></li>
<li><strong>Modules</strong>: <code>snake_case</code> - <code>lib_provisioning</code>, <code>path_resolver</code></li>
<li><strong>Scripts</strong>: <code>kebab-case</code> - <code>workspace-health.nu</code>, <code>runtime-manager.nu</code></li>
</ul>
<h3 id="configuration-files"><a class="header" href="#configuration-files">Configuration Files</a></h3>
<ul>
<li><strong>TOML</strong>: <code>kebab-case.toml</code> - <code>config-defaults.toml</code>, <code>user-settings.toml</code></li>
<li><strong>Environment</strong>: <code>{env}-defaults.toml</code> - <code>dev-defaults.toml</code>, <code>prod-defaults.toml</code></li>
<li><strong>Examples</strong>: <code>*.toml.example</code> - <code>local-overrides.toml.example</code></li>
</ul>
<h3 id="nickel-files-ncl"><a class="header" href="#nickel-files-ncl">Nickel Files (<code>.ncl</code>)</a></h3>
<ul>
<li><strong>Schemas</strong>: <code>kebab-case.ncl</code> - <code>server-config.ncl</code>, <code>workflow-schema.ncl</code></li>
<li><strong>Configuration</strong>: <code>manifest.toml</code> - Package metadata</li>
<li><strong>Structure</strong>: Organized in <code>schemas/</code> directories per extension</li>
</ul>
<h3 id="build-and-distribution"><a class="header" href="#build-and-distribution">Build and Distribution</a></h3>
<ul>
<li><strong>Scripts</strong>: <code>kebab-case.nu</code> - <code>compile-platform.nu</code>, <code>generate-distribution.nu</code></li>
<li><strong>Makefiles</strong>: <code>Makefile</code> - Standard naming</li>
<li><strong>Archives</strong>: <code>{project}-{version}-{platform}-{variant}.{ext}</code></li>
</ul>
<h2 id="navigation-guide"><a class="header" href="#navigation-guide">Navigation Guide</a></h2>
<h3 id="finding-components"><a class="header" href="#finding-components">Finding Components</a></h3>
<p><strong>Core System Entry Points</strong>:</p>
<pre><code class="language-bash"># Main CLI (development version)
/src/core/nulib/provisioning
# Legacy CLI (production version)
/core/nulib/provisioning
# Workspace management
/workspace/tools/workspace.nu
</code></pre>
<p><strong>Build System</strong>:</p>
<pre><code class="language-bash"># Main build system
cd /src/tools &amp;&amp; make help
# Quick development build
make dev-build
# Complete distribution
make all
</code></pre>
<p><strong>Configuration Files</strong>:</p>
<pre><code class="language-bash"># System defaults
/config.defaults.toml
# User configuration (workspace)
/workspace/config/{user}.toml
# Environment-specific
/workspace/config/{env}-defaults.toml
</code></pre>
<p><strong>Extension Development</strong>:</p>
<pre><code class="language-bash"># Provider template
/workspace/extensions/providers/template/
# Task service template
/workspace/extensions/taskservs/template/
# Cluster template
/workspace/extensions/clusters/template/
</code></pre>
<h3 id="common-workflows"><a class="header" href="#common-workflows">Common Workflows</a></h3>
<p><strong>1. Development Setup</strong>:</p>
<pre><code class="language-bash"># Initialize workspace
cd workspace/tools
nu workspace.nu init --user-name $USER
# Check health
nu workspace.nu health --detailed
</code></pre>
<p><strong>2. Building Distribution</strong>:</p>
<pre><code class="language-bash"># Complete build
cd src/tools
make all
# Platform-specific build
make linux
make macos
make windows
</code></pre>
<p><strong>3. Extension Development</strong>:</p>
<pre><code class="language-bash"># Create new provider
cp -r workspace/extensions/providers/template workspace/extensions/providers/my-provider
# Test extension
nu workspace/extensions/providers/my-provider/nulib/provider.nu test
</code></pre>
<h3 id="legacy-compatibility"><a class="header" href="#legacy-compatibility">Legacy Compatibility</a></h3>
<p><strong>Existing Commands Still Work</strong>:</p>
<pre><code class="language-bash"># All existing commands preserved
./core/nulib/provisioning server create
./core/nulib/provisioning taskserv install kubernetes
./core/nulib/provisioning cluster create buildkit
</code></pre>
<p><strong>Configuration Migration</strong>:</p>
<ul>
<li>ENV variables still supported as fallbacks</li>
<li>New configuration system provides better defaults</li>
<li>Migration tools available in <code>src/tools/migration/</code></li>
</ul>
<h2 id="migration-path"><a class="header" href="#migration-path">Migration Path</a></h2>
<h3 id="for-users"><a class="header" href="#for-users">For Users</a></h3>
<p><strong>No Changes Required</strong>:</p>
<ul>
<li>All existing commands continue to work</li>
<li>Configuration files remain compatible</li>
<li>Existing infrastructure deployments unaffected</li>
</ul>
<p><strong>Optional Enhancements</strong>:</p>
<ul>
<li>Migrate to new configuration system for better defaults</li>
<li>Use workspace for development environments</li>
<li>Leverage new build system for custom distributions</li>
</ul>
<h3 id="for-developers"><a class="header" href="#for-developers">For Developers</a></h3>
<p><strong>Development Environment</strong>:</p>
<ol>
<li>Initialize development workspace: <code>nu workspace/tools/workspace.nu init</code></li>
<li>Use new build system: <code>cd src/tools &amp;&amp; make dev-build</code></li>
<li>Leverage extension templates for custom development</li>
</ol>
<p><strong>Build System</strong>:</p>
<ol>
<li>Use new Makefile for comprehensive build management</li>
<li>Leverage distribution tools for packaging</li>
<li>Use release management for version control</li>
</ol>
<p><strong>Orchestrator Integration</strong>:</p>
<ol>
<li>Start orchestrator for workflow management: <code>cd src/orchestrator &amp;&amp; ./scripts/start-orchestrator.nu</code></li>
<li>Use workflow APIs for complex operations</li>
<li>Leverage batch operations for efficiency</li>
</ol>
<h3 id="migration-tools"><a class="header" href="#migration-tools">Migration Tools</a></h3>
<p><strong>Available Migration Scripts</strong>:</p>
<ul>
<li><code>src/tools/migration/config-migration.nu</code> - Configuration migration</li>
<li><code>src/tools/migration/workspace-setup.nu</code> - Workspace initialization</li>
<li><code>src/tools/migration/path-resolver.nu</code> - Path resolution migration</li>
</ul>
<p><strong>Validation Tools</strong>:</p>
<ul>
<li><code>src/tools/validation/system-health.nu</code> - System health validation</li>
<li><code>src/tools/validation/compatibility-check.nu</code> - Compatibility verification</li>
<li><code>src/tools/validation/migration-status.nu</code> - Migration status tracking</li>
</ul>
<h2 id="architecture-benefits"><a class="header" href="#architecture-benefits">Architecture Benefits</a></h2>
<h3 id="development-efficiency"><a class="header" href="#development-efficiency">Development Efficiency</a></h3>
<ul>
<li><strong>Build System</strong>: Comprehensive 40+ target Makefile system</li>
<li><strong>Workspace Isolation</strong>: Per-user development environments</li>
<li><strong>Extension Framework</strong>: Template-based extension development</li>
</ul>
<h3 id="production-reliability"><a class="header" href="#production-reliability">Production Reliability</a></h3>
<ul>
<li><strong>Backward Compatibility</strong>: All existing functionality preserved</li>
<li><strong>Configuration Migration</strong>: Gradual migration from ENV to config-driven</li>
<li><strong>Orchestrator Architecture</strong>: Hybrid Rust/Nushell for performance and flexibility</li>
<li><strong>Workflow Management</strong>: Batch operations with rollback capabilities</li>
</ul>
<h3 id="maintenance-benefits"><a class="header" href="#maintenance-benefits">Maintenance Benefits</a></h3>
<ul>
<li><strong>Clean Separation</strong>: Development tools separate from production code</li>
<li><strong>Organized Structure</strong>: Logical grouping of related functionality</li>
<li><strong>Documentation</strong>: Comprehensive documentation and examples</li>
<li><strong>Testing Framework</strong>: Built-in testing and validation tools</li>
</ul>
<p>This structure represents a significant evolution in the projects organization while maintaining complete backward compatibility and providing
powerful new development capabilities.</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../development/implementation-guide.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../development/ctrl-c-implementation-notes.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../development/implementation-guide.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../development/ctrl-c-implementation-notes.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

1099
docs/book/development/workflow.html
View File

File diff suppressed because it is too large Load Diff

915
docs/book/guides/customize-infrastructure.html
View File

@ -1,915 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Customize Infrastructure - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/guides/customize-infrastructure.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="customize-infrastructure"><a class="header" href="#customize-infrastructure">Customize Infrastructure</a></h1>
<p><strong>Goal</strong>: Customize infrastructure using layers, templates, and configuration patterns
<strong>Time</strong>: 20-40 minutes
<strong>Difficulty</strong>: Intermediate to Advanced</p>
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>This guide covers:</p>
<ol>
<li>Understanding the layer system</li>
<li>Using templates</li>
<li>Creating custom modules</li>
<li>Configuration inheritance</li>
<li>Advanced customization patterns</li>
</ol>
<h2 id="the-layer-system"><a class="header" href="#the-layer-system">The Layer System</a></h2>
<h3 id="understanding-layers"><a class="header" href="#understanding-layers">Understanding Layers</a></h3>
<p>The provisioning system uses a <strong>3-layer architecture</strong> for configuration inheritance:</p>
<pre><code class="language-plaintext">┌─────────────────────────────────────┐
│ Infrastructure Layer (Priority 300)│ ← Highest priority
│ workspace/infra/{name}/ │
│ • Project-specific configs │
│ • Environment customizations │
│ • Local overrides │
└─────────────────────────────────────┘
↓ overrides
┌─────────────────────────────────────┐
│ Workspace Layer (Priority 200) │
│ provisioning/workspace/templates/ │
│ • Reusable patterns │
│ • Organization standards │
│ • Team conventions │
└─────────────────────────────────────┘
↓ overrides
┌─────────────────────────────────────┐
│ Core Layer (Priority 100) │ ← Lowest priority
│ provisioning/extensions/ │
│ • System defaults │
│ • Provider implementations │
│ • Default taskserv configs │
└─────────────────────────────────────┘
</code></pre>
<p><strong>Resolution Order</strong>: Infrastructure (300) → Workspace (200) → Core (100)</p>
<p>Higher numbers override lower numbers.</p>
<h3 id="view-layer-resolution"><a class="header" href="#view-layer-resolution">View Layer Resolution</a></h3>
<pre><code class="language-bash"># Explain layer concept
provisioning lyr explain
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📚 LAYER SYSTEM EXPLAINED
The layer system provides configuration inheritance across 3 levels:
🔵 CORE LAYER (100) - System Defaults
Location: provisioning/extensions/
• Base taskserv configurations
• Default provider settings
• Standard cluster templates
• Built-in extensions
🟢 WORKSPACE LAYER (200) - Shared Templates
Location: provisioning/workspace/templates/
• Organization-wide patterns
• Reusable configurations
• Team standards
• Custom extensions
🔴 INFRASTRUCTURE LAYER (300) - Project Specific
Location: workspace/infra/{project}/
• Project-specific overrides
• Environment customizations
• Local modifications
• Runtime settings
Resolution: Infrastructure → Workspace → Core
Higher priority layers override lower ones.
</code></pre>
<pre><code class="language-bash"># Show layer resolution for your project
provisioning lyr show my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📊 Layer Resolution for my-production:
LAYER PRIORITY SOURCE FILES
Infrastructure 300 workspace/infra/my-production/ 4 files
• servers.ncl (overrides)
• taskservs.ncl (overrides)
• clusters.ncl (custom)
• providers.ncl (overrides)
Workspace 200 provisioning/workspace/templates/ 2 files
• production.ncl (used)
• kubernetes.ncl (used)
Core 100 provisioning/extensions/ 15 files
• taskservs/* (base configs)
• providers/* (default settings)
• clusters/* (templates)
Resolution Order: Infrastructure → Workspace → Core
Status: ✅ All layers resolved successfully
</code></pre>
<h3 id="test-layer-resolution"><a class="header" href="#test-layer-resolution">Test Layer Resolution</a></h3>
<pre><code class="language-bash"># Test how a specific module resolves
provisioning lyr test kubernetes my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🔍 Layer Resolution Test: kubernetes → my-production
Resolving kubernetes configuration...
🔴 Infrastructure Layer (300):
✅ Found: workspace/infra/my-production/taskservs/kubernetes.ncl
Provides:
• version = "1.30.0" (overrides)
• control_plane_servers = ["web-01"] (overrides)
• worker_servers = ["web-02"] (overrides)
🟢 Workspace Layer (200):
✅ Found: provisioning/workspace/templates/production-kubernetes.ncl
Provides:
• security_policies (inherited)
• network_policies (inherited)
• resource_quotas (inherited)
🔵 Core Layer (100):
✅ Found: provisioning/extensions/taskservs/kubernetes/main.ncl
Provides:
• default_version = "1.29.0" (base)
• default_features (base)
• default_plugins (base)
Final Configuration (after merging all layers):
version: "1.30.0" (from Infrastructure)
control_plane_servers: ["web-01"] (from Infrastructure)
worker_servers: ["web-02"] (from Infrastructure)
security_policies: {...} (from Workspace)
network_policies: {...} (from Workspace)
resource_quotas: {...} (from Workspace)
default_features: {...} (from Core)
default_plugins: {...} (from Core)
Resolution: ✅ Success
</code></pre>
<h2 id="using-templates"><a class="header" href="#using-templates">Using Templates</a></h2>
<h3 id="list-available-templates"><a class="header" href="#list-available-templates">List Available Templates</a></h3>
<pre><code class="language-bash"># List all templates
provisioning tpl list
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📋 Available Templates:
TASKSERVS:
• production-kubernetes - Production-ready Kubernetes setup
• production-postgres - Production PostgreSQL with replication
• production-redis - Redis cluster with sentinel
• development-kubernetes - Development Kubernetes (minimal)
• ci-cd-pipeline - Complete CI/CD pipeline
PROVIDERS:
• upcloud-production - UpCloud production settings
• upcloud-development - UpCloud development settings
• aws-production - AWS production VPC setup
• aws-development - AWS development environment
• local-docker - Local Docker-based setup
CLUSTERS:
• buildkit-cluster - BuildKit for container builds
• monitoring-stack - Prometheus + Grafana + Loki
• security-stack - Security monitoring tools
Total: 13 templates
</code></pre>
<pre><code class="language-bash"># List templates by type
provisioning tpl list --type taskservs
provisioning tpl list --type providers
provisioning tpl list --type clusters
</code></pre>
<h3 id="view-template-details"><a class="header" href="#view-template-details">View Template Details</a></h3>
<pre><code class="language-bash"># Show template details
provisioning tpl show production-kubernetes
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📄 Template: production-kubernetes
Description: Production-ready Kubernetes configuration with
security hardening, network policies, and monitoring
Category: taskservs
Version: 1.0.0
Configuration Provided:
• Kubernetes version: 1.30.0
• Security policies: Pod Security Standards (restricted)
• Network policies: Default deny + allow rules
• Resource quotas: Per-namespace limits
• Monitoring: Prometheus integration
• Logging: Loki integration
• Backup: Velero configuration
Requirements:
• Minimum 2 servers
• 4 GB RAM per server
• Network plugin (Cilium recommended)
Location: provisioning/workspace/templates/production-kubernetes.ncl
Example Usage:
provisioning tpl apply production-kubernetes my-production
</code></pre>
<h3 id="apply-template"><a class="header" href="#apply-template">Apply Template</a></h3>
<pre><code class="language-bash"># Apply template to your infrastructure
provisioning tpl apply production-kubernetes my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Applying template: production-kubernetes → my-production
Checking compatibility... ⏳
✅ Infrastructure compatible with template
Merging configuration... ⏳
✅ Configuration merged
Files created/updated:
• workspace/infra/my-production/taskservs/kubernetes.ncl (updated)
• workspace/infra/my-production/policies/security.ncl (created)
• workspace/infra/my-production/policies/network.ncl (created)
• workspace/infra/my-production/monitoring/prometheus.ncl (created)
🎉 Template applied successfully!
Next steps:
1. Review generated configuration
2. Adjust as needed
3. Deploy: provisioning t create kubernetes --infra my-production
</code></pre>
<h3 id="validate-template-usage"><a class="header" href="#validate-template-usage">Validate Template Usage</a></h3>
<pre><code class="language-bash"># Validate template was applied correctly
provisioning tpl validate my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">✅ Template Validation: my-production
Templates Applied:
✅ production-kubernetes (v1.0.0)
✅ production-postgres (v1.0.0)
Configuration Status:
✅ All required fields present
✅ No conflicting settings
✅ Dependencies satisfied
Compliance:
✅ Security policies configured
✅ Network policies configured
✅ Resource quotas set
✅ Monitoring enabled
Status: ✅ Valid
</code></pre>
<h2 id="creating-custom-templates"><a class="header" href="#creating-custom-templates">Creating Custom Templates</a></h2>
<h3 id="step-1-create-template-structure"><a class="header" href="#step-1-create-template-structure">Step 1: Create Template Structure</a></h3>
<pre><code class="language-bash"># Create custom template directory
mkdir -p provisioning/workspace/templates/my-custom-template
</code></pre>
<h3 id="step-2-write-template-configuration"><a class="header" href="#step-2-write-template-configuration">Step 2: Write Template Configuration</a></h3>
<p><strong>File: <code>provisioning/workspace/templates/my-custom-template/main.ncl</code></strong></p>
<pre><code class="language-nickel"># Custom Kubernetes template with specific settings
let kubernetes_config = {
# Version
version = "1.30.0",
# Custom feature gates
feature_gates = {
"GracefulNodeShutdown" = true,
"SeccompDefault" = true,
"StatefulSetAutoDeletePVC" = true,
},
# Custom kubelet configuration
kubelet_config = {
max_pods = 110,
pod_pids_limit = 4096,
container_log_max_size = "10Mi",
container_log_max_files = 5,
},
# Custom API server flags
apiserver_extra_args = {
"enable-admission-plugins" = "NodeRestriction,PodSecurity,LimitRanger",
"audit-log-maxage" = "30",
"audit-log-maxbackup" = "10",
},
# Custom scheduler configuration
scheduler_config = {
profiles = [
{
name = "high-availability",
plugins = {
score = {
enabled = [
{name = "NodeResourcesBalancedAllocation", weight = 2},
{name = "NodeResourcesLeastAllocated", weight = 1},
],
},
},
},
],
},
# Network configuration
network = {
service_cidr = "10.96.0.0/12",
pod_cidr = "10.244.0.0/16",
dns_domain = "cluster.local",
},
# Security configuration
security = {
pod_security_standard = "restricted",
encrypt_etcd = true,
rotate_certificates = true,
},
} in
kubernetes_config
</code></pre>
<h3 id="step-3-create-template-metadata"><a class="header" href="#step-3-create-template-metadata">Step 3: Create Template Metadata</a></h3>
<p><strong>File: <code>provisioning/workspace/templates/my-custom-template/metadata.toml</code></strong></p>
<pre><code class="language-toml">[template]
name = "my-custom-template"
version = "1.0.0"
description = "Custom Kubernetes template with enhanced security"
category = "taskservs"
author = "Your Name"
[requirements]
min_servers = 2
min_memory_gb = 4
required_taskservs = ["containerd", "cilium"]
[tags]
environment = ["production", "staging"]
features = ["security", "monitoring", "high-availability"]
</code></pre>
<h3 id="step-4-test-custom-template"><a class="header" href="#step-4-test-custom-template">Step 4: Test Custom Template</a></h3>
<pre><code class="language-bash"># List templates (should include your custom template)
provisioning tpl list
# Show your template
provisioning tpl show my-custom-template
# Apply to test infrastructure
provisioning tpl apply my-custom-template my-test
</code></pre>
<h2 id="configuration-inheritance-examples"><a class="header" href="#configuration-inheritance-examples">Configuration Inheritance Examples</a></h2>
<h3 id="example-1-override-single-value"><a class="header" href="#example-1-override-single-value">Example 1: Override Single Value</a></h3>
<p><strong>Core Layer</strong> (<code>provisioning/extensions/taskservs/postgres/main.ncl</code>):</p>
<pre><code class="language-nickel">let postgres_config = {
version = "15.5",
port = 5432,
max_connections = 100,
} in
postgres_config
</code></pre>
<p><strong>Infrastructure Layer</strong> (<code>workspace/infra/my-production/taskservs/postgres.ncl</code>):</p>
<pre><code class="language-nickel">let postgres_config = {
max_connections = 500, # Override only max_connections
} in
postgres_config
</code></pre>
<p><strong>Result</strong> (after layer resolution):</p>
<pre><code class="language-nickel">let postgres_config = {
version = "15.5", # From Core
port = 5432, # From Core
max_connections = 500, # From Infrastructure (overridden)
} in
postgres_config
</code></pre>
<h3 id="example-2-add-custom-configuration"><a class="header" href="#example-2-add-custom-configuration">Example 2: Add Custom Configuration</a></h3>
<p><strong>Workspace Layer</strong> (<code>provisioning/workspace/templates/production-postgres.ncl</code>):</p>
<pre><code class="language-nickel">let postgres_config = {
replication = {
enabled = true,
replicas = 2,
sync_mode = "async",
},
} in
postgres_config
</code></pre>
<p><strong>Infrastructure Layer</strong> (<code>workspace/infra/my-production/taskservs/postgres.ncl</code>):</p>
<pre><code class="language-nickel">let postgres_config = {
replication = {
sync_mode = "sync", # Override sync mode
},
custom_extensions = ["pgvector", "timescaledb"], # Add custom config
} in
postgres_config
</code></pre>
<p><strong>Result</strong>:</p>
<pre><code class="language-nickel">let postgres_config = {
version = "15.5", # From Core
port = 5432, # From Core
max_connections = 100, # From Core
replication = {
enabled = true, # From Workspace
replicas = 2, # From Workspace
sync_mode = "sync", # From Infrastructure (overridden)
},
custom_extensions = ["pgvector", "timescaledb"], # From Infrastructure (added)
} in
postgres_config
</code></pre>
<h3 id="example-3-environment-specific-configuration"><a class="header" href="#example-3-environment-specific-configuration">Example 3: Environment-Specific Configuration</a></h3>
<p><strong>Workspace Layer</strong> (<code>provisioning/workspace/templates/base-kubernetes.ncl</code>):</p>
<pre><code class="language-nickel">let kubernetes_config = {
version = "1.30.0",
control_plane_count = 3,
worker_count = 5,
resources = {
control_plane = {cpu = "4", memory = "8Gi"},
worker = {cpu = "8", memory = "16Gi"},
},
} in
kubernetes_config
</code></pre>
<p><strong>Development Infrastructure</strong> (<code>workspace/infra/my-dev/taskservs/kubernetes.ncl</code>):</p>
<pre><code class="language-nickel">let kubernetes_config = {
control_plane_count = 1, # Smaller for dev
worker_count = 2,
resources = {
control_plane = {cpu = "2", memory = "4Gi"},
worker = {cpu = "2", memory = "4Gi"},
},
} in
kubernetes_config
</code></pre>
<p><strong>Production Infrastructure</strong> (<code>workspace/infra/my-prod/taskservs/kubernetes.ncl</code>):</p>
<pre><code class="language-nickel">let kubernetes_config = {
control_plane_count = 5, # Larger for prod
worker_count = 10,
resources = {
control_plane = {cpu = "8", memory = "16Gi"},
worker = {cpu = "16", memory = "32Gi"},
},
} in
kubernetes_config
</code></pre>
<h2 id="advanced-customization-patterns"><a class="header" href="#advanced-customization-patterns">Advanced Customization Patterns</a></h2>
<h3 id="pattern-1-multi-environment-setup"><a class="header" href="#pattern-1-multi-environment-setup">Pattern 1: Multi-Environment Setup</a></h3>
<p>Create different configurations for each environment:</p>
<pre><code class="language-bash"># Create environments
provisioning ws init my-app-dev
provisioning ws init my-app-staging
provisioning ws init my-app-prod
# Apply environment-specific templates
provisioning tpl apply development-kubernetes my-app-dev
provisioning tpl apply staging-kubernetes my-app-staging
provisioning tpl apply production-kubernetes my-app-prod
# Customize each environment
# Edit: workspace/infra/my-app-dev/...
# Edit: workspace/infra/my-app-staging/...
# Edit: workspace/infra/my-app-prod/...
</code></pre>
<h3 id="pattern-2-shared-configuration-library"><a class="header" href="#pattern-2-shared-configuration-library">Pattern 2: Shared Configuration Library</a></h3>
<p>Create reusable configuration fragments:</p>
<p><strong>File: <code>provisioning/workspace/templates/shared/security-policies.ncl</code></strong></p>
<pre><code class="language-nickel">let security_policies = {
pod_security = {
enforce = "restricted",
audit = "restricted",
warn = "restricted",
},
network_policies = [
{
name = "deny-all",
pod_selector = {},
policy_types = ["Ingress", "Egress"],
},
{
name = "allow-dns",
pod_selector = {},
egress = [
{
to = [{namespace_selector = {name = "kube-system"}}],
ports = [{protocol = "UDP", port = 53}],
},
],
},
],
} in
security_policies
</code></pre>
<p>Import in your infrastructure:</p>
<pre><code class="language-nickel">let security_policies = (import "../../../provisioning/workspace/templates/shared/security-policies.ncl") in
let kubernetes_config = {
version = "1.30.0",
image_repo = "k8s.gcr.io",
security = security_policies, # Import shared policies
} in
kubernetes_config
</code></pre>
<h3 id="pattern-3-dynamic-configuration"><a class="header" href="#pattern-3-dynamic-configuration">Pattern 3: Dynamic Configuration</a></h3>
<p>Use Nickel features for dynamic configuration:</p>
<pre><code class="language-nickel"># Calculate resources based on server count
let server_count = 5 in
let replicas_per_server = 2 in
let total_replicas = server_count * replicas_per_server in
let postgres_config = {
version = "16.1",
max_connections = total_replicas * 50, # Dynamic calculation
shared_buffers = "1024 MB",
} in
postgres_config
</code></pre>
<h3 id="pattern-4-conditional-configuration"><a class="header" href="#pattern-4-conditional-configuration">Pattern 4: Conditional Configuration</a></h3>
<pre><code class="language-nickel">let environment = "production" in # or "development"
let kubernetes_config = {
version = "1.30.0",
control_plane_count = if environment == "production" then 3 else 1,
worker_count = if environment == "production" then 5 else 2,
monitoring = {
enabled = environment == "production",
retention = if environment == "production" then "30d" else "7d",
},
} in
kubernetes_config
</code></pre>
<h2 id="layer-statistics"><a class="header" href="#layer-statistics">Layer Statistics</a></h2>
<pre><code class="language-bash"># Show layer system statistics
provisioning lyr stats
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📊 Layer System Statistics:
Infrastructure Layer:
• Projects: 3
• Total files: 15
• Average overrides per project: 5
Workspace Layer:
• Templates: 13
• Most used: production-kubernetes (5 projects)
• Custom templates: 2
Core Layer:
• Taskservs: 15
• Providers: 3
• Clusters: 3
Resolution Performance:
• Average resolution time: 45 ms
• Cache hit rate: 87%
• Total resolutions: 1,250
</code></pre>
<h2 id="customization-workflow"><a class="header" href="#customization-workflow">Customization Workflow</a></h2>
<h3 id="complete-customization-example"><a class="header" href="#complete-customization-example">Complete Customization Example</a></h3>
<pre><code class="language-bash"># 1. Create new infrastructure
provisioning ws init my-custom-app
# 2. Understand layer system
provisioning lyr explain
# 3. Discover templates
provisioning tpl list --type taskservs
# 4. Apply base template
provisioning tpl apply production-kubernetes my-custom-app
# 5. View applied configuration
provisioning lyr show my-custom-app
# 6. Customize (edit files)
provisioning sops workspace/infra/my-custom-app/taskservs/kubernetes.ncl
# 7. Test layer resolution
provisioning lyr test kubernetes my-custom-app
# 8. Validate configuration
provisioning tpl validate my-custom-app
provisioning val config --infra my-custom-app
# 9. Deploy customized infrastructure
provisioning s create --infra my-custom-app --check
provisioning s create --infra my-custom-app
provisioning t create kubernetes --infra my-custom-app
</code></pre>
<h2 id="best-practices"><a class="header" href="#best-practices">Best Practices</a></h2>
<h3 id="1-use-layers-correctly"><a class="header" href="#1-use-layers-correctly">1. Use Layers Correctly</a></h3>
<ul>
<li><strong>Core Layer</strong>: Only modify for system-wide changes</li>
<li><strong>Workspace Layer</strong>: Use for organization-wide templates</li>
<li><strong>Infrastructure Layer</strong>: Use for project-specific customizations</li>
</ul>
<h3 id="2-template-organization"><a class="header" href="#2-template-organization">2. Template Organization</a></h3>
<pre><code class="language-plaintext">provisioning/workspace/templates/
├── shared/ # Shared configuration fragments
│ ├── security-policies.ncl
│ ├── network-policies.ncl
│ └── monitoring.ncl
├── production/ # Production templates
│ ├── kubernetes.ncl
│ ├── postgres.ncl
│ └── redis.ncl
└── development/ # Development templates
├── kubernetes.ncl
└── postgres.ncl
</code></pre>
<h3 id="3-documentation"><a class="header" href="#3-documentation">3. Documentation</a></h3>
<p>Document your customizations:</p>
<p><strong>File: <code>workspace/infra/my-production/README.md</code></strong></p>
<pre><code class="language-markdown"># My Production Infrastructure
## Customizations
- Kubernetes: Using production template with 5 control plane nodes
- PostgreSQL: Configured with streaming replication
- Cilium: Native routing mode enabled
## Layer Overrides
- `taskservs/kubernetes.ncl`: Control plane count (3 → 5)
- `taskservs/postgres.ncl`: Replication mode (async → sync)
- `network/cilium.ncl`: Routing mode (tunnel → native)
</code></pre>
<h3 id="4-version-control"><a class="header" href="#4-version-control">4. Version Control</a></h3>
<p>Keep templates and configurations in version control:</p>
<pre><code class="language-bash">cd provisioning/workspace/templates/
git add .
git commit -m "Add production Kubernetes template with enhanced security"
cd workspace/infra/my-production/
git add .
git commit -m "Configure production environment for my-production"
</code></pre>
<h2 id="troubleshooting-customizations"><a class="header" href="#troubleshooting-customizations">Troubleshooting Customizations</a></h2>
<h3 id="issue-configuration-not-applied"><a class="header" href="#issue-configuration-not-applied">Issue: Configuration not applied</a></h3>
<pre><code class="language-bash"># Check layer resolution
provisioning lyr show my-production
# Verify file exists
ls -la workspace/infra/my-production/taskservs/
# Test specific resolution
provisioning lyr test kubernetes my-production
</code></pre>
<h3 id="issue-conflicting-configurations"><a class="header" href="#issue-conflicting-configurations">Issue: Conflicting configurations</a></h3>
<pre><code class="language-bash"># Validate configuration
provisioning val config --infra my-production
# Show configuration merge result
provisioning show config kubernetes --infra my-production
</code></pre>
<h3 id="issue-template-not-found"><a class="header" href="#issue-template-not-found">Issue: Template not found</a></h3>
<pre><code class="language-bash"># List available templates
provisioning tpl list
# Check template path
ls -la provisioning/workspace/templates/
# Refresh template cache
provisioning tpl refresh
</code></pre>
<h2 id="next-steps"><a class="header" href="#next-steps">Next Steps</a></h2>
<ul>
<li><strong><a href="from-scratch.html">From Scratch Guide</a></strong> - Deploy new infrastructure</li>
<li><strong><a href="update-infrastructure.html">Update Guide</a></strong> - Update existing infrastructure</li>
<li><strong><a href="../development/workflow.html">Workflow Guide</a></strong> - Automate with workflows</li>
<li><strong><a href="../development/nickel-module-guide.html">Nickel Guide</a></strong> - Learn Nickel configuration language</li>
</ul>
<h2 id="quick-reference"><a class="header" href="#quick-reference">Quick Reference</a></h2>
<pre><code class="language-bash"># Layer system
provisioning lyr explain # Explain layers
provisioning lyr show &lt;project&gt; # Show layer resolution
provisioning lyr test &lt;module&gt; &lt;project&gt; # Test resolution
provisioning lyr stats # Layer statistics
# Templates
provisioning tpl list # List all templates
provisioning tpl list --type &lt;type&gt; # Filter by type
provisioning tpl show &lt;template&gt; # Show template details
provisioning tpl apply &lt;template&gt; &lt;project&gt; # Apply template
provisioning tpl validate &lt;project&gt; # Validate template usage
</code></pre>
<hr />
<p><em>This guide is part of the provisioning project documentation. Last updated: 2025-09-30</em></p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../guides/update-infrastructure.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/infrastructure-setup.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../guides/update-infrastructure.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/infrastructure-setup.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

1505
docs/book/guides/from-scratch.html
View File

File diff suppressed because it is too large Load Diff

862
docs/book/guides/update-infrastructure.html
View File

@ -1,862 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Update Infrastructure - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/guides/update-infrastructure.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="update-existing-infrastructure"><a class="header" href="#update-existing-infrastructure">Update Existing Infrastructure</a></h1>
<p><strong>Goal</strong>: Safely update running infrastructure with minimal downtime
<strong>Time</strong>: 15-30 minutes
<strong>Difficulty</strong>: Intermediate</p>
<h2 id="overview"><a class="header" href="#overview">Overview</a></h2>
<p>This guide covers:</p>
<ol>
<li>Checking for updates</li>
<li>Planning update strategies</li>
<li>Updating task services</li>
<li>Rolling updates</li>
<li>Rollback procedures</li>
<li>Verification</li>
</ol>
<h2 id="update-strategies"><a class="header" href="#update-strategies">Update Strategies</a></h2>
<h3 id="strategy-1-in-place-updates-fastest"><a class="header" href="#strategy-1-in-place-updates-fastest">Strategy 1: In-Place Updates (Fastest)</a></h3>
<p><strong>Best for</strong>: Non-critical environments, development, staging</p>
<pre><code class="language-bash"># Direct update without downtime consideration
provisioning t create &lt;taskserv&gt; --infra &lt;project&gt;
</code></pre>
<h3 id="strategy-2-rolling-updates-recommended"><a class="header" href="#strategy-2-rolling-updates-recommended">Strategy 2: Rolling Updates (Recommended)</a></h3>
<p><strong>Best for</strong>: Production environments, high availability</p>
<pre><code class="language-bash"># Update servers one by one
provisioning s update --infra &lt;project&gt; --rolling
</code></pre>
<h3 id="strategy-3-blue-green-deployment-safest"><a class="header" href="#strategy-3-blue-green-deployment-safest">Strategy 3: Blue-Green Deployment (Safest)</a></h3>
<p><strong>Best for</strong>: Critical production, zero-downtime requirements</p>
<pre><code class="language-bash"># Create new infrastructure, switch traffic, remove old
provisioning ws init &lt;project&gt;-green
# ... configure and deploy
# ... switch traffic
provisioning ws delete &lt;project&gt;-blue
</code></pre>
<h2 id="step-1-check-for-updates"><a class="header" href="#step-1-check-for-updates">Step 1: Check for Updates</a></h2>
<h3 id="11-check-all-task-services"><a class="header" href="#11-check-all-task-services">1.1 Check All Task Services</a></h3>
<pre><code class="language-bash"># Check all taskservs for updates
provisioning t check-updates
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📦 Task Service Update Check:
NAME CURRENT LATEST STATUS
kubernetes 1.29.0 1.30.0 ⬆️ update available
containerd 1.7.13 1.7.13 ✅ up-to-date
cilium 1.14.5 1.15.0 ⬆️ update available
postgres 15.5 16.1 ⬆️ update available
redis 7.2.3 7.2.3 ✅ up-to-date
Updates available: 3
</code></pre>
<h3 id="12-check-specific-task-service"><a class="header" href="#12-check-specific-task-service">1.2 Check Specific Task Service</a></h3>
<pre><code class="language-bash"># Check specific taskserv
provisioning t check-updates kubernetes
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📦 Kubernetes Update Check:
Current: 1.29.0
Latest: 1.30.0
Status: ⬆️ Update available
Changelog:
• Enhanced security features
• Performance improvements
• Bug fixes in kube-apiserver
• New workload resource types
Breaking Changes:
• None
Recommended: ✅ Safe to update
</code></pre>
<h3 id="13-check-version-status"><a class="header" href="#13-check-version-status">1.3 Check Version Status</a></h3>
<pre><code class="language-bash"># Show detailed version information
provisioning version show
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📋 Component Versions:
COMPONENT CURRENT LATEST DAYS OLD STATUS
kubernetes 1.29.0 1.30.0 45 ⬆️ update
containerd 1.7.13 1.7.13 0 ✅ current
cilium 1.14.5 1.15.0 30 ⬆️ update
postgres 15.5 16.1 60 ⬆️ update (major)
redis 7.2.3 7.2.3 0 ✅ current
</code></pre>
<h3 id="14-check-for-security-updates"><a class="header" href="#14-check-for-security-updates">1.4 Check for Security Updates</a></h3>
<pre><code class="language-bash"># Check for security-related updates
provisioning version updates --security-only
</code></pre>
<h2 id="step-2-plan-your-update"><a class="header" href="#step-2-plan-your-update">Step 2: Plan Your Update</a></h2>
<h3 id="21-review-current-configuration"><a class="header" href="#21-review-current-configuration">2.1 Review Current Configuration</a></h3>
<pre><code class="language-bash"># Show current infrastructure
provisioning show settings --infra my-production
</code></pre>
<h3 id="22-backup-configuration"><a class="header" href="#22-backup-configuration">2.2 Backup Configuration</a></h3>
<pre><code class="language-bash"># Create configuration backup
cp -r workspace/infra/my-production workspace/infra/my-production.backup-$(date +%Y%m%d)
# Or use built-in backup
provisioning ws backup my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">✅ Backup created: workspace/backups/my-production-20250930.tar.gz
</code></pre>
<h3 id="23-create-update-plan"><a class="header" href="#23-create-update-plan">2.3 Create Update Plan</a></h3>
<pre><code class="language-bash"># Generate update plan
provisioning plan update --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📝 Update Plan for my-production:
Phase 1: Minor Updates (Low Risk)
• containerd: No update needed
• redis: No update needed
Phase 2: Patch Updates (Medium Risk)
• cilium: 1.14.5 → 1.15.0 (estimated 5 minutes)
Phase 3: Major Updates (High Risk - Requires Testing)
• kubernetes: 1.29.0 → 1.30.0 (estimated 15 minutes)
• postgres: 15.5 → 16.1 (estimated 10 minutes, may require data migration)
Recommended Order:
1. Update cilium (low risk)
2. Update kubernetes (test in staging first)
3. Update postgres (requires maintenance window)
Total Estimated Time: 30 minutes
Recommended: Test in staging environment first
</code></pre>
<h2 id="step-3-update-task-services"><a class="header" href="#step-3-update-task-services">Step 3: Update Task Services</a></h2>
<h3 id="31-update-non-critical-service-cilium-example"><a class="header" href="#31-update-non-critical-service-cilium-example">3.1 Update Non-Critical Service (Cilium Example)</a></h3>
<h4 id="dry-run-update"><a class="header" href="#dry-run-update">Dry-Run Update</a></h4>
<pre><code class="language-bash"># Test update without applying
provisioning t create cilium --infra my-production --check
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🔍 CHECK MODE: Simulating Cilium update
Current: 1.14.5
Target: 1.15.0
Would perform:
1. Download Cilium 1.15.0
2. Update configuration
3. Rolling restart of Cilium pods
4. Verify connectivity
Estimated downtime: &lt;1 minute per node
No errors detected. Ready to update.
</code></pre>
<h4 id="generate-updated-configuration"><a class="header" href="#generate-updated-configuration">Generate Updated Configuration</a></h4>
<pre><code class="language-bash"># Generate new configuration
provisioning t generate cilium --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">✅ Generated Cilium configuration (version 1.15.0)
Saved to: workspace/infra/my-production/taskservs/cilium.ncl
</code></pre>
<h4 id="apply-update"><a class="header" href="#apply-update">Apply Update</a></h4>
<pre><code class="language-bash"># Apply update
provisioning t create cilium --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating Cilium on my-production...
Downloading Cilium 1.15.0... ⏳
✅ Downloaded
Updating configuration... ⏳
✅ Configuration updated
Rolling restart: web-01... ⏳
✅ web-01 updated (Cilium 1.15.0)
Rolling restart: web-02... ⏳
✅ web-02 updated (Cilium 1.15.0)
Verifying connectivity... ⏳
✅ All nodes connected
🎉 Cilium update complete!
Version: 1.14.5 → 1.15.0
Downtime: 0 minutes
</code></pre>
<h4 id="verify-update"><a class="header" href="#verify-update">Verify Update</a></h4>
<pre><code class="language-bash"># Verify updated version
provisioning version taskserv cilium
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">📦 Cilium Version Info:
Installed: 1.15.0
Latest: 1.15.0
Status: ✅ Up-to-date
Nodes:
✅ web-01: 1.15.0 (running)
✅ web-02: 1.15.0 (running)
</code></pre>
<h3 id="32-update-critical-service-kubernetes-example"><a class="header" href="#32-update-critical-service-kubernetes-example">3.2 Update Critical Service (Kubernetes Example)</a></h3>
<h4 id="test-in-staging-first"><a class="header" href="#test-in-staging-first">Test in Staging First</a></h4>
<pre><code class="language-bash"># If you have staging environment
provisioning t create kubernetes --infra my-staging --check
provisioning t create kubernetes --infra my-staging
# Run integration tests
provisioning test kubernetes --infra my-staging
</code></pre>
<h4 id="backup-current-state"><a class="header" href="#backup-current-state">Backup Current State</a></h4>
<pre><code class="language-bash"># Backup Kubernetes state
kubectl get all -A -o yaml &gt; k8s-backup-$(date +%Y%m%d).yaml
# Backup etcd (if using external etcd)
provisioning t backup kubernetes --infra my-production
</code></pre>
<h4 id="schedule-maintenance-window"><a class="header" href="#schedule-maintenance-window">Schedule Maintenance Window</a></h4>
<pre><code class="language-bash"># Set maintenance mode (optional, if supported)
provisioning maintenance enable --infra my-production --duration 30m
</code></pre>
<h4 id="update-kubernetes"><a class="header" href="#update-kubernetes">Update Kubernetes</a></h4>
<pre><code class="language-bash"># Update control plane first
provisioning t create kubernetes --infra my-production --control-plane-only
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating Kubernetes control plane on my-production...
Draining control plane: web-01... ⏳
✅ web-01 drained
Updating control plane: web-01... ⏳
✅ web-01 updated (Kubernetes 1.30.0)
Uncordoning: web-01... ⏳
✅ web-01 ready
Verifying control plane... ⏳
✅ Control plane healthy
🎉 Control plane update complete!
</code></pre>
<pre><code class="language-bash"># Update worker nodes one by one
provisioning t create kubernetes --infra my-production --workers-only --rolling
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating Kubernetes workers on my-production...
Rolling update: web-02...
Draining... ⏳
✅ Drained (pods rescheduled)
Updating... ⏳
✅ Updated (Kubernetes 1.30.0)
Uncordoning... ⏳
✅ Ready
Waiting for pods to stabilize... ⏳
✅ All pods running
🎉 Worker update complete!
Updated: web-02
Version: 1.30.0
</code></pre>
<h4 id="verify-update-1"><a class="header" href="#verify-update-1">Verify Update</a></h4>
<pre><code class="language-bash"># Verify Kubernetes cluster
kubectl get nodes
provisioning version taskserv kubernetes
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">NAME STATUS ROLES AGE VERSION
web-01 Ready control-plane 30d v1.30.0
web-02 Ready &lt;none&gt; 30d v1.30.0
</code></pre>
<pre><code class="language-bash"># Run smoke tests
provisioning test kubernetes --infra my-production
</code></pre>
<h3 id="33-update-database-postgresql-example"><a class="header" href="#33-update-database-postgresql-example">3.3 Update Database (PostgreSQL Example)</a></h3>
<p>⚠️ <strong>WARNING</strong>: Database updates may require data migration. Always backup first!</p>
<h4 id="backup-database"><a class="header" href="#backup-database">Backup Database</a></h4>
<pre><code class="language-bash"># Backup PostgreSQL database
provisioning t backup postgres --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🗄️ Backing up PostgreSQL...
Creating dump: my-production-postgres-20250930.sql... ⏳
✅ Dump created (2.3 GB)
Compressing... ⏳
✅ Compressed (450 MB)
Saved to: workspace/backups/postgres/my-production-20250930.sql.gz
</code></pre>
<h4 id="check-compatibility"><a class="header" href="#check-compatibility">Check Compatibility</a></h4>
<pre><code class="language-bash"># Check if data migration is needed
provisioning t check-migration postgres --from 15.5 --to 16.1
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🔍 PostgreSQL Migration Check:
From: 15.5
To: 16.1
Migration Required: ✅ Yes (major version change)
Steps Required:
1. Dump database with pg_dump
2. Stop PostgreSQL 15.5
3. Install PostgreSQL 16.1
4. Initialize new data directory
5. Restore from dump
Estimated Time: 15-30 minutes (depending on data size)
Estimated Downtime: 15-30 minutes
Recommended: Use streaming replication for zero-downtime upgrade
</code></pre>
<h4 id="perform-update"><a class="header" href="#perform-update">Perform Update</a></h4>
<pre><code class="language-bash"># Update PostgreSQL (with automatic migration)
provisioning t create postgres --infra my-production --migrate
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating PostgreSQL on my-production...
⚠️ Major version upgrade detected (15.5 → 16.1)
Automatic migration will be performed
Dumping database... ⏳
✅ Database dumped (2.3 GB)
Stopping PostgreSQL 15.5... ⏳
✅ Stopped
Installing PostgreSQL 16.1... ⏳
✅ Installed
Initializing new data directory... ⏳
✅ Initialized
Restoring database... ⏳
✅ Restored (2.3 GB)
Starting PostgreSQL 16.1... ⏳
✅ Started
Verifying data integrity... ⏳
✅ All tables verified
🎉 PostgreSQL update complete!
Version: 15.5 → 16.1
Downtime: 18 minutes
</code></pre>
<h4 id="verify-update-2"><a class="header" href="#verify-update-2">Verify Update</a></h4>
<pre><code class="language-bash"># Verify PostgreSQL
provisioning version taskserv postgres
ssh db-01 "psql --version"
</code></pre>
<h2 id="step-4-update-multiple-services"><a class="header" href="#step-4-update-multiple-services">Step 4: Update Multiple Services</a></h2>
<h3 id="41-batch-update-sequentially"><a class="header" href="#41-batch-update-sequentially">4.1 Batch Update (Sequentially)</a></h3>
<pre><code class="language-bash"># Update multiple taskservs one by one
provisioning t update --infra my-production --taskservs cilium,containerd,redis
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating 3 taskservs on my-production...
[1/3] Updating cilium... ⏳
✅ cilium updated (1.15.0)
[2/3] Updating containerd... ⏳
✅ containerd updated (1.7.14)
[3/3] Updating redis... ⏳
✅ redis updated (7.2.4)
🎉 All updates complete!
Updated: 3 taskservs
Total time: 8 minutes
</code></pre>
<h3 id="42-parallel-update-non-dependent-services"><a class="header" href="#42-parallel-update-non-dependent-services">4.2 Parallel Update (Non-Dependent Services)</a></h3>
<pre><code class="language-bash"># Update taskservs in parallel (if they don't depend on each other)
provisioning t update --infra my-production --taskservs redis,postgres --parallel
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating 2 taskservs in parallel on my-production...
redis: Updating... ⏳
postgres: Updating... ⏳
redis: ✅ Updated (7.2.4)
postgres: ✅ Updated (16.1)
🎉 All updates complete!
Updated: 2 taskservs
Total time: 3 minutes (parallel)
</code></pre>
<h2 id="step-5-update-server-configuration"><a class="header" href="#step-5-update-server-configuration">Step 5: Update Server Configuration</a></h2>
<h3 id="51-update-server-resources"><a class="header" href="#51-update-server-resources">5.1 Update Server Resources</a></h3>
<pre><code class="language-bash"># Edit server configuration
provisioning sops workspace/infra/my-production/servers.ncl
</code></pre>
<p><strong>Example: Upgrade server plan</strong></p>
<pre><code class="language-kcl"># Before
{
name = "web-01"
plan = "1xCPU-2 GB" # Old plan
}
# After
{
name = "web-01"
plan = "2xCPU-4 GB" # New plan
}
</code></pre>
<pre><code class="language-bash"># Apply server update
provisioning s update --infra my-production --check
provisioning s update --infra my-production
</code></pre>
<h3 id="52-update-server-os"><a class="header" href="#52-update-server-os">5.2 Update Server OS</a></h3>
<pre><code class="language-bash"># Update operating system packages
provisioning s update --infra my-production --os-update
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🚀 Updating OS packages on my-production servers...
web-01: Updating packages... ⏳
✅ web-01: 24 packages updated
web-02: Updating packages... ⏳
✅ web-02: 24 packages updated
db-01: Updating packages... ⏳
✅ db-01: 24 packages updated
🎉 OS updates complete!
</code></pre>
<h2 id="step-6-rollback-procedures"><a class="header" href="#step-6-rollback-procedures">Step 6: Rollback Procedures</a></h2>
<h3 id="61-rollback-task-service"><a class="header" href="#61-rollback-task-service">6.1 Rollback Task Service</a></h3>
<p>If update fails or causes issues:</p>
<pre><code class="language-bash"># Rollback to previous version
provisioning t rollback cilium --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🔄 Rolling back Cilium on my-production...
Current: 1.15.0
Target: 1.14.5 (previous version)
Rolling back: web-01... ⏳
✅ web-01 rolled back
Rolling back: web-02... ⏳
✅ web-02 rolled back
Verifying connectivity... ⏳
✅ All nodes connected
🎉 Rollback complete!
Version: 1.15.0 → 1.14.5
</code></pre>
<h3 id="62-rollback-from-backup"><a class="header" href="#62-rollback-from-backup">6.2 Rollback from Backup</a></h3>
<pre><code class="language-bash"># Restore configuration from backup
provisioning ws restore my-production --from workspace/backups/my-production-20250930.tar.gz
</code></pre>
<h3 id="63-emergency-rollback"><a class="header" href="#63-emergency-rollback">6.3 Emergency Rollback</a></h3>
<pre><code class="language-bash"># Complete infrastructure rollback
provisioning rollback --infra my-production --to-snapshot &lt;snapshot-id&gt;
</code></pre>
<h2 id="step-7-post-update-verification"><a class="header" href="#step-7-post-update-verification">Step 7: Post-Update Verification</a></h2>
<h3 id="71-verify-all-components"><a class="header" href="#71-verify-all-components">7.1 Verify All Components</a></h3>
<pre><code class="language-bash"># Check overall health
provisioning health --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🏥 Health Check: my-production
Servers:
✅ web-01: Healthy
✅ web-02: Healthy
✅ db-01: Healthy
Task Services:
✅ kubernetes: 1.30.0 (healthy)
✅ containerd: 1.7.13 (healthy)
✅ cilium: 1.15.0 (healthy)
✅ postgres: 16.1 (healthy)
Clusters:
✅ buildkit: 2/2 replicas (healthy)
Overall Status: ✅ All systems healthy
</code></pre>
<h3 id="72-verify-version-updates"><a class="header" href="#72-verify-version-updates">7.2 Verify Version Updates</a></h3>
<pre><code class="language-bash"># Verify all versions are updated
provisioning version show
</code></pre>
<h3 id="73-run-integration-tests"><a class="header" href="#73-run-integration-tests">7.3 Run Integration Tests</a></h3>
<pre><code class="language-bash"># Run comprehensive tests
provisioning test all --infra my-production
</code></pre>
<p><strong>Expected Output:</strong></p>
<pre><code class="language-plaintext">🧪 Running Integration Tests...
[1/5] Server connectivity... ⏳
✅ All servers reachable
[2/5] Kubernetes health... ⏳
✅ All nodes ready, all pods running
[3/5] Network connectivity... ⏳
✅ All services reachable
[4/5] Database connectivity... ⏳
✅ PostgreSQL responsive
[5/5] Application health... ⏳
✅ All applications healthy
🎉 All tests passed!
</code></pre>
<h3 id="74-monitor-for-issues"><a class="header" href="#74-monitor-for-issues">7.4 Monitor for Issues</a></h3>
<pre><code class="language-bash"># Monitor logs for errors
provisioning logs --infra my-production --follow --level error
</code></pre>
<h2 id="update-checklist"><a class="header" href="#update-checklist">Update Checklist</a></h2>
<p>Use this checklist for production updates:</p>
<ul>
<li><input disabled="" type="checkbox"/>
Check for available updates</li>
<li><input disabled="" type="checkbox"/>
Review changelog and breaking changes</li>
<li><input disabled="" type="checkbox"/>
Create configuration backup</li>
<li><input disabled="" type="checkbox"/>
Test update in staging environment</li>
<li><input disabled="" type="checkbox"/>
Schedule maintenance window</li>
<li><input disabled="" type="checkbox"/>
Notify team/users of maintenance</li>
<li><input disabled="" type="checkbox"/>
Update non-critical services first</li>
<li><input disabled="" type="checkbox"/>
Verify each update before proceeding</li>
<li><input disabled="" type="checkbox"/>
Update critical services with rolling updates</li>
<li><input disabled="" type="checkbox"/>
Backup database before major updates</li>
<li><input disabled="" type="checkbox"/>
Verify all components after update</li>
<li><input disabled="" type="checkbox"/>
Run integration tests</li>
<li><input disabled="" type="checkbox"/>
Monitor for issues (30 minutes minimum)</li>
<li><input disabled="" type="checkbox"/>
Document any issues encountered</li>
<li><input disabled="" type="checkbox"/>
Close maintenance window</li>
</ul>
<h2 id="common-update-scenarios"><a class="header" href="#common-update-scenarios">Common Update Scenarios</a></h2>
<h3 id="scenario-1-minor-security-patch"><a class="header" href="#scenario-1-minor-security-patch">Scenario 1: Minor Security Patch</a></h3>
<pre><code class="language-bash"># Quick security update
provisioning t check-updates --security-only
provisioning t update --infra my-production --security-patches --yes
</code></pre>
<h3 id="scenario-2-major-version-upgrade"><a class="header" href="#scenario-2-major-version-upgrade">Scenario 2: Major Version Upgrade</a></h3>
<pre><code class="language-bash"># Careful major version update
provisioning ws backup my-production
provisioning t check-migration &lt;service&gt; --from X.Y --to X+1.Y
provisioning t create &lt;service&gt; --infra my-production --migrate
provisioning test all --infra my-production
</code></pre>
<h3 id="scenario-3-emergency-hotfix"><a class="header" href="#scenario-3-emergency-hotfix">Scenario 3: Emergency Hotfix</a></h3>
<pre><code class="language-bash"># Apply critical hotfix immediately
provisioning t create &lt;service&gt; --infra my-production --hotfix --yes
</code></pre>
<h2 id="troubleshooting-updates"><a class="header" href="#troubleshooting-updates">Troubleshooting Updates</a></h2>
<h3 id="issue-update-fails-mid-process"><a class="header" href="#issue-update-fails-mid-process">Issue: Update fails mid-process</a></h3>
<p><strong>Solution:</strong></p>
<pre><code class="language-bash"># Check update status
provisioning t status &lt;taskserv&gt; --infra my-production
# Resume failed update
provisioning t update &lt;taskserv&gt; --infra my-production --resume
# Or rollback
provisioning t rollback &lt;taskserv&gt; --infra my-production
</code></pre>
<h3 id="issue-service-not-starting-after-update"><a class="header" href="#issue-service-not-starting-after-update">Issue: Service not starting after update</a></h3>
<p><strong>Solution:</strong></p>
<pre><code class="language-bash"># Check logs
provisioning logs &lt;taskserv&gt; --infra my-production
# Verify configuration
provisioning t validate &lt;taskserv&gt; --infra my-production
# Rollback if necessary
provisioning t rollback &lt;taskserv&gt; --infra my-production
</code></pre>
<h3 id="issue-data-migration-fails"><a class="header" href="#issue-data-migration-fails">Issue: Data migration fails</a></h3>
<p><strong>Solution:</strong></p>
<pre><code class="language-bash"># Check migration logs
provisioning t migration-logs &lt;taskserv&gt; --infra my-production
# Restore from backup
provisioning t restore &lt;taskserv&gt; --infra my-production --from &lt;backup-file&gt;
</code></pre>
<h2 id="best-practices"><a class="header" href="#best-practices">Best Practices</a></h2>
<ol>
<li><strong>Always Test First</strong>: Test updates in staging before production</li>
<li><strong>Backup Everything</strong>: Create backups before any update</li>
<li><strong>Update Gradually</strong>: Update one service at a time</li>
<li><strong>Monitor Closely</strong>: Watch for errors after each update</li>
<li><strong>Have Rollback Plan</strong>: Always have a rollback strategy</li>
<li><strong>Document Changes</strong>: Keep update logs for reference</li>
<li><strong>Schedule Wisely</strong>: Update during low-traffic periods</li>
<li><strong>Verify Thoroughly</strong>: Run tests after each update</li>
</ol>
<h2 id="next-steps"><a class="header" href="#next-steps">Next Steps</a></h2>
<ul>
<li><strong><a href="customize-infrastructure.html">Customize Guide</a></strong> - Customize your infrastructure</li>
<li><strong><a href="from-scratch.html">From Scratch Guide</a></strong> - Deploy new infrastructure</li>
<li><strong><a href="../development/workflow.html">Workflow Guide</a></strong> - Automate with workflows</li>
</ul>
<h2 id="quick-reference"><a class="header" href="#quick-reference">Quick Reference</a></h2>
<pre><code class="language-bash"># Update workflow
provisioning t check-updates
provisioning ws backup my-production
provisioning t create &lt;taskserv&gt; --infra my-production --check
provisioning t create &lt;taskserv&gt; --infra my-production
provisioning version taskserv &lt;taskserv&gt;
provisioning health --infra my-production
provisioning test all --infra my-production
</code></pre>
<hr />
<p><em>This guide is part of the provisioning project documentation. Last updated: 2025-09-30</em></p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../guides/from-scratch.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/customize-infrastructure.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../guides/from-scratch.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../guides/customize-infrastructure.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

422
docs/book/index.html
View File

@ -1,14 +1,14 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<html lang="en" class="rust sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Home - Provisioning Platform Documentation</title>
<title>Introduction - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="description" content="Enterprise-grade Infrastructure as Code platform - Complete documentation">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
@ -34,7 +34,7 @@
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "";
const default_light_theme = "ayu";
const default_light_theme = "rust";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
@ -76,7 +76,7 @@
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.remove('rust')
html.classList.add(theme);
html.classList.add("js");
</script>
@ -140,10 +140,10 @@
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<a href="https://github.com/your-org/provisioning" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/README.md" title="Suggest an edit" aria-label="Suggest an edit">
<a href="https://github.com/your-org/provisioning/edit/main/provisioning/docs/src/README.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
@ -173,353 +173,81 @@
<div id="content" class="content">
<main>
<p align="center">
<img src="resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
<img src="resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
<p align="center">
<img src="resources/logo-text.svg" alt="Provisioning" width="500"/>
<img src="resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
<h1 id="provisioning-platform-documentation"><a class="header" href="#provisioning-platform-documentation">Provisioning Platform Documentation</a></h1>
<p><strong>Last Updated</strong>: 2025-01-02 (Phase 3.A Cleanup Complete)
<strong>Status</strong>: ✅ Primary documentation source (145 files consolidated)</p>
<p>Welcome to the comprehensive documentation for the Provisioning Platform - a modern, cloud-native infrastructure automation system built with Nushell,
Nickel, and Rust.</p>
<blockquote>
<p><strong>Note</strong>: Architecture Decision Records (ADRs) and design documentation are in <code>docs/</code>
directory. This location contains user-facing, operational, and product documentation.</p>
</blockquote>
<hr />
<h2 id="quick-navigation"><a class="header" href="#quick-navigation">Quick Navigation</a></h2>
<h3 id="-getting-started"><a class="header" href="#-getting-started">🚀 Getting Started</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th><th>Audience</th></tr></thead><tbody>
<tr><td><strong><a href="getting-started/installation-guide.html">Installation Guide</a></strong></td><td>Install and configure the system</td><td>New Users</td></tr>
<tr><td><strong><a href="getting-started/getting-started.html">Getting Started</a></strong></td><td>First steps and basic concepts</td><td>New Users</td></tr>
<tr><td><strong><a href="getting-started/quickstart-cheatsheet.html">Quick Reference</a></strong></td><td>Command cheat sheet</td><td>All Users</td></tr>
<tr><td><strong><a href="guides/from-scratch.html">From Scratch Guide</a></strong></td><td>Complete deployment walkthrough</td><td>New Users</td></tr>
</tbody></table>
</div>
<h3 id="-user-guides"><a class="header" href="#-user-guides">📚 User Guides</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="infrastructure/cli-reference.html">CLI Reference</a></strong></td><td>Complete command reference</td></tr>
<tr><td><strong><a href="infrastructure/workspace-setup.html">Workspace Management</a></strong></td><td>Workspace creation and management</td></tr>
<tr><td><strong><a href="infrastructure/workspace-switching-guide.html">Workspace Switching</a></strong></td><td>Switch between workspaces</td></tr>
<tr><td><strong><a href="infrastructure/infrastructure-management.html">Infrastructure Management</a></strong></td><td>Server, taskserv, cluster operations</td></tr>
<tr><td><strong><a href="operations/service-management-guide.html">Service Management</a></strong></td><td>Platform service lifecycle management</td></tr>
<tr><td><strong><a href="integration/oci-registry-guide.html">OCI Registry</a></strong></td><td>OCI artifact management</td></tr>
<tr><td><strong><a href="integration/gitea-integration-guide.html">Gitea Integration</a></strong></td><td>Git workflow and collaboration</td></tr>
<tr><td><strong><a href="operations/coredns-guide.html">CoreDNS Guide</a></strong></td><td>DNS management</td></tr>
<tr><td><strong><a href="testing/test-environment-usage.html">Test Environments</a></strong></td><td>Containerized testing</td></tr>
<tr><td><strong><a href="development/extension-development.html">Extension Development</a></strong></td><td>Create custom extensions</td></tr>
</tbody></table>
</div>
<h3 id="-architecture"><a class="header" href="#-architecture">🏗️ Architecture</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="architecture/system-overview.html">System Overview</a></strong></td><td>High-level architecture</td></tr>
<tr><td><strong><a href="architecture/multi-repo-architecture.html">Multi-Repo Architecture</a></strong></td><td>Repository structure and OCI distribution</td></tr>
<tr><td><strong><a href="architecture/design-principles.html">Design Principles</a></strong></td><td>Architectural philosophy</td></tr>
<tr><td><strong><a href="architecture/integration-patterns.html">Integration Patterns</a></strong></td><td>System integration patterns</td></tr>
<tr><td><strong><a href="architecture/orchestrator-integration-model.html">Orchestrator Model</a></strong></td><td>Hybrid orchestration architecture</td></tr>
</tbody></table>
</div>
<h3 id="-architecture-decision-records-adrs"><a class="header" href="#-architecture-decision-records-adrs">📋 Architecture Decision Records (ADRs)</a></h3>
<div class="table-wrapper"><table><thead><tr><th>ADR</th><th>Title</th><th>Status</th></tr></thead><tbody>
<tr><td><strong><a href="architecture/adr/adr-001-project-structure.html">ADR-001</a></strong></td><td>Project Structure Decision</td><td>Accepted</td></tr>
<tr><td><strong><a href="architecture/adr/adr-002-distribution-strategy.html">ADR-002</a></strong></td><td>Distribution Strategy</td><td>Accepted</td></tr>
<tr><td><strong><a href="architecture/adr/adr-003-workspace-isolation.html">ADR-003</a></strong></td><td>Workspace Isolation</td><td>Accepted</td></tr>
<tr><td><strong><a href="architecture/adr/adr-004-hybrid-architecture.html">ADR-004</a></strong></td><td>Hybrid Architecture</td><td>Accepted</td></tr>
<tr><td><strong><a href="architecture/adr/adr-005-extension-framework.html">ADR-005</a></strong></td><td>Extension Framework</td><td>Accepted</td></tr>
<tr><td><strong><a href="architecture/adr/adr-006-provisioning-cli-refactoring.html">ADR-006</a></strong></td><td>CLI Refactoring</td><td>Accepted</td></tr>
</tbody></table>
</div>
<h3 id="-api-documentation"><a class="header" href="#-api-documentation">🔌 API Documentation</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="api-reference/rest-api.html">REST API</a></strong></td><td>HTTP API endpoints</td></tr>
<tr><td><strong><a href="api-reference/websocket.html">WebSocket API</a></strong></td><td>Real-time event streams</td></tr>
<tr><td><strong><a href="development/extensions.html">Extensions API</a></strong></td><td>Extension integration APIs</td></tr>
<tr><td><strong><a href="api-reference/sdks.html">SDKs</a></strong></td><td>Client libraries</td></tr>
<tr><td><strong><a href="api-reference/integration-examples.html">Integration Examples</a></strong></td><td>API usage examples</td></tr>
</tbody></table>
</div>
<h3 id="-development"><a class="header" href="#-development">🛠️ Development</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="development/README.html">Development README</a></strong></td><td>Developer overview</td></tr>
<tr><td><strong><a href="development/implementation-guide.html">Implementation Guide</a></strong></td><td>Implementation details</td></tr>
<tr><td><strong><a href="development/quick-provider-guide.html">Provider Development</a></strong></td><td>Create cloud providers</td></tr>
<tr><td><strong><a href="development/taskserv-developer-guide.html">Taskserv Development</a></strong></td><td>Create task services</td></tr>
<tr><td><strong><a href="development/extensions.html">Extension Framework</a></strong></td><td>Extension system</td></tr>
<tr><td><strong><a href="development/command-handler-guide.html">Command Handlers</a></strong></td><td>CLI command development</td></tr>
</tbody></table>
</div>
<h3 id="-troubleshooting"><a class="header" href="#-troubleshooting">🐛 Troubleshooting</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="troubleshooting/troubleshooting-guide.html">Troubleshooting Guide</a></strong></td><td>Common issues and solutions</td></tr>
</tbody></table>
</div>
<h3 id="-how-to-guides"><a class="header" href="#-how-to-guides">📖 How-To Guides</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="guides/from-scratch.html">From Scratch</a></strong></td><td>Complete deployment from zero</td></tr>
<tr><td><strong><a href="guides/update-infrastructure.html">Update Infrastructure</a></strong></td><td>Safe update procedures</td></tr>
<tr><td><strong><a href="guides/customize-infrastructure.html">Customize Infrastructure</a></strong></td><td>Layer and template customization</td></tr>
</tbody></table>
</div>
<h3 id="-configuration"><a class="header" href="#-configuration">🔐 Configuration</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="configuration/workspace-config-architecture.html">Workspace Config Architecture</a></strong></td><td>Configuration architecture</td></tr>
</tbody></table>
</div>
<h3 id="-quick-references"><a class="header" href="#-quick-references">📦 Quick References</a></h3>
<div class="table-wrapper"><table><thead><tr><th>Document</th><th>Description</th></tr></thead><tbody>
<tr><td><strong><a href="getting-started/quickstart-cheatsheet.html">Quickstart Cheatsheet</a></strong></td><td>Command shortcuts</td></tr>
<tr><td><strong><a href="quick-reference/oci.html">OCI Quick Reference</a></strong></td><td>OCI operations</td></tr>
</tbody></table>
</div>
<hr />
<p>Welcome to the Provisioning Platform documentation. This is an enterprise-grade Infrastructure
as Code (IaC) platform built with Rust, Nushell, and Nickel.</p>
<h2 id="what-is-provisioning"><a class="header" href="#what-is-provisioning">What is Provisioning</a></h2>
<p>Provisioning is a comprehensive infrastructure automation platform that manages complete
infrastructure lifecycles across multiple cloud providers. The platform emphasizes type-safety,
configuration-driven design, and workspace-first organization.</p>
<h2 id="key-features"><a class="header" href="#key-features">Key Features</a></h2>
<ul>
<li><strong>Workspace Management</strong>: Default mode for organizing infrastructure, settings, schemas, and extensions</li>
<li><strong>Type-Safe Configuration</strong>: Nickel-based configuration system with validation and contracts</li>
<li><strong>Multi-Cloud Support</strong>: Unified interface for AWS, UpCloud, and local providers</li>
<li><strong>Modular CLI Architecture</strong>: 111+ commands with 84% code reduction through modularity</li>
<li><strong>Batch Workflow Engine</strong>: Orchestrate complex multi-cloud operations</li>
<li><strong>Complete Security System</strong>: Authentication, authorization, encryption, and compliance</li>
<li><strong>Extensible Architecture</strong>: Custom providers, task services, and plugins</li>
</ul>
<h2 id="getting-started"><a class="header" href="#getting-started">Getting Started</a></h2>
<p>New users should start with:</p>
<ol>
<li><a href="getting-started/prerequisites.html">Prerequisites</a> - System requirements and dependencies</li>
<li><a href="getting-started/installation.html">Installation</a> - Install the platform</li>
<li><a href="getting-started/quick-start.html">Quick Start</a> - 5-minute deployment tutorial</li>
<li><a href="getting-started/first-deployment.html">First Deployment</a> - Comprehensive walkthrough</li>
</ol>
<h2 id="documentation-structure"><a class="header" href="#documentation-structure">Documentation Structure</a></h2>
<pre><code class="language-plaintext">provisioning/docs/src/
├── README.md (this file) # Documentation hub
├── getting-started/ # Getting started guides
│ ├── installation-guide.md
│ ├── getting-started.md
│ └── quickstart-cheatsheet.md
├── architecture/ # System architecture
│ ├── adr/ # Architecture Decision Records
│ ├── design-principles.md
│ ├── integration-patterns.md
│ ├── system-overview.md
│ └── ... (and 10+ more architecture docs)
├── infrastructure/ # Infrastructure guides
│ ├── cli-reference.md
│ ├── workspace-setup.md
│ ├── workspace-switching-guide.md
│ └── infrastructure-management.md
├── api-reference/ # API documentation
│ ├── rest-api.md
│ ├── websocket.md
│ ├── integration-examples.md
│ └── sdks.md
├── development/ # Developer guides
│ ├── README.md
│ ├── implementation-guide.md
│ ├── quick-provider-guide.md
│ ├── taskserv-developer-guide.md
│ └── ... (15+ more developer docs)
├── guides/ # How-to guides
│ ├── from-scratch.md
│ ├── update-infrastructure.md
│ └── customize-infrastructure.md
├── operations/ # Operations guides
│ ├── service-management-guide.md
│ ├── coredns-guide.md
│ └── ... (more operations docs)
├── security/ # Security docs
├── integration/ # Integration guides
├── testing/ # Testing docs
├── configuration/ # Configuration docs
├── troubleshooting/ # Troubleshooting guides
└── quick-reference/ # Quick references
</code></pre>
<hr />
<h2 id="key-concepts"><a class="header" href="#key-concepts">Key Concepts</a></h2>
<h3 id="infrastructure-as-code-iac"><a class="header" href="#infrastructure-as-code-iac">Infrastructure as Code (IaC)</a></h3>
<p>The provisioning platform uses <strong>declarative configuration</strong> to manage infrastructure. Instead of manually creating resources, you define what you
want in Nickel configuration files, and the system makes it happen.</p>
<h3 id="mode-based-architecture"><a class="header" href="#mode-based-architecture">Mode-Based Architecture</a></h3>
<p>The system supports four operational modes:</p>
<ul>
<li><strong>Solo</strong>: Single developer local development</li>
<li><strong>Multi-user</strong>: Team collaboration with shared services</li>
<li><strong>CI/CD</strong>: Automated pipeline execution</li>
<li><strong>Enterprise</strong>: Production deployment with strict compliance</li>
<li><strong>Getting Started</strong>: Installation and initial setup</li>
<li><strong>User Guides</strong>: Workflow tutorials and best practices</li>
<li><strong>Infrastructure as Code</strong>: Nickel configuration and schema reference</li>
<li><strong>Platform Features</strong>: Core capabilities and systems</li>
<li><strong>Operations</strong>: Deployment, monitoring, and maintenance</li>
<li><strong>Security</strong>: Complete security system documentation</li>
<li><strong>Development</strong>: Extension and plugin development</li>
<li><strong>API Reference</strong>: REST API and CLI command reference</li>
<li><strong>Architecture</strong>: System design and ADRs</li>
<li><strong>Examples</strong>: Practical use cases and patterns</li>
<li><strong>Troubleshooting</strong>: Problem-solving guides</li>
</ul>
<h3 id="extension-system"><a class="header" href="#extension-system">Extension System</a></h3>
<p>Extensibility through:</p>
<h2 id="core-technologies"><a class="header" href="#core-technologies">Core Technologies</a></h2>
<ul>
<li><strong>Providers</strong>: Cloud platform integrations (AWS, UpCloud, Local)</li>
<li><strong>Task Services</strong>: Infrastructure components (Kubernetes, databases, etc.)</li>
<li><strong>Clusters</strong>: Complete deployment configurations</li>
<li><strong>Rust</strong>: Platform services and performance-critical components</li>
<li><strong>Nushell</strong>: Scripting, CLI, and automation</li>
<li><strong>Nickel</strong>: Type-safe infrastructure configuration</li>
<li><strong>SecretumVault</strong>: Secrets management integration</li>
</ul>
<h3 id="oci-native-distribution"><a class="header" href="#oci-native-distribution">OCI-Native Distribution</a></h3>
<p>Extensions and packages distributed as OCI artifacts, enabling:</p>
<h2 id="workspace-first-approach"><a class="header" href="#workspace-first-approach">Workspace-First Approach</a></h2>
<p>Provisioning uses workspaces as the default organizational unit. A workspace contains:</p>
<ul>
<li>Industry-standard packaging</li>
<li>Efficient caching and bandwidth</li>
<li>Version pinning and rollback</li>
<li>Air-gapped deployments</li>
<li>Infrastructure definitions (Nickel schemas)</li>
<li>Environment-specific settings</li>
<li>Custom extensions and providers</li>
<li>Deployment state and metadata</li>
</ul>
<hr />
<h2 id="documentation-by-role"><a class="header" href="#documentation-by-role">Documentation by Role</a></h2>
<h3 id="for-new-users"><a class="header" href="#for-new-users">For New Users</a></h3>
<ol>
<li>Start with <strong><a href="getting-started/installation-guide.html">Installation Guide</a></strong></li>
<li>Read <strong><a href="getting-started/getting-started.html">Getting Started</a></strong></li>
<li>Follow <strong><a href="guides/from-scratch.html">From Scratch Guide</a></strong></li>
<li>Reference <strong><a href="guides/quickstart-cheatsheet.html">Quickstart Cheatsheet</a></strong></li>
</ol>
<h3 id="for-developers"><a class="header" href="#for-developers">For Developers</a></h3>
<ol>
<li>Review <strong><a href="architecture/system-overview.html">System Overview</a></strong></li>
<li>Study <strong><a href="architecture/design-principles.html">Design Principles</a></strong></li>
<li>Read relevant <strong><a href="architecture/">ADRs</a></strong></li>
<li>Follow <strong><a href="development/README.html">Development Guide</a></strong></li>
<li>Reference <strong>Nickel Quick Reference</strong></li>
</ol>
<h3 id="for-operators"><a class="header" href="#for-operators">For Operators</a></h3>
<ol>
<li>Understand <strong><a href="infrastructure/mode-system">Mode System</a></strong></li>
<li>Learn <strong><a href="operations/service-management-guide.html">Service Management</a></strong></li>
<li>Review <strong><a href="infrastructure/infrastructure-management.html">Infrastructure Management</a></strong></li>
<li>Study <strong><a href="integration/oci-registry-guide.html">OCI Registry</a></strong></li>
</ol>
<h3 id="for-architects"><a class="header" href="#for-architects">For Architects</a></h3>
<ol>
<li>Read <strong><a href="architecture/system-overview.html">System Overview</a></strong></li>
<li>Study all <strong><a href="architecture/">ADRs</a></strong></li>
<li>Review <strong><a href="architecture/integration-patterns.html">Integration Patterns</a></strong></li>
<li>Understand <strong><a href="architecture/multi-repo-architecture.html">Multi-Repo Architecture</a></strong></li>
</ol>
<hr />
<h2 id="system-capabilities"><a class="header" href="#system-capabilities">System Capabilities</a></h2>
<h3 id="-infrastructure-automation"><a class="header" href="#-infrastructure-automation">✅ Infrastructure Automation</a></h3>
<p>All operations work within workspace context, providing isolation and consistency.</p>
<h2 id="support-and-community"><a class="header" href="#support-and-community">Support and Community</a></h2>
<ul>
<li>Multi-cloud support (AWS, UpCloud, Local)</li>
<li>Declarative configuration with Nickel</li>
<li>Automated dependency resolution</li>
<li>Batch operations with rollback</li>
<li><strong>Issues</strong>: Report bugs and request features on GitHub</li>
<li><strong>Documentation</strong>: This documentation site</li>
<li><strong>Examples</strong>: See the <a href="examples/README.html">Examples</a> section</li>
</ul>
<h3 id="-workflow-orchestration"><a class="header" href="#-workflow-orchestration">✅ Workflow Orchestration</a></h3>
<ul>
<li>Hybrid Rust/Nushell orchestration</li>
<li>Checkpoint-based recovery</li>
<li>Parallel execution with limits</li>
<li>Real-time monitoring</li>
</ul>
<h3 id="-test-environments"><a class="header" href="#-test-environments">✅ Test Environments</a></h3>
<ul>
<li>Containerized testing</li>
<li>Multi-node cluster simulation</li>
<li>Topology templates</li>
<li>Automated cleanup</li>
</ul>
<h3 id="-mode-based-operation"><a class="header" href="#-mode-based-operation">✅ Mode-Based Operation</a></h3>
<ul>
<li>Solo: Local development</li>
<li>Multi-user: Team collaboration</li>
<li>CI/CD: Automated pipelines</li>
<li>Enterprise: Production deployment</li>
</ul>
<h3 id="-extension-management"><a class="header" href="#-extension-management">✅ Extension Management</a></h3>
<ul>
<li>OCI-native distribution</li>
<li>Automatic dependency resolution</li>
<li>Version management</li>
<li>Local and remote sources</li>
</ul>
<hr />
<h2 id="key-achievements"><a class="header" href="#key-achievements">Key Achievements</a></h2>
<h3 id="-batch-workflow-system-v310"><a class="header" href="#-batch-workflow-system-v310">🚀 Batch Workflow System (v3.1.0)</a></h3>
<ul>
<li>Provider-agnostic batch operations</li>
<li>Mixed provider support (UpCloud + AWS + local)</li>
<li>Dependency resolution with soft/hard dependencies</li>
<li>Real-time monitoring and rollback</li>
</ul>
<h3 id="-hybrid-orchestrator-v300"><a class="header" href="#-hybrid-orchestrator-v300">🏗️ Hybrid Orchestrator (v3.0.0)</a></h3>
<ul>
<li>Solves Nushell deep call stack limitations</li>
<li>Preserves all business logic</li>
<li>REST API for external integration</li>
<li>Checkpoint-based state management</li>
</ul>
<h3 id="-configuration-system-v200"><a class="header" href="#-configuration-system-v200">⚙️ Configuration System (v2.0.0)</a></h3>
<ul>
<li>Migrated from ENV to config-driven</li>
<li>Hierarchical configuration loading</li>
<li>Variable interpolation</li>
<li>True IaC without hardcoded fallbacks</li>
</ul>
<h3 id="-modular-cli-v320"><a class="header" href="#-modular-cli-v320">🎯 Modular CLI (v3.2.0)</a></h3>
<ul>
<li>84% reduction in main file size</li>
<li>Domain-driven handlers</li>
<li>80+ shortcuts</li>
<li>Bi-directional help system</li>
</ul>
<h3 id="-test-environment-service-v340"><a class="header" href="#-test-environment-service-v340">🧪 Test Environment Service (v3.4.0)</a></h3>
<ul>
<li>Automated containerized testing</li>
<li>Multi-node cluster topologies</li>
<li>CI/CD integration ready</li>
<li>Template-based configurations</li>
</ul>
<h3 id="-workspace-switching-v205"><a class="header" href="#-workspace-switching-v205">🔄 Workspace Switching (v2.0.5)</a></h3>
<ul>
<li>Centralized workspace management</li>
<li>Single-command workspace switching</li>
<li>Active workspace tracking</li>
<li>User preference system</li>
</ul>
<hr />
<h2 id="technology-stack"><a class="header" href="#technology-stack">Technology Stack</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Component</th><th>Technology</th><th>Purpose</th></tr></thead><tbody>
<tr><td><strong>Core CLI</strong></td><td>Nushell 0.107.1</td><td>Shell and scripting</td></tr>
<tr><td><strong>Configuration</strong></td><td>Nickel 1.0.0+</td><td>Type-safe IaC</td></tr>
<tr><td><strong>Orchestrator</strong></td><td>Rust</td><td>High-performance coordination</td></tr>
<tr><td><strong>Templates</strong></td><td>Jinja2 (nu_plugin_tera)</td><td>Code generation</td></tr>
<tr><td><strong>Secrets</strong></td><td>SOPS 3.10.2 + Age 1.2.1</td><td>Encryption</td></tr>
<tr><td><strong>Distribution</strong></td><td>OCI (skopeo/crane/oras)</td><td>Artifact management</td></tr>
</tbody></table>
</div>
<hr />
<h2 id="support"><a class="header" href="#support">Support</a></h2>
<h3 id="getting-help"><a class="header" href="#getting-help">Getting Help</a></h3>
<ul>
<li><strong>Documentation</strong>: Youre reading it!</li>
<li><strong>Quick Reference</strong>: Run <code>provisioning sc</code> or <code>provisioning guide quickstart</code></li>
<li><strong>Help System</strong>: Run <code>provisioning help</code> or <code>provisioning &lt;command&gt; help</code></li>
<li><strong>Interactive Shell</strong>: Run <code>provisioning nu</code> for Nushell REPL</li>
</ul>
<h3 id="reporting-issues"><a class="header" href="#reporting-issues">Reporting Issues</a></h3>
<ul>
<li>Check <strong><a href="infrastructure/troubleshooting-guide.html">Troubleshooting Guide</a></strong></li>
<li>Review <strong><a href="troubleshooting/troubleshooting-guide.html">FAQ</a></strong></li>
<li>Enable debug mode: <code>provisioning --debug &lt;command&gt;</code></li>
<li>Check logs: <code>provisioning platform logs &lt;service&gt;</code></li>
</ul>
<hr />
<h2 id="contributing"><a class="header" href="#contributing">Contributing</a></h2>
<p>This project welcomes contributions! See <strong><a href="development/README.html">Development Guide</a></strong> for:</p>
<ul>
<li>Development setup</li>
<li>Code style guidelines</li>
<li>Testing requirements</li>
<li>Pull request process</li>
</ul>
<hr />
<h2 id="license"><a class="header" href="#license">License</a></h2>
<p>[Add license information]</p>
<hr />
<h2 id="version-history"><a class="header" href="#version-history">Version History</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Version</th><th>Date</th><th>Major Changes</th></tr></thead><tbody>
<tr><td><strong>3.5.0</strong></td><td>2025-10-06</td><td>Mode system, OCI registry, comprehensive documentation</td></tr>
<tr><td><strong>3.4.0</strong></td><td>2025-10-06</td><td>Test environment service</td></tr>
<tr><td><strong>3.3.0</strong></td><td>2025-09-30</td><td>Interactive guides system</td></tr>
<tr><td><strong>3.2.0</strong></td><td>2025-09-30</td><td>Modular CLI refactoring</td></tr>
<tr><td><strong>3.1.0</strong></td><td>2025-09-25</td><td>Batch workflow system</td></tr>
<tr><td><strong>3.0.0</strong></td><td>2025-09-25</td><td>Hybrid orchestrator architecture</td></tr>
<tr><td><strong>2.0.5</strong></td><td>2025-10-02</td><td>Workspace switching system</td></tr>
<tr><td><strong>2.0.0</strong></td><td>2025-09-23</td><td>Configuration system migration</td></tr>
</tbody></table>
</div>
<hr />
<p><strong>Maintained By</strong>: Provisioning Team
<strong>Last Review</strong>: 2025-10-06
<strong>Next Review</strong>: 2026-01-06</p>
<p>See project LICENSE file for details.</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="next prefetch" href="getting-started/installation-guide.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next prefetch" href="getting-started/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
@ -530,20 +258,44 @@ want in Nickel configuration files, and the system makes it happen.</p>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="next prefetch" href="getting-started/installation-guide.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<a rel="next prefetch" href="getting-started/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_line_numbers = true;
</script>
<script>
window.playground_copyable = true;
</script>
<script src="ace.js"></script>
<script src="mode-rust.js"></script>
<script src="editor.js"></script>
<script src="theme-dawn.js"></script>
<script src="theme-tomorrow_night.js"></script>
<script src="elasticlunr.min.js"></script>
<script src="mark.min.js"></script>

101909
docs/book/print.html
View File

File diff suppressed because it is too large Load Diff

2
docs/book/searchindex.js
View File

File diff suppressed because one or more lines are too long

4
docs/book/toc.html
View File

File diff suppressed because one or more lines are too long

2
docs/book/toc.js
View File

File diff suppressed because one or more lines are too long

1
docs/examples/workspaces/cost-optimized/README.md
View File

@ -1 +0,0 @@
# Cost-Optimized Multi-Provider Workspace

227
docs/examples/workspaces/cost-optimized/index.html
View File

@ -1,227 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Cost-Optimized Multi-Provider Workspace - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../../../favicon.svg">
<link rel="shortcut icon" href="../../../favicon.png">
<link rel="stylesheet" href="../../../css/variables.css">
<link rel="stylesheet" href="../../../css/general.css">
<link rel="stylesheet" href="../../../css/chrome.css">
<link rel="stylesheet" href="../../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../../../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../../../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../../../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../../../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../../../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/../examples/workspaces/cost-optimized/README.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="cost-optimized-multi-provider-workspace"><a class="header" href="#cost-optimized-multi-provider-workspace">Cost-Optimized Multi-Provider Workspace</a></h1>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../../../examples/workspaces/multi-region-ha/index.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../quick-reference/master.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../../../examples/workspaces/multi-region-ha/index.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../quick-reference/master.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../../../elasticlunr.min.js"></script>
<script src="../../../mark.min.js"></script>
<script src="../../../searcher.js"></script>
<script src="../../../clipboard.min.js"></script>
<script src="../../../highlight.js"></script>
<script src="../../../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

1
docs/examples/workspaces/multi-provider-web-app/README.md
View File

@ -1 +0,0 @@
# Multi-Provider Web App Workspace

227
docs/examples/workspaces/multi-provider-web-app/index.html
View File

@ -1,227 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Multi-Provider Web App Workspace - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../../../favicon.svg">
<link rel="shortcut icon" href="../../../favicon.png">
<link rel="stylesheet" href="../../../css/variables.css">
<link rel="stylesheet" href="../../../css/general.css">
<link rel="stylesheet" href="../../../css/chrome.css">
<link rel="stylesheet" href="../../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../../../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../../../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../../../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../../../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../../../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/../examples/workspaces/multi-provider-web-app/README.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="multi-provider-web-app-workspace"><a class="header" href="#multi-provider-web-app-workspace">Multi-Provider Web App Workspace</a></h1>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../../guides/provider-hetzner.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../../examples/workspaces/multi-region-ha/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../../guides/provider-hetzner.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../../examples/workspaces/multi-region-ha/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../../../elasticlunr.min.js"></script>
<script src="../../../mark.min.js"></script>
<script src="../../../searcher.js"></script>
<script src="../../../clipboard.min.js"></script>
<script src="../../../highlight.js"></script>
<script src="../../../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

1
docs/examples/workspaces/multi-region-ha/README.md
View File

@ -1 +0,0 @@
# Multi-Region High Availability Workspace

227
docs/examples/workspaces/multi-region-ha/index.html
View File

@ -1,227 +0,0 @@
<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Multi-Region High Availability Workspace - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, Nickel, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../../../favicon.svg">
<link rel="shortcut icon" href="../../../favicon.png">
<link rel="stylesheet" href="../../../css/variables.css">
<link rel="stylesheet" href="../../../css/general.css">
<link rel="stylesheet" href="../../../css/chrome.css">
<link rel="stylesheet" href="../../../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../../../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../../../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../../../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../../../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../../../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../../../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../../../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../../../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../../../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/../examples/workspaces/multi-region-ha/README.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="multi-region-high-availability-workspace"><a class="header" href="#multi-region-high-availability-workspace">Multi-Region High Availability Workspace</a></h1>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../../../../examples/workspaces/multi-provider-web-app/index.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../../examples/workspaces/cost-optimized/index.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../../../../examples/workspaces/multi-provider-web-app/index.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../../../../examples/workspaces/cost-optimized/index.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../../../elasticlunr.min.js"></script>
<script src="../../../mark.min.js"></script>
<script src="../../../searcher.js"></script>
<script src="../../../clipboard.min.js"></script>
<script src="../../../highlight.js"></script>
<script src="../../../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>

74
docs/fix-markdown.nu Normal file
View File

@ -0,0 +1,74 @@
#!/usr/bin/env nu
# Fix markdown linting errors in documentation
def fix-code-fences [] {
let files = glob "src/architecture/*.md"
for $file in $files {
print $"Processing $file"
let content = open $file
# Replace ``` with ```text for architecture diagrams
let fixed = $content
| str replace --all -r '```\n┌' '```text\n┌'
| str replace --all -r '```\n{' '```nickel\n{'
| str replace --all -r '```\n\[' '```yaml\n['
| str replace --all -r '```\nuser:' '```yaml\nuser:'
| str replace --all -r '```\nexport' '```nushell\nexport'
| str replace --all -r '```\nlet' '```nushell\nlet'
| str replace --all -r '```\npub' '```rust\npub'
| str replace --all -r '```\n#' '```bash\n#'
| str replace --all -r '```\nname:' '```yaml\nname:'
| str replace --all -r '```\npermit' '```cedar\npermit'
save -f $file $fixed
}
}
def fix-table-spacing [] {
let files = glob "src/architecture/*.md"
for $file in $files {
print $"Fixing tables in $file"
let content = open $file
# Fix table spacing - ensure | text | format
let fixed = $content
| str replace --all '|---|---|---|' '| --- | --- | --- |'
| str replace --all '|------|------|------|' '| ------ | ------ | ------ |'
| str replace --all '|----|---|' '| ---- | --- |'
| str replace --all '|----|----|----|' '| ---- | ---- | ---- |'
| str replace --all '|---|' '| --- |'
save -f $file $fixed
}
}
def fix-heading-punctuation [] {
let files = glob "src/architecture/*.md"
for $file in $files {
print $"Fixing headings in $file"
let content = open $file
# Remove trailing colons from headings
let fixed = $content
| str replace --all -r '#### \*\*Other Services\*\*:' '#### Other Services'
| str replace --all -r '## (.*):$' '## $1'
| str replace --all -r '### (.*):$' '### $1'
| str replace --all -r '#### (.*):$' '#### $1'
save -f $file $fixed
}
}
# Main execution
print "Fixing markdown errors..."
fix-code-fences
fix-table-spacing
fix-heading-punctuation
print "Done!"

944
docs/src/PROVISIONING.md
View File

@ -1,944 +0,0 @@
<p align="center">
<img src="resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
<p align="center">
<img src="resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
# Provisioning - Infrastructure Automation Platform
> **A modular, declarative Infrastructure as Code (IaC) platform for managing complete infrastructure lifecycles**
## Table of Contents
- [What is Provisioning?](#what-is-provisioning)
- [Why Provisioning?](#why-provisioning)
- [Core Concepts](#core-concepts)
- [Architecture](#architecture)
- [Key Features](#key-features)
- [Technology Stack](#technology-stack)
- [How It Works](#how-it-works)
- [Use Cases](#use-cases)
- [Getting Started](#getting-started)
---
## What is Provisioning
**Provisioning** is a comprehensive **Infrastructure as Code (IaC)** platform designed to manage
complete infrastructure lifecycles: cloud providers, infrastructure services, clusters,
and isolated workspaces across multiple cloud/local environments.
Extensible and customizable by design, it delivers type-safe, configuration-driven workflows
with enterprise security (encrypted configuration, Cosmian KMS integration, Cedar policy engine,
secrets management, authorization and permissions control, compliance checking, anomaly detection)
and adaptable deployment modes (interactive UI, CLI automation, unattended CI/CD)
suitable for any scale from development to production.
### Technical Definition
Declarative Infrastructure as Code (IaC) platform providing:
- **Type-safe, configuration-driven workflows** with schema validation and constraint checking
- **Modular, extensible architecture**: cloud providers, task services, clusters, workspaces
- **Multi-cloud abstraction layer** with unified API (UpCloud, AWS, local infrastructure)
- **High-performance state management**:
- Graph database backend for complex relationships
- Real-time state tracking and queries
- Multi-model data storage (document, graph, relational)
- **Enterprise security stack**:
- Encrypted configuration and secrets management
- Cosmian KMS integration for confidential key management
- Cedar policy engine for fine-grained access control
- Authorization and permissions control via platform services
- Compliance checking and policy enforcement
- Anomaly detection for security monitoring
- Audit logging and compliance tracking
- **Hybrid orchestration**: Rust-based performance layer + scripting flexibility
- **Production-ready features**:
- Batch workflows with dependency resolution
- Checkpoint recovery and automatic rollback
- Parallel execution with state management
- **Adaptable deployment modes**:
- Interactive TUI for guided setup
- Headless CLI for scripted automation
- Unattended mode for CI/CD pipelines
- **Hierarchical configuration system** with inheritance and overrides
### What It Does
- **Provisions Infrastructure** - Create servers, networks, storage across multiple cloud providers
- **Installs Services** - Deploy Kubernetes, containerd, databases, monitoring, and 50+ infrastructure components
- **Manages Clusters** - Orchestrate complete cluster deployments with dependency management
- **Handles Configuration** - Hierarchical configuration system with inheritance and overrides
- **Orchestrates Workflows** - Batch operations with parallel execution and checkpoint recovery
- **Manages Secrets** - SOPS/Age integration for encrypted configuration
---
## Why Provisioning
### The Problems It Solves
#### 1. **Multi-Cloud Complexity**
**Problem**: Each cloud provider has different APIs, tools, and workflows.
**Solution**: Unified abstraction layer with provider-agnostic interfaces. Write configuration once, deploy anywhere.
```toml
# Same configuration works on UpCloud, AWS, or local infrastructure
server: Server {
name = "web-01"
plan = "medium" # Abstract size, provider-specific translation
provider = "upcloud" # Switch to "aws" or "local" as needed
}
```
#### 2. **Dependency Hell**
**Problem**: Infrastructure components have complex dependencies (Kubernetes needs containerd, Cilium needs Kubernetes, etc.).
**Solution**: Automatic dependency resolution with topological sorting and health checks.
```bash
# Provisioning resolves: containerd → etcd → kubernetes → cilium
taskservs = ["cilium"] # Automatically installs all dependencies
```
#### 3. **Configuration Sprawl**
**Problem**: Environment variables, hardcoded values, scattered configuration files.
**Solution**: Hierarchical configuration system with 476+ config accessors replacing 200+ ENV variables.
```toml
Defaults → User → Project → Infrastructure → Environment → Runtime
```
#### 4. **Imperative Scripts**
**Problem**: Brittle shell scripts that don't handle failures, don't support rollback, hard to maintain.
**Solution**: Declarative Nickel configurations with validation, type safety, and automatic rollback.
#### 5. **Lack of Visibility**
**Problem**: No insight into what's happening during deployment, hard to debug failures.
**Solution**:
- Real-time workflow monitoring
- Comprehensive logging system
- Web-based control center
- REST API for integration
#### 6. **No Standardization**
**Problem**: Each team builds their own deployment tools, no shared patterns.
**Solution**: Reusable task services, cluster templates, and workflow patterns.
---
## Core Concepts
### 1. **Providers**
Cloud infrastructure backends that handle resource provisioning.
- **UpCloud** - Primary cloud provider
- **AWS** - Amazon Web Services integration
- **Local** - Local infrastructure (VMs, Docker, bare metal)
Providers implement a common interface, making infrastructure code portable.
### 2. **Task Services (TaskServs)**
Reusable infrastructure components that can be installed on servers.
**Categories**:
- **Container Runtimes** - containerd, Docker, Podman, crun, runc, youki
- **Orchestration** - Kubernetes, etcd, CoreDNS
- **Networking** - Cilium, Flannel, Calico, ip-aliases
- **Storage** - Rook-Ceph, local storage
- **Databases** - PostgreSQL, Redis, SurrealDB
- **Observability** - Prometheus, Grafana, Loki
- **Security** - Webhook, KMS, Vault
- **Development** - Gitea, Radicle, ORAS
Each task service includes:
- Version management
- Dependency declarations
- Health checks
- Installation/uninstallation logic
- Configuration schemas
### 3. **Clusters**
Complete infrastructure deployments combining servers and task services.
**Examples**:
- **Kubernetes Cluster** - HA control plane + worker nodes + CNI + storage
- **Database Cluster** - Replicated PostgreSQL with backup
- **Build Infrastructure** - BuildKit + container registry + CI/CD
Clusters handle:
- Multi-node coordination
- Service distribution
- High availability
- Rolling updates
### 4. **Workspaces**
Isolated environments for different projects or deployment stages.
```bash
workspace_librecloud/ # Production workspace
├── infra/ # Infrastructure definitions
├── config/ # Workspace configuration
├── extensions/ # Custom modules
└── runtime/ # State and runtime data
workspace_dev/ # Development workspace
├── infra/
└── config/
```
Switch between workspaces with single command:
```bash
provisioning workspace switch librecloud
```
### 5. **Workflows**
Coordinated sequences of operations with dependency management.
**Types**:
- **Server Workflows** - Create/delete/update servers
- **TaskServ Workflows** - Install/remove infrastructure services
- **Cluster Workflows** - Deploy/scale complete clusters
- **Batch Workflows** - Multi-cloud parallel operations
**Features**:
- Dependency resolution
- Parallel execution
- Checkpoint recovery
- Automatic rollback
- Progress monitoring
---
## Architecture
### System Components
```bash
┌─────────────────────────────────────────────────────────────────┐
│ User Interface Layer │
│ • CLI (provisioning command) │
│ • Web Control Center (UI) │
│ • REST API │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Core Engine Layer │
│ • Command Routing & Dispatch │
│ • Configuration Management │
│ • Provider Abstraction │
│ • Utility Libraries │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Orchestration Layer │
│ • Workflow Orchestrator (Rust/Nushell hybrid) │
│ • Dependency Resolver │
│ • State Manager │
│ • Task Scheduler │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Extension Layer │
│ • Providers (Cloud APIs) │
│ • Task Services (Infrastructure Components) │
│ • Clusters (Complete Deployments) │
│ • Workflows (Automation Templates) │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Infrastructure Layer │
│ • Cloud Resources (Servers, Networks, Storage) │
│ • Kubernetes Clusters │
│ • Running Services │
└─────────────────────────────────────────────────────────────────┘
```
### Directory Structure
```bash
project-provisioning/
├── provisioning/ # Core provisioning system
│ ├── core/ # Core engine and libraries
│ │ ├── cli/ # Command-line interface
│ │ ├── nulib/ # Core Nushell libraries
│ │ ├── plugins/ # System plugins
│ │ └── scripts/ # Utility scripts
│ │
│ ├── extensions/ # Extensible components
│ │ ├── providers/ # Cloud provider implementations
│ │ ├── taskservs/ # Infrastructure service definitions
│ │ ├── clusters/ # Complete cluster configurations
│ │ └── workflows/ # Core workflow templates
│ │
│ ├── platform/ # Platform services
│ │ ├── orchestrator/ # Rust orchestrator service
│ │ ├── control-center/ # Web control center
│ │ ├── mcp-server/ # Model Context Protocol server
│ │ ├── api-gateway/ # REST API gateway
│ │ ├── oci-registry/ # OCI registry for extensions
│ │ └── installer/ # Platform installer (TUI + CLI)
│ │
│ ├── schemas/ # Nickel configuration schemas
│ ├── config/ # Configuration files
│ ├── templates/ # Template files
│ └── tools/ # Build and distribution tools
├── workspace/ # User workspaces and data
│ ├── infra/ # Infrastructure definitions
│ ├── config/ # User configuration
│ ├── extensions/ # User extensions
│ └── runtime/ # Runtime data and state
└── docs/ # Documentation
├── user/ # User guides
├── api/ # API documentation
├── architecture/ # Architecture docs
└── development/ # Development guides
```
### Platform Services
#### 1. **Orchestrator** (`platform/orchestrator/`)
- **Language**: Rust + Nushell
- **Purpose**: Workflow execution, task scheduling, state management
- **Features**:
- File-based persistence
- Priority processing
- Retry logic with exponential backoff
- Checkpoint-based recovery
- REST API endpoints
#### 2. **Control Center** (`platform/control-center/`)
- **Language**: Web UI + Backend API
- **Purpose**: Web-based infrastructure management
- **Features**:
- Dashboard views
- Real-time monitoring
- Interactive deployments
- Log viewing
#### 3. **MCP Server** (`platform/mcp-server/`)
- **Language**: Nushell
- **Purpose**: Model Context Protocol integration for AI assistance
- **Features**:
- 7 AI-powered settings tools
- Intelligent config completion
- Natural language infrastructure queries
#### 4. **OCI Registry** (`platform/oci-registry/`)
- **Purpose**: Extension distribution and versioning
- **Features**:
- Task service packages
- Provider packages
- Cluster templates
- Workflow definitions
#### 5. **Installer** (`platform/installer/`)
- **Language**: Rust (Ratatui TUI) + Nushell
- **Purpose**: Platform installation and setup
- **Features**:
- Interactive TUI mode
- Headless CLI mode
- Unattended CI/CD mode
- Configuration generation
---
## Key Features
### 1. **Modular CLI Architecture** (v3.2.0)
84% code reduction with domain-driven design.
- **Main CLI**: 211 lines (from 1,329 lines)
- **80+ shortcuts**: `s``server`, `t``taskserv`, etc.
- **Bi-directional help**: `provisioning help ws` = `provisioning ws help`
- **7 domain modules**: infrastructure, orchestration, development, workspace, configuration, utilities, generation
### 2. **Configuration System** (v2.0.0)
Hierarchical, config-driven architecture.
- **476+ config accessors** replacing 200+ ENV variables
- **Hierarchical loading**: defaults → user → project → infra → env → runtime
- **Variable interpolation**: `{{paths.base}}`, `{{env.HOME}}`, `{{now.date}}`
- **Multi-format support**: TOML, YAML, Nickel
### 3. **Batch Workflow System** (v3.1.0)
Provider-agnostic batch operations with 85-90% token efficiency.
- **Multi-cloud support**: Mixed UpCloud + AWS + local in single workflow
- **Nickel schema integration**: Type-safe workflow definitions
- **Dependency resolution**: Topological sorting with soft/hard dependencies
- **State management**: Checkpoint-based recovery with rollback
- **Real-time monitoring**: Live progress tracking
### 4. **Hybrid Orchestrator** (v3.0.0)
Rust/Nushell architecture solving deep call stack limitations.
- **High-performance coordination layer**
- **File-based persistence**
- **Priority processing with retry logic**
- **REST API for external integration**
- **Comprehensive workflow system**
### 5. **Workspace Switching** (v2.0.5)
Centralized workspace management.
- **Single-command switching**: `provisioning workspace switch <name>`
- **Automatic tracking**: Last-used timestamps, active workspace markers
- **User preferences**: Global settings across all workspaces
- **Workspace registry**: Centralized configuration in `user_config.yaml`
### 6. **Interactive Guides** (v3.3.0)
Step-by-step walkthroughs and quick references.
- **Quick reference**: `provisioning sc` (fastest)
- **Complete guides**: from-scratch, update, customize
- **Copy-paste ready**: All commands include placeholders
- **Beautiful rendering**: Uses glow, bat, or less
### 7. **Test Environment Service** (v3.4.0)
Automated container-based testing.
- **Three test types**: Single taskserv, server simulation, multi-node clusters
- **Topology templates**: Kubernetes HA, etcd clusters, etc.
- **Auto-cleanup**: Optional automatic cleanup after tests
- **CI/CD integration**: Easy integration into pipelines
### 8. **Platform Installer** (v3.5.0)
Multi-mode installation system with TUI, CLI, and unattended modes.
- **Interactive TUI**: Beautiful Ratatui terminal UI with 7 screens
- **Headless Mode**: CLI automation for scripted installations
- **Unattended Mode**: Zero-interaction CI/CD deployments
- **Deployment Modes**: Solo (2 CPU/4 GB), MultiUser (4 CPU/8 GB), CICD (8 CPU/16 GB), Enterprise (16 CPU/32 GB)
- **MCP Integration**: 7 AI-powered settings tools for intelligent configuration
### 9. **Version Management**
Comprehensive version tracking and updates.
- **Automatic updates**: Check for taskserv updates
- **Version constraints**: Semantic versioning support
- **Grace periods**: Cached version checks
- **Update strategies**: major, minor, patch, none
---
## Technology Stack
### Core Technologies
| Technology | Version | Purpose | Why |
| ------------ | --------- | --------- | ----- |
| **Nushell** | 0.107.1+ | Primary shell and scripting language | Data pipelines, cross-platform, modern parsers |
| **Nickel** | 1.0.0+ | Configuration language | Type safety, schema validation, immutability, constraint checking |
| **Rust** | Latest | Platform services (orchestrator, control-center, installer) | Performance, memory safety, concurrency, reliability |
| **Tera** | Latest | Template engine | Jinja2-like syntax, configuration file rendering, variable interpolation, filters and functions |
### Data & State Management
| Technology | Version | Purpose | Features |
| ------------ | --------- | --------- | ---------- |
| **SurrealDB** | Latest | Graph database backend | Multi-model, real-time queries, distributed, relationships |
### Platform Services (Rust-based)
| Service | Purpose | Security Features |
| --------- | --------- | ------------------- |
| **Orchestrator** | Workflow execution, task scheduling, state management | File-based persistence, retry logic, checkpoint recovery |
| **Control Center** | Web-based infrastructure management | **Authorization and permissions control**, RBAC, audit logging |
| **Installer** | Platform installation (TUI + CLI modes) | Secure configuration generation, validation |
| **API Gateway** | REST API for external integration | Authentication, rate limiting, request validation |
### Security & Secrets
| Technology | Version | Purpose | Enterprise Features |
| ------------ | --------- | --------- | --------------------- |
| **SOPS** | 3.10.2+ | Secrets management | Encrypted configuration files |
| **Age** | 1.2.1+ | Encryption | Secure key-based encryption |
| **Cosmian KMS** | Latest | Key Management System | Confidential computing, secure key storage, cloud-native KMS |
| **Cedar** | Latest | Policy engine | Fine-grained access control, policy-as-code, compliance checking, anomaly detection |
### Optional Tools
| Tool | Purpose |
| ------ | --------- |
| **K9s** | Kubernetes management interface |
| **nu_plugin_tera** | Nushell plugin for Tera template rendering |
| **glow** | Markdown rendering for interactive guides |
| **bat** | Syntax highlighting for file viewing and guides |
---
## How It Works
### Data Flow
```bash
1. User defines infrastructure in Nickel
2. CLI loads configuration (hierarchical)
3. Configuration validated against schemas
4. Workflow created with operations
5. Orchestrator receives workflow
6. Dependencies resolved (topological sort)
7. Operations executed in order
8. Providers handle cloud operations
9. Task services installed on servers
10. State persisted and monitored
```
### Example Workflow: Deploy Kubernetes Cluster
**Step 1**: Define infrastructure in Nickel
```nickel
# infra/my-cluster.ncl
let config = {
infra = {
name = "my-cluster",
provider = "upcloud",
},
servers = [
{name = "control-01", plan = "medium", role = "control"},
{name = "worker-01", plan = "large", role = "worker"},
{name = "worker-02", plan = "large", role = "worker"},
],
taskservs = ["kubernetes", "cilium", "rook-ceph"],
} in
config
```
**Step 2**: Submit to Provisioning
```bash
provisioning server create --infra my-cluster
```
**Step 3**: Provisioning executes workflow
```bash
1. Create workflow: "deploy-my-cluster"
2. Resolve dependencies:
- containerd (required by kubernetes)
- etcd (required by kubernetes)
- kubernetes (explicitly requested)
- cilium (explicitly requested, requires kubernetes)
- rook-ceph (explicitly requested, requires kubernetes)
3. Execution order:
a. Provision servers (parallel)
b. Install containerd on all nodes
c. Install etcd on control nodes
d. Install kubernetes control plane
e. Join worker nodes
f. Install Cilium CNI
g. Install Rook-Ceph storage
4. Checkpoint after each step
5. Monitor health checks
6. Report completion
```
**Step 4**: Verify deployment
```bash
provisioning cluster status my-cluster
```
### Configuration Hierarchy
Configuration values are resolved through a hierarchy:
```toml
1. System Defaults (provisioning/config/config.defaults.toml)
↓ (overridden by)
2. User Preferences (~/.config/provisioning/user_config.yaml)
↓ (overridden by)
3. Workspace Config (workspace/config/provisioning.yaml)
↓ (overridden by)
4. Infrastructure Config (workspace/infra/<name>/config.toml)
↓ (overridden by)
5. Environment Config (workspace/config/prod-defaults.toml)
↓ (overridden by)
6. Runtime Flags (--flag value)
```
**Example**:
```bash
# System default
[servers]
default_plan = "small"
# User preference
[servers]
default_plan = "medium" # Overrides system default
# Infrastructure config
[servers]
default_plan = "large" # Overrides user preference
# Runtime
provisioning server create --plan xlarge # Overrides everything
```
---
## Use Cases
### 1. **Multi-Cloud Kubernetes Deployment**
Deploy Kubernetes clusters across different cloud providers with identical configuration.
```yaml
# UpCloud cluster
provisioning cluster create k8s-prod --provider upcloud
# AWS cluster (same config)
provisioning cluster create k8s-prod --provider aws
```
### 2. **Development → Staging → Production Pipeline**
Manage multiple environments with workspace switching.
```bash
# Development
provisioning workspace switch dev
provisioning cluster create app-stack
# Staging (same config, different resources)
provisioning workspace switch staging
provisioning cluster create app-stack
# Production (HA, larger resources)
provisioning workspace switch prod
provisioning cluster create app-stack
```
### 3. **Infrastructure as Code Testing**
Test infrastructure changes before deploying to production.
```bash
# Test Kubernetes upgrade locally
provisioning test topology load kubernetes_3node |
test env cluster kubernetes --version 1.29.0
# Verify functionality
provisioning test env run <env-id>
# Cleanup
provisioning test env cleanup <env-id>
```
### 4. **Batch Multi-Region Deployment**
Deploy to multiple regions in parallel.
```bash
# workflows/multi-region.ncl
let batch_workflow = {
operations = [
{
id = "eu-cluster",
type = "cluster",
region = "eu-west-1",
cluster = "app-stack",
},
{
id = "us-cluster",
type = "cluster",
region = "us-east-1",
cluster = "app-stack",
},
{
id = "asia-cluster",
type = "cluster",
region = "ap-south-1",
cluster = "app-stack",
},
],
parallel_limit = 3, # All at once
} in
batch_workflow
```
```bash
provisioning batch submit workflows/multi-region.ncl
provisioning batch monitor <workflow-id>
```
### 5. **Automated Disaster Recovery**
Recreate infrastructure from configuration.
```toml
# Infrastructure destroyed
provisioning workspace switch prod
# Recreate from config
provisioning cluster create --infra backup-restore --wait
# All services restored with same configuration
```
### 6. **CI/CD Integration**
Automated testing and deployment pipelines.
```bash
# .gitlab-ci.yml
test-infrastructure:
script:
- provisioning test quick kubernetes
- provisioning test quick postgres
deploy-staging:
script:
- provisioning workspace switch staging
- provisioning cluster create app-stack --check
- provisioning cluster create app-stack --yes
deploy-production:
when: manual
script:
- provisioning workspace switch prod
- provisioning cluster create app-stack --yes
```
---
## Getting Started
### Quick Start
1. **Install Prerequisites**
```bash
# Install Nushell
brew install nushell # macOS
# Install Nickel
brew install nickel # macOS
# Install SOPS (optional, for secrets)
brew install sops
```
1. **Add CLI to PATH**
```bash
ln -sf "$(pwd)/provisioning/core/cli/provisioning" /usr/local/bin/provisioning
```
2. **Initialize Workspace**
```bash
provisioning workspace init my-project
```
3. **Configure Provider**
```bash
# Edit workspace config
provisioning sops workspace/config/provisioning.yaml
```
4. **Deploy Infrastructure**
```bash
# Check what will be created
provisioning server create --check
# Create servers
provisioning server create --yes
# Install Kubernetes
provisioning taskserv create kubernetes
```
### Learning Path
1. **Start with Guides**
```bash
provisioning sc # Quick reference
provisioning guide from-scratch # Complete walkthrough
```
2. **Explore Examples**
```bash
ls provisioning/examples/
```
3. **Read Architecture Docs**
- [Architecture Overview](architecture/ARCHITECTURE_OVERVIEW.md)
- [Multi-Repo Strategy](architecture/multi-repo-strategy.md)
- [Integration Patterns](architecture/integration-patterns.md)
4. **Try Test Environments**
```bash
provisioning test quick kubernetes
provisioning test quick postgres
```
5. **Build Custom Extensions**
- Create custom task services
- Define cluster templates
- Write workflow automation
---
## Documentation Index
### User Documentation
- **[Quick Start Guide](quickstart/01-prerequisites.md)** - Get started in 10 minutes
- **[Service Management Guide](user/SERVICE_MANAGEMENT_GUIDE.md)** - Complete service reference
- **[Authentication Guide](user/AUTHENTICATION_LAYER_GUIDE.md)** - Authentication and security
- **[Workspace Switching Guide](user/WORKSPACE_SWITCHING_GUIDE.md)** - Workspace management
- **[Test Environment Guide](infrastructure/test-environment-guide.md)** - Testing infrastructure
### Architecture Documentation
- **[Architecture Overview](architecture/ARCHITECTURE_OVERVIEW.md)** - System architecture
- **[Multi-Repo Strategy](architecture/multi-repo-strategy.md)** - Repository organization
- **[Integration Patterns](architecture/integration-patterns.md)** - Integration design
- **[Orchestrator Integration](architecture/orchestrator-integration-model.md)** - Workflow execution
- **[ADR Index](architecture/adr/README.md)** - Architecture Decision Records
- **[Database Architecture](architecture/DATABASE_AND_CONFIG_ARCHITECTURE.md)** - Data layer design
### Development Documentation
- **[Development Workflow](development/workflow.md)** - Development process
- **[Integration Guide](development/integration.md)** - Integration patterns
- **[Command Handler Guide](development/COMMAND_HANDLER_GUIDE.md)** - CLI development
### API Documentation
- **[REST API](api-reference/rest-api.md)** - HTTP endpoints
- **[WebSocket API](api-reference/websocket.md)** - Real-time communication
- **[Extensions API](api-reference/extensions.md)** - Extension interface
- **[Integration Examples](api-reference/integration-examples.md)** - API usage examples
---
## Project Status
**Current Version**: Active Development (2025-10-07)
### Recent Milestones
- ✅ **v2.0.5** (2025-10-06) - Platform Installer with TUI and CI/CD modes
- ✅ **v2.0.4** (2025-10-06) - Test Environment Service with container management
- ✅ **v2.0.3** (2025-09-30) - Interactive Guides system
- ✅ **v2.0.2** (2025-09-30) - Modular CLI Architecture (84% code reduction)
- ✅ **v2.0.2** (2025-09-25) - Batch Workflow System (85-90% token efficiency)
- ✅ **v2.0.1** (2025-09-25) - Hybrid Orchestrator (Rust/Nushell)
- ✅ **v2.0.1** (2025-10-02) - Workspace Switching system
- ✅ **v2.0.0** (2025-09-23) - Configuration System (476+ accessors)
### Roadmap
- **Platform Services**
- [ ] Web Control Center UI completion
- [ ] API Gateway implementation
- [ ] Enhanced MCP server capabilities
- **Extension Ecosystem**
- [ ] OCI registry for extension distribution
- [ ] Community task service marketplace
- [ ] Cluster template library
- **Enterprise Features**
- [ ] Multi-tenancy support
- [ ] RBAC and audit logging
- [ ] Cost tracking and optimization
---
## Support and Community
### Getting Help
- **Documentation**: Start with `provisioning help` or `provisioning guide from-scratch`
- **Issues**: Report bugs and request features on the issue tracker
- **Discussions**: Join community discussions for questions and ideas
### Contributing
Contributions are welcome. See [CONTRIBUTING.md](docs/development/CONTRIBUTING.md) for guidelines.
**Key areas for contribution**:
- New task service definitions
- Cloud provider implementations
- Cluster templates
- Documentation improvements
- Bug fixes and testing
---
## License
See [LICENSE](LICENSE) file in project root.
---
**Maintained By**: Architecture Team
**Last Updated**: 2025-10-07
**Project Home**: [provisioning/](provisioning/)

408
docs/src/README.md
View File

@ -1,385 +1,79 @@
<p align="center">
<img src="resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
<img src="resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
<p align="center">
<img src="resources/logo-text.svg" alt="Provisioning" width="500"/>
<img src="resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
# Provisioning Platform Documentation
**Last Updated**: 2025-01-02 (Phase 3.A Cleanup Complete)
**Status**: ✅ Primary documentation source (145 files consolidated)
Welcome to the Provisioning Platform documentation. This is an enterprise-grade Infrastructure
as Code (IaC) platform built with Rust, Nushell, and Nickel.
Welcome to the comprehensive documentation for the Provisioning Platform - a modern, cloud-native infrastructure automation system built with Nushell,
Nickel, and Rust.
## What is Provisioning
> **Note**: Architecture Decision Records (ADRs) and design documentation are in `docs/`
> directory. This location contains user-facing, operational, and product documentation.
Provisioning is a comprehensive infrastructure automation platform that manages complete
infrastructure lifecycles across multiple cloud providers. The platform emphasizes type-safety,
configuration-driven design, and workspace-first organization.
---
## Key Features
## Quick Navigation
- **Workspace Management**: Default mode for organizing infrastructure, settings, schemas, and extensions
- **Type-Safe Configuration**: Nickel-based configuration system with validation and contracts
- **Multi-Cloud Support**: Unified interface for AWS, UpCloud, and local providers
- **Modular CLI Architecture**: 111+ commands with 84% code reduction through modularity
- **Batch Workflow Engine**: Orchestrate complex multi-cloud operations
- **Complete Security System**: Authentication, authorization, encryption, and compliance
- **Extensible Architecture**: Custom providers, task services, and plugins
### 🚀 Getting Started
## Getting Started
| Document | Description | Audience |
| ---------- | ------------- | ---------- |
| **[Installation Guide](getting-started/installation-guide.md)** | Install and configure the system | New Users |
| **[Getting Started](getting-started/getting-started.md)** | First steps and basic concepts | New Users |
| **[Quick Reference](getting-started/quickstart-cheatsheet.md)** | Command cheat sheet | All Users |
| **[From Scratch Guide](guides/from-scratch.md)** | Complete deployment walkthrough | New Users |
New users should start with:
### 📚 User Guides
| Document | Description |
| ---------- | ------------- |
| **[CLI Reference](infrastructure/cli-reference.md)** | Complete command reference |
| **[Workspace Management](infrastructure/workspace-setup.md)** | Workspace creation and management |
| **[Workspace Switching](infrastructure/workspace-switching-guide.md)** | Switch between workspaces |
| **[Infrastructure Management](infrastructure/infrastructure-management.md)** | Server, taskserv, cluster operations |
| **[Service Management](operations/service-management-guide.md)** | Platform service lifecycle management |
| **[OCI Registry](integration/oci-registry-guide.md)** | OCI artifact management |
| **[Gitea Integration](integration/gitea-integration-guide.md)** | Git workflow and collaboration |
| **[CoreDNS Guide](operations/coredns-guide.md)** | DNS management |
| **[Test Environments](testing/test-environment-usage.md)** | Containerized testing |
| **[Extension Development](development/extension-development.md)** | Create custom extensions |
### 🏗️ Architecture
| Document | Description |
| ---------- | ------------- |
| **[System Overview](architecture/system-overview.md)** | High-level architecture |
| **[Multi-Repo Architecture](architecture/multi-repo-architecture.md)** | Repository structure and OCI distribution |
| **[Design Principles](architecture/design-principles.md)** | Architectural philosophy |
| **[Integration Patterns](architecture/integration-patterns.md)** | System integration patterns |
| **[Orchestrator Model](architecture/orchestrator-integration-model.md)** | Hybrid orchestration architecture |
### 📋 Architecture Decision Records (ADRs)
| ADR | Title | Status |
| ----- | ------- | -------- |
| **[ADR-001](architecture/adr/adr-001-project-structure.md)** | Project Structure Decision | Accepted |
| **[ADR-002](architecture/adr/adr-002-distribution-strategy.md)** | Distribution Strategy | Accepted |
| **[ADR-003](architecture/adr/adr-003-workspace-isolation.md)** | Workspace Isolation | Accepted |
| **[ADR-004](architecture/adr/adr-004-hybrid-architecture.md)** | Hybrid Architecture | Accepted |
| **[ADR-005](architecture/adr/adr-005-extension-framework.md)** | Extension Framework | Accepted |
| **[ADR-006](architecture/adr/adr-006-provisioning-cli-refactoring.md)** | CLI Refactoring | Accepted |
### 🔌 API Documentation
| Document | Description |
| ---------- | ------------- |
| **[REST API](api-reference/rest-api.md)** | HTTP API endpoints |
| **[WebSocket API](api-reference/websocket.md)** | Real-time event streams |
| **[Extensions API](development/extensions.md)** | Extension integration APIs |
| **[SDKs](api-reference/sdks.md)** | Client libraries |
| **[Integration Examples](api-reference/integration-examples.md)** | API usage examples |
### 🛠️ Development
| Document | Description |
| ---------- | ------------- |
| **[Development README](development/README.md)** | Developer overview |
| **[Implementation Guide](development/implementation-guide.md)** | Implementation details |
| **[Provider Development](development/quick-provider-guide.md)** | Create cloud providers |
| **[Taskserv Development](development/taskserv-developer-guide.md)** | Create task services |
| **[Extension Framework](development/extensions.md)** | Extension system |
| **[Command Handlers](development/command-handler-guide.md)** | CLI command development |
### 🐛 Troubleshooting
| Document | Description |
| ---------- | ------------- |
| **[Troubleshooting Guide](troubleshooting/troubleshooting-guide.md)** | Common issues and solutions |
### 📖 How-To Guides
| Document | Description |
| ---------- | ------------- |
| **[From Scratch](guides/from-scratch.md)** | Complete deployment from zero |
| **[Update Infrastructure](guides/update-infrastructure.md)** | Safe update procedures |
| **[Customize Infrastructure](guides/customize-infrastructure.md)** | Layer and template customization |
### 🔐 Configuration
| Document | Description |
| ---------- | ------------- |
| **[Workspace Config Architecture](configuration/workspace-config-architecture.md)** | Configuration architecture |
### 📦 Quick References
| Document | Description |
| ---------- | ------------- |
| **[Quickstart Cheatsheet](getting-started/quickstart-cheatsheet.md)** | Command shortcuts |
| **[OCI Quick Reference](quick-reference/oci.md)** | OCI operations |
---
1. [Prerequisites](getting-started/prerequisites.md) - System requirements and dependencies
2. [Installation](getting-started/installation.md) - Install the platform
3. [Quick Start](getting-started/quick-start.md) - 5-minute deployment tutorial
4. [First Deployment](getting-started/first-deployment.md) - Comprehensive walkthrough
## Documentation Structure
```bash
provisioning/docs/src/
├── README.md (this file) # Documentation hub
├── getting-started/ # Getting started guides
│ ├── installation-guide.md
│ ├── getting-started.md
│ └── quickstart-cheatsheet.md
├── architecture/ # System architecture
│ ├── adr/ # Architecture Decision Records
│ ├── design-principles.md
│ ├── integration-patterns.md
│ ├── system-overview.md
│ └── ... (and 10+ more architecture docs)
├── infrastructure/ # Infrastructure guides
│ ├── cli-reference.md
│ ├── workspace-setup.md
│ ├── workspace-switching-guide.md
│ └── infrastructure-management.md
├── api-reference/ # API documentation
│ ├── rest-api.md
│ ├── websocket.md
│ ├── integration-examples.md
│ └── sdks.md
├── development/ # Developer guides
│ ├── README.md
│ ├── implementation-guide.md
│ ├── quick-provider-guide.md
│ ├── taskserv-developer-guide.md
│ └── ... (15+ more developer docs)
├── guides/ # How-to guides
│ ├── from-scratch.md
│ ├── update-infrastructure.md
│ └── customize-infrastructure.md
├── operations/ # Operations guides
│ ├── service-management-guide.md
│ ├── coredns-guide.md
│ └── ... (more operations docs)
├── security/ # Security docs
├── integration/ # Integration guides
├── testing/ # Testing docs
├── configuration/ # Configuration docs
├── troubleshooting/ # Troubleshooting guides
└── quick-reference/ # Quick references
```
- **Getting Started**: Installation and initial setup
- **User Guides**: Workflow tutorials and best practices
- **Infrastructure as Code**: Nickel configuration and schema reference
- **Platform Features**: Core capabilities and systems
- **Operations**: Deployment, monitoring, and maintenance
- **Security**: Complete security system documentation
- **Development**: Extension and plugin development
- **API Reference**: REST API and CLI command reference
- **Architecture**: System design and ADRs
- **Examples**: Practical use cases and patterns
- **Troubleshooting**: Problem-solving guides
---
## Core Technologies
## Key Concepts
- **Rust**: Platform services and performance-critical components
- **Nushell**: Scripting, CLI, and automation
- **Nickel**: Type-safe infrastructure configuration
- **SecretumVault**: Secrets management integration
### Infrastructure as Code (IaC)
## Workspace-First Approach
The provisioning platform uses **declarative configuration** to manage infrastructure. Instead of manually creating resources, you define what you
want in Nickel configuration files, and the system makes it happen.
Provisioning uses workspaces as the default organizational unit. A workspace contains:
### Mode-Based Architecture
- Infrastructure definitions (Nickel schemas)
- Environment-specific settings
- Custom extensions and providers
- Deployment state and metadata
The system supports four operational modes:
All operations work within workspace context, providing isolation and consistency.
- **Solo**: Single developer local development
- **Multi-user**: Team collaboration with shared services
- **CI/CD**: Automated pipeline execution
- **Enterprise**: Production deployment with strict compliance
## Support and Community
### Extension System
Extensibility through:
- **Providers**: Cloud platform integrations (AWS, UpCloud, Local)
- **Task Services**: Infrastructure components (Kubernetes, databases, etc.)
- **Clusters**: Complete deployment configurations
### OCI-Native Distribution
Extensions and packages distributed as OCI artifacts, enabling:
- Industry-standard packaging
- Efficient caching and bandwidth
- Version pinning and rollback
- Air-gapped deployments
---
## Documentation by Role
### For New Users
1. Start with **[Installation Guide](getting-started/installation-guide.md)**
2. Read **[Getting Started](getting-started/getting-started.md)**
3. Follow **[From Scratch Guide](guides/from-scratch.md)**
4. Reference **[Quickstart Cheatsheet](guides/quickstart-cheatsheet.md)**
### For Developers
1. Review **[System Overview](architecture/system-overview.md)**
2. Study **[Design Principles](architecture/design-principles.md)**
3. Read relevant **[ADRs](architecture/)**
4. Follow **[Development Guide](development/README.md)**
5. Reference **Nickel Quick Reference**
### For Operators
1. Understand **[Mode System](infrastructure/mode-system)**
2. Learn **[Service Management](operations/service-management-guide.md)**
3. Review **[Infrastructure Management](infrastructure/infrastructure-management.md)**
4. Study **[OCI Registry](integration/oci-registry-guide.md)**
### For Architects
1. Read **[System Overview](architecture/system-overview.md)**
2. Study all **[ADRs](architecture/)**
3. Review **[Integration Patterns](architecture/integration-patterns.md)**
4. Understand **[Multi-Repo Architecture](architecture/multi-repo-architecture.md)**
---
## System Capabilities
### ✅ Infrastructure Automation
- Multi-cloud support (AWS, UpCloud, Local)
- Declarative configuration with Nickel
- Automated dependency resolution
- Batch operations with rollback
### ✅ Workflow Orchestration
- Hybrid Rust/Nushell orchestration
- Checkpoint-based recovery
- Parallel execution with limits
- Real-time monitoring
### ✅ Test Environments
- Containerized testing
- Multi-node cluster simulation
- Topology templates
- Automated cleanup
### ✅ Mode-Based Operation
- Solo: Local development
- Multi-user: Team collaboration
- CI/CD: Automated pipelines
- Enterprise: Production deployment
### ✅ Extension Management
- OCI-native distribution
- Automatic dependency resolution
- Version management
- Local and remote sources
---
## Key Achievements
### 🚀 Batch Workflow System (v3.1.0)
- Provider-agnostic batch operations
- Mixed provider support (UpCloud + AWS + local)
- Dependency resolution with soft/hard dependencies
- Real-time monitoring and rollback
### 🏗️ Hybrid Orchestrator (v3.0.0)
- Solves Nushell deep call stack limitations
- Preserves all business logic
- REST API for external integration
- Checkpoint-based state management
### ⚙️ Configuration System (v2.0.0)
- Migrated from ENV to config-driven
- Hierarchical configuration loading
- Variable interpolation
- True IaC without hardcoded fallbacks
### 🎯 Modular CLI (v3.2.0)
- 84% reduction in main file size
- Domain-driven handlers
- 80+ shortcuts
- Bi-directional help system
### 🧪 Test Environment Service (v3.4.0)
- Automated containerized testing
- Multi-node cluster topologies
- CI/CD integration ready
- Template-based configurations
### 🔄 Workspace Switching (v2.0.5)
- Centralized workspace management
- Single-command workspace switching
- Active workspace tracking
- User preference system
---
## Technology Stack
| Component | Technology | Purpose |
| ----------- | ------------ | --------- |
| **Core CLI** | Nushell 0.107.1 | Shell and scripting |
| **Configuration** | Nickel 1.0.0+ | Type-safe IaC |
| **Orchestrator** | Rust | High-performance coordination |
| **Templates** | Jinja2 (nu_plugin_tera) | Code generation |
| **Secrets** | SOPS 3.10.2 + Age 1.2.1 | Encryption |
| **Distribution** | OCI (skopeo/crane/oras) | Artifact management |
---
## Support
### Getting Help
- **Documentation**: You're reading it!
- **Quick Reference**: Run `provisioning sc` or `provisioning guide quickstart`
- **Help System**: Run `provisioning help` or `provisioning <command> help`
- **Interactive Shell**: Run `provisioning nu` for Nushell REPL
### Reporting Issues
- Check **[Troubleshooting Guide](infrastructure/troubleshooting-guide.md)**
- Review **[FAQ](troubleshooting/troubleshooting-guide.md)**
- Enable debug mode: `provisioning --debug <command>`
- Check logs: `provisioning platform logs <service>`
---
## Contributing
This project welcomes contributions! See **[Development Guide](development/README.md)** for:
- Development setup
- Code style guidelines
- Testing requirements
- Pull request process
---
- **Issues**: Report bugs and request features on GitHub
- **Documentation**: This documentation site
- **Examples**: See the [Examples](examples/README.md) section
## License
[Add license information]
---
## Version History
| Version | Date | Major Changes |
| --------- | ------ | --------------- |
| **3.5.0** | 2025-10-06 | Mode system, OCI registry, comprehensive documentation |
| **3.4.0** | 2025-10-06 | Test environment service |
| **3.3.0** | 2025-09-30 | Interactive guides system |
| **3.2.0** | 2025-09-30 | Modular CLI refactoring |
| **3.1.0** | 2025-09-25 | Batch workflow system |
| **3.0.0** | 2025-09-25 | Hybrid orchestrator architecture |
| **2.0.5** | 2025-10-02 | Workspace switching system |
| **2.0.0** | 2025-09-23 | Configuration system migration |
---
**Maintained By**: Provisioning Team
**Last Review**: 2025-10-06
**Next Review**: 2026-01-06
See project LICENSE file for details.

342
docs/src/SUMMARY.md
View File

@ -1,269 +1,165 @@
# Provisioning Platform Documentation
# Summary
[Home](README.md)
[Introduction](README.md)
---
## Getting Started
# Getting Started
- [Installation Guide](getting-started/installation-guide.md)
- [Installation Validation Guide](getting-started/installation-validation-guide.md)
- [Getting Started](getting-started/getting-started.md)
- [Quick Start Cheatsheet](getting-started/quickstart-cheatsheet.md)
- [Setup Quick Start](getting-started/setup-quickstart.md)
- [Setup System Guide](getting-started/setup-system-guide.md)
- [Quick Start (Full)](getting-started/quickstart.md)
- [Prerequisites](getting-started/01-prerequisites.md)
- [Installation Steps](getting-started/02-installation.md)
- [First Deployment](getting-started/03-first-deployment.md)
- [Verification](getting-started/04-verification.md)
- [Platform Service Configuration](getting-started/05-platform-configuration.md)
- [Getting Started](getting-started/README.md)
- [Prerequisites](getting-started/prerequisites.md)
- [Installation](getting-started/installation.md)
- [Quick Start](getting-started/quick-start.md)
- [First Deployment](getting-started/first-deployment.md)
- [Verification](getting-started/verification.md)
---
## AI Integration
# Setup & Configuration
- [Overview](ai/README.md)
- [Architecture](ai/architecture.md)
- [RAG System](ai/rag-system.md)
- [MCP Integration](ai/mcp-integration.md)
- [Configuration Guide](ai/configuration.md)
- [Security Policies](ai/security-policies.md)
- [Troubleshooting with AI](ai/troubleshooting-with-ai.md)
- [Cost Management](ai/cost-management.md)
### Planned Features (Q2 2025)
- [Natural Language Configuration](ai/natural-language-config.md)
- [Configuration Generation](ai/config-generation.md)
- [AI-Assisted Forms](ai/ai-assisted-forms.md)
- [AI Agents](ai/ai-agents.md)
- [Setup Overview](setup/README.md)
- [Initial Setup](setup/initial-setup.md)
- [Workspace Setup](setup/workspace-setup.md)
- [Configuration Management](setup/configuration.md)
---
## Architecture & Design
# User Guides
- [System Overview](architecture/system-overview.md)
- [Architecture Overview](architecture/architecture-overview.md)
- [Design Principles](architecture/design-principles.md)
- [Integration Patterns](architecture/integration-patterns.md)
- [Orchestrator Integration Model](architecture/orchestrator-integration-model.md)
- [Multi-Repo Architecture](architecture/multi-repo-architecture.md)
- [Multi-Repo Strategy](architecture/multi-repo-strategy.md)
- [Database and Config Architecture](architecture/database-and-config-architecture.md)
- [Ecosystem Integration](architecture/ecosystem-integration.md)
- [Package and Loader System](architecture/package-and-loader-system.md)
- [Config Loading Architecture](architecture/config-loading-architecture.md)
- [Nickel Executable Examples](architecture/nickel-executable-examples.md)
- [Orchestrator Info](architecture/orchestrator-info.md)
- [Orchestrator Auth Integration](architecture/orchestrator-auth-integration.md)
- [Repo Dist Analysis](architecture/repo-dist-analysis.md)
- [TypeDialog Nickel Integration](architecture/typedialog-nickel-integration.md)
### Architecture Decision Records
- [ADR-001: Project Structure](architecture/adr/adr-001-project-structure.md)
- [ADR-002: Distribution Strategy](architecture/adr/adr-002-distribution-strategy.md)
- [ADR-003: Workspace Isolation](architecture/adr/adr-003-workspace-isolation.md)
- [ADR-004: Hybrid Architecture](architecture/adr/adr-004-hybrid-architecture.md)
- [ADR-005: Extension Framework](architecture/adr/adr-005-extension-framework.md)
- [ADR-006: Provisioning CLI Refactoring](architecture/adr/adr-006-provisioning-cli-refactoring.md)
- [ADR-007: KMS Simplification](architecture/adr/adr-007-kms-simplification.md)
- [ADR-008: Cedar Authorization](architecture/adr/adr-008-cedar-authorization.md)
- [ADR-009: Security System Complete](architecture/adr/adr-009-security-system-complete.md)
- [ADR-010: Configuration Format Strategy](architecture/adr/adr-010-configuration-format-strategy.md)
- [ADR-011: Nickel Migration](architecture/adr/adr-011-nickel-migration.md)
- [ADR-012: Nushell Nickel Plugin CLI Wrapper](architecture/adr/adr-012-nushell-nickel-plugin-cli-wrapper.md)
- [ADR-013: Typdialog Web UI Backend Integration](architecture/adr/adr-013-typdialog-integration.md)
- [ADR-014: SecretumVault Integration](architecture/adr/adr-014-secretumvault-integration.md)
- [ADR-015: AI Integration Architecture](architecture/adr/adr-015-ai-integration-architecture.md)
- [Guides Overview](guides/README.md)
- [From Scratch Guide](guides/from-scratch.md)
- [Workspace Management](guides/workspace-management.md)
- [Multi-Cloud Deployment](guides/multi-cloud-deployment.md)
- [Custom Extensions](guides/custom-extensions.md)
- [Disaster Recovery](guides/disaster-recovery.md)
---
## Roadmap & Future Features
# Infrastructure as Code
- [Overview](roadmap/README.md)
- [AI Integration (Planned)](roadmap/ai-integration.md)
- [Native Plugins (Partial)](roadmap/native-plugins.md)
- [Nickel Workflows (Planned)](roadmap/nickel-workflows.md)
---
## API Reference
- [REST API](api-reference/rest-api.md)
- [WebSocket](api-reference/websocket.md)
- [Extensions](api-reference/extensions.md)
- [SDKs](api-reference/sdks.md)
- [Integration Examples](api-reference/integration-examples.md)
- [Provider API](api-reference/provider-api.md)
- [NuShell API](api-reference/nushell-api.md)
- [Path Resolution](api-reference/path-resolution.md)
---
## Development
- [Infrastructure-Specific Extensions](development/infrastructure-specific-extensions.md)
- [Command Handler Guide](development/command-handler-guide.md)
- [Workflow](development/workflow.md)
- [Integration](development/integration.md)
- [Build System](development/build-system.md)
- [Distribution Process](development/distribution-process.md)
- [Implementation Guide](development/implementation-guide.md)
- [Project Structure](development/project-structure.md)
- [Ctrl-C Implementation Notes](development/ctrl-c-implementation-notes.md)
- [Auth Metadata Guide](development/auth-metadata-guide.md)
- [KMS Simplification](development/kms-simplification.md)
- [Glossary](development/glossary.md)
- [MCP Server](development/mcp-server.md)
- [TypeDialog Platform Config Guide](development/typedialog-platform-config-guide.md)
### Extensions
- [Overview](development/extensions/README.md)
- [Extension Development](development/extensions/extension-development.md)
- [Extension Registry](development/extensions/extension-registry.md)
### Providers
- [Quick Provider Guide](development/providers/quick-provider-guide.md)
- [Provider Agnostic Architecture](development/providers/provider-agnostic-architecture.md)
- [Provider Development Guide](development/providers/provider-development-guide.md)
- [Provider Distribution Guide](development/providers/provider-distribution-guide.md)
- [Provider Comparison Matrix](development/providers/provider-comparison.md)
### TaskServs
- [TaskServ Quick Guide](development/taskservs/taskserv-quick-guide.md)
- [TaskServ Categorization](development/taskservs/taskserv-categorization.md)
---
## Operations
- [Platform Deployment Guide](operations/deployment-guide.md)
- [Service Management Guide](operations/service-management-guide.md)
- [Monitoring & Alerting Setup](operations/monitoring-alerting-setup.md)
- [CoreDNS Guide](operations/coredns-guide.md)
- [Production Readiness Checklist](operations/production-readiness-checklist.md)
- [Break Glass Training Guide](operations/break-glass-training-guide.md)
- [Cedar Policies Production Guide](operations/cedar-policies-production-guide.md)
- [MFA Admin Setup Guide](operations/mfa-admin-setup-guide.md)
- [Orchestrator](operations/orchestrator.md)
- [Orchestrator System](operations/orchestrator-system.md)
- [Control Center](operations/control-center.md)
- [Installer](operations/installer.md)
- [Installer System](operations/installer-system.md)
- [Provisioning Server](operations/provisioning-server.md)
---
## Infrastructure
- [Infrastructure Management](infrastructure/infrastructure-management.md)
- [Infrastructure from Code Guide](infrastructure/infrastructure-from-code-guide.md)
- [Batch Workflow System](infrastructure/batch-workflow-system.md)
- [Batch Workflow Multi-Provider Examples](infrastructure/batch-workflow-multi-provider.md)
- [CLI Architecture](infrastructure/cli-architecture.md)
- [Infrastructure Overview](infrastructure/README.md)
- [Nickel Guide](infrastructure/nickel-guide.md)
- [Configuration System](infrastructure/configuration-system.md)
- [CLI Reference](infrastructure/cli-reference.md)
- [Dynamic Secrets Guide](infrastructure/dynamic-secrets-guide.md)
- [Mode System Guide](infrastructure/mode-system-guide.md)
- [Config Rendering Guide](infrastructure/config-rendering-guide.md)
- [Configuration](infrastructure/configuration.md)
### Workspaces
- [Workspace Setup](infrastructure/workspaces/workspace-setup.md)
- [Workspace Guide](infrastructure/workspaces/workspace-guide.md)
- [Workspace Switching Guide](infrastructure/workspaces/workspace-switching-guide.md)
- [Workspace Switching System](infrastructure/workspaces/workspace-switching-system.md)
- [Workspace Config Architecture](infrastructure/workspaces/workspace-config-architecture.md)
- [Workspace Config Commands](infrastructure/workspaces/workspace-config-commands.md)
- [Workspace Enforcement Guide](infrastructure/workspaces/workspace-enforcement-guide.md)
- [Workspace Infra Reference](infrastructure/workspaces/workspace-infra-reference.md)
- [Schemas Reference](infrastructure/schemas-reference.md)
- [Providers](infrastructure/providers.md)
- [Task Services](infrastructure/task-services.md)
- [Clusters](infrastructure/clusters.md)
- [Batch Workflows](infrastructure/batch-workflows.md)
- [Version Management](infrastructure/version-management.md)
---
## Security
# Platform Features
- [Authentication Layer Guide](security/authentication-layer-guide.md)
- [Config Encryption Guide](security/config-encryption-guide.md)
- [Security System](security/security-system.md)
- [RustyVault KMS Guide](security/rustyvault-kms-guide.md)
- [SecretumVault KMS Guide](security/secretumvault-kms-guide.md)
- [SSH Temporal Keys User Guide](security/ssh-temporal-keys-user-guide.md)
- [Plugin Integration Guide](security/plugin-integration-guide.md)
- [NuShell Plugins Guide](security/nushell-plugins-guide.md)
- [NuShell Plugins System](security/nushell-plugins-system.md)
- [Plugin Usage Guide](security/plugin-usage-guide.md)
- [Secrets Management Guide](security/secrets-management-guide.md)
- [KMS Service](security/kms-service.md)
- [Features Overview](features/README.md)
- [Workspace Management](features/workspace-management.md)
- [CLI Architecture](features/cli-architecture.md)
- [Configuration System](features/configuration-system.md)
- [Batch Workflows](features/batch-workflows.md)
- [Orchestrator](features/orchestrator.md)
- [Interactive Guides](features/interactive-guides.md)
- [Test Environment](features/test-environment.md)
- [Platform Installer](features/installer.md)
- [Security System](features/security-system.md)
- [Version Management](features/version-management.md)
- [Nushell Plugins](features/plugins.md)
- [Multilingual Support](features/multilingual-support.md)
---
## Integration
# Operations
- [Gitea Integration Guide](integration/gitea-integration-guide.md)
- [Service Mesh Ingress Guide](integration/service-mesh-ingress-guide.md)
- [OCI Registry Guide](integration/oci-registry-guide.md)
- [Integrations Quick Start](integration/integrations-quickstart.md)
- [Secrets Service Layer Complete](integration/secrets-service-layer-complete.md)
- [OCI Registry Platform](integration/oci-registry-platform.md)
- [Operations Overview](operations/README.md)
- [Deployment Modes](operations/deployment-modes.md)
- [Service Management](operations/service-management.md)
- [Monitoring](operations/monitoring.md)
- [Backup & Recovery](operations/backup-recovery.md)
- [Upgrade](operations/upgrade.md)
- [Troubleshooting](operations/troubleshooting.md)
- [Platform Health](operations/platform-health.md)
---
## Testing
# Security
- [Test Environment Guide](testing/test-environment-guide.md)
- [Test Environment System](testing/test-environment-system.md)
- [TaskServ Validation Guide](testing/taskserv-validation-guide.md)
- [Security Overview](security/README.md)
- [Authentication](security/authentication.md)
- [Authorization](security/authorization.md)
- [Multi-Factor Authentication](security/mfa.md)
- [Audit Logging](security/audit-logging.md)
- [KMS Guide](security/kms-guide.md)
- [Secrets Management](security/secrets-management.md)
- [SecretumVault Guide](security/secretumvault-guide.md)
- [Encryption](security/encryption.md)
- [Secure Communication](security/secure-communication.md)
- [Certificate Management](security/certificate-management.md)
- [Compliance](security/compliance.md)
- [Security Testing](security/security-testing.md)
---
## Troubleshooting
# Development
- [Troubleshooting Guide](troubleshooting/troubleshooting-guide.md)
- [Development Overview](development/README.md)
- [Extension Development](development/extension-development.md)
- [Provider Development](development/provider-development.md)
- [Plugin Development](development/plugin-development.md)
- [API Guide](development/api-guide.md)
- [Build System](development/build-system.md)
- [Testing](development/testing.md)
- [Contributing](development/contributing.md)
---
## Deployment Guides
# API Reference
- [From Scratch](guides/from-scratch.md)
- [Update Infrastructure](guides/update-infrastructure.md)
- [Customize Infrastructure](guides/customize-infrastructure.md)
- [Infrastructure Setup](guides/infrastructure-setup.md)
- [Extension Development Quickstart](guides/extension-development-quickstart.md)
- [Guide System](guides/guide-system.md)
- [Workspace Generation Quick Reference](guides/workspace-generation-quick-reference.md)
### Multi-Provider Deployment Guides
- [Multi-Provider Deployment Guide](guides/multi-provider-deployment.md)
- [Multi-Provider Networking with VPN](guides/multi-provider-networking.md)
- [DigitalOcean Provider Guide](guides/provider-digitalocean.md)
- [Hetzner Provider Guide](guides/provider-hetzner.md)
### Multi-Provider Workspace Examples
- [Multi-Provider Web App Workspace](../examples/workspaces/multi-provider-web-app/README.md)
- [Multi-Region High Availability Workspace](../examples/workspaces/multi-region-ha/README.md)
- [Cost-Optimized Multi-Provider Workspace](../examples/workspaces/cost-optimized/README.md)
- [API Overview](api-reference/README.md)
- [REST API](api-reference/rest-api.md)
- [CLI Commands](api-reference/cli-commands.md)
- [Nushell Libraries](api-reference/nushell-libraries.md)
- [Orchestrator API](api-reference/orchestrator-api.md)
- [Control Center API](api-reference/control-center-api.md)
- [Examples](api-reference/examples.md)
---
## Quick Reference
# Architecture
- [Master Index](quick-reference/master.md)
- [Platform Operations Cheatsheet](quick-reference/platform-operations-cheatsheet.md)
- [General Commands](quick-reference/general.md)
- [JustFile Recipes](quick-reference/justfile-recipes.md)
- [OCI Registry](quick-reference/oci.md)
- [Sudo Password Handling](quick-reference/sudo-password-handling.md)
- [Architecture Overview](architecture/README.md)
- [System Overview](architecture/system-overview.md)
- [Design Principles](architecture/design-principles.md)
- [Component Architecture](architecture/component-architecture.md)
- [Integration Patterns](architecture/integration-patterns.md)
- [ADRs](architecture/adr/README.md)
---
## Configuration
# Examples
- [Config Validation](configuration/config-validation.md)
- [Examples Overview](examples/README.md)
- [Basic Setup](examples/basic-setup.md)
- [Multi-Cloud](examples/multi-cloud.md)
- [Kubernetes Deployment](examples/kubernetes-deployment.md)
- [Custom Workflows](examples/custom-workflows.md)
- [Security Examples](examples/security-examples.md)
---
# Troubleshooting
- [Troubleshooting Overview](troubleshooting/README.md)
- [Common Issues](troubleshooting/common-issues.md)
- [Debug Guide](troubleshooting/debug-guide.md)
- [Logs Analysis](troubleshooting/logs-analysis.md)
- [Getting Help](troubleshooting/getting-help.md)
---
# AI & Machine Learning
- [AI Overview](ai/README.md)
- [AI Architecture](ai/ai-architecture.md)
- [TypeDialog Integration](ai/typedialog-integration.md)
- [AI Service Crate](ai/ai-service-crate.md)
- [RAG & Knowledge Base](ai/rag-and-knowledge.md)
- [Natural Language Infrastructure](ai/natural-language-infrastructure.md)

364
docs/src/ai/README.md
View File

@ -1,171 +1,295 @@
# AI Integration - Intelligent Infrastructure Provisioning
# AI & Machine Learning
The provisioning platform integrates AI capabilities to provide intelligent assistance for infrastructure configuration, deployment, and
troubleshooting.
This section documents the AI system architecture, features, and usage patterns.
Provisioning includes comprehensive AI capabilities for infrastructure automation via natural
language, intelligent configuration suggestions, and anomaly detection.
## Overview
The AI integration consists of multiple components working together to provide intelligent infrastructure provisioning:
The AI system consists of three integrated components:
- **typdialog-ai**: AI-assisted form filling and configuration
- **typdialog-ag**: Autonomous AI agents for complex workflows
- **typdialog-prov-gen**: Natural language to Nickel configuration generation
- **ai-service**: Core AI service backend with multi-provider support
- **mcp-server**: Model Context Protocol server for LLM integration
- **rag**: Retrieval-Augmented Generation for contextual knowledge
1. **TypeDialog AI Backends** - Interactive form intelligence and agent automation
2. **AI Service Microservice** - Central AI processing and coordination
3. **Core AI Libraries** - Nushell query processing and LLM integration
## Key Features
## Key Capabilities
### Natural Language Configuration
### Natural Language Infrastructure
Generate infrastructure configurations from plain English descriptions:
```toml
provisioning ai generate "Create a production PostgreSQL cluster with encryption and daily backups"
```
Request infrastructure changes in plain English:
### AI-Assisted Forms
Real-time suggestions and explanations as you fill out configuration forms via typdialog web UI.
### Intelligent Troubleshooting
AI analyzes deployment failures and suggests fixes:
```bash
provisioning ai troubleshoot deployment-12345
# Natural language request
provisioning ai "Create 3 web servers with load balancing and auto-scaling"
# Returns:
# - Parsed infrastructure requirements
# - Generated Nickel configuration
# - Deployment confirmation
```
###
### Intelligent Configuration
Configuration Optimization
AI reviews configurations and suggests performance and security improvements:
```toml
provisioning ai optimize workspaces/prod/config.ncl
```
AI suggests optimal configurations based on context:
### Autonomous Agents
AI agents execute multi-step workflows with minimal human intervention:
```bash
provisioning ai agent --goal "Set up complete dev environment for Python app"
```
- Database selection and tuning
- Network topology recommendations
- Security policy generation
- Resource allocation optimization
## Documentation Structure
### Anomaly Detection
- [Architecture](architecture.md) - AI system architecture and components
- [Natural Language Config](natural-language-config.md) - NL to Nickel generation
- [AI-Assisted Forms](ai-assisted-forms.md) - typdialog-ai integration
- [AI Agents](ai-agents.md) - typdialog-ag autonomous agents
- [Config Generation](config-generation.md) - typdialog-prov-gen details
- [RAG System](rag-system.md) - Retrieval-Augmented Generation
- [MCP Integration](mcp-integration.md) - Model Context Protocol
- [Security Policies](security-policies.md) - Cedar policies for AI
- [Troubleshooting with AI](troubleshooting-with-ai.md) - AI debugging workflows
- [API Reference](api-reference.md) - AI service API documentation
- [Configuration](configuration.md) - AI system configuration guide
- [Cost Management](cost-management.md) - Managing LLM API costs
Continuous monitoring and intelligent alerting:
- Infrastructure health anomalies
- Performance pattern detection
- Security issue identification
- Predictive alerting
## Components at a Glance
| Component | Purpose | Technology |
| --- | --- | --- |
| **typedialog-ai** | Form intelligence & suggestions | HTTP server, SurrealDB |
| **typedialog-ag** | AI agents & workflow automation | Type-safe agents, Nickel transpilation |
| **ai-service** | Central AI microservice | Rust, LLM integration |
| **rag** | Knowledge base retrieval | Semantic search, embeddings |
| **mcp-server** | Model Context Protocol | AI tool interface |
| **detector** | Anomaly detection system | Pattern recognition |
## Quick Start
### Enable AI Features
```bash
# Edit provisioning config
vim provisioning/config/ai.toml
# Install AI tools
provisioning install ai-tools
# Set provider and enable features
[ai]
enabled = true
provider = "anthropic" # or "openai" or "local"
model = "claude-sonnet-4"
# Configure AI service
provisioning ai configure --provider openai --model gpt-4
[ai.features]
form_assistance = true
config_generation = true
troubleshooting = true
# Test AI capabilities
provisioning ai test
```
### Generate Configuration from Natural Language
```toml
# Simple generation
provisioning ai generate "PostgreSQL database with encryption"
# With specific schema
provisioning ai generate
--schema database
--output workspaces/dev/db.ncl
"Production PostgreSQL with 100GB storage and daily backups"
```
### Use AI-Assisted Forms
### Use Natural Language
```bash
# Open typdialog web UI with AI assistance
provisioning workspace init --interactive --ai-assist
# Simple request
provisioning ai "Create a Kubernetes cluster"
# AI provides real-time suggestions as you type
# AI explains validation errors in plain English
# AI fills multiple fields from natural language description
# Complex request with options
provisioning ai "Deploy PostgreSQL HA cluster with replication in AWS, backup to S3"
# Get help on AI features
provisioning help ai
```
### Troubleshoot with AI
## Architecture
The AI system follows a layered architecture:
```text
┌─────────────────────────────────┐
│ User Interface Layer │
│ • Natural language input │
│ • TypeDialog AI forms │
│ • Chat interface │
└────────────┬────────────────────┘
┌─────────────────────────────────┐
│ AI Orchestration Layer │
│ • AI Service (Rust) │
│ • Query processing (Nushell) │
│ • Intent recognition │
└────────────┬────────────────────┘
┌─────────────────────────────────┐
│ Knowledge & Processing Layer │
│ • RAG (Retrieval) │
│ • LLM Integration │
│ • MCP Server │
│ • Detector (anomalies) │
└────────────┬────────────────────┘
┌─────────────────────────────────┐
│ Infrastructure Layer │
│ • Nickel configuration │
│ • Deployment execution │
│ • Monitoring & feedback │
└─────────────────────────────────┘
```
## Topics
- [AI Architecture](./ai-architecture.md) - System design and components
- [TypeDialog Integration](./typedialog-integration.md) - AI forms and agents
- [AI Service Crate](./ai-service-crate.md) - Core AI microservice
- [RAG & Knowledge](./rag-and-knowledge.md) - Knowledge retrieval system
- [Natural Language Infrastructure](./natural-language-infrastructure.md) - LLM-driven IaC
## Configuration
### Environment Variables
```bash
# Analyze failed deployment
provisioning ai troubleshoot deployment-12345
# LLM Provider
export PROVISIONING_AI_PROVIDER=openai # openai, anthropic, local
export PROVISIONING_AI_MODEL=gpt-4 # Model identifier
export PROVISIONING_AI_API_KEY=sk-... # API key
# AI analyzes logs and suggests fixes
# AI generates corrected configuration
# AI explains root cause in plain language
# AI Service
export PROVISIONING_AI_SERVICE_PORT=9091 # AI service port
export PROVISIONING_AI_ENABLE_ANOMALY=true # Enable detector
export PROVISIONING_AI_RAG_THRESHOLD=0.75 # Similarity threshold
```
## Security and Privacy
### Configuration File
The AI system implements strict security controls:
```yaml
# ~/.config/provisioning/ai.yaml
ai:
enabled: true
provider: openai
model: gpt-4
api_key: ${PROVISIONING_AI_API_KEY}
- ✅ **Cedar Policies**: AI access controlled by Cedar authorization
- ✅ **Secret Isolation**: AI cannot access secrets directly
- ✅ **Human Approval**: Critical operations require human approval
- ✅ **Audit Trail**: All AI operations logged
- ✅ **Data Sanitization**: Secrets/PII sanitized before sending to LLM
- ✅ **Local Models**: Support for air-gapped deployments
service:
port: 9091
timeout: 30
max_retries: 3
See [Security Policies](security-policies.md) for complete details.
typedialog:
ai_enabled: true
ag_enabled: true
suggestions: true
## Supported LLM Providers
rag:
enabled: true
similarity_threshold: 0.75
max_results: 5
| | Provider | Models | Best For | |
| | ---------- | -------- | ---------- | |
| | **Anthropic** | Claude Sonnet 4, Claude Opus 4 | Complex configs, long context | |
| | **OpenAI** | GPT-4 Turbo, GPT-4 | Fast suggestions, tool calling | |
| | **Local** | Llama 3, Mistral | Air-gapped, privacy-critical | |
detector:
enabled: true
update_interval: 60
alert_threshold: 0.8
```
## Cost Considerations
## Use Cases
AI features incur LLM API costs. The system implements cost controls:
### 1. Infrastructure from Description
- **Caching**: Reduces API calls by 50-80%
- **Rate Limiting**: Prevents runaway costs
- **Budget Limits**: Daily/monthly cost caps
- **Local Models**: Zero marginal cost for air-gapped deployments
Describe infrastructure in natural language, get Nickel configuration:
See [Cost Management](cost-management.md) for optimization strategies.
```bash
provisioning ai deploy "
Create a production Kubernetes cluster with:
- 3 control planes
- 5 worker nodes
- HA PostgreSQL (3 nodes)
- Prometheus monitoring
- Encrypted networking
"
```
## Architecture Decision Record
### 2. Configuration Assistance
The AI integration is documented in:
- [ADR-015: AI Integration Architecture](../architecture/adr/adr-015-ai-integration-architecture.md)
Get AI suggestions while filling out forms:
## Next Steps
```bash
provisioning setup profile
# TypeDialog shows suggestions based on context
# Database recommendations based on workload
# Security settings optimized for environment
```
1. Read [Architecture](architecture.md) to understand AI system design
2. Configure AI features in [Configuration](configuration.md)
3. Try [Natural Language Config](natural-language-config.md) for your first AI-generated config
4. Explore [AI Agents](ai-agents.md) for automation workflows
5. Review [Security Policies](security-policies.md) to understand access controls
### 3. Troubleshooting
---
AI analyzes logs and suggests fixes:
**Version**: 1.0
**Last Updated**: 2025-01-08
**Status**: Active
```bash
provisioning ai troubleshoot --service orchestrator
# Output:
# Issue detected: High memory usage
# Likely cause: Task queue backlog
# Suggestion: Scale orchestrator replicas to 3
# Command: provisioning orchestrator scale --replicas 3
```
### 4. Anomaly Detection
Continuous monitoring with intelligent alerts:
```bash
provisioning ai anomalies --since 1h
# Output:
# ⚠️ Unusual pattern detected
# Time: 2026-01-16T01:47:00Z
# Service: control-center
# Metric: API response time
# Baseline: 45ms → Current: 320ms (+611%)
# Likelihood: Query performance regression
```
## Limitations
- **LLM Dependency**: Requires external LLM provider (OpenAI, Anthropic, etc.)
- **Network Required**: Cloud-based LLM providers need internet connectivity
- **Context Window**: Large infrastructures may exceed LLM context limits
- **Cost**: API calls incur per-token charges
- **Latency**: Natural language processing adds response latency (2-5 seconds)
## Configuration Files
Key files for AI configuration:
| File | Purpose |
| --- | --- |
| `.typedialog/ai.db` | AI SurrealDB database (typedialog-ai) |
| `.typedialog/agent-*.yaml` | AI agent definitions (typedialog-ag) |
| `~/.config/provisioning/ai.yaml` | User AI settings |
| `provisioning/core/versions.ncl` | TypeDialog versions |
| `core/nulib/lib_provisioning/ai/` | Core AI libraries |
| `platform/crates/ai-service/` | AI service crate |
## Performance
### Typical Latencies
| Operation | Latency |
| --- | --- |
| Simple request parsing | 100-200ms |
| LLM inference | 2-5 seconds |
| Configuration generation | 500ms-1s |
| Anomaly detection | 50-100ms |
### Scalability
- **Concurrent requests**: 100+ (load balanced)
- **Query processing**: 10,000+ queries/second
- **RAG similarity search**: <50ms for 1M documents
- **Anomaly detection**: Real-time on 1000+ metrics
## Security
### API Keys
- Stored encrypted in vault-service
- Never logged or persisted in plain text
- Rotated automatically (configurable)
- Audit trail for all API usage
### Data Privacy
- Natural language queries not stored by default
- LLM provider agreements (OpenAI terms, etc.)
- Local-only RAG option available
- GDPR compliance support
## Related Documentation
- [Features Overview](../features/README.md) - AI feature list
- [MCP Server](../architecture/component-architecture.md#mcp-server) - LLM integration
- [Security System](../security/README.md) - API key management
- [Operations Guide](../operations/README.md) - AI service management

532
docs/src/ai/ai-agents.md
View File

@ -1,532 +0,0 @@
# Autonomous AI Agents (typdialog-ag)
**Status**: 🔴 Planned (Q2 2025 target)
Autonomous AI Agents is a planned feature that enables AI agents to execute multi-step
infrastructure provisioning workflows with minimal human intervention. Agents make
decisions, adapt to changing conditions, and execute complex tasks while maintaining
security and requiring human approval for critical operations.
## Feature Overview
### What It Does
Enable AI agents to manage complex provisioning workflows:
```bash
User Goal:
"Set up a complete development environment with:
- PostgreSQL database
- Redis cache
- Kubernetes cluster
- Monitoring stack
- Logging infrastructure"
AI Agent executes:
1. Analyzes requirements and constraints
2. Plans multi-step deployment sequence
3. Creates configurations for all components
4. Validates configurations against policies
5. Requests human approval for critical decisions
6. Executes deployment in correct order
7. Monitors for failures and adapts
8. Reports completion and recommendations
```
## Agent Capabilities
### Multi-Step Workflow Execution
Agents coordinate complex, multi-component deployments:
```bash
Goal: "Deploy production Kubernetes cluster with managed databases"
Agent Plan:
Phase 1: Infrastructure
├─ Create VPC and networking
├─ Set up security groups
└─ Configure IAM roles
Phase 2: Kubernetes
├─ Create EKS cluster
├─ Configure network plugins
├─ Set up autoscaling
└─ Install cluster add-ons
Phase 3: Managed Services
├─ Provision RDS PostgreSQL
├─ Configure backups
└─ Set up replicas
Phase 4: Observability
├─ Deploy Prometheus
├─ Deploy Grafana
├─ Configure log collection
└─ Set up alerting
Phase 5: Validation
├─ Run smoke tests
├─ Verify connectivity
└─ Check compliance
```
### Adaptive Decision Making
Agents adapt to conditions and make intelligent decisions:
```bash
Scenario: Database provisioning fails due to resource quota
Standard approach (human):
1. Detect failure
2. Investigate issue
3. Decide on fix (reduce size, change region, etc.)
4. Update config
5. Retry
Agent approach:
1. Detect failure
2. Analyze error: "Quota exceeded for db.r6g.xlarge"
3. Check available options:
- Try smaller instance: db.r6g.large (may be insufficient)
- Try different region: different cost, latency
- Request quota increase (requires human approval)
4. Ask human: "Quota exceeded. Suggest: use db.r6g.large instead
(slightly reduced performance). Approve? [yes/no/try-other]"
5. Execute based on approval
6. Continue workflow
```
### Dependency Management
Agents understand resource dependencies:
```bash
Knowledge graph of dependencies:
VPC ──→ Subnets ──→ EC2 Instances
├─────────→ Security Groups
└────→ NAT Gateway ──→ Route Tables
RDS ──→ DB Subnet Group ──→ VPC
├─────────→ Security Group
└────→ Parameter Group
Agent ensures:
- VPC exists before creating subnets
- Subnets exist before creating EC2
- Security groups reference correct VPC
- Deployment order respects all dependencies
- Rollback order is reverse of creation
```
## Architecture
### Agent Design Pattern
```bash
┌────────────────────────────────────────────────────────┐
│ Agent Supervisor (Orchestrator) │
│ - Accepts user goal │
│ - Plans workflow │
│ - Coordinates specialist agents │
│ - Requests human approvals │
│ - Monitors overall progress │
└────────────────────────────────────────────────────────┘
↑ ↑ ↑
│ │ │
↓ ↓ ↓
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Database │ │ Kubernetes │ │ Monitoring │
│ Specialist │ │ Specialist │ │ Specialist │
│ │ │ │ │ │
│ Tasks: │ │ Tasks: │ │ Tasks: │
│ - Create DB │ │ - Create K8s │ │ - Deploy │
│ - Configure │ │ - Configure │ │ Prometheus │
│ - Validate │ │ - Validate │ │ - Deploy │
│ - Report │ │ - Report │ │ Grafana │
└──────────────┘ └──────────────┘ └──────────────┘
```
### Agent Workflow
```bash
Start: User Goal
┌─────────────────────────────────────────┐
│ Goal Analysis & Planning │
│ - Parse user intent │
│ - Identify resources needed │
│ - Plan dependency graph │
│ - Generate task list │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Resource Generation │
│ - Generate configs for each resource │
│ - Validate against schemas │
│ - Check compliance policies │
│ - Identify potential issues │
└──────────────┬──────────────────────────┘
Human Review Point?
├─ No issues: Continue
└─ Issues found: Request approval/modification
┌─────────────────────────────────────────┐
│ Execution Plan Verification │
│ - Check all configs are valid │
│ - Verify dependencies are resolvable │
│ - Estimate costs and timeline │
│ - Identify risks │
└──────────────┬──────────────────────────┘
Execute Workflow?
├─ User approves: Start execution
└─ User modifies: Return to planning
┌─────────────────────────────────────────┐
│ Phase-by-Phase Execution │
│ - Execute one logical phase │
│ - Monitor for errors │
│ - Report progress │
│ - Ask for decisions if needed │
└──────────────┬──────────────────────────┘
All Phases Complete?
├─ No: Continue to next phase
└─ Yes: Final validation
┌─────────────────────────────────────────┐
│ Final Validation & Reporting │
│ - Smoke tests │
│ - Connectivity tests │
│ - Compliance verification │
│ - Performance checks │
│ - Generate final report │
└──────────────┬──────────────────────────┘
Success: Deployment Complete
```
## Planned Agent Types
### 1. Database Specialist Agent
```bash
Responsibilities:
- Create and configure databases
- Set up replication and backups
- Configure encryption and security
- Monitor database health
- Handle database-specific issues
Examples:
- Provision PostgreSQL cluster with replication
- Set up MySQL with read replicas
- Configure MongoDB sharding
- Create backup pipelines
```
### 2. Kubernetes Specialist Agent
```yaml
Responsibilities:
- Create and configure Kubernetes clusters
- Configure networking and ingress
- Set up autoscaling policies
- Deploy cluster add-ons
- Manage workload placement
Examples:
- Create EKS/GKE/AKS cluster
- Configure Istio service mesh
- Deploy Prometheus + Grafana
- Configure auto-scaling policies
```
### 3. Infrastructure Agent
```bash
Responsibilities:
- Create networking infrastructure
- Configure security and firewalls
- Set up load balancers
- Configure DNS and CDN
- Manage identity and access
Examples:
- Create VPC with subnets
- Configure security groups
- Set up application load balancer
- Configure Route53 DNS
```
### 4. Monitoring Agent
```bash
Responsibilities:
- Deploy monitoring stack
- Configure alerting
- Set up logging infrastructure
- Create dashboards
- Configure notification channels
Examples:
- Deploy Prometheus + Grafana
- Set up CloudWatch dashboards
- Configure log aggregation
- Set up PagerDuty integration
```
### 5. Compliance Agent
```bash
Responsibilities:
- Check security policies
- Verify compliance requirements
- Audit configurations
- Generate compliance reports
- Recommend security improvements
Examples:
- Check PCI-DSS compliance
- Verify encryption settings
- Audit access controls
- Generate compliance report
```
## Usage Examples
### Example 1: Development Environment Setup
```bash
$ provisioning ai agent --goal "Set up dev environment for Python web app"
Agent Plan Generated:
┌─────────────────────────────────────────┐
│ Environment: Development │
│ Components: PostgreSQL + Redis + Monitoring
│ │
│ Phase 1: Database (1-2 min) │
│ - PostgreSQL 15 │
│ - 10 GB storage │
│ - Dev security settings │
│ │
│ Phase 2: Cache (1 min) │
│ - Redis Cluster Mode disabled │
│ - Single node │
│ - 2 GB memory │
│ │
│ Phase 3: Monitoring (1-2 min) │
│ - Prometheus (metrics) │
│ - Grafana (dashboards) │
│ - Log aggregation │
│ │
│ Estimated time: 5-10 minutes │
│ Estimated cost: $15/month │
│ │
│ [Approve] [Modify] [Cancel] │
└─────────────────────────────────────────┘
Agent: Approve to proceed with setup.
User: Approve
[Agent execution starts]
Creating PostgreSQL... [████████░░] 80%
Creating Redis... [░░░░░░░░░░] 0%
[Waiting for PostgreSQL creation...]
PostgreSQL created successfully!
Connection string: postgresql://dev:pwd@db.internal:5432/app
Creating Redis... [████████░░] 80%
[Waiting for Redis creation...]
Redis created successfully!
Connection string: redis://cache.internal:6379
Deploying monitoring... [████████░░] 80%
[Waiting for Grafana startup...]
All services deployed successfully!
Grafana dashboards: [http://grafana.internal:3000](http://grafana.internal:3000)
```
### Example 2: Production Kubernetes Deployment
```yaml
$ provisioning ai agent --interactive
--goal "Deploy production Kubernetes cluster with managed databases"
Agent Analysis:
- Cluster size: 3-10 nodes (auto-scaling)
- Databases: RDS PostgreSQL + ElastiCache Redis
- Monitoring: Full observability stack
- Security: TLS, encryption, VPC isolation
Agent suggests modifications:
1. Enable cross-AZ deployment for HA
2. Add backup retention: 30 days
3. Add network policies for security
4. Enable cluster autoscaling
Approve all? [yes/review]
User: Review
Agent points out:
- Network policies may affect performance
- Cross-AZ increases costs by ~20%
- Backup retention meets compliance
User: Approve with modifications
- Network policies: use audit mode first
- Keep cross-AZ
- Keep backups
[Agent creates configs with modifications]
Configs generated:
✓ infrastructure/vpc.ncl
✓ infrastructure/kubernetes.ncl
✓ databases/postgres.ncl
✓ databases/redis.ncl
✓ monitoring/prometheus.ncl
✓ monitoring/grafana.ncl
Estimated deployment time: 15-20 minutes
Estimated cost: $2,500/month
[Start deployment?] [Review configs]
User: Review configs
[User reviews and approves]
[Agent executes deployment in phases]
```
## Safety and Control
### Human-in-the-Loop Checkpoints
Agents stop and ask humans for approval at critical points:
```bash
Automatic Approval (Agent decides):
- Create configuration
- Validate configuration
- Check dependencies
- Generate execution plan
Human Approval Required:
- First-time resource creation
- Cost changes > 10%
- Security policy changes
- Cross-region deployment
- Data deletion operations
- Major version upgrades
```
### Decision Logging
All decisions logged for audit trail:
```bash
Agent Decision Log:
| 2025-01-13 10:00:00 | Generate database config |
| 2025-01-13 10:00:05 | Config validation: PASS |
| 2025-01-13 10:00:07 | Requesting human approval: "Create new PostgreSQL instance" |
| 2025-01-13 10:00:45 | Human approval: APPROVED |
| 2025-01-13 10:00:47 | Cost estimate: $100/month - within budget |
| 2025-01-13 10:01:00 | Creating infrastructure... |
| 2025-01-13 10:02:15 | Database created successfully |
| 2025-01-13 10:02:16 | Running health checks... |
| 2025-01-13 10:02:45 | Health check: PASSED |
```
### Rollback Capability
Agents can rollback on failure:
```bash
Scenario: Database creation succeeds, but Kubernetes creation fails
Agent behavior:
1. Detect failure in Kubernetes phase
2. Try recovery (retry, different configuration)
3. Recovery fails
4. Ask human: "Kubernetes creation failed. Rollback database creation? [yes/no]"
5. If yes: Delete database, clean up, report failure
6. If no: Keep database, manual cleanup needed
Full rollback capability if entire workflow fails before human approval.
```
## Configuration
### Agent Settings
```toml
# In provisioning/config/ai.toml
[ai.agents]
enabled = true
# Agent decision-making
auto_approve_threshold = 0.95 # Approve if confidence > 95%
require_approval_for = [
"first_resource_creation",
"cost_change_above_percent",
"security_policy_change",
"data_deletion",
]
cost_change_threshold_percent = 10
# Execution control
max_parallel_phases = 2
phase_timeout_minutes = 30
execution_log_retention_days = 90
# Safety
dry_run_mode = false # Always perform dry run first
require_final_approval = true
rollback_on_failure = true
# Learning
track_agent_decisions = true
track_success_rate = true
improve_from_feedback = true
```
## Success Criteria (Q2 2025)
- ✅ Agents complete 5 standard workflows without human intervention
- ✅ Cost estimation accuracy within 5%
- ✅ Execution time matches or beats manual setup by 30%
- ✅ Success rate > 95% for tested scenarios
- ✅ Zero unapproved critical decisions
- ✅ Full decision audit trail for all operations
- ✅ Rollback capability tested and verified
- ✅ User satisfaction > 8/10 in testing
- ✅ Documentation complete with examples
- ✅ Integration with form assistance and NLC working
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [Natural Language Config](natural-language-config.md) - Config generation
- [AI-Assisted Forms](ai-assisted-forms.md) - Interactive forms
- [Configuration](configuration.md) - Setup guide
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Status**: 🔴 Planned
**Target Release**: Q2 2025
**Last Updated**: 2025-01-13
**Component**: typdialog-ag
**Architecture**: Complete
**Implementation**: In Design Phase

439
docs/src/ai/ai-architecture.md Normal file
View File

@ -0,0 +1,439 @@
# AI Architecture
Complete system architecture of Provisioning's AI capabilities, from user interface through infrastructure generation.
## System Overview
```text
┌──────────────────────────────────────────────────┐
│ User Interface Layer │
│ • CLI (natural language) │
│ • TypeDialog AI forms │
│ • Interactive wizards │
│ • Web dashboard │
└────────────────────┬─────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ Request Processing Layer │
│ • Intent recognition │
│ • Entity extraction │
│ • Context parsing │
│ • Request validation │
└────────────────────┬─────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ Knowledge & Retrieval Layer (RAG) │
│ • Document embedding │
│ • Vector similarity search │
│ • Keyword matching (BM25) │
│ • Hybrid ranking │
└────────────────────┬─────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ LLM Integration Layer │
│ • MCP tool registration │
│ • Context augmentation │
│ • Prompt engineering │
│ • LLM API calls (OpenAI, Anthropic, etc.) │
└────────────────────┬─────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ Configuration Generation Layer │
│ • Nickel code generation │
│ • Schema validation │
│ • Constraint checking │
│ • Cost estimation │
└────────────────────┬─────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ Execution & Feedback Layer │
│ • DAG planning │
│ • Dry-run simulation │
│ • Deployment execution │
│ • Performance monitoring │
└──────────────────────────────────────────────────┘
```
## Component Architecture
### 1. User Interface Layer
**Entry Points**:
```text
Natural Language Input
├─ CLI: provisioning ai "create kubernetes cluster"
├─ Interactive: provisioning ai interactive
├─ Forms: TypeDialog AI-enhanced forms
└─ Web Dashboard: /ai/infrastructure-builder
```
**Processing**:
- Tokenization and normalization
- Command pattern matching
- Ambiguity resolution
- Confidence scoring
### 2. Intent Recognition
```text
User Request
Intent Classification
├─ Create infrastructure (60%)
├─ Modify configuration (25%)
├─ Query knowledge (10%)
└─ Troubleshoot issue (5%)
Entity Extraction
├─ Resource type (server, database, cluster)
├─ Cloud provider (AWS, UpCloud, Hetzner)
├─ Count/Scale (3 nodes, 10GB)
├─ Requirements (HA, encrypted, monitoring)
└─ Constraints (budget, region, environment)
Request Structure
```
### 3. RAG Knowledge Retrieval
**Embedding Process**:
```text
Query: "Create 3 web servers with load balancer"
Embed Query → Vector [0.234, 0.567, 0.891, ...]
Search Relevant Documents
├─ Vector similarity (semantic)
├─ BM25 keyword matching (syntactic)
└─ Hybrid ranking
Top Results:
1. "Web Server HA Patterns" (0.94 similarity)
2. "Load Balancing Best Practices" (0.87)
3. "Auto-Scaling Configuration" (0.76)
Extract Context & Augment Prompt
```
**Knowledge Organization**:
```text
knowledge/
├── infrastructure/ (450 docs)
│ ├── kubernetes/
│ ├── databases/
│ ├── networking/
│ └── web-services/
├── best-practices/ (300 docs)
│ ├── high-availability/
│ ├── disaster-recovery/
│ └── performance/
├── providers/ (250 docs)
│ ├── aws/
│ ├── upcloud/
│ └── hetzner/
└── security/ (200 docs)
├── encryption/
├── authentication/
└── compliance/
```
### 4. LLM Integration (MCP)
**Tool Registration**:
```text
LLM (GPT-4, Claude 3)
MCP Server (provisioning-mcp)
Available Tools:
├─ create_infrastructure
├─ analyze_configuration
├─ generate_policies
├─ estimate_costs
├─ check_compatibility
├─ validate_nickel
├─ query_knowledge_base
└─ get_recommendations
Tool Execution
```
**Prompt Engineering Pipeline**:
```text
Base Prompt Template
Add Context (RAG results)
Add Constraints
├─ Budget limit
├─ Region restrictions
├─ Compliance requirements
└─ Performance targets
Add Examples
├─ Successful deployments
├─ Error patterns
└─ Best practices
Enhanced Prompt
LLM Inference
```
### 5. Configuration Generation
**Nickel Code Generation**:
```text
LLM Output (structured)
Nickel Template Filling
├─ Server definitions
├─ Network configuration
├─ Storage setup
└─ Monitoring config
Generated Nickel File
Syntax Validation
Schema Validation (Type Checking)
Constraint Verification
├─ Resource limits
├─ Budget constraints
├─ Compliance policies
└─ Provider capabilities
Cost Estimation
Final Configuration
```
### 6. Execution & Feedback
**Deployment Planning**:
```text
Configuration
DAG Generation (Directed Acyclic Graph)
├─ Task decomposition
├─ Dependency analysis
├─ Parallelization
└─ Scheduling
Dry-Run Simulation
├─ Check resources available
├─ Validate API access
├─ Estimate time
└─ Identify risks
Execution with Checkpoints
├─ Create resources
├─ Monitor progress
├─ Collect metrics
└─ Save checkpoints
Post-Deployment
├─ Verify functionality
├─ Run health checks
├─ Collect performance data
└─ Store feedback for future improvements
```
## Data Flow Examples
### Example 1: Simple Request
```text
User: "Create 3 web servers with load balancer"
Intent: Create Infrastructure
Entities: type=server, count=3, load_balancer=true
RAG Retrieval: "Web Server Patterns", "Load Balancing"
LLM Prompt:
"Generate Nickel config for 3 web servers with load balancer.
Context: [web server best practices from knowledge base]
Constraints: High availability, auto-scaling enabled"
Generated Nickel:
{
servers = [
{name = "web-01", cpu = 4, memory = 8},
{name = "web-02", cpu = 4, memory = 8},
{name = "web-03", cpu = 4, memory = 8}
]
load_balancer = {
type = "application"
health_check = "/health"
}
}
Configuration Generated & Validated ✓
User Approval
Deployment
```
### Example 2: Complex Multi-Cloud Request
```text
User: "Deploy Kubernetes to AWS, UpCloud, and Hetzner with replication"
Intent: Multi-Cloud Infrastructure
Entities: type=kubernetes, providers=[aws, upcloud, hetzner], replicas=3
RAG Retrieval:
- "Multi-Cloud Kubernetes Patterns"
- "Inter-Region Replication"
- "AWS Kubernetes Setup"
- "UpCloud Kubernetes Setup"
- "Hetzner Kubernetes Setup"
LLM Processes:
1. Analyze multi-cloud topology
2. Identify networking requirements
3. Plan data replication strategy
4. Consider regional compliance
Generated Nickel:
- Infrastructure definitions for each provider
- Inter-region networking configuration
- Replication topology
- Failover policies
Cost Breakdown:
AWS: $2,500/month
UpCloud: $1,800/month
Hetzner: $1,500/month
Total: $5,800/month
Compliance Check: EU GDPR ✓, US HIPAA ✓
Ready for Deployment
```
## Key Technologies
### LLM Providers
Supported external LLM providers:
| Provider | Models | Latency | Cost |
| --- | --- | --- | --- |
| **OpenAI** | GPT-4, GPT-3.5 | 2-3s | $0.05-0.15/1K tokens |
| **Anthropic** | Claude 3 Opus | 2-4s | $0.03-0.015/1K tokens |
| **Local (Ollama)** | Llama 2, Mistral | 5-10s | Free |
### Vector Databases
- **SurrealDB** (default): Embedded vector database with HNSW indexing
- **Pinecone**: Cloud vector database (optional)
- **Milvus**: Open-source vector database (optional)
### Embedding Models
- **text-embedding-3-small** (OpenAI): 1,536 dimensions
- **text-embedding-3-large** (OpenAI): 3,072 dimensions
- **all-MiniLM-L6-v2** (local): 384 dimensions
## Performance Characteristics
### Latency Breakdown
For a typical infrastructure creation request:
| Stage | Latency | Details |
| --- | --- | --- |
| Intent Recognition | 50-100ms | Local NLP |
| RAG Retrieval | 50-100ms | Vector search |
| LLM Inference | 2-5s | External API |
| Nickel Generation | 100-200ms | Template filling |
| Validation | 200-500ms | Type checking |
| **Total** | **2.5-6 seconds** | End-to-end |
### Concurrency
- **Concurrent Requests**: 100+ (with load balancing)
- **RAG QPS**: 50+ searches/second
- **LLM Throughput**: 10+ concurrent requests per API key
- **Memory**: 500MB-2GB (depends on cache size)
## Security Architecture
### Data Protection
```text
User Input
Input Sanitization
├─ Remove PII
├─ Validate constraints
└─ Check permissions
Processing (encrypted in transit)
├─ TLS 1.3 to LLM provider
├─ Secrets stored in vault-service
└─ Credentials never logged
Generated Configuration
├─ Encrypted at rest (AES-256)
├─ Signed for integrity
└─ Audit trail maintained
Output
```
### Access Control
- API key validation
- RBAC permission checking
- Rate limiting per user/key
- Audit logging of all operations
## Extensibility
### Custom Tools
Register custom tools with MCP:
```rust
// Custom tool example
register_tool("custom-validator", | confi| g {
validate_custom_requirements(&config)
});
```
### Custom RAG Documents
Add domain-specific knowledge:
```bash
provisioning ai knowledge import \
--source ./custom-docs \
--category infrastructure
```
### Fine-tuning (Future)
- Support for fine-tuned LLM models
- Custom prompt templates
- Organization-specific knowledge bases
## Related Documentation
- [AI Overview](./README.md) - Quick start
- [AI Service Crate](./ai-service-crate.md) - Microservice implementation
- [RAG & Knowledge](./rag-and-knowledge.md) - Knowledge retrieval
- [TypeDialog Integration](./typedialog-integration.md) - Form integration
- [Natural Language Infrastructure](./natural-language-infrastructure.md) - Usage guide

438
docs/src/ai/ai-assisted-forms.md
View File

@ -1,438 +0,0 @@
# AI-Assisted Forms (typdialog-ai)
**Status**: 🔴 Planned (Q2 2025 target)
AI-Assisted Forms is a planned feature that integrates intelligent suggestions, context-aware assistance, and natural language understanding into the
typdialog web UI. This enables users to configure infrastructure through interactive forms with real-time AI guidance.
## Feature Overview
### What It Does
Enhance configuration forms with AI-powered assistance:
```toml
User typing in form field: "storage"
AI analyzes context:
- Current form (database configuration)
- Field type (storage capacity)
- Similar past configurations
- Best practices for this workload
Suggestions appear:
✓ "100 GB (standard production size)"
✓ "50 GB (development environment)"
✓ "500 GB (large-scale analytics)"
```
### Primary Use Cases
1. **Guided Configuration**: Step-by-step assistance filling complex forms
2. **Error Explanation**: AI explains validation failures in plain English
3. **Smart Autocomplete**: Suggestions based on context, not just keywords
4. **Learning**: New users learn patterns from AI explanations
5. **Efficiency**: Experienced users get quick suggestions
## Architecture
### User Interface Integration
```bash
┌────────────────────────────────────────┐
│ Typdialog Web UI (React/TypeScript) │
│ │
│ ┌──────────────────────────────────┐ │
│ │ Form Fields │ │
│ │ │ │
│ │ Database Engine: [postgresql ▼] │ │
│ │ Storage (GB): [100 GB ↓ ?] │ │
│ │ AI suggestions │ │
│ │ Encryption: [✓ enabled ] │ │
│ │ "Required for │ │
│ │ production" │ │
│ │ │ │
│ │ [← Back] [Next →] │ │
│ └──────────────────────────────────┘ │
│ ↓ │
│ AI Assistance Panel │
│ (suggestions & explanations) │
└────────────────────────────────────────┘
↓ ↑
User Input AI Service
(port 8083)
```
### Suggestion Pipeline
```bash
User Event (typing, focusing field, validation error)
┌─────────────────────────────────────┐
│ Context Extraction │
│ - Current field and value │
│ - Form schema and constraints │
│ - Other filled fields │
│ - User role and workspace │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ RAG Retrieval │
│ - Find similar configs │
│ - Get examples for field type │
│ - Retrieve relevant documentation │
│ - Find validation rules │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ Suggestion Generation │
│ - AI generates suggestions │
│ - Rank by relevance │
│ - Format for display │
│ - Generate explanation │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ Response Formatting │
│ - Debounce (don't update too fast) │
│ - Cache identical results │
│ - Stream if long response │
│ - Display to user │
└─────────────────────────────────────┘
```
## Planned Features
### 1. Smart Field Suggestions
Intelligent suggestions based on context:
```bash
Scenario: User filling database configuration form
1. Engine selection
User types: "post"
Suggestion: "postgresql" (99% match)
Explanation: "PostgreSQL is the most popular open-source relational database"
2. Storage size
User has selected: "postgresql", "production", "web-application"
Suggestions appear:
• "100 GB" (standard production web app database)
• "500 GB" (if expected growth > 1000 connections)
• "1 TB" (high-traffic SaaS platform)
Explanation: "For typical web applications with 1000s of concurrent users, 100 GB is recommended"
3. Backup frequency
User has selected: "production", "critical-data"
Suggestions appear:
• "Daily" (standard for critical databases)
• "Hourly" (for data warehouses with frequent updates)
Explanation: "Critical production data requires daily or more frequent backups"
```
### 2. Validation Error Explanation
Human-readable error messages with fixes:
```bash
User enters: "storage = -100"
Current behavior:
✗ Error: Expected positive integer
Planned AI behavior:
✗ Storage must be positive (1-65535 GB)
Why: Negative storage doesn't make sense.
Storage capacity must be at least 1 GB.
Fix suggestions:
• Use 100 GB (typical production size)
• Use 50 GB (development environment)
• Use your required size in GB
```
### 3. Field-to-Field Context Awareness
Suggestions change based on other fields:
```bash
Scenario: Multi-step configuration form
Step 1: Select environment
User: "production"
→ Form shows constraints: (min storage 50GB, encryption required, backup required)
Step 2: Select database engine
User: "postgresql"
→ Suggestions adapted:
- PostgreSQL 15 recommended for production
- Point-in-time recovery available
- Replication options highlighted
Step 3: Storage size
→ Suggestions show:
- Minimum 50 GB for production
- Examples from similar production configs
- Cost estimate updates in real-time
Step 4: Encryption
→ Suggestion appears: "Recommended: AES-256"
→ Explanation: "Required for production environments"
```
### 4. Inline Documentation
Quick access to relevant docs:
```bash
Field: "Backup Retention Days"
Suggestion popup:
┌─────────────────────────────────┐
│ Suggested value: 30 │
│ │
│ Why: 30 days is industry-standard│
│ standard for compliance (PCI-DSS)│
│ │
│ Learn more: │
│ → Backup best practices guide │
│ → Your compliance requirements │
│ → Cost vs retention trade-offs │
└─────────────────────────────────┘
```
### 5. Multi-Field Suggestions
Suggest multiple related fields together:
```bash
User selects: environment = "production"
AI suggests completing:
┌─────────────────────────────────┐
│ Complete Production Setup │
│ │
│ Based on production environment │
│ we recommend: │
│ │
│ Encryption: enabled │ ← Auto-fill
│ Backups: daily │ ← Auto-fill
│ Monitoring: enabled │ ← Auto-fill
│ High availability: enabled │ ← Auto-fill
│ Retention: 30 days │ ← Auto-fill
│ │
│ [Accept All] [Review] [Skip] │
└─────────────────────────────────┘
```
## Implementation Components
### Frontend (typdialog-ai JavaScript/TypeScript)
```bash
// React component for field with AI assistance
interface AIFieldProps {
fieldName: string;
fieldType: string;
currentValue: string;
formContext: Record<string, any>;
schema: FieldSchema;
}
function AIAssistedField({fieldName, formContext, schema}: AIFieldProps) {
const [suggestions, setSuggestions] = useState<Suggestion[]>([]);
const [explanation, setExplanation] = useState<string>("");
// Debounced suggestion generation
useEffect(() => {
const timer = setTimeout(async () => {
const suggestions = await ai.suggestFieldValue({
field: fieldName,
context: formContext,
schema: schema,
});
setSuggestions(suggestions);
| setExplanation(suggestions[0]?.explanation | | ""); |
}, 300); // Debounce 300ms
return () => clearTimeout(timer);
}, [formContext[fieldName]]);
return (
<div className="ai-field">
<input
value={formContext[fieldName]}
onChange={(e) => handleChange(e.target.value)}
/>
{suggestions.length > 0 && (
<div className="ai-suggestions">
{suggestions.map((s) => (
<button key={s.value} onClick={() => accept(s.value)}>
{s.label}
</button>
))}
{explanation && (
<p className="ai-explanation">{explanation}</p>
)}
</div>
)}
</div>
);
}
```
### Backend Service Integration
```bash
// In AI Service: field suggestion endpoint
async fn suggest_field_value(
req: SuggestFieldRequest,
) -> Result<Vec<Suggestion>> {
// Build context for the suggestion
let context = build_field_context(&req.form_context, &req.field_name)?;
// Retrieve relevant examples from RAG
let examples = rag.search_by_field(&req.field_name, &context)?;
// Generate suggestions via LLM
let suggestions = llm.generate_suggestions(
&req.field_name,
&req.field_type,
&context,
&examples,
).await?;
// Rank and format suggestions
let ranked = rank_suggestions(suggestions, &context);
Ok(ranked)
}
```
## Configuration
### Form Assistant Settings
```toml
# In provisioning/config/ai.toml
[ai.forms]
enabled = true
# Suggestion delivery
suggestions_enabled = true
suggestions_debounce_ms = 300
max_suggestions_per_field = 3
# Error explanations
error_explanations_enabled = true
explain_validation_errors = true
suggest_fixes = true
# Field context awareness
field_context_enabled = true
cross_field_suggestions = true
# Inline documentation
inline_docs_enabled = true
docs_link_type = "modal" # or "sidebar", "tooltip"
# Performance
cache_suggestions = true
cache_ttl_seconds = 3600
# Learning
track_accepted_suggestions = true
track_rejected_suggestions = true
```
## User Experience Flow
### Scenario: New User Configuring PostgreSQL
```toml
1. User opens typdialog form
- Form title: "Create Database"
- First field: "Database Engine"
- AI shows: "PostgreSQL recommended for relational data"
2. User types "post"
- Autocomplete shows: "postgresql"
- AI explains: "PostgreSQL is the most stable open-source database"
3. User selects "postgresql"
- Form progresses
- Next field: "Version"
- AI suggests: "PostgreSQL 15 (latest stable)"
- Explanation: "Version 15 is current stable, recommended for new deployments"
4. User selects version 15
- Next field: "Environment"
- User selects "production"
- AI note appears: "Production environment requires encryption and backups"
5. Next field: "Storage (GB)"
- Form shows: Minimum 50 GB (production requirement)
- AI suggestions:
• 100 GB (standard production)
• 250 GB (high-traffic site)
- User accepts: 100 GB
6. Validation error on next field
- Old behavior: "Invalid backup_days value"
- New behavior:
"Backup retention must be 1-35 days. Recommended: 30 days.
30-day retention meets compliance requirements for production systems."
7. User completes form
- Summary shows all AI-assisted decisions
- Generate button creates configuration
```
## Integration with Natural Language Generation
NLC and form assistance share the same backend:
```bash
Natural Language Generation AI-Assisted Forms
↓ ↓
"Create a PostgreSQL db" Select field values
↓ ↓
Intent Extraction Context Extraction
↓ ↓
RAG Search RAG Search (same results)
↓ ↓
LLM Generation LLM Suggestions
↓ ↓
Config Output Form Field Population
```
## Success Criteria (Q2 2025)
- ✅ Suggestions appear within 300ms of user action
- ✅ 80% suggestion acceptance rate in user testing
- ✅ Error explanations clearly explain issues and fixes
- ✅ Cross-field context awareness works for 5+ database scenarios
- ✅ Form completion time reduced by 40% with AI
- ✅ User satisfaction > 8/10 in testing
- ✅ No false suggestions (all suggestions are valid)
- ✅ Offline mode works with cached suggestions
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [Natural Language Config](natural-language-config.md) - Related generation feature
- [RAG System](rag-system.md) - Suggestion retrieval
- [Configuration](configuration.md) - Setup guide
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Status**: 🔴 Planned
**Target Release**: Q2 2025
**Last Updated**: 2025-01-13
**Component**: typdialog-ai
**Architecture**: Complete
**Implementation**: In Design Phase

479
docs/src/ai/ai-service-crate.md Normal file
View File

@ -0,0 +1,479 @@
# AI Service Crate
The AI Service crate (`provisioning/platform/crates/ai-service/`) is the central AI processing
microservice for Provisioning. It coordinates LLM integration, knowledge retrieval, and
infrastructure recommendation generation.
## Architecture
### Core Modules
The AI Service is organized into specialized modules:
| Module | Purpose |
| --- | --- |
| **config.rs** | Configuration management and AI service settings |
| **service.rs** | Main service logic and request handling |
| **mcp.rs** | Model Context Protocol integration for LLM tools |
| **knowledge.rs** | Knowledge base management and retrieval |
| **dag.rs** | Directed Acyclic Graph for workflow orchestration |
| **handlers.rs** | HTTP endpoint handlers |
| **tool_integration.rs** | Tool registration and execution |
### Request Flow
```text
User Request (natural language)
Handlers (HTTP endpoint)
Intent Recognition (config.rs)
Knowledge Retrieval (knowledge.rs)
MCP Tool Selection (mcp.rs)
LLM Processing (external provider)
DAG Execution Planning (dag.rs)
Infrastructure Generation
Response to User
```
## Configuration
### Environment Variables
```bash
# LLM Configuration
export PROVISIONING_AI_PROVIDER=openai
export PROVISIONING_AI_MODEL=gpt-4
export PROVISIONING_AI_API_KEY=sk-...
# Service Configuration
export PROVISIONING_AI_PORT=9091
export PROVISIONING_AI_LOG_LEVEL=info
export PROVISIONING_AI_TIMEOUT=30
# Knowledge Base
export PROVISIONING_AI_KNOWLEDGE_PATH=~/.provisioning/knowledge
export PROVISIONING_AI_CACHE_TTL=3600
# RAG Configuration
export PROVISIONING_AI_RAG_ENABLED=true
export PROVISIONING_AI_RAG_SIMILARITY_THRESHOLD=0.75
```
### Configuration File
```toml
# provisioning/config/ai-service.toml
[ai_service]
port = 9091
timeout = 30
max_concurrent_requests = 100
[llm]
provider = "openai" # openai, anthropic, local
model = "gpt-4"
api_key = "${PROVISIONING_AI_API_KEY}"
temperature = 0.7
max_tokens = 2000
[knowledge]
enabled = true
path = "~/.provisioning/knowledge"
cache_ttl = 3600
update_interval = 3600
[rag]
enabled = true
similarity_threshold = 0.75
max_results = 5
embedding_model = "text-embedding-3-small"
[dag]
max_parallel_tasks = 10
timeout_per_task = 60
enable_rollback = true
[security]
validate_inputs = true
rate_limit = 1000 # requests/minute
audit_logging = true
```
## HTTP API
### Endpoints
#### Create Infrastructure Request
```http
POST /v1/infrastructure/create
Content-Type: application/json
{
"request": "Create 3 web servers with load balancing",
"context": {
"workspace": "production",
"provider": "upcloud",
"environment": "prod"
},
"options": {
"auto_apply": false,
"return_nickel": true,
"validate": true
}
}
```
**Response**:
```json
{
"request_id": "req-12345",
"status": "success",
"infrastructure": {
"servers": [
{"name": "web-01", "cpu": 4, "memory": 8},
{"name": "web-02", "cpu": 4, "memory": 8},
{"name": "web-03", "cpu": 4, "memory": 8}
],
"load_balancer": {"name": "lb-01", "type": "round-robin"}
},
"nickel_config": "{ servers = [...] }",
"confidence": 0.92,
"notes": ["All servers in same availability zone", "Load balancer configured for health checks"]
}
```
#### Analyze Configuration
```http
POST /v1/configuration/analyze
Content-Type: application/json
{
"configuration": "{ name = \"server-01\", cpu = 2, memory = 4 }",
"context": {"provider": "upcloud", "environment": "prod"}
}
```
**Response**:
```json
{
"analysis": {
"resources": {
"cpu_score": "low",
"memory_score": "minimal",
"recommendation": "Increase to cpu=4, memory=8 for production"
},
"security": {
"findings": ["No backup configured", "No monitoring"],
"recommendations": ["Enable automated backups", "Deploy monitoring agent"]
},
"cost": {
"estimated_monthly": "$45",
"optimization_potential": "20% cost reduction possible"
}
}
}
```
#### Generate Policies
```http
POST /v1/policies/generate
Content-Type: application/json
{
"requirements": "Allow developers to create servers but not delete, admins full access",
"format": "cedar"
}
```
**Response**:
```json
{
"policies": [
{
"effect": "permit",
"principal": {"role": "developer"},
"action": "CreateServer",
"resource": "Server::*"
},
{
"effect": "permit",
"principal": {"role": "admin"},
"action": ["CreateServer", "DeleteServer", "ModifyServer"],
"resource": "Server::*"
}
],
"format": "cedar",
"validation": "valid"
}
```
#### Get Suggestions
```http
GET /v1/suggestions?context=database&workload=transactional&scale=large
```
**Response**:
```json
{
"suggestions": [
{
"type": "database",
"recommendation": "PostgreSQL 15 with pgvector",
"rationale": "Optimal for transactional workload with vector support",
"confidence": 0.95,
"config": {
"engine": "postgres",
"version": "15",
"extensions": ["pgvector"],
"replicas": 3,
"backup": "daily"
}
}
]
}
```
#### Get Health Status
```http
GET /v1/health
```
**Response**:
```json
{
"status": "healthy",
"version": "0.1.0",
"llm": {
"provider": "openai",
"model": "gpt-4",
"available": true
},
"knowledge": {
"documents": 1250,
"last_update": "2026-01-16T01:00:00Z"
},
"rag": {
"enabled": true,
"embeddings": 1250,
"search_latency_ms": 45
},
"uptime_seconds": 86400
}
```
## MCP Tool Integration
### Available Tools
The AI Service registers tools with the MCP server for LLM access:
```rust
// Tools available to LLM
tools = [
"create_infrastructure",
"analyze_configuration",
"generate_policies",
"get_recommendations",
"query_knowledge_base",
"estimate_costs",
"check_compatibility",
"validate_nickel"
]
```
### Tool Definitions
```json
{
"name": "create_infrastructure",
"description": "Create infrastructure from natural language description",
"parameters": {
"type": "object",
"properties": {
"request": {"type": "string"},
"provider": {"type": "string"},
"context": {"type": "object"}
},
"required": ["request"]
}
}
```
## Knowledge Base
### Structure
```text
knowledge/
├── infrastructure/ # Infrastructure patterns
│ ├── kubernetes/
│ ├── databases/
│ ├── networking/
│ └── security/
├── patterns/ # Design patterns
│ ├── high-availability/
│ ├── disaster-recovery/
│ └── performance/
├── providers/ # Provider-specific docs
│ ├── aws/
│ ├── upcloud/
│ └── hetzner/
└── best-practices/ # Best practices
├── security/
├── operations/
└── cost-optimization/
```
### Updating Knowledge
```bash
# Add new knowledge document
curl -X POST [http://localhost:9091/v1/knowledge/add](http://localhost:9091/v1/knowledge/add) \
-H "Content-Type: application/json" \
-d '{
"category": "kubernetes",
"title": "HA Kubernetes Setup",
"content": "..."
}'
# Update embeddings
curl -X POST [http://localhost:9091/v1/knowledge/reindex](http://localhost:9091/v1/knowledge/reindex)
# Get knowledge status
curl [http://localhost:9091/v1/knowledge/status](http://localhost:9091/v1/knowledge/status)
```
## DAG Execution
### Workflow Planning
The AI Service uses DAGs to plan complex infrastructure deployments:
```text
Validate Config
├→ Create Network
│ └→ Create Nodes
│ └→ Install Kubernetes
│ ├→ Add Monitoring (optional)
│ └→ Setup Backup (optional)
└→ Verify Compatibility
└→ Estimate Costs
```
### Task Execution
```bash
# Execute DAG workflow
curl -X POST [http://localhost:9091/v1/workflow/execute](http://localhost:9091/v1/workflow/execute) \
-H "Content-Type: application/json" \
-d '{
"dag": {
"tasks": [
{"name": "validate", "action": "validate_config"},
{"name": "network", "action": "create_network", "depends_on": ["validate"]},
{"name": "nodes", "action": "create_nodes", "depends_on": ["network"]}
]
}
}'
```
## Performance Characteristics
### Latency
| Operation | Latency |
| --- | --- |
| Intent recognition | 50-100ms |
| Knowledge retrieval | 100-200ms |
| LLM inference | 2-5 seconds |
| Nickel generation | 500ms-1s |
| DAG planning | 100-500ms |
| Policy generation | 1-2 seconds |
### Throughput
- **Concurrent requests**: 100+
- **QPS**: 50+ requests/second
- **Knowledge search**: <50ms for 1000+ documents
### Resource Usage
- **Memory**: 500MB-2GB (with cache)
- **CPU**: 1-4 cores
- **Storage**: 10GB-50GB (knowledge base)
- **Network**: 10Mbps-100Mbps (LLM requests)
## Monitoring & Observability
### Metrics
```bash
# Prometheus metrics exposed at /metrics
provisioning_ai_requests_total{endpoint="/v1/infrastructure/create"}
provisioning_ai_request_duration_seconds{endpoint="/v1/infrastructure/create"}
provisioning_ai_llm_tokens{provider="openai", model="gpt-4"}
provisioning_ai_knowledge_documents_total
provisioning_ai_cache_hit_ratio
```
### Logging
```bash
# View AI Service logs
provisioning logs service ai-service --tail 100
# Debug mode
PROVISIONING_AI_LOG_LEVEL=debug provisioning service start ai-service
```
## Troubleshooting
### LLM Connection Issues
```bash
# Test LLM connection
curl -X POST [http://localhost:9091/v1/health](http://localhost:9091/v1/health)
# Check configuration
provisioning config get ai.llm
# View logs
provisioning logs service ai-service --filter "llm| \ openai"
```
### Slow Knowledge Retrieval
```bash
# Check knowledge base status
curl [http://localhost:9091/v1/knowledge/status](http://localhost:9091/v1/knowledge/status)
# Reindex embeddings
curl -X POST [http://localhost:9091/v1/knowledge/reindex](http://localhost:9091/v1/knowledge/reindex)
# Monitor RAG performance
curl [http://localhost:9091/v1/rag/benchmark](http://localhost:9091/v1/rag/benchmark)
```
## Related Documentation
- [AI Architecture](./ai-architecture.md) - System design
- [RAG & Knowledge](./rag-and-knowledge.md) - Knowledge retrieval
- [MCP Server](../architecture/component-architecture.md#mcp-server) - Model Context Protocol
- [Orchestrator](../architecture/component-architecture.md#orchestrator) - Workflow execution

194
docs/src/ai/architecture.md
View File

@ -1,194 +0,0 @@
# AI Integration Architecture
## Overview
The provisioning platform's AI system provides intelligent capabilities for configuration generation, troubleshooting, and automation. The
architecture consists of multiple layers designed for reliability, security, and performance.
## Core Components - Production-Ready
### 1. AI Service (`provisioning/platform/ai-service`)
**Status**: ✅ Production-Ready (2,500+ lines Rust code)
The core AI service provides:
- Multi-provider LLM support (Anthropic Claude, OpenAI GPT-4, local models)
- Streaming response support for real-time feedback
- Request caching with LRU and semantic similarity
- Rate limiting and cost control
- Comprehensive error handling
- HTTP REST API on port 8083
**Supported Models**:
- Claude Sonnet 4, Claude Opus 4 (Anthropic)
- GPT-4 Turbo, GPT-4 (OpenAI)
- Llama 3, Mistral (local/on-premise)
### 2. RAG System (Retrieval-Augmented Generation)
**Status**: ✅ Production-Ready (22/22 tests passing)
The RAG system enables AI to access and reason over platform documentation:
- Vector embeddings via SurrealDB vector store
- Hybrid search: vector similarity + BM25 keyword search
- Document chunking (code and markdown aware)
- Relevance ranking and context selection
- Semantic caching for repeated queries
**Capabilities**:
```bash
provisioning ai query "How do I set up Kubernetes?"
provisioning ai template "Describe my infrastructure"
```
### 3. MCP Server (Model Context Protocol)
**Status**: ✅ Production-Ready
Provides Model Context Protocol integration:
- Standardized tool interface for LLMs
- Complex workflow composition
- Integration with external AI systems (Claude, other LLMs)
- Tool calling for provisioning operations
### 4. CLI Integration
**Status**: ✅ Production-Ready
Interactive commands:
```bash
provisioning ai template --prompt "Describe infrastructure"
provisioning ai query --prompt "Configuration question"
provisioning ai chat # Interactive mode
```
**Configuration**:
```toml
[ai]
enabled = true
provider = "anthropic" # or "openai" or "local"
model = "claude-sonnet-4"
[ai.cache]
enabled = true
semantic_similarity = true
ttl_seconds = 3600
[ai.limits]
max_tokens = 4096
temperature = 0.7
```
## Planned Components - Q2 2025
### Autonomous Agents (typdialog-ag)
**Status**: 🔴 Planned
Self-directed agents for complex tasks:
- Multi-step workflow execution
- Decision making and adaptation
- Monitoring and self-healing recommendations
### AI-Assisted Forms (typdialog-ai)
**Status**: 🔴 Planned
Real-time AI suggestions in configuration forms:
- Context-aware field recommendations
- Validation error explanations
- Auto-completion for infrastructure patterns
### Advanced Features
- Fine-tuning capabilities for custom models
- Autonomous workflow execution with human approval
- Cedar authorization policies for AI actions
- Custom knowledge bases per workspace
## Architecture Diagram
```bash
┌─────────────────────────────────────────────────┐
│ User Interface │
│ ├── CLI (provisioning ai ...) │
│ ├── Web UI (typdialog) │
│ └── MCP Client (Claude, etc.) │
└──────────────┬──────────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ AI Service (Port 8083) │
│ ├── Request Router │
│ ├── Cache Layer (LRU + Semantic) │
│ ├── Prompt Engineering │
│ └── Response Streaming │
└──────┬─────────────────┬─────────────────────────┘
↓ ↓
┌─────────────┐ ┌──────────────────┐
│ RAG System │ │ LLM Provider │
│ SurrealDB │ │ ├── Anthropic │
│ Vector DB │ │ ├── OpenAI │
│ + BM25 │ │ └── Local Model │
└─────────────┘ └──────────────────┘
↓ ↓
┌──────────────────────────────────────┐
│ Cached Responses + Real Responses │
│ Streamed to User │
└──────────────────────────────────────┘
```
## Performance Characteristics
| | Metric | Value | |
| | -------- | ------- | |
| | Cold response (cache miss) | 2-5 seconds | |
| | Cached response | <500ms | |
| | Streaming start time | <1 second | |
| | AI service memory usage | ~200MB at rest | |
| | Cache size (configurable) | Up to 500MB | |
| | Vector DB (SurrealDB) | Included, auto-managed | |
## Security Model
### Cedar Authorization
All AI operations controlled by Cedar policies:
- User role-based access control
- Operation-specific permissions
- Complete audit logging
### Secret Protection
- Secrets never sent to external LLMs
- PII/sensitive data sanitized before API calls
- Encryption at rest in local cache
- HSM support for key storage
### Local Model Support
Air-gapped deployments:
- On-premise LLM models (Llama 3, Mistral)
- Zero external API calls
- Full data privacy compliance
- Ideal for classified environments
## Configuration
See [Configuration Guide](configuration.md) for:
- LLM provider setup
- Cache configuration
- Cost limits and budgets
- Security policies
## Related Documentation
- [RAG System](rag-system.md) - Retrieval implementation details
- [Security Policies](security-policies.md) - Authorization and safety controls
- [Configuration Guide](configuration.md) - Setup instructions
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready (core system)
**Test Coverage**: 22/22 tests passing

64
docs/src/ai/config-generation.md
View File

@ -1,64 +0,0 @@
# Configuration Generation (typdialog-prov-gen)
**Status**: 🔴 Planned for Q2 2025
## Overview
The Configuration Generator (typdialog-prov-gen) will provide template-based Nickel configuration generation with AI-powered customization.
## Planned Features
### Template Selection
- Library of production-ready infrastructure templates
- AI recommends templates based on requirements
- Preview before generation
### Customization via Natural Language
```bash
provisioning ai config-gen
--template "kubernetes-cluster"
--customize "Add Prometheus monitoring, increase replicas to 5, use us-east-1"
```
### Multi-Provider Support
- AWS, Hetzner, UpCloud, local infrastructure
- Automatic provider-specific optimizations
- Cost estimation across providers
### Validation and Testing
- Type-checking via Nickel before deployment
- Dry-run execution for safety
- Test data fixtures for verification
## Architecture
```bash
Template Library
Template Selection (AI + User)
Customization Layer (NL → Nickel)
Validation (Type + Runtime)
Generated Configuration
```
## Integration Points
- typdialog web UI for template browsing
- CLI for batch generation
- AI service for customization suggestions
- Nickel for type-safe validation
## Related Documentation
- [Natural Language Configuration](natural-language-config.md) - NL to config generation
- [Architecture](architecture.md) - AI system overview
- [Configuration Guide](configuration.md) - Setup instructions
---
**Status**: 🔴 Planned
**Expected Release**: Q2 2025
**Priority**: High (enables non-technical users to generate configs)

601
docs/src/ai/configuration.md
View File

@ -1,601 +0,0 @@
# AI System Configuration Guide
**Status**: ✅ Production-Ready (Configuration system)
Complete setup guide for AI features in the provisioning platform. This guide covers LLM provider configuration, feature enablement, cache setup, cost
controls, and security settings.
## Quick Start
### Minimal Configuration
```toml
# provisioning/config/ai.toml
[ai]
enabled = true
provider = "anthropic" # or "openai" or "local"
model = "claude-sonnet-4"
api_key = "sk-ant-..." # Set via PROVISIONING_AI_API_KEY env var
[ai.cache]
enabled = true
[ai.limits]
max_tokens = 4096
temperature = 0.7
```
### Initialize Configuration
```toml
# Generate default configuration
provisioning config init ai
# Edit configuration
provisioning config edit ai
# Validate configuration
provisioning config validate ai
# Show current configuration
provisioning config show ai
```
## Provider Configuration
### Anthropic Claude
```toml
[ai]
enabled = true
provider = "anthropic"
model = "claude-sonnet-4" # or "claude-opus-4", "claude-haiku-4"
api_key = "${PROVISIONING_AI_API_KEY}"
api_base = "[https://api.anthropic.com"](https://api.anthropic.com")
# Request parameters
[ai.request]
max_tokens = 4096
temperature = 0.7
top_p = 0.95
top_k = 40
# Supported models
# - claude-opus-4: Most capable, for complex reasoning ($15/MTok input, $45/MTok output)
# - claude-sonnet-4: Balanced (recommended), ($3/MTok input, $15/MTok output)
# - claude-haiku-4: Fast, for simple tasks ($0.80/MTok input, $4/MTok output)
```
### OpenAI GPT-4
```toml
[ai]
enabled = true
provider = "openai"
model = "gpt-4-turbo" # or "gpt-4", "gpt-4o"
api_key = "${OPENAI_API_KEY}"
api_base = "[https://api.openai.com/v1"](https://api.openai.com/v1")
[ai.request]
max_tokens = 4096
temperature = 0.7
top_p = 0.95
# Supported models
# - gpt-4: Most capable ($0.03/1K input, $0.06/1K output)
# - gpt-4-turbo: Better at code ($0.01/1K input, $0.03/1K output)
# - gpt-4o: Latest, multi-modal ($5/MTok input, $15/MTok output)
```
### Local Models
```toml
[ai]
enabled = true
provider = "local"
model = "llama2-70b" # or "mistral", "neural-chat"
api_base = "[http://localhost:8000"](http://localhost:8000") # Local Ollama or LM Studio
# Local model support
# - Ollama: docker run -d -v ollama:/root/.ollama -p 11434:11434 ollama/ollama
# - LM Studio: GUI app with API
# - vLLM: High-throughput serving
# - llama.cpp: CPU inference
[ai.local]
gpu_enabled = true
gpu_memory_gb = 24
max_batch_size = 4
```
## Feature Configuration
### Enable Specific Features
```toml
[ai.features]
# Core features (production-ready)
rag_search = true # Retrieve-Augmented Generation
config_generation = true # Generate Nickel from natural language
mcp_server = true # Model Context Protocol server
troubleshooting = true # AI-assisted debugging
# Form assistance (planned Q2 2025)
form_assistance = false # AI suggestions in forms
form_explanations = false # AI explains validation errors
# Agents (planned Q2 2025)
autonomous_agents = false # AI agents for workflows
agent_learning = false # Agents learn from deployments
# Advanced features
fine_tuning = false # Fine-tune models for domain
knowledge_base = false # Custom knowledge base per workspace
```
## Cache Configuration
### Cache Strategy
```toml
[ai.cache]
enabled = true
cache_type = "memory" # or "redis", "disk"
ttl_seconds = 3600 # Cache entry lifetime
# Memory cache (recommended for single server)
[ai.cache.memory]
max_size_mb = 500
eviction_policy = "lru" # Least Recently Used
# Redis cache (recommended for distributed)
[ai.cache.redis]
url = "redis://localhost:6379"
db = 0
password = "${REDIS_PASSWORD}"
ttl_seconds = 3600
# Disk cache (recommended for persistent caching)
[ai.cache.disk]
path = "/var/cache/provisioning/ai"
max_size_mb = 5000
# Semantic caching (for RAG)
[ai.cache.semantic]
enabled = true
similarity_threshold = 0.95 # Cache hit if query similarity > 0.95
cache_embeddings = true # Cache embedding vectors
```
### Cache Metrics
```bash
# Monitor cache performance
provisioning admin cache stats ai
# Clear cache
provisioning admin cache clear ai
# Analyze cache efficiency
provisioning admin cache analyze ai --hours 24
```
## Rate Limiting and Cost Control
### Rate Limits
```toml
[ai.limits]
# Tokens per request
max_tokens = 4096
max_input_tokens = 8192
max_output_tokens = 4096
# Requests per minute/hour
rpm_limit = 60 # Requests per minute
rpm_burst = 100 # Allow bursts up to 100 RPM
# Daily cost limit
daily_cost_limit_usd = 100
warn_at_percent = 80 # Warn when at 80% of daily limit
stop_at_percent = 95 # Stop accepting requests at 95%
# Token usage tracking
track_token_usage = true
track_cost_per_request = true
```
### Cost Budgeting
```toml
[ai.budget]
enabled = true
monthly_limit_usd = 1000
# Budget alerts
alert_at_percent = [50, 75, 90]
alert_email = "ops@company.com"
alert_slack = "[https://hooks.slack.com/services/..."](https://hooks.slack.com/services/...")
# Cost by provider
[ai.budget.providers]
anthropic_limit = 500
openai_limit = 300
local_limit = 0 # Free (run locally)
```
### Track Costs
```bash
# View cost metrics
provisioning admin costs show ai --period month
# Forecast cost
provisioning admin costs forecast ai --days 30
# Analyze cost by feature
provisioning admin costs analyze ai --by feature
# Export cost report
provisioning admin costs export ai --format csv --output costs.csv
```
## Security Configuration
### Authentication
```toml
[ai.auth]
# API key from environment variable
api_key = "${PROVISIONING_AI_API_KEY}"
# Or from secure store
api_key_vault = "secrets/ai-api-key"
# Token rotation
rotate_key_days = 90
rotation_alert_days = 7
# Request signing (for cloud providers)
sign_requests = true
signing_method = "hmac-sha256"
```
### Authorization (Cedar)
```toml
[ai.authorization]
enabled = true
policy_file = "provisioning/policies/ai-policies.cedar"
# Example policies:
# allow(principal, action, resource) when principal.role == "admin"
# allow(principal == ?principal, action == "ai_generate_config", resource)
# when principal.workspace == resource.workspace
```
### Data Protection
```toml
[ai.security]
# Sanitize data before sending to external LLM
sanitize_pii = true
sanitize_secrets = true
redact_patterns = [
"(?i)password\\s*[:=]\\s*[^\\s]+", # Passwords
"(?i)api[_-]?key\\s*[:=]\\s*[^\\s]+", # API keys
"(?i)secret\\s*[:=]\\s*[^\\s]+", # Secrets
]
# Encryption
encryption_enabled = true
encryption_algorithm = "aes-256-gcm"
key_derivation = "argon2id"
# Local-only mode (never send to external LLM)
local_only = false # Set true for air-gapped deployments
```
## RAG Configuration
### Vector Store Setup
```toml
[ai.rag]
enabled = true
# SurrealDB backend
[ai.rag.database]
url = "surreal://localhost:8000"
username = "root"
password = "${SURREALDB_PASSWORD}"
namespace = "provisioning"
database = "ai_rag"
# Embedding model
[ai.rag.embedding]
provider = "openai" # or "anthropic", "local"
model = "text-embedding-3-small"
batch_size = 100
cache_embeddings = true
# Search configuration
[ai.rag.search]
hybrid_enabled = true
vector_weight = 0.7 # Weight for vector search
keyword_weight = 0.3 # Weight for BM25 search
top_k = 5 # Number of results to return
rerank_enabled = false # Use cross-encoder to rerank results
# Chunking strategy
[ai.rag.chunking]
markdown_chunk_size = 1024
markdown_overlap = 256
code_chunk_size = 512
code_overlap = 128
```
### Index Management
```bash
# Create indexes
provisioning ai index create rag
# Rebuild indexes
provisioning ai index rebuild rag
# Show index status
provisioning ai index status rag
# Remove old indexes
provisioning ai index cleanup rag --older-than 30days
```
## MCP Server Configuration
### MCP Server Setup
```toml
[ai.mcp]
enabled = true
port = 3000
host = "127.0.0.1" # Change to 0.0.0.0 for network access
# Tool registry
[ai.mcp.tools]
generate_config = true
validate_config = true
search_docs = true
troubleshoot_deployment = true
get_schema = true
check_compliance = true
# Rate limiting for tool calls
rpm_limit = 30
burst_limit = 50
# Tool request timeout
timeout_seconds = 30
```
### MCP Client Configuration
```toml
~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"provisioning": {
"command": "provisioning-mcp-server",
"args": ["--config", "/etc/provisioning/ai.toml"],
"env": {
"PROVISIONING_API_KEY": "sk-ant-...",
"RUST_LOG": "info"
}
}
}
}
```
## Logging and Observability
### Logging Configuration
```toml
[ai.logging]
level = "info" # or "debug", "warn", "error"
format = "json" # or "text"
output = "stdout" # or "file"
# Log file
[ai.logging.file]
path = "/var/log/provisioning/ai.log"
max_size_mb = 100
max_backups = 10
retention_days = 30
# Log filters
[ai.logging.filters]
log_requests = true
log_responses = false # Don't log full responses (verbose)
log_token_usage = true
log_costs = true
```
### Metrics and Monitoring
```bash
# View AI service metrics
provisioning admin metrics show ai
# Prometheus metrics endpoint
curl [http://localhost:8083/metrics](http://localhost:8083/metrics)
# Key metrics:
# - ai_requests_total: Total requests by provider/model
# - ai_request_duration_seconds: Request latency
# - ai_token_usage_total: Token consumption by provider
# - ai_cost_total: Cumulative cost by provider
# - ai_cache_hits: Cache hit rate
# - ai_errors_total: Errors by type
```
## Health Checks
### Configuration Validation
```toml
# Validate configuration syntax
provisioning config validate ai
# Test provider connectivity
provisioning ai test provider anthropic
# Test RAG system
provisioning ai test rag
# Test MCP server
provisioning ai test mcp
# Full health check
provisioning ai health-check
```
## Environment Variables
### Common Settings
```toml
# Provider configuration
export PROVISIONING_AI_PROVIDER="anthropic"
export PROVISIONING_AI_MODEL="claude-sonnet-4"
export PROVISIONING_AI_API_KEY="sk-ant-..."
# Feature flags
export PROVISIONING_AI_ENABLED="true"
export PROVISIONING_AI_CACHE_ENABLED="true"
export PROVISIONING_AI_RAG_ENABLED="true"
# Cost control
export PROVISIONING_AI_DAILY_LIMIT_USD="100"
export PROVISIONING_AI_RPM_LIMIT="60"
# Security
export PROVISIONING_AI_SANITIZE_PII="true"
export PROVISIONING_AI_LOCAL_ONLY="false"
# Logging
export RUST_LOG="provisioning::ai=info"
```
## Troubleshooting Configuration
### Common Issues
**Issue**: API key not recognized
```bash
# Check environment variable is set
echo $PROVISIONING_AI_API_KEY
# Test connectivity
provisioning ai test provider anthropic
# Verify key format (should start with sk-ant- or sk-)
| provisioning config show ai | grep api_key |
```
**Issue**: Cache not working
```bash
# Check cache status
provisioning admin cache stats ai
# Clear cache and restart
provisioning admin cache clear ai
provisioning service restart ai-service
# Enable cache debugging
RUST_LOG=provisioning::cache=debug provisioning-ai-service
```
**Issue**: RAG search not finding results
```bash
# Rebuild RAG indexes
provisioning ai index rebuild rag
# Test search
provisioning ai query "test query"
# Check index status
provisioning ai index status rag
```
## Upgrading Configuration
### Backward Compatibility
New AI versions automatically migrate old configurations:
```toml
# Check configuration version
provisioning config version ai
# Migrate configuration to latest version
provisioning config migrate ai --auto
# Backup before migration
provisioning config backup ai
```
## Production Deployment
### Recommended Production Settings
```toml
[ai]
enabled = true
provider = "anthropic"
model = "claude-sonnet-4"
api_key = "${PROVISIONING_AI_API_KEY}"
[ai.features]
rag_search = true
config_generation = true
mcp_server = true
troubleshooting = true
[ai.cache]
enabled = true
cache_type = "redis"
ttl_seconds = 3600
[ai.limits]
rpm_limit = 60
daily_cost_limit_usd = 1000
max_tokens = 4096
[ai.security]
sanitize_pii = true
sanitize_secrets = true
encryption_enabled = true
[ai.logging]
level = "warn" # Less verbose in production
format = "json"
output = "file"
[ai.rag.database]
url = "surreal://surrealdb-cluster:8000"
```
## Related Documentation
- [Architecture](architecture.md) - System overview
- [RAG System](rag-system.md) - Vector database setup
- [MCP Integration](mcp-integration.md) - MCP configuration
- [Security Policies](security-policies.md) - Authorization policies
- [Cost Management](cost-management.md) - Budget tracking
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**Versions Supported**: v1.0+

497
docs/src/ai/cost-management.md
View File

@ -1,497 +0,0 @@
# AI Cost Management and Optimization
**Status**: ✅ Production-Ready (cost tracking, budgets, caching benefits)
Comprehensive guide to managing LLM API costs, optimizing usage through caching and rate limiting, and tracking spending. The provisioning platform
includes built-in cost controls to prevent runaway spending while maximizing value.
## Cost Overview
### API Provider Pricing
| Provider | Model | Input | Output | Per MTok | |
| ---------- | ------- | ------- | -------- | ---------- | |
| **Anthropic** | Claude Sonnet 4 | $3 | $15 | $0.003 input / $0.015 output | |
| | Claude Opus 4 | $15 | $45 | Higher accuracy, longer context | |
| | Claude Haiku 4 | $0.80 | $4 | Fast, for simple queries | |
| **OpenAI** | GPT-4 Turbo | $0.01 | $0.03 | Per 1K tokens | |
| | GPT-4 | $0.03 | $0.06 | Legacy, avoid | |
| | GPT-4o | $5 | $15 | Per MTok | |
| **Local** | Llama 2, Mistral | Free | Free | Hardware cost only | |
### Cost Examples
```bash
Scenario 1: Generate simple database configuration
- Input: 500 tokens (description + schema)
- Output: 200 tokens (generated config)
- Cost: (500 × $3 + 200 × $15) / 1,000,000 = $0.0045
- With caching (hit rate 50%): $0.0023
Scenario 2: Deep troubleshooting analysis
- Input: 5000 tokens (logs + context)
- Output: 2000 tokens (analysis + recommendations)
- Cost: (5000 × $3 + 2000 × $15) / 1,000,000 = $0.045
- With caching (hit rate 70%): $0.0135
Scenario 3: Monthly usage (typical organization)
- ~1000 config generations @ $0.005 = $5
- ~500 troubleshooting calls @ $0.045 = $22.50
- ~2000 form assists @ $0.002 = $4
- ~200 agent executions @ $0.10 = $20
- **Total: ~$50-100/month for small org**
- **Total: ~$500-1000/month for large org**
```
## Cost Control Mechanisms
### Request Caching
Caching is the primary cost reduction strategy, cutting costs by 50-80%:
```bash
Without Caching:
User 1: "Generate PostgreSQL config" → API call → $0.005
User 2: "Generate PostgreSQL config" → API call → $0.005
Total: $0.010 (2 identical requests)
With LRU Cache:
User 1: "Generate PostgreSQL config" → API call → $0.005
User 2: "Generate PostgreSQL config" → Cache hit → $0.00001
Total: $0.00501 (500x cost reduction for identical)
With Semantic Cache:
User 1: "Generate PostgreSQL database config" → API call → $0.005
User 2: "Create a PostgreSQL database" → Semantic hit → $0.00001
(Slightly different wording, but same intent)
Total: $0.00501 (near 500x reduction for similar)
```
### Cache Configuration
```toml
[ai.cache]
enabled = true
cache_type = "redis" # Distributed cache across instances
ttl_seconds = 3600 # 1-hour cache lifetime
# Cache size limits
max_size_mb = 500
eviction_policy = "lru" # Least Recently Used
# Semantic caching - cache similar queries
[ai.cache.semantic]
enabled = true
similarity_threshold = 0.95 # Cache if 95%+ similar to previous query
cache_embeddings = true # Cache embedding vectors themselves
# Cache metrics
[ai.cache.metrics]
track_hit_rate = true
track_space_usage = true
alert_on_low_hit_rate = true
```
### Rate Limiting
Prevent usage spikes from unexpected costs:
```toml
[ai.limits]
# Per-request limits
max_tokens = 4096
max_input_tokens = 8192
max_output_tokens = 4096
# Throughput limits
rpm_limit = 60 # 60 requests per minute
rpm_burst = 100 # Allow burst to 100
daily_request_limit = 5000 # Max 5000 requests/day
# Cost limits
daily_cost_limit_usd = 100 # Stop at $100/day
monthly_cost_limit_usd = 2000 # Stop at $2000/month
# Budget alerts
warn_at_percent = 80 # Warn when at 80% of daily budget
stop_at_percent = 95 # Stop when at 95% of budget
```
### Workspace-Level Budgets
```toml
[ai.workspace_budgets]
# Per-workspace cost limits
dev.daily_limit_usd = 10
staging.daily_limit_usd = 50
prod.daily_limit_usd = 100
# Can override globally for specific workspaces
teams.team-a.monthly_limit = 500
teams.team-b.monthly_limit = 300
```
## Cost Tracking
### Track Spending
```bash
# View current month spending
provisioning admin costs show ai
# Forecast monthly spend
provisioning admin costs forecast ai --days-remaining 15
# Analyze by feature
provisioning admin costs analyze ai --by feature
# Analyze by user
provisioning admin costs analyze ai --by user
# Export for billing
provisioning admin costs export ai --format csv --output costs.csv
```
### Cost Breakdown
```bash
Month: January 2025
Total Spending: $285.42
By Feature:
Config Generation: $150.00 (52%) [300 requests × avg $0.50]
Troubleshooting: $95.00 (33%) [80 requests × avg $1.19]
Form Assistance: $30.00 (11%) [5000 requests × avg $0.006]
Agents: $10.42 (4%) [20 runs × avg $0.52]
By Provider:
Anthropic (Claude): $200.00 (70%)
OpenAI (GPT-4): $85.42 (30%)
Local: $0 (0%)
By User:
alice@company.com: $50.00 (18%)
bob@company.com: $45.00 (16%)
...
other (20 users): $190.42 (67%)
By Workspace:
production: $150.00 (53%)
staging: $85.00 (30%)
development: $50.42 (18%)
Cache Performance:
Requests: 50,000
Cache hits: 35,000 (70%)
Cache misses: 15,000 (30%)
Cost savings from cache: ~$175 (38% reduction)
```
## Optimization Strategies
### Strategy 1: Increase Cache Hit Rate
```bash
# Longer TTL = more cache hits
[ai.cache]
ttl_seconds = 7200 # 2 hours instead of 1 hour
# Semantic caching helps with slight variations
[ai.cache.semantic]
enabled = true
similarity_threshold = 0.90 # Lower threshold = more hits
# Result: Increase hit rate from 65% → 80%
# Cost reduction: 15% → 23%
```
### Strategy 2: Use Local Models
```toml
[ai]
provider = "local"
model = "mistral-7b" # Free, runs on GPU
# Cost: Hardware ($5-20/month) instead of API calls
# Savings: 50-100 config generations/month × $0.005 = $0.25-0.50
# Hardware amortized cost: <$0.50/month on existing GPU
# Tradeoff: Slightly lower quality, 2x slower
```
### Strategy 3: Use Haiku for Simple Tasks
```bash
Task Complexity vs Model:
Simple (form assist): Claude Haiku 4 ($0.80/$4)
Medium (config gen): Claude Sonnet 4 ($3/$15)
Complex (agents): Claude Opus 4 ($15/$45)
Example optimization:
Before: All tasks use Sonnet 4
- 5000 form assists/month: 5000 × $0.006 = $30
After: Route by complexity
- 5000 form assists → Haiku: 5000 × $0.001 = $5 (83% savings)
- 200 config gen → Sonnet: 200 × $0.005 = $1
- 10 agent runs → Opus: 10 × $0.10 = $1
```
### Strategy 4: Batch Operations
```bash
# Instead of individual requests, batch similar operations:
# Before: 100 configs, 100 separate API calls
provisioning ai generate "PostgreSQL config" --output db1.ncl
provisioning ai generate "PostgreSQL config" --output db2.ncl
# ... 100 calls = $0.50
# After: Batch similar requests
provisioning ai batch --input configs-list.yaml
# Groups similar requests, reuses cache
# ... 3-5 API calls = $0.02 (90% savings)
```
### Strategy 5: Smart Feature Enablement
```toml
[ai.features]
# Enable high-ROI features
config_generation = true # High value, moderate cost
troubleshooting = true # High value, higher cost
rag_search = true # Low cost, high value
# Disable low-ROI features if cost-constrained
form_assistance = false # Low value, non-zero cost (if budget tight)
agents = false # Complex, requires multiple calls
```
## Budget Management Workflow
### 1. Set Budget
```bash
# Set monthly budget
provisioning config set ai.budget.monthly_limit_usd 500
# Set daily limit
provisioning config set ai.limits.daily_cost_limit_usd 50
# Set workspace limits
provisioning config set ai.workspace_budgets.prod.monthly_limit 300
provisioning config set ai.workspace_budgets.dev.monthly_limit 100
```
### 2. Monitor Spending
```bash
# Daily check
provisioning admin costs show ai
# Weekly analysis
provisioning admin costs analyze ai --period week
# Monthly review
provisioning admin costs analyze ai --period month
```
### 3. Adjust If Needed
```bash
# If overspending:
# - Increase cache TTL
# - Enable local models for simple tasks
# - Reduce form assistance (high volume, low cost but adds up)
# - Route complex tasks to Haiku instead of Opus
# If underspending:
# - Enable new features (agents, form assistance)
# - Increase rate limits
# - Lower cache hit requirements (broader semantic matching)
```
### 4. Forecast and Plan
```bash
# Current monthly run rate
provisioning admin costs forecast ai
# If trending over budget, recommend actions:
# - Reduce daily limit
# - Switch to local model for 50% of tasks
# - Increase batch processing
# If trending under budget:
# - Enable agents for automation workflows
# - Enable form assistance across all workspaces
```
## Cost Allocation
### Chargeback Models
**Per-Workspace Model**:
```bash
Development workspace: $50/month
Staging workspace: $100/month
Production workspace: $300/month
------
Total: $450/month
```
**Per-User Model**:
```bash
Each user charged based on their usage
Encourages efficiency
Difficult to track/allocate
```
**Shared Pool Model**:
```bash
All teams share $1000/month budget
Budget splits by consumption rate
Encourages optimization
Most flexible
```
## Cost Reporting
### Generate Reports
```bash
# Monthly cost report
provisioning admin costs report ai
--format pdf
--period month
--output cost-report-2025-01.pdf
# Detailed analysis for finance
provisioning admin costs report ai
--format xlsx
--include-forecasts
--include-optimization-suggestions
# Executive summary
provisioning admin costs report ai
--format markdown
--summary-only
```
## Cost-Benefit Analysis
### ROI Examples
```bash
Scenario 1: Developer Time Savings
Problem: Manual config creation takes 2 hours
Solution: AI config generation, 10 minutes (12x faster)
Time saved: 1.83 hours/config
Hourly rate: $100
Value: $183/config
AI cost: $0.005/config
ROI: 36,600x (far exceeds cost)
Scenario 2: Troubleshooting Efficiency
Problem: Manual debugging takes 4 hours
Solution: AI troubleshooting analysis, 2 minutes
Time saved: 3.97 hours
Value: $397/incident
AI cost: $0.045/incident
ROI: 8,822x
Scenario 3: Reduction in Failed Deployments
Before: 5% of 1000 deployments fail (50 failures)
Failure cost: $500 each (lost time, data cleanup)
Total: $25,000/month
After: With AI analysis, 2% fail (20 failures)
Total: $10,000/month
Savings: $15,000/month
AI cost: $200/month
Net savings: $14,800/month
ROI: 74:1
```
## Advanced Cost Optimization
### Hybrid Strategy (Recommended)
```bash
✓ Local models for:
- Form assistance (high volume, low complexity)
- Simple validation checks
- Document retrieval (RAG)
Cost: Hardware only (~$500 setup)
✓ Cloud API for:
- Complex generation (requires latest model capability)
- Troubleshooting (needs high accuracy)
- Agents (complex reasoning)
Cost: $50-200/month per organization
Result:
- 70% of requests → Local (free after hardware amortization)
- 30% of requests → Cloud ($50/month)
- 80% overall cost reduction vs cloud-only
```
## Monitoring and Alerts
### Cost Anomaly Detection
```bash
# Enable anomaly detection
provisioning config set ai.monitoring.anomaly_detection true
# Set thresholds
provisioning config set ai.monitoring.cost_spike_percent 150
# Alert if daily cost is 150% of average
# System alerts:
# - Daily cost exceeded by 10x normal
# - New expensive operation (agent run)
# - Cache hit rate dropped below 40%
# - Rate limit nearly exhausted
```
### Alert Configuration
```toml
[ai.monitoring.alerts]
enabled = true
spike_threshold_percent = 150
check_interval_minutes = 5
[ai.monitoring.alerts.channels]
email = "ops@company.com"
slack = "[https://hooks.slack.com/..."](https://hooks.slack.com/...")
pagerduty = "integration-key"
# Alert thresholds
[ai.monitoring.alerts.thresholds]
daily_budget_warning_percent = 80
daily_budget_critical_percent = 95
monthly_budget_warning_percent = 70
```
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [Configuration](configuration.md) - Cost control settings
- [Security Policies](security-policies.md) - Cost-aware policies
- [RAG System](rag-system.md) - Caching details
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**Average Savings**: 50-80% through caching
**Typical Cost**: $50-500/month per organization
**ROI**: 100:1 to 10,000:1 depending on use case

594
docs/src/ai/mcp-integration.md
View File

@ -1,594 +0,0 @@
# Model Context Protocol (MCP) Integration
**Status**: ✅ Production-Ready (MCP 0.6.0+, integrated with Claude, compatible with all LLMs)
The MCP server provides standardized Model Context Protocol integration, allowing external LLMs (Claude, GPT-4, local models) to access provisioning
platform capabilities as tools. This enables complex multi-step workflows, tool composition, and integration with existing LLM applications.
## Architecture Overview
The MCP integration follows the Model Context Protocol specification:
```bash
┌──────────────────────────────────────────────────────────────┐
│ External LLM (Claude, GPT-4, etc.) │
└────────────────────┬─────────────────────────────────────────┘
│ Tool Calls (JSON-RPC)
┌──────────────────────────────────────────────────────────────┐
│ MCP Server (provisioning/platform/crates/mcp-server) │
│ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Tool Registry │ │
│ │ - generate_config(description, schema) │ │
│ │ - validate_config(config) │ │
│ │ - search_docs(query) │ │
│ │ - troubleshoot_deployment(logs) │ │
│ │ - get_schema(name) │ │
│ │ - check_compliance(config, policy) │ │
│ └───────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Implementation Layer │ │
│ │ - AI Service client (ai-service port 8083) │ │
│ │ - Validator client │ │
│ │ - RAG client (SurrealDB) │ │
│ │ - Schema loader │ │
│ └───────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
```
## MCP Server Launch
The MCP server is started as a stdio-based service:
```bash
# Start MCP server (stdio transport)
provisioning-mcp-server --config /etc/provisioning/ai.toml
# With debug logging
RUST_LOG=debug provisioning-mcp-server --config /etc/provisioning/ai.toml
# In Claude Desktop configuration
~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"provisioning": {
"command": "provisioning-mcp-server",
"args": ["--config", "/etc/provisioning/ai.toml"],
"env": {
"PROVISIONING_TOKEN": "your-auth-token"
}
}
}
}
```
## Available Tools
### 1. Config Generation
**Tool**: `generate_config`
Generate infrastructure configuration from natural language description.
```json
{
"name": "generate_config",
"description": "Generate a Nickel infrastructure configuration from a natural language description",
"inputSchema": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "Natural language description of desired infrastructure"
},
"schema": {
"type": "string",
"description": "Target schema name (e.g., 'database', 'kubernetes', 'network'). Optional."
},
"format": {
"type": "string",
"enum": ["nickel", "toml"],
"description": "Output format (default: nickel)"
}
},
"required": ["description"]
}
}
```
**Example Usage**:
```bash
# Via MCP client
mcp-client provisioning generate_config
--description "Production PostgreSQL cluster with encryption and daily backups"
--schema database
# Claude desktop prompt:
# @provisioning: Generate a production PostgreSQL setup with automated backups
```
**Response**:
```json
{
database = {
engine = "postgresql",
version = "15.0",
instance = {
instance_class = "db.r6g.xlarge",
allocated_storage_gb = 100,
iops = 3000,
},
security = {
encryption_enabled = true,
encryption_key_id = "kms://prod-db-key",
tls_enabled = true,
tls_version = "1.3",
},
backup = {
enabled = true,
retention_days = 30,
preferred_window = "03:00-04:00",
copy_to_region = "us-west-2",
},
monitoring = {
enhanced_monitoring_enabled = true,
monitoring_interval_seconds = 60,
log_exports = ["postgresql"],
},
}
}
```
### 2. Config Validation
**Tool**: `validate_config`
Validate a Nickel configuration against schemas and policies.
```json
{
"name": "validate_config",
"description": "Validate a Nickel configuration file",
"inputSchema": {
"type": "object",
"properties": {
"config": {
"type": "string",
"description": "Nickel configuration content or file path"
},
"schema": {
"type": "string",
"description": "Schema name to validate against (optional)"
},
"strict": {
"type": "boolean",
"description": "Enable strict validation (default: true)"
}
},
"required": ["config"]
}
}
```
**Example Usage**:
```bash
# Validate configuration
mcp-client provisioning validate_config
--config "$(cat workspaces/prod/database.ncl)"
# With specific schema
mcp-client provisioning validate_config
--config "workspaces/prod/kubernetes.ncl"
--schema kubernetes
```
**Response**:
```json
{
"valid": true,
"errors": [],
"warnings": [
"Consider enabling automated backups for production use"
],
"metadata": {
"schema": "kubernetes",
"version": "1.28",
"validated_at": "2025-01-13T10:45:30Z"
}
}
```
### 3. Documentation Search
**Tool**: `search_docs`
Search infrastructure documentation using RAG system.
```json
{
"name": "search_docs",
"description": "Search provisioning documentation for information",
"inputSchema": {
"type": "object",
"properties": {
"query": {
"type": "string",
"description": "Search query (natural language)"
},
"top_k": {
"type": "integer",
"description": "Number of results (default: 5)"
},
"doc_type": {
"type": "string",
"enum": ["guide", "schema", "example", "troubleshooting"],
"description": "Filter by document type (optional)"
}
},
"required": ["query"]
}
}
```
**Example Usage**:
```bash
# Search documentation
mcp-client provisioning search_docs
--query "How do I configure PostgreSQL with replication?"
# Get examples
mcp-client provisioning search_docs
--query "Kubernetes networking"
--doc_type example
--top_k 3
```
**Response**:
```json
{
"results": [
{
"source": "provisioning/docs/src/guides/database-replication.md",
"excerpt": "PostgreSQL logical replication enables streaming of changes...",
"relevance": 0.94,
"section": "Setup Logical Replication"
},
{
"source": "provisioning/schemas/database.ncl",
"excerpt": "replication = { enabled = true, mode = \"logical\", ... }",
"relevance": 0.87,
"section": "Replication Configuration"
}
]
}
```
### 4. Deployment Troubleshooting
**Tool**: `troubleshoot_deployment`
Analyze deployment failures and suggest fixes.
```json
{
"name": "troubleshoot_deployment",
"description": "Analyze deployment logs and suggest fixes",
"inputSchema": {
"type": "object",
"properties": {
"deployment_id": {
"type": "string",
"description": "Deployment ID (e.g., 'deploy-2025-01-13-001')"
},
"logs": {
"type": "string",
"description": "Deployment logs (optional, if deployment_id not provided)"
},
"error_analysis_depth": {
"type": "string",
"enum": ["shallow", "deep"],
"description": "Analysis depth (default: deep)"
}
}
}
}
```
**Example Usage**:
```bash
# Troubleshoot recent deployment
mcp-client provisioning troubleshoot_deployment
--deployment_id "deploy-2025-01-13-001"
# With custom logs
mcp-client provisioning troubleshoot_deployment
| --logs "$(journalctl -u provisioning --no-pager | tail -100)" |
```
**Response**:
```json
{
"status": "failure",
"root_cause": "Database connection timeout during migration phase",
"analysis": {
"phase": "database_migration",
"error_type": "connectivity",
"confidence": 0.95
},
"suggestions": [
"Verify database security group allows inbound on port 5432",
"Check database instance status (may be rebooting)",
"Increase connection timeout in configuration"
],
"corrected_config": "...generated Nickel config with fixes...",
"similar_issues": [
"[https://docs/troubleshooting/database-connectivity.md"](https://docs/troubleshooting/database-connectivity.md")
]
}
```
### 5. Get Schema
**Tool**: `get_schema`
Retrieve schema definition with examples.
```json
{
"name": "get_schema",
"description": "Get a provisioning schema definition",
"inputSchema": {
"type": "object",
"properties": {
"schema_name": {
"type": "string",
"description": "Schema name (e.g., 'database', 'kubernetes')"
},
"format": {
"type": "string",
"enum": ["schema", "example", "documentation"],
"description": "Response format (default: schema)"
}
},
"required": ["schema_name"]
}
}
```
**Example Usage**:
```bash
# Get schema definition
mcp-client provisioning get_schema --schema_name database
# Get example configuration
mcp-client provisioning get_schema
--schema_name kubernetes
--format example
```
### 6. Compliance Check
**Tool**: `check_compliance`
Verify configuration against compliance policies (Cedar).
```json
{
"name": "check_compliance",
"description": "Check configuration against compliance policies",
"inputSchema": {
"type": "object",
"properties": {
"config": {
"type": "string",
"description": "Configuration to check"
},
"policy_set": {
"type": "string",
"description": "Policy set to check against (e.g., 'pci-dss', 'hipaa', 'sox')"
}
},
"required": ["config", "policy_set"]
}
}
```
**Example Usage**:
```bash
# Check against PCI-DSS
mcp-client provisioning check_compliance
--config "$(cat workspaces/prod/database.ncl)"
--policy_set pci-dss
```
## Integration Examples
### Claude Desktop (Most Common)
```bash
~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"provisioning": {
"command": "provisioning-mcp-server",
"args": ["--config", "/etc/provisioning/ai.toml"],
"env": {
"PROVISIONING_API_KEY": "sk-...",
"PROVISIONING_BASE_URL": "[http://localhost:8083"](http://localhost:8083")
}
}
}
}
```
**Usage in Claude**:
```bash
User: I need a production Kubernetes cluster in AWS with automatic scaling
Claude can now use provisioning tools:
I'll help you create a production Kubernetes cluster. Let me:
1. Search the documentation for best practices
2. Generate a configuration template
3. Validate it against your policies
4. Provide the final configuration
```
### OpenAI Function Calling
```bash
import openai
tools = [
{
"type": "function",
"function": {
"name": "generate_config",
"description": "Generate infrastructure configuration",
"parameters": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "Infrastructure description"
}
},
"required": ["description"]
}
}
}
]
response = openai.ChatCompletion.create(
model="gpt-4",
messages=[{"role": "user", "content": "Create a PostgreSQL database"}],
tools=tools
)
```
### Local LLM Integration (Ollama)
```bash
# Start Ollama with provisioning MCP
OLLAMA_MCP_SERVERS=provisioning://localhost:3000
ollama serve
# Use with llama2 or mistral
curl [http://localhost:11434/api/generate](http://localhost:11434/api/generate)
-d '{
"model": "mistral",
"prompt": "Create a Kubernetes cluster",
"tools": [{"type": "mcp", "server": "provisioning"}]
}'
```
## Error Handling
Tools return consistent error responses:
```json
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Configuration has 3 validation errors",
"details": [
{
"field": "database.version",
"message": "PostgreSQL version 9.6 is deprecated",
"severity": "error"
},
{
"field": "backup.retention_days",
"message": "Recommended minimum is 30 days for production",
"severity": "warning"
}
]
}
}
```
## Performance
| | Operation | Latency | Notes | |
| | ----------- | --------- | ------- | |
| | generate_config | 2-5s | Depends on LLM and config complexity | |
| | validate_config | 500-1000ms | Parallel schema validation | |
| | search_docs | 300-800ms | RAG hybrid search | |
| | troubleshoot | 3-8s | Depends on log size and analysis depth | |
| | get_schema | 100-300ms | Cached schema retrieval | |
| | check_compliance | 500-2000ms | Policy evaluation | |
## Configuration
See [Configuration Guide](configuration.md) for MCP-specific settings:
- MCP server port and binding
- Tool registry customization
- Rate limiting for tool calls
- Access control (Cedar policies)
## Security
### Authentication
- Tools require valid provisioning API token
- Token scoped to user's workspace
- All tool calls authenticated and logged
### Authorization
- Cedar policies control which tools user can call
- Example: `allow(principal, action, resource)` when `role == "admin"`
- Detailed audit trail of all tool invocations
### Data Protection
- Secrets never passed through MCP
- Configuration sanitized before analysis
- PII removed from logs sent to external LLMs
## Monitoring and Debugging
```bash
# Monitor MCP server
provisioning admin mcp status
# View MCP tool calls
provisioning admin logs --filter "mcp_tools" --tail 100
# Debug tool response
RUST_LOG=provisioning::mcp=debug provisioning-mcp-server
```
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [RAG System](rag-system.md) - Documentation search
- [Configuration](configuration.md) - MCP setup
- [API Reference](api-reference.md) - Detailed API endpoints
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**MCP Version**: 0.6.0+
**Supported LLMs**: Claude, GPT-4, Llama, Mistral, all MCP-compatible models

469
docs/src/ai/natural-language-config.md
View File

@ -1,469 +0,0 @@
# Natural Language Configuration Generation
**Status**: 🔴 Planned (Q2 2025 target)
Natural Language Configuration (NLC) is a planned feature that enables users to describe infrastructure requirements in plain English and have the
system automatically generate validated Nickel configurations. This feature combines natural language understanding with schema-aware generation and
validation.
## Feature Overview
### What It Does
Transform infrastructure descriptions into production-ready Nickel configurations:
```nickel
User Input:
"Create a production PostgreSQL cluster with 100GB storage,
daily backups, encryption enabled, and cross-region replication
to us-west-2"
System Output:
provisioning/schemas/database.ncl (validated, production-ready)
```
### Primary Use Cases
1. **Rapid Prototyping**: From description to working config in seconds
2. **Infrastructure Documentation**: Describe infrastructure as code
3. **Configuration Templates**: Generate reusable patterns
4. **Non-Expert Operations**: Enable junior developers to provision infrastructure
5. **Configuration Migration**: Describe existing infrastructure to generate Nickel
## Architecture
### Generation Pipeline
```bash
Input Description (Natural Language)
┌─────────────────────────────────────┐
│ Understanding & Analysis │
│ - Intent extraction │
│ - Entity recognition │
│ - Constraint identification │
│ - Best practice inference │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ RAG Context Retrieval │
│ - Find similar configs │
│ - Retrieve best practices │
│ - Get schema examples │
│ - Identify constraints │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ Schema-Aware Generation │
│ - Map entities to schema fields │
│ - Apply type constraints │
│ - Include required fields │
│ - Generate valid Nickel │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ Validation & Refinement │
│ - Type checking │
│ - Schema validation │
│ - Policy compliance │
│ - Security checks │
└─────────────────────┬───────────────┘
┌─────────────────────────────────────┐
│ Output & Explanation │
│ - Generated Nickel config │
│ - Decision rationale │
│ - Alternative suggestions │
│ - Warnings if any │
└─────────────────────────────────────┘
```
## Planned Implementation Details
### 1. Intent Extraction
Extract structured intent from natural language:
```bash
Input: "Create a production PostgreSQL cluster with encryption and backups"
Extracted Intent:
{
resource_type: "database",
engine: "postgresql",
environment: "production",
requirements: [
{constraint: "encryption", type: "boolean", value: true},
{constraint: "backups", type: "enabled", frequency: "daily"},
],
modifiers: ["production"],
}
```
### 2. Entity Mapping
Map natural language entities to schema fields:
```bash
Description Terms → Schema Fields:
"100GB storage" → database.instance.allocated_storage_gb = 100
"daily backups" → backup.enabled = true, backup.frequency = "daily"
"encryption" → security.encryption_enabled = true
"cross-region" → backup.copy_to_region = "us-west-2"
"PostgreSQL 15" → database.engine_version = "15.0"
```
### 3. Prompt Engineering
Sophisticated prompting for schema-aware generation:
```bash
System Prompt:
You are generating Nickel infrastructure configurations.
Generate ONLY valid Nickel syntax.
Follow these rules:
- Use record syntax: `field = value`
- Type annotations must be valid
- All required fields must be present
- Apply best practices for [ENVIRONMENT]
Schema Context:
[Database schema from provisioning/schemas/database.ncl]
Examples:
[3 relevant examples from RAG]
User Request:
[User natural language description]
Generate the complete Nickel configuration.
Start with: let { database = {
```
### 4. Iterative Refinement
Handle generation errors through iteration:
```bash
Attempt 1: Generate initial config
↓ Validate
✗ Error: field `version` type mismatch (string vs number)
↓ Re-prompt with error
Attempt 2: Fix with context from error
↓ Validate
✓ Success: Config is valid
```
## Command Interface
### CLI Usage
```bash
# Simple generation
provisioning ai generate "PostgreSQL database for production"
# With schema specification
provisioning ai generate
--schema database
"Create PostgreSQL 15 with encryption and daily backups"
# Interactive generation (refine output)
provisioning ai generate --interactive
"Kubernetes cluster on AWS"
# Generate and validate
provisioning ai generate
--validate
"Production Redis cluster with sentinel"
# Generate and save directly
provisioning ai generate
--schema database
--output workspaces/prod/database.ncl
"PostgreSQL production setup"
# Batch generation from file
provisioning ai generate --batch descriptions.yaml
```
### Interactive Refinement
```bash
$ provisioning ai generate --interactive
> Describe infrastructure: Create production PostgreSQL cluster
Generated configuration shown.
> Refine: Add cross-region backup to us-west-2
Configuration updated.
> Refine: Use larger instance class for performance
Configuration updated.
> Accept? [y/n]: y
Configuration saved to: workspaces/prod/database.ncl
```
## Example Generations
### Example 1: Simple Database
**Input**:
```bash
"PostgreSQL database with 50GB storage and encryption"
```
**Output**:
```javascript
let {
database = {
engine = "postgresql",
version = "15.0",
instance = {
instance_class = "db.t3.medium",
allocated_storage_gb = 50,
iops = 1000,
},
security = {
encryption_enabled = true,
tls_enabled = true,
tls_version = "1.3",
},
backup = {
enabled = true,
retention_days = 7,
},
}
}
```
**Rationale**:
- PostgreSQL 15 is current stable version
- db.t3.medium suitable for 50GB with general workload
- Encryption enabled per requirement
- Automatic backups with 7-day retention (default)
### Example 2: Complex Kubernetes Setup
**Input**:
```yaml
"Production Kubernetes cluster in AWS with 3 availability zones,
auto-scaling from 3 to 10 nodes, managed PostgreSQL, and monitoring"
```
**Output**:
```javascript
let {
kubernetes = {
version = "1.28.0",
cluster = {
name = "prod-cluster",
region = "us-east-1",
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"],
},
node_group = {
min_size = 3,
max_size = 10,
desired_size = 3,
instance_type = "t3.large",
auto_scaling = {
enabled = true,
target_cpu = 70,
scale_down_delay = 300,
},
},
managed_services = {
postgres = {
enabled = true,
engine = "postgresql",
version = "15.0",
storage_gb = 100,
},
},
monitoring = {
prometheus = {enabled = true},
grafana = {enabled = true},
cloudwatch_integration = true,
},
networking = {
vpc_cidr = "10.0.0.0/16",
enable_nat_gateway = true,
enable_dns_hostnames = true,
},
}
}
```
**Rationale**:
- 3 AZs for high availability
- t3.large balances cost and performance for general workload
- Auto-scaling target 70% CPU (best practice)
- Managed PostgreSQL reduces operational overhead
- Full observability with Prometheus + Grafana
## Configuration and Constraints
### Configurable Generation Parameters
```toml
# In provisioning/config/ai.toml
[ai.generation]
# Which schema to use by default
default_schema = "database"
# Whether to require explicit environment specification
require_environment = false
# Optimization targets
optimization_target = "balanced" # or "cost", "performance"
# Best practices to always apply
best_practices = [
"encryption",
"high_availability",
"monitoring",
"backup",
]
# Constraints that limit generation
[ai.generation.constraints]
min_storage_gb = 10
max_instances = 100
allowed_engines = ["postgresql", "mysql", "mongodb"]
# Validation before accepting generated config
[ai.generation.validation]
strict_mode = true
require_security_review = false
require_compliance_check = true
```
### Safety Guardrails
1. **Required Fields**: All schema required fields must be present
2. **Type Validation**: Generated values must match schema types
3. **Security Checks**: Encryption/backups enabled for production
4. **Cost Estimation**: Warn if projected cost exceeds threshold
5. **Resource Limits**: Enforce organizational constraints
6. **Policy Compliance**: Check against Cedar policies
## User Workflow
### Typical Usage Session
```bash
# 1. Describe infrastructure need
$ provisioning ai generate "I need a database for my web app"
# System generates basic config, suggests refinements
# Generated config shown with explanations
# 2. Refine if needed
$ provisioning ai generate --interactive
# 3. Review and validate
$ provisioning ai validate workspaces/dev/database.ncl
# 4. Deploy
$ provisioning workspace apply workspaces/dev
# 5. Monitor
$ provisioning workspace logs database
```
## Integration with Other Systems
### RAG Integration
NLC uses RAG to find similar configurations:
```toml
User: "Create Kubernetes cluster"
RAG searches for:
- Existing Kubernetes configs in workspaces
- Kubernetes documentation and examples
- Best practices from provisioning/docs/guides/kubernetes.md
Context fed to LLM for generation
```
### Form Assistance
NLC and form assistance share components:
- Intent extraction for pre-filling forms
- Constraint validation for form field values
- Explanation generation for validation errors
### CLI Integration
```bash
# Generate then preview
| provisioning ai generate "PostgreSQL prod" | \ |
provisioning config preview
# Generate and apply
provisioning ai generate
--apply
--environment prod
"PostgreSQL cluster"
```
## Testing and Validation
### Test Cases (Planned)
1. **Simple Descriptions**: Single resource, few requirements
- "PostgreSQL database"
- "Redis cache"
2. **Complex Descriptions**: Multiple resources, constraints
- "Kubernetes with managed database and monitoring"
- "Multi-region deployment with failover"
3. **Edge Cases**:
- Conflicting requirements
- Ambiguous specifications
- Deprecated technologies
4. **Refinement Cycles**:
- Interactive generation with multiple refines
- Error recovery and re-prompting
- User feedback incorporation
## Success Criteria (Q2 2025)
- ✅ Generates valid Nickel for 90% of user descriptions
- ✅ Generated configs pass all schema validation
- ✅ Supports top 10 infrastructure patterns
- ✅ Interactive refinement works smoothly
- ✅ Error messages explain issues clearly
- ✅ User testing with non-experts succeeds
- ✅ Documentation complete with examples
- ✅ Integration with form assistance operational
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [AI-Assisted Forms](ai-assisted-forms.md) - Related form feature
- [RAG System](rag-system.md) - Context retrieval
- [Configuration](configuration.md) - Setup guide
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Status**: 🔴 Planned
**Target Release**: Q2 2025
**Last Updated**: 2025-01-13
**Architecture**: Complete
**Implementation**: In Design Phase

436
docs/src/ai/natural-language-infrastructure.md Normal file
View File

@ -0,0 +1,436 @@
# Natural Language Infrastructure
Use natural language to describe infrastructure requirements and get automatically generated Nickel configurations and deployment plans.
## Overview
Natural Language Infrastructure (NLI) allows requesting infrastructure changes in plain English:
```bash
# Instead of writing complex Nickel...
provisioning ai "Deploy a 3-node HA PostgreSQL cluster with automatic backups in AWS"
# Or interactively...
provisioning ai interactive
# Interactive mode guides you through requirements
```
## How It Works
### Request Processing Pipeline
```text
User Natural Language Input
Intent Recognition
├─ Extract resource type (server, database, cluster)
├─ Identify constraints (HA, region, size)
└─ Detect options (monitoring, backup, encryption)
RAG Knowledge Retrieval
├─ Find similar deployments
├─ Retrieve best practices
└─ Get provider-specific guidance
LLM Inference (GPT-4, Claude 3)
├─ Generate Nickel schema
├─ Calculate resource requirements
└─ Create deployment plan
Configuration Validation
├─ Type checking via Nickel compiler
├─ Schema validation
└─ Constraint verification
Infrastructure Deployment
├─ Dry-run simulation
├─ Cost estimation
└─ User confirmation
Execution & Monitoring
```
## Command Usage
### Simple Requests
```bash
# Web servers with load balancing
provisioning ai "Create 3 web servers with load balancer"
# Database setup
provisioning ai "Deploy PostgreSQL with 2 replicas and daily backups"
# Kubernetes cluster
provisioning ai "Create production Kubernetes cluster with Prometheus monitoring"
```
### Complex Requests
```bash
# Multi-cloud deployment
provisioning ai "
Deploy:
- 3 HA Kubernetes clusters (AWS, UpCloud, Hetzner)
- PostgreSQL 15 with synchronous replication
- Redis cluster for caching
- ELK stack for logging
- Prometheus for monitoring
Constraints:
- Cross-region high availability
- Encrypted inter-region communication
- Auto-scaling based on CPU (70%)
"
# Disaster recovery setup
provisioning ai "
Set up disaster recovery for production environment:
- Active-passive failover to secondary region
- Daily automated backups (30-day retention)
- Monthly DR tests with automated reports
- RTO: 4 hours, RPO: 1 hour
- Test failover every week
"
```
### Interactive Mode
```bash
# Start interactive mode
provisioning ai interactive
# System asks clarifying questions:
# Q: What type of infrastructure? (server, database, cluster, other)
# Q: Which cloud provider? (aws, upcloud, hetzner, local)
# Q: Production or development?
# Q: High availability required?
# Q: Expected load? (small, medium, large, enterprise)
# Q: Monitoring and logging?
# Q: Backup strategy?
# Shows generated configuration for approval
```
## Example: Web Application Deployment
### Request
```bash
provisioning ai "
Deploy a production web application:
- Frontend: 3 nginx servers with auto-scaling
- API: 5 FastAPI instances behind load balancer
- Database: HA PostgreSQL with read replicas
- Cache: Redis cluster
- Monitoring: Prometheus and Grafana
- Logs: Elasticsearch + Kibana
Environment: AWS
Region: us-east-1 (primary), eu-west-1 (DR)
Budget: $5000/month max
"
```
### Generated Configuration
The system generates:
**1. Nickel Infrastructure Definition**:
```nickel
{
metadata = {
generated_by = "provisioning-ai"
timestamp = "2026-01-16T01:47:00Z"
confidence = 0.94
}
infrastructure = {
frontend = {
servers = 3
cpu = 4
memory = 8
type = "t3.large"
auto_scaling = {
min = 3
max = 10
target_cpu = 70
}
}
api = {
servers = 5
cpu = 8
memory = 16
type = "t3.xlarge"
load_balancer = {
type = "application"
health_check = "/health"
}
}
database = {
type = "postgresql"
version = "15"
replicas = 2
backup = {
enabled = true
frequency = "daily"
retention_days = 30
}
}
cache = {
type = "redis"
nodes = 3
cluster_mode = true
replication = true
}
monitoring = {
prometheus = true
grafana = true
retention_days = 30
}
logging = {
elasticsearch = true
kibana = true
retention_days = 30
}
}
provider = "aws"
region_primary = "us-east-1"
region_dr = "eu-west-1"
cost_estimate = {
monthly = "$4850"
breakdown = {
compute = "$2500"
database = "$1200"
cache = "$600"
monitoring = "$400"
networking = "$150"
}
}
}
```
**2. Deployment Plan**:
```text
Deployment Plan: Web Application (Production)
Phase 1: Network & Storage (2-3 hours)
- Create VPCs in us-east-1 and eu-west-1
- Set up inter-region VPN
- Create EBS volumes for database
- Create EFS for shared storage
Phase 2: Compute Instances (4-5 hours)
- Launch 3 frontend servers
- Launch 5 API servers
- Create load balancers
- Set up auto-scaling groups
Phase 3: Databases (3-4 hours)
- Create PostgreSQL primary
- Create read replicas
- Configure replication
- Run initial backup
Phase 4: Cache & Services (2-3 hours)
- Create Redis cluster
- Deploy Prometheus
- Deploy Grafana
- Deploy Elasticsearch/Kibana
Phase 5: Configuration (2-3 hours)
- Configure health checks
- Set up monitoring alerts
- Configure log shipping
- Deploy TLS certificates
Total Estimated Time: 13-18 hours
```
**3. Cost Breakdown**:
```text
Monthly Cost Estimate: $4,850
Compute $2,500 (EC2 instances)
Database $1,200 (RDS PostgreSQL)
Cache $600 (ElastiCache Redis)
Monitoring $400 (CloudWatch + Grafana)
Networking $150 (NAT Gateway, VPN)
```
**4. Risk Assessment**:
```text
Warnings:
- Budget limit reached at $4,850 (max: $5,000)
- Cross-region networking latency: 80-100ms
- Database failover time: 1-2 minutes
Recommendations:
- Implement connection pooling in API
- Use read replicas for analytics queries
- Consider spot instances for non-critical services (30% cost savings)
```
## Output Formats
### Get Deployment Script
```bash
# Get Bash deployment script
provisioning ai "..." --output bash > deploy.sh
# Get Nushell script
provisioning ai "..." --output nushell > deploy.nu
# Get Terraform
provisioning ai "..." --output terraform > main.tf
# Get Nickel (default)
provisioning ai "..." --output nickel > infrastructure.ncl
```
### Save for Later
```bash
# Save configuration for review
provisioning ai "..." --save deployment-plan --review
# Deploy from saved plan
provisioning apply deployment-plan
# Compare with current state
provisioning diff deployment-plan
```
## Configuration
### LLM Provider Selection
```bash
# Use OpenAI (default)
export PROVISIONING_AI_PROVIDER=openai
export PROVISIONING_AI_MODEL=gpt-4
# Use Anthropic
export PROVISIONING_AI_PROVIDER=anthropic
export PROVISIONING_AI_MODEL=claude-3-opus
# Use local model
export PROVISIONING_AI_PROVIDER=local
export PROVISIONING_AI_MODEL=llama2:70b
```
### Response Options
```yaml
# ~/.config/provisioning/ai.yaml
natural_language:
output_format: nickel # nickel, terraform, bash, nushell
include_cost_estimate: true
include_risk_assessment: true
include_deployment_plan: true
auto_review: false # Require approval before deploy
dry_run: true # Simulate before execution
confidence_threshold: 0.85 # Reject low-confidence results
style:
verbosity: detailed
include_alternatives: true
explain_reasoning: true
```
## Advanced Features
### Conditional Infrastructure
```bash
provisioning ai "
Deploy web cluster:
- If environment is production: HA setup with 5 nodes
- If environment is staging: Standard setup with 2 nodes
- If environment is dev: Single node with development tools
"
```
### Cost-Optimized Variants
```bash
# Generate cost-optimized alternative
provisioning ai "..." --optimize-for cost
# Generate performance-optimized alternative
provisioning ai "..." --optimize-for performance
# Generate high-availability alternative
provisioning ai "..." --optimize-for availability
```
### Template-Based Generation
```bash
# Use existing templates as base
provisioning ai "..." --template kubernetes-ha
# List available templates
provisioning ai templates list
```
## Safety & Validation
### Review Before Deploy
```bash
# Generate and review (no auto-execute)
provisioning ai "..." --review
# Review generated Nickel
cat deployment-plan.ncl
# Validate configuration
provisioning validate deployment-plan.ncl
# Dry-run to see what changes
provisioning apply --dry-run deployment-plan.ncl
# Apply after approval
provisioning apply deployment-plan.ncl
```
### Rollback Support
```bash
# Create deployment with automatic rollback
provisioning ai "..." --with-rollback
# Manual rollback if issues
provisioning workflow rollback --to-checkpoint
# View deployment history
provisioning history list --type infrastructure
```
## Limitations
- **Context Window**: Very large infrastructure descriptions may exceed LLM limits
- **Ambiguity**: Unclear requirements may produce suboptimal configurations
- **Provider Specifics**: Some provider-specific features may require manual adjustment
- **Cost**: API calls incur per-token charges
- **Latency**: Processing takes 2-10 seconds depending on complexity
## Related Documentation
- [AI Architecture](./ai-architecture.md) - System design
- [AI Service Crate](./ai-service-crate.md) - Core microservice
- [RAG & Knowledge](./rag-and-knowledge.md) - Knowledge retrieval
- [TypeDialog Integration](./typedialog-integration.md) - Form AI
- [Nickel Guide](../infrastructure/nickel-guide.md) - Configuration syntax

381
docs/src/ai/rag-and-knowledge.md Normal file
View File

@ -0,0 +1,381 @@
# RAG & Knowledge Base
The RAG (Retrieval Augmented Generation) system enhances AI-generated infrastructure with
domain-specific knowledge. It retrieves relevant documentation, best practices, and patterns to
inform infrastructure recommendations.
## Architecture
### Components
```text
User Query
Query Embedder (text-embedding-3-small)
Vector Similarity Search (SurrealDB)
Knowledge Retrieval (semantic matching)
Context Augmentation
LLM Processing (with knowledge context)
Infrastructure Recommendation
```
### Knowledge Flow
```text
Documentation Input
Document Chunking (512 tokens)
Semantic Embedding
Vector Storage (SurrealDB)
Similarity Indexing
Query Time Retrieval
```
## Knowledge Base Organization
### Document Categories
| Category | Purpose | Examples |
| --- | --- | --- |
| **Infrastructure** | IaC patterns and templates | Kubernetes, databases, networking |
| **Best Practices** | Operational guidelines | HA patterns, disaster recovery |
| **Provider Guides** | Cloud provider documentation | AWS, UpCloud, Hetzner specifics |
| **Performance** | Optimization guidelines | Resource sizing, caching strategies |
| **Security** | Security hardening guides | Encryption, authentication, compliance |
| **Troubleshooting** | Common issues and solutions | Performance, deployment, debugging |
### Document Structure
```yaml
id: "doc-k8s-ha-001"
category: "infrastructure"
subcategory: "kubernetes"
title: "High Availability Kubernetes Cluster Setup"
tags: ["kubernetes", "high-availability", "production"]
created: "2026-01-10T00:00:00Z"
updated: "2026-01-16T00:00:00Z"
content: |
# High Availability Kubernetes Cluster
For production Kubernetes deployments, ensure:
- Minimum 3 control planes
- Distributed across availability zones
- etcd with persistent storage
- CNI plugin with network policies
embedding: [0.123, 0.456]
metadata:
provider: ["aws", "upcloud", "hetzner"]
environment: ["production"]
cost_profile: "medium"
```
## RAG Retrieval Process
### Similarity Search
When processing a user query, the system:
1. **Embed Query**: Convert natural language to vector
2. **Search Index**: Find similar documents (cosine similarity > threshold)
3. **Rank Results**: Score by relevance
4. **Extract Context**: Select top N chunks
5. **Augment Prompt**: Add context to LLM request
**Example**:
```bash
User Query: "Create a Kubernetes cluster in AWS with auto-scaling"
Vector Embedding: [0.234, 0.567, 0.891]
Top Matches:
1. "HA Kubernetes Setup" (similarity: 0.94)
2. "AWS Auto-Scaling Patterns" (similarity: 0.87)
3. "Kubernetes Security Hardening" (similarity: 0.76)
Retrieved Context:
- Minimum 3 control planes for HA
- Use AWS ASGs with cluster autoscaler
- Enable Pod Disruption Budgets
- Configure network policies
LLM Prompt with Context:
"Create a Kubernetes cluster with the following context:
[...retrieved knowledge...]
User request: Create a Kubernetes cluster in AWS with auto-scaling"
```
### Configuration
```toml
[rag]
enabled = true
similarity_threshold = 0.75
max_results = 5
chunk_size = 512
chunk_overlap = 50
[embeddings]
model = "text-embedding-3-small"
provider = "openai"
cache_embeddings = true
[vector_store]
backend = "surrealdb"
index_type = "hnsw"
ef_construction = 400
ef_search = 200
[retrieval]
bm25_weight = 0.3
semantic_weight = 0.7
date_boost = 0.1
```
## Managing Knowledge
### Adding Documents
**Via API**:
```bash
curl -X POST [http://localhost:9091/v1/knowledge/add](http://localhost:9091/v1/knowledge/add) \
-H "Content-Type: application/json" \
-d '{
"category": "infrastructure",
"title": "PostgreSQL HA Setup",
"content": "For production PostgreSQL: 3+ replicas, streaming replication",
"tags": ["database", "postgresql", "ha"],
"metadata": {
"provider": ["aws", "upcloud"],
"environment": ["production"]
}
}'
```
**Batch Import**:
```bash
# Import from markdown files
provisioning ai knowledge import \
--source ./docs/knowledge \
--category infrastructure \
--auto-tag
# Import from existing documentation
provisioning ai knowledge import \
--source provisioning/docs/src \
--recursive
```
### Organizing Knowledge
```bash
# List knowledge documents
provisioning ai knowledge list --category infrastructure
# Search knowledge base
provisioning ai knowledge search "kubernetes high availability"
# View document
provisioning ai knowledge view doc-k8s-ha-001
# Update document
provisioning ai knowledge update doc-k8s-ha-001 \
--content "Updated content..." \
--tags "kubernetes,ha,production,v1.28"
# Delete document
provisioning ai knowledge delete doc-k8s-ha-001
```
### Reindexing
```bash
# Reindex all documents
provisioning ai knowledge reindex --all
# Reindex specific category
provisioning ai knowledge reindex --category infrastructure
# Check indexing status
provisioning ai knowledge index-status
# Rebuild vector index
provisioning ai knowledge rebuild-vectors --model text-embedding-3-small
```
## Knowledge Query API
### Search Endpoint
```http
POST /v1/knowledge/search
Content-Type: application/json
{
"query": "kubernetes cluster setup",
"category": "infrastructure",
"tags": ["kubernetes"],
"limit": 5,
"similarity_threshold": 0.75,
"metadata_filter": {
"provider": ["aws", "upcloud"],
"environment": ["production"]
}
}
```
**Response**:
```json
{
"results": [
{
"id": "doc-k8s-ha-001",
"title": "High Availability Kubernetes Cluster",
"category": "infrastructure",
"similarity": 0.94,
"excerpt": "For production Kubernetes deployments, ensure minimum 3 control planes",
"tags": ["kubernetes", "ha", "production"],
"metadata": {
"provider": ["aws", "upcloud", "hetzner"],
"environment": ["production"]
}
}
],
"search_time_ms": 45,
"total_matches": 12
}
```
## Knowledge Quality
### Maintenance
```bash
# Check knowledge quality
provisioning ai knowledge quality-report
# Remove duplicate documents
provisioning ai knowledge deduplicate
# Fix broken references
provisioning ai knowledge validate-refs
# Update outdated docs
provisioning ai knowledge mark-outdated \
--category infrastructure \
--older-than 180d
```
### Metrics
```bash
# Knowledge base statistics
curl [http://localhost:9091/v1/knowledge/stats](http://localhost:9091/v1/knowledge/stats)
```
**Response**:
```json
{
"total_documents": 1250,
"total_chunks": 8432,
"categories": {
"infrastructure": 450,
"security": 200,
"best_practices": 300
},
"embedding_coverage": 0.98,
"indexed_chunks": 8256,
"vector_index_size_mb": 245,
"last_reindex": "2026-01-15T23:00:00Z"
}
```
## Hybrid Search
RAG uses hybrid search combining semantic and keyword matching:
```text
BM25 Score (Keyword Match): 0.7
Semantic Score (Vector Similarity): 0.92
Hybrid Score = (0.3 × 0.7) + (0.7 × 0.92)
= 0.21 + 0.644
= 0.854
Relevance: High ✓
```
### Configuration
```toml
[hybrid_search]
bm25_weight = 0.3
semantic_weight = 0.7
```
## Performance
### Retrieval Latency
| Operation | Latency |
| --- | --- |
| Embed query (512 tokens) | 100-200ms |
| Vector similarity search | 20-50ms |
| BM25 keyword search | 10-30ms |
| Hybrid ranking | 5-10ms |
| Total retrieval | 50-100ms |
### Vector Index Size
- **Documents**: 1000 → 8GB storage
- **Documents**: 10000 → 80GB storage
- **Search latency**: Consistent <50ms regardless of size (with HNSW indexing)
## Security & Privacy
### Access Control
```bash
# Restrict knowledge access
provisioning ai knowledge acl set doc-k8s-ha-001 \
--read "admin,developer" \
--write "admin"
# Audit knowledge access
provisioning ai knowledge audit --document doc-k8s-ha-001
```
### Data Protection
- **Sensitive Info**: Automatically redacted from queries (API keys, passwords)
- **Document Encryption**: Optional at-rest encryption
- **Query Logging**: Audit trail for compliance
```toml
[security]
redact_patterns = ["password", "api_key", "secret"]
encrypt_documents = true
audit_queries = true
```
## Related Documentation
- [AI Architecture](./ai-architecture.md) - System design
- [AI Service Crate](./ai-service-crate.md) - Core microservice
- [Natural Language Infrastructure](./natural-language-infrastructure.md) - LLM usage
- [MCP Server](../architecture/component-architecture.md#mcp-server) - Tool integration

450
docs/src/ai/rag-system.md
View File

@ -1,450 +0,0 @@
# Retrieval-Augmented Generation (RAG) System
**Status**: ✅ Production-Ready (SurrealDB 1.5.0+, 22/22 tests passing)
The RAG system enables the AI service to access, retrieve, and reason over infrastructure documentation, schemas, and past configurations. This allows
the AI to generate contextually accurate infrastructure configurations and provide intelligent troubleshooting advice grounded in actual platform
knowledge.
## Architecture Overview
The RAG system consists of:
1. **Document Store**: SurrealDB vector store with semantic indexing
2. **Hybrid Search**: Vector similarity + BM25 keyword search
3. **Chunk Management**: Intelligent document chunking for code and markdown
4. **Context Ranking**: Relevance scoring for retrieved documents
5. **Semantic Cache**: Deduplication of repeated queries
## Core Components
### 1. Vector Embeddings
The system uses embedding models to convert documents into vector representations:
```bash
┌─────────────────────┐
│ Document Source │
│ (Markdown, Code) │
└──────────┬──────────┘
┌──────────────────────────────────┐
│ Chunking & Tokenization │
│ - Code-aware splits │
│ - Markdown aware │
│ - Preserves context │
└──────────┬───────────────────────┘
┌──────────────────────────────────┐
│ Embedding Model │
│ (OpenAI Ada, Anthropic, Local) │
└──────────┬───────────────────────┘
┌──────────────────────────────────┐
│ Vector Storage (SurrealDB) │
│ - Vector index │
│ - Metadata indexed │
│ - BM25 index for keywords │
└──────────────────────────────────┘
```
### 2. SurrealDB Integration
SurrealDB serves as the vector database and knowledge store:
```bash
# Configuration in provisioning/schemas/ai.ncl
let {
rag = {
enabled = true,
db_url = "surreal://localhost:8000",
namespace = "provisioning",
database = "ai_rag",
# Collections for different document types
collections = {
documentation = {
chunking_strategy = "markdown",
chunk_size = 1024,
overlap = 256,
},
schemas = {
chunking_strategy = "code",
chunk_size = 512,
overlap = 128,
},
deployments = {
chunking_strategy = "json",
chunk_size = 2048,
overlap = 512,
},
},
# Embedding configuration
embedding = {
provider = "openai", # or "anthropic", "local"
model = "text-embedding-3-small",
cache_vectors = true,
},
# Search configuration
search = {
hybrid_enabled = true,
vector_weight = 0.7,
keyword_weight = 0.3,
top_k = 5, # Number of results to return
semantic_cache = true,
},
}
}
```
### 3. Document Chunking
Intelligent chunking preserves context while managing token limits:
#### Markdown Chunking Strategy
```bash
Input Document: provisioning/docs/src/guides/from-scratch.md
Chunks:
[1] Header + first section (up to 1024 tokens)
[2] Next logical section + overlap with [1]
[3] Code examples preserve as atomic units
[4] Continue with overlap...
Each chunk includes:
- Original section heading (for context)
- Content
- Source file and line numbers
- Metadata (doctype, category, version)
```
#### Code Chunking Strategy
```bash
Input Document: provisioning/schemas/main.ncl
Chunks:
[1] Top-level let binding + comments
[2] Function definition (atomic, preserves signature)
[3] Type definition (atomic, preserves interface)
[4] Implementation blocks with context overlap
Each chunk preserves:
- Type signatures
- Function signatures
- Import statements needed for context
- Comments and docstrings
```
## Hybrid Search
The system implements dual search strategy for optimal results:
### Vector Similarity Search
```bash
// Find semantically similar documents
async fn vector_search(query: &str, top_k: usize) -> Vec<Document> {
let embedding = embed(query).await?;
// L2 distance in SurrealDB
db.query("
SELECT *, vector::similarity::cosine(embedding, $embedding) AS score
FROM documents
WHERE embedding <~> $embedding
ORDER BY score DESC
LIMIT $top_k
")
.bind(("embedding", embedding))
.bind(("top_k", top_k))
.await
}
```
**Use case**: Semantic understanding of intent
- Query: "How to configure PostgreSQL"
- Finds: Documents about database configuration, examples, schemas
### BM25 Keyword Search
```bash
// Find documents with matching keywords
async fn keyword_search(query: &str, top_k: usize) -> Vec<Document> {
// BM25 full-text search in SurrealDB
db.query("
SELECT *, search::bm25(.) AS score
FROM documents
WHERE text @@ $query
ORDER BY score DESC
LIMIT $top_k
")
.bind(("query", query))
.bind(("top_k", top_k))
.await
}
```
**Use case**: Exact term matching
- Query: "SurrealDB configuration"
- Finds: Documents mentioning SurrealDB specifically
### Hybrid Results
```javascript
async fn hybrid_search(
query: &str,
vector_weight: f32,
keyword_weight: f32,
top_k: usize,
) -> Vec<Document> {
let vector_results = vector_search(query, top_k * 2).await?;
let keyword_results = keyword_search(query, top_k * 2).await?;
let mut scored = HashMap::new();
// Score from vector search
for (i, doc) in vector_results.iter().enumerate() {
*scored.entry(doc.id).or_insert(0.0) +=
vector_weight * (1.0 - (i as f32 / top_k as f32));
}
// Score from keyword search
for (i, doc) in keyword_results.iter().enumerate() {
*scored.entry(doc.id).or_insert(0.0) +=
keyword_weight * (1.0 - (i as f32 / top_k as f32));
}
// Return top-k by combined score
let mut results: Vec<_> = scored.into_iter().collect();
| results.sort_by( | a, b | b.1.partial_cmp(&a.1).unwrap()); |
| Ok(results.into_iter().take(top_k).map( | (id, _) | ...).collect()) |
}
```
## Semantic Caching
Reduces API calls by caching embeddings of repeated queries:
```rust
struct SemanticCache {
queries: Arc<DashMap<Vec<f32>, CachedResult>>,
similarity_threshold: f32,
}
impl SemanticCache {
async fn get(&self, query: &str) -> Option<CachedResult> {
let embedding = embed(query).await?;
// Find cached query with similar embedding
// (cosine distance < threshold)
for entry in self.queries.iter() {
let distance = cosine_distance(&embedding, entry.key());
if distance < self.similarity_threshold {
return Some(entry.value().clone());
}
}
None
}
async fn insert(&self, query: &str, result: CachedResult) {
let embedding = embed(query).await?;
self.queries.insert(embedding, result);
}
}
```
**Benefits**:
- 50-80% reduction in embedding API calls
- Identical queries return in <10ms
- Similar queries reuse cached context
## Ingestion Workflow
### Document Indexing
```bash
# Index all documentation
provisioning ai index-docs provisioning/docs/src
# Index schemas
provisioning ai index-schemas provisioning/schemas
# Index past deployments
provisioning ai index-deployments workspaces/*/deployments
# Watch directory for changes (development mode)
provisioning ai watch docs provisioning/docs/src
```
### Programmatic Indexing
```bash
// In ai-service on startup
async fn initialize_rag() -> Result<()> {
let rag = RAGSystem::new(&config.rag).await?;
// Index documentation
let docs = load_markdown_docs("provisioning/docs/src")?;
for doc in docs {
rag.ingest_document(&doc).await?;
}
// Index schemas
let schemas = load_nickel_schemas("provisioning/schemas")?;
for schema in schemas {
rag.ingest_schema(&schema).await?;
}
Ok(())
}
```
## Usage Examples
### Query the RAG System
```bash
# Search for context-aware information
provisioning ai query "How do I configure PostgreSQL with encryption?"
# Get configuration template
provisioning ai template "Describe production Kubernetes on AWS"
# Interactive mode
provisioning ai chat
> What are the best practices for database backup?
```
### AI Service Integration
```bash
// AI service uses RAG to enhance generation
async fn generate_config(user_request: &str) -> Result<String> {
// Retrieve relevant context
let context = rag.search(user_request, top_k=5).await?;
// Build prompt with context
let prompt = build_prompt_with_context(user_request, &context);
// Generate configuration
let config = llm.generate(&prompt).await?;
// Validate against schemas
validate_nickel_config(&config)?;
Ok(config)
}
```
### Form Assistance Integration
```bash
// In typdialog-ai (JavaScript/TypeScript)
async function suggestFieldValue(fieldName, currentInput) {
// Query RAG for similar configurations
const context = await rag.search(
`Field: ${fieldName}, Input: ${currentInput}`,
{ topK: 3, semantic: true }
);
// Generate suggestion using context
const suggestion = await ai.suggest({
field: fieldName,
input: currentInput,
context: context,
});
return suggestion;
}
```
## Performance Characteristics
| | Operation | Time | Cache Hit | |
| | ----------- | ------ | ----------- | |
| | Vector embedding | 200-500ms | N/A | |
| | Vector search (cold) | 300-800ms | N/A | |
| | Keyword search | 50-200ms | N/A | |
| | Hybrid search | 500-1200ms | <100ms cached | |
| | Semantic cache hit | 10-50ms | Always | |
**Typical query flow**:
1. Embedding: 300ms
2. Vector search: 400ms
3. Keyword search: 100ms
4. Ranking: 50ms
5. **Total**: ~850ms (first call), <100ms (cached)
## Configuration
See [Configuration Guide](configuration.md) for detailed RAG setup:
- LLM provider for embeddings
- SurrealDB connection
- Chunking strategies
- Search weights and limits
- Cache settings and TTLs
## Limitations and Considerations
### Document Freshness
- RAG indexes static snapshots
- Changes to documentation require re-indexing
- Use watch mode during development
### Token Limits
- Large documents chunked to fit LLM context
- Some context may be lost in chunking
- Adjustable chunk size vs. context trade-off
### Embedding Quality
- Quality depends on embedding model
- Domain-specific models perform better
- Fine-tuning possible for specialized vocabularies
## Monitoring and Debugging
### Query Metrics
```bash
# View RAG search metrics
provisioning ai metrics show rag
# Analysis of search quality
provisioning ai eval-rag --sample-queries 100
```
### Debug Mode
```bash
# In provisioning/config/ai.toml
[ai.rag.debug]
enabled = true
log_embeddings = true # Log embedding vectors
log_search_scores = true # Log relevance scores
log_context_used = true # Log context retrieved
```
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [MCP Integration](mcp-integration.md) - RAG access via MCP
- [Configuration](configuration.md) - RAG setup guide
- [API Reference](api-reference.md) - RAG API endpoints
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**Test Coverage**: 22/22 tests passing
**Database**: SurrealDB 1.5.0+

537
docs/src/ai/security-policies.md
View File

@ -1,537 +0,0 @@
# AI Security Policies and Cedar Authorization
**Status**: ✅ Production-Ready (Cedar integration, policy enforcement)
Comprehensive documentation of security controls, authorization policies, and data protection mechanisms for the AI system. All AI operations are
controlled through Cedar policies and include strict secret isolation.
## Security Model Overview
### Defense in Depth
```bash
┌─────────────────────────────────────────┐
│ User Request to AI │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 1: Authentication │
│ - Verify user identity │
│ - Validate API token/credentials │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 2: Authorization (Cedar) │
│ - Check if user can access AI features │
│ - Verify workspace permissions │
│ - Check role-based access │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 3: Data Sanitization │
│ - Remove secrets from data │
│ - Redact PII │
│ - Filter sensitive information │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 4: Request Validation │
│ - Check request parameters │
│ - Verify resource constraints │
│ - Apply rate limits │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 5: External API Call │
│ - Only if all previous checks pass │
│ - Encrypted TLS connection │
│ - No secrets in request │
└──────────────┬──────────────────────────┘
┌─────────────────────────────────────────┐
│ Layer 6: Audit Logging │
│ - Log all AI operations │
│ - Capture user, time, action │
│ - Store in tamper-proof log │
└─────────────────────────────────────────┘
```
## Cedar Policies
### Policy Engine Setup
```bash
// File: provisioning/policies/ai-policies.cedar
// Core principle: Least privilege
// All actions denied by default unless explicitly allowed
// Admin users can access all AI features
permit(
principal == ?principal,
action == Action::"ai_generate_config",
resource == ?resource
)
when {
principal.role == "admin"
};
// Developers can use AI within their workspace
permit(
principal == ?principal,
action in [
Action::"ai_query",
Action::"ai_generate_config",
Action::"ai_troubleshoot"
],
resource == ?resource
)
when {
principal.role in ["developer", "senior_engineer"]
&& principal.workspace == resource.workspace
};
// Operators can access troubleshooting and queries
permit(
principal == ?principal,
action in [
Action::"ai_query",
Action::"ai_troubleshoot"
],
resource == ?resource
)
when {
principal.role in ["operator", "devops"]
};
// Form assistance enabled for all authenticated users
permit(
principal == ?principal,
action == Action::"ai_form_assistance",
resource == ?resource
)
when {
principal.authenticated == true
};
// Agents (when available) require explicit approval
permit(
principal == ?principal,
action == Action::"ai_agent_execute",
resource == ?resource
)
when {
principal.role == "automation_admin"
&& resource.requires_approval == true
};
// MCP tool access - restrictive by default
permit(
principal == ?principal,
action == Action::"mcp_tool_call",
resource == ?resource
)
when {
principal.role == "admin"
| | | (principal.role == "developer" && resource.tool in ["generate_config", "validate_config"]) |
};
// Cost control policies
permit(
principal == ?principal,
action == Action::"ai_generate_config",
resource == ?resource
)
when {
// User must have remaining budget
principal.ai_budget_remaining_usd > resource.estimated_cost_usd
// Workspace must be under budget
&& resource.workspace.ai_budget_remaining_usd > resource.estimated_cost_usd
};
```
### Policy Best Practices
1. **Explicit Allow**: Only allow specific actions, deny by default
2. **Workspace Isolation**: Users can't access AI in other workspaces
3. **Role-Based**: Use consistent role definitions
4. **Cost-Aware**: Check budgets before operations
5. **Audit Trail**: Log all policy decisions
## Data Sanitization
### Automatic PII Removal
Before sending data to external LLMs, the system removes:
```bash
Patterns Removed:
├─ Passwords: password="...", pwd=..., etc.
├─ API Keys: api_key=..., api-key=..., etc.
├─ Tokens: token=..., bearer=..., etc.
├─ Email addresses: user@example.com (unless necessary for context)
├─ Phone numbers: +1-555-0123 patterns
├─ Credit cards: 4111-1111-1111-1111 patterns
├─ SSH keys: -----BEGIN RSA PRIVATE KEY-----...
└─ AWS/GCP/Azure: AKIA2..., AIza..., etc.
```
### Configuration
```toml
[ai.security]
sanitize_pii = true
sanitize_secrets = true
# Custom redaction patterns
redact_patterns = [
# Database passwords
"(?i)db[_-]?password\\s*[:=]\\s*'?[^'
]+'?",
# Generic secrets
"(?i)secret\\s*[:=]\\s*'?[^'
]+'?",
# API endpoints that shouldn't be logged
"https?://api[.-]secret\\..+",
]
# Exceptions (patterns NOT to redact)
preserve_patterns = [
# Preserve example.com domain for docs
"example\\.com",
# Preserve placeholder emails
"user@example\\.com",
]
```
### Example Sanitization
**Before**:
```bash
Error configuring database:
connection_string: postgresql://dbadmin:MySecurePassword123@prod-db.us-east-1.rds.amazonaws.com:5432/app
api_key: sk-ant-abc123def456
vault_token: hvs.CAESIyg7...
```
**After Sanitization**:
```bash
Error configuring database:
connection_string: postgresql://dbadmin:[REDACTED]@prod-db.us-east-1.rds.amazonaws.com:5432/app
api_key: [REDACTED]
vault_token: [REDACTED]
```
## Secret Isolation
### Never Access Secrets Directly
AI cannot directly access secrets. Instead:
```bash
User wants: "Configure PostgreSQL with encrypted backups"
AI generates: Configuration schema with placeholders
User inserts: Actual secret values (connection strings, passwords)
System encrypts: Secrets remain encrypted at rest
Deployment: Uses secrets from secure store (Vault, AWS Secrets Manager)
```
### Secret Protection Rules
1. **No Direct Access**: AI never reads from Vault/Secrets Manager
2. **Never in Logs**: Secrets never logged or stored in cache
3. **Sanitization**: All secrets redacted before sending to LLM
4. **Encryption**: Secrets encrypted at rest and in transit
5. **Audit Trail**: All access to secrets logged
6. **TTL**: Temporary secrets auto-expire
## Local Models Support
### Air-Gapped Deployments
For environments requiring zero external API calls:
```bash
# Deploy local Ollama with provisioning support
docker run -d
--name provisioning-ai
-p 11434:11434
-v ollama:/root/.ollama
-e OLLAMA_HOST=0.0.0.0:11434
ollama/ollama
# Pull model
ollama pull mistral
ollama pull llama2-70b
# Configure provisioning to use local model
provisioning config edit ai
[ai]
provider = "local"
model = "mistral"
api_base = "[http://localhost:11434"](http://localhost:11434")
```
### Benefits
- ✅ Zero external API calls
- ✅ Full data privacy (no LLM vendor access)
- ✅ Compliance with classified/regulated data
- ✅ No API key exposure
- ✅ Deterministic (same results each run)
### Performance Trade-offs
| | Factor | Local | Cloud | |
| | -------- | ------- | ------- | |
| | Privacy | Excellent | Requires trust | |
| | Cost | Free (hardware) | Per token | |
| | Speed | 5-30s/response | 2-5s/response | |
| | Quality | Good (70B models) | Excellent (Opus) | |
| | Hardware | Requires GPU | None | |
## HSM Integration
### Hardware Security Module Support
For highly sensitive environments:
```toml
[ai.security.hsm]
enabled = true
provider = "aws-cloudhsm" # or "thales", "yubihsm"
[ai.security.hsm.aws]
cluster_id = "cluster-123"
customer_ca_cert = "/etc/provisioning/certs/customerCA.crt"
server_cert = "/etc/provisioning/certs/server.crt"
server_key = "/etc/provisioning/certs/server.key"
```
## Encryption
### Data at Rest
```toml
[ai.security.encryption]
enabled = true
algorithm = "aes-256-gcm"
key_derivation = "argon2id"
# Key rotation
key_rotation_enabled = true
key_rotation_days = 90
rotation_alert_days = 7
# Encrypted storage
cache_encryption = true
log_encryption = true
```
### Data in Transit
```bash
All external LLM API calls:
├─ TLS 1.3 (minimum)
├─ Certificate pinning (optional)
├─ Mutual TLS (with cloud providers)
└─ No plaintext transmission
```
## Audit Logging
### What Gets Logged
```json
{
"timestamp": "2025-01-13T10:30:45Z",
"event_type": "ai_action",
"action": "generate_config",
"principal": {
"user_id": "user-123",
"role": "developer",
"workspace": "prod"
},
"resource": {
"type": "database",
"name": "prod-postgres"
},
"authorization": {
"decision": "permit",
"policy": "ai-policies.cedar",
"reason": "developer role in workspace"
},
"cost": {
"tokens_used": 1250,
"estimated_cost_usd": 0.037
},
"sanitization": {
"items_redacted": 3,
"patterns_matched": ["db_password", "api_key", "token"]
},
"status": "success"
}
```
### Audit Trail Access
```bash
# View recent AI actions
provisioning audit log ai --tail 100
# Filter by user
provisioning audit log ai --user alice@company.com
# Filter by action
provisioning audit log ai --action generate_config
# Filter by time range
provisioning audit log ai --from "2025-01-01" --to "2025-01-13"
# Export for analysis
provisioning audit export ai --format csv --output audit.csv
# Full-text search
provisioning audit search ai "error in database configuration"
```
## Compliance Frameworks
### Built-in Compliance Checks
```toml
[ai.compliance]
frameworks = ["pci-dss", "hipaa", "sox", "gdpr"]
[ai.compliance.pci-dss]
enabled = true
# Requires encryption, audit logs, access controls
[ai.compliance.hipaa]
enabled = true
# Requires local models, encrypted storage, audit logs
[ai.compliance.gdpr]
enabled = true
# Requires data deletion, consent tracking, privacy by design
```
### Compliance Reports
```bash
# Generate compliance report
provisioning audit compliance-report
--framework pci-dss
--period month
--output report.pdf
# Verify compliance
provisioning audit verify-compliance
--framework hipaa
--verbose
```
## Security Best Practices
### For Administrators
1. **Rotate API Keys**: Every 90 days minimum
2. **Monitor Budget**: Set up alerts at 80% and 90%
3. **Review Policies**: Quarterly policy audit
4. **Audit Logs**: Weekly review of AI operations
5. **Update Models**: Use latest stable models
6. **Test Recovery**: Monthly rollback drills
### For Developers
1. **Use Workspace Isolation**: Never share workspace access
2. **Don't Log Secrets**: Use sanitization, never bypass it
3. **Validate Outputs**: Always review AI-generated configs
4. **Report Issues**: Security issues to `security-ai@company.com`
5. **Stay Updated**: Follow security bulletins
### For Operators
1. **Monitor Costs**: Alert if exceeding 110% of budget
2. **Watch Errors**: Unusual error patterns may indicate attacks
3. **Check Audit Logs**: Unauthorized access attempts
4. **Test Policies**: Periodically verify Cedar policies work
5. **Backup Configs**: Secure backup of policy files
## Incident Response
### Compromised API Key
```bash
# 1. Immediately revoke key
provisioning admin revoke-key ai-api-key-123
# 2. Rotate key
provisioning admin rotate-key ai
--notify ops-team@company.com
# 3. Audit usage since compromise
provisioning audit log ai
--since "2025-01-13T09:00:00Z"
--api-key-id ai-api-key-123
# 4. Review any generated configs from this period
# Configs generated while key was compromised may need review
```
### Unauthorized Access
```bash
# Review Cedar policy logs
provisioning audit log ai
--decision deny
--last-hour
# Check for pattern
provisioning audit search ai "authorization.*deny"
--trend-analysis
# Update policies if needed
provisioning policy update ai-policies.cedar
```
## Security Checklist
### Pre-Production
- ✅ Cedar policies reviewed and tested
- ✅ API keys rotated and secured
- ✅ Data sanitization tested with real secrets
- ✅ Encryption enabled for cache
- ✅ Audit logging configured
- ✅ Cost limits set appropriately
- ✅ Local-only mode tested (if needed)
- ✅ HSM configured (if required)
### Ongoing
- ✅ Monthly policy review
- ✅ Weekly audit log review
- ✅ Quarterly key rotation
- ✅ Annual compliance assessment
- ✅ Continuous budget monitoring
- ✅ Error pattern analysis
## Related Documentation
- [Architecture](architecture.md) - System overview
- [Configuration](configuration.md) - Security settings
- [Cost Management](cost-management.md) - Budget controls
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**Compliance**: PCI-DSS, HIPAA, SOX, GDPR
**Cedar Version**: 3.0+

502
docs/src/ai/troubleshooting-with-ai.md
View File

@ -1,502 +0,0 @@
# AI-Assisted Troubleshooting and Debugging
**Status**: ✅ Production-Ready (AI troubleshooting analysis, log parsing)
The AI troubleshooting system provides intelligent debugging assistance for infrastructure failures. The system analyzes deployment logs, identifies
root causes, suggests fixes, and generates corrected configurations based on failure patterns.
## Feature Overview
### What It Does
Transform deployment failures into actionable insights:
```bash
Deployment Fails with Error
AI analyzes logs:
- Identifies failure phase (networking, database, k8s, etc.)
- Detects root cause (resource limits, configuration, timeout)
- Correlates with similar past failures
- Reviews deployment configuration
AI generates report:
- Root cause explanation in plain English
- Configuration issues identified
- Suggested fixes with rationale
- Alternative solutions
- Links to relevant documentation
Developer reviews and accepts:
- Understands what went wrong
- Knows how to fix it
- Can implement fix with confidence
```
## Troubleshooting Workflow
### Automatic Detection and Analysis
```bash
┌──────────────────────────────────────────┐
│ Deployment Monitoring │
│ - Watches deployment for failures │
│ - Captures logs in real-time │
│ - Detects failure events │
└──────────────┬───────────────────────────┘
┌──────────────────────────────────────────┐
│ Log Collection │
│ - Gather all relevant logs │
│ - Include stack traces │
│ - Capture metrics at failure time │
│ - Get resource usage data │
└──────────────┬───────────────────────────┘
┌──────────────────────────────────────────┐
│ Context Retrieval (RAG) │
│ - Find similar past failures │
│ - Retrieve troubleshooting guides │
│ - Get schema constraints │
│ - Find best practices │
└──────────────┬───────────────────────────┘
┌──────────────────────────────────────────┐
│ AI Analysis │
│ - Identify failure pattern │
│ - Determine root cause │
│ - Generate hypotheses │
│ - Score likely causes │
└──────────────┬───────────────────────────┘
┌──────────────────────────────────────────┐
│ Solution Generation │
│ - Create fixed configuration │
│ - Generate step-by-step fix guide │
│ - Suggest preventative measures │
│ - Provide alternative approaches │
└──────────────┬───────────────────────────┘
┌──────────────────────────────────────────┐
│ Report and Recommendations │
│ - Explain what went wrong │
│ - Show how to fix it │
│ - Provide corrected configuration │
│ - Link to prevention strategies │
└──────────────────────────────────────────┘
```
## Usage Examples
### Example 1: Database Connection Timeout
**Failure**:
```bash
Deployment: deploy-2025-01-13-001
Status: FAILED at phase database_migration
Error: connection timeout after 30s connecting to postgres://...
```
**Run Troubleshooting**:
```bash
$ provisioning ai troubleshoot deploy-2025-01-13-001
Analyzing deployment failure...
╔════════════════════════════════════════════════════════════════╗
║ Root Cause Analysis: Database Connection Timeout ║
╠════════════════════════════════════════════════════════════════╣
║ ║
║ Phase: database_migration (occurred during migration job) ║
║ Error: Timeout after 30 seconds connecting to database ║
║ ║
║ Most Likely Causes (confidence): ║
║ 1. Database security group blocks migration job (85%) ║
║ 2. Database instance not fully initialized yet (60%) ║
║ 3. Network connectivity issue (40%) ║
║ ║
║ Analysis: ║
║ - Database was created only 2 seconds before connection ║
║ - Migration job started immediately (no wait time) ║
║ - Security group: allows 5432 only from default SG ║
║ - Migration pod uses different security group ║
║ ║
╠════════════════════════════════════════════════════════════════╣
║ Recommended Fix ║
╠════════════════════════════════════════════════════════════════╣
║ ║
║ Issue: Migration security group not in database's inbound ║
║ ║
║ Solution: Add migration pod security group to DB inbound ║
║ ║
║ database.security_group.ingress = [ ║
║ { ║
║ from_port = 5432, ║
║ to_port = 5432, ║
║ source_security_group = "migration-pods-sg" ║
║ } ║
║ ] ║
║ ║
║ Alternative: Add 30-second wait after database creation ║
║ ║
║ deployment.phases.database.post_actions = [ ║
║ {action = "wait_for_database", timeout_seconds = 30} ║
║ ] ║
║ ║
╠════════════════════════════════════════════════════════════════╣
║ Prevention ║
╠════════════════════════════════════════════════════════════════╣
║ ║
║ To prevent this in future deployments: ║
║ ║
║ 1. Always verify security group rules before migration ║
║ 2. Add health check: `SELECT 1` before starting migration ║
║ 3. Increase initial timeout: database can be slow to start ║
║ 4. Use RDS wait condition instead of time-based wait ║
║ ║
║ See: docs/troubleshooting/database-connectivity.md ║
║ docs/guides/database-migrations.md ║
║ ║
╚════════════════════════════════════════════════════════════════╝
Generate corrected configuration? [yes/no]: yes
Configuration generated and saved to:
workspaces/prod/database.ncl.fixed
Changes made:
✓ Added migration security group to database inbound
✓ Added health check before migration
✓ Increased connection timeout to 60s
Ready to redeploy with corrected configuration? [yes/no]: yes
```
### Example 2: Kubernetes Deployment Error
**Failure**:
```yaml
Deployment: deploy-2025-01-13-002
Status: FAILED at phase kubernetes_workload
Error: failed to create deployment app: Pod exceeded capacity
```
**Troubleshooting**:
```bash
$ provisioning ai troubleshoot deploy-2025-01-13-002 --detailed
╔════════════════════════════════════════════════════════════════╗
║ Root Cause: Pod Exceeded Node Capacity ║
╠════════════════════════════════════════════════════════════════╣
║ ║
║ Failure Analysis: ║
║ ║
║ Error: Pod requests 4CPU/8GB, but largest node has 2CPU/4GB ║
║ Cluster: 3 nodes, each t3.medium (2CPU/4GB) ║
║ Pod requirements: ║
║ - CPU: 4 (requested) + 2 (reserved system) = 6 needed ║
║ - Memory: 8Gi (requested) + 1Gi (system) = 9Gi needed ║
║ ║
║ Why this happened: ║
║ Pod spec updated to 4CPU/8GB but node group wasn't ║
║ Node group still has t3.medium (too small) ║
║ No autoscaling configured (won't scale up automatically) ║
║ ║
║ Solution Options: ║
║ 1. Reduce pod resource requests to 2CPU/4GB (simpler) ║
║ 2. Scale up node group to t3.large (2x cost, safer) ║
║ 3. Use both: t3.large nodes + reduce pod requests ║
║ ║
╠════════════════════════════════════════════════════════════════╣
║ Recommended: Option 2 (Scale up nodes) ║
╠════════════════════════════════════════════════════════════════╣
║ ║
║ Reason: Pod requests are reasonable for production app ║
║ Better to scale infrastructure than reduce resources ║
║ ║
║ Changes needed: ║
║ ║
║ kubernetes.node_group = { ║
║ instance_type = "t3.large" # was t3.medium ║
║ min_size = 3 ║
║ max_size = 10 ║
║ ║
║ auto_scaling = { ║
║ enabled = true ║
║ target_cpu_percent = 70 ║
║ } ║
║ } ║
║ ║
║ Cost Impact: ║
║ Current: 3 × t3.medium = ~$90/month ║
║ Proposed: 3 × t3.large = ~$180/month ║
║ With autoscaling, average: ~$150/month (some scale-down) ║
║ ║
╚════════════════════════════════════════════════════════════════╝
```
## CLI Commands
### Basic Troubleshooting
```bash
# Troubleshoot recent deployment
provisioning ai troubleshoot deploy-2025-01-13-001
# Get detailed analysis
provisioning ai troubleshoot deploy-2025-01-13-001 --detailed
# Analyze with specific focus
provisioning ai troubleshoot deploy-2025-01-13-001 --focus networking
# Get alternative solutions
provisioning ai troubleshoot deploy-2025-01-13-001 --alternatives
```
### Working with Logs
```bash
# Troubleshoot from custom logs
provisioning ai troubleshoot
| --logs "$(journalctl -u provisioning --no-pager | tail -100)" |
# Troubleshoot from file
provisioning ai troubleshoot --log-file /var/log/deployment.log
# Troubleshoot from cloud provider
provisioning ai troubleshoot
--cloud-logs aws-deployment-123
--region us-east-1
```
### Generate Reports
```bash
# Generate detailed troubleshooting report
provisioning ai troubleshoot deploy-123
--report
--output troubleshooting-report.md
# Generate with suggestions
provisioning ai troubleshoot deploy-123
--report
--include-suggestions
--output report-with-fixes.md
# Generate compliance report (PCI-DSS, HIPAA)
provisioning ai troubleshoot deploy-123
--report
--compliance pci-dss
--output compliance-report.pdf
```
## Analysis Depth
### Shallow Analysis (Fast)
```bash
provisioning ai troubleshoot deploy-123 --depth shallow
Analyzes:
- First error message
- Last few log lines
- Basic pattern matching
- Returns in 30-60 seconds
```
### Deep Analysis (Thorough)
```bash
provisioning ai troubleshoot deploy-123 --depth deep
Analyzes:
- Full log context
- Correlates multiple errors
- Checks resource metrics
- Compares to past failures
- Generates alternative hypotheses
- Returns in 5-10 seconds
```
## Integration with Monitoring
### Automatic Troubleshooting
```bash
# Enable auto-troubleshoot on failures
provisioning config set ai.troubleshooting.auto_analyze true
# Deployments that fail automatically get analyzed
# Reports available in provisioning dashboard
# Alerts sent to on-call engineer with analysis
```
### WebUI Integration
```bash
Deployment Dashboard
├─ deployment-123 [FAILED]
│ └─ AI Analysis
│ ├─ Root Cause: Database timeout
│ ├─ Suggested Fix: ✓ View
│ ├─ Corrected Config: ✓ Download
│ └─ Alternative Solutions: 3 options
```
## Learning from Failures
### Pattern Recognition
The system learns common failure patterns:
```bash
Collected Patterns:
├─ Database Timeouts (25% of failures)
│ └─ Usually: Security group, connection pool, slow startup
├─ Kubernetes Pod Failures (20%)
│ └─ Usually: Insufficient resources, bad config
├─ Network Connectivity (15%)
│ └─ Usually: Security groups, routing, DNS
└─ Other (40%)
└─ Various causes, each analyzed individually
```
### Improvement Tracking
```bash
# See patterns in your deployments
provisioning ai analytics failures --period month
Month Summary:
Total deployments: 50
Failed: 5 (10% failure rate)
Common causes:
1. Security group rules (3 failures, 60%)
2. Resource limits (1 failure, 20%)
3. Configuration error (1 failure, 20%)
Improvement opportunities:
- Pre-check security groups before deployment
- Add health checks for resource sizing
- Add configuration validation
```
## Configuration
### Troubleshooting Settings
```toml
[ai.troubleshooting]
enabled = true
# Analysis depth
default_depth = "deep" # or "shallow" for speed
max_analysis_time_seconds = 30
# Features
auto_analyze_failed_deployments = true
generate_corrected_config = true
suggest_prevention = true
# Learning
track_failure_patterns = true
learn_from_similar_failures = true
improve_suggestions_over_time = true
# Reporting
auto_send_report = false # Email report to user
report_format = "markdown" # or "json", "pdf"
include_alternatives = true
# Cost impact analysis
estimate_fix_cost = true
estimate_alternative_costs = true
```
### Failure Detection
```toml
[ai.troubleshooting.detection]
# Monitor logs for these patterns
watch_patterns = [
"error",
"timeout",
"failed",
"unable to",
"refused",
"denied",
"exceeded",
"quota",
]
# Minimum log lines before analyzing
min_log_lines = 10
# Time window for log collection
log_window_seconds = 300
```
## Best Practices
### For Effective Troubleshooting
1. **Keep Detailed Logs**: Enable verbose logging in deployments
2. **Include Context**: Share full logs, not just error snippet
3. **Check Suggestions**: Review AI suggestions even if obvious
4. **Learn Patterns**: Track recurring failures and address root cause
5. **Update Configs**: Use corrected configs from AI, validate them
### For Prevention
1. **Use Health Checks**: Add database/service health checks
2. **Test Before Deploy**: Use dry-run to catch issues early
3. **Monitor Metrics**: Watch CPU/memory before failures occur
4. **Review Policies**: Ensure security groups are correct
5. **Document Changes**: When updating configs, note the change
## Limitations
### What AI Can Troubleshoot
✅ Configuration errors
✅ Resource limit problems
✅ Networking/security group issues
✅ Database connectivity problems
✅ Deployment ordering issues
✅ Common application errors
✅ Performance problems
### What Requires Human Review
⚠️ Data corruption scenarios
⚠️ Multi-failure cascades
⚠️ Unclear error messages
⚠️ Custom application code failures
⚠️ Third-party service issues
⚠️ Physical infrastructure failures
## Examples and Guides
### Common Issues - Quick Links
- [Database Connectivity](../troubleshooting/database-connectivity.md)
- [Kubernetes Pod Failures](../troubleshooting/kubernetes-pods.md)
- [Network Configuration](../troubleshooting/networking.md)
- [Performance Issues](../troubleshooting/performance.md)
- [Resource Limits](../troubleshooting/resource-limits.md)
## Related Documentation
- [Architecture](architecture.md) - AI system overview
- [RAG System](rag-system.md) - Context retrieval for troubleshooting
- [Configuration](configuration.md) - Setup guide
- [Security Policies](security-policies.md) - Safe log handling
- [ADR-015](../architecture/adr/adr-015-ai-integration-architecture.md) - Design decisions
---
**Last Updated**: 2025-01-13
**Status**: ✅ Production-Ready
**Success Rate**: 85-95% accuracy in root cause identification
**Supported**: All deployment types (infrastructure, Kubernetes, database)

385
docs/src/ai/typedialog-integration.md Normal file
View File

@ -0,0 +1,385 @@
# TypeDialog AI & AG Integration
TypeDialog provides two AI-powered tools for Provisioning: **typedialog-ai** (configuration assistant) and **typedialog-ag** (agent automation).
## TypeDialog Components
### typedialog-ai v0.1.0
**AI Assistant** - HTTP server backend for intelligent form suggestions and infrastructure recommendations.
**Purpose**: Enhance interactive forms with AI-powered suggestions and natural language parsing.
**Architecture**:
```text
TypeDialog Form
typedialog-ai HTTP Server
SurrealDB Backend
LLM Provider (OpenAI, Anthropic, etc.)
Suggestions → Deployed Config
```
**Key Features**:
- **Form Intelligence**: Context-aware field suggestions
- **Database Recommendations**: Suggest database type/configuration based on workload
- **Network Optimization**: Generate optimal network topology
- **Security Policies**: AI-generated Cedar policies
- **Cost Estimation**: Predict infrastructure costs
**Installation**:
```bash
# Via provisioning script
provisioning install ai-tools
# Manual installation
wget [https://github.com/typedialog/typedialog-ai/releases/download/v0.1.0/typedialog-ai-<os>-<arch>](https://github.com/typedialog/typedialog-ai/releases/download/v0.1.0/typedialog-ai-<os>-<arch>)
chmod +x typedialog-ai
mv typedialog-ai ~/.local/bin/
```
**Usage**:
```bash
# Start AI server
typedialog ai serve --db-path ~/.typedialog/ai.db --port 9000
# Test connection
curl [http://localhost:9000/health](http://localhost:9000/health)
# Get suggestion for database
curl -X POST [http://localhost:9000/suggest/database](http://localhost:9000/suggest/database) \
-H "Content-Type: application/json" \
-d '{"workload": "transactional", "size": "1TB", "replicas": 3}'
# Response:
# {"suggestion": "PostgreSQL 15 with pgvector", "confidence": 0.92}
```
**Configuration**:
```yaml
# ~/.typedialog/ai-config.yaml
typedialog-ai:
port: 9000
db_path: ~/.typedialog/ai.db
loglevel: info
llm:
provider: openai # or: anthropic, local
model: gpt-4
api_key: ${OPENAI_API_KEY}
temperature: 0.7
features:
form_suggestions: true
database_recommendations: true
network_optimization: true
security_policy_generation: true
cost_estimation: true
cache:
enabled: true
ttl: 3600
```
**Database Schema**:
```sql
-- SurrealDB schema for AI suggestions
DEFINE TABLE ai_suggestions SCHEMAFULL
DEFINE FIELD timestamp ON ai_suggestions TYPE datetime DEFAULT now();
DEFINE FIELD context ON ai_suggestions TYPE object;
DEFINE FIELD suggestion ON ai_suggestions TYPE string;
DEFINE FIELD confidence ON ai_suggestions TYPE float;
DEFINE FIELD accepted ON ai_suggestions TYPE bool;
DEFINE TABLE ai_models SCHEMAFULL
DEFINE FIELD name ON ai_models TYPE string;
DEFINE FIELD version ON ai_models TYPE string;
DEFINE FIELD provider ON ai_models TYPE string;
```
**Endpoints**:
| Endpoint | Method | Purpose |
| --- | --- | --- |
| `/health` | GET | Health check |
| `/suggest/database` | POST | Database recommendations |
| `/suggest/network` | POST | Network topology |
| `/suggest/security` | POST | Security policies |
| `/estimate/cost` | POST | Cost estimation |
| `/parse/natural-language` | POST | Parse natural language |
| `/feedback` | POST | Store suggestion feedback |
### typedialog-ag v0.1.0
**AI Agents** - Type-safe agents for automation workflows and Nickel transpilation.
**Purpose**: Define complex automation workflows using type-safe agent descriptions, then transpile to executable Nickel.
**Architecture**:
```text
Agent Definition (.agent.yaml)
typedialog-ag Type Checker
Agent Execution Plan
Nickel Transpilation
Provisioning Execution
```
**Key Features**:
- **Type-Safe Agents**: Strongly-typed agent definitions
- **Workflow Automation**: Chain multiple infrastructure tasks
- **Nickel Transpilation**: Generate Nickel IaC automatically
- **Agent Orchestration**: Parallel and sequential execution
- **Rollback Support**: Automatic rollback on failure
**Installation**:
```bash
# Via provisioning script
provisioning install ai-tools
# Manual installation
wget [https://github.com/typedialog/typedialog-ag/releases/download/v0.1.0/typedialog-ag-<os>-<arch>](https://github.com/typedialog/typedialog-ag/releases/download/v0.1.0/typedialog-ag-<os>-<arch>)
chmod +x typedialog-ag
mv typedialog-ag ~/.local/bin/
```
**Agent Definition Syntax**:
```yaml
# provisioning/workflows/deploy-k8s.agent.yaml
version: "1.0"
agent: deploy-k8s
description: "Deploy HA Kubernetes cluster with observability stack"
types:
CloudProvider:
enum: ["aws", "upcloud", "hetzner"]
NodeConfig:
cpu: int # 2..64
memory: int # 4..256 (GB)
disk: int # 10..1000 (GB)
input:
provider: CloudProvider
name: string # cluster name
nodes: int # 3..100
node_config: NodeConfig
enable_monitoring: bool = true
enable_backup: bool = true
workflow:
- name: validate
task: validate_cluster_config
args:
provider: $input.provider
nodes: $input.nodes
node_config: $input.node_config
- name: create_network
task: create_vpc
depends_on: [validate]
args:
provider: $input.provider
cidr: "10.0.0.0/16"
- name: create_nodes
task: create_nodes
depends_on: [create_network]
parallel: true
args:
provider: $input.provider
count: $input.nodes
config: $input.node_config
- name: install_kubernetes
task: install_kubernetes
depends_on: [create_nodes]
args:
nodes: $create_nodes.output.node_ids
version: "1.28.0"
- name: add_monitoring
task: deploy_observability_stack
depends_on: [install_kubernetes]
when: $input.enable_monitoring
args:
cluster_name: $input.name
storage_class: "ebs"
- name: setup_backup
task: configure_backup
depends_on: [install_kubernetes]
when: $input.enable_backup
args:
cluster_name: $input.name
backup_interval: "daily"
output:
cluster_name: string
cluster_id: string
kubeconfig_path: string
monitoring_url: string
```
**Usage**:
```bash
# Type-check agent
typedialog ag check deploy-k8s.agent.yaml
# Run agent interactively
typedialog ag run deploy-k8s.agent.yaml \
--provider upcloud \
--name production-k8s \
--nodes 5 \
--node-config '{"cpu": 8, "memory": 32, "disk": 100}'
# Transpile to Nickel
typedialog ag transpile deploy-k8s.agent.yaml > deploy-k8s.ncl
# Execute generated Nickel
provisioning apply deploy-k8s.ncl
```
**Generated Nickel Output** (example):
```nickel
{
metadata = {
agent = "deploy-k8s"
version = "1.0"
generated_at = "2026-01-16T01:47:00Z"
}
resources = {
network = {
provider = "upcloud"
vpc = { cidr = "10.0.0.0/16" }
}
compute = {
provider = "upcloud"
nodes = [
{ count = 5, cpu = 8, memory = 32, disk = 100 }
]
}
kubernetes = {
version = "1.28.0"
high_availability = true
monitoring = {
enabled = true
stack = "prometheus-grafana"
}
backup = {
enabled = true
interval = "daily"
}
}
}
}
```
**Agent Features**:
| Feature | Purpose |
| --- | --- |
| **Dependencies** | Declare task ordering (depends_on) |
| **Parallelism** | Run independent tasks in parallel |
| **Conditionals** | Execute tasks based on input conditions |
| **Type Safety** | Strong typing on inputs and outputs |
| **Rollback** | Automatic rollback on failure |
| **Logging** | Full execution trace for debugging |
## Integration with Provisioning
### Using typedialog-ai in Forms
```toml
# .typedialog/provisioning/form.toml
[[elements]]
name = "database_type"
prompt = "form-database_type-prompt"
type = "select"
options = ["postgres", "mysql", "mongodb"]
# Enable AI suggestions
[elements.ai_suggestions]
enabled = true
context = "workload"
provider = "typedialog-ai"
endpoint = " [http://localhost:9000/suggest/database"](http://localhost:9000/suggest/database")
```
### Using typedialog-ag in Workflows
```bash
# Define agent-based workflow
provisioning workflow define \
--agent deploy-k8s.agent.yaml \
--name k8s-deployment \
--auto-execute
# Run workflow
provisioning workflow run k8s-deployment \
--provider upcloud \
--nodes 5
```
## Performance
### typedialog-ai
- **Suggestion latency**: 500ms-2s per suggestion
- **Database queries**: <100ms (cached)
- **Concurrent users**: 50+
- **SurrealDB storage**: <1GB for 10K suggestions
### typedialog-ag
- **Type checking**: <100ms per agent
- **Transpilation**: <500ms to Nickel
- **Parallel task execution**: O(1) overhead
- **Agent memory**: <50MB per agent
## Configuration
### Enable AI in Provisioning
```yaml
# provisioning/config/config.defaults.toml
[ai]
enabled = true
typedialog_ai = true
typedialog_ag = true
[ai.typedialog]
ai_server_url = " [http://localhost:9000"](http://localhost:9000")
ag_executable = "typedialog-ag"
[ai.form_suggestions]
enabled = true
providers = ["database", "network", "security"]
confidence_threshold = 0.75
```
## Related Documentation
- [AI Architecture](./ai-architecture.md) - System design
- [Natural Language Infrastructure](./natural-language-infrastructure.md) - LLM usage
- [AI Service Crate](./ai-service-crate.md) - Core microservice

338
docs/src/api-reference/README.md
View File

@ -1,28 +1,330 @@
# API Documentation
<p align="center">
<img src="../resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
API reference for programmatic access to the Provisioning Platform.
<p align="center">
<img src="../resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
# API Reference
Complete API documentation for the Provisioning platform, including REST endpoints, CLI
commands, and library interfaces.
## Available APIs
- [REST API](rest-api.md) - HTTP endpoints for all operations
- [WebSocket API](websocket.md) - Real-time event streams
- [Extensions API](extensions.md) - Extension integration interfaces
- [SDKs](sdks.md) - Client libraries for multiple languages
- [Integration Examples](integration-examples.md) - Code examples and patterns
The Provisioning platform provides multiple API surfaces for different use cases and integration patterns.
## Quick Start
### REST API
```bash
# Check API health
curl http://localhost:9090/health
HTTP-based APIs for external integration and programmatic access.
# List tasks via API
curl http://localhost:9090/tasks
- **[REST API Documentation](rest-api.md)** - Complete HTTP endpoint reference with 83+ endpoints
- **[Orchestrator API](orchestrator-api.md)** - Workflow execution and task management
- **[Control Center API](control-center-api.md)** - Platform management and monitoring
# Submit workflow
curl -X POST http://localhost:9090/workflows/servers/create
-H "Content-Type: application/json"
-d '{"infra": "my-project", "servers": ["web-01"]}'
### Command-Line Interface
Native CLI for interactive and scripted operations.
- **[CLI Commands Reference](cli-commands.md)** - Complete reference for 111+ CLI commands
- **[Integration Examples](examples.md)** - Common integration patterns and workflows
### Nushell Libraries
Internal library APIs for extension development and customization.
- **[Nushell Libraries](nushell-libraries.md)** - Core library modules and functions
## API Categories
### Infrastructure Management
Manage cloud resources, servers, and infrastructure components.
**REST Endpoints**:
- Server Management - Create, delete, update, list servers
- Provider Integration - Cloud provider operations
- Network Configuration - Network, firewall, routing
**CLI Commands**:
- `provisioning server` - Server lifecycle operations
- `provisioning provider` - Provider configuration
- `provisioning infrastructure` - Infrastructure queries
### Service Orchestration
Deploy and manage infrastructure services and clusters.
**REST Endpoints**:
- Task Service Deployment - Install, remove, update services
- Cluster Management - Cluster lifecycle operations
- Dependency Resolution - Automatic dependency handling
**CLI Commands**:
- `provisioning taskserv` - Task service operations
- `provisioning cluster` - Cluster management
- `provisioning workflow` - Workflow execution
### Workflow Automation
Execute batch operations and complex workflows.
**REST Endpoints**:
- Workflow Submission - Submit and track workflows
- Task Status - Real-time task monitoring
- Checkpoint Recovery - Resume interrupted workflows
**CLI Commands**:
- `provisioning batch` - Batch workflow operations
- `provisioning workflow` - Workflow management
- `provisioning orchestrator` - Orchestrator control
### Configuration Management
Manage configuration across hierarchical layers.
**REST Endpoints**:
- Configuration Retrieval - Get active configuration
- Validation - Validate configuration files
- Schema Queries - Query configuration schemas
**CLI Commands**:
- `provisioning config` - Configuration operations
- `provisioning validate` - Validation commands
- `provisioning schema` - Schema management
### Security & Authentication
Manage authentication, authorization, secrets, and encryption.
**REST Endpoints**:
- Authentication - Login, token management, MFA
- Authorization - Policy evaluation, permissions
- Secrets Management - Secret storage and retrieval
- KMS Operations - Key management and encryption
- Audit Logging - Security event tracking
**CLI Commands**:
- `provisioning auth` - Authentication operations
- `provisioning vault` - Secret management
- `provisioning kms` - Key management
- `provisioning audit` - Audit log queries
### Platform Services
Control platform components and system health.
**REST Endpoints**:
- Service Health - Health checks and status
- Service Control - Start, stop, restart services
- Configuration - Service configuration management
- Monitoring - Metrics and performance data
**CLI Commands**:
- `provisioning platform` - Platform management
- `provisioning service` - Service control
- `provisioning health` - Health monitoring
## API Conventions
### REST API Standards
All REST endpoints follow consistent conventions:
**Authentication**:
```http
Authorization: Bearer <jwt-token>
```
See [REST API](rest-api.md) for complete endpoint documentation.
**Request Format**:
```http
Content-Type: application/json
```
**Response Format**:
```json
{
"status": "succes| s error",
"data": { ... },
"message": "Human-readable message",
"timestamp": "2026-01-16T10:30:00Z"
}
```
**Error Responses**:
```json
{
"status": "error",
"error": {
"code": "ERR_CODE",
"message": "Error description",
"details": { ... }
},
"timestamp": "2026-01-16T10:30:00Z"
}
```
### CLI Command Patterns
All CLI commands follow consistent patterns:
**Common Flags**:
- `--yes` - Skip confirmation prompts
- `--check` - Dry-run mode, show what would happen
- `--wait` - Wait for operation completion
- `--format jso| n yam| l table` - Output format
- `--verbose` - Detailed output
- `--quiet` - Minimal output
**Command Structure**:
```bash
provisioning <domain> <action> <resource> [flags]
```
**Examples**:
```bash
provisioning server create web-01 --plan medium --yes
provisioning taskserv install kubernetes --cluster prod
provisioning workflow submit deploy.ncl --wait
```
### Library Function Signatures
Nushell library functions follow consistent signatures:
**Parameter Order**:
1. Required positional parameters
2. Optional positional parameters
3. Named parameters (flags)
**Return Values**:
- Success: Returns data structure (record, table, list)
- Error: Throws error with structured message
**Example**:
```nushell
def create-server [
name: string # Required: server name
--plan: string = "medium" # Optional: server plan
--wait # Optional: wait flag
] {
# Implementation
}
```
## API Versioning
The Provisioning platform uses semantic versioning for APIs:
- **Major version** - Breaking changes to API contracts
- **Minor version** - Backwards-compatible additions
- **Patch version** - Backwards-compatible bug fixes
**Current API Version**: v1.0.0
**Version Compatibility**:
- REST API includes version in URL: `/api/v1/servers`
- CLI maintains backwards compatibility across minor versions
- Libraries use semantic import versioning
## Rate Limiting
REST API endpoints implement rate limiting to ensure platform stability:
- **Default Limit**: 100 requests per minute per API key
- **Burst Limit**: 20 requests per second
- **Headers**: Rate limit information in response headers
```http
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1642334400
```
## Authentication
All APIs require authentication except public health endpoints.
**Supported Methods**:
- **JWT Tokens** - Primary authentication method
- **API Keys** - For service-to-service integration
- **MFA** - Multi-factor authentication for sensitive operations
**Token Management**:
```bash
# Login and obtain token
provisioning auth login --user admin
# Use token in requests
curl -H "Authorization: Bearer $TOKEN" [https://api/v1/servers](https://api/v1/servers)
```
See [Authentication Guide](../security/authentication.md) for complete details.
## API Discovery
Discover available APIs programmatically:
**REST API**:
```bash
# Get API specification (OpenAPI)
curl [https://api/v1/openapi.json](https://api/v1/openapi.json)
```
**CLI**:
```bash
# List all commands
provisioning help --all
# Get command details
provisioning server help
```
**Libraries**:
```nushell
# List available modules
use lib_provisioning *
$nu.scope.commands | where is_custom
```
## Next Steps
- **[REST API Reference](rest-api.md)** - Explore HTTP endpoints
- **[CLI Commands](cli-commands.md)** - Master command-line tools
- **[Integration Examples](examples.md)** - See real-world usage patterns
- **[Nushell Libraries](nushell-libraries.md)** - Extend the platform
## Related Documentation
- **[Security Guide](../security/README.md)** - Authentication and authorization details
- **[Development Guide](../development/api-guide.md)** - Building with the API
- **[Orchestrator Architecture](../features/orchestrator.md)** - Workflow engine internals

1152
docs/src/api-reference/cli-commands.md Normal file
View File

File diff suppressed because it is too large Load Diff

1
docs/src/api-reference/control-center-api.md Normal file
View File

@ -0,0 +1 @@
# Control Center API

177
docs/src/api-reference/control-center-endpoints.md Normal file
View File

@ -0,0 +1,177 @@
# Control Center API Endpoints
Complete reference for Control Center management endpoints.
## Workspace Management
### Create Workspace
```http
POST /v1/workspaces
Content-Type: application/json
{
"name": "production",
"description": "Production infrastructure",
"owner": "platform-team",
"tags": ["env:prod", "tier:critical"]
}
```
Response: `201 Created`
### List Workspaces
```http
GET /v1/workspaces?limit=10&offset=0
```
Response: `200 OK`
```json
{
"workspaces": [
{
"id": "ws-001",
"name": "production",
"owner": "platform-team",
"created_at": "2026-01-01T00:00:00Z"
}
],
"total": 3
}
```
### Get Workspace Details
```http
GET /v1/workspaces/:id
```
### Update Workspace
```http
PATCH /v1/workspaces/:id
{
"description": "Updated description",
"owner": "new-team"
}
```
### Delete Workspace
```http
DELETE /v1/workspaces/:id
```
## Infrastructure Resources
### List Resources
```http
GET /v1/workspaces/:id/resources?type=server&limit=20
```
Response: `200 OK`
```json
{
"resources": [
{
"id": "res-001",
"type": "server",
"name": "web-01",
"provider": "aws",
"status": "running",
"created_at": "2026-01-10T12:00:00Z"
}
],
"total": 50
}
```
### Get Resource Details
```http
GET /v1/workspaces/:id/resources/:resource-id
```
### Create Resource
```http
POST /v1/workspaces/:id/resources
{
"type": "server",
"name": "web-02",
"provider": "aws",
"config": {
"instance_type": "t3.large",
"image": "ubuntu-22.04"
}
}
```
### Delete Resource
```http
DELETE /v1/workspaces/:id/resources/:resource-id
```
## Settings & Configuration
### Get Workspace Settings
```http
GET /v1/workspaces/:id/settings
```
### Update Settings
```http
PATCH /v1/workspaces/:id/settings
{
"auto_backup": true,
"backup_retention_days": 30,
"require_approval": true
}
```
## Vault Management
### List Secrets
```http
GET /v1/workspaces/:id/vault/secrets
```
### Store Secret
```http
POST /v1/workspaces/:id/vault/secrets
{
"name": "db-password",
"value": "secret-value",
"metadata": {
"type": "database",
"rotation_enabled": true
}
}
```
### Retrieve Secret
```http
GET /v1/workspaces/:id/vault/secrets/:name
```
### Delete Secret
```http
DELETE /v1/workspaces/:id/vault/secrets/:name
```
## Related Documentation
- [REST API Overview](./rest-api.md)
- [Orchestrator API](./orchestrator-endpoints.md)
- [Workspace Management](../features/workspace-management.md)

1
docs/src/api-reference/examples.md Normal file
View File

@ -0,0 +1 @@
# Examples

72
docs/src/api-reference/extension-registry-api.md Normal file
View File

@ -0,0 +1,72 @@
# Extension Registry API
API endpoints for managing extensions and providers.
## List Extensions
```http
GET /v1/extensions?category=provider&limit=20
```
Response: `200 OK`
```json
{
"extensions": [
{
"id": "ext-001",
"name": "aws-provider",
"category": "provider",
"version": "3.1.0",
"author": "provisioning-team",
"downloads": 15000
}
],
"total": 150
}
```
## Install Extension
```http
POST /v1/extensions/install
{
"name": "aws-provider",
"version": "3.1.0"
}
```
Response: `201 Created`
## Get Extension Details
```http
GET /v1/extensions/:name
```
## Search Extensions
```http
GET /v1/extensions/search?q=kubernetes&category=provider
```
## Publish Extension
```http
POST /v1/extensions/publish
Content-Type: multipart/form-data
{
"extension": <binary>,
"metadata": {
"name": "my-extension",
"version": "1.0.0",
"description": "My custom extension"
}
}
```
## Related Documentation
- [Extension Development](../development/extension-development.md)
- [REST API Overview](./rest-api.md)

1205
docs/src/api-reference/extensions.md
View File

File diff suppressed because it is too large Load Diff

1592
docs/src/api-reference/integration-examples.md
View File

File diff suppressed because it is too large Load Diff

111
docs/src/api-reference/nushell-api.md
View File

@ -1,111 +0,0 @@
# Nushell API Reference
API documentation for Nushell library functions in the provisioning platform.
## Overview
The provisioning platform provides a comprehensive Nushell library with reusable functions for infrastructure automation.
## Core Modules
### Configuration Module
**Location**: `provisioning/core/nulib/lib_provisioning/config/`
- `get-config <key>` - Retrieve configuration values
- `validate-config` - Validate configuration files
- `load-config <path>` - Load configuration from file
### Server Module
**Location**: `provisioning/core/nulib/lib_provisioning/servers/`
- `create-servers <plan>` - Create server infrastructure
- `list-servers` - List all provisioned servers
- `delete-servers <ids>` - Remove servers
### Task Service Module
**Location**: `provisioning/core/nulib/lib_provisioning/taskservs/`
- `install-taskserv <name>` - Install infrastructure service
- `list-taskservs` - List installed services
- `generate-taskserv-config <name>` - Generate service configuration
### Workspace Module
**Location**: `provisioning/core/nulib/lib_provisioning/workspace/`
- `init-workspace <name>` - Initialize new workspace
- `get-active-workspace` - Get current workspace
- `switch-workspace <name>` - Switch to different workspace
### Provider Module
**Location**: `provisioning/core/nulib/lib_provisioning/providers/`
- `discover-providers` - Find available providers
- `load-provider <name>` - Load provider module
- `list-providers` - List loaded providers
## Diagnostics & Utilities
### Diagnostics Module
**Location**: `provisioning/core/nulib/lib_provisioning/diagnostics/`
- `system-status` - Check system health (13+ checks)
- `health-check` - Deep validation (7 areas)
- `next-steps` - Get progressive guidance
- `deployment-phase` - Check deployment progress
### Hints Module
**Location**: `provisioning/core/nulib/lib_provisioning/utils/hints.nu`
- `show-next-step <context>` - Display next step suggestion
- `show-doc-link <topic>` - Show documentation link
- `show-example <command>` - Display command example
## Usage Example
```nushell
# Load provisioning library
use provisioning/core/nulib/lib_provisioning *
# Check system status
system-status | table
# Create servers
create-servers --plan "3-node-cluster" --check
# Install kubernetes
install-taskserv kubernetes --check
# Get next steps
next-steps
```
## API Conventions
All API functions follow these conventions:
- **Explicit types**: All parameters have type annotations
- **Early returns**: Validate first, fail fast
- **Pure functions**: No side effects (mutations marked with `!`)
- **Pipeline-friendly**: Output designed for Nu pipelines
## Best Practices
See [Nushell Best Practices](../development/NUSHELL_BEST_PRACTICES.md) for coding guidelines.
## Source Code
Browse the complete source code:
- **Core library**: `provisioning/core/nulib/lib_provisioning/`
- **Module index**: `provisioning/core/nulib/lib_provisioning/mod.nu`
---
For integration examples, see [Integration Examples](integration-examples.md).

1
docs/src/api-reference/nushell-libraries.md Normal file
View File

@ -0,0 +1 @@
# Nushell Libraries

1
docs/src/api-reference/orchestrator-api.md Normal file
View File

@ -0,0 +1 @@
# Orchestrator API

185
docs/src/api-reference/orchestrator-endpoints.md Normal file
View File

@ -0,0 +1,185 @@
# Orchestrator API Endpoints
Complete reference for Orchestrator REST API endpoints.
## Workflow Management
### Create Workflow
```http
POST /v1/workflows
Content-Type: application/json
{
"name": "deployment-workflow",
"description": "Deploy application",
"config": {
"tasks": [
{
"name": "validate",
"action": "validate_config"
},
{
"name": "deploy",
"action": "deploy",
"depends_on": ["validate"]
}
]
}
}
```
Response: `201 Created`
```json
{
"id": "wf-12345",
"name": "deployment-workflow",
"status": "created",
"created_at": "2026-01-16T12:00:00Z"
}
```
### Get Workflow
```http
GET /v1/workflows/:id
```
Response: `200 OK`
```json
{
"id": "wf-12345",
"name": "deployment-workflow",
"status": "running",
"progress": 45,
"tasks": [...]
}
```
### List Workflows
```http
GET /v1/workflows?status=running&limit=10
```
### Execute Workflow
```http
POST /v1/workflows/:id/execute
```
### Cancel Workflow
```http
POST /v1/workflows/:id/cancel
```
## Task Management
### Get Task
```http
GET /v1/tasks/:id
```
Response: `200 OK`
```json
{
"id": "task-67890",
"name": "deploy-servers",
"status": "running",
"progress": 60,
"started_at": "2026-01-16T12:05:00Z",
"logs": "..."
}
```
### Get Task Logs
```http
GET /v1/tasks/:id/logs?lines=100&follow=true
```
### Retry Task
```http
POST /v1/tasks/:id/retry
```
## State Management
### Get Workflow State
```http
GET /v1/workflows/:id/state
```
### Save Checkpoint
```http
POST /v1/workflows/:id/checkpoint
{
"name": "pre-deploy",
"description": "State before deployment"
}
```
### Restore from Checkpoint
```http
POST /v1/workflows/:id/restore
{
"checkpoint": "pre-deploy"
}
```
## Metrics & Monitoring
### Workflow Metrics
```http
GET /v1/workflows/:id/metrics
```
Response:
```json
{
"duration_seconds": 245,
"tasks_total": 5,
"tasks_completed": 5,
"tasks_failed": 0,
"resource_usage": {
"cpu_percent": 45,
"memory_mb": 512
}
}
```
### System Health
```http
GET /v1/health
```
Response: `200 OK`
```json
{
"status": "healthy",
"components": {
"database": "healthy",
"task_queue": "healthy",
"cache": "healthy"
}
}
```
## Related Documentation
- [REST API Overview](./rest-api.md)
- [Control Center API](./control-center-api.md)
- [Orchestrator Feature](../features/orchestrator.md)

730
docs/src/api-reference/path-resolution.md
View File

@ -1,730 +0,0 @@
# Path Resolution API
This document describes the path resolution system used throughout the provisioning infrastructure for discovering configurations, extensions, and
resolving workspace paths.
## Overview
The path resolution system provides a hierarchical and configurable mechanism for:
- Configuration file discovery and loading
- Extension discovery (providers, task services, clusters)
- Workspace and project path management
- Environment variable interpolation
- Cross-platform path handling
## Configuration Resolution Hierarchy
The system follows a specific hierarchy for loading configuration files:
```toml
1. System defaults (config.defaults.toml)
2. User configuration (config.user.toml)
3. Project configuration (config.project.toml)
4. Infrastructure config (infra/config.toml)
5. Environment config (config.{env}.toml)
6. Runtime overrides (CLI arguments, ENV vars)
```
### Configuration Search Paths
The system searches for configuration files in these locations:
```toml
# Default search paths (in order)
/usr/local/provisioning/config.defaults.toml
$HOME/.config/provisioning/config.user.toml
$PWD/config.project.toml
$PROVISIONING_KLOUD_PATH/config.infra.toml
$PWD/config.{PROVISIONING_ENV}.toml
```
## Path Resolution API
### Core Functions
#### `resolve-config-path(pattern: string, search_paths: list<string>) -> string`
Resolves configuration file paths using the search hierarchy.
**Parameters:**
- `pattern`: File pattern to search for (for example, "config.*.toml")
- `search_paths`: Additional paths to search (optional)
**Returns:**
- Full path to the first matching configuration file
- Empty string if no file found
**Example:**
```bash
use path-resolution.nu *
let config_path = (resolve-config-path "config.user.toml" [])
# Returns: "/home/user/.config/provisioning/config.user.toml"
```
#### `resolve-extension-path(type: string, name: string) -> record`
Discovers extension paths (providers, taskservs, clusters).
**Parameters:**
- `type`: Extension type ("provider", "taskserv", "cluster")
- `name`: Extension name (for example, "upcloud", "kubernetes", "buildkit")
**Returns:**
```json
{
base_path: "/usr/local/provisioning/providers/upcloud",
schemas_path: "/usr/local/provisioning/providers/upcloud/schemas",
nulib_path: "/usr/local/provisioning/providers/upcloud/nulib",
templates_path: "/usr/local/provisioning/providers/upcloud/templates",
exists: true
}
```
#### `resolve-workspace-paths() -> record`
Gets current workspace path configuration.
**Returns:**
```json
{
base: "/usr/local/provisioning",
current_infra: "/workspace/infra/production",
kloud_path: "/workspace/kloud",
providers: "/usr/local/provisioning/providers",
taskservs: "/usr/local/provisioning/taskservs",
clusters: "/usr/local/provisioning/cluster",
extensions: "/workspace/extensions"
}
```
### Path Interpolation
The system supports variable interpolation in configuration paths:
#### Supported Variables
- `{{paths.base}}` - Base provisioning path
- `{{paths.kloud}}` - Current kloud path
- `{{env.HOME}}` - User home directory
- `{{env.PWD}}` - Current working directory
- `{{now.date}}` - Current date (YYYY-MM-DD)
- `{{now.time}}` - Current time (HH:MM:SS)
- `{{git.branch}}` - Current git branch
- `{{git.commit}}` - Current git commit hash
#### `interpolate-path(template: string, context: record) -> string`
Interpolates variables in path templates.
**Parameters:**
- `template`: Path template with variables
- `context`: Variable context record
**Example:**
```javascript
let template = "{{paths.base}}/infra/{{env.USER}}/{{git.branch}}"
let result = (interpolate-path $template {
paths: { base: "/usr/local/provisioning" },
env: { USER: "admin" },
git: { branch: "main" }
})
# Returns: "/usr/local/provisioning/infra/admin/main"
```
## Extension Discovery API
### Provider Discovery
#### `discover-providers() -> list<record>`
Discovers all available providers.
**Returns:**
```bash
[
{
name: "upcloud",
path: "/usr/local/provisioning/providers/upcloud",
type: "provider",
version: "1.2.0",
enabled: true,
has_schemas: true,
has_nulib: true,
has_templates: true
},
{
name: "aws",
path: "/usr/local/provisioning/providers/aws",
type: "provider",
version: "2.1.0",
enabled: true,
has_schemas: true,
has_nulib: true,
has_templates: true
}
]
```
#### `get-provider-config(name: string) -> record`
Gets provider-specific configuration and paths.
**Parameters:**
- `name`: Provider name
**Returns:**
```json
{
name: "upcloud",
base_path: "/usr/local/provisioning/providers/upcloud",
config: {
api_url: "https://api.upcloud.com/1.3",
auth_method: "basic",
interface: "API"
},
paths: {
schemas: "/usr/local/provisioning/providers/upcloud/schemas",
nulib: "/usr/local/provisioning/providers/upcloud/nulib",
templates: "/usr/local/provisioning/providers/upcloud/templates"
},
metadata: {
version: "1.2.0",
description: "UpCloud provider for server provisioning"
}
}
```
### Task Service Discovery
#### `discover-taskservs() -> list<record>`
Discovers all available task services.
**Returns:**
```bash
[
{
name: "kubernetes",
path: "/usr/local/provisioning/taskservs/kubernetes",
type: "taskserv",
category: "orchestration",
version: "1.28.0",
enabled: true
},
{
name: "cilium",
path: "/usr/local/provisioning/taskservs/cilium",
type: "taskserv",
category: "networking",
version: "1.14.0",
enabled: true
}
]
```
#### `get-taskserv-config(name: string) -> record`
Gets task service configuration and version information.
**Parameters:**
- `name`: Task service name
**Returns:**
```json
{
name: "kubernetes",
path: "/usr/local/provisioning/taskservs/kubernetes",
version: {
current: "1.28.0",
available: "1.28.2",
update_available: true,
source: "github",
release_url: "https://github.com/kubernetes/kubernetes/releases"
},
config: {
category: "orchestration",
dependencies: ["containerd"],
supports_versions: ["1.26.x", "1.27.x", "1.28.x"]
}
}
```
### Cluster Discovery
#### `discover-clusters() -> list<record>`
Discovers all available cluster configurations.
**Returns:**
```bash
[
{
name: "buildkit",
path: "/usr/local/provisioning/cluster/buildkit",
type: "cluster",
category: "build",
components: ["buildkit", "registry", "storage"],
enabled: true
}
]
```
## Environment Management API
### Environment Detection
#### `detect-environment() -> string`
Automatically detects the current environment based on:
1. `PROVISIONING_ENV` environment variable
2. Git branch patterns (main → prod, develop → dev, etc.)
3. Directory structure analysis
4. Configuration file presence
**Returns:**
- Environment name string (dev, test, prod, etc.)
#### `get-environment-config(env: string) -> record`
Gets environment-specific configuration.
**Parameters:**
- `env`: Environment name
**Returns:**
```json
{
name: "production",
paths: {
base: "/opt/provisioning",
kloud: "/data/kloud",
logs: "/var/log/provisioning"
},
providers: {
default: "upcloud",
allowed: ["upcloud", "aws"]
},
features: {
debug: false,
telemetry: true,
rollback: true
}
}
```
### Environment Switching
#### `switch-environment(env: string, validate: bool = true) -> null`
Switches to a different environment and updates path resolution.
**Parameters:**
- `env`: Target environment name
- `validate`: Whether to validate environment configuration
**Effects:**
- Updates `PROVISIONING_ENV` environment variable
- Reconfigures path resolution for new environment
- Validates environment configuration if requested
## Workspace Management API
### Workspace Discovery
#### `discover-workspaces() -> list<record>`
Discovers available workspaces and infrastructure directories.
**Returns:**
```bash
[
{
name: "production",
path: "/workspace/infra/production",
type: "infrastructure",
provider: "upcloud",
settings: "settings.ncl",
valid: true
},
{
name: "development",
path: "/workspace/infra/development",
type: "infrastructure",
provider: "local",
settings: "dev-settings.ncl",
valid: true
}
]
```
#### `set-current-workspace(path: string) -> null`
Sets the current workspace for path resolution.
**Parameters:**
- `path`: Workspace directory path
**Effects:**
- Updates `CURRENT_INFRA_PATH` environment variable
- Reconfigures workspace-relative path resolution
### Project Structure Analysis
#### `analyze-project-structure(path: string = $PWD) -> record`
Analyzes project structure and identifies components.
**Parameters:**
- `path`: Project root path (defaults to current directory)
**Returns:**
```json
{
root: "/workspace/project",
type: "provisioning_workspace",
components: {
providers: [
{ name: "upcloud", path: "providers/upcloud" },
{ name: "aws", path: "providers/aws" }
],
taskservs: [
{ name: "kubernetes", path: "taskservs/kubernetes" },
{ name: "cilium", path: "taskservs/cilium" }
],
clusters: [
{ name: "buildkit", path: "cluster/buildkit" }
],
infrastructure: [
{ name: "production", path: "infra/production" },
{ name: "staging", path: "infra/staging" }
]
},
config_files: [
"config.defaults.toml",
"config.user.toml",
"config.prod.toml"
]
}
```
## Caching and Performance
### Path Caching
The path resolution system includes intelligent caching:
#### `cache-paths(duration: duration = 5 min) -> null`
Enables path caching for the specified duration.
**Parameters:**
- `duration`: Cache validity duration
#### `invalidate-path-cache() -> null`
Invalidates the path resolution cache.
#### `get-cache-stats() -> record`
Gets path resolution cache statistics.
**Returns:**
```json
{
enabled: true,
size: 150,
hit_rate: 0.85,
last_invalidated: "2025-09-26T10:00:00Z"
}
```
## Cross-Platform Compatibility
### Path Normalization
#### `normalize-path(path: string) -> string`
Normalizes paths for cross-platform compatibility.
**Parameters:**
- `path`: Input path (may contain mixed separators)
**Returns:**
- Normalized path using platform-appropriate separators
**Example:**
```bash
# On Windows
normalize-path "path/to/file" # Returns: "path\to\file"
# On Unix
normalize-path "path\to\file" # Returns: "path/to/file"
```
#### `join-paths(segments: list<string>) -> string`
Safely joins path segments using platform separators.
**Parameters:**
- `segments`: List of path segments
**Returns:**
- Joined path string
## Configuration Validation API
### Path Validation
#### `validate-paths(config: record) -> record`
Validates all paths in configuration.
**Parameters:**
- `config`: Configuration record
**Returns:**
```json
{
valid: true,
errors: [],
warnings: [
{ path: "paths.extensions", message: "Path does not exist" }
],
checks_performed: 15
}
```
#### `validate-extension-structure(type: string, path: string) -> record`
Validates extension directory structure.
**Parameters:**
- `type`: Extension type (provider, taskserv, cluster)
- `path`: Extension base path
**Returns:**
```json
{
valid: true,
required_files: [
{ file: "manifest.toml", exists: true },
{ file: "schemas/main.ncl", exists: true },
{ file: "nulib/mod.nu", exists: true }
],
optional_files: [
{ file: "templates/server.j2", exists: false }
]
}
```
## Command-Line Interface
### Path Resolution Commands
The path resolution API is exposed via Nushell commands:
```nushell
# Show current path configuration
provisioning show paths
# Discover available extensions
provisioning discover providers
provisioning discover taskservs
provisioning discover clusters
# Validate path configuration
provisioning validate paths
# Switch environments
provisioning env switch prod
# Set workspace
provisioning workspace set /path/to/infra
```
## Integration Examples
### Python Integration
```bash
import subprocess
import json
class PathResolver:
def __init__(self, provisioning_path="/usr/local/bin/provisioning"):
self.cmd = provisioning_path
def get_paths(self):
result = subprocess.run([
"nu", "-c", f"use {self.cmd} *; show-config --section=paths --format=json"
], capture_output=True, text=True)
return json.loads(result.stdout)
def discover_providers(self):
result = subprocess.run([
"nu", "-c", f"use {self.cmd} *; discover providers --format=json"
], capture_output=True, text=True)
return json.loads(result.stdout)
# Usage
resolver = PathResolver()
paths = resolver.get_paths()
providers = resolver.discover_providers()
```
### JavaScript/Node.js Integration
```javascript
const { exec } = require('child_process');
const util = require('util');
const execAsync = util.promisify(exec);
class PathResolver {
constructor(provisioningPath = '/usr/local/bin/provisioning') {
this.cmd = provisioningPath;
}
async getPaths() {
const { stdout } = await execAsync(
`nu -c "use ${this.cmd} *; show-config --section=paths --format=json"`
);
return JSON.parse(stdout);
}
async discoverExtensions(type) {
const { stdout } = await execAsync(
`nu -c "use ${this.cmd} *; discover ${type} --format=json"`
);
return JSON.parse(stdout);
}
}
// Usage
const resolver = new PathResolver();
const paths = await resolver.getPaths();
const providers = await resolver.discoverExtensions('providers');
```
## Error Handling
### Common Error Scenarios
1. **Configuration File Not Found**
```nushell
Error: Configuration file not found in search paths
Searched: ["/usr/local/provisioning/config.defaults.toml", ...]
```
1. **Extension Not Found**
```nushell
Error: Provider 'missing-provider' not found
Available providers: ["upcloud", "aws", "local"]
```
2. **Invalid Path Template**
```nushell
Error: Invalid template variable: {{invalid.var}}
Valid variables: ["paths.*", "env.*", "now.*", "git.*"]
```
3. **Environment Not Found**
```nushell
Error: Environment 'staging' not configured
Available environments: ["dev", "test", "prod"]
```
### Error Recovery
The system provides graceful fallbacks:
- Missing configuration files use system defaults
- Invalid paths fall back to safe defaults
- Extension discovery continues if some paths are inaccessible
- Environment detection falls back to 'local' if detection fails
## Performance Considerations
### Best Practices
1. **Use Path Caching**: Enable caching for frequently accessed paths
2. **Batch Discovery**: Discover all extensions at once rather than individually
3. **Lazy Loading**: Load extension configurations only when needed
4. **Environment Detection**: Cache environment detection results
### Monitoring
Monitor path resolution performance:
```bash
# Get resolution statistics
provisioning debug path-stats
# Monitor cache performance
provisioning debug cache-stats
# Profile path resolution
provisioning debug profile-paths
```
## Security Considerations
### Path Traversal Protection
The system includes protections against path traversal attacks:
- All paths are normalized and validated
- Relative paths are resolved within safe boundaries
- Symlinks are validated before following
### Access Control
Path resolution respects file system permissions:
- Configuration files require read access
- Extension directories require read/execute access
- Workspace directories may require write access for operations
This path resolution API provides a comprehensive and flexible system for managing the complex path requirements of multi-provider, multi-environment
infrastructure provisioning.

186
docs/src/api-reference/provider-api.md
View File

@ -1,186 +0,0 @@
# Provider API Reference
API documentation for creating and using infrastructure providers.
## Overview
Providers handle cloud-specific operations and resource provisioning. The provisioning platform supports multiple cloud providers through a unified API.
## Supported Providers
- **UpCloud** - European cloud provider
- **AWS** - Amazon Web Services
- **Local** - Local development environment
## Provider Interface
All providers must implement the following interface:
### Required Functions
```bash
# Provider initialization
export def init [] -> record { ... }
# Server operations
export def create-servers [plan: record] -> list { ... }
export def delete-servers [ids: list] -> bool { ... }
export def list-servers [] -> table { ... }
# Resource information
export def get-server-plans [] -> table { ... }
export def get-regions [] -> list { ... }
export def get-pricing [plan: string] -> record { ... }
```
### Provider Configuration
Each provider requires configuration in Nickel format:
```nickel
# Example: UpCloud provider configuration
{
provider = {
name = "upcloud",
type = "cloud",
enabled = true,
config = {
username = "{{env.UPCLOUD_USERNAME}}",
password = "{{env.UPCLOUD_PASSWORD}}",
default_zone = "de-fra1",
},
}
}
```
## Creating a Custom Provider
### 1. Directory Structure
```bash
provisioning/extensions/providers/my-provider/
├── nulib/
│ └── my_provider.nu # Provider implementation
├── schemas/
│ ├── main.ncl # Nickel schema
│ └── defaults.ncl # Default configuration
└── README.md # Provider documentation
```
### 2. Implementation Template
```bash
# my_provider.nu
export def init [] {
{
name: "my-provider"
type: "cloud"
ready: true
}
}
export def create-servers [plan: record] {
# Implementation here
[]
}
export def list-servers [] {
# Implementation here
[]
}
# ... other required functions
```
### 3. Nickel Schema
```nickel
# main.ncl
{
MyProvider = {
# My custom provider schema
name | String = "my-provider",
type | String | "cloud" | "local" = "cloud",
config | MyProviderConfig,
},
MyProviderConfig = {
api_key | String,
region | String = "us-east-1",
},
}
```
## Provider Discovery
Providers are automatically discovered from:
- `provisioning/extensions/providers/*/nu/*.nu`
- User workspace: `workspace/extensions/providers/*/nu/*.nu`
```nushell
# Discover available providers
provisioning module discover providers
# Load provider
provisioning module load providers workspace my-provider
```
## Provider API Examples
### Create Servers
```bash
use my_provider.nu *
let plan = {
count: 3
size: "medium"
zone: "us-east-1"
}
create-servers $plan
```
### List Servers
```bash
list-servers | where status == "running" | select hostname ip_address
```
### Get Pricing
```bash
get-pricing "small" | to yaml
```
## Testing Providers
Use the test environment system to test providers:
```bash
# Test provider without real resources
provisioning test env single my-provider --check
```
## Provider Development Guide
For complete provider development guide, see:
- **[Provider Development](../development/QUICK_PROVIDER_GUIDE.md)** - Quick start guide
- **[Extension Development](../development/extensions.md)** - Complete extension guide
- **[Integration Examples](integration-examples.md)** - Example implementations
## API Stability
Provider API follows semantic versioning:
- **Major**: Breaking changes
- **Minor**: New features, backward compatible
- **Patch**: Bug fixes
Current API version: `2.0.0`
---
For more examples, see [Integration Examples](integration-examples.md).

2045
docs/src/api-reference/rest-api.md
View File

File diff suppressed because it is too large Load Diff

1157
docs/src/api-reference/schemas/openapi.yaml
View File

File diff suppressed because it is too large Load Diff

1097
docs/src/api-reference/sdks.md
View File

File diff suppressed because it is too large Load Diff

892
docs/src/api-reference/websocket.md
View File

@ -1,892 +0,0 @@
# WebSocket API Reference
This document provides comprehensive documentation for the WebSocket API used for real-time monitoring, event streaming, and live updates in
provisioning.
## Overview
The WebSocket API enables real-time communication between clients and the provisioning orchestrator, providing:
- Live workflow progress updates
- System health monitoring
- Event streaming
- Real-time metrics
- Interactive debugging sessions
## WebSocket Endpoints
### Primary WebSocket Endpoint
#### `ws://localhost:9090/ws`
The main WebSocket endpoint for real-time events and monitoring.
**Connection Parameters:**
- `token`: JWT authentication token (required)
- `events`: Comma-separated list of event types to subscribe to (optional)
- `batch_size`: Maximum number of events per message (default: 10)
- `compression`: Enable message compression (default: false)
**Example Connection:**
```javascript
const ws = new WebSocket('ws://localhost:9090/ws?token=jwt-token&events=task,batch,system');
```
### Specialized WebSocket Endpoints
#### `ws://localhost:9090/metrics`
Real-time metrics streaming endpoint.
**Features:**
- Live system metrics
- Performance data
- Resource utilization
- Custom metric streams
#### `ws://localhost:9090/logs`
Live log streaming endpoint.
**Features:**
- Real-time log tailing
- Log level filtering
- Component-specific logs
- Search and filtering
## Authentication
### JWT Token Authentication
All WebSocket connections require authentication via JWT token:
```bash
// Include token in connection URL
const ws = new WebSocket('ws://localhost:9090/ws?token=' + jwtToken);
// Or send token after connection
ws.onopen = function() {
ws.send(JSON.stringify({
type: 'auth',
token: jwtToken
}));
};
```
### Connection Authentication Flow
1. **Initial Connection**: Client connects with token parameter
2. **Token Validation**: Server validates JWT token
3. **Authorization**: Server checks token permissions
4. **Subscription**: Client subscribes to event types
5. **Event Stream**: Server begins streaming events
## Event Types and Schemas
### Core Event Types
#### Task Status Changed
Fired when a workflow task status changes.
```json
{
"event_type": "TaskStatusChanged",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"task_id": "uuid-string",
"name": "create_servers",
"status": "Running",
"previous_status": "Pending",
"progress": 45.5
},
"metadata": {
"task_id": "uuid-string",
"workflow_type": "server_creation",
"infra": "production"
}
}
```
#### Batch Operation Update
Fired when batch operation status changes.
```json
{
"event_type": "BatchOperationUpdate",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"batch_id": "uuid-string",
"name": "multi_cloud_deployment",
"status": "Running",
"progress": 65.0,
"operations": [
{
"id": "upcloud_servers",
"status": "Completed",
"progress": 100.0
},
{
"id": "aws_taskservs",
"status": "Running",
"progress": 30.0
}
]
},
"metadata": {
"total_operations": 5,
"completed_operations": 2,
"failed_operations": 0
}
}
```
#### System Health Update
Fired when system health status changes.
```json
{
"event_type": "SystemHealthUpdate",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"overall_status": "Healthy",
"components": {
"storage": {
"status": "Healthy",
"last_check": "2025-09-26T09:59:55Z"
},
"batch_coordinator": {
"status": "Warning",
"last_check": "2025-09-26T09:59:55Z",
"message": "High memory usage"
}
},
"metrics": {
"cpu_usage": 45.2,
"memory_usage": 2048,
"disk_usage": 75.5,
"active_workflows": 5
}
},
"metadata": {
"check_interval": 30,
"next_check": "2025-09-26T10:00:30Z"
}
}
```
#### Workflow Progress Update
Fired when workflow progress changes.
```json
{
"event_type": "WorkflowProgressUpdate",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"workflow_id": "uuid-string",
"name": "kubernetes_deployment",
"progress": 75.0,
"current_step": "Installing CNI",
"total_steps": 8,
"completed_steps": 6,
"estimated_time_remaining": 120,
"step_details": {
"step_name": "Installing CNI",
"step_progress": 45.0,
"step_message": "Downloading Cilium components"
}
},
"metadata": {
"infra": "production",
"provider": "upcloud",
"started_at": "2025-09-26T09:45:00Z"
}
}
```
#### Log Entry
Real-time log streaming.
```json
{
"event_type": "LogEntry",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"level": "INFO",
"message": "Server web-01 created successfully",
"component": "server-manager",
"task_id": "uuid-string",
"details": {
"server_id": "server-uuid",
"hostname": "web-01",
"ip_address": "10.0.1.100"
}
},
"metadata": {
"source": "orchestrator",
"thread": "worker-1"
}
}
```
#### Metric Update
Real-time metrics streaming.
```json
{
"event_type": "MetricUpdate",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
"metric_name": "workflow_duration",
"metric_type": "histogram",
"value": 180.5,
"labels": {
"workflow_type": "server_creation",
"status": "completed",
"infra": "production"
}
},
"metadata": {
"interval": 15,
"aggregation": "average"
}
}
```
### Custom Event Types
Applications can define custom event types:
```json
{
"event_type": "CustomApplicationEvent",
"timestamp": "2025-09-26T10:00:00Z",
"data": {
// Custom event data
},
"metadata": {
"custom_field": "custom_value"
}
}
```
## Client-Side JavaScript API
### Connection Management
```javascript
class ProvisioningWebSocket {
constructor(baseUrl, token, options = {}) {
this.baseUrl = baseUrl;
this.token = token;
this.options = {
reconnect: true,
reconnectInterval: 5000,
maxReconnectAttempts: 10,
...options
};
this.ws = null;
this.reconnectAttempts = 0;
this.eventHandlers = new Map();
}
connect() {
const wsUrl = `${this.baseUrl}/ws?token=${this.token}`;
this.ws = new WebSocket(wsUrl);
this.ws.onopen = (event) => {
console.log('WebSocket connected');
this.reconnectAttempts = 0;
this.emit('connected', event);
};
this.ws.onmessage = (event) => {
try {
const message = JSON.parse(event.data);
this.handleMessage(message);
} catch (error) {
console.error('Failed to parse WebSocket message:', error);
}
};
this.ws.onclose = (event) => {
console.log('WebSocket disconnected');
this.emit('disconnected', event);
if (this.options.reconnect && this.reconnectAttempts < this.options.maxReconnectAttempts) {
setTimeout(() => {
this.reconnectAttempts++;
console.log(`Reconnecting... (${this.reconnectAttempts}/${this.options.maxReconnectAttempts})`);
this.connect();
}, this.options.reconnectInterval);
}
};
this.ws.onerror = (error) => {
console.error('WebSocket error:', error);
this.emit('error', error);
};
}
handleMessage(message) {
if (message.event_type) {
this.emit(message.event_type, message);
this.emit('message', message);
}
}
on(eventType, handler) {
if (!this.eventHandlers.has(eventType)) {
this.eventHandlers.set(eventType, []);
}
this.eventHandlers.get(eventType).push(handler);
}
off(eventType, handler) {
const handlers = this.eventHandlers.get(eventType);
if (handlers) {
const index = handlers.indexOf(handler);
if (index > -1) {
handlers.splice(index, 1);
}
}
}
emit(eventType, data) {
const handlers = this.eventHandlers.get(eventType);
if (handlers) {
handlers.forEach(handler => {
try {
handler(data);
} catch (error) {
console.error(`Error in event handler for ${eventType}:`, error);
}
});
}
}
send(message) {
if (this.ws && this.ws.readyState === WebSocket.OPEN) {
this.ws.send(JSON.stringify(message));
} else {
console.warn('WebSocket not connected, message not sent');
}
}
disconnect() {
this.options.reconnect = false;
if (this.ws) {
this.ws.close();
}
}
subscribe(eventTypes) {
this.send({
type: 'subscribe',
events: Array.isArray(eventTypes) ? eventTypes : [eventTypes]
});
}
unsubscribe(eventTypes) {
this.send({
type: 'unsubscribe',
events: Array.isArray(eventTypes) ? eventTypes : [eventTypes]
});
}
}
// Usage example
const ws = new ProvisioningWebSocket('ws://localhost:9090', 'your-jwt-token');
ws.on('TaskStatusChanged', (event) => {
console.log(`Task ${event.data.task_id} status: ${event.data.status}`);
updateTaskUI(event.data);
});
ws.on('WorkflowProgressUpdate', (event) => {
console.log(`Workflow progress: ${event.data.progress}%`);
updateProgressBar(event.data.progress);
});
ws.on('SystemHealthUpdate', (event) => {
console.log('System health:', event.data.overall_status);
updateHealthIndicator(event.data);
});
ws.connect();
// Subscribe to specific events
ws.subscribe(['TaskStatusChanged', 'WorkflowProgressUpdate']);
```
### Real-Time Dashboard Example
```javascript
class ProvisioningDashboard {
constructor(wsUrl, token) {
this.ws = new ProvisioningWebSocket(wsUrl, token);
this.setupEventHandlers();
this.connect();
}
setupEventHandlers() {
this.ws.on('TaskStatusChanged', this.handleTaskUpdate.bind(this));
this.ws.on('BatchOperationUpdate', this.handleBatchUpdate.bind(this));
this.ws.on('SystemHealthUpdate', this.handleHealthUpdate.bind(this));
this.ws.on('WorkflowProgressUpdate', this.handleProgressUpdate.bind(this));
this.ws.on('LogEntry', this.handleLogEntry.bind(this));
}
connect() {
this.ws.connect();
}
handleTaskUpdate(event) {
const taskCard = document.getElementById(`task-${event.data.task_id}`);
if (taskCard) {
taskCard.querySelector('.status').textContent = event.data.status;
taskCard.querySelector('.status').className = `status ${event.data.status.toLowerCase()}`;
if (event.data.progress) {
const progressBar = taskCard.querySelector('.progress-bar');
progressBar.style.width = `${event.data.progress}%`;
}
}
}
handleBatchUpdate(event) {
const batchCard = document.getElementById(`batch-${event.data.batch_id}`);
if (batchCard) {
batchCard.querySelector('.batch-progress').style.width = `${event.data.progress}%`;
event.data.operations.forEach(op => {
const opElement = batchCard.querySelector(`[data-operation="${op.id}"]`);
if (opElement) {
opElement.querySelector('.operation-status').textContent = op.status;
opElement.querySelector('.operation-progress').style.width = `${op.progress}%`;
}
});
}
}
handleHealthUpdate(event) {
const healthIndicator = document.getElementById('health-indicator');
healthIndicator.className = `health-indicator ${event.data.overall_status.toLowerCase()}`;
healthIndicator.textContent = event.data.overall_status;
const metricsPanel = document.getElementById('metrics-panel');
metricsPanel.innerHTML = `
<div class="metric">CPU: ${event.data.metrics.cpu_usage}%</div>
<div class="metric">Memory: ${Math.round(event.data.metrics.memory_usage / 1024 / 1024)}MB</div>
<div class="metric">Disk: ${event.data.metrics.disk_usage}%</div>
<div class="metric">Active Workflows: ${event.data.metrics.active_workflows}</div>
`;
}
handleProgressUpdate(event) {
const workflowCard = document.getElementById(`workflow-${event.data.workflow_id}`);
if (workflowCard) {
const progressBar = workflowCard.querySelector('.workflow-progress');
const stepInfo = workflowCard.querySelector('.step-info');
progressBar.style.width = `${event.data.progress}%`;
stepInfo.textContent = `${event.data.current_step} (${event.data.completed_steps}/${event.data.total_steps})`;
if (event.data.estimated_time_remaining) {
const timeRemaining = workflowCard.querySelector('.time-remaining');
timeRemaining.textContent = `${Math.round(event.data.estimated_time_remaining / 60)} min remaining`;
}
}
}
handleLogEntry(event) {
const logContainer = document.getElementById('log-container');
const logEntry = document.createElement('div');
logEntry.className = `log-entry log-${event.data.level.toLowerCase()}`;
logEntry.innerHTML = `
<span class="log-timestamp">${new Date(event.timestamp).toLocaleTimeString()}</span>
<span class="log-level">${event.data.level}</span>
<span class="log-component">${event.data.component}</span>
<span class="log-message">${event.data.message}</span>
`;
logContainer.appendChild(logEntry);
// Auto-scroll to bottom
logContainer.scrollTop = logContainer.scrollHeight;
// Limit log entries to prevent memory issues
const maxLogEntries = 1000;
if (logContainer.children.length > maxLogEntries) {
logContainer.removeChild(logContainer.firstChild);
}
}
}
// Initialize dashboard
const dashboard = new ProvisioningDashboard('ws://localhost:9090', jwtToken);
```
## Server-Side Implementation
### Rust WebSocket Handler
The orchestrator implements WebSocket support using Axum and Tokio:
```bash
use axum::{
extract::{ws::WebSocket, ws::WebSocketUpgrade, Query, State},
response::Response,
};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use tokio::sync::broadcast;
#[derive(Debug, Deserialize)]
pub struct WsQuery {
token: String,
events: Option<String>,
batch_size: Option<usize>,
compression: Option<bool>,
}
#[derive(Debug, Clone, Serialize)]
pub struct WebSocketMessage {
pub event_type: String,
pub timestamp: chrono::DateTime<chrono::Utc>,
pub data: serde_json::Value,
pub metadata: HashMap<String, String>,
}
pub async fn websocket_handler(
ws: WebSocketUpgrade,
Query(params): Query<WsQuery>,
State(state): State<SharedState>,
) -> Response {
// Validate JWT token
let claims = match state.auth_service.validate_token(&params.token) {
Ok(claims) => claims,
Err(_) => return Response::builder()
.status(401)
.body("Unauthorized".into())
.unwrap(),
};
ws.on_upgrade(move |socket| handle_socket(socket, params, claims, state))
}
async fn handle_socket(
socket: WebSocket,
params: WsQuery,
claims: Claims,
state: SharedState,
) {
let (mut sender, mut receiver) = socket.split();
// Subscribe to event stream
let mut event_rx = state.monitoring_system.subscribe_to_events().await;
// Parse requested event types
let requested_events: Vec<String> = params.events
.unwrap_or_default()
.split(',')
.map(|s| s.trim().to_string())
.filter(|s| !s.is_empty())
.collect();
// Handle incoming messages from client
let sender_task = tokio::spawn(async move {
while let Some(msg) = receiver.next().await {
if let Ok(msg) = msg {
if let Ok(text) = msg.to_text() {
if let Ok(client_msg) = serde_json::from_str::<ClientMessage>(text) {
handle_client_message(client_msg, &state).await;
}
}
}
}
});
// Handle outgoing messages to client
let receiver_task = tokio::spawn(async move {
let mut batch = Vec::new();
let batch_size = params.batch_size.unwrap_or(10);
while let Ok(event) = event_rx.recv().await {
// Filter events based on subscription
if !requested_events.is_empty() && !requested_events.contains(&event.event_type) {
continue;
}
// Check permissions
if !has_event_permission(&claims, &event.event_type) {
continue;
}
batch.push(event);
// Send batch when full or after timeout
if batch.len() >= batch_size {
send_event_batch(&mut sender, &batch).await;
batch.clear();
}
}
});
// Wait for either task to complete
tokio::select! {
_ = sender_task => {},
_ = receiver_task => {},
}
}
#[derive(Debug, Deserialize)]
struct ClientMessage {
#[serde(rename = "type")]
msg_type: String,
token: Option<String>,
events: Option<Vec<String>>,
}
async fn handle_client_message(msg: ClientMessage, state: &SharedState) {
match msg.msg_type.as_str() {
"subscribe" => {
// Handle event subscription
},
"unsubscribe" => {
// Handle event unsubscription
},
"auth" => {
// Handle re-authentication
},
_ => {
// Unknown message type
}
}
}
async fn send_event_batch(sender: &mut SplitSink<WebSocket, Message>, batch: &[WebSocketMessage]) {
let batch_msg = serde_json::json!({
"type": "batch",
"events": batch
});
if let Ok(msg_text) = serde_json::to_string(&batch_msg) {
if let Err(e) = sender.send(Message::Text(msg_text)).await {
eprintln!("Failed to send WebSocket message: {}", e);
}
}
}
fn has_event_permission(claims: &Claims, event_type: &str) -> bool {
// Check if user has permission to receive this event type
match event_type {
"SystemHealthUpdate" => claims.role.contains(&"admin".to_string()),
"LogEntry" => claims.role.contains(&"admin".to_string()) ||
claims.role.contains(&"developer".to_string()),
_ => true, // Most events are accessible to all authenticated users
}
}
```
## Event Filtering and Subscriptions
### Client-Side Filtering
```bash
// Subscribe to specific event types
ws.subscribe(['TaskStatusChanged', 'WorkflowProgressUpdate']);
// Subscribe with filters
ws.send({
type: 'subscribe',
events: ['TaskStatusChanged'],
filters: {
task_name: 'create_servers',
status: ['Running', 'Completed', 'Failed']
}
});
// Advanced filtering
ws.send({
type: 'subscribe',
events: ['LogEntry'],
filters: {
level: ['ERROR', 'WARN'],
component: ['server-manager', 'batch-coordinator'],
since: '2025-09-26T10:00:00Z'
}
});
```
### Server-Side Event Filtering
Events can be filtered on the server side based on:
- User permissions and roles
- Event type subscriptions
- Custom filter criteria
- Rate limiting
## Error Handling and Reconnection
### Connection Errors
```bash
ws.on('error', (error) => {
console.error('WebSocket error:', error);
// Handle specific error types
if (error.code === 1006) {
// Abnormal closure, attempt reconnection
setTimeout(() => ws.connect(), 5000);
} else if (error.code === 1008) {
// Policy violation, check token
refreshTokenAndReconnect();
}
});
ws.on('disconnected', (event) => {
console.log(`WebSocket disconnected: ${event.code} - ${event.reason}`);
// Handle different close codes
switch (event.code) {
case 1000: // Normal closure
console.log('Connection closed normally');
break;
case 1001: // Going away
console.log('Server is shutting down');
break;
case 4001: // Custom: Token expired
refreshTokenAndReconnect();
break;
default:
// Attempt reconnection for other errors
if (shouldReconnect()) {
scheduleReconnection();
}
}
});
```
### Heartbeat and Keep-Alive
```javascript
class ProvisioningWebSocket {
constructor(baseUrl, token, options = {}) {
// ... existing code ...
this.heartbeatInterval = options.heartbeatInterval || 30000;
this.heartbeatTimer = null;
}
connect() {
// ... existing connection code ...
this.ws.onopen = (event) => {
console.log('WebSocket connected');
this.startHeartbeat();
this.emit('connected', event);
};
this.ws.onclose = (event) => {
this.stopHeartbeat();
// ... existing close handling ...
};
}
startHeartbeat() {
this.heartbeatTimer = setInterval(() => {
if (this.ws && this.ws.readyState === WebSocket.OPEN) {
this.send({ type: 'ping' });
}
}, this.heartbeatInterval);
}
stopHeartbeat() {
if (this.heartbeatTimer) {
clearInterval(this.heartbeatTimer);
this.heartbeatTimer = null;
}
}
handleMessage(message) {
if (message.type === 'pong') {
// Heartbeat response received
return;
}
// ... existing message handling ...
}
}
```
## Performance Considerations
### Message Batching
To improve performance, the server can batch multiple events into single WebSocket messages:
```json
{
"type": "batch",
"timestamp": "2025-09-26T10:00:00Z",
"events": [
{
"event_type": "TaskStatusChanged",
"data": { ... }
},
{
"event_type": "WorkflowProgressUpdate",
"data": { ... }
}
]
}
```
### Compression
Enable message compression for large events:
```javascript
const ws = new WebSocket('ws://localhost:9090/ws?token=jwt&compression=true');
```
### Rate Limiting
The server implements rate limiting to prevent abuse:
- Maximum connections per user: 10
- Maximum messages per second: 100
- Maximum subscription events: 50
## Security Considerations
### Authentication and Authorization
- All connections require valid JWT tokens
- Tokens are validated on connection and periodically renewed
- Event access is controlled by user roles and permissions
### Message Validation
- All incoming messages are validated against schemas
- Malformed messages are rejected
- Rate limiting prevents DoS attacks
### Data Sanitization
- All event data is sanitized before transmission
- Sensitive information is filtered based on user permissions
- PII and secrets are never transmitted
This WebSocket API provides a robust, real-time communication channel for monitoring and managing provisioning with comprehensive security and
performance features.

178
docs/src/architecture/README.md
View File

@ -1,130 +1,98 @@
# Architecture Documentation
<p align="center">
<img src="../resources/provisioning_logo.svg" alt="Provisioning Logo" width="300"/>
</p>
This directory contains comprehensive architecture documentation for provisioning, including Architecture Decision Records (ADRs) and system design
documentation.
<p align="center">
<img src="../resources/logo-text.svg" alt="Provisioning" width="500"/>
</p>
## Architecture Decision Records (ADRs)
# Architecture
ADRs document the major architectural decisions made for the system, including context, rationale, and consequences:
Deep dive into Provisioning platform architecture, design principles, and
architectural decisions that shape the system.
- **[ADR-001: Project Structure Decision](adr/adr-001-project-structure.md)** - Domain-driven hybrid structure organization
- **[ADR-002: Distribution Strategy](adr/adr-002-distribution-strategy.md)** - Layered distribution with workspace separation
- **[ADR-003: Workspace Isolation](adr/adr-003-workspace-isolation.md)** - Isolated user workspaces with hierarchical configuration
- **[ADR-004: Hybrid Architecture](adr/adr-004-hybrid-architecture.md)** - Rust coordination layer with Nushell business logic
- **[ADR-005: Extension Framework](adr/adr-005-extension-framework.md)** - Registry-based extension system with manifest-driven loading
## Overview
## System Design Documentation
The Provisioning platform uses modular, microservice-based architecture for
enterprise infrastructure as code across multiple clouds. This section
documents foundational architectural decisions and system design that enable:
Comprehensive documentation covering system architecture, integration patterns, and design principles:
- **Multi-cloud orchestration** across AWS, UpCloud, Hetzner, Kubernetes, and on-premise systems
- **Workspace-first organization** with complete infrastructure isolation and multi-tenancy support
- **Type-safe configuration** using Nickel language as source of truth
- **Autonomous operations** through intelligent detectors and automated incident response
- **Post-quantum security** with hybrid encryption protecting against future threats
### [System Overview](system-overview.md)
## Architecture Documentation
High-level architecture overview including:
### System Understanding
- Executive summary and key achievements
- Component architecture with diagrams
- Technology stack and dependencies
- Performance and scalability characteristics
- Security architecture and quality attributes
<p align="center">
<img src="../resources/diagrams/architecture/system-overview.svg"
alt="System Architecture Overview with 12 Microservices" width="800"/>
</p>
### [Integration Patterns](integration-patterns.md)
- **[System Overview](./system-overview.md)** - Platform architecture with 12
microservices, 80+ CLI commands, multi-tenancy model, cloud integration
Detailed integration patterns and implementations:
- **[Design Principles](./design-principles.md)** - Configuration-driven design,
workspace isolation, type-safety mandates, autonomous operations, security-first
- Hybrid language integration (Rust ↔ Nushell)
- Provider abstraction and multi-cloud support
- Configuration resolution and variable interpolation
- Workflow orchestration and dependency management
- State management and checkpoint recovery
- Event-driven architecture and messaging
- Extension integration and API patterns
- Error handling and performance optimization
- **[Component Architecture](./component-architecture.md)** - 12 microservices:
Orchestrator, Control-Center, Vault-Service, Extension-Registry, AI-Service,
Detector, RAG, MCP-Server, KMS, Platform-Config, Service-Clients
### [Design Principles](design-principles.md)
- **[Integration Patterns](./integration-patterns.md)** - REST APIs, async
message queues, event-driven workflows, service discovery, state management
Core architectural principles and guidelines:
<p align="center">
<img src="../resources/diagrams/architecture/microservices-communication.svg"
alt="Microservices Communication Patterns REST Async Events" width="800"/>
</p>
- Project Architecture Principles (PAP) compliance
- Hybrid architecture optimization strategies
- Configuration-first architecture approach
- Domain-driven structural organization
- Quality attribute principles (reliability, performance, security)
- Error handling and observability principles
- Evolution and maintenance strategies
### Architectural Decisions
## Key Architectural Achievements
- **[Architecture Decision Records (ADRs)](./adr/README.md)** - 10 decisions:
modular CLI, workspace-first design, Nickel type-safety, microservice
distribution, communication, post-quantum cryptography, encryption,
observability, SLO management, incident automation
### 🚀 Batch Workflow System (v3.1.0)
## Key Architectural Patterns
- **Provider-Agnostic Design**: Mixed UpCloud, AWS, and local provider support
- **Advanced Orchestration**: Dependency resolution, parallel execution, and rollback capabilities
- **Real-time Monitoring**: Live workflow progress tracking and health monitoring
### Modular Design (ADR-001)
- Decentralized CLI command registration reducing code by 84%
- Dynamic command discovery and 80+ keyboard shortcuts
- Extensible architecture supporting custom commands
### 🏗️ Hybrid Orchestrator Architecture (v3.0.0)
### Workspace-First Organization (ADR-002)
- Workspaces as primary organizational unit grouping infrastructure, configs, and state
- Complete isolation for multi-tenancy and team collaboration
- Local schema and extension customization per workspace
- **Performance Solution**: Solves Nushell deep call stack limitations
- **Business Logic Preservation**: 65+ Nushell files with domain expertise maintained
- **REST API Integration**: Modern HTTP endpoints for external system integration
- **State Management**: Checkpoint-based recovery with comprehensive rollback
### Type-Safe Configuration (ADR-003)
- Nickel language as source of truth for all infrastructure definitions
- Mandatory schema validation at parse time (not runtime)
- Complete migration from KCL with backward compatibility
### ⚙️ Configuration System (v2.0.0)
### Distributed Microservices (ADR-004)
- 12 specialized microservices handling specific domains
- Independent scaling and deployment per service
- Service communication via REST + async queues
- **Configuration Migration**: Systematic migration from ENV variables to configuration files
- **Hierarchical Configuration**: Complete configuration flexibility with clear precedence
- **Variable Interpolation**: Dynamic configuration with runtime variable resolution
- **PAP Compliance**: True Infrastructure as Code without hardcoded fallbacks
### Security Architecture (ADR-006 & ADR-007)
- Post-quantum cryptography with CRYSTALS-Kyber hybrid encryption
- Multi-layer encryption: at-rest (KMS), in-transit (TLS 1.3), field-level, end-to-end
- Centralized secrets management via SecretumVault
## Reading Guide
### Observability & Resilience (ADR-008, ADR-009, ADR-010)
- Unified observability: Prometheus metrics, ELK logging, Jaeger tracing
- SLO-driven operations with error budget enforcement
- Autonomous incident detection and self-healing
### For New Developers
## Navigation
1. Start with [System Overview](system-overview.md) for high-level understanding
2. Read [Design Principles](design-principles.md) to understand architectural philosophy
3. Review relevant ADRs for specific architectural decisions
4. Study [Integration Patterns](integration-patterns.md) for implementation details
### For Architects and Senior Developers
1. Review all ADRs to understand decision rationale and trade-offs
2. Study [Integration Patterns](integration-patterns.md) for advanced implementation patterns
3. Reference [Design Principles](design-principles.md) for architectural guidelines
4. Use [System Overview](system-overview.md) for comprehensive system understanding
### For System Operators
1. Focus on [System Overview](system-overview.md) for deployment and operation insights
2. Review [ADR-002: Distribution Strategy](adr/adr-002-distribution-strategy.md) for deployment patterns
3. Study [ADR-003: Workspace Isolation](adr/adr-003-workspace-isolation.md) for user management
4. Reference [Design Principles](design-principles.md) for operational guidelines
## Document Evolution
These architecture documents are living resources that evolve with the system:
- **ADRs are immutable** once accepted, with new ADRs created for major changes
- **System documentation is updated** to reflect current architecture
- **Cross-references are maintained** between related documents
- **Version compatibility** is documented for architectural changes
## Contributing to Architecture Documentation
When making significant architectural changes:
1. **Create new ADRs** for major decisions using the standard format
2. **Update system documentation** to reflect architectural changes
3. **Maintain cross-references** between related documents
4. **Document trade-offs** and alternatives considered
5. **Update integration patterns** for new architectural patterns
## Architecture Review Process
All significant architectural changes follow a review process:
1. **Proposal Phase**: Create draft ADR with context and proposed decision
2. **Review Phase**: Technical review by architecture team and stakeholders
3. **Decision Phase**: Accept, modify, or reject based on review feedback
4. **Documentation Phase**: Update related documentation and integration patterns
5. **Implementation Phase**: Guide implementation according to architectural decisions
This architecture documentation represents the collective wisdom and experience of building a sophisticated, production-ready infrastructure
automation platform.
- **For implementation details** → See `provisioning/docs/src/features/`
- **For API documentation** → See `provisioning/docs/src/api-reference/`
- **For deployment guides** → See `provisioning/docs/src/operations/`
- **For security details** → See `provisioning/docs/src/security/`
- **For development** → See `provisioning/docs/src/development/`

118
docs/src/architecture/adr/ADR-001-project-structure.md
View File

@ -1,118 +0,0 @@
# ADR-001: Project Structure Decision
## Status
Accepted
## Context
Provisioning had evolved from a monolithic structure into a complex system with mixed organizational patterns. The original structure had multiple issues:
1. **Provider-specific code scattered**: Cloud provider implementations were mixed with core logic
2. **Task services fragmented**: Infrastructure services lacked consistent structure
3. **Domain boundaries unclear**: No clear separation between core, providers, and services
4. **Development artifacts mixed with distribution**: User-facing tools mixed with development utilities
5. **Deep call stack limitations**: Nushell's runtime limitations required architectural solutions
6. **Configuration complexity**: 200+ environment variables across 65+ files needed systematic organization
The system needed a clear, maintainable structure that supports:
- Multi-provider infrastructure provisioning (AWS, UpCloud, local)
- Modular task services (Kubernetes, container runtimes, storage, networking)
- Clear separation of concerns
- Hybrid Rust/Nushell architecture
- Configuration-driven workflows
- Clean distribution without development artifacts
## Decision
Adopt a **domain-driven hybrid structure** organized around functional boundaries:
```bash
src/
├── core/ # Core system and CLI entry point
├── platform/ # High-performance coordination layer (Rust orchestrator)
├── orchestrator/ # Legacy orchestrator location (to be consolidated)
├── provisioning/ # Main provisioning with domain modules
├── control-center/ # Web UI management interface
├── tools/ # Development and utility tools
└── extensions/ # Plugin and extension framework
```
### Key Structural Principles
1. **Domain Separation**: Each major component has clear boundaries and responsibilities
2. **Hybrid Architecture**: Rust for performance-critical coordination, Nushell for business logic
3. **Provider Abstraction**: Standardized interfaces across cloud providers
4. **Service Modularity**: Reusable task services with consistent structure
5. **Clean Distribution**: Development tools separated from user-facing components
6. **Configuration Hierarchy**: Systematic config management with interpolation support
### Domain Organization
- **Core**: CLI interface, library modules, and common utilities
- **Platform**: High-performance Rust orchestrator for workflow coordination
- **Provisioning**: Main business logic with providers, task services, and clusters
- **Control Center**: Web-based management interface
- **Tools**: Development utilities and build systems
- **Extensions**: Plugin framework and custom extensions
## Consequences
### Positive
- **Clear Boundaries**: Each domain has well-defined responsibilities and interfaces
- **Scalable Growth**: New providers and services can be added without structural changes
- **Development Efficiency**: Developers can focus on specific domains without system-wide knowledge
- **Clean Distribution**: Users receive only necessary components without development artifacts
- **Maintenance Clarity**: Issues can be isolated to specific domains
- **Hybrid Benefits**: Leverage Rust performance where needed while maintaining Nushell productivity
- **Configuration Consistency**: Systematic approach to configuration management across all domains
### Negative
- **Migration Complexity**: Required systematic migration of existing components
- **Learning Curve**: New developers need to understand domain boundaries
- **Coordination Overhead**: Cross-domain features require careful interface design
- **Path Management**: More complex path resolution with domain separation
- **Build Complexity**: Multiple domains require coordinated build processes
### Neutral
- **Development Patterns**: Each domain may develop its own patterns within architectural guidelines
- **Testing Strategy**: Domain-specific testing strategies while maintaining integration coverage
- **Documentation**: Domain-specific documentation with clear cross-references
## Alternatives Considered
### Alternative 1: Monolithic Structure
Keep all code in a single flat structure with minimal organization.
**Rejected**: Would not solve maintainability or scalability issues. Continued technical debt accumulation.
### Alternative 2: Microservice Architecture
Split into completely separate services with network communication.
**Rejected**: Overhead too high for single-machine deployment use case. Would complicate installation and configuration.
### Alternative 3: Language-Based Organization
Organize by implementation language (rust/, nushell/, kcl/).
**Rejected**: Does not align with functional boundaries. Cross-cutting concerns would be scattered.
### Alternative 4: Feature-Based Organization
Organize by user-facing features (servers/, clusters/, networking/).
**Rejected**: Would duplicate cross-cutting infrastructure and provider logic across features.
### Alternative 5: Layer-Based Architecture
Organize by architectural layers (presentation/, business/, data/).
**Rejected**: Does not align with domain complexity. Infrastructure provisioning has different layering needs.
## References
- Configuration System Migration (ADR-002)
- Hybrid Architecture Decision (ADR-004)
- Extension Framework Design (ADR-005)
- Project Architecture Principles (PAP) Guidelines

179
docs/src/architecture/adr/ADR-002-distribution-strategy.md
View File

@ -1,179 +0,0 @@
# ADR-002: Distribution Strategy
## Status
Accepted
## Context
Provisioning needed a clean distribution strategy that separates user-facing tools from development artifacts. Key challenges included:
1. **Development Artifacts Mixed with Production**: Build tools, test files, and development utilities scattered throughout user directories
2. **Complex Installation Process**: Users had to navigate through development-specific directories and files
3. **Unclear User Experience**: No clear distinction between what users need versus what developers need
4. **Configuration Complexity**: Multiple configuration files with unclear precedence and purpose
5. **Workspace Pollution**: User workspaces contained development-only files and directories
6. **Path Resolution Issues**: Complex path resolution logic mixing development and production concerns
The system required a distribution strategy that provides:
- Clean user experience without development artifacts
- Clear separation between user and development tools
- Simplified configuration management
- Consistent installation and deployment patterns
- Maintainable development workflow
## Decision
Implement a **layered distribution strategy** with clear separation between development and user environments:
### Distribution Layers
1. **Core Distribution Layer**: Essential user-facing components
- Main CLI tools and libraries
- Configuration templates and defaults
- Provider implementations
- Task service definitions
2. **Development Layer**: Development-specific tools and artifacts
- Build scripts and development utilities
- Test suites and validation tools
- Development configuration templates
- Code generation tools
3. **Workspace Layer**: User-specific customization and data
- User configurations and overrides
- Local state and cache files
- Custom extensions and plugins
- User-specific templates and workflows
### Distribution Structure
```bash
# User Distribution
/usr/local/bin/
├── provisioning # Main CLI entry point
└── provisioning-* # Supporting utilities
/usr/local/share/provisioning/
├── core/ # Core libraries and modules
├── providers/ # Provider implementations
├── taskservs/ # Task service definitions
├── templates/ # Configuration templates
└── config.defaults.toml # System-wide defaults
# User Workspace
~/workspace/provisioning/
├── config.user.toml # User preferences
├── infra/ # User infrastructure definitions
├── extensions/ # User extensions
└── cache/ # Local cache and state
# Development Environment
<project-root>/
├── src/ # Source code
├── scripts/ # Development tools
├── tests/ # Test suites
└── tools/ # Build and development utilities
```
### Key Distribution Principles
1. **Clean Separation**: Development artifacts never appear in user installations
2. **Hierarchical Configuration**: Clear precedence from system defaults to user overrides
3. **Self-Contained User Tools**: Users can work without accessing development directories
4. **Workspace Isolation**: User data and customizations isolated from system installation
5. **Consistent Paths**: Predictable path resolution across different installation types
6. **Version Management**: Clear versioning and upgrade paths for distributed components
## Consequences
### Positive
- **Clean User Experience**: Users interact only with production-ready tools and interfaces
- **Simplified Installation**: Clear installation process without development complexity
- **Workspace Isolation**: User customizations don't interfere with system installation
- **Development Efficiency**: Developers can work with full toolset without affecting users
- **Configuration Clarity**: Clear hierarchy and precedence for configuration settings
- **Maintainable Updates**: System updates don't affect user customizations
- **Path Simplicity**: Predictable path resolution without development-specific logic
- **Security Isolation**: User workspace separated from system components
### Negative
- **Distribution Complexity**: Multiple distribution targets require coordinated build processes
- **Path Management**: More complex path resolution logic to support multiple layers
- **Migration Overhead**: Existing users need to migrate to new workspace structure
- **Documentation Burden**: Need clear documentation for different user types
- **Testing Complexity**: Must validate distribution across different installation scenarios
### Neutral
- **Development Patterns**: Different patterns for development versus production deployment
- **Configuration Strategy**: Layer-specific configuration management approaches
- **Tool Integration**: Different integration patterns for development versus user tools
## Alternatives Considered
### Alternative 1: Monolithic Distribution
Ship everything (development and production) in single package.
**Rejected**: Creates confusing user experience and bloated installations. Mixes development concerns with user needs.
### Alternative 2: Container-Only Distribution
Package entire system as container images only.
**Rejected**: Limits deployment flexibility and complicates local development workflows. Not suitable for all use cases.
### Alternative 3: Source-Only Distribution
Require users to build from source with development environment.
**Rejected**: Creates high barrier to entry and mixes user concerns with development complexity.
### Alternative 4: Plugin-Based Distribution
Minimal core with everything else as downloadable plugins.
**Rejected**: Would fragment essential functionality and complicate initial setup. Network dependency for basic functionality.
### Alternative 5: Environment-Based Distribution
Use environment variables to control what gets installed.
**Rejected**: Creates complex configuration matrix and potential for inconsistent installations.
## Implementation Details
### Distribution Build Process
1. **Core Layer Build**: Extract essential user components from source
2. **Template Processing**: Generate configuration templates with proper defaults
3. **Path Resolution**: Generate path resolution logic for different installation types
4. **Documentation Generation**: Create user-specific documentation excluding development details
5. **Package Creation**: Build distribution packages for different platforms
6. **Validation Testing**: Test installations in clean environments
### Configuration Hierarchy
```toml
System Defaults (lowest precedence)
└── User Configuration
└── Project Configuration
└── Infrastructure Configuration
└── Environment Configuration
└── Runtime Configuration (highest precedence)
```
### Workspace Management
- **Automatic Creation**: User workspace created on first run
- **Template Initialization**: Workspace populated with configuration templates
- **Version Tracking**: Workspace tracks compatible system versions
- **Migration Support**: Automatic migration between workspace versions
- **Backup Integration**: Workspace backup and restore capabilities
## References
- Project Structure Decision (ADR-001)
- Workspace Isolation Decision (ADR-003)
- Configuration System Migration (CLAUDE.md)
- User Experience Guidelines (Design Principles)
- Installation and Deployment Procedures

191
docs/src/architecture/adr/ADR-003-workspace-isolation.md
View File

@ -1,191 +0,0 @@
# ADR-003: Workspace Isolation
## Status
Accepted
## Context
Provisioning required a clear strategy for managing user-specific data, configurations,
and customizations separate from system-wide installations. Key challenges included:
1. **Configuration Conflicts**: User settings mixed with system defaults, causing unclear precedence
2. **State Management**: User state (cache, logs, temporary files) scattered across filesystem
3. **Customization Isolation**: User extensions and customizations affecting system behavior
4. **Multi-User Support**: Multiple users on same system interfering with each other
5. **Development vs Production**: Developer needs different from end-user needs
6. **Path Resolution Complexity**: Complex logic to locate user-specific resources
7. **Backup and Migration**: Difficulty backing up and migrating user-specific settings
8. **Security Boundaries**: Need clear separation between system and user-writable areas
The system needed workspace isolation that provides:
- Clear separation of user data from system installation
- Predictable configuration precedence and inheritance
- User-specific customization without system impact
- Multi-user support on shared systems
- Easy backup and migration of user settings
- Security isolation between system and user areas
## Decision
Implement **isolated user workspaces** with clear boundaries and hierarchical configuration:
### Workspace Structure
```bash
~/workspace/provisioning/ # User workspace root
├── config/
│ ├── user.toml # User preferences and overrides
│ ├── environments/ # Environment-specific configs
│ │ ├── dev.toml
│ │ ├── test.toml
│ │ └── prod.toml
│ └── secrets/ # User-specific encrypted secrets
├── infra/ # User infrastructure definitions
│ ├── personal/ # Personal infrastructure
│ ├── work/ # Work-related infrastructure
│ └── shared/ # Shared infrastructure definitions
├── extensions/ # User-installed extensions
│ ├── providers/ # Custom providers
│ ├── taskservs/ # Custom task services
│ └── plugins/ # User plugins
├── templates/ # User-specific templates
├── cache/ # Local cache and temporary data
│ ├── provider-cache/ # Provider API cache
│ ├── version-cache/ # Version information cache
│ └── build-cache/ # Build and generation cache
├── logs/ # User-specific logs
├── state/ # Local state files
└── backups/ # Automatic workspace backups
```
### Configuration Hierarchy (Precedence Order)
1. **Runtime Parameters** (command line, environment variables)
2. **Environment Configuration** (`config/environments/{env}.toml`)
3. **Infrastructure Configuration** (`infra/{name}/config.toml`)
4. **Project Configuration** (project-specific settings)
5. **User Configuration** (`config/user.toml`)
6. **System Defaults** (system-wide defaults)
### Key Isolation Principles
1. **Complete Isolation**: User workspace completely independent of system installation
2. **Hierarchical Inheritance**: Clear configuration inheritance with user overrides
3. **Security Boundaries**: User workspace in user-writable area only
4. **Multi-User Safe**: Multiple users can have independent workspaces
5. **Portable**: Entire user workspace can be backed up and restored
6. **Version Independent**: Workspace compatible across system version upgrades
7. **Extension Safe**: User extensions cannot affect system behavior
8. **State Isolation**: All user state contained within workspace
## Consequences
### Positive
- **User Independence**: Users can customize without affecting system or other users
- **Configuration Clarity**: Clear hierarchy and precedence for all configuration
- **Security Isolation**: User modifications cannot compromise system installation
- **Easy Backup**: Complete user environment can be backed up and restored
- **Development Flexibility**: Developers can have multiple isolated workspaces
- **System Upgrades**: System updates don't affect user customizations
- **Multi-User Support**: Multiple users can work independently on same system
- **Portable Configurations**: User workspace can be moved between systems
- **State Management**: All user state in predictable locations
### Negative
- **Initial Setup**: Users must initialize workspace before first use
- **Path Complexity**: More complex path resolution to support workspace isolation
- **Disk Usage**: Each user maintains separate cache and state
- **Configuration Duplication**: Some configuration may be duplicated across users
- **Migration Overhead**: Existing users need workspace migration
- **Documentation Complexity**: Need clear documentation for workspace management
### Neutral
- **Backup Strategy**: Users responsible for their own workspace backup
- **Extension Management**: User-specific extension installation and management
- **Version Compatibility**: Workspace versions must be compatible with system versions
- **Performance Implications**: Additional path resolution overhead
## Alternatives Considered
### Alternative 1: System-Wide Configuration Only
All configuration in system directories with user overrides via environment variables.
**Rejected**: Creates conflicts between users and makes customization difficult. Poor isolation and security.
### Alternative 2: Home Directory Dotfiles
Use traditional dotfile approach (~/.provisioning/).
**Rejected**: Clutters home directory and provides less structured organization. Harder to backup and migrate.
### Alternative 3: XDG Base Directory Specification
Follow XDG specification for config/data/cache separation.
**Rejected**: While standards-compliant, would fragment user data across multiple directories making management complex.
### Alternative 4: Container-Based Isolation
Each user gets containerized environment.
**Rejected**: Too heavy for simple configuration isolation. Adds deployment complexity without sufficient benefits.
### Alternative 5: Database-Based Configuration
Store all user configuration in database.
**Rejected**: Adds dependency complexity and makes backup/restore more difficult. Over-engineering for configuration needs.
## Implementation Details
### Workspace Initialization
```bash
# Automatic workspace creation on first run
provisioning workspace init
# Manual workspace creation with template
provisioning workspace init --template=developer
# Workspace status and validation
provisioning workspace status
provisioning workspace validate
```
### Configuration Resolution Process
1. **Workspace Discovery**: Locate user workspace (env var → default location)
2. **Configuration Loading**: Load configuration hierarchy with proper precedence
3. **Path Resolution**: Resolve all paths relative to workspace and system installation
4. **Variable Interpolation**: Process configuration variables and templates
5. **Validation**: Validate merged configuration for completeness and correctness
### Backup and Migration
```bash
# Backup entire workspace
provisioning workspace backup --output ~/backup/provisioning-workspace.tar.gz
# Restore workspace from backup
provisioning workspace restore --input ~/backup/provisioning-workspace.tar.gz
# Migrate workspace to new version
provisioning workspace migrate --from-version 2.0.0 --to-version 3.0.0
```
### Security Considerations
- **File Permissions**: Workspace created with appropriate user permissions
- **Secret Management**: Secrets encrypted and isolated within workspace
- **Extension Sandboxing**: User extensions cannot access system directories
- **Path Validation**: All paths validated to prevent directory traversal
- **Configuration Validation**: User configuration validated against schemas
## References
- Distribution Strategy (ADR-002)
- Configuration System Migration (CLAUDE.md)
- Security Guidelines (Design Principles)
- Extension Framework (ADR-005)
- Multi-User Deployment Patterns

210
docs/src/architecture/adr/ADR-004-hybrid-architecture.md
View File

@ -1,210 +0,0 @@
# ADR-004: Hybrid Architecture
## Status
Accepted
## Context
Provisioning encountered fundamental limitations with a pure Nushell implementation that required architectural solutions:
1. **Deep Call Stack Limitations**: Nushell's `open` command fails in deep call contexts
(`enumerate | each`), causing "Type not supported" errors in template.nu:71
2. **Performance Bottlenecks**: Complex workflow orchestration hitting Nushell's performance limits
3. **Concurrency Constraints**: Limited parallel processing capabilities in Nushell for batch operations
4. **Integration Complexity**: Need for REST API endpoints and external system integration
5. **State Management**: Complex state tracking and persistence requirements beyond Nushell's capabilities
6. **Business Logic Preservation**: 65+ existing Nushell files with domain expertise that shouldn't be rewritten
7. **Developer Productivity**: Nushell excels for configuration management and domain-specific operations
The system needed an architecture that:
- Solves Nushell's technical limitations without losing business logic
- Leverages each language's strengths appropriately
- Maintains existing investment in Nushell domain knowledge
- Provides performance for coordination-heavy operations
- Enables modern integration patterns (REST APIs, async workflows)
- Preserves configuration-driven, Infrastructure as Code principles
## Decision
Implement a **Hybrid Rust/Nushell Architecture** with clear separation of concerns:
### Architecture Layers
#### 1. Coordination Layer (Rust)
- **Orchestrator**: High-performance workflow coordination and task scheduling
- **REST API Server**: HTTP endpoints for external integration
- **State Management**: Persistent state tracking with checkpoint recovery
- **Batch Processing**: Parallel execution of complex workflows
- **File-based Persistence**: Lightweight task queue using reliable file storage
- **Error Recovery**: Sophisticated error handling and rollback capabilities
#### 2. Business Logic Layer (Nushell)
- **Provider Implementations**: Cloud provider-specific operations (AWS, UpCloud, local)
- **Task Services**: Infrastructure service management (Kubernetes, networking, storage)
- **Configuration Management**: KCL-based configuration processing and validation
- **Template Processing**: Infrastructure-as-Code template generation
- **CLI Interface**: User-facing command-line tools and workflows
- **Domain Operations**: All business-specific logic and operations
### Integration Patterns
#### Rust → Nushell Communication
```nushell
// Rust orchestrator invokes Nushell scripts via process execution
let result = Command::new("nu")
.arg("-c")
.arg("use core/nulib/workflows/server_create.nu *; server_create_workflow 'name' '' []")
.output()?;
```
#### Nushell → Rust Communication
```nushell
# Nushell submits workflows to Rust orchestrator via HTTP API
http post "http://localhost:9090/workflows/servers/create" {
name: "server-name",
provider: "upcloud",
config: $server_config
}
```
#### Data Exchange Format
- **Structured JSON**: All data exchange via JSON for type safety and interoperability
- **Configuration TOML**: Configuration data in TOML format for human readability
- **State Files**: Lightweight file-based state exchange between layers
### Key Architectural Principles
1. **Language Strengths**: Use each language for what it does best
2. **Business Logic Preservation**: All existing domain knowledge stays in Nushell
3. **Performance Critical Path**: Coordination and orchestration in Rust
4. **Clear Boundaries**: Well-defined interfaces between layers
5. **Configuration Driven**: Both layers respect configuration-driven architecture
6. **Error Handling**: Coordinated error handling across language boundaries
7. **State Consistency**: Consistent state management across hybrid system
## Consequences
### Positive
- **Technical Limitations Solved**: Eliminates Nushell deep call stack issues
- **Performance Optimized**: High-performance coordination while preserving productivity
- **Business Logic Preserved**: 65+ Nushell files with domain expertise maintained
- **Modern Integration**: REST APIs and async workflows enabled
- **Development Efficiency**: Developers can use optimal language for each task
- **Batch Processing**: Parallel workflow execution with sophisticated state management
- **Error Recovery**: Advanced error handling and rollback capabilities
- **Scalability**: Architecture scales to complex multi-provider workflows
- **Maintainability**: Clear separation of concerns between layers
### Negative
- **Complexity Increase**: Two-language system requires more architectural coordination
- **Integration Overhead**: Data serialization/deserialization between languages
- **Development Skills**: Team needs expertise in both Rust and Nushell
- **Testing Complexity**: Must test integration between language layers
- **Deployment Complexity**: Two runtime environments must be coordinated
- **Debugging Challenges**: Debugging across language boundaries more complex
### Neutral
- **Development Patterns**: Different patterns for each layer while maintaining consistency
- **Documentation Strategy**: Language-specific documentation with integration guides
- **Tool Chain**: Multiple development tool chains must be maintained
- **Performance Characteristics**: Different performance characteristics for different operations
## Alternatives Considered
### Alternative 1: Pure Nushell Implementation
Continue with Nushell-only approach and work around limitations.
**Rejected**: Technical limitations are fundamental and cannot be worked around without compromising functionality. Deep call stack issues are
architectural.
### Alternative 2: Complete Rust Rewrite
Rewrite entire system in Rust for consistency.
**Rejected**: Would lose 65+ files of domain expertise and Nushell's productivity advantages for configuration management. Massive development effort.
### Alternative 3: Pure Go Implementation
Rewrite system in Go for simplicity and performance.
**Rejected**: Same issues as Rust rewrite - loses domain expertise and Nushell's configuration strengths. Go doesn't provide significant advantages.
### Alternative 4: Python/Shell Hybrid
Use Python for coordination and shell scripts for operations.
**Rejected**: Loses type safety and configuration-driven advantages of current system. Python adds dependency complexity.
### Alternative 5: Container-Based Separation
Run Nushell and coordination layer in separate containers.
**Rejected**: Adds deployment complexity and network communication overhead. Complicates local development significantly.
## Implementation Details
### Orchestrator Components
- **Task Queue**: File-based persistent queue for reliable workflow management
- **HTTP Server**: REST API for workflow submission and monitoring
- **State Manager**: Checkpoint-based state tracking with recovery
- **Process Manager**: Nushell script execution with proper isolation
- **Error Handler**: Comprehensive error recovery and rollback logic
### Integration Protocols
- **HTTP REST**: Primary API for external integration
- **JSON Data Exchange**: Structured data format for all communication
- **File-based State**: Lightweight persistence without database dependencies
- **Process Execution**: Secure subprocess execution for Nushell operations
### Development Workflow
1. **Rust Development**: Focus on coordination, performance, and integration
2. **Nushell Development**: Focus on business logic, providers, and task services
3. **Integration Testing**: Validate communication between layers
4. **End-to-End Validation**: Complete workflow testing across both layers
### Monitoring and Observability
- **Structured Logging**: JSON logs from both Rust and Nushell components
- **Metrics Collection**: Performance metrics from coordination layer
- **Health Checks**: System health monitoring across both layers
- **Workflow Tracking**: Complete audit trail of workflow execution
## Migration Strategy
### Phase 1: Core Infrastructure (Completed)
- ✅ Rust orchestrator implementation
- ✅ REST API endpoints
- ✅ File-based task queue
- ✅ Basic Nushell integration
### Phase 2: Workflow Integration (Completed)
- ✅ Server creation workflows
- ✅ Task service workflows
- ✅ Cluster deployment workflows
- ✅ State management and recovery
### Phase 3: Advanced Features (Completed)
- ✅ Batch workflow processing
- ✅ Dependency resolution
- ✅ Rollback capabilities
- ✅ Real-time monitoring
## References
- Deep Call Stack Limitations (CLAUDE.md - Architectural Lessons Learned)
- Configuration-Driven Architecture (ADR-002)
- Batch Workflow System (CLAUDE.md - v3.1.0)
- Integration Patterns Documentation
- Performance Benchmarking Results

284
docs/src/architecture/adr/ADR-005-extension-framework.md
View File

@ -1,284 +0,0 @@
# ADR-005: Extension Framework
## Status
Accepted
## Context
Provisioning required a flexible extension mechanism to support:
1. **Custom Providers**: Organizations need to add custom cloud providers beyond AWS, UpCloud, and local
2. **Custom Task Services**: Users need to integrate proprietary infrastructure services
3. **Custom Workflows**: Complex organizations require custom orchestration patterns
4. **Third-Party Integration**: Need to integrate with existing toolchains and systems
5. **User Customization**: Power users want to extend and modify system behavior
6. **Plugin Ecosystem**: Enable community contributions and extensions
7. **Isolation Requirements**: Extensions must not compromise system stability
8. **Discovery Mechanism**: System must automatically discover and load extensions
9. **Version Compatibility**: Extensions must work across system version upgrades
10. **Configuration Integration**: Extensions should integrate with configuration-driven architecture
The system needed an extension framework that provides:
- Clear extension API and interfaces
- Safe isolation of extension code
- Automatic discovery and loading
- Configuration integration
- Version compatibility management
- Developer-friendly extension development patterns
## Decision
Implement a **registry-based extension framework** with structured discovery and isolation:
### Extension Architecture
#### Extension Types
1. **Provider Extensions**: Custom cloud providers and infrastructure backends
2. **Task Service Extensions**: Custom infrastructure services and components
3. **Workflow Extensions**: Custom orchestration and deployment patterns
4. **CLI Extensions**: Additional command-line tools and interfaces
5. **Template Extensions**: Custom configuration and code generation templates
6. **Integration Extensions**: External system integrations and connectors
### Extension Structure
```bash
extensions/
├── providers/ # Provider extensions
│ └── custom-cloud/
│ ├── extension.toml # Extension manifest
│ ├── kcl/ # KCL configuration schemas
│ ├── nulib/ # Nushell implementation
│ └── templates/ # Configuration templates
├── taskservs/ # Task service extensions
│ └── custom-service/
│ ├── extension.toml
│ ├── kcl/
│ ├── nulib/
│ └── manifests/ # Kubernetes manifests
├── workflows/ # Workflow extensions
│ └── custom-workflow/
│ ├── extension.toml
│ └── nulib/
├── cli/ # CLI extensions
│ └── custom-commands/
│ ├── extension.toml
│ └── nulib/
└── integrations/ # Integration extensions
└── external-tool/
├── extension.toml
└── nulib/
```
### Extension Manifest (extension.toml)
```toml
[extension]
name = "custom-provider"
version = "1.0.0"
type = "provider"
description = "Custom cloud provider integration"
author = "Organization Name"
license = "MIT"
homepage = "https://github.com/org/custom-provider"
[compatibility]
provisioning_version = ">=3.0.0,<4.0.0"
nushell_version = ">=0.107.0"
kcl_version = ">=0.11.0"
[dependencies]
http_client = ">=1.0.0"
json_parser = ">=2.0.0"
[entry_points]
cli = "nulib/cli.nu"
provider = "nulib/provider.nu"
config_schema = "schemas/schema.ncl"
[configuration]
config_prefix = "custom_provider"
required_env_vars = ["CUSTOM_PROVIDER_API_KEY"]
optional_config = ["custom_provider.region", "custom_provider.timeout"]
```
### Key Framework Principles
1. **Registry-Based Discovery**: Extensions registered in structured directories
2. **Manifest-Driven Loading**: Extension capabilities declared in manifest files
3. **Version Compatibility**: Explicit compatibility declarations and validation
4. **Configuration Integration**: Extensions integrate with system configuration hierarchy
5. **Isolation Boundaries**: Extensions isolated from core system and each other
6. **Standard Interfaces**: Consistent interfaces across extension types
7. **Development Patterns**: Clear patterns for extension development
8. **Community Support**: Framework designed for community contributions
## Consequences
### Positive
- **Extensibility**: System can be extended without modifying core code
- **Community Growth**: Enable community contributions and ecosystem development
- **Organization Customization**: Organizations can add proprietary integrations
- **Innovation Support**: New technologies can be integrated via extensions
- **Isolation Safety**: Extensions cannot compromise system stability
- **Configuration Consistency**: Extensions integrate with configuration-driven architecture
- **Development Efficiency**: Clear patterns reduce extension development time
- **Version Management**: Compatibility system prevents breaking changes
- **Discovery Automation**: Extensions automatically discovered and loaded
### Negative
- **Complexity Increase**: Additional layer of abstraction and management
- **Performance Overhead**: Extension loading and isolation adds runtime cost
- **Testing Complexity**: Must test extension framework and individual extensions
- **Documentation Burden**: Need comprehensive extension development documentation
- **Version Coordination**: Extension compatibility matrix requires management
- **Support Complexity**: Community extensions may require support resources
### Neutral
- **Development Patterns**: Different patterns for extension vs core development
- **Quality Control**: Community extensions may vary in quality and maintenance
- **Security Considerations**: Extensions need security review and validation
- **Dependency Management**: Extension dependencies must be managed carefully
## Alternatives Considered
### Alternative 1: Filesystem-Based Extensions
Simple filesystem scanning for extension discovery.
**Rejected**: No manifest validation or version compatibility checking. Fragile discovery mechanism.
### Alternative 2: Database-Backed Registry
Store extension metadata in database for discovery.
**Rejected**: Adds database dependency complexity. Over-engineering for extension discovery needs.
### Alternative 3: Package Manager Integration
Use existing package managers (cargo, npm) for extension distribution.
**Rejected**: Complicates installation and creates external dependencies. Not suitable for corporate environments.
### Alternative 4: Container-Based Extensions
Each extension runs in isolated container.
**Rejected**: Too heavy for simple extensions. Complicates development and deployment significantly.
### Alternative 5: Plugin Architecture
Traditional plugin architecture with dynamic loading.
**Rejected**: Complex for shell-based system. Security and isolation challenges in Nushell environment.
## Implementation Details
### Extension Discovery Process
1. **Directory Scanning**: Scan extension directories for manifest files
2. **Manifest Validation**: Parse and validate extension manifest
3. **Compatibility Check**: Verify version compatibility requirements
4. **Dependency Resolution**: Resolve extension dependencies
5. **Configuration Integration**: Merge extension configuration schemas
6. **Entry Point Registration**: Register extension entry points with system
### Extension Loading Lifecycle
```bash
# Extension discovery and validation
provisioning extension discover
provisioning extension validate --extension custom-provider
# Extension activation and configuration
provisioning extension enable custom-provider
provisioning extension configure custom-provider
# Extension usage
provisioning provider list # Shows custom providers
provisioning server create --provider custom-provider
# Extension management
provisioning extension disable custom-provider
provisioning extension update custom-provider
```
### Configuration Integration
Extensions integrate with hierarchical configuration system:
```toml
# System configuration includes extension settings
[custom_provider]
api_endpoint = "https://api.custom-cloud.com"
region = "us-west-1"
timeout = 30
# Extension configuration follows same hierarchy rules
# System defaults → User config → Environment config → Runtime
```
### Security and Isolation
- **Sandboxed Execution**: Extensions run in controlled environment
- **Permission Model**: Extensions declare required permissions in manifest
- **Code Review**: Community extensions require review process
- **Digital Signatures**: Extensions can be digitally signed for authenticity
- **Audit Logging**: Extension usage tracked in system audit logs
### Development Support
- **Extension Templates**: Scaffold new extensions from templates
- **Development Tools**: Testing and validation tools for extension developers
- **Documentation Generation**: Automatic documentation from extension manifests
- **Integration Testing**: Framework for testing extensions with core system
## Extension Development Patterns
### Provider Extension Pattern
```bash
# extensions/providers/custom-cloud/nulib/provider.nu
export def list-servers [] -> table {
http get $"($config.custom_provider.api_endpoint)/servers"
| from json
| select name status region
}
export def create-server [name: string, config: record] -> record {
let payload = {
name: $name,
instance_type: $config.plan,
region: $config.zone
}
http post $"($config.custom_provider.api_endpoint)/servers" $payload
| from json
}
```
### Task Service Extension Pattern
```bash
# extensions/taskservs/custom-service/nulib/service.nu
export def install [server: string] -> nothing {
let manifest_data = open ./manifests/deployment.yaml
| str replace "{{server}}" $server
kubectl apply --server $server --data $manifest_data
}
export def uninstall [server: string] -> nothing {
kubectl delete deployment custom-service --server $server
}
```
## References
- Workspace Isolation (ADR-003)
- Configuration System Architecture (ADR-002)
- Hybrid Architecture Integration (ADR-004)
- Community Extension Guidelines
- Extension Security Framework
- Extension Development Documentation

390
docs/src/architecture/adr/ADR-006-provisioning-cli-refactoring.md
View File

@ -1,390 +0,0 @@
# ADR-006: Provisioning CLI Refactoring to Modular Architecture
**Status**: Implemented ✅
**Date**: 2025-09-30
**Authors**: Infrastructure Team
**Related**: ADR-001 (Project Structure), ADR-004 (Hybrid Architecture)
## Context
The main provisioning CLI script (`provisioning/core/nulib/provisioning`) had grown to
**1,329 lines** with a massive 1,100+ line match statement handling all commands. This
monolithic structure created multiple critical problems:
### Problems Identified
1. **Maintainability Crisis**
- 54 command branches in one file
- Code duplication: Flag handling repeated 50+ times
- Hard to navigate: Finding specific command logic required scrolling through 1,000+ lines
- Mixed concerns: Routing, validation, and execution all intertwined
2. **Development Friction**
- Adding new commands required editing massive file
- Testing was nearly impossible (monolithic, no isolation)
- High cognitive load for contributors
- Code review difficult due to file size
3. **Technical Debt**
- 10+ lines of repetitive flag handling per command
- No separation of concerns
- Poor code reusability
- Difficult to test individual command handlers
4. **User Experience Issues**
- No bi-directional help system
- Inconsistent command shortcuts
- Help system not fully integrated
## Decision
We refactored the monolithic CLI into a **modular, domain-driven architecture** with the following structure:
```bash
provisioning/core/nulib/
├── provisioning (211 lines) ⬅️ 84% reduction
├── main_provisioning/
│ ├── flags.nu (139 lines) ⭐ Centralized flag handling
│ ├── dispatcher.nu (264 lines) ⭐ Command routing
│ ├── mod.nu (updated)
│ └── commands/ ⭐ Domain-focused handlers
│ ├── configuration.nu (316 lines)
│ ├── development.nu (72 lines)
│ ├── generation.nu (78 lines)
│ ├── infrastructure.nu (117 lines)
│ ├── orchestration.nu (64 lines)
│ ├── utilities.nu (157 lines)
│ └── workspace.nu (56 lines)
```
### Key Components
#### 1. Centralized Flag Handling (`flags.nu`)
Single source of truth for all flag parsing and argument building:
```javascript
export def parse_common_flags [flags: record]: nothing -> record
export def build_module_args [flags: record, extra: string = ""]: nothing -> string
export def set_debug_env [flags: record]
export def get_debug_flag [flags: record]: nothing -> string
```
**Benefits:**
- Eliminates 50+ instances of duplicate code
- Single place to add/modify flags
- Consistent flag handling across all commands
- Reduced from 10 lines to 3 lines per command handler
#### 2. Command Dispatcher (`dispatcher.nu`)
Central routing with 80+ command mappings:
```javascript
export def get_command_registry []: nothing -> record # 80+ shortcuts
export def dispatch_command [args: list, flags: record] # Main router
```
**Features:**
- Command registry with shortcuts (ws → workspace, orch → orchestrator, etc.)
- Bi-directional help support (`provisioning ws help` works)
- Domain-based routing (infrastructure, orchestration, development, etc.)
- Special command handling (create, delete, price, etc.)
#### 3. Domain Command Handlers (`commands/*.nu`)
Seven focused modules organized by domain:
| Module | Lines | Responsibility |
| -------- | ------- | ---------------- |
| `infrastructure.nu` | 117 | Server, taskserv, cluster, infra |
| `orchestration.nu` | 64 | Workflow, batch, orchestrator |
| `development.nu` | 72 | Module, layer, version, pack |
| `workspace.nu` | 56 | Workspace, template |
| `generation.nu` | 78 | Generate commands |
| `utilities.nu` | 157 | SSH, SOPS, cache, providers |
| `configuration.nu` | 316 | Env, show, init, validate |
Each handler:
- Exports `handle_<domain>_command` function
- Uses shared flag handling
- Provides error messages with usage hints
- Isolated and testable
## Architecture Principles
### 1. Separation of Concerns
- **Routing**`dispatcher.nu`
- **Flag parsing**`flags.nu`
- **Business logic**`commands/*.nu`
- **Help system**`help_system.nu` (existing)
### 2. Single Responsibility
Each module has ONE clear purpose:
- Command handlers execute specific domains
- Dispatcher routes to correct handler
- Flags module normalizes all inputs
### 3. DRY (Don't Repeat Yourself)
Eliminated repetition:
- Flag handling: 50+ instances → 1 function
- Command routing: Scattered logic → Command registry
- Error handling: Consistent across all domains
### 4. Open/Closed Principle
- Open for extension: Add new handlers easily
- Closed for modification: Core routing unchanged
### 5. Dependency Inversion
All handlers depend on abstractions (flag records, not concrete flags):
```bash
# Handler signature
export def handle_infrastructure_command [
command: string
ops: string
flags: record # ⬅️ Abstraction, not concrete flags
]
```
## Implementation Details
### Migration Path (Completed in 2 Phases)
**Phase 1: Foundation**
1. ✅ Created `commands/` directory structure
2. ✅ Created `flags.nu` with common flag handling
3. ✅ Created initial command handlers (infrastructure, utilities, configuration)
4. ✅ Created `dispatcher.nu` with routing logic
5. ✅ Refactored main file (1,329 → 211 lines)
6. ✅ Tested basic functionality
**Phase 2: Completion**
1. ✅ Fixed bi-directional help (`provisioning ws help` now works)
2. ✅ Created remaining handlers (orchestration, development, workspace, generation)
3. ✅ Removed duplicate code from dispatcher
4. ✅ Added comprehensive test suite
5. ✅ Verified all shortcuts work
### Bi-directional Help System
Users can now access help in multiple ways:
```bash
# All these work equivalently:
provisioning help workspace
provisioning workspace help # ⬅️ NEW: Bi-directional
provisioning ws help # ⬅️ NEW: With shortcuts
provisioning help ws # ⬅️ NEW: Shortcut in help
```
**Implementation:**
```bash
# Intercept "command help" → "help command"
let first_op = if ($ops_list | length) > 0 { ($ops_list | get 0) } else { "" }
if $first_op in ["help" "h"] {
exec $"($env.PROVISIONING_NAME)" help $task --notitles
}
```
### Command Shortcuts
Comprehensive shortcut system with 30+ mappings:
**Infrastructure:**
- `s``server`
- `t`, `task``taskserv`
- `cl``cluster`
- `i``infra`
**Orchestration:**
- `wf`, `flow``workflow`
- `bat``batch`
- `orch``orchestrator`
**Development:**
- `mod``module`
- `lyr``layer`
**Workspace:**
- `ws``workspace`
- `tpl`, `tmpl``template`
## Testing
Comprehensive test suite created (`tests/test_provisioning_refactor.nu`):
### Test Coverage
- ✅ Main help display
- ✅ Category help (infrastructure, orchestration, development, workspace)
- ✅ Bi-directional help routing
- ✅ All command shortcuts
- ✅ Category shortcut help
- ✅ Command routing to correct handlers
### Test Results
```bash
📋 Testing main help... ✅
📋 Testing category help... ✅
🔄 Testing bi-directional help... ✅
⚡ Testing command shortcuts... ✅
📚 Testing category shortcut help... ✅
🎯 Testing command routing... ✅
📊 TEST RESULTS: 6 passed, 0 failed
```
## Results
### Quantitative Improvements
| Metric | Before | After | Improvement |
| -------- | -------- | ------- | ------------- |
| **Main file size** | 1,329 lines | 211 lines | **84% reduction** |
| **Command handler** | 1 massive match (1,100+ lines) | 7 focused modules | **Domain separation** |
| **Flag handling** | Repeated 50+ times | 1 function | **98% duplication removal** |
| **Code per command** | 10 lines | 3 lines | **70% reduction** |
| **Modules count** | 1 monolith | 9 modules | **Modular architecture** |
| **Test coverage** | None | 6 test groups | **Comprehensive testing** |
### Qualitative Improvements
**Maintainability**
- ✅ Easy to find specific command logic
- ✅ Clear separation of concerns
- ✅ Self-documenting structure
- ✅ Focused modules (< 320 lines each)
**Extensibility**
- ✅ Add new commands: Just update appropriate handler
- ✅ Add new flags: Single function update
- ✅ Add new shortcuts: Update command registry
- ✅ No massive file edits required
**Testability**
- ✅ Isolated command handlers
- ✅ Mockable dependencies
- ✅ Test individual domains
- ✅ Fast test execution
**Developer Experience**
- ✅ Lower cognitive load
- ✅ Faster onboarding
- ✅ Easier code review
- ✅ Better IDE navigation
## Trade-offs
### Advantages
1. **Dramatically reduced complexity**: 84% smaller main file
2. **Better organization**: Domain-focused modules
3. **Easier testing**: Isolated, testable units
4. **Improved maintainability**: Clear structure, less duplication
5. **Enhanced UX**: Bi-directional help, shortcuts
6. **Future-proof**: Easy to extend
### Disadvantages
1. **More files**: 1 file → 9 files (but smaller, focused)
2. **Module imports**: Need to import multiple modules (automated via mod.nu)
3. **Learning curve**: New structure requires documentation (this ADR)
**Decision**: Advantages significantly outweigh disadvantages.
## Examples
### Before: Repetitive Flag Handling
```bash
"server" => {
let use_check = if $check { "--check "} else { "" }
let use_yes = if $yes { "--yes" } else { "" }
let use_wait = if $wait { "--wait" } else { "" }
let use_keepstorage = if $keepstorage { "--keepstorage "} else { "" }
let str_infra = if $infra != null { $"--infra ($infra) "} else { "" }
let str_outfile = if $outfile != null { $"--outfile ($outfile) "} else { "" }
let str_out = if $out != null { $"--out ($out) "} else { "" }
let arg_include_notuse = if $include_notuse { $"--include_notuse "} else { "" }
run_module $"($str_ops) ($str_infra) ($use_check)..." "server" --exec
}
```
### After: Clean, Reusable
```python
def handle_server [ops: string, flags: record] {
let args = build_module_args $flags $ops
run_module $args "server" --exec
}
```
**Reduction: 10 lines → 3 lines (70% reduction)**
## Future Considerations
### Potential Enhancements
1. **Unit test expansion**: Add tests for each command handler
2. **Integration tests**: End-to-end workflow tests
3. **Performance profiling**: Measure routing overhead (expected to be negligible)
4. **Documentation generation**: Auto-generate docs from handlers
5. **Plugin architecture**: Allow third-party command extensions
### Migration Guide for Contributors
See `docs/development/COMMAND_HANDLER_GUIDE.md` for:
- How to add new commands
- How to modify existing handlers
- How to add new shortcuts
- Testing guidelines
## Related Documentation
- **Architecture Overview**: `docs/architecture/system-overview.md`
- **Developer Guide**: `docs/development/COMMAND_HANDLER_GUIDE.md`
- **Main Project Docs**: `CLAUDE.md` (updated with new structure)
- **Test Suite**: `tests/test_provisioning_refactor.nu`
## Conclusion
This refactoring transforms the provisioning CLI from a monolithic, hard-to-maintain script into a modular, well-organized system following software
engineering best practices. The 84% reduction in main file size, elimination of code duplication, and comprehensive test coverage position the project
for sustainable long-term growth.
The new architecture enables:
- **Faster development**: Add commands in minutes, not hours
- **Better quality**: Isolated testing catches bugs early
- **Easier maintenance**: Clear structure reduces cognitive load
- **Enhanced UX**: Shortcuts and bi-directional help improve usability
**Status**: Successfully implemented and tested. All commands operational. Ready for production use.
---
*This ADR documents a major architectural improvement completed on 2025-09-30.*

266
docs/src/architecture/adr/ADR-007-kms-simplification.md
View File

@ -1,266 +0,0 @@
# ADR-007: KMS Service Simplification to Age and Cosmian Backends
**Status**: Accepted
**Date**: 2025-10-08
**Deciders**: Architecture Team
**Related**: ADR-006 (KMS Service Integration)
## Context
The KMS service initially supported 4 backends: HashiCorp Vault, AWS KMS, Age, and Cosmian KMS. This created unnecessary complexity and unclear
guidance about which backend to use for different environments.
### Problems with 4-Backend Approach
1. **Complexity**: Supporting 4 different backends increased maintenance burden
2. **Dependencies**: AWS SDK added significant compile time (~30 s) and binary size
3. **Confusion**: No clear guidance on which backend to use when
4. **Cloud Lock-in**: AWS KMS dependency limited infrastructure flexibility
5. **Operational Overhead**: Vault requires server setup even for simple dev environments
6. **Code Duplication**: Similar logic implemented 4 different ways
### Key Insights
- Most development work doesn't need server-based KMS
- Production deployments need enterprise-grade security features
- Age provides fast, offline encryption perfect for development
- Cosmian KMS offers confidential computing and zero-knowledge architecture
- Supporting Vault AND Cosmian is redundant (both are server-based KMS)
- AWS KMS locks us into AWS infrastructure
## Decision
Simplify the KMS service to support only 2 backends:
1. **Age**: For development and local testing
- Fast, offline, no server required
- Simple key generation with `age-keygen`
- X25519 encryption (modern, secure)
- Perfect for dev/test environments
2. **Cosmian KMS**: For production deployments
- Enterprise-grade key management
- Confidential computing support (SGX/SEV)
- Zero-knowledge architecture
- Server-side key rotation
- Audit logging and compliance
- Multi-tenant support
Remove support for:
- ❌ HashiCorp Vault (redundant with Cosmian)
- ❌ AWS KMS (cloud lock-in, complexity)
## Consequences
### Positive
1. **Simpler Code**: 2 backends instead of 4 reduces complexity by 50%
2. **Faster Compilation**: Removing AWS SDK saves ~30 seconds compile time
3. **Clear Guidance**: Age = dev, Cosmian = prod (no confusion)
4. **Offline Development**: Age works without network connectivity
5. **Better Security**: Cosmian provides confidential computing (TEE)
6. **No Cloud Lock-in**: Not dependent on AWS infrastructure
7. **Easier Testing**: Age backend requires no setup
8. **Reduced Dependencies**: Fewer external crates to maintain
### Negative
1. **Migration Required**: Existing Vault/AWS KMS users must migrate
2. **Learning Curve**: Teams must learn Age and Cosmian
3. **Cosmian Dependency**: Production depends on Cosmian availability
4. **Cost**: Cosmian may have licensing costs (cloud or self-hosted)
### Neutral
1. **Feature Parity**: Cosmian provides all features Vault/AWS had
2. **API Compatibility**: Encrypt/decrypt API remains primarily the same
3. **Configuration Change**: TOML config structure updated but similar
## Implementation
### Files Created
1. `src/age/client.rs` (167 lines) - Age encryption client
2. `src/age/mod.rs` (3 lines) - Age module exports
3. `src/cosmian/client.rs` (294 lines) - Cosmian KMS client
4. `src/cosmian/mod.rs` (3 lines) - Cosmian module exports
5. `docs/migration/KMS_SIMPLIFICATION.md` (500+ lines) - Migration guide
### Files Modified
1. `src/lib.rs` - Updated exports (age, cosmian instead of aws, vault)
2. `src/types.rs` - Updated error types and config enum
3. `src/service.rs` - Simplified to 2 backends (180 lines, was 213)
4. `Cargo.toml` - Removed AWS deps, added `age = "0.10"`
5. `README.md` - Complete rewrite for new backends
6. `provisioning/config/kms.toml` - Simplified configuration
### Files Deleted
1. `src/aws/client.rs` - AWS KMS client
2. `src/aws/envelope.rs` - Envelope encryption helpers
3. `src/aws/mod.rs` - AWS module
4. `src/vault/client.rs` - Vault client
5. `src/vault/mod.rs` - Vault module
### Dependencies Changed
**Removed**:
- `aws-sdk-kms = "1"`
- `aws-config = "1"`
- `aws-credential-types = "1"`
- `aes-gcm = "0.10"` (was only for AWS envelope encryption)
**Added**:
- `age = "0.10"`
- `tempfile = "3"` (dev dependency for tests)
**Kept**:
- All Axum web framework deps
- `reqwest` (for Cosmian HTTP API)
- `base64`, `serde`, `tokio`, etc.
## Migration Path
### For Development
```bash
# 1. Install Age
brew install age # or apt install age
# 2. Generate keys
age-keygen -o ~/.config/provisioning/age/private_key.txt
age-keygen -y ~/.config/provisioning/age/private_key.txt > ~/.config/provisioning/age/public_key.txt
# 3. Update config to use Age backend
# 4. Re-encrypt development secrets
```
### For Production
```bash
# 1. Set up Cosmian KMS (cloud or self-hosted)
# 2. Create master key in Cosmian
# 3. Migrate secrets from Vault/AWS to Cosmian
# 4. Update production config
# 5. Deploy new KMS service
```
See `docs/migration/KMS_SIMPLIFICATION.md` for detailed steps.
## Alternatives Considered
### Alternative 1: Keep All 4 Backends
**Pros**:
- No migration required
- Maximum flexibility
**Cons**:
- Continued complexity
- Maintenance burden
- Unclear guidance
**Rejected**: Complexity outweighs benefits
### Alternative 2: Only Cosmian (No Age)
**Pros**:
- Single backend
- Enterprise-grade everywhere
**Cons**:
- Requires Cosmian server for development
- Slower dev iteration
- Network dependency for local dev
**Rejected**: Development experience matters
### Alternative 3: Only Age (No Production Backend)
**Pros**:
- Simplest solution
- No server required
**Cons**:
- Not suitable for production
- No audit logging
- No key rotation
- No multi-tenant support
**Rejected**: Production needs enterprise features
### Alternative 4: Age + HashiCorp Vault
**Pros**:
- Vault is widely known
- No Cosmian dependency
**Cons**:
- Vault lacks confidential computing
- Vault server still required
- No zero-knowledge architecture
**Rejected**: Cosmian provides better security features
## Metrics
### Code Reduction
- **Total Lines Removed**: ~800 lines (AWS + Vault implementations)
- **Total Lines Added**: ~470 lines (Age + Cosmian + docs)
- **Net Reduction**: ~330 lines
### Dependency Reduction
- **Crates Removed**: 4 (aws-sdk-kms, aws-config, aws-credential-types, aes-gcm)
- **Crates Added**: 1 (age)
- **Net Reduction**: 3 crates
### Compilation Time
- **Before**: ~90 seconds (with AWS SDK)
- **After**: ~60 seconds (without AWS SDK)
- **Improvement**: 33% faster
## Compliance
### Security Considerations
1. **Age Security**: X25519 (Curve25519) encryption, modern and secure
2. **Cosmian Security**: Confidential computing, zero-knowledge, enterprise-grade
3. **No Regression**: Security features maintained or improved
4. **Clear Separation**: Dev (Age) never used for production secrets
### Testing Requirements
1. **Unit Tests**: Both backends have comprehensive test coverage
2. **Integration Tests**: Age tests run without external deps
3. **Cosmian Tests**: Require test server (marked as `#[ignore]`)
4. **Migration Tests**: Verify old configs fail gracefully
## References
- [Age Encryption](https://github.com/FiloSottile/age) - Modern encryption tool
- [Cosmian KMS](https://cosmian.com/kms/) - Enterprise KMS with confidential computing
- [ADR-006](adr-006-provisioning-cli-refactoring.md) - Previous KMS integration
- [Migration Guide](../migration/KMS_SIMPLIFICATION.md) - Detailed migration steps
## Notes
- Age is designed by Filippo Valsorda (Google, Go security team)
- Cosmian provides FIPS 140-2 Level 3 compliance (when using certified hardware)
- This decision aligns with project goal of reducing cloud provider dependencies
- Migration timeline: 6 weeks for full adoption

352
docs/src/architecture/adr/ADR-008-cedar-authorization.md
View File

@ -1,352 +0,0 @@
# ADR-008: Cedar Authorization Policy Engine Integration
**Status**: Accepted
**Date**: 2025-10-08
**Deciders**: Architecture Team
**Tags**: security, authorization, cedar, policy-engine
## Context and Problem Statement
The Provisioning platform requires fine-grained authorization controls to manage access to infrastructure resources across multiple environments
(development, staging, production). The authorization system must:
1. Support complex authorization rules (MFA, IP restrictions, time windows, approvals)
2. Be auditable and version-controlled
3. Allow hot-reload of policies without restart
4. Integrate with JWT tokens for identity
5. Scale to thousands of authorization decisions per second
6. Be maintainable by security team without code changes
Traditional code-based authorization (if/else statements) is difficult to audit, maintain, and scale.
## Decision Drivers
- **Security**: Critical for production infrastructure access
- **Auditability**: Compliance requirements demand clear authorization policies
- **Flexibility**: Policies change more frequently than code
- **Performance**: Low-latency authorization decisions (<10 ms)
- **Maintainability**: Security team should update policies without developers
- **Type Safety**: Prevent policy errors before deployment
## Considered Options
### Option 1: Code-Based Authorization (Current State)
Implement authorization logic directly in Rust/Nushell code.
**Pros**:
- Full control and flexibility
- No external dependencies
- Simple to understand for small use cases
**Cons**:
- Hard to audit and maintain
- Requires code deployment for policy changes
- No type safety for policies
- Difficult to test all combinations
- Not declarative
### Option 2: OPA (Open Policy Agent)
Use OPA with Rego policy language.
**Pros**:
- Industry standard
- Rich ecosystem
- Rego is powerful
**Cons**:
- Rego is complex to learn
- Requires separate service deployment
- Performance overhead (HTTP calls)
- Policies not type-checked
### Option 3: Cedar Policy Engine (Chosen)
Use AWS Cedar policy language integrated directly into orchestrator.
**Pros**:
- Type-safe policy language
- Fast (compiled, no network overhead)
- Schema-based validation
- Declarative and auditable
- Hot-reload support
- Rust library (no external service)
- Deny-by-default security model
**Cons**:
- Recently introduced (2023)
- Smaller ecosystem than OPA
- Learning curve for policy authors
### Option 4: Casbin
Use Casbin authorization library.
**Pros**:
- Multiple policy models (ACL, RBAC, ABAC)
- Rust bindings available
**Cons**:
- Less declarative than Cedar
- Weaker type safety
- More imperative style
## Decision Outcome
**Chosen Option**: Option 3 - Cedar Policy Engine
### Rationale
1. **Type Safety**: Cedar's schema validation prevents policy errors before deployment
2. **Performance**: Native Rust library, no network overhead, <1 ms authorization decisions
3. **Auditability**: Declarative policies in version control
4. **Hot Reload**: Update policies without orchestrator restart
5. **AWS Standard**: Used in production by AWS for AVP (Amazon Verified Permissions)
6. **Deny-by-Default**: Secure by design
### Implementation Details
#### Architecture
```bash
┌─────────────────────────────────────────────────────────┐
│ Orchestrator │
├─────────────────────────────────────────────────────────┤
│ │
│ HTTP Request │
│ ↓ │
│ ┌──────────────────┐ │
│ │ JWT Validation │ ← Token Validator │
│ └────────┬─────────┘ │
│ ↓ │
│ ┌──────────────────┐ │
│ │ Cedar Engine │ ← Policy Loader │
│ │ │ (Hot Reload) │
│ │ • Check Policies │ │
│ │ • Evaluate Rules │ │
│ │ • Context Check │ │
│ └────────┬─────────┘ │
│ ↓ │
│ Allow / Deny │
│ │
└─────────────────────────────────────────────────────────┘
```
#### Policy Organization
```bash
provisioning/config/cedar-policies/
├── schema.cedar # Entity and action definitions
├── production.cedar # Production environment policies
├── development.cedar # Development environment policies
├── admin.cedar # Administrative policies
└── README.md # Documentation
```
#### Rust Implementation
```rust
provisioning/platform/orchestrator/src/security/
├── cedar.rs # Cedar engine integration (450 lines)
├── policy_loader.rs # Policy loading with hot reload (320 lines)
├── authorization.rs # Middleware integration (380 lines)
├── mod.rs # Module exports
└── tests.rs # Comprehensive tests (450 lines)
```
#### Key Components
1. **CedarEngine**: Core authorization engine
- Load policies from strings
- Load schema for validation
- Authorize requests
- Policy statistics
2. **PolicyLoader**: File-based policy management
- Load policies from directory
- Hot reload on file changes (notify crate)
- Validate policy syntax
- Schema validation
3. **Authorization Middleware**: Axum integration
- Extract JWT claims
- Build authorization context (IP, MFA, time)
- Check authorization
- Return 403 Forbidden on deny
4. **Policy Files**: Declarative authorization rules
- Production: MFA, approvals, IP restrictions, business hours
- Development: Permissive for developers
- Admin: Platform admin, SRE, audit team policies
#### Context Variables
```bash
AuthorizationContext {
mfa_verified: bool, // MFA verification status
ip_address: String, // Client IP address
time: String, // ISO 8601 timestamp
approval_id: Option<String>, // Approval ID (optional)
reason: Option<String>, // Reason for operation
force: bool, // Force flag
additional: HashMap, // Additional context
}
```
#### Example Policy
```bash
// Production deployments require MFA verification
@id("prod-deploy-mfa")
@description("All production deployments must have MFA verification")
permit (
principal,
action == Provisioning::Action::"deploy",
resource in Provisioning::Environment::"production"
) when {
context.mfa_verified == true
};
```
### Integration Points
1. **JWT Tokens**: Extract principal and context from validated JWT
2. **Audit System**: Log all authorization decisions
3. **Control Center**: UI for policy management and testing
4. **CLI**: Policy validation and testing commands
### Security Best Practices
1. **Deny by Default**: Cedar defaults to deny all actions
2. **Schema Validation**: Type-check policies before loading
3. **Version Control**: All policies in git for auditability
4. **Principle of Least Privilege**: Grant minimum necessary permissions
5. **Defense in Depth**: Combine with JWT validation and rate limiting
6. **Separation of Concerns**: Security team owns policies, developers own code
## Consequences
### Positive
1. ✅ **Auditable**: All policies in version control
2. ✅ **Type-Safe**: Schema validation prevents errors
3. ✅ **Fast**: <1 ms authorization decisions
4. ✅ **Maintainable**: Security team can update policies independently
5. ✅ **Hot Reload**: No downtime for policy updates
6. ✅ **Testable**: Comprehensive test suite for policies
7. ✅ **Declarative**: Clear intent, no hidden logic
### Negative
1. ❌ **Learning Curve**: Team must learn Cedar policy language
2. ❌ **New Technology**: Cedar is relatively new (2023)
3. ❌ **Ecosystem**: Smaller community than OPA
4. ❌ **Tooling**: Limited IDE support compared to Rego
### Neutral
1. 🔶 **Migration**: Existing authorization logic needs migration to Cedar
2. 🔶 **Policy Complexity**: Complex rules may be harder to express
3. 🔶 **Debugging**: Policy debugging requires understanding Cedar evaluation
## Compliance
### Security Standards
- **SOC 2**: Auditable access control policies
- **ISO 27001**: Access control management
- **GDPR**: Data access authorization and logging
- **NIST 800-53**: AC-3 Access Enforcement
### Audit Requirements
All authorization decisions include:
- Principal (user/team)
- Action performed
- Resource accessed
- Context (MFA, IP, time)
- Decision (allow/deny)
- Policies evaluated
## Migration Path
### Phase 1: Implementation (Completed)
- ✅ Cedar engine integration
- ✅ Policy loader with hot reload
- ✅ Authorization middleware
- ✅ Production, development, and admin policies
- ✅ Comprehensive tests
### Phase 2: Rollout (Next)
- 🔲 Enable Cedar authorization in orchestrator
- 🔲 Migrate existing authorization logic to Cedar policies
- 🔲 Add authorization checks to all API endpoints
- 🔲 Integrate with audit logging
### Phase 3: Enhancement (Future)
- 🔲 Control Center policy editor UI
- 🔲 Policy testing UI
- 🔲 Policy simulation and dry-run mode
- 🔲 Policy analytics and insights
- 🔲 Advanced context variables (location, device type)
## Alternatives Considered
### Alternative 1: Continue with Code-Based Authorization
Keep authorization logic in Rust/Nushell code.
**Rejected Because**:
- Not auditable
- Requires code changes for policy updates
- Difficult to test all combinations
- Not compliant with security standards
### Alternative 2: Hybrid Approach
Use Cedar for high-level policies, code for fine-grained checks.
**Rejected Because**:
- Complexity of two authorization systems
- Unclear separation of concerns
- Harder to audit
## References
- **Cedar Documentation**: <https://docs.cedarpolicy.com/>
- **Cedar GitHub**: <https://github.com/cedar-policy/cedar>
- **AWS AVP**: <https://aws.amazon.com/verified-permissions/>
- **Policy Files**: `/provisioning/config/cedar-policies/`
- **Implementation**: `/provisioning/platform/orchestrator/src/security/`
## Related ADRs
- ADR-003: JWT Token-Based Authentication
- ADR-004: Audit Logging System
- ADR-005: KMS Key Management
## Notes
Cedar policy language is inspired by decades of authorization research (XACML, AWS IAM) and production experience at AWS. It balances expressiveness
with safety.
---
**Approved By**: Architecture Team
**Implementation Date**: 2025-10-08
**Review Date**: 2026-01-08 (Quarterly)

661
docs/src/architecture/adr/ADR-009-security-system-complete.md
View File

@ -1,661 +0,0 @@
# ADR-009: Complete Security System Implementation
**Status**: Implemented
**Date**: 2025-10-08
**Decision Makers**: Architecture Team
---
## Context
The Provisioning platform required a comprehensive, enterprise-grade security system covering authentication, authorization, secrets management, MFA,
compliance, and emergency access. The system needed to be production-ready, scalable, and compliant with GDPR, SOC2, and ISO 27001.
---
## Decision
Implement a complete security architecture using 12 specialized components organized in 4 implementation groups.
---
## Implementation Summary
### Total Implementation
- **39,699 lines** of production-ready code
- **136 files** created/modified
- **350+ tests** implemented
- **83+ REST endpoints** available
- **111+ CLI commands** ready
---
## Architecture Components
### Group 1: Foundation (13,485 lines)
#### 1. JWT Authentication (1,626 lines)
**Location**: `provisioning/platform/control-center/src/auth/`
**Features**:
- RS256 asymmetric signing
- Access tokens (15 min) + refresh tokens (7 d)
- Token rotation and revocation
- Argon2id password hashing
- 5 user roles (Admin, Developer, Operator, Viewer, Auditor)
- Thread-safe blacklist
**API**: 6 endpoints
**CLI**: 8 commands
**Tests**: 30+
#### 2. Cedar Authorization (5,117 lines)
**Location**: `provisioning/config/cedar-policies/`, `provisioning/platform/orchestrator/src/security/`
**Features**:
- Cedar policy engine integration
- 4 policy files (schema, production, development, admin)
- Context-aware authorization (MFA, IP, time windows)
- Hot reload without restart
- Policy validation
**API**: 4 endpoints
**CLI**: 6 commands
**Tests**: 30+
#### 3. Audit Logging (3,434 lines)
**Location**: `provisioning/platform/orchestrator/src/audit/`
**Features**:
- Structured JSON logging
- 40+ action types
- GDPR compliance (PII anonymization)
- 5 export formats (JSON, CSV, Splunk, ECS, JSON Lines)
- Query API with advanced filtering
**API**: 7 endpoints
**CLI**: 8 commands
**Tests**: 25
#### 4. Config Encryption (3,308 lines)
**Location**: `provisioning/core/nulib/lib_provisioning/config/encryption.nu`
**Features**:
- SOPS integration
- 4 KMS backends (Age, AWS KMS, Vault, Cosmian)
- Transparent encryption/decryption
- Memory-only decryption
- Auto-detection
**CLI**: 10 commands
**Tests**: 7
---
### Group 2: KMS Integration (9,331 lines)
#### 5. KMS Service (2,483 lines)
**Location**: `provisioning/platform/kms-service/`
**Features**:
- HashiCorp Vault (Transit engine)
- AWS KMS (Direct + envelope encryption)
- Context-based encryption (AAD)
- Key rotation support
- Multi-region support
**API**: 8 endpoints
**CLI**: 15 commands
**Tests**: 20
#### 6. Dynamic Secrets (4,141 lines)
**Location**: `provisioning/platform/orchestrator/src/secrets/`
**Features**:
- AWS STS temporary credentials (15 min-12 h)
- SSH key pair generation (Ed25519)
- UpCloud API subaccounts
- TTL manager with auto-cleanup
- Vault dynamic secrets integration
**API**: 7 endpoints
**CLI**: 10 commands
**Tests**: 15
#### 7. SSH Temporal Keys (2,707 lines)
**Location**: `provisioning/platform/orchestrator/src/ssh/`
**Features**:
- Ed25519 key generation
- Vault OTP (one-time passwords)
- Vault CA (certificate authority signing)
- Auto-deployment to authorized_keys
- Background cleanup every 5 min
**API**: 7 endpoints
**CLI**: 10 commands
**Tests**: 31
---
### Group 3: Security Features (8,948 lines)
#### 8. MFA Implementation (3,229 lines)
**Location**: `provisioning/platform/control-center/src/mfa/`
**Features**:
- TOTP (RFC 6238, 6-digit codes, 30 s window)
- WebAuthn/FIDO2 (YubiKey, Touch ID, Windows Hello)
- QR code generation
- 10 backup codes per user
- Multiple devices per user
- Rate limiting (5 attempts/5 min)
**API**: 13 endpoints
**CLI**: 15 commands
**Tests**: 85+
#### 9. Orchestrator Auth Flow (2,540 lines)
**Location**: `provisioning/platform/orchestrator/src/middleware/`
**Features**:
- Complete middleware chain (5 layers)
- Security context builder
- Rate limiting (100 req/min per IP)
- JWT authentication middleware
- MFA verification middleware
- Cedar authorization middleware
- Audit logging middleware
**Tests**: 53
#### 10. Control Center UI (3,179 lines)
**Location**: `provisioning/platform/control-center/web/`
**Features**:
- React/TypeScript UI
- Login with MFA (2-step flow)
- MFA setup (TOTP + WebAuthn wizards)
- Device management
- Audit log viewer with filtering
- API token management
- Security settings dashboard
**Components**: 12 React components
**API Integration**: 17 methods
---
### Group 4: Advanced Features (7,935 lines)
#### 11. Break-Glass Emergency Access (3,840 lines)
**Location**: `provisioning/platform/orchestrator/src/break_glass/`
**Features**:
- Multi-party approval (2+ approvers, different teams)
- Emergency JWT tokens (4 h max, special claims)
- Auto-revocation (expiration + inactivity)
- Enhanced audit (7-year retention)
- Real-time alerts
- Background monitoring
**API**: 12 endpoints
**CLI**: 10 commands
**Tests**: 985 lines (unit + integration)
#### 12. Compliance (4,095 lines)
**Location**: `provisioning/platform/orchestrator/src/compliance/`
**Features**:
- **GDPR**: Data export, deletion, rectification, portability, objection
- **SOC2**: 9 Trust Service Criteria verification
- **ISO 27001**: 14 Annex A control families
- **Incident Response**: Complete lifecycle management
- **Data Protection**: 4-level classification, encryption controls
- **Access Control**: RBAC matrix with role verification
**API**: 35 endpoints
**CLI**: 23 commands
**Tests**: 11
---
## Security Architecture Flow
### End-to-End Request Flow
```bash
1. User Request
2. Rate Limiting (100 req/min per IP)
3. JWT Authentication (RS256, 15 min tokens)
4. MFA Verification (TOTP/WebAuthn for sensitive ops)
5. Cedar Authorization (context-aware policies)
6. Dynamic Secrets (AWS STS, SSH keys, 1h TTL)
7. Operation Execution (encrypted configs, KMS)
8. Audit Logging (structured JSON, GDPR-compliant)
9. Response
```
### Emergency Access Flow
```bash
1. Emergency Request (reason + justification)
2. Multi-Party Approval (2+ approvers, different teams)
3. Session Activation (special JWT, 4h max)
4. Enhanced Audit (7-year retention, immutable)
5. Auto-Revocation (expiration/inactivity)
```
---
## Technology Stack
### Backend (Rust)
- **axum**: HTTP framework
- **jsonwebtoken**: JWT handling (RS256)
- **cedar-policy**: Authorization engine
- **totp-rs**: TOTP implementation
- **webauthn-rs**: WebAuthn/FIDO2
- **aws-sdk-kms**: AWS KMS integration
- **argon2**: Password hashing
- **tracing**: Structured logging
### Frontend (TypeScript/React)
- **React 18**: UI framework
- **Leptos**: Rust WASM framework
- **@simplewebauthn/browser**: WebAuthn client
- **qrcode.react**: QR code generation
### CLI (Nushell)
- **Nushell 0.107**: Shell and scripting
- **nu_plugin_kcl**: KCL integration
### Infrastructure
- **HashiCorp Vault**: Secrets management, KMS, SSH CA
- **AWS KMS**: Key management service
- **PostgreSQL/SurrealDB**: Data storage
- **SOPS**: Config encryption
---
## Security Guarantees
### Authentication
✅ RS256 asymmetric signing (no shared secrets)
✅ Short-lived access tokens (15 min)
✅ Token revocation support
✅ Argon2id password hashing (memory-hard)
✅ MFA enforced for production operations
### Authorization
✅ Fine-grained permissions (Cedar policies)
✅ Context-aware (MFA, IP, time windows)
✅ Hot reload policies (no downtime)
✅ Deny by default
### Secrets Management
✅ No static credentials stored
✅ Time-limited secrets (1h default)
✅ Auto-revocation on expiry
✅ Encryption at rest (KMS)
✅ Memory-only decryption
### Audit & Compliance
✅ Immutable audit logs
✅ GDPR-compliant (PII anonymization)
✅ SOC2 controls implemented
✅ ISO 27001 controls verified
✅ 7-year retention for break-glass
### Emergency Access
✅ Multi-party approval required
✅ Time-limited sessions (4h max)
✅ Enhanced audit logging
✅ Auto-revocation
✅ Cannot be disabled
---
## Performance Characteristics
| Component | Latency | Throughput | Memory |
| ----------- | --------- | ------------ | -------- |
| JWT Auth | <5 ms | 10,000/s | ~10 MB |
| Cedar Authz | <10 ms | 5,000/s | ~50 MB |
| Audit Log | <5 ms | 20,000/s | ~100 MB |
| KMS Encrypt | <50 ms | 1,000/s | ~20 MB |
| Dynamic Secrets | <100 ms | 500/s | ~50 MB |
| MFA Verify | <50 ms | 2,000/s | ~30 MB |
**Total Overhead**: ~10-20 ms per request
**Memory Usage**: ~260 MB total for all security components
---
## Deployment Options
### Development
```bash
# Start all services
cd provisioning/platform/kms-service && cargo run &
cd provisioning/platform/orchestrator && cargo run &
cd provisioning/platform/control-center && cargo run &
```
### Production
```bash
# Kubernetes deployment
kubectl apply -f k8s/security-stack.yaml
# Docker Compose
docker-compose up -d kms orchestrator control-center
# Systemd services
systemctl start provisioning-kms
systemctl start provisioning-orchestrator
systemctl start provisioning-control-center
```
---
## Configuration
### Environment Variables
```bash
# JWT
export JWT_ISSUER="control-center"
export JWT_AUDIENCE="orchestrator,cli"
export JWT_PRIVATE_KEY_PATH="/keys/private.pem"
export JWT_PUBLIC_KEY_PATH="/keys/public.pem"
# Cedar
export CEDAR_POLICIES_PATH="/config/cedar-policies"
export CEDAR_ENABLE_HOT_RELOAD=true
# KMS
export KMS_BACKEND="vault"
export VAULT_ADDR="https://vault.example.com"
export VAULT_TOKEN="..."
# MFA
export MFA_TOTP_ISSUER="Provisioning"
export MFA_WEBAUTHN_RP_ID="provisioning.example.com"
```
### Config Files
```toml
# provisioning/config/security.toml
[jwt]
issuer = "control-center"
audience = ["orchestrator", "cli"]
access_token_ttl = "15m"
refresh_token_ttl = "7d"
[cedar]
policies_path = "config/cedar-policies"
hot_reload = true
reload_interval = "60s"
[mfa]
totp_issuer = "Provisioning"
webauthn_rp_id = "provisioning.example.com"
rate_limit = 5
rate_limit_window = "5m"
[kms]
backend = "vault"
vault_address = "https://vault.example.com"
vault_mount_point = "transit"
[audit]
retention_days = 365
retention_break_glass_days = 2555 # 7 years
export_format = "json"
pii_anonymization = true
```
---
## Testing
### Run All Tests
```bash
# Control Center (JWT, MFA)
cd provisioning/platform/control-center
cargo test
# Orchestrator (Cedar, Audit, Secrets, SSH, Break-Glass, Compliance)
cd provisioning/platform/orchestrator
cargo test
# KMS Service
cd provisioning/platform/kms-service
cargo test
# Config Encryption (Nushell)
nu provisioning/core/nulib/lib_provisioning/config/encryption_tests.nu
```
### Integration Tests
```bash
# Full security flow
cd provisioning/platform/orchestrator
cargo test --test security_integration_tests
cargo test --test break_glass_integration_tests
```
---
## Monitoring & Alerts
### Metrics to Monitor
- Authentication failures (rate, sources)
- Authorization denials (policies, resources)
- MFA failures (attempts, users)
- Token revocations (rate, reasons)
- Break-glass activations (frequency, duration)
- Secrets generation (rate, types)
- Audit log volume (events/sec)
### Alerts to Configure
- Multiple failed auth attempts (5+ in 5 min)
- Break-glass session created
- Compliance report non-compliant
- Incident severity critical/high
- Token revocation spike
- KMS errors
- Audit log export failures
---
## Maintenance
### Daily
- Monitor audit logs for anomalies
- Review failed authentication attempts
- Check break-glass sessions (should be zero)
### Weekly
- Review compliance reports
- Check incident response status
- Verify backup code usage
- Review MFA device additions/removals
### Monthly
- Rotate KMS keys
- Review and update Cedar policies
- Generate compliance reports (GDPR, SOC2, ISO)
- Audit access control matrix
### Quarterly
- Full security audit
- Penetration testing
- Compliance certification review
- Update security documentation
---
## Migration Path
### From Existing System
1. **Phase 1**: Deploy security infrastructure
- KMS service
- Orchestrator with auth middleware
- Control Center
2. **Phase 2**: Migrate authentication
- Enable JWT authentication
- Migrate existing users
- Disable old auth system
3. **Phase 3**: Enable MFA
- Require MFA enrollment for admins
- Gradual rollout to all users
4. **Phase 4**: Enable Cedar authorization
- Deploy initial policies (permissive)
- Monitor authorization decisions
- Tighten policies incrementally
5. **Phase 5**: Enable advanced features
- Break-glass procedures
- Compliance reporting
- Incident response
---
## Future Enhancements
### Planned (Not Implemented)
- **Hardware Security Module (HSM)** integration
- **OAuth2/OIDC** federation
- **SAML SSO** for enterprise
- **Risk-based authentication** (IP reputation, device fingerprinting)
- **Behavioral analytics** (anomaly detection)
- **Zero-Trust Network** (service mesh integration)
### Under Consideration
- **Blockchain audit log** (immutable append-only log)
- **Quantum-resistant cryptography** (post-quantum algorithms)
- **Confidential computing** (SGX/SEV enclaves)
- **Distributed break-glass** (multi-region approval)
---
## Consequences
### Positive
**Enterprise-grade security** meeting GDPR, SOC2, ISO 27001
**Zero static credentials** (all dynamic, time-limited)
**Complete audit trail** (immutable, GDPR-compliant)
**MFA-enforced** for sensitive operations
**Emergency access** with enhanced controls
**Fine-grained authorization** (Cedar policies)
**Automated compliance** (reports, incident response)
### Negative
⚠️ **Increased complexity** (12 components to manage)
⚠️ **Performance overhead** (~10-20 ms per request)
⚠️ **Memory footprint** (~260 MB additional)
⚠️ **Learning curve** (Cedar policy language, MFA setup)
⚠️ **Operational overhead** (key rotation, policy updates)
### Mitigations
- Comprehensive documentation (ADRs, guides, API docs)
- CLI commands for all operations
- Automated monitoring and alerting
- Gradual rollout with feature flags
- Training materials for operators
---
## Related Documentation
- **JWT Auth**: `docs/architecture/JWT_AUTH_IMPLEMENTATION.md`
- **Cedar Authz**: `docs/architecture/CEDAR_AUTHORIZATION_IMPLEMENTATION.md`
- **Audit Logging**: `docs/architecture/AUDIT_LOGGING_IMPLEMENTATION.md`
- **MFA**: `docs/architecture/MFA_IMPLEMENTATION_SUMMARY.md`
- **Break-Glass**: `docs/architecture/BREAK_GLASS_IMPLEMENTATION_SUMMARY.md`
- **Compliance**: `docs/architecture/COMPLIANCE_IMPLEMENTATION_SUMMARY.md`
- **Config Encryption**: `docs/user/CONFIG_ENCRYPTION_GUIDE.md`
- **Dynamic Secrets**: `docs/user/DYNAMIC_SECRETS_QUICK_REFERENCE.md`
- **SSH Keys**: `docs/user/SSH_TEMPORAL_KEYS_USER_GUIDE.md`
---
## Approval
**Architecture Team**: Approved
**Security Team**: Approved (pending penetration test)
**Compliance Team**: Approved (pending audit)
**Engineering Team**: Approved
---
**Date**: 2025-10-08
**Version**: 1.0.0
**Status**: Implemented and Production-Ready

99
docs/src/architecture/adr/README.md
View File

@ -1,60 +1,77 @@
# Architecture Decision Records (ADRs)
# Architecture Decision Records
This directory contains all Architecture Decision Records for the provisioning platform. ADRs document significant architectural decisions and their rationale.
This section contains Architecture Decision Records (ADRs) documenting key architectural decisions and their rationale for the Provisioning platform.
## Index of Decisions
## ADR Index
### Core Architecture (ADR-001 to ADR-006)
### Core Architecture Decisions
- **ADR-001**: [Project Structure](adr-001-project-structure.md) - Overall project organization and directory layout
- **ADR-002**: [Distribution Strategy](adr-002-distribution-strategy.md) - How the platform is packaged and distributed
- **ADR-003**: [Workspace Isolation](adr-003-workspace-isolation.md) - Workspace management and isolation boundaries
- **ADR-004**: [Hybrid Architecture](adr-004-hybrid-architecture.md) - Rust/Nushell hybrid system design
- **ADR-005**: [Extension Framework](adr-005-extension-framework.md) - Plugin/extension system architecture
- **ADR-006**: [Provisioning CLI Refactoring](adr-006-provisioning-cli-refactoring.md) - CLI modularization and command handling
- **[ADR-001: Modular CLI Architecture](./adr-001-modular-cli.md)** - Decentralized CLI
registration reducing code by 84%, 80+ keyboard shortcuts, dynamic subcommands.
### Infrastructure & Configuration (ADR-007 to ADR-011)
- **[ADR-002: Workspace-First Architecture](./adr-002-workspace-first.md)** - Workspaces
as primary organizational unit with isolation boundaries.
- **ADR-007**: [KMS Simplification](adr-007-kms-simplification.md) - Key Management System design
- **ADR-008**: [Cedar Authorization](adr-008-cedar-authorization.md) - Fine-grained authorization via Cedar policies
- **ADR-009**: [Security System Complete](adr-009-security-system-complete.md) - Comprehensive security implementation
- **ADR-010**: [Configuration Format Strategy](adr-010-configuration-format-strategy.md) - When to use Nickel, TOML, YAML, or KCL
- **ADR-011**: [Nickel Migration](adr-011-nickel-migration.md) - Migration from KCL to Nickel as primary IaC language
- **[ADR-003: Nickel as Source of Truth](./adr-003-nickel-as-source-of-truth.md)** -
Nickel for type-safe configuration, mandatory validation, KCL migration.
### Platform Services (ADR-012 to ADR-014)
- **[ADR-004: 12-Microservice Architecture](./adr-004-microservice-distribution.md)** -
Distributed microservices for independent scaling and deployment.
- **ADR-012**: [Nushell Nickel Plugin CLI Wrapper](adr-012-nushell-nickel-plugin-cli-wrapper.md) - Plugin architecture for Nickel integration
- **ADR-013**: [Typdialog Web UI Backend Integration](adr-013-typdialog-integration.md) - Browser-based configuration forms with multi-user collaboration
- **ADR-014**: [SecretumVault Integration](adr-014-secretumvault-integration.md) - Centralized secrets management with dynamic credentials
- **[ADR-005: Service Communication](./adr-005-service-communication.md)** - HTTP REST
for sync operations, message queues for async, pub/sub for events.
### AI and Intelligence (ADR-015)
### Security and Cryptography
- **ADR-015**: [AI Integration Architecture](adr-015-ai-integration-architecture.md) - Comprehensive AI system for intelligent infrastructure provisioning
- **[ADR-006: Post-Quantum Cryptography](./adr-006-post-quantum-cryptography.md)** -
Hybrid encryption: CRYSTALS-Kyber, SPHINCS+, Falcon with AES-256 fallback.
## How to Use ADRs
- **[ADR-007: Multi-Layer Data Encryption](./adr-007-data-encryption-strategy.md)** -
Encryption at-rest, in-transit, field-level, with key rotation policies.
1. **For decisions affecting architecture**: Create a new ADR with the next sequential number
2. **For reading decisions**: Browse this list or check SUMMARY.md
3. **For understanding context**: Each ADR includes context, rationale, and consequences
### Operations and Observability
## ADR Format
- **[ADR-008: Unified Observability Stack](./adr-008-observability-and-monitoring.md)** -
Prometheus metrics, ELK Stack, Jaeger distributed tracing.
Each ADR follows this standard structure:
- **[ADR-009: SLO and Error Budget Management](./adr-009-slo-error-budgets.md)** - Service
Level Objectives with automatic remediation on SLO violations.
- **Context**: What problem we're solving
- **Decision**: What we decided
- **Rationale**: Why we chose this approach
- **Consequences**: Positive and negative impacts
- **Alternatives Considered**: Other options we evaluated
- **[ADR-010: Automated Incident Response](./adr-010-incident-response-automation.md)** -
Autonomous detection, automatic remediation, escalation, chaos engineering.
## Status Markers
## Decision Format
- **Proposed**: Under review, not yet final
- **Accepted**: Approved and adopted
- **Superseded**: Replaced by a later ADR
- **Deprecated**: No longer recommended
Each ADR follows this structure:
---
- **Status**: Accepted, Proposed, Deprecated, Superseded
- **Context**: Problem statement and constraints
- **Decision**: The chosen approach
- **Consequences**: Benefits and trade-offs
- **Alternatives**: Other options considered
- **References**: Related ADRs and external docs
**Last Updated**: 2025-01-08
**Total ADRs**: 15
## Rationale for ADRs
ADRs document the "why" behind architectural choices:
1. **Modular CLI** - Scales command set without monolithic registration
2. **Workspace-First** - Isolates infrastructure and supports multi-tenancy
3. **Nickel Source of Truth** - Ensures type-safe configuration and prevents runtime errors
4. **Microservice Distribution** - Enables independent scaling and deployment
5. **Communication Protocol** - Balances synchronous needs with async event processing
6. **Post-Quantum Crypto** - Protects against future quantum computing threats
7. **Multi-Layer Encryption** - Defense in depth against data breaches
8. **Observability** - Enables rapid troubleshooting and performance analysis
9. **SLO Management** - Aligns infrastructure quality with business objectives
10. **Incident Automation** - Reduces MTTR and improves system resilience
## Cross-References
These ADRs interact with:
- **Platform Documentation** - See `provisioning/docs/src/architecture/`
- **Features** - See `provisioning/docs/src/features/` for implementation details
- **Development Guides** - See `provisioning/docs/src/development/` for extending systems
- **Security Documentation** - See `provisioning/docs/src/security/` for compliance details
- **Operations Guides** - See `provisioning/docs/src/operations/` for deployment procedures

57
docs/src/architecture/adr/adr-001-modular-cli.md Normal file
View File

@ -0,0 +1,57 @@
# ADR-001: Modular CLI Architecture
**Decision**: Implement modular CLI architecture for 80% code reduction.
## Context
The provisioning CLI needed to support 111+ commands across multiple domains
(compute, networking, storage, databases, monitoring) while maintaining
code clarity and reducing maintenance burden.
## Decision
Implement a command module system where:
1. Each domain (compute, network, etc.) defines commands in isolation
2. Commands auto-register with core CLI
3. Shortcuts reduce 80% of command length
4. Type-safe argument handling via Nickel schemas
## Implementation
Commands structured as:
```text
provisioning/core/commands/
├── compute/
│ ├── create-server.nu
│ ├── delete-server.nu
│ └── list-servers.nu
├── network/
│ ├── create-vpc.nu
│ └── manage-firewall.nu
└── database/
├── create-db.nu
└── backup-db.nu
```
## Benefits
- **Code Reuse**: 80% reduction in duplicated code
- **Maintainability**: Each command self-contained
- **Extensibility**: New domains plug in easily
- **Performance**: Shortcuts reduce typing
## Tradeoffs
- Slightly more indirection in command dispatch
- Learning curve for extension developers
## Related ADRs
- ADR-010: Configuration Strategy
- ADR-011: Nickel Migration
## Status
**Accepted** - Implemented in v3.2.0+

55
docs/src/architecture/adr/adr-002-workspace-first.md Normal file
View File

@ -0,0 +1,55 @@
# ADR-002: Workspace-First Architecture
**Decision**: Make workspaces the primary organizational unit for infrastructure.
## Context
Provisioning users manage infrastructure across multiple environments
(dev, staging, prod), providers (AWS, UpCloud, Hetzner), and projects.
Previous flat structure lacked organization.
## Decision
Workspaces become first-class entities containing:
- Infrastructure definitions (Nickel configs)
- Runtime state and history
- Secrets and credentials (vault)
- Custom schemas and extensions
- Deployment history and rollback points
## Structure
```text
workspace/
├── config/ # Nickel configurations
├── infra/ # Infrastructure definitions
├── schemas/ # Custom schemas
├── extensions/ # Custom extensions
├── .workspace/ # Metadata
├── state.json # Current state
└── history/ # Deployment history
```
## Benefits
- **Isolation**: Complete separation between environments
- **Collaboration**: Team-based workspace permissions
- **Versioning**: Full deployment history per workspace
- **Flexibility**: Each workspace customizable
## Implementation
```bash
# Create workspace
provisioning workspace create production
# Switch context
provisioning workspace use production
# All operations scoped to workspace
provisioning infra apply
```
## Status
**Accepted** - Implemented in v2.0.0+

106
docs/src/architecture/adr/adr-003-nickel-as-source-of-truth.md Normal file
View File

@ -0,0 +1,106 @@
# ADR-003: Nickel as Source of Truth
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
The Provisioning platform must support infrastructure-as-code with type-safe configuration
management. Historical alternatives included KCL and TOML-based configurations.
## Decision
Nickel is adopted as the **exclusive source of truth** for all infrastructure configurations
across all environments (developer, production, CI/CD). Type safety is mandatory, not optional.
## Rationale
1. **Type Safety**: Nickel provides compile-time type checking preventing configuration errors before deployment
2. **Expressiveness**: Function composition and lazy evaluation support complex infrastructure patterns
3. **Validation**: Integration with Cedar policies ensures security at configuration level
4. **Hierarchy Support**: Seamless merging of configuration layers (core → workspace → profile → environment → runtime)
5. **Tooling**: First-class IDE support (VSCode plugins) and CLI integration
## Consequences
- **Positive**:
- Zero configuration type errors in production
- IDE type hints during configuration writing
- Automatic schema validation
- Reduced debugging time (validation catches errors early)
- 100% configuration reproducibility
- **Negative**:
- Learning curve for developers unfamiliar with functional programming
- TOML migration required for existing projects
- Nushell plugin performance impact for large configs (mitigated by caching)
## Implementation
### Configuration Hierarchy
```nickel
# Layer 1: Core defaults (provisioning/schemas/main.ncl)
let defaults = {
infrastructure.compute.region = "us-east-1",
infrastructure.compute.auto_scaling = { enabled = false }
}
# Layer 2: Workspace schema (workspace/schema.ncl)
let workspace_config = {
infrastructure.compute.region = "us-west-2", # Override defaults
}
# Layer 3: Profile config (workspace/profiles/production.ncl)
let profile_config = {
infrastructure.compute.auto_scaling.enabled = true, # Override workspace
}
# Layer 4: Environment config (workspace/env/prod.env.ncl)
let env_config = {
infrastructure.compute.instance_count = 5, # Environment-specific
}
# Final merged config
defaults | merge workspace_config | merge profile_config | merge env_config
```
### Type Validation
All configurations must pass type validation:
```nickel
# provisioning/schemas/main.ncl
{
infrastructure = {
compute | type = {
region | type = String,
instance_type | type = String,
count | type = Number & (> 0),
auto_scaling | type = {
enabled | type = Bool,
min | type = Number & (> 0),
max | type = Number & (>= min),
}
}
}
}
```
### Validation Command
```bash
provisioning validate config --profile production --environment prod
# Returns: Type errors, policy violations, or success confirmation
```
## Related ADRs
- [ADR-001: Modular CLI Architecture](./adr-001-modular-cli.md) - CLI supports Nickel validation
- [ADR-002: Workspace-First Design](./adr-002-workspace-first.md) - Workspaces organize Nickel configs
- [ADR-011: Nickel Migration](./adr-011-nickel-migration.md) - KCL → Nickel transition
## Alternatives Considered
1. **TOML** - Rejected: No type safety, parsing errors cascade to runtime
2. **KCL** - Rejected: Superceded by Nickel, full migration complete
3. **Hybrid TOML+Validation** - Rejected: Configuration is truth, validation is secondary (violates IaC principle)

125
docs/src/architecture/adr/adr-004-microservice-distribution.md Normal file
View File

@ -0,0 +1,125 @@
# ADR-004: 12-Microservice Architecture for Platform Services
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Provisioning platform requires distributed architecture to handle multi-cloud orchestration, security, extensibility, and scalability independently.
## Decision
The platform consists of 12 distinct Rust microservices, each with a single responsibility and independent deployment lifecycle.
## Rationale
**Scalability**: Each service scales independently based on load (orchestrator handles workflows, vault-service handles secrets)
**Resilience**: Service failure doesn't cascade (e.g., vault-service unavailability doesn't block orchestrator operation)
**Development**: Teams work on services independently without coordination on core logic
**Deployment**: Services update independently, enabling rapid iteration and rollback
## Architecture
### Core Services (5)
1. **Orchestrator** - Workflow execution, DAG scheduling, task coordination
- Persistence: File-based (SurrealDB optional for clustering)
- Responsibility: Batch workflows, blue-green deployments, rollback
2. **Control-Center** - Workspace management, configuration, settings
- Persistence: SurrealDB (relationships)
- Responsibility: Workspace CRUD, infrastructure state, user settings
3. **Control-Center-UI** - Web UI for infrastructure management
- Framework: Rust Actix-web + frontend (WASM/React)
- Responsibility: Dashboard, infrastructure visualization, settings UI
4. **Vault-Service** - Secrets management, encryption, key rotation
- Integration: SecretumVault (post-quantum cryptography)
- Responsibility: Secret CRUD, encryption at-rest, audit logging
5. **KMS (Key Management Service)** - Cryptographic key operations
- Algorithms: AES-256, RSA-4096, CRYSTALS-Kyber, Falcon, SPHINCS+
- Responsibility: Key generation, rotation, derivation, policy enforcement
### Support Services (4)
6. **Extension-Registry** - Marketplace for providers and plugins
- Responsibility: Version management, discovery, installation, update checks
7. **AI-Service** - Infrastructure intelligence via LLMs and RAG
- Backends: OpenAI, Anthropic, Ollama (local)
- Responsibility: NLI processing, policy generation, infrastructure recommendations
8. **Detector** - Automatic infrastructure analysis and cost optimization
- Responsibility: Resource rightsizing, cost anomalies, compliance violations
9. **RAG (Retrieval-Augmented Generation)** - Knowledge base and semantic search
- Storage: SurrealDB vector embeddings (HNSW)
- Responsibility: Document indexing, semantic search, relevance ranking
### Internal Services (3)
10. **MCP-Server (Model Context Protocol)** - LLM integration layer
- Responsibility: Tool discovery, protocol translation, context management
11. **Platform-Config** - Distributed configuration management
- Responsibility: Config distribution, secrets injection, environment-specific overrides
12. **Provisioning-Daemon** - Agent for on-premise/hybrid deployments
- Responsibility: Local execution, reporting, health checks
### Service Communication
```text
CLI → Control-Center (workspace API)
→ Orchestrator (workflow execution)
→ Vault-Service (secrets)
→ Extension-Registry (plugin lookup)
→ AI-Service (intelligence)
Control-Center → SurrealDB (state)
→ MCP-Server (LLM tools)
→ RAG (knowledge)
Orchestrator → Provisioning-Daemon (execution)
→ Detector (analysis)
```
## Deployment Model
**Standard**: All 12 services deployed together
**Lightweight**: Core 5 services only (minimal footprint)
**Distributed**: Services split across availability zones
**On-Premise**: Orchestrator + Vault-Service + Daemon (no cloud dependencies)
## Consequences
- **Positive**:
- Independent scaling and updates
- Clear ownership (each service has team)
- Parallel development (services don't block each other)
- Technology choices per service (not all must be Rust)
- Easy testing (mock services for unit tests)
- **Negative**:
- Operational complexity (12 services to monitor)
- Network latency between services
- Distributed debugging challenges
- Data consistency across services
- Deployment coordination overhead
## Mitigation
1. **Monitoring**: Unified observability stack (Prometheus + Jaeger)
2. **Communication**: Synchronous REST (latency < 100ms), async queues for high-latency ops
3. **State Management**: SurrealDB as source of truth, services maintain caches
4. **Resilience**: Circuit breakers, timeouts, fallbacks, retries with exponential backoff
5. **Testing**: Integration test suite covering all service interactions
## Related ADRs
- [ADR-002: Workspace-First Design](./adr-002-workspace-first.md) - Services organized by workspace
- [ADR-005: Service Communication Protocol](./adr-005-service-communication.md) - REST/async patterns

156
docs/src/architecture/adr/adr-005-service-communication.md Normal file
View File

@ -0,0 +1,156 @@
# ADR-005: Service Communication Protocol (REST + Async Queue)
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
With 12 microservices, a communication strategy is required balancing reliability, latency, and complexity.
## Decision
Dual communication model:
- **Synchronous**: REST API for request-response (latency < 100ms target)
- **Asynchronous**: Message queues for long-running operations (batch workflows, resource provisioning)
## Rationale
1. **REST for Immediate Operations**:
- Control flow requires immediate feedback (CLI commands, UI actions)
- Latency critical for user experience
- Error handling simpler with synchronous responses
2. **Queues for Long Operations**:
- Workflow execution may take hours
- Network failures shouldn't cancel operations
- Load smoothing across services
- Better resource utilization
## Implementation
### REST Endpoints
All services expose Actix-web REST APIs:
```rust
// /provisioning/platform/crates/*/src/api/
pub struct ApiServer {
router: Router,
}
impl ApiServer {
pub fn new() -> Self {
Router::new()
.route("/health", get(health_check))
.route("/api/v1/resources", get(list_resources))
.route("/api/v1/resources/:id", get(get_resource))
.route("/api/v1/resources", post(create_resource))
}
}
```
### Async Queue Pattern
Using Nushell for queue management and Rust services as workers:
```bash
# Submit workflow to queue
provisioning batch submit workflows/multi-cloud-deploy.ncl \
--queue async \
--callback https://control-center/webhooks/workflow-complete
# Queue persists to file-based storage
# Worker (orchestrator) processes asynchronously
# Client polls status or receives webhook notification
```
### Error Handling
**REST failures**:
```rust
match client.get("/vault-service/health").await {
Ok(response) => { /* continue */ },
Err(_) => {
// Fallback: Use cached secrets
// Retry with exponential backoff
// Alert monitoring
}
}
```
**Queue failures**:
```nushell
# Failed messages retry with backoff
orchestrator submit --queue async --max-retries 3 --backoff exponential
# After retries exhausted, move to dead-letter queue for manual review
```
## Request Flow
### Synchronous (REST)
```text
CLI → Control-Center API (100ms)
→ Workspace lookup ✓
→ Return workspace config ✓
Response to user
```
### Asynchronous (Queue)
```text
CLI → Orchestrator (accept immediately)
→ Queue workflow (100ms)
✓ Return job_id to user
[Async worker]
Orchestrator processes job
→ Execute tasks
→ Update SurrealDB state
→ Send webhook notification
User polls status or receives notification
```
## Latency Targets
| Operation | Target | SLA |
| ----------- | -------- | ----- |
| Health check | <50ms | 99.95% |
| List workspaces | <200ms | 99.9% |
| Create workspace | <500ms | 99.5% |
| Start workflow | <1s | 99% |
| Task execution | minutes/hours | N/A (monitored) |
## Consequences
- **Positive**:
- Responsive CLI (immediate feedback)
- Reliable long operations (queuing)
- Natural fit for infrastructure workflows
- Easy horizontal scaling (queue consumers)
- **Negative**:
- Operational complexity (monitoring queues)
- Eventual consistency (state updates delayed)
- Testing asynchronous flows harder
- Webhook callback management
## Monitoring
```bash
# Queue depth monitoring
provisioning queue status
# Output:
# Queue: async | Pending: 45 | Failed: 2 | Processed: 1,234
# Queue: priority | Pending: 0 | Failed: 0 | Processed: 589
# Service latency
curl http://control-center:8080/metrics | grep http_request_duration_seconds
# Output:
# http_request_duration_seconds_bucket{method="GET",path="/api/v1/workspaces",...,le="0.05"} 234
# http_request_duration_seconds_bucket{method="GET",path="/api/v1/workspaces",...,le="0.1"} 456
# http_request_duration_seconds_bucket{method="GET",path="/api/v1/workspaces",...,le="0.5"} 890
```
## Related ADRs
- [ADR-004: Microservice Distribution](./adr-004-microservice-distribution.md) - 12 services communicating

156
docs/src/architecture/adr/adr-006-post-quantum-cryptography.md Normal file
View File

@ -0,0 +1,156 @@
# ADR-006: Post-Quantum Cryptography via SecretumVault
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Cryptographic systems currently secure secrets, keys, and data. Emerging quantum computers
threaten RSA, ECDSA, and other algorithms. The platform must be resistant to quantum attacks.
## Decision
Adopt post-quantum cryptography (PQC) via SecretumVault integration for all cryptographic
operations. Hybrid encryption combines PQC with classical encryption for redundancy.
## Rationale
1. **Future-Proofing**: Data encrypted today with classical RSA will become vulnerable to quantum computers (10-20 year window)
2. **Hybrid Approach**: Combine PQC with AES-256 to ensure at least one remains secure
3. **NIST Standards**: Algorithms selected from NIST post-quantum competition (finalists and alternatives)
4. **Legacy Support**: Fallback to classical crypto for non-quantum-resistant targets
## Implementation
### SecretumVault Integration
```rust
// /provisioning/platform/crates/vault-service/src/crypto.rs
use secretumvault::{KeyPair, HybridEncryption};
pub struct SecureVault {
hybrid: HybridEncryption, // PQC + AES-256
}
impl SecureVault {
pub fn encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>> {
// PQC algorithms: CRYSTALS-Kyber (KEM), Falcon (signature)
// Classical: AES-256-GCM
// Hybrid result: both encryptions concatenated
self.hybrid.encrypt(plaintext)
}
pub fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>> {
// Try PQC first, fallback to classical
self.hybrid.decrypt(ciphertext)
}
}
```
### Algorithms
**Key Encapsulation (KEM)**:
- Primary: CRYSTALS-Kyber (Category 3, 1024-bit security)
- Fallback: Elliptic Curve (X25519)
**Signatures**:
- Primary: Falcon (Category 3, fast)
- Fallback: Ed25519
**Encryption**:
- Primary: AES-256-GCM (classical, well-tested)
- Hybrid: Both PQC + AES-256 (double encryption)
**Hash Functions**:
- Primary: SHAKE256 (NIST standard)
- Fallback: SHA-3-256
### Migration Strategy
**Phase 1 (Current)**: Hybrid encryption (PQC + classical)
```text
Secret → CRYSTALS-Kyber KEM → 256-bit key
→ AES-256 encryption with key
→ Ed25519 signature
Result: Secure against both classical and quantum attacks
```
**Phase 2 (2030+)**: PQC-only if classical crypto broken
```text
Secret → CRYSTALS-Kyber KEM only
→ Falcon signature only
Fallback to classical available if PQC fails
```
### Usage
**CLI**:
```bash
# Enable PQC for new secrets
provisioning secret create myapp-key \
--encryption hybrid \ # PQC + AES-256
--key-rotation-days 365 \
--quantum-safe
# Rotate to quantum-safe keys
provisioning secret rotate --encryption hybrid --algorithm kyber
# Check PQC status
provisioning security pqc-status
# Output:
# Algorithm | Status | Key Size | Security Level
# CRYSTALS-Kyber | Enabled | 1024 | 256-bit
# Falcon | Enabled | 897 | 256-bit
# Ed25519 | Fallback | 256 | 128-bit
```
**Nushell**:
```nushell
# Create hybrid-encrypted secret
do {
let secret = "sensitive-api-key"
provisioning secret create test-secret --value $secret --encryption hybrid
print "✓ Secret encrypted with PQC + AES-256"
} catch { | err |
print $"Error: ($err)"
}
```
## Consequences
- **Positive**:
- Resistant to quantum attacks
- NIST-approved algorithms
- Backward compatible (hybrid doesn't break classical crypto)
- Audit trail for compliance (SOC2, FIPS)
- Transparent to users (no behavior change)
- **Negative**:
- Larger ciphertexts (PQC signatures 1-2KB vs classical 256 bytes)
- Slight performance overhead (10-15% slower encryption/decryption)
- Storage cost for larger keys
- Tooling support still emerging (most libraries support PQC)
## Performance Impact
| Operation | Classical | Hybrid (PQC+Classical) | Overhead |
| ----------- | ----------- | ---------------------- | ---------- |
| Key generation | 10ms | 25ms | 2.5x |
| Encryption (1MB) | 50ms | 75ms | 1.5x |
| Decryption (1MB) | 50ms | 75ms | 1.5x |
| Signature generation | 5ms | 8ms | 1.6x |
| Signature verification | 3ms | 5ms | 1.7x |
**Mitigation**: Cache keys, use async encryption for large operations
## Compliance
**Standards Met**:
- NIST PQC standardization
- NSA Commercial National Security Algorithm Suite 2.0 guidance
- FIPS 203 (Kyber standardization in progress)
- SOC2 Type II cryptographic controls
- ISO/IEC 27001 encryption requirements
## Related ADRs
- [ADR-007: Data Encryption Strategy](./adr-007-data-encryption-strategy.md)

237
docs/src/architecture/adr/adr-007-data-encryption-strategy.md Normal file
View File

@ -0,0 +1,237 @@
# ADR-007: Multi-Layer Data Encryption Strategy
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Provisioning stores sensitive data: API credentials, database passwords, private keys,
and configuration secrets. Data protection is required both in transit and at rest.
## Decision
Implement four encryption layers:
1. **Encryption at Rest** - Database encryption, file encryption
2. **Encryption in Transit** - TLS 1.3, mTLS for service communication
3. **Field-Level Encryption** - Sensitive fields encrypted within application
4. **End-to-End Encryption** - User data encrypted by client before sending
## Architecture
### Layer 1: At-Rest Encryption
**Database Encryption** (SurrealDB):
```sql
-- All secrets table encrypted with AES-256-GCM
CREATE TABLE secrets (
id: string,
name: string,
value: string ENCRYPT_AES256, -- Encrypted at database level
key_id: string, -- Which key encrypted this
created_at: datetime,
rotated_at: datetime
)
```
**File Encryption** (Persistent state):
```rust
// Orchestrator file-based state: encrypted with rotating keys
let encrypted_state = AES256GCM::encrypt(
plaintext_state,
key_from_vault,
random_nonce
);
fs::write("orchestrator/state.enc", encrypted_state)?;
```
**Backup Encryption**:
```bash
# Backups automatically encrypted with PQC hybrid encryption
provisioning backup create --type full --encryption hybrid
# Output: backup-2025-01-16-ENCRYPTED.tar.gz
# Encrypted with CRYSTALS-Kyber + AES-256
```
### Layer 2: Encryption in Transit
**TLS 1.3** (Service to Service):
```rust
// All REST API endpoints TLS 1.3 only
let server = HttpServer::new( | | {
App::new()
.wrap(
middleware::DefaultHeaders::new()
.add(("Strict-Transport-Security", "max-age=31536000"))
)
})
.bind_openssl("0.0.0.0:443", ssl_acceptor)?
.run()
.await?;
```
**mTLS** (Service-to-Service Authentication):
```text
Control-Center → Vault-Service
1. Verify Service certificate signed by internal CA
2. Verify certificate chain and revocation status
3. Check certificate common-name matches expected service
4. Proceed with encrypted communication
```
**Certificate Management**:
```bash
# Automatic certificate generation and rotation
provisioning cert generate --service vault-service --ttl 90d --auto-renew
provisioning cert rotate --all-services --force
# Certificate verification
provisioning cert verify --service orchestrator
# Output:
# Service: orchestrator
# Certificate: vault-orchestrator.cert.pem
# Valid: 2025-01-16 to 2025-04-16
# Chain: ✓ Valid | Revocation: ✓ Checked
```
### Layer 3: Field-Level Encryption
Sensitive fields encrypted within application logic:
```rust
// vault-service encrypts before storing
pub struct Secret {
#[encrypt] // Custom derive macro
pub value: String,
pub key_id: String, // Unencrypted reference
pub created_at: DateTime<Utc>,
}
impl Serialize for Secret {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> {
// Encrypt value field during serialization
let encrypted = vault.encrypt(&self.value)?;
SerializeState {
value: encrypted,
key_id: &self.key_id,
created_at: self.created_at,
}.serialize(serializer)
}
}
```
**Searchable Encryption** (for indexed fields):
```rust
// Hash values for indexing without decryption
let search_hash = HMAC_SHA256(secret_value, search_key);
db.create_index(search_hash); // Index encrypted values
// Search works on hash
let results = db.query_by_index(search_hash);
```
### Layer 4: End-to-End Encryption
User's client-side encryption:
```nushell
# User encrypts locally, only encrypted value sent
let secret = "api-key-12345"
let encrypted = provisioning secret encrypt --plaintext $secret --user-key-id mykey
provisioning secret upload --encrypted $encrypted
# Only user with private key can decrypt
provisioning secret decrypt --encrypted-value $encrypted --user-key-id mykey
```
## Key Rotation
**Automatic Rotation**:
```bash
# Rotate encryption keys every 90 days
provisioning key rotate --policy auto --interval 90d
# Timeline:
# Day 1: New key generated, becomes "active"
# Day 1-90: Old key still used for decryption
# Day 90: Old key marked "retired", new key only for encryption
# Day 180: Old key deleted from vault (audit trail kept)
```
**Re-encryption During Rotation**:
```text
Old Key: secret-key-2024
↓ decrypt
Plaintext (never stored)
↓ encrypt
New Key: secret-key-2025
↓ store
Database updated with new ciphertext
```
## Data Classification
| Classification | At-Rest | In-Transit | Field-Level | E2E |
| ---------------- | --------- | ----------- | ------------- | ----- |
| Public | Optional | TLS 1.3 | No | No |
| Internal | AES-256 | TLS 1.3 + mTLS | Optional | No |
| Confidential | AES-256 | TLS 1.3 + mTLS | Yes | Optional |
| Restricted | Hybrid PQC | TLS 1.3 + mTLS | Yes | Yes |
## Performance Optimization
**Caching** (reduce decryption overhead):
```rust
// Cache decrypted secrets with TTL
let cache = LruCache::new(1000);
cache.insert(key_id, (plaintext, expiration));
// Subsequent requests use cache
if let Some((value, exp)) = cache.get(key_id) {
if exp > now() {
return Ok(value); // No decryption overhead
}
}
```
**Lazy Decryption**:
```rust
// Don't decrypt until actually accessed
pub struct EncryptedSecret {
ciphertext: Vec<u8>,
key_id: String,
}
impl EncryptedSecret {
pub fn decrypt_on_read(&self, vault: &Vault) -> Result<String> {
vault.decrypt(&self.ciphertext, &self.key_id)
}
}
```
## Compliance
- **FIPS 140-2**: Encryption algorithms validated
- **PCI DSS**: Encryption for payment data
- **GDPR**: Data protection by design
- **HIPAA**: Encryption for healthcare data
- **SOC2**: Encryption controls and key management
## Consequences
- **Positive**:
- Defense in depth (multiple encryption layers)
- Quantum-safe (hybrid PQC)
- Compliance-ready
- Transparent to most operations
- **Negative**:
- Performance overhead (1-5% latency increase)
- Operational complexity (key management)
- Storage overhead (encrypted data ~10% larger)
- Debugging harder (encrypted data opaque)
## Related ADRs
- [ADR-006: Post-Quantum Cryptography](./adr-006-post-quantum-cryptography.md)
- [ADR-008: Secret Management and Rotation](./adr-008-secret-rotation.md)

268
docs/src/architecture/adr/adr-008-observability-and-monitoring.md Normal file
View File

@ -0,0 +1,268 @@
# ADR-008: Unified Observability Stack (Metrics, Logs, Traces)
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Distributed 12-microservice architecture requires observability to understand system behavior, diagnose failures, and optimize performance.
## Decision
Implement unified observability using three pillars:
1. **Metrics** - Prometheus/VictoriaMetrics for time-series data
2. **Logs** - ELK Stack (Elasticsearch, Logstash, Kibana) or Loki
3. **Traces** - Jaeger for distributed request tracing
## Rationale
1. **Prometheus Metrics**: Industry standard, minimal overhead, powerful querying
2. **Structured Logging**: JSON logs for machine parsing, full-text search in Kibana
3. **Distributed Traces**: End-to-end request tracking across all 12 services
4. **Correlation**: Unified correlation IDs linking metrics, logs, traces
## Implementation
### Metrics Layer
**Prometheus** (all services expose `/metrics` endpoint):
```rust
// Every service exports metrics
use prometheus::{Counter, Histogram, Registry};
lazy_static::lazy_static! {
static ref HTTP_REQUESTS: Counter = Counter::new("http_requests_total", "Total HTTP requests").unwrap();
static ref RESPONSE_TIME: Histogram = Histogram::new("http_response_time_seconds", "HTTP response time").unwrap();
}
#[get("/api/v1/workspaces")]
async fn list_workspaces() -> HttpResponse {
let timer = RESPONSE_TIME.start_timer();
HTTP_REQUESTS.inc();
// Business logic
let workspaces = db.list_workspaces().await;
timer.observe_duration();
HttpResponse::Ok().json(workspaces)
}
```
**Key Metrics** (per service):
| Metric | Type | Purpose |
| -------- | ------ | --------- |
| `http_requests_total` | Counter | API call volume |
| `http_response_time_seconds` | Histogram | API latency distribution |
| `workflow_executions_total` | Counter | Workflow count |
| `workflow_duration_seconds` | Histogram | Workflow execution time |
| `database_query_duration_seconds` | Histogram | DB query performance |
| `cache_hits_total` | Counter | Cache effectiveness |
| `secrets_decryption_duration_seconds` | Histogram | Vault latency |
**Alerting Rules** (Prometheus alerts):
```yaml
# provisioning/monitoring/prometheus-rules.yaml
groups:
- name: provisioning
rules:
- alert: ServiceDown
expr: up{job="provisioning"} == 0
for: 5m
labels:
severity: critical
annotations:
summary: "Service {{ $labels.service }} is down"
- alert: HighLatency
expr: histogram_quantile(0.99, http_response_time_seconds) > 1
for: 10m
labels:
severity: warning
annotations:
summary: "High API latency: {{ $value }}s"
- alert: WorkflowFailureRate
expr: (increase(workflow_failures_total[5m]) / increase(workflow_executions_total[5m])) > 0.05
labels:
severity: critical
annotations:
summary: "Workflow failure rate exceeds 5%"
```
### Logging Layer
**Structured Logging** (JSON, machine-parseable):
```rust
// Every service logs in JSON with context
use slog::{Logger, o, info, warn, error};
use slog_json_compact::JsonCompact;
let logger = Logger::root(
JsonCompact::new(io::stdout()).fuse(),
o!("service" => "control-center", "version" => "1.0.0")
);
info!(logger, "Workspace created";
"workspace_id" => "ws-123",
"user_id" => "user-456",
"region" => "us-east-1",
"duration_ms" => 234,
"correlation_id" => "corr-789"
);
```
**Log Aggregation** (Loki):
```yaml
# Loki config: labels for efficient querying
scrape_configs:
- job_name: provisioning
static_configs:
- targets:
- localhost
labels:
service: control-center
environment: production
region: us-east-1
```
**Log Analysis**:
```bash
# LogQL queries in Kibana/Grafana
# Find errors in last 5 minutes
{service="control-center", level="error"} | json | level="error"
# Latency distribution by endpoint
{service="control-center"} | json | histogram(duration_ms)
# Error rate by user
{service="vault-service"} | json | errors_by_user(user_id)
```
### Tracing Layer
**Distributed Tracing** (Jaeger):
```rust
use opentelemetry::{global, sdk::trace as sdktrace};
use opentelemetry_jaeger::new_pipeline;
// Initialize tracing
let tracer = new_pipeline()
.install_simple()
.unwrap();
// Instrument requests with spans
#[tracing::instrument(skip(req))]
async fn create_workspace(req: CreateWorkspaceRequest) -> Result<Workspace> {
let span = global::tracer("control-center").start("create_workspace");
// Each internal call creates child span
let config = fetch_config().await?; // Traced automatically
let workspace = db.create(req).await?; // Traced automatically
tracing::info_span!("post_creation_hook").in_scope( | | {
send_notification(&workspace)?;
});
Ok(workspace)
}
```
**Trace Visualization** (Jaeger UI):
```text
Request: POST /api/v1/workspaces
├─ span: api_handler (10ms)
│ ├─ span: validate_input (2ms)
│ ├─ span: fetch_config (100ms)
│ │ ├─ span: control-center_api_call (100ms) [service: control-center]
│ ├─ span: db_create (50ms)
│ └─ span: post_creation_hook (200ms)
│ ├─ span: notification_send (150ms) [service: notification-service]
│ └─ span: webhook_call (50ms)
└─ Total: 362ms
```
## Correlation ID
All requests traced by correlation ID:
```text
Client Request
→ Generate: correlation_id = "corr-abc123"
→ Pass in X-Correlation-ID header
Control-Center
→ Receive: correlation_id from header
→ Log: {"correlation_id": "corr-abc123", ...}
→ Call Orchestrator with X-Correlation-ID header
Orchestrator
→ Inherit correlation_id from header
→ Create spans: correlation_id = "corr-abc123"
→ Call Vault-Service with X-Correlation-ID header
All logs, metrics, traces tagged with same correlation_id
→ Easy to correlate across services
```
## Dashboard Queries
**Real-Time Health Dashboard**:
```text
Prometheus metrics
- Service health (up/down)
- Request rate (req/sec)
- Error rate (errors/sec)
- P99 latency (milliseconds)
- CPU/Memory per service
- Cache hit rate
Grafana visualizations
- Time-series graphs
- Heatmaps for latency distribution
- Error rate alerts
- Dependency graph (which services call which)
```
**SLO Monitoring**:
```yaml
# Service Level Objectives
objectives:
- name: API Availability
expr: up{service="control-center"} > 0.9995
target: 99.95%
window: 30d
- name: API Latency (P99)
expr: histogram_quantile(0.99, http_response_time_seconds) < 1
target: <1 second
window: 5m
- name: Workflow Success Rate
expr: (1 - (increase(workflow_failures_total[5m]) / increase(workflow_executions_total[5m]))) > 0.999
target: 99.9%
window: 5m
```
## Performance Considerations
| Overhead | Cost | Mitigation |
| ---------- | ------ | ----------- |
| Metrics collection | 2-5% CPU | Sampling (10% requests) |
| Logging to ELK | 5-10% latency | Async logging |
| Trace sampling | Variable | 10% sample rate default |
| Disk storage | 100GB/day | Retention: 7 days (metrics), 30 days (logs) |
## Related ADRs
- [ADR-004: Microservice Distribution](./adr-004-microservice-distribution.md) - Multiple services need observability
- [ADR-009: SLO and Error Budgets](./adr-009-slo-error-budgets.md)

231
docs/src/architecture/adr/adr-009-slo-error-budgets.md Normal file
View File

@ -0,0 +1,231 @@
# ADR-009: SLO and Error Budget Management
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Provisioning provides infrastructure automation for production systems. Failures cascade to
customer infrastructure. SLOs balance reliability investment with development velocity.
## Decision
Define service level objectives (SLOs) for each critical service with monitored error budgets. Availability targets guide operational decisions.
## SLOs Defined
### Tier 1: Critical Infrastructure Services
**Availability Target**: 99.99% (52.6 minutes downtime/year)
| Service | Metric | Target | Measurement |
| --------- | -------- | -------- | ------------- |
| Orchestrator | Workflow success rate | 99.99% | Failed / Total workflows (5m window) |
| Vault-Service | Secret retrieval | 99.99% | Failed requests / Total requests (5m) |
| Control-Center | API availability | 99.99% | HTTP 5xx / Total requests (5m) |
### Tier 2: Supporting Services
**Availability Target**: 99.9% (8.76 hours downtime/year)
| Service | Metric | Target | Measurement |
| --------- | -------- | -------- | ------------- |
| Extension-Registry | API availability | 99.9% | HTTP 5xx / Total requests (5m) |
| AI-Service | Response time | 99.9% | Queries > 10s / Total queries (5m) |
| Detector | Analysis completion | 99.9% | Failed analyses / Total analyses (5m) |
### Tier 3: Enhancement Services
**Availability Target**: 99.5% (3.65 days downtime/year)
| Service | Metric | Target | Measurement |
| --------- | -------- | -------- | ------------- |
| RAG | Index freshness | 99.5% | Stale results / Total queries (5m) |
| MCP-Server | Tool availability | 99.5% | Unavailable tools / Total tools (5m) |
## Error Budget Management
### Error Budget Calculation
```text
SLO Target: 99.99% (Tier 1)
Available Errors: 100% - 99.99% = 0.01%
Error Budget: 0.01% × Total Requests
Example:
- 1 million requests/day
- Error budget = 10,000 allowed errors/day
- If 5,000 errors already occurred
- Remaining budget = 5,000 errors (50% of budget consumed)
```
### Error Budget Policies
**Burn Rate** (error consumption speed):
```text
Slow Burn (< 1x rate): Safe, continue normal operations
Fast Burn (1-2x rate): Monitor, may trigger incident response
Critical Burn (> 2x rate): Stop all deployments, emergency incident
Example:
- Daily error budget: 10,000 errors
- 1x burn rate: 10,000 errors/day
- 2x burn rate: 20,000 errors/day (double consumption)
```
**Action Triggers**:
| Burn Rate | Budget Remaining | Action |
| ----------- | ------------------ | -------- |
| < 1x | > 50% | Deploy freely, run experiments |
| 1x | 25-50% | Code freeze for non-critical features |
| 2x | 10-25% | No deployments except hotfixes |
| > 2x | < 10% | Emergency incident, all hands on deck |
### Prometheus Rules for Error Budget
```yaml
# provisioning/monitoring/slo-rules.yaml
groups:
- name: slo_monitoring
rules:
- record: slo:success_rate:5m
expr: (1 - (increase(http_requests_errors_total[5m]) / increase(http_requests_total[5m]))) * 100
- record: slo:error_budget:remaining
expr: (99.99 - slo:success_rate:5m)
- alert: ErrorBudgetBurnWarning
expr: slo:error_budget:remaining < 50
for: 15m
labels:
severity: warning
annotations:
summary: "Error budget burn rate is 1x, {{ $value }}% remaining"
- alert: ErrorBudgetBurnCritical
expr: slo:error_budget:remaining < 10
for: 5m
labels:
severity: critical
annotations:
summary: "Error budget critical! {{ $value }}% remaining"
runbook: "https://provisioning.internal/runbooks/error-budget-critical"
```
## Measuring SLOs
### Service-Level Indicators (SLIs)
```text
SLI = Good Requests / Total Requests
Good Request Definition:
- HTTP status 2xx-3xx
- Response time < 1000ms (latency SLI)
- No errors in workflow execution
- Database transaction committed
```
### SLO Calculation
```nushell
# Daily SLO report
def slo-report [] {
let total = (prometheus query "increase(http_requests_total[1d])")
let errors = (prometheus query "increase(http_requests_errors_total[1d])")
let success = $total - $errors
let sli = ($success / $total) * 100
let target = 99.99
let remaining_budget = $target - $sli
print $"SLI: ($sli)%"
print $"Target: ($target)%"
print $"Budget Remaining: ($remaining_budget)%"
if $remaining_budget < 10 {
print "⚠️ CRITICAL: Error budget exhausted, halt deployments"
} else if $remaining_budget < 25 {
print "⚠️ WARNING: Error budget low, restrict changes"
} else {
print "✓ Healthy: Error budget available"
}
}
slo-report
```
## Deployment Policies Based on Error Budget
### Green Light Conditions (Error Budget Available)
```text
if remaining_error_budget > 50% {
allow: normal deployments
allow: experimental features
allow: canary at 50%
frequency: multiple deploys/day
}
```
### Yellow Light Conditions (Error Budget Tight)
```text
if 10% < remaining_error_budget <= 50% {
allow: critical bug fixes only
allow: security patches
disallow: feature releases
disallow: large refactors
disallow: canary > 25%
frequency: 1 deploy/day maximum
}
```
### Red Light Conditions (Error Budget Exhausted)
```text
if remaining_error_budget <= 10% {
allow: emergency hotfixes only
disallow: all non-critical changes
disallow: any new deployments
action: incident response required
escalation: VP Engineering approval needed
}
```
## SLO Review Cycle
**Monthly**:
- Review SLI data vs SLO targets
- Identify services approaching budget limits
- Plan remediation for low-performing services
**Quarterly**:
- Review SLO targets against business requirements
- Adjust targets based on incident patterns
- Plan infrastructure improvements
**Annually**:
- SLO target review with product/ops leadership
- Align SLOs with business goals
- Plan year-long reliability improvements
## Consequences
- **Positive**:
- Data-driven deployment decisions
- Balance between innovation and reliability
- Early warning system for degradation
- Alignment between dev and ops
- **Negative**:
- Developers may resist deployment restrictions
- Overhead of monitoring error budgets
- Complex to communicate to stakeholders
- SLO targets may feel arbitrary
## Related ADRs
- [ADR-008: Unified Observability Stack](./adr-008-observability-and-monitoring.md) - Measure SLOs via metrics
- [ADR-010: Incident Response Procedures](./adr-010-incident-response.md)

413
docs/src/architecture/adr/adr-010-configuration-format-strategy.md
View File

@ -1,413 +0,0 @@
# ADR-010: Configuration File Format Strategy
**Status**: Accepted
**Date**: 2025-12-03
**Decision Makers**: Architecture Team
**Implementation**: Multi-phase migration (KCL workspace configs + template reorganization)
---
## Context
The provisioning project historically used a single configuration format (YAML/TOML environment variables) for all purposes. As the system evolved,
different parts naturally adopted different formats:
- **TOML** for modular provider and platform configurations (`providers/*.toml`, `platform/*.toml`)
- **KCL** for infrastructure-as-code definitions with type safety
- **YAML** for workspace metadata
However, the workspace configuration remained in **YAML** (`provisioning.yaml`),
creating inconsistency and leaving type-unsafe configuration handling. Meanwhile,
complete KCL schemas for workspace configuration were designed but unused.
**Problem**: Three different formats in the same system without documented rationale or consistent patterns.
---
## Decision
Adopt a **three-format strategy** with clear separation of concerns:
| Format | Purpose | Use Cases |
| -------- | --------- | ----------- |
| **KCL** | Infrastructure as Code & Schemas | Workspace config, infrastructure definitions, type-safe validation |
| **TOML** | Application Configuration & Settings | System defaults, provider settings, user preferences, interpolation |
| **YAML** | Metadata & Kubernetes Resources | K8s manifests, tool metadata, version tracking, CI/CD resources |
---
## Implementation Strategy
### Phase 1: Documentation (Complete)
Define and document the three-format approach through:
1. **ADR-010** (this document) - Rationale and strategy
2. **CLAUDE.md updates** - Quick reference for developers
3. **Configuration hierarchy** - Explicit precedence rules
### Phase 2: Workspace Config Migration (In Progress)
**Migrate workspace configuration from YAML to KCL**:
1. Create comprehensive workspace configuration schema in KCL
2. Implement backward-compatible config loader (KCL first, fallback to YAML)
3. Provide migration script to convert existing workspaces
4. Update workspace initialization to generate KCL configs
**Expected Outcome**:
- `workspace/config/provisioning.ncl` (KCL, type-safe, validated)
- Full schema validation with semantic versioning checks
- Automatic validation at config load time
### Phase 3: Template File Reorganization (In Progress)
**Move template files to proper directory structure and correct extensions**:
```bash
Previous (KCL):
provisioning/kcl/templates/*.k (had Nushell/Jinja2 code, not KCL)
Current (Nickel):
provisioning/templates/
├── nushell/*.nu.j2
├── config/*.toml.j2
├── nickel/*.ncl.j2
└── README.md
```
**Expected Outcome**:
- Templates properly classified and discoverable
- KCL validation passes (15/16 errors eliminated)
- Template system clean and maintainable
---
## Rationale for Each Format
### KCL for Workspace Configuration
**Why KCL over YAML or TOML?**
1. **Type Safety**: Catch configuration errors at schema validation time, not runtime
```kcl
schema WorkspaceDeclaration:
metadata: Metadata
check:
regex.match(metadata.version, r"^\d+\.\d+\.\d+$"),
"Version must be semantic versioning"
```
1. **Schema-First Development**: Schemas are first-class citizens
- Document expected structure upfront
- IDE support for auto-completion
- Enforce required fields and value ranges
2. **Immutable by Default**: Infrastructure configurations are immutable
- Prevents accidental mutations
- Better for reproducible deployments
- Aligns with PAP principle: "configuration-driven, not hardcoded"
3. **Complex Validation**: KCL supports sophisticated validation rules
- Semantic versioning validation
- Dependency checking
- Cross-field validation
- Range constraints on numeric values
4. **Ecosystem Consistency**: KCL is already used for infrastructure definitions
- Server configurations use KCL
- Cluster definitions use KCL
- Taskserv definitions use KCL
- Using KCL for workspace config maintains consistency
5. **Existing Schemas**: `provisioning/kcl/generator/declaration.ncl` already defines complete workspace schemas
- No design work needed
- Production-ready schemas
- Well-tested patterns
### TOML for Application Configuration
**Why TOML for settings?**
1. **Hierarchical Structure**: Native support for nested configurations
```toml
[http]
use_curl = false
timeout = 30
[debug]
enabled = false
log_level = "info"
```
2. **Interpolation Support**: Dynamic variable substitution
```toml
base_path = "/Users/home/provisioning"
cache_path = "{{base_path}}/.cache"
```
3. **Industry Standard**: Widely used for application configuration (Rust, Python, Go)
4. **Human Readable**: Clear, explicit, easy to edit
5. **Validation Support**: Schema files (`.schema.toml`) for validation
**Use Cases**:
- System defaults: `provisioning/config/config.defaults.toml`
- Provider settings: `workspace/config/providers/*.toml`
- Platform services: `workspace/config/platform/*.toml`
- User preferences: User config files
### YAML for Metadata and Kubernetes Resources
**Why YAML for metadata?**
1. **Kubernetes Compatibility**: YAML is K8s standard
- K8s manifests use YAML
- Consistent with ecosystem
- Familiar to DevOps engineers
2. **Lightweight**: Good for simple data structures
```yaml
workspace:
name: "librecloud"
version: "1.0.0"
created: "2025-10-06T12:29:43Z"
```
3. **Version Control**: Human-readable format
- Diffs are clear and meaningful
- Git-friendly
- Comments supported
**Use Cases**:
- K8s resource definitions
- Tool metadata (versions, sources, tags)
- CI/CD configuration files
- User workspace metadata (during transition)
---
## Configuration Hierarchy (Priority)
**When loading configuration, use this precedence (highest to lowest)**:
1. **Runtime Arguments** (highest priority)
- CLI flags passed to commands
- Explicit user input
2. **Environment Variables** (PROVISIONING_*)
- Override system settings
- Deployment-specific overrides
- Secrets via env vars
3. **User Configuration** (Centralized)
- User preferences: `~/.config/provisioning/user_config.yaml`
- User workspace overrides: `workspace/config/local-overrides.toml`
4. **Infrastructure Configuration**
- Workspace KCL config: `workspace/config/provisioning.ncl`
- Platform services: `workspace/config/platform/*.toml`
- Provider configs: `workspace/config/providers/*.toml`
5. **System Defaults** (lowest priority)
- System config: `provisioning/config/config.defaults.toml`
- Schema defaults: defined in KCL schemas
---
## Migration Path
### For Existing Workspaces
1. **Migration Path**: Config loader checks for `.ncl` first, then falls back to `.yaml` for legacy systems
```nushell
# Try Nickel first (current)
if ($config_nickel | path exists) {
let config = (load_nickel_workspace_config $config_nickel)
} else if ($config_yaml | path exists) {
# Legacy YAML support (from pre-migration)
let config = (open $config_yaml)
}
```
2. **Automatic Migration**: Migration script converts YAML/KCL → Nickel
```bash
provisioning workspace migrate-config --all
```
3. **Validation**: New KCL configs validated against schemas
### For New Workspaces
1. **Generate KCL**: Workspace initialization creates `.k` files
```bash
provisioning workspace create my-workspace
# Creates: workspace/my-workspace/config/provisioning.ncl
```
2. **Use Existing Schemas**: Leverage `provisioning/kcl/generator/declaration.ncl`
3. **Schema Validation**: Automatic validation during config load
---
## File Format Guidelines for Developers
### When to Use Each Format
**Use KCL for**:
- Infrastructure definitions (servers, clusters, taskservs)
- Configuration with type requirements
- Schema definitions
- Any config that needs validation rules
- Workspace configuration
**Use TOML for**:
- Application settings (HTTP client, logging, timeouts)
- Provider-specific settings
- Platform service configuration
- User preferences and overrides
- System defaults with interpolation
**Use YAML for**:
- Kubernetes manifests
- CI/CD configuration (GitHub Actions, GitLab CI)
- Tool metadata
- Human-readable documentation files
- Version control metadata
---
## Consequences
### Benefits
**Type Safety**: KCL schema validation catches config errors early
**Consistency**: Infrastructure definitions and configs use same language
**Maintainability**: Clear separation of concerns (IaC vs settings vs metadata)
**Validation**: Semantic versioning, required fields, range checks
**Tooling**: IDE support for KCL auto-completion
**Documentation**: Self-documenting schemas with descriptions
**Ecosystem Alignment**: TOML for settings (Rust standard), YAML for K8s
### Trade-offs
⚠️ **Learning Curve**: Developers must understand three formats
⚠️ **Migration Effort**: Existing YAML configs need conversion
⚠️ **Tooling Requirements**: KCL compiler needed (already a dependency)
### Risk Mitigation
1. **Documentation**: Clear guidelines in CLAUDE.md
2. **Backward Compatibility**: YAML support maintained during transition
3. **Automation**: Migration scripts for existing workspaces
4. **Gradual Migration**: No hard cutoff, both formats supported for extended period
---
## Template File Reorganization
### Problem
Currently, 15/16 files in `provisioning/kcl/templates/` have `.k` extension but contain Nushell/Jinja2 code, not KCL:
```nushell
provisioning/kcl/templates/
├── server.ncl # Actually Nushell/Jinja2 template
├── taskserv.ncl # Actually Nushell/Jinja2 template
└── ... # 15 more template files
```
This causes:
- KCL validation failures (96.6% of errors)
- Misclassification (templates in KCL directory)
- Confusing directory structure
### Solution
Reorganize into type-specific directories:
```bash
provisioning/templates/
├── nushell/ # Nushell code generation (*.nu.j2)
│ ├── server.nu.j2
│ ├── taskserv.nu.j2
│ └── ...
├── config/ # Config file generation (*.toml.j2, *.yaml.j2)
│ ├── provider.toml.j2
│ └── ...
├── kcl/ # KCL file generation (*.k.j2)
│ ├── workspace.ncl.j2
│ └── ...
└── README.md
```
### Outcome
✅ Correct file classification
✅ KCL validation passes completely
✅ Clear template organization
✅ Easier to discover and maintain templates
---
## References
### Existing KCL Schemas
1. **Workspace Declaration**: `provisioning/kcl/generator/declaration.ncl`
- `WorkspaceDeclaration` - Complete workspace specification
- `Metadata` - Name, version, author, timestamps
- `DeploymentConfig` - Deployment modes, servers, HA settings
- Includes validation rules and semantic versioning
2. **Workspace Layer**: `provisioning/workspace/layers/workspace.layer.ncl`
- `WorkspaceLayer` - Template paths, priorities, metadata
3. **Core Settings**: `provisioning/kcl/settings.ncl`
- `Settings` - Main provisioning settings
- `SecretProvider` - SOPS/KMS configuration
- `AIProvider` - AI provider configuration
### Related ADRs
- **ADR-001**: Project Structure
- **ADR-005**: Extension Framework
- **ADR-006**: Provisioning CLI Refactoring
- **ADR-009**: Security System Complete
---
## Decision Status
**Status**: Accepted
**Next Steps**:
1. ✅ Document strategy (this ADR)
2. ⏳ Create workspace configuration KCL schema
3. ⏳ Implement backward-compatible config loader
4. ⏳ Create migration script for YAML → KCL
5. ⏳ Move template files to proper directories
6. ⏳ Update documentation with examples
7. ⏳ Migrate workspace_librecloud to KCL
---
**Last Updated**: 2025-12-03

409
docs/src/architecture/adr/adr-010-incident-response-automation.md Normal file
View File

@ -0,0 +1,409 @@
# ADR-010: Automated Incident Response and Self-Healing
**Status**: Accepted | **Date**: 2025-01-16 | **Supersedes**: None
## Context
Production incidents require rapid response to minimize impact. Manual responses are slow
and error-prone. Automated incident response reduces MTTR (Mean Time to Recovery).
## Decision
Implement autonomous incident response system that detects issues and automatically
remediates without human intervention.
## Automation Levels
### Level 1: Automatic Detection
```text
Monitoring Alert
↓ (triggered)
Detection Engine
├─ Analyze alert severity
├─ Correlate related alerts
├─ Assess impact
└─ Classify incident type
```
### Level 2: Automated Response
```text
Incident Classification
Remediation Playbook Selection
Automated Mitigation Steps
├─ Scale up resources
├─ Failover services
├─ Restart components
├─ Clear caches
└─ Update routing
```
### Level 3: Escalation and Validation
```text
Auto-remediation Attempted
Monitor for Recovery
├─ Success → Close incident
└─ Failure → Escalate to human
↓ (human intervention required)
On-call Engineer Notified
```
## Implementation
### Incident Detection
```rust
pub struct IncidentDetector {
alerts: Arc<RwLock<VecDeque<Alert>>>,
correlation_window: Duration,
detectors: HashMap<String, Box<dyn IncidentClassifier>>,
}
impl IncidentDetector {
pub async fn detect(&self, alert: Alert) -> Option<Incident> {
// Correlate with recent alerts
let related_alerts = self.correlate_alerts(&alert).await;
// Classify incident type
let incident_type = self.classify(&alert, &related_alerts).await?;
// Assess severity
let severity = self.assess_severity(&incident_type, &related_alerts).await;
Some(Incident {
id: generate_id(),
incident_type,
severity,
timestamp: Utc::now(),
alerts: vec![alert],
related_alerts,
})
}
async fn correlate_alerts(&self, alert: &Alert) -> Vec<Alert> {
let alerts = self.alerts.read().await;
alerts
.iter()
.filter( | a | {
// Alerts from same service within window
a.service == alert.service
&& (Utc::now() - a.timestamp) < self.correlation_window
})
.cloned()
.collect()
}
async fn classify(&self, alert: &Alert, related: &[Alert]) -> Option<IncidentType> {
// Use machine learning to classify incident type
// Consider: alert patterns, historical data, service dependencies
Some(IncidentType::HighLatency)
}
}
```
### Automated Remediation
```rust
pub struct RemediationEngine {
playbooks: HashMap<IncidentType, RemediationPlaybook>,
}
impl RemediationEngine {
pub async fn remediate(&self, incident: &Incident) -> RemediationResult {
// Select appropriate playbook
let playbook = self.playbooks
.get(&incident.incident_type)
.ok_or("No playbook for incident type")?;
// Execute remediation steps in sequence
let mut results = Vec::new();
for step in &playbook.steps {
match step {
RemediationStep::ScaleService { service, target_replicas } => {
results.push(self.scale_service(service, *target_replicas).await?);
},
RemediationStep::FailoverService { service, target_region } => {
results.push(self.failover_service(service, target_region).await?);
},
RemediationStep::RestartService { service } => {
results.push(self.restart_service(service).await?);
},
RemediationStep::ClearCache { service } => {
results.push(self.clear_cache(service).await?);
},
}
// Check if remediation worked
tokio::time::sleep(Duration::from_secs(30)).await;
if self.is_healthy(&incident.incident_type).await {
return Ok(RemediationResult {
success: true,
steps_executed: results,
});
}
}
// If still not healthy, escalate
Ok(RemediationResult {
success: false,
steps_executed: results,
})
}
}
```
### Runbook Example: High Latency
```yaml
# runbooks/high-latency-response.yaml
incident_type: high_latency
severity_threshold: 200ms
response:
immediate_actions:
- action: scale_up
service: api-service
percentage: 50
wait: 30s
- action: clear_cache
service: redis-cluster
pattern: "session_*"
- action: drain_connections
service: load_balancer
graceful_wait: 60s
if_not_resolved:
- action: failover
service: api-service
target_region: secondary
- action: rollback
version: previous_stable
service: api-service
escalation:
severity: critical
notify: on-call-engineer
max_auto_attempts: 3
```
### Nushell Implementation
```nushell
def respond-to-high-latency [] {
print "Responding to high latency incident..."
# Step 1: Scale up API service
let scale_result = (
provisioning scale \
--service api-service \
--target-replicas 10
)
print $"Scaled to 10 replicas"
sleep 30s
# Step 2: Clear cache
provisioning cache flush --pattern "session_*"
print "Cache flushed"
# Step 3: Check if latency improved
let latency = (
provisioning metrics get \
--metric http_latency_p99 \
--window 5m
)
if $latency < 200 {
print "✓ Latency recovered to acceptable levels"
return 0
}
# Step 4: Failover if still high
print "Latency still high, initiating failover..."
provisioning failover \
--service api-service \
--target-region secondary
sleep 60s
# Step 5: Verify recovery
let final_latency = (
provisioning metrics get \
--metric http_latency_p99 \
--window 5m
)
if $final_latency < 200 {
print "✓ Failover successful"
return 0
} else {
print "✗ Auto-remediation failed, escalating"
return 1
}
}
```
## Self-Healing Patterns
### Automatic Restart on Crash
```text
Service Crash Detected
Health Check Failed 3 Times
Automatic Restart Triggered
├─ Wait 5 seconds (backoff)
├─ Start service
├─ Verify startup (30s timeout)
└─ Health check passes
Service Restored
```
### Automatic Config Rollback
```rust
pub async fn handle_config_deployment_failure(
deployment_id: &str,
error: &DeploymentError,
) -> Result<()> {
// If deployment fails due to config error
if error.is_config_related() {
log::error!("Config deployment failed: {:?}", error);
// Automatically rollback to last known-good config
let previous_config = fetch_last_good_config().await?;
apply_config(previous_config).await?;
// Notify team
notify_team("Config rollback triggered automatically").await?;
return Ok(());
}
Err(Box::new(error.clone()))
}
```
## Escalation Criteria
```nickel
{
escalation_rules = [
{
condition = "remediation_attempts > 3",
action = "escalate_to_oncall",
severity = "critical"
},
{
condition = "error_rate > 10% for 5m",
action = "escalate_to_manager",
severity = "critical"
},
{
condition = "data_loss_risk",
action = "escalate_to_cto",
severity = "critical"
},
{
condition = "remediation_attempts > 1 AND not_in_business_hours",
action = "escalate_to_senior_oncall",
severity = "high"
}
]
}
```
## Learning from Incidents
```rust
pub async fn post_incident_analysis(incident: &Incident) {
// Log incident metrics
log_incident_metrics(incident).await;
// Identify improvements
let improvements = analyze_incident_response(incident).await;
// Update playbooks based on effectiveness
for improvement in improvements {
update_playbook(&improvement).await;
}
// Generate post-mortem
generate_postmortem(incident).await;
}
async fn analyze_incident_response(incident: &Incident) -> Vec<PlaybookImprovement> {
let mttr = incident.resolution_time;
let automation_effective = mttr < Duration::from_secs(300); // < 5 minutes
if !automation_effective {
// Escalation or playbook was ineffective
// Analyze why and suggest improvements
vec![
PlaybookImprovement {
remediation_step: "scale_service".to_string(),
suggestion: "Increase target replicas from 50% to 100%".to_string(),
},
]
} else {
vec![]
}
}
```
## Monitoring Automation Effectiveness
```bash
# Incident metrics
provisioning metrics incident-automation \
--metric success_rate \
--metric mttr \
--metric escalation_rate \
--metric false_positive_rate
# Output:
# Automation Success Rate: 87%
# Average MTTR: 4m 23s (Target: <5m)
# Escalation Rate: 13% (Target: <5%)
# False Positive Rate: 2% (Target: <1%)
```
## Safety Mechanisms
1. **Automatic Rollback**: Failed remediations automatically rollback
2. **Circuit Breaker**: Stop retries if remediation repeatedly fails
3. **Escalation Triggers**: Escalate if not resolved in N attempts
4. **Rate Limiting**: Don't repeatedly try same remediation
5. **Blast Radius Limits**: Limit changes to prevent cascading failures
## Consequences
- **Positive**:
- Reduced MTTR from 30+ minutes to <5 minutes
- Fewer manual escalations
- Better system resilience
- Faster incident response at 3 AM
- **Negative**:
- Automation can cause unintended side effects
- Requires comprehensive testing
- Complex to debug if automation fails
- False positives possible
## Related ADRs
- [ADR-008: Unified Observability Stack](./adr-008-observability-and-monitoring.md) - Metrics for incident detection
- [ADR-009: SLO and Error Budgets](./adr-009-slo-error-budgets.md) - SLO violations trigger incidents

479
docs/src/architecture/adr/adr-011-nickel-migration.md
View File

@ -1,479 +0,0 @@
# ADR-011: Migration from KCL to Nickel
**Status**: Implemented
**Date**: 2025-12-15
**Decision Makers**: Architecture Team
**Implementation**: Complete for platform schemas (100%)
---
## Context
The provisioning platform historically used KCL (KLang) as the primary infrastructure-as-code language for all configuration schemas. As the system
evolved through four migration phases (Foundation, Core, Complex, Highly Complex), KCL's limitations became increasingly apparent:
### Problems with KCL
1. **Complex Type System**: Heavyweight schema system with extensive boilerplate
- `schema Foo(bar.Baz)` inheritance creates rigid hierarchies
- Union types with `null` don't work well in type annotations
- Schema modifications propagate breaking changes
2. **Limited Flexibility**: Schema-first approach is too rigid for configuration evolution
- Difficult to extend types without modifying base schemas
- No easy way to add custom fields without validation conflicts
- Hard to compose configurations dynamically
3. **Import System Overhead**: Non-standard module imports
- `import provisioning.lib as lib` pattern differs from ecosystem standards
- Re-export patterns create complexity in extension systems
4. **Performance Overhead**: Compile-time validation adds latency
- Schema validation happens at compile time
- Large configuration files slow down evaluation
- No lazy evaluation built-in
5. **Learning Curve**: KCL is Python-like but with unique patterns
- Team must learn KCL-specific semantics
- Limited ecosystem and tooling support
- Difficult to hire developers familiar with KCL
### Project Needs
The provisioning system required:
- **Greater flexibility** in composing configurations
- **Better performance** for large-scale deployments
- **Extensibility** without modifying base schemas
- **Simpler mental model** for team learning
- **Clean exports** to JSON/TOML/YAML formats
---
## Decision
**Adopt Nickel as the primary infrastructure-as-code language** for all schema definitions, configuration composition, and deployment declarations.
### Key Changes
1. **Three-File Pattern per Module**:
- `{module}_contracts.ncl` - Type definitions using Nickel contracts
- `{module}_defaults.ncl` - Default values for all fields
- `{module}.ncl` - Instances combining both, with hybrid interface
2. **Hybrid Interface** (4 levels of access):
- **Level 1**: Direct access to defaults (inspection, reference)
- **Level 2**: Maker functions (90% of use cases)
- **Level 3**: Default instances (pre-built, exported)
- **Level 4**: Contracts (optional imports, advanced combinations)
3. **Domain-Organized Architecture** (8 top-level domains):
- `lib` - Core library types
- `config` - Settings, defaults, workspace configuration
- `infrastructure` - Compute, storage, provisioning schemas
- `operations` - Workflows, batch, dependencies, tasks
- `deployment` - Kubernetes, execution modes
- `services` - Gitea and other platform services
- `generator` - Code generation and declarations
- `integrations` - Runtime, GitOps, external integrations
4. **Two Deployment Modes**:
- **Development**: Fast iteration with relative imports (Single Source of Truth)
- **Production**: Frozen snapshots with immutable, self-contained deployment packages
---
## Implementation Summary
### Migration Complete
| Metric | Value |
| -------- | ------- |
| KCL files migrated | 40 |
| Nickel files created | 72 |
| Modules converted | 24 core modules |
| Schemas migrated | 150+ |
| Maker functions | 80+ |
| Default instances | 90+ |
| JSON output validation | 4,680+ lines |
### Platform Schemas (`provisioning/schemas/`)
- **422 Nickel files** total
- **8 domains** with hierarchical organization
- **Entry point**: `main.ncl` with domain-organized architecture
- **Clean imports**: `provisioning.lib`, `provisioning.config.settings`, etc.
### Extensions (`provisioning/extensions/`)
- **4 providers**: hetzner, local, aws, upcloud
- **1 cluster type**: web
- **Consistent structure**: Each extension has `nickel/` subdirectory with contracts, defaults, main, version
**Example - UpCloud Provider**:
```nickel
# upcloud/nickel/main.ncl (migrated from upcloud/kcl/)
let contracts = import "./contracts.ncl" in
let defaults = import "./defaults.ncl" in
{
defaults = defaults,
make_storage | not_exported = fun overrides =>
defaults.storage & overrides,
DefaultStorage = defaults.storage,
DefaultStorageBackup = defaults.storage_backup,
DefaultProvisionEnv = defaults.provision_env,
DefaultProvisionUpcloud = defaults.provision_upcloud,
DefaultServerDefaults_upcloud = defaults.server_defaults_upcloud,
DefaultServerUpcloud = defaults.server_upcloud,
}
```
### Active Workspaces (`workspace_librecloud/nickel/`)
- **47 Nickel files** in productive use
- **2 infrastructures**:
- `wuji` - Kubernetes cluster with 20 taskservs
- `sgoyol` - Support servers group
- **Two deployment modes** fully implemented and tested
- **Daily production usage** validated ✅
### Backward Compatibility
- **955 KCL files** remain in workspaces/ (legacy user configs)
- 100% backward compatible - old KCL code still works
- Config loader supports both formats during transition
- No breaking changes to APIs
---
## Comparison: KCL vs Nickel
| Aspect | KCL | Nickel | Winner |
| -------- | ----- | -------- | -------- |
| **Mental Model** | Python-like with schemas | JSON with functions | Nickel |
| **Performance** | Baseline | 60% faster evaluation | Nickel |
| **Type System** | Rigid schemas | Gradual typing + contracts | Nickel |
| **Composition** | Schema inheritance | Record merging (`&`) | Nickel |
| **Extensibility** | Requires schema modifications | Merging with custom fields | Nickel |
| **Validation** | Compile-time (overhead) | Runtime contracts (lazy) | Nickel |
| **Boilerplate** | High | Low (3-file pattern) | Nickel |
| **Exports** | JSON/YAML | JSON/TOML/YAML | Nickel |
| **Learning Curve** | Medium-High | Low | Nickel |
| **Lazy Evaluation** | No | Yes (built-in) | Nickel |
---
## Architecture Patterns
### Three-File Pattern
**File 1: Contracts** (`batch_contracts.ncl`):
```json
{
BatchScheduler = {
strategy | String,
resource_limits,
scheduling_interval | Number,
enable_preemption | Bool,
},
}
```
**File 2: Defaults** (`batch_defaults.ncl`):
```json
{
scheduler = {
strategy = "dependency_first",
resource_limits = {"max_cpu_cores" = 0},
scheduling_interval = 10,
enable_preemption = false,
},
}
```
**File 3: Main** (`batch.ncl`):
```javascript
let contracts = import "./batch_contracts.ncl" in
let defaults = import "./batch_defaults.ncl" in
{
defaults = defaults, # Level 1: Inspection
make_scheduler | not_exported = fun o =>
defaults.scheduler & o, # Level 2: Makers
DefaultScheduler = defaults.scheduler, # Level 3: Instances
}
```
### Hybrid Pattern Benefits
- **90% of users**: Use makers for simple customization
- **9% of users**: Reference defaults for inspection
- **1% of users**: Access contracts for advanced combinations
- **No validation conflicts**: Record merging works without contract constraints
### Domain-Organized Architecture
```nickel
provisioning/schemas/
├── lib/ # Storage, TaskServDef, ClusterDef
├── config/ # Settings, defaults, workspace_config
├── infrastructure/ # Compute, storage, provisioning
├── operations/ # Workflows, batch, dependencies, tasks
├── deployment/ # Kubernetes, modes (solo, multiuser, cicd, enterprise)
├── services/ # Gitea, etc
├── generator/ # Declarations, gap analysis, changes
├── integrations/ # Runtime, GitOps, main
└── main.ncl # Entry point with namespace organization
```
**Import pattern**:
```javascript
let provisioning = import "./main.ncl" in
provisioning.lib # For Storage, TaskServDef
provisioning.config.settings # For Settings, Defaults
provisioning.infrastructure.compute.server
provisioning.operations.workflows
```
---
## Production Deployment Patterns
### Two-Mode Strategy
#### 1. Development Mode (Single Source of Truth)
- Relative imports to central provisioning
- Fast iteration with immediate schema updates
- No snapshot overhead
- Usage: Local development, testing, experimentation
```nickel
# workspace_librecloud/nickel/main.ncl
import "../../provisioning/schemas/main.ncl"
import "../../provisioning/extensions/taskservs/kubernetes/nickel/main.ncl"
```
#### 2. Production Mode (Hermetic Deployment)
Create immutable snapshots for reproducible deployments:
```nickel
provisioning workspace freeze --version "2025-12-15-prod-v1" --env production
```
**Frozen structure** (`.frozen/{version}/`):
```nickel
├── provisioning/schemas/ # Snapshot of central schemas
├── extensions/ # Snapshot of all extensions
└── workspace/ # Snapshot of workspace configs
```
**All imports rewritten to local paths**:
- `import "../../provisioning/schemas/main.ncl"``import "./provisioning/schemas/main.ncl"`
- Guarantees immutability and reproducibility
- No external dependencies
- Can be deployed to air-gapped environments
**Deploy from frozen snapshot**:
```nickel
provisioning deploy --frozen "2025-12-15-prod-v1" --infra wuji
```
**Benefits**:
- ✅ Development: Fast iteration with central updates
- ✅ Production: Immutable, reproducible deployments
- ✅ Audit trail: Each frozen version timestamped
- ✅ Rollback: Easy rollback to previous versions
- ✅ Air-gapped: Works in offline environments
---
## Ecosystem Integration
### TypeDialog (Bidirectional Nickel Integration)
**Location**: `/Users/Akasha/Development/typedialog`
**Purpose**: Type-safe prompts, forms, and schemas with Nickel output
**Key Feature**: Nickel schemas → Type-safe UIs → Nickel output
```nickel
# Nickel schema → Interactive form
typedialog form --schema server.ncl --output json
# Interactive form → Nickel output
typedialog form --input form.toml --output nickel
```
**Value**: Amplifies Nickel ecosystem beyond IaC:
- Schemas auto-generate type-safe UIs
- Forms output configurations back to Nickel
- Multiple backends: CLI, TUI, Web
- Multiple output formats: JSON, YAML, TOML, Nickel
---
## Technical Patterns
### Expression-Based Structure
| KCL | Nickel |
| ----- | -------- |
| Multiple top-level let bindings | Single root expression with `let...in` chaining |
### Schema Inheritance → Record Merging
| KCL | Nickel |
| ----- | -------- |
| `schema Server(defaults.ServerDefaults)` | `defaults.ServerDefaults & { overrides }` |
### Optional Fields
| KCL | Nickel |
| ----- | -------- |
| `field?: type` | `field = null` or `field = ""` |
### Union Types
| KCL | Nickel |
| ----- | -------- |
| `"ubuntu" &#124; "debian" &#124; "centos"` | `[\\&#124; 'ubuntu, 'debian, 'centos \\&#124;]` |
### Boolean/Null Conversion
| KCL | Nickel |
| ----- | -------- |
| `True` / `False` / `None` | `true` / `false` / `null` |
---
## Quality Metrics
- **Syntax Validation**: 100% (all files compile)
- **JSON Export**: 100% success rate (4,680+ lines)
- **Pattern Coverage**: All 5 templates tested and proven
- **Backward Compatibility**: 100%
- **Performance**: 60% faster evaluation than KCL
- **Test Coverage**: 422 Nickel files validated in production
---
## Consequences
### Positive ✅
- **60% performance gain** in evaluation speed
- **Reduced boilerplate** (contracts + defaults separation)
- **Greater flexibility** (record merging without validation)
- **Extensibility without conflicts** (custom fields allowed)
- **Simplified mental model** ("JSON with functions")
- **Lazy evaluation** (better performance for large configs)
- **Clean exports** (100% JSON/TOML compatible)
- **Hybrid pattern** (4 levels covering all use cases)
- **Domain-organized architecture** (8 logical domains, clear imports)
- **Production deployment** with frozen snapshots (immutable, reproducible)
- **Ecosystem expansion** (TypeDialog integration for UI generation)
- **Real-world validation** (47 files in productive use)
- **20 taskservs** deployed in production infrastructure
### Challenges ⚠️
- **Dual format support** during transition (KCL + Nickel)
- **Learning curve** for team (new language)
- **Migration effort** (40 files migrated manually)
- **Documentation updates** (guides, examples, training)
- **955 KCL files remain** (gradual workspace migration)
- **Frozen snapshots workflow** (requires understanding workspace freeze)
- **TypeDialog dependency** (external Rust project)
### Mitigations
- ✅ Complete documentation in `docs/development/kcl-module-system.md`
- ✅ 100% backward compatibility maintained
- ✅ Migration framework established (5 templates, validation checklist)
- ✅ Validation checklist for each migration step
- ✅ 100% syntax validation on all files
- ✅ Real-world usage validated (47 files in production)
- ✅ Frozen snapshots guarantee reproducibility
- ✅ Two deployment modes cover development and production
- ✅ Gradual migration strategy (workspace-level, no hard cutoff)
---
## Migration Status
### Completed (Phase 1-4)
- ✅ Foundation (8 files) - Basic schemas, validation library
- ✅ Core Schemas (8 files) - Settings, workspace config, gitea
- ✅ Complex Features (7 files) - VM lifecycle, system config, services
- ✅ Very Complex (9+ files) - Modes, commands, orchestrator, main entry point
- ✅ Platform schemas (422 files total)
- ✅ Extensions (providers, clusters)
- ✅ Production workspace (47 files, 20 taskservs)
### In Progress (Workspace-Level)
- ⏳ Workspace migration (323+ files in workspace_librecloud)
- ⏳ Extension migration (taskservs, clusters, providers)
- ⏳ Parallel testing against original KCL
- ⏳ CI/CD integration updates
### Future (Optional)
- User workspace KCL to Nickel (gradual, as needed)
- Full migration of legacy configurations
- TypeDialog UI generation for infrastructure
---
## Related Documentation
### Development Guides
- KCL Module System - Critical syntax differences and patterns
- [Nickel Migration Guide](../development/nickel-executable-examples.md) - Three-file pattern specification and examples
- [Configuration Architecture](../development/configuration.md) - Composition patterns and best practices
### Related ADRs
- **ADR-010**: Configuration Format Strategy (multi-format approach)
- **ADR-006**: CLI Refactoring (domain-driven design)
- **ADR-004**: Hybrid Rust/Nushell Architecture (platform architecture)
### Referenced Files
- **Entry point**: `provisioning/schemas/main.ncl`
- **Workspace pattern**: `workspace_librecloud/nickel/main.ncl`
- **Example extension**: `provisioning/extensions/providers/upcloud/nickel/main.ncl`
- **Production infrastructure**: `workspace_librecloud/nickel/wuji/main.ncl` (20 taskservs)
---
## Approval
**Status**: Implemented and Production-Ready
- ✅ Architecture Team: Approved
- ✅ Platform implementation: Complete (422 files)
- ✅ Production validation: Passed (47 files active)
- ✅ Backward compatibility: 100%
- ✅ Real-world usage: Validated in wuji infrastructure
---
**Last Updated**: 2025-12-15
**Version**: 1.0.0
**Implementation**: Complete (Phase 1-4 finished, workspace-level in progress)

379
docs/src/architecture/adr/adr-012-nushell-nickel-plugin-cli-wrapper.md
View File

@ -1,379 +0,0 @@
# ADR-014: Nushell Nickel Plugin - CLI Wrapper Architecture
## Status
**Accepted** - 2025-12-15
## Context
The provisioning system integrates with Nickel for configuration management in advanced
scenarios. Users need to evaluate Nickel files and work with their output in Nushell
scripts. The `nu_plugin_nickel` plugin provides this integration.
The architectural decision was whether the plugin should:
1. **Implement Nickel directly using pure Rust** (`nickel-lang-core` crate)
2. **Wrap the official Nickel CLI** (`nickel` command)
### System Requirements
Nickel configurations in provisioning use the **module system**:
```nickel
# config/database.ncl
import "lib/defaults" as defaults
import "lib/validation" as valid
{
databases: {
primary = defaults.database & {
name = "primary"
host = "localhost"
}
}
}
```
Module system includes:
- Import resolution with search paths
- Standard library (`builtins`, stdlib packages)
- Module caching
- Complex evaluation context
## Decision
Implement the `nu_plugin_nickel` plugin as a **CLI wrapper** that invokes the external `nickel` command.
### Architecture Diagram
```nickel
┌─────────────────────────────┐
│ Nushell Script │
│ │
│ nickel-export json /file │
│ nickel-eval /file │
│ nickel-format /file │
└────────────┬────────────────┘
┌─────────────────────────────┐
│ nu_plugin_nickel │
│ │
│ - Command handling │
│ - Argument parsing │
│ - JSON output parsing │
│ - Caching logic │
└────────────┬────────────────┘
┌─────────────────────────────┐
│ std::process::Command │
│ │
│ "nickel export /file ..." │
└────────────┬────────────────┘
┌─────────────────────────────┐
│ Nickel Official CLI │
│ │
│ - Module resolution │
│ - Import handling │
│ - Standard library access │
│ - Output formatting │
│ - Error reporting │
└────────────┬────────────────┘
┌─────────────────────────────┐
│ Nushell Records/Lists │
│ │
│ ✅ Proper types │
│ ✅ Cell path access works │
│ ✅ Piping works │
└─────────────────────────────┘
```
### Implementation Characteristics
**Plugin provides**:
- ✅ Nushell commands: `nickel-export`, `nickel-eval`, `nickel-format`, `nickel-validate`
- ✅ JSON/YAML output parsing (serde_json → nu_protocol::Value)
- ✅ Automatic caching (SHA256-based, ~80-90% hit rate)
- ✅ Error handling (CLI errors → Nushell errors)
- ✅ Type-safe output (nu_protocol::Value::Record, not strings)
**Plugin delegates to Nickel CLI**:
- ✅ Module resolution with search paths
- ✅ Standard library access and discovery
- ✅ Evaluation context setup
- ✅ Module caching
- ✅ Output formatting
## Rationale
### Why CLI Wrapper Is The Correct Choice
| Aspect | Pure Rust (nickel-lang-core) | CLI Wrapper (chosen) |
| -------- | ------------------------------- | ---------------------- |
| **Module resolution** | ❓ Undocumented API | ✅ Official, proven |
| **Search paths** | ❓ How to configure? | ✅ CLI handles it |
| **Standard library** | ❓ How to access? | ✅ Automatic discovery |
| **Import system** | ❌ API unclear | ✅ Built-in |
| **Evaluation context** | ❌ Complex setup needed | ✅ CLI provides |
| **Future versions** | ⚠️ Maintain parity | ✅ Automatic support |
| **Maintenance burden** | 🔴 High | 🟢 Low |
| **Complexity** | 🔴 High | 🟢 Low |
| **Correctness** | ⚠️ Risk of divergence | ✅ Single source of truth |
### The Module System Problem
Using `nickel-lang-core` directly would require the plugin to:
1. **Configure import search paths**:
```rust
// Where should Nickel look for modules?
// Current directory? Workspace? System paths?
// This is complex and configuration-dependent
```
1. **Access standard library**:
```rust
// Where is the Nickel stdlib installed?
// How to handle different Nickel versions?
// How to provide builtins?
```
2. **Manage module evaluation context**:
```rust
// Set up evaluation environment
// Configure cache locations
// Initialize type checker
// This is essentially re-implementing CLI logic
```
3. **Maintain compatibility**:
- Every Nickel version change requires review
- Risk of subtle behavioral differences
- Duplicate bug fixes and features
- Two implementations to maintain
### Documentation Gap
The `nickel-lang-core` crate lacks clear documentation on:
- ❓ How to configure import search paths
- ❓ How to access standard library
- ❓ How to set up evaluation context
- ❓ What is the public API contract?
This makes direct usage risky. The CLI is the documented, proven interface.
### Why Nickel Is Different From Simple Use Cases
**Simple use case** (direct library usage works):
- Simple evaluation with built-in functions
- No external dependencies
- No modules or imports
**Nickel reality** (CLI wrapper necessary):
- Complex module system with search paths
- External dependencies (standard library)
- Import resolution with multiple fallbacks
- Evaluation context that mirrors CLI
## Consequences
### Positive
- **Correctness**: Module resolution guaranteed by official Nickel CLI
- **Reliability**: No risk from reverse-engineering undocumented APIs
- **Simplicity**: Plugin code is lean (~300 lines total)
- **Maintainability**: Automatic tracking of Nickel changes
- **Compatibility**: Works with all Nickel versions
- **User Expectations**: Same behavior as CLI users experience
- **Community Alignment**: Uses official Nickel distribution
### Negative
- **External Dependency**: Requires `nickel` binary installed in PATH
- **Process Overhead**: ~100-200 ms per execution (heavily cached)
- **Subprocess Management**: Spawn handling and stderr capture needed
- **Distribution**: Provisioning must include Nickel binary
### Mitigation Strategies
**Dependency Management**:
- Installation scripts handle Nickel setup
- Docker images pre-install Nickel
- Clear error messages if `nickel` not found
- Documentation covers installation
**Performance**:
- Aggressive caching (80-90% typical hit rate)
- Cache hits: ~1-5 ms (not 100-200 ms)
- Cache directory: `~/.cache/provisioning/config-cache/`
**Distribution**:
- Provisioning distributions include Nickel
- Installers set up Nickel automatically
- CI/CD has Nickel available
## Alternatives Considered
### Alternative 1: Pure Rust with nickel-lang-core
**Pros**: No external dependency
**Cons**: Undocumented API, high risk, maintenance burden
**Decision**: REJECTED - Too risky
### Alternative 2: Hybrid (Pure Rust + CLI fallback)
**Pros**: Flexibility
**Cons**: Adds complexity, dual code paths, confusing behavior
**Decision**: REJECTED - Over-engineering
### Alternative 3: WebAssembly Version
**Pros**: Standalone
**Cons**: WASM support unclear, additional infrastructure
**Decision**: REJECTED - Immature
### Alternative 4: Use Nickel LSP
**Pros**: Uses official interface
**Cons**: LSP not designed for evaluation, wrong abstraction
**Decision**: REJECTED - Inappropriate tool
## Implementation Details
### Command Set
1. **nickel-export**: Export/evaluate Nickel file
```nushell
nickel-export json /path/to/file.ncl
nickel-export yaml /path/to/file.ncl
```
2. **nickel-eval**: Evaluate with automatic caching (for config loader)
```nushell
nickel-eval /workspace/config.ncl
```
3. **nickel-format**: Format Nickel files
```nushell
nickel-format /path/to/file.ncl
```
4. **nickel-validate**: Validate Nickel files/project
```nushell
nickel-validate /path/to/project
```
### Critical Implementation Detail: Command Syntax
The plugin uses the **correct Nickel command syntax**:
```nickel
// Correct:
cmd.arg("export").arg(file).arg("--format").arg(format);
// Results in: "nickel export /file --format json"
// WRONG (previously):
cmd.arg("export").arg(format).arg(file);
// Results in: "nickel export json /file"
// ↑ This triggers auto-import of nonexistent JSON module
```
### Caching Strategy
**Cache Key**: SHA256(file_content + format)
**Cache Hit Rate**: 80-90% (typical provisioning workflows)
**Performance**:
- Cache miss: ~100-200 ms (process fork)
- Cache hit: ~1-5 ms (filesystem read + parse)
- Speedup: 50-100x for cached runs
**Storage**: `~/.cache/provisioning/config-cache/`
### JSON Output Processing
Plugin correctly processes JSON output:
1. Invokes: `nickel export /file.ncl --format json`
2. Receives: JSON string from stdout
3. Parses: serde_json::Value
4. Converts: `json_value_to_nu_value()` (recursive)
5. Returns: nu_protocol::Value::Record (not string!)
This enables Nushell cell path access:
```nushell
nickel-export json /config.ncl | .database.host # ✅ Works
```
## Testing Strategy
**Unit Tests**:
- JSON parsing correctness
- Value type conversions
- Cache logic
**Integration Tests**:
- Real Nickel file execution
- Module imports verification
- Search path resolution
**Manual Verification**:
```nickel
# Test module imports
nickel-export json /workspace/config.ncl
# Test cell path access
nickel-export json /workspace/config.ncl | .database
# Verify output types
nickel-export json /workspace/config.ncl | type
# Should show: record, not string
```
## Configuration Integration
Plugin integrates with provisioning config system:
- Nickel path auto-detected: `which nickel`
- Cache location: platform-specific `cache_dir()`
- Errors: consistent with provisioning patterns
## References
- ADR-012: Nushell Plugins (general framework)
- [Nickel Official Documentation](https://nickel-lang.org/)
- [nickel-lang-core Rust Crate](https://crates.io/crates/nickel-lang-core/)
- nu_plugin_nickel Implementation: `provisioning/core/plugins/nushell-plugins/nu_plugin_nickel/`
- [Related: ADR-013-NUSHELL-KCL-PLUGIN](adr/adr-nushell-kcl-plugin-cli-wrapper.md)
---
**Status**: Accepted and Implemented
**Last Updated**: 2025-12-15
**Implementation**: Complete
**Tests**: Passing

592
docs/src/architecture/adr/adr-013-typdialog-integration.md
View File

@ -1,592 +0,0 @@
# ADR-013: Typdialog Web UI Backend Integration for Interactive Configuration
## Status
**Accepted** - 2025-01-08
## Context
The provisioning system requires interactive user input for configuration workflows, workspace initialization, credential setup, and guided deployment
scenarios. The system architecture combines Rust (performance-critical), Nushell (scripting), and Nickel (declarative configuration), creating
challenges for interactive form-based input and multi-user collaboration.
### The Interactive Configuration Problem
**Current limitations**:
1. **Nushell CLI**: Terminal-only interaction
- `input` command: Single-line text prompts only
- No form validation, no complex multi-field forms
- Limited to single-user, terminal-bound workflows
- User experience: Basic and error-prone
2. **Nickel**: Declarative configuration language
- Cannot handle interactive prompts (by design)
- Pure evaluation model (no side effects)
- Forms must be defined statically, not interactively
- No runtime user interaction
3. **Existing Solutions**: Inadequate for modern infrastructure provisioning
- **Shell-based prompts**: Error-prone, no validation, single-user
- **Custom web forms**: High maintenance, inconsistent UX
- **Separate admin panels**: Disconnected from IaC workflow
- **Terminal-only TUI**: Limited to SSH sessions, no collaboration
### Use Cases Requiring Interactive Input
1. **Workspace Initialization**:
```nushell
# Current: Error-prone prompts
let workspace_name = input "Workspace name: "
let provider = input "Provider (aws/azure/oci): "
# No validation, no autocomplete, no guidance
```
2. **Credential Setup**:
```nushell
# Current: Insecure and basic
let api_key = input "API Key: " # Shows in terminal history
let region = input "Region: " # No validation
```
3. **Configuration Wizards**:
- Database connection setup (host, port, credentials, SSL)
- Network configuration (CIDR blocks, subnets, gateways)
- Security policies (encryption, access control, audit)
4. **Guided Deployments**:
- Multi-step infrastructure provisioning
- Service selection with dependencies
- Environment-specific overrides
### Requirements for Interactive Input System
- ✅ **Terminal UI widgets**: Text input, password, select, multi-select, confirm
- ✅ **Validation**: Type checking, regex patterns, custom validators
- ✅ **Security**: Password masking, sensitive data handling
- ✅ **User Experience**: Arrow key navigation, autocomplete, help text
- ✅ **Composability**: Chain multiple prompts into forms
- ✅ **Error Handling**: Clear validation errors, retry logic
- ✅ **Rust Integration**: Native Rust library (no subprocess overhead)
- ✅ **Cross-Platform**: Works on Linux, macOS, Windows
## Decision
Integrate **typdialog** with its **Web UI backend** as the standard interactive configuration interface for the provisioning platform. The major
achievement of typdialog is not the TUI - it is the Web UI backend that enables browser-based forms, multi-user collaboration, and seamless
integration with the provisioning orchestrator.
### Architecture Diagram
```bash
┌─────────────────────────────────────────┐
│ Nushell Script │
│ │
│ provisioning workspace init │
│ provisioning config setup │
│ provisioning deploy guided │
└────────────┬────────────────────────────┘
┌─────────────────────────────────────────┐
│ Rust CLI Handler │
│ (provisioning/core/cli/) │
│ │
│ - Parse command │
│ - Determine if interactive needed │
│ - Invoke TUI dialog module │
└────────────┬────────────────────────────┘
┌─────────────────────────────────────────┐
│ TUI Dialog Module │
│ (typdialog wrapper) │
│ │
│ - Form definition (validation rules) │
│ - Widget rendering (text, select) │
│ - User input capture │
│ - Validation execution │
│ - Result serialization (JSON/TOML) │
└────────────┬────────────────────────────┘
┌─────────────────────────────────────────┐
│ typdialog Library │
│ │
│ - Terminal rendering (crossterm) │
│ - Event handling (keyboard, mouse) │
│ - Widget state management │
│ - Input validation engine │
└────────────┬────────────────────────────┘
┌─────────────────────────────────────────┐
│ Terminal (stdout/stdin) │
│ │
│ ✅ Rich TUI with validation │
│ ✅ Secure password input │
│ ✅ Guided multi-step forms │
└─────────────────────────────────────────┘
```
### Implementation Characteristics
**CLI Integration Provides**:
- ✅ Native Rust commands with TUI dialogs
- ✅ Form-based input for complex configurations
- ✅ Validation rules defined in Rust (type-safe)
- ✅ Secure input (password masking, no history)
- ✅ Error handling with retry logic
- ✅ Serialization to Nickel/TOML/JSON
**TUI Dialog Library Handles**:
- ✅ Terminal UI rendering and event loop
- ✅ Widget management (text, select, checkbox, confirm)
- ✅ Input validation and error display
- ✅ Navigation (arrow keys, tab, enter)
- ✅ Cross-platform terminal compatibility
## Rationale
### Why TUI Dialog Integration Is Required
| Aspect | Shell Prompts (current) | Web Forms | TUI Dialog (chosen) |
| -------- | ------------------------- | ----------- | --------------------- |
| **User Experience** | ❌ Basic text only | ✅ Rich UI | ✅ Rich TUI |
| **Validation** | ❌ Manual, error-prone | ✅ Built-in | ✅ Built-in |
| **Security** | ❌ Plain text, history | ⚠️ Network risk | ✅ Secure terminal |
| **Setup Complexity** | ✅ None | ❌ Server required | ✅ Minimal |
| **Terminal Workflow** | ✅ Native | ❌ Browser switch | ✅ Native |
| **Offline Support** | ✅ Always | ❌ Requires server | ✅ Always |
| **Dependencies** | ✅ None | ❌ Web stack | ✅ Single crate |
| **Error Handling** | ❌ Manual | ⚠️ Complex | ✅ Built-in retry |
### The Nushell Limitation
Nushell's `input` command is limited:
```nushell
# Current: No validation, no security
let password = input "Password: " # ❌ Shows in terminal
let region = input "AWS Region: " # ❌ No autocomplete/validation
# Cannot do:
# - Multi-select from options
# - Conditional fields (if X then ask Y)
# - Password masking
# - Real-time validation
# - Autocomplete/fuzzy search
```
### The Nickel Constraint
Nickel is declarative and cannot prompt users:
```nickel
# Nickel defines what the config looks like, NOT how to get it
{
database = {
host | String,
port | Number,
credentials | { username: String, password: String },
}
}
# Nickel cannot:
# - Prompt user for values
# - Show interactive forms
# - Validate input interactively
```
### Why Rust + TUI Dialog Is The Solution
**Rust provides**:
- Native terminal control (crossterm, termion)
- Type-safe form definitions
- Validation rules as functions
- Secure memory handling (password zeroization)
- Performance (no subprocess overhead)
**TUI Dialog provides**:
- Widget library (text, select, multi-select, confirm)
- Event loop and rendering
- Validation framework
- Error display and retry logic
**Integration enables**:
- Nushell calls Rust CLI → Shows TUI dialog → Returns validated config
- Nickel receives validated config → Type checks → Merges with defaults
## Consequences
### Positive
- **User Experience**: Professional TUI with validation and guidance
- **Security**: Password masking, sensitive data protection, no terminal history
- **Validation**: Type-safe rules enforced before config generation
- **Developer Experience**: Reusable form components across CLI commands
- **Error Handling**: Clear validation errors with retry options
- **Offline First**: No network dependencies for interactive input
- **Terminal Native**: Fits CLI workflow, no context switching
- **Maintainability**: Single library for all interactive input
### Negative
- **Terminal Dependency**: Requires interactive terminal (not scriptable)
- **Learning Curve**: Developers must learn TUI dialog patterns
- **Library Lock-in**: Tied to specific TUI library API
- **Testing Complexity**: Interactive tests require terminal mocking
- **Non-Interactive Fallback**: Need alternative for CI/CD and scripts
### Mitigation Strategies
**Non-Interactive Mode**:
```bash
// Support both interactive and non-interactive
if terminal::is_interactive() {
// Show TUI dialog
let config = show_workspace_form()?;
} else {
// Use config file or CLI args
let config = load_config_from_file(args.config)?;
}
```
**Testing**:
```bash
// Unit tests: Test form validation logic (no TUI)
#[test]
fn test_validate_workspace_name() {
assert!(validate_name("my-workspace").is_ok());
assert!(validate_name("invalid name!").is_err());
}
// Integration tests: Use mock terminal or config files
```
**Scriptability**:
```bash
# Batch mode: Provide config via file
provisioning workspace init --config workspace.toml
# Interactive mode: Show TUI dialog
provisioning workspace init --interactive
```
**Documentation**:
- Form schemas documented in `docs/`
- Config file examples provided
- Screenshots of TUI forms in guides
## Alternatives Considered
### Alternative 1: Shell-Based Prompts (Current State)
**Pros**: Simple, no dependencies
**Cons**: No validation, poor UX, security risks
**Decision**: REJECTED - Inadequate for production use
### Alternative 2: Web-Based Forms
**Pros**: Rich UI, well-known patterns
**Cons**: Requires server, network dependency, context switch
**Decision**: REJECTED - Too complex for CLI tool
### Alternative 3: Custom TUI Per Use Case
**Pros**: Tailored to each need
**Cons**: High maintenance, code duplication, inconsistent UX
**Decision**: REJECTED - Not sustainable
### Alternative 4: External Form Tool (dialog, whiptail)
**Pros**: Mature, cross-platform
**Cons**: Subprocess overhead, limited validation, shell escaping issues
**Decision**: REJECTED - Poor Rust integration
### Alternative 5: Text-Based Config Files Only
**Pros**: Fully scriptable, no interactive complexity
**Cons**: Steep learning curve, no guidance for new users
**Decision**: REJECTED - Poor user onboarding experience
## Implementation Details
### Form Definition Pattern
```bash
use typdialog::Form;
pub fn workspace_initialization_form() -> Result<WorkspaceConfig> {
let form = Form::new("Workspace Initialization")
.add_text_input("name", "Workspace Name")
.required()
.validator(|s| validate_workspace_name(s))
.add_select("provider", "Cloud Provider")
.options(&["aws", "azure", "oci", "local"])
.required()
.add_text_input("region", "Region")
.default("us-west-2")
.validator(|s| validate_region(s))
.add_password("admin_password", "Admin Password")
.required()
.min_length(12)
.add_confirm("enable_monitoring", "Enable Monitoring?")
.default(true);
let responses = form.run()?;
// Convert to strongly-typed config
let config = WorkspaceConfig {
name: responses.get_string("name")?,
provider: responses.get_string("provider")?.parse()?,
region: responses.get_string("region")?,
admin_password: responses.get_password("admin_password")?,
enable_monitoring: responses.get_bool("enable_monitoring")?,
};
Ok(config)
}
```
### Integration with Nickel
```nickel
// 1. Get validated input from TUI dialog
let config = workspace_initialization_form()?;
// 2. Serialize to TOML/JSON
let config_toml = toml::to_string(&config)?;
// 3. Write to workspace config
fs::write("workspace/config.toml", config_toml)?;
// 4. Nickel merges with defaults
// nickel export workspace/main.ncl --format json
// (uses workspace/config.toml as input)
```
### CLI Command Structure
```bash
// provisioning/core/cli/src/commands/workspace.rs
#[derive(Parser)]
pub enum WorkspaceCommand {
Init {
#[arg(long)]
interactive: bool,
#[arg(long)]
config: Option<PathBuf>,
},
}
pub fn handle_workspace_init(args: InitArgs) -> Result<()> {
if args.interactive || terminal::is_interactive() {
// Show TUI dialog
let config = workspace_initialization_form()?;
config.save("workspace/config.toml")?;
} else if let Some(config_path) = args.config {
// Use provided config
let config = WorkspaceConfig::load(config_path)?;
config.save("workspace/config.toml")?;
} else {
bail!("Either --interactive or --config required");
}
// Continue with workspace setup
Ok(())
}
```
### Validation Rules
```rust
pub fn validate_workspace_name(name: &str) -> Result<(), String> {
// Alphanumeric, hyphens, 3-32 chars
let re = Regex::new(r"^[a-z0-9-]{3,32}$").unwrap();
if !re.is_match(name) {
return Err("Name must be 3-32 lowercase alphanumeric chars with hyphens".into());
}
Ok(())
}
pub fn validate_region(region: &str) -> Result<(), String> {
const VALID_REGIONS: &[&str] = &["us-west-1", "us-west-2", "us-east-1", "eu-west-1"];
if !VALID_REGIONS.contains(&region) {
return Err(format!("Invalid region. Must be one of: {}", VALID_REGIONS.join(", ")));
}
Ok(())
}
```
### Security: Password Handling
```bash
use zeroize::Zeroizing;
pub fn get_secure_password() -> Result<Zeroizing<String>> {
let form = Form::new("Secure Input")
.add_password("password", "Password")
.required()
.min_length(12)
.validator(password_strength_check);
let responses = form.run()?;
// Password automatically zeroized when dropped
let password = Zeroizing::new(responses.get_password("password")?);
Ok(password)
}
```
## Testing Strategy
**Unit Tests**:
```bash
#[test]
fn test_workspace_name_validation() {
assert!(validate_workspace_name("my-workspace").is_ok());
assert!(validate_workspace_name("UPPERCASE").is_err());
assert!(validate_workspace_name("ab").is_err()); // Too short
}
```
**Integration Tests**:
```bash
// Use non-interactive mode with config files
#[test]
fn test_workspace_init_non_interactive() {
let config = WorkspaceConfig {
name: "test-workspace".into(),
provider: Provider::Local,
region: "us-west-2".into(),
admin_password: "secure-password-123".into(),
enable_monitoring: true,
};
config.save("/tmp/test-config.toml").unwrap();
let result = handle_workspace_init(InitArgs {
interactive: false,
config: Some("/tmp/test-config.toml".into()),
});
assert!(result.is_ok());
}
```
**Manual Testing**:
```bash
# Test interactive flow
cargo build --release
./target/release/provisioning workspace init --interactive
# Test validation errors
# - Try invalid workspace name
# - Try weak password
# - Try invalid region
```
## Configuration Integration
**CLI Flag**:
```toml
# provisioning/config/config.defaults.toml
[ui]
interactive_mode = "auto" # "auto" | "always" | "never"
dialog_theme = "default" # "default" | "minimal" | "colorful"
```
**Environment Override**:
```bash
# Force non-interactive mode (for CI/CD)
export PROVISIONING_INTERACTIVE=false
# Force interactive mode
export PROVISIONING_INTERACTIVE=true
```
## Documentation Requirements
**User Guides**:
- `docs/user/interactive-configuration.md` - How to use TUI dialogs
- `docs/guides/workspace-setup.md` - Workspace initialization with screenshots
**Developer Documentation**:
- `docs/development/tui-forms.md` - Creating new TUI forms
- Form definition best practices
- Validation rule patterns
**Configuration Schema**:
```toml
# provisioning/schemas/workspace.ncl
{
WorkspaceConfig = {
name
| doc "Workspace identifier (3-32 alphanumeric chars with hyphens)"
| String,
provider
| doc "Cloud provider"
| [| 'aws, 'azure, 'oci, 'local |],
region
| doc "Deployment region"
| String,
admin_password
| doc "Admin password (min 12 characters)"
| String,
enable_monitoring
| doc "Enable monitoring services"
| Bool,
}
}
```
## Migration Path
**Phase 1: Add Library**
- Add typdialog dependency to `provisioning/core/cli/Cargo.toml`
- Create TUI dialog wrapper module
- Implement basic text/select widgets
**Phase 2: Implement Forms**
- Workspace initialization form
- Credential setup form
- Configuration wizard forms
**Phase 3: CLI Integration**
- Update CLI commands to use TUI dialogs
- Add `--interactive` / `--config` flags
- Implement non-interactive fallback
**Phase 4: Documentation**
- User guides with screenshots
- Developer documentation for form creation
- Example configs for non-interactive use
**Phase 5: Testing**
- Unit tests for validation logic
- Integration tests with config files
- Manual testing on all platforms
## References
- [typdialog Crate](https://crates.io/crates/typdialog) (or similar: dialoguer, inquire)
- [crossterm](https://crates.io/crates/crossterm) - Terminal manipulation
- [zeroize](https://crates.io/crates/zeroize) - Secure memory zeroization
- ADR-004: Hybrid Architecture (Rust/Nushell integration)
- ADR-011: Nickel Migration (declarative config language)
- ADR-012: Nushell Plugins (CLI wrapper patterns)
- Nushell `input` command limitations: [Nushell Book - Input](https://www.nushell.sh/commands/docs/input.html)
---
**Status**: Accepted
**Last Updated**: 2025-01-08
**Implementation**: Planned
**Priority**: High (User onboarding and security)
**Estimated Complexity**: Moderate

659
docs/src/architecture/adr/adr-014-secretumvault-integration.md
View File

@ -1,659 +0,0 @@
# ADR-014: SecretumVault Integration for Secrets Management
## Status
**Accepted** - 2025-01-08
## Context
The provisioning system manages sensitive data across multiple infrastructure layers: cloud provider credentials, database passwords, API keys, SSH
keys, encryption keys, and service tokens. The current security architecture (ADR-009) includes SOPS for encrypted config files and Age for key
management, but lacks a centralized secrets management solution with dynamic secrets, access control, and audit logging.
### Current Secrets Management Challenges
**Existing Approach**:
1. **SOPS + Age**: Static secrets encrypted in config files
- Good: Version-controlled, gitops-friendly
- Limited: Static rotation, no audit trail, manual key distribution
2. **Nickel Configuration**: Declarative secrets references
- Good: Type-safe configuration
- Limited: Cannot generate dynamic secrets, no lifecycle management
3. **Manual Secret Injection**: Environment variables, CLI flags
- Good: Simple for development
- Limited: No security guarantees, prone to leakage
### Problems Without Centralized Secrets Management
**Security Issues**:
- ❌ No centralized audit trail (who accessed which secret when)
- ❌ No automatic secret rotation policies
- ❌ No fine-grained access control (Cedar policies not enforced on secrets)
- ❌ Secrets scattered across: SOPS files, env vars, config files, K8s secrets
- ❌ No detection of secret sprawl or leaked credentials
**Operational Issues**:
- ❌ Manual secret rotation (error-prone, often neglected)
- ❌ No secret versioning (cannot rollback to previous credentials)
- ❌ Difficult onboarding (manual key distribution)
- ❌ No dynamic secrets (credentials exist indefinitely)
**Compliance Issues**:
- ❌ Cannot prove compliance with secret access policies
- ❌ No audit logs for regulatory requirements
- ❌ Cannot enforce secret expiration policies
- ❌ Difficult to demonstrate least-privilege access
### Use Cases Requiring Centralized Secrets Management
1. **Dynamic Database Credentials**:
- Generate short-lived DB credentials for applications
- Automatic rotation based on policies
- Revocation on application termination
2. **Cloud Provider API Keys**:
- Centralized storage with access control
- Audit trail of credential usage
- Automatic rotation schedules
3. **Service-to-Service Authentication**:
- Dynamic tokens for microservices
- Short-lived certificates for mTLS
- Automatic renewal before expiration
4. **SSH Key Management**:
- Temporal SSH keys (ADR-009 SSH integration)
- Centralized certificate authority
- Audit trail of SSH access
5. **Encryption Key Management**:
- Master encryption keys for data at rest
- Key rotation and versioning
- Integration with KMS systems
### Requirements for Secrets Management System
- ✅ **Dynamic Secrets**: Generate credentials on-demand with TTL
- ✅ **Access Control**: Integration with Cedar authorization policies
- ✅ **Audit Logging**: Complete trail of secret access and modifications
- ✅ **Secret Rotation**: Automatic and manual rotation policies
- ✅ **Versioning**: Track secret versions, enable rollback
- ✅ **High Availability**: Distributed, fault-tolerant architecture
- ✅ **Encryption at Rest**: AES-256-GCM for stored secrets
- ✅ **API-First**: RESTful API for integration
- ✅ **Plugin Ecosystem**: Extensible backends (AWS, Azure, databases)
- ✅ **Open Source**: Self-hosted, no vendor lock-in
## Decision
Integrate **SecretumVault** as the centralized secrets management system for the provisioning platform.
### Architecture Diagram
```bash
┌─────────────────────────────────────────────────────────────┐
│ Provisioning CLI / Orchestrator / Services │
│ │
│ - Workspace initialization (credentials) │
│ - Infrastructure deployment (cloud API keys) │
│ - Service configuration (database passwords) │
│ - SSH temporal keys (certificate generation) │
└────────────┬────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ SecretumVault Client Library (Rust) │
│ (provisioning/core/libs/secretum-client/) │
│ │
│ - Authentication (token, mTLS) │
│ - Secret CRUD operations │
│ - Dynamic secret generation │
│ - Lease renewal and revocation │
│ - Policy enforcement │
└────────────┬────────────────────────────────────────────────┘
│ HTTPS + mTLS
┌─────────────────────────────────────────────────────────────┐
│ SecretumVault Server │
│ (Rust-based Vault implementation) │
│ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ API Layer (REST + gRPC) │ │
│ ├───────────────────────────────────────────────────┤ │
│ │ Authentication & Authorization │ │
│ │ - Token auth, mTLS, OIDC integration │ │
│ │ - Cedar policy enforcement │ │
│ ├───────────────────────────────────────────────────┤ │
│ │ Secret Engines │ │
│ │ - KV (key-value v2 with versioning) │ │
│ │ - Database (dynamic credentials) │ │
│ │ - SSH (certificate authority) │ │
│ │ - PKI (X.509 certificates) │ │
│ │ - Cloud Providers (AWS/Azure/OCI) │ │
│ ├───────────────────────────────────────────────────┤ │
│ │ Storage Backend │ │
│ │ - Encrypted storage (AES-256-GCM) │ │
│ │ - PostgreSQL / Raft cluster │ │
│ ├───────────────────────────────────────────────────┤ │
│ │ Audit Backend │ │
│ │ - Structured logging (JSON) │ │
│ │ - Syslog, file, database sinks │ │
│ └───────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Backends (Dynamic Secret Generation) │
│ │
│ - PostgreSQL/MySQL (database credentials) │
│ - AWS IAM (temporary access keys) │
│ - Azure AD (service principals) │
│ - SSH CA (signed certificates) │
│ - PKI (X.509 certificates) │
└─────────────────────────────────────────────────────────────┘
```
### Implementation Characteristics
**SecretumVault Provides**:
- ✅ Dynamic secret generation with configurable TTL
- ✅ Secret versioning and rollback capabilities
- ✅ Fine-grained access control (Cedar policies)
- ✅ Complete audit trail (all operations logged)
- ✅ Automatic secret rotation policies
- ✅ High availability (Raft consensus)
- ✅ Encryption at rest (AES-256-GCM)
- ✅ Plugin architecture for secret backends
- ✅ RESTful and gRPC APIs
- ✅ Rust implementation (performance, safety)
**Integration with Provisioning System**:
- ✅ Rust client library (native integration)
- ✅ Nushell commands via CLI wrapper
- ✅ Nickel configuration references secrets
- ✅ Cedar policies control secret access
- ✅ Orchestrator manages secret lifecycle
- ✅ SSH integration for temporal keys
- ✅ KMS integration for encryption keys
## Rationale
### Why SecretumVault Is Required
| Aspect | SOPS + Age (current) | HashiCorp Vault | SecretumVault (chosen) |
| -------- | ---------------------- | ----------------- | ------------------------ |
| **Dynamic Secrets** | ❌ Static only | ✅ Full support | ✅ Full support |
| **Rust Native** | ⚠️ External CLI | ❌ Go binary | ✅ Pure Rust |
| **Cedar Integration** | ❌ None | ❌ Custom policies | ✅ Native Cedar |
| **Audit Trail** | ❌ Git only | ✅ Comprehensive | ✅ Comprehensive |
| **Secret Rotation** | ❌ Manual | ✅ Automatic | ✅ Automatic |
| **Open Source** | ✅ Yes | ⚠️ MPL 2.0 (BSL now) | ✅ Yes |
| **Self-Hosted** | ✅ Yes | ✅ Yes | ✅ Yes |
| **License** | ✅ Permissive | ⚠️ BSL (proprietary) | ✅ Permissive |
| **Versioning** | ⚠️ Git commits | ✅ Built-in | ✅ Built-in |
| **High Availability** | ❌ Single file | ✅ Raft cluster | ✅ Raft cluster |
| **Performance** | ✅ Fast (local) | ⚠️ Network latency | ✅ Rust performance |
### Why Not Continue with SOPS Alone
SOPS is excellent for **static secrets in git**, but inadequate for:
1. **Dynamic Credentials**: Cannot generate temporary DB passwords
2. **Audit Trail**: Git commits are insufficient for compliance
3. **Rotation Policies**: Manual rotation is error-prone
4. **Access Control**: No runtime policy enforcement
5. **Secret Lifecycle**: Cannot track usage or revoke access
6. **Multi-System Integration**: Limited to files, not API-accessible
**Complementary Approach**:
- SOPS: Configuration files with long-lived secrets (gitops workflow)
- SecretumVault: Runtime dynamic secrets, short-lived credentials, audit trail
### Why SecretumVault Over HashiCorp Vault
**HashiCorp Vault Limitations**:
1. **License Change**: BSL (Business Source License) - proprietary for production
2. **Not Rust Native**: Go binary, subprocess overhead
3. **Custom Policy Language**: HCL policies, not Cedar (provisioning standard)
4. **Complex Deployment**: Heavy operational burden
5. **Vendor Lock-In**: HashiCorp ecosystem dependency
**SecretumVault Advantages**:
1. **Rust Native**: Zero-cost integration, no subprocess spawning
2. **Cedar Policies**: Consistent with ADR-008 authorization model
3. **Lightweight**: Smaller binary, lower resource usage
4. **Open Source**: Permissive license, community-driven
5. **Provisioning-First**: Designed for IaC workflows
### Integration with Existing Security Architecture
**ADR-009 (Security System)**:
- SOPS: Static config encryption (unchanged)
- Age: Key management for SOPS (unchanged)
- SecretumVault: Dynamic secrets, runtime access control (new)
**ADR-008 (Cedar Authorization)**:
- Cedar policies control SecretumVault secret access
- Fine-grained permissions: `read:secret:database/prod/password`
- Audit trail records Cedar policy decisions
**SSH Temporal Keys**:
- SecretumVault SSH CA signs user certificates
- Short-lived certificates (1-24 hours)
- Audit trail of SSH access
## Consequences
### Positive
- **Security Posture**: Centralized secrets with audit trail and rotation
- **Compliance**: Complete audit logs for regulatory requirements
- **Operational Excellence**: Automatic rotation, dynamic credentials
- **Developer Experience**: Simple API for secret access
- **Performance**: Rust implementation, zero-cost abstractions
- **Consistency**: Cedar policies across entire system (auth + secrets)
- **Observability**: Metrics, logs, traces for secret access
- **Disaster Recovery**: Secret versioning enables rollback
### Negative
- **Infrastructure Complexity**: Additional service to deploy and operate
- **High Availability Requirements**: Raft cluster needs 3+ nodes
- **Migration Effort**: Existing SOPS secrets need migration path
- **Learning Curve**: Operators must learn vault concepts
- **Dependency Risk**: Critical path service (secrets unavailable = system down)
### Mitigation Strategies
**High Availability**:
```bash
# Deploy SecretumVault cluster (3 nodes)
provisioning deploy secretum-vault --ha --replicas 3
# Automatic leader election via Raft
# Clients auto-reconnect to leader
```
**Migration from SOPS**:
```bash
# Phase 1: Import existing SOPS secrets into SecretumVault
provisioning secrets migrate --from-sops config/secrets.yaml
# Phase 2: Update Nickel configs to reference vault paths
# Phase 3: Deprecate SOPS for runtime secrets (keep for config files)
```
**Fallback Strategy**:
```bash
// Graceful degradation if vault unavailable
let secret = match vault_client.get_secret("database/password").await {
Ok(s) => s,
Err(VaultError::Unavailable) => {
// Fallback to SOPS for read-only operations
warn!("Vault unavailable, using SOPS fallback");
sops_decrypt("config/secrets.yaml", "database.password")?
},
Err(e) => return Err(e),
};
```
**Operational Monitoring**:
```bash
# prometheus metrics
secretum_vault_request_duration_seconds
secretum_vault_secret_lease_expiry
secretum_vault_auth_failures_total
secretum_vault_raft_leader_changes
# Alerts: Vault unavailable, high auth failure rate, lease expiry
```
## Alternatives Considered
### Alternative 1: Continue with SOPS Only
**Pros**: No new infrastructure, simple
**Cons**: No dynamic secrets, no audit trail, manual rotation
**Decision**: REJECTED - Insufficient for production security
### Alternative 2: HashiCorp Vault
**Pros**: Mature, feature-rich, widely adopted
**Cons**: BSL license, Go binary, HCL policies (not Cedar), complex deployment
**Decision**: REJECTED - License and integration concerns
### Alternative 3: Cloud Provider Native (AWS Secrets Manager, Azure Key Vault)
**Pros**: Fully managed, high availability
**Cons**: Vendor lock-in, multi-cloud complexity, cost at scale
**Decision**: REJECTED - Against open-source and multi-cloud principles
### Alternative 4: CyberArk, 1Password, and Others
**Pros**: Enterprise features
**Cons**: Proprietary, expensive, poor API integration
**Decision**: REJECTED - Not suitable for IaC automation
### Alternative 5: Build Custom Secrets Manager
**Pros**: Full control, tailored to needs
**Cons**: High maintenance burden, security risk, reinventing wheel
**Decision**: REJECTED - SecretumVault provides this already
## Implementation Details
### SecretumVault Deployment
```bash
# Deploy via provisioning system
provisioning deploy secretum-vault
--ha
--replicas 3
--storage postgres
--tls-cert /path/to/cert.pem
--tls-key /path/to/key.pem
# Initialize and unseal
provisioning vault init
provisioning vault unseal --key-shares 5 --key-threshold 3
```
### Rust Client Library
```rust
// provisioning/core/libs/secretum-client/src/lib.rs
use secretum_vault::{Client, SecretEngine, Auth};
pub struct VaultClient {
client: Client,
}
impl VaultClient {
pub async fn new(addr: &str, token: &str) -> Result<Self> {
let client = Client::new(addr)
.auth(Auth::Token(token))
.tls_config(TlsConfig::from_files("ca.pem", "cert.pem", "key.pem"))?
.build()?;
Ok(Self { client })
}
pub async fn get_secret(&self, path: &str) -> Result<Secret> {
self.client.kv2().get(path).await
}
pub async fn create_dynamic_db_credentials(&self, role: &str) -> Result<DbCredentials> {
self.client.database().generate_credentials(role).await
}
pub async fn sign_ssh_key(&self, public_key: &str, ttl: Duration) -> Result<Certificate> {
self.client.ssh().sign_key(public_key, ttl).await
}
}
```
### Nushell Integration
```nushell
# Nushell commands via Rust CLI wrapper
provisioning secrets get database/prod/password
provisioning secrets set api/keys/stripe --value "sk_live_xyz"
provisioning secrets rotate database/prod/password
provisioning secrets lease renew lease_id_12345
provisioning secrets list database/
```
### Nickel Configuration Integration
```nickel
# provisioning/schemas/database.ncl
{
database = {
host = "postgres.example.com",
port = 5432,
username = secrets.get "database/prod/username",
password = secrets.get "database/prod/password",
}
}
# Nickel function: secrets.get resolves to SecretumVault API call
```
### Cedar Policy for Secret Access
```bash
// policy: developers can read dev secrets, not prod
permit(
principal in Group::"developers",
action == Action::"read",
resource in Secret::"database/dev"
);
forbid(
principal in Group::"developers",
action == Action::"read",
resource in Secret::"database/prod"
);
// policy: CI/CD can generate dynamic DB credentials
permit(
principal == Service::"github-actions",
action == Action::"generate",
resource in Secret::"database/dynamic"
) when {
context.ttl <= duration("1h")
};
```
### Dynamic Database Credentials
```bash
// Application requests temporary DB credentials
let creds = vault_client
.database()
.generate_credentials("postgres-readonly")
.await?;
println!("Username: {}", creds.username); // v-app-abcd1234
println!("Password: {}", creds.password); // random-secure-password
println!("TTL: {}", creds.lease_duration); // 1h
// Credentials automatically revoked after TTL
// No manual cleanup needed
```
### Secret Rotation Automation
```bash
# secretum-vault config
[[rotation_policies]]
path = "database/prod/password"
schedule = "0 0 * * 0" # Weekly on Sunday midnight
max_age = "30d"
[[rotation_policies]]
path = "api/keys/stripe"
schedule = "0 0 1 * *" # Monthly on 1st
max_age = "90d"
```
### Audit Log Format
```json
{
"timestamp": "2025-01-08T12:34:56Z",
"type": "request",
"auth": {
"client_token": "sha256:abc123...",
"accessor": "hmac:def456...",
"display_name": "service-orchestrator",
"policies": ["default", "service-policy"]
},
"request": {
"operation": "read",
"path": "secret/data/database/prod/password",
"remote_address": "10.0.1.5"
},
"response": {
"status": 200
},
"cedar_policy": {
"decision": "permit",
"policy_id": "allow-orchestrator-read-secrets"
}
}
```
## Testing Strategy
**Unit Tests**:
```bash
#[tokio::test]
async fn test_get_secret() {
let vault = mock_vault_client();
let secret = vault.get_secret("test/secret").await.unwrap();
assert_eq!(secret.value, "expected-value");
}
#[tokio::test]
async fn test_dynamic_credentials_generation() {
let vault = mock_vault_client();
let creds = vault.create_dynamic_db_credentials("postgres-readonly").await.unwrap();
assert!(creds.username.starts_with("v-"));
assert_eq!(creds.lease_duration, Duration::from_secs(3600));
}
```
**Integration Tests**:
```bash
# Test vault deployment
provisioning deploy secretum-vault --test-mode
provisioning vault init
provisioning vault unseal
# Test secret operations
provisioning secrets set test/secret --value "test-value"
provisioning secrets get test/secret | assert "test-value"
# Test dynamic credentials
provisioning secrets db-creds postgres-readonly | jq '.username' | assert-contains "v-"
# Test rotation
provisioning secrets rotate test/secret
```
**Security Tests**:
```bash
#[tokio::test]
async fn test_unauthorized_access_denied() {
let vault = vault_client_with_limited_token();
let result = vault.get_secret("database/prod/password").await;
assert!(matches!(result, Err(VaultError::PermissionDenied)));
}
```
## Configuration Integration
**Provisioning Config**:
```toml
# provisioning/config/config.defaults.toml
[secrets]
provider = "secretum-vault" # "secretum-vault" | "sops" | "env"
vault_addr = "https://vault.example.com:8200"
vault_namespace = "provisioning"
vault_mount = "secret"
[secrets.tls]
ca_cert = "/etc/provisioning/vault-ca.pem"
client_cert = "/etc/provisioning/vault-client.pem"
client_key = "/etc/provisioning/vault-client-key.pem"
[secrets.cache]
enabled = true
ttl = "5m"
max_size = "100MB"
```
**Environment Variables**:
```javascript
export VAULT_ADDR="https://vault.example.com:8200"
export VAULT_TOKEN="s.abc123def456..."
export VAULT_NAMESPACE="provisioning"
export VAULT_CACERT="/etc/provisioning/vault-ca.pem"
```
## Migration Path
**Phase 1: Deploy SecretumVault**
- Deploy vault cluster in HA mode
- Initialize and configure backends
- Set up Cedar policies
**Phase 2: Migrate Static Secrets**
- Import SOPS secrets into vault KV store
- Update Nickel configs to reference vault paths
- Verify secret access via new API
**Phase 3: Enable Dynamic Secrets**
- Configure database secret engine
- Configure SSH CA secret engine
- Update applications to use dynamic credentials
**Phase 4: Deprecate SOPS for Runtime**
- SOPS remains for gitops config files
- Runtime secrets exclusively from vault
- Audit trail enforcement
**Phase 5: Automation**
- Automatic rotation policies
- Lease renewal automation
- Monitoring and alerting
## Documentation Requirements
**User Guides**:
- `docs/user/secrets-management.md` - Using SecretumVault
- `docs/user/dynamic-credentials.md` - Dynamic secret workflows
- `docs/user/secret-rotation.md` - Rotation policies and procedures
**Operations Documentation**:
- `docs/operations/vault-deployment.md` - Deploying and configuring vault
- `docs/operations/vault-backup-restore.md` - Backup and disaster recovery
- `docs/operations/vault-monitoring.md` - Metrics, logs, alerts
**Developer Documentation**:
- `docs/development/secrets-api.md` - Rust client library usage
- `docs/development/cedar-secret-policies.md` - Writing Cedar policies for secrets
- Secret engine development guide
**Security Documentation**:
- `docs/security/secrets-architecture.md` - Security architecture overview
- `docs/security/audit-logging.md` - Audit trail and compliance
- Threat model and risk assessment
## References
- [SecretumVault GitHub](https://github.com/secretum-vault/secretum) (hypothetical, replace with actual)
- [HashiCorp Vault Documentation](https://www.vaultproject.io/docs) (for comparison)
- ADR-008: Cedar Authorization (policy integration)
- ADR-009: Security System Complete (current security architecture)
- [Raft Consensus Algorithm](https://raft.github.io/)
- [Cedar Policy Language](https://www.cedarpolicy.com/)
- SOPS: [https://github.com/getsops/sops](https://github.com/getsops/sops)
- Age Encryption: [https://age-encryption.org/](https://age-encryption.org/)
---
**Status**: Accepted
**Last Updated**: 2025-01-08
**Implementation**: Planned
**Priority**: High (Security and compliance)
**Estimated Complexity**: Complex

1123
docs/src/architecture/adr/adr-015-ai-integration-architecture.md
View File

File diff suppressed because it is too large Load Diff

159
docs/src/architecture/adr/adr-016-schema-driven-accessor-generation.md
View File

@ -1,159 +0,0 @@
# ADR-016: Schema-Driven Accessor Generation Pattern
**Status**: Proposed
**Date**: 2026-01-13
**Author**: Architecture Team
**Supersedes**: Manual accessor maintenance in `lib_provisioning/config/accessor.nu`
## Context
The `lib_provisioning/config/accessor.nu` file contains 1567 lines across 187 accessor functions. Analysis reveals that 95% of these functions follow
an identical mechanical pattern:
```javascript
export def get-{field-name} [--config: record] {
config-get "{path.to.field}" {default_value} --config $config
}
```
This represents significant technical debt:
1. **Manual Maintenance Burden**: Adding a new config field requires manually writing a new accessor function
2. **Schema Drift Risk**: No automated validation that accessor matches the actual Nickel schema
3. **Code Duplication**: Nearly identical functions across 187 definitions
4. **Testing Complexity**: Each accessor requires manual testing
## Problem Statement
**Current Architecture**:
- Nickel schemas define configuration structure (source of truth)
- Accessor functions manually mirror the schema structure
- No automated synchronization between schema and accessors
- High risk of accessor-schema mismatch
**Key Metrics**:
- 1567 lines of accessor code
- 187 repetitive functions
- ~95% code similarity
## Decision
Implement **Schema-Driven Accessor Generation**: automatically generate accessor functions from Nickel schema definitions.
### Architecture
```bash
Nickel Schema (contracts.ncl)
[Parse & Extract Schema Structure]
[Generate Nushell Functions]
accessor_generated.nu (800 lines)
[Validation & Integration]
CI/CD enforces: schema hash == generated code
```
### Generation Process
1. **Schema Parsing**: Extract field paths, types, and defaults from Nickel contracts
2. **Code Generation**: Create accessor functions with Nushell 0.109 compliance
3. **Validation**: Verify generated code against schema
4. **CI Integration**: Detect schema changes, validate generated code matches
### Compliance Requirements
**Nushell 0.109 Guidelines**:
- No `try-catch` blocks (use `do-complete` pattern)
- No `reduce --init` (use `reduce --fold`)
- No mutable variables (use immutable bindings)
- No type annotations on boolean flags
- Use `each` not `map`, `is-not-empty` not `length`
**Nickel Compliance**:
- Schema-first design (schema is source of truth)
- Type contracts enforce structure
- `| doc` before `| default` ordering
## Consequences
### Positive
- **Elimination of Manual Maintenance**: New config fields automatically get accessors
- **Zero Schema Drift**: Automatic validation ensures accessors match schema
- **Reduced Code Size**: 1567 lines → ~400 lines (manual core) + ~800 lines (generated)
- **Type Safety**: Generated code guarantees type correctness
- **Consistency**: All 187 functions use identical pattern
### Negative
- **Tool Complexity**: Generator must parse Nickel and emit valid Nushell
- **CI/CD Changes**: Build must validate schema hash
- **Initial Migration**: One-time effort to verify generated code matches manual versions
## Implementation Strategy
1. **Create Generator** (`tools/codegen/accessor_generator.nu`)
- Parse Nickel schema files
- Extract paths, types, defaults
- Generate valid Nushell code
- Emit with proper formatting
2. **Generate Accessors** (`lib_provisioning/config/accessor_generated.nu`)
- Run generator on `provisioning/schemas/config/settings/contracts.ncl`
- Output 187 accessor functions
- Verify compatibility with existing code
3. **Validation**
- Integration tests comparing manual vs generated output
- Signature validator ensuring generated functions match patterns
- CI check for schema hash validity
4. **Gradual Adoption**
- Keep manual accessors temporarily
- Feature flag to switch between manual and generated
- Gradual migration of dependent code
## Testing Strategy
1. **Unit Tests**
- Each generated accessor returns correct type
- Default values applied correctly
- Path resolution handles nested fields
2. **Integration Tests**
- Generated accessors produce identical output to manual versions
- Config loading pipeline works with generated accessors
- Fallback behavior preserved
3. **Regression Tests**
- All existing config access patterns work
- Performance within 5% of manual version
- No breaking changes to public API
## Related ADRs
- **ADR-010**: Configuration Format Strategy (TOML/YAML/Nickel)
- **ADR-011**: Nickel Migration (schema-first architecture)
## Open Questions
1. Should accessors be regenerated on every build or only on schema changes?
2. How do we handle conditional fields (if X then Y)?
3. What's the fallback strategy if generator fails?
## Timeline
- **Phase 1**: Generator implementation (foundation)
- **Phase 2**: Generate and validate accessor functions
- **Phase 3**: Integration tests and feature flags
- **Phase 4**: Full migration and manual code removal
## References
- Nickel Language: [https://nickel-lang.org/](https://nickel-lang.org/)
- Nushell 0.109 Guidelines: `.claude/guidelines/nushell.md`
- Current Accessor Implementation: `provisioning/core/nulib/lib_provisioning/config/accessor.nu`
- Schema Source: `provisioning/schemas/config/settings/contracts.ncl`

Some files were not shown because too many files have changed in this diff Show More