chore: fix remaining file endings and formatting

.typedialog/platform/forms/fragments/provisioning/.typedialog/provisioning/platform/scripts/README.md

@@ -1 +1,98 @@
-# TypeDialog + Nickel Configuration Scripts\n\nPhase 8 Nushell automation scripts for interactive configuration workflow, config generation, validation, and deployment.\n\n## Quick Start\n\n```\n# 1. Interactive Configuration (TypeDialog)\nnu scripts/configure.nu orchestrator solo\n\n# 2. Generate TOML configs\nnu scripts/generate-configs.nu orchestrator solo\n\n# 3. Validate configuration\nnu scripts/validate-config.nu provisioning/.typedialog/provisioning/platform/values/orchestrator.solo.ncl\n\n# 4. Render Docker Compose\nnu scripts/render-docker-compose.nu solo\n\n# 5. Full deployment workflow\nnu scripts/install-services.nu orchestrator solo --docker\n```\n\n## Scripts Overview\n\n### Shared Helpers\n- **ansi.nu** - ANSI color and emoji output formatting\n- **paths.nu** - Path validation and directory structure helpers  \n- **external.nu** - Safe external command execution with error handling\n\n### Core Configuration Scripts\n- **configure.nu** - Interactive TypeDialog configuration wizard\n- **generate-configs.nu** - Export Nickel configs to TOML\n- **validate-config.nu** - Validate Nickel configuration\n\n### Rendering Scripts\n- **render-docker-compose.nu** - Render Docker Compose from Nickel templates\n- **render-kubernetes.nu** - Render Kubernetes manifests from Nickel templates\n\n### Deployment & Monitoring Scripts\n- **install-services.nu** - Full deployment orchestration\n- **detect-services.nu** - Auto-detect running services\n\n## Supported Services\n- orchestrator (port 9090)\n- control-center (port 8080)\n- mcp-server (port 8888)\n- installer (port 8000)\n\n## Supported Deployment Modes\n- solo (2 CPU, 4GB RAM)\n- multiuser (4 CPU, 8GB RAM)\n- cicd (8 CPU, 16GB RAM)\n- enterprise (16+ CPU, 32+ GB RAM)\n\n## Nushell Compliance\nAll scripts follow Nushell 0.109.0+ guidelines with proper type signatures, error handling, and no try-catch blocks.\n\n## Examples\n\n### Single Service Configuration\n```\nnu scripts/configure.nu orchestrator solo --backend web\nnu scripts/validate-config.nu provisioning/.typedialog/provisioning/platform/values/orchestrator.solo.ncl\nnu scripts/generate-configs.nu orchestrator solo\ncargo run -p orchestrator -- --config provisioning/platform/config/orchestrator.solo.toml\n```\n\n### Docker Compose Deployment\n```\nnu scripts/generate-configs.nu orchestrator multiuser\nnu scripts/render-docker-compose.nu multiuser\ndocker-compose -f provisioning/platform/infrastructure/docker/docker-compose.multiuser.yml up -d\n```\n\n### Kubernetes Deployment\n```\nnu scripts/generate-configs.nu orchestrator enterprise\nnu scripts/render-kubernetes.nu enterprise --namespace production\nnu scripts/install-services.nu all enterprise --kubernetes --namespace production\n```\n\n## Phase 8 Status\n\n✅ Phase 8.A: Shared helper modules\n✅ Phase 8.B: Core configuration scripts  \n✅ Phase 8.C: Rendering scripts\n✅ Phase 8.D: Deployment orchestration\n✅ Phase 8.E: Testing and documentation\n\n## Requirements\n\n- Nushell 0.109.1+\n- Nickel 1.15.1+\n- TypeDialog CLI\n- yq v4.50.1+\n- Docker (optional)\n- kubectl (optional)
+# TypeDialog + Nickel Configuration Scripts
+
+Phase 8 Nushell automation scripts for interactive configuration workflow, config generation, validation, and deployment.
+
+## Quick Start
+
+```toml
+# 1. Interactive Configuration (TypeDialog)
+nu scripts/configure.nu orchestrator solo
+
+# 2. Generate TOML configs
+nu scripts/generate-configs.nu orchestrator solo
+
+# 3. Validate configuration
+nu scripts/validate-config.nu provisioning/.typedialog/provisioning/platform/values/orchestrator.solo.ncl
+
+# 4. Render Docker Compose
+nu scripts/render-docker-compose.nu solo
+
+# 5. Full deployment workflow
+nu scripts/install-services.nu orchestrator solo --docker
+```
+
+## Scripts Overview
+
+### Shared Helpers
+- **ansi.nu** - ANSI color and emoji output formatting
+- **paths.nu** - Path validation and directory structure helpers  
+- **external.nu** - Safe external command execution with error handling
+
+### Core Configuration Scripts
+- **configure.nu** - Interactive TypeDialog configuration wizard
+- **generate-configs.nu** - Export Nickel configs to TOML
+- **validate-config.nu** - Validate Nickel configuration
+
+### Rendering Scripts
+- **render-docker-compose.nu** - Render Docker Compose from Nickel templates
+- **render-kubernetes.nu** - Render Kubernetes manifests from Nickel templates
+
+### Deployment & Monitoring Scripts
+- **install-services.nu** - Full deployment orchestration
+- **detect-services.nu** - Auto-detect running services
+
+## Supported Services
+- orchestrator (port 9090)
+- control-center (port 8080)
+- mcp-server (port 8888)
+- installer (port 8000)
+
+## Supported Deployment Modes
+- solo (2 CPU, 4GB RAM)
+- multiuser (4 CPU, 8GB RAM)
+- cicd (8 CPU, 16GB RAM)
+- enterprise (16+ CPU, 32+ GB RAM)
+
+## Nushell Compliance
+All scripts follow Nushell 0.109.0+ guidelines with proper type signatures, error handling, and no try-catch blocks.
+
+## Examples
+
+### Single Service Configuration
+```toml
+nu scripts/configure.nu orchestrator solo --backend web
+nu scripts/validate-config.nu provisioning/.typedialog/provisioning/platform/values/orchestrator.solo.ncl
+nu scripts/generate-configs.nu orchestrator solo
+cargo run -p orchestrator -- --config provisioning/platform/config/orchestrator.solo.toml
+```
+
+### Docker Compose Deployment
+```toml
+nu scripts/generate-configs.nu orchestrator multiuser
+nu scripts/render-docker-compose.nu multiuser
+docker-compose -f provisioning/platform/infrastructure/docker/docker-compose.multiuser.yml up -d
+```
+
+### Kubernetes Deployment
+```yaml
+nu scripts/generate-configs.nu orchestrator enterprise
+nu scripts/render-kubernetes.nu enterprise --namespace production
+nu scripts/install-services.nu all enterprise --kubernetes --namespace production
+```
+
+## Phase 8 Status
+
+✅ Phase 8.A: Shared helper modules
+✅ Phase 8.B: Core configuration scripts  
+✅ Phase 8.C: Rendering scripts
+✅ Phase 8.D: Deployment orchestration
+✅ Phase 8.E: Testing and documentation
+
+## Requirements
+
+- Nushell 0.109.1+
+- Nickel 1.15.1+
+- TypeDialog CLI
+- yq v4.50.1+
+- Docker (optional)
+- kubectl (optional)

.woodpecker/README.md

@@ -1 +1,79 @@
-# Woodpecker CI Configuration\n\nPipelines for Gitea/Forgejo + Woodpecker CI.\n\n## Files\n\n- **`ci.yml`** - Main CI pipeline (push, pull requests)\n- **`Dockerfile`** - Custom CI image with pre-installed tools\n- **`Dockerfile.cross`** - Cross-compilation image for multi-platform builds\n\n## Setup\n\n### 1. Activate Woodpecker CI\n\nEnable Woodpecker CI in your Gitea/Forgejo repository settings.\n\n### 2. (Optional) Build Custom Image\n\nSpeeds up CI by pre-installing tools (~5 min faster per run).\n\n```\n# Build CI image\ndocker build -t your-registry/ci:latest -f .woodpecker/Dockerfile .\n\n# Push to your registry\ndocker push your-registry/ci:latest\n\n# Update .woodpecker/ci.yml\n# Change: image: rust:latest\n# To: image: your-registry/ci:latest\n```\n\n### 3. Cross-Compilation Setup\n\nFor multi-platform builds:\n\n```\n# Build cross-compilation image\ndocker build -t your-registry/ci-cross:latest -f .woodpecker/Dockerfile.cross .\n\n# Push to registry\ndocker push your-registry/ci-cross:latest\n```\n\n## CI Pipeline (`ci.yml`)\n\n**Triggers**: Push to `main`/`develop`, Pull Requests\n\n**Jobs**:\n\n1. Lint (Rust, Bash, Nickel, Nushell, Markdown) - Parallel\n2. Test (all features)\n3. Build (release)\n4. Security audit\n5. License compliance check\n\n**Duration**: ~15-20 minutes (without custom image), ~10-15 minutes (with custom image)\n\n## Triggering Pipelines\n\n```\n# CI pipeline (automatic on push/PR)\ngit push origin main\n```\n\n## Viewing Results\n\n- **Gitea/Forgejo**: Repository → Actions → Pipeline runs\n- **Woodpecker UI**: <https://your-woodpecker.instance/repos/{user}/{repo}>\n\n## Differences from GitHub Actions\n\n| Feature | GitHub Actions | Woodpecker CI |\n| --------- | --------------- | --------------- |\n| Matrix builds | ✅ 3 OS | ❌ Linux only* |\n| Caching | ✅ Built-in | ⚠️  Server-side** |\n\n\* Multi-OS builds require multiple Woodpecker agents\n\*\* Configure in Woodpecker server settings
+# Woodpecker CI Configuration
+
+Pipelines for Gitea/Forgejo + Woodpecker CI.
+
+## Files
+
+- **`ci.yml`** - Main CI pipeline (push, pull requests)
+- **`Dockerfile`** - Custom CI image with pre-installed tools
+- **`Dockerfile.cross`** - Cross-compilation image for multi-platform builds
+
+## Setup
+
+### 1. Activate Woodpecker CI
+
+Enable Woodpecker CI in your Gitea/Forgejo repository settings.
+
+### 2. (Optional) Build Custom Image
+
+Speeds up CI by pre-installing tools (~5 min faster per run).
+
+```bash
+# Build CI image
+docker build -t your-registry/ci:latest -f .woodpecker/Dockerfile .
+
+# Push to your registry
+docker push your-registry/ci:latest
+
+# Update .woodpecker/ci.yml
+# Change: image: rust:latest
+# To: image: your-registry/ci:latest
+```
+
+### 3. Cross-Compilation Setup
+
+For multi-platform builds:
+
+```bash
+# Build cross-compilation image
+docker build -t your-registry/ci-cross:latest -f .woodpecker/Dockerfile.cross .
+
+# Push to registry
+docker push your-registry/ci-cross:latest
+```
+
+## CI Pipeline (`ci.yml`)
+
+**Triggers**: Push to `main`/`develop`, Pull Requests
+
+**Jobs**:
+
+1. Lint (Rust, Bash, Nickel, Nushell, Markdown) - Parallel
+2. Test (all features)
+3. Build (release)
+4. Security audit
+5. License compliance check
+
+**Duration**: ~15-20 minutes (without custom image), ~10-15 minutes (with custom image)
+
+## Triggering Pipelines
+
+```bash
+# CI pipeline (automatic on push/PR)
+git push origin main
+```
+
+## Viewing Results
+
+- **Gitea/Forgejo**: Repository → Actions → Pipeline runs
+- **Woodpecker UI**: <https://your-woodpecker.instance/repos/{user}/{repo}>
+
+## Differences from GitHub Actions
+
+| Feature | GitHub Actions | Woodpecker CI |
+| --------- | --------------- | --------------- |
+| Matrix builds | ✅ 3 OS | ❌ Linux only* |
+| Caching | ✅ Built-in | ⚠️  Server-side** |
+
+\* Multi-OS builds require multiple Woodpecker agents
+\*\* Configure in Woodpecker server settings

CODE_OF_CONDUCT.md

@@ -1 +1,107 @@
-# Code of Conduct\n\n## Our Pledge\n\nWe, as members, contributors, and leaders, pledge to make participation in our project and community a harassment-free experience for everyone, regardless of:\n\n- Age\n- Body size\n- Visible or invisible disability\n- Ethnicity\n- Sex characteristics\n- Gender identity and expression\n- Level of experience\n- Education\n- Socioeconomic status\n- Nationality\n- Personal appearance\n- Race\n- Caste\n- Color\n- Religion\n- Sexual identity and orientation\n\nWe pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.\n\n## Our Standards\n\nExamples of behavior that contributes to a positive environment for our community include:\n\n- Demonstrating empathy and kindness toward other people\n- Being respectful of differing opinions, viewpoints, and experiences\n- Giving and gracefully accepting constructive feedback\n- Accepting responsibility and apologizing to those affected by mistakes\n- Focusing on what is best not just for us as individuals, but for the overall community\n\nExamples of unacceptable behavior include:\n\n- The use of sexualized language or imagery\n- Trolling, insulting, or derogatory comments\n- Personal or political attacks\n- Public or private harassment\n- Publishing others' private information (doxing)\n- Other conduct which could reasonably be considered inappropriate in a professional setting\n\n## Enforcement Responsibilities\n\nProject maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate corrective action in response to unacceptable behavior.\n\nMaintainers have the right and responsibility to:\n\n- Remove, edit, or reject comments, commits, code, and other contributions\n- Ban contributors for behavior they deem inappropriate, threatening, or harmful\n\n## Scope\n\nThis Code of Conduct applies to:\n\n- All community spaces (GitHub, forums, chat, events, etc.)\n- Official project channels and representations\n- Interactions between community members related to the project\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be reported to project maintainers:\n\n- Email: [project contact]\n- GitHub: Private security advisory\n- Issues: Report with `conduct` label (public discussions only)\n\nAll complaints will be reviewed and investigated promptly and fairly.\n\n### Enforcement Guidelines\n\n**1. Correction**\n\n- Community impact: Use of inappropriate language or unwelcoming behavior\n- Action: Private written warning with explanation and clarity on impact\n- Consequence: Warning and no further violations\n\n**2. Warning**\n\n- Community impact: Violation through single incident or series of actions\n- Action: Written warning with severity consequences for continued behavior\n- Consequence: Suspension from community interaction\n\n**3. Temporary Ban**\n\n- Community impact: Serious violation of standards\n- Action: Temporary ban from community interaction\n- Consequence: Revocation of ban after reflection period\n\n**4. Permanent Ban**\n\n- Community impact: Pattern of violating community standards\n- Action: Permanent ban from community interaction\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.\n\nFor answers to common questions about this code of conduct, see the FAQ at <https://www.contributor-covenant.org/faq>.\n\n---\n\n**Thank you for being part of our community!**\n\nWe believe in creating a welcoming and inclusive space where everyone can contribute their best work. Together, we make this project better.
+# Code of Conduct
+
+## Our Pledge
+
+We, as members, contributors, and leaders, pledge to make participation in our project and community a harassment-free experience for everyone, regardless of:
+
+- Age
+- Body size
+- Visible or invisible disability
+- Ethnicity
+- Sex characteristics
+- Gender identity and expression
+- Level of experience
+- Education
+- Socioeconomic status
+- Nationality
+- Personal appearance
+- Race
+- Caste
+- Color
+- Religion
+- Sexual identity and orientation
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by mistakes
+- Focusing on what is best not just for us as individuals, but for the overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery
+- Trolling, insulting, or derogatory comments
+- Personal or political attacks
+- Public or private harassment
+- Publishing others' private information (doxing)
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate corrective action in response to unacceptable behavior.
+
+Maintainers have the right and responsibility to:
+
+- Remove, edit, or reject comments, commits, code, and other contributions
+- Ban contributors for behavior they deem inappropriate, threatening, or harmful
+
+## Scope
+
+This Code of Conduct applies to:
+
+- All community spaces (GitHub, forums, chat, events, etc.)
+- Official project channels and representations
+- Interactions between community members related to the project
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to project maintainers:
+
+- Email: [project contact]
+- GitHub: Private security advisory
+- Issues: Report with `conduct` label (public discussions only)
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+### Enforcement Guidelines
+
+**1. Correction**
+
+- Community impact: Use of inappropriate language or unwelcoming behavior
+- Action: Private written warning with explanation and clarity on impact
+- Consequence: Warning and no further violations
+
+**2. Warning**
+
+- Community impact: Violation through single incident or series of actions
+- Action: Written warning with severity consequences for continued behavior
+- Consequence: Suspension from community interaction
+
+**3. Temporary Ban**
+
+- Community impact: Serious violation of standards
+- Action: Temporary ban from community interaction
+- Consequence: Revocation of ban after reflection period
+
+**4. Permanent Ban**
+
+- Community impact: Pattern of violating community standards
+- Action: Permanent ban from community interaction
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.
+
+For answers to common questions about this code of conduct, see the FAQ at <https://www.contributor-covenant.org/faq>.
+
+---
+
+**Thank you for being part of our community!**
+
+We believe in creating a welcoming and inclusive space where everyone can contribute their best work. Together, we make this project better.

CONTRIBUTING.md

@@ -1 +1,130 @@
-# Contributing to provisioning\n\nThank you for your interest in contributing! This document provides guidelines and instructions for contributing to this project.\n\n## Code of Conduct\n\nThis project adheres to a Code of Conduct. By participating, you are expected to uphold this code. Please see [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details.\n\n## Getting Started\n\n### Prerequisites\n\n- Rust 1.70+ (if project uses Rust)\n- NuShell (if project uses Nushell scripts)\n- Git\n\n### Development Setup\n\n1. Fork the repository\n2. Clone your fork: `git clone https://repo.jesusperez.pro/jesus/provisioning`\n3. Add upstream: `git remote add upstream https://repo.jesusperez.pro/jesus/provisioning`\n4. Create a branch: `git checkout -b feature/your-feature`\n\n## Development Workflow\n\n### Before You Code\n\n- Check existing issues and pull requests to avoid duplication\n- Create an issue to discuss major changes before implementing\n- Assign yourself to let others know you're working on it\n\n### Code Standards\n\n#### Rust\n\n- Run `cargo fmt --all` before committing\n- All code must pass `cargo clippy -- -D warnings`\n- Write tests for new functionality\n- Maintain 100% documentation coverage for public APIs\n\n#### Nushell\n\n- Validate scripts with `nu --ide-check 100 script.nu`\n- Follow consistent naming conventions\n- Use type hints where applicable\n\n#### Nickel\n\n- Type check schemas with `nickel typecheck`\n- Document schema fields with comments\n- Test schema validation\n\n### Commit Guidelines\n\n- Write clear, descriptive commit messages\n- Reference issues with `Fixes #123` or `Related to #123`\n- Keep commits focused on a single concern\n- Use imperative mood: "Add feature" not "Added feature"\n\n### Testing\n\nAll changes must include tests:\n\n```\n# Run all tests\ncargo test --workspace\n\n# Run with coverage\ncargo llvm-cov --all-features --lcov\n\n# Run locally before pushing\njust ci-full\n```\n\n### Pull Request Process\n\n1. Update documentation for any changed functionality\n2. Add tests for new code\n3. Ensure all CI checks pass\n4. Request review from maintainers\n5. Be responsive to feedback and iterate quickly\n\n## Review Process\n\n- Maintainers will review your PR within 3-5 business days\n- Feedback is constructive and meant to improve the code\n- All discussions should be respectful and professional\n- Once approved, maintainers will merge the PR\n\n## Reporting Bugs\n\nFound a bug? Please file an issue with:\n\n- **Title**: Clear, descriptive title\n- **Description**: What happened and what you expected\n- **Steps to reproduce**: Minimal reproducible example\n- **Environment**: OS, Rust version, etc.\n- **Screenshots**: If applicable\n\n## Suggesting Enhancements\n\nHave an idea? Please file an issue with:\n\n- **Title**: Clear feature title\n- **Description**: What, why, and how\n- **Use cases**: Real-world scenarios where this would help\n- **Alternative approaches**: If you've considered any\n\n## Documentation\n\n- Keep README.md up to date\n- Document public APIs with rustdoc comments\n- Add examples for non-obvious functionality\n- Update CHANGELOG.md with your changes\n\n## Release Process\n\nMaintainers handle releases following semantic versioning:\n\n- MAJOR: Breaking changes\n- MINOR: New features (backward compatible)\n- PATCH: Bug fixes\n\n## Questions?\n\n- Check existing documentation and issues\n- Ask in discussions or open an issue\n- Join our community channels\n\nThank you for contributing!
+# Contributing to provisioning
+
+Thank you for your interest in contributing! This document provides guidelines and instructions for contributing to this project.
+
+## Code of Conduct
+
+This project adheres to a Code of Conduct. By participating, you are expected to uphold this code. Please see [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details.
+
+## Getting Started
+
+### Prerequisites
+
+- Rust 1.70+ (if project uses Rust)
+- NuShell (if project uses Nushell scripts)
+- Git
+
+### Development Setup
+
+1. Fork the repository
+2. Clone your fork: `git clone https://repo.jesusperez.pro/jesus/provisioning`
+3. Add upstream: `git remote add upstream https://repo.jesusperez.pro/jesus/provisioning`
+4. Create a branch: `git checkout -b feature/your-feature`
+
+## Development Workflow
+
+### Before You Code
+
+- Check existing issues and pull requests to avoid duplication
+- Create an issue to discuss major changes before implementing
+- Assign yourself to let others know you're working on it
+
+### Code Standards
+
+#### Rust
+
+- Run `cargo fmt --all` before committing
+- All code must pass `cargo clippy -- -D warnings`
+- Write tests for new functionality
+- Maintain 100% documentation coverage for public APIs
+
+#### Nushell
+
+- Validate scripts with `nu --ide-check 100 script.nu`
+- Follow consistent naming conventions
+- Use type hints where applicable
+
+#### Nickel
+
+- Type check schemas with `nickel typecheck`
+- Document schema fields with comments
+- Test schema validation
+
+### Commit Guidelines
+
+- Write clear, descriptive commit messages
+- Reference issues with `Fixes #123` or `Related to #123`
+- Keep commits focused on a single concern
+- Use imperative mood: "Add feature" not "Added feature"
+
+### Testing
+
+All changes must include tests:
+
+```bash
+# Run all tests
+cargo test --workspace
+
+# Run with coverage
+cargo llvm-cov --all-features --lcov
+
+# Run locally before pushing
+just ci-full
+```
+
+### Pull Request Process
+
+1. Update documentation for any changed functionality
+2. Add tests for new code
+3. Ensure all CI checks pass
+4. Request review from maintainers
+5. Be responsive to feedback and iterate quickly
+
+## Review Process
+
+- Maintainers will review your PR within 3-5 business days
+- Feedback is constructive and meant to improve the code
+- All discussions should be respectful and professional
+- Once approved, maintainers will merge the PR
+
+## Reporting Bugs
+
+Found a bug? Please file an issue with:
+
+- **Title**: Clear, descriptive title
+- **Description**: What happened and what you expected
+- **Steps to reproduce**: Minimal reproducible example
+- **Environment**: OS, Rust version, etc.
+- **Screenshots**: If applicable
+
+## Suggesting Enhancements
+
+Have an idea? Please file an issue with:
+
+- **Title**: Clear feature title
+- **Description**: What, why, and how
+- **Use cases**: Real-world scenarios where this would help
+- **Alternative approaches**: If you've considered any
+
+## Documentation
+
+- Keep README.md up to date
+- Document public APIs with rustdoc comments
+- Add examples for non-obvious functionality
+- Update CHANGELOG.md with your changes
+
+## Release Process
+
+Maintainers handle releases following semantic versioning:
+
+- MAJOR: Breaking changes
+- MINOR: New features (backward compatible)
+- PATCH: Bug fixes
+
+## Questions?
+
+- Check existing documentation and issues
+- Ask in discussions or open an issue
+- Join our community channels
+
+Thank you for contributing!

SECURITY.md

@@ -1 +1,101 @@
-# Security Policy\n\n## Supported Versions\n\nThis project provides security updates for the following versions:\n\n| Version | Supported |\n|---------|-----------|\n| 1.x     | ✅ Yes    |\n| 0.x     | ❌ No     |\n\nOnly the latest major version receives security patches. Users are encouraged to upgrade to the latest version.\n\n## Reporting a Vulnerability\n\n**Do not open public GitHub issues for security vulnerabilities.**\n\nInstead, please report security issues to the maintainers privately:\n\n### Reporting Process\n\n1. Email security details to the maintainers (see project README for contact)\n2. Include:\n   - Description of the vulnerability\n   - Steps to reproduce (if possible)\n   - Potential impact\n   - Suggested fix (if you have one)\n\n3. Expect acknowledgment within 48 hours\n4. We will work on a fix and coordinate disclosure timing\n\n### Responsible Disclosure\n\n- Allow reasonable time for a fix before public disclosure\n- Work with us to understand and validate the issue\n- Maintain confidentiality until the fix is released\n\n## Security Best Practices\n\n### For Users\n\n- Keep dependencies up to date\n- Use the latest version of this project\n- Review security advisories regularly\n- Report vulnerabilities responsibly\n\n### For Contributors\n\n- Run `cargo audit` before submitting PRs\n- Use `cargo deny` to check license compliance\n- Follow secure coding practices\n- Don't hardcode secrets or credentials\n- Validate all external inputs\n\n## Dependency Security\n\nWe use automated tools to monitor dependencies:\n\n- **cargo-audit**: Scans for known security vulnerabilities\n- **cargo-deny**: Checks licenses and bans unsafe dependencies\n\nThese run in CI on every push and PR.\n\n## Code Review\n\nAll code changes go through review before merging:\n\n- At least one maintainer review required\n- Security implications considered\n- Tests required for all changes\n- CI checks must pass\n\n## Known Vulnerabilities\n\nWe maintain transparency about known issues:\n\n- Documented in GitHub security advisories\n- Announced in release notes\n- Tracked in issues with `security` label\n\n## Security Contact\n\nFor security inquiries, please contact:\n\n- Email: [project maintainers]\n- Issue: Open a private security advisory on GitHub\n\n## Changelog\n\nSecurity fixes are highlighted in CHANGELOG.md with [SECURITY] prefix.\n\n## Resources\n\n- [OWASP Top 10](https://owasp.org/www-project-top-ten/)\n- [CWE: Common Weakness Enumeration](https://cwe.mitre.org/)\n- [Rust Security](https://www.rust-lang.org/governance/security-disclosures)\n- [npm Security](https://docs.npmjs.com/about-npm/security)\n\n## Questions\n\nIf you have security questions (not vulnerabilities), open a discussion or issue with the `security` label.
+# Security Policy
+
+## Supported Versions
+
+This project provides security updates for the following versions:
+
+| Version | Supported |
+|---------|-----------|
+| 1.x     | ✅ Yes    |
+| 0.x     | ❌ No     |
+
+Only the latest major version receives security patches. Users are encouraged to upgrade to the latest version.
+
+## Reporting a Vulnerability
+
+**Do not open public GitHub issues for security vulnerabilities.**
+
+Instead, please report security issues to the maintainers privately:
+
+### Reporting Process
+
+1. Email security details to the maintainers (see project README for contact)
+2. Include:
+   - Description of the vulnerability
+   - Steps to reproduce (if possible)
+   - Potential impact
+   - Suggested fix (if you have one)
+
+3. Expect acknowledgment within 48 hours
+4. We will work on a fix and coordinate disclosure timing
+
+### Responsible Disclosure
+
+- Allow reasonable time for a fix before public disclosure
+- Work with us to understand and validate the issue
+- Maintain confidentiality until the fix is released
+
+## Security Best Practices
+
+### For Users
+
+- Keep dependencies up to date
+- Use the latest version of this project
+- Review security advisories regularly
+- Report vulnerabilities responsibly
+
+### For Contributors
+
+- Run `cargo audit` before submitting PRs
+- Use `cargo deny` to check license compliance
+- Follow secure coding practices
+- Don't hardcode secrets or credentials
+- Validate all external inputs
+
+## Dependency Security
+
+We use automated tools to monitor dependencies:
+
+- **cargo-audit**: Scans for known security vulnerabilities
+- **cargo-deny**: Checks licenses and bans unsafe dependencies
+
+These run in CI on every push and PR.
+
+## Code Review
+
+All code changes go through review before merging:
+
+- At least one maintainer review required
+- Security implications considered
+- Tests required for all changes
+- CI checks must pass
+
+## Known Vulnerabilities
+
+We maintain transparency about known issues:
+
+- Documented in GitHub security advisories
+- Announced in release notes
+- Tracked in issues with `security` label
+
+## Security Contact
+
+For security inquiries, please contact:
+
+- Email: [project maintainers]
+- Issue: Open a private security advisory on GitHub
+
+## Changelog
+
+Security fixes are highlighted in CHANGELOG.md with [SECURITY] prefix.
+
+## Resources
+
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
+- [CWE: Common Weakness Enumeration](https://cwe.mitre.org/)
+- [Rust Security](https://www.rust-lang.org/governance/security-disclosures)
+- [npm Security](https://docs.npmjs.com/about-npm/security)
+
+## Questions
+
+If you have security questions (not vulnerabilities), open a discussion or issue with the `security` label.

docs/README.md

@@ -38,7 +38,7 @@ All documentation is **directly readable** as markdown files in Git/GitHub—mdB
 
 ## 📚 Documentation Structure
 
-```
+```bash
 provisioning/docs/
 ├── README.md                    # This file – navigation hub
 ├── book.toml                    # mdBook configuration
@@ -77,12 +77,14 @@ If you prefer a formatted HTML website with search, themes, and copy buttons, bu
 ### Prerequisites
 
 ```bash
+bash
 cargo install mdbook
 ```
 
 ### Build & Serve
 
 ```bash
+bash
 # Navigate to docs directory
 cd provisioning/docs
 
@@ -135,4 +137,4 @@ All documentation is standard GitHub Flavored Markdown. You can:
 - **Looking for API docs** → See [API Reference](src/api-reference/)
 - **Want architecture details** → Read [Architecture Overview](src/architecture/architecture-overview.md)
 
-For complete navigation, see [Table of Contents](src/SUMMARY.md).
+For complete navigation, see [Table of Contents](src/SUMMARY.md).

docs/src/ai/config-generation.md

@@ -1 +1,64 @@
-# Configuration Generation (typdialog-prov-gen)\n\n**Status**: 🔴 Planned for Q2 2025\n\n## Overview\n\nThe Configuration Generator (typdialog-prov-gen) will provide template-based Nickel configuration generation with AI-powered customization.\n\n## Planned Features\n\n### Template Selection\n- Library of production-ready infrastructure templates\n- AI recommends templates based on requirements\n- Preview before generation\n\n### Customization via Natural Language\n```\nprovisioning ai config-gen \\n  --template "kubernetes-cluster" \\n  --customize "Add Prometheus monitoring, increase replicas to 5, use us-east-1"\n```\n\n### Multi-Provider Support\n- AWS, Hetzner, UpCloud, local infrastructure\n- Automatic provider-specific optimizations\n- Cost estimation across providers\n\n### Validation and Testing\n- Type-checking via Nickel before deployment\n- Dry-run execution for safety\n- Test data fixtures for verification\n\n## Architecture\n\n```\nTemplate Library\n      ↓\nTemplate Selection (AI + User)\n      ↓\nCustomization Layer (NL → Nickel)\n      ↓\nValidation (Type + Runtime)\n      ↓\nGenerated Configuration\n```\n\n## Integration Points\n\n- typdialog web UI for template browsing\n- CLI for batch generation\n- AI service for customization suggestions\n- Nickel for type-safe validation\n\n## Related Documentation\n\n- [Natural Language Configuration](natural-language-config.md) - NL to config generation\n- [Architecture](architecture.md) - AI system overview\n- [Configuration Guide](configuration.md) - Setup instructions\n\n---\n\n**Status**: 🔴 Planned\n**Expected Release**: Q2 2025\n**Priority**: High (enables non-technical users to generate configs)
+# Configuration Generation (typdialog-prov-gen)
+
+**Status**: 🔴 Planned for Q2 2025
+
+## Overview
+
+The Configuration Generator (typdialog-prov-gen) will provide template-based Nickel configuration generation with AI-powered customization.
+
+## Planned Features
+
+### Template Selection
+- Library of production-ready infrastructure templates
+- AI recommends templates based on requirements
+- Preview before generation
+
+### Customization via Natural Language
+```bash
+provisioning ai config-gen 
+  --template "kubernetes-cluster" 
+  --customize "Add Prometheus monitoring, increase replicas to 5, use us-east-1"
+```
+
+### Multi-Provider Support
+- AWS, Hetzner, UpCloud, local infrastructure
+- Automatic provider-specific optimizations
+- Cost estimation across providers
+
+### Validation and Testing
+- Type-checking via Nickel before deployment
+- Dry-run execution for safety
+- Test data fixtures for verification
+
+## Architecture
+
+```bash
+Template Library
+      ↓
+Template Selection (AI + User)
+      ↓
+Customization Layer (NL → Nickel)
+      ↓
+Validation (Type + Runtime)
+      ↓
+Generated Configuration
+```
+
+## Integration Points
+
+- typdialog web UI for template browsing
+- CLI for batch generation
+- AI service for customization suggestions
+- Nickel for type-safe validation
+
+## Related Documentation
+
+- [Natural Language Configuration](natural-language-config.md) - NL to config generation
+- [Architecture](architecture.md) - AI system overview
+- [Configuration Guide](configuration.md) - Setup instructions
+
+---
+
+**Status**: 🔴 Planned
+**Expected Release**: Q2 2025
+**Priority**: High (enables non-technical users to generate configs)

docs/src/api-reference/README.md

@@ -1 +1,28 @@
-# API Documentation\n\nAPI reference for programmatic access to the Provisioning Platform.\n\n## Available APIs\n\n- [REST API](rest-api.md) - HTTP endpoints for all operations\n- [WebSocket API](websocket.md) - Real-time event streams\n- [Extensions API](extensions.md) - Extension integration interfaces\n- [SDKs](sdks.md) - Client libraries for multiple languages\n- [Integration Examples](integration-examples.md) - Code examples and patterns\n\n## Quick Start\n\n```\n# Check API health\ncurl http://localhost:9090/health\n\n# List tasks via API\ncurl http://localhost:9090/tasks\n\n# Submit workflow\ncurl -X POST http://localhost:9090/workflows/servers/create \\n  -H "Content-Type: application/json" \\n  -d '{"infra": "my-project", "servers": ["web-01"]}'\n```\n\nSee [REST API](rest-api.md) for complete endpoint documentation.
+# API Documentation
+
+API reference for programmatic access to the Provisioning Platform.
+
+## Available APIs
+
+- [REST API](rest-api.md) - HTTP endpoints for all operations
+- [WebSocket API](websocket.md) - Real-time event streams
+- [Extensions API](extensions.md) - Extension integration interfaces
+- [SDKs](sdks.md) - Client libraries for multiple languages
+- [Integration Examples](integration-examples.md) - Code examples and patterns
+
+## Quick Start
+
+```bash
+# Check API health
+curl http://localhost:9090/health
+
+# List tasks via API
+curl http://localhost:9090/tasks
+
+# Submit workflow
+curl -X POST http://localhost:9090/workflows/servers/create 
+  -H "Content-Type: application/json" 
+  -d '{"infra": "my-project", "servers": ["web-01"]}'
+```
+
+See [REST API](rest-api.md) for complete endpoint documentation.

docs/src/api-reference/nushell-api.md

@@ -1 +1,111 @@
-# Nushell API Reference\n\nAPI documentation for Nushell library functions in the provisioning platform.\n\n## Overview\n\nThe provisioning platform provides a comprehensive Nushell library with reusable functions for infrastructure automation.\n\n## Core Modules\n\n### Configuration Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/config/`\n\n- `get-config <key>` - Retrieve configuration values\n- `validate-config` - Validate configuration files\n- `load-config <path>` - Load configuration from file\n\n### Server Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/servers/`\n\n- `create-servers <plan>` - Create server infrastructure\n- `list-servers` - List all provisioned servers\n- `delete-servers <ids>` - Remove servers\n\n### Task Service Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/taskservs/`\n\n- `install-taskserv <name>` - Install infrastructure service\n- `list-taskservs` - List installed services\n- `generate-taskserv-config <name>` - Generate service configuration\n\n### Workspace Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/workspace/`\n\n- `init-workspace <name>` - Initialize new workspace\n- `get-active-workspace` - Get current workspace\n- `switch-workspace <name>` - Switch to different workspace\n\n### Provider Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/providers/`\n\n- `discover-providers` - Find available providers\n- `load-provider <name>` - Load provider module\n- `list-providers` - List loaded providers\n\n## Diagnostics & Utilities\n\n### Diagnostics Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/diagnostics/`\n\n- `system-status` - Check system health (13+ checks)\n- `health-check` - Deep validation (7 areas)\n- `next-steps` - Get progressive guidance\n- `deployment-phase` - Check deployment progress\n\n### Hints Module\n\n**Location**: `provisioning/core/nulib/lib_provisioning/utils/hints.nu`\n\n- `show-next-step <context>` - Display next step suggestion\n- `show-doc-link <topic>` - Show documentation link\n- `show-example <command>` - Display command example\n\n## Usage Example\n\n```\n# Load provisioning library\nuse provisioning/core/nulib/lib_provisioning *\n\n# Check system status\nsystem-status | table\n\n# Create servers\ncreate-servers --plan "3-node-cluster" --check\n\n# Install kubernetes\ninstall-taskserv kubernetes --check\n\n# Get next steps\nnext-steps\n```\n\n## API Conventions\n\nAll API functions follow these conventions:\n\n- **Explicit types**: All parameters have type annotations\n- **Early returns**: Validate first, fail fast\n- **Pure functions**: No side effects (mutations marked with `!`)\n- **Pipeline-friendly**: Output designed for Nu pipelines\n\n## Best Practices\n\nSee [Nushell Best Practices](../development/NUSHELL_BEST_PRACTICES.md) for coding guidelines.\n\n## Source Code\n\nBrowse the complete source code:\n\n- **Core library**: `provisioning/core/nulib/lib_provisioning/`\n- **Module index**: `provisioning/core/nulib/lib_provisioning/mod.nu`\n\n---\n\nFor integration examples, see [Integration Examples](integration-examples.md).
+# Nushell API Reference
+
+API documentation for Nushell library functions in the provisioning platform.
+
+## Overview
+
+The provisioning platform provides a comprehensive Nushell library with reusable functions for infrastructure automation.
+
+## Core Modules
+
+### Configuration Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/config/`
+
+- `get-config <key>` - Retrieve configuration values
+- `validate-config` - Validate configuration files
+- `load-config <path>` - Load configuration from file
+
+### Server Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/servers/`
+
+- `create-servers <plan>` - Create server infrastructure
+- `list-servers` - List all provisioned servers
+- `delete-servers <ids>` - Remove servers
+
+### Task Service Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/taskservs/`
+
+- `install-taskserv <name>` - Install infrastructure service
+- `list-taskservs` - List installed services
+- `generate-taskserv-config <name>` - Generate service configuration
+
+### Workspace Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/workspace/`
+
+- `init-workspace <name>` - Initialize new workspace
+- `get-active-workspace` - Get current workspace
+- `switch-workspace <name>` - Switch to different workspace
+
+### Provider Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/providers/`
+
+- `discover-providers` - Find available providers
+- `load-provider <name>` - Load provider module
+- `list-providers` - List loaded providers
+
+## Diagnostics & Utilities
+
+### Diagnostics Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/diagnostics/`
+
+- `system-status` - Check system health (13+ checks)
+- `health-check` - Deep validation (7 areas)
+- `next-steps` - Get progressive guidance
+- `deployment-phase` - Check deployment progress
+
+### Hints Module
+
+**Location**: `provisioning/core/nulib/lib_provisioning/utils/hints.nu`
+
+- `show-next-step <context>` - Display next step suggestion
+- `show-doc-link <topic>` - Show documentation link
+- `show-example <command>` - Display command example
+
+## Usage Example
+
+```nushell
+# Load provisioning library
+use provisioning/core/nulib/lib_provisioning *
+
+# Check system status
+system-status | table
+
+# Create servers
+create-servers --plan "3-node-cluster" --check
+
+# Install kubernetes
+install-taskserv kubernetes --check
+
+# Get next steps
+next-steps
+```
+
+## API Conventions
+
+All API functions follow these conventions:
+
+- **Explicit types**: All parameters have type annotations
+- **Early returns**: Validate first, fail fast
+- **Pure functions**: No side effects (mutations marked with `!`)
+- **Pipeline-friendly**: Output designed for Nu pipelines
+
+## Best Practices
+
+See [Nushell Best Practices](../development/NUSHELL_BEST_PRACTICES.md) for coding guidelines.
+
+## Source Code
+
+Browse the complete source code:
+
+- **Core library**: `provisioning/core/nulib/lib_provisioning/`
+- **Module index**: `provisioning/core/nulib/lib_provisioning/mod.nu`
+
+---
+
+For integration examples, see [Integration Examples](integration-examples.md).

docs/src/api-reference/provider-api.md

@@ -1 +1,186 @@
-# Provider API Reference\n\nAPI documentation for creating and using infrastructure providers.\n\n## Overview\n\nProviders handle cloud-specific operations and resource provisioning. The provisioning platform supports multiple cloud providers through a unified API.\n\n## Supported Providers\n\n- **UpCloud** - European cloud provider\n- **AWS** - Amazon Web Services\n- **Local** - Local development environment\n\n## Provider Interface\n\nAll providers must implement the following interface:\n\n### Required Functions\n\n```\n# Provider initialization\nexport def init [] -> record { ... }\n\n# Server operations\nexport def create-servers [plan: record] -> list { ... }\nexport def delete-servers [ids: list] -> bool { ... }\nexport def list-servers [] -> table { ... }\n\n# Resource information\nexport def get-server-plans [] -> table { ... }\nexport def get-regions [] -> list { ... }\nexport def get-pricing [plan: string] -> record { ... }\n```\n\n### Provider Configuration\n\nEach provider requires configuration in Nickel format:\n\n```\n# Example: UpCloud provider configuration\n{\n  provider = {\n    name = "upcloud",\n    type = "cloud",\n    enabled = true,\n    config = {\n      username = "{{env.UPCLOUD_USERNAME}}",\n      password = "{{env.UPCLOUD_PASSWORD}}",\n      default_zone = "de-fra1",\n    },\n  }\n}\n```\n\n## Creating a Custom Provider\n\n### 1. Directory Structure\n\n```\nprovisioning/extensions/providers/my-provider/\n├── nulib/\n│   └── my_provider.nu          # Provider implementation\n├── schemas/\n│   ├── main.ncl                # Nickel schema\n│   └── defaults.ncl            # Default configuration\n└── README.md                   # Provider documentation\n```\n\n### 2. Implementation Template\n\n```\n# my_provider.nu\nexport def init [] {\n    {\n        name: "my-provider"\n        type: "cloud"\n        ready: true\n    }\n}\n\nexport def create-servers [plan: record] {\n    # Implementation here\n    []\n}\n\nexport def list-servers [] {\n    # Implementation here\n    []\n}\n\n# ... other required functions\n```\n\n### 3. Nickel Schema\n\n```\n# main.ncl\n{\n  MyProvider = {\n    # My custom provider schema\n    name | String = "my-provider",\n    type | String | "cloud" | "local" = "cloud",\n    config | MyProviderConfig,\n  },\n\n  MyProviderConfig = {\n    api_key | String,\n    region | String = "us-east-1",\n  },\n}\n```\n\n## Provider Discovery\n\nProviders are automatically discovered from:\n\n- `provisioning/extensions/providers/*/nu/*.nu`\n- User workspace: `workspace/extensions/providers/*/nu/*.nu`\n\n```\n# Discover available providers\nprovisioning module discover providers\n\n# Load provider\nprovisioning module load providers workspace my-provider\n```\n\n## Provider API Examples\n\n### Create Servers\n\n```\nuse my_provider.nu *\n\nlet plan = {\n    count: 3\n    size: "medium"\n    zone: "us-east-1"\n}\n\ncreate-servers $plan\n```\n\n### List Servers\n\n```\nlist-servers | where status == "running" | select hostname ip_address\n```\n\n### Get Pricing\n\n```\nget-pricing "small" | to yaml\n```\n\n## Testing Providers\n\nUse the test environment system to test providers:\n\n```\n# Test provider without real resources\nprovisioning test env single my-provider --check\n```\n\n## Provider Development Guide\n\nFor complete provider development guide, see:\n\n- **[Provider Development](../development/QUICK_PROVIDER_GUIDE.md)** - Quick start guide\n- **[Extension Development](../development/extensions.md)** - Complete extension guide\n- **[Integration Examples](integration-examples.md)** - Example implementations\n\n## API Stability\n\nProvider API follows semantic versioning:\n\n- **Major**: Breaking changes\n- **Minor**: New features, backward compatible\n- **Patch**: Bug fixes\n\nCurrent API version: `2.0.0`\n\n---\n\nFor more examples, see [Integration Examples](integration-examples.md).
+# Provider API Reference
+
+API documentation for creating and using infrastructure providers.
+
+## Overview
+
+Providers handle cloud-specific operations and resource provisioning. The provisioning platform supports multiple cloud providers through a unified API.
+
+## Supported Providers
+
+- **UpCloud** - European cloud provider
+- **AWS** - Amazon Web Services
+- **Local** - Local development environment
+
+## Provider Interface
+
+All providers must implement the following interface:
+
+### Required Functions
+
+```bash
+# Provider initialization
+export def init [] -> record { ... }
+
+# Server operations
+export def create-servers [plan: record] -> list { ... }
+export def delete-servers [ids: list] -> bool { ... }
+export def list-servers [] -> table { ... }
+
+# Resource information
+export def get-server-plans [] -> table { ... }
+export def get-regions [] -> list { ... }
+export def get-pricing [plan: string] -> record { ... }
+```
+
+### Provider Configuration
+
+Each provider requires configuration in Nickel format:
+
+```nickel
+# Example: UpCloud provider configuration
+{
+  provider = {
+    name = "upcloud",
+    type = "cloud",
+    enabled = true,
+    config = {
+      username = "{{env.UPCLOUD_USERNAME}}",
+      password = "{{env.UPCLOUD_PASSWORD}}",
+      default_zone = "de-fra1",
+    },
+  }
+}
+```
+
+## Creating a Custom Provider
+
+### 1. Directory Structure
+
+```bash
+provisioning/extensions/providers/my-provider/
+├── nulib/
+│   └── my_provider.nu          # Provider implementation
+├── schemas/
+│   ├── main.ncl                # Nickel schema
+│   └── defaults.ncl            # Default configuration
+└── README.md                   # Provider documentation
+```
+
+### 2. Implementation Template
+
+```bash
+# my_provider.nu
+export def init [] {
+    {
+        name: "my-provider"
+        type: "cloud"
+        ready: true
+    }
+}
+
+export def create-servers [plan: record] {
+    # Implementation here
+    []
+}
+
+export def list-servers [] {
+    # Implementation here
+    []
+}
+
+# ... other required functions
+```
+
+### 3. Nickel Schema
+
+```nickel
+# main.ncl
+{
+  MyProvider = {
+    # My custom provider schema
+    name | String = "my-provider",
+    type | String | "cloud" | "local" = "cloud",
+    config | MyProviderConfig,
+  },
+
+  MyProviderConfig = {
+    api_key | String,
+    region | String = "us-east-1",
+  },
+}
+```
+
+## Provider Discovery
+
+Providers are automatically discovered from:
+
+- `provisioning/extensions/providers/*/nu/*.nu`
+- User workspace: `workspace/extensions/providers/*/nu/*.nu`
+
+```nushell
+# Discover available providers
+provisioning module discover providers
+
+# Load provider
+provisioning module load providers workspace my-provider
+```
+
+## Provider API Examples
+
+### Create Servers
+
+```bash
+use my_provider.nu *
+
+let plan = {
+    count: 3
+    size: "medium"
+    zone: "us-east-1"
+}
+
+create-servers $plan
+```
+
+### List Servers
+
+```bash
+list-servers | where status == "running" | select hostname ip_address
+```
+
+### Get Pricing
+
+```bash
+get-pricing "small" | to yaml
+```
+
+## Testing Providers
+
+Use the test environment system to test providers:
+
+```bash
+# Test provider without real resources
+provisioning test env single my-provider --check
+```
+
+## Provider Development Guide
+
+For complete provider development guide, see:
+
+- **[Provider Development](../development/QUICK_PROVIDER_GUIDE.md)** - Quick start guide
+- **[Extension Development](../development/extensions.md)** - Complete extension guide
+- **[Integration Examples](integration-examples.md)** - Example implementations
+
+## API Stability
+
+Provider API follows semantic versioning:
+
+- **Major**: Breaking changes
+- **Minor**: New features, backward compatible
+- **Patch**: Bug fixes
+
+Current API version: `2.0.0`
+
+---
+
+For more examples, see [Integration Examples](integration-examples.md).

docs/src/architecture/adr/README.md

@@ -1 +1,60 @@
-# Architecture Decision Records (ADRs)\n\nThis directory contains all Architecture Decision Records for the provisioning platform. ADRs document significant architectural decisions and their rationale.\n\n## Index of Decisions\n\n### Core Architecture (ADR-001 to ADR-006)\n\n- **ADR-001**: [Project Structure](adr-001-project-structure.md) - Overall project organization and directory layout\n- **ADR-002**: [Distribution Strategy](adr-002-distribution-strategy.md) - How the platform is packaged and distributed\n- **ADR-003**: [Workspace Isolation](adr-003-workspace-isolation.md) - Workspace management and isolation boundaries\n- **ADR-004**: [Hybrid Architecture](adr-004-hybrid-architecture.md) - Rust/Nushell hybrid system design\n- **ADR-005**: [Extension Framework](adr-005-extension-framework.md) - Plugin/extension system architecture\n- **ADR-006**: [Provisioning CLI Refactoring](adr-006-provisioning-cli-refactoring.md) - CLI modularization and command handling\n\n### Infrastructure & Configuration (ADR-007 to ADR-011)\n\n- **ADR-007**: [KMS Simplification](adr-007-kms-simplification.md) - Key Management System design\n- **ADR-008**: [Cedar Authorization](adr-008-cedar-authorization.md) - Fine-grained authorization via Cedar policies\n- **ADR-009**: [Security System Complete](adr-009-security-system-complete.md) - Comprehensive security implementation\n- **ADR-010**: [Configuration Format Strategy](adr-010-configuration-format-strategy.md) - When to use Nickel, TOML, YAML, or KCL\n- **ADR-011**: [Nickel Migration](adr-011-nickel-migration.md) - Migration from KCL to Nickel as primary IaC language\n\n### Platform Services (ADR-012 to ADR-014)\n\n- **ADR-012**: [Nushell Nickel Plugin CLI Wrapper](adr-012-nushell-nickel-plugin-cli-wrapper.md) - Plugin architecture for Nickel integration\n- **ADR-013**: [Typdialog Web UI Backend Integration](adr-013-typdialog-integration.md) - Browser-based configuration forms with multi-user collaboration\n- **ADR-014**: [SecretumVault Integration](adr-014-secretumvault-integration.md) - Centralized secrets management with dynamic credentials\n\n### AI and Intelligence (ADR-015)\n\n- **ADR-015**: [AI Integration Architecture](adr-015-ai-integration-architecture.md) - Comprehensive AI system for intelligent infrastructure provisioning\n\n## How to Use ADRs\n\n1. **For decisions affecting architecture**: Create a new ADR with the next sequential number\n2. **For reading decisions**: Browse this list or check SUMMARY.md\n3. **For understanding context**: Each ADR includes context, rationale, and consequences\n\n## ADR Format\n\nEach ADR follows this standard structure:\n\n- **Context**: What problem we're solving\n- **Decision**: What we decided\n- **Rationale**: Why we chose this approach\n- **Consequences**: Positive and negative impacts\n- **Alternatives Considered**: Other options we evaluated\n\n## Status Markers\n\n- **Proposed**: Under review, not yet final\n- **Accepted**: Approved and adopted\n- **Superseded**: Replaced by a later ADR\n- **Deprecated**: No longer recommended\n\n---\n\n**Last Updated**: 2025-01-08\n**Total ADRs**: 15
+# Architecture Decision Records (ADRs)
+
+This directory contains all Architecture Decision Records for the provisioning platform. ADRs document significant architectural decisions and their rationale.
+
+## Index of Decisions
+
+### Core Architecture (ADR-001 to ADR-006)
+
+- **ADR-001**: [Project Structure](adr-001-project-structure.md) - Overall project organization and directory layout
+- **ADR-002**: [Distribution Strategy](adr-002-distribution-strategy.md) - How the platform is packaged and distributed
+- **ADR-003**: [Workspace Isolation](adr-003-workspace-isolation.md) - Workspace management and isolation boundaries
+- **ADR-004**: [Hybrid Architecture](adr-004-hybrid-architecture.md) - Rust/Nushell hybrid system design
+- **ADR-005**: [Extension Framework](adr-005-extension-framework.md) - Plugin/extension system architecture
+- **ADR-006**: [Provisioning CLI Refactoring](adr-006-provisioning-cli-refactoring.md) - CLI modularization and command handling
+
+### Infrastructure & Configuration (ADR-007 to ADR-011)
+
+- **ADR-007**: [KMS Simplification](adr-007-kms-simplification.md) - Key Management System design
+- **ADR-008**: [Cedar Authorization](adr-008-cedar-authorization.md) - Fine-grained authorization via Cedar policies
+- **ADR-009**: [Security System Complete](adr-009-security-system-complete.md) - Comprehensive security implementation
+- **ADR-010**: [Configuration Format Strategy](adr-010-configuration-format-strategy.md) - When to use Nickel, TOML, YAML, or KCL
+- **ADR-011**: [Nickel Migration](adr-011-nickel-migration.md) - Migration from KCL to Nickel as primary IaC language
+
+### Platform Services (ADR-012 to ADR-014)
+
+- **ADR-012**: [Nushell Nickel Plugin CLI Wrapper](adr-012-nushell-nickel-plugin-cli-wrapper.md) - Plugin architecture for Nickel integration
+- **ADR-013**: [Typdialog Web UI Backend Integration](adr-013-typdialog-integration.md) - Browser-based configuration forms with multi-user collaboration
+- **ADR-014**: [SecretumVault Integration](adr-014-secretumvault-integration.md) - Centralized secrets management with dynamic credentials
+
+### AI and Intelligence (ADR-015)
+
+- **ADR-015**: [AI Integration Architecture](adr-015-ai-integration-architecture.md) - Comprehensive AI system for intelligent infrastructure provisioning
+
+## How to Use ADRs
+
+1. **For decisions affecting architecture**: Create a new ADR with the next sequential number
+2. **For reading decisions**: Browse this list or check SUMMARY.md
+3. **For understanding context**: Each ADR includes context, rationale, and consequences
+
+## ADR Format
+
+Each ADR follows this standard structure:
+
+- **Context**: What problem we're solving
+- **Decision**: What we decided
+- **Rationale**: Why we chose this approach
+- **Consequences**: Positive and negative impacts
+- **Alternatives Considered**: Other options we evaluated
+
+## Status Markers
+
+- **Proposed**: Under review, not yet final
+- **Accepted**: Approved and adopted
+- **Superseded**: Replaced by a later ADR
+- **Deprecated**: No longer recommended
+
+---
+
+**Last Updated**: 2025-01-08
+**Total ADRs**: 15

docs/src/development/command-reference.md

@@ -1 +1,54 @@
-# Command Reference\n\nComplete command reference for the provisioning CLI.\n\n## 📖 Service Management Guide\n\nThe primary command reference is now part of the Service Management Guide:\n\n**→ [Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md)** - Complete CLI reference\n\nThis guide includes:\n\n- All CLI commands and shortcuts\n- Command syntax and examples\n- Service lifecycle management\n- Troubleshooting commands\n\n## Quick Reference\n\n### Essential Commands\n\n```\n# System status\nprovisioning status\nprovisioning health\n\n# Server management\nprovisioning server create\nprovisioning server list\nprovisioning server ssh <hostname>\n\n# Task services\nprovisioning taskserv create <service>\nprovisioning taskserv list\n\n# Workspace management\nprovisioning workspace list\nprovisioning workspace switch <name>\n\n# Get help\nprovisioning help\nprovisioning <command> help\n```\n\n## Additional References\n\n- **[Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md)** - Complete CLI reference\n- **[Service Management Quick Reference](SERVICE_MANAGEMENT_QUICKREF.md)** - Quick lookup\n- **[Quick Start Cheatsheet](../guides/quickstart-cheatsheet.md)** - All shortcuts\n- **[Authentication Guide](AUTHENTICATION_LAYER_GUIDE.md)** - Auth commands\n\n---\n\nFor complete command documentation, see [Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md).
+# Command Reference
+
+Complete command reference for the provisioning CLI.
+
+## 📖 Service Management Guide
+
+The primary command reference is now part of the Service Management Guide:
+
+**→ [Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md)** - Complete CLI reference
+
+This guide includes:
+
+- All CLI commands and shortcuts
+- Command syntax and examples
+- Service lifecycle management
+- Troubleshooting commands
+
+## Quick Reference
+
+### Essential Commands
+
+```bash
+# System status
+provisioning status
+provisioning health
+
+# Server management
+provisioning server create
+provisioning server list
+provisioning server ssh <hostname>
+
+# Task services
+provisioning taskserv create <service>
+provisioning taskserv list
+
+# Workspace management
+provisioning workspace list
+provisioning workspace switch <name>
+
+# Get help
+provisioning help
+provisioning <command> help
+```
+
+## Additional References
+
+- **[Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md)** - Complete CLI reference
+- **[Service Management Quick Reference](SERVICE_MANAGEMENT_QUICKREF.md)** - Quick lookup
+- **[Quick Start Cheatsheet](../guides/quickstart-cheatsheet.md)** - All shortcuts
+- **[Authentication Guide](AUTHENTICATION_LAYER_GUIDE.md)** - Auth commands
+
+---
+
+For complete command documentation, see [Service Management Guide](SERVICE_MANAGEMENT_GUIDE.md).

docs/src/development/mcp-server.md

@@ -1 +1,114 @@
-# MCP Server - Model Context Protocol\n\nA Rust-native Model Context Protocol (MCP) server for infrastructure automation and AI-assisted DevOps operations.\n\n> **Source**: `provisioning/platform/mcp-server/`\n> **Status**: Proof of Concept Complete\n\n## Overview\n\nReplaces the Python implementation with significant performance improvements while maintaining philosophical consistency with the Rust ecosystem approach.\n\n## Performance Results\n\n```\n🚀 Rust MCP Server Performance Analysis\n==================================================\n\n📋 Server Parsing Performance:\n  • Sub-millisecond latency across all operations\n  • 0μs average for configuration access\n\n🤖 AI Status Performance:\n  • AI Status: 0μs avg (10000 iterations)\n\n💾 Memory Footprint:\n  • ServerConfig size: 80 bytes\n  • Config size: 272 bytes\n\n✅ Performance Summary:\n  • Server parsing: Sub-millisecond latency\n  • Configuration access: Microsecond latency\n  • Memory efficient: Small struct footprint\n  • Zero-copy string operations where possible\n```\n\n## Architecture\n\n```\nsrc/\n├── simple_main.rs      # Lightweight MCP server entry point\n├── main.rs             # Full MCP server (with SDK integration)\n├── lib.rs              # Library interface\n├── config.rs           # Configuration management\n├── provisioning.rs     # Core provisioning engine\n├── tools.rs            # AI-powered parsing tools\n├── errors.rs           # Error handling\n└── performance_test.rs # Performance benchmarking\n```\n\n## Key Features\n\n1. **AI-Powered Server Parsing**: Natural language to infrastructure config\n2. **Multi-Provider Support**: AWS, UpCloud, Local\n3. **Configuration Management**: TOML-based with environment overrides\n4. **Error Handling**: Comprehensive error types with recovery hints\n5. **Performance Monitoring**: Built-in benchmarking capabilities\n\n## Rust vs Python Comparison\n\n| Metric | Python MCP Server | Rust MCP Server | Improvement |\n| -------- | ------------------ | ----------------- | ------------- |\n| **Startup Time** | ~500 ms | ~50 ms | **10x faster** |\n| **Memory Usage** | ~50 MB | ~5 MB | **10x less** |\n| **Parsing Latency** | ~1 ms | ~0.001 ms | **1000x faster** |\n| **Binary Size** | Python + deps | ~15 MB static | **Portable** |\n| **Type Safety** | Runtime errors | Compile-time | **Zero runtime errors** |\n\n## Usage\n\n```\n# Build and run\ncargo run --bin provisioning-mcp-server --release\n\n# Run with custom config\nPROVISIONING_PATH=/path/to/provisioning cargo run --bin provisioning-mcp-server -- --debug\n\n# Run tests\ncargo test\n\n# Run benchmarks\ncargo run --bin provisioning-mcp-server --release\n```\n\n## Configuration\n\nSet via environment variables:\n\n```\nexport PROVISIONING_PATH=/path/to/provisioning\nexport PROVISIONING_AI_PROVIDER=openai\nexport OPENAI_API_KEY=your-key\nexport PROVISIONING_DEBUG=true\n```\n\n## Integration Benefits\n\n1. **Philosophical Consistency**: Rust throughout the stack\n2. **Performance**: Sub-millisecond response times\n3. **Memory Safety**: No segfaults, no memory leaks\n4. **Concurrency**: Native async/await support\n5. **Distribution**: Single static binary\n6. **Cross-compilation**: ARM64/x86_64 support\n\n## Next Steps\n\n1. Full MCP SDK integration (schema definitions)\n2. WebSocket/TCP transport layer\n3. Plugin system for extensibility\n4. Metrics collection and monitoring\n5. Documentation and examples\n\n## Related Documentation\n\n- **Architecture**: [MCP Integration](../architecture/orchestrator-integration-model.md)
+# MCP Server - Model Context Protocol
+
+A Rust-native Model Context Protocol (MCP) server for infrastructure automation and AI-assisted DevOps operations.
+
+> **Source**: `provisioning/platform/mcp-server/`
+> **Status**: Proof of Concept Complete
+
+## Overview
+
+Replaces the Python implementation with significant performance improvements while maintaining philosophical consistency with the Rust ecosystem approach.
+
+## Performance Results
+
+```bash
+🚀 Rust MCP Server Performance Analysis
+==================================================
+
+📋 Server Parsing Performance:
+  • Sub-millisecond latency across all operations
+  • 0μs average for configuration access
+
+🤖 AI Status Performance:
+  • AI Status: 0μs avg (10000 iterations)
+
+💾 Memory Footprint:
+  • ServerConfig size: 80 bytes
+  • Config size: 272 bytes
+
+✅ Performance Summary:
+  • Server parsing: Sub-millisecond latency
+  • Configuration access: Microsecond latency
+  • Memory efficient: Small struct footprint
+  • Zero-copy string operations where possible
+```
+
+## Architecture
+
+```bash
+src/
+├── simple_main.rs      # Lightweight MCP server entry point
+├── main.rs             # Full MCP server (with SDK integration)
+├── lib.rs              # Library interface
+├── config.rs           # Configuration management
+├── provisioning.rs     # Core provisioning engine
+├── tools.rs            # AI-powered parsing tools
+├── errors.rs           # Error handling
+└── performance_test.rs # Performance benchmarking
+```
+
+## Key Features
+
+1. **AI-Powered Server Parsing**: Natural language to infrastructure config
+2. **Multi-Provider Support**: AWS, UpCloud, Local
+3. **Configuration Management**: TOML-based with environment overrides
+4. **Error Handling**: Comprehensive error types with recovery hints
+5. **Performance Monitoring**: Built-in benchmarking capabilities
+
+## Rust vs Python Comparison
+
+| Metric | Python MCP Server | Rust MCP Server | Improvement |
+| -------- | ------------------ | ----------------- | ------------- |
+| **Startup Time** | ~500 ms | ~50 ms | **10x faster** |
+| **Memory Usage** | ~50 MB | ~5 MB | **10x less** |
+| **Parsing Latency** | ~1 ms | ~0.001 ms | **1000x faster** |
+| **Binary Size** | Python + deps | ~15 MB static | **Portable** |
+| **Type Safety** | Runtime errors | Compile-time | **Zero runtime errors** |
+
+## Usage
+
+```bash
+# Build and run
+cargo run --bin provisioning-mcp-server --release
+
+# Run with custom config
+PROVISIONING_PATH=/path/to/provisioning cargo run --bin provisioning-mcp-server -- --debug
+
+# Run tests
+cargo test
+
+# Run benchmarks
+cargo run --bin provisioning-mcp-server --release
+```
+
+## Configuration
+
+Set via environment variables:
+
+```javascript
+export PROVISIONING_PATH=/path/to/provisioning
+export PROVISIONING_AI_PROVIDER=openai
+export OPENAI_API_KEY=your-key
+export PROVISIONING_DEBUG=true
+```
+
+## Integration Benefits
+
+1. **Philosophical Consistency**: Rust throughout the stack
+2. **Performance**: Sub-millisecond response times
+3. **Memory Safety**: No segfaults, no memory leaks
+4. **Concurrency**: Native async/await support
+5. **Distribution**: Single static binary
+6. **Cross-compilation**: ARM64/x86_64 support
+
+## Next Steps
+
+1. Full MCP SDK integration (schema definitions)
+2. WebSocket/TCP transport layer
+3. Plugin system for extensibility
+4. Metrics collection and monitoring
+5. Documentation and examples
+
+## Related Documentation
+
+- **Architecture**: [MCP Integration](../architecture/orchestrator-integration-model.md)