let d = import "ontology/defaults/gate.ncl" in { membranes = [ d.make_membrane { id = "control-plane-readiness", name = "Control Plane Readiness", description = "Controls when the provisioning control plane is ready for production deployment and multi-user mode.", permeability = 'Low, accepts = ['EcosystemRelevance], protects = ["production deployment", "multi-user mode"], opening_condition = { max_tension_dimensions = 2, pending_transitions = 2, core_stable = true, description = "Orchestrator + Control Center operational, NATS streams configured and stable, SOLID boundaries passing all 6 enforcement layers, Cedar policies loaded and evaluated.", }, closing_condition = "Any SOLID enforcement layer failing or NATS stream misconfiguration detected.", max_duration = 'Indefinite, protocol = 'Challenge, active = false, }, d.make_membrane { id = "workspace-certification", name = "Workspace Certification", description = "Controls when a workspace is ready for production use — all taskservs validated, config schema-checked, provider capabilities matched.", permeability = 'Medium, accepts = ['EcosystemRelevance, 'OpportunityAlignment], protects = ["workspace production use"], opening_condition = { max_tension_dimensions = 3, pending_transitions = 3, core_stable = true, description = "All taskservs in workspace have dependencies.ncl, config validates via nickel typecheck, provider capabilities match requirements.", }, closing_condition = "Workspace config fails schema validation or provider capabilities no longer match declared requirements.", max_duration = 'Indefinite, protocol = 'Observe, active = false, }, ], }