# Provisioning Repository - Changes --- ## 2026-05-12 — nickel branch consolidation ### ADR-025 Amendments: Eager function-body parse (2026-04-17) **Decision**: Nushell parses `use` statements inside function bodies at module-load time. Subprocess boundary is the only true lazy-load mechanism. **Constraints added/amended**: - `bash-wrapper-has-no-runner-reference` — now permits `provisioning-cli.nu` as transitional fallback - `universal-fallback-is-transitional` — 22 unmapped commands are explicit migration debt; must be resolved before lazy-load architecture is considered complete - `every-registry-command-has-thin-handler` — made directional (progress metric, not gate) **Rejected approach**: Single-entry `provisioning-cli.nu` for hot paths — measured at 3.1s vs 0.08–0.15s for thin handlers. All 15 dispatcher wrappers fire at module-load regardless of invoked command. **Files**: `adrs/adr-025-unified-lazy-loading.ncl` --- ### Platform Services Documentation (2026-02-03) **All 10 platform services documented** with endpoint catalogue and local setup guide. **Services**: | Service | Endpoints | Notes | | ------- | --------- | ----- | | vault | 8 | Transit encryption, dynamic secrets | | registry | 6 | OCI extension distribution | | control-center | 12 | RBAC, audit, compliance | | rag | 5 | Vector search, document ingestion | | ai-service | 7 | Model routing, DAG execution | | mcp-server | 4 | AI-powered config tools | | daemon | 3 | State sync, health aggregation | | orchestrator | 8 | Workflow execution, checkpoints | | detector | 4 | Anomaly detection, alerts | | ui | 3 | Web control center frontend | **Added**: - `docs/src/operations/platform-services-inventory.md` — 50+ endpoints - `docs/src/operations/local-services-setup.md` — build, config, troubleshooting - `scripts/start-local-binaries.nu` — dependency-ordered service startup automation --- ### TypeDialog Migration (2026-01-09) **`forminquire` fully replaced** by TOML-driven `typedialog` with TTY wrappers. **New form registry** (`.typedialog/`): - `core/forms/auth-login.toml` - `core/forms/mfa-enroll.toml` - `core/forms/setup-wizard.toml` - `core/forms/infrastructure/server_delete_confirm.toml` - `core/forms/infrastructure/cluster_delete_confirm.toml` - `core/forms/infrastructure/taskserv_delete_confirm.toml` - `core/forms/infrastructure/generic_delete_confirm.toml` - `platform/forms/ai-service-form.toml` (with Nickel fragment composition) - `platform/forms/control-center-form.toml` - `platform/forms/extension-registry-form.toml` **Documentation**: `.typedialog/README.md`, `platform/forms/README.md`, `platform/forms/fragments/README.md` **Architecture doc**: `docs/src/architecture/config-loading-architecture.md` --- ### Nushell 0.110.0 Compatibility (2026-01-21) - Fixed `try`/`catch` syntax across `.typedialog/platform/scripts/`, `bootstrap/install.nu`, example deploy scripts - Updated `external.nu`, `paths.nu`, `export-toml.nu` for Nu 0.110.0 API changes - Removed stale session reports from `.coder/` - Relocated `nickel-installation-guide.md` into `docs/src/setup/` --- ## 2026-01-08 — Nickel IaC migration complete **Repository**: provisioning (standalone, nickel branch) **Changes**: Nickel IaC migration complete — Legacy KCL and config cleanup --- ## 📋 Summary Complete migration to Nickel-based infrastructure-as-code with consolidated configuration strategy. Legacy KCL schemas, deprecated config files, and redundant documentation removed. New project structure with `.cargo/`, `.github/`, and schema-driven configuration system. --- ## 📁 Changes by Directory ### ✅ REMOVED (Legacy KCL Ecosystem) - **config/** - Deprecated TOML configs (config.defaults.toml, kms.toml, plugins.toml, etc.) - **config/cedar-policies/** - Legacy Cedar policies (moved to Nickel schemas) - **config/templates/** - Old Jinja2 templates (replaced by Nickel generator/) - **config/installer-examples/** - KCL-based examples - **docs/src/** - Legacy documentation (full migration to provisioning/docs/src/) - **kcl/** - Complete removal (all workspaces migrated to Nickel) - **tools/kcl-packager.nu** - KCL packaging system ### ✅ ADDED (Nickel IaC & New Structure) - **.cargo/** - Rust build configuration (clippy settings, rustfmt.toml) - **.github/** - GitHub Actions CI/CD workflows - **schemas/** - Nickel schema definitions (primary IaC format) - main.ncl, provider-aws.ncl, provider-local.ncl, provider-upcloud.ncl - Infrastructure, deployment, services, operations schemas - **docs/src/architecture/adr/** - ADR updates for Nickel migration - adr-010-configuration-format-strategy.md - adr-011-nickel-migration.md - adr-012-nushell-nickel-plugin-cli-wrapper.md ### 📝 UPDATED (Core System) - **provisioning/docs/src/** - Comprehensive product documentation - API reference, architecture, guides, operations, security, testing - Nickel configuration guide with examples - Migrated from legacy KCL documentation - **core/** - Updated with Nickel integration - Scripts, plugins, CLI updated for Nickel schema parsing - **justfiles/** - Added ci.just for Nickel-aware CI/CD - **README.md** - Complete restructure for Nickel-first approach - **.gitignore** - Updated to ignore Nickel build artifacts --- ## 📊 Change Statistics | Category | Removed | Added | Modified | | ---------- | --------- | ------- | ---------- | | Configuration | 50+ | 10+ | 3 | | Documentation | 150+ | 200+ | 40+ | | Infrastructure | 1 (kcl/) | - | - | | Plugins | 1 | - | 5+ | | Build System | 5 | 8+ | 3 | | **Total** | **~220 files** | **~250 files** | **50+ files** | ## ⚠️ Breaking Changes 1. **KCL Sunset**: All KCL infrastructure code removed. Migrate workspaces using `nickel-kcl-bridge` or rewrite directly in Nickel. 2. **Config Format**: TOML configuration files moved to schema-driven Nickel system. Legacy config loading deprecated. 3. **Documentation**: Old KCL/legacy docs removed. Use `provisioning/docs/` for current product documentation. 4. **Plugin System**: Updated to Nickel-aware plugin API. Legacy Nushell plugins require recompilation. ## 🔧 Migration Path ```bash # For existing workspaces: provisioning workspace migrate --from-kcl # For custom configs: nickel eval --format json | jq '.' ``` ## ✨ Key Features - **Type-Safe**: Nickel schemas eliminate silent config errors - **Composable**: Modular infrastructure definitions with lazy evaluation - **Documented**: Schema validation built-in, IDE support via LSP - **Validated**: All imports pre-checked, circular dependencies prevented - **Bridge Available**: `nickel-kcl-bridge` for gradual KCL→Nickel migration --- ## 📝 Implementation Details ### Nickel Schema System - **Three-tier architecture**: infrastructure, operations, deployment - **Lazy evaluation**: Efficient resource binding and composition - **Record merging**: Clean override patterns without duplication - **Type validation**: LSP-aware with IDE auto-completion - **Generator system**: Nickel-based dynamic configuration at runtime ### Documentation Reorganization - **provisioning/docs/src/** (200+ files) - Customer-facing product docs - **docs/src/** (20-30 files) - Architecture and development guidelines - **.coder/** - Session files and implementation records - Separation of concerns: Product docs isolated from session artifacts ### CI/CD Integration - GitHub Actions workflows for Rust, Nickel, Nushell - Automated schema validation pre-commit - Cross-platform testing (Linux, macOS) - Build artifact caching for fast iteration --- ## ⚠️ Compatibility Notes **Breaking**: KCL workspaces require migration to Nickel. Use schema-aware tooling for validation. **Migration support**: `nickel-kcl-bridge` tool and guides available in `provisioning/docs/src/development/`. **Legacy configs**: Old TOML files no longer loaded. Migrate to Nickel schema format via CLI tool. --- **Status**: Nickel migration complete. System is production-ready. **Date**: 2026-01-08 **Branch**: nickel --- *Last updated: 2026-05-12*