# schemas/lib/capabilities.ncl — InfraCapabilities contract
#
# Declares what the infrastructure provides: cluster runtime, storage classes,
# ingress, TLS, volumes, networking, and registry topology.
# Source of truth for cross-validation against component requires.* fields
# and for registry resolution by integration tooling (prvng i).
#
# Usage:
#   let cap = import "schemas/lib/capabilities.ncl" in
#   { provides | cap.InfraCapabilities = { ... } }

{
  # Registry roles — determines namespace ownership and sync direction.
  #   'primary  canonical store; other registries replicate FROM it
  #   'build    builder-local store; owns ephemeral cache namespaces
  #   'dev      developer workstation; on-demand mirror of primary
  #   'mirror   read-only replica with no own namespaces
  RegistryRole = [| 'primary, 'build, 'dev, 'mirror |],

  # Per-registry namespace policy.
  #   own          — namespaces this registry is authoritative for
  #   replicate_to — ids of other registries that should receive sync of `prefixes`
  #   mirror_from  — id of upstream registry to mirror `prefixes` from (on-demand)
  #   prefixes     — which namespace prefixes are synced (cross-registry contracts)
  RegistryNamespaces = {
    own          | Array String | default = [],
    replicate_to | Array String | default = [],
    mirror_from  | String       | optional,
    prefixes     | Array String | default = [],
  },

  RegistryEntry = {
    id         | String,
    endpoint   | String,
    role       | RegistryRole,
    tls        | Bool   | default = true,
    namespaces | RegistryNamespaces | default = {},
  },

  # Multi-registry topology for a workspace.
  #   registries — ordered list; first 'primary entry is the canonical store
  #   default    — id of the registry used by integration tooling when no
  #                --registry flag or PROVISIONING_REGISTRY env is set
  RegistriesConfig = {
    registries | Array RegistryEntry | default = [],
    default    | String | optional,
  },

  InfraCapabilities = {
    cluster | {
      name    | String,
      runtime | String,
      ..
    } | optional,
    storage_classes   | Array String | default = [],
    ingress_class     | String | optional,
    container_runtime | String | optional,
    volumes           | { _ | { mount | String, size_gb | Number } } | default = {},
    networking | {
      private_network | String | optional,
      subnet          | String | optional,
      floating_ip     | String | optional,
      ..
    } | default = {},
    tls | {
      cluster_issuer | String | optional,
      available      | Bool | default = false,
      ..
    } | default = {},
    registries | RegistriesConfig | default = {},
    ..
  },
}