# Infrastructure-from-Code (IaC) Guide ## Overview The Infrastructure-from-Code system automatically detects technologies in your project and infers infrastructure requirements based on organization-specific rules. It consists of three main commands: - **detect**: Scan a project and identify technologies - **complete**: Analyze gaps and recommend infrastructure components - **ifc**: Full-pipeline orchestration (workflow) ## Quick Start ### 1. Detect Technologies in Your Project Scan a project directory for detected technologies: ```bash provisioning detect /path/to/project --out json ``` **Output Example:** ```json { "detections": [ {"technology": "nodejs", "confidence": 0.95}, {"technology": "postgres", "confidence": 0.92} ], "overall_confidence": 0.93 } ``` ### 2. Analyze Infrastructure Gaps Get a completeness assessment and recommendations: ```bash provisioning complete /path/to/project --out json ``` **Output Example:** ```json { "completeness": 1.0, "changes_needed": 2, "is_safe": true, "change_summary": "+ Adding: postgres-backup, pg-monitoring" } ``` ### 3. Run Full Workflow Orchestrate detection → completion → assessment pipeline: ```bash provisioning ifc /path/to/project --org default ``` **Output:** ```plaintext ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔄 Infrastructure-from-Code Workflow ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ STEP 1: Technology Detection ──────────────────────────── ✓ Detected 2 technologies STEP 2: Infrastructure Completion ───────────────────────────────── ✓ Completeness: 1% ✅ Workflow Complete ``` ## Command Reference ### detect Scan and detect technologies in a project. **Usage:** ```bash provisioning detect [PATH] [OPTIONS] ``` **Arguments:** - `PATH`: Project directory to analyze (default: current directory) **Options:** - `-o, --out TEXT`: Output format - `text`, `json`, `yaml` (default: `text`) - `-C, --high-confidence-only`: Only show detections with confidence > 0.8 - `--pretty`: Pretty-print JSON/YAML output - `-x, --debug`: Enable debug output **Examples:** ```bash # Detect with default text output provisioning detect /path/to/project # Get JSON output for parsing provisioning detect /path/to/project --out json | jq '.detections' # Show only high-confidence detections provisioning detect /path/to/project --high-confidence-only # Pretty-printed YAML output provisioning detect /path/to/project --out yaml --pretty ``` ### complete Analyze infrastructure completeness and recommend changes. **Usage:** ```bash provisioning complete [PATH] [OPTIONS] ``` **Arguments:** - `PATH`: Project directory to analyze (default: current directory) **Options:** - `-o, --out TEXT`: Output format - `text`, `json`, `yaml` (default: `text`) - `-c, --check`: Check mode (report only, no changes) - `--pretty`: Pretty-print JSON/YAML output - `-x, --debug`: Enable debug output **Examples:** ```bash # Analyze completeness provisioning complete /path/to/project # Get detailed JSON report provisioning complete /path/to/project --out json # Check mode (dry-run, no changes) provisioning complete /path/to/project --check ``` ### ifc (workflow) Run the full Infrastructure-from-Code pipeline. **Usage:** ```bash provisioning ifc [PATH] [OPTIONS] ``` **Arguments:** - `PATH`: Project directory to process (default: current directory) **Options:** - `--org TEXT`: Organization name for rule loading (default: `default`) - `-o, --out TEXT`: Output format - `text`, `json` (default: `text`) - `--apply`: Apply recommendations (future feature) - `-v, --verbose`: Verbose output with timing - `--pretty`: Pretty-print output - `-x, --debug`: Enable debug output **Examples:** ```bash # Run workflow with default rules provisioning ifc /path/to/project # Run with organization-specific rules provisioning ifc /path/to/project --org acme-corp # Verbose output with timing provisioning ifc /path/to/project --verbose # JSON output for automation provisioning ifc /path/to/project --out json ``` ## Organization-Specific Inference Rules Customize how infrastructure is inferred for your organization. ### Understanding Inference Rules An inference rule tells the system: "If we detect technology X, we should recommend taskservice Y." **Rule Structure:** ```yaml version: "1.0.0" organization: "your-org" rules: - name: "rule-name" technology: ["detected-tech"] infers: "required-taskserv" confidence: 0.85 reason: "Why this taskserv is needed" required: true ``` ### Creating Custom Rules Create an organization-specific rules file: ```bash # ACME Corporation rules cat > $PROVISIONING/config/inference-rules/acme-corp.yaml << 'EOF' version: "1.0.0" organization: "acme-corp" description: "ACME Corporation infrastructure standards" rules: - name: "nodejs-to-redis" technology: ["nodejs", "express"] infers: "redis" confidence: 0.85 reason: "Node.js applications need caching" required: false - name: "postgres-to-backup" technology: ["postgres"] infers: "postgres-backup" confidence: 0.95 reason: "All databases require backup strategy" required: true - name: "all-services-monitoring" technology: ["nodejs", "python", "postgres"] infers: "monitoring" confidence: 0.90 reason: "ACME requires monitoring on production services" required: true EOF ``` Then use them: ```bash provisioning ifc /path/to/project --org acme-corp ``` ### Default Rules If no organization rules are found, the system uses sensible defaults: - Node.js + Express → Redis (caching) - Node.js → Nginx (reverse proxy) - Database → Backup (data protection) - Docker → Kubernetes (orchestration) - Python → Gunicorn (WSGI server) - PostgreSQL → Monitoring (production safety) ## Output Formats ### Text Output (Default) Human-readable format with visual indicators: ```plaintext STEP 1: Technology Detection ──────────────────────────── ✓ Detected 2 technologies STEP 2: Infrastructure Completion ───────────────────────────────── ✓ Completeness: 1% ``` ### JSON Output Structured format for automation and parsing: ```bash provisioning detect /path/to/project --out json | jq '.detections[0]' ``` Output: ```json { "technology": "nodejs", "confidence": 0.8333333134651184, "evidence_count": 1 } ``` ### YAML Output Alternative structured format: ```bash provisioning detect /path/to/project --out yaml ``` ## Practical Examples ### Example 1: Node.js + PostgreSQL Project ```bash # Step 1: Detect $ provisioning detect my-app ✓ Detected: nodejs, express, postgres, docker # Step 2: Complete $ provisioning complete my-app ✓ Changes needed: 3 - redis (caching) - nginx (reverse proxy) - pg-backup (database backup) # Step 3: Full workflow $ provisioning ifc my-app --org acme-corp ``` ### Example 2: Python Django Project ```bash $ provisioning detect django-app --out json { "detections": [ {"technology": "python", "confidence": 0.95}, {"technology": "django", "confidence": 0.92} ] } # Inferred requirements (with gunicorn, monitoring, backup) ``` ### Example 3: Microservices Architecture ```bash $ provisioning ifc microservices/ --org mycompany --verbose 🔍 Processing microservices/ - service-a: nodejs + postgres - service-b: python + redis - service-c: go + mongodb ✓ Detected common patterns ✓ Applied 12 inference rules ✓ Generated deployment plan ``` ## Integration with Automation ### CI/CD Pipeline Example ```bash #!/bin/bash # Check infrastructure completeness in CI/CD PROJECT_PATH=${1:-.} COMPLETENESS=$(provisioning complete $PROJECT_PATH --out json | jq '.completeness') if (( $(echo "$COMPLETENESS < 0.9" | bc -l) )); then echo "❌ Infrastructure completeness too low: $COMPLETENESS" exit 1 fi echo "✅ Infrastructure is complete: $COMPLETENESS" ``` ### Configuration as Code Integration ```bash # Generate JSON for infrastructure config provisioning detect /path/to/project --out json > infra-report.json # Use in your config processing cat infra-report.json | jq '.detections[]' | while read -r tech; do echo "Processing technology: $tech" done ``` ## Troubleshooting ### "Detector binary not found" **Solution:** Ensure the provisioning project is properly built: ```bash cd $PROVISIONING/platform cargo build --release --bin provisioning-detector ``` ### No technologies detected **Check:** 1. Project path is correct: `provisioning detect /actual/path` 2. Project contains recognizable technologies (package.json, Dockerfile, requirements.txt, etc.) 3. Use `--debug` flag for more details: `provisioning detect /path --debug` ### Organization rules not being applied **Check:** 1. Rules file exists: `$PROVISIONING/config/inference-rules/{org}.yaml` 2. Organization name is correct: `provisioning ifc /path --org myorg` 3. Verify rules structure with: `cat $PROVISIONING/config/inference-rules/myorg.yaml` ## Advanced Usage ### Custom Rule Template Generate a template for a new organization: ```bash # Template will be created with proper structure provisioning rules create --org neworg ``` ### Validate Rule Files ```bash # Check for syntax errors provisioning rules validate /path/to/rules.yaml ``` ### Export Rules for Integration Export as Rust code for embedding: ```bash provisioning rules export myorg --format rust > rules.rs ``` ## Best Practices 1. **Organize by Organization**: Keep separate rules for different organizations 2. **High Confidence First**: Start with rules you're confident about (confidence > 0.8) 3. **Document Reasons**: Always fill in the `reason` field for maintainability 4. **Test Locally**: Run on sample projects before applying organization-wide 5. **Version Control**: Commit inference rules to version control 6. **Review Changes**: Always inspect recommendations with `--check` first ## Related Commands ```bash # View available taskservs that can be inferred provisioning taskserv list # Create inferred infrastructure provisioning taskserv create {inferred-name} # View current configuration provisioning env | grep PROVISIONING ``` ## Support and Documentation - **Full CLI Help**: `provisioning help` - **Specific Command Help**: `provisioning help detect` - **Configuration Guide**: See `CONFIG_ENCRYPTION_GUIDE.md` - **Task Services**: See `SERVICE_MANAGEMENT_GUIDE.md` --- ## Quick Reference ### 3-Step Workflow ```bash # 1. Detect technologies provisioning detect /path/to/project # 2. Analyze infrastructure gaps provisioning complete /path/to/project # 3. Run full workflow (detect + complete) provisioning ifc /path/to/project --org myorg ``` ### Common Commands | Task | Command | | ------ | --------- | | **Detect technologies** | `provisioning detect /path` | | **Get JSON output** | `provisioning detect /path --out json` | | **Check completeness** | `provisioning complete /path` | | **Dry-run (check mode)** | `provisioning complete /path --check` | | **Full workflow** | `provisioning ifc /path --org myorg` | | **Verbose output** | `provisioning ifc /path --verbose` | | **Debug mode** | `provisioning detect /path --debug` | ### Output Formats ```bash # Text (human-readable) provisioning detect /path --out text # JSON (for automation) provisioning detect /path --out json | jq '.detections' # YAML (for configuration) provisioning detect /path --out yaml ``` ### Organization Rules #### Use Organization Rules ```bash provisioning ifc /path --org acme-corp ``` #### Create Rules File ```bash mkdir -p $PROVISIONING/config/inference-rules cat > $PROVISIONING/config/inference-rules/myorg.yaml << 'EOF' version: "1.0.0" organization: "myorg" rules: - name: "nodejs-to-redis" technology: ["nodejs"] infers: "redis" confidence: 0.85 reason: "Caching layer" required: false EOF ``` ### Example: Node.js + PostgreSQL ```bash $ provisioning detect myapp ✓ Detected: nodejs, postgres $ provisioning complete myapp ✓ Changes: +redis, +nginx, +pg-backup $ provisioning ifc myapp --org default ✓ Detection: 2 technologies ✓ Completion: recommended changes ✅ Workflow complete ``` ### CI/CD Integration ```bash #!/bin/bash # Check infrastructure is complete before deploy COMPLETENESS=$(provisioning complete . --out json | jq '.completeness') if (( $(echo "$COMPLETENESS < 0.9" | bc -l) )); then echo "Infrastructure incomplete: $COMPLETENESS" exit 1 fi ``` ### JSON Output Examples #### Detect Output ```json { "detections": [ {"technology": "nodejs", "confidence": 0.95}, {"technology": "postgres", "confidence": 0.92} ], "overall_confidence": 0.93 } ``` #### Complete Output ```json { "completeness": 1.0, "changes_needed": 2, "is_safe": true, "change_summary": "+ redis, + monitoring" } ``` ### Flag Reference | Flag | Short | Purpose | | ------ | ------- | --------- | | `--out TEXT` | `-o` | Output format: text, json, yaml | | `--debug` | `-x` | Enable debug output | | `--pretty` | | Pretty-print JSON/YAML | | `--check` | `-c` | Dry-run (detect/complete) | | `--org TEXT` | | Organization name (ifc) | | `--verbose` | `-v` | Verbose output (ifc) | | `--apply` | | Apply changes (ifc, future) | ### Troubleshooting | Issue | Solution | | ------- | ---------- | | "Detector binary not found" | `cd $PROVISIONING/platform && cargo build --release` | | No technologies detected | Check file types (.py, .js, go.mod, package.json, etc.) | | Organization rules not found | Verify file exists: `$PROVISIONING/config/inference-rules/{org}.yaml` | | Invalid path error | Use absolute path: `provisioning detect /full/path` | ### Environment Variables | Variable | Purpose | | ---------- | --------- | | `$PROVISIONING` | Path to provisioning root | | `$PROVISIONING_ORG` | Default organization (optional) | ### Default Inference Rules - Node.js + Express → Redis (caching) - Node.js → Nginx (reverse proxy) - Database → Backup (data protection) - Docker → Kubernetes (orchestration) - Python → Gunicorn (WSGI) - PostgreSQL → Monitoring (production) ### Useful Aliases ```bash # Add to shell config alias detect='provisioning detect' alias complete='provisioning complete' alias ifc='provisioning ifc' # Usage detect /my/project complete /my/project ifc /my/project --org myorg ``` ### Tips & Tricks **Parse JSON in bash:** ```bash provisioning detect . --out json | \ jq '.detections[] | .technology' | \ sort | uniq ``` **Watch for changes:** ```bash watch -n 5 'provisioning complete . --out json | jq ".completeness"' ``` **Generate reports:** ```bash provisioning detect . --out yaml > detection-report.yaml provisioning complete . --out yaml > completion-report.yaml ``` **Validate all organizations:** ```bash for org in $PROVISIONING/config/inference-rules/*.yaml; do org_name=$(basename "$org" .yaml) echo "Testing $org_name..." provisioning ifc . --org "$org_name" --check done ``` ### Related Guides - Full guide: `docs/user/INFRASTRUCTURE_FROM_CODE_GUIDE.md` - Inference rules: `docs/user/INFRASTRUCTURE_FROM_CODE_GUIDE.md#organization-specific-inference-rules` - Service management: `docs/user/SERVICE_MANAGEMENT_QUICKREF.md` - Configuration: `docs/user/CONFIG_ENCRYPTION_QUICKREF.md`