provisioning/schemas/platform/deployment/enterprise.ncl

# Enterprise Mode Schema
# Production-grade deployment with high availability, compliance, and extensive operations
# Resources: 16+ CPU, 32+ GB RAM, 500GB+ disk with HA setup

{
  EnterpriseModeConfig = {
    # Deployment mode identifier
    mode  | String = 'enterprise,

    # Resource allocation (distributed across replicas)
    resources = {
      cpu_cores | String,
      memory_mb | String,
      disk_gb | String,
      max_connections | String | optional,
    },

    # Service enablement (fully featured)
    services = {
      orchestrator = {
        enabled | String,
        storage_backend | String,
        workers | String | optional,
        queue_max_concurrent_tasks | String | optional,
        batch_parallel_limit | Number | optional,
        multi_workspace_enabled | String | optional,
        high_availability | String,
      },
      control_center = {
        enabled | String,
        database | String,
        high_availability | String,
        audit_logging | String,
        policy_caching_enabled | String | optional,
      },
      mcp_server = {
        enabled | String,
        protocol | String | optional,
        max_concurrent_tools | String | optional,
        caching_enabled | String | optional,
        replication_enabled | String | optional,
      },
      installer = {
        enabled | String | optional,
      },
      prometheus = {
        enabled | String,
        port | Number | optional,
        retention_days | Number | optional,
      },
      grafana = {
        enabled | String,
        port | Number | optional,
      },
      loki = {
        enabled | String,
        retention_days | Number | optional,
      },
      harbor = {
        enabled | String | optional,
        registry_url | String | optional,
      },
      postgresql = {
        enabled | String,
        replicas | String | optional,
        backup_enabled | String | optional,
        backup_schedule | String | optional,
      },
    },

    # High Availability (required)
    ha = {
      enabled | String,
      replicas | String,
      min_replicas | String | optional,
      max_replicas | String | optional,
      load_balancer | String,
      service_mesh | String | optional,
      database_replication | String | optional,
      backup_enabled | String,
      backup_schedule | String | optional,
      disaster_recovery_enabled | String | optional,
    },

    # Security configuration (comprehensive)
    security = {
      auto_generate_secrets | String,
      kms_backend | String,
      audit_logging | String,
      audit_log_retention_days | Number | optional,
      tls_enabled | String,
      tls_certificate_provider | String | optional,
      rbac_enabled | String,
      rbac_hierarchy | String | optional,
      mfa_enabled | String,
      mfa_method | String | optional,
      mfa_required_for_admin | String | optional,
      session_timeout | Number | optional,
      password_policy_enforced | String | optional,
      api_rate_limiting_enabled | String | optional,
    },

    # Compliance and governance
    compliance = {
      enabled | String,
      framework | String,
      data_retention_years | String | optional,
      encryption_at_rest | String,
      encryption_in_transit | String,
      field_level_encryption | String | optional,
      audit_trail_enabled | String,
      anonymization_enabled | String | optional,
    },

    # Multi-tenancy (optional)
    multi_tenancy = {
      enabled | String | optional,
      tenant_isolation | String | optional,
      tenant_limits_enabled | String | optional,
    },

    # Disaster recovery
    disaster_recovery = {
      enabled | String,
      rto_minutes | Number | optional,
      rpo_minutes | Number | optional,
      backup_location | String,
      cross_region_backup | String | optional,
    },

    # User and access management
    users = {
      ldap_enabled | String | optional,
      ldap_server_url | String | optional,
      oauth2_enabled | String | optional,
      oauth2_provider | String | optional,
      saml_enabled | String | optional,
      saml_idp_url | String | optional,
      max_active_sessions | String | optional,
      password_expiration_days | Number | optional,
      inactive_session_timeout | Number | optional,
    },

    # Networking (enterprise-grade)
    networking = {
      bind_localhost_only | String,
      expose_services | String,
      load_balancer | String,
      allowed_origins | Array String | optional,
      cors_enabled | String | optional,
      waf_enabled | String | optional,
      ddos_protection_enabled | String | optional,
      vpc_enabled | String | optional,
      network_segmentation | String | optional,
    },

    # Monitoring and observability (comprehensive)
    monitoring = {
      enabled | String,
      metrics_enabled | String,
      metrics_scrape_interval_seconds | Number | optional,
      metrics_retention_days | Number | optional,
      health_checks_enabled | String,
      health_check_interval_seconds | Number | optional,
      logging_level | String | optional,
      distributed_tracing_enabled | String,
      alerting_enabled | String | optional,
      alert_channels | Array String | optional,
      performance_profiling | String | optional,
      resource_usage_monitoring | String | optional,
    },

    # Support and operations
    operations = {
      support_level | String | optional,
      sla_enabled | String | optional,
      sla_uptime_percentage | Number | optional,
      incident_response_enabled | String | optional,
      runbook_enabled | String | optional,
      on_call_rotation_enabled | String | optional,
    },

    # Performance and optimization (production-ready)
    performance = {
      cache_enabled | String,
      cache_ttl_seconds | Number | optional,
      cache_size_mb | String | optional,
      batch_size | Number | optional,
      connection_pooling_enabled | String | optional,
      query_caching_enabled | String | optional,
    },
  },
}