44648e3206
- Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
451 lines
11 KiB
TOML
451 lines
11 KiB
TOML
# Platform Services Configuration Constraints
|
|
# Single source of truth for validation limits across all services
|
|
# Used by: validators, TypeDialog forms, Nickel schemas
|
|
# Date: 2025-01-05
|
|
|
|
# ============================================================================
|
|
# ORCHESTRATOR CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[orchestrator.workers]
|
|
min = 1
|
|
max = 32
|
|
description = "Workflow engine worker thread count"
|
|
|
|
[orchestrator.queue.concurrent_tasks]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum concurrent tasks in workflow queue"
|
|
|
|
[orchestrator.queue.retry_attempts]
|
|
min = 0
|
|
max = 10
|
|
description = "Retry attempts for failed tasks"
|
|
|
|
[orchestrator.queue.retry_delay]
|
|
min = 1000
|
|
max = 60000
|
|
description = "Delay between retries in milliseconds (1s-60s)"
|
|
|
|
[orchestrator.queue.task_timeout]
|
|
min = 60000
|
|
max = 86400000
|
|
description = "Task execution timeout in milliseconds (1min-24hrs)"
|
|
|
|
[orchestrator.batch.parallel_limit]
|
|
min = 1
|
|
max = 50
|
|
description = "Batch workflow parallel operation limit"
|
|
|
|
[orchestrator.batch.operation_timeout]
|
|
min = 60000
|
|
max = 3600000
|
|
description = "Batch operation timeout in milliseconds (1min-1hr)"
|
|
|
|
[orchestrator.extensions.max_concurrent]
|
|
min = 1
|
|
max = 20
|
|
description = "Max concurrent extension operations"
|
|
|
|
# ============================================================================
|
|
# CONTROL CENTER CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[control_center.jwt.token_expiration]
|
|
min = 300
|
|
max = 604800
|
|
description = "JWT token expiration in seconds (5min-7days)"
|
|
|
|
[control_center.jwt.refresh_expiration]
|
|
min = 3600
|
|
max = 2592000
|
|
description = "JWT refresh token expiration in seconds (1hr-30days)"
|
|
|
|
[control_center.rate_limiting.max_requests]
|
|
min = 10
|
|
max = 10000
|
|
description = "Rate limiting max requests per window"
|
|
|
|
[control_center.rate_limiting.window_seconds]
|
|
min = 1
|
|
max = 3600
|
|
description = "Rate limiting window in seconds"
|
|
|
|
[control_center.session.max_duration]
|
|
min = 900
|
|
max = 2592000
|
|
description = "Session max duration in seconds (15min-30days)"
|
|
|
|
[control_center.mfa.max_attempts]
|
|
min = 1
|
|
max = 10
|
|
description = "MFA authentication max attempts before lockout"
|
|
|
|
[control_center.audit.retention_days]
|
|
min = 1
|
|
max = 3650
|
|
description = "Audit log retention in days (1-10 years)"
|
|
|
|
# ============================================================================
|
|
# MCP SERVER CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[mcp_server.tools.max_concurrent]
|
|
min = 1
|
|
max = 20
|
|
description = "Maximum concurrent tool executions"
|
|
|
|
[mcp_server.tools.timeout]
|
|
min = 5000
|
|
max = 600000
|
|
description = "Tool execution timeout in milliseconds (5s-10min)"
|
|
|
|
[mcp_server.resources.max_size]
|
|
min = 1048576
|
|
max = 1073741824
|
|
description = "Maximum resource size in bytes (1MB-1GB)"
|
|
|
|
[mcp_server.resources.cache_ttl]
|
|
min = 60
|
|
max = 3600
|
|
description = "Resource cache TTL in seconds (1min-1hr)"
|
|
|
|
[mcp_server.prompts.max_templates]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum custom prompt templates"
|
|
|
|
[mcp_server.sampling.max_tokens]
|
|
min = 100
|
|
max = 100000
|
|
description = "Max tokens for sampling operations"
|
|
|
|
# ============================================================================
|
|
# COMMON CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[common.server.port]
|
|
min = 1024
|
|
max = 65535
|
|
description = "Valid port range (avoid system ports < 1024)"
|
|
|
|
[common.server.workers]
|
|
min = 1
|
|
max = 32
|
|
description = "HTTP server worker thread count"
|
|
|
|
[common.server.max_connections]
|
|
min = 10
|
|
max = 10000
|
|
description = "Maximum concurrent HTTP connections"
|
|
|
|
[common.server.keep_alive]
|
|
min = 0
|
|
max = 600
|
|
description = "HTTP keep-alive timeout in seconds (0=disabled)"
|
|
|
|
[common.monitoring.metrics_interval]
|
|
min = 10
|
|
max = 300
|
|
description = "Metrics collection interval in seconds (10s-5min)"
|
|
|
|
[common.monitoring.health_check_interval]
|
|
min = 5
|
|
max = 300
|
|
description = "Health check interval in seconds (5s-5min)"
|
|
|
|
[common.monitoring.retention_days]
|
|
min = 1
|
|
max = 3650
|
|
description = "Metrics retention in days (1-10 years)"
|
|
|
|
[common.logging.max_file_size]
|
|
min = 1048576
|
|
max = 1073741824
|
|
description = "Max log file size in bytes (1MB-1GB)"
|
|
|
|
[common.logging.max_backups]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum log file backups to retain"
|
|
|
|
# ============================================================================
|
|
# DEPLOYMENT MODE: SOLO
|
|
# ============================================================================
|
|
|
|
[deployment.solo.cpu]
|
|
min = 2
|
|
max = 4
|
|
description = "Solo mode CPU cores (single developer)"
|
|
|
|
[deployment.solo.memory_mb]
|
|
min = 2048
|
|
max = 8192
|
|
description = "Solo mode memory allocation in MB (2GB-8GB)"
|
|
|
|
[deployment.solo.disk_gb]
|
|
min = 10
|
|
max = 100
|
|
description = "Solo mode disk allocation in GB (10GB-100GB)"
|
|
|
|
# ============================================================================
|
|
# DEPLOYMENT MODE: MULTIUSER
|
|
# ============================================================================
|
|
|
|
[deployment.multiuser.cpu]
|
|
min = 4
|
|
max = 8
|
|
description = "Multi-user mode CPU cores (team servers)"
|
|
|
|
[deployment.multiuser.memory_mb]
|
|
min = 4096
|
|
max = 16384
|
|
description = "Multi-user mode memory allocation in MB (4GB-16GB)"
|
|
|
|
[deployment.multiuser.disk_gb]
|
|
min = 50
|
|
max = 500
|
|
description = "Multi-user mode disk allocation in GB (50GB-500GB)"
|
|
|
|
[deployment.multiuser.postgres.max_connections]
|
|
min = 20
|
|
max = 200
|
|
description = "PostgreSQL max connections for multi-user"
|
|
|
|
# ============================================================================
|
|
# DEPLOYMENT MODE: CI/CD
|
|
# ============================================================================
|
|
|
|
[deployment.cicd.cpu]
|
|
min = 8
|
|
max = 16
|
|
description = "CI/CD mode CPU cores (pipeline servers)"
|
|
|
|
[deployment.cicd.memory_mb]
|
|
min = 8192
|
|
max = 32768
|
|
description = "CI/CD mode memory allocation in MB (8GB-32GB)"
|
|
|
|
[deployment.cicd.disk_gb]
|
|
min = 100
|
|
max = 1000
|
|
description = "CI/CD mode disk allocation in GB (100GB-1TB) - ephemeral"
|
|
|
|
# ============================================================================
|
|
# DEPLOYMENT MODE: ENTERPRISE
|
|
# ============================================================================
|
|
|
|
[deployment.enterprise.cpu]
|
|
min = 16
|
|
max = 128
|
|
description = "Enterprise mode CPU cores (production HA)"
|
|
|
|
[deployment.enterprise.memory_mb]
|
|
min = 32768
|
|
max = 262144
|
|
description = "Enterprise mode memory allocation in MB (32GB-256GB)"
|
|
|
|
[deployment.enterprise.disk_gb]
|
|
min = 500
|
|
max = 10000
|
|
description = "Enterprise mode disk allocation in GB (500GB-10TB)"
|
|
|
|
[deployment.enterprise.replicas]
|
|
min = 3
|
|
max = 10
|
|
description = "Enterprise HA replica count (minimum 3 for quorum)"
|
|
|
|
[deployment.enterprise.surrealdb.max_connections]
|
|
min = 100
|
|
max = 1000
|
|
description = "SurrealDB cluster max connections for enterprise"
|
|
|
|
# ============================================================================
|
|
# WORKSPACE CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[workspace.name]
|
|
pattern = "^[a-z0-9_-]{1,64}$"
|
|
description = "Workspace name: lowercase alphanumeric, underscore, hyphen, max 64 chars"
|
|
|
|
[workspace.path_min_length]
|
|
value = 1
|
|
description = "Minimum workspace path length"
|
|
|
|
[workspace.path_max_length]
|
|
value = 255
|
|
description = "Maximum workspace path length"
|
|
|
|
# ============================================================================
|
|
# SECURITY CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[security.password_min_length]
|
|
min = 8
|
|
max = 128
|
|
description = "Password minimum length for local auth"
|
|
|
|
[security.encryption_key_length]
|
|
min = 16
|
|
max = 64
|
|
description = "Encryption key length in bytes"
|
|
|
|
[security.rate_limit_lockout_minutes]
|
|
min = 5
|
|
max = 60
|
|
description = "Account lockout duration after max attempts (minutes)"
|
|
|
|
# ============================================================================
|
|
# BATCH WORKFLOW CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[batch_workflow.max_tasks_per_batch]
|
|
min = 1
|
|
max = 1000
|
|
description = "Maximum tasks per batch workflow"
|
|
|
|
[batch_workflow.max_parallel_operations]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum parallel operations in batch"
|
|
|
|
[batch_workflow.checkpoint_interval]
|
|
min = 1
|
|
max = 1000
|
|
description = "Checkpoint interval in task count"
|
|
|
|
[batch_workflow.max_checkpoints]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum checkpoints to retain per batch"
|
|
|
|
# ============================================================================
|
|
# VAULT SERVICE CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[vault_service.port]
|
|
min = 1024
|
|
max = 65535
|
|
description = "Vault service port number"
|
|
|
|
[vault_service.ha_enabled]
|
|
description = "High availability mode for enterprise deployments"
|
|
|
|
[vault_service.tls_verify]
|
|
description = "TLS certificate verification enabled"
|
|
|
|
# ============================================================================
|
|
# EXTENSION REGISTRY CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[registry.workers]
|
|
min = 1
|
|
max = 32
|
|
description = "Extension registry worker thread count"
|
|
|
|
[registry.cache_capacity]
|
|
min = 10
|
|
max = 100000
|
|
description = "Cache capacity in number of entries"
|
|
|
|
[registry.cache_ttl]
|
|
min = 30
|
|
max = 3600
|
|
description = "Cache TTL in seconds (30s-1hr)"
|
|
|
|
[registry.server_port]
|
|
min = 1024
|
|
max = 65535
|
|
description = "Extension registry server port"
|
|
|
|
# ============================================================================
|
|
# RAG SYSTEM CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[rag.embedding_dimensions]
|
|
allowed = [384, 768, 1536, 3072]
|
|
description = "Valid embedding vector dimensions"
|
|
|
|
[rag.chunk_size]
|
|
min = 128
|
|
max = 4096
|
|
description = "Document chunk size in characters"
|
|
|
|
[rag.chunk_overlap]
|
|
min = 0
|
|
max = 1024
|
|
description = "Overlap between chunks in characters"
|
|
|
|
[rag.top_k]
|
|
min = 1
|
|
max = 100
|
|
description = "Number of top results to retrieve"
|
|
|
|
[rag.similarity_threshold]
|
|
min = 0.0
|
|
max = 1.0
|
|
description = "Minimum similarity score (0.0-1.0)"
|
|
|
|
[rag.batch_size]
|
|
min = 1
|
|
max = 500
|
|
description = "Batch size for embedding operations"
|
|
|
|
# ============================================================================
|
|
# AI SERVICE CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[ai_service.workers]
|
|
min = 1
|
|
max = 32
|
|
description = "AI service worker thread count"
|
|
|
|
[ai_service.server_port]
|
|
min = 1024
|
|
max = 65535
|
|
description = "AI service server port"
|
|
|
|
[ai_service.max_concurrent_tasks]
|
|
min = 1
|
|
max = 100
|
|
description = "Maximum concurrent DAG task executions"
|
|
|
|
[ai_service.task_timeout]
|
|
min = 10000
|
|
max = 3600000
|
|
description = "Task timeout in milliseconds (10s-1hr)"
|
|
|
|
[ai_service.rag_timeout]
|
|
min = 5000
|
|
max = 600000
|
|
description = "RAG service call timeout in milliseconds (5s-10min)"
|
|
|
|
[ai_service.mcp_timeout]
|
|
min = 5000
|
|
max = 600000
|
|
description = "MCP service call timeout in milliseconds (5s-10min)"
|
|
|
|
# ============================================================================
|
|
# PROVISIONING DAEMON CONSTRAINTS
|
|
# ============================================================================
|
|
|
|
[daemon.poll_interval]
|
|
min = 5
|
|
max = 3600
|
|
description = "Polling interval in seconds (5s-1hr)"
|
|
|
|
[daemon.max_workers]
|
|
min = 1
|
|
max = 32
|
|
description = "Maximum worker threads for daemon operations"
|
|
|
|
[daemon.max_age]
|
|
min = 3600
|
|
max = 604800
|
|
description = "Maximum age for daemon state data in seconds (1hr-7days)"
|
|
|
|
[daemon.health_check_interval]
|
|
min = 10
|
|
max = 300
|
|
description = "Health check interval in seconds (10s-5min)"
|