provisioning/config/plugins.toml

# Provisioning Platform - Plugin Configuration
#
# This file configures the three critical Nushell plugins that provide
# high-performance operations for the provisioning platform.
#
# Performance gains:
# - Auth operations: ~10x faster (local JWT verification)
# - KMS operations: ~10x faster (no HTTP encryption)
# - Orchestrator queries: ~30x faster (direct file I/O)

[plugins]
# Enable plugin system (set to false to use HTTP fallback only)
enabled = true

# Plugin version (matches provisioning platform version)
version = "0.1.0"

# Auto-load plugins on startup
auto_load = true

# Graceful fallback to HTTP API if plugins unavailable
fallback_enabled = true

# =============================================================================
# Authentication Plugin (nu_plugin_auth)
# =============================================================================
[plugins.auth]
name = "nu_plugin_auth"
enabled = true
description = "JWT authentication with system keyring integration"
priority = 1

# Commands provided by this plugin
commands = [
    "auth login",
    "auth logout",
    "auth verify",
    "auth sessions",
    "auth mfa enroll",
    "auth mfa verify"
]

# Features
features = [
    "jwt_rs256",           # RS256 token signing
    "system_keyring",      # OS-native secure storage
    "mfa_totp",            # Time-based OTP
    "mfa_webauthn",        # FIDO2/WebAuthn
    "session_management"   # Multiple session support
]

# Fallback HTTP endpoint when plugin unavailable
fallback_endpoint = "http://localhost:8081/api/auth"

# Performance characteristics
[plugins.auth.performance]
typical_latency_ms = 10
http_fallback_latency_ms = 50
improvement_factor = 5

# =============================================================================
# KMS Plugin (nu_plugin_kms)
# =============================================================================
[plugins.kms]
name = "nu_plugin_kms"
enabled = true
description = "Multi-backend Key Management System encryption"
priority = 2

# Commands provided by this plugin
commands = [
    "kms encrypt",
    "kms decrypt",
    "kms generate-key",
    "kms status",
    "kms list-backends"
]

# Supported KMS backends
backends = [
    "rustyvault",   # Primary - local Vault-compatible
    "age",          # File-based encryption
    "cosmian",      # Privacy-preserving
    "aws",          # AWS KMS
    "vault"         # HashiCorp Vault
]

# Default backend selection priority
backend_priority = ["rustyvault", "age", "vault", "aws", "cosmian"]

# Fallback HTTP endpoint when plugin unavailable
fallback_endpoint = "http://localhost:8082/api/kms"

# Environment variables for backend configuration
[plugins.kms.env_vars]
rustyvault = ["RUSTYVAULT_ADDR", "RUSTYVAULT_TOKEN"]
age = ["AGE_RECIPIENT", "AGE_IDENTITY"]
aws = ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_REGION"]
vault = ["VAULT_ADDR", "VAULT_TOKEN"]
cosmian = ["KMS_HTTP_URL"]

# Performance characteristics
[plugins.kms.performance]
typical_latency_ms = 5
http_fallback_latency_ms = 50
improvement_factor = 10

# =============================================================================
# Orchestrator Plugin (nu_plugin_orchestrator)
# =============================================================================
[plugins.orchestrator]
name = "nu_plugin_orchestrator"
enabled = true
description = "Local orchestrator operations with direct file I/O"
priority = 3

# Commands provided by this plugin
commands = [
    "orch status",
    "orch tasks",
    "orch validate",
    "orch submit",
    "orch monitor"
]

# Features
features = [
    "local_state",        # Direct file-based state access
    "kcl_validation",     # KCL workflow validation
    "task_queue",         # Local task queue operations
    "progress_monitor"    # Real-time task monitoring
]

# Default data directory
data_dir = "${PROVISIONING_ORCHESTRATOR_DATA:-./data/orchestrator}"

# Fallback HTTP endpoint when plugin unavailable
fallback_endpoint = "http://localhost:9090/api"

# Performance characteristics
[plugins.orchestrator.performance]
typical_latency_ms = 1
http_fallback_latency_ms = 30
improvement_factor = 30

# =============================================================================
# Plugin Installation Paths
# =============================================================================
[plugins.paths]
# Base directory for plugin binaries
base = "${PROVISIONING_PLUGINS_PATH:-${HOME}/.local/share/nushell/plugins}"

# Platform-specific binary extensions
[plugins.paths.extensions]
linux = ""
darwin = ""
windows = ".exe"

# =============================================================================
# Fallback Configuration
# =============================================================================
[plugins.fallback]
# Enable graceful degradation to HTTP API
enabled = true

# HTTP API endpoints for fallback
auth_api = "http://localhost:8081/api/auth"
kms_api = "http://localhost:8082/api/kms"
orch_api = "http://localhost:9090/api"

# Timeout for HTTP fallback requests (ms)
timeout_ms = 5000

# Retry configuration for HTTP fallback
max_retries = 3
retry_delay_ms = 100

# =============================================================================
# Logging and Diagnostics
# =============================================================================
[plugins.logging]
# Log plugin operations
enabled = false

# Log level: debug, info, warn, error
level = "warn"

# Log plugin performance metrics
metrics_enabled = false

# =============================================================================
# Security Settings
# =============================================================================
[plugins.security]
# Verify plugin signatures (future feature)
verify_signatures = false

# Allowed plugin sources
allowed_sources = [
    "local",
    "https://repo.jesusperez.pro"
]

# Sandbox plugin execution (future feature)
sandbox_enabled = false