provisioning/schemas/platform/deployment/multiuser.ncl

# Multi-User Mode Schema
# Team collaboration and staging environment
# Resources: 4 CPU, 8GB RAM, 100GB disk

{
  MultiUserModeConfig = {
    # Deployment mode identifier
    mode  | String = "multiuser",

    # NATS external cluster configuration (required in multi-user mode)
    nats = {
      mode | String = "server",
      url | String,
      port | Number = 4222,
      jetstream | Bool = true,
      auth_token | String | optional,
      tls_cert | String | optional,
      tls_key | String | optional,
      max_reconnects | Number = 10,
      reconnect_wait_ms | Number = 2000,
      subject_prefix | String = "provisioning",
    },

    # SurrealDB WebSocket server configuration
    surrealdb = {
      mode | String = "server",
      url | String,
      namespace | String = "provisioning",
      username | String | optional,
      password | String | optional,
    },

    # Resource allocation
    resources = {
      cpu_cores | String,
      memory_mb | String,
      disk_gb | String,
      max_connections | String | optional,
    },

    # Service enablement and configuration
    services = {
      orchestrator = {
        enabled | String,
        storage_backend | String,
        workers | String | optional,
        queue_max_concurrent_tasks | String | optional,
        batch_parallel_limit | Number | optional,
        multi_workspace_enabled | String | optional,
      },
      control_center = {
        enabled | String,
        database | String,
        mfa_required | String | optional,
        audit_logging | String | optional,
        rbac_enabled | String | optional,
        rbac_hierarchy | String | optional,
      },
      mcp_server = {
        enabled | String,
        protocol | String | optional,
        max_concurrent_tools | String | optional,
        caching_enabled | String | optional,
      },
      installer = {
        enabled | String,
      },
      gitea = {
        enabled | String | optional,
        port | Number | optional,
      },
      postgresql = {
        enabled | String | optional,
        port | Number | optional,
        replicas | String | optional,
      },
    },

    # Security configuration
    security = {
      auto_generate_secrets | String | optional,
      kms_backend | String | optional,
      audit_logging | String,
      tls_enabled | String | optional,
      rbac_enabled | String,
      mfa_enabled | String | optional,
      mfa_method | String | optional,
      user_registration_enabled | String | optional,
    },

    # User management
    users = {
      max_active_sessions | String | optional,
      session_timeout | Number | optional,
      password_expiration_days | Number | optional,
    },

    # Networking
    networking = {
      bind_localhost_only | String | optional,
      expose_services | String,
      allowed_origins | Array String | optional,
      cors_enabled | String | optional,
    },

    # High Availability
    ha = {
      enabled | String | optional,
      replicas | String | optional,
      load_balancer | String | optional,
    },

    # Monitoring and observability
    monitoring = {
      enabled | String,
      metrics_enabled | String | optional,
      health_checks_enabled | String | optional,
      logging_level | String | optional,
      metrics_retention_days | Number | optional,
    },

    # Integrations
    integrations = {
      gitea_enabled | String | optional,
      ldap_enabled | String | optional,
      oauth2_enabled | String | optional,
    },
  },
}