From 2b4c1fde111e0ed532a74b8a20ab34e5f37a3c34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jesu=CC=81s=20Pe=CC=81rez?= <jpl@jesusperez.com>
Date: Tue, 7 Oct 2025 11:20:26 +0100
Subject: [PATCH] chore include .k files

---
 .gitignore                                    |   1 -
 clusters/oci-reg/kcl/oci-reg.k                | 103 +++++++++++++
 clusters/web/kcl/web.k                        |   5 +
 providers/aws/kcl/defaults_aws.k              | 125 +++++++++++++++
 providers/aws/kcl/dependencies.k              | 108 +++++++++++++
 providers/aws/kcl/provision_aws.k             |  33 ++++
 providers/aws/kcl/server_aws.k                |  30 ++++
 providers/local/kcl/defaults_local.k          |  62 ++++++++
 providers/local/kcl/dependencies.k            | 117 ++++++++++++++
 providers/local/kcl/provision_local.k         |  11 ++
 providers/local/kcl/server_local.k            |  27 ++++
 providers/upcloud/kcl/defaults_upcloud.k      | 105 +++++++++++++
 providers/upcloud/kcl/dependencies.k          |  83 ++++++++++
 providers/upcloud/kcl/main.k                  |  11 ++
 providers/upcloud/kcl/provision_upcloud.k     |  19 +++
 providers/upcloud/kcl/server_upcloud.k        |  31 ++++
 .../containerd/kcl/containerd.k               |   9 ++
 .../containerd/kcl/dependencies.k             | 103 +++++++++++++
 .../containerd/kcl/version.k                  |  21 +++
 taskservs/container_runtime/crio/kcl/crio.k   |  11 ++
 .../container_runtime/crio/kcl/version.k      |  16 ++
 taskservs/container_runtime/crun/kcl/crun.k   |   9 ++
 .../container_runtime/crun/kcl/version.k      |  21 +++
 .../container_runtime/podman/kcl/podman.k     |  11 ++
 .../container_runtime/podman/kcl/version.k    |  21 +++
 .../container_runtime/runc/kcl/version.k      |  19 +++
 .../container_runtime/youki/kcl/version.k     |  16 ++
 taskservs/container_runtime/youki/kcl/youki.k |   9 ++
 taskservs/databases/postgres/kcl/postgres.k   |  18 +++
 taskservs/databases/postgres/kcl/version.k    |  14 ++
 taskservs/databases/redis/kcl/redis.k         |  48 ++++++
 taskservs/development/coder/kcl/coder.k       | 107 +++++++++++++
 taskservs/development/coder/kcl/version.k     |  15 ++
 taskservs/development/desktop/kcl/desktop.k   | 126 +++++++++++++++
 taskservs/development/desktop/kcl/version.k   |  22 +++
 taskservs/development/gitea/kcl/gitea.k       | 119 ++++++++++++++
 taskservs/development/gitea/kcl/version.k     |  16 ++
 taskservs/development/nushell/kcl/version.k   |  21 +++
 taskservs/development/oras/kcl/oras.k         |   8 +
 taskservs/development/oras/kcl/version.k      |  21 +++
 taskservs/development/radicle/kcl/radicle.k   |  58 +++++++
 taskservs/development/radicle/kcl/version.k   |  21 +++
 taskservs/infrastructure/kms/kcl/kms.k        |  84 ++++++++++
 taskservs/infrastructure/kms/kcl/version.k    |  21 +++
 .../infrastructure/os/kcl/dependencies.k      | 103 +++++++++++++
 taskservs/infrastructure/os/kcl/os.k          |  13 ++
 taskservs/infrastructure/os/kcl/version.k     |  21 +++
 .../polkadot/bootnode/kcl/polkadot-bootnode.k | 115 ++++++++++++++
 .../polkadot/bootnode/kcl/version.k           |  21 +++
 .../polkadot/node/kcl/polkadot-node.k         | 143 +++++++++++++++++
 .../polkadot/node/kcl/version.k               |  21 +++
 .../solochain/kcl/polkadot-solochain.k        | 131 ++++++++++++++++
 .../polkadot/solochain/kcl/version.k          |  21 +++
 .../validator/kcl/polkadot-validator.k        | 145 ++++++++++++++++++
 .../polkadot/validator/kcl/version.k          |  21 +++
 .../zombienet/kcl/polkadot-zombienet.k        | 138 +++++++++++++++++
 .../polkadot/zombienet/kcl/version.k          |  21 +++
 .../provisioning/kcl/provisioning.k           |  15 ++
 .../infrastructure/provisioning/kcl/version.k |  21 +++
 .../infrastructure/webhook/kcl/version.k      |  21 +++
 .../infrastructure/webhook/kcl/webhook.k      |  39 +++++
 .../k8s_nodejoin/kcl/k8s_nodejoin.k           |  34 ++++
 .../kubernetes/k8s_nodejoin/kcl/version.k     |  21 +++
 taskservs/kubernetes/kcl/dependencies.k       |  97 ++++++++++++
 taskservs/kubernetes/kcl/kubernetes.k         |  81 ++++++++++
 taskservs/kubernetes/kcl/version.k            |  21 +++
 .../kubernetes/kubeconfig/kcl/kubeconfig.k    |  24 +++
 taskservs/kubernetes/kubeconfig/kcl/version.k |  21 +++
 taskservs/kubernetes/kubectl/kcl/kubernetes.k |  10 ++
 taskservs/kubernetes/kubectl/kcl/version.k    |  21 +++
 taskservs/networking/cilium/kcl/cilium.k      |   9 ++
 .../networking/cilium/kcl/dependencies.k      | 103 +++++++++++++
 taskservs/networking/cilium/kcl/version.k     |  15 ++
 taskservs/networking/coredns/kcl/coredns.k    |  57 +++++++
 taskservs/networking/coredns/kcl/version.k    |  20 +++
 taskservs/networking/etcd/kcl/etcd.k          |  57 +++++++
 taskservs/networking/etcd/kcl/version.k       |  22 +++
 .../networking/ip_aliases/kcl/ip_aliases.k    |  25 +++
 taskservs/networking/ip_aliases/kcl/version.k |  21 +++
 taskservs/networking/proxy/kcl/proxy.k        |  47 ++++++
 taskservs/networking/proxy/kcl/version.k      |  19 +++
 taskservs/networking/resolv/kcl/resolv.k      |  16 ++
 taskservs/networking/resolv/kcl/version.k     |  21 +++
 .../storage/external_nfs/kcl/external_nfs.k   |  18 +++
 taskservs/storage/external_nfs/kcl/version.k  |  21 +++
 taskservs/storage/mayastor/kcl/mayastor.k     |   9 ++
 taskservs/storage/mayastor/kcl/version.k      |  21 +++
 taskservs/storage/oci_reg/kcl/oci-reg.k       | 104 +++++++++++++
 taskservs/storage/oci_reg/kcl/version.k       |  16 ++
 .../storage/rook_ceph/kcl/dependencies.k      | 103 +++++++++++++
 taskservs/storage/rook_ceph/kcl/rook_ceph.k   |  22 +++
 taskservs/storage/rook_ceph/kcl/version.k     |  21 +++
 taskservs/version.k                           |   9 ++
 93 files changed, 3971 insertions(+), 1 deletion(-)
 create mode 100644 clusters/oci-reg/kcl/oci-reg.k
 create mode 100644 clusters/web/kcl/web.k
 create mode 100644 providers/aws/kcl/defaults_aws.k
 create mode 100644 providers/aws/kcl/dependencies.k
 create mode 100644 providers/aws/kcl/provision_aws.k
 create mode 100644 providers/aws/kcl/server_aws.k
 create mode 100644 providers/local/kcl/defaults_local.k
 create mode 100644 providers/local/kcl/dependencies.k
 create mode 100644 providers/local/kcl/provision_local.k
 create mode 100644 providers/local/kcl/server_local.k
 create mode 100644 providers/upcloud/kcl/defaults_upcloud.k
 create mode 100644 providers/upcloud/kcl/dependencies.k
 create mode 100644 providers/upcloud/kcl/main.k
 create mode 100644 providers/upcloud/kcl/provision_upcloud.k
 create mode 100644 providers/upcloud/kcl/server_upcloud.k
 create mode 100644 taskservs/container_runtime/containerd/kcl/containerd.k
 create mode 100644 taskservs/container_runtime/containerd/kcl/dependencies.k
 create mode 100644 taskservs/container_runtime/containerd/kcl/version.k
 create mode 100644 taskservs/container_runtime/crio/kcl/crio.k
 create mode 100644 taskservs/container_runtime/crio/kcl/version.k
 create mode 100644 taskservs/container_runtime/crun/kcl/crun.k
 create mode 100644 taskservs/container_runtime/crun/kcl/version.k
 create mode 100644 taskservs/container_runtime/podman/kcl/podman.k
 create mode 100644 taskservs/container_runtime/podman/kcl/version.k
 create mode 100644 taskservs/container_runtime/runc/kcl/version.k
 create mode 100644 taskservs/container_runtime/youki/kcl/version.k
 create mode 100644 taskservs/container_runtime/youki/kcl/youki.k
 create mode 100644 taskservs/databases/postgres/kcl/postgres.k
 create mode 100644 taskservs/databases/postgres/kcl/version.k
 create mode 100644 taskservs/databases/redis/kcl/redis.k
 create mode 100644 taskservs/development/coder/kcl/coder.k
 create mode 100644 taskservs/development/coder/kcl/version.k
 create mode 100644 taskservs/development/desktop/kcl/desktop.k
 create mode 100644 taskservs/development/desktop/kcl/version.k
 create mode 100644 taskservs/development/gitea/kcl/gitea.k
 create mode 100644 taskservs/development/gitea/kcl/version.k
 create mode 100644 taskservs/development/nushell/kcl/version.k
 create mode 100644 taskservs/development/oras/kcl/oras.k
 create mode 100644 taskservs/development/oras/kcl/version.k
 create mode 100644 taskservs/development/radicle/kcl/radicle.k
 create mode 100644 taskservs/development/radicle/kcl/version.k
 create mode 100644 taskservs/infrastructure/kms/kcl/kms.k
 create mode 100644 taskservs/infrastructure/kms/kcl/version.k
 create mode 100644 taskservs/infrastructure/os/kcl/dependencies.k
 create mode 100644 taskservs/infrastructure/os/kcl/os.k
 create mode 100644 taskservs/infrastructure/os/kcl/version.k
 create mode 100644 taskservs/infrastructure/polkadot/bootnode/kcl/polkadot-bootnode.k
 create mode 100644 taskservs/infrastructure/polkadot/bootnode/kcl/version.k
 create mode 100644 taskservs/infrastructure/polkadot/node/kcl/polkadot-node.k
 create mode 100644 taskservs/infrastructure/polkadot/node/kcl/version.k
 create mode 100644 taskservs/infrastructure/polkadot/solochain/kcl/polkadot-solochain.k
 create mode 100644 taskservs/infrastructure/polkadot/solochain/kcl/version.k
 create mode 100644 taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k
 create mode 100644 taskservs/infrastructure/polkadot/validator/kcl/version.k
 create mode 100644 taskservs/infrastructure/polkadot/zombienet/kcl/polkadot-zombienet.k
 create mode 100644 taskservs/infrastructure/polkadot/zombienet/kcl/version.k
 create mode 100644 taskservs/infrastructure/provisioning/kcl/provisioning.k
 create mode 100644 taskservs/infrastructure/provisioning/kcl/version.k
 create mode 100644 taskservs/infrastructure/webhook/kcl/version.k
 create mode 100644 taskservs/infrastructure/webhook/kcl/webhook.k
 create mode 100644 taskservs/kubernetes/k8s_nodejoin/kcl/k8s_nodejoin.k
 create mode 100644 taskservs/kubernetes/k8s_nodejoin/kcl/version.k
 create mode 100644 taskservs/kubernetes/kcl/dependencies.k
 create mode 100644 taskservs/kubernetes/kcl/kubernetes.k
 create mode 100644 taskservs/kubernetes/kcl/version.k
 create mode 100644 taskservs/kubernetes/kubeconfig/kcl/kubeconfig.k
 create mode 100644 taskservs/kubernetes/kubeconfig/kcl/version.k
 create mode 100644 taskservs/kubernetes/kubectl/kcl/kubernetes.k
 create mode 100644 taskservs/kubernetes/kubectl/kcl/version.k
 create mode 100644 taskservs/networking/cilium/kcl/cilium.k
 create mode 100644 taskservs/networking/cilium/kcl/dependencies.k
 create mode 100644 taskservs/networking/cilium/kcl/version.k
 create mode 100644 taskservs/networking/coredns/kcl/coredns.k
 create mode 100644 taskservs/networking/coredns/kcl/version.k
 create mode 100644 taskservs/networking/etcd/kcl/etcd.k
 create mode 100644 taskservs/networking/etcd/kcl/version.k
 create mode 100644 taskservs/networking/ip_aliases/kcl/ip_aliases.k
 create mode 100644 taskservs/networking/ip_aliases/kcl/version.k
 create mode 100644 taskservs/networking/proxy/kcl/proxy.k
 create mode 100644 taskservs/networking/proxy/kcl/version.k
 create mode 100644 taskservs/networking/resolv/kcl/resolv.k
 create mode 100644 taskservs/networking/resolv/kcl/version.k
 create mode 100644 taskservs/storage/external_nfs/kcl/external_nfs.k
 create mode 100644 taskservs/storage/external_nfs/kcl/version.k
 create mode 100644 taskservs/storage/mayastor/kcl/mayastor.k
 create mode 100644 taskservs/storage/mayastor/kcl/version.k
 create mode 100644 taskservs/storage/oci_reg/kcl/oci-reg.k
 create mode 100644 taskservs/storage/oci_reg/kcl/version.k
 create mode 100644 taskservs/storage/rook_ceph/kcl/dependencies.k
 create mode 100644 taskservs/storage/rook_ceph/kcl/rook_ceph.k
 create mode 100644 taskservs/storage/rook_ceph/kcl/version.k
 create mode 100644 taskservs/version.k

diff --git a/.gitignore b/.gitignore
index 6cc555d..4771754 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,7 +19,6 @@ target/
 # Encryption keys and related files (CRITICAL - NEVER COMMIT)
 .k
 .k.backup
-*.k
 *.key.backup
 
 config.*.toml
diff --git a/clusters/oci-reg/kcl/oci-reg.k b/clusters/oci-reg/kcl/oci-reg.k
new file mode 100644
index 0000000..08f60ff
--- /dev/null
+++ b/clusters/oci-reg/kcl/oci-reg.k
@@ -0,0 +1,103 @@
+# Info: KCL OCIReg task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo
+# Release: 0.0.4
+# Date: 11-01-2024
+
+import regex
+
+schema OCIRegStorageDriver:
+   name: str
+   rootdirectory: str
+   region: str
+   bucket: str
+   secure: bool = True
+   regionendpoint: str
+   accesskey: str
+   secretkey: str
+   skipverify: bool = False
+
+schema OCIRegTLS:
+   cert: str = "/etc/zot/ssl/fullchain.pem"
+   key: str ="/etc/zot/ssl/privkey.pem"
+
+schema OCIRegHtpasswd:
+   path: str = "/etc/zot/htpasswd"
+
+schema OCIRegAuth:
+   htpasswd?: OCIRegHtpasswd
+   failDelay: int = 5
+
+schema OCIRegHTTP:
+   address: str = "0.0.0.0"
+   port: int = 5000
+   realm: str = "zot"
+   tls?: OCIRegTLS 
+   auth?: OCIRegAuth 
+   check:
+      address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema OCIRegLog:
+   level: str = "debug"
+   output: str = "/var/log/zot/zot.log"
+   audit: str = "/var/log/zot/zot-audit.log"
+
+schema OCIRegRegistry:
+   urls: [str]
+   onDemand: bool = True
+   maxRetries?: int
+   retryDelay?: str #  "5m"
+   pollInterval?: str # "6h"
+
+schema OCIRegCVE:
+   updateInterval: str = "24h"
+
+schema OCIRegExtUI:
+   enable: bool = True
+
+schema OCIRegExtSearch:
+   enable: bool = True
+   cve: OCIRegCVE = { updateInterval = "24h"}
+
+schema OCIRegExtSync:
+   enable: bool = True
+   registries?: [OCIRegRegistry]
+
+schema OCIRegExtScrub:
+   enable: bool = True
+   interval: str = "24h"
+
+schema OCIRegStorage:
+   rootDirectory: str
+   dedupe: bool = True
+   gc?: bool
+   gcDelay?: str  # "1h"
+   gcInterval?: str # "6h"
+   remoteCache?: bool = False
+   storageDriver?: OCIRegStorageDriver
+
+schema OCIRegExtensions:
+   ui?: OCIRegExtUI
+   search?: OCIRegExtSearch
+   sync?: OCIRegExtSync
+   scrub?: OCIRegExtScrub
+
+schema OCIRegConfig:
+   distSpecVersion: str = "1.0.1"
+   storage: OCIRegStorage
+   http?: OCIRegHTTP 
+   log?: OCIRegLog
+   extensions?: OCIRegExtensions
+
+schema OCIReg:
+   name: str
+   oci_data: str = "/data/zot"
+   oci_etc: str = "/etc/zot"
+   oci_log: str = "/var/log/zot"
+   oci_user: str = "zot"
+   oci_user_group: str = "zot"
+   oci_cmds: str = "zot zli"  
+   oci_memory_high: int = 30
+   oci_memory_max: int =32
+   oci_bin_path: str = "/usr/local/bin"
+   copy_paths: [str] 
+   config: OCIRegConfig
diff --git a/clusters/web/kcl/web.k b/clusters/web/kcl/web.k
new file mode 100644
index 0000000..383a2e1
--- /dev/null
+++ b/clusters/web/kcl/web.k
@@ -0,0 +1,5 @@
+schema Web:
+    name: str = "web"
+    check:
+        len(name) > 0, "Check name"
+
diff --git a/providers/aws/kcl/defaults_aws.k b/providers/aws/kcl/defaults_aws.k
new file mode 100644
index 0000000..89a75f0
--- /dev/null
+++ b/providers/aws/kcl/defaults_aws.k
@@ -0,0 +1,125 @@
+# Info: KCL AWS provider defaults schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning
+
+schema ReqPlan:
+    """
+    RequiredPlan settings
+    """
+    scale: bool = True
+    arch: "x86_64" | "arm64" = "x86_64"
+    cores: int = 1
+    memory: int
+    infaces: int = 2
+    ena: str = "supported,required"
+    # virtyp: hvm
+    gen?: str = "current"
+
+    check:
+        multiplyof(memory, 256), "Memory must be a multiplier of 256"
+        len(ena) > 0, "Check ena value"
+
+schema Permission:
+    """
+    Permisssion for Security Groups
+    """
+    name: str
+    "protocol": "tcp" | "udp" = "tcp"
+    fromPort: int
+    toPort: int
+    ranges: str = "[{CidrIp=0.0.0.0/0},{CidrIp=10.0.0.0/24}]"
+
+schema SecurityGroup:
+    """
+    Security Groups
+    """
+    id?: str
+    name: str
+    perms?: [Permission]
+
+schema Storage_aws(provisioning.Storage):
+    """
+    AWS Storage settings
+    """
+    volname: str = ""
+
+    # The volume type. This parameter can be one of the following values:
+    # - General Purpose SSD: gp2 | gp3
+    # - Provisioned IOPS SSD: io1 | io2
+    # - Throughput Optimized HDD: st1
+    # - Cold HDD: sc1
+    # - Magnetic: standard
+    # - Warning:  Throughput Optimized HDD (st1 ) and Cold HDD (sc1 ) volumes can't be used as boot volumes.
+    voltype: "standard" | "io1" | "io2" | "gp2" | "sc1" | "st1" | "gp3" = "gp2"
+    zone: str = ""
+    voldevice: str = "sdf"
+    labels: str = ""
+    deletetermination: bool = False
+    encrypted: bool = False
+    kms_id: str = ""
+
+    check:
+        len(voldevice) > 0, "Check volume device value /dev/sd[f-p]"
+
+schema ServerDefaults_aws(provisioning.ServerDefaults):
+    """
+    Server Defaults settings
+    """
+    not_use: bool = False
+    provider: "aws" = "aws"
+    # AWS provision data settings
+    prov_settings: str = "defs/aws_data.k"
+    # AWS provision data settings clean 
+    prov_settings_clean: bool = False
+    time_zone: str = "UTC"
+    # AWS region like: eu-west-1 # TODO  check regex match
+    zone?: str
+    plan?: str
+    reqplan?: ReqPlan
+    # Specific AMIs can be used with their ID
+    # If 'storage_os: find'  storage_os_find will be used to find one in zone (region)
+    # expected something like: "name=debian-12 | arch=x86_64" or "name: debian-12 | arch: x86_64"  will be parsed to find latest available
+    storage_os_find: str = "name: debian-12 | arch: x86_64"
+    #storage_os: find
+    storage_os?: str
+    #storage_os: ami-0eb11ab33f229b26c
+    # If not Storage size, Plan Storage size will be used
+    #storage_size: int
+    storages?: [Storage_aws]
+    # Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
+    # where to read the keys.
+    # ssh public key to be included in /root/.ssh/authorized_keys
+    ssh_key_path?: str
+    # Public certificate must be created or imported as a key_name 
+    # use: providers/aws/bin/on-ssh.sh (add -h to get info)
+    ssh_key_name?: str
+    # AWS do not use utility network, if no value it will not be set and utility IP will not be set
+    # public network, if no value it will not be set and public IP will not be set
+    #network_utility_ipv4: bool = True
+    #network_utility_ipv6: bool = False
+    #network_public_ipv4: bool = True
+    #network_public_ipv6: bool = False
+    #TODO settings for Elastic IPs or instace without pubic IP 
+    # To use private network a VPC + Subnet + NetworkInfterface has to be created, IPs will be set in servers items
+    # In AWS this is only a name
+    network_private_name?: str
+    #network_private_id?: str 
+    liveness_ip?: str
+    liveness_port: int = 22
+    # Disable api_stop to keep PublicIpAddress 
+    disable_stop: bool = True
+
+    # Labels to describe the server in `key: value` format, multiple can be declared.
+    # Usage: env: dev
+    labels: str = "{Key=cluster,Value=k8s}"
+    # Main user (default Debian user is admin) 
+    user: str = "admin"
+
+    check:
+        len(user) > 0, "Check user value"
+        priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
+        liveness_ip == Undefined or regex.match(liveness_ip, "^\$.*$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
diff --git a/providers/aws/kcl/dependencies.k b/providers/aws/kcl/dependencies.k
new file mode 100644
index 0000000..b0aed7e
--- /dev/null
+++ b/providers/aws/kcl/dependencies.k
@@ -0,0 +1,108 @@
+# Info: AWS provider dependencies for batch provisioning workflows (Provisioning)
+# Author: Claude Code Agent 7
+# Release: 2.0.0
+# Date: 2025-09-25
+import provisioning
+
+schema NetworkDependencies:
+    """VPC and networking dependencies"""
+    vpc_first: bool = True
+    subnets_require_vpc: bool = True
+    igw_for_public: bool = True
+    route_tables_auto: bool = True
+    nacls_after_subnets: bool = True
+    network_timeout: int = 10
+
+schema SecurityDependencies:
+    """Security Group dependencies"""
+    requires_vpc: bool = True
+    cross_references: bool = True
+    batch_size: int = 20
+    max_rules_per_group: int = 60
+
+schema InstanceDependencies:
+    """EC2 instance dependencies"""
+    requires: [str] = ["subnets", "security_groups", "key_pairs"]
+    launch_template_support: bool = True
+    batch_size: int = 10
+    max_concurrent_per_az: int = 20
+    launch_timeout: int = 10
+    placement_groups: bool = True
+
+schema VolumeDependencies:
+    """EBS volume dependencies"""
+    independent_creation: bool = True
+    attach_requires_running: bool = False
+    concurrent_snapshots: bool = True
+    batch_size: int = 15
+    single_az_restriction: bool = True
+
+schema ApiLimits:
+    """API rate limits and constraints"""
+    ec2_requests_per_second: int = 20
+    vpc_requests_per_second: int = 10
+    ebs_requests_per_second: int = 10
+    burst_multiplier: float = 2
+    throttle_backoff: int = 1000
+    max_retries: int = 5
+    regional_limits: bool = True
+
+schema SharedResources:
+    """Shared resources across accounts/regions"""
+    amis_shareable: bool = True
+    snapshots_shareable: bool = True
+    keypairs_regional: bool = True
+    vpcs_isolated: bool = True
+    sgs_vpc_scoped: bool = True
+
+schema Lifecycle:
+    """Resource lifecycle management"""
+    safe_delete: [str] = ["instances", "volumes", "snapshots"]
+    dependency_check: [str] = ["vpc", "subnets", "security_groups"]
+    cost_monitoring: [str] = ["instances", "volumes", "nat_gateways", "load_balancers"]
+    cleanup_order: [str] = ["load_balancers", "volumes", "instances", "key_pairs", "security_groups", "internet_gateways", "subnets", "vpc"]
+
+schema CrossProvider:
+    """Cross-provider compatibility"""
+    upcloud_compatible: bool = True
+    local_compatible: bool = True
+    hybrid_deployments: bool = True
+    naming_restrictions: [str] = ["aws-", "amazon-"]
+    mandatory_tags: [str] = ["Project", "Environment", "ManagedBy"]
+
+schema AvailabilityZones:
+    """Availability Zone considerations"""
+    multi_az_distribution: bool = True
+    min_az_count: int = 2
+    max_az_count: int = 3
+    affinity_groups: bool = True
+
+schema Validation:
+    """Validation and compliance"""
+    quota_validation: bool = True
+    permission_validation: bool = True
+    regional_limits: bool = True
+    compliance_checks: bool = True
+    cost_estimation: bool = True
+
+schema AWSDependencies:
+    """
+    AWS provider dependency management for batch workflows
+    """
+    # Resource creation order and dependencies
+    resource_order: [str] = ["vpc", "subnets", "internet_gateways", "security_groups", "key_pairs", "instances", "volumes", "load_balancers"]
+
+    # Configuration sections
+    network_dependencies: NetworkDependencies = NetworkDependencies {}
+    security_dependencies: SecurityDependencies = SecurityDependencies {}
+    instance_dependencies: InstanceDependencies = InstanceDependencies {}
+    volume_dependencies: VolumeDependencies = VolumeDependencies {}
+    api_limits: ApiLimits = ApiLimits {}
+    shared_resources: SharedResources = SharedResources {}
+    lifecycle: Lifecycle = Lifecycle {}
+    cross_provider: CrossProvider = CrossProvider {}
+    availability_zones: AvailabilityZones = AvailabilityZones {}
+    validation: Validation = Validation {}
+
+# Default dependency configuration for AWS provider
+aws_dependencies: AWSDependencies = AWSDependencies {}
diff --git a/providers/aws/kcl/provision_aws.k b/providers/aws/kcl/provision_aws.k
new file mode 100644
index 0000000..5c50e1f
--- /dev/null
+++ b/providers/aws/kcl/provision_aws.k
@@ -0,0 +1,33 @@
+# Info: KCL AWS provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo
+# Release: 0.0.4
+# Date: 1-04-2024
+import regex
+import .defaults_aws as defaults
+
+schema Provision_env_aws:
+    """
+    AWS provision env data settings
+    """
+    vpc: str
+    subnet: str
+    cidr_block: str
+    avail_zone: str
+    # aws security group
+    sg?: defaults.SecurityGroup
+
+    check:
+        len(vpc) > 0, "Check VPC value"
+        len(subnet) > 0, "Check Subnet value"
+        len(avail_zone) > 0, "Check availability Zone value"
+        len(cidr_block) == 0 or regex.match(cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'cidr_block = ${cidr_block}' check value definition"
+
+schema Provision_aws:
+    """
+    AWS provision data settings
+    """
+    # Main settings data
+    main: Provision_env_aws
+    # Privaten settings data
+    priv?: Provision_env_aws
+
diff --git a/providers/aws/kcl/server_aws.k b/providers/aws/kcl/server_aws.k
new file mode 100644
index 0000000..e5f5c51
--- /dev/null
+++ b/providers/aws/kcl/server_aws.k
@@ -0,0 +1,30 @@
+# Info: KCL AWS provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning
+
+schema Server_aws(ServerDefaults_aws):
+    """
+    AWS server settings
+    """
+    # Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
+    hostname: str
+    title: str
+
+    # To use private network it a VPC + Subnet + NetworkInfterface has to be created 
+    # It will be done based on aws_priv_cidr_block value (see top file)
+    # IP will be assign here
+    network_private_ip?: str
+    # extra hostnames for server local resolution 
+    extra_hostnames?: [str]
+    taskservs?: [provisioning.TaskServDef]
+    clusters?: [provisioning.ClusterDef]
+
+    check:
+        len(hostname) > 0, "Check hostname value"
+        len(title) > 0, "Check titlevalue"
+        network_private_ip == Undefined or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+        storages != Undefined, "🛑 Storages is not defined"
+
diff --git a/providers/local/kcl/defaults_local.k b/providers/local/kcl/defaults_local.k
new file mode 100644
index 0000000..f6125a4
--- /dev/null
+++ b/providers/local/kcl/defaults_local.k
@@ -0,0 +1,62 @@
+# Info: KCL Local provider defaults schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning
+
+schema Storage_local(provisioning.Storage):
+    """
+    Local Storage settings
+    """
+    volname: str = ""
+    labels: str = ""
+    encrypted: bool = False
+
+    check:
+        len(volname) > 0, "Check volume name"
+
+schema ServerDefaults_local(provisioning.ServerDefaults):
+    """
+    Local Server Defaults settings
+    """
+    provider: "local" = "local"
+    # Local provision data settings
+    prov_settings: str = "defs/local_data.k"
+    # Local provision data settings clean 
+    prov_settings_clean: bool = False
+    not_use: bool = False
+    time_zone: str = "UTC"
+    # Local Plan name
+    plan?: str
+    storage_os?: str
+    storages?: [Storage_local]
+    #storage_size: int
+    # Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
+    # where to read the keys.
+    # ssh public key to be included in /root/.ssh/authorized_keys
+    ssh_key_path?: str
+    # Public certificate must be created or imported as a key_name 
+    # use: providers/aws/bin/on-ssh.sh (add -h to get info)
+    ssh_key_name?: str
+    # To use private network, IPs will be set in servers items
+    priv_cidr_block?: str = "10.11.1.0/24"
+    # ssh_key_mode: rewrite
+    #network_utility_ipv4: bool = True
+    #network_utility_ipv6: bool = False
+    #network_public_ipv4?: bool = True
+    #network_public_ipv6?: bool = False
+    network_private_name?: str = "Private Network"
+    liveness_ip?: str = "$network_public_ip"
+    liveness_port: int = 22
+
+    # Labels to describe the server in `key: value` format, multiple can be declared.
+    # Usage: env: dev
+    labels: str = "{Key=cluster,Value=k8s}"
+    user: str = "root"
+
+    check:
+        len(user) > 0, "Check user value"
+        priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
+        liveness_ip == Undefined or regex.match(liveness_ip, "^\$.*$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
diff --git a/providers/local/kcl/dependencies.k b/providers/local/kcl/dependencies.k
new file mode 100644
index 0000000..25cb83e
--- /dev/null
+++ b/providers/local/kcl/dependencies.k
@@ -0,0 +1,117 @@
+# Info: Local provider dependencies for development and testing workflows (Provisioning)
+# Author: Claude Code Agent 7
+# Release: 2.0.0
+# Date: 2025-09-25
+import provisioning
+
+schema FilesystemDependencies:
+    """Directory and filesystem dependencies"""
+    base_directories_first: bool = True
+    required_paths: [str] = ["/tmp", "/var", "/opt"]
+    auto_create_dirs: bool = True
+    default_permissions: str = "755"
+    fs_timeout: int = 30
+
+schema NetworkDependencies:
+    """Local network dependencies"""
+    docker_networks: bool = True
+    host_network_limits: bool = True
+    port_conflict_check: bool = True
+    local_ranges: [str] = ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+    network_timeout: int = 60
+
+schema ContainerDependencies:
+    """Container dependencies (if using containerization)"""
+    docker_required: bool = False
+    podman_support: bool = True
+    runtime_auto_detect: bool = True
+    base_images_first: bool = True
+    batch_size: int = 5
+    startup_timeout: int = 120
+
+schema StorageDependencies:
+    """Local storage dependencies"""
+    local_paths: bool = True
+    prefer_bind_mounts: bool = True
+    capacity_validation: bool = True
+    temp_cleanup: bool = True
+    batch_size: int = 10
+
+schema ResourceLimits:
+    """Resource limits (local development constraints)"""
+    max_processes: int = 50
+    max_memory_mb: int = 4096
+    max_disk_gb: int = 20
+    max_connections: int = 100
+    max_cpu_percent: int = 80
+
+schema DevelopmentFeatures:
+    """Development workflow support"""
+    hot_reload: bool = True
+    debug_mode: bool = True
+    service_discovery: bool = True
+    config_watching: bool = True
+    log_aggregation: bool = True
+
+schema SharedResources:
+    """Shared resources (local development)"""
+    config_files_shared: bool = True
+    cache_shared: bool = True
+    logs_shared: bool = True
+    database_shared: bool = False
+    ssh_keys_inherited: bool = True
+
+schema Lifecycle:
+    """Resource lifecycle management"""
+    cleanup_on_exit: bool = True
+    preserve_data: [str] = ["databases", "logs", "config"]
+    temporary: [str] = ["pid_files", "sockets", "temp_dirs"]
+    cleanup_order: [str] = ["services", "containers", "volumes", "networks", "temp_directories"]
+
+schema CrossProvider:
+    """Cross-provider compatibility"""
+    cloud_simulation: bool = True
+    cloud_config_compat: bool = True
+    cloud_migration: bool = True
+    service_mocking: bool = True
+    env_parity: bool = True
+
+schema Validation:
+    """Local testing and validation"""
+    health_checks: bool = True
+    port_checks: bool = True
+    dependency_checks: bool = True
+    resource_validation: bool = True
+    config_validation: bool = True
+    performance_testing: bool = True
+
+schema Security:
+    """Security considerations for local development"""
+    environment_isolation: bool = True
+    secure_local_comms: bool = False
+    access_control_sim: bool = True
+    credential_management: bool = True
+    security_scanning: bool = False
+
+schema LocalDependencies:
+    """
+    Local provider dependency management for development workflows
+    """
+    # Resource creation order (simplified for local development)
+    resource_order: [str] = ["directories", "networks", "containers", "volumes", "services"]
+
+    # Configuration sections
+    filesystem_dependencies: FilesystemDependencies = FilesystemDependencies {}
+    network_dependencies: NetworkDependencies = NetworkDependencies {}
+    container_dependencies: ContainerDependencies = ContainerDependencies {}
+    storage_dependencies: StorageDependencies = StorageDependencies {}
+    resource_limits: ResourceLimits = ResourceLimits {}
+    development_features: DevelopmentFeatures = DevelopmentFeatures {}
+    shared_resources: SharedResources = SharedResources {}
+    lifecycle: Lifecycle = Lifecycle {}
+    cross_provider: CrossProvider = CrossProvider {}
+    validation: Validation = Validation {}
+    security: Security = Security {}
+
+# Default dependency configuration for Local provider
+local_dependencies: LocalDependencies = LocalDependencies {}
diff --git a/providers/local/kcl/provision_local.k b/providers/local/kcl/provision_local.k
new file mode 100644
index 0000000..a882a7b
--- /dev/null
+++ b/providers/local/kcl/provision_local.k
@@ -0,0 +1,11 @@
+# Info: KCL AWS provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 1-04-2024
+schema Provision_local:
+    """
+    AWS provision data settings
+    """
+    # settings data
+    zone: str
+
diff --git a/providers/local/kcl/server_local.k b/providers/local/kcl/server_local.k
new file mode 100644
index 0000000..e8e8a43
--- /dev/null
+++ b/providers/local/kcl/server_local.k
@@ -0,0 +1,27 @@
+# Info: KCL Local provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning
+
+schema Server_local(ServerDefaults_local):
+    """
+    Local server settings
+    """
+    # Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
+    hostname: str
+    title: str
+    # IP will be assign here
+    network_private_ip?: str
+    # extra hostnames for server local resolution 
+    extra_hostnames?: [str]
+    taskservs?: [provisioning.TaskServDef]
+    clusters?: [provisioning.ClusterDef]
+
+    check:
+        len(hostname) > 0, "Check hostname value"
+        len(title) > 0, "Check titlevalue"
+        network_private_ip == Undefined or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+        storages != Undefined, "🛑 Storages is not defined"
+
diff --git a/providers/upcloud/kcl/defaults_upcloud.k b/providers/upcloud/kcl/defaults_upcloud.k
new file mode 100644
index 0000000..6319e9e
--- /dev/null
+++ b/providers/upcloud/kcl/defaults_upcloud.k
@@ -0,0 +1,105 @@
+# Info: KCL Upcloud provider defaults schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning.lib as lib
+import provisioning.defaults as defaults
+
+schema Storage_backup_upcloud:
+    """
+    Upcloud storage backup
+    """
+    #The time when to create a backup in HH:MM. Empty value means no backups.
+    time: str
+    # The interval of the backup. Available: daily,mon,tue,wed,thu,fri,sat,sun Default: daily
+    interval: "daily" | "mon" | "tue" | "wed" | "thu" | "fri" | "sat" | "sun" = "daily"
+    # How long to store the backups in days. The accepted range is 1-1095 Default: 7
+    retention: int = 7
+
+    check:
+        (retention) > 0 and (retention) <= 1095, "Retention greater range 1-1095"
+
+schema Storage_upcloud(lib.Storage):
+    """
+    Upcloud storage settings
+    """
+    volname: str = ""
+
+    # The volume type. This parameter can be one of the following values:
+    # - General Purpose SSD: gp2 | gp3
+    # - Provisioned IOPS SSD: io1 | io2
+    # - Throughput Optimized HDD: st1
+    # - Cold HDD: sc1
+    # - Magnetic: standard
+    # - Warning:  Throughput Optimized HDD (st1 ) and Cold HDD (sc1 ) volumes can't be used as boot volumes.
+    voltype: "maxiops" | "hdd" | "custom" = "maxiops"
+    labels: str = ""
+    encrypt: bool = False
+    backup?: Storage_backup_upcloud
+
+schema ServerDefaults_upcloud(defaults.ServerDefaults):
+    """
+    Upcloud Server Defaults settings
+    """
+    provider: "upcloud" = "upcloud"
+    # UpCloud provision data settings
+    prov_settings: str = "defs/upcloud_settings.k"
+    # UpCloud provision data settings clean
+    prov_settings_clean: bool = False
+    not_use: bool = False
+    time_zone: str = "UTC"
+    zone: "de-fra1" | "es-mad1" = "es-mad1"
+    # UpCloud Plan name, for plans list = "upctl server plans" or use 'custom --cores 2 --memory 4096
+    plan: "DEV-1xCPU-1GB-10GB" | "DEV-1xCPU-1GB" | "DEV-1xCPU-2GB" | "DEV-1xCPU-4GB" | "DEV-2xCPU-4GB" | "DEV-2xCPU-8GB" | "DEV-2xCPU-16GB" | "CLOUDNATIVE-1xCPU-4GB" | "CLOUDNATIVE-1xCPU-8GB" | "CLOUDNATIVE-2xCPU-4GB" | "CLOUDNATIVE-2xCPU-8GB" | "1xCPU-1GB" | "1xCPU-2GB" | "2xCPU-2GB" | "2xCPU-4GB" | "4xCPU-8GB" = "1xCPU-2GB"
+
+    # If 'storage_os: find'  storage_os_find will be used to find one in zone (region)
+    # expected something like: "name=debian-12 | arch=x86_64" or "name: debian-12 | arch: x86_64"  will be parsed to find latest available
+    storage_os_find: str = "name: debian-13 | arch: x86_64"
+
+    #storage_os: find
+    # Ubuntu Server 24.04 LTS (Noble Numbat) 01000000-0000-4000-8000-000030240200
+    # Debian GNU/Linux 13 (Trixie) 01000000-0000-4000-8000-000020080100
+    storage_os: "01000000-0000-4000-8000-000020070100" | "01000000-0000-4000-8000-000030240200" | "01000000-0000-4000-8000-000020080100" = "01000000-0000-4000-8000-000020080100"
+
+    #storage_os: ami-0eb11ab33f229b26c
+    # If not Storage size, Plan Storage size will be used
+    #storage_size: int
+    storages?: [Storage_upcloud]
+    #UUID of a server group for the server
+    group_id?: str
+    # Simple backup rule. Format (HHMM,{dailies,weeklies,monthlies}). Example: 2300,dailies
+    backup?: str
+    # Add one or more SSH keys to the admin account. Accepted values are SSH public keys or filenames from
+    # where to read the keys.
+    # ssh public key to be included in /root/.ssh/authorized_keys
+    ssh_key_path?: str
+    # Public certificate must be created or imported as a key_name
+    # use: providers/aws/bin/on-ssh.sh (add -h to get info)
+    ssh_key_name?: str
+    # To use private network, IPs will be set in servers items
+    priv_cidr_block?: str
+    # ssh_key_mode: rewrite
+    # AWS do not use utility network, if no value it will not be set and utility IP will not be set
+    # public network, if no value it will not be set and public IP will not be set
+    #network_utility_ipv4: bool = True
+    #network_utility_ipv6: bool = False
+    #network_public_ipv4?: bool = True
+    #network_public_ipv6?: bool = False
+    #TODO settings for Elastic IPs or instace without pubic IP
+    # To use private network a VPC + Subnet + NetworkInfterface has to be created, IPs will be set in servers items
+    # In AWS this is only a name
+    network_private_name?: str
+    liveness_ip?: str
+    liveness_port: int = 22
+
+    # Labels to describe the server in `key: value` format, multiple can be declared.
+    # Usage: env: dev
+    labels: str = "{Key=cluster,Value=k8s}"
+    user: str = "root"
+
+    check:
+        len(user) > 0, "Check user value"
+        priv_cidr_block == Undefined or regex.match(priv_cidr_block, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'priv_cidr_block = ${priv_cidr_block}' check value definition"
+        liveness_ip == Undefined or regex.match(liveness_ip, "^{{.*}}$") or regex.match(liveness_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'liveness_ip = ${liveness_ip}' check value definition (use {{variable}} or xx.xx.xx.xx)"
+
diff --git a/providers/upcloud/kcl/dependencies.k b/providers/upcloud/kcl/dependencies.k
new file mode 100644
index 0000000..6be7029
--- /dev/null
+++ b/providers/upcloud/kcl/dependencies.k
@@ -0,0 +1,83 @@
+# Info: UpCloud provider dependencies for batch provisioning workflows (Provisioning)
+# Author: Claude Code Agent 7
+# Release: 2.0.0
+# Date: 2025-09-25
+import provisioning
+
+schema NetworkDependencies:
+    """Network dependency configuration"""
+    private_networks_first: bool = True
+    public_networks_managed: bool = True
+    network_timeout: int = 300
+    network_wait: int = 5
+
+schema ServerDependencies:
+    """Server dependency configuration"""
+    requires: [str] = ["networks", "ssh_keys"]
+    batch_size: int = 5
+    batch_wait: int = 30
+    max_concurrent: int = 3
+    creation_timeout: int = 15
+
+schema StorageDependencies:
+    """Storage dependency configuration"""
+    flexible_timing: bool = True
+    attached_requires_server: bool = True
+    batch_size: int = 10
+    operation_timeout: int = 10
+
+schema ApiLimits:
+    """API rate limits and constraints"""
+    requests_per_minute: int = 300
+    burst_requests: int = 50
+    api_call_delay: int = 200
+    max_retries: int = 3
+    backoff_multiplier: float = 1.5
+
+schema SharedResources:
+    """Shared resources configuration"""
+    ssh_keys_shared: bool = True
+    networks_shared: bool = False
+    storage_shared: bool = False
+    firewall_shared: bool = True
+
+schema Lifecycle:
+    """Resource lifecycle management"""
+    safe_delete: [str] = ["servers", "storage", "networks"]
+    confirm_delete: [str] = ["ssh_keys", "shared_networks"]
+    protected: [str] = ["payment_methods", "account_settings"]
+    cleanup_order: [str] = ["loadbalancers", "storage", "servers", "ssh_keys", "security_groups", "networks"]
+
+schema CrossProvider:
+    """Cross-provider compatibility"""
+    aws_compatible: bool = True
+    local_compatible: bool = True
+    mixed_deployments: bool = True
+    naming_conflicts: [str] = ["default", "main", "primary"]
+
+schema Validation:
+    """Validation and health checks"""
+    network_connectivity: bool = True
+    ssh_key_validation: bool = True
+    zone_validation: bool = True
+    quota_validation: bool = True
+
+schema UpCloudDependencies:
+    """
+    UpCloud provider dependency management for batch workflows
+    """
+    # Resource creation order and dependencies
+    resource_order: [str] = ["networks", "security_groups", "ssh_keys", "servers", "storage", "loadbalancers"]
+
+    # Configuration sections
+    network_dependencies: NetworkDependencies = NetworkDependencies {}
+    server_dependencies: ServerDependencies = ServerDependencies {}
+    storage_dependencies: StorageDependencies = StorageDependencies {}
+    api_limits: ApiLimits = ApiLimits {}
+    shared_resources: SharedResources = SharedResources {}
+    lifecycle: Lifecycle = Lifecycle {}
+    cross_provider: CrossProvider = CrossProvider {}
+    validation: Validation = Validation {}
+
+# Default dependency configuration for UpCloud provider
+upcloud_dependencies: UpCloudDependencies = UpCloudDependencies {}
diff --git a/providers/upcloud/kcl/main.k b/providers/upcloud/kcl/main.k
new file mode 100644
index 0000000..0aa9ccc
--- /dev/null
+++ b/providers/upcloud/kcl/main.k
@@ -0,0 +1,11 @@
+# Main entry point for provisioning KCL module
+# This file exports all the schemas and configurations needed for provisioning
+# Author: JesusPerezLorenzo
+# Release: 0.1.0
+# Date: 29-09-2025
+
+# Import core module schemas
+import .defaults_upcloud
+import .dependencies
+import .provision_upcloud
+import .server_upcloud
diff --git a/providers/upcloud/kcl/provision_upcloud.k b/providers/upcloud/kcl/provision_upcloud.k
new file mode 100644
index 0000000..cec122f
--- /dev/null
+++ b/providers/upcloud/kcl/provision_upcloud.k
@@ -0,0 +1,19 @@
+# Info: KCL UpCloud provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 1-04-2024
+schema Provision_env_upcloud:
+    """
+    UpCloud provision env data settings
+    """
+    zone?: str
+
+schema Provision_upcloud:
+    """
+    UpCloud provision data settings
+    """
+    # Main settings data
+    main: Provision_env_upcloud
+    # Privaten settings data
+    priv?: Provision_env_upcloud
+
diff --git a/providers/upcloud/kcl/server_upcloud.k b/providers/upcloud/kcl/server_upcloud.k
new file mode 100644
index 0000000..11aa84c
--- /dev/null
+++ b/providers/upcloud/kcl/server_upcloud.k
@@ -0,0 +1,31 @@
+# Info: KCL Upcloud provider server schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo
+# Release: 0.0.4
+# Date: 15-12-2023
+import regex
+import provisioning.lib as lib
+import .defaults_upcloud as defaults
+
+schema Server_upcloud(defaults.ServerDefaults_upcloud):
+    """
+    Upcloud server settings
+    """
+    # Hostname as reference for resource if is changed later inside server, change will not be updated in resource inventory
+    hostname: str
+    title: str
+
+    # To use private network it a VPC + Subnet + NetworkInfterface has to be created
+    # It will be done based on aws_priv_cidr_block value (see top file)
+    # IP will be assign here
+    network_private_ip?: str
+    # extra hostnames for server local resolution
+    extra_hostnames?: [str]
+    taskservs?: [lib.TaskServDef]
+    clusters?: [lib.ClusterDef]
+
+    check:
+        len(hostname) > 0, "Check hostname value"
+        len(title) > 0, "Check titlevalue"
+        len(network_private_ip) == 0 or regex.match(network_private_ip, "^\$.*$") or regex.match(network_private_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${network_private_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+        storages != Undefined, "🛑 Storages is not defined"
+
diff --git a/taskservs/container_runtime/containerd/kcl/containerd.k b/taskservs/container_runtime/containerd/kcl/containerd.k
new file mode 100644
index 0000000..b66ac59
--- /dev/null
+++ b/taskservs/container_runtime/containerd/kcl/containerd.k
@@ -0,0 +1,9 @@
+# Info: Containerd schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Containerd:
+   name: str = "containerd"
+   version: str
+   runtimes: str = "runc"
diff --git a/taskservs/container_runtime/containerd/kcl/dependencies.k b/taskservs/container_runtime/containerd/kcl/dependencies.k
new file mode 100644
index 0000000..2601044
--- /dev/null
+++ b/taskservs/container_runtime/containerd/kcl/dependencies.k
@@ -0,0 +1,103 @@
+# KCL Dependency configuration for containerd taskserv
+# Defines comprehensive dependency, resource, and health requirements
+
+import provisioning.dependencies as schema
+
+# Containerd taskserv dependency configuration
+_dependencies = schema.TaskservDependencies {
+    name = "containerd"
+
+    # Critical dependencies - must be installed first
+    requires = ["runc", "os"]
+
+    # Optional enhancements - install if available
+    optional = ["youki", "crun"]
+
+    # Cannot coexist with other container runtimes
+    conflicts = ["docker", "podman", "crio"]
+
+    # Services provided by this taskserv
+    provides = ["container-runtime", "cri", "containerd-service"]
+
+    # Resource requirements for containerd installation
+    resources = schema.ResourceRequirement {
+        cpu = "200m"            # 200m CPU for container runtime
+        memory = "256Mi"        # 256MB RAM minimum
+        disk = "5Gi"           # 5GB for images and container storage
+        network = True          # Requires network for image pulls
+        privileged = True       # Needs privileged access for container operations
+    }
+
+    # Health checks for containerd service
+    health_checks = [
+        schema.HealthCheck {
+            command = "systemctl is-active containerd"
+            interval = 30
+            timeout = 5
+            retries = 2
+            success_threshold = 1
+            failure_threshold = 3
+        },
+        schema.HealthCheck {
+            command = "ctr version"
+            interval = 60
+            timeout = 10
+            retries = 3
+        },
+        schema.HealthCheck {
+            command = "ctr images list | wc -l"
+            interval = 120
+            timeout = 15
+            retries = 2
+        }
+    ]
+
+    # Readiness probe for installation completion
+    readiness_probe = schema.HealthCheck {
+        command = "ctr namespaces list | grep -q default"
+        interval = 15
+        timeout = 5
+        retries = 5
+        success_threshold = 2
+    }
+
+    # Installation phases for ordered deployment
+    phases = [
+        schema.InstallationPhase {
+            name = "pre-install"
+            order = 1
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "install"
+            order = 2
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "post-install"
+            order = 3
+            parallel = True
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "validate"
+            order = 4
+            parallel = False
+            required = True
+        }
+    ]
+
+    # Installation control
+    timeout = 300               # 5 minutes for containerd setup
+    retry_count = 3
+
+    # Platform compatibility
+    os_support = ["linux"]
+    arch_support = ["amd64", "arm64"]
+    k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
+}
+
+# Output for dynamic dependency resolution
+_dependencies
\ No newline at end of file
diff --git a/taskservs/container_runtime/containerd/kcl/version.k b/taskservs/container_runtime/containerd/kcl/version.k
new file mode 100644
index 0000000..c0a5113
--- /dev/null
+++ b/taskservs/container_runtime/containerd/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for containerd taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "containerd"
+    version = schema.Version {
+        current = "1.7.24"
+        source = "https://github.com/containerd/containerd/releases"
+        tags = "https://github.com/containerd/containerd/tags"
+        site = "https://containerd.io"
+        # Pinned for production stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["runc"]
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/container_runtime/crio/kcl/crio.k b/taskservs/container_runtime/crio/kcl/crio.k
new file mode 100644
index 0000000..1ba0bef
--- /dev/null
+++ b/taskservs/container_runtime/crio/kcl/crio.k
@@ -0,0 +1,11 @@
+# Info: KCL CRIO schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Crio:
+   name: str = "crio"
+   version: str
+   runtime_default: "crun" | "runc" | "youki" = "crun"
+   runtimes: str = "crun,runc"
+
diff --git a/taskservs/container_runtime/crio/kcl/version.k b/taskservs/container_runtime/crio/kcl/version.k
new file mode 100644
index 0000000..c9ebed6
--- /dev/null
+++ b/taskservs/container_runtime/crio/kcl/version.k
@@ -0,0 +1,16 @@
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "containerd"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/cri-o/cri-o/releases"
+        tags = "https://github.com/cri-o/cri-o/tags"
+        site = "https://cri-o.io"
+        # Auto-update for container runtime
+        check_latest = True
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/container_runtime/crun/kcl/crun.k b/taskservs/container_runtime/crun/kcl/crun.k
new file mode 100644
index 0000000..4195f7c
--- /dev/null
+++ b/taskservs/container_runtime/crun/kcl/crun.k
@@ -0,0 +1,9 @@
+# Info: KCL Crun schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Crun:
+   name: str = "crun"
+   version: str
+
diff --git a/taskservs/container_runtime/crun/kcl/version.k b/taskservs/container_runtime/crun/kcl/version.k
new file mode 100644
index 0000000..d1ae55b
--- /dev/null
+++ b/taskservs/container_runtime/crun/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for crun taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Crun taskserv configuration
+_version = schema.TaskservVersion {
+    name = "crun"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/containers/crun/releases"
+        tags = "https://github.com/containers/crun/tags"
+        site = "https://github.com/containers/crun"
+        # Auto-update for container runtime
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/container_runtime/podman/kcl/podman.k b/taskservs/container_runtime/podman/kcl/podman.k
new file mode 100644
index 0000000..124652d
--- /dev/null
+++ b/taskservs/container_runtime/podman/kcl/podman.k
@@ -0,0 +1,11 @@
+# Info: KCL Podman schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Podman:
+   name: str = "podman"
+   version: str
+   runtime_default: "crun" | "runc" | "youki" = "crun"
+   runtimes: str = "crun,runc"
+
diff --git a/taskservs/container_runtime/podman/kcl/version.k b/taskservs/container_runtime/podman/kcl/version.k
new file mode 100644
index 0000000..f059561
--- /dev/null
+++ b/taskservs/container_runtime/podman/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for podman taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Podman taskserv configuration
+_version = schema.TaskservVersion {
+    name = "podman"
+    version = schema.Version {
+        current = "5.3.1"
+        source = "https://github.com/containers/podman/releases"
+        tags = "https://github.com/containers/podman/tags"
+        site = "https://podman.io"
+        # Pinned for stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/container_runtime/runc/kcl/version.k b/taskservs/container_runtime/runc/kcl/version.k
new file mode 100644
index 0000000..9652511
--- /dev/null
+++ b/taskservs/container_runtime/runc/kcl/version.k
@@ -0,0 +1,19 @@
+# KCL Version configuration for runc taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Runc taskserv configuration
+_version = schema.TaskservVersion {
+    name = "runc"
+    version = schema.Version {
+        current = "1.1.14"
+        source = "https://github.com/opencontainers/runc/releases"
+        tags = "https://github.com/opencontainers/runc/tags"
+        site = "https://github.com/opencontainers/runc"
+        # Auto-update for container runtime
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+_version
diff --git a/taskservs/container_runtime/youki/kcl/version.k b/taskservs/container_runtime/youki/kcl/version.k
new file mode 100644
index 0000000..bb666a0
--- /dev/null
+++ b/taskservs/container_runtime/youki/kcl/version.k
@@ -0,0 +1,16 @@
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "youki"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/containers/youki/releases"
+        tags = "https://github.com/containers/youki/tags"
+        site = "https://github.com/containers/youki"
+        # Auto-update for container runtime
+        check_latest = True
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/container_runtime/youki/kcl/youki.k b/taskservs/container_runtime/youki/kcl/youki.k
new file mode 100644
index 0000000..dab1901
--- /dev/null
+++ b/taskservs/container_runtime/youki/kcl/youki.k
@@ -0,0 +1,9 @@
+# Info: KCL Youki schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Youki:
+   name: str = "youki"
+   version: str
+
diff --git a/taskservs/databases/postgres/kcl/postgres.k b/taskservs/databases/postgres/kcl/postgres.k
new file mode 100644
index 0000000..a28694b
--- /dev/null
+++ b/taskservs/databases/postgres/kcl/postgres.k
@@ -0,0 +1,18 @@
+# Info: KCL Postgres task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+schema Postgres:
+    name: str = "postgres"
+    postgres_version: str
+    vers_num:int 
+    run_path: str = "/usr/bin/psql"
+    lib_path: str = "/var/lib/postgresql"
+    data_path: str = "/var/lib/postgresql/${vers_num}/main"
+    etc_path: str = "/etc/postgresql"
+    config_file: str = "postgresql.conf"
+    run_user: str = "postgres"
+    run_group: str = "${run_user}"
+    run_user_home: str = "/var/lib/postgresql"
+
diff --git a/taskservs/databases/postgres/kcl/version.k b/taskservs/databases/postgres/kcl/version.k
new file mode 100644
index 0000000..56abe85
--- /dev/null
+++ b/taskservs/databases/postgres/kcl/version.k
@@ -0,0 +1,14 @@
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "postgres"
+    version = schema.Version {
+        current = "16"
+        source = "https://hub.docker.com/_/postgres"
+        site = "https://www.postgresql.org"
+        # Pinned major version for stability
+        check_latest = True
+        grace_period = 86400
+    }
+}
diff --git a/taskservs/databases/redis/kcl/redis.k b/taskservs/databases/redis/kcl/redis.k
new file mode 100644
index 0000000..4fe6d23
--- /dev/null
+++ b/taskservs/databases/redis/kcl/redis.k
@@ -0,0 +1,48 @@
+# Info: Redis KCL schemas for provisioning (Provisioning)
+# Author: Example Template
+# Release: 0.0.1
+# Date: $(date +%Y-%m-%d)
+
+schema Redis:
+    """
+    Redis configuration schema for infrastructure provisioning
+    """
+    name: str = "redis"
+    version: str
+
+    # Network configuration
+    port: int = 6379
+    bind_address: str = "127.0.0.1"
+
+    # Memory configuration
+    maxmemory: str = "256mb"
+    maxmemory_policy: "noeviction" | "allkeys-lru" | "volatile-lru" | "allkeys-random" | "volatile-random" | "volatile-ttl" = "allkeys-lru"
+
+    # Persistence configuration
+    persistence: bool = True
+    save_interval: str = "900 1 300 10 60 10000"  # Save every 900s if 1 key changed, etc.
+
+    # Security
+    requirepass?: str
+
+    # Replication
+    master_host?: str
+    master_port?: int
+
+    # Clustering
+    cluster_enabled: bool = False
+    cluster_config_file?: str
+
+    # Logging
+    loglevel: "debug" | "verbose" | "notice" | "warning" = "notice"
+    logfile: str = "/var/log/redis/redis-server.log"
+
+    # Performance
+    tcp_keepalive: int = 300
+    timeout: int = 0
+
+    # Validation
+    check:
+        port > 0 and port < 65536, "Port must be between 1 and 65535"
+        len(version) > 0, "Version must be specified"
+        master_port == Undefined or (master_port > 0 and master_port < 65536), "Master port must be valid if specified"
\ No newline at end of file
diff --git a/taskservs/development/coder/kcl/coder.k b/taskservs/development/coder/kcl/coder.k
new file mode 100644
index 0000000..9c2c75c
--- /dev/null
+++ b/taskservs/development/coder/kcl/coder.k
@@ -0,0 +1,107 @@
+# Info: KCL Coder task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Coder
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema Database:
+    """
+    Coder Database configuration
+    """
+    typ: "sqlite" | "postgresql" = "postgresql"
+    host?: str = "127.0.0.1"
+    port?: int = 5432
+    database?: str = "coder"
+    username?: str
+    password?: str
+    ssl_mode?: "require" | "disable" = "disable"
+    path?: str = "/var/lib/coder/coder.db" if typ == "sqlite" else Undefined
+    
+    check:
+        typ == "sqlite" or username != Undefined and len(username) > 0, "Database username required for ${typ}"
+        typ == "sqlite" or password != Undefined and len(password) > 0, "Database password required for ${typ}"
+        typ == "sqlite" or host != Undefined and len(host) > 0, "Database host required for ${typ}"
+
+schema TLS:
+    """
+    TLS configuration for Coder
+    """
+    enabled: bool = False
+    cert_file?: str
+    key_file?: str
+    address?: str = "0.0.0.0:443"
+    
+    check:
+        not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when TLS enabled"
+        not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when TLS enabled"
+        not enabled or (regex.match(cert_file, "^\/.*\.(pem|crt)$") if cert_file != Undefined else True), \
+            "cert_file should be absolute path with .pem or .crt extension"
+        not enabled or (regex.match(key_file, "^\/.*\.(pem|key)$") if key_file != Undefined else True), \
+            "key_file should be absolute path with .pem or .key extension"
+
+schema OAuth:
+    """
+    OAuth configuration for Coder
+    """
+    enabled: bool = False
+    provider: "github" | "oidc" | "google" = "github"
+    client_id?: str
+    client_secret?: str
+    issuer_url?: str
+    scopes?: [str] = ["openid", "profile", "email"]
+    
+    check:
+        not enabled or client_id != Undefined and len(client_id) > 0, "client_id required when OAuth enabled"
+        not enabled or client_secret != Undefined and len(client_secret) > 0, "client_secret required when OAuth enabled"
+        not enabled or provider != "oidc" or issuer_url != Undefined and len(issuer_url) > 0, "issuer_url required for OIDC provider"
+
+schema CoderServer:
+    """
+    Coder server configuration
+    """
+    name: str = "coder"
+    version: str
+    run_user: User = {
+        name = "coder"
+    }
+    work_path: str = "/var/lib/coder"
+    config_path: str = "/etc/coder"
+    run_path: str = "/usr/local/bin/coder"
+    access_url: str
+    wildcard_access_url?: str
+    http_address: str = "0.0.0.0:7080"
+    database: Database = {
+        typ = "postgresql"
+    }
+    tls: TLS = {
+        enabled = False
+    }
+    oauth: OAuth = {
+        enabled = False
+    }
+    log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
+    telemetry_enabled: bool = True
+    update_check_enabled: bool = True
+    redirect_to_access_url: bool = False
+    proxy_trusted_headers: [str] = []
+    proxy_trusted_origins: [str] = []
+    secure_auth_cookie: bool = False
+    max_session_token_lifetime: str = "24h"
+    disable_password_auth: bool = False
+    
+    check:
+        len(access_url) > 0, "access_url is required"
+        regex.match(access_url, "^https?://.*$"), "access_url must be a valid HTTP/HTTPS URL"
+        wildcard_access_url == Undefined or regex.match(wildcard_access_url, "^\*\..*$"), "wildcard_access_url must start with *."
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
\ No newline at end of file
diff --git a/taskservs/development/coder/kcl/version.k b/taskservs/development/coder/kcl/version.k
new file mode 100644
index 0000000..e160aca
--- /dev/null
+++ b/taskservs/development/coder/kcl/version.k
@@ -0,0 +1,15 @@
+import taskservs.version as schema
+
+_version = schema.TaskservVersion {
+    name = "coder"
+    version = schema.Version {
+        current = "latest"
+        source = "https://api.github.com/repos/coder/coder/releases"
+        tags = "https://api.github.com/repos/coder/coder/tags"
+        site = "https://coder.com"
+        # Pinned for production stability
+        check_latest = False
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/development/desktop/kcl/desktop.k b/taskservs/development/desktop/kcl/desktop.k
new file mode 100644
index 0000000..5191edc
--- /dev/null
+++ b/taskservs/development/desktop/kcl/desktop.k
@@ -0,0 +1,126 @@
+# Info: KCL Desktop task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 1.0.0
+# Date: 2025-07-25
+
+import regex
+
+schema User:
+    """
+    User settings for Desktop environment
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+    shell?: str = "/bin/bash"
+
+schema DesktopEnvironment:
+    """
+    Desktop environment configuration
+    """
+    type: "xfce" | "gnome" | "kde" | "lxde" | "mate" = "xfce"
+    display_manager: "lightdm" | "gdm" | "sddm" = "lightdm"
+    resolution?: str = "1920x1080"
+    theme?: str
+    
+schema Applications:
+    """
+    Applications to install with desktop
+    """
+    editors: [str] = ["zed", "nano", "vim"]
+    browsers: [str] = ["firefox"]
+    terminals: [str] = ["xfce4-terminal"]
+    development: [str] = ["git", "build-essential"]
+    media: [str] = ["vlc", "gimp"]
+    office: [str] = ["libreoffice"]
+    utilities: [str] = ["htop", "curl", "wget", "tree"]
+    
+schema Graphics:
+    """
+    Graphics and display configuration
+    """
+    driver: "nouveau" | "nvidia" | "amd" | "intel" = "intel"
+    acceleration: bool = True
+    compositing: bool = True
+
+schema VNC:
+    """
+    VNC server configuration for remote desktop access
+    """
+    enabled: bool = True
+    port: int = 5901
+    password?: str
+    geometry: str = "1920x1080"
+    depth: int = 24
+    
+    check:
+        port > 1024 and port < 65535, "VNC port must be between 1024 and 65535"
+        depth in [8, 16, 24, 32], "VNC depth must be 8, 16, 24, or 32"
+
+schema RustDesk:
+    """
+    RustDesk remote desktop configuration
+    """
+    enabled: bool = True
+    port: int = 21116
+    hbbr_port: int = 21117
+    custom_server?: str
+    password?: str
+    permanent_password?: str
+    allow_guest: bool = False
+    auto_start: bool = True
+    
+    check:
+        port > 1024 and port < 65535, "RustDesk port must be between 1024 and 65535"
+        hbbr_port > 1024 and hbbr_port < 65535, "RustDesk hbbr port must be between 1024 and 65535"
+        port != hbbr_port, "RustDesk ports must be different"
+
+schema SSH:
+    """
+    SSH server configuration
+    """
+    enabled: bool = True
+    port: int = 22
+    password_auth: bool = True
+    key_auth: bool = True
+    root_login: "yes" | "no" | "prohibit-password" = "prohibit-password"
+    max_auth_tries: int = 3
+    client_alive_interval: int = 300
+    client_alive_count_max: int = 2
+    allowed_users?: [str]
+    denied_users?: [str]
+    
+    check:
+        port > 0 and port < 65535, "SSH port must be between 1 and 65535"
+        max_auth_tries > 0, "Max auth tries must be positive"
+        client_alive_interval >= 0, "Client alive interval must be non-negative"
+        client_alive_count_max >= 0, "Client alive count max must be non-negative"
+
+schema DesktopServer:
+    """
+    Desktop server configuration
+    """
+    name: str = "desktop"
+    run_user: User = {
+        name = "desktop"
+    }
+    desktop_env: DesktopEnvironment = {
+        type = "xfce"
+    }
+    applications: Applications = {}
+    graphics: Graphics = {}
+    vnc: VNC = {
+        enabled = True
+    }
+    rustdesk: RustDesk = {
+        enabled = True
+    }
+    ssh: SSH = {
+        enabled = True
+    }
+    auto_login: bool = False
+    startup_script?: str
+    
+    check:
+        len(run_user.name) > 0, "Check run_user name"
+        vnc.enabled or rustdesk.enabled or desktop_env.display_manager != Undefined, "At least one remote access method required"
\ No newline at end of file
diff --git a/taskservs/development/desktop/kcl/version.k b/taskservs/development/desktop/kcl/version.k
new file mode 100644
index 0000000..5224750
--- /dev/null
+++ b/taskservs/development/desktop/kcl/version.k
@@ -0,0 +1,22 @@
+# KCL Version configuration for crun taskserv
+# Uses proper TaskservVersion schema for type safety
+#
+import taskservs.version as schema
+
+# Crun taskserv configuration
+_version = schema.TaskservVersion {
+    name = "desktop"
+    version = schema.Version {
+        current = "latest"
+        source = ""
+        tags = ""
+        site = ""
+        # Auto-update for container runtime
+        check_latest = False
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/development/gitea/kcl/gitea.k b/taskservs/development/gitea/kcl/gitea.k
new file mode 100644
index 0000000..3e735e1
--- /dev/null
+++ b/taskservs/development/gitea/kcl/gitea.k
@@ -0,0 +1,119 @@
+# Info: KCL Gitea task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 11-12-2023
+
+import regex 
+
+schema User:
+    """
+    User settings
+    """
+    name: str
+    password?: str
+    group: str = name
+    home?: str = "/home/${name}"
+    email?: str
+
+schema DB:
+    """
+    Gitea DB settings
+    """
+    typ: "sqlite" | "postgres" | "mysql" = "sqlite"
+    host?: str = "127.0.0.1:5432" if typ == "postgres" else Undefined
+    name: str
+    user?: str
+    password?: str 
+    charset?: str = "utf8" if typ != "sqlite" else Undefined
+    ssl_mode?: "enable" | "disable" = "disable" if typ == "postgres" else Undefined
+    path?: str = "/var/lib/gitea/gitea.db"
+
+schema Gitea:
+    """
+    Gitea app.ini main settings 
+    """
+    #_with_ssh = True if ssh_domain != Undefined and len(ssh_domain) > 0 else False
+    # _protocol = "https" if certs_path != Undefined and len(certs_path) > 0 else "http"
+    #_ssh_port = 22
+    # _cert_file = Undefined if _protocol == "http" else cert_file
+    # _key_file = key_file if certs_path != Undefined and _protocol == "https" else Udefined 
+    name: str = "gitea"
+    version: str
+    app_name: str
+    run_user: User = {
+        name = "gitea"
+    }
+    adm_user: User
+    work_path: str = "/var/lib/gitea"
+    etc_path: str = "/etc/gitea"
+    config_path: str = "app.ini"
+    run_path: str = "/usr/local/bin/gitea"
+    "protocol": "http" | "https" = "http"
+    http_addr: str = "localhost"
+    http_port: int = 3000
+    root_url: str
+    domain: str
+    db: DB
+    disable_registration: bool = True
+    require_signin_view: bool = False
+    webhook_allowed_hosts_list?: str
+    cdci_user?: str
+    cdci_group?: str = "${cdci_user}"
+    cdci_user_home?: str = "/home/${cdci_user}"
+    cdci_key?: str
+    copy_paths?: [str]
+
+#     #if $with_https == True:
+#     #    _protocol = "https"
+#     if _with_ssh == True:
+#        _ssh_port = 22
+#     # if _protocol == "http":
+#     #     _cert_file = Undefined 
+#     #     _key_file = Undefined 
+# #       cert_file = ""
+#     print (_with_ssh, ssh_domain, ssh_port)
+#     print (_protocol, certs_path, cert_file, _cert_file)
+
+    check:
+        1 <= http_port <= 65535, "http_port must be between 1 and 65535, inclusive"
+        len(adm_user.name) > 0, "Check Admin User name 'adm_user.name'"
+        len(adm_user.password) > 0, "Check Admin User password 'adm_user.password'"
+        len(adm_user.email) > 0, "Check Admin User email 'adm_user.email'"
+        len(db.name) > 0, "Check DB name"
+        db.typ == "sqlite" or db.user != Undefined and len(db.user) > 0, "Check DB user for ${db.typ}"
+        db.typ == "sqlite" or db.password != Undefined and len(db.password) > 0, "Check DB password for ${db.typ}"
+        # 1 <= ssh_port <= 65535 , "ssh_port must be between 1 and 65535, inclusive"
+        # _cert_file == Undefined or regex.match(_cert_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'cert_file= ${_cert_file}' should be absolute path with '.pem' extension"
+        # _key_file == Undefined or regex.match(_key_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'key_file= ${_key_file}' should be absolute path with '.pem' extension"
+        #_protocol == "https" and len(certs_path) == 0, "certs_path has to be set for protocol https"
+        #ssh_port == 1 IF ssh_domain? [""] 
+
+schema Gitea_SSH(Gitea):
+    """
+    Gitea app.ini main settings with SSL and SSH
+    """
+    "protocol": "http" | "https" = "https"
+    ssh_domain: str
+    ssh_port: int = 2022
+    start_ssh_server: bool = True
+    builtin_ssh_server_user: str = "git"
+    ssh_root_path: str = "/home/gitea/.ssh"
+
+    check:
+        1 <= ssh_port <= 65535 , "ssh_port must be between 1 and 65535, inclusive"
+        
+schema Gitea_SSH_SSL(Gitea_SSH):
+    """
+    Gitea app.ini main settings with SSL
+    """
+    "protocol": "http" | "https" = "https"
+    certs_path: str
+    cert_file: str = "${certs_path}/fullchain.pem"
+    key_file: str = "${certs_path}/privkey.pem"
+
+    check:
+        1 <= http_port <= 65535, "http_port must be between 1 and 65535, inclusive"
+        regex.match(certs_path, "^\/.*$"), "'certs_path= ${certs_path}' should be absolute path"
+        regex.match(cert_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'cert_file= ${cert_file}' should be absolute path with '.pem' extension"
+        regex.match(key_file, "^\/([A-z0-9-_+]+\/)*([A-z0-9]+\.(pem))$"), "'key_file= ${key_file}' should be absolute path with '.pem' extension"
+        
diff --git a/taskservs/development/gitea/kcl/version.k b/taskservs/development/gitea/kcl/version.k
new file mode 100644
index 0000000..2e7e5a9
--- /dev/null
+++ b/taskservs/development/gitea/kcl/version.k
@@ -0,0 +1,16 @@
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "gitea"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/go-gitea/gitea/releases"
+        tags = "https://github.com/go-gitea/gitea/tags"
+        site = "https://gitea.io"
+        # Auto-update for development tools
+        check_latest = True
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/development/nushell/kcl/version.k b/taskservs/development/nushell/kcl/version.k
new file mode 100644
index 0000000..5193576
--- /dev/null
+++ b/taskservs/development/nushell/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for nushell taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Nushell shell taskserv configuration
+_version = schema.TaskservVersion {
+    name = "nushell"
+    version = schema.Version {
+        current = "0.107.1"
+        source = "https://github.com/nushell/nushell/releases"
+        tags = "https://github.com/nushell/nushell/tags"
+        site = "https://www.nushell.sh/"
+        # Pinned for system stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/development/oras/kcl/oras.k b/taskservs/development/oras/kcl/oras.k
new file mode 100644
index 0000000..62806d6
--- /dev/null
+++ b/taskservs/development/oras/kcl/oras.k
@@ -0,0 +1,8 @@
+schema Oras:
+    """
+    Oras settings
+    """
+    version: str
+    name: str = "oras"
+    copy_paths: [str]
+    
diff --git a/taskservs/development/oras/kcl/version.k b/taskservs/development/oras/kcl/version.k
new file mode 100644
index 0000000..7f37861
--- /dev/null
+++ b/taskservs/development/oras/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for oras taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Oras taskserv configuration
+_version = schema.TaskservVersion {
+    name = "oras"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/oras-project/oras/releases"
+        tags = "https://github.com/oras-project/oras/tags"
+        site = "https://oras.land"
+        # Auto-update for container registry tools
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/development/radicle/kcl/radicle.k b/taskservs/development/radicle/kcl/radicle.k
new file mode 100644
index 0000000..d9a39a7
--- /dev/null
+++ b/taskservs/development/radicle/kcl/radicle.k
@@ -0,0 +1,58 @@
+# Info: KCL Radicle task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Radicle
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema RadicleNode:
+    """
+    Radicle Node configuration
+    """
+    name: str = "radicle"
+    version: str
+    run_user: User = {
+        name = "radicle"
+    }
+    work_path: str = "/var/lib/radicle"
+    config_path: str = "/etc/radicle"
+    run_path: str = "/usr/local/bin/rad"
+    bind_addr: str = "0.0.0.0"
+    bind_port: int = 8776
+    peer_port: int = 8777
+    web_ui_port: int = 8080
+    storage_path: str = "/var/lib/radicle/storage"
+    seeds: [str] = []
+    external_addresses: [str] = []
+    connect_timeout: int = 10
+    announce: bool = True
+    log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
+    
+    check:
+        1 <= bind_port <= 65535, "bind_port must be between 1 and 65535, inclusive"
+        1 <= peer_port <= 65535, "peer_port must be between 1 and 65535, inclusive"
+        1 <= web_ui_port <= 65535, "web_ui_port must be between 1 and 65535, inclusive"
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(storage_path) > 0, "Check storage_path"
+        connect_timeout > 0, "connect_timeout must be positive"
+
+schema RadicleHttpd:
+    """
+    Radicle HTTP daemon configuration
+    """
+    enabled: bool = True
+    bind_addr: str = "0.0.0.0"
+    bind_port: int = 8080
+    assets_path?: str
+    
+    check:
+        1 <= bind_port <= 65535, "bind_port must be between 1 and 65535, inclusive"
\ No newline at end of file
diff --git a/taskservs/development/radicle/kcl/version.k b/taskservs/development/radicle/kcl/version.k
new file mode 100644
index 0000000..56a0114
--- /dev/null
+++ b/taskservs/development/radicle/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for radicle taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Radicle (decentralized git) taskserv configuration
+_version = schema.TaskservVersion {
+    name = "radicle"
+    version = schema.Version {
+        current = "1.0.0"
+        source = "https://github.com/radicle-dev/radicle/releases"
+        tags = "https://github.com/radicle-dev/radicle/tags"
+        site = "https://radicle.xyz"
+        check_latest = True  # Can auto-update for development tools
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/infrastructure/kms/kcl/kms.k b/taskservs/infrastructure/kms/kcl/kms.k
new file mode 100644
index 0000000..c11f42f
--- /dev/null
+++ b/taskservs/infrastructure/kms/kcl/kms.k
@@ -0,0 +1,84 @@
+# Info: KCL Cosmian KMS task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for KMS
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema Database:
+    """
+    KMS Database configuration
+    """
+    typ: "sqlite" | "mysql" | "postgresql" | "redis" = "sqlite"
+    host?: str = "127.0.0.1"
+    port?: int = 5432 if typ == "postgresql" else 3306 if typ == "mysql" else 6379 if typ == "redis" else Undefined
+    database?: str = "kms"
+    username?: str
+    password?: str
+    path?: str = "/var/lib/kms/kms.db" if typ == "sqlite" else Undefined
+    ssl_mode?: "require" | "disable" = "disable"
+    
+    check:
+        typ == "sqlite" or username != Undefined and len(username) > 0, "Database username required for ${typ}"
+        typ == "sqlite" or password != Undefined and len(password) > 0, "Database password required for ${typ}"
+        typ == "sqlite" or host != Undefined and len(host) > 0, "Database host required for ${typ}"
+
+schema Auth:
+    """
+    Authentication configuration
+    """
+    enabled: bool = False
+    jwt_issuer_uri?: str
+    jwks_uri?: str
+    jwt_audience?: str
+    
+    check:
+        not enabled or jwt_issuer_uri != Undefined and len(jwt_issuer_uri) > 0, "JWT issuer URI required when auth enabled"
+
+schema CosmianKMS:
+    """
+    Cosmian KMS server configuration
+    """
+    name: str = "kms"
+    version: str
+    run_user: User = {
+        name = "kms"
+    }
+    work_path: str = "/var/lib/kms"
+    config_path: str = "/etc/cosmian"
+    config_file: str = "kms.toml"
+    run_path: str = "/usr/local/bin/cosmian_kms"
+    bind_addr: str = "0.0.0.0"
+    port: int = 9998
+    database: Database = {
+        typ = "sqlite"
+    }
+    auth: Auth = {
+        enabled = False
+    }
+    log_level: "trace" | "debug" | "info" | "warn" | "error" = "info"
+    fips_mode: bool = False
+    tls_enabled: bool = False
+    cert_file?: str
+    key_file?: str
+    ca_cert_file?: str
+    
+    check:
+        1 <= port <= 65535, "port must be between 1 and 65535, inclusive"
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        not tls_enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when TLS enabled"
+        not tls_enabled or key_file != Undefined and len(key_file) > 0, "key_file required when TLS enabled"
+        not tls_enabled or (regex.match(cert_file, "^\/.*\.(pem|crt)$") if cert_file != Undefined else True), \
+            "cert_file should be absolute path with .pem or .crt extension"
+        not tls_enabled or (regex.match(key_file, "^\/.*\.(pem|key)$") if key_file != Undefined else True), \
+            "key_file should be absolute path with .pem or .key extension"
\ No newline at end of file
diff --git a/taskservs/infrastructure/kms/kcl/version.k b/taskservs/infrastructure/kms/kcl/version.k
new file mode 100644
index 0000000..0479132
--- /dev/null
+++ b/taskservs/infrastructure/kms/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for kms taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# KMS (Key Management Service) taskserv configuration
+_version = schema.TaskservVersion {
+    name = "kms"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/aws/aws-cli/releases"
+        tags = "https://github.com/aws/aws-cli/tags"
+        site = "https://aws.amazon.com/kms/"
+        # Pinned for security
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/os/kcl/dependencies.k b/taskservs/infrastructure/os/kcl/dependencies.k
new file mode 100644
index 0000000..f8f70a6
--- /dev/null
+++ b/taskservs/infrastructure/os/kcl/dependencies.k
@@ -0,0 +1,103 @@
+# KCL Dependency configuration for os taskserv
+# Defines comprehensive dependency, resource, and health requirements
+
+import provisioning.dependencies as schema
+
+# OS taskserv dependency configuration
+_dependencies = schema.TaskservDependencies {
+    name = "os"
+
+    # Base OS has no dependencies - it's the foundation
+    requires = []
+
+    # Optional enhancements - install if available
+    optional = ["resolv", "ip-aliases", "proxy"]
+
+    # No conflicts - OS is foundational
+    conflicts = []
+
+    # Services provided by this taskserv
+    provides = ["base-os", "systemd", "networking", "package-manager", "filesystem"]
+
+    # Resource requirements for OS configuration
+    resources = schema.ResourceRequirement {
+        cpu = "100m"            # Minimal CPU for OS operations
+        memory = "128Mi"        # 128MB RAM minimum
+        disk = "10Gi"          # 10GB minimum for OS and packages
+        network = True          # Requires network for package updates
+        privileged = True       # Needs full system access for OS configuration
+    }
+
+    # Health checks for OS components
+    health_checks = [
+        schema.HealthCheck {
+            command = "systemctl is-system-running | grep -E 'running|degraded'"
+            interval = 60
+            timeout = 10
+            retries = 2
+            success_threshold = 1
+            failure_threshold = 3
+        },
+        schema.HealthCheck {
+            command = "df / | tail -1 | awk '{print $5}' | tr -d '%' | awk '$1 < 90'"
+            interval = 300
+            timeout = 5
+            retries = 1
+        },
+        schema.HealthCheck {
+            command = "free -m | awk 'NR==2{printf \"%.1f\", $3*100/$2 }' | awk '$1 < 95'"
+            interval = 120
+            timeout = 5
+            retries = 2
+        }
+    ]
+
+    # Readiness probe for installation completion
+    readiness_probe = schema.HealthCheck {
+        command = "systemctl list-failed | grep -q '0 loaded units listed' || systemctl list-failed --state=failed | wc -l | grep -q '^0$'"
+        interval = 30
+        timeout = 10
+        retries = 5
+        success_threshold = 2
+    }
+
+    # Installation phases for ordered deployment
+    phases = [
+        schema.InstallationPhase {
+            name = "pre-install"
+            order = 1
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "install"
+            order = 2
+            parallel = True          # OS updates can run in parallel
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "post-install"
+            order = 3
+            parallel = True
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "validate"
+            order = 4
+            parallel = False
+            required = True
+        }
+    ]
+
+    # Installation control
+    timeout = 900               # 15 minutes for OS updates and configuration
+    retry_count = 2             # Conservative retry for OS operations
+
+    # Platform compatibility - all supported platforms
+    os_support = ["linux"]
+    arch_support = ["amd64", "arm64"]
+    k8s_versions = []           # OS doesn't depend on K8s versions
+}
+
+# Output for dynamic dependency resolution
+_dependencies
\ No newline at end of file
diff --git a/taskservs/infrastructure/os/kcl/os.k b/taskservs/infrastructure/os/kcl/os.k
new file mode 100644
index 0000000..04eec8a
--- /dev/null
+++ b/taskservs/infrastructure/os/kcl/os.k
@@ -0,0 +1,13 @@
+# Info: KCL OS task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+import regex
+
+schema OS:
+    name: str = "os"
+    admin_user: str 
+    admin_group: str = "${admin_user}"
+    src_user_path: str
+    ssh_keys: str
\ No newline at end of file
diff --git a/taskservs/infrastructure/os/kcl/version.k b/taskservs/infrastructure/os/kcl/version.k
new file mode 100644
index 0000000..c6fadff
--- /dev/null
+++ b/taskservs/infrastructure/os/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for os taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Operating System configuration taskserv
+_version = schema.TaskservVersion {
+    name = "os"
+    version = schema.Version {
+        current = "latest"
+        source = ""
+        tags = ""
+        site = ""
+        check_latest = False  # System component
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/bootnode/kcl/polkadot-bootnode.k b/taskservs/infrastructure/polkadot/bootnode/kcl/polkadot-bootnode.k
new file mode 100644
index 0000000..2d4071b
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/bootnode/kcl/polkadot-bootnode.k
@@ -0,0 +1,115 @@
+# Info: KCL Polkadot Bootnode task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Polkadot bootnode
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema SSL:
+    """
+    SSL certificate configuration for bootnode
+    """
+    enabled: bool = False
+    cert_file?: str
+    key_file?: str
+    ca_file?: str
+    
+    check:
+        not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when SSL enabled"
+        not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when SSL enabled"
+
+schema NetworkPorts:
+    """
+    Network port configuration for bootnode
+    """
+    p2p_port: int = 30310
+    ws_port: int = 30311
+    wss_port: int = 30312
+    
+    check:
+        1 <= p2p_port <= 65535, "P2P port must be between 1 and 65535"
+        1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
+        1 <= wss_port <= 65535, "WSS port must be between 1 and 65535"
+        p2p_port != ws_port, "P2P and WebSocket ports must be different"
+        p2p_port != wss_port, "P2P and WSS ports must be different"
+        ws_port != wss_port, "WebSocket and WSS ports must be different"
+
+schema WSS:
+    """
+    Secure WebSocket configuration for bootnode
+    """
+    enabled: bool = False
+    domain?: str
+    proxy_type: "nginx" | "apache" = "nginx"
+    rate_limit: int = 1000  # requests per minute
+    ssl: SSL = {}
+    
+    check:
+        not enabled or ssl.enabled, "SSL must be enabled for WSS"
+        not enabled or domain != Undefined and len(domain) > 0, "domain required for WSS"
+
+schema Network:
+    """
+    Network configuration for bootnode
+    """
+    chain: "polkadot" | "kusama" | "westend" = "polkadot"
+    listen_addrs: [str] = [
+        "/ip4/0.0.0.0/tcp/30310",
+        "/ip4/0.0.0.0/tcp/30311/ws"
+    ]
+    public_addr?: str
+    external_addresses: [str] = []
+    max_peers: int = 50
+    ports: NetworkPorts = {}
+    
+    check:
+        max_peers > 0, "max_peers must be positive"
+        len(listen_addrs) > 0, "At least one listen address required"
+
+schema Telemetry:
+    """
+    Telemetry configuration for bootnode
+    """
+    enabled: bool = True
+    url: str = "wss://telemetry.polkadot.io/submit/"
+    verbosity: int = 0
+    
+    check:
+        0 <= verbosity <= 9, "verbosity must be between 0 and 9"
+
+schema PolkadotBootnode:
+    """
+    Polkadot bootnode configuration
+    """
+    name: str = "polkadot-bootnode"
+    version: str = "latest"
+    run_user: User = {
+        name = "polkadot"
+    }
+    work_path: str = "/var/lib/polkadot-bootnode"
+    config_path: str = "/etc/polkadot-bootnode"
+    bin_path: str = "/usr/local/bin/polkadot"
+    base_path: str = "/var/lib/polkadot-bootnode/data"
+    node_key_file?: str = "/etc/polkadot-bootnode/node-key"
+    network: Network = {}
+    telemetry: Telemetry = {}
+    wss: WSS = {}
+    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
+    log_targets: [str] = ["sub-libp2p"]
+    execution: "native" | "wasm" | "both" = "wasm"
+    state_cache_size: int = 67108864  # 64MB
+    
+    check:
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        len(base_path) > 0, "Check base_path"
+        state_cache_size > 0, "state_cache_size must be positive"
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/bootnode/kcl/version.k b/taskservs/infrastructure/polkadot/bootnode/kcl/version.k
new file mode 100644
index 0000000..e251ede
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/bootnode/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for polkadot-bootnode taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Polkadot bootnode taskserv configuration
+_version = schema.TaskservVersion {
+    name = "polkadot-bootnode"
+    version = schema.Version {
+        current = "1.15.0"
+        source = "https://github.com/paritytech/polkadot/releases"
+        tags = "https://github.com/paritytech/polkadot/tags"
+        site = "https://polkadot.network"
+        # Pinned for network stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/polkadot/node/kcl/polkadot-node.k b/taskservs/infrastructure/polkadot/node/kcl/polkadot-node.k
new file mode 100644
index 0000000..a6d2835
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/node/kcl/polkadot-node.k
@@ -0,0 +1,143 @@
+# Info: KCL Polkadot Node task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Polkadot node
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema SSL:
+    """
+    SSL certificate configuration
+    """
+    enabled: bool = False
+    cert_file?: str
+    key_file?: str
+    ca_file?: str
+    
+    check:
+        not enabled or cert_file != Undefined and len(cert_file) > 0, "cert_file required when SSL enabled"
+        not enabled or key_file != Undefined and len(key_file) > 0, "key_file required when SSL enabled"
+
+schema WSS:
+    """
+    Secure WebSocket configuration
+    """
+    enabled: bool = False
+    port: int = 443
+    domain?: str
+    proxy_type: "nginx" | "apache" = "nginx"
+    rate_limit: int = 100  # requests per minute
+    ssl: SSL = {}
+    
+    check:
+        1 <= port <= 65535, "WSS port must be between 1 and 65535"
+        not enabled or ssl.enabled, "SSL must be enabled for WSS"
+        not enabled or domain != Undefined and len(domain) > 0, "domain required for WSS"
+
+schema Pruning:
+    """
+    Pruning configuration for Polkadot node
+    """
+    enabled: bool = True
+    mode: "state" | "block" | "both" = "state"
+    blocks_to_keep: int = 256
+    state_pruning: int = 256
+    block_pruning?: int = 256 if mode == "block" else Undefined
+    
+    check:
+        blocks_to_keep > 0, "blocks_to_keep must be positive"
+        state_pruning > 0, "state_pruning must be positive" 
+        block_pruning == Undefined or block_pruning > 0, "block_pruning must be positive if set"
+
+schema Network:
+    """
+    Network configuration
+    """
+    chain: "polkadot" | "kusama" | "westend" = "polkadot"
+    listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
+    public_addr?: str
+    bootnodes: [str] = []
+    reserved_nodes: [str] = []
+    reserved_only: bool = False
+    max_peers: int = 50
+    max_peers_light: int = 100
+    
+    check:
+        max_peers > 0, "max_peers must be positive"
+        max_peers_light > 0, "max_peers_light must be positive"
+
+schema RPC:
+    """
+    RPC configuration
+    """
+    enabled: bool = True
+    bind_addr: str = "127.0.0.1"
+    port: int = 9944
+    ws_port: int = 9944
+    http_port: int = 9933
+    max_connections: int = 100
+    cors: [str] = ["all"]
+    methods: [str] = ["safe"]
+    rate_limit?: int = 1000  # requests per minute
+    
+    check:
+        1 <= port <= 65535, "RPC port must be between 1 and 65535"
+        1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
+        1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"
+        max_connections > 0, "max_connections must be positive"
+
+schema Telemetry:
+    """
+    Telemetry configuration
+    """
+    enabled: bool = True
+    url: str = "wss://telemetry.polkadot.io/submit/"
+    verbosity: int = 0
+    
+    check:
+        0 <= verbosity <= 9, "verbosity must be between 0 and 9"
+
+schema PolkadotNode:
+    """
+    Polkadot node configuration
+    """
+    name: str = "polkadot-node"
+    version: str = "latest"
+    node_type: "full" | "light" | "validator" = "full"
+    sync_mode: "full" | "fast" | "warp" = "warp"
+    pruning: Pruning = {}
+    archive_mode: bool = False
+    run_user: User = {
+        name = "polkadot"
+    }
+    work_path: str = "/var/lib/polkadot"
+    config_path: str = "/etc/polkadot"
+    bin_path: str = "/usr/local/bin/polkadot"
+    base_path: str = "/var/lib/polkadot/data"
+    network: Network = {}
+    rpc: RPC = {}
+    telemetry: Telemetry = {}
+    wss: WSS = {}
+    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
+    log_targets: [str] = []
+    execution: "native" | "wasm" | "both" = "wasm"
+    wasm_execution: "compiled" | "interpreted" = "compiled"
+    state_cache_size: int = 67108864  # 64MB
+    db_cache: int = 1024  # MB
+    
+    check:
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        len(base_path) > 0, "Check base_path"
+        state_cache_size > 0, "state_cache_size must be positive"
+        db_cache > 0, "db_cache must be positive"
+        not (archive_mode and pruning.enabled), "Cannot enable both archive mode and pruning"
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/node/kcl/version.k b/taskservs/infrastructure/polkadot/node/kcl/version.k
new file mode 100644
index 0000000..c842a4b
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/node/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for polkadot-node taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Polkadot node taskserv configuration
+_version = schema.TaskservVersion {
+    name = "polkadot-node"
+    version = schema.Version {
+        current = "1.15.0"
+        source = "https://github.com/paritytech/polkadot/releases"
+        tags = "https://github.com/paritytech/polkadot/tags"
+        site = "https://polkadot.network"
+        # Pinned for node stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/polkadot/solochain/kcl/polkadot-solochain.k b/taskservs/infrastructure/polkadot/solochain/kcl/polkadot-solochain.k
new file mode 100644
index 0000000..ff07b13
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/solochain/kcl/polkadot-solochain.k
@@ -0,0 +1,131 @@
+# Info: KCL Polkadot Solochain task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Polkadot solochain
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema NetworkConfig:
+    """
+    Network configuration for Polkadot solochain
+    """
+    name: str = "local"
+    chain_id: str = "local_testnet"
+    node_key?: str
+    listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
+    public_addr?: str
+    bootnodes: [str] = []
+    reserved_nodes: [str] = []
+    reserved_only: bool = False
+    max_peers: int = 50
+
+schema Consensus:
+    """
+    Consensus configuration
+    """
+    algorithm: "aura" | "babe" = "aura"
+    finality: "grandpa" = "grandpa"
+    block_time: int = 6000  # milliseconds
+    epoch_duration: int = 600  # blocks for BABE
+
+schema RPC:
+    """
+    RPC configuration
+    """
+    enabled: bool = True
+    bind_addr: str = "127.0.0.1"
+    port: int = 9944
+    ws_port: int = 9944
+    http_port: int = 9933
+    max_connections: int = 100
+    cors: [str] = ["all"]
+    methods: [str] = ["safe"]
+
+schema Telemetry:
+    """
+    Telemetry configuration
+    """
+    enabled: bool = False
+    url?: str
+    verbosity: int = 0
+
+schema Runtime:
+    """
+    Runtime configuration including PVM support
+    """
+    name: str = "solochain-template"
+    version: str = "1.0.0"
+    pvm_enabled: bool = True
+    wasm_execution: "compiled" | "interpreted" = "compiled"
+    heap_pages: int = 64
+    max_block_weight: int = 2000000000000  # Weight units
+    max_block_length: int = 5242880  # 5MB
+    pallets: [str] = [
+        "system",
+        "timestamp", 
+        "aura",
+        "grandpa",
+        "balances",
+        "transaction_payment",
+        "sudo"
+    ]
+
+schema Validator:
+    """
+    Validator configuration
+    """
+    enabled: bool = False
+    key_type: "sr25519" | "ed25519" = "sr25519"
+    session_keys?: str
+    validator_id?: str
+
+schema PolkadotSolochain:
+    """
+    Polkadot solochain node configuration
+    """
+    name: str = "polkadot-solochain"
+    version: str = "stable2024"
+    run_user: User = {
+        name = "polkadot"
+    }
+    work_path: str = "/var/lib/polkadot"
+    config_path: str = "/etc/polkadot"
+    bin_path: str = "/usr/local/bin"
+    node_binary: str = "solochain-template-node"
+    base_path: str = "/var/lib/polkadot/data"
+    keystore_path: str = "/var/lib/polkadot/keystore"
+    network: NetworkConfig = {}
+    consensus: Consensus = {}
+    rpc: RPC = {}
+    telemetry: Telemetry = {}
+    runtime: Runtime = {}
+    validator: Validator = {}
+    execution_strategy: "native" | "wasm" | "both" = "wasm"
+    wasm_runtime_overrides?: str
+    pruning: "archive" | int = 256
+    state_cache_size: int = 67108864  # 64MB
+    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
+    log_targets: [str] = []
+    dev_mode: bool = False
+    alice_validator: bool = False if not dev_mode else True
+    
+    check:
+        1 <= rpc.port <= 65535, "RPC port must be between 1 and 65535"
+        1 <= rpc.ws_port <= 65535, "WebSocket port must be between 1 and 65535"
+        1 <= rpc.http_port <= 65535, "HTTP port must be between 1 and 65535"
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        len(base_path) > 0, "Check base_path"
+        network.max_peers > 0, "max_peers must be positive"
+        consensus.block_time > 0, "block_time must be positive"
+        runtime.heap_pages > 0, "heap_pages must be positive"
+        state_cache_size > 0, "state_cache_size must be positive"
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/solochain/kcl/version.k b/taskservs/infrastructure/polkadot/solochain/kcl/version.k
new file mode 100644
index 0000000..10ffc0b
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/solochain/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for polkadot-solochain taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Polkadot solochain taskserv configuration
+_version = schema.TaskservVersion {
+    name = "polkadot-solochain"
+    version = schema.Version {
+        current = "1.15.0"
+        source = "https://github.com/paritytech/polkadot/releases"
+        tags = "https://github.com/paritytech/polkadot/tags"
+        site = "https://polkadot.network"
+        # Pinned for chain stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k b/taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k
new file mode 100644
index 0000000..9db5bc7
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k
@@ -0,0 +1,145 @@
+# Info: KCL Polkadot Validator task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Polkadot validator
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema ValidatorAccount:
+    """
+    Validator account configuration (Stash/Controller)
+    """
+    stash_address?: str
+    controller_address?: str
+    reward_destination: "Staked" | "Stash" | "Controller" | "Account" = "Staked"
+    commission: int = 0  # Commission percentage (0-100)
+    
+    check:
+        0 <= commission <= 100, "Commission must be between 0 and 100"
+
+schema SessionKeys:
+    """
+    Session keys configuration
+    """
+    keys_file?: str = "/var/lib/polkadot/session-keys"
+    auto_rotate: bool = False
+    rotation_interval?: int = 86400  # seconds (24 hours)
+    babe_key?: str
+    grandpa_key?: str
+    im_online_key?: str
+    para_validator_key?: str
+    para_assignment_key?: str
+    authority_discovery_key?: str
+    
+    check:
+        rotation_interval == Undefined or rotation_interval > 0, "Rotation interval must be positive"
+
+schema Network:
+    """
+    Network configuration for validator
+    """
+    chain: "polkadot" | "kusama" | "westend" = "polkadot"
+    listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
+    public_addr?: str
+    node_key_file?: str = "/var/lib/polkadot/node-key"
+    bootnodes: [str] = []
+    reserved_nodes: [str] = []
+    reserved_only: bool = False
+    max_peers: int = 50
+    max_peers_light: int = 100
+    
+    check:
+        max_peers > 0, "max_peers must be positive"
+        max_peers_light > 0, "max_peers_light must be positive"
+
+schema RPC:
+    """
+    RPC configuration (restricted for validators)
+    """
+    enabled: bool = True
+    bind_addr: str = "127.0.0.1"  # Localhost only for security
+    port: int = 9944
+    ws_port: int = 9944
+    http_port: int = 9933
+    max_connections: int = 10  # Limited for validators
+    cors: [str] = []  # No CORS for validators
+    methods: [str] = ["safe"]  # Only safe methods
+    
+    check:
+        1 <= port <= 65535, "RPC port must be between 1 and 65535"
+        1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
+        1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"
+        max_connections <= 50, "Validator RPC connections should be limited"
+
+schema Monitoring:
+    """
+    Monitoring configuration for validator
+    """
+    enabled: bool = True
+    prometheus_port: int = 9615
+    prometheus_bind_addr: str = "127.0.0.1"
+    telemetry_enabled: bool = True
+    telemetry_url: str = "wss://telemetry.polkadot.io/submit/"
+    telemetry_verbosity: int = 0
+    
+    check:
+        1 <= prometheus_port <= 65535, "Prometheus port must be between 1 and 65535"
+        0 <= telemetry_verbosity <= 9, "Telemetry verbosity must be between 0 and 9"
+
+schema Security:
+    """
+    Security configuration for validator
+    """
+    enable_firewall: bool = True
+    allowed_ssh_ips: [str] = []
+    fail2ban_enabled: bool = True
+    auto_updates: bool = True
+    secure_keystore: bool = True
+    backup_keys: bool = True
+    backup_path?: str = "/var/backups/polkadot"
+
+schema PolkadotValidator:
+    """
+    Polkadot validator node configuration
+    """
+    name: str = "polkadot-validator"
+    version: str = "latest"
+    run_user: User = {
+        name = "polkadot"
+    }
+    work_path: str = "/var/lib/polkadot"
+    config_path: str = "/etc/polkadot"
+    bin_path: str = "/usr/local/bin/polkadot"
+    base_path: str = "/var/lib/polkadot/data"
+    keystore_path: str = "/var/lib/polkadot/keystore"
+    validator_accounts: ValidatorAccount = {}
+    session_keys: SessionKeys = {}
+    network: Network = {}
+    rpc: RPC = {}
+    monitoring: Monitoring = {}
+    security: Security = {}
+    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
+    log_targets: [str] = ["runtime::system"]
+    execution: "native" | "wasm" | "both" = "wasm"
+    wasm_execution: "compiled" | "interpreted" = "compiled"
+    state_cache_size: int = 134217728  # 128MB for validators
+    db_cache: int = 2048  # 2GB for validators
+    pruning: "archive" | int = 1000  # Keep more blocks for validators
+    unsafe_pruning: bool = False
+    
+    check:
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        len(base_path) > 0, "Check base_path"
+        state_cache_size > 0, "state_cache_size must be positive"
+        db_cache > 0, "db_cache must be positive"
+        not unsafe_pruning or pruning != "archive", "Cannot use unsafe pruning with archive mode"
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/validator/kcl/version.k b/taskservs/infrastructure/polkadot/validator/kcl/version.k
new file mode 100644
index 0000000..16a0bdb
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/validator/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for polkadot-validator taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Polkadot validator taskserv configuration
+_version = schema.TaskservVersion {
+    name = "polkadot-validator"
+    version = schema.Version {
+        current = "1.15.0"
+        source = "https://github.com/paritytech/polkadot/releases"
+        tags = "https://github.com/paritytech/polkadot/tags"
+        site = "https://polkadot.network"
+        # Pinned for validator stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/polkadot/zombienet/kcl/polkadot-zombienet.k b/taskservs/infrastructure/polkadot/zombienet/kcl/polkadot-zombienet.k
new file mode 100644
index 0000000..dafafeb
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/zombienet/kcl/polkadot-zombienet.k
@@ -0,0 +1,138 @@
+# Info: KCL Polkadot Zombienet task schemas for provisioning (Provisioning)
+# Author: Provisioning System
+# Release: 0.0.1
+# Date: 2025-07-24
+
+import regex
+
+schema User:
+    """
+    User settings for Zombienet
+    """
+    name: str
+    group: str = name
+    home?: str = "/home/${name}"
+
+schema RelayChainNode:
+    """
+    Relay chain node configuration
+    """
+    name: str
+    image?: str = "parity/polkadot:latest"
+    command?: str = "polkadot"
+    args?: [str] = []
+    validator: bool = True
+    balance?: int = 1000000000000
+    
+    check:
+        len(name) > 0, "Node name cannot be empty"
+
+schema CollatorNode:
+    """
+    Parachain collator node configuration
+    """
+    name: str
+    image?: str = "parity/polkadot-parachain:latest" 
+    command?: str = "polkadot-parachain"
+    args?: [str] = []
+    balance?: int = 1000000000000
+    
+    check:
+        len(name) > 0, "Collator name cannot be empty"
+
+schema Parachain:
+    """
+    Parachain configuration
+    """
+    id: int
+    chain?: str
+    balance?: int = 1000000
+    collators: [CollatorNode] = []
+    genesis_wasm?: str
+    genesis_state?: str
+    
+    check:
+        1 <= id <= 4000, "Parachain ID must be between 1 and 4000"
+        len(collators) > 0, "At least one collator required"
+
+schema RelayChain:
+    """
+    Relay chain configuration
+    """
+    chain: "rococo-local" | "westend-local" | "kusama-local" | "polkadot-local" = "rococo-local"
+    default_image?: str = "parity/polkadot:latest"
+    default_command?: str = "polkadot"
+    nodes: [RelayChainNode] = []
+    genesis?: str
+    runtime_genesis_patch?: str
+    
+    check:
+        len(nodes) >= 2, "At least 2 relay chain nodes required"
+
+schema Settings:
+    """
+    Zombienet settings configuration
+    """
+    timeout: int = 1000
+    node_spawn_timeout?: int = 300
+    provider: "native" | "kubernetes" | "podman" = "native"
+    enable_tracing?: bool = False
+    backchannel?: bool = True
+    
+    check:
+        timeout > 0, "Timeout must be positive"
+        node_spawn_timeout == Undefined or node_spawn_timeout > 0, "Node spawn timeout must be positive"
+
+schema KubernetesProvider:
+    """
+    Kubernetes provider specific configuration
+    """
+    namespace?: str = "zombienet"
+    monitoring?: bool = True
+    prometheus_prefix?: str = "substrate_"
+    
+schema PodmanProvider:
+    """
+    Podman provider specific configuration
+    """
+    monitoring?: bool = True
+    monitoring_port?: int = 9090
+    
+    check:
+        monitoring_port == Undefined or (1 <= monitoring_port <= 65535), "Monitoring port must be between 1 and 65535"
+
+schema NativeProvider:
+    """
+    Native provider specific configuration
+    """
+    monitoring?: bool = False
+
+schema PolkadotZombienet:
+    """
+    Polkadot Zombienet configuration
+    """
+    name: str = "polkadot-zombienet"
+    version: str = "1.3.133"
+    run_user: User = {
+        name = "zombienet"
+    }
+    work_path: str = "/var/lib/zombienet"
+    config_path: str = "/etc/zombienet"
+    bin_path: str = "/usr/local/bin"
+    zombienet_binary: str = "zombienet"
+    networks_path: str = "/var/lib/zombienet/networks"
+    binaries_path: str = "/var/lib/zombienet/binaries"
+    logs_path: str = "/var/lib/zombienet/logs"
+    settings: Settings = {}
+    relaychain: RelayChain = {}
+    parachains: [Parachain] = []
+    kubernetes_config?: KubernetesProvider = {}
+    podman_config?: PodmanProvider = {}
+    native_config?: NativeProvider = {}
+    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
+    
+    check:
+        len(run_user.name) > 0, "Check run_user name"
+        len(work_path) > 0, "Check work_path"
+        len(config_path) > 0, "Check config_path"
+        len(relaychain.nodes) >= 2, "At least 2 relay chain nodes required"
\ No newline at end of file
diff --git a/taskservs/infrastructure/polkadot/zombienet/kcl/version.k b/taskservs/infrastructure/polkadot/zombienet/kcl/version.k
new file mode 100644
index 0000000..143e60d
--- /dev/null
+++ b/taskservs/infrastructure/polkadot/zombienet/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for zombienet taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Zombienet testing taskserv configuration
+_version = schema.TaskservVersion {
+    name = "zombienet"
+    version = schema.Version {
+        current = "1.3.119"
+        source = "https://github.com/paritytech/zombienet/releases"
+        tags = "https://github.com/paritytech/zombienet/tags"
+        site = "https://github.com/paritytech/zombienet"
+        check_latest = True  # Can auto-update for testing tool
+        grace_period = 86400
+    }
+    dependencies = ["polkadot"]
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/infrastructure/provisioning/kcl/provisioning.k b/taskservs/infrastructure/provisioning/kcl/provisioning.k
new file mode 100644
index 0000000..3224638
--- /dev/null
+++ b/taskservs/infrastructure/provisioning/kcl/provisioning.k
@@ -0,0 +1,15 @@
+# Info: KCL Provisioning task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+schema Provisioning: 
+    name: str = "provisioning"
+    provisioning_version: str
+    # where to intall 
+    provisioning_root_path: str = "/usr/local"
+    provisioning_root_bin: str = "/usr/local/bin"
+    provisioning_run_mode: str = "mode-ui"
+    admin_user: str
+    admin_user_home: str = "/home/${admin_user}"
+
diff --git a/taskservs/infrastructure/provisioning/kcl/version.k b/taskservs/infrastructure/provisioning/kcl/version.k
new file mode 100644
index 0000000..239df44
--- /dev/null
+++ b/taskservs/infrastructure/provisioning/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for provisioning taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Provisioning tools taskserv configuration
+_version = schema.TaskservVersion {
+    name = "provisioning"
+    version = schema.Version {
+        current = "2.0.0"
+        source = "https://github.com/provisioning-project/releases"
+        tags = "https://github.com/provisioning-project/tags"
+        site = "https://provisioning.local"
+        # Pinned for project stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["nushell", "kcl", "sops", "age"]
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/infrastructure/webhook/kcl/version.k b/taskservs/infrastructure/webhook/kcl/version.k
new file mode 100644
index 0000000..bd62203
--- /dev/null
+++ b/taskservs/infrastructure/webhook/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for webhook taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Webhook taskserv configuration
+_version = schema.TaskservVersion {
+    name = "webhook"
+    version = schema.Version {
+        current = "latest"
+        source = "https://github.com/webhooksite/webhook.site/releases"
+        tags = "https://github.com/webhooksite/webhook.site/tags"
+        site = "https://webhook.site"
+        check_latest = True  # Can auto-update for development tools
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/infrastructure/webhook/kcl/webhook.k b/taskservs/infrastructure/webhook/kcl/webhook.k
new file mode 100644
index 0000000..67d4638
--- /dev/null
+++ b/taskservs/infrastructure/webhook/kcl/webhook.k
@@ -0,0 +1,39 @@
+# Info: KCL Webhook task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+import regex
+
+schema Webhook:
+    name: str = "webhook"
+    # https://github.com/adnanh/webhook/release
+    webhook_version: str
+    # config file for webhook in /etc/webhook
+    webhook_conf: str = "hooks.conf"
+    # IP to listen
+    webhook_ip: str = "$network_private_ip"
+    # Port to listen
+    webhook_port: int = 9000
+    # Path for logs
+    webhook_logs_path: str = "/var/log/webhooks.logs"
+    # User 
+    webhook_user: str = "webhook"
+    webhook_group: str = "${webhook_user}"
+    webhook_home: str = "/home/${webhook_user}"
+    repo_username: str
+    # hostname for ssh/config
+    repo_hostname: str
+    # IMPORTANT: repo_ssh_key keys are copied form local to devops_admin (devadm)
+    # Has to be registered in repositiory (giteaa) to be used for git commands 
+    # should not have passphrase, use private key name 
+    repo_ssh_key: str 
+    repo_ssh_port: int  = 2022
+    # kloud path to clone repositories
+    provisioning_kloud: str
+    # default aws profie for env
+    aws_profile: str
+    check:
+        len(repo_hostname) > 0, "Check repo_hostname"
+        webhook_ip == Undefined or regex.match(webhook_ip,"^\$.*$") or regex.match(webhook_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'webhook_ip = ${webhook_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
diff --git a/taskservs/kubernetes/k8s_nodejoin/kcl/k8s_nodejoin.k b/taskservs/kubernetes/k8s_nodejoin/kcl/k8s_nodejoin.k
new file mode 100644
index 0000000..94a82d3
--- /dev/null
+++ b/taskservs/kubernetes/k8s_nodejoin/kcl/k8s_nodejoin.k
@@ -0,0 +1,34 @@
+# Info: KCL Kubeconfig task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+
+#schema Kubernetes:
+#  name: str = "kubernetes"
+#  version: str
+#  major_version: str
+#  cmd_task: "install"| "update" | "remove" = "install" 
+
+schema K8sNodejoin:
+   name: str = "k8s-nodejoin"
+   cp_hostname: str
+   # Task to get kubernetes config file to set KUBECONFIG or .kunbe/config
+   cluster: str
+   #req_sudo: bool = True
+   # Path to copy file 
+   target_path: str = "/tmp/k8s_join.sh"
+   # source file path 
+   source_path: str = "/tmp/k8s_join.sh"
+   # host to admin service or where ${source_path} can be found
+   admin_host?: str 
+   # Cluster services admin hosts port to connect via SSH
+   admin_port?: int
+   # Cluster services admin user connect via SSH
+   admin_user?: str
+   ssh_key_path?: str
+   source_cmd: str = "kubeadm token create --print-join-command > ${source_path}"
+   target_cmd: str = "sudo bash ${target_path}"
+   check:
+      len(cluster) > 0, "Check cluster value"
+      len(cp_hostname) > 0, "Check cp_hostname value"
+
diff --git a/taskservs/kubernetes/k8s_nodejoin/kcl/version.k b/taskservs/kubernetes/k8s_nodejoin/kcl/version.k
new file mode 100644
index 0000000..63bb956
--- /dev/null
+++ b/taskservs/kubernetes/k8s_nodejoin/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for k8s-nodejoin taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Kubernetes node join taskserv configuration
+_version = schema.TaskservVersion {
+    name = "k8s-nodejoin"
+    version = schema.Version {
+        current = "1.31.0"
+        source = "https://github.com/kubernetes/kubernetes/releases"
+        tags = "https://github.com/kubernetes/kubernetes/tags"
+        site = "https://kubernetes.io"
+        check_latest = False  # Pinned to match kubernetes version
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/kubernetes/kcl/dependencies.k b/taskservs/kubernetes/kcl/dependencies.k
new file mode 100644
index 0000000..a67234b
--- /dev/null
+++ b/taskservs/kubernetes/kcl/dependencies.k
@@ -0,0 +1,97 @@
+# KCL Dependency configuration for kubernetes taskserv
+# Defines comprehensive dependency, resource, and health requirements
+
+import provisioning.dependencies as schema
+
+# Kubernetes taskserv dependency configuration
+_dependencies = schema.TaskservDependencies {
+    name = "kubernetes"
+
+    # Critical dependencies - must be installed first
+    requires = ["containerd", "etcd", "os"]
+
+    # Optional enhancements - install if available
+    optional = ["coredns", "cilium", "proxy"]
+
+    # Cannot coexist with alternative container runtimes
+    conflicts = ["docker", "podman", "crio"]
+
+    # Services provided by this taskserv
+    provides = ["k8s-api", "kubelet", "kubectl", "kube-scheduler", "kube-controller-manager"]
+
+    # Resource requirements for Kubernetes installation
+    resources = schema.ResourceRequirement {
+        cpu = "2000m"           # 2 CPU cores minimum
+        memory = "2Gi"          # 2GB RAM minimum
+        disk = "20Gi"           # 20GB for etcd, logs, images
+        network = True          # Requires network for cluster communication
+        privileged = True       # Needs privileged access for system integration
+    }
+
+    # Health checks for Kubernetes components
+    health_checks = [
+        schema.HealthCheck {
+            command = "kubectl cluster-info"
+            interval = 60
+            timeout = 15
+            retries = 3
+            success_threshold = 2
+            failure_threshold = 3
+        },
+        schema.HealthCheck {
+            command = "systemctl is-active kubelet"
+            interval = 30
+            timeout = 5
+            retries = 2
+        }
+    ]
+
+    # Readiness probe for installation completion
+    readiness_probe = schema.HealthCheck {
+        command = "kubectl get nodes --no-headers | grep -q Ready"
+        interval = 30
+        timeout = 10
+        retries = 10
+        success_threshold = 3
+    }
+
+    # Installation phases for ordered deployment
+    phases = [
+        schema.InstallationPhase {
+            name = "pre-install"
+            order = 1
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "install"
+            order = 2
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "post-install"
+            order = 3
+            parallel = True
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "validate"
+            order = 4
+            parallel = False
+            required = True
+        }
+    ]
+
+    # Installation control
+    timeout = 1200              # 20 minutes for full cluster setup
+    retry_count = 3
+
+    # Platform compatibility
+    os_support = ["linux"]
+    arch_support = ["amd64", "arm64"]
+    k8s_versions = ["1.31.0", "1.30.x", "1.29.x"]
+}
+
+# Output for dynamic dependency resolution
+_dependencies
\ No newline at end of file
diff --git a/taskservs/kubernetes/kcl/kubernetes.k b/taskservs/kubernetes/kcl/kubernetes.k
new file mode 100644
index 0000000..7d37885
--- /dev/null
+++ b/taskservs/kubernetes/kcl/kubernetes.k
@@ -0,0 +1,81 @@
+# Info: KCL Kubernetes task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+import regex
+
+schema ETCD_endpoint:
+   prot: "http"| "https" = "https"
+   name?: str
+   addr?: str 
+   port: int = 2379
+
+   check:
+      addr == Undefined or regex.match(addr,"^\$.*$") or regex.match(addr, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'addr = ${addr}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema Kubernetes:
+   name: str = "kubernetes"
+   version: str
+   major_version: str
+   cri: "crio" | "containerd" = "crio"
+   runtime_default: "crun" | "runc" | "youki" = "crun"
+   runtimes: str = "crun,runc"
+
+   cni: "cilium" | "calico" = "cilium"
+   cni_version: str = ""
+   bind_port: int = 6443
+   timeout_cp: str = "4m0s"
+   certs_dir: str = "/etc/kubernetes/pki"
+   auth_mode: str = "Node,RBAC"
+   taints_effect: "PreferNoSchedule" = "PreferNoSchedule"
+   pull_policy: "IfNotPresent" = "IfNotPresent"
+   # Kubernetes addons separated with commans
+   addons: str
+   tpl: str = "kubeadm-config.yaml.j2"
+   repo: str = "registry.k8s.io" 
+   dns_domain: str = "cluster.local"
+   pod_net: str = "10.244.0.0/16"
+   service_net: str = "10.96.0.0/12"
+   cert_sans: [str] = [ "$hostname", "$cluster_name", "127.0.0.1" ]
+   # External IPs separated with commans for ingress
+   external_ips: [str]
+   # Cluster name
+   cluster_name: str
+   hostname: str
+   # ControlPanel IP 
+   cp_ip?: str
+   cp_name: str
+   # If HOSTNAME == K8S_MASTER it will be MASTER_0
+   # othewise set HOSTNAME value to be resolved in same K8S_MASTER network
+   # By using -cp- as part of HOSTNAME will be consider node as controlpanel
+   # Other options: -wk-0  or -wkr-0 for worker nodes
+   ip: str 
+   # K8s cluster role: controlpnlane or worker
+   mode: "controlplane" | "worker"
+   # K8s command task
+   cmd_task: "install" | "update" | "remove" | "reinstall" = "install"
+   admin_user: str
+   target_path: str
+   taint_node: bool = True
+   etcd_mode: "" | "external" = ""
+   etcd_prefix: str = ""
+   etcd_endpoints: [ETCD_endpoint] = []
+   etcd_ca_path: str = "/etc/kubernetes/pki/etcd/ca.crt"
+   etcd_cert_path: str = "/etc/kubernetes/pki/etcd/server.crt"
+   etcd_key_path: str = "/etc/kubernetes/pki/etcd/server.key"
+   etcd_cluster_name: str = ""
+   etcd_peers: str = ""
+   # etcd certs path
+   prov_etcd_path: str = "etcdcerts"
+   # install etcd certs path
+   etcd_certs_path: str = "etcd_certs"
+   # LOG path for kubeadm
+   install_log_path: str = "/tmp/k8s.log"
+   # Work path for config generated file
+   work_path: str = "$cluster_name"
+   check:
+      cp_ip == Undefined or regex.match(cp_ip,"^\$.*$") or regex.match(cp_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+      regex.match(pod_net,"^\$.*$") or regex.match(pod_net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'pod_net = ${pod_net}' check value definition"
+      regex.match(service_net,"^\$.*$") or regex.match(service_net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'service_net = ${service_net}' check value definition"
+
diff --git a/taskservs/kubernetes/kcl/version.k b/taskservs/kubernetes/kcl/version.k
new file mode 100644
index 0000000..a632340
--- /dev/null
+++ b/taskservs/kubernetes/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for kubernetes taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Kubernetes taskserv configuration
+_version = schema.TaskservVersion {
+    name = "kubernetes"
+    version = schema.Version {
+        current = "1.31.0"
+        source = "https://github.com/kubernetes/kubernetes/releases"
+        tags = "https://github.com/kubernetes/kubernetes/tags"
+        site = "https://kubernetes.io"
+        # Pinned for production stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["containerd", "etcd", "coredns"]
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/kubernetes/kubeconfig/kcl/kubeconfig.k b/taskservs/kubernetes/kubeconfig/kcl/kubeconfig.k
new file mode 100644
index 0000000..d6fecda
--- /dev/null
+++ b/taskservs/kubernetes/kubeconfig/kcl/kubeconfig.k
@@ -0,0 +1,24 @@
+# Info: KCL Kubeconfig task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+
+schema Kubeconfig:
+   # Task to get kubernetes config file to set KUBECONFIG or .kunbe/config
+   cluster: str
+   # To get path sudo is required
+   req_sudo: bool = True
+   # Path to copy file 
+   target_path: str = "HOME/.kube/config"
+   # source file path 
+   source_path: str = "/etc/kubernetes/admin.conf"
+   # host to admin service or where ${source_path} can be found
+   admin_host?: str 
+   # Cluster services admin hosts port to connect via SSH
+   admin_port?: int
+   # Cluster services admin user connect via SSH
+   admin_user?: str
+   ssh_key_path?: str
+   check:
+      len(cluster) > 0, "Check cluster value"
+
diff --git a/taskservs/kubernetes/kubeconfig/kcl/version.k b/taskservs/kubernetes/kubeconfig/kcl/version.k
new file mode 100644
index 0000000..ad3fa05
--- /dev/null
+++ b/taskservs/kubernetes/kubeconfig/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for kubeconfig taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Kubeconfig management taskserv configuration
+_version = schema.TaskservVersion {
+    name = "kubeconfig"
+    version = schema.Version {
+        current = "1.31.0"
+        source = "https://github.com/kubernetes/kubernetes/releases"
+        tags = "https://github.com/kubernetes/kubernetes/tags"
+        site = "https://kubernetes.io"
+        check_latest = False  # Pinned to match kubernetes version
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/kubernetes/kubectl/kcl/kubernetes.k b/taskservs/kubernetes/kubectl/kcl/kubernetes.k
new file mode 100644
index 0000000..1415663
--- /dev/null
+++ b/taskservs/kubernetes/kubectl/kcl/kubernetes.k
@@ -0,0 +1,10 @@
+# Info: KCL Kubernetes task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+
+schema Kubernetes:
+  name: str = "kubernetes"
+  version: str
+  major_version: str
+  cmd_task: "install"| "update" | "remove" = "install"
diff --git a/taskservs/kubernetes/kubectl/kcl/version.k b/taskservs/kubernetes/kubectl/kcl/version.k
new file mode 100644
index 0000000..af2a689
--- /dev/null
+++ b/taskservs/kubernetes/kubectl/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for kubectl taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Kubectl CLI taskserv configuration
+_version = schema.TaskservVersion {
+    name = "kubectl"
+    version = schema.Version {
+        current = "1.31.0"
+        source = "https://github.com/kubernetes/kubernetes/releases"
+        tags = "https://github.com/kubernetes/kubernetes/tags"
+        site = "https://kubernetes.io"
+        check_latest = False  # Pinned to match kubernetes version
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/networking/cilium/kcl/cilium.k b/taskservs/networking/cilium/kcl/cilium.k
new file mode 100644
index 0000000..8c6b644
--- /dev/null
+++ b/taskservs/networking/cilium/kcl/cilium.k
@@ -0,0 +1,9 @@
+# Info: Cilium Runc schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.1
+# Date: 30-06-2024
+
+schema Cilium:
+   name: str = "cilium"
+   version: str
+
diff --git a/taskservs/networking/cilium/kcl/dependencies.k b/taskservs/networking/cilium/kcl/dependencies.k
new file mode 100644
index 0000000..4c4a523
--- /dev/null
+++ b/taskservs/networking/cilium/kcl/dependencies.k
@@ -0,0 +1,103 @@
+# KCL Dependency configuration for cilium taskserv
+# Defines comprehensive dependency, resource, and health requirements
+
+import provisioning.dependencies as schema
+
+# Cilium taskserv dependency configuration
+_dependencies = schema.TaskservDependencies {
+    name = "cilium"
+
+    # Critical dependencies - must be installed first
+    requires = ["kubernetes", "containerd"]
+
+    # Optional enhancements - install if available
+    optional = ["coredns", "proxy"]
+
+    # Cannot coexist with other CNI solutions
+    conflicts = ["calico", "flannel", "weave"]
+
+    # Services provided by this taskserv
+    provides = ["cni", "network-policy", "load-balancer", "service-mesh", "hubble-ui"]
+
+    # Resource requirements for Cilium installation
+    resources = schema.ResourceRequirement {
+        cpu = "500m"            # 500m CPU for network processing
+        memory = "512Mi"        # 512MB RAM for network state
+        disk = "2Gi"           # 2GB for logs and network data
+        network = True          # Core network functionality
+        privileged = True       # Needs privileged access for network operations
+    }
+
+    # Health checks for Cilium components
+    health_checks = [
+        schema.HealthCheck {
+            command = "kubectl get pods -n kube-system -l k8s-app=cilium | grep -v Running | wc -l | grep -q '^0$'"
+            interval = 60
+            timeout = 15
+            retries = 3
+            success_threshold = 2
+            failure_threshold = 3
+        },
+        schema.HealthCheck {
+            command = "kubectl exec -n kube-system ds/cilium -- cilium status | grep -q 'OK'"
+            interval = 120
+            timeout = 20
+            retries = 3
+        },
+        schema.HealthCheck {
+            command = "kubectl get ciliumnodeconfig -A | wc -l | grep -v '^0$'"
+            interval = 180
+            timeout = 10
+            retries = 2
+        }
+    ]
+
+    # Readiness probe for installation completion
+    readiness_probe = schema.HealthCheck {
+        command = "kubectl get nodes -o jsonpath='{.items[*].status.conditions[?(@.type==\"Ready\")].status}' | grep -v True | wc -l | grep -q '^0$'"
+        interval = 30
+        timeout = 10
+        retries = 8
+        success_threshold = 3
+    }
+
+    # Installation phases for ordered deployment
+    phases = [
+        schema.InstallationPhase {
+            name = "pre-install"
+            order = 1
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "install"
+            order = 2
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "post-install"
+            order = 3
+            parallel = True
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "validate"
+            order = 4
+            parallel = False
+            required = True
+        }
+    ]
+
+    # Installation control
+    timeout = 600               # 10 minutes for CNI setup
+    retry_count = 3
+
+    # Platform compatibility
+    os_support = ["linux"]
+    arch_support = ["amd64", "arm64"]
+    k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
+}
+
+# Output for dynamic dependency resolution
+_dependencies
\ No newline at end of file
diff --git a/taskservs/networking/cilium/kcl/version.k b/taskservs/networking/cilium/kcl/version.k
new file mode 100644
index 0000000..5f2ea32
--- /dev/null
+++ b/taskservs/networking/cilium/kcl/version.k
@@ -0,0 +1,15 @@
+import taskservs.version as schema
+
+_version = schema.TaskservVersion {
+    name = "cilium"
+    version = schema.Version {
+        current = "1.16.5"
+        source = "https://github.com/cilium/cilium/releases"
+        tags = "https://github.com/cilium/cilium/tags"
+        site = "https://cilium.io"
+        # Pinned for production stability
+        check_latest = True
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/networking/coredns/kcl/coredns.k b/taskservs/networking/coredns/kcl/coredns.k
new file mode 100644
index 0000000..3272fb7
--- /dev/null
+++ b/taskservs/networking/coredns/kcl/coredns.k
@@ -0,0 +1,57 @@
+# Info: KCL CoreDNS task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 29-12-2023
+
+import regex
+
+schema CoreDNSForward:
+   source: str = "."
+   forward_ip?: str
+
+   check:
+      forward_ip == Undefined or regex.match(forward_ip,"^\$.*$") or regex.match(forward_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'network_private_ip = ${forward_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema CoreDNSRecord:
+   name: str
+   ttl: int = 300
+   rectype: "A" | "AAAA" | "CNAME" | "MX" | "TXT" | "NS" | "SOA" | "SRV" | "PTR" 
+   server_pos?: int
+   source?: str
+   target_ip?: str
+   # use for SRV like: "0 0 2380" (priority weight port)
+   # user for MX like: "300 ip-or-FQND" (priority target)
+   # user for TXT or CNAME with target content 
+   value?: str
+   comment?: str
+   etcd_dns_ttl: int = 300 
+   etcd_peer_port: int = 2380
+   etcd_cli_port: int = 2379   
+
+   check:
+      target_ip == Undefined or regex.match(target_ip,"^\$.*$") or regex.match(target_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'target_ip = ${target_ip}' check value definition (use $value or xx.xx.xx.xx)"
+
+schema NameServer: 
+   ns_ip: str
+   check:
+      ns_ip == Undefined or regex.match(ns_ip,"^\$.*$") or regex.match(ns_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ns_ip = ${ns_ip}' check value definition (use $value or xx.xx.xx.xx)"
+
+schema CoreDNSEntry: 
+   domain: str
+   port: int = 53
+   file?: str
+   records?: [CoreDNSRecord]
+   forward?: CoreDNSForward
+   use_log: bool = True
+   use_errors: bool = True
+   use_cache: bool = True
+   etcd_cluster_name: str = ""
+
+schema COREDNS:
+   version: str
+   name: str
+   hostname: str
+   etc_corefile: str = "/etc/coredns/Corefile"
+   nameservers: [NameServer]
+   domains_search: str = ""
+   entries: [ CoreDNSEntry ]
diff --git a/taskservs/networking/coredns/kcl/version.k b/taskservs/networking/coredns/kcl/version.k
new file mode 100644
index 0000000..5e9c2a1
--- /dev/null
+++ b/taskservs/networking/coredns/kcl/version.k
@@ -0,0 +1,20 @@
+# KCL Version configuration for coredns taskserv
+# Uses proper TaskservVersion schema for type safety
+#
+import taskservs.version as schema
+
+# CoreDNS taskserv configuration
+_version = schema.TaskservVersion {
+    name = "coredns"
+    version = schema.Version {
+        current = "1.11.4"
+        source = "https://github.com/coredns/coredns/releases"
+        tags = "https://github.com/coredns/coredns/tags"
+        site = "https://coredns.io"
+        # Pinned for production stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+_version
diff --git a/taskservs/networking/etcd/kcl/etcd.k b/taskservs/networking/etcd/kcl/etcd.k
new file mode 100644
index 0000000..d094138
--- /dev/null
+++ b/taskservs/networking/etcd/kcl/etcd.k
@@ -0,0 +1,57 @@
+# Info: KCL ETCD task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 29-12-2023
+
+import regex
+
+schema ETCD:
+   version: str
+   name: str = "etcd"
+   etcd_name: str = "$hostname"
+   # how to generate ssl certificates
+   ssl_mode: "cfssl"| "openssl" = "openssl"
+   # It seems only RSA works (dic-2023)
+   ssl_sign: "ECC" | "RSA" = "RSA"
+   ca_sign: "ECC" | "RSA" = "RSA"
+   ssl_curve: "" | "secp384r1" | "secp256k1" | "secp521r1" | "prime256v1" = "prime256v1"
+   long_sign: 2048 | 4096 = 4096
+   cipher: "" | "-aes256"  = ""
+   ca_sign_days: int = 1460
+   sign_days: int = 730
+   sign_sha: 256 | 384 | 512 = 256
+   sign_pass: str = ""
+   etcd_protocol: "https"| "http" = "https"
+   source_url: "google" | "github" = "github"
+   cluster_name: str
+   hostname: str
+   cn: str
+   c: str
+   data_dir: str = "/var/lib/etcd"
+   conf_path: str = "/etc/etcd/config.yaml"
+   log_level: "warn" | "error" = "warn"
+   log_out: "stdout" | "stderr" = "stderr"
+   discover_url: str = ""
+   cli_ip: str
+   cli_port: int = 2379
+   peer_ip: str
+   peer_port: int = 2380
+   cluster_list: str
+   token: str
+   certs_path: str = "/etc/ssl/etcd"
+   prov_path: str = "etcdcerts"
+   listen_peers: str = ""
+   adv_listen_peers: str = ""
+   initial_peers: str = ""
+   listen_clients: str = ""
+   adv_listen_clients: str = ""
+   use_localhost: bool = False
+   dns_domain_path: str = ""
+   domain_name: str = ""
+   discovery_srv: str = ""
+   use_dns: bool = True
+
+   #check:
+   #   cli_ip == Undefined or regex.match(cli_ip,"^\$.*$") or regex.match(cli_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+   #   peer_ip == Undefined or regex.match(peer_ip,"^\$.*$") or regex.match(peer_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'cp_ip = ${cp_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
diff --git a/taskservs/networking/etcd/kcl/version.k b/taskservs/networking/etcd/kcl/version.k
new file mode 100644
index 0000000..c352732
--- /dev/null
+++ b/taskservs/networking/etcd/kcl/version.k
@@ -0,0 +1,22 @@
+# KCL Version configuration for etcd taskserv
+# Simple format without imports for now
+#
+import taskservs.version as schema
+
+# Etcd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "etcd"
+    version = schema.Version {
+        current = "3.5.16"
+        source = "https://github.com/etcd-io/etcd/releases"
+        tags = "https://github.com/etcd-io/etcd/tags"
+        site = "https://etcd.io"
+        # Pinned for production stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/networking/ip_aliases/kcl/ip_aliases.k b/taskservs/networking/ip_aliases/kcl/ip_aliases.k
new file mode 100644
index 0000000..ebae139
--- /dev/null
+++ b/taskservs/networking/ip_aliases/kcl/ip_aliases.k
@@ -0,0 +1,25 @@
+# Info: KCL IP alias task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 4-08-2024
+
+import regex
+
+schema IPalias:
+   setup_mode: "system" | "alias" = "alias"
+   address: str 
+   hostname: str = ""
+   main_hostname: bool = False
+   interface: str
+   dev_interface: str
+   netmask: str = "255.255.255.0"
+   nameservers: str = ""
+   search: str = ""
+   check:
+      address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
+      netmask == Undefined or regex.match(netmask,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'netmask = ${netmask}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema IPaliases:
+    name: str = "IPaliases"
+    aliases: [IPalias] 
+
diff --git a/taskservs/networking/ip_aliases/kcl/version.k b/taskservs/networking/ip_aliases/kcl/version.k
new file mode 100644
index 0000000..6c4a699
--- /dev/null
+++ b/taskservs/networking/ip_aliases/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for crun taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Crun taskserv configuration
+_version = schema.TaskservVersion {
+    name = "ip-aliases"
+    version = schema.Version {
+        current = "latest"
+        source = ""
+        tags = ""
+        site = ""
+        # Auto-update for container runtime
+        check_latest = False
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/networking/proxy/kcl/proxy.k b/taskservs/networking/proxy/kcl/proxy.k
new file mode 100644
index 0000000..9a70b65
--- /dev/null
+++ b/taskservs/networking/proxy/kcl/proxy.k
@@ -0,0 +1,47 @@
+# Info: KCL Proxy task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+import regex 
+
+schema ProxyBackend:
+    """
+    ProxyBackend
+    """
+    name: str  = "be_repo"
+    ssl_sni: str = "localrepo.cloudnative.zone"
+    mode: "http"| "tcp"  = "tcp"
+    balance: str  = "roundrobin"
+    option: str 
+    server_name: str
+    server_host_ip: str
+    server_port: int 
+    server_ops: str = "check fall 3 rise 2"
+    check: 
+        regex.match(server_host_ip,"^\$.*$") or regex.match(server_host_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'server_hosts_ip = ${server_host_ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema IPBind:
+    """
+    IP bind settings for https 
+    """
+    ip: str
+    port: int
+    check: 
+        regex.match(ip,"^\$.*$") or regex.match(ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ip = ${ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema Proxy:
+    """
+    Proxy settings
+    """
+    proxy_version: str
+    proxy_lib: str = "/var/lib/haproxy"
+    proxy_cfg_file: str = "haproxy.cfg"
+    run_user: str = "haproxy"
+    run_group: str = "haproxy"
+    run_user_home: str = "/home/${run_user}"
+    https_in_binds: [ IPBind ] 
+    https_options: [ str ] = [ "tcplog", "dontlognull" ]
+    https_log_format: str = "%H %ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
+    backends: [ ProxyBackend ]
+    
diff --git a/taskservs/networking/proxy/kcl/version.k b/taskservs/networking/proxy/kcl/version.k
new file mode 100644
index 0000000..7df6afe
--- /dev/null
+++ b/taskservs/networking/proxy/kcl/version.k
@@ -0,0 +1,19 @@
+# KCL Version configuration for proxy taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Proxy taskserv configuration
+_version = schema.TaskservVersion {
+    name = "proxy"
+    version = schema.Version {
+        current = "latest"
+        site = "Internal provisioning component"
+        # Internal component, no upstream
+        check_latest = False
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/networking/resolv/kcl/resolv.k b/taskservs/networking/resolv/kcl/resolv.k
new file mode 100644
index 0000000..3efd9c4
--- /dev/null
+++ b/taskservs/networking/resolv/kcl/resolv.k
@@ -0,0 +1,16 @@
+# Info: KCL Resolv task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 31-12-2023
+
+import regex
+
+schema NameServer: 
+    ns_ip: str
+    check:
+        ns_ip == Undefined or regex.match(ns_ip,"^\$.*$") or regex.match(ns_ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ns_ip = ${ns_ip}' check value definition (use $value or xx.xx.xx.xx)"
+
+schema Resolv:
+    name: str = "resolv"
+    nameservers: [NameServer]
+    domains_search: str = ""
diff --git a/taskservs/networking/resolv/kcl/version.k b/taskservs/networking/resolv/kcl/version.k
new file mode 100644
index 0000000..c4c6b46
--- /dev/null
+++ b/taskservs/networking/resolv/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for resolv taskserv
+# Uses proper import from centralized schema definitions
+
+import taskservs.version as schema
+
+# Resolv (DNS resolution) taskserv configuration
+_version = schema.TaskservVersion {
+    name = "resolv"
+    version = schema.Version {
+        current = "1.0.0"
+        source = ""
+        tags = ""
+        site = ""
+        check_latest = False  # System component
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
\ No newline at end of file
diff --git a/taskservs/storage/external_nfs/kcl/external_nfs.k b/taskservs/storage/external_nfs/kcl/external_nfs.k
new file mode 100644
index 0000000..7db7176
--- /dev/null
+++ b/taskservs/storage/external_nfs/kcl/external_nfs.k
@@ -0,0 +1,18 @@
+# Info: KCL ExternalNFS task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 10-12-2023
+
+import regex
+
+schema ExternalNFS:
+    # NFS server IP
+    ip: str = "$network_private_ip"
+    # NFS net to share
+    net: str = "$net"
+    # NFS share path
+    shared: str = "/shared"
+
+    check:
+        regex.match(ip,"^\$.*$") or regex.match(ip, "^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'ip = ${ip}' check value definition (use $vaule or xx.xx.xx.xx)"
+        regex.match(net,"^\$.*$") or regex.match(net, "^(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\/(?:3[0-2]|[0-2]?[0-9])$"), "'net = ${net}' check value definition"
diff --git a/taskservs/storage/external_nfs/kcl/version.k b/taskservs/storage/external_nfs/kcl/version.k
new file mode 100644
index 0000000..301d3d6
--- /dev/null
+++ b/taskservs/storage/external_nfs/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for crun taskserv
+# Uses proper TaskservVersion schema for type safety
+import taskservs.version as schema
+
+# Crun taskserv configuration
+_version = schema.TaskservVersion {
+    name = "crun"
+    version = schema.Version {
+        current = "latest"
+        source = ""
+        tags = ""
+        site = ""
+        # Auto-update for container runtime
+        check_latest = False
+        grace_period = 86400
+    }
+    dependencies = []
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/storage/mayastor/kcl/mayastor.k b/taskservs/storage/mayastor/kcl/mayastor.k
new file mode 100644
index 0000000..f7233dd
--- /dev/null
+++ b/taskservs/storage/mayastor/kcl/mayastor.k
@@ -0,0 +1,9 @@
+# Info: KCL MAYASTOR task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 15-12-2023
+
+schema Mayastor:
+    name: str = "mayastor"
+    nr_hugepages: int = 1024
+
diff --git a/taskservs/storage/mayastor/kcl/version.k b/taskservs/storage/mayastor/kcl/version.k
new file mode 100644
index 0000000..1c3fc26
--- /dev/null
+++ b/taskservs/storage/mayastor/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for mayastor taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Mayastor storage taskserv configuration
+_version = schema.TaskservVersion {
+    name = "mayastor"
+    version = schema.Version {
+        current = "2.6.1"
+        source = "https://github.com/openebs/mayastor/releases"
+        tags = "https://github.com/openebs/mayastor/tags"
+        site = "https://openebs.io/docs/concepts/mayastor"
+        # Pinned for storage stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/storage/oci_reg/kcl/oci-reg.k b/taskservs/storage/oci_reg/kcl/oci-reg.k
new file mode 100644
index 0000000..3d46211
--- /dev/null
+++ b/taskservs/storage/oci_reg/kcl/oci-reg.k
@@ -0,0 +1,104 @@
+# Info: KCL OCIReg task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 11-01-2024
+
+import regex
+
+schema OCIRegStorageDriver:
+   name: str
+   rootdirectory: str
+   region: str
+   bucket: str
+   secure: bool = True
+   regionendpoint: str
+   accesskey: str
+   secretkey: str
+   skipverify: bool = False
+
+schema OCIRegTLS:
+   cert: str = "/etc/zot/ssl/fullchain.pem"
+   key: str ="/etc/zot/ssl/privkey.pem"
+
+schema OCIRegHtpasswd:
+   path: str = "/etc/zot/htpasswd"
+
+schema OCIRegAuth:
+   htpasswd?: OCIRegHtpasswd
+   failDelay: int = 5
+
+schema OCIRegHTTP:
+   address: str = "0.0.0.0"
+   port: int = 5000
+   realm: str = "zot"
+   tls?: OCIRegTLS 
+   auth?: OCIRegAuth 
+   check:
+      address == Undefined or regex.match(address,"^\$.*$") or regex.match(address,"^((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])$"), "'address = ${address}' check value definition (use $vaule or xx.xx.xx.xx)"
+
+schema OCIRegLog:
+   level: str = "debug"
+   output: str = "/var/log/zot/zot.log"
+   audit: str = "/var/log/zot/zot-audit.log"
+
+schema OCIRegRegistry:
+   urls: [str]
+   onDemand: bool = True
+   maxRetries?: int
+   retryDelay?: str #  "5m"
+   pollInterval?: str # "6h"
+
+schema OCIRegCVE:
+   updateInterval: str = "24h"
+
+schema OCIRegExtUI:
+   enable: bool = True
+
+schema OCIRegExtSearch:
+   enable: bool = True
+   cve: OCIRegCVE = { updateInterval = "24h"}
+
+schema OCIRegExtSync:
+   enable: bool = True
+   registries?: [OCIRegRegistry]
+
+schema OCIRegExtScrub:
+   enable: bool = True
+   interval: str = "24h"
+
+schema OCIRegStorage:
+   rootDirectory: str
+   dedupe: bool = True
+   gc?: bool
+   gcDelay?: str  # "1h"
+   gcInterval?: str # "6h"
+   remoteCache?: bool = False
+   storageDriver?: OCIRegStorageDriver
+
+schema OCIRegExtensions:
+   ui?: OCIRegExtUI
+   search?: OCIRegExtSearch
+   sync?: OCIRegExtSync
+   scrub?: OCIRegExtScrub
+
+schema OCIRegConfig:
+   distSpecVersion: str = "1.0.1"
+   storage: OCIRegStorage
+   http?: OCIRegHTTP 
+   log?: OCIRegLog
+   extensions?: OCIRegExtensions
+
+schema OCIReg:
+   version: str
+   name: str
+   oci_data: str = "/data/zot"
+   oci_etc: str = "/etc/zot"
+   oci_log: str = "/var/log/zot"
+   oci_user: str = "zot"
+   oci_user_group: str = "zot"
+   oci_cmds: str = "zot zli"  
+   oci_memory_high: int = 30
+   oci_memory_max: int =32
+   oci_bin_path: str = "/usr/local/bin"
+   copy_paths: [str] 
+   config: OCIRegConfig
diff --git a/taskservs/storage/oci_reg/kcl/version.k b/taskservs/storage/oci_reg/kcl/version.k
new file mode 100644
index 0000000..a95b486
--- /dev/null
+++ b/taskservs/storage/oci_reg/kcl/version.k
@@ -0,0 +1,16 @@
+import taskservs.version as schema
+
+# Containerd taskserv configuration
+_version = schema.TaskservVersion {
+    name = "oci_reg"
+    version = schema.Version {
+        current = "v2.1.8"
+        source = "https://github.com/distribution/distribution/releases"
+        tags = "https://github.com/distribution/distribution/tags"
+        site = "https://distribution.github.io/distribution/"
+        # Auto-update for registry
+        check_latest = True
+        grace_period = 86400
+    }
+}
+_version
diff --git a/taskservs/storage/rook_ceph/kcl/dependencies.k b/taskservs/storage/rook_ceph/kcl/dependencies.k
new file mode 100644
index 0000000..6f12ce1
--- /dev/null
+++ b/taskservs/storage/rook_ceph/kcl/dependencies.k
@@ -0,0 +1,103 @@
+# KCL Dependency configuration for rook-ceph taskserv
+# Defines comprehensive dependency, resource, and health requirements
+
+import provisioning.dependencies as schema
+
+# Rook-Ceph taskserv dependency configuration
+_dependencies = schema.TaskservDependencies {
+    name = "rook-ceph"
+
+    # Critical dependencies - must be installed first
+    requires = ["kubernetes", "containerd"]
+
+    # Optional enhancements - install if available
+    optional = ["cilium", "coredns"]
+
+    # Cannot coexist with other storage solutions
+    conflicts = ["external-nfs", "mayastor"]
+
+    # Services provided by this taskserv
+    provides = ["ceph-storage", "block-storage", "file-storage", "object-storage", "storage-class"]
+
+    # Resource requirements for Rook-Ceph installation
+    resources = schema.ResourceRequirement {
+        cpu = "1000m"           # 1 CPU core for Ceph daemons
+        memory = "2Gi"          # 2GB RAM minimum for Ceph operations
+        disk = "50Gi"          # 50GB minimum for Ceph storage
+        network = True          # Requires network for cluster replication
+        privileged = True       # Needs privileged access for storage operations
+    }
+
+    # Health checks for Rook-Ceph components
+    health_checks = [
+        schema.HealthCheck {
+            command = "kubectl get cephcluster -n rook-ceph -o jsonpath='{.items[0].status.phase}' | grep -q Ready"
+            interval = 120
+            timeout = 30
+            retries = 5
+            success_threshold = 2
+            failure_threshold = 3
+        },
+        schema.HealthCheck {
+            command = "kubectl get pods -n rook-ceph | grep -E 'rook-ceph-mon|rook-ceph-mgr|rook-ceph-osd' | grep -v Running | wc -l | grep -q '^0$'"
+            interval = 60
+            timeout = 15
+            retries = 3
+        },
+        schema.HealthCheck {
+            command = "kubectl exec -n rook-ceph deployment/rook-ceph-tools -- ceph status | grep -q 'HEALTH_OK'"
+            interval = 180
+            timeout = 30
+            retries = 3
+        }
+    ]
+
+    # Readiness probe for installation completion
+    readiness_probe = schema.HealthCheck {
+        command = "kubectl get storageclass rook-ceph-block -o jsonpath='{.metadata.name}' | grep -q rook-ceph-block"
+        interval = 60
+        timeout = 15
+        retries = 10
+        success_threshold = 3
+    }
+
+    # Installation phases for ordered deployment
+    phases = [
+        schema.InstallationPhase {
+            name = "pre-install"
+            order = 1
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "install"
+            order = 2
+            parallel = False
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "post-install"
+            order = 3
+            parallel = True
+            required = True
+        },
+        schema.InstallationPhase {
+            name = "validate"
+            order = 4
+            parallel = False
+            required = True
+        }
+    ]
+
+    # Installation control - Ceph deployment takes longer
+    timeout = 1800              # 30 minutes for full Ceph cluster setup
+    retry_count = 2             # Fewer retries due to complexity
+
+    # Platform compatibility
+    os_support = ["linux"]
+    arch_support = ["amd64", "arm64"]
+    k8s_versions = ["1.31.x", "1.30.x", "1.29.x", "1.28.x"]
+}
+
+# Output for dynamic dependency resolution
+_dependencies
\ No newline at end of file
diff --git a/taskservs/storage/rook_ceph/kcl/rook_ceph.k b/taskservs/storage/rook_ceph/kcl/rook_ceph.k
new file mode 100644
index 0000000..3fa6d14
--- /dev/null
+++ b/taskservs/storage/rook_ceph/kcl/rook_ceph.k
@@ -0,0 +1,22 @@
+# Info: KCL Rook-Ceph task schemas for provisioning (Provisioning)
+# Author: JesusPerezLorenzo 
+# Release: 0.0.4
+# Date: 19-04-2024
+
+schema RookCephNode:
+    name: str
+    devices: [str] = []
+
+schema RookCeph:
+    name: str = "rook-ceph"
+    namespace: str = "rook-ceph"
+    clustername: str = "rook-ceph"
+    ceph_image: str = "quay.io/ceph/ceph:v18.2.4"
+    rookCeph_image: str = "rook/ceph:master"
+    dataDirHostPath: str  = "/var/lib/rook"
+    object_user: str = "dao-user"
+    object_storename: str = "dao-rook"
+    object_displayname: str = "rook-dao-rook"
+    storage_fsName: str = "daofs"
+    storage_pool: str = "daofs-replicated"
+    nodes: [RookCephNode] = []
diff --git a/taskservs/storage/rook_ceph/kcl/version.k b/taskservs/storage/rook_ceph/kcl/version.k
new file mode 100644
index 0000000..08212f0
--- /dev/null
+++ b/taskservs/storage/rook_ceph/kcl/version.k
@@ -0,0 +1,21 @@
+# KCL Version configuration for rook-ceph taskserv
+# Uses proper import from centralized schema definitions
+import taskservs.version as schema
+
+# Rook-Ceph storage taskserv configuration
+_version = schema.TaskservVersion {
+    name = "rook-ceph"
+    version = schema.Version {
+        current = "1.15.5"
+        source = "https://github.com/rook/rook/releases"
+        tags = "https://github.com/rook/rook/tags"
+        site = "https://rook.io"
+        # Pinned for storage stability
+        check_latest = True
+        grace_period = 86400
+    }
+    dependencies = ["kubernetes"]
+}
+
+# Output for dynamic cache system
+_version
diff --git a/taskservs/version.k b/taskservs/version.k
new file mode 100644
index 0000000..6472b27
--- /dev/null
+++ b/taskservs/version.k
@@ -0,0 +1,9 @@
+# KCL Version Schema Re-export for Taskservs
+# Re-exports schemas from main kcl/version.k for use in taskserv definitions
+
+import provisioning.version as v
+
+# Re-export schemas for taskserv use
+Version = v.Version
+TaskservVersion = v.TaskservVersion
+VersionCache = v.VersionCache
\ No newline at end of file