# ============================================================================ # Command Metadata Registry # Version: 1.0.0 # Purpose: Declarative classification of all provisioning commands # # This schema defines metadata for every provisioning command including: # - Interactive requirements (FormInquire) # - Authentication/Authorization needs # - Workspace dependencies # - Side effects and destructiveness # - Estimated execution time # - Form paths for interactive commands # ============================================================================ schema CommandRequirements: """ Requirements for executing a command Defines what validation, auth, and resources are needed """ # Requires user interaction (FormInquire forms) interactive: bool = False # Requires authentication/authorization requires_auth: bool = False # Authentication type: jwt, mfa, cedar, none auth_type: "none" | "jwt" | "mfa" | "cedar" = "none" # Requires active workspace requires_workspace: bool = True # Has side effects (creates/modifies/deletes resources) side_effects: bool = False # Side effect type side_effect_type: "none" | "create" | "update" | "delete" | "deploy" = "none" # Requires explicit confirmation (for destructive ops) requires_confirmation: bool = False # Minimum permission level: read, write, admin, superadmin min_permission: "read" | "write" | "admin" | "superadmin" = "read" # Uses slow operations (network, disk I/O, etc) slow_operation: bool = False # Can be optimized with Rust plugin rust_optimizable: bool = False check: # If requires_confirmation, must have side_effects not requires_confirmation or side_effects, "Confirmation requires side_effects" # If side_effect_type != none, must have side_effects side_effect_type == "none" or side_effects, "side_effect_type requires side_effects=true" # MFA requires JWT auth first auth_type != "mfa" or requires_auth, "MFA requires requires_auth=true" # Cedar requires auth auth_type != "cedar" or requires_auth, "Cedar requires requires_auth=true" schema CommandMetadata: """ Complete metadata for a single command Defines behavior, requirements, and characteristics """ # Command canonical name (e.g., "server create", "workspace init") name: str # Command domain/group domain: "infrastructure" | "orchestration" | "workspace" | "configuration" | "authentication" | "platform" | "utilities" | "development" = "infrastructure" # Short description description: str # Command aliases/shortcuts aliases: [str] = [] # Requirements requirements: CommandRequirements # FormInquire form path (if interactive) form_path?: str # Estimated execution time (seconds) estimated_time: int = 1 check: len(name) > 0, "Name required" len(description) > 0, "Description required" schema CommandRegistry: """ Registry of all provisioning commands with metadata Central source of truth for command classification """ version: str = "1.0.0" # All registered commands (keyed by canonical name) commands: {str:CommandMetadata} check: len(commands) > 0, "At least one command required" # ============================================================================ # COMMAND DEFINITIONS - INFRASTRUCTURE # ============================================================================ _server_create: CommandMetadata = { name = "server create" domain = "infrastructure" description = "Create new servers from configuration" aliases = ["server c", "create server", "s create"] requirements = { interactive = False requires_auth = False requires_workspace = True side_effects = True side_effect_type = "create" requires_confirmation = False min_permission = "write" slow_operation = True rust_optimizable = True } estimated_time = 120 } _server_delete: CommandMetadata = { name = "server delete" domain = "infrastructure" description = "Delete existing servers" aliases = ["server d", "delete server", "s delete"] requirements = { interactive = True requires_auth = True auth_type = "jwt" requires_workspace = True side_effects = True side_effect_type = "delete" requires_confirmation = True min_permission = "admin" slow_operation = True } form_path = "provisioning/core/shlib/forms/infrastructure/server_delete_confirm.toml" estimated_time = 60 } _server_list: CommandMetadata = { name = "server list" domain = "infrastructure" description = "List all servers" aliases = ["server ls", "ls server", "s list"] requirements = { interactive = False requires_auth = False requires_workspace = True side_effects = False min_permission = "read" slow_operation = True } estimated_time = 5 } _taskserv_create: CommandMetadata = { name = "taskserv create" domain = "infrastructure" description = "Install task service on servers" aliases = ["taskserv c", "task create", "t create"] requirements = { interactive = False requires_auth = False requires_workspace = True side_effects = True side_effect_type = "create" min_permission = "write" slow_operation = True } estimated_time = 180 } _taskserv_delete: CommandMetadata = { name = "taskserv delete" domain = "infrastructure" description = "Remove task service from servers" aliases = ["taskserv d", "task delete", "t delete"] requirements = { interactive = True requires_auth = True auth_type = "jwt" requires_workspace = True side_effects = True side_effect_type = "delete" requires_confirmation = True min_permission = "admin" slow_operation = True } form_path = "provisioning/core/shlib/forms/infrastructure/taskserv_delete_confirm.toml" estimated_time = 60 } _cluster_create: CommandMetadata = { name = "cluster create" domain = "infrastructure" description = "Create new cluster" aliases = ["cluster c", "create cluster", "cl create"] requirements = { interactive = False requires_auth = False requires_workspace = True side_effects = True side_effect_type = "create" min_permission = "write" slow_operation = True } estimated_time = 300 } # ============================================================================ # COMMAND DEFINITIONS - WORKSPACE # ============================================================================ _workspace_init: CommandMetadata = { name = "workspace init" domain = "workspace" description = "Initialize new workspace interactively" aliases = ["workspace create", "ws init", "ws create"] requirements = { interactive = True requires_auth = False requires_workspace = False side_effects = True side_effect_type = "create" min_permission = "write" } form_path = "provisioning/core/forminquire/templates/workspace-init.form.j2" estimated_time = 30 } _workspace_list: CommandMetadata = { name = "workspace list" domain = "workspace" description = "List all registered workspaces" aliases = ["workspace ls", "ws list", "ws ls"] requirements = { interactive = False requires_auth = False requires_workspace = False side_effects = False min_permission = "read" } estimated_time = 1 } _workspace_switch: CommandMetadata = { name = "workspace switch" domain = "workspace" description = "Switch active workspace" aliases = ["workspace activate", "ws switch", "ws activate"] requirements = { interactive = False requires_auth = False requires_workspace = False side_effects = False min_permission = "read" } estimated_time = 2 } # ============================================================================ # COMMAND DEFINITIONS - AUTHENTICATION # ============================================================================ _auth_login: CommandMetadata = { name = "auth login" domain = "authentication" description = "Authenticate user with JWT" aliases = ["login"] requirements = { interactive = True requires_auth = False requires_workspace = False side_effects = True side_effect_type = "create" min_permission = "read" } form_path = "provisioning/core/shlib/forms/authentication/auth_login.toml" estimated_time = 2 } _mfa_enroll: CommandMetadata = { name = "mfa enroll" domain = "authentication" description = "Enroll in multi-factor authentication" aliases = ["mfa-enroll", "mfa setup"] requirements = { interactive = True requires_auth = True auth_type = "jwt" requires_workspace = False side_effects = True side_effect_type = "create" min_permission = "write" } form_path = "provisioning/core/shlib/forms/authentication/mfa_enroll.toml" estimated_time = 30 } # ============================================================================ # COMMAND DEFINITIONS - CONFIGURATION/SETUP # ============================================================================ _setup_wizard: CommandMetadata = { name = "setup" domain = "configuration" description = "Interactive system setup wizard" aliases = ["setup wizard", "st"] requirements = { interactive = True requires_auth = False requires_workspace = False side_effects = True side_effect_type = "create" min_permission = "admin" } form_path = "provisioning/core/forminquire/templates/setup-wizard.form.j2" estimated_time = 120 } # ============================================================================ # COMMAND DEFINITIONS - READ-ONLY/UTILITIES # ============================================================================ _help_command: CommandMetadata = { name = "help" domain = "utilities" description = "Show help information" aliases = ["h", "-h", "--help"] requirements = { requires_workspace = False min_permission = "read" } estimated_time = 1 } _version_command: CommandMetadata = { name = "version" domain = "utilities" description = "Show version information" aliases = ["v", "-v", "--version"] requirements = { requires_workspace = False min_permission = "read" } estimated_time = 1 } # ============================================================================ # COMMAND REGISTRY INSTANCE # ============================================================================ _command_registry: CommandRegistry = { version = "1.0.0" commands = { # Infrastructure "server create": _server_create "server delete": _server_delete "server list": _server_list "taskserv create": _taskserv_create "taskserv delete": _taskserv_delete "cluster create": _cluster_create # Workspace "workspace init": _workspace_init "workspace list": _workspace_list "workspace switch": _workspace_switch # Authentication "auth login": _auth_login "mfa enroll": _mfa_enroll # Setup "setup": _setup_wizard # Utilities "help": _help_command "version": _version_command } } _command_registry