2026-01-08 21:32:59 +00:00
|
|
|
|
2025-10-07 10:59:52 +01:00
|
|
|
[workspace]
|
|
|
|
|
members = [
|
2026-01-12 05:07:30 +00:00
|
|
|
"crates/platform-config",
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
"crates/platform-nats",
|
|
|
|
|
"crates/platform-db",
|
2026-01-12 05:07:30 +00:00
|
|
|
"crates/service-clients",
|
|
|
|
|
"crates/ai-service",
|
|
|
|
|
"crates/extension-registry",
|
|
|
|
|
"crates/orchestrator",
|
|
|
|
|
"crates/control-center",
|
|
|
|
|
"crates/control-center-ui",
|
|
|
|
|
"crates/vault-service",
|
|
|
|
|
"crates/mcp-server",
|
2026-05-12 03:13:17 +01:00
|
|
|
# lifted: "crates/backup-manager" → cloudatasave (LibreCloud/cloudDataSave) — adr-041
|
|
|
|
|
# archived: "crates/detector" → archive/detector (no dependents, stale since Jan 2026)
|
2026-02-04 01:02:18 +00:00
|
|
|
"prov-ecosystem/crates/machines",
|
|
|
|
|
"prov-ecosystem/crates/encrypt",
|
|
|
|
|
"prov-ecosystem/crates/backup",
|
|
|
|
|
"prov-ecosystem/crates/observability",
|
2026-05-12 03:13:17 +01:00
|
|
|
"crates/ncl-sync",
|
|
|
|
|
"crates/prvng-cli",
|
|
|
|
|
"crates/provisioning-core",
|
|
|
|
|
"crates/provisioning-tool",
|
|
|
|
|
"crates/provisioning-daemon",
|
|
|
|
|
"crates/contract-tests",
|
|
|
|
|
"crates/extension-manager",
|
|
|
|
|
"crates/ops-keeper",
|
|
|
|
|
"crates/audit-mirror",
|
|
|
|
|
"crates/ops-controller",
|
|
|
|
|
# lifted: "crates/buildkit-launcher" → lian-build — adr-040
|
2025-10-07 10:59:52 +01:00
|
|
|
]
|
2026-02-04 01:02:18 +00:00
|
|
|
|
|
|
|
|
exclude = [
|
2026-05-12 03:13:17 +01:00
|
|
|
# archived: syntaxis/ → archive/syntaxis (Jan 2026, all refs commented out)
|
|
|
|
|
# archived: stratumiops/ → archive/stratumiops (Jan 2026, workspace uses canonical ../../../Development/stratumiops)
|
2026-02-04 01:02:18 +00:00
|
|
|
"prov-ecosystem/crates/syntaxis-integration",
|
|
|
|
|
"prov-ecosystem/crates/audit",
|
|
|
|
|
"prov-ecosystem/crates/valida",
|
|
|
|
|
"prov-ecosystem/crates/runtime",
|
|
|
|
|
"prov-ecosystem/crates/gitops",
|
2026-05-12 03:13:17 +01:00
|
|
|
# nu-daemon + daemon-cli are excluded: nu-command@0.110.0 (via nushell feature) pins
|
|
|
|
|
# rustls=0.23.28, hard conflict with surrealdb@3 (requires ^0.23.36). Not resolvable
|
|
|
|
|
# until nu-command relaxes its rustls pin. Build standalone: cargo build -p nu-daemon
|
|
|
|
|
"crates/nu-daemon",
|
|
|
|
|
"prov-ecosystem/crates/daemon-cli",
|
2026-02-04 01:02:18 +00:00
|
|
|
]
|
|
|
|
|
|
2026-01-12 05:07:30 +00:00
|
|
|
resolver = "2"
|
2025-10-07 10:59:52 +01:00
|
|
|
|
2026-01-12 05:07:30 +00:00
|
|
|
[workspace.package]
|
|
|
|
|
authors = ["Jesus Perez <jesus@librecloud.online>"]
|
|
|
|
|
edition = "2021"
|
|
|
|
|
license = "MIT"
|
|
|
|
|
repository = "https://github.com/jesusperezlorenzo/provisioning"
|
2026-01-14 03:20:59 +00:00
|
|
|
version = "1.0.11"
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
[workspace.dependencies]
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# SHARED ASYNC RUNTIME AND CORE LIBRARIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
async-trait = "0.1"
|
|
|
|
|
futures = "0.3"
|
|
|
|
|
tokio = { version = "1.49", features = ["full"] }
|
|
|
|
|
tokio-util = "0.7"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# SERIALIZATION AND DATA HANDLING
|
|
|
|
|
# ============================================================================
|
|
|
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
|
|
|
serde = { version = "1.0", features = ["derive"] }
|
|
|
|
|
serde_json = "1.0"
|
|
|
|
|
toml = "0.9"
|
2026-02-04 01:02:18 +00:00
|
|
|
uuid = { version = "1.20", features = ["v4", "serde"] }
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# ERROR HANDLING
|
|
|
|
|
# ============================================================================
|
|
|
|
|
anyhow = "1.0"
|
|
|
|
|
thiserror = "2.0"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# LOGGING AND TRACING
|
|
|
|
|
# ============================================================================
|
|
|
|
|
log = "0.4"
|
|
|
|
|
tracing = "0.1"
|
|
|
|
|
tracing-appender = "0.2"
|
|
|
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# WEB SERVER AND NETWORKING
|
|
|
|
|
# ============================================================================
|
|
|
|
|
axum = { version = "0.8", features = ["ws", "macros"] }
|
|
|
|
|
hyper = "1.8"
|
|
|
|
|
reqwest = { version = "0.13", features = ["json", "rustls"], default-features = false }
|
|
|
|
|
tower = { version = "0.5", features = ["full"] }
|
|
|
|
|
tower-http = { version = "0.6", features = [
|
|
|
|
|
"cors",
|
|
|
|
|
"trace",
|
|
|
|
|
"fs",
|
|
|
|
|
"compression-gzip",
|
|
|
|
|
"timeout",
|
|
|
|
|
] }
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# CLI AND CONFIGURATION
|
|
|
|
|
# ============================================================================
|
|
|
|
|
clap = { version = "4.5", features = ["derive", "env"] }
|
|
|
|
|
config = "0.15"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# DATABASE AND STORAGE
|
|
|
|
|
# ============================================================================
|
|
|
|
|
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "chrono", "uuid"] }
|
2026-05-12 03:13:17 +01:00
|
|
|
# kv-surrealkv: core relational/graph (orchestrator state, control-center)
|
|
|
|
|
# kv-rocksdb: hot data (embeddings cache, audit logs) — via platform-db embedded-rocksdb feature
|
|
|
|
|
# rustls excluded: nu-command@0.110.0 pins rustls=0.23.28, SurrealDB 3 requires ^0.23.36 (conflict)
|
|
|
|
|
# TLS for remote connections is handled at the proxy layer (nginx/Caddy) in production.
|
|
|
|
|
surrealdb = { version = "3", features = ["kv-mem", "kv-surrealkv", "protocol-ws"], default-features = false }
|
2026-01-12 05:07:30 +00:00
|
|
|
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
# ============================================================================
|
|
|
|
|
# MESSAGING (NATS)
|
|
|
|
|
# ============================================================================
|
2026-05-12 03:13:17 +01:00
|
|
|
async-nats = "0.46"
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
|
2026-01-12 05:07:30 +00:00
|
|
|
# ============================================================================
|
|
|
|
|
# SECURITY AND CRYPTOGRAPHY
|
|
|
|
|
# ============================================================================
|
|
|
|
|
aes-gcm = "0.10"
|
|
|
|
|
argon2 = "0.5"
|
|
|
|
|
base64 = "0.22"
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
git2 = { version = "0.20", default-features = false, features = ["https", "ssh"] }
|
2026-01-12 05:07:30 +00:00
|
|
|
hmac = "0.12"
|
2026-05-12 03:13:17 +01:00
|
|
|
jsonwebtoken = { version = "10.3", default-features = false, features = ["aws_lc_rs"] }
|
2026-01-12 05:07:30 +00:00
|
|
|
rand = { version = "0.9", features = ["std_rng", "os_rng"] }
|
|
|
|
|
ring = "0.17"
|
|
|
|
|
sha2 = "0.10"
|
|
|
|
|
|
|
|
|
|
# AWS SDK for KMS
|
|
|
|
|
aws-config = "1"
|
|
|
|
|
aws-credential-types = "1"
|
|
|
|
|
aws-sdk-kms = "1"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# VALIDATION AND REGEX
|
|
|
|
|
# ============================================================================
|
|
|
|
|
regex = "1.12"
|
|
|
|
|
validator = { version = "0.20", features = ["derive"] }
|
2026-05-12 03:13:17 +01:00
|
|
|
globset = "0.4"
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# GRAPH ALGORITHMS AND UTILITIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
petgraph = "0.8"
|
|
|
|
|
|
2026-05-12 03:13:17 +01:00
|
|
|
# ============================================================================
|
|
|
|
|
# CONCURRENT DATA STRUCTURES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
dashmap = "6"
|
|
|
|
|
|
2026-01-12 05:07:30 +00:00
|
|
|
# ============================================================================
|
|
|
|
|
# ADDITIONAL SHARED DEPENDENCIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
|
|
|
|
|
# System utilities
|
|
|
|
|
dirs = "6.0"
|
|
|
|
|
|
|
|
|
|
# Filesystem operations
|
|
|
|
|
notify = "8.2"
|
|
|
|
|
walkdir = "2.5"
|
|
|
|
|
|
|
|
|
|
# Statistics and templates
|
|
|
|
|
statistics = "0.4"
|
|
|
|
|
tera = "1.20"
|
|
|
|
|
|
|
|
|
|
# Additional cryptography
|
|
|
|
|
hkdf = "0.12"
|
2026-02-04 01:02:18 +00:00
|
|
|
rsa = "0.9.10"
|
2026-01-12 05:07:30 +00:00
|
|
|
zeroize = { version = "1.8", features = ["derive"] }
|
|
|
|
|
|
|
|
|
|
# Additional security
|
|
|
|
|
constant_time_eq = "0.4"
|
|
|
|
|
subtle = "2.6"
|
|
|
|
|
|
|
|
|
|
# Caching and storage
|
|
|
|
|
redis = { version = "1.0", features = ["tokio-comp", "connection-manager"] }
|
|
|
|
|
|
|
|
|
|
# Tower services
|
|
|
|
|
tower-service = "0.3"
|
|
|
|
|
tower_governor = "0.8"
|
|
|
|
|
|
|
|
|
|
# Scheduling
|
|
|
|
|
cron = "0.15"
|
|
|
|
|
tokio-cron-scheduler = "0.15"
|
|
|
|
|
|
|
|
|
|
# Policy engine
|
|
|
|
|
cedar-policy = "4.8"
|
|
|
|
|
|
|
|
|
|
# URL handling
|
|
|
|
|
url = "2.5"
|
|
|
|
|
|
|
|
|
|
# Icons and UI
|
|
|
|
|
icondata = "0.7"
|
|
|
|
|
leptos_icons = "0.7"
|
|
|
|
|
|
|
|
|
|
# Image processing
|
|
|
|
|
image = { version = "0.25", default-features = false, features = ["png"] }
|
|
|
|
|
qrcode = "0.14"
|
|
|
|
|
|
|
|
|
|
# Authentication
|
|
|
|
|
hex = "0.4"
|
|
|
|
|
lazy_static = "1.5"
|
|
|
|
|
totp-rs = { version = "5.7", features = ["qr"] }
|
|
|
|
|
webauthn-rs = "0.5"
|
|
|
|
|
webauthn-rs-proto = "0.5"
|
|
|
|
|
|
|
|
|
|
# Additional serialization
|
|
|
|
|
serde-wasm-bindgen = "0.6"
|
|
|
|
|
|
|
|
|
|
# Gloo utilities (for WASM)
|
|
|
|
|
gloo-net = { version = "0.6", features = ["http", "websocket"] }
|
|
|
|
|
gloo-storage = "0.3"
|
|
|
|
|
gloo-timers = "0.3"
|
|
|
|
|
gloo-utils = { version = "0.2", features = ["serde"] }
|
|
|
|
|
|
|
|
|
|
# Plotting and canvas
|
|
|
|
|
plotters = "0.3"
|
|
|
|
|
plotters-canvas = "0.3"
|
|
|
|
|
|
|
|
|
|
# WASM utilities
|
|
|
|
|
console_error_panic_hook = "0.1"
|
|
|
|
|
js-sys = "0.3"
|
|
|
|
|
tracing-wasm = "0.2"
|
|
|
|
|
wasm-bindgen-futures = "0.4"
|
|
|
|
|
|
|
|
|
|
# Random number generation
|
2026-02-04 01:02:18 +00:00
|
|
|
getrandom = { version = "0.4" }
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# TUI (Terminal User Interface)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
crossterm = "0.29"
|
|
|
|
|
ratatui = { version = "0.30", features = ["all-widgets", "serde"] }
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# WASM AND FRONTEND DEPENDENCIES (for control-center-ui)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
leptos = { version = "0.8", features = ["csr"] }
|
|
|
|
|
leptos_meta = { version = "0.8", features = ["default"] }
|
|
|
|
|
leptos_router = { version = "0.8" }
|
|
|
|
|
wasm-bindgen = "0.2"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# DEVELOPMENT AND TESTING DEPENDENCIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
assert_matches = "1.5"
|
|
|
|
|
criterion = { version = "0.8", features = ["html_reports"] }
|
|
|
|
|
mockito = "1"
|
|
|
|
|
tempfile = "3.24"
|
|
|
|
|
tokio-test = "0.4"
|
|
|
|
|
|
|
|
|
|
# Additional caching and binary discovery
|
|
|
|
|
lru = "0.16"
|
|
|
|
|
parking_lot = "0.12"
|
|
|
|
|
which = "8"
|
|
|
|
|
yaml-rust = "0.4"
|
2026-02-04 01:02:18 +00:00
|
|
|
humantime-serde = "1.1"
|
|
|
|
|
|
|
|
|
|
# Metrics
|
|
|
|
|
prometheus = "0.14"
|
|
|
|
|
|
|
|
|
|
approx = "0.5"
|
|
|
|
|
|
|
|
|
|
# Utilities
|
|
|
|
|
xxhash-rust = { version = "0.8", features = ["xxh3"] }
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
2026-05-12 03:13:17 +01:00
|
|
|
# RAG AND TEXT PROCESSING
|
2026-01-12 05:07:30 +00:00
|
|
|
# ============================================================================
|
|
|
|
|
tokenizers = "0.22"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
2026-02-04 01:02:18 +00:00
|
|
|
# STRATUM ECOSYSTEM DEPENDENCIES (for RAG embeddings & LLM)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
moka = { version = "0.12", features = ["future"] }
|
|
|
|
|
sled = "0.34"
|
2026-05-12 03:13:17 +01:00
|
|
|
fastembed = "5.11"
|
|
|
|
|
lancedb = "0.26"
|
2026-02-04 01:02:18 +00:00
|
|
|
arrow = "=56"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# INTERNAL WORKSPACE CRATES (Local path dependencies)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
platform-config = { path = "./crates/platform-config" }
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
platform-nats = { path = "./crates/platform-nats" }
|
|
|
|
|
platform-db = { path = "./crates/platform-db" }
|
2026-05-12 03:13:17 +01:00
|
|
|
platform-clients = { path = "./crates/service-clients" }
|
|
|
|
|
platform-rag = { path = "./crates/rag" }
|
|
|
|
|
provisioning-mcp = { path = "./crates/mcp-server" }
|
2026-02-04 01:02:18 +00:00
|
|
|
ai-service = { path = "./crates/ai-service" }
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# PROV-ECOSYSTEM (Now members of workspace)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
daemon-cli = { path = "./prov-ecosystem/crates/daemon-cli" }
|
2026-05-12 03:13:17 +01:00
|
|
|
platform-machines = { path = "./prov-ecosystem/crates/machines" }
|
|
|
|
|
platform-encrypt = { path = "./prov-ecosystem/crates/encrypt" }
|
|
|
|
|
platform-backup = { path = "./prov-ecosystem/crates/backup" }
|
|
|
|
|
platform-observability = { path = "./prov-ecosystem/crates/observability" }
|
2026-02-04 01:02:18 +00:00
|
|
|
init-servs = { path = "./prov-ecosystem/crates/init-servs" }
|
|
|
|
|
|
2026-05-12 03:13:17 +01:00
|
|
|
# ============================================================================
|
|
|
|
|
# ONTOREF PROTOCOL ADOPTION (API catalog surface — Phase 4)
|
|
|
|
|
# ============================================================================
|
|
|
|
|
ontoref-ontology = { path = "../../ontoref/crates/ontoref-ontology", features = ["derive"] }
|
|
|
|
|
ontoref-derive = { path = "../../ontoref/crates/ontoref-derive" }
|
|
|
|
|
inventory = "0.3"
|
|
|
|
|
|
|
|
|
|
# Stratum ecosystem — sourced from canonical stratumiops repo (SurrealDB v3 throughout)
|
|
|
|
|
stratum-embeddings = { path = "../../stratumiops/crates/stratum-embeddings", features = ["openai-provider", "ollama-provider", "fastembed-provider", "memory-cache"] }
|
|
|
|
|
stratum-llm = { path = "../../stratumiops/crates/stratum-llm", features = ["anthropic", "openai", "ollama"] }
|
|
|
|
|
stratum-graph = { path = "../../stratumiops/crates/stratum-graph" }
|
|
|
|
|
stratum-state = { path = "../../stratumiops/crates/stratum-state" }
|
2026-02-04 01:02:18 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement
New crates
- platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
subject prefixing under provisioning.>, 6 stream definitions on startup
- platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL
Service integrations
- orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
- control-center: solo_auth_middleware (intentional bypass, --mode solo only),
NATS session events, WebSocket bridge via JetStream subscription (no polling)
- vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
SurrealDB storage backend with MVCC retry + exponential backoff
- secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
- extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
cache invalidation via provisioning.workspace.*.deploy.done
Clippy workspace clean
cargo clippy --workspace -- -D warnings: 0 errors
Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
(let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00
|
|
|
# SECRETUMVAULT (Enterprise Secrets Management - canonical source)
|
2026-02-04 01:02:18 +00:00
|
|
|
# ============================================================================
|
2026-05-12 03:13:17 +01:00
|
|
|
secretumvault = { path = "../../secretumvault", features = ["surrealdb-storage", "filesystem", "server", "cedar"] }
|
2026-02-04 01:02:18 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# WASM/WEB-SPECIFIC DEPENDENCIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
web-sys = { version = "0.3", features = [
|
|
|
|
|
"console",
|
|
|
|
|
"Window",
|
|
|
|
|
"Document",
|
|
|
|
|
"Element",
|
|
|
|
|
"HtmlElement",
|
|
|
|
|
"HtmlCanvasElement",
|
|
|
|
|
"CanvasRenderingContext2d",
|
|
|
|
|
"EventTarget",
|
|
|
|
|
"Event",
|
|
|
|
|
"DragEvent",
|
|
|
|
|
"DataTransfer",
|
|
|
|
|
"HtmlInputElement",
|
|
|
|
|
"HtmlSelectElement",
|
|
|
|
|
"HtmlTextAreaElement",
|
|
|
|
|
"HtmlButtonElement",
|
|
|
|
|
"HtmlDivElement",
|
|
|
|
|
"Storage",
|
|
|
|
|
"Location",
|
|
|
|
|
"History",
|
|
|
|
|
"Navigator",
|
|
|
|
|
"ServiceWorkerRegistration",
|
|
|
|
|
"ServiceWorker",
|
|
|
|
|
"NotificationPermission",
|
|
|
|
|
"Notification",
|
|
|
|
|
"Headers",
|
|
|
|
|
"Request",
|
|
|
|
|
"RequestInit",
|
|
|
|
|
"RequestMode",
|
|
|
|
|
"Response",
|
|
|
|
|
"AbortController",
|
|
|
|
|
"AbortSignal",
|
|
|
|
|
"WebSocket",
|
|
|
|
|
"MessageEvent",
|
|
|
|
|
"CloseEvent",
|
|
|
|
|
"ErrorEvent",
|
|
|
|
|
"Blob",
|
|
|
|
|
"Url",
|
|
|
|
|
"FileReader",
|
|
|
|
|
"File",
|
|
|
|
|
"HtmlAnchorElement",
|
|
|
|
|
"MouseEvent",
|
|
|
|
|
"TouchEvent",
|
|
|
|
|
"KeyboardEvent",
|
|
|
|
|
"ResizeObserver",
|
|
|
|
|
"ResizeObserverEntry",
|
|
|
|
|
"IntersectionObserver",
|
|
|
|
|
"IntersectionObserverEntry",
|
|
|
|
|
"MediaQueryList",
|
|
|
|
|
"MediaQueryListEvent",
|
|
|
|
|
"CredentialsContainer",
|
|
|
|
|
"PublicKeyCredential",
|
|
|
|
|
"PublicKeyCredentialCreationOptions",
|
|
|
|
|
"PublicKeyCredentialRequestOptions",
|
|
|
|
|
"AuthenticatorResponse",
|
|
|
|
|
"AuthenticatorAttestationResponse",
|
|
|
|
|
"AuthenticatorAssertionResponse",
|
|
|
|
|
"Crypto",
|
|
|
|
|
"SubtleCrypto",
|
|
|
|
|
"CryptoKey",
|
|
|
|
|
] }
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
2026-02-04 01:02:18 +00:00
|
|
|
# ADDITIONAL MISSING DEPENDENCIES (Not in original workspace)
|
2026-01-12 05:07:30 +00:00
|
|
|
# ============================================================================
|
2026-02-04 01:02:18 +00:00
|
|
|
ed25519-dalek = "2.2"
|
|
|
|
|
http-body-util = "0.1"
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# BYTES MANIPULATION
|
|
|
|
|
# ============================================================================
|
2026-02-04 01:02:18 +00:00
|
|
|
bytes = "1.11"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# HTTP AND PROTOCOL UTILITIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
http = "1"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# CONTAINER MANAGEMENT AND SSH
|
|
|
|
|
# ============================================================================
|
|
|
|
|
bollard = "0.20"
|
|
|
|
|
russh = "0.57"
|
|
|
|
|
russh-keys = "0.49"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# SECRETS MANAGEMENT
|
|
|
|
|
# ============================================================================
|
|
|
|
|
age = "0.11"
|
|
|
|
|
rusty_vault = "0.2.1"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# ADDITIONAL DATA FORMAT SERIALIZATION
|
|
|
|
|
# ============================================================================
|
|
|
|
|
serde_yaml = "0.9"
|
|
|
|
|
|
|
|
|
|
# ============================================================================
|
|
|
|
|
# PATH AND SHELL UTILITIES
|
|
|
|
|
# ============================================================================
|
|
|
|
|
shellexpand = "3.1"
|
2026-01-12 05:07:30 +00:00
|
|
|
|
|
|
|
|
[workspace.metadata]
|
|
|
|
|
description = "Provisioning Platform - Rust workspace for cloud infrastructure automation tools"
|
2025-10-07 10:59:52 +01:00
|
|
|
|
|
|
|
|
# Profile configurations shared across all workspace members
|
|
|
|
|
[profile.dev]
|
2026-01-12 05:07:30 +00:00
|
|
|
codegen-units = 256
|
2025-10-07 10:59:52 +01:00
|
|
|
debug = true
|
|
|
|
|
debug-assertions = true
|
2026-01-12 05:07:30 +00:00
|
|
|
incremental = true
|
2025-10-07 10:59:52 +01:00
|
|
|
lto = false
|
2026-01-12 05:07:30 +00:00
|
|
|
opt-level = 0
|
|
|
|
|
overflow-checks = true
|
2025-10-07 10:59:52 +01:00
|
|
|
panic = 'unwind'
|
|
|
|
|
|
|
|
|
|
[profile.release]
|
|
|
|
|
codegen-units = 1
|
2026-01-12 05:07:30 +00:00
|
|
|
lto = true
|
|
|
|
|
opt-level = 3
|
2025-10-07 10:59:52 +01:00
|
|
|
panic = "abort"
|
|
|
|
|
strip = "debuginfo"
|
|
|
|
|
|
|
|
|
|
# Fast release profile for development
|
|
|
|
|
[profile.dev-release]
|
2026-01-12 05:07:30 +00:00
|
|
|
debug = true
|
2025-10-07 10:59:52 +01:00
|
|
|
inherits = "release"
|
|
|
|
|
lto = "thin"
|
2026-01-12 05:07:30 +00:00
|
|
|
opt-level = 2
|
2025-10-07 10:59:52 +01:00
|
|
|
|
|
|
|
|
# Profile for benchmarks
|
|
|
|
|
[profile.bench]
|
|
|
|
|
debug = true
|
2026-01-12 05:07:30 +00:00
|
|
|
inherits = "release"
|