prvng_platform/crates/orchestrator/src/lib.rs

#![allow(
    dead_code,
    unused_imports,
    unused_variables,
    unused_assignments,
    unused,
    clippy::excessive_nesting,
    clippy::vec_init_then_push,
    clippy::ptr_arg,
    clippy::result_large_err
)]

// Provisioning Orchestrator Library
// Exports all modules for use in tests and as a library

use serde::{Deserialize, Serialize};

// Core types that are used throughout the library
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WorkflowTask {
    pub id: String,
    pub name: String,
    pub command: String,
    pub args: Vec<String>,
    pub dependencies: Vec<String>,
    pub status: TaskStatus,
    pub created_at: chrono::DateTime<chrono::Utc>,
    pub started_at: Option<chrono::DateTime<chrono::Utc>>,
    pub completed_at: Option<chrono::DateTime<chrono::Utc>>,
    pub output: Option<String>,
    pub error: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum TaskStatus {
    Pending,
    Running,
    Completed,
    Failed,
    Cancelled,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateServerWorkflow {
    pub infra: String,
    pub settings: String,
    pub servers: Vec<String>,
    pub check_mode: bool,
    pub wait: bool,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TaskservWorkflow {
    pub infra: String,
    pub settings: String,
    pub taskserv: String,
    pub operation: String, // create, delete, generate, check-updates
    pub check_mode: bool,
    pub wait: bool,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ClusterWorkflow {
    pub infra: String,
    pub settings: String,
    pub cluster_type: String,
    pub operation: String, // create, delete
    pub check_mode: bool,
    pub wait: bool,
}

/// Validate storage type argument
pub fn validate_storage_type(s: &str) -> Result<String, String> {
    let available_types = storage::available_storage_types();
    if available_types.contains(&s.to_string()) {
        Ok(s.to_string())
    } else {
        Err(format!(
            "Invalid storage type '{}'. Available types: {}",
            s,
            available_types.join(", ")
        ))
    }
}

// CLI arguments structure
#[derive(clap::Parser, Clone)]
#[command(author, version, about = "Multi-service task orchestration and batch workflow engine")]
#[command(long_about = "Orchestrator - Manages distributed task execution, batch workflows, and cluster provisioning with state management and rollback recovery")]
#[command(after_help = "CONFIGURATION HIERARCHY (highest to lowest priority):\n  1. CLI: -c/--config <path> (explicit file)\n  2. CLI: --config-dir <dir> --mode <mode> (directory + mode)\n  3. CLI: --config-dir <dir> (searches for orchestrator.ncl|toml|json)\n  4. CLI: --mode <mode> (searches in provisioning/platform/config/)\n  5. ENV: ORCHESTRATOR_CONFIG (explicit file)\n  6. ENV: PROVISIONING_CONFIG_DIR (searches for orchestrator.ncl|toml|json)\n  7. ENV: ORCHESTRATOR_MODE (mode-based in default path)\n  8. Built-in defaults\n\nEXAMPLES:\n  # Explicit config file\n  orchestrator -c ~/my-config.toml\n\n  # Config directory with mode\n  orchestrator --config-dir ~/configs --mode enterprise\n\n  # Config directory (auto-discover file)\n  orchestrator --config-dir ~/.config/provisioning\n\n  # Via environment variables\n  export ORCHESTRATOR_CONFIG=~/.config/orchestrator.toml\n  orchestrator\n\n  # Mode-based configuration\n  orchestrator --mode solo")]
pub struct Args {
    /// Configuration file path (highest priority)
    ///
    /// Accepts absolute or relative path. Supports .ncl, .toml, and .json formats.
    #[arg(short = 'c', long, env = "ORCHESTRATOR_CONFIG")]
    pub config: Option<std::path::PathBuf>,

    /// Configuration directory (searches for orchestrator.ncl|toml|json)
    ///
    /// Searches for configuration files in order of preference: .ncl > .toml > .json
    /// Can also search for mode-specific files: orchestrator.{mode}.{ncl|toml|json}
    #[arg(long, env = "PROVISIONING_CONFIG_DIR")]
    pub config_dir: Option<std::path::PathBuf>,

    /// Deployment mode (solo, multiuser, cicd, enterprise)
    ///
    /// Determines which configuration profile to use. Searches in:
    /// provisioning/platform/config/orchestrator.{mode}.{ncl|toml}
    #[arg(short = 'm', long, env = "ORCHESTRATOR_MODE")]
    pub mode: Option<String>,

    /// Port to listen on
    #[arg(short = 'p', long, default_value = "9090")]
    pub port: u16,

    /// Data directory for storage
    #[arg(short = 'd', long, default_value = "./data")]
    pub data_dir: String,

    /// Storage backend type
    #[arg(long, default_value = "filesystem", value_parser = validate_storage_type)]
    pub storage_type: String,

    /// SurrealDB server URL (for surrealdb-server mode)
    #[arg(long)]
    pub surrealdb_url: Option<String>,

    /// SurrealDB namespace
    #[arg(long, default_value = "orchestrator")]
    pub surrealdb_namespace: Option<String>,

    /// SurrealDB database name
    #[arg(long, default_value = "tasks")]
    pub surrealdb_database: Option<String>,

    /// SurrealDB username (for surrealdb-server mode)
    #[arg(long)]
    pub surrealdb_username: Option<String>,

    /// SurrealDB password (for surrealdb-server mode)
    #[arg(long)]
    pub surrealdb_password: Option<String>,

    /// Nushell executable path
    #[arg(long, default_value = "nu")]
    pub nu_path: String,

    /// Provisioning script path
    #[arg(long, default_value = "./core/nulib/provisioning")]
    pub provisioning_path: String,
}

// ============================================================================
// Core Modules (Always Available with 'core' feature)
// ============================================================================

pub mod app_state_builder;
pub mod config;
pub mod config_manager;
pub mod middleware;
pub mod orchestrator_state;
pub mod secrets;
pub mod security;
pub mod security_integration;
pub mod services;
pub mod state;
pub mod storage;

// ============================================================================
// Optional Modules (Feature-Gated)
// ============================================================================

// Audit: Security event logging
#[cfg(feature = "audit")]
pub mod audit;

// Workflow: Orchestration, batch jobs, task management
#[cfg(feature = "workflow")]
pub mod batch;

#[cfg(feature = "workflow")]
pub mod dependency;

#[cfg(feature = "workflow")]
pub mod migration;

#[cfg(feature = "workflow")]
pub mod monitor;

#[cfg(feature = "workflow")]
pub mod queue;

#[cfg(feature = "workflow")]
pub mod rollback;

#[cfg(feature = "workflow")]
pub mod workflow;

// Compliance: Policy evaluation and break-glass emergency access
#[cfg(feature = "compliance")]
pub mod break_glass;

#[cfg(feature = "compliance")]
pub mod compliance;

// Platform: Infrastructure integration
#[cfg(feature = "platform")]
pub mod dns;

#[cfg(feature = "platform")]
pub mod extensions;

#[cfg(feature = "platform")]
pub mod oci;

// SSH: SSH key management
#[cfg(feature = "ssh")]
pub mod ssh;

// Testing: Test environment and container management
#[cfg(feature = "testing")]
pub mod container_manager;

#[cfg(feature = "testing")]
pub mod test_environment;

#[cfg(feature = "testing")]
pub mod test_orchestrator;

// Forward declaration for AppState - actual definition is in main.rs
// This allows modules to reference it via crate::AppState

// ============================================================================
// Re-exports - Stable API
// ============================================================================

// Core types (always available)
pub use app_state_builder::{
    create_orchestrator_app_state, DefaultOrchestratorAppStateBuilder, OrchestratorAppStateBuilder,
};
// Feature-gated re-exports
#[cfg(feature = "audit")]
pub use audit::{
    ActionInfo, ActionType, AuditEvent, AuditLogger, AuditLoggerConfig, AuditStatus, AuditStorage,
    AuthorizationInfo, FileStorage, RetentionPolicy, SiemFormat, UserInfo,
};
#[cfg(feature = "compliance")]
pub use break_glass::{
    create_router as create_break_glass_router, Approval, ApprovalConfig, AutoRevokeConfig,
    BreakGlassAuditEvent, BreakGlassConfig, BreakGlassEventType, BreakGlassRequest,
    BreakGlassService, BreakGlassSession, EmergencyAccessToken, Permission, RequestStatus, Role,
    SessionStatus, User,
};
#[cfg(feature = "compliance")]
pub use compliance::{
    compliance_routes, AccessControlConfig, AccessControlMatrix, ComplianceConfig,
    ComplianceHealthStatus, ComplianceService, ComplianceStatus, ControlResult, CriterionResult,
    DataClassification, DataProtection, DataProtectionConfig, DeletionReport, ErasureReason,
    ExportFormat, GdprService, GdprServiceConfig, IncidentResponse, IncidentResponseConfig,
    IncidentResponseService, IncidentSeverity, IncidentType, Iso27001Compliance, Iso27001Config,
    Iso27001Report, PersonalDataExport, ProtectionReport, RiskAssessment, Soc2Compliance,
    Soc2Config, Soc2Report,
};
#[cfg(feature = "platform")]
pub use dns::{CoreDnsClient, DnsManager, DnsRecord, DnsRecordType};
#[cfg(feature = "platform")]
pub use extensions::{
    Extension, ExtensionLoader, ExtensionManager, ExtensionMetadata, ExtensionType,
};
pub use middleware::AuditMiddleware;
#[cfg(feature = "platform")]
pub use oci::{OciArtifact, OciClient, OciManager, OciManifest};
pub use orchestrator_state::{AppState, SharedState};
pub use secrets::{
    create_secrets_router, Credentials, DynamicSecret, RenewRequest, RevokeRequest, SecretMetadata,
    SecretRequest, SecretStats, SecretType, SecretsConfig, SecretsService,
};
pub use security::{
    auth_middleware,
    token_validator::{
        RevocationStats, TokenClaims, TokenType, TokenValidationError, TokenValidator,
        ValidatedToken,
    },
    AuthError, AuthenticatedUser, SecurityContext,
};
pub use services::{HealthStatus, Service, ServiceManager, ServiceOrchestrator, ServiceStatus};
#[cfg(feature = "ssh")]
pub use ssh::{
    create_ssh_routes, SshConfig, SshKeyDeployment, SshKeyManager, SshKeyRequest, SshKeyStats,
    SshKeyType, SshManagerState, TemporalSshKey,
};
pub use storage::traits::TaskStorage;
#[cfg(feature = "testing")]
pub use test_environment::{TestEnvironment, TestEnvironmentConfig, TestEnvironmentType};
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`#![allow(`
			`dead_code,`
			`unused_imports,`
			`unused_variables,`
			`unused_assignments,`
			`unused,`
			`clippy::excessive_nesting,`
			`clippy::vec_init_then_push,`
			`clippy::ptr_arg,`
			`clippy::result_large_err`
			`)]`

			`// Provisioning Orchestrator Library`
			`// Exports all modules for use in tests and as a library`

			`use serde::{Deserialize, Serialize};`

			`// Core types that are used throughout the library`
			`#[derive(Debug, Clone, Serialize, Deserialize)]`
			`pub struct WorkflowTask {`
			`pub id: String,`
			`pub name: String,`
			`pub command: String,`
			`pub args: Vec<String>,`
			`pub dependencies: Vec<String>,`
			`pub status: TaskStatus,`
			`pub created_at: chrono::DateTime<chrono::Utc>,`
			`pub started_at: Option<chrono::DateTime<chrono::Utc>>,`
			`pub completed_at: Option<chrono::DateTime<chrono::Utc>>,`
			`pub output: Option<String>,`
			`pub error: Option<String>,`
			`}`

			`#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]`
			`pub enum TaskStatus {`
			`Pending,`
			`Running,`
			`Completed,`
			`Failed,`
			`Cancelled,`
			`}`

			`#[derive(Debug, Clone, Serialize, Deserialize)]`
			`pub struct CreateServerWorkflow {`
			`pub infra: String,`
			`pub settings: String,`
			`pub servers: Vec<String>,`
			`pub check_mode: bool,`
			`pub wait: bool,`
			`}`

			`#[derive(Debug, Clone, Serialize, Deserialize)]`
			`pub struct TaskservWorkflow {`
			`pub infra: String,`
			`pub settings: String,`
			`pub taskserv: String,`
			`pub operation: String, // create, delete, generate, check-updates`
			`pub check_mode: bool,`
			`pub wait: bool,`
			`}`

			`#[derive(Debug, Clone, Serialize, Deserialize)]`
			`pub struct ClusterWorkflow {`
			`pub infra: String,`
			`pub settings: String,`
			`pub cluster_type: String,`
			`pub operation: String, // create, delete`
			`pub check_mode: bool,`
			`pub wait: bool,`
			`}`

			`/// Validate storage type argument`
			`pub fn validate_storage_type(s: &str) -> Result<String, String> {`
			`let available_types = storage::available_storage_types();`
			`if available_types.contains(&s.to_string()) {`
			`Ok(s.to_string())`
			`} else {`
			`Err(format!(`
			`"Invalid storage type '{}'. Available types: {}",`
			`s,`
			`available_types.join(", ")`
			`))`
			`}`
			`}`

			`// CLI arguments structure`
			`#[derive(clap::Parser, Clone)]`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`#[command(author, version, about = "Multi-service task orchestration and batch workflow engine")]`
			`#[command(long_about = "Orchestrator - Manages distributed task execution, batch workflows, and cluster provisioning with state management and rollback recovery")]`
			#[command(after_help = "CONFIGURATION HIERARCHY (highest to lowest priority):\n 1. CLI: -c/--config <path> (explicit file)\n 2. CLI: --config-dir <dir> --mode <mode> (directory + mode)\n 3. CLI: --config-dir <dir> (searches for orchestrator.ncl\|toml\|json)\n 4. CLI: --mode <mode> (searches in provisioning/platform/config/)\n 5. ENV: ORCHESTRATOR_CONFIG (explicit file)\n 6. ENV: PROVISIONING_CONFIG_DIR (searches for orchestrator.ncl\|toml\|json)\n 7. ENV: ORCHESTRATOR_MODE (mode-based in default path)\n 8. Built-in defaults\n\nEXAMPLES:\n # Explicit config file\n orchestrator -c ~/my-config.toml\n\n # Config directory with mode\n orchestrator --config-dir ~/configs --mode enterprise\n\n # Config directory (auto-discover file)\n orchestrator --config-dir ~/.config/provisioning\n\n # Via environment variables\n export ORCHESTRATOR_CONFIG=~/.config/orchestrator.toml\n orchestrator\n\n # Mode-based configuration\n orchestrator --mode solo")]
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`pub struct Args {`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`/// Configuration file path (highest priority)`
			`///`
			`/// Accepts absolute or relative path. Supports .ncl, .toml, and .json formats.`
			`#[arg(short = 'c', long, env = "ORCHESTRATOR_CONFIG")]`
			`pub config: Option<std::path::PathBuf>,`

			`/// Configuration directory (searches for orchestrator.ncl\|toml\|json)`
			`///`
			`/// Searches for configuration files in order of preference: .ncl > .toml > .json`
			`/// Can also search for mode-specific files: orchestrator.{mode}.{ncl\|toml\|json}`
			`#[arg(long, env = "PROVISIONING_CONFIG_DIR")]`
			`pub config_dir: Option<std::path::PathBuf>,`

			`/// Deployment mode (solo, multiuser, cicd, enterprise)`
			`///`
			`/// Determines which configuration profile to use. Searches in:`
			`/// provisioning/platform/config/orchestrator.{mode}.{ncl\|toml}`
			`#[arg(short = 'm', long, env = "ORCHESTRATOR_MODE")]`
			`pub mode: Option<String>,`

chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`/// Port to listen on`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`#[arg(short = 'p', long, default_value = "9090")]`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`pub port: u16,`

			`/// Data directory for storage`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`#[arg(short = 'd', long, default_value = "./data")]`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`pub data_dir: String,`

			`/// Storage backend type`
			`#[arg(long, default_value = "filesystem", value_parser = validate_storage_type)]`
			`pub storage_type: String,`

			`/// SurrealDB server URL (for surrealdb-server mode)`
			`#[arg(long)]`
			`pub surrealdb_url: Option<String>,`

			`/// SurrealDB namespace`
			`#[arg(long, default_value = "orchestrator")]`
			`pub surrealdb_namespace: Option<String>,`

			`/// SurrealDB database name`
			`#[arg(long, default_value = "tasks")]`
			`pub surrealdb_database: Option<String>,`

			`/// SurrealDB username (for surrealdb-server mode)`
			`#[arg(long)]`
			`pub surrealdb_username: Option<String>,`

			`/// SurrealDB password (for surrealdb-server mode)`
			`#[arg(long)]`
			`pub surrealdb_password: Option<String>,`

			`/// Nushell executable path`
			`#[arg(long, default_value = "nu")]`
			`pub nu_path: String,`

			`/// Provisioning script path`
			`#[arg(long, default_value = "./core/nulib/provisioning")]`
			`pub provisioning_path: String,`
			`}`

			`// ============================================================================`
			`// Core Modules (Always Available with 'core' feature)`
			`// ============================================================================`

			`pub mod app_state_builder;`
			`pub mod config;`
			`pub mod config_manager;`
			`pub mod middleware;`
			`pub mod orchestrator_state;`
			`pub mod secrets;`
			`pub mod security;`
			`pub mod security_integration;`
			`pub mod services;`
			`pub mod state;`
			`pub mod storage;`

			`// ============================================================================`
			`// Optional Modules (Feature-Gated)`
			`// ============================================================================`

			`// Audit: Security event logging`
			`#[cfg(feature = "audit")]`
			`pub mod audit;`

			`// Workflow: Orchestration, batch jobs, task management`
			`#[cfg(feature = "workflow")]`
			`pub mod batch;`

			`#[cfg(feature = "workflow")]`
			`pub mod dependency;`

			`#[cfg(feature = "workflow")]`
			`pub mod migration;`

			`#[cfg(feature = "workflow")]`
			`pub mod monitor;`

			`#[cfg(feature = "workflow")]`
			`pub mod queue;`

			`#[cfg(feature = "workflow")]`
			`pub mod rollback;`

			`#[cfg(feature = "workflow")]`
			`pub mod workflow;`

			`// Compliance: Policy evaluation and break-glass emergency access`
			`#[cfg(feature = "compliance")]`
			`pub mod break_glass;`

			`#[cfg(feature = "compliance")]`
			`pub mod compliance;`

			`// Platform: Infrastructure integration`
			`#[cfg(feature = "platform")]`
			`pub mod dns;`

			`#[cfg(feature = "platform")]`
			`pub mod extensions;`

			`#[cfg(feature = "platform")]`
			`pub mod oci;`

			`// SSH: SSH key management`
			`#[cfg(feature = "ssh")]`
			`pub mod ssh;`

			`// Testing: Test environment and container management`
			`#[cfg(feature = "testing")]`
			`pub mod container_manager;`

			`#[cfg(feature = "testing")]`
			`pub mod test_environment;`

			`#[cfg(feature = "testing")]`
			`pub mod test_orchestrator;`

			`// Forward declaration for AppState - actual definition is in main.rs`
			`// This allows modules to reference it via crate::AppState`

			`// ============================================================================`
			`// Re-exports - Stable API`
			`// ============================================================================`

			`// Core types (always available)`
			`pub use app_state_builder::{`
			`create_orchestrator_app_state, DefaultOrchestratorAppStateBuilder, OrchestratorAppStateBuilder,`
			`};`
			`// Feature-gated re-exports`
			`#[cfg(feature = "audit")]`
			`pub use audit::{`
			`ActionInfo, ActionType, AuditEvent, AuditLogger, AuditLoggerConfig, AuditStatus, AuditStorage,`
			`AuthorizationInfo, FileStorage, RetentionPolicy, SiemFormat, UserInfo,`
			`};`
			`#[cfg(feature = "compliance")]`
			`pub use break_glass::{`
			`create_router as create_break_glass_router, Approval, ApprovalConfig, AutoRevokeConfig,`
			`BreakGlassAuditEvent, BreakGlassConfig, BreakGlassEventType, BreakGlassRequest,`
			`BreakGlassService, BreakGlassSession, EmergencyAccessToken, Permission, RequestStatus, Role,`
			`SessionStatus, User,`
			`};`
			`#[cfg(feature = "compliance")]`
			`pub use compliance::{`
			`compliance_routes, AccessControlConfig, AccessControlMatrix, ComplianceConfig,`
			`ComplianceHealthStatus, ComplianceService, ComplianceStatus, ControlResult, CriterionResult,`
			`DataClassification, DataProtection, DataProtectionConfig, DeletionReport, ErasureReason,`
			`ExportFormat, GdprService, GdprServiceConfig, IncidentResponse, IncidentResponseConfig,`
			`IncidentResponseService, IncidentSeverity, IncidentType, Iso27001Compliance, Iso27001Config,`
			`Iso27001Report, PersonalDataExport, ProtectionReport, RiskAssessment, Soc2Compliance,`
			`Soc2Config, Soc2Report,`
			`};`
			`#[cfg(feature = "platform")]`
			`pub use dns::{CoreDnsClient, DnsManager, DnsRecord, DnsRecordType};`
			`#[cfg(feature = "platform")]`
			`pub use extensions::{`
			`Extension, ExtensionLoader, ExtensionManager, ExtensionMetadata, ExtensionType,`
			`};`
			`pub use middleware::AuditMiddleware;`
			`#[cfg(feature = "platform")]`
			`pub use oci::{OciArtifact, OciClient, OciManager, OciManifest};`
			`pub use orchestrator_state::{AppState, SharedState};`
			`pub use secrets::{`
			`create_secrets_router, Credentials, DynamicSecret, RenewRequest, RevokeRequest, SecretMetadata,`
			`SecretRequest, SecretStats, SecretType, SecretsConfig, SecretsService,`
			`};`
			`pub use security::{`
			`auth_middleware,`
			`token_validator::{`
			`RevocationStats, TokenClaims, TokenType, TokenValidationError, TokenValidator,`
			`ValidatedToken,`
			`},`
			`AuthError, AuthenticatedUser, SecurityContext,`
			`};`
			`pub use services::{HealthStatus, Service, ServiceManager, ServiceOrchestrator, ServiceStatus};`
			`#[cfg(feature = "ssh")]`
			`pub use ssh::{`
			`create_ssh_routes, SshConfig, SshKeyDeployment, SshKeyManager, SshKeyRequest, SshKeyStats,`
			`SshKeyType, SshManagerState, TemporalSshKey,`
			`};`
			`pub use storage::traits::TaskStorage;`
			`#[cfg(feature = "testing")]`
			`pub use test_environment::{TestEnvironment, TestEnvironmentConfig, TestEnvironmentType};`