chore: fix confit

2026-02-17 23:59:15 +00:00 · 2026-02-17 23:59:15 +00:00 · d2a48fb549
commit d2a48fb549
parent 93b0e5225c
44 changed files with 78 additions and 3749 deletions
--- a/config/README.md
+++ b/config/README.md
@ -1,109 +0,0 @@
-# Platform Service Configuration Files
-
-This directory contains **16 production-ready TOML configuration files** generated from Nickel schemas
-for all platform services across all deployment modes.
-
-## Generated Files
-
-**4 Services × 4 Deployment Modes = 16 Configuration Files**
-
-```toml
-orchestrator.{solo,multiuser,cicd,enterprise}.toml       (2.2 kB each)
-control-center.{solo,multiuser,cicd,enterprise}.toml     (3.4 kB each)
-mcp-server.{solo,multiuser,cicd,enterprise}.toml         (2.7 kB each)
-installer.{solo,multiuser,cicd,enterprise}.toml          (2.5 kB each)
-```
-
-**Total**: ~45 KB, all validated and ready for deployment
-
-## Deployment Modes
-
-| Mode | Resources | Database | Use Case | Load |
-| ------ | ----------- | ---------- | ---------- | ------ |
-| **solo** | 2 CPU, 4 GB | Embedded | Development | `ORCHESTRATOR_MODE=solo` |
-| **multiuser** | 4 CPU, 8 GB | PostgreSQL/SurrealDB | Team Staging | `ORCHESTRATOR_MODE=multiuser` |
-| **cicd** | 8 CPU, 16 GB | Ephemeral | CI/CD Pipelines | `ORCHESTRATOR_MODE=cicd` |
-| **enterprise** | 16+ CPU, 32+ GB | SurrealDB HA | Production | `ORCHESTRATOR_MODE=enterprise` |
-
-## Quick Start
-
-### Load a configuration mode
-
-```toml
-# Solo mode (single developer)
-export ORCHESTRATOR_MODE=solo
-export CONTROL_CENTER_MODE=solo
-
-# Multiuser mode (team development)
-export ORCHESTRATOR_MODE=multiuser
-export CONTROL_CENTER_MODE=multiuser
-
-# Enterprise mode (production HA)
-export ORCHESTRATOR_MODE=enterprise
-export CONTROL_CENTER_MODE=enterprise
-```
-
-### Override individual fields
-
-```javascript
-export ORCHESTRATOR_SERVER_WORKERS=8
-export ORCHESTRATOR_SERVER_PORT=9090
-export CONTROL_CENTER_REQUIRE_MFA=true
-```
-
-## Configuration Loading Hierarchy
-
-Each service loads configuration with this priority:
-
-1. **Explicit path** — `{SERVICE}_CONFIG` environment variable
-2. **Mode-specific** — `{SERVICE}_MODE` → `provisioning/platform/config/{service}.{mode}.toml`
-3. **Legacy** — `config.user.toml` (backward compatibility)
-4. **Defaults** — `config.defaults.toml` or built-in
-5. **Field overrides** — `{SERVICE}_*` environment variables
-
-## Docker Compose Integration
-
-```javascript
-export DEPLOYMENT_MODE=multiuser
-docker-compose -f provisioning/platform/infrastructure/docker/docker-compose.yml up
-```
-
-## Kubernetes Integration
-
-```yaml
-# Load enterprise mode configs into K8s
-kubectl create configmap orchestrator-config 
-  --from-file=provisioning/platform/config/orchestrator.enterprise.toml
-```
-
-## Validation
-
-Verify all configs parse correctly:
-
-```toml
-for file in *.toml; do
-    nu -c "open '$file'" && echo "✅ $file" || echo "❌ $file"
-done
-```
-
-## Structure
-
- **orchestrator.*.toml** — Workflow engine configuration
- **control-center.*.toml** — Policy/RBAC backend configuration
- **mcp-server.*.toml** — MCP server configuration
- **installer.*.toml** — Installation/bootstrap configuration
-
-Each file contains service-specific settings for networking, storage, security, logging, and monitoring.
-
-## Related Documentation
-
- **Configuration workflow**: `provisioning/.typedialog/provisioning/platform/configuration-workflow.md`
- **Usage guide**: `provisioning/.typedialog/provisioning/platform/usage-guide.md`
- **Schema definitions**: `provisioning/.typedialog/provisioning/platform/schemas/`
- **Default values**: `provisioning/.typedialog/provisioning/platform/defaults/`
-
-## Generated By
-
-**Framework**: TypeDialog + Nickel Configuration System
-**Date**: 2026-01-05
-**Status**: ✅ Production Ready
--- a/config/coredns/Corefile
+++ b/config/coredns/Corefile
@ -1,32 +0,0 @@
-# CoreDNS Configuration for Provisioning Platform
-# Provides local DNS resolution for services
-
-.:5353 {
-    # Forward to upstream DNS
-    forward . 8.8.8.8 8.8.4.4
-
-    # Logging
-    log
-
-    # Error handling
-    errors
-
-    # Cache
-    cache 30
-}
-
-provisioning.local:5353 {
-    # Local zone file
-    file /zones/provisioning.zone
-
-    # Logging
-    log
-
-    # Error handling
-    errors
-}
-
-# Health check zone
-health.check:5353 {
-    whoami
-}
--- a/config/coredns/zones/provisioning.zone
+++ b/config/coredns/zones/provisioning.zone
@ -1,26 +0,0 @@
-$ORIGIN provisioning.local.
-$TTL 3600
-
-@ IN SOA ns.provisioning.local. admin.provisioning.local. (
-    2024100601 ; Serial
-    3600       ; Refresh
-    1800       ; Retry
-    604800     ; Expire
-    86400      ; Minimum TTL
-)
-
-@ IN NS ns.provisioning.local.
-
-ns                  IN A     127.0.0.1
-orchestrator        IN A     127.0.0.1
-control-center      IN A     127.0.0.1
-gitea               IN A     127.0.0.1
-oci-registry        IN A     127.0.0.1
-mcp-server          IN A     127.0.0.1
-api-gateway         IN A     127.0.0.1
-
-; Service discovery
-api                 IN CNAME orchestrator.provisioning.local.
-ui                  IN CNAME control-center.provisioning.local.
-git                 IN CNAME gitea.provisioning.local.
-registry            IN CNAME oci-registry.provisioning.local.
--- a/config/examples/README.md
+++ b/config/examples/README.md
@ -1,201 +0,0 @@
-# Platform Configuration Examples
-
-This directory contains example Nickel files demonstrating how to generate platform configurations for different deployment modes.
-
-## File Structure
-
-```bash
-examples/
-├── README.md                           # This file
-├── orchestrator.solo.example.ncl        # Solo deployment (1 CPU, 1GB memory)
-├── orchestrator.multiuser.example.ncl   # Multiuser deployment (2 CPU, 2GB memory, HA)
-├── orchestrator.enterprise.example.ncl  # Enterprise deployment (4 CPU, 4GB memory, 3 replicas)
-└── control-center.solo.example.ncl      # Control Center solo deployment
-```
-
-## Usage
-
-To generate actual TOML configuration from an example:
-
-```toml
-# Export to TOML (placed in runtime/generated/)
-nickel export --format toml examples/orchestrator.solo.example.ncl > runtime/generated/orchestrator.solo.toml
-
-# Export to JSON for inspection
-nickel export --format json examples/orchestrator.solo.example.ncl | jq .
-
-# Type check example
-nickel typecheck examples/orchestrator.solo.example.ncl
-```
-
-## Key Concepts
-
-### 1. Schemas Reference
-All examples import from the schema library:
- `provisioning/schemas/platform/schemas/orchestrator.ncl`
- `provisioning/schemas/platform/defaults/orchestrator-defaults.ncl`
-
-### 2. Mode-Based Composition
-Each example uses composition helpers to overlay mode-specific settings:
-
-```javascript
-let helpers = import "../../schemas/platform/common/helpers.ncl" in
-let defaults = import "../../schemas/platform/defaults/orchestrator-defaults.ncl" in
-let mode = import "../../schemas/platform/defaults/deployment/solo-defaults.ncl" in
-
-helpers.compose_config defaults mode {
-  # User-specific overrides here
-}
-```
-
-### 3. ConfigLoader Integration
-Generated TOML files are automatically loaded by Rust services:
-
-```toml
-use platform_config::OrchestratorConfig;
-
-let config = OrchestratorConfig::load().expect("Failed to load orchestrator config");
-println!("Orchestrator listening on port: {}", config.server.port);
-```
-
-## Mode Reference
-
-| Mode | CPU | Memory | Replicas | Use Case |
-| ------ | ----- | -------- | ---------- | ---------- |
-| **solo** | 1.0 | 1024M | 1 | Development, testing |
-| **multiuser** | 2.0 | 2048M | 2 | Staging, small production |
-| **enterprise** | 4.0 | 4096M | 3+ | Large production deployments |
-| **cicd** | 2.0 | 2048M | 1 | CI/CD pipelines |
-
-## Workflow: Platform Configuration
-
-1. **Choose deployment mode** → select example file (orchestrator.solo.example.ncl, etc.)
-2. **Customize if needed** → modify the example
-3. **Generate config** → `nickel export --format toml`
-4. **Place in runtime/generated/** → ConfigLoader picks it up automatically
-5. **Service reads config** → via platform-config crate
-
-## Infrastructure Generation
-
-These platform configuration examples work together with infrastructure schemas to create complete deployments.
-
-### Complete Infrastructure Stack
-
-Beyond platform configs, you can generate complete infrastructure from schemas:
-
-**Infrastructure Examples**:
- `provisioning/schemas/infrastructure/examples-solo-deployment.ncl` - Solo infrastructure
- `provisioning/schemas/infrastructure/examples-enterprise-deployment.ncl` - Enterprise infrastructure
-
-**What Gets Generated**:
-
-```bash
-# Solo deployment infrastructure
-nickel export --format json provisioning/schemas/infrastructure/examples-solo-deployment.ncl
-
-# Exports:
-# - docker_compose_services (5 services)
-# - nginx_config (load balancer setup)
-# - prometheus_config (4 scrape jobs)
-# - oci_registry_config (container registry)
-```
-
-**Integration Pattern**:
-
-```bash
-Platform Config (Orchestrator, Control Center, etc.)
-    ↓ ConfigLoader reads TOML
-    ↓ Services start with config
-
-Infrastructure Config (Docker, Nginx, Prometheus, etc.)
-    ↓ nickel export → YAML/JSON
-    ↓ Deploy with Docker/Kubernetes/Nginx
-```
-
-### Generation and Validation
-
-**Generate all infrastructure configs**:
-
-```toml
-provisioning/platform/scripts/generate-infrastructure-configs.nu --mode solo --format yaml
-provisioning/platform/scripts/generate-infrastructure-configs.nu --mode enterprise --format json
-```
-
-**Validate generated configs**:
-
-```toml
-provisioning/platform/scripts/validate-infrastructure.nu --config-dir /tmp/infra
-
-# Output shows validation results for:
-# - Docker Compose (docker-compose config --quiet)
-# - Kubernetes (kubectl apply --dry-run=client)
-# - Nginx (nginx -t)
-# - Prometheus (promtool check config)
-```
-
-**Interactive setup**:
-
-```bash
-bash provisioning/platform/scripts/setup-with-forms.sh
-# Uses TypeDialog bash wrappers (TTY-safe) or basic Nushell prompts as fallback
-```
-
-## Error Handling
-
-If configuration fails to load:
-
-```toml
-# Validate Nickel syntax
-nickel typecheck examples/orchestrator.solo.example.ncl
-
-# Check TOML validity
-cargo test --package platform-config --test validation
-
-# Verify path resolution
-provisioning validate-config --check-paths
-```
-
-## Environment Variable Overrides
-
-Even with TOML configs, environment variables take precedence:
-
-```javascript
-export PROVISIONING_MODE=multiuser
-export ORCHESTRATOR_PORT=9000
-provisioning orchestrator start  # Uses env overrides
-```
-
-## Adding New Configurations
-
-To add a new service configuration:
-
-1. Create `service-name.mode.example.ncl` in this directory
-2. Import the service schema: `import "../../schemas/platform/schemas/service-name.ncl"`
-3. Compose using helpers: `helpers.compose_config defaults mode {}`
-4. Document in this README
-5. Test with: `nickel typecheck` and `nickel export --format json`
-
-## Platform vs Infrastructure Configuration
-
-**Platform Configuration** (this directory):
- Service-specific settings (port, database host, logging level)
- Loaded by ConfigLoader at service startup
- Format: TOML files in `runtime/generated/`
- Examples: orchestrator.solo.example.ncl, orchestrator.multiuser.example.ncl
-
-**Infrastructure Configuration** (provisioning/schemas/infrastructure/):
- Deployment-specific settings (replicas, resources, networking)
- Generated and validated separately
- Formats: YAML (Docker/Kubernetes), JSON (registries), conf (Nginx)
- Examples: examples-solo-deployment.ncl, examples-enterprise-deployment.ncl
-
-**Why Both?**:
- Platform config: How should Orchestrator behave? (internal settings)
- Infrastructure config: How should Orchestrator be deployed? (external deployment)
-
---
-
-**Last Updated**: 2025-01-06 (Updated with Infrastructure Integration Guide)
-**ConfigLoader Version**: 2.0.0
-**Nickel Version**: Latest
-**Infrastructure Integration**: Complete with schemas, examples, and validation scripts
--- a/config/examples/orchestrator.enterprise.example.ncl
+++ b/config/examples/orchestrator.enterprise.example.ncl
@ -1,151 +0,0 @@
-# Orchestrator Configuration Example - Enterprise Deployment Mode
-#
-# This example shows large-scale enterprise deployments with full HA,
-# 3 replicas, distributed storage, and comprehensive monitoring.
-#
-# Usage:
-#   nickel export --format toml orchestrator.enterprise.example.ncl > orchestrator.enterprise.toml
-#   nickel export --format json orchestrator.enterprise.example.ncl | jq
-
-{
-  workspace = {
-    root_path = "/var/provisioning/workspace",
-    data_path = "/mnt/provisioning/workspace/data",
-    state_path = "/mnt/provisioning/workspace/state",
-    cache_path = "/var/cache/provisioning",
-    isolation_level = 'kubernetes,
-    execution_mode = 'distributed,
-  },
-
-  server = {
-    address = "0.0.0.0",
-    port = 8080,
-    tls = true,
-    tls_cert = "/etc/provisioning/certs/server.crt",
-    tls_key = "/etc/provisioning/certs/server.key",
-    tls_client_cert = "/etc/provisioning/certs/client-ca.crt",
-    tls_require_client_cert = true,
-    cors = {
-      enabled = true,
-      allowed_origins = [
-        "https://control-center.production.svc:8081",
-        "https://api.provisioning.example.com",
-      ],
-      allowed_methods = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD"],
-    },
-    rate_limiting = {
-      enabled = true,
-      requests_per_second = 5000,
-      burst_size = 500,
-    },
-    request_timeout = 30000,
-    keepalive_timeout = 75000,
-  },
-
-  storage = {
-    backend = 's3,
-    s3 = {
-      bucket = "provisioning-enterprise",
-      region = "us-east-1",
-      endpoint = "https://s3.us-east-1.amazonaws.com",
-    },
-    max_size = 1099511627776,  # 1TB
-    cache_enabled = true,
-    cache_ttl = 14400,  # 4 hours
-    replication = {
-      enabled = true,
-      regions = ["us-west-2"],
-    },
-  },
-
-  queue = {
-    max_concurrent_tasks = 100,
-    retry_attempts = 7,
-    retry_delay = 30000,
-    retry_backoff = 'exponential,
-    task_timeout = 14400000,  # 4 hours
-    persist = true,
-    dead_letter_queue = {
-      enabled = true,
-      max_size = 100000,
-      retention_days = 30,
-    },
-    priority_queue = true,
-    metrics = true,
-    distributed = true,
-    redis = {
-      cluster = "redis-provisioning",
-      nodes = ["redis-1", "redis-2", "redis-3"],
-    },
-  },
-
-  database = {
-    host = "postgres-primary.provisioning.svc",
-    port = 5432,
-    username = "provisioning",
-    pool_size = 50,
-    pool_idle_timeout = 900,
-    connection_timeout = 30000,
-    ssl = true,
-  },
-
-  logging = {
-    level = 'info,
-    format = 'json,
-    output = 'file,
-    file = "/var/log/provisioning/orchestrator.log",
-    max_size = 1073741824,  # 1GB
-    retention_days = 90,
-  },
-
-  monitoring = {
-    enabled = true,
-    metrics_port = 9090,
-    health_check_interval = 5,
-    prometheus = {
-      enabled = true,
-      scrape_interval = "10s",
-      remote_write = {
-        url = "https://prometheus-remote.example.com/api/v1/write",
-        queue_capacity = 10000,
-      },
-    },
-    jaeger = {
-      enabled = true,
-      endpoint = "http://jaeger-collector.observability.svc:14268/api/traces",
-      sample_rate = 0.1,
-    },
-  },
-
-  security = {
-    enable_auth = true,
-    auth_backend = 'local,
-    token_expiry = 1800,
-    enable_rbac = true,
-    enable_audit_log = true,
-    audit_log_path = "/var/log/provisioning/audit.log",
-  },
-
-  mode = 'enterprise,
-
-  resources = {
-    cpus = "4.0",
-    memory = "4096M",
-    disk = "1T",
-  },
-
-  # Enterprise HA setup: 3 replicas with leader election
-  replicas = 3,
-  replica_sync = {
-    enabled = true,
-    sync_interval = 1000,  # Faster sync for consistency
-    quorum_required = true,
-  },
-  leader_election = {
-    enabled = true,
-    backend = 'etcd,
-    etcd_endpoints = ["etcd-0.etcd", "etcd-1.etcd", "etcd-2.etcd"],
-    lease_duration = 15,
-  },
-
-}
--- a/config/examples/orchestrator.multiuser.example.ncl
+++ b/config/examples/orchestrator.multiuser.example.ncl
@ -1,113 +0,0 @@
-# Orchestrator Configuration Example - Multiuser Deployment Mode
-#
-# This example shows multiuser deployments with HA setup (2 replicas)
-# and moderate resource allocation for staging/production.
-#
-# Usage:
-#   nickel export --format toml orchestrator.multiuser.example.ncl > orchestrator.multiuser.toml
-#   nickel export --format json orchestrator.multiuser.example.ncl | jq
-
-{
-  workspace = {
-    root_path = "/var/provisioning/workspace",
-    data_path = "/var/provisioning/workspace/data",
-    state_path = "/var/provisioning/workspace/state",
-    cache_path = "/var/provisioning/workspace/cache",
-    isolation_level = 'container,
-    execution_mode = 'distributed,
-  },
-
-  server = {
-    address = "0.0.0.0",
-    port = 8080,
-    tls = true,
-    tls_cert = "/etc/provisioning/certs/server.crt",
-    tls_key = "/etc/provisioning/certs/server.key",
-    cors = {
-      enabled = true,
-      allowed_origins = ["https://control-center:8081"],
-      allowed_methods = ["GET", "POST", "PUT", "DELETE", "PATCH"],
-    },
-    rate_limiting = {
-      enabled = true,
-      requests_per_second = 500,
-      burst_size = 100,
-    },
-  },
-
-  storage = {
-    backend = 's3,
-    s3 = {
-      bucket = "provisioning-storage",
-      region = "us-east-1",
-      endpoint = "https://s3.amazonaws.com",
-    },
-    max_size = 107374182400,  # 100GB
-    cache_enabled = true,
-    cache_ttl = 7200,  # 2 hours
-  },
-
-  queue = {
-    max_concurrent_tasks = 20,
-    retry_attempts = 5,
-    retry_delay = 10000,
-    task_timeout = 7200000,
-    persist = true,
-    dead_letter_queue = {
-      enabled = true,
-      max_size = 10000,
-    },
-    priority_queue = true,
-    metrics = true,
-  },
-
-  database = {
-    host = "postgres.provisioning.svc",
-    port = 5432,
-    username = "provisioning",
-    pool_size = 20,
-    connection_timeout = 15000,
-    ssl = true,
-  },
-
-  logging = {
-    level = 'info,
-    format = 'json,
-    output = 'file,
-    file = "/var/log/provisioning/orchestrator.log",
-    max_size = 104857600,  # 100MB
-    retention_days = 30,
-  },
-
-  monitoring = {
-    enabled = true,
-    metrics_port = 9090,
-    health_check_interval = 10,
-    prometheus = {
-      enabled = true,
-      scrape_interval = "15s",
-    },
-  },
-
-  security = {
-    enable_auth = false,
-    auth_backend = 'local,
-    token_expiry = 3600,
-    enable_rbac = false,
-  },
-
-  mode = 'multiuser,
-
-  resources = {
-    cpus = "2.0",
-    memory = "2048M",
-    disk = "100G",
-  },
-
-  # Multiuser-specific: HA replicas
-  replicas = 2,
-  replica_sync = {
-    enabled = true,
-    sync_interval = 5000,
-  },
-}
--- a/config/examples/orchestrator.solo.example.ncl
+++ b/config/examples/orchestrator.solo.example.ncl
@ -1,104 +0,0 @@
-# Orchestrator Configuration Example - Solo Deployment Mode
-#
-# This example shows how to configure the orchestrator for
-# solo (single-node) deployments with minimal resource allocation.
-#
-# Usage:
-#   nickel export --format toml orchestrator.solo.example.ncl > orchestrator.solo.toml
-#   nickel export --format json orchestrator.solo.example.ncl | jq
-#
-# This configuration will be loaded by ConfigLoader at runtime.
-
-{
-  # Workspace configuration for solo mode
-  workspace = {
-    root_path = "/var/provisioning/workspace",
-    data_path = "/var/provisioning/workspace/data",
-    state_path = "/var/provisioning/workspace/state",
-    cache_path = "/var/provisioning/workspace/cache",
-    isolation_level = 'process,
-    execution_mode = 'local,
-  },
-
-  # HTTP server settings - solo mode uses port 8080
-  server = {
-    address = "0.0.0.0",
-    port = 8080,
-    tls = false,
-    cors = {
-      enabled = true,
-      allowed_origins = ["*"],
-      allowed_methods = ["GET", "POST", "PUT", "DELETE"],
-    },
-    rate_limiting = {
-      enabled = true,
-      requests_per_second = 100,
-      burst_size = 50,
-    },
-  },
-
-  # Storage configuration for solo mode (local filesystem)
-  storage = {
-    backend = 'filesystem,
-    path = "/var/provisioning/storage",
-    max_size = 10737418240,  # 10GB
-    cache_enabled = true,
-    cache_ttl = 3600,  # 1 hour
-  },
-
-  # Queue configuration - conservative for solo
-  queue = {
-    max_concurrent_tasks = 5,
-    retry_attempts = 3,
-    retry_delay = 5000,
-    task_timeout = 3600000,
-    persist = true,
-    dead_letter_queue = {
-      enabled = true,
-      max_size = 1000,
-    },
-    priority_queue = false,
-    metrics = false,
-  },
-
-  # Database configuration
-  database = {
-    host = "localhost",
-    port = 5432,
-    username = "provisioning",
-    password = "changeme",  # Should use secrets in production
-    pool_size = 5,
-    connection_timeout = 10000,
-  },
-
-  # Logging configuration
-  logging = {
-    level = 'info,
-    format = 'json,
-    output = 'stdout,
-  },
-
-  # Monitoring configuration
-  monitoring = {
-    enabled = true,
-    metrics_port = 9090,
-    health_check_interval = 30,
-  },
-
-  # Security configuration
-  security = {
-    enable_auth = false,  # Can be enabled later
-    auth_backend = 'local,
-    token_expiry = 86400,
-  },
-
-  # Deployment mode identifier
-  mode = 'solo,
-
-  # Resource limits
-  resources = {
-    cpus = "1.0",
-    memory = "1024M",
-    disk = "10G",
-  },
-}
--- a/config/external-services.ncl
+++ b/config/external-services.ncl
@ -0,0 +1,78 @@
+# External Infrastructure Services Configuration
+# Defines the external services (databases, registries, CI/CD, etc.) that the platform integrates with
+# These services are NOT managed by provisioning, only monitored for health/status
+#
+# Schema validation: Loaded from provisioning/schemas/platform/external-services.ncl
+
+let schema = import "schemas/platform/external-services.ncl" in
+
+[
+  # SecretumVault - Secrets management and encryption
+  ({
+    name = "svault_server-vault",
+    srvc = "vault",
+    desc = "SecretumVault server for secrets management and encryption",
+    url = "http://127.0.0.1:8082",
+    port = 8082,
+    required = true,
+    dependencies = [],
+    binary_path = "~/.local/bin/svault",
+    startup_command = "svault server --config ~/.config/provisioning/secretumvault-dev.toml",
+    health_check_timeout = 5,
+  } | schema.ExternalService),
+
+  # SurrealDB - Multi-model database
+  ({
+    name = "surrealdb-dbs",
+    srvc = "dbs",
+    desc = "SurrealDB multi-model database for data storage and queries",
+    url = "http://127.0.0.1:8000",
+    port = 8000,
+    required = true,
+    dependencies = [],
+  } | schema.ExternalService),
+
+  # PostgreSQL - Database for Forgejo and Woodpecker
+  ({
+    name = "postgresql-db",
+    srvc = "postgres",
+    desc = "PostgreSQL database for Forgejo and Woodpecker services",
+    url = "postgresql://127.0.0.1:5432",
+    port = 5432,
+    required = false,
+    dependencies = [],
+  } | schema.ExternalService),
+
+  # Forgejo - Git server
+  ({
+    name = "forgejo-git",
+    srvc = "git",
+    desc = "Forgejo Git server for version control and collaboration",
+    url = "http://127.0.0.1:3000",
+    port = 3000,
+    required = false,
+    dependencies = ["postgresql-db"],
+  } | schema.ExternalService),
+
+  # Zot - OCI container registry
+  ({
+    name = "zot-register",
+    srvc = "register",
+    desc = "Zot OCI-compliant container registry for container images",
+    url = "http://127.0.0.1:5001",
+    port = 5001,
+    required = false,
+    dependencies = [],
+  } | schema.ExternalService),
+
+  # Woodpecker - CI/CD pipeline engine
+  ({
+    name = "woodpecker-cdci",
+    srvc = "cdci",
+    desc = "Woodpecker CI/CD pipeline engine for automation and testing",
+    url = "http://127.0.0.1:8180",
+    port = 8180,
+    required = false,
+    dependencies = ["forgejo-git", "postgresql-db"],
+  } | schema.ExternalService),
+]
--- a/config/runtime/generated/ai-service.cicd.toml
+++ b/config/runtime/generated/ai-service.cicd.toml
@ -1,19 +0,0 @@
-[ai_service.dag]
-max_concurrent_tasks = 20
-retry_attempts = 2
-task_timeout = 300000
-
-[ai_service.mcp]
-enabled = true
-mcp_service_url = "http://mcp-cicd:8084"
-timeout = 30000
-
-[ai_service.rag]
-enabled = false
-rag_service_url = "http://localhost:8083"
-timeout = 30000
-
-[ai_service.server]
-host = "0.0.0.0"
-port = 8082
-workers = 8
--- a/config/runtime/generated/ai-service.enterprise.toml
+++ b/config/runtime/generated/ai-service.enterprise.toml
@ -1,22 +0,0 @@
-[ai_service.dag]
-max_concurrent_tasks = 50
-retry_attempts = 5
-task_timeout = 1200000
-
-[ai_service.mcp]
-enabled = true
-mcp_service_url = "https://mcp.provisioning.prod:8084"
-timeout = 120000
-
-[ai_service.monitoring]
-enabled = true
-
-[ai_service.rag]
-enabled = true
-rag_service_url = "https://rag.provisioning.prod:8083"
-timeout = 120000
-
-[ai_service.server]
-host = "0.0.0.0"
-port = 8082
-workers = 16
--- a/config/runtime/generated/ai-service.multiuser.toml
+++ b/config/runtime/generated/ai-service.multiuser.toml
@ -1,19 +0,0 @@
-[ai_service.dag]
-max_concurrent_tasks = 10
-retry_attempts = 5
-task_timeout = 600000
-
-[ai_service.mcp]
-enabled = true
-mcp_service_url = "http://mcp-server:8084"
-timeout = 60000
-
-[ai_service.rag]
-enabled = true
-rag_service_url = "http://rag:8083"
-timeout = 60000
-
-[ai_service.server]
-host = "0.0.0.0"
-port = 8082
-workers = 4
--- a/config/runtime/generated/ai-service.solo.toml
+++ b/config/runtime/generated/ai-service.solo.toml
@ -1,19 +0,0 @@
-[ai_service.dag]
-max_concurrent_tasks = 3
-retry_attempts = 3
-task_timeout = 300000
-
-[ai_service.mcp]
-enabled = false
-mcp_service_url = "http://localhost:8084"
-timeout = 30000
-
-[ai_service.rag]
-enabled = true
-rag_service_url = "http://localhost:8083"
-timeout = 30000
-
-[ai_service.server]
-host = "127.0.0.1"
-port = 8082
-workers = 2
--- a/config/runtime/generated/control-center.cicd.toml
+++ b/config/runtime/generated/control-center.cicd.toml
@ -1,193 +0,0 @@
-[control_center.audit]
-enabled = false
-redact_sensitive = true
-
-  [control_center.audit.storage]
-  immutable = false
-  retention_days = 90
-
-[control_center.compliance]
-enabled = false
-encryption_required = false
-
-  [control_center.compliance.data_retention]
-  audit_log_days = 2555
-  policy_years = 7
-
-  [control_center.compliance.validation]
-  enabled = false
-  interval_hours = 24
-
-[control_center.database]
-backend = "rocksdb"
-max_retries = "3"
-path = "/var/lib/provisioning/control-center/data"
-pool_size = 10
-retry = true
-timeout = 30
-
-[control_center.integrations.ldap]
-enabled = false
-
-[control_center.integrations.oauth2]
-enabled = false
-
-[control_center.integrations.webhooks]
-enabled = false
-
-[control_center.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [control_center.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [control_center.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [control_center.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [control_center.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [control_center.logging.syslog]
-  protocol = "udp"
-
-[control_center.monitoring]
-enabled = false
-
-  [control_center.monitoring.alerting]
-  enabled = false
-
-  [control_center.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [control_center.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [control_center.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [control_center.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[control_center.policy]
-enabled = true
-
-  [control_center.policy.cache]
-  enabled = true
-  max_policies = 10000
-  ttl = 3600
-
-  [control_center.policy.versioning]
-  enabled = true
-  max_versions = 20
-
-[control_center.rbac]
-attribute_based = false
-default_role = "user"
-dynamic_roles = false
-enabled = true
-hierarchy = true
-
-  [control_center.rbac.roles]
-  admin = true
-  operator = true
-  viewer = true
-
-[control_center.security.cors]
-allow_credentials = false
-enabled = false
-
-[control_center.security.jwt]
-algorithm = "HS256"
-audience = "provisioning"
-expiration = 3600
-issuer = "control-center"
-refresh_expiration = 86400
-secret = "change_me_in_production"
-
-[control_center.security.mfa]
-lockout_duration = 15
-max_attempts = "5"
-methods = ["totp"]
-required = false
-
-[control_center.security.rate_limiting]
-enabled = false
-max_requests = "1000"
-window_seconds = 60
-
-[control_center.security.rbac]
-default_role = "user"
-enabled = true
-inheritance = true
-
-[control_center.security.session]
-idle_timeout = 3600
-max_duration = 86400
-tracking = false
-
-[control_center.security.tls]
-client_auth = false
-enabled = false
-
-[control_center.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 8080
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[control_center.users]
-audit_enabled = false
-enabled = true
-
-  [control_center.users.registration]
-  auto_assign_role = "user"
-  enabled = true
-  requires_approval = false
-
-  [control_center.users.sessions]
-  absolute_timeout = 86400
-  idle_timeout = 3600
-  max_active = 5
-
-[control_center.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/control-center"
--- a/config/runtime/generated/control-center.enterprise.toml
+++ b/config/runtime/generated/control-center.enterprise.toml
@ -1,193 +0,0 @@
-[control_center.audit]
-enabled = false
-redact_sensitive = true
-
-  [control_center.audit.storage]
-  immutable = false
-  retention_days = 90
-
-[control_center.compliance]
-enabled = false
-encryption_required = false
-
-  [control_center.compliance.data_retention]
-  audit_log_days = 2555
-  policy_years = 7
-
-  [control_center.compliance.validation]
-  enabled = false
-  interval_hours = 24
-
-[control_center.database]
-backend = "rocksdb"
-max_retries = "3"
-path = "/var/lib/provisioning/control-center/data"
-pool_size = 10
-retry = true
-timeout = 30
-
-[control_center.integrations.ldap]
-enabled = false
-
-[control_center.integrations.oauth2]
-enabled = false
-
-[control_center.integrations.webhooks]
-enabled = false
-
-[control_center.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [control_center.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [control_center.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [control_center.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [control_center.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [control_center.logging.syslog]
-  protocol = "udp"
-
-[control_center.monitoring]
-enabled = false
-
-  [control_center.monitoring.alerting]
-  enabled = false
-
-  [control_center.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [control_center.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [control_center.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [control_center.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[control_center.policy]
-enabled = true
-
-  [control_center.policy.cache]
-  enabled = true
-  max_policies = 10000
-  ttl = 3600
-
-  [control_center.policy.versioning]
-  enabled = true
-  max_versions = 20
-
-[control_center.rbac]
-attribute_based = false
-default_role = "user"
-dynamic_roles = false
-enabled = true
-hierarchy = true
-
-  [control_center.rbac.roles]
-  admin = true
-  operator = true
-  viewer = true
-
-[control_center.security.cors]
-allow_credentials = false
-enabled = false
-
-[control_center.security.jwt]
-algorithm = "HS256"
-audience = "provisioning"
-expiration = 3600
-issuer = "control-center"
-refresh_expiration = 86400
-secret = "change_me_in_production"
-
-[control_center.security.mfa]
-lockout_duration = 15
-max_attempts = "5"
-methods = ["totp"]
-required = false
-
-[control_center.security.rate_limiting]
-enabled = false
-max_requests = "1000"
-window_seconds = 60
-
-[control_center.security.rbac]
-default_role = "user"
-enabled = true
-inheritance = true
-
-[control_center.security.session]
-idle_timeout = 3600
-max_duration = 86400
-tracking = false
-
-[control_center.security.tls]
-client_auth = false
-enabled = false
-
-[control_center.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 8080
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[control_center.users]
-audit_enabled = false
-enabled = true
-
-  [control_center.users.registration]
-  auto_assign_role = "user"
-  enabled = true
-  requires_approval = false
-
-  [control_center.users.sessions]
-  absolute_timeout = 86400
-  idle_timeout = 3600
-  max_active = 5
-
-[control_center.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/control-center"
--- a/config/runtime/generated/control-center.multiuser.toml
+++ b/config/runtime/generated/control-center.multiuser.toml
@ -1,193 +0,0 @@
-[control_center.audit]
-enabled = false
-redact_sensitive = true
-
-  [control_center.audit.storage]
-  immutable = false
-  retention_days = 90
-
-[control_center.compliance]
-enabled = false
-encryption_required = false
-
-  [control_center.compliance.data_retention]
-  audit_log_days = 2555
-  policy_years = 7
-
-  [control_center.compliance.validation]
-  enabled = false
-  interval_hours = 24
-
-[control_center.database]
-backend = "rocksdb"
-max_retries = "3"
-path = "/var/lib/provisioning/control-center/data"
-pool_size = 10
-retry = true
-timeout = 30
-
-[control_center.integrations.ldap]
-enabled = false
-
-[control_center.integrations.oauth2]
-enabled = false
-
-[control_center.integrations.webhooks]
-enabled = false
-
-[control_center.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [control_center.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [control_center.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [control_center.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [control_center.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [control_center.logging.syslog]
-  protocol = "udp"
-
-[control_center.monitoring]
-enabled = false
-
-  [control_center.monitoring.alerting]
-  enabled = false
-
-  [control_center.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [control_center.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [control_center.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [control_center.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[control_center.policy]
-enabled = true
-
-  [control_center.policy.cache]
-  enabled = true
-  max_policies = 10000
-  ttl = 3600
-
-  [control_center.policy.versioning]
-  enabled = true
-  max_versions = 20
-
-[control_center.rbac]
-attribute_based = false
-default_role = "user"
-dynamic_roles = false
-enabled = true
-hierarchy = true
-
-  [control_center.rbac.roles]
-  admin = true
-  operator = true
-  viewer = true
-
-[control_center.security.cors]
-allow_credentials = false
-enabled = false
-
-[control_center.security.jwt]
-algorithm = "HS256"
-audience = "provisioning"
-expiration = 3600
-issuer = "control-center"
-refresh_expiration = 86400
-secret = "change_me_in_production"
-
-[control_center.security.mfa]
-lockout_duration = 15
-max_attempts = "5"
-methods = ["totp"]
-required = false
-
-[control_center.security.rate_limiting]
-enabled = false
-max_requests = "1000"
-window_seconds = 60
-
-[control_center.security.rbac]
-default_role = "user"
-enabled = true
-inheritance = true
-
-[control_center.security.session]
-idle_timeout = 3600
-max_duration = 86400
-tracking = false
-
-[control_center.security.tls]
-client_auth = false
-enabled = false
-
-[control_center.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 8080
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[control_center.users]
-audit_enabled = false
-enabled = true
-
-  [control_center.users.registration]
-  auto_assign_role = "user"
-  enabled = true
-  requires_approval = false
-
-  [control_center.users.sessions]
-  absolute_timeout = 86400
-  idle_timeout = 3600
-  max_active = 5
-
-[control_center.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/control-center"
--- a/config/runtime/generated/control-center.solo.toml
+++ b/config/runtime/generated/control-center.solo.toml
@ -1,193 +0,0 @@
-[control_center.audit]
-enabled = false
-redact_sensitive = true
-
-  [control_center.audit.storage]
-  immutable = false
-  retention_days = 90
-
-[control_center.compliance]
-enabled = false
-encryption_required = false
-
-  [control_center.compliance.data_retention]
-  audit_log_days = 2555
-  policy_years = 7
-
-  [control_center.compliance.validation]
-  enabled = false
-  interval_hours = 24
-
-[control_center.database]
-backend = "rocksdb"
-max_retries = "3"
-path = "/var/lib/provisioning/control-center/data"
-pool_size = 10
-retry = true
-timeout = 30
-
-[control_center.integrations.ldap]
-enabled = false
-
-[control_center.integrations.oauth2]
-enabled = false
-
-[control_center.integrations.webhooks]
-enabled = false
-
-[control_center.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [control_center.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [control_center.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [control_center.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [control_center.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [control_center.logging.syslog]
-  protocol = "udp"
-
-[control_center.monitoring]
-enabled = false
-
-  [control_center.monitoring.alerting]
-  enabled = false
-
-  [control_center.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [control_center.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [control_center.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [control_center.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[control_center.policy]
-enabled = true
-
-  [control_center.policy.cache]
-  enabled = true
-  max_policies = 10000
-  ttl = 3600
-
-  [control_center.policy.versioning]
-  enabled = true
-  max_versions = 20
-
-[control_center.rbac]
-attribute_based = false
-default_role = "user"
-dynamic_roles = false
-enabled = true
-hierarchy = true
-
-  [control_center.rbac.roles]
-  admin = true
-  operator = true
-  viewer = true
-
-[control_center.security.cors]
-allow_credentials = false
-enabled = false
-
-[control_center.security.jwt]
-algorithm = "HS256"
-audience = "provisioning"
-expiration = 3600
-issuer = "control-center"
-refresh_expiration = 86400
-secret = "change_me_in_production"
-
-[control_center.security.mfa]
-lockout_duration = 15
-max_attempts = "5"
-methods = ["totp"]
-required = false
-
-[control_center.security.rate_limiting]
-enabled = false
-max_requests = "1000"
-window_seconds = 60
-
-[control_center.security.rbac]
-default_role = "user"
-enabled = true
-inheritance = true
-
-[control_center.security.session]
-idle_timeout = 3600
-max_duration = 86400
-tracking = false
-
-[control_center.security.tls]
-client_auth = false
-enabled = false
-
-[control_center.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 8080
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[control_center.users]
-audit_enabled = false
-enabled = true
-
-  [control_center.users.registration]
-  auto_assign_role = "user"
-  enabled = true
-  requires_approval = false
-
-  [control_center.users.sessions]
-  absolute_timeout = 86400
-  idle_timeout = 3600
-  max_active = 5
-
-[control_center.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/control-center"
--- a/config/runtime/generated/extension-registry.cicd.toml
+++ b/config/runtime/generated/extension-registry.cicd.toml
@ -1,23 +0,0 @@
-[registry.cache]
-capacity = 5000
-list_cache = false
-metadata_cache = true
-ttl = 600
-
-[registry.gitea]
-enabled = false
-verify_ssl = false
-
-[registry.oci]
-enabled = true
-namespace = "provisioning-cicd"
-registry = "registry.cicd:5000"
-timeout = 30000
-verify_ssl = false
-
-[registry.server]
-compression = true
-cors_enabled = false
-host = "0.0.0.0"
-port = 8081
-workers = 8
--- a/config/runtime/generated/extension-registry.enterprise.toml
+++ b/config/runtime/generated/extension-registry.enterprise.toml
@ -1,30 +0,0 @@
-[registry.cache]
-capacity = 10000
-list_cache = true
-metadata_cache = true
-ttl = 1800
-
-[registry.gitea]
-enabled = true
-org = "provisioning"
-timeout = 120000
-url = "https://gitea.provisioning.prod:443"
-verify_ssl = true
-
-[registry.monitoring]
-enabled = true
-metrics_interval = 30
-
-[registry.oci]
-enabled = true
-namespace = "provisioning"
-registry = "registry.provisioning.prod:5000"
-timeout = 120000
-verify_ssl = true
-
-[registry.server]
-compression = true
-cors_enabled = true
-host = "0.0.0.0"
-port = 8081
-workers = 16
--- a/config/runtime/generated/extension-registry.multiuser.toml
+++ b/config/runtime/generated/extension-registry.multiuser.toml
@ -1,26 +0,0 @@
-[registry.cache]
-capacity = 1000
-list_cache = true
-metadata_cache = true
-ttl = 300
-
-[registry.gitea]
-enabled = true
-org = "provisioning-team"
-timeout = 60000
-url = "http://gitea:3000"
-verify_ssl = false
-
-[registry.oci]
-enabled = true
-namespace = "provisioning"
-registry = "registry.provisioning.local:5000"
-timeout = 60000
-verify_ssl = false
-
-[registry.server]
-compression = true
-cors_enabled = true
-host = "0.0.0.0"
-port = 8081
-workers = 4
--- a/config/runtime/generated/extension-registry.solo.toml
+++ b/config/runtime/generated/extension-registry.solo.toml
@ -1,23 +0,0 @@
-[registry.cache]
-capacity = 100
-list_cache = true
-metadata_cache = true
-ttl = 60
-
-[registry.gitea]
-enabled = true
-org = "provisioning-solo"
-timeout = 30000
-url = "http://localhost:3000"
-verify_ssl = false
-
-[registry.oci]
-enabled = false
-verify_ssl = false
-
-[registry.server]
-compression = true
-cors_enabled = false
-host = "127.0.0.1"
-port = 8081
-workers = 2
--- a/config/runtime/generated/installer.cicd.toml
+++ b/config/runtime/generated/installer.cicd.toml
@ -1,150 +0,0 @@
-[installer.database]
-auto_init = true
-backup_before_upgrade = true
-
-  [installer.database.migrations]
-  enabled = true
-  path = "/migrations"
-
-[installer.high_availability]
-auto_healing = true
-enabled = false
-replicas = 1
-
-  [installer.high_availability.backup]
-  enabled = false
-  interval_hours = 24
-  retention_days = 30
-
-  [installer.high_availability.health_checks]
-  enabled = true
-  interval_seconds = 30
-
-[installer.installation]
-keep_artifacts = false
-parallel_services = 3
-rollback_on_failure = true
-timeout_minutes = 30
-
-[installer.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [installer.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [installer.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [installer.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [installer.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [installer.logging.syslog]
-  protocol = "udp"
-
-[installer.monitoring]
-enabled = false
-
-  [installer.monitoring.alerting]
-  enabled = false
-
-  [installer.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [installer.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [installer.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [installer.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[installer.networking.ingress]
-enabled = false
-tls = false
-
-[installer.networking.load_balancer]
-enabled = false
-
-[installer.networking.ports]
-control_center = 8080
-mcp_server = 3000
-orchestrator = 9090
-
-[installer.post_install]
-enabled = false
-notify = false
-
-  [installer.post_install.verify]
-  enabled = true
-  timeout_minutes = 10
-
-[installer.preflight]
-check_cpu = true
-check_dependencies = true
-check_disk_space = true
-check_memory = true
-check_network = true
-check_ports = true
-enabled = true
-min_cpu_cores = 2
-min_disk_gb = 50
-min_memory_gb = 4
-
-[installer.services]
-control_center = true
-mcp_server = true
-orchestrator = true
-
-[installer.storage]
-compression = false
-location = "/var/lib/provisioning"
-replication = false
-size_gb = 100
-
-[installer.target]
-ssh_port = 22
-ssh_user = "root"
-target_type = "local"
-
-[installer.upgrades]
-auto_upgrade = false
-
-[installer.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/installer"
--- a/config/runtime/generated/installer.enterprise.toml
+++ b/config/runtime/generated/installer.enterprise.toml
@ -1,150 +0,0 @@
-[installer.database]
-auto_init = true
-backup_before_upgrade = true
-
-  [installer.database.migrations]
-  enabled = true
-  path = "/migrations"
-
-[installer.high_availability]
-auto_healing = true
-enabled = false
-replicas = 1
-
-  [installer.high_availability.backup]
-  enabled = false
-  interval_hours = 24
-  retention_days = 30
-
-  [installer.high_availability.health_checks]
-  enabled = true
-  interval_seconds = 30
-
-[installer.installation]
-keep_artifacts = false
-parallel_services = 3
-rollback_on_failure = true
-timeout_minutes = 30
-
-[installer.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [installer.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [installer.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [installer.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [installer.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [installer.logging.syslog]
-  protocol = "udp"
-
-[installer.monitoring]
-enabled = false
-
-  [installer.monitoring.alerting]
-  enabled = false
-
-  [installer.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [installer.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [installer.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [installer.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[installer.networking.ingress]
-enabled = false
-tls = false
-
-[installer.networking.load_balancer]
-enabled = false
-
-[installer.networking.ports]
-control_center = 8080
-mcp_server = 3000
-orchestrator = 9090
-
-[installer.post_install]
-enabled = false
-notify = false
-
-  [installer.post_install.verify]
-  enabled = true
-  timeout_minutes = 10
-
-[installer.preflight]
-check_cpu = true
-check_dependencies = true
-check_disk_space = true
-check_memory = true
-check_network = true
-check_ports = true
-enabled = true
-min_cpu_cores = 2
-min_disk_gb = 50
-min_memory_gb = 4
-
-[installer.services]
-control_center = true
-mcp_server = true
-orchestrator = true
-
-[installer.storage]
-compression = false
-location = "/var/lib/provisioning"
-replication = false
-size_gb = 100
-
-[installer.target]
-ssh_port = 22
-ssh_user = "root"
-target_type = "local"
-
-[installer.upgrades]
-auto_upgrade = false
-
-[installer.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/installer"
--- a/config/runtime/generated/installer.multiuser.toml
+++ b/config/runtime/generated/installer.multiuser.toml
@ -1,150 +0,0 @@
-[installer.database]
-auto_init = true
-backup_before_upgrade = true
-
-  [installer.database.migrations]
-  enabled = true
-  path = "/migrations"
-
-[installer.high_availability]
-auto_healing = true
-enabled = false
-replicas = 1
-
-  [installer.high_availability.backup]
-  enabled = false
-  interval_hours = 24
-  retention_days = 30
-
-  [installer.high_availability.health_checks]
-  enabled = true
-  interval_seconds = 30
-
-[installer.installation]
-keep_artifacts = false
-parallel_services = 3
-rollback_on_failure = true
-timeout_minutes = 30
-
-[installer.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [installer.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [installer.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [installer.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [installer.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [installer.logging.syslog]
-  protocol = "udp"
-
-[installer.monitoring]
-enabled = false
-
-  [installer.monitoring.alerting]
-  enabled = false
-
-  [installer.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [installer.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [installer.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [installer.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[installer.networking.ingress]
-enabled = false
-tls = false
-
-[installer.networking.load_balancer]
-enabled = false
-
-[installer.networking.ports]
-control_center = 8080
-mcp_server = 3000
-orchestrator = 9090
-
-[installer.post_install]
-enabled = false
-notify = false
-
-  [installer.post_install.verify]
-  enabled = true
-  timeout_minutes = 10
-
-[installer.preflight]
-check_cpu = true
-check_dependencies = true
-check_disk_space = true
-check_memory = true
-check_network = true
-check_ports = true
-enabled = true
-min_cpu_cores = 2
-min_disk_gb = 50
-min_memory_gb = 4
-
-[installer.services]
-control_center = true
-mcp_server = true
-orchestrator = true
-
-[installer.storage]
-compression = false
-location = "/var/lib/provisioning"
-replication = false
-size_gb = 100
-
-[installer.target]
-ssh_port = 22
-ssh_user = "root"
-target_type = "local"
-
-[installer.upgrades]
-auto_upgrade = false
-
-[installer.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/installer"
--- a/config/runtime/generated/installer.solo.toml
+++ b/config/runtime/generated/installer.solo.toml
@ -1,150 +0,0 @@
-[installer.database]
-auto_init = true
-backup_before_upgrade = true
-
-  [installer.database.migrations]
-  enabled = true
-  path = "/migrations"
-
-[installer.high_availability]
-auto_healing = true
-enabled = false
-replicas = 1
-
-  [installer.high_availability.backup]
-  enabled = false
-  interval_hours = 24
-  retention_days = 30
-
-  [installer.high_availability.health_checks]
-  enabled = true
-  interval_seconds = 30
-
-[installer.installation]
-keep_artifacts = false
-parallel_services = 3
-rollback_on_failure = true
-timeout_minutes = 30
-
-[installer.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [installer.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [installer.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [installer.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [installer.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [installer.logging.syslog]
-  protocol = "udp"
-
-[installer.monitoring]
-enabled = false
-
-  [installer.monitoring.alerting]
-  enabled = false
-
-  [installer.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [installer.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [installer.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [installer.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[installer.networking.ingress]
-enabled = false
-tls = false
-
-[installer.networking.load_balancer]
-enabled = false
-
-[installer.networking.ports]
-control_center = 8080
-mcp_server = 3000
-orchestrator = 9090
-
-[installer.post_install]
-enabled = false
-notify = false
-
-  [installer.post_install.verify]
-  enabled = true
-  timeout_minutes = 10
-
-[installer.preflight]
-check_cpu = true
-check_dependencies = true
-check_disk_space = true
-check_memory = true
-check_network = true
-check_ports = true
-enabled = true
-min_cpu_cores = 2
-min_disk_gb = 50
-min_memory_gb = 4
-
-[installer.services]
-control_center = true
-mcp_server = true
-orchestrator = true
-
-[installer.storage]
-compression = false
-location = "/var/lib/provisioning"
-replication = false
-size_gb = 100
-
-[installer.target]
-ssh_port = 22
-ssh_user = "root"
-target_type = "local"
-
-[installer.upgrades]
-auto_upgrade = false
-
-[installer.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/installer"
--- a/config/runtime/generated/mcp-server.cicd.toml
+++ b/config/runtime/generated/mcp-server.cicd.toml
@ -1,163 +0,0 @@
-[mcp_server.capabilities.prompts]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.capabilities.resources]
-enabled = true
-list_changed_callback = false
-subscribe = false
-
-[mcp_server.capabilities.sampling]
-enabled = false
-
-[mcp_server.capabilities.tools]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.control_center_integration]
-enabled = false
-enforce_rbac = true
-
-[mcp_server.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [mcp_server.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [mcp_server.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [mcp_server.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [mcp_server.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [mcp_server.logging.syslog]
-  protocol = "udp"
-
-[mcp_server.monitoring]
-enabled = false
-
-  [mcp_server.monitoring.alerting]
-  enabled = false
-
-  [mcp_server.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [mcp_server.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [mcp_server.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [mcp_server.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[mcp_server.orchestrator_integration]
-enabled = false
-
-[mcp_server.performance]
-buffer_size = 1024
-compression = false
-pool_size = 10
-
-[mcp_server.prompts]
-enabled = true
-max_templates = 100
-
-  [mcp_server.prompts.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.prompts.versioning]
-  enabled = false
-  max_versions = 10
-
-[mcp_server.protocol]
-version = "1.0"
-
-  [mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
-  timeout = 30000
-
-[mcp_server.resources]
-enabled = true
-max_size = 104857600
-
-  [mcp_server.resources.cache]
-  enabled = true
-  max_size_mb = 512
-  ttl = 3600
-
-  [mcp_server.resources.validation]
-  enabled = true
-  max_depth = 10
-
-[mcp_server.sampling]
-enabled = false
-max_tokens = 4096
-temperature = 0.7
-
-  [mcp_server.sampling.cache]
-  enabled = true
-  ttl = 3600
-
-[mcp_server.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 3000
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[mcp_server.tools]
-enabled = true
-max_concurrent = 5
-timeout = 30000
-
-  [mcp_server.tools.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.tools.validation]
-  enabled = true
-  strict_mode = false
-
-[mcp_server.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/mcp-server"
--- a/config/runtime/generated/mcp-server.enterprise.toml
+++ b/config/runtime/generated/mcp-server.enterprise.toml
@ -1,163 +0,0 @@
-[mcp_server.capabilities.prompts]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.capabilities.resources]
-enabled = true
-list_changed_callback = false
-subscribe = false
-
-[mcp_server.capabilities.sampling]
-enabled = false
-
-[mcp_server.capabilities.tools]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.control_center_integration]
-enabled = false
-enforce_rbac = true
-
-[mcp_server.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [mcp_server.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [mcp_server.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [mcp_server.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [mcp_server.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [mcp_server.logging.syslog]
-  protocol = "udp"
-
-[mcp_server.monitoring]
-enabled = false
-
-  [mcp_server.monitoring.alerting]
-  enabled = false
-
-  [mcp_server.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [mcp_server.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [mcp_server.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [mcp_server.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[mcp_server.orchestrator_integration]
-enabled = false
-
-[mcp_server.performance]
-buffer_size = 1024
-compression = false
-pool_size = 10
-
-[mcp_server.prompts]
-enabled = true
-max_templates = 100
-
-  [mcp_server.prompts.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.prompts.versioning]
-  enabled = false
-  max_versions = 10
-
-[mcp_server.protocol]
-version = "1.0"
-
-  [mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
-  timeout = 30000
-
-[mcp_server.resources]
-enabled = true
-max_size = 104857600
-
-  [mcp_server.resources.cache]
-  enabled = true
-  max_size_mb = 512
-  ttl = 3600
-
-  [mcp_server.resources.validation]
-  enabled = true
-  max_depth = 10
-
-[mcp_server.sampling]
-enabled = false
-max_tokens = 4096
-temperature = 0.7
-
-  [mcp_server.sampling.cache]
-  enabled = true
-  ttl = 3600
-
-[mcp_server.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 3000
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[mcp_server.tools]
-enabled = true
-max_concurrent = 5
-timeout = 30000
-
-  [mcp_server.tools.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.tools.validation]
-  enabled = true
-  strict_mode = false
-
-[mcp_server.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/mcp-server"
--- a/config/runtime/generated/mcp-server.multiuser.toml
+++ b/config/runtime/generated/mcp-server.multiuser.toml
@ -1,163 +0,0 @@
-[mcp_server.capabilities.prompts]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.capabilities.resources]
-enabled = true
-list_changed_callback = false
-subscribe = false
-
-[mcp_server.capabilities.sampling]
-enabled = false
-
-[mcp_server.capabilities.tools]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.control_center_integration]
-enabled = false
-enforce_rbac = true
-
-[mcp_server.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [mcp_server.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [mcp_server.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [mcp_server.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [mcp_server.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [mcp_server.logging.syslog]
-  protocol = "udp"
-
-[mcp_server.monitoring]
-enabled = false
-
-  [mcp_server.monitoring.alerting]
-  enabled = false
-
-  [mcp_server.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [mcp_server.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [mcp_server.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [mcp_server.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[mcp_server.orchestrator_integration]
-enabled = false
-
-[mcp_server.performance]
-buffer_size = 1024
-compression = false
-pool_size = 10
-
-[mcp_server.prompts]
-enabled = true
-max_templates = 100
-
-  [mcp_server.prompts.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.prompts.versioning]
-  enabled = false
-  max_versions = 10
-
-[mcp_server.protocol]
-version = "1.0"
-
-  [mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
-  timeout = 30000
-
-[mcp_server.resources]
-enabled = true
-max_size = 104857600
-
-  [mcp_server.resources.cache]
-  enabled = true
-  max_size_mb = 512
-  ttl = 3600
-
-  [mcp_server.resources.validation]
-  enabled = true
-  max_depth = 10
-
-[mcp_server.sampling]
-enabled = false
-max_tokens = 4096
-temperature = 0.7
-
-  [mcp_server.sampling.cache]
-  enabled = true
-  ttl = 3600
-
-[mcp_server.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 3000
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[mcp_server.tools]
-enabled = true
-max_concurrent = 5
-timeout = 30000
-
-  [mcp_server.tools.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.tools.validation]
-  enabled = true
-  strict_mode = false
-
-[mcp_server.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/mcp-server"
--- a/config/runtime/generated/mcp-server.solo.toml
+++ b/config/runtime/generated/mcp-server.solo.toml
@ -1,163 +0,0 @@
-[mcp_server.capabilities.prompts]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.capabilities.resources]
-enabled = true
-list_changed_callback = false
-subscribe = false
-
-[mcp_server.capabilities.sampling]
-enabled = false
-
-[mcp_server.capabilities.tools]
-enabled = true
-list_changed_callback = false
-
-[mcp_server.control_center_integration]
-enabled = false
-enforce_rbac = true
-
-[mcp_server.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [mcp_server.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [mcp_server.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [mcp_server.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [mcp_server.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [mcp_server.logging.syslog]
-  protocol = "udp"
-
-[mcp_server.monitoring]
-enabled = false
-
-  [mcp_server.monitoring.alerting]
-  enabled = false
-
-  [mcp_server.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [mcp_server.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [mcp_server.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [mcp_server.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[mcp_server.orchestrator_integration]
-enabled = false
-
-[mcp_server.performance]
-buffer_size = 1024
-compression = false
-pool_size = 10
-
-[mcp_server.prompts]
-enabled = true
-max_templates = 100
-
-  [mcp_server.prompts.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.prompts.versioning]
-  enabled = false
-  max_versions = 10
-
-[mcp_server.protocol]
-version = "1.0"
-
-  [mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
-  timeout = 30000
-
-[mcp_server.resources]
-enabled = true
-max_size = 104857600
-
-  [mcp_server.resources.cache]
-  enabled = true
-  max_size_mb = 512
-  ttl = 3600
-
-  [mcp_server.resources.validation]
-  enabled = true
-  max_depth = 10
-
-[mcp_server.sampling]
-enabled = false
-max_tokens = 4096
-temperature = 0.7
-
-  [mcp_server.sampling.cache]
-  enabled = true
-  ttl = 3600
-
-[mcp_server.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 3000
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[mcp_server.tools]
-enabled = true
-max_concurrent = 5
-timeout = 30000
-
-  [mcp_server.tools.cache]
-  enabled = true
-  ttl = 3600
-
-  [mcp_server.tools.validation]
-  enabled = true
-  strict_mode = false
-
-[mcp_server.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/mcp-server"
--- a/config/runtime/generated/orchestrator.cicd.toml
+++ b/config/runtime/generated/orchestrator.cicd.toml
@ -1,126 +0,0 @@
-[orchestrator.batch]
-metrics = false
-operation_timeout = 1800000
-parallel_limit = 5
-
-  [orchestrator.batch.checkpointing]
-  enabled = true
-  interval = 100
-  max_checkpoints = 10
-
-  [orchestrator.batch.rollback]
-  enabled = true
-  max_rollback_depth = 5
-  strategy = "checkpoint_based"
-
-[orchestrator.extensions]
-auto_load = false
-discovery_interval = 300
-max_concurrent = 5
-sandbox = true
-timeout = 30000
-
-[orchestrator.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [orchestrator.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [orchestrator.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [orchestrator.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [orchestrator.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [orchestrator.logging.syslog]
-  protocol = "udp"
-
-[orchestrator.monitoring]
-enabled = false
-
-  [orchestrator.monitoring.alerting]
-  enabled = false
-
-  [orchestrator.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [orchestrator.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [orchestrator.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [orchestrator.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[orchestrator.queue]
-max_concurrent_tasks = 5
-metrics = false
-persist = true
-priority_queue = false
-retry_attempts = 3
-retry_delay = 5000
-task_timeout = 3600000
-
-  [orchestrator.queue.dead_letter_queue]
-  enabled = true
-  max_size = 1000
-
-[orchestrator.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 9090
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[orchestrator.storage]
-backend = "filesystem"
-path = "/var/lib/provisioning/orchestrator/data"
-
-  [orchestrator.storage.cache]
-  enabled = true
-  eviction_policy = "lru"
-  ttl = 3600
-  type = "in_memory"
-
-[orchestrator.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/orchestrator"
--- a/config/runtime/generated/orchestrator.enterprise.toml
+++ b/config/runtime/generated/orchestrator.enterprise.toml
@ -1,126 +0,0 @@
-[orchestrator.batch]
-metrics = false
-operation_timeout = 1800000
-parallel_limit = 5
-
-  [orchestrator.batch.checkpointing]
-  enabled = true
-  interval = 100
-  max_checkpoints = 10
-
-  [orchestrator.batch.rollback]
-  enabled = true
-  max_rollback_depth = 5
-  strategy = "checkpoint_based"
-
-[orchestrator.extensions]
-auto_load = false
-discovery_interval = 300
-max_concurrent = 5
-sandbox = true
-timeout = 30000
-
-[orchestrator.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [orchestrator.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [orchestrator.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [orchestrator.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [orchestrator.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [orchestrator.logging.syslog]
-  protocol = "udp"
-
-[orchestrator.monitoring]
-enabled = false
-
-  [orchestrator.monitoring.alerting]
-  enabled = false
-
-  [orchestrator.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [orchestrator.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [orchestrator.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [orchestrator.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[orchestrator.queue]
-max_concurrent_tasks = 5
-metrics = false
-persist = true
-priority_queue = false
-retry_attempts = 3
-retry_delay = 5000
-task_timeout = 3600000
-
-  [orchestrator.queue.dead_letter_queue]
-  enabled = true
-  max_size = 1000
-
-[orchestrator.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 9090
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[orchestrator.storage]
-backend = "filesystem"
-path = "/var/lib/provisioning/orchestrator/data"
-
-  [orchestrator.storage.cache]
-  enabled = true
-  eviction_policy = "lru"
-  ttl = 3600
-  type = "in_memory"
-
-[orchestrator.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/orchestrator"
--- a/config/runtime/generated/orchestrator.multiuser.toml
+++ b/config/runtime/generated/orchestrator.multiuser.toml
@ -1,126 +0,0 @@
-[orchestrator.batch]
-metrics = false
-operation_timeout = 1800000
-parallel_limit = 5
-
-  [orchestrator.batch.checkpointing]
-  enabled = true
-  interval = 100
-  max_checkpoints = 10
-
-  [orchestrator.batch.rollback]
-  enabled = true
-  max_rollback_depth = 5
-  strategy = "checkpoint_based"
-
-[orchestrator.extensions]
-auto_load = false
-discovery_interval = 300
-max_concurrent = 5
-sandbox = true
-timeout = 30000
-
-[orchestrator.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [orchestrator.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [orchestrator.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [orchestrator.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [orchestrator.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [orchestrator.logging.syslog]
-  protocol = "udp"
-
-[orchestrator.monitoring]
-enabled = false
-
-  [orchestrator.monitoring.alerting]
-  enabled = false
-
-  [orchestrator.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [orchestrator.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [orchestrator.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [orchestrator.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[orchestrator.queue]
-max_concurrent_tasks = 5
-metrics = false
-persist = true
-priority_queue = false
-retry_attempts = 3
-retry_delay = 5000
-task_timeout = 3600000
-
-  [orchestrator.queue.dead_letter_queue]
-  enabled = true
-  max_size = 1000
-
-[orchestrator.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 9090
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[orchestrator.storage]
-backend = "filesystem"
-path = "/var/lib/provisioning/orchestrator/data"
-
-  [orchestrator.storage.cache]
-  enabled = true
-  eviction_policy = "lru"
-  ttl = 3600
-  type = "in_memory"
-
-[orchestrator.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/orchestrator"
--- a/config/runtime/generated/orchestrator.solo.toml
+++ b/config/runtime/generated/orchestrator.solo.toml
@ -1,126 +0,0 @@
-[orchestrator.batch]
-metrics = false
-operation_timeout = 1800000
-parallel_limit = 5
-
-  [orchestrator.batch.checkpointing]
-  enabled = true
-  interval = 100
-  max_checkpoints = 10
-
-  [orchestrator.batch.rollback]
-  enabled = true
-  max_rollback_depth = 5
-  strategy = "checkpoint_based"
-
-[orchestrator.extensions]
-auto_load = false
-discovery_interval = 300
-max_concurrent = 5
-sandbox = true
-timeout = 30000
-
-[orchestrator.logging]
-format = "&"
-level = "&"
-outputs = ["stdout"]
-
-  [orchestrator.logging.fields]
-  caller = false
-  hostname = true
-  pid = true
-  service_name = true
-  stack_trace = false
-  timestamp = true
-
-  [orchestrator.logging.file]
-  compress = false
-  max_age = 30
-  max_backups = 10
-  max_size = 104857600
-  path = "/var/log/provisioning/service.log"
-
-  [orchestrator.logging.performance]
-  enabled = false
-  memory_info = false
-  slow_threshold = 1000
-
-  [orchestrator.logging.sampling]
-  enabled = false
-  initial = 100
-  thereafter = 100
-
-  [orchestrator.logging.syslog]
-  protocol = "udp"
-
-[orchestrator.monitoring]
-enabled = false
-
-  [orchestrator.monitoring.alerting]
-  enabled = false
-
-  [orchestrator.monitoring.health_check]
-  enabled = false
-  endpoint = "/health"
-  healthy_threshold = 2
-  interval = 30
-  timeout = 5000
-  type = "&"
-  unhealthy_threshold = 3
-
-  [orchestrator.monitoring.metrics]
-  buffer_size = 1000
-  enabled = false
-  interval = 60
-  prometheus_path = "/metrics"
-  retention_days = 30
-
-  [orchestrator.monitoring.resources]
-  alert_threshold = 80
-  cpu = false
-  disk = false
-  memory = false
-  network = false
-
-  [orchestrator.monitoring.tracing]
-  enabled = false
-  sample_rate = 0.1
-
-[orchestrator.queue]
-max_concurrent_tasks = 5
-metrics = false
-persist = true
-priority_queue = false
-retry_attempts = 3
-retry_delay = 5000
-task_timeout = 3600000
-
-  [orchestrator.queue.dead_letter_queue]
-  enabled = true
-  max_size = 1000
-
-[orchestrator.server]
-graceful_shutdown = true
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 100
-port = 9090
-request_timeout = 30000
-shutdown_timeout = 30
-workers = 4
-
-[orchestrator.storage]
-backend = "filesystem"
-path = "/var/lib/provisioning/orchestrator/data"
-
-  [orchestrator.storage.cache]
-  enabled = true
-  eviction_policy = "lru"
-  ttl = 3600
-  type = "in_memory"
-
-[orchestrator.workspace]
-enabled = true
-multi_workspace = false
-name = "default"
-path = "/var/lib/provisioning/orchestrator"
--- a/config/runtime/generated/provisioning-daemon.cicd.toml
+++ b/config/runtime/generated/provisioning-daemon.cicd.toml
@ -1,13 +0,0 @@
-[daemon.actions]
-auto_cleanup = true
-auto_update = false
-ephemeral_cleanup = true
-
-[daemon.daemon]
-enabled = true
-max_workers = 8
-poll_interval = 10
-
-[daemon.logging]
-file = "/tmp/provisioning-daemon-cicd.log"
-level = "warn"
--- a/config/runtime/generated/provisioning-daemon.enterprise.toml
+++ b/config/runtime/generated/provisioning-daemon.enterprise.toml
@ -1,18 +0,0 @@
-[daemon.actions]
-auto_cleanup = true
-auto_update = true
-health_checks = true
-workspace_sync = true
-
-[daemon.daemon]
-enabled = true
-max_workers = 16
-poll_interval = 30
-
-[daemon.logging]
-file = "/var/log/provisioning/daemon.log"
-level = "info"
-syslog = true
-
-[daemon.monitoring]
-enabled = true
--- a/config/runtime/generated/provisioning-daemon.multiuser.toml
+++ b/config/runtime/generated/provisioning-daemon.multiuser.toml
@ -1,13 +0,0 @@
-[daemon.actions]
-auto_cleanup = true
-auto_update = false
-workspace_sync = true
-
-[daemon.daemon]
-enabled = true
-max_workers = 4
-poll_interval = 30
-
-[daemon.logging]
-file = "/var/log/provisioning/daemon.log"
-level = "info"
--- a/config/runtime/generated/provisioning-daemon.solo.toml
+++ b/config/runtime/generated/provisioning-daemon.solo.toml
@ -1,12 +0,0 @@
-[daemon.actions]
-auto_cleanup = false
-auto_update = false
-
-[daemon.daemon]
-enabled = true
-max_workers = 2
-poll_interval = 60
-
-[daemon.logging]
-file = "/tmp/provisioning-daemon-solo.log"
-level = "info"
--- a/config/runtime/generated/rag.cicd.toml
+++ b/config/runtime/generated/rag.cicd.toml
@ -1,2 +0,0 @@
-[rag.rag]
-enabled = false
--- a/config/runtime/generated/rag.enterprise.toml
+++ b/config/runtime/generated/rag.enterprise.toml
@ -1,39 +0,0 @@
-[rag.embeddings]
-batch_size = 200
-dimension = 3072
-model = "text-embedding-3-large"
-provider = "openai"
-
-[rag.ingestion]
-auto_ingest = true
-chunk_size = 2048
-doc_types = ["md", "txt", "toml", "ncl", "rs", "nu", "yaml", "json"]
-overlap = 200
-watch_files = true
-
-[rag.llm]
-max_tokens = 8192
-model = "claude-opus-4-5-20251101"
-provider = "anthropic"
-temperature = 0.5
-
-[rag.monitoring]
-enabled = true
-
-[rag.rag]
-enabled = true
-
-[rag.retrieval]
-hybrid = true
-mmr_lambda = 0.5
-reranking = true
-similarity_threshold = 0.8
-top_k = 20
-
-[rag.vector_db]
-database = "rag"
-db_type = "surrealdb"
-hnsw_ef_construction = 400
-hnsw_m = 32
-namespace = "provisioning-prod"
-url = "ws://surrealdb-cluster:8000"
--- a/config/runtime/generated/rag.multiuser.toml
+++ b/config/runtime/generated/rag.multiuser.toml
@ -1,35 +0,0 @@
-[rag.embeddings]
-batch_size = 100
-dimension = 1536
-model = "text-embedding-3-small"
-provider = "openai"
-
-[rag.ingestion]
-auto_ingest = true
-chunk_size = 1024
-doc_types = ["md", "txt", "toml", "ncl", "rs", "nu"]
-overlap = 100
-watch_files = true
-
-[rag.llm]
-max_tokens = 4096
-model = "claude-3-5-sonnet-20241022"
-provider = "anthropic"
-temperature = 0.7
-
-[rag.rag]
-enabled = true
-
-[rag.retrieval]
-hybrid = true
-reranking = true
-similarity_threshold = 0.75
-top_k = 10
-
-[rag.vector_db]
-database = "rag"
-db_type = "surrealdb"
-hnsw_ef_construction = 200
-hnsw_m = 16
-namespace = "provisioning-team"
-url = "http://surrealdb:8000"
--- a/config/runtime/generated/rag.solo.toml
+++ b/config/runtime/generated/rag.solo.toml
@ -1,31 +0,0 @@
-[rag.embeddings]
-batch_size = 32
-dimension = 384
-model = "all-MiniLM-L6-v2"
-provider = "local"
-
-[rag.ingestion]
-auto_ingest = true
-chunk_size = 512
-doc_types = ["md", "txt", "toml"]
-overlap = 50
-
-[rag.llm]
-api_url = "http://localhost:11434"
-max_tokens = 2048
-model = "llama3.2"
-provider = "ollama"
-temperature = 0.7
-
-[rag.rag]
-enabled = true
-
-[rag.retrieval]
-hybrid = false
-reranking = false
-similarity_threshold = 0.7
-top_k = 5
-
-[rag.vector_db]
-db_type = "memory"
-namespace = "provisioning-solo"
--- a/config/runtime/generated/vault-service.cicd.toml
+++ b/config/runtime/generated/vault-service.cicd.toml
@ -1,35 +0,0 @@
-[vault.ha]
-enabled = false
-mode = "raft"
-
-[vault.logging]
-format = "json"
-level = "warn"
-
-[vault.monitoring]
-enabled = false
-metrics_interval = 60
-
-[vault.security]
-encryption_algorithm = "aes-256-gcm"
-key_rotation_days = 90
-
-[vault.server]
-host = "0.0.0.0"
-keep_alive = 75
-max_connections = 200
-port = 8200
-workers = 8
-
-[vault.storage]
-backend = "memory"
-encryption_key_path = "/tmp/provisioning-vault-cicd/master.key"
-path = "/tmp/provisioning-vault-cicd"
-
-[vault.vault]
-deployment_mode = "Service"
-key_name = "provisioning-cicd"
-mount_point = "transit-cicd"
-server_url = "http://vault-cicd:8200"
-storage_backend = "memory"
-tls_verify = false
--- a/config/runtime/generated/vault-service.enterprise.toml
+++ b/config/runtime/generated/vault-service.enterprise.toml
@ -1,36 +0,0 @@
-[vault.ha]
-enabled = true
-mode = "raft"
-
-[vault.logging]
-format = "json"
-level = "info"
-
-[vault.monitoring]
-enabled = true
-metrics_interval = 30
-
-[vault.security]
-encryption_algorithm = "aes-256-gcm"
-key_rotation_days = 30
-
-[vault.server]
-host = "0.0.0.0"
-keep_alive = 75
-max_connections = 500
-port = 8200
-workers = 16
-
-[vault.storage]
-backend = "etcd"
-encryption_key_path = "/var/lib/provisioning/vault/master.key"
-path = "/var/lib/provisioning/vault/data"
-
-[vault.vault]
-deployment_mode = "Service"
-key_name = "provisioning-enterprise"
-mount_point = "transit"
-server_url = "https://vault-ha:8200"
-storage_backend = "etcd"
-tls_ca_cert = "/etc/vault/ca.crt"
-tls_verify = true
--- a/config/runtime/generated/vault-service.multiuser.toml
+++ b/config/runtime/generated/vault-service.multiuser.toml
@ -1,35 +0,0 @@
-[vault.ha]
-enabled = false
-mode = "raft"
-
-[vault.logging]
-format = "json"
-level = "info"
-
-[vault.monitoring]
-enabled = true
-metrics_interval = 60
-
-[vault.security]
-encryption_algorithm = "aes-256-gcm"
-key_rotation_days = 90
-
-[vault.server]
-host = "0.0.0.0"
-keep_alive = 75
-max_connections = 100
-port = 8200
-workers = 4
-
-[vault.storage]
-backend = "surrealdb"
-encryption_key_path = "/var/lib/provisioning/vault/master.key"
-path = "/var/lib/provisioning/vault/data"
-
-[vault.vault]
-deployment_mode = "Service"
-key_name = "provisioning-master"
-mount_point = "transit"
-server_url = "http://localhost:8200"
-storage_backend = "surrealdb"
-tls_verify = false
--- a/config/runtime/generated/vault-service.solo.toml
+++ b/config/runtime/generated/vault-service.solo.toml
@ -1,35 +0,0 @@
-[vault.ha]
-enabled = false
-mode = "raft"
-
-[vault.logging]
-format = "json"
-level = "info"
-
-[vault.monitoring]
-enabled = false
-metrics_interval = 60
-
-[vault.security]
-encryption_algorithm = "aes-256-gcm"
-key_rotation_days = 90
-
-[vault.server]
-host = "127.0.0.1"
-keep_alive = 75
-max_connections = 50
-port = 8200
-workers = 2
-
-[vault.storage]
-backend = "filesystem"
-encryption_key_path = "/tmp/provisioning-vault-solo/master.key"
-path = "/tmp/provisioning-vault-solo/data"
-
-[vault.vault]
-deployment_mode = "Embedded"
-key_name = "provisioning-master"
-mount_point = "transit"
-server_url = "http://localhost:8200"
-storage_backend = "filesystem"
-tls_verify = false