38 changed files with 1670 additions and 1683 deletions
--- a/.typedialog/README.md
+++ b/.typedialog/README.md
@ -5,13 +5,12 @@ TypeDialog enables interactive form-based configuration from Nickel schemas.
 ## Status
 - **TypeDialog Binary**: Not yet installed (planned: `typedialog` command)
- **TypeDialog Forms**: Created and ready (setup wizard, auth login, MFA enrollment)
+- **Alternative**: FormInquire (Jinja2 templates + interactive forms) - **ACTIVE**
- **Bash Wrappers**: Implemented to handle TTY input properly
+- **Plan**: Full TypeDialog migration when available
 - **ForminQuire**: DEPRECATED - Archived to `.coder/archive/forminquire/`
 ## Directory Structure
-```plaintext
+```
 .typedialog/
 └── provisioning/platform/
    ├── README.md                    # This file
@ -25,7 +24,7 @@ TypeDialog enables interactive form-based configuration from Nickel schemas.
    │   └── platform/schemas/ → ../../../schemas/platform/schemas/
    └── constraints/                 # Validation constraints
        └── constraints.toml         # Shared validation rules
-```text
+```
 ## How TypeDialog Would Work
@ -35,7 +34,7 @@ TypeDialog enables interactive form-based configuration from Nickel schemas.
 # Auto-generate form from Nickel schema
 typedialog generate-form --schema orchestrator.ncl \
  --output forms/orchestrator.form.toml
-```text
+```
 ### 2. Interactive Configuration
@ -43,7 +42,7 @@ typedialog generate-form --schema orchestrator.ncl \
 # Run interactive form
 typedialog run-form --form forms/orchestrator.form.toml \
  --output orchestrator-configured.ncl
-```text
+```
 ### 3. Validation
@ -51,38 +50,28 @@ typedialog run-form --form forms/orchestrator.form.toml \
 # Validate user input against schema
 typedialog validate --form forms/orchestrator.form.toml \
  --data user-config.ncl
-```text
+```
-## Current Status: TypeDialog Forms Ready
+## Current Alternative: FormInquire
-TypeDialog forms have been created and are ready to use:
+While TypeDialog is not yet available, FormInquire provides form-based configuration:
-**Form Locations**:
+**Location**: `provisioning/core/forminquire/`
 - Setup wizard: `provisioning/.typedialog/core/forms/setup-wizard.toml`
 - Auth login: `provisioning/.typedialog/core/forms/auth-login.toml`
 - MFA enrollment: `provisioning/.typedialog/core/forms/mfa-enroll.toml`
-**Bash Wrappers** (TTY-safe, handle input properly):
+**How it works**:
- `provisioning/core/shlib/setup-wizard-tty.sh`
+1. Define form in Jinja2 template (`.form.j2`)
- `provisioning/core/shlib/auth-login-tty.sh`
+2. Use `nu_plugin_tera` to render templates
- `provisioning/core/shlib/mfa-enroll-tty.sh`
+3. Collect user input via FormInquire CLI
-
+4. Process results with Nushell scripts
 **Usage Pattern**:
 1. Bash wrapper calls TypeDialog (handles TTY input)
 2. TypeDialog generates Nickel config file
 3. Nushell scripts read the generated config (no input issues)
 **Example**:
 ```nushell
 # Load Jinja2 template and show form
 let form_data = forminquire load provisioning/core/forminquire/templates/orchestrator.form.j2
-```bash
+# Process user input
-# Run TypeDialog setup wizard
+let config = process_form_input $form_data
-./provisioning/core/shlib/setup-wizard-tty.sh
+```
 # Nushell reads the generated config
 let config = (open provisioning/.typedialog/core/generated/setup-wizard-result.json | from json)
 ```text
 **Note**: ForminQuire (Jinja2-based forms) has been archived to `provisioning/.coder/archive/forminquire/` and is no longer in use.
 ## Integration Plan (When TypeDialog Available)
@ -91,7 +80,7 @@ let config = (open provisioning/.typedialog/core/generated/setup-wizard-result.j
 ```bash
 cargo install --path /Users/Akasha/Development/typedialog
 typedialog --version
-```text
+```
 ### Step 2: Generate Forms from Schemas
@ -103,7 +92,7 @@ for schema in provisioning/schemas/platform/schemas/*.ncl; do
    --schema $schema \
    --output provisioning/platform/.typedialog/forms/${service}.form.toml
 done
-```text
+```
 ### Step 3: Create Setup Wizard
@ -113,7 +102,7 @@ provisioning setup-platform \
  --mode solo|multiuser|enterprise \
  --provider docker|kubernetes \
  --interactive  # Uses TypeDialog forms
-```text
+```
 ### Step 4: Update Platform Setup Script
@ -121,18 +110,19 @@ provisioning setup-platform \
 # provisioning/platform/scripts/setup-platform-config.sh
 if command -v typedialog &> /dev/null; then
-  # TypeDialog is installed - use bash wrapper for proper TTY handling
+  # TypeDialog is installed
-  ./provisioning/core/shlib/setup-wizard-tty.sh
+  typedialog run-form \
    --form .typedialog/forms/orchestrator.form.toml \
    --output config/runtime/orchestrator.ncl
-  # Read generated JSON config
+  # Export to TOML
-  # Nushell scripts can now read the config without input issues
+  nickel export --format toml config/runtime/orchestrator.ncl \
    > config/runtime/generated/orchestrator.solo.toml
 else
-  # Fallback to basic prompts
+  # Fallback to FormInquire
-  echo "TypeDialog not available. Using basic interactive prompts..."
+  forminquire setup-wizard
  # Nushell wizard with basic input prompts
  nu -c "use provisioning/core/nulib/lib_provisioning/setup/wizard.nu *; run-setup-wizard"
 fi
-```text
+```
 ## Form Definition Example
@ -174,7 +164,7 @@ label = "Logging Level"
 options = ["debug", "info", "warning", "error"]
 default = "info"
 required = false
-```text
+```
 ## Validation Constraints
@ -194,11 +184,11 @@ replicas = "range(1, 10)"
 [nginx]
 worker_processes = "range(1, 32)"
 worker_connections = "range(1, 65536)"
-```text
+```
 ## Workflow: Setup to Deployment
-```plaintext
+```
 1. User runs setup command
   ↓
 2. TypeDialog displays form
@ -212,7 +202,7 @@ worker_connections = "range(1, 65536)"
 6. Service reads TOML config
   ↓
 7. Service starts with configured values
-```text
+```
 ## Benefits of TypeDialog Integration
@ -221,8 +211,7 @@ worker_connections = "range(1, 65536)"
 - ✅ **Progressive disclosure** - Show advanced options only when needed
 - ✅ **Consistent UX** - Same forms across platforms (CLI, Web, TUI)
 - ✅ **Auto-generated** - Forms stay in sync with schemas automatically
- ✅ **TTY handling** - Bash wrappers solve Nushell input stack issues
+- ✅ **Fallback support** - FormInquire as alternative if TypeDialog unavailable
 - ✅ **Graceful fallback** - Falls back to basic prompts if TypeDialog unavailable
 ## Testing TypeDialog Forms
@ -239,36 +228,27 @@ typedialog run-form \
 typedialog generate-sample \
  --form provisioning/platform/.typedialog/forms/orchestrator.form.toml \
  --output /tmp/orchestrator-sample.ncl
-```text
+```
 ## Migration Path
-### Phase A: Legacy (DEPRECATED)
+### Phase A: Current (FormInquire)
-```plaintext
+```
 FormInquire (Jinja2) → Nushell processing → TOML config
-Status: ARCHIVED to .coder/archive/forminquire/
+```
 ```text
-### Phase B: Current Implementation
+### Phase B: TypeDialog Available
-```plaintext
+```
-Bash wrapper → TypeDialog (TTY input) → Nickel config → JSON export → Nushell reads JSON
+TypeDialog (Schema-driven) → Nickel config → TOML export
-Status: IMPLEMENTED with forms ready
+```
 ```text
-### Phase C: TypeDialog Binary Available (Future)
+### Phase C: Unified (Future)
-```plaintext
+```
 TypeDialog binary installed → Full nickel-roundtrip workflow → Auto-sync with schemas
 Status: PLANNED - awaiting TypeDialog binary release
 ```text
 ### Phase D: Unified (Future)
 ```plaintext
 ConfigLoader discovers config → Service reads → TypeDialog updates UI
-```text
+```
 ## Integration with Infrastructure Schemas
@ -291,21 +271,21 @@ TypeDialog forms work seamlessly with infrastructure schemas:
 - Tools: docker-compose config, kubectl apply --dry-run, nginx -t, promtool check
 - Examples: `examples-solo-deployment.ncl`, `examples-enterprise-deployment.ncl`
-**4. Interactive Setup with Forms** (TypeDialog ready)
+**4. Interactive Setup with Forms** (ready for TypeDialog)
 - Script: `provisioning/platform/scripts/setup-with-forms.sh`
- Bash wrappers: `provisioning/core/shlib/*-tty.sh` (handle TTY input)
+- Auto-detects TypeDialog, falls back to FormInquire
- Forms ready: setup-wizard, auth-login, mfa-enroll
+- Supports batch or single-service configuration
- Fallback: Basic Nushell prompts if TypeDialog unavailable
+- Auto-generates forms from schemas (when TypeDialog available)
 ### Current Status: Full Infrastructure Support
 | Component | Status | Details |
-| ----------- | -------- | --------- |
+|-----------|--------|---------|
 | **Schemas** | ✅ Complete | 6 infrastructure schemas (1,577 lines) |
 | **Examples** | ✅ Complete | 2 deployment examples (solo, enterprise) |
 | **Generation Script** | ✅ Complete | Auto-generates configs for all modes |
 | **Validation Script** | ✅ Complete | Validates Docker, K8s, Nginx, Prometheus |
-| **Setup Wizard** | ✅ Complete | TypeDialog forms + bash wrappers ready |
+| **Setup Wizard** | ✅ Complete | Interactive config + FormInquire active |
 | **TypeDialog Integration** | ⏳ Pending | Structure ready, awaiting binary |
 ### Validated Examples
@ -341,7 +321,7 @@ jq '.docker_compose_services | keys' /tmp/solo.json
 # Compare resource allocation (solo vs enterprise)
 jq '.docker_compose_services.orchestrator.deploy.resources.limits' /tmp/solo.json
 jq '.docker_compose_services.orchestrator.deploy.resources.limits' /tmp/enterprise.json
-```text
+```
 ## Next Steps
@ -350,11 +330,11 @@ jq '.docker_compose_services.orchestrator.deploy.resources.limits' /tmp/enterpri
   - Validate with format-specific tools
   - Use interactive setup wizard for configuration
-2. **When TypeDialog binary becomes available**:
+2. **When TypeDialog becomes available**:
   - Install TypeDialog binary
-   - Forms already created and ready to use
+   - Run form generation script from infrastructure schemas
-   - Bash wrappers handle TTY input (no Nushell stack issues)
+   - Update setup script to use TypeDialog exclusively
-   - Full nickel-roundtrip workflow will be enabled
+   - Deprecate FormInquire (keep as fallback)
 3. **Production Deployment**:
   - Use validated infrastructure configs
@ -363,9 +343,8 @@ jq '.docker_compose_services.orchestrator.deploy.resources.limits' /tmp/enterpri
 ---
-**Version**: 1.2.0 (TypeDialog Forms + Bash Wrappers)
+**Version**: 1.1.0 (Infrastructure Integration Added)
-**Status**: TypeDialog forms ready with bash wrappers; Awaiting TypeDialog Binary
+**Status**: Ready for Infrastructure Generation; Awaiting TypeDialog Binary
-**Last Updated**: 2025-01-09
+**Last Updated**: 2025-01-06
-**ForminQuire Status**: DEPRECATED - Archived to .coder/archive/forminquire/
+**Current Alternatives**: FormInquire (active), automation scripts (complete)
 **Fallback**: Basic Nushell prompts if TypeDialog unavailable
 **Tested**: Infrastructure examples (solo + enterprise) validated
--- a/.typedialog/provisioning/platform/constraints/constraints.toml
+++ b/.typedialog/provisioning/platform/constraints/constraints.toml
@ -2,27 +2,27 @@
 # Defines validation rules for form fields generated from Nickel schemas
 [orchestrator]
-cpus = "pattern(^[0-9]+(\\.[0-9]+)?$)"
+port = "range(1, 65535)"
 db_pool_size = "range(1, 100)"
 log_level = ["debug", "info", "warning", "error"]
 memory = "pattern(^[0-9]+[MG]B$)"
 mode = ["solo", "multiuser", "enterprise", "cicd"]
-port = "range(1, 65535)"
+cpus = "pattern(^[0-9]+(\\.[0-9]+)?$)"
 memory = "pattern(^[0-9]+[MG]B$)"
 replicas = "range(1, 10)"
 [control-center]
 log_level = ["debug", "info", "warning", "error"]
 port = "range(1, 65535)"
 replicas = "range(1, 10)"
 log_level = ["debug", "info", "warning", "error"]
 [vault-service]
 port = "range(1, 65535)"
 cpus = "pattern(^[0-9]+(\\.[0-9]+)?$)"
 memory = "pattern(^[0-9]+[MG]B$)"
 port = "range(1, 65535)"
 [rag]
 max_concurrent_requests = "range(1, 100)"
 port = "range(1, 65535)"
 max_concurrent_requests = "range(1, 100)"
 timeout_seconds = "range(1, 3600)"
 [extension-registry]
@ -30,32 +30,32 @@ port = "range(1, 65535)"
 storage_path = "pattern(^/[a-zA-Z0-9/_-]+$)"
 [mcp-server]
 max_connections = "range(1, 1000)"
 port = "range(1, 65535)"
 max_connections = "range(1, 1000)"
 [provisioning-daemon]
 max_workers = "range(1, 100)"
 port = "range(1, 65535)"
 max_workers = "range(1, 100)"
 [ai-service]
 max_retries = "range(0, 10)"
 model_timeout_seconds = "range(1, 3600)"
 port = "range(1, 65535)"
 model_timeout_seconds = "range(1, 3600)"
 max_retries = "range(0, 10)"
 [nginx]
 client_max_body_size = "pattern(^[0-9]+[MG]B$)"
 worker_connections = "range(1, 65536)"
 worker_processes = "range(1, 32)"
 worker_connections = "range(1, 65536)"
 client_max_body_size = "pattern(^[0-9]+[MG]B$)"
 [prometheus]
 scrape_interval = "pattern(^[0-9]+[smh]$)"
 evaluation_interval = "pattern(^[0-9]+[smh]$)"
 retention = "pattern(^[0-9]+[dhw]$)"
 scrape_interval = "pattern(^[0-9]+[smh]$)"
 [kubernetes]
 replicas = "range(1, 100)"
 cpu = "pattern(^[0-9]+m$|^[0-9]+(\\.[0-9]+)?$)"
 memory = "pattern(^[0-9]+Mi$|^[0-9]+Gi$)"
 replicas = "range(1, 100)"
 [docker-compose]
 cpus = "pattern(^[0-9]+(\\.[0-9]+)?$)"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,273 +1,267 @@
 [workspace]
 members = [
  "crates/platform-config",
  "crates/service-clients",
  "crates/ai-service",
  "crates/extension-registry",
  "crates/orchestrator",
  "crates/control-center",
  "crates/control-center-ui",
  "crates/vault-service",
  "crates/rag",
  "crates/detector",
  "crates/mcp-server",
  "crates/provisioning-daemon",
 ]
 resolver = "2"
 members = [
    "crates/platform-config",
    "crates/service-clients",
    "crates/ai-service",
    "crates/extension-registry",
    "crates/orchestrator",
    "crates/control-center",
    "crates/control-center-ui",
    "crates/vault-service",
    "crates/rag",
    "crates/detector",
    "crates/mcp-server",
    "crates/provisioning-daemon",
 ]
-  [workspace.package]
+[workspace.package]
-  authors = ["Jesus Perez <jesus@librecloud.online>"]
+version = "0.1.0"
-  edition = "2021"
+edition = "2021"
-  license = "MIT"
+authors = ["Jesus Perez <jesus@librecloud.online>"]
-  repository = "https://github.com/jesusperezlorenzo/provisioning"
+license = "MIT"
-  version = "0.1.0"
+repository = "https://github.com/jesusperezlorenzo/provisioning"
-  [workspace.dependencies]
+[workspace.dependencies]
-  # ============================================================================
+# ============================================================================
-  # SHARED ASYNC RUNTIME AND CORE LIBRARIES
+# SHARED ASYNC RUNTIME AND CORE LIBRARIES
-  # ============================================================================
+# ============================================================================
-  async-trait = "0.1"
+tokio = { version = "1.49", features = ["full"] }
-  futures = "0.3"
+tokio-util = "0.7"
-  tokio = { version = "1.49", features = ["full"] }
+futures = "0.3"
-  tokio-util = "0.7"
+async-trait = "0.1"
-  # ============================================================================
+# ============================================================================
-  # SERIALIZATION AND DATA HANDLING
+# SERIALIZATION AND DATA HANDLING
-  # ============================================================================
+# ============================================================================
-  chrono = { version = "0.4", features = ["serde"] }
+serde = { version = "1.0", features = ["derive"] }
-  serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
-  serde_json = "1.0"
+toml = "0.9"
-  toml = "0.9"
+uuid = { version = "1.19", features = ["v4", "serde"] }
-  uuid = { version = "1.19", features = ["v4", "serde"] }
+chrono = { version = "0.4", features = ["serde"] }
-  # ============================================================================
+# ============================================================================
-  # ERROR HANDLING
+# ERROR HANDLING
-  # ============================================================================
+# ============================================================================
-  anyhow = "1.0"
+anyhow = "1.0"
-  thiserror = "2.0"
+thiserror = "2.0"
-  # ============================================================================
+# ============================================================================
-  # LOGGING AND TRACING
+# LOGGING AND TRACING
-  # ============================================================================
+# ============================================================================
-  log = "0.4"
+log = "0.4"
-  tracing = "0.1"
+tracing = "0.1"
-  tracing-appender = "0.2"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
-  tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+tracing-appender = "0.2"
-  # ============================================================================
+# ============================================================================
-  # WEB SERVER AND NETWORKING
+# WEB SERVER AND NETWORKING
-  # ============================================================================
+# ============================================================================
-  axum = { version = "0.8", features = ["ws", "macros"] }
+axum = { version = "0.8", features = ["ws", "macros"] }
-  hyper = "1.8"
+tower = { version = "0.5", features = ["full"] }
-  reqwest = { version = "0.13", features = ["json", "rustls"], default-features = false }
+tower-http = { version = "0.6", features = ["cors", "trace", "fs", "compression-gzip", "timeout"] }
-  tower = { version = "0.5", features = ["full"] }
+hyper = "1.8"
-  tower-http = { version = "0.6", features = [
+reqwest = { version = "0.13", features = ["json", "rustls"], default-features = false }
    "cors",
    "trace",
    "fs",
    "compression-gzip",
    "timeout",
  ] }
-  # ============================================================================
+# ============================================================================
-  # CLI AND CONFIGURATION
+# CLI AND CONFIGURATION
-  # ============================================================================
+# ============================================================================
-  clap = { version = "4.5", features = ["derive", "env"] }
+clap = { version = "4.5", features = ["derive", "env"] }
-  config = "0.15"
+config = "0.15"
-  # ============================================================================
+# ============================================================================
-  # DATABASE AND STORAGE
+# DATABASE AND STORAGE
-  # ============================================================================
+# ============================================================================
-  sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "chrono", "uuid"] }
+surrealdb = { version = "2.4", features = ["kv-mem", "protocol-ws", "protocol-http"] }
-  surrealdb = { version = "2.4", features = ["kv-mem", "protocol-ws", "protocol-http"] }
+sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "chrono", "uuid"] }
-  # ============================================================================
+# ============================================================================
-  # SECURITY AND CRYPTOGRAPHY
+# SECURITY AND CRYPTOGRAPHY
-  # ============================================================================
+# ============================================================================
-  aes-gcm = "0.10"
+ring = "0.17"
-  argon2 = "0.5"
+jsonwebtoken = { version = "10.2", features = ["rust_crypto"] }
-  base64 = "0.22"
+argon2 = "0.5"
-  hmac = "0.12"
+base64 = "0.22"
-  jsonwebtoken = { version = "10.2", features = ["rust_crypto"] }
+rand = { version = "0.9", features = ["std_rng", "os_rng"] }
-  rand = { version = "0.9", features = ["std_rng", "os_rng"] }
+aes-gcm = "0.10"
-  ring = "0.17"
+sha2 = "0.10"
-  sha2 = "0.10"
+hmac = "0.12"
-  # AWS SDK for KMS
+# AWS SDK for KMS
-  aws-config = "1"
+aws-sdk-kms = "1"
-  aws-credential-types = "1"
+aws-config = "1"
-  aws-sdk-kms = "1"
+aws-credential-types = "1"
-  # ============================================================================
+# ============================================================================
-  # VALIDATION AND REGEX
+# VALIDATION AND REGEX
-  # ============================================================================
+# ============================================================================
-  regex = "1.12"
+validator = { version = "0.20", features = ["derive"] }
-  validator = { version = "0.20", features = ["derive"] }
+regex = "1.12"
-  # ============================================================================
+# ============================================================================
-  # GRAPH ALGORITHMS AND UTILITIES
+# GRAPH ALGORITHMS AND UTILITIES
-  # ============================================================================
+# ============================================================================
-  petgraph = "0.8"
+petgraph = "0.8"
-  # ============================================================================
+# ============================================================================
-  # ADDITIONAL SHARED DEPENDENCIES
+# ADDITIONAL SHARED DEPENDENCIES
-  # ============================================================================
+# ============================================================================
-  # System utilities
+# System utilities
-  dirs = "6.0"
+dirs = "6.0"
-  # Filesystem operations
+# Filesystem operations
-  notify = "8.2"
+walkdir = "2.5"
-  walkdir = "2.5"
+notify = "8.2"
-  # Statistics and templates
+# Statistics and templates
-  statistics = "0.4"
+statistics = "0.4"
-  tera = "1.20"
+tera = "1.20"
-  # Additional cryptography
+# Additional cryptography
-  hkdf = "0.12"
+hkdf = "0.12"
-  rsa = "0.9.9"
+rsa = "0.9.9"
-  zeroize = { version = "1.8", features = ["derive"] }
+zeroize = { version = "1.8", features = ["derive"] }
-  # Additional security
+# Additional security
-  constant_time_eq = "0.4"
+constant_time_eq = "0.4"
-  subtle = "2.6"
+subtle = "2.6"
-  # Caching and storage
+# Caching and storage
-  redis = { version = "1.0", features = ["tokio-comp", "connection-manager"] }
+redis = { version = "1.0", features = ["tokio-comp", "connection-manager"] }
-  # Tower services
+# Tower services
-  tower-service = "0.3"
+tower-service = "0.3"
-  tower_governor = "0.8"
+tower_governor = "0.8"
-  # Scheduling
+# Scheduling
-  cron = "0.15"
+cron = "0.15"
-  tokio-cron-scheduler = "0.15"
+tokio-cron-scheduler = "0.15"
-  # Policy engine
+# Policy engine
-  cedar-policy = "4.8"
+cedar-policy = "4.8"
-  # URL handling
+# URL handling
-  url = "2.5"
+url = "2.5"
-  # Icons and UI
+# Icons and UI
-  icondata = "0.7"
+icondata = "0.7"
-  leptos_icons = "0.7"
+leptos_icons = "0.7"
-  # Image processing
+# Image processing
-  image = { version = "0.25", default-features = false, features = ["png"] }
+image = { version = "0.25", default-features = false, features = ["png"] }
-  qrcode = "0.14"
+qrcode = "0.14"
-  # Authentication
+# Authentication
-  hex = "0.4"
+totp-rs = { version = "5.7", features = ["qr"] }
-  lazy_static = "1.5"
+webauthn-rs = "0.5"
-  totp-rs = { version = "5.7", features = ["qr"] }
+webauthn-rs-proto = "0.5"
-  webauthn-rs = "0.5"
+hex = "0.4"
-  webauthn-rs-proto = "0.5"
+lazy_static = "1.5"
-  # Additional serialization
+# Additional serialization
-  serde-wasm-bindgen = "0.6"
+serde-wasm-bindgen = "0.6"
-  # Gloo utilities (for WASM)
+# Gloo utilities (for WASM)
-  gloo-net = { version = "0.6", features = ["http", "websocket"] }
+gloo-net = { version = "0.6", features = ["http", "websocket"] }
-  gloo-storage = "0.3"
+gloo-storage = "0.3"
-  gloo-timers = "0.3"
+gloo-utils = { version = "0.2", features = ["serde"] }
-  gloo-utils = { version = "0.2", features = ["serde"] }
+gloo-timers = "0.3"
-  # Plotting and canvas
+# Plotting and canvas
-  plotters = "0.3"
+plotters = "0.3"
-  plotters-canvas = "0.3"
+plotters-canvas = "0.3"
-  # WASM utilities
+# WASM utilities
-  console_error_panic_hook = "0.1"
+wasm-bindgen-futures = "0.4"
-  js-sys = "0.3"
+js-sys = "0.3"
-  tracing-wasm = "0.2"
+tracing-wasm = "0.2"
-  wasm-bindgen-futures = "0.4"
+console_error_panic_hook = "0.1"
-  # Random number generation
+# Random number generation
-  getrandom = { version = "0.3" }
+getrandom = { version = "0.3" }
-  # ============================================================================
+# ============================================================================
-  # TUI (Terminal User Interface)
+# TUI (Terminal User Interface)
-  # ============================================================================
+# ============================================================================
-  crossterm = "0.29"
+ratatui = { version = "0.30", features = ["all-widgets", "serde"] }
-  ratatui = { version = "0.30", features = ["all-widgets", "serde"] }
+crossterm = "0.29"
-  # ============================================================================
+# ============================================================================
-  # WASM AND FRONTEND DEPENDENCIES (for control-center-ui)
+# WASM AND FRONTEND DEPENDENCIES (for control-center-ui)
-  # ============================================================================
+# ============================================================================
-  leptos = { version = "0.8", features = ["csr"] }
+wasm-bindgen = "0.2"
-  leptos_meta = { version = "0.8", features = ["default"] }
+leptos = { version = "0.8", features = ["csr"] }
-  leptos_router = { version = "0.8" }
+leptos_meta = { version = "0.8", features = ["default"] }
-  wasm-bindgen = "0.2"
+leptos_router = { version = "0.8" }
-  # ============================================================================
+# ============================================================================
-  # DEVELOPMENT AND TESTING DEPENDENCIES
+# DEVELOPMENT AND TESTING DEPENDENCIES
-  # ============================================================================
+# ============================================================================
-  assert_matches = "1.5"
+tokio-test = "0.4"
-  criterion = { version = "0.8", features = ["html_reports"] }
+tempfile = "3.24"
-  mockito = "1"
+criterion = { version = "0.8", features = ["html_reports"] }
-  tempfile = "3.24"
+assert_matches = "1.5"
-  tokio-test = "0.4"
+mockito = "1"
-  # Additional caching and binary discovery
+# Additional caching and binary discovery
-  lru = "0.16"
+lru = "0.16"
-  parking_lot = "0.12"
+which = "8"
-  which = "8"
+parking_lot = "0.12"
-  yaml-rust = "0.4"
+yaml-rust = "0.4"
-  # ============================================================================
+# ============================================================================
-  # RAG FRAMEWORK DEPENDENCIES (Rig)
+# RAG FRAMEWORK DEPENDENCIES (Rig)
-  # ============================================================================
+# ============================================================================
-  rig-core = "0.27"
+rig-core = "0.27"
-  rig-surrealdb = "0.1"
+rig-surrealdb = "0.1"
-  tokenizers = "0.22"
+tokenizers = "0.22"
-  # ============================================================================
+# ============================================================================
-  # PROV-ECOSYSTEM DAEMON (replaces cli-daemon)
+# PROV-ECOSYSTEM DAEMON (replaces cli-daemon)
-  # ============================================================================
+# ============================================================================
-  daemon-cli = { path = "../../submodules/prov-ecosystem/crates/daemon-cli" }
+daemon-cli = { path = "../../submodules/prov-ecosystem/crates/daemon-cli" }
-  # ============================================================================
+# ============================================================================
-  # SECRETUMVAULT (Enterprise Secrets Management)
+# SECRETUMVAULT (Enterprise Secrets Management)
-  # ============================================================================
+# ============================================================================
-  secretumvault = { path = "../../submodules/secretumvault" }
+secretumvault = { path = "../../submodules/secretumvault" }
-  # ============================================================================
+# ============================================================================
-  # BYTES MANIPULATION
+# BYTES MANIPULATION
-  # ============================================================================
+# ============================================================================
-  bytes = "1.5"
+bytes = "1.5"
-  [workspace.metadata]
+[workspace.metadata]
-  description = "Provisioning Platform - Rust workspace for cloud infrastructure automation tools"
+description = "Provisioning Platform - Rust workspace for cloud infrastructure automation tools"
 # Profile configurations shared across all workspace members
 [profile.dev]
-codegen-units = 256
+opt-level = 0
 debug = true
 debug-assertions = true
 incremental = true
 lto = false
 opt-level = 0
 overflow-checks = true
 lto = false
 panic = 'unwind'
 incremental = true
 codegen-units = 256
 [profile.release]
 codegen-units = 1
 lto = true
 opt-level = 3
 lto = true
 codegen-units = 1
 panic = "abort"
 strip = "debuginfo"
 # Fast release profile for development
 [profile.dev-release]
 debug = true
 inherits = "release"
 lto = "thin"
 opt-level = 2
 lto = "thin"
 debug = true
 # Profile for benchmarks
 [profile.bench]
 debug = true
 inherits = "release"
 debug = true
--- a/config/runtime/generated/control-center.cicd.toml
+++ b/config/runtime/generated/control-center.cicd.toml
@ -2,21 +2,21 @@
 enabled = false
 redact_sensitive = true
-  [control_center.audit.storage]
+[control_center.audit.storage]
-  immutable = false
+immutable = false
-  retention_days = 90
+retention_days = 90
 [control_center.compliance]
 enabled = false
 encryption_required = false
-  [control_center.compliance.data_retention]
+[control_center.compliance.data_retention]
-  audit_log_days = 2555
+audit_log_days = 2555
-  policy_years = 7
+policy_years = 7
-  [control_center.compliance.validation]
+[control_center.compliance.validation]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
 [control_center.database]
 backend = "rocksdb"
@ -40,78 +40,78 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [control_center.logging.fields]
+[control_center.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [control_center.logging.file]
+[control_center.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [control_center.logging.performance]
+[control_center.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [control_center.logging.sampling]
+[control_center.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [control_center.logging.syslog]
+[control_center.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [control_center.monitoring]
 enabled = false
-  [control_center.monitoring.alerting]
+[control_center.monitoring.alerting]
-  enabled = false
+enabled = false
-  [control_center.monitoring.health_check]
+[control_center.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [control_center.monitoring.metrics]
+[control_center.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [control_center.monitoring.resources]
+[control_center.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [control_center.monitoring.tracing]
+[control_center.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [control_center.policy]
 enabled = true
-  [control_center.policy.cache]
+[control_center.policy.cache]
-  enabled = true
+enabled = true
-  max_policies = 10000
+max_policies = 10000
-  ttl = 3600
+ttl = 3600
-  [control_center.policy.versioning]
+[control_center.policy.versioning]
-  enabled = true
+enabled = true
-  max_versions = 20
+max_versions = 20
 [control_center.rbac]
 attribute_based = false
@ -120,10 +120,10 @@ dynamic_roles = false
 enabled = true
 hierarchy = true
-  [control_center.rbac.roles]
+[control_center.rbac.roles]
-  admin = true
+admin = true
-  operator = true
+operator = true
-  viewer = true
+viewer = true
 [control_center.security.cors]
 allow_credentials = false
@ -176,15 +176,15 @@ workers = 4
 audit_enabled = false
 enabled = true
-  [control_center.users.registration]
+[control_center.users.registration]
-  auto_assign_role = "user"
+auto_assign_role = "user"
-  enabled = true
+enabled = true
-  requires_approval = false
+requires_approval = false
-  [control_center.users.sessions]
+[control_center.users.sessions]
-  absolute_timeout = 86400
+absolute_timeout = 86400
-  idle_timeout = 3600
+idle_timeout = 3600
-  max_active = 5
+max_active = 5
 [control_center.workspace]
 enabled = true
--- a/config/runtime/generated/control-center.enterprise.toml
+++ b/config/runtime/generated/control-center.enterprise.toml
@ -2,21 +2,21 @@
 enabled = false
 redact_sensitive = true
-  [control_center.audit.storage]
+[control_center.audit.storage]
-  immutable = false
+immutable = false
-  retention_days = 90
+retention_days = 90
 [control_center.compliance]
 enabled = false
 encryption_required = false
-  [control_center.compliance.data_retention]
+[control_center.compliance.data_retention]
-  audit_log_days = 2555
+audit_log_days = 2555
-  policy_years = 7
+policy_years = 7
-  [control_center.compliance.validation]
+[control_center.compliance.validation]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
 [control_center.database]
 backend = "rocksdb"
@ -40,78 +40,78 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [control_center.logging.fields]
+[control_center.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [control_center.logging.file]
+[control_center.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [control_center.logging.performance]
+[control_center.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [control_center.logging.sampling]
+[control_center.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [control_center.logging.syslog]
+[control_center.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [control_center.monitoring]
 enabled = false
-  [control_center.monitoring.alerting]
+[control_center.monitoring.alerting]
-  enabled = false
+enabled = false
-  [control_center.monitoring.health_check]
+[control_center.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [control_center.monitoring.metrics]
+[control_center.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [control_center.monitoring.resources]
+[control_center.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [control_center.monitoring.tracing]
+[control_center.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [control_center.policy]
 enabled = true
-  [control_center.policy.cache]
+[control_center.policy.cache]
-  enabled = true
+enabled = true
-  max_policies = 10000
+max_policies = 10000
-  ttl = 3600
+ttl = 3600
-  [control_center.policy.versioning]
+[control_center.policy.versioning]
-  enabled = true
+enabled = true
-  max_versions = 20
+max_versions = 20
 [control_center.rbac]
 attribute_based = false
@ -120,10 +120,10 @@ dynamic_roles = false
 enabled = true
 hierarchy = true
-  [control_center.rbac.roles]
+[control_center.rbac.roles]
-  admin = true
+admin = true
-  operator = true
+operator = true
-  viewer = true
+viewer = true
 [control_center.security.cors]
 allow_credentials = false
@ -176,15 +176,15 @@ workers = 4
 audit_enabled = false
 enabled = true
-  [control_center.users.registration]
+[control_center.users.registration]
-  auto_assign_role = "user"
+auto_assign_role = "user"
-  enabled = true
+enabled = true
-  requires_approval = false
+requires_approval = false
-  [control_center.users.sessions]
+[control_center.users.sessions]
-  absolute_timeout = 86400
+absolute_timeout = 86400
-  idle_timeout = 3600
+idle_timeout = 3600
-  max_active = 5
+max_active = 5
 [control_center.workspace]
 enabled = true
--- a/config/runtime/generated/control-center.multiuser.toml
+++ b/config/runtime/generated/control-center.multiuser.toml
@ -2,21 +2,21 @@
 enabled = false
 redact_sensitive = true
-  [control_center.audit.storage]
+[control_center.audit.storage]
-  immutable = false
+immutable = false
-  retention_days = 90
+retention_days = 90
 [control_center.compliance]
 enabled = false
 encryption_required = false
-  [control_center.compliance.data_retention]
+[control_center.compliance.data_retention]
-  audit_log_days = 2555
+audit_log_days = 2555
-  policy_years = 7
+policy_years = 7
-  [control_center.compliance.validation]
+[control_center.compliance.validation]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
 [control_center.database]
 backend = "rocksdb"
@ -40,78 +40,78 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [control_center.logging.fields]
+[control_center.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [control_center.logging.file]
+[control_center.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [control_center.logging.performance]
+[control_center.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [control_center.logging.sampling]
+[control_center.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [control_center.logging.syslog]
+[control_center.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [control_center.monitoring]
 enabled = false
-  [control_center.monitoring.alerting]
+[control_center.monitoring.alerting]
-  enabled = false
+enabled = false
-  [control_center.monitoring.health_check]
+[control_center.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [control_center.monitoring.metrics]
+[control_center.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [control_center.monitoring.resources]
+[control_center.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [control_center.monitoring.tracing]
+[control_center.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [control_center.policy]
 enabled = true
-  [control_center.policy.cache]
+[control_center.policy.cache]
-  enabled = true
+enabled = true
-  max_policies = 10000
+max_policies = 10000
-  ttl = 3600
+ttl = 3600
-  [control_center.policy.versioning]
+[control_center.policy.versioning]
-  enabled = true
+enabled = true
-  max_versions = 20
+max_versions = 20
 [control_center.rbac]
 attribute_based = false
@ -120,10 +120,10 @@ dynamic_roles = false
 enabled = true
 hierarchy = true
-  [control_center.rbac.roles]
+[control_center.rbac.roles]
-  admin = true
+admin = true
-  operator = true
+operator = true
-  viewer = true
+viewer = true
 [control_center.security.cors]
 allow_credentials = false
@ -176,15 +176,15 @@ workers = 4
 audit_enabled = false
 enabled = true
-  [control_center.users.registration]
+[control_center.users.registration]
-  auto_assign_role = "user"
+auto_assign_role = "user"
-  enabled = true
+enabled = true
-  requires_approval = false
+requires_approval = false
-  [control_center.users.sessions]
+[control_center.users.sessions]
-  absolute_timeout = 86400
+absolute_timeout = 86400
-  idle_timeout = 3600
+idle_timeout = 3600
-  max_active = 5
+max_active = 5
 [control_center.workspace]
 enabled = true
--- a/config/runtime/generated/control-center.solo.toml
+++ b/config/runtime/generated/control-center.solo.toml
@ -2,21 +2,21 @@
 enabled = false
 redact_sensitive = true
-  [control_center.audit.storage]
+[control_center.audit.storage]
-  immutable = false
+immutable = false
-  retention_days = 90
+retention_days = 90
 [control_center.compliance]
 enabled = false
 encryption_required = false
-  [control_center.compliance.data_retention]
+[control_center.compliance.data_retention]
-  audit_log_days = 2555
+audit_log_days = 2555
-  policy_years = 7
+policy_years = 7
-  [control_center.compliance.validation]
+[control_center.compliance.validation]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
 [control_center.database]
 backend = "rocksdb"
@ -40,78 +40,78 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [control_center.logging.fields]
+[control_center.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [control_center.logging.file]
+[control_center.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [control_center.logging.performance]
+[control_center.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [control_center.logging.sampling]
+[control_center.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [control_center.logging.syslog]
+[control_center.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [control_center.monitoring]
 enabled = false
-  [control_center.monitoring.alerting]
+[control_center.monitoring.alerting]
-  enabled = false
+enabled = false
-  [control_center.monitoring.health_check]
+[control_center.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [control_center.monitoring.metrics]
+[control_center.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [control_center.monitoring.resources]
+[control_center.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [control_center.monitoring.tracing]
+[control_center.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [control_center.policy]
 enabled = true
-  [control_center.policy.cache]
+[control_center.policy.cache]
-  enabled = true
+enabled = true
-  max_policies = 10000
+max_policies = 10000
-  ttl = 3600
+ttl = 3600
-  [control_center.policy.versioning]
+[control_center.policy.versioning]
-  enabled = true
+enabled = true
-  max_versions = 20
+max_versions = 20
 [control_center.rbac]
 attribute_based = false
@ -120,10 +120,10 @@ dynamic_roles = false
 enabled = true
 hierarchy = true
-  [control_center.rbac.roles]
+[control_center.rbac.roles]
-  admin = true
+admin = true
-  operator = true
+operator = true
-  viewer = true
+viewer = true
 [control_center.security.cors]
 allow_credentials = false
@ -176,15 +176,15 @@ workers = 4
 audit_enabled = false
 enabled = true
-  [control_center.users.registration]
+[control_center.users.registration]
-  auto_assign_role = "user"
+auto_assign_role = "user"
-  enabled = true
+enabled = true
-  requires_approval = false
+requires_approval = false
-  [control_center.users.sessions]
+[control_center.users.sessions]
-  absolute_timeout = 86400
+absolute_timeout = 86400
-  idle_timeout = 3600
+idle_timeout = 3600
-  max_active = 5
+max_active = 5
 [control_center.workspace]
 enabled = true
--- a/config/runtime/generated/installer.cicd.toml
+++ b/config/runtime/generated/installer.cicd.toml
@ -2,23 +2,23 @@
 auto_init = true
 backup_before_upgrade = true
-  [installer.database.migrations]
+[installer.database.migrations]
-  enabled = true
+enabled = true
-  path = "/migrations"
+path = "/migrations"
 [installer.high_availability]
 auto_healing = true
 enabled = false
 replicas = 1
-  [installer.high_availability.backup]
+[installer.high_availability.backup]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
-  retention_days = 30
+retention_days = 30
-  [installer.high_availability.health_checks]
+[installer.high_availability.health_checks]
-  enabled = true
+enabled = true
-  interval_seconds = 30
+interval_seconds = 30
 [installer.installation]
 keep_artifacts = false
@ -31,66 +31,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [installer.logging.fields]
+[installer.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [installer.logging.file]
+[installer.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [installer.logging.performance]
+[installer.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [installer.logging.sampling]
+[installer.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [installer.logging.syslog]
+[installer.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [installer.monitoring]
 enabled = false
-  [installer.monitoring.alerting]
+[installer.monitoring.alerting]
-  enabled = false
+enabled = false
-  [installer.monitoring.health_check]
+[installer.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [installer.monitoring.metrics]
+[installer.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [installer.monitoring.resources]
+[installer.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [installer.monitoring.tracing]
+[installer.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [installer.networking.ingress]
 enabled = false
@ -108,9 +108,9 @@ orchestrator = 9090
 enabled = false
 notify = false
-  [installer.post_install.verify]
+[installer.post_install.verify]
-  enabled = true
+enabled = true
-  timeout_minutes = 10
+timeout_minutes = 10
 [installer.preflight]
 check_cpu = true
--- a/config/runtime/generated/installer.enterprise.toml
+++ b/config/runtime/generated/installer.enterprise.toml
@ -2,23 +2,23 @@
 auto_init = true
 backup_before_upgrade = true
-  [installer.database.migrations]
+[installer.database.migrations]
-  enabled = true
+enabled = true
-  path = "/migrations"
+path = "/migrations"
 [installer.high_availability]
 auto_healing = true
 enabled = false
 replicas = 1
-  [installer.high_availability.backup]
+[installer.high_availability.backup]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
-  retention_days = 30
+retention_days = 30
-  [installer.high_availability.health_checks]
+[installer.high_availability.health_checks]
-  enabled = true
+enabled = true
-  interval_seconds = 30
+interval_seconds = 30
 [installer.installation]
 keep_artifacts = false
@ -31,66 +31,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [installer.logging.fields]
+[installer.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [installer.logging.file]
+[installer.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [installer.logging.performance]
+[installer.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [installer.logging.sampling]
+[installer.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [installer.logging.syslog]
+[installer.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [installer.monitoring]
 enabled = false
-  [installer.monitoring.alerting]
+[installer.monitoring.alerting]
-  enabled = false
+enabled = false
-  [installer.monitoring.health_check]
+[installer.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [installer.monitoring.metrics]
+[installer.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [installer.monitoring.resources]
+[installer.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [installer.monitoring.tracing]
+[installer.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [installer.networking.ingress]
 enabled = false
@ -108,9 +108,9 @@ orchestrator = 9090
 enabled = false
 notify = false
-  [installer.post_install.verify]
+[installer.post_install.verify]
-  enabled = true
+enabled = true
-  timeout_minutes = 10
+timeout_minutes = 10
 [installer.preflight]
 check_cpu = true
--- a/config/runtime/generated/installer.multiuser.toml
+++ b/config/runtime/generated/installer.multiuser.toml
@ -2,23 +2,23 @@
 auto_init = true
 backup_before_upgrade = true
-  [installer.database.migrations]
+[installer.database.migrations]
-  enabled = true
+enabled = true
-  path = "/migrations"
+path = "/migrations"
 [installer.high_availability]
 auto_healing = true
 enabled = false
 replicas = 1
-  [installer.high_availability.backup]
+[installer.high_availability.backup]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
-  retention_days = 30
+retention_days = 30
-  [installer.high_availability.health_checks]
+[installer.high_availability.health_checks]
-  enabled = true
+enabled = true
-  interval_seconds = 30
+interval_seconds = 30
 [installer.installation]
 keep_artifacts = false
@ -31,66 +31,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [installer.logging.fields]
+[installer.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [installer.logging.file]
+[installer.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [installer.logging.performance]
+[installer.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [installer.logging.sampling]
+[installer.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [installer.logging.syslog]
+[installer.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [installer.monitoring]
 enabled = false
-  [installer.monitoring.alerting]
+[installer.monitoring.alerting]
-  enabled = false
+enabled = false
-  [installer.monitoring.health_check]
+[installer.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [installer.monitoring.metrics]
+[installer.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [installer.monitoring.resources]
+[installer.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [installer.monitoring.tracing]
+[installer.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [installer.networking.ingress]
 enabled = false
@ -108,9 +108,9 @@ orchestrator = 9090
 enabled = false
 notify = false
-  [installer.post_install.verify]
+[installer.post_install.verify]
-  enabled = true
+enabled = true
-  timeout_minutes = 10
+timeout_minutes = 10
 [installer.preflight]
 check_cpu = true
--- a/config/runtime/generated/installer.solo.toml
+++ b/config/runtime/generated/installer.solo.toml
@ -2,23 +2,23 @@
 auto_init = true
 backup_before_upgrade = true
-  [installer.database.migrations]
+[installer.database.migrations]
-  enabled = true
+enabled = true
-  path = "/migrations"
+path = "/migrations"
 [installer.high_availability]
 auto_healing = true
 enabled = false
 replicas = 1
-  [installer.high_availability.backup]
+[installer.high_availability.backup]
-  enabled = false
+enabled = false
-  interval_hours = 24
+interval_hours = 24
-  retention_days = 30
+retention_days = 30
-  [installer.high_availability.health_checks]
+[installer.high_availability.health_checks]
-  enabled = true
+enabled = true
-  interval_seconds = 30
+interval_seconds = 30
 [installer.installation]
 keep_artifacts = false
@ -31,66 +31,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [installer.logging.fields]
+[installer.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [installer.logging.file]
+[installer.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [installer.logging.performance]
+[installer.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [installer.logging.sampling]
+[installer.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [installer.logging.syslog]
+[installer.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [installer.monitoring]
 enabled = false
-  [installer.monitoring.alerting]
+[installer.monitoring.alerting]
-  enabled = false
+enabled = false
-  [installer.monitoring.health_check]
+[installer.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [installer.monitoring.metrics]
+[installer.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [installer.monitoring.resources]
+[installer.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [installer.monitoring.tracing]
+[installer.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [installer.networking.ingress]
 enabled = false
@ -108,9 +108,9 @@ orchestrator = 9090
 enabled = false
 notify = false
-  [installer.post_install.verify]
+[installer.post_install.verify]
-  enabled = true
+enabled = true
-  timeout_minutes = 10
+timeout_minutes = 10
 [installer.preflight]
 check_cpu = true
--- a/config/runtime/generated/mcp-server.cicd.toml
+++ b/config/runtime/generated/mcp-server.cicd.toml
@ -23,66 +23,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [mcp_server.logging.fields]
+[mcp_server.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [mcp_server.logging.file]
+[mcp_server.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [mcp_server.logging.performance]
+[mcp_server.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [mcp_server.logging.sampling]
+[mcp_server.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [mcp_server.logging.syslog]
+[mcp_server.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [mcp_server.monitoring]
 enabled = false
-  [mcp_server.monitoring.alerting]
+[mcp_server.monitoring.alerting]
-  enabled = false
+enabled = false
-  [mcp_server.monitoring.health_check]
+[mcp_server.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [mcp_server.monitoring.metrics]
+[mcp_server.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [mcp_server.monitoring.resources]
+[mcp_server.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [mcp_server.monitoring.tracing]
+[mcp_server.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [mcp_server.orchestrator_integration]
 enabled = false
@ -96,42 +96,42 @@ pool_size = 10
 enabled = true
 max_templates = 100
-  [mcp_server.prompts.cache]
+[mcp_server.prompts.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.prompts.versioning]
+[mcp_server.prompts.versioning]
-  enabled = false
+enabled = false
-  max_versions = 10
+max_versions = 10
 [mcp_server.protocol]
 version = "1.0"
-  [mcp_server.protocol.transport]
+[mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
+endpoint = "http://localhost:3000"
-  timeout = 30000
+timeout = 30000
 [mcp_server.resources]
 enabled = true
 max_size = 104857600
-  [mcp_server.resources.cache]
+[mcp_server.resources.cache]
-  enabled = true
+enabled = true
-  max_size_mb = 512
+max_size_mb = 512
-  ttl = 3600
+ttl = 3600
-  [mcp_server.resources.validation]
+[mcp_server.resources.validation]
-  enabled = true
+enabled = true
-  max_depth = 10
+max_depth = 10
 [mcp_server.sampling]
 enabled = false
 max_tokens = 4096
 temperature = 0.7
-  [mcp_server.sampling.cache]
+[mcp_server.sampling.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
 [mcp_server.server]
 graceful_shutdown = true
@ -148,13 +148,13 @@ enabled = true
 max_concurrent = 5
 timeout = 30000
-  [mcp_server.tools.cache]
+[mcp_server.tools.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.tools.validation]
+[mcp_server.tools.validation]
-  enabled = true
+enabled = true
-  strict_mode = false
+strict_mode = false
 [mcp_server.workspace]
 enabled = true
--- a/config/runtime/generated/mcp-server.enterprise.toml
+++ b/config/runtime/generated/mcp-server.enterprise.toml
@ -23,66 +23,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [mcp_server.logging.fields]
+[mcp_server.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [mcp_server.logging.file]
+[mcp_server.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [mcp_server.logging.performance]
+[mcp_server.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [mcp_server.logging.sampling]
+[mcp_server.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [mcp_server.logging.syslog]
+[mcp_server.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [mcp_server.monitoring]
 enabled = false
-  [mcp_server.monitoring.alerting]
+[mcp_server.monitoring.alerting]
-  enabled = false
+enabled = false
-  [mcp_server.monitoring.health_check]
+[mcp_server.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [mcp_server.monitoring.metrics]
+[mcp_server.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [mcp_server.monitoring.resources]
+[mcp_server.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [mcp_server.monitoring.tracing]
+[mcp_server.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [mcp_server.orchestrator_integration]
 enabled = false
@ -96,42 +96,42 @@ pool_size = 10
 enabled = true
 max_templates = 100
-  [mcp_server.prompts.cache]
+[mcp_server.prompts.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.prompts.versioning]
+[mcp_server.prompts.versioning]
-  enabled = false
+enabled = false
-  max_versions = 10
+max_versions = 10
 [mcp_server.protocol]
 version = "1.0"
-  [mcp_server.protocol.transport]
+[mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
+endpoint = "http://localhost:3000"
-  timeout = 30000
+timeout = 30000
 [mcp_server.resources]
 enabled = true
 max_size = 104857600
-  [mcp_server.resources.cache]
+[mcp_server.resources.cache]
-  enabled = true
+enabled = true
-  max_size_mb = 512
+max_size_mb = 512
-  ttl = 3600
+ttl = 3600
-  [mcp_server.resources.validation]
+[mcp_server.resources.validation]
-  enabled = true
+enabled = true
-  max_depth = 10
+max_depth = 10
 [mcp_server.sampling]
 enabled = false
 max_tokens = 4096
 temperature = 0.7
-  [mcp_server.sampling.cache]
+[mcp_server.sampling.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
 [mcp_server.server]
 graceful_shutdown = true
@ -148,13 +148,13 @@ enabled = true
 max_concurrent = 5
 timeout = 30000
-  [mcp_server.tools.cache]
+[mcp_server.tools.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.tools.validation]
+[mcp_server.tools.validation]
-  enabled = true
+enabled = true
-  strict_mode = false
+strict_mode = false
 [mcp_server.workspace]
 enabled = true
--- a/config/runtime/generated/mcp-server.multiuser.toml
+++ b/config/runtime/generated/mcp-server.multiuser.toml
@ -23,66 +23,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [mcp_server.logging.fields]
+[mcp_server.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [mcp_server.logging.file]
+[mcp_server.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [mcp_server.logging.performance]
+[mcp_server.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [mcp_server.logging.sampling]
+[mcp_server.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [mcp_server.logging.syslog]
+[mcp_server.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [mcp_server.monitoring]
 enabled = false
-  [mcp_server.monitoring.alerting]
+[mcp_server.monitoring.alerting]
-  enabled = false
+enabled = false
-  [mcp_server.monitoring.health_check]
+[mcp_server.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [mcp_server.monitoring.metrics]
+[mcp_server.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [mcp_server.monitoring.resources]
+[mcp_server.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [mcp_server.monitoring.tracing]
+[mcp_server.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [mcp_server.orchestrator_integration]
 enabled = false
@ -96,42 +96,42 @@ pool_size = 10
 enabled = true
 max_templates = 100
-  [mcp_server.prompts.cache]
+[mcp_server.prompts.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.prompts.versioning]
+[mcp_server.prompts.versioning]
-  enabled = false
+enabled = false
-  max_versions = 10
+max_versions = 10
 [mcp_server.protocol]
 version = "1.0"
-  [mcp_server.protocol.transport]
+[mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
+endpoint = "http://localhost:3000"
-  timeout = 30000
+timeout = 30000
 [mcp_server.resources]
 enabled = true
 max_size = 104857600
-  [mcp_server.resources.cache]
+[mcp_server.resources.cache]
-  enabled = true
+enabled = true
-  max_size_mb = 512
+max_size_mb = 512
-  ttl = 3600
+ttl = 3600
-  [mcp_server.resources.validation]
+[mcp_server.resources.validation]
-  enabled = true
+enabled = true
-  max_depth = 10
+max_depth = 10
 [mcp_server.sampling]
 enabled = false
 max_tokens = 4096
 temperature = 0.7
-  [mcp_server.sampling.cache]
+[mcp_server.sampling.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
 [mcp_server.server]
 graceful_shutdown = true
@ -148,13 +148,13 @@ enabled = true
 max_concurrent = 5
 timeout = 30000
-  [mcp_server.tools.cache]
+[mcp_server.tools.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.tools.validation]
+[mcp_server.tools.validation]
-  enabled = true
+enabled = true
-  strict_mode = false
+strict_mode = false
 [mcp_server.workspace]
 enabled = true
--- a/config/runtime/generated/mcp-server.solo.toml
+++ b/config/runtime/generated/mcp-server.solo.toml
@ -23,66 +23,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [mcp_server.logging.fields]
+[mcp_server.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [mcp_server.logging.file]
+[mcp_server.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [mcp_server.logging.performance]
+[mcp_server.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [mcp_server.logging.sampling]
+[mcp_server.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [mcp_server.logging.syslog]
+[mcp_server.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [mcp_server.monitoring]
 enabled = false
-  [mcp_server.monitoring.alerting]
+[mcp_server.monitoring.alerting]
-  enabled = false
+enabled = false
-  [mcp_server.monitoring.health_check]
+[mcp_server.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [mcp_server.monitoring.metrics]
+[mcp_server.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [mcp_server.monitoring.resources]
+[mcp_server.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [mcp_server.monitoring.tracing]
+[mcp_server.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [mcp_server.orchestrator_integration]
 enabled = false
@ -96,42 +96,42 @@ pool_size = 10
 enabled = true
 max_templates = 100
-  [mcp_server.prompts.cache]
+[mcp_server.prompts.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.prompts.versioning]
+[mcp_server.prompts.versioning]
-  enabled = false
+enabled = false
-  max_versions = 10
+max_versions = 10
 [mcp_server.protocol]
 version = "1.0"
-  [mcp_server.protocol.transport]
+[mcp_server.protocol.transport]
-  endpoint = "http://localhost:3000"
+endpoint = "http://localhost:3000"
-  timeout = 30000
+timeout = 30000
 [mcp_server.resources]
 enabled = true
 max_size = 104857600
-  [mcp_server.resources.cache]
+[mcp_server.resources.cache]
-  enabled = true
+enabled = true
-  max_size_mb = 512
+max_size_mb = 512
-  ttl = 3600
+ttl = 3600
-  [mcp_server.resources.validation]
+[mcp_server.resources.validation]
-  enabled = true
+enabled = true
-  max_depth = 10
+max_depth = 10
 [mcp_server.sampling]
 enabled = false
 max_tokens = 4096
 temperature = 0.7
-  [mcp_server.sampling.cache]
+[mcp_server.sampling.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
 [mcp_server.server]
 graceful_shutdown = true
@ -148,13 +148,13 @@ enabled = true
 max_concurrent = 5
 timeout = 30000
-  [mcp_server.tools.cache]
+[mcp_server.tools.cache]
-  enabled = true
+enabled = true
-  ttl = 3600
+ttl = 3600
-  [mcp_server.tools.validation]
+[mcp_server.tools.validation]
-  enabled = true
+enabled = true
-  strict_mode = false
+strict_mode = false
 [mcp_server.workspace]
 enabled = true
--- a/config/runtime/generated/orchestrator.cicd.toml
+++ b/config/runtime/generated/orchestrator.cicd.toml
@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
-  [orchestrator.batch.checkpointing]
+[orchestrator.batch.checkpointing]
-  enabled = true
+enabled = true
-  interval = 100
+interval = 100
-  max_checkpoints = 10
+max_checkpoints = 10
-  [orchestrator.batch.rollback]
+[orchestrator.batch.rollback]
-  enabled = true
+enabled = true
-  max_rollback_depth = 5
+max_rollback_depth = 5
-  strategy = "checkpoint_based"
+strategy = "checkpoint_based"
 [orchestrator.extensions]
 auto_load = false
@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [orchestrator.logging.fields]
+[orchestrator.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [orchestrator.logging.file]
+[orchestrator.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [orchestrator.logging.performance]
+[orchestrator.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [orchestrator.logging.sampling]
+[orchestrator.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [orchestrator.logging.syslog]
+[orchestrator.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [orchestrator.monitoring]
 enabled = false
-  [orchestrator.monitoring.alerting]
+[orchestrator.monitoring.alerting]
-  enabled = false
+enabled = false
-  [orchestrator.monitoring.health_check]
+[orchestrator.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [orchestrator.monitoring.metrics]
+[orchestrator.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [orchestrator.monitoring.resources]
+[orchestrator.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [orchestrator.monitoring.tracing]
+[orchestrator.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [orchestrator.queue]
 max_concurrent_tasks = 5
@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
-  [orchestrator.queue.dead_letter_queue]
+[orchestrator.queue.dead_letter_queue]
-  enabled = true
+enabled = true
-  max_size = 1000
+max_size = 1000
 [orchestrator.server]
 graceful_shutdown = true
@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
-  [orchestrator.storage.cache]
+[orchestrator.storage.cache]
-  enabled = true
+enabled = true
-  eviction_policy = "lru"
+eviction_policy = "lru"
-  ttl = 3600
+ttl = 3600
-  type = "in_memory"
+type = "in_memory"
 [orchestrator.workspace]
 enabled = true
--- a/config/runtime/generated/orchestrator.enterprise.toml
+++ b/config/runtime/generated/orchestrator.enterprise.toml
@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
-  [orchestrator.batch.checkpointing]
+[orchestrator.batch.checkpointing]
-  enabled = true
+enabled = true
-  interval = 100
+interval = 100
-  max_checkpoints = 10
+max_checkpoints = 10
-  [orchestrator.batch.rollback]
+[orchestrator.batch.rollback]
-  enabled = true
+enabled = true
-  max_rollback_depth = 5
+max_rollback_depth = 5
-  strategy = "checkpoint_based"
+strategy = "checkpoint_based"
 [orchestrator.extensions]
 auto_load = false
@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [orchestrator.logging.fields]
+[orchestrator.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [orchestrator.logging.file]
+[orchestrator.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [orchestrator.logging.performance]
+[orchestrator.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [orchestrator.logging.sampling]
+[orchestrator.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [orchestrator.logging.syslog]
+[orchestrator.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [orchestrator.monitoring]
 enabled = false
-  [orchestrator.monitoring.alerting]
+[orchestrator.monitoring.alerting]
-  enabled = false
+enabled = false
-  [orchestrator.monitoring.health_check]
+[orchestrator.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [orchestrator.monitoring.metrics]
+[orchestrator.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [orchestrator.monitoring.resources]
+[orchestrator.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [orchestrator.monitoring.tracing]
+[orchestrator.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [orchestrator.queue]
 max_concurrent_tasks = 5
@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
-  [orchestrator.queue.dead_letter_queue]
+[orchestrator.queue.dead_letter_queue]
-  enabled = true
+enabled = true
-  max_size = 1000
+max_size = 1000
 [orchestrator.server]
 graceful_shutdown = true
@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
-  [orchestrator.storage.cache]
+[orchestrator.storage.cache]
-  enabled = true
+enabled = true
-  eviction_policy = "lru"
+eviction_policy = "lru"
-  ttl = 3600
+ttl = 3600
-  type = "in_memory"
+type = "in_memory"
 [orchestrator.workspace]
 enabled = true
--- a/config/runtime/generated/orchestrator.multiuser.toml
+++ b/config/runtime/generated/orchestrator.multiuser.toml
@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
-  [orchestrator.batch.checkpointing]
+[orchestrator.batch.checkpointing]
-  enabled = true
+enabled = true
-  interval = 100
+interval = 100
-  max_checkpoints = 10
+max_checkpoints = 10
-  [orchestrator.batch.rollback]
+[orchestrator.batch.rollback]
-  enabled = true
+enabled = true
-  max_rollback_depth = 5
+max_rollback_depth = 5
-  strategy = "checkpoint_based"
+strategy = "checkpoint_based"
 [orchestrator.extensions]
 auto_load = false
@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [orchestrator.logging.fields]
+[orchestrator.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [orchestrator.logging.file]
+[orchestrator.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [orchestrator.logging.performance]
+[orchestrator.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [orchestrator.logging.sampling]
+[orchestrator.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [orchestrator.logging.syslog]
+[orchestrator.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [orchestrator.monitoring]
 enabled = false
-  [orchestrator.monitoring.alerting]
+[orchestrator.monitoring.alerting]
-  enabled = false
+enabled = false
-  [orchestrator.monitoring.health_check]
+[orchestrator.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [orchestrator.monitoring.metrics]
+[orchestrator.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [orchestrator.monitoring.resources]
+[orchestrator.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [orchestrator.monitoring.tracing]
+[orchestrator.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [orchestrator.queue]
 max_concurrent_tasks = 5
@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
-  [orchestrator.queue.dead_letter_queue]
+[orchestrator.queue.dead_letter_queue]
-  enabled = true
+enabled = true
-  max_size = 1000
+max_size = 1000
 [orchestrator.server]
 graceful_shutdown = true
@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
-  [orchestrator.storage.cache]
+[orchestrator.storage.cache]
-  enabled = true
+enabled = true
-  eviction_policy = "lru"
+eviction_policy = "lru"
-  ttl = 3600
+ttl = 3600
-  type = "in_memory"
+type = "in_memory"
 [orchestrator.workspace]
 enabled = true
--- a/config/runtime/generated/orchestrator.solo.toml
+++ b/config/runtime/generated/orchestrator.solo.toml
@ -3,15 +3,15 @@ metrics = false
 operation_timeout = 1800000
 parallel_limit = 5
-  [orchestrator.batch.checkpointing]
+[orchestrator.batch.checkpointing]
-  enabled = true
+enabled = true
-  interval = 100
+interval = 100
-  max_checkpoints = 10
+max_checkpoints = 10
-  [orchestrator.batch.rollback]
+[orchestrator.batch.rollback]
-  enabled = true
+enabled = true
-  max_rollback_depth = 5
+max_rollback_depth = 5
-  strategy = "checkpoint_based"
+strategy = "checkpoint_based"
 [orchestrator.extensions]
 auto_load = false
@ -25,66 +25,66 @@ format = "&"
 level = "&"
 outputs = ["stdout"]
-  [orchestrator.logging.fields]
+[orchestrator.logging.fields]
-  caller = false
+caller = false
-  hostname = true
+hostname = true
-  pid = true
+pid = true
-  service_name = true
+service_name = true
-  stack_trace = false
+stack_trace = false
-  timestamp = true
+timestamp = true
-  [orchestrator.logging.file]
+[orchestrator.logging.file]
-  compress = false
+compress = false
-  max_age = 30
+max_age = 30
-  max_backups = 10
+max_backups = 10
-  max_size = 104857600
+max_size = 104857600
-  path = "/var/log/provisioning/service.log"
+path = "/var/log/provisioning/service.log"
-  [orchestrator.logging.performance]
+[orchestrator.logging.performance]
-  enabled = false
+enabled = false
-  memory_info = false
+memory_info = false
-  slow_threshold = 1000
+slow_threshold = 1000
-  [orchestrator.logging.sampling]
+[orchestrator.logging.sampling]
-  enabled = false
+enabled = false
-  initial = 100
+initial = 100
-  thereafter = 100
+thereafter = 100
-  [orchestrator.logging.syslog]
+[orchestrator.logging.syslog]
-  protocol = "udp"
+protocol = "udp"
 [orchestrator.monitoring]
 enabled = false
-  [orchestrator.monitoring.alerting]
+[orchestrator.monitoring.alerting]
-  enabled = false
+enabled = false
-  [orchestrator.monitoring.health_check]
+[orchestrator.monitoring.health_check]
-  enabled = false
+enabled = false
-  endpoint = "/health"
+endpoint = "/health"
-  healthy_threshold = 2
+healthy_threshold = 2
-  interval = 30
+interval = 30
-  timeout = 5000
+timeout = 5000
-  type = "&"
+type = "&"
-  unhealthy_threshold = 3
+unhealthy_threshold = 3
-  [orchestrator.monitoring.metrics]
+[orchestrator.monitoring.metrics]
-  buffer_size = 1000
+buffer_size = 1000
-  enabled = false
+enabled = false
-  interval = 60
+interval = 60
-  prometheus_path = "/metrics"
+prometheus_path = "/metrics"
-  retention_days = 30
+retention_days = 30
-  [orchestrator.monitoring.resources]
+[orchestrator.monitoring.resources]
-  alert_threshold = 80
+alert_threshold = 80
-  cpu = false
+cpu = false
-  disk = false
+disk = false
-  memory = false
+memory = false
-  network = false
+network = false
-  [orchestrator.monitoring.tracing]
+[orchestrator.monitoring.tracing]
-  enabled = false
+enabled = false
-  sample_rate = 0.1
+sample_rate = 0.1
 [orchestrator.queue]
 max_concurrent_tasks = 5
@ -95,9 +95,9 @@ retry_attempts = 3
 retry_delay = 5000
 task_timeout = 3600000
-  [orchestrator.queue.dead_letter_queue]
+[orchestrator.queue.dead_letter_queue]
-  enabled = true
+enabled = true
-  max_size = 1000
+max_size = 1000
 [orchestrator.server]
 graceful_shutdown = true
@ -113,11 +113,11 @@ workers = 4
 backend = "filesystem"
 path = "/var/lib/provisioning/orchestrator/data"
-  [orchestrator.storage.cache]
+[orchestrator.storage.cache]
-  enabled = true
+enabled = true
-  eviction_policy = "lru"
+eviction_policy = "lru"
-  ttl = 3600
+ttl = 3600
-  type = "in_memory"
+type = "in_memory"
 [orchestrator.workspace]
 enabled = true
--- a/config/runtime/generated/rag.enterprise.toml
+++ b/config/runtime/generated/rag.enterprise.toml
@ -7,7 +7,16 @@ provider = "openai"
 [rag.ingestion]
 auto_ingest = true
 chunk_size = 2048
-doc_types = ["md", "txt", "toml", "ncl", "rs", "nu", "yaml", "json"]
+doc_types = [
    "md",
    "txt",
    "toml",
    "ncl",
    "rs",
    "nu",
    "yaml",
    "json",
 ]
 overlap = 200
 watch_files = true
--- a/config/runtime/generated/rag.multiuser.toml
+++ b/config/runtime/generated/rag.multiuser.toml
@ -7,7 +7,14 @@ provider = "openai"
 [rag.ingestion]
 auto_ingest = true
 chunk_size = 1024
-doc_types = ["md", "txt", "toml", "ncl", "rs", "nu"]
+doc_types = [
    "md",
    "txt",
    "toml",
    "ncl",
    "rs",
    "nu",
 ]
 overlap = 100
 watch_files = true
--- a/config/runtime/generated/rag.solo.toml
+++ b/config/runtime/generated/rag.solo.toml
@ -7,7 +7,11 @@ provider = "local"
 [rag.ingestion]
 auto_ingest = true
 chunk_size = 512
-doc_types = ["md", "txt", "toml"]
+doc_types = [
    "md",
    "txt",
    "toml",
 ]
 overlap = 50
 [rag.llm]
--- a/crates/ai-service/Cargo.toml
+++ b/crates/ai-service/Cargo.toml
@ -1,15 +1,15 @@
 [package]
 authors.workspace = true
 description = "HTTP service for AI capabilities including RAG, MCP tool invocation, and knowledge graph operations"
 edition.workspace = true
 name = "ai-service"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 description = "HTTP service for AI capabilities including RAG, MCP tool invocation, and knowledge graph operations"
 [dependencies]
 # Workspace dependencies
 async-trait = { workspace = true }
 futures = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 futures = { workspace = true }
 async-trait = { workspace = true }
 # Web server and API
 axum = { workspace = true }
@ -33,8 +33,8 @@ tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 # UUID and time
 chrono = { workspace = true, features = ["serde"] }
 uuid = { workspace = true, features = ["v4", "serde"] }
 chrono = { workspace = true, features = ["serde"] }
 # CLI
 clap = { workspace = true, features = ["derive"] }
@ -49,8 +49,8 @@ provisioning-mcp-server = { path = "../mcp-server" }
 petgraph = { workspace = true }
 [dev-dependencies]
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 # Library target
 [lib]
--- a/crates/control-center-ui/Cargo.toml
+++ b/crates/control-center-ui/Cargo.toml
@ -1,14 +1,14 @@
 [package]
 authors = ["Control Center Team"]
 autobins = false                                                                       # Disable auto-detection of binary targets
 description = "Control Center UI - Leptos CSR App for Cloud Infrastructure Management"
 edition.workspace = true
 name = "control-center-ui"
 version.workspace = true
 edition.workspace = true
 description = "Control Center UI - Leptos CSR App for Cloud Infrastructure Management"
 authors = ["Control Center Team"]
 autobins = false  # Disable auto-detection of binary targets
 [lib]
 crate-type = ["cdylib"]
 name = "control_center_ui"
 crate-type = ["cdylib"]
 path = "src/main.rs"
 [dependencies]
@ -17,25 +17,25 @@ path = "src/main.rs"
 # ============================================================================
 # Serialization
 chrono = { workspace = true, features = ["wasm-bindgen"] }
 serde = { workspace = true }
 serde_json = { workspace = true }
 uuid = { workspace = true, features = ["js"] }
 chrono = { workspace = true, features = ["wasm-bindgen"] }
 # Error handling and async
 futures = { workspace = true }
 thiserror = { workspace = true }
 futures = { workspace = true }
 # Logging and debugging
 tracing = { workspace = true }
 # Security and cryptography
 aes-gcm = { workspace = true, features = ["aes", "std"] }
 base64 = { workspace = true }
 hmac = { workspace = true }
 rand = { workspace = true }
 regex = { workspace = true }
 rand = { workspace = true }
 sha2 = { workspace = true }
 hmac = { workspace = true }
 aes-gcm = { workspace = true, features = ["aes", "std"] }
 # ============================================================================
 # WASM-SPECIFIC DEPENDENCIES
@ -61,33 +61,33 @@ icondata = { workspace = true }
 leptos_icons = { workspace = true }
 # Authentication and cryptography
 image = { workspace = true }
 qrcode = { workspace = true }
 image = { workspace = true }
 totp-rs = { workspace = true }
 # Serialization utilities
 serde-wasm-bindgen = { workspace = true }
 # Logging for WASM
 console_error_panic_hook = { workspace = true }
 tracing-wasm = { workspace = true }
 console_error_panic_hook = { workspace = true }
 # HTTP client and networking
 gloo-net = { workspace = true }
 gloo-storage = { workspace = true }
 gloo-timers = { workspace = true }
 gloo-utils = { workspace = true }
 gloo-timers = { workspace = true }
 # Chart.js bindings and canvas utilities
 plotters = { workspace = true }
 plotters-canvas = { workspace = true }
 # WASM utilities
 js-sys = { workspace = true }
 wasm-bindgen-futures = { workspace = true }
 js-sys = { workspace = true }
 # Random number generation (WASM-specific override with js feature)
-getrandom = { version = "0.3.4", features = ["wasm_js"] }
+getrandom = { version = "0.3.4", features = [ "wasm_js" ] }
 # ============================================================================
 # PROJECT-SPECIFIC DEPENDENCIES (not in workspace)
@ -95,68 +95,68 @@ getrandom = { version = "0.3.4", features = ["wasm_js"] }
 # Web APIs
 web-sys = { version = "0.3", features = [
-  "console",
+    "console",
-  "Window",
+    "Window",
-  "Document",
+    "Document",
-  "Element",
+    "Element",
-  "HtmlElement",
+    "HtmlElement",
-  "HtmlCanvasElement",
+    "HtmlCanvasElement",
-  "CanvasRenderingContext2d",
+    "CanvasRenderingContext2d",
-  "EventTarget",
+    "EventTarget",
-  "Event",
+    "Event",
-  "DragEvent",
+    "DragEvent",
-  "DataTransfer",
+    "DataTransfer",
-  "HtmlInputElement",
+    "HtmlInputElement",
-  "HtmlSelectElement",
+    "HtmlSelectElement",
-  "HtmlTextAreaElement",
+    "HtmlTextAreaElement",
-  "HtmlButtonElement",
+    "HtmlButtonElement",
-  "HtmlDivElement",
+    "HtmlDivElement",
-  "Storage",
+    "Storage",
-  "Location",
+    "Location",
-  "History",
+    "History",
-  "Navigator",
+    "Navigator",
-  "ServiceWorkerRegistration",
+    "ServiceWorkerRegistration",
-  "ServiceWorker",
+    "ServiceWorker",
-  "NotificationPermission",
+    "NotificationPermission",
-  "Notification",
+    "Notification",
-  "Headers",
+    "Headers",
-  "Request",
+    "Request",
-  "RequestInit",
+    "RequestInit",
-  "RequestMode",
+    "RequestMode",
-  "Response",
+    "Response",
-  "AbortController",
+    "AbortController",
-  "AbortSignal",
+    "AbortSignal",
-  "WebSocket",
+    "WebSocket",
-  "MessageEvent",
+    "MessageEvent",
-  "CloseEvent",
+    "CloseEvent",
-  "ErrorEvent",
+    "ErrorEvent",
-  "Blob",
+    "Blob",
-  "Url",
+    "Url",
-  "FileReader",
+    "FileReader",
-  "File",
+    "File",
-  "HtmlAnchorElement",
+    "HtmlAnchorElement",
-  "MouseEvent",
+    "MouseEvent",
-  "TouchEvent",
+    "TouchEvent",
-  "KeyboardEvent",
+    "KeyboardEvent",
-  "ResizeObserver",
+    "ResizeObserver",
-  "ResizeObserverEntry",
+    "ResizeObserverEntry",
-  "IntersectionObserver",
+    "IntersectionObserver",
-  "IntersectionObserverEntry",
+    "IntersectionObserverEntry",
-  # Media Query APIs
+    # Media Query APIs
-  "MediaQueryList",
+    "MediaQueryList",
-  "MediaQueryListEvent",
+    "MediaQueryListEvent",
-  # WebAuthn APIs
+    # WebAuthn APIs
-  "CredentialsContainer",
+    "CredentialsContainer",
-  "PublicKeyCredential",
+    "PublicKeyCredential",
-  "PublicKeyCredentialCreationOptions",
+    "PublicKeyCredentialCreationOptions",
-  "PublicKeyCredentialRequestOptions",
+    "PublicKeyCredentialRequestOptions",
-  "AuthenticatorResponse",
+    "AuthenticatorResponse",
-  "AuthenticatorAttestationResponse",
+    "AuthenticatorAttestationResponse",
-  "AuthenticatorAssertionResponse",
+    "AuthenticatorAssertionResponse",
-  # Crypto APIs
+    # Crypto APIs
-  "Crypto",
+    "Crypto",
-  "SubtleCrypto",
+    "SubtleCrypto",
-  "CryptoKey",
+    "CryptoKey",
 ] }
 # HTTP client (project-specific for WASM features)
@ -167,9 +167,9 @@ tokio = { version = "1.49", features = ["time"] }
 # Profile configurations moved to workspace root
-  # WASM pack settings
+# WASM pack settings
-  [package.metadata.wasm-pack.profile.release]
+[package.metadata.wasm-pack.profile.release]
-  wasm-opt = ['-Oz', '--enable-mutable-globals']
+wasm-opt = ['-Oz', '--enable-mutable-globals']
-  [package.metadata.wasm-pack.profile.dev]
+[package.metadata.wasm-pack.profile.dev]
-  wasm-opt = false
+wasm-opt = false
--- a/crates/control-center-ui/Trunk.toml
+++ b/crates/control-center-ui/Trunk.toml
@ -1,26 +1,26 @@
 [build]
 dist = "dist"
 filehash = true
 minify = "on_release"
 target = "index.html"
 dist = "dist"
 minify = "on_release"
 filehash = true
 [watch]
 ignore = ["dist", "target"]
 watch = ["src", "style", "assets"]
 ignore = ["dist", "target"]
 [serve]
 address = "127.0.0.1"
 open = false
 port = 3000
-  # Proxy API calls to the Rust orchestrator
+open = false
-  [[serve.proxy]]
+# Proxy API calls to the Rust orchestrator
-  backend = "http://127.0.0.1:8080/"
+[[serve.proxy]]
-  rewrite = "/api/{tail}"
+backend = "http://127.0.0.1:8080/"
-  ws = true
+rewrite = "/api/{tail}"
 ws = true
 [clean]
 cargo = true
 dist = "dist"
 cargo = true
 # Release mode optimizations are already set in main [build] section above
@ -41,6 +41,6 @@ dist = "dist"
 # command = "npx"
 # command_arguments = ["postcss", "dist/*.css", "--use", "autoprefixer", "--replace"]
-  # Service Worker registration
+# Service Worker registration
-  [build.tools]
+[build.tools]
-  sass = "style/input.scss"
+sass = "style/input.scss"
--- a/crates/control-center/Cargo.toml
+++ b/crates/control-center/Cargo.toml
@ -1,9 +1,9 @@
 [package]
 authors.workspace = true
 description = "Control center service with JWT authentication, user management, and real-time WebSocket events"
 edition.workspace = true
 name = "control-center"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 description = "Control center service with JWT authentication, user management, and real-time WebSocket events"
 [dependencies]
 # ============================================================================
@ -11,42 +11,42 @@ version.workspace = true
 # ============================================================================
 # Core async runtime
 async-trait = { workspace = true }
 futures = { workspace = true }
 tokio = { workspace = true }
 futures = { workspace = true }
 async-trait = { workspace = true }
 # Web server and API
 axum = { workspace = true }
 hyper = { workspace = true }
 tower = { workspace = true }
 tower-http = { workspace = true }
 hyper = { workspace = true }
 # Serialization and data
 chrono = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 toml = { workspace = true }
 uuid = { workspace = true }
 chrono = { workspace = true }
 # Database
 sqlx = { workspace = true }
 surrealdb = { workspace = true }
 sqlx = { workspace = true }
 # Configuration and CLI
 clap = { workspace = true }
 config = { workspace = true }
 # Error handling
 anyhow = { workspace = true }
 thiserror = { workspace = true }
 anyhow = { workspace = true }
 # Logging
 tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 # Validation
 regex = { workspace = true }
 validator = { workspace = true }
 regex = { workspace = true }
 # HTTP client for external services
 reqwest = { workspace = true }
@ -58,15 +58,15 @@ service-clients = { path = "../service-clients" }
 platform-config = { path = "../platform-config" }
 # Security and cryptography
-aes-gcm = { workspace = true }
+ring = { workspace = true }
 jsonwebtoken = { workspace = true }
 argon2 = { workspace = true }
 base64 = { workspace = true }
 getrandom = { workspace = true }
 hmac = { workspace = true }
 jsonwebtoken = { workspace = true }
 rand = { workspace = true }
-ring = { workspace = true }
+aes-gcm = { workspace = true }
 sha2 = { workspace = true }
 hmac = { workspace = true }
 getrandom = { workspace = true }
 # ============================================================================
 # ADDITIONAL WORKSPACE DEPENDENCIES
@ -76,11 +76,11 @@ sha2 = { workspace = true }
 dirs = { workspace = true }
 # Security and cryptography
 constant_time_eq = { workspace = true }
 hkdf = { workspace = true }
 rsa = { workspace = true }
-subtle = { workspace = true }
+hkdf = { workspace = true }
 zeroize = { workspace = true }
 constant_time_eq = { workspace = true }
 subtle = { workspace = true }
 # Tower services
 tower-service = { workspace = true }
@ -103,18 +103,18 @@ cron = { workspace = true }
 tokio-cron-scheduler = { workspace = true }
 # MFA Authentication
 hex = { workspace = true }
 image = { workspace = true }
 lazy_static = { workspace = true }
 qrcode = { workspace = true }
 totp-rs = { workspace = true }
 webauthn-rs = { workspace = true }
 webauthn-rs-proto = { workspace = true }
 qrcode = { workspace = true }
 image = { workspace = true }
 hex = { workspace = true }
 lazy_static = { workspace = true }
 [dev-dependencies]
 assert_matches = { workspace = true }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 assert_matches = { workspace = true }
 # ============================================================================
 # FEATURES - Module Organization for Coupling Reduction
--- a/crates/control-center/config.toml
+++ b/crates/control-center/config.toml
@ -1,18 +1,19 @@
 [server]
 host = "127.0.0.1"
 port = 8080
 keep_alive = 75
 max_connections = 1000
 port = 8080
 [database]
 database = "main"
 namespace = "control_center"
 url = "rocksdb://data/control-center.db"
 namespace = "control_center"
 database = "main"
 [jwt]
 access_token_expiration_hours = 1
 audience = "control-center-api"
 issuer = "control-center"
 audience = "control-center-api"
 access_token_expiration_hours = 1
 refresh_token_expiration_hours = 168
 private_key_pem = """
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA82On7Xk5jycsV4NCOij0510ssy/3S1Pqj+UjGS1R3+tyHX57
@ -52,39 +53,51 @@ I4cJE9oDcuOkyYZEWf2H5xAcidksaDNxabYRGS5IqT25obMElEZZDvj9X60S8UHu
 I3Tm+2kc69fo64/S53y3yNr6Ed05PVewiQIDAQAB
 -----END RSA PUBLIC KEY-----
 """
 refresh_token_expiration_hours = 168
 [rate_limiting]
 global = false
 max_requests = 100
 per_ip = true
 window_seconds = 60
 per_ip = true
 global = false
 [cors]
 allow_credentials = true
 allowed_headers = ["content-type", "authorization", "accept", "x-requested-with", "x-session-id"]
 allowed_methods = ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
 allowed_origins = ["http://localhost:3000"]
 allowed_methods = [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "OPTIONS",
 ]
 allowed_headers = [
    "content-type",
    "authorization",
    "accept",
    "x-requested-with",
    "x-session-id",
 ]
 expose_headers = [
-  "x-total-count",
+    "x-total-count",
-  "x-rate-limit-remaining",
+    "x-rate-limit-remaining",
-  "x-rate-limit-limit",
+    "x-rate-limit-limit",
-  "x-rate-limit-reset",
+    "x-rate-limit-reset",
 ]
 max_age = 86400
 allow_credentials = true
 [security]
-failed_login_lockout_attempts = 5
+session_cleanup_interval_minutes = 60
 failed_login_lockout_duration_minutes = 15
 max_sessions_per_user = 5
 password_min_length = 8
 password_require_numbers = false
 password_require_special_chars = false
 password_require_numbers = false
 password_require_uppercase = false
-session_cleanup_interval_minutes = 60
+failed_login_lockout_attempts = 5
 failed_login_lockout_duration_minutes = 15
 [logging]
 format = "json"
 level = "info"
 format = "json"
 max_file_size = "100MB"
 max_files = 10
--- a/crates/detector/Cargo.toml
+++ b/crates/detector/Cargo.toml
@ -1,22 +1,22 @@
 [package]
 authors.workspace = true
 edition.workspace = true
 license.workspace = true
 name = "provisioning-detector"
 repository.workspace = true
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
 repository.workspace = true
 [dependencies]
 anyhow.workspace = true
 chrono.workspace = true
 clap = { workspace = true, features = ["derive"] }
 regex.workspace = true
 serde = { version = "1.0", features = ["derive"] }
 serde_json.workspace = true
 thiserror.workspace = true
 tokio.workspace = true
 toml.workspace = true
 tokio.workspace = true
 anyhow.workspace = true
 thiserror.workspace = true
 regex.workspace = true
 walkdir.workspace = true
 chrono.workspace = true
 clap = { workspace = true, features = ["derive"] }
 [dev-dependencies]
 tempfile.workspace = true
--- a/crates/extension-registry/Cargo.toml
+++ b/crates/extension-registry/Cargo.toml
@ -1,15 +1,15 @@
 [package]
 authors.workspace = true
 description = "OCI-compliant extension registry proxy for managing provisioning system extensions and artifacts"
 edition.workspace = true
 name = "extension-registry"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 description = "OCI-compliant extension registry proxy for managing provisioning system extensions and artifacts"
 [dependencies]
 # Workspace dependencies
 async-trait = { workspace = true }
 futures = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 futures = { workspace = true }
 async-trait = { workspace = true }
 # Web server and API
 axum = { workspace = true }
@ -32,8 +32,8 @@ tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 # UUID and time
 chrono = { workspace = true, features = ["serde"] }
 uuid = { workspace = true, features = ["v4", "serde"] }
 chrono = { workspace = true, features = ["serde"] }
 # CLI
 clap = { workspace = true, features = ["derive"] }
@ -42,8 +42,8 @@ clap = { workspace = true, features = ["derive"] }
 reqwest = { workspace = true }
 # Cryptography for digest validation
 hex = { workspace = true }
 sha2 = { workspace = true }
 hex = { workspace = true }
 # URL parsing
 url = { workspace = true }
@ -61,10 +61,10 @@ parking_lot = { workspace = true }
 toml = { workspace = true }
 [dev-dependencies]
 http-body-util = "0.1"
 hyper = { workspace = true }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 hyper = { workspace = true }
 http-body-util = "0.1"
 # Library target
 [lib]
--- a/crates/extension-registry/config.example.toml
+++ b/crates/extension-registry/config.example.toml
@ -1,31 +1,31 @@
 # Extension Registry Configuration Example
 [server]
 enable_compression = true
 enable_cors = true
 host = "0.0.0.0"
 port = 8082
 workers = 4
 enable_cors = true
 enable_compression = true
 # Gitea backend configuration
 [gitea]
 organization = "provisioning-extensions"
 timeout_seconds = 30
 token_path = "/path/to/gitea-token.txt"
 url = "https://gitea.example.com"
 organization = "provisioning-extensions"
 token_path = "/path/to/gitea-token.txt"
 timeout_seconds = 30
 verify_ssl = true
 # OCI registry configuration
 [oci]
 auth_token_path = "/path/to/oci-token.txt"
 namespace = "provisioning"
 registry = "registry.example.com"
 namespace = "provisioning"
 auth_token_path = "/path/to/oci-token.txt"
 timeout_seconds = 30
 verify_ssl = true
 # Cache configuration
 [cache]
 capacity = 1000
 enable_list_cache = true
 enable_metadata_cache = true
 ttl_seconds = 300
 enable_metadata_cache = true
 enable_list_cache = true
--- a/crates/mcp-server/Cargo.toml
+++ b/crates/mcp-server/Cargo.toml
@ -1,13 +1,13 @@
 [package]
 authors = ["Jesús Pérez Lorenzo <jpl@jesusperez.pro>"]
 categories = ["command-line-utilities", "development-tools"]
 description = "Rust-native MCP server for Infrastructure Automation system"
 edition.workspace = true
 keywords = ["mcp", "rust", "infrastructure", "provisioning", "ai"]
 license.workspace = true
 name = "provisioning-mcp-server"
 repository.workspace = true
 version.workspace = true
 edition.workspace = true
 authors = ["Jesús Pérez Lorenzo <jpl@jesusperez.pro>"]
 description = "Rust-native MCP server for Infrastructure Automation system"
 repository.workspace = true
 license.workspace = true
 keywords = ["mcp", "rust", "infrastructure", "provisioning", "ai"]
 categories = ["command-line-utilities", "development-tools"]
 [dependencies]
 # ============================================================================
@ -75,13 +75,13 @@ serde_yaml = "0.9"
 dirs = { workspace = true }
 [dev-dependencies]
 tokio-test = { workspace = true }
 criterion = { workspace = true, features = ["html_reports"] }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 [features]
 debug = ["tracing-subscriber/json"]
 default = []
 debug = ["tracing-subscriber/json"]
 [[bin]]
 name = "provisioning-mcp-server"
@ -97,5 +97,5 @@ name = "provisioning_mcp_server"
 path = "src/lib.rs"
 [[bench]]
 harness = false
 name = "performance"
 harness = false
--- a/crates/orchestrator/.cargo/config.toml
+++ b/crates/orchestrator/.cargo/config.toml
@ -2,36 +2,41 @@
 [env]
 # Test environment variables
 RUST_TEST_THREADS = "1"
 RUST_BACKTRACE = { value = "1", condition = { env-not-set = ["CI"] } }
 RUST_LOG = { value = "debug", condition = { env-not-set = ["CI"] } }
 RUST_TEST_THREADS = "1"
 [alias]
 # Test aliases for convenience
 test-all = "test --all-features"
 test-factory = "test --test factory_tests"
 test-fs = "test --lib --bin orchestrator"
 test-surrealdb = "test --features surrealdb"
 test-integration = "test --test storage_integration"
 test-migration = "test --test migration_tests"
-test-surrealdb = "test --features surrealdb"
+test-factory = "test --test factory_tests"
 test-unit = "test --lib"
 # Benchmark aliases
 bench-all = "bench --all-features"
 bench-fs = "bench --bench storage_benchmarks -- filesystem"
 bench-migration = "bench --bench migration_benchmarks"
 bench-storage = "bench --bench storage_benchmarks"
 bench-migration = "bench --bench migration_benchmarks"
 bench-fs = "bench --bench storage_benchmarks -- filesystem"
 bench-surrealdb = "bench --features surrealdb --bench storage_benchmarks -- surrealdb"
 # Coverage and documentation
 doc-test = "test --doc --all-features"
 test-coverage = "tarpaulin --all-features --out html"
 doc-test = "test --doc --all-features"
 [target.'cfg(test)']
-rustflags = ["-C", "instrument-coverage"]
+rustflags = [
    "-C", "instrument-coverage"
 ]
 [build]
 # Enable additional lints for testing builds
 # Note: unused-crate-dependencies disabled for library crate due to false positives
 # with dependencies used in submodules but not lib.rs root
-rustflags = ["-W", "unused-extern-crates", "-W", "rust-2021-compatibility"]
+rustflags = [
    "-W", "unused-extern-crates",
    "-W", "rust-2021-compatibility"
 ]
--- a/crates/orchestrator/Cargo.toml
+++ b/crates/orchestrator/Cargo.toml
@ -1,30 +1,23 @@
 [package]
 authors.workspace = true
 description = "Cloud-native infrastructure orchestrator with Nushell integration"
 edition.workspace = true
 name = "provisioning-orchestrator"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 description = "Cloud-native infrastructure orchestrator with Nushell integration"
 [dependencies]
 # ============================================================================
 # WORKSPACE DEPENDENCIES - Core async runtime and traits
 # ============================================================================
-async-trait = { workspace = true }
+tokio = { workspace = true, features = ["rt", "rt-multi-thread", "process", "io-util", "time", "fs"] }
 futures = { workspace = true }
-tokio = { workspace = true, features = [
+async-trait = { workspace = true }
  "rt",
  "rt-multi-thread",
  "process",
  "io-util",
  "time",
  "fs",
 ] }
 # Serialization and data handling
 chrono = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 toml = { workspace = true }
 chrono = { workspace = true }
 uuid = { workspace = true }
 # Error handling
@ -72,10 +65,10 @@ base64 = "0.22"
 jsonwebtoken = { workspace = true }
 # Cryptography for token validation
 getrandom = { workspace = true }
 rand = { workspace = true }
 rsa = { workspace = true }
 sha2 = { workspace = true }
 rsa = { workspace = true }
 rand = { workspace = true }
 getrandom = { workspace = true }
 # SSH key management
 ed25519-dalek = "2.1"
@ -146,23 +139,13 @@ surrealdb = ["dep:surrealdb"]
 default = ["core", "audit", "compliance", "platform", "ssh", "workflow", "http-api"]
 # Full: All features enabled (development and testing)
-all = [
+all = ["core", "audit", "compliance", "platform", "ssh", "workflow", "testing", "http-api", "surrealdb"]
  "core",
  "audit",
  "compliance",
  "platform",
  "ssh",
  "workflow",
  "testing",
  "http-api",
  "surrealdb",
 ]
 [dev-dependencies]
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 assert_matches = { workspace = true }
 criterion = { workspace = true, features = ["html_reports", "async_tokio"] }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tower = { workspace = true, features = ["util"] }
 # Library target for tests and external use
@ -177,9 +160,9 @@ path = "src/main.rs"
 required-features = ["all"]
 [[bench]]
 harness = false
 name = "storage_benchmarks"
 harness = false
 [[bench]]
 harness = false
 name = "migration_benchmarks"
 harness = false
--- a/crates/platform-config/Cargo.toml
+++ b/crates/platform-config/Cargo.toml
@ -1,19 +1,19 @@
 [package]
 authors.workspace = true
 edition.workspace = true
 license.workspace = true
 name = "platform-config"
 repository.workspace = true
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
 repository.workspace = true
 [dependencies]
 anyhow = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }
 toml = { workspace = true }
 anyhow = { workspace = true }
 thiserror = { workspace = true }
 tracing = { workspace = true }
 tokio = { workspace = true }
 [dev-dependencies]
 tempfile = { workspace = true }
--- a/crates/provisioning-daemon/Cargo.toml
+++ b/crates/provisioning-daemon/Cargo.toml
@ -1,10 +1,10 @@
 [package]
 authors.workspace = true
 edition.workspace = true
 license.workspace = true
 name = "provisioning-daemon"
 repository.workspace = true
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 license.workspace = true
 repository.workspace = true
 [dependencies]
 # Core daemon library from prov-ecosystem
@ -25,8 +25,8 @@ toml = { workspace = true }
 platform-config = { path = "../platform-config" }
 # Error handling
 anyhow = { workspace = true }
 thiserror = { workspace = true }
 anyhow = { workspace = true }
 # Logging
 tracing = { workspace = true }
@ -36,6 +36,6 @@ tracing-subscriber = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 # Utilities
 uuid = { workspace = true }
 chrono = { workspace = true }
 dirs = { workspace = true }
 uuid = { workspace = true }
--- a/crates/rag/Cargo.toml
+++ b/crates/rag/Cargo.toml
@ -1,30 +1,23 @@
 [package]
 authors.workspace = true
 description = "RAG system for provisioning platform with Rig framework and SurrealDB"
 edition.workspace = true
 name = "provisioning-rag"
 version.workspace = true
 edition.workspace = true
 authors.workspace = true
 description = "RAG system for provisioning platform with Rig framework and SurrealDB"
 [dependencies]
 # ============================================================================
 # WORKSPACE DEPENDENCIES - Core async runtime and traits
 # ============================================================================
-async-trait = { workspace = true }
+tokio = { workspace = true, features = ["rt", "rt-multi-thread", "process", "io-util", "time", "fs"] }
 futures = { workspace = true }
-tokio = { workspace = true, features = [
+async-trait = { workspace = true }
  "rt",
  "rt-multi-thread",
  "process",
  "io-util",
  "time",
  "fs",
 ] }
 # Serialization and data handling
 chrono = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 toml = { workspace = true }
 chrono = { workspace = true }
 uuid = { workspace = true }
 # Error handling
@ -41,10 +34,10 @@ reqwest = { workspace = true }
 # REST API Framework (Phase 8)
 # ============================================================================
 axum = { workspace = true }
-http = "1"
+tower = { workspace = true}
 hyper = { workspace = true, features = ["full"] }
 tower = { workspace = true }
 tower-http = { workspace = true, features = ["cors", "trace"] }
 hyper = { workspace = true, features = ["full"] }
 http = "1"
 # Database
 surrealdb = { workspace = true }
@ -54,8 +47,8 @@ rig-core = { workspace = true }
 rig-surrealdb = { workspace = true }
 # Filesystem and path operations
 dirs = { workspace = true }
 walkdir = { workspace = true }
 dirs = { workspace = true }
 # Configuration
 config = { workspace = true }
@ -70,7 +63,7 @@ regex = { workspace = true }
 tokenizers = { workspace = true }
 # Caching support (Phase 7)
-lru = { workspace = true }
+lru =  { workspace = true }
 sha2 = { workspace = true }
 # Metrics and monitoring (Phase 7)
@ -83,14 +76,14 @@ clap = { workspace = true, features = ["derive", "env"] }
 tracing-subscriber = { workspace = true }
 [dev-dependencies]
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 assert_matches = { workspace = true }
 criterion = { workspace = true, features = ["html_reports", "async_tokio"] }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 [[bench]]
 harness = false
 name = "phase8_benchmarks"
 harness = false
 # Library target
 [lib]
@ -105,5 +98,5 @@ required-features = ["cli"]
 # Features
 [features]
 cli = []
 default = []
 cli = []
--- a/crates/service-clients/Cargo.toml
+++ b/crates/service-clients/Cargo.toml
@ -1,24 +1,24 @@
 [package]
 authors = { workspace = true }
 description = "HTTP service client wrappers for provisioning platform services"
 edition = { workspace = true }
 license = { workspace = true }
 name = "service-clients"
 repository = { workspace = true }
 version = { workspace = true }
 edition = { workspace = true }
 authors = { workspace = true }
 license = { workspace = true }
 repository = { workspace = true }
 description = "HTTP service client wrappers for provisioning platform services"
 [dependencies]
 async-trait = { workspace = true }
 log = { workspace = true }
 reqwest = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 thiserror = { workspace = true }
-tokio = { workspace = true, features = ["full"] }
+log = { workspace = true }
 async-trait = { workspace = true }
 # Service types (optional - only if not using generic types)
 machines = { path = "../../../../submodules/prov-ecosystem/crates/machines" }
 [dev-dependencies]
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
--- a/crates/vault-service/Cargo.toml
+++ b/crates/vault-service/Cargo.toml
@ -1,9 +1,9 @@
 [package]
 authors = ["Provisioning Team"]
 description = "Vault Service for Provisioning Platform with secrets and key management (Age dev, Cosmian KMS prod, RustyVault self-hosted)"
 edition = "2021"
 name = "vault-service"
 version = "0.2.0"
 edition = "2021"
 authors = ["Provisioning Team"]
 description = "Vault Service for Provisioning Platform with secrets and key management (Age dev, Cosmian KMS prod, RustyVault self-hosted)"
 [dependencies]
 # Async runtime
@ -33,8 +33,8 @@ base64 = { workspace = true }
 rand = { workspace = true }
 # Error handling
 anyhow = { workspace = true }
 thiserror = { workspace = true }
 anyhow = { workspace = true }
 # Logging
 tracing = { workspace = true }
@ -50,9 +50,9 @@ config = { workspace = true }
 secretumvault = { workspace = true }
 [dev-dependencies]
-mockito = { workspace = true }
+mockito  = { workspace = true }
 tempfile = { workspace = true }
 tokio-test = { workspace = true }
 tempfile = { workspace = true }
 [[bin]]
 name = "vault-service"