[package]
authors.workspace = true
description = "Cloud-native infrastructure orchestrator with Nushell integration"
edition.workspace = true
name = "orchestrator"
version.workspace = true

[dependencies]
# ============================================================================
# WORKSPACE DEPENDENCIES - Core async runtime and traits
# ============================================================================
async-trait = { workspace = true }
futures = { workspace = true }
tokio = { workspace = true, features = [
  "rt",
  "rt-multi-thread",
  "process",
  "io-util",
  "time",
  "fs",
] }

# Serialization and data handling
chrono = { workspace = true }
serde = { workspace = true }
serde_json = { workspace = true }
toml = { workspace = true }
uuid = { workspace = true }

# Error handling
anyhow = { workspace = true }
thiserror = { workspace = true }

# Logging framework (used throughout)
tracing = { workspace = true }

# Web server and API
axum = { workspace = true }
tower-http = { workspace = true, features = ["cors", "trace"] }

# CLI interface
clap = { workspace = true }

# Logging configuration (binary-only, but required for compilation)
tracing-subscriber = { workspace = true }

# Docker/Container management
bollard = { workspace = true }

# HTTP client for DNS/OCI/services
reqwest = { workspace = true }

# HTTP service clients (machines, init, AI) - enables remote service calls
service-clients = { workspace = true }

# Platform configuration management
platform-config = { workspace = true }

# LRU cache for OCI manifests
lru = { workspace = true }

# Authorization policy engine
cedar-policy = { workspace = true }

# File system watcher for hot reload
notify = { workspace = true }

# Base64 encoding/decoding
base64 = { workspace = true }

# JWT token validation
jsonwebtoken = { workspace = true }

# Cryptography for token validation
getrandom = { workspace = true }
rand = { workspace = true }
rsa = { workspace = true }
sha2 = { workspace = true }

# SSH key management
ed25519-dalek = { workspace = true }

# SSH client library (pure Rust, async-first)
russh = { workspace = true }
russh-keys = { workspace = true }

# Path expansion for tilde (~) handling
shellexpand = { workspace = true }

# ============================================================================
# FEATURE-GATED OPTIONAL DEPENDENCIES
# ============================================================================

# SurrealDB storage backend (optional)
surrealdb = { workspace = true, optional = true }

# ============================================================================
# FEATURES - Module Organization for Coupling Reduction
# ============================================================================
#
# Rationale: Feature flags organize 25+ modules into logical groups,
# reducing visible module count from 25 to ~12 core modules.
# This enables:
# - Selective compilation (faster builds for minimal setups)
# - Dependency reduction (unused features don't get linked)
# - Clear module responsibilities (features map to functionality)
# - Dead code elimination at compile time
#
[features]
# Core: Always-on, required for basic functionality
# Modules: config, storage, state, services, middleware, security
core = []

# Audit: Security event logging and compliance audit trails
# Modules: audit
audit = ["core"]

# Compliance: Policy evaluation and compliance checking
# Modules: compliance, break_glass
compliance = ["core"]

# Platform: Infrastructure integration and management
# Modules: dns, extensions, oci
platform = ["core"]

# SSH: SSH key management and operations
# Modules: ssh
ssh = ["core"]

# Workflow: Batch jobs, workflow orchestration, and task management
# Modules: workflow, queue, rollback, migration, monitor, batch, dependency
workflow = ["core"]

# Testing: Test environment and container management
# Modules: container_manager, test_environment, test_orchestrator
testing = ["core"]

# HTTP API: REST API endpoints for external integration
http-api = ["core"]

# SurrealDB: Optional storage backend
surrealdb = ["dep:surrealdb"]

# Default: All features enabled
default = [
  "core",
  "audit",
  "compliance",
  "platform",
  "ssh",
  "workflow",
  "testing",
  "http-api",
  "surrealdb",
]

# Full: All features enabled (development and testing)
all = [
  "core",
  "audit",
  "compliance",
  "platform",
  "ssh",
  "workflow",
  "testing",
  "http-api",
  "surrealdb",
]

[dev-dependencies]
assert_matches = { workspace = true }
criterion = { workspace = true, features = ["html_reports", "async_tokio"] }
tempfile = { workspace = true }
tokio-test = { workspace = true }
tower = { workspace = true, features = ["util"] }

# Library target for tests and external use
[lib]
name = "provisioning_orchestrator"
path = "src/lib.rs"

# Binary target (uses all features by default)
[[bin]]
name = "provisioning-orchestrator"
path = "src/main.rs"

[[bench]]
harness = false
name = "storage_benchmarks"

[[bench]]
harness = false
name = "migration_benchmarks"