2025-09-22 22:11:41 +00:00
|
|
|
# Extension Loader
|
|
|
|
|
# Discovers and loads extensions from multiple sources
|
feat: Complete config-driven architecture migration v2.0.0
Transform provisioning system from ENV-based to hierarchical config-driven architecture.
This represents a complete system redesign with breaking changes requiring migration.
## Migration Summary
- 65+ files migrated across entire codebase
- 200+ ENV variables replaced with 476 config accessors
- 29 syntax errors fixed across 17 files
- 92% token efficiency maintained during migration
## Core Features Added
### Hierarchical Configuration System
- 6-layer precedence: defaults → user → project → infra → env → runtime
- Deep merge strategy with intelligent precedence rules
- Multi-environment support (dev/test/prod) with auto-detection
- Configuration templates for all environments
### Enhanced Interpolation Engine
- Dynamic variables: {{paths.base}}, {{env.HOME}}, {{now.date}}
- Git context: {{git.branch}}, {{git.commit}}, {{git.remote}}
- SOPS integration: {{sops.decrypt()}} for secrets management
- Path operations: {{path.join()}} for dynamic construction
- Security: circular dependency detection, injection prevention
### Comprehensive Validation
- Structure, path, type, semantic, and security validation
- Code injection and path traversal detection
- Detailed error reporting with actionable messages
- Configuration health checks and warnings
## Architecture Changes
### Configuration Management (core/nulib/lib_provisioning/config/)
- loader.nu: 1600+ line hierarchical config loader with validation
- accessor.nu: 476 config accessor functions replacing ENV vars
### Provider System (providers/)
- AWS, UpCloud, Local providers fully config-driven
- Unified middleware system with standardized interfaces
### Task Services (core/nulib/taskservs/)
- Kubernetes, storage, networking, registry services migrated
- Template-driven configuration generation
### Cluster Management (core/nulib/clusters/)
- Complete lifecycle management through configuration
- Environment-specific cluster templates
## New Configuration Files
- config.defaults.toml: System defaults (84 lines)
- config.*.toml.example: Environment templates (400+ lines each)
- Enhanced CLI: validate, env, multi-environment support
## Security Enhancements
- Type-safe configuration access through validated functions
- SOPS integration for encrypted secrets management
- Input validation preventing injection attacks
- Environment isolation and access controls
## Breaking Changes
⚠️ ENV variables no longer supported as primary configuration
⚠️ Function signatures require --config parameter
⚠️ CLI arguments and return types modified
⚠️ Provider authentication now config-driven
## Migration Path
1. Backup current environment variables
2. Copy config.user.toml.example → config.user.toml
3. Migrate ENV vars to TOML format
4. Validate: ./core/nulib/provisioning validate config
5. Test functionality with new configuration
## Validation Results
✅ Structure valid
✅ Paths valid
✅ Types valid
✅ Semantic rules valid
✅ File references valid
System ready for production use with config-driven architecture.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-23 02:36:50 +00:00
|
|
|
use ../config/accessor.nu *
|
2025-09-22 22:11:41 +00:00
|
|
|
|
|
|
|
|
# Extension discovery paths in priority order
|
|
|
|
|
export def get-extension-paths []: nothing -> list<string> {
|
|
|
|
|
[
|
|
|
|
|
# Project-specific extensions (highest priority)
|
|
|
|
|
($env.PWD | path join ".provisioning" "extensions")
|
|
|
|
|
# User extensions
|
|
|
|
|
($env.HOME | path join ".provisioning-extensions")
|
|
|
|
|
# System-wide extensions
|
|
|
|
|
"/opt/provisioning-extensions"
|
|
|
|
|
# Environment variable override
|
feat: Complete config-driven architecture migration v2.0.0
Transform provisioning system from ENV-based to hierarchical config-driven architecture.
This represents a complete system redesign with breaking changes requiring migration.
## Migration Summary
- 65+ files migrated across entire codebase
- 200+ ENV variables replaced with 476 config accessors
- 29 syntax errors fixed across 17 files
- 92% token efficiency maintained during migration
## Core Features Added
### Hierarchical Configuration System
- 6-layer precedence: defaults → user → project → infra → env → runtime
- Deep merge strategy with intelligent precedence rules
- Multi-environment support (dev/test/prod) with auto-detection
- Configuration templates for all environments
### Enhanced Interpolation Engine
- Dynamic variables: {{paths.base}}, {{env.HOME}}, {{now.date}}
- Git context: {{git.branch}}, {{git.commit}}, {{git.remote}}
- SOPS integration: {{sops.decrypt()}} for secrets management
- Path operations: {{path.join()}} for dynamic construction
- Security: circular dependency detection, injection prevention
### Comprehensive Validation
- Structure, path, type, semantic, and security validation
- Code injection and path traversal detection
- Detailed error reporting with actionable messages
- Configuration health checks and warnings
## Architecture Changes
### Configuration Management (core/nulib/lib_provisioning/config/)
- loader.nu: 1600+ line hierarchical config loader with validation
- accessor.nu: 476 config accessor functions replacing ENV vars
### Provider System (providers/)
- AWS, UpCloud, Local providers fully config-driven
- Unified middleware system with standardized interfaces
### Task Services (core/nulib/taskservs/)
- Kubernetes, storage, networking, registry services migrated
- Template-driven configuration generation
### Cluster Management (core/nulib/clusters/)
- Complete lifecycle management through configuration
- Environment-specific cluster templates
## New Configuration Files
- config.defaults.toml: System defaults (84 lines)
- config.*.toml.example: Environment templates (400+ lines each)
- Enhanced CLI: validate, env, multi-environment support
## Security Enhancements
- Type-safe configuration access through validated functions
- SOPS integration for encrypted secrets management
- Input validation preventing injection attacks
- Environment isolation and access controls
## Breaking Changes
⚠️ ENV variables no longer supported as primary configuration
⚠️ Function signatures require --config parameter
⚠️ CLI arguments and return types modified
⚠️ Provider authentication now config-driven
## Migration Path
1. Backup current environment variables
2. Copy config.user.toml.example → config.user.toml
3. Migrate ENV vars to TOML format
4. Validate: ./core/nulib/provisioning validate config
5. Test functionality with new configuration
## Validation Results
✅ Structure valid
✅ Paths valid
✅ Types valid
✅ Semantic rules valid
✅ File references valid
System ready for production use with config-driven architecture.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-23 02:36:50 +00:00
|
|
|
(get-extensions-path)
|
2025-09-22 22:11:41 +00:00
|
|
|
] | where ($it | is-not-empty) | where ($it | path exists)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Load extension manifest
|
|
|
|
|
export def load-manifest [extension_path: string]: nothing -> record {
|
|
|
|
|
let manifest_file = ($extension_path | path join "manifest.yaml")
|
|
|
|
|
if ($manifest_file | path exists) {
|
|
|
|
|
open $manifest_file
|
|
|
|
|
} else {
|
|
|
|
|
{
|
|
|
|
|
name: ($extension_path | path basename)
|
|
|
|
|
version: "1.0.0"
|
|
|
|
|
type: "unknown"
|
|
|
|
|
requires: []
|
|
|
|
|
permissions: []
|
|
|
|
|
hooks: {}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check if extension is allowed
|
|
|
|
|
export def is-extension-allowed [manifest: record]: nothing -> bool {
|
feat: Complete config-driven architecture migration v2.0.0
Transform provisioning system from ENV-based to hierarchical config-driven architecture.
This represents a complete system redesign with breaking changes requiring migration.
## Migration Summary
- 65+ files migrated across entire codebase
- 200+ ENV variables replaced with 476 config accessors
- 29 syntax errors fixed across 17 files
- 92% token efficiency maintained during migration
## Core Features Added
### Hierarchical Configuration System
- 6-layer precedence: defaults → user → project → infra → env → runtime
- Deep merge strategy with intelligent precedence rules
- Multi-environment support (dev/test/prod) with auto-detection
- Configuration templates for all environments
### Enhanced Interpolation Engine
- Dynamic variables: {{paths.base}}, {{env.HOME}}, {{now.date}}
- Git context: {{git.branch}}, {{git.commit}}, {{git.remote}}
- SOPS integration: {{sops.decrypt()}} for secrets management
- Path operations: {{path.join()}} for dynamic construction
- Security: circular dependency detection, injection prevention
### Comprehensive Validation
- Structure, path, type, semantic, and security validation
- Code injection and path traversal detection
- Detailed error reporting with actionable messages
- Configuration health checks and warnings
## Architecture Changes
### Configuration Management (core/nulib/lib_provisioning/config/)
- loader.nu: 1600+ line hierarchical config loader with validation
- accessor.nu: 476 config accessor functions replacing ENV vars
### Provider System (providers/)
- AWS, UpCloud, Local providers fully config-driven
- Unified middleware system with standardized interfaces
### Task Services (core/nulib/taskservs/)
- Kubernetes, storage, networking, registry services migrated
- Template-driven configuration generation
### Cluster Management (core/nulib/clusters/)
- Complete lifecycle management through configuration
- Environment-specific cluster templates
## New Configuration Files
- config.defaults.toml: System defaults (84 lines)
- config.*.toml.example: Environment templates (400+ lines each)
- Enhanced CLI: validate, env, multi-environment support
## Security Enhancements
- Type-safe configuration access through validated functions
- SOPS integration for encrypted secrets management
- Input validation preventing injection attacks
- Environment isolation and access controls
## Breaking Changes
⚠️ ENV variables no longer supported as primary configuration
⚠️ Function signatures require --config parameter
⚠️ CLI arguments and return types modified
⚠️ Provider authentication now config-driven
## Migration Path
1. Backup current environment variables
2. Copy config.user.toml.example → config.user.toml
3. Migrate ENV vars to TOML format
4. Validate: ./core/nulib/provisioning validate config
5. Test functionality with new configuration
## Validation Results
✅ Structure valid
✅ Paths valid
✅ Types valid
✅ Semantic rules valid
✅ File references valid
System ready for production use with config-driven architecture.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-23 02:36:50 +00:00
|
|
|
let mode = (get-extension-mode)
|
|
|
|
|
let allowed = (get-allowed-extensions | split row "," | each { str trim })
|
|
|
|
|
let blocked = (get-blocked-extensions | split row "," | each { str trim })
|
2025-09-22 22:11:41 +00:00
|
|
|
|
|
|
|
|
match $mode {
|
|
|
|
|
"disabled" => false,
|
|
|
|
|
"restricted" => {
|
|
|
|
|
if ($blocked | any {|x| $x == $manifest.name}) {
|
|
|
|
|
false
|
|
|
|
|
} else if ($allowed | is-empty) {
|
|
|
|
|
true
|
|
|
|
|
} else {
|
|
|
|
|
($allowed | any {|x| $x == $manifest.name})
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
_ => {
|
|
|
|
|
not ($blocked | any {|x| $x == $manifest.name})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Discover providers in extension paths
|
|
|
|
|
export def discover-providers []: nothing -> table {
|
|
|
|
|
get-extension-paths | each {|ext_path|
|
|
|
|
|
let providers_path = ($ext_path | path join "providers")
|
|
|
|
|
if ($providers_path | path exists) {
|
|
|
|
|
glob ($providers_path | path join "*")
|
|
|
|
|
| where ($it | path type) == "dir"
|
|
|
|
|
| each {|provider_path|
|
|
|
|
|
let manifest = (load-manifest $provider_path)
|
|
|
|
|
if (is-extension-allowed $manifest) and $manifest.type == "provider" {
|
|
|
|
|
{
|
|
|
|
|
name: ($provider_path | path basename)
|
|
|
|
|
path: $provider_path
|
|
|
|
|
manifest: $manifest
|
|
|
|
|
source: $ext_path
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
null
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
| where ($it != null)
|
|
|
|
|
} else {
|
|
|
|
|
[]
|
|
|
|
|
}
|
|
|
|
|
} | flatten
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Discover taskservs in extension paths
|
|
|
|
|
export def discover-taskservs []: nothing -> table {
|
|
|
|
|
get-extension-paths | each {|ext_path|
|
|
|
|
|
let taskservs_path = ($ext_path | path join "taskservs")
|
|
|
|
|
if ($taskservs_path | path exists) {
|
|
|
|
|
glob ($taskservs_path | path join "*")
|
|
|
|
|
| where ($it | path type) == "dir"
|
|
|
|
|
| each {|taskserv_path|
|
|
|
|
|
let manifest = (load-manifest $taskserv_path)
|
|
|
|
|
if (is-extension-allowed $manifest) and $manifest.type == "taskserv" {
|
|
|
|
|
{
|
|
|
|
|
name: ($taskserv_path | path basename)
|
|
|
|
|
path: $taskserv_path
|
|
|
|
|
manifest: $manifest
|
|
|
|
|
source: $ext_path
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
null
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
| where ($it != null)
|
|
|
|
|
} else {
|
|
|
|
|
[]
|
|
|
|
|
}
|
|
|
|
|
} | flatten
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Check extension requirements
|
|
|
|
|
export def check-requirements [manifest: record]: nothing -> bool {
|
|
|
|
|
if ($manifest.requires | is-empty) {
|
|
|
|
|
true
|
|
|
|
|
} else {
|
|
|
|
|
$manifest.requires | all {|req|
|
|
|
|
|
(which $req | length) > 0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Load extension hooks
|
|
|
|
|
export def load-hooks [extension_path: string, manifest: record]: nothing -> record {
|
|
|
|
|
if ($manifest.hooks | is-not-empty) {
|
|
|
|
|
$manifest.hooks | items {|key, value|
|
|
|
|
|
let hook_file = ($extension_path | path join $value)
|
|
|
|
|
if ($hook_file | path exists) {
|
|
|
|
|
{key: $key, value: $hook_file}
|
|
|
|
|
}
|
|
|
|
|
} | reduce --fold {} {|it, acc| $acc | insert $it.key $it.value}
|
|
|
|
|
} else {
|
|
|
|
|
{}
|
|
|
|
|
}
|
|
|
|
|
}
|