provisioning/config.prod.toml.example

# Production Environment Configuration Template
# Copy this file to config.prod.toml for production-ready settings
#
# This template provides secure, performance-optimized settings for production:
# - Minimal logging to reduce overhead
# - Security-focused configurations
# - Production provider defaults
# - Optimized performance settings
# - Robust error handling and validation

# =============================================================================
# PRODUCTION CORE CONFIGURATION
# =============================================================================

[core]
version = "1.0.0"
name = "provisioning-system-prod"

# =============================================================================
# PRODUCTION PATHS
# =============================================================================
# Configured for production deployment standards

[paths]
# Production base path - typically system-wide installation
# Standard production locations:
#   base = "/opt/provisioning"                    # Standard system location
#   base = "/usr/local/provisioning"              # Alternative system location
#   base = "/app/provisioning"                    # Container deployment
#   base = "/srv/provisioning"                    # Service directory
base = "/opt/provisioning"

# Production paths follow security best practices
# All paths inherit from base for consistency
kloud = "{{paths.base}}/infra"
providers = "{{paths.base}}/providers"
taskservs = "{{paths.base}}/taskservs"
clusters = "{{paths.base}}/cluster"
resources = "{{paths.base}}/resources"
templates = "{{paths.base}}/templates"
tools = "{{paths.base}}/tools"
core = "{{paths.base}}/core"

[paths.files]
# Production configuration files with secure defaults
settings = "{{paths.base}}/kcl/settings.k"
keys = "{{paths.base}}/keys/prod-keys.yaml"
requirements = "{{paths.base}}/requirements.yaml"
notify_icon = "{{paths.base}}/resources/icon.png"

# =============================================================================
# PRODUCTION SECURITY AND DEBUGGING
# =============================================================================
# Minimal debugging for security and performance

[debug]
# Disable debug mode in production for security
enabled = false

# Never show metadata in production logs
metadata = false

# Never enable check mode by default in production
check = false

# Disable remote debugging in production
remote = false

# Use warning level logging to capture only important events
# This reduces log volume while maintaining operational visibility
log_level = "warn"

# Ensure terminal features work properly in production
no_terminal = false

# =============================================================================
# PRODUCTION OUTPUT CONFIGURATION
# =============================================================================

[output]
# Use less for reliable paging in production environments
file_viewer = "less"

# YAML format for human-readable production output
format = "yaml"

# =============================================================================
# PRODUCTION SOPS CONFIGURATION
# =============================================================================
# Secure secrets management for production

[sops]
# Enable SOPS for production secret management
use_sops = true

# Production SOPS configuration with strict security
config_path = "{{paths.base}}/.sops.yaml"

# Secure key search paths for production
# Only search trusted, secure locations
key_search_paths = [
    "/etc/sops/age/keys.txt",
    "{{paths.base}}/keys/age.txt",
    "/var/lib/provisioning/keys/age.txt"
]

# =============================================================================
# PRODUCTION RUNTIME CONFIGURATION
# =============================================================================

[taskservs]
# Production runtime directory with proper permissions
run_path = "/var/lib/provisioning/taskservs"

[clusters]
# Production cluster runtime with persistence
run_path = "/var/lib/provisioning/clusters"

[generation]
# Production generation directory
dir_path = "/var/lib/provisioning/generated"
defs_file = "prod-defs.toml"

# =============================================================================
# PRODUCTION PROVIDER CONFIGURATION
# =============================================================================
# Production-ready cloud provider settings

[providers]
# Default to AWS for production deployments
# Change to your primary production cloud provider
default = "aws"

# AWS Production Configuration
[providers.aws]
# Use default AWS endpoints for production
api_url = ""
# Use IAM roles/instance profiles for authentication
auth = ""
# Use CLI interface for production stability
interface = "CLI"

# UpCloud Production Configuration
[providers.upcloud]
# Standard UpCloud API endpoint
api_url = "https://api.upcloud.com/1.3"
# Use API keys stored in environment/SOPS
auth = ""
# Use CLI interface for production
interface = "CLI"

# Local Provider (disabled in production)
[providers.local]
# Not typically used in production
api_url = ""
auth = ""
interface = "CLI"

# =============================================================================
# PRODUCTION ENVIRONMENT SETTINGS
# =============================================================================

# Production environment defaults
[environments.prod]
debug.enabled = false
debug.log_level = "warn"
debug.metadata = false
debug.check = false
debug.remote = false
providers.default = "aws"
output.format = "yaml"
output.file_viewer = "less"

# Development override (if needed for production debugging)
[environments.dev]
debug.enabled = true
debug.log_level = "info"
debug.check = true
providers.default = "local"
output.format = "json"

# Testing environment for production validation
[environments.test]
debug.enabled = false
debug.log_level = "info"
debug.check = true
providers.default = "aws"
output.format = "yaml"

# =============================================================================
# PRODUCTION PERFORMANCE OPTIMIZATION
# =============================================================================

# Performance settings optimized for production workloads
[performance]
# Higher parallelism for production efficiency
parallel_operations = 8
# Longer timeouts for production reliability
timeout_seconds = 600
# Enable caching for better performance
cache_enabled = true
# Production cache directory
cache_dir = "/var/cache/provisioning"
# Cache retention for production
cache_retention_hours = 24

# =============================================================================
# PRODUCTION SECURITY CONFIGURATION
# =============================================================================

# Security settings for production environment
[security]
# Always require confirmation for destructive operations
require_confirmation = true
# Never log sensitive data in production
log_sensitive_data = false
# Enable strict validation in production
strict_validation = true
# Production backup settings
auto_backup = true
backup_dir = "/var/backups/provisioning"
# Backup retention policy
backup_retention_days = 30
# Encrypt backups in production
backup_encryption = true
# Audit logging for production
audit_enabled = true
audit_log_path = "/var/log/provisioning/audit.log"

# =============================================================================
# PRODUCTION MONITORING AND ALERTING
# =============================================================================

# Production monitoring configuration
[monitoring]
# Enable comprehensive monitoring
enabled = true
# Production metrics endpoint
endpoint = "https://metrics.example.com/provisioning"
# Monitoring interval
interval = "60s"
# Health check configuration
health_check_enabled = true
health_check_port = 8080
# Log aggregation for production
log_endpoint = "https://logs.example.com/provisioning"

# Production alerting
[alerting]
# Enable production alerting
enabled = true
# Alert channels
email_enabled = true
email_recipients = ["ops@example.com", "devops@example.com"]
slack_enabled = true
slack_webhook = "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
# PagerDuty integration
pagerduty_enabled = true
pagerduty_key = "SOPS_ENCRYPTED_KEY"
# Alert thresholds
error_threshold = 5
warning_threshold = 10

# =============================================================================
# PRODUCTION BACKUP AND DISASTER RECOVERY
# =============================================================================

# Production backup configuration
[backup]
# Enable automated backups
enabled = true
# Backup schedule (production frequency)
schedule = "0 2 * * *"  # Daily at 2 AM
# Backup retention policy
retention_days = 90
# Backup storage location
location = "/var/backups/provisioning"
# Remote backup storage
remote_enabled = true
remote_location = "s3://company-backups/provisioning/"
# Backup encryption
encryption_enabled = true
# Backup verification
verification_enabled = true

# Disaster recovery settings
[disaster_recovery]
# Enable DR procedures
enabled = true
# DR site configuration
dr_site = "us-west-2"
# RTO and RPO targets
rto_minutes = 60
rpo_minutes = 15
# DR testing schedule
test_schedule = "0 3 1 * *"  # Monthly DR testing

# =============================================================================
# PRODUCTION COMPLIANCE AND GOVERNANCE
# =============================================================================

# Compliance settings for production
[compliance]
# Enable compliance monitoring
enabled = true
# Compliance frameworks
frameworks = ["SOC2", "PCI-DSS", "GDPR"]
# Compliance reporting
reporting_enabled = true
report_frequency = "monthly"
# Data retention policies
data_retention_days = 2555  # 7 years
# Encryption requirements
encryption_at_rest = true
encryption_in_transit = true

# Governance settings
[governance]
# Change management
change_approval_required = true
# Configuration drift detection
drift_detection_enabled = true
drift_check_interval = "24h"
# Policy enforcement
policy_enforcement_enabled = true
# Resource tagging requirements
required_tags = ["Environment", "Owner", "Project", "CostCenter"]

# =============================================================================
# PRODUCTION INTEGRATION SETTINGS
# =============================================================================

# CI/CD integration for production
[cicd]
# Enable CI/CD integration
enabled = true
# Pipeline triggers
trigger_on_config_change = true
# Deployment gates
require_approval = true
# Automated testing
run_tests = true
test_timeout = 1800
# Rollback capability
auto_rollback_enabled = true

# ITSM integration
[itsm]
# ServiceNow integration
servicenow_enabled = true
servicenow_instance = "https://company.service-now.com"
# Change request automation
auto_create_change_requests = true
# Incident management
auto_create_incidents = true

# =============================================================================
# PRODUCTION RESOURCE MANAGEMENT
# =============================================================================

# Resource quotas and limits for production
[resources]
# CPU limits
max_cpu_cores = 32
# Memory limits
max_memory_gb = 128
# Storage limits
max_storage_gb = 1000
# Network limits
max_bandwidth_mbps = 1000
# Instance limits
max_instances = 100

# Cost management
[cost_management]
# Enable cost tracking
enabled = true
# Budget alerts
budget_alerts_enabled = true
monthly_budget_limit = 10000
# Cost optimization
auto_optimize = false
optimization_schedule = "0 4 * * 0"  # Weekly optimization review

# =============================================================================
# PRODUCTION OPERATIONAL PROCEDURES
# =============================================================================

# Maintenance windows
[maintenance]
# Scheduled maintenance
enabled = true
# Maintenance window schedule
schedule = "0 3 * * 0"  # Sunday 3 AM
# Maintenance duration
duration_hours = 4
# Notification before maintenance
notification_hours = 24

# Incident response
[incident_response]
# Enable automated incident response
enabled = true
# Response team notifications
primary_contact = "ops@example.com"
escalation_contact = "management@example.com"
# Response time targets
response_time_minutes = 15
resolution_time_hours = 4

# =============================================================================
# PRODUCTION USAGE GUIDELINES
# =============================================================================
#
# Production Deployment Checklist:
# --------------------------------
#
# 1. Security Review:
#    □ SOPS keys properly secured
#    □ IAM roles configured with least privilege
#    □ Network security groups configured
#    □ Audit logging enabled
#
# 2. Performance Validation:
#    □ Resource quotas set appropriately
#    □ Monitoring and alerting configured
#    □ Backup and DR procedures tested
#    □ Load testing completed
#
# 3. Compliance Verification:
#    □ Required tags applied to all resources
#    □ Data encryption enabled
#    □ Compliance frameworks configured
#    □ Change management processes in place
#
# 4. Operational Readiness:
#    □ Runbooks created and tested
#    □ On-call procedures established
#    □ Incident response tested
#    □ Documentation updated
#
# Production Operations Commands:
# ------------------------------
#
# 1. Health Check:
#    ./core/nulib/provisioning validate config --strict
#
# 2. Deploy Infrastructure:
#    ./core/nulib/provisioning server create --infra production
#
# 3. Monitor Operations:
#    ./core/nulib/provisioning show servers --infra production --out yaml
#
# 4. Backup Configuration:
#    ./core/nulib/provisioning backup create --infra production
#
# 5. Emergency Procedures:
#    ./core/nulib/provisioning cluster delete --infra production --emergency
#
# =============================================================================
# PRODUCTION TROUBLESHOOTING
# =============================================================================
#
# Common Production Issues:
# ------------------------
#
# 1. Authentication Failures:
#    - Check IAM roles and policies
#    - Verify SOPS key access
#    - Validate provider credentials
#
# 2. Performance Issues:
#    - Review parallel_operations setting
#    - Check timeout_seconds values
#    - Monitor resource utilization
#
# 3. Security Alerts:
#    - Review audit logs
#    - Check compliance status
#    - Validate encryption settings
#
# 4. Backup Failures:
#    - Verify backup storage access
#    - Check retention policies
#    - Test recovery procedures
#
# 5. Monitoring Gaps:
#    - Validate monitoring endpoints
#    - Check alert configurations
#    - Test notification channels
feat: Complete config-driven architecture migration v2.0.0 Transform provisioning system from ENV-based to hierarchical config-driven architecture. This represents a complete system redesign with breaking changes requiring migration. ## Migration Summary - 65+ files migrated across entire codebase - 200+ ENV variables replaced with 476 config accessors - 29 syntax errors fixed across 17 files - 92% token efficiency maintained during migration ## Core Features Added ### Hierarchical Configuration System - 6-layer precedence: defaults → user → project → infra → env → runtime - Deep merge strategy with intelligent precedence rules - Multi-environment support (dev/test/prod) with auto-detection - Configuration templates for all environments ### Enhanced Interpolation Engine - Dynamic variables: {{paths.base}}, {{env.HOME}}, {{now.date}} - Git context: {{git.branch}}, {{git.commit}}, {{git.remote}} - SOPS integration: {{sops.decrypt()}} for secrets management - Path operations: {{path.join()}} for dynamic construction - Security: circular dependency detection, injection prevention ### Comprehensive Validation - Structure, path, type, semantic, and security validation - Code injection and path traversal detection - Detailed error reporting with actionable messages - Configuration health checks and warnings ## Architecture Changes ### Configuration Management (core/nulib/lib_provisioning/config/) - loader.nu: 1600+ line hierarchical config loader with validation - accessor.nu: 476 config accessor functions replacing ENV vars ### Provider System (providers/) - AWS, UpCloud, Local providers fully config-driven - Unified middleware system with standardized interfaces ### Task Services (core/nulib/taskservs/) - Kubernetes, storage, networking, registry services migrated - Template-driven configuration generation ### Cluster Management (core/nulib/clusters/) - Complete lifecycle management through configuration - Environment-specific cluster templates ## New Configuration Files - config.defaults.toml: System defaults (84 lines) - config.*.toml.example: Environment templates (400+ lines each) - Enhanced CLI: validate, env, multi-environment support ## Security Enhancements - Type-safe configuration access through validated functions - SOPS integration for encrypted secrets management - Input validation preventing injection attacks - Environment isolation and access controls ## Breaking Changes ⚠️ ENV variables no longer supported as primary configuration ⚠️ Function signatures require --config parameter ⚠️ CLI arguments and return types modified ⚠️ Provider authentication now config-driven ## Migration Path 1. Backup current environment variables 2. Copy config.user.toml.example → config.user.toml 3. Migrate ENV vars to TOML format 4. Validate: ./core/nulib/provisioning validate config 5. Test functionality with new configuration ## Validation Results ✅ Structure valid ✅ Paths valid ✅ Types valid ✅ Semantic rules valid ✅ File references valid System ready for production use with config-driven architecture. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-09-23 02:36:50 +00:00			`# Production Environment Configuration Template`
			`# Copy this file to config.prod.toml for production-ready settings`
			`#`
			`# This template provides secure, performance-optimized settings for production:`
			`# - Minimal logging to reduce overhead`
			`# - Security-focused configurations`
			`# - Production provider defaults`
			`# - Optimized performance settings`
			`# - Robust error handling and validation`

			`# =============================================================================`
			`# PRODUCTION CORE CONFIGURATION`
			`# =============================================================================`

			`[core]`
			`version = "1.0.0"`
			`name = "provisioning-system-prod"`

			`# =============================================================================`
			`# PRODUCTION PATHS`
			`# =============================================================================`
			`# Configured for production deployment standards`

			`[paths]`
			`# Production base path - typically system-wide installation`
			`# Standard production locations:`
			`# base = "/opt/provisioning" # Standard system location`
			`# base = "/usr/local/provisioning" # Alternative system location`
			`# base = "/app/provisioning" # Container deployment`
			`# base = "/srv/provisioning" # Service directory`
			`base = "/opt/provisioning"`

			`# Production paths follow security best practices`
			`# All paths inherit from base for consistency`
			`kloud = "{{paths.base}}/infra"`
			`providers = "{{paths.base}}/providers"`
			`taskservs = "{{paths.base}}/taskservs"`
			`clusters = "{{paths.base}}/cluster"`
			`resources = "{{paths.base}}/resources"`
			`templates = "{{paths.base}}/templates"`
			`tools = "{{paths.base}}/tools"`
			`core = "{{paths.base}}/core"`

			`[paths.files]`
			`# Production configuration files with secure defaults`
			`settings = "{{paths.base}}/kcl/settings.k"`
			`keys = "{{paths.base}}/keys/prod-keys.yaml"`
			`requirements = "{{paths.base}}/requirements.yaml"`
			`notify_icon = "{{paths.base}}/resources/icon.png"`

			`# =============================================================================`
			`# PRODUCTION SECURITY AND DEBUGGING`
			`# =============================================================================`
			`# Minimal debugging for security and performance`

			`[debug]`
			`# Disable debug mode in production for security`
			`enabled = false`

			`# Never show metadata in production logs`
			`metadata = false`

			`# Never enable check mode by default in production`
			`check = false`

			`# Disable remote debugging in production`
			`remote = false`

			`# Use warning level logging to capture only important events`
			`# This reduces log volume while maintaining operational visibility`
			`log_level = "warn"`

			`# Ensure terminal features work properly in production`
			`no_terminal = false`

			`# =============================================================================`
			`# PRODUCTION OUTPUT CONFIGURATION`
			`# =============================================================================`

			`[output]`
			`# Use less for reliable paging in production environments`
			`file_viewer = "less"`

			`# YAML format for human-readable production output`
			`format = "yaml"`

			`# =============================================================================`
			`# PRODUCTION SOPS CONFIGURATION`
			`# =============================================================================`
			`# Secure secrets management for production`

			`[sops]`
			`# Enable SOPS for production secret management`
			`use_sops = true`

			`# Production SOPS configuration with strict security`
			`config_path = "{{paths.base}}/.sops.yaml"`

			`# Secure key search paths for production`
			`# Only search trusted, secure locations`
			`key_search_paths = [`
			`"/etc/sops/age/keys.txt",`
			`"{{paths.base}}/keys/age.txt",`
			`"/var/lib/provisioning/keys/age.txt"`
			`]`

			`# =============================================================================`
			`# PRODUCTION RUNTIME CONFIGURATION`
			`# =============================================================================`

			`[taskservs]`
			`# Production runtime directory with proper permissions`
			`run_path = "/var/lib/provisioning/taskservs"`

			`[clusters]`
			`# Production cluster runtime with persistence`
			`run_path = "/var/lib/provisioning/clusters"`

			`[generation]`
			`# Production generation directory`
			`dir_path = "/var/lib/provisioning/generated"`
			`defs_file = "prod-defs.toml"`

			`# =============================================================================`
			`# PRODUCTION PROVIDER CONFIGURATION`
			`# =============================================================================`
			`# Production-ready cloud provider settings`

			`[providers]`
			`# Default to AWS for production deployments`
			`# Change to your primary production cloud provider`
			`default = "aws"`

			`# AWS Production Configuration`
			`[providers.aws]`
			`# Use default AWS endpoints for production`
			`api_url = ""`
			`# Use IAM roles/instance profiles for authentication`
			`auth = ""`
			`# Use CLI interface for production stability`
			`interface = "CLI"`

			`# UpCloud Production Configuration`
			`[providers.upcloud]`
			`# Standard UpCloud API endpoint`
			`api_url = "https://api.upcloud.com/1.3"`
			`# Use API keys stored in environment/SOPS`
			`auth = ""`
			`# Use CLI interface for production`
			`interface = "CLI"`

			`# Local Provider (disabled in production)`
			`[providers.local]`
			`# Not typically used in production`
			`api_url = ""`
			`auth = ""`
			`interface = "CLI"`

			`# =============================================================================`
			`# PRODUCTION ENVIRONMENT SETTINGS`
			`# =============================================================================`

			`# Production environment defaults`
			`[environments.prod]`
			`debug.enabled = false`
			`debug.log_level = "warn"`
			`debug.metadata = false`
			`debug.check = false`
			`debug.remote = false`
			`providers.default = "aws"`
			`output.format = "yaml"`
			`output.file_viewer = "less"`

			`# Development override (if needed for production debugging)`
			`[environments.dev]`
			`debug.enabled = true`
			`debug.log_level = "info"`
			`debug.check = true`
			`providers.default = "local"`
			`output.format = "json"`

			`# Testing environment for production validation`
			`[environments.test]`
			`debug.enabled = false`
			`debug.log_level = "info"`
			`debug.check = true`
			`providers.default = "aws"`
			`output.format = "yaml"`

			`# =============================================================================`
			`# PRODUCTION PERFORMANCE OPTIMIZATION`
			`# =============================================================================`

			`# Performance settings optimized for production workloads`
			`[performance]`
			`# Higher parallelism for production efficiency`
			`parallel_operations = 8`
			`# Longer timeouts for production reliability`
			`timeout_seconds = 600`
			`# Enable caching for better performance`
			`cache_enabled = true`
			`# Production cache directory`
			`cache_dir = "/var/cache/provisioning"`
			`# Cache retention for production`
			`cache_retention_hours = 24`

			`# =============================================================================`
			`# PRODUCTION SECURITY CONFIGURATION`
			`# =============================================================================`

			`# Security settings for production environment`
			`[security]`
			`# Always require confirmation for destructive operations`
			`require_confirmation = true`
			`# Never log sensitive data in production`
			`log_sensitive_data = false`
			`# Enable strict validation in production`
			`strict_validation = true`
			`# Production backup settings`
			`auto_backup = true`
			`backup_dir = "/var/backups/provisioning"`
			`# Backup retention policy`
			`backup_retention_days = 30`
			`# Encrypt backups in production`
			`backup_encryption = true`
			`# Audit logging for production`
			`audit_enabled = true`
			`audit_log_path = "/var/log/provisioning/audit.log"`

			`# =============================================================================`
			`# PRODUCTION MONITORING AND ALERTING`
			`# =============================================================================`

			`# Production monitoring configuration`
			`[monitoring]`
			`# Enable comprehensive monitoring`
			`enabled = true`
			`# Production metrics endpoint`
			`endpoint = "https://metrics.example.com/provisioning"`
			`# Monitoring interval`
			`interval = "60s"`
			`# Health check configuration`
			`health_check_enabled = true`
			`health_check_port = 8080`
			`# Log aggregation for production`
			`log_endpoint = "https://logs.example.com/provisioning"`

			`# Production alerting`
			`[alerting]`
			`# Enable production alerting`
			`enabled = true`
			`# Alert channels`
			`email_enabled = true`
			`email_recipients = ["ops@example.com", "devops@example.com"]`
			`slack_enabled = true`
			`slack_webhook = "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"`
			`# PagerDuty integration`
			`pagerduty_enabled = true`
			`pagerduty_key = "SOPS_ENCRYPTED_KEY"`
			`# Alert thresholds`
			`error_threshold = 5`
			`warning_threshold = 10`

			`# =============================================================================`
			`# PRODUCTION BACKUP AND DISASTER RECOVERY`
			`# =============================================================================`

			`# Production backup configuration`
			`[backup]`
			`# Enable automated backups`
			`enabled = true`
			`# Backup schedule (production frequency)`
			`schedule = "0 2 * * *" # Daily at 2 AM`
			`# Backup retention policy`
			`retention_days = 90`
			`# Backup storage location`
			`location = "/var/backups/provisioning"`
			`# Remote backup storage`
			`remote_enabled = true`
			`remote_location = "s3://company-backups/provisioning/"`
			`# Backup encryption`
			`encryption_enabled = true`
			`# Backup verification`
			`verification_enabled = true`

			`# Disaster recovery settings`
			`[disaster_recovery]`
			`# Enable DR procedures`
			`enabled = true`
			`# DR site configuration`
			`dr_site = "us-west-2"`
			`# RTO and RPO targets`
			`rto_minutes = 60`
			`rpo_minutes = 15`
			`# DR testing schedule`
			`test_schedule = "0 3 1 * *" # Monthly DR testing`

			`# =============================================================================`
			`# PRODUCTION COMPLIANCE AND GOVERNANCE`
			`# =============================================================================`

			`# Compliance settings for production`
			`[compliance]`
			`# Enable compliance monitoring`
			`enabled = true`
			`# Compliance frameworks`
			`frameworks = ["SOC2", "PCI-DSS", "GDPR"]`
			`# Compliance reporting`
			`reporting_enabled = true`
			`report_frequency = "monthly"`
			`# Data retention policies`
			`data_retention_days = 2555 # 7 years`
			`# Encryption requirements`
			`encryption_at_rest = true`
			`encryption_in_transit = true`

			`# Governance settings`
			`[governance]`
			`# Change management`
			`change_approval_required = true`
			`# Configuration drift detection`
			`drift_detection_enabled = true`
			`drift_check_interval = "24h"`
			`# Policy enforcement`
			`policy_enforcement_enabled = true`
			`# Resource tagging requirements`
			`required_tags = ["Environment", "Owner", "Project", "CostCenter"]`

			`# =============================================================================`
			`# PRODUCTION INTEGRATION SETTINGS`
			`# =============================================================================`

			`# CI/CD integration for production`
			`[cicd]`
			`# Enable CI/CD integration`
			`enabled = true`
			`# Pipeline triggers`
			`trigger_on_config_change = true`
			`# Deployment gates`
			`require_approval = true`
			`# Automated testing`
			`run_tests = true`
			`test_timeout = 1800`
			`# Rollback capability`
			`auto_rollback_enabled = true`

			`# ITSM integration`
			`[itsm]`
			`# ServiceNow integration`
			`servicenow_enabled = true`
			`servicenow_instance = "https://company.service-now.com"`
			`# Change request automation`
			`auto_create_change_requests = true`
			`# Incident management`
			`auto_create_incidents = true`

			`# =============================================================================`
			`# PRODUCTION RESOURCE MANAGEMENT`
			`# =============================================================================`

			`# Resource quotas and limits for production`
			`[resources]`
			`# CPU limits`
			`max_cpu_cores = 32`
			`# Memory limits`
			`max_memory_gb = 128`
			`# Storage limits`
			`max_storage_gb = 1000`
			`# Network limits`
			`max_bandwidth_mbps = 1000`
			`# Instance limits`
			`max_instances = 100`

			`# Cost management`
			`[cost_management]`
			`# Enable cost tracking`
			`enabled = true`
			`# Budget alerts`
			`budget_alerts_enabled = true`
			`monthly_budget_limit = 10000`
			`# Cost optimization`
			`auto_optimize = false`
			`optimization_schedule = "0 4 * * 0" # Weekly optimization review`

			`# =============================================================================`
			`# PRODUCTION OPERATIONAL PROCEDURES`
			`# =============================================================================`

			`# Maintenance windows`
			`[maintenance]`
			`# Scheduled maintenance`
			`enabled = true`
			`# Maintenance window schedule`
			`schedule = "0 3 * * 0" # Sunday 3 AM`
			`# Maintenance duration`
			`duration_hours = 4`
			`# Notification before maintenance`
			`notification_hours = 24`

			`# Incident response`
			`[incident_response]`
			`# Enable automated incident response`
			`enabled = true`
			`# Response team notifications`
			`primary_contact = "ops@example.com"`
			`escalation_contact = "management@example.com"`
			`# Response time targets`
			`response_time_minutes = 15`
			`resolution_time_hours = 4`

			`# =============================================================================`
			`# PRODUCTION USAGE GUIDELINES`
			`# =============================================================================`
			`#`
			`# Production Deployment Checklist:`
			`# --------------------------------`
			`#`
			`# 1. Security Review:`
			`# □ SOPS keys properly secured`
			`# □ IAM roles configured with least privilege`
			`# □ Network security groups configured`
			`# □ Audit logging enabled`
			`#`
			`# 2. Performance Validation:`
			`# □ Resource quotas set appropriately`
			`# □ Monitoring and alerting configured`
			`# □ Backup and DR procedures tested`
			`# □ Load testing completed`
			`#`
			`# 3. Compliance Verification:`
			`# □ Required tags applied to all resources`
			`# □ Data encryption enabled`
			`# □ Compliance frameworks configured`
			`# □ Change management processes in place`
			`#`
			`# 4. Operational Readiness:`
			`# □ Runbooks created and tested`
			`# □ On-call procedures established`
			`# □ Incident response tested`
			`# □ Documentation updated`
			`#`
			`# Production Operations Commands:`
			`# ------------------------------`
			`#`
			`# 1. Health Check:`
			`# ./core/nulib/provisioning validate config --strict`
			`#`
			`# 2. Deploy Infrastructure:`
			`# ./core/nulib/provisioning server create --infra production`
			`#`
			`# 3. Monitor Operations:`
			`# ./core/nulib/provisioning show servers --infra production --out yaml`
			`#`
			`# 4. Backup Configuration:`
			`# ./core/nulib/provisioning backup create --infra production`
			`#`
			`# 5. Emergency Procedures:`
			`# ./core/nulib/provisioning cluster delete --infra production --emergency`
			`#`
			`# =============================================================================`
			`# PRODUCTION TROUBLESHOOTING`
			`# =============================================================================`
			`#`
			`# Common Production Issues:`
			`# ------------------------`
			`#`
			`# 1. Authentication Failures:`
			`# - Check IAM roles and policies`
			`# - Verify SOPS key access`
			`# - Validate provider credentials`
			`#`
			`# 2. Performance Issues:`
			`# - Review parallel_operations setting`
			`# - Check timeout_seconds values`
			`# - Monitor resource utilization`
			`#`
			`# 3. Security Alerts:`
			`# - Review audit logs`
			`# - Check compliance status`
			`# - Validate encryption settings`
			`#`
			`# 4. Backup Failures:`
			`# - Verify backup storage access`
			`# - Check retention policies`
			`# - Test recovery procedures`
			`#`
			`# 5. Monitoring Gaps:`
			`# - Validate monitoring endpoints`
			`# - Check alert configurations`
			`# - Test notification channels`