generate/platform: use platform metadata as source of truth (#200)

This patch addresses Nate's feedback that it's difficult to know what
platform is being operated on.

Previously it wasn't clear where the platform id used for push and pull
comes from.  The source of truth is the platform.metadata.json file
created when the platform is first generated using `holos generate
platform k3d`.

This patch removes the platformId field from the platform.config.json
file, renames the platform.config.json file to platform.model.json and
renames the internal symbols to match the domain language of "Platform
Model" instead of the less clear "config"

This patch also changes the API between holos and CUE to use the proto
json imported from the proto file instead of generated from the go code
generated from the proto file.  The purpose is to ensure protojson
encoding is used end to end.

Default log handler:

The patch also changes the default log output to print only the message
to stderr.  This addresses similar feedback from both Gary and Nate that
the output is skipped over because it feels like internal debug logs.

We still want 100% of output to go through the logger so we can ensure
each line can be made into valid json.  Info messages however are meant
for the user and all other attributes can be stripped off by default.
If additional source location is necessary, enable the text or json
output format.

Protobuf JSON:

This patch modifies the API contract between holos and CUE to ensure
data is exchanged exclusively using protojson.  This is necessary
because protobuf has a canonical json format which is not compatible
with the go json package struct tags.  When Holos handles a protobuf
message, it must marshal and unmarshal it using the protojson package.

Similarly, when importing protobuf messages into CUE, we must use `cue
import` instead of `cue go get` so that the canonical format is used
instead of the invalid go json struct tags.

Finally, when a Go struct like v1alpha1.Form is used to represent data
defined in cue which contains a nested protobuf message, Holos should
use a cue.Value to lookup the nested path, marshal it into json bytes,
then unmarshal it again using protojson.

.cspell.json

@@ -0,0 +1,73 @@
+{
+  "version": "0.2",
+  "language": "en",
+  "enableFiletypes": [
+    "mdx"
+  ],
+  "words": [
+    "applicationset",
+    "argoproj",
+    "authpolicy",
+    "authproxy",
+    "authroutes",
+    "buildplan",
+    "cainjector",
+    "clusterissuer",
+    "cookiesecret",
+    "coredns",
+    "crds",
+    "crossplane",
+    "cuecontext",
+    "cuelang",
+    "dnsmasq",
+    "dscacheutil",
+    "entgo",
+    "errgroup",
+    "fieldmaskpb",
+    "flushcache",
+    "gitops",
+    "grpcreflect",
+    "holos",
+    "httpbin",
+    "Infima",
+    "isatty",
+    "istiod",
+    "jetstack",
+    "killall",
+    "kubeadm",
+    "kubeconfig",
+    "kustomize",
+    "libnss",
+    "loadbalancer",
+    "mattn",
+    "mxcl",
+    "myhostname",
+    "nameserver",
+    "organizationconnect",
+    "orgid",
+    "otelconnect",
+    "Parentspanid",
+    "platformconnect",
+    "promhttp",
+    "protojson",
+    "putenv",
+    "quickstart",
+    "retryable",
+    "spanid",
+    "spiffe",
+    "startupapicheck",
+    "structpb",
+    "systemconnect",
+    "tablewriter",
+    "Tiltfile",
+    "timestamppb",
+    "Traceid",
+    "traefik",
+    "uibutton",
+    "Upsert",
+    "urandom",
+    "userconnect",
+    "zerolog",
+    "zitadel"
+  ]
+}

.github/workflows.disabed/test.yaml

@@ -41,10 +41,6 @@ jobs:
         run: |
           set -x
           make tools
-          make buf
-          go generate ./...
-          make frontend
-          go mod tidy
 
       - name: Test
         run: ./scripts/test

.github/workflows/lint.yaml

@@ -37,10 +37,6 @@ jobs:
         run: |
           set -x
           make tools
-          make buf
-          go generate ./...
-          make frontend
-          go mod tidy
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4

.github/workflows/release.yaml

@@ -40,10 +40,6 @@ jobs:
         run: |
           set -x
           make tools
-          make buf
-          go generate ./...
-          make frontend
-          go mod tidy
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v6

.gitignore

@@ -7,3 +7,9 @@ coverage.out
 /deploy/
 .vscode/
 tmp/
+.DS_*
+
+# In case we run through the tutorial in this directory.
+/holos-k3d/
+/holos-infra/
+node_modules/

Makefile

@@ -62,37 +62,21 @@ fmt: ## Format code.
 vet: ## Vet Go code.
 	go vet ./...
 
-.PHONY: gencue
-gencue: ## Generate CUE definitions
-	cd internal/generate/platforms && cue get go github.com/holos-run/holos/api/v1alpha1/...
-	cd internal/generate/platforms && cue get go github.com/holos-run/holos/api/core/...
-	cd internal/generate/platforms && cue get go github.com/holos-run/holos/api/meta/...
-
-.PHONY: rmgen
-rmgen: ## Remove generated code
-	git rm -rf service/gen/ internal/frontend/holos/src/app/gen/ || true
-	rm -rf service/gen/ internal/frontend/holos/src/app/gen/
-	git rm -rf internal/ent/
-	rm -rf internal/ent/
-	git restore --staged internal/ent/generate.go internal/ent/schema/
-	git restore internal/ent/generate.go internal/ent/schema/
-	rm -rf docs/website/build
-	git restore --staged docs/website/build
-	git restore docs/website/build
-
-.PHONY: regenerate
-regenerate: generate ## Re-generate code (delete and re-create)
-
 .PHONY: generate
-generate: buf gencue ## Generate code.
+generate: ## Generate code.
 	go generate ./...
 
 .PHONY: build
-build: generate frontend website ## Build holos executable.
+build: ## Build holos executable.
 	@echo "building ${BIN_NAME} ${VERSION}"
 	@echo "GOPATH=${GOPATH}"
 	go build -trimpath -o bin/$(BIN_NAME) -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/$(BIN_NAME)
 
+linux: ## Build holos executable for tilt.
+	@echo "building ${BIN_NAME}.linux ${VERSION}"
+	@echo "GOPATH=${GOPATH}"
+	GOOS=linux go build -trimpath -o bin/$(BIN_NAME).linux -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/$(BIN_NAME)
+
 .PHONY: install
 install: build ## Install holos to GOPATH/bin
 	install bin/$(BIN_NAME) $(shell go env GOPATH)/bin/$(BIN_NAME)
@@ -110,6 +94,7 @@ lint: ## Run linters.
 	buf lint
 	cd internal/frontend/holos && ng lint
 	golangci-lint run
+	./hack/cspell
 
 .PHONY: coverage
 coverage: test  ## Test coverage profile.
@@ -119,13 +104,8 @@ coverage: test  ## Test coverage profile.
 snapshot:  ## Go release snapshot
 	goreleaser release --snapshot --clean
 
-.PHONY: buf
-buf: ## buf generate
-	cd service && buf dep update
-	buf generate
-
 .PHONY: tools
-tools: go-deps frontend-deps  ## install tool dependencies
+tools: go-deps frontend-deps website-deps ## install tool dependencies
 
 .PHONY: go-deps
 go-deps: ## tool versions pinned in tools.go
@@ -136,10 +116,11 @@ go-deps: ## tool versions pinned in tools.go
 	go install connectrpc.com/connect/cmd/protoc-gen-connect-go
 	go install honnef.co/go/tools/cmd/staticcheck
 	go install golang.org/x/tools/cmd/godoc
+	go install github.com/princjef/gomarkdoc/cmd/gomarkdoc
 	# curl https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash
 
 .PHONY: frontend-deps
-frontend-deps: ## Setup npm and vite
+frontend-deps: ## Install Angular deps for go generate
 	cd internal/frontend/holos && npm install
 	cd internal/frontend/holos && npm install --save-dev @bufbuild/buf @connectrpc/protoc-gen-connect-es
 	cd internal/frontend/holos && npm install @connectrpc/connect @connectrpc/connect-web @bufbuild/protobuf
@@ -147,25 +128,19 @@ frontend-deps: ## Setup npm and vite
 	cd internal/frontend/holos && npm install --save-dev @connectrpc/protoc-gen-connect-query @bufbuild/protoc-gen-es
 	cd internal/frontend/holos && npm install @connectrpc/connect-query @bufbuild/protobuf
 
-
-.PHONY: frontend
-frontend: buf ## Build the Angular web app
-	cd internal/frontend/holos && rm -rf dist
-	mkdir -p internal/frontend/holos/dist
-	cd internal/frontend/holos && ng build
-	touch internal/frontend/frontend.go
-
-.PHONY: website
-website: ## Build the Docusaurus web site
-	cd doc/website && git clean -fdx ./build
-	cd doc/website && yarn build
-	touch doc/website/website.go
+.PHONY: website-deps
+website-deps: ## Install Docusaurus deps for go generate
+	cd doc/website && npm install
 
 .PHONY: image
 image: build ## Docker image build
 	docker build . -t ${DOCKER_REPO}:v$(shell ./bin/holos --version)
 	docker push ${DOCKER_REPO}:v$(shell ./bin/holos --version)
 
+.PHONY: website
+website: ## Build website
+	./hack/build-website
+
 .PHONY: help
 help:  ## Display this help menu.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

Tiltfile

@@ -1,5 +1,5 @@
 # -*- mode: Python -*-
-# This Tiltfile manages a Go project with live leload in Kubernetes
+# This Tiltfile manages a Go project with live reload in Kubernetes
 
 listen_port = 3000
 metrics_port = 9090
@@ -8,56 +8,21 @@ metrics_port = 9090
 if os.getenv('TILT_WRAPPER') != '1':
     fail("could not run, ./hack/tilt/bin/tilt was not used to start tilt")
 
-# AWS Account to work in
-aws_account = '271053619184'
-aws_region = 'us-east-2'
-
 # Resource ids
-holos_backend = 'Holos Backend'
-pg_admin = 'pgAdmin'
-pg_cluster = 'PostgresCluster'
-pg_svc = 'Database Pod'
+holos_backend = 'Holos Server'
 compile_id = 'Go Build'
-auth_id = 'Auth Policy'
-lint_id = 'Run Linters'
-tests_id = 'Run Tests'
-
-# PostgresCluster resource name in k8s
-pg_cluster_name = 'holos'
-# Database name inside the PostgresCluster
-pg_database_name = 'holos'
-# PGAdmin name
-pg_admin_name = 'pgadmin'
 
 # Default Registry.
 # See: https://github.com/tilt-dev/tilt.build/blob/master/docs/choosing_clusters.md#manual-configuration
 # Note, Tilt will append the image name to the registry uri path
-default_registry('{account}.dkr.ecr.{region}.amazonaws.com/holos-run/holos-server'.format(account=aws_account, region=aws_region))
+# default_registry('{account}.dkr.ecr.{region}.amazonaws.com/holos-run/holos'.format(account=aws_account, region=aws_region))
 
 # Set a name prefix specific to the user.  Multiple developers share the tilt-holos namespace.
 developer = os.getenv('USER')
 holos_server = 'holos'
-# See ./hack/tilt/bin/tilt
-namespace = os.getenv('NAMESPACE')
-# We always develop against the k1 cluster.
+
+# We always develop against the k3d-workload cluster
 os.putenv('KUBECONFIG', os.path.abspath('./hack/tilt/kubeconfig'))
-# The context defined in ./hack/tilt/kubeconfig
-allow_k8s_contexts('sso@k1')
-allow_k8s_contexts('sso@k2')
-allow_k8s_contexts('sso@k3')
-allow_k8s_contexts('sso@k4')
-allow_k8s_contexts('sso@k5')
-# PG db connection for localhost -> k8s port-forward
-os.putenv('PGHOST', 'localhost')
-os.putenv('PGPORT', '15432')
-# We always develop in the dev aws account.
-os.putenv('AWS_CONFIG_FILE', os.path.abspath('./hack/tilt/aws.config'))
-os.putenv('AWS_ACCOUNT', aws_account)
-os.putenv('AWS_DEFAULT_REGION', aws_region)
-os.putenv('AWS_PROFILE', 'dev-holos')
-os.putenv('AWS_SDK_LOAD_CONFIG', '1')
-# Authenticate to AWS ECR when tilt up is run by the developer
-local_resource('AWS Credentials', './hack/tilt/aws-login.sh', auto_init=True)
 
 # Extensions are open-source, pre-packaged functions that extend Tilt
 #
@@ -81,8 +46,8 @@ developer_paths = [
     './service/holos',
 ]
 
-# Builds the holos-server executable
-local_resource(compile_id, 'make build', deps=developer_paths)
+# Builds the holos executable GOOS=linux
+local_resource(compile_id, 'make linux', deps=developer_paths)
 
 # Build Docker image
 #   Tilt will automatically associate image builds with the resource(s)
@@ -91,84 +56,33 @@ local_resource(compile_id, 'make build', deps=developer_paths)
 #   More info: https://docs.tilt.dev/api.html#api.docker_build
 #
 docker_build_with_restart(
-    'holos',
+    'k3d-registry.holos.localhost:5100/holos',
     context='.',
     entrypoint=[
-        '/app/bin/holos',
+        '/app/bin/holos.linux',
         'server',
-        '--listen-port={}'.format(listen_port),
-        '--oidc-issuer=https://login.ois.run',
-        '--oidc-audience=262096764402729854@holos_platform',
-        '--log-level=debug',
-        '--metrics-port={}'.format(metrics_port),
+        '--log-format=text',
+        '--oidc-issuer=https://login.holos.run',
+        '--oidc-audience=275804490387516853@holos_quickstart', # auth proxy
+        '--oidc-audience=270319630705329162@holos_platform', # holos cli
     ],
-    dockerfile='./hack/tilt/Dockerfile',
+    dockerfile='./Dockerfile',
     only=['./bin'],
     # (Recommended) Updating a running container in-place
     # https://docs.tilt.dev/live_update_reference.html
     live_update=[
         # Sync files from host to container
-        sync('./bin', '/app/bin'),
-        # Wait for aws-login https://github.com/tilt-dev/tilt/issues/3048
-        sync('./tilt/aws-login.last', '/dev/null'),
-        # Execute commands in the container when paths change
-        # run('/app/hack/codegen.sh', trigger=['./app/api'])
+        sync('./bin/', '/app/bin/'),
     ],
 )
 
-
-# Run local commands
-#   Local commands can be helpful for one-time tasks like installing
-#   project prerequisites. They can also manage long-lived processes
-#   for non-containerized services or dependencies.
-#
-#   More info: https://docs.tilt.dev/local_resource.html
-#
-# local_resource('install-helm',
-#                cmd='which helm > /dev/null || brew install helm',
-#                # `cmd_bat`, when present, is used instead of `cmd` on Windows.
-#                cmd_bat=[
-#                    'powershell.exe',
-#                    '-Noninteractive',
-#                    '-Command',
-#                    '& {if (!(Get-Command helm -ErrorAction SilentlyContinue)) {scoop install helm}}'
-#                ]
-# )
-
-# Teach tilt about our custom resources (Note, this may be intended for workloads)
-# k8s_kind('authorizationpolicy')
-# k8s_kind('requestauthentication')
-# k8s_kind('virtualservice')
-k8s_kind('pgadmin')
-
-
 # Troubleshooting
 def resource_name(id):
     print('resource: {}'.format(id))
     return id.name
 
-
 workload_to_resource_function(resource_name)
 
-# Apply Kubernetes manifests
-#   Tilt will build & push any necessary images, re-deploying your
-#   resources as they change.
-#
-#   More info: https://docs.tilt.dev/api.html#api.k8s_yaml
-#
-
-def holos_yaml():
-    """Return a k8s Deployment personalized for the developer."""
-    k8s_yaml_template = str(read_file('./hack/tilt/k8s.yaml'))
-    return k8s_yaml_template.format(
-        name=holos_server,
-        developer=developer,
-        namespace=namespace,
-        listen_port=listen_port,
-        metrics_port=metrics_port,
-        tz=os.getenv('TZ'),
-    )
-
 # Customize a Kubernetes resource
 #   By default, Kubernetes resource names are automatically assigned
 #   based on objects in the YAML manifests, e.g. Deployment name.
@@ -179,133 +93,18 @@ def holos_yaml():
 #
 #   More info: https://docs.tilt.dev/api.html#api.k8s_resource
 #
-k8s_yaml(blob(holos_yaml()))
+k8s_yaml(blob(str(read_file('./hack/tilt/k8s/dev-holos-app/deployment.yaml'))))
 
 # Backend server process
 k8s_resource(
     workload=holos_server,
     new_name=holos_backend,
-    objects=[
-        '{}:serviceaccount'.format(holos_server),
-        '{}:servicemonitor'.format(holos_server),
-    ],
+    objects=[],
     resource_deps=[compile_id],
     links=[
-        link('https://{}.app.dev.k2.holos.run/ui/'.format(developer), "Holos Web UI")
-    ],
-)
-
-
-# AuthorizationPolicy - Beyond Corp functionality
-k8s_resource(
-    new_name=auth_id,
-    objects=[
-      '{}:virtualservice'.format(holos_server),
+        link('https://app.holos.localhost/ui/'.format(developer), "Holos Web UI")
     ],
 )
 
 # Database
-# Note: Tilt confuses the backup pods with the database server pods, so this code is careful to tease the pods
-# apart so logs are streamed correctly.
-# See: https://github.com/tilt-dev/tilt.specs/blob/master/resource_assembly.md
-
-# pgAdmin Web UI
-k8s_resource(
-    workload=pg_admin_name,
-    new_name=pg_admin,
-    port_forwards=[
-        port_forward(15050, 5050, pg_admin),
-    ],
-)
-
-# Disabled because these don't group resources nicely
-# k8s_kind('postgrescluster')
-
-# Postgres database in-cluster
-k8s_resource(
-    new_name=pg_cluster,
-    objects=['holos:postgrescluster'],
-)
-
-# Needed to select the database by label
-# https://docs.tilt.dev/api.html#api.k8s_custom_deploy
-k8s_custom_deploy(
-    pg_svc,
-    apply_cmd=['./hack/tilt/k8s-get-db-sts', pg_cluster_name],
-    delete_cmd=['echo', 'Skipping delete.  Object managed by custom resource.'],
-    deps=[],
-)
-k8s_resource(
-    pg_svc,
-    port_forwards=[
-        port_forward(15432, 5432, 'psql'),
-    ],
-    resource_deps=[pg_cluster]
-)
-
-
-# Run tests
-local_resource(
-    tests_id,
-    'make test',
-    allow_parallel=True,
-    auto_init=False,
-    deps=developer_paths,
-)
-
-# Run linter
-local_resource(
-    lint_id,
-    'make lint',
-    allow_parallel=True,
-    auto_init=False,
-    deps=developer_paths,
-)
-
-# UI Buttons for helpful things.
-# Icons: https://fonts.google.com/icons
-os.putenv("GH_FORCE_TTY", "80%")
-cmd_button(
-    '{}:go-test-failfast'.format(tests_id),
-    argv=['./hack/tilt/go-test-failfast'],
-    resource=tests_id,
-    icon_name='quiz',
-    text='Fail Fast',
-)
-cmd_button(
-    '{}:issues'.format(holos_server),
-    argv=['./hack/tilt/gh-issues'],
-    resource=holos_backend,
-    icon_name='folder_data',
-    text='Issues',
-)
-cmd_button(
-    '{}:gh-issue-view'.format(holos_server),
-    argv=['./hack/tilt/gh-issue-view'],
-    resource=holos_backend,
-    icon_name='task',
-    text='View Issue',
-)
-cmd_button(
-    '{}:get-pgdb-creds'.format(holos_server),
-    argv=['./hack/tilt/get-pgdb-creds', pg_cluster_name, pg_database_name],
-    resource=pg_svc,
-    icon_name='lock_open_right',
-    text='DB Creds',
-)
-cmd_button(
-    '{}:get-pgdb-creds'.format(pg_admin_name),
-    argv=['./hack/tilt/get-pgdb-creds', pg_cluster_name, pg_database_name],
-    resource=pg_admin,
-    icon_name='lock_open_right',
-    text='DB Creds',
-)
-cmd_button(
-    '{}:get-pgadmin-creds'.format(pg_admin_name),
-    argv=['./hack/tilt/get-pgadmin-creds', pg_admin_name],
-    resource=pg_admin,
-    icon_name='lock_open_right',
-    text='pgAdmin Login',
-)
-
 print("✨ Tiltfile evaluated")

api/core/v1alpha2/doc.go

@@ -22,3 +22,5 @@
 // Note that Holos operates as a data pipeline, so the output of a [HelmChart]
 // may be provided to [Kustomize] for post-processing.
 package v1alpha2
+
+//go:generate ../../../hack/gendoc

cue.mod/module.cue

@@ -1 +0,0 @@
-module: "github.com/holos-run/holos"

doc/md/api/core/v1alpha2.md

@@ -0,0 +1,403 @@
+<!-- Code generated by gomarkdoc. DO NOT EDIT -->
+
+# v1alpha2
+
+```go
+import "github.com/holos-run/holos/api/core/v1alpha2"
+```
+
+Package v1alpha2 contains the core API contract between the holos cli and CUE configuration code. Platform designers, operators, and software developers use this API to write configuration in CUE which \`holos\` loads. The overall shape of the API defines imperative actions \`holos\` should carry out to render the complete yaml that represents a Platform.
+
+[Platform](<#Platform>) defines the complete configuration of a platform. With the holos reference platform this takes the shape of one management cluster and at least two workload cluster. Each cluster has multiple [HolosComponent](<#HolosComponent>) resources applied to it.
+
+Each holos component path, e.g. \`components/namespaces\` produces exactly one [BuildPlan](<#BuildPlan>) which in turn contains a set of [HolosComponent](<#HolosComponent>) kinds.
+
+The primary kinds of [HolosComponent](<#HolosComponent>) are:
+
+1. [HelmChart](<#HelmChart>) to render config from a helm chart.
+2. [KustomizeBuild](<#KustomizeBuild>) to render config from [Kustomize](<#Kustomize>)
+3. [KubernetesObjects](<#KubernetesObjects>) to render [APIObjects](<#APIObjects>) defined directly in CUE configuration.
+
+Note that Holos operates as a data pipeline, so the output of a [HelmChart](<#HelmChart>) may be provided to [Kustomize](<#Kustomize>) for post\-processing.
+
+## Index
+
+- [Constants](<#constants>)
+- [type APIObject](<#APIObject>)
+- [type APIObjectMap](<#APIObjectMap>)
+- [type APIObjects](<#APIObjects>)
+- [type BuildPlan](<#BuildPlan>)
+- [type BuildPlanComponents](<#BuildPlanComponents>)
+- [type BuildPlanSpec](<#BuildPlanSpec>)
+- [type Chart](<#Chart>)
+- [type FileContent](<#FileContent>)
+- [type FileContentMap](<#FileContentMap>)
+- [type FilePath](<#FilePath>)
+- [type HelmChart](<#HelmChart>)
+- [type HolosComponent](<#HolosComponent>)
+- [type Kind](<#Kind>)
+- [type KubernetesObjects](<#KubernetesObjects>)
+- [type Kustomize](<#Kustomize>)
+- [type KustomizeBuild](<#KustomizeBuild>)
+- [type Label](<#Label>)
+- [type Metadata](<#Metadata>)
+- [type Platform](<#Platform>)
+- [type PlatformMetadata](<#PlatformMetadata>)
+- [type PlatformSpec](<#PlatformSpec>)
+- [type PlatformSpecComponent](<#PlatformSpecComponent>)
+- [type Repository](<#Repository>)
+
+
+## Constants
+
+<a name="APIVersion"></a>
+
+```go
+const (
+    APIVersion    = "v1alpha2"
+    BuildPlanKind = "BuildPlan"
+    HelmChartKind = "HelmChart"
+    // ChartDir is the directory name created in the holos component directory to cache a chart.
+    ChartDir = "vendor"
+    // ResourcesFile is the file name used to store component output when post-processing with kustomize.
+    ResourcesFile = "resources.yaml"
+)
+```
+
+<a name="KubernetesObjectsKind"></a>
+
+```go
+const KubernetesObjectsKind = "KubernetesObjects"
+```
+
+<a name="APIObject"></a>
+## type APIObject {#APIObject}
+
+APIObject represents the most basic generic form of a single kubernetes api object. Represented as a JSON object internally for compatibility between tools, for example loading from CUE.
+
+```go
+type APIObject structpb.Struct
+```
+
+<a name="APIObjectMap"></a>
+## type APIObjectMap {#APIObjectMap}
+
+APIObjectMap represents the marshalled yaml representation of kubernetes api objects. Do not produce an APIObjectMap directly, instead use [APIObjects](<#APIObjects>) to produce the marshalled yaml representation from CUE data, then provide the result to [HolosComponent](<#HolosComponent>).
+
+```go
+type APIObjectMap map[Kind]map[Label]string
+```
+
+<a name="APIObjects"></a>
+## type APIObjects {#APIObjects}
+
+APIObjects represents Kubernetes API objects defined directly from CUE code. Useful to mix in resources to any kind of [HolosComponent](<#HolosComponent>), for example adding an ExternalSecret resource to a [HelmChart](<#HelmChart>).
+
+[Kind](<#Kind>) must be the resource kind, e.g. Deployment or Service.
+
+[Label](<#Label>) is an arbitrary internal identifier to uniquely identify the resource within the context of a \`holos\` command. Holos will never write the intermediate label to rendered output.
+
+Refer to [HolosComponent](<#HolosComponent>) which accepts an [APIObjectMap](<#APIObjectMap>) field provided by [APIObjects](<#APIObjects>).
+
+```go
+type APIObjects struct {
+    APIObjects   map[Kind]map[Label]APIObject `json:"apiObjects"`
+    APIObjectMap APIObjectMap                 `json:"apiObjectMap"`
+}
+```
+
+<a name="BuildPlan"></a>
+## type BuildPlan {#BuildPlan}
+
+BuildPlan represents a build plan for the holos cli to execute. The purpose of a BuildPlan is to define one or more [HolosComponent](<#HolosComponent>) kinds. For example a [HelmChart](<#HelmChart>), [KustomizeBuild](<#KustomizeBuild>), or [KubernetesObjects](<#KubernetesObjects>).
+
+A BuildPlan usually has an additional empty [KubernetesObjects](<#KubernetesObjects>) for the purpose of using the [HolosComponent](<#HolosComponent>) DeployFiles field to deploy an ArgoCD or Flux gitops resource for the holos component.
+
+```go
+type BuildPlan struct {
+    Kind       string        `json:"kind" cue:"\"BuildPlan\""`
+    APIVersion string        `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    Spec       BuildPlanSpec `json:"spec"`
+}
+```
+
+<a name="BuildPlanComponents"></a>
+## type BuildPlanComponents {#BuildPlanComponents}
+
+
+
+```go
+type BuildPlanComponents struct {
+    Resources             map[Label]KubernetesObjects `json:"resources,omitempty"`
+    KubernetesObjectsList []KubernetesObjects         `json:"kubernetesObjectsList,omitempty"`
+    HelmChartList         []HelmChart                 `json:"helmChartList,omitempty"`
+    KustomizeBuildList    []KustomizeBuild            `json:"kustomizeBuildList,omitempty"`
+}
+```
+
+<a name="BuildPlanSpec"></a>
+## type BuildPlanSpec {#BuildPlanSpec}
+
+BuildPlanSpec represents the specification of the build plan.
+
+```go
+type BuildPlanSpec struct {
+    // Disabled causes the holos cli to take no action over the [BuildPlan].
+    Disabled bool `json:"disabled,omitempty"`
+    // Components represents multiple [HolosComponent] kinds to manage.
+    Components BuildPlanComponents `json:"components,omitempty"`
+}
+```
+
+<a name="Chart"></a>
+## type Chart {#Chart}
+
+Chart represents a helm chart.
+
+```go
+type Chart struct {
+    // Name represents the chart name.
+    Name string `json:"name"`
+    // Version represents the chart version.
+    Version string `json:"version"`
+    // Release represents the chart release when executing helm template.
+    Release string `json:"release"`
+    // Repository represents the repository to fetch the chart from.
+    Repository Repository `json:"repository,omitempty"`
+}
+```
+
+<a name="FileContent"></a>
+## type FileContent {#FileContent}
+
+FileContent represents file contents.
+
+```go
+type FileContent string
+```
+
+<a name="FileContentMap"></a>
+## type FileContentMap {#FileContentMap}
+
+FileContentMap represents a mapping of file paths to file contents. Paths are relative to the \`holos\` output "deploy" directory, and may contain sub\-directories.
+
+```go
+type FileContentMap map[FilePath]FileContent
+```
+
+<a name="FilePath"></a>
+## type FilePath {#FilePath}
+
+FilePath represents a file path.
+
+```go
+type FilePath string
+```
+
+<a name="HelmChart"></a>
+## type HelmChart {#HelmChart}
+
+HelmChart represents a holos component which wraps around an upstream helm chart. Holos orchestrates helm by providing values obtained from CUE, renders the output using \`helm template\`, then post\-processes the helm output yaml using the general functionality provided by [HolosComponent](<#HolosComponent>), for example [Kustomize](<#Kustomize>) post\-rendering and mixing in additional kubernetes api objects.
+
+```go
+type HelmChart struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"HelmChart\""`
+
+    // Chart represents a helm chart to manage.
+    Chart Chart `json:"chart"`
+    // ValuesContent represents the values.yaml file holos passes to the `helm
+    // template` command.
+    ValuesContent string `json:"valuesContent"`
+    // EnableHooks enables helm hooks when executing the `helm template` command.
+    EnableHooks bool `json:"enableHooks" cue:"bool | *false"`
+}
+```
+
+<a name="HolosComponent"></a>
+## type HolosComponent {#HolosComponent}
+
+HolosComponent defines the fields common to all holos component kinds. Every holos component kind should embed HolosComponent.
+
+```go
+type HolosComponent struct {
+    // Kind is a string value representing the resource this object represents.
+    Kind string `json:"kind"`
+    // APIVersion represents the versioned schema of this representation of an object.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    // Metadata represents data about the holos component such as the Name.
+    Metadata Metadata `json:"metadata"`
+
+    // APIObjectMap holds the marshalled representation of api objects.  Useful to
+    // mix in resources to each HolosComponent type, for example adding an
+    // ExternalSecret to a HelmChart HolosComponent.  Refer to [APIObjects].
+    APIObjectMap APIObjectMap `json:"apiObjectMap,omitempty"`
+
+    // DeployFiles represents file paths relative to the cluster deploy directory
+    // with the value representing the file content.  Intended for defining the
+    // ArgoCD Application resource or Flux Kustomization resource from within CUE,
+    // but may be used to render any file related to the build plan from CUE.
+    DeployFiles FileContentMap `json:"deployFiles,omitempty"`
+
+    // Kustomize represents a kubectl kustomize build post-processing step.
+    Kustomize `json:"kustomize,omitempty"`
+
+    // Skip causes holos to take no action regarding this component.
+    Skip bool `json:"skip" cue:"bool | *false"`
+}
+```
+
+<a name="Kind"></a>
+## type Kind {#Kind}
+
+Kind is a kubernetes api object kind. Defined as a type for clarity and type checking.
+
+```go
+type Kind string
+```
+
+<a name="KubernetesObjects"></a>
+## type KubernetesObjects {#KubernetesObjects}
+
+KubernetesObjects represents a [HolosComponent](<#HolosComponent>) composed of Kubernetes API objects provided directly from CUE using [APIObjects](<#APIObjects>).
+
+```go
+type KubernetesObjects struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"KubernetesObjects\""`
+}
+```
+
+<a name="Kustomize"></a>
+## type Kustomize {#Kustomize}
+
+Kustomize represents resources necessary to execute a kustomize build. Intended for at least two use cases:
+
+1. Process a [KustomizeBuild](<#KustomizeBuild>) [HolosComponent](<#HolosComponent>) which represents raw yaml file resources in a holos component directory.
+2. Post process a [HelmChart](<#HelmChart>) [HolosComponent](<#HolosComponent>) to inject istio, patch jobs, add custom labels, etc...
+
+```go
+type Kustomize struct {
+    // KustomizeFiles holds file contents for kustomize, e.g. patch files.
+    KustomizeFiles FileContentMap `json:"kustomizeFiles,omitempty"`
+    // ResourcesFile is the file name used for api objects in kustomization.yaml
+    ResourcesFile string `json:"resourcesFile,omitempty"`
+}
+```
+
+<a name="KustomizeBuild"></a>
+## type KustomizeBuild {#KustomizeBuild}
+
+KustomizeBuild represents a [HolosComponent](<#HolosComponent>) that renders plain yaml files in the holos component directory using \`kubectl kustomize build\`.
+
+```go
+type KustomizeBuild struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"KustomizeBuild\""`
+}
+```
+
+<a name="Label"></a>
+## type Label {#Label}
+
+Label is an arbitrary unique identifier internal to holos itself. The holos cli is expected to never write a Label value to rendered output files, therefore use a [Label](<#Label>) then the identifier must be unique and internal. Defined as a type for clarity and type checking.
+
+A Label is useful to convert a CUE struct to a list, for example producing a list of [APIObject](<#APIObject>) resources from an [APIObjectMap](<#APIObjectMap>). A CUE struct using Label keys is guaranteed to not lose data when rendering output because a Label is expected to never be written to the final output.
+
+```go
+type Label string
+```
+
+<a name="Metadata"></a>
+## type Metadata {#Metadata}
+
+Metadata represents data about the holos component such as the Name.
+
+```go
+type Metadata struct {
+    // Name represents the name of the holos component.
+    Name string `json:"name"`
+    // Namespace is the primary namespace of the holos component.  A holos
+    // component may manage resources in multiple namespaces, in this case
+    // consider setting the component namespace to default.
+    //
+    // This field is optional because not all resources require a namespace,
+    // particularly CRD's and DeployFiles functionality.
+    // +optional
+    Namespace string `json:"namespace,omitempty"`
+}
+```
+
+<a name="Platform"></a>
+## type Platform {#Platform}
+
+Platform represents a platform to manage. A Platform resource informs holos which components to build. The platform resource also acts as a container for the platform model form values provided by the PlatformService. The primary use case is to collect the cluster names, cluster types, platform model, and holos components to build into one resource.
+
+```go
+type Platform struct {
+    // Kind is a string value representing the resource this object represents.
+    Kind string `json:"kind" cue:"\"Platform\""`
+    // APIVersion represents the versioned schema of this representation of an object.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    // Metadata represents data about the object such as the Name.
+    Metadata PlatformMetadata `json:"metadata"`
+
+    // Spec represents the specification.
+    Spec PlatformSpec `json:"spec"`
+}
+```
+
+<a name="PlatformMetadata"></a>
+## type PlatformMetadata {#PlatformMetadata}
+
+
+
+```go
+type PlatformMetadata struct {
+    // Name represents the Platform name.
+    Name string `json:"name"`
+}
+```
+
+<a name="PlatformSpec"></a>
+## type PlatformSpec {#PlatformSpec}
+
+PlatformSpec represents the specification of a Platform. Think of a platform specification as a list of platform components to apply to a list of kubernetes clusters combined with the user\-specified Platform Model.
+
+```go
+type PlatformSpec struct {
+    // Model represents the platform model holos gets from from the
+    // PlatformService.GetPlatform rpc method and provides to CUE using a tag.
+    Model structpb.Struct `json:"model"`
+    // Components represents a list of holos components to manage.
+    Components []PlatformSpecComponent `json:"components"`
+}
+```
+
+<a name="PlatformSpecComponent"></a>
+## type PlatformSpecComponent {#PlatformSpecComponent}
+
+PlatformSpecComponent represents a holos component to build or render.
+
+```go
+type PlatformSpecComponent struct {
+    // Path is the path of the component relative to the platform root.
+    Path string `json:"path"`
+    // Cluster is the cluster name to provide when rendering the component.
+    Cluster string `json:"cluster"`
+}
+```
+
+<a name="Repository"></a>
+## type Repository {#Repository}
+
+Repository represents a helm chart repository.
+
+```go
+type Repository struct {
+    Name string `json:"name"`
+    URL  string `json:"url"`
+}
+```
+
+Generated by [gomarkdoc](<https://github.com/princjef/gomarkdoc>)

doc/md/cli.md

@@ -0,0 +1,3 @@
+# CLI
+
+Use the `holos` command line interface (CLI) to render individual platform components, entire platforms, and push/pull the platform model.

doc/md/glossary.md

@@ -0,0 +1,17 @@
+# Glossary
+
+This page describes the terms used within the context of Holos.
+
+## Management Cluster
+
+## Workload Cluster
+
+## Platform Form
+
+## Platform Model
+
+## Secret Store
+
+## Service Mesh
+
+## Zero Trust

doc/md/intro.md

@@ -1,47 +1,64 @@
----
-sidebar_position: 1
----
+# Introduction
 
-# Tutorial Intro
+⚡️ Holos will help you build your **software development platform in no time.**
 
-Let's discover **Docusaurus in less than 5 minutes**.
+💸 Building a software development platform is **time consuming and expensive**.  Spend more time building features for your customers and less time managing your development platform.
 
-## Getting Started
+💥 Already have a platform?  Add new features and services to your platform easily with Holos.
 
-Get started by **creating a new site**.
+🧐 Holos is a platform builder. It builds a hollistic software development platform composed of best-of-breed cloud native open source projects.  Holos is also a tool to make it easier to manage cloud infrastructure by providing a typed alternative to yaml templates.
 
-Or **try Docusaurus immediately** with **[docusaurus.new](https://docusaurus.new)**.
+## Features
 
-### What you'll need
+Holos was built to solve two main problems:
 
-- [Node.js](https://nodejs.org/en/download/) version 18.0 or above:
-  - When installing Node.js, you are recommended to check all checkboxes related to dependencies.
+ 1. Building a platform usually takes 3 engineers 6-9 months of effort.  Holos provides a reference platform that enables you to deploy and customize your platform in a fraction of the time.
+ 2. Configuration changes often cause outages.  Existing tools like Helm make it difficult to understand the impact a configuration change will have.  Holos provides a unique, unified configuration model powered by CUE that makes it safer and easier to roll out configuration changes.
 
-## Generate a new site
+A core principle of Holos is that organizations gain value from owning the the platform they build on.  Avoid vendor lock-in, future price hikes, and expensive licensing changes by building on a solid foundation of open source, cloud native computing foundation backed projects.
 
-Generate a new Docusaurus site using the **classic template**.
+The following features are built into the Holos reference platform.
 
-The classic template will automatically be added to your project after you run the command:
+:::tip
 
-```bash
-npm init docusaurus@latest my-website classic
-```
+Don't see your preferred technology in the stack?  Holos is designed to enable you to swap out components of the platform tech stack.
 
-You can type this command into Command Prompt, Powershell, Terminal, or any other integrated terminal of your code editor.
+:::
 
-The command also installs all necessary dependencies you need to run Docusaurus.
+- **Continuous Delivery**
+  - Holos builds a GitOps workflow for each application running in the platform.
+  - Developers push changes which are automatically deployed.
+  - Powered by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/)
+- **Identity and Access Management** (IAM)
+  - Holos builds a standard OIDC identity provider for you.
+  - Integrates with your exisitng IAM and SSO system, or works independently.
+  - Powerful customer identity and access management features.
+  - Role based access control.
+  - Powered by [ZITADEL](https://zitadel.com/)
+- **Zero Trust**
+  - Authenticate and Authorize users at the platform layer instead of or in addition to the application layer.
+  - Integrated with observability to measure and alert about problems before customers complain.
+  - Powered by [Istio](https://istio.io/)
+- **Observability**
+  - Holos collects performance and availability metrics automatically, without requiring application changes.
+  - Optional, deeper integration into the application layer.
+  - Distributed Tracing
+  - Logging
+  - Powered by Prometheus, Grafana, Loki, and OpenTelemetry.
+- **Data Platform**
+  - Integrated management of PostgreSQL
+  - Automatic backups
+  - Automatic restore from backup
+  - Quickly fail over across multiple regions
+- **Multi-Region**
+  - Holos is designed to operate in multiple regions and multiple clouds.
+  - Keep customer data in the region that makes the most sense for your business.
+  - Easily cut over from one region to another for redundancy and business continuity.
 
-## Start your site
+## Development Status
 
-Run the development server:
+Holos is being actively developed by [Open Infrastructure Services](https://openinfrastructure.co).  Release can be found [here](https://github.com/holos-run/holos/releases).
 
-```bash
-cd my-website
-npm run start
-```
+## Adoption
 
-The `cd` command changes the directory you're working with. In order to work with your newly created Docusaurus site, you'll need to navigate the terminal there.
-
-The `npm run start` command builds your website locally and serves it through a development server, ready for you to view at http://localhost:3000/.
-
-Open `docs/intro.md` (this page) and edit some lines: the site **reloads automatically** and displays your changes.
+Organizations who have officially adopted Holos can be found [here](https://github.com/holos-run/holos/blob/main/ADOPTERS.md).

doc/md/local-development.md

@@ -0,0 +1,28 @@
+# Local Development
+
+This document captures notes on locally developing Holos.
+
+Follow the steps in [Try Holos Locally](/docs/tutorial/local/k3d), but take
+care to select `Develop` tabs when creating the k3d cluster so you have a local
+registry to push to.
+
+## Apply Resources
+
+Work will be done in the `dev-holos` namespace.
+
+Apply the infrastructure, which should persist when tilt is started / stopped.
+
+```bash
+kubectl apply --server-side=true -f ./hack/tilt/k8s/dev-holos-infra
+```
+
+This creates the PostgresCluster, service account, etc...
+
+## Start tilt
+
+Tilt will build the go executable, build the container, then push it to the
+local repository associated with k3d.
+
+```bash
+./hack/tilt/bin/tilt up
+```

doc/md/reference-platform/architecture.md

@@ -0,0 +1,81 @@
+# Architecture
+
+This page describes the architecture of the Holos reference platform.
+
+## Overview
+
+The reference platform manages three kubernetes clusters by default.  One management cluster and two workload clusters.
+
+```mermaid
+graph TB
+   subgraph "Management"
+       secrets(Secrets)
+       c1(Controllers)
+   end
+
+   subgraph "Primary"
+       s1p(Service 1)
+       s2p(Service 2)
+   end
+
+   subgraph "Standby"
+       s1s(Service 1)
+       s2s(Service 2)
+   end
+ 
+   classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;
+   classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;
+   classDef cluster fill:#fff,stroke:#bbb,stroke-width:2px,color:#326ce5;
+   class c1,s1p,s2p,s1s,s2s,secrets k8s;
+   class Management,Primary,Standby cluster;
+
+```
+
+
+The services in each cluster type are:
+
+:::tip
+The management cluster is designed to operate reliably on spot instances.  A highly available management cluster typically costs less than a cup of coffee per month to operate.
+:::
+
+1. Management Cluster
+   - **SecretStore** to provide namespace scoped secrets to workload clusters.
+   - **CertManager** to provision TLS certificates and make them available to workload clusters.
+   - **ClusterAPI** to provision and manage workload clusters via GitOps.  For example, EKS or GKE clusters.
+   - **Crossplane** to provision and manage cloud resources via GitOps.  For example, buckets, managed databases, any other cloud resource.
+   - **CronJobs** to refresh short lived credentials.  For example image pull credentials.
+   - **ArgoCD** to manage resources within the management cluster via GitOps.
+2. Primary Workload Cluster
+   - **ArgoCD** to continuously deploy your applications and services via GitOps.
+   - **External Secrets Operator** to synchronize namespace scoped secrets.
+   - **Istio** to provide a Gateway to expose services.
+   - **ZITADEL** to provide SSO login for all other services (e.g. ArgoCD, Grafana, Backstage, etc...)
+   - **PostgreSQL** for in-cluster databases.
+   - **Backstage** to provide your developer portal into the whole platform.
+   - **Observability** implemented by Prometheus, Grafana, and Loki to provide monitoring and logging.
+   - **AuthorizationPolicy** to provide role based access control to all services in the cluster.
+3. Standby Workload Cluster
+   - Identical configuration to the primary cluster.
+   - May be scaled down to zero to reduce expenses.
+   - Intended to take the primary cluster role quickly, within minutes, for disaster recovery or regular maintenance purposes.
+
+## Security
+
+### Namespaces
+
+Namespaces are security boundaries in the reference platform.  A given namespace is treated as the same security context across multiple clusters following the [SIG Multi-cluster Position](https://github.com/kubernetes/community/blob/dd4c8b704ef1c9c3bfd928c6fa9234276d61ad18/sig-multicluster/namespace-sameness-position-statement.md).
+
+The namespace sameness principle makes role based access control straightforward to manage and comprehend.  For example, granting a developer the ability to create secrets in namespace `example` means the developer has the ability to do so in the secret store in the management cluster and also synchronize the secret to the services they own in the workload clusters.
+
+## Data Platform
+
+Holos is designed to work with two distinct types of databases by default:
+
+ 1. In-cluster PostgresSQL databases for lower cost and rapid development and testing.
+ 2. Out-of-cluster SQL databases for production services, e.g. RDS, CloudSQL, Aurora, Redshift, etc...
+
+:::tip
+To simplify maintenance the holos reference platform provisions databases from the most recent backup by default.
+:::
+
+In-cluster databases in the holos reference platform automatically save backups to an S3 or GCS bucket.  For regular maintenance and disaster recovery, the standby cluster automatically restores databases from the most recent backup in the bucket.  This capability makes  maintenance much simpler, most maintenance tasks are carried out on the standby cluster which is then promoted to the primary.  Software upgrades in particular are intended to be carried out against the standby, verified, then promoted to primary.  Once live traffic shifts to the upgraded services in the new primary the previous cluster can be spun down to save cost or upgraded safely in place.

doc/md/tutorial-basics/_category_.json

@@ -1,8 +0,0 @@
-{
-  "label": "Tutorial - Basics",
-  "position": 2,
-  "link": {
-    "type": "generated-index",
-    "description": "5 minutes to learn the most important Docusaurus concepts."
-  }
-}

doc/md/tutorial-basics/congratulations.md

@@ -1,23 +0,0 @@
----
-sidebar_position: 6
----
-
-# Congratulations!
-
-You have just learned the **basics of Docusaurus** and made some changes to the **initial template**.
-
-Docusaurus has **much more to offer**!
-
-Have **5 more minutes**? Take a look at **[versioning](../tutorial-extras/manage-docs-versions.md)** and **[i18n](../tutorial-extras/translate-your-site.md)**.
-
-Anything **unclear** or **buggy** in this tutorial? [Please report it!](https://github.com/facebook/docusaurus/discussions/4610)
-
-## What's next?
-
-- Read the [official documentation](https://docusaurus.io/)
-- Modify your site configuration with [`docusaurus.config.js`](https://docusaurus.io/docs/api/docusaurus-config)
-- Add navbar and footer items with [`themeConfig`](https://docusaurus.io/docs/api/themes/configuration)
-- Add a custom [Design and Layout](https://docusaurus.io/docs/styling-layout)
-- Add a [search bar](https://docusaurus.io/docs/search)
-- Find inspirations in the [Docusaurus showcase](https://docusaurus.io/showcase)
-- Get involved in the [Docusaurus Community](https://docusaurus.io/community/support)

doc/md/tutorial-basics/create-a-blog-post.md

@@ -1,34 +0,0 @@
----
-sidebar_position: 3
----
-
-# Create a Blog Post
-
-Docusaurus creates a **page for each blog post**, but also a **blog index page**, a **tag system**, an **RSS** feed...
-
-## Create your first Post
-
-Create a file at `blog/2021-02-28-greetings.md`:
-
-```md title="blog/2021-02-28-greetings.md"
----
-slug: greetings
-title: Greetings!
-authors:
-  - name: Joel Marcey
-    title: Co-creator of Docusaurus 1
-    url: https://github.com/JoelMarcey
-    image_url: https://github.com/JoelMarcey.png
-  - name: Sébastien Lorber
-    title: Docusaurus maintainer
-    url: https://sebastienlorber.com
-    image_url: https://github.com/slorber.png
-tags: [greetings]
----
-
-Congratulations, you have made your first post!
-
-Feel free to play around and edit this post as much as you like.
-```
-
-A new blog post is now available at [http://localhost:3000/blog/greetings](http://localhost:3000/blog/greetings).

doc/md/tutorial-basics/create-a-document.md

@@ -1,57 +0,0 @@
----
-sidebar_position: 2
----
-
-# Create a Document
-
-Documents are **groups of pages** connected through:
-
-- a **sidebar**
-- **previous/next navigation**
-- **versioning**
-
-## Create your first Doc
-
-Create a Markdown file at `docs/hello.md`:
-
-```md title="docs/hello.md"
-# Hello
-
-This is my **first Docusaurus document**!
-```
-
-A new document is now available at [http://localhost:3000/docs/hello](http://localhost:3000/docs/hello).
-
-## Configure the Sidebar
-
-Docusaurus automatically **creates a sidebar** from the `docs` folder.
-
-Add metadata to customize the sidebar label and position:
-
-```md title="docs/hello.md" {1-4}
----
-sidebar_label: 'Hi!'
-sidebar_position: 3
----
-
-# Hello
-
-This is my **first Docusaurus document**!
-```
-
-It is also possible to create your sidebar explicitly in `sidebars.js`:
-
-```js title="sidebars.js"
-export default {
-  tutorialSidebar: [
-    'intro',
-    // highlight-next-line
-    'hello',
-    {
-      type: 'category',
-      label: 'Tutorial',
-      items: ['tutorial-basics/create-a-document'],
-    },
-  ],
-};
-```

doc/md/tutorial-basics/create-a-page.md

@@ -1,43 +0,0 @@
----
-sidebar_position: 1
----
-
-# Create a Page
-
-Add **Markdown or React** files to `src/pages` to create a **standalone page**:
-
-- `src/pages/index.js` → `localhost:3000/`
-- `src/pages/foo.md` → `localhost:3000/foo`
-- `src/pages/foo/bar.js` → `localhost:3000/foo/bar`
-
-## Create your first React Page
-
-Create a file at `src/pages/my-react-page.js`:
-
-```jsx title="src/pages/my-react-page.js"
-import React from 'react';
-import Layout from '@theme/Layout';
-
-export default function MyReactPage() {
-  return (
-    <Layout>
-      <h1>My React page</h1>
-      <p>This is a React page</p>
-    </Layout>
-  );
-}
-```
-
-A new page is now available at [http://localhost:3000/my-react-page](http://localhost:3000/my-react-page).
-
-## Create your first Markdown Page
-
-Create a file at `src/pages/my-markdown-page.md`:
-
-```mdx title="src/pages/my-markdown-page.md"
-# My Markdown page
-
-This is a Markdown page
-```
-
-A new page is now available at [http://localhost:3000/my-markdown-page](http://localhost:3000/my-markdown-page).

doc/md/tutorial-basics/deploy-your-site.md

@@ -1,31 +0,0 @@
----
-sidebar_position: 5
----
-
-# Deploy your site
-
-Docusaurus is a **static-site-generator** (also called **[Jamstack](https://jamstack.org/)**).
-
-It builds your site as simple **static HTML, JavaScript and CSS files**.
-
-## Build your site
-
-Build your site **for production**:
-
-```bash
-npm run build
-```
-
-The static files are generated in the `build` folder.
-
-## Deploy your site
-
-Test your production build locally:
-
-```bash
-npm run serve
-```
-
-The `build` folder is now served at [http://localhost:3000/](http://localhost:3000/).
-
-You can now deploy the `build` folder **almost anywhere** easily, **for free** or very small cost (read the **[Deployment Guide](https://docusaurus.io/docs/deployment)**).

doc/md/tutorial-basics/markdown-features.mdx

@@ -1,152 +0,0 @@
----
-sidebar_position: 4
----
-
-# Markdown Features
-
-Docusaurus supports **[Markdown](https://daringfireball.net/projects/markdown/syntax)** and a few **additional features**.
-
-## Front Matter
-
-Markdown documents have metadata at the top called [Front Matter](https://jekyllrb.com/docs/front-matter/):
-
-```text title="my-doc.md"
-// highlight-start
----
-id: my-doc-id
-title: My document title
-description: My document description
-slug: /my-custom-url
----
-// highlight-end
-
-## Markdown heading
-
-Markdown text with [links](./hello.md)
-```
-
-## Links
-
-Regular Markdown links are supported, using url paths or relative file paths.
-
-```md
-Let's see how to [Create a page](/create-a-page).
-```
-
-```md
-Let's see how to [Create a page](./create-a-page.md).
-```
-
-**Result:** Let's see how to [Create a page](./create-a-page.md).
-
-## Images
-
-Regular Markdown images are supported.
-
-You can use absolute paths to reference images in the static directory (`static/img/docusaurus.png`):
-
-```md
-![Docusaurus logo](/img/docusaurus.png)
-```
-
-![Docusaurus logo](/img/docusaurus.png)
-
-You can reference images relative to the current file as well. This is particularly useful to colocate images close to the Markdown files using them:
-
-```md
-![Docusaurus logo](./img/docusaurus.png)
-```
-
-## Code Blocks
-
-Markdown code blocks are supported with Syntax highlighting.
-
-````md
-```jsx title="src/components/HelloDocusaurus.js"
-function HelloDocusaurus() {
-  return <h1>Hello, Docusaurus!</h1>;
-}
-```
-````
-
-```jsx title="src/components/HelloDocusaurus.js"
-function HelloDocusaurus() {
-  return <h1>Hello, Docusaurus!</h1>;
-}
-```
-
-## Admonitions
-
-Docusaurus has a special syntax to create admonitions and callouts:
-
-```md
-:::tip My tip
-
-Use this awesome feature option
-
-:::
-
-:::danger Take care
-
-This action is dangerous
-
-:::
-```
-
-:::tip My tip
-
-Use this awesome feature option
-
-:::
-
-:::danger Take care
-
-This action is dangerous
-
-:::
-
-## MDX and React Components
-
-[MDX](https://mdxjs.com/) can make your documentation more **interactive** and allows using any **React components inside Markdown**:
-
-```jsx
-export const Highlight = ({children, color}) => (
-  <span
-    style={{
-      backgroundColor: color,
-      borderRadius: '20px',
-      color: '#fff',
-      padding: '10px',
-      cursor: 'pointer',
-    }}
-    onClick={() => {
-      alert(`You clicked the color ${color} with label ${children}`)
-    }}>
-    {children}
-  </span>
-);
-
-This is <Highlight color="#25c2a0">Docusaurus green</Highlight> !
-
-This is <Highlight color="#1877F2">Facebook blue</Highlight> !
-```
-
-export const Highlight = ({children, color}) => (
-  <span
-    style={{
-      backgroundColor: color,
-      borderRadius: '20px',
-      color: '#fff',
-      padding: '10px',
-      cursor: 'pointer',
-    }}
-    onClick={() => {
-      alert(`You clicked the color ${color} with label ${children}`);
-    }}>
-    {children}
-  </span>
-);
-
-This is <Highlight color="#25c2a0">Docusaurus green</Highlight> !
-
-This is <Highlight color="#1877F2">Facebook blue</Highlight> !

doc/md/tutorial-extras/_category_.json

@@ -1,7 +0,0 @@
-{
-  "label": "Tutorial - Extras",
-  "position": 3,
-  "link": {
-    "type": "generated-index"
-  }
-}

doc/md/tutorial-extras/manage-docs-versions.md

@@ -1,55 +0,0 @@
----
-sidebar_position: 1
----
-
-# Manage Docs Versions
-
-Docusaurus can manage multiple versions of your docs.
-
-## Create a docs version
-
-Release a version 1.0 of your project:
-
-```bash
-npm run docusaurus docs:version 1.0
-```
-
-The `docs` folder is copied into `versioned_docs/version-1.0` and `versions.json` is created.
-
-Your docs now have 2 versions:
-
-- `1.0` at `http://localhost:3000/docs/` for the version 1.0 docs
-- `current` at `http://localhost:3000/docs/next/` for the **upcoming, unreleased docs**
-
-## Add a Version Dropdown
-
-To navigate seamlessly across versions, add a version dropdown.
-
-Modify the `docusaurus.config.js` file:
-
-```js title="docusaurus.config.js"
-export default {
-  themeConfig: {
-    navbar: {
-      items: [
-        // highlight-start
-        {
-          type: 'docsVersionDropdown',
-        },
-        // highlight-end
-      ],
-    },
-  },
-};
-```
-
-The docs version dropdown appears in your navbar:
-
-![Docs Version Dropdown](./img/docsVersionDropdown.png)
-
-## Update an existing version
-
-It is possible to edit versioned docs in their respective folder:
-
-- `versioned_docs/version-1.0/hello.md` updates `http://localhost:3000/docs/hello`
-- `docs/hello.md` updates `http://localhost:3000/docs/next/hello`

doc/md/tutorial-extras/translate-your-site.md

@@ -1,88 +0,0 @@
----
-sidebar_position: 2
----
-
-# Translate your site
-
-Let's translate `docs/intro.md` to French.
-
-## Configure i18n
-
-Modify `docusaurus.config.js` to add support for the `fr` locale:
-
-```js title="docusaurus.config.js"
-export default {
-  i18n: {
-    defaultLocale: 'en',
-    locales: ['en', 'fr'],
-  },
-};
-```
-
-## Translate a doc
-
-Copy the `docs/intro.md` file to the `i18n/fr` folder:
-
-```bash
-mkdir -p i18n/fr/docusaurus-plugin-content-docs/current/
-
-cp docs/intro.md i18n/fr/docusaurus-plugin-content-docs/current/intro.md
-```
-
-Translate `i18n/fr/docusaurus-plugin-content-docs/current/intro.md` in French.
-
-## Start your localized site
-
-Start your site on the French locale:
-
-```bash
-npm run start -- --locale fr
-```
-
-Your localized site is accessible at [http://localhost:3000/fr/](http://localhost:3000/fr/) and the `Getting Started` page is translated.
-
-:::caution
-
-In development, you can only use one locale at a time.
-
-:::
-
-## Add a Locale Dropdown
-
-To navigate seamlessly across languages, add a locale dropdown.
-
-Modify the `docusaurus.config.js` file:
-
-```js title="docusaurus.config.js"
-export default {
-  themeConfig: {
-    navbar: {
-      items: [
-        // highlight-start
-        {
-          type: 'localeDropdown',
-        },
-        // highlight-end
-      ],
-    },
-  },
-};
-```
-
-The locale dropdown now appears in your navbar:
-
-![Locale Dropdown](./img/localeDropdown.png)
-
-## Build your localized site
-
-Build your site for a specific locale:
-
-```bash
-npm run build -- --locale fr
-```
-
-Or build your site to include all the locales at once:
-
-```bash
-npm run build
-```

doc/md/tutorial/install.md

@@ -0,0 +1,21 @@
+# Install Holos
+
+Holos is distributed as a single file executable.
+
+## Releases
+
+Download `holos` from the [releases](https://github.com/holos-run/holos/releases) page and place the executable into your shell path.
+
+## Go install
+
+Alternatively, install directly into your go bin path using:
+
+```shell
+go install github.com/holos-run/holos/cmd/holos@latest
+```
+
+### What you'll need
+
+- [helm](https://github.com/helm/helm/releases) to fetch and render Helm chart components.
+- [kubectl](https://kubernetes.io/docs/tasks/tools/) to [kustomize](https://kustomize.io/) components.
+

doc/md/tutorial/local/k3d.mdx

@@ -0,0 +1,835 @@
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# Try Holos Locally
+
+Learn how to configure and deploy the Holos reference platform to your local
+host with k3d.
+
+---
+
+This guide assumes commands are run from your local host.  Capitalized terms
+have specific definitions described in the [Glossary](/docs/glossary).
+
+## Requirements
+
+You'll need the following tools installed on your local host to complete this guide.
+
+ 1. [k3d](https://k3d.io/#installation) - to provide an api server.
+ 2. [Docker](https://docs.docker.com/get-docker/) - to use k3d.
+ 3. [holos](/docs/tutorial/install) - to build the platform.
+ 4. [kubectl](https://kubernetes.io/docs/tasks/tools/) - to interact with the Kubernetes cluster.
+ 5. [helm](https://helm.sh/docs/intro/install/) - to render Holos components that integrate vendor provided Helm charts.
+ 6. [mkcert](https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installation) - for local trusted certificates.
+ 7. [jq](https://jqlang.github.io/jq/download/) - to manipulate json output.
+
+## Outcome
+
+At the end of this guide you'll have built a development platform that provides
+Zero Trust security by holistically integrating off-the-shelf components.
+
+ 1. ArgoCD to review and apply platform configuration changes.
+ 2. Istio service mesh with mTLS encryption.
+ 3. ZITADEL to provide single sign-on identity tokens with multi factor authentication.
+
+The platform running on your local host will configure Istio to authenticate and
+authorize requests using an oidc id token issued by ZITADEL _before_ the request
+ever reaches ArgoCD.
+
+:::tip
+
+With Holos, developers don't need to write authentication or authorization logic
+for many use cases.
+
+:::
+
+Single sign-on and role based access control are provided by the platform itself
+for all service running in the platform using standardized policies.
+
+The `k3d` platform is derived from the larger holos reference platform to
+provide a smooth on-ramp to evaluate the value Holos offers.
+
+ 1. Holos wraps unmodified Helm charts provided by software vendors.
+ 2. Holos eliminates the need to template yaml.
+ 3. Holos is composable, scaling down to local host and up to multi-cloud and multi-cluster.
+ 4. The Zero Trust security model implemented by the reference platform.
+ 5. Configuration unification with CUE.
+
+## Register with Holos
+
+Register an account with the Holos web service. This registration is required
+to save platform configuration values via a simple web form and to explore how
+Holos implements Zero Trust.
+
+```bash
+holos register user
+```
+
+## Create the Platform
+
+Create the platform, which stores the Platform Form and its values in the Holos
+web service. The Platform Form represents the Platform Model.
+
+```bash
+holos create platform --name k3d --display-name "Try Holos Locally"
+```
+
+## Generate the Platform
+
+Holos builds the platform by building each component of the platform into fully
+rendered Kubernetes configuration resources.  Generate the source code for the
+platform in a blank local directory.  This directory is named `holos-infra` by
+convention because it represents the Holos managed platform infrastructure.
+
+Create a new Git repository to store the platform code:
+
+```bash
+mkdir holos-k3d
+cd holos-k3d
+git init .
+```
+
+Generate the platform code in the current directory:
+
+```bash
+holos generate platform k3d
+```
+
+Commit the generated platform config to the repository:
+
+```bash
+git add .
+git commit -m "holos generate platform k3d - $(holos --version)"
+```
+
+## Push the Platform Form
+
+Push the Platform Form to the web service to provide top-level configuration
+values from which the platform components derive their final configuration.
+
+```bash
+holos push platform form .
+```
+
+Visit the printed URL to view the Platform Form.
+
+:::tip
+
+You have complete control over the form fields and validation rules.
+
+:::
+
+## Submit the Platform Model
+
+Fill out the form and submit the Platform Model.
+
+For the Role Based Access Control section, provide the value of the `sub`
+subject claim of your identity to ensure only you have administrative access to
+ArgoCD.
+
+```bash
+holos login --print-claims | jq -r .sub
+```
+
+For the ArgoCD Git repository URL, enter the url of a public repository where
+you will push your local `holos-k3d` repository.
+
+```bash
+git remote add origin https://github.com/example/holos-k3d
+git push origin HEAD:main
+```
+
+## Pull the Platform Model
+
+The Platform Model is the JSON representation of the Platform Form values.
+Holos provides the Platform Model to CUE to render the platform configuration to
+plain YAML. Configuration that varies is derived from the Platform Model using
+CUE.
+
+Pull the Platform Model to your local host to render the platform.
+
+```bash
+holos pull platform model .
+```
+
+The `platform.config.json` file is intended to be committed to version control.
+
+```bash
+git add platform.config.json
+git commit -m "Add platform model"
+```
+
+:::danger
+
+Do not store secrets in the Platform Model.
+
+:::
+
+Holos uses ExternalSecret resources to securely sync with a SecretStore and
+ensure Secrets are never stored in version control.
+
+## Render the Platform
+
+Rendering the platform iterates over each platform component and renders the
+component into the final Kubernetes resources that will be sent to the API Server.
+
+```bash
+holos render platform ./platform
+```
+
+This command writes fully rendered Kubernetes resource yaml to the `deploy/` directory.
+
+:::warning
+
+Do not edit the files in the `deploy` as they will be written over.
+
+:::
+
+Commit the rendered platform configuration for `git diff` later.
+
+```bash
+git add deploy
+git commit -m "holos render platform ./platform"
+```
+
+### Rendering
+
+Holos uses the Kubernetes resource model to manage configuration.  The `holos`
+command line interface (cli) is the primary method you'll use to manage your
+platform.  Holos uses CUE to provide a unified configuration model of the
+platform which is built from components packaged with Helm, Kustomize, CUE, or
+any tool that can produce Kubernetes resources as output.  This process can be
+thought of as a yaml **rendering pipeline**.
+
+Each component in a platform defines a rendering pipeline shown in Figure 2 to
+produce Kubernetes api resources
+
+```mermaid
+---
+title: Figure 2 - Render Pipeline
+---
+graph LR
+    PS[<a href="/docs/api/core/v1alpha2#PlatformSpec">PlatformSpec</a>]
+    BP[<a href="/docs/api/core/v1alpha2#BuildPlan">BuildPlan</a>]
+    HC[<a href="/docs/api/core/v1alpha2#HolosComponent">HolosComponent</a>]
+
+    H[<a href="/docs/api/core/v1alpha2#HelmChart">HelmChart</a>]
+    K[<a href="/docs/api/core/v1alpha2#KustomizeBuild">KustomizeBuild</a>]
+    O[<a href="/docs/api/core/v1alpha2#KubernetesObjects">KubernetesObjects</a>]
+
+    P[<a href="/docs/api/core/v1alpha2#Kustomize">Kustomize</a>]
+    Y[Kubernetes <br>Resources]
+    G[GitOps <br>Resource]
+
+    C[Kube API Server]
+
+    PS --> BP --> HC
+    HC --> H --> P
+    HC --> K --> P
+    HC --> O --> P
+
+    P --> Y --> C
+    P --> G --> C
+```
+
+The `holos` cli can be thought of as executing a data pipeline.  The Platform
+Model is the top level input to the pipeline and specifies the ways your
+platform varies from other organizations.  The `holos` cli takes the Platform
+Model as input and executes a series of steps to produce the platform
+configuration.  The platform configuration output of `holos` are full
+Kubernetes API resources, suitable for application to a cluster with `kubectl
+apply -f`, or GitOps tools such as ArgoCD or Flux.
+
+## Review the Platform Config
+
+:::tip
+
+This section is optional, included to provide insight into how Holos uses CUE
+and Helm to unify and render the platform configuration.
+
+:::
+
+Take a moment to review the platform config `holos` rendered.
+
+### ArgoCD Application
+
+Note the Git URL you entered into the Platform Form is used to derive the ArgoCD
+`Application` resource from the Platform Model.
+
+```yaml
+# deploy/clusters/workload/gitops/namespaces.application.gen.yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: namespaces
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    # highlight-next-line
+    path: /deploy/clusters/workload/components/namespaces
+    # highlight-next-line
+    repoURL: https://github.com/holos-run/holos-k3d
+    # highlight-next-line
+    targetRevision: HEAD
+```
+
+One ArgoCD `Application` resource is produced for each Holos component by
+default.  Note the `cert-manger` component renders the output using Helm.
+Holos unifies the Application resource using CUE.  The CUE definition which
+produces the rendered output is defined in `buildplan.cue` around line 222.
+
+:::tip
+
+Note how CUE does not use error-prone text templates, the language is well
+specified and typed which reduces errors when unifying the configuration with
+the Platform Model in the following `#Argo` definition.
+
+:::
+
+```cue
+// buildplan.cue
+
+// #Argo represents an argocd Application resource for each component, written
+// using the #HolosComponent.deployFiles field.
+#Argo: {
+	ComponentName: string
+
+	Application: app.#Application & {
+		metadata: name:      ComponentName
+		metadata: namespace: "argocd"
+		spec: {
+			destination: server: "https://kubernetes.default.svc"
+			project: "default"
+			source: {
+        // highlight-next-line
+				path:           "\(_Platform.Model.argocd.deployRoot)/deploy/clusters/\(_ClusterName)/components/\(ComponentName)"
+        // highlight-next-line
+				repoURL:        _Platform.Model.argocd.repoURL
+        // highlight-next-line
+				targetRevision: _Platform.Model.argocd.targetRevision
+			}
+		}
+	}
+
+	// deployFiles represents the output files to write along side the component.
+	deployFiles: "clusters/\(_ClusterName)/gitops/\(ComponentName).application.gen.yaml": yaml.Marshal(Application)
+}
+```
+
+### Helm Chart
+
+Holos uses CUE to safely integrate the unmodified upstream `cert-manager` Helm
+chart.
+
+:::tip
+
+Holos fully supports your existing Helm charts.  Consider leveraging `holos` as
+an safer alternative to umbrella charts.
+
+:::
+
+```cue
+// components/cert-manager/cert-manager.cue
+package holos
+
+// Produce a helm chart build plan.
+(#Helm & Chart).Output
+
+let Chart = {
+	Name:      "cert-manager"
+	Version:   "1.14.5"
+	Namespace: "cert-manager"
+
+	Repo: name: "jetstack"
+	Repo: url:  "https://charts.jetstack.io"
+
+  // highlight-next-line
+	Values: {
+		installCRDs: true
+		startupapicheck: enabled: false
+		// Must not use kube-system on gke autopilot.  GKE Warden blocks access.
+    // highlight-next-line
+		global: leaderElection: namespace: Namespace
+
+		// https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#min-max-requests
+		resources: requests: {
+			cpu:                 "250m"
+			memory:              "512Mi"
+			"ephemeral-storage": "100Mi"
+		}
+    // highlight-next-line
+		webhook: resources:        Values.resources
+    // highlight-next-line
+		cainjector: resources:     Values.resources
+    // highlight-next-line
+		startupapicheck: resource: Values.resources
+
+		// https://cloud.google.com/kubernetes-engine/docs/how-to/autopilot-spot-pods
+		nodeSelector: {
+			"kubernetes.io/os": "linux"
+			if _ClusterName == "management" {
+				"cloud.google.com/gke-spot": "true"
+			}
+		}
+		webhook: nodeSelector:         Values.nodeSelector
+		cainjector: nodeSelector:      Values.nodeSelector
+		startupapicheck: nodeSelector: Values.nodeSelector
+	}
+}
+```
+
+## Create the Workload Cluster
+
+The Workload Cluster is where your applications and services will be deployed.
+In production this is usually an EKS, GKE, or AKS cluster.
+
+:::tip
+
+Holos supports any compliant Kubernetes cluster and was developed and tested on
+GKE, EKS, Talos, and Kubeadm clusters.
+
+:::
+
+<Tabs>
+  <TabItem value="evaluate" label="Evaluate" default>
+  Use this command when evaluating Holos.
+
+  ```bash
+  k3d cluster create workload \
+    --port "443:443@loadbalancer" \
+    --k3s-arg "--disable=traefik@server:0"
+  ```
+  </TabItem>
+  <TabItem value="develop" label="Develop" default>
+  Use this command when developing Holos.
+
+  ```bash
+  k3d registry create registry.holos.localhost --port 5100
+  ```
+
+  ```bash
+  k3d cluster create workload \
+    --registry-use k3d-registry.holos.localhost:5100 \
+    --port "443:443@loadbalancer" \
+    --k3s-arg "--disable=traefik@server:0"
+  ```
+  </TabItem>
+</Tabs>
+
+Traefik is disabled because Istio provides the same functionality.
+
+## Local CA
+
+Create and apply the `local-ca` Secret containing the CA private key. This
+Secret is necessary to issue certificates trusted by your browser when using the
+local k3d platform.
+
+```bash
+bash ./scripts/local-ca
+```
+
+:::note
+
+Admin access is necessary for `mkcert` to install the newly generated CA cert
+into your local host's trust store.
+
+:::
+
+## DNS Setup
+
+Configure your localhost to resolve `*.holos.localhost` to your loopback
+interface.  This is necessary for your browser requests to reach the k3d
+workload cluster.
+
+<Tabs>
+  <TabItem value="macos" label="macOS" default>
+    ```bash
+    brew install dnsmasq
+    ```
+
+    ```bash
+    cat <<EOF >"$(brew --prefix)/etc/dnsmasq.d/holos.localhost.conf"
+    # Refer to https://holos.run/docs/tutorial/local/k3d/
+    address=/holos.localhost/127.0.0.1
+    EOF
+    ```
+
+    ```bash
+    if [[ -r /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ]]; then
+      echo "dnsmasq already configured"
+    else
+      sudo cp "$(brew list dnsmasq | grep 'dnsmasq.plist$')" \
+        /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+      sudo launchctl unload /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+      sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
+      dscacheutil -flushcache
+      echo "dnsmasq configured"
+    fi
+    ```
+
+    ```bash
+    sudo mkdir -p /etc/resolver
+    sudo tee /etc/resolver/holos.localhost <<EOF
+    domain holos.localhost
+    nameserver 127.0.0.1
+    EOF
+    sudo killall -HUP mDNSResponder
+    ```
+  </TabItem>
+  <TabItem value="linux" label="Linux">
+    [NSS-myhostname](http://man7.org/linux/man-pages/man8/nss-myhostname.8.html)
+    ships with many Linux distributions and should resolve *.localhost
+    automatically to 127.0.0.1.
+
+    Otherwise it is installable with:
+
+    ```bash
+    sudo apt install libnss-myhostname
+    ```
+  </TabItem>
+  <TabItem value="windows" label="Windows">
+    Ensure the loopback interface has at least the following names in `C:\windows\system32\drivers\etc\hosts`
+
+		```
+    127.0.0.1 httpbin.holos.localhost argocd.holos.localhost app.holos.localhost
+		```
+  </TabItem>
+</Tabs>
+
+## Apply the Platform Components
+
+Use `kubectl` to apply each platform component.  In production, it's common to
+fully automate this process with ArgoCD, but we use `kubectl` in development
+and exploration contexts to the same effect.
+
+### Namespaces
+
+```bash
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/namespaces
+```
+
+### Custom Resource Definitions
+
+Services are exposed with standard `HTTPRoute` resources from the Gateway API.
+
+```bash
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/gateway-api
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/istio-base
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/argo-crds
+```
+
+### Cert Manager
+
+Apply the ClusterIssuer which issues Certificate resources using the local ca.
+
+```bash
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/cert-manager
+kubectl apply --server-side=true -f deploy/clusters/workload/components/local-ca
+kubectl apply --server-side=true -f deploy/clusters/workload/components/certificates
+```
+
+### Istio
+
+```bash
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/istio-cni
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/istiod
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/gateway
+```
+
+Verify the Gateway is programmed and the listeners have been accepted:
+
+```bash
+kubectl get -n istio-gateways gateway default -o json \
+  | jq -r '.status.conditions[].message'
+```
+
+```txt
+Resource accepted
+Resource programmed, assigned to service(s) default-istio.istio-gateways.svc.cluster.local:443
+```
+
+### httpbin
+
+httpbin is a simple backend service useful for end-to-end testing.
+
+```bash
+kubectl apply --server-side=true -f deploy/clusters/workload/components/httpbin-backend
+kubectl apply --server-side=true -f deploy/clusters/workload/components/httpbin-routes
+```
+
+:::important
+
+Browse to [https://httpbin.holos.localhost/](https://httpbin.holos.localhost/)
+to verify end to end connectivity.
+
+:::
+
+### Cookie Secret
+
+Generate a random cookie encryption Secret and apply.
+
+```bash
+LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom \
+  | head -c 32 \
+  | kubectl create secret generic "authproxy" \
+    --from-file=cookiesecret=/dev/stdin \
+    --dry-run=client -o yaml \
+  | kubectl apply -n istio-gateways -f-
+```
+:::tip
+
+The Holos reference platform uses an ExternalSecret to automatically sync this
+Secret from your SecretStore.
+
+:::
+
+
+### Auth Proxy
+
+The auth proxy is responsible for authenticating web browser requests.  The auth
+proxy provides a standard oidc id token to all services integrated with the
+mesh.
+
+```bash
+kubectl apply --server-side=true -f deploy/clusters/workload/components/authproxy
+kubectl apply --server-side=true -f deploy/clusters/workload/components/authroutes
+```
+
+:::important
+
+Verify authentication is working by visiting
+[https://httpbin.holos.localhost/holos/authproxy](https://httpbin.holos.localhost/holos/authproxy).
+Expect a simple `Authenticated` response.
+
+:::
+
+:::note
+
+Istio will respond with `no healthy upstream` until the pod becomes ready.
+
+:::
+
+Once authenticated, visit
+[https://httpbin.holos.localhost/holos/authproxy/userinfo](https://httpbin.holos.localhost/holos/authproxy/userinfo)
+which returns a subset of claims from your id token:
+
+```json
+{
+  "user": "275552236589843464",
+  "email": "demo@holos.run",
+  "preferredUsername": "demo"
+}
+```
+
+### Auth Policy
+
+Configure authorization policies using the claims provided in the authenticated
+id token.
+
+```bash
+kubectl apply --server-side=true -f deploy/clusters/workload/components/authpolicy
+```
+
+:::important
+
+Requests to `https://httpbin.holos.localhost` are protected by
+AuthorizationPolicy platform resources after applying this component.
+
+:::
+
+### Zero Trust
+
+A basic Zero Trust security model is now in place.  Verify authentication is
+working by browsing to
+[https://httpbin.holos.localhost/dump/request](https://httpbin.holos.localhost/dump/request).
+
+:::note
+
+Istio make take a few seconds to program the Gateway with the
+AuthorizationPolicy resources.
+
+:::
+
+:::tip
+
+Note the `x-oidc-id-token` header is not sent by your browser but is received
+by the backend service.  This design reduces the risk of exposing id tokens.
+Requests over the internet are also smaller and more reliable because large id
+tokens with may claims are confined to the cluster.
+
+:::
+
+Verify unauthenticated requests are blocked:
+
+```bash
+curl https://httpbin.holos.localhost/dump/request
+```
+
+Expect a response that redirects to the identity provider.
+
+Verify authenticated requests are allowed:
+
+```bash
+curl -H x-oidc-id-token:$(holos token) https://httpbin.holos.localhost/dump/request
+```
+
+Expect a response from the backend httpbin service with the id token header the
+platform authenticated and authorized.
+
+:::tip
+
+Note how the platform secures both web browser and command line api access to
+the backend httpbin service.  httpbin itself has no authentication or
+authorization functionality.
+
+:::
+
+### ArgoCD
+
+ArgoCD automatically applies resources defined in Git similar to how this guide
+uses `kubectl apply`.
+
+Apply controller deployments and supporting resources.
+
+```bash
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/argo-cd
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/argo-authpolicy
+kubectl apply --server-side=true -f ./deploy/clusters/workload/components/argo-routes
+```
+
+Verify all Pods are running and all containers are ready.
+
+```bash
+kubectl get pods -n argocd
+```
+
+```txt
+NAME                                                READY   STATUS      RESTARTS   AGE
+argocd-application-controller-0                     1/1     Running     0          10s
+argocd-applicationset-controller-578db65fcd-lnn76   1/1     Running     0          10s
+argocd-notifications-controller-67c856dbb7-12stk    1/1     Running     0          10s
+argocd-redis-698f57d9b9-v4kqs                       1/1     Running     0          10s
+argocd-redis-secret-init-z5zg8                      0/1     Completed   0          10s
+argocd-repo-server-69f78dfb8-f6pb7                  1/1     Running     0          10s
+argocd-server-58f7f4466d-db5fv                      2/2     Running     0          10s
+```
+
+Browse to [https://argocd.holos.localhost/](https://argocd.holos.localhost/) and
+verify you get the ArgoCD login page.
+
+![ArgoCD Login Page](./argocd-login.png)
+
+:::note
+
+Both the platform layer and the ArgoCD application layer performs authentication
+and authorization using the same identity provider.  Note how the Zero Trust
+model provides an additional layer of security without friction.
+
+:::
+
+Login using the SSO button and verify you get to the Applications page.
+
+![ArgoCD Applications](./argocd-apps.png)
+
+### ArgoCD Applications
+
+Apply the Application resources for all of the Holos components that compose the
+platform.  The Application resources provide drift detection and optional
+automatic reconciliation of platform components.
+
+```bash
+kubectl apply --server-side=true -f deploy/clusters/workload/gitops
+```
+
+Browse to or refresh [https://argocd.holos.localhost/applications](https://argocd.holos.localhost/applications).
+
+![ArgoCD Holos Components](./argocd-apps-2.png)
+
+:::important
+
+If you do not see any applications after refreshing the page ensure the `sub`
+value in the Platform Model (`platform.config.json`) is correct and matches
+`holos login --print-claims`.
+
+:::
+
+### Sync Applications
+
+Navigate to the [namespaces Application](https://argocd.holos.localhost/applications/argocd/namespaces).
+
+![ArgoCD Out of Sync](./argocd-out-of-sync.png)
+
+Review the differences between the live platform and the git configuration.
+
+![ArgoCD Diff](./argocd-diff.png)
+
+Sync the application to reconcile the differences.
+
+![ArgoCD Sync](./argocd-sync.png)
+
+The Holos components should report Sync OK.
+
+![ArgoCD Sync OK](./argocd-sync-ok.png)
+
+:::tip
+
+Automatic reconciliation is turned off by default.
+
+:::
+
+Optionally enable automatic reconciliation by adding `spec.syncPolicy.automated:
+{}` to the `#Argo` definition.
+
+Add the following to `buildplan.site.cue` to avoid `holos generate platform k3d`
+writing over the customization.
+
+:::tip
+
+CUE merges definitions located in multiple files.  This feature is used to
+customize the platform.
+
+:::
+
+```bash
+cat <<EOF > buildplan.site.cue
+package holos
+// Enable automated sync of platform components.
+#Argo: Application: spec: syncPolicy: automated: {}
+EOF
+```
+
+Re-render the platform.
+
+```bash
+holos render platform ./platform
+```
+
+Add and commit the changes.
+
+```bash
+git add .
+git commit -m 'enable argocd automatic sync'
+git push origin HEAD
+```
+
+Apply the new changes.
+
+```bash
+kubectl apply --server-side=true -f deploy/clusters/workload/gitops
+```
+
+Automatic reconciliation is enabled for all platform components.
+
+![ArgoCD Automatic Sync OK](./argocd-auto-sync-ok.png)
+
+## Summary
+
+TODO
+
+1. Configured the Service Mesh with mTLS.
+2. Configured authentication and authorization.
+3. Protected a backend service without backend code changes.
+4. ArgoCD

doc/md/tutorial/overview.md

@@ -0,0 +1,17 @@
+# Overview
+
+<!-- https://kubernetes.io/docs/contribute/style/diagram-guide/ -->
+
+This tutorial covers the following process of getting started with Holos.
+
+```mermaid
+graph LR
+    A[1. Install <br>holos] -->
+    B[2. Register <br>account] -->
+    C[3. Generate <br>platform] -->
+    D[4. Render <br>platform] -->
+    E[5. Apply <br>config]
+ 
+    classDef box fill:#fff,stroke:#000,stroke-width:1px,color:#000;
+    class A,B,C,D,E box
+```

doc/md/tutorial/register.md

@@ -0,0 +1,62 @@
+# Registration
+
+Holos leverages a simple web app to collect and store platform attributes with a web form.  Register an account with the web app to create and retrieve the platform model.
+
+```
+holos register user
+```
+
+:::tip
+
+Holos allows you to customize all of the sections and fields of your platform model.
+
+:::
+
+
+## Generate your Platform
+
+Generate your platform configuration from the holos reference platform embedded in the `holos` executable.  Platform configuration is stored in a git repository.
+
+```bash
+mkdir holos-infra
+cd holos-infra
+holos generate platform holos
+```
+
+The generate command writes many files organized by platform component into the current directory
+
+TODO: Put a table here describing key elements?
+
+:::tip
+
+Take a peek at `holos generate platform --help` to see other platforms embedded in the holos executable.
+
+:::
+
+## Push the Platform Form
+
+```
+holos push platform form .
+```
+
+## Fill in the form
+
+TODO
+
+## Pull the Platform Model
+
+Once the platform model is saved, pull it into the holos-infra repository:
+
+```
+holos pull platform model .
+```
+
+## Render the Platform
+
+With the platform model and the platform spec, you're ready to render the complete platform configuration:
+
+```
+holos render platform ./platform
+```
+
+## Summary

doc/website/.gitignore

@@ -1,7 +1,7 @@
 # Dependencies
 /node_modules
 
-# Production
+# Build
 /build
 
 # Generated files

doc/website/blog/2019-05-28-first-blog-post.md

@@ -1,12 +0,0 @@
----
-slug: first-blog-post
-title: First Blog Post
-authors:
-  name: Gao Wei
-  title: Docusaurus Core Team
-  url: https://github.com/wgao19
-  image_url: https://github.com/wgao19.png
-tags: [hola, docusaurus]
----
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet

doc/website/blog/2019-05-29-long-blog-post.md

@@ -1,44 +0,0 @@
----
-slug: long-blog-post
-title: Long Blog Post
-authors: endi
-tags: [hello, docusaurus]
----
-
-This is the summary of a very long blog post,
-
-Use a `<!--` `truncate` `-->` comment to limit blog post size in the list view.
-
-<!--truncate-->
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet
-
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet

doc/website/blog/2021-08-01-mdx-blog-post.mdx

@@ -1,20 +0,0 @@
----
-slug: mdx-blog-post
-title: MDX Blog Post
-authors: [slorber]
-tags: [docusaurus]
----
-
-Blog posts support [Docusaurus Markdown features](https://docusaurus.io/docs/markdown-features), such as [MDX](https://mdxjs.com/).
-
-:::tip
-
-Use the power of React to create interactive blog posts.
-
-```js
-<button onClick={() => alert('button clicked!')}>Click me!</button>
-```
-
-<button onClick={() => alert('button clicked!')}>Click me!</button>
-
-:::

doc/website/blog/2021-08-26-welcome/index.md

@@ -1,25 +0,0 @@
----
-slug: welcome
-title: Welcome
-authors: [slorber, yangshun]
-tags: [facebook, hello, docusaurus]
----
-
-[Docusaurus blogging features](https://docusaurus.io/docs/blog) are powered by the [blog plugin](https://docusaurus.io/docs/api/plugins/@docusaurus/plugin-content-blog).
-
-Simply add Markdown files (or folders) to the `blog` directory.
-
-Regular blog authors can be added to `authors.yml`.
-
-The blog post date can be extracted from filenames, such as:
-
-- `2019-05-30-welcome.md`
-- `2019-05-30-welcome/index.md`
-
-A blog post folder can be convenient to co-locate blog post images:
-
-![Docusaurus Plushie](./docusaurus-plushie-banner.jpeg)
-
-The blog supports tags as well!
-
-**And if you don't want a blog**: just delete this directory, and use `blog: false` in your Docusaurus config.

doc/website/blog/2024-07-03-welcome/index.md

@@ -0,0 +1,8 @@
+---
+slug: welcome
+title: Welcome
+authors: [jeff]
+tags: [holos]
+---
+
+TODO - Coming Soon

doc/website/blog/authors.yml

@@ -1,17 +1,17 @@
-endi:
-  name: Endilie Yacop Sucipto
-  title: Maintainer of Docusaurus
-  url: https://github.com/endiliey
-  image_url: https://github.com/endiliey.png
+jeff:
+  name: Jeff McCune
+  title: Holos maintainer & creator
+  url: https://github.com/jeffmccune
+  image_url: https://github.com/jeffmccune.png
 
-yangshun:
-  name: Yangshun Tay
-  title: Front End Engineer @ Facebook
-  url: https://github.com/yangshun
-  image_url: https://github.com/yangshun.png
+gary:
+  name: Gary Larizza
+  title: Holos maintainer
+  url: https://github.com/glarizza
+  image_url: https://github.com/glarizza.png
 
-slorber:
-  name: Sébastien Lorber
-  title: Docusaurus maintainer
-  url: https://sebastienlorber.com
-  image_url: https://github.com/slorber.png
+nate:
+  name: Nate McCurdy
+  title: Holos maintainer
+  url: https://github.com/natemccurdy
+  image_url: https://github.com/natemccurdy.png

doc/website/blog/tags.yml

@@ -1,16 +1,4 @@
-facebook:
-  label: Facebook
-  permalink: /facebook
-  description: Facebook tag description
-hello:
-  label: Hello
-  permalink: /hello
-  description: Hello tag description
-docusaurus:
-  label: Docusaurus
-  permalink: /docusaurus
-  description: Docusaurus tag description
-hola:
-  label: Hola
-  permalink: /hola
-  description: Hola tag description
+holos:
+  label: Holos
+  permalink: /holos
+  description: Holos Platform

doc/website/dist/v1alpha2.html.md

@@ -0,0 +1,425 @@
+using module mode; GOMOD=/Users/jeff/Holos/holos/go.mod
+
+...
+
+<!-- #lowframe -->
+
+[Go Documentation Server](/pkg/)
+
+[GoDoc](/pkg/)
+
+[▽](#)
+
+Search
+
+<!-- magnifying glass: -->
+
+# Package v1alpha2
+
+<!--
+    	Copyright 2009 The Go Authors. All rights reserved.
+    	Use of this source code is governed by a BSD-style
+    	license that can be found in the LICENSE file.
+    -->
+
+<!--
+    	Note: Static (i.e., not template-generated) href and id
+    	attributes start with "pkg-" to make it impossible for
+    	them to conflict with generated attributes (some of which
+    	correspond to Go identifiers).
+    -->
+
+* `import "github.com/holos-run/holos/api/core/v1alpha2"`
+
+- - [Overview](#pkg-overview)
+  - [Index](#pkg-index)
+
+<!-- The package's Name is printed as title by the top-level template -->
+
+## Overview ▹
+
+## Overview ▾
+
+Package v1alpha2 contains the core API contract between the holos cli and CUE configuration code. Platform designers, operators, and software developers use this API to write configuration in CUE which \`holos\` loads. The overall shape of the API defines imperative actions \`holos\` should carry out to render the complete yaml that represents a Platform.
+
+[Platform](#Platform) defines the complete configuration of a platform. With the holos reference platform this takes the shape of one management cluster and at least two workload cluster. Each cluster has multiple [HolosComponent](#HolosComponent) resources applied to it.
+
+Each holos component path, e.g. \`components/namespaces\` produces exactly one [BuildPlan](#BuildPlan) which in turn contains a set of [HolosComponent](#HolosComponent) kinds.
+
+The primary kinds of [HolosComponent](#HolosComponent) are:
+
+1. [HelmChart](#HelmChart) to render config from a helm chart.
+2. [KustomizeBuild](#KustomizeBuild) to render config from [Kustomize](#Kustomize)
+3. [KubernetesObjects](#KubernetesObjects) to render [APIObjects](#APIObjects) defined directly in CUE configuration.
+
+Note that Holos operates as a data pipeline, so the output of a [HelmChart](#HelmChart) may be provided to [Kustomize](#Kustomize) for post-processing.
+
+## Index ▹
+
+## Index ▾
+
+<!-- Table of contents for API; must be named manual-nav to turn off auto nav. -->
+
+* * [Constants](#pkg-constants)
+  * [type APIObject](#APIObject)
+  * [type APIObjectMap](#APIObjectMap)
+  * [type APIObjects](#APIObjects)
+  * [type BuildPlan](#BuildPlan)
+  * [type BuildPlanComponents](#BuildPlanComponents)
+  * [type BuildPlanSpec](#BuildPlanSpec)
+  * [type Chart](#Chart)
+  * [type FileContent](#FileContent)
+  * [type FileContentMap](#FileContentMap)
+  * [type FilePath](#FilePath)
+  * [type HelmChart](#HelmChart)
+  * [type HolosComponent](#HolosComponent)
+  * [type Kind](#Kind)
+  * [type KubernetesObjects](#KubernetesObjects)
+  * [type Kustomize](#Kustomize)
+  * [type KustomizeBuild](#KustomizeBuild)
+  * [type Label](#Label)
+  * [type Metadata](#Metadata)
+  * [type Platform](#Platform)
+  * [type PlatformMetadata](#PlatformMetadata)
+  * [type PlatformSpec](#PlatformSpec)
+  * [type PlatformSpecComponent](#PlatformSpecComponent)
+  * [type Repository](#Repository)
+
+<!-- #manual-nav -->
+
+### Package files
+
+[apiobjects.go](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go) [buildplan.go](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go) [constants.go](/src/github.com/holos-run/holos/api/core/v1alpha2/constants.go) [core.go](/src/github.com/holos-run/holos/api/core/v1alpha2/core.go) [doc.go](/src/github.com/holos-run/holos/api/core/v1alpha2/doc.go) [helm.go](/src/github.com/holos-run/holos/api/core/v1alpha2/helm.go) [kubernetesobjects.go](/src/github.com/holos-run/holos/api/core/v1alpha2/kubernetesobjects.go) [kustomizebuild.go](/src/github.com/holos-run/holos/api/core/v1alpha2/kustomizebuild.go)
+
+<!-- .expanded -->
+
+<!-- #pkg-index -->
+
+## Constants
+
+```
+const (
+    APIVersion    = "v1alpha2"
+    BuildPlanKind = "BuildPlan"
+    HelmChartKind = "HelmChart"
+    // ChartDir is the directory name created in the holos component directory to cache a chart.
+    ChartDir = "vendor"
+    // ResourcesFile is the file name used to store component output when post-processing with kustomize.
+    ResourcesFile = "resources.yaml"
+)
+```
+
+```
+const KubernetesObjectsKind = "KubernetesObjects"
+```
+
+## type [APIObject](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go?s=978:1008#L11) [¶](#APIObject)
+
+APIObject represents the most basic generic form of a single kubernetes api object. Represented as a JSON object internally for compatibility between tools, for example loading from CUE.
+
+```
+type APIObject structpb.Struct
+```
+
+## type [APIObjectMap](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go?s=1281:1324#L17) [¶](#APIObjectMap)
+
+APIObjectMap represents the marshalled yaml representation of kubernetes api objects. Do not produce an APIObjectMap directly, instead use [APIObjects](#APIObjects) to produce the marshalled yaml representation from CUE data, then provide the result to [HolosComponent](#HolosComponent).
+
+```
+type APIObjectMap map[Kind]map[Label]string
+```
+
+## type [APIObjects](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go?s=1901:2055#L31) [¶](#APIObjects)
+
+APIObjects represents Kubernetes API objects defined directly from CUE code. Useful to mix in resources to any kind of [HolosComponent](#HolosComponent), for example adding an ExternalSecret resource to a [HelmChart](#HelmChart).
+
+[Kind](#Kind) must be the resource kind, e.g. Deployment or Service.
+
+[Label](#Label) is an arbitrary internal identifier to uniquely identify the resource within the context of a \`holos\` command. Holos will never write the intermediate label to rendered output.
+
+Refer to [HolosComponent](#HolosComponent) which accepts an [APIObjectMap](#APIObjectMap) field provided by [APIObjects](#APIObjects).
+
+```
+type APIObjects struct {
+    APIObjects   map[Kind]map[Label]APIObject `json:"apiObjects"`
+    APIObjectMap APIObjectMap                 `json:"apiObjectMap"`
+}
+```
+
+## type [BuildPlan](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=789:989#L11) [¶](#BuildPlan)
+
+BuildPlan represents a build plan for the holos cli to execute. The purpose of a BuildPlan is to define one or more [HolosComponent](#HolosComponent) kinds. For example a [HelmChart](#HelmChart), [KustomizeBuild](#KustomizeBuild), or [KubernetesObjects](#KubernetesObjects).
+
+A BuildPlan usually has an additional empty [KubernetesObjects](#KubernetesObjects) for the purpose of using the [HolosComponent](#HolosComponent) DeployFiles field to deploy an ArgoCD or Flux gitops resource for the holos component.
+
+```
+type BuildPlan struct {
+    Kind       string        `json:"kind" cue:"\"BuildPlan\""`
+    APIVersion string        `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    Spec       BuildPlanSpec `json:"spec"`
+}
+```
+
+## type [BuildPlanComponents](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=1335:1715#L25) [¶](#BuildPlanComponents)
+
+```
+type BuildPlanComponents struct {
+    Resources             map[Label]KubernetesObjects `json:"resources,omitempty"`
+    KubernetesObjectsList []KubernetesObjects         `json:"kubernetesObjectsList,omitempty"`
+    HelmChartList         []HelmChart                 `json:"helmChartList,omitempty"`
+    KustomizeBuildList    []KustomizeBuild            `json:"kustomizeBuildList,omitempty"`
+}
+```
+
+## type [BuildPlanSpec](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=1056:1333#L18) [¶](#BuildPlanSpec)
+
+BuildPlanSpec represents the specification of the build plan.
+
+```
+type BuildPlanSpec struct {
+    // Disabled causes the holos cli to take no action over the [BuildPlan].
+    Disabled bool `json:"disabled,omitempty"`
+    // Components represents multiple [HolosComponent] kinds to manage.
+    Components BuildPlanComponents `json:"components,omitempty"`
+}
+```
+
+## type [Chart](/src/github.com/holos-run/holos/api/core/v1alpha2/helm.go?s=922:1304#L13) [¶](#Chart)
+
+Chart represents a helm chart.
+
+```
+type Chart struct {
+    // Name represents the chart name.
+    Name string `json:"name"`
+    // Version represents the chart version.
+    Version string `json:"version"`
+    // Release represents the chart release when executing helm template.
+    Release string `json:"release"`
+    // Repository represents the repository to fetch the chart from.
+    Repository Repository `json:"repository,omitempty"`
+}
+```
+
+## type [FileContent](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=117:140#L1) [¶](#FileContent)
+
+FileContent represents file contents.
+
+```
+type FileContent string
+```
+
+## type [FileContentMap](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=314:358#L2) [¶](#FileContentMap)
+
+FileContentMap represents a mapping of file paths to file contents. Paths are relative to the \`holos\` output "deploy" directory, and may contain sub-directories.
+
+```
+type FileContentMap map[FilePath]FileContent
+```
+
+## type [FilePath](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=54:74#L1) [¶](#FilePath)
+
+FilePath represents a file path.
+
+```
+type FilePath string
+```
+
+## type [HelmChart](/src/github.com/holos-run/holos/api/core/v1alpha2/helm.go?s=415:886#L1) [¶](#HelmChart)
+
+HelmChart represents a holos component which wraps around an upstream helm chart. Holos orchestrates helm by providing values obtained from CUE, renders the output using \`helm template\`, then post-processes the helm output yaml using the general functionality provided by [HolosComponent](#HolosComponent), for example [Kustomize](#Kustomize) post-rendering and mixing in additional kubernetes api objects.
+
+```
+type HelmChart struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"HelmChart\""`
+
+    // Chart represents a helm chart to manage.
+    Chart Chart `json:"chart"`
+    // ValuesContent represents the values.yaml file holos passes to the `helm
+    // template` command.
+    ValuesContent string `json:"valuesContent"`
+    // EnableHooks enables helm hooks when executing the `helm template` command.
+    EnableHooks bool `json:"enableHooks" cue:"bool | *false"`
+}
+```
+
+## type [HolosComponent](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=1851:3130#L34) [¶](#HolosComponent)
+
+HolosComponent defines the fields common to all holos component kinds. Every holos component kind should embed HolosComponent.
+
+```
+type HolosComponent struct {
+    // Kind is a string value representing the resource this object represents.
+    Kind string `json:"kind"`
+    // APIVersion represents the versioned schema of this representation of an object.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    // Metadata represents data about the holos component such as the Name.
+    Metadata Metadata `json:"metadata"`
+
+    // APIObjectMap holds the marshalled representation of api objects.  Useful to
+    // mix in resources to each HolosComponent type, for example adding an
+    // ExternalSecret to a HelmChart HolosComponent.  Refer to [APIObjects].
+    APIObjectMap APIObjectMap `json:"apiObjectMap,omitempty"`
+
+    // DeployFiles represents file paths relative to the cluster deploy directory
+    // with the value representing the file content.  Intended for defining the
+    // ArgoCD Application resource or Flux Kustomization resource from within CUE,
+    // but may be used to render any file related to the build plan from CUE.
+    DeployFiles FileContentMap `json:"deployFiles,omitempty"`
+
+    // Kustomize represents a kubectl kustomize build post-processing step.
+    Kustomize `json:"kustomize,omitempty"`
+
+    // Skip causes holos to take no action regarding this component.
+    Skip bool `json:"skip" cue:"bool | *false"`
+}
+```
+
+## type [Kind](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go?s=763:779#L6) [¶](#Kind)
+
+Kind is a kubernetes api object kind. Defined as a type for clarity and type checking.
+
+```
+type Kind string
+```
+
+## type [KubernetesObjects](/src/github.com/holos-run/holos/api/core/v1alpha2/kubernetesobjects.go?s=205:336#L1) [¶](#KubernetesObjects)
+
+KubernetesObjects represents a [HolosComponent](#HolosComponent) composed of Kubernetes API objects provided directly from CUE using [APIObjects](#APIObjects).
+
+```
+type KubernetesObjects struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"KubernetesObjects\""`
+}
+```
+
+## type [Kustomize](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=4065:4360#L81) [¶](#Kustomize)
+
+Kustomize represents resources necessary to execute a kustomize build. Intended for at least two use cases:
+
+1. Process a [KustomizeBuild](#KustomizeBuild) [HolosComponent](#HolosComponent) which represents raw yaml file resources in a holos component directory.
+2. Post process a [HelmChart](#HelmChart) [HolosComponent](#HolosComponent) to inject istio, patch jobs, add custom labels, etc...
+
+```
+type Kustomize struct {
+    // KustomizeFiles holds file contents for kustomize, e.g. patch files.
+    KustomizeFiles FileContentMap `json:"kustomizeFiles,omitempty"`
+    // ResourcesFile is the file name used for api objects in kustomization.yaml
+    ResourcesFile string `json:"resourcesFile,omitempty"`
+}
+```
+
+## type [KustomizeBuild](/src/github.com/holos-run/holos/api/core/v1alpha2/kustomizebuild.go?s=165:290#L1) [¶](#KustomizeBuild)
+
+KustomizeBuild represents a [HolosComponent](#HolosComponent) that renders plain yaml files in the holos component directory using \`kubectl kustomize build\`.
+
+```
+type KustomizeBuild struct {
+    HolosComponent `json:",inline"`
+    Kind           string `json:"kind" cue:"\"KustomizeBuild\""`
+}
+```
+
+## type [Label](/src/github.com/holos-run/holos/api/core/v1alpha2/apiobjects.go?s=654:671#L3) [¶](#Label)
+
+Label is an arbitrary unique identifier internal to holos itself. The holos cli is expected to never write a Label value to rendered output files, therefore use a [Label](#Label) then the identifier must be unique and internal. Defined as a type for clarity and type checking.
+
+A Label is useful to convert a CUE struct to a list, for example producing a list of [APIObject](#APIObject) resources from an [APIObjectMap](#APIObjectMap). A CUE struct using Label keys is guaranteed to not lose data when rendering output because a Label is expected to never be written to the final output.
+
+```
+type Label string
+```
+
+## type [Metadata](/src/github.com/holos-run/holos/api/core/v1alpha2/buildplan.go?s=3204:3702#L61) [¶](#Metadata)
+
+Metadata represents data about the holos component such as the Name.
+
+```
+type Metadata struct {
+    // Name represents the name of the holos component.
+    Name string `json:"name"`
+    // Namespace is the primary namespace of the holos component.  A holos
+    // component may manage resources in multiple namespaces, in this case
+    // consider setting the component namespace to default.
+    //
+    // This field is optional because not all resources require a namespace,
+    // particularly CRD's and DeployFiles functionality.
+    // +optional
+    Namespace string `json:"namespace,omitempty"`
+}
+```
+
+## type [Platform](/src/github.com/holos-run/holos/api/core/v1alpha2/core.go?s=546:1027#L5) [¶](#Platform)
+
+Platform represents a platform to manage. A Platform resource informs holos which components to build. The platform resource also acts as a container for the platform model form values provided by the PlatformService. The primary use case is to collect the cluster names, cluster types, platform model, and holos components to build into one resource.
+
+```
+type Platform struct {
+    // Kind is a string value representing the resource this object represents.
+    Kind string `json:"kind" cue:"\"Platform\""`
+    // APIVersion represents the versioned schema of this representation of an object.
+    APIVersion string `json:"apiVersion" cue:"string | *\"v1alpha2\""`
+    // Metadata represents data about the object such as the Name.
+    Metadata PlatformMetadata `json:"metadata"`
+
+    // Spec represents the specification.
+    Spec PlatformSpec `json:"spec"`
+}
+```
+
+## type [PlatformMetadata](/src/github.com/holos-run/holos/api/core/v1alpha2/core.go?s=76:174#L1) [¶](#PlatformMetadata)
+
+```
+type PlatformMetadata struct {
+    // Name represents the Platform name.
+    Name string `json:"name"`
+}
+```
+
+## type [PlatformSpec](/src/github.com/holos-run/holos/api/core/v1alpha2/core.go?s=1254:1581#L20) [¶](#PlatformSpec)
+
+PlatformSpec represents the specification of a Platform. Think of a platform specification as a list of platform components to apply to a list of kubernetes clusters combined with the user-specified Platform Model.
+
+```
+type PlatformSpec struct {
+    // Model represents the platform model holos gets from from the
+    // PlatformService.GetPlatform rpc method and provides to CUE using a tag.
+    Model structpb.Struct `json:"model"`
+    // Components represents a list of holos components to manage.
+    Components []PlatformSpecComponent `json:"components"`
+}
+```
+
+## type [PlatformSpecComponent](/src/github.com/holos-run/holos/api/core/v1alpha2/core.go?s=1657:1896#L29) [¶](#PlatformSpecComponent)
+
+PlatformSpecComponent represents a holos component to build or render.
+
+```
+type PlatformSpecComponent struct {
+    // Path is the path of the component relative to the platform root.
+    Path string `json:"path"`
+    // Cluster is the cluster name to provide when rendering the component.
+    Cluster string `json:"cluster"`
+}
+```
+
+## type [Repository](/src/github.com/holos-run/holos/api/core/v1alpha2/helm.go?s=1356:1435#L25) [¶](#Repository)
+
+Repository represents a helm chart repository.
+
+```
+type Repository struct {
+    Name string `json:"name"`
+    URL  string `json:"url"`
+}
+```
+
+Build version go1.22.4.\
+Except as [noted](https://developers.google.com/site-policies#restrictions), the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code is licensed under a [BSD license](/LICENSE).\
+[Terms of Service](https://golang.org/doc/tos.html) | [Privacy Policy](https://www.google.com/intl/en/policies/privacy/)
+
+<!-- .container -->
+
+<!-- #page -->

doc/website/docusaurus.config.ts

@@ -4,7 +4,7 @@ import type * as Preset from '@docusaurus/preset-classic';
 
 const config: Config = {
   title: 'Holos',
-  tagline: 'Holistic development platform',
+  tagline: 'The Platform Operating System',
   favicon: 'img/favicon.ico',
 
   // Set the production url of your site here
@@ -12,6 +12,7 @@ const config: Config = {
   // Set the /<baseUrl>/ pathname under which your site is served
   // For GitHub pages deployment, it is often '/<projectName>/'
   baseUrl: '/',
+  trailingSlash: true,
 
   // GitHub pages deployment config.
   // If you aren't using GitHub pages, you don't need these.
@@ -19,7 +20,7 @@ const config: Config = {
   projectName: 'holos', // Usually your repo name.
 
   onBrokenLinks: 'throw',
-  onBrokenMarkdownLinks: 'warn',
+  onBrokenMarkdownLinks: 'throw',
 
   // Even if you don't use internationalization, you can use this field to set
   // useful metadata like html lang. For example, if your site is Chinese, you
@@ -29,6 +30,12 @@ const config: Config = {
     locales: ['en'],
   },
 
+  // https://docusaurus.io/docs/markdown-features/diagrams
+  markdown: {
+    mermaid: true
+  },
+  themes: ['@docusaurus/theme-mermaid'],
+
   presets: [
     [
       'classic',
@@ -60,23 +67,46 @@ const config: Config = {
 
   themeConfig: {
     // Replace with your project's social card
-    image: 'img/docusaurus-social-card.jpg',
+    image: 'img/holos-social-card.png',
+    docs: {
+      sidebar: {
+        autoCollapseCategories: false,
+      }
+    },
     navbar: {
-      title: 'My Site',
+      title: '',
       logo: {
-        alt: 'My Site Logo',
         src: 'img/logo.svg',
+        srcDark: 'img/logo-dark.svg',
       },
       items: [
         {
-          type: 'docSidebar',
-          sidebarId: 'tutorialSidebar',
+          type: 'doc',
+          docId: 'tutorial/local/k3d',
           position: 'left',
-          label: 'Tutorial',
+          label: 'Try Holos',
+        },
+        {
+          type: 'doc',
+          docId: 'intro',
+          position: 'left',
+          label: 'Docs',
+        },
+        {
+          type: 'docSidebar',
+          sidebarId: 'api',
+          position: 'left',
+          label: 'API',
         },
         { to: '/blog', label: 'Blog', position: 'left' },
         {
-          href: 'https://github.com/facebook/docusaurus',
+          "href": "https://pkg.go.dev/github.com/holos-run/holos?tab=doc",
+          "label": "GoDoc",
+          "position": "left",
+          "className": "header-godoc-link",
+        },
+        {
+          href: 'https://github.com/holos-run/holos',
           label: 'GitHub',
           position: 'right',
         },
@@ -89,25 +119,25 @@ const config: Config = {
           title: 'Docs',
           items: [
             {
-              label: 'Tutorial',
+              label: 'Try Holos Locally',
+              to: '/docs/tutorial/local/k3d',
+            },
+            {
+              label: 'Documentation',
               to: '/docs/intro',
             },
+            {
+              label: 'API Reference',
+              to: '/docs/api/core/v1alpha2',
+            },
           ],
         },
         {
           title: 'Community',
           items: [
             {
-              label: 'Stack Overflow',
-              href: 'https://stackoverflow.com/questions/tagged/docusaurus',
-            },
-            {
-              label: 'Discord',
-              href: 'https://discordapp.com/invite/docusaurus',
-            },
-            {
-              label: 'Twitter',
-              href: 'https://twitter.com/docusaurus',
+              label: 'Discuss',
+              href: 'https://github.com/orgs/holos-run/discussions',
             },
           ],
         },
@@ -120,16 +150,39 @@ const config: Config = {
             },
             {
               label: 'GitHub',
-              href: 'https://github.com/facebook/docusaurus',
+              href: 'https://github.com/holos-run/holos',
             },
           ],
         },
       ],
-      copyright: `Copyright © ${new Date().getFullYear()} My Project, Inc. Built with Docusaurus.`,
+      copyright: `Copyright © ${new Date().getFullYear()} The Holos Authors.`,
     },
     prism: {
+      // Refer to https://docusaurus.io/docs/api/themes/configuration#theme
       theme: prismThemes.github,
       darkTheme: prismThemes.dracula,
+      // Refer to https://docusaurus.io/docs/next/markdown-features/code-blocks#supported-languages
+      additionalLanguages: ['protobuf', 'cue', 'bash', 'diff', 'json'],
+      magicComments: [
+        {
+          className: 'theme-code-block-highlighted-line',
+          line: 'highlight-next-line',
+          block: { start: 'highlight-start', end: 'highlight-end' },
+        },
+        {
+          className: 'code-block-error-message',
+          line: 'highlight-next-line-error-message',
+        },
+        {
+          className: 'code-block-info-line',
+          line: 'highlight-next-line-info',
+          block: { start: 'highlight-info-start', end: 'highlight-info-end' },
+        },
+      ],
+    },
+    mermaid: {
+      // Refer to https://mermaid.js.org/config/theming.html
+      theme: { light: 'neutral', dark: 'dark' },
     },
   } satisfies Preset.ThemeConfig,
 };

doc/website/package.json

@@ -17,6 +17,7 @@
   "dependencies": {
     "@docusaurus/core": "3.4.0",
     "@docusaurus/preset-classic": "3.4.0",
+    "@docusaurus/theme-mermaid": "^3.4.0",
     "@mdx-js/react": "^3.0.0",
     "clsx": "^2.0.0",
     "prism-react-renderer": "^2.3.0",
@@ -24,9 +25,12 @@
     "react-dom": "^18.0.0"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "3.4.0",
-    "@docusaurus/tsconfig": "3.4.0",
-    "@docusaurus/types": "3.4.0",
+    "@docusaurus/module-type-aliases": "^3.4.0",
+    "@docusaurus/tsconfig": "^3.4.0",
+    "@docusaurus/types": "^3.4.0",
+    "@wcj/html-to-markdown-cli": "^2.1.1",
+    "cspell": "^8.10.4",
+    "html-to-markdown": "^1.0.0",
     "typescript": "~5.2.2"
   },
   "browserslist": {

doc/website/sidebars.ts

@@ -1,4 +1,4 @@
-import type {SidebarsConfig} from '@docusaurus/plugin-content-docs';
+import type { SidebarsConfig } from '@docusaurus/plugin-content-docs';
 
 /**
  * Creating a sidebar enables you to:
@@ -11,21 +11,30 @@ import type {SidebarsConfig} from '@docusaurus/plugin-content-docs';
  Create as many sidebars as you want.
  */
 const sidebars: SidebarsConfig = {
-  // By default, Docusaurus generates a sidebar from the docs folder structure
-  tutorialSidebar: [{type: 'autogenerated', dirName: '.'}],
-
-  // But you can create a sidebar manually
-  /*
-  tutorialSidebar: [
+  doc: [
     'intro',
-    'hello',
     {
       type: 'category',
       label: 'Tutorial',
-      items: ['tutorial-basics/create-a-document'],
+      collapsed: false,
+      items: [
+        'tutorial/local/k3d',
+      ],
     },
+    {
+      type: 'category',
+      label: 'Reference Platform',
+      collapsed: false,
+      items: [
+        'reference-platform/architecture',
+      ],
+    },
+    'glossary',
+  ],
+  api: [
+    'api/core/v1alpha2',
+    'cli',
   ],
-   */
 };
 
 export default sidebars;

doc/website/src/components/HomepageFeatures/index.tsx

@@ -10,38 +10,40 @@ type FeatureItem = {
 
 const FeatureList: FeatureItem[] = [
   {
-    title: 'Easy to Use',
-    Svg: require('@site/static/img/undraw_docusaurus_mountain.svg').default,
+    title: 'Zero Trust Security',
+    Svg: require('@site/static/img/base00/undraw_security_on_re_e491.svg').default,
     description: (
       <>
-        Docusaurus was designed from the ground up to be easily installed and
-        used to get your website up and running quickly.
+        Spend more time on your business features and less time rebuilding
+        authentication and authorization.  Holos provides zero trust security
+        with no code needed to protect your services.
       </>
     ),
   },
   {
-    title: 'Focus on What Matters',
-    Svg: require('@site/static/img/undraw_docusaurus_tree.svg').default,
+    title: 'Multi-Cloud',
+    Svg: require('@site/static/img/base00/undraw_cloud_hosting_7xb1.svg').default,
     description: (
       <>
-        Docusaurus lets you focus on your docs, and we&apos;ll do the chores. Go
-        ahead and move your docs into the <code>docs</code> directory.
+        Avoid vendor lock in, downtime, and price hikes.  Holos is designed to
+        easily deploy workloads into multiple clouds and multiple regions.
       </>
     ),
   },
   {
-    title: 'Powered by React',
-    Svg: require('@site/static/img/undraw_docusaurus_react.svg').default,
+    title: 'Developer Portal',
+    Svg: require('@site/static/img/base00/undraw_data_trends_re_2cdy.svg').default,
     description: (
       <>
-        Extend or customize your website layout by reusing React. Docusaurus can
-        be extended while reusing the same header and footer.
+        Ship high quality code quickly, provide a great developer experience,
+        and maintain control over your infrastructure with the integrated
+        Backstage developer portal.
       </>
     ),
   },
 ];
 
-function Feature({title, Svg, description}: FeatureItem) {
+function Feature({ title, Svg, description }: FeatureItem) {
   return (
     <div className={clsx('col col--4')}>
       <div className="text--center">

doc/website/src/css/custom.css

@@ -6,25 +6,50 @@
 
 /* You can override the default Infima variables here. */
 :root {
-  --ifm-color-primary: #2e8555;
-  --ifm-color-primary-dark: #29784c;
-  --ifm-color-primary-darker: #277148;
-  --ifm-color-primary-darkest: #205d3b;
-  --ifm-color-primary-light: #33925d;
-  --ifm-color-primary-lighter: #359962;
-  --ifm-color-primary-lightest: #3cad6e;
+  --ifm-link-color: #268bd2;
+  --docusaurus-highlighted-code-line-bg: #eee8d5;
+
+  /* Solarized Base03 */
+  --ifm-color-primary: #002b36;
+  /* Solarized Base3 */
+  --ifm-color-primary-light-background: #fdf6e3;
+
+  /* Solarized Base00 */
+  --ifm-color-primary-dark: #657b83;
+  /* Solarized Base01 */
+  --ifm-color-primary-darker: #586e75;
+  /* Solarized Base02 */
+  --ifm-color-primary-darkest: #073642;
+  /* Solarized Base0 */
+  --ifm-color-primary-light: #839496;
+  /* Solarized Base1 */
+  --ifm-color-primary-lighter: #93a1a1;
+  /* Solarized Base2 */
+  --ifm-color-primary-lightest: #eee8d5;
   --ifm-code-font-size: 95%;
-  --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.1);
 }
 
 /* For readability concerns, you should choose a lighter palette in dark mode. */
 [data-theme='dark'] {
-  --ifm-color-primary: #25c2a0;
-  --ifm-color-primary-dark: #21af90;
-  --ifm-color-primary-darker: #1fa588;
-  --ifm-color-primary-darkest: #1a8870;
-  --ifm-color-primary-light: #29d5b0;
-  --ifm-color-primary-lighter: #32d8b4;
-  --ifm-color-primary-lightest: #4fddbf;
-  --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3);
+  --ifm-link-color: #268bd2;
+  --docusaurus-highlighted-code-line-bg: #073642;
+
+  /* Solarized Base3 */
+  --ifm-color-primary: #fdf6e3;
+  /* Solarized Base03 */
+  --ifm-color-primary-light-background: #002b36;
+
+  /* Solarized Base02 */
+  --ifm-color-primary-dark: #073642;
+  /* Solarized Base01 */
+  --ifm-color-primary-darker: #586e75;
+  /* Solarized Base00 */
+  --ifm-color-primary-darkest: #657b83;
+  /* Solarized Base2 */
+  --ifm-color-primary-light: #eee8d5;
+  /* Solarized Base1 */
+  --ifm-color-primary-lighter: #93a1a1;
+  /* Solarized Base0 */
+  --ifm-color-primary-lightest: #839496;
+  --ifm-code-font-size: 95%;
 }

doc/website/src/pages/index.tsx

@@ -8,7 +8,7 @@ import Heading from '@theme/Heading';
 import styles from './index.module.css';
 
 function HomepageHeader() {
-  const {siteConfig} = useDocusaurusContext();
+  const { siteConfig } = useDocusaurusContext();
   return (
     <header className={clsx('hero hero--primary', styles.heroBanner)}>
       <div className="container">
@@ -16,11 +16,16 @@ function HomepageHeader() {
           {siteConfig.title}
         </Heading>
         <p className="hero__subtitle">{siteConfig.tagline}</p>
+        <p className="projectDesc">
+          Holos is a holistic software development platform built from the most
+          popular open source projects.<br /> Build your developer platform in
+          no time.
+        </p>
         <div className={styles.buttons}>
           <Link
             className="button button--secondary button--lg"
             to="/docs/intro">
-            Docusaurus Tutorial - 5min ⏱️
+            Get Started
           </Link>
         </div>
       </div>
@@ -29,11 +34,11 @@ function HomepageHeader() {
 }
 
 export default function Home(): JSX.Element {
-  const {siteConfig} = useDocusaurusContext();
+  const { siteConfig } = useDocusaurusContext();
   return (
     <Layout
       title={`Hello from ${siteConfig.title}`}
-      description="Description will go into a meta tag in <head />">
+      description="Holos provides a software development platform that holistically integrates the most popular cloud native projects.">
       <HomepageHeader />
       <main>
         <HomepageFeatures />

doc/website/static/img/logo-dark.svg

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Created with Vectornator (http://vectornator.io/) -->
+<svg style="fill-rule:nonzero;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;" version="1.1" viewBox="0 0 605.044 336.948" xmlns="http://www.w3.org/2000/svg" xmlns:vectornator="http://vectornator.io" xmlns:xlink="http://www.w3.org/1999/xlink">
+<defs/>
+<g id="Logo" vectornator:layerName="Logo">
+<g opacity="1">
+<path d="M591.109 167.89C580.229 111.687 546.936 77.6261 491.282 65.5687C433.469 53.0447 384.362 69.3554 342.802 110.398C310.616 142.185 278.709 174.259 246.482 205.995C225.922 226.226 205.922 247.343 179.109 259.626C149.202 273.334 119.469 272.37 93.4157 251.847C66.8557 230.91 61.2157 201.791 69.349 169.809C81.5757 121.787 138.509 102.695 182.402 131.721C187.656 135.193 192.829 138.787 198.149 142.406C200.682 140.009 202.496 138.35 204.242 136.622C224.509 116.598 244.109 95.8634 265.162 76.7034C293.082 51.2821 325.909 36.9234 364.469 39.9821C377.656 41.0274 390.656 44.4154 406.242 47.1781C374.122 16.6794 338.802 2.73806 296.776 9.35939C257.362 15.5701 226.149 36.7381 199.789 65.6101C193.602 72.3927 188.029 74.0394 179.256 70.7394C168.722 66.7727 158.376 64.2394 148.229 63.0127L148.229 63.0087C148.216 63.0074 148.189 63.0074 148.176 63.0061C148.056 62.9914 147.936 62.9714 147.816 62.9581C147.802 62.9687 147.802 62.9767 147.789 62.9874C21.4957 55.3727 9.17567 165.405 9.17567 165.405C-2.58433 286.525 80.029 311.302 80.029 311.302L80.069 311.302C90.0823 315.263 100.456 318.062 111.029 320.229L111.042 320.25C111.042 320.25 112.962 320.745 116.509 321.295C117.456 321.47 118.402 321.653 119.349 321.819C119.376 321.781 119.402 321.745 119.416 321.706C138.362 324.111 187.416 325.538 246.122 289.946C246.242 289.951 246.376 289.939 246.496 289.95C284.176 252.225 321.882 214.525 359.722 176.97C377.829 159.006 394.296 138.981 418.056 127.409C455.242 109.302 501.269 117.934 522.642 147.982C539.616 171.834 541.616 197.893 529.402 223.943C516.682 251.057 493.776 265.733 464.016 266.622C423.082 267.846 382.082 267.358 341.122 267.277C332.309 267.259 325.469 269.946 319.336 276.357C306.549 289.741 293.216 302.61 280.202 315.782C278.402 317.595 275.269 320.245 272.429 323.437C276.522 323.878 281.362 324.021 283.762 324.023C330.429 324.065 377.096 324.385 423.762 323.905C446.856 323.666 470.549 324.903 492.896 320.317C561.376 306.267 604.602 237.579 591.109 167.89" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+<path d="M202.896 194.097C202.896 228.629 174.909 256.622 140.376 256.622C105.842 256.622 77.8423 228.629 77.8423 194.097C77.8423 159.565 105.842 131.57 140.376 131.57C174.909 131.57 202.896 159.565 202.896 194.097" fill="#fdf6e3" fill-rule="nonzero" opacity="1" stroke="none"/>
+</g>
+</g>
+</svg>

doc/website/website.go

@@ -1,24 +0,0 @@
-// Package website embeds the docs website for the server subcommand.  Docs are
-// served at /docs similar to how the ui is served at /ui.
-package website
-
-import (
-	"embed"
-	"io/fs"
-)
-
-// Output must be the relative path to where the build tool places the static
-// site index.html file.
-const OutputPath = "build"
-
-//go:embed all:build
-var Dist embed.FS
-
-// Root returns the static site root directory.
-func Root() fs.FS {
-	sub, err := fs.Sub(Dist, OutputPath)
-	if err != nil {
-		panic(err)
-	}
-	return sub
-}

docs/runbooks/login/backups.md

@@ -1,97 +1,10 @@
-# PostgresCluster Backups
+# ZITADEL Backups
 
-This document describes how the S3 bucket for `PostgresCluster` backups is configured.  These buckets are configured both for ZITADEL and for Holos 
-Server and are applicable to any service in Holos that stores data in a pgo `PostgresCluster` resource.
+Refer to [Schedule backups](https://cloudnative-pg.io/documentation/1.23/backup/#scheduled-backups)
 
-## Create the Bucket
-Name: `holos-zitadel-backups` for `zitadel`
-Name: `holos-server-backups` for `holos server`
-> [!NOTE]
-> The settings below match the default settings recommended by AWS.
+By default ZITADEL is backed up daily to S3.  When restoring into a new cluster
+of the same name, increment the revision variable to create a new blank folder
+for the new cluster WAL.  The cluster will not initialize unless the WAL
+directory is empty.
 
-Object Ownership: `ACLs disabled` (recommended) Checked.
-Block Public Access settings for this bucket: **`Block all public access`** Checked.
-Bucket Versioning: `Disable`
-Default encryption: `Server-side encryption with Amazon S3 managed keys (SSE-S3)`
-Bucket Key: `Enable`
-Object Lock: `Disable`
-
-## Create an IAM Policy
-Create one IAM Policy for each bucket to grant full access to the bucket.  Replace the resource with each bucket name.
-Name: `holos-zitadel-backups` for `zitadel`
-Name: `holos-server-backups` for `holos server`
-Description: `Read and write access to a specific bucket for pgrest operating within a pgo PostgresCluster.`
-
-Policy JSON:
-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "s3:GetBucketLocation",
-                "s3:ListAllMyBuckets"
-            ],
-            "Resource": "arn:aws:s3:::*"
-        },
-        {
-            "Effect": "Allow",
-            "Action": "s3:*",
-            "Resource": [
-                "arn:aws:s3:::holos-zitadel-backups",
-                "arn:aws:s3:::holos-zitadel-backups/*"
-            ]
-        }
-    ]
-}
-```
-## Create an IAM Group
-Create an IAM Group to attach the policy granting access to the bucket.
-Name: `holos-zitadel-backups` for `zitadel`
-Attach permission policies: `holos-zitadel-backups`
-
-Name: `holos-server-backups` for `holos server`
-Attach permission policies: `holos-server-backups`
-## Create the IAM User
-Create an IAM User entity for each PostgresCluster.  Do not provide user access to the AWS Management Console.
-Name: `holos-zitadel-backups` for `zitadel`
-Group: `holos-zitadel-backups`
-
-Name: `holos-server-backups` for `holos server`
-Group: `holos-server-backups`
-
-## Create an Access Key
-Create an access key for `pgbackrest` associated with the `PostgresCluster`.
-
-Description: 
-> Used by pgbackrest associated with the PostgresCluster resource.  Refer to the PostgresCluster resource pgbackrest.cofiguration.secret.name for the stored location of the access key.  Synced from the Management Cluster using an ExternalSecret.
-## Create the Secret
-Create a `Secret` in the holos management cluster usable by pgbackrest.  This is a secret with a single key, `s3.conf` with the following format:
-```
-[global]
-repo2-cipher-pass=
-repo2-s3-key=
-repo2-s3-key-secret=
-repo3-cipher-pass=
-repo3-s3-key=
-repo3-s3-key-secret=
-```
-> [!NOTE]
-> Use the same values for repo2 and repo3.  The purpose is to make space for migrating if need be in the future.
-
-Generate the cipher pass using.  This password is used to encrypt all backups using client side before the backup is written to the bucket.
-```
-tr -dc A-Za-z0-9 </dev/urandom | head -c 64
-```
-
-Store the secret into the management cluster:
-```
-holos create secret --namespace zitadel holos-zitadel-backups \
-  --append-hash=false --from-file .
-```
-
-```
-holos create secret --namespace holos holos-server-backups \
-  --append-hash=false --from-file .
-```
+The cluster will recovery from the previous rev.

docs/runbooks/postgres-backup.md

@@ -1,150 +1,3 @@
 # Postgres Full Backup
 
-Suppose you delete all objects in the S3 bucket hosting all postgres backups.  You want to take a full backup ASAP of an existing PostgreSQL database.
-
-The normal method of annotating the `postgrescluster` resource will not work because the job will error:
-
-```
-❯ kubectl annotate postgrescluster zitadel postgres-operator.crunchydata.com/pgbackrest-backup="$(date)" --overwrite
-postgrescluster.postgres-operator.crunchydata.com/zitadel annotated
-```
-
-Backup fails:
-
-```
-❯ k get pods
-NAME                                    READY   STATUS      RESTARTS      AGE
-zitadel-backup-hk7w-76bfk               0/1     Error       0             65s
-zitadel-backup-hk7w-d55v6               0/1     Error       0             44s
-zitadel-backup-hk7w-l9dwm               0/1     Error       0             76s
-zitadel-backup-hk7w-zcg69               0/1     Error       0             3s
-zitadel-pgbouncer-d9f8cffc-nx8lq        2/2     Running     0             49m
-zitadel-pgbouncer-d9f8cffc-s7g7x        2/2     Running     0             49m
-zitadel-pgha1-2xv2-0                    5/5     Running     0             48m
-zitadel-pgha1-78f4-0                    5/5     Running     0             49m
-zitadel-repo-host-0                     2/2     Running     0             49m
-```
-
-Error is: `FileMissingError: unable to open missing file '/pgbackrest/prod-iam/zitadel/repo2/backup/db/backup.info.copy' for read`
-
-```
-time="2024-04-08T00:02:11Z" level=info msg="crunchy-pgbackrest starts"
-time="2024-04-08T00:02:11Z" level=info msg="debug flag set to false"
-time="2024-04-08T00:02:12Z" level=info msg="backrest backup command requested"
-time="2024-04-08T00:02:12Z" level=info msg="command to execute is [pgbackrest backup --stanza=db --repo=2 --type=full]"
-time="2024-04-08T00:02:12Z" level=info msg="output=[]"
-time="2024-04-08T00:02:12Z" level=info msg="stderr=[ERROR: [055]: unable to load info file '/pgbackrest/prod-iam/zitadel/repo2/backup/db/backup.info' or '/pgbackrest/prod-iam/zitadel/repo2/backup/db/backup.info.copy':\n       FileMissingError: unable to open missing file '/pgbackrest/prod-iam/zitadel/repo2/backup/db/backup.info' for read\n       FileMissingError: unable to open missing file '/pgbackrest/prod-iam/zitadel/repo2/backup/db/backup.info.copy' for read\n       HINT: backup.info cannot be opened and is required to perform a backup.\n       HINT: has a stanza-create been performed?\n]"
-time="2024-04-08T00:02:12Z" level=fatal msg="command terminated with exit code 55"
-```
-
-## Fix Process
-
-We need to edit the postgrescluster.  We're going to have the controller re-initialize the backup repository from scratch by removing it and re-adding it.
-
-First, suspend flux:
-
-```
-flux suspend ks prod-iam-zitadel prod-iam-postgres
-```
-
-Save the config to two files:
-
-```
-kubectl get postgresclusters.postgres-operator.crunchydata.com zitadel -o yaml > orig.yaml
-cp orig.yaml new.yaml
-```
-
-Remove the follow fields and re-apply the cluster.  This will leave the cluster running and available while the controller reconciles the repo configuration:
-
-```diff
---- orig.yaml	2024-04-07 17:08:26.834715820 -0700
-+++ new.yaml	2024-04-07 17:08:57.418546067 -0700
-@@ -4,6 +4,4 @@
-   annotations:
-     holos.run/description: ""
--    postgres-operator.crunchydata.com/pgbackrest-backup: Sun 07 Apr 2024 05:01:35
--      PM PDT
-   creationTimestamp: "2024-04-07T23:10:44Z"
-   finalizers:
-@@ -26,12 +24,5 @@
-         repo1-retention-full: "1"
-         repo2-cipher-type: aes-256-cbc
--        repo2-path: /pgbackrest/prod-iam/zitadel/repo2
--        repo2-retention-full: "14"
--        repo2-retention-full-type: time
-       image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.49-0
--      manual:
--        options:
--        - --type=full
--        repoName: repo2
-       repos:
-       - name: repo1
-@@ -43,12 +34,4 @@
-               requests:
-                 storage: 4Gi
--      - name: repo2
--        s3:
--          bucket: ois-zitadel-backups
--          endpoint: s3.dualstack.us-east-2.amazonaws.com
--          region: us-east-2
--        schedules:
--          differential: 0 1 * * 1-6
--          full: 0 1 * * 0
-       restore:
-         enabled: true
-```
-
-Apply the config and wait for the controller to reconcile:
-
-```
-k apply --server-side=true -f new.yaml --force-conflicts
-```
-
-Check for reconciliation:
-
-```
-kubectl -n postgres-operator logs -l app.kubernetes.io/name=pgo | tail -1
-```
-
-```
-time="2024-04-08T00:10:03Z" level=debug msg="reconciled cluster" controller=postgrescluster controllerGroup=postgres-operator.crunchydata.com controllerKind=PostgresCluster name=zitadel namespace=prod-iam postgresCluster=prod-iam/zitadel reconcileID=cc8c8eb7-9787-4504-8ecd-a04ec84fbc0b version=5.5.1-0-amd64
-```
-
-Re-add the repo host configuration
-
-```
-grep -v 'resourceVersion:' orig.yaml | k apply --server-side=true --force-conflicts -f-
-```
-
-```
-postgrescluster.postgres-operator.crunchydata.com/zitadel serverside-applied
-```
-
-The full backup should be running and writing to S3 now:
-
-```
-kubectl logs -l postgres-operator.crunchydata.com/pgbackrest-backup=manual
-```
-
-```
-time="2024-04-08T00:12:54Z" level=info msg="crunchy-pgbackrest starts"
-time="2024-04-08T00:12:54Z" level=info msg="debug flag set to false"
-time="2024-04-08T00:12:54Z" level=info msg="backrest backup command requested"
-time="2024-04-08T00:12:54Z" level=info msg="command to execute is [pgbackrest backup --stanza=db --repo=2 --type=full]"
-time="2024-04-08T00:16:02Z" level=info msg="output=[]"
-time="2024-04-08T00:16:02Z" level=info msg="stderr=[]"
-time="2024-04-08T00:16:02Z" level=info msg="crunchy-pgbackrest ends"
-```
-
-Finally, resume flux:
-
-```
-flux resume ks prod-iam-postgres prod-iam-zitadel
-```
-
-```
-► resuming kustomization prod-iam-postgres in flux-system namespace
-✔ kustomization resumed
-► resuming kustomization prod-iam-zitadel in flux-system namespace
-✔ kustomization resumed
-```
+Refer to [On-demand backups](https://cloudnative-pg.io/documentation/1.23/backup/#on-demand-backups)

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mennanov/fieldmask-utils v1.1.2
 	github.com/olekukonko/tablewriter v0.0.5
+	github.com/princjef/gomarkdoc v1.1.0
 	github.com/prometheus/client_golang v1.19.0
 	github.com/rogpeppe/go-internal v1.12.0
 	github.com/sethvargo/go-retry v0.2.4
@@ -57,6 +58,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/achanda/go-sysctl v0.0.0-20160222034550-6be7678c45d2 // indirect
 	github.com/agext/levenshtein v1.2.1 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
@@ -71,6 +73,7 @@ require (
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
+	github.com/cheggaaa/pb/v3 v3.0.8 // indirect
 	github.com/choria-io/fisk v0.6.2 // indirect
 	github.com/choria-io/go-choria v0.28.1-0.20240416190746-b3bf9c7d5a45 // indirect
 	github.com/choria-io/go-updater v0.1.0 // indirect
@@ -93,6 +96,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emicklei/proto v1.10.0 // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
 	github.com/envoyproxy/go-control-plane v0.12.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
@@ -100,8 +104,12 @@ require (
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/fgprof v0.9.4 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-chi/chi/v5 v5.0.12 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/go-git/go-git/v5 v5.3.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
@@ -136,6 +144,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect
 	github.com/guptarohit/asciigraph v0.7.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.13.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
@@ -147,16 +156,20 @@ require (
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jdx/go-netrc v1.0.0 // indirect
 	github.com/jhump/protoreflect v1.16.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kevinburke/ssh_config v1.1.0 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lib/pq v1.10.9 // indirect
+	github.com/logrusorgru/aurora/v4 v4.0.0 // indirect
 	github.com/looplab/fsm v1.0.1 // indirect
 	github.com/lufia/plan9stats v0.0.0-20240408141607-282e7b5d6b74 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
@@ -182,6 +195,7 @@ require (
 	github.com/nats-io/nkeys v0.4.7 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/nxadm/tail v1.4.11 // indirect
 	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.17.1 // indirect
 	github.com/onsi/gomega v1.32.0 // indirect
@@ -189,11 +203,14 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/profile v1.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
+	github.com/princjef/mageutil v1.0.0 // indirect
+	github.com/princjef/termdiff v0.1.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.52.3 // indirect
 	github.com/prometheus/procfs v0.13.0 // indirect
@@ -204,16 +221,23 @@ require (
 	github.com/robfig/cron v1.2.0 // indirect
 	github.com/rs/cors v1.10.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/samber/lo v1.39.0 // indirect
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
+	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/shirou/gopsutil/v3 v3.24.3 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/viper v1.18.2 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/tetratelabs/wazero v1.6.0 // indirect
 	github.com/tidwall/gjson v1.17.1 // indirect
@@ -222,6 +246,8 @@ require (
 	github.com/tklauser/go-sysconf v0.3.13 // indirect
 	github.com/tklauser/numcpus v0.7.0 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/x-cray/logrus-prefixed-formatter v0.5.2 // indirect
+	github.com/xanzy/ssh-agent v0.3.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xlab/tablewriter v0.0.0-20160610135559-80b567a11ad5 // indirect
@@ -251,6 +277,8 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20240325203815-454cdb8f5daa // indirect
 	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
@@ -262,6 +290,7 @@ require (
 	modernc.org/memory v1.7.2 // indirect
 	modernc.org/strutil v1.2.0 // indirect
 	modernc.org/token v1.1.0 // indirect
+	mvdan.cc/xurls/v2 v2.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )

go.sum

@@ -72,18 +72,27 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
+github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
+github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
+github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/achanda/go-sysctl v0.0.0-20160222034550-6be7678c45d2 h1:NYoPVh1XuUB5VBWLXRKoqzQhl4bajIxh+XuURbJ0uwc=
 github.com/achanda/go-sysctl v0.0.0-20160222034550-6be7678c45d2/go.mod h1:DCNKSpXhum14Y258jSbRmJvcesbzEdBPincz7yJUx3k=
 github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
 github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
 github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
@@ -91,6 +100,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
@@ -119,6 +130,10 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
 github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
+github.com/cheggaaa/pb v2.0.7+incompatible/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
+github.com/cheggaaa/pb/v3 v3.0.4/go.mod h1:7rgWxLrAUcFMkvJuv09+DYi7mMUYi8nO9iOWcvGJPfw=
+github.com/cheggaaa/pb/v3 v3.0.8 h1:bC8oemdChbke2FHIIGy9mn4DPJ2caZYQnfbRqwmdCoA=
+github.com/cheggaaa/pb/v3 v3.0.8/go.mod h1:UICbiLec/XO6Hw6k+BHEtHeQFzzBH4i2/qk/ow1EJTA=
 github.com/choria-io/fisk v0.6.2 h1:Vfvpcv8SD53FHW5cT4u7LStpz/wThwRPQHU7mzv1kMI=
 github.com/choria-io/fisk v0.6.2/go.mod h1:PajiUZTAotE5zO18eU6UexuPLLv565WOma4dB0ObxRM=
 github.com/choria-io/go-choria v0.28.1-0.20240416190746-b3bf9c7d5a45 h1:B76eu8PMXr3mAhQl8y7NSsb1/4KCKX4bEDTsKWh7/CQ=
@@ -199,6 +214,8 @@ github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxER
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emicklei/proto v1.10.0 h1:pDGyFRVV5RvV+nkBK9iy3q67FBy9Xa7vwrOTE+g5aGw=
 github.com/emicklei/proto v1.10.0/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A=
+github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -213,6 +230,9 @@ github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/expr-lang/expr v1.16.4 h1:1Mq5RHw5T5jxXMUvyb+eT546mJREm1yFyNHkybYQ81c=
 github.com/expr-lang/expr v1.16.4/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
@@ -220,18 +240,34 @@ github.com/felixge/fgprof v0.9.4 h1:ocDNwMFlnA0NU0zSB3I52xkO4sFXk80VK9lXjLClu88=
 github.com/felixge/fgprof v0.9.4/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
 github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fullstorydev/grpcurl v1.9.1 h1:YxX1aCcCc4SDBQfj9uoWcTLe8t4NWrZe1y+mk83BQgo=
 github.com/fullstorydev/grpcurl v1.9.1/go.mod h1:i8gKLIC6s93WdU3LSmkE5vtsCxyRmihUj5FK1cNW5EM=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
+github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s=
 github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
+github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.1.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
+github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12 h1:PbKy9zOy4aAKrJ5pibIRpVO2BXnK1Tlcg+caKI7Ox5M=
+github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
+github.com/go-git/go-git/v5 v5.3.0 h1:8WKMtJR2j8RntEXR/uvTKagfEt4GYlwQ7mntE4+0GWc=
+github.com/go-git/go-git/v5 v5.3.0/go.mod h1:xdX4bWJ48aOrdhnl2XqHYstHbbp6+LFS4r4X+lNVprw=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -391,6 +427,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcl/v2 v2.13.0 h1:0Apadu1w6M11dyGFxWnmhhcMjkbAiKCv7G1r/2QgCNc=
 github.com/hashicorp/hcl/v2 v2.13.0/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
@@ -405,6 +443,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -425,8 +464,11 @@ github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
 github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
 github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
 github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jdx/go-netrc v1.0.0 h1:QbLMLyCZGj0NA8glAhxUpf1zDg6cxnWgMBbjq40W0gQ=
 github.com/jdx/go-netrc v1.0.0/go.mod h1:Gh9eFQJnoTNIRHXl2j5bJXA1u84hQWJWgGh569zF3v8=
+github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jhump/protoreflect v1.16.0 h1:54fZg+49widqXYQ0b+usAFHbMkBGR4PpXrsHc8+TBDg=
 github.com/jhump/protoreflect v1.16.0/go.mod h1:oYPd7nPvcBw/5wlDfm/AVmU9zH9BgqGCI469pGxfj/8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -437,12 +479,16 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v1.1.0 h1:pH/t1WS9NzT8go394IqZeJTMHVm6Cr6ZJ6AQ+mdNo/o=
+github.com/kevinburke/ssh_config v1.1.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
 github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -458,21 +504,35 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lmittmann/tint v1.0.4 h1:LeYihpJ9hyGvE0w+K2okPTGUdVLfng1+nDNVR4vWISc=
 github.com/lmittmann/tint v1.0.4/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=
+github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA=
+github.com/logrusorgru/aurora/v4 v4.0.0/go.mod h1:lP0iIa2nrnT/qoFXcOZSrZQpJ1o6n2CUf/hyHi2Q4ZQ=
 github.com/looplab/fsm v1.0.1 h1:OEW0ORrIx095N/6lgoGkFkotqH6s7vaFPsgjLAaF5QU=
 github.com/looplab/fsm v1.0.1/go.mod h1:PmD3fFvQEIsjMEfvZdrCDZ6y8VwKTwWNjlpEr6IKPO4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/lufia/plan9stats v0.0.0-20240408141607-282e7b5d6b74 h1:1KuuSOy4ZNgW0KA2oYIngXVFhQcXxhLqCVK7cBcldkk=
 github.com/lufia/plan9stats v0.0.0-20240408141607-282e7b5d6b74/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/matryer/is v1.3.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
+github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
@@ -529,10 +589,15 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
+github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=
 github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM=
 github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/onsi/ginkgo v1.14.2 h1:8mVmC9kjFFmA8H4pKMUhcblgifdkOIXPvbhN1T36q1M=
+github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
@@ -546,9 +611,12 @@ github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2sz
 github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
@@ -559,6 +627,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/princjef/gomarkdoc v1.1.0 h1:xtl7mESKQWVuGiFdd1AO3dFA6OenWG86bZu97IqBNPE=
+github.com/princjef/gomarkdoc v1.1.0/go.mod h1:HI3w0Zv8H03ecak/IqVAcPFTuPt7sn7Top6xbgCs1Qk=
+github.com/princjef/mageutil v1.0.0 h1:1OfZcJUMsooPqieOz2ooLjI+uHUo618pdaJsbCXcFjQ=
+github.com/princjef/mageutil v1.0.0/go.mod h1:mkShhaUomCYfAoVvTKRcbAs8YSVPdtezI5j6K+VXhrs=
+github.com/princjef/termdiff v0.1.0 h1:O3PWhfPFzX6GqzQ+41B3XzzJpMlx0+9Vysm+Pv76C9U=
+github.com/princjef/termdiff v0.1.0/go.mod h1:JJOfCA/eR6T1JfsoxQQ6jsG3LGoQDoKUIRQrKqAO+p4=
 github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
 github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -574,6 +648,7 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5X
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -581,18 +656,24 @@ github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ=
 github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
 github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
 github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/sethvargo/go-retry v0.2.4 h1:T+jHEQy/zKJf5s95UkguisicE0zuF9y7+/vgz08Ocec=
@@ -606,8 +687,13 @@ github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnj
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
 github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
@@ -615,9 +701,12 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
+github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
 github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
@@ -634,6 +723,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
 github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
 github.com/tetratelabs/wazero v1.6.0 h1:z0H1iikCdP8t+q341xqepY4EWvHEw8Es7tlqiVzlP3g=
@@ -657,6 +748,10 @@ github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinC
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/x-cray/logrus-prefixed-formatter v0.5.2 h1:00txxvfBM9muc0jiLIEAkAcIMJzfthRT6usrui8uGmg=
+github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE=
+github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
+github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
@@ -712,11 +807,13 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
@@ -789,6 +886,7 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
@@ -819,6 +917,7 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -831,9 +930,13 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -850,7 +953,10 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -861,6 +967,7 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1042,15 +1149,30 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.33.1-0.20240408130810-98873a205002 h1:V7Da7qt0MkY3noVANIMVBk28nOnijADeOR3i5Hcvpj4=
 google.golang.org/protobuf v1.33.1-0.20240408130810-98873a205002/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/VividCortex/ewma.v1 v1.1.1/go.mod h1:TekXuFipeiHWiAlO1+wSS23vTcyFau5u3rxXUSXj710=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/cheggaaa/pb.v2 v2.0.7/go.mod h1:0CiZ1p8pvtxBlQpLXkHuUTpdJ1shm3OqCF1QugkjHL4=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fatih/color.v1 v1.7.0/go.mod h1:P7yosIhqIl/sX8J8UypY5M+dDpD2KmyfP5IRs5v/fo0=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/mattn/go-colorable.v0 v0.1.0/go.mod h1:BVJlBXzARQxdi3nZo6f6bnl5yR20/tOL6p+V0KejgSY=
+gopkg.in/mattn/go-isatty.v0 v0.0.4/go.mod h1:wt691ab7g0X4ilKZNmMII3egK0bTxl37fEn/Fwbd8gc=
+gopkg.in/mattn/go-runewidth.v0 v0.0.4/go.mod h1:BmXejnxvhwdaATwiJbB1vZ2dtXkQKZGu9yLFCZb4msQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
@@ -1099,6 +1221,8 @@ modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
 modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+mvdan.cc/xurls/v2 v2.2.0 h1:NSZPykBXJFCetGZykLAxaL6SIpvbVy/UFEniIfHAa8A=
+mvdan.cc/xurls/v2 v2.2.0/go.mod h1:EV1RMtya9D6G5DMYPGD8zTQzaHet6Jh8gFlRgGRJeO8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

hack/buf-generate

@@ -0,0 +1,11 @@
+#! /bin/bash
+#
+# Expected to be called by go:generate in the service directory
+
+set -euo pipefail
+
+nodebin="$(cd ../internal/frontend/holos/node_modules/.bin && pwd)"
+export PATH="${nodebin}:${PATH}"
+
+buf dep update
+(cd .. && buf generate)

hack/build-website

@@ -0,0 +1,16 @@
+#! /bin/bash
+#
+# This script is intended for execution in a Cloudflare Pages build context.
+
+set -euo pipefail
+
+PARENT="$(cd "$(dirname $0)" && pwd)"
+TOPLEVEL="$(cd "${PARENT}/.." && pwd)"
+
+cd "$TOPLEVEL/doc/website"
+
+npm install
+npm run build
+
+echo "repo: ${TOPLEVEL}" >&2
+echo "build: ./doc/website/build" >&2

hack/cspell

@@ -0,0 +1,7 @@
+#! /bin/bash
+#
+set -euo pipefail
+
+TOPLEVEL="$(cd $(dirname "$0") && git rev-parse --show-toplevel)"
+
+cd "${TOPLEVEL}" && npx cspell ./doc/md/**/*.{md,mdx,markdown}

hack/gendoc

@@ -0,0 +1,16 @@
+#! /bin/bash
+#
+set -euo pipefail
+
+prefix="$(git rev-parse --show-prefix)"
+cd "$(git rev-parse --show-toplevel)"
+mkdir -p "doc/md/$(dirname "${prefix}")"
+gomarkdoc --output "doc/md/${prefix%/}.md" "./${prefix}"
+
+# Fix heading anchors by making them explicit
+# Refer to https://docusaurus.io/docs/markdown-features/toc#heading-ids
+stamp=$RANDOM
+# sed 's/^## type /## /' "doc/md/${prefix%/}.md" > "doc/md/${prefix%/}.md.${stamp}"
+
+sed -E 's/## type ([A-Za-z0-9_]+)/## type \1 {#\1}/' "doc/md/${prefix%/}.md" > "doc/md/${prefix%/}.md.${stamp}"
+mv "doc/md/${prefix%/}.md.${stamp}" "doc/md/${prefix%/}.md"

hack/tilt/Dockerfile

@@ -1,8 +0,0 @@
-FROM 271053619184.dkr.ecr.us-east-2.amazonaws.com/holos-run/container-images/debian:bullseye AS final
-USER root
-WORKDIR /app
-ADD bin bin
-RUN chown -R app: /app
-# Kubernetes requires the user to be numeric
-USER 8192
-ENTRYPOINT bin/holos server

hack/tilt/aws-login.sh

@@ -1,21 +0,0 @@
-#! /bin/bash
-
-set -euo pipefail
-
-PARENT="$(cd $(dirname "$0") && pwd)"
-
-# If necessary
-if [[ -s "${PARENT}/aws-login.last" ]]; then
-  last="$(<"${PARENT}/aws-login.last")"
-  now="$(date +%s)"
-  if [[ $(( now - last )) -lt 28800 ]]; then
-    echo "creds are still valid" >&2
-    exit 0
-  fi
-fi
-
-aws sso logout
-aws sso login
-aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin "${AWS_ACCOUNT}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com"
-# Touch a file so tilt docker_build can watch it as a dep
-date +%s > "${PARENT}/aws-login.last"

hack/tilt/aws.config

@@ -1,7 +0,0 @@
-[profile dev-holos]
-sso_account_id = 271053619184
-sso_role_name = AdministratorAccess
-sso_start_url = https://openinfrastructure.awsapps.com/start
-sso_region = us-east-2
-region = us-east-2
-output = json