OPC # 0002: Improvements to Client provisioning workflows

ControlPlane.Core/Interfaces/SagaContext.cs

@@ -27,4 +27,19 @@ public class SagaContext
     // Written by PulumiStep (DedicatedVM/Enterprise tier) — target host details for subsequent steps
     public string? VmIpAddress { get; set; }
     public string? VmSshKeyPath { get; set; }
+
+    /// <summary>
+    /// Per-component resolved endpoints for this provisioning job.
+    /// Keyed by component name: "Keycloak", "Vault", "Postgres", "Minio".
+    /// Built by ProvisioningWorker before the saga starts; OwnContainer host ports
+    /// are resolved and written back by InfrastructureProvisioningStep.
+    /// </summary>
+    public Dictionary<string, ResolvedEndpoint> ResolvedTopology { get; init; } =
+        new(StringComparer.OrdinalIgnoreCase);
+
+    /// <summary>
+    /// Absolute path to the generated docker-compose.yml for this tenant.
+    /// Non-null only for OwnContainer tenants.
+    /// </summary>
+    public string? ComposeFilePath { get; set; }
 }

ControlPlane.Core/Models/ComponentMode.cs

@@ -22,5 +22,8 @@ public enum ComponentMode
     VpsDocker,
 
     /// <summary>Own VM with the component running as a native OS process (no Docker).</summary>
-    VpsBareMetal
+    VpsBareMetal,
+
+    /// <summary>Component is not provisioned for this tenant (feature not elected).</summary>
+    Disabled
 }

ControlPlane.Core/Models/ResolvedEndpoint.cs

@@ -0,0 +1,53 @@
+namespace ControlPlane.Core.Models;
+
+/// <summary>
+/// The fully-resolved network addresses for one infrastructure component for a specific tenant.
+/// Built by ProvisioningWorker at job start from StackConfig + ClarityInfraOptions.
+/// Carried through SagaContext and persisted in TenantRecord at saga completion.
+///
+/// Design principle: Clarity.Server always talks to PublicUrl (goes through nginx/dnsmasq).
+/// The Worker uses AdminUrl (direct host-accessible URL) for admin API calls during provisioning.
+/// InternalUrl is injected into container env vars for container-to-container communication.
+/// </summary>
+public sealed record ResolvedEndpoint
+{
+    /// <summary>Mode elected for this component.</summary>
+    public ComponentMode Mode { get; init; }
+
+    /// <summary>
+    /// URL the Worker process uses to call this component's admin API.
+    /// Worker runs on the host machine:
+    ///   SharedPlatform → http://localhost:{exposedPort}  (docker-compose exposes to host)
+    ///   OwnContainer   → http://localhost:{ephemeralPort} (resolved by InfrastructureProvisioningStep)
+    ///   VPS            → operator-supplied external URL
+    /// </summary>
+    public string AdminUrl { get; init; } = string.Empty;
+
+    /// <summary>
+    /// Public DNS URL injected into Clarity.Server and surfaced in the TenantRecord.
+    /// Always routes through nginx/dnsmasq — no direct Docker DNS leaks to app code.
+    ///   SharedPlatform → https://keycloak.clarity.test
+    ///   OwnContainer   → https://kc.{subdomain}.clarity.test
+    /// </summary>
+    public string PublicUrl { get; init; } = string.Empty;
+
+    /// <summary>
+    /// Docker-internal URL for container-to-container communication on the managed network.
+    ///   SharedPlatform → http://keycloak:8080
+    ///   OwnContainer   → http://kc-{subdomain}:8080
+    /// </summary>
+    public string InternalUrl { get; init; } = string.Empty;
+
+    /// <summary>Docker container name, if the Worker manages this component.</summary>
+    public string? ContainerName { get; init; }
+
+    /// <summary>
+    /// Admin username for this component instance.
+    /// Null for SharedPlatform (read from Keycloak:AdminUser config at call time).
+    /// Explicitly set for OwnContainer sidecars.
+    /// </summary>
+    public string? AdminUser { get; init; }
+
+    /// <summary>Admin password for this component instance. See AdminUser.</summary>
+    public string? AdminPassword { get; init; }
+}