Bundled Schemas

decoct ships with 25 bundled schemas accessible via short names (e.g., --schema docker-compose). Total: 1,494 platform defaults across 25 schemas.

Summary

Schema	Defaults	Auto-Detect	Source
ansible-playbook	132	Yes	Ansible builtin module documentation
argocd	14	No	ArgoCD CRD spec
aws-cloudformation	56	No	AWS CloudFormation Resource Specification
azure-arm	65	No	Azure ARM/Bicep Template Reference
cloud-init	55	Yes	cloud-init upstream JSON Schema
docker-compose	35	Yes	Docker Compose specification + compose-go
entra-id	44	No	Microsoft Graph API v1.0 Reference
fluent-bit	75	No	Fluent Bit Official Manual
gcp-resources	42	No	GCP REST API Reference
github-actions	8	Yes	GitHub Actions documentation + SchemaStore
gitlab-ci	25	No	GitLab CI/CD YAML syntax reference
grafana	162	No	Grafana defaults.ini
intune	96	No	Microsoft Graph API v1.0 Intune Reference
kafka	63	No	Apache Kafka Broker Configs (v3.7+)
keycloak	78	No	Keycloak Server Administration Guide + REST API
kubernetes	50	Yes	Kubernetes API Reference (v1.29+)
mariadb-mysql	76	No	MySQL 8.0 + MariaDB 10.11 docs
mongodb	15	No	MongoDB Manual (v8.0)
opentelemetry-collector	19	No	OpenTelemetry Collector source (v0.110.0+)
postgresql	169	No	PostgreSQL Documentation (v17)
prometheus	62	Yes	Prometheus source code + config reference
redis	61	No	Redis 7.0 redis.conf reference
sshd-config	35	No	OpenSSH 9.x sshd_config(5) man page
terraform-state	0	Yes	Terraform state file format v4
traefik	57	Yes	Traefik v3 documentation

Auto-Detection

Eight platforms support automatic detection when no --schema is provided:

Platform	Detection Rule
Docker Compose	services key with a dict value
Kubernetes	Both apiVersion and kind keys
Ansible Playbook	List where first item has hosts and tasks/roles
cloud-init	2+ keys from packages, runcmd, write_files, users, etc.
Terraform State	Both terraform_version and resources keys
GitHub Actions	Both on and jobs keys
Traefik	entryPoints, or providers with api/log
Prometheus	scrape_configs key

Container & Orchestration

docker-compose

• Defaults: 35
• Key defaults: services.*.restart: "no", services.*.privileged: false, services.*.network_mode: bridge, services.*.logging.driver: json-file, services.*.deploy.replicas: 1, services.*.healthcheck.interval: 30s, services.*.healthcheck.retries: 3
• Auto-detection: services key with dict value

kubernetes

• Defaults: 50
• Key defaults: **.restartPolicy: Always, **.terminationGracePeriodSeconds: 30, **.containers.*.imagePullPolicy: IfNotPresent, spec.replicas: 1, spec.revisionHistoryLimit: 10, spec.strategy.type: RollingUpdate
• System-managed: metadata.uid, metadata.resourceVersion, metadata.generation, metadata.creationTimestamp, metadata.managedFields, status
• Auto-detection: Both apiVersion and kind keys

Configuration Management

ansible-playbook

• Defaults: 132
• Key defaults: *.gather_facts: true, *.become: false, **.apt.state: present, **.systemd.scope: system, **.copy.force: true, **.user.state: present, **.git.version: HEAD
• Auto-detection: List where first item has hosts and tasks/roles

cloud-init

• Defaults: 55
• Key defaults: package_update: false, package_upgrade: false, disable_root: true, ssh_deletekeys: true, write_files.*.permissions: "0644", ntp.enabled: true
• Auto-detection: 2+ cloud-init keys present

sshd-config

• Defaults: 35
• Key defaults: Port: 22, PermitRootLogin: prohibit-password, PasswordAuthentication: yes, PubkeyAuthentication: yes, MaxAuthTries: 6, X11Forwarding: no

Infrastructure as Code

terraform-state

• Defaults: 0 (relies on system-managed field removal)
• System-managed: version, serial, lineage, terraform_version, outputs.*.type, resources.*.instances.*.schema_version, and more
• Auto-detection: Both terraform_version and resources keys

aws-cloudformation

• Defaults: 56
• Key defaults: **.SourceDestCheck: true, **.MultiAZ: false, **.AutoMinorVersionUpgrade: true, **.Timeout: 3 (Lambda), **.MemorySize: 128 (Lambda), **.DesiredCount: 1 (ECS)
• System-managed: **.PhysicalResourceId, **.StackId, **.CreationTime, **.ResourceStatus

azure-arm

• Defaults: 65
• Key defaults: **.properties.priority: Regular, **.properties.allowBlobPublicAccess: false, **.properties.supportsHttpsTrafficOnly: true, **.properties.enabled: true (App Service)
• System-managed: 20 fields including **.properties.provisioningState, **.properties.vmId, **.etag

gcp-resources

• Defaults: 42
• Key defaults: **.scheduling.automaticRestart: true, **.canIpForward: false, **.initialNodeCount: 3 (GKE), **.storageClass: STANDARD, **.settings.activationPolicy: ALWAYS (Cloud SQL)
• System-managed: **.id, **.selfLink, **.creationTimestamp, **.status, **.fingerprint

CI/CD

github-actions

• Defaults: 8
• Key defaults: jobs.*.timeout-minutes: 360, jobs.*.continue-on-error: false, jobs.*.strategy.fail-fast: true, concurrency.cancel-in-progress: false
• Auto-detection: Both on and jobs keys

gitlab-ci

• Defaults: 25
• Key defaults: *.when: on_success, *.allow_failure: false, *.retry: 0, *.artifacts.expire_in: 30 days, *.cache.key: default

argocd

• Defaults: 14
• Key defaults: spec.project: default, spec.source.targetRevision: HEAD, spec.syncPolicy.automated.prune: false, spec.syncPolicy.automated.selfHeal: false
• System-managed: metadata.uid, metadata.resourceVersion, metadata.generation, metadata.creationTimestamp, metadata.managedFields, status

Databases

postgresql

• Defaults: 169
• Key defaults: listen_addresses: localhost, port: 5432, max_connections: 100, shared_buffers: 128MB, work_mem: 4MB, wal_level: replica, effective_cache_size: 4GB, autovacuum: on

mariadb-mysql

• Defaults: 76
• Key defaults: port: 3306, max_connections: 151, default_storage_engine: InnoDB, innodb_flush_log_at_trx_commit: 1, character_set_server: utf8mb4

mongodb

• Defaults: 15
• Key defaults: storage.dbPath: /data/db, storage.engine: wiredTiger, net.port: 27017, net.bindIp: "127.0.0.1", security.authorization: disabled

redis

• Defaults: 61
• Key defaults: port: 6379, protected-mode: yes, tcp-keepalive: 300, databases: 16, appendonly: no, appendfsync: everysec

kafka

• Defaults: 63
• Key defaults: listeners: PLAINTEXT://:9092, log.dirs: /tmp/kafka-logs, log.retention.hours: 168, num.partitions: 1, default.replication.factor: 1

Observability

prometheus

• Defaults: 62
• Key defaults: global.scrape_interval: 1m, global.scrape_timeout: 10s, global.evaluation_interval: 1m, scrape_configs.*.metrics_path: /metrics, scrape_configs.*.scheme: http
• Auto-detection: scrape_configs key present

grafana

• Defaults: 162
• Key defaults: server.protocol: http, server.http_port: 3000, database.type: sqlite3, security.admin_user: admin, users.allow_sign_up: false, log.level: info

opentelemetry-collector

• Defaults: 19
• Key defaults: service.telemetry.metrics.level: normal, processors.batch.send_batch_size: 8192, processors.batch.timeout: 200ms, exporters.otlp.compression: gzip

fluent-bit

• Defaults: 75
• Key defaults: service.flush: 1, service.daemon: "off", service.log_level: info, pipeline.inputs.*.key: log, pipeline.outputs.*.retry_limit: 1

Networking

traefik

• Defaults: 57
• Key defaults: global.checkNewVersion: true, providers.docker.exposedByDefault: true, api.dashboard: true, api.insecure: false, log.level: ERROR
• Auto-detection: entryPoints key, or providers with api/log

Identity & Device Management

keycloak

• Defaults: 78
• Key defaults: enabled: true, sslRequired: external, registrationAllowed: false, loginWithEmailAllowed: true, accessTokenLifespan: 300, clients.*.protocol: openid-connect
• System-managed: **.id, **.internalId, **.containerId

entra-id

• Defaults: 44
• Key defaults: **.signInAudience: AzureADMyOrg, **.accountEnabled: true, **.appRoleAssignmentRequired: false, **.isAssignableToRole: false
• System-managed: 21 fields including id, createdDateTime, modifiedDateTime, **.appId

intune

• Defaults: 96
• Key defaults: **.windows10CompliancePolicy.passwordRequired: false, **.iosCompliancePolicy.passcodeRequired: false, **.deviceComplianceRequired: true, **.pinRequired: true, **.minimumPinLength: 4
• System-managed: **.id, **.createdDateTime, **.lastModifiedDateTime, **.version