Implement Phase 9: client libraries (Go, Rust, Lisp, Python)

- clients/README.md: canonical API surface and error type reference - clients/testdata/: shared JSON response fixtures - clients/go/: mciasgoclient package; net/http + TLS 1.2+; sync.RWMutex token state; DisallowUnknownFields on all decoders; 25 tests pass - clients/rust/: async mcias-client crate; reqwest+rustls (no OpenSSL); thiserror MciasError enum; Arc<RwLock> token state; 22+1 tests pass; cargo clippy -D warnings clean - clients/lisp/: ASDF mcias-client; dexador HTTP, yason JSON; mcias-error condition hierarchy; Hunchentoot mock-dispatcher; 37 fiveam checks pass on SBCL 2.6.1; yason boolean normalisation in validate-token - clients/python/: mcias_client package (Python 3.11+); httpx sync; py.typed; dataclasses; 32 pytest tests; mypy --strict + ruff clean - test/mock/mockserver.go: in-memory mock server for Go client tests - ARCHITECTURE.md §19: updated per-language notes to match implementation - PROGRESS.md: Phase 9 marked complete - .gitignore: exclude clients/rust/target/, python .venv, .pytest_cache, .fasl files Security: token never logged or exposed in error messages in any library; TLS enforced in all four languages; token stored under lock/mutex/RwLock
2026-03-11 16:38:32 -07:00
parent f34e9a69a0
commit 0c441f5c4f
1974 changed files with 10151 additions and 33 deletions
--- a/README.md
+++ b/README.md
@@ -38,6 +38,40 @@ See [Deploying with Docker](#deploying-with-docker) below.

 ### 1. Generate a TLS certificate

+**Option A: Using the cert tool**
+
+Install the cert tool:
+```sh
+go install github.com/kisom/cert@latest
+```
+
+Create a certificate request configuration file:
+```sh
+cat > /tmp/request.yaml << EOF
+subject:
+  common_name: auth.example.com
+hosts:
+  - auth.example.com
+  - localhost
+key:
+  algo: ecdsa
+  size: 521
+ca:
+  expiry: 87600h  # 10 years
+EOF
+```
+
+Generate the certificate:
+```sh
+cert genkey -a ec -s 521 > /etc/mcias/server.key
+cert selfsign -p /etc/mcias/server.key -f /tmp/request.yaml > /etc/mcias/server.crt
+chmod 0640 /etc/mcias/server.key
+chown root:mcias /etc/mcias/server.key
+rm /tmp/request.yaml
+```
+
+**Option B: Using openssl**
+
 ```sh
 openssl req -x509 -newkey ed25519 -days 3650 \
  -keyout /etc/mcias/server.key \
@@ -158,7 +192,7 @@ See `man mciasctl` for the full reference.

 ```sh
 export MCIAS_MASTER_PASSPHRASE=your-passphrase
-CONF<<3C>--config /etc/mcias/mcias.conf
+CONF<<3C>--config /etc/mcias/mcias.conf

 mciasdb $CONF schema verify
 mciasdb $CONF account list