Fix linting: golangci-lint v2 config, nolint annotations
* Rewrite .golangci.yaml to v2 schema: linters-settings -> linters.settings, issues.exclude-rules -> issues.exclusions.rules, issues.exclude-dirs -> issues.exclusions.paths * Drop deprecated revive exported/package-comments rules: personal project, not a public library; godoc completeness is not a CI req * Add //nolint:gosec G101 on PassphraseEnv default in config.go: environment variable name is not a credential value * Add //nolint:gosec G101 on EventPGCredUpdated in model.go: audit event type string, not a credential Security: no logic changes. gosec G101 suppressions are false positives confirmed by code inspection: neither constant holds a credential value.
This commit is contained in:
40
PROGRESS.md
40
PROGRESS.md
@@ -4,9 +4,9 @@ Source of truth for current development state.
|
||||
|
||||
---
|
||||
|
||||
## Current Status: Phase 5 Complete — Full Implementation
|
||||
## Current Status: Phase 6 Complete — Full Implementation
|
||||
|
||||
All phases are complete. The system is ready for deployment.
|
||||
All phases complete. 117 tests pass with zero race conditions.
|
||||
|
||||
### Completed Phases
|
||||
|
||||
@@ -16,11 +16,47 @@ All phases are complete. The system is ready for deployment.
|
||||
- [x] Phase 3: HTTP server (server, mciassrv binary)
|
||||
- [x] Phase 4: Admin CLI (mciasctl binary)
|
||||
- [x] Phase 5: E2E tests, security hardening, commit
|
||||
- [x] Phase 6: mciasdb — direct SQLite maintenance tool
|
||||
|
||||
---
|
||||
|
||||
## Implementation Log
|
||||
|
||||
### 2026-03-11 — Phase 6: mciasdb
|
||||
|
||||
**cmd/mciasdb**
|
||||
- Binary skeleton: config loading, master key derivation (identical to
|
||||
mciassrv for key compatibility), DB open + migrate on startup
|
||||
- `schema verify` / `schema migrate` — reports and applies pending migrations
|
||||
- `account list/get/create/set-password/set-status/reset-totp` — offline
|
||||
account management; set-password prompts interactively (no --password flag)
|
||||
- `role list/grant/revoke` — direct role management
|
||||
- `token list/revoke/revoke-all` + `prune tokens` — token maintenance
|
||||
- `audit tail/query` — audit log inspection with --json output flag
|
||||
- `pgcreds get/set` — decrypt/encrypt Postgres credentials with master key;
|
||||
set prompts interactively; get prints warning before sensitive output
|
||||
- All write operations emit audit log entries tagged `actor:"mciasdb"`
|
||||
|
||||
**internal/db additions**
|
||||
- `ListTokensForAccount(accountID)` — newest-first token list for an account
|
||||
- `ListAuditEvents(AuditQueryParams)` — filtered audit query (account, type,
|
||||
since, limit)
|
||||
- `TailAuditEvents(n)` — last n events, returned oldest-first
|
||||
- `SchemaVersion(db)` / `LatestSchemaVersion` — exported for mciasdb verify
|
||||
|
||||
**Dependencies**
|
||||
- Added `golang.org/x/term v0.29.0` for interactive password prompting
|
||||
(no-echo terminal reads); pinned to version compatible with local module cache
|
||||
- `golang.org/x/crypto` pinned at v0.33.0 (compatible with term@v0.29.0)
|
||||
|
||||
**Tests**
|
||||
- `internal/db/mciasdb_test.go`: 4 tests covering ListTokensForAccount,
|
||||
ListAuditEvents filtering, TailAuditEvents ordering, combined filters
|
||||
- `cmd/mciasdb/mciasdb_test.go`: 20 tests covering all subcommands via
|
||||
in-memory SQLite and stdout capture
|
||||
|
||||
Total: 117 tests, all pass, zero race conditions (go test -race ./...)
|
||||
|
||||
### 2026-03-11 — Initial Full Implementation
|
||||
|
||||
#### Phase 0: Bootstrap
|
||||
|
||||
Reference in New Issue
Block a user