Fix policy form roles; add JSON edit mode

- Replace stale "service" role option with correct set: admin, user, guest, viewer, editor, commenter (matches model.go) - Add Form/JSON tab toggle to policy create form - JSON tab accepts raw RuleBody JSON with description/priority - Handler detects rule_json field and parses/validates it directly, falling back to field-by-field form mode otherwise
2026-03-16 15:21:26 -07:00
parent 7db560dae4
commit 19fa0c9a8e
7 changed files with 422 additions and 150 deletions
--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -15,16 +15,16 @@ parties that delegate authentication decisions to it.
 ### Components

 ```
-┌──────────────────────────────────────────────────────────┐
-│                    MCIAS Server (mciassrv)                │
+┌─────────────────────────────────────────────────────────┐
+│                    MCIAS Server (mciassrv)              │
 │  ┌──────────┐  ┌──────────┐  ┌───────────────────┐      │
 │  │  Auth    │  │  Token   │  │  Account / Role   │      │
 │  │  Handler │  │  Manager │  │  Manager          │      │
 │  └────┬─────┘  └────┬─────┘  └─────────┬─────────┘      │
 │       └─────────────┴─────────────────┘                 │
-│                        │                                 │
+│                        │                                │
 │              ┌─────────▼──────────┐                     │
-│              │   SQLite Database   │                     │
+│              │   SQLite Database   │                    │
 │              └────────────────────┘                     │
 │                                                         │
 │   ┌──────────────────┐   ┌──────────────────────┐       │
@@ -32,10 +32,10 @@ parties that delegate authentication decisions to it.
 │   │  (net/http)      │   │  (google.golang.org/ │       │
 │   │  :8443           │   │   grpc) :9443        │       │
 │   └──────────────────┘   └──────────────────────┘       │
-└──────────────────────────────────────────────────────────┘
-     ▲             ▲              ▲              ▲
-     │ HTTPS/REST  │ HTTPS/REST   │ gRPC/TLS     │ direct file I/O
-     │             │              │              │
+└─────────────────────────────────────────────────────────┘
+     ▲             ▲             ▲              ▲
+     │ HTTPS/REST  │ HTTPS/REST  │ gRPC/TLS     │ direct file I/O
+     │             │             │              │
 ┌────┴──────┐ ┌────┴─────┐ ┌─────┴────────┐ ┌───┴────────┐
 │ Personal  │ │ mciasctl │ │ mciasgrpcctl │ │  mciasdb   │
 │   Apps    │ │  (admin  │ │ (gRPC admin  │ │  (DB tool) │
@@ -424,7 +424,8 @@ value in an HTMX fragment or flash message.

 | Method | Path | Auth required | Description |
 |---|---|---|---|
-| GET | `/v1/accounts/{id}/pgcreds` | admin JWT | Retrieve Postgres credentials |
+| GET | `/v1/pgcreds` | bearer JWT | List all credentials accessible to the caller (owned + explicitly granted) |
+| GET | `/v1/accounts/{id}/pgcreds` | admin JWT | Retrieve Postgres credentials for a specific account |
 | PUT | `/v1/accounts/{id}/pgcreds` | admin JWT | Set/update Postgres credentials |

 ### Tag Endpoints (admin only)
@@ -771,30 +772,44 @@ mcias/
 │   │   └── main.go
 │   ├── mciasctl/       # REST admin CLI
 │   │   └── main.go
-│   ├── mciasdb/        # direct SQLite maintenance tool (Phase 6)
+│   ├── mciasdb/        # direct SQLite maintenance tool
 │   │   └── main.go
-│   └── mciasgrpcctl/   # gRPC admin CLI companion (Phase 7)
+│   └── mciasgrpcctl/   # gRPC admin CLI companion
 │       └── main.go
 ├── internal/
+│   ├── audit/          # audit log event detail marshaling
 │   ├── auth/           # login flow, TOTP verification, account lockout
 │   ├── config/         # config file parsing and validation
 │   ├── crypto/         # key management, AES-GCM helpers, master key derivation
 │   ├── db/             # SQLite access layer (schema, migrations, queries)
-│   ├── grpcserver/     # gRPC handler implementations (Phase 7)
+│   │   └── migrations/ # numbered SQL migrations (currently 8)
+│   ├── grpcserver/     # gRPC handler implementations
 │   ├── middleware/     # HTTP middleware (auth extraction, logging, rate-limit, policy)
 │   ├── model/          # shared data types (Account, Token, Role, PolicyRule, etc.)
 │   ├── policy/         # in-process authorization policy engine (§20)
 │   ├── server/         # HTTP handlers, router setup
 │   ├── token/          # JWT issuance, validation, revocation
 │   ├── ui/             # web UI context, CSRF, session, template handlers
-│   └── validate/       # input validation helpers (username, password strength)
+│   ├── validate/       # input validation helpers (username, password strength)
+│   └── vault/          # master key lifecycle: seal/unseal state, key derivation
 ├── web/
-│   ├── static/         # CSS and static assets
-│   └── templates/      # HTML templates (base layout, pages, HTMX fragments)
+│   ├── static/         # CSS, JS, and bundled swagger-ui assets (embedded at build)
+│   ├── templates/      # HTML templates (base layout, pages, HTMX fragments)
+│   └── embed.go        # fs.FS embedding of static files and templates
 ├── proto/
-│   └── mcias/v1/       # Protobuf service definitions (Phase 7)
+│   └── mcias/v1/       # Protobuf service definitions
 ├── gen/
-│   └── mcias/v1/       # Generated Go stubs from protoc (committed; Phase 7)
+│   └── mcias/v1/       # Generated Go stubs from protoc (committed)
+├── clients/
+│   ├── go/             # Go client library
+│   ├── python/         # Python client library
+│   ├── rust/           # Rust client library
+│   └── lisp/           # Common Lisp client library
+├── test/
+│   ├── e2e/            # end-to-end test suite
+│   └── mock/           # Go mock server for client integration tests
+├── dist/               # operational artifacts: systemd unit, install script, config templates
+├── man/man1/           # man pages (mciassrv.1, mciasctl.1, mciasdb.1, mciasgrpcctl.1)
 └── go.mod
 ```

@@ -1008,7 +1023,8 @@ proto/
    └── v1/
        ├── auth.proto       # Login, Logout, Renew, TOTP enroll/confirm/remove
        ├── token.proto      # Validate, Issue, Revoke
-        ├── account.proto    # CRUD for accounts and roles
+        ├── account.proto    # CRUD for accounts, roles, and credentials
+        ├── policy.proto     # Policy rule CRUD (PolicyService)
        ├── admin.proto      # Health, public-key retrieval
        └── common.proto     # Shared message types (Error, Timestamp wrappers)

@@ -1029,6 +1045,7 @@ in `proto/generate.go` using `protoc-gen-go` and `protoc-gen-go-grpc`.
 | `TokenService` | `ValidateToken`, `IssueServiceToken`, `RevokeToken` |
 | `AccountService` | `ListAccounts`, `CreateAccount`, `GetAccount`, `UpdateAccount`, `DeleteAccount`, `GetRoles`, `SetRoles`, `GrantRole`, `RevokeRole` |
 | `CredentialService` | `GetPGCreds`, `SetPGCreds` |
+| `PolicyService` | `ListPolicyRules`, `CreatePolicyRule`, `GetPolicyRule`, `UpdatePolicyRule`, `DeletePolicyRule` |
 | `AdminService` | `Health`, `GetPublicKey` |

 All request/response messages follow the same credential-exclusion rules as
@@ -1241,8 +1258,9 @@ The Makefile `docker` target automates the build step with the version tag.
 | `generate` | `go generate ./...` (re-generates proto stubs) |
 | `man` | Build man pages; compress to `.gz` in `man/` |
 | `install` | Run `dist/install.sh` |
-| `docker` | `docker build -t mcias:$(VERSION) .` |
-| `clean` | Remove `bin/` and compressed man pages |
+| `docker` | `docker build -t mcias:$(VERSION) -t mcias:latest .` |
+| `docker-clean` | Remove local `mcias:$(VERSION)` and `mcias:latest` images; prune dangling images with the mcias label |
+| `clean` | Remove `bin/`, compressed man pages, and local Docker images |
 | `dist` | Cross-compile release tarballs for linux/amd64 and linux/arm64 |

 ### Upgrade Path