kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs for recent changes

Browse Source 
- ARCHITECTURE.md: add gRPC listener, mciasgrpcctl, new roles,
  granular role endpoints, profile page, audit events, policy actions,
  trusted_proxy config, validate package, schema force command
- PROGRESS.md: document role expansion and UI privilege escalation fix
- PROJECT_PLAN.md: align mciasctl subcommands with implementation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-12 23:07:41 -07:00
parent 8d9d9da6f5
commit 4e544665d2
3 changed files with 125 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
PROJECT_PLAN.md
View File

@@ -165,18 +165,27 @@ See ARCHITECTURE.md for design rationale.
### Step 4.1: `cmd/mciasctl` — admin CLI
**Acceptance criteria:**
- Subcommands:
- `mciasctl account create --username NAME --type human|system`
- `mciasctl account create -username NAME -type human|system`
- `mciasctl account list`
- `mciasctl account suspend --id UUID`
- `mciasctl account delete --id UUID`
- `mciasctl role grant --account UUID --role ROLE`
- `mciasctl role revoke --account UUID --role ROLE`
- `mciasctl token issue --account UUID` (system accounts)
- `mciasctl token revoke --jti JTI`
- `mciasctl pgcreds set --account UUID --host H --port P --db D --user U --password P`
- `mciasctl pgcreds get --account UUID`
- CLI reads admin JWT from `MCIAS_ADMIN_TOKEN` env var or `--token` flag
- All commands make HTTPS requests to mciassrv (base URL from `--server` flag
- `mciasctl account update -id UUID -status active|inactive`
- `mciasctl account delete -id UUID`
- `mciasctl account get -id UUID`
- `mciasctl account set-password -id UUID`
- `mciasctl role list -id UUID`
- `mciasctl role set -id UUID -roles role1,role2`
- `mciasctl role grant -id UUID -role ROLE`
- `mciasctl role revoke -id UUID -role ROLE`
- `mciasctl token issue -id UUID` (system accounts)
- `mciasctl token revoke -jti JTI`
- `mciasctl pgcreds set -id UUID -host H -port P -db D -user U`
- `mciasctl pgcreds get -id UUID`
- `mciasctl auth login`
- `mciasctl auth change-password`
- `mciasctl tag list -id UUID`
- `mciasctl tag set -id UUID -tags tag1,tag2`
- `mciasctl policy list|create|get|update|delete`
- CLI reads admin JWT from `MCIAS_TOKEN` env var or `-token` flag
- All commands make HTTPS requests to mciassrv (base URL from `-server` flag
or `MCIAS_SERVER` env var)
- Tests: flag parsing; missing required flags → error; help text complete