Adding docs.
This commit is contained in:
64
PROGRESS.md
Normal file
64
PROGRESS.md
Normal file
@@ -0,0 +1,64 @@
|
||||
# MCIAS Progress
|
||||
|
||||
Source of truth for current development state.
|
||||
|
||||
---
|
||||
|
||||
## Current Status: Phase 0 — Repository Bootstrap
|
||||
|
||||
### Completed
|
||||
|
||||
- [x] CLAUDE.md — project conventions and constraints
|
||||
- [x] .golangci.yaml — linter configuration
|
||||
- [x] PROJECT.md — project specifications
|
||||
- [x] ARCHITECTURE.md — technical design document (token lifecycle, session
|
||||
management, multi-app trust boundaries, database schema)
|
||||
- [x] PROJECT_PLAN.md — discrete implementation steps with acceptance criteria
|
||||
- [x] PROGRESS.md — this file
|
||||
|
||||
### In Progress
|
||||
|
||||
- [ ] Step 0.1: Go module and dependency setup (`go.mod`, `go get`)
|
||||
- [ ] Step 0.2: `.gitignore`
|
||||
|
||||
### Up Next
|
||||
|
||||
- Phase 1: Foundational packages (`internal/model`, `internal/config`,
|
||||
`internal/crypto`, `internal/db`)
|
||||
|
||||
---
|
||||
|
||||
## Implementation Log
|
||||
|
||||
### 2026-03-11
|
||||
|
||||
- Wrote ARCHITECTURE.md covering:
|
||||
- Security model and threat model
|
||||
- Cryptographic primitive choices with rationale
|
||||
- Account model (human + system accounts, roles, lifecycle)
|
||||
- Token lifecycle (issuance, validation, renewal, revocation flows)
|
||||
- Session management approach (stateless JWT + revocation table)
|
||||
- Multi-app trust boundaries
|
||||
- REST API design (all endpoints)
|
||||
- Database schema (SQLite, all tables with indexes)
|
||||
- TLS configuration
|
||||
- TOML configuration format
|
||||
- Package/directory structure
|
||||
- Error handling and logging conventions
|
||||
- Audit event catalog
|
||||
- Operational considerations
|
||||
|
||||
- Wrote PROJECT_PLAN.md with 5 phases, 12 steps, each with specific
|
||||
acceptance criteria.
|
||||
|
||||
---
|
||||
|
||||
## Notes / Decisions
|
||||
|
||||
- SQLite driver: using `modernc.org/sqlite` (pure Go, no CGo dependency).
|
||||
This simplifies cross-compilation and removes the need for a C toolchain.
|
||||
- JWT library: `github.com/golang-jwt/jwt/v5`. The `alg` header validation
|
||||
is implemented manually before delegating to the library to ensure the
|
||||
library's own algorithm dispatch cannot be bypassed.
|
||||
- No ORM. All database access via the standard `database/sql` interface with
|
||||
prepared statements.
|
||||
Reference in New Issue
Block a user