kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating ARCHITECTURE.md.

Browse Source
This commit is contained in:
Kyle Isom
2026-03-11 12:19:17 -07:00
parent f02eff21b4
commit 9ef913c59b
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ARCHITECTURE.md
View File

@@ -27,13 +27,14 @@ parties that delegate authentication decisions to it.
│ │ SQLite Database │ │ │ │ SQLite Database │ │
│ └────────────────────┘ │ │ └────────────────────┘ │
└────────────────────────────────────────────────────┘ └────────────────────────────────────────────────────┘
▲ ▲
│ HTTPS/REST │ HTTPS/REST │ HTTPS/REST │ HTTPS/REST │ direct file I/O
│ │
┌──────┴──────┐ ┌──────┴──────┐ ┌──────┴──────┐ ┌────┴─────┐ ┌──────┴──────┐
│ Personal │ │ mciasctl │ Personal │ │ mciasctl │ │ mciasdb
│ Apps │ │ (admin CLI) │ Apps │ (admin │ │ (DB tool)
└─────────────┘ └───────────── └─────────────┘ CLI) └─────────────┘
└──────────┘
``` ```
**mciassrv** — The authentication server. Exposes a REST API over HTTPS/TLS. **mciassrv** — The authentication server. Exposes a REST API over HTTPS/TLS.
@@ -44,6 +45,12 @@ revocation.
using an admin JWT. Creates/manages human accounts, system accounts, roles, using an admin JWT. Creates/manages human accounts, system accounts, roles,
and Postgres credential records. and Postgres credential records.
**mciasdb** — The database maintenance tool. Operates directly on the SQLite
file, bypassing the server API. Intended for break-glass recovery, offline
inspection, schema verification, and maintenance tasks that cannot be
performed through the live server. Requires the same master key material as
mciassrv (passphrase or keyfile) to decrypt secrets at rest.
--- ---
## 2. Security Model ## 2. Security Model