Kyle Isom 7cc2c86300 Fix SEC-12: reduce default token expiry to 7 days ...

- Change default_expiry from 720h (30 days) to 168h (7 days)
  in dist/mcias.conf.example and dist/mcias.conf.docker.example
- Update man page, ARCHITECTURE.md, and config.go comment
- Max ceiling validation remains at 30 days (unchanged)

Security: Shorter default token lifetime reduces the window of
exposure if a token is leaked. 7 days balances convenience and
security for a personal SSO. The 30-day max ceiling is preserved
so operators can still override if needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 00:43:20 -07:00

..

auth

trusted proxy, TOTP replay protection, new tests

2026-03-12 17:44:01 -07:00

config

Fix SEC-12: reduce default token expiry to 7 days

2026-03-13 00:43:20 -07:00

crypto

Implement dashboard and audit log templates, add paginated audit log support

2026-03-11 14:05:08 -07:00

db

trusted proxy, TOTP replay protection, new tests

2026-03-12 17:44:01 -07:00

grpcserver

Add granular role grant/revoke endpoints to REST and gRPC APIs

2026-03-12 20:55:49 -07:00

middleware

trusted proxy, TOTP replay protection, new tests

2026-03-12 17:44:01 -07:00

model

Add guest, viewer, editor, and commenter roles to compile-time allowlist

2026-03-12 21:03:24 -07:00

policy

UI: password change enforcement + migration recovery

2026-03-12 15:33:19 -07:00

server

Add granular role grant/revoke endpoints to REST and gRPC APIs

2026-03-12 20:55:49 -07:00

token

trusted proxy, TOTP replay protection, new tests

2026-03-12 17:44:01 -07:00

ui

Allow non-admin users to access dashboard

2026-03-12 23:40:21 -07:00

validate

Fix F-08, F-12, F-13: Implement account lockout, username validation, and password minimum length enforcement

2026-03-11 20:59:26 -07:00