kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e36acfbde2ebafbd9fe7025c3ebedfc959de6404
mcias/.junie/guidelines.md
Kyle Isom c8a6830a80 Restart. 
Data foundation started, with updated guidelines and
golangci-lint config.
2025-11-16 19:22:26 -08:00

2.8 KiB
Raw Blame History

Project Guidelines

MCIAS is the metacircular identity and access system, providing identity and authentication across the metacircular projects.

The Metacircular Identity and Access System (MCIAS) provides standard tools for user and access management among metacircular and wntrmute systems.

Build an authentication service written in Go that I can use with other apps that I write.

Specifications

  • Applications should be able to either do an interactive login, using a username/password (and potentially a TOTP), or present a token.
  • Applications should be able to renew the token, which would nominally expire after some period (defaulting to maybe 30 days).
  • There are two kinds of users: human and system accounts.
  • System accounts can only present a token; they have a single token associated with that account at a time.
  • User accounts have roles associated with them.
  • Users with the admin role can issue tokens for any app, or users with the role named the same as a service account can issue tokens for that service account.
  • Admin users can also revoke tokens for a service account.
  • Service accounts (and users with a role named the same as the service account) can also retrieve Postgres database credentials for the service account.

Technical details

  • User passwords will be stored using scrypt.
  • The service account tokens and user/password authentication can be used to obtain a JWT, if that is appropriate.
  • All authentication events should be logged.
  • This service should use the packages contained in git.wntrmute.dev/kyle/goutils for logging etc.

Interfaces

  • The primary interface will be an REST API over HTTPS. TLS security is critical for this.
  • There should be a single command line program using cobra/viper. It offers the following subcommands:
    • db: manage database credentials.
    • role: manage roles.
    • server: run the server.
    • token: obtain a token for a service account.
    • user: manage users.

Structure

  • The system should be runnable through a cobra CLI tool, with subcommands implemented as wrappers around packages.
  • The REST API code should be under the api directory.
  • The system should be backed by a single SQLite database whose schema is stored in schema.sql.

Writing code

  • Junie should write and run tests to validate correctness.
  • The tests should be runnable with just go test (with any approporiate arguments).
  • Junie should validate the build and ensure that the code is properly linted. Junie should use golangci-lint for this.
  • Junie should elide trivial comments, only write comments where it is beneficial to provide exposition on the code, and ensure any comments are complete English sentences.

Notes

This is a security system, so care should be taken towards correctness.

Reference in New Issue View Git Blame Copy Permalink