kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e36acfbde2ebafbd9fe7025c3ebedfc959de6404
mcias/.junie/guidelines.md
Kyle Isom c8a6830a80 Restart. 
Data foundation started, with updated guidelines and
golangci-lint config.
2025-11-16 19:22:26 -08:00

74 lines
2.8 KiB
Markdown
Raw Blame History

# Project Guidelines
MCIAS is the metacircular identity and access system, providing identity and
authentication across the metacircular projects.
The Metacircular Identity and Access System (MCIAS) provides standard
tools for user and access management among metacircular and wntrmute
systems.
Build an authentication service written in Go that I can use with other
apps that I write.
## Specifications
- Applications should be able to either do an interactive login, using a
username/password (and potentially a TOTP), or present a token.
- Applications should be able to renew the token, which would nominally
expire after some period (defaulting to maybe 30 days).
- There are two kinds of users: human and system accounts.
- System accounts can only present a token; they have a single token
associated with that account at a time.
- User accounts have roles associated with them.
- Users with the admin role can issue tokens for any app, or users with
the role named the same as a service account can issue tokens for that
service account.
- Admin users can also revoke tokens for a service account.
- Service accounts (and users with a role named the same as the
service account) can also retrieve Postgres database credentials for
the service account.
## Technical details
- User passwords will be stored using scrypt.
- The service account tokens and user/password authentication can be
used to obtain a JWT, if that is appropriate.
- All authentication events should be logged.
- This service should use the packages contained in
git.wntrmute.dev/kyle/goutils for logging etc.
## Interfaces
- The primary interface will be an REST API over HTTPS. TLS security is
critical for this.
- There should be a single command line program using cobra/viper. It offers the following subcommands:
- `db`: manage database credentials.
- `role`: manage roles.
- `server`: run the server.
- `token`: obtain a token for a service account.
- `user`: manage users.
## Structure
+ The system should be runnable through a cobra CLI tool, with
subcommands implemented as wrappers around packages.
+ The REST API code should be under the `api` directory.
+ The system should be backed by a single SQLite database whose schema
is stored in `schema.sql`.
## Writing code
+ Junie should write and run tests to validate correctness.
+ The tests should be runnable with just `go test` (with
any approporiate arguments).
+ Junie should validate the build and ensure that the code is
properly linted. Junie should use `golangci-lint` for this.
+ Junie should elide trivial comments, only write comments where it
is beneficial to provide exposition on the code, and ensure any
comments are complete English sentences.
## Notes
This is a security system, so care should be taken towards
correctness.
Reference in New Issue View Git Blame Copy Permalink