kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 1 Tag
f02eff21b4892eaa10581a103f83e80c82cae762
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Kyle Isom f02eff21b4 Complete implementation: e2e tests, gofmt, hardening 
- Add test/e2e: 11 end-to-end tests covering full login/logout,
  token renewal, admin account management, credential-never-in-response,
  unauthorised access, JWT alg confusion and alg:none attacks,
  revoked token rejection, system account token issuance,
  wrong-password vs unknown-user indistinguishability
- Apply gofmt to all source files (formatting only, no logic changes)
- Update .golangci.yaml for golangci-lint v2 (version field required,
  gosimple merged into staticcheck, formatters section separated)
- Update PROGRESS.md to reflect Phase 5 completion
Security:
  All 97 tests pass with go test -race ./... (zero race conditions).
  Adversarial JWT tests (alg confusion, alg:none) confirm the
  ValidateToken alg-first check is effective against both attack classes.
  Credential fields (PasswordHash, TOTPSecret*, PGPassword) confirmed
  absent from all API responses via both unit and e2e tests.
  go vet ./... clean. golangci-lint v2.6.2 incompatible with go1.26
  runtime; go vet used as linter until toolchain is updated.
2026-03-11 11:54:14 -07:00
internal
Complete implementation: e2e tests, gofmt, hardening
2026-03-11 11:54:14 -07:00
test/e2e
Complete implementation: e2e tests, gofmt, hardening
2026-03-11 11:54:14 -07:00
.gitignore
checkpoint mciassrv
2026-03-11 11:48:49 -07:00
.golangci.yaml
Complete implementation: e2e tests, gofmt, hardening
2026-03-11 11:54:14 -07:00
ARCHITECTURE.md
Adding docs.
2026-03-11 11:26:47 -07:00
CLAUDE.md
Initial import.
2026-03-11 11:14:19 -07:00
go.mod
checkpoint mciassrv
2026-03-11 11:48:49 -07:00
go.sum
checkpoint mciassrv
2026-03-11 11:48:49 -07:00
PROGRESS.md
Complete implementation: e2e tests, gofmt, hardening
2026-03-11 11:54:14 -07:00
PROJECT_PLAN.md
Adding docs.
2026-03-11 11:26:47 -07:00
PROJECT.md
Initial import.
2026-03-11 11:14:19 -07:00
README.md
Initial import.
2026-03-11 11:14:19 -07:00

README.md

The project notes are in PROJECT.md.

Before starting the project, read the project description and develop a system architecture document (ARCHITECTURE.md). It should describe the technical design of the system. Then, PROJECT_PLAN.md should be written that describes how to build this system in discrete steps.

Commit these files to Git after human review. For this project, all git commits should have a single first line, no more than 55 characters, that succinctly describes an overview of the changes. As necessary, the body of the commit message should contain bullets describing the work that was done.

Then, create PROGRESS.md. This should be initialized with the first steps for the project.

The development process for this should generally be:

  1. Determine the current state of the project. Track the progress in PROGRESS.md, explicitly stating what was done and next steps.
  2. Develop reasonable, discrete next steps to move forward with actionable acceptance criteria.
  3. Complete the next steps.
    • You should adversarially check whether any outputs are correct.
    • All code units should be thoroughly unit tested.
    • All subsystems should be thoroughly integration tested.
    • Where appropriate, end-to-end tests to validate the system should be developed.
  4. Checkpoint your work, committing it to git.

Repeat this cycle until the system is in the desired end state.

Reference in New Issue View Git Blame Copy Permalink
Description
The Metacircular Identity and Access System (MCIAS) provides standard tools for user and access management among metacircular and wntrmute systems.
Readme 451 MiB
Languages
D 55.1%
Go 36%
Common Lisp 2.5%
HTML 2.2%
Rust 2%
Other 2.2%