Kyle Isom
9cba3241e8
Database (internal/db) stores listeners, routes, and firewall rules with WAL mode, foreign keys, and idempotent migrations. First run seeds from TOML config; subsequent runs load from DB as source of truth. gRPC admin API now writes to the database before updating in-memory state (write-through cache pattern). Adds snapshot command for VACUUM INTO backups. Refactors firewall.New to accept raw rule slices instead of config struct for flexibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mc-proxy is a TLS proxy and router for Metacircular Dynamics projects; it follows the Metacircular Engineering Standards.
Metacircular services are deployed to a machine that runs these projects as containers. The proxy should do a few things:
-
It should have a global firewall front-end. It should allow a few things:
- Per-country blocks using GeoIP for compliance reasons.
- Normal IP/CIDR blocks. Note that a proxy has an explicit port setting, so the firewall doesn't need to consider ports.
- For endpoints marked as HTTPS, we should consider how to do user-agent blocking.
-
It should inspect the hostname and route that to the proper container, similar to how haproxy would do it.