Migrate to mcdsl: auth, config, csrf, web

- Replace internal/auth with mcdsl/auth
- Replace internal/config with mcdsl/config (embed config.Base)
- Replace internal/webserver/csrf.go with mcdsl/csrf
- Use mcdsl/web for session cookies and template rendering
- Use mcdsl/httpserver for server setup and StatusWriter
- Remove direct mcias client library dependency
- Update .golangci.yaml to v2 format (formatters section)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

web/embed.go

@@ -0,0 +1,6 @@
+package web
+
+import "embed"
+
+//go:embed templates static
+var FS embed.FS

web/static/style.css

@@ -0,0 +1,270 @@
+/* mcat — Nord dark theme */
+
+/* ===========================
+   Colour tokens (Nord palette)
+   =========================== */
+:root {
+  --n0: #2E3440;
+  --n1: #3B4252;
+  --n2: #434C5E;
+  --n3: #4C566A;
+  --s0: #D8DEE9;
+  --s1: #E5E9F0;
+  --s2: #ECEFF4;
+  --f0: #8FBCBB;
+  --f1: #88C0D0;
+  --f2: #81A1C1;
+  --f3: #5E81AC;
+  --red:    #BF616A;
+  --green:  #A3BE8C;
+}
+
+/* ===========================
+   Reset
+   =========================== */
+*, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+html { font-size: 16px; }
+
+/* ===========================
+   Base
+   =========================== */
+body {
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", sans-serif;
+  background: var(--n0);
+  color: var(--s0);
+  line-height: 1.6;
+  min-height: 100vh;
+}
+a { color: var(--f1); text-decoration: none; }
+a:hover { color: var(--f0); text-decoration: underline; }
+p { margin-bottom: 0.875rem; }
+h2 { font-size: 1.375rem; font-weight: 600; color: var(--s2); margin-bottom: 0.25rem; }
+code {
+  font-family: "SF Mono", "Cascadia Code", "Fira Code", Consolas, monospace;
+  font-size: 0.8125rem;
+  color: var(--f0);
+  background: var(--n2);
+  padding: 0.125rem 0.375rem;
+  border-radius: 3px;
+}
+
+/* ===========================
+   Top navigation
+   =========================== */
+.topnav {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0 2rem;
+  height: 52px;
+  background: var(--n1);
+  border-bottom: 1px solid var(--n3);
+  position: sticky;
+  top: 0;
+  z-index: 100;
+}
+.topnav-brand {
+  font-size: 1rem;
+  font-weight: 700;
+  color: var(--s2);
+  text-decoration: none;
+  letter-spacing: 0.04em;
+}
+.topnav-brand:hover { color: var(--f1); text-decoration: none; }
+.topnav-right {
+  display: flex;
+  align-items: center;
+  gap: 0.75rem;
+}
+.topnav-user {
+  font-size: 0.875rem;
+  color: var(--s1);
+}
+
+/* ===========================
+   Page containers
+   =========================== */
+.page-container {
+  max-width: 800px;
+  margin: 0 auto;
+  padding: 2rem;
+}
+.auth-container {
+  max-width: 420px;
+  margin: 5rem auto 2rem;
+  padding: 0 1rem;
+}
+
+/* ===========================
+   Auth pages
+   =========================== */
+.auth-header {
+  text-align: center;
+  margin-bottom: 1.75rem;
+}
+.auth-header .brand {
+  font-size: 1.5rem;
+  font-weight: 700;
+  color: var(--s2);
+  letter-spacing: 0.04em;
+}
+.auth-header .tagline {
+  font-size: 0.6875rem;
+  color: var(--f2);
+  text-transform: uppercase;
+  letter-spacing: 0.12em;
+  margin-top: 0.25rem;
+}
+
+/* ===========================
+   Cards
+   =========================== */
+.card {
+  background: var(--n1);
+  border: 1px solid var(--n3);
+  border-radius: 6px;
+  padding: 1.5rem;
+  margin-bottom: 1.25rem;
+}
+.card:last-child { margin-bottom: 0; }
+.card-title {
+  font-size: 0.6875rem;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: 0.09em;
+  color: var(--f2);
+  margin-bottom: 1rem;
+  padding-bottom: 0.625rem;
+  border-bottom: 1px solid var(--n2);
+}
+.card p:last-child { margin-bottom: 0; }
+
+/* ===========================
+   Alerts
+   =========================== */
+.error {
+  background: rgba(191, 97, 106, 0.12);
+  color: #e07c82;
+  border: 1px solid rgba(191, 97, 106, 0.3);
+  padding: 0.75rem 1rem;
+  border-radius: 4px;
+  margin-bottom: 1rem;
+  font-size: 0.875rem;
+}
+.success {
+  background: rgba(163, 190, 140, 0.1);
+  border: 1px solid rgba(163, 190, 140, 0.3);
+  border-radius: 4px;
+  padding: 0.75rem 1rem;
+  margin-bottom: 1rem;
+  font-size: 0.875rem;
+  color: var(--green);
+}
+
+/* ===========================
+   Buttons
+   =========================== */
+button, .btn {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  gap: 0.375rem;
+  padding: 0.5rem 1.25rem;
+  font-size: 0.875rem;
+  font-weight: 600;
+  font-family: inherit;
+  border: 1px solid var(--f3);
+  border-radius: 4px;
+  cursor: pointer;
+  text-decoration: none;
+  white-space: nowrap;
+  transition: background 0.12s, border-color 0.12s, color 0.12s;
+  line-height: 1.4;
+  background: var(--f3);
+  color: var(--s2);
+}
+button:hover, .btn:hover {
+  background: var(--f2);
+  border-color: var(--f2);
+  text-decoration: none;
+  color: var(--s2);
+}
+.btn-ghost {
+  background: transparent;
+  color: var(--s0);
+  border-color: var(--n3);
+}
+.btn-ghost:hover {
+  background: var(--n2);
+  color: var(--s1);
+  border-color: var(--n3);
+  text-decoration: none;
+}
+
+/* ===========================
+   Forms
+   =========================== */
+.form-group { margin-bottom: 1rem; }
+.form-group label {
+  display: block;
+  font-size: 0.6875rem;
+  font-weight: 700;
+  color: var(--s0);
+  margin-bottom: 0.375rem;
+  text-transform: uppercase;
+  letter-spacing: 0.06em;
+}
+.form-group input {
+  width: 100%;
+  padding: 0.5rem 0.75rem;
+  background: var(--n0);
+  border: 1px solid var(--n3);
+  border-radius: 4px;
+  color: var(--s1);
+  font-size: 0.9375rem;
+  font-family: inherit;
+  transition: border-color 0.12s, box-shadow 0.12s;
+  -webkit-appearance: none;
+  appearance: none;
+}
+.form-group input:focus {
+  outline: none;
+  border-color: var(--f3);
+  box-shadow: 0 0 0 3px rgba(94, 129, 172, 0.2);
+}
+.form-group input::placeholder { color: var(--n3); }
+.form-actions { margin-top: 0.25rem; }
+
+/* ===========================
+   Session info
+   =========================== */
+.session-info {
+  font-size: 0.875rem;
+  color: var(--s0);
+}
+.session-info dt {
+  font-size: 0.6875rem;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: 0.06em;
+  color: var(--f2);
+  margin-bottom: 0.25rem;
+}
+.session-info dd {
+  margin-bottom: 0.75rem;
+  margin-left: 0;
+}
+.session-info dd:last-child { margin-bottom: 0; }
+.role-tag {
+  display: inline-block;
+  padding: 0.125rem 0.5rem;
+  border-radius: 3px;
+  font-size: 0.6875rem;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: 0.06em;
+  background: rgba(94, 129, 172, 0.2);
+  color: var(--f1);
+  border: 1px solid rgba(94, 129, 172, 0.35);
+  margin-right: 0.25rem;
+}

web/templates/dashboard.html

@@ -0,0 +1,19 @@
+{{define "title"}} - Dashboard{{end}}
+{{define "content"}}
+<div class="card">
+    <div class="card-title">Session</div>
+    <div class="success">Login successful. MCIAS accepted this service context.</div>
+    <dl class="session-info">
+        <dt>Username</dt>
+        <dd>{{.Username}}</dd>
+        <dt>Roles</dt>
+        <dd>{{range .Roles}}<span class="role-tag">{{.}}</span>{{end}}</dd>
+        <dt>Service Name</dt>
+        <dd><code>{{.ServiceName}}</code></dd>
+        {{if .Tags}}
+        <dt>Tags</dt>
+        <dd>{{range .Tags}}<code>{{.}}</code> {{end}}</dd>
+        {{end}}
+    </dl>
+</div>
+{{end}}

web/templates/layout.html

@@ -0,0 +1,27 @@
+{{define "layout"}}<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>mcat{{block "title" .}}{{end}}</title>
+    <script src="/static/htmx.min.js"></script>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+    <nav class="topnav">
+        <a href="/" class="topnav-brand">mcat</a>
+        {{if .Username}}
+        <div class="topnav-right">
+            <span class="topnav-user">{{.Username}}</span>
+            <form method="POST" action="/logout" style="margin:0">
+                {{csrfField}}
+                <button type="submit" class="btn-ghost btn">Logout</button>
+            </form>
+        </div>
+        {{end}}
+    </nav>
+    <div class="{{block "container-class" .}}page-container{{end}}">
+        {{template "content" .}}
+    </div>
+</body>
+</html>{{end}}

web/templates/login.html

@@ -0,0 +1,30 @@
+{{define "title"}} - Login{{end}}
+{{define "container-class"}}auth-container{{end}}
+{{define "content"}}
+<div class="auth-header">
+    <div class="brand">mcat</div>
+    <div class="tagline">MCIAS Login Policy Tester</div>
+</div>
+<div class="card">
+    <div class="card-title">Sign In</div>
+    {{if .Error}}<div class="error">{{.Error}}</div>{{end}}
+    <form method="POST" action="/login">
+        {{csrfField}}
+        <div class="form-group">
+            <label for="username">Username</label>
+            <input type="text" id="username" name="username" autocomplete="username" required autofocus>
+        </div>
+        <div class="form-group">
+            <label for="password">Password</label>
+            <input type="password" id="password" name="password" autocomplete="current-password" required>
+        </div>
+        <div class="form-group">
+            <label for="totp_code">TOTP Code (optional)</label>
+            <input type="text" id="totp_code" name="totp_code" autocomplete="one-time-code" inputmode="numeric" pattern="[0-9]*" placeholder="6-digit code">
+        </div>
+        <div class="form-actions">
+            <button type="submit">Login</button>
+        </div>
+    </form>
+</div>
+{{end}}