Kyle Isom
190368290b
MCAT can now redirect users to MCIAS for SSO login (including passkey support) instead of showing its own login form. SSO is opt-in via the [sso] config section. - Add SSO landing page with "Sign in with MCIAS" button - Add /sso/redirect and /sso/callback routes - Update mcdsl to v1.5.0 (sso package) - Fix .gitignore: /mcat ignores only the root binary, not cmd/mcat/ - Track cmd/mcat/ source files (previously gitignored by accident) Security: - State cookie uses SameSite=Lax for cross-site redirect compatibility - Session cookie remains SameSite=Strict after login Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mcat
mcat is a lightweight web application for testing and auditing MCIAS login
policies. It presents a login form that forwards credentials, along with a
configurable service_name and tags, to an MCIAS instance. This lets
operators verify that login policy rules behave as expected for a given
service context.
It follows the standard Metacircular Dynamics engineering standards.
Quick Start
# Build
make mcat
# Configure (copy and edit the example config)
mkdir -p srv/certs
cp deploy/examples/mcat.toml.example srv/mcat.toml
# Edit srv/mcat.toml with your MCIAS URL, TLS certs, service_name, and tags
# Run
./mcat server --config srv/mcat.toml
Then open https://localhost:8443 in a browser.
Build
make all # vet, lint, test, build
make test # tests only
make lint # golangci-lint
Documentation
- ARCHITECTURE.md — system design, routes, config reference
- RUNBOOK.md — operational procedures