After TOML loading and generic env overrides, config.Load now checks
$PORT and $PORT_GRPC and overrides ServerConfig.ListenAddr and
ServerConfig.GRPCAddr respectively. These take precedence over all
other config sources because they represent agent-assigned authoritative
port bindings.
Handles both Base embedding (MCR, MCNS, MCAT) and direct ServerConfig
embedding (Metacrypt) via struct tree walking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New Options parameter with PreInterceptors and PostInterceptors
allows services to inject custom interceptors into the chain:
[pre-interceptors] → logging → auth → [post-interceptors] → handler
This enables services like metacrypt to add seal-check (pre-auth)
and audit-logging (post-auth) interceptors while using the shared
auth and logging infrastructure.
Pass nil for the default chain (logging + auth only).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Go's database/sql opens multiple connections by default, but SQLite
only supports one concurrent writer. Under concurrent load (e.g.
parallel blob uploads to MCR), multiple connections compete for the
write lock and exceed busy_timeout, causing transient 500 errors.
With WAL mode, a single connection still allows concurrent reads
from other processes. Go serializes access through the connection
pool, eliminating busy errors entirely.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TokenInfo now includes AccountType ("human" or "system") from the
MCIAS validate response
- Required for policy engines (MCR, Metacrypt) that match on account type
- Mock MCIAS in tests updated to return account_type
- New assertion in TestValidateToken verifies AccountType is populated
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Snapshot: VACUUM INTO for consistent db copy, excludes live db
files and backups/, injects db snapshot, custom exclude patterns,
streaming output via io.Writer
- Restore: extract tar.zst with path traversal protection
- zstd via github.com/klauspost/compress/zstd
- 5 tests: full roundtrip with db integrity verification,
without db, exclude patterns, dest dir creation
- Update PROGRESS.md: all 9 packages complete, 87 total tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Server wrapping chi.Mux + http.Server with TLS 1.3 minimum
- ListenAndServeTLS and graceful Shutdown
- LoggingMiddleware (method, path, status, duration, remote)
- StatusWriter for status code capture in middleware
- WriteJSON and WriteError helpers
- 8 tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- config package doc: explain Duration fields, TOML format, env vars
- duration.go: expanded godoc with access pattern examples
- README: show .Duration access in quick start
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Base type with standard sections (Server, Database, MCIAS, Log)
- Duration wrapper type for TOML string→time.Duration decoding
- Generic Load[T] with TOML parse, reflection-based env overrides,
defaults, required field validation, optional Validator interface
- Env overrides: PREFIX_SECTION_FIELD for string, duration, bool,
[]string (comma-separated)
- WebConfig exported for services with web UIs (not embedded in Base)
- 16 tests covering full/minimal configs, defaults, env overrides,
validation, error cases
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
