# MCDSL Progress ## Current State Phases 0–9 complete. All nine packages are implemented and tested (87 tests). Ready for first-adopter migration (Phase 10). ## Completed ### Phase 0: Project Setup (2026-03-25) - Go module, Makefile, .golangci.yaml (with `exported` rule), .gitignore ### Phase 1: `db` — SQLite Foundation (2026-03-25) - Open (WAL, FK, busy timeout, 0600, parent dirs), Migration type, Migrate (sequential, transactional, idempotent), SchemaVersion, Snapshot (VACUUM INTO) - 11 tests ### Phase 2: `auth` — MCIAS Token Validation (2026-03-25) - Config, TokenInfo, Authenticator with Login/ValidateToken/Logout - 30s SHA-256 cache, lazy eviction, RWMutex, context helpers - 14 tests ### Phase 3: `config` — TOML Configuration (2026-03-25) - Base type, ServerConfig with Duration wrapper, Load[T] generic loader - Env overrides via reflection, defaults, Validator interface - 16 tests ### Phase 4: `httpserver` — HTTP Server (2026-03-25) - Server with chi + TLS 1.3, ListenAndServeTLS, Shutdown - LoggingMiddleware, StatusWriter, WriteJSON, WriteError - 8 tests ### Phase 5: `csrf` — CSRF Protection (2026-03-25) - HMAC-SHA256 double-submit cookies, Middleware, SetToken, TemplateFunc - 10 tests ### Phase 6: `web` — Session and Templates (2026-03-25) - SetSessionCookie/ClearSessionCookie/GetSessionToken (HttpOnly, Secure, SameSite=Strict), RequireAuth middleware, RenderTemplate - 9 tests ### Phase 7: `grpcserver` — gRPC Server (2026-03-25) - MethodMap (Public, AuthRequired, AdminRequired), default deny for unmapped - Auth interceptor, logging interceptor, TLS 1.3 optional - 10 tests ### Phase 8: `health` — Health Checks (2026-03-25) - REST Handler(db) — 200 ok / 503 unhealthy - RegisterGRPC — grpc.health.v1.Health - 4 tests ### Phase 9: `archive` — Service Directory Snapshots (2026-03-25) - Snapshot: tar.zst with VACUUM INTO db injection, exclude *.db/*.db-wal/ *.db-shm/backups/, custom exclude patterns, streaming output - Restore: extract tar.zst to dest dir, path traversal protection - 5 tests: full roundtrip with db integrity, without db, exclude live db, custom excludes, dest dir creation ## Summary | Package | Tests | Key Exports | |---------|-------|-------------| | `db` | 11 | Open, Migration, Migrate, SchemaVersion, Snapshot | | `auth` | 14 | Config, TokenInfo, Authenticator, context helpers | | `config` | 16 | Base, ServerConfig, Duration, Load[T], Validator | | `httpserver` | 8 | Server, LoggingMiddleware, WriteJSON, WriteError | | `csrf` | 10 | Protect, Middleware, SetToken, TemplateFunc | | `web` | 9 | SetSessionCookie, RequireAuth, RenderTemplate | | `grpcserver` | 10 | MethodMap, Server (default deny), TokenInfoFromContext | | `health` | 4 | Handler, RegisterGRPC | | `archive` | 5 | Snapshot, Restore | | **Total** | **87** | | ## Next Steps ### Phase 10: First Adopter — mcat (2026-03-25) mcat migrated to use mcdsl. The following internal packages were removed and replaced: | Removed | Replaced by | |---------|-------------| | `internal/auth/` (auth.go, auth_test.go) | `mcdsl/auth` | | `internal/config/` (config.go, config_test.go) | `mcdsl/config` | | `internal/webserver/csrf.go` | `mcdsl/csrf` | Remaining mcat-specific code: - `cmd/mcat/` — CLI wiring, mcatConfig type (embeds config.Base) - `internal/webserver/server.go` — routes, handlers (using mcdsl/auth, mcdsl/csrf, mcdsl/web, mcdsl/httpserver) - `web/` — templates and static assets (unchanged) Dependencies removed: - `git.wntrmute.dev/kyle/mcias/clients/go` (mcdsl/auth handles MCIAS directly) - `github.com/pelletier/go-toml/v2` (now indirect via mcdsl/config) Dependencies added: - `git.wntrmute.dev/kyle/mcdsl` (local replace directive) Result: vet clean, lint 0 issues, builds successfully. ## Next Steps - Phase 11: Broader adoption (metacrypt, mcr, mc-proxy, mcias)