Kyle Isom
e02c616270
- Document mcat migration in PROGRESS.md - Removed: internal/auth, internal/config, webserver/csrf.go - Replaced by: mcdsl/auth, mcdsl/config, mcdsl/csrf, mcdsl/web - mcias client library no longer a direct dependency - mcat builds clean with vet + lint 0 issues Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.8 KiB
3.8 KiB
MCDSL Progress
Current State
Phases 0–9 complete. All nine packages are implemented and tested (87 tests). Ready for first-adopter migration (Phase 10).
Completed
Phase 0: Project Setup (2026-03-25)
- Go module, Makefile, .golangci.yaml (with
exportedrule), .gitignore
Phase 1: db — SQLite Foundation (2026-03-25)
- Open (WAL, FK, busy timeout, 0600, parent dirs), Migration type, Migrate (sequential, transactional, idempotent), SchemaVersion, Snapshot (VACUUM INTO)
- 11 tests
Phase 2: auth — MCIAS Token Validation (2026-03-25)
- Config, TokenInfo, Authenticator with Login/ValidateToken/Logout
- 30s SHA-256 cache, lazy eviction, RWMutex, context helpers
- 14 tests
Phase 3: config — TOML Configuration (2026-03-25)
- Base type, ServerConfig with Duration wrapper, Load[T] generic loader
- Env overrides via reflection, defaults, Validator interface
- 16 tests
Phase 4: httpserver — HTTP Server (2026-03-25)
- Server with chi + TLS 1.3, ListenAndServeTLS, Shutdown
- LoggingMiddleware, StatusWriter, WriteJSON, WriteError
- 8 tests
Phase 5: csrf — CSRF Protection (2026-03-25)
- HMAC-SHA256 double-submit cookies, Middleware, SetToken, TemplateFunc
- 10 tests
Phase 6: web — Session and Templates (2026-03-25)
- SetSessionCookie/ClearSessionCookie/GetSessionToken (HttpOnly, Secure, SameSite=Strict), RequireAuth middleware, RenderTemplate
- 9 tests
Phase 7: grpcserver — gRPC Server (2026-03-25)
- MethodMap (Public, AuthRequired, AdminRequired), default deny for unmapped
- Auth interceptor, logging interceptor, TLS 1.3 optional
- 10 tests
Phase 8: health — Health Checks (2026-03-25)
- REST Handler(db) — 200 ok / 503 unhealthy
- RegisterGRPC — grpc.health.v1.Health
- 4 tests
Phase 9: archive — Service Directory Snapshots (2026-03-25)
- Snapshot: tar.zst with VACUUM INTO db injection, exclude .db/.db-wal/ *.db-shm/backups/, custom exclude patterns, streaming output
- Restore: extract tar.zst to dest dir, path traversal protection
- 5 tests: full roundtrip with db integrity, without db, exclude live db, custom excludes, dest dir creation
Summary
| Package | Tests | Key Exports |
|---|---|---|
db |
11 | Open, Migration, Migrate, SchemaVersion, Snapshot |
auth |
14 | Config, TokenInfo, Authenticator, context helpers |
config |
16 | Base, ServerConfig, Duration, Load[T], Validator |
httpserver |
8 | Server, LoggingMiddleware, WriteJSON, WriteError |
csrf |
10 | Protect, Middleware, SetToken, TemplateFunc |
web |
9 | SetSessionCookie, RequireAuth, RenderTemplate |
grpcserver |
10 | MethodMap, Server (default deny), TokenInfoFromContext |
health |
4 | Handler, RegisterGRPC |
archive |
5 | Snapshot, Restore |
| Total | 87 |
Next Steps
Phase 10: First Adopter — mcat (2026-03-25)
mcat migrated to use mcdsl. The following internal packages were removed and replaced:
| Removed | Replaced by |
|---|---|
internal/auth/ (auth.go, auth_test.go) |
mcdsl/auth |
internal/config/ (config.go, config_test.go) |
mcdsl/config |
internal/webserver/csrf.go |
mcdsl/csrf |
Remaining mcat-specific code:
cmd/mcat/— CLI wiring, mcatConfig type (embeds config.Base)internal/webserver/server.go— routes, handlers (using mcdsl/auth, mcdsl/csrf, mcdsl/web, mcdsl/httpserver)web/— templates and static assets (unchanged)
Dependencies removed:
git.wntrmute.dev/kyle/mcias/clients/go(mcdsl/auth handles MCIAS directly)github.com/pelletier/go-toml/v2(now indirect via mcdsl/config)
Dependencies added:
git.wntrmute.dev/kyle/mcdsl(local replace directive)
Result: vet clean, lint 0 issues, builds successfully.
Next Steps
- Phase 11: Broader adoption (metacrypt, mcr, mc-proxy, mcias)