mcdsl/PROGRESS.md

# MCDSL Progress

## Current State

Phases 0–9 complete. All nine packages are implemented and tested (87 tests).
Ready for first-adopter migration (Phase 10).

## Completed

### Phase 0: Project Setup (2026-03-25)
- Go module, Makefile, .golangci.yaml (with `exported` rule), .gitignore

### Phase 1: `db` — SQLite Foundation (2026-03-25)
- Open (WAL, FK, busy timeout, 0600, parent dirs), Migration type, Migrate
  (sequential, transactional, idempotent), SchemaVersion, Snapshot (VACUUM INTO)
- 11 tests

### Phase 2: `auth` — MCIAS Token Validation (2026-03-25)
- Config, TokenInfo, Authenticator with Login/ValidateToken/Logout
- 30s SHA-256 cache, lazy eviction, RWMutex, context helpers
- 14 tests

### Phase 3: `config` — TOML Configuration (2026-03-25)
- Base type, ServerConfig with Duration wrapper, Load[T] generic loader
- Env overrides via reflection, defaults, Validator interface
- 16 tests

### Phase 4: `httpserver` — HTTP Server (2026-03-25)
- Server with chi + TLS 1.3, ListenAndServeTLS, Shutdown
- LoggingMiddleware, StatusWriter, WriteJSON, WriteError
- 8 tests

### Phase 5: `csrf` — CSRF Protection (2026-03-25)
- HMAC-SHA256 double-submit cookies, Middleware, SetToken, TemplateFunc
- 10 tests

### Phase 6: `web` — Session and Templates (2026-03-25)
- SetSessionCookie/ClearSessionCookie/GetSessionToken (HttpOnly, Secure,
  SameSite=Strict), RequireAuth middleware, RenderTemplate
- 9 tests

### Phase 7: `grpcserver` — gRPC Server (2026-03-25)
- MethodMap (Public, AuthRequired, AdminRequired), default deny for unmapped
- Auth interceptor, logging interceptor, TLS 1.3 optional
- 10 tests

### Phase 8: `health` — Health Checks (2026-03-25)
- REST Handler(db) — 200 ok / 503 unhealthy
- RegisterGRPC — grpc.health.v1.Health
- 4 tests

### Phase 9: `archive` — Service Directory Snapshots (2026-03-25)
- Snapshot: tar.zst with VACUUM INTO db injection, exclude *.db/*.db-wal/
  *.db-shm/backups/, custom exclude patterns, streaming output
- Restore: extract tar.zst to dest dir, path traversal protection
- 5 tests: full roundtrip with db integrity, without db, exclude live db,
  custom excludes, dest dir creation

## Summary

| Package | Tests | Key Exports |
|---------|-------|-------------|
| `db` | 11 | Open, Migration, Migrate, SchemaVersion, Snapshot |
| `auth` | 14 | Config, TokenInfo, Authenticator, context helpers |
| `config` | 16 | Base, ServerConfig, Duration, Load[T], Validator |
| `httpserver` | 8 | Server, LoggingMiddleware, WriteJSON, WriteError |
| `csrf` | 10 | Protect, Middleware, SetToken, TemplateFunc |
| `web` | 9 | SetSessionCookie, RequireAuth, RenderTemplate |
| `grpcserver` | 10 | MethodMap, Server (default deny), TokenInfoFromContext |
| `health` | 4 | Handler, RegisterGRPC |
| `archive` | 5 | Snapshot, Restore |
| **Total** | **87** | |

## Next Steps

### Phase 10: First Adopter — mcat (2026-03-25)

mcat migrated to use mcdsl. The following internal packages were removed
and replaced:

| Removed | Replaced by |
|---------|-------------|
| `internal/auth/` (auth.go, auth_test.go) | `mcdsl/auth` |
| `internal/config/` (config.go, config_test.go) | `mcdsl/config` |
| `internal/webserver/csrf.go` | `mcdsl/csrf` |

Remaining mcat-specific code:
- `cmd/mcat/` — CLI wiring, mcatConfig type (embeds config.Base)
- `internal/webserver/server.go` — routes, handlers (using mcdsl/auth,
  mcdsl/csrf, mcdsl/web, mcdsl/httpserver)
- `web/` — templates and static assets (unchanged)

Dependencies removed:
- `git.wntrmute.dev/kyle/mcias/clients/go` (mcdsl/auth handles MCIAS directly)
- `github.com/pelletier/go-toml/v2` (now indirect via mcdsl/config)

Dependencies added:
- `git.wntrmute.dev/kyle/mcdsl` (local replace directive)

Result: vet clean, lint 0 issues, builds successfully.

## Next Steps

- Phase 11: Broader adoption (metacrypt, mcr, mc-proxy, mcias)