6.2 KiB
6.2 KiB
MCDSL Progress
Current State
Phases 0–9 complete. All nine packages are implemented and tested (87 tests). Ready for first-adopter migration (Phase 10).
Completed
Phase 0: Project Setup (2026-03-25)
- Go module, Makefile, .golangci.yaml (with
exportedrule), .gitignore
Phase 1: db — SQLite Foundation (2026-03-25)
- Open (WAL, FK, busy timeout, 0600, parent dirs), Migration type, Migrate (sequential, transactional, idempotent), SchemaVersion, Snapshot (VACUUM INTO)
- 11 tests
Phase 2: auth — MCIAS Token Validation (2026-03-25)
- Config, TokenInfo, Authenticator with Login/ValidateToken/Logout
- 30s SHA-256 cache, lazy eviction, RWMutex, context helpers
- 14 tests
Phase 3: config — TOML Configuration (2026-03-25)
- Base type, ServerConfig with Duration wrapper, Load[T] generic loader
- Env overrides via reflection, defaults, Validator interface
- 16 tests
Phase 4: httpserver — HTTP Server (2026-03-25)
- Server with chi + TLS 1.3, ListenAndServeTLS, Shutdown
- LoggingMiddleware, StatusWriter, WriteJSON, WriteError
- 8 tests
Phase 5: csrf — CSRF Protection (2026-03-25)
- HMAC-SHA256 double-submit cookies, Middleware, SetToken, TemplateFunc
- 10 tests
Phase 6: web — Session and Templates (2026-03-25)
- SetSessionCookie/ClearSessionCookie/GetSessionToken (HttpOnly, Secure, SameSite=Strict), RequireAuth middleware, RenderTemplate
- 9 tests
Phase 7: grpcserver — gRPC Server (2026-03-25)
- MethodMap (Public, AuthRequired, AdminRequired), default deny for unmapped
- Auth interceptor, logging interceptor, TLS 1.3 optional
- 10 tests
Phase 8: health — Health Checks (2026-03-25)
- REST Handler(db) — 200 ok / 503 unhealthy
- RegisterGRPC — grpc.health.v1.Health
- 4 tests
Phase 9: archive — Service Directory Snapshots (2026-03-25)
- Snapshot: tar.zst with VACUUM INTO db injection, exclude .db/.db-wal/ *.db-shm/backups/, custom exclude patterns, streaming output
- Restore: extract tar.zst to dest dir, path traversal protection
- 5 tests: full roundtrip with db integrity, without db, exclude live db, custom excludes, dest dir creation
Summary
| Package | Tests | Key Exports |
|---|---|---|
db |
11 | Open, Migration, Migrate, SchemaVersion, Snapshot |
auth |
14 | Config, TokenInfo, Authenticator, context helpers |
config |
16 | Base, ServerConfig, Duration, Load[T], Validator |
httpserver |
8 | Server, LoggingMiddleware, WriteJSON, WriteError |
csrf |
10 | Protect, Middleware, SetToken, TemplateFunc |
web |
9 | SetSessionCookie, RequireAuth, RenderTemplate |
grpcserver |
10 | MethodMap, Server (default deny), TokenInfoFromContext |
health |
4 | Handler, RegisterGRPC |
archive |
5 | Snapshot, Restore |
| Total | 87 |
Next Steps
Phase 10: First Adopter — mcat (2026-03-25)
mcat migrated to use mcdsl. The following internal packages were removed and replaced:
| Removed | Replaced by |
|---|---|
internal/auth/ (auth.go, auth_test.go) |
mcdsl/auth |
internal/config/ (config.go, config_test.go) |
mcdsl/config |
internal/webserver/csrf.go |
mcdsl/csrf |
Remaining mcat-specific code:
cmd/mcat/— CLI wiring, mcatConfig type (embeds config.Base)internal/webserver/server.go— routes, handlers (using mcdsl/auth, mcdsl/csrf, mcdsl/web, mcdsl/httpserver)web/— templates and static assets (unchanged)
Dependencies removed:
git.wntrmute.dev/kyle/mcias/clients/go(mcdsl/auth handles MCIAS directly)github.com/pelletier/go-toml/v2(now indirect via mcdsl/config)
Dependencies added:
git.wntrmute.dev/kyle/mcdsl(local replace directive)
Result: vet clean, lint 0 issues, builds successfully.
Phase 11a: mc-proxy Migration (2026-03-25)
mc-proxy migrated db and config to mcdsl. Different pattern from mcat because mc-proxy doesn't embed config.Base (no [server] or [mcias] sections).
| Changed | How |
|---|---|
internal/db/db.go Open |
Delegates to mcdsl/db.Open |
internal/db/migrations.go |
Function-based migrations → mcdsl/db.Migration SQL strings |
internal/db/snapshot.go |
Delegates to mcdsl/db.Snapshot |
internal/config/config.go Duration |
Type alias for mcdsl/config.Duration |
internal/config/config.go Load |
Uses mcdsl/config.Load[T] + Validator interface |
Key design decisions:
- Store wrapper kept (has CRUD methods specific to mc-proxy)
type Duration = mcdslconfig.Durationalias so all existing code referencingconfig.Durationcontinues to work unchanged- mc-proxy's complex validation stays as a Validate() method
- Manual env overrides kept for int64 rate_limit (reflection can't handle)
Dependencies removed as direct:
modernc.org/sqlite(now indirect via mcdsl)github.com/pelletier/go-toml/v2(now indirect via mcdsl)
Behavioral change: invalid duration env overrides are now silently ignored (test updated to match).
Result: all tests pass, builds clean. Net -129 lines.
Phase 11b: mcr Migration (2026-03-25)
MCR migrated db, auth, and config to mcdsl. Exercises the full stack.
| Changed | How |
|---|---|
internal/db/db.go Open |
Delegates to mcdsl/db.Open |
internal/db/migrate.go |
SQL strings → mcdsl/db.Migration, delegate to mcdsl/db.Migrate |
internal/db/migrate.go SchemaVersion |
Delegates to mcdsl/db.SchemaVersion |
internal/auth/ |
Thin shim wrapping mcdsl/auth.Authenticator; keeps Claims type with AccountType for policy engine compatibility |
internal/auth/cache.go |
Deleted (caching handled by mcdsl/auth) |
internal/config/config.go |
Embeds mcdsl/config.Base; Storage and Web remain MCR-specific; uses mcdsl/config.Load[T] + Validator |
Auth shim approach: MCR's policy engine depends on Claims.AccountType
which mcdsl's TokenInfo doesn't carry. Rather than changing every
consumer, internal/auth wraps mcdsl/auth.Authenticator and adapts
results to the MCR Claims type. All server/grpcserver/webserver code
is unchanged.
Behavioral changes:
- WriteTimeout now defaults to 30s (was 0/disabled)
- Auth cache expiry test removed (caching tested in mcdsl)
Result: all tests pass, builds clean. Net -464 lines.
Next Steps
- Phase 11c: metacrypt migration
- Phase 11d: mcias migration