From daba5032f71b63fa5df71473bc82a849df1e984a Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Thu, 2 Apr 2026 15:14:41 -0700 Subject: [PATCH] Update CLAUDE.md: fix tech stack, add key features - Remove stale goutils reference (not in go.mod) - Add mcdsl as shared library dependency - Add module path reference - Add Key Features section: SSO client management, CSP/security headers Co-Authored-By: Claude Opus 4.6 (1M context) --- CLAUDE.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CLAUDE.md b/CLAUDE.md index 1a44a3f..6b43b92 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -10,7 +10,8 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id - **Language:** Go - **Database:** SQLite -- **Logging/Utilities:** git.wntrmute.dev/kyle/goutils +- **Module path:** git.wntrmute.dev/mc/mcias +- **Shared library:** git.wntrmute.dev/mc/mcdsl (auth, config, CSRF, web server, health checks) - **Crypto:** Ed25519 (signatures), Argon2 (password hashing) - **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms - **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support @@ -22,6 +23,12 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id - `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds) - `mciasgrpcctl` — admin CLI for gRPC interface +## Key Features + +- **SSO client management:** service registration, redirect URI configuration, per-client enable/disable, policy-gated CRUD (REST + gRPC + web UI) +- **Security headers:** Content-Security-Policy on all UI and docs pages, HSTS (Strict-Transport-Security) on all responses, per-IP rate limiting on auth endpoints +- **WebAuthn:** passwordless login via FIDO2/WebAuthn (registration and authentication flows) + ## Development Workflow If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state.