mc/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'Update CLAUDE.md: fix tech stack, add key features' (#1) from update-claude-md-features into master

Browse Source
This commit was merged in pull request #1.
This commit is contained in:
kyle
2026-04-02 22:20:21 +00:00
parent 15e7eb5bd1 daba5032f7
commit a1250d05ee
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CLAUDE.md
View File

@@ -10,7 +10,8 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- **Language:** Go - **Language:** Go
- **Database:** SQLite - **Database:** SQLite
- **Logging/Utilities:** git.wntrmute.dev/kyle/goutils - **Module path:** git.wntrmute.dev/mc/mcias
- **Shared library:** git.wntrmute.dev/mc/mcdsl (auth, config, CSRF, web server, health checks)
- **Crypto:** Ed25519 (signatures), Argon2 (password hashing) - **Crypto:** Ed25519 (signatures), Argon2 (password hashing)
- **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms - **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms
- **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support - **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support
@@ -22,6 +23,12 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds) - `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds)
- `mciasgrpcctl` — admin CLI for gRPC interface - `mciasgrpcctl` — admin CLI for gRPC interface
## Key Features
- **SSO client management:** service registration, redirect URI configuration, per-client enable/disable, policy-gated CRUD (REST + gRPC + web UI)
- **Security headers:** Content-Security-Policy on all UI and docs pages, HSTS (Strict-Transport-Security) on all responses, per-IP rate limiting on auth endpoints
- **WebAuthn:** passwordless login via FIDO2/WebAuthn (registration and authentication flows)
## Development Workflow ## Development Workflow
If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state. If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state.