mc/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CLAUDE.md: fix tech stack, add key features

Browse Source 
- Remove stale goutils reference (not in go.mod)
- Add mcdsl as shared library dependency
- Add module path reference
- Add Key Features section: SSO client management, CSP/security headers

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-04-02 15:14:41 -07:00
parent 15e7eb5bd1
commit daba5032f7
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CLAUDE.md
View File

@@ -10,7 +10,8 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- **Language:** Go - **Language:** Go
- **Database:** SQLite - **Database:** SQLite
- **Logging/Utilities:** git.wntrmute.dev/kyle/goutils - **Module path:** git.wntrmute.dev/mc/mcias
- **Shared library:** git.wntrmute.dev/mc/mcdsl (auth, config, CSRF, web server, health checks)
- **Crypto:** Ed25519 (signatures), Argon2 (password hashing) - **Crypto:** Ed25519 (signatures), Argon2 (password hashing)
- **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms - **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms
- **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support - **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support
@@ -22,6 +23,12 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds) - `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds)
- `mciasgrpcctl` — admin CLI for gRPC interface - `mciasgrpcctl` — admin CLI for gRPC interface
## Key Features
- **SSO client management:** service registration, redirect URI configuration, per-client enable/disable, policy-gated CRUD (REST + gRPC + web UI)
- **Security headers:** Content-Security-Policy on all UI and docs pages, HSTS (Strict-Transport-Security) on all responses, per-IP rate limiting on auth endpoints
- **WebAuthn:** passwordless login via FIDO2/WebAuthn (registration and authentication flows)
## Development Workflow ## Development Workflow
If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state. If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state.