Update CLAUDE.md: fix tech stack, add key features
- Remove stale goutils reference (not in go.mod) - Add mcdsl as shared library dependency - Add module path reference - Add Key Features section: SSO client management, CSP/security headers Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -10,7 +10,8 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
|
||||
|
||||
- **Language:** Go
|
||||
- **Database:** SQLite
|
||||
- **Logging/Utilities:** git.wntrmute.dev/kyle/goutils
|
||||
- **Module path:** git.wntrmute.dev/mc/mcias
|
||||
- **Shared library:** git.wntrmute.dev/mc/mcdsl (auth, config, CSRF, web server, health checks)
|
||||
- **Crypto:** Ed25519 (signatures), Argon2 (password hashing)
|
||||
- **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms
|
||||
- **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support
|
||||
@@ -22,6 +23,12 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
|
||||
- `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds)
|
||||
- `mciasgrpcctl` — admin CLI for gRPC interface
|
||||
|
||||
## Key Features
|
||||
|
||||
- **SSO client management:** service registration, redirect URI configuration, per-client enable/disable, policy-gated CRUD (REST + gRPC + web UI)
|
||||
- **Security headers:** Content-Security-Policy on all UI and docs pages, HSTS (Strict-Transport-Security) on all responses, per-IP rate limiting on auth endpoints
|
||||
- **WebAuthn:** passwordless login via FIDO2/WebAuthn (registration and authentication flows)
|
||||
|
||||
## Development Workflow
|
||||
|
||||
If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state.
|
||||
|
||||
Reference in New Issue
Block a user