mc/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CLAUDE.md: fix tech stack, add key features #1

Merged
kyle merged 1 commits from update-claude-md-features into master 2026-04-02 22:20:21 +00:00
Conversation 0 Commits 1 Files Changed 1 +8 -1
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CLAUDE.md
View File

@@ -10,7 +10,8 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- **Language:** Go - **Language:** Go
- **Database:** SQLite - **Database:** SQLite
- **Logging/Utilities:** git.wntrmute.dev/kyle/goutils - **Module path:** git.wntrmute.dev/mc/mcias
- **Shared library:** git.wntrmute.dev/mc/mcdsl (auth, config, CSRF, web server, health checks)
- **Crypto:** Ed25519 (signatures), Argon2 (password hashing) - **Crypto:** Ed25519 (signatures), Argon2 (password hashing)
- **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms - **Tokens:** JWT signed with Ed25519 (algorithm: EdDSA); always validate the `alg` header on receipt — never accept `none` or symmetric algorithms
- **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support - **Auth:** Username/password + optional TOTP; future FIDO/Yubikey support
@@ -22,6 +23,12 @@ MCIAS (Metacircular Identity and Access System) is a single-sign-on (SSO) and Id
- `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds) - `mciasdb` — offline SQLite maintenance tool (schema, accounts, tokens, audit, pgcreds)
- `mciasgrpcctl` — admin CLI for gRPC interface - `mciasgrpcctl` — admin CLI for gRPC interface
## Key Features
- **SSO client management:** service registration, redirect URI configuration, per-client enable/disable, policy-gated CRUD (REST + gRPC + web UI)
- **Security headers:** Content-Security-Policy on all UI and docs pages, HSTS (Strict-Transport-Security) on all responses, per-IP rate limiting on auth endpoints
- **WebAuthn:** passwordless login via FIDO2/WebAuthn (registration and authentication flows)
## Development Workflow ## Development Workflow
If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state. If PROGRESS.md does not yet exist, create it before proceeding. It is the source of truth for current state.