Raw descriptor bytes in .pb.go files were corrupted by the sed-based
module path rename (string length changed, breaking protobuf binary
encoding). Regenerated with protoc to fix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update mcdsl from v1.0.0 to the port-env-support branch tip, which adds
$PORT environment variable support. Adapt grpcserver.New call to the new
Options parameter (nil for default chain).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document MCP-based container management for MCNS on rift, replacing
the docker-compose workflow. Add deploy/mcns-rift.toml as the reference
MCP service definition.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Verifies that calling Migrate() twice succeeds without error and that
seed data (2 zones, 12 records) is present exactly once.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Migration v2: INSERT → INSERT OR IGNORE for idempotency
- Config: validate server.tls_cert and server.tls_key are non-empty
- gRPC: add input validation matching REST handlers
- gRPC: add logger to zone/record services, log timestamp parse errors
- REST+gRPC: extract SOA defaults into shared db.ApplySOADefaults()
- DNS: simplify SOA query condition (remove dead code from precedence bug)
- Startup: consolidate shutdown into shutdownAll(), clean up gRPC listener
on error path, shut down sibling servers when one fails
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Full integration tests exercising gRPC services through real server with
mock MCIAS auth. Covers all CRUD operations for zones and records,
health check bypass, auth/admin interceptor enforcement, CNAME
exclusivity conflicts, and method map completeness verification.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cover all REST handlers with httptest-based tests using real SQLite:
zones (list, get, create, update, delete), records (list, get, create,
update, delete with validation/conflict cases), requireAdmin middleware
(admin, non-admin, missing context), and utility functions (writeJSON,
writeError, extractBearerToken, tokenInfoFromContext).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ARCHITECTURE.md:
- Note optional ?name=/&type= query filters on GET /v1/zones/{zone}/records
- Document ListRecordsRequest name/type fields as optional filters in gRPC service
- Add gRPC usage examples section with grpcurl commands
CLAUDE.md:
- Add mcdsl shared library section
- Add testing patterns (stdlib only, real SQLite, no mocks)
- Add key invariants: SOA serial YYYYMMDDNN format, CNAME exclusivity at DB layer
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create the two required documentation files for MCNS:
- README.md: project overview, quick-start (build/configure/run), links
to ARCHITECTURE.md and RUNBOOK.md
- RUNBOOK.md: operator-focused procedures with numbered steps covering
health checks, start/stop/restart, backup/restore, log inspection,
and incident playbooks for database corruption, certificate expiry,
MCIAS outage, DNS resolution failures, and port conflicts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ship mcns.service, mcns-backup.service, mcns-backup.timer, and
deploy/scripts/install.sh adapted from MCR's deployment files.
Includes full security hardening block per engineering standards
and AmbientCapabilities=CAP_NET_BIND_SERVICE for DNS port 53.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ca-certificates and tzdata packages, fix user creation with proper
home directory and nologin shell, combine RUN commands into a single
layer, add VOLUME/WORKDIR declarations, and reorder USER after volume
setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Populates the database on first run with the two existing zones
(svc.mcp.metacircular.net, mcp.metacircular.net) and all their A
records (metacrypt, mcr, sgard, mcp-agent, rift, ns).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the CoreDNS precursor with a purpose-built authoritative DNS
server. Zones and records (A, AAAA, CNAME) are stored in SQLite and
managed via synchronized gRPC + REST APIs authenticated through MCIAS.
Non-authoritative queries are forwarded to upstream resolvers with
in-memory caching.
Key components:
- DNS server (miekg/dns) with authoritative zone handling and forwarding
- gRPC + REST management APIs with MCIAS auth (mcdsl integration)
- SQLite storage with CNAME exclusivity enforcement and auto SOA serials
- 30 tests covering database CRUD, DNS resolution, and caching
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Design MCNS as a purpose-built authoritative DNS server with SQLite-backed
zone/record storage and a gRPC+REST management API. Supports A, AAAA, and
CNAME records with upstream forwarding for non-authoritative queries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Port 53 on loopback is used by systemd-resolved on rift. Bind to
192.168.88.181 (LAN) and 100.95.252.120 (Tailscale) specifically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Serves two internal zones for the Metacircular platform:
- svc.mcp.metacircular.net (service addresses)
- mcp.metacircular.net (node addresses)
Forwards all other queries to 1.1.1.1 and 8.8.8.8. Includes rift
deployment compose with CoreDNS 1.12.1 and zone files mapping
metacrypt and rift to their LAN and Tailscale addresses.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
