Phase D: Automated DNS registration via MCNS

Add DNSRegistrar that creates/updates/deletes A records in MCNS during deploy and stop. When a service has routes, the agent ensures an A record exists in the configured zone pointing to the node's address. On stop, the record is removed. - Add MCNSConfig to agent config (server_url, ca_cert, token_path, zone, node_addr) with defaults and env overrides - Add DNSRegistrar (internal/agent/dns.go): REST client for MCNS record CRUD, nil-receiver safe - Wire into deploy flow (EnsureRecord after route registration) - Wire into stop flow (RemoveRecord before container stop) - 7 new tests, make all passes with 0 issues Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 14:33:41 -07:00
parent e4d131021e
commit 9d9ad6588e
7 changed files with 608 additions and 0 deletions
--- a/internal/config/agent.go
+++ b/internal/config/agent.go
@@ -16,6 +16,7 @@ type AgentConfig struct {
 	Agent     AgentSettings   `toml:"agent"`
 	MCProxy   MCProxyConfig   `toml:"mcproxy"`
 	Metacrypt MetacryptConfig `toml:"metacrypt"`
+	MCNS      MCNSConfig      `toml:"mcns"`
 	Monitor   MonitorConfig   `toml:"monitor"`
 	Log       LogConfig       `toml:"log"`
 }
@@ -40,6 +41,26 @@ type MetacryptConfig struct {
 	TokenPath string `toml:"token_path"`
 }

+// MCNSConfig holds the MCNS DNS integration settings for automated
+// DNS record registration. If ServerURL is empty, DNS registration
+// is disabled.
+type MCNSConfig struct {
+	// ServerURL is the MCNS API base URL (e.g. "https://localhost:28443").
+	ServerURL string `toml:"server_url"`
+
+	// CACert is the path to the CA certificate for verifying MCNS's TLS.
+	CACert string `toml:"ca_cert"`
+
+	// TokenPath is the path to the MCIAS service token file.
+	TokenPath string `toml:"token_path"`
+
+	// Zone is the DNS zone for service records. Defaults to "svc.mcp.metacircular.net".
+	Zone string `toml:"zone"`
+
+	// NodeAddr is the IP address to register as the A record value.
+	NodeAddr string `toml:"node_addr"`
+}
+
 // MCProxyConfig holds the mc-proxy connection settings.
 type MCProxyConfig struct {
 	// Socket is the path to the mc-proxy gRPC admin API Unix socket.
@@ -177,6 +198,9 @@ func applyAgentDefaults(cfg *AgentConfig) {
 	if cfg.Metacrypt.Issuer == "" {
 		cfg.Metacrypt.Issuer = "infra"
 	}
+	if cfg.MCNS.Zone == "" {
+		cfg.MCNS.Zone = "svc.mcp.metacircular.net"
+	}
 }

 func applyAgentEnvOverrides(cfg *AgentConfig) {
@@ -213,6 +237,15 @@ func applyAgentEnvOverrides(cfg *AgentConfig) {
 	if v := os.Getenv("MCP_AGENT_METACRYPT_TOKEN_PATH"); v != "" {
 		cfg.Metacrypt.TokenPath = v
 	}
+	if v := os.Getenv("MCP_AGENT_MCNS_SERVER_URL"); v != "" {
+		cfg.MCNS.ServerURL = v
+	}
+	if v := os.Getenv("MCP_AGENT_MCNS_TOKEN_PATH"); v != "" {
+		cfg.MCNS.TokenPath = v
+	}
+	if v := os.Getenv("MCP_AGENT_MCNS_NODE_ADDR"); v != "" {
+		cfg.MCNS.NodeAddr = v
+	}
 }

 func validateAgentConfig(cfg *AgentConfig) error {