86d516acf6
Drop admin requirement from agent interceptor, reject guests
...
The agent now accepts any authenticated user or system account, except
those with the guest role. Admin is reserved for MCIAS account management
and policy changes, not routine deploy/stop/start operations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-28 16:07:17 -07:00
15b8823810
P1.2-P1.5: Complete Phase 1 core libraries
...
Four packages built in parallel:
- P1.2 runtime: Container runtime abstraction with podman implementation.
Interface (Pull/Run/Stop/Remove/Inspect/List), ContainerSpec/ContainerInfo
types, CLI arg building, version extraction from image tags. 2 tests.
- P1.3 servicedef: TOML service definition file parsing. Load/Write/LoadAll,
validation (required fields, unique component names), proto conversion.
5 tests.
- P1.4 config: CLI and agent config loading from TOML. Duration type for
time fields, env var overrides (MCP_*/MCP_AGENT_*), required field
validation, sensible defaults. 7 tests.
- P1.5 auth: MCIAS integration. Token validator with 30s SHA-256 cache,
gRPC unary interceptor (admin role enforcement, audit logging),
Login/LoadToken/SaveToken for CLI. 9 tests.
All packages pass build, vet, lint, and test.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-26 11:36:12 -07:00
