Phases 5, 6, 8: OCI pull/push paths and admin REST API

Phase 5 (OCI pull): internal/oci/ package with manifest GET/HEAD by tag/digest, blob GET/HEAD with repo membership check, tag listing with OCI pagination, catalog listing. Multi-segment repo names via parseOCIPath() right-split routing. DB query layer in internal/db/repository.go. Phase 6 (OCI push): blob uploads (monolithic and chunked) with uploadManager tracking in-progress BlobWriters, manifest push implementing full ARCHITECTURE.md §5 flow in a single SQLite transaction (create repo, upsert manifest, populate manifest_blobs, atomic tag move). Digest verification on both blob commit and manifest push-by-digest. Phase 8 (admin REST): /v1 endpoints for auth (login/logout/health), repository management (list/detail/delete), policy CRUD with engine reload, audit log listing with filters, GC trigger/status stubs. RequireAdmin middleware, platform-standard error format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 18:25:18 -07:00
parent f5e67bd4aa
commit dddc66f31b
40 changed files with 6832 additions and 7 deletions
--- a/PROJECT_PLAN.md
+++ b/PROJECT_PLAN.md
@@ -14,10 +14,10 @@ design specification.
 | 2 | Blob storage layer | **Complete** |
 | 3 | MCIAS authentication | **Complete** |
 | 4 | Policy engine | **Complete** |
-| 5 | OCI API — pull path | Not started |
-| 6 | OCI API — push path | Not started |
+| 5 | OCI API — pull path | **Complete** |
+| 6 | OCI API — push path | **Complete** |
 | 7 | OCI API — delete path | Not started |
-| 8 | Admin REST API | Not started |
+| 8 | Admin REST API | **Complete** |
 | 9 | Garbage collection | Not started |
 | 10 | gRPC admin API | Not started |
 | 11 | CLI tool (mcrctl) | Not started |