Phase 1: config loading, database migrations, audit log

- internal/config: TOML config with env overrides (MCR_ prefix), required field validation, same-filesystem check, defaults - internal/db: SQLite via modernc.org/sqlite, WAL mode, 2 migrations (core registry tables + policy/audit), foreign key cascades - internal/db: audit log write/list with filtering and pagination - deploy/examples/mcr.toml: annotated example configuration - .golangci.yaml: disable fieldalignment (readability over micro-opt) - checkpoint skill copied from mcias Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 13:14:19 -07:00
parent 369558132b
commit fde66be9c1
15 changed files with 1433 additions and 9 deletions
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -51,12 +51,14 @@ linters:
      check-type-assertions: true

    govet:
-      # Enable all analyzers except shadow. The shadow analyzer flags the idiomatic
-      # `if err := f(); err != nil { ... }` pattern as shadowing an outer `err`,
-      # which is ubiquitous in Go and does not pose a security risk in this codebase.
+      # Enable all analyzers except shadow and fieldalignment. Shadow flags the
+      # idiomatic `if err := f(); err != nil { ... }` pattern as shadowing an
+      # outer `err`. Fieldalignment is a micro-optimization that hurts readability
+      # by reordering struct fields away from their logical grouping.
      enable-all: true
      disable:
        - shadow
+        - fieldalignment

    gosec:
      # Treat all gosec findings as errors, not warnings.