mc/mcr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
37 Commits 1 Branch 9 Tags
18756f62b77c09f981bb429592b33b11af9907f2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Kyle Isom 18756f62b7 Add SSO login support to MCR web UI 
MCR can now redirect users to MCIAS for login instead of showing its
own login form. This enables passkey/FIDO2 authentication since WebAuthn
credentials are bound to MCIAS's domain.

- Add optional [sso] config section with redirect_uri
- Add handleSSOLogin (redirects to MCIAS) and handleSSOCallback
  (exchanges code for JWT, validates roles, sets session cookie)
- SSO is opt-in: when redirect_uri is empty, the existing login form
  is used (backward compatible)
- Guest role check preserved in SSO callback path
- Return-to URL preserved across the SSO redirect
- Uses mcdsl/sso package (local replace for now)

Security:
- State cookie uses SameSite=Lax for cross-site redirect compatibility
- Session cookie remains SameSite=Strict (same-site only after login)
- Code exchange is server-to-server over TLS 1.3

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 15:30:30 -07:00
.claude/skills/checkpoint
Phase 1: config loading, database migrations, audit log
2026-03-19 13:14:19 -07:00
cmd
Add SSO login support to MCR web UI
2026-03-30 15:30:30 -07:00
deploy
Migrate module path from kyle/ to mc/ org
2026-03-27 02:05:59 -07:00
gen/mcr/v1
Regenerate proto files for mc/ module path
2026-03-27 02:54:31 -07:00
internal
Add SSO login support to MCR web UI
2026-03-30 15:30:30 -07:00
proto/mcr/v1
Migrate module path from kyle/ to mc/ org
2026-03-27 02:05:59 -07:00
vendor
Add SSO login support to MCR web UI
2026-03-30 15:30:30 -07:00
web
Phases 11, 12: mcrctl CLI tool and mcr-web UI
2026-03-20 10:14:38 -07:00
.gitignore
Initial scaffolding: module, directory structure, Makefile, linter config
2026-03-19 11:29:32 -07:00
.golangci.yaml
Phase 1: config loading, database migrations, audit log
2026-03-19 13:14:19 -07:00
#PROJECT_PLAN.md#
Initial scaffolding: module, directory structure, Makefile, linter config
2026-03-19 11:29:32 -07:00
ARCHITECTURE.md
Block guest accounts from web UI login
2026-03-26 23:02:22 -07:00
buf.yaml
Initial scaffolding: module, directory structure, Makefile, linter config
2026-03-19 11:29:32 -07:00
CLAUDE.md
Migrate module path from kyle/ to mc/ org
2026-03-27 02:05:59 -07:00
Dockerfile.api
Add git to alpine builder for private module fetching
2026-03-26 14:58:53 -07:00
Dockerfile.web
Add git to alpine builder for private module fetching
2026-03-26 14:58:53 -07:00
flake.lock
Add Nix flake for mcrctl
2026-03-25 21:01:28 -07:00
flake.nix
flake: install shell completions for mcrctl
2026-03-27 21:41:30 -07:00
go.mod
Add SSO login support to MCR web UI
2026-03-30 15:30:30 -07:00
go.sum
Add SSO login support to MCR web UI
2026-03-30 15:30:30 -07:00
Makefile
Standardize Makefile docker/push targets for MCR
2026-03-27 14:32:05 -07:00
PROGRESS.md
Migrate module path from kyle/ to mc/ org
2026-03-27 02:05:59 -07:00
PROJECT_PLAN.md
Migrate module path from kyle/ to mc/ org
2026-03-27 02:05:59 -07:00
README.md
Add RUNBOOK.md and expand README.md
2026-03-26 22:11:21 -07:00
RUNBOOK.md
Update RUNBOOK MCP example to use pinned version tags
2026-03-26 23:31:02 -07:00

README.md

MCR

Metacircular Container Registry -- an OCI Distribution Spec-compliant container registry for the Metacircular platform. MCR stores and serves container images with authentication delegated to MCIAS and a local policy engine for fine-grained access control. Metadata is stored in SQLite; blobs are stored as content-addressed files on the filesystem.

Quick Start

Build the binaries:

make all

This produces three binaries:

Binary Purpose
mcrsrv Registry server (OCI + admin REST + gRPC)
mcr-web Web UI (htmx, communicates with mcrsrv via gRPC)
mcrctl Admin CLI

Copy and edit the example configuration:

cp deploy/examples/mcr.toml /srv/mcr/mcr.toml
# Edit TLS paths, database path, storage paths, MCIAS URL

Run the server:

./mcrsrv server --config /srv/mcr/mcr.toml

The server starts two listeners:

Port Protocol Purpose
8443 TCP HTTPS -- OCI Distribution endpoints + admin REST API
9443 TCP gRPC admin API (TLS, MCIAS auth)

Run the web UI:

./mcr-web server --config /srv/mcr/mcr.toml
Port Protocol Purpose
8080 TCP HTTP -- web UI (repository browsing, policy management)

Documentation

  • ARCHITECTURE.md -- full technical specification, OCI compliance details, database schema, policy engine, and security model.
  • RUNBOOK.md -- operational procedures, health checks, backup/restore, incident response, and MCP deployment.
  • CLAUDE.md -- context for AI-assisted development.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 42 MiB
Releases 1
v1.1.0: Block guest accounts from web UI login Latest
2026-03-27 06:02:27 +00:00
Languages
Go 95.3%
HTML 2.4%
CSS 1.3%
Shell 0.5%
Makefile 0.3%
Other 0.2%