Update STATUS.md to current deployed state (2026-04-02)
- Update all service versions from mcp ps output - Add svc as edge node, orion as offline/maintenance to node inventory - Add MCQ service details section - Update MCP to v0.9.0 with multi-node edge support - Add svc port map and public-facing routes - Update non-platform services (exod, sgardd, kls) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
107
STATUS.md
107
STATUS.md
@@ -1,42 +1,45 @@
|
||||
# Metacircular Platform Status
|
||||
|
||||
Last updated: 2026-03-28
|
||||
Last updated: 2026-04-02
|
||||
|
||||
## Platform Overview
|
||||
|
||||
One node operational (**rift**), running core infrastructure services as
|
||||
containers fronted by MC-Proxy. MCIAS runs separately (not on rift).
|
||||
Bootstrap phases 0–4 complete (MCIAS, Metacrypt, MC-Proxy, MCR all
|
||||
operational). MCP is deployed and managing all platform containers. MCNS is
|
||||
deployed on rift, serving authoritative DNS. Platform evolution Phases A–D
|
||||
complete (automated port assignment, route registration, TLS cert
|
||||
provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
(Phase E).
|
||||
Two nodes operational (**rift** + **svc**), with **orion** provisioned but
|
||||
offline for maintenance. Core infrastructure services run as containers on
|
||||
rift, fronted by MC-Proxy. Svc operates as an MCP edge node managing
|
||||
mc-proxy routing only (no containers); MCIAS runs on svc separately as a
|
||||
systemd service. Bootstrap phases 0–4 complete (MCIAS, Metacrypt, MC-Proxy,
|
||||
MCR all operational). MCP is deployed and managing all platform containers
|
||||
on rift, with multi-node capability (svc as edge node). MCNS is deployed on
|
||||
rift, serving authoritative DNS. Platform evolution Phases A–D complete
|
||||
(automated port assignment, route registration, TLS cert provisioning, and
|
||||
DNS registration). Phase E (multi-node expansion) is in planning, with v2
|
||||
architecture in development.
|
||||
|
||||
## Service Status
|
||||
|
||||
| Service | Version | SDLC Phase | Deployed | Node |
|
||||
|---------|---------|------------|----------|------|
|
||||
| MCIAS | v1.9.0 | Maintenance | Yes | (separate) |
|
||||
| Metacrypt | v1.3.1 | Production | Yes | rift |
|
||||
| MC-Proxy | v1.2.1 | Maintenance | Yes | rift |
|
||||
| MCR | v1.2.1 | Production | Yes | rift |
|
||||
| MCAT | v1.1.1 | Complete | Unknown | — |
|
||||
| MCDSL | v1.4.0 | Stable | N/A (library) | — |
|
||||
| MCNS | v1.1.1 | Production | Yes | rift |
|
||||
| MCIAS | v1.10.5 | Maintenance | Yes | svc (systemd) |
|
||||
| Metacrypt | v1.4.1 | Production | Yes | rift |
|
||||
| MC-Proxy | v1.2.2 | Maintenance | Yes | rift |
|
||||
| MCR | v1.3.2 | Production | Yes | rift |
|
||||
| MCAT | v1.2.0 | Production | Yes | rift |
|
||||
| MCDSL | v1.7.0 | Stable | N/A (library) | — |
|
||||
| MCNS | v1.2.0 | Production | Yes | rift |
|
||||
| MCDoc | v0.1.0 | Production | Yes | rift |
|
||||
| MCQ | v0.2.0 | Production | Yes | rift |
|
||||
| MCP | v0.7.6 | Production | Yes | rift |
|
||||
| MCQ | v0.4.2 | Production | Yes | rift |
|
||||
| MCP | v0.9.0 | Production | Yes | rift |
|
||||
|
||||
## Service Details
|
||||
|
||||
### MCIAS — Identity and Access Service
|
||||
|
||||
- **Version:** v1.9.0 (client library: clients/go/v0.2.0)
|
||||
- **Version:** v1.10.5 (client library: clients/go/v0.2.0)
|
||||
- **Phase:** Maintenance. Phases 0-14 complete. Feature-complete with active
|
||||
refinement.
|
||||
- **Deployment:** Running in production. All other services authenticate
|
||||
against it.
|
||||
- **Deployment:** Running in production on svc as a systemd service. All
|
||||
other services authenticate against it.
|
||||
- **Recent work:** WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login
|
||||
policies, Nix flake for CLI tools.
|
||||
- **Artifacts:** systemd units (service + backup timer), install script,
|
||||
@@ -44,7 +47,7 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
|
||||
### Metacrypt — Cryptographic Service Engine
|
||||
|
||||
- **Version:** v1.3.1.
|
||||
- **Version:** v1.4.1 (API v1.3.1, Web v1.4.1).
|
||||
- **Phase:** Production. All four engine types implemented (CA, SSH CA, transit,
|
||||
user-to-user). Active work on integration test coverage.
|
||||
- **Deployment:** Running on rift as a container, fronted by MC-Proxy on
|
||||
@@ -56,11 +59,12 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
|
||||
### MC-Proxy — TLS Proxy and Router
|
||||
|
||||
- **Version:** v1.2.1.
|
||||
- **Phase:** Maintenance. Stable and actively routing traffic on rift.
|
||||
- **Version:** v1.2.2.
|
||||
- **Phase:** Maintenance. Stable and actively routing traffic on rift and svc.
|
||||
- **Deployment:** Running on rift. Fronts Metacrypt, MCR, and sgard on ports
|
||||
443, 8443, and 9443. Prometheus metrics on 127.0.0.1:9091. Routes persisted
|
||||
in SQLite and managed via gRPC API.
|
||||
in SQLite and managed via gRPC API. Svc runs its own mc-proxy on :443 with
|
||||
public-facing routes.
|
||||
- **Recent work:** Route persistence (SQLite), idempotent AddRoute (upsert),
|
||||
golangci-lint v2 compliance, module path migration to mc/ org.
|
||||
- **Artifacts:** systemd units (service + backup timer), Docker Compose
|
||||
@@ -68,7 +72,8 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
|
||||
### MCR — Container Registry
|
||||
|
||||
- **Version:** v1.2.1. All implementation phases complete.
|
||||
- **Version:** v1.3.2 (API v1.2.1, Web v1.3.2). All implementation phases
|
||||
complete.
|
||||
- **Phase:** Production. Deployed on rift, serving container images.
|
||||
- **Deployment:** Running on rift as two containers (mcr API + mcr-web),
|
||||
fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and
|
||||
@@ -81,26 +86,26 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
|
||||
### MCAT — Login Policy Tester
|
||||
|
||||
- **Version:** v1.1.1.
|
||||
- **Phase:** Complete. Diagnostic tool, not core infrastructure.
|
||||
- **Deployment:** Available for ad-hoc use. Lightweight tool for testing
|
||||
MCIAS login policy rules.
|
||||
- **Version:** v1.2.0.
|
||||
- **Phase:** Production. Deployed on rift as a container managed by MCP.
|
||||
- **Deployment:** Running on rift. Lightweight tool for testing MCIAS login
|
||||
policy rules.
|
||||
- **Recent work:** Migrated to mcdsl for auth, config, CSRF, and web.
|
||||
- **Artifacts:** systemd unit, install script, example config.
|
||||
|
||||
### MCDSL — Standard Library
|
||||
|
||||
- **Version:** v1.4.0.
|
||||
- **Version:** v1.7.0.
|
||||
- **Phase:** Stable. All 9 packages implemented and tested. Being adopted
|
||||
across the platform.
|
||||
- **Deployment:** N/A (Go library, imported by other services).
|
||||
- **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health,
|
||||
archive.
|
||||
- **Adoption:** All services except mcias on v1.4.0. mcias pending.
|
||||
- **Adoption:** All services except mcias on v1.7.0. mcias pending.
|
||||
|
||||
### MCNS — Networking Service
|
||||
|
||||
- **Version:** v1.1.1.
|
||||
- **Version:** v1.2.0.
|
||||
- **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor.
|
||||
- **Deployment:** Running on rift as a container managed by MCP. Serves two
|
||||
authoritative zones plus upstream forwarding. REST + gRPC APIs with MCIAS
|
||||
@@ -120,14 +125,25 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
rendering with syntax highlighting, webhook-driven refresh.
|
||||
- **Artifacts:** Dockerfile, MCP service definition.
|
||||
|
||||
### MCQ — Document Review Queue
|
||||
|
||||
- **Version:** v0.4.2.
|
||||
- **Phase:** Production. Document review queue with MCP server for Claude
|
||||
integration.
|
||||
- **Deployment:** Running on rift as a container managed by MCP.
|
||||
- **Recent work:** Claude MCP server integration, document review workflow.
|
||||
- **Artifacts:** Dockerfile, MCP service definition.
|
||||
|
||||
### MCP — Control Plane
|
||||
|
||||
- **Version:** v0.7.6.
|
||||
- **Phase:** Production. Phases A–D complete. Deployed to rift, managing all
|
||||
platform containers.
|
||||
- **Version:** v0.9.0 (agent on rift: v0.8.3-dirty, agent on svc: v0.9.0).
|
||||
- **Phase:** Production. Phases A–D complete. Multi-node capable with svc
|
||||
operating as an edge node. V2 architecture in development, Phase E planning
|
||||
underway.
|
||||
- **Deployment:** Running on rift. Agent as systemd service under `mcp` user
|
||||
with rootless podman. Manages metacrypt, mc-proxy, mcr, mcns, and mcdoc
|
||||
containers.
|
||||
with rootless podman. Manages metacrypt, mc-proxy, mcr, mcns, mcdoc, mcat,
|
||||
mcq, and non-platform containers. Svc runs an MCP agent for edge mc-proxy
|
||||
route management.
|
||||
- **Architecture:** Two components — `mcp` CLI (thin client on vade) and
|
||||
`mcp-agent` (per-node daemon with SQLite registry, podman management,
|
||||
monitoring with drift/flap detection, route registration with mc-proxy,
|
||||
@@ -136,7 +152,7 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
- **Recent work:** Phase C (automated TLS cert provisioning), Phase D
|
||||
(automated DNS registration via MCNS), undeploy command, logs command,
|
||||
edit command, auto-login to MCR, system account auth model, module path
|
||||
migration.
|
||||
migration, multi-node edge support (svc).
|
||||
- **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service
|
||||
definition files, design docs.
|
||||
|
||||
@@ -145,6 +161,8 @@ provisioning, and DNS registration). Multi-node deployment is being planned
|
||||
| Node | Address (LAN) | Address (Tailscale) | Role |
|
||||
|------|---------------|---------------------|------|
|
||||
| rift | 192.168.88.181 | 100.95.252.120 | Infrastructure services |
|
||||
| svc | — | 100.106.232.4 | Edge — public mc-proxy, MCIAS (systemd) |
|
||||
| orion | 192.168.88.214 | — | Worker (provisioned, offline for maintenance) |
|
||||
|
||||
## Rift Port Map
|
||||
|
||||
@@ -155,12 +173,17 @@ assignments or well-known ports.
|
||||
| Port | Protocol | Services |
|
||||
|------|----------|----------|
|
||||
| 53 | DNS (LAN + Tailscale) | mcns |
|
||||
| 443 | L7 (TLS termination) | metacrypt-web, mcr-web, mcdoc |
|
||||
| 443 | L7 (TLS termination) | metacrypt-web, mcr-web, mcdoc, mcat, kls |
|
||||
| 8080 | HTTP (all interfaces) | exod |
|
||||
| 8443 | L4 (SNI passthrough) | metacrypt API, mcr API |
|
||||
| 9090 | HTTP (all interfaces) | exod |
|
||||
| 9443 | L4 (SNI passthrough) | metacrypt gRPC, mcr gRPC, sgard |
|
||||
| 9091 | HTTP (loopback) | MC-Proxy Prometheus metrics |
|
||||
|
||||
Non-platform services also running on rift: **exod** (ports 8080/9090),
|
||||
**sgardd** (port 19473, fronted by MC-Proxy on 9443).
|
||||
Svc runs its own mc-proxy on :443 (L7) with public-facing routes:
|
||||
kls.metacircular.net, mcq.metacircular.net, metacrypt.metacircular.net,
|
||||
docs.metacircular.net, git.metacircular.net, git.wntrmute.dev.
|
||||
|
||||
Non-platform services also running on rift: **exod** (v0.1.0, ports
|
||||
8080/9090), **sgardd** (v3.2.0, port 19473, fronted by MC-Proxy on 9443),
|
||||
**kls** (v0.2.0).
|
||||
|
||||
Reference in New Issue
Block a user