mc/metacircular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update STATUS.md to current deployed state (2026-04-02)

Browse Source 
- Update all service versions from mcp ps output
- Add svc as edge node, orion as offline/maintenance to node inventory
- Add MCQ service details section
- Update MCP to v0.9.0 with multi-node edge support
- Add svc port map and public-facing routes
- Update non-platform services (exod, sgardd, kls)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-04-02 15:14:20 -07:00
parent 0b11899a9b
commit 634b9096c0
1 changed files with 65 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
STATUS.md
View File

@@ -1,42 +1,45 @@
# Metacircular Platform Status # Metacircular Platform Status
Last updated: 2026-03-28 Last updated: 2026-04-02
## Platform Overview ## Platform Overview
One node operational (**rift**), running core infrastructure services as Two nodes operational (**rift** + **svc**), with **orion** provisioned but
containers fronted by MC-Proxy. MCIAS runs separately (not on rift). offline for maintenance. Core infrastructure services run as containers on
Bootstrap phases 04 complete (MCIAS, Metacrypt, MC-Proxy, MCR all rift, fronted by MC-Proxy. Svc operates as an MCP edge node managing
operational). MCP is deployed and managing all platform containers. MCNS is mc-proxy routing only (no containers); MCIAS runs on svc separately as a
deployed on rift, serving authoritative DNS. Platform evolution Phases AD systemd service. Bootstrap phases 04 complete (MCIAS, Metacrypt, MC-Proxy,
complete (automated port assignment, route registration, TLS cert MCR all operational). MCP is deployed and managing all platform containers
provisioning, and DNS registration). Multi-node deployment is being planned on rift, with multi-node capability (svc as edge node). MCNS is deployed on
(Phase E). rift, serving authoritative DNS. Platform evolution Phases AD complete
(automated port assignment, route registration, TLS cert provisioning, and
DNS registration). Phase E (multi-node expansion) is in planning, with v2
architecture in development.
## Service Status ## Service Status
| Service | Version | SDLC Phase | Deployed | Node | | Service | Version | SDLC Phase | Deployed | Node |
|---------|---------|------------|----------|------| |---------|---------|------------|----------|------|
| MCIAS | v1.9.0 | Maintenance | Yes | (separate) | | MCIAS | v1.10.5 | Maintenance | Yes | svc (systemd) |
| Metacrypt | v1.3.1 | Production | Yes | rift | | Metacrypt | v1.4.1 | Production | Yes | rift |
| MC-Proxy | v1.2.1 | Maintenance | Yes | rift | | MC-Proxy | v1.2.2 | Maintenance | Yes | rift |
| MCR | v1.2.1 | Production | Yes | rift | | MCR | v1.3.2 | Production | Yes | rift |
| MCAT | v1.1.1 | Complete | Unknown | — | | MCAT | v1.2.0 | Production | Yes | rift |
| MCDSL | v1.4.0 | Stable | N/A (library) | — | | MCDSL | v1.7.0 | Stable | N/A (library) | — |
| MCNS | v1.1.1 | Production | Yes | rift | | MCNS | v1.2.0 | Production | Yes | rift |
| MCDoc | v0.1.0 | Production | Yes | rift | | MCDoc | v0.1.0 | Production | Yes | rift |
| MCQ | v0.2.0 | Production | Yes | rift | | MCQ | v0.4.2 | Production | Yes | rift |
| MCP | v0.7.6 | Production | Yes | rift | | MCP | v0.9.0 | Production | Yes | rift |
## Service Details ## Service Details
### MCIAS — Identity and Access Service ### MCIAS — Identity and Access Service
- **Version:** v1.9.0 (client library: clients/go/v0.2.0) - **Version:** v1.10.5 (client library: clients/go/v0.2.0)
- **Phase:** Maintenance. Phases 0-14 complete. Feature-complete with active - **Phase:** Maintenance. Phases 0-14 complete. Feature-complete with active
refinement. refinement.
- **Deployment:** Running in production. All other services authenticate - **Deployment:** Running in production on svc as a systemd service. All
against it. other services authenticate against it.
- **Recent work:** WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login - **Recent work:** WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login
policies, Nix flake for CLI tools. policies, Nix flake for CLI tools.
- **Artifacts:** systemd units (service + backup timer), install script, - **Artifacts:** systemd units (service + backup timer), install script,
@@ -44,7 +47,7 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### Metacrypt — Cryptographic Service Engine ### Metacrypt — Cryptographic Service Engine
- **Version:** v1.3.1. - **Version:** v1.4.1 (API v1.3.1, Web v1.4.1).
- **Phase:** Production. All four engine types implemented (CA, SSH CA, transit, - **Phase:** Production. All four engine types implemented (CA, SSH CA, transit,
user-to-user). Active work on integration test coverage. user-to-user). Active work on integration test coverage.
- **Deployment:** Running on rift as a container, fronted by MC-Proxy on - **Deployment:** Running on rift as a container, fronted by MC-Proxy on
@@ -56,11 +59,12 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MC-Proxy — TLS Proxy and Router ### MC-Proxy — TLS Proxy and Router
- **Version:** v1.2.1. - **Version:** v1.2.2.
- **Phase:** Maintenance. Stable and actively routing traffic on rift. - **Phase:** Maintenance. Stable and actively routing traffic on rift and svc.
- **Deployment:** Running on rift. Fronts Metacrypt, MCR, and sgard on ports - **Deployment:** Running on rift. Fronts Metacrypt, MCR, and sgard on ports
443, 8443, and 9443. Prometheus metrics on 127.0.0.1:9091. Routes persisted 443, 8443, and 9443. Prometheus metrics on 127.0.0.1:9091. Routes persisted
in SQLite and managed via gRPC API. in SQLite and managed via gRPC API. Svc runs its own mc-proxy on :443 with
public-facing routes.
- **Recent work:** Route persistence (SQLite), idempotent AddRoute (upsert), - **Recent work:** Route persistence (SQLite), idempotent AddRoute (upsert),
golangci-lint v2 compliance, module path migration to mc/ org. golangci-lint v2 compliance, module path migration to mc/ org.
- **Artifacts:** systemd units (service + backup timer), Docker Compose - **Artifacts:** systemd units (service + backup timer), Docker Compose
@@ -68,7 +72,8 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MCR — Container Registry ### MCR — Container Registry
- **Version:** v1.2.1. All implementation phases complete. - **Version:** v1.3.2 (API v1.2.1, Web v1.3.2). All implementation phases
complete.
- **Phase:** Production. Deployed on rift, serving container images. - **Phase:** Production. Deployed on rift, serving container images.
- **Deployment:** Running on rift as two containers (mcr API + mcr-web), - **Deployment:** Running on rift as two containers (mcr API + mcr-web),
fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and
@@ -81,26 +86,26 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MCAT — Login Policy Tester ### MCAT — Login Policy Tester
- **Version:** v1.1.1. - **Version:** v1.2.0.
- **Phase:** Complete. Diagnostic tool, not core infrastructure. - **Phase:** Production. Deployed on rift as a container managed by MCP.
- **Deployment:** Available for ad-hoc use. Lightweight tool for testing - **Deployment:** Running on rift. Lightweight tool for testing MCIAS login
MCIAS login policy rules. policy rules.
- **Recent work:** Migrated to mcdsl for auth, config, CSRF, and web. - **Recent work:** Migrated to mcdsl for auth, config, CSRF, and web.
- **Artifacts:** systemd unit, install script, example config. - **Artifacts:** systemd unit, install script, example config.
### MCDSL — Standard Library ### MCDSL — Standard Library
- **Version:** v1.4.0. - **Version:** v1.7.0.
- **Phase:** Stable. All 9 packages implemented and tested. Being adopted - **Phase:** Stable. All 9 packages implemented and tested. Being adopted
across the platform. across the platform.
- **Deployment:** N/A (Go library, imported by other services). - **Deployment:** N/A (Go library, imported by other services).
- **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health, - **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health,
archive. archive.
- **Adoption:** All services except mcias on v1.4.0. mcias pending. - **Adoption:** All services except mcias on v1.7.0. mcias pending.
### MCNS — Networking Service ### MCNS — Networking Service
- **Version:** v1.1.1. - **Version:** v1.2.0.
- **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor. - **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor.
- **Deployment:** Running on rift as a container managed by MCP. Serves two - **Deployment:** Running on rift as a container managed by MCP. Serves two
authoritative zones plus upstream forwarding. REST + gRPC APIs with MCIAS authoritative zones plus upstream forwarding. REST + gRPC APIs with MCIAS
@@ -120,14 +125,25 @@ provisioning, and DNS registration). Multi-node deployment is being planned
rendering with syntax highlighting, webhook-driven refresh. rendering with syntax highlighting, webhook-driven refresh.
- **Artifacts:** Dockerfile, MCP service definition. - **Artifacts:** Dockerfile, MCP service definition.
### MCQ — Document Review Queue
- **Version:** v0.4.2.
- **Phase:** Production. Document review queue with MCP server for Claude
integration.
- **Deployment:** Running on rift as a container managed by MCP.
- **Recent work:** Claude MCP server integration, document review workflow.
- **Artifacts:** Dockerfile, MCP service definition.
### MCP — Control Plane ### MCP — Control Plane
- **Version:** v0.7.6. - **Version:** v0.9.0 (agent on rift: v0.8.3-dirty, agent on svc: v0.9.0).
- **Phase:** Production. Phases AD complete. Deployed to rift, managing all - **Phase:** Production. Phases AD complete. Multi-node capable with svc
platform containers. operating as an edge node. V2 architecture in development, Phase E planning
underway.
- **Deployment:** Running on rift. Agent as systemd service under `mcp` user - **Deployment:** Running on rift. Agent as systemd service under `mcp` user
with rootless podman. Manages metacrypt, mc-proxy, mcr, mcns, and mcdoc with rootless podman. Manages metacrypt, mc-proxy, mcr, mcns, mcdoc, mcat,
containers. mcq, and non-platform containers. Svc runs an MCP agent for edge mc-proxy
route management.
- **Architecture:** Two components — `mcp` CLI (thin client on vade) and - **Architecture:** Two components — `mcp` CLI (thin client on vade) and
`mcp-agent` (per-node daemon with SQLite registry, podman management, `mcp-agent` (per-node daemon with SQLite registry, podman management,
monitoring with drift/flap detection, route registration with mc-proxy, monitoring with drift/flap detection, route registration with mc-proxy,
@@ -136,7 +152,7 @@ provisioning, and DNS registration). Multi-node deployment is being planned
- **Recent work:** Phase C (automated TLS cert provisioning), Phase D - **Recent work:** Phase C (automated TLS cert provisioning), Phase D
(automated DNS registration via MCNS), undeploy command, logs command, (automated DNS registration via MCNS), undeploy command, logs command,
edit command, auto-login to MCR, system account auth model, module path edit command, auto-login to MCR, system account auth model, module path
migration. migration, multi-node edge support (svc).
- **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service - **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service
definition files, design docs. definition files, design docs.
@@ -145,6 +161,8 @@ provisioning, and DNS registration). Multi-node deployment is being planned
| Node | Address (LAN) | Address (Tailscale) | Role | | Node | Address (LAN) | Address (Tailscale) | Role |
|------|---------------|---------------------|------| |------|---------------|---------------------|------|
| rift | 192.168.88.181 | 100.95.252.120 | Infrastructure services | | rift | 192.168.88.181 | 100.95.252.120 | Infrastructure services |
| svc | — | 100.106.232.4 | Edge — public mc-proxy, MCIAS (systemd) |
| orion | 192.168.88.214 | — | Worker (provisioned, offline for maintenance) |
## Rift Port Map ## Rift Port Map
@@ -155,12 +173,17 @@ assignments or well-known ports.
| Port | Protocol | Services | | Port | Protocol | Services |
|------|----------|----------| |------|----------|----------|
| 53 | DNS (LAN + Tailscale) | mcns | | 53 | DNS (LAN + Tailscale) | mcns |
| 443 | L7 (TLS termination) | metacrypt-web, mcr-web, mcdoc | | 443 | L7 (TLS termination) | metacrypt-web, mcr-web, mcdoc, mcat, kls |
| 8080 | HTTP (all interfaces) | exod | | 8080 | HTTP (all interfaces) | exod |
| 8443 | L4 (SNI passthrough) | metacrypt API, mcr API | | 8443 | L4 (SNI passthrough) | metacrypt API, mcr API |
| 9090 | HTTP (all interfaces) | exod | | 9090 | HTTP (all interfaces) | exod |
| 9443 | L4 (SNI passthrough) | metacrypt gRPC, mcr gRPC, sgard | | 9443 | L4 (SNI passthrough) | metacrypt gRPC, mcr gRPC, sgard |
| 9091 | HTTP (loopback) | MC-Proxy Prometheus metrics | | 9091 | HTTP (loopback) | MC-Proxy Prometheus metrics |
Non-platform services also running on rift: **exod** (ports 8080/9090), Svc runs its own mc-proxy on :443 (L7) with public-facing routes:
**sgardd** (port 19473, fronted by MC-Proxy on 9443). kls.metacircular.net, mcq.metacircular.net, metacrypt.metacircular.net,
docs.metacircular.net, git.metacircular.net, git.wntrmute.dev.
Non-platform services also running on rift: **exod** (v0.1.0, ports
8080/9090), **sgardd** (v3.2.0, port 19473, fronted by MC-Proxy on 9443),
**kls** (v0.2.0).