mc/metacircular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync docs/metacircular.md versions and add undeploy capability

Browse Source 
Update version references to match current git tags: MCIAS v1.9.0,
Metacrypt v1.3.1, MCP v0.7.6. Add Phase D (DNS registration) to MCP
status, update RPC/CLI counts, and document undeploy as a first-class
capability. Also sync STATUS.md and packaging-and-deployment.md with
the same version updates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-28 23:06:24 -07:00
parent faf58ceb72
commit 95bec6a095
2 changed files with 35 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
STATUS.md
View File

@@ -80,7 +80,7 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MCAT — Login Policy Tester ### MCAT — Login Policy Tester
- **Version:** v1.1.0. - **Version:** v1.1.1.
- **Phase:** Complete. Diagnostic tool, not core infrastructure. - **Phase:** Complete. Diagnostic tool, not core infrastructure.
- **Deployment:** Available for ad-hoc use. Lightweight tool for testing - **Deployment:** Available for ad-hoc use. Lightweight tool for testing
MCIAS login policy rules. MCIAS login policy rules.
@@ -89,20 +89,21 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MCDSL — Standard Library ### MCDSL — Standard Library
- **Version:** v1.2.0. - **Version:** v1.4.0.
- **Phase:** Stable. All 9 packages implemented and tested. Being adopted - **Phase:** Stable. All 9 packages implemented and tested. Being adopted
across the platform. across the platform.
- **Deployment:** N/A (Go library, imported by other services). - **Deployment:** N/A (Go library, imported by other services).
- **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health, - **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health,
archive. archive.
- **Adoption:** All services except mcias on v1.2.0. mcias pending. - **Adoption:** All services except mcias on v1.4.0. mcias pending.
### MCNS — Networking Service ### MCNS — Networking Service
- **Version:** v1.1.0. - **Version:** v1.1.1.
- **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor. - **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor.
- **Deployment:** Running on rift as a container managed by MCP. Serves two - **Deployment:** Running on rift as a container managed by MCP. Serves two
authoritative zones plus upstream forwarding. authoritative zones plus upstream forwarding. REST + gRPC APIs with MCIAS
auth and name-scoped system account authorization.
- **Recent work:** v1.0.0 implementation (custom Go DNS server), engineering - **Recent work:** v1.0.0 implementation (custom Go DNS server), engineering
review, deployed to rift replacing CoreDNS. review, deployed to rift replacing CoreDNS.
- **Artifacts:** Dockerfile, Docker Compose (rift), MCP service definition, - **Artifacts:** Dockerfile, Docker Compose (rift), MCP service definition,
@@ -110,29 +111,28 @@ provisioning, and DNS registration). Multi-node deployment is being planned
### MCP — Control Plane ### MCP — Control Plane
- **Version:** v0.3.0. - **Version:** v0.7.6.
- **Phase:** Production. Phases 0-4 complete. Deployed to rift, managing all - **Phase:** Production. Phases AD complete (automated port assignment, route
platform containers. registration, TLS cert provisioning, DNS registration).
- **Deployment:** Running on rift. Agent as systemd service under `mcp` user - **Deployment:** Running on rift. Agent as systemd service under `mcp` user
with rootless podman. Manages metacrypt, mc-proxy, mcr, and mcns containers. with rootless podman. Manages metacrypt, mc-proxy, mcr, and mcns containers.
- **Architecture:** Two components — `mcp` CLI (thin client on vade) and - **Architecture:** Two components — `mcp` CLI (thin client on vade) and
`mcp-agent` (per-node daemon with SQLite registry, podman management, `mcp-agent` (per-node daemon with SQLite registry, podman management,
monitoring with drift/flap detection). gRPC-only (no REST). monitoring with drift/flap detection). gRPC-only (no REST). 15 RPCs, 17+
- **Recent work:** Full v1 implementation (12 RPCs, 15 CLI commands), CLI commands.
deployment to rift, container migration from kyle→mcp user, service - **Recent work:** Phase C (automated TLS cert provisioning via Metacrypt CA),
definition authoring. Phase D (automated DNS registration via MCNS), undeploy command, logs
command, edit command, auto-login to MCR, system account auth model.
- **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service - **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service
definition files, design docs. definition files, design docs.
### MCDeploy — Deployment CLI ### MCDoc — Documentation Server
- **Version:** v0.2.0. - **Version:** v0.1.0.
- **Phase:** Active development. Tactical bridge tool for deploying services - **Phase:** Active development.
while MCP is being built. - **Deployment:** Not yet deployed.
- **Deployment:** N/A (local CLI tool, not a server). - **Description:** Documentation server — fetches markdown from Gitea, renders
- **Recent work:** Initial implementation, Nix flake. HTML, serves public docs via mc-proxy. No MCIAS auth required.
- **Description:** Single-binary CLI that shells out to podman/ssh/scp/git
for build, push, deploy, cert renewal, and status. TOML-configured.
## Node Inventory ## Node Inventory
@@ -142,6 +142,10 @@ provisioning, and DNS registration). Multi-node deployment is being planned
## Rift Port Map ## Rift Port Map
Note: Services deployed via MCP receive dynamically assigned host ports
(1000060000). The ports below are for infrastructure services with static
assignments.
| Port | Protocol | Services | | Port | Protocol | Services |
|------|----------|----------| |------|----------|----------|
| 53 | DNS (LAN + Tailscale) | mcns | | 53 | DNS (LAN + Tailscale) | mcns |

17
docs/metacircular.md
View File

@@ -213,7 +213,7 @@ MCIAS evaluates login policy against the service context, verifies credentials,
and returns a bearer token. The MCIAS Go client library and returns a bearer token. The MCIAS Go client library
(`git.wntrmute.dev/mc/mcias/clients/go`) handles this flow. (`git.wntrmute.dev/mc/mcias/clients/go`) handles this flow.
**Status:** Implemented. v1.8.0. Feature-complete with active refinement **Status:** Implemented. v1.9.0. Feature-complete with active refinement
(WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login policies). (WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login policies).
--- ---
@@ -264,7 +264,7 @@ core.
operations on which engine mounts. Priority-based evaluation, default deny, operations on which engine mounts. Priority-based evaluation, default deny,
admin bypass. See Metacrypt's `POLICY.md` for the full model. admin bypass. See Metacrypt's `POLICY.md` for the full model.
**Status:** Implemented. v1.1.0. All four engine types complete — CA (with ACME **Status:** Implemented. v1.3.1. All four engine types complete — CA (with ACME
support), SSH CA, transit encryption, and user-to-user encryption. support), SSH CA, transit encryption, and user-to-user encryption.
--- ---
@@ -421,6 +421,10 @@ each managed node.
the initial config, pulls the image from MCR, starts the container, and the initial config, pulls the image from MCR, starts the container, and
pushes a DNS update to MCNS (`α.svc.mcp.metacircular.net` → node address). pushes a DNS update to MCNS (`α.svc.mcp.metacircular.net` → node address).
- **Undeploy.** Full teardown of a service. Stops the container, removes
MC-Proxy routes, deletes DNS records from MCNS, and cleans up the service
registry entry. The inverse of deploy.
- **Migrate.** Move a service from one node to another. MCP snapshots the - **Migrate.** Move a service from one node to another. MCP snapshots the
service's `/srv/<service>/` directory on the source node (as a tar.zst service's `/srv/<service>/` directory on the source node (as a tar.zst
image), transfers it to the destination, extracts it, starts the service, image), transfers it to the destination, extracts it, starts the service,
@@ -478,14 +482,15 @@ services it depends on.
can deploy them. The systemd unit files exist as a fallback and for bootstrap — can deploy them. The systemd unit files exist as a fallback and for bootstrap —
the long-term deployment model is MCP-managed containers. the long-term deployment model is MCP-managed containers.
**Status:** Implemented. v0.7.2. Deployed on rift managing all platform **Status:** Implemented. v0.7.6. Deployed on rift managing all platform
containers. Route declarations with automatic port allocation (`$PORT` / containers. Route declarations with automatic port allocation (`$PORT` /
`$PORT_<NAME>` env vars passed to containers). MC-Proxy route registration `$PORT_<NAME>` env vars passed to containers). MC-Proxy route registration
during deploy and stop. Automated TLS cert provisioning for L7 routes via during deploy and stop. Automated TLS cert provisioning for L7 routes via
Metacrypt CA (Phase C). Two components — `mcp` CLI (operator workstation) and Metacrypt CA (Phase C). Automated DNS registration in MCNS during deploy
and stop (Phase D). Two components — `mcp` CLI (operator workstation) and
`mcp-agent` (per-node daemon with SQLite registry, rootless Podman, `mcp-agent` (per-node daemon with SQLite registry, rootless Podman,
monitoring with drift/flap detection). gRPC-only (no REST). 12+ RPCs, monitoring with drift/flap detection). gRPC-only (no REST). 15 RPCs,
15+ CLI commands. 17+ CLI commands.
--- ---