mc/metacircular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25ee89455a705b4e2f159d783c821f572aea058c
metacircular/STATUS.md
Kyle Isom 4f1c7e870e Sync STATUS.md: MC-Proxy v1.2.1, MCP v0.4.0, add MCDoc 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 14:55:35 -07:00

168 lines
7.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Metacircular Platform Status
Last updated: 2026-03-27
## Platform Overview
One node operational (**rift**), running core infrastructure services as
containers fronted by MC-Proxy. MCIAS runs separately (not on rift).
Bootstrap phases 04 complete (MCIAS, Metacrypt, MC-Proxy, MCR all
operational). MCP is deployed and managing all platform containers. MCNS is
deployed on rift, serving authoritative DNS.
## Service Status
| Service | Version | SDLC Phase | Deployed | Node |
|---------|---------|------------|----------|------|
| MCIAS | v1.8.0 | Maintenance | Yes | (separate) |
| Metacrypt | v1.1.0 | Production | Yes | rift |
| MC-Proxy | v1.2.1 | Maintenance | Yes | rift |
| MCR | v1.2.0 | Production | Yes | rift |
| MCAT | v1.1.0 | Complete | Unknown | — |
| MCDSL | v1.2.0 | Stable | N/A (library) | — |
| MCNS | v1.1.0 | Production | Yes | rift |
| MCDoc | v0.1.0 | Production | Yes | rift |
| MCP | v0.4.0 | Production | Yes | rift |
| MCDeploy | v0.2.0 | Active dev | N/A (CLI tool) | — |
## Service Details
### MCIAS — Identity and Access Service
- **Version:** v1.8.0 (client library: clients/go/v0.2.0)
- **Phase:** Maintenance. Phases 0-14 complete. Feature-complete with active
refinement.
- **Deployment:** Running in production. All other services authenticate
against it.
- **Recent work:** WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login
policies, Nix flake for CLI tools.
- **Artifacts:** systemd units (service + backup timer), install script,
Dockerfile, example configs.
### Metacrypt — Cryptographic Service Engine
- **Version:** v1.1.0.
- **Phase:** Production. All four engine types implemented (CA, SSH CA, transit,
user-to-user). Active work on integration test coverage.
- **Deployment:** Running on rift as a container, fronted by MC-Proxy on
ports 443 (web, L7), 8443 (API, L4), and 9443 (gRPC, L4).
- **Recent work:** ACME integration tests (60+ tests), mcdsl migration,
security audit fixes.
- **Artifacts:** systemd units (service + web + backup timer), Docker Compose
(standard + rift), install script, example configs.
### MC-Proxy — TLS Proxy and Router
- **Version:** v1.2.1.
- **Phase:** Maintenance. Stable and actively routing traffic on rift.
- **Deployment:** Running on rift. Fronts Metacrypt, MCR, and sgard on ports
443, 8443, and 9443. Prometheus metrics on 127.0.0.1:9091.
- **Recent work:** Route persistence (SQLite), idempotent AddRoute (upsert),
golangci-lint v2 compliance, module path migration to mc/ org.
- **Artifacts:** systemd units (service + backup timer), Docker Compose
(standard + rift), install and backup scripts, rift config.
### MCR — Container Registry
- **Version:** v1.2.0. All implementation phases complete.
- **Phase:** Production. Deployed on rift, serving container images.
- **Deployment:** Running on rift as two containers (mcr API + mcr-web),
fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and
9443 (gRPC, L4). Metacrypt is already pulling images from MCR.
- **Recent work:** Manifest push bug fix (LastInsertId unreliable after
upsert), structured slog error logging in OCI handlers, first production
deploy, Dockerfile fixes, server wiring, OCI route mounting.
- **Artifacts:** systemd units (service + web + backup timer), Dockerfiles
(API + web), Docker Compose (rift), install script, rift config.
### MCAT — Login Policy Tester
- **Version:** v1.1.0.
- **Phase:** Complete. Diagnostic tool, not core infrastructure.
- **Deployment:** Available for ad-hoc use. Lightweight tool for testing
MCIAS login policy rules.
- **Recent work:** Migrated to mcdsl for auth, config, CSRF, and web.
- **Artifacts:** systemd unit, install script, example config.
### MCDSL — Standard Library
- **Version:** v1.2.0.
- **Phase:** Stable. All 9 packages implemented and tested. Being adopted
across the platform.
- **Deployment:** N/A (Go library, imported by other services).
- **Packages:** auth, db, config, httpserver, grpcserver, csrf, web, health,
archive.
- **Adoption:** All services except mcias on v1.2.0. mcias pending.
### MCNS — Networking Service
- **Version:** v1.1.0.
- **Phase:** Production. Custom Go DNS server replacing CoreDNS precursor.
- **Deployment:** Running on rift as a container managed by MCP. Serves two
authoritative zones plus upstream forwarding.
- **Recent work:** v1.0.0 implementation (custom Go DNS server), engineering
review, deployed to rift replacing CoreDNS.
- **Artifacts:** Dockerfile, Docker Compose (rift), MCP service definition,
systemd units, install script, example config.
### MCDoc — Documentation Server
- **Version:** v0.1.0.
- **Phase:** Production. Fetches and renders markdown documentation from Gitea.
- **Deployment:** Running on rift as a container, fronted by MC-Proxy on
port 443 (L7).
- **Recent work:** Initial implementation, Gitea content fetching, goldmark
rendering with syntax highlighting, webhook-driven refresh.
- **Artifacts:** Dockerfile, MCP service definition.
### MCP — Control Plane
- **Version:** v0.4.0.
- **Phase:** Production. Phases 0-4 complete. Phase C (automated TLS cert
provisioning) implemented. Deployed to rift, managing all platform containers.
- **Deployment:** Running on rift. Agent as systemd service under `mcp` user
with rootless podman. Manages metacrypt, mc-proxy, mcr, and mcns containers.
- **Architecture:** Two components — `mcp` CLI (thin client on vade) and
`mcp-agent` (per-node daemon with SQLite registry, podman management,
monitoring with drift/flap detection, route registration with mc-proxy during
deploy/stop, automated TLS cert provisioning for L7 routes via Metacrypt CA).
gRPC-only (no REST).
- **Recent work:** Full v1 implementation (12 RPCs, 15 CLI commands),
deployment to rift, container migration from kyle→mcp user, service
definition authoring. Phase C automated TLS cert provisioning for L7 routes,
mc-proxy route registration during deploy, mc-proxy dependency updated to
v1.2.0, module path migration.
- **Artifacts:** systemd service (NixOS), TLS cert from Metacrypt, service
definition files, design docs.
### MCDeploy — Deployment CLI
- **Version:** v0.2.0.
- **Phase:** Active development. Tactical bridge tool for deploying services
while MCP is being built.
- **Deployment:** N/A (local CLI tool, not a server).
- **Recent work:** Initial implementation, Nix flake.
- **Description:** Single-binary CLI that shells out to podman/ssh/scp/git
for build, push, deploy, cert renewal, and status. TOML-configured.
## Node Inventory
| Node | Address (LAN) | Address (Tailscale) | Role |
|------|---------------|---------------------|------|
| rift | 192.168.88.181 | 100.95.252.120 | Infrastructure services |
## Rift Port Map
| Port | Protocol | Services |
|------|----------|----------|
| 53 | DNS (LAN + Tailscale) | mcns |
| 443 | L7 (TLS termination) | metacrypt-web, mcr-web |
| 8080 | HTTP (all interfaces) | exod |
| 8443 | L4 (SNI passthrough) | metacrypt API, mcr API |
| 9090 | HTTP (all interfaces) | exod |
| 9443 | L4 (SNI passthrough) | metacrypt gRPC, mcr gRPC, sgard |
| 9091 | HTTP (loopback) | MC-Proxy Prometheus metrics |
Non-platform services also running on rift: **exod** (ports 8080/9090),
**sgardd** (port 19473, fronted by MC-Proxy on 9443).
Reference in New Issue View Git Blame Copy Permalink