mc/metacircular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95bec6a0950789f0d871bcbaf5d4a9b426c36b38
metacircular/STATUS.md
Kyle Isom 95bec6a095 Sync docs/metacircular.md versions and add undeploy capability 
Update version references to match current git tags: MCIAS v1.9.0,
Metacrypt v1.3.1, MCP v0.7.6. Add Phase D (DNS registration) to MCP
status, update RPC/CLI counts, and document undeploy as a first-class
capability. Also sync STATUS.md and packaging-and-deployment.md with
the same version updates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 23:06:24 -07:00

6.8 KiB
Raw Blame History

Metacircular Platform Status

Last updated: 2026-03-28

Platform Overview

One node operational (rift), running core infrastructure services as containers fronted by MC-Proxy. MCIAS runs separately (not on rift). Bootstrap phases 04 complete (MCIAS, Metacrypt, MC-Proxy, MCR all operational). MCP is deployed and managing all platform containers. MCNS is deployed on rift, serving authoritative DNS. Platform evolution Phases AD complete (automated port assignment, route registration, TLS cert provisioning, and DNS registration). Multi-node deployment is being planned (Phase E).

Service Status

Service Version SDLC Phase Deployed Node
MCIAS v1.9.0 Maintenance Yes (separate)
Metacrypt v1.3.1 Production Yes rift
MC-Proxy v1.2.1 Maintenance Yes rift
MCR v1.2.1 Production Yes rift
MCAT v1.1.1 Complete Unknown
MCDSL v1.4.0 Stable N/A (library)
MCNS v1.1.1 Production Yes rift
MCP v0.7.6 Production Yes rift
MCDoc v0.1.0 Active dev No

Service Details

MCIAS — Identity and Access Service

  • Version: v1.9.0 (client library: clients/go/v0.2.0)
  • Phase: Maintenance. Phases 0-14 complete. Feature-complete with active refinement.
  • Deployment: Running in production. All other services authenticate against it.
  • Recent work: WebAuthn/FIDO2 passkeys, TOTP 2FA, service-context login policies, Nix flake for CLI tools.
  • Artifacts: systemd units (service + backup timer), install script, Dockerfile, example configs.

Metacrypt — Cryptographic Service Engine

  • Version: v1.3.1.
  • Phase: Production. All four engine types implemented (CA, SSH CA, transit, user-to-user). Active work on integration test coverage.
  • Deployment: Running on rift as a container, fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and 9443 (gRPC, L4).
  • Recent work: ACME integration tests (60+ tests), mcdsl migration, security audit fixes.
  • Artifacts: systemd units (service + web + backup timer), Docker Compose (standard + rift), install script, example configs.

MC-Proxy — TLS Proxy and Router

  • Version: v1.2.1.
  • Phase: Maintenance. Stable and actively routing traffic on rift.
  • Deployment: Running on rift. Fronts Metacrypt, MCR, and sgard on ports 443, 8443, and 9443. Prometheus metrics on 127.0.0.1:9091. Routes persisted in SQLite and managed via gRPC API.
  • Recent work: MCR route additions, Nix flake, L7 backend cert handling, Prometheus metrics, L7 policies.
  • Artifacts: systemd units (service + backup timer), Docker Compose (standard + rift), install and backup scripts, rift config.

MCR — Container Registry

  • Version: v1.2.1. All implementation phases complete.
  • Phase: Production. Deployed on rift, serving container images.
  • Deployment: Running on rift as two containers (mcr API + mcr-web), fronted by MC-Proxy on ports 443 (web, L7), 8443 (API, L4), and 9443 (gRPC, L4). Metacrypt is already pulling images from MCR.
  • Recent work: Manifest push bug fix (LastInsertId unreliable after upsert), structured slog error logging in OCI handlers, first production deploy, Dockerfile fixes, server wiring, OCI route mounting.
  • Artifacts: systemd units (service + web + backup timer), Dockerfiles (API + web), Docker Compose (rift), install script, rift config.

MCAT — Login Policy Tester

  • Version: v1.1.1.
  • Phase: Complete. Diagnostic tool, not core infrastructure.
  • Deployment: Available for ad-hoc use. Lightweight tool for testing MCIAS login policy rules.
  • Recent work: Migrated to mcdsl for auth, config, CSRF, and web.
  • Artifacts: systemd unit, install script, example config.

MCDSL — Standard Library

  • Version: v1.4.0.
  • Phase: Stable. All 9 packages implemented and tested. Being adopted across the platform.
  • Deployment: N/A (Go library, imported by other services).
  • Packages: auth, db, config, httpserver, grpcserver, csrf, web, health, archive.
  • Adoption: All services except mcias on v1.4.0. mcias pending.

MCNS — Networking Service

  • Version: v1.1.1.
  • Phase: Production. Custom Go DNS server replacing CoreDNS precursor.
  • Deployment: Running on rift as a container managed by MCP. Serves two authoritative zones plus upstream forwarding. REST + gRPC APIs with MCIAS auth and name-scoped system account authorization.
  • Recent work: v1.0.0 implementation (custom Go DNS server), engineering review, deployed to rift replacing CoreDNS.
  • Artifacts: Dockerfile, Docker Compose (rift), MCP service definition, systemd units, install script, example config.

MCP — Control Plane

  • Version: v0.7.6.
  • Phase: Production. Phases AD complete (automated port assignment, route registration, TLS cert provisioning, DNS registration).
  • Deployment: Running on rift. Agent as systemd service under mcp user with rootless podman. Manages metacrypt, mc-proxy, mcr, and mcns containers.
  • Architecture: Two components — mcp CLI (thin client on vade) and mcp-agent (per-node daemon with SQLite registry, podman management, monitoring with drift/flap detection). gRPC-only (no REST). 15 RPCs, 17+ CLI commands.
  • Recent work: Phase C (automated TLS cert provisioning via Metacrypt CA), Phase D (automated DNS registration via MCNS), undeploy command, logs command, edit command, auto-login to MCR, system account auth model.
  • Artifacts: systemd service (NixOS), TLS cert from Metacrypt, service definition files, design docs.

MCDoc — Documentation Server

  • Version: v0.1.0.
  • Phase: Active development.
  • Deployment: Not yet deployed.
  • Description: Documentation server — fetches markdown from Gitea, renders HTML, serves public docs via mc-proxy. No MCIAS auth required.

Node Inventory

Node Address (LAN) Address (Tailscale) Role
rift 192.168.88.181 100.95.252.120 Infrastructure services

Rift Port Map

Note: Services deployed via MCP receive dynamically assigned host ports (1000060000). The ports below are for infrastructure services with static assignments.

Port Protocol Services
53 DNS (LAN + Tailscale) mcns
443 L7 (TLS termination) metacrypt-web, mcr-web
8080 HTTP (all interfaces) exod
8443 L4 (SNI passthrough) metacrypt API, mcr API
9090 HTTP (all interfaces) exod
9443 L4 (SNI passthrough) metacrypt gRPC, mcr gRPC, sgard
9091 HTTP (loopback) MC-Proxy Prometheus metrics

Non-platform services also running on rift: exod (ports 8080/9090), sgardd (port 19473, fronted by MC-Proxy on 9443).

Reference in New Issue View Git Blame Copy Permalink