Migrate module path from kyle/ to mc/ org

All import paths updated to git.wntrmute.dev/mc/. Bumps mcdsl to v1.2.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 02:05:59 -07:00
parent 5401181bde
commit bd132cc3cb
105 changed files with 235 additions and 237 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project Overview

-Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/kyle/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs
+Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/mc/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs

 ## Build & Test Commands

--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -425,7 +425,7 @@ issues scoped intermediate CAs ("issuers"), which in turn issue leaf
 certificates.

 Certificate generation uses the `certgen` package from
-`git.wntrmute.dev/kyle/goutils/certlib/certgen`.
+`git.wntrmute.dev/mc/goutils/certlib/certgen`.

 #### Lifecycle

--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project Overview

-Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/kyle/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs
+Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/mc/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs

 ## Build & Test Commands

--- a/8
+++ b/8
@@ -5,11 +5,11 @@ LDFLAGS := -trimpath -ldflags="-s -w -X main.version=$(shell git describe --tags
 binaries: metacrypt metacrypt-web

 proto:
-	protoc --go_out=. --go_opt=module=git.wntrmute.dev/kyle/metacrypt \
-		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/kyle/metacrypt \
+	protoc --go_out=. --go_opt=module=git.wntrmute.dev/mc/metacrypt \
+		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/mc/metacrypt \
 		proto/metacrypt/v1/*.proto
-	protoc --go_out=. --go_opt=module=git.wntrmute.dev/kyle/metacrypt \
-		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/kyle/metacrypt \
+	protoc --go_out=. --go_opt=module=git.wntrmute.dev/mc/metacrypt \
+		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/mc/metacrypt \
 		proto/metacrypt/v2/*.proto

 metacrypt:
--- a/PKI-ENGINE-PLAN.md
+++ b/PKI-ENGINE-PLAN.md
@@ -4,14 +4,14 @@

 Metacrypt needs its first concrete engine implementation: the CA (PKI) engine. This provides X.509 certificate issuance for Metacircular infrastructure. A single root CA issues scoped intermediate CAs ("issuers"), which in turn issue leaf certificates. An unauthenticated public API serves CA/issuer certificates to allow systems to bootstrap TLS trust.

-Certificate generation uses the `certgen` package from `git.wntrmute.dev/kyle/goutils/certlib/certgen`.
+Certificate generation uses the `certgen` package from `git.wntrmute.dev/mc/goutils/certlib/certgen`.

 ## Implementation Order

 ### Step 1: Add goutils dependency

 **File: `go.mod`**
- Add `git.wntrmute.dev/kyle/goutils` with local replace directive (same pattern as mcias)
+- Add `git.wntrmute.dev/mc/goutils` with local replace directive (same pattern as mcias)
 - Run `go mod tidy`

 ### Step 2: Update engine framework
@@ -150,7 +150,7 @@ engine/ca/{mount}/certs/{serial_hex}.json
 ### Step 7: Register CA factory

 **File: `cmd/metacrypt/server.go`**
- Import `git.wntrmute.dev/kyle/metacrypt/internal/engine/ca`
+- Import `git.wntrmute.dev/mc/metacrypt/internal/engine/ca`
 - After creating `engineRegistry`, call `engineRegistry.RegisterFactory(engine.EngineTypeCA, ca.NewCAEngine)`

 ### Step 8: Tests
--- a/PROJECT.md
+++ b/PROJECT.md
@@ -8,7 +8,7 @@ It should have a data model similar to what hashicorp vault does, in that it wil

 The first step is to build out the basic framework for the application, to include login, unsealing, and the encrypted barrier.

-We will be using Go as the main language. The MCIAS client library (git.wntrmute.dev/kyle/mcias/clients/go) is used for authentication. Use 256-bit symmetric keys and Ed25519/Curve25519 or NIST P-521 where appropriate for public key algorithms. Use Argon2 for password hashing.
+We will be using Go as the main language. The MCIAS client library (git.wntrmute.dev/mc/mcias/clients/go) is used for authentication. Use 256-bit symmetric keys and Ed25519/Curve25519 or NIST P-521 where appropriate for public key algorithms. Use Argon2 for password hashing.

 It will need a gRPC and JSON REST API, as well as a web frontend.

--- a/clients/go/go.mod
+++ b/clients/go/go.mod
@@ -1,4 +1,4 @@
-module git.wntrmute.dev/kyle/metacrypt/clients/go
+module git.wntrmute.dev/mc/metacrypt/clients/go

 go 1.25.0

--- a/clients/go/go.sum
+++ b/clients/go/go.sum
@@ -1,2 +0,0 @@
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
--- a/cmd/metacrypt-web/main.go
+++ b/cmd/metacrypt-web/main.go
@@ -13,8 +13,8 @@ import (

 	"github.com/spf13/cobra"

-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/webserver"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/webserver"
 )

 var cfgFile string
--- a/cmd/metacrypt/init.go
+++ b/cmd/metacrypt/init.go
@@ -10,11 +10,11 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 var initCmd = &cobra.Command{
--- a/cmd/metacrypt/migrate_aad.go
+++ b/cmd/metacrypt/migrate_aad.go
@@ -10,9 +10,9 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var migrateAADCmd = &cobra.Command{
--- a/cmd/metacrypt/migrate_barrier.go
+++ b/cmd/metacrypt/migrate_barrier.go
@@ -10,10 +10,10 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var migrateBarrierCmd = &cobra.Command{
--- a/cmd/metacrypt/server.go
+++ b/cmd/metacrypt/server.go
@@ -10,20 +10,20 @@ import (

 	"github.com/spf13/cobra"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/transit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/user"
-	"git.wntrmute.dev/kyle/metacrypt/internal/grpcserver"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
-	"git.wntrmute.dev/kyle/metacrypt/internal/server"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/transit"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/user"
+	"git.wntrmute.dev/mc/metacrypt/internal/grpcserver"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/server"
 )

 var serverCmd = &cobra.Command{
--- a/cmd/metacrypt/snapshot.go
+++ b/cmd/metacrypt/snapshot.go
@@ -5,9 +5,9 @@ import (

 	"github.com/spf13/cobra"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var snapshotCmd = &cobra.Command{
--- a/cmd/metacrypt/unseal.go
+++ b/cmd/metacrypt/unseal.go
@@ -15,7 +15,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"

-	metacryptv1 "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
+	metacryptv1 "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1"
 )

 var unsealCmd = &cobra.Command{
--- a/docs/engineering-standards.md
+++ b/docs/engineering-standards.md
@@ -138,7 +138,7 @@ but the top-level skeleton is fixed.
 Services hosted on `git.wntrmute.dev` use:

 ```
-git.wntrmute.dev/kyle/<service>
+git.wntrmute.dev/mc/<service>
 ```

 ---
@@ -251,7 +251,7 @@ Access Service). No service maintains its own user database.

 - Client sends credentials to the service's `/v1/auth/login` endpoint.
 - The service forwards them to MCIAS via the client library
-  (`git.wntrmute.dev/kyle/mcias/clients/go`).
+  (`git.wntrmute.dev/mc/mcias/clients/go`).
 - On success, MCIAS returns a bearer token. The service returns it to the
  client and optionally sets it as a cookie for the web UI.
 - Subsequent requests include the token via `Authorization: Bearer <token>`
--- a/gen/metacrypt/v1/acme.pb.go
+++ b/gen/metacrypt/v1/acme.pb.go
@@ -600,7 +600,7 @@ const file_proto_metacrypt_v1_acme_proto_rawDesc = "" +
 	"\tSetConfig\x12\x1e.metacrypt.v1.SetConfigRequest\x1a\x1f.metacrypt.v1.SetConfigResponse\x12U\n" +
 	"\fListAccounts\x12!.metacrypt.v1.ListAccountsRequest\x1a\".metacrypt.v1.ListAccountsResponse\x12O\n" +
 	"\n" +
-	"ListOrders\x12\x1f.metacrypt.v1.ListOrdersRequest\x1a .metacrypt.v1.ListOrdersResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"ListOrders\x12\x1f.metacrypt.v1.ListOrdersRequest\x1a .metacrypt.v1.ListOrdersResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_acme_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/auth.pb.go
+++ b/gen/metacrypt/v1/auth.pb.go
@@ -324,7 +324,7 @@ const file_proto_metacrypt_v1_auth_proto_rawDesc = "" +
 	"\vAuthService\x12@\n" +
 	"\x05Login\x12\x1a.metacrypt.v1.LoginRequest\x1a\x1b.metacrypt.v1.LoginResponse\x12C\n" +
 	"\x06Logout\x12\x1b.metacrypt.v1.LogoutRequest\x1a\x1c.metacrypt.v1.LogoutResponse\x12L\n" +
-	"\tTokenInfo\x12\x1e.metacrypt.v1.TokenInfoRequest\x1a\x1f.metacrypt.v1.TokenInfoResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\tTokenInfo\x12\x1e.metacrypt.v1.TokenInfoRequest\x1a\x1f.metacrypt.v1.TokenInfoResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_auth_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/barrier.pb.go
+++ b/gen/metacrypt/v1/barrier.pb.go
@@ -455,7 +455,7 @@ const file_proto_metacrypt_v1_barrier_proto_rawDesc = "" +
 	"\bListKeys\x12\x1d.metacrypt.v1.ListKeysRequest\x1a\x1e.metacrypt.v1.ListKeysResponse\x12L\n" +
 	"\tRotateMEK\x12\x1e.metacrypt.v1.RotateMEKRequest\x1a\x1f.metacrypt.v1.RotateMEKResponse\x12L\n" +
 	"\tRotateKey\x12\x1e.metacrypt.v1.RotateKeyRequest\x1a\x1f.metacrypt.v1.RotateKeyResponse\x12T\n" +
-	"\aMigrate\x12#.metacrypt.v1.MigrateBarrierRequest\x1a$.metacrypt.v1.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\aMigrate\x12#.metacrypt.v1.MigrateBarrierRequest\x1a$.metacrypt.v1.MigrateBarrierResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_barrier_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/common.pb.go
+++ b/gen/metacrypt/v1/common.pb.go
@@ -24,7 +24,7 @@ var File_proto_metacrypt_v1_common_proto protoreflect.FileDescriptor

 const file_proto_metacrypt_v1_common_proto_rawDesc = "" +
 	"\n" +
-	"\x1fproto/metacrypt/v1/common.proto\x12\fmetacrypt.v1B>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\x1fproto/metacrypt/v1/common.proto\x12\fmetacrypt.v1B>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var file_proto_metacrypt_v1_common_proto_goTypes = []any{}
 var file_proto_metacrypt_v1_common_proto_depIdxs = []int32{
--- a/gen/metacrypt/v1/engine.pb.go
+++ b/gen/metacrypt/v1/engine.pb.go
@@ -483,7 +483,7 @@ const file_proto_metacrypt_v1_engine_proto_rawDesc = "" +
 	"\aUnmount\x12\x1c.metacrypt.v1.UnmountRequest\x1a\x1d.metacrypt.v1.UnmountResponse\x12O\n" +
 	"\n" +
 	"ListMounts\x12\x1f.metacrypt.v1.ListMountsRequest\x1a .metacrypt.v1.ListMountsResponse\x12F\n" +
-	"\aExecute\x12\x1c.metacrypt.v1.ExecuteRequest\x1a\x1d.metacrypt.v1.ExecuteResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\aExecute\x12\x1c.metacrypt.v1.ExecuteRequest\x1a\x1d.metacrypt.v1.ExecuteResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_engine_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/pki.pb.go
+++ b/gen/metacrypt/v1/pki.pb.go
@@ -324,7 +324,7 @@ const file_proto_metacrypt_v1_pki_proto_rawDesc = "" +
 	"PKIService\x12R\n" +
 	"\vGetRootCert\x12 .metacrypt.v1.GetRootCertRequest\x1a!.metacrypt.v1.GetRootCertResponse\x12I\n" +
 	"\bGetChain\x12\x1d.metacrypt.v1.GetChainRequest\x1a\x1e.metacrypt.v1.GetChainResponse\x12X\n" +
-	"\rGetIssuerCert\x12\".metacrypt.v1.GetIssuerCertRequest\x1a#.metacrypt.v1.GetIssuerCertResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\rGetIssuerCert\x12\".metacrypt.v1.GetIssuerCertRequest\x1a#.metacrypt.v1.GetIssuerCertResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_pki_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/policy.pb.go
+++ b/gen/metacrypt/v1/policy.pb.go
@@ -481,7 +481,7 @@ const file_proto_metacrypt_v1_policy_proto_rawDesc = "" +
 	"\fCreatePolicy\x12!.metacrypt.v1.CreatePolicyRequest\x1a\".metacrypt.v1.CreatePolicyResponse\x12U\n" +
 	"\fListPolicies\x12!.metacrypt.v1.ListPoliciesRequest\x1a\".metacrypt.v1.ListPoliciesResponse\x12L\n" +
 	"\tGetPolicy\x12\x1e.metacrypt.v1.GetPolicyRequest\x1a\x1f.metacrypt.v1.GetPolicyResponse\x12U\n" +
-	"\fDeletePolicy\x12!.metacrypt.v1.DeletePolicyRequest\x1a\".metacrypt.v1.DeletePolicyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\fDeletePolicy\x12!.metacrypt.v1.DeletePolicyRequest\x1a\".metacrypt.v1.DeletePolicyResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_policy_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/system.pb.go
+++ b/gen/metacrypt/v1/system.pb.go
@@ -380,7 +380,7 @@ const file_proto_metacrypt_v1_system_proto_rawDesc = "" +
 	"\x06Status\x12\x1b.metacrypt.v1.StatusRequest\x1a\x1c.metacrypt.v1.StatusResponse\x12=\n" +
 	"\x04Init\x12\x19.metacrypt.v1.InitRequest\x1a\x1a.metacrypt.v1.InitResponse\x12C\n" +
 	"\x06Unseal\x12\x1b.metacrypt.v1.UnsealRequest\x1a\x1c.metacrypt.v1.UnsealResponse\x12=\n" +
-	"\x04Seal\x12\x19.metacrypt.v1.SealRequest\x1a\x1a.metacrypt.v1.SealResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\x04Seal\x12\x19.metacrypt.v1.SealRequest\x1a\x1a.metacrypt.v1.SealResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_system_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/acme.pb.go
+++ b/gen/metacrypt/v2/acme.pb.go
@@ -592,7 +592,7 @@ const file_proto_metacrypt_v2_acme_proto_rawDesc = "" +
 	"\tSetConfig\x12\x1e.metacrypt.v2.SetConfigRequest\x1a\x1f.metacrypt.v2.SetConfigResponse\x12U\n" +
 	"\fListAccounts\x12!.metacrypt.v2.ListAccountsRequest\x1a\".metacrypt.v2.ListAccountsResponse\x12O\n" +
 	"\n" +
-	"ListOrders\x12\x1f.metacrypt.v2.ListOrdersRequest\x1a .metacrypt.v2.ListOrdersResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"ListOrders\x12\x1f.metacrypt.v2.ListOrdersRequest\x1a .metacrypt.v2.ListOrdersResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_acme_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/auth.pb.go
+++ b/gen/metacrypt/v2/auth.pb.go
@@ -325,7 +325,7 @@ const file_proto_metacrypt_v2_auth_proto_rawDesc = "" +
 	"\vAuthService\x12@\n" +
 	"\x05Login\x12\x1a.metacrypt.v2.LoginRequest\x1a\x1b.metacrypt.v2.LoginResponse\x12C\n" +
 	"\x06Logout\x12\x1b.metacrypt.v2.LogoutRequest\x1a\x1c.metacrypt.v2.LogoutResponse\x12L\n" +
-	"\tTokenInfo\x12\x1e.metacrypt.v2.TokenInfoRequest\x1a\x1f.metacrypt.v2.TokenInfoResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\tTokenInfo\x12\x1e.metacrypt.v2.TokenInfoRequest\x1a\x1f.metacrypt.v2.TokenInfoResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_auth_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/barrier.pb.go
+++ b/gen/metacrypt/v2/barrier.pb.go
@@ -455,7 +455,7 @@ const file_proto_metacrypt_v2_barrier_proto_rawDesc = "" +
 	"\bListKeys\x12\x1d.metacrypt.v2.ListKeysRequest\x1a\x1e.metacrypt.v2.ListKeysResponse\x12L\n" +
 	"\tRotateMEK\x12\x1e.metacrypt.v2.RotateMEKRequest\x1a\x1f.metacrypt.v2.RotateMEKResponse\x12L\n" +
 	"\tRotateKey\x12\x1e.metacrypt.v2.RotateKeyRequest\x1a\x1f.metacrypt.v2.RotateKeyResponse\x12T\n" +
-	"\aMigrate\x12#.metacrypt.v2.MigrateBarrierRequest\x1a$.metacrypt.v2.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\aMigrate\x12#.metacrypt.v2.MigrateBarrierRequest\x1a$.metacrypt.v2.MigrateBarrierResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_barrier_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/ca.pb.go
+++ b/gen/metacrypt/v2/ca.pb.go
@@ -2075,7 +2075,7 @@ const file_proto_metacrypt_v2_ca_proto_rawDesc = "" +
 	"\n" +
 	"RevokeCert\x12\x1f.metacrypt.v2.RevokeCertRequest\x1a .metacrypt.v2.RevokeCertResponse\x12O\n" +
 	"\n" +
-	"DeleteCert\x12\x1f.metacrypt.v2.DeleteCertRequest\x1a .metacrypt.v2.DeleteCertResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"DeleteCert\x12\x1f.metacrypt.v2.DeleteCertRequest\x1a .metacrypt.v2.DeleteCertResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_ca_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/common.pb.go
+++ b/gen/metacrypt/v2/common.pb.go
@@ -24,7 +24,7 @@ var File_proto_metacrypt_v2_common_proto protoreflect.FileDescriptor

 const file_proto_metacrypt_v2_common_proto_rawDesc = "" +
 	"\n" +
-	"\x1fproto/metacrypt/v2/common.proto\x12\fmetacrypt.v2B>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x1fproto/metacrypt/v2/common.proto\x12\fmetacrypt.v2B>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var file_proto_metacrypt_v2_common_proto_goTypes = []any{}
 var file_proto_metacrypt_v2_common_proto_depIdxs = []int32{
--- a/gen/metacrypt/v2/engine.pb.go
+++ b/gen/metacrypt/v2/engine.pb.go
@@ -366,7 +366,7 @@ const file_proto_metacrypt_v2_engine_proto_rawDesc = "" +
 	"\x05Mount\x12\x1a.metacrypt.v2.MountRequest\x1a\x1b.metacrypt.v2.MountResponse\x12F\n" +
 	"\aUnmount\x12\x1c.metacrypt.v2.UnmountRequest\x1a\x1d.metacrypt.v2.UnmountResponse\x12O\n" +
 	"\n" +
-	"ListMounts\x12\x1f.metacrypt.v2.ListMountsRequest\x1a .metacrypt.v2.ListMountsResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"ListMounts\x12\x1f.metacrypt.v2.ListMountsRequest\x1a .metacrypt.v2.ListMountsResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_engine_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/pki.pb.go
+++ b/gen/metacrypt/v2/pki.pb.go
@@ -426,7 +426,7 @@ const file_proto_metacrypt_v2_pki_proto_rawDesc = "" +
 	"\vGetRootCert\x12 .metacrypt.v2.GetRootCertRequest\x1a!.metacrypt.v2.GetRootCertResponse\x12I\n" +
 	"\bGetChain\x12\x1d.metacrypt.v2.GetChainRequest\x1a\x1e.metacrypt.v2.GetChainResponse\x12X\n" +
 	"\rGetIssuerCert\x12\".metacrypt.v2.GetIssuerCertRequest\x1a#.metacrypt.v2.GetIssuerCertResponse\x12C\n" +
-	"\x06GetCRL\x12\x1b.metacrypt.v2.GetCRLRequest\x1a\x1c.metacrypt.v2.GetCRLResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x06GetCRL\x12\x1b.metacrypt.v2.GetCRLRequest\x1a\x1c.metacrypt.v2.GetCRLResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_pki_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/policy.pb.go
+++ b/gen/metacrypt/v2/policy.pb.go
@@ -481,7 +481,7 @@ const file_proto_metacrypt_v2_policy_proto_rawDesc = "" +
 	"\fCreatePolicy\x12!.metacrypt.v2.CreatePolicyRequest\x1a\".metacrypt.v2.CreatePolicyResponse\x12U\n" +
 	"\fListPolicies\x12!.metacrypt.v2.ListPoliciesRequest\x1a\".metacrypt.v2.ListPoliciesResponse\x12L\n" +
 	"\tGetPolicy\x12\x1e.metacrypt.v2.GetPolicyRequest\x1a\x1f.metacrypt.v2.GetPolicyResponse\x12U\n" +
-	"\fDeletePolicy\x12!.metacrypt.v2.DeletePolicyRequest\x1a\".metacrypt.v2.DeletePolicyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\fDeletePolicy\x12!.metacrypt.v2.DeletePolicyRequest\x1a\".metacrypt.v2.DeletePolicyResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_policy_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/sshca.pb.go
+++ b/gen/metacrypt/v2/sshca.pb.go
@@ -1919,7 +1919,7 @@ const file_proto_metacrypt_v2_sshca_proto_rawDesc = "" +
 	"RevokeCert\x12\".metacrypt.v2.SSHRevokeCertRequest\x1a#.metacrypt.v2.SSHRevokeCertResponse\x12U\n" +
 	"\n" +
 	"DeleteCert\x12\".metacrypt.v2.SSHDeleteCertRequest\x1a#.metacrypt.v2.SSHDeleteCertResponse\x12I\n" +
-	"\x06GetKRL\x12\x1e.metacrypt.v2.SSHGetKRLRequest\x1a\x1f.metacrypt.v2.SSHGetKRLResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x06GetKRL\x12\x1e.metacrypt.v2.SSHGetKRLRequest\x1a\x1f.metacrypt.v2.SSHGetKRLResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_sshca_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/system.pb.go
+++ b/gen/metacrypt/v2/system.pb.go
@@ -380,7 +380,7 @@ const file_proto_metacrypt_v2_system_proto_rawDesc = "" +
 	"\x06Status\x12\x1b.metacrypt.v2.StatusRequest\x1a\x1c.metacrypt.v2.StatusResponse\x12=\n" +
 	"\x04Init\x12\x19.metacrypt.v2.InitRequest\x1a\x1a.metacrypt.v2.InitResponse\x12C\n" +
 	"\x06Unseal\x12\x1b.metacrypt.v2.UnsealRequest\x1a\x1c.metacrypt.v2.UnsealResponse\x12=\n" +
-	"\x04Seal\x12\x19.metacrypt.v2.SealRequest\x1a\x1a.metacrypt.v2.SealResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x04Seal\x12\x19.metacrypt.v2.SealRequest\x1a\x1a.metacrypt.v2.SealResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_system_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/transit.pb.go
+++ b/gen/metacrypt/v2/transit.pb.go
@@ -2075,7 +2075,7 @@ const file_proto_metacrypt_v2_transit_proto_rawDesc = "" +
 	"\x04Sign\x12 .metacrypt.v2.TransitSignRequest\x1a!.metacrypt.v2.TransitSignResponse\x12Q\n" +
 	"\x06Verify\x12\".metacrypt.v2.TransitVerifyRequest\x1a#.metacrypt.v2.TransitVerifyResponse\x12K\n" +
 	"\x04Hmac\x12 .metacrypt.v2.TransitHmacRequest\x1a!.metacrypt.v2.TransitHmacResponse\x12c\n" +
-	"\fGetPublicKey\x12(.metacrypt.v2.GetTransitPublicKeyRequest\x1a).metacrypt.v2.GetTransitPublicKeyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\fGetPublicKey\x12(.metacrypt.v2.GetTransitPublicKeyRequest\x1a).metacrypt.v2.GetTransitPublicKeyResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_transit_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/user.pb.go
+++ b/gen/metacrypt/v2/user.pb.go
@@ -1023,7 +1023,7 @@ const file_proto_metacrypt_v2_user_proto_rawDesc = "" +
 	"\tReEncrypt\x12\".metacrypt.v2.UserReEncryptRequest\x1a#.metacrypt.v2.UserReEncryptResponse\x12T\n" +
 	"\tRotateKey\x12\".metacrypt.v2.UserRotateKeyRequest\x1a#.metacrypt.v2.UserRotateKeyResponse\x12W\n" +
 	"\n" +
-	"DeleteUser\x12#.metacrypt.v2.UserDeleteUserRequest\x1a$.metacrypt.v2.UserDeleteUserResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"DeleteUser\x12#.metacrypt.v2.UserDeleteUserRequest\x1a$.metacrypt.v2.UserDeleteUserResponseB>Z<git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_user_proto_rawDescOnce sync.Once
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
-module git.wntrmute.dev/kyle/metacrypt
+module git.wntrmute.dev/mc/metacrypt

 go 1.25.7

 require (
 	git.wntrmute.dev/kyle/goutils v1.21.0
-	git.wntrmute.dev/kyle/mcdsl v1.1.0
+	git.wntrmute.dev/mc/mcdsl v1.2.0
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/viper v1.21.0
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 git.wntrmute.dev/kyle/goutils v1.21.0 h1:ZR7ovV400hsF09zc8tkdHs6vyen8TDJ7flong/dnFXM=
 git.wntrmute.dev/kyle/goutils v1.21.0/go.mod h1:JQ8NL5lHSEYl719UMf20p4G1ei70RVGma0hjjNXCR2c=
-git.wntrmute.dev/kyle/mcdsl v1.1.0 h1:NXfEXRtaCRPNjCbqqgU7L2SgDAZkQn9kd40xJDgxnns=
-git.wntrmute.dev/kyle/mcdsl v1.1.0/go.mod h1:wo0tGfUAxci3XnOe4/rFmR0RjUElKdYUazc+Np986sg=
+git.wntrmute.dev/mc/mcdsl v1.2.0 h1:41hep7/PNZJfN0SN/nM+rQpyF1GSZcvNNjyVG81DI7U=
+git.wntrmute.dev/mc/mcdsl v1.2.0/go.mod h1:lXYrAt74ZUix6rx9oVN8d2zH1YJoyp4uxPVKQ+SSxuM=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
--- a/internal/acme/handlers.go
+++ b/internal/acme/handlers.go
@@ -14,7 +14,7 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // directoryResponse is the ACME directory object (RFC 8555 §7.1.1).
--- a/internal/acme/helpers_test.go
+++ b/internal/acme/helpers_test.go
@@ -20,7 +20,7 @@ import (
 	"testing"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/acme/server.go
+++ b/internal/acme/server.go
@@ -9,8 +9,8 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // Handler implements the ACME protocol for a single CA mount.
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 	"log/slog"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
 )

 // TokenInfo is an alias for the mcdsl auth.TokenInfo type.
--- a/internal/barrier/barrier.go
+++ b/internal/barrier/barrier.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"

-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
 )

 var (
--- a/internal/barrier/barrier_test.go
+++ b/internal/barrier/barrier_test.go
@@ -6,8 +6,8 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupBarrier(t *testing.T) (*AESGCMBarrier, func()) {
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -4,8 +4,8 @@ package config
 import (
 	"fmt"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
-	mcdslconfig "git.wntrmute.dev/kyle/mcdsl/config"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	mcdslconfig "git.wntrmute.dev/mc/mcdsl/config"
 )

 // Config is the top-level configuration for Metacrypt.
--- a/internal/db/db.go
+++ b/internal/db/db.go
@@ -4,7 +4,7 @@ package db
 import (
 	"database/sql"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
 )

 // Open opens or creates a SQLite database at the given path with the
--- a/internal/db/migrate.go
+++ b/internal/db/migrate.go
@@ -3,7 +3,7 @@ package db
 import (
 	"database/sql"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
 )

 // Migrations is the ordered list of metacrypt schema migrations.
--- a/internal/engine/ca/ca.go
+++ b/internal/engine/ca/ca.go
@@ -21,8 +21,8 @@ import (

 	"git.wntrmute.dev/kyle/goutils/certlib/certgen"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 var (
--- a/internal/engine/ca/ca_test.go
+++ b/internal/engine/ca/ca_test.go
@@ -10,8 +10,8 @@ import (
 	"testing"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/engine.go
+++ b/internal/engine/engine.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"sync"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // EngineType identifies a cryptographic engine type.
--- a/internal/engine/engine_test.go
+++ b/internal/engine/engine_test.go
@@ -6,7 +6,7 @@ import (
 	"log/slog"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // mockEngine implements Engine for testing.
--- a/internal/engine/sshca/sshca.go
+++ b/internal/engine/sshca/sshca.go
@@ -22,9 +22,9 @@ import (

 	"golang.org/x/crypto/ssh"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	mcrypto "git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	mcrypto "git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 var (
--- a/internal/engine/sshca/sshca_test.go
+++ b/internal/engine/sshca/sshca_test.go
@@ -12,8 +12,8 @@ import (

 	"golang.org/x/crypto/ssh"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/transit/transit.go
+++ b/internal/engine/transit/transit.go
@@ -27,9 +27,9 @@ import (

 	"golang.org/x/crypto/chacha20poly1305"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	mcrypto "git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	mcrypto "git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 const maxBatchSize = 500
--- a/internal/engine/transit/transit_test.go
+++ b/internal/engine/transit/transit_test.go
@@ -7,8 +7,8 @@ import (
 	"sync"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/user/user.go
+++ b/internal/engine/user/user.go
@@ -19,9 +19,9 @@ import (

 	"golang.org/x/crypto/hkdf"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 const (
--- a/internal/engine/user/user_test.go
+++ b/internal/engine/user/user_test.go
@@ -7,8 +7,8 @@ import (
 	"sync"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/grpcserver/acme.go
+++ b/internal/grpcserver/acme.go
@@ -8,10 +8,10 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 type acmeServer struct {
--- a/internal/grpcserver/auth.go
+++ b/internal/grpcserver/auth.go
@@ -7,8 +7,8 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
 )

 type authServer struct {
--- a/internal/grpcserver/barrier.go
+++ b/internal/grpcserver/barrier.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type barrierServer struct {
--- a/internal/grpcserver/ca.go
+++ b/internal/grpcserver/ca.go
@@ -10,11 +10,11 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type caServer struct {
--- a/internal/grpcserver/engine.go
+++ b/internal/grpcserver/engine.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 type engineServer struct {
--- a/internal/grpcserver/grpcserver_test.go
+++ b/internal/grpcserver/grpcserver_test.go
@@ -11,15 +11,15 @@ import (
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // ---- test helpers ----
--- a/internal/grpcserver/interceptors.go
+++ b/internal/grpcserver/interceptors.go
@@ -9,9 +9,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // sealInterceptor rejects calls with FailedPrecondition when the vault is
--- a/internal/grpcserver/pki.go
+++ b/internal/grpcserver/pki.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
 )

 type pkiServer struct {
--- a/internal/grpcserver/policy.go
+++ b/internal/grpcserver/policy.go
@@ -6,8 +6,8 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type policyServer struct {
--- a/internal/grpcserver/server.go
+++ b/internal/grpcserver/server.go
@@ -11,16 +11,16 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/mcdsl/grpcserver"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/mcdsl/grpcserver"

-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // GRPCServer wraps the mcdsl gRPC server and all service implementations.
--- a/internal/grpcserver/sshca.go
+++ b/internal/grpcserver/sshca.go
@@ -10,11 +10,11 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type sshcaServer struct {
--- a/internal/grpcserver/system.go
+++ b/internal/grpcserver/system.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type systemServer struct {
--- a/internal/grpcserver/transit.go
+++ b/internal/grpcserver/transit.go
@@ -8,11 +8,11 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/transit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/transit"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type transitServer struct {
--- a/internal/grpcserver/user.go
+++ b/internal/grpcserver/user.go
@@ -8,11 +8,11 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/user"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/user"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type userServer struct {
--- a/internal/policy/policy.go
+++ b/internal/policy/policy.go
@@ -9,7 +9,7 @@ import (
 	"sort"
 	"strings"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 const rulesPrefix = "policy/rules/"
--- a/internal/policy/policy_test.go
+++ b/internal/policy/policy_test.go
@@ -5,9 +5,9 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupPolicy(t *testing.T) (*Engine, func()) {
--- a/internal/seal/seal.go
+++ b/internal/seal/seal.go
@@ -10,9 +10,9 @@ import (
 	"sync"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
 )

 // ServiceState represents the current state of the Metacrypt service.
--- a/internal/seal/seal_test.go
+++ b/internal/seal/seal_test.go
@@ -7,9 +7,9 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupSeal(t *testing.T) (*Manager, func()) {
--- a/internal/server/acme.go
+++ b/internal/server/acme.go
@@ -6,8 +6,8 @@ import (

 	"github.com/go-chi/chi/v5"

-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // registerACMERoutes adds ACME protocol and management routes to r.
--- a/internal/server/middleware.go
+++ b/internal/server/middleware.go
@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"strings"

-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type contextKey string
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -11,16 +11,16 @@ import (



-	"git.wntrmute.dev/kyle/mcdsl/health"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/mcdsl/health"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 func (s *Server) registerRoutes(r chi.Router) {
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -9,14 +9,14 @@ import (

 	"google.golang.org/grpc"

-	"git.wntrmute.dev/kyle/mcdsl/httpserver"
-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/mcdsl/httpserver"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // Server is the Metacrypt HTTP server.
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -13,19 +13,19 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
-	mcdslconfig "git.wntrmute.dev/kyle/mcdsl/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	mcdslconfig "git.wntrmute.dev/mc/mcdsl/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"

 	// auth is used indirectly via the server
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
 )

 func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
--- a/internal/webserver/cert_detail_test.go
+++ b/internal/webserver/cert_detail_test.go
@@ -14,7 +14,7 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	webui "git.wntrmute.dev/kyle/metacrypt/web"
+	webui "git.wntrmute.dev/mc/metacrypt/web"
 )

 // mockVault is a minimal vaultBackend implementation for tests.
--- a/internal/webserver/client.go
+++ b/internal/webserver/client.go
@@ -13,7 +13,7 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
 )

 // VaultClient wraps the gRPC stubs for communicating with the vault.
--- a/internal/webserver/csrf_test.go
+++ b/internal/webserver/csrf_test.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"testing"

-	"git.wntrmute.dev/kyle/mcdsl/csrf"
+	"git.wntrmute.dev/mc/mcdsl/csrf"
 )

 func newTestCSRF(t *testing.T) *csrf.Protect {
--- a/internal/webserver/routes.go
+++ b/internal/webserver/routes.go
@@ -17,7 +17,7 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	"git.wntrmute.dev/kyle/mcdsl/web"
+	"git.wntrmute.dev/mc/mcdsl/web"
 )

 // splitLines splits a newline-delimited string into non-empty trimmed lines.
--- a/internal/webserver/server.go
+++ b/internal/webserver/server.go
@@ -15,11 +15,11 @@ import (

 	"github.com/go-chi/chi/v5"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
-	"git.wntrmute.dev/kyle/mcdsl/csrf"
-	"git.wntrmute.dev/kyle/mcdsl/web"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	webui "git.wntrmute.dev/kyle/metacrypt/web"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	"git.wntrmute.dev/mc/mcdsl/csrf"
+	"git.wntrmute.dev/mc/mcdsl/web"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	webui "git.wntrmute.dev/mc/metacrypt/web"
 )

 // vaultBackend is the interface used by WebServer to communicate with the vault.
--- a/proto/metacrypt/v1/acme.proto
+++ b/proto/metacrypt/v1/acme.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 // ACMEService provides authenticated management of ACME state.
 // These RPCs correspond to the REST management endpoints at /v1/acme/{mount}/.
--- a/proto/metacrypt/v1/auth.proto
+++ b/proto/metacrypt/v1/auth.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 service AuthService {
  rpc Login(LoginRequest) returns (LoginResponse);
--- a/proto/metacrypt/v1/barrier.proto
+++ b/proto/metacrypt/v1/barrier.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 service BarrierService {
  rpc ListKeys(ListKeysRequest) returns (ListKeysResponse);
--- a/proto/metacrypt/v1/common.proto
+++ b/proto/metacrypt/v1/common.proto
@@ -2,4 +2,4 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";
--- a/proto/metacrypt/v1/engine.proto
+++ b/proto/metacrypt/v1/engine.proto
@@ -4,7 +4,7 @@ package metacrypt.v1;

 import "google/protobuf/struct.proto";

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 service EngineService {
  rpc Mount(MountRequest) returns (MountResponse);
--- a/proto/metacrypt/v1/pki.proto
+++ b/proto/metacrypt/v1/pki.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 // PKIService provides unauthenticated access to public CA certificates.
 // These endpoints only require the service to be unsealed.
--- a/proto/metacrypt/v1/policy.proto
+++ b/proto/metacrypt/v1/policy.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 service PolicyService {
  rpc CreatePolicy(CreatePolicyRequest) returns (CreatePolicyResponse);
--- a/proto/metacrypt/v1/system.proto
+++ b/proto/metacrypt/v1/system.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v1;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1";

 service SystemService {
  rpc Status(StatusRequest) returns (StatusResponse);
--- a/proto/metacrypt/v2/acme.proto
+++ b/proto/metacrypt/v2/acme.proto
@@ -4,7 +4,7 @@ package metacrypt.v2;

 import "google/protobuf/timestamp.proto";

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 // ACMEService provides authenticated management of ACME state.
 // These RPCs correspond to the REST management endpoints at /v2/acme/{mount}/.
--- a/proto/metacrypt/v2/auth.proto
+++ b/proto/metacrypt/v2/auth.proto
@@ -4,7 +4,7 @@ package metacrypt.v2;

 import "google/protobuf/timestamp.proto";

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 service AuthService {
  rpc Login(LoginRequest) returns (LoginResponse);
--- a/proto/metacrypt/v2/barrier.proto
+++ b/proto/metacrypt/v2/barrier.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v2;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 service BarrierService {
  rpc ListKeys(ListKeysRequest) returns (ListKeysResponse);
--- a/proto/metacrypt/v2/ca.proto
+++ b/proto/metacrypt/v2/ca.proto
@@ -4,7 +4,7 @@ package metacrypt.v2;

 import "google/protobuf/timestamp.proto";

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 // CAService provides typed, authenticated access to CA engine operations.
 // All RPCs require the service to be unsealed. Write operations (CreateIssuer,
--- a/proto/metacrypt/v2/common.proto
+++ b/proto/metacrypt/v2/common.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v2;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 // Common message types shared across metacrypt.v2 services.
 // Currently empty; reserved for future shared types.
--- a/proto/metacrypt/v2/engine.proto
+++ b/proto/metacrypt/v2/engine.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v2;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 // EngineService manages the lifecycle of engine mounts.
 // In v2, typed service RPCs (e.g. CAService) replace the generic Execute RPC
--- a/proto/metacrypt/v2/pki.proto
+++ b/proto/metacrypt/v2/pki.proto
@@ -2,7 +2,7 @@ syntax = "proto3";

 package metacrypt.v2;

-option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2";
+option go_package = "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2";

 // PKIService provides unauthenticated access to public CA certificates.
 // These endpoints only require the service to be unsealed.
--- a/Show More
+++ b/Show More