Replace local TOML loading with mcdsl/config.Load[Config] which adds
METACRYPT_ environment variable overrides. ServerConfig and MCIASConfig
now embed their mcdsl counterparts, extending with ExternalURL and
ServiceToken respectively. DatabaseConfig and LogConfig replaced with
mcdsl types directly.
TOML structure is preserved — no config file changes needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The web UI connects to the vault API via gRPC using the Docker
compose service name (e.g., "metacrypt:9443"), but the vault's TLS
certificate has SANs for "crypt.metacircular.net" and "localhost".
The new vault_sni config field overrides the TLS ServerName so
certificate verification succeeds despite the hostname mismatch.
Also updates metacrypt-rift.toml with vault_sni and temporarily
binds the web UI port to 0.0.0.0 for direct access until mc-proxy
is deployed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix#61: handleRotateKey and handleDeleteUser now zeroize stored
privBytes instead of calling Bytes() (which returns a copy). New
state populates privBytes; old references nil'd for GC.
- Add audit logging subsystem (internal/audit) with structured event
recording for cryptographic operations.
- Add audit log engine spec (engines/auditlog.md).
- Add ValidateName checks across all engines for path traversal (#48).
- Update AUDIT.md: all High findings resolved (0 open).
- Add REMEDIATION.md with detailed remediation tracking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add PUT /v1/policy/rule endpoint for updating policy rules; expose
full policy CRUD through the web UI with a dedicated policy page
- Add certificate revoke, delete, and get-cert to CA engine and wire
REST + gRPC routes; fix missing interceptor registrations
- Update ARCHITECTURE.md to reflect v2 gRPC as the active implementation,
document ACME endpoints, correct CA permission levels, and add policy/cert
management route tables
- Add POLICY.md documenting the priority-based ACL engine design
- Add web/templates/policy.html for policy management UI
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The vault server holds in-memory unsealed state (KEK, engine keys) that
is lost on restart, requiring a full unseal ceremony. Previously the web
UI ran inside the vault process, so any UI change forced a restart and
re-unseal.
This change extracts the web UI into a separate metacrypt-web binary
that communicates with the vault over an authenticated gRPC connection.
The web server carries no sealed state and can be restarted freely.
- gen/metacrypt/v1/: generated Go bindings from proto/metacrypt/v1/
- internal/grpcserver/: full gRPC server implementation (System, Auth,
Engine, PKI, Policy, ACME services) with seal/auth/admin interceptors
- internal/webserver/: web server with gRPC vault client; templates
embedded via web/embed.go (no runtime web/ directory needed)
- cmd/metacrypt-web/: standalone binary entry point
- internal/config: added [web] section (listen_addr, vault_grpc, etc.)
- internal/server/routes.go: removed all web UI routes and handlers
- cmd/metacrypt/server.go: starts gRPC server alongside HTTP server
- Deploy: Dockerfile builds both binaries, docker-compose adds
metacrypt-web service, new metacrypt-web.service systemd unit,
Makefile gains proto/metacrypt-web targets
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
