Regenerate proto files for mc/ module path

Raw descriptor bytes in .pb.go files were corrupted by the sed-based module path rename (string length changed, breaking protobuf binary encoding). Regenerated with protoc to fix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix ListIssuers auth: move from public to auth-required methods
2026-03-27 02:54:26 -07:00 · 2026-03-27 02:24:11 -07:00 · 2026-03-27 02:05:59 -07:00 · 2026-03-27 08:16:23 +00:00 · 2026-03-27 01:15:13 -07:00 · 2026-03-27 01:07:07 -07:00
123 changed files with 274 additions and 278 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project Overview

-Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/kyle/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs
+Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/mc/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs

 ## Build & Test Commands

--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -425,7 +425,7 @@ issues scoped intermediate CAs ("issuers"), which in turn issue leaf
 certificates.

 Certificate generation uses the `certgen` package from
-`git.wntrmute.dev/kyle/goutils/certlib/certgen`.
+`git.wntrmute.dev/mc/goutils/certlib/certgen`.

 #### Lifecycle

--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project Overview

-Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/kyle/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs
+Metacrypt is a cryptographic service for the Metacircular platform, written in Go. It provides cryptographic resources via an "engines" architecture (CA, SSH CA, transit encryption, user-to-user encryption). Authentication is handled by MCIAS (Metacircular Identity and Access Service) using the client library at `git.wntrmute.dev/mc/mcias/clients/go`. MCIAS API docs: https://mcias.metacircular.net:8443/docs

 ## Build & Test Commands

--- a/8
+++ b/8
@@ -5,11 +5,11 @@ LDFLAGS := -trimpath -ldflags="-s -w -X main.version=$(shell git describe --tags
 binaries: metacrypt metacrypt-web

 proto:
-	protoc --go_out=. --go_opt=module=git.wntrmute.dev/kyle/metacrypt \
-		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/kyle/metacrypt \
+	protoc --go_out=. --go_opt=module=git.wntrmute.dev/mc/metacrypt \
+		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/mc/metacrypt \
 		proto/metacrypt/v1/*.proto
-	protoc --go_out=. --go_opt=module=git.wntrmute.dev/kyle/metacrypt \
-		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/kyle/metacrypt \
+	protoc --go_out=. --go_opt=module=git.wntrmute.dev/mc/metacrypt \
+		--go-grpc_out=. --go-grpc_opt=module=git.wntrmute.dev/mc/metacrypt \
 		proto/metacrypt/v2/*.proto

 metacrypt:
--- a/PKI-ENGINE-PLAN.md
+++ b/PKI-ENGINE-PLAN.md
@@ -4,14 +4,14 @@

 Metacrypt needs its first concrete engine implementation: the CA (PKI) engine. This provides X.509 certificate issuance for Metacircular infrastructure. A single root CA issues scoped intermediate CAs ("issuers"), which in turn issue leaf certificates. An unauthenticated public API serves CA/issuer certificates to allow systems to bootstrap TLS trust.

-Certificate generation uses the `certgen` package from `git.wntrmute.dev/kyle/goutils/certlib/certgen`.
+Certificate generation uses the `certgen` package from `git.wntrmute.dev/mc/goutils/certlib/certgen`.

 ## Implementation Order

 ### Step 1: Add goutils dependency

 **File: `go.mod`**
- Add `git.wntrmute.dev/kyle/goutils` with local replace directive (same pattern as mcias)
+- Add `git.wntrmute.dev/mc/goutils` with local replace directive (same pattern as mcias)
 - Run `go mod tidy`

 ### Step 2: Update engine framework
@@ -150,7 +150,7 @@ engine/ca/{mount}/certs/{serial_hex}.json
 ### Step 7: Register CA factory

 **File: `cmd/metacrypt/server.go`**
- Import `git.wntrmute.dev/kyle/metacrypt/internal/engine/ca`
+- Import `git.wntrmute.dev/mc/metacrypt/internal/engine/ca`
 - After creating `engineRegistry`, call `engineRegistry.RegisterFactory(engine.EngineTypeCA, ca.NewCAEngine)`

 ### Step 8: Tests
--- a/PROJECT.md
+++ b/PROJECT.md
@@ -8,7 +8,7 @@ It should have a data model similar to what hashicorp vault does, in that it wil

 The first step is to build out the basic framework for the application, to include login, unsealing, and the encrypted barrier.

-We will be using Go as the main language. The MCIAS client library (git.wntrmute.dev/kyle/mcias/clients/go) is used for authentication. Use 256-bit symmetric keys and Ed25519/Curve25519 or NIST P-521 where appropriate for public key algorithms. Use Argon2 for password hashing.
+We will be using Go as the main language. The MCIAS client library (git.wntrmute.dev/mc/mcias/clients/go) is used for authentication. Use 256-bit symmetric keys and Ed25519/Curve25519 or NIST P-521 where appropriate for public key algorithms. Use Argon2 for password hashing.

 It will need a gRPC and JSON REST API, as well as a web frontend.

--- a/clients/go/go.mod
+++ b/clients/go/go.mod
@@ -1,4 +1,4 @@
-module git.wntrmute.dev/kyle/metacrypt/clients/go
+module git.wntrmute.dev/mc/metacrypt/clients/go

 go 1.25.0

--- a/clients/go/go.sum
+++ b/clients/go/go.sum
@@ -1,2 +0,0 @@
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
--- a/cmd/metacrypt-web/main.go
+++ b/cmd/metacrypt-web/main.go
@@ -13,8 +13,8 @@ import (

 	"github.com/spf13/cobra"

-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/webserver"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/webserver"
 )

 var cfgFile string
--- a/cmd/metacrypt/init.go
+++ b/cmd/metacrypt/init.go
@@ -10,11 +10,11 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 var initCmd = &cobra.Command{
--- a/cmd/metacrypt/migrate_aad.go
+++ b/cmd/metacrypt/migrate_aad.go
@@ -10,9 +10,9 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var migrateAADCmd = &cobra.Command{
--- a/cmd/metacrypt/migrate_barrier.go
+++ b/cmd/metacrypt/migrate_barrier.go
@@ -10,10 +10,10 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/term"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var migrateBarrierCmd = &cobra.Command{
--- a/cmd/metacrypt/server.go
+++ b/cmd/metacrypt/server.go
@@ -10,20 +10,20 @@ import (

 	"github.com/spf13/cobra"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/transit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/user"
-	"git.wntrmute.dev/kyle/metacrypt/internal/grpcserver"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
-	"git.wntrmute.dev/kyle/metacrypt/internal/server"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/transit"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/user"
+	"git.wntrmute.dev/mc/metacrypt/internal/grpcserver"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/server"
 )

 var serverCmd = &cobra.Command{
--- a/cmd/metacrypt/snapshot.go
+++ b/cmd/metacrypt/snapshot.go
@@ -5,9 +5,9 @@ import (

 	"github.com/spf13/cobra"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 var snapshotCmd = &cobra.Command{
--- a/cmd/metacrypt/unseal.go
+++ b/cmd/metacrypt/unseal.go
@@ -15,7 +15,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"

-	metacryptv1 "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
+	metacryptv1 "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1"
 )

 var unsealCmd = &cobra.Command{
--- a/docs/engineering-standards.md
+++ b/docs/engineering-standards.md
@@ -138,7 +138,7 @@ but the top-level skeleton is fixed.
 Services hosted on `git.wntrmute.dev` use:

 ```
-git.wntrmute.dev/kyle/<service>
+git.wntrmute.dev/mc/<service>
 ```

 ---
@@ -251,7 +251,7 @@ Access Service). No service maintains its own user database.

 - Client sends credentials to the service's `/v1/auth/login` endpoint.
 - The service forwards them to MCIAS via the client library
-  (`git.wntrmute.dev/kyle/mcias/clients/go`).
+  (`git.wntrmute.dev/mc/mcias/clients/go`).
 - On success, MCIAS returns a bearer token. The service returns it to the
  client and optionally sets it as a cookie for the web UI.
 - Subsequent requests include the token via `Authorization: Bearer <token>`
--- a/gen/metacrypt/v1/acme.pb.go
+++ b/gen/metacrypt/v1/acme.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/acme.proto

 package metacryptv1
@@ -600,7 +600,7 @@ const file_proto_metacrypt_v1_acme_proto_rawDesc = "" +
 	"\tSetConfig\x12\x1e.metacrypt.v1.SetConfigRequest\x1a\x1f.metacrypt.v1.SetConfigResponse\x12U\n" +
 	"\fListAccounts\x12!.metacrypt.v1.ListAccountsRequest\x1a\".metacrypt.v1.ListAccountsResponse\x12O\n" +
 	"\n" +
-	"ListOrders\x12\x1f.metacrypt.v1.ListOrdersRequest\x1a .metacrypt.v1.ListOrdersResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"ListOrders\x12\x1f.metacrypt.v1.ListOrdersRequest\x1a .metacrypt.v1.ListOrdersResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_acme_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/acme_grpc.pb.go
+++ b/gen/metacrypt/v1/acme_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/acme.proto

 package metacryptv1
--- a/gen/metacrypt/v1/auth.pb.go
+++ b/gen/metacrypt/v1/auth.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/auth.proto

 package metacryptv1
@@ -324,7 +324,7 @@ const file_proto_metacrypt_v1_auth_proto_rawDesc = "" +
 	"\vAuthService\x12@\n" +
 	"\x05Login\x12\x1a.metacrypt.v1.LoginRequest\x1a\x1b.metacrypt.v1.LoginResponse\x12C\n" +
 	"\x06Logout\x12\x1b.metacrypt.v1.LogoutRequest\x1a\x1c.metacrypt.v1.LogoutResponse\x12L\n" +
-	"\tTokenInfo\x12\x1e.metacrypt.v1.TokenInfoRequest\x1a\x1f.metacrypt.v1.TokenInfoResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\tTokenInfo\x12\x1e.metacrypt.v1.TokenInfoRequest\x1a\x1f.metacrypt.v1.TokenInfoResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_auth_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/auth_grpc.pb.go
+++ b/gen/metacrypt/v1/auth_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/auth.proto

 package metacryptv1
--- a/gen/metacrypt/v1/barrier.pb.go
+++ b/gen/metacrypt/v1/barrier.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/barrier.proto

 package metacryptv1
@@ -455,7 +455,7 @@ const file_proto_metacrypt_v1_barrier_proto_rawDesc = "" +
 	"\bListKeys\x12\x1d.metacrypt.v1.ListKeysRequest\x1a\x1e.metacrypt.v1.ListKeysResponse\x12L\n" +
 	"\tRotateMEK\x12\x1e.metacrypt.v1.RotateMEKRequest\x1a\x1f.metacrypt.v1.RotateMEKResponse\x12L\n" +
 	"\tRotateKey\x12\x1e.metacrypt.v1.RotateKeyRequest\x1a\x1f.metacrypt.v1.RotateKeyResponse\x12T\n" +
-	"\aMigrate\x12#.metacrypt.v1.MigrateBarrierRequest\x1a$.metacrypt.v1.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\aMigrate\x12#.metacrypt.v1.MigrateBarrierRequest\x1a$.metacrypt.v1.MigrateBarrierResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_barrier_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/barrier_grpc.pb.go
+++ b/gen/metacrypt/v1/barrier_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/barrier.proto

 package metacryptv1
--- a/gen/metacrypt/v1/common.pb.go
+++ b/gen/metacrypt/v1/common.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/common.proto

 package metacryptv1
@@ -24,7 +24,7 @@ var File_proto_metacrypt_v1_common_proto protoreflect.FileDescriptor

 const file_proto_metacrypt_v1_common_proto_rawDesc = "" +
 	"\n" +
-	"\x1fproto/metacrypt/v1/common.proto\x12\fmetacrypt.v1B>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\x1fproto/metacrypt/v1/common.proto\x12\fmetacrypt.v1B<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var file_proto_metacrypt_v1_common_proto_goTypes = []any{}
 var file_proto_metacrypt_v1_common_proto_depIdxs = []int32{
--- a/gen/metacrypt/v1/engine.pb.go
+++ b/gen/metacrypt/v1/engine.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/engine.proto

 package metacryptv1
@@ -483,7 +483,7 @@ const file_proto_metacrypt_v1_engine_proto_rawDesc = "" +
 	"\aUnmount\x12\x1c.metacrypt.v1.UnmountRequest\x1a\x1d.metacrypt.v1.UnmountResponse\x12O\n" +
 	"\n" +
 	"ListMounts\x12\x1f.metacrypt.v1.ListMountsRequest\x1a .metacrypt.v1.ListMountsResponse\x12F\n" +
-	"\aExecute\x12\x1c.metacrypt.v1.ExecuteRequest\x1a\x1d.metacrypt.v1.ExecuteResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\aExecute\x12\x1c.metacrypt.v1.ExecuteRequest\x1a\x1d.metacrypt.v1.ExecuteResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_engine_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/engine_grpc.pb.go
+++ b/gen/metacrypt/v1/engine_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/engine.proto

 package metacryptv1
--- a/gen/metacrypt/v1/pki.pb.go
+++ b/gen/metacrypt/v1/pki.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/pki.proto

 package metacryptv1
@@ -324,7 +324,7 @@ const file_proto_metacrypt_v1_pki_proto_rawDesc = "" +
 	"PKIService\x12R\n" +
 	"\vGetRootCert\x12 .metacrypt.v1.GetRootCertRequest\x1a!.metacrypt.v1.GetRootCertResponse\x12I\n" +
 	"\bGetChain\x12\x1d.metacrypt.v1.GetChainRequest\x1a\x1e.metacrypt.v1.GetChainResponse\x12X\n" +
-	"\rGetIssuerCert\x12\".metacrypt.v1.GetIssuerCertRequest\x1a#.metacrypt.v1.GetIssuerCertResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\rGetIssuerCert\x12\".metacrypt.v1.GetIssuerCertRequest\x1a#.metacrypt.v1.GetIssuerCertResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_pki_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/pki_grpc.pb.go
+++ b/gen/metacrypt/v1/pki_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/pki.proto

 package metacryptv1
--- a/gen/metacrypt/v1/policy.pb.go
+++ b/gen/metacrypt/v1/policy.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/policy.proto

 package metacryptv1
@@ -481,7 +481,7 @@ const file_proto_metacrypt_v1_policy_proto_rawDesc = "" +
 	"\fCreatePolicy\x12!.metacrypt.v1.CreatePolicyRequest\x1a\".metacrypt.v1.CreatePolicyResponse\x12U\n" +
 	"\fListPolicies\x12!.metacrypt.v1.ListPoliciesRequest\x1a\".metacrypt.v1.ListPoliciesResponse\x12L\n" +
 	"\tGetPolicy\x12\x1e.metacrypt.v1.GetPolicyRequest\x1a\x1f.metacrypt.v1.GetPolicyResponse\x12U\n" +
-	"\fDeletePolicy\x12!.metacrypt.v1.DeletePolicyRequest\x1a\".metacrypt.v1.DeletePolicyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\fDeletePolicy\x12!.metacrypt.v1.DeletePolicyRequest\x1a\".metacrypt.v1.DeletePolicyResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_policy_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/policy_grpc.pb.go
+++ b/gen/metacrypt/v1/policy_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/policy.proto

 package metacryptv1
--- a/gen/metacrypt/v1/system.pb.go
+++ b/gen/metacrypt/v1/system.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v1/system.proto

 package metacryptv1
@@ -380,7 +380,7 @@ const file_proto_metacrypt_v1_system_proto_rawDesc = "" +
 	"\x06Status\x12\x1b.metacrypt.v1.StatusRequest\x1a\x1c.metacrypt.v1.StatusResponse\x12=\n" +
 	"\x04Init\x12\x19.metacrypt.v1.InitRequest\x1a\x1a.metacrypt.v1.InitResponse\x12C\n" +
 	"\x06Unseal\x12\x1b.metacrypt.v1.UnsealRequest\x1a\x1c.metacrypt.v1.UnsealResponse\x12=\n" +
-	"\x04Seal\x12\x19.metacrypt.v1.SealRequest\x1a\x1a.metacrypt.v1.SealResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"
+	"\x04Seal\x12\x19.metacrypt.v1.SealRequest\x1a\x1a.metacrypt.v1.SealResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1;metacryptv1b\x06proto3"

 var (
 	file_proto_metacrypt_v1_system_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v1/system_grpc.pb.go
+++ b/gen/metacrypt/v1/system_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v1/system.proto

 package metacryptv1
--- a/gen/metacrypt/v2/acme.pb.go
+++ b/gen/metacrypt/v2/acme.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/acme.proto

 package metacryptv2
@@ -592,7 +592,7 @@ const file_proto_metacrypt_v2_acme_proto_rawDesc = "" +
 	"\tSetConfig\x12\x1e.metacrypt.v2.SetConfigRequest\x1a\x1f.metacrypt.v2.SetConfigResponse\x12U\n" +
 	"\fListAccounts\x12!.metacrypt.v2.ListAccountsRequest\x1a\".metacrypt.v2.ListAccountsResponse\x12O\n" +
 	"\n" +
-	"ListOrders\x12\x1f.metacrypt.v2.ListOrdersRequest\x1a .metacrypt.v2.ListOrdersResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"ListOrders\x12\x1f.metacrypt.v2.ListOrdersRequest\x1a .metacrypt.v2.ListOrdersResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_acme_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/acme_grpc.pb.go
+++ b/gen/metacrypt/v2/acme_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/acme.proto

 package metacryptv2
--- a/gen/metacrypt/v2/auth.pb.go
+++ b/gen/metacrypt/v2/auth.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/auth.proto

 package metacryptv2
@@ -325,7 +325,7 @@ const file_proto_metacrypt_v2_auth_proto_rawDesc = "" +
 	"\vAuthService\x12@\n" +
 	"\x05Login\x12\x1a.metacrypt.v2.LoginRequest\x1a\x1b.metacrypt.v2.LoginResponse\x12C\n" +
 	"\x06Logout\x12\x1b.metacrypt.v2.LogoutRequest\x1a\x1c.metacrypt.v2.LogoutResponse\x12L\n" +
-	"\tTokenInfo\x12\x1e.metacrypt.v2.TokenInfoRequest\x1a\x1f.metacrypt.v2.TokenInfoResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\tTokenInfo\x12\x1e.metacrypt.v2.TokenInfoRequest\x1a\x1f.metacrypt.v2.TokenInfoResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_auth_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/auth_grpc.pb.go
+++ b/gen/metacrypt/v2/auth_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/auth.proto

 package metacryptv2
--- a/gen/metacrypt/v2/barrier.pb.go
+++ b/gen/metacrypt/v2/barrier.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/barrier.proto

 package metacryptv2
@@ -455,7 +455,7 @@ const file_proto_metacrypt_v2_barrier_proto_rawDesc = "" +
 	"\bListKeys\x12\x1d.metacrypt.v2.ListKeysRequest\x1a\x1e.metacrypt.v2.ListKeysResponse\x12L\n" +
 	"\tRotateMEK\x12\x1e.metacrypt.v2.RotateMEKRequest\x1a\x1f.metacrypt.v2.RotateMEKResponse\x12L\n" +
 	"\tRotateKey\x12\x1e.metacrypt.v2.RotateKeyRequest\x1a\x1f.metacrypt.v2.RotateKeyResponse\x12T\n" +
-	"\aMigrate\x12#.metacrypt.v2.MigrateBarrierRequest\x1a$.metacrypt.v2.MigrateBarrierResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\aMigrate\x12#.metacrypt.v2.MigrateBarrierRequest\x1a$.metacrypt.v2.MigrateBarrierResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_barrier_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/barrier_grpc.pb.go
+++ b/gen/metacrypt/v2/barrier_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/barrier.proto

 package metacryptv2
--- a/gen/metacrypt/v2/ca.pb.go
+++ b/gen/metacrypt/v2/ca.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/ca.proto

 package metacryptv2
@@ -2075,7 +2075,7 @@ const file_proto_metacrypt_v2_ca_proto_rawDesc = "" +
 	"\n" +
 	"RevokeCert\x12\x1f.metacrypt.v2.RevokeCertRequest\x1a .metacrypt.v2.RevokeCertResponse\x12O\n" +
 	"\n" +
-	"DeleteCert\x12\x1f.metacrypt.v2.DeleteCertRequest\x1a .metacrypt.v2.DeleteCertResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"DeleteCert\x12\x1f.metacrypt.v2.DeleteCertRequest\x1a .metacrypt.v2.DeleteCertResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_ca_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/ca_grpc.pb.go
+++ b/gen/metacrypt/v2/ca_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/ca.proto

 package metacryptv2
--- a/gen/metacrypt/v2/common.pb.go
+++ b/gen/metacrypt/v2/common.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/common.proto

 package metacryptv2
@@ -24,7 +24,7 @@ var File_proto_metacrypt_v2_common_proto protoreflect.FileDescriptor

 const file_proto_metacrypt_v2_common_proto_rawDesc = "" +
 	"\n" +
-	"\x1fproto/metacrypt/v2/common.proto\x12\fmetacrypt.v2B>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x1fproto/metacrypt/v2/common.proto\x12\fmetacrypt.v2B<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var file_proto_metacrypt_v2_common_proto_goTypes = []any{}
 var file_proto_metacrypt_v2_common_proto_depIdxs = []int32{
--- a/gen/metacrypt/v2/engine.pb.go
+++ b/gen/metacrypt/v2/engine.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/engine.proto

 package metacryptv2
@@ -366,7 +366,7 @@ const file_proto_metacrypt_v2_engine_proto_rawDesc = "" +
 	"\x05Mount\x12\x1a.metacrypt.v2.MountRequest\x1a\x1b.metacrypt.v2.MountResponse\x12F\n" +
 	"\aUnmount\x12\x1c.metacrypt.v2.UnmountRequest\x1a\x1d.metacrypt.v2.UnmountResponse\x12O\n" +
 	"\n" +
-	"ListMounts\x12\x1f.metacrypt.v2.ListMountsRequest\x1a .metacrypt.v2.ListMountsResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"ListMounts\x12\x1f.metacrypt.v2.ListMountsRequest\x1a .metacrypt.v2.ListMountsResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_engine_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/engine_grpc.pb.go
+++ b/gen/metacrypt/v2/engine_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/engine.proto

 package metacryptv2
--- a/gen/metacrypt/v2/pki.pb.go
+++ b/gen/metacrypt/v2/pki.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/pki.proto

 package metacryptv2
@@ -426,7 +426,7 @@ const file_proto_metacrypt_v2_pki_proto_rawDesc = "" +
 	"\vGetRootCert\x12 .metacrypt.v2.GetRootCertRequest\x1a!.metacrypt.v2.GetRootCertResponse\x12I\n" +
 	"\bGetChain\x12\x1d.metacrypt.v2.GetChainRequest\x1a\x1e.metacrypt.v2.GetChainResponse\x12X\n" +
 	"\rGetIssuerCert\x12\".metacrypt.v2.GetIssuerCertRequest\x1a#.metacrypt.v2.GetIssuerCertResponse\x12C\n" +
-	"\x06GetCRL\x12\x1b.metacrypt.v2.GetCRLRequest\x1a\x1c.metacrypt.v2.GetCRLResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x06GetCRL\x12\x1b.metacrypt.v2.GetCRLRequest\x1a\x1c.metacrypt.v2.GetCRLResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_pki_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/pki_grpc.pb.go
+++ b/gen/metacrypt/v2/pki_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/pki.proto

 package metacryptv2
--- a/gen/metacrypt/v2/policy.pb.go
+++ b/gen/metacrypt/v2/policy.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/policy.proto

 package metacryptv2
@@ -481,7 +481,7 @@ const file_proto_metacrypt_v2_policy_proto_rawDesc = "" +
 	"\fCreatePolicy\x12!.metacrypt.v2.CreatePolicyRequest\x1a\".metacrypt.v2.CreatePolicyResponse\x12U\n" +
 	"\fListPolicies\x12!.metacrypt.v2.ListPoliciesRequest\x1a\".metacrypt.v2.ListPoliciesResponse\x12L\n" +
 	"\tGetPolicy\x12\x1e.metacrypt.v2.GetPolicyRequest\x1a\x1f.metacrypt.v2.GetPolicyResponse\x12U\n" +
-	"\fDeletePolicy\x12!.metacrypt.v2.DeletePolicyRequest\x1a\".metacrypt.v2.DeletePolicyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\fDeletePolicy\x12!.metacrypt.v2.DeletePolicyRequest\x1a\".metacrypt.v2.DeletePolicyResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_policy_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/policy_grpc.pb.go
+++ b/gen/metacrypt/v2/policy_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/policy.proto

 package metacryptv2
--- a/gen/metacrypt/v2/sshca.pb.go
+++ b/gen/metacrypt/v2/sshca.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/sshca.proto

 package metacryptv2
@@ -1919,7 +1919,7 @@ const file_proto_metacrypt_v2_sshca_proto_rawDesc = "" +
 	"RevokeCert\x12\".metacrypt.v2.SSHRevokeCertRequest\x1a#.metacrypt.v2.SSHRevokeCertResponse\x12U\n" +
 	"\n" +
 	"DeleteCert\x12\".metacrypt.v2.SSHDeleteCertRequest\x1a#.metacrypt.v2.SSHDeleteCertResponse\x12I\n" +
-	"\x06GetKRL\x12\x1e.metacrypt.v2.SSHGetKRLRequest\x1a\x1f.metacrypt.v2.SSHGetKRLResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x06GetKRL\x12\x1e.metacrypt.v2.SSHGetKRLRequest\x1a\x1f.metacrypt.v2.SSHGetKRLResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_sshca_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/sshca_grpc.pb.go
+++ b/gen/metacrypt/v2/sshca_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/sshca.proto

 package metacryptv2
--- a/gen/metacrypt/v2/system.pb.go
+++ b/gen/metacrypt/v2/system.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/system.proto

 package metacryptv2
@@ -380,7 +380,7 @@ const file_proto_metacrypt_v2_system_proto_rawDesc = "" +
 	"\x06Status\x12\x1b.metacrypt.v2.StatusRequest\x1a\x1c.metacrypt.v2.StatusResponse\x12=\n" +
 	"\x04Init\x12\x19.metacrypt.v2.InitRequest\x1a\x1a.metacrypt.v2.InitResponse\x12C\n" +
 	"\x06Unseal\x12\x1b.metacrypt.v2.UnsealRequest\x1a\x1c.metacrypt.v2.UnsealResponse\x12=\n" +
-	"\x04Seal\x12\x19.metacrypt.v2.SealRequest\x1a\x1a.metacrypt.v2.SealResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\x04Seal\x12\x19.metacrypt.v2.SealRequest\x1a\x1a.metacrypt.v2.SealResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_system_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/system_grpc.pb.go
+++ b/gen/metacrypt/v2/system_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/system.proto

 package metacryptv2
--- a/gen/metacrypt/v2/transit.pb.go
+++ b/gen/metacrypt/v2/transit.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/transit.proto

 package metacryptv2
@@ -2075,7 +2075,7 @@ const file_proto_metacrypt_v2_transit_proto_rawDesc = "" +
 	"\x04Sign\x12 .metacrypt.v2.TransitSignRequest\x1a!.metacrypt.v2.TransitSignResponse\x12Q\n" +
 	"\x06Verify\x12\".metacrypt.v2.TransitVerifyRequest\x1a#.metacrypt.v2.TransitVerifyResponse\x12K\n" +
 	"\x04Hmac\x12 .metacrypt.v2.TransitHmacRequest\x1a!.metacrypt.v2.TransitHmacResponse\x12c\n" +
-	"\fGetPublicKey\x12(.metacrypt.v2.GetTransitPublicKeyRequest\x1a).metacrypt.v2.GetTransitPublicKeyResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"\fGetPublicKey\x12(.metacrypt.v2.GetTransitPublicKeyRequest\x1a).metacrypt.v2.GetTransitPublicKeyResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_transit_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/transit_grpc.pb.go
+++ b/gen/metacrypt/v2/transit_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/transit.proto

 package metacryptv2
--- a/gen/metacrypt/v2/user.pb.go
+++ b/gen/metacrypt/v2/user.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
-// 	protoc        v3.20.3
+// 	protoc        v6.32.1
 // source: proto/metacrypt/v2/user.proto

 package metacryptv2
@@ -1023,7 +1023,7 @@ const file_proto_metacrypt_v2_user_proto_rawDesc = "" +
 	"\tReEncrypt\x12\".metacrypt.v2.UserReEncryptRequest\x1a#.metacrypt.v2.UserReEncryptResponse\x12T\n" +
 	"\tRotateKey\x12\".metacrypt.v2.UserRotateKeyRequest\x1a#.metacrypt.v2.UserRotateKeyResponse\x12W\n" +
 	"\n" +
-	"DeleteUser\x12#.metacrypt.v2.UserDeleteUserRequest\x1a$.metacrypt.v2.UserDeleteUserResponseB>Z<git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"
+	"DeleteUser\x12#.metacrypt.v2.UserDeleteUserRequest\x1a$.metacrypt.v2.UserDeleteUserResponseB<Z:git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2;metacryptv2b\x06proto3"

 var (
 	file_proto_metacrypt_v2_user_proto_rawDescOnce sync.Once
--- a/gen/metacrypt/v2/user_grpc.pb.go
+++ b/gen/metacrypt/v2/user_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
-// - protoc             v3.20.3
+// - protoc             v6.32.1
 // source: proto/metacrypt/v2/user.proto

 package metacryptv2
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
-module git.wntrmute.dev/kyle/metacrypt
+module git.wntrmute.dev/mc/metacrypt

 go 1.25.7

 require (
 	git.wntrmute.dev/kyle/goutils v1.21.0
-	git.wntrmute.dev/kyle/mcdsl v1.0.1
+	git.wntrmute.dev/mc/mcdsl v1.2.0
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/viper v1.21.0
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,7 @@
 git.wntrmute.dev/kyle/goutils v1.21.0 h1:ZR7ovV400hsF09zc8tkdHs6vyen8TDJ7flong/dnFXM=
 git.wntrmute.dev/kyle/goutils v1.21.0/go.mod h1:JQ8NL5lHSEYl719UMf20p4G1ei70RVGma0hjjNXCR2c=
-git.wntrmute.dev/kyle/mcdsl v1.0.0 h1:YB7dx4gdNYKKcVySpL6UkwHqdCJ9Nl1yS0+eHk0hNtk=
-git.wntrmute.dev/kyle/mcdsl v1.0.0/go.mod h1:wo0tGfUAxci3XnOe4/rFmR0RjUElKdYUazc+Np986sg=
-git.wntrmute.dev/kyle/mcdsl v1.0.1 h1:Dr9Ud8cjWWybulpv+KsuSKbuZmzBXPCItQztR7o2hcA=
-git.wntrmute.dev/kyle/mcdsl v1.0.1/go.mod h1:wo0tGfUAxci3XnOe4/rFmR0RjUElKdYUazc+Np986sg=
+git.wntrmute.dev/mc/mcdsl v1.2.0 h1:41hep7/PNZJfN0SN/nM+rQpyF1GSZcvNNjyVG81DI7U=
+git.wntrmute.dev/mc/mcdsl v1.2.0/go.mod h1:lXYrAt74ZUix6rx9oVN8d2zH1YJoyp4uxPVKQ+SSxuM=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
--- a/internal/acme/handlers.go
+++ b/internal/acme/handlers.go
@@ -14,7 +14,7 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // directoryResponse is the ACME directory object (RFC 8555 §7.1.1).
--- a/internal/acme/helpers_test.go
+++ b/internal/acme/helpers_test.go
@@ -20,7 +20,7 @@ import (
 	"testing"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/acme/server.go
+++ b/internal/acme/server.go
@@ -9,8 +9,8 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // Handler implements the ACME protocol for a single CA mount.
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 	"log/slog"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
 )

 // TokenInfo is an alias for the mcdsl auth.TokenInfo type.
--- a/internal/barrier/barrier.go
+++ b/internal/barrier/barrier.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"

-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
 )

 var (
--- a/internal/barrier/barrier_test.go
+++ b/internal/barrier/barrier_test.go
@@ -6,8 +6,8 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupBarrier(t *testing.T) (*AESGCMBarrier, func()) {
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -4,8 +4,8 @@ package config
 import (
 	"fmt"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
-	mcdslconfig "git.wntrmute.dev/kyle/mcdsl/config"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	mcdslconfig "git.wntrmute.dev/mc/mcdsl/config"
 )

 // Config is the top-level configuration for Metacrypt.
--- a/internal/db/db.go
+++ b/internal/db/db.go
@@ -4,7 +4,7 @@ package db
 import (
 	"database/sql"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
 )

 // Open opens or creates a SQLite database at the given path with the
--- a/internal/db/migrate.go
+++ b/internal/db/migrate.go
@@ -3,7 +3,7 @@ package db
 import (
 	"database/sql"

-	mcdsldb "git.wntrmute.dev/kyle/mcdsl/db"
+	mcdsldb "git.wntrmute.dev/mc/mcdsl/db"
 )

 // Migrations is the ordered list of metacrypt schema migrations.
--- a/internal/engine/ca/ca.go
+++ b/internal/engine/ca/ca.go
@@ -21,8 +21,8 @@ import (

 	"git.wntrmute.dev/kyle/goutils/certlib/certgen"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 var (
--- a/internal/engine/ca/ca_test.go
+++ b/internal/engine/ca/ca_test.go
@@ -10,8 +10,8 @@ import (
 	"testing"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/engine.go
+++ b/internal/engine/engine.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"sync"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // EngineType identifies a cryptographic engine type.
--- a/internal/engine/engine_test.go
+++ b/internal/engine/engine_test.go
@@ -6,7 +6,7 @@ import (
 	"log/slog"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 // mockEngine implements Engine for testing.
--- a/internal/engine/sshca/sshca.go
+++ b/internal/engine/sshca/sshca.go
@@ -22,9 +22,9 @@ import (

 	"golang.org/x/crypto/ssh"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	mcrypto "git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	mcrypto "git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 var (
--- a/internal/engine/sshca/sshca_test.go
+++ b/internal/engine/sshca/sshca_test.go
@@ -12,8 +12,8 @@ import (

 	"golang.org/x/crypto/ssh"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/transit/transit.go
+++ b/internal/engine/transit/transit.go
@@ -27,9 +27,9 @@ import (

 	"golang.org/x/crypto/chacha20poly1305"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	mcrypto "git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	mcrypto "git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 const maxBatchSize = 500
--- a/internal/engine/transit/transit_test.go
+++ b/internal/engine/transit/transit_test.go
@@ -7,8 +7,8 @@ import (
 	"sync"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/engine/user/user.go
+++ b/internal/engine/user/user.go
@@ -19,9 +19,9 @@ import (

 	"golang.org/x/crypto/hkdf"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 const (
--- a/internal/engine/user/user_test.go
+++ b/internal/engine/user/user_test.go
@@ -7,8 +7,8 @@ import (
 	"sync"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // memBarrier is an in-memory barrier for testing.
--- a/internal/grpcserver/acme.go
+++ b/internal/grpcserver/acme.go
@@ -8,10 +8,10 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 type acmeServer struct {
--- a/internal/grpcserver/auth.go
+++ b/internal/grpcserver/auth.go
@@ -7,8 +7,8 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
 )

 type authServer struct {
--- a/internal/grpcserver/barrier.go
+++ b/internal/grpcserver/barrier.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type barrierServer struct {
--- a/internal/grpcserver/ca.go
+++ b/internal/grpcserver/ca.go
@@ -10,11 +10,11 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type caServer struct {
--- a/internal/grpcserver/engine.go
+++ b/internal/grpcserver/engine.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 type engineServer struct {
--- a/internal/grpcserver/grpcserver_test.go
+++ b/internal/grpcserver/grpcserver_test.go
@@ -11,15 +11,15 @@ import (
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // ---- test helpers ----
--- a/internal/grpcserver/interceptors.go
+++ b/internal/grpcserver/interceptors.go
@@ -9,9 +9,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // sealInterceptor rejects calls with FailedPrecondition when the vault is
--- a/internal/grpcserver/pki.go
+++ b/internal/grpcserver/pki.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
 )

 type pkiServer struct {
--- a/internal/grpcserver/policy.go
+++ b/internal/grpcserver/policy.go
@@ -6,8 +6,8 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type policyServer struct {
--- a/internal/grpcserver/server.go
+++ b/internal/grpcserver/server.go
@@ -11,16 +11,16 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/mcdsl/grpcserver"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/mcdsl/grpcserver"

-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // GRPCServer wraps the mcdsl gRPC server and all service implementations.
@@ -160,7 +160,6 @@ func publicMethods() map[string]bool {
 		// CA read-only — public certificates and chains.
 		"/metacrypt.v2.CAService/GetRoot":    true,
 		"/metacrypt.v2.CAService/GetIssuer":  true,
-		"/metacrypt.v2.CAService/ListIssuers": true,
 		"/metacrypt.v2.CAService/GetChain":   true,
 		// SSH CA — public key and key revocation list.
 		"/metacrypt.v2.SSHCAService/GetCAPublicKey": true,
@@ -175,6 +174,7 @@ func authRequiredMethods() map[string]bool {
 		"/metacrypt.v2.AuthService/Logout":    true,
 		"/metacrypt.v2.AuthService/TokenInfo": true,
 		"/metacrypt.v2.EngineService/ListMounts": true,
+		"/metacrypt.v2.CAService/ListIssuers": true,
 		"/metacrypt.v2.CAService/IssueCert":   true,
 		"/metacrypt.v2.CAService/GetCert":     true,
 		"/metacrypt.v2.CAService/ListCerts":   true,
--- a/internal/grpcserver/sshca.go
+++ b/internal/grpcserver/sshca.go
@@ -10,11 +10,11 @@ import (
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/timestamppb"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type sshcaServer struct {
--- a/internal/grpcserver/system.go
+++ b/internal/grpcserver/system.go
@@ -7,9 +7,9 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type systemServer struct {
--- a/internal/grpcserver/transit.go
+++ b/internal/grpcserver/transit.go
@@ -8,11 +8,11 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/transit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/transit"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type transitServer struct {
--- a/internal/grpcserver/user.go
+++ b/internal/grpcserver/user.go
@@ -8,11 +8,11 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/user"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/user"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
 )

 type userServer struct {
--- a/internal/policy/policy.go
+++ b/internal/policy/policy.go
@@ -9,7 +9,7 @@ import (
 	"sort"
 	"strings"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 )

 const rulesPrefix = "policy/rules/"
--- a/internal/policy/policy_test.go
+++ b/internal/policy/policy_test.go
@@ -5,9 +5,9 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupPolicy(t *testing.T) (*Engine, func()) {
--- a/internal/seal/seal.go
+++ b/internal/seal/seal.go
@@ -10,9 +10,9 @@ import (
 	"sync"
 	"time"

-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
 )

 // ServiceState represents the current state of the Metacrypt service.
--- a/internal/seal/seal_test.go
+++ b/internal/seal/seal_test.go
@@ -7,9 +7,9 @@ import (
 	"path/filepath"
 	"testing"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
 )

 func setupSeal(t *testing.T) (*Manager, func()) {
--- a/internal/server/acme.go
+++ b/internal/server/acme.go
@@ -6,8 +6,8 @@ import (

 	"github.com/go-chi/chi/v5"

-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
 )

 // registerACMERoutes adds ACME protocol and management routes to r.
--- a/internal/server/middleware.go
+++ b/internal/server/middleware.go
@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"strings"

-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 type contextKey string
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -11,16 +11,16 @@ import (



-	"git.wntrmute.dev/kyle/mcdsl/health"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/mcdsl/health"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/ca"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine/sshca"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 func (s *Server) registerRoutes(r chi.Router) {
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -9,14 +9,14 @@ import (

 	"google.golang.org/grpc"

-	"git.wntrmute.dev/kyle/mcdsl/httpserver"
-	internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme"
-	"git.wntrmute.dev/kyle/metacrypt/internal/audit"
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	"git.wntrmute.dev/mc/mcdsl/httpserver"
+	internacme "git.wntrmute.dev/mc/metacrypt/internal/acme"
+	"git.wntrmute.dev/mc/metacrypt/internal/audit"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"
 )

 // Server is the Metacrypt HTTP server.
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -13,19 +13,19 @@ import (

 	"github.com/go-chi/chi/v5"

-	"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
-	"git.wntrmute.dev/kyle/metacrypt/internal/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/crypto"
+	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
+	"git.wntrmute.dev/mc/metacrypt/internal/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/crypto"

-	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
-	mcdslconfig "git.wntrmute.dev/kyle/mcdsl/config"
-	"git.wntrmute.dev/kyle/metacrypt/internal/db"
-	"git.wntrmute.dev/kyle/metacrypt/internal/engine"
-	"git.wntrmute.dev/kyle/metacrypt/internal/policy"
-	"git.wntrmute.dev/kyle/metacrypt/internal/seal"
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	mcdslconfig "git.wntrmute.dev/mc/mcdsl/config"
+	"git.wntrmute.dev/mc/metacrypt/internal/db"
+	"git.wntrmute.dev/mc/metacrypt/internal/engine"
+	"git.wntrmute.dev/mc/metacrypt/internal/policy"
+	"git.wntrmute.dev/mc/metacrypt/internal/seal"

 	// auth is used indirectly via the server
-	"git.wntrmute.dev/kyle/metacrypt/internal/auth"
+	"git.wntrmute.dev/mc/metacrypt/internal/auth"
 )

 func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
--- a/internal/webserver/cert_detail_test.go
+++ b/internal/webserver/cert_detail_test.go
@@ -14,7 +14,7 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	webui "git.wntrmute.dev/kyle/metacrypt/web"
+	webui "git.wntrmute.dev/mc/metacrypt/web"
 )

 // mockVault is a minimal vaultBackend implementation for tests.
--- a/internal/webserver/client.go
+++ b/internal/webserver/client.go
@@ -13,7 +13,7 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"

-	pb "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v2"
+	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
 )

 // VaultClient wraps the gRPC stubs for communicating with the vault.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Kyle Isom	26f397afc0	Regenerate proto files for mc/ module path Raw descriptor bytes in .pb.go files were corrupted by the sed-based module path rename (string length changed, breaking protobuf binary encoding). Regenerated with protoc to fix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 02:54:26 -07:00
Kyle Isom	28d6f9fa1f	Fix ListIssuers auth: move from public to auth-required methods ListIssuers was miscategorized as a public gRPC method, but the CA engine handler requires CallerInfo with user role. When called without auth (public path), the interceptor skipped token validation, so CallerInfo was nil and the handler returned ErrUnauthorized — which the web UI silently swallowed, showing "No issuers configured." Security: gRPC interceptor map correction (ListIssuers requires auth) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 02:24:11 -07:00
Kyle Isom	bbe382dc10	Migrate module path from kyle/ to mc/ org All import paths updated to git.wntrmute.dev/mc/. Bumps mcdsl to v1.2.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 02:05:59 -07:00
kyle	5401181bde	Merge pull request 'Bump mcdsl to adopt $PORT env var support' (#1 ) from feature/port-env-adoption into master	2026-03-27 08:16:23 +00:00
Kyle Isom	21989df08e	Update mcdsl to v1.1.0 (tagged release) Replace pseudo-version with the tagged v1.1.0 release. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 01:15:13 -07:00
Kyle Isom	f2f764289f	Bump mcdsl to adopt $PORT env var support Update mcdsl from v1.0.1 to v1.0.2-0.20260327074919-f94c4b1abf9c (port-env-support branch) which adds $PORT environment variable support for HTTP and gRPC server configuration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 01:07:07 -07:00