Kyle Isom
4ddd32b117
Core packages: crypto (Argon2id/AES-256-GCM), config (TOML/viper), db (SQLite/migrations), barrier (encrypted storage), seal (state machine with rate-limited unseal), auth (MCIAS integration with token cache), policy (priority-based ACL engine), engine (interface + registry). Server: HTTPS with TLS 1.2+, REST API, auth/admin middleware, htmx web UI (init, unseal, login, dashboard pages). CLI: cobra/viper subcommands (server, init, status, snapshot) with env var override support (METACRYPT_ prefix). Operational tooling: Dockerfile (multi-stage, non-root), docker-compose, hardened systemd units (service + daily backup timer), install script, backup script with retention pruning, production config examples. Runbook covering installation, configuration, daily operations, backup/restore, monitoring, troubleshooting, and security procedures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
42 lines
910 B
Protocol Buffer
42 lines
910 B
Protocol Buffer
syntax = "proto3";
|
|
|
|
package metacrypt.v1;
|
|
|
|
option go_package = "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1;metacryptv1";
|
|
|
|
service PolicyService {
|
|
rpc CreatePolicy(CreatePolicyRequest) returns (PolicyRule);
|
|
rpc ListPolicies(ListPoliciesRequest) returns (ListPoliciesResponse);
|
|
rpc GetPolicy(GetPolicyRequest) returns (PolicyRule);
|
|
rpc DeletePolicy(DeletePolicyRequest) returns (DeletePolicyResponse);
|
|
}
|
|
|
|
message PolicyRule {
|
|
string id = 1;
|
|
int32 priority = 2;
|
|
string effect = 3;
|
|
repeated string usernames = 4;
|
|
repeated string roles = 5;
|
|
repeated string resources = 6;
|
|
repeated string actions = 7;
|
|
}
|
|
|
|
message CreatePolicyRequest {
|
|
PolicyRule rule = 1;
|
|
}
|
|
|
|
message ListPoliciesRequest {}
|
|
message ListPoliciesResponse {
|
|
repeated PolicyRule rules = 1;
|
|
}
|
|
|
|
message GetPolicyRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message DeletePolicyRequest {
|
|
string id = 1;
|
|
}
|
|
|
|
message DeletePolicyResponse {}
|