khoahuynhdev · khoahuynhdev · May 16, 2025 · May 16, 2025 · May 16, 2025 · May 16, 2025
diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml
@@ -0,0 +1,47 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          # anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Or use OAuth token instead:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          timeout_minutes: "60"
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net
diff --git a/ca-server/.gitignore b/ca-server/.gitignore
@@ -0,0 +1 @@
+build
diff --git a/ca-server/CLAUDE.md b/ca-server/CLAUDE.md
@@ -0,0 +1,151 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+This is "xpki" (eXtensible PKI) - a Go-based Certificate Authority (CA) management system with both CLI and HTTP server components. The application provides PKI infrastructure with support for TLS and mTLS configurations.
+
+## Architecture
+
+The project follows a clean architecture pattern with:
+- **CLI Interface**: Cobra-based command structure with `server` and `setup` subcommands
+- **HTTP Server**: Gin framework with middleware, controllers, and routes
+- **PKI Core**: Certificate Authority functionality in `internal/certificate_authority/`
+- **Multi-server Support**: HTTP, TLS, and mTLS server modes
+
+### Key Components
+
+- `cmd/`: Cobra command definitions (server, setup)
+- `internal/certificate_authority/`: Core CA functionality and types
+- `controllers/`: HTTP request handlers (cert_controller, user_controller)
+- `models/`: Data structures and in-memory store
+- `middleware/`: Custom middleware (auth, logger)
+- `routes/`: API route definitions
+- `config/`: Application configuration management
+
+## Development Commands
+
+This project uses [Task](https://taskfile.dev) as a task runner. Install it first:
+
+**Quick Installation (using provided script):**
+```bash
+# Run the provided installation script
+./scripts/install-task.sh
+```
+
+**Manual Installation:**
+```bash
+# Install Task (various methods available)
+go install github.com/go-task/task/v3/cmd/task@latest
+# or: brew install go-task/tap/go-task
+# or: curl -sL https://taskfile.dev/install.sh | sh
+```
+
+### Common Tasks
+```bash
+# Show all available tasks
+task
+
+# Development workflow
+task workflow:dev              # Complete dev workflow (clean, deps, lint, test, build)
+task workflow:setup            # Initial project setup
+
+# Build tasks
+task build                     # Build the application
+task build:debug              # Build with debug symbols
+task build:release            # Build optimized release binary
+
+# Development
+task dev                       # Run in development mode
+task dev:setup                 # Setup PKI directory structure
+
+# Testing
+task test                      # Run all tests
+task test:coverage            # Run tests with coverage
+task test:race                # Run tests with race detection
+
+# Code quality
+task lint                      # Run linters
+task lint:fix                 # Fix linting issues
+
+# Dependencies
+task deps                      # Download dependencies
+task deps:update              # Update dependencies
+```
+
+### Server Tasks
+```bash
+# Start servers
+task server                    # Start HTTP server
+task server:dev               # Start server in development mode
+task server:tls               # Start server with TLS
+task server:mtls              # Start server with mTLS
+
+# Test connectivity
+task test:http                # Test HTTP server
+task test:tls                 # Test TLS server
+task test:mtls                # Test mTLS server
+```
+
+### PKI Tasks
+```bash
+# PKI management
+task pki:setup                # Setup PKI directory structure
+task pki:clean                # Clean PKI directory
+
+# Certificate generation
+task cert:ca                  # Generate CA certificate
+task cert:server              # Generate server certificate
+task cert:client              # Generate client certificate
+
+# Clean up
+task clean                    # Clean build artifacts
+task clean:all                # Clean everything including PKI and certs
+```
+
+### Legacy Commands (without Task)
+```bash
+# Install dependencies
+go mod tidy
+
+# Build the application
+go build -o xpki
+
+# Run CLI commands
+go run main.go setup              # Setup PKI directory structure
+go run main.go server             # Start the HTTP/TLS/mTLS server
+```
+
+## Configuration
+
+The application uses environment variables for configuration:
+- `SERVER_PORT`: HTTP server port (default: 8080)
+- `GIN_MODE`: Gin mode (debug/release)
+- `LOG_LEVEL`: Logging level
+
+## Code Style (from .github/copilot-instructions.md)
+
+- Use camelCase for variables, PascalCase for exported functions
+- Group imports: standard library, external packages, local packages
+- Include comments for exported functions and types
+- Follow Go best practices for error handling
+- Use dependency injection for services and repositories
+- New route handlers go in appropriate controllers
+- New middleware registered in main.go
+- New environment variables added to config.go
+
+## Server Modes
+
+The application supports three server modes:
+1. **HTTP**: Standard HTTP server (port 8080)
+2. **TLS**: HTTPS server with server certificates
+3. **mTLS**: Mutual TLS with client certificate validation
+
+## Current Development Status
+
+Based on recent commits, the project is in active development with:
+- CLI setup command implementation
+- PKI directory structure creation
+- CA certificate generation (work in progress)
+- Server configuration for multiple TLS modes
diff --git a/ca-server/README.md b/ca-server/README.md
@@ -82,17 +82,6 @@ The server will start on port 8080 by default.
 - `GET /health`: Health check endpoint
 - `GET /api/ping`: Ping endpoint
 
-## Todo
-
-- [x] Gen a private/public key pairs for a user
-
-  - [x] validate signature
-
-- [ ] Sign a CSR for new user
-- [x] Example calling http with tls
-- [x] Example calling http with mtls
-- [ ] Write tests for tls and mtls case
-
 ### Notes
 
 - quick way to generate CA certs from Go

diff --git a/ca-server/TODO.md b/ca-server/TODO.md
@@ -0,0 +1,12 @@
+# A todo list for this project
+
+- [] setup PKI from cli
+
+## Previous todo list
+
+- [x] Gen a private/public key pairs for a user
+  - [x] validate signature
+- [ ] Sign a CSR for new user
+- [x] Example calling http with tls
+- [x] Example calling http with mtls
+- [ ] Write tests for tls and mtls case