refactor: update crabidp references to barycenter and add Gateway API support

Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)

Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md

Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities

The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.claude/settings.local.json

@@ -13,7 +13,15 @@
       "Bash(pkill:*)",
       "mcp__github__search_repositories",
       "mcp__github__get_me",
-      "mcp__github__search_users"
+      "mcp__github__search_users",
+      "Bash(git push:*)",
+      "Bash(mkdir:*)",
+      "Bash(git add:*)",
+      "Bash(gh run list:*)",
+      "Bash(gh run view:*)",
+      "Bash(cargo fmt:*)",
+      "Bash(cargo clippy:*)",
+      "Bash(rm:*)"
     ],
     "deny": [],
     "ask": []

CLAUDE.md

@@ -64,7 +64,7 @@ cargo nextest run test_name
 The application loads configuration from:
 1. Default values (defined in `src/settings.rs`)
 2. Configuration file (default: `config.toml`)
-3. Environment variables with prefix `CRABIDP__` (e.g., `CRABIDP__SERVER__PORT=9090`)
+3. Environment variables with prefix `BARYCENTER__` (e.g., `BARYCENTER__SERVER__PORT=9090`)
 
 Environment variables use double underscores as separators for nested keys.
 

DEPLOYMENT.md

@@ -71,7 +71,7 @@ Edit `docker-compose.yml` to customize:
 ```yaml
 environment:
   - RUST_LOG=info
-  - CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com
+  - BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com
 ```
 
 ---
@@ -150,6 +150,53 @@ helm install barycenter ./deploy/helm/barycenter \
   --values my-values.yaml
 ```
 
+4. **Using Gateway API instead of Ingress:**
+
+The Helm chart supports Kubernetes Gateway API as a modern alternative to Ingress. Gateway API requires the Gateway API CRDs to be installed in your cluster.
+
+Create `gateway-values.yaml`:
+
+```yaml
+# Disable traditional Ingress
+ingress:
+  enabled: false
+
+# Enable Gateway API
+gatewayAPI:
+  enabled: true
+  parentRefs:
+    - name: my-gateway
+      namespace: gateway-system
+      sectionName: https  # Optional: target specific listener
+  hostnames:
+    - idp.example.com
+  annotations:
+    # Optional annotations for the HTTPRoute
+    example.com/custom: value
+
+config:
+  server:
+    publicBaseUrl: "https://idp.example.com"
+
+persistence:
+  enabled: true
+  size: 20Gi
+```
+
+Install with Gateway API:
+
+```bash
+helm install barycenter ./deploy/helm/barycenter \
+  --namespace barycenter \
+  --values gateway-values.yaml
+```
+
+**Benefits of Gateway API:**
+- More expressive and extensible than Ingress
+- Role-oriented design with clear separation of concerns
+- Better support for advanced traffic management
+- Vendor-neutral and portable across implementations
+
 ### Management
 
 **Upgrade:**
@@ -297,15 +344,15 @@ sudo svcadm enable barycenter
 
 ### Environment Variables
 
-All configuration can be overridden using environment variables with the `CRABIDP__` prefix:
+All configuration can be overridden using environment variables with the `BARYCENTER__` prefix:
 
 ```bash
 # Override server settings
-export CRABIDP__SERVER__PORT=9090
+export BARYCENTER__SERVER__PORT=9090
-export CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com
+export BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com
 
 # Override database
-export CRABIDP__DATABASE__URL=sqlite:///custom/path/db.sqlite
+export BARYCENTER__DATABASE__URL=sqlite:///custom/path/db.sqlite
 
 # Set logging
 export RUST_LOG=debug
@@ -322,7 +369,7 @@ port = 8080
 public_base_url = "https://idp.example.com"  # Required in production
 
 [database]
-url = "sqlite://crabidp.db?mode=rwc"
+url = "sqlite://barycenter.db?mode=rwc"
 
 [keys]
 jwks_path = "data/jwks.json"
@@ -399,7 +446,7 @@ chown barycenter:barycenter /var/lib/barycenter
 
 **Critical files to backup:**
 1. Private RSA key (`private_key.pem`)
-2. Database (`crabidp.db`)
+2. Database (`barycenter.db`)
 3. Configuration (`config.toml`)
 
 **Backup script example:**
@@ -410,7 +457,7 @@ BACKUP_DIR=/backup/barycenter/$(date +%Y%m%d)
 mkdir -p $BACKUP_DIR
 
 # Backup database
-sqlite3 /var/lib/barycenter/crabidp.db ".backup '$BACKUP_DIR/crabidp.db'"
+sqlite3 /var/lib/barycenter/barycenter.db ".backup '$BACKUP_DIR/barycenter.db'"
 
 # Backup keys and config
 cp /var/lib/barycenter/data/private_key.pem $BACKUP_DIR/

README.md

@@ -53,7 +53,7 @@ port = 8080
 public_base_url = "http://localhost:8080"
 
 [database]
-connection_string = "sqlite://crabidp.db?mode=rwc"
+connection_string = "sqlite://barycenter.db?mode=rwc"
 
 [keys]
 jwks_path = "data/jwks.json"

config.toml

@@ -5,7 +5,7 @@ port = 8080
 # public_base_url = "https://idp.example.com"
 
 [database]
-url = "sqlite://crabidp.db?mode=rwc"
+url = "sqlite://barycenter.db?mode=rwc"
 
 [keys]
 jwks_path = "data/jwks.json"

deploy/freebsd/README.md

@@ -37,7 +37,7 @@ This directory contains rc.d script for running Barycenter on FreeBSD systems.
    Edit `/usr/local/etc/barycenter/config.toml` and update paths:
    ```toml
    [database]
-   url = "sqlite:///var/db/barycenter/crabidp.db?mode=rwc"
+   url = "sqlite:///var/db/barycenter/barycenter.db?mode=rwc"
 
    [keys]
    jwks_path = "/var/db/barycenter/data/jwks.json"

deploy/helm/barycenter/templates/httproute.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.gatewayAPI.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "barycenter.fullname" . }}
+  labels:
+    {{- include "barycenter.labels" . | nindent 4 }}
+  {{- with .Values.gatewayAPI.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.gatewayAPI.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.gatewayAPI.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: {{ include "barycenter.fullname" . }}
+      port: {{ .Values.service.port }}
+      {{- if .Values.gatewayAPI.backendWeight }}
+      weight: {{ .Values.gatewayAPI.backendWeight }}
+      {{- end }}
+    {{- with .Values.gatewayAPI.filters }}
+    filters:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}

deploy/helm/barycenter/values.yaml

@@ -55,6 +55,30 @@ ingress:
   #    hosts:
   #      - idp.example.com
 
+# Kubernetes Gateway API support (alternative to Ingress)
+# Requires Gateway API CRDs to be installed in the cluster
+gatewayAPI:
+  enabled: false
+  annotations: {}
+  # Reference to the Gateway resource
+  parentRefs:
+    - name: gateway
+      namespace: gateway-system
+      # Optional: specify listener name
+      # sectionName: https
+  # Hostnames for the HTTPRoute
+  hostnames:
+    - idp.example.com
+  # Optional: backend weight for traffic splitting
+  # backendWeight: 100
+  # Optional: filters for request/response modification
+  filters: []
+  #  - type: RequestHeaderModifier
+  #    requestHeaderModifier:
+  #      add:
+  #        - name: X-Custom-Header
+  #          value: custom-value
+
 resources:
   limits:
     cpu: 1000m
@@ -84,7 +108,7 @@ config:
     # publicBaseUrl: "https://idp.example.com"
 
   database:
-    url: "sqlite:///app/data/crabidp.db?mode=rwc"
+    url: "sqlite:///app/data/barycenter.db?mode=rwc"
 
   keys:
     jwksPath: "/app/data/jwks.json"
@@ -99,7 +123,7 @@ env:
   - name: RUST_LOG
     value: "info"
   # Add additional environment variables here
-  # - name: CRABIDP__SERVER__PUBLIC_BASE_URL
+  # - name: BARYCENTER__SERVER__PUBLIC_BASE_URL
   #   value: "https://idp.example.com"
 
 # Persistence for database and keys

deploy/illumos/README.md

@@ -40,7 +40,7 @@ This directory contains SMF (Service Management Facility) manifest for running B
    Edit `/etc/barycenter/config.toml` and update paths:
    ```toml
    [database]
-   url = "sqlite:///var/barycenter/crabidp.db?mode=rwc"
+   url = "sqlite:///var/barycenter/barycenter.db?mode=rwc"
 
    [keys]
    jwks_path = "/var/barycenter/data/jwks.json"
@@ -110,7 +110,7 @@ To set environment variables, edit the manifest and modify the `method_environme
 ```xml
 <method_environment>
     <envvar name='RUST_LOG' value='debug' />
-    <envvar name='CRABIDP__SERVER__PUBLIC_BASE_URL' value='https://idp.example.com' />
+    <envvar name='BARYCENTER__SERVER__PUBLIC_BASE_URL' value='https://idp.example.com' />
 </method_environment>
 ```
 

deploy/systemd/README.md

@@ -32,7 +32,7 @@ This directory contains systemd service files for running Barycenter on Linux sy
    Edit `/etc/barycenter/config.toml` and update paths:
    ```toml
    [database]
-   url = "sqlite:///var/lib/barycenter/crabidp.db?mode=rwc"
+   url = "sqlite:///var/lib/barycenter/barycenter.db?mode=rwc"
 
    [keys]
    jwks_path = "/var/lib/barycenter/data/jwks.json"
@@ -89,6 +89,6 @@ You can override configuration using environment variables in the service file:
 
 ```ini
 [Service]
-Environment="CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com"
+Environment="BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com"
 Environment="RUST_LOG=debug"
 ```

docker-compose.yml

@@ -14,11 +14,11 @@ services:
 
     environment:
       # Override config via environment variables
-      # Use CRABIDP__ prefix with double underscores for nested keys
+      # Use BARYCENTER__ prefix with double underscores for nested keys
       - RUST_LOG=info
-      # Example: CRABIDP__SERVER__PORT=8080
+      # Example: BARYCENTER__SERVER__PORT=8080
-      # Example: CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com
+      # Example: BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com
-      # Example: CRABIDP__DATABASE__URL=sqlite:///app/data/crabidp.db?mode=rwc
+      # Example: BARYCENTER__DATABASE__URL=sqlite:///app/data/barycenter.db?mode=rwc
 
     volumes:
       # Persist database and keys

src/errors.rs

@@ -4,31 +4,31 @@ use thiserror::Error;
 #[derive(Debug, Error, Diagnostic)]
 pub enum CrabError {
     #[error("I/O error: {0}")]
-    #[diagnostic(code(crabidp::io))]
+    #[diagnostic(code(barycenter::io))]
     Io(#[from] std::io::Error),
 
     #[error("Config error: {0}")]
-    #[diagnostic(code(crabidp::config))]
+    #[diagnostic(code(barycenter::config))]
     Config(#[from] config::ConfigError),
 
     #[error("Serialization error: {0}")]
-    #[diagnostic(code(crabidp::serde))]
+    #[diagnostic(code(barycenter::serde))]
     Serde(#[from] serde_json::Error),
 
     #[error("Database error: {0}")]
-    #[diagnostic(code(crabidp::db))]
+    #[diagnostic(code(barycenter::db))]
     Db(#[from] sea_orm::DbErr),
 
     #[error("JOSE error: {0}")]
-    #[diagnostic(code(crabidp::jose))]
+    #[diagnostic(code(barycenter::jose))]
     Jose(String),
 
     #[error("Bad request: {0}")]
-    #[diagnostic(code(crabidp::bad_request))]
+    #[diagnostic(code(barycenter::bad_request))]
     BadRequest(String),
 
     #[error("{0}")]
-    #[diagnostic(code(crabidp::other))]
+    #[diagnostic(code(barycenter::other))]
     Other(String),
 }
 

src/main.rs

@@ -10,7 +10,7 @@ use miette::{IntoDiagnostic, Result};
 use tracing_subscriber::{fmt, EnvFilter};
 
 #[derive(Parser, Debug)]
-#[command(name = "crabidp", version, about = "OpenID Connect IdP (scaffold)")]
+#[command(name = "barycenter", version, about = "OpenID Connect Identity Provider")]
 struct Cli {
     /// Path to configuration file
     #[arg(short, long, default_value = "config.toml")]

src/settings.rs

@@ -20,7 +20,7 @@ pub struct Server {
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Database {
-    /// SeaORM/SQLx connection string, e.g., sqlite://crabidp.db?mode=rwc
+    /// SeaORM/SQLx connection string, e.g., sqlite://barycenter.db?mode=rwc
     pub url: String,
 }
 
@@ -55,7 +55,7 @@ impl Default for Server {
 impl Default for Database {
     fn default() -> Self {
         Self {
-            url: "sqlite://crabidp.db?mode=rwc".to_string(),
+            url: "sqlite://barycenter.db?mode=rwc".to_string(),
         }
     }
 }