bascule-oss

tking/bascule-oss

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler King	e7fc9fa5e1	feat: structured logging, tracing spans, comprehensive documentation Observability: Structured JSON logging via BASCULE_LOG_FORMAT=json Tracing spans on auth (method, principal, peer) Tracing spans on session lifecycle (id, principal, backend, source_ip) Tracing spans on exec requests (session_id, command) Config: [telemetry] and [metrics] sections (OTel export planned) Documentation (8 files, 489 lines): docs/quickstart.md — three-path getting started docs/configuration.md — full config reference with examples docs/authentication.md — all auth modes with setup guides docs/architecture.md — backends, traits, extension model, security docs/observability.md — logging, tracing, metrics docs/comparison.md — vs Teleport, Boundary, StrongDM images/README.md — curated image catalog README.md — features, comparison, quickstart, extension example 1557 lines Rust, 489 lines docs, 0 substrate deps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 23:45:03 -04:00
Tyler King	02142f7be4	feat: Entra Agent ID auth provider + governance leak cleanup New crate: bascule-auth-agent-id Microsoft Entra Agent ID authentication for AI agents Validates OAuth tokens against Entra JWKS (60min cache) Extracts agent metadata: type, blueprint, sponsor, scopes Detects on-behalf-of (delegated) agents Token-as-password pattern for SSH auth Cleanup: Removed all governance-specific references from comments SessionHandler trait is the only extension point Zero substrate/chronicle/gsap dependencies Config example uses neutral terminology Config: [auth.agent_id] section for Entra configuration tenant_id, audiences, multi_tenant fields 3 crates: bascule-core, bascule-server, bascule-auth-agent-id 938 lines total, 5.6MB binary, 0 substrate deps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:35:32 -04:00
Tyler King	bfa26cfd15	feat: Bascule — identity-aware SSH proxy Open-source SSH proxy with pluggable authentication and extensible session handling. Zero external governance dependencies. Core (bascule-core): russh 0.46 SSH server with PTY bridge (portable-pty) Pluggable auth: AuthProvider trait (SSH keys, accept-all dev mode) SessionHandler trait for extending behavior (audit, governance) TOML configuration, ephemeral Ed25519 host key generation Binary (bascule-server): Single binary, 5.6MB release build CLI with --config flag Default: accept-all auth on port 2222 Extension points: AuthProvider — implement for OIDC, certificates, custom auth SessionHandler — implement for audit, governance, recording DefaultHandler — passthrough (ships with open-source version) Zero substrate/chronicle/gsap/hfl dependencies. Apache 2.0 License. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 22:25:33 -04:00

Author

SHA256

Message

Date

Tyler King

e7fc9fa5e1

feat: structured logging, tracing spans, comprehensive documentation

Observability:
  Structured JSON logging via BASCULE_LOG_FORMAT=json
  Tracing spans on auth (method, principal, peer)
  Tracing spans on session lifecycle (id, principal, backend, source_ip)
  Tracing spans on exec requests (session_id, command)
  Config: [telemetry] and [metrics] sections (OTel export planned)

Documentation (8 files, 489 lines):
  docs/quickstart.md — three-path getting started
  docs/configuration.md — full config reference with examples
  docs/authentication.md — all auth modes with setup guides
  docs/architecture.md — backends, traits, extension model, security
  docs/observability.md — logging, tracing, metrics
  docs/comparison.md — vs Teleport, Boundary, StrongDM
  images/README.md — curated image catalog
  README.md — features, comparison, quickstart, extension example

1557 lines Rust, 489 lines docs, 0 substrate deps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 23:45:03 -04:00

Tyler King

02142f7be4

feat: Entra Agent ID auth provider + governance leak cleanup

New crate: bascule-auth-agent-id
  Microsoft Entra Agent ID authentication for AI agents
  Validates OAuth tokens against Entra JWKS (60min cache)
  Extracts agent metadata: type, blueprint, sponsor, scopes
  Detects on-behalf-of (delegated) agents
  Token-as-password pattern for SSH auth

Cleanup:
  Removed all governance-specific references from comments
  SessionHandler trait is the only extension point
  Zero substrate/chronicle/gsap dependencies
  Config example uses neutral terminology

Config:
  [auth.agent_id] section for Entra configuration
  tenant_id, audiences, multi_tenant fields

3 crates: bascule-core, bascule-server, bascule-auth-agent-id
938 lines total, 5.6MB binary, 0 substrate deps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 22:35:32 -04:00

Tyler King

bfa26cfd15

feat: Bascule — identity-aware SSH proxy

Open-source SSH proxy with pluggable authentication and
extensible session handling. Zero external governance dependencies.

Core (bascule-core):
  russh 0.46 SSH server with PTY bridge (portable-pty)
  Pluggable auth: AuthProvider trait (SSH keys, accept-all dev mode)
  SessionHandler trait for extending behavior (audit, governance)
  TOML configuration, ephemeral Ed25519 host key generation

Binary (bascule-server):
  Single binary, 5.6MB release build
  CLI with --config flag
  Default: accept-all auth on port 2222

Extension points:
  AuthProvider — implement for OIDC, certificates, custom auth
  SessionHandler — implement for audit, governance, recording
  DefaultHandler — passthrough (ships with open-source version)

Zero substrate/chronicle/gsap/hfl dependencies.
Apache 2.0 License.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 22:25:33 -04:00

3 commits