# Bascule Project Governance ## Maintainers Bascule is maintained by [Guildhouse LLC](https://guildhouse.dev). **Lead maintainer:** Tyler King ## Decision Making Technical decisions are made by the maintainers with input from the community via GitHub Issues and Pull Requests. Major architectural decisions (new backends, new auth providers, trait changes) are discussed in Issues before implementation. ## Contributions Contributions are accepted under the [Developer Certificate of Origin](DCO) (DCO). All commits must include a `Signed-off-by` line: ```bash git commit -s -m "feat: my contribution" ``` See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines. ## Intellectual Property ### What Guildhouse owns - The Bascule name, logo, and brand - The proprietary governance stack (GSAP protocol, SAT attestation, HFL host functions, Chronicle audit, DEFCON posture system) - These components are NOT part of bascule-oss and are maintained in separate repositories under separate licenses ### What contributors own - Copyright to their own contributions (DCO does NOT assign copyright) - Any implementation of the `SessionHandler` or `AuthProvider` traits - Any product, service, or extension built using bascule-core as a library ### What's shared (Apache 2.0) - All code in this repository - The `SessionHandler` and `AuthProvider` trait definitions - The SSH proxy core, session backends, and authentication framework - Documentation, Helm charts, container images, and build scripts ### The boundary The `SessionHandler` trait is the product boundary. Everything below the trait (in this repo) is Apache 2.0. Implementations of the trait are the intellectual property of their authors. Guildhouse's own session handler (which adds authorization contexts, completion receipts, operational posture, and audit trails) is proprietary. It depends on bascule-core as a library, which Apache 2.0 permits. Third parties are encouraged to build their own session handlers: - **Security vendors**: integrate risk scoring into session policy - **Compliance teams**: add audit logging for regulatory requirements - **Platform teams**: enforce organization-specific access policies - **MSPs**: build multi-tenant session management ## Dispute Resolution Guildhouse partners with tribal sovereign nations to provide technically informed dispute resolution for open source projects. Disputes may be submitted to tribal jurisdiction for resolution by adjudicators with expertise in open source software, contribution attribution, and digital governance. This forum is: - **Voluntary** — contributors may choose any court of competent jurisdiction - **Technically informed** — adjudicators understand open source licensing - **Efficient** — designed for faster resolution than federal litigation - **Sovereignty-respecting** — rooted in tribal self-determination This does not limit any rights under the Apache 2.0 license. ## Tribal Partnership Guildhouse's mission includes advancing cybersecurity capacity and digital sovereignty in Indian Country through: - **Mentorship**: training tribal members in cloud-native infrastructure - **Infrastructure**: deploying systems on tribal-controlled hardware - **Jurisdiction**: developing legal frameworks for digital governance - **Economic participation**: connecting tribal technologists with the cloud consulting ecosystem