Claude Code
999c78ef4c
Replaces the opaque BASCULE_ATTESTATION_HASH (a SHA over a
"pcrN:val;ima:hash;" evidence string) with a real proto-canonical
SatBundle composed from the operator's identity + local platform
attestation, anchored on the L4 SessionClaim.
bascule-core::sat (NEW): pure composer module.
- build_session_claim(SessionInputs) -> SessionClaim builds the
L4 leaf from {principal, auth_method, actor_type,
identity_verified, platform_attested, software_verified,
nonce_seed}, computes posture per SAT-SPEC-0002 §7, and
populates the L1/L2/L3 binding fields with zero-padded
placeholders until upstream producers exist.
- compose_local(SessionClaim) -> ComposedSat assembles the proto
SatBundle via SatBundleBuilder. Hot path stays local per ADR D9
(zero network); QM's gRPC ComposeSat is the warm-path surface.
- 7 unit tests cover layer/actor wiring, posture math at each
evidence level, deterministic nonce, sat_hash uniqueness across
principal changes.
bascule-shell: composes the SAT in main() right before execvp
of the inner shell — that's the OSS equivalent of an "Authenticated
-> ShellActive" transition (the OSS Bascule has no russh state
machine; it's a CLI wrapper). Exports the new env var surface:
BASCULE_SAT_HASH hex of proto sat_hash (canonical)
BASCULE_SESSION_CLAIM_HASH hex of L4 leaf hash
BASCULE_SESSION_ID UUID from SessionClaim
BASCULE_POSTURE_LEVEL SAT-SPEC-0002 §7 posture
BASCULE_ATTESTATION_HASH retained as compat alias (gsh /
dashboard consumers); now points at
the proto sat_hash, not the old
evidence-string SHA.
Cross-workspace path dep: substrate-proto via
../substrate-project/substrate/crates/substrate-proto. CI mounts
~/projects as one volume so the path resolves. Switching to a git
dep is post-MVP.
Note: russh-keys pulls `home` which requires Rust 1.88; CI bumps
the docker image accordingly. No code change.
Tested:
cargo build -p bascule-core -p bascule-shell clean
cargo test -p bascule-core --lib sat 7/7
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Claude Code <claude@guildhouse.dev>
41 lines
1.3 KiB
TOML
41 lines
1.3 KiB
TOML
[workspace]
|
|
members = [
|
|
"crates/bascule-core",
|
|
"crates/bascule-server",
|
|
"crates/bascule-auth-agent-id",
|
|
"crates/bascule-shell",
|
|
"crates/bascule-dashboard",
|
|
"crates/bascule-dashboard-web",
|
|
]
|
|
resolver = "2"
|
|
|
|
[workspace.package]
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
license = "Apache-2.0"
|
|
|
|
[workspace.dependencies]
|
|
# M1: depend on the canonical proto-generated SAT types from the substrate
|
|
# workspace. Path dep across workspaces; CI mounts both checkouts side by
|
|
# side. substrate-proto is itself a thin facade over substrate-common which
|
|
# owns the tonic-build invocation, so consumers only need to worry about
|
|
# the substrate-proto import surface.
|
|
substrate-proto = { path = "../substrate-project/substrate/crates/substrate-proto" }
|
|
russh = "0.46"
|
|
russh-keys = "0.46"
|
|
tokio = { version = "1", features = ["full"] }
|
|
async-trait = "0.1"
|
|
anyhow = "1"
|
|
thiserror = "1"
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|
serde = { version = "1", features = ["derive"] }
|
|
toml = "0.8"
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
uuid = { version = "1", features = ["v4"] }
|
|
rand = "0.8"
|
|
clap = { version = "4", features = ["derive"] }
|
|
portable-pty = "0.8"
|
|
serde_json = "1"
|
|
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
|
|
jsonwebtoken = "9"
|