Tyler King
4aa7e9d816
DCO (Developer Certificate of Origin): Standard DCO 1.1 (Linux kernel, CNCF, Kubernetes standard) Contributors retain copyright — no rights assignment NOTICE: Copyright attribution (Guildhouse LLC) Contributors retain copyright, own their implementations SessionHandler/AuthProvider as public API boundary Tribal jurisdiction for voluntary dispute resolution GOVERNANCE.md: Project governance model and decision making IP framework: Guildhouse brand vs contributor code vs shared Apache 2.0 SessionHandler trait IS the product boundary Tribal dispute resolution: voluntary, technically informed Tribal partnership mission CI: DCO sign-off check on pull requests Existing commits on main exempt README + CONTRIBUTING: Governance section, DCO instructions, corporate guidance Signed-off-by: Tyler King <tking@guildhouse.dev>
3.3 KiB
Bascule Project Governance
Maintainers
Bascule is maintained by Guildhouse LLC.
Lead maintainer: Tyler King
Decision Making
Technical decisions are made by the maintainers with input from the community via GitHub Issues and Pull Requests.
Major architectural decisions (new backends, new auth providers, trait changes) are discussed in Issues before implementation.
Contributions
Contributions are accepted under the Developer Certificate of Origin
(DCO). All commits must include a Signed-off-by line:
git commit -s -m "feat: my contribution"
See CONTRIBUTING.md for development setup and guidelines.
Intellectual Property
What Guildhouse owns
- The Bascule name, logo, and brand
- The proprietary governance stack (GSAP protocol, SAT attestation, HFL host functions, Chronicle audit, DEFCON posture system)
- These components are NOT part of bascule-oss and are maintained in separate repositories under separate licenses
What contributors own
- Copyright to their own contributions (DCO does NOT assign copyright)
- Any implementation of the
SessionHandlerorAuthProvidertraits - Any product, service, or extension built using bascule-core as a library
What's shared (Apache 2.0)
- All code in this repository
- The
SessionHandlerandAuthProvidertrait definitions - The SSH proxy core, session backends, and authentication framework
- Documentation, Helm charts, container images, and build scripts
The boundary
The SessionHandler trait is the product boundary. Everything below
the trait (in this repo) is Apache 2.0. Implementations of the trait
are the intellectual property of their authors.
Guildhouse's own session handler (which adds authorization contexts, completion receipts, operational posture, and audit trails) is proprietary. It depends on bascule-core as a library, which Apache 2.0 permits.
Third parties are encouraged to build their own session handlers:
- Security vendors: integrate risk scoring into session policy
- Compliance teams: add audit logging for regulatory requirements
- Platform teams: enforce organization-specific access policies
- MSPs: build multi-tenant session management
Dispute Resolution
Guildhouse partners with tribal sovereign nations to provide technically informed dispute resolution for open source projects.
Disputes may be submitted to tribal jurisdiction for resolution by adjudicators with expertise in open source software, contribution attribution, and digital governance.
This forum is:
- Voluntary — contributors may choose any court of competent jurisdiction
- Technically informed — adjudicators understand open source licensing
- Efficient — designed for faster resolution than federal litigation
- Sovereignty-respecting — rooted in tribal self-determination
This does not limit any rights under the Apache 2.0 license.
Tribal Partnership
Guildhouse's mission includes advancing cybersecurity capacity and digital sovereignty in Indian Country through:
- Mentorship: training tribal members in cloud-native infrastructure
- Infrastructure: deploying systems on tribal-controlled hardware
- Jurisdiction: developing legal frameworks for digital governance
- Economic participation: connecting tribal technologists with the cloud consulting ecosystem