SHA256

Open-source SSH proxy with identity-aware shell (Rust)

Find a file

Claude Code 33f6bf729a feat(hfl): bascule-core SAT compose routes through HFL when available Post-M6 enhancement: when /dev/substrate-hfl is loaded and the bascule-core `hfl` feature is enabled, the new compose_via_hfl_or_local() entry point hands a serialized SessionClaim to the kernel's attestation::SAT_BUNDLE function and uses the kernel-composed SatBundle (proto-encoded) in place of the locally-composed M1 bundle. Kernel composition has access to TPM state, governance state, and platform-claim producers Bascule can't reach from userspace. Without the `hfl` feature: M1 path unchanged. With the `hfl` feature but no kernel module: graceful fallback to the M1 local compose path. Per ADR D9, the SAT chain stays alive regardless of HFL availability. bascule-core::hfl_sat (NEW, behind --features hfl): - compose_via_hfl_or_local(inputs) tries the kernel path first. On any failure (device missing, ioctl error, decode error) it logs at debug and returns the local M1 compose result. - try_compose_via_hfl() encodes the SessionClaim with prost, dispatches via HflClient::dispatch(0x0005, 1, claim_bytes, [0u8;32], current_epoch), and decodes the result as a proto SatBundle. - 2 unit tests cover the device-absent fallback path (+ structure equivalence with the M1 local compose). Cargo.toml: - Workspace deps: hfl-types + substrate-hfl as path deps to the substrate workspace (cross-workspace, CI mounts both checkouts side by side). - bascule-core gains a `hfl` feature gating hfl-types + substrate-hfl + prost (the last for SessionClaim::encode_to_vec on the substrate-proto-generated types). Tested (Docker rust:1.88-bookworm): cargo build -p bascule-core clean cargo test -p bascule-core --lib sat 7/7 (M1 regression) cargo build -p bascule-core --features hfl clean cargo test -p bascule-core --features hfl --lib 26/26 +2 hfl_sat tests on top of the existing bascule-core suite Branched off main (post-merge of the M1..M5 stack). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Claude Code <claude@guildhouse.dev>		2026-04-08 10:41:09 -04:00
.github/workflows	docs: DCO, NOTICE, and governance framework	2026-04-05 11:13:20 -04:00
charts/bascule	docs: comprehensive documentation + developer experience polish	2026-04-05 10:53:08 -04:00
config	docs: update all documentation for management API + dashboard	2026-04-05 17:17:18 -04:00
crates	feat(hfl): bascule-core SAT compose routes through HFL when available	2026-04-08 10:41:09 -04:00
docs	docs: update all documentation for management API + dashboard	2026-04-05 17:17:18 -04:00
images	feat: structured logging, tracing spans, comprehensive documentation	2026-04-04 23:45:03 -04:00
.editorconfig	docs: comprehensive documentation + developer experience polish	2026-04-05 10:53:08 -04:00
.gitignore	feat: Bascule — identity-aware SSH proxy	2026-04-04 22:25:33 -04:00
Cargo.lock	feat(hfl): bascule-core SAT compose routes through HFL when available	2026-04-08 10:41:09 -04:00
Cargo.toml	feat(hfl): bascule-core SAT compose routes through HFL when available	2026-04-08 10:41:09 -04:00
CLAUDE.md	docs: update all documentation for management API + dashboard	2026-04-05 17:17:18 -04:00
CONTRIBUTING.md	docs: update all documentation for management API + dashboard	2026-04-05 17:17:18 -04:00
DCO	docs: DCO, NOTICE, and governance framework	2026-04-05 11:13:20 -04:00
docker-compose.yml	feat: bascule-shell — identity-aware shell with TPM attestation	2026-04-05 09:47:46 -04:00
Dockerfile	feat: bascule-shell — identity-aware shell with TPM attestation	2026-04-05 09:47:46 -04:00
GOVERNANCE.md	docs: DCO, NOTICE, and governance framework	2026-04-05 11:13:20 -04:00
LICENSE	feat: bascule-shell — identity-aware shell with TPM attestation	2026-04-05 09:47:46 -04:00
Makefile	docs: comprehensive documentation + developer experience polish	2026-04-05 10:53:08 -04:00
NOTICE	docs: DCO, NOTICE, and governance framework	2026-04-05 11:13:20 -04:00
README.md	docs: update all documentation for management API + dashboard	2026-04-05 17:17:18 -04:00
rustfmt.toml	docs: comprehensive documentation + developer experience polish	2026-04-05 10:53:08 -04:00

README.md

Bascule

Identity-aware SSH proxy for modern infrastructure.

Bascule authenticates operators via SSH keys or AI agent tokens, then connects them to a local shell, remote host, or ephemeral container. No agents to install. No control plane. One binary.

Quick Start

cargo build --release -p bascule-server
./target/release/bascule --config config/bascule.example.toml
# In another terminal:
ssh -p 2222 localhost

See docs/quickstart.md for Docker, Helm, and container mode.

Features

Session Backends

Mode	Config	Description
Local PTY	(default)	Spawn a local shell process
Remote Proxy	`[proxy]`	Forward to a remote SSH host
Container	`[container]`	Ephemeral container per session (Docker/Podman/nerdctl)
Kubernetes	`[k8s]`	Shared jumphost with shell sidecar (config ready, runtime coming)

Authentication

SSH Keys — standard OpenSSH authorized_keys files
Accept All — development only, accepts any key
Entra Agent ID — Microsoft AI agent identity (--features agent-id)
SPIFFE/SPIRE — workload identity (config ready, runtime coming)

Security

Session limiting (semaphore-based max_sessions)
Container hardening (--cap-drop ALL, --security-opt no-new-privileges)
Container config validation (injection prevention)
Read-only rootfs option
NetworkPolicy for Kubernetes deployments

Management API + Dashboard

Built-in HTTP management API (port 9090, --features dashboard):

GET /api/sessions — active sessions with auth/backend/TPM status
GET /api/stats — aggregate analytics (auth breakdown, peak concurrent, TPM %)
GET /api/health — server health and version
WASM dashboard at /dashboard/ (coming soon)

Observability

Structured JSON logging (BASCULE_LOG_FORMAT=json)
Tracing spans on auth, session lifecycle, exec requests
Management API for real-time session monitoring

Client: bascule-shell

Identity-aware login shell with TPM attestation:

./target/release/bascule-shell --info

╔═══════════════════════════════════════════════════════╗
║  Bascule Shell v0.1.0                                 ║
║  Principal:  tking                                     ║
║  Method:     ssh-key                                   ║
║  TPM:        available (6 PCRs verified)               ║
║  Platform:   sha256:e9b95f002f54222d...                ║
╚═══════════════════════════════════════════════════════╝

See docs/bascule-shell.md.

Comparison

	Bascule	Teleport	Boundary
License	Apache 2.0	AGPL / Commercial	MPL / Commercial
Agents required	No	Yes	Yes
Control plane	No	Required	Required
Container sessions	Yes	No	No
AI Agent Identity	Yes (Entra Agent ID)	No	No
Binary size	~7MB	~150MB	~100MB
Built-in dashboard	Yes (port 9090)	Yes	No

See docs/comparison.md.

Deployment

Standalone: cargo build --release -p bascule-server
Docker: docker build -t bascule .
Kubernetes: helm install bascule charts/bascule/ — see docs/kubernetes.md

Extending Bascule

Implement SessionHandler to add custom policy:

use bascule_core::hooks::{SessionHandler, SessionInfo};

struct AuditHandler;

#[async_trait]
impl SessionHandler for AuditHandler {
    async fn on_session_start(&self, s: &SessionInfo) -> anyhow::Result<()> {
        println!("{} connected from {}", s.principal, s.source_ip);
        Ok(())
    }
}

See docs/architecture.md.

Governance

Bascule is maintained by Guildhouse LLC. Contributions are accepted under the DCO — you retain copyright to your contributions.

The SessionHandler and AuthProvider traits are public APIs. Implementations are the intellectual property of their authors. See GOVERNANCE.md.

Roadmap

Not yet implemented:

OIDC authentication (Keycloak, Entra, Okta)
K8s API exec backend runtime
SPIFFE/SPIRE auth runtime
OpenTelemetry OTLP exporter
Prometheus metrics endpoint
Session recording
Per-session Pod isolation

Documentation

License

Apache 2.0