tking/bascule-oss
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-oss/crates
History
Claude Code 56529626f6 feat(m2): bascule-shell exports BASCULE_ROLES for gsh's role check 
bascule-shell::set_env now populates BASCULE_ROLES so gsh's
M2 role-aware classifier has something to match against.

Precedence:
  1. Caller-set BASCULE_ROLES wins (env var preserved as-is).
  2. Otherwise derive a default from auth_method:
       oidc-entra | oidc-cached | kerberos -> operator
       ssh-key                              -> apprentice
       _                                    -> apprentice

The auth-method fallback is intentionally minimal — bascule-oss
Identity has no real roles field, and proper role provisioning
(Entra group claims, SPIFFE workload roles) lands in M5. This
default at least populates the env var so M2's role-deny path
is exercised end-to-end on existing dev shells instead of
silently empty.

Stacked on feat/m1-session-sat.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Claude Code <claude@guildhouse.dev>
2026-04-07 17:52:50 -04:00
..
bascule-auth-agent-id feat: bascule-shell — identity-aware shell with TPM attestation 2026-04-05 09:47:46 -04:00
bascule-core feat(m1): bascule-shell composes a real SAT anchored on session_leaf 2026-04-07 14:38:20 -04:00
bascule-dashboard feat: Dioxus dashboard — session analytics + WASM web target 2026-04-05 14:10:01 -04:00
bascule-dashboard-web feat: Dioxus dashboard — session analytics + WASM web target 2026-04-05 14:10:01 -04:00
bascule-server feat: embedded management API (axum, port 9090) 2026-04-05 15:09:26 -04:00
bascule-shell feat(m2): bascule-shell exports BASCULE_ROLES for gsh's role check 2026-04-07 17:52:50 -04:00