tking/bascule-oss
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-oss/docs/comparison.md
Tyler King 6eb2de5dc0 docs: update all documentation for management API + dashboard 
Updated 9 files to reflect:
  Management API (axum, port 9090) — embedded in bascule-server
  Dioxus dashboard components (WASM web target)
  6 crates in workspace (was 4)

README.md:
  Added Management API + Dashboard features section
  Added dashboard row to comparison table

docs/architecture.md:
  Updated diagram showing dual-listener architecture
  Added Management API section explaining Arc<SessionStore> sharing
  Updated crate table (6 crates)

docs/configuration.md:
  Added [dashboard] config section reference

docs/observability.md:
  Added Management API monitoring section with curl examples

docs/quickstart.md:
  Added Management API quick start section

docs/comparison.md:
  Added dashboard and TPM attestation rows

CLAUDE.md + CONTRIBUTING.md:
  Updated crate lists and feature flags

config/bascule.example.toml:
  Added [dashboard] section

All 17 README links verified valid. Build clean.

Signed-off-by: Tyler King <tking@guildhouse.dev>
2026-04-05 17:17:18 -04:00

1.8 KiB
Raw Blame History

Comparison

Feature Bascule Teleport Boundary StrongDM
License Apache 2.0 AGPL / Commercial MPL / Commercial Commercial
Agents required No Yes Yes Yes
Control plane No Required Required SaaS
Container sessions Native Via agents No No
AI Agent Identity Native (Entra Agent ID) No No No
Binary size ~7MB ~150MB ~100MB N/A (SaaS)
Auth SSH keys, Entra Agent ID OIDC, SAML, GitHub OIDC, LDAP SAML, OIDC
Session recording Via SessionHandler Built-in Built-in Built-in
Kubernetes Any (pod) Requires agent Requires worker SaaS
Extensibility SessionHandler trait Plugin system No No
Proxy mode Built-in Built-in Built-in SaaS
Config Single TOML file Complex YAML Complex HCL Web UI
Built-in dashboard Yes (port 9090) Yes No Yes (SaaS)
TPM attestation Yes (bascule-shell) No No No

When to choose Bascule

  • You want a lightweight SSH proxy without a control plane
  • You need ephemeral container sessions per connection
  • You need AI agent identity (Entra Agent ID) alongside human SSH
  • You want to extend the proxy with custom policy via a Rust trait
  • You want Apache 2.0 licensing without AGPL constraints
  • You want a single binary under 10MB

When to choose Teleport

  • You need a full access management platform (SSH + K8s + DB + Web)
  • You need built-in session recording with search
  • You need desktop application access
  • You have a large team and need role-based access at scale
  • AGPL licensing is acceptable for your use case

When to choose Boundary

  • You're fully invested in the HashiCorp ecosystem
  • You need dynamic credential injection
  • You need multi-hop proxy chains
  • MPL licensing works for your organization