Tyler King
02142f7be4
New crate: bascule-auth-agent-id Microsoft Entra Agent ID authentication for AI agents Validates OAuth tokens against Entra JWKS (60min cache) Extracts agent metadata: type, blueprint, sponsor, scopes Detects on-behalf-of (delegated) agents Token-as-password pattern for SSH auth Cleanup: Removed all governance-specific references from comments SessionHandler trait is the only extension point Zero substrate/chronicle/gsap dependencies Config example uses neutral terminology Config: [auth.agent_id] section for Entra configuration tenant_id, audiences, multi_tenant fields 3 crates: bascule-core, bascule-server, bascule-auth-agent-id 938 lines total, 5.6MB binary, 0 substrate deps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
23 lines
594 B
TOML
23 lines
594 B
TOML
# Bascule SSH Proxy — Example Configuration
|
|
|
|
# Listen address
|
|
listen_addr = "0.0.0.0:2222"
|
|
|
|
# Host key (auto-generated if not present)
|
|
# host_key_path = "/etc/bascule/host_key"
|
|
|
|
# Shell command to spawn for each session
|
|
# Default: /bin/bash
|
|
# shell_command = "/bin/bash"
|
|
# shell_command = "/usr/local/bin/custom-shell"
|
|
|
|
# Authentication
|
|
[auth]
|
|
mode = "accept-all" # "accept-all" (dev only), "authorized-keys"
|
|
# authorized_keys_path = "/etc/bascule/authorized_keys"
|
|
|
|
# Session banner (optional)
|
|
# banner = "Welcome to Bascule."
|
|
|
|
# Max concurrent sessions (0 = unlimited)
|
|
# max_sessions = 100
|