Replace hardcoded posture return in AttestationHandler (Shellstream
namespace 0x0005) with PostureReader that reads the posture-current
ConfigMap written by the substrate-operator's posture evaluator.
Data pipeline is now end-to-end:
Keylime verifier -> posture evaluator -> ConfigMap -> bascule-agent
Behavior:
- posture_source='config': reads posture-current ConfigMap, maps
level to PostureLevel, caches with configurable TTL (default 30s)
- posture_source='static' or dev_mode: returns configured static
level and wire value (replaces hardcoded string for clarity)
- Graceful fallback: missing ConfigMap -> PostureLevel::Lockdown
(fail-closed) + warning log
New dependencies: kube, k8s-openapi, governance-types (via path).
Does NOT add keylime-client — reads ConfigMap JSON directly.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
PipelineMerge, SchematicPublish, and GitOpsSync ceremony merkle
leaves are now the canonical_hash() of a GovernanceEnvelope,
binding git ref + governance metadata into a single auditable
32-byte hash.
Uses the resolution's resolved_at timestamp for deterministic
envelope construction.
Non-git ceremony types (MutationIntent, Custom) unchanged.
Signed-off-by: Tyler King <tking@guildhouse.dev>
PipelineMerge ceremony resolutions now include the git commit
SHA in their canonical form, binding the Quartermaster merkle
leaf to git's merkle tree. SchematicPublish includes tree_hash,
GitOpsSync includes target_revision.
Non-git ceremony types (MutationIntent, Custom) unchanged —
canonical_bytes still returns proof_hash alone.
See cid-reconciliation-audit.md Site 8.
Signed-off-by: Tyler King <tking@guildhouse.dev>
