Adds an env-gated startup hook that submits one synthetic AuditEvent
(notarize=true) to the AuditPipeline. The flush_loop then submits the
leaf to QM via CreateAnchor on its next cycle, demonstrating the
bascule→QM integration end-to-end without requiring real OIDC sessions
(genesis hasn't lifted the realm yet).
Default off — only triggers if BASCULE_DEMO_AUDIT=1 in pod env. Leaves
no permanent test surface in normal deployments. Slated for removal
once OIDC sessions can drive the path through the auth filter chain;
keeping it default-off makes that removal a no-op for production.
Signed-off-by: Tyler J King <tking@guildhouse.dev>
Two bugs surfaced when bascule-gateway pods first reached Running and
attempted config load (F.4 deployment):
1. Env-var override didn't take effect for any BASCULE_* variable.
config::Environment::with_prefix("BASCULE") without an explicit
prefix_separator strips the literal "BASCULE" with no separator,
so BASCULE_ACCORD_PATH became "_ACCORD_PATH" (leading underscore)
which doesn't match the field "accord_path". Result: every env
override silently fell back to the default in config.rs, and the
pod read /accord/accord.yaml instead of /etc/bascule/accord.yaml
from the configured volume. Adds .prefix_separator("_") to match
QM's pattern in services/quartermaster/src/config.rs:150.
2. Embedded fallback accord YAML had `sampled: []` and a stray
`sampleRate: 1`, but the schema has
`sampled: Option<SampledConfig {events, sample_rate}>` — empty
list mis-parses as struct. Result: when accord file lookup failed,
the .expect("empty accord must parse") panicked, crashing the
bascule-gateway container. Now omitted (Option default None).
Both fixes verified against accord-core's schema in
services/accord-core/src/schema.rs.
Signed-off-by: Tyler J King <tking@guildhouse.dev>
Multi-stage rust:bookworm → debian:bookworm-slim build, modeled on
guildhouse/services/Dockerfile (F.2). Build context is the
substrate-project repo root because bascule-gateway's Cargo.toml has
cross-workspace path deps reaching:
- ../../substrate/crates/governance-types (and substrate-rt
transitively, which inherits edition from substrate's workspace
root — substrate must be COPYed as a whole for the inheritance
chain to load)
- ../../guildhouse/services/{accord-core, accord-opa, qm-core,
guildhouse-proto}
- ../../guildhouse/sdk/{guildhouse-mq, guildhouse-tower} via
transitive deps
Image output: git.guildhouse.dev/tking/bascule-gateway:v0.1.0.
Signed-off-by: Tyler J King <tking@guildhouse.dev>
Wires the AuditPipeline's flush() path to QM's QuartermasterNotary
gRPC service. Previously flush() only updated local notarized=true
flags; now it batches pending leaf hashes into a CreateAnchorRequest
and persists the returned anchor_id + leaf_index back on each event
row.
Lazy-retry semantics match guildhouse-spire-plugins pkg/governance
(F.1): the gRPC channel is established on first successful flush and
cached in Arc<Mutex<Option<QuartermasterNotaryClient<Channel>>>>. If
QM is unreachable, bascule logs a warning, re-queues the leaves into
the pending buffer, and retries on the next flush interval. Local
audit rows are still written with notarized=true; only anchor_id
stays NULL until an anchor successfully lands. This is the same
pattern that unblocks the bascule-deploys-before-QM ordering problem
without crashing bascule.
Schema: bascule.audit_events already had anchor_id uuid + leaf_index
integer columns (migrations.rs, pre-existing). This commit populates
them for the first time.
Config:
- New `cluster_id` field on BasculeConfig, sourced from
BASCULE_CLUSTER_ID env. Empty string disables QM submission (local
storage only). In F.4, bascule gets the UUID from QM's clusters
table (generated at QM genesis).
- Existing `qm_endpoint` field now actually used (was scaffolded in
pre-F.4 code but never read).
Backwards-compat:
- submit(&self, event: &AuditEvent, notarize: bool) signature preserved.
- should_notarize(classification, fidelity) public fn preserved.
- Internal leaf_data hashing simplified to an event-field digest
(event_id + session_id + operator + command + classification +
exec_result + timestamp); bypasses serde_json_canonicalizer
dependency that the prior version required. Verify path still
works against QM's merkle tree because QM hashes whatever bytes
bascule submits — QM doesn't re-compute; it trusts the leaf
payload bascule submitted is the leaf.
Signed-off-by: Tyler J King <tking@guildhouse.dev>
DelegationScope is orthogonal to ShellClass — an Application session
can have delegation authority to orchestrate System operations on
remote targets (the Infrastructure shell pattern for Ansible/Terraform).
TargetSelector supports: None, Hosts (explicit list), LabelSelector
(deferred to K8s API), TrustDomain (all hosts). Default: denied
(fail-closed).
DelegationDecision: Permitted, Denied (with reason), Deferred (for
async label resolution).
Added delegation field to SessionScope with #[serde(default)] for
backward-compatible deserialization.
7 unit tests for delegation scope checking.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
Read the cluster's operational posture level from the posture-current
ConfigMap at ceremony grant time. Derive ShellClass via
derive_shell_class() and stamp into the granted SessionScope.
- Normal posture (5) -> ShellClass::System
- Any DEFCON escalation -> ShellClass::Application
- Fail-closed: missing ConfigMap -> Lockdown -> Application
- posture_level_at_establishment stored for audit/breach comparison
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
Introduce ShellClass (Application | System) as a session-scoped
classification derived from PostureLevel at ceremony grant time.
- ShellClass::Application: default, software operations only
- ShellClass::System: host operations, requires Normal (5) posture
- derive_shell_class(): pure function, configurable threshold
- satisfies(): hierarchical check (System satisfies Application)
- No mid-session upgrade by design (immutable in SessionScope)
Added shell_class and posture_level_at_establishment to SessionScope
with #[serde(default)] for backward-compatible deserialization.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
Replace hardcoded posture return in AttestationHandler (Shellstream
namespace 0x0005) with PostureReader that reads the posture-current
ConfigMap written by the substrate-operator's posture evaluator.
Data pipeline is now end-to-end:
Keylime verifier -> posture evaluator -> ConfigMap -> bascule-agent
Behavior:
- posture_source='config': reads posture-current ConfigMap, maps
level to PostureLevel, caches with configurable TTL (default 30s)
- posture_source='static' or dev_mode: returns configured static
level and wire value (replaces hardcoded string for clarity)
- Graceful fallback: missing ConfigMap -> PostureLevel::Lockdown
(fail-closed) + warning log
New dependencies: kube, k8s-openapi, governance-types (via path).
Does NOT add keylime-client — reads ConfigMap JSON directly.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
PipelineMerge, SchematicPublish, and GitOpsSync ceremony merkle
leaves are now the canonical_hash() of a GovernanceEnvelope,
binding git ref + governance metadata into a single auditable
32-byte hash.
Uses the resolution's resolved_at timestamp for deterministic
envelope construction.
Non-git ceremony types (MutationIntent, Custom) unchanged.
Signed-off-by: Tyler King <tking@guildhouse.dev>
PipelineMerge ceremony resolutions now include the git commit
SHA in their canonical form, binding the Quartermaster merkle
leaf to git's merkle tree. SchematicPublish includes tree_hash,
GitOpsSync includes target_revision.
Non-git ceremony types (MutationIntent, Custom) unchanged —
canonical_bytes still returns proof_hash alone.
See cid-reconciliation-audit.md Site 8.
Signed-off-by: Tyler King <tking@guildhouse.dev>
