# Changelog

## [0.1.0-rc.1] - 2026-04-15

### Added

- **ShellClass** (Application | System) derived from PostureLevel at ceremony grant
  - Immutable for session lifetime — no mid-session upgrade, downgrade only
  - `derive_shell_class()` pure function with configurable threshold
  - `satisfies()` hierarchical check (System satisfies Application)

- **PostureReader** in bascule-agent replacing soft-mode attestation
  - Reads `posture-current` ConfigMap written by substrate-operator
  - TTL-cached (30s default) with stale-serve-on-error semantics
  - Fail-closed to `PostureLevel::Lockdown` on ConfigMap unavailability
  - `posture_source="static"` preserved for dev/test without a cluster

- **DelegationScope** for Infrastructure shell pattern
  - Application sessions with delegation authority for orchestrators (Ansible/Terraform)
  - `TargetSelector`: Hosts, LabelSelector (deferred), TrustDomain
  - Orthogonal to ShellClass — independent axes on SessionScope

- **Session downgrade on posture breach**
  - Breach evaluator maps all 5 `BreachResponse` variants (LogOnly, AlertDelegates,
    ReducePosture, SuspendTrust, RevokeAccord)
  - 30s posture polling loop on `posture-current` ConfigMap
  - System sessions downgraded to Application on posture degradation
  - SuspendTrust/RevokeAccord terminate sessions immediately

- **Worker pre-flight enforcement** in org-ops
  - `required_shell_class()` on OrgCommands trait (default: Application)
  - `target_host()` on OrgCommands trait for remote dispatch
  - Three-step pre-flight: delegation authority + target scope + target posture
  - Fail-closed on unknown delegation or posture

- **SessionScope enrichment**
  - `shell_class: ShellClass` with `#[serde(default)]`
  - `posture_level_at_establishment: Option<u8>` with `#[serde(default)]`
  - `delegation: DelegationScope` with `#[serde(default)]`
  - All backward-compatible with existing persisted sessions