tking/bascule-workspace
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-workspace/bascule-agent/Dockerfile
Tyler King b1865a0627 initial: bascule v0.1.0 
Bascule shell runtime workspace — governed shell access layer
for Substrate/Guildhouse FFC deployments.

Crates:
- bascule-agent: node agent with SSH server + command filtering
- bascule-core: audit, grant engine, ceremony types, session
- bascule-filter-core: log line filtering (stdio protocol)
- bascule-gateway: OIDC auth, session management, SAT validation
- bascule-node-agent: k8s DaemonSet agent (pod watcher, BPF manager)
- bascule-proto: protobuf definitions
- bascule-shell: governed SSH shell (commands, elevation, REPL)
- bascule-tail: chronicle log tail + fanout
- ceremony-engine: ceremony lifecycle (6 types + request/resolution)

172 tests passing.
Implements SBS-SPEC-0001 shell model.
Reference impl for SPEC-SHELLOPS-0001 Layer 1 (root shell).
2026-03-18 16:40:48 -04:00

33 lines
864 B
Docker
Raw Permalink Blame History

# Multi-stage build for bascule-agent
# Stage 1: Build
FROM rust:latest AS builder
WORKDIR /build
COPY . .
ENV SQLX_OFFLINE=true
RUN cd services && cargo build --release -p bascule-agent
# Stage 2: Runtime
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Create substrate user and directories
RUN groupadd -r substrate && useradd -r -g substrate substrate && \
mkdir -p /var/run/substrate /etc/substrate && \
chown substrate:substrate /var/run/substrate
COPY --from=builder /build/services/target/release/bascule-agent /usr/local/bin/bascule-agent
# Default config
COPY services/bascule-agent/tests/e2e-config.toml /etc/substrate/shell.toml
USER substrate
EXPOSE 2222
ENTRYPOINT ["bascule-agent"]
CMD ["--config", "/etc/substrate/shell.toml"]
Reference in a new issue View git blame Copy permalink