tking/bascule-workspace
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-workspace/CHANGELOG.md
Tyler J King 9c492d739a docs: add ARCHITECTURE.md, CHANGELOG, fix Cargo metadata 
ARCHITECTURE.md explains the governed shell stack, Keylime integration
model, ShellClass derivation, and implementation status for reviewer
orientation.

CHANGELOG documents v0.1.0-rc.1 deliverables.

Cargo.toml metadata (license, repository) added to bascule-core,
bascule-agent, bascule-gateway.

Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
2026-04-15 15:37:27 -04:00

1.9 KiB
Raw Blame History

Changelog

[0.1.0-rc.1] - 2026-04-15

Added

  • ShellClass (Application | System) derived from PostureLevel at ceremony grant

    • Immutable for session lifetime — no mid-session upgrade, downgrade only
    • derive_shell_class() pure function with configurable threshold
    • satisfies() hierarchical check (System satisfies Application)

  • PostureReader in bascule-agent replacing soft-mode attestation

    • Reads posture-current ConfigMap written by substrate-operator
    • TTL-cached (30s default) with stale-serve-on-error semantics
    • Fail-closed to PostureLevel::Lockdown on ConfigMap unavailability
    • posture_source="static" preserved for dev/test without a cluster

  • DelegationScope for Infrastructure shell pattern

    • Application sessions with delegation authority for orchestrators (Ansible/Terraform)
    • TargetSelector: Hosts, LabelSelector (deferred), TrustDomain
    • Orthogonal to ShellClass — independent axes on SessionScope

  • Session downgrade on posture breach

    • Breach evaluator maps all 5 BreachResponse variants (LogOnly, AlertDelegates, ReducePosture, SuspendTrust, RevokeAccord)
    • 30s posture polling loop on posture-current ConfigMap
    • System sessions downgraded to Application on posture degradation
    • SuspendTrust/RevokeAccord terminate sessions immediately

  • Worker pre-flight enforcement in org-ops

    • required_shell_class() on OrgCommands trait (default: Application)
    • target_host() on OrgCommands trait for remote dispatch
    • Three-step pre-flight: delegation authority + target scope + target posture
    • Fail-closed on unknown delegation or posture

  • SessionScope enrichment

    • shell_class: ShellClass with #[serde(default)]
    • posture_level_at_establishment: Option<u8> with #[serde(default)]
    • delegation: DelegationScope with #[serde(default)]
    • All backward-compatible with existing persisted sessions