Add worker_preflight() check at dispatch time for commands that
target remote hosts. Enforces three conditions:
1. Session has delegation authority
2. Target host is in delegation scope
3. Target host posture satisfies required shell class
OrgCommands trait extended with target_host() method (default: None
for local commands). SessionContext enriched with delegation_scope.
Lightweight DelegationScope duplicate avoids bascule-core dep chain.
Target posture reader stubbed — requires gateway posture query API
(tracked as follow-up).
Fail-closed: unknown delegation -> denied, unknown posture -> denied.
11 unit tests for delegation and preflight.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
Add required_shell_class() to OrgCommands trait with Application
default (backward compatible). GSH dispatch checks session ShellClass
against command requirement before execution.
- ShellClass enum (local, lightweight — avoids bascule-core dep)
- SessionContext enriched with shell_class and posture_level
- Clear error on insufficient shell class directs operator to
reconnect via attested host for System access
- All existing commands work unchanged (Application default)
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
Add emit_git_event() method to ChronicleClient that embeds a
GovernanceEnvelope in the CloudEvent data payload. The CloudEvent
id is set to the hex-encoded git_ref from the envelope.
Migrate GOV_COMMIT_CREATED, GOV_PUSH, and GOV_PR_CREATED in
git_commands.rs to use emit_git_event(). Non-git events continue
to use the existing emit() method.
Signed-off-by: Tyler King <tking@guildhouse.dev>
org-ops-core now re-exports git_blob_hash, git_blob_hash_hex, and
git_blob_cid from the shared governance-types crate. BPF key
helpers remain local. sha1 direct dependency removed (transitive
through governance-types).
Signed-off-by: Tyler King <tking@guildhouse.dev>
Add git_hash module that computes SHA-1 blob hashes identical to
`git hash-object --stdin`. Includes BPF map key extraction that
handles both legacy sha256: and new gitsha1: CID formats.
Migrate TestRunResult::compute_cid() from custom SHA-256 to git
blob hash. New CID format: `gitsha1:{40 hex chars}`. File storage
path uses the full CID as filename (backward compatible for reads
since old files retain their sha256: names).
New dependency: sha1 0.10 (RustCrypto, same family as sha2).
See cid-reconciliation-audit.md Sites 1, 3.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Replace fake Forgejo push webhook for AI_RISK_ASSESSMENT with
structured CloudEvents 1.0. Event now carries confidence_score,
recommendation, test_results_analyzed, and diff_match as typed
fields instead of a flat message string.
Event rename: AI_RISK_ASSESSMENT -> GOV_AI_RISK_ASSESSMENT
Signed-off-by: Tyler King <tking@guildhouse.dev>
Replace fake Forgejo push webhook construction with structured
CloudEvents 1.0 via ChronicleClient. Git commit SHAs are now used
as CloudEvent ids for COMMIT_CREATED and PUSH events, enabling
direct correlation between Chronicle entries and git history.
Event renames:
- REPO_CLONED -> GOV_REPO_CLONED
- COMMIT_CREATED -> GOV_COMMIT_CREATED
- GOVERNED_PUSH -> GOV_PUSH
- PR_CREATED -> GOV_PR_CREATED
Signed-off-by: Tyler King <tking@guildhouse.dev>
The reasoning_cid was computed via SHA-256 but immediately discarded
(`let _ = reasoning_cid`). Remove the dead hash computation and the
now-unused sha2 import.
Ref: cid-reconciliation-audit.md Site 5
Signed-off-by: Tyler King <tking@guildhouse.dev>
The governed playbook runner now:
1. Requests an AC from the GSAP broker before execution
2. Validates corpus CID + parameters CID + single-use
3. Executes the ansible playbook (unchanged)
4. Posts a Completion Receipt to the broker after execution
Environment variables:
GSAP_BROKER_URL — Capstone broker endpoint
GSAP_BEARER_TOKEN — JWT for broker auth
GSAP_DRIVER_ID — identity driver (default: keycloak-guildhouse)
GSAP_ACCORD_TEMPLATE — accord template (default: from GUILDHOUSE_ACCORD)
GSAP_SESSION_DIR — local session state directory
Self-authorized mode:
If GSAP_BROKER_URL not set, execution proceeds without AC/CR.
Valid for development (GSAP §1.3). Not for production.
Error handling:
ElevationRequired → shows activation instructions, aborts
Denied → shows reason, aborts
CorpusMismatch → shows CID diff, aborts
CR delivery failure → stores locally, warns, does not abort
4/4 gsap_client unit tests passing.
Build clean with zero errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements the shell side of GCAP-SPEC-SHELLBOUND-BROKER-0001.
The broker (Capstone) issues ACs. This module consumes them.
GsapClient:
authorize() — request AC, validate R-20/R-22/R-23/R-24
complete() — post CR with 3x retry (R-29)
ConsumedContextRegistry:
Filesystem-based replay prevention (R-22)
4/4 unit tests passing:
test_corpus_mismatch, test_params_modified,
test_replay_rejected, test_valid_ac
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
