tking/fastapi-gsap
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add Bastion product roadmap

Browse source 
Feature matrix, release plan v0.4 through v1.0, reference
deployment, architecture principles, and contribution guide.

Signed-off-by: Tyler King <tking@guildhouse.dev>
This commit is contained in:
Tyler J King 2026-04-14 10:21:33 -04:00
parent f82000e0f6
commit d62974f1b7
1 changed files with 366 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

366
ROADMAP.md Normal file
View file

@ -0,0 +1,366 @@
# Bastion — Product Roadmap
**Unified Device & Workspace Governance for the Enterprise**
*Last updated: April 2026*
---
## Vision
One governance authority, every endpoint type, every management mode, unified by identity. Bastion is the open-source MDM control plane that governs physical endpoints and virtual workspaces under a single identity-aware, cryptographically attestable policy framework.
---
## Feature Matrix
### Legend
| Status | Meaning |
|--------|---------|
| ✅ Shipped | Implemented, tested, in bastion-v0.3 |
| 🔨 In Progress | Partially implemented or stubbed |
| 📐 Designed | Architecture defined, not yet coded |
| 🗺️ Planned | Scoped and prioritized, design pending |
| 💡 Future | Identified need, not yet scoped |
---
### Identity & Authentication
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| Entra ID identity driver (JWKS-verified) | ✅ Shipped | v0.1 | Native JWT validation, device_id extraction, MFA detection |
| Keycloak identity driver (JWKS-verified) | ✅ Shipped | v0.3 | Shared JWKSVerifier, realm_access roles, DID construction |
| Shared JWKS verification framework | ✅ Shipped | v0.3 | Reusable across all identity drivers, kid-miss refresh |
| on_behalf_of impersonation gating | ✅ Shipped | v0.3 | Requires `gsap:impersonate` role |
| Okta identity driver | 🗺️ Planned | v0.6 | OIDC JWT verification, Okta-specific claims |
| SPIFFE/SPIRE workload identity | 🗺️ Planned | v0.7 | Service-to-service identity within governance infra |
| FIDO2/WebAuthn integration | 💡 Future | — | Hardware key attestation for operator authentication |
| Shared bearer auth middleware | 🔨 In Progress | v0.4 | FastAPI `Depends(verify_bearer)` for all protected endpoints |
### Device Management — Traditional Mode
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| Intune connector (7 operations) | ✅ Shipped | v0.1 | list, get, compliance, sync, lock, retire, wipe |
| Intune compliance cache | ✅ Shipped | v0.1 | In-memory with configurable TTL |
| Compliance-gated AC issuance | ✅ Shipped | v0.1 | Per-accord and global configuration |
| Entra device_id in AC metadata | ✅ Shipped | v0.1 | Extracted from JWT deviceid claim |
| device_id UUID validation | ✅ Shipped | v0.3 | Path traversal prevention for Graph API |
| Intune MCP tools | ✅ Shipped | v0.1 | 4 tools via governed connector invocation |
| Capability-enforced operations | ✅ Shipped | v0.3 | READ/PROPOSE/MUTATE per-operation |
| Keylime connector (TPM attestation) | 📐 Designed | v0.5 | Measured boot + IMA runtime integrity |
| Fleet/osquery connector | 🗺️ Planned | v0.5 | Cross-platform posture collection for Linux/macOS/Windows |
| Jamf connector (macOS) | 🗺️ Planned | v0.6 | macOS endpoint compliance and management |
| SNMP/API network device connector | 💡 Future | — | Switch/router/firewall posture assessment |
| Windows Device Health Attestation | 📐 Designed | v0.5 | TPM attestation via Intune DHA Graph API |
### Device Management — VDI Mode
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| VDI mode architecture | 📐 Designed | v0.6 | Workspace provisioning, profile governance, session binding |
| Apache Guacamole adapter | 🗺️ Planned | v0.6 | REST API integration for session lifecycle |
| Governed shell integration (Bascule) | 🔨 In Progress | v0.4 | Stubbed connector, needs Shellstream transport |
| FSLogix / profile governance | 📐 Designed | v0.7 | Content-addressed profiles as governed artifacts |
| Citrix CVAD adapter | 🗺️ Planned | v0.7 | Broker Service API for session lifecycle |
| VMware Horizon adapter | 🗺️ Planned | v0.8 | REST API integration |
| Session-device binding | 📐 Designed | v0.5 | Correlate Bascule session with originating device posture |
| Mid-session compliance re-evaluation | 📐 Designed | v0.6 | Revoke/restrict session when device posture degrades |
### Hardware Security
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| TPM attestation (Linux via Keylime) | 📐 Designed | v0.5 | Measured boot, PCR verification, IMA integration |
| TPM attestation (Windows via DHA) | 📐 Designed | v0.5 | Intune Device Health Attestation Graph API |
| HBOM collection (Linux) | 📐 Designed | v0.5 | dmidecode, sysfs, lspci, lsusb, TPM PCR values |
| HBOM collection (Windows) | 📐 Designed | v0.5 | WMI hardware classes, TPM WMI |
| HBOM drift detection | 📐 Designed | v0.5 | Content-hash comparison, unexpected component alerting |
| Firmware version verification | 📐 Designed | v0.5 | HBOM declared version vs TPM-measured version |
| HardwareIntegrity posture condition | 📐 Designed | v0.5 | Composite: TPM + HBOM + firmware all valid |
| Barcode/QR enrollment scanning | 🗺️ Planned | v0.6 | USB/camera barcode scan for device onboarding, serial/model/SKU auto-population |
| Scan-to-HBOM verification | 🗺️ Planned | v0.6 | Compare scanned vendor declaration against TPM/OS-reported hardware at first boot |
| Supply chain provenance tracking | 🗺️ Planned | v0.7 | Full hardware lifecycle: procurement scan → provisioning → production → decommission |
### Connector Framework
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| ConnectorPlugin ABC | ✅ Shipped | v0.1 | API-mediated connector pattern |
| ConnectorRuntime with Chronicle audit | ✅ Shipped | v0.1 | Intent-before-execution, result-after |
| SessionTransport / SessionConnector | ✅ Shipped | v0.2 | Session-based connector pattern with lifecycle |
| OrchestratorConnector | ✅ Shipped | v0.2 | Multi-step workflow pattern with partial-completion |
| Bascule connector (stubbed) | 🔨 In Progress | v0.4 | AC-as-credential, needs Shellstream transport |
| PowerShell connector (stubbed) | 🔨 In Progress | v0.5 | Kerberos credential, needs pypsrp transport |
| Ansible connector (stubbed) | 🔨 In Progress | v0.5 | Orchestrator pattern, needs ansible-runner |
| Keylime connector | 📐 Designed | v0.5 | TPM attestation API integration |
| Connector plugin SDK | 🗺️ Planned | v0.7 | Guild-facing SDK for third-party connectors |
### Credential Management
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| CredentialResolver abstraction | ✅ Shipped | v0.2 | Type routing, expiry enforcement, zero-storage |
| Entra credential backend (OAuth) | ✅ Shipped | v0.2 | MSAL on-behalf-of token acquisition |
| Bascule credential passthrough | ✅ Shipped | v0.2 | AC is the credential |
| Stub credential backend | ✅ Shipped | v0.2 | Dev/testing only, requires explicit opt-in (v0.3) |
| Credential repr safety | ✅ Shipped | v0.3 | field(repr=False) on all sensitive fields |
| Kerberos credential resolution | 🔨 In Progress | v0.5 | Entra Kerberos proxy or hybrid AD |
| SSH certificate credential | 📐 Designed | v0.5 | Short-lived certs from Bascule CA |
| HashiCorp Vault backend | 🗺️ Planned | v0.6 | Dynamic secrets for all credential types |
| CyberArk backend | 🗺️ Planned | v0.7 | Enterprise PAM integration |
| Azure Key Vault backend | 🗺️ Planned | v0.6 | Cloud-native secrets for Azure environments |
### Authorization & Governance
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| AC issuance (GSAP spec) | ✅ Shipped | v0.1 | Full lifecycle: issue, poll, consume |
| Completion receipts | ✅ Shipped | v0.1 | Outcome recording with behavioral attestation |
| Capability mask enforcement | ✅ Shipped | v0.3 | READ/PROPOSE/MUTATE per-operation check |
| AC validation in ConnectorRuntime | ✅ Shipped | v0.3 | Exists, active, not expired |
| Session mode ACs | ✅ Shipped | v0.1 | Multi-operation sessions with session_end |
| Delegation lifecycle | ✅ Shipped | v0.1 | Create, revoke, query, list, TTL, command limits |
| Bounded delegation capability | ✅ Shipped | v0.3 | Cannot exceed delegator's capability mask |
| Atomic command counter | ✅ Shipped | v0.3 | SQL-level increment with limit check |
| DeviceRouter | ✅ Shipped | v0.2 | Automatic connector selection by device OS/channel |
| Declarative compliance policies | 🗺️ Planned | v0.5 | Cross-platform policy definitions |
| Accord template externalization | 🗺️ Planned | v0.5 | From hardcoded dict to CRD/file-based |
| Ceremony-gated operations | 📐 Designed | v0.6 | Multi-party approval for destructive operations |
| Delegation depth enforcement | 🔨 In Progress | v0.4 | Chain traversal and depth limit |
### AI Agent Integration
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| MCP tool surface | ✅ Shipped | v0.1 | JSON-RPC 2.0, 11 core + 4 Intune tools |
| Agent delegation system | ✅ Shipped | v0.1 | Ephemeral IdP registrations, scoped ACs |
| Delegation with Entra registrar | ✅ Shipped | v0.1 | App registration + service principal + client credential |
| Delegation with Keycloak registrar | ✅ Shipped | v0.1 | Ephemeral service-account clients |
| MCP authentication | 🔨 In Progress | v0.4 | Bearer token required for all MCP operations |
| MCP AC validation | ✅ Shipped | v0.3 | Governed tools require real AC (no synthetic bypass) |
| Harness specification | 📐 Designed | v0.6 | Delegation scope, escalation boundary, observation/action mode |
| Harness enforcement in gsh | 📐 Designed | v0.7 | gsh reads harness.toml, enforces scope |
| Agent telemetry classification | 📐 Designed | v0.6 | Distinguish agent ops from human ops in Chronicle |
| Automated remediation harness | 📐 Designed | v0.7 | Compliance violation → agent remediation within scope |
### Compliance & Attestation
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| Compliance-gated authorization | ✅ Shipped | v0.1 | Non-compliant devices denied ACs |
| PostureLevel (Lockdown..Normal) | ✅ Shipped | witness-sprint1 | Wire-compatible with Shellstream |
| WitnessLevel (L1-L4) | ✅ Shipped | witness-sprint1 | Telemetry granularity per SAT-SPEC-ZONE-001 |
| PostureCondition framework | ✅ Shipped | witness-sprint1 | 9 condition kinds including Custom |
| WitnessConfig on AccordSpec | ✅ Shipped | witness-sprint1 | Conditions + delegates + interval + breach response |
| PostureTransitionArtifact | ✅ Shipped | witness-sprint1 | Merkle-anchored posture change evidence |
| Posture condition evaluator | ✅ Shipped | witness-sprint2 | 6 checkers implemented, 2 stubbed |
| Witness event classification | ✅ Shipped | witness-sprint2 | Operational/Witness/Forensic at ingestion bridge |
| TpmAttestationValid condition | 📐 Designed | v0.5 | Keylime-backed posture condition |
| HbomNoDrift condition | 📐 Designed | v0.5 | HBOM integrity-backed posture condition |
| HostPostureSnapshot generation | 📐 Designed | v0.6 | Selective merkle proofs for external observers |
| Witness delegation forwarding | 📐 Designed | v0.6 | Pulsar subscription → filtered CloudEvents to delegates |
| Insurance observability API | 🗺️ Planned | v0.7 | Read-only posture history for insurers |
| Dynamic premium integration | 💡 Future | — | Insurer-side premium calculation from posture stream |
| CMMC compliance mapping | 🗺️ Planned | v0.7 | Map Bastion posture conditions to CMMC practices |
| SOC 2 evidence generation | 🗺️ Planned | v0.7 | Automated evidence collection for SOC 2 controls |
| SLSA build provenance integration | 📐 Designed | v0.8 | Build attestation feeding into device posture |
### Audit & Telemetry
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| Chronicle event emission | ✅ Shipped | v0.1 | CloudEvents to ingestion bridge |
| Intent-before-execution audit | ✅ Shipped | v0.3 | INTENT event before, RESULT event after |
| GovernanceEnvelope | ✅ Shipped | cid-phase3 | Binds git ref + actor + accord + timestamp |
| ChronicleGitEvent | ✅ Shipped | cid-phase3 | Git-originated events in Chronicle chain |
| Witness event types (0x2801-0x2805) | ✅ Shipped | witness-sprint1 | Posture verified/breached, delegate lifecycle |
| Chronicle migration to CloudEvents | ✅ Shipped | boundary-cleanup | All emitters use CloudEvents 1.0 |
| DEVICE_COMPLIANCE_CHECKED event | ✅ Shipped | v0.1 | Compliance gate decisions audited |
| CONNECTOR_INVOCATION_INTENT event | ✅ Shipped | v0.3 | Pre-execution audit record |
| Broker Chronicle → CloudEvents gRPC | 🗺️ Planned | v0.5 | Replace Forgejo webhook format (M6.2 TODO) |
| Forensic telemetry classification | 📐 Designed | v0.6 | Full Chronicle stream for incident investigation |
### Multi-Tenancy & Fleet Management
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| Device inventory (Intune-sourced) | ✅ Shipped | v0.1 | Windows managed devices via Graph API |
| Device inventory (Linux) | 🔨 In Progress | v0.5 | Via Bascule connector collect operation |
| Cross-tenant MSP dashboard | 🗺️ Planned | v0.6 | Dioxus frontend with per-client views |
| Tenant isolation in broker | 🗺️ Planned | v0.6 | Per-tenant Accord scope, data isolation |
| Vertical policy templates | 🗺️ Planned | v0.7 | Healthcare, legal, manufacturing, tribal presets |
| Fleet-wide posture aggregation | 🗺️ Planned | v0.7 | Cross-device posture summary per tenant |
| Billing/usage metering | 💡 Future | — | Per-tenant usage for MSP billing |
### Platform & Infrastructure
| Feature | Status | Version | Notes |
|---------|--------|---------|-------|
| FastAPI + SQLite (prototype) | ✅ Shipped | v0.1 | Single-container deployment |
| PostgreSQL migration | 🗺️ Planned | v0.5 | asyncpg, same SQLModel layer |
| SQLite file permissions (0o600) | 🔨 In Progress | v0.4 | Security hardening |
| Pydantic SecretStr for secrets | ✅ Shipped | v0.3 | Settings safety |
| Helm chart | 🗺️ Planned | v0.6 | K8s deployment |
| Rust port — AC issuance | 🗺️ Planned | v1.0 | Axum/Tonic, governance-types crate |
| Rust port — connectors | 🗺️ Planned | v1.0 | reqwest + azure_identity |
| Rust port — credential resolver | 🗺️ Planned | v1.0 | Same zero-storage pattern |
| OpenAPI spec generation | 🗺️ Planned | v0.6 | Auto-generate from FastAPI routes |
---
## Release Plan
### v0.4 — Authentication Hardening (Q2 2026)
**Theme:** Close the remaining security gaps and establish shared auth middleware.
- Shared `Depends(verify_bearer)` FastAPI middleware (closes C-4, C-8)
- MCP endpoint full bearer authentication
- Delegation endpoint bearer authentication with DID from token
- Delegation depth enforcement (H-7)
- SQLite file permissions (H-6)
- Bascule connector: real Shellstream transport integration (first real session connector)
**Exit criteria:** All 10 critical findings fully closed. Zero unauthenticated endpoints.
### v0.5 — Hardware Trust & Real Transports (Q3 2026)
**Theme:** TPM attestation, HBOM, and the first real management transports.
- Keylime connector for TPM-based measured boot attestation
- Windows Device Health Attestation via Intune DHA Graph API
- HBOM collection (Linux via Bascule, Windows via PowerShell)
- HBOM drift detection with content-hash comparison
- HardwareIntegrity composite posture condition
- PowerShell connector: real pypsrp transport
- Ansible connector: real ansible-runner integration
- Fleet/osquery connector for cross-platform posture collection
- PostgreSQL migration (asyncpg)
- Declarative compliance policy engine (cross-platform evaluation)
- Accord template externalization (file/CRD-based)
- Broker Chronicle client migration to CloudEvents (not Forgejo format)
- Device inventory for Linux endpoints (via Bascule collect)
- Session-device binding (correlate Bascule session to originating device)
**Exit criteria:** TPM attestation operational on Linux. At least two real transports (Bascule + PowerShell) executing against live targets. HBOM collected and verified.
### v0.6 — VDI Mode & Multi-Tenancy (Q4 2026)
**Theme:** Virtual workspace governance and MSP fleet management.
- Apache Guacamole VDI adapter
- Governed shell (Bascule) as a VDI mode workspace
- Workspace provisioning lifecycle (auth → provision → monitor → terminate)
- Mid-session compliance re-evaluation
- Session-device correlation in unified audit trail
- HostPostureSnapshot generation (Notarization Boundary)
- Witness delegation forwarding (Pulsar → filtered CloudEvents)
- Tenant isolation in broker (per-client Accord scope)
- Cross-tenant MSP dashboard (Dioxus)
- Harness specification for AI agents
- Agent telemetry classification (agent vs human ops)
- Ceremony-gated destructive operations
- Barcode/QR device enrollment (USB scanner + camera/mobile support)
- Scan-to-HBOM verification (vendor declaration vs actual hardware at first boot)
- Helm chart for K8s deployment
- OpenAPI spec auto-generation
- Okta identity driver
**Exit criteria:** VDI mode operational with at least one platform adapter. MSP can manage multiple clients with tenant isolation. Witness delegation producing snapshots.
### v0.7 — Insurance & Compliance Frameworks (Q1 2027)
**Theme:** Compliance automation and the insurance observability product.
- Insurance observability API (read-only posture history)
- CMMC compliance mapping (posture conditions → CMMC practices)
- SOC 2 evidence generation (automated control evidence)
- Vertical policy templates (healthcare, legal, manufacturing, tribal)
- Fleet-wide posture aggregation (cross-device summary)
- FSLogix / profile governance (content-addressed VDI profiles)
- Harness enforcement in gsh (harness.toml → scope enforcement)
- Automated remediation harness (compliance violation → agent action)
- Citrix CVAD adapter
- Jamf connector (macOS)
- SPIFFE/SPIRE workload identity
- HashiCorp Vault credential backend
- CyberArk credential backend
- Connector plugin SDK for guild/third-party development
- Supply chain provenance tracking (procurement scan → provisioning → production → decommission)
**Exit criteria:** Insurance observability API operational. At least one compliance framework (CMMC or SOC 2) mapped. Harness-governed AI agents performing automated remediation.
### v0.8 — Ecosystem & Scale (Q2 2027)
**Theme:** Scale, ecosystem growth, and advanced attestation.
- VMware Horizon VDI adapter
- SLSA build provenance integration
- Supply chain provenance tracking (HBOM lifecycle)
- Distributed cache for multi-worker deployments
- Advanced posture analytics (trend analysis, predictive degradation)
- Guild marketplace integration (connector/policy template distribution)
- Forensic telemetry mode (full Chronicle stream for incident investigation)
### v1.0 — Rust Port & Production Hardening (Q3 2027)
**Theme:** Production-grade Rust implementation for performance and safety.
- Rust port: AC issuance and CR ingestion (Axum/Tonic)
- Rust port: connector framework (reqwest + azure_identity)
- Rust port: credential resolver (same zero-storage architecture)
- Rust port: identity drivers (JWKS verification)
- Python broker archived as reference implementation
- Full conformance test suite (Python and Rust implementations must pass)
- Performance benchmarking and load testing
- Security audit of Rust implementation
---
## Reference Deployment
### Tribal Nation NOC (2026-2027)
The primary reference deployment validating all Bastion capabilities:
- **Sovereignty:** Self-hosted control plane, local governance authority
- **Mixed fleet:** Windows workstations (Entra/Intune) + Linux terminals (Bascule/GSH)
- **Dual-mode:** Physical NOC terminals + VDI remote access for off-site operators
- **Hardware trust:** TPM attestation on all NOC endpoints, HBOM verification
- **Compliance:** Continuous posture attestation for tribal cybersecurity requirements
- **Insurance:** Witness delegation to cyber insurer for dynamic premium model
- **AI agents:** Harness-governed automated monitoring and remediation
---
## Architecture Principles
1. **Zero credential storage.** The broker holds authorization decisions (ACs), never credentials. Short-lived credentials acquired at invocation time, discarded after use.
2. **Governance by identity, not device.** The identity (who) determines the policy (what they can do). The device (where they are) is a posture signal, not the access decision.
3. **Delegate enforcement, own decisions.** Bastion makes governance decisions. Platform-specific tools (Intune, Keylime, Ansible, Bascule) enforce them. The control plane is durable; backends evolve.
4. **Attest, don't assert.** Every governance claim is backed by cryptographic evidence — TPM measurements, merkle-anchored posture records, signed attestation snapshots. Software assertions are corroborated by hardware proofs.
5. **Pluggable everything.** Identity drivers, credential backends, connectors, VDI adapters, compliance policies. The framework ships; the ecosystem grows.
6. **Audit before execute.** Chronicle INTENT event before every operation, RESULT event after. The audit trail survives execution failures.
---
## Contributing
Bastion follows the guild-based contribution model:
- **License:** Apache 2.0
- **Contributions:** Developer Certificate of Origin (DCO), not CLA
- **Connector development:** Implement the ConnectorPlugin ABC; the framework provides Chronicle audit, GSAP validation, and credential resolution
- **Identity drivers:** Implement the IdentityDriver ABC with JWKSVerifier for JWT validation
- **Credential backends:** Implement the CredentialBackend ABC with enforced TTL on all credentials
- **Policy templates:** Submit compliance policy definitions for specific verticals or frameworks
See bastion-security-audit.md for the current security posture and known limitations.