# Bastion β€” Product Roadmap **Unified Device & Workspace Governance for the Enterprise** *Last updated: April 2026* --- ## Vision One governance authority, every endpoint type, every management mode, unified by identity. Bastion is the open-source MDM control plane that governs physical endpoints and virtual workspaces under a single identity-aware, cryptographically attestable policy framework. --- ## Feature Matrix ### Legend | Status | Meaning | |--------|---------| | βœ… Shipped | Implemented, tested, in bastion-v0.3 | | πŸ”¨ In Progress | Partially implemented or stubbed | | πŸ“ Designed | Architecture defined, not yet coded | | πŸ—ΊοΈ Planned | Scoped and prioritized, design pending | | πŸ’‘ Future | Identified need, not yet scoped | --- ### Identity & Authentication | Feature | Status | Version | Notes | |---------|--------|---------|-------| | Entra ID identity driver (JWKS-verified) | βœ… Shipped | v0.1 | Native JWT validation, device_id extraction, MFA detection | | Keycloak identity driver (JWKS-verified) | βœ… Shipped | v0.3 | Shared JWKSVerifier, realm_access roles, DID construction | | Shared JWKS verification framework | βœ… Shipped | v0.3 | Reusable across all identity drivers, kid-miss refresh | | on_behalf_of impersonation gating | βœ… Shipped | v0.3 | Requires `gsap:impersonate` role | | Okta identity driver | πŸ—ΊοΈ Planned | v0.6 | OIDC JWT verification, Okta-specific claims | | SPIFFE/SPIRE workload identity | πŸ—ΊοΈ Planned | v0.7 | Service-to-service identity within governance infra | | FIDO2/WebAuthn integration | πŸ’‘ Future | β€” | Hardware key attestation for operator authentication | | Shared bearer auth middleware | πŸ”¨ In Progress | v0.4 | FastAPI `Depends(verify_bearer)` for all protected endpoints | ### Device Management β€” Traditional Mode | Feature | Status | Version | Notes | |---------|--------|---------|-------| | Intune connector (7 operations) | βœ… Shipped | v0.1 | list, get, compliance, sync, lock, retire, wipe | | Intune compliance cache | βœ… Shipped | v0.1 | In-memory with configurable TTL | | Compliance-gated AC issuance | βœ… Shipped | v0.1 | Per-accord and global configuration | | Entra device_id in AC metadata | βœ… Shipped | v0.1 | Extracted from JWT deviceid claim | | device_id UUID validation | βœ… Shipped | v0.3 | Path traversal prevention for Graph API | | Intune MCP tools | βœ… Shipped | v0.1 | 4 tools via governed connector invocation | | Capability-enforced operations | βœ… Shipped | v0.3 | READ/PROPOSE/MUTATE per-operation | | Keylime connector (TPM attestation) | πŸ“ Designed | v0.5 | Measured boot + IMA runtime integrity | | Fleet/osquery connector | πŸ—ΊοΈ Planned | v0.5 | Cross-platform posture collection for Linux/macOS/Windows | | Jamf connector (macOS) | πŸ—ΊοΈ Planned | v0.6 | macOS endpoint compliance and management | | SNMP/API network device connector | πŸ’‘ Future | β€” | Switch/router/firewall posture assessment | | Windows Device Health Attestation | πŸ“ Designed | v0.5 | TPM attestation via Intune DHA Graph API | ### Device Management β€” VDI Mode | Feature | Status | Version | Notes | |---------|--------|---------|-------| | VDI mode architecture | πŸ“ Designed | v0.6 | Workspace provisioning, profile governance, session binding | | Apache Guacamole adapter | πŸ—ΊοΈ Planned | v0.6 | REST API integration for session lifecycle | | Governed shell integration (Bascule) | πŸ”¨ In Progress | v0.4 | Stubbed connector, needs Shellstream transport | | FSLogix / profile governance | πŸ“ Designed | v0.7 | Content-addressed profiles as governed artifacts | | Citrix CVAD adapter | πŸ—ΊοΈ Planned | v0.7 | Broker Service API for session lifecycle | | VMware Horizon adapter | πŸ—ΊοΈ Planned | v0.8 | REST API integration | | Session-device binding | πŸ“ Designed | v0.5 | Correlate Bascule session with originating device posture | | Mid-session compliance re-evaluation | πŸ“ Designed | v0.6 | Revoke/restrict session when device posture degrades | ### Hardware Security | Feature | Status | Version | Notes | |---------|--------|---------|-------| | TPM attestation (Linux via Keylime) | πŸ“ Designed | v0.5 | Measured boot, PCR verification, IMA integration | | TPM attestation (Windows via DHA) | πŸ“ Designed | v0.5 | Intune Device Health Attestation Graph API | | HBOM collection (Linux) | πŸ“ Designed | v0.5 | dmidecode, sysfs, lspci, lsusb, TPM PCR values | | HBOM collection (Windows) | πŸ“ Designed | v0.5 | WMI hardware classes, TPM WMI | | HBOM drift detection | πŸ“ Designed | v0.5 | Content-hash comparison, unexpected component alerting | | Firmware version verification | πŸ“ Designed | v0.5 | HBOM declared version vs TPM-measured version | | HardwareIntegrity posture condition | πŸ“ Designed | v0.5 | Composite: TPM + HBOM + firmware all valid | | Barcode/QR enrollment scanning | πŸ—ΊοΈ Planned | v0.6 | USB/camera barcode scan for device onboarding, serial/model/SKU auto-population | | Scan-to-HBOM verification | πŸ—ΊοΈ Planned | v0.6 | Compare scanned vendor declaration against TPM/OS-reported hardware at first boot | | Supply chain provenance tracking | πŸ—ΊοΈ Planned | v0.7 | Full hardware lifecycle: procurement scan β†’ provisioning β†’ production β†’ decommission | ### Connector Framework | Feature | Status | Version | Notes | |---------|--------|---------|-------| | ConnectorPlugin ABC | βœ… Shipped | v0.1 | API-mediated connector pattern | | ConnectorRuntime with Chronicle audit | βœ… Shipped | v0.1 | Intent-before-execution, result-after | | SessionTransport / SessionConnector | βœ… Shipped | v0.2 | Session-based connector pattern with lifecycle | | OrchestratorConnector | βœ… Shipped | v0.2 | Multi-step workflow pattern with partial-completion | | Bascule connector (stubbed) | πŸ”¨ In Progress | v0.4 | AC-as-credential, needs Shellstream transport | | PowerShell connector (stubbed) | πŸ”¨ In Progress | v0.5 | Kerberos credential, needs pypsrp transport | | Ansible connector (stubbed) | πŸ”¨ In Progress | v0.5 | Orchestrator pattern, needs ansible-runner | | Keylime connector | πŸ“ Designed | v0.5 | TPM attestation API integration | | Connector plugin SDK | πŸ—ΊοΈ Planned | v0.7 | Guild-facing SDK for third-party connectors | ### Credential Management | Feature | Status | Version | Notes | |---------|--------|---------|-------| | CredentialResolver abstraction | βœ… Shipped | v0.2 | Type routing, expiry enforcement, zero-storage | | Entra credential backend (OAuth) | βœ… Shipped | v0.2 | MSAL on-behalf-of token acquisition | | Bascule credential passthrough | βœ… Shipped | v0.2 | AC is the credential | | Stub credential backend | βœ… Shipped | v0.2 | Dev/testing only, requires explicit opt-in (v0.3) | | Credential repr safety | βœ… Shipped | v0.3 | field(repr=False) on all sensitive fields | | Kerberos credential resolution | πŸ”¨ In Progress | v0.5 | Entra Kerberos proxy or hybrid AD | | SSH certificate credential | πŸ“ Designed | v0.5 | Short-lived certs from Bascule CA | | HashiCorp Vault backend | πŸ—ΊοΈ Planned | v0.6 | Dynamic secrets for all credential types | | CyberArk backend | πŸ—ΊοΈ Planned | v0.7 | Enterprise PAM integration | | Azure Key Vault backend | πŸ—ΊοΈ Planned | v0.6 | Cloud-native secrets for Azure environments | ### Authorization & Governance | Feature | Status | Version | Notes | |---------|--------|---------|-------| | AC issuance (GSAP spec) | βœ… Shipped | v0.1 | Full lifecycle: issue, poll, consume | | Completion receipts | βœ… Shipped | v0.1 | Outcome recording with behavioral attestation | | Capability mask enforcement | βœ… Shipped | v0.3 | READ/PROPOSE/MUTATE per-operation check | | AC validation in ConnectorRuntime | βœ… Shipped | v0.3 | Exists, active, not expired | | Session mode ACs | βœ… Shipped | v0.1 | Multi-operation sessions with session_end | | Delegation lifecycle | βœ… Shipped | v0.1 | Create, revoke, query, list, TTL, command limits | | Bounded delegation capability | βœ… Shipped | v0.3 | Cannot exceed delegator's capability mask | | Atomic command counter | βœ… Shipped | v0.3 | SQL-level increment with limit check | | DeviceRouter | βœ… Shipped | v0.2 | Automatic connector selection by device OS/channel | | Declarative compliance policies | πŸ—ΊοΈ Planned | v0.5 | Cross-platform policy definitions | | Accord template externalization | πŸ—ΊοΈ Planned | v0.5 | From hardcoded dict to CRD/file-based | | Ceremony-gated operations | πŸ“ Designed | v0.6 | Multi-party approval for destructive operations | | Delegation depth enforcement | πŸ”¨ In Progress | v0.4 | Chain traversal and depth limit | ### AI Agent Integration | Feature | Status | Version | Notes | |---------|--------|---------|-------| | MCP tool surface | βœ… Shipped | v0.1 | JSON-RPC 2.0, 11 core + 4 Intune tools | | Agent delegation system | βœ… Shipped | v0.1 | Ephemeral IdP registrations, scoped ACs | | Delegation with Entra registrar | βœ… Shipped | v0.1 | App registration + service principal + client credential | | Delegation with Keycloak registrar | βœ… Shipped | v0.1 | Ephemeral service-account clients | | MCP authentication | πŸ”¨ In Progress | v0.4 | Bearer token required for all MCP operations | | MCP AC validation | βœ… Shipped | v0.3 | Governed tools require real AC (no synthetic bypass) | | Harness specification | πŸ“ Designed | v0.6 | Delegation scope, escalation boundary, observation/action mode | | Harness enforcement in gsh | πŸ“ Designed | v0.7 | gsh reads harness.toml, enforces scope | | Agent telemetry classification | πŸ“ Designed | v0.6 | Distinguish agent ops from human ops in Chronicle | | Automated remediation harness | πŸ“ Designed | v0.7 | Compliance violation β†’ agent remediation within scope | ### Compliance & Attestation | Feature | Status | Version | Notes | |---------|--------|---------|-------| | Compliance-gated authorization | βœ… Shipped | v0.1 | Non-compliant devices denied ACs | | PostureLevel (Lockdown..Normal) | βœ… Shipped | witness-sprint1 | Wire-compatible with Shellstream | | WitnessLevel (L1-L4) | βœ… Shipped | witness-sprint1 | Telemetry granularity per SAT-SPEC-ZONE-001 | | PostureCondition framework | βœ… Shipped | witness-sprint1 | 9 condition kinds including Custom | | WitnessConfig on AccordSpec | βœ… Shipped | witness-sprint1 | Conditions + delegates + interval + breach response | | PostureTransitionArtifact | βœ… Shipped | witness-sprint1 | Merkle-anchored posture change evidence | | Posture condition evaluator | βœ… Shipped | witness-sprint2 | 6 checkers implemented, 2 stubbed | | Witness event classification | βœ… Shipped | witness-sprint2 | Operational/Witness/Forensic at ingestion bridge | | TpmAttestationValid condition | πŸ“ Designed | v0.5 | Keylime-backed posture condition | | HbomNoDrift condition | πŸ“ Designed | v0.5 | HBOM integrity-backed posture condition | | HostPostureSnapshot generation | πŸ“ Designed | v0.6 | Selective merkle proofs for external observers | | Witness delegation forwarding | πŸ“ Designed | v0.6 | Pulsar subscription β†’ filtered CloudEvents to delegates | | Insurance observability API | πŸ—ΊοΈ Planned | v0.7 | Read-only posture history for insurers | | Dynamic premium integration | πŸ’‘ Future | β€” | Insurer-side premium calculation from posture stream | | CMMC compliance mapping | πŸ—ΊοΈ Planned | v0.7 | Map Bastion posture conditions to CMMC practices | | SOC 2 evidence generation | πŸ—ΊοΈ Planned | v0.7 | Automated evidence collection for SOC 2 controls | | SLSA build provenance integration | πŸ“ Designed | v0.8 | Build attestation feeding into device posture | ### Audit & Telemetry | Feature | Status | Version | Notes | |---------|--------|---------|-------| | Chronicle event emission | βœ… Shipped | v0.1 | CloudEvents to ingestion bridge | | Intent-before-execution audit | βœ… Shipped | v0.3 | INTENT event before, RESULT event after | | GovernanceEnvelope | βœ… Shipped | cid-phase3 | Binds git ref + actor + accord + timestamp | | ChronicleGitEvent | βœ… Shipped | cid-phase3 | Git-originated events in Chronicle chain | | Witness event types (0x2801-0x2805) | βœ… Shipped | witness-sprint1 | Posture verified/breached, delegate lifecycle | | Chronicle migration to CloudEvents | βœ… Shipped | boundary-cleanup | All emitters use CloudEvents 1.0 | | DEVICE_COMPLIANCE_CHECKED event | βœ… Shipped | v0.1 | Compliance gate decisions audited | | CONNECTOR_INVOCATION_INTENT event | βœ… Shipped | v0.3 | Pre-execution audit record | | Broker Chronicle β†’ CloudEvents gRPC | πŸ—ΊοΈ Planned | v0.5 | Replace Forgejo webhook format (M6.2 TODO) | | Forensic telemetry classification | πŸ“ Designed | v0.6 | Full Chronicle stream for incident investigation | ### Multi-Tenancy & Fleet Management | Feature | Status | Version | Notes | |---------|--------|---------|-------| | Device inventory (Intune-sourced) | βœ… Shipped | v0.1 | Windows managed devices via Graph API | | Device inventory (Linux) | πŸ”¨ In Progress | v0.5 | Via Bascule connector collect operation | | Cross-tenant MSP dashboard | πŸ—ΊοΈ Planned | v0.6 | Dioxus frontend with per-client views | | Tenant isolation in broker | πŸ—ΊοΈ Planned | v0.6 | Per-tenant Accord scope, data isolation | | Vertical policy templates | πŸ—ΊοΈ Planned | v0.7 | Healthcare, legal, manufacturing, tribal presets | | Fleet-wide posture aggregation | πŸ—ΊοΈ Planned | v0.7 | Cross-device posture summary per tenant | | Billing/usage metering | πŸ’‘ Future | β€” | Per-tenant usage for MSP billing | ### Platform & Infrastructure | Feature | Status | Version | Notes | |---------|--------|---------|-------| | FastAPI + SQLite (prototype) | βœ… Shipped | v0.1 | Single-container deployment | | PostgreSQL migration | πŸ—ΊοΈ Planned | v0.5 | asyncpg, same SQLModel layer | | SQLite file permissions (0o600) | πŸ”¨ In Progress | v0.4 | Security hardening | | Pydantic SecretStr for secrets | βœ… Shipped | v0.3 | Settings safety | | Helm chart | πŸ—ΊοΈ Planned | v0.6 | K8s deployment | | Rust port β€” AC issuance | πŸ—ΊοΈ Planned | v1.0 | Axum/Tonic, governance-types crate | | Rust port β€” connectors | πŸ—ΊοΈ Planned | v1.0 | reqwest + azure_identity | | Rust port β€” credential resolver | πŸ—ΊοΈ Planned | v1.0 | Same zero-storage pattern | | OpenAPI spec generation | πŸ—ΊοΈ Planned | v0.6 | Auto-generate from FastAPI routes | --- ## Release Plan ### v0.4 β€” Authentication Hardening (Q2 2026) **Theme:** Close the remaining security gaps and establish shared auth middleware. - Shared `Depends(verify_bearer)` FastAPI middleware (closes C-4, C-8) - MCP endpoint full bearer authentication - Delegation endpoint bearer authentication with DID from token - Delegation depth enforcement (H-7) - SQLite file permissions (H-6) - Bascule connector: real Shellstream transport integration (first real session connector) **Exit criteria:** All 10 critical findings fully closed. Zero unauthenticated endpoints. ### v0.5 β€” Hardware Trust & Real Transports (Q3 2026) **Theme:** TPM attestation, HBOM, and the first real management transports. - Keylime connector for TPM-based measured boot attestation - Windows Device Health Attestation via Intune DHA Graph API - HBOM collection (Linux via Bascule, Windows via PowerShell) - HBOM drift detection with content-hash comparison - HardwareIntegrity composite posture condition - PowerShell connector: real pypsrp transport - Ansible connector: real ansible-runner integration - Fleet/osquery connector for cross-platform posture collection - PostgreSQL migration (asyncpg) - Declarative compliance policy engine (cross-platform evaluation) - Accord template externalization (file/CRD-based) - Broker Chronicle client migration to CloudEvents (not Forgejo format) - Device inventory for Linux endpoints (via Bascule collect) - Session-device binding (correlate Bascule session to originating device) **Exit criteria:** TPM attestation operational on Linux. At least two real transports (Bascule + PowerShell) executing against live targets. HBOM collected and verified. ### v0.6 β€” VDI Mode & Multi-Tenancy (Q4 2026) **Theme:** Virtual workspace governance and MSP fleet management. - Apache Guacamole VDI adapter - Governed shell (Bascule) as a VDI mode workspace - Workspace provisioning lifecycle (auth β†’ provision β†’ monitor β†’ terminate) - Mid-session compliance re-evaluation - Session-device correlation in unified audit trail - HostPostureSnapshot generation (Notarization Boundary) - Witness delegation forwarding (Pulsar β†’ filtered CloudEvents) - Tenant isolation in broker (per-client Accord scope) - Cross-tenant MSP dashboard (Dioxus) - Harness specification for AI agents - Agent telemetry classification (agent vs human ops) - Ceremony-gated destructive operations - Barcode/QR device enrollment (USB scanner + camera/mobile support) - Scan-to-HBOM verification (vendor declaration vs actual hardware at first boot) - Helm chart for K8s deployment - OpenAPI spec auto-generation - Okta identity driver **Exit criteria:** VDI mode operational with at least one platform adapter. MSP can manage multiple clients with tenant isolation. Witness delegation producing snapshots. ### v0.7 β€” Insurance & Compliance Frameworks (Q1 2027) **Theme:** Compliance automation and the insurance observability product. - Insurance observability API (read-only posture history) - CMMC compliance mapping (posture conditions β†’ CMMC practices) - SOC 2 evidence generation (automated control evidence) - Vertical policy templates (healthcare, legal, manufacturing, tribal) - Fleet-wide posture aggregation (cross-device summary) - FSLogix / profile governance (content-addressed VDI profiles) - Harness enforcement in gsh (harness.toml β†’ scope enforcement) - Automated remediation harness (compliance violation β†’ agent action) - Citrix CVAD adapter - Jamf connector (macOS) - SPIFFE/SPIRE workload identity - HashiCorp Vault credential backend - CyberArk credential backend - Connector plugin SDK for guild/third-party development - Supply chain provenance tracking (procurement scan β†’ provisioning β†’ production β†’ decommission) **Exit criteria:** Insurance observability API operational. At least one compliance framework (CMMC or SOC 2) mapped. Harness-governed AI agents performing automated remediation. ### v0.8 β€” Ecosystem & Scale (Q2 2027) **Theme:** Scale, ecosystem growth, and advanced attestation. - VMware Horizon VDI adapter - SLSA build provenance integration - Supply chain provenance tracking (HBOM lifecycle) - Distributed cache for multi-worker deployments - Advanced posture analytics (trend analysis, predictive degradation) - Guild marketplace integration (connector/policy template distribution) - Forensic telemetry mode (full Chronicle stream for incident investigation) ### v1.0 β€” Rust Port & Production Hardening (Q3 2027) **Theme:** Production-grade Rust implementation for performance and safety. - Rust port: AC issuance and CR ingestion (Axum/Tonic) - Rust port: connector framework (reqwest + azure_identity) - Rust port: credential resolver (same zero-storage architecture) - Rust port: identity drivers (JWKS verification) - Python broker archived as reference implementation - Full conformance test suite (Python and Rust implementations must pass) - Performance benchmarking and load testing - Security audit of Rust implementation --- ## Reference Deployment ### Tribal Nation NOC (2026-2027) The primary reference deployment validating all Bastion capabilities: - **Sovereignty:** Self-hosted control plane, local governance authority - **Mixed fleet:** Windows workstations (Entra/Intune) + Linux terminals (Bascule/GSH) - **Dual-mode:** Physical NOC terminals + VDI remote access for off-site operators - **Hardware trust:** TPM attestation on all NOC endpoints, HBOM verification - **Compliance:** Continuous posture attestation for tribal cybersecurity requirements - **Insurance:** Witness delegation to cyber insurer for dynamic premium model - **AI agents:** Harness-governed automated monitoring and remediation --- ## Architecture Principles 1. **Zero credential storage.** The broker holds authorization decisions (ACs), never credentials. Short-lived credentials acquired at invocation time, discarded after use. 2. **Governance by identity, not device.** The identity (who) determines the policy (what they can do). The device (where they are) is a posture signal, not the access decision. 3. **Delegate enforcement, own decisions.** Bastion makes governance decisions. Platform-specific tools (Intune, Keylime, Ansible, Bascule) enforce them. The control plane is durable; backends evolve. 4. **Attest, don't assert.** Every governance claim is backed by cryptographic evidence β€” TPM measurements, merkle-anchored posture records, signed attestation snapshots. Software assertions are corroborated by hardware proofs. 5. **Pluggable everything.** Identity drivers, credential backends, connectors, VDI adapters, compliance policies. The framework ships; the ecosystem grows. 6. **Audit before execute.** Chronicle INTENT event before every operation, RESULT event after. The audit trail survives execution failures. --- ## Contributing Bastion follows the guild-based contribution model: - **License:** Apache 2.0 - **Contributions:** Developer Certificate of Origin (DCO), not CLA - **Connector development:** Implement the ConnectorPlugin ABC; the framework provides Chronicle audit, GSAP validation, and credential resolution - **Identity drivers:** Implement the IdentityDriver ABC with JWKSVerifier for JWT validation - **Credential backends:** Implement the CredentialBackend ABC with enforced TTL on all credentials - **Policy templates:** Submit compliance policy definitions for specific verticals or frameworks See bastion-security-audit.md for the current security posture and known limitations.