Session principal resolution chain:
GSH_PRINCIPAL → BASCULE_DISPLAY_NAME → derive from DID → whoami()
GSH_DID → BASCULE_USER_DID → whoami()
.gshrc Windows identity detection:
Entra-joined: whoami /upn → tking@guildhouse.dev → DID
Domain-joined: USERNAME@USERDNSDOMAIN → DID
Local: USERNAME only (no DID)
Governed sessions (Bascule) override with authenticated identity.
Non-WSL2 environments fall back silently.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
scripts/build-wsl2-image.sh — idempotent setup for governed jumphost.
Installs: gsh, kubectl, helm (all to ~/.local/bin, no sudo needed)
Configures: corpus directory, SSH aliases (dev.gsh, stg.gsh),
.gshrc environment defaults
Export: --export flag prints wsl --export/import commands
No sudo required for gsh/corpus/config setup. System packages
(curl, git, etc.) prompt for manual install if sudo unavailable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
