tking/gsh
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
19 commits 1 branch 0 tags 361 KiB
Commit graph

5 commits

Author SHA256 Message Date
Tyler J King
d0b9ca0e6a feat: detect Windows Entra/local principal in WSL2 
Session principal resolution chain:
  GSH_PRINCIPAL → BASCULE_DISPLAY_NAME → derive from DID → whoami()
  GSH_DID → BASCULE_USER_DID → whoami()

.gshrc Windows identity detection:
  Entra-joined: whoami /upn → tking@guildhouse.dev → DID
  Domain-joined: USERNAME@USERDNSDOMAIN → DID
  Local: USERNAME only (no DID)

Governed sessions (Bascule) override with authenticated identity.
Non-WSL2 environments fall back silently.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-04 14:15:05 -04:00
Tyler J King
b363d1da3b feat: Substrate WSL2 distro builder (Fedora 41) 
scripts/build-substrate-wsl2.sh — builds a custom Fedora WSL2 distro
with gsh as the default governed shell for the operator user.

Image contents (337MB):
  Fedora 41 + systemd
  gsh as login shell (/usr/local/bin/gsh)
  bascule-proxy for governed cluster connections
  kubectl + helm with corpus symlinks
  SSH aliases: dev.gsh, stg.gsh
  WSL2 config: systemd=true, default user=operator

Build: docker builds Fedora rootfs, exports as tar
Import: wsl --import substrate-gsh C:\WSL\substrate-gsh substrate-gsh.tar
Boot: wsl -d substrate-gsh → governed shell prompt

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-04 13:59:03 -04:00
Tyler J King
3c4042ce8e feat: WSL2 jumphost image builder 
scripts/build-wsl2-image.sh — idempotent setup for governed jumphost.

Installs: gsh, kubectl, helm (all to ~/.local/bin, no sudo needed)
Configures: corpus directory, SSH aliases (dev.gsh, stg.gsh),
  .gshrc environment defaults
Export: --export flag prints wsl --export/import commands

No sudo required for gsh/corpus/config setup. System packages
(curl, git, etc.) prompt for manual install if sudo unavailable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 11:04:38 -04:00
Tyler J King
fcc7758249 feat: dev Bascule + dual-cluster connectivity complete 
Phase 4b: local dev Bascule for Docker Desktop K8s access.

Dev Bascule:
  Binary: substrate/target/release/bascule (14MB)
  Config: ~/.config/bascule/bascule-dev.toml
    Permissive auth, direct dispatch, localhost:2223
  Keys: ~/.config/bascule/keys/dev_{host,ca}_key
  Startup: scripts/start-dev-bascule.sh

Dual-cluster connectivity verified:
  ssh dev.gsh '!whoami'
    → session created, did:web:guildhouse.dev/user/tyler ✓
  ssh stg.gsh '!whoami'
    → session created, did:web:guildhouse.dev/user/tyler ✓

Topology:
  WSL2 → dev.gsh  (localhost:2223, permissive)
  WSL2 → stg.gsh  (178.104.110.197:30222, Hetzner)
  WSL2 → prod.gsh (178.104.110.197:30222, Hetzner)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-02 16:37:52 -04:00
Tyler J King
63a6c0c520 feat: gsh human mode — interactive governed shell with reedline 
Phase 3 / Sprint 2 finish line.

Human mode: reedline REPL with governed prompt.
  [governed] tyler@gsh:~$

Mode detection:
  --exec "cmd"              → machine mode (unchanged)
  --ungoverned --exec "cmd" → ungoverned machine (unchanged)
  (no --exec, TTY attached) → human mode (NEW)
  (no --exec, no TTY)       → error

Command classification per-keystroke (libgsh/classifier.rs):
  Free:       ls, cat, grep, echo, cd, git, ssh, curl — zero overhead
  Governed:   binaries in corpus dir — via org-ops wrapper, CR posted
  Ungoverned: not in corpus but on PATH — warn + execute
  Denied:     corpus manifest but removed — killswitch active

Session lifecycle:
  Start:  validate AC, post SESSION_STARTED CR, print banner
  Active: classify each command, governed ops post lightweight CRs
  End:    print summary (governed/free/denied/ungoverned), post SESSION_ENDED CR

Banner: principal, corpus, session ID, expiry, risk level
Prompt coloring from risk level:
  Baseline/Standard: green [governed]
  Elevated:          yellow [elevated]
  High/Critical:     red [HIGH]

New modules:
  libgsh/classifier.rs — command classification against corpus (4 tests)
  libgsh/session.rs    — session state tracking
  gsh/human.rs         — reedline REPL, prompt, banner, summary

Machine mode: zero changes (regression tested).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-02 15:44:34 -04:00