tking/gsh - Forgejo: Beyond coding. We Forge.

tking/gsh

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler J King	3c4042ce8e	feat: WSL2 jumphost image builder scripts/build-wsl2-image.sh — idempotent setup for governed jumphost. Installs: gsh, kubectl, helm (all to ~/.local/bin, no sudo needed) Configures: corpus directory, SSH aliases (dev.gsh, stg.gsh), .gshrc environment defaults Export: --export flag prints wsl --export/import commands No sudo required for gsh/corpus/config setup. System packages (curl, git, etc.) prompt for manual install if sudo unavailable. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-03 11:04:38 -04:00
Tyler J King	fcc7758249	feat: dev Bascule + dual-cluster connectivity complete Phase 4b: local dev Bascule for Docker Desktop K8s access. Dev Bascule: Binary: substrate/target/release/bascule (14MB) Config: ~/.config/bascule/bascule-dev.toml Permissive auth, direct dispatch, localhost:2223 Keys: ~/.config/bascule/keys/dev_{host,ca}_key Startup: scripts/start-dev-bascule.sh Dual-cluster connectivity verified: ssh dev.gsh '!whoami' → session created, did:web:guildhouse.dev/user/tyler ✓ ssh stg.gsh '!whoami' → session created, did:web:guildhouse.dev/user/tyler ✓ Topology: WSL2 → dev.gsh (localhost:2223, permissive) WSL2 → stg.gsh (178.104.110.197:30222, Hetzner) WSL2 → prod.gsh (178.104.110.197:30222, Hetzner) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 16:37:52 -04:00
Tyler J King	63a6c0c520	feat: gsh human mode — interactive governed shell with reedline Phase 3 / Sprint 2 finish line. Human mode: reedline REPL with governed prompt. [governed] tyler@gsh:~$ Mode detection: --exec "cmd" → machine mode (unchanged) --ungoverned --exec "cmd" → ungoverned machine (unchanged) (no --exec, TTY attached) → human mode (NEW) (no --exec, no TTY) → error Command classification per-keystroke (libgsh/classifier.rs): Free: ls, cat, grep, echo, cd, git, ssh, curl — zero overhead Governed: binaries in corpus dir — via org-ops wrapper, CR posted Ungoverned: not in corpus but on PATH — warn + execute Denied: corpus manifest but removed — killswitch active Session lifecycle: Start: validate AC, post SESSION_STARTED CR, print banner Active: classify each command, governed ops post lightweight CRs End: print summary (governed/free/denied/ungoverned), post SESSION_ENDED CR Banner: principal, corpus, session ID, expiry, risk level Prompt coloring from risk level: Baseline/Standard: green [governed] Elevated: yellow [elevated] High/Critical: red [HIGH] New modules: libgsh/classifier.rs — command classification against corpus (4 tests) libgsh/session.rs — session state tracking gsh/human.rs — reedline REPL, prompt, banner, summary Machine mode: zero changes (regression tested). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 15:44:34 -04:00

Author

SHA256

Message

Date

Tyler J King

3c4042ce8e

feat: WSL2 jumphost image builder

scripts/build-wsl2-image.sh — idempotent setup for governed jumphost.

Installs: gsh, kubectl, helm (all to ~/.local/bin, no sudo needed)
Configures: corpus directory, SSH aliases (dev.gsh, stg.gsh),
  .gshrc environment defaults
Export: --export flag prints wsl --export/import commands

No sudo required for gsh/corpus/config setup. System packages
(curl, git, etc.) prompt for manual install if sudo unavailable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-03 11:04:38 -04:00

Tyler J King

fcc7758249

feat: dev Bascule + dual-cluster connectivity complete

Phase 4b: local dev Bascule for Docker Desktop K8s access.

Dev Bascule:
  Binary: substrate/target/release/bascule (14MB)
  Config: ~/.config/bascule/bascule-dev.toml
    Permissive auth, direct dispatch, localhost:2223
  Keys: ~/.config/bascule/keys/dev_{host,ca}_key
  Startup: scripts/start-dev-bascule.sh

Dual-cluster connectivity verified:
  ssh dev.gsh '!whoami'
    → session created, did:web:guildhouse.dev/user/tyler ✓
  ssh stg.gsh '!whoami'
    → session created, did:web:guildhouse.dev/user/tyler ✓

Topology:
  WSL2 → dev.gsh  (localhost:2223, permissive)
  WSL2 → stg.gsh  (178.104.110.197:30222, Hetzner)
  WSL2 → prod.gsh (178.104.110.197:30222, Hetzner)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-02 16:37:52 -04:00

Tyler J King

63a6c0c520

feat: gsh human mode — interactive governed shell with reedline

Phase 3 / Sprint 2 finish line.

Human mode: reedline REPL with governed prompt.
  [governed] tyler@gsh:~$

Mode detection:
  --exec "cmd"              → machine mode (unchanged)
  --ungoverned --exec "cmd" → ungoverned machine (unchanged)
  (no --exec, TTY attached) → human mode (NEW)
  (no --exec, no TTY)       → error

Command classification per-keystroke (libgsh/classifier.rs):
  Free:       ls, cat, grep, echo, cd, git, ssh, curl — zero overhead
  Governed:   binaries in corpus dir — via org-ops wrapper, CR posted
  Ungoverned: not in corpus but on PATH — warn + execute
  Denied:     corpus manifest but removed — killswitch active

Session lifecycle:
  Start:  validate AC, post SESSION_STARTED CR, print banner
  Active: classify each command, governed ops post lightweight CRs
  End:    print summary (governed/free/denied/ungoverned), post SESSION_ENDED CR

Banner: principal, corpus, session ID, expiry, risk level
Prompt coloring from risk level:
  Baseline/Standard: green [governed]
  Elevated:          yellow [elevated]
  High/Critical:     red [HIGH]

New modules:
  libgsh/classifier.rs — command classification against corpus (4 tests)
  libgsh/session.rs    — session state tracking
  gsh/human.rs         — reedline REPL, prompt, banner, summary

Machine mode: zero changes (regression tested).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-02 15:44:34 -04:00

3 commits