tking/gsh - Forgejo: Beyond coding. We Forge.

tking/gsh

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler J King	af11a797ee	feat: per-session AC consumption + corpus gate + exit codes Phase 1 of the WSL2 jumphost build. Three execution models: 1. Pre-issued AC: GSAP_AC='...' gsh --exec "cmd" Caller provides AC. gsh validates (R-22/23/24), executes, posts CR. For: Bascule, SK plugin, CI/CD. 2. Inline AC request: GSAP_BROKER_URL=... gsh --exec "cmd" Backward compatible fallback. 3. Ungoverned: gsh --ungoverned --exec "cmd" No AC, no CR, no corpus check. Dev mode. AC validation (validate_pre_issued_ac): R-22: Single-use — filesystem registry at ~/.gsh/consumed/{context_id} R-23: Corpus match — AC corpus_entry_cid vs GSAP_CORPUS_CID env R-24: (parameters_cid field parsed, verification at broker) Expiry check — AC expires_at vs now Replay detection — consumed context_ids rejected Corpus directory gate (corpus_check): /opt/substrate/corpus/{cid}/{command_name} If binary missing from corpus dir → denied (exit 3) The live killswitch: remove binary from corpus dir to revoke Exit codes aligned with DESIGN.md: 0 = success, 1 = exec failure, 2 = auth failure, 3 = governance violation, 125 = gsh internal error JSON output: new fields ac_mode ("pre-issued"\|"inline"\|"session"\|"ungoverned"), corpus_cid Tested against live fastapi-gsap broker: Inline AC: backward compat ✓ Pre-issued AC from broker: validated + CR posted ✓ Expired AC: exit 2 ✓ Replay detection: exit 2 ✓ Ungoverned mode: no governance overhead ✓ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 09:07:45 -04:00
Tyler J King	eab034f0cc	feat: gsh machine mode — first governed shell execution ~200 lines of Rust. Every command: AC → exec → CR → CID. Usage: gsh --exec "echo hello" gsh --exec "hcloud server list" --json gsh --exec "ansible-playbook site.yml" --dry-run Flow: 1. SHA-256 hash the command 2. POST /governance/authorize/ → AC ID 3. exec(sh, -c, command) → capture stdout/stderr/exit 4. POST /governance/complete/ → receipt + Chronicle CID 5. Print stdout (passthrough) or JSON (structured) 6. Exit with command's exit code Environment: GSAP_BROKER_URL http://fastapi-gsap:8000 GSAP_AGENT_DID did:web:bxnet.../agent/platform-ops GSAP_TOKEN Bearer token (optional) GSAP_CORPUS_CID sha256:{image_digest} (optional) Tested against live fastapi-gsap Spoke broker on Hetzner: dry-run: AC only ✓ live exec: stdout passthrough + CID ✓ JSON mode: ac_id + cr_id + chronicle_cid ✓ exit code: 42 passed through ✓ The command_hash in the AC request means the broker knows WHAT will be executed before authorizing. Not just "was this agent allowed" but "was this exact command authorized." Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 19:01:22 -04:00

Author

SHA256

Message

Date

Tyler J King

af11a797ee

feat: per-session AC consumption + corpus gate + exit codes

Phase 1 of the WSL2 jumphost build.

Three execution models:
  1. Pre-issued AC: GSAP_AC='...' gsh --exec "cmd"
     Caller provides AC. gsh validates (R-22/23/24), executes, posts CR.
     For: Bascule, SK plugin, CI/CD.

  2. Inline AC request: GSAP_BROKER_URL=... gsh --exec "cmd"
     Backward compatible fallback.

  3. Ungoverned: gsh --ungoverned --exec "cmd"
     No AC, no CR, no corpus check. Dev mode.

AC validation (validate_pre_issued_ac):
  R-22: Single-use — filesystem registry at ~/.gsh/consumed/{context_id}
  R-23: Corpus match — AC corpus_entry_cid vs GSAP_CORPUS_CID env
  R-24: (parameters_cid field parsed, verification at broker)
  Expiry check — AC expires_at vs now
  Replay detection — consumed context_ids rejected

Corpus directory gate (corpus_check):
  /opt/substrate/corpus/{cid}/{command_name}
  If binary missing from corpus dir → denied (exit 3)
  The live killswitch: remove binary from corpus dir to revoke

Exit codes aligned with DESIGN.md:
  0 = success, 1 = exec failure, 2 = auth failure,
  3 = governance violation, 125 = gsh internal error

JSON output: new fields ac_mode ("pre-issued"|"inline"|"session"|"ungoverned"), corpus_cid

Tested against live fastapi-gsap broker:
  Inline AC: backward compat ✓
  Pre-issued AC from broker: validated + CR posted ✓
  Expired AC: exit 2 ✓
  Replay detection: exit 2 ✓
  Ungoverned mode: no governance overhead ✓

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-02 09:07:45 -04:00

Tyler J King

eab034f0cc

feat: gsh machine mode — first governed shell execution

~200 lines of Rust. Every command: AC → exec → CR → CID.

Usage:
  gsh --exec "echo hello"
  gsh --exec "hcloud server list" --json
  gsh --exec "ansible-playbook site.yml" --dry-run

Flow:
  1. SHA-256 hash the command
  2. POST /governance/authorize/ → AC ID
  3. exec(sh, -c, command) → capture stdout/stderr/exit
  4. POST /governance/complete/ → receipt + Chronicle CID
  5. Print stdout (passthrough) or JSON (structured)
  6. Exit with command's exit code

Environment:
  GSAP_BROKER_URL   http://fastapi-gsap:8000
  GSAP_AGENT_DID    did:web:bxnet.../agent/platform-ops
  GSAP_TOKEN        Bearer token (optional)
  GSAP_CORPUS_CID   sha256:{image_digest} (optional)

Tested against live fastapi-gsap Spoke broker on Hetzner:
  dry-run: AC only ✓
  live exec: stdout passthrough + CID ✓
  JSON mode: ac_id + cr_id + chronicle_cid ✓
  exit code: 42 passed through ✓

The command_hash in the AC request means the broker knows
WHAT will be executed before authorizing. Not just "was
this agent allowed" but "was this exact command authorized."

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-01 19:01:22 -04:00

2 commits