tking/gsh
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Governed shell binary — human + machine modes (Rust)
20 commits 1 branch 0 tags 361 KiB
Rust 83.2%
Shell 16.8%
Find a file
Tyler J King 91f027ae61 libgsh: complete scenario coverage for corpus_check execution paths 
Adds the ReadFailed scenario (binary path resolves to a directory so
exists() succeeds but read() fails) and a scenarios coverage map at the
top of the test module. The map links each test to the audit fix
scenarios:

- valid CID, content matches: Allowed
- valid CID at admission, tampered content at execution: ContentMismatch
- missing binary where directory exists: Denied (sanity preserved)
- binary present but unreadable: ReadFailed (fail-closed)

Plus the existing sentinels for ungoverned-CID and corpus-not-mounted.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Tyler J King <tking@guildhouse.dev>
2026-04-25 03:18:56 -04:00
config feat: configurable corpus base dir + Bascule dev config 2026-04-02 18:46:27 -04:00
dist feat: Substrate WSL2 distro builder (Fedora 41) 2026-04-04 13:59:03 -04:00
gsh libgsh: verify corpus binary content before allowing execution 2026-04-25 03:02:37 -04:00
libgsh libgsh: complete scenario coverage for corpus_check execution paths 2026-04-25 03:18:56 -04:00
scripts feat: detect Windows Entra/local principal in WSL2 2026-04-04 14:15:05 -04:00
.gitignore feat: gsh machine mode — first governed shell execution 2026-04-01 19:01:22 -04:00
Cargo.lock libgsh: verify corpus binary content before allowing execution 2026-04-25 03:02:37 -04:00
Cargo.toml libgsh: verify corpus binary content before allowing execution 2026-04-25 03:02:37 -04:00
DESIGN.md feat: gsh governed shell — design exploration 2026-03-30 23:20:27 -04:00
README.md Initial commit 2026-03-31 03:15:52 +00:00

README.md

gsh

gsh — the GCAP governed shell. Human and machine modes. Chronicle-attributed execution.