Update Shellstream specs for consent channels and HFL embedded ABI

Add consent-channels@guildhouse.dev SSH certificate extension for advertising available consent transport channels. Add §8.6 to upper layers spec describing HFL as the in-process capability boundary within Shellstream sessions, with WIT as the formal contract. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 17:57:48 -05:00 · 2026-02-26 17:57:48 -05:00 · 9319ad0ce8
commit 9319ad0ce8
parent 420a4e2ea0
2 changed files with 1126 additions and 1 deletions
--- a/docs/shellstream-spec-0001-upper-layers.md
+++ b/docs/shellstream-spec-0001-upper-layers.md
--- a/specs/shellstream-extensions.md
+++ b/specs/shellstream-extensions.md
@ -69,7 +69,7 @@ document are to be interpreted as described in RFC 2119.
  requirements for a tenant.

 **Trust Domain**
-: A SPIFFE trust domain (e.g., `guildhouse.io`) that defines the
+: A SPIFFE trust domain (e.g., `guildhouse.dev`) that defines the
  boundary within which SPIFFE identities and their associated
  attestations are valid.

@ -324,6 +324,15 @@ credential issuance. It enables audit correlation between the SSH
 certificate and the governance audit trail maintained by the
 GovernanceService.

+> **Security:** The `governance-intent` value MUST be set by the SSH
+> Credential Composer from the actual `CreateIntentResponse.intent_id`,
+> NOT from external input (e.g., requester-supplied headers). Verifiers
+> SHOULD cross-check this value against the GovernanceService to confirm
+> that the referenced intent exists, is in `redeemed` status, and
+> corresponds to this credential's issuance. A syntactically valid but
+> fabricated intent UUID would pass format validation but fail this
+> cross-check.
+
 **Example:**
 ```
 governance-intent@guildhouse.dev = c8d9e0f1-2a3b-4c5d-6e7f-8a9b0c1d2e3f
@ -482,6 +491,48 @@ explicit version field. If a future revision deprecates or changes the
 semantics of an extension, it MUST do so under a new extension name. The
 original extension name retains its original semantics indefinitely.

+### 10.5 `consent-channels@guildhouse.dev`
+
+**Presence:** OPTIONAL.
+
+**Value:** Comma-separated list of available consent transport channel
+identifiers with no whitespace. Each channel identifier MUST match
+`[a-z][a-z0-9]*(-[a-z0-9]+)*`.
+
+Valid channel identifiers (corresponding to
+`substrate:consent/channel.channel-kind`):
+
+| Identifier       | Tier | Description                                    |
+|------------------|------|------------------------------------------------|
+| `local-tty`      | 0    | Synchronous, local terminal prompt             |
+| `unix-socket`    | 0-1  | Synchronous or async via Unix domain socket    |
+| `dbus`           | 1    | Asynchronous, local D-Bus notification         |
+| `http-webhook`   | 2    | Asynchronous, network HTTP webhook             |
+| `message-queue`  | 2    | Asynchronous, network message queue            |
+| `store-forward`  | 3    | Store-and-forward, delivered on reconnect      |
+
+This extension advertises the consent transport channels available on
+the host that issued the certificate. Client modules use this
+information to determine which consent tier is available for governance
+operations requiring human or policy-automated approval. See
+[GH-DESIGN-0005 §5](../../guildhouse-platform/docs/GH-DESIGN-0005-wasm-component-model.md)
+for the tiered consent transport model.
+
+The value parallels the `consent_channels` field in
+`HostCapabilities` (SAT-SPEC-0001 §3.9). When both are present,
+they SHOULD contain the same set of channels. If they differ, the
+SAT's `HostCapabilities` is authoritative.
+
+**Example:**
+```
+consent-channels@guildhouse.dev = local-tty,unix-socket,http-webhook
+```
+
+**Example (air-gapped host):**
+```
+consent-channels@guildhouse.dev = local-tty
+```
+
 ## 11. References

 - **OpenSSH PROTOCOL.certkeys** -- OpenSSH certificate format and