Tyler J King
5f62da6ca9
feat(spire): Keylime node attestor plugin — single TPM authority
...
Custom SPIRE NodeAttestor that queries Keylime attestation status
instead of performing independent TPM attestation. Keylime remains
the single TPM authority in the stack.
Two data source strategies:
- ConfigMap (default): reads posture-current ConfigMap (recommended,
consistent with single-consumer principle)
- Verifier: queries Keylime verifier REST API directly (for
out-of-cluster SPIRE servers)
Fail-closed: unknown nodes, unreachable sources, degraded posture
all result in non-attested verdict — no SVID issued.
Maps posture level to attestation verdict:
Normal(5)/Elevated(4) → Attested
Restricted(3) → Pending
Critical(2)/Lockdown(1) → Failed
8 unit tests covering ConfigMap source, verifier mapping, edge cases.
Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
2026-04-15 20:35:45 -04:00
a58d548518
feat: network-policy extension, governance lifecycle, audit remediation
...
- Network-policy SPIRE plugin extension
- Governance event notification with merkle anchoring
- Shellstream specs for consent channels + HFL embedded ABI
- All 17 audit findings from AUDIT.md remediated
- SSH credential composer + substrate key manager updates
- Test coverage for config + sshcert packages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 15:54:46 -04:00
6321037ac1
Add network-policy extension and network governance lifecycle events
...
New shellstream extension §10.6 network-policy@guildhouse.dev carrying
GovernedNetworkPolicy hash in SSH certificates. New §8.7 in upper layers
spec documenting network governance lifecycle events (attach, detach,
flow policy, route announce/withdraw) emitted by governance-notifier
using the tiered consent transport model.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 19:38:13 -05:00
9319ad0ce8
Update Shellstream specs for consent channels and HFL embedded ABI
...
Add consent-channels@guildhouse.dev SSH certificate extension for
advertising available consent transport channels. Add §8.6 to upper
layers spec describing HFL as the in-process capability boundary
within Shellstream sessions, with WIT as the formal contract.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 17:57:48 -05:00
420a4e2ea0
Remediate all 17 audit findings from AUDIT.md
...
Critical fixes:
- F-01: SatScope array form support (single pointer → slice with polymorphic JSON)
- F-02: Add governance-intent@guildhouse.dev as 10th Shellstream extension
- F-06: Replace os.Exit(1) stubs with go-plugin Serve() boilerplate in all cmd/
- F-13: Validate SatScope.ResourcePattern is non-empty
High priority:
- F-03: Add normative Accord policy syntax note to credential-governance.md §8.2
- F-04: Replace OID XXXXX placeholder with explicit PEN reference and IANA TODO
- F-05: Document CredentialComposer hook mapping in spec and plugin-types.md
- F-07/F-08: Commit CI pipeline (.github/workflows/ci.yaml)
- F-09: Add hashicorp/go-plugin v1.6.3 to go.mod
Medium priority:
- F-10: Wire sample-ssh-cert-extensions.json fixture into shellstream tests
- F-11: Cross-reference merkle proof depth limit (256 leaves) in governance spec
- F-12: Add YAML format clarification headers to deploy configs
- F-14: Expand README with project status, docs links, and quick-start
Low priority:
- F-15: Standardize "SSH SVID" → "SSH-SVID" terminology across docs
- F-16: Add GovernanceEpochSeconds to PluginConfig and deploy configs
- F-17: Add troubleshooting section to deployment.md, error handling to OIDC docs
Global: Rename all extension keys from @guildhouse.io to @guildhouse.dev
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 11:45:33 -05:00
3dc3e9ee37
Initial scaffolding: specs, plugins, pkg/shellstream
2026-02-18 10:47:09 -05:00
