Tyler King
6058e62348
Go-based network automation with YANG models, gRPC, Ansible, Terraform, and Kubernetes integration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
11 lines
599 B
Markdown
11 lines
599 B
Markdown
# Shellstream Boundary
|
|
|
|
Shellstream is the attested stream protocol for inter-cluster communication. Kedge DaemonSet terminates Shellstream handshakes at the cluster boundary.
|
|
|
|
## 3-Way Handshake
|
|
1. **ATTEST-INIT**: Remote peer sends SAT token with capability request
|
|
2. **ATTEST-VERIFY**: Local Kedge validates SAT, evaluates capabilities against accord policy, sends attenuated grant
|
|
3. **ATTEST-CONFIRM**: Session established with granted capabilities
|
|
|
|
## Mode Selection
|
|
The capability token determines overlay vs. underlay access, governed by MSP trust tier mappings in the local accord policy.
|