Skip to main content

Browser SSH Management Contracts

Summary

OP-039 freezes the Phase 1 browser SSH management contract. It accepts WebSocket/TLS browser SSH, JIT access, tenant RBAC, encrypted tenant-scoped recording refs, command-by-command logging, default 30-minute idle timeout, default 4-hour absolute timeout, and SSH capability detection through approved sources such as SNMP discovery.

OP-062 later implements the platform-side broker lifecycle. See Browser SSH Broker Runtime for the API-backed approved grant request/cancel/history behavior.

Validation

  • Contract schemas added for session.ssh.started, session.ssh.command_logged, and session.ssh.ended.
  • AsyncAPI and OpenAPI include SSH session event/API surfaces.
  • Contract examples validate through make validate-contracts.

Non-Scope

OP-039 itself did not implement an SSH broker, WebSocket proxy, persistent key vault, session recorder, command execution, remote desktop, file transfer, patching, software deployment, deployment, Terraform, Helm, or AWS change.