Integrations

Bastion governs Claude Code agent sessions natively - AGENTS.md identity, Skills definitions, MCP server configurations, and hook events all route through the IRONLAW policy gate with full operator attribution.

Cursor AI sessions are governed through AGENTS.md identity and MCP protocol support. Rule definitions (.cursor/rules MDC files) are recognized for agent capability scoping within the Bastion governance model.

Gemini CLI agents are governed through AGENTS.md, GEMINI.md configuration, and MCP protocol support - the same governance path as any other ACP/MCP-compatible agent runtime.

Copilot agent sessions are governed via AGENTS.md identity and MCP server integration. Copilot instructions (.github/copilot-instructions.md) are supported for operator-defined policy context.

Windsurf AI sessions are governed through AGENTS.md and MCP protocol support, applying the same IRONLAW policy gate and intent-ledger attribution as all Bastion-governed agents.

VS Code agentic extensions that implement MCP or ACP are governed natively. AGENTS.md workspace definitions provide agent identity and authority boundaries within the Bastion governance model.

Bastion and Citadel natively speak ACP over NDJSON/JSON-RPC. Any LLM provider or agent runtime that implements the ACP protocol works with both products out of the box - no per-provider integration required.

Bastion loads MCP server configurations and exposes MCP-compatible tools to governed agents. Citadel exposes its own MCP surface via Streamable HTTP transport with bearer and OAuth-JWT authentication - MCP tool calls appear in the Citadel audit feed. Existing MCP tools work without modification through both products.

Declarative agent definitions in Markdown. Bastion reads AgentsMD files to understand agent identity, capabilities, and authority boundaries within the IRONLAW governance model.

Skill definitions in Markdown that describe what an agent can do. Bastion uses SkillsMD to validate that agent actions stay within declared skill boundaries.

Citadel operates an OAuth 2.1 provider path for CLI and browser authentication, including authorization code with PKCE, refresh, revoke, and device flow. Dynamic Client Registration endpoints allow agents and CLI tools to register programmatically.

Bastion integrates with GitHub repositories for source control operations, including remote probing and repository-level governance context. Citadel mirrors GitHub repositories via webhook events and offers git-over-SSH on port 22 plus HTTP read/write surfaces for repository browse and writes.

First-class CI/CD support. Bastion check-runs can be installed as required status checks, blocking merges when IRONLAW violations are detected.

Bastion supports GitLab repositories for source control operations alongside GitHub. Citadel mirroring of GitLab repositories via webhook ingest is planned.

Bastion governance events can be emitted as GitLab CI job artifacts, providing an auditable record of AI-assisted pipeline actions.

Citadel repository mirroring via Gitea webhook ingest, giving self-hosted Gitea instances a path into the Citadel knowledge graph and audit surface.

Citadel repository mirroring via Bitbucket webhook ingest, connecting Atlassian-hosted repositories to the Citadel knowledge graph and audit surface.

Azure DevOps pipeline and board integration for governance event routing and principal-level authorization of AI-assisted work items.

Bastion exports structured metrics and traces via the OTLP protocol. Enable with BASTION_METRICS_OPENTELEMETRY and point at any OTLP-compatible collector.

Bastion exposes a /metrics endpoint in Prometheus text format. Enable with BASTION_METRICS_PROMETHEUS for pull-based metric collection.

Direct Datadog integration for governance event dashboards and authorization failure monitors. Use OpenTelemetry export in the interim.

Direct PagerDuty alerting for critical IRONLAW violations such as unauthorized principal escalation or tamper-evident ledger integrity failures.

Pre-built Grafana dashboard templates for visualizing agent activity, authorization rates, and governance event volume. Use Prometheus export in the interim.

Governance audit event forwarding to Splunk for SIEM-level correlation of AI agent activity with your broader security event stream.

Official Docker images for Bastion components. Compose files available for single-host deployments.

Helm charts for Kubernetes deployments with namespace isolation and RBAC-aligned principal resolution.

Native AWS deployment support with IAM-based principal identity, CloudWatch audit log routing, and VPC-isolated deployment.

Azure support including Entra ID principal resolution, Azure Monitor integration, and AKS deployment manifests.

GCP deployment with Cloud Logging integration and Workload Identity Federation for principal attribution in GKE.

Bastion governance event exports mapped to Drata evidence collection for SOC 2 and ISO 27001 controls.

Continuous compliance monitoring - surfacing IRONLAW violation rates and intent-ledger evidence health in your Vanta dashboard.

Citadel indexes repositories into a Knowledge Graph with symbol, file, walk, impact, fulltext, regex, and diff read-side queries. Go, TypeScript, and SQL sources are indexed into a shared graph with cross-language edges.

Citadel derives cross-language Knowledge Graph edges such as TypeScript-to-Go HTTP call sites and Go-to-SQL query links. Edge confidence scores are stored per edge kind.