errors.py
python
sha256:18b983389ee1b55900fcd799bfbb496552d2e3ecded9d18cefbfef188947a12e
chore: remove blob-debug test marker file
Sonnet 4.6
22 hours ago
| 1 | """Exit-code contract and exception types for the Muse CLI.""" |
| 2 | |
| 3 | import enum |
| 4 | |
| 5 | class ExitCode(enum.IntEnum): |
| 6 | """Standardised CLI exit codes. |
| 7 | |
| 8 | 0 — success |
| 9 | 1 — user error (bad arguments, invalid input) |
| 10 | 2 — repo-not-found / config invalid |
| 11 | 3 — server / internal error |
| 12 | 4 — requested item not found |
| 13 | 5 — remote communication error |
| 14 | 6 — partial success (completed with skipped/corrupt objects) |
| 15 | """ |
| 16 | |
| 17 | SUCCESS = 0 |
| 18 | USER_ERROR = 1 |
| 19 | REPO_NOT_FOUND = 2 |
| 20 | INTERNAL_ERROR = 3 |
| 21 | NOT_FOUND = 4 |
| 22 | REMOTE_ERROR = 5 |
| 23 | PARTIAL = 6 |
| 24 | |
| 25 | class MuseCLIError(Exception): |
| 26 | """Base exception for Muse CLI errors.""" |
| 27 | |
| 28 | def __init__(self, message: str, exit_code: ExitCode = ExitCode.INTERNAL_ERROR) -> None: |
| 29 | super().__init__(message) |
| 30 | self.exit_code = exit_code |
| 31 | |
| 32 | class RepoNotFoundError(MuseCLIError): |
| 33 | """Raised when the current directory is not a Muse repository.""" |
| 34 | |
| 35 | def __init__(self, message: str = "Not a Muse repository. Run `muse init`.") -> None: |
| 36 | super().__init__(message, exit_code=ExitCode.REPO_NOT_FOUND) |
| 37 | |
| 38 | #: Canonical public alias matching the name specified. |
| 39 | MuseNotARepoError = RepoNotFoundError |
| 40 | |
| 41 | class UntrustedRepositoryError(PermissionError): |
| 42 | """Raised when a ``.muse/`` directory is owned by a different user. |
| 43 | |
| 44 | This is the Muse equivalent of CVE-2022-24765: an attacker-owned repository |
| 45 | in a shared-filesystem location (e.g. ``/tmp``, a Docker bind-mount, a |
| 46 | multi-user home directory) could inject malicious configuration or hooks that |
| 47 | execute under the victim's UID. |
| 48 | |
| 49 | Escape hatches (bypass ownership check): |
| 50 | - Set ``MUSE_SAFE_DIRS`` environment variable to a colon-separated list of |
| 51 | absolute paths that are trusted regardless of ownership. |
| 52 | - Add paths via ``muse trust add <path>`` which writes to |
| 53 | ``~/.muse/config.toml`` under ``[security] safe_dirs``. |
| 54 | |
| 55 | Root (uid == 0) bypasses ownership checks entirely since root can already |
| 56 | read and write any file regardless of ownership. |
| 57 | """ |
| 58 | |
| 59 | def __init__(self, path: str, owner_uid: int, current_uid: int) -> None: |
| 60 | self.repo_path = path |
| 61 | self.owner_uid = owner_uid |
| 62 | self.current_uid = current_uid |
| 63 | message = ( |
| 64 | f"Untrusted repository at {path!r}: owned by UID {owner_uid}, " |
| 65 | f"but running as UID {current_uid}. " |
| 66 | "This could be a security risk (CVE-2022-24765 equivalent). " |
| 67 | f"To trust this repository, run: muse trust add {path}" |
| 68 | ) |
| 69 | super().__init__(message) |
| 70 | |
| 71 | class HubFingerprintMismatchError(Exception): |
| 72 | """Raised when a hub's TLS certificate fingerprint changes unexpectedly. |
| 73 | |
| 74 | TOFU (Trust On First Use) pinning stores the server's certificate fingerprint |
| 75 | on the first connection. If a subsequent connection presents a different |
| 76 | fingerprint, this exception is raised to alert the user to a possible |
| 77 | man-in-the-middle attack or certificate rotation. |
| 78 | |
| 79 | To re-pin after a legitimate certificate change, run: |
| 80 | muse trust hub-reset <hostname> |
| 81 | """ |
| 82 | |
| 83 | def __init__(self, hostname: str, stored: str, actual: str) -> None: |
| 84 | self.hostname = hostname |
| 85 | self.stored_fingerprint = stored |
| 86 | self.actual_fingerprint = actual |
| 87 | message = ( |
| 88 | f"Hub fingerprint mismatch for {hostname!r}!\n" |
| 89 | f" Stored: {stored}\n" |
| 90 | f" Actual: {actual}\n" |
| 91 | "This may indicate a man-in-the-middle attack or a legitimate " |
| 92 | "certificate rotation.\n" |
| 93 | f"If you expected this change, run: muse trust hub-reset {hostname}" |
| 94 | ) |
| 95 | super().__init__(message) |
File History
7 commits
sha256:18b983389ee1b55900fcd799bfbb496552d2e3ecded9d18cefbfef188947a12e
chore: remove blob-debug test marker file
Sonnet 4.6
22 hours ago
sha256:e452ad9a6ace6ccc6d875a35e06caf9da5576a970c1c36133b69a891ce5fefa8
chore: prebuild timing test
Sonnet 4.6
8 days ago
sha256:0008ab6695e3e064b3e236b24fd19e538fef6a588eb0d211622f4466d919c0b1
merge: pull staging/dev — advance to 0.2.0rc12
Sonnet 4.6
patch
10 days ago
sha256:9c33d61749fff814c5226d5386aa2af7064c2c02788594a25fdd709358132eea
fix: _PROPOSAL_PREFIX_RESOLVE_LIMIT 200 → 100 to match hub …
Sonnet 4.6
21 days ago
sha256:36c3cb3e76619d4c30a6d9bf81b5ec4ff148e30dcfed913e3114ca7b43b81c7e
fix: rename objects→blobs in push client and all stale test…
Sonnet 4.6
patch
24 days ago
sha256:c06a9b9b9fee26c68ea725b44d54b2c0a171301ce9de746d5b656617b4463a9a
fix: repair four test failures from post-migration audit
Sonnet 4.6
patch
30 days ago
sha256:1900655993c83c4107067375548a7be823e471d2515830842f1a12cba4bd3cdf
fix: unified object store migration — idempotent writes, JS…
Sonnet 4.6
minor
⚠
30 days ago