gabriel / muse public
errors.py python
95 lines 3.6 KB
Raw
sha256:6ed6b11aceb96bef850842a7aaac54c04843fa9fba5d1200e4bc3845e12d4142 docs: add muse-tag-guide mist (complete idiomatic guide wit… Sonnet 4.6 19 days ago
1 """Exit-code contract and exception types for the Muse CLI."""
2
3 import enum
4
5 class ExitCode(enum.IntEnum):
6 """Standardised CLI exit codes.
7
8 0 — success
9 1 — user error (bad arguments, invalid input)
10 2 — repo-not-found / config invalid
11 3 — server / internal error
12 4 — requested item not found
13 5 — remote communication error
14 6 — partial success (completed with skipped/corrupt objects)
15 """
16
17 SUCCESS = 0
18 USER_ERROR = 1
19 REPO_NOT_FOUND = 2
20 INTERNAL_ERROR = 3
21 NOT_FOUND = 4
22 REMOTE_ERROR = 5
23 PARTIAL = 6
24
25 class MuseCLIError(Exception):
26 """Base exception for Muse CLI errors."""
27
28 def __init__(self, message: str, exit_code: ExitCode = ExitCode.INTERNAL_ERROR) -> None:
29 super().__init__(message)
30 self.exit_code = exit_code
31
32 class RepoNotFoundError(MuseCLIError):
33 """Raised when the current directory is not a Muse repository."""
34
35 def __init__(self, message: str = "Not a Muse repository. Run `muse init`.") -> None:
36 super().__init__(message, exit_code=ExitCode.REPO_NOT_FOUND)
37
38 #: Canonical public alias matching the name specified.
39 MuseNotARepoError = RepoNotFoundError
40
41 class UntrustedRepositoryError(PermissionError):
42 """Raised when a ``.muse/`` directory is owned by a different user.
43
44 This is the Muse equivalent of CVE-2022-24765: an attacker-owned repository
45 in a shared-filesystem location (e.g. ``/tmp``, a Docker bind-mount, a
46 multi-user home directory) could inject malicious configuration or hooks that
47 execute under the victim's UID.
48
49 Escape hatches (bypass ownership check):
50 - Set ``MUSE_SAFE_DIRS`` environment variable to a colon-separated list of
51 absolute paths that are trusted regardless of ownership.
52 - Add paths via ``muse trust add <path>`` which writes to
53 ``~/.muse/config.toml`` under ``[security] safe_dirs``.
54
55 Root (uid == 0) bypasses ownership checks entirely since root can already
56 read and write any file regardless of ownership.
57 """
58
59 def __init__(self, path: str, owner_uid: int, current_uid: int) -> None:
60 self.repo_path = path
61 self.owner_uid = owner_uid
62 self.current_uid = current_uid
63 message = (
64 f"Untrusted repository at {path!r}: owned by UID {owner_uid}, "
65 f"but running as UID {current_uid}. "
66 "This could be a security risk (CVE-2022-24765 equivalent). "
67 f"To trust this repository, run: muse trust add {path}"
68 )
69 super().__init__(message)
70
71 class HubFingerprintMismatchError(Exception):
72 """Raised when a hub's TLS certificate fingerprint changes unexpectedly.
73
74 TOFU (Trust On First Use) pinning stores the server's certificate fingerprint
75 on the first connection. If a subsequent connection presents a different
76 fingerprint, this exception is raised to alert the user to a possible
77 man-in-the-middle attack or certificate rotation.
78
79 To re-pin after a legitimate certificate change, run:
80 muse trust hub-reset <hostname>
81 """
82
83 def __init__(self, hostname: str, stored: str, actual: str) -> None:
84 self.hostname = hostname
85 self.stored_fingerprint = stored
86 self.actual_fingerprint = actual
87 message = (
88 f"Hub fingerprint mismatch for {hostname!r}!\n"
89 f" Stored: {stored}\n"
90 f" Actual: {actual}\n"
91 "This may indicate a man-in-the-middle attack or a legitimate "
92 "certificate rotation.\n"
93 f"If you expected this change, run: muse trust hub-reset {hostname}"
94 )
95 super().__init__(message)
File History 1 commit
sha256:6ed6b11aceb96bef850842a7aaac54c04843fa9fba5d1200e4bc3845e12d4142 docs: add muse-tag-guide mist (complete idiomatic guide wit… Sonnet 4.6 19 days ago