security: reject path traversal in agent_id for PEM filename construction

agent_id was appended verbatim to the PEM filename: ~/.muse/keys/{hostname}__{agent_id}.pem

A malicious agent_id like '../../.bashrc' resolves outside ~/.muse/keys/ via pathlib, allowing writes to arbitrary filesystem locations.

Add _SAFE_AGENT_ID regex (alphanumerics, hyphens, underscores, dots only). _key_path raises ValueError before constructing the path if agent_id fails the check. The end-to-end keygen path propagates this as a non-zero exit.

8 tests in test_agent_id_traversal.py.

sha256:1537a688fc95dd7bbcfd9effddf74a5b45767da3956de747ce529c487e768a19 sha

sha256:1ae4c1a788dd9cfc6f3932bd48c1d08772c02d13ec930f84b7b6bbfc04a71025 parent

sha256:eb0d5a2b84b6bad63b5d9a02797240419276241eeb4b56200ee3658eed85c7d5 snapshot

← Older Oldest on task/agent-id-traversal-guard

All commits

Newer → Latest on task/agent-id-traversal-guard

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:1537a688fc95dd7bbcfd9effddf74a5b45767da3956de747ce529c487e768a19 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:eb0d5a2b84b6bad63b5d9a02797240419276241eeb4b56200ee3658eed85c7d5

Files 0

Browse tree at this commit →

Commit

SHA sha256:1537a688fc95dd7bbcfd9effddf74a5b45767da3956de747ce529c487e768a19

Parent

sha256:1ae4c1a788dd9cfc6f3932bd48c1d08772c02d13ec930f84b7b6bbfc04a71025

Branch task/agent-id-traversal-guard