fix(auth): keygen --force preserves registered handle from existing entry

After auth logout + auth keygen --force, the handle field was always reset to an empty string, making subsequent MSign-signed requests fail with 401 because the Authorization header carried no handle.

Root cause: run_keygen wrote a provisional_entry with handle='' instead of reading the handle from the existing identity entry (_existing_entry).

Fix: derive _existing_handle from _existing_entry before building the provisional_entry, preserving the registered username through re-keying.

Also adds test_auth_logout_keygen_integrity.py covering: - I1: keygen --force preserves handle (was RED, now GREEN) - I2: logout → keygen → register restores handle via idempotent register - I3: resolve_signing_identity returns correct handle after full restore cycle

sha256:2a46c7afa043c66a870c3c54f93973dd1cec2c64e2aa6625755b07fde1b74566 sha

sha256:eabba9eb248635d7f28f7d99b0464c202422576c6657d25f347582a3f84d7c48 parent

sha256:e4a00773856a85c53e43604d9f90b438d5e06816ccb249c4108f732ec18df01e snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:2a46c7afa043c66a870c3c54f93973dd1cec2c64e2aa6625755b07fde1b74566 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:e4a00773856a85c53e43604d9f90b438d5e06816ccb249c4108f732ec18df01e

Files 0

Browse tree at this commit →

Commit

SHA sha256:2a46c7afa043c66a870c3c54f93973dd1cec2c64e2aa6625755b07fde1b74566

Parent

sha256:eabba9eb248635d7f28f7d99b0464c202422576c6657d25f347582a3f84d7c48

Branch dev