security(phase-3+4): auth keygen writes no PEM; key_path removed from schema

Add derive_hd_public_info() to keypair.py — derives Ed25519 public info in memory without writing any PEM file. Update run_keygen to call it instead of generate_hd_keypair, remove key_path from identity entries and JSON output, and remove the PEM-existence guard (no file to guard against).

Remove key_path from _KeygenJson and _AgentKeygenJson TypedDicts. The --force flag is now a no-op gate (no PEM to overwrite) but the flag is kept for backward-compat callers.

Tests updated: PEM-checking assertions replaced with no-PEM assertions; new TestKeygenPhase4NoPem (P4-1..P4-5) added and green.

sha256:2bd5f9eda173ac77b4b1532986a2f40bbc30d8f11f9305194a7e9c58e0b98b63 sha

sha256:86d1d97a0143ab6c55133f029dae9bb3ca95c28d2f77d7891198ebf88cebbe26 parent

sha256:6bef385a05697bdb55dac6025c21f55e40c67c0b4d78b3d433f24c728c8461f8 snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:2bd5f9eda173ac77b4b1532986a2f40bbc30d8f11f9305194a7e9c58e0b98b63 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:6bef385a05697bdb55dac6025c21f55e40c67c0b4d78b3d433f24c728c8461f8

Files 0

Browse tree at this commit →

Commit

SHA sha256:2bd5f9eda173ac77b4b1532986a2f40bbc30d8f11f9305194a7e9c58e0b98b63

Parent

sha256:86d1d97a0143ab6c55133f029dae9bb3ca95c28d2f77d7891198ebf88cebbe26

Branch dev