feat: add muse verify-commit — verify Ed25519 signatures on commits

Implements _verify_one, _fetch_key_status, register, and run. - Reconstructs canonical provenance payload and verifies via Ed25519 - --strict: exits nonzero on unsigned commits - --check-key-status: queries hub for key revocation (fails closed to 'unknown') - Batch: multiple commit IDs in one call, parallel via ThreadPoolExecutor - key_status_cache deduplicates hub calls within a batch invocation - 22 tests: unit, integration, security, stress — all green

sha256:2fb5d0ec7ab8875d6a0c4edd751c2680344746bff10fdf045c3df9fe5f800bc8 sha

sha256:c54a29a70951ebb33f9f8d65ec9e65101402d48ce03a713cdee4572ff997a579 parent

sha256:8d0381c0870499cda99f4686f57bee4507f6ac99573997faefa479eea01b946e snapshot

← Older Oldest on task/verify-commit

All commits

Newer → Latest on task/verify-commit

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:2fb5d0ec7ab8875d6a0c4edd751c2680344746bff10fdf045c3df9fe5f800bc8 --body "your comment"

Provenance signed

gabriel

Bump patch

Signature Cryptographically verified

Snapshot

ID sha256:8d0381c0870499cda99f4686f57bee4507f6ac99573997faefa479eea01b946e

Files 0

Browse tree at this commit →

Commit

SHA sha256:2fb5d0ec7ab8875d6a0c4edd751c2680344746bff10fdf045c3df9fe5f800bc8

Parent

sha256:c54a29a70951ebb33f9f8d65ec9e65101402d48ce03a713cdee4572ff997a579

Branch task/verify-commit