security: zero agent sub-seed bytearray after HD key derivation (CRITICAL-2)

Read sub-seed into bytearray instead of bytes so it is mutable, then overwrite every byte with 0x00 immediately after Ed25519PrivateKey is constructed. The zeroing happens before any return path so a core dump or /proc/<pid>/mem scan cannot recover the plaintext sub-seed.

Test (test_IV3_sub_seed_zeroed_after_use): patches derive_identity_key to capture the buffer reference, then asserts it is a bytearray and all zeros after get_signing_identity returns.

sha256:43d2e5e60810d198cf550699fa842a6abb305bd45f359905bd084b4192b4a821 sha

sha256:94c3b61d43bb71ad9a32df7feff7c3a8b97c408b93ec33cd632344a12e318baf parent

sha256:1a8d87f58a22f9bda49268f0c8efcfe0624e2048fd27d9b4760752cc7974ffe5 snapshot

← Older Oldest on task/critical2-zero-sub-seed

All commits

Newer → Latest on task/critical2-zero-sub-seed

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:43d2e5e60810d198cf550699fa842a6abb305bd45f359905bd084b4192b4a821 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:1a8d87f58a22f9bda49268f0c8efcfe0624e2048fd27d9b4760752cc7974ffe5

Files 0

Browse tree at this commit →

Commit

SHA sha256:43d2e5e60810d198cf550699fa842a6abb305bd45f359905bd084b4192b4a821

Parent

sha256:94c3b61d43bb71ad9a32df7feff7c3a8b97c408b93ec33cd632344a12e318baf

Branch task/critical2-zero-sub-seed