gabriel / muse public
fix BREAKING feat/security-controls #2 / 2
gabriel · 68 days ago · Apr 8, 2026 · Diff

fix: resolve all failing tests — push/pull/security/transport hardening

- LocalFileTransport.push_pack(): add local_head param (matches HttpTransport protocol) - Abstract Transport.push_pack() protocol: add local_head param with default None - _FakeTransport.push_pack() in tests: add local_head param to match live protocol - Skip TOFU fingerprint check for unauthenticated requests (signing is None): protects credentials only when credentials are present; fixes non-loopback HTTP test that erroneously triggered fingerprint mismatch - _v7_sig test helper: pass committed_at to provenance_payload (v2 payload includes committed_at; verifier always passes it, so test signer must too) - Pull bootstrap test: fix fake manifest using 'h'*64 (invalid hex) as object ID; replace with 'cd'*32 (valid hex) and configure fetch_objects mock to return [] - test_directories_feature._muse(): fall back to PATH-resolved muse when .venv absent

sha256:5a8f68a1da9d0d371237ab14bd0d1347d080f80ae2f90937a0de2cc2ce9309f5 sha
sha256:f1b8d20bae6ebb21459ff1521dfce8f68075ace30e56ee232b20cd97a9e4103e parent
sha256:09cc6e021954e22657ef48cd1ad2c8c85b30135fa2588280813d6c598039aec8 snapshot
← Older Oldest on feat/security-controls
All commits Newer feat(security): ownership checks, TOFU pinning, Ed25519 provenance v2 sha256:a50b74a10891416f2f142efb6d67bac4c7761786d4ccec023c37ec2ea6d08053

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:5a8f68a1da9d0d371237ab14bd0d1347d080f80ae2f90937a0de2cc2ce9309f5 --body "your comment"