security: warn when keychain unavailable and mnemonic would be silently lost (CRITICAL-1)

In save_identity(), when is_available() returns False for a non-intentional reason (no keyring backend, library missing, OS keychain broken), log a WARNING telling the operator that the BIP-39 mnemonic is ephemeral and won't survive process exit.

MUSE_KEYCHAIN_BACKEND=disabled stays silent — that's intentional CI/test mode where ephemeral mnemonics are expected.

Tests (TestKeychainUnavailableWarnsV): V1: warning is logged when keychain unavailable without the disabled flag V2: no warning when MUSE_KEYCHAIN_BACKEND=disabled (intentional mode)

sha256:6ec622eeddc8f5721ffbe2e933b7258870b47cc3e16e0cdf06684f1d36c0a5ef sha

sha256:43d2e5e60810d198cf550699fa842a6abb305bd45f359905bd084b4192b4a821 parent

sha256:51a50756ee1e8df1e7fb65bced45f6a7b8f48d587133e5206e77f6b3b2e0dd35 snapshot

← Older Oldest on task/critical1-keychain-unavailable-warning

All commits

Newer → Latest on task/critical1-keychain-unavailable-warning

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:6ec622eeddc8f5721ffbe2e933b7258870b47cc3e16e0cdf06684f1d36c0a5ef --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:51a50756ee1e8df1e7fb65bced45f6a7b8f48d587133e5206e77f6b3b2e0dd35

Files 0

Browse tree at this commit →

Commit

SHA sha256:6ec622eeddc8f5721ffbe2e933b7258870b47cc3e16e0cdf06684f1d36c0a5ef

Parent

sha256:43d2e5e60810d198cf550699fa842a6abb305bd45f359905bd084b4192b4a821

Branch task/critical1-keychain-unavailable-warning