fix: prevent .muse/ internals from leaking into working-tree snapshots

Data-integrity bug: muse code add .muse/agent.md (or any explicit path inside .muse/) bypassed the _ALWAYS_PRUNE_DIRS exclusion that the walker honours. The explicit-path and directory-arg branches in _collect_paths had no guard, so VCS-internal files could be staged and committed.

Consequence: on checkout to a branch whose snapshot omits those files, muse would delete .muse/agent.md and .muse/config.toml from disk — corrupting live VCS state.

Fix: add _is_inside_muse_dir(root, path) helper and call it at the top of the explicit-path loop in _collect_paths. Paths inside .muse/ are silently skipped with a debug log, identical treatment to out-of-repo paths.

Tests I7/I8/I9 in TestSecurityI cover: I7 — dot-add never stages .muse/ files (was already safe via walker) I8 — explicit .muse/agent.md is silently rejected I9 — .muse/ as a directory arg stages nothing from inside it

sha256:886b6675cbe9c199e84d3f5fcedd981ee1d2aa393effc6752944878bff04b90d sha

sha256:1fba819a24de82fecb5d395019d29021982f129fb62b96a67605916f711be41b parent

sha256:85842e312a049aeacc6f57bd3523a14d0155d4f55bc1828e973e3dee26baffff snapshot

← Older Oldest on task/fix-muse-dir-staging

All commits

Newer → Latest on task/fix-muse-dir-staging

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:886b6675cbe9c199e84d3f5fcedd981ee1d2aa393effc6752944878bff04b90d --body "your comment"

Provenance signed

gabriel

Signature Cryptographically verified

Snapshot

ID sha256:85842e312a049aeacc6f57bd3523a14d0155d4f55bc1828e973e3dee26baffff

Files 0

Browse tree at this commit →

Commit

SHA sha256:886b6675cbe9c199e84d3f5fcedd981ee1d2aa393effc6752944878bff04b90d

Parent

sha256:1fba819a24de82fecb5d395019d29021982f129fb62b96a67605916f711be41b

Branch task/fix-muse-dir-staging