feat(auth): Phase 5 — PEM cleanup and security-check commands

muse auth cleanup-keys - Overwrites each ~/.muse/keys/*.pem with os.urandom bytes of equal length, fsyncs, then unlinks — no key material survives on disk - JSON: {destroyed: [...paths], count: N}

muse auth security-check - Four invariant checks: mnemonic in keychain, no PEM files, no key_path in identity.toml, fingerprint matches mnemonic derivation - Exits 1 if any check fails; JSON output for agent consumption - Ran on real identity: 6 stale PEM files destroyed; localhost:10003 and staging.musehub.ai entries flagged (pre-migration, will fix on re-register)

Doc: mark Phases 1-4 complete, Phase 5 in progress → now implemented Tests: 10 new tests (C1-C5, S1-S5) all green

sha256:a1157e1c48b653cabd6ebc9d43abbc7464ea0fc74413e1921c896ad45eb7e9df sha

sha256:000c6ae34bd049b98afef153e1cd959782ddcdaecab94622663435f2a4f39114 parent

sha256:91938e39dee1e92dd0dc845984da194b0d371018a196aa56d3dd5ad7abdde909 snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:a1157e1c48b653cabd6ebc9d43abbc7464ea0fc74413e1921c896ad45eb7e9df --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:91938e39dee1e92dd0dc845984da194b0d371018a196aa56d3dd5ad7abdde909

Files 0

Browse tree at this commit →

Commit

SHA sha256:a1157e1c48b653cabd6ebc9d43abbc7464ea0fc74413e1921c896ad45eb7e9df

Parent

sha256:000c6ae34bd049b98afef153e1cd959782ddcdaecab94622663435f2a4f39114

Branch dev