gabriel / muse public
feat BREAKING security feat/security-controls #1 / 2
gabriel · 72 days ago · Apr 9, 2026 · Diff

feat(security): ownership checks, TOFU pinning, Ed25519 provenance v2

- repo.py: CVE-2022-24765 equivalent — UntrustedRepositoryError when .muse/ is owned by a different UID; escape via MUSE_SAFE_DIRS or 'muse trust add <path>' - identity.py: refuse to load private keys with world-readable perms or foreign ownership - errors.py: UntrustedRepositoryError + HubFingerprintMismatchError - provenance.py: payload v2 (binds committed_at timestamp), Ed25519 verify support, sign_commit_record helper - verify.py: Ed25519 signature verification (replaces HMAC) - commit.py: wires provenance signing into commit path - trust.py: 'muse trust' CLI — add/remove/list safe dirs, hub-list/hub-reset for TOFU fingerprint management - app.py / config.py: register trust command, safe_dirs config helpers - ast_parser.py: code intelligence updates - 34 tests covering all of the above (all green)

sha256:a50b74a10891416f2f142efb6d67bac4c7761786d4ccec023c37ec2ea6d08053 sha
sha256:11db926a2524e20789897959cc59aed3b80f29771861232ed76db1153f1d5124 parent
sha256:b9e1654ab6f50332c26f3bb18de6c9b957c0716ac5724b10eb43d4797c9d9549 snapshot
Older fix: resolve all failing tests — push/pull/security/transport ha… sha256:5a8f68a1da9d0d371237ab14bd0d1347d080f80ae2f90937a0de2cc2ce9309f5 All commits
Newer → Latest on feat/security-controls

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:a50b74a10891416f2f142efb6d67bac4c7761786d4ccec023c37ec2ea6d08053 --body "your comment"