feat: implement muse verify-tag with Ed25519 signature verification

- Add message, signature, signer_public_key, signer_key_id fields to TagRecord and TagDict (backward-compatible defaults) - Add get_tag_by_name() helper to store.py for tag lookup by label - Implement muse/cli/commands/verify_tag.py: tag_payload(), _verify_tag_one(), _fetch_key_status(), register(), run() - Register verify-tag in app.py - 25 tests covering unit (payload determinism, tamper detection), integration (CLI valid/invalid/batch/strict/json/text), security (ANSI rejection, bit-flip), and stress (50 tags, cache deduplication)

sha256:a620c05b021bf0adad01d38991be9b8d17799265a5336f04e0df51c66a9c3c68 sha

sha256:9bccb86248b44febc7f02c6c5062b96d9163f96c5c30fbbabc2d3f395bbbb450 parent

sha256:1cbd284f8e3801a1c22d3aab3282205c872ca6b48d747079331ac73c0d9860f1 snapshot

← Older Oldest on task/verify-tag

All commits

Newer → Latest on task/verify-tag

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:a620c05b021bf0adad01d38991be9b8d17799265a5336f04e0df51c66a9c3c68 --body "your comment"

Provenance signed

gabriel

Bump BREAKING

Breaking

muse/core/store.py::TagDictmuse/core/store.py::TagRecord

Signature Cryptographically verified

Snapshot

ID sha256:1cbd284f8e3801a1c22d3aab3282205c872ca6b48d747079331ac73c0d9860f1

Files 0

Browse tree at this commit →

Commit

SHA sha256:a620c05b021bf0adad01d38991be9b8d17799265a5336f04e0df51c66a9c3c68

Parent

sha256:9bccb86248b44febc7f02c6c5062b96d9163f96c5c30fbbabc2d3f395bbbb450

Branch task/verify-tag