fix: enforce sha256: prefix on ref files and repo_id

- read_ref rejects bare-hex values (returns None); only sha256:-prefixed IDs are valid — legacy files are treated as corrupt, not silently promoted - iter_branch_refs inherits the rejection: bare-hex refs are skipped - validate_repo_id now requires sha256:<64 hex> — UUIDs and plain strings are rejected with a descriptive error - clone.py: write branch refs through write_branch_ref (not write_text_atomic) so the prefix invariant is enforced at the write boundary - worktree.py: same — use write_branch_ref for new branch creation - init --force: only preserves existing repo_id if it passes validate_repo_id; legacy UUIDs cause a fresh sha256: ID to be generated - init --force: never clears an existing non-empty branch ref

sha256:c4c8d49a5cee2ef8f7991cc1b1e9c98f1015a372ee2185123c0d93f04c182039 sha

sha256:a23b5dbc834cf9a050d74615ac222909e6ed9c5a08c7e4c518e6cbaa258ecaf0 parent

sha256:697921405d53787a181eb98def02132ecceef6de55e4a9ba3998f1a80ef36fbc snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:c4c8d49a5cee2ef8f7991cc1b1e9c98f1015a372ee2185123c0d93f04c182039 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:697921405d53787a181eb98def02132ecceef6de55e4a9ba3998f1a80ef36fbc

Files 0

Browse tree at this commit →

Commit

SHA sha256:c4c8d49a5cee2ef8f7991cc1b1e9c98f1015a372ee2185123c0d93f04c182039

Parent

sha256:a23b5dbc834cf9a050d74615ac222909e6ed9c5a08c7e4c518e6cbaa258ecaf0

Branch dev