feat(phase7): enforce msgpack confined to wire-protocol files only

- Remove lazy msgpack import from sign.py response decoder (not a wire file; JSON or raw-text fallback is sufficient for sign request responses) - Add tests/test_phase7_no_msgpack_in_storage.py: 4 lint tests - test_all_allowlist_files_exist: guard against stale allowlist entries - test_no_msgpack_import_in_core_storage: muse/core/ outside allowlist - test_no_msgpack_import_in_plugins: muse/plugins/ clean (no allowlist needed) - test_no_msgpack_import_in_cli_storage: muse/cli/commands/ outside allowlist - Wire-only allowlist: store.py, gc.py, transport.py, migrate.py, mpack.py, bundle.py, pack_objects.py, unpack_objects.py, verify_pack.py

sha256:de8316d5608c7f0200d532a567a6f3c52f7c322dfbedd245b2d3a20711d07b74 sha

sha256:0d0f1e8e12ca5e534d95434172695b0613daa260285c456f0679e254535d2a25 parent

sha256:ab6214ebd61142121a1f7a582867d44605f09bc52fc5d6f039c1b5ae539d9dac snapshot

Older feat(phase6): migrate caches and indices from msgpack to plain JSON sha256:0d0f1e8e12ca5e534d95434172695b0613daa260285c456f0679e254535d2a25 All commits Newer audit(issue-12): fix stale msgpack references in docstrings, com… sha256:fa847c3cba6cb4da9b6f8e3f75f713b381470151517e459c9150a40dee21d3c2

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:de8316d5608c7f0200d532a567a6f3c52f7c322dfbedd245b2d3a20711d07b74 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:ab6214ebd61142121a1f7a582867d44605f09bc52fc5d6f039c1b5ae539d9dac

Files 0

Browse tree at this commit →

Commit

SHA sha256:de8316d5608c7f0200d532a567a6f3c52f7c322dfbedd245b2d3a20711d07b74

Parent

sha256:0d0f1e8e12ca5e534d95434172695b0613daa260285c456f0679e254535d2a25

Branch dev