security: zero DerivedKey in get_signing_identity MUSE_AGENT_KEY_FD path

- After Ed25519PrivateKey.from_private_bytes(dk.private_bytes), dk was never zeroed — DerivedKey's 32-byte private_bytes and chain_code lingered in heap - Added dk.zero() immediately after key object creation, before zeroing sub_seed - Add tests/test_agent_key_fd_zeroing.py (2 tests) — RED before this commit

sha256:e503af6ad34feaa2dad274389984a7f01df7df6c2f234819b7911f8f1a9f4664 sha

sha256:1849809512befe58345931cf82b05a13f8ec794c7159ce86723757dbb575820d parent

sha256:c99aeb2e8232b5e3c4284de299379d0bc48fe82f7b56ee06a632d78aa236df3f snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:e503af6ad34feaa2dad274389984a7f01df7df6c2f234819b7911f8f1a9f4664 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:c99aeb2e8232b5e3c4284de299379d0bc48fe82f7b56ee06a632d78aa236df3f

Files 0

Browse tree at this commit →

Commit

SHA sha256:e503af6ad34feaa2dad274389984a7f01df7df6c2f234819b7911f8f1a9f4664

Parent

sha256:1849809512befe58345931cf82b05a13f8ec794c7159ce86723757dbb575820d

Branch dev