refactor: remove .workers.dev curl fallback from pack upload

pack_origin now resolves to packs.musehub.ai (custom domain) so urllib works on all platforms without fingerprint-based Bot Fight Mode blocking.

Removed: - _use_curl detection (platform + .workers.dev + SigningIdentity check) - curl-based _send_pack branch (tempfile, subprocess, manual MSign header, msgpack encode/decode fallback to json) - SigningIdentity and build_msign_header imports in push.py

Kept: - _upload_presigned_curl — unrelated macOS OpenSSL 3.6.x TLS 1.3 bug on presigned S3/R2 PUTs; still a real platform-specific issue

Also fixed TestBuildRequest._build to mock check_and_pin so TOFU fingerprint checks do not make live TLS connections in unit tests.

sha256:edd8adf9220e22d3ac951fda97a59171046d46f87b230dc22f9a161580298c32 sha

sha256:33bc4096adb87ff25fc548c5479faa2477cfbcfd19498802a88c426cd9e41759 parent

sha256:0b7283101a1d6237a54ac85e749499780c692bced279b99f6fd7d9ff25a98bd6 snapshot

← Older Oldest on task/rm-workers-dev-curl-fallback

All commits

Newer → Latest on task/rm-workers-dev-curl-fallback

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:edd8adf9220e22d3ac951fda97a59171046d46f87b230dc22f9a161580298c32 --body "your comment"

Provenance signed

gabriel

Bump BREAKING

Breaking

muse/cli/commands/push.py::import::SigningIdentitymuse/cli/commands/push.py::import::build_msign_headertests/test_core_transport.py::TestBuildRequest

Signature Cryptographically verified

Snapshot

ID sha256:0b7283101a1d6237a54ac85e749499780c692bced279b99f6fd7d9ff25a98bd6

Files 0

Browse tree at this commit →

Commit

SHA sha256:edd8adf9220e22d3ac951fda97a59171046d46f87b230dc22f9a161580298c32

Parent

sha256:33bc4096adb87ff25fc548c5479faa2477cfbcfd19498802a88c426cd9e41759

Branch task/rm-workers-dev-curl-fallback