feat(auth): muse auth keygen --hd — BIP39/SLIP-0010 HD identity key
Phase 1 of HD wallet integration.
keypair.py generate_hd_keypair(hostname, seed) — derives identity key via derive_identity_key(seed) over SLIP-0010 Ed25519 and writes PEM to the same path as a JBOK key. Deterministic from seed; never random.
identity.py IdentityEntry gains three optional HD provenance fields: key_source = 'hd' mnemonic = '<bip39 words>' hd_path = 'm/1075233755'/0'/0'/0'/0'/0'' _dump_identity serialises these fields when present; JBOK entries are unchanged (backwards compatible).
auth.py — muse auth keygen --hd New flags: --hd, --strength BITS (128/160/192/224/256, default 128), --language LANG (default english). HD path: generate mnemonic → derive seed → generate_hd_keypair → print mnemonic to stderr with safety warning → emit JSON (no mnemonic in stdout). JBOK path unchanged for existing users. Passphrase intentionally omitted from CLI (avoids shell history leak).
Tests: 38 cases — unit (IdentityEntry, _dump_identity, generate_hd_keypair), integration (CLI flags, PEM, permissions, word count, language, JSON shape), E2E (re-derivation round-trip, sign+verify), security, performance, docstrings. All 70 existing auth tests passing.
0 comments
muse hub commit comment sha256:f31d95d7f79b845b7af34e2ae72e2c6eb19ea05655d7be3f1d73bdb60a6428e1 --body "your comment"
No comments yet. Be the first to start the discussion.