feat(auth): guard against accidental mnemonic destruction in keygen

--force now only overwrites the identity entry — it NEVER generates fresh entropy when a mnemonic already exists in the keychain.

To intentionally destroy the mnemonic (irreversible), both flags are required: --force --destroy-mnemonic. Neither alone is sufficient.

Adds 14 tests (I–IV) covering: - mnemonic reuse under --force - blocked destruction without double confirmation - escape hatch requires both flags - fingerprint stability under --force - fingerprint change after --destroy-mnemonic --force - keychain byte-for-byte invariants in both paths

sha256:fb90368bca8f7da71d0276fd34c2da479646b1187d899840efd6f5725334c85e sha

sha256:d189939c0e50f4be4578d7452dcc3af816b36e91e37ae0b2c1d33d517243248a parent

sha256:44f0a6d4c765a50af146b56c5ef1adc1e554296b70fa238dc83a27202f3039fb snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:fb90368bca8f7da71d0276fd34c2da479646b1187d899840efd6f5725334c85e --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump patch

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:44f0a6d4c765a50af146b56c5ef1adc1e554296b70fa238dc83a27202f3039fb

Files 0

Browse tree at this commit →

Commit

SHA sha256:fb90368bca8f7da71d0276fd34c2da479646b1187d899840efd6f5725334c85e

Parent

sha256:d189939c0e50f4be4578d7452dcc3af816b36e91e37ae0b2c1d33d517243248a

Branch dev