feat: content scanning and DMCA takedown (issue #49 phase 3)
Adds the known-hash blocklist check (3a), content.scan job infrastructure (3b), and DMCA takedown endpoint (3c) to the bundle push pipeline.
3a — Blocklist check in process_bundle_index_job: - musehub_blocked_hashes table (MusehubBlockedHash model) - Check runs after Phase 2 validation, before any MinIO writes - BundleValidationError raised on match → job quarantined - Reports all blocked IDs in the error message
3b — content.scan job infrastructure: - After successful bundle.index, a content.scan job is enqueued per object - Job type='content.scan', payload={object_id, repo_id, bundle_key} - Stub processor always returns clean; CSAM API drops in when ready
3c — DMCA takedown endpoint: - POST /api/admin/takedown (admin-only, 403 for non-admin) - Adds object_ids to musehub_blocked_hashes (idempotent) - Moves existing MinIO objects to quarantine/ prefix - Sets dmca_hold=True on specified repo_ids - dmca_hold column on musehub_repos - quarantine_object() on BlobBackend
10 new tests in test_bundle_content_scanning_phase3.py
0 comments
muse hub commit comment sha256:7039004cb9fd3d423a5be2e56258d8814ee3f52aed30f15cd9ea7d9eb799d75f --body "your comment"
No comments yet. Be the first to start the discussion.