feat(attestations): Phase 1 — claim-type registry, scope, expiry, 52 tests GREEN
- DB-backed claim type registry (musehub_attestation_claim_types) with 17 seed types across identity / trust / collab / code / music / skill categories - Attestation scope: identity | repo | commit; scope_ref binds to handle/repo@sha256:... - Canonical ATTEST message appends scope_ref for non-identity scope (domain-separated from MSign and MPay prefixes to prevent cross-protocol replay) - issue_attestation: validates claim type + scope + sig before persisting; idempotent via ON CONFLICT DO NOTHING with IntegrityError fallback for concurrent callers - get_attestations_for_commit / get_attestations_for_repo: new query surfaces - verify_stored_attestation: key-rotation-safe using stored attester_public_key - add_claim_type / deprecate_claim_type: runtime registry extension - Migration 0043: idempotent DDL + seed, widens subject to VARCHAR(128), adds scope/scope_ref/repo_id/commit_id/expires_at columns + indexes - API: GET /api/profiles/attestation-types (before /{handle} to avoid param capture), POST/DELETE/GET attestation routes with scope-aware subject validation - Test conftest: re-seeds claim types table after each TRUNCATE; session_factory fixture for concurrent stress tests - 52 TDD tests covering 7 tiers: unit, integration, E2E, stress, data integrity, performance, security
0 comments
muse hub commit comment sha256:9254c5d6da0544ee3ffd22f7e89095fa6ec0015846be3620f27314b92121de4d --body "your comment"
No comments yet. Be the first to start the discussion.