gabriel / musehub public
fix BREAKING dev #40 / 100
AI Agent gabriel · 20 days ago · May 19, 2026 · Diff

fix: port security checks inline, remove repo_id from MusehubCommit in tests

- wire_push_unpack_mpack: add zip bomb guard (mpack_max_decompressed_bytes) and blocked hash check with quarantine — parity with process_mpack_index_job - test_intel_fidelity, test_symbol_detail_pagination: replace MusehubCommit(repo_id=) with MusehubCommitRef rows — commits are globally content-addressed - conftest._make_commit_row: same fix; shared helper unblocks multiple test files - test_mpack_index_job_phase3: rewrite for synchronous inline unpack-mpack design - test_wire_fetch_step1: add get_mpack/put_mpack/presign_mpack_get to stub backend - test_wire_step3_upload: use build_wire_mpack instead of raw msgpack bytes - musehub_wire: add _is_ancestor_db via walk_dag_async; fix objects_written return key

sha256:b8884c81af5e135510894a537784c16158ee9c2c05d074f978611bbcb611ca10 sha
sha256:5a738d8b1313323906732a750898dcd313b53fb02ab832dfe7525a0eb61580d4 parent
sha256:0349c7761f913701a8de5d6e6ba523aa81a57da5ed1121103127f1333b6f1380 snapshot
Older feat: Phase 4 — wire_push_unpack_mpack detects MPack binary format sha256:d5357b6876e792d6ecd81e99ed5d11108cd0a1cf1329f1c03368394ada3fb113 All commits Newer fix: remove --wire from smoke_muse.sh; drop repo_id from CommitR… sha256:ae7382906dc6f4eb24c58acdbe9e555546c021892672d33e479567786774ecec

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:b8884c81af5e135510894a537784c16158ee9c2c05d074f978611bbcb611ca10 --body "your comment"