fix: recognise application/x-muse-wire as streaming content type in MSign auth

Wall 8: renaming the push Content-Type from application/x-muse-mpack to application/x-muse-wire caused _verify_msign to fall into the else branch and call await request.body(), producing sha256(full_body) != sha256('') and returning 401 on every push stream.

Both content types are streaming — body hash is always sha256('') because the body is a generator unknown at signing time. Body integrity is enforced per-frame via sha256: OID content-addressing instead.

Adds test: test_wire_content_type_uses_empty_body_hash

sha256:bfcede852077b810e591a911d7d3c79508f8c602c53d76349d579eccc4327c22 sha

sha256:e9f581dc32e6d316501ffe47768343449c378f24747fa18aad289e660e2b111e parent

sha256:4954d55206273f74a00f00d8ef5c8167a346eae0d1222793f639d508a3832431 snapshot

← Older Oldest on task/wall8-wire-content-type-auth

All commits

Newer → Latest on task/wall8-wire-content-type-auth

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:bfcede852077b810e591a911d7d3c79508f8c602c53d76349d579eccc4327c22 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Agent claude-code

Signature Cryptographically verified

Snapshot

ID sha256:4954d55206273f74a00f00d8ef5c8167a346eae0d1222793f639d508a3832431

Files 0

Browse tree at this commit →

Commit

SHA sha256:bfcede852077b810e591a911d7d3c79508f8c602c53d76349d579eccc4327c22

Parent

sha256:e9f581dc32e6d316501ffe47768343449c378f24747fa18aad289e660e2b111e

Branch task/wall8-wire-content-type-auth