security: verify Ed25519 commit signatures server-side in wire_push_stream
Prior to this commit, phase 5 of wire_push_stream only checked whether signature and signer_key_id fields were non-empty (a presence check). A pusher who cleared MSign auth could forge any signature string, any agent_id, any model_id — and the server would store it as verified provenance.
Fix: for every commit where signature AND signer_public_key are both present, call verify_commit_ed25519(provenance_payload(...), signature, pub_bytes). Any verification failure rejects the entire push with 422. A commit with signature present but signer_public_key absent is also rejected — we cannot verify without the key and accepting unverifiable claims undermines the provenance guarantee.
Unsigned commits (both fields empty) continue to follow the existing require_signed_commits gate — no behavior change for unsigned workflows.
Covered by 7 new TDD tests in test_commit_signature_verification.py: SV1 valid signature accepted SV2 forged/garbage signature rejected SV3 valid sig + wrong public key rejected SV4 signature without public key rejected SV5 unsigned commit accepted (require_signed_commits=False, regression guard) SV6 unsigned commit rejected (require_signed_commits=True, regression guard) SV7 mixed batch one forged → entire push rejected
0 comments
muse hub commit comment sha256:de914b09ef19fc604f6128006c0ac7cf64dfed9a601000897295587050979999 --body "your comment"
No comments yet. Be the first to start the discussion.