fix(#36): merge commit_id must cover the same author field that is stored

merge_proposal() was calling compute_commit_id with author='' (the default) but storing author='musehub-server' on the MusehubCommit row. The Muse CLI _verify_commit_id re-derives the hash using the stored author, so every server-created merge commit failed client-side integrity verification on pull.

Fix: thread merger_handle from the authenticated token in the route handler through merge_proposal() and use it as a shared variable for both the hash computation and the stored author field so they always agree.

Tests: tests/test_merge_commit_id_parity.py (P1–P4, all GREEN).

sha256:ed6b584dde4b62d28626a33a9ff0ec8c20d11be603646edf8ddfa4f0018e6007 sha

sha256:763eb2cb8675073b84c19345b27586d2ed939a9aee97c5479b69f502f1a70eff parent

sha256:8670d6d52bfbeed377f7961080f3699d44bac43c35c0536a89d76d034224aee3 snapshot

← Older Oldest on dev

All commits

Newer → Latest on dev

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:ed6b584dde4b62d28626a33a9ff0ec8c20d11be603646edf8ddfa4f0018e6007 --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump BREAKING

Agent claude-code

Breaking

musehub/services/musehub_proposals.py::merge_proposal

Signature Cryptographically verified

Snapshot

ID sha256:8670d6d52bfbeed377f7961080f3699d44bac43c35c0536a89d76d034224aee3

Files 0

Browse tree at this commit →

Commit

SHA sha256:ed6b584dde4b62d28626a33a9ff0ec8c20d11be603646edf8ddfa4f0018e6007

Parent

sha256:763eb2cb8675073b84c19345b27586d2ed939a9aee97c5479b69f502f1a70eff

Branch dev