feat(security): daily byte limit + accounting in stream path — Phase 2 of issue #51

Pre-check: wire_push_stream now accepts identity_id; on entry (after auth, before the frame loop) it reads musehub_daily_push_bytes for today and yields an ERROR frame (429-equivalent) if bytes_today >= bundle_daily_upload_limit_bytes.

Accounting: _stream_bytes_received accumulates len(raw_content) for every object frame accepted; record_bundle_bytes_uploaded is called on successful push completion so the counter reflects both presign and stream pushes.

The route (wire.py) passes claims.identity_id as the new keyword arg.

4 TDD tests green (test_stream_security_phase2.py); 70 regression tests (test_wire_push_stream + phase1) still pass.

sha256:f5873efcc9d23e7b1d00f7ddce5ab0b559959aaa1ccb05b5b7ec3bf86cdb37dd sha

sha256:ad161dc342a5a864c95565fb8f8649e6eb642a34192a6f2215e3e9c385e32260 parent

sha256:cef10b0b820cf9df274b6a5d5a0aea9d1854fc6de7b4772a24590506e12cdd4f snapshot

← Older Oldest on task/stream-security-phase2

All commits

Newer → Latest on task/stream-security-phase2

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:f5873efcc9d23e7b1d00f7ddce5ab0b559959aaa1ccb05b5b7ec3bf86cdb37dd --body "your comment"

Provenance signed

AI Agent

claude-sonnet-4-6

Bump BREAKING

Agent claude-code

Breaking

musehub/services/musehub_wire.py::wire_push_stream

Signature Cryptographically verified

Snapshot

ID sha256:cef10b0b820cf9df274b6a5d5a0aea9d1854fc6de7b4772a24590506e12cdd4f

Files 0

Browse tree at this commit →

Commit

SHA sha256:f5873efcc9d23e7b1d00f7ddce5ab0b559959aaa1ccb05b5b7ec3bf86cdb37dd

Parent

sha256:ad161dc342a5a864c95565fb8f8649e6eb642a34192a6f2215e3e9c385e32260

Branch task/stream-security-phase2