gabriel / muse public
feat main #43 / 100
Diff

feat: harden, test, and document all quality-dial changes

Security - LocalFileTransport._repo_root() calls .resolve() to canonicalise symlinks before the .muse/ check — prevents symlink-based path escape - push_pack() validates branch names with validate_branch_name() then contain_path() as defence-in-depth, blocking pre-placed symlink attacks on .muse/refs/heads/ - Fast-forward check upgraded to full BFS (_is_ancestor) through bundle + remote commit graph, correctly handling build_pack(have=...) bundles

Performance - LocalFileTransport uses lazy imports per method — zero circular-import risk - _is_ancestor BFS stops at first hit — O(divergence depth), not O(history)

Tests (72 new, 3167 total passing) - test_local_file_transport.py: unit, integration, security, stress - test_lineage_algorithm.py: created/copied/renamed/moved/modified/deleted, incremental registry correctness across 10+ intermediate commits - test_store_branch_heads.py: empty dir, missing dir, whitespace, subdirs

Docs - transport.py module docstring rewritten — covers both transports, make_transport factory, auth model, security model - docs/reference/security.md — new "Local File Transport Hardening" section with per-guard threat table - Bitcoin plugin removed, predict-conflicts alias added, lineage O(total ops) rewrite retained from previous session

G Gabriel Cardona <gabriel@tellurstori.com> · 2d ago Mar 21, 2026 · 7855ccd0 · parent 964c2330
43
files changed
403
files in snapshot
Files Changed 403 in snapshot
+3 ~13 −27
+ tests/test_lineage_algorithm.py .py
+ tests/test_local_file_transport.py .py
+ tests/test_store_branch_heads.py .py
~ WHITE_PAPER.md .md
~ docs/reference/security.md .md
~ muse/cli/app.py .py
~ muse/cli/commands/clone.py .py
~ muse/cli/commands/fetch.py .py
~ muse/cli/commands/lineage.py .py
~ muse/cli/commands/pull.py .py
~ muse/cli/commands/push.py .py
~ muse/core/store.py .py
~ muse/core/transport.py .py
~ muse/plugins/registry.py .py
~ tests/test_cli_clone.py .py
~ tests/test_cli_fetch_push.py .py
muse/cli/commands/btc_balance.py .py
muse/cli/commands/btc_check.py .py
muse/cli/commands/btc_compare.py .py
muse/cli/commands/btc_consolidate.py .py
muse/cli/commands/btc_dust.py .py
muse/cli/commands/btc_fee.py .py
muse/cli/commands/btc_halving.py .py
muse/cli/commands/btc_hodl.py .py
muse/cli/commands/btc_mempool.py .py
muse/cli/commands/btc_moon.py .py
muse/cli/commands/btc_oracle.py .py
muse/cli/commands/btc_pnl.py .py
muse/cli/commands/btc_privacy.py .py
muse/cli/commands/btc_provenance.py .py
muse/cli/commands/btc_select_coins.py .py
muse/cli/commands/btc_stack.py .py
muse/cli/commands/btc_strategy.py .py
muse/cli/commands/btc_utxos.py .py
muse/cli/commands/btc_whale.py .py
muse/plugins/bitcoin/__init__.py .py
muse/plugins/bitcoin/_analytics.py .py
muse/plugins/bitcoin/_loader.py .py
muse/plugins/bitcoin/_query.py .py
muse/plugins/bitcoin/_types.py .py
muse/plugins/bitcoin/plugin.py .py
tests/test_bitcoin_analytics.py .py
tests/test_bitcoin_plugin.py .py
Older Revamp white paper — plain language, drop the false formalism 964c2330 All commits Newer feat: add `muse domains publish` — publish domain plugins to MuseHub 1cc8f8fb

0 comments

No comments yet. Be the first to start the discussion.