fix: allow localhost HTTP in transport credential guard

The HTTPS-only credential check correctly blocks token leakage over cleartext HTTP to remote servers. However, loopback addresses (localhost, 127.0.0.1, ::1) never leave the machine, so TLS would require a self-signed cert and add friction for local development.

Add an explicit loopback exemption so `muse push` works against a local MuseHub instance (e.g. Docker on port 10003) without needing a TLS terminator.

G Gabriel Cardona <gabriel@tellurstori.com> · 2d ago Mar 22, 2026 · c6d2e14b · parent 2d955ff7

file changed

406

files in snapshot

Files Changed 406 in snapshot

~ muse/core/transport.py .py

Older feat: Muse — domain-agnostic version control for multidimensiona… a44ac734 All commits Newer chore: bump version 0.1.4 → 0.1.5 2d955ff7

fix: allow localhost HTTP in transport credential guard

0 comments