-
fix: surface a tampered capability flag as a clean error, not a traceback
dsql released this
2026-06-29 05:10:25 +00:00 | 5 commits to main since this releasea tampered or foreign GCM capability flag raises cryptography's InvalidTag (subclasses Exception, not ValueError/RuntimeError), which escaped the CLI's catch tuple as a raw traceback on the authorize/verify paths. main() now catches InvalidTag and surfaces '[\xe2\x9c\x98] capability flag failed authentication — tampered or wrong DEK'. also corrected the stale CLAUDE.md storage note that still described the swallow-wrapped mongo methods instead of the fail-loud raw-collection path.
Signed-off-by: disqualifier dev@disqualifier.me
Downloads