fb1f28161c
- register_device() generates signing + deploy keypairs via core device module, stores them in DEVICE_STATE (once_cell Lazy<Mutex>), and returns only public keys to JS - sign_for_git() signs data using the internal signing key - get_device_info() returns name and public keys; returns null if not registered - clear_device() zeroes and drops device state (logout / re-registration) - Removed generate_device_keypair() which exposed raw private key bytes Fixes audit I5: private key material no longer crosses the WASM boundary. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
651 B
651 B