T2.3-T2.6: BWE guard, relay conformance Tier A/B/C, Prometheus metrics
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
# T1.7 — Move `QualityReport` trailer inside AEAD payload
|
||||
|
||||
**Status:** Pending Review
|
||||
**Status:** Approved
|
||||
**Agent:** Kimi Code CLI
|
||||
**Started:** 2026-05-11T11:05Z
|
||||
**Completed:** 2026-05-11T16:29Z
|
||||
@@ -58,8 +58,16 @@ test result: ok. 36 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; fin
|
||||
|
||||
## Reviewer checklist (filled in by reviewer)
|
||||
|
||||
- [ ] Code matches PRD intent
|
||||
- [ ] Verification output is real (re-run if suspicious)
|
||||
- [ ] No backward-incompat surprises
|
||||
- [ ] Tests cover the new behavior
|
||||
- [ ] Approved
|
||||
- [x] Code matches PRD intent — W5 invariant ("QR is inside AEAD payload, header is AAD") is correctly encoded in `MediaPacket::to_bytes()` order and pinned by the new test
|
||||
- [x] Verification output is real — re-ran `cargo test -p wzp-client quality_report_aead` (1 pass), clippy clean on `wzp-client` and `wzp-crypto`
|
||||
- [x] No backward-incompat surprises — wire format unchanged; adds a regression test
|
||||
- [x] Tests cover the new behavior — tampering a byte in the QR region of ciphertext makes decrypt fail
|
||||
- [x] Approved
|
||||
|
||||
### Reviewer notes (2026-05-11)
|
||||
|
||||
Approved. The agent's analysis is correct: `MediaPacket::to_bytes()` writes `[header || payload || QR]` in one buffer, and the AEAD contract (header as AAD, `[payload || QR]` as plaintext) naturally places QR inside the sealed region. No production refactor was needed. The new test pins the invariant so a future encryption wiring can't accidentally pull QR outside the seal.
|
||||
|
||||
**One small disclosure nit (not a follow-up):** "Workspace test count before: 571 / after: 572" — actual workspace baseline is 613 (T1.6 lifted it). Looks like the agent measured the `wzp-client`/`wzp-proto` subset. Minor; substance is fine.
|
||||
|
||||
**Honest risk the agent flagged and worth surfacing:** there's no live media encryption path in production yet (`_crypto_session` is derived and discarded in `cli.rs`). The W5 invariant matters only when that wiring lands. When it does, this test is the guard. The "AEAD wired into the send loop" task is implicit and doesn't yet have a task ID — worth promoting to a real entry when planning the next wave.
|
||||
|
||||
Reference in New Issue
Block a user