T2.3-T2.6: BWE guard, relay conformance Tier A/B/C, Prometheus metrics
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
# T1.8 — Per-stream anti-replay window with configurable size
|
||||
|
||||
**Status:** Pending Review
|
||||
**Status:** Approved
|
||||
**Agent:** Kimi Code CLI
|
||||
**Started:** 2026-05-11T16:41Z
|
||||
**Completed:** 2026-05-11T16:59Z
|
||||
@@ -86,8 +86,29 @@ test result: ok. 69 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; fin
|
||||
|
||||
## Reviewer checklist (filled in by reviewer)
|
||||
|
||||
- [ ] Code matches PRD intent
|
||||
- [ ] Verification output is real (re-run if suspicious)
|
||||
- [ ] No backward-incompat surprises
|
||||
- [ ] Tests cover the new behavior
|
||||
- [ ] Approved
|
||||
- [x] Code matches PRD intent — per-stream + per-MediaType windows, configurable sizes, u32 seq width
|
||||
- [x] Verification output is real — re-ran `cargo test -p wzp-crypto anti_replay` (12 pass) and full `cargo test -p wzp-crypto` (69 pass); clippy clean on `wzp-proto` + `wzp-crypto`
|
||||
- [x] No backward-incompat surprises — non-v2 header bytes gracefully skip anti-replay (legacy tests unaffected)
|
||||
- [x] Tests cover the new behavior — including the exact W11 scenario (`video_burst_200_with_one_reorder`)
|
||||
- [x] Approved
|
||||
|
||||
### Reviewer notes (2026-05-11)
|
||||
|
||||
Approved. Resolves audit W11 cleanly.
|
||||
|
||||
**What's right:**
|
||||
|
||||
- **Order of operations is correct:** AEAD decryption first, anti-replay second. Forged replays still fail the MAC and never reach the window. Only authentic replays get rejected.
|
||||
- **Plaintext rollback on replay** (`out.truncate(out.len() - plaintext_len)`) means callers never see replayed plaintext. Security detail worth flagging.
|
||||
- **Per-MediaType defaults match the spec exactly:** Audio=64, Video=1024, Data=256, Control=32.
|
||||
- **Rekey behavior is intentional:** the agent does NOT clear `anti_replay` on rekey, reasoning that replay protection is stream-scoped, not key-scoped. I agree with the choice.
|
||||
|
||||
**Honest risks the agent flagged:**
|
||||
|
||||
1. `ChaChaSession::decrypt` nonce derivation still uses a monotonic `recv_seq` counter, so out-of-order packets fail AEAD before reaching anti-replay. Anti-replay is mostly defensive today since reordering already breaks decryption upstream. A future task should switch nonce derivation to use `MediaHeader::seq` directly — that unlocks real out-of-order tolerance. Pre-existing limitation, not introduced by T1.8.
|
||||
2. No production media-encryption path yet — same caveat as T1.7. Anti-replay activates when encryption gets wired up.
|
||||
|
||||
**Two architectural observations (no follow-ups):**
|
||||
|
||||
- `parse_header` is a free function in `session.rs`; could naturally be a method on `MediaHeader`. Minor; the underlying `read_from` is used correctly.
|
||||
- The `default_window_for_media_type` size matrix lives inside `wzp-crypto`. Architecturally it might fit better next to `MediaType` in `wzp-proto`, but that's a refactor call, not a blocker.
|
||||
|
||||
Reference in New Issue
Block a user