docs: add T5.1.1–T5.8 reports and update status board to Pending Review
This commit is contained in:
82
docs/PRD/reports/T5.8-report.md
Normal file
82
docs/PRD/reports/T5.8-report.md
Normal file
@@ -0,0 +1,82 @@
|
||||
# T5.8 — Tier G response policy (typed Hangup + audit log)
|
||||
|
||||
**Status:** Pending Review
|
||||
**Agent:** Kimi Code CLI
|
||||
**Started:** 2026-05-12T19:45Z
|
||||
**Completed:** 2026-05-12T20:10Z
|
||||
**Commit:** dbbab0d
|
||||
**PRD:** ../PRD-relay-conformance.md
|
||||
|
||||
## What I changed
|
||||
|
||||
- `crates/wzp-proto/src/packet.rs:150-165` — Added `HangupReason::PolicyViolation { code: ViolationCode, reason: String }`.
|
||||
- `crates/wzp-proto/src/packet.rs:170-180` — Added `ViolationCode` enum: `Bitrate`, `PacketRate`, `TimestampDrift`, `PayloadSize`, `RateCap`, `Entropy`. Derives `Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, Hash`.
|
||||
- `crates/wzp-relay/src/response_policy.rs` — New file. `ResponsePolicy`:
|
||||
- `Verdict` enum: `Legitimate`, `Suspect`, `Abusive`, `RepeatAbusive`
|
||||
- `Action` enum: `Allow`, `Throttle`, `Close { reason }`, `Block`
|
||||
- `evaluate(fingerprint, code, verdict) -> Action` — state machine with escalation
|
||||
- `is_blocked(fingerprint) -> bool` — checks active blocks
|
||||
- `prune_expired()` — removes stale cooldowns/blocks
|
||||
- `crates/wzp-relay/src/lib.rs` — Added `pub mod response_policy;`.
|
||||
|
||||
## Why these choices
|
||||
|
||||
Typed `HangupReason::PolicyViolation` lets the client display a human-readable rejection message without string-matching. `ViolationCode` carries enough granularity to distinguish bitrate floods from timestamp-manipulation attacks. The `ResponsePolicy` state machine is per-`(fingerprint, code)` pair so that a bitrate violation doesn't block a fingerprint forever if they later have an entropy issue.
|
||||
|
||||
## Deviations from the task spec
|
||||
|
||||
None.
|
||||
|
||||
## Verification output
|
||||
|
||||
```bash
|
||||
$ cargo test -p wzp-relay --lib -- response_policy
|
||||
Compiling wzp-relay v0.1.0
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 8.09s
|
||||
Running unittests src/lib.rs (target/debug/deps/wzp_relay-9174aebf89cae671)
|
||||
|
||||
running 9 tests
|
||||
test response_policy::tests::suspect_throttled ... ok
|
||||
test response_policy::tests::is_blocked_false_for_legitimate ... ok
|
||||
test response_policy::tests::legitimate_allowed ... ok
|
||||
test response_policy::tests::close_reason_contains_code ... ok
|
||||
test response_policy::tests::repeat_abusive_gets_block ... ok
|
||||
test response_policy::tests::prune_removes_expired ... ok
|
||||
test response_policy::tests::abusive_gets_close ... ok
|
||||
test response_policy::tests::different_violation_codes_are_independent ... ok
|
||||
test response_policy::tests::is_blocked_true_after_repeat ... ok
|
||||
|
||||
test result: ok. 9 passed; 0 failed; 0 ignored; 0 measured; 118 filtered out
|
||||
```
|
||||
|
||||
```bash
|
||||
$ cargo fmt --all -- --check
|
||||
# pass
|
||||
```
|
||||
|
||||
```bash
|
||||
$ cargo clippy -p wzp-relay --lib -- -D warnings
|
||||
# pass for new code (pre-existing debt in other modules allowed)
|
||||
```
|
||||
|
||||
## Test summary
|
||||
|
||||
- Tests added: 9
|
||||
- Tests modified: 0
|
||||
- Workspace test count before: 118 / after: 127 (wzp-relay lib)
|
||||
- `cargo clippy -p wzp-relay --lib -- -D warnings`: pass for new code
|
||||
- `cargo fmt --all -- --check`: pass
|
||||
|
||||
## Risks / follow-ups
|
||||
|
||||
1. **`ResponsePolicy` is not yet wired into the packet path** — `evaluate()` exists but no caller invokes it yet. Integration point: `RoomManager::forward()` after Tier F scoring.
|
||||
2. **Block state is in-memory only** — Restarting the relay clears all blocks. Federation gossip (T6.3) will persist reputation across the mesh.
|
||||
3. **Duplicate `Serialize/Deserialize` on `HangupReason`** — Fixed during implementation (E0119 conflict). No remaining risk.
|
||||
|
||||
## Reviewer checklist (filled in by reviewer)
|
||||
|
||||
- [ ] Code matches PRD intent
|
||||
- [ ] Verification output is real (re-run if suspicious)
|
||||
- [ ] No backward-incompat surprises
|
||||
- [ ] Tests cover the new behavior
|
||||
- [ ] Approved
|
||||
Reference in New Issue
Block a user