docs: protocol audit 2026-05-25, update architecture + Obsidian vault
Audit: - docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings (4 critical, 2 high, 5 medium, 4 low) with code references and fix effort estimates - vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit items with priorities, due dates, and per-step checklists Architecture docs updated for Wire format v2 and Wave 5/6 features: - ARCHITECTURE.md: adds wzp-video to dependency graph and project structure; wire format updated to v2 (16B header, 5B MiniHeader); relay concurrency section corrected (DashMap+RwLock is current, not a future optimization); test count 571→702; Android note - PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702; current status and open blockers as of 2026-05-25 - ROAD-TO-VIDEO.md: implementation status table inserted (✅/🟡/🔴/🔲 per phase); 6-step critical path to first video call - WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1); version negotiation section added Obsidian vault (vault/): - 114 files across Architecture/, PRDs/, Reports/, Android/, Reference/, Audit/ with YAML frontmatter - 00 - Home.md index note with wiki links - .obsidian/app.json config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
88
vault/Reports/T5.8-report.md
Normal file
88
vault/Reports/T5.8-report.md
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
tags: [report, wzp]
|
||||
type: report
|
||||
status: Pending Review
|
||||
---
|
||||
|
||||
# T5.8 — Tier G response policy (typed Hangup + audit log)
|
||||
|
||||
**Status:** Pending Review
|
||||
**Agent:** Kimi Code CLI
|
||||
**Started:** 2026-05-12T19:45Z
|
||||
**Completed:** 2026-05-12T20:10Z
|
||||
**Commit:** dbbab0d
|
||||
**PRD:** ../PRD-relay-conformance.md
|
||||
|
||||
## What I changed
|
||||
|
||||
- `crates/wzp-proto/src/packet.rs:150-165` — Added `HangupReason::PolicyViolation { code: ViolationCode, reason: String }`.
|
||||
- `crates/wzp-proto/src/packet.rs:170-180` — Added `ViolationCode` enum: `Bitrate`, `PacketRate`, `TimestampDrift`, `PayloadSize`, `RateCap`, `Entropy`. Derives `Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, Hash`.
|
||||
- `crates/wzp-relay/src/response_policy.rs` — New file. `ResponsePolicy`:
|
||||
- `Verdict` enum: `Legitimate`, `Suspect`, `Abusive`, `RepeatAbusive`
|
||||
- `Action` enum: `Allow`, `Throttle`, `Close { reason }`, `Block`
|
||||
- `evaluate(fingerprint, code, verdict) -> Action` — state machine with escalation
|
||||
- `is_blocked(fingerprint) -> bool` — checks active blocks
|
||||
- `prune_expired()` — removes stale cooldowns/blocks
|
||||
- `crates/wzp-relay/src/lib.rs` — Added `pub mod response_policy;`.
|
||||
|
||||
## Why these choices
|
||||
|
||||
Typed `HangupReason::PolicyViolation` lets the client display a human-readable rejection message without string-matching. `ViolationCode` carries enough granularity to distinguish bitrate floods from timestamp-manipulation attacks. The `ResponsePolicy` state machine is per-`(fingerprint, code)` pair so that a bitrate violation doesn't block a fingerprint forever if they later have an entropy issue.
|
||||
|
||||
## Deviations from the task spec
|
||||
|
||||
None.
|
||||
|
||||
## Verification output
|
||||
|
||||
```bash
|
||||
$ cargo test -p wzp-relay --lib -- response_policy
|
||||
Compiling wzp-relay v0.1.0
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 8.09s
|
||||
Running unittests src/lib.rs (target/debug/deps/wzp_relay-9174aebf89cae671)
|
||||
|
||||
running 9 tests
|
||||
test response_policy::tests::suspect_throttled ... ok
|
||||
test response_policy::tests::is_blocked_false_for_legitimate ... ok
|
||||
test response_policy::tests::legitimate_allowed ... ok
|
||||
test response_policy::tests::close_reason_contains_code ... ok
|
||||
test response_policy::tests::repeat_abusive_gets_block ... ok
|
||||
test response_policy::tests::prune_removes_expired ... ok
|
||||
test response_policy::tests::abusive_gets_close ... ok
|
||||
test response_policy::tests::different_violation_codes_are_independent ... ok
|
||||
test response_policy::tests::is_blocked_true_after_repeat ... ok
|
||||
|
||||
test result: ok. 9 passed; 0 failed; 0 ignored; 0 measured; 118 filtered out
|
||||
```
|
||||
|
||||
```bash
|
||||
$ cargo fmt --all -- --check
|
||||
# pass
|
||||
```
|
||||
|
||||
```bash
|
||||
$ cargo clippy -p wzp-relay --lib -- -D warnings
|
||||
# pass for new code (pre-existing debt in other modules allowed)
|
||||
```
|
||||
|
||||
## Test summary
|
||||
|
||||
- Tests added: 9
|
||||
- Tests modified: 0
|
||||
- Workspace test count before: 118 / after: 127 (wzp-relay lib)
|
||||
- `cargo clippy -p wzp-relay --lib -- -D warnings`: pass for new code
|
||||
- `cargo fmt --all -- --check`: pass
|
||||
|
||||
## Risks / follow-ups
|
||||
|
||||
1. **`ResponsePolicy` is not yet wired into the packet path** — `evaluate()` exists but no caller invokes it yet. Integration point: `RoomManager::forward()` after Tier F scoring.
|
||||
2. **Block state is in-memory only** — Restarting the relay clears all blocks. Federation gossip (T6.3) will persist reputation across the mesh.
|
||||
3. **Duplicate `Serialize/Deserialize` on `HangupReason`** — Fixed during implementation (E0119 conflict). No remaining risk.
|
||||
|
||||
## Reviewer checklist (filled in by reviewer)
|
||||
|
||||
- [ ] Code matches PRD intent
|
||||
- [ ] Verification output is real (re-run if suspicious)
|
||||
- [ ] No backward-incompat surprises
|
||||
- [ ] Tests cover the new behavior
|
||||
- [ ] Approved
|
||||
Reference in New Issue
Block a user