Files
wz-phone/vault/Reports/T2.5-report.md
Siavash Sameni ed8a7ae5aa docs: protocol audit 2026-05-25, update architecture + Obsidian vault
Audit:
- docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings
  (4 critical, 2 high, 5 medium, 4 low) with code references and fix
  effort estimates
- vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit
  items with priorities, due dates, and per-step checklists

Architecture docs updated for Wire format v2 and Wave 5/6 features:
- ARCHITECTURE.md: adds wzp-video to dependency graph and project
  structure; wire format updated to v2 (16B header, 5B MiniHeader);
  relay concurrency section corrected (DashMap+RwLock is current, not
  a future optimization); test count 571→702; Android note
- PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702;
  current status and open blockers as of 2026-05-25
- ROAD-TO-VIDEO.md: implementation status table inserted (/🟡/🔴/🔲
  per phase); 6-step critical path to first video call
- WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader
  updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1);
  version negotiation section added

Obsidian vault (vault/):
- 114 files across Architecture/, PRDs/, Reports/, Android/,
  Reference/, Audit/ with YAML frontmatter
- 00 - Home.md index note with wiki links
- .obsidian/app.json config

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 06:00:17 +04:00

3.2 KiB
Raw Permalink Blame History

tags, type, status
tags type status
report
wzp
report Pending Review

T2.5 — Tier B (packet-rate) + Tier C (timestamp drift)

Status: Pending Review Agent: Kimi Code CLI Started: 2026-05-11T17:35Z Completed: 2026-05-11T17:45Z Commit: 846c98e PRD: ../PRD-relay-conformance.md

What I changed

  • crates/wzp-relay/src/conformance.rs — Extended ConformanceMeter:
    • Added max_pps(codec: CodecId) -> u32: 1000 / frame_duration_ms * 3.
    • Tier B check in observe(): packets_in_window > max_pps * 1.5PacketRateExceeded.
    • Added rolling 200-packet VecDeque<(seq, timestamp)> for drift tracking.
    • Tier C check: computes Δtimestamp / Δseq over the window; if outside frame_duration_ms × [0.5, 2.0], returns TimestampDrift.
    • Handles u32 wraparound via wrapping_sub.

Why these choices

The * 3 factor on packet rate mirrors the FEC overhead used in Tier A's bitrate ceiling. The 1.5× multiplier on max_pps provides headroom for burstiness.

For timestamp drift, a 200-packet window (~4-8 seconds of audio) gives a stable average while still reacting within a reasonable timeframe. The [0.5, 2.0] bounds catch both timestamp acceleration (cheating/fast-forward) and deceleration (stalling/replay).

Deviations from the task spec

None.

Verification output

$ cargo test -p wzp-relay conformance
running 10 tests
test conformance::tests::bitrate_exceeded_for_opus24k ... ok
test conformance::tests::ceiling_bps_floor ... ok
test conformance::tests::packet_rate_exceeded ... ok
test conformance::tests::packet_rate_within_limit ... ok
test conformance::tests::small_packets_stay_within_ceiling ... ok
test conformance::tests::timestamp_drift_detected_when_too_fast ... ok
test conformance::tests::timestamp_drift_detected_when_too_slow ... ok
test conformance::tests::timestamp_drift_not_checked_before_two_packets ... ok
test conformance::tests::timestamp_normal_no_drift ... ok
test conformance::tests::window_resets_after_one_second ... ok

test result: ok. 10 passed; 0 failed; 0 ignored; 0 measured; 76 filtered out; finished in 0.00s

Test summary

  • Tests added: 6
    • packet_rate_exceeded — 226 packets at Opus24k threshold trips PacketRateExceeded
    • packet_rate_within_limit — 112 packets at Opus6k threshold stays within limit
    • timestamp_drift_detected_when_too_fast — 5ms/packet (below 10ms min) triggers drift
    • timestamp_drift_detected_when_too_slow — 50ms/packet (above 40ms max) triggers drift
    • timestamp_normal_no_drift — 200 packets at exactly 20ms/packet all pass
    • timestamp_drift_not_checked_before_two_packets — single packet never triggers
  • Tests modified: 0
  • wzp-relay test count: 86 (unchanged from T2.4; conformance tests expanded from 4 to 10)
  • cargo clippy -p wzp-relay --lib: pass
  • cargo fmt --all -- --check: pass

Risks / follow-ups

  • Timestamp drift uses u32 wrapping arithmetic. In practice, timestamps wrap after ~49 days of session uptime — the 200-packet window makes wraparound extremely unlikely, but the code handles it correctly.

Reviewer checklist (filled in by reviewer)

  • Code matches PRD intent
  • Verification output is real
  • No backward-incompat surprises
  • Tests cover the new behavior
  • Approved