Audit: - docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings (4 critical, 2 high, 5 medium, 4 low) with code references and fix effort estimates - vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit items with priorities, due dates, and per-step checklists Architecture docs updated for Wire format v2 and Wave 5/6 features: - ARCHITECTURE.md: adds wzp-video to dependency graph and project structure; wire format updated to v2 (16B header, 5B MiniHeader); relay concurrency section corrected (DashMap+RwLock is current, not a future optimization); test count 571→702; Android note - PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702; current status and open blockers as of 2026-05-25 - ROAD-TO-VIDEO.md: implementation status table inserted (✅/🟡/🔴/🔲 per phase); 6-step critical path to first video call - WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1); version negotiation section added Obsidian vault (vault/): - 114 files across Architecture/, PRDs/, Reports/, Android/, Reference/, Audit/ with YAML frontmatter - 00 - Home.md index note with wiki links - .obsidian/app.json config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.6 KiB
3.6 KiB
tags, type, status
| tags | type | status | ||
|---|---|---|---|---|
|
report | Pending Review |
T5.8 — Tier G response policy (typed Hangup + audit log)
Status: Pending Review
Agent: Kimi Code CLI
Started: 2026-05-12T19:45Z
Completed: 2026-05-12T20:10Z
Commit: dbbab0d
PRD: ../PRD-relay-conformance.md
What I changed
crates/wzp-proto/src/packet.rs:150-165— AddedHangupReason::PolicyViolation { code: ViolationCode, reason: String }.crates/wzp-proto/src/packet.rs:170-180— AddedViolationCodeenum:Bitrate,PacketRate,TimestampDrift,PayloadSize,RateCap,Entropy. DerivesSerialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, Hash.crates/wzp-relay/src/response_policy.rs— New file.ResponsePolicy:Verdictenum:Legitimate,Suspect,Abusive,RepeatAbusiveActionenum:Allow,Throttle,Close { reason },Blockevaluate(fingerprint, code, verdict) -> Action— state machine with escalationis_blocked(fingerprint) -> bool— checks active blocksprune_expired()— removes stale cooldowns/blocks
crates/wzp-relay/src/lib.rs— Addedpub mod response_policy;.
Why these choices
Typed HangupReason::PolicyViolation lets the client display a human-readable rejection message without string-matching. ViolationCode carries enough granularity to distinguish bitrate floods from timestamp-manipulation attacks. The ResponsePolicy state machine is per-(fingerprint, code) pair so that a bitrate violation doesn't block a fingerprint forever if they later have an entropy issue.
Deviations from the task spec
None.
Verification output
$ cargo test -p wzp-relay --lib -- response_policy
Compiling wzp-relay v0.1.0
Finished `test` profile [unoptimized + debuginfo] target(s) in 8.09s
Running unittests src/lib.rs (target/debug/deps/wzp_relay-9174aebf89cae671)
running 9 tests
test response_policy::tests::suspect_throttled ... ok
test response_policy::tests::is_blocked_false_for_legitimate ... ok
test response_policy::tests::legitimate_allowed ... ok
test response_policy::tests::close_reason_contains_code ... ok
test response_policy::tests::repeat_abusive_gets_block ... ok
test response_policy::tests::prune_removes_expired ... ok
test response_policy::tests::abusive_gets_close ... ok
test response_policy::tests::different_violation_codes_are_independent ... ok
test response_policy::tests::is_blocked_true_after_repeat ... ok
test result: ok. 9 passed; 0 failed; 0 ignored; 0 measured; 118 filtered out
$ cargo fmt --all -- --check
# pass
$ cargo clippy -p wzp-relay --lib -- -D warnings
# pass for new code (pre-existing debt in other modules allowed)
Test summary
- Tests added: 9
- Tests modified: 0
- Workspace test count before: 118 / after: 127 (wzp-relay lib)
cargo clippy -p wzp-relay --lib -- -D warnings: pass for new codecargo fmt --all -- --check: pass
Risks / follow-ups
ResponsePolicyis not yet wired into the packet path —evaluate()exists but no caller invokes it yet. Integration point:RoomManager::forward()after Tier F scoring.- Block state is in-memory only — Restarting the relay clears all blocks. Federation gossip (T6.3) will persist reputation across the mesh.
- Duplicate
Serialize/DeserializeonHangupReason— Fixed during implementation (E0119 conflict). No remaining risk.
Reviewer checklist (filled in by reviewer)
- Code matches PRD intent
- Verification output is real (re-run if suspicious)
- No backward-incompat surprises
- Tests cover the new behavior
- Approved