Files
wz-phone/vault/Reports/T2.5-report.md
Siavash Sameni ed8a7ae5aa docs: protocol audit 2026-05-25, update architecture + Obsidian vault
Audit:
- docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings
  (4 critical, 2 high, 5 medium, 4 low) with code references and fix
  effort estimates
- vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit
  items with priorities, due dates, and per-step checklists

Architecture docs updated for Wire format v2 and Wave 5/6 features:
- ARCHITECTURE.md: adds wzp-video to dependency graph and project
  structure; wire format updated to v2 (16B header, 5B MiniHeader);
  relay concurrency section corrected (DashMap+RwLock is current, not
  a future optimization); test count 571→702; Android note
- PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702;
  current status and open blockers as of 2026-05-25
- ROAD-TO-VIDEO.md: implementation status table inserted (/🟡/🔴/🔲
  per phase); 6-step critical path to first video call
- WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader
  updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1);
  version negotiation section added

Obsidian vault (vault/):
- 114 files across Architecture/, PRDs/, Reports/, Android/,
  Reference/, Audit/ with YAML frontmatter
- 00 - Home.md index note with wiki links
- .obsidian/app.json config

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 06:00:17 +04:00

79 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
tags: [report, wzp]
type: report
status: Pending Review
---
# T2.5 — Tier B (packet-rate) + Tier C (timestamp drift)
**Status:** Pending Review
**Agent:** Kimi Code CLI
**Started:** 2026-05-11T17:35Z
**Completed:** 2026-05-11T17:45Z
**Commit:** 846c98e
**PRD:** ../PRD-relay-conformance.md
## What I changed
- `crates/wzp-relay/src/conformance.rs` — Extended `ConformanceMeter`:
- Added `max_pps(codec: CodecId) -> u32`: `1000 / frame_duration_ms * 3`.
- Tier B check in `observe()`: `packets_in_window > max_pps * 1.5``PacketRateExceeded`.
- Added rolling 200-packet `VecDeque<(seq, timestamp)>` for drift tracking.
- Tier C check: computes `Δtimestamp / Δseq` over the window; if outside `frame_duration_ms × [0.5, 2.0]`, returns `TimestampDrift`.
- Handles `u32` wraparound via `wrapping_sub`.
## Why these choices
The `* 3` factor on packet rate mirrors the FEC overhead used in Tier A's bitrate ceiling. The 1.5× multiplier on `max_pps` provides headroom for burstiness.
For timestamp drift, a 200-packet window (~4-8 seconds of audio) gives a stable average while still reacting within a reasonable timeframe. The `[0.5, 2.0]` bounds catch both timestamp acceleration (cheating/fast-forward) and deceleration (stalling/replay).
## Deviations from the task spec
None.
## Verification output
```bash
$ cargo test -p wzp-relay conformance
running 10 tests
test conformance::tests::bitrate_exceeded_for_opus24k ... ok
test conformance::tests::ceiling_bps_floor ... ok
test conformance::tests::packet_rate_exceeded ... ok
test conformance::tests::packet_rate_within_limit ... ok
test conformance::tests::small_packets_stay_within_ceiling ... ok
test conformance::tests::timestamp_drift_detected_when_too_fast ... ok
test conformance::tests::timestamp_drift_detected_when_too_slow ... ok
test conformance::tests::timestamp_drift_not_checked_before_two_packets ... ok
test conformance::tests::timestamp_normal_no_drift ... ok
test conformance::tests::window_resets_after_one_second ... ok
test result: ok. 10 passed; 0 failed; 0 ignored; 0 measured; 76 filtered out; finished in 0.00s
```
## Test summary
- Tests added: 6
- `packet_rate_exceeded` — 226 packets at Opus24k threshold trips `PacketRateExceeded`
- `packet_rate_within_limit` — 112 packets at Opus6k threshold stays within limit
- `timestamp_drift_detected_when_too_fast` — 5ms/packet (below 10ms min) triggers drift
- `timestamp_drift_detected_when_too_slow` — 50ms/packet (above 40ms max) triggers drift
- `timestamp_normal_no_drift` — 200 packets at exactly 20ms/packet all pass
- `timestamp_drift_not_checked_before_two_packets` — single packet never triggers
- Tests modified: 0
- `wzp-relay` test count: 86 (unchanged from T2.4; conformance tests expanded from 4 to 10)
- `cargo clippy -p wzp-relay --lib`: pass
- `cargo fmt --all -- --check`: pass
## Risks / follow-ups
- Timestamp drift uses `u32` wrapping arithmetic. In practice, timestamps wrap after ~49 days of session uptime — the 200-packet window makes wraparound extremely unlikely, but the code handles it correctly.
## Reviewer checklist (filled in by reviewer)
- [ ] Code matches PRD intent
- [ ] Verification output is real
- [ ] No backward-incompat surprises
- [ ] Tests cover the new behavior
- [ ] Approved