fix: resolve review #004 findings W1-W4 + close review gate
W1 (call/protocol/abort-cascade-wiring): wire AbortCascade into CallAdapter handle_stream for EVENT_ABORTED. Cascades with AbortPolicy::AbortDependents, aborts root, no descendant frames on wire (ADR-016 Decision 2). Two integration tests added. W2 (core/endpoint-client-fingerprint): extract TLS client cert fingerprint in dispatch_quinn (SHA256:<hex> of leaf cert DER via peer_identity) and dispatch_iroh (ed25519:<hex> of peer NodeId). Fingerprint format documented in auth.md. Server config change (with_no_client_auth → request-but-don't-require) deferred to new follow-up task core/endpoint-request-client-cert. W3 (vault/mnemonic-debug-redaction): replace Mnemonic derive(Debug) with manual redacting impl (phrase: "[REDACTED]"). Seed confirmed no Debug impl. Redaction test added. W4 (core/auth-apikey-resources): Option B — drop entry.resources from spec. External identities (token/fingerprint) grant scopes only; resource-scoped ACLs are composition-internal (ADR-015/022). auth.md corrected + limitation documented. Two tests confirm empty resources. review-post-impl-fixes: all 4 verified, workspace green (326 tests, 0 failures, 0 clippy warnings). Review #004 status → resolved. Graph: 34 tasks, 12 gens.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
---
|
||||
id: core/auth-apikey-resources
|
||||
name: Reconcile ApiKeyEntry.resources — add field to type and populate in resolve_api_key, or drop from spec
|
||||
status: pending
|
||||
status: completed
|
||||
depends_on: []
|
||||
scope: narrow
|
||||
risk: low
|
||||
@@ -114,4 +114,17 @@ applied to handler-internal composition identities
|
||||
> decision first, then implement. If the decision is A and the
|
||||
> implementation is more than ~30 lines, split a follow-up
|
||||
> `level: implementation` task (`core/auth-apikey-resources-impl`)
|
||||
> depending on this one.
|
||||
> depending on this one.
|
||||
|
||||
## Summary
|
||||
|
||||
Decision: **Option B** — dropped `entry.resources` from the spec.
|
||||
Rationale: `Identity.resources` is populated only by
|
||||
`CompositionAuthority::as_identity` (the composition path, ADR-015/022).
|
||||
All architecture examples use scope-based ACLs for external identities
|
||||
(`fs:read`, `vastai:query`, `llm:call`). Adding a second
|
||||
resource-population path for API keys would muddy the external/internal
|
||||
separation without a demonstrated downstream need. `auth.md:153`
|
||||
corrected to `resources: {}`; documented limitation added. Two tests
|
||||
confirm both `resolve_api_key` and `resolve_identity_from_fingerprint`
|
||||
return empty resources. `cargo test -p alknet-core` and clippy clean.
|
||||
Reference in New Issue
Block a user