fix: resolve review #004 findings W1-W4 + close review gate

W1 (call/protocol/abort-cascade-wiring): wire AbortCascade into
CallAdapter handle_stream for EVENT_ABORTED. Cascades with
AbortPolicy::AbortDependents, aborts root, no descendant frames on
wire (ADR-016 Decision 2). Two integration tests added.

W2 (core/endpoint-client-fingerprint): extract TLS client cert
fingerprint in dispatch_quinn (SHA256:<hex> of leaf cert DER via
peer_identity) and dispatch_iroh (ed25519:<hex> of peer NodeId).
Fingerprint format documented in auth.md. Server config change
(with_no_client_auth → request-but-don't-require) deferred to new
follow-up task core/endpoint-request-client-cert.

W3 (vault/mnemonic-debug-redaction): replace Mnemonic derive(Debug)
with manual redacting impl (phrase: "[REDACTED]"). Seed confirmed
no Debug impl. Redaction test added.

W4 (core/auth-apikey-resources): Option B — drop entry.resources from
spec. External identities (token/fingerprint) grant scopes only;
resource-scoped ACLs are composition-internal (ADR-015/022). auth.md
corrected + limitation documented. Two tests confirm empty resources.

review-post-impl-fixes: all 4 verified, workspace green (326 tests,
0 failures, 0 clippy warnings). Review #004 status → resolved.

Graph: 34 tasks, 12 gens.
This commit is contained in:
2026-06-24 11:00:54 +00:00
parent d149932e2a
commit 97216764ea
12 changed files with 492 additions and 32 deletions

View File

@@ -1,7 +1,7 @@
---
id: review-post-impl-fixes
name: Review the four post-implementation sanity-check #004 fixes for spec conformance
status: pending
status: completed
depends_on: [call/protocol/abort-cascade-wiring, core/endpoint-client-fingerprint, vault/mnemonic-debug-redaction, core/auth-apikey-resources]
scope: moderate
risk: low
@@ -93,4 +93,23 @@ check.md`, does not introduce new spec drift, and is adequately tested.
> at the end of a fix batch, with `scope: moderate`, `risk: low`,
> `impact: phase`. It does not need to re-derive the findings — review
> #004 already did that work. It only needs to confirm the fixes land
> correctly and the workspace stays green.
> correctly and the workspace stays green.
## Summary
All four fixes verified against acceptance criteria:
- W1: `handle_stream` handles `EVENT_ABORTED`, cascades with
`AbortDependents`, no descendant frames on wire, root removed, two
integration tests pass.
- W2: both dispatch paths extract fingerprints, format documented in
`auth.md`, no-cert case returns `None` (no regression), server-config
change deferred to `core/endpoint-request-client-cert`.
- W3: `Mnemonic` has manual redacting `Debug`, `Seed` has no `Debug`,
redaction test passes.
- W4: Option B — spec corrected, limitation documented, both resolvers
return empty resources, tests pass.
Workspace green: `cargo build --workspace --all-features` ✓, `cargo test
--workspace --all-features` (326 tests, 0 failures) ✓, `cargo clippy
--workspace --all-features --all-targets` (0 warnings) ✓. Review #004
status updated to `resolved`.