W1 (call/protocol/abort-cascade-wiring): wire AbortCascade into CallAdapter handle_stream for EVENT_ABORTED. W2 (core/endpoint-client-fingerprint): extract TLS client cert fingerprint in dispatch_quinn/dispatch_iroh. W3 (vault/mnemonic-debug-redaction): replace Mnemonic derive(Debug) with redacting impl. W4 (core/auth-apikey-resources, level: research): decide whether ApiKeyEntry should carry resources, then implement or drop from spec. review-post-impl-fixes gates on all four. Graph: 33 tasks, 12 gens.
4.1 KiB
id, name, status, depends_on, scope, risk, impact, level
| id | name | status | depends_on | scope | risk | impact | level | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| review-post-impl-fixes | Review the four post-implementation sanity-check | pending |
|
moderate | low | phase | review |
Description
Review the four fixes produced from review #004's findings (W1–W4)
before they are considered closed. Confirm each fix matches the
resolution described in docs/reviews/004-post-implementation-sanity- check.md, does not introduce new spec drift, and is adequately tested.
Per-fix review checklist
W1 — call/protocol/abort-cascade-wiring:
CallAdapter::handle_streamhandlesEVENT_ABORTED(not justEVENT_REQUESTED).- Cascade uses
AbortPolicy::AbortDependents(the wire caller does not choose the policy — ADR-016 Decision 6). - No
call.abortedframes are sent back to the wire for descendant IDs (ADR-016 Decision 2: server-side cascade; composed child request_ids are internal). - Root entry is also removed (cascade_abort skips the root by design).
- Integration test exercises the full path: inbound abort frame →
PendingRequestMapentries gone for parent + child.
W2 — core/endpoint-client-fingerprint:
dispatch_quinnanddispatch_irohextract a fingerprint when one is presented (not hard-codedNone).AuthContext.identityis populated viaresolve_from_fingerprintwhen the fingerprint resolves.- Fingerprint string format is documented in
auth.mdand consistent withAuthPolicy::authorized_fingerprints. - No regression: no-client-cert case still produces
tls_client_fingerprint: Noneandidentity: None. - Server-config decision (request-but-don't-require vs. no-client-auth) is documented.
W3 — vault/mnemonic-debug-redaction:
Mnemonichas a manual redactingDebugimpl;#[derive(Debug)]is gone.format!("{:?}", mnemonic)does not contain any phrase word.Seedchecked — noDebugimpl leaksbytes.
W4 — core/auth-apikey-resources:
- Decision (Option A or B) is documented in
auth.mdor a new ADR. - Implementation (if any) matches the decision.
auth.md:153no longer referencesentry.resourcesif Option B was chosen; orApiKeyEntry.resourcesexists and is populated if Option A was chosen.- Test covers the chosen behavior.
Cross-cutting checks
cargo build --workspace --all-featuressucceeds.cargo test --workspace --all-featuressucceeds (no regressions).cargo clippy --workspace --all-features --all-targetsclean.- No new spec/code drift introduced (reconcile any spec text touched against the implementation).
- Update
docs/reviews/004-post-implementation-sanity-check.md's status fromopentoresolvedonce all four findings are confirmed fixed.
Acceptance Criteria
- W1 fix confirmed: inbound
call.abortedcascades to descendants - W2 fix confirmed: endpoint extracts TLS client fingerprint
- W3 fix confirmed:
MnemonicDebugredacts the phrase - W4 fix confirmed:
ApiKeyEntry.resourcesreconciled with spec (or spec corrected) cargo build --workspace --all-featuressucceedscargo test --workspace --all-featuressucceedscargo clippy --workspace --all-features --all-targetssucceeds with no warnings- Review #004 status updated to
resolvedin its frontmatter
References
- docs/reviews/004-post-implementation-sanity-check.md — the review being closed
- tasks/call/protocol/abort-cascade-wiring.md — W1 fix task
- tasks/core/endpoint-client-fingerprint.md — W2 fix task
- tasks/vault/mnemonic-debug-redaction.md — W3 fix task
- tasks/core/auth-apikey-resources.md — W4 fix task
Notes
This review task mirrors the pattern of
vault/review-vault-sync,core/review-core, andcall/review-call: alevel: reviewgate at the end of a fix batch, withscope: moderate,risk: low,impact: phase. It does not need to re-derive the findings — review #004 already did that work. It only needs to confirm the fixes land correctly and the workspace stays green.