Files
alknet/tasks/review-post-impl-fixes.md
glm-5.2 d149932e2a tasks: decompose review #004 findings into 4 fix tasks + review gate
W1 (call/protocol/abort-cascade-wiring): wire AbortCascade into CallAdapter
handle_stream for EVENT_ABORTED. W2 (core/endpoint-client-fingerprint):
extract TLS client cert fingerprint in dispatch_quinn/dispatch_iroh.
W3 (vault/mnemonic-debug-redaction): replace Mnemonic derive(Debug) with
redacting impl. W4 (core/auth-apikey-resources, level: research): decide
whether ApiKeyEntry should carry resources, then implement or drop from
spec. review-post-impl-fixes gates on all four. Graph: 33 tasks, 12 gens.
2026-06-24 10:02:03 +00:00

4.1 KiB
Raw Blame History

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
review-post-impl-fixes Review the four post-implementation sanity-check pending
call/protocol/abort-cascade-wiring
core/endpoint-client-fingerprint
vault/mnemonic-debug-redaction
core/auth-apikey-resources
moderate low phase review

Description

Review the four fixes produced from review #004's findings (W1W4) before they are considered closed. Confirm each fix matches the resolution described in docs/reviews/004-post-implementation-sanity- check.md, does not introduce new spec drift, and is adequately tested.

Per-fix review checklist

W1 — call/protocol/abort-cascade-wiring:

  • CallAdapter::handle_stream handles EVENT_ABORTED (not just EVENT_REQUESTED).
  • Cascade uses AbortPolicy::AbortDependents (the wire caller does not choose the policy — ADR-016 Decision 6).
  • No call.aborted frames are sent back to the wire for descendant IDs (ADR-016 Decision 2: server-side cascade; composed child request_ids are internal).
  • Root entry is also removed (cascade_abort skips the root by design).
  • Integration test exercises the full path: inbound abort frame → PendingRequestMap entries gone for parent + child.

W2 — core/endpoint-client-fingerprint:

  • dispatch_quinn and dispatch_iroh extract a fingerprint when one is presented (not hard-coded None).
  • AuthContext.identity is populated via resolve_from_fingerprint when the fingerprint resolves.
  • Fingerprint string format is documented in auth.md and consistent with AuthPolicy::authorized_fingerprints.
  • No regression: no-client-cert case still produces tls_client_fingerprint: None and identity: None.
  • Server-config decision (request-but-don't-require vs. no-client-auth) is documented.

W3 — vault/mnemonic-debug-redaction:

  • Mnemonic has a manual redacting Debug impl; #[derive(Debug)] is gone.
  • format!("{:?}", mnemonic) does not contain any phrase word.
  • Seed checked — no Debug impl leaks bytes.

W4 — core/auth-apikey-resources:

  • Decision (Option A or B) is documented in auth.md or a new ADR.
  • Implementation (if any) matches the decision.
  • auth.md:153 no longer references entry.resources if Option B was chosen; or ApiKeyEntry.resources exists and is populated if Option A was chosen.
  • Test covers the chosen behavior.

Cross-cutting checks

  • cargo build --workspace --all-features succeeds.
  • cargo test --workspace --all-features succeeds (no regressions).
  • cargo clippy --workspace --all-features --all-targets clean.
  • No new spec/code drift introduced (reconcile any spec text touched against the implementation).
  • Update docs/reviews/004-post-implementation-sanity-check.md's status from open to resolved once all four findings are confirmed fixed.

Acceptance Criteria

  • W1 fix confirmed: inbound call.aborted cascades to descendants
  • W2 fix confirmed: endpoint extracts TLS client fingerprint
  • W3 fix confirmed: Mnemonic Debug redacts the phrase
  • W4 fix confirmed: ApiKeyEntry.resources reconciled with spec (or spec corrected)
  • cargo build --workspace --all-features succeeds
  • cargo test --workspace --all-features succeeds
  • cargo clippy --workspace --all-features --all-targets succeeds with no warnings
  • Review #004 status updated to resolved in its frontmatter

References

  • docs/reviews/004-post-implementation-sanity-check.md — the review being closed
  • tasks/call/protocol/abort-cascade-wiring.md — W1 fix task
  • tasks/core/endpoint-client-fingerprint.md — W2 fix task
  • tasks/vault/mnemonic-debug-redaction.md — W3 fix task
  • tasks/core/auth-apikey-resources.md — W4 fix task

Notes

This review task mirrors the pattern of vault/review-vault-sync, core/review-core, and call/review-call: a level: review gate at the end of a fix batch, with scope: moderate, risk: low, impact: phase. It does not need to re-derive the findings — review #004 already did that work. It only needs to confirm the fixes land correctly and the workspace stays green.