Files
alknet/tasks/review-post-impl-fixes.md
glm-5.2 d149932e2a tasks: decompose review #004 findings into 4 fix tasks + review gate
W1 (call/protocol/abort-cascade-wiring): wire AbortCascade into CallAdapter
handle_stream for EVENT_ABORTED. W2 (core/endpoint-client-fingerprint):
extract TLS client cert fingerprint in dispatch_quinn/dispatch_iroh.
W3 (vault/mnemonic-debug-redaction): replace Mnemonic derive(Debug) with
redacting impl. W4 (core/auth-apikey-resources, level: research): decide
whether ApiKeyEntry should carry resources, then implement or drop from
spec. review-post-impl-fixes gates on all four. Graph: 33 tasks, 12 gens.
2026-06-24 10:02:03 +00:00

96 lines
4.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
id: review-post-impl-fixes
name: Review the four post-implementation sanity-check #004 fixes for spec conformance
status: pending
depends_on: [call/protocol/abort-cascade-wiring, core/endpoint-client-fingerprint, vault/mnemonic-debug-redaction, core/auth-apikey-resources]
scope: moderate
risk: low
impact: phase
level: review
---
## Description
Review the four fixes produced from review #004's findings (W1W4)
before they are considered closed. Confirm each fix matches the
resolution described in `docs/reviews/004-post-implementation-sanity-
check.md`, does not introduce new spec drift, and is adequately tested.
### Per-fix review checklist
**W1 — `call/protocol/abort-cascade-wiring`**:
- `CallAdapter::handle_stream` handles `EVENT_ABORTED` (not just
`EVENT_REQUESTED`).
- Cascade uses `AbortPolicy::AbortDependents` (the wire caller does not
choose the policy — ADR-016 Decision 6).
- No `call.aborted` frames are sent back to the wire for descendant IDs
(ADR-016 Decision 2: server-side cascade; composed child request_ids
are internal).
- Root entry is also removed (cascade_abort skips the root by design).
- Integration test exercises the full path: inbound abort frame →
`PendingRequestMap` entries gone for parent + child.
**W2 — `core/endpoint-client-fingerprint`**:
- `dispatch_quinn` and `dispatch_iroh` extract a fingerprint when one
is presented (not hard-coded `None`).
- `AuthContext.identity` is populated via `resolve_from_fingerprint`
when the fingerprint resolves.
- Fingerprint string format is documented in `auth.md` and consistent
with `AuthPolicy::authorized_fingerprints`.
- No regression: no-client-cert case still produces
`tls_client_fingerprint: None` and `identity: None`.
- Server-config decision (request-but-don't-require vs. no-client-auth)
is documented.
**W3 — `vault/mnemonic-debug-redaction`**:
- `Mnemonic` has a manual redacting `Debug` impl; `#[derive(Debug)]`
is gone.
- `format!("{:?}", mnemonic)` does not contain any phrase word.
- `Seed` checked — no `Debug` impl leaks `bytes`.
**W4 — `core/auth-apikey-resources`**:
- Decision (Option A or B) is documented in `auth.md` or a new ADR.
- Implementation (if any) matches the decision.
- `auth.md:153` no longer references `entry.resources` if Option B was
chosen; or `ApiKeyEntry.resources` exists and is populated if Option
A was chosen.
- Test covers the chosen behavior.
### Cross-cutting checks
- `cargo build --workspace --all-features` succeeds.
- `cargo test --workspace --all-features` succeeds (no regressions).
- `cargo clippy --workspace --all-features --all-targets` clean.
- No new spec/code drift introduced (reconcile any spec text touched
against the implementation).
- Update `docs/reviews/004-post-implementation-sanity-check.md`'s
status from `open` to `resolved` once all four findings are confirmed
fixed.
## Acceptance Criteria
- [ ] W1 fix confirmed: inbound `call.aborted` cascades to descendants
- [ ] W2 fix confirmed: endpoint extracts TLS client fingerprint
- [ ] W3 fix confirmed: `Mnemonic` `Debug` redacts the phrase
- [ ] W4 fix confirmed: `ApiKeyEntry.resources` reconciled with spec (or spec corrected)
- [ ] `cargo build --workspace --all-features` succeeds
- [ ] `cargo test --workspace --all-features` succeeds
- [ ] `cargo clippy --workspace --all-features --all-targets` succeeds with no warnings
- [ ] Review #004 status updated to `resolved` in its frontmatter
## References
- docs/reviews/004-post-implementation-sanity-check.md — the review being closed
- tasks/call/protocol/abort-cascade-wiring.md — W1 fix task
- tasks/core/endpoint-client-fingerprint.md — W2 fix task
- tasks/vault/mnemonic-debug-redaction.md — W3 fix task
- tasks/core/auth-apikey-resources.md — W4 fix task
## Notes
> This review task mirrors the pattern of `vault/review-vault-sync`,
> `core/review-core`, and `call/review-call`: a `level: review` gate
> at the end of a fix batch, with `scope: moderate`, `risk: low`,
> `impact: phase`. It does not need to re-derive the findings — review
> #004 already did that work. It only needs to confirm the fixes land
> correctly and the workspace stays green.