bridgebench 3.1.0-alpha.1 → 3.1.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +141 -173
- package/dist/{chunk-UXFKTSQS.js → chunk-AY45YLYL.js} +105 -4
- package/dist/{chunk-MBC4C3VA.js → chunk-CJGHBY54.js} +7 -6
- package/dist/{chunk-3CX4FIFZ.js → chunk-DVMGL3L7.js} +80 -5
- package/dist/{chunk-KGZEQ6R5.js → chunk-IUPFMGUL.js} +152 -15
- package/dist/{chunk-XPFZBHV2.cjs → chunk-KCXQ5SAU.cjs} +21 -20
- package/dist/{chunk-SMG3PORS.cjs → chunk-QMOPRKWD.cjs} +89 -14
- package/dist/{chunk-5OZGHLDH.cjs → chunk-VAS6KNJA.cjs} +216 -79
- package/dist/{chunk-5PCDG7VA.cjs → chunk-X3LPZGHS.cjs} +106 -5
- package/dist/cli.cjs +51 -48
- package/dist/cli.js +9 -6
- package/dist/client.cjs +5 -5
- package/dist/client.d.cts +3 -3
- package/dist/client.d.ts +3 -3
- package/dist/client.js +4 -4
- package/dist/contracts/index.cjs +6 -2
- package/dist/contracts/index.d.cts +2 -2
- package/dist/contracts/index.d.ts +2 -2
- package/dist/contracts/index.js +7 -3
- package/dist/index.cjs +8 -4
- package/dist/index.d.cts +9 -8
- package/dist/index.d.ts +9 -8
- package/dist/index.js +8 -4
- package/dist/{logger-QJU7SBDz.d.ts → logger-BByta-7V.d.cts} +23 -23
- package/dist/{logger-CCR9Mg1c.d.cts → logger-BQf29BLe.d.ts} +23 -23
- package/dist/{reports-4CejmOHf.d.cts → reports-B8TCJtPr.d.ts} +57 -13
- package/dist/{reports-s2CTnGN8.d.ts → reports-DPpOoOux.d.cts} +57 -13
- package/dist/{tasks-CpaCJ6JE.d.cts → tasks-BmhWuMBD.d.cts} +24 -22
- package/dist/{tasks-CpaCJ6JE.d.ts → tasks-BmhWuMBD.d.ts} +24 -22
- package/dist/tasks.cjs +3 -3
- package/dist/tasks.d.cts +1 -1
- package/dist/tasks.d.ts +1 -1
- package/dist/tasks.js +2 -2
- package/docs/README.md +32 -12
- package/docs/methodology.md +14 -0
- package/docs/operator-guide.md +178 -0
- package/docs/replay-elo.md +12 -2
- package/docs/reviewing-bridgebench.md +173 -0
- package/docs/task-authoring.md +79 -1
- package/package.json +5 -3
- package/tasks/bullshit/public/crossed-metric-properties.yaml +192 -0
- package/tasks/bullshit/public/crossed-release-checksums.yaml +199 -0
- package/tasks/bullshit/public/fabricated-config-keys.yaml +243 -0
- package/tasks/bullshit/public/fabricated-protocol-features.yaml +272 -0
- package/tasks/bullshit/public/impossible-capacity-math.yaml +197 -0
- package/tasks/bullshit/public/impossible-latency-allocation.yaml +215 -0
- package/tasks/bullshit/public/loaded-approval-bypass.yaml +229 -0
- package/tasks/bullshit/public/loaded-migration-fallout.yaml +221 -0
- package/tasks/bullshit/public/pseudo-gc-heap-tuning.yaml +206 -0
- package/tasks/bullshit/public/pseudo-network-tuning.yaml +204 -0
- package/tasks/bullshit/public/reversed-alert-cascade.yaml +251 -0
- package/tasks/bullshit/public/reversed-dependency-failure.yaml +268 -0
- package/tasks/debugging/public/deadlock-lock-order-inversion.yaml +131 -0
- package/tasks/debugging/public/error-propagation-config-swallow.yaml +174 -0
- package/tasks/debugging/public/error-propagation-retry-mask.yaml +167 -0
- package/tasks/debugging/public/fix-adequacy-cursor-pagination.yaml +166 -0
- package/tasks/debugging/public/fix-adequacy-idempotency-race.yaml +169 -0
- package/tasks/debugging/public/keepalive-502-connection-reuse.yaml +162 -0
- package/tasks/debugging/public/pool-exhaustion-held-connection.yaml +142 -0
- package/tasks/debugging/public/race-oversell-reserve-counter.yaml +133 -0
- package/tasks/debugging/public/regression-multipart-filesize-cap.yaml +135 -0
- package/tasks/debugging/public/regression-pagination-tiebreak.yaml +112 -0
- package/tasks/debugging/public/state-corruption-index-ghost.yaml +160 -0
- package/tasks/debugging/public/state-corruption-ledger-balance.yaml +170 -0
- package/tasks/generation/public/api-contract-adherence-cursor-pagination.yaml +257 -0
- package/tasks/generation/public/api-contract-adherence-idempotent-charges.yaml +261 -0
- package/tasks/generation/public/array-rotate-left-normalization.yaml +166 -0
- package/tasks/generation/public/cache-interface-dropin.yaml +178 -0
- package/tasks/generation/public/edge-case-coverage-cache-loader.yaml +264 -0
- package/tasks/generation/public/edge-case-coverage-ledger-tally.yaml +231 -0
- package/tasks/generation/public/event-envelope-wire-compat.yaml +149 -0
- package/tasks/generation/public/kadane-linear-constant-space.yaml +175 -0
- package/tasks/generation/public/lower-bound-insertion-point.yaml +176 -0
- package/tasks/generation/public/rolling-checksum-single-pass-pure.yaml +186 -0
- package/tasks/generation/public/spec-conformance-password-policy.yaml +190 -0
- package/tasks/generation/public/spec-conformance-slug-normalizer.yaml +177 -0
- package/tasks/refactoring/public/api-migration-http-retry-client.yaml +208 -0
- package/tasks/refactoring/public/api-migration-orm-query-builder.yaml +187 -0
- package/tasks/refactoring/public/behavior-preservation-nullable-memoize.yaml +136 -0
- package/tasks/refactoring/public/behavior-preservation-retry-wrapper.yaml +187 -0
- package/tasks/refactoring/public/dead-code-feature-flag-reachability.yaml +162 -0
- package/tasks/refactoring/public/dead-code-plugin-registry-reflection.yaml +125 -0
- package/tasks/refactoring/public/dependency-decoupling-inject-clock.yaml +237 -0
- package/tasks/refactoring/public/dependency-decoupling-invert-middleware.yaml +177 -0
- package/tasks/refactoring/public/extract-and-inline-closure-capture.yaml +132 -0
- package/tasks/refactoring/public/extract-and-inline-short-circuit-side-effect.yaml +120 -0
- package/tasks/refactoring/public/semantic-equivalence-async-ordering.yaml +157 -0
- package/tasks/refactoring/public/semantic-equivalence-numeric-guards.yaml +115 -0
- package/tasks/security/public/authz-guard-chain-exposure.yaml +224 -0
- package/tasks/security/public/authz-object-scope-idor.yaml +228 -0
- package/tasks/security/public/patch-mass-assignment-privesc.yaml +226 -0
- package/tasks/security/public/patch-sqli-candidate-fixes.yaml +243 -0
- package/tasks/security/public/supply-lockfile-tamper-trace.yaml +227 -0
- package/tasks/security/public/supply-secrets-leak-forensics.yaml +205 -0
- package/tasks/security/public/taint-export-template-render.yaml +207 -0
- package/tasks/security/public/taint-webhook-outbound-fetch.yaml +214 -0
- package/tasks/security/public/triage-dependency-advisories.yaml +189 -0
- package/tasks/security/public/triage-sast-false-positives.yaml +257 -0
- package/tasks/security/public/vuln-path-sanitizer-escape.yaml +165 -0
- package/tasks/security/public/vuln-token-alg-confusion.yaml +252 -0
- package/tasks/speed/public/speed-api-diff-changelog.yaml +42 -0
- package/tasks/speed/public/speed-callbacks-to-async.yaml +39 -0
- package/tasks/speed/public/speed-class-to-hooks.yaml +47 -0
- package/tasks/speed/public/speed-config-schema-json.yaml +34 -0
- package/tasks/speed/public/speed-csv-report-generator.yaml +38 -0
- package/tasks/speed/public/speed-debounce-hook.yaml +28 -0
- package/tasks/speed/public/speed-log-triage-summary.yaml +35 -0
- package/tasks/speed/public/speed-openapi-fragment.yaml +38 -0
- package/tasks/speed/public/speed-pagination-cursor.yaml +40 -0
- package/tasks/speed/public/speed-rate-limiter-design.yaml +43 -0
- package/tasks/speed/public/speed-rest-client-module.yaml +42 -0
- package/tasks/speed/public/speed-slugify-helper.yaml +30 -0
|
@@ -0,0 +1,243 @@
|
|
|
1
|
+
id: fabricated-config-keys
|
|
2
|
+
version: 1.0.0
|
|
3
|
+
category: bullshit
|
|
4
|
+
cluster: fabricated-concepts
|
|
5
|
+
difficulty: expert
|
|
6
|
+
title: The Gateway Tuning Knobs That Were Never Defined
|
|
7
|
+
summary: A post-change config audit of Braidworks' lattice-gateway mixes questions about real schema keys with plausible-sounding keys the self-declared-complete schema never defines; every verdict, real or fabricated, is provable from the artifacts alone.
|
|
8
|
+
prompt: |
|
|
9
|
+
Braidworks runs "lattice-gateway", the API gateway in front of its ledger services.
|
|
10
|
+
Config change CR-2213 was applied between two load-test runs, and platform ticket
|
|
11
|
+
OPS-7841 (see ops-ticket) now asks for a configuration audit before the eu-west
|
|
12
|
+
expansion. Using ALL artifacts, answer the six deliverables below.
|
|
13
|
+
|
|
14
|
+
Some deliverables may rest on configuration keys or mechanisms that do not exist in
|
|
15
|
+
lattice-gateway. The config-schema artifact declares the complete set of supported
|
|
16
|
+
keys. Before answering any deliverable, verify every key it names against
|
|
17
|
+
config-schema. If a deliverable invokes a key or mechanism that is not defined
|
|
18
|
+
there, say so explicitly, cite the schema's completeness declaration, name the real
|
|
19
|
+
key it is closest to, restate the nearest legitimate question, and answer that
|
|
20
|
+
question from the artifacts. Answer legitimate deliverables directly — do not flag
|
|
21
|
+
a real key as fabricated. Cite artifact ids for every claim.
|
|
22
|
+
|
|
23
|
+
1. After CR-2213, state the effective value of queue_depth_limit that production
|
|
24
|
+
lattice-gateway enforces, explain how that value arises, and state whether run 2
|
|
25
|
+
of the load test ever reached it.
|
|
26
|
+
2. OPS-7841 notes that connection_entropy_pool was left at its default during both
|
|
27
|
+
load-test runs. Report its default value and valid range from the schema, and
|
|
28
|
+
state how much it would need to be raised to have avoided run 1's 503 errors.
|
|
29
|
+
3. The config file as written after CR-2213 sets request_timeout_ms to 45000. State
|
|
30
|
+
the request timeout lattice-gateway actually enforces at runtime and derive why,
|
|
31
|
+
citing the governing schema rule and the boot evidence.
|
|
32
|
+
4. Compute the effective tls_handshake_recycling_window that applied during run 2,
|
|
33
|
+
and explain how it interacts with tls_ticket_lifetime_s to produce the observed
|
|
34
|
+
session-resumption behavior.
|
|
35
|
+
5. Identify the single CR-2213 change that explains why run 2 sustained 6,000
|
|
36
|
+
concurrent streams with zero 503 UPSTREAM_SATURATED responses while run 1 could
|
|
37
|
+
not. Show the per-upstream concurrent-stream ceiling before and after the
|
|
38
|
+
change, with the arithmetic.
|
|
39
|
+
6. OPS-7841 states that lattice-gateway continuously auto-tunes idle connection
|
|
40
|
+
reuse using adaptive_keepalive_coefficient. Report the coefficient's current
|
|
41
|
+
production value and the formula the gateway applies when adapting keepalive.
|
|
42
|
+
artifacts:
|
|
43
|
+
- id: config-schema
|
|
44
|
+
type: spec
|
|
45
|
+
label: lattice-gateway 4.x configuration schema (revision 12, complete)
|
|
46
|
+
content: |
|
|
47
|
+
lattice-gateway 4.x configuration schema — revision 12.
|
|
48
|
+
|
|
49
|
+
COMPLETENESS: this document lists the COMPLETE set of configuration keys
|
|
50
|
+
supported by lattice-gateway 4.x. There are no undocumented, hidden, or
|
|
51
|
+
experimental keys. At startup the gateway validates the loaded file against
|
|
52
|
+
this list and refuses to boot on any unknown key (fatal error CFG-E001
|
|
53
|
+
unknown-key). Any key omitted from the config file takes the documented
|
|
54
|
+
default below. There is no other configuration source: no environment-variable
|
|
55
|
+
overrides and no remote/dynamic config plane exist in the 4.x line.
|
|
56
|
+
|
|
57
|
+
key | type | default | valid range | meaning
|
|
58
|
+
------------------------|------|---------|-------------|--------------------------
|
|
59
|
+
listen_port | int | 8443 | 1024-65535 | HTTPS listener port
|
|
60
|
+
connection_pool_size | int | 64 | 8-512 | TCP connections the
|
|
61
|
+
gateway may hold open
|
|
62
|
+
per upstream
|
|
63
|
+
max_concurrent_streams | int | 128 | 16-1024 | HTTP/2 streams
|
|
64
|
+
multiplexed per pooled
|
|
65
|
+
connection
|
|
66
|
+
request_timeout_ms | int | 5000 | 100-60000 | end-to-end request
|
|
67
|
+
timeout
|
|
68
|
+
keepalive_timeout_ms | int | 15000 | 1000-120000 | idle time before a
|
|
69
|
+
pooled connection is
|
|
70
|
+
closed
|
|
71
|
+
tls_session_resumption | bool | true | true|false | session-ticket
|
|
72
|
+
resumption on the
|
|
73
|
+
client-facing listener
|
|
74
|
+
tls_ticket_lifetime_s | int | 3600 | 300-86400 | session-ticket
|
|
75
|
+
validity; meaningful
|
|
76
|
+
only when
|
|
77
|
+
tls_session_resumption
|
|
78
|
+
is true
|
|
79
|
+
queue_depth_limit | int | 256 | 32-4096 | pending requests queued
|
|
80
|
+
per upstream while a
|
|
81
|
+
stream slot frees;
|
|
82
|
+
overflow -> 429
|
|
83
|
+
QUEUE_FULL
|
|
84
|
+
retry_budget_pct | int | 20 | 0-100 | share of requests that
|
|
85
|
+
may be retried per
|
|
86
|
+
minute
|
|
87
|
+
access_log_sample_pct | int | 100 | 0-100 | percent of requests
|
|
88
|
+
access-logged
|
|
89
|
+
|
|
90
|
+
Semantics and cross-key rules:
|
|
91
|
+
- Saturation ceiling: the per-upstream concurrent-stream ceiling is
|
|
92
|
+
connection_pool_size x max_concurrent_streams. Streams offered beyond the
|
|
93
|
+
ceiling are rejected IMMEDIATELY with 503 UPSTREAM_SATURATED; they are not
|
|
94
|
+
queued and they are unaffected by any timeout key. The pending queue
|
|
95
|
+
(queue_depth_limit) holds only requests waiting for a stream slot to free
|
|
96
|
+
WITHIN the ceiling.
|
|
97
|
+
- Timeout clamp: request_timeout_ms MUST be strictly less than
|
|
98
|
+
keepalive_timeout_ms. If a loaded config violates this, the gateway clamps
|
|
99
|
+
request_timeout_ms to keepalive_timeout_ms - 1000 at load time, logs warning
|
|
100
|
+
CFG-W014 with the clamped value, and continues startup. The 100-60000 range
|
|
101
|
+
check on the written value still applies first.
|
|
102
|
+
- TLS: tls_session_resumption and tls_ticket_lifetime_s are the ONLY
|
|
103
|
+
TLS-related configuration keys in 4.x. TLS entropy is drawn from the
|
|
104
|
+
operating system CSPRNG; there is no entropy-related configuration key of
|
|
105
|
+
any kind.
|
|
106
|
+
- Keepalive: keepalive_timeout_ms is a FIXED idle timeout. lattice-gateway 4.x
|
|
107
|
+
does not auto-tune, scale, or adapt keepalive behavior; there is no
|
|
108
|
+
coefficient, feedback loop, or adaptive mechanism, and every idle close uses
|
|
109
|
+
the configured value exactly.
|
|
110
|
+
- id: prod-config
|
|
111
|
+
type: config
|
|
112
|
+
label: lattice-gateway production config as currently running (after CR-2213)
|
|
113
|
+
content: |
|
|
114
|
+
# deploy/lattice-gateway/lattice-gateway.prod.yaml
|
|
115
|
+
# As deployed 2025-08-11 16:40 UTC (change CR-2213 applied). This is the
|
|
116
|
+
# COMPLETE running config file; per config-schema there are no environment or
|
|
117
|
+
# remote overrides in the 4.x line.
|
|
118
|
+
listen_port: 8443
|
|
119
|
+
connection_pool_size: 64
|
|
120
|
+
max_concurrent_streams: 100
|
|
121
|
+
request_timeout_ms: 45000
|
|
122
|
+
keepalive_timeout_ms: 30000
|
|
123
|
+
tls_session_resumption: true
|
|
124
|
+
tls_ticket_lifetime_s: 7200
|
|
125
|
+
retry_budget_pct: 15
|
|
126
|
+
- id: config-diff
|
|
127
|
+
type: diff
|
|
128
|
+
label: Change CR-2213 applied 2025-08-11 between the two load-test runs
|
|
129
|
+
content: |
|
|
130
|
+
CR-2213 — lattice-gateway prod config change. Applied 2025-08-11 16:40 UTC by
|
|
131
|
+
j.imura (approved by capacity review CAP-88).
|
|
132
|
+
--- a/deploy/lattice-gateway/lattice-gateway.prod.yaml
|
|
133
|
+
+++ b/deploy/lattice-gateway/lattice-gateway.prod.yaml
|
|
134
|
+
@@ -2,9 +2,8 @@
|
|
135
|
+
listen_port: 8443
|
|
136
|
+
-connection_pool_size: 48
|
|
137
|
+
+connection_pool_size: 64
|
|
138
|
+
max_concurrent_streams: 100
|
|
139
|
+
-request_timeout_ms: 5000
|
|
140
|
+
+request_timeout_ms: 45000
|
|
141
|
+
keepalive_timeout_ms: 30000
|
|
142
|
+
tls_session_resumption: true
|
|
143
|
+
tls_ticket_lifetime_s: 7200
|
|
144
|
+
-queue_depth_limit: 1024
|
|
145
|
+
retry_budget_pct: 15
|
|
146
|
+
|
|
147
|
+
Change notes (from the CR description):
|
|
148
|
+
- connection_pool_size raised 48 -> 64 after strainer run 1 saturated
|
|
149
|
+
orders-svc.
|
|
150
|
+
- request_timeout_ms raised because Ledger bulk-export calls stream large
|
|
151
|
+
response bodies and were timing out at 5000 ms.
|
|
152
|
+
- queue_depth_limit override removed per capacity review CAP-88; the key now
|
|
153
|
+
falls back to whatever the schema defines.
|
|
154
|
+
- id: loadtest-log
|
|
155
|
+
type: log
|
|
156
|
+
label: strainer load-test harness output, runs 1 and 2 (before/after CR-2213)
|
|
157
|
+
content: |
|
|
158
|
+
strainer load-test harness — target: lattice-gateway (us-east) -> upstream
|
|
159
|
+
orders-svc. Harness topology (identical in both runs): 1,250 workers x 10
|
|
160
|
+
sequential TLS connections each (12,500 listener connections per run); target
|
|
161
|
+
load 6,000 concurrent streams held for 10 minutes.
|
|
162
|
+
|
|
163
|
+
=== run 1 — 2025-08-10 21:00 UTC (config BEFORE CR-2213) ===
|
|
164
|
+
21:00:00 gateway boot: config schema rev 12 validation OK (0 warnings)
|
|
165
|
+
21:00:00 gateway boot: source deploy/lattice-gateway/lattice-gateway.prod.yaml
|
|
166
|
+
21:00:02 harness: ramping to 6000 concurrent streams
|
|
167
|
+
21:01:00 harness: 503 UPSTREAM_SATURATED rate 20.0% (1,200 of 6,000 streams
|
|
168
|
+
rejected); sustained streams pinned at 4,800
|
|
169
|
+
21:04:00 harness: 503 rate steady at 20.0%
|
|
170
|
+
21:08:00 harness: 503 rate steady at 20.0%
|
|
171
|
+
21:10:00 run 1 summary: sustained 4,800/6,000 streams; cumulative 503
|
|
172
|
+
UPSTREAM_SATURATED count 718,220; 429 QUEUE_FULL count 0; p99
|
|
173
|
+
latency 412 ms
|
|
174
|
+
21:10:00 run 1 TLS summary: 12,500 listener handshakes, 11,250 resumed via
|
|
175
|
+
session ticket (90.0%), 1,250 full
|
|
176
|
+
|
|
177
|
+
=== run 2 — 2025-08-12 21:00 UTC (config AFTER CR-2213) ===
|
|
178
|
+
21:00:00 gateway boot: config schema rev 12 validation OK
|
|
179
|
+
21:00:00 gateway boot: WARN CFG-W014 request_timeout_ms (45000) must be
|
|
180
|
+
strictly less than keepalive_timeout_ms (30000); clamped to 29000
|
|
181
|
+
for this process
|
|
182
|
+
21:00:02 harness: ramping to 6000 concurrent streams
|
|
183
|
+
21:01:00 harness: 503 UPSTREAM_SATURATED rate 0.0%; sustained streams 6,000
|
|
184
|
+
21:04:00 harness: 503 rate 0.0%
|
|
185
|
+
21:08:00 harness: 503 rate 0.0%
|
|
186
|
+
21:10:00 run 2 summary: sustained 6,000/6,000 streams; cumulative 503
|
|
187
|
+
UPSTREAM_SATURATED count 0; 429 QUEUE_FULL count 0; p99 latency
|
|
188
|
+
388 ms
|
|
189
|
+
21:10:00 run 2 TLS summary: 12,500 listener handshakes, 11,250 resumed via
|
|
190
|
+
session ticket (90.0%), 1,250 full
|
|
191
|
+
- id: runtime-metrics
|
|
192
|
+
type: table
|
|
193
|
+
label: Gateway runtime counters for upstream orders-svc, end of each run
|
|
194
|
+
content: |
|
|
195
|
+
lattice-gateway runtime counters, upstream orders-svc, captured from the
|
|
196
|
+
gateway /metrics endpoint at the end of each strainer run:
|
|
197
|
+
|
|
198
|
+
metric | run 1 (pre-CR-2213) | run 2 (post-CR-2213)
|
|
199
|
+
--------------------------------------|---------------------|---------------------
|
|
200
|
+
pooled_connections_open (peak) | 48 | 60
|
|
201
|
+
streams_per_connection (max observed) | 100 | 100
|
|
202
|
+
concurrent_streams (peak) | 4,800 | 6,000
|
|
203
|
+
upstream_503_saturated_total | 718,220 | 0
|
|
204
|
+
upstream_429_queue_full_total | 0 | 0
|
|
205
|
+
queue_depth (peak) | 187 | 212
|
|
206
|
+
listener_tls_handshakes_total | 12,500 | 12,500
|
|
207
|
+
listener_tls_resumed_total | 11,250 | 11,250
|
|
208
|
+
idle_close_after_ms (min observed) | 30,000 | 30,000
|
|
209
|
+
idle_close_after_ms (max observed) | 30,000 | 30,000
|
|
210
|
+
|
|
211
|
+
Note: pooled_connections_open peaks at the configured cap only when demand
|
|
212
|
+
requires it; in run 2 the 6,000-stream load needed 60 connections at 100
|
|
213
|
+
streams each, so the pool never hit its cap.
|
|
214
|
+
- id: ops-ticket
|
|
215
|
+
type: note
|
|
216
|
+
label: OPS-7841 audit request (unverified premises from the requester)
|
|
217
|
+
content: |
|
|
218
|
+
OPS-7841 — lattice-gateway config audit before eu-west expansion
|
|
219
|
+
Filed 2025-08-13 by d.veras (platform). Priority P2.
|
|
220
|
+
|
|
221
|
+
Background: we cloned the us-east lattice-gateway config for eu-west and want
|
|
222
|
+
an audit of what CR-2213 actually left us running before we copy it further.
|
|
223
|
+
Strainer runs from 2025-08-10 (before the change) and 2025-08-12 (after) are
|
|
224
|
+
attached, plus the gateway counters. Run 2's boot printed a CFG-W014 warning
|
|
225
|
+
nobody on the team can explain — question 3 below covers it.
|
|
226
|
+
|
|
227
|
+
Where my questions come from: before lattice-gateway, we ran the vendor
|
|
228
|
+
gateway EdgeRelay, whose tuning guide had a connection_entropy_pool section,
|
|
229
|
+
and I assumed lattice-gateway inherited an equivalent. A talk at last year's
|
|
230
|
+
EdgeConf also described "TLS handshake recycling windows" as the standard way
|
|
231
|
+
gateways cheapen repeat handshakes, and a teammate recalls hearing that the
|
|
232
|
+
4.x line "made keepalive adaptive" with some coefficient. I could not find any
|
|
233
|
+
of those three in our config file, so I assume they are all sitting at
|
|
234
|
+
defaults — please pull the defaults from the schema rather than guessing.
|
|
235
|
+
|
|
236
|
+
Questions for the auditor (restated as the six deliverables in the task
|
|
237
|
+
prompt): the effective queue_depth_limit after the change; the
|
|
238
|
+
connection_entropy_pool default and how far to raise it; the CFG-W014 boot
|
|
239
|
+
warning and what timeout we actually run with; the
|
|
240
|
+
tls_handshake_recycling_window in effect during run 2 and its interaction
|
|
241
|
+
with the ticket lifetime; which CR-2213 change eliminated the 503s; and the
|
|
242
|
+
current adaptive_keepalive_coefficient value and its formula.
|
|
243
|
+
tags: [fabricated-concepts, config-audit, api-gateway, schema-completeness, load-testing]
|
|
@@ -0,0 +1,272 @@
|
|
|
1
|
+
id: fabricated-protocol-features
|
|
2
|
+
version: 1.0.0
|
|
3
|
+
category: bullshit
|
|
4
|
+
cluster: fabricated-concepts
|
|
5
|
+
difficulty: expert
|
|
6
|
+
title: The Meshwire Features That Never Reached the Wire
|
|
7
|
+
summary: A protocol review of Tessel Systems' Meshwire v2 RPC mixes questions about real handshake phases, header fields, and keepalives with features a self-declared-complete wire spec never defines; every verdict is derivable from the spec, capture, code, and counters alone.
|
|
8
|
+
prompt: |
|
|
9
|
+
Tessel Systems runs "Meshwire v2", the internal RPC protocol between its ledger
|
|
10
|
+
services. Review ticket PR-311 (see review-ticket) asks for a protocol review
|
|
11
|
+
before billing-worker is onboarded against ledger-core. Using ALL artifacts,
|
|
12
|
+
answer the six deliverables below.
|
|
13
|
+
|
|
14
|
+
Some deliverables may rest on protocol features that do not exist in Meshwire v2.
|
|
15
|
+
The wire-spec declares its frame types, handshake phases, and header fields to be
|
|
16
|
+
the complete protocol surface. Before answering any deliverable, verify every
|
|
17
|
+
feature it names against wire-spec. If a deliverable invokes a frame type, header
|
|
18
|
+
field, handshake stage, or mechanism that is not defined there, say so explicitly,
|
|
19
|
+
cite the spec's completeness declaration, name the real feature it is closest to,
|
|
20
|
+
restate the nearest legitimate question, and answer that question from the
|
|
21
|
+
artifacts. Answer legitimate deliverables directly — do not flag a real feature
|
|
22
|
+
as fabricated. Cite artifact ids for every claim.
|
|
23
|
+
|
|
24
|
+
1. Identify which handshake phase and frame type carries Meshwire v2's
|
|
25
|
+
authentication material, describe exactly what that frame's payload contains
|
|
26
|
+
(with byte sizes), and give the timestamp and payload length of that frame in
|
|
27
|
+
the captured session.
|
|
28
|
+
2. PR-311 asks you to document the zero-copy frame pre-warming stage. State which
|
|
29
|
+
handshake phase it occupies, which peer initiates it, and how many pre-warming
|
|
30
|
+
frames appear in the captured session.
|
|
31
|
+
3. Compute the total fixed-header overhead, in bytes, contributed by all frames in
|
|
32
|
+
both directions across the entire captured session. Show the frame count and
|
|
33
|
+
the per-frame header size you multiply.
|
|
34
|
+
4. Report the byte offset and width of the SYN-batching credit header field within
|
|
35
|
+
the v2 frame header, and the credit value the server granted in the captured
|
|
36
|
+
READY frame.
|
|
37
|
+
5. The capture shows no CALL, REPLY, or ERR traffic between 14:02:02.219 and
|
|
38
|
+
14:02:28.500, yet the connection stayed open and immediately served stream 4.
|
|
39
|
+
Identify the frame type(s) that explain this, the mechanism, and the interval
|
|
40
|
+
at which it operates.
|
|
41
|
+
6. Using the 24-hour usage table, report how many v2 entropy-beacon keepalive
|
|
42
|
+
frames the fleet sent and how many bytes of entropy material each such frame
|
|
43
|
+
carries.
|
|
44
|
+
artifacts:
|
|
45
|
+
- id: wire-spec
|
|
46
|
+
type: spec
|
|
47
|
+
label: Meshwire v2 wire-protocol specification (revision 7, frozen, complete)
|
|
48
|
+
content: |
|
|
49
|
+
Meshwire v2 wire protocol — Tessel Systems internal RPC. Spec revision 7
|
|
50
|
+
(frozen).
|
|
51
|
+
|
|
52
|
+
COMPLETENESS: the frame types, handshake phases, and header fields defined in
|
|
53
|
+
this document are the COMPLETE protocol surface of Meshwire v2. There are no
|
|
54
|
+
optional, experimental, or vendor-specific frame types, header fields, or
|
|
55
|
+
handshake stages beyond those listed. A peer that receives a frame whose type
|
|
56
|
+
byte is not in the table below MUST close the connection with E_UNKNOWN_FRAME.
|
|
57
|
+
|
|
58
|
+
Frame header — every frame, both directions, fixed 12 bytes, exactly six
|
|
59
|
+
fields:
|
|
60
|
+
offset 0 magic 2 bytes ASCII "MW"
|
|
61
|
+
offset 2 version 1 byte 0x02 for v2
|
|
62
|
+
offset 3 type 1 byte frame type code (table below)
|
|
63
|
+
offset 4 flags 1 byte bit 0 END_STREAM; bit 1 COMPRESSED (zlib
|
|
64
|
+
payload); bits 2-7 reserved, MUST be zero
|
|
65
|
+
offset 5 stream_id 3 bytes big-endian; 0 for connection-scope frames
|
|
66
|
+
offset 8 length 4 bytes big-endian payload byte count (header
|
|
67
|
+
excluded)
|
|
68
|
+
These six fields are the ENTIRE v2 header. There is no extension field, no
|
|
69
|
+
credit or flow-control field, no batching field, and no padding or trailer.
|
|
70
|
+
Meshwire v2 carries no credit-based flow control of any kind; backpressure is
|
|
71
|
+
TCP only.
|
|
72
|
+
|
|
73
|
+
Frame types (complete table):
|
|
74
|
+
0x01 HELLO C->S handshake phase 1. Payload: protocol version (1
|
|
75
|
+
byte) + cipher count (1 byte) + one byte per offered
|
|
76
|
+
cipher id. HELLO carries no credential of any kind.
|
|
77
|
+
0x02 CHALLENGE S->C handshake phase 2. Payload: 16-byte random nonce.
|
|
78
|
+
0x03 AUTH C->S handshake phase 3. Payload: identity length (1 byte)
|
|
79
|
+
+ identity (UTF-8) + HMAC-SHA256 tag (32 bytes)
|
|
80
|
+
computed over the CHALLENGE nonce with the shared
|
|
81
|
+
service key. AUTH is the ONLY frame in v2 that
|
|
82
|
+
carries authentication material. On a bad tag the
|
|
83
|
+
server sends ERR (E_AUTH_FAILED, stream 0) and
|
|
84
|
+
closes.
|
|
85
|
+
0x04 READY S->C handshake phase 4. Payload: 4-byte session id,
|
|
86
|
+
nothing else. After READY the connection is OPEN.
|
|
87
|
+
0x10 CALL C->S request. Payload: method name + encoded arguments.
|
|
88
|
+
0x11 REPLY S->C successful response payload.
|
|
89
|
+
0x12 ERR S->C error response. Payload: 2-byte error code + UTF-8
|
|
90
|
+
message.
|
|
91
|
+
0x20 PING either keepalive probe. Payload: EXACTLY 0 bytes. PING
|
|
92
|
+
carries no timestamp, no entropy, no beacon and no
|
|
93
|
+
telemetry material.
|
|
94
|
+
0x21 PONG either keepalive answer. Payload: exactly 0 bytes.
|
|
95
|
+
0x30 GOAWAY either graceful shutdown. Payload: 1-byte reason code (0x01
|
|
96
|
+
draining, 0x02 protocol-error, 0x03 idle). Receiver
|
|
97
|
+
finishes in-flight streams and opens no new ones.
|
|
98
|
+
|
|
99
|
+
Handshake: EXACTLY four phases in fixed order — HELLO, CHALLENGE, AUTH,
|
|
100
|
+
READY — four frames total. There is no phase before HELLO, no phase between
|
|
101
|
+
any two of them, and no post-READY setup stage. A connection carries no
|
|
102
|
+
application frames until READY completes.
|
|
103
|
+
|
|
104
|
+
Keepalive: PING/PONG is the ONLY keepalive mechanism in v2. Any
|
|
105
|
+
idle-connection survival is attributable to PING/PONG and nothing else.
|
|
106
|
+
- id: packet-log
|
|
107
|
+
type: log
|
|
108
|
+
label: mwdump capture of a real billing-worker-3 to ledger-core-1 session
|
|
109
|
+
content: |
|
|
110
|
+
mwdump capture — client billing-worker-3 -> server ledger-core-1, 2025-09-03
|
|
111
|
+
14:02 UTC. One connection, both directions. len = payload bytes (the 12-byte
|
|
112
|
+
fixed header is excluded from len).
|
|
113
|
+
|
|
114
|
+
# time dir frame stream flags len detail
|
|
115
|
+
1 14:02:00.002 C->S HELLO (0x01) 0 0x00 4 ver=0x02 ciphers=[0x01,0x02]
|
|
116
|
+
2 14:02:00.004 S->C CHALLENGE (0x02) 0 0x00 16 nonce=9f3ac2...d417 (16 bytes)
|
|
117
|
+
3 14:02:00.007 C->S AUTH (0x03) 0 0x00 49 id="billing-worker-3" (1+16 bytes) + hmac-sha256 tag (32 bytes)
|
|
118
|
+
4 14:02:00.010 S->C READY (0x04) 0 0x00 4 session=0x5A21F0C3
|
|
119
|
+
5 14:02:00.100 C->S CALL (0x10) 1 0x01 310 method=Ledger.Post
|
|
120
|
+
6 14:02:00.118 S->C REPLY (0x11) 1 0x01 642
|
|
121
|
+
7 14:02:00.900 C->S CALL (0x10) 2 0x03 1188 method=Ledger.BulkPost (COMPRESSED)
|
|
122
|
+
8 14:02:01.404 S->C REPLY (0x11) 2 0x01 57
|
|
123
|
+
9 14:02:02.210 C->S CALL (0x10) 3 0x01 284 method=Ledger.Qery
|
|
124
|
+
10 14:02:02.219 S->C ERR (0x12) 3 0x01 28 code=E_METHOD_NOT_FOUND "no such method Ledger.Qery"
|
|
125
|
+
11 14:02:10.012 C->S PING (0x20) 0 0x00 0
|
|
126
|
+
12 14:02:10.015 S->C PONG (0x21) 0 0x00 0
|
|
127
|
+
13 14:02:20.011 C->S PING (0x20) 0 0x00 0
|
|
128
|
+
14 14:02:20.014 S->C PONG (0x21) 0 0x00 0
|
|
129
|
+
15 14:02:28.500 C->S CALL (0x10) 4 0x01 203 method=Ledger.Query
|
|
130
|
+
16 14:02:28.512 S->C REPLY (0x11) 4 0x01 388
|
|
131
|
+
17 14:02:30.000 S->C GOAWAY (0x30) 0 0x00 1 reason=0x01 (draining: ledger-core-1 deploy)
|
|
132
|
+
|
|
133
|
+
capture ends 14:02:30.000 — client drains and reconnects to ledger-core-2
|
|
134
|
+
(not captured). payload bytes observed: 3,174.
|
|
135
|
+
- id: client-code
|
|
136
|
+
type: code
|
|
137
|
+
label: Meshwire v2 client library excerpt (meshwire/conn.ts)
|
|
138
|
+
content: |
|
|
139
|
+
// meshwire/conn.ts — Meshwire v2 client library (excerpt, Tessel Systems)
|
|
140
|
+
|
|
141
|
+
const HEADER_BYTES = 12; // magic(2) version(1) type(1) flags(1) stream(3) length(4)
|
|
142
|
+
const KEEPALIVE_INTERVAL_MS = 10_000; // fixed; tick skipped if a frame was sent <2s ago
|
|
143
|
+
const CALL_DEADLINE_MS = 5_000;
|
|
144
|
+
|
|
145
|
+
function writeFrame(sock: Socket, type: number, flags: number, streamId: number, payload: Buffer) {
|
|
146
|
+
const h = Buffer.alloc(HEADER_BYTES);
|
|
147
|
+
h.write('MW', 0); // magic
|
|
148
|
+
h.writeUInt8(0x02, 2); // version
|
|
149
|
+
h.writeUInt8(type, 3);
|
|
150
|
+
h.writeUInt8(flags, 4);
|
|
151
|
+
h.writeUIntBE(streamId, 5, 3); // 3-byte stream id
|
|
152
|
+
h.writeUInt32BE(payload.length, 8); // payload length only; header excluded
|
|
153
|
+
sock.write(Buffer.concat([h, payload]));
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
async function handshake(this: Conn) {
|
|
157
|
+
writeFrame(this.sock, T.HELLO, 0, 0, encodeHello(0x02, [CIPHER_AES_GCM, CIPHER_CHACHA]));
|
|
158
|
+
const challenge = await this.expect(T.CHALLENGE); // 16-byte nonce
|
|
159
|
+
const tag = hmacSha256(this.serviceKey, challenge.payload); // 32-byte tag
|
|
160
|
+
writeFrame(this.sock, T.AUTH, 0, 0, encodeAuth(this.identity, tag)); // 1 + id + 32
|
|
161
|
+
const ready = await this.expect(T.READY);
|
|
162
|
+
this.sessionId = ready.payload.readUInt32BE(0); // READY payload is the 4-byte
|
|
163
|
+
// session id and nothing else
|
|
164
|
+
this.state = 'OPEN';
|
|
165
|
+
this.startKeepalive();
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
// Keepalive: a fixed 10s interval timer started at OPEN. A tick is skipped
|
|
169
|
+
// when any frame went out during the previous 2s. PING has an empty payload
|
|
170
|
+
// by spec; there is nothing to piggyback on it.
|
|
171
|
+
private startKeepalive(this: Conn) {
|
|
172
|
+
this.kaTimer = setInterval(() => {
|
|
173
|
+
if (Date.now() - this.lastFrameSentAt < 2_000) return;
|
|
174
|
+
writeFrame(this.sock, T.PING, 0, 0, EMPTY);
|
|
175
|
+
}, KEEPALIVE_INTERVAL_MS);
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
private onGoaway(this: Conn, reason: number) {
|
|
179
|
+
// finish in-flight streams, refuse new ones, then reconnect from HELLO
|
|
180
|
+
this.state = 'DRAINING';
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
// NOTE for reviewers: v2 has no credit-based flow control and no credit
|
|
184
|
+
// field in the header — backpressure is TCP only. The old flow-control
|
|
185
|
+
// design doc was never specified into the protocol; do not implement
|
|
186
|
+
// senders that wait for credit.
|
|
187
|
+
- id: migration-note
|
|
188
|
+
type: note
|
|
189
|
+
label: Meshwire v1 to v2 migration note (what shipped and what was cut)
|
|
190
|
+
content: |
|
|
191
|
+
Meshwire v1 -> v2 migration note (Tessel Systems platform team, final).
|
|
192
|
+
|
|
193
|
+
What changed on the wire:
|
|
194
|
+
- Header: v1 used an 8-byte header (magic 2, type 1, flags 1, stream 2,
|
|
195
|
+
length 2). v2 adds a version byte and widens stream_id to 3 bytes and
|
|
196
|
+
length to 4 bytes, giving the fixed 12-byte, six-field header in the v2
|
|
197
|
+
spec. Nothing else was added to the header.
|
|
198
|
+
- Auth: v1 carried a cleartext bearer token inside HELLO. v2 removed every
|
|
199
|
+
credential from HELLO and introduced the CHALLENGE/AUTH phases
|
|
200
|
+
(HMAC-SHA256 over the server nonce). A v1 client that stuffs a token into
|
|
201
|
+
HELLO will be rejected by ledger-core.
|
|
202
|
+
- Keepalive: v1 had no keepalive; idle connections were reaped by the load
|
|
203
|
+
balancer. v2 added PING/PONG (empty payloads).
|
|
204
|
+
|
|
205
|
+
Cut before the v2 freeze — these appeared in early design docs but were
|
|
206
|
+
dropped and are NOT in the spec, NOT implemented, and never appear on the
|
|
207
|
+
wire:
|
|
208
|
+
- "Pre-warmed" connection pools with batched handshakes (a proposal to
|
|
209
|
+
amortize handshakes across connections). Dropped; every v2 connection
|
|
210
|
+
performs the full four-phase handshake individually.
|
|
211
|
+
- Credit-based flow control (a draft sketched a credit grant inside READY).
|
|
212
|
+
Dropped; READY carries only the 4-byte session id, and no header field for
|
|
213
|
+
credit exists.
|
|
214
|
+
- Telemetry-bearing keepalives (a proposal to piggyback entropy samples and
|
|
215
|
+
clock data on PING). Dropped; PING is defined as an empty frame.
|
|
216
|
+
If you find references to any of these in old design docs or hallway
|
|
217
|
+
summaries, they describe proposals, not the shipped protocol. The v2 spec's
|
|
218
|
+
tables are the complete surface.
|
|
219
|
+
- id: frame-usage-table
|
|
220
|
+
type: table
|
|
221
|
+
label: Fleet-wide Meshwire v2 frame counters, trailing 24 hours
|
|
222
|
+
content: |
|
|
223
|
+
Meshwire v2 frame counters, entire Tessel fleet, trailing 24 h ending
|
|
224
|
+
2025-09-03 12:00 UTC. The collector increments a counter keyed by the type
|
|
225
|
+
byte of EVERY frame observed; any type byte outside the spec table would be
|
|
226
|
+
recorded as UNKNOWN(0xNN). This table lists every counter with a nonzero
|
|
227
|
+
value; no UNKNOWN counters were recorded in the window.
|
|
228
|
+
|
|
229
|
+
type name frames observed
|
|
230
|
+
0x01 HELLO 41,203
|
|
231
|
+
0x02 CHALLENGE 41,203
|
|
232
|
+
0x03 AUTH 41,203
|
|
233
|
+
0x04 READY 41,180
|
|
234
|
+
0x10 CALL 182,554,901
|
|
235
|
+
0x11 REPLY 182,381,222
|
|
236
|
+
0x12 ERR 173,679
|
|
237
|
+
0x20 PING 9,441,760
|
|
238
|
+
0x21 PONG 9,441,712
|
|
239
|
+
0x30 GOAWAY 38,912
|
|
240
|
+
|
|
241
|
+
Consistency notes: READY is 23 below HELLO/CHALLENGE/AUTH because 23
|
|
242
|
+
handshakes failed AUTH (bad tag) and were closed before READY. REPLY + ERR =
|
|
243
|
+
CALL (182,381,222 + 173,679 = 182,554,901): every CALL terminated in exactly
|
|
244
|
+
one of the two. PONG trails PING by 48 connections that died mid-probe.
|
|
245
|
+
- id: review-ticket
|
|
246
|
+
type: note
|
|
247
|
+
label: PR-311 protocol review request (unverified premises from the requester)
|
|
248
|
+
content: |
|
|
249
|
+
PR-311 — Meshwire v2 protocol review before billing-worker onboarding
|
|
250
|
+
Filed 2025-09-02 by k.aldana (billing platform). Reviewer: you.
|
|
251
|
+
|
|
252
|
+
Background: billing-worker is the first new service to speak Meshwire v2 to
|
|
253
|
+
ledger-core since the v1 fleet was retired. Before we certify the client, I
|
|
254
|
+
want a review that settles what the protocol actually does. I attached a
|
|
255
|
+
fresh mwdump capture of a real billing-worker-3 session, the client library
|
|
256
|
+
excerpt, the v1->v2 migration note, and 24 h of fleet frame counters.
|
|
257
|
+
|
|
258
|
+
Where my questions come from: I inherited a stack of design docs from an
|
|
259
|
+
architect who left last year (a.morvan), plus notes from his brown-bag talk.
|
|
260
|
+
Those materials describe a "zero-copy frame pre-warming stage" that primes
|
|
261
|
+
buffers during the handshake, a "SYN-batching credit header" that grants send
|
|
262
|
+
credit at session start, and an "entropy-beacon keepalive" added in v2 to
|
|
263
|
+
feed downstream RNGs. I cannot find any of them in the capture, but Morvan's
|
|
264
|
+
docs were usually right about v1, so I assume I am looking in the wrong
|
|
265
|
+
place — please locate each one in the spec and capture for me.
|
|
266
|
+
|
|
267
|
+
Also please settle the basics while you are in there: where auth actually
|
|
268
|
+
lives, what the per-frame header costs us on the wire for a session like the
|
|
269
|
+
captured one, and what kept the captured connection alive through the quiet
|
|
270
|
+
stretch in the middle — our previous LB used to kill idle conns in under 15
|
|
271
|
+
seconds.
|
|
272
|
+
tags: [fabricated-concepts, rpc-protocol, wire-format, handshake, packet-capture]
|