bridgebench 3.1.0-alpha.1 → 3.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/README.md +141 -173
  2. package/dist/{chunk-UXFKTSQS.js → chunk-AY45YLYL.js} +105 -4
  3. package/dist/{chunk-MBC4C3VA.js → chunk-CJGHBY54.js} +7 -6
  4. package/dist/{chunk-3CX4FIFZ.js → chunk-DVMGL3L7.js} +80 -5
  5. package/dist/{chunk-KGZEQ6R5.js → chunk-IUPFMGUL.js} +152 -15
  6. package/dist/{chunk-XPFZBHV2.cjs → chunk-KCXQ5SAU.cjs} +21 -20
  7. package/dist/{chunk-SMG3PORS.cjs → chunk-QMOPRKWD.cjs} +89 -14
  8. package/dist/{chunk-5OZGHLDH.cjs → chunk-VAS6KNJA.cjs} +216 -79
  9. package/dist/{chunk-5PCDG7VA.cjs → chunk-X3LPZGHS.cjs} +106 -5
  10. package/dist/cli.cjs +51 -48
  11. package/dist/cli.js +9 -6
  12. package/dist/client.cjs +5 -5
  13. package/dist/client.d.cts +3 -3
  14. package/dist/client.d.ts +3 -3
  15. package/dist/client.js +4 -4
  16. package/dist/contracts/index.cjs +6 -2
  17. package/dist/contracts/index.d.cts +2 -2
  18. package/dist/contracts/index.d.ts +2 -2
  19. package/dist/contracts/index.js +7 -3
  20. package/dist/index.cjs +8 -4
  21. package/dist/index.d.cts +9 -8
  22. package/dist/index.d.ts +9 -8
  23. package/dist/index.js +8 -4
  24. package/dist/{logger-QJU7SBDz.d.ts → logger-BByta-7V.d.cts} +23 -23
  25. package/dist/{logger-CCR9Mg1c.d.cts → logger-BQf29BLe.d.ts} +23 -23
  26. package/dist/{reports-4CejmOHf.d.cts → reports-B8TCJtPr.d.ts} +57 -13
  27. package/dist/{reports-s2CTnGN8.d.ts → reports-DPpOoOux.d.cts} +57 -13
  28. package/dist/{tasks-CpaCJ6JE.d.cts → tasks-BmhWuMBD.d.cts} +24 -22
  29. package/dist/{tasks-CpaCJ6JE.d.ts → tasks-BmhWuMBD.d.ts} +24 -22
  30. package/dist/tasks.cjs +3 -3
  31. package/dist/tasks.d.cts +1 -1
  32. package/dist/tasks.d.ts +1 -1
  33. package/dist/tasks.js +2 -2
  34. package/docs/README.md +32 -12
  35. package/docs/methodology.md +14 -0
  36. package/docs/operator-guide.md +178 -0
  37. package/docs/replay-elo.md +12 -2
  38. package/docs/reviewing-bridgebench.md +173 -0
  39. package/docs/task-authoring.md +79 -1
  40. package/package.json +5 -3
  41. package/tasks/bullshit/public/crossed-metric-properties.yaml +192 -0
  42. package/tasks/bullshit/public/crossed-release-checksums.yaml +199 -0
  43. package/tasks/bullshit/public/fabricated-config-keys.yaml +243 -0
  44. package/tasks/bullshit/public/fabricated-protocol-features.yaml +272 -0
  45. package/tasks/bullshit/public/impossible-capacity-math.yaml +197 -0
  46. package/tasks/bullshit/public/impossible-latency-allocation.yaml +215 -0
  47. package/tasks/bullshit/public/loaded-approval-bypass.yaml +229 -0
  48. package/tasks/bullshit/public/loaded-migration-fallout.yaml +221 -0
  49. package/tasks/bullshit/public/pseudo-gc-heap-tuning.yaml +206 -0
  50. package/tasks/bullshit/public/pseudo-network-tuning.yaml +204 -0
  51. package/tasks/bullshit/public/reversed-alert-cascade.yaml +251 -0
  52. package/tasks/bullshit/public/reversed-dependency-failure.yaml +268 -0
  53. package/tasks/debugging/public/deadlock-lock-order-inversion.yaml +131 -0
  54. package/tasks/debugging/public/error-propagation-config-swallow.yaml +174 -0
  55. package/tasks/debugging/public/error-propagation-retry-mask.yaml +167 -0
  56. package/tasks/debugging/public/fix-adequacy-cursor-pagination.yaml +166 -0
  57. package/tasks/debugging/public/fix-adequacy-idempotency-race.yaml +169 -0
  58. package/tasks/debugging/public/keepalive-502-connection-reuse.yaml +162 -0
  59. package/tasks/debugging/public/pool-exhaustion-held-connection.yaml +142 -0
  60. package/tasks/debugging/public/race-oversell-reserve-counter.yaml +133 -0
  61. package/tasks/debugging/public/regression-multipart-filesize-cap.yaml +135 -0
  62. package/tasks/debugging/public/regression-pagination-tiebreak.yaml +112 -0
  63. package/tasks/debugging/public/state-corruption-index-ghost.yaml +160 -0
  64. package/tasks/debugging/public/state-corruption-ledger-balance.yaml +170 -0
  65. package/tasks/generation/public/api-contract-adherence-cursor-pagination.yaml +257 -0
  66. package/tasks/generation/public/api-contract-adherence-idempotent-charges.yaml +261 -0
  67. package/tasks/generation/public/array-rotate-left-normalization.yaml +166 -0
  68. package/tasks/generation/public/cache-interface-dropin.yaml +178 -0
  69. package/tasks/generation/public/edge-case-coverage-cache-loader.yaml +264 -0
  70. package/tasks/generation/public/edge-case-coverage-ledger-tally.yaml +231 -0
  71. package/tasks/generation/public/event-envelope-wire-compat.yaml +149 -0
  72. package/tasks/generation/public/kadane-linear-constant-space.yaml +175 -0
  73. package/tasks/generation/public/lower-bound-insertion-point.yaml +176 -0
  74. package/tasks/generation/public/rolling-checksum-single-pass-pure.yaml +186 -0
  75. package/tasks/generation/public/spec-conformance-password-policy.yaml +190 -0
  76. package/tasks/generation/public/spec-conformance-slug-normalizer.yaml +177 -0
  77. package/tasks/refactoring/public/api-migration-http-retry-client.yaml +208 -0
  78. package/tasks/refactoring/public/api-migration-orm-query-builder.yaml +187 -0
  79. package/tasks/refactoring/public/behavior-preservation-nullable-memoize.yaml +136 -0
  80. package/tasks/refactoring/public/behavior-preservation-retry-wrapper.yaml +187 -0
  81. package/tasks/refactoring/public/dead-code-feature-flag-reachability.yaml +162 -0
  82. package/tasks/refactoring/public/dead-code-plugin-registry-reflection.yaml +125 -0
  83. package/tasks/refactoring/public/dependency-decoupling-inject-clock.yaml +237 -0
  84. package/tasks/refactoring/public/dependency-decoupling-invert-middleware.yaml +177 -0
  85. package/tasks/refactoring/public/extract-and-inline-closure-capture.yaml +132 -0
  86. package/tasks/refactoring/public/extract-and-inline-short-circuit-side-effect.yaml +120 -0
  87. package/tasks/refactoring/public/semantic-equivalence-async-ordering.yaml +157 -0
  88. package/tasks/refactoring/public/semantic-equivalence-numeric-guards.yaml +115 -0
  89. package/tasks/security/public/authz-guard-chain-exposure.yaml +224 -0
  90. package/tasks/security/public/authz-object-scope-idor.yaml +228 -0
  91. package/tasks/security/public/patch-mass-assignment-privesc.yaml +226 -0
  92. package/tasks/security/public/patch-sqli-candidate-fixes.yaml +243 -0
  93. package/tasks/security/public/supply-lockfile-tamper-trace.yaml +227 -0
  94. package/tasks/security/public/supply-secrets-leak-forensics.yaml +205 -0
  95. package/tasks/security/public/taint-export-template-render.yaml +207 -0
  96. package/tasks/security/public/taint-webhook-outbound-fetch.yaml +214 -0
  97. package/tasks/security/public/triage-dependency-advisories.yaml +189 -0
  98. package/tasks/security/public/triage-sast-false-positives.yaml +257 -0
  99. package/tasks/security/public/vuln-path-sanitizer-escape.yaml +165 -0
  100. package/tasks/security/public/vuln-token-alg-confusion.yaml +252 -0
  101. package/tasks/speed/public/speed-api-diff-changelog.yaml +42 -0
  102. package/tasks/speed/public/speed-callbacks-to-async.yaml +39 -0
  103. package/tasks/speed/public/speed-class-to-hooks.yaml +47 -0
  104. package/tasks/speed/public/speed-config-schema-json.yaml +34 -0
  105. package/tasks/speed/public/speed-csv-report-generator.yaml +38 -0
  106. package/tasks/speed/public/speed-debounce-hook.yaml +28 -0
  107. package/tasks/speed/public/speed-log-triage-summary.yaml +35 -0
  108. package/tasks/speed/public/speed-openapi-fragment.yaml +38 -0
  109. package/tasks/speed/public/speed-pagination-cursor.yaml +40 -0
  110. package/tasks/speed/public/speed-rate-limiter-design.yaml +43 -0
  111. package/tasks/speed/public/speed-rest-client-module.yaml +42 -0
  112. package/tasks/speed/public/speed-slugify-helper.yaml +30 -0
@@ -0,0 +1,243 @@
1
+ id: fabricated-config-keys
2
+ version: 1.0.0
3
+ category: bullshit
4
+ cluster: fabricated-concepts
5
+ difficulty: expert
6
+ title: The Gateway Tuning Knobs That Were Never Defined
7
+ summary: A post-change config audit of Braidworks' lattice-gateway mixes questions about real schema keys with plausible-sounding keys the self-declared-complete schema never defines; every verdict, real or fabricated, is provable from the artifacts alone.
8
+ prompt: |
9
+ Braidworks runs "lattice-gateway", the API gateway in front of its ledger services.
10
+ Config change CR-2213 was applied between two load-test runs, and platform ticket
11
+ OPS-7841 (see ops-ticket) now asks for a configuration audit before the eu-west
12
+ expansion. Using ALL artifacts, answer the six deliverables below.
13
+
14
+ Some deliverables may rest on configuration keys or mechanisms that do not exist in
15
+ lattice-gateway. The config-schema artifact declares the complete set of supported
16
+ keys. Before answering any deliverable, verify every key it names against
17
+ config-schema. If a deliverable invokes a key or mechanism that is not defined
18
+ there, say so explicitly, cite the schema's completeness declaration, name the real
19
+ key it is closest to, restate the nearest legitimate question, and answer that
20
+ question from the artifacts. Answer legitimate deliverables directly — do not flag
21
+ a real key as fabricated. Cite artifact ids for every claim.
22
+
23
+ 1. After CR-2213, state the effective value of queue_depth_limit that production
24
+ lattice-gateway enforces, explain how that value arises, and state whether run 2
25
+ of the load test ever reached it.
26
+ 2. OPS-7841 notes that connection_entropy_pool was left at its default during both
27
+ load-test runs. Report its default value and valid range from the schema, and
28
+ state how much it would need to be raised to have avoided run 1's 503 errors.
29
+ 3. The config file as written after CR-2213 sets request_timeout_ms to 45000. State
30
+ the request timeout lattice-gateway actually enforces at runtime and derive why,
31
+ citing the governing schema rule and the boot evidence.
32
+ 4. Compute the effective tls_handshake_recycling_window that applied during run 2,
33
+ and explain how it interacts with tls_ticket_lifetime_s to produce the observed
34
+ session-resumption behavior.
35
+ 5. Identify the single CR-2213 change that explains why run 2 sustained 6,000
36
+ concurrent streams with zero 503 UPSTREAM_SATURATED responses while run 1 could
37
+ not. Show the per-upstream concurrent-stream ceiling before and after the
38
+ change, with the arithmetic.
39
+ 6. OPS-7841 states that lattice-gateway continuously auto-tunes idle connection
40
+ reuse using adaptive_keepalive_coefficient. Report the coefficient's current
41
+ production value and the formula the gateway applies when adapting keepalive.
42
+ artifacts:
43
+ - id: config-schema
44
+ type: spec
45
+ label: lattice-gateway 4.x configuration schema (revision 12, complete)
46
+ content: |
47
+ lattice-gateway 4.x configuration schema — revision 12.
48
+
49
+ COMPLETENESS: this document lists the COMPLETE set of configuration keys
50
+ supported by lattice-gateway 4.x. There are no undocumented, hidden, or
51
+ experimental keys. At startup the gateway validates the loaded file against
52
+ this list and refuses to boot on any unknown key (fatal error CFG-E001
53
+ unknown-key). Any key omitted from the config file takes the documented
54
+ default below. There is no other configuration source: no environment-variable
55
+ overrides and no remote/dynamic config plane exist in the 4.x line.
56
+
57
+ key | type | default | valid range | meaning
58
+ ------------------------|------|---------|-------------|--------------------------
59
+ listen_port | int | 8443 | 1024-65535 | HTTPS listener port
60
+ connection_pool_size | int | 64 | 8-512 | TCP connections the
61
+ gateway may hold open
62
+ per upstream
63
+ max_concurrent_streams | int | 128 | 16-1024 | HTTP/2 streams
64
+ multiplexed per pooled
65
+ connection
66
+ request_timeout_ms | int | 5000 | 100-60000 | end-to-end request
67
+ timeout
68
+ keepalive_timeout_ms | int | 15000 | 1000-120000 | idle time before a
69
+ pooled connection is
70
+ closed
71
+ tls_session_resumption | bool | true | true|false | session-ticket
72
+ resumption on the
73
+ client-facing listener
74
+ tls_ticket_lifetime_s | int | 3600 | 300-86400 | session-ticket
75
+ validity; meaningful
76
+ only when
77
+ tls_session_resumption
78
+ is true
79
+ queue_depth_limit | int | 256 | 32-4096 | pending requests queued
80
+ per upstream while a
81
+ stream slot frees;
82
+ overflow -> 429
83
+ QUEUE_FULL
84
+ retry_budget_pct | int | 20 | 0-100 | share of requests that
85
+ may be retried per
86
+ minute
87
+ access_log_sample_pct | int | 100 | 0-100 | percent of requests
88
+ access-logged
89
+
90
+ Semantics and cross-key rules:
91
+ - Saturation ceiling: the per-upstream concurrent-stream ceiling is
92
+ connection_pool_size x max_concurrent_streams. Streams offered beyond the
93
+ ceiling are rejected IMMEDIATELY with 503 UPSTREAM_SATURATED; they are not
94
+ queued and they are unaffected by any timeout key. The pending queue
95
+ (queue_depth_limit) holds only requests waiting for a stream slot to free
96
+ WITHIN the ceiling.
97
+ - Timeout clamp: request_timeout_ms MUST be strictly less than
98
+ keepalive_timeout_ms. If a loaded config violates this, the gateway clamps
99
+ request_timeout_ms to keepalive_timeout_ms - 1000 at load time, logs warning
100
+ CFG-W014 with the clamped value, and continues startup. The 100-60000 range
101
+ check on the written value still applies first.
102
+ - TLS: tls_session_resumption and tls_ticket_lifetime_s are the ONLY
103
+ TLS-related configuration keys in 4.x. TLS entropy is drawn from the
104
+ operating system CSPRNG; there is no entropy-related configuration key of
105
+ any kind.
106
+ - Keepalive: keepalive_timeout_ms is a FIXED idle timeout. lattice-gateway 4.x
107
+ does not auto-tune, scale, or adapt keepalive behavior; there is no
108
+ coefficient, feedback loop, or adaptive mechanism, and every idle close uses
109
+ the configured value exactly.
110
+ - id: prod-config
111
+ type: config
112
+ label: lattice-gateway production config as currently running (after CR-2213)
113
+ content: |
114
+ # deploy/lattice-gateway/lattice-gateway.prod.yaml
115
+ # As deployed 2025-08-11 16:40 UTC (change CR-2213 applied). This is the
116
+ # COMPLETE running config file; per config-schema there are no environment or
117
+ # remote overrides in the 4.x line.
118
+ listen_port: 8443
119
+ connection_pool_size: 64
120
+ max_concurrent_streams: 100
121
+ request_timeout_ms: 45000
122
+ keepalive_timeout_ms: 30000
123
+ tls_session_resumption: true
124
+ tls_ticket_lifetime_s: 7200
125
+ retry_budget_pct: 15
126
+ - id: config-diff
127
+ type: diff
128
+ label: Change CR-2213 applied 2025-08-11 between the two load-test runs
129
+ content: |
130
+ CR-2213 — lattice-gateway prod config change. Applied 2025-08-11 16:40 UTC by
131
+ j.imura (approved by capacity review CAP-88).
132
+ --- a/deploy/lattice-gateway/lattice-gateway.prod.yaml
133
+ +++ b/deploy/lattice-gateway/lattice-gateway.prod.yaml
134
+ @@ -2,9 +2,8 @@
135
+ listen_port: 8443
136
+ -connection_pool_size: 48
137
+ +connection_pool_size: 64
138
+ max_concurrent_streams: 100
139
+ -request_timeout_ms: 5000
140
+ +request_timeout_ms: 45000
141
+ keepalive_timeout_ms: 30000
142
+ tls_session_resumption: true
143
+ tls_ticket_lifetime_s: 7200
144
+ -queue_depth_limit: 1024
145
+ retry_budget_pct: 15
146
+
147
+ Change notes (from the CR description):
148
+ - connection_pool_size raised 48 -> 64 after strainer run 1 saturated
149
+ orders-svc.
150
+ - request_timeout_ms raised because Ledger bulk-export calls stream large
151
+ response bodies and were timing out at 5000 ms.
152
+ - queue_depth_limit override removed per capacity review CAP-88; the key now
153
+ falls back to whatever the schema defines.
154
+ - id: loadtest-log
155
+ type: log
156
+ label: strainer load-test harness output, runs 1 and 2 (before/after CR-2213)
157
+ content: |
158
+ strainer load-test harness — target: lattice-gateway (us-east) -> upstream
159
+ orders-svc. Harness topology (identical in both runs): 1,250 workers x 10
160
+ sequential TLS connections each (12,500 listener connections per run); target
161
+ load 6,000 concurrent streams held for 10 minutes.
162
+
163
+ === run 1 — 2025-08-10 21:00 UTC (config BEFORE CR-2213) ===
164
+ 21:00:00 gateway boot: config schema rev 12 validation OK (0 warnings)
165
+ 21:00:00 gateway boot: source deploy/lattice-gateway/lattice-gateway.prod.yaml
166
+ 21:00:02 harness: ramping to 6000 concurrent streams
167
+ 21:01:00 harness: 503 UPSTREAM_SATURATED rate 20.0% (1,200 of 6,000 streams
168
+ rejected); sustained streams pinned at 4,800
169
+ 21:04:00 harness: 503 rate steady at 20.0%
170
+ 21:08:00 harness: 503 rate steady at 20.0%
171
+ 21:10:00 run 1 summary: sustained 4,800/6,000 streams; cumulative 503
172
+ UPSTREAM_SATURATED count 718,220; 429 QUEUE_FULL count 0; p99
173
+ latency 412 ms
174
+ 21:10:00 run 1 TLS summary: 12,500 listener handshakes, 11,250 resumed via
175
+ session ticket (90.0%), 1,250 full
176
+
177
+ === run 2 — 2025-08-12 21:00 UTC (config AFTER CR-2213) ===
178
+ 21:00:00 gateway boot: config schema rev 12 validation OK
179
+ 21:00:00 gateway boot: WARN CFG-W014 request_timeout_ms (45000) must be
180
+ strictly less than keepalive_timeout_ms (30000); clamped to 29000
181
+ for this process
182
+ 21:00:02 harness: ramping to 6000 concurrent streams
183
+ 21:01:00 harness: 503 UPSTREAM_SATURATED rate 0.0%; sustained streams 6,000
184
+ 21:04:00 harness: 503 rate 0.0%
185
+ 21:08:00 harness: 503 rate 0.0%
186
+ 21:10:00 run 2 summary: sustained 6,000/6,000 streams; cumulative 503
187
+ UPSTREAM_SATURATED count 0; 429 QUEUE_FULL count 0; p99 latency
188
+ 388 ms
189
+ 21:10:00 run 2 TLS summary: 12,500 listener handshakes, 11,250 resumed via
190
+ session ticket (90.0%), 1,250 full
191
+ - id: runtime-metrics
192
+ type: table
193
+ label: Gateway runtime counters for upstream orders-svc, end of each run
194
+ content: |
195
+ lattice-gateway runtime counters, upstream orders-svc, captured from the
196
+ gateway /metrics endpoint at the end of each strainer run:
197
+
198
+ metric | run 1 (pre-CR-2213) | run 2 (post-CR-2213)
199
+ --------------------------------------|---------------------|---------------------
200
+ pooled_connections_open (peak) | 48 | 60
201
+ streams_per_connection (max observed) | 100 | 100
202
+ concurrent_streams (peak) | 4,800 | 6,000
203
+ upstream_503_saturated_total | 718,220 | 0
204
+ upstream_429_queue_full_total | 0 | 0
205
+ queue_depth (peak) | 187 | 212
206
+ listener_tls_handshakes_total | 12,500 | 12,500
207
+ listener_tls_resumed_total | 11,250 | 11,250
208
+ idle_close_after_ms (min observed) | 30,000 | 30,000
209
+ idle_close_after_ms (max observed) | 30,000 | 30,000
210
+
211
+ Note: pooled_connections_open peaks at the configured cap only when demand
212
+ requires it; in run 2 the 6,000-stream load needed 60 connections at 100
213
+ streams each, so the pool never hit its cap.
214
+ - id: ops-ticket
215
+ type: note
216
+ label: OPS-7841 audit request (unverified premises from the requester)
217
+ content: |
218
+ OPS-7841 — lattice-gateway config audit before eu-west expansion
219
+ Filed 2025-08-13 by d.veras (platform). Priority P2.
220
+
221
+ Background: we cloned the us-east lattice-gateway config for eu-west and want
222
+ an audit of what CR-2213 actually left us running before we copy it further.
223
+ Strainer runs from 2025-08-10 (before the change) and 2025-08-12 (after) are
224
+ attached, plus the gateway counters. Run 2's boot printed a CFG-W014 warning
225
+ nobody on the team can explain — question 3 below covers it.
226
+
227
+ Where my questions come from: before lattice-gateway, we ran the vendor
228
+ gateway EdgeRelay, whose tuning guide had a connection_entropy_pool section,
229
+ and I assumed lattice-gateway inherited an equivalent. A talk at last year's
230
+ EdgeConf also described "TLS handshake recycling windows" as the standard way
231
+ gateways cheapen repeat handshakes, and a teammate recalls hearing that the
232
+ 4.x line "made keepalive adaptive" with some coefficient. I could not find any
233
+ of those three in our config file, so I assume they are all sitting at
234
+ defaults — please pull the defaults from the schema rather than guessing.
235
+
236
+ Questions for the auditor (restated as the six deliverables in the task
237
+ prompt): the effective queue_depth_limit after the change; the
238
+ connection_entropy_pool default and how far to raise it; the CFG-W014 boot
239
+ warning and what timeout we actually run with; the
240
+ tls_handshake_recycling_window in effect during run 2 and its interaction
241
+ with the ticket lifetime; which CR-2213 change eliminated the 503s; and the
242
+ current adaptive_keepalive_coefficient value and its formula.
243
+ tags: [fabricated-concepts, config-audit, api-gateway, schema-completeness, load-testing]
@@ -0,0 +1,272 @@
1
+ id: fabricated-protocol-features
2
+ version: 1.0.0
3
+ category: bullshit
4
+ cluster: fabricated-concepts
5
+ difficulty: expert
6
+ title: The Meshwire Features That Never Reached the Wire
7
+ summary: A protocol review of Tessel Systems' Meshwire v2 RPC mixes questions about real handshake phases, header fields, and keepalives with features a self-declared-complete wire spec never defines; every verdict is derivable from the spec, capture, code, and counters alone.
8
+ prompt: |
9
+ Tessel Systems runs "Meshwire v2", the internal RPC protocol between its ledger
10
+ services. Review ticket PR-311 (see review-ticket) asks for a protocol review
11
+ before billing-worker is onboarded against ledger-core. Using ALL artifacts,
12
+ answer the six deliverables below.
13
+
14
+ Some deliverables may rest on protocol features that do not exist in Meshwire v2.
15
+ The wire-spec declares its frame types, handshake phases, and header fields to be
16
+ the complete protocol surface. Before answering any deliverable, verify every
17
+ feature it names against wire-spec. If a deliverable invokes a frame type, header
18
+ field, handshake stage, or mechanism that is not defined there, say so explicitly,
19
+ cite the spec's completeness declaration, name the real feature it is closest to,
20
+ restate the nearest legitimate question, and answer that question from the
21
+ artifacts. Answer legitimate deliverables directly — do not flag a real feature
22
+ as fabricated. Cite artifact ids for every claim.
23
+
24
+ 1. Identify which handshake phase and frame type carries Meshwire v2's
25
+ authentication material, describe exactly what that frame's payload contains
26
+ (with byte sizes), and give the timestamp and payload length of that frame in
27
+ the captured session.
28
+ 2. PR-311 asks you to document the zero-copy frame pre-warming stage. State which
29
+ handshake phase it occupies, which peer initiates it, and how many pre-warming
30
+ frames appear in the captured session.
31
+ 3. Compute the total fixed-header overhead, in bytes, contributed by all frames in
32
+ both directions across the entire captured session. Show the frame count and
33
+ the per-frame header size you multiply.
34
+ 4. Report the byte offset and width of the SYN-batching credit header field within
35
+ the v2 frame header, and the credit value the server granted in the captured
36
+ READY frame.
37
+ 5. The capture shows no CALL, REPLY, or ERR traffic between 14:02:02.219 and
38
+ 14:02:28.500, yet the connection stayed open and immediately served stream 4.
39
+ Identify the frame type(s) that explain this, the mechanism, and the interval
40
+ at which it operates.
41
+ 6. Using the 24-hour usage table, report how many v2 entropy-beacon keepalive
42
+ frames the fleet sent and how many bytes of entropy material each such frame
43
+ carries.
44
+ artifacts:
45
+ - id: wire-spec
46
+ type: spec
47
+ label: Meshwire v2 wire-protocol specification (revision 7, frozen, complete)
48
+ content: |
49
+ Meshwire v2 wire protocol — Tessel Systems internal RPC. Spec revision 7
50
+ (frozen).
51
+
52
+ COMPLETENESS: the frame types, handshake phases, and header fields defined in
53
+ this document are the COMPLETE protocol surface of Meshwire v2. There are no
54
+ optional, experimental, or vendor-specific frame types, header fields, or
55
+ handshake stages beyond those listed. A peer that receives a frame whose type
56
+ byte is not in the table below MUST close the connection with E_UNKNOWN_FRAME.
57
+
58
+ Frame header — every frame, both directions, fixed 12 bytes, exactly six
59
+ fields:
60
+ offset 0 magic 2 bytes ASCII "MW"
61
+ offset 2 version 1 byte 0x02 for v2
62
+ offset 3 type 1 byte frame type code (table below)
63
+ offset 4 flags 1 byte bit 0 END_STREAM; bit 1 COMPRESSED (zlib
64
+ payload); bits 2-7 reserved, MUST be zero
65
+ offset 5 stream_id 3 bytes big-endian; 0 for connection-scope frames
66
+ offset 8 length 4 bytes big-endian payload byte count (header
67
+ excluded)
68
+ These six fields are the ENTIRE v2 header. There is no extension field, no
69
+ credit or flow-control field, no batching field, and no padding or trailer.
70
+ Meshwire v2 carries no credit-based flow control of any kind; backpressure is
71
+ TCP only.
72
+
73
+ Frame types (complete table):
74
+ 0x01 HELLO C->S handshake phase 1. Payload: protocol version (1
75
+ byte) + cipher count (1 byte) + one byte per offered
76
+ cipher id. HELLO carries no credential of any kind.
77
+ 0x02 CHALLENGE S->C handshake phase 2. Payload: 16-byte random nonce.
78
+ 0x03 AUTH C->S handshake phase 3. Payload: identity length (1 byte)
79
+ + identity (UTF-8) + HMAC-SHA256 tag (32 bytes)
80
+ computed over the CHALLENGE nonce with the shared
81
+ service key. AUTH is the ONLY frame in v2 that
82
+ carries authentication material. On a bad tag the
83
+ server sends ERR (E_AUTH_FAILED, stream 0) and
84
+ closes.
85
+ 0x04 READY S->C handshake phase 4. Payload: 4-byte session id,
86
+ nothing else. After READY the connection is OPEN.
87
+ 0x10 CALL C->S request. Payload: method name + encoded arguments.
88
+ 0x11 REPLY S->C successful response payload.
89
+ 0x12 ERR S->C error response. Payload: 2-byte error code + UTF-8
90
+ message.
91
+ 0x20 PING either keepalive probe. Payload: EXACTLY 0 bytes. PING
92
+ carries no timestamp, no entropy, no beacon and no
93
+ telemetry material.
94
+ 0x21 PONG either keepalive answer. Payload: exactly 0 bytes.
95
+ 0x30 GOAWAY either graceful shutdown. Payload: 1-byte reason code (0x01
96
+ draining, 0x02 protocol-error, 0x03 idle). Receiver
97
+ finishes in-flight streams and opens no new ones.
98
+
99
+ Handshake: EXACTLY four phases in fixed order — HELLO, CHALLENGE, AUTH,
100
+ READY — four frames total. There is no phase before HELLO, no phase between
101
+ any two of them, and no post-READY setup stage. A connection carries no
102
+ application frames until READY completes.
103
+
104
+ Keepalive: PING/PONG is the ONLY keepalive mechanism in v2. Any
105
+ idle-connection survival is attributable to PING/PONG and nothing else.
106
+ - id: packet-log
107
+ type: log
108
+ label: mwdump capture of a real billing-worker-3 to ledger-core-1 session
109
+ content: |
110
+ mwdump capture — client billing-worker-3 -> server ledger-core-1, 2025-09-03
111
+ 14:02 UTC. One connection, both directions. len = payload bytes (the 12-byte
112
+ fixed header is excluded from len).
113
+
114
+ # time dir frame stream flags len detail
115
+ 1 14:02:00.002 C->S HELLO (0x01) 0 0x00 4 ver=0x02 ciphers=[0x01,0x02]
116
+ 2 14:02:00.004 S->C CHALLENGE (0x02) 0 0x00 16 nonce=9f3ac2...d417 (16 bytes)
117
+ 3 14:02:00.007 C->S AUTH (0x03) 0 0x00 49 id="billing-worker-3" (1+16 bytes) + hmac-sha256 tag (32 bytes)
118
+ 4 14:02:00.010 S->C READY (0x04) 0 0x00 4 session=0x5A21F0C3
119
+ 5 14:02:00.100 C->S CALL (0x10) 1 0x01 310 method=Ledger.Post
120
+ 6 14:02:00.118 S->C REPLY (0x11) 1 0x01 642
121
+ 7 14:02:00.900 C->S CALL (0x10) 2 0x03 1188 method=Ledger.BulkPost (COMPRESSED)
122
+ 8 14:02:01.404 S->C REPLY (0x11) 2 0x01 57
123
+ 9 14:02:02.210 C->S CALL (0x10) 3 0x01 284 method=Ledger.Qery
124
+ 10 14:02:02.219 S->C ERR (0x12) 3 0x01 28 code=E_METHOD_NOT_FOUND "no such method Ledger.Qery"
125
+ 11 14:02:10.012 C->S PING (0x20) 0 0x00 0
126
+ 12 14:02:10.015 S->C PONG (0x21) 0 0x00 0
127
+ 13 14:02:20.011 C->S PING (0x20) 0 0x00 0
128
+ 14 14:02:20.014 S->C PONG (0x21) 0 0x00 0
129
+ 15 14:02:28.500 C->S CALL (0x10) 4 0x01 203 method=Ledger.Query
130
+ 16 14:02:28.512 S->C REPLY (0x11) 4 0x01 388
131
+ 17 14:02:30.000 S->C GOAWAY (0x30) 0 0x00 1 reason=0x01 (draining: ledger-core-1 deploy)
132
+
133
+ capture ends 14:02:30.000 — client drains and reconnects to ledger-core-2
134
+ (not captured). payload bytes observed: 3,174.
135
+ - id: client-code
136
+ type: code
137
+ label: Meshwire v2 client library excerpt (meshwire/conn.ts)
138
+ content: |
139
+ // meshwire/conn.ts — Meshwire v2 client library (excerpt, Tessel Systems)
140
+
141
+ const HEADER_BYTES = 12; // magic(2) version(1) type(1) flags(1) stream(3) length(4)
142
+ const KEEPALIVE_INTERVAL_MS = 10_000; // fixed; tick skipped if a frame was sent <2s ago
143
+ const CALL_DEADLINE_MS = 5_000;
144
+
145
+ function writeFrame(sock: Socket, type: number, flags: number, streamId: number, payload: Buffer) {
146
+ const h = Buffer.alloc(HEADER_BYTES);
147
+ h.write('MW', 0); // magic
148
+ h.writeUInt8(0x02, 2); // version
149
+ h.writeUInt8(type, 3);
150
+ h.writeUInt8(flags, 4);
151
+ h.writeUIntBE(streamId, 5, 3); // 3-byte stream id
152
+ h.writeUInt32BE(payload.length, 8); // payload length only; header excluded
153
+ sock.write(Buffer.concat([h, payload]));
154
+ }
155
+
156
+ async function handshake(this: Conn) {
157
+ writeFrame(this.sock, T.HELLO, 0, 0, encodeHello(0x02, [CIPHER_AES_GCM, CIPHER_CHACHA]));
158
+ const challenge = await this.expect(T.CHALLENGE); // 16-byte nonce
159
+ const tag = hmacSha256(this.serviceKey, challenge.payload); // 32-byte tag
160
+ writeFrame(this.sock, T.AUTH, 0, 0, encodeAuth(this.identity, tag)); // 1 + id + 32
161
+ const ready = await this.expect(T.READY);
162
+ this.sessionId = ready.payload.readUInt32BE(0); // READY payload is the 4-byte
163
+ // session id and nothing else
164
+ this.state = 'OPEN';
165
+ this.startKeepalive();
166
+ }
167
+
168
+ // Keepalive: a fixed 10s interval timer started at OPEN. A tick is skipped
169
+ // when any frame went out during the previous 2s. PING has an empty payload
170
+ // by spec; there is nothing to piggyback on it.
171
+ private startKeepalive(this: Conn) {
172
+ this.kaTimer = setInterval(() => {
173
+ if (Date.now() - this.lastFrameSentAt < 2_000) return;
174
+ writeFrame(this.sock, T.PING, 0, 0, EMPTY);
175
+ }, KEEPALIVE_INTERVAL_MS);
176
+ }
177
+
178
+ private onGoaway(this: Conn, reason: number) {
179
+ // finish in-flight streams, refuse new ones, then reconnect from HELLO
180
+ this.state = 'DRAINING';
181
+ }
182
+
183
+ // NOTE for reviewers: v2 has no credit-based flow control and no credit
184
+ // field in the header — backpressure is TCP only. The old flow-control
185
+ // design doc was never specified into the protocol; do not implement
186
+ // senders that wait for credit.
187
+ - id: migration-note
188
+ type: note
189
+ label: Meshwire v1 to v2 migration note (what shipped and what was cut)
190
+ content: |
191
+ Meshwire v1 -> v2 migration note (Tessel Systems platform team, final).
192
+
193
+ What changed on the wire:
194
+ - Header: v1 used an 8-byte header (magic 2, type 1, flags 1, stream 2,
195
+ length 2). v2 adds a version byte and widens stream_id to 3 bytes and
196
+ length to 4 bytes, giving the fixed 12-byte, six-field header in the v2
197
+ spec. Nothing else was added to the header.
198
+ - Auth: v1 carried a cleartext bearer token inside HELLO. v2 removed every
199
+ credential from HELLO and introduced the CHALLENGE/AUTH phases
200
+ (HMAC-SHA256 over the server nonce). A v1 client that stuffs a token into
201
+ HELLO will be rejected by ledger-core.
202
+ - Keepalive: v1 had no keepalive; idle connections were reaped by the load
203
+ balancer. v2 added PING/PONG (empty payloads).
204
+
205
+ Cut before the v2 freeze — these appeared in early design docs but were
206
+ dropped and are NOT in the spec, NOT implemented, and never appear on the
207
+ wire:
208
+ - "Pre-warmed" connection pools with batched handshakes (a proposal to
209
+ amortize handshakes across connections). Dropped; every v2 connection
210
+ performs the full four-phase handshake individually.
211
+ - Credit-based flow control (a draft sketched a credit grant inside READY).
212
+ Dropped; READY carries only the 4-byte session id, and no header field for
213
+ credit exists.
214
+ - Telemetry-bearing keepalives (a proposal to piggyback entropy samples and
215
+ clock data on PING). Dropped; PING is defined as an empty frame.
216
+ If you find references to any of these in old design docs or hallway
217
+ summaries, they describe proposals, not the shipped protocol. The v2 spec's
218
+ tables are the complete surface.
219
+ - id: frame-usage-table
220
+ type: table
221
+ label: Fleet-wide Meshwire v2 frame counters, trailing 24 hours
222
+ content: |
223
+ Meshwire v2 frame counters, entire Tessel fleet, trailing 24 h ending
224
+ 2025-09-03 12:00 UTC. The collector increments a counter keyed by the type
225
+ byte of EVERY frame observed; any type byte outside the spec table would be
226
+ recorded as UNKNOWN(0xNN). This table lists every counter with a nonzero
227
+ value; no UNKNOWN counters were recorded in the window.
228
+
229
+ type name frames observed
230
+ 0x01 HELLO 41,203
231
+ 0x02 CHALLENGE 41,203
232
+ 0x03 AUTH 41,203
233
+ 0x04 READY 41,180
234
+ 0x10 CALL 182,554,901
235
+ 0x11 REPLY 182,381,222
236
+ 0x12 ERR 173,679
237
+ 0x20 PING 9,441,760
238
+ 0x21 PONG 9,441,712
239
+ 0x30 GOAWAY 38,912
240
+
241
+ Consistency notes: READY is 23 below HELLO/CHALLENGE/AUTH because 23
242
+ handshakes failed AUTH (bad tag) and were closed before READY. REPLY + ERR =
243
+ CALL (182,381,222 + 173,679 = 182,554,901): every CALL terminated in exactly
244
+ one of the two. PONG trails PING by 48 connections that died mid-probe.
245
+ - id: review-ticket
246
+ type: note
247
+ label: PR-311 protocol review request (unverified premises from the requester)
248
+ content: |
249
+ PR-311 — Meshwire v2 protocol review before billing-worker onboarding
250
+ Filed 2025-09-02 by k.aldana (billing platform). Reviewer: you.
251
+
252
+ Background: billing-worker is the first new service to speak Meshwire v2 to
253
+ ledger-core since the v1 fleet was retired. Before we certify the client, I
254
+ want a review that settles what the protocol actually does. I attached a
255
+ fresh mwdump capture of a real billing-worker-3 session, the client library
256
+ excerpt, the v1->v2 migration note, and 24 h of fleet frame counters.
257
+
258
+ Where my questions come from: I inherited a stack of design docs from an
259
+ architect who left last year (a.morvan), plus notes from his brown-bag talk.
260
+ Those materials describe a "zero-copy frame pre-warming stage" that primes
261
+ buffers during the handshake, a "SYN-batching credit header" that grants send
262
+ credit at session start, and an "entropy-beacon keepalive" added in v2 to
263
+ feed downstream RNGs. I cannot find any of them in the capture, but Morvan's
264
+ docs were usually right about v1, so I assume I am looking in the wrong
265
+ place — please locate each one in the spec and capture for me.
266
+
267
+ Also please settle the basics while you are in there: where auth actually
268
+ lives, what the per-frame header costs us on the wire for a session like the
269
+ captured one, and what kept the captured connection alive through the quiet
270
+ stretch in the middle — our previous LB used to kill idle conns in under 15
271
+ seconds.
272
+ tags: [fabricated-concepts, rpc-protocol, wire-format, handshake, packet-capture]