diff --git a/TASKLIST.md b/TASKLIST.md index 6063424..28cded5 100644 --- a/TASKLIST.md +++ b/TASKLIST.md @@ -1093,7 +1093,7 @@ ### YNX-1105 编写失败路径测试矩阵 **状态** -- [x] 持续补齐中,关键路径已覆盖并新增恢复场景(2026-04-09) +- [x] 持续补齐中,关键路径已覆盖并继续收尾连接/恢复场景(2026-04-09) **目标** - 系统性覆盖 pairing/auth 失败路径 @@ -1150,11 +1150,17 @@ - 已扩展 `Yonexus.Client/tests/state-and-rules.test.ts` - SR-06:损坏的 client state 会抛出 `YonexusClientStateCorruptionError` - 已同步更新 `tests/failure-path/MATRIX.md`,标记 PF-09、SR-01、SR-05、SR-06 为已覆盖 +- 已新增 `Yonexus.Server/tests/connection-heartbeat-failures.test.ts` 补齐: + - CF-03:重复认证连接晋升时关闭旧连接并保留新连接 + - CF-04:协议版本不匹配时返回 `UNSUPPORTED_PROTOCOL_VERSION` 并主动断开 +- 已新增 `Yonexus.Client/tests/runtime-flow.test.ts` 恢复场景: + - SR-03:客户端带既有 secret + keypair 重启后直接进入 auth flow,不重新配对 +- 已同步更新 `tests/failure-path/MATRIX.md`,标记 RP-02、CF-03、CF-04、SR-03 为已覆盖 **待完成** - AF-04:当前实现未单独暴露 `invalid_secret` 分支,需先决定是否保留该错误码语义 -- RP 其余触发场景 -- CF / HF / SR 其余边界场景测试(例如 duplicate connection、version mismatch、server/client restart with active session 等) +- RP-03 / RP-04:管理员主动撤销与 key rotation 语义仍未实现 +- PF-08 / PF-10、CF-01 / CF-02 / CF-07、SR-02 / SR-04 等剩余边界场景测试 --- diff --git a/Yonexus.Client b/Yonexus.Client index 93e0987..5fbbdd1 160000 --- a/Yonexus.Client +++ b/Yonexus.Client @@ -1 +1 @@ -Subproject commit 93e09875ecad2a1b9fae9b11ca4fd569710f81af +Subproject commit 5fbbdd199c70ec0f96f700d9218e2e957514b823 diff --git a/Yonexus.Server b/Yonexus.Server index 5bda184..9bd62e5 160000 --- a/Yonexus.Server +++ b/Yonexus.Server @@ -1 +1 @@ -Subproject commit 5bda184a8fc50fb5db3c07cc77d6106205315e20 +Subproject commit 9bd62e5ee98e9248340a4423ab0a6b319b5bd6a7 diff --git a/tests/failure-path/MATRIX.md b/tests/failure-path/MATRIX.md index 50ec7d9..105170f 100644 --- a/tests/failure-path/MATRIX.md +++ b/tests/failure-path/MATRIX.md @@ -51,7 +51,7 @@ This document defines the systematic test coverage for pairing and authenticatio | ID | Scenario | Cause | Server Action | Client Action | Status | |----|----------|-------|---------------|---------------|--------| | RP-01 | Nonce collision | Replay attack detected | Clear secret, reset state | Enter `pair_required` | ✅ | -| RP-02 | Rate limit exceeded | Brute force detected | Clear secret, reset state | Enter `pair_required` | ⬜ | +| RP-02 | Rate limit exceeded | Brute force detected | Clear secret, reset state | Enter `pair_required` | ✅ | | RP-03 | Admin-initiated | Manual revocation | Mark revoked, notify | Enter `pair_required` | ⬜ | | RP-04 | Key rotation | Client sends new public key | Update key, keep secret | Continue with new key | ⬜ | @@ -63,8 +63,8 @@ This document defines the systematic test coverage for pairing and authenticatio |----|----------|---------|-------------------|--------| | CF-01 | Network partition | Connection drops mid-auth | Client retries with backoff | ⬜ | | CF-02 | Server unreachable | Initial connect fails | Exponential backoff retry | ⬜ | -| CF-03 | Duplicate connection | Same ID connects twice | Old connection closed, new accepted | ⬜ | -| CF-04 | Protocol version mismatch | Unsupported version | Connection rejected with error | ⬜ | +| CF-03 | Duplicate connection | Same ID connects twice | Old connection closed, new accepted | ✅ | +| CF-04 | Protocol version mismatch | Unsupported version | Connection rejected with error | ✅ | | CF-05 | Malformed hello | Invalid JSON | Error response, connection maintained | ⬜ | | CF-06 | Unauthenticated rule message | Client sends before auth | Connection closed | ✅ | | CF-07 | Reserved rule registration | Plugin tries `registerRule("builtin")` | Registration rejected | ⬜ | @@ -88,7 +88,7 @@ This document defines the systematic test coverage for pairing and authenticatio |----|----------|-----------|-------------------|--------| | SR-01 | Server restart with pending pairing | Pairing in progress | Preserve pairing state, code valid | ✅ | | SR-02 | Server restart with active sessions | Online clients | All marked offline, reconnect required | ⬜ | -| SR-03 | Client restart with credentials | Has secret + keys | Resume with auth, no re-pairing | ⬜ | +| SR-03 | Client restart with credentials | Has secret + keys | Resume with auth, no re-pairing | ✅ | | SR-04 | Client restart without credentials | First run | Full pairing flow required | ⬜ | | SR-05 | Corrupted server store | File unreadable | Surface corruption error clearly for operator handling | ✅ | | SR-06 | Corrupted client state | File unreadable | Surface corruption error clearly for operator handling | ✅ | @@ -133,7 +133,7 @@ npm test -- failure-paths ### Current Notes - AF-04 (`invalid_secret`) 仍未单独覆盖:现有实现把“错误 secret 导致的验签失败”统一落到 `invalid_signature`,是否拆分错误码仍待确认。 -- 本轮已补齐 AF-01/02/03/05/06/09/10/11、RP-01、HF-01/02、PF-09、SR-01、SR-05、SR-06。 +- 本轮已补齐 AF-01/02/03/05/06/09/10/11、RP-01/02、CF-03/04、HF-01/02、PF-09、SR-01/03/05/06。 ### Adding New Test Cases