docs: update failure-path coverage status

2026-04-09 03:02:40 +00:00
parent 6f164db7f8
commit 8c9307f061
4 changed files with 19 additions and 6 deletions
--- a/TASKLIST.md
+++ b/TASKLIST.md
@@ -1114,6 +1114,9 @@
 **进展补充（2026-04-09）**
 - 基于本轮锁定的 v1 边界，`AF-04` 暂保持未覆盖并标记为“语义待确认”，因为当前实现仍把错误 secret 统一归入 `invalid_signature`
 - `RP-04`（key rotation）继续保留为 v2+ 议题，与本轮在 `PLAN.md` / `FEAT.md` 固化的 v1 边界保持一致
+- 已补充 `CF-05`：`hello` 缺失 payload 时返回 `MALFORMED_MESSAGE` 且保持连接可继续诊断
+- 已补充 `SR-04`：Client 首次运行/无凭证状态会自动补 keypair，并在 `hello_ack(pair_required)` 后进入完整配对流，不需要手工预置 state
+- 已同步将 `CF-07`（保留字 rule 注册拒绝）在失败路径矩阵里标记为已覆盖，和现有 Client/Server rule registry 测试保持一致

 **目标**
 - 系统性覆盖 pairing/auth 失败路径
@@ -1176,6 +1179,16 @@
 - 已新增 `Yonexus.Client/tests/runtime-flow.test.ts` 恢复场景：
  - SR-03：客户端带既有 secret + keypair 重启后直接进入 auth flow，不重新配对
 - 已同步更新 `tests/failure-path/MATRIX.md`，标记 RP-02、CF-03、CF-04、SR-03 为已覆盖
+- 已新增 `Yonexus.Server/tests/runtime-flow.test.ts`：
+  - CF-05：`hello` 缺失 payload 时返回 `error(MALFORMED_MESSAGE)` 且不主动断开连接
+- 已新增 `Yonexus.Client/tests/runtime-flow.test.ts`：
+  - SR-04：客户端在无 secret/首次运行状态下启动后可自动进入 `pair_required`，无需手工 bootstrap 本地 state
+- 已同步更新 `tests/failure-path/MATRIX.md`，标记 CF-05、CF-07、SR-04 为已覆盖
+
+**当前剩余未覆盖重点**
+- AF-04：当前实现未单独暴露 `invalid_secret` 分支，需先决定是否保留该错误码语义
+- RP-03 / RP-04：管理员主动撤销与 key rotation 语义仍未实现
+- PF-08 / PF-10、CF-01 / CF-02、SR-02 等剩余连接/恢复边界场景测试

 **待完成**
 - AF-04：当前实现未单独暴露 `invalid_secret` 分支，需先决定是否保留该错误码语义
--- a/Yonexus.Client
+++ b/Yonexus.Client
--- a/Yonexus.Server
+++ b/Yonexus.Server
--- a/tests/failure-path/MATRIX.md
+++ b/tests/failure-path/MATRIX.md
@@ -65,9 +65,9 @@ This document defines the systematic test coverage for pairing and authenticatio
 | CF-02 | Server unreachable | Initial connect fails | Exponential backoff retry | ⬜ |
 | CF-03 | Duplicate connection | Same ID connects twice | Old connection closed, new accepted | ✅ |
 | CF-04 | Protocol version mismatch | Unsupported version | Connection rejected with error | ✅ |
-| CF-05 | Malformed hello | Invalid JSON | Error response, connection maintained | ⬜ |
+| CF-05 | Malformed hello | Invalid payload / missing required hello fields | Error response, connection maintained | ✅ |
 | CF-06 | Unauthenticated rule message | Client sends before auth | Connection closed | ✅ |
-| CF-07 | Reserved rule registration | Plugin tries `registerRule("builtin")` | Registration rejected | ⬜ |
+| CF-07 | Reserved rule registration | Plugin tries `registerRule("builtin")` | Registration rejected | ✅ |

 ---

@@ -89,7 +89,7 @@ This document defines the systematic test coverage for pairing and authenticatio
 | SR-01 | Server restart with pending pairing | Pairing in progress | Preserve pairing state, code valid | ✅ |
 | SR-02 | Server restart with active sessions | Online clients | All marked offline, reconnect required | ⬜ |
 | SR-03 | Client restart with credentials | Has secret + keys | Resume with auth, no re-pairing | ✅ |
-| SR-04 | Client restart without credentials | First run | Full pairing flow required | ⬜ |
+| SR-04 | Client restart without credentials | First run | Full pairing flow required | ✅ |
 | SR-05 | Corrupted server store | File unreadable | Surface corruption error clearly for operator handling | ✅ |
 | SR-06 | Corrupted client state | File unreadable | Surface corruption error clearly for operator handling | ✅ |

@@ -134,7 +134,7 @@ npm test -- failure-paths

 - AF-04 (`invalid_secret`) 仍未单独覆盖：现有实现把“错误 secret 导致的验签失败”统一落到 `invalid_signature`，是否拆分错误码仍待确认。
 - RP-04（key rotation）当前仍视为 v2+ 议题；v1 尚未承诺“无重配对换 key”语义，因此暂不强行补测试。
- 本轮已补齐 AF-01/02/03/05/06/09/10/11、RP-01/02、CF-03/04、HF-01/02、PF-09、SR-01/03/05/06。
+- 本轮已补齐 AF-01/02/03/05/06/09/10/11、RP-01/02、CF-03/04/05/07、HF-01/02、PF-09、SR-01/03/04/05/06。

 ### Adding New Test Cases