Skip to content

Agent task: 001-leak-gate#5

Merged
secup merged 1 commit intomainfrom
agent/20260430_151032-001-leak-gate
Apr 30, 2026
Merged

Agent task: 001-leak-gate#5
secup merged 1 commit intomainfrom
agent/20260430_151032-001-leak-gate

Conversation

@secup
Copy link
Copy Markdown
Owner

@secup secup commented Apr 30, 2026

Automated agent task.

Task: agents/queue/codex/001-leak-gate.md
Branch: agent/20260430_151032-001-leak-gate
Base: main

Required Review

  • Verify the task scope was respected.
  • Verify local gates and hardware/benchmark evidence in agents/reports/20260430_151032-001-leak-gate.
  • Reject if throughput, retransmissions, LDPC decode health, or security posture regressed without explanation.

Agent Report

See local report directory: agents/reports/20260430_151032-001-leak-gate

@secup secup marked this pull request as ready for review April 30, 2026 19:50
@secup secup merged commit c3564c5 into main Apr 30, 2026
9 checks passed
@secup secup deleted the agent/20260430_151032-001-leak-gate branch May 2, 2026 00:24
secup added a commit that referenced this pull request May 3, 2026
@secup @claude @codex
Quality: 8 Codex review fixes — safety, tests, docs
3a6943a 
Tonight's autonomous code-quality pass on the new TNC + HARQ work,
informed by Codex review (full notes /tmp/codex_quality_findings.md,
22 ranked findings). Tackled the safe ones with high impact:

Safety / correctness (#3, #7-#8, #14):
- ultra_tnc: skip config loading on --help / --list-audio-devices
  so a malformed config doesn't break operator recovery
- tnc_session: cmdStats() now null-guards cmd_emit_, matching the
  rest of the emit path (was the one place that could throw
  std::bad_function_call on a null callback)
- tnc_bridge: postPTT() callbacks no longer fire under ptt_mutex_.
  Computes the PTT transition under the lock, releases, then
  invokes sink + hardware callback. Closes a deadlock window when
  a slow hardware-PTT serial write blocks under the mutex.
- (#7 PTT setLine() return-check deferred — needs decision on
  whether to fail-startup or fall-back-to-VOX. Punted to follow-up.)

Tests (#12, #19-#20):
- 1 new test_tnc_session: corrupt-deflate RX silently dropped
  (regression guard for the marker-strip path)
- 6 new test_soft_combine cases:
  * setEnabled(false) clears retained entries
  * Zero sender_hash is a no-op (don't pollute future sessions)
  * setMaxEntries(0) disables retention
  * Empty-LLR retain is a no-op
  * Saturation: pin to exact implementation cap (60.0) on both
    + and - sides instead of just "<= 100"

Docs / comments (#18, #22):
- soft_combine.hpp: comment on carrier_count_hash now matches
  what the hash actually contains (was claiming pilot-spacing
  coverage we don't actually do)
- PAT_VARA_AUDIT.md: trailing-whitespace cleanup

Local ctest 34/34. Test counts: SoftCombine 10→16, TNCSession
98→100, TNCBridge 17→23. Net +14 tests.

Deferred (need broader judgment, not autonomous-safe):
- #2 extract config helpers to testable target (refactor)
- #5 explicit negative CLI flags (interface design)
- #9 sink ownership lifetime race (concurrency design)
- #11 BUFFER 0 immediacy vs rate-limit (protocol judgment)
- #13 flushDataTxBuffer extraction for testability
- #15 sendBinary error propagation (interface change)
- #16 HARQ key construction extraction
- #17 HARQ when CW0 fails (architectural)
- #21 UltraTNCStation threading model

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Codex (review) <noreply@openai.com>
secup added a commit that referenced this pull request May 3, 2026
@secup @claude
tnc: explicit negative CLI flags + BUFFER 0 immediate emission
186d644 
Codex review #5: Booleans set in the config file could not be turned
back off from the CLI. Added --no-inject-channel and --ptt-active-high
(also accept --no-ptt-inactive-high). Updated --help text.

Codex review #11: Bridge comment claimed BUFFER 0 transitions were
immediate but onModemBufferLevel() rate-limited zero-going changes
the same as N→M changes. Pat's Flush() blocks on BUFFER 0, so a 1 s
delay there directly stalled the application. Now BUFFER 0 bypasses
the rate limit while non-zero updates stay throttled. Bridge comment
updated to match. Added a test asserting the immediate-zero contract.

Closes Codex review items #5 and #11. ctest 34/34, cli_simulator
SNR15/good/R1/4 PASS at 100% frame success.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
secup added a commit that referenced this pull request May 3, 2026
@secup @claude
docs: log second-batch Codex closures
e0496eb 
The first batch closed 8 of 22; the second batch closed 7 more
(#2, #4, #5, #7, #11, #13, #16). 18 of 22 total now closed; the
remaining 4 (#9, #15, #17, #21) are Codex-flagged as needing
human architectural judgment.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
secup added a commit that referenced this pull request May 3, 2026
@secup @claude
docs: 21 of 22 Codex findings closed; only #21 (threading) remains
768bfbc 
Updated QUALITY_PASS doc to reflect the final state of tonight's
two-batch quality work. Eleven findings were closed in the second
batch (#2, #4, #5, #7, #9, #10, #11, #13, #15, #16, #17).
Combined with the first batch's ten, that's 21/22 closed. Only the
UltraTNCStation threading-model rework is deferred, and Codex
itself flagged that as requiring human concurrency design.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
secup added a commit that referenced this pull request May 6, 2026
@secup @codex
docs: backlog #5 — incorporate Codex expert review (2026-05-06)
bf1a1f4 
Two corrections from the morning expert review:

1. Architecture: "frame-local mask, no signaling" proposed in
   the night-session report is rejected. Codex's better approach
   is a robust per-frame PHY header carrying a mask / codebook
   ID; zero RTT, no reciprocity assumption, no MODE_CHANGE
   involvement. Reciprocity-based silent schemes are a
   measurement experiment, not a production path.
2. Hard engineering gate: a carrier mask is not harmless
   puncturing. Faded carriers can map into clustered LDPC
   variable nodes, causing stopping-set failures even when
   TX/RX agree perfectly on the mask. Phase-2 must either
   include a carrier-to-codeword interleaver or restrict masks
   to a vetted codebook with proven erasure tolerance.

Backlog #5 now lists the required scope, header-protection risk
+ mitigation, and an explicit out-of-scope list (Levin-Campello
mixed-mod is a separate, larger feature).

Co-Authored-By: Codex (gpt-5.5 xhigh) <noreply@openai.com>
secup added a commit that referenced this pull request May 6, 2026
@secup @codex
docs: phase-2 carrier-mask design (Codex 2026-05-06)
0da8dbf 
Concrete implementable design for backlog #5 phase-2 from the
morning expert-review pass. Replaces the rejected "frame-local,
no signaling" proposal with a per-frame in-band PHY mask header
and a mathematically vetted carrier-to-codeword interleaver.

Highlights:

* Wire format: optional 20-byte PHY mask header on the existing
  hardened R1/4 1-CW control profile, only emitted when
  mask != all-on. AWGN remains bit-identical.
* Interleaver: a = (307 * i) mod (648 * Ncw). 307 is coprime to
  every supported codeword count, and the resulting strides
  spread contiguous carrier erasures across diverse LDPC base
  columns and rows in the 802.11n QC-LDPC structure -- avoids
  the stopping-set hazard that bites naive masking.
* TX selection: median - 8/14 dB thresholds, two-frame add,
  three-frame remove, two-payload-frame cooldown. Reverse-pilot
  driven but correctness comes from the transmitted header
  (no reciprocity assumption).
* RX flow: header decode failure ALWAYS falls back to all-on,
  never to last-known mask. This is the architectural line that
  prevents the closed-loop stale-mask trap from last night.
* Phasing: 5 sub-phases each independently testable.

Acceptance criteria are explicit (AWGN within 1%, Good 5/5,
synthetic-notch 10/10, interleaver unit gate).

Co-Authored-By: Codex (gpt-5.5 xhigh) <noreply@openai.com>
secup added a commit that referenced this pull request May 6, 2026
@secup @claude
CLAUDE.md: world-renowned HF modem expert perspective rule
ee9e907 
Adds two rules to "Important Rules":

1. Adopt the perspective of a world-renowned HF modem expert.
   All technical answers, design decisions, code reviews, and
   Codex briefs must be written from the standpoint of a
   senior PhD-level researcher with deep specialization in HF
   channel coding, OFDM, ARQ, and channel estimation under
   fading. Heuristics and "tweak the threshold" patches are not
   acceptable as final designs -- every change must be
   justified by the underlying signal-processing or
   information-theory model. Quick prototypes are fine for
   exploration, but they must be labeled as such and validated
   against the principled formulation before merge.

2. Codex must be invoked under the same expert perspective.
   Every brief sent to Codex must include a one-sentence opener
   instructing Codex to operate as a world-renowned HF modem
   expert and to reject heuristic patches that don't have a
   principled signal-processing justification.

This rule earned its keep on 2026-05-05 night (per-carrier work)
and the 2026-05-06 morning Codex review pass. Three rounds of
heuristic LLR-rescaling and closed-loop carrier-mask attempts
all failed, but the principled redesign Codex produced under
this framing is now landing as backlog #5 phase-2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@secup