Audit pass over the public-facing surface so a customer can read it
end-to-end without tripping on stale numbers or self-contradictions.
README + docs accuracy:
- Test counts 426 → 445, assertions 2 557 → 2 753 (verified via
doctest run); E5 row was missing test_e5_kat (19 cases)
- Interop checks 24 → 31, COMPLIANCE.md message count 149 → 164,
COMPLIANCE.md "291 cases / 1515 assertions" → 445 / 2 753
- README "60+ test IDs" for MES_INTEROP → actual 59
- PVD example counts: 32 SVIDs/17 CEIDs → 29/21, "~40 handlers
in ~200 lines" → 51 in ~460, "~700 lines" → ~1,100; main.cpp
header table-of-contents resynced with the actual 7 sections
Out-of-scope honesty (COMPLIANCE.md §8 + FAQ.md):
- Removed HSMS-GS (was both ✅ implemented in §1 and "out of scope"
in §8; INTEGRATION.md §7 documents using it)
- Removed multi-block SECS-I (split_message/assemble_message exist
with 4 dedicated tests)
- Added serial-port wiring as the genuine open ⬜ item — FSM is
tested end-to-end over TCP; only the asio serial_port glue is
deferred
- COMPLIANCE.md intro now lists E42 and notes "E37 (SS + GS)"
README restructure:
- Moved the 8-command proof table and per-standard test-coverage
table to a new PROOFS.md (72 lines)
- README now leads with what / Quick start / Documentation map,
then a one-paragraph "How it's proved" linking to PROOFS.md
- Updated cross-refs in FAQ.md, GLOSSARY.md, VERIFICATION.md, and
interop/README.md to point at PROOFS.md
CI fix — tshark-dissector job:
- interop/tshark_validate.sh hardcoded /app/build/secs_server etc.
which only works inside the docker image. Now derives ROOT from
the script's own location and accepts BUILD/SERVER/CLIENT/DATA
env overrides, so CI can run it from the workspace dir
- Verified still passes in docker (69 frames, 0 malformed)
.gitignore:
- Added build-fuzz/ and build-tsan/ (were showing as untracked)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Wireshark's built-in HSMS dissector — written by network-protocol
authors who don't know us, didn't talk to us, and don't share
implementation details with secsgem-py — is a third independent codec
for our framing. If they parse our pcap without warnings, our HSMS
framing is wire-correct independently of both our internal tests and
the secsgem-py interop path.
interop/tshark_validate.sh:
- Boots secs_server on 127.0.0.1:5099 (away from the demo port)
- Captures the loopback wire traffic with tcpdump
- Runs secs_client through ~24 transactions plus Separate.req +
TCP FIN
- Parses the pcap with tshark -V using the HSMS dissector
- Asserts: no "Malformed Packet", no "Dissector bug", at least one
HSMS frame, expected tokens present (Select.req/rsp, Separate.req,
Data message), reports histogram (count by control type + distinct
S/F pairs)
Result against the demo: 69 HSMS frames dissected, 49 distinct
S/F pairs (S01F01..S16F28), all clean.
Dockerfile gains tshark + tcpdump. .gitea/workflows/ci.yml gains a
`tshark-dissector` job that runs this validator as part of every
push to main. README proof table grows to 6 commands.
VERIFICATION.md §1a documents a follow-up: round-trip the KAT
fixtures through secsgem-py to corroborate that the format codes
we used match an independent implementation. Strengthens the KAT
proof from "internally consistent" to "confirmed by a second
implementer who read the spec without talking to us."
Plan: VERIFICATION.md §2.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>