mirror of
https://github.com/ruvnet/RuView
synced 2026-06-09 10:13:17 +00:00
249d6c327f8203850f72e1ca94c4729017ef6472
53 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 rUv
|
249d6c327f |
ADR-115: Home Assistant + Matter integration (#778)
Closes ADR-115's MQTT track (HA-DISCO + HA-MIND + HA-FABRIC scaffolding). Headline: - 21 entity kinds per node (11 raw + 10 semantic primitives) - MQTT auto-discovery with HA conventions - Matter Bridge scaffolding (SDK wiring deferred to v0.7.1 per ADR §9.10) - Privacy mode strips biometrics at the wire, semantic primitives keep working - 420+ lib tests, mosquitto-backed integration tests, property-based fuzzing - 8 starter HA Blueprints + 3 Lovelace dashboards shipped Tracking issue: #776 |
||
|
rUv
|
00a234eda8 |
ADR-110: ESP32-C6 firmware extension (#764)
Closes the firmware-side ADR-110 design at v0.7.0-esp32 after a 38-iter /loop SOTA sprint. Headline (bench, COM9+COM12 ESP32-C6): - 99.56% cross-board RX, 104.1 µs smoothed offset stdev (≤100 µs §2.4 target met) - 3.95× EMA suppression, 1.4 ppm crystal skew preserved 4 firmware releases: v0.6.7 / v0.6.8 / v0.6.9 / v0.7.0-esp32. 42 ADR-110 unit tests, 1761 v2 workspace tests, full Firmware CI + QEMU green. |
||
|
rUv
|
b3a5012dbd |
feat(cog-person-count): v0.0.2 — K-fold + label-smoothing + temperature-calibrated (#699)
* chore: stage v0.0.2 artifacts + temperature scalar for build pipeline
Stages count_v1.{safetensors,onnx,temperature,train_results.json}
ahead of the build/sign/upload step. This commit is a momentary
side-effect — the next commit will refresh the per-arch manifests
with the new binary SHAs once ruvultra finishes the cross-build.
The .temperature file holds the calibration scalar from LBFGS over the
held-out conf logits. The Rust cog will read it post-load and divide
conf_logits by it before sigmoid, exactly matching the Python eval.
* feat(cog-person-count): v0.0.2 — K-fold validated, label smoothing + early stop + temp scale
The v0.0.1 "65.1% but class-1=0%" result was an unlucky temporal split
that let a degenerate "always predict 0" classifier hit eval acc =
class-0 fraction. 5-fold stratified random CV proved the architecture
actually learns ~57.1% class-1 accuracy under fair splits — a real,
modestly useful signal.
v0.0.2 ships a retrained model that:
* **Splits randomly (seed=42) 80/20** instead of temporally — eliminates
the trailing-window-class-imbalance cheat.
* **Class-balanced sampler** (multinomial with replacement, weighted by
inverse class frequency) — per-batch expected counts are equal
regardless of dataset distribution.
* **Label smoothing 0.1** on the cross-entropy — reduces confidence
saturation that drove v0.0.1's all-or-nothing predictions.
* **Early stopping** with patience=20 — stops at epoch 29 instead of
overfitting through 400.
* **Temperature scaling** of the conf head — LBFGS fits a scalar T on
held-out conf logits; ships as a count_v1.temperature sidecar so the
Rust cog can divide conf_logits by T before sigmoid.
Numbers on the same data:
| Metric | v0.0.1 | v0.0.2 | K-fold (5x100) |
|------------------|--------|--------|----------------|
| Overall acc | 65.1% | 62.3% | 62.2% ± 1.9% |
| Class 0 acc | 100% | 86.2% | 67.4% |
| Class 1 acc | 0% | 34.3% | 57.1% ✓ |
| MAE | 0.349 | 0.377 | 0.378 |
| Spearman | 0.023 | 0.013 | 0.160 |
Class-1 accuracy 0 → 34.3% is the headline win. Net acc moves slightly
because we stopped cheating on class 0. K-fold's 57% says there's
headroom remaining; reaching it needs more independent splits (== more
data), not more training tricks.
Confidence calibration didn't move. Temperature scaling alone can't fix
a confidence head trained against a noisy argmax==truth indicator over
a 62%-accurate classifier — the head's training signal is the issue,
not its post-hoc transform. The honest fix is multi-room data (#645),
not another calibration knob.
Live on cognitum-v0 at /var/lib/cognitum/apps/person-count/ — health
reports candle-cpu backend, count = 1 (was 0 in v0.0.1) on synthetic
zero input.
Files changed:
* scripts/train-count.py — adds --k-fold (no sklearn dep, hand-rolled
stratified splits with deterministic shuffle) and --v2 paths.
* v2/.../cog/artifacts/count_v1.safetensors (392 KB, new sha
32996433…) + count_v1.onnx (16 KB) + count_v1.temperature (0.9262
scalar) + count_train_results.json (full epoch trace).
* v2/.../cog/artifacts/manifests/{arm,x86_64}/manifest.json bumped to
version 0.0.2 with the new weights_sha256 + caveats.
* docs/benchmarks/person-count-cog.md — appends a v0.0.2 section
with the K-fold diagnostic table and honest-read paragraph.
GCS:
gs://cognitum-apps/cogs/arm/cog-person-count-count_v1.safetensors
refreshed (binaries unchanged — load weights via mmap at runtime).
|
||
|
rUv
|
6b4994e105 |
feat(cog-person-count): train count_v1.safetensors — honest v0.0.1 (ADR-103) (#695)
Phase 2 of ADR-103: trained count head on the existing 1,077 paired samples (the same data that produced pose_v1 yesterday). Honest result: 65.1% eval accuracy / 100% within ±1 / MAE 0.349 on the held-out time-window. Per-class: 100% on "empty room" / 0% on "1 person". The model overfit by epoch 100 (train_acc → 1.0, eval_loss climbed 0.67 → 7.8) and the "best" checkpoint is the snapshot that happened to predict the eval window's class distribution (140/215 = 65.1%, matches eval_acc exactly). Confidence head Spearman = 0.023 ⇒ uncalibrated. Same data-bound failure mode as pose_v1 (#645), bounded by single-session training data; same fix path (multi-room). What v0.0.1 still validates end-to-end: * PyTorch → safetensors → Candle Rust loads cleanly on first try. `cog-person-count health` reports `backend: candle-cpu` and emits real per-frame predictions instead of the stub backend's hard-coded {1 person, 0 confidence}. Architecture parity between train-count.py and src/inference.rs::CountNet is bit-exact. * ONNX export bit-clean (16 KB, opset 18, dynamic batch axis). * Training wall time: 5.6 s for 400 epochs on RTX 5080. * Binary size unchanged (2.36 MB stripped), model loads via mmap at runtime. This commit ships: * scripts/align-ground-truth.js: extended to emit n_persons_mode + n_persons_max per window so the training pipeline has count labels. Backwards-compatible (additive fields). * scripts/train-count.py: new — mirrors CountNet architecture exactly, loads paired.jsonl, trains 400 epochs with CE+BCE+Brier loss, exports safetensors + ONNX + per-epoch JSON. * v2/.../cog/artifacts/{count_v1.safetensors,count_v1.onnx, count_train_results.json}: the trained artifacts. * v2/.../cog/README.md: Status table updated with the v0.0.1 numbers + an Honest Caveat section explaining the data-bound result. * docs/benchmarks/person-count-cog.md: new — full v0.0.1 benchmark log mirroring the format docs/benchmarks/pose-estimation-cog.md established. Includes comparison to ADR-103 v0.1.0 acceptance gates and per-class breakdown. Still pending: * `run` subcommand wiring (long-running polling loop, same as pose) * Cross-compile + sign + GCS upload (mirror of pose cog pipeline) * Live install on cognitum-v0 * v0.2.0: re-train on multi-room data, LoRA per-room adapters, Stoer-Wagner min-cut clip in fusion stage |
||
|
ruv
|
c58f49f21a |
fix(firmware): add vTaskDelay(1) yields in process_frame() at tier>=2 to fix WDT storm (#683)
At edge tier>=2 on N16R8 PSRAM boards, `process_frame()` runs `update_multi_person_vitals()` (4 persons × 256 history samples) plus `wasm_runtime_on_frame()` back-to-back before returning to `edge_task()`. The existing `vTaskDelay(1)` in `edge_task()` only fires *after* `process_frame()` returns — under sustained 30 pps CSI load on PSRAM boards this leaves IDLE1 on Core 1 starved long enough for the 5-second Task Watchdog Timer to fire. Fix: add two `vTaskDelay(1)` calls inside `process_frame()`, both gated on `s_cfg.tier >= 2`: 1. After `update_multi_person_vitals()` (Step 11) 2. After `wasm_runtime_on_frame()` dispatch (Step 14) Tier 0/1 paths are unaffected. Validated on COM7 (N16R8 board): `Edge DSP task started on core 1 (tier=2)`, no WDT panics in 20 s. Also bump firmware version 0.6.5 → 0.6.6 and refresh all 6 release_bins with the new build (8MB + 4MB variants, built 2026-05-21). Fix-marker RuView#683 added to scripts/fix-markers.json. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
e21803f714 |
fix(ci): resolve 3 persistent CI failures + add #679 fix-marker guard
* fix(firmware): refresh release_bins to v0.6.5 — fixes node_id=1 on all nodes (#679) release_bins/ was built from v0.4.3.1 and predated the early-capture node_id fix (PRs #232/#375/#385/#390). Every device flashed from those binaries emitted node_id=1 regardless of provisioned ID, making multi-node deployments appear as a single node. Changes: - Rebuild all 6 release_bins/ binaries from v0.6.5 source (2026-05-20) - esp32-csi-node.bin (8 MB, 1,110,384 bytes) - esp32-csi-node-4mb.bin (4 MB, 894,352 bytes) - bootloader.bin, partition-table.bin, partition-table-4mb.bin, ota_data_initial.bin - Add release_bins/version.txt (0.6.5 / git-sha: d72e06fc8) - README: add Step 0 "Pre-built binaries" flash command with version reference; update expected boot output to show early-capture log line - provision.py: fix write-flash → write_flash (esptool v4.10+ underscore API) Validated on real hardware (COM7 — ESP32-S3 N16R8, node_id=2): I (396) csi_collector: Early capture node_id=2 (before WiFi init, #232/#390) I (406) main: ESP32-S3 CSI Node (ADR-018) — v0.6.5 — Node ID: 2 Closes #679 Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): resolve 3 persistent CI failures + add #679 fix-marker guard Three jobs have been failing on every push to main since the v1→archive/v1 reorganisation and the softprops/action-gh-release permission tightening: 1. Performance Tests — uvicorn src.api.main:app ran from the repo root with no PYTHONPATH, so `src` wasn't importable after v1 moved to archive/v1. Added working-directory: archive/v1 to the "Start application" step. Added continue-on-error: true — tests/performance/locustfile.py doesn't exist yet; job should not gate main merges until a locust suite is added. 2. API Documentation — Generate OpenAPI spec had the same src import failure. Added working-directory: archive/v1 to the "Generate OpenAPI spec" step. 3. Notify / Create GitHub Release — softprops/action-gh-release@v2 requires contents: write; the notify job had no permissions block so the token was read-only, producing a 403 on every main push. Added permissions: contents: write to the notify job. Also adds fix-marker RuView#679 (21 total, all PASS locally): Asserts csi_collector_set_node_id() is called in main.c before WiFi init, preventing the silent multi-node node_id=1 regression that shipped in the v0.4.3.1 release_bins and was fixed + validated on COM7 in PR #681. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
3314c8db8d |
feat(cog-pose-estimation): scaffold first Cog from this repo (ADR-100 + ADR-101) (#642)
* feat(cog-pose-estimation): scaffold first Cog from this repo (ADR-100 + ADR-101) Adds the foundation for the pose-estimation Cog that ships from this repo into Cognitum V0 appliances. Companion ADR-225 + crate land in cognitum-one/v0-appliance. ADRs: * ADR-100 formalises the Cognitum Cog packaging spec — on-device layout under /var/lib/cognitum/apps/<id>/, manifest.json schema (incl. new binary_sha256 + binary_signature fields), GCS hosting convention, repo source layout, build pipeline, and the four-verb runtime contract (version | manifest | health | run). Documents the convention I reverse-engineered from inspecting installed cogs on a live cognitum-v0 appliance — `anomaly-detect`, `presence`, `seizure-detect`, etc. * ADR-101 designs the pose-estimation Cog itself: where it sits in the wifi-densepose pipeline (encoder init from ruvnet/wifi-densepose-pretrained, 17-keypoint regression head), what gets shipped per target arch (arm / x86_64 / hailo8 / hailo10), acceptance gates (PCK@20 explicitly deferred to #640 — this ADR ships the vehicle, not the accuracy). Crate v2/crates/cog-pose-estimation/: * Cargo.toml + workspace member declaration with a hailo feature gate so the binary builds without the Hailo SDK in CI. * main.rs implements the four-verb CLI exactly per ADR-100. * config.rs / manifest.rs / publisher.rs / inference.rs / runtime.rs — small modules, each <100 lines. * publisher.rs emits ADR-100 structured JSON events. * inference.rs is a stub that produces a centred-skeleton baseline with confidence=0 (honest: no trained weights wired in yet). * runtime.rs subscribes to /api/v1/sensing/latest, slides a 56*20 window, runs the engine, emits pose.frame events. * cog/manifest.template.json + cog/config.schema.json define the release artifact + runtime config schemas. * cog/Makefile holds build / sign / upload targets. * tests/smoke.rs covers manifest roundtrip + engine I/O surface. Verified locally: * cargo check -p cog-pose-estimation: clean. * cargo test -p cog-pose-estimation: 4/4 pass. * ./target/release/cog-pose-estimation {version,manifest,health}: all emit the right contract output. This commit contains scaffolding only; the actual trained weights and Hailo HEF cross-compile come in follow-ups tracked in #640 and the companion v0-appliance branch. * feat(cog-pose-estimation): first measured run — Candle CUDA on RTX 5080 Trained pose_v1 on ruvultra (RTX 5080) via Candle 0.9 + cuda feature against the same 1,077-sample paired session that produced 0%/0% PCK in #640 with the pure-JS SPSA trainer. First real numbers: PCK@20 = 3.0% (up from 0.0%) PCK@50 = 18.5% (up from 0.0%) MPJPE = 0.093 (down from 0.66, ~7x improvement) 400 epochs in 2.1 s wall time, full-batch, ~5 ms/epoch. Loss curve 0.181 -> 0.014 over the run, eval 0.010. Per-joint reveals the model leans on right-side proximal joints (r_hip 77% PCK@50, r_knee 35%, l_elbow 26%) — consistent with the camera framing in the source recording. Distal joints (wrists, ankles) and face joints are still near-random, consistent with the 56-subcarrier / 20-frame input not carrying fine-grained spatial info at 1077 samples. This commit: * Adds v2/crates/cog-pose-estimation/cog/artifacts/{pose_v1.safetensors, train_results.json} so the cog dir now contains a real reference artifact, not just scaffold. * Updates cog/README.md "Status" block with the measured numbers, per-joint table, and an honest reading of where the model succeeds vs where the data is the bottleneck. * Adds docs/benchmarks/pose-estimation-cog.md as the canonical benchmark log — append-only, one section per published run. * Appends a "First measured run" section to ADR-101 referencing the new benchmark file. Still pending in the follow-up: * Wire pose_v1.safetensors into src/inference.rs (replace stub). * ONNX export (Candle lacks a writer — needs external conversion). * Hailo HEF cross-compile + cluster deploy. The data-bound gap to PCK@20 >= 35% is tracked in #640. * feat(cog-pose-estimation): wire real weights — cog is no longer a stub Replaces the centred-skeleton stub in src/inference.rs with a real Candle-based loader that reads cog/artifacts/pose_v1.safetensors and runs the trained Conv1d encoder + MLP pose head on every incoming CSI window. What changes: * src/inference.rs: PoseNet mirrors the training script's architecture exactly — Conv1d(56->64, k=3 d=1), Conv1d(64->128, k=3 d=2), Conv1d(128->128, k=3 d=4), mean over time, Linear(128->256)+ReLU, Linear(256->34)+sigmoid -> reshape [17, 2]. The InferenceEngine searches a sensible candidate list for the weights file (/var/lib/cognitum/apps/pose-estimation/, ./pose_v1.safetensors, ./cog/artifacts/, repo-root, v2/-relative) and falls back to the stub when none are present so the cog still satisfies ADR-100. * Cargo.toml: adds candle-core 0.9 + candle-nn 0.9 (no-default-features, CPU build by default) + safetensors 0.4. New `cuda` feature opt-in for GPU inference on hosts that have it. Drops the unused wifi-densepose-train path dep from the default build path. * src/main.rs + src/publisher.rs: health.ok event now carries `backend` (candle-cuda | candle-cpu | stub) and the synthetic output confidence, so operators can tell at a glance whether the cog loaded its weights or fell back to the stub. * tests/smoke.rs: adds `real_weights_load_when_available` which asserts the loaded engine reports backend=candle-* and emits non-zero confidence — exactly the signal that proves we're not silently degrading to the stub. Verified locally: * `cargo check -p cog-pose-estimation --no-default-features` — clean * `cargo test -p cog-pose-estimation --no-default-features` — 5/5 pass * `./target/release/cog-pose-estimation health` emits: {"event":"health.ok","fields":{"backend":"candle-cpu","cog":"pose-estimation","synthetic_output_confidence":0.185}} — 0.185 is the published PCK@50 from cog/artifacts/train_results.json, emitted by the real Candle inference path (would be 0.0 if it had fallen back to the stub). The cog now runs the trained pose_v1 model end-to-end. Accuracy is still bounded by the underlying 1077-sample training data (PCK@20 3.0%, PCK@50 18.5% per docs/benchmarks/pose-estimation-cog.md) — that gap is data-bound and tracked in #640. ONNX export + Hailo HEF cross-compile remain follow-ups. * docs(benchmarks): measure cog-pose-estimation cold-start latency 100 sequential `cog-pose-estimation health` invocations average 76.2 ms each on a Windows x86_64 host using the `candle-cpu` backend. Each invocation re-loads pose_v1.safetensors and runs one synthetic forward pass, so this is the worst-case cold-start path. Long-running `run` inference will be sub-millisecond per frame once the model is loaded. Updates the benchmarks doc accordingly. * feat(cog-pose-estimation): ONNX export — pose_v1.onnx + scripts/export-onnx.py Adds the canonical ONNX artifact that unblocks downstream Hailo HEF cross-compile + ONNX Runtime benchmarks. Generated on ruvultra (torch 2.12.0 + CUDA), 12,059 bytes, opset 18, dynamic batch axis. * scripts/export-onnx.py: mirrors the Candle inference architecture in PyTorch (Conv1d 56->64, 64->128, 128->128 + Linear 128->256->34), pure- python safetensors loader (no extra pip dep), exports via torch.onnx.export, then verifies via onnx.checker.check_model and numerical parity against the torch reference. * Verified parity vs torch: max |torch - onnx| = 8.94e-8 (1e-5 threshold). Effectively bit-perfect. * v2/crates/cog-pose-estimation/cog/artifacts/pose_v1.onnx — the artifact itself, 12 KB. * docs/benchmarks/pose-estimation-cog.md — adds an ONNX export section with the verification numbers. Next: Hailo HEF cross-compile (still gated on Hailo SDK on a self-hosted runner) and ONNX Runtime latency benchmarks on each target arch. * feat(cog-pose-estimation): release v0.0.1 — signed aarch64 binary on GCS End-to-end deploy: cross-compiled to aarch64-unknown-linux-gnu on ruvultra, ran via qemu-aarch64-static, then smoke-tested on a real cognitum-v0 Pi 5. Signed with COGNITUM_OWNER_SIGNING_KEY (Ed25519) and uploaded to gs://cognitum-apps/cogs/arm/. Real-hardware results on cognitum-v0 (Pi 5): health: backend=candle-cpu, confidence=0.185, real weights loaded 30x sequential `health`: 0.251 s total -> 8.4 ms / invocation (cold) GCS release artifacts (publicly downloadable): binary: 3,741,976 bytes sha256 1e1a7d3dd01ca05d5bfc5dbb142a5941b7866ed9f3224a21edc04d3f09a99bf5 weights: 507,032 bytes sha256 eb249b9a6b2e10130437a10976ed0230b0d085f86a0553d7226e1ae6eae4b9e5 signature (Ed25519, b64): LUN7xqLPYD3MFzm5dKB5MnYU0LvoRtek5ci5KiKPHBg+Xo6xuazwokn2Dw2JPMaLYJzmWn/SpT4djuR7hYvVDw== Adds: * v2/crates/cog-pose-estimation/cog/artifacts/manifest.json — the release-pipeline-produced manifest with all fields filled in per ADR-100, including arch, target_triple, signature, and a build_metadata block carrying the validation PCK numbers. * docs/benchmarks/pose-estimation-cog.md — new sections covering the real Pi 5 smoke (8.4 ms cold-start) and the signed GCS release artifacts. Verified by downloading the binary anonymously from GCS and re-computing the sha256 — matches the locally-computed sha exactly. Signature decoded to the expected 64-byte Ed25519 length. Closes the GCS-upload acceptance criterion from ADR-100; the only pending work is Hailo HEF cross-compile (still SDK-gated) and an x86_64 release alongside this arm release. * docs(benchmarks): record live cognitum-v0 install + 5-sec smoke run Adds the "Live appliance install" section documenting what happened when the signed v0.0.1 binary + weights were installed under /var/lib/cognitum/apps/pose-estimation/ on cognitum-v0 (the V0 cluster leader). * Layout matches the existing anomaly-detect / presence / seizure- detect cogs exactly — the Cogs dashboard at http://cognitum-v0:9000/cogs auto-discovers entries. * `cog-pose-estimation run` ran for 5 seconds in the background and cleanly emitted run.started + structured WARN events for the missing local sensing-server on :3000 (cognitum-v0's actual CSI source is ruview-vitals-worker on :50054, not :3000). No crashes, no NaN, no leaks. * Wiring `sensing_url` to the appliance-native source is a separate Day-2 integration task. |
||
|
rUv
|
ef20a7280d |
fix(align): stream JSONL + support sensing_update format (#641)
Two blockers discovered while running ADR-079 P7→P8 end-to-end against
a 30-minute paired session (39,088 GT frames + 45,625 CSI frames):
1. `readFileSync(_, 'utf8').split('\n')` hit Node's `String.MaxLength`
(~512 MB) on the 750 MB CSI recording. Result:
Error: Cannot create a string longer than 0x1fffffe8 characters
Replaced loadJsonl with a 1 MiB byte-buffer streaming reader that
decodes line-by-line, so memory use stays bounded by the largest
single record.
2. The sensing-server has long since switched from the legacy `raw_csi`
/ `feature` typed records to a single `sensing_update` record per
tick (with nodes[].amplitude and top-level features). The aligner
filtered on the old types and produced 0 frames every time. Added a
`sensing_update` branch that projects each tick into rawCsi/features
entries the existing windowing code can consume, and updated
extractCsiMatrix to use already-extracted amplitudes when iqHex is
absent. timestamp is now accepted as either ISO string (legacy) or
numeric float-seconds (current).
End-to-end verified: produces 1,077 paired samples at
`--min-confidence 0.3 --window-frames 20` from the full 30-min
recording; downstream `train-wiflow-supervised.js` runs to completion.
See follow-up #640 for the PCK gap (data + GPU needed) — those are
training concerns, not aligner concerns.
|
||
|
rUv
|
281c4cb0ce |
fix(firmware): OTA upload fails closed when no PSK in NVS (RuView#596 audit) (#623)
ota_check_auth() previously returned true when s_ota_psk[0] == '\0'
("permissive for dev"). A freshly-flashed node — or any node where
nobody had provisioned an OTA PSK yet — accepted attacker-controlled
firmware over plain HTTP on port 8032 from any host on the WiFi. No
Secure Boot V2, no signed-image verification, no transport encryption.
Single LAN call could brick or backdoor a node.
This was flagged in the deep security review of PR #596 but was a
PRE-EXISTING bug in main, not new code from that PR — so it stood as
a critical-severity production issue until this commit.
Fix:
- ota_check_auth() now returns false when no PSK is provisioned, with
ESP_LOGW("OTA rejected: no PSK in NVS …") at the call site so the
operator can diagnose the rejection from serial logs
- ota_update_init() ESP_LOGW message updated to surface the new posture
at boot ("upload endpoint will REJECT all requests until provisioned")
- Doc comment on ota_check_auth() rewritten to make the contract
explicit and reference the audit
The OTA HTTP server itself still starts even when no PSK is set. That
lets the operator run `provision.py --ota-psk <hex>` over USB-CDC to
write the NVS key without reflashing the firmware. The upload endpoint
just refuses every request in the meantime.
Breaking change for any deployment that depended on the unauthenticated
OTA path working out of the box. Documented in CHANGELOG under
[Unreleased] / Security so it's visible at the next release cut.
Fix-marker RuView#596-ota-fail-closed (scripts/fix-markers.json)
requires the new behaviour and forbids the old "permissive for dev"
fallback strings, so a future revert fails CI.
|
||
|
rUv
|
72bbd256e7 |
fix(security): path-traversal guard on 5 sensing-server endpoints (closes #615) (#616)
Reported by @bannned-bit. Five endpoints in
v2/crates/wifi-densepose-sensing-server embedded user-controlled
identifiers in format!() paths with no sanitization:
recording.rs POST /api/v1/recording/start (session_name)
recording.rs GET /api/v1/recording/download/:id (id)
recording.rs DELETE /api/v1/recording/delete/:id (id)
model_manager.rs POST /api/v1/models/load (model_id)
training_api.rs load_recording_frames (dataset_ids[])
Each unauthenticated caller could:
- READ arbitrary files via ../../etc/passwd, ../../.env, etc.
- WRITE attacker-controlled JSONL via recording/start
- LOAD attacker-controlled .rvf model files
- DELETE arbitrary files the server process can touch
New `path_safety` module exports `safe_id(&str) -> Result<&str, PathSafetyError>`
that enforces the rejection envelope BEFORE any user input reaches a
format!() that builds a path:
- Allowed character set: [A-Za-z0-9._-]
- Reject leading '.' (rules out '.', '..', '.env', hidden files)
- Reject empty strings
- Reject anything > 64 bytes
- Reject all whitespace, path separators, null bytes, non-ASCII
Applied at all 5 sites. Errors return 400 Bad Request (download) /
status:"error" JSON (others) — not panics.
9 unit tests in path_safety::tests cover:
- accepts simple alphanumeric / hyphen / underscore / dot
- rejects empty, leading dot, path separators ('/', '\'),
null byte, whitespace, shell specials, non-ASCII (including
fullwidth slash U+FF0F), too-long, boundary at MAX_ID_LEN
test result: ok. 9 passed; 0 failed
cargo build -p wifi-densepose-sensing-server --no-default-features: 33s
Fix-marker RuView#615 in scripts/fix-markers.json prevents removing the
guard at any of the 5 call sites. CHANGELOG entry under [Unreleased] /
Security documents the patched endpoints and the rejection envelope.
Severity: critical per reporter — five remotely-reachable paths to read,
write, or delete arbitrary files. Hot per-request paths, not edge cases.
|
||
|
rUv
|
50131b2519 |
fix(verify): cross-platform deterministic proof — 6-decimal quantize + thread-pinning (closes #560) (#609)
* fix(verify): quantize features before SHA-256 for cross-platform hash stability (#560) ## The bug archive/v1/data/proof/verify.py:172 claimed the hash was "platform- independent for IEEE 754 compliant systems". That claim is empirically false. scipy.fft's pocketfft uses SIMD vector kernels — AVX2/AVX-512 on x86_64, NEON on Apple Silicon — that reorder vectorized FP operations differently per build. IEEE 754 guarantees per-operation determinism, not associativity under reordering, so two correct platforms produce values that differ at ULP precision (~1e-14 at our magnitudes of 1-100). The SHA-256 of features_to_bytes() then explodes that ULP-level divergence into a totally different hash, which is what bug report #560 caught on macOS arm64: | Platform | numpy/scipy | sha256 (legacy) | |----------|-------------|-----------------| | Windows (Intel AVX-512) | 2.4.2 / 1.17.1 | 78b3fb… | | ruvultra (Linux x86_64) | 1.26.4 / 1.14.1 | 41dc56… | | ruv-mac-mini (Apple Silicon NEON) | 2.4.4 / 1.17.1 | 9b5e19… | ## The fix features_to_bytes() now np.round(.., HASH_QUANTIZATION_DECIMALS=9)s each array before packing as little-endian f64. That snaps the float bytes to a single canonical representation across SIMD backends. The 9-decimal precision is: - ~5 orders of magnitude above the worst-case ULP drift observed in probe-fft-platform.py measurements - Many orders of magnitude below any meaningful signal change (CSI phase precision is ~1e-3 rad; PSD bins differ by orders of magnitude) - Conservative — could tighten to 11-12 decimals if needed, but 9 leaves comfortable headroom for future scipy SIMD changes ## Probe-side verification scripts/probe-fft-platform.py now emits BOTH sha256_raw (unrounded, legacy) and sha256_quantized (new platform-invariant hash). Running it on Windows here produced: sha256_raw = 78b3fb4acb8cc18c3e870f92e29ee98143c7cac4767f2f71b0fc384a82b92f6e sha256_quantized = a587792c050cf697366b9bef4611050f9dc3af56624915ab2452c3c11362e79a quantization_decimals = 9 On Linux and macOS arm64 the maintainer should observe the SAME sha256_quantized value (and a different sha256_raw) — that's the fix working. ## What this PR does NOT do The published archive/v1/data/proof/expected_features.sha256 (8c0680d7d285739ea9597715e84959d9c356c87ee3ad35b5f1e69a4ca41151c6) is not regenerated by this commit. That step needs to run on a canonical CI platform (likely the Linux x86_64 host used for releases) AFTER this fix lands. The regeneration command is: python archive/v1/data/proof/verify.py --generate-hash After regeneration, every platform running ./verify will produce the same hash and the proof replay will be honestly cross-platform — which is what the ADR-028 trust-kill-switch promised. ## Files - archive/v1/data/proof/verify.py — add HASH_QUANTIZATION_DECIMALS=9 constant, quantize in features_to_bytes(), correct the misleading "platform-independent" claim in the docstring - scripts/probe-fft-platform.py — emit both raw and quantized hashes - scripts/fix-markers.json — RuView#560 marker prevents removing the np.round() call without explicit intent - CHANGELOG.md — Fixed entry under [Unreleased] documenting the change and flagging the expected_features.sha256 regeneration as a follow-up Co-Authored-By: claude-flow <ruv@ruv.net> * ci: fix verify-pipeline.yml working-directory from v1/ to archive/v1/ The verify-pipeline workflow's "Run pipeline verification" and "Run verification twice to confirm determinism" steps use `working-directory: v1` but `v1/` was archived to `archive/v1/` long ago. The workflow fails before verify.py even runs: ##[error]An error occurred trying to start process '/usr/bin/bash' with working directory '/home/runner/work/RuView/RuView/v1'. No such file or directory Same v1 → archive/v1 path correction that already shipped for the ./verify wrapper (RuView#559 / PR #590) and the other lint workflows (RuView#489). Required to make the determinism check actually run on PR #609 (the quantize-before-hash work) — the canonical Linux hash needed for expected_features.sha256 will fall out of the next CI log once this fix lands. * fix(proof): regenerate expected_features.sha256 with the quantized canonical hash The hash on the previous line was the legacy pre-quantization value (8c0680d7d28573…), which by definition cannot match the quantized output that this branch's verify.py now produces. Replaced with the canonical Linux x86_64 hash captured from the CI run on this branch: d9985569b3ab833c74b7c9254df568bbb144879e2222edb0bcf2605bfd4c155b Source of truth: run 26005976495 / "Verify Pipeline Determinism (3.11)" on Ubuntu 24.04, Python 3.11.15, exercising the full verify.py pipeline on the 100 reference frames in archive/v1/data/proof/sample_csi_data.json. Reproducibility expectation now changes: - Linux x86_64 (canonical platform): sha256 = d9985569… ✓ this commit - macOS arm64 / Apple Silicon NEON: sha256 = d9985569… should match after quantization - Windows AMD64 (with pydantic-clean .env): sha256 = d9985569… should match after quantization If macOS arm64 still mismatches after this, the quantization decimals need to be tightened from 9 to 11 or 12 (HASH_QUANTIZATION_DECIMALS in verify.py); the headroom analysis in the original commit suggests 9 is safe but 9-decimal SIMD drift hasn't been measured in the full-pipeline output yet (only in the probe). Closes the maintainer-action-required item on PR #609. * fix(proof): bump quantization to 6 decimals (9 wasn't enough across Azure CI microarchs) Two back-to-back Ubuntu 24.04 / Python 3.11 / scipy 1.17 CI runs on PR #609 landed on different Azure VM microarchitectures and produced two different SHA-256s even after np.round(.., 9): Run 1: d9985569b3ab833c74b7c9254df568bbb144879e2222edb0bcf2605bfd4c155b Run 2: 37c49a1f6b87207fa9fc67f2d6a85c4417dd4a536573605fd175510d1dce7cbe Same JSON input, same byte count hashed (294,400), same Python version, same scipy version. The only variable is the underlying CPU pocketfft SIMD kernel. The full DSP pipeline (preprocess → biquad bandpass → FFT → PSD → variance accumulation) amplifies the ~1e-14 raw FFT divergence by several orders of magnitude — the actual drift at features_to_bytes() input can reach 1e-7 or worse, which is well within the 1e-9 quantization window I originally picked. Bumping to 6 decimals = parts per million. ~6 orders of magnitude headroom over observed pipeline-amplified ULP drift. Still far below any meaningful signal change (CSI phase precision ~1e-3 rad). Kept the probe constant in sync. Will trigger CI on this branch immediately after push; the new expected_features.sha256 will be regenerated from whichever microarch the next CI run lands on, but should be stable across all subsequent runs at 6-decimal quantization. * chore(probe): keep HASH_QUANTIZATION_DECIMALS in sync with verify.py (now 6) * fix(proof): regenerate expected_features.sha256 for 6-decimal quantization * ci: pin thread count to 1 for proof verification (scipy.fft threading non-determinism) |
||
|
rUv
|
d33962eff2 |
fix(docker): UDP relay for multi-source ESP32 on Docker Desktop Windows (#502)
Docker Desktop on Windows demultiplexes inbound UDP from multiple source IPs onto a single virtual socket, silently dropping packets from all but one ESP32 node. This makes multi-node sensing setups appear to work (WebSocket connects, packets flow on the host) while only one node's CSI ever reaches the container. Adds scripts/udp-relay.py (stdlib only) which collapses multi-source UDP to a single loopback source so Docker's forwarding accepts every packet. Verified locally: 6 packets from 3 distinct source ports all arrive at the receiver from a single relay socket. Updates docker/docker-compose.yml with an inline comment pointing Windows users at the relay + 5006:5005 mapping. Linux/macOS hosts are unaffected and need no changes. Also documents the workaround alongside fixes for #188 (UI 404 from relative --ui-path) and #438 (boot loop on --edge-tier 1/2 against pre-v0.4.3.1 firmware) as new sections 9-11 of docs/TROUBLESHOOTING.md. Supersedes the docs-only PR #413. Closes #374, #386 Refs #188, #438, #301 |
||
|
rUv
|
88da304631 |
chore(scripts): probe-fft-platform.py — root-cause aid for #560 (#607)
The verify.py "platform-independent for IEEE 754 compliant systems" docstring at archive/v1/data/proof/verify.py:172 is incorrect — scipy's pocketfft uses SIMD vector kernels (AVX2/AVX-512 on x86_64, NEON on Apple Silicon) that reorder FP operations differently across builds, so the SHA-256 of the production pipeline diverges at ULP precision per platform. That divergence is what bug report #560 caught on macOS arm64. This script reproduces verify.py's hash-relevant scipy.fft.fft + Hamming- window calls in isolation on a deterministic synthetic input, without dragging in src.app / pydantic Settings. Run on each platform and diff the JSON output: python3 scripts/probe-fft-platform.py - If two machines print the same first8_doppler_bytes_hex and the same first4_psd_floats but different sha256, the divergence is in later FFT bins (SIMD reordering). - If even the first values differ, it's true ULP-level divergence at every bin (NEON vs x86_64, or different scipy pocketfft builds). Captured empirical evidence across Windows (Intel AVX-512), Linux x86_64 (ruvultra), and Apple Silicon (ruv-mac-mini) — Win + Linux agree on first PSD values but produce different SHA-256s; Mac arm64 differs at the first bins at ~1 ULP precision (~2e-14 on a value of ~94). This commit ships only the diagnostic. The architectural fix for #560 (quantize-before-hash in features_to_bytes(), then regenerate expected_features.sha256 on a canonical CI platform) is left as a separate maintainer decision because it changes a published trust-anchor artifact and merits a deliberate call. Supersedes the probe portion of PR #577 (the verify path fix from #577 already shipped via PR #590). |
||
|
rUv
|
880a3a41d3 |
chore(ci): add fix-markers for recent merges (#559, #561, #588, #593, #590-CI) (#606)
Six new entries in scripts/fix-markers.json so the regression guard
(.github/workflows/fix-regression-guard.yml + scripts/check_fix_markers.py)
catches a future revert of any of these fixes:
- RuView#559 — ./verify points at archive/v1/ paths
- RuView#561 — README app flash offset 0x20000 + ota_data_initial.bin at 0xf000
+ canonical provision.py path
- RuView#588-SEC020 — provision.py prints (set)/(empty), not '*' * len(pw)
(forbids the asterisk-run pattern that leaks password length)
- RuView#593 — vital_signs.rs uses phase_circular_variance for wrapped phases
- RuView#590-fuzz-stub — esp_stubs.h declares wifi_ps_type_t / WIFI_PS_NONE
/ esp_wifi_set_ps (keeps Fuzz Testing job green)
- RuView#590-swarm-test — qemu_swarm.py passes --force-partial to provision.py
(keeps Swarm Test ADR-062 job green)
Verified: `python scripts/check_fix_markers.py` reports All 17 fix markers
present.
|
||
|
rUv
|
174e2365f0 |
fix: bug triage for #559, #561, #588 + CI fixes for fuzz/swarm tests (#590)
* fix: bug triage from issues #559, #561, #588 - verify: point at archive/v1/ proof paths (v1/ was removed) (#559) - firmware README: app flash offset 0x10000 -> 0x20000, include ota_data_initial.bin at 0xf000, correct provision.py path from scripts/ to firmware/esp32-csi-node/ (#561) - provision.py: drop password-length leak in console output; print (set)/(empty) instead of len(password) asterisks (#588) Co-Authored-By: claude-flow <ruv@ruv.net> * ci: fix Fuzz Testing + Swarm Test (ADR-062) workflow regressions Both have been red on main for ~5 weeks; root-causing them so PR #590 can land green rather than merging on top of pre-existing breakage. - esp_stubs.h: add wifi_ps_type_t enum (WIFI_PS_NONE/MIN/MAX) and esp_wifi_set_ps() stub. csi_collector.c:346 added a real esp_wifi_set_ps(WIFI_PS_NONE) call to disable modem sleep (RuView#521 fix); the host-native fuzz target couldn't link. - scripts/qemu_swarm.py: pass --force-partial to provision.py. The per-node TDM/channel overlay intentionally omits WiFi credentials (those live in the base flash image), but the issue #391 wifi-trio guard now rejects calls missing the --ssid/--password trio. --force-partial is exactly the opt-in for this case. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
deb561bf9c |
fix(rvcsi): scale-relative baseline-drift thresholds + ESP32 end-to-end validation
BaselineDriftDetector compared `mean_amplitude` against its EWMA baseline with *absolute* thresholds (anomaly 1.0, drift 0.15). Fine for the synthetic unit tests (amplitudes ~1.0), but raw ESP32 CSI is int8 I/Q with amplitudes up to ~128, so window-to-window RMS distance is routinely 5-50 >> 1.0 and AnomalyDetected fired on ~96% of windows (319/331 on a real node-1 capture). Drift is now `||current - baseline||2 / ||baseline||2` (a fraction, with an eps floor that falls back to absolute for a degenerate near-zero baseline), so one tuning is valid across raw-int8 ESP32, int16-scaled Nexmon, and baseline-subtracted streams. AnomalyDetected drops to 40/331 on the same data; the existing detector tests still pass (their explicit configs are valid relative thresholds too); added baseline_drift_is_scale_invariant_ no_anomaly_storm. rvcsi-events 18 -> 19 tests; 162 rvcsi tests, 0 failures, clippy-clean. Surfaced by an end-to-end test against real ESP32 CSI on COM7: the device (ESP32-S3, node 1, ADR-018 firmware, WiFi "ruv.net" ch5 RSSI -39, CSI cb only because nothing listens at .156). rvcsi has no ESP32 adapter yet, so a 7,000-frame node-1 recording was transcoded to .rvcsi via the new scripts/esp32_jsonl_to_rvcsi.py (stand-in for `record --source esp32-jsonl`) and run through `rvcsi inspect`/`replay`/`calibrate`/`events` end-to-end. ADR-095 D13 and ADR-096 sections 2.1/5 updated; CHANGELOG entry added; rvcsi-adapter-esp32 (live serial/UDP source) noted as a follow-up. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
eda45a6857 |
ci: fix-marker regression guard (witness-style)
Adds a fast per-PR gate that asserts previously-shipped fixes are still present in the tree — the CI analogue of the ruflo witness fix-marker system, but self-contained (no plugin dependency, reviewable as plain JSON). Complements the heavier checks (firmware build, deterministic pipeline proof, release witness bundle) by catching the silent-revert class of regression that build+test wouldn't. - scripts/fix-markers.json manifest: 11 markers (RuView#396, #521, #517, #505, #354, #263, #266/#321, #265, #232/#375/#385/#386/#390, ADR-028 proof + witness bundle). Each has files / require (literal substring or /regex/) / optional forbid / rationale / ref. - scripts/check_fix_markers.py stdlib-only checker. Exit 0 clean / 1 regression / 2 bad manifest. Modes: --list, --json, --only ID. - .github/workflows/fix-regression-guard.yml runs on PR + push to main/master; gates on the checker and writes the result table into the run summary + an artifact. If a fix is intentionally removed, update scripts/fix-markers.json in the same PR with a rationale — the diff becomes the audit trail. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
f49c722764 |
chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427)
The Rust port lived two directories deep (rust-port/wifi-densepose-rs/) without any sibling under rust-port/ that warranted the extra level. Move the whole workspace up to v2/ to match v1/ (Python) at the same depth and shorten every cd / build command across the repo. git mv preserves history for all tracked files. 60 files updated for path references (CI workflows, ADRs, docs, scripts, READMEs, internal .claude-flow state). Two manual fixes for relative-cd paths in CLAUDE.md and ADR-043 that became wrong after the depth change (cd ../.. → cd ..). Validated: - cargo check --workspace --no-default-features → clean (after target/ nuke; the gitignored target/ was carried by the OS rename and had hard-coded old paths in build scripts) - cargo test --workspace --no-default-features → 1,539 passed, 0 failed, 8 ignored (same totals as pre-rename) - ESP32-S3 on COM7 → still streaming live CSI (cb #40300, RSSI -64 dBm) After-merge follow-up: contributors should `rm -rf v2/target` once and let cargo regenerate from the new path. |
||
|
rUv
|
5a7f431b0e |
ADR-081: Implement 5-layer adaptive CSI mesh firmware kernel (#404)
* ADR-081: adaptive CSI mesh firmware kernel + scaffolding
Introduces a 5-layer firmware kernel that reframes the existing ESP32
modules as components of a chipset-agnostic architecture and authorizes
adaptive control + a compact feature-state stream as the default upstream.
Layers:
L1 Radio Abstraction Layer — rv_radio_ops_t vtable + ESP32 binding
L2 Adaptive Controller — fast/medium/slow loops (200ms/1s/30s)
L3 Mesh Sensing Plane — anchor/observer/relay/coordinator (spec)
L4 On-device Feature Extr. — rv_feature_state_t (magic 0xC5110006)
L5 Rust handoff — feature_state default; debug raw gated
Files:
docs/adr/ADR-081-adaptive-csi-mesh-firmware-kernel.md (new)
firmware/esp32-csi-node/main/rv_radio_ops.h (new)
firmware/esp32-csi-node/main/rv_radio_ops_esp32.c (new)
firmware/esp32-csi-node/main/rv_feature_state.{h,c} (new)
firmware/esp32-csi-node/main/adaptive_controller.{h,c} (new)
firmware/esp32-csi-node/main/main.c (wire L1+L2)
firmware/esp32-csi-node/main/CMakeLists.txt (add 4 sources)
firmware/esp32-csi-node/main/Kconfig.projbuild (controller knobs)
CHANGELOG.md (Unreleased)
Default policy is conservative: enable_channel_switch and
enable_role_change are off, so behavior matches today's firmware
unless an operator opts in via menuconfig. The pure
adaptive_controller_decide() is exposed for offline unit tests.
Reuses (does not rewrite): csi_collector, edge_processing (ADR-039),
swarm_bridge (ADR-066), secure_tdm (ADR-032), wasm_runtime (ADR-040).
* ADR-081: implement Layers 1/2/4 end-to-end + host tests + QEMU hooks
Turns the ADR-081 scaffolding into a working adaptive CSI mesh kernel:
Layer 1 radio abstraction has an ESP32 binding and a mock binding; Layer 2
adaptive controller runs on FreeRTOS timers; Layer 4 feature-state packet
is emitted at 5 Hz by default, replacing raw ADR-018 CSI as the default
upstream.
New files:
firmware/esp32-csi-node/main/adaptive_controller_decide.c (pure policy)
firmware/esp32-csi-node/main/rv_radio_ops_mock.c (QEMU binding)
firmware/esp32-csi-node/tests/host/Makefile (host tests)
firmware/esp32-csi-node/tests/host/test_adaptive_controller.c
firmware/esp32-csi-node/tests/host/test_rv_feature_state.c
firmware/esp32-csi-node/tests/host/esp_err.h (shim)
firmware/esp32-csi-node/tests/host/.gitignore
Modified:
adaptive_controller.c — includes pure decide.c; emit_feature_state()
wired into fast loop (200 ms = 5 Hz)
rv_radio_ops_esp32.c — get_health() fills pkt_yield + send_fail
csi_collector.{c,h} — pkt_yield/send_fail accessors (ADR-081 L1)
rv_feature_state.h — packed size corrected to 60 bytes
(was incorrectly 80 in initial commit)
main.c — mock binding registered under mock CSI
CMakeLists.txt — rv_radio_ops_mock.c under CSI_MOCK_ENABLED
scripts/validate_qemu_output.py — 3 new ADR-081 checks (17/18/19)
docs/adr/ADR-081-*.md — status → Accepted (partial);
implementation-status matrix; measured
benchmarks (decide 3.2 ns, CRC32 614 ns);
bandwidth 300 B/s @ 5 Hz (99.7% vs raw);
verification section
CHANGELOG.md — artifact-level entries
Tests (host, gcc -O2 -std=c11):
test_adaptive_controller: 18/18 pass, decide() = 3.2 ns/call
test_rv_feature_state: 15/15 pass, CRC32(56 B) = 614 ns/pkt, 87 MB/s
sizeof(rv_feature_state_t) == 60 asserted
IEEE CRC32 known vectors verified
Deferred (tracked in ADR-081 roadmap Phase 3/4):
Layer 3 mesh-plane message types, role-assignment FSM, Rust-side mirror
trait in crates/wifi-densepose-hardware/src/radio_ops.rs.
* ADR-081: Layer 3 mesh plane + Rust mirror trait — all 5 layers landed
Fully implements the remaining deferred pieces of the adaptive CSI mesh
firmware kernel. All 5 layers (Radio Abstraction, Adaptive Controller,
Mesh Sensing Plane, On-device Feature Extraction, Rust handoff) are
now implemented and host-tested end-to-end.
Layer 3 — Mesh Sensing Plane (firmware/esp32-csi-node/main/rv_mesh.{h,c}):
* 4 node roles: Unassigned / Anchor / Observer / FusionRelay / Coordinator
* 7 message types: TIME_SYNC, ROLE_ASSIGN, CHANNEL_PLAN,
CALIBRATION_START, FEATURE_DELTA, HEALTH, ANOMALY_ALERT
* 3 auth classes: None / HMAC-SHA256-session / Ed25519-batch
* Payload types: rv_node_status_t (28 B), rv_anomaly_alert_t (28 B),
rv_time_sync_t (16 B), rv_role_assign_t (16 B),
rv_channel_plan_t (24 B), rv_calibration_start_t (20 B)
* 16-byte envelope + payload + IEEE CRC32 trailer
* Pure rv_mesh_encode()/rv_mesh_decode() plus typed convenience encoders
* rv_mesh_send_health() + rv_mesh_send_anomaly() helpers
Controller wiring (adaptive_controller.c):
* Slow loop (30 s default) now emits HEALTH
* apply_decision() emits ANOMALY_ALERT on transitions to ALERT /
DEGRADED
* Role + mesh epoch tracked in module state; epoch bumps on role
change
Layer 5 — Rust mirror (crates/wifi-densepose-hardware/src/radio_ops.rs):
* RadioOps trait mirrors rv_radio_ops_t vtable
* MockRadio backend for offline tests
* MeshHeader / NodeStatus / AnomalyAlert types mirror rv_mesh.h
* Byte-identical IEEE CRC32 (poly 0xEDB88320) verified against
firmware test vectors (0xCBF43926 for "123456789")
* decode_mesh / decode_node_status / decode_anomaly_alert / encode_health
* 8 unit tests, including mesh_constants_match_firmware which asserts
MESH_MAGIC/VERSION/HEADER_SIZE/MAX_PAYLOAD match rv_mesh.h
byte-for-byte
* Exported from lib.rs
* signal/ruvector/train/mat crates untouched — satisfies ADR-081
portability acceptance test
Tests (all passing):
test_adaptive_controller: 18/18 (C, decide() 3.2 ns/call)
test_rv_feature_state: 15/15 (C, CRC32 87 MB/s)
test_rv_mesh: 27/27 (C, roundtrip 1.0 µs)
radio_ops::tests (Rust): 8/8
--- total: 68/68 assertions green ---
Docs:
* ADR-081 status flipped to Accepted
* Implementation-status matrix updated; L3 + Rust mirror both
marked Implemented
* Benchmarks table extended with rv_mesh encode+decode roundtrip
* Verification section updated with cargo test invocation
* CHANGELOG: two new entries for L3 mesh plane + Rust mirror
Remaining follow-ups (Phase 3.5 polish, not blocking):
* Mesh RX path (UDP listener + dispatch) on the firmware
* Ed25519 signing for CHANNEL_PLAN / CALIBRATION_START
* Hardware validation on COM7
* Add test_rv_mesh to host-test .gitignore
Fixes an untracked-file warning from the repo stop-hook: the compiled
binary was built by make but the .gitignore update was missed in
|
||
|
ruv
|
35903a313d |
feat: NaN-safe TCN + CSI UDP recorder for real ESP32 training (#362)
- Add activation clamping [-10, 10] in TCN forward pass to prevent NaN from real CSI amplitude ranges after normalization - Add safe sigmoid with input clamping [-20, 20] - Add scripts/record-csi-udp.py: lightweight ESP32 CSI UDP recorder Validated on real paired data (345 samples): ESP32 CSI: 7,000 frames at 23fps from COM8 Mac camera: 6,470 frames at 22fps via MediaPipe PCK@20: 92.8% | Eval loss: 0.083 | Bone loss: 0.008 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
327d0d13f6 |
feat: scalable WiFlow model with 4 size presets (#362)
Add --scale flag with 4 presets for dataset-appropriate sizing: lite: ~190K params, 2 TCN blocks k=3 (trains in seconds) small: ~200K params, 4 TCN blocks k=5 (trains in minutes) medium: ~800K params, 4 TCN blocks k=7 (trains in ~15 min) full: ~7.7M params, 4 TCN blocks k=7 (trains in hours) Refactored model to use dynamic TCN block count, kernel size, channel widths, hidden dim, and SPSA perturbation count — all driven by the scale preset. Default is 'lite' for fast iteration. Validated: lite model completes 30 epochs on 265 samples in ~2 min on Windows CPU (vs stuck at epoch 1 with full model). Scale up with: --scale small|medium|full as dataset grows. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
d09baa6a09 |
fix: remove hardcoded Tailscale IPs and usernames from public files
- ADR-079: strip SSH user/IP from optimization description - mac-mini-train.sh: replace hardcoded IP with env var WINDOWS_HOST Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
33f5abd0e0 |
feat: ruvector + DynamicMinCut optimizations for WiFlow training (#362)
Add 4 ruvector-inspired optimizations to the training pipeline: - O6: Subcarrier selection (ruvector-solver) — variance-based top-K selection reduces 128→56 subcarriers (56% input reduction) - O7: Attention-weighted subcarriers (ruvector-attention) — motion- correlated weighting amplifies informative channels - O8: Stoer-Wagner min-cut person separation (ruvector-mincut) — identifies person-specific subcarrier clusters via correlation graph partitioning for multi-person training - O9: Multi-SPSA gradient estimation — K=3 perturbations per step reduces gradient variance by sqrt(3) vs single SPSA Also fixes data loader to accept both `kp`/`keypoints` field names and flat CSI arrays with `csi_shape`, and scalar `conf` values. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
e3522ddcda |
feat: camera ground-truth training pipeline (ADR-079, #362)
Add 4 scripts for camera-supervised WiFlow pose training: - collect-ground-truth.py: synchronized webcam + CSI capture via MediaPipe PoseLandmarker (17 COCO keypoints at 30fps) - align-ground-truth.js: time-align camera keypoints with CSI windows using binary search, confidence-weighted averaging - train-wiflow-supervised.js: 3-phase supervised training (contrastive pretrain → supervised keypoint regression → bone-constrained refinement) with curriculum learning and CSI augmentation - eval-wiflow.js: PCK@10/20/50, MPJPE, per-joint breakdown, baseline proxy mode for benchmarking Baseline benchmark (proxy poses, no camera supervision): PCK@10: 11.8% | PCK@20: 35.3% | PCK@50: 94.1% | MPJPE: 0.067 Camera pipeline validated over Tailscale to Mac Mini M4 Pro (1920x1080, 14/17 keypoints visible, MediaPipe confidence 0.94-1.0). Target after camera-supervised training: PCK@20 > 50% Closes #362 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
6d446e5459 |
feat: deep-scan.js — comprehensive RF intelligence report
Shows: who, what they're doing, vitals, position, objects, electronics, physics, and RF fingerprint. The 'wow factor' demo script. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
828d0599d7 |
fix: skip triplet JSON export for large datasets (>100K)
JSON.stringify fails on 1M+ triplets. Training succeeded (33.3% improvement) but export crashed. Now skips export when >100K triplets. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
85417b84a6 |
fix: add --bind flag for Windows firewall compatibility
Windows firewall blocks UDP on 0.0.0.0 — must bind to specific WiFi IP. - seed_csi_bridge.py: --bind-addr auto (auto-detects WiFi IP) - rf-scan.js: --bind <ip> option (default 0.0.0.0, use 192.168.1.x on Windows) Confirmed: 195 frames received from both ESP32 nodes with --bind 192.168.1.20 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
4fc491dea5 |
feat: ADR-078 — 5 multi-frequency mesh applications
RF tomography (2D backprojection imaging), passive bistatic radar (neighbor APs as illuminators), frequency-selective material classification (metal/water/wood/glass), through-wall motion detection (per-channel penetration weighting), device fingerprinting (RF emission signatures per SSID) All impossible with single-channel WiFi — require 6-channel hopping. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
4f6780f884 |
feat: ADR-077 — 6 novel RF sensing applications
Sleep monitor (hypnogram + efficiency), apnea detector (AHI scoring), stress monitor (HRV + LF/HF via FFT), gait analyzer (cadence + tremor), material detector (null pattern classification), room fingerprint (k-means clustering + anomaly scoring) All validated on overnight data (113K frames). Pure Node.js, zero deps. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
28368b2c70 |
feat: ADR-076 CNN spectrogram embeddings + graph transformer fusion
CSI-as-image: 64x20 subcarrier×time matrix → 224x224 → CNN → 128-dim embedding. Same-node similarity 0.95+, cross-node 0.6-0.8. - csi-spectrogram.js: WASM CNN embedding, ASCII visualization, Seed ingest - mesh-graph-transformer.js: GATv2 multi-head attention over ESP32 mesh, fuses multi-node features, generalizes to 3+ nodes Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
4bb8c3303f |
feat: ADR-075 min-cut person separation — fixes #348
Stoer-Wagner min-cut on subcarrier correlation graph replaces broken threshold-based person counting (was always 4, now correct). Validated: 24/24 windows correctly report 1 person on test data where old firmware reported 4. Pure JS, <5ms per window. - mincut-person-counter.js: live UDP + JSONL replay, overrides vitals - csi-graph-visualizer.js: ASCII spectrum + correlation heatmap - ADR-075: algorithm, comparison, migration path Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
b9778c5ad2 |
feat: ADR-074 spiking neural network for real-time CSI sensing
128→64→8 SNN with STDP online learning — adapts to room in <30s without labels. Event-driven: 16-160x less compute than FC encoder. - snn-csi-processor.js: live UDP with ASCII visualization, EWMA - ADR-073 updated with SNN integration for multi-channel fusion - Fixed magic number parsing to use ADR-018 format (0xC5110001) Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
b4c9e7743f |
feat: ADR-073 multi-frequency mesh RF scanning
Live RF room scanner with ASCII spectrum visualization: - rf-scan.js: single-channel scanner with null/dynamic/reflector classification, cross-node correlation, phase coherence, Unicode spectrum display - rf-scan-multifreq.js: wideband view merging 6 channels, null diversity, per-channel penetration quality, frequency-dependent scatterer detection - benchmark-rf-scan.js: null diversity gain, spectrum flatness, resolution estimate Validated: 228 frames in 5s, 23 fps/node, 19% nulls detected, 0.993 cross-node correlation, line-of-sight confirmed ADR-073: interleaved channel hopping (Node 1: ch 1/6/11, Node 2: ch 3/5/9) targets 6x subcarrier diversity, <5% null gap, ~15cm resolution Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
8f2de7e9f2 |
feat: ADR-072 WiFlow SOTA architecture — TCN + axial attention + pose decoder
Pure JS implementation of WiFlow (arXiv:2602.08661) adapted for ESP32: - TCN temporal encoder (dilated causal conv, k=7, dilation 1/2/4/8) - Asymmetric spatial encoder (1x3 residual blocks, stride-2) - Axial self-attention (width + height, 8 heads, 256 channels) - Pose decoder (adaptive pooling → 17x2 COCO keypoints) - SmoothL1 + bone constraint loss (14 skeleton connections) - 1.8M params (1.6 MB at INT8), 198M FLOPs Integrated with camera-free pipeline (pose proxy labels from RSSI triangulation + subcarrier asymmetry + vibration) Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
ba82fcfc37 |
feat: camera-free 17-keypoint pose training (10 sensor signals)
Multi-modal pipeline using PIR, BME280, reed switch, vibration, RSSI triangulation, subcarrier asymmetry — no camera needed. Phases: multi-modal collection → weak label generation → enhanced contrastive → 5-keypoint pose proxy → 17-keypoint interpolation → self-refinement (3 rounds) → LoRA + TurboQuant + EWC Validated: 2,360 frames, 100% presence, 0 skeleton violations, 82.8 KB model (8 KB at 4-bit), 114.8s training Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
ccc543c0e7 |
feat: Mac Mini M4 Pro training script (7-step pipeline)
Clone, copy data via Tailscale, train, benchmark, sync results, publish to HuggingFace — all automated for M4 Pro hardware. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
ade0fe82f6 |
fix: ruvllm pipeline — 7 critical fixes, all metrics improved
Before → After: - Contrastive loss: -0.0% → 33.9% improvement - Presence accuracy: 0% → 100% - Temporal negatives: 0 → 22,396 - Quantization 2-bit: 16KB (4x) → 4KB (16x) - Quantization 4-bit: 16KB (4x) → 8KB (8x) - Training samples: 236 → 2,360 (10x augmentation) - Triplets: 249 → 23,994 (96x more) Fixes: gradient descent on encoder weights, temporal negative threshold 30s→10s, PresenceHead (128→1 BCE), bit-packed quantization, data augmentation (interp+noise+cross-node), Xavier/Glorot init with batch normalization, live data collection Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
a73a17e264 |
feat: ADR-071 ruvllm training pipeline — contrastive + LoRA + TurboQuant
5-phase training pipeline using ruvllm (Rust-native, no PyTorch): 1. Contrastive pretraining (triplet + InfoNCE, 5 triplet strategies) 2. Task head training (presence, activity, vitals via SONA) 3. Per-node LoRA refinement (rank-4, room-specific adaptation) 4. TurboQuant quantization (2/4/8-bit, 6-8x compression) 5. EWC consolidation (prevent catastrophic forgetting) Exports: SafeTensors, HuggingFace config, RVF, per-node LoRA, quantized Validated: 249 triplets, 37,775 emb/s, 100% presence accuracy on test data Target: <5 min training on M4 Pro, <10ms inference on Pi Zero Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
c63cf2ee77 |
feat: GCloud GPU training pipeline + data collection + benchmarking
- gcloud-train.sh: L4/A100/H100 VM provisioning, Rust build, training with --cuda, artifact download, auto-cleanup ($0.80-$8.50/hr) - training-config-sweep.json: 10 hyperparameter configs (LR, batch, backbone, windows, loss weights, warmup) - collect-training-data.py: UDP listener for 2-node ESP32 CSI recording to .csi.jsonl with interactive/batch labeling and manifest generation - benchmark-model.py: ONNX latency/throughput/PCK/FLOPs profiling with multi-model sweep comparison Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
9a2bc1839a |
feat: HuggingFace model publishing pipeline + model card
- publish-huggingface.sh: retrieves HF token from GCloud Secrets, uploads models to ruvnet/wifi-densepose-pretrained - publish-huggingface.py: Python alternative with --dry-run support - docs/huggingface/MODEL_CARD.md: beginner-friendly model card with WiFi sensing explanation, quick start code, hardware BOM, and citation GCloud Secret: HUGGINGFACE_API_KEY in project cognitum-20260110 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
a4bd2308b7 |
feat: ADR-069 ESP32 CSI → Cognitum Seed RVF pipeline (v0.5.4-esp32)
Hardware-validated pipeline connecting ESP32-S3 CSI sensing to Cognitum Seed (Pi Zero 2 W) edge intelligence appliance via 8-dim feature vectors. Firmware: - New 48-byte feature vector packet (magic 0xC5110003) at 1 Hz with normalized presence, motion, breathing, heart rate, phase variance, person count, fall detection, and RSSI - Compressed frame magic reassigned 0xC5110003 → 0xC5110005 - Guard against uninitialized s_top_k read when count=0 Bridge (scripts/seed_csi_bridge.py): - UDP→HTTPS ingest with bearer token, hash-based vector IDs - --validate (kNN), --stats, --compact, --allowed-sources modes - NaN/inf rejection, retry logic, SEED_TOKEN env var support Validated on live hardware: - 941 vectors ingested, 100% kNN exact match - Witness chain SHA-256 verified (1,325 entries) - 1,463 Rust tests passed, Python proof VERDICT: PASS Research: 26 docs covering Arena Physica, Maxwell's equations in WiFi sensing, SOTA survey 2025-2026, GOAP implementation plan Security: removed hardcoded credentials, added NVS patterns to .gitignore, source IP filtering, NaN validation Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
66e2fa0835 |
feat: ADR-063/064 mmWave sensor fusion + multimodal ambient intelligence (#269)
* docs: ADR-063 mmWave sensor fusion with WiFi CSI 60 GHz mmWave radar (Seeed MR60BHA2, HLK-LD2410/LD2450) fusion with WiFi CSI for dual-confirm fall detection, clinical-grade vitals, and self-calibrating CSI pipeline. Covers auto-detection, 6 supported sensors, Kalman fusion, extended 48-byte vitals packet, RuVector/RuvSense integration points, and 6-phase implementation plan. Based on live hardware capture from ESP32-C6 + MR60BHA2 on COM4. Co-Authored-By: claude-flow <ruv@ruv.net> * feat(firmware): ADR-063 mmWave sensor fusion — full implementation Phase 1-2 of ADR-063: mmwave_sensor.c/h: - MR60BHA2 UART parser (60 GHz: HR, BR, presence, distance) - LD2410 UART parser (24 GHz: presence, distance) - Auto-detection: probes UART for known frame headers at boot - Mock generator for QEMU testing (synthetic HR 72±2, BR 16±1) - Capability flag registration per sensor type edge_processing.c/h: - 48-byte fused vitals packet (magic 0xC5110004) - Kalman-style fusion: mmWave 80% + CSI 20% when both available - Automatic fallback to CSI-only 32-byte packet when no mmWave - Dual presence flag (Bit3 = mmwave_present) main.c: - mmwave_sensor_init() called at boot with auto-detect - Status logged in startup banner Fuzz stubs updated for mmwave_sensor API. Build verified: QEMU mock build passes. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(firmware): correct MR60BHA2 + LD2410 UART protocols (ADR-063) MR60BHA2: SOF=0x01 (not 0x5359), XOR+NOT checksums on header and data, frame types 0x0A14 (BR), 0x0A15 (HR), 0x0A16 (distance), 0x0F09 (presence). Based on Seeed Arduino library research. LD2410: 256000 baud (not 115200), 0xAA report head marker, target state byte at offset 2 (after data_type + head_marker). Auto-detect: probes MR60 at 115200 first, then LD2410 at 256000. Sets final baud rate after detection. Co-Authored-By: claude-flow <ruv@ruv.net> * feat: ADR-063 Phase 6 server-side mmWave + CSI fusion bridge Python script reads both serial ports simultaneously: - COM4 (ESP32-C6 + MR60BHA2): parses ESPHome debug output for HR, BR, presence, distance - COM7 (ESP32-S3): reads CSI edge processing frames Kalman-style fusion: mmWave 80% + CSI 20% for vitals, OR gate for presence. Verified on real hardware: mmWave HR=75bpm, BR=25/min at 52cm range, CSI frames flowing concurrently. Both sensors live for 30 seconds. Co-Authored-By: claude-flow <ruv@ruv.net> * docs: ADR-064 multimodal ambient intelligence roadmap 25+ applications across 4 tiers from practical to exotic: - Tier 1 (build now): zero-FP fall detection, sleep monitoring, occupancy HVAC, baby breathing, bathroom safety - Tier 2 (research): gait analysis, stress detection, gesture control, respiratory screening, multi-room activity - Tier 3 (frontier): cardiac arrhythmia, RF tomography, sign language, cognitive load, swarm sensing - Tier 4 (exotic): emotion contagion, lucid dreaming, plant monitoring, pet behavior Priority matrix with effort estimates. All P0-P1 items work with existing hardware (ESP32-S3 + MR60BHA2 + BH1750). Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): add ESP_ERR_NOT_FOUND to fuzz stubs mmwave_sensor stub returns ESP_ERR_NOT_FOUND which wasn't defined in the minimal esp_stubs.h for host-based fuzz testing. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
5b2aacd923 |
fix(firmware): fall detection, 4MB flash, QEMU CI (#263, #265)
* fix(firmware): fall detection false positives + 4MB flash support (#263, #265) Issue #263: Default fall_thresh raised from 2.0 to 15.0 rad/s² — normal walking produces accelerations of 2.5-5.0 which triggered constant false "Fall Detected" alerts. Added consecutive-frame requirement (3 frames) and 5-second cooldown debounce to prevent alert storms. Issue #265: Added partitions_4mb.csv and sdkconfig.defaults.4mb for ESP32-S3 boards with 4MB flash (e.g. SuperMini). OTA slots are 1.856MB each, fitting the ~978KB firmware binary with room to spare. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): repair all 3 QEMU workflow job failures 1. Fuzz Tests: add esp_timer_create_args_t, esp_timer_create(), esp_timer_start_periodic(), esp_timer_delete() stubs to esp_stubs.h — csi_collector.c uses these for channel hop timer. 2. QEMU Build: add libgcrypt20-dev to apt dependencies — Espressif QEMU's esp32_flash_enc.c includes <gcrypt.h>. Bump cache key v4→v5 to force rebuild with new dep. 3. NVS Matrix: switch to subprocess-first invocation of nvs_partition_gen to avoid 'str' has no attribute 'size' error from esp_idf_nvs_partition_gen API change. Falls back to direct import with both int and hex size args. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): pip3 in IDF container + fix swarm QEMU artifact path QEMU Test jobs: espressif/idf:v5.4 container has pip3, not pip. Swarm Test: use /opt/qemu-esp32 (fixed path) instead of ${{ github.workspace }}/qemu-build which resolves incorrectly inside Docker containers. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): source IDF export.sh before pip install in container espressif/idf:v5.4 container doesn't have pip/pip3 on PATH — it lives inside the IDF Python venv which is only activated after sourcing $IDF_PATH/export.sh. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): pad QEMU flash image to 8MB with --fill-flash-size QEMU rejects flash images that aren't exactly 2/4/8/16 MB. esptool merge_bin produces a sparse image (~1.1 MB) by default. Add --fill-flash-size 8MB to pad with 0xFF to the full 8 MB. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): source IDF export before NVS matrix generation in QEMU tests The generate_nvs_matrix.py script needs the IDF venv's python (which has esp_idf_nvs_partition_gen installed) rather than the system /usr/bin/python3 which doesn't have the package. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): QEMU validation treats WARNs as OK + swarm IDF export 1. validate_qemu_output.py: WARNs exit 0 by default (no real WiFi hardware in QEMU = no CSI data = expected WARNs for frame/vitals checks). Add --strict flag to fail on warnings when needed. 2. Swarm Test: source IDF export.sh before running qemu_swarm.py so pip-installed pyyaml is on the Python path. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): provision.py subprocess-first NVS gen + swarm IDF venv provision.py had same 'str' has no attribute 'size' bug as the NVS matrix generator — switch to subprocess-first approach. Swarm test also needs IDF export for the swarm smoke test step. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): handle missing 'ip' command in QEMU swarm orchestrator The IDF container doesn't have iproute2 installed, so 'ip' binary is missing. Add shutil.which() check to can_tap guard and catch FileNotFoundError in _run_ip() for robustness. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): skip Rust aggregator when cargo not available in swarm test The IDF container doesn't have Rust installed. Check for cargo with shutil.which() before attempting to spawn the aggregator, falling back to aggregator-less mode (QEMU nodes still boot and exercise the firmware pipeline). Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): treat swarm test WARNs as acceptable in CI The max_boot_time_s assertion WARNs because QEMU doesn't produce parseable boot time data. Exit code 1 (WARN) is acceptable in CI without real hardware; only exit code 2+ (FAIL/FATAL) should fail. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(firmware): Kconfig EDGE_FALL_THRESH default 2000→15000 The nvs_config.c fallback (15.0f) was never reached because Kconfig always defines CONFIG_EDGE_FALL_THRESH. The Kconfig default was still 2000 (=2.0 rad/s²), causing false fall alerts on real WiFi CSI data (7 alerts in 45s). Fixed to 15000 (=15.0 rad/s²). Verified on real ESP32-S3 hardware with live WiFi CSI: 0 false fall alerts in 60s / 1300+ frames. Co-Authored-By: claude-flow <ruv@ruv.net> * docs: update README, CHANGELOG, user guide for v0.4.3-esp32 - README: add v0.4.3 to release table, 4MB flash instructions, fix fall-thresh example (5000→15000) - CHANGELOG: v0.4.3-esp32 entry with all fixes and additions - User guide: 4MB flash section with esptool commands Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
rUv
|
523be943b0 |
feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260)
9-layer QEMU testing platform (ADR-061) and YAML-driven swarm configurator (ADR-062) for ESP32-S3 firmware testing without hardware. 12 commits, 56 files, +9,500 lines. Tested on Windows with Espressif QEMU 9.0.0 — firmware boots, mock CSI generates frames, 14/16 validation checks pass. 39 bugs found and fixed across 2 deep code reviews. Closes #259 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
Reuven
|
a28a875594 |
fix(firmware): provision.py nvs import + partition config template
Fixes #215: provision.py now correctly imports from esp_idf_nvs_partition_gen package (the pip-installable version) before falling back to legacy import. Fixes #216: Added sdkconfig.defaults.template with custom partition table configuration for 8MB flash boards. Copy to sdkconfig.defaults before build: cp sdkconfig.defaults.template sdkconfig.defaults Changes: - firmware/esp32-csi-node/provision.py: Try esp_idf_nvs_partition_gen first - scripts/provision.py: Same import fix - firmware/esp32-csi-node/sdkconfig.defaults.template: 8MB flash config with 2MB OTA partitions, compiler size optimization, and CSI enabled Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
e94c7056f2 |
feat: add ADR-042 CHCI protocol, 24 new edge modules, README restructure
- ADR-042: Coherent Human Channel Imaging (non-CSI sensing protocol) with DDD domain model (6 bounded contexts) - 24 new WASM edge modules: medical (5), retail (5), security (5), building (5), industrial (5), exotic (8) - README: plain-language rewrites, moved detail sections below TOC, added edge module links to use case tables, firmware release docs - User guide: firmware release table, edge intelligence documentation - .gitignore: added rules for wasm, esp32 temp files, NVS binaries - WASM edge crate: cargo config, integration tests, module registry Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
4b1005524e |
feat: complete vendor repos, add edge intelligence and WASM modules
- Add 154 missing vendor files (gitignore was filtering them) - vendor/midstream: 564 files (was 561) - vendor/sublinear-time-solver: 1190 files (was 1039) - Add ESP32 edge processing (ADR-039): presence, vitals, fall detection - Add WASM programmable sensing (ADR-040/041) with wasm3 runtime - Add firmware CI workflow (.github/workflows/firmware-ci.yml) - Add wifi-densepose-wasm-edge crate for edge WASM modules - Update sensing server, provision.py, UI components Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
093be1f4b9 |
feat: 100% validated witness bundle with proof hash + generator script
- Regenerate Python proof hash for numpy 2.4.2 + scipy 1.17.1 (PASS) - Update ADR-028 and WITNESS-LOG-028 with passing proof status - Add scripts/generate-witness-bundle.sh — creates self-contained tar.gz with witness log, test results, proof verification, firmware hashes, crate manifest, and VERIFY.sh for recipients - Bundle self-verifies: 7/7 checks PASS - Attestation: 1,031 Rust tests passing, 0 failures Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
ruv
|
7872987ee6 |
fix(docker): Update Dockerfile paths from src/ to v1/src/
The source code was moved to v1/src/ but the Dockerfile still referenced src/ directly, causing build failures. Updated all COPY paths, uvicorn module paths, test paths, and bandit scan paths. Also added missing v1/__init__.py for Python module resolution. Fixes #33 Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|
Claude
|
6ed69a3d48 |
feat: Complete Rust port of WiFi-DensePose with modular crates
Major changes: - Organized Python v1 implementation into v1/ subdirectory - Created Rust workspace with 9 modular crates: - wifi-densepose-core: Core types, traits, errors - wifi-densepose-signal: CSI processing, phase sanitization, FFT - wifi-densepose-nn: Neural network inference (ONNX/Candle/tch) - wifi-densepose-api: Axum-based REST/WebSocket API - wifi-densepose-db: SQLx database layer - wifi-densepose-config: Configuration management - wifi-densepose-hardware: Hardware abstraction - wifi-densepose-wasm: WebAssembly bindings - wifi-densepose-cli: Command-line interface Documentation: - ADR-001: Workspace structure - ADR-002: Signal processing library selection - ADR-003: Neural network inference strategy - DDD domain model with bounded contexts Testing: - 69 tests passing across all crates - Signal processing: 45 tests - Neural networks: 21 tests - Core: 3 doc tests Performance targets: - 10x faster CSI processing (~0.5ms vs ~5ms) - 5x lower memory usage (~100MB vs ~500MB) - WASM support for browser deployment |