docs(changelog): record #1050 Observatory persons position/motion fix

Co-Authored-By: claude-flow <ruv@ruv.net>
fix(sensing-server): emit real field-derived person position/motion to /ws/sensing (#1050 )
2026-06-18 11:43:19 +00:00 · 2026-06-14 00:14:08 -04:00 · 2026-06-14 00:13:00 -04:00 · 2026-06-14 00:10:01 -04:00 · 2026-06-14 00:09:57 -04:00 · 2026-06-14 00:09:57 -04:00
311 changed files with 14965 additions and 21082 deletions
@@ -33,8 +33,6 @@ jobs:
        working-directory: v2
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install Rust toolchain
        run: rustup show && rustc --version
@@ -1,199 +0,0 @@
-name: Bench Regression Guard
-
-# Sub-deliverable 8.3 of the benchmark/optimization milestone.
-#
-# HONEST SCOPE (read this before assuming this gates on timing):
-#   * The `bench-compile` job is a REAL, HARD-FAILING regression gate. It runs
-#     `cargo bench --no-default-features --no-run`, which type-checks and links
-#     EVERY criterion bench in the v2/ workspace without running a single
-#     measurement. Benches are not part of `cargo test`, so they silently
-#     bit-rot when a public API they call changes — this job catches that the
-#     moment it happens. This is the part of this workflow that can fail a PR.
-#
-#   * The `bench-fast-run` job runs a small, curated subset of pure-CPU benches
-#     in criterion "quick mode" (short warm-up / measurement / 10 samples) and
-#     is INFORMATIONAL ONLY (`continue-on-error: true`). It does NOT gate on
-#     timing. Wall-clock timings on shared GitHub-hosted runners vary by
-#     2-3x run-to-run (noisy neighbours, CPU throttling, no pinned frequency),
-#     so a hard ">X ms" threshold here would flake constantly and teach
-#     everyone to ignore it. We deliberately do not pretend to do timing
-#     regression-gating we cannot deliver reliably. The numbers are surfaced in
-#     the job log + uploaded as an artifact for humans to eyeball trends.
-#
-# WHY NO criterion --baseline COMPARE GATE:
-#   criterion's `--save-baseline` / `--baseline` compare is the textbook
-#   regression mechanism, but it only produces a trustworthy verdict when the
-#   baseline and the candidate were measured on the SAME hardware under the SAME
-#   conditions. GitHub-hosted runners give neither (the baseline commit and the
-#   PR commit land on different physical machines). Committing a baseline JSON
-#   measured on one runner and comparing a different runner against it would
-#   manufacture false regressions. If/when these benches run on a dedicated,
-#   frequency-pinned self-hosted runner, a `--baseline` compare with a generous
-#   (>2x) noise floor becomes honest and can be added then. Until then,
-#   compile-verify + informational-run is the honest gate.
-
-on:
-  push:
-    branches: [ main, develop, 'feat/*' ]
-    paths:
-      - 'v2/crates/**/benches/**'
-      - 'v2/crates/**/Cargo.toml'
-      - 'v2/crates/**/src/**'
-      - 'v2/Cargo.toml'
-      - 'v2/Cargo.lock'
-      - '.github/workflows/bench-regression.yml'
-  pull_request:
-    paths:
-      - 'v2/crates/**/benches/**'
-      - 'v2/crates/**/Cargo.toml'
-      - 'v2/crates/**/src/**'
-      - 'v2/Cargo.toml'
-      - 'v2/Cargo.lock'
-      - '.github/workflows/bench-regression.yml'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  CARGO_TERM_COLOR: always
-  # Debuginfo is useless in CI and the 38-crate workspace target dir otherwise
-  # exhausts the runner disk (mirrors ci.yml's rust-tests job). The bench
-  # profile inherits release + debug = true (v2/Cargo.toml [profile.bench]);
-  # force it off so the link step does not run out of space.
-  CARGO_PROFILE_BENCH_DEBUG: "0"
-  CARGO_PROFILE_RELEASE_DEBUG: "0"
-
-jobs:
-  # ── HARD GATE: every bench must still compile + link ─────────────────────
-  bench-compile:
-    name: bench compile-verify (--no-run)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout (recursive — wifi-densepose-rufield path-deps vendor/rufield)
-        uses: actions/checkout@v4
-        with:
-          # The workspace includes `wifi-densepose-rufield`, which path-deps the
-          # `vendor/rufield` submodule crates. Without a recursive checkout the
-          # whole workspace fails to resolve before any bench is built.
-          submodules: recursive
-
-      # The workspace pulls in `wifi-densepose-desktop` (Tauri v2) whose -sys
-      # crates need the GTK/WebKit/serial dev libraries via pkg-config, exactly
-      # as ci.yml's rust-tests job documents. A `--workspace` bench build links
-      # the whole graph, so these are required here too.
-      - name: Install Tauri / GTK / serial system dev libraries
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends \
-            libglib2.0-dev \
-            libgtk-3-dev \
-            libsoup-3.0-dev \
-            libjavascriptcoregtk-4.1-dev \
-            libwebkit2gtk-4.1-dev \
-            libayatana-appindicator3-dev \
-            librsvg2-dev \
-            libxdo-dev \
-            libudev-dev \
-            libdbus-1-dev \
-            libssl-dev \
-            pkg-config
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Cache cargo (Swatinem/rust-cache)
-        uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: v2
-          # Distinct cache scope from ci.yml's rust-tests so the bench profile
-          # artifacts (release+opt) do not evict the test profile cache.
-          key: bench-regression
-
-      # The core regression guard. `--no-run` compiles + links every bench
-      # target in the workspace's DEFAULT feature set but runs no measurement,
-      # so it is deterministic and fast-ish (build only). A bench that no longer
-      # compiles — because a type/signature it calls changed and nobody updated
-      # the bench — fails the build here. `--no-default-features` is the
-      # workspace's standard gate flag (openblas/tch/ort/onnx stay opt-out).
-      - name: Compile all workspace benches (default features)
-        working-directory: v2
-        run: cargo bench --workspace --no-default-features --no-run
-
-      # Feature-gated benches are skipped by the default build above because
-      # their `[[bench]]` entries carry `required-features`. Compile the ones we
-      # can guard so they are also covered against bit-rot.
-      #   * cir → wifi-densepose-signal/benches/cir_bench.rs (ADR-134). The
-      #     `cir` feature is pure-Rust (`cir = []`), so it builds on the stock
-      #     runner and is a real, hard-failing guard like the step above.
-      #
-      # NOT guarded here (honest scope):
-      #   * crv → wifi-densepose-ruvector/benches/crv_bench.rs. The `crv` feature
-      #     pulls the crates.io dependency `ruvector-crv 0.1.1`, which currently
-      #     FAILS to compile on stable (E0308 type mismatch in its own
-      #     `stage_iii.rs` — an UPSTREAM bug, unrelated to bench bit-rot).
-      #     Adding a hard `--features crv` compile step would make this workflow
-      #     red for a reason this gate is not meant to police. Re-add this step
-      #     once `ruvector-crv` ships a fixed release. (mqtt/onnx benches are
-      #     likewise left to their own crate workflows.)
-      - name: Compile feature-gated benches (cir)
-        working-directory: v2
-        run: cargo bench -p wifi-densepose-signal --no-default-features --features cir --bench cir_bench --no-run
-
-  # ── INFORMATIONAL: run a curated fast subset (never gates) ───────────────
-  bench-fast-run:
-    name: bench fast-run (informational, non-gating)
-    runs-on: ubuntu-latest
-    # NEVER fail the workflow on this job — timings are noise-prone on shared
-    # runners (see header). It exists to surface trends for humans, not to gate.
-    continue-on-error: true
-    needs: [bench-compile]
-    steps:
-      - name: Checkout (recursive)
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Cache cargo (Swatinem/rust-cache)
-        uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: v2
-          key: bench-regression
-
-      # Curated subset = pure-CPU, fast, dependency-light criterion benches that
-      # finish in seconds under quick-mode flags. Each is targeted by `--bench`
-      # (NOT a bare `cargo bench -p`) because the crates' lib targets use the
-      # libtest harness, which rejects criterion's CLI flags (--warm-up-time
-      # etc.) and aborts the run. Quick-mode: 1s warm-up, 2s measure, 10 samples.
-      - name: nvsim pipeline_throughput (quick)
-        working-directory: v2
-        run: |
-          mkdir -p ../bench-out
-          cargo bench -p nvsim --no-default-features --bench pipeline_throughput -- \
-            --warm-up-time 1 --measurement-time 2 --sample-size 10 \
-            | tee ../bench-out/nvsim_pipeline_throughput.txt
-
-      - name: ruvector sketch_bench (quick)
-        working-directory: v2
-        run: |
-          cargo bench -p wifi-densepose-ruvector --no-default-features --bench sketch_bench -- \
-            --warm-up-time 1 --measurement-time 2 --sample-size 10 \
-            | tee ../bench-out/ruvector_sketch_bench.txt
-
-      - name: ruvector fusion_bench (quick)
-        working-directory: v2
-        run: |
-          cargo bench -p wifi-densepose-ruvector --no-default-features --bench fusion_bench -- \
-            --warm-up-time 1 --measurement-time 2 --sample-size 10 \
-            | tee ../bench-out/ruvector_fusion_bench.txt
-
-      - name: Upload informational bench logs
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: bench-fast-run-logs
-          path: bench-out/
-          if-no-files-found: warn
@@ -53,8 +53,6 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
@@ -42,8 +42,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Determine deployment environment
      id: determine-env
@@ -88,8 +86,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up kubectl
      uses: azure/setup-kubectl@v3
@@ -136,8 +132,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up kubectl
      uses: azure/setup-kubectl@v3
@@ -29,7 +29,6 @@ jobs:
      continue-on-error: true
      uses: actions/checkout@v4
      with:
-        submodules: recursive
        fetch-depth: 0

    - name: Set up Python
@@ -83,13 +82,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive
-      # ADR-262 P1: `wifi-densepose-rufield` path-deps the `vendor/rufield`
-      # submodule. Without a recursive checkout the workspace build fails to
-      # resolve those path deps in CI even though it passes locally.
-      with:
-        submodules: recursive

    # `wifi-densepose-desktop` is a Tauri v2 app — `glib-sys`, `gtk-sys`,
    # `webkit2gtk-sys`, etc. need the Linux dev libraries via pkg-config or the
@@ -210,8 +202,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Python ${{ matrix.python-version }}
      continue-on-error: true
@@ -277,8 +267,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Python
      uses: actions/setup-python@v6
@@ -347,8 +335,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Docker Buildx
      continue-on-error: true
@@ -421,8 +407,6 @@ jobs:
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Python
      uses: actions/setup-python@v6
@@ -35,8 +35,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Fetch /traffic/clones + /traffic/views from GitHub
        env:
@@ -28,8 +28,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
@@ -80,8 +78,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
@@ -149,8 +145,6 @@ jobs:
      vars.HAS_GCP_CREDENTIALS == 'true'
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Download x86_64 artifact
        uses: actions/download-artifact@v4
@@ -20,8 +20,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - uses: dtolnay/rust-toolchain@stable
        with: { targets: wasm32-unknown-unknown }
@@ -26,8 +26,6 @@ jobs:
    steps:
      - name: Checkout main
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install Rust + wasm32 target
        uses: dtolnay/rust-toolchain@stable
@@ -28,8 +28,6 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Setup Node.js
        uses: actions/setup-node@v6
@@ -85,8 +83,6 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Setup Node.js
        uses: actions/setup-node@v6
@@ -135,8 +131,6 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Download all artifacts
        uses: actions/download-artifact@v4
@@ -22,8 +22,6 @@ jobs:
    if: github.ref_type == 'tag'
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - name: Check firmware version.txt == tag
        run: |
          # Tag form: vX.Y.Z-esp32  →  expect version.txt to contain X.Y.Z
@@ -73,8 +71,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Build firmware (${{ matrix.variant }})
        working-directory: firmware/esp32-csi-node
@@ -100,8 +100,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Download QEMU artifact
        uses: actions/download-artifact@v4
@@ -216,8 +214,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install clang
        run: |
@@ -267,8 +263,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install NVS generator
        run: pip install esp-idf-nvs-partition-gen
@@ -323,8 +317,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Download QEMU artifact
        uses: actions/download-artifact@v4
@@ -22,8 +22,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - uses: actions/setup-python@v6
        with:
@@ -41,8 +41,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Install mosquitto + clients and start with allow_anonymous
        run: |
@@ -26,8 +26,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - uses: docker/setup-buildx-action@v3

@@ -76,8 +76,6 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive

      # Linux aarch64 needs QEMU for cross-build on x86_64 runners.
      - name: Set up QEMU
@@ -123,8 +121,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - name: Install maturin
        run: pip install maturin>=1.7
      - name: Build sdist
@@ -148,8 +144,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
@@ -29,8 +29,6 @@ jobs:
    steps:
      - name: Checkout main
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Stage viewer for Pages
        run: |
@@ -36,12 +36,10 @@ jobs:
        features:
          - { label: 'default',          flags: '--no-default-features' }
          - { label: 'train',            flags: '--features train' }
-          - { label: 'ruflo',            flags: '--features ruflo' }
+          - { label: 'ruflo+itar',       flags: '--features ruflo,itar-unrestricted' }
          - { label: 'full+train',       flags: '--features full,train' }
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - uses: dtolnay/rust-toolchain@stable
      - name: Cache cargo
        uses: actions/cache@v4
@@ -62,8 +60,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      # v2/rust-toolchain.toml pins channel "1.89" with profile "minimal" (no
      # clippy). dtolnay@stable installs clippy on the floating "stable"
      # toolchain, but the override makes cargo use the separate "1.89"
@@ -97,8 +93,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - uses: dtolnay/rust-toolchain@stable
      - name: Cache cargo
        uses: actions/cache@v4
@@ -133,8 +127,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
      - name: publish = false is present (no accidental crates.io publish)
        run: |
          CARGO=v2/crates/ruview-swarm/Cargo.toml
@@ -28,7 +28,6 @@ jobs:
      continue-on-error: true
      uses: actions/checkout@v4
      with:
-        submodules: recursive
        fetch-depth: 0

    - name: Set up Python
@@ -98,8 +97,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Python
      continue-on-error: true
@@ -167,8 +164,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Docker Buildx
      continue-on-error: true
@@ -250,8 +245,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Run Checkov IaC scan
      continue-on-error: true
@@ -314,7 +307,6 @@ jobs:
      continue-on-error: true
      uses: actions/checkout@v4
      with:
-        submodules: recursive
        fetch-depth: 0

    - name: Run TruffleHog secret scan
@@ -349,8 +341,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Set up Python
      continue-on-error: true
@@ -388,8 +378,6 @@ jobs:
    - name: Checkout code
      continue-on-error: true
      uses: actions/checkout@v4
-      with:
-        submodules: recursive

    - name: Check security policy files
      continue-on-error: true
@@ -30,8 +30,6 @@ jobs:
    steps:
      - name: Checkout main
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Stage demos for Pages
        run: |
@@ -30,8 +30,6 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-        with:
-          submodules: recursive

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
@@ -277,17 +277,3 @@ aether-arena/staging/
 # MM-Fi benchmark dataset archives — large data, fetch separately, never commit
 assets/MM-Fi/E0*.zip
 assets/MM-Fi/*.zip
-
-# through-wall demo: regenerable trained model artifact
-examples/through-wall/model/
-
-# RuView harness (npx ruview) build artifacts — ADR-182
-harness/**/node_modules/
-harness/**/*.tgz
-harness/**/package-lock.json
-harness/**/.claude-flow/
-harness/**/ruvector.db
-
-# ruvector runtime/hook DB — never tracked (any depth)
-ruvector.db
-**/ruvector.db
@@ -18,14 +18,3 @@
 	path = v2/crates/ruv-neural
 	url = https://github.com/ruvnet/ruv-neural.git
 	branch = main
-[submodule "vendor/rufield"]
-	path = vendor/rufield
-	url = https://github.com/ruvnet/rufield
-[submodule "v2/crates/ruview-swarm"]
-	path = v2/crates/ruview-swarm
-	url = https://github.com/ruvnet/ruv-drone.git
-	branch = main
-[submodule "v2/crates/worldgraph"]
-	path = v2/crates/worldgraph
-	url = https://github.com/ruvnet/worldgraph.git
-	branch = main
@@ -22,8 +22,6 @@ Dual codebase: Python v1 (`v1/`) and Rust port (`v2/`).
 | `wifi-densepose-vitals` | ESP32 CSI-grade vital sign extraction (ADR-021) |
 | `nvsim` | Deterministic NV-diamond magnetometer pipeline simulator (ADR-089) — standalone leaf, WASM-ready |
 | `vendor/rvcsi` (submodule) | **rvCSI** — edge RF sensing runtime (ADR-095/096): 9 crates (`rvcsi-core`/`-dsp`/`-events`/`-adapter-file`/`-adapter-nexmon`/`-ruvector`/`-runtime`/`-node`/`-cli`). Lives in its own repo ([github.com/ruvnet/rvcsi](https://github.com/ruvnet/rvcsi)), vendored here under `vendor/rvcsi`, published to crates.io as `rvcsi-* 0.3.x` and to npm as `@ruv/rvcsi`. Not a `v2/` workspace member — depend on the published crates (or the submodule's `crates/rvcsi-*` paths). Normalized `CsiFrame`/`CsiWindow`/`CsiEvent` schema, validate-before-FFI, reusable DSP, typed confidence-scored events, the napi-c Nexmon shim (real nexmon_csi `.pcap` from a Raspberry Pi 5 / 4 / 3B+ — BCM43455c0), the napi-rs SDK, the `rvcsi` CLI, a Claude Code plugin. |
-| `vendor/rufield` (submodule) | **RuField MFS** — the open spec for camera-free multimodal field sensing (ADR-260). A common `FieldEvent`/`FieldTensor`/`FusionGraph`/`PrivacyClass`/`ProvenanceReceipt` model *above* WiFi CSI/CIR/BFLD, UWB, BLE Channel Sounding, mmWave radar, ultrasound, subsonic, infrared, and quantum sensors. Lives in its own repo ([github.com/ruvnet/rufield](https://github.com/ruvnet/rufield)), vendored here under `vendor/rufield`. Not a `v2/` workspace member. v0.1 reference stack = 7 crates (`rufield-core`/`-provenance`/`-privacy`/`-adapters`/`-fusion`/`-bench`/`-viewer`), 72 tests/0 failed; `rufield-viewer` is an Axum + vanilla-JS read-only dashboard (`cargo run -p rufield-viewer`) completing ADR-260 §27.9. The WiFi-CSI modality is now **real-replay-backed** via `CsiReplayAdapter` (ingests real captured `.csi.jsonl` → fused presence/breathing inferences; replay-from-file, unlabeled CSI-variance proxy, not validated accuracy); mmWave/thermal + all synthetic-bench F1 numbers remain **SYNTHETIC** (no live hardware — live streaming + labeled accuracy are roadmap). |
-| `wifi-densepose-rufield` | ADR-262 P1 **anti-corruption bridge** — converts RuView WiFi-CSI sensing output (`SensingSnapshot` mirroring `SensingUpdate` + `TrustedOutput`, owned primitives, no dep on `wifi-densepose-sensing-server`) into **signed RuField `FieldEvent`s** (`Modality::WifiCsi`, real `timestamp_ns`, sha256 + ed25519 provenance, `synthetic=false`). The single coupling point between RuView and the standalone RuField MFS spec (§5.4); path-deps the `vendor/rufield` submodule crates (`rufield-core`/`-provenance`/`-privacy`/`-fusion`). **Critical §3.3 privacy mapping** (`map_privacy`): maps RuView class → RuField P0–P5 by **information content, never byte value**, fail-closed (`Derived → P4/P5`, never P1; `demoted` floors to ≥ P2). 15 tests / 0 failed (round-trip / `is_fusable` / fusion-ingest / privacy-safety / determinism). P1 plumbing — not wired into the live server (P3), no accuracy claim. |
 | `ruview-swarm` | Drone swarm control system (ADR-148) — hierarchical-mesh topology, Raft consensus, MARL, CSI sensing payload, MAVLink/PX4 compat, Ruflo AI-agent integration |

 ### RuvSense Modules (`signal/src/ruvsense/`)
@@ -601,8 +601,6 @@ claude --plugin-dir ./plugins/ruview

 Verify the plugin structure: `bash plugins/ruview/scripts/smoke.sh`. Full details: [`plugins/ruview/README.md`](plugins/ruview/README.md).

-**Portable harness — `npx @ruvnet/ruview`:** a lighter, host-portable companion to the in-repo plugin, minted via [MetaHarness](https://www.npmjs.com/package/metaharness) and hardened per [ADR-182](docs/adr/ADR-182-npx-ruview-harness-via-metaharness.md). It runs **without cloning this repo** and on more hosts (Claude Code, Codex, Copilot, opencode, …), exposing the RuView operator tools (`onboard`, `verify`, `node_monitor`, `calibrate`, `node_flash`) over an MCP server — plus the project's **MEASURED-vs-CLAIMED honesty guardrail enforced in code** (`ruview.claim_check` flags untagged or retracted-"100%" accuracy claims). v0.1: the onboarding/verify/claim-check paths are tested (17/17, `verify.py` → PASS); the hardware tools are fail-closed wrappers. Try `npx @ruvnet/ruview` to onboard, or `npx @ruvnet/ruview claim-check --text "…"`. Source: [`harness/ruview/`](harness/ruview/README.md).
-
 ---

 ## 📖 Documentation
@@ -616,7 +614,6 @@ Verify the plugin structure: `bash plugins/ruview/scripts/smoke.sh`. Full detail
 | [**SENSE-BRIDGE — rvagent MCP server**](tools/ruview-mcp/README.md) | Dual-transport MCP server (`@ruvnet/rvagent`) bridging the RuView sensing stack to AI agents (Claude Code, Cursor, ruflo swarms). 6 tools wired: `ruview.presence.now`, `ruview.vitals.get_{breathing,heart_rate,all}`, `ruview.bfld.last_scan`, `ruview.bfld.subscribe`. stdio + Streamable HTTP (`POST /mcp`, Origin-validated, bearer-token auth, `127.0.0.1` bind). Full 20-tool Zod schema barrel + 5 RUVIEW-POLICY governance tools. 93 tests. [ADR-124](docs/adr/ADR-124-rvagent-mcp-ruvector-npm-integration.md). Try: `npx @ruvnet/rvagent stdio`. |
 | [Semantic Primitives — Precision/Recall](docs/integrations/semantic-primitives-metrics.md) | Per-primitive F1 on the held-out paired-capture set: someone-sleeping, possible-distress, room-active, elderly-inactivity-anomaly, meeting, bathroom, fall-risk, bed-exit, no-movement, multi-room. |
 | [Claude Code / Codex Plugin](plugins/ruview/README.md) | The `ruview` plugin + marketplace — skills, `/ruview-*` commands, agents, and the Codex prompt mirror |
-| [Portable harness — `npx @ruvnet/ruview`](harness/ruview/README.md) | MetaHarness-minted, host-portable RuView operator harness — `ruview.*` MCP tools + the MEASURED-vs-CLAIMED honesty guardrail enforced in code ([ADR-182](docs/adr/ADR-182-npx-ruview-harness-via-metaharness.md)). A lighter, multi-host companion to the in-repo plugin. |
 | [Architecture Decisions](docs/adr/README.md) | 96 ADRs — why each technical choice was made, organized by domain (hardware, signal processing, ML, platform, infrastructure) |
 | [Domain Models](docs/ddd/README.md) | 8 DDD models (RuvSense, Signal Processing, Training Pipeline, Hardware Platform, Sensing Server, WiFi-Mat, CHCI, rvCSI) — bounded contexts, aggregates, domain events, and ubiquitous language |
 | [rvCSI — edge RF sensing runtime](https://github.com/ruvnet/rvcsi) | Rust-first / TypeScript-accessible / hardware-abstracted CSI runtime: multi-source ingestion (incl. real nexmon_csi `.pcap` from a **Raspberry Pi 5** / Pi 4 / Pi 3B+ — CYW43455 / BCM43455c0) → validation → DSP → typed events → RuVector RF memory ([ADR-095](docs/adr/ADR-095-rvcsi-edge-rf-sensing-platform.md), [ADR-096](docs/adr/ADR-096-rvcsi-ffi-crate-layout.md), [domain model](docs/ddd/rvcsi-domain-model.md)). Now its own repo — [`ruvnet/rvcsi`](https://github.com/ruvnet/rvcsi) — vendored here under `vendor/rvcsi`; 9 `rvcsi-*` crates on crates.io, `@ruv/rvcsi` on npm, plus a Claude Code plugin. |
@@ -14,13 +14,6 @@ COPY v2/crates/ ./crates/
 # Copy vendored RuVector crates
 COPY vendor/ruvector/ /build/vendor/ruvector/

-# Copy vendored RuField submodule — the `wifi-densepose-rufield` bridge crate
-# (ADR-262) path-deps `../../../vendor/rufield/crates/*`, which from the Docker
-# build layout (v2/ collapsed into /build) resolves to /vendor/rufield. Copy the
-# whole tree so the rufield workspace Cargo.toml (workspace-dep inheritance) and
-# the four bridged crates (rufield-core/-provenance/-privacy/-fusion) all resolve.
-COPY vendor/rufield/ /vendor/rufield/
-
 # Build release binaries:
 #   - sensing-server with `mqtt` feature so the HA-DISCO MQTT publisher
 #     (ADR-115) is wired in (auto-discovery topics flow to Home Assistant)
@@ -1092,12 +1092,6 @@ Two robustness bugs were fixed in the on-device edge path (`firmware/esp32-csi-n

 Both are pinned by host-buildable C99 tests in `firmware/esp32-csi-node/test/test_vitals_count_presence.c` (`make run_vitals`). The exact thresholds are documented constants pending on-device calibration against ground truth.

-### 2026-06 — Rust `wifi-densepose-vitals`: IIR filter NaN/inf self-heal (ADR-158 §A1)
-
-A correctness/safety review of the Rust extraction crate found a real bug parallel to the firmware robustness class above. The 2nd-order resonator `bandpass_filter` in both `breathing.rs` and `heartrate.rs` latches each output `y[n]` into its filter state (`y1`/`y2`). A single non-finite amplitude residual from a corrupt CSI frame produced a NaN `output` that was written into the state; the existing `extract()` `is_finite()` guard dropped that one sample from the history buffer **but never sanitized the poisoned filter state**, so every later output stayed NaN, was rejected too, and the sliding-window history never refilled — breathing **and** heart-rate extraction went silently dead (returning `None` forever) until `reset()`. On the alert path this is a safety-relevant denial of service (one bad frame stops vitals monitoring with no error surfaced).
-
-Fix: when `bandpass_filter` computes a non-finite `output`, it resets the IIR state to default and returns `0.0`, so the resonator self-heals on the next clean frame (the `0.0` is still dropped by the caller's finite-check, so no spurious sample enters history). Same shape as the calibration NaN bug (ADR-154 §3) — the prior hardening guarded the *history boundary* but not the *filter-state boundary*. Pinned by `breathing::tests::nan_frame_does_not_permanently_poison_filter`, `breathing::tests::inf_mid_stream_does_not_freeze_history`, and `heartrate::tests::nan_frame_does_not_permanently_poison_filter` (all FAIL pre-fix, verified by reverting). The review also de-magicked the HR physiological plausibility band into named `HR_PLAUSIBLE_MIN_BPM`/`HR_PLAUSIBLE_MAX_BPM` consts (value-identical 40/180 BPM) and added a fabricated-vital negative (`pure_noise_is_never_reported_valid` — broadband noise never yields a clinically `Valid` HR; the extractor honestly returns low-confidence `Unreliable`). Clean dimensions confirmed with evidence: flat/silent input → `None`; pure noise → low-confidence `Unreliable`, never `Valid`; harmonic-rich breathing with no cardiac component → low-confidence, not a confident false HR; out-of-band BPM rejected by the plausibility clamp.
-
 ## References

 - Ramsauer et al. (2020). "Hopfield Networks is All You Need." ICLR 2021. (ModernHopfield formulation)
@@ -104,57 +104,6 @@ Ranked by build cost × user impact:
 | **P9** | HACS integration repo (`hass-wifi-densepose`) for HA-side install path | pending |
 | **P10** | Witness bundle + CSA-style spec compliance check | pending |

-## 4.1 Crypto/security review notes (§2.2 witness chain — ADR-262 P2 prerequisite)
-
-Beyond-SOTA crypto+security review of the SHA-256 + Ed25519 witness chain
-(`witness.rs` / `witness_signing.rs`) and the manifest signature surface
-(`manifest.rs`), because ADR-262 P2 proposes to **reuse this exact signing
-chain**. Top priority was the sibling `wifi-densepose-engine` bug class —
-unframed boundary-to-boundary concatenation of operator-influenceable strings
-into a signed/hashed digest.
-
- **Engine bug class ABSENT (good result, reported with byte evidence).**
-  `canonical_bytes` is `DOMAIN_TAG ‖ prev_hash[32] ‖ seq:u64-be ‖ ts:u64-be ‖
-  kind_len:u32-be ‖ kind ‖ payload_len:u32-be ‖ payload`. The two
-  variable-length operator-influenceable fields (`kind`, `payload`) are
-  **length-prefixed**; the fixed-width fields are self-delimiting → the
-  encoding is injective (no two distinct event tuples share a preimage). The
-  Ed25519 signature signs the **identical** bytes the SHA-256 chain commits to.
-  No separate unframed concatenation exists; the manifest `binary_signature`
-  is signed at build time (Makefile) over a single fixed-length `binary_sha256`
-  hex value, not in-crate.
-
- **CHM-WIT-01 (FIXED) — domain-separation tag added.** The engine fix
-  prescribed *domain-tag + length-prefix*; length-prefix was present, the
-  domain tag was not. Added a versioned, NUL-terminated
-  `WITNESS_DOMAIN_TAG = b"cog-ha-matter/witness-event/v1\x00"` prefix so the
-  witness message can never be replayed as a message for another Ed25519
-  context that shares key infrastructure (notably the manifest signature).
-  **Witness bytes change by design** (prior on-disk hashes/signatures
-  invalidated, as with the engine fix); verified safe because no in-repo crate
-  consumes cog-ha-matter witness bytes programmatically (doc-mentions only).
-
- **CHM-WIT-02 (HARDENED) — `verify_signature` now uses `verify_strict`.** For
-  an audit chain the signature is the attestation, so non-canonical encodings
-  and small-order keys are rejected (RFC 8032 strict), giving the "one
-  canonical signature per event" property. Not a forgery fix — the verifying
-  key is caller-pinned, never read from the event.
-
- **Confirmed clean (with evidence):** verify-before-trust + key-pinning
-  (`verify_signature` takes the verifying key as a parameter; `read_jsonl`
-  re-derives every hash and chain-verifies); key handling (the crate never
-  generates/stores/logs/serializes a signing key — only a documented test-only
-  fixed seed; production keys come from the Seed secure store, out of scope);
-  determinism (positional bytes, deterministic Ed25519, alphabetically-locked
-  JSONL field order, sorted TXT records — no HashMap/float nondeterminism feeds
-  any digest); fail-closed parsing (structured errors, no panics; `main.rs`
-  reads no untrusted files/paths).
-
-Tests: `cog-ha-matter --no-default-features` 64 → **68**, 0 failed (CHM-WIT-01
-pinned by 4 fails-on-old tests across `witness.rs`/`witness_signing.rs`;
-CHM-WIT-02 guarded by a key-pinning test). Python deterministic proof
-unchanged (cog-ha-matter is off the signal proof path).
-
 ## 5. References

 - ADR-101 — `cog-pose-estimation` packaging precedent (signed binaries on GCS, .cog manifest)
@@ -190,78 +190,4 @@ The entity registry is a `RwLock<HashMap<EntityId, EntityEntry>>` backed by an a

 - `v2/crates/wifi-densepose-sensing-server/src/main.rs` — Axum + Tokio architecture pattern used throughout the existing server stack
 - `docs/adr/ADR-126-ruview-native-ha-port-master.md` — HOMECORE master; §5.5 crate naming; §6 compatibility contract; §5.1 RUVIEW-POLICY
-
---
-
-## 9. Security & concurrency review (P1 core, beyond-SOTA sweep)
-
-Foundational review of the `homecore` crate — the state store + event bus +
-service/entity registries every other HOMECORE module trusts. Same rigor as
-the ADR-129/130/132/133/161 sibling reviews. **Three real fixes (one
-concurrency, two hardening), each pinned by a fails-on-old test; the bus-lag
-and lock-discipline dimensions confirmed clean with evidence.**
-
- **HC-RACE-01 (state-set TOCTOU — lost / reordered `state_changed`, the
-  crux). FIXED.** `StateMachine::set` did `get()` (releasing the DashMap
-  shard lock) → compute the next snapshot + the no-op / `last_changed`
-  decision → `insert()` (re-acquiring the lock) → `send()`. The
-  read-modify-write was **not atomic** w.r.t. a concurrent writer on the
-  same entity, contradicting §2.1's promise that "the writer atomically
-  replaces the map entry." A writer that read a stale `old` could
-  mis-classify a genuine transition as a no-op and **drop its
-  `state_changed` event** (a missed automation trigger) or fire an event
-  whose `new_state` duplicated the previously delivered one (a spurious
-  trigger for any automation keyed on `old_state != new_state`). **Fix:**
-  hold the shard write-lock across the entire read→decide→insert→fire
-  sequence via `entry()`/`insert_entry()`; `tx.send` is non-blocking,
-  non-async, and never re-enters the map, so firing under the shard lock
-  cannot deadlock and keeps global event order in lock-step with global
-  commit order. Pinned by `concurrent_set_fires_no_duplicate_adjacent_events`
-  (4 writers toggling one entity A/B; asserts no two consecutive fired
-  events carry an identical `new_state` — impossible under correct
-  serialisation; a probe observed ~93k such duplicate-adjacent events across
-  200 trials on the racy code, zero on the fix).
- **HC-EID-LEN-01 (unbounded `entity_id` — memory-DoS at the REST boundary).
-  FIXED.** `homecore-api/src/rest.rs` parses untrusted path segments
-  straight through `EntityId::parse`; with no length cap, an
-  otherwise-valid id (`a.` + many MB of `[a-z0-9_]`) was accepted and a
-  `POST /api/states/<giant>` would persist it into the DashMap state store
-  (permanent growth across distinct ids). **Fix:** reject ids longer than
-  `MAX_ENTITY_ID_LEN` (255, HA-compatible) up front in `parse()`, before any
-  per-char scan, with a new `EntityIdError::TooLong`; fail-closed at the
-  boundary type protects every caller. Pinned by `entity_id_length_boundary`
-  (exactly-MAX accepted, MAX+1 and a 4 MiB id rejected — fails on old code).
- **HC-SVC-PANIC-01 (service-handler panic not isolated). HARDENED.**
-  `ServiceRegistry::call` already ran handlers outside the registry lock (no
-  `RwLock` poisoning, no blocking of other callers — clean), but a
-  panicking handler unwound through `call()` into the caller's task. **Fix:**
-  wrap the handler future in `AssertUnwindSafe` + `catch_unwind`, converting
-  a panic to `ServiceError::HandlerPanicked`; the registry stays fully
-  usable. Pinned by `panicking_handler_is_isolated_and_registry_survives`.
-
-**Dimensions confirmed clean (with evidence):**
-
- **Event-bus bounds / lag (same class as the homecore-api WS lag-DoS).**
-  Both `StateMachine` and `EventBus` use bounded `tokio::sync::broadcast`
-  (capacity 4,096). A slow subscriber gets a recoverable `Lagged(n)`
-  (drop-oldest + re-sync); `fire_*` is non-blocking and **never waits on
-  slow receivers**, so a lagging subscriber cannot block the publisher, grow
-  the channel without bound, or take down a fast subscriber. Evidenced by
-  `slow_subscriber_does_not_block_publisher_or_kill_the_bus` (fire 3×
-  capacity at an idle subscriber; publisher unblocked, bus stays live).
- **Lock ordering / lock-across-await (deadlock).** No code path holds two
-  of `{state DashMap, registry RwLock, service RwLock}` simultaneously, so
-  no inconsistent-ordering deadlock can exist. Every `tokio::sync::RwLock`
-  guard in `registry.rs`/`service.rs` is used in a single synchronous
-  statement and dropped before any `.await`; `call` explicitly scopes the
-  read guard out before awaiting the handler. The only guard held across a
-  send is the DashMap shard lock in `set`, across a synchronous
-  (non-await) broadcast send — safe.
- **Panic-on-input.** No reachable `unwrap`/`expect`/index in non-test code
-  beyond the safe `send().unwrap_or(0)` and the dead-but-harmless
-  `split_once(...).unwrap_or(...)` fallbacks on already-validated ids.
-
-`cargo test -p homecore --no-default-features`: **20 → 24 passed, 0 failed**
-(+4 pins). Workspace green; Python deterministic proof unchanged
-(`f8e76f21…46f7a`, bit-exact — `homecore` is off the signal proof path).
 - `docs/adr/ADR-028-esp32-capability-audit.md` — witness chain pattern (Ed25519 per state transition)
@@ -190,23 +190,6 @@ This is the same Wasmtime host already used for integration plugins (ADR-128)

 ---

-## 8a. Security review (beyond-SOTA sweep, post ADR-154–159)
-
-A focused security review of `homecore-automation` (the execution/eval surface — triggers → conditions → actions, with templates) was run after the ADR-154–159 sweep, applying the same rigor that the sibling engine/bfld/calibration/vitals/geo reviews used. **Two real DoS findings, each pinned by a fails-on-old test; the condition-bypass, fail-closed-parsing, and action-authorization dimensions were probed and found clean.**
-
- **HC-SEC-01 (template-injection / unbounded-expansion DoS, HIGH) — FIXED.** A `template:` condition / `value_template` is user automation config, and was rendered with MiniJinja's defaults: **no instruction budget, no output cap**. A single condition such as `{% for i in range(5000) %}{% for j in range(5000) %}xxxx{% endfor %}{% endfor %}` rendered a **100 MB string over ~11 s on one render call** (measured) — a CPU/memory denial of service (the bfld-class "unbounded expansion"; MiniJinja's per-call `range()` 10k cap does **not** stop nested loops). **Fix:** enable MiniJinja's `fuel` feature and set a per-render budget (`set_fuel(Some(1_000_000))`) so a nested loop burns one unit per iteration — the attack now fails fast (~90 ms) with "engine ran out of fuel"; plus a 64 KiB source-length cap rejecting pathological sources before compilation. Legitimate HA templates (a few dozen instructions) are unaffected. Pinned by `nested_loop_template_is_bounded_not_unbounded_dos`, `single_huge_repeat_template_is_bounded`, `oversized_template_source_is_rejected` (all fail-on-old: unbounded render / no rejection), and `legitimate_template_still_renders_within_fuel` (no regression).
- **HC-SEC-02 (panic-on-config DoS, MEDIUM) — FIXED.** `Action::Delay { seconds }` and `Action::WaitForTrigger { timeout_seconds }` fed the user-supplied float straight into `Duration::from_secs_f64`, which **panics** on negative, NaN, infinite, or overflowing inputs — all reachable from a crafted (or typo'd) YAML (`delay: {seconds: -1}`, `.nan`, `.inf`, `1e308`). One hostile config aborts the spawned automation run task with a panic (measured: "cannot convert float seconds to Duration: value is negative"). **Fix:** a `safe_duration_from_secs` guard that saturates instead of panicking (NaN/±inf/negative → `Duration::ZERO`, matching HA's lenient "non-positive delay = no delay"; absurdly large → clamped to ~100 years). Pinned by `delay_negative_seconds_does_not_panic`, `delay_nan_seconds_does_not_panic`, `delay_infinite_seconds_does_not_panic`, `wait_for_trigger_negative_timeout_does_not_panic`, `safe_duration_saturates_hostile_values` (incl. overflow clamp).
-
-**Dimensions confirmed clean (with evidence):**
- **Condition bypass / fail-closed eval** — a `Condition::Template` whose render errors evaluates to `false` (`condition.rs` `Err(_) => false`), and a `Choose` branch condition that fails to deserialize is treated as **non-matching** (the branch is skipped), not silently passing (`action.rs` `ChoiceBranch::matches` `Err(_) => return false`). Both fail **closed** (do-not-run), confirmed by the existing `choose_*` tests and template-false-blocks-action behavioral test. No true-by-default-on-parse-error path found.
- **Re-entrancy / livelock (DoS)** — run-mode machinery is bounded and tested: `Single`/`IgnoreFirst` re-entrancy guard, `Restart` cancel-and-replace, `Queued` FIFO serialization, and `max: N` semaphore cap (ADR-162; `restart_mode_cancels_prior_run`, `queued_mode_runs_sequentially_not_concurrently`, `max_two_caps_concurrency_at_two`, `single_mode_does_not_double_fire_on_rapid_triggers`). A self-triggering automation does not livelock the engine — each fire is bounded by its run-mode.
- **Action authorization** — templates are read-only sandboxed (`states`/`state_attr`/`is_state`/`now` globals; no service-call or state-set global is exposed to template scope), so a template cannot escalate into an action. Service authorization itself is enforced at the `homecore` service-registry boundary (out of this crate's scope); no gap found in what the automation crate enforces.
- **Panic-on-config (parse)** — `serde_yaml`/`serde_json` deserialization returns structured `AutomationError` (no `unwrap`/`expect`/index reachable from a crafted config in the eval/exec path); the only remaining panic surface was the `from_secs_f64` path fixed as HC-SEC-02.
-
-Validation: `cargo test -p homecore-automation --no-default-features` → 54 passed / 0 failed (+14 over baseline). Python deterministic proof unchanged (homecore-automation is off the signal-processing proof path).
-
---
-
 ## 9. References

 ### HA upstream
@@ -1,444 +0,0 @@
-# ADR-131: HOMECORE-UI — Operational dashboard for the two-tier Cognitum stack
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — UI implemented (§10); full backend wiring specified (§11–§12) |
-| **Date** | 2026-06-14 |
-| **Deciders** | ruv |
-| **Codename** | **HOMECORE-UI** — first-class operator dashboard inside the Cognitum Appliance shell |
-| **Relates to** | [ADR-126](ADR-126-ruview-native-ha-port-master.md) (HOMECORE master), [ADR-127](ADR-127-homecore-state-machine-rust.md) (HOMECORE-CORE state machine), [ADR-128](ADR-128-homecore-integration-plugin-system.md) (HOMECORE-PLUGINS), [ADR-129](ADR-129-homecore-automation-engine.md) (automation engine), [ADR-130](ADR-130-homecore-rest-websocket-api.md) (HOMECORE-API), [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) (recorder/semantic search), [ADR-151](ADR-151-room-calibration-specialist-training.md) (room calibration HTTP API), [ADR-100](ADR-100-cog-packaging-specification.md) (Cog packaging), [ADR-116](ADR-116-cog-ha-matter-seed.md) (cog-ha-matter), [ADR-069](ADR-069-cognitum-seed-csi-pipeline.md) (SEED RVF ingest), [ADR-105](ADR-105-federated-csi-training.md) (federated CSI training) |
-| **Tracking issue** | TBD |
-| **Parent** | [ADR-126](ADR-126-ruview-native-ha-port-master.md) (sub-ADR, HOMECORE-127…134 family) |
-
---
-
-## 1. Context
-
-HOMECORE (ADR-126 through ADR-134) is the native Rust + WASM + TypeScript port of Home Assistant running as the hub on the Cognitum v0 Appliance. As of P2, the state machine ([ADR-127](ADR-127-homecore-state-machine-rust.md)), API ([ADR-130](ADR-130-homecore-rest-websocket-api.md)), and COG runtime ([ADR-128](ADR-128-homecore-integration-plugin-system.md)) are in place. What is missing is a first-class dashboard UI that operators, integrators, and residents can use to manage the full two-tier hardware stack that HOMECORE coordinates.
-
-### 1.1 The two-tier hardware model this UI must represent
-
-This is the most important architectural constraint the UI must carry through every panel:
-
- **Cognitum SEED** — a Pi Zero 2 W-based edge node. It has its own RVF vector store (8-dim, content-addressed, with kNN queries), Ed25519 witness chain, SHA-256 ingest audit trail, onboard environmental sensors (BME280 temperature/humidity/pressure, PIR motion, reed switch, ADS1115 4-channel ADC, vibration), 13 drift detectors, an MCP proxy (114 tools, JSON-RPC 2.0, default-deny policy), 98 HTTPS API endpoints, and epoch-based swarm sync for multi-SEED deployments. SEEDs sit close to the ESP32 sensing nodes and receive feature vectors from them at 1 Hz. Multiple SEEDs can form a peer mesh. **This is the sensing and memory tier.**
- **Cognitum v0 Appliance** — a Pi 5 + Hailo-10H hub, running at `:9000`. It hosts the COG runtime (`/var/lib/cognitum/apps/`), the HOMECORE state machine and event bus, the calibration service, `ruview-mcp-brain:9876`, `cognitum-rvf-agent:9004`, `ruvector-hailo-worker:50051`, and acts as the fleet coordinator for multi-room correlation and federated training. The Appliance is where HOMECORE runs, and it is what the dashboard user is sitting in front of. **This is the computation and orchestration tier.**
-
-SEEDs are **subordinate nodes that the Appliance supervises** — they are not peers. The UI navigation hierarchy must reflect this: the Appliance is the root, SEEDs are children, ESP32 nodes are leaves.
-
-### 1.2 What the UI is not
-
-HOMECORE-UI is **not** a re-skin of the existing Cognitum Cog Store. It is a full operational dashboard that **extends** the Cognitum platform's shell — the Cog Store, API Explorer, and Guide already exist and must remain intact, with the HOMECORE dashboard added as a first-class navigation section alongside them.
-
---
-
-## 2. Decision
-
-Build HOMECORE-UI as a **complete** TypeScript + Rust→WASM frontend (per this ADR's §3 and the HOMECORE-127…134 family) that:
-
-1. Lives at `http://cognitum-v0:9000/homecore` (or as a dedicated nav item in the Cognitum Appliance shell).
-2. Is visually and stylistically seamless with the existing Cognitum platform — same dark theme, same design tokens, same component patterns as `https://seed.cognitum.one/store`.
-3. Drives the HOMECORE REST + WebSocket API ([ADR-130](ADR-130-homecore-rest-websocket-api.md)) and the calibration HTTP API ([ADR-151](ADR-151-room-calibration-specialist-training.md)) for all data.
-4. Updates in real-time via the homecore `subscribe_events` WebSocket channel. **The UI must never poll for entity state.**
-
-**This is a decision to deliver the complete operational dashboard — every panel in §4.1 through §4.10, every navigation section in §5, fully wired to live data — not a design-system scaffold or a partial first cut.** A static layout shell with placeholder data is explicitly **out of scope as a deliverable**: the design system (§3) is a means to the complete UI, not an end in itself. The acceptance bar for this ADR is that an operator can drive the full two-tier stack — fleet, entities, rooms, COGs, calibration, events, audit, and settings — from the dashboard, against real APIs, with no panel left as a stub.
-
-### 2.1 `homecore-server` is the single backend-for-frontend (BFF) gateway
-
-The data the dashboard needs is spread across **three backend tiers that are not one process**: (a) `homecore-api` (`/api/*` REST + `/api/websocket`, mounted in `homecore-server`); (b) the **calibration API** (`/api/v1/*`, served by a *separate* binary — `wifi-densepose calibrate-serve` / `wifi-densepose-sensing-server`); and (c) the **SEED device tier + appliance daemons** (RVF vector store, witness chain, onboard sensors, reflex rules, COG supervisor, federation), which are physically separate HTTPS services on the SEED nodes and the appliance.
-
-The browser must talk to **exactly one origin.** Therefore `homecore-server` is promoted to the **single BFF / API gateway** for HOMECORE-UI: it serves the static assets at `/homecore`, serves `homecore-api` at `/api/*`, and **adds a new `/api/homecore/*` namespace** that proxies and aggregates the calibration API and the SEED/appliance tiers server-side. The UI only ever issues same-origin requests; cross-service auth (SEED bearer tokens, calibration tokens) is held by the gateway and **never exposed to the browser**. This collapses the CORS/multi-port problem and gives one place to enforce the long-lived-access-token auth (§4.10).
-
-### 2.2 No mock data in production
-
-The in-browser mock layer that the first UI cut shipped behind DEMO banners (§7.1, prior revision) is **demoted to a dev-only fixture** gated behind an explicit `?demo=1` / `HOMECORE_UI_DEMO=1` flag. The production build wires **every** panel to a real gateway endpoint. The full endpoint contract and the backend work each panel needs are specified in **§11**; the staged path to get there is **§12**. A panel may show an empty/typed-error state when its upstream is down, but it must never silently render fabricated data.
-
---
-
-## 3. Design system — Cognitum platform conventions
-
-The implementor **must study `https://seed.cognitum.one/store` as the definitive design reference before writing a single line of CSS.** The existing platform's design tokens, extracted from production, are:
-
-### 3.1 Colour palette (CSS custom properties)
-
-| Token | Value | Role |
-|---|---|---|
-| `--bg` | `#0a0e1a` | page background (very dark navy) |
-| `--bg2` | `#111627` | secondary background / nav strip |
-| `--card` | `#171d30` | card / panel surface |
-| `--card-h` | `#1e2540` | card hover state |
-| `--border` | `#252d45` | all border strokes (≈0.67px, subtle) |
-| `--t1` | `#e0e4f0` | primary text (near-white) |
-| `--t2` | `#8890a8` | secondary / muted text |
-| `--t3` | `#505872` | tertiary / disabled text |
-| `--cyan` | `#4ecdc4` | primary action colour (Install buttons, live indicators, accents) |
-| `--cyan-d` | `rgba(78,205,196,0.15)` | cyan tint background for status badges |
-| `--green` | `#6bcb77` | success / online / healthy states |
-| `--green-d` | `rgba(107,203,119,0.15)` | green tint background |
-| `--amber` | `#d4a574` | warning / stale / degraded states |
-| `--amber-d` | `rgba(212,165,116,0.15)` | amber tint background |
-| `--red` | `#e06060` | error / offline / veto states |
-| `--red-d` | `rgba(224,96,96,0.15)` | red tint background |
-| `--purple` | `#a78bfa` | informational / epoch / chain indicators |
-| `--purple-d` | `rgba(167,139,250,0.15)` | purple tint background |
-| `--r` | `10px` | standard border radius on all cards and panels |
-
-### 3.2 Typography
-
- `--font`: `'Segoe UI', system-ui, -apple-system, sans-serif` — all body and heading text.
- `--mono`: `'Cascadia Code', 'Fira Code', Consolas, monospace` — all entity IDs, API endpoints, hex values, JSON payloads, COG binary hashes.
-
-### 3.3 Component patterns (from the live Cog Store and API Explorer)
-
- **Cards**: `background: var(--card)`, `border: 0.67px solid var(--border)`, `border-radius: var(--r)`, `padding: 24px`.
- **Category pills / status badges**: small `border-radius: 4–6px`, uppercase text, coloured background tint (e.g. `background: var(--cyan-d); color: var(--cyan)` for `RUNNING`; `background: var(--amber-d); color: var(--amber)` for `STALE`).
- **Primary action buttons**: `background: var(--cyan)`, `color: var(--bg)`, no border — matching the existing "Install" button style exactly.
- **Secondary / ghost buttons**: transparent background, `border: 1px solid var(--border)`, `color: var(--t1)` — matching the existing "Details" button style.
- **Nav strip**: `background: var(--bg2)`, text items in `--t2`, active item highlighted in `--cyan` with a bottom underline.
- **Featured card gradient borders**: top-edge linear gradient from `var(--cyan)` to `var(--purple)` — replicate for HOMECORE section headers.
- **Live metric cards** (API Explorer status page): icon + large numeric value in `--cyan` or `--green`, label in `--t2` below, on a `var(--card)` background.
- **Method badge pills** on the API Explorer (`GET` in green, `POST` in amber, `AUTH` in purple) — reuse this same pill system for COG status indicators.
-
-The implementor **must not introduce new colours, typefaces, or border radii.** Every component should feel like it was built by the same team that built the Cog Store and the API Explorer. A user navigating from the Cog Store into the HOMECORE dashboard should not notice a visual seam.
-
---
-
-## 4. UI sections — required panels
-
-### 4.1 System Dashboard (the "home screen")
-
-The always-visible overview panel. Modelled on the API Explorer's live metric cards. All values update in real-time.
-
- **v0 Appliance health strip** — reuse the exact metric-card pattern from `seed.cognitum.one/status`: one card each for CPU %, RAM usage, Hailo-10H inference load (% utilisation), Hailo temperature, uptime, and the running services (`ruview-mcp-brain:9876`, `cognitum-rvf-agent:9004`, `ruvector-hailo-worker:50051`). Values in `--cyan`, labels in `--t2`. This strip is always at the top — it represents the machine the user is looking at.
- **SEED Fleet overview** — a grid of SEED node cards (one per paired SEED) on the `var(--card)` surface with `var(--border)`. Each card shows: online/offline status pill (green/red), firmware version, epoch number, current vector count, last ingest timestamp, and witness-chain validity badge. A collapsed row shows the SEED's 5 onboard sensors in summary (PIR: yes/no, door: open/closed, temperature from BME280). Offline SEEDs render the entire card with a `--red-d` background tint. Clicking a SEED card navigates to the SEED Detail view (§4.2).
- **ESP32 Node summary** — count of active ESP32 nodes per SEED, current frame rate (target: 100 Hz CSI + 1 Hz feature vectors), and a compact warning list for nodes with known issues (presence_score normalisation anomaly, stale firmware version).
- **COG Runtime status row** — a horizontal strip of status pills for each installed COG on the v0 Appliance. Pill colours follow the existing badge convention: `--green-d`/`--green` for running, `--red-d`/`--red` for failed, `--t3`/`--t2` for stopped. COG name in `--mono`. Clicking a pill navigates to COG Management (§4.6).
- **Event Bus activity indicator** — a small real-time sparkline showing the homecore broadcast channel event rate (events/sec). Indicate channel lag if a subscriber is falling behind the 4,096-event capacity.
-
-### 4.2 SEED Detail View (per-SEED drill-down)
-
-Accessible from the fleet grid. Full-page panel for a single SEED node, using the card + section-header pattern from the Cog Store's detail views.
-
- **SEED identity header** — `device_id` in `--mono`, firmware version, paired status in green, USB vs WiFi connection mode. A section-header gradient border (cyan → purple, matching the featured card style) visually separates this from Appliance content.
- **Vector Store panel** — current vector count, dimension (8), last kNN query latency, current epoch number, a small sparkline of ingest rate over the last hour, and a storage budget bar showing usage against the 100K working-set target. A "Compact now" button (`POST /api/v1/store/compact`) in ghost style. When usage exceeds 80%, the bar renders in `--amber`.
- **Witness Chain panel** — chain length (SHA-256 entries), last verification timestamp, a one-click "Verify chain" button (`POST /api/v1/witness/verify`), and an "Export attestation bundle" button for regulated deployments. The Ed25519 custody attestation (device-bound keypair, epoch + vector count + witness head) renders here. Chain length in `--purple`, following the existing epoch/chain colour convention.
- **Onboard Sensors panel** — live readings from all 5 sensors in individual sub-cards: BME280 (temperature °C, humidity %, pressure hPa), PIR (motion boolean with last-triggered timestamp), reed switch (open/closed with last-changed timestamp), ADS1115 (4 analog channels with configurable labels), vibration (boolean with last-triggered). These are ground-truth validators against CSI readings and are critical for diagnosing false positives in the mixture-of-specialists. Sensor values in `--cyan`; sensor names in `--t2`.
- **Reflex Rules panel** — the 3 pre-configured rules with current state: `fragility_alarm` (threshold 0.3 → relay actuator), `drift_cutoff` (threshold 1.0), `hd_anomaly_indicator` (threshold 200 → PWM brightness). Show last-fired time for each. The `fragility_alarm` threshold is the most commonly adjusted field and should be editable inline. Rules that have recently fired render with a `--amber-d` background tint.
- **Cognitive Analysis panel** — boundary fragility score (0.0–1.0, from Stoer-Wagner min-cut on the kNN graph) rendered as a progress bar: green below 0.3, amber 0.3–0.6, red above 0.6. High fragility (>0.3) indicates a regime change in the environment and should be visually prominent. Temporal coherence phase boundaries shown as a labelled timeline of detected environment state transitions. kNN graph rebuild cadence indicator (every 10 s).
- **Ingest pipeline status** — which ESP32 nodes feed this SEED, the packet type each is sending (`0xC5110003` native feature vectors vs `0xC5110002` vitals fallback path — distinguished visually since native is preferred), current ingest batch size, flush interval, and bridge path topology (direct vs host-laptop hop). The bridge-hop warning (known architectural limitation) renders in `--amber` since it adds a network hop.
-
-### 4.3 SEED Fleet Map (multi-SEED topology)
-
-For deployments with more than one SEED, a topology view showing the mesh:
-
- **Node hierarchy diagram** — v0 Appliance at root, SEEDs as second tier (grouped by room/zone), ESP32 nodes as leaves under each SEED. Lines represent active data flows. ESP-NOW mesh sync links between SEEDs shown as dashed lines. Connection health shown via line colour (green/amber/red). All labels in `--mono`.
- **Cross-SEED event deduplication indicator** — for events that span multiple SEEDs (one fall detected by two rooms; one occupant tracked through room A → hallway → room B), show a fusion badge indicating how many SEEDs contributed to the composite event.
- **Federation config** ([ADR-105](ADR-105-federated-csi-training.md)) — federated-learning round coordinator role (which SEED is the round coordinator), current round number, K healthy nodes selected, delta exchange status. **Model deltas only — never raw CSI** is a design invariant that must be labelled explicitly in the UI.
-
-### 4.4 Entity & State Browser
-
-The homecore state machine (`DashMap<EntityId, Arc<State>>`) is the authoritative source of truth. Every COG running on the v0 Appliance contributes entities.
-
- **Entity list by domain** — grouped by the `domain.` prefix of `EntityId`, using collapsible section headers. The 21 entities per ESP32 node (11 raw + 10 semantic primitives from `cog-ha-matter`) are the most important set. For each entity: current state string (in `--t1`), last-changed timestamp (in `--t3`), attribute map as collapsible JSON in `--mono`, and the Context (`user_id` + `parent_id` causality chain, critical for care/audit deployments). Entity IDs always in `--mono`.
- **SEED provenance badge** — each entity carries a small badge showing its data lineage: which ESP32 node → which SEED → which COG → homecore state machine. This trace is invaluable for debugging false positives and is a **first-class UI element, not a collapsed detail.**
- **Domain filter + semantic search** — filter by domain prefix and, once [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) (homecore-recorder) lands, ruvector-backed semantic search: "when did the living room anomaly score last correlate with a door-open event?" A keyword filter across entity IDs and attribute keys ships in the initial release regardless of [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) status, given entity density; the semantic search layers on top once the recorder lands.
- **Real-time WebSocket feed** — entity states update live via the homecore `subscribe_events` WebSocket command ([ADR-130](ADR-130-homecore-rest-websocket-api.md)). The UI must never poll. Show a broadcast-channel lag indicator; warn visually if the subscriber is falling behind the 4,096-event channel capacity.
- **StateChanged detail panel** — clicking any entity opens a slide-over panel showing the full `StateChangedEvent`: `old_state`, `new_state`, `context.id`, `context.user_id`, and the `context.parent_id` chain rendered as a breadcrumb trail.
-
-### 4.5 RoomState / Sensing Panel
-
-Surfaces the mixture-of-specialists output from the calibration service — the highest-level per-room sensing result. Data comes from `GET /api/v1/room/state?bank=<room_id>` on the v0 Appliance.
-
- **Per-room cards** — one card per `room_id` on the `var(--card)` surface. Each card shows live `RoomState` JSON fields as sub-rows: presence (occupied/absent chip in green/red with confidence bar), posture (standing/sitting/lying chip with confidence), breathing BPM (numeric in `--cyan` with range indicator 6–30), heart rate BPM (numeric in `--cyan` with range indicator 40–120), restlessness score (0–1 progress bar), and anomaly score (0–1 with normal/anomalous label, bar turns red above a configurable threshold).
- **STALE warning** — when `stale: true` (the specialist bank was trained against a different baseline), render the entire room card with a `--amber-d` background tint and a prominent amber banner reading "Bank stale — baseline has changed" with a direct "Recalibrate room" link into the calibration wizard (§4.7). This is the most common real-world failure mode and **must never be subtle.**
- **VETO indicator** — when `vetoed: true` (anomaly veto suppressed vitals/posture because the window was physically implausible), render the affected specialist slots in `--red` with a "Veto active" label. Values suppressed by veto **must not render as zeros** — they must render as explicitly withheld.
- **Null specialist placeholders** — specialists not yet trained (`null` in the specialist bank) render as "Not trained" placeholders in `--t3` with a small "Calibrate to enable" prompt in ghost style. They are **not** errors.
- **Confidence bars** — each specialist output has a confidence float, shown as a small inline bar (`--cyan` fill) next to the reading. Low confidence (< 0.4) renders the bar in `--amber`.
- **Multi-SEED fusion indicator** — for rooms served by multiple SEEDs, show a small badge indicating how many SEED nodes contributed to the `MultiNodeMixture` for this room's reading.
-
-### 4.6 v0 Appliance COG Management
-
-The v0 Appliance hosts COGs at `/var/lib/cognitum/apps/`. This panel is the operational companion to the existing Cog Store (`seed.cognitum.one/store`). It must match the Cog Store's visual conventions precisely — same card layout, same category pills, same install/detail button pair — because operators will move between the two surfaces.
-
- **Installed COGs list** — for each COG: `id` and `version` in `--mono`, architecture badge (`arm`/`hailo10` etc., category-pill pattern), status pill (running/stopped/failed/updating in green/grey/red/amber), `binary_sha256` verified badge (Ed25519 signature verification shown as a shield icon in `--green` or `--red`), and PID from the pid file. Actions: start, stop, restart (ghost style), and view `output.log` / `error.log` in a monospace drawer using `--mono`. Edit `config.json` inline with syntax highlighting.
- **COG Store / App Registry** — browsable `app-registry.json` listing. This panel should visually mirror `seed.cognitum.one/store` as closely as possible — same featured-card hero layout, same icon + title + description + category pill + action button structure. One-click install downloads the binary from GCS, verifies `binary_sha256` + `binary_signature`, writes the manifest, and starts the COG. Show which new homecore entities will appear in the state machine after install, as a preview list before confirming.
- **OTA Updates** — a badge count on installed COGs with available updates, matching the "Installed (N)" tab badge convention from the existing Cog Store. Show a diff panel (version change, new entities, config schema changes) before confirming the update.
- **Hailo HEF status** — for COGs with `arch: hailo10`: loaded HEF files on the Hailo-10H, current inference throughput, and `ruvector-hailo-worker:50051` connection status. The RF Foundation Encoder ([ADR-150](ADR-150-rf-foundation-encoder.md)) and neural pose head display here once available.
-
-### 4.7 Calibration Wizard
-
-The full baseline → enroll → train → verify pipeline runs via HTTP against the v0 Appliance ([ADR-151](ADR-151-room-calibration-specialist-training.md)). This is a multi-step guided flow — not a raw API panel. Use a stepped wizard layout with a progress indicator at the top (steps 1–5 as numbered pills, active step in `--cyan`, completed in `--green`, pending in `--t3`).
-
- **Step 1 — Select room and SEED** — enter a `room_id` name (validated against `[A-Za-z0-9_-]{1,64}`) and select which SEED(s) and ESP32 nodes serve this room from a dropdown populated from the live fleet. Show current CSI ingest health for the selected nodes inline — if frames are not arriving at the expected rate, display an amber warning **before** allowing the operator to proceed. A broken ingest pipeline will silently fail calibration.
- **Step 2 — Baseline capture** — `POST /api/v1/calibration/start`. A large full-width animated progress bar (cyan fill) reads from `GET /api/v1/calibration/status`: frames recorded vs target, ETA in seconds, `z_median` value. If `motion_flagged` is true, overlay an amber banner: "Room must be empty — movement detected." The baseline UUID produced here is the anchor for all future STALE detection for this room — display it in `--mono` once complete so operators can record it.
- **Step 3 — Anchor enrollment** — the 8 anchor labels in enforced order: `empty`, `stand_still`, `sit`, `lie_down`, `breathe_slow`, `breathe_normal`, `small_move`, `sleep_posture`. For each: a human-readable instruction with an illustration, a countdown timer rendered as a circular progress ring in `--cyan`, and an immediate quality-gate result (accepted in green, retry in amber with a reason string). Drive via `POST /api/v1/enroll/anchor` + `GET /api/v1/enroll/status`. After each accepted anchor, show the extracted feature values (mean, variance, breathing_score, heart_score) in a small `--mono` data row so operators can sanity-check the capture. Show overall progress as "N / 8 anchors accepted."
- **Step 4 — Train** — a single `POST /api/v1/room/train` call. Show the 6 specialist results as a checklist: presence (threshold + occupied_var), posture (prototype count), breathing (min_score), heartbeat (min_score), restlessness (calm/active motion values), anomaly (prototype count + scale). Specialists that returned non-null render in `--green`. Null specialists (insufficient anchor data) render in `--amber` with a "Re-enroll missing anchors" prompt linking back to Step 3 for the specific missing labels.
- **Step 5 — Verify live** — display the live `RoomState` for the just-trained room using the same per-room card layout as §4.5. Prompt the operator to stand in the room and verify presence is detected, try sitting/lying to confirm posture, and breathe normally to confirm vitals are in plausible range. A "Confirm and save" button (cyan, primary) closes the wizard; a "Something's wrong — re-enroll" button (ghost) loops back to Step 3.
-
-### 4.8 Event Bus & Automation Feed
-
- **Live event stream panel** — a virtualized scrolling list of `SystemEvent` variants (`StateChanged`, `EntityRegistered`, `ConfigReloaded`) and notable `DomainEvent`s from the homecore Tokio broadcast channel. Each row shows: event-type pill (coloured by variant), `entity_id` in `--mono`, old state → new state arrow, timestamp, and `context.user_id`. The stream is filterable by entity domain, event type, or source SEED/COG. The filter bar uses the same search-input style as the Cog Store's search field.
- **Context causality breadcrumb** — expanding any event row shows the full Context chain (`context.id` → `parent_id` → `grandparent_id`) as a breadcrumb trail in `--mono`. This is how automation loops become visible without any separate debugging tool.
- **Automation builder** ([ADR-129](ADR-129-homecore-automation-engine.md) scope) — a trigger → condition → action editor on the card surface. The most important RuView-specific trigger types to support are: `state_changed` on `RoomState` entities with a threshold expression (e.g. `anomaly.value > 0.8`), SEED reflex-rule firing events (`fragility_alarm`, `hd_anomaly_indicator`), and custom `domain_event` topics. Actions include calling services in the homecore service registry and firing domain events. The condition expression editor uses `--mono`.
-
-### 4.9 Witness / Audit Log
-
- **Unified witness timeline** — a chronological merged view of events from both tiers: the SEED's SHA-256 ingest chain (every RVF store write attested) and homecore's Ed25519 state-transition chain (biometric crossings, BFLD identity-risk elevations). Each row: `entity_id` in `--mono`, old/new state, timestamp, source SEED `device_id`, signing key fingerprint (first 8 chars in `--mono`). Pagination uses the same "Showing X–Y of Z" convention from the Cog Store's cog grid.
- **Privacy mode banner** — a persistent top-of-panel banner showing current privacy mode: `--green-d`/green text for full-publish mode; `--amber-d`/amber text for audit-only mode (SHA-256 digests on-SEED only, no MQTT state messages). Show the per-SEED privacy mode state, since SEEDs can be individually configured. Toggling privacy mode is a high-stakes action — require an explicit "Confirm" step with a summary of what will change.
- **Export bundle** — an "Export attestation bundle" button (ghost) that packages the SEED witness chain + homecore Ed25519 chain as a downloadable archive for regulated-deployment (care home, hotel, shared office) compliance handoff.
-
-### 4.10 Settings & Integration Config
-
- **SEED fleet management** — add, remove, and reprovision SEEDs. Show the USB-only pairing requirement prominently (the pairing window only opens via `169.254.42.1`, not WiFi — a security invariant). Per-SEED: `device_id` in `--mono`, firmware version, bearer token status, and a "Rotate token" action (ghost) that walks the operator through the secure token rotation flow.
- **ESP32 node provisioning** — per-node NVS config display (target IP, target port, node_id), last-seen firmware version, and a link to the provisioning script. The `node_id` → room/zone assignment is editable here and persists to the room calibration system's `room_id` mapping.
- **MQTT / cog-ha-matter config** ([ADR-116](ADR-116-cog-ha-matter-seed.md)) — broker URL, credentials (masked), MQTT topic prefix, mDNS advertisement status (`_ruview-ha._tcp`), and a live connection indicator (green dot for connected, red for unreachable). The 21 HA-DISCO entities per node are listed here with their `via_device` assignments showing which SEED they belong to in HA's device registry.
- **Long-lived access tokens** — for homecore-api companion-app connections (HA 2025.1 wire-compat, [ADR-130](ADR-130-homecore-rest-websocket-api.md)). Token creation, last-used timestamp, and revocation. The HA companion-app pairing QR-code flow surfaces here.
- **Federation config** — for multi-SEED deployments: ESP-NOW mesh sync status, cross-SEED epoch alignment values, and federated-learning round settings (coordinator SEED, round cadence, Krum aggregation parameters per [ADR-105](ADR-105-federated-csi-training.md)). The design invariant **"model deltas only, never raw CSI"** must be labelled explicitly in this panel.
-
---
-
-## 5. Navigation structure
-
-HOMECORE-UI must integrate into the existing Cognitum Appliance nav shell. The top nav should read:
-
-```
-Framework | Guide | Cog Store | HOMECORE | Status
-```
-
-— inserting **HOMECORE** as a first-class nav item between the existing "Cog Store" and "Status" entries, using the same nav-item style (text in `--t2`, active state in `--cyan` with bottom underline).
-
-Within the HOMECORE section, a left sidebar (or top sub-nav on narrow viewports) provides section navigation:
-
-```
-Dashboard | SEED Fleet | Entities | Rooms | COGs | Calibration | Events | Audit | Settings
-```
-
-The COG Store panel within HOMECORE (§4.6) links out to `seed.cognitum.one/store` for the full catalog view, ensuring the existing Cog Store remains the canonical browsing experience.
-
---
-
-## 6. Key UX invariants
-
-These must be maintained across every panel:
-
-1. **Always make the tier origin of any data explicit.** A `RoomState` reading traces to an ESP32 node → SEED → COG → v0 Appliance state machine. The provenance badge (§4.4) must appear wherever entity states are displayed.
-2. **The `stale` and `vetoed` flags from `RoomState` and the kNN fragility score from SEED cognitive analysis are meaningful diagnostic signals** — they must never be silently hidden, styled grey-on-grey, or collapsed behind an expand toggle. They represent system health operators need to act on.
-3. **Values that are `null` because a specialist has not been trained must be visually distinct from values that are unavailable due to an error.** The distinction is operationally important: `null` means "calibrate to enable," unavailable means "investigate."
-4. **All entity IDs, hashes, API endpoints, binary signatures, device UUIDs, and JSON payloads must use `--mono` font.** This is already the convention in the API Explorer and must be consistent throughout HOMECORE-UI.
-5. **The v0 Appliance Hailo HAT is a separate subsystem from the SEED's edge compute.** Inference results tagged as Hailo-sourced (COGs with `arch: hailo10`) must be visually distinguished from results from CPU-only COGs (`arch: arm`) so operators can triage hardware-specific failures.
-
---
-
-## 7. Scope — complete UI delivery
-
-The deliverable is the **entire** dashboard. Every panel below ships fully implemented and wired to its live data source — there is no scaffold-only milestone and no panel left as a placeholder. The table records each panel's authoritative backing API so the build can proceed in whatever order best fits the dependency graph; it is a dependency map, **not** a sequence of partial releases.
-
-| Panel | Section | Backing API / source |
-|---|---|---|
-| System Dashboard | §4.1 | [ADR-130](ADR-130-homecore-rest-websocket-api.md) WebSocket + appliance health endpoints |
-| SEED Detail View | §4.2 | SEED HTTPS API (vector store, witness, sensors, reflex, cognitive analysis) |
-| SEED Fleet Map | §4.3 | fleet topology + federation ([ADR-105](ADR-105-federated-csi-training.md)) |
-| Entity & State Browser | §4.4 | [ADR-127](ADR-127-homecore-state-machine-rust.md) state machine via [ADR-130](ADR-130-homecore-rest-websocket-api.md) `subscribe_events`; semantic search via [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) |
-| RoomState / Sensing | §4.5 | [ADR-151](ADR-151-room-calibration-specialist-training.md) `GET /api/v1/room/state` |
-| COG Management | §4.6 | [ADR-128](ADR-128-homecore-integration-plugin-system.md) plugin runtime + [ADR-100](ADR-100-cog-packaging-specification.md) app registry |
-| Calibration Wizard | §4.7 | [ADR-151](ADR-151-room-calibration-specialist-training.md) calibration HTTP API |
-| Event Bus & Automation | §4.8 | [ADR-130](ADR-130-homecore-rest-websocket-api.md) broadcast channel + [ADR-129](ADR-129-homecore-automation-engine.md) automation engine |
-| Witness / Audit Log | §4.9 | SEED SHA-256 ingest chain + homecore Ed25519 chain |
-| Settings & Integration | §4.10 | SEED provisioning, [ADR-116](ADR-116-cog-ha-matter-seed.md) MQTT/Matter, LLAT, federation |
-
-### 7.1 Build sequencing within the complete deliverable
-
-The complete UI depends on backing services that mature on their own timelines. Each panel is built against the **real gateway endpoint** defined in §11; where the upstream is not yet available the panel renders a typed empty/error state, **not** fabricated data (the dev-only `?demo=1` fixture of §2.2 exists for offline development only and is never the shipped behaviour). Concretely, the hard contract dependencies are: [ADR-130](ADR-130-homecore-rest-websocket-api.md) (REST + WebSocket), [ADR-127](ADR-127-homecore-state-machine-rust.md) (state machine), [ADR-151](ADR-151-room-calibration-specialist-training.md) (calibration), [ADR-128](ADR-128-homecore-integration-plugin-system.md) (plugin runtime), [ADR-129](ADR-129-homecore-automation-engine.md) (automation), [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) (event history + semantic search), [ADR-116](ADR-116-cog-ha-matter-seed.md) (SEED/Matter), [ADR-069](ADR-069-cognitum-seed-csi-pipeline.md) (SEED ingest), and [ADR-105](ADR-105-federated-csi-training.md) (federation). The keyword entity filter (§4.4) ships immediately; semantic search layers on once [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) lands. The exact panel→endpoint→upstream map and the new gateway code each requires are §11; the staged delivery is §12.
-
---
-
-## 8. Consequences
-
-### 8.1 Positive
-
- Operators, integrators, and residents get a single coherent surface for the full two-tier stack, replacing the need to SSH into SEEDs or hand-craft API calls.
- The dashboard reuses the proven Cognitum design tokens and component patterns verbatim, so it ships visually consistent with no separate design effort and no perceptible seam between surfaces.
- Diagnostic signals that today are invisible (`stale`/`vetoed` flags, kNN fragility, provenance lineage, channel lag) become first-class, surfacing the system's most common real-world failure modes directly to operators.
-
-### 8.2 Negative / risks
-
- The UI hard-depends on the wire-compat guarantees of ADR-130 and the calibration contract of ADR-151; schema drift in either breaks panels silently. Integration tests against every backing contract in §7 are required.
- Committing to the complete UI in one deliverable is a larger up-front effort and couples the UI's readiness to the maturity of multiple backing services (§7.1, §11). The mitigation is the BFF gateway (§2.1): each panel targets one same-origin endpoint, and the gateway absorbs upstream churn behind a stable contract.
- Promoting `homecore-server` to a gateway means it now **proxies cross-tier traffic** (calibration API, SEED HTTPS, appliance daemons). This adds a network hop, a place for upstream timeouts/partial failures to surface, and a server-side store of SEED bearer tokens that must be protected (§11.10). Each proxied route needs an explicit timeout + typed error mapping so one slow SEED cannot stall the dashboard.
- Several panels depend on data that only exists on **real hardware or new daemons** (SEED device tier, appliance host metrics, COG supervisor). Until those upstreams exist the corresponding gateway routes return `503 upstream_unavailable`; this is honest but means the dashboard is only as "live" as the tiers behind it (§11 classifies every endpoint by what it depends on).
- Faithfully mirroring `seed.cognitum.one/store` couples HOMECORE-UI to the external Cog Store's evolving design; token drift there must be tracked and re-synced.
- The two-tier mental model (Appliance root, SEED children, ESP32 leaves) must be enforced consistently; any panel that flattens or peers the tiers undermines the core architectural constraint.
-
---
-
-## 9. References
-
- `https://seed.cognitum.one/store` — primary design reference for all visual conventions.
- `https://seed.cognitum.one/status` — reference for live metric-card layout.
- [ADR-126](ADR-126-ruview-native-ha-port-master.md) — HOMECORE master ADR.
- [ADR-127](ADR-127-homecore-state-machine-rust.md) — HOMECORE-CORE state machine and entity registry.
- [ADR-128](ADR-128-homecore-integration-plugin-system.md) — HOMECORE-PLUGINS WASM COG substrate.
- [ADR-129](ADR-129-homecore-automation-engine.md) — HOMECORE automation engine.
- [ADR-130](ADR-130-homecore-rest-websocket-api.md) — HOMECORE-API REST + WebSocket wire-compat.
- [ADR-132](ADR-132-homecore-recorder-history-semantic-search.md) — homecore-recorder, history + semantic search.
- [ADR-100](ADR-100-cog-packaging-specification.md) — Cognitum Cog packaging specification (manifest.json, status values, on-device layout).
- [ADR-116](ADR-116-cog-ha-matter-seed.md) — cog-ha-matter (SEED cog, HA-DISCO entity surface, mDNS).
- [ADR-069](ADR-069-cognitum-seed-csi-pipeline.md) — ESP32 CSI → Cognitum SEED RVF ingest pipeline (SEED architecture detail).
- [ADR-105](ADR-105-federated-csi-training.md) — Federated CSI training (multi-SEED federation).
- [ADR-151](ADR-151-room-calibration-specialist-training.md) — Per-room calibration specialist training (calibration HTTP API).
- `v2/crates/homecore/src/` — state machine, entity, event, registry source.
- `docs/integration/calibration-appliance-integration.md` — calibration API contract and RoomState schema.
-
---
-
-## 10. Implementation status
-
-Implemented as a zero-dependency, no-build-step vanilla TS/JS + CSS frontend served by `homecore-server` at `/homecore` (the `rufield-viewer` "Axum + vanilla-JS" pattern). The complete deliverable per §2/§7 — all ten panels, fully rendered, wired to live data where the backing service exists and to a contract-conformant DEMO-flagged mock layer (§7.1) where it does not.
-
-**Location:** `v2/crates/homecore-server/ui/` — `css/tokens.css` (the §3.1 palette, verbatim) + `css/app.css` (§3.3 components); `js/{ui,api,ws,mock,app}.js` (shared helpers, REST client, `subscribe_events` WS client, mock layer, shell+router); `js/panels/*.js` (one module per §4 panel). Mounted via `tower-http` `ServeDir` in `homecore-server::build_app`, gated by `--ui-dir`/`HOMECORE_UI_DIR`.
-
-**Verification:**
- **Rust** — `#[cfg(test)] mod ui_tests` in `homecore-server/src/main.rs`: 5 integration tests (`tower::oneshot`) covering index, design tokens, all ten panel modules served, API coexistence, and mount-disable. *Written but not compiled in the authoring environment (no Rust toolchain present); run `cargo test -p homecore-server` on a Rust host before merge.*
- **Frontend** — `ui/` test suite under plain `node` (no npm install): `npm test` → import/export graph verifier (15 modules) + render-smoke (executes every panel against a DOM shim; 21 checks) + interaction suite (live WS patch, ws.js handshake/parse, calibration contract; 3 checks). **24/24 green.**
- **Benchmark** — `npm run bench`: total bundle **136.8 KB** uncompressed (**~37× smaller** than HA's ~5 MB Lit bundle, the ADR-126 §1.1 foil); slowest panel **1.5 ms/cold-render**.
-
-**Honest scope — current vs. target.** *Earlier cut:* the front-end was complete but only §4.4 Entities was wired to a real backend; the rest rendered from an in-browser mock. *This revision implements the §11 wiring:*
-
- **Front-end (§11.11) — DONE and verified.** `api.js` rewritten: all data accessors are async and call the §11.2 gateway routes; the mock layer is demoted to a dev-only fixture reachable **only** under `?demo=1` / `HOMECORE_UI_DEMO` (§2.2); every panel `await`s and renders a typed empty/error state on failure (no mock fallback in production). All ten panels converted (3 by hand, 7 via parallel agents). Verified under Node: 5 test files green — import graph, boot, render-smoke (22), interaction (3), **and a new prod-errors suite (13) that runs with demo OFF + gateway unreachable and asserts every panel renders an error state, never mock, never throws** (it caught and fixed a real unhandled-rejection in the events panel).
- **Gateway (§11.1–§11.6) — IMPLEMENTED, COMPILED, TESTED, RUN.** New `homecore-server/src/gateway.rs` (+`reqwest` dep, +CLI/env flags `--calibration-url`/`--calibration-token`/`--apps-dir`/`--gateway-timeout-ms`, merged into `build_app` via `gateway_router`). Real handlers: `/api/cal/*` reverse-proxy (W2), `GET /api/homecore/rooms` with the §11.3 RoomState adapter (W2), `GET /api/homecore/cogs` supervisor over the apps dir (W4), `GET /api/homecore/appliance` from `/proc` + port probes (W6). SEED-device/appliance-daemon routes (seeds, federation, witness, privacy, settings, automations, events-history, hailo, tokens — W3/W5) return a typed `503 upstream_unavailable` per §11.2. **Verified on Rust 1.89: `cargo test -p homecore-server --no-default-features` = 12/12 pass** (6 gateway + 6 UI mount). **Run live:** `GET /api/homecore/appliance` returns real `/proc` metrics + TCP service probes; unauth → `401`; `cogs` → `[]` with no apps dir; SEED-tier → typed `503`; and against a mock calibration upstream the `/api/cal/*` proxy passes through (`200`) and `GET /api/homecore/rooms` correctly adapts `RoomState` to the UI shape (`breathing`→`breathing_bpm`, `heartbeat:null`→`heart_bpm:null`, injected `anomaly.threshold`/`room_id`, `stale` passthrough). **Live testing caught + fixed one real bug** — a double-`v1` path in the `/api/cal/*` proxy URL.
-
-The endpoint-by-endpoint contract is **§11**; the staged plan and which endpoints depend on real SEED/appliance hardware vs. pure software is **§12**.
-
---
-
-## 11. Backend wiring — making every panel real
-
-This section is the authoritative contract for full functionality. It removes the mock layer from the production path (§2.2) by routing every panel through the `homecore-server` BFF gateway (§2.1). Each endpoint is classified by what it depends on:
-
- **EXISTS** — backend code already in this repo; gateway only proxies/adapts.
- **NEW-GW** — pure software the gateway itself implements (filesystem, `/proc`, process control, recorder query) — no new external service.
- **NEW-API** — a small HTTP wrapper to add to an existing in-repo crate (`homecore-api`, `homecore-automation`).
- **SEED-DEV** — depends on a SEED node's on-device HTTPS API (separate hardware/firmware).
- **APPLIANCE** — depends on an appliance daemon / accelerator stat source.
-
-### 11.1 Gateway shape
-
-`homecore-server` already mounts `homecore-api` at `/api/*` and the UI at `/homecore`. It gains a new **`/api/homecore/*`** namespace (the dashboard-specific aggregation surface) plus a **`/api/cal/*`** reverse-proxy to the calibration service. The browser issues only same-origin requests; the gateway fans out server-side, holding all upstream credentials (§11.10). Every proxied route has an explicit timeout and maps upstream failure to a typed body (`503 upstream_unavailable`, `504 upstream_timeout`) so one slow tier never stalls the dashboard.
-
-### 11.2 Master endpoint contract (panel → gateway route → upstream → status)
-
-| Panel | UI method (`api.js`) | Gateway route | Upstream / source | Class |
-|---|---|---|---|---|
-| §4.4 Entities | `states()` | `GET /api/states` | `homecore` state machine | **EXISTS** ✅ wired |
-| §4.4/§4.8 live feed | WS | `GET /api/websocket` (`subscribe_events`) | `homecore` event bus | **EXISTS** ✅ wired |
-| §4.8 Event history | `eventHistory(q)` | `GET /api/events?since=…` | `homecore-recorder` ([ADR-132](ADR-132-homecore-recorder-history-semantic-search.md)) | **NEW-API** |
-| §4.8 Automations | `automations()` / `saveAutomation()` | `GET/POST/DELETE /api/homecore/automations` | `homecore-automation` ([ADR-129](ADR-129-homecore-automation-engine.md)) | **NEW-API** |
-| §4.5 Rooms | `roomStates()` | `GET /api/homecore/rooms` → per-room `GET /api/cal/v1/room/state?bank=` | `calibrate-serve` ([ADR-151](ADR-151-room-calibration-specialist-training.md)) | **EXISTS** (proxy + adapter) |
-| §4.7 Calibration | `calibration.*` | `POST /api/cal/v1/calibration/{start,stop}`, `GET …/status`, `POST …/enroll/anchor`, `GET …/enroll/status`, `POST …/room/train` | `calibrate-serve` | **EXISTS** (proxy) |
-| §4.6 COGs | `cogs()` / `cogAction()` / `cogLogs()` | `GET /api/homecore/cogs`, `POST …/cogs/:id/{start,stop,restart}`, `GET …/cogs/:id/logs`, `GET/PUT …/cogs/:id/config` | COG supervisor over `/var/lib/cognitum/apps/` ([ADR-100](ADR-100-cog-packaging-specification.md)/[ADR-128](ADR-128-homecore-integration-plugin-system.md)) | **NEW-GW** |
-| §4.6 Hailo HEF | `hailo()` | `GET /api/homecore/hailo` | `ruvector-hailo-worker:50051` | **APPLIANCE** |
-| §4.1 Appliance health | `appliance()` | `GET /api/homecore/appliance` | host `/proc` + Hailo stats + service probes | **NEW-GW** (+APPLIANCE for Hailo) |
-| §4.1/§4.2 Fleet + SEED detail | `seeds()` / `seed(id)` | `GET /api/homecore/seeds`, `GET …/seeds/:id` | SEED device HTTPS API ([ADR-069](ADR-069-cognitum-seed-csi-pipeline.md)) via registry | **SEED-DEV** |
-| §4.2 SEED actions | `seedCompact()` / `seedVerify()` | `POST …/seeds/:id/{compact,witness/verify}` | SEED device API | **SEED-DEV** |
-| §4.3 Federation | `federation()` | `GET /api/homecore/federation` | federation coordinator ([ADR-105](ADR-105-federated-csi-training.md)) | **SEED-DEV/APPLIANCE** |
-| §4.9 Witness/Audit | `witnessLog(p,s)` | `GET /api/homecore/witness?page=…` | merge: `homecore` Ed25519 chain + per-SEED SHA-256 chains | **NEW-API + SEED-DEV** |
-| §4.9 Privacy mode | `privacyModes()` / `setPrivacy()` | `GET/POST /api/homecore/privacy` | SEED privacy control plane ([ADR-141](ADR-141-bfld-privacy-control-plane-modes-attestation.md)) + cog-ha-matter | **SEED-DEV** |
-| §4.9 Export bundle | `exportAttestation()` | `GET /api/homecore/witness/export` | gateway packages both chains | **NEW-GW** |
-| §4.10 Tokens (LLAT) | `tokens()` / `createToken()` / `revokeToken()` | `GET/POST/DELETE /api/homecore/tokens` | `homecore-api` `LongLivedTokenStore` | **NEW-API** |
-| §4.10 MQTT/Matter | `mqttConfig()` | `GET /api/homecore/integrations/mqtt` | cog-ha-matter config ([ADR-116](ADR-116-cog-ha-matter-seed.md)) | **NEW-GW/SEED-DEV** |
-| §4.10 ESP32 provisioning | `nodes()` / `assignRoom()` | `GET/PUT /api/homecore/nodes` | SEED ingest config ([ADR-069](ADR-069-cognitum-seed-csi-pipeline.md)) | **SEED-DEV** |
-| §4.10 SEED mgmt | `pairSeed()` / `rotateToken()` | `POST /api/homecore/seeds/{pair,:id/rotate-token}` | SEED pairing (USB `169.254.42.1`) | **SEED-DEV** |
-
-### 11.3 Calibration proxy + RoomState adapter
-
-The calibration service is real but on a different binary/port; the gateway reverse-proxies it under `/api/cal/*` (upstream base from `HOMECORE_CALIBRATION_URL`). Its `RoomState` (`wifi-densepose-calibration/src/runtime.rs`) does **not** match the UI's shape, so the gateway adapts it in `GET /api/homecore/rooms`:
-
-| Real field (`RoomState`) | UI field | Adapter rule |
-|---|---|---|
-| `breathing: Option<SpecialistReading>` | `breathing_bpm: {value,confidence}\|null` | rename; `value`=`reading.value`, `confidence`=`reading.confidence`; `None`→`null` (preserves "not trained") |
-| `heartbeat: Option<…>` | `heart_bpm: {…}\|null` | rename `heartbeat`→`heart_bpm` |
-| `presence/posture/restlessness` | same names `{value,confidence}\|null` | `posture.value`=`reading.label` (class), else numeric |
-| `anomaly: Option<…>` | `anomaly: {value,confidence,threshold}` | inject `threshold`=`MixtureOfSpecialists.veto_threshold` (0.5) |
-| `vetoed` / `stale` | `vetoed` / `stale` | pass through (drives the §4.5/§6 banners) |
-| *(absent)* | `room_id`, `seeds[]` | injected by the gateway from the **room registry** |
-
-A **room registry** (config or derived from `GET /api/cal/v1/calibration/baselines`) maps each `room_id` → bank name + serving SEED ids, so `GET /api/homecore/rooms` returns one adapted record per room. `Option::None` → JSON `null` keeps the null-vs-withheld distinction (§6 invariant 3) intact end-to-end.
-
-### 11.4 SEED registry & device-API proxy
-
-The gateway holds a **SEED registry** (`device_id` → base URL + bearer token + zone), populated by pairing (§4.10) and persisted server-side. `GET /api/homecore/seeds[/:id]` fans out to each SEED's on-device API and shapes the result to the §4.2 card/detail model. Expected SEED-side endpoints (the contract the SEED firmware must satisfy — a subset of its 98 endpoints): health; vector-store stats (`vector_count`, `dim`, `epoch`, `knn_latency_ms`, ingest rate); witness (`len`, `last_verify`, `valid`) + `POST verify`; onboard sensors (BME280/PIR/reed/ADS1115/vibration); reflex rules + thresholds; cognitive analysis (fragility, coherence phases); ingest feeders (ESP32 node ids + packet type `0xC5110003`/`0xC5110002` + rate). Offline/unreachable SEEDs surface as `online:false` (drives the §4.1 red tint) rather than failing the whole list.
-
-### 11.5 Appliance metrics collector (§4.1)
-
-`GET /api/homecore/appliance`, implemented in the gateway: CPU/RAM/uptime from `/proc`; Hailo load + temperature from the Hailo runtime/sysfs (or `ruvector-hailo-worker` stats); service health by probing `ruview-mcp-brain:9876`, `cognitum-rvf-agent:9004`, `ruvector-hailo-worker:50051`; event-bus rate from the `homecore` broadcast channel + its lag counter (already exposed for §4.1/§4.4).
-
-### 11.6 COG supervisor (§4.6)
-
-`GET /api/homecore/cogs`: read each `/var/lib/cognitum/apps/*/manifest.json` ([ADR-100](ADR-100-cog-packaging-specification.md)), the pid file, and verify `binary_sha256` + `binary_signature` (Ed25519) → status/shield. `POST …/cogs/:id/{start,stop,restart}` performs supervised process control; `GET …/cogs/:id/logs` tails `output.log`/`error.log`; `GET/PUT …/cogs/:id/config` reads/writes `config.json`. Hailo-arch COGs join the §11.5 Hailo stats. The Cog Store/App-Registry **browsing** panel was removed per product decision; this is operational management only.
-
-### 11.7 Witness aggregation + privacy (§4.9)
-
-`GET /api/homecore/witness` merges two chains chronologically: the `homecore` Ed25519 state-transition chain (exposed by a small `homecore-api` route over its witness log) and each paired SEED's SHA-256 ingest chain (proxied via the registry), paginated server-side. `GET/POST /api/homecore/privacy` reads/sets per-SEED privacy mode via the SEED privacy control plane ([ADR-141](ADR-141-bfld-privacy-control-plane-modes-attestation.md)) — the POST is the high-stakes confirmed toggle (§4.9). `GET /api/homecore/witness/export` packages both chains into the downloadable attestation bundle.
-
-### 11.8 Event history + automation CRUD (§4.8)
-
-`homecore-api` adds `GET /api/events?since=…` backed by `homecore-recorder` ([ADR-132](ADR-132-homecore-recorder-history-semantic-search.md)) for history (live updates continue over the existing WS). The automation builder persists through `GET/POST/DELETE /api/homecore/automations`, a thin HTTP wrapper over the `homecore-automation` engine's register/list/remove ([ADR-129](ADR-129-homecore-automation-engine.md)). RuView-specific triggers (RoomState thresholds, SEED reflex events) map onto the engine's trigger types.
-
-### 11.9 Entity provenance convention (§4.4/§6)
-
-The first-class provenance badge requires each entity to carry its lineage. Convention: every integration writes `attributes.source` (and, where known, `attributes.seed` / `attributes.cog`) when it sets state; `cog-ha-matter` ([ADR-116](ADR-116-cog-ha-matter-seed.md)) populates these from the ESP32 node → SEED → COG path and HA `via_device`. The gateway/UI resolves node→seed→cog from these attributes (no fabrication; missing lineage renders as "unknown", not invented).
-
-### 11.10 Auth, credentials, config
-
- **Browser → gateway:** one long-lived access token (the §4.10 LLAT), sent as `Authorization: Bearer`; validated by `homecore-api`'s `LongLivedTokenStore`. The dev default (`allow_any_non_empty`) stays for local runs; production provisions `HOMECORE_TOKENS`.
- **Gateway → upstreams:** SEED bearer tokens and the calibration token live **only** server-side (SEED registry + `HOMECORE_CALIBRATION_TOKEN`); never sent to the browser. This is the reason the gateway exists.
- **Config:** `HOMECORE_CALIBRATION_URL`, SEED registry store path, per-proxy timeout (default 2 s), `HOMECORE_UI_DEMO` (dev fixture). No browser CORS needed (same origin); gateway→upstream is server-to-server.
-
-### 11.11 Front-end changes
-
-`api.js`: drop the mock fallback from the production path — methods call the §11.2 gateway routes; `this.base` stays same-origin; the mock layer is reachable only under `?demo=1`/`HOMECORE_UI_DEMO`. Every panel renders a **typed empty/error state** (not mock) when its route returns `503/504`. `mock.js` moves to a dev fixture (kept for the offline test harness, excluded from the production bundle). The §10 frontend tests are re-pointed at the gateway contract (and gain contract tests per §11.2 route).
-
---
-
-## 12. Delivery plan to full functionality
-
-Staged so each wave is independently shippable behind the gateway, lands real data for a coherent set of panels, and has an explicit acceptance gate. "Class" reuses §11's tags.
-
-| Wave | Scope | Class | Acceptance gate |
-|---|---|---|---|
-| **W1 — Gateway foundation** | `/api/homecore/*` scaffold in `homecore-server`; auth passthrough; per-proxy timeout + typed errors; `api.js` base + remove prod mock (`?demo=1` only); panels get typed empty/error states | NEW-GW | Entities + live WS still green; with no upstreams, every other panel shows "upstream unavailable", **never** mock (unless `?demo=1`); Rust + JS suites pass |
-| **W2 — Rooms + Calibration** | `/api/cal/*` reverse-proxy; `GET /api/homecore/rooms` with the §11.3 RoomState adapter + room registry; wire §4.5 + the §4.7 wizard to real endpoints; delete the in-browser calibration stub | EXISTS (proxy+adapter) | Against a running `calibrate-serve` (replayed CSI), the wizard drives a real baseline→enroll→train→verify and §4.5 shows real `RoomState` with correct stale/veto/null mapping; contract test on the adapter |
-| **W3 — Events + Automations** | `GET /api/events` over `homecore-recorder`; `/api/homecore/automations` over `homecore-automation` | NEW-API | §4.8 history loads from recorder; an automation created in the UI persists and fires via the engine |
-| **W4 — COG management** | `/api/homecore/cogs*` supervisor over `/var/lib/cognitum/apps/` (manifest + pid + sig verify + logs + config) | NEW-GW | §4.6 lists real installed COGs; start/stop/restart works; sha256/signature shield reflects real verification; logs tail |
-| **W5 — SEED tier** | SEED registry + pairing; `/api/homecore/seeds*` device proxy; witness merge + privacy control; ESP32 provisioning | SEED-DEV | Against a real or emulated SEED API, §4.2/§4.3/§4.9/§4.10 show real vector-store/witness/sensor/reflex/cognition data; SEED tokens stay server-side; offline SEED → red tint, not a failed page |
-| **W6 — Appliance + federation + Hailo** | `/api/homecore/appliance` (host metrics + service probes); `/api/homecore/hailo`; `/api/homecore/federation` ([ADR-105](ADR-105-federated-csi-training.md)) | NEW-GW + APPLIANCE | §4.1 health is real; §4.6 Hailo HEF/throughput real; §4.3 federation round/coordinator/Krum real |
-
-**Definition of done (full functionality):** with W1–W6 merged and the upstream tiers running, loading `/homecore` with **no** `?demo=1` flag shows live data on all ten panels, `api.anyDemo()` is false, and no panel renders fabricated values. Panels whose tier is offline show typed empty/error states. The mock layer is reachable only as the `?demo=1` developer fixture.
-
-### 12.1 Wave status (this revision)
-
-| Wave | Status |
-|---|---|
-| **W1 — Gateway foundation** | ✅ DONE — `gateway.rs`, auth passthrough, typed `503/504`, merged into `build_app`; front-end mock removed from prod path + `?demo=1` fixture; typed error states. **Compiled + 12/12 Rust tests + JS suite green + run live.** |
-| **W2 — Rooms + Calibration** | ✅ DONE — `/api/cal/*` reverse-proxy + `GET /api/homecore/rooms` RoomState adapter; front-end calibration stub deleted (now proxies the real API). **Proven live against a calibration upstream** (proxy 200 + adapted shape); null-preservation unit-tested. |
-| **W3 — Events + Automations** | ⏳ gateway returns typed `503` (recorder/automation HTTP wrappers pending); front-end handles it gracefully (history note, builder still usable). |
-| **W4 — COG management** | ✅ supervisor DONE — lists `/var/lib/cognitum/apps/` manifests + pid liveness (returns `[]` live with no apps dir); start/stop/log/config control is the remaining follow-up. |
-| **W5 — SEED tier** | ⏳ gateway returns typed `503` (SEED registry + device proxy pending real/emulated SEED hardware). |
-| **W6 — Appliance + federation + Hailo** | ◑ appliance host metrics from `/proc` + port probes DONE (live `/proc` data verified); Hailo stats + federation remain `503` (need the accelerator stat source / coordinator). |
-
-**Status:** the gateway is **compiled and tested on Rust 1.89** (`cargo test -p homecore-server` = 12/12) and was **run live** (curl proof in §10). The one remaining caveat is intrinsic, not an environment limit: **W3/W5/W6-Hailo/federation depend on services/hardware that are not in this repo** (recorder/automation HTTP wrappers, real SEED nodes, the Hailo stat source), so they return honest typed `503`s and the UI shows error states — exactly as §2.2/§11.2 prescribe. W1/W2/W4/W6-appliance are functional now.
-
-### 12.2 Security review (PR #1082)
-
-A high-effort public-PR review of the merged gateway + front-end surfaced the following, all fixed and pinned by tests (`cargo test -p homecore-server` is now **18/18**):
-
-| # | Severity | Finding | Fix |
-|---|---|---|---|
-| 1 | **HIGH** | **Path-traversal / confused-deputy SSRF** in the `/api/cal/*` reverse-proxy. The wildcard path was interpolated into the upstream URL while `proxy()` attaches the privileged server-side calibration bearer, so `/api/cal/v1/../../x` (or `..%2f`, `%2e%2e`, leading `/`, `\`, double-encoded `%252e`) could escape the `…/api/` scope **with the token**. | `validate_proxy_path()` decode-then-checks and rejects absolute / backslash / dot-segment / encoded-traversal paths with a typed **400 before the URL is built** (GET **and** POST); legit `v1/...` paths still pass. |
-| 2 | Correctness | **CORS + tracing didn't cover gateway routes** — `/api/homecore/*` + `/api/cal/*` were `.merge()`d outside `homecore-api::router()`'s layers. | The audited HC-05 `build_cors_layer()` + `TraceLayer` are now applied to the whole merged app in `main.rs`. |
-| 3 | Honesty (§6) | **Fabricated data** — hardcoded `anomaly.threshold: 0.5` in the adapter; dashboard rendered `"null%"`/`"null°C"`; COG Hailo pill hardcoded `"connected"`; `rooms.js` defaulted a null threshold to `0.8`. | Threshold passes through the real upstream value or emits `null` (withheld); dashboard renders `—`; the Hailo pill reflects the real appliance probe; the UI treats a null threshold as withheld. |
-| 4 | Robustness | A string `hef` (forwarded verbatim) threw on `.forEach`/`.join`; `frames/target` could be `NaN%`/`Infinity%`; calibration Restart leaked the baseline `setTimeout` poll. | `asArray()` coercion; `target > 0` guard; cancellable poll cleared on Restart / panel teardown. |
-| 5 | Perf | Sequential per-bank RoomState fetches; blocking `std::net::TcpStream::connect_timeout` probes on an async handler; `mock.js` statically bundled. | Concurrent `futures::join_all`; async `tokio::net::TcpStream` + `timeout`; demo-only dynamic `import()` of `mock.js`. |
-
-**Known limitations carried forward (not regressions):**
- **`reqwest` rustls-only is a workspace-wide concern.** `homecore-server` opts into `rustls-tls` only, but cargo feature-unification means any sibling crate enabling the default `native-tls` re-introduces OpenSSL into the final binary. A true "no OpenSSL on the appliance" guarantee requires aligning **every** reqwest-pulling crate on rustls-only — out of scope for this PR; documented at the dependency in `Cargo.toml`.
- **DEV-mode auth.** When `HOMECORE_TOKENS` is unset, the token store falls back to `allow_any_non_empty()` (any non-empty bearer accepted) on `0.0.0.0`. This is pre-existing and intentionally **unchanged** here; the loud boot `warn!` is retained. Provision real tokens (`HOMECORE_TOKENS=…`) before exposing the server to a network.
@@ -120,42 +120,6 @@ tested; P3 is planned.
  HOMECORE-API (ADR-130, P3); automation conditions on historical state are
  HOMECORE-automation (ADR-129, P3).

-## 3a. Security review (2026-06, post-ADR-154–159 sweep)
-
-A beyond-SOTA security review of `homecore-recorder` covered SQL injection, retention/purge
-correctness, fail-closed write integrity, semantic-store NaN poisoning, and PII exposure.
-
-**Confirmed clean (with evidence):**
-
- **SQL injection — clean.** Every query in `db.rs` uses bound `?` parameters; no user- or
-  entity-influenceable value is interpolated into SQL via `format!`/concatenation. The only
-  `format!` builds the `LIKE` *pattern* string, which is itself **bound** as a parameter with
-  `ESCAPE '\\'` and `% _ \` escaping — so a metacharacter payload is matched literally. Pinned
-  by `malicious_entity_id_is_stored_literally_not_executed` (a `'; DROP TABLE states; --` state
-  value leaves the table intact and round-trips verbatim) and
-  `like_metacharacters_in_query_are_literal_not_wildcards`.
- **NaN-index poisoning — structurally impossible.** Embeddings are SHA-256 → `i32` →
-  `f32`; an `i32`→`f32` cast is always finite (never NaN/Inf), and an all-zero-digest is
-  guarded by the `norm > 1e-10` check. Empty-index search, empty-string query, and `k=0` were
-  probed and all return `Ok(0)` with no panic. (Unlike the calibration/vitals/geo paths, no raw
-  sensor float ever reaches the index.)
- **Fail-closed writes.** A removal event returns `Ok(None)`; semantic-index failure is logged,
-  not propagated, so it never blocks the durable SQLite write; `EntityId` parse failure falls
-  back to a sentinel rather than panicking.
-
-**Fixed (real bounding bugs):**
-
- **Memory-DoS — `get_state_history` was unbounded.** No `LIMIT`, so a wide time window over a
-  high-frequency entity loaded an unbounded row set into memory. Now capped at
-  `MAX_HISTORY_ROWS` (1,000,000); sibling search paths were already `k`-bounded.
- **Disk-DoS / documented-but-missing `purge`.** The README advertised `Recorder::purge`, but
-  no retention path existed → unbounded disk growth. Added a **transactional** `purge(older_than)`
-  with an **exclusive** cutoff (idempotent, no off-by-one) that deletes old `states`/`events` and
-  GCs orphaned `state_attributes` blobs (dedup-shared blobs kept until their last referrer is gone).
-
-`homecore-recorder` tests: 19 → 25 (`--no-default-features`) / 25 → 31 (`--features ruvector`),
-0 failed. Python deterministic proof unchanged (recorder is off the signal proof path).
-
 ## 4. Links

 - Crate: `v2/crates/homecore-recorder/` — `Cargo.toml`, `README.md`, `src/lib.rs`,
@@ -174,71 +174,3 @@ vs. an in-memory array at compile time), which intersects with ADR-084 (RabitQ)
 | **P1** (this ADR) | `intent`, `recognizer` (regex), `handler` (5 built-ins), `runner` (trait + noop), `pipeline` (end-to-end wiring), 10–15 tests |
 | **P2** | Real `tokio::process::Child` runner with Windows-safe teardown; `SemanticIntentRecognizer` with ruvector HNSW |
 | **P3** | STT/TTS bridge, satellite protocol, cloud fallback |
-
---
-
-## 6. Security review (beyond-SOTA, untrusted-input → action path)
-
-A focused security review of the Assist pipeline — `utterance → recognizer →
-intent → handler → action`, plus `RufloRunner` — treating the utterance as
-untrusted input (voice transcripts, the WebSocket `assist` command). This
-surface was not covered by the ADR-154–159 sweep.
-
-### 6.1 Finding fixed — HC-ASSIST-01 (unbounded-utterance DoS, LOW)
-
-Both `RegexIntentRecognizer::recognize` and the semantic `recognize_scored`
-accepted utterances of **unbounded length** and ran `to_lowercase()` (a full
-clone) + a per-registered-pattern scan (and, in the semantic path, full
-tokenisation + feature-hash embedding) before any bound — an allocation/CPU
-amplification on attacker-controlled input. The `regex` crate is **linear-time**
-(RE2-style finite automaton, no catastrophic backtracking), so this was a
-throughput/memory DoS, not a hang.
-
-**Fix:** `MAX_UTTERANCE_BYTES = 4096` (far above any real spoken command),
-checked at **both** recognizer boundaries *before* any allocation/scan. An
-over-length utterance **fails closed** to `Ok(None)` — no intent, no action,
-identical to an unrecognised phrase — so it can never be coerced into firing a
-handler. Pinned by `over_length_utterance_fails_closed` (an over-length
-utterance that *contains* a valid command resolves to `None`, which would have
-matched on the old code) and `over_length_utterance_fails_closed_semantic`.
-
-### 6.2 Dimensions confirmed clean (with evidence)
-
- **Command / argument injection — NO SUBPROCESS SURFACE.** The `RufloRunner`
-  has exactly two impls: `NoopRunner` (no process) and `LocalRunner` (runs the
-  local recognizer, no process). There is **no** `std::process` / `tokio::process`
-  / `Command` / process `.spawn()` anywhere in the crate — the trait `spawn` is
-  only a `started: bool` lifecycle flag — and `RufloRunnerOpts.{script_path,env}`
-  are **inert data, never consumed**. The live `node ruflo-agent.js` runner is
-  genuinely data-gated/future (P2). Defence-in-depth: the `entity_id` capture
-  class `[a-z_][a-z0-9_ .]*` **excludes every shell/SQL metacharacter**, so even
-  when an injection-shaped utterance resolves (the regex is not exact-anchored),
-  the captured slot is a clean token — sanitisation by construction. Pins:
-  `shell_metachars_never_survive_into_a_resolved_slot`,
-  `runner_opts_are_inert_no_process_spawned`,
-  `pipeline_injection_shaped_utterance_carries_no_metachars_to_service`.
- **ReDoS — STRUCTURALLY IMPOSSIBLE.** `regex 1.12.3` (no `fancy-regex` in the
-  dependency tree) is linear-time; a classic `(a+)+$` shape on adversarial input
-  completes in bounded time. Pin:
-  `pathological_backtracking_pattern_completes_in_bounded_time`. Patterns are
-  operator-registered, not user-supplied, in any case.
- **NaN-poisoning — EMBEDDINGS STRUCTURALLY FINITE.** The embedding path takes
-  only `&str` and produces values via FNV feature-hashing + a guarded L2
-  normalise (`norm > 1e-12`); no external float input, no unguarded division, so
-  a crafted utterance cannot inject NaN/Inf to poison the cosine k-NN. Cosine
-  against the zero vector is a finite `0.0`; an empty index `max_by` returns
-  `None` (no panic); the NaN-safe `partial_cmp().unwrap_or(Equal)` is already in
-  place. Pins: `embeddings_are_structurally_finite`,
-  `cosine_with_zero_vector_is_finite_not_nan`,
-  `empty_utterance_against_empty_index_no_panic_no_match`.
- **Intent confusion / fail-closed.** An unrecognised utterance → `not_understood()`
-  (no service call); a recognised intent with no registered handler →
-  `not_understood()`; semantic below-threshold / empty-index → regex fallback.
-  No default high-privilege intent, no fail-open path.
- **Panic-on-input.** No `unwrap`/`expect`/index reachable from a crafted
-  utterance; the one `exemplars[id]` index uses an `id` from `enumerate()` over
-  the append-only exemplar `Vec` (no remove API), so it is always in bounds.
-
-`cargo test -p homecore-assist --no-default-features`: **29→36, 0 failed** (+7);
-default/`semantic`: **39→48, 0 failed** (+9). Python deterministic proof
-unchanged (homecore-assist is off the signal proof path).
@@ -495,34 +495,3 @@ Rejected. `ViewpointFusionEvent` (viewpoint/fusion.rs lines 183–219) is an int
 **Integration glue -- not yet on the live path:** emission of `CalibrationIdMismatch` / `DriftProfileConflict` / `PhaseAlignmentFailed` once `calibration_id` propagation and the phase-align convergence signal are threaded onto frames; the BFLD witness record emitted on privacy demotion.

 **Trust contribution:** sensor *agreement made explicit* -- fusion records the evidence it relied on, and any disagreement automatically tightens the downstream privacy class.
-
---
-
-## Witness Integrity Review (2026-06-14) — domain-separation fix
-
-A beyond-SOTA security review of `wifi-densepose-engine` (the composition root
-that builds the §2.7 trust witness in `witness_of`) found a real **witness
-domain-separation gap**, now fixed.
-
-**Finding (witness-gap, HIGH).** `witness_of` concatenated `model_version`,
-`calibration_version`, and `privacy_decision` boundary-to-boundary, and the
-variable-length `evidence` list carried no explicit count. A string straddling a
-field boundary therefore collided with a *different* trust decision —
-e.g. a per-room adapter id (ADR-150 §3.4, operator-influenceable) that absorbs
-the leading bytes of the calibration epoch (`model="…cal:00a"`, `cal="b"`)
-produces the **same** witness as `model="…"`, `cal="cal:00ab"`. Two distinct
-privacy-relevant input tuples → one witness defeats the "any privacy-relevant
-delta → different witness" guarantee this ADR's §2.7 witness exists to provide.
-
-**Fix.** The witness now (a) prepends a domain tag `ruview.engine.witness.v1`,
-(b) writes an explicit 8-byte evidence count, and (c) **length-prefixes every
-field** (8-byte LE length ‖ bytes), so field framing is unambiguous regardless
-of contents. This is a witness-layout change (all prior witness bytes are
-invalidated by design); downstream consumers only assert witness *relationships*
-(`assert_ne`/`assert_eq` across runs), not absolute bytes, so nothing breaks.
-
-Pinned by `witness_distinguishes_model_calibration_boundary` and
-`witness_distinguishes_evidence_model_boundary` (both fail on the old
-concatenation). Witness **determinism** was reviewed and confirmed clean: no
-HashMap iteration and no float formatting feed the hash (floats appear only in
-the `SemanticState` statement, which is outside the witness).
@@ -599,53 +599,3 @@ Per ADR-028/ADR-010, three rows are added to the witness log:
 **Integration glue -- not yet on the live path:** wiring the registry into `PrivacyGate` class transitions, the MQTT discovery payload, and a read-only Home Assistant diagnostic entity exposing the active mode + proof hash.

 **Trust contribution:** the *policy spine* -- privacy posture is a tamper-evident, auditable chain rather than a checkbox; an operator's mode choice actively governs whether identity data may even exist.
-
---
-
-## Privacy Monotonicity Review (2026-06-14) — confirmed clean
-
-A beyond-SOTA security review of the governed-trust cycle
-(`wifi-densepose-engine::StreamingEngine::process_cycle_calibrated`) examined
-the privacy-demotion path this ADR governs. **The monotonicity invariant holds:
-demotion only ever makes the emitted class more restrictive, never less.**
-
-Verification (no behaviour change, the result is a clean bill with evidence):
-
- Each cycle computes `effective_class` fresh from the active mode's
-  `target_class()` (the floor) and applies at most a **single-step** demotion
-  (`demote_one`, clamped at `Restricted`). There is no cross-cycle state that
-  could let a permissive class overwrite a restrictive one.
- A forced contradiction (calibration mismatch / array-geometry insufficiency /
-  mesh partition risk, ADR-032) raises the class byte; a clean cycle emits
-  exactly the base class.
- Pinned by `forced_contradiction_never_relaxes_class`, a property test over
-  **all five** `PrivacyMode`s asserting `effective_class.as_u8() >=
-  base_class.as_u8()` (strictly greater unless already clamped at `Restricted`)
-  under a forced contradiction, and `== base` on a clean cycle.
-
-Fail-closed boundaries were also pinned: an empty cycle errors (no degenerate
-over-permissive output, `empty_cycle_fails_closed`) and the single-node boundary
-is characterized as a valid non-demoting mode (`single_node_cycle_is_well_formed`).
-
-The related witness domain-separation fix from the same review is recorded in
-ADR-137 (the witness folds `effective_class`, so the demotion is auditable).
-## Security & Privacy Review (2026-06-14)
-
-Beyond-SOTA privacy+security review of `wifi-densepose-bfld` (the crate was not in the ADR-154–159 sweep). Two real bugs fixed (each pinned by a fails-on-old test), several dimensions confirmed clean.
-
-### Findings
-
-| # | Severity | Site | Issue | Fix | Pinned by |
-|---|----------|------|-------|-----|-----------|
-| 1 | **privacy-bypass (HIGH)** | `pipeline.rs::process_to_frame` | The documented wire-bytes production path stamped the frame header with the active `PrivacyClass` but serialized the caller's `BfldPayload` **unchanged** via `BfldFrame::from_payload` — never routing through `PrivacyGate::demote`. A frame labeled `Anonymous`(2)/`Restricted`(3) carried the full `compressed_angle_matrix` (identity surface) + amplitude/phase + `csi_delta`. A `NetworkSink` accepts class ≥ `Derived`(1), so the identity surface could cross the node boundary despite the restrictive class byte — the byte lied about content. | Apply `PrivacyGate::demote(frame, active_class)` after construction: a same-class transition that strips the sections the class forbids; `Raw`/`Derived` keep the full payload. | `tests/pipeline_to_frame.rs::process_to_frame_at_anonymous_strips_identity_leaky_sections`, `…_in_privacy_mode_strips_amplitude_and_phase` (both FAILED pre-fix); `…_at_derived_preserves_full_payload` (over-strip guard) |
-| 2 | **PII/injection (MEDIUM)** | `mqtt_topics.rs::render_events` | `zone_activity` payload built as `format!("\"{zone}\"")` with no JSON escaping (while `ha_discovery.rs` already escapes). A zone name with `"`/`\` produced malformed/injectable JSON on the HA state topic. | `json_string_literal()` escaper mirroring `ha_discovery::push_str_field`. Value-identical for normal zone names. | `tests/mqtt_topic_routing.rs::zone_payload_escapes_json_metacharacters` (FAILED pre-fix) |
-
-### Dimensions confirmed clean (with evidence)
-
- **Event-field privacy gating** — `BfldEvent::apply_privacy_gating` nulls `identity_risk_score` + `rf_signature_hash` at `Restricted`, and `serde(skip_serializing_if = "Option::is_none")` omits them entirely. `render_events`/`render_discovery_payloads` refuse class < `Anonymous` (stricter than the `sink.rs` `NetworkKind` `MIN_CLASS = Derived` — defense in depth toward less leakage). Covered by `event_privacy_gating.rs`, `mqtt_topic_routing.rs`, `ha_discovery.rs`.
- **Witness/hash framing (the engine `witness_of` bug class)** — CLEAN. `SignatureHasher::compute` prefixes a **fixed 4-byte** `day_epoch` then a **fixed-width canonical-f32** feature block (`IdentityFeatures`: Embedding = `EMBEDDING_DIM*4`, RiskFactors = 16 B). `PrivacyAttestationProof::compute` hashes a fixed 32-byte `prev_hash` + three fixed 1-byte values. No variable-length operator-influenceable string is concatenated into any digest — no length-prefix-framing collision is possible.
- **Fail-closed** — `payload.rs::from_bytes` rejects truncated/overflowing/trailing-byte sections (`checked_add`, bounds checks); `frame.rs::from_bytes` validates magic/version/length/CRC; `PrivacyClass::try_from` rejects unknown bytes; `identity_risk::score` maps NaN/degenerate factors → 0.0 (privacy-conservative). The `from_score(NaN) → Accept` choice is a documented, deliberate publish-aggregate-only fallback (NaN never reaches it from `score()`); risk-driven NaN cannot leak identity because identity gating is class-byte-driven, not risk-driven.
-
-### Observation (not a bug)
-
-The ADR-141 control plane (`PrivacyMode`/`PrivacyModeRegistry`) is **not yet wired into the emit path** — the emitter/pipeline enforce the raw `PrivacyClass` directly; the registry is exported + unit-tested but advisory. This matches the "Integration glue — not yet on the live path" status above. The class-byte enforcement (emitter + event + renderers + the now-fixed `process_to_frame`) is the live guarantee. Wiring the registry is the documented next step.
@@ -253,54 +253,6 @@ Validation per CLAUDE.md: `cargo test --workspace --no-default-features` green;

 ---

-## 6. Review notes
-
-### 6.1 Correctness + security review (2026-06-14)
-
-Beyond-SOTA correctness+security review of `wifi-densepose-calibration` (this
-ADR's pipeline), un-covered by the ADR-154–159 sweep.
-
-**Finding (FIXED) — NaN-poisoning of the feature path (numerical / fail-closed).**
-`Features::from_series` — the carrier for both live inference and training-anchor
-extraction — computed `mean`/`variance`/`motion` over the raw scalar series with
-no non-finite guard. A single `NaN`/`±inf` sample (corrupt CSI frame) yielded
-`mean=NaN, variance=NaN` and an all-`NaN` prototype embedding. Persisted into a
-`PresenceSpecialist::threshold`/`empty_mean` at train time, the `NaN` **silently
-disabled presence detection** for the bank's lifetime (every `>` / `|·|`
-comparison against `NaN` is false → always reads *absent*, confidence 0), with no
-error — and an asymmetry against the rigorously NaN-guarded `geometry_embedding`.
-Fixed at the production boundary: non-finite samples are dropped (a corrupt frame
-counts as no frame), an all-non-finite series degrades to `Features::ZERO` like
-the empty series. Value-identical for all-finite input (full-loop + extract tests
-unchanged); pinned by `non_finite_samples_do_not_poison_features` and
-`all_non_finite_series_is_zero` (both fail on the old code).
-
-**Clean dimensions (evidence, no invented issues).**
- *File/path handling:* the crate performs **zero** file/path I/O (no
-  `std::fs`/`Path`/`File`/`read`/`write` in `src/`; only in-memory `serde_json`).
-  Path-traversal / unbounded-read / artifact-path handling live entirely in the
-  `wifi-densepose-cli` consumer (`room.rs`), outside this crate's boundary.
- *Untrusted-load:* `SpecialistBank::from_json` shape-validates via serde
-  (malformed → `CalibrationError::Serde`); banks are local-first (invariant B),
-  never network-received. A well-formed bank with adversarial numerics is trusted
-  as-is — acceptable under the local-first threat model; a validate-on-load
-  defense-in-depth pass is a possible future hardening, not a present bug.
- *Receipt/hash integrity:* the crate emits no hash/receipt/witness/signature, so
-  the unframed-concatenation bug class (cf. the engine `witness_of` fix) is
-  structurally absent.
- *Other numerical paths:* `geometry_embedding` sanitizes every input and sweeps
-  to finite; presence/restlessness/anomaly divisions are `.max(1e-3)`-guarded;
-  `autocorr_dominant` guards `r0`, short signals, and empty bands; `train` rejects
-  empty anchors; anomaly requires ≥2 anchors.
-
-De-magicked the bare specialist threshold literals (breathing/heartbeat default
-min-scores, anomaly outlier-spread multiple + label cutoff) into named documented
-consts, value-identical, pinned by const-equality tests. Tests
-**58→62 unit + 1 integration, 0 failed**; Python deterministic proof unchanged
-(off the signal proof path).
-
---
-
 ## 5. Summary

 > Big models understand the world. Small ruVector models understand *your room*.
@@ -231,8 +231,6 @@ Catalogued so nothing is silently dropped. Priority: **P1** correctness-adjacent

 > **Horizon-ledger one-liner.** Milestone-0 DONE: dead CIR gate (FIXED+proved), NaN/inf adversarial bypass (FIXED+proved), divide-by-(n−1) window trio (FIXED+proved), calibration dead-branch (FIXED), PSD FFT-planner cache (MEASURED), DTW band (MEASURED). **Milestone-1 DONE (2026-06-13): all four P1 backlog items cleared — circular phase variance #1 (RESOLVED/MEASURED metric, DATA-GATED threshold), Welford n=0 guard #10 (RESOLVED/MEASURED), threshold magic-constants #9 & #13 (RESOLVED-PARTIAL/DATA-GATED — de-magicked + boundary-tested, values unchanged).** **Milestone-2 DONE (2026-06-13): bench-first P2 perf subset + missing boundary tests cleared — spectrogram per-subcarrier FFT re-plan #20 (MEASURED-HOT, 1.40–1.84×, bit-identical); attention/tomography/Kalman #5/#6/#7 (MEASURED-NULL — benched, not hot, left as-is); field_model eigendecompose #8 (MEASUREMENT-ONLY, BLAS un-buildable on this Windows host, number deferred to a BLAS box, NOT fabricated); fft_operator tolerance #14, phase-align convergence-cap #16, csi-ratio epsilon #19 (RESOLVED, tests added).** **Milestone-3 DONE (2026-06-13): the lumped §7.4 row #21–45 P3 backlog cleared, and with it residual P3 items #2/#12/#17/#18 — 22 magic constants de-magicked into named EMPIRICAL-DEFAULT consts (each pinned == prior literal) + 6 boundary/characterization tests across 11 modules; ~4 doc-only; not-real findings (unreachable attractor_drift div0, non-existent gesture thresholds, proof-path features.rs) reported + skipped, no churn; no operating value changed; workspace 3,275/0, Python proof bit-exact `f8e76f21…`.** **§7.4 deferred backlog is now FULLY CLEARED across M0–M3 — nothing silently dropped.**

-> **Sibling-crate sweep extension (2026-06-14) — `wifi-densepose-geo` + `wifi-densepose-pointcloud`.** The ADR-154-class numerical-robustness sweep (non-finite-input-poisons-persistent-state + divide-by-zero / asin-domain / degenerate-geometry) was extended to two crates *outside* this ADR's signal scope. **Two real `geo` bugs FIXED, each fails-on-old-pinned:** `terrain.rs::parse_hgt` usize-underflow panic on empty/sub-2x2 SRTM data (`1.0/(side-1)` → panic in debug / inf `cell_size_deg` poisoning `ElevationGrid::get` in release — a truncated download / 404 HTML body reaches it; now `bail!`s when `side < 2`); `coord.rs::haversine` `asin(>1)→NaN` for near-antipodal points (`h` rounds to `1.0+4e-16`; clamped to `[0,1]`). The ±90° pole `cos(lat)=0` ENU singularity is pinned no-panic without changing the transform. **`pointcloud` is confirmed-robust (no manufactured finding):** its only persistent auto-accumulating state (`occupancy` EMA + vitals) is fed solely by the integer-rssi/`sqrt`/`atan2` parser (always finite) and is provably self-healing even under an adversarial NaN/inf `CsiFrame` (`motion_score=(NaN/100).min(1.0)→1.0`; breathing `→0→clamp(5,40)→5.0`) — pinned by `nonfinite_frame_does_not_poison_persistent_state` + degenerate-voxel-fusion no-panic tests. `geo` 9→15 lib / 8 integration; `pointcloud` 18→22; 0 failed; workspace green; Python proof bit-exact `f8e76f21…`. See CHANGELOG `[Unreleased] → Fixed`.
-
 ---

 ## 8. Consequences
@@ -102,7 +102,7 @@ The double-clone elimination is also correctness-neutral: all 100 `viewpoint`/`m

 | # | Candidate | What | Grade | Verdict |
 |---|-----------|------|-------|---------|
-| **1** | **SymphonyQG** (SIGMOD 2025, public code) | Unified quantization + graph ANN; source reports **3.5–17× QPS over HNSW at equal recall**, pure-CPU / edge-portable. | **MEASURED-direction-tested** (was CLAIMED) — **[ADR-261](ADR-261-ruvector-graph-ann-index.md)** built the missing HNSW baseline + a SymphonyQG-style 1-bit quantized-traversal variant and **measured** the ratio on our hardware. | **DONE — direction REFUTED at our scale (honest negative).** ADR-261 built the real HNSW baseline (**~25× QPS over linear scan at recall ≥0.99**, the substrate this row wanted) and a quantized variant. At N=10k the 1-bit Hamming traversal is **too coarse** — its best recall is 0.738, never reaching the ≥0.90 equal-recall point, so **no QPS win over float HNSW** (the SymphonyQG 3.5–17× is *not* reproduced by our 1-bit construction here). Caveat: **our HNSW + our 1-bit quant, not SymphonyQG's system**; expected crossover at large N + a multi-bit code. We did **not** tune to manufacture a speedup. |
+| **1** | **SymphonyQG** (SIGMOD 2025, public code) | Unified quantization + graph ANN; source reports **3.5–17× QPS over HNSW at equal recall**, pure-CPU / edge-portable. | **CLAIMED** (author-measured; **not reproduced on our hardware** — reproduction is future work) | **Lead beyond-SOTA candidate for the ruvector ANN path.** Propose as ACCEPTED-future; cite honestly as "claimed by source, reproduction pending." Best fit because the ruvector retrieval path (AETHER re-ID, sketch prefilter) is exactly an ANN problem and SymphonyQG is CPU/edge-portable like our deployment. |
 | **2** | **Multi-bit / Extended RaBitQ + unbiased estimator** | Extends our existing **1-bit** `sketch.rs` (ADR-084): Pass-2 rotation, multi-bit Pass-3, and the **real RaBitQ unbiased distance estimator** (Gao & Long SIGMOD 2024) reranking the candidate set from the 1-bit code + 8 B/vec side info (§11). | **MEASURED-on-our-hardware** (was CLAIMED) — rotation (§10), multi-bit (§10), and the estimator (§11) all implemented + benchmarked. Rotation lifts strict-K 36%→46%; multi-bit (≤4-bit) reaches 74% strict; **the estimator reaches 49.71% strict (cosine rerank), still short of 90%.** All clear 90% only with over-fetch (estimator improves the factor: 95% at candidate_k=24 vs sign 91.6%). | **DONE — RESOLVED-PARTIAL / NEGATIVE.** Rotation (§10) + estimator (§11) built and MEASURED. The honest negative (no strict-bar 90% from rotation, ≤4-bit, **or the unbiased estimator**) is recorded, not hidden. Over-fetch + Pass-2 is the path that meets the bar (ADR-084's "candidate set" pattern); the estimator lowers the over-fetch factor needed. |
 | **3** | **GraphPose-Fi-style learned antenna-attention + ChebGConv fusion head** | Would replace the current **untrained identity-projection + mean-pool** "attention" (the `CrossViewpointAttention` default is `ProjectionWeights::identity` — not a *learned* attention) with a learned graph fusion head. | **DATA-GATED** (per ADR-152 measurement (b): architecture is **NOT** the current bottleneck — **data is**) | **ACCEPTED-future, data-gated. Do NOT build now.** ADR-152's measured lesson was that swapping architecture without more/better paired data does not move PCK. Building a learned fusion head before the data exists would repeat the mistake ADR-155 §5 also flagged for GraphPose-Fi. |
 | — | **Cramér-Rao / sensor-placement** (`geometry.rs` CRB) | Investigated for a 2026 advance beating the textbook Fisher-information CRB already implemented. | **Investigated — NO ACTION** | **Cleared honestly.** No 2026 method beats the closed-form Fisher-information CRB for this 2-D bearing problem; our implementation is already correct SOTA. (Recording a negative result is a deliberate anti-slop signal.) The only CRB change this milestone is the §2.3 *GDOP* honesty fix, which is a labelling/quantity correction, not an algorithmic one. |
@@ -138,7 +138,7 @@ The double-clone elimination is also correctness-neutral: all 100 `viewpoint`/`m

 The review surfaced more than this milestone scoped. Tracked here for a future ADR-156 milestone:

- **SymphonyQG reproduction** (§5 #1) — **RESOLVED-DIRECTION-TESTED** (see [ADR-261](ADR-261-ruvector-graph-ann-index.md)). The missing HNSW baseline + a SymphonyQG-style 1-bit quantized-traversal variant were built and **MEASURED**: float HNSW is ~25× over linear scan at recall ≥0.99 (the baseline this gap needed), but our 1-bit quantized traversal is **too coarse to beat float HNSW at equal recall at N=10k** (best recall 0.738) — the 3.5–17× is **not reproduced** by our construction. Honest negative recorded; expected crossover is large N + a multi-bit traversal code. (Caveat: our HNSW + our 1-bit quant, not SymphonyQG's exact system.)
+- **SymphonyQG reproduction** (§5 #1) — reproduce the 3.5–17× QPS-over-HNSW claim on our hardware before integrating into the ruvector ANN path. Currently CLAIMED-only.
 - **Multi-bit / Extended RaBitQ** (§5 #2) — **RESOLVED-PARTIAL** (see §10). Pass-2 randomized rotation (FHT + seeded ±1 sign flips, `src/rotation.rs`) and a multi-bit Pass-3 experiment landed and were MEASURED against the ADR-084 ≥90% bar. **Honest result: rotation helps (+10pp at the strict bar) and Pass-2 reaches 90% with ~3× over-fetch, but NEITHER rotation nor multi-bit (up to 4-bit) clears the strict candidate_k==K 90% bar on the tested anisotropic distribution.** The original `1-bit sign quantization ships first; rotation/more-bits later if benchmark-measured top-K coverage drops below 90%` deferral is therefore retired: the rotation is built, the bar is characterised, and the residual gap is documented rather than deferred.
 - **Learned cross-viewpoint fusion head** (§5 #3, GraphPose-Fi-style) — **data-gated**: blocked on the paired multi-room data ADR-152 measurement (b) identified as the real bottleneck; do not build the architecture first.
 - **`CrossViewpointAttention` learned projections** — the default `ProjectionWeights::identity` + mean-pool is honest but unlearned; wiring real learned Q/K/V projections is part of the data-gated item above (no learned weights ⇒ the "attention" is currently a geometric-bias-weighted average, which the code/docs should keep stating plainly).
@@ -265,74 +265,3 @@ Result at time of writing (all 0 failed):
  perform (B5).
 - Files kept under the 500-line guideline (`engine.rs` 462; behavioral tests
  moved to `tests/engine_behaviors.rs`).
-
-## Addendum — `homecore-api` follow-up security review (beyond-SOTA pass)
-
-A later network-facing review of `homecore-api` (the remote REST + WS attack
-surface) — independent of the ADR-154–159 sweep — found and fixed two real
-issues the original M7 pass (which focused on the WS auth bypass HC-WS-01, the
-reply-theater HC-WS-02, and the bin token provisioning HC-WS-08) did not catch.
-Both are LOW severity and reported at true severity.
-
-### HC-API-AUTH-01 — `GET /api/` was unauthenticated (FIXED)
-
-`rest::api_root` took no headers and unconditionally returned
-`200 {"message":"API running."}`, while every sibling route gates on
-`BearerAuth::from_headers`. HA's `APIStatusView` inherits `requires_auth = True`,
-so `/api/` must return **401** for a missing/wrong bearer. HA clients use the
-status route as a token-validation probe; a 200 told a bad-token client its
-token was valid and let an unauthenticated party confirm a live endpoint.
-LOW severity (the body is a static string; no entity/state data leaks).
-
-**Fix:** `api_root(headers, State)` now validates the bearer like `get_config`.
-**Pinned by** (fail-on-old, `tests/server_bin_auth.rs`):
-`api_root_rejects_missing_bearer`, `api_root_rejects_wrong_bearer` (both 200→401),
-guarded by `api_root_accepts_correct_bearer` (still 200 with a valid token).
-
-### HC-WS-LAG-01 — `subscribe_events` killed the stream on a broadcast lag (FIXED)
-
-The per-subscription task matched `Err(_) => break` on both broadcast
-`recv()` arms. `RecvError::Lagged(n)` (a slow consumer falling
->`EVENT_CHANNEL_CAPACITY` = 4,096 events behind) is **recoverable** — the bus
-doc says "Lagged receivers must re-sync" and HA keeps the subscription alive
-across a lag. The old code treated the first lag as fatal, so after an event
-burst the client's stream went permanently silent with no error frame — a
-self-inflicted event-delivery DoS under load.
-
-**Fix:** `Lagged(_) => continue` (skip the dropped window, re-sync),
-`Closed => break`, on both the system and domain arms of the `select!`.
-**Pinned by** `subscription_survives_broadcast_lag` (`tests/ws_handshake.rs`):
-subscribes to a filtered event type, floods 6,000 unrelated events past the
-4,096 capacity to force a `Lagged`, then asserts a subsequent subscribed event
-is still delivered (old code: 5s-timeout panic).
-
-### Dimensions confirmed clean (with evidence)
-
- **AuthN/AuthZ** — all 7 other REST handlers gate on `BearerAuth::from_headers`
-  → `LongLivedTokenStore::is_valid` before any work; the WS handshake validates
-  the `auth` token against the same store before the command loop, and
-  privileged commands are unreachable pre-`auth_ok`. Token compare is
-  `HashSet::contains` (content-independent timing — not the byte-`==` oracle of
-  ADR-157 §B4), so no timing-oracle finding. No route skips the gate; no
-  result-ignored check; no default/empty token accepted.
- **Path traversal** — no route maps user input to a filesystem path (state is an
-  in-memory `DashMap`); `:entity_id` passes through `EntityId::parse`, a strict
-  `[a-z0-9_]+\.[a-z0-9_]+` ASCII allowlist that rejects `..`, `/`, `\`, and
-  absolute paths. No traversal surface.
- **Injection** — no SQL, no shell/subprocess, no `format!`-into-response;
-  service/state bodies are typed `serde_json::Value` handed to the in-process
-  registry (HA-equivalent).
- **Info-leak** — `ApiError` maps to fixed status + a typed `{message}`;
-  `ServiceError::HandlerFailed(String)` is integration-controlled (HA surfaces
-  the handler error too), never framework internals/paths/stack-traces — no
-  ADR-080-class leak.
- **CORS** — explicit allowlist with `allow_credentials(false)` (HC-05),
-  not `permissive()`.
- **De-magic** — no bare security-relevant literals in the crate worth
-  extracting (`EVENT_CHANNEL_CAPACITY` is already named in `homecore`; CORS
-  dev-default ports are documented).
-
-**Tests:** `homecore-api --no-default-features` **25 → 29** (+2 api-root auth,
-+1 api-root accept-guard, +1 WS lag-survival), 0 failed. Workspace green.
-Python deterministic proof unchanged (homecore-api is off the signal proof
-path).
@@ -78,23 +78,6 @@ converts the entity registry; full conversion of the remaining artifacts is defe

 - `MigrateError` carries context (`path`, line/field) for I/O, JSON, YAML, missing-field,
  unsupported-schema-version, and entity-id parse failures (`src/lib.rs`).
- **Secret-leak hardening (security review, 2026-06).** `secrets.yaml` parse failures must
-  NOT use the generic `MigrateError::YamlParse { source }` variant: `serde_yaml`'s message
-  for a typed-tag coercion error (e.g. `port: !!int <value>`) embeds the offending scalar
-  verbatim (`invalid value: string "<the-secret-value>"`), and that error propagates through
-  the `InspectSecrets` CLI path to stderr — leaking a secret value despite the CLI's
-  deliberate `<redacted>` design. `read_secrets` now maps such failures to a dedicated
-  redacting variant `MigrateError::SecretsParse { path, line, column }` that carries only the
-  file path and a coarse location (`serde_yaml::Error::location()`), never the scalar content.
-  Pinned by `secrets::tests::malformed_secrets_error_never_contains_secret_value` (asserts the
-  rendered error **and its full `#[source]` chain** never contain the secret value).
-  **Review dimensions confirmed clean with evidence:** source is never mutated (no
-  `fs::write`/`remove`/`create` anywhere — P1 reads source, writes nothing); paths are
-  user-supplied dirs joined with fixed filenames (no `..`/absolute traversal beyond the
-  user's own privileges); malformed/typed/truncated `.storage` JSON and YAML **error, never
-  panic** (every production `unwrap`/`expect` is test-only); unknown schema `minor_version`
-  hard-errors fail-closed; no SQL/shell/path injection surface (the tool emits diagnostics
-  only, persists nothing in P1).

 ### 2.5 Deferred to P2+ (NOT built — honestly labelled)

@@ -106,9 +89,7 @@ converts the entity registry; full conversion of the remaining artifacts is defe

 ### 2.6 Test evidence (as shipped)

- 21 tests (`cargo test -p homecore-migrate`) — 19 as originally shipped plus 2 added by the
-  2026-06 security review (`secrets::tests::malformed_secrets_error_never_contains_secret_value`,
-  `malformed_secrets_error_reports_location`).
+- 19 tests (`cargo test -p homecore-migrate`), per the crate README badge.

 ## 3. Consequences

@@ -1,117 +0,0 @@
-# ADR-172: `wifi-densepose-cli` + `wifi-densepose-core` CSI-Deserialiser Security Review
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — clean-with-evidence, 4 regression pins added |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **CSI-DESERIALISER-HARDENING** |
-| **Supersedes / amends** | none (records review; references ADR-127 §9 for the `core` portion, ADR-136 for the pre-existing DoS ACs) |
-
-## Context
-
-The beyond-SOTA security sweep (branch `feat/v2-beyond-sota-sweep`) reviewed each
-`v2/` crate for real, reproducible defects. Two crates had no prior dedicated
-security ADR:
-
- **`wifi-densepose-core`** — the dependency root for all 12 downstream crates
-  (types, traits, error types, CSI frame primitives). A defect here is a
-  force-multiplier: every consumer inherits it.
- **`wifi-densepose-cli`** — the user-facing entrypoint
-  (`calibrate`/`calibrate-serve`/`enroll`/`train-room`/`room-watch` + MAT-gated),
-  which parses untrusted UDP CSI packets and operator-supplied paths.
-
-A **specific hypothesis** motivated the core review. Three earlier reviews in
-this campaign found a systemic **NaN-state-poisoning bug class** in crates that
-depend on core (`wifi-densepose-calibration`, `-vitals`, `-geo`): a non-finite
-(NaN/Inf) input latched into persistent filter/accumulator state (IIR `y1/y2`,
-running mean, Welford/von-Mises accumulator, voxel grid) → silent **permanent**
-feature failure. The load-bearing question for this review: **does that bug class
-originate in a shared `wifi-densepose-core` primitive** (making the right fix a
-single root fix), or was it independently re-implemented in each downstream
-crate (making the three existing local fixes complete)?
-
-## Decision
-
-Record the review outcome and lock in the existing DoS guards with regression
-tests. **No production code is changed** — both crates were already hardened
-(ADR-136 acceptance criteria + `sanitize_room_id`); the gap was *untested*
-guards, which a future refactor could silently remove.
-
-### Load-bearing question — VERDICT: **NO** (the NaN class does not live in core)
-
-`wifi-densepose-core` exposes **no stateful accumulator of any kind** — no
-Welford/running-mean, no von-Mises/circular-mean, no IIR/biquad filter state, no
-voxel grid.
-
- **MEASURED:** `grep` over `core/src` for
-  `welford|von_mises|biquad|y1|y2|running_mean|accumulat|voxel|self.*+=` matched
-  only the `InvalidState` *error* enum variant, "reset state" doc comments, and a
-  test-only LCG — **zero** stateful logic. The only float math in core is
-  construction-time projection (`CsiFrame::new` → amplitude/phase via `mapv`) and
-  pure stateless `utils` functions; nothing persists across frames.
- **Corroboration:** `wifi-densepose-calibration::Features::from_series`
-  (`extract.rs:103–133`) already filters non-finite samples → `Features::ZERO`.
-  The downstream fixes are independently re-implemented, confirming each crate
-  rolls its own accumulator and each local fix is correct and complete. **A fix
-  in core would be a no-op (there is nothing to fix).**
-
-Consequence: the NaN-state-poisoning class is a *downstream-local* pattern, not a
-core-rooted defect. No hidden fourth instance exists in the shared primitive.
-
-### Findings (all pins — guards already present, now tested)
-
-| # | Location | Guard (pre-existing) | Regression pin | Evidence (MEASURED) |
-|---|----------|----------------------|----------------|---------------------|
-| 1 | `core` `types.rs:801` `from_canonical_bytes` | `saturating_mul` shape-vs-length check before `Vec::with_capacity(rows*cols)` | `canonical_decode_oversized_shape_is_bounded_not_allocated` | With guard removed: **panics `capacity overflow` at `types.rs:801`**; with guard: passes |
-| 2 | `core` `types.rs` decoder | typed `CanonicalDecodeError`, never panics | `canonical_decode_never_panics_on_arbitrary_bytes` (fuzz sweep) | panic-free on arbitrary bytes |
-| 3 | `cli` `calibrate.rs:276–291` | length check `buf.len() < 20 + n_pairs*2` before `Array2::zeros(n_antennas*n_subcarriers)` | `test_parse_csi_packet_oversized_claim_is_rejected_not_allocated` | 255×65535 claim in a 2 KB packet → `None` (no allocation) |
-| 4 | `cli` `calibrate.rs` parser | `None`-returning on malformed input | `test_parse_csi_packet_never_panics_on_arbitrary_bytes` (fuzz sweep) | panic-free on arbitrary UDP bytes |
-
-### Dimensions confirmed clean (with evidence)
-
-1. **Panic-on-adversarial-input = 0** — `from_canonical_bytes` returns a typed
-   error for every malformed class; `parse_csi_packet` returns `None`. Both
-   fuzz-swept panic-free.
-2. **NaN handling** — `Confidence::new` rejects NaN
-   (`!(0.0..=1.0).contains(&NaN)` ⇒ `Err`); `compute_bounding_box` /
-   `to_flat_array` are NaN-tolerant (f32 min/max ignore NaN).
-3. **Empty-frame safety** — `amplitude_variance` / `mean_amplitude` are
-   panic-free on an empty `Array2` (ndarray 0.17 returns finite / `None`).
-4. **Unbounded-memory DoS** — bounded in both deserialisers (findings 1 & 3).
-5. **Path traversal** — `calibrate-serve` defends every client-supplied
-   `room_id`/`bank`/`baseline` via `sanitize_room_id` (`[A-Za-z0-9_-]`, 64-char
-   cap) with existing tests; bearer-auth gate + non-loopback-bind warning present.
-   `mat export` writes to an operator-supplied `PathBuf` (acceptable CLI behavior).
-6. **Secrets** — `--token` is read from `CALIBRATE_TOKEN` env, never embedded.
-
-## Validation
-
- `cargo test -p wifi-densepose-core` → **35 → 37** lib passed, 0 failed (+3 doctests)
- `cargo test -p wifi-densepose-cli --no-default-features` → **24 → 26** passed, 0 failed
- `cargo test --workspace --no-default-features` → **exit 0**, 0 failed
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash
-  `f8e76f21a0f9852b70b6d9dd5318239f6b20cbcb4cdd995863263cecdc446f7a` **unchanged**
-  (core/cli are off the signal proof path — confirms no pipeline alteration)
-
-## Consequences
-
-### Positive
- Two CSI deserialisers (the untrusted-input boundary of both the library root
-  and the network-facing CLI) now have their DoS guards pinned against
-  regression — a future refactor that drops a length check fails CI.
- The NaN-state-poisoning class is settled as downstream-local; reviewers no
-  longer need to suspect a shared-root defect, and the three prior local fixes
-  are confirmed complete.
-
-### Negative
- None. Test-only change; no behavior or API change.
-
-### Neutral
- The `core` portion is also noted in ADR-127 §9 (shared security-review log);
-  this ADR is the canonical record for the `wifi-densepose-cli` review.
-
-## Links
- ADR-127 — HOMECORE state machine (shared security-review log, §9)
- ADR-136 — pre-existing CSI deserialiser DoS acceptance criteria
- ADR-151 — per-room calibration (`calibrate`/`calibrate-serve` surfaces)
@@ -1,123 +0,0 @@
-# ADR-173: Metric-Locked PCK/MPJPE Accuracy Harness
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — implemented, deterministically tested |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **METRIC-LOCK** |
-| **Amends** | ADR-155 (generalizes the torso-only `metrics_core::pck_canonical` to a selectable normalization) |
-| **Motivated by** | `docs/research/sota-nn-train-benchmark-brief.md` (PR #1090) |
-
-## Context
-
-The beyond-SOTA SOTA-research brief (PR #1090) identified the single biggest
-threat to any "beyond-SOTA" accuracy claim this project makes: **metric
-ambiguity**. Three PCK@20 numbers circulate, computed under three *different and
-unstated* normalizations, so they cannot be compared:
-
- **96.09–96.61%** — WiFlow-STD reproduction, **image/bounding-box-normalized** PCK (the looser convention).
- **81.63%** — an internal MM-Fi number reported as **"torso-PCK"** (tighter).
- **61.1%** — GraphPose-Fi (arXiv 2511.19105), **standard torso-diameter** PCK on the MM-Fi random split (the academic frontier).
-
-The project has been burned by this twice: a previously-published 92.9% was
-retracted because it used **absolute-pixel** normalization, not torso. Until
-there is *one canonical, documented, tested* PCK definition — and every reported
-number carries the definition it was computed under — no accuracy comparison is
-credible, and the "prove everything" bar cannot be met for the benchmark half of
-the work.
-
-This is measurement infrastructure, not an accuracy claim. The deliverable's job
-is to make the metric **unambiguous and reproducible**, so future numbers are
-comparable and an unlabeled PCK is structurally impossible.
-
-## Decision
-
-Add a metric-locked accuracy harness as a new module
-`v2/crates/wifi-densepose-train/src/accuracy.rs` (404 non-test lines; inline
-deterministic tests bring the file to 708), re-exported at the crate root. It
-**extends, not duplicates** — it reuses `metrics_core`'s geometric primitives
-(`bounding_box_diagonal`, canonical hip indices `CANON_LEFT_HIP/RIGHT_HIP`), so
-there remains exactly one implementation of each geometric reference; the
-existing ADR-155 `pck_canonical` (torso-only) is unchanged and this generalizes
-it.
-
-### Public API
-
- `enum PckNormalization { TorsoDiameter, BoundingBoxDiagonal, AbsolutePixels(f32) }`
-  — the three conventions the three historical numbers used, now **explicit and
-  selectable**. `.label()` / `.tolerance(...)`.
- `pck_at(pred, gt, vis, k, norm) -> (correct, total, pck)` — PCK@k =
-  fraction of *visible* keypoints whose predicted-vs-GT distance ≤ the tolerance,
-  where tolerance = `k%` of the chosen normalizer (or an absolute threshold for
-  `AbsolutePixels`).
- `mpjpe(pred, gt, vis) -> f32` — mean per-joint position error (2D/3D, coordinate
-  units; mm for mm inputs). Re-exported crate-root as `pck_mpjpe` to avoid
-  colliding with the existing `eval::mpjpe`.
- `struct PoseAccuracy { pck_at: BTreeMap<u8,f32>, mpjpe, normalization, n_keypoints, n_frames }`
-  — **a reported number always carries its `normalization`**; an unlabeled PCK is
-  structurally impossible to produce through this surface.
- `struct PoseFrame { pred, gt, visibility }` + `accuracy_report(frames, ks, norm) -> PoseAccuracy`
-  (micro-averaged over keypoints).
-
-### Correctness is proven by hand-computed deterministic tests (no GPU, no data)
-
-The tests construct synthetic keypoint sets whose PCK/MPJPE can be computed by
-hand, and assert the harness matches. Highlights (all pass):
-
-| Test | Construction | Expected |
-|------|--------------|----------|
-| perfect_prediction | pred==gt | PCK=1.0 (all 3 norms), MPJPE=0 |
-| all_just_outside | every error just past τ@20 | PCK=0.0 |
-| half_in_half_out | 2 exact, 2 just outside | PCK=0.5 |
-| **three_normalizations (KEY PROOF)** | identical pred; nose err .06, shoulder .10, hips exact | torso=**0.50**, bbox=**1.00**, abs(.08)=**0.75** |
-| mpjpe_2d / mpjpe_3d | (3,4)→5 / (1,2,2)→3 | 2.5 / 3.0 |
-| mpjpe_excludes_invisible | invisible joint err 100 ignored | 5.0 |
-| zero_torso_unscoreable | coincident hips | `(0,0,0.0)`, **not** false-perfect |
-| no_visible_keypoints | vis=∅ | `(0,0,0.0)` |
-| nan_coords | one NaN pred coord | counted wrong, **no panic** |
-| empty report | no frames | 0.0, **not** NaN |
-| bbox≥torso ordering | same frames | bbox-PCK ≥ torso-PCK |
-
-### The key proof (the ambiguity is real and quantified)
-
-Identical predictions, three declared normalizations → **0.50 / 1.00 / 0.75**.
-Mechanism: the bbox diagonal `√(0.20² + 0.80²) = 0.825` is ~4× the hip-span torso
-`0.20`, so τ@20 is 0.165 (bbox) vs 0.040 (torso) — the looser image-normalized
-convention passes joints the strict torso convention rejects. This is *exactly*
-why 96% / 81.6% / 61% cannot be lined up without declaring the enum, demonstrated
-in-code.
-
-## Validation
-
- `cargo test -p wifi-densepose-train --no-default-features` → lib **191 → 206**
-  (+15), `test_metrics` **12 → 14** (+2), doc-tests 8 — **0 failed**.
- `cargo test --workspace --no-default-features` → **exit 0**, 0 failed.
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash
-  `f8e76f21a0f9852b70b6d9dd5318239f6b20cbcb4cdd995863263cecdc446f7a` **unchanged**
-  (off the signal proof path — confirms no pipeline alteration).
-
-## Consequences
-
-### Positive
- The three historical PCK numbers can now be **recomputed under one declared
-  definition** and compared honestly. The retracted-number class of error
-  (silent normalization mismatch) is structurally prevented going forward.
- Establishes the measurement substrate for the beyond-SOTA target: GraphPose-Fi
-  cross-environment **PCK@20 = 12.9%** (standard torso PCK) is now a number this
-  harness can produce comparably.
-
-### Negative
- None functional. The harness is additive; no existing metric path changed.
-
-### Neutral
- Producing actual model numbers under this harness requires the trained models +
-  datasets (MM-Fi) and, for cross-domain splits, is the next sub-deliverable of
-  the benchmark/optimization milestone — out of scope here (this ADR is the
-  *instrument*, not the *reading*).
-
-## Links
- ADR-155 — metric core (`pck_canonical`, torso-only) — generalized here
- ADR-152 — WiFi-Pose SOTA 2026 intake / WiFlow-STD benchmark
- `docs/research/sota-nn-train-benchmark-brief.md` — the motivating gap analysis
- GraphPose-Fi — arXiv 2511.19105 (verified cross-env PCK@20 = 12.9% anchor)
@@ -1,110 +0,0 @@
-# ADR-174: CI Bench-Regression Gate (Compile-Verify)
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — implemented, caught one real bit-rotted bench |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **BENCH-GATE** |
-| **Milestone** | benchmark/optimization re-balance — sub-deliverable 8.3 |
-| **Motivated by** | `docs/research/sota-nn-train-benchmark-brief.md` (target 3: criterion benches as CI regression baselines) |
-
-## Context
-
-The v2/ workspace ships **26 criterion benches across 18 crates** (e.g.
-`nvsim/pipeline_throughput`, `wifi-densepose-ruvector/{ann,sketch,fusion}_bench`,
-`wifi-densepose-signal/{signal,dsp_perf,features,calibration,cir,…}_bench`,
-`wifi-densepose-mat/detection_bench`, `wifi-densepose-nn/{inference,native_conv}_bench`,
-`wifi-densepose-engine/engine_cycle`, …). Because **benches are not part of
-`cargo test`**, nothing in CI compiled them — so they bit-rot silently the moment
-a public API they call changes, and the rot is invisible until someone manually
-runs `cargo bench` months later.
-
-The SOTA brief named "wire existing criterion benches into CI as regression
-baselines" as a concrete benchmark-hygiene target. The honest difficulty: true
-*timing*-regression gating on shared GitHub runners is unreliable — wall-clock
-varies 2–3× run-to-run (a captured 10-sample run showed `float_l2/512` ranging
-307–444 ns), so a hard threshold or a cross-runner `criterion --baseline` compare
-(baseline and PR land on different physical machines) would manufacture false
-regressions. A gate that cries wolf gets disabled.
-
-## Decision
-
-Add `.github/workflows/bench-regression.yml` with **two jobs of explicitly
-different authority** — and do NOT pretend to gate on timing.
-
-### `bench-compile` — HARD GATE (real regression detection)
-`cargo bench --workspace --no-default-features --no-run` compiles + links every
-default-feature bench (no measurement → fully deterministic), plus a
-`--features cir` compile of the gated `cir_bench`. Benches aren't in `cargo test`,
-so this is the genuine guard: **the build fails the moment a bench stops
-compiling.**
-
-### `bench-fast-run` — INFORMATIONAL (`continue-on-error: true`, never gates)
-Runs a curated pure-CPU subset (`nvsim/pipeline_throughput`,
-`ruvector/{sketch,fusion}_bench`) in criterion quick-mode (1 s warm-up / 2 s
-measure / 10 samples), targeted per-`--bench`, and uploads logs as an artifact.
-Every number it produces is **informational only** — explicitly stated in the
-workflow header.
-
-### What is NOT done, and why (honest scope)
-No timing-regression gate, no committed baseline JSON. The workflow header
-documents the exact condition under which true timing-gating becomes honest: a
-frequency-pinned **self-hosted** runner with a generous (>2×) floor. A
-cross-runner baseline would be dishonest, so none is committed.
-
-### Proof it matters (MEASURED)
-Running the new gate on the current tree immediately caught
-`wifi-densepose-mat/detection_bench` failing to compile:
-`error[E0063]: missing field last_rssi in initializer of SensorPosition` — the
-struct gained a field; the bench was never updated. **Fixed** in the same change
-(`last_rssi: None`, the simulated-zone convention) and re-verified
-(`cargo bench -p wifi-densepose-mat --no-default-features --bench detection_bench --no-run`
-→ `Finished`). The gate paid for itself on its first run.
-
-### Exclusions (documented in-workflow)
- `ruvector/crv_bench` — its crates.io dep `ruvector-crv 0.1.1` fails to build on
-  stable (upstream `E0308` in `stage_iii.rs`); excluded with a re-add condition.
- `onnx_bench` / `mqtt_throughput` — feature-gated (ort / mqtt), left to their
-  crates' own workflows. `wasm-edge/process_frame_bench` — workspace-excluded.
-
-Conventions mirror existing workflows: `submodules: recursive` (the workspace
-path-deps `vendor/rufield`), Swatinem/rust-cache `workspaces: v2`, Tauri/GTK apt
-deps (a `--workspace` bench link pulls the whole graph), path-filtered triggers.
-
-## Validation
-
- **Bit-rot caught + fixed** (above), re-verified `--no-run`.
- **MEASURED locally** (`--no-default-features`, Windows): nvsim, ruvector
-  (sketch/fusion/ann), signal/cir_bench, mat/detection_bench (post-fix),
-  vitals, ruview-swarm/swarm_bench all compile; fast subset runs (`nvsim
-  pipeline_run/d1/256` ≈ 55 µs; `ruvector sketch_hamming` ≈ 3–7 ns vs `float_l2`
-  ≈ 63–371 ns).
- `cargo test -p wifi-densepose-mat --no-default-features` → 166/6/2 passed, 0 failed.
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash
-  `f8e76f21…46f7a` unchanged.
- **Honest limitation:** the full `--workspace --no-run` could not be
-  end-to-end validated on this Windows box (`desktop` needs GTK, `candle-core`
-  fails on MSVC, `swarm_bench` LTO-links OOM under parallel pressure — all
-  Windows-env artifacts; each affected bench compiles standalone here). **The
-  first green Linux CI run on the PR is the authoritative proof of the
-  `--workspace` step.**
-
-## Consequences
-
-### Positive
- Bench bit-rot is now a hard CI failure, not a silent surprise — the 26 benches
-  stay compilable as the APIs they exercise evolve.
- The benchmark-infrastructure half of the DoD (step 5) is satisfied honestly,
-  setting up the next sub-deliverable (QAT-int8 measurement) to be
-  regression-protected.
-
-### Negative / Neutral
- No automated timing-regression detection (deliberate — see scope). Revisit only
-  with a frequency-pinned self-hosted runner.
- One bench (`crv_bench`) excluded pending an upstream dep fix.
-
-## Links
- ADR-173 — metric-locked accuracy harness (sub-deliverable 8.1)
- `docs/research/sota-nn-train-benchmark-brief.md` — motivating target
- ADR-134 (CIR), ADR-135 (calibration), ADR-154 (signal DSP benches) — benched paths
@@ -1,172 +0,0 @@
-# ADR-175: int8 Quantization of the WiFlow-STD "half" Pose Model — MEASURED accuracy/size trade-off
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — MEASURED, reproducible (honest negative) |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **EDGE-INT8** |
-| **Sub-deliverable** | 8.2 of the benchmark/optimization milestone |
-| **Metric lock** | ADR-173 (one declared PCK normalization for every reported number) |
-| **Motivated by** | `docs/research/sota-nn-train-benchmark-brief.md` (§edge int8) |
-
-## Context
-
-The SOTA brief characterized the int8 edge story for the WiFlow-STD pose net as
-"fully characterized" for PTQ on the **published 2.23M** model (static QDQ
-conv-only = the sweet spot; dynamic int8 ≈ no-op on this all-conv net), and named
-**QAT-int8 on the strictly-dominating 843,834-param "half" model** as "the one
-untested edge lever." This ADR is the reading of that lever — a MEASURED
-fp32-vs-int8 trade-off for the half model, not a claim.
-
-The half model (`half_best.pth`, 843,834 params) is the efficiency-sweep winner
-from ADR-152 (`run_sweep.py` VARIANTS[0]: `tcn=[270,220,170,120]`,
-`conv=[4,8,16,32]`, `attn_groups=4`). Its fp32 accuracy was recorded in the sweep;
-this ADR re-measures it under the locked normalization and quantizes it.
-
-**The whole point of this deliverable is reproducibility.** Every number below was
-produced by running `v2/crates/wifi-densepose-train/scripts/quantize_half_int8.py`
-on host `ruvultra` (RTX 5080, torch 2.11.0+cu128) against the real checkpoint and
-the real seed-42 test split. The script + the exact command + the recorded stdout
-**is** the proof artifact. Nothing here is estimated.
-
-## Decision
-
-Quantize the half model to int8 with **both** levers and report both honestly:
-
-1. **QAT (primary target)** — FX graph-mode quantization-aware training, fbgemm
-   backend, 3 epochs of fake-quant fine-tuning from `half_best.pth` (AdamW lr 2e-5,
-   the existing `PoseLoss`), then `convert_fx` to a true int8 graph.
-2. **PTQ static QDQ (the brief's "sweet spot", measured as the honest fallback)** —
-   FX graph-mode static PTQ, fbgemm, calibrated on 64 train batches.
-
-### Locked normalization (ADR-173)
-
-**Torso-diameter PCK** — neck (keypoint idx 2) → pelvis (idx 12) distance — the
-standard MM-Fi/GraphPose-Fi convention. This is exactly the default
-`use_torso_norm=True` path of the upstream harness's `utils/metrics.calculate_pck`.
-The **same** `calculate_pck`/`calculate_mpjpe` that produced the sweep's fp32
-numbers scores **both** fp32 and int8 here, so the comparison is metric-locked: no
-normalization is mixed, and the fp32 baseline reproduces the sweep's recorded
-`half` test numbers bit-for-bit (PCK@20 clean = 96.62%), confirming the harness is
-the same one.
-
-### Device note (why int8 is CPU)
-
-PyTorch int8 quantized kernels execute on CPU (fbgemm/x86), not CUDA. So int8 eval
-is CPU. To keep the accuracy delta device-matched (not confounding int8-vs-fp32
-with CPU-vs-GPU), the script measures an **fp32-CPU** baseline too. fp32-CPU and
-fp32-GPU agree to 4 decimals (PCK@20 clean 0.96623 vs 0.96623), so CPU/GPU
-introduces no drift — the int8 deltas below are pure quantization effect.
-
-## MEASURED results (clean test subset = 52,560 NaN-free windows; torso-PCK)
-
-Source: stdout of the run below + `~/wiflow-std-bench/sweep/int8/int8_results.json`.
-
-| model | quant | size (MB) | PCK@20 | PCK@50 | MPJPE | Δ PCK@20 | Δ PCK@50 | size win |
-|-------|-------|-----------|--------|--------|-------|----------|----------|----------|
-| **fp32** (cpu) | — | **3.351** | **96.62%** | **99.47%** | **0.008981** | — | — | 1.00× |
-| int8 PTQ static | PTQ | 1.046 | 40.98% | 94.98% | 0.038262 | **−55.64 pp** | −4.49 pp | 3.20× smaller |
-| int8 QAT (3 ep) | **QAT** | 1.043 | 67.48% | 98.69% | 0.026548 | **−29.15 pp** | −0.78 pp | 3.21× smaller |
-
-Full-test-set (54,000 windows incl. NaN-zero-filled files 487–499) tracks the
-clean subset: fp32 96.10% / int8-PTQ 41.11% / int8-QAT 67.48% PCK@20 — same shape,
-recorded in the JSON.
-
-### Verdict
-
-**int8 is NOT a win for this model at the tight PCK@20 edge target — honest no.**
-
- **PTQ static collapses** (−55.64 pp PCK@20). Naive static QDQ destroys the half
-  model. The "sweet spot" characterization from the brief does not transfer from
-  the 2.23M model to this 843k model at the strict torso-PCK@20 threshold.
- **QAT recovers a large share of the relative gap** (PTQ 40.98% → QAT 67.48%) but
-  still **loses 29.15 pp** at PCK@20 for a 3.21× size reduction. At the loose
-  PCK@50 threshold QAT is nearly lossless (−0.78 pp), i.e. coarse-localization
-  survives int8 but fine-localization does not.
- The size win is real and consistent (3.2× smaller, 3.351 MB → ~1.04 MB), but
-  **3.2× compression at −29 pp PCK@20 is a bad trade** when the half model already
-  fits comfortably in edge flash at fp32. Recommendation: **keep fp32 (or fp16)
-  for the half model on the edge**; do not ship this int8 variant as-is.
-
-### Observed fake-quant → int8 conversion gap (disclosed, not hidden)
-
-During QAT the **fake-quant** model's val PCK@20 reached 83.45% (epoch 3), but the
-**converted int8** model scores 67.48% on test. A ~16 pp drop on `convert_fx` is a
-real effect — the fbgemm int8 kernels are not bit-identical to the fake-quant
-simulation (per-tensor activation quant + the axial-attention `einsum`/softmax path
-quantize worse than the straight-through estimate predicts). This gap is the honest
-reason QAT did not close the loss, and it is exactly the kind of number that would
-be invisible if one only reported the fake-quant proxy. We report the **converted
-int8** number as the deliverable, not the fake-quant proxy.
-
-## Reproduction
-
-```bash
-ssh ruvultra 'cd ~/wiflow-std-bench && source venv/bin/activate && \
-  python ~/quantize_half_int8.py --mode both --qat-epochs 3 2>&1'
-```
-
- Script (committed): `v2/crates/wifi-densepose-train/scripts/quantize_half_int8.py`
-  (scp'd to `~/quantize_half_int8.py` on ruvultra for the run).
- Inputs (on ruvultra, unmodified): `~/wiflow-std-bench/sweep/half_best.pth`,
-  `~/wiflow-std-bench/preprocessed_csi_data/` (seed-42 file-level 70/15/15 split),
-  upstream `models`/`dataset`/`utils/metrics`/`losses` (DY2434/WiFlow @ 06899d29,
-  Apache-2.0), and `sweep/model_compact.py` (the half-model definition).
- Outputs (written, non-destructive): `~/wiflow-std-bench/sweep/int8/` —
-  `half_int8_qat.pth`, `half_int8_ptq_static.pth`, `int8_results.json`,
-  `int8_run.log`. **No existing file under `~/wiflow-std-bench` was modified.**
- Run metadata: host `ruvultra`, GPU RTX 5080, torch `2.11.0+cu128`, fbgemm engine,
-  `date_utc 2026-06-15T12:35:06Z`, QAT ≈ 97 s/epoch.
-
-## What is MEASURED vs CLAIMED
-
- **MEASURED:** every PCK/MPJPE/size number in the table; the fp32 baseline (which
-  reproduces the recorded sweep `half` numbers); the PTQ collapse; the QAT partial
-  recovery; the fake-quant→int8 conversion gap; the 3.2× size reduction.
- **CLAIMED / not done here:** ONNX/TFLite export; on-real-edge (ESP32/Pi/Hailo)
-  latency or energy (int8 here is measured on x86 fbgemm, the dev box, **not** an
-  edge SoC — the size number transfers, a latency number does **not**); a
-  per-layer mixed-precision search that might keep the attention block in fp32; QAT
-  beyond 3 epochs or with learned-quant-range schedules. Those are the obvious next
-  levers if int8 is revisited; none is asserted as a result.
-
-## Honest scope / limitations
-
- **Single eval split** — one seed-42 file-level test partition; no cross-room /
-  cross-environment generalization split (the GraphPose-Fi frontier from ADR-173 is
-  a separate, harder split and is not what is measured here).
- **In-domain only** — these are in-distribution test numbers; they say nothing
-  about the cross-environment robustness gap.
- **x86 int8, not edge-SoC int8** — accuracy and size transfer to an edge int8
-  runtime; the runtime/latency does not (different kernels, different SoC). No
-  latency claim is made.
- **QAT lightly tuned** — 3 epochs, single LR, default fbgemm qconfig. A longer /
-  better-tuned QAT might narrow the −29 pp, but on the evidence here int8 does not
-  reach fp32 at PCK@20, and that is the reportable result today.
-
-## Consequences
-
-### Positive
- The "one untested edge lever" (QAT-int8 on the half model) is now MEASURED. The
-  edge int8 question for the half model is answered with reproducible numbers: at
-  the strict PCK@20 target it loses, and we can say so with a committed script.
- Establishes a reusable, metric-locked quantization+eval harness
-  (`quantize_half_int8.py`) for any future int8 attempt on these compact variants.
-
-### Negative
- None to the codebase (additive script + ADR + CHANGELOG only; no production Rust
-  or signal-pipeline change; Python deterministic proof hash
-  `f8e76f21a0f9852b70b6d9dd5318239f6b20cbcb4cdd995863263cecdc446f7a` unchanged).
-
-### Neutral
- The negative verdict means the half model stays fp32/fp16 on the edge for now.
-  int8 for these compact pose nets is parked pending the next-lever work above.
-
-## Links
- ADR-173 — metric-locked PCK/MPJPE harness (the locked normalization used here)
- ADR-152 — WiFi-Pose SOTA 2026 intake / WiFlow-STD benchmark / efficiency sweep
-  (produced `half_best.pth`)
- `docs/research/sota-nn-train-benchmark-brief.md` — §edge int8 (the "one untested
-  lever" this ADR measures)
- Script: `v2/crates/wifi-densepose-train/scripts/quantize_half_int8.py`
@@ -1,103 +0,0 @@
-# ADR-176: `ruview-swarm` NaN-Fail-Open Safety Review
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — 4 real safety bugs fixed + pinned; 2 issues documented for follow-up |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **SWARM-FAILCLOSED** |
-| **Reviews** | ADR-148 (`ruview-swarm` drone swarm control plane) |
-| **Milestone** | #9 (ungated-crate security sweep) — crate 1 of 4 |
-
-## Context
-
-`ruview-swarm` (ADR-148) is the drone swarm control plane — hierarchical-mesh
-topology, Raft consensus, MARL, CSI sensing payload, MAVLink/PX4 command
-dispatch. It is the highest-stakes of the four never-reviewed v2 crates: a defect
-here can produce an **unsafe physical drone command**. It had no prior security
-ADR.
-
-### Trust-boundary map
-Untrusted input enters via `SwarmOrchestrator::receive_peer_state` /
-`receive_peer_detection`, which accept full `DroneState` / `CsiDetection` serde
-structs with **f64/f32 fields and no finite-check**, and via
-`SwarmConfig`/`FhssConfig`/`Geofence` deserialization. The MAVLink wire formats in
-`mavlink_messages.rs` are **integer-encoded** (i32 mm / u8) and provably cannot
-carry NaN — so the NaN class is reachable through the **serde struct path, not the
-MAVLink decode path**. Commands flow out to a `FlightController` (PX4/ArduPilot).
-
-The unifying bug class found: **IEEE-754 NaN/Inf silently defeating a safety
-comparison** (`NaN < threshold` evaluates to `false`), causing safety logic to
-**fail OPEN**. This is distinct from — but rhymes with — the NaN-state-poisoning
-class found earlier in calibration/vitals/geo (there, NaN latched into persistent
-state; here, NaN slips through a one-shot guard). Both are "non-finite input
-defeats logic," and the fix discipline is the same: **reject non-finite at the
-trust boundary, fail CLOSED.**
-
-## Decision
-
-Fix the four reachable fail-open bugs by making each safety predicate
-non-finite-aware and fail-closed, each pinned by a fails-on-old test. Document
-two further genuine issues that need larger, riskier changes rather than churning
-them in a security pass.
-
-### Findings fixed (all MEASURED fails-on-old)
-
-| # | Severity | File:line | Issue | Fix | Pin (old behavior) |
-|---|----------|-----------|-------|-----|--------------------|
-| F1a | **HIGH** | `failsafe/mod.rs:51` | `nearest_neighbor_dist < collision_dist_m` fails open on a NaN peer position → **collision avoidance silently disabled** | `!is_finite() ||` → `EmergencyDiverge` | `test_nan_neighbor_distance_fails_closed_to_diverge` (old → `Nominal`) |
-| F1b | **HIGH** | `failsafe/mod.rs:75` | NaN `battery_pct` bypasses every battery check → drone stays Nominal on unknown battery | `!is_finite() ||` → `ReturnToHome` | `test_nan_battery_fails_closed_to_rth` (old → `Nominal`) |
-| F2 | **MEDIUM** | `security/geofence.rs:33` | NaN `z` altitude skips the altitude-breach check and point-in-polygon returns `Safe` → silent geofence bypass | leading non-finite coord → `HardBreach` | `test_nan_altitude_fails_closed` (old → `Safe`) |
-| F3 | **MEDIUM/DoS** | `security/antijamming.rs:65,71,102` | empty deserialized `channels_mhz` → `% 0` **panic** in `next_hop`/`current_channel_mhz`/`evasive_hop`/`tick`, crashing the radio task | `len == 0` early-return (`0.0` sentinel) | `test_empty_channels_does_not_panic` (old → panic `divisor of zero`) |
-| F4 | **LOW** | `sensing/multiview.rs:70` | NaN `victim_position` passes the `is_some()` filter and propagates into the fused "confirmed victim" location dispatched to the swarm | require finite confidence + position (drop) | `test_nan_victim_position_dropped_from_fusion` (old → non-finite fused position) |
-
-### Dimensions confirmed clean (with evidence)
- **MAVLink decode panic-safety** — `SwarmNodeState::decode(&[u8;20])` `try_into().unwrap()`s are over fixed const ranges of a fixed-size array → provably infallible; no arbitrary-length `&[u8]` decode path exists.
- **UWB/GPS anti-spoofing NaN-safe** — `(gps_dist - uwb_dist).abs() <= tol` already fails CLOSED on a NaN range (counts as inconsistent → spoof rejected); covered by `test_spoofed_gps_invalid`.
- **Bounded grid / no allocate-from-length-field** — `ProbabilityGrid` bounds-checks `cx/cy`; `pos_to_cell` uses saturating `as u32` (no UB).
- **Mesh `nearest_k` NaN-safe sort** — `partial_cmp(..).unwrap_or(Equal)` cannot panic on NaN.
- **No hardcoded secrets** — `MavlinkSigner` key is constructor-injected `[u8;32]`; grep-confirmed nothing embedded.
-
-### Documented, not fixed (genuine — deferred to avoid churn/regression risk)
-
-1. **Raft `AppendEntries` lacks the Log-Matching consistency check**
-   (`topology/raft.rs:187`). A follower appends a leader's entries when
-   `term >= current_term` **without validating `prev_log_index`/`prev_log_term`**,
-   so a malformed/byzantine leader can corrupt a follower's log — a genuine
-   consensus-safety gap. A correct fix reworks the log-append plus the
-   caller-side vote-tally contract (the existing `handle_message` delegates
-   tallying to the caller) — a larger change with test-rewrite risk, so it is
-   recorded here rather than rushed in a security pass.
-2. **`MavlinkSigner::verify` uses a non-constant-time tag `==` and has no
-   replay/timestamp-window rejection** (`security/mavlink_signing.rs:64`). The
-   module doc already flags the replay limitation as a demo/test simplification.
-   Hardening (constant-time compare + monotonic timestamp window) is a focused
-   follow-up.
-
-These two are the recommended scope of the next `ruview-swarm` hardening pass.
-
-## Validation
-
- `cargo test -p ruview-swarm --no-default-features` → **117 → 123** passed, 0 failed (+6 pins).
- All 6 new tests MEASURED fails-on-old (2× `Nominal`, `Safe`, panic `divisor of zero`, non-finite fused position); pass on the fix.
- `cargo test --workspace --no-default-features` → **exit 0**, 0 failed.
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash
-  `f8e76f21…46f7a` unchanged (ruview-swarm off the signal proof path).
-
-## Consequences
-
-### Positive
- Four reachable fail-open paths in a *physical-safety* control plane (collision
-  avoidance, battery RTH, geofence, anti-jamming radio task) now fail CLOSED on
-  hostile/degenerate input, each regression-pinned.
- Extends the "non-finite input defeats logic" defense from the state-poisoning
-  variant (calibration/vitals/geo) to the fail-open-comparison variant.
-
-### Negative / Neutral
- Two genuine issues (Raft log-matching, MAVLink signer) remain open by choice —
-  see Documented-not-fixed; they define the next hardening pass.
-
-## Links
- ADR-148 — `ruview-swarm` drone swarm control system
- ADR-172 — core/cli review (where the NaN bug-class root question was settled NO)
- ADR-127 — homecore review (sibling NaN/concurrency hardening)
@@ -1,92 +0,0 @@
-# ADR-177: `nvsim` Degenerate-Input Hardening (NV-Diamond Simulator)
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — 2 real MEDIUM bugs fixed + pinned; determinism preserved |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **NVSIM-FAILCLOSED** |
-| **Reviews** | ADR-089 (`nvsim` NV-diamond magnetometer pipeline simulator) |
-| **Milestone** | #9 (ungated-crate security sweep) — crate 2 of 4 |
-
-## Context
-
-`nvsim` (ADR-089) is a standalone, **WASM-ready** deterministic NV-diamond
-magnetometer pipeline simulator — a forward-only leaf:
-`scene → source → propagation → NV ensemble → digitiser → MagFrame + SHA-256
-witness`. It has no network surface, so the real attack surface is **degenerate
-physical-parameter input** crossing the external boundary — specifically the
-WASM `config_json` / `scene_json` entry points.
-
-Two properties matter for this crate that don't for others: it is billed
-**deterministic** (a published cross-machine witness must reproduce bit-exactly),
-and under `panic=abort` WASM any panic **aborts the whole module**. So a
-config-induced panic is a denial-of-service, and a silent numeric corruption
-defeats the simulator's entire purpose.
-
-## Decision
-
-Fix the two reachable degenerate-input bugs at their funnel points, each pinned
-by a fails-on-old test, **without perturbing the deterministic happy path** (the
-guards fire only on non-finite / degenerate input; the published witness is
-unchanged).
-
-### Findings fixed (both MEASURED-reproduced)
-
-| # | Severity | Location | Issue | Fix |
-|---|----------|----------|-------|-----|
-| NVSIM-DT-01 | MEDIUM (DoS) | `pipeline.rs:58,95` | `dt = config.dt_s.unwrap_or(1.0 / f_s_hz)`; an external `f_s_hz == 0.0` → `dt = +Inf` → `(dt*1e6) as u64` saturates to `u64::MAX` → `(sample as u64) * dt_us` **panics `attempt to multiply with overflow`** at `sample ≥ 2` (debug/WASM-abort; garbage `t_us` in release). MEASURED: panic at `pipeline.rs:95:30`. | Sanitise `dt` (non-finite/non-positive → 1 µs fallback), cap the `u64` cast at `u64::MAX`, `saturating_mul` the timestamp — no config can overflow it. |
-| NVSIM-NAN-01 | MEDIUM (silent corruption) | funnel `digitiser.rs::adc_quantise` (root: near-field clamp bypass in `source.rs`) | A non-finite scene param (NaN/Inf dipole position, Inf moment, NaN loop radius) **bypasses the near-field clamp** (`NaN < R_MIN_M == false` → the `1/r³` path runs → NaN field), and at the ADC `NaN as i32 == 0` (Rust saturating cast) emits a frame `b_pt=[0,0,0]` with **`ADC_SATURATED` CLEAR** — indistinguishable from a legitimate zero-field reading. MEASURED: `b=[NaN,NaN,NaN] sat=false` → `b_pt=[0,0,0] flags=0b0000`. | `adc_quantise`: any non-finite input → code `0` **with the saturation flag raised**; the pipeline's existing `adc_sat` OR-reduction propagates `ADC_SATURATED` onto the frame, making the corruption visible downstream. |
-
-This is the same **NaN-fail-open / NaN-poisoning** family seen across
-calibration/vitals/geo and ruview-swarm — non-finite input defeating a guard —
-but bounded here to a single frame (no cross-timestep accumulator).
-
-### Dimensions confirmed clean (with evidence)
-
-1. **Determinism integrity — clean.** One RNG only: `ChaCha20Rng::seed_from_u64(seed)`,
-   fully caller-seeded (grep: one `seed_from_u64`, **zero** `thread_rng`/`getrandom`/
-   `SystemTime`/`Instant`/`HashMap`); `Cargo.toml` pins `rand`/`rand_chacha`
-   `default-features=false` (no OS entropy). Box–Muller draws
-   `gen_range(f64::EPSILON..=1.0)` (avoids `ln(0)=-Inf` by construction). Frame
-   bytes fixed LE; source summation order fixed by `Vec` order. **The published
-   cross-machine witness `cc8de9b0…93b4` (`proof_witness_publishes_a_known_value`)
-   passes UNCHANGED after both fixes** — the happy path is byte-identical; guards
-   touch only degenerate inputs. *Attested caveat (not a finding): libm
-   `cos`/`ln`/`sqrt` could differ x86↔wasm; the witness is documented as
-   x86_64-captured.*
-2. **Panic-free deserialisation — clean.** `MagFrame::from_bytes` validates
-   len/magic/version, then per-field `buf[a..b].try_into().expect(...)` are over
-   fixed sub-ranges of an already-length-checked 60-byte buffer (provably
-   infallible). No `unsafe`, no `panic!`/`unreachable!` in production; every other
-   `unwrap`/`expect` is `#[cfg(test)]`.
-3. **Div-by-zero / numerical landmines — clean.** `dipole_field`/`current_loop_field`
-   clamp `r_norm < R_MIN_M` before `1/r³`,`1/r²` (finite inputs); `shot_noise_floor`
-   guards `denom <= 0`; `vec3_normalise` guards `n < 1e-20`. The only hole was the
-   NaN *bypass* of the clamp — closed at the ADC funnel (NVSIM-NAN-01).
-
-## Validation
-
- `cargo test -p nvsim --no-default-features` → **50 → 53** passed, 0 failed (+3 pins:
-  `degenerate_zero_sample_rate_does_not_panic`,
-  `non_finite_scene_input_flags_frame_instead_of_silently_zeroing`,
-  `adc_quantise_flags_non_finite_as_saturated`).
- `cargo test --workspace --no-default-features` → **exit 0**, 0 failed.
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash
-  `f8e76f21…46f7a` unchanged (nvsim off the signal proof path).
- nvsim's own cross-machine witness `cc8de9b0…93b4` reproduces unchanged.
-
-## Consequences
-
-### Positive
- A config-induced WASM-abort DoS and a silent NaN→fake-zero-field corruption are
-  closed at their funnel points, each regression-pinned, with the deterministic
-  witness proven intact.
-
-### Negative / Neutral
- None. Guards affect only degenerate inputs; happy-path output is byte-identical.
-
-## Links
- ADR-089 — `nvsim` NV-diamond magnetometer simulator
- ADR-176 — `ruview-swarm` (sibling NaN-fail-open review)
- ADR-172 — core/cli (where the NaN-bug-class root was settled NO)
@@ -1,87 +0,0 @@
-# ADR-178: `wifi-densepose-desktop` IPC Injection Fix + Capability Least-Privilege
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — 2 real MODERATE bugs fixed + pinned (MEASURED on Windows) |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **DESK-LOCKDOWN** |
-| **Reviews** | `wifi-densepose-desktop` (Tauri v2 desktop app) |
-| **Milestone** | #9 (ungated-crate security sweep) — crate 3 of 4 |
-
-## Context
-
-`wifi-densepose-desktop` is the Tauri v2 desktop app (ESP32 discovery, firmware
-flashing, OTA, provisioning, server control). The real attack surface is the
-**Tauri IPC boundary** — `#[tauri::command]` handlers that take arguments from the
-webview/JS — and the **capability/allowlist scope**. The crate **builds and tests
-on Windows** (Tauri 2.10.3, webview2 path, no GTK), so both findings are MEASURED,
-not source-analysis-only.
-
-## Decision
-
-Fix the two real findings; attest the rest of the surface clean with evidence.
-
-### Findings fixed (both MEASURED)
-
-| # | Severity | Location | Issue | Fix |
-|---|----------|----------|-------|-----|
-| WDP-DESK-01 | MODERATE | `src/commands/discovery.rs:438` (`configure_esp32_wifi`) | Webview-supplied `ssid`/`password` are concatenated into newline-terminated serial commands (`wifi_config {} {}\r\n`, `set ssid {}\r\n`) with **no validation** → a `\r\n` in either field **injects an arbitrary follow-up firmware command** (`reboot`, `erase_nvs`) across the IPC trust boundary. | `validate_wifi_credentials()` — WPA2 length bounds (SSID 1–32, password 8–63) **+ reject all control chars** (`char::is_control()`), called fail-closed before any serial write. |
-| WDP-DESK-02 | MODERATE | `capabilities/default.json:7-8` | `shell:allow-execute` + `shell:allow-open` granted to the webview but **unused** (Rust spawns via `std::process::Command`; the UI uses only `dialog.open`). A webview compromise (a UI-dependency XSS) → arbitrary **unscoped host command execution**. | Removed both `shell:` permissions (kept `core:default` + the two in-use `dialog:` perms); regenerated `gen/schemas/capabilities.json` now asserts `["core:default","dialog:allow-open","dialog:allow-save"]`. |
-
-Both are MODERATE (not HIGH): each requires a webview compromise or a malicious
-local caller to weaponize. The unifying lesson is **least privilege at the IPC
-boundary** — validate every webview-supplied argument that reaches a serial/FS/
-process sink, and grant only the capabilities actually exercised.
-
-### Tauri-command + capability audit (every handler)
-
-All 30+ command handlers were mapped. Only `configure_esp32_wifi` lacked input
-validation on a string that reached a command sink (WDP-DESK-01). Every
-subprocess uses `Command::new(prog).args([...])` (argv vector — no shell-string
-interpolation), so `port`/`source`/`chip`/`baud` cannot inject a second command
-even unvalidated. `tauri.conf.json` ships **no** `fs`/`http` plugin and **no**
-`"all":true`/`"$HOME/**"` scope; after WDP-DESK-02 the allowlist is minimal.
-
-### Dimensions confirmed clean (with evidence)
-
-1. **Directory traversal / arbitrary file** — path args (`firmware_path`/`wasm_path`)
-   are blobs the local user selects via the native `dialog.open` picker; settings
-   I/O is a fixed filename under `app_data_dir`. No attacker-named path sink.
-2. **Shell-string injection** — every subprocess is an argv vector; grep found no
-   shell-string interpolation anywhere.
-3. **SSRF-to-secret** — `node_ip`-built URLs target the local ESP32 mesh and return
-   only device status JSON; no credential returned to the webview.
-4. **Panic-on-input** — handlers use `.map_err(|e| e.to_string())?`; the one
-   `expect` is guarded by an `is_none()` early-return; provision/discovery
-   deserializers bounds-check every slice index (NVS size capped ≤ 4096).
-5. **Hardcoded secrets** — `ota_psk` is a per-call `Option<String>`, never embedded;
-   grep for embedded keys/tokens over `src/` is empty.
-6. **Shell plugin genuinely unused** — `tauri_plugin_shell` is `init()`-ed but its
-   `Command`/`open` API is never invoked from Rust or the TS UI (which imports only
-   `@tauri-apps/plugin-dialog`) — confirming WDP-DESK-02 is safe to remove.
-
-## Validation
-
- `cargo check -p wifi-densepose-desktop --no-default-features` → `Finished` (Windows, MEASURED).
- `cargo test -p wifi-densepose-desktop --no-default-features` → lib **18 → 21** (+3 validator pins:
-  `test_validate_wifi_credentials_rejects_injection` / `_rejects_out_of_range` / `_accepts_valid`),
-  integration 21/21, **0 failed**.
- Capability narrowing MEASURED: regenerated `capabilities.json` permission set verified.
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash `f8e76f21…46f7a`
-  unchanged (desktop off the signal proof path).
-
-## Consequences
-
-### Positive
- An IPC serial-command-injection path and an over-broad shell capability are
-  closed in the desktop app, each pinned / verified, with the rest of the
-  30-command IPC surface attested clean.
-
-### Negative / Neutral
- None. The removed shell capability was unused; the validator rejects only
-  malformed/hostile credentials.
-
-## Links
- ADR-176 / ADR-177 — sibling Milestone-#9 reviews (ruview-swarm, nvsim)
- ADR-172 — core/cli review
@@ -1,81 +0,0 @@
-# ADR-179: `wifi-densepose-occworld-candle` Checkpoint-Load Hardening
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — 1 HIGH + 2 LOW bugs fixed + pinned (MEASURED on Windows) |
-| **Date** | 2026-06-15 |
-| **Deciders** | ruv |
-| **Codename** | **OCCWORLD-DTYPE** |
-| **Reviews** | `wifi-densepose-occworld-candle` (Candle occupancy-world model) |
-| **Milestone** | #9 (ungated-crate security sweep) — crate 4 of 4 — **CLOSES the milestone** |
-
-## Context
-
-`wifi-densepose-occworld-candle` is a Candle-based occupancy-world model
-(VQ-VAE + transformer over occupancy tokens). The real risk surface for an ML
-crate is degenerate-input / malformed-weights handling: a `#[forbid(unsafe_code)]`
-crate can still **panic** (a DoS, and under WASM an abort) when a tensor op hits an
-inconsistent shape. The crate **builds and tests on Windows**, so all findings are
-MEASURED.
-
-## Decision
-
-Fix the three reachable bugs, each pinned by a fails-on-old test; attest the rest
-clean with evidence.
-
-### Findings fixed (all MEASURED)
-
-| # | Severity | Location | Issue | Fix |
-|---|----------|----------|-------|-----|
-| 1 | **HIGH** | `model.rs:95` (`Dtype::I32 => Some(DType::I64)`) | **Crash on any int32-tensor checkpoint.** An I32 byte buffer (4 B/elem) is handed to `from_raw_buffer(.., I64, shape, ..)`; candle derives `elem_count = data.len()/8`, **halving** the count while keeping the original shape → a tensor that claims 2× its storage. Reading it **panics** with a slice-OOB (`range end index 6 out of range for slice of length 3`) inside candle-core. A checkpoint with any int32 tensor (index/buffer tensors are common in PyTorch exports) → **DoS on load**. | Map `I32 → DType::I32`, `I16 → DType::I16` (both first-class candle dtypes). Pinned by `int32_tensor_loads_with_consistent_shape_and_values` (panics on old, passes on new). |
-| 2 | LOW | `inference.rs::predict` | Frame/batch dims weren't validated (only H/W/D were): `f_in > num_frames*2` over-indexes the temporal embedding → a cryptic candle `InvalidIndex` *error* (not a panic — candle bounds-checks); zero frame/batch feeds a zero-element tensor. | Boundary guard rejects zero / over-capacity frame+batch with a clear `ShapeMismatch`. 5 pins. |
-| 3 | LOW | `vqvae.rs:141` (`z.elem_count() / last`) | **Divide-by-zero panic** in public `VQCodebook::encode` on a rank-0 / empty-last-dim tensor (`last == 0`). | Fail-closed guard returns a clear error. Pinned by `encode_rejects_scalar_without_panicking`. |
-
-The HIGH finding is the notable one: the crate's own dtype mapping **defeated**
-the upstream `safetensors::validate()` byte-length guarantee by misdeclaring the
-dtype — the one place malformed/widened weights could reach a panicking candle op.
-
-### Dimensions confirmed clean (with evidence)
-
- **Panic surface** — grep for `unwrap()/expect()/panic!/unreachable!` across `src/`
-  → **zero in production paths**; all ops use `?`/`map_err`; the `last().unwrap_or(&0)`
-  is now guarded. `as` casts operate only on config-bounded/internal values.
- **NaN-state-poisoning (the named class) — N/A.** The engine is **stateless between
-  `predict` calls** (no persistent world-model buffer to latch into), and input is
-  `u8` class indices (non-finite input structurally impossible). NaN weights flow to
-  `argmax` (deterministic, bounded to a valid class index) — no panic, no persistence.
- **Unbounded alloc / shape-data mismatch from malformed weights** — defended upstream
-  by `safetensors::validate()` (overflow-checked `nelements*dtype.size()` vs declared
-  byte range + contiguous-offset + buffer-length checks), rejected before reaching
-  candle. Finding #1 was the one place the crate defeated that guarantee.
- **Model/path loading** — `load`/`load_safetensors` check `path.exists()` → typed
-  `CheckpointNotFound`; corrupt bytes → `CheckpointParse` (pinned). No path-traversal
-  surface (caller-supplied path, opened read-only, never joined with untrusted segments).
- **Secrets** — grep clean (only `token_h`/`token_w` config fields match `token`).
- **Determinism** — the crate's central honesty claim, verified by the pre-existing
-  `tests/predict_honesty.rs` (3 tests, still pass).
- `unsafe_code = "forbid"` in the manifest.
-
-## Validation
-
- `cargo test -p wifi-densepose-occworld-candle --no-default-features` → **31/31**
-  (lib 17, checkpoint_loading 4, input_validation 5, predict_honesty 3, doctests 2),
-  0 failed.
- `cargo test --workspace --no-default-features` → 0 failed across every crate (a lone
-  `wifi-densepose-desktop --test api_integration` "Access is denied (os error 5)" was a
-  Windows file-lock/AV flake — re-ran isolated 21/21, unrelated).
- `python archive/v1/data/proof/verify.py` → **VERDICT: PASS**, hash `f8e76f21…46f7a`
-  unchanged (occworld off the signal proof path).
-
-## Consequences
-
-### Positive
- A checkpoint-load DoS (the int32 dtype-widening panic) and two degenerate-input
-  panics are closed in the world-model crate, each pinned. **Milestone #9 (all 4
-  ungated crates) is complete.**
-
-### Negative / Neutral
- None. Guards reject only malformed/degenerate inputs.
-
-## Links
- ADR-176 / ADR-177 / ADR-178 — sibling Milestone-#9 reviews (ruview-swarm, nvsim, desktop)
@@ -1,279 +0,0 @@
-# ADR-182: `npx ruview` — A RuView Agent Harness Minted via MetaHarness
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — **P1+P2 implemented & validated** (`harness/ruview/`, 17/17 tests, MCP handshake + `ruview.verify` PASS against the real repo, packs to 16.7 kB / 21 files) · P3 publish-ready (name decision pending) · P4 (router + provenance) designed |
-| **Date** | 2026-06-17 |
-| **Deciders** | ruv |
-| **Codename** | **RUVIEW-HARNESS** |
-| **Builds on** | MetaHarness (`metaharness@0.1.15`, `@metaharness/kernel`, `@metaharness/host-*`, `@metaharness/router`), the `ruview-*` Claude Code subagents (`ruview-onboarding-guide`, `ruview-config-engineer`, `ruview-training-engineer`), the `wifi-densepose` CLI (`calibrate`/`enroll`/`train-room`/`room-watch`), the sensing-server, ADR-028 (witness verification), ADR-095/096 (rvCSI runtime), ADR-260/262 (RuField bridge) |
-| **Supersedes** | none |
-
-## Context
-
-RuView (WiFi-DensePose) is a deep stack — 15 Rust crates, an ESP32 firmware line,
-a sensing-server, a CLI, ~180 ADRs, a calibration pipeline, training recipes, and a
-hard cultural rule that **every claim must be independently reproducible** (the
-"prove everything" ethos, after the project was accused of AI-slop). The barrier to
-entry is correspondingly steep: a newcomer who wants to "set up WiFi sensing" must
-discover the right firmware variant, provision an ESP32 over a Windows-only Python
-subprocess, point it at the sensing-server, run `calibrate` → `enroll` →
-`train-room`, and know which numbers are MEASURED vs CLAIMED. We already encode this
-knowledge as **Claude Code subagents** (`ruview-onboarding-guide`,
-`ruview-config-engineer`, `ruview-training-engineer`) — but those only exist inside
-*this* repo's `.claude/agents/`, only on Claude Code, and only for someone who has
-already cloned the monorepo.
-
-Separately, this session shipped **MetaHarness** (`metaharness@0.1.15`): a tool that
-*"mints a custom AI agent harness from any repo"*, runnable on **9 hosts**
-(claude-code, codex, pi-dev, hermes, openclaw, rvm, copilot, opencode,
-github-actions) over a wasm-primary / NAPI-RS-fallback **kernel**, with a
-**cost-optimal model router** (`@metaharness/router`, the productized DRACO Phase-2
-k-NN finding) and ed25519/SLSA/SBOM provenance baked in. Crucially, MetaHarness
-**already ships a `vertical:ruview` template** in its template list. That template
-is generic scaffolding; it is not wired to RuView's actual tools, agents, or the
-"prove everything" guardrails.
-
-The gap: **there is no single, host-portable, provenance-signed entry point that
-gives any user an AI agent that actually knows how to operate RuView.** A user
-should be able to run one command —
-
-```bash
-npx ruview
-```
-
-— in an empty directory (or alongside an ESP32) and get an agent harness that can
-onboard them, configure firmware, drive a live capture, train a room model, and
-**refuse to overstate accuracy** — on whichever coding host they already use.
-
-## Decision
-
-**Mint a first-class RuView agent harness from this repo using MetaHarness, harden
-its `vertical:ruview` template into a RuView-specific harness with a real MCP tool
-surface and the project's honesty guardrails, and publish it as `npx ruview`.**
-
-`npx ruview` is *not* a new runtime. It is a **thin, versioned distribution** of a
-MetaHarness harness: the kernel + host adapters + a RuView "genome" (skills, agents,
-MCP tools, guardrails) generated from and pinned against this monorepo. The harness
-is the product; `npx ruview` is the front door.
-
-### Why mint-from-repo instead of hand-writing a harness
-
-MetaHarness's value here is exactly the work we would otherwise hand-roll across 9
-hosts: host-specific config (`.claude/settings.json` MCP + hooks for claude-code,
-the codex/copilot/opencode equivalents), the kernel that abstracts wasm-vs-native,
-the cost router, and the provenance chain. We write the **RuView knowledge once** as
-host-neutral genome assets; MetaHarness projects them onto each host adapter. This
-also keeps the harness regenerable: when the CLI or an ADR changes, re-mint and
-re-pin rather than maintaining 9 divergent copies.
-
-### What the harness contains (the RuView genome)
-
-1. **Skills / playbooks** (host-neutral markdown, projected to each host's skill
-   format):
-   - `onboard` — zero-to-sensing path picker (Docker demo / repo build / live
-     ESP32), the physics caveats, the hardware table. Port of
-     `ruview-onboarding-guide`.
-   - `provision-node` — ESP-IDF v5.4 Windows-subprocess build/flash/provision flow
-     (the exact MSYSTEM-stripped invocation from `CLAUDE.local.md`), firmware
-     variant selection (8MB display / 4MB no-display / C6), NVS + WiFi + channel /
-     MAC-filter overrides (ADR-060).
-   - `calibrate-room` — `baseline → enroll → extract → train` via the
-     `wifi-densepose` CLI (`calibrate`/`calibrate-serve`/`enroll`/`train-room`/
-     `room-watch`, ADR-151).
-   - `train-pose` — camera-supervised + camera-free training, the MEASURED-vs-CLAIMED
-     discipline, the mean-pose baseline check (ADR-079, ADR-152, ADR-181).
-   - `verify` — run the witness bundle + Python proof (`verify.py` → VERDICT: PASS),
-     ADR-028.
-   - Ports of `ruview-config-engineer` and `ruview-training-engineer`.
-
-2. **MCP tool surface** (`@metaharness/kernel`-hosted MCP server, one schema per
-   capability — see "MCP tools" below). This is what makes the harness *operate*
-   RuView, not just talk about it.
-
-3. **Guardrails** (the differentiator): the harness's system prompt and a
-   pre-output hook enforce the "prove everything" rule — accuracy numbers must be
-   tagged MEASURED (with a reproducer) or CLAIMED; the agent must run the mean-pose
-   baseline before quoting PCK; firmware fixes are never presented as
-   hardware-validated without a real boot log (the exact discipline this session
-   followed for `v0.8.1-esp32`).
-
-4. **Host adapters** — claude-code first (P1), then codex / opencode / copilot /
-   pi-dev / hermes / rvm / github-actions (P3+), each via the published
-   `@metaharness/host-*` package.
-
-5. **Router** — `@metaharness/router` routes each step to the cheapest adequate
-   model (e.g. a var-rename or a log-grep → Haiku; calibration-math reasoning or a
-   security review → Sonnet/Opus), mirroring the repo's 3-tier routing (ADR-026).
-
-### MCP tools (the operational surface)
-
-| Tool | Wraps | Purpose |
-|------|-------|---------|
-| `ruview.onboard` | docs + agent | Pick a setup path, print the next concrete command |
-| `ruview.node.flash` | ESP-IDF subprocess (ADR `CLAUDE.local.md`) | Build + flash a firmware variant to a COM port |
-| `ruview.node.provision` | `provision.py` | Set SSID/password/target-ip/channel/MAC-filter over serial |
-| `ruview.node.monitor` | pyserial | Stream boot log; assert CSI is flowing (MGMT+DATA) |
-| `ruview.server.up` | sensing-server | Start the Axum sensing-server (`:3000`/`:5005`/`:8765`) |
-| `ruview.calibrate` | `wifi-densepose calibrate`/`enroll`/`train-room` | Run the ADR-151 room pipeline |
-| `ruview.room.watch` | `wifi-densepose room-watch` | Live presence/vitals from a trained room |
-| `ruview.verify` | `scripts/generate-witness-bundle.sh` + `verify.py` | Produce/verify the witness bundle (must be N/N PASS) |
-| `ruview.claim.check` | static lint | Scan output for untagged accuracy claims; flag MEASURED-vs-CLAIMED |
-
-Each tool returns structured JSON and is fail-closed: a tool that cannot prove its
-result (e.g. `ruview.node.monitor` sees no CSI callbacks) returns an honest negative,
-never a fabricated success — consistent with the RuField `map_privacy` fail-closed
-posture (ADR-262 §3.3).
-
-### The mint + pin flow (how the harness is produced)
-
-```bash
-# P1 — mint from this repo, claude-code host, RuView vertical
-npx metaharness ruview --template vertical:ruview --host claude-code \
-  --from-existing . --description "RuView WiFi-sensing operator agent" \
-  --target ./harness/ruview
-
-# readiness + fit/cost/safety scorecards (ADR-041) — gate before publish
-npx metaharness genome .        # 7-section repo readiness
-npx metaharness score .  --json # fit / cost / safety
-npx metaharness analyze .       # recommended harness plan (no-exec)
-```
-
-The minted harness is committed under `harness/ruview/` and **pinned** (kernel +
-host-adapter + router versions locked) so `npx ruview` is reproducible. Re-minting on
-a CLI/ADR change is a reviewed PR, not an implicit regeneration.
-
-### Distribution: `npx ruview`
-
-A small published package whose `bin` boots the pinned harness via the kernel:
-
- **Preferred name:** `ruview` (currently **free** on npm — verified 2026-06-17).
- **Risk:** npm's typosquat filter may reject `ruview` as too close to `review` /
-  `preview` (this session hit exactly that on `ruvn`→`levn`/`raven` and
-  `worldgraph`→`world-graph`). **Fallback:** publish scoped `@ruvnet/ruview` (also
-  free) and/or `npx ruvnet/ruview` straight from GitHub. Decide at publish time;
-  do not unpublish to rename (the 24-h name-lock lesson from `worldgraphs`).
- `bin: { "ruview": "bin/cli.js" }` — note **`bin/cli.js`, not `./bin/cli.js`** (npm
-  strips the `./` form; this broke `ruvn@0.1.0` this session).
- `npx ruview` with no args → `onboard` skill (interactive path picker).
-  `npx ruview <skill> [...]` → run a specific skill. `npx ruview --host codex` →
-  install the harness into an existing repo for that host.
-
-## Architecture
-
-```
-            npx ruview                      (thin bin — boots the pinned harness)
-                │
-        @metaharness/kernel                 (wasm primary · NAPI-RS native fallback)
-        ├── host adapter  ── claude-code | codex | opencode | copilot | pi-dev | hermes | rvm | github-actions
-        ├── @metaharness/router             (k-NN cost-optimal model routing — DRACO P2 / ADR-026)
-        └── RuView genome  (pinned)
-            ├── skills      onboard · provision-node · calibrate-room · train-pose · verify
-            ├── mcp tools   ruview.node.* · ruview.calibrate · ruview.room.watch · ruview.verify · ruview.claim.check
-            └── guardrails  MEASURED-vs-CLAIMED · mean-pose baseline · no-unvalidated-firmware-claims
-                │
-        RuView assets (the real system the agent drives)
-        ├── wifi-densepose CLI       calibrate / enroll / train-room / room-watch
-        ├── sensing-server           :3000 / :5005 / :8765
-        ├── ESP-IDF subprocess       build / flash / provision / monitor  (COM8/COM9/COM12)
-        └── witness bundle + verify.py
-```
-
-Provenance: the harness ships an **ed25519 witness + SBOM (SPDX) + SLSA** chain
-(MetaHarness already does this for minted harnesses), so a recipient can verify the
-RuView harness was built from a specific monorepo commit — the agentic analogue of
-the firmware witness bundle (ADR-028).
-
-## Phases
-
- **P1 — Mint & pin (claude-code).** `npx metaharness ruview --template
-  vertical:ruview --from-existing . --host claude-code`. Port the three `ruview-*`
-  subagents into host-neutral genome skills. Commit under `harness/ruview/`, pin
-  versions. Acceptance: `npx metaharness score .` ≥ threshold; the harness can run
-  `onboard` and `verify` end-to-end locally.
- **P2 — MCP tool surface.** Implement the `ruview.*` MCP tools over the kernel
-  (start with `onboard`, `verify`, `claim.check`, `node.monitor` — the read-only /
-  proving tools), then the mutating ones (`node.flash`, `provision`, `calibrate`).
-  Acceptance: `ruview.verify` returns the witness bundle PASS as structured JSON;
-  `ruview.claim.check` flags a seeded untagged "100% accuracy" string.
- **P3 — Publish `npx ruview` + multi-host.** Publish the bin package (name decision
-  per Distribution). Add codex / opencode / copilot / pi-dev / hermes / rvm /
-  github-actions adapters. Acceptance: `npx ruview` cold-starts on ≥3 hosts and runs
-  `onboard`; provenance verifies.
- **P4 — Router + guardrail hardening.** Wire `@metaharness/router`; calibrate the
-  3-tier routing on a RuView task set. Make the MEASURED-vs-CLAIMED guardrail a hard
-  pre-output gate. Acceptance: a benchmark of RuView tasks shows cost reduction vs
-  all-Opus with no quality regression; the guardrail blocks an untagged accuracy
-  claim in a red-team prompt.
-
-## Consequences
-
-**Positive**
- One reproducible, signed entry point (`npx ruview`) that operates RuView on the
-  host the user already has — onboarding goes from "clone a 15-crate monorepo" to a
-  single `npx`.
- The "prove everything" ethos becomes **executable**, not just documentation: the
-  harness *enforces* MEASURED-vs-CLAIMED and the mean-pose baseline.
- Knowledge written once (host-neutral genome) instead of 9× per host; regenerable
-  from the repo as the system evolves.
- Dogfoods MetaHarness on a hard real vertical, surfacing bugs back to
-  `agent-harness-generator` (this session already filed #9–#13 there).
-
-**Negative / risks**
- **Drift:** a pinned harness goes stale as the CLI/ADRs move; mitigated by a
-  re-mint-on-change PR ritual and a CI check that the genome's referenced
-  CLI flags still exist.
- **Surface area:** mutating MCP tools (`node.flash`, `provision`) touch hardware and
-  the network — must be permission-gated and fail-closed; the firmware-flash tool
-  must never claim hardware validation without a captured boot log.
- **Name/typosquat:** `ruview` may be rejected at publish; scoped fallback decided in
-  P3. Do not unpublish-to-rename.
- **Host parity:** not all 9 hosts support MCP + hooks equally; the guardrail gate
-  may degrade to advisory on weaker hosts — must be disclosed in the badge, not
-  hidden (same honesty principle as ADR-181's backend badge).
- **Windows-coupled tooling:** the ESP-IDF flow is Windows-subprocess-specific
-  today; the `node.*` tools are gated to that environment until a cross-platform
-  path exists.
-
-## Alternatives considered
-
-1. **Keep the `ruview-*` subagents repo-local (status quo).** Zero new surface, but
-   stays Claude-Code-only and clone-gated; no portable front door. Rejected — it's
-   the gap this ADR exists to close.
-2. **Hand-write a bespoke `npx ruview` harness (no MetaHarness).** Full control, but
-   re-implements the kernel, 9 host adapters, the router, and the provenance chain
-   we already ship — months of duplicated work and 9 divergent configs to maintain.
-   Rejected.
-3. **Use the generic `vertical:ruview` template as-is.** It's scaffolding with no
-   real tools or guardrails — it would *talk about* RuView without being able to
-   *operate* it or enforce honesty. Rejected as insufficient; P2 is precisely the
-   hardening that makes it real.
-4. **Ship only an MCP server (no harness/host adapters).** Covers tools but not the
-   skills, routing, guardrails, or multi-host projection — a strictly smaller subset
-   of this design. Folded in as the P2 layer rather than the whole.
-
-## Open questions
-
- Final published name: bare `ruview` vs scoped `@ruvnet/ruview` vs GitHub-only
-  `npx ruvnet/ruview` — resolve against the typosquat filter at P3.
- Does the harness bundle the `wifi-densepose` binary, shell out to a user-installed
-  one, or offer both? (Leaning: shell out; print install guidance if absent.)
- Where do the `node.*` hardware tools live for non-Windows users — defer, or wrap
-  the rvCSI runtime (ADR-095/096) which is cross-platform Rust?
- Should `ruview.verify` gate `npx ruview` self-tests in CI (harness can't publish if
-  the witness bundle regresses)?
- Relationship to the RuField MFS harness surface (ADR-260/262) — one harness with a
-  RuField skill, or a sibling `npx rufield`?
-
-## References
-
- MetaHarness: `metaharness@0.1.15` (`npx metaharness`, templates incl.
-  `vertical:ruview`; hosts: claude-code/codex/pi-dev/hermes/openclaw/rvm/copilot/
-  opencode/github-actions), `@metaharness/kernel`, `@metaharness/router`,
-  `@metaharness/host-*`, repo `github.com/ruvnet/agent-harness-generator`.
- RuView subagents: `ruview-onboarding-guide`, `ruview-config-engineer`,
-  `ruview-training-engineer` (`.claude/agents/`).
- ADR-026 (3-tier model routing), ADR-028 (witness verification), ADR-041
-  (MetaHarness scorecards), ADR-060 (channel / MAC-filter overrides), ADR-079
-  (camera ground-truth training), ADR-095/096 (rvCSI runtime), ADR-151 (per-room
-  calibration), ADR-152/181 (WiFlow / browser pose), ADR-260/262 (RuField bridge).
@@ -1,98 +0,0 @@
-# ADR-183: Onboard LED as a 40 Hz Gamma Stimulus, Colour-Mapped from Live CSI via `ruv-neural-viz`
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted — implemented & hardware-confirmed on ESP32-S3 N16R8 (COM8) |
-| **Date** | 2026-06-17 |
-| **Deciders** | ruv |
-| **Codename** | **GAMMA-VIZ** |
-| **Builds on** | `ruv-neural-viz::ColorMap` (now `no_std` — ruvnet/ruv-neural#3 / RuView#1126), the ESP32 edge `motion_energy` metric (`edge_processing.c`), PR #962 (WS2812 on GPIO 48) |
-
-## Context
-
-Two threads converged. (1) `ruv-neural-viz::ColorMap` — the viridis/cool-warm
-palette the rUv-Neural stack uses to render brain-topology graphs — was `std`-only,
-so it couldn't run on the ESP32. (2) The onboard WS2812 on the S3 CSI node was dead
-weight: the firmware only cleared it on boot (and on the wrong pin for N16R8 — GPIO
-38 vs the actual 48, see #962).
-
-The ask: make the LED do something real and honest, using the project's own visual
-capability — not a decorative blink. The natural fit is a **40 Hz gamma stimulus**
-(the GENUS gamma-entrainment frequency from Alzheimer's light-therapy research)
-whose **colour is driven by live sensed motion**, so the node's front panel is both
-a known bio-stimulus waveform and a truthful readout of what the CSI is detecting.
-
-## Decision
-
-### Part A — make `ColorMap` `no_std`
-
-`colormap.rs` is self-contained (no cross-crate deps), so expose it on `no_std`
-targets. The only blockers were two `std`-only `f64` ops:
-
- `f64::round` / `f64::abs` → replaced with `core`+`alloc`-safe helpers `fround`
-  (round via `f64 as i64` truncation — a `core` cast, no `libm`) and `fabs`.
- `Vec`/`String`/`format!` → from `alloc`.
-
-The graph-bound modules (`animation`/`ascii`/`export`/`layout`) and their heavy deps
-move behind a default `std` feature; `--no-default-features` builds the crate `no_std`
-and exposes only `colormap`. Output is **byte-identical** (8/8 colormap tests pass with
-the same RGB values), so this is a pure portability change.
-
-### Part B — the LED stimulus (firmware)
-
-`firmware/esp32-csi-node/main/main.c`, on boot:
-
- WS2812 on **GPIO 48** (N16R8 / DevKitC-1 v1.1; GPIO 8 on C6).
- An `esp_timer` periodic at **12 500 µs toggles a square wave → 40 Hz, 50 % duty**
-  (full-on / full-off — a *perceptible* gamma flicker, not a colour drift).
- **ON-phase colour = live CSI motion.** Each ON phase reads `edge_get_vitals().motion_energy`,
-  normalises it (`/ LED_MOTION_FULLSCALE`, clamped `[0,1]`), and indexes a **60-step
-  viridis LUT generated from `ColorMap::viridis().map()`** — still = dark purple,
-  strong motion = yellow.
-
-The LUT is baked from the real crate (Part A makes the same `ColorMap` embeddable
-for a future direct FFI path once the ESP Rust toolchain is in CI). The colours are
-therefore provably `ruv-neural-viz`'s, and the motion is provably real.
-
-## Honesty (what it is and is not)
-
- **40 Hz is a real square-wave stimulus** (12.5 ms on / 12.5 ms off), not a label on
-  a colour sweep. It is *not* tied to any measured 40 Hz brain rhythm — it is an
-  *output* stimulus at the gamma frequency, not a readout of neural gamma.
- **Colour is a real CSI readout** — `motion_energy` is the on-device phase-variance
-  motion metric the node already computes; no fabrication. At rest the LED sits at the
-  purple (low) end and flickers there.
- No therapeutic claim is made. 40 Hz GENUS entrainment is cited as the *origin of the
-  frequency choice*, not as a validated medical effect of this device.
-
-## Consequences
-
-**Positive**
- The LED is now an honest front-panel: gamma-frequency flicker + a live motion readout.
- `ColorMap` is embeddable (`no_std`), unblocking on-device use of the rUv-Neural
-  palette beyond this LED.
- Confirms #962's GPIO-48 fix visually (the LED lights on N16R8).
-
-**Negative / risks**
- Changes the *default* firmware behaviour: the onboard LED animates instead of staying
-  off. Now **gated by `CONFIG_LED_GAMMA_VIZ`** (default `y`); set it `n` for a dark,
-  lower-power boot (the LED is just cleared) — no source change needed.
- A 40 Hz flicker can be an issue for photosensitive users; document on the enclosure
-  and disable `CONFIG_LED_GAMMA_VIZ` in those deployments.
- The saturation point is now `CONFIG_LED_MOTION_FULLSCALE_MILLI` (default 250 = 0.25),
-  operator-tunable; still not auto-calibrated per-environment.
- The colour uses a baked LUT, not the live Rust `ColorMap` (FFI path deferred — needs
-  the ESP Rust/xtensa toolchain, not yet in CI).
-
-## Validation
-
- `ruv-neural-viz`: `cargo build` (std) ✓, `cargo test colormap` 8/8 ✓ (identical RGB),
-  `cargo build --no-default-features` compiles `no_std` ✓.
- Firmware: built (1.13 MB), flashed to ESP32-S3 N16R8 (COM8). Boot log:
-  `Onboard WS2812: 40 Hz gamma flicker (GENUS), colour=CSI motion via ruv-neural-viz, GPIO 48`;
-  CSI continues (27–38 pps), `motion=0.00` at rest → purple flicker as designed.
- Full on-device (xtensa) Rust build of `ColorMap` not run — ESP Rust toolchain absent.
-
-## References
- ruvnet/ruv-neural#3 (ColorMap no_std), RuView#1126 (submodule bump), #962 (GPIO 48).
- Singer/Tsai GENUS 40 Hz gamma entrainment (origin of the frequency, not a device claim).
@@ -1,390 +0,0 @@
-# ADR 260: RuField Multimodal Field Sensing Specification
-
-Status: Accepted — v0.1 reference stack
-
-Date: 2026 06 14
-
-Deciders: rUv
-
-Tags: sensing, rf, csi, cir, bfld, radar, ultrasonic, infrared, quantum sensing, privacy, provenance, ruvector, ruview
-
-## 1. Context
-
-RuView proved that commodity wireless signals can be used as a practical sensing substrate. The next opportunity is larger: define a common specification for multimodal ambient sensing across RF, ultrasonic, subsonic, infrared, radar, and future quantum sensors.
-
-Existing standards are valuable but fragmented.
-
-IEEE 802.11bf 2025 standardizes WLAN sensing at the WiFi MAC and PHY layers and was published on September 26, 2025. It is important, but it is WiFi specific.
-
-Bluetooth Channel Sounding standardizes techniques for obtaining phase and time delay information, but Bluetooth SIG explicitly does not define the distance algorithm. That leaves application level interpretation open.
-
-IEEE 802.15.4z HRP UWB supports secure ranging using scrambled timestamp sequence waveforms, but UWB remains one modality rather than a universal sensing grammar.
-
-Matter is a useful smart home interoperability protocol, but it is a device connectivity layer, not a multimodal field sensing specification.
-
-The gap is clear: there is no open specification that normalizes sensor observations across CSI, CIR, BFLD, radar, ultrasound, subsonic vibration, thermal infrared, and quantum field sensing into one privacy aware, provenance rich, fusion ready event model.
-
-## 2. Decision
-
-Create **RuField MFS**, the RuField Multimodal Field Sensing Specification.
-
-RuField MFS will define a common event, tensor, calibration, confidence, privacy, and provenance model for ambient field sensing.
-
-It will not replace IEEE 802.11bf, Bluetooth Channel Sounding, UWB, Matter, radar protocols, or device vendor APIs.
-
-It will sit above them.
-
-```text
-WiFi CSI
-WiFi CIR
-WiFi BFLD
-UWB
-Bluetooth Channel Sounding
-mmWave radar
-Ultrasonic
-Subsonic
-Infrared
-Quantum magnetic sensing
-Quantum inertial sensing
-
-all emit
-
-RuField Field Event
-RuField Field Tensor
-RuField Fusion Graph
-RuField Privacy Class
-RuField Provenance Receipt
-```
-
-## 3. Name
-
-Preferred name: `RuField MFS`
-
-Full name: `RuField Multimodal Field Sensing Specification`
-
-Public positioning: `The open specification for camera free field intelligence.`
-
-## 4. Problem Statement
-
-Modern sensing systems are locked into modality specific silos: CSI systems produce channel matrices; radar produces range Doppler bins; UWB produces range and time of flight; Bluetooth Channel Sounding produces phase and timing primitives; infrared produces thermal arrays; ultrasonic produces acoustic echoes; subsonic produces structural vibration signatures; quantum sensors produce magnetic, inertial, or optical field traces.
-
-Each has different sampling, calibration, confidence, privacy, and provenance semantics. This prevents reliable fusion and makes governance weak because raw sensing, derived sensing, biometric inference, and anonymous occupancy are often mixed without explicit boundaries.
-
-## 5. Goals
-
-1. Define a common multimodal sensing event format.
-2. Define a field tensor format spanning time, frequency, phase, amplitude, range, velocity, angle, temperature, vibration, and uncertainty.
-3. Define a modality registry for RF, acoustic, infrared, radar, and quantum sensing.
-4. Define privacy classes for raw waveforms, derived features, occupancy, anonymized aggregate state, and biometric inference.
-5. Define calibration receipts and provenance hashes.
-6. Define fusion rules for multimodal inference.
-7. Provide a Rust reference implementation.
-8. Provide benchmark tasks for camera free room intelligence.
-9. Make RuView one adapter inside a larger open sensing architecture.
-
-## 6. Non Goals
-
-1. Do not define a new wireless PHY.
-2. Do not replace IEEE 802.11bf.
-3. Do not replace Bluetooth Channel Sounding.
-4. Do not replace UWB secure ranging.
-5. Do not define medical diagnosis.
-6. Do not transmit speech, images, or raw biometric identity by default.
-7. Do not require cloud inference.
-8. Do not require expensive hardware.
-
-## 7. Core Abstraction — the Field Event
-
-A Field Event is a timestamped observation from any ambient field sensor.
-
-```json
-{
-  "spec": "rufield.mfs.v0.1",
-  "event_id": "01J00000000000000000000000",
-  "timestamp_ns": 1791986400000000000,
-  "sensor": {
-    "modality": "wifi_csi",
-    "vendor": "esp32_c6",
-    "device_id": "sensor_room_01",
-    "placement": "ceiling_corner",
-    "clock_domain": "local_ptp"
-  },
-  "field": {
-    "carrier_hz": 5805000000,
-    "bandwidth_hz": 80000000,
-    "sample_rate_hz": 100,
-    "channels": 234,
-    "features": ["amplitude", "phase", "doppler", "range_proxy"]
-  },
-  "observation": {
-    "space_cell": [4, 2, 1],
-    "range_m": 3.42,
-    "velocity_mps": 0.18,
-    "motion_vector": [0.12, -0.03, 0.00],
-    "confidence": 0.87,
-    "privacy_class": "P2"
-  },
-  "provenance": {
-    "raw_hash": "sha256:raw_measurement_hash",
-    "firmware_hash": "sha256:firmware_hash",
-    "model_id": "ruvector_field_encoder_v1",
-    "calibration_id": "room_cal_2026_06_14"
-  }
-}
-```
-
-## 8. Modality Registry
-
-| Code | Modality             | Example source                          |
-| ---: | -------------------- | --------------------------------------- |
-|    1 | wifi_csi             | ESP32 C6, Intel BE200, AP CSI           |
-|    2 | wifi_cir             | channel impulse response                |
-|    3 | wifi_bfld            | beamforming feedback                    |
-|    4 | uwb_hrp              | IEEE 802.15.4z ranging                  |
-|    5 | ble_channel_sounding | phase and timing primitives             |
-|    6 | mmwave_radar         | range Doppler radar                     |
-|    7 | ultrasonic           | echo and time of flight                 |
-|    8 | subsonic             | structural vibration and room resonance |
-|    9 | infrared_thermal     | thermal array or passive IR             |
-|   10 | active_infrared      | reflected IR                            |
-|   11 | lidar_phase          | phase based optical range               |
-|   12 | quantum_magnetic     | NV diamond or OPM field trace           |
-|   13 | quantum_inertial     | atom interferometer or precision IMU    |
-|   14 | event_camera         | optional visual event stream            |
-|   15 | synthetic_sim        | simulator or replay source              |
-
-## 9. Field Tensor
-
-The normalized numeric container (`Modality`, `FieldAxis`, `FieldTensor`) as specified in the implementation crate `rufield-core`.
-
-## 10. Privacy Classes
-
-| Class | Description                      | Example                         |
-| ----- | -------------------------------- | ------------------------------- |
-| P0    | Raw waveform or raw sensor frame | raw CSI, raw radar cube         |
-| P1    | Derived non identity features    | Doppler peak, thermal blob      |
-| P2    | Occupancy and motion only        | person present, bed exit        |
-| P3    | Anonymous aggregate state        | room count, zone activity       |
-| P4    | Biometric or health inference    | breathing, gait, sleep, scratch |
-| P5    | Identity linked inference        | named person state              |
-
-Default system policy: edge storage may retain P0 only temporarily; network transmission defaults to P2 or lower; P4 requires explicit consent; P5 requires explicit identity binding and audit log.
-
-## 11. Provenance Receipt
-
-Every event must be auditable (`ProvenanceReceipt`). Acceptance invariant: **No fused inference is valid unless every contributing event has a provenance receipt or is explicitly marked synthetic.**
-
-## 12. Fusion Graph
-
-Nodes: sensor, event, field_tensor, feature, object, zone, state, inference, receipt.
-Edges: observed_by, derived_from, calibrated_by, supports, contradicts, fused_into, expires_at, requires_consent.
-
-## 13. Fusion Rule Format
-
-Human readable TOML rules (`rule.person_present`, `rule.bed_exit`, `rule.nocturnal_scratch`) with `inputs`, `method`, `threshold`, `privacy_max`, optional `window_ms` and `requires_consent`.
-
-## 14. Reference Architecture
-
-Layer 0 physical sensors; Layer 1 native adapters; Layer 2 field tensor normalization; Layer 3 RuVector field embeddings; Layer 4 fusion graph; Layer 5 policy and privacy guard; Layer 6 application event stream; Layer 7 dashboard, API, MCP, Matter bridge.
-
-## 15. Rust Crate Layout
-
-`rufield-core`, `rufield-schema`, `rufield-adapters`, `rufield-fusion`, `rufield-privacy`, `rufield-provenance`, `rufield-bench`, `rufield-viewer`.
-
-## 16. Core Rust Interfaces
-
-`FieldAdapter`, `FieldEncoder`, `FusionEngine`, `PrivacyGuard` traits as specified in `rufield-core`.
-
-## 17. MVP Adapters
-
-v0.1 must support three real modalities: WiFi CSI, mmWave radar, Infrared thermal. Optional: ultrasonic, subsonic, synthetic simulator.
-
-## 18. Benchmark Suite
-
-| Task                    |   Metric |       Target |
-| ----------------------- | -------: | -----------: |
-| Presence detection      |       F1 |         0.90 |
-| Room transition         |       F1 |         0.85 |
-| Bed exit                |       F1 |         0.90 |
-| Breathing detected      |       F1 |         0.80 |
-| Nocturnal scratch       |       F1 |         0.75 |
-| Fall like event         |   Recall |         0.95 |
-| False alarm rate        | per hour |   below 0.10 |
-| Event latency           |      p95 | below 100 ms |
-| Provenance coverage     |  percent |          100 |
-| Privacy violation count |    count |            0 |
-
-## 19. First Viral Demo
-
-Camera free room intelligence: person enters, sits, breathing detected, sleeps, scratches arm, exits bed, leaves room — no camera, no identity, signed field receipts, live fusion graph, privacy class visible per event.
-
-## 20. Data Model
-
-`FieldEvent { spec_version, event_id, timestamp_ns, sensor, tensor, observation, provenance }` and `Observation { zone_id, space_cell, range_m, velocity_mps, motion_vector, confidence, labels, privacy_class }`.
-
-## 21. Decision Matrix
-
-| Option                                        | Interop | Novelty | Buildability | Business value | Risk | Score |
-| --------------------------------------------- | ------: | ------: | -----------: | -------------: | ---: | ----: |
-| Extend RuView only                            |       2 |       2 |            5 |              3 |    2 |    14 |
-| Build proprietary fusion engine               |       3 |       3 |            4 |              4 |    3 |    17 |
-| Create open RuField spec plus reference stack |       5 |       5 |            4 |              5 |    3 |    22 |
-| Attempt new hardware standard                 |       5 |       5 |            1 |              4 |    5 |    20 |
-
-Decision: **Create open RuField spec plus reference stack.** It maximizes credibility, extensibility, and ecosystem pull while avoiding the impossible burden of defining a new physical layer.
-
-## 22. Security Model
-
-| Threat                              | Impact                          | Mitigation                             |
-| ----------------------------------- | ------------------------------- | -------------------------------------- |
-| Raw waveform leakage                | privacy breach                  | P0 edge only by default                |
-| Biometric inference without consent | legal and trust risk            | P4 consent gate                        |
-| Sensor spoofing                     | false occupancy or safety event | signed sensor receipts                 |
-| Replay attack                       | forged event stream             | nonce plus timestamp plus hash chain   |
-| Model drift                         | wrong inference                 | calibration expiry and benchmark gates |
-| Overfitting to one room             | weak generalization             | room split benchmark                   |
-| Vendor firmware change              | silent degradation              | firmware hash in receipt               |
-
-## 23. Calibration Model
-
-`CalibrationReceipt` is first class. Required calibration tasks: empty room baseline, single person walk path, sit and stand, bed or couch transition, breathing reference, no motion stability period.
-
-## 24. Inference Semantics
-
-Every inference must include: label, confidence, supporting events, contradicting events, privacy class, calibration id, model id, expiry time.
-
-## 25. Consequences
-
-Positive: RuView becomes part of a larger sensing ecosystem; the spec creates a standards-style wedge without waiting for silicon vendors; multimodal fusion becomes portable; privacy and provenance become differentiators; enterprise deployment becomes easier to justify; benchmark receipts reduce skepticism.
-
-Negative: broad scope can dilute execution; hardware variability will be painful; calibration is the hardest practical problem; some will claim existing standards already solve parts of this; medical and biometric use cases require careful governance.
-
-Mitigation: keep v0.1 narrow; ship real adapters; publish benchmark receipts; do not claim medical diagnosis; position RuField above existing standards.
-
-## 26. Implementation Plan
-
-Phase 1 spec skeleton; Phase 2 Rust core; Phase 3 adapters; Phase 4 fusion graph; Phase 5 dashboard; Phase 6 benchmark.
-
-## 27. Acceptance Criteria
-
-v0.1 is accepted when:
-
-1. Three modalities stream into one event graph.
-2. Every event has a privacy class.
-3. Every event has a provenance receipt.
-4. Fusion produces at least five room state inferences.
-5. p95 event pipeline latency is below 100 ms.
-6. Benchmark runner produces deterministic reports.
-7. Raw waveform storage is disabled by default.
-8. P4 inference requires consent policy approval.
-9. Dashboard shows live camera free room intelligence.
-10. Spec is readable enough for external implementers.
-
-## 28. Reference Repository Structure
-
-Crates under `v2/crates/rufield-*` (workspace members), spec under `docs/rufield/`, benches under `rufield-bench`.
-
-## 29. Open Questions
-
-1. JSON Schema first, Protobuf first, or both?
-2. Default transport: MQTT, NATS, WebSocket, or MCP?
-3. Matter integration: bridge or first class target?
-4. P4 health inference disabled by default in public demos?
-5. Benchmark datasets synthetic first, then real world?
-6. Include quantum modality IDs even if adapters are synthetic only?
-
-## 30. Recommendation
-
-Proceed. Publish RuField as an open specification with a working Rust reference stack and a viral camera free room intelligence demo.
-
-## 31. Benchmark Acceptance Test
-
-```text
-Given a room with WiFi CSI, mmWave radar, and thermal IR sensors
-When a person enters, sits, breathes, exits bed, and leaves
-Then RuField emits signed events
-And classifies room state without a camera
-And keeps all default network events at P2 or below
-And produces p95 latency below 100 ms
-And produces a deterministic benchmark report
-```
-
---
-
-## Implementation Status (v0.1 reference stack)
-
-The v0.1 reference stack is implemented as a **standalone Cargo workspace**
-(`rufield/`, published as `github.com/ruvnet/rufield` and vendored into RuView
-as a submodule — the `vendor/rvcsi` pattern). It is pure Rust, builds and tests
-on Windows with no native deps (`ndarray`/`tch`/`openblas` are not used), and
-depends only on `serde`, `serde_json`, `toml`, `sha2`, and `ed25519-dalek`.
-
-**All metrics below are SYNTHETIC.** They are scored against the simulator's own
-ground-truth labels. They demonstrate the pipeline recovers known truth and runs
-within latency/privacy/provenance budgets — they are **not** field-validated
-accuracy. There is no hardware in v0.1; real adapters (ESP32 CSI, mmWave, thermal
-IR) are a documented follow-up (see the repo README "Firmware" section).
-
-### Crates delivered
-
-| Crate | Implements |
-|-------|-----------|
-| `rufield-core` | §7/§9/§16/§20 data model: `Modality` (15), `FieldAxis`, `FieldTensor` (shape↔values validated), `PrivacyClass` (P0–P5), `SensorDescriptor`, `Observation`, `FieldEvent`, `CalibrationReceipt`, `InferenceQuery`, `FieldInference`, `FieldEmbedding`; `FieldAdapter`/`FieldEncoder`/`FusionEngine`/`PrivacyGuard` traits. §7 JSON example round-trips. |
-| `rufield-provenance` | Real `sha256` content hashing + deterministic `ed25519` sign/verify; §11 `is_fusable` invariant. Tests: tamper → verify fails; synthetic event fusable without signer. |
-| `rufield-privacy` | §10 default policy + `DefaultPrivacyGuard` (`authorize` → Allow/Deny/RequiresConsent). Tests: P0 transmit denied; P4 no-consent → RequiresConsent; P4 consent → Allow; P2 → Allow; P5 needs identity binding. |
-| `rufield-adapters` | Deterministic seeded `SyntheticSim` emitting the §19 sequence across 3 modalities (wifi_csi, mmwave_radar, infrared_thermal). Same seed ⇒ identical signed event stream with ground-truth labels. |
-| `rufield-fusion` | `FusionGraph` (§12) + `RuFieldFusion` engine; TOML rules (§13, ≥5 inferences: person_present, sitting, sleeping, breathing, nocturnal_scratch, bed_exit, room_transition); weighted-Bayes + temporal-window; rejects non-fusable events; `FieldInference` with §24 fields. |
-| `rufield-bench` | Deterministic runner: F1 per task (SYNTHETIC), p95 latency, provenance coverage, privacy violations; JSON + human table; §31 acceptance test as `#[test]`. |
-
-Total test count across the workspace: **60 tests, 0 failed**.
-`cargo clippy --workspace` is clean.
-
-### §27 acceptance-criteria scorecard
-
-| # | Criterion | Status |
-|---|-----------|--------|
-| 1 | Three modalities stream into one event graph | **PASS** — wifi_csi, mmwave_radar, infrared_thermal |
-| 2 | Every event has a privacy class | **PASS** — `Observation.privacy_class` (non-optional), default ≤ P2 |
-| 3 | Every event has a provenance receipt | **PASS** — every event is ed25519-signed and verifies; coverage 100% |
-| 4 | Fusion produces ≥ 5 room-state inferences | **PASS** — 7 distinct inferences produced |
-| 5 | p95 event pipeline latency < 100 ms | **PASS** — p95 ≈ 0.01 ms (in-process) |
-| 6 | Benchmark runner produces deterministic reports | **PASS** — identical report across runs (latency is the only wall-clock field) |
-| 7 | Raw waveform storage disabled by default | **PASS** — P0 network transmission denied by default policy |
-| 8 | P4 inference requires consent policy approval | **PASS** — P4 without consent → RequiresConsent; breathing/scratch rules carry `requires_consent = true` |
-| 9 | Dashboard shows live camera-free room intelligence | **PASS** — `rufield-viewer` (Axum + vanilla JS) streams the deterministic SyntheticSim→fusion demo: live room state, privacy-badged (P0–P5) event log, fusion graph, click-to-open signed-receipt modal, behind a permanent `SYNTHETIC — simulated sensors, no hardware` banner. `cargo run -p rufield-viewer`. Read-only demo viewer (not a device-management console — that's the real-adapter milestone). |
-| 10 | Spec readable for external implementers | **PASS** — ADR-260 + detailed standalone README with compiling usage examples |
-
-**Decision:** **all §27 criteria 1–10 PASS** (criterion 9, the live dashboard,
-was completed by `rufield-viewer`). Status is **Accepted — v0.1 reference stack**.
-
-### Deterministic benchmark report (SYNTHETIC, seed = 2026)
-
-```text
-TASK (SYNTHETIC)       METRIC      VALUE     TARGET    MEETS
-presence                   f1      1.000      0.900      yes
-breathing                  f1      1.000      0.800      yes
-nocturnal_scratch          f1      0.923      0.750      yes
-bed_exit                   f1      1.000      0.900      yes
-room_transition            f1      1.000      0.850      yes
-----------------------------------------------------------------------------------
-p50 latency:          0.0097 ms
-p95 latency:          0.0123 ms   (target < 100 ms: PASS)
-provenance coverage:  100.0 %      (target 100%: PASS)
-privacy violations:   0          (target 0: PASS)
-events=216  modalities=3  distinct_inferences=7
-```
-
-All five scored §18 tasks meet their F1 targets **on synthetic ground truth**.
-`nocturnal_scratch` is 0.923 (one borderline noise tick at this seed) — reported
-honestly rather than tuned to 1.0. The fall-like / false-alarm-rate §18 rows are
-not scored in v0.1 (no fall is in the demo sequence) and are a follow-up. These
-numbers prove the fusion pipeline scores correctly against known truth; they say
-**nothing** about real-world accuracy, which requires the hardware adapters that
-v0.1 deliberately does not ship.
-
-### Honest statement
-
-Every metric here is simulator-based. No ESP32 CSI, mmWave, or thermal capture
-was used. RuField v0.1 is a working, honestly-measured reference pipeline —
-data model, provenance, privacy, fusion, and a deterministic benchmark — pending
-real hardware adapters.
@@ -1,200 +0,0 @@
-# ADR-261: RuVector Graph-ANN Index — a real HNSW baseline + a SymphonyQG-style quantized variant, MEASURED
-
-| Field | Value |
-|-------|-------|
-| **Status** | Accepted |
-| **Date** | 2026-06-14 |
-| **Deciders** | ruv |
-| **Codebase target** | `wifi-densepose-ruvector` — `hnsw.rs`, `hnsw_quantized.rs`, `ann_measure.rs`, `benches/ann_bench.rs`, docs |
-| **Relates to** | ADR-084 (RaBitQ similarity sensor — 1-bit sketch), ADR-156 (RuVector beyond-SOTA sweep — §5 #1 SymphonyQG, §8/§10/§11 RaBitQ Pass-2/multi-bit/estimator), ADR-024 (AETHER re-ID), ADR-016/017 (RuVector integration) |
-| **Scope** | Build the **missing HNSW graph-ANN baseline** in the ruvector retrieval path, build a **SymphonyQG-style quantized-traversal variant** on the same graph, and **MEASURE** the real recall/QPS ratio between them — closing the ADR-156 §5 #1 gap honestly. Resolves ADR-156 §8 backlog item **"SymphonyQG reproduction"** from **CLAIMED-only** to **MEASURED-direction-tested**. |
-
---
-
-## 0. PROOF discipline (this ADR's contract)
-
-This project has been publicly accused of "AI slop." This ADR answers with **evidence, not adjectives** — the same contract as ADR-154/156:
-
- The HNSW index ships a **committed recall@10 correctness gate** (≥ 0.95 vs brute force on a planted-cluster fixture). Low recall means a graph bug; the gate is wired to fail in that case. It **did** fail first — and caught a real index-out-of-bounds bug in the insert path (§4) — which is exactly what a real gate is for.
- Every QPS/recall number below is **MEASURED** on this box with a committed, deterministic, `--no-default-features`-runnable measurement (`src/ann_measure.rs`, `ann_bench_report`) and a committed criterion bench (`benches/ann_bench.rs`). Both call **one** shared fixture/measurement module, so the bench and the report can never measure different graphs.
- The **headline result is an honest negative**: at our test scale the SymphonyQG-style quantized variant **does not beat float HNSW at equal recall** — the 1-bit Hamming traversal is too coarse to keep recall up. We report the real numbers, explain *why*, and state the expected large-N crossover. **We did not tune the quantized path to manufacture the 3.5–17× the source claims.** A measured negative + a scale caveat is a valid, publishable result.
- We are explicit that this is **OUR HNSW + OUR 1-bit quantization, not SymphonyQG's exact system**. It tests the **direction** of the claim on our hardware/data, not a 1:1 reproduction.
-
-Test machine: Windows 11, `cargo test --release`, `std::time::Instant` wall-clock. Numbers are warm medians on this box; the **ratio** is the claim, not the absolute QPS.
-
-Reproduce:
-```bash
-cd v2 && cargo test -p wifi-densepose-ruvector --no-default-features --release \
-  ann_bench_report -- --nocapture
-# Larger N: ANN_BENCH_N=50000 cargo test ... --release ann_bench_report -- --nocapture
-cargo bench -p wifi-densepose-ruvector --bench ann_bench
-```
-
---
-
-## 1. Context
-
-The ruvector crate's retrieval path — AETHER re-ID hot-cache (ADR-024), the `sketch.rs` 1-bit prefilter (ADR-084), room fingerprinting — is, at its core, an **approximate nearest-neighbour (ANN)** problem: dense float embedding in, top-K similar ids out. But **the crate had no graph index**. Every `topk` was either a linear scan (`O(N·d)` per query) or a 1-bit Hamming prefilter over a linear scan. That is `O(N)` per query and does not scale.
-
-[ADR-156 §5 #1](ADR-156-ruvector-fusion-beyond-sota.md) graded **SymphonyQG** (SIGMOD 2025) the **lead beyond-SOTA ANN candidate**, citing the source's claim of **3.5–17× QPS over HNSW at equal recall**, but marked it **CLAIMED**:
-
-> *"author-measured; **not reproduced on our hardware** — reproduction is future work."*
-
-And ADR-156 §8 was blunt about *why* it could not be reproduced: **there was no HNSW baseline to compare against.** You cannot measure a ratio against a baseline that does not exist. This ADR builds that missing baseline, builds the quantized variant that tests the direction of the SymphonyQG bet, and measures the real ratio.
-
---
-
-## 2. Decision
-
-1. Add a correct, dependency-free **float HNSW** graph index (`hnsw.rs`): the real Malkov & Yashunin (TPAMI 2018) algorithm — multi-layer navigable small-world graph, `ef_construction` / `ef_search`, the Algorithm-4 neighbour-selection heuristic, seeded-deterministic level assignment, L2 + cosine. This is the **baseline** ADR-156 said was missing.
-2. Add a **SymphonyQG-style quantized-traversal variant** (`hnsw_quantized.rs`): the *same* graph (same seed, same structure), but the beam search scores candidates with a **cheap 1-bit Hamming distance** over the RaBitQ Pass-2 rotated sign code (reusing `rotation.rs` + the sign-quantization of `sketch.rs`), then **exact-float reranks** the final candidate set. This is the SymphonyQG bet — cheaper per-node scoring, recovered by a final exact rerank.
-3. **Measure** linear vs float-HNSW vs quantized-HNSW (recall@10, QPS, equal-recall ratios) on one deterministic planted-cluster fixture, and record the honest verdict against the SymphonyQG 3.5–17× claim.
-
-### Why 1-bit Hamming for the quantized traversal
-
-The crate already had the exact pieces SymphonyQG fuses: a deterministic orthogonal rotation (`rotation.rs`, RaBitQ Pass-2) and sign-quantization (`sketch.rs`). A 1-bit code compares by POPCNT Hamming — a few machine words, no per-dimension float work — so it is the cheapest possible traversal score and the most direct test of "can a quantized score keep the beam on the right path." The cost (measured below): the 1-bit code is a *coarse* angle proxy (ADR-156 §10 measured ~46% strict-K coverage for sign-only), and that coarseness is what limits recall here.
-
---
-
-## 3. Design
-
-### 3.1 `hnsw.rs` — float HNSW (the baseline)
-
- **Graph.** `links[id][layer]` adjacency; layer 0 holds every node, higher layers exponentially sparser. `m_max` is `2·M` on layer 0, `M` above (the paper's asymmetric degree cap).
- **Insert.** Greedy-descend the upper layers to a good entry point, then for each layer from the node's level down to 0: `search_layer` for `ef_construction` candidates, `select_neighbours` (Algorithm 4 — keep a candidate only if it is closer to the new node than to any already-selected neighbour, giving diverse navigable edges), wire bidirectional edges, re-prune any neighbour that overflows `m_max`. The node is pushed into the arrays **before** wiring so every `links[*]` index is valid mid-insert (§4 — the bug the gate caught).
- **Search.** Greedy-descend layers `>0`, then best-first beam search of width `ef` on layer 0; return the closest `k`. Iterative (explicit heaps + visited set) — **no recursion**, bounded by the beam and the visited set.
- **Determinism.** Level assignment is the only randomness and is driven by a **seeded SplitMix64** (the exact pattern from `rotation.rs`) — never `Date::now`/OS RNG/unseeded `rand`. Same `(seed, params, insertion order)` ⇒ bit-identical graph and search (pinned by `hnsw_is_deterministic_for_seed`).
- **Robustness.** Empty index, `k==0`, `k>n`, single node, zero-dim, ragged query, `ef<k` all return cleanly — pinned by `*_no_panic` tests.
-
-### 3.2 `hnsw_quantized.rs` — the SymphonyQG-style variant
-
-Same graph as the float index (identical seed/structure — the **only** variable is the scoring), plus a per-node `ceil(D/8)`-byte 1-bit Pass-2 sign code (`D = next_pow2(dim)`). `search_quantized(query, k, ef, rerank)`:
-1. Encode the query to its 1-bit code (one rotation + sign pack).
-2. Greedy-descend + beam-search the graph scoring every visited node by **POPCNT Hamming** (query-code XOR node-code) — no per-dim float work.
-3. **Exact-float rerank** the top `rerank` Hamming candidates with the true L2/cosine metric, return the best `k`.
-
-### 3.3 Security / robustness
-
-Both indices: bounded **iterative** traversal (no unbounded recursion), no panic on empty/degenerate/ragged/zero-dim input (the metric compares over the shorter prefix; zero-norm cosine returns max distance, not NaN). The 1-bit encode handles padded dims via the existing `Rotation::apply_padded`.
-
---
-
-## 4. The bug the correctness gate caught (disclosed, not hidden)
-
-The first run of the recall@10 gate **panicked**: `index out of bounds: the len is 33 but the index is 33` in `search_layer`. Root cause: `insert` wired bidirectional edges (`links[nbr][l].push(id)`) **before** pushing the new node's own `links[id]` row into the array. A later traversal step in the *same* insert could hop to a neighbour that now pointed at `id` and read `links[id]` — which did not exist yet. Fix: push the node (with empty per-layer link lists) into `vectors`/`links`/`levels` **up front**, then wire edges into its existing slot. The new node has no incoming edges and empty outgoing lists until wiring, so it is unreachable by the searches that run first — pushing early is safe and keeps every index valid. This is exactly why the recall gate exists: a silent low-recall graph and an out-of-bounds panic are both "slop" the gate forces into the open.
-
---
-
-## 5. The SymphonyQG claim being tested
-
-| Source | Claim | Grade (before this ADR) |
-|--------|-------|-------------------------|
-| SymphonyQG, SIGMOD 2025 | **3.5–17× QPS over HNSW at equal recall**, via quantization unified with graph traversal, pure-CPU/edge-portable | **CLAIMED** — author-measured, *not reproduced on our hardware (no HNSW baseline existed)* |
-
-The bet: a quantized traversal score is cheap enough — and accurate enough to keep the beam on-path — that you pay far less per visited node and recover the small recall loss with a final exact rerank.
-
---
-
-## 6. MEASURED results
-
-Fixture: planted-cluster synthetic, **dim=128, N=10,000, 64 clusters, 200 queries, K=10, noise=0.35**, L2 metric, `M=16`, `ef_construction=200`. Graph seed `0x6261524741484E53`, rotation seed `0x5EEDC0DE12345678`. `--release`, warm wall-clock on the test machine. (The fixture and both indices are shared by the criterion bench.)
-
-| Method | recall@10 | QPS | latency (µs) |
-|--------|-----------|-----|--------------|
-| **linear scan (brute force)** | 1.0000 | 1,022 | 978 |
-| **float-HNSW** ef=16 | 0.9945 | **25,744** | 39 |
-| float-HNSW ef=32 | 0.9990 | 21,470 | 47 |
-| float-HNSW ef=64 | 1.0000 | 18,779 | 53 |
-| float-HNSW ef=128 | 1.0000 | 12,722 | 79 |
-| float-HNSW ef=256 | 1.0000 | 5,742 | 174 |
-| quant-HNSW ef=32 rr=20 | 0.1620 | 30,005 | 33 |
-| quant-HNSW ef=32 rr=100 | 0.2615 | 36,388 | 28 |
-| quant-HNSW ef=64 rr=100 | 0.4865 | 20,603 | 49 |
-| quant-HNSW ef=128 rr=100 | 0.6785 | 13,718 | 73 |
-| quant-HNSW ef=256 rr=100 | **0.7380** | 6,578 | 152 |
-
-### Equal-recall QPS ratios
-
-| Target recall | Fastest float-HNSW | Fastest quant-HNSW meeting it | quant/float | float/linear |
-|---------------|--------------------|-------------------------------|-------------|--------------|
-| ≥ 0.90 | ef=16 → 25,744 QPS | **none** (best quant recall = 0.738) | — | **25.19×** |
-| ≥ 0.95 | ef=16 → 25,744 QPS | **none** | — | **25.19×** |
-| ≥ 0.99 | ef=16 → 25,744 QPS | **none** | — | **25.19×** |
-
---
-
-## 7. Honest verdict
-
-**The HNSW baseline is a decisive win over linear scan: ~25× QPS at recall ≥ 0.99** (ef=16: 0.9945 recall, 25,744 QPS vs linear 1,022 QPS). The correctness gate (recall@10 ≥ 0.95 vs brute force, both L2 and cosine) holds. This is the baseline ADR-156 §5 #1 said did not exist — it now does.
-
-**The SymphonyQG-style quantized variant does NOT beat float HNSW at our scale — direction REFUTED at N=10k.** The 1-bit Hamming traversal is too coarse: its best achievable recall is **0.738** (ef=256, rr=100), and it never reaches even the 0.90 equal-recall point where a fair QPS comparison could be made. Where the quantized score *is* faster (ef=32: ~30–36k QPS, beating float's 25.7k), its recall collapses to 0.16–0.26 — a meaningless win. There is **no equal-recall operating point** at which quantized is faster, so the SymphonyQG 3.5–17× claim is **not reproduced** by our 1-bit construction here.
-
-**Why** (so the negative is understood, not just stated):
-1. The 1-bit sign code is a **coarse angle proxy** — ADR-156 §10 already measured it at ~46% strict-K coverage. Driving graph *traversal* by that coarse score steers the beam onto the wrong nodes, and the exact-float rerank can only recover what the beam actually visited. At N=10k, near-neighbours have nearly-identical sign codes, so Hamming cannot separate them.
-2. At this scale **float distance is already cheap**: one 128-d L2 is a handful of µs; the per-node float compute the quantization saves is small relative to the recall it costs. SymphonyQG's win shows up at **much larger N** (millions), where (a) the float-distance fraction of query time dominates and (b) their *multi-bit RaBitQ-fused* code (not our 1-bit sign code) keeps recall high. **Expected crossover: large N + a higher-bit code.** ADR-156 §10 already measured that a ≤4-bit code reaches ~74% strict coverage vs 1-bit's ~46%, so a multi-bit traversal score is the obvious next lever — deferred, not claimed.
-
-**Caveat (stated plainly):** this is **our** HNSW + **our** 1-bit quantization, not SymphonyQG's system. We tested the *direction* of the claim ("does quantized traversal + rerank beat float HNSW at equal recall?") on our hardware/data and got a **measured no at N=10k**. That neither confirms nor refutes SymphonyQG's own published numbers on their system/scale — it refutes the direction *for our construction at our scale*, and identifies the two levers (scale, code bit-depth) a real reproduction would need.
-
---
-
-## 8. Validation
-
- **`cd v2 && cargo test -p wifi-densepose-ruvector --no-default-features --lib`** — **156 passed / 0 failed, 1 ignored** (M1 added 20: 10 `hnsw`, 7 `hnsw_quantized`, 3 `ann_measure`; M2 added 5 multi-bit/scaling tests; `scaling_report` is the `#[ignore]` measurement that produced the §11 table).
- **`cargo test --workspace --no-default-features`** — GREEN (see §10 for the count).
- **Correctness gate verified to bite:** the recall@10 gate **panicked** on the first (buggy) insert path (§4); after the fix it passes at 0.99+ recall (L2 and cosine).
- **`cargo test -p wifi-densepose-ruvector --no-default-features --release ann_bench_report -- --nocapture`** — prints the §6 table; the numbers above are copied verbatim from that run.
- **`cargo bench -p wifi-densepose-ruvector --bench ann_bench`** — compiles and runs the same fixture through criterion.
- **`python archive/v1/data/proof/verify.py`** — **VERDICT: PASS** (the Rust ANN work is independent of the Python signal-proof pipeline; hash unchanged).
-
---
-
-## 9. Consequences
-
-**Positive.** ruvector now has a real, deterministic, pure-Rust HNSW graph index (25× over linear scan at high recall) usable by the AETHER re-ID / sketch-prefilter path — the ANN substrate ADR-156 §5 #1 wanted. The SymphonyQG claim is no longer CLAIMED-only: we built the missing baseline and **measured** the direction, with the bug-caught-by-the-gate disclosed.
-
-**Negative / honest.** The 1-bit quantized variant is **not** an equal-recall QPS win at our scale; it is shipped as a measured experiment with a clearly-stated ceiling, not as a recommended default. Anyone reaching for it must read §7.
-
-**Resolved by Milestone-2 (§11, MEASURED — no longer deferred).**
- **Multi-bit traversal score** — implemented (`b ∈ {1,2,4}` bits/dim over the Pass-2 rotated coordinates) and measured. It *does* lift quantized recall (at N=10k, b=4 reaches the 0.90 equal-recall regime where 1-bit could not), but still does not beat float HNSW QPS.
- **Large-N crossover measurement** — measured at N ∈ {10k, 100k, 250k}. **The predicted large-N crossover did NOT materialize — it moved the wrong way** (quant recall *collapses* as N grows). See §11.
-
-**Deferred (not silently dropped).**
- **Wiring HNSW into the live re-ID path** (AETHER hot-cache / sketch prefilter) behind a flag.
- **N ≥ 1M + SymphonyQG's exact RaBitQ-fused construction** — our impl refutes the *direction* at ≤250k; a true 1:1 reproduction at million-scale with their fused codes remains a separate, larger build.
-
---
-
-## 10. What changed, file by file
-
- `hnsw.rs` (new) — float HNSW: graph, seeded-deterministic level assignment, Algorithm-2 beam search, Algorithm-4 neighbour selection, L2/cosine, brute-force ground truth, full degenerate-case guards; 10 tests incl. the recall@10 correctness gate (L2 + cosine) and determinism. The insert-order bug fix (§4).
- `hnsw_quantized.rs` (new) — SymphonyQG-style quantized-traversal index over the shared graph: 1-bit Pass-2 code per node, Hamming-scored greedy + beam, exact-float rerank; 7 tests incl. the rerank-recall gate and determinism.
- `ann_measure.rs` (new) — shared deterministic fixture + recall/QPS measurement for linear / float-HNSW / quant-HNSW, the `ann_bench_report` test (the §6 source of truth), `ANN_BENCH_N` override.
- `benches/ann_bench.rs` (new) + `Cargo.toml` `[[bench]]` — criterion bench over the same fixture/indices.
- `lib.rs` — `pub mod hnsw / hnsw_quantized / ann_measure`; re-export `HnswIndex`, `HnswParams`, `Metric`, `QuantizedHnswIndex`.
- `ADR-156-ruvector-fusion-beyond-sota.md` §5 #1 + §8 backlog — SymphonyQG regraded **CLAIMED → MEASURED-direction-tested (refuted at N=10k for our 1-bit construction)**, pointing here.
- `CHANGELOG.md` — `[Unreleased]` entry.
-
---
-
-## 11. Milestone-2 — multi-bit traversal + large-N scaling study (MEASURED)
-
-M1 (§7) refuted the SymphonyQG direction at N=10k with a 1-bit code, and *predicted* a crossover at "large N + a higher-bit code." M2 builds both levers and measures them — so the prediction is tested, not assumed.
-
-**Built:** `hnsw_quantized.rs` generalized from 1-bit to a **`b`-bit-per-dimension** code (`b ∈ {1,2,4}`, a mid-rise quantizer over the same `RANGE=3.0` rotated coordinates as ADR-156 §10's `measure_multibit`); `ann_measure.rs` gained `run_scaling_study` / `best_float_op` / `best_quant_op` + a deterministic `scaling_report` (`#[ignore]`, `--release`) and a CI-safe `scaling_study_small_is_consistent`. Memory: **16 / 32 / 64 bytes/node** for b = 1 / 2 / 4.
-
-**MEASURED** (dim=128, 64 clusters, 200 queries, K=10, L2, M=16, ef_construction=200, seeded, `--release`, this box; target recall ≥ 0.90):
-
-| N | bits | B/node | quant best recall | float @ target | quant @ target | quant/float |
-|--:|--:|--:|--:|--|--|--:|
-| 10,000 | 1 | 16 | 1.000 | 23,155 QPS @ r=0.995 | 4,482 QPS @ r=0.965 | **0.19×** |
-| 10,000 | 2 | 32 | 1.000 | 23,155 QPS @ r=0.995 | 10,658 QPS @ r=0.908 | **0.46×** |
-| 10,000 | 4 | 64 | 1.000 | 23,155 QPS @ r=0.995 | 11,217 QPS @ r=0.946 | **0.48×** |
-| 100,000 | 1 / 2 / 4 | 16/32/64 | 0.207 / 0.346 / 0.788 | 2,493 QPS @ r=0.938 | none (never ≥ 0.90) | — |
-| 250,000 | 1 / 2 / 4 | 16/32/64 | 0.108 / 0.210 / 0.624 | 1,593 QPS @ r=0.925 | none | — |
-
-**Verdict — NO crossover at any measured (N, b) up to 250k, and the trend REFUTES the large-N prediction:**
-1. **Multi-bit helps at small N but not enough.** At N=10k, more bits lift the equal-recall QPS ratio 0.19× → 0.46× → 0.48× (and let b≥2 actually *reach* the 0.90 bar that 1-bit missed) — but quant stays **below 1.0×**, i.e. slower than float HNSW at equal recall.
-2. **The predicted large-N crossover moved the wrong way.** As N grows 10k → 100k → 250k, quant's best achievable recall **collapses** (b=4: 1.000 → 0.788 → 0.624) and never reaches the 0.90 comparison point, while float HNSW holds ≥0.92. A denser graph packs near-neighbours whose low-bit codes are nearly identical, so the approximate score steers the beam off-path faster than the bigger float-distance savings can repay. The "crossover at millions" intuition is **not supported by our construction's trend** — if anything it diverges.
-3. **Caveat unchanged:** this is our HNSW + our per-node multi-bit code, not SymphonyQG's RaBitQ-fused graph. The result refutes the *direction* for our construction at ≤250k; it does not disprove their published numbers on their system at their scale. A real 1:1 reproduction is the deferred million-scale build.
-
-This is a **published negative with the mechanism explained** — the multi-bit + scaling levers were built and measured rather than asserted, and the honest outcome (no crossover, trend diverging) is recorded, not hidden.
@@ -1,207 +0,0 @@
-# ADR-262: RuField MFS ↔ RuView integration — a live SensingServerAdapter, a privacy/provenance bridge, MAPPED not papered-over
-
-| Field | Value |
-|-------|-------|
-| **Status** | Proposed — **P1 + P3 implemented** (live `/api/field` + `/ws/field`; P3 signs with a **dedicated dev/sensing key**, deferring the §8 Q1 `cog-ha-matter` key-ownership decision to P2) |
-| **Date** | 2026-06-14 |
-| **Deciders** | ruv |
-| **Codebase target** | New thin bridge crate `wifi-densepose-rufield` (v2 workspace member); taps `wifi-densepose-sensing-server` emit path + `wifi-densepose-engine` `TrustedOutput`; depends on `vendor/rufield/crates/rufield-*` via path (the `vendor/rvcsi` pattern) |
-| **Relates to** | ADR-260 (RuField MFS spec + v0.1 reference stack), ADR-261 (RuVector graph-ANN), ADR-141 (BFLD privacy control-plane / modes / attestation), ADR-137 (fusion-engine quality scoring / contradiction), ADR-032 (multistatic mesh security hardening / witness), ADR-116 (cog tamper-evident audit log — `cog-ha-matter` SHA-256+Ed25519), ADR-095/096 (`rvcsi` vendored-submodule precedent) |
-| **Scope** | Decide **how** RuView's live WiFi-CSI sensing-server emits RuField `FieldEvent`s, **whether** RuView's ruvsense fusion composes with or is wrapped by rufield-fusion, and **how** to reconcile RuView's existing privacy/witness/provenance machinery with RuField's P0–P5 + ed25519 `ProvenanceReceipt`. The privacy/provenance reconciliation is the crux. |
-
---
-
-## 0. PROOF discipline (this ADR's contract)
-
-This project has been publicly accused of "AI slop." This ADR answers with **evidence, not adjectives** — every "RuView already does X" carries a `file:line`, and every external/SOTA claim is graded.
-
- **No accuracy is claimed.** RuField v0.1 is **SYNTHETIC** end-to-end by its own admission (ADR-260 "Honest statement", line 386–390: *"Every metric here is simulator-based. No ESP32 CSI, mmWave, or thermal capture was used."*). RuView's only real-CSI rufield path today would be **replay of recorded `.csi.jsonl`, unlabeled** — `rufield-adapters::CsiReplayAdapter`'s own module doc (`vendor/rufield/crates/rufield-adapters/src/csi_replay.rs:19-31`) states it is *"real signal, replay from file not live hardware, unlabeled ⇒ proxy not validated accuracy."* This ADR therefore proposes **plumbing**, and grades its own claims as "ARCHITECTURE" (a design decision, testable by a round-trip/compile gate) vs "ACCURACY" (which it explicitly does not assert).
- The privacy/provenance section reports an **honest conflict**: RuView has **three** witness mechanisms across two hash algorithms, and **two** privacy enums, none of which map 1:1 onto RuField's P0–P5. We map them and recommend the cleanest reconciliation rather than asserting they already align.
- Each phase below ships an **independently testable gate** (a round-trip test, a privacy-monotonicity test, a signature-verify test) so the integration is provable, not aspirational.
-
---
-
-## 0.1 Implementation status
-
-**P1 (§4) is implemented** as the `wifi-densepose-rufield` bridge crate (`v2/crates/wifi-densepose-rufield/`, a new v2 workspace member; path-deps the `vendor/rufield` submodule per §5.4):
-
- **Input** — `SensingSnapshot` (owned primitives mirroring `SensingUpdate` features/classification/signal_field joined with the `TrustedOutput` `trust_class`/`demoted`/`identity_bound`); the bridge does **not** depend on `wifi-densepose-sensing-server` (anti-corruption layer).
- **Conversion** — `snapshot_to_field_event(&snap, &Signer)` emits a signed `FieldEvent` (`Modality::WifiCsi`, axis `[Frequency]`, real `timestamp_ns`); position derived from the signal-field peak when present (never fabricated); real sha256 `ProvenanceRef` + ed25519 signature, `synthetic = false`.
- **Privacy (§3.3 crux)** — `map_privacy()` maps by information content, **fail-closed**: `Raw → P0`, `Derived → P4` (or `P5` if identity-bound — **never P1**), `Anonymous → P2`, `Restricted → P2`; a `demoted` cycle floors egress to ≥ P2.
- **Gates that pass** (`tests/p1_gates.rs`, 15 tests / 0 failed = 5 unit + 9 integration + 1 doc): round-trip (snapshot → `FieldEvent` → serde → equal); `is_fusable` (verified ed25519 receipt); `RuFieldFusion::ingest` accept + `infer()` runs; **privacy-safety** (`gate_privacy_safety_derived_never_maps_to_low_privacy` — `Derived → P4/P5`, never P1; full §3.3 table; fail-closed demotion); determinism (same snapshot + same signer seed → byte-identical event).
-
-**P3 (§4) is implemented** as the live RuField surface in `wifi-densepose-sensing-server` (the bridge is now wired into the running server):
-
- **Tap** — at the ESP32 governed-trust cycle (`main.rs` `observe_cycle` ~`:5886` / `SensingUpdate` build ~`:5938`), a new `emit_rufield_event` joins the cycle's `SensingUpdate` (features / classification / signal_field) with the engine's recorded `effective_class` / `demoted` trust state into a `wifi_densepose_rufield::SensingSnapshot`, then `snapshot_to_field_event(&snap, &signer)`. Existing endpoints (`/ws/sensing` etc.) are **unchanged** — purely additive.
- **Surface** — `GET /api/field` (latest signed `FieldEvent`s + signer pubkey + a `dev_signing_key` flag) and `GET /ws/field` (broadcast stream, mirroring `/ws/sensing`), both mounted on the HTTP port and `/ws/field` also on the WS port. A small bounded ring buffer (`FIELD_RING_CAPACITY = 64`) holds recent **network-surfaced** events. New handler code lives in `src/rufield_surface.rs`, not in the 8k-line `main.rs`.
- **Signer (defers the P2 key decision)** — a **dedicated standalone `Signer`** held in server state, seeded from `WDP_RUFIELD_SIGNING_SEED` (64-hex or ≥32-byte value), else a deterministic dev default with a logged `WARN`. Reusing the `cog-ha-matter` Ed25519 key (§8 Q1) is the **deferred P2** decision — P3 uses a standalone sensing key so it does not pre-empt that call.
- **Egress privacy (fail-closed)** — `network_egress_allowed` is *stricter* than `DefaultPrivacyGuard` for an unattended live surface: only **P1/P2** leave the box; P0 (raw) and P3/P4/P5 (identity/biometric/aggregate above the default P2 ceiling) are held edge-local. A `Derived` cycle maps to P4/P5 and is therefore **never** surfaced. No-presence cycles emit nothing (no phantom events).
- **Gates that pass** (`tests/rufield_surface_test.rs`, 4 integration via `tower::oneshot` + 4 module unit, 0 failed): a well-formed **signed** event (`Modality::WifiCsi`, P2 not P1, `is_fusable` ed25519-verified, real timestamp); **empty cycle → no phantom**; **privacy-safety** — an injected `Derived` trust never surfaces on `/api/field`; a mixed stream surfaces only egress-safe events.
-
-**Deferred:** the §3.3 *provenance carrier* recommendation (reuse the `cog-ha-matter` SHA-256+Ed25519 chain + embed the BLAKE3 engine witness) is **not** in P1/P3 — both take a dedicated `Signer` (the §8 open question 1 key-ownership decision is unresolved; P3 uses a standalone dev/sensing key precisely so it does not pre-empt P2). P2's `cog-ha-matter` key reuse + BLAKE3-embed, and P4 (multi-modality), remain future work. **No accuracy is claimed** (§0 / §6) — P1/P3 are tested plumbing on a live endpoint + a safe privacy mapping; the live surface is single-link CSI with its existing caveats (no validated room-coordinate accuracy — `field_localize`).
-
---
-
-## 1. Context — two architectures, mapped
-
-### 1.1 RuField MFS (ADR-260, `vendor/rufield/`)
-
-A standalone pure-Rust Cargo workspace (serde, serde_json, toml, sha2, ed25519-dalek; **no tch/ndarray/candle**), vendored here as a git submodule (`git submodule status vendor/rufield` → `ba66e2e…`), **not** a v2 workspace member — exactly the `vendor/rvcsi` precedent (ADR-095/096). **Not published to crates.io**: every internal dep is a path dep with a nominal `version = "0.1.0"` (`vendor/rufield/Cargo.toml:31-37`); the `docs.rs/rufield-*` URLs are aspirational.
-
-The data model (graded ARCHITECTURE, evidence read directly):
-
- **`FieldEvent`** (`vendor/rufield/crates/rufield-core/src/event.rs:96-112`): `spec_version, event_id, timestamp_ns: u64, sensor: SensorDescriptor, tensor: FieldTensor, observation: Observation, provenance: ProvenanceRef`.
- **`Observation`** (`event.rs:25-51`): `zone_id, space_cell, range_m, velocity_mps, motion_vector, confidence: f32, features: BTreeMap<String,f32>` (the derived P1 scalars the fusion engine actually reads), `labels: Vec<String>` (ground-truth, **never read by fusion**), `privacy_class: PrivacyClass`.
- **`PrivacyClass`** (`rufield-core/src/privacy.rs:8-25`): `P0..P5`, `#[serde(rename_all="UPPERCASE")]`, `Ord` by declaration order so **P0 < P1 < … < P5** — higher = more private; `level()->u8` returns 0..=5 (`privacy.rs:27-40`).
- **`ProvenanceRef`** (on-wire, `event.rs:73-93`): `raw_hash, firmware_hash` (`sha256:…`), `model_id, calibration_id, synthetic: bool`, optional `signature_hex` / `signer_pubkey_hex` (detached ed25519).
- The four traits (`rufield-core/src/traits.rs`): **`FieldAdapter`** (`:26-38`, `next_event() -> Result<Option<FieldEvent>>`), **`FieldEncoder`** (`:41-51`, **unimplemented in v0.1** — an open seam), **`FusionEngine`** (`:54-63`, `ingest(event)` + `infer(&query)`), **`PrivacyGuard`** (`:86-97`, `authorize(class, Destination, consent, identity_bound) -> PrivacyDecision{Allow|Deny|RequiresConsent}`).
- **`CsiReplayAdapter`** (`rufield-adapters/src/csi_replay.rs`): constructed from **already-loaded text** (`from_jsonl(&str)` `:249-251`; `from_jsonl_with(text, device_id, &[u8;32])` `:254-323`) — **not** a path/`Read`/`Iterator`. Deserializes `CsiFrameRecord { timestamp: f64 (seconds), subcarriers: Vec<f64> }` (`:74-80`), buffers all frames into a `Vec<CsiFrame>`, then streams via a cursor (`next_event` `:550-557`). Maps each frame → `FieldEvent` with `Modality::WifiCsi`, axes `[Frequency]`, a Welford motion proxy, observation `privacy_class = P2 if presence else P1` (`:439-443`), real `sha256` raw-hash, and a **real ed25519 signature** (`signer.sign_event` `:507-510`). `max_privacy_class = P2`.
- **`RuFieldFusion`** (`rufield-fusion/src/engine.rs:55-78`): `ingest()` **rejects non-fusable events on its first line** — `if !is_fusable(&event) { return Err(NotFusable) }` (`:212-215`) — then reads `event.observation.features` into a bounded temporal window; `infer()` applies TOML rules (`WeightedBayes` noisy-OR / `TemporalWindow`) → `Vec<FieldInference>`. TOML rule struct: `inputs, method, feature, threshold, privacy_max, window_ms, requires_consent` (`rules.rs:17-35`).
- **`is_fusable`** (`rufield-provenance/src/lib.rs:179-184`): `synthetic == true` **OR** `verify_event().is_ok()` — the §11 invariant. Signing key is `ed25519_dalek 2.1`, deterministic from a 32-byte seed; raw hash is `sha256_hex` → `"sha256:<hex>"` (`:26-35`).
- **`DefaultPrivacyGuard`** (`rufield-privacy/src/lib.rs:38-110`): default `network_max = P2`, `allow_p0_network = false`. P5-no-identity → `Deny`; P4-no-consent → `RequiresConsent`; `EdgeLocal` → `Allow`; `Network` denies P0 and `class > network_max`.
- **`rufield-viewer`** (Axum 0.7): **self-contained, consumes `SyntheticSim` only** — all routes are read-only GET/SSE (`GET /api/run`, `GET /events`); **there is no ingest endpoint** (`vendor/rufield/crates/rufield-viewer/src/server.rs:63-72`). Feeding it a live stream requires adding a route.
-
-### 1.2 RuView (the integration target)
-
- **Sensing-server is Axum** (`v2/crates/wifi-densepose-sensing-server/src/main.rs:7498-7629`), two listeners (WS `:8765`, HTTP). CSI does **not** arrive over WS/HTTP — it arrives over **UDP** from ESP32 nodes (`use tokio::net::UdpSocket`, `main.rs:53`; `recv_from` loop `main.rs:5286-5299`), parsed by magic `0xC511_0001` → **`Esp32Frame`** (`types.rs:84-100`: `node_id, n_subcarriers, ppdu_type, amplitudes: Vec<f64>, phases: Vec<f64>`, rssi/freq/sequence) → pushed into per-node `NodeState.frame_history: VecDeque<Vec<f64>>` (`main.rs:441-497`).
- **`/ws/sensing` emits a `SensingUpdate`** (`main.rs:267-317`), broadcast over a `tokio::sync::broadcast` channel (`s.tx.send(json)` `main.rs:5938-5991`; the WS handler just subscribes and forwards, `main.rs:3021-3073`). `SensingUpdate` carries `nodes`, `features`, `classification {motion_level, presence, confidence}`, `signal_field`, `persons: Vec<PersonDetection>` (17 COCO keypoints + `position:[f64;3]` from `field_localize`, `main.rs:403-428`), pose, vitals. **`field_localize` (PR #1050) is a module, not a route** (`mod field_localize` `main.rs:17`; honesty caveat `field_localize.rs:16-27` — a single ESP32 link cannot resolve true room position, `position` is "strongest field peak").
- **ruvsense fusion is strictly WITHIN-WiFi-modality.** `MultistaticFuser::fuse(&[MultiBandCsiFrame]) -> FusedSensingFrame` (`v2/crates/wifi-densepose-signal/src/ruvsense/multistatic.rs:285-288`) attention-weights **multiple WiFi CSI nodes/viewpoints** (every input is ESP32 CSI; `multistatic_bridge.rs:50-62` builds the frames from `NodeState` amplitude with `HardwareType::Esp32S3`). `coherence_gate.rs:18-37` is the `GateDecision{Accept|PredictOnly|Reject|Recalibrate}`; `pose_tracker.rs:255-263` is the 17-keypoint Kalman tracker with 128-dim AETHER re-ID; `field_model.rs:301-308` does SVD room-eigenstructure perturbation extraction. **No camera/mmWave/audio enters this path** — ruvsense is a multi-link WiFi-CSI fuser.
- **The governed-trust cycle** runs in the separate **`wifi-densepose-engine`** crate. `StreamingEngine::process_cycle` (`v2/crates/wifi-densepose-engine/src/lib.rs:409`, `run_cycle` `:434-533`) produces **`TrustedOutput`** (`:82-112`): `semantic_id, quality: QualityScore, effective_class: PrivacyClass, demoted: bool, provenance: SemanticProvenance, witness: [u8;32]` (BLAKE3 over `evidence‖model‖calibration‖privacy_decision‖class`, `witness_of` `:598-613`), `recalibration_recommended`. **Crucially, none of this trust metadata is on the `SensingUpdate` wire today** — it is exposed only out-of-band on `GET /api/v1/status` (`main.rs:4173-4178`) and as a single live effect: `EngineBridge::suppress_raw_outputs()` strips per-node amplitude when `effective_class >= Restricted` (`engine_bridge.rs:240-243`, applied `main.rs:5908-5932`). The honest scope is stated in `engine_bridge.rs:14-27`: the governed engine runs *alongside* the bare fusion path; derived outputs are "published ungoverned."
-
---
-
-## 2. Decision
-
-1. **Build a thin RuView-side bridge crate `wifi-densepose-rufield`** (a new v2 workspace member) that depends on `vendor/rufield/crates/rufield-core` (+ `rufield-provenance`, `rufield-privacy`, `rufield-fusion`) **via path** — mirroring the `vendor/rvcsi` pattern. RuView does **not** depend on published rufield crates (there are none) and does **not** vendor rufield into the v2 workspace; rufield stays a standalone submodule and the bridge is the only coupling point (an anti-corruption layer).
-2. **Emit `FieldEvent`s from the live server via an in-process `SensingServerAdapter`**, not by re-using the file-based `CsiReplayAdapter` on the hot path. The bridge taps the existing `SensingUpdate` build site and the `EngineBridge` trust state, joins them, and emits one signed `FieldEvent` per cycle on a new `tokio::broadcast` topic / optional `/ws/field` endpoint. `CsiReplayAdapter` is retained for the **offline/replay** path (recorded `.csi.jsonl` → events) because it already reads RuView's recording format (`recording.rs` writes `{session}.csi.jsonl`).
-3. **Compose the two fusion engines vertically, do not merge them.** ruvsense stays the **WiFi-modality node** (multi-link fusion → one fused WiFi belief); rufield-fusion sits **above** it as the **cross-modality** graph. ruvsense's `FusedSensingFrame`/`TrustedOutput` becomes one `FieldEvent` (modality `wifi_csi`); rufield fuses it against future mmWave/thermal/`rvcsi` events. They do not conflict because ruvsense has no cross-modality fusion to collide with (§1.2 evidence).
-4. **Reconcile privacy/provenance with ONE canonical model + a documented mapping** (§3, the crux): RuView's `effective_class` is the **source of truth**, mapped onto RuField `PrivacyClass` at the bridge; RuView's existing **`cog-ha-matter` SHA-256+Ed25519 witness chain** (already RuField's exact crypto) is adopted as the carrier for RuField `ProvenanceReceipt`, with the live BLAKE3 engine witness embedded as a hashed field. We do **not** maintain two parallel signed-receipt systems.
-
---
-
-## 3. Privacy & provenance reconciliation (the crux)
-
-This is the most important section. RuView and RuField genuinely **overlap and partially conflict**. We map both honestly.
-
-### 3.1 What RuView actually has (implemented, with evidence)
-
- **TWO privacy enums, not one ladder.** `PrivacyClass` — **4 variants** `Raw=0, Derived=1, Anonymous=2, Restricted=3` (`v2/crates/wifi-densepose-bfld/src/lib.rs:103-116`, `#[repr(u8)]`, higher byte = more private, **non-monotonic in information** — `Derived=1` carries *more* identity than `Anonymous=2`). And `PrivacyMode` — **5 variants** `RawResearch, PrivateHome, EnterpriseAnonymous, CareWithConsent, StrictNoIdentity` (`bfld/src/privacy_mode.rs:18-31`), each mapping to a `PrivacyClass` via `target_class()` (`:63-70`; two modes collapse to `Anonymous`).
- **THREE witness mechanisms across TWO hash algorithms:**
-  - BFLD `PrivacyAttestationProof` — **BLAKE3, unsigned**, attests mode/class continuity only; **built but NOT on the live path** (ADR-141 status line ~597; `bfld/src/privacy_mode.rs:121-148`).
-  - Engine-cycle `TrustedOutput.witness: [u8;32]` — **BLAKE3, unsigned**, over the full trust decision; **LIVE every cycle** (`wifi-densepose-engine/src/lib.rs:598-613`).
-  - `cog-ha-matter::WitnessChain` — **SHA-256 hash chain + Ed25519 signatures** (`v2/crates/cog-ha-matter/src/witness.rs:138-151`; `witness_signing.rs:39-76`), JSONL-persisted, `verify()` + `verify_signature()`. Implemented for ADR-116 (cog/Matter audit log); **standalone, not wired to BFLD/engine**. Its `WitnessHash` newtype doc explicitly anticipates a hash-algo migration (`witness.rs:37-41`).
- **No numeric trust score.** "Trust" in code = `base_coherence: f32∈[0,1]` + `penalized_coherence()` (`signal/.../fusion_quality.rs:99,122-126`) + a **boolean** `forces_privacy_demotion()` (`:116`). Demotion is monotonic and irreversible (`demote_one` clamps at Restricted, `engine/src/lib.rs:617-619`).
- **Structured provenance exists, but no signed "receipt" on the sensing path.** `SemanticProvenance { evidence, model_version, calibration_version, privacy_decision }` (`v2/crates/wifi-densepose-worldgraph/src/model.rs:137-147`) is attached to every belief and is the *input* to the BLAKE3 witness — but it is unsigned and not called a receipt.
-
-### 3.2 Side-by-side, graded
-
-| Dimension | RuView (file:line) | RuField | Alignment |
-|---|---|---|---|
-| Privacy ladder | `PrivacyClass` 4 (`bfld/lib.rs:103`) **or** `PrivacyMode` 5 (`bfld/privacy_mode.rs:18`) | `PrivacyClass` 6 (P0–P5, `rufield-core/privacy.rs:8`) | **PARTIAL→CONFLICT** — no clean 1:1; counts differ (4/5 vs 6); RuView class ordering non-monotonic |
-| Demotion direction | higher = more private, irreversible (`engine/lib.rs:617`) | higher P# = more private, `Ord` by decl order (`privacy.rs:8-25`) | **STRONG** (same direction) |
-| Provenance receipt | `SemanticProvenance` unsigned (`worldgraph/model.rs:137`) | `ProvenanceRef` + ed25519 (`event.rs:73`) | **PARTIAL** — structured but unsigned |
-| Witness crypto (live path) | BLAKE3 `[u8;32]`, unsigned (`engine/lib.rs:598`) | sha256 + ed25519 (`rufield-provenance/lib.rs:26,135`) | **CONFLICT** (algo + signing) |
-| Witness crypto (cog-ha-matter) | **SHA-256 + Ed25519** (`cog-ha-matter/witness.rs`, `witness_signing.rs`) | **sha256 + ed25519** | **STRONG** — RuField's exact crypto, already in-repo, but unwired and in another bounded context |
-| Trust / confidence | `penalized_coherence: f32` + boolean demote (`fusion_quality.rs:122`) | `confidence: f32` per observation | **WEAK** — RuView has no graded trust object; confidence maps, demotion is binary |
-
-### 3.3 The recommendation (the key call)
-
-**Adopt ONE canonical model with a documented, lossy-but-monotonic mapping — do not run two parallel schemes.** Concretely:
-
-1. **Privacy: RuView `effective_class` is the source of truth; the bridge maps it onto RuField `PrivacyClass`** at the egress boundary. The honest mapping (graded ARCHITECTURE — it is a *policy* decision, and it is **monotonicity-testable**, not an accuracy claim):
-
-   | RuView `PrivacyClass` | → RuField | Rationale |
-   |---|---|---|
-   | `Raw` (raw CSI amplitude) | `P0` | raw waveform |
-   | `Derived` (identity embedding, LAN-only) | `P4` *(or P5 if identity-bound)* | derived **identity** features ⇒ biometric/identity tier, **not** P1 — RuView's non-monotonic `Derived=1` is the trap; map by *information content*, not byte value |
-   | `Anonymous` (occupancy/aggregate) | `P2`/`P3` | occupancy → P2, room-count aggregate → P3 |
-   | `Restricted` (zeroized) | `P2`-capped, raw suppressed | matches `suppress_raw_outputs` (`engine_bridge.rs:240`) |
-
-   The bridge **must** map `Derived → P4/P5`, never P1, because RuView's `Derived` carries `identity_embedding` (§3.1) — this is the single most dangerous mapping mistake and gets a dedicated test (P2 in §4). `PrivacyMode` (5) is the better *operator-facing* join to RuField's 6 levels but the **class** is what gates egress, so the class mapping is canonical.
-
-2. **Provenance: adopt `cog-ha-matter`'s SHA-256+Ed25519 chain as the carrier for RuField `ProvenanceReceipt`** — it is already RuField's exact crypto (graded STRONG above), already implemented, already tamper-evident. The bridge constructs the RuField `ProvenanceRef` by: `raw_hash = sha256(csi bytes)`, `model_id`/`calibration_id` from `SemanticProvenance`, and **embeds the live BLAKE3 engine witness `[u8;32]` as a hashed provenance field** (it is already computed every cycle — do not throw it away), then **signs with ed25519** so `is_fusable` passes for live (non-synthetic) events. We do **not** add a second BLAKE3-vs-ed25519 argument: BLAKE3 stays RuView's internal fast cycle-fingerprint; ed25519 is the *external* attestation RuField requires. One signer, one chain.
-
-3. **Trust: map `penalized_coherence` → `Observation.confidence`; keep demotion binary.** RuView has no graded trust object to reconcile; the coherence scalar is the honest analog and the demotion boolean already drives `effective_class`.
-
-This is a **bridge-with-canonical-source**, not "keep both forever." RuView owns the privacy decision (it has the live governed cycle); RuField owns the *external wire shape* (P0–P5 + signed receipt). The bridge is the one-directional translation, and it is the only place the two schemes meet.
-
---
-
-## 4. Phased plan (each phase independently shippable + testable)
-
-**P1 — `SensingServerAdapter` emitting `FieldEvent`s (ARCHITECTURE).**
-New crate `wifi-densepose-rufield` with a `SensingServerAdapter` that consumes a `(SensingUpdate, TrustedOutput)` pair (tapped at `main.rs:5886`/`:5938`) and emits a signed `FieldEvent` (`Modality::WifiCsi`, axes `[Frequency]`, observation features from `SensingUpdate.features`, `confidence` from `penalized_coherence`). Offline path: keep `CsiReplayAdapter` for recorded `.csi.jsonl`. **Gate:** a round-trip test — emit a `FieldEvent` from a fixture `SensingUpdate`, assert it serializes, `is_fusable` passes (ed25519-signed), and `RuFieldFusion::ingest` accepts it. No server changes required beyond exposing the tap; the adapter is a library.
-
-**P2 — privacy/provenance bridge (the crux, ARCHITECTURE).**
-Implement the §3.3 mapping: `effective_class → PrivacyClass`, `cog-ha-matter` ed25519 signer for the receipt, BLAKE3 witness embedded. **Gates (three, all monotonicity/safety, not accuracy):** (a) `Derived → P4|P5` never P1 (the dangerous-mapping test); (b) privacy monotonicity — `demoted == true` ⇒ emitted `PrivacyClass >= P2` and raw suppressed; (c) signature round-trip — sign with the cog-ha-matter key, `rufield_provenance::verify_event` passes. This phase is shippable without P3 (events emitted on an internal topic, not yet on the public wire).
-
-**P3 — surface in `/ws` + viewer (ARCHITECTURE).**
-Add an opt-in `/ws/field` endpoint (or a `field_events` array on `SensingUpdate` behind a flag) carrying the signed `FieldEvent` + a privacy badge. Add an ingest route to `rufield-viewer` (it has none today — `server.rs:63-72`) so it can replay RuView's live feed instead of only `SyntheticSim`. **Gate:** a WS integration test asserting a connected client receives a privacy-badged, signature-verifiable `FieldEvent`; a viewer test asserting the new ingest route renders a live event. The `cognitum` appliance can speak RuField by consuming this endpoint (it already runs `ruview-vitals-worker`); deferred to its own ADR.
-
-**P4 — fusion composition + multi-modality (ARCHITECTURE, optional).**
-Wire a second modality (cheapest: an `rvcsi`-sourced event, or recorded mmWave) into `RuFieldFusion` alongside the WiFi event, proving cross-modality fusion above ruvsense. **Gate:** a fusion test with two modalities producing ≥1 cross-modal inference, with provenance coverage 100%.
-
---
-
-## 5. Decision matrix
-
-### 5.1 Data-path emission (P1)
-
-| Option | Latency | Reuse | Live-fit | Risk | Verdict |
-|---|---|---|---|---|---|
-| Re-use `CsiReplayAdapter` on hot path | poor (file buffer, `&str` ctor) | high | **bad** — it's a file-cursor, not a live source | low | **Reject for live** (keep for replay) |
-| In-process `SensingServerAdapter` (tap `SensingUpdate`+`TrustedOutput`) | good | medium | **good** — taps the real emit + real trust state | low | **CHOSEN** |
-| Server publishes `FieldEvent` on its own topic (no adapter trait) | good | low | good | medium (bypasses `FieldAdapter` contract) | Reject — loses the trait seam |
-
-### 5.2 Fusion relationship (P3/P4)
-
-| Option | Verdict |
-|---|---|
-| Merge ruvsense into rufield-fusion | **Reject** — different scopes; ruvsense is within-WiFi multi-link, rufield is cross-modality |
-| rufield-fusion wraps ruvsense (vertical compose) | **CHOSEN** — ruvsense → one WiFi `FieldEvent` → rufield cross-modality graph |
-| Run both as peers, reconcile after | Reject — duplicates fusion semantics, two contradiction models |
-
-### 5.3 Privacy/provenance reconciliation (P2)
-
-| Option | Verdict |
-|---|---|
-| (a) Map RuView classes onto RuField P0–P5, RuView canonical | **CHOSEN (privacy)** — `effective_class` is the live source of truth |
-| (b) Adopt RuField ed25519 receipts as RuView's provenance | **CHOSEN (provenance)** — via the already-present `cog-ha-matter` SHA-256+Ed25519 chain |
-| (c) Keep both schemes with a permanent bridge | **Reject** — two signed-receipt systems is the duplication we must not ship |
-
-### 5.4 Dependency direction
-
-| Option | Verdict |
-|---|---|
-| Depend on published rufield crates | **Reject** — not published (`vendor/rufield/Cargo.toml:31-37`) |
-| Make rufield a v2 workspace member | **Reject** — breaks the standalone-spec/`rvcsi` precedent |
-| Thin `wifi-densepose-rufield` bridge → path deps on submodule | **CHOSEN** — anti-corruption layer, single coupling point |
-
---
-
-## 6. Security & honesty notes
-
- **No accuracy claim.** Live RuField events from RuView are derived from the same single-link CSI whose own caveats are on record (`field_localize.rs:16-27`); the offline path is unlabeled replay (`csi_replay.rs:19-31`). This ADR ships **plumbing with monotonicity/signature gates**, not validated F1.
- **The dangerous mapping is `Derived → P1`.** RuView's `Derived` byte value (1) is numerically below `Anonymous` (2) but carries identity (`bfld/lib.rs`); a naive byte-mapping would leak identity-bearing features as low-privacy P1. P2's gate (a) exists specifically to prevent this.
- **One signer, not two.** Adding a second ed25519 keypair alongside `cog-ha-matter`'s would create two roots of trust. The bridge reuses the cog-ha-matter signing key (`witness_signing.rs`).
- **`is_fusable` is a real gate, not decoration** (`rufield-provenance/lib.rs:179-184`): live events that fail to sign are rejected by `RuFieldFusion::ingest` — we must not paper over a signing failure with `synthetic = true` on a real event (that would be the §11 invariant violation the spec forbids).
- BLAKE3 stays internal; ed25519 is the external attestation. We do not relitigate RuView's BLAKE3 cycle-witness — it is embedded, not replaced.
-
-## 7. Consequences
-
-**Positive:** RuView becomes one honest adapter in the larger RuField ecosystem (ADR-260 goal §9) without forking its fusion or privacy engine; the three witness mechanisms get a single external attestation path; cross-modality fusion becomes possible above the existing WiFi fusion; the `cognitum` appliance gains a standard wire format. The bridge is the only coupling point, so rufield can evolve as a standalone spec.
-
-**Negative:** a fourth crate to maintain; the privacy mapping is lossy (4/5 → 6) and must be kept honest by tests; reusing the `cog-ha-matter` key crosses a bounded-context boundary (cog/Matter ↔ sensing) that ADR-116 kept separate — that coupling needs review. The live trust metadata (`witness`, `effective_class`) is **currently decoupled** from `SensingUpdate` (§1.2), so P1 must do real join work, not a field read.
-
-## 8. Open questions
-
-1. **Signer ownership:** should the bridge reuse the `cog-ha-matter` Ed25519 key, or mint a dedicated RuView-sensing key with its own rotation? (Reuse couples bounded contexts; a new key adds a second root of trust.)
-2. **`PrivacyMode` vs `PrivacyClass` as the canonical map target:** class gates egress (chosen), but the 5-mode ladder is the cleaner join to 6 levels — do we expose mode in the receipt too?
-3. **Where does the BLAKE3 engine witness live in the RuField receipt** — a `firmware_hash`-style field, an extension field, or a `CalibrationReceipt.data_hash`? (RuField's `ProvenanceRef` has no spare slot; needs a spec extension or reuse of `model_id`.)
-4. **Should `field_localize` positions ride in `Observation.space_cell`/`motion_vector`** given the explicit single-link caveat, or stay RuView-only until multi-node calibration lands?
-5. **`rvcsi` relationship:** `rvcsi` has its own `CsiFrame`/`CsiWindow` and could implement `FieldAdapter` directly — should the second modality in P4 be `rvcsi`, making RuField the convergence point for *both* vendored sensing runtimes?
-6. **Transport:** RuField ADR-260 §29 leaves default transport open (MQTT/NATS/WS/MCP). RuView is WS + UDP + broadcast; does `/ws/field` suffice, or does the appliance need MQTT to match the cog stack?
-
-## 9. Recommendation
-
-Proceed with P1+P2 behind a feature flag. They are independently shippable, carry real gates (round-trip, monotonicity, signature-verify), and require no change to RuView's fusion or privacy engine — only a tap and a translation. Defer P3/P4 and the appliance/transport questions to follow-up ADRs once the bridge round-trips on recorded `.csi.jsonl` and on one live cycle.
@@ -1,147 +0,0 @@
-# SOTA Evidence Brief — `wifi-densepose-nn` / `wifi-densepose-train` Benchmark ADR Seed
-
-| Field | Value |
-|-------|-------|
-| **Date** | 2026-06-14 |
-| **Author** | deep-research (Opus) |
-| **Purpose** | Seed a future benchmark/optimization ADR for the NN-inference (`wifi-densepose-nn`) and training (`wifi-densepose-train`) crates |
-| **Scope** | The DELTA beyond what ADR-152 / ADR-150 / ADR-015 already establish — current published WiFi-CSI pose SOTA, winning architectures, edge-quantization SOTA, and a defensible benchmark-suite design |
-| **Ethos** | Every claim graded PEER-REVIEWED / PREPRINT / VENDOR-CLAIM / BLOG, with MEASURED-on-public-benchmark distinguished from marketing. Numbers that could not be verified are flagged. No fabricated citations. |
-
-> **Citation discipline carried in from ADR-152 §2.2:** preprint accuracy numbers are CLAIMED until reproduced on our hardware. The project has already retracted its own "92.9% PCK@20" and "shipped-WiFlow-STD 97.25%" figures after measurement; this brief inherits that bar.
-
---
-
-## 1. Executive summary
-
-**Where the project stands vs the 2026 frontier.** The repo is, by the evidence already in-tree, *ahead of most academic groups on benchmark hygiene* and roughly *at parity on capability* — but the two are measured on incompatible yardsticks, which is the single biggest risk to any "beyond-SOTA" claim.
-
- The project's headline reproductions (`benchmarks/wiflow-std/RESULTS.md`) are MEASURED and rigorous: WiFlow-STD retrained to **96.09–96.61% PCK@20** on the authors' own 360k-window 2D dataset (RTX 5080), shipped checkpoint REFUTED, dataset/code defects documented. This is a genuinely strong, reproducible result.
- **But that number is not on a standard public benchmark.** WiFlow-STD's dataset is self-collected (5 subjects, 15 keypoints, 2D, in-domain random split, hardware unspecified). The academic frontier on the *standard* public 3D benchmark (MM-Fi) reports **PCK@20 ≈ 61% / MPJPE ≈ 161 mm random-split** (GraphPose-Fi, Nov 2025) — a *harder* metric (3D, mm-scale, standard PCK normalization). The project's own AetherArena MM-Fi number (**81.63% torso-PCK@20 in-domain**, ADR-150) uses a *torso-normalized PCK* that is looser than GraphPose-Fi's standard PCK, so the three numbers (96% / 81.6% / 61%) **cannot be lined up** without a unified harness. Making them comparable IS the highest-value work item.
- The deployment frontier — **cross-subject / cross-environment generalization** — is where everyone collapses, the project included (ADR-150: 81.63% in-domain → ~11.6% leakage-free cross-subject). GraphPose-Fi independently confirms the cliff (61.1% random → 12.9% cross-environment PCK@20). This is the real research target, not in-domain PCK.
-
-**Top 3 highest-value optimization/benchmark targets:**
-
-1. **A unified, metric-locked accuracy harness in `wifi-densepose-train`** that scores any model under *one* explicit PCK definition (normalization, keypoint convention, split) so WiFlow-STD-repro, AetherArena/MM-Fi, and GraphPose-Fi numbers become directly comparable. Without this, no "beyond-SOTA" claim survives the "prove it" bar — the project has already been burned twice by metric ambiguity (the retracted 92.9% used absolute, not torso-normalized, PCK).
-2. **A QAT path for the WiFlow-STD-class edge model.** The in-tree edge work (`RESULTS.md`) has *fully characterized PTQ* (static QDQ conv-only is the int8 sweet spot; dynamic int8 is a no-op on this all-conv architecture) and found the **half model (843k params) strictly dominates the published 2.23M** and **tiny (56k, 295 KB ONNX fp32) holds 94.1% PCK@20**. The one untested lever is **quantization-aware training**, which the general literature says recovers most of the PTQ accuracy gap. That is the next defensible edge win.
-3. **Criterion-backed regression benches wired into CI** for the real Candle/ONNX forward path. The benches *exist* (`wifi-densepose-nn/benches/{inference,onnx,native_conv}_bench.rs`, `wifi-densepose-train/benches/training_bench.rs`) and `benchmarks/edge-latency/RESULTS.md` shows the methodology is sound (host≠ESP32 caveat made explicit). The gap is turning point-in-time captures into committed regression baselines.
-
---
-
-## 2. Findings per research question
-
-### RQ1 — Latest WiFi-CSI pose SOTA (2024–2026): published PCK@20 / MPJPE on the standard public benchmarks
-
-The crucial framing: **"WiFi pose SOTA" splits into two non-comparable tracks** — 3D pose on MM-Fi/Person-in-WiFi-3D (mm-scale MPJPE, standard PCK) vs 2D pose on self-collected sets (image-normalized PCK). The project's flagship reproduction lives in the second track; the academic frontier lives in the first.
-
-| Method | Venue / Year | Benchmark + split | PCK@20 | MPJPE | Grade |
-|---|---|---|---|---|---|
-| **GraphPose-Fi** (arXiv [2511.19105](https://arxiv.org/abs/2511.19105)) | PREPRINT, Nov 2025 | MM-Fi P1, **random split** | **61.1%** | **160.6 mm** (PA-MPJPE 105.0) | numbers MEASURED-in-study (preprint); beats MetaFi++, HPE-Li, DT-Pose |
-| GraphPose-Fi | same | MM-Fi P1, **cross-subject** | 44.2% | 210.5 mm | same |
-| GraphPose-Fi | same | MM-Fi P1, **cross-environment** | 12.9% | 302.7 mm | same — the generalization cliff |
-| **DT-Pose** (arXiv [2501.09411](https://arxiv.org/abs/2501.09411)) | PREPRINT (ICLR'25 OpenReview [aPnLQ6WfQQ](https://openreview.net/forum?id=aPnLQ6WfQQ)), Jan 2025; code [cseeyangchen/DT-Pose](https://github.com/cseeyangchen/DT-Pose) | MM-Fi (domain-gap + topology focus) | not cleanly extractable from abstract | reports MPJPE; self-supervised masked pretrain + topology decode | numbers NOT verified at exact-table level here — flagged |
-| **Person-in-WiFi-3D** (CVPR 2024, [openaccess](https://openaccess.thecvf.com/content/CVPR2024/html/Yan_Person-in-WiFi_3D_End-to-End_Multi-Person_3D_Pose_Estimation_with_Wi-Fi_CVPR_2024_paper.html)) | **PEER-REVIEWED**, CVPR 2024 | own 97k-frame multi-person set | — (multi-person, not single-PCK) | **91.7 mm (1p) / 108.1 (2p) / 125.3 (3p)** 3D joint error | MEASURED (peer-reviewed); own dataset, not MM-Fi |
-| **WiFlow-STD** (arXiv [2602.08661](https://arxiv.org/abs/2602.08661), [DY2434 repo](https://github.com/DY2434/WiFlow-WiFi-Pose-Estimation-with-Spatio-Temporal-Decoupling)) | PREPRINT, Apr 2026 | self-collected, 5-subj, **2D, in-domain random** | 97.25% (claimed) | 0.007 m (image-norm) | claimed CLAIMED; **project reproduced 96.09–96.61% (MEASURED, RTX 5080)** after repairing dataset/code |
-| **PerceptAlign** (arXiv [2601.12252](https://arxiv.org/abs/2601.12252)) | PREPRINT + MobiCom'26 acceptance | own 7-layout cross-domain 3D set | — | 222.4 mm (Scene4) / 317.1 (Scene5), claims −54% cross-env vs SOTA | CLAIMED (preprint); failure mode corroborated |
-| **Project AetherArena** (ADR-150, [issue #876](https://github.com/ruvnet/RuView/issues/876)) | internal | MM-Fi, **random split**, **torso-PCK** | **81.63% torso-PCK@20** | — | MEASURED-internal; **torso-PCK ≠ GraphPose-Fi standard PCK** |
-| **Project WiFlow-STD repro** (`benchmarks/wiflow-std/RESULTS.md`) | internal | their data, their split | **96.09–96.61%** | 0.0094–0.0098 m | MEASURED-internal (RTX 5080) |
-
-**How the project's ~96% compares to the frontier:** It is *not directly comparable*. The 96% is on an easier task (2D, in-domain, image-normalized PCK, single-environment, 5 subjects) than GraphPose-Fi's 61.1% (3D, standard PCK, mm-scale). The project's own MM-Fi-track number (81.63% torso-PCK@20) *appears* to beat GraphPose-Fi's 61.1%, **but only because torso-PCK is a looser normalization** — the project explicitly flags this (ADR-150 cites beating "MultiFormer's 72.25%" under the *same* torso metric, not GraphPose-Fi's). The honest statement: **the project is competitive on in-domain MM-Fi under its own torso metric, and collapses cross-subject exactly as the published frontier does.** No public number lets the project claim "beyond-SOTA" today.
-
-### RQ2 — What's winning architecturally now (2025–2026)
-
-The clear trend across the verified 2025–2026 papers:
-
- **Graph / skeleton-aware decoders are the current academic SOTA on MM-Fi.** GraphPose-Fi (PREPRINT, Nov 2025) wins by injecting anatomical graph structure into the decoder — exactly the `GraphPose-Fi-style skeleton-aware graph head` ADR-150 §2.2 already names as the planned decoder. *The project's architecture direction matches the frontier.*
- **Self-supervised masked pretraining (MAE) is the cross-domain lever, not capacity.** UNSW MAE study (arXiv [2511.18792](https://arxiv.org/abs/2511.18792), PREPRINT, Nov 2025): cross-domain gains scale **log-linearly with pretraining data, unsaturated at 1.3M samples**; ViT-Base adds only 0.4–0.9% over ViT-Small. Recipe: **80% masking, (30,3) small patches**. DT-Pose (arXiv 2501.09411) independently uses masked pretraining + topology constraints for the domain gap. *Caveat (MEASURED in ADR-152 §2.3): UNSW's downstream tasks are classification, not pose — pose transfer remains a hypothesis. The project's own measurement (b) found WiFlow-STD pretrained features give optimization transfer but NOT feature transfer to ESP32 CSI.*
- **Spatio-temporal decoupling is the efficiency lever.** WiFlow-STD's whole contribution is decoupling spatial and temporal CSI processing to hit 2.23M params. The project verified the params/FLOPs (MEASURED) and then **beat it**: the half-model (843k) matches accuracy with 0.38× params (`RESULTS.md` efficiency sweep).
- **Geometry/layout conditioning is the cross-layout lever.** PerceptAlign (MobiCom'26): fusing transceiver-position embeddings + two-checkerboard calibration, claimed −60% cross-domain. ADR-152 §2.1 already adopted this (`NodeGeometry`, geometry embeddings).
- **NOT winning / absent:** diffusion models for CSI pose did not surface in the verified frontier. Full DensePose-UV regression from commodity WiFi remains undemonstrated (ADR-152 F5, MEASURED by full-text screening). No 2025–2026 paper was found that *beats the project's current direction* — the project is tracking, not trailing, the architecture frontier.
-
-**Verdict RQ2:** the winning stack (MAE pretrain → graph/skeleton decoder → geometry conditioning, ViT-Small-class capacity) is *already the planned ADR-150/152 stack*. The gain available is not a new architecture; it's (a) more heterogeneous pretraining data and (b) honest cross-domain measurement.
-
-### RQ3 — Edge/quantized inference SOTA for small CSI pose models
-
-The in-tree edge work (`benchmarks/wiflow-std/RESULTS.md` "Edge optimization" + "Static PTQ" + "Efficiency sweep") is already at or beyond what the public literature offers for this specific model class, and is MEASURED. Key findings to carry forward:
-
- **Dynamic INT8 is a trap on all-conv CSI models.** WiFlow-STD has **zero `nn.Linear` layers** (21 Conv1d + 22 Conv2d + BatchNorm). `torch.quantize_dynamic` quantizes 0% of params (dynamic int8 has no conv kernels). MEASURED.
- **Static QDQ conv-only PTQ is the int8 sweet spot.** PCK@20 96.60–96.63% (vs fp32 96.68%, dynamic 96.52%), 2.53 MB. All-ops QDQ is strictly worse (−1.4 pt). MEASURED.
- **ONNX Runtime fp32 is the real CPU latency win**: 3.2 ms/window batch-1 vs torch 11.0 ms (~3.4×) at parity (2.4e-7). int8 is ~2× *slower* than ONNX fp32 at batch-1 (ConvInteger kernels). MEASURED.
- **Smaller-than-published dominates.** half (843k) ≥ full on accuracy; **tiny (56k, 295 KB ONNX fp32, 0.66 ms/win, 94.1% PCK@20)** is the smallest deployable artifact. At tiny scale int8 is a *bad* trade (−1.43 pt for −47 KB). MEASURED.
- **General QAT-vs-PTQ context (BLOG/VENDOR):** [NVIDIA TensorRT QAT blog](https://developer.nvidia.com/blog/achieving-fp32-accuracy-for-int8-inference-using-quantization-aware-training-with-tensorrt/), [Ultralytics QAT glossary](https://www.ultralytics.com/glossary/quantization-aware-training-qat), [ONNX Runtime quantization docs](https://onnxruntime.ai/docs/performance/model-optimizations/quantization.html): QAT "almost always" recovers accuracy PTQ loses on sensitive models; ONNX Runtime does NOT retrain (QAT must happen in PyTorch, then export QDQ). The [Onboard Optimization survey, arXiv 2505.08793](https://arxiv.org/pdf/2505.08793) (PREPRINT) covers on-device optimization broadly. These are *general* claims, not CSI-pose-specific — grade accordingly.
- **Hailo / Pi target (CLAUDE.local.md):** the 4× Pi+Hailo cluster (Hailo-8 @ 26 TOPS / Hailo-10 @ 40 TOPS) needs a **HEF** compile path, which is its own toolchain (not ONNX/Candle). No in-tree HEF benchmark exists yet — this is a genuine gap for the edge-inference claim.
-
-**Actionable for an inference-speed benchmark:** the honest comparand set is `{torch fp32, ONNX fp32, ONNX static-QDQ-conv-only int8, candle fp32}` × `{full, half, tiny}` on a fixed host, with the **host≠ESP32 / host≠Hailo caveat stated up front** (the `edge-latency/RESULTS.md` template already does this correctly). The one new datapoint worth producing: **QAT-int8 on the half model** to test whether QAT closes the PTQ −0.16 pt gap *and* keeps the size win.
-
-### RQ4 — Rigorous, reproducible benchmark methodology
-
-The repo already demonstrates the right methodology in three places — the ADR should codify it, not invent it:
-
- **`benchmarks/wiflow-std/RESULTS.md`** — the gold standard already in-tree: pinned upstream commit, seed-42 file-level split documented, corruption masks committed as ground truth, every forced deviation recorded, mean-pose honesty baseline, MEASURED-vs-CLAIMED grading.
- **`benchmarks/edge-latency/RESULTS.md`** — criterion 0.5, explicit host machine, low/median/high brackets, contention caveat, host≠ESP32 separation, steady-state-vs-cold-start distinction.
- **Rust micro-bench:** criterion benches already exist in both crates (`wifi-densepose-nn/benches/`, `wifi-densepose-train/benches/`).
-
-What a credible "beyond-SOTA" claim requires (the bar that survives "prove it"):
-1. **One locked accuracy definition** — PCK normalization (torso vs absolute vs bbox), keypoint convention (15 vs 17 COCO), and split (random / cross-subject / cross-environment) declared *before* the run. The retracted 92.9% died exactly because PCK normalization was unstated.
-2. **A mean-pose / constant-output honesty baseline** on every split (already done in measurement (b) — a single-subject near-static set scored 95.9% torso-PCK@20 with a *constant* pose). Any claim must beat this.
-3. **MEASURED-vs-CLAIMED grading** per number, with the exact command and raw-JSON path committed.
-4. **Cross-domain, not just in-domain.** In-domain PCK is saturated and uninformative; the defensible claim is on cross-subject/cross-environment, where the frontier is 12–44% PCK@20.
-
---
-
-## 3. Proposed benchmark-suite design
-
-A two-part suite (`wifi-densepose-train` accuracy harness + `wifi-densepose-nn` latency harness), both committing raw JSON + a graded RESULTS.md.
-
-### 3.1 Accuracy harness (`wifi-densepose-train`)
-
- **Metric module with one canonical PCK** (parameterized: `{torso, bbox, absolute}` normalization × threshold × keypoint-map), so a single function scores WiFlow-STD-repro, MM-Fi/AetherArena, and a GraphPose-Fi re-run identically. Lock the default to **torso-PCK@20 on 17-kp COCO** and *always* also print standard-PCK to expose the gap.
- **Fixed datasets/splits:** (i) WiFlow-STD cleaned 360k (their split, for repro parity), (ii) MM-Fi P1 random + cross-subject + cross-environment (to line up against GraphPose-Fi 61.1/44.2/12.9 and the project's 81.63), (iii) ESP32 paired eval set when ≥2k multi-subject windows exist.
- **Mandatory honesty baselines** emitted every run: mean-pose, constant-output, and (for cross-domain) source-only.
- **Output:** raw JSON + a RESULTS.md table with MEASURED/CLAIMED grades, mirroring `benchmarks/wiflow-std/RESULTS.md`.
-
-### 3.2 Latency/size harness (`wifi-densepose-nn`)
-
- **Matrix:** `{torch fp32 (ref), ONNX fp32, ONNX static-QDQ-conv-only int8, candle fp32}` × `{full 2.23M, half 843k, tiny 56k}` × `{batch 1, 64}`, criterion-timed, host declared.
- **Report:** disk size, batch-1 + batch-64 ms/window (median + low/high), and PCK@20 on the locked 10k-window subset, so latency and accuracy never get cited apart.
- **Caveat block up front:** host ≠ ESP32-S3/WASM3, host ≠ Hailo HEF. No host number is presented as the edge number.
- **CI gate:** commit the current medians as regression baselines; fail PRs that regress latency >X% or accuracy >Y pt.
-
-### 3.3 What counts as a defensible "beyond-SOTA" result
-
-A claim is citable only if **all** hold: (1) scored under a pre-declared metric/split, (2) beats the relevant published frontier number *on the same metric definition* (e.g. >61.1% standard-PCK@20 on MM-Fi random, or >12.9% on cross-environment), (3) beats the mean-pose honesty baseline, (4) raw JSON + exact command committed, (5) graded MEASURED. The single most valuable "beyond-SOTA" target is **cross-environment MM-Fi**, where the published bar (12.9% PCK@20) is low enough that a real win is both achievable and unambiguous.
-
---
-
-## 4. Gap table
-
-| Capability | Project current (graded) | Published SOTA (graded) | Proposed target | Data / hardware needed |
-|---|---|---|---|---|
-| In-domain 2D PCK@20 (self-collected) | 96.09–96.61% (MEASURED, RTX 5080, WiFlow-STD repro) | 97.25% claimed (WiFlow-STD, CLAIMED) | match within noise + own architecture | cleaned 360k dataset (have); already met |
-| In-domain MM-Fi PCK@20 (torso-norm) | 81.63% torso-PCK (MEASURED-internal) | GraphPose-Fi 61.1% *standard*-PCK (PREPRINT) — **not comparable** | re-score both under **one** PCK def | MM-Fi P1 (have); unified metric harness (gap) |
-| **Cross-subject MM-Fi PCK@20** | ~11.6% torso (MEASURED, the cliff) | GraphPose-Fi 44.2% standard (PREPRINT) | close gap via MAE pretrain + graph decoder | 1.3M heterogeneous CSI corpus (ADR-150/152 §2.3), ViT-Small encoder |
-| **Cross-environment MM-Fi PCK@20** | untested-internal | GraphPose-Fi 12.9% standard (PREPRINT) | **beat 12.9% → cleanest beyond-SOTA win** | MM-Fi cross-env split + geometry conditioning (ADR-152 §2.1) |
-| ESP32 CSI→pose (17-kp) | no run beats mean-pose baseline (MEASURED, measurement b) | n/a (no public ESP32 pose benchmark) | beat mean-pose on temporal split | ≥2k multi-subject/multi-position paired windows (gap) |
-| Edge int8 size/accuracy | static QDQ conv-only 96.61% @ 2.53 MB; tiny 94.1% @ 295 KB fp32 (MEASURED) | no model-matched public number | **QAT-int8 on half model** (untested lever) | PyTorch QAT + QDQ export; RTX 5080 (have) |
-| Edge CPU latency | ONNX fp32 3.2 ms/win b1 host (MEASURED) | n/a (model-specific) | committed criterion regression baseline | host bench (have); ESP32/Hailo on-hardware (gap) |
-| Hailo HEF edge inference | none in-tree (gap) | n/a | first MEASURED HEF latency | Hailo compile toolchain + Pi cluster (have hardware, CLAUDE.local.md) |
-| Foundation encoder (MAE) | recipe adopted, untrained (ADR-152 §2.3) | UNSW: log-linear cross-domain scaling on *classification* (PREPRINT) | pose-transfer validation (hypothesis today) | 1.3M-sample corpus aggregation (priority per F3) |
-
---
-
-## 5. Sources (graded)
-
-| Source | Type | Grade | Used for |
-|---|---|---|---|
-| GraphPose-Fi, arXiv [2511.19105](https://arxiv.org/abs/2511.19105) | preprint | PREPRINT; table numbers MEASURED-in-study (fetched + quoted) | RQ1 MM-Fi frontier (61.1/44.2/12.9 PCK@20, 160.6/210.5/302.7 mm) |
-| WiFlow-STD, arXiv [2602.08661](https://arxiv.org/abs/2602.08661) + [DY2434 repo](https://github.com/DY2434/WiFlow-WiFi-Pose-Estimation-with-Spatio-Temporal-Decoupling) | preprint+code | numbers CLAIMED; artifacts MEASURED; **project repro 96% MEASURED** | RQ1/RQ2/RQ3 |
-| PerceptAlign, arXiv [2601.12252](https://arxiv.org/abs/2601.12252) | preprint + MobiCom'26 acceptance | CLAIMED numbers; failure mode corroborated | RQ1/RQ2 geometry conditioning |
-| UNSW MAE, arXiv [2511.18792](https://arxiv.org/abs/2511.18792) | preprint | ablations MEASURED-in-study; pose transfer = hypothesis | RQ2 MAE recipe |
-| DT-Pose, arXiv [2501.09411](https://arxiv.org/abs/2501.09411), OpenReview [aPnLQ6WfQQ](https://openreview.net/forum?id=aPnLQ6WfQQ), [code](https://github.com/cseeyangchen/DT-Pose) | preprint+code (ICLR'25) | exact MPJPE table NOT verified here — flagged | RQ2 masked-pretrain + topology |
-| Person-in-WiFi-3D, [CVPR 2024](https://openaccess.thecvf.com/content/CVPR2024/html/Yan_Person-in-WiFi_3D_End-to-End_Multi-Person_3D_Pose_Estimation_with_Wi-Fi_CVPR_2024_paper.html) | peer-reviewed | MEASURED (91.7/108.1/125.3 mm); own dataset | RQ1 3D multi-person frontier |
-| ONNX Runtime quantization [docs](https://onnxruntime.ai/docs/performance/model-optimizations/quantization.html) | vendor docs | VENDOR | RQ3 PTQ/QAT mechanics |
-| NVIDIA TensorRT QAT [blog](https://developer.nvidia.com/blog/achieving-fp32-accuracy-for-int8-inference-using-quantization-aware-training-with-tensorrt/), [Ultralytics](https://www.ultralytics.com/glossary/quantization-aware-training-qat) | vendor/blog | BLOG/VENDOR; general, not CSI-specific | RQ3 QAT>PTQ context |
-| Onboard Optimization survey, arXiv [2505.08793](https://arxiv.org/pdf/2505.08793) | preprint | PREPRINT | RQ3 on-device optimization landscape |
-| In-tree `benchmarks/wiflow-std/RESULTS.md`, `benchmarks/edge-latency/RESULTS.md`, ADR-150, ADR-152, ADR-015 | internal MEASURED | MEASURED-internal | grounding, all RQs |
-
-**Unverified / flagged:** DT-Pose exact MM-Fi MPJPE table not extracted at primary-source precision (abstract-level only). GraphPose-Fi parameter count not reported in the paper. WiFlow-STD/PerceptAlign accuracy numbers are author-self-reported preprints. No CSI-pose-specific QAT benchmark exists in the public literature — the QAT recommendation rests on general (non-CSI) vendor/blog evidence.
@@ -522,25 +522,6 @@ Base URL: `http://localhost:3000` (Docker) or `http://localhost:8080` (binary de
 | `GET` | `/api/v1/mesh` | ADR-110 fleet-wide mesh sync map ([iter 29](adr/ADR-110-esp32-c6-firmware-extension.md)) | `{"nodes":{"9":{...},"12":{...}},"total":2}` |
 | `GET` | `/api/v1/nodes/:id/sync` | Single-node mesh sync snapshot (or 404) | `{"offset_us":1163565,"is_leader":false,...}` |
 | `GET` | `/api/v1/mesh/metrics` | ADR-110 mesh state in Prometheus exposition format ([iter 36](adr/ADR-110-esp32-c6-firmware-extension.md)) | `wifi_densepose_mesh_offset_us{node="9"} 1163565\n…` |
-| `GET` | `/api/field` | ADR-262 P3 — latest **signed RuField `FieldEvent`s** from the live sensing cycle, plus the signer pubkey + a `dev_signing_key` flag. Only egress-safe (P1/P2) events are surfaced; identity/biometric (P4/P5) and raw (P0) are held edge-local | `{"spec":"rufield","signer_pubkey_hex":"…","dev_signing_key":true,"events":[…]}` |
-
-### RuField surface (ADR-262 P3)
-
-RuView's live WiFi-CSI sensing now also speaks the standalone **RuField MFS** wire format. Each governed sensing cycle is converted (via the `wifi-densepose-rufield` anti-corruption bridge) into a **signed** `FieldEvent` (`Modality::WifiCsi`, ed25519 `ProvenanceRef`) and surfaced on two additive endpoints:
-
- `GET /api/field` — the most recent signed events (JSON).
- `GET /ws/field` — a WebSocket that streams each cycle's signed event (mirrors `/ws/sensing`).
-
-```bash
-curl -s http://localhost:3000/api/field | python -m json.tool          # latest signed FieldEvents
-python -c "import asyncio,websockets; asyncio.run((lambda: websockets.connect('ws://localhost:8765/ws/field'))())"  # stream
-```
-
-Privacy is fail-closed: only egress-safe **P1/P2** events leave the box — raw (P0) and identity/biometric/aggregate (P3–P5) cycles are held **edge-local** and never appear on these endpoints; a no-presence cycle emits **no event**.
-
-**Signing key:** the surface signs with a **dedicated dev/sensing key**, seeded from `WDP_RUFIELD_SIGNING_SEED` (a 64-char hex string or a ≥32-byte value); when unset it falls back to a deterministic dev default and logs a `WARN` (the `dev_signing_key` flag in `/api/field` reflects this). This is a standalone key pending the ADR-262 §8 Q1 key-ownership decision — set `WDP_RUFIELD_SIGNING_SEED` for any real deployment.
-
-> **Honesty (ADR-262 §0/§6):** this is real plumbing on a live endpoint, **not an accuracy claim.** It is the single-link CSI sensing with its existing caveats (no validated room-coordinate accuracy — positions are the "strongest field peak", not calibrated triangulation).

 ### Example: Get fleet mesh state (ADR-110)

@@ -1,135 +0,0 @@
-# WiFlow Browser Trainer (`wiflow_browser.html`)
-
-A **single self-contained HTML page** that does the entire camera-supervised
-WiFi-pose loop **in your browser, in your laptop camera's coordinate frame**, as
-a **4-stage gated flow** with a progress stepper (each stage unlocks the next):
-
-0. **CALIBRATE** *(ADR-151 empty-room baseline)* — you step OUT of the space; the
-   page captures ~10 s of the quiescent CSI and computes a per-feature running
-   **mean + std (Welford)** over the 410-d vector. Every CSI vector afterwards is
-   expressed as **deviation from baseline**
-   (`x_norm = (x − base_mean) / (base_std + ε)`), so a body's perturbation stands
-   out from the static channel. Persisted to IndexedDB. *Can't capture without it.*
-1. **CAPTURE** — MediaPipe Pose runs on your laptop camera → 17 COCO keypoints
-   (the *label*), paired with the **baseline-normalized** 410-d ESP32 CSI vector
-   (the *input*). A **guided, balanced routine** cycles big on-screen prompts
-   (stand / turn / walk / arms / crouch / sit / reach) with a countdown, and a
-   **per-pose coverage meter** so you build a balanced dataset, not 2 000 frames
-   of standing.
-2. **TRAIN** — a TensorFlow.js MLP learns `CSI → pose` in-browser. Honest
-   held-out PCK@0.10 / PCK@0.05 / MPJPE, plus a **mean-pose baseline** the model
-   must beat (the project's whole ethos — no baseline-beating signal, it says so).
-   *Can't train with <200 samples.*
-3. **INFER** — the trained model drives a skeleton **from WiFi CSI only**
-   (baseline-normalized → standardized → model), drawn over the **same** camera
-   frame it trained in — so the inferred skeleton **aligns** with the camera
-   image. That alignment is the entire point of doing this in-browser instead of
-   with a separate Python camera. *Can't infer without a model.*
-
-## Why in-browser
-
-The Python pipeline (`wiflow_capture.py` → `wiflow_train.py` → `wiflow_infer.py`)
-proved the signal is real (held-out PCK@0.10 ≈ 59.5% vs a 50% mean-pose baseline
-= +9.4 pp). But it trained in a *different* camera's frame, so the inferred
-skeleton never lined up with the laptop camera. Doing capture + train + infer all
-in the browser with the **same** camera makes the training frame and the
-inference frame identical → the skeleton aligns.
-
-## Compute backends (WebGPU / WASM / WebGL)
-
-Training and inference run on TensorFlow.js. The page selects the backend at
-startup, preferring the fastest available:
-
- **WebGPU** (Chrome / Edge, secure context — `localhost` qualifies) — GPU compute.
- **WASM-SIMD** fallback (`tfjs-backend-wasm`, SIMD enabled, `.wasm` from the CDN).
- **WebGL** last-resort fallback (ships inside tfjs core).
-
-The **active backend is shown as a badge in the header** (`compute: WebGPU` /
-`WASM-SIMD` / `WebGL`) so it's honest about what's actually running. The model
-code is backend-agnostic — tf.js abstracts the device.
-
-## Honesty (baked in)
-
- The **CAPTURE** skeleton (blue) is the camera = ground truth, labeled as such.
- The **INFER** skeleton (green) is **CSI-only**, labeled, and **coarse** — the
-  real measured held-out PCK is shown, not a marketing number.
- The **mean-pose baseline** is always computed and shown in TRAIN; the verdict
-  states plainly whether the model **beats** it (real signal) or **does not**
-  (no usable signal). This guards against the project's retracted 92.9% that
-  failed exactly this check.
- Status banner is strict and mutually exclusive:
-  **LIVE** (real `source: "esp32"`) / **SIMULATED — not real** (any other source)
-  / **NO-CSI-SERVER**. The page never invents frames.
-
-## How to run
-
-### 1. Start the real sensing-server (provides the CSI WebSocket on :8765)
-
-```bash
-cd v2
-cargo build -p wifi-densepose-sensing-server
-./target/debug/sensing-server.exe --ws-port 8765 --udp-port 5005
-```
-
-A real ESP32-S3 must be provisioned and streaming for `source` to read `esp32`
-(see `CLAUDE.local.md` for the firmware build/provision steps). The page expects
-the verified live endpoint **`ws://localhost:8765/ws/sensing`** with
-`source:"esp32"`, nodes `[9, 13]`, `features.*`, `node_features[].features.*`,
-and `signal_field.values` (400 floats).
-
-### 2. Serve this page over localhost (camera + WebGPU need a localhost/secure origin)
-
-Any static localhost server works. For example:
-
-```bash
-python -m http.server 8099
-# then open: http://localhost:8099/examples/through-wall/wiflow_browser.html
-```
-
-(8099 is just the static file server — 8765 is a separate process, the CSI
-WebSocket.) Allow camera access when the browser prompts.
-
-Point at a CSI server on another host with `?ws=`:
-
-```
-http://localhost:8099/examples/through-wall/wiflow_browser.html?ws=ws://192.168.1.20:8765/ws/sensing
-```
-
-### 3. Use it
-
-1. **CAPTURE** tab → *enable laptop camera* → *start recording*. Follow the guided
-   routine (stand / turn / walk / arms / crouch / sit). A pair is stored only when
-   a confident pose AND a fresh live `esp32` CSI frame coexist. Aim for a few
-   thousand samples. Samples persist in IndexedDB across refreshes.
-2. **TRAIN** tab → *train model*. Watch the live loss curve, held-out PCK, and the
-   baseline verdict. The model saves to IndexedDB.
-3. **INFER** tab → the green skeleton is now driven by WiFi CSI only, aligned over
-   your camera. Toggle *hide camera* to see the CSI-only skeleton on black.
-
-## The 410-d CSI vector (matches the Python pipeline exactly)
-
-```
-[ mean_rssi, variance, motion_band_power, breathing_band_power ]   # 4  (features.*)
-+ for node 9 then node 13: [ mean_rssi, variance, motion_band_power ]  # 6 (node_features[].features.*)
-+ signal_field.values, padded / truncated to 400                  # 400
-= 410-d
-```
-
-Verified against a real live frame: the in-browser `csiVector()` produces the
-identical 410 vector as `wiflow_capture.py`'s `csi_vector()` (node 9 first, then
-node 13; field zero-padded).
-
-## Libraries (CDN only, no bundler)
-
-| Library | CDN |
-|---|---|
-| TensorFlow.js core | `@tensorflow/tfjs@4.22.0/dist/tf.min.js` |
-| TF.js WebGPU backend | `@tensorflow/tfjs-backend-webgpu@4.22.0/dist/tf-backend-webgpu.min.js` |
-| TF.js WASM backend | `@tensorflow/tfjs-backend-wasm@4.22.0/dist/tf-backend-wasm.min.js` |
-| MediaPipe Pose 0.5 (legacy solutions) | `@mediapipe/pose@0.5/pose.js` |
-
-## Scope / honesty caveats
-
-Same person, same room, same session. **Not** validated cross-day, cross-room, or
-through-wall. The inferred pose is coarse (PCK@0.05 is typically weak). If the
-model does not beat the mean-pose baseline, the page says so — that is a feature.
@@ -1,644 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>RuView · Through-Wall WiFi Sensing · LIVE CSI (no skeleton, no simulation)</title>
-    <!--
-      THROUGH-WALL WiFi-CSI SENSING DEMO  —  honest, real-data-only.
-
-      Renders ONLY what the running sensing-server actually streams over
-      ws://localhost:8765/ws/sensing :
-        - the 20x20 `signal_field` floor heatmap (real values)
-        - a coarse RF-localization puck from persons[0].position (NOT pose)
-        - live motion / presence / rssi / confidence meters
-        - the real `source` ("esp32" = LIVE) verbatim in the banner
-
-      It deliberately does NOT draw a skeleton. The server's
-      persons[].keypoints carry confidence:0.0 (image-pixel garbage, not
-      real 3D joints) so we never render them. WiFi CSI gives
-      motion/presence/coarse-position — that is the honest wow, and it
-      penetrates drywall. See README.md.
-    -->
-    <style>
-        :root {
-            --bg: #050507; --bg-panel: rgba(8,10,14,0.80);
-            --amber: #ffb840; --amber-hot: #ffe09f;
-            --cyan: #4cf; --magenta: #ff4cc8;
-            --text: #d8c69a; --text-mute: #6b6155;
-            --green: #4f4; --red: #f64;
-            --border: rgba(255,184,64,0.18);
-        }
-        * { box-sizing: border-box; }
-        body {
-            margin: 0; background: var(--bg); color: var(--text); overflow: hidden;
-            font-family: 'SF Mono', 'Cascadia Code', Consolas, monospace;
-            -webkit-font-smoothing: antialiased; font-size: 12px;
-        }
-        canvas { display: block; }
-        .overlay-frame {
-            position: fixed; inset: 0; pointer-events: none; z-index: 5;
-            background:
-                radial-gradient(ellipse at center, transparent 55%, rgba(0,0,0,0.55) 100%),
-                linear-gradient(180deg, rgba(0,0,0,0.32) 0%, transparent 18%, transparent 82%, rgba(0,0,0,0.38) 100%);
-        }
-        .scanlines {
-            position: fixed; inset: 0; pointer-events: none; z-index: 6;
-            background: repeating-linear-gradient(0deg, rgba(0,0,0,0.04) 0px, rgba(0,0,0,0.04) 1px, transparent 1px, transparent 3px);
-            mix-blend-mode: overlay; opacity: 0.5;
-        }
-        .panel {
-            position: absolute; background: var(--bg-panel); border: 1px solid var(--border);
-            border-radius: 4px; padding: 12px 14px; backdrop-filter: blur(8px);
-            box-shadow: 0 1px 0 rgba(255,184,64,0.04), 0 8px 32px rgba(0,0,0,0.55); z-index: 10;
-        }
-        .panel h2 {
-            margin: 0 0 8px 0; font-size: 10px; text-transform: uppercase; letter-spacing: 2px;
-            color: var(--amber); font-weight: 600; border-bottom: 1px solid var(--border); padding-bottom: 6px;
-        }
-
-        /* ---- Honest status banner (top-center, mutually exclusive states) ---- */
-        #banner {
-            position: fixed; top: 0; left: 0; right: 0; z-index: 30;
-            text-align: center; padding: 7px 12px; font-size: 12px; letter-spacing: 1px;
-            font-weight: 600; border-bottom: 1px solid rgba(0,0,0,0.4);
-            transition: background 0.3s, color 0.3s;
-        }
-        #banner.live  { background: rgba(40,255,80,0.12); color: var(--green); border-bottom-color: rgba(80,255,120,0.4); }
-        #banner.sim   { background: rgba(255,120,40,0.16); color: #ffae5a; border-bottom-color: rgba(255,140,60,0.5); }
-        #banner.noserver { background: rgba(255,80,80,0.16); color: var(--red); border-bottom-color: rgba(255,90,90,0.5); }
-        #banner .src { opacity: 0.8; font-weight: 400; }
-        #banner-caption {
-            position: fixed; top: 30px; left: 0; right: 0; z-index: 29;
-            text-align: center; font-size: 10px; color: var(--text-mute); letter-spacing: 0.5px;
-            pointer-events: none; padding-top: 2px;
-        }
-
-        #info { top: 64px; left: 20px; min-width: 270px; }
-        #info h1 { margin: 0 0 1px 0; font-size: 13px; letter-spacing: 1px; color: var(--amber-hot); font-weight: 600; }
-        #info .sub { font-size: 10px; color: var(--text-mute); letter-spacing: 0.5px; margin-bottom: 10px; padding-bottom: 8px; border-bottom: 1px solid var(--border); }
-        #info .row { display: flex; justify-content: space-between; gap: 12px; padding: 2px 0; }
-        #info .row .k { color: var(--text-mute); font-size: 11px; }
-        #info .row .v { color: var(--text); font-variant-numeric: tabular-nums; font-size: 11px; }
-        #info .row .v.amber { color: var(--amber); }
-        #info .row .v.cyan  { color: var(--cyan); }
-        #info .row .v.green { color: var(--green); }
-        #info .row .v.red   { color: var(--red); }
-        #info .row .v.mag   { color: var(--magenta); }
-        #info .row .v.mute  { color: var(--text-mute); }
-
-        #csi { top: 64px; right: 20px; min-width: 270px; }
-        #csi .bar-row { display: flex; align-items: center; gap: 8px; padding: 3px 0; font-size: 10px; }
-        #csi .bar-row .label { width: 86px; color: var(--text-mute); }
-        #csi .bar-row .bar-track { flex: 1; height: 6px; background: rgba(255,184,64,0.08); border-radius: 2px; overflow: hidden; }
-        #csi .bar-row .bar-fill {
-            height: 100%; background: linear-gradient(90deg, var(--amber-hot), var(--amber));
-            box-shadow: 0 0 6px var(--amber); transition: width 0.1s linear;
-        }
-        #csi .bar-row .val { width: 44px; text-align: right; color: var(--amber); font-variant-numeric: tabular-nums; }
-        #csi .spark { margin-top: 8px; }
-        #csi canvas { width: 100%; height: 38px; display: block; border: 1px solid var(--border); border-radius: 3px; background: rgba(0,0,0,0.3); }
-        #csi .legend { margin-top: 8px; padding-top: 8px; border-top: 1px solid var(--border); font-size: 10px; color: var(--text-mute); line-height: 1.5; }
-
-        /* ---- waiting / no-server overlay ---- */
-        #waiting {
-            position: fixed; inset: 0; z-index: 25; display: none;
-            flex-direction: column; align-items: center; justify-content: center;
-            background: rgba(5,5,7,0.94); color: var(--amber); text-align: center; padding: 24px;
-        }
-        #waiting.show { display: flex; }
-        #waiting .big { font-size: 22px; letter-spacing: 2px; color: var(--red); margin-bottom: 16px; text-transform: uppercase; }
-        #waiting code {
-            display: block; text-align: left; max-width: 640px; margin: 8px auto;
-            background: rgba(255,184,64,0.06); border: 1px solid var(--border); border-radius: 4px;
-            padding: 10px 14px; color: var(--amber-hot); font-size: 12px; white-space: pre-wrap;
-        }
-        #waiting .pulse { animation: pulse 1.4s ease-in-out infinite; }
-        @keyframes pulse { 0%,100% { opacity: 0.55; } 50% { opacity: 1; } }
-
-        /* ---- optional webcam ground-truth tile ---- */
-        #cam-tile {
-            position: absolute; bottom: 20px; right: 20px; width: 240px; z-index: 12;
-            background: var(--bg-panel); border: 1px solid var(--border); border-radius: 4px;
-            padding: 8px; backdrop-filter: blur(8px);
-        }
-        #cam-tile h2 { margin: 0 0 6px 0; font-size: 9px; text-transform: uppercase; letter-spacing: 1.5px;
-            color: var(--cyan); font-weight: 600; }
-        #cam-tile .gt-note { font-size: 9px; color: var(--text-mute); margin-top: 4px; line-height: 1.4; }
-        #cam-video { width: 100%; border-radius: 3px; display: none; background: #000; }
-        #cam-tile button {
-            width: 100%; margin-top: 6px; padding: 5px 8px; font-family: inherit; font-size: 11px;
-            background: transparent; color: var(--cyan); border: 1px solid var(--cyan); border-radius: 3px; cursor: pointer;
-        }
-        #cam-tile button:hover { background: rgba(68,204,255,0.12); }
-        #cam-tile button:disabled { opacity: 0.5; cursor: not-allowed; }
-
-        #legend-nodes {
-            position: absolute; bottom: 20px; left: 20px; min-width: 220px;
-            background: var(--bg-panel); border: 1px solid var(--border); border-radius: 4px;
-            padding: 12px 14px; backdrop-filter: blur(8px); z-index: 10;
-        }
-        #legend-nodes h2 { margin: 0 0 8px 0; font-size: 10px; text-transform: uppercase; letter-spacing: 2px;
-            color: var(--amber); font-weight: 600; border-bottom: 1px solid var(--border); padding-bottom: 6px; }
-        #legend-nodes .lr { display: flex; align-items: center; gap: 8px; padding: 2px 0; font-size: 11px; }
-        #legend-nodes .dot { width: 9px; height: 9px; border-radius: 50%; box-shadow: 0 0 6px currentColor; flex: 0 0 auto; }
-        #legend-nodes .muted { color: var(--text-mute); }
-    </style>
-
-    <!-- three.js r128 + addons (same CDN set as examples/three.js/demos/05) -->
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/three.js/r128/three.min.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/controls/OrbitControls.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/postprocessing/EffectComposer.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/postprocessing/RenderPass.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/postprocessing/ShaderPass.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/postprocessing/UnrealBloomPass.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/shaders/CopyShader.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/three@0.128.0/examples/js/shaders/LuminosityHighPassShader.js"></script>
-</head>
-<body>
-    <div id="banner" class="noserver">NO SERVER — start the sensing-server <span class="src"></span></div>
-    <div id="banner-caption">Real WiFi CSI motion / presence / coarse-localization — penetrates drywall. Not skeletal pose.</div>
-
-    <div class="overlay-frame"></div>
-    <div class="scanlines"></div>
-
-    <div class="panel" id="info">
-        <h1>THROUGH-WALL WiFi SENSING</h1>
-        <div class="sub">Live CSI · ws://localhost:8765/ws/sensing</div>
-        <div class="row"><span class="k">source</span><span class="v amber" id="m-source">—</span></div>
-        <div class="row"><span class="k">presence</span><span class="v" id="m-presence">—</span></div>
-        <div class="row"><span class="k">motion level</span><span class="v" id="m-motion">—</span></div>
-        <div class="row"><span class="k">confidence</span><span class="v cyan" id="m-conf">—</span></div>
-        <div class="row"><span class="k">est. persons</span><span class="v amber" id="m-persons">—</span></div>
-        <div class="row"><span class="k">active nodes</span><span class="v" id="m-nodes">—</span></div>
-        <div class="row"><span class="k">tick</span><span class="v" id="m-tick">—</span></div>
-        <div class="row"><span class="k">update rate</span><span class="v cyan" id="m-fps">—</span></div>
-    </div>
-
-    <div class="panel" id="csi">
-        <h2>Live RF features</h2>
-        <div class="bar-row"><span class="label">motion</span><div class="bar-track"><div class="bar-fill" id="bar-motion"></div></div><span class="val" id="v-motion">—</span></div>
-        <div class="bar-row"><span class="label">breathing</span><div class="bar-track"><div class="bar-fill" id="bar-breath"></div></div><span class="val" id="v-breath">—</span></div>
-        <div class="bar-row"><span class="label">variance</span><div class="bar-track"><div class="bar-fill" id="bar-var"></div></div><span class="val" id="v-var">—</span></div>
-        <div class="bar-row"><span class="label">mean rssi</span><div class="bar-track"><div class="bar-fill" id="bar-rssi"></div></div><span class="val" id="v-rssi">—</span></div>
-        <div class="spark"><canvas id="spark" width="252" height="38"></canvas></div>
-        <div class="legend">motion sparkline (last ~6s of real motion_band_power)</div>
-    </div>
-
-    <div id="legend-nodes">
-        <h2>Sensor nodes</h2>
-        <div class="lr"><span class="dot" style="color:#4cf"></span><span>ESP32-S3 office <span class="muted">(node 9)</span></span></div>
-        <div class="lr"><span class="dot" style="color:#ff4cc8"></span><span>ESP32-S3 hallway <span class="muted">(node 13)</span></span></div>
-        <div class="lr" style="margin-top:6px"><span class="dot" style="color:#4f4"></span><span>RF localization <span class="muted">(coarse)</span></span></div>
-        <div class="lr"><span class="muted" style="font-size:10px;line-height:1.4">Office &amp; hallway split by a wall + doorway. WiFi motion still shows through drywall.</span></div>
-    </div>
-
-    <div id="cam-tile">
-        <h2>camera — ground truth when visible</h2>
-        <video id="cam-video" autoplay muted playsinline></video>
-        <button id="cam-btn">▶ enable webcam (optional)</button>
-        <div class="gt-note">Independent of the CSI sensing. The WiFi works in the dark and through walls; the camera does not.</div>
-    </div>
-
-    <div id="waiting" class="show">
-        <div class="big pulse">Waiting for live sensing-server</div>
-        <div>No connection to <b>ws://localhost:8765/ws/sensing</b>. Start the real server, then this page connects automatically.</div>
-        <code>cd v2
-cargo build -p wifi-densepose-sensing-server
-./target/debug/sensing-server.exe --ws-port 8765 --udp-port 5005</code>
-        <div style="margin-top:10px; color:var(--text-mute); font-size:11px;">This demo renders ONLY real data. It never invents frames.</div>
-    </div>
-
-<script>
-"use strict";
-// =====================================================================
-//  Config + WS endpoint (allow ?ws= override)
-// =====================================================================
-const params   = new URLSearchParams(location.search);
-const WS_URL   = params.get('ws') || 'ws://localhost:8765/ws/sensing';
-const ROOM_HALF = 5;             // half-extent of the floor plane in metres
-const GRID_N    = 20;            // signal_field is 20 x 20
-
-// Known node anchor positions (server sends node 9 @ [2,0,1.5]; node 13
-// joins later from the hallway side once its firmware is flashed). These
-// are anchors for the room model + labels, NOT fabricated sensing data.
-const NODE_ANCHORS = {
-    9:  { pos: [ 2.0, 0.0,  1.5], color: 0x44ccff, label: 'office (node 9)' },
-    13: { pos: [-2.0, 0.0, -3.0], color: 0xff4cc8, label: 'hallway (node 13)' },
-};
-
-// =====================================================================
-//  Three.js scene (reused pattern from demos/05-skinned-realtime.html)
-// =====================================================================
-const scene = new THREE.Scene();
-scene.background = new THREE.Color(0x050507);
-scene.fog = new THREE.FogExp2(0x050507, 0.045);
-
-const camera = new THREE.PerspectiveCamera(50, window.innerWidth/window.innerHeight, 0.05, 100);
-camera.position.set(4.5, 4.2, 6.0);
-
-const renderer = new THREE.WebGLRenderer({ antialias: true, powerPreference: 'high-performance' });
-renderer.setPixelRatio(Math.min(2, window.devicePixelRatio));
-renderer.setSize(window.innerWidth, window.innerHeight);
-renderer.toneMapping = THREE.ACESFilmicToneMapping;
-renderer.toneMappingExposure = 0.85;
-renderer.outputEncoding = THREE.sRGBEncoding;
-document.body.appendChild(renderer.domElement);
-
-const controls = new THREE.OrbitControls(camera, renderer.domElement);
-controls.target.set(0, 0.4, -0.5);
-controls.enableDamping = true; controls.dampingFactor = 0.06;
-controls.minDistance = 3; controls.maxDistance = 18;
-controls.maxPolarAngle = Math.PI * 0.49;
-
-scene.add(new THREE.HemisphereLight(0x553a18, 0x080606, 0.7));
-const keyLight = new THREE.DirectionalLight(0xffc070, 0.9);
-keyLight.position.set(3, 6, 4);
-scene.add(keyLight);
-
-// Post-processing — gentle bloom so the heatmap + puck glow.
-const composer = new THREE.EffectComposer(renderer);
-composer.addPass(new THREE.RenderPass(scene, camera));
-const bloom = new THREE.UnrealBloomPass(
-    new THREE.Vector2(window.innerWidth, window.innerHeight), 0.55, 0.45, 0.82);
-composer.addPass(bloom);
-
-// =====================================================================
-//  Room: floor grid + wall + doorway dividing office / hallway
-// =====================================================================
-const gridHelper = new THREE.GridHelper(2*ROOM_HALF, GRID_N, 0x554a32, 0x2a2418);
-gridHelper.position.y = 0.002;
-scene.add(gridHelper);
-
-// Dividing wall runs along world X near z = -1 (office z>-1, hallway z<-1),
-// with a doorway gap. Two wall segments leave a gap in the middle.
-const wallMat = new THREE.MeshStandardMaterial({
-    color: 0x1b2330, transparent: true, opacity: 0.55, roughness: 0.9,
-    side: THREE.DoubleSide,
-});
-const wallH = 1.4, wallZ = -1.0;
-function addWallSeg(cx, w) {
-    const m = new THREE.Mesh(new THREE.BoxGeometry(w, wallH, 0.08), wallMat);
-    m.position.set(cx, wallH/2, wallZ);
-    scene.add(m);
-    // top edge highlight
-    const edge = new THREE.Mesh(new THREE.BoxGeometry(w, 0.02, 0.10),
-        new THREE.MeshBasicMaterial({ color: 0x4cf, transparent: true, opacity: 0.5 }));
-    edge.position.set(cx, wallH, wallZ);
-    scene.add(edge);
-}
-// left segment, doorway gap (-0.7..0.7), right segment
-addWallSeg(-3.15, 3.7);
-addWallSeg( 3.15, 3.7);
-
-// Room labels (sprite text) for OFFICE / HALLWAY
-function makeLabel(text, color) {
-    const c = document.createElement('canvas'); c.width = 256; c.height = 64;
-    const ctx = c.getContext('2d');
-    ctx.fillStyle = color; ctx.font = 'bold 30px Consolas, monospace';
-    ctx.textAlign = 'center'; ctx.textBaseline = 'middle';
-    ctx.fillText(text, 128, 34);
-    const tex = new THREE.CanvasTexture(c);
-    const spr = new THREE.Sprite(new THREE.SpriteMaterial({ map: tex, transparent: true, depthTest: false }));
-    spr.scale.set(2.0, 0.5, 1);
-    return spr;
-}
-const officeLbl = makeLabel('OFFICE', '#ffb840');  officeLbl.position.set(2.6, 0.06, 2.6); scene.add(officeLbl);
-const hallLbl   = makeLabel('HALLWAY', '#ff4cc8'); hallLbl.position.set(-2.6, 0.06, -3.2); scene.add(hallLbl);
-
-// =====================================================================
-//  Node markers (office / hallway). The hallway node is dimmed until it
-//  actually appears in the live `nodes` list.
-// =====================================================================
-const nodeMeshes = {};
-function buildNode(id) {
-    const a = NODE_ANCHORS[id];
-    const g = new THREE.Group();
-    const post = new THREE.Mesh(
-        new THREE.CylinderGeometry(0.05, 0.07, 0.9, 12),
-        new THREE.MeshStandardMaterial({ color: a.color, emissive: a.color, emissiveIntensity: 0.4, roughness: 0.4 }));
-    post.position.y = 0.45; g.add(post);
-    const orb = new THREE.Mesh(
-        new THREE.SphereGeometry(0.12, 20, 16),
-        new THREE.MeshBasicMaterial({ color: a.color }));
-    orb.position.y = 0.95; g.add(orb);
-    const ring = new THREE.Mesh(
-        new THREE.RingGeometry(0.18, 0.24, 32),
-        new THREE.MeshBasicMaterial({ color: a.color, transparent: true, opacity: 0.6, side: THREE.DoubleSide }));
-    ring.rotation.x = -Math.PI/2; ring.position.y = 0.01; g.add(ring);
-    const lbl = makeLabel('ESP32-S3 ' + a.label, '#' + a.color.toString(16).padStart(6,'0'));
-    lbl.scale.set(2.6, 0.65, 1); lbl.position.set(0, 1.25, 0); g.add(lbl);
-    g.position.set(a.pos[0], 0, a.pos[2]);
-    g.userData.parts = { post, orb, ring };
-    scene.add(g);
-    return g;
-}
-Object.keys(NODE_ANCHORS).forEach(id => { nodeMeshes[id] = buildNode(+id); });
-function setNodeActive(id, active) {
-    const g = nodeMeshes[id]; if (!g) return;
-    const o = active ? 1.0 : 0.22;
-    const parts = g.userData.parts;
-    parts.orb.material.opacity = o; parts.orb.material.transparent = true;
-    parts.ring.material.opacity = 0.6 * o;
-    parts.post.material.emissiveIntensity = active ? 0.5 : 0.12;
-}
-setNodeActive(9, false); setNodeActive(13, false);
-
-// =====================================================================
-//  signal_field 20x20 floor heatmap — instanced colored tiles.
-//  Driven ONLY by real `signal_field.values` (400 floats ~0..1).
-// =====================================================================
-const TILE = (2*ROOM_HALF) / GRID_N;
-const heatGeo = new THREE.PlaneGeometry(TILE * 0.96, TILE * 0.96);
-const heatMat = new THREE.MeshBasicMaterial({ vertexColors: true, transparent: true, opacity: 0.85, side: THREE.DoubleSide });
-const heatMesh = new THREE.InstancedMesh(heatGeo, heatMat, GRID_N * GRID_N);
-heatMesh.instanceMatrix.setUsage(THREE.DynamicDrawUsage);
-const heatColor = new THREE.InstancedBufferAttribute(new Float32Array(GRID_N * GRID_N * 3), 3);
-heatMesh.instanceColor = heatColor;
-const _m = new THREE.Matrix4();
-const _q = new THREE.Quaternion().setFromAxisAngle(new THREE.Vector3(1,0,0), -Math.PI/2);
-const _s = new THREE.Vector3(1,1,1);
-const _p = new THREE.Vector3();
-// gridCell (gx,gz) -> world (x,z). gx,gz in [0,GRID_N).
-function cellToWorld(gx, gz) {
-    return [ (gx + 0.5) * TILE - ROOM_HALF, (gz + 0.5) * TILE - ROOM_HALF ];
-}
-for (let gz = 0; gz < GRID_N; gz++) {
-    for (let gx = 0; gx < GRID_N; gx++) {
-        const i = gz * GRID_N + gx;
-        const [wx, wz] = cellToWorld(gx, gz);
-        _p.set(wx, 0.012, wz);
-        _m.compose(_p, _q, _s);
-        heatMesh.setMatrixAt(i, _m);
-        heatColor.setXYZ(i, 0.02, 0.02, 0.03);
-    }
-}
-heatMesh.instanceMatrix.needsUpdate = true;
-scene.add(heatMesh);
-
-// amber→white heat ramp for a value in [0,1]
-function heatRamp(v, out) {
-    v = Math.max(0, Math.min(1, v));
-    // dark -> amber -> hot white
-    const r = Math.min(1, 0.05 + 1.6 * v);
-    const g = Math.min(1, 0.02 + 1.1 * v * v);
-    const b = Math.min(1, 0.04 + 0.9 * Math.pow(v, 3));
-    out.set(r, g, b);
-    return out;
-}
-const _c = new THREE.Color();
-let lastFieldPeak = { gx: GRID_N/2|0, gz: GRID_N/2|0, v: 0 };
-function updateHeatmap(field) {
-    if (!field || !Array.isArray(field.values)) return;
-    const vals = field.values;
-    // grid_size is [20,1,20]; values are row-major 400 floats.
-    let peakV = -1, peakGx = lastFieldPeak.gx, peakGz = lastFieldPeak.gz;
-    const n = Math.min(vals.length, GRID_N * GRID_N);
-    for (let i = 0; i < n; i++) {
-        const v = vals[i];
-        heatRamp(v, _c);
-        heatColor.setXYZ(i, _c.r, _c.g, _c.b);
-        if (v > peakV) { peakV = v; peakGx = i % GRID_N; peakGz = (i / GRID_N) | 0; }
-    }
-    heatColor.needsUpdate = true;
-    lastFieldPeak = { gx: peakGx, gz: peakGz, v: peakV };
-}
-
-// =====================================================================
-//  RF-localization puck — from persons[0].position (coarse, NOT pose).
-//  Falls back to the signal_field peak cell when no person is present.
-// =====================================================================
-const puck = new THREE.Group();
-const puckCore = new THREE.Mesh(
-    new THREE.SphereGeometry(0.16, 24, 18),
-    new THREE.MeshBasicMaterial({ color: 0x66ff88 }));
-puckCore.position.y = 0.16; puck.add(puckCore);
-const puckRing = new THREE.Mesh(
-    new THREE.RingGeometry(0.28, 0.36, 40),
-    new THREE.MeshBasicMaterial({ color: 0x66ff88, transparent: true, opacity: 0.7, side: THREE.DoubleSide }));
-puckRing.rotation.x = -Math.PI/2; puckRing.position.y = 0.02; puck.add(puckRing);
-const puckBeam = new THREE.Mesh(
-    new THREE.CylinderGeometry(0.03, 0.03, 1.2, 8),
-    new THREE.MeshBasicMaterial({ color: 0x66ff88, transparent: true, opacity: 0.35 }));
-puckBeam.position.y = 0.6; puck.add(puckBeam);
-puck.visible = false;
-scene.add(puck);
-const puckTarget = new THREE.Vector3(0, 0, 0);
-
-function updatePuck(frame) {
-    let wx = null, wz = null, present = false;
-    const persons = frame.persons || [];
-    if (persons.length && Array.isArray(persons[0].position)) {
-        // server position is [x, 0, z] in metres, origin at room centre
-        wx = persons[0].position[0];
-        wz = persons[0].position[2];
-        present = true;
-    }
-    // If no person but the field has clear energy, show the peak cell
-    // (coarse) so the puck honestly tracks "where the RF energy is".
-    if (!present && lastFieldPeak.v > 0.55) {
-        const peak = cellToWorld(lastFieldPeak.gx, lastFieldPeak.gz);
-        wx = peak[0]; wz = peak[1]; present = true;
-    }
-    if (present && wx !== null) {
-        // clamp into the room so it never flies off the floor
-        wx = Math.max(-ROOM_HALF+0.3, Math.min(ROOM_HALF-0.3, wx));
-        wz = Math.max(-ROOM_HALF+0.3, Math.min(ROOM_HALF-0.3, wz));
-        puckTarget.set(wx, 0, wz);
-        puck.visible = true;
-    } else {
-        puck.visible = false;
-    }
-}
-
-// =====================================================================
-//  HUD updates
-// =====================================================================
-const $ = id => document.getElementById(id);
-function clamp01(x){ return Math.max(0, Math.min(1, x)); }
-function setBar(barId, valId, frac, text) {
-    $(barId).style.width = (clamp01(frac) * 100).toFixed(0) + '%';
-    $(valId).textContent = text;
-}
-
-// motion sparkline ring buffer
-const sparkCtx = $('spark').getContext('2d');
-const SPARK_N = 120;
-const sparkBuf = new Array(SPARK_N).fill(0);
-function pushSpark(v) {
-    sparkBuf.push(v); if (sparkBuf.length > SPARK_N) sparkBuf.shift();
-    const w = sparkCtx.canvas.width, h = sparkCtx.canvas.height;
-    sparkCtx.clearRect(0,0,w,h);
-    let maxV = 40; for (const x of sparkBuf) if (x > maxV) maxV = x;
-    sparkCtx.strokeStyle = '#ffb840'; sparkCtx.lineWidth = 1.5; sparkCtx.beginPath();
-    for (let i = 0; i < sparkBuf.length; i++) {
-        const x = (i / (SPARK_N-1)) * w;
-        const y = h - (sparkBuf[i] / maxV) * (h - 3) - 1.5;
-        i === 0 ? sparkCtx.moveTo(x, y) : sparkCtx.lineTo(x, y);
-    }
-    sparkCtx.stroke();
-}
-
-// =====================================================================
-//  Honest status banner (strict, mutually exclusive)
-// =====================================================================
-const banner = $('banner');
-function setBannerLive(source, nodeCount) {
-    if (source === 'esp32') {
-        banner.className = 'live';
-        banner.innerHTML = 'LIVE — real ESP32 CSI <span class="src">(source=' + source + ', ' + nodeCount + ' node' + (nodeCount === 1 ? '' : 's') + ')</span>';
-    } else {
-        // anything not esp32 = explicitly NOT real, badged
-        banner.className = 'sim';
-        banner.innerHTML = 'SIMULATED — not real <span class="src">(source=' + source + ' — start an ESP32 for live CSI)</span>';
-    }
-}
-function setBannerNoServer() {
-    banner.className = 'noserver';
-    banner.innerHTML = 'NO SERVER — start the sensing-server <span class="src">(ws://localhost:8765/ws/sensing unreachable)</span>';
-}
-
-// =====================================================================
-//  WebSocket — render ONLY real frames. Reconnect; never fabricate.
-// =====================================================================
-let ws = null, gotFrame = false;
-let frameTimes = [];          // for measured update rate (fps)
-let lastFrame = null;         // most recent real frame (render loop interpolates puck)
-
-function connect() {
-    setBannerNoServer();
-    try { ws = new WebSocket(WS_URL); }
-    catch (e) { scheduleReconnect(); return; }
-
-    ws.onopen = () => { /* wait for first frame before claiming LIVE */ };
-    ws.onmessage = (ev) => {
-        let d; try { d = JSON.parse(ev.data); } catch (e) { return; }
-        if (!d || d.type !== 'sensing_update') return;
-        onFrame(d);
-    };
-    ws.onclose = () => { gotFrame = false; $('waiting').classList.add('show'); setBannerNoServer(); scheduleReconnect(); };
-    ws.onerror = () => { try { ws.close(); } catch (e) {} };
-}
-let reconnectT = null;
-function scheduleReconnect() {
-    if (reconnectT) return;
-    reconnectT = setTimeout(() => { reconnectT = null; connect(); }, 1500);
-}
-
-function onFrame(d) {
-    gotFrame = true;
-    lastFrame = d;
-    $('waiting').classList.remove('show');
-
-    const source = d.source || 'unknown';
-    const nodes  = Array.isArray(d.nodes) ? d.nodes : [];
-    setBannerLive(source, nodes.length);
-
-    // measured update rate
-    const now = performance.now();
-    frameTimes.push(now);
-    while (frameTimes.length && now - frameTimes[0] > 2000) frameTimes.shift();
-    const fps = frameTimes.length > 1 ? (frameTimes.length - 1) / ((frameTimes[frameTimes.length-1] - frameTimes[0]) / 1000) : 0;
-
-    const cls  = d.classification || {};
-    const feat = d.features || {};
-
-    // info panel
-    $('m-source').textContent  = source.toUpperCase();
-    $('m-source').className     = 'v ' + (source === 'esp32' ? 'green' : 'red');
-    const presence = !!cls.presence;
-    $('m-presence').textContent = presence ? (cls.motion_level === 'present_moving' ? 'PRESENT · MOVING' : 'PRESENT') : 'CLEAR';
-    $('m-presence').className    = 'v ' + (presence ? 'green' : 'mute');
-    $('m-motion').textContent   = cls.motion_level || '—';
-    $('m-conf').textContent     = (cls.confidence != null) ? cls.confidence.toFixed(2) : '—';
-    $('m-persons').textContent  = (d.estimated_persons != null) ? d.estimated_persons : '—';
-    $('m-nodes').textContent    = nodes.length + ' (' + nodes.map(n => n.node_id).join(', ') + ')';
-    $('m-tick').textContent     = (d.tick != null) ? d.tick : '—';
-    $('m-fps').textContent      = fps ? fps.toFixed(1) + ' Hz' : '—';
-
-    // feature bars (real values, scaled into 0..1 for the bar width only)
-    const motion = feat.motion_band_power || 0;
-    const breath = feat.breathing_band_power || 0;
-    const variance = feat.variance || 0;
-    const rssi = feat.mean_rssi != null ? feat.mean_rssi : -100;
-    setBar('bar-motion', 'v-motion', motion / 100,  motion.toFixed(1));
-    setBar('bar-breath', 'v-breath', breath / 100,  breath.toFixed(1));
-    setBar('bar-var',    'v-var',    variance / 80,  variance.toFixed(1));
-    // rssi: map -90..-30 dBm -> 0..1
-    setBar('bar-rssi',   'v-rssi',   (rssi + 90) / 60, rssi.toFixed(0));
-    pushSpark(motion);
-
-    // node activity
-    const activeIds = new Set(nodes.map(n => n.node_id));
-    [9, 13].forEach(id => setNodeActive(id, activeIds.has(id)));
-
-    // heatmap + puck
-    updateHeatmap(d.signal_field);
-    updatePuck(d);
-}
-
-// =====================================================================
-//  Optional webcam ground-truth tile (reused from demos/05). Camera is
-//  separate from CSI sensing — labeled "ground truth when visible".
-// =====================================================================
-let camStream = null;
-$('cam-btn').addEventListener('click', async () => {
-    const btn = $('cam-btn');
-    if (camStream) {  // toggle off
-        camStream.getTracks().forEach(t => t.stop());
-        $('cam-video').style.display = 'none'; camStream = null;
-        btn.textContent = '▶ enable webcam (optional)';
-        return;
-    }
-    btn.disabled = true; btn.textContent = 'requesting camera…';
-    try {
-        camStream = await navigator.mediaDevices.getUserMedia({
-            video: { width: { ideal: 640 }, height: { ideal: 480 }, facingMode: 'user' }, audio: false,
-        });
-        const v = $('cam-video'); v.srcObject = camStream; v.style.display = 'block';
-        btn.textContent = '■ stop webcam'; btn.disabled = false;
-    } catch (e) {
-        btn.textContent = '✗ camera unavailable'; btn.disabled = false; console.error(e);
-        setTimeout(() => { if (!camStream) btn.textContent = '▶ enable webcam (optional)'; }, 2000);
-    }
-});
-
-// =====================================================================
-//  Render loop — smooth the puck toward its real target; pulse rings.
-// =====================================================================
-const clock = new THREE.Clock();
-function animate() {
-    requestAnimationFrame(animate);
-    const t = clock.getElapsedTime();
-    controls.update();
-
-    if (puck.visible) {
-        puck.position.lerp(puckTarget, 0.18);
-        const pulse = 0.8 + 0.25 * Math.sin(t * 3.0);
-        puckRing.scale.set(pulse, pulse, pulse);
-        puckRing.material.opacity = 0.5 + 0.25 * Math.sin(t * 3.0);
-    }
-    // node rings breathe when active
-    [9,13].forEach(id => {
-        const g = nodeMeshes[id]; if (!g) return;
-        const r = g.userData.parts.ring;
-        const s = 1 + 0.08 * Math.sin(t * 2 + id);
-        r.scale.set(s, s, s);
-    });
-
-    composer.render();
-}
-animate();
-
-window.addEventListener('resize', () => {
-    camera.aspect = window.innerWidth / window.innerHeight;
-    camera.updateProjectionMatrix();
-    renderer.setSize(window.innerWidth, window.innerHeight);
-    composer.setSize(window.innerWidth, window.innerHeight);
-});
-
-// kick off
-connect();
-</script>
-</body>
-</html>
@@ -1,159 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8"/>
-<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-<title>WiFlow · live WiFi-inferred pose</title>
-<style>
-  :root{--bg:#0a0c10;--panel:#11151c;--amber:#ffb840;--green:#46e08a;--red:#ff5a5a;--mute:#7d8796;--line:#1d2430}
-  *{box-sizing:border-box}
-  body{margin:0;background:var(--bg);color:#dfe6ee;font:14px/1.5 'JetBrains Mono',ui-monospace,Menlo,monospace}
-  header{padding:14px 18px;border-bottom:1px solid var(--line);display:flex;align-items:center;gap:14px;flex-wrap:wrap}
-  h1{font-size:15px;margin:0;letter-spacing:1px;text-transform:uppercase;font-weight:600}
-  h1 span{color:var(--amber)}
-  #banner{margin-left:auto;padding:5px 12px;border-radius:5px;font-weight:600;font-size:12px;letter-spacing:.5px}
-  .live{background:rgba(70,224,138,.15);color:var(--green);border:1px solid var(--green)}
-  .sim{background:rgba(255,184,64,.15);color:var(--amber);border:1px solid var(--amber)}
-  .down{background:rgba(255,90,90,.15);color:var(--red);border:1px solid var(--red)}
-  main{display:flex;gap:18px;padding:18px;flex-wrap:wrap}
-  .card{background:var(--panel);border:1px solid var(--line);border-radius:10px;padding:14px}
-  canvas{background:#070a0e;border-radius:8px;display:block}
-  .label{font-size:11px;text-transform:uppercase;letter-spacing:1.5px;color:var(--mute);margin-bottom:8px}
-  .stats{min-width:240px}
-  .row{display:flex;justify-content:space-between;padding:3px 0;border-bottom:1px dashed var(--line)}
-  .row .k{color:var(--mute)} .row .v{color:var(--amber);font-variant-numeric:tabular-nums}
-  .v.green{color:var(--green)}
-  .note{margin-top:12px;font-size:11px;color:var(--mute);line-height:1.6;max-width:300px}
-  .note b{color:#dfe6ee}
-</style>
-</head>
-<body>
-<header>
-  <h1>WiFlow · <span>live WiFi-inferred pose</span></h1>
-  <div id="banner" class="down">CONNECTING…</div>
-</header>
-<main>
-  <div class="card">
-    <div class="label">CSI → pose (skeleton) overlaid on your laptop camera</div>
-    <div id="stage" style="width:420px;height:560px;border-radius:8px;overflow:hidden;background:#070a0e">
-      <video id="cam" autoplay muted playsinline style="position:absolute;width:2px;height:2px;opacity:0;pointer-events:none"></video>
-      <canvas id="cv" width="420" height="560"></canvas>
-    </div>
-    <div style="margin-top:10px;display:flex;gap:8px;align-items:center;flex-wrap:wrap">
-      <button id="camBtn" style="background:var(--amber);color:#0a0c10;border:0;border-radius:6px;padding:7px 14px;font:inherit;font-weight:600;cursor:pointer">enable laptop camera</button>
-      <select id="camSel" style="display:none;background:var(--panel);color:#dfe6ee;border:1px solid var(--line);border-radius:6px;padding:6px;font:inherit;max-width:220px"></select>
-    </div>
-    <div id="camStatus" style="margin-top:6px;font-size:11px;color:var(--mute)">camera: off</div>
-    <div class="note" style="margin-top:8px">Camera is a <b>visual reference only</b> — it is NOT fed to the model. Overlay alignment is approximate (model trained in a different camera's frame).</div>
-  </div>
-  <div class="card stats">
-    <div class="label">live</div>
-    <div class="row"><span class="k">CSI source</span><span class="v" id="src">—</span></div>
-    <div class="row"><span class="k">nodes</span><span class="v" id="nodes">—</span></div>
-    <div class="row"><span class="k">presence</span><span class="v" id="pres">—</span></div>
-    <div class="row"><span class="k">motion</span><span class="v" id="motion">—</span></div>
-    <div class="row"><span class="k">pose fps</span><span class="v" id="fps">—</span></div>
-    <div class="note">
-      This skeleton is inferred <b>from WiFi CSI only</b> — no camera in the loop here. A model was
-      trained on paired (camera-pose, CSI) data in this room (ADR-079/180).
-      <br/><br/>
-      <b>Honest accuracy:</b> ~<b>59.5% PCK@0.10</b> on held-out data (vs a 50% mean-pose baseline →
-      <b>+9.4 pp real signal</b>). It captures <b>coarse</b> pose; fine detail is weak (PCK@0.05 ≈ 24%).
-      Same person / room / session — not validated cross-day or through-wall.
-    </div>
-  </div>
-</main>
-<script>
-const POSE_WS = (new URLSearchParams(location.search)).get('ws') || `ws://${location.hostname||'localhost'}:8770/pose`;
-const cv = document.getElementById('cv'), ctx = cv.getContext('2d');
-const $ = id => document.getElementById(id);
-let edges = [[5,7],[7,9],[6,8],[8,10],[5,6],[11,12],[5,11],[6,12],[11,13],[13,15],[12,14],[14,16],[0,1],[0,2],[1,3],[2,4],[0,5],[0,6]];
-let last = null, frames = 0, t0 = performance.now();
-
-function banner(state, txt){ const b=$('banner'); b.className=state; b.textContent=txt; }
-
-// per-joint smoothing (EMA) so dropped/jittery CSI frames render fluidly (ADR-180 dead-reckoning, lite)
-let sm = null;
-function smooth(kps){
-  if(!sm){ sm = kps.map(p=>[p[0],p[1]]); return sm; }
-  const a=0.35; for(let i=0;i<kps.length;i++){ sm[i][0]+=a*(kps[i][0]-sm[i][0]); sm[i][1]+=a*(kps[i][1]-sm[i][1]); }
-  return sm;
-}
-const camEl=document.getElementById('cam');
-function draw(p){
-  const W=cv.width, H=cv.height;
-  // paint the live camera frame onto the canvas (robust — no z-index/overlay tricks)
-  if(camEl && camEl.videoWidth>0){
-    ctx.save(); ctx.globalAlpha=0.9;
-    // cover-fit the camera frame into the canvas
-    const vr=camEl.videoWidth/camEl.videoHeight, cr=W/H;
-    let dw=W, dh=H, dx=0, dy=0;
-    if(vr>cr){ dh=H; dw=H*vr; dx=(W-dw)/2; } else { dw=W; dh=W/vr; dy=(H-dh)/2; }
-    ctx.drawImage(camEl, dx, dy, dw, dh); ctx.restore();
-  } else {
-    ctx.fillStyle='#070a0e'; ctx.fillRect(0,0,W,H);
-  }
-  if(!p || !p.kps){ return; }
-  const s = smooth(p.kps);
-  const k = s.map(([x,y])=>[x*W, y*H]);
-  ctx.lineWidth=5; ctx.strokeStyle=p.presence?'rgba(70,224,138,.95)':'rgba(125,135,150,.8)'; ctx.lineCap='round';
-  ctx.shadowColor='rgba(70,224,138,.6)'; ctx.shadowBlur=8;
-  for(const [a,b] of edges){ ctx.beginPath(); ctx.moveTo(k[a][0],k[a][1]); ctx.lineTo(k[b][0],k[b][1]); ctx.stroke(); }
-  ctx.shadowBlur=0;
-  for(const [x,y] of k){ ctx.beginPath(); ctx.arc(x,y,5,0,7); ctx.fillStyle=p.presence?'#ffb840':'#667'; ctx.fill(); }
-}
-
-// ---- laptop webcam (visual reference only; NOT fed to the model) ----
-let camStream=null;
-async function startCam(deviceId){
-  if(camStream){ camStream.getTracks().forEach(t=>t.stop()); }
-  const constraints = deviceId ? {video:{deviceId:{exact:deviceId}}} : {video:true};
-  const st=document.getElementById('camStatus');
-  try{
-    st.textContent='camera: requesting…';
-    camStream = await navigator.mediaDevices.getUserMedia(constraints);
-    const v=document.getElementById('cam'); v.muted=true; v.srcObject=camStream;
-    v.onloadedmetadata=()=>{ v.play().catch(err=>st.textContent='camera: play() blocked '+err.name); };
-    await v.play().catch(()=>{});
-    const tr=camStream.getVideoTracks()[0]; const ss=tr.getSettings();
-    // live readout: shows if real frames are flowing (videoWidth>0) and which device
-    const tick=()=>{ st.textContent = `camera: "${tr.label}" ${v.videoWidth}x${v.videoHeight} ${tr.readyState} ${v.paused?'PAUSED':'playing'}`; };
-    tick(); setInterval(tick, 1000);
-    document.getElementById('camBtn').textContent='switch camera ↻';
-    // populate the picker now that we have permission (labels need permission)
-    const devs = (await navigator.mediaDevices.enumerateDevices()).filter(d=>d.kind==='videoinput');
-    const sel=document.getElementById('camSel'); sel.style.display = devs.length>1?'inline-block':'none';
-    sel.innerHTML = devs.map((d,i)=>`<option value="${d.deviceId}">${d.label||('camera '+(i+1))}</option>`).join('');
-    const cur = camStream.getVideoTracks()[0].getSettings().deviceId; if(cur) sel.value=cur;
-  }catch(e){
-    document.getElementById('camBtn').textContent = 'camera error: '+e.name+(e.name==='NotReadableError'?' (in use by Zoom/Teams?)':'');
-    console.error('getUserMedia', e);
-  }
-}
-document.getElementById('camBtn').addEventListener('click', ()=>startCam());
-document.getElementById('camSel').addEventListener('change', e=>startCam(e.target.value));
-
-function connect(){
-  banner('down','CONNECTING…');
-  const ws = new WebSocket(POSE_WS);
-  ws.onopen = ()=> banner('sim','WAITING FOR POSE…');
-  ws.onmessage = ev => {
-    const d = JSON.parse(ev.data);
-    if(d.type==='meta'){ edges = d.edges; return; }
-    if(d.type!=='pose') return;
-    last=d; frames++;
-    if(d.src==='esp32') banner('live','LIVE — WiFi-inferred pose (real ESP32 CSI)');
-    else banner('sim','SIMULATED CSI — not real ('+d.src+')');
-    $('src').textContent=d.src; $('src').className = d.src==='esp32'?'v green':'v';
-    $('nodes').textContent=(d.nodes||[]).join(', ')||'—';
-    $('pres').textContent=d.presence?'PRESENT':'—';
-    $('motion').textContent=(d.motion!=null?Math.round(d.motion):'—');
-  };
-  ws.onclose = ()=>{ banner('down','NO BRIDGE — start wiflow_infer.py'); setTimeout(connect,1500); };
-  ws.onerror = ()=> ws.close();
-}
-function loop(){ draw(last); const now=performance.now(); if(now-t0>1000){ $('fps').textContent=frames; frames=0; t0=now; } requestAnimationFrame(loop); }
-connect(); loop();
-</script>
-</body>
-</html>
@@ -1,65 +0,0 @@
-"""Tiny threaded static server for the through-wall WiFi-CSI sensing demo.
-
-Adapted from examples/three.js/server/serve-demo.py. Serves the
-`examples/through-wall/` page so a browser can fetch index.html, then the
-page connects directly to the LIVE sensing-server WebSocket at
-ws://localhost:8765/ws/sensing (NOT proxied through here).
-
-Why a threaded server (not `python -m http.server`)?
-The stdlib SimpleHTTPServer is single-threaded; a browser opens several
-parallel connections (HTML + the three.js CDN tags fetch in parallel),
-the first eats the worker, the rest can stall. ThreadingHTTPServer fixes it.
-
-IMPORTANT: this serves on port 8080 — port 8765 is taken by the
-sensing-server's WebSocket. They are two different processes.
-
-Usage:
-    # 1) start the REAL sensing-server (separate terminal):
-    #      cd v2
-    #      cargo build -p wifi-densepose-sensing-server
-    #      ./target/debug/sensing-server.exe --ws-port 8765 --udp-port 5005
-    # 2) start this static server:
-    python examples/through-wall/serve.py
-    # 3) open:
-    #      http://localhost:8080/examples/through-wall/index.html
-
-Override the WS endpoint with a query param, e.g.:
-    http://localhost:8080/examples/through-wall/index.html?ws=ws://192.168.1.20:8765/ws/sensing
-"""
-from http.server import ThreadingHTTPServer, SimpleHTTPRequestHandler
-import os
-import sys
-
-PORT = int(os.environ.get("PORT", 8080))
-
-# Serve from the repo root regardless of where this script is launched.
-# This file lives at examples/through-wall/serve.py — two levels deep.
-os.chdir(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")))
-
-
-class NoCacheHandler(SimpleHTTPRequestHandler):
-    def end_headers(self):
-        # Aggressive no-cache so the browser ALWAYS fetches the latest
-        # index.html after edits, even on a soft refresh.
-        self.send_header("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0")
-        self.send_header("Pragma", "no-cache")
-        self.send_header("Expires", "0")
-        super().end_headers()
-
-    def log_message(self, fmt, *args):  # quieter logs
-        sys.stderr.write("[serve] " + (fmt % args) + "\n")
-
-
-PAGE = "examples/through-wall/index.html"
-
-with ThreadingHTTPServer(("127.0.0.1", PORT), NoCacheHandler) as srv:
-    print(f"serving {os.getcwd()} on http://127.0.0.1:{PORT}/")
-    print(f"  open  http://localhost:{PORT}/{PAGE}")
-    print("")
-    print("  The page connects to the LIVE sensing-server at")
-    print("  ws://localhost:8765/ws/sensing (start it first — see README.md).")
-    print("  Override with ?ws=ws://HOST:PORT/ws/sensing")
-    try:
-        srv.serve_forever()
-    except KeyboardInterrupt:
-        sys.exit(0)
@@ -1,126 +0,0 @@
-#!/usr/bin/env python3
-"""Rigorous A/B for WiFlow CSI->pose: is the held-out PCK real signal or split leakage?
-
-For a dataset of {csi:[D], kps:17x[x,y,vis]} pairs, train the SAME small MLP under
-several train/val SPLITS and report held-out PCK@0.10 vs the mean-pose baseline:
-
-  - chronological_80_20 : last 20% in time (val temporally ADJACENT to train -> leaks
-                          via CSI/pose autocorrelation; this is what gave us +9.4)
-  - random_80_20        : shuffled (val frames interleaved with train -> MAX leak)
-  - blocked_gap         : hold out a contiguous MIDDLE block with a time GAP buffer on
-                          each side so val is NOT adjacent to any train frame -> the
-                          honest, leakage-controlled test
-
-If the model beats baseline on chronological/random but COLLAPSES to ~baseline on
-blocked_gap, the apparent signal was temporal leakage, not generalizable CSI->pose.
-
-Usage (ruvultra venv): python wiflow_ab.py --data ~/wiflow-room/dataset.jsonl
-"""
-import argparse, json, sys
-import numpy as np, torch, torch.nn as nn
-
-def _rec(r, X, Y, V, B):
-    X.append(r["csi"]); kp=r["kps"]
-    if kp and isinstance(kp[0], (list,tuple)):       # 17 x [x,y(,vis)]
-        Y.append([c for k in kp for c in (k[0],k[1])]); V.append([(k[2] if len(k)>2 else 1.0) for k in kp])
-    else:                                            # flat 34 (browser export, no vis)
-        Y.append(list(kp)); V.append([1.0]*17)
-    B.append(r.get("bucket"))
-
-def load(path):
-    X,Y,V,B=[],[],[],[]
-    txt=open(path).read().strip()
-    if txt[:1] in "[{":                               # JSON (browser export: dict{samples:[]} or bare array)
-        d=json.loads(txt)
-        rows = d if isinstance(d,list) else d.get("samples", d.get("data", []))
-        for r in rows: _rec(r,X,Y,V,B)
-    else:                                             # JSONL (python capture)
-        for line in txt.splitlines():
-            if line.strip(): _rec(json.loads(line),X,Y,V,B)
-    return np.array(X,np.float32), np.array(Y,np.float32), np.array(V,np.float32), B
-
-class Net(nn.Module):
-    def __init__(s,din,dout):
-        super().__init__()
-        s.n=nn.Sequential(nn.Linear(din,384),nn.ReLU(),nn.Dropout(.35),
-                          nn.Linear(384,192),nn.ReLU(),nn.Dropout(.35),
-                          nn.Linear(192,96),nn.ReLU(),nn.Linear(96,dout),nn.Sigmoid())
-    def forward(s,x): return s.n(x)
-
-def pck(pred,gt,vis,thr=0.10):
-    p=pred.reshape(-1,17,2); g=gt.reshape(-1,17,2)
-    d=np.linalg.norm(p-g,axis=2); m=vis>0.5
-    return float((d[m]<thr).mean()) if m.any() else 0.0
-
-def split_idx(n, kind, B=None):
-    idx=np.arange(n)
-    if kind=="chronological_80_20":
-        c=int(n*.8); return idx[:c], idx[c:]
-    if kind=="random_80_20":
-        rng=np.random.default_rng(0); p=rng.permutation(n); c=int(n*.8); return p[:c], p[c:]
-    if kind=="blocked_gap":
-        # val = contiguous middle 20%; a WIDE 10% time gap each side guarantees no train
-        # frame is temporally adjacent to a val frame (kills frame-autocorrelation leakage).
-        v0=int(n*.4); v1=int(n*.6); gap=int(n*.10)
-        val=idx[v0:v1]; train=np.concatenate([idx[:max(0,v0-gap)], idx[min(n,v1+gap):]])
-        return train, val
-    if kind=="grouped_bucket":
-        # hold out ENTIRE activity buckets -> val poses/activities never seen in train.
-        # the strictest leakage-free test (only when bucket labels exist).
-        b=np.array([x if x is not None else -1 for x in B])
-        uniq=[u for u in sorted(set(b.tolist())) if u!=-1]
-        if len(uniq)<3: raise ValueError("too few buckets")
-        hold=set(uniq[::max(1,len(uniq)//3)][:max(1,len(uniq)//3)])  # ~1/3 of activities held out
-        val=idx[np.isin(b,list(hold))]; train=idx[~np.isin(b,list(hold))]
-        return train, val
-    raise ValueError(kind)
-
-def run(X,Y,V,tr,va,epochs=250,seed=0):
-    torch.manual_seed(seed); np.random.seed(seed)   # seed weight init + batch shuffle
-    dev="cuda" if torch.cuda.is_available() else "cpu"
-    mu,sd=X[tr].mean(0),X[tr].std(0)+1e-6
-    Xtr=torch.tensor((X[tr]-mu)/sd).to(dev); Ytr=torch.tensor(Y[tr]).to(dev)
-    Xva=torch.tensor((X[va]-mu)/sd).to(dev)
-    net=Net(X.shape[1],Y.shape[1]).to(dev)
-    opt=torch.optim.Adam(net.parameters(),lr=1e-3,weight_decay=1e-4); lf=nn.MSELoss()
-    best=(1e9,None)
-    for ep in range(epochs):
-        net.train(); perm=torch.randperm(len(Xtr),device=dev)
-        for i in range(0,len(Xtr),64):
-            j=perm[i:i+64]; opt.zero_grad(); loss=lf(net(Xtr[j]),Ytr[j]); loss.backward(); opt.step()
-        net.eval()
-        with torch.no_grad(): pv=net(Xva).cpu().numpy()
-        vl=float(((pv-Y[va])**2).mean())
-        if vl<best[0]: best=(vl,pv)
-    base=np.tile(Y[tr].mean(0),(len(va),1))
-    return pck(best[1],Y[va],V[va]), pck(base,Y[va],V[va])
-
-def main():
-    ap=argparse.ArgumentParser(); ap.add_argument("--data",required=True)
-    ap.add_argument("--epochs",type=int,default=250); ap.add_argument("--seeds",type=int,default=3)
-    a=ap.parse_args()
-    X,Y,V,B=load(a.data); n=len(X)
-    has_buckets=any(x is not None for x in B)
-    print(f"[ab] {n} samples, X={X.shape}, buckets={'yes' if has_buckets else 'no'}, "
-          f"seeds={a.seeds}, epochs={a.epochs}\n")
-    print(f"{'split':<22}{'model PCK@0.10':>16}{'baseline':>11}{'delta (mean±sd)':>20}   verdict")
-    print("-"*86)
-    splits=["chronological_80_20","random_80_20","blocked_gap"]+(["grouped_bucket"] if has_buckets else [])
-    for kind in splits:
-        try:
-            tr,va=split_idx(n,kind,B)
-            ms=[]; bs=[]
-            for s in range(a.seeds):
-                m,b=run(X,Y,V,tr,va,a.epochs,seed=s); ms.append(m); bs.append(b)
-            ms=np.array(ms)*100; bs=np.array(bs)*100; ds=ms-bs
-            dm,dsd=ds.mean(),ds.std()
-            # REAL only if the mean delta minus 1 sd still clears the 1.5pp threshold (robust to seed variance)
-            verdict = "REAL signal" if dm-dsd>1.5 else ("weak/uncertain" if dm>1.5 else "no signal (==baseline)")
-            print(f"{kind:<22}{ms.mean():>13.1f}±{ms.std():>3.1f}{bs.mean():>10.1f}%{dm:>+12.1f}±{dsd:>4.1f}pp   {verdict}")
-        except Exception as e:
-            print(f"{kind:<22}  skipped: {e}")
-    print(f"\nmean±sd over {a.seeds} seeds (weight init + batch order). blocked_gap = 10% time gap each")
-    print("side; grouped_bucket holds out ENTIRE activities (strictest). If only the LEAKY splits")
-    print("(chronological/random) beat baseline, the apparent signal is leakage, not generalizable pose.")
-
-if __name__=="__main__": main()
@@ -1,161 +0,0 @@
-#!/usr/bin/env python3
-"""WiFlow-style camera-supervised capture (ADR-079 / ADR-180).
-
-Runs on a box with BOTH a camera (ground truth) and reachable live CSI:
-  - opens a camera, runs MediaPipe Pose -> 17 COCO keypoints (the LABEL),
-  - subscribes to the sensing-server /ws/sensing (the INPUT: CSI features +
-    20x20 signal-field),
-  - writes timestamp-aligned (csi -> pose) pairs to a JSONL dataset.
-
-This is the *collect* phase of camera-supervised CSI->pose training. The camera
-and the CSI nodes MUST see the same person in the same space at the same time,
-or the pairs are meaningless. Honest by construction: we only emit a pair when
-BOTH a confident camera pose AND a live (source=esp32) CSI frame are present in
-the same ~100 ms window.
-
-Usage (on ruvultra, with the CSI tunneled to localhost:8765):
-    python3 wiflow_capture.py --ws ws://localhost:8765/ws/sensing \
-        --cam 0 --out ~/wiflow-room/dataset.jsonl --seconds 180
-"""
-import argparse, asyncio, json, time, threading, sys, os
-from collections import deque
-
-import urllib.request
-import cv2
-import numpy as np
-import mediapipe as mp
-from mediapipe.tasks.python import BaseOptions
-from mediapipe.tasks.python.vision import PoseLandmarker, PoseLandmarkerOptions, RunningMode
-import websockets
-
-_MODEL_URL = ("https://storage.googleapis.com/mediapipe-models/pose_landmarker/"
-              "pose_landmarker_lite/float16/latest/pose_landmarker_lite.task")
-
-def ensure_model(path: str) -> str:
-    if not os.path.exists(path):
-        os.makedirs(os.path.dirname(path), exist_ok=True)
-        print(f"[capture] downloading pose model -> {path}", flush=True)
-        urllib.request.urlretrieve(_MODEL_URL, path)
-    return path
-
-# MediaPipe Pose (33 landmarks) -> 17 COCO keypoints (same mapping as
-# scripts/collect-ground-truth.py, ADR-079).
-COCO_FROM_MP = [0, 2, 5, 7, 8, 11, 12, 13, 14, 15, 16, 23, 24, 25, 26, 27, 28]
-COCO_NAMES = ["nose","l_eye","r_eye","l_ear","r_ear","l_sho","r_sho","l_elb",
-              "r_elb","l_wri","r_wri","l_hip","r_hip","l_knee","r_knee","l_ank","r_ank"]
-
-# ---- shared state between the CSI (async) thread and the camera (sync) loop ----
-_latest_csi = {"t": 0.0, "frame": None}
-_csi_lock = threading.Lock()
-_stop = threading.Event()
-
-
-def csi_thread(ws_url: str):
-    """Background thread: keep the most recent LIVE csi frame in _latest_csi."""
-    async def run():
-        while not _stop.is_set():
-            try:
-                async with websockets.connect(ws_url, open_timeout=8, ping_interval=20) as ws:
-                    while not _stop.is_set():
-                        msg = await asyncio.wait_for(ws.recv(), timeout=8)
-                        d = json.loads(msg)
-                        with _csi_lock:
-                            _latest_csi["t"] = time.time()
-                            _latest_csi["frame"] = d
-            except Exception as e:
-                print(f"[csi] reconnect ({e})", flush=True)
-                await asyncio.sleep(1.0)
-    asyncio.new_event_loop().run_until_complete(run())
-
-
-def csi_vector(frame: dict):
-    """Flatten a csi frame to a fixed-length input vector: features + field."""
-    f = frame.get("features", {}) or {}
-    feats = [f.get("mean_rssi", 0.0), f.get("variance", 0.0),
-             f.get("motion_band_power", 0.0), f.get("breathing_band_power", 0.0)]
-    # per-node mean_rssi/variance/motion for up to the 2 nodes (9, 13)
-    pernode = {nf.get("node_id"): (nf.get("features") or {}) for nf in (frame.get("node_features") or [])}
-    for nid in (9, 13):
-        nf = pernode.get(nid, {})
-        feats += [nf.get("mean_rssi", 0.0), nf.get("variance", 0.0), nf.get("motion_band_power", 0.0)]
-    field = (frame.get("signal_field", {}) or {}).get("values") or []
-    field = (field + [0.0] * 400)[:400]
-    return feats + field   # 4 + 6 + 400 = 410-d
-
-
-def main():
-    ap = argparse.ArgumentParser(description="WiFlow camera-supervised CSI<->pose capture (ADR-180).")
-    ap.add_argument("--ws", default="ws://localhost:8765/ws/sensing")
-    ap.add_argument("--cam", type=int, default=0)
-    ap.add_argument("--out", default=os.path.expanduser("~/wiflow-room/dataset.jsonl"))
-    ap.add_argument("--seconds", type=int, default=180)
-    ap.add_argument("--min-vis", type=float, default=0.5, help="min mean landmark visibility to accept a pose label")
-    ap.add_argument("--max-skew-ms", type=float, default=150, help="max csi/pose time skew to pair")
-    ap.add_argument("--require-esp32", action="store_true", default=True,
-                    help="only pair when csi source==esp32 (real). Default on.")
-    args = ap.parse_args()
-
-    os.makedirs(os.path.dirname(args.out), exist_ok=True)
-    th = threading.Thread(target=csi_thread, args=(args.ws,), daemon=True)
-    th.start()
-
-    cap = cv2.VideoCapture(args.cam)
-    if not cap.isOpened():
-        print(f"ERROR: cannot open camera {args.cam}", file=sys.stderr); sys.exit(2)
-    W = int(cap.get(cv2.CAP_PROP_FRAME_WIDTH)) or 640
-    H = int(cap.get(cv2.CAP_PROP_FRAME_HEIGHT)) or 480
-    model_path = ensure_model(os.path.expanduser("~/wiflow-room/pose_landmarker_lite.task"))
-    landmarker = PoseLandmarker.create_from_options(PoseLandmarkerOptions(
-        base_options=BaseOptions(model_asset_path=model_path),
-        running_mode=RunningMode.IMAGE, min_pose_detection_confidence=0.5))
-
-    n_pairs = 0; n_nopose = 0; n_nocsi = 0; n_skew = 0; n_sim = 0
-    t0 = time.time()
-    print(f"[capture] camera {args.cam} {W}x{H} -> {args.out} for {args.seconds}s")
-    print("[capture] stand in view AND in the CSI field; move/walk so poses vary. Ctrl-C to stop.")
-    with open(args.out, "a") as out:
-        try:
-            while time.time() - t0 < args.seconds:
-                ok, frame = cap.read()
-                if not ok:
-                    continue
-                now = time.time()
-                rgb = cv2.cvtColor(frame, cv2.COLOR_BGR2RGB)
-                res = landmarker.detect(mp.Image(image_format=mp.ImageFormat.SRGB, data=rgb))
-                if not res.pose_landmarks:
-                    n_nopose += 1; continue
-                lm = res.pose_landmarks[0]
-                kps = [[lm[i].x, lm[i].y, lm[i].visibility] for i in COCO_FROM_MP]
-                vis = float(np.mean([k[2] for k in kps]))
-                if vis < args.min_vis:
-                    n_nopose += 1; continue
-                with _csi_lock:
-                    ct = _latest_csi["t"]; cf = _latest_csi["frame"]
-                if cf is None:
-                    n_nocsi += 1; continue
-                if (now - ct) * 1000.0 > args.max_skew_ms:
-                    n_skew += 1; continue
-                if args.require_esp32 and cf.get("source") != "esp32":
-                    n_sim += 1; continue
-                rec = {"t": now, "vis": round(vis, 3),
-                       "kps": [[round(x, 4), round(y, 4), round(v, 3)] for x, y, v in kps],
-                       "csi": csi_vector(cf),
-                       "src": cf.get("source"),
-                       "nodes": sorted(n.get("node_id") for n in cf.get("nodes", []) if n.get("node_id") is not None)}
-                out.write(json.dumps(rec) + "\n")
-                n_pairs += 1
-                if n_pairs % 30 == 0:
-                    out.flush()
-                    el = int(now - t0)
-                    print(f"[capture] t+{el:3d}s pairs={n_pairs} (skip: nopose={n_nopose} nocsi={n_nocsi} skew={n_skew} sim={n_sim})", flush=True)
-        except KeyboardInterrupt:
-            print("\n[capture] stopped by user")
-    _stop.set(); cap.release()
-    print(f"[capture] DONE. wrote {n_pairs} paired samples to {args.out}")
-    print(f"[capture] skipped: no-pose={n_nopose} no-csi={n_nocsi} skew={n_skew} simulated={n_sim}")
-    if n_pairs == 0:
-        print("[capture] WARNING: 0 pairs — check camera sees you AND csi source==esp32 (live).")
-
-
-if __name__ == "__main__":
-    main()
@@ -1,92 +0,0 @@
-#!/usr/bin/env python3
-"""Live CSI->pose inference bridge (ADR-180).
-
-Runs on the box with the live CSI. Loads the camera-supervised model (numpy,
-no torch needed), subscribes to /ws/sensing, runs a forward pass per frame, and
-broadcasts the predicted 17-keypoint pose to HTML clients on ws://:8770/pose.
-
-  python wiflow_infer.py --model model/model.npz \
-      --in ws://localhost:8765/ws/sensing --port 8770
-"""
-import argparse, asyncio, json, os
-import numpy as np
-import websockets
-
-# COCO skeleton edges (for the client; sent once in 'meta')
-EDGES = [[5,7],[7,9],[6,8],[8,10],[5,6],[11,12],[5,11],[6,12],
-         [11,13],[13,15],[12,14],[14,16],[0,1],[0,2],[1,3],[2,4],[0,5],[0,6]]
-
-def csi_vector(frame):
-    f = frame.get("features", {}) or {}
-    feats = [f.get("mean_rssi",0.0), f.get("variance",0.0),
-             f.get("motion_band_power",0.0), f.get("breathing_band_power",0.0)]
-    pernode = {nf.get("node_id"): (nf.get("features") or {}) for nf in (frame.get("node_features") or [])}
-    for nid in (9,13):
-        nf = pernode.get(nid,{}); feats += [nf.get("mean_rssi",0.0), nf.get("variance",0.0), nf.get("motion_band_power",0.0)]
-    field = (frame.get("signal_field",{}) or {}).get("values") or []
-    field = (field + [0.0]*400)[:400]
-    return np.array(feats + field, np.float32)
-
-class Model:
-    def __init__(self, path):
-        z = np.load(path)
-        self.mu, self.sd = z["mu"], z["sd"]
-        self.W = [z["net_0_weight"], z["net_3_weight"], z["net_6_weight"], z["net_8_weight"]]
-        self.b = [z["net_0_bias"],   z["net_3_bias"],   z["net_6_bias"],   z["net_8_bias"]]
-    def __call__(self, x):
-        h = (x - self.mu) / self.sd
-        for i in range(3):
-            h = np.maximum(0.0, h @ self.W[i].T + self.b[i])     # Linear+ReLU
-        out = 1.0/(1.0+np.exp(-(h @ self.W[3].T + self.b[3])))   # Linear+Sigmoid -> 34
-        return out.reshape(17,2)
-
-CLIENTS = set()
-LATEST = {"pose": None}
-
-async def serve_client(ws):
-    CLIENTS.add(ws)
-    try:
-        await ws.send(json.dumps({"type":"meta","edges":EDGES}))
-        async for _ in ws:    # client is read-only; just keep alive
-            pass
-    except Exception:
-        pass
-    finally:
-        CLIENTS.discard(ws)
-
-async def infer_loop(model, in_url):
-    while True:
-        try:
-            async with websockets.connect(in_url, open_timeout=8, ping_interval=20) as ws:
-                async for msg in ws:
-                    d = json.loads(msg)
-                    kp = model(csi_vector(d))
-                    cls = d.get("classification",{})
-                    payload = {"type":"pose","src":d.get("source"),
-                               "presence":bool(cls.get("presence")),
-                               "motion":(d.get("features",{}) or {}).get("motion_band_power"),
-                               "kps":[[round(float(x),4),round(float(y),4)] for x,y in kp],
-                               "nodes":sorted(n.get("node_id") for n in d.get("nodes",[]) if n.get("node_id") is not None)}
-                    LATEST["pose"]=payload
-                    if CLIENTS:
-                        dead=[]
-                        for c in list(CLIENTS):
-                            try: await c.send(json.dumps(payload))
-                            except Exception: dead.append(c)
-                        for c in dead: CLIENTS.discard(c)
-        except Exception as e:
-            print(f"[infer] reconnect ({e})", flush=True); await asyncio.sleep(1.0)
-
-async def main():
-    ap = argparse.ArgumentParser()
-    ap.add_argument("--model", default=os.path.join(os.path.dirname(__file__),"model","model.npz"))
-    ap.add_argument("--in", dest="in_url", default="ws://localhost:8765/ws/sensing")
-    ap.add_argument("--port", type=int, default=8770)
-    args = ap.parse_args()
-    model = Model(args.model)
-    print(f"[infer] model {args.model} loaded; serving predicted poses on ws://0.0.0.0:{args.port}/pose")
-    async with websockets.serve(serve_client, "0.0.0.0", args.port):
-        await infer_loop(model, args.in_url)
-
-if __name__ == "__main__":
-    asyncio.run(main())
@@ -1,102 +0,0 @@
-#!/usr/bin/env python3
-"""Train a CSI->pose model on the camera-supervised dataset (ADR-079/180).
-
-Input  : 410-d CSI vector (4 global feats + 6 per-node + 400 signal-field).
-Target : 17 COCO keypoints (x,y), normalized 0..1 from the camera (ground truth).
-Reports HONEST held-out PCK@k + MPJPE on a chronological val split (the last
-20% of the session — never trained on), so the number is not leaked.
-
-Usage (ruvultra venv):
-    python wiflow_train.py --data ~/wiflow-room/dataset.jsonl --out ~/wiflow-room/model.pt
-"""
-import argparse, json, math, os, sys
-import numpy as np
-import torch, torch.nn as nn
-
-
-def load(path):
-    X, Y, V = [], [], []
-    with open(path) as f:
-        for line in f:
-            r = json.loads(line)
-            X.append(r["csi"])                       # 410
-            kp = r["kps"]                            # 17 x [x,y,vis]
-            Y.append([c for k in kp for c in (k[0], k[1])])   # 34
-            V.append([k[2] for k in kp])             # 17 visibilities
-    return np.array(X, np.float32), np.array(Y, np.float32), np.array(V, np.float32)
-
-
-class Net(nn.Module):
-    def __init__(self, din, dout):
-        super().__init__()
-        self.net = nn.Sequential(
-            nn.Linear(din, 512), nn.ReLU(), nn.Dropout(0.3),
-            nn.Linear(512, 256), nn.ReLU(), nn.Dropout(0.3),
-            nn.Linear(256, 128), nn.ReLU(),
-            nn.Linear(128, dout), nn.Sigmoid())   # coords in 0..1
-    def forward(self, x): return self.net(x)
-
-
-def pck(pred, gt, vis, thr):
-    # pred/gt: [N,34] -> [N,17,2]; PCK@thr in normalized image units, visible kps only
-    p = pred.reshape(-1, 17, 2); g = gt.reshape(-1, 17, 2)
-    d = np.linalg.norm(p - g, axis=2)             # [N,17]
-    m = vis > 0.5
-    return float((d[m] < thr).mean()) if m.any() else 0.0, float(d[m].mean()) if m.any() else float("nan")
-
-
-def main():
-    ap = argparse.ArgumentParser()
-    ap.add_argument("--data", required=True)
-    ap.add_argument("--out", default=os.path.expanduser("~/wiflow-room/model.pt"))
-    ap.add_argument("--epochs", type=int, default=300)
-    ap.add_argument("--bs", type=int, default=64)
-    args = ap.parse_args()
-
-    X, Y, V = load(args.data)
-    n = len(X)
-    print(f"[train] {n} samples, X={X.shape} Y={Y.shape}")
-    if n < 200:
-        print("[train] too few samples"); sys.exit(2)
-
-    # chronological split (NOT shuffled) so val is a held-out time segment -> honest
-    cut = int(n * 0.8)
-    mu, sd = X[:cut].mean(0), X[:cut].std(0) + 1e-6           # standardize on train only
-    Xn = (X - mu) / sd
-    dev = "cuda" if torch.cuda.is_available() else "cpu"
-    Xtr = torch.tensor(Xn[:cut]).to(dev); Ytr = torch.tensor(Y[:cut]).to(dev)
-    Xva = torch.tensor(Xn[cut:]).to(dev); Yva = Y[cut:]; Vva = V[cut:]
-
-    # mean-pose baseline (predict the train-mean pose for everything) — the bar to beat
-    mean_pose = Y[:cut].mean(0)
-    base_pck, base_mpjpe = pck(np.tile(mean_pose, (len(Yva), 1)), Yva, Vva, 0.10)
-
-    net = Net(X.shape[1], Y.shape[1]).to(dev)
-    opt = torch.optim.Adam(net.parameters(), lr=1e-3, weight_decay=1e-4)
-    lossf = nn.MSELoss()
-    best = (1e9, None)
-    for ep in range(args.epochs):
-        net.train(); perm = torch.randperm(len(Xtr), device=dev)
-        for i in range(0, len(Xtr), args.bs):
-            idx = perm[i:i+args.bs]
-            opt.zero_grad(); out = net(Xtr[idx]); loss = lossf(out, Ytr[idx]); loss.backward(); opt.step()
-        if (ep + 1) % 20 == 0 or ep == args.epochs - 1:
-            net.eval()
-            with torch.no_grad(): pv = net(Xva).cpu().numpy()
-            p10, mpj = pck(pv, Yva, Vva, 0.10); p05, _ = pck(pv, Yva, Vva, 0.05)
-            vloss = float(((pv - Yva) ** 2).mean())
-            print(f"[train] ep{ep+1:3d} val_mse={vloss:.4f} PCK@0.10={p10*100:.1f}% PCK@0.05={p05*100:.1f}% MPJPE={mpj:.4f}")
-            if vloss < best[0]: best = (vloss, {"sd": net.state_dict(), "p10": p10, "p05": p05, "mpj": mpj})
-
-    torch.save({"model": best[1]["sd"], "mu": mu, "sd": sd, "din": X.shape[1]}, args.out)
-    print("\n==================== HONEST RESULT (held-out 20%, never trained) ====================")
-    print(f"  MEAN-POSE BASELINE : PCK@0.10 = {base_pck*100:.1f}%  MPJPE = {base_mpjpe:.4f}  (the bar to beat)")
-    print(f"  CSI->POSE MODEL    : PCK@0.10 = {best[1]['p10']*100:.1f}%  PCK@0.05 = {best[1]['p05']*100:.1f}%  MPJPE = {best[1]['mpj']:.4f}")
-    delta = (best[1]['p10'] - base_pck) * 100
-    print(f"  VERDICT: model {'BEATS' if delta>1 else 'does NOT beat'} mean-pose baseline by {delta:+.1f} pp "
-          f"-> {'real CSI->pose signal' if delta>1 else 'NO usable CSI->pose signal (honest negative)'}")
-    print(f"  saved -> {args.out}")
-
-
-if __name__ == "__main__":
-    main()
@@ -468,29 +468,3 @@ menu "Mock CSI (QEMU Testing)"
        depends on CSI_MOCK_ENABLED
        default n
 endmenu
-
-menu "Onboard LED (ADR-183)"
-
-    config LED_GAMMA_VIZ
-        bool "Onboard WS2812: 40 Hz gamma flicker + CSI-motion colour"
-        default y
-        help
-            Drive the onboard WS2812 as a GENUS-style 40 Hz gamma square wave
-            (12.5 ms on / 12.5 ms off, 50% duty). The ON-phase colour is live
-            CSI motion (edge motion_energy) mapped through the ruv-neural-viz
-            viridis colormap (still=purple, moving=yellow).
-
-            Disable to leave the LED off at boot — lower power, no flicker.
-            NOTE: a 40 Hz flicker can affect photosensitive users; disable or
-            shield the LED in those environments. Not a medical device.
-
-    config LED_MOTION_FULLSCALE_MILLI
-        int "Motion value (x1000) that saturates the colormap to yellow"
-        depends on LED_GAMMA_VIZ
-        default 250
-        range 1 100000
-        help
-            edge motion_energy that maps to the top (yellow) of the viridis
-            colormap, in milli-units (250 = 0.25). Lower = more sensitive
-            (reaches yellow with less motion).
-endmenu
@@ -114,19 +114,6 @@ esp_err_t display_task_start(void)
    /* Init touch (optional) */
    esp_err_t touch_ret = display_hal_init_touch();

-    /* The SH8601 QSPI panel is write-only — display_hal_init_panel() above "succeeds"
-     * even on a bare board with no panel attached, so it cannot detect absence. The
-     * FT3168 touch controller is an I2C device with readback and is always present on
-     * the Touch-AMOLED board. If touch is absent, the panel "success" was a false-
-     * positive on a display-less DevKit: bail to headless so display_is_active() stays
-     * false and CSI upgrades to MGMT+DATA capture instead of starving at MGMT-only
-     * (RuView#1000). */
-    if (touch_ret != ESP_OK) {
-        ESP_LOGW(TAG, "No FT3168 touch readback — SH8601 probe was a false-positive on a "
-                      "display-less board; running headless so CSI captures (#1000)");
-        return ESP_OK;
-    }
-
    /* Initialize LVGL */
    lv_init();

@@ -144,54 +144,6 @@ static void wifi_init_sta(void)
    }
 }

-#if CONFIG_LED_GAMMA_VIZ
-/* Viridis colormap (60 steps), generated from ruv-neural-viz::ColorMap::viridis()
- * — the rUv-Neural brain-topology colormap, now no_std (ruvnet/ruv-neural#3 /
- * RuView#1126). Used as the ON-phase colour of the 40 Hz gamma flicker below:
- * dark-purple (still) -> teal -> green -> yellow (strong motion). */
-static const uint8_t VIRIDIS_LUT[60][3] = {
-    { 68,  1, 84},{ 67,  6, 88},{ 67, 12, 91},{ 66, 17, 95},{ 66, 23, 99},
-    { 65, 28,103},{ 64, 34,106},{ 64, 39,110},{ 63, 45,114},{ 63, 50,118},
-    { 62, 56,121},{ 61, 61,125},{ 61, 67,129},{ 60, 72,132},{ 59, 78,136},
-    { 59, 83,139},{ 57, 87,139},{ 55, 92,139},{ 53, 96,139},{ 52,100,139},
-    { 50,104,139},{ 48,109,139},{ 46,113,139},{ 44,117,140},{ 43,122,140},
-    { 41,126,140},{ 39,130,140},{ 37,134,140},{ 36,139,140},{ 34,143,140},
-    { 35,147,139},{ 39,151,136},{ 43,154,133},{ 47,158,130},{ 52,162,127},
-    { 56,166,124},{ 60,170,121},{ 64,173,119},{ 68,177,116},{ 72,181,113},
-    { 76,185,110},{ 81,189,107},{ 85,192,104},{ 89,196,102},{ 93,200, 99},
-    {102,203, 95},{113,205, 91},{124,207, 87},{134,209, 82},{145,211, 78},
-    {156,213, 74},{167,215, 70},{178,217, 66},{188,219, 62},{199,221, 58},
-    {210,223, 54},{221,225, 49},{231,227, 45},{242,229, 41},{253,231, 37},
-};
-static led_strip_handle_t s_viz_led;
-
-/* motion_energy that saturates the colormap to yellow (CONFIG, milli-units). */
-#define LED_MOTION_FULLSCALE ((float)CONFIG_LED_MOTION_FULLSCALE_MILLI / 1000.0f)
-
-/* GENUS-style 40 Hz gamma flicker: full on/off square wave, 50% duty (toggled
- * every 12.5 ms → 40 Hz). The ON colour is live CSI motion (edge motion_energy)
- * mapped through the ruv-neural-viz viridis LUT — still=purple, moving=yellow.
- * So the LED is a real 40 Hz gamma stimulus whose hue tracks sensed motion. */
-static void led_gamma_40hz_cb(void *arg)
-{
-    static bool on = false;
-    on = !on;
-    if (on) {
-        edge_vitals_pkt_t v;
-        float m = edge_get_vitals(&v) ? v.motion_energy : 0.0f;
-        float norm = m / LED_MOTION_FULLSCALE;
-        if (norm < 0.0f) norm = 0.0f;
-        if (norm > 1.0f) norm = 1.0f;
-        int idx = (int)(norm * 59.0f + 0.5f);
-        const uint8_t *c = VIRIDIS_LUT[idx];
-        led_strip_set_pixel(s_viz_led, 0, c[0], c[1], c[2]); /* R,G,B (driver maps to GRB) */
-    } else {
-        led_strip_set_pixel(s_viz_led, 0, 0, 0, 0);          /* off phase */
-    }
-    led_strip_refresh(s_viz_led);
-}
-#endif /* CONFIG_LED_GAMMA_VIZ */
-
 void app_main(void)
 {
    /* Initialize NVS */
@@ -221,16 +173,15 @@ void app_main(void)
    ESP_LOGI(TAG, "%s CSI Node (ADR-018 / ADR-110) — v%s — Node ID: %d",
             target_name, app_desc->version, g_nvs_config.node_id);

-    /* Onboard WS2812. C6 wires the LED to GPIO 8; S3 to GPIO 38 (DevKitC-1 v1.0)
-     * or GPIO 48 (DevKitC-1 v1.1 / N16R8 — see #962). On S3 we drive 48 (the
-     * common module). On C6, GPIO 38/48 don't exist (only 0-30) — gate by target.
-     * Behaviour is set by CONFIG_LED_GAMMA_VIZ (ADR-183): on = 40 Hz gamma flicker
-     * coloured by CSI motion; off = clear the LED at boot. */
+    /* Turn off onboard WS2812 LED.
+     * S3 dev boards put the LED on GPIO 38; C6 dev boards on GPIO 8.
+     * On C6, GPIO 38 doesn't exist (only 0-30) — gate the init by target. */
 #if defined(CONFIG_IDF_TARGET_ESP32C6)
    const int led_gpio = 8;
 #else
-    const int led_gpio = 48;
+    const int led_gpio = 38;
 #endif
+    led_strip_handle_t led_strip;
    led_strip_config_t strip_config = {
        .strip_gpio_num = led_gpio,
        .max_leds = 1,
@@ -242,26 +193,9 @@ void app_main(void)
        .resolution_hz = 10 * 1000 * 1000, // 10MHz
        .flags.with_dma = false,
    };
-#if CONFIG_LED_GAMMA_VIZ
-    if (led_strip_new_rmt_device(&strip_config, &rmt_config, &s_viz_led) == ESP_OK) {
-        const esp_timer_create_args_t viz_args = {
-            .callback = &led_gamma_40hz_cb,
-            .name = "led_gamma_40hz",
-        };
-        esp_timer_handle_t viz_timer;
-        if (esp_timer_create(&viz_args, &viz_timer) == ESP_OK) {
-            esp_timer_start_periodic(viz_timer, 12500); // 12.5 ms toggle → 40 Hz square wave
-            ESP_LOGI(TAG, "Onboard WS2812: 40 Hz gamma flicker (GENUS), colour=CSI motion via ruv-neural-viz, GPIO %d", led_gpio);
-        }
-    }
-#else
-    /* Viz disabled — clear the onboard LED at boot and release the RMT channel. */
-    led_strip_handle_t led_strip;
    if (led_strip_new_rmt_device(&strip_config, &rmt_config, &led_strip) == ESP_OK) {
        led_strip_clear(led_strip);
-        led_strip_del(led_strip);
    }
-#endif /* CONFIG_LED_GAMMA_VIZ */

    /* ADR-110 P4: 802.15.4 mesh time-sync (C6 only).
     * Initialized BEFORE WiFi so it's available even when WiFi STA can't
@@ -387,21 +387,11 @@ static mmwave_type_t probe_at_baud(uint32_t baud)
        if (len <= 0) continue;

        for (int i = 0; i < len; i++) {
-            /* MR60BHA2: require a *validated* 8-byte header — SOF (0x01) + a valid
-             * header checksum (over bytes 0..6) + a known frame type (0x0A__ or
-             * 0x0F09) — NOT a bare 0x01 byte. A floating UART1 with no sensor reads
-             * noise full of 0x01s, which the old `buf[i] == MR60_SOF` check mistook
-             * for a real sensor (false "Detected MR60BHA2", #1107). */
-            if (buf[i] == MR60_SOF && baud == MMWAVE_MR60_BAUD && i + 7 < len) {
-                const uint8_t *h = &buf[i];
-                if (mr60_calc_checksum(h, 7) == h[7]) {
-                    uint16_t type = ((uint16_t)h[5] << 8) | h[6];
-                    if ((type >> 8) == 0x0A || type == 0x0F09) {
-                        mr60_sof_seen++;
-                    }
-                }
+            /* MR60BHA2: SOF = 0x01, followed by valid-looking frame_id bytes */
+            if (buf[i] == MR60_SOF && baud == MMWAVE_MR60_BAUD) {
+                mr60_sof_seen++;
            }
-            /* LD2410: 4-byte header 0xF4F3F2F1 (already specific enough). */
+            /* LD2410: 4-byte header 0xF4F3F2F1 */
            if (i + 3 < len && buf[i] == 0xF4 && buf[i+1] == 0xF3
                && buf[i+2] == 0xF2 && buf[i+3] == 0xF1
                && baud == MMWAVE_LD2410_BAUD) {
@@ -413,8 +403,9 @@ static mmwave_type_t probe_at_baud(uint32_t baud)
        if (ld2410_header_seen >= 2) return MMWAVE_TYPE_LD2410;
    }

-    /* No weak single-hit fallback: line noise can produce a stray match, so a real
-     * sensor must clear the ≥3 (MR60) / ≥2 (LD2410) validated-frame thresholds. */
+    if (mr60_sof_seen > 0) return MMWAVE_TYPE_MR60BHA2;
+    if (ld2410_header_seen > 0) return MMWAVE_TYPE_LD2410;
+
    return MMWAVE_TYPE_NONE;
 }

@@ -1,18 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(npx ruview*)",
-      "mcp__ruview__*"
-    ],
-    "deny": [
-      "Read(./.env)",
-      "Read(./.env.*)"
-    ]
-  },
-  "mcpServers": {
-    "ruview": {
-      "command": "npx",
-      "args": ["-y", "@ruvnet/ruview", "mcp", "start"]
-    }
-  }
-}
@@ -1,29 +0,0 @@
---
-name: calibrate-room
-description: Run the ADR-151 per-room calibration pipeline — baseline → enroll → extract → train → a bank of small specialists (presence/posture/breathing/heartbeat/restlessness/anomaly).
---
-
-# calibrate-room
-
-Turn a provisioned node + sensing-server into a working room model. Pure-Rust,
-edge-deployable (ADR-151). Use the `ruview.calibrate` tool (installed
-`wifi-densepose` binary, else `cargo run -p wifi-densepose-cli`).
-
-## Sequence
-
-1. **baseline** — capture the empty room (Welford amplitude + von Mises phase). Leave
-   the room empty.
-   `ruview.calibrate {step: "baseline"}`
-2. **enroll** — record the occupant(s) doing the target activities.
-   `ruview.calibrate {step: "enroll"}`
-3. **train-room** — train the bank of small specialists from baseline + enrollment.
-   `ruview.calibrate {step: "train-room"}`
-4. **room-watch** — live presence/posture/breathing from the trained room.
-   `ruview.calibrate {step: "room-watch"}`  (or the `room-watch` skill)
-
-## Honesty
-
-The specialists are calibrated to *this* room; cross-room transfer is a separate
-problem (LoRA recalibration, ADR-079 P9). Report which room a number came from, and
-tag presence/vitals accuracy MEASURED only with a held-out check — run
-`ruview.claim_check` on the writeup.
@@ -1,30 +0,0 @@
---
-name: onboard
-description: Zero-to-sensing path picker for RuView (WiFi-DensePose) — pick docker-demo, repo-build, or live-esp32 and run the next concrete step.
---
-
-# onboard
-
-Get a newcomer from nothing to a working RuView setup. **First fact to set:** WiFi
-sensing infers *coarse* pose/presence/breathing from Channel State Information — it
-is **not a camera**, and any accuracy number must be MEASURED against a baseline
-(use the `verify` skill / `ruview.claim_check` tool). Never present WiFi output as
-camera-grade.
-
-## Pick a path
-
-Run `ruview.onboard {path}` or decide from:
-
-1. **docker-demo** — fastest, no hardware. Replays sample CSI into the dashboard.
-   `docker run -p 8000:8000 ruvnet/wifi-densepose` → open `http://localhost:8000`.
-   Use to see what it looks like.
-2. **repo-build** — for developers. `cd v2 && cargo test --workspace --no-default-features`
-   (1,031+ tests pass), then `cargo run -p wifi-densepose-cli -- --help`.
-3. **live-esp32** — a real install. Flash a node (`provision-node` skill), point it at
-   the sensing-server, then `calibrate-room`. This is the only path that senses a real room.
-
-## Then
-
- Live sensing → go to **provision-node**, then **calibrate-room**.
- Evaluating a model/claim → go to **verify** and run `ruview.claim_check` on any
-  report before you quote a number.
@@ -1,49 +0,0 @@
---
-name: provision-node
-description: Build, flash, and provision an ESP32-S3/C6 CSI node for RuView — firmware variant choice, ESP-IDF Windows-subprocess flow, NVS/WiFi/channel/MAC-filter overrides.
---
-
-# provision-node
-
-Bring an ESP32 sensing node online.
-
-## 1. Pick a firmware variant
-
- **s3-8mb** (display build) — ESP32-S3 N16R8 / 16MB; AMOLED optional. The display-detect
-  fix (#1000) means a *bare* board still captures CSI (MGMT+DATA).
- **s3-4mb** (no-display) — ESP32-S3 4MB; dual-OTA, display disabled.
- **c6** — ESP32-C6 + Seeed MR60BHA2 (60 GHz mmWave + WiFi CSI). The mmwave probe
-  requires a validated MR60 header (#1107) so an empty UART never false-detects.
-
-Prebuilt binaries: GitHub release `v0.8.1-esp32` (hardware-validated on S3 QFN56 rev v0.2).
-
-## 2. Flash
-
-ESP-IDF v5.4 on Windows is **subprocess-only** (Git Bash/MSYS is unsupported — strip
-`MSYSTEM*` env vars). Offsets for the S3 image:
-
-```
-esptool --chip esp32s3 -p <PORT> -b 460800 write_flash \
-  0x0 bootloader.bin  0x8000 partition-table.bin \
-  0xf000 ota_data_initial.bin  0x20000 esp32-csi-node-s3-8mb.bin
-```
-
-(`ruview.node_flash` returns the exact pinned command rather than running an
-unattended flash.)
-
-## 3. Provision
-
-```
-python firmware/esp32-csi-node/provision.py --port <PORT> \
-  --ssid "<SSID>" --password "<secret>" --target-ip <server-ip> --target-port 5005
-# optional ADR-060 overrides:
-python firmware/esp32-csi-node/provision.py --port <PORT> --channel 6 --filter-mac AA:BB:CC:DD:EE:FF
-```
-
-Never echo or commit the WiFi password.
-
-## 4. Confirm CSI is flowing
-
-`ruview.node_monitor {port}` — PASS criteria: serial shows `CSI cb #...` callbacks and
-(on a bare board) `CSI filter upgraded to MGMT+DATA`. No callbacks → the node isn't
-capturing; do not proceed to calibration.
@@ -1,33 +0,0 @@
---
-name: train-pose
-description: Train/evaluate WiFi pose models honestly — camera-supervised (MediaPipe + CSI) and camera-free (WiFlow), always checked against the mean-pose baseline before any PCK is quoted.
---
-
-# train-pose
-
-Build a CSI→pose model without overstating it. The project has a **retracted 92.9%/100%**
-history — the discipline below exists so it never recurs.
-
-## The non-negotiable: mean-pose baseline first
-
-A pose model that always predicts the dataset's *mean pose* already scores ~50% PCK.
-**Quote PCK only as a delta over that baseline**, on a held-out split with no subject
-or temporal leakage. Example honest result (ADR-181):
-
-> Held-out PCK@20 **59.5%** vs a 50% mean-pose baseline = **+9.4 pp real signal** — MEASURED.
-
-## Paths
-
- **camera-supervised** (ADR-079) — MediaPipe Pose labels the camera frame; paired CSI
-  trains the net. Train/infer in one camera frame so the skeleton aligns.
- **camera-free** (WiFlow, ADR-152) — no camera at inference; geometry-conditioned.
- **in-browser** (ADR-181) — WebGPU/WASM trainer; the active backend is shown as a badge
-  (honest about what's executing).
-
-## Before you publish a number
-
-1. Run the mean-pose baseline on the same split.
-2. Report `(model − baseline)` in pp, with the split definition (chronological /
-   blocked-gap / grouped-bucket; no leakage).
-3. `ruview.claim_check` the writeup — it flags any untagged or 100%/perfect claim.
-4. If it's a benchmark vs SOTA, tag MEASURED-EQUIVALENT only with the reproducer.
@@ -1,42 +0,0 @@
---
-name: verify
-description: Prove a RuView result is real — run the deterministic SHA-256 proof and the witness bundle (ADR-028), and lint any claim for MEASURED-vs-CLAIMED honesty.
---
-
-# verify
-
-The "prove everything" skill. Nothing ships as validated without this.
-
-## Deterministic proof (Trust Kill Switch)
-
-`ruview.verify` runs `archive/v1/data/proof/verify.py`: it feeds a reference signal
-through the production pipeline and hashes the output against
-`expected_features.sha256`. Must print **VERDICT: PASS**. If numpy/scipy changed the
-hash, regenerate with `verify.py --generate-hash` then re-verify.
-
-## Witness bundle (ADR-028)
-
-For a release-grade attestation:
-
-```
-bash scripts/generate-witness-bundle.sh
-cd dist/witness-bundle-ADR028-*/ && bash VERIFY.sh   # must be 7/7 PASS
-```
-
-Contains the Rust test log, the proof + expected hash, firmware SHA-256 manifest, and
-crate versions — a recipient can re-verify with one command.
-
-## Claim honesty
-
-Run `ruview.claim_check {text}` on any report, README section, PR body, or model card
-before quoting accuracy. It flags:
- untagged accuracy numbers (must be MEASURED / CLAIMED / SYNTHETIC),
- MEASURED claims with no reproducer cited,
- the retracted "100%/perfect accuracy" framing.
-
-## Firmware-specific
-
-A firmware fix is **not** "hardware-validated" without a captured boot log on real
-silicon (e.g. the `v0.8.1-esp32` rev-v0.2 validation: `running headless so CSI
-captures (#1000)` + `CSI filter upgraded to MGMT+DATA` + a no-false-detect mmwave
-probe). Do not merge or release on a build-passes signal alone.
@@ -1,39 +0,0 @@
-{
-  "schema": 1,
-  "generator": "metaharness 0.1.15 + ADR-182 hardening",
-  "template": "vertical:ruview",
-  "name": "@ruvnet/ruview",
-  "vars": {
-    "name": "@ruvnet/ruview",
-    "description": "RuView WiFi-sensing operator agent harness",
-    "host": "claude-code"
-  },
-  "hosts": [
-    "claude-code"
-  ],
-  "files": {
-    ".claude/settings.json": "b0ea971383716f18b89db73010b8f0ea0f1b16bdec4cd1068245772ba1c27bdd",
-    ".claude/skills/calibrate-room/SKILL.md": "6a6c8211a7109feb76620c618963c10ad9a9f633ffce7676e631a80a1181986d",
-    ".claude/skills/onboard/SKILL.md": "22323732fe746b38b77a7c8c052e952dff2fe87ae939ba125379125827385f21",
-    ".claude/skills/provision-node/SKILL.md": "5ffe5a75873e873b80758d9c81005774d4191317227f2e9aa4345cbce3f29751",
-    ".claude/skills/train-pose/SKILL.md": "b3ee95bfb0b678eb3d101138b9ea0e7cab3db3a9906d19c4059f9cca0598e87b",
-    ".claude/skills/verify/SKILL.md": "c0314d5ead465d9089b6a4917fd125051a5be20dc07ba92d5b601fcaada32e19",
-    "CLAUDE.md": "7ecdb2b9d9abcf4aa22dd3ce553b60216a135e147893a59fa944fc1a8c81f5ef",
-    "LICENSE": "631f94984f626818d42ecf717aa6e8e0afd4f9f355ca706bd2effafbd1416d06",
-    "README.md": "b77d30428de8efb6758f2ca3eb22e84849013b2c0e6c601d488d2ea5a6f0da44",
-    "bin/cli.js": "b0d74690cff4329dfe342271fc475eaa140b767bdb66b37cf4992ad209012fe8",
-    "package.json": "2af49561ef0d59cafc4b99885816e580635b2d2ad329dfe17c69b9df6f8afceb",
-    "skills/calibrate-room.md": "6a6c8211a7109feb76620c618963c10ad9a9f633ffce7676e631a80a1181986d",
-    "skills/onboard.md": "22323732fe746b38b77a7c8c052e952dff2fe87ae939ba125379125827385f21",
-    "skills/provision-node.md": "5ffe5a75873e873b80758d9c81005774d4191317227f2e9aa4345cbce3f29751",
-    "skills/train-pose.md": "b3ee95bfb0b678eb3d101138b9ea0e7cab3db3a9906d19c4059f9cca0598e87b",
-    "skills/verify.md": "c0314d5ead465d9089b6a4917fd125051a5be20dc07ba92d5b601fcaada32e19",
-    "src/guardrails.js": "1631cea02c4354fe6126c576300faf5f8b68ae2f5e2e3a658c99eb25a7403e55",
-    "src/mcp-server.js": "e51379f5ebb0b7b4670c7412714e559931ef1be8df20551f8f7309b53f0fb7af",
-    "src/tools.js": "b558f61bb202abf5a967ce3a6ccaea351f2d186238cf49c7fc151d1de028eee8"
-  },
-  "meta": {
-    "surface": "cli+mcp",
-    "adr": "ADR-182"
-  }
-}
@@ -1 +0,0 @@
-6c6c1431c37472494c9b309c8b5d761dd4fc41e30313baead6320831fb982e57  manifest.json
@@ -1,34 +0,0 @@
-# RuView harness — agent operating notes
-
-You are operating **RuView** (WiFi-DensePose), a camera-free WiFi-CSI sensing system.
-
-## The one rule: prove everything
-
-This project was accused of AI-slop; the fix is hard discipline. Before you quote ANY
-accuracy number:
-
-1. It must be tagged **MEASURED** (with a reproducer named), **CLAIMED**, or **SYNTHETIC**.
-2. Pose PCK is quoted only as a **delta over the mean-pose baseline** on a leakage-free
-   held-out split. (A mean-pose predictor already scores ~50% PCK.)
-3. Run `ruview.claim_check` on any report/PR/model-card. It flags untagged numbers and
-   the retracted "100%/perfect accuracy" framing.
-4. Firmware is "hardware-validated" only with a captured **boot log on real silicon** —
-   never on a build-passes signal.
-
-## Tools
-
-`ruview.onboard`, `ruview.claim_check`, `ruview.verify`, `ruview.node_monitor`,
-`ruview.calibrate`, `ruview.node_flash`. All fail-closed. Mutating/hardware tools
-(`node_flash`) require explicit confirmation and are Windows/ESP-IDF gated.
-
-## Skills
-
-`onboard` · `provision-node` · `calibrate-room` · `train-pose` · `verify`
-(`npx @ruvnet/ruview skill <name>`).
-
-## Don'ts
-
- Don't present WiFi sensing as camera-grade.
- Don't echo or commit WiFi passwords / secrets.
- Don't merge or release firmware without a real boot log.
- Don't report a PCK without its mean-pose baseline.
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 ruvnet
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
@@ -1,60 +0,0 @@
-# `npx @ruvnet/ruview` — RuView WiFi-sensing operator harness
-
-An AI agent harness that knows how to operate **RuView** (WiFi-DensePose): onboard a
-newcomer, provision an ESP32 CSI node, calibrate a room, train pose models, and —
-crucially — **refuse to overstate accuracy**. Minted from the RuView monorepo via
-[`metaharness`](https://www.npmjs.com/package/metaharness) and hardened per **ADR-182**.
-
-WiFi sensing infers *coarse* pose/presence/breathing from Channel State Information.
-It is **not a camera**. Every accuracy number this harness emits must be MEASURED
-against a baseline — that rule is enforced in code (`ruview.claim_check`).
-
-## Quick start
-
-```bash
-npx @ruvnet/ruview                       # onboard — pick a setup path
-npx @ruvnet/ruview claim-check --text "we hit 100% accuracy"   # the honesty guardrail
-npx @ruvnet/ruview verify                # run the deterministic proof (VERDICT: PASS)
-npx @ruvnet/ruview doctor                # self-check (tools + optional kernel/host)
-npx @ruvnet/ruview --help
-```
-
-The operator tools are pure Node and run with **zero install weight**. The
-`@metaharness/kernel` + host adapter are `optionalDependencies` — only `doctor` /
-`install` use them, only if present.
-
-## Tools (`ruview.*`)
-
-Exposed both as CLI verbs and as an MCP server (`npx @ruvnet/ruview mcp start`):
-
-| Tool | What it does |
-|------|--------------|
-| `ruview.onboard` | Pick docker-demo / repo-build / live-esp32; print the next command |
-| `ruview.claim_check` | Lint text for untagged / overstated accuracy claims (guardrail) |
-| `ruview.verify` | Run `verify.py` deterministic proof → VERDICT |
-| `ruview.node_monitor` | Assert CSI is flowing on an ESP32 (read-only) |
-| `ruview.calibrate` | ADR-151 room pipeline (baseline→enroll→train-room→room-watch) |
-| `ruview.node_flash` | Build+flash firmware (Windows/ESP-IDF; mutating, guarded) |
-
-Every tool is **fail-closed**: missing repo / python / binary / port → an honest
-negative, never a fabricated success.
-
-## Skills
-
-Host-neutral playbooks in `skills/` (`onboard`, `provision-node`, `calibrate-room`,
-`train-pose`, `verify`). `npx @ruvnet/ruview skill <name>` prints one.
-
-## Use as a Claude Code MCP server
-
-The bundled `.claude/settings.json` registers the `ruview` MCP server
-(`npx -y @ruvnet/ruview mcp start`). Drop this package's `.claude/` into a repo, or run
-`npx @ruvnet/ruview install --host claude-code`.
-
-## Hosts
-
-claude-code (bundled), and via metaharness host adapters: codex, opencode, copilot,
-pi-dev, hermes, rvm, github-actions.
-
-## License
-
-MIT © ruvnet
@@ -1,181 +0,0 @@
-#!/usr/bin/env node
-// SPDX-License-Identifier: MIT
-// `npx ruview` — the RuView WiFi-sensing operator harness (minted via metaharness,
-// hardened per ADR-182). Plain ESM, no build step: ships and runs as-is.
-//
-// The `ruview.*` tools (onboard/verify/claim-check/…) are PURE Node and run with
-// zero deps. The kernel + host adapter are only touched by `doctor`/`install`
-// (the harness-into-a-repo story), so the operator tools never block on a wasm load.
-
-import { fileURLToPath } from 'node:url';
-import { realpathSync, existsSync, readdirSync, readFileSync } from 'node:fs';
-import { join, dirname } from 'node:path';
-import { argv } from 'node:process';
-import { TOOLS, runTool, listTools } from '../src/tools.js';
-import { claimCheck, summarize } from '../src/guardrails.js';
-
-const NAME = 'ruview';
-const ROOT = dirname(dirname(fileURLToPath(import.meta.url)));
-const SKILLS_DIR = join(ROOT, 'skills');
-
-// Map friendly CLI verbs → registry tool names.
-const VERB_TO_TOOL = {
-  onboard: 'ruview.onboard',
-  verify: 'ruview.verify',
-  'claim-check': 'ruview.claim_check',
-  calibrate: 'ruview.calibrate',
-  monitor: 'ruview.node_monitor',
-  flash: 'ruview.node_flash',
-};
-
-function pjson(o) { console.log(JSON.stringify(o, null, 2)); }
-
-function listSkills() {
-  if (!existsSync(SKILLS_DIR)) return [];
-  return readdirSync(SKILLS_DIR).filter((f) => f.endsWith('.md')).map((f) => f.replace(/\.md$/, ''));
-}
-
-async function doctor() {
-  const checks = [];
-  // Tools layer (always available, no deps).
-  checks.push(['tool registry loads', Object.keys(TOOLS).length > 0]);
-  checks.push(['claim_check flags a 100% claim',
-    !claimCheck('We hit 100% accuracy on poses.').ok]);
-  checks.push(['claim_check passes a tagged MEASURED claim',
-    claimCheck('Held-out PCK@20 59.5% (MEASURED vs mean-pose baseline, verify.py).').ok]);
-  checks.push(['skills present', listSkills().length > 0]);
-  // Kernel + host adapter (optional — only needed to install into a repo).
-  let kernelLine = 'kernel/host: not installed (ok — operator tools run without them)';
-  try {
-    const { loadKernel } = await import('@metaharness/kernel');
-    const adapter = (await import('@metaharness/host-claude-code')).default;
-    const k = await loadKernel();
-    const info = k.kernelInfo();
-    checks.push(['kernel loads + reports version', typeof info.version === 'string' && info.version.length > 0]);
-    checks.push(['kernel backend is native|wasm|js', ['native', 'wasm', 'js'].includes(k.backend)]);
-    checks.push(['host adapter resolves', typeof adapter?.name === 'string']);
-    kernelLine = `kernel ${info.version} (${k.backend}) · host ${adapter.name}`;
-  } catch {
-    /* kernel not installed — fine for the tools-only path */
-  }
-  let ok = true;
-  for (const [label, pass] of checks) { console.log(`${pass ? 'PASS' : 'FAIL'} ${label}`); if (!pass) ok = false; }
-  console.log(`\n${NAME}: ${ok ? 'all checks passed' : 'doctor found problems'} — ${kernelLine}`);
-  return ok ? 0 : 1;
-}
-
-function help() {
-  console.log(`Usage: ${NAME} <command> [options]
-
-Operator tools:
-  onboard [--path docker-demo|repo-build|live-esp32]   pick a setup path
-  verify [--repo <dir>]                                 run the deterministic proof (VERDICT: PASS)
-  claim-check --text "..."  |  --file <path>            lint accuracy claims (the honesty guardrail)
-  calibrate --step baseline|enroll|train-room|room-watch
-  monitor --port COM8 [--seconds 12]                    assert CSI is flowing on a node
-  flash --port COM8 --variant s3-8mb [--confirm]        build+flash firmware (Windows/ESP-IDF)
-
-Harness:
-  doctor                 verify the install (tools + optional kernel/host)
-  skills                 list bundled skills
-  skill <name>           print a skill playbook
-  mcp start              run the ruview.* MCP server (stdio)
-  install --host <h>     project the harness config into the current repo
-  --version | --help
-
-Hosts: claude-code, codex, opencode, copilot, pi-dev, hermes, rvm, github-actions`);
-  return 0;
-}
-
-/** tiny flag parser: --k v / --k=v / --flag (boolean) */
-function parseFlags(rest) {
-  const f = {};
-  for (let i = 0; i < rest.length; i++) {
-    const a = rest[i];
-    if (a.startsWith('--')) {
-      const eq = a.indexOf('=');
-      if (eq !== -1) { f[a.slice(2, eq)] = a.slice(eq + 1); }
-      else if (i + 1 < rest.length && !rest[i + 1].startsWith('--')) { f[a.slice(2)] = rest[++i]; }
-      else { f[a.slice(2)] = true; }
-    }
-  }
-  return f;
-}
-
-export async function run(args) {
-  const cmd = args[0] ?? 'onboard';
-  const rest = args.slice(1);
-  const flags = parseFlags(rest);
-
-  // Direct tool verbs.
-  if (VERB_TO_TOOL[cmd]) {
-    const toolArgs = { ...flags };
-    if (cmd === 'claim-check') {
-      if (flags.file) toolArgs.text = readFileSync(flags.file, 'utf8');
-      const res = runTool('ruview.claim_check', toolArgs);
-      pjson(res);
-      return res.ok ? 0 : 1;
-    }
-    if (cmd === 'monitor' && flags.seconds) toolArgs.seconds = Number(flags.seconds);
-    if (cmd === 'calibrate' && typeof flags.args === 'string') toolArgs.args = flags.args.split(',');
-    const res = runTool(VERB_TO_TOOL[cmd], toolArgs);
-    pjson(res);
-    return res.ok ? 0 : 1;
-  }
-
-  switch (cmd) {
-    case 'doctor': return doctor();
-    case 'skills': console.log(listSkills().join('\n') || '(none)'); return 0;
-    case 'skill': {
-      const n = rest[0];
-      const p = n && join(SKILLS_DIR, `${n}.md`);
-      if (!p || !existsSync(p)) { console.error(`No skill "${n}". Try: ${listSkills().join(', ')}`); return 2; }
-      console.log(readFileSync(p, 'utf8'));
-      return 0;
-    }
-    case 'mcp': {
-      if (rest[0] === 'start' || rest[0] === undefined) {
-        const { startMcpServer } = await import('../src/mcp-server.js');
-        startMcpServer();
-        return new Promise(() => {}); // run until stdin closes
-      }
-      console.error('Usage: ruview mcp start'); return 2;
-    }
-    case 'install': {
-      const host = flags.host || 'claude-code';
-      try {
-        const adapter = (await import('@metaharness/host-claude-code')).default;
-        console.log(`Projecting RuView harness for host "${host}" via ${adapter.name}.`);
-        console.log('Add to your host config — MCP server command: npx -y ruview mcp start');
-        console.log('Skills:', listSkills().join(', '));
-        return 0;
-      } catch {
-        console.error('Host adapter not installed. `npm i @metaharness/host-claude-code` or use the bundled .claude/ config.');
-        return 1;
-      }
-    }
-    case 'tools': pjson(listTools()); return 0;
-    case '--version': case '-v': {
-      const pkg = JSON.parse(readFileSync(join(ROOT, 'package.json'), 'utf8'));
-      console.log(pkg.version); return 0;
-    }
-    case '--help': case '-h': return help();
-    default:
-      console.error(`Unknown command: ${cmd}. Try \`${NAME} --help\`.`);
-      return 2;
-  }
-}
-
-// CLI guard: run only when invoked directly (realpath both sides — npm/npx shims
-// pass a non-normalized, possibly case-skewed argv[1] on Windows).
-const invokedDirectly = (() => {
-  if (!argv[1]) return false;
-  try {
-    const a = realpathSync(argv[1]);
-    const b = realpathSync(fileURLToPath(import.meta.url));
-    return process.platform === 'win32' ? a.toLowerCase() === b.toLowerCase() : a === b;
-  } catch { return false; }
-})();
-if (invokedDirectly) {
-  run(argv.slice(2)).then((code) => process.exit(code)).catch((err) => { console.error(err); process.exit(1); });
-}
@@ -1,65 +0,0 @@
-{
-  "name": "@ruvnet/ruview",
-  "version": "0.1.0",
-  "description": "RuView WiFi-sensing operator agent harness — onboard, calibrate, train, and verify camera-free WiFi-CSI sensing, with the project's MEASURED-vs-CLAIMED honesty guardrail enforced. Minted via metaharness (ADR-182).",
-  "type": "module",
-  "bin": {
-    "ruview": "bin/cli.js"
-  },
-  "exports": {
-    ".": "./src/tools.js",
-    "./guardrails": "./src/guardrails.js"
-  },
-  "files": [
-    "bin/",
-    "src/",
-    "skills/",
-    ".claude/",
-    ".harness/",
-    "CLAUDE.md",
-    "README.md",
-    "LICENSE"
-  ],
-  "scripts": {
-    "test": "node --test test/*.test.mjs",
-    "doctor": "node ./bin/cli.js doctor",
-    "mcp": "node ./bin/cli.js mcp start"
-  },
-  "optionalDependencies": {
-    "@metaharness/kernel": "^0.1.0",
-    "@metaharness/host-claude-code": "^0.1.0"
-  },
-  "keywords": [
-    "wifi-sensing",
-    "wifi-densepose",
-    "ruview",
-    "csi",
-    "channel-state-information",
-    "pose-estimation",
-    "presence-detection",
-    "esp32",
-    "agent-harness",
-    "metaharness",
-    "mcp",
-    "mcp-server",
-    "claude-code",
-    "ambient-intelligence"
-  ],
-  "engines": {
-    "node": ">=20.0.0"
-  },
-  "license": "MIT",
-  "author": "ruvnet",
-  "homepage": "https://github.com/ruvnet/RuView#readme",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ruvnet/RuView.git",
-    "directory": "harness/ruview"
-  },
-  "bugs": {
-    "url": "https://github.com/ruvnet/RuView/issues"
-  },
-  "publishConfig": {
-    "access": "public"
-  }
-}
@@ -1,29 +0,0 @@
---
-name: calibrate-room
-description: Run the ADR-151 per-room calibration pipeline — baseline → enroll → extract → train → a bank of small specialists (presence/posture/breathing/heartbeat/restlessness/anomaly).
---
-
-# calibrate-room
-
-Turn a provisioned node + sensing-server into a working room model. Pure-Rust,
-edge-deployable (ADR-151). Use the `ruview.calibrate` tool (installed
-`wifi-densepose` binary, else `cargo run -p wifi-densepose-cli`).
-
-## Sequence
-
-1. **baseline** — capture the empty room (Welford amplitude + von Mises phase). Leave
-   the room empty.
-   `ruview.calibrate {step: "baseline"}`
-2. **enroll** — record the occupant(s) doing the target activities.
-   `ruview.calibrate {step: "enroll"}`
-3. **train-room** — train the bank of small specialists from baseline + enrollment.
-   `ruview.calibrate {step: "train-room"}`
-4. **room-watch** — live presence/posture/breathing from the trained room.
-   `ruview.calibrate {step: "room-watch"}`  (or the `room-watch` skill)
-
-## Honesty
-
-The specialists are calibrated to *this* room; cross-room transfer is a separate
-problem (LoRA recalibration, ADR-079 P9). Report which room a number came from, and
-tag presence/vitals accuracy MEASURED only with a held-out check — run
-`ruview.claim_check` on the writeup.
@@ -1,30 +0,0 @@
---
-name: onboard
-description: Zero-to-sensing path picker for RuView (WiFi-DensePose) — pick docker-demo, repo-build, or live-esp32 and run the next concrete step.
---
-
-# onboard
-
-Get a newcomer from nothing to a working RuView setup. **First fact to set:** WiFi
-sensing infers *coarse* pose/presence/breathing from Channel State Information — it
-is **not a camera**, and any accuracy number must be MEASURED against a baseline
-(use the `verify` skill / `ruview.claim_check` tool). Never present WiFi output as
-camera-grade.
-
-## Pick a path
-
-Run `ruview.onboard {path}` or decide from:
-
-1. **docker-demo** — fastest, no hardware. Replays sample CSI into the dashboard.
-   `docker run -p 8000:8000 ruvnet/wifi-densepose` → open `http://localhost:8000`.
-   Use to see what it looks like.
-2. **repo-build** — for developers. `cd v2 && cargo test --workspace --no-default-features`
-   (1,031+ tests pass), then `cargo run -p wifi-densepose-cli -- --help`.
-3. **live-esp32** — a real install. Flash a node (`provision-node` skill), point it at
-   the sensing-server, then `calibrate-room`. This is the only path that senses a real room.
-
-## Then
-
- Live sensing → go to **provision-node**, then **calibrate-room**.
- Evaluating a model/claim → go to **verify** and run `ruview.claim_check` on any
-  report before you quote a number.
@@ -1,49 +0,0 @@
---
-name: provision-node
-description: Build, flash, and provision an ESP32-S3/C6 CSI node for RuView — firmware variant choice, ESP-IDF Windows-subprocess flow, NVS/WiFi/channel/MAC-filter overrides.
---
-
-# provision-node
-
-Bring an ESP32 sensing node online.
-
-## 1. Pick a firmware variant
-
- **s3-8mb** (display build) — ESP32-S3 N16R8 / 16MB; AMOLED optional. The display-detect
-  fix (#1000) means a *bare* board still captures CSI (MGMT+DATA).
- **s3-4mb** (no-display) — ESP32-S3 4MB; dual-OTA, display disabled.
- **c6** — ESP32-C6 + Seeed MR60BHA2 (60 GHz mmWave + WiFi CSI). The mmwave probe
-  requires a validated MR60 header (#1107) so an empty UART never false-detects.
-
-Prebuilt binaries: GitHub release `v0.8.1-esp32` (hardware-validated on S3 QFN56 rev v0.2).
-
-## 2. Flash
-
-ESP-IDF v5.4 on Windows is **subprocess-only** (Git Bash/MSYS is unsupported — strip
-`MSYSTEM*` env vars). Offsets for the S3 image:
-
-```
-esptool --chip esp32s3 -p <PORT> -b 460800 write_flash \
-  0x0 bootloader.bin  0x8000 partition-table.bin \
-  0xf000 ota_data_initial.bin  0x20000 esp32-csi-node-s3-8mb.bin
-```
-
-(`ruview.node_flash` returns the exact pinned command rather than running an
-unattended flash.)
-
-## 3. Provision
-
-```
-python firmware/esp32-csi-node/provision.py --port <PORT> \
-  --ssid "<SSID>" --password "<secret>" --target-ip <server-ip> --target-port 5005
-# optional ADR-060 overrides:
-python firmware/esp32-csi-node/provision.py --port <PORT> --channel 6 --filter-mac AA:BB:CC:DD:EE:FF
-```
-
-Never echo or commit the WiFi password.
-
-## 4. Confirm CSI is flowing
-
-`ruview.node_monitor {port}` — PASS criteria: serial shows `CSI cb #...` callbacks and
-(on a bare board) `CSI filter upgraded to MGMT+DATA`. No callbacks → the node isn't
-capturing; do not proceed to calibration.
@@ -1,33 +0,0 @@
---
-name: train-pose
-description: Train/evaluate WiFi pose models honestly — camera-supervised (MediaPipe + CSI) and camera-free (WiFlow), always checked against the mean-pose baseline before any PCK is quoted.
---
-
-# train-pose
-
-Build a CSI→pose model without overstating it. The project has a **retracted 92.9%/100%**
-history — the discipline below exists so it never recurs.
-
-## The non-negotiable: mean-pose baseline first
-
-A pose model that always predicts the dataset's *mean pose* already scores ~50% PCK.
-**Quote PCK only as a delta over that baseline**, on a held-out split with no subject
-or temporal leakage. Example honest result (ADR-181):
-
-> Held-out PCK@20 **59.5%** vs a 50% mean-pose baseline = **+9.4 pp real signal** — MEASURED.
-
-## Paths
-
- **camera-supervised** (ADR-079) — MediaPipe Pose labels the camera frame; paired CSI
-  trains the net. Train/infer in one camera frame so the skeleton aligns.
- **camera-free** (WiFlow, ADR-152) — no camera at inference; geometry-conditioned.
- **in-browser** (ADR-181) — WebGPU/WASM trainer; the active backend is shown as a badge
-  (honest about what's executing).
-
-## Before you publish a number
-
-1. Run the mean-pose baseline on the same split.
-2. Report `(model − baseline)` in pp, with the split definition (chronological /
-   blocked-gap / grouped-bucket; no leakage).
-3. `ruview.claim_check` the writeup — it flags any untagged or 100%/perfect claim.
-4. If it's a benchmark vs SOTA, tag MEASURED-EQUIVALENT only with the reproducer.
@@ -1,42 +0,0 @@
---
-name: verify
-description: Prove a RuView result is real — run the deterministic SHA-256 proof and the witness bundle (ADR-028), and lint any claim for MEASURED-vs-CLAIMED honesty.
---
-
-# verify
-
-The "prove everything" skill. Nothing ships as validated without this.
-
-## Deterministic proof (Trust Kill Switch)
-
-`ruview.verify` runs `archive/v1/data/proof/verify.py`: it feeds a reference signal
-through the production pipeline and hashes the output against
-`expected_features.sha256`. Must print **VERDICT: PASS**. If numpy/scipy changed the
-hash, regenerate with `verify.py --generate-hash` then re-verify.
-
-## Witness bundle (ADR-028)
-
-For a release-grade attestation:
-
-```
-bash scripts/generate-witness-bundle.sh
-cd dist/witness-bundle-ADR028-*/ && bash VERIFY.sh   # must be 7/7 PASS
-```
-
-Contains the Rust test log, the proof + expected hash, firmware SHA-256 manifest, and
-crate versions — a recipient can re-verify with one command.
-
-## Claim honesty
-
-Run `ruview.claim_check {text}` on any report, README section, PR body, or model card
-before quoting accuracy. It flags:
- untagged accuracy numbers (must be MEASURED / CLAIMED / SYNTHETIC),
- MEASURED claims with no reproducer cited,
- the retracted "100%/perfect accuracy" framing.
-
-## Firmware-specific
-
-A firmware fix is **not** "hardware-validated" without a captured boot log on real
-silicon (e.g. the `v0.8.1-esp32` rev-v0.2 validation: `running headless so CSI
-captures (#1000)` + `CSI filter upgraded to MGMT+DATA` + a no-false-detect mmwave
-probe). Do not merge or release on a build-passes signal alone.
@@ -1,106 +0,0 @@
-// SPDX-License-Identifier: MIT
-// RuView harness guardrails — the "prove everything" rule made executable.
-//
-// The project was accused of AI-slop; the cultural fix is that every accuracy
-// number must be tagged MEASURED (with a reproducer) or CLAIMED/SYNTHETIC, and
-// the retracted "100% accuracy" framing must never reappear untagged. This module
-// is the static enforcement of that, shared by the `ruview.claim_check` MCP tool,
-// the `npx ruview claim-check` CLI, and the claude-code pre-output hook.
-
-/** Phrases that signal a quantitative accuracy claim. */
-const METRIC_TERMS = [
-  'accuracy', 'pck', 'pck@', 'f1', 'precision', 'recall', 'map', 'auc',
-  'iou', 'mpjpe', 'error rate', 'detection rate', 'true positive',
-];
-
-/** Tags that make a claim honest (case-insensitive). */
-const HONEST_TAGS = ['measured', 'claimed', 'synthetic', 'unvalidated', 'baseline'];
-
-/** Reproducer references that count as evidence backing a MEASURED claim. */
-const REPRODUCER_HINTS = [
-  'verify.py', 'witness', 'mean-pose', 'mean pose', 'held-out', 'held out',
-  'baseline', 'reproduce', 'sha256', 'boot log', 'pck@20 vs', 'expected_features',
-];
-
-const PERCENT_RE = /\b(\d{1,3}(?:\.\d+)?)\s?%/g;
-// "perfect" / "100%" framing is the specific retracted claim — always high severity.
-// NOTE: no trailing \b after "%": "%"→" " is non-word→non-word, so a trailing \b
-// never matches and would silently miss "100%". Bare 100% is only damning next to a
-// metric term (see claimCheck); the word phrases are inherently accuracy claims.
-const PERFECT_PCT_RE = /\b100(?:\.0+)?\s?%/;
-const PERFECT_WORD_RE = /perfect accuracy|flawless|never (?:wrong|fails)/i;
-
-/**
- * Lint a block of text for untagged or overstated accuracy claims.
- * @param {string} text
- * @returns {{ok: boolean, findings: Array<{severity:'high'|'medium', line:number, excerpt:string, reason:string, suggestion:string}>}}
- */
-export function claimCheck(text) {
-  const findings = [];
-  if (typeof text !== 'string' || text.length === 0) {
-    return { ok: true, findings };
-  }
-  const lines = text.split(/\r?\n/);
-
-  lines.forEach((raw, i) => {
-    const line = raw.trim();
-    if (!line) return;
-    const lower = line.toLowerCase();
-
-    const hasPercent = PERCENT_RE.test(line);
-    PERCENT_RE.lastIndex = 0; // reset stateful global regex
-    const mentionsMetric = METRIC_TERMS.some((t) => lower.includes(t));
-    if (!hasPercent && !mentionsMetric) return;
-
-    const tagged = HONEST_TAGS.some((t) => lower.includes(t));
-    const hasReproducer = REPRODUCER_HINTS.some((h) => lower.includes(h));
-    const perfect = PERFECT_WORD_RE.test(line) || (mentionsMetric && PERFECT_PCT_RE.test(line));
-
-    if (perfect && !lower.includes('retract')) {
-      findings.push({
-        severity: 'high',
-        line: i + 1,
-        excerpt: clip(line),
-        reason: 'States perfect/100% accuracy — this is the exact framing the project retracted.',
-        suggestion: 'Replace with a held-out number vs the mean-pose baseline, tagged MEASURED, or mark the old claim "retracted".',
-      });
-      return;
-    }
-
-    // A metric/percent with no honesty tag at all.
-    if (!tagged) {
-      findings.push({
-        severity: 'medium',
-        line: i + 1,
-        excerpt: clip(line),
-        reason: 'Accuracy claim is not tagged MEASURED / CLAIMED / SYNTHETIC.',
-        suggestion: 'Tag it. If MEASURED, name the reproducer (verify.py, witness bundle, held-out vs mean-pose).',
-      });
-      return;
-    }
-
-    // Tagged MEASURED but cites no reproducer — still a gap.
-    if (lower.includes('measured') && !hasReproducer) {
-      findings.push({
-        severity: 'medium',
-        line: i + 1,
-        excerpt: clip(line),
-        reason: 'Tagged MEASURED but cites no reproducer/evidence.',
-        suggestion: 'Add the evidence path: verify.py VERDICT, witness bundle, or held-out PCK vs the mean-pose baseline.',
-      });
-    }
-  });
-
-  return { ok: findings.length === 0, findings };
-}
-
-function clip(s, n = 120) {
-  return s.length > n ? `${s.slice(0, n - 1)}…` : s;
-}
-
-/** Convenience: a one-line human summary for CLI output. */
-export function summarize(result) {
-  if (result.ok) return 'claim-check: PASS — no untagged or overstated accuracy claims.';
-  const high = result.findings.filter((f) => f.severity === 'high').length;
-  return `claim-check: ${result.findings.length} finding(s) (${high} high) — accuracy claims need MEASURED/CLAIMED tags + a reproducer.`;
-}
@@ -1,68 +0,0 @@
-// SPDX-License-Identifier: MIT
-// RuView harness — minimal MCP stdio server (JSON-RPC 2.0 over stdin/stdout).
-//
-// Dependency-free on purpose: a published `npx ruview` must `mcp start` without
-// pulling the full MCP SDK. Implements the subset hosts use: `initialize`,
-// `tools/list`, `tools/call`, and the `notifications/initialized` ack. Logs go to
-// stderr ONLY — stdout is the JSON-RPC channel and must stay clean.
-
-import { createInterface } from 'node:readline';
-import { listTools, runTool } from './tools.js';
-
-const PROTOCOL_VERSION = '2024-11-05';
-const SERVER_INFO = { name: 'ruview', version: '0.1.0' };
-
-function send(msg) {
-  process.stdout.write(JSON.stringify(msg) + '\n');
-}
-function result(id, res) { send({ jsonrpc: '2.0', id, result: res }); }
-function error(id, code, message) { send({ jsonrpc: '2.0', id, error: { code, message } }); }
-function log(...a) { process.stderr.write('[ruview-mcp] ' + a.join(' ') + '\n'); }
-
-function handle(msg) {
-  const { id, method, params } = msg;
-  switch (method) {
-    case 'initialize':
-      return result(id, {
-        protocolVersion: PROTOCOL_VERSION,
-        capabilities: { tools: { listChanged: false } },
-        serverInfo: SERVER_INFO,
-        instructions: 'RuView WiFi-sensing operator tools. All results are fail-closed; accuracy claims must pass ruview.claim_check.',
-      });
-    case 'notifications/initialized':
-    case 'initialized':
-      return; // notification — no response
-    case 'ping':
-      return result(id, {});
-    case 'tools/list':
-      return result(id, { tools: listTools() });
-    case 'tools/call': {
-      const name = params?.name;
-      const args = params?.arguments || {};
-      const out = runTool(name, args);
-      // MCP content envelope: text block with the JSON, isError reflects ok=false.
-      return result(id, {
-        content: [{ type: 'text', text: JSON.stringify(out, null, 2) }],
-        isError: out && out.ok === false,
-      });
-    }
-    default:
-      if (id !== undefined) error(id, -32601, `Method not found: ${method}`);
-  }
-}
-
-export function startMcpServer() {
-  log(`starting (protocol ${PROTOCOL_VERSION}, ${listTools().length} tools)`);
-  const rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
-  rl.on('line', (line) => {
-    const s = line.trim();
-    if (!s) return;
-    let msg;
-    try { msg = JSON.parse(s); } catch { return log('bad JSON line dropped'); }
-    try { handle(msg); } catch (err) {
-      if (msg && msg.id !== undefined) error(msg.id, -32603, String(err && err.message || err));
-      log('handler error:', String(err));
-    }
-  });
-  rl.on('close', () => { log('stdin closed — exiting'); process.exit(0); });
-}
@@ -1,220 +0,0 @@
-// SPDX-License-Identifier: MIT
-// RuView harness — the `ruview.*` tool registry.
-//
-// One registry consumed by BOTH the CLI (`npx ruview <tool>`) and the MCP server
-// (`npx ruview mcp start`). Every handler returns structured JSON and is
-// FAIL-CLOSED: when a prerequisite (the RuView repo, python+pyserial, the
-// `wifi-densepose` binary, an ESP32 on a port) is absent, it returns an honest
-// negative — never a fabricated success. This mirrors the project's "prove
-// everything" rule and the RuField fail-closed posture (ADR-262 §3.3).
-
-import { spawnSync } from 'node:child_process';
-import { existsSync, readFileSync } from 'node:fs';
-import { join, dirname, resolve } from 'node:path';
-import { claimCheck, summarize } from './guardrails.js';
-
-/** Walk up from `start` to find the RuView monorepo root (or null). */
-export function findRepoRoot(start = process.cwd()) {
-  let dir = resolve(start);
-  for (let i = 0; i < 8; i++) {
-    const hasProof = existsSync(join(dir, 'archive', 'v1', 'data', 'proof', 'verify.py'));
-    const hasV2 = existsSync(join(dir, 'v2', 'Cargo.toml'));
-    if (hasProof || hasV2) return dir;
-    const parent = dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  return null;
-}
-
-function which(cmd) {
-  const probe = process.platform === 'win32'
-    ? spawnSync('where', [cmd], { encoding: 'utf8' })
-    : spawnSync('command', ['-v', cmd], { encoding: 'utf8', shell: true });
-  return probe.status === 0 ? (probe.stdout || '').trim().split(/\r?\n/)[0] : null;
-}
-
-function run(cmd, args, opts = {}) {
-  const r = spawnSync(cmd, args, { encoding: 'utf8', timeout: opts.timeout ?? 120000, ...opts });
-  return {
-    status: r.status,
-    ok: r.status === 0,
-    stdout: (r.stdout || '').slice(-8000),
-    stderr: (r.stderr || '').slice(-4000),
-    error: r.error ? r.error.message : null,
-  };
-}
-
-const ONBOARD_PATHS = {
-  'docker-demo': 'Fastest. `docker run -p 8000:8000 ruvnet/wifi-densepose` → open the dashboard. No hardware; replays sample CSI. Good for "what does it look like".',
-  'repo-build': 'Build from source. `cd v2 && cargo test --workspace --no-default-features` (1,031+ tests). Then `cargo run -p wifi-densepose-cli -- --help`. Good for developers.',
-  'live-esp32': 'Real sensing. Flash an ESP32-S3 (see `provision-node` skill), point it at the sensing-server, then `calibrate → enroll → train-room → room-watch` (see `calibrate-room`). Good for an actual install.',
-};
-
-/**
- * The tool registry. Each entry: { title, description, inputSchema, handler }.
- * inputSchema is JSON-Schema (object). handler(args) → JSON-serializable result.
- */
-export const TOOLS = {
-  'ruview.onboard': {
-    title: 'Onboard',
-    description: 'Pick a RuView setup path (docker-demo | repo-build | live-esp32) and print the next concrete command.',
-    inputSchema: {
-      type: 'object',
-      properties: { path: { type: 'string', enum: Object.keys(ONBOARD_PATHS), description: 'Which setup path. Omit to list all.' } },
-    },
-    handler(args = {}) {
-      const repo = findRepoRoot();
-      if (args.path && ONBOARD_PATHS[args.path]) {
-        return { ok: true, path: args.path, next: ONBOARD_PATHS[args.path], in_ruview_repo: !!repo };
-      }
-      return {
-        ok: true,
-        in_ruview_repo: !!repo,
-        repo_root: repo,
-        paths: ONBOARD_PATHS,
-        recommend: repo ? 'repo-build' : 'docker-demo',
-        note: 'WiFi sensing infers coarse pose/presence from CSI — it is not a camera. Accuracy claims must be MEASURED vs a baseline (run `ruview.claim_check`).',
-      };
-    },
-  },
-
-  'ruview.claim_check': {
-    title: 'Claim check',
-    description: 'Static lint: scan text for untagged or overstated accuracy claims (the "prove everything" guardrail). Returns findings.',
-    inputSchema: {
-      type: 'object',
-      required: ['text'],
-      properties: { text: { type: 'string', description: 'The text to lint (a report, README section, PR body, model card).' } },
-    },
-    handler(args = {}) {
-      const result = claimCheck(String(args.text ?? ''));
-      return { ...result, summary: summarize(result) };
-    },
-  },
-
-  'ruview.verify': {
-    title: 'Verify (witness)',
-    description: 'Run the deterministic proof (archive/v1/data/proof/verify.py) and report VERDICT. Fail-closed if not in a RuView repo or python is missing.',
-    inputSchema: {
-      type: 'object',
-      properties: { repo: { type: 'string', description: 'RuView repo root. Default: auto-detect from cwd.' } },
-    },
-    handler(args = {}) {
-      const repo = args.repo ? resolve(args.repo) : findRepoRoot();
-      if (!repo) return { ok: false, reason: 'not_in_ruview_repo', hint: 'Run inside the RuView monorepo or pass {repo}.' };
-      const proof = join(repo, 'archive', 'v1', 'data', 'proof', 'verify.py');
-      if (!existsSync(proof)) return { ok: false, reason: 'proof_missing', path: proof };
-      const py = which('python') || which('python3');
-      if (!py) return { ok: false, reason: 'python_missing', hint: 'Install python to run the deterministic proof.' };
-      const r = run(py, [proof], { cwd: repo, timeout: 180000 });
-      const verdict = /VERDICT:\s*PASS/i.test(r.stdout) ? 'PASS' : (/VERDICT:\s*FAIL/i.test(r.stdout) ? 'FAIL' : 'UNKNOWN');
-      return { ok: r.ok && verdict === 'PASS', verdict, exit: r.status, tail: r.stdout.slice(-1200), stderr: r.stderr.slice(-400) };
-    },
-  },
-
-  'ruview.node_monitor': {
-    title: 'Node monitor',
-    description: 'Open an ESP32 serial port and assert CSI is flowing (MGMT+DATA). Fail-closed if python+pyserial or the port is absent. Read-only.',
-    inputSchema: {
-      type: 'object',
-      properties: {
-        port: { type: 'string', description: 'Serial port, e.g. COM8 or /dev/ttyUSB0.' },
-        seconds: { type: 'number', description: 'Capture window (default 12).' },
-      },
-    },
-    handler(args = {}) {
-      const port = args.port;
-      if (!port) return { ok: false, reason: 'no_port', hint: 'Pass {port} (e.g. COM8).' };
-      const py = which('python') || which('python3');
-      if (!py) return { ok: false, reason: 'python_missing' };
-      const dur = Number(args.seconds) > 0 ? Number(args.seconds) : 12;
-      const script = [
-        'import sys,time',
-        'try:',
-        ' import serial',
-        'except Exception as e:',
-        " print('NO_PYSERIAL'); sys.exit(3)",
-        `ser=serial.Serial(${JSON.stringify(port)},115200,timeout=1)`,
-        'csi=0; n=0; t=time.time()',
-        `while time.time()-t<${dur}:`,
-        ' ln=ser.readline()',
-        ' if not ln: continue',
-        " s=ln.decode('utf-8','replace')",
-        ' n+=1',
-        " if 'CSI cb' in s or 'csi_collector' in s: csi+=1",
-        " if 'MGMT+DATA' in s: print('UPGRADE_MGMT_DATA')",
-        'ser.close()',
-        "print(f'LINES={n} CSI={csi}')",
-      ].join('\n');
-      const r = run(py, ['-c', script], { timeout: (dur + 10) * 1000 });
-      if (r.stdout.includes('NO_PYSERIAL')) return { ok: false, reason: 'pyserial_missing', hint: 'pip install pyserial' };
-      if (!r.ok) return { ok: false, reason: 'port_error', stderr: r.stderr, error: r.error };
-      const csi = Number((r.stdout.match(/CSI=(\d+)/) || [])[1] || 0);
-      const upgraded = r.stdout.includes('UPGRADE_MGMT_DATA');
-      return { ok: csi > 0, csi_callbacks: csi, mgmt_data_upgrade: upgraded, raw: r.stdout.trim() };
-    },
-  },
-
-  'ruview.calibrate': {
-    title: 'Calibrate room',
-    description: 'Run the ADR-151 room pipeline via the wifi-densepose CLI (baseline→enroll→train-room). Fail-closed if the binary is absent.',
-    inputSchema: {
-      type: 'object',
-      properties: {
-        step: { type: 'string', enum: ['baseline', 'enroll', 'train-room', 'room-watch'], description: 'Which calibration step.' },
-        args: { type: 'array', items: { type: 'string' }, description: 'Extra CLI args passed through.' },
-      },
-    },
-    handler(args = {}) {
-      const step = args.step || 'baseline';
-      const bin = which('wifi-densepose');
-      const repo = findRepoRoot();
-      if (!bin && !repo) return { ok: false, reason: 'cli_missing', hint: 'Install the wifi-densepose CLI or run in the repo (cargo run -p wifi-densepose-cli).' };
-      const passthru = Array.isArray(args.args) ? args.args.map(String) : [];
-      // Prefer the installed binary; otherwise cargo-run from the repo.
-      const r = bin
-        ? run(bin, [step, ...passthru], { timeout: 300000 })
-        : run('cargo', ['run', '-q', '-p', 'wifi-densepose-cli', '--', step, ...passthru], { cwd: repo, timeout: 600000 });
-      return { ok: r.ok, step, via: bin ? 'binary' : 'cargo', exit: r.status, tail: r.stdout.slice(-1500), stderr: r.stderr.slice(-500) };
-    },
-  },
-
-  'ruview.node_flash': {
-    title: 'Node flash',
-    description: 'Build+flash an ESP32 firmware variant. MUTATING + hardware. Fail-closed off-Windows or without ESP-IDF. Never claims hardware validation without a boot log.',
-    inputSchema: {
-      type: 'object',
-      properties: {
-        port: { type: 'string', description: 'Target port, e.g. COM8.' },
-        variant: { type: 'string', enum: ['s3-8mb', 's3-4mb', 'c6'], description: 'Firmware variant.' },
-        confirm: { type: 'boolean', description: 'Must be true to actually flash (guard).' },
-      },
-    },
-    handler(args = {}) {
-      if (process.platform !== 'win32') {
-        return { ok: false, reason: 'unsupported_platform', detail: 'The ESP-IDF flash flow is Windows-subprocess-specific today (see CLAUDE.local.md).' };
-      }
-      if (!args.confirm) {
-        return { ok: false, reason: 'not_confirmed', detail: 'Mutating hardware op — re-call with {confirm:true}.', would_flash: { port: args.port, variant: args.variant || 's3-8mb' } };
-      }
-      return { ok: false, reason: 'manual_step_required', detail: 'Flashing uses the pinned ESP-IDF subprocess in CLAUDE.local.md. This tool returns the exact command rather than running an unattended flash.', see: 'skills/provision-node.md' };
-    },
-  },
-};
-
-/** Run one tool by name; returns the structured result (or an error envelope). */
-export function runTool(name, args) {
-  const tool = TOOLS[name];
-  if (!tool) return { ok: false, reason: 'unknown_tool', name, available: Object.keys(TOOLS) };
-  try {
-    return tool.handler(args || {});
-  } catch (err) {
-    return { ok: false, reason: 'tool_threw', name, error: String(err && err.message || err) };
-  }
-}
-
-/** MCP-shaped tool list: [{name, description, inputSchema}]. */
-export function listTools() {
-  return Object.entries(TOOLS).map(([name, t]) => ({ name, description: t.description, inputSchema: t.inputSchema }));
-}
@@ -1,111 +0,0 @@
-// SPDX-License-Identifier: MIT
-// RuView harness tests — Node's built-in test runner (no devDeps to install).
-// Run: `node --test test/`  (or `npm test`).
-
-import { test } from 'node:test';
-import assert from 'node:assert/strict';
-import { claimCheck, summarize } from '../src/guardrails.js';
-import { TOOLS, runTool, listTools, findRepoRoot } from '../src/tools.js';
-import { run } from '../bin/cli.js';
-
-test('guardrail flags the retracted 100% framing as high severity', () => {
-  const r = claimCheck('Our model reaches 100% accuracy on every pose.');
-  assert.equal(r.ok, false);
-  assert.ok(r.findings.some((f) => f.severity === 'high'));
-});
-
-test('guardrail flags an untagged percentage accuracy claim', () => {
-  // "hit", not "measured" — "measured" would (correctly) route to the no-reproducer branch.
-  const r = claimCheck('We hit 92.9% PCK on the test set.');
-  assert.equal(r.ok, false);
-  assert.ok(r.findings.some((f) => /not tagged/i.test(f.reason)));
-});
-
-test('guardrail passes a MEASURED claim that cites a reproducer', () => {
-  const r = claimCheck('Held-out PCK@20 59.5% vs 50% mean-pose baseline = +9.4pp (MEASURED, verify.py).');
-  assert.equal(r.ok, true, JSON.stringify(r.findings));
-});
-
-test('guardrail flags MEASURED with no reproducer', () => {
-  const r = claimCheck('Presence detection 97% (MEASURED).');
-  assert.equal(r.ok, false);
-  assert.ok(r.findings.some((f) => /no reproducer/i.test(f.reason)));
-});
-
-test('guardrail ignores non-metric prose', () => {
-  assert.equal(claimCheck('The ESP32 streams CSI over UDP to the sensing-server.').ok, true);
-  assert.equal(claimCheck('').ok, true);
-});
-
-test('summarize gives PASS/finding text', () => {
-  assert.match(summarize(claimCheck('nothing here')), /PASS/);
-  assert.match(summarize(claimCheck('100% accuracy')), /finding/);
-});
-
-test('registry exposes the documented tools with schemas', () => {
-  const names = Object.keys(TOOLS);
-  for (const n of ['ruview.onboard', 'ruview.claim_check', 'ruview.verify', 'ruview.node_monitor', 'ruview.calibrate', 'ruview.node_flash']) {
-    assert.ok(names.includes(n), `missing ${n}`);
-    assert.equal(TOOLS[n].inputSchema.type, 'object');
-  }
-  assert.equal(listTools().length, names.length);
-});
-
-test('ruview.onboard returns paths and a recommendation', () => {
-  const r = runTool('ruview.onboard', {});
-  assert.equal(r.ok, true);
-  assert.ok(r.paths['live-esp32']);
-  assert.ok(['repo-build', 'docker-demo'].includes(r.recommend));
-});
-
-test('ruview.claim_check tool wraps the guardrail', () => {
-  const r = runTool('ruview.claim_check', { text: '100% accuracy' });
-  assert.equal(r.ok, false);
-  assert.match(r.summary, /honesty|tag|MEASURED|finding/i);
-});
-
-test('unknown tool fails closed', () => {
-  const r = runTool('ruview.does_not_exist', {});
-  assert.equal(r.ok, false);
-  assert.equal(r.reason, 'unknown_tool');
-});
-
-test('node_monitor fails closed without a port', () => {
-  const r = runTool('ruview.node_monitor', {});
-  assert.equal(r.ok, false);
-  assert.equal(r.reason, 'no_port');
-});
-
-test('node_flash refuses without confirm (mutating guard)', () => {
-  const r = runTool('ruview.node_flash', { port: 'COM8', variant: 's3-8mb' });
-  assert.equal(r.ok, false);
-  // either not-confirmed (win32) or unsupported_platform (posix) — both fail-closed
-  assert.ok(['not_confirmed', 'unsupported_platform'].includes(r.reason));
-});
-
-test('verify fails closed when not in a RuView repo', () => {
-  // point at a tmp dir with no repo markers
-  const r = runTool('ruview.verify', { repo: process.platform === 'win32' ? 'C:/Windows/Temp' : '/tmp' });
-  assert.equal(r.ok, false);
-  assert.ok(['proof_missing', 'python_missing'].includes(r.reason), r.reason);
-});
-
-test('CLI run(): claim-check exits non-zero on a bad claim', async () => {
-  const code = await run(['claim-check', '--text', '100% accuracy']);
-  assert.notEqual(code, 0);
-});
-
-test('CLI run(): doctor exits 0 (tools-only path)', async () => {
-  const code = await run(['doctor']);
-  assert.equal(code, 0);
-});
-
-test('CLI run(): unknown command exits non-zero', async () => {
-  assert.notEqual(await run(['definitely-not-a-command']), 0);
-});
-
-test('findRepoRoot locates this monorepo from cwd', () => {
-  // when run from within wifi-densepose, it should find a root; elsewhere null is fine
-  const root = findRepoRoot();
-  assert.ok(root === null || typeof root === 'string');
-});
@@ -184,9 +184,7 @@ function loadGroundTruth(filePath) {
  const raw = loadJsonl(filePath);
  const frames = [];
  for (const r of raw) {
-    // Skip non-detection frames (empty keypoints []) — they must not dilute window
-    // confidence; confidence stats are over actual detections only (#1007 Bug 2).
-    if (r.ts_ns == null || !r.keypoints || r.keypoints.length === 0) continue;
+    if (r.ts_ns == null || !r.keypoints) continue;
    frames.push({
      tsMs: cameraTsToMs(r.ts_ns),
      keypoints: r.keypoints,
@@ -268,29 +266,7 @@ function loadCsi(filePath) {
  // Sort by timestamp
  rawCsi.sort((a, b) => a.tsMs - b.tsMs);
  features.sort((a, b) => a.tsMs - b.tsMs);
-
-  // Bug 3 (#1007): keep only frames at the session's MODAL subcarrier count so windows
-  // are homogeneous; never silently zero-pad/truncate the off-format frames the ESP32
-  // emits (HT20/HT40/fragments). extractCsiMatrix then sees uniform-width frames.
-  return { rawCsi: filterToModalSubcarriers(rawCsi), features };
-}
-
-/**
- * Keep only frames whose subcarrier count equals the session's modal (most common)
- * count. Off-format frames are dropped (logged), not padded — prevents the silent
- * zero-padding that corrupted windows in #1007.
- */
-function filterToModalSubcarriers(frames) {
-  if (frames.length === 0) return frames;
-  const counts = new Map();
-  for (const f of frames) counts.set(f.subcarriers, (counts.get(f.subcarriers) || 0) + 1);
-  let modal = frames[0].subcarriers, best = 0;
-  for (const [sc, n] of counts) if (n > best) { best = n; modal = sc; }
-  const kept = frames.filter((f) => f.subcarriers === modal);
-  if (kept.length !== frames.length) {
-    console.error(`[align] #1007: kept ${kept.length}/${frames.length} CSI frames at modal subcarrier count ${modal} (dropped ${frames.length - kept.length} off-format; no silent padding)`);
-  }
-  return kept;
+  return { rawCsi, features };
 }

 // ---------------------------------------------------------------------------
@@ -367,8 +343,7 @@ function averageKeypoints(cameraFrames) {

 /**
 * Extract CSI amplitude matrix from raw_csi window.
- * Fill is frame-major (matrix[f*nSc + s]), so shape is [windowFrames, subcarriers]
- * (#1007 Bug 4 — was mislabeled [subcarriers, windowFrames], transposing consumers).
+ * Returns { data: flat Float32Array, shape: [subcarriers, windowFrames] }.
 */
 function extractCsiMatrix(window) {
  const nFrames = window.length;
@@ -388,13 +363,12 @@ function extractCsiMatrix(window) {
    }
  }

-  return { data: Array.from(matrix), shape: [nFrames, nSc] };
+  return { data: Array.from(matrix), shape: [nSc, nFrames] };
 }

 /**
 * Extract feature matrix from feature-type window.
- * Fill is frame-major (matrix[f*dim + d]), so shape is [windowFrames, featureDim]
- * (#1007 Bug 4 — was mislabeled [featureDim, windowFrames]).
+ * Returns { data: flat array, shape: [featureDim, windowFrames] }.
 */
 function extractFeatureMatrix(window) {
  const nFrames = window.length;
@@ -408,7 +382,7 @@ function extractFeatureMatrix(window) {
    }
  }

-  return { data: Array.from(matrix), shape: [nFrames, dim] };
+  return { data: Array.from(matrix), shape: [dim, nFrames] };
 }

 // ---------------------------------------------------------------------------
@@ -15,7 +15,6 @@ import os
 import socket
 import struct
 import time
-from datetime import datetime, timezone


 def parse_csi_packet(data):
@@ -42,8 +41,7 @@ def parse_csi_packet(data):

    return {
        "type": "raw_csi",
-        # true UTC, not local-time-labeled-Z (#1007 Bug 1) — e.g. "2026-06-17T01:23:45.678Z"
-        "timestamp": datetime.now(timezone.utc).isoformat(timespec="milliseconds").replace("+00:00", "Z"),
+        "timestamp": time.strftime("%Y-%m-%dT%H:%M:%S.") + f"{int(time.time() * 1000) % 1000:03d}Z",
        "ts_ns": time.time_ns(),
        "node_id": node_id,
        "rssi": rssi,
@@ -3595,7 +3595,6 @@ dependencies = [
 "anyhow",
 "axum",
 "clap",
- "futures",
 "homecore",
 "homecore-api",
 "homecore-assist",
@@ -3603,13 +3602,8 @@ dependencies = [
 "homecore-hap",
 "homecore-plugins",
 "homecore-recorder",
- "http-body-util",
- "reqwest 0.12.28",
- "serde",
 "serde_json",
 "tokio",
- "tower 0.5.3",
- "tower-http",
 "tracing",
 "tracing-subscriber",
 ]
@@ -3773,7 +3767,6 @@ dependencies = [
 "tokio",
 "tokio-rustls 0.26.4",
 "tower-service",
- "webpki-roots 1.0.7",
 ]

 [[package]]
@@ -6877,8 +6870,6 @@ dependencies = [
 "native-tls",
 "percent-encoding",
 "pin-project-lite",
- "quinn",
- "rustls 0.23.37",
 "rustls-pki-types",
 "serde",
 "serde_json",
@@ -6886,7 +6877,6 @@ dependencies = [
 "sync_wrapper 1.0.2",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls 0.26.4",
 "tower 0.5.3",
 "tower-http",
 "tower-service",
@@ -6894,7 +6884,6 @@ dependencies = [
 "wasm-bindgen",
 "wasm-bindgen-futures",
 "web-sys",
- "webpki-roots 1.0.7",
 ]

 [[package]]
@@ -7096,42 +7085,6 @@ dependencies = [
 "smallvec",
 ]

-[[package]]
-name = "rufield-core"
-version = "0.1.0"
-dependencies = [
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "rufield-fusion"
-version = "0.1.0"
-dependencies = [
- "rufield-core",
- "rufield-provenance",
- "serde",
- "toml 0.8.23",
-]
-
-[[package]]
-name = "rufield-privacy"
-version = "0.1.0"
-dependencies = [
- "rufield-core",
-]
-
-[[package]]
-name = "rufield-provenance"
-version = "0.1.0"
-dependencies = [
- "ed25519-dalek",
- "rufield-core",
- "serde",
- "serde_json",
- "sha2",
-]
-
 [[package]]
 name = "rumqttc"
 version = "0.24.0"
@@ -11092,18 +11045,6 @@ dependencies = [
 "tower-http",
 ]

-[[package]]
-name = "wifi-densepose-rufield"
-version = "0.3.0"
-dependencies = [
- "rufield-core",
- "rufield-fusion",
- "rufield-privacy",
- "rufield-provenance",
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "wifi-densepose-ruvector"
 version = "0.3.2"
@@ -11153,7 +11094,6 @@ dependencies = [
 "wifi-densepose-engine",
 "wifi-densepose-geo",
 "wifi-densepose-hardware",
- "wifi-densepose-rufield",
 "wifi-densepose-signal",
 "wifi-densepose-wifiscan",
 "wifi-densepose-worldgraph",
@@ -25,7 +25,8 @@ members = [
    "crates/wifi-densepose-ruvector",
    "crates/wifi-densepose-desktop",
    "crates/wifi-densepose-pointcloud",
-    # geo + worldgraph extracted to ruvnet/worldgraph submodule (see crates/worldgraph)
+    "crates/wifi-densepose-geo",
+    "crates/wifi-densepose-worldgraph",  # ADR-139 — WorldGraph environmental digital twin
    "crates/wifi-densepose-engine",      # ADR-135..146 integration/composition layer
    "crates/wifi-densepose-calibration", # ADR-151 — per-room calibration & specialist training
    "crates/nvsim",
@@ -57,7 +58,7 @@ members = [
    "crates/wifi-densepose-bfld",
    # ADR-147: OccWorld thin-client bridge — WorldGraph PersonTrack history →
    # OccWorld Python subprocess → TrajectoryPrior injection into pose tracker.
-    # worldmodel extracted to ruvnet/worldgraph submodule (consumed via path dep)
+    "crates/wifi-densepose-worldmodel",
    # ADR-147 (Phase 5): OccWorld TransVQVAE ported to Candle — native Rust
    # inference without Python/IPC overhead. Loaded alongside the Python bridge
    # as a faster alternative once Phase-5 weights are available.
@@ -71,11 +72,6 @@ members = [
    "crates/homecore-assist",      # ADR-133 — HOMECORE voice assistant + ruflo bridge
    "crates/homecore-server",      # iter-9 — HOMECORE integration binary (all 8 crates wired together)
    "crates/ruview-swarm",                         # ADR-148 — drone swarm control system
-    # ADR-262 P1 — anti-corruption bridge converting RuView WiFi-CSI sensing
-    # output into signed RuField FieldEvents. Path-deps the `vendor/rufield`
-    # submodule crates (rufield-core/-provenance/-privacy/-fusion); single
-    # coupling point between RuView and the standalone RuField MFS spec.
-    "crates/wifi-densepose-rufield",
 ]
 # ADR-040: WASM edge crate targets wasm32-unknown-unknown (no_std),
 # excluded from workspace to avoid breaking `cargo test --workspace`.
@@ -87,7 +83,6 @@ members = [
 exclude = [
    "crates/wifi-densepose-wasm-edge",
    "crates/homecore-plugin-example",
-    "crates/worldgraph",   # ruvnet/worldgraph submodule — its own workspace (geo/worldgraph/worldmodel)
 ]

 [workspace.package]
@@ -215,7 +210,7 @@ wifi-densepose-hardware = { version = "0.3.0", path = "crates/wifi-densepose-har
 wifi-densepose-wasm = { version = "0.3.0", path = "crates/wifi-densepose-wasm" }
 wifi-densepose-mat = { version = "0.3.0", path = "crates/wifi-densepose-mat" }
 wifi-densepose-ruvector = { version = "0.3.0", path = "crates/wifi-densepose-ruvector" }
-wifi-densepose-worldmodel = { version = "0.3.0", path = "crates/worldgraph/wifi-densepose-worldmodel" }
+wifi-densepose-worldmodel = { version = "0.3.0", path = "crates/wifi-densepose-worldmodel" }

 [profile.release]
 lto = true
@@ -102,43 +102,19 @@ pub struct WitnessEvent {
    pub this_hash: WitnessHash,
 }

-/// Domain-separation tag prefixing every witness canonical message.
-///
-/// This is the *domain tag* half of the "domain-tag + length-prefix"
-/// rule for any hashed/signed message whose fields are
-/// operator-influenceable. The witness chain already length-prefixes
-/// `kind` and `payload` (preventing intra-protocol concatenation
-/// forgery); the tag adds cross-protocol separation so a SHA-256
-/// preimage / Ed25519 message produced here can never be re-interpreted
-/// as a message from another signing context that shares key
-/// infrastructure — notably ADR-116's *manifest* `binary_signature`
-/// (Ed25519 over `binary_sha256`), which ADR-262 P2 reuses this exact
-/// chain for. A signature is only ever valid for the one domain whose
-/// tag it commits to.
-///
-/// The trailing NUL terminates the version string so a future
-/// migration (Blake3, extra fields, Merkle tier) bumps the tag instead
-/// of silently colliding with v1 bundles.
-pub const WITNESS_DOMAIN_TAG: &[u8] = b"cog-ha-matter/witness-event/v1\x00";
-
 /// Compute the canonical-bytes form an event is hashed over.
 ///
-/// The format is domain-tagged and length-prefixed:
+/// The format is intentionally simple and length-prefixed so a
+/// future migration can be staged with a `version` byte in front
+/// without ambiguity:
 ///
 /// ```text
-///   DOMAIN_TAG | prev_hash[32] | seq:u64-be | ts:u64-be
-///              | kind_len:u32-be | kind | payload_len:u32-be | payload
+///   prev_hash[32] | seq:u64-be | ts:u64-be | kind_len:u32-be | kind | payload_len:u32-be | payload
 /// ```
 ///
-/// * The leading [`WITNESS_DOMAIN_TAG`] gives cross-protocol
-///   separation: bytes signed/hashed here cannot be replayed as a
-///   message for another Ed25519 context in the same trust chain
-///   (e.g. the manifest `binary_signature`). It also carries a format
-///   version for staged migrations.
-/// * Length-prefixing `kind` and `payload` prevents the classic
-///   "concatenation forgery" where `"abc" + "def"` and `"ab" + "cdef"`
-///   would hash the same. The fixed-width `prev_hash`/`seq`/`ts`
-///   fields are self-delimiting.
+/// Length-prefixing prevents the classic "concatenation forgery"
+/// attack where `"abc" + "def"` and `"ab" + "cdef"` would hash the
+/// same.
 pub fn canonical_bytes(
    prev_hash: WitnessHash,
    seq: u64,
@@ -147,10 +123,7 @@ pub fn canonical_bytes(
    payload: &[u8],
 ) -> Vec<u8> {
    let kind_bytes = kind.as_bytes();
-    let mut out = Vec::with_capacity(
-        WITNESS_DOMAIN_TAG.len() + 32 + 8 + 8 + 4 + kind_bytes.len() + 4 + payload.len(),
-    );
-    out.extend_from_slice(WITNESS_DOMAIN_TAG);
+    let mut out = Vec::with_capacity(32 + 8 + 8 + 4 + kind_bytes.len() + 4 + payload.len());
    out.extend_from_slice(&prev_hash.0);
    out.extend_from_slice(&seq.to_be_bytes());
    out.extend_from_slice(&timestamp_unix_s.to_be_bytes());
@@ -493,51 +466,11 @@ mod tests {
    }

    #[test]
-    fn canonical_bytes_starts_with_domain_tag_then_prev_hash() {
+    fn canonical_bytes_starts_with_prev_hash() {
        // Locks the on-wire format. A future migration that flips
-        // field order must bump the domain tag and update this test.
+        // field order must bump a version byte and update this test.
        let bytes = canonical_bytes(WitnessHash([7u8; 32]), 1, 2, "k", b"p");
-        let tag = WITNESS_DOMAIN_TAG.len();
-        assert_eq!(&bytes[..tag], WITNESS_DOMAIN_TAG);
-        assert_eq!(&bytes[tag..tag + 32], &[7u8; 32]);
-    }
-
-    #[test]
-    fn canonical_bytes_is_domain_separated() {
-        // Cross-protocol separation: the witness preimage must begin
-        // with the domain tag so its SHA-256 / Ed25519 message can
-        // never be reinterpreted as a message from another signing
-        // context that shares key infrastructure (e.g. the manifest
-        // `binary_signature` over `binary_sha256`). Fails on the old
-        // un-tagged encoding, which began directly with `prev_hash`.
-        let bytes = canonical_bytes(WitnessHash::GENESIS, 0, 0, "k", b"p");
-        assert!(
-            bytes.starts_with(WITNESS_DOMAIN_TAG),
-            "canonical message is not domain-separated"
-        );
-        // The tag is versioned and NUL-terminated.
-        assert!(WITNESS_DOMAIN_TAG.ends_with(b"\x00"));
-        assert!(WITNESS_DOMAIN_TAG.windows(2).any(|w| w == b"v1"));
-    }
-
-    #[test]
-    fn witness_preimage_cannot_collide_with_a_bare_manifest_digest() {
-        // The manifest `binary_signature` signs a bare 64-byte
-        // SHA-256 hex string. A witness preimage must never *equal*
-        // such a string, even if an operator crafted kind/payload to
-        // try — the domain tag (33 bytes) + fixed 48-byte prefix make
-        // the witness message structurally longer and tag-distinct.
-        // Fails on the old encoding only if it could ever produce a
-        // 64-byte all-hex message; the tag makes the impossibility
-        // explicit and regression-guarded.
-        let manifest_digest_msg = "a".repeat(64); // 64 ASCII hex bytes
-        let witness = canonical_bytes(WitnessHash::GENESIS, 0, 0, "", b"");
-        assert_ne!(witness.as_slice(), manifest_digest_msg.as_bytes());
-        assert!(
-            witness.len() > manifest_digest_msg.len(),
-            "domain tag must make witness preimage structurally distinct"
-        );
-        assert!(!witness.starts_with(b"aaaa"));
+        assert_eq!(&bytes[..32], &[7u8; 32]);
    }

    #[test]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
ruv	2b5a32ae31	docs(changelog): record #1050 Observatory persons position/motion fix Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-14 00:14:08 -04:00
ruv	bca5bd515b	fix(sensing-server): emit real field-derived person position/motion to /ws/sensing (#1050 ) The Observatory 3D figure never animated because the sensing_update WS frame carried no per-person position/motion_score/pose — only image-space keypoints. The FigurePool/PoseSystem (and demo-data.js's own contract) animate each figure from persons[i].position (room-world), .motion_score (0..100), and .pose; none were on the live stream. Honest scope (Case 2): the pipeline has no calibrated per-person room localizer or per-person skeletal pose. New field_localize module extracts the strongest peak(s) from the real signal_field grid (subcarrier variances x motion-band power) and maps the peak cell to Observatory world coords with the exact _buildSignalField transform. motion_score is the measured motion_band_power passed through; pose is set only from a real aggregate posture estimate, else None (never a fabricated skeleton). Empty/below-threshold field -> persons: [] (no phantom); present person with no resolvable peak keeps position [0,0,0], not invented coords. attach_field_positions runs after the tracker step at all five broadcast sites. New position/motion_score/pose fields added to both PersonDetection structs. No UI change needed — the Observatory already reads these fields. Tests: field_localize peak/coordinate/empty/separation units + observatory_persons_field_position_tests (known-peak -> emitted position, empty-room -> no phantom, pose real-or-None, below-threshold honesty). sensing-server bin 441->451, 0 failed. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-14 00:13:00 -04:00
ruv	68432b4c9b	docs: record ESP32 vitals count/presence fixes (#998 , #996 ) CHANGELOG [Unreleased] Fixed: root cause + fix + named constants + test + explicit hardware/data-gated caveat for both bugs. ADR-021 Implementation Notes: dated 2026-06 entry noting the edge-path person-count + presence-flicker fixes are boolean/count emission-logic fixes, not a validated-accuracy claim; thresholds pending on-device calibration. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-14 00:10:01 -04:00
ruv	8661b6f560	test(firmware): host C99 tests for vitals count + presence logic (#998 , #996 ) test/test_vitals_count_presence.c pins the two fixes with deterministic host-buildable tests (no ESP-IDF needed). 13 cases / 22 assertions, all passing under gcc 13 -Wall -Wextra: #998 count gate: single strong signature + multipath -> count==1; two well-separated -> 2; two strong-but-adjacent -> 1 (dedup); no signal -> 0; three well-separated -> 3. #998 debounce: transient spike rejected; sustained change accepted; flapping count stays stable. #996 presence: dithering trace -> stable flag (no flicker); brief dips held by clear-debounce; genuine departure clears within hold window; dead-band holds state. The named tuning constants are #include'd from the real edge_processing.h so the test and firmware can never disagree on thresholds. `make run_vitals` / `make host_tests` added; binaries gitignored. Hardware-gated caveat documented in the test header: these pin the decision LOGIC; the exact energy/separation/hysteresis values that best match a real room vs labelled occupancy remain on-device tuning. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-14 00:09:57 -04:00
ruv	8416a4d337	fix(firmware): gate phantom persons + add presence hysteresis (#998 , #996 ) Two ESP32 edge-vitals logic bugs in edge_processing.c. Both are robustness/logic fixes — NOT validated-accuracy claims. True count/PCK vs labelled ground truth remains hardware/data-gated (COM9 ESP32-S3). #998 — n_persons over-counted (reported 4 for one person): update_multi_person_vitals() split top-K subcarriers into top_k_count/2 groups and marked EVERY group active, so one body's multipath always read the full EDGE_MAX_PERSONS. Added two pure, host-testable helpers: - count_distinct_persons(): per-group energy gate (EDGE_PERSON_MIN_ENERGY_RATIO) + spatial dedup (EDGE_PERSON_MIN_SC_SEP) so weak/adjacent multipath groups don't count as separate bodies. Strongest group always counts (>=1). - person_count_debounce(): a gated count must hold EDGE_PERSON_PERSIST_FRAMES consecutive frames before it's emitted, so a single noisy frame can't promote a phantom. The active flags now mark only the strongest stable_count groups. #996 — presence flag flickered at ~50cm despite high presence_score: the bare `score > threshold` compare chattered on a noisy score (field-observed 2.6-26.7 frame-to-frame). Replaced with a Schmitt trigger + clear-debounce (presence_flag_update): assert above threshold, hold in the dead band down to threshold * EDGE_PRESENCE_HYST_RATIO, clear only after EDGE_PRESENCE_CLEAR_FRAMES consecutive sub-low frames. presence_score itself is unchanged and still emitted for consumer-side thresholding. All thresholds are named, documented constants in edge_processing.h. Firmware builds clean for esp32s3 (idf.py build RC=0). Co-Authored-By: claude-flow <ruv@ruv.net>	2026-06-14 00:09:57 -04:00
				`@@ -1 +0,0 @@`
				`6c6c1431c37472494c9b309c8b5d761dd4fc41e30313baead6320831fb982e57 manifest.json`