Files
ruvnet--RuView/plugins/ruview/skills/ruview-verify/SKILL.md
ruv 8ff7c2c35a feat(plugins): RuView Claude Code + Codex marketplace plugin
Add `plugins/ruview` — an end-to-end toolkit for working with RuView
(WiFi-DensePose) from Claude Code, mirrored as Codex prompts.

Marketplace: `plugins/.claude-plugin/marketplace.json` (one plugin, `ruview`).

Skills (9): ruview-quickstart, ruview-hardware-setup, ruview-configure,
ruview-applications, ruview-model-training, ruview-advanced-sensing,
ruview-cli-api, ruview-mmwave, ruview-verify — shell-first (cargo / python /
idf.py / docker / node), no claude-flow MCP dependency.

Commands (7): /ruview-start, /ruview-flash, /ruview-provision, /ruview-app,
/ruview-train, /ruview-advanced, /ruview-verify.

Agents (3): ruview-onboarding-guide, ruview-config-engineer,
ruview-training-engineer.

Codex mirror: codex/AGENTS.md + codex/README.md + codex/prompts/*.md (full
command parity, enforced by scripts/smoke.sh).

Docs: docs/adrs/0001-ruview-plugin-contract.md (Proposed). Verification:
scripts/smoke.sh (13 structural checks). Provisioning docs reflect the full
`provision.py` flag set (TDM mesh, edge tiers, vitals, hop channels, Cognitum
Seed, swarm intervals) and the issue #391 NVS-namespace-replace gotcha.

Verified: `claude plugin validate` (plugin + marketplace), loads via
`claude --plugin-dir`, smoke 13/13, and confirmed against an attached ESP32-S3
on COM8 running the RuView CSI firmware (live adaptive_ctrl + csi_collector
serial output).

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-11 17:39:16 -04:00

4.0 KiB

name, description, allowed-tools
name description allowed-tools
ruview-verify Verify a RuView build — full Rust workspace tests, the deterministic Python pipeline proof (SHA-256 Trust Kill Switch), firmware hash manifest, and the ADR-028 witness bundle with one-command self-verification. Use after any significant change, before merging a PR, or to produce an attestation bundle for a recipient. Bash Read Write Edit Glob Grep

RuView Verification & Witness Bundle

The trust pipeline for RuView. Run this after meaningful changes and before merging.

1. Rust workspace tests

cd v2
cargo test --workspace --no-default-features        # must be 1,400+ passed, 0 failed (~2 min)

Single-crate checks (no GPU): cargo check -p wifi-densepose-train --no-default-features, cargo test -p wifi-densepose-signal --no-default-features, etc.

2. Deterministic Python proof (Trust Kill Switch)

Feeds a reference CSI signal through the production pipeline and hashes the output. Any behavioural drift changes the hash.

cd ..
python archive/v1/data/proof/verify.py              # must print VERDICT: PASS

If it fails on a hash mismatch after a legitimate numpy/scipy bump:

python archive/v1/data/proof/verify.py --generate-hash
python archive/v1/data/proof/verify.py

Artifacts: archive/v1/data/proof/verify.py, expected_features.sha256, sample_csi_data.json (1,000 synthetic frames, seed=42).

3. Python test suite (v1)

cd archive/v1 && python -m pytest tests/ -x -q

4. Generate the witness bundle (ADR-028)

bash scripts/generate-witness-bundle.sh

Produces dist/witness-bundle-ADR028-<sha>.tar.gz containing:

  • WITNESS-LOG-028.md — 33-row attestation matrix, evidence per capability
  • ADR-028-esp32-capability-audit.md — full audit findings
  • proof/verify.py + expected_features.sha256 — the deterministic proof
  • test-results/rust-workspace-tests.log — full cargo test output
  • firmware-manifest/source-hashes.txt — SHA-256 of all 7 ESP32 firmware files
  • crate-manifest/versions.txt — all 15 crates + versions
  • VERIFY.sh — one-command self-verification for recipients

5. Self-verify the bundle

cd dist/witness-bundle-ADR028-*/
bash VERIFY.sh                                       # must be 7/7 PASS

Pre-merge checklist (from CLAUDE.md)

  1. Rust tests pass (1,400+, 0 fail)
  2. Python proof passes (VERDICT: PASS)
  3. README.md updated if scope changed (platform/crate/hardware tables, feature summaries)
  4. CLAUDE.md updated if scope changed (crate table, ADR list, module tables, version)
  5. CHANGELOG.md — entry under [Unreleased]
  6. docs/user-guide.md updated if new data sources / CLI flags / setup steps
  7. ADR index — bump ADR count in README docs table if a new ADR was added
  8. Witness bundle regenerated if tests or proof hash changed
  9. Docker Hub image rebuilt only if Dockerfile / deps / runtime behaviour changed
  10. Crate publishing only if a published crate's public API changed (publish in dependency order — see CLAUDE.md)
  11. .gitignore updated for new build artifacts/binaries
  12. Security review for new modules touching hardware/network boundaries

Security scan

npx @claude-flow/cli@latest security scan            # after security-related changes

Also see docs/security-audit-wasm-edge-vendor.md, docs/qe-reports/, ADR-080 (QE remediation plan), ADR-093 (dashboard gap analysis).

QEMU firmware CI (ADR-061)

11-job workflow ("Firmware QEMU Tests"). Local QEMU helpers: scripts/qemu-esp32s3-test.sh, qemu-mesh-test.sh, qemu-chaos-test.sh, qemu-snapshot-test.sh, install-qemu.sh. Notes: espressif/idf:v5.4 container needs source $IDF_PATH/export.sh before pip; QEMU needs esptool merge_bin --fill-flash-size 8MB; WARNs (no real WiFi) are treated as OK in CI.

Reference

  • docs/WITNESS-LOG-028.md, docs/adr/ADR-028-esp32-capability-audit.md
  • scripts/generate-witness-bundle.sh, archive/v1/data/proof/verify.py
  • CLAUDE.md → "Validation & Witness Verification" + "Pre-Merge Checklist"
  • CLAUDE.local.md → QEMU CI pipeline fixes