Files
ruvnet--RuView/verify
ruv 86f38c4fc6 fix: first-run breakage (closes #559, #561) + #560 platform-aware diagnosis
Three related fixes — a fresh-clone user hitting any of these would
conclude the project doesn't work; #557's "feels like mock" narrative
is fed in part by these breakages.

## #559 — `./verify` pointed at removed `v1/` paths

The wrapper hard-coded `v1/data/proof` / `v1/src`, but the proof scripts
moved to `archive/v1/` long ago. A fresh clone failed before the
pipeline could even run. User `Fewmanism` provided the exact diff in
the issue. Applied verbatim across four hits (PROOF_DIR, V1_SRC, the
Phase 3 scan-message, and the SKIP-state recovery hint).

  ./verify  # now PASS end-to-end

## #561 — firmware README would misflash and point at the wrong provisioner

Two real bring-up bugs:

1. Manual flash command put the app at `0x10000`. The partition tables
   (`partitions_display.csv`, `partitions_4mb.csv`) define `ota_0` at
   `0x20000`. `0x10000` is the start of `phy_init` data — flashing
   the app binary there would corrupt the PHY init data and the app
   would never run. The QEMU section already had the right `0x20000`,
   so this was an internal contradiction. Both occurrences fixed.

   Also added `0xf000 ota_data_initial.bin` to the manual flash
   command — the release bundle ships this binary and without it the
   bootloader can refuse to boot after a factory wipe.

2. `python scripts/provision.py` referenced the wrong file. There are
   actually TWO `provision.py` files in the repo (`scripts/` — 275
   lines, stale; `firmware/esp32-csi-node/` — 348 lines, has the
   issue #391 full-replace semantics fix). The canonical one is in
   the firmware dir. Both README occurrences fixed to point at the
   canonical path. (The stale `scripts/provision.py` is a separate
   cleanup; the historical ADRs that reference it are intentionally
   not touched.)

## #560 — proof hash mismatches on macOS arm64 / Accelerate

User `Fewmanism` reports that with the same pinned `numpy 1.26.4` /
`scipy 1.14.1` on macOS arm64, the proof's SHA-256 differs from the
published expected hash. The proof passes on linux-x86_64 and
windows-x86_64 (where wheels ship OpenBLAS); it mismatches on
darwin-arm64 (where numpy/scipy use Accelerate.framework). That is
not a code bug — Accelerate's FFT and BLAS produce bit-different
output on identical IEEE 754 inputs from the same backend, and the
proof's bit-exact contract therefore cannot hold across backends.

What this commit changes:

- `verify.py` now prints a RUNTIME ENVIRONMENT block before the
  pipeline runs: platform, machine, Python version, numpy BLAS
  backend. Users on a non-reference backend see the cause up front.
- The FAIL message reorders causes: platform BLAS/FFT backend is
  now the *primary* suspect (not "unlikely"), with a pointer to
  the printed RUNTIME ENVIRONMENT block.
- New `archive/v1/data/proof/REFERENCE_PLATFORMS.md` documents the
  reference platforms (linux-x86_64 + windows-x86_64 with OpenBLAS),
  the expected-MISMATCH platforms (darwin-arm64 with Accelerate,
  any MKL install), and three workable responses for users hitting
  a non-reference backend (run on a reference platform, generate a
  local-reference hash, or use tolerance-based comparison — that
  last one is the roadmap path).

This converts #560 from "the proof is broken on my Mac" to "the proof
has a documented single-backend contract".

## Verification

- `./verify` (Windows x86_64 / OpenBLAS): VERDICT PASS, hash
  `8c0680d7…51c6` matches expected. RUNTIME ENVIRONMENT block prints
  numpy BLAS = `scipy-openblas`.
- `grep -E '0x10000|scripts/provision\.py' firmware/esp32-csi-node/README.md`:
  no matches.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-14 08:45:33 -04:00

221 lines
7.3 KiB
Bash
Executable File

#!/usr/bin/env bash
# ======================================================================
# WiFi-DensePose: Trust Kill Switch
#
# One-command proof replay that makes "it is mocked" a falsifiable,
# measurable claim that fails against evidence.
#
# Usage:
# ./verify Run the full proof pipeline
# ./verify --verbose Show detailed feature statistics
# ./verify --audit Also scan codebase for mock/random patterns
#
# Exit codes:
# 0 PASS -- pipeline hash matches published expected hash
# 1 FAIL -- hash mismatch or error
# 2 SKIP -- no expected hash file to compare against
# ======================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROOF_DIR="${SCRIPT_DIR}/archive/v1/data/proof"
VERIFY_PY="${PROOF_DIR}/verify.py"
V1_SRC="${SCRIPT_DIR}/archive/v1/src"
# Colors (disabled if not a terminal)
if [ -t 1 ]; then
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
BOLD='\033[1m'
RESET='\033[0m'
else
RED=''
GREEN=''
YELLOW=''
CYAN=''
BOLD=''
RESET=''
fi
echo ""
echo -e "${BOLD}======================================================================"
echo " WiFi-DensePose: Trust Kill Switch"
echo " One-command proof that the signal processing pipeline is real."
echo -e "======================================================================${RESET}"
echo ""
# ------------------------------------------------------------------
# PHASE 1: Environment checks
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 1] ENVIRONMENT CHECKS${RESET}"
echo ""
ERRORS=0
# Check Python
if command -v python3 &>/dev/null; then
PYTHON=python3
elif command -v python &>/dev/null; then
PYTHON=python
else
echo -e " ${RED}FAIL${RESET}: Python 3 not found. Install python3."
exit 1
fi
PY_VERSION=$($PYTHON --version 2>&1)
echo " Python: $PY_VERSION ($( command -v $PYTHON ))"
# Check numpy
if $PYTHON -c "import numpy; print(f' numpy: {numpy.__version__} ({numpy.__file__})')" 2>/dev/null; then
:
else
echo -e " ${RED}FAIL${RESET}: numpy not installed. Run: pip install numpy"
ERRORS=$((ERRORS + 1))
fi
# Check scipy
if $PYTHON -c "import scipy; print(f' scipy: {scipy.__version__} ({scipy.__file__})')" 2>/dev/null; then
:
else
echo -e " ${RED}FAIL${RESET}: scipy not installed. Run: pip install scipy"
ERRORS=$((ERRORS + 1))
fi
# Check proof files exist
echo ""
if [ -f "${PROOF_DIR}/sample_csi_data.json" ]; then
SIZE=$(wc -c < "${PROOF_DIR}/sample_csi_data.json" | tr -d ' ')
echo " Reference signal: sample_csi_data.json (${SIZE} bytes)"
else
echo -e " ${RED}FAIL${RESET}: Reference signal not found at ${PROOF_DIR}/sample_csi_data.json"
ERRORS=$((ERRORS + 1))
fi
if [ -f "${PROOF_DIR}/expected_features.sha256" ]; then
EXPECTED=$(cat "${PROOF_DIR}/expected_features.sha256" | tr -d '[:space:]')
echo " Expected hash: ${EXPECTED}"
else
echo -e " ${YELLOW}WARN${RESET}: No expected hash file found"
fi
if [ -f "${VERIFY_PY}" ]; then
echo " Verify script: ${VERIFY_PY}"
else
echo -e " ${RED}FAIL${RESET}: verify.py not found at ${VERIFY_PY}"
ERRORS=$((ERRORS + 1))
fi
echo ""
if [ $ERRORS -gt 0 ]; then
echo -e "${RED}Cannot proceed: $ERRORS prerequisite(s) missing.${RESET}"
exit 1
fi
echo -e " ${GREEN}All prerequisites satisfied.${RESET}"
echo ""
# ------------------------------------------------------------------
# PHASE 2: Run the proof pipeline
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 2] PROOF PIPELINE REPLAY${RESET}"
echo ""
# Pass through any flags (--verbose, --audit, --generate-hash)
PIPELINE_EXIT=0
$PYTHON "${VERIFY_PY}" "$@" || PIPELINE_EXIT=$?
echo ""
# ------------------------------------------------------------------
# PHASE 3: Mock/random scan of production codebase
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 3] PRODUCTION CODE INTEGRITY SCAN${RESET}"
echo ""
echo " Scanning ${V1_SRC} for np.random.rand / np.random.randn calls..."
echo " (Excluding archive/v1/src/testing/ -- test helpers are allowed to use random.)"
echo ""
MOCK_FINDINGS=0
# Scan for np.random.rand and np.random.randn in production code
# We exclude testing/ directories
while IFS= read -r line; do
if [ -n "$line" ]; then
echo -e " ${YELLOW}FOUND${RESET}: $line"
MOCK_FINDINGS=$((MOCK_FINDINGS + 1))
fi
done < <(
find "${V1_SRC}" -name "*.py" -type f \
! -path "*/testing/*" \
! -path "*/tests/*" \
! -path "*/test/*" \
! -path "*__pycache__*" \
-exec grep -Hn 'np\.random\.rand\b\|np\.random\.randn\b' {} \; 2>/dev/null || true
)
if [ $MOCK_FINDINGS -eq 0 ]; then
echo -e " ${GREEN}CLEAN${RESET}: No np.random.rand/randn calls in production code."
else
echo ""
echo -e " ${YELLOW}WARNING${RESET}: Found ${MOCK_FINDINGS} random generator call(s) in production code."
echo " These should be reviewed -- production signal processing should"
echo " never generate random data."
fi
echo ""
# ------------------------------------------------------------------
# FINAL SUMMARY
# ------------------------------------------------------------------
echo -e "${BOLD}======================================================================${RESET}"
if [ $PIPELINE_EXIT -eq 0 ]; then
echo ""
echo -e " ${GREEN}${BOLD}RESULT: PASS${RESET}"
echo ""
echo " The production pipeline replayed the published reference signal"
echo " and produced a SHA-256 hash that MATCHES the published expected hash."
echo ""
echo " What this proves:"
echo " - The signal processing code is REAL (not mocked)"
echo " - The pipeline is DETERMINISTIC (same input -> same hash)"
echo " - The code path includes: noise filtering, Hamming windowing,"
echo " amplitude normalization, FFT-based Doppler extraction,"
echo " and power spectral density computation via scipy.fft"
echo " - No randomness was injected (the hash is exact)"
echo ""
echo " To falsify: change any signal processing code and re-run."
echo " The hash will break. That is the point."
echo ""
if [ $MOCK_FINDINGS -eq 0 ]; then
echo -e " Mock scan: ${GREEN}CLEAN${RESET} (no random generators in production code)"
else
echo -e " Mock scan: ${YELLOW}${MOCK_FINDINGS} finding(s)${RESET} (review recommended)"
fi
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 0
elif [ $PIPELINE_EXIT -eq 2 ]; then
echo ""
echo -e " ${YELLOW}${BOLD}RESULT: SKIP${RESET}"
echo ""
echo " No expected hash file to compare against."
echo " Run: python archive/v1/data/proof/verify.py --generate-hash"
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 2
else
echo ""
echo -e " ${RED}${BOLD}RESULT: FAIL${RESET}"
echo ""
echo " The pipeline hash does NOT match the expected hash."
echo " Something changed in the signal processing code."
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 1
fi