mirror of
https://github.com/ruvnet/RuView
synced 2026-06-30 13:43:18 +00:00
86f38c4fc6
Three related fixes — a fresh-clone user hitting any of these would conclude the project doesn't work; #557's "feels like mock" narrative is fed in part by these breakages. ## #559 — `./verify` pointed at removed `v1/` paths The wrapper hard-coded `v1/data/proof` / `v1/src`, but the proof scripts moved to `archive/v1/` long ago. A fresh clone failed before the pipeline could even run. User `Fewmanism` provided the exact diff in the issue. Applied verbatim across four hits (PROOF_DIR, V1_SRC, the Phase 3 scan-message, and the SKIP-state recovery hint). ./verify # now PASS end-to-end ## #561 — firmware README would misflash and point at the wrong provisioner Two real bring-up bugs: 1. Manual flash command put the app at `0x10000`. The partition tables (`partitions_display.csv`, `partitions_4mb.csv`) define `ota_0` at `0x20000`. `0x10000` is the start of `phy_init` data — flashing the app binary there would corrupt the PHY init data and the app would never run. The QEMU section already had the right `0x20000`, so this was an internal contradiction. Both occurrences fixed. Also added `0xf000 ota_data_initial.bin` to the manual flash command — the release bundle ships this binary and without it the bootloader can refuse to boot after a factory wipe. 2. `python scripts/provision.py` referenced the wrong file. There are actually TWO `provision.py` files in the repo (`scripts/` — 275 lines, stale; `firmware/esp32-csi-node/` — 348 lines, has the issue #391 full-replace semantics fix). The canonical one is in the firmware dir. Both README occurrences fixed to point at the canonical path. (The stale `scripts/provision.py` is a separate cleanup; the historical ADRs that reference it are intentionally not touched.) ## #560 — proof hash mismatches on macOS arm64 / Accelerate User `Fewmanism` reports that with the same pinned `numpy 1.26.4` / `scipy 1.14.1` on macOS arm64, the proof's SHA-256 differs from the published expected hash. The proof passes on linux-x86_64 and windows-x86_64 (where wheels ship OpenBLAS); it mismatches on darwin-arm64 (where numpy/scipy use Accelerate.framework). That is not a code bug — Accelerate's FFT and BLAS produce bit-different output on identical IEEE 754 inputs from the same backend, and the proof's bit-exact contract therefore cannot hold across backends. What this commit changes: - `verify.py` now prints a RUNTIME ENVIRONMENT block before the pipeline runs: platform, machine, Python version, numpy BLAS backend. Users on a non-reference backend see the cause up front. - The FAIL message reorders causes: platform BLAS/FFT backend is now the *primary* suspect (not "unlikely"), with a pointer to the printed RUNTIME ENVIRONMENT block. - New `archive/v1/data/proof/REFERENCE_PLATFORMS.md` documents the reference platforms (linux-x86_64 + windows-x86_64 with OpenBLAS), the expected-MISMATCH platforms (darwin-arm64 with Accelerate, any MKL install), and three workable responses for users hitting a non-reference backend (run on a reference platform, generate a local-reference hash, or use tolerance-based comparison — that last one is the roadmap path). This converts #560 from "the proof is broken on my Mac" to "the proof has a documented single-backend contract". ## Verification - `./verify` (Windows x86_64 / OpenBLAS): VERDICT PASS, hash `8c0680d7…51c6` matches expected. RUNTIME ENVIRONMENT block prints numpy BLAS = `scipy-openblas`. - `grep -E '0x10000|scripts/provision\.py' firmware/esp32-csi-node/README.md`: no matches. Co-Authored-By: claude-flow <ruv@ruv.net>
221 lines
7.3 KiB
Bash
Executable File
221 lines
7.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# ======================================================================
|
|
# WiFi-DensePose: Trust Kill Switch
|
|
#
|
|
# One-command proof replay that makes "it is mocked" a falsifiable,
|
|
# measurable claim that fails against evidence.
|
|
#
|
|
# Usage:
|
|
# ./verify Run the full proof pipeline
|
|
# ./verify --verbose Show detailed feature statistics
|
|
# ./verify --audit Also scan codebase for mock/random patterns
|
|
#
|
|
# Exit codes:
|
|
# 0 PASS -- pipeline hash matches published expected hash
|
|
# 1 FAIL -- hash mismatch or error
|
|
# 2 SKIP -- no expected hash file to compare against
|
|
# ======================================================================
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROOF_DIR="${SCRIPT_DIR}/archive/v1/data/proof"
|
|
VERIFY_PY="${PROOF_DIR}/verify.py"
|
|
V1_SRC="${SCRIPT_DIR}/archive/v1/src"
|
|
|
|
# Colors (disabled if not a terminal)
|
|
if [ -t 1 ]; then
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
CYAN='\033[0;36m'
|
|
BOLD='\033[1m'
|
|
RESET='\033[0m'
|
|
else
|
|
RED=''
|
|
GREEN=''
|
|
YELLOW=''
|
|
CYAN=''
|
|
BOLD=''
|
|
RESET=''
|
|
fi
|
|
|
|
echo ""
|
|
echo -e "${BOLD}======================================================================"
|
|
echo " WiFi-DensePose: Trust Kill Switch"
|
|
echo " One-command proof that the signal processing pipeline is real."
|
|
echo -e "======================================================================${RESET}"
|
|
echo ""
|
|
|
|
# ------------------------------------------------------------------
|
|
# PHASE 1: Environment checks
|
|
# ------------------------------------------------------------------
|
|
echo -e "${CYAN}[PHASE 1] ENVIRONMENT CHECKS${RESET}"
|
|
echo ""
|
|
|
|
ERRORS=0
|
|
|
|
# Check Python
|
|
if command -v python3 &>/dev/null; then
|
|
PYTHON=python3
|
|
elif command -v python &>/dev/null; then
|
|
PYTHON=python
|
|
else
|
|
echo -e " ${RED}FAIL${RESET}: Python 3 not found. Install python3."
|
|
exit 1
|
|
fi
|
|
|
|
PY_VERSION=$($PYTHON --version 2>&1)
|
|
echo " Python: $PY_VERSION ($( command -v $PYTHON ))"
|
|
|
|
# Check numpy
|
|
if $PYTHON -c "import numpy; print(f' numpy: {numpy.__version__} ({numpy.__file__})')" 2>/dev/null; then
|
|
:
|
|
else
|
|
echo -e " ${RED}FAIL${RESET}: numpy not installed. Run: pip install numpy"
|
|
ERRORS=$((ERRORS + 1))
|
|
fi
|
|
|
|
# Check scipy
|
|
if $PYTHON -c "import scipy; print(f' scipy: {scipy.__version__} ({scipy.__file__})')" 2>/dev/null; then
|
|
:
|
|
else
|
|
echo -e " ${RED}FAIL${RESET}: scipy not installed. Run: pip install scipy"
|
|
ERRORS=$((ERRORS + 1))
|
|
fi
|
|
|
|
# Check proof files exist
|
|
echo ""
|
|
if [ -f "${PROOF_DIR}/sample_csi_data.json" ]; then
|
|
SIZE=$(wc -c < "${PROOF_DIR}/sample_csi_data.json" | tr -d ' ')
|
|
echo " Reference signal: sample_csi_data.json (${SIZE} bytes)"
|
|
else
|
|
echo -e " ${RED}FAIL${RESET}: Reference signal not found at ${PROOF_DIR}/sample_csi_data.json"
|
|
ERRORS=$((ERRORS + 1))
|
|
fi
|
|
|
|
if [ -f "${PROOF_DIR}/expected_features.sha256" ]; then
|
|
EXPECTED=$(cat "${PROOF_DIR}/expected_features.sha256" | tr -d '[:space:]')
|
|
echo " Expected hash: ${EXPECTED}"
|
|
else
|
|
echo -e " ${YELLOW}WARN${RESET}: No expected hash file found"
|
|
fi
|
|
|
|
if [ -f "${VERIFY_PY}" ]; then
|
|
echo " Verify script: ${VERIFY_PY}"
|
|
else
|
|
echo -e " ${RED}FAIL${RESET}: verify.py not found at ${VERIFY_PY}"
|
|
ERRORS=$((ERRORS + 1))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
if [ $ERRORS -gt 0 ]; then
|
|
echo -e "${RED}Cannot proceed: $ERRORS prerequisite(s) missing.${RESET}"
|
|
exit 1
|
|
fi
|
|
|
|
echo -e " ${GREEN}All prerequisites satisfied.${RESET}"
|
|
echo ""
|
|
|
|
# ------------------------------------------------------------------
|
|
# PHASE 2: Run the proof pipeline
|
|
# ------------------------------------------------------------------
|
|
echo -e "${CYAN}[PHASE 2] PROOF PIPELINE REPLAY${RESET}"
|
|
echo ""
|
|
|
|
# Pass through any flags (--verbose, --audit, --generate-hash)
|
|
PIPELINE_EXIT=0
|
|
$PYTHON "${VERIFY_PY}" "$@" || PIPELINE_EXIT=$?
|
|
|
|
echo ""
|
|
|
|
# ------------------------------------------------------------------
|
|
# PHASE 3: Mock/random scan of production codebase
|
|
# ------------------------------------------------------------------
|
|
echo -e "${CYAN}[PHASE 3] PRODUCTION CODE INTEGRITY SCAN${RESET}"
|
|
echo ""
|
|
echo " Scanning ${V1_SRC} for np.random.rand / np.random.randn calls..."
|
|
echo " (Excluding archive/v1/src/testing/ -- test helpers are allowed to use random.)"
|
|
echo ""
|
|
|
|
MOCK_FINDINGS=0
|
|
|
|
# Scan for np.random.rand and np.random.randn in production code
|
|
# We exclude testing/ directories
|
|
while IFS= read -r line; do
|
|
if [ -n "$line" ]; then
|
|
echo -e " ${YELLOW}FOUND${RESET}: $line"
|
|
MOCK_FINDINGS=$((MOCK_FINDINGS + 1))
|
|
fi
|
|
done < <(
|
|
find "${V1_SRC}" -name "*.py" -type f \
|
|
! -path "*/testing/*" \
|
|
! -path "*/tests/*" \
|
|
! -path "*/test/*" \
|
|
! -path "*__pycache__*" \
|
|
-exec grep -Hn 'np\.random\.rand\b\|np\.random\.randn\b' {} \; 2>/dev/null || true
|
|
)
|
|
|
|
if [ $MOCK_FINDINGS -eq 0 ]; then
|
|
echo -e " ${GREEN}CLEAN${RESET}: No np.random.rand/randn calls in production code."
|
|
else
|
|
echo ""
|
|
echo -e " ${YELLOW}WARNING${RESET}: Found ${MOCK_FINDINGS} random generator call(s) in production code."
|
|
echo " These should be reviewed -- production signal processing should"
|
|
echo " never generate random data."
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ------------------------------------------------------------------
|
|
# FINAL SUMMARY
|
|
# ------------------------------------------------------------------
|
|
echo -e "${BOLD}======================================================================${RESET}"
|
|
|
|
if [ $PIPELINE_EXIT -eq 0 ]; then
|
|
echo ""
|
|
echo -e " ${GREEN}${BOLD}RESULT: PASS${RESET}"
|
|
echo ""
|
|
echo " The production pipeline replayed the published reference signal"
|
|
echo " and produced a SHA-256 hash that MATCHES the published expected hash."
|
|
echo ""
|
|
echo " What this proves:"
|
|
echo " - The signal processing code is REAL (not mocked)"
|
|
echo " - The pipeline is DETERMINISTIC (same input -> same hash)"
|
|
echo " - The code path includes: noise filtering, Hamming windowing,"
|
|
echo " amplitude normalization, FFT-based Doppler extraction,"
|
|
echo " and power spectral density computation via scipy.fft"
|
|
echo " - No randomness was injected (the hash is exact)"
|
|
echo ""
|
|
echo " To falsify: change any signal processing code and re-run."
|
|
echo " The hash will break. That is the point."
|
|
echo ""
|
|
if [ $MOCK_FINDINGS -eq 0 ]; then
|
|
echo -e " Mock scan: ${GREEN}CLEAN${RESET} (no random generators in production code)"
|
|
else
|
|
echo -e " Mock scan: ${YELLOW}${MOCK_FINDINGS} finding(s)${RESET} (review recommended)"
|
|
fi
|
|
echo ""
|
|
echo -e "${BOLD}======================================================================${RESET}"
|
|
exit 0
|
|
elif [ $PIPELINE_EXIT -eq 2 ]; then
|
|
echo ""
|
|
echo -e " ${YELLOW}${BOLD}RESULT: SKIP${RESET}"
|
|
echo ""
|
|
echo " No expected hash file to compare against."
|
|
echo " Run: python archive/v1/data/proof/verify.py --generate-hash"
|
|
echo ""
|
|
echo -e "${BOLD}======================================================================${RESET}"
|
|
exit 2
|
|
else
|
|
echo ""
|
|
echo -e " ${RED}${BOLD}RESULT: FAIL${RESET}"
|
|
echo ""
|
|
echo " The pipeline hash does NOT match the expected hash."
|
|
echo " Something changed in the signal processing code."
|
|
echo ""
|
|
echo -e "${BOLD}======================================================================${RESET}"
|
|
exit 1
|
|
fi
|