frank/ruvnet--RuView
1
0
Fork 0
mirror of https://github.com/ruvnet/RuView synced 2026-06-09 10:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
ruvnet--RuView/docs/adr/ADR-080-qe-remediation-plan.md
T
rUv 81cc241b9e chore(repo): move v1/ → archive/v1/ + add archive/README.md (#430) 
The Rust port at v2/ has been the primary codebase since the rename
in #427. The Python implementation at v1/ is no longer the active
target; the only load-bearing path is the deterministic proof bundle
at v1/data/proof/ (per ADR-011 / ADR-028 witness verification).

Move the whole Python tree into archive/v1/ and document the policy
in archive/README.md: no new features, bug fixes only when they affect
a still-load-bearing path (currently just the proof), CI continues to
verify the proof on every push and PR.

Path references updated in 26 files via path-pattern sed (only
matches v1/<known-child> patterns, never bare v1 or API URLs like
/api/v1/). Two double-prefix typos (archive/archive/v1/) caught and
hand-fixed in verify-pipeline.yml and ADR-011.

Validated:
- Python proof verify.py imports cleanly at archive/v1/data/proof/
  (numpy/scipy still required; CI installs requirements-lock.txt
  from archive/v1/ now)
- cargo test --workspace --no-default-features → 1,539 passed,
  0 failed, 8 ignored (unaffected by Python tree relocation)
- ESP32-S3 on COM7 untouched (no firmware paths changed)

After-merge: contributors should re-run any local `python v1/...`
commands as `python archive/v1/...` (CLAUDE.md and CHANGELOG already
updated).
2026-04-25 23:07:52 -04:00

4.8 KiB
Raw Permalink Blame History

ADR-080: QE Analysis Remediation Plan

Context

An 8-agent QE swarm analyzed ~305K lines across Rust, Python, C firmware, and TypeScript on 2026-04-05. The overall score was 55/100 (C+) — Quality Gate FAILED. This ADR captures the findings and establishes a remediation plan.

Decision

Address the 15 prioritized issues from the QE analysis in three waves: P0 (immediate), P1 (this sprint), P2 (this quarter).

P0 — Fix Immediately

1. Rate Limiter Bypass (Security HIGH)

  • Location: archive/v1/src/middleware/rate_limit.py:200-206
  • Problem: Trusts X-Forwarded-For without validation. Any client bypasses rate limits via header spoofing.
  • Fix: Validate forwarded headers against trusted proxy list, or use connection IP directly.

2. Exception Details Leaked in Responses (Security HIGH)

  • Location: archive/v1/src/api/routers/pose.py:140, stream.py:297, +5 endpoints
  • Problem: Stack traces visible regardless of environment.
  • Fix: Wrap with generic error responses in production; log details server-side only.

3. WebSocket JWT in URL (Security HIGH, CWE-598)

  • Location: archive/v1/src/api/routers/stream.py:74, archive/v1/src/middleware/auth.py:243
  • Problem: Tokens in query strings visible in logs/proxies/browser history.
  • Fix: Use WebSocket subprotocol or first-message auth pattern.

4. Rust Tests Not in CI

  • Problem: 2,618 tests across 153K lines of Rust — zero run in any GitHub Actions workflow. Regressions ship undetected.
  • Fix: Add cargo test --workspace --no-default-features to CI. 1-2 hour task.

5. WebSocket Path Mismatch (Bug)

  • Location: ui/mobile/src/services/ws.service.ts:104 constructs /ws/sensing, but constants/websocket.ts:1 defines WS_PATH = '/api/v1/stream/pose'.
  • Problem: Mobile WebSocket silently fails.
  • Fix: Align paths. Verify which endpoint the server actually serves.

P1 — Fix This Sprint

# Issue Location Impact
6 God file: 4,846 lines, CC=121 sensing-server/src/main.rs Untestable monolith
7 O(L×V) voxel scan per frame ruvsense/tomography.rs:345-383 ~10ms wasted; use DDA ray march
8 Sequential neural inference wifi-densepose-nn inference.rs:334-336 2-4× GPU latency penalty
9 720 .unwrap() in Rust Workspace-wide Each = potential panic in RT paths
10 112KB alloc/frame in Python csi_processor.py:412-414 Deque→list→numpy every frame

P2 — Fix This Quarter

# Issue Impact
11 11/12 Python modules have zero unit tests (12,280 LOC) Services, middleware, DB untested
12 Firmware at 19% coverage (WASM runtime, OTA, swarm) Security-critical code untested
13 MAT screen auto-falls back to simulated data Disaster responders could monitor fake data
14 Token blacklist never consulted during auth Revoked tokens remain valid
15 50ms frame budget never benchmarked Real-time requirement unverified

Bright Spots

  • 79 ADRs (exceptional governance)
  • Witness bundle system (ADR-028) with SHA-256 proof
  • 2,618 Rust tests with mathematical rigor
  • Daily security scanning (Bandit, Semgrep, Safety)
  • Ed25519 WASM signature verification on firmware
  • Clean mobile state management with good test coverage

Full QE Reports (9 files, 4,914 lines)

Report What it covers
EXECUTIVE-SUMMARY.md Top-level synthesis with all scores and priority matrix
00-qe-queen-summary.md Master coordination, quality posture, test pyramid
01-code-quality-complexity.md Cyclomatic complexity, code smells, top 20 hotspots
02-security-review.md 15 security findings (3 HIGH, 7 MEDIUM), OWASP coverage
03-performance-analysis.md 23 perf findings (4 CRITICAL), frame budget analysis
04-test-analysis.md 3,353 tests inventoried, duplication, quality grading
05-quality-experience.md API/CLI/Mobile/DX UX assessment
06-product-assessment-sfdipot.md SFDIPOT analysis, 57 test ideas, 14 session charters
07-coverage-gaps.md Coverage matrix, top 20 risk gaps, 8-week roadmap

Consequences

  • P0 fixes eliminate 3 security vulnerabilities and 2 functional bugs
  • P1 fixes improve performance, reliability, and maintainability
  • P2 fixes close coverage gaps and harden the system for production
  • Target score improvement: 55 → 75+ after P0+P1 completion

Generated from QE swarm analysis (fleet-02558e91) on 2026-04-05

Reference in New Issue View Git Blame Copy Permalink