frank/ruvnet--RuView
1
0
Fork 0
mirror of https://github.com/ruvnet/RuView synced 2026-06-09 10:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b6420ac9bad9b0646891db460d8193a5f9dbdd21
ruvnet--RuView/firmware/esp32-csi-node/main/rv_feature_state.h
T
rUv 2c136aca74 fix(protocol): resolve 0xC511_0004 magic collision (closes #928) (#931) 
* fix(ci): SAST actually scans the code + drop deprecated flaky semgrep action

Two real problems in the Static Application Security Testing job:

1. **It scanned a path that no longer exists.** `bandit -r src/` and
   `semgrep … src/` pointed at the repo-root `src/`, but the Python code
   moved to `archive/v1/src/` (64 .py files) when the runtime was rewritten
   in Rust. So the SAST scan matched nothing — a silent no-op (this is also
   why `bandit-results.sarif` was "Path does not exist" on recent runs).
   Fixed both to `archive/v1/src/`.

2. **Deprecated + redundant + flaky semgrep step.** The
   `returntocorp/semgrep-action@v1` step pulled `returntocorp/semgrep-agent:v1`
   from Docker Hub every run (intermittently timing out → red check, e.g. on
   #929) and is EOL. It was redundant: the pip `semgrep --sarif` step is what
   feeds GitHub Security; the action only pushed to the Semgrep cloud app via
   SEMGREP_APP_TOKEN. Removed it and folded its `p/docker` + `p/kubernetes`
   rulesets into the pip semgrep command, so coverage is preserved with no
   Docker pull.

The job stays `continue-on-error: true` (non-gating). YAML validated.

Co-Authored-By: claude-flow <ruv@ruv.net>

* fix(protocol): resolve 0xC511_0004 magic collision (closes #928)

Background

`0xC511_0004` was assigned to two different packet formats in firmware
— `EDGE_FUSED_MAGIC` (ADR-063, 48-byte `edge_fused_vitals_pkt_t`) and
`WASM_OUTPUT_MAGIC` (ADR-040, variable-length `wasm_output_pkt_t`).
Both were transmitted. The sensing-server only had a WASM parser for
that magic and no fused-vitals parser, so on the ESP32-C6 + MR60BHA2
mmWave configuration the fused-vitals packet was silently misparsed
as a malformed WASM output — `breathing_rate` was read as
`event_count`, mmWave-fused vitals were lost, and spurious WASM events
were emitted to subscribers.

Fix

1. Reassign `WASM_OUTPUT_MAGIC` to `0xC511_0007` (next free slot per
   the registry in `rv_feature_state.h`). Smaller blast radius than
   moving fused-vitals — the registry already treats `0xC511_0004` as
   fused-vitals canonical and several years of deployed feature
   tracking depends on that assignment.

2. Add `parse_edge_fused_vitals` + `EdgeFusedVitalsPacket` in
   `wifi-densepose-sensing-server::main`. Byte layout taken directly
   from `edge_processing.h:129`, mirroring the firmware's
   `_Static_assert(sizeof(edge_fused_vitals_pkt_t) == 48)` so future
   firmware changes that grow the packet will break this parser
   loudly instead of silently.

3. Add a dispatch arm in the UDP receive loop. Fused-vitals is tried
   BEFORE WASM so a stale firmware (still emitting 0xC511_0004 with
   the WASM payload) fails to parse as fused-vitals (size mismatch),
   then fails to parse as WASM (magic mismatch on the new 0x...0007),
   and gets dropped — a deliberate "fail loud" outcome rather than the
   pre-fix silent garbage.

4. Update the registry comment in `rv_feature_state.h` to add the new
   0x...0007 row.

5. Add five tests in a new `issue_928_magic_collision_tests` mod:
   - `parse_edge_fused_vitals_extracts_fields_correctly`
   - `parse_edge_fused_vitals_rejects_short_buffer`
   - `parse_edge_fused_vitals_rejects_wrong_magic`
   - `parse_wasm_output_rejects_legacy_0004_magic`
   - `parse_wasm_output_accepts_new_0007_magic`

WebSocket payload

Fused-vitals now broadcasts as `{"type": "edge_fused_vitals", ...}`
with the mmWave-specific block nested under `mmwave`. Schema is
additive — existing subscribers that only inspect `type` are
unaffected; subscribers that switch on `type` gain a new branch.

Deployment note

This is a wire-protocol change. Firmware older than this commit that
emits WASM output on 0xC511_0004 will lose its WASM event stream
against an updated host (host expects 0xC511_0007). Per the issue
discussion, "fail loud" is preferred to silent misparsing. Operators
running C6+mmWave should reflash firmware concurrent with the host
upgrade.

Test results
  cargo test -p wifi-densepose-sensing-server --no-default-features
  --bin sensing-server
  → 122 passed / 0 failed (5 new + 117 existing, unchanged)

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-06-03 11:56:35 +02:00

112 lines
4.3 KiB
C
Raw Blame History

/**
* @file rv_feature_state.h
* @brief ADR-081 Layer 4 — Compact on-wire feature state packet.
*
* The default upstream payload from a node. Replaces raw ADR-018 CSI as the
* primary stream; ADR-018 raw frames remain available as a debug stream
* gated by the controller / channel plan.
*
* Magic numbers in use across the firmware:
* 0xC5110001 — ADR-018 raw CSI frame (csi_collector.h)
* 0xC5110002 — ADR-039 vitals packet (edge_processing.h)
* 0xC5110003 — ADR-069 feature vector (edge_processing.h)
* 0xC5110004 — ADR-063 fused vitals (edge_processing.h)
* 0xC5110005 — ADR-039 compressed CSI (edge_processing.h)
* 0xC5110006 — ADR-081 feature state (this file)
* 0xC5110007 — ADR-040 WASM output (wasm_runtime.h, reassigned per issue #928)
*/
#ifndef RV_FEATURE_STATE_H
#define RV_FEATURE_STATE_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/** Magic number for ADR-081 rv_feature_state_t. */
#define RV_FEATURE_STATE_MAGIC 0xC5110006u
/** Quality flag bits. */
#define RV_QFLAG_PRESENCE_VALID (1u << 0)
#define RV_QFLAG_RESPIRATION_VALID (1u << 1)
#define RV_QFLAG_HEARTBEAT_VALID (1u << 2)
#define RV_QFLAG_ANOMALY_TRIGGERED (1u << 3)
#define RV_QFLAG_ENV_SHIFT_DETECTED (1u << 4)
#define RV_QFLAG_DEGRADED_MODE (1u << 5)
#define RV_QFLAG_CALIBRATING (1u << 6)
#define RV_QFLAG_RECOMMEND_RECAL (1u << 7)
/**
* Compact per-node sensing state. Sent at 1-10 Hz by default, replacing the
* raw ADR-018 stream as the primary upstream payload.
*
* Mode field carries the rv_capture_profile_t value of the dominant window
* — receivers can use it to weight features (a sample emitted under
* RV_PROFILE_FAST_MOTION will have a stale respiration_bpm, etc.).
*
* CRC32 is the IEEE polynomial computed over bytes [0 .. sizeof - 4].
*/
typedef struct __attribute__((packed)) {
uint32_t magic; /**< RV_FEATURE_STATE_MAGIC. */
uint8_t node_id; /**< Source node id. */
uint8_t mode; /**< rv_capture_profile_t at emit time. */
uint16_t seq; /**< Monotonic per-node sequence. */
uint64_t ts_us; /**< Node-local microseconds. */
float motion_score; /**< 0..1, 100 ms window. */
float presence_score; /**< 0..1, 1 s window. */
float respiration_bpm; /**< Breaths per minute. */
float respiration_conf; /**< 0..1. */
float heartbeat_bpm; /**< Beats per minute. */
float heartbeat_conf; /**< 0..1. */
float anomaly_score; /**< 0..1, z-score-derived. */
float env_shift_score; /**< 0..1, baseline drift. */
float node_coherence; /**< 0..1, multi-link agreement. */
uint16_t quality_flags; /**< RV_QFLAG_* bitmap. */
uint16_t reserved;
uint32_t crc32; /**< IEEE CRC32 over bytes [0..end-4]. */
} rv_feature_state_t;
_Static_assert(sizeof(rv_feature_state_t) == 60,
"rv_feature_state_t must be 60 bytes on the wire");
/**
* Compute IEEE CRC32 over a byte buffer.
*
* Provided here (not in a separate util) because the firmware does not yet
* have a shared CRC32 helper — only zlib's via lwIP, which is not always
* exposed. This implementation is bit-by-bit; ~80 bytes/packet at low
* cadence has negligible CPU cost.
*
* @param data Input buffer.
* @param len Input length in bytes.
* @return IEEE CRC32 of the input.
*/
uint32_t rv_feature_state_crc32(const uint8_t *data, size_t len);
/**
* Finalize an rv_feature_state_t by populating magic, seq, ts_us, and crc32.
* Caller fills the remaining fields in-place before calling this. After
* finalize() the packet is ready to send on the wire.
*
* @param pkt Packet to finalize (caller-owned).
* @param node_id Source node id (typically csi_collector_get_node_id()).
* @param seq Monotonic sequence (caller-managed).
* @param ts_us Node-local microseconds (typically esp_timer_get_time()).
* @param mode Active rv_capture_profile_t.
*/
void rv_feature_state_finalize(rv_feature_state_t *pkt,
uint8_t node_id,
uint16_t seq,
uint64_t ts_us,
uint8_t mode);
#ifdef __cplusplus
}
#endif
#endif /* RV_FEATURE_STATE_H */
Reference in New Issue View Git Blame Copy Permalink