mirror of
https://github.com/ruvnet/RuView
synced 2026-06-19 11:53:19 +00:00
rUv
df617145d6
* feat(ADR-262 P3): live RuField surface — RuView sensing speaks RuField on /api/field + /ws/field Wire the P1 `wifi-densepose-rufield` bridge into the live `wifi-densepose-sensing-server` so the governed sensing cycle emits real signed RuField `FieldEvent`s on two additive endpoints. - Cargo: add the `wifi-densepose-rufield` path dep (the single coupling point, ADR-262 §5.4 — no new RuView-internal coupling). - New `src/rufield_surface.rs` (kept out of the 8k-line main.rs): `FieldSurface` holds a dedicated ed25519 `Signer` + a bounded ring of recent events + the `/ws/field` broadcast topic; `GET /api/field` and `GET /ws/field` handlers; a standalone `router()` for isolated testing. - Signer (defers the P2 key decision, ADR-262 §8 Q1): a STANDALONE dev/sensing key from `WDP_RUFIELD_SIGNING_SEED`, else a deterministic dev default with a logged WARN. Reusing the `cog-ha-matter` Ed25519 key is the deferred P2 call — P3 does not pre-empt it. - Tap: at the ESP32 governed-trust cycle (`main.rs` ~5886 observe_cycle / ~5938 SensingUpdate build), `emit_rufield_event` joins the cycle's features/classification/signal_field with the engine's effective_class/demoted trust state into a `SensingSnapshot` and surfaces it via the bridge. Existing endpoints (`/ws/sensing` etc.) are unchanged — purely additive. - Privacy egress: `network_egress_allowed` is fail-closed for an unattended live surface — only P1/P2 leave the box; P0 raw and P3/P4/P5 (identity/biometric/aggregate) are held edge-local. A `Derived` cycle maps to P4/P5 and never surfaces. - No-phantom: `emit` drops no-presence cycles (no fabricated events). Gates (tests/rufield_surface_test.rs, tower::oneshot, 4/0): well-formed signed event (WifiCsi, P2 not P1, is_fusable, real timestamp); empty cycle → no phantom; Derived trust never surfaces; mixed stream surfaces only egress-safe events. Honesty (ADR-262 §0/§6): real plumbing on a live endpoint, NOT accuracy. Single-link CSI with its existing caveats (no validated room-coordinate accuracy); dedicated dev signing key pending the P2 ownership decision; no accuracy claim. Co-Authored-By: claude-flow <ruv@ruv.net> * docs(ADR-262 P3): mark P1+P3 implemented; document /api/field + /ws/field; CHANGELOG - ADR-262 Status → "P1 + P3 implemented"; add a P3 implementation-status block (tap site, endpoints, dedicated dev signer deferring the §8 Q1 key decision, fail-closed egress, gates). Keep the honesty framing: real plumbing on a live endpoint, not accuracy. - CHANGELOG [Unreleased]: add the ADR-262 P3 entry. - user-guide: add `/api/field` to the REST table + a "RuField surface (ADR-262 P3)" section covering `/api/field` + `/ws/field`, the fail-closed P1/P2-only egress, the WDP_RUFIELD_SIGNING_SEED dev key, and the no-accuracy honesty note. Co-Authored-By: claude-flow <ruv@ruv.net> * ci: checkout submodules everywhere + Dockerfile copies vendor/rufield Making wifi-densepose-rufield (ADR-262 bridge) a v2 workspace member means EVERY cargo-on-workspace context must have the vendor/rufield submodule present (cargo loads all member manifests). P1 only fixed the rust-tests job; this adds `submodules: recursive` to all workflow checkouts that run cargo (mqtt-integration was failing on the missing submodule manifest), and makes Dockerfile.rust COPY vendor/rufield/ to /vendor/rufield (matches the bridge's ../../../vendor/rufield path-dep under the collapsed Docker layout). update-submodules.yml left alone (it manages submodules itself). Co-Authored-By: claude-flow <ruv@ruv.net> --------- Co-authored-by: ruv <ruvnet@gmail.com>
97 lines
3.9 KiB
YAML
97 lines
3.9 KiB
YAML
name: AetherArena harness gate (ADR-149)
|
|
|
|
# Runs the AetherArena scoring harness as a PR build gate. Every PR that touches
|
|
# the scorer, the metrics, or the benchmark scaffold must keep the deterministic
|
|
# score hash stable (ADR-149 §2.5 determinism_gate). If the scoring maths changes,
|
|
# the hash moves and this gate fails until `expected_score.sha256` is regenerated
|
|
# and reviewed — so scorer drift can never land silently.
|
|
#
|
|
# This is the "a PR that runs the harness as part of the build process" requirement.
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'v2/crates/wifi-densepose-train/src/ruview_metrics.rs'
|
|
- 'v2/crates/wifi-densepose-train/src/ablation.rs'
|
|
- 'v2/crates/wifi-densepose-train/src/bin/aa_score_runner.rs'
|
|
- 'aether-arena/**'
|
|
- '.github/workflows/aether-arena-harness.yml'
|
|
push:
|
|
branches: ['feat/adr-149-aether-arena']
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
harness-gate:
|
|
name: Run AA scorer harness (determinism gate)
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: v2
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Install Rust toolchain
|
|
run: rustup show && rustc --version
|
|
|
|
- name: Cache cargo
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
v2/target
|
|
key: aa-harness-${{ runner.os }}-${{ hashFiles('v2/Cargo.lock') }}
|
|
|
|
# 1. Build the pure-Rust scorer (no torch / no GPU → fast PR gate).
|
|
- name: Build AA score runner
|
|
run: cargo build -p wifi-densepose-train --bin aa_score_runner --no-default-features
|
|
|
|
# 2. Determinism gate: the committed expected hash must still match. A
|
|
# non-zero exit here fails the PR.
|
|
- name: Run determinism gate
|
|
run: cargo run -q -p wifi-densepose-train --bin aa_score_runner --no-default-features
|
|
|
|
# 3. Repeatability analysis (witness chain): the harness must produce one
|
|
# identical proof hash across many runs — any nondeterminism fails here.
|
|
- name: Repeatability analysis (16 runs)
|
|
run: cargo run -q -p wifi-densepose-train --bin aa_score_runner --no-default-features -- --repeat 16
|
|
|
|
# 4. Real-scoring smoke: score a sample prediction against the public smoke
|
|
# split, exercising the actual model-scoring path (not just the fixture).
|
|
- name: Real-scoring smoke test
|
|
run: |
|
|
cargo run -q -p wifi-densepose-train --bin aa_score_runner --no-default-features -- \
|
|
--split ../aether-arena/fixtures/smoke_split.json \
|
|
--pred ../aether-arena/fixtures/smoke_pred.json --json
|
|
|
|
# 5. Witness ledger chain integrity: the append-only results ledger must
|
|
# verify (every prev_hash link + row_hash intact = no silent edits).
|
|
- name: Verify witness ledger chain
|
|
working-directory: aether-arena/ledger
|
|
run: python3 ledger_tools.py verify
|
|
|
|
# 6. Emit the witness row + repeatability into the PR run summary.
|
|
- name: Witness row → job summary
|
|
if: always()
|
|
run: |
|
|
ROW=$(cargo run -q -p wifi-densepose-train --bin aa_score_runner --no-default-features -- --json)
|
|
REP=$(cargo run -q -p wifi-densepose-train --bin aa_score_runner --no-default-features -- --repeat 16)
|
|
{
|
|
echo "## AetherArena harness gate (witness chain)"
|
|
echo ""
|
|
echo "Deterministic witness (ADR-149 §2.2 / proof + repeatability):"
|
|
echo '```json'
|
|
echo "$ROW"
|
|
echo "$REP"
|
|
echo '```'
|
|
echo ""
|
|
echo "If the determinism gate failed, the scoring maths changed: regenerate with"
|
|
echo '`cargo run -p wifi-densepose-train --bin aa_score_runner --no-default-features -- --generate-hash > aether-arena/fixtures/expected_score.sha256` and review the diff.'
|
|
} >> "$GITHUB_STEP_SUMMARY"
|