mirror of
https://github.com/ruvnet/RuView
synced 2026-06-17 11:33:19 +00:00
rUv
df617145d6
* feat(ADR-262 P3): live RuField surface — RuView sensing speaks RuField on /api/field + /ws/field Wire the P1 `wifi-densepose-rufield` bridge into the live `wifi-densepose-sensing-server` so the governed sensing cycle emits real signed RuField `FieldEvent`s on two additive endpoints. - Cargo: add the `wifi-densepose-rufield` path dep (the single coupling point, ADR-262 §5.4 — no new RuView-internal coupling). - New `src/rufield_surface.rs` (kept out of the 8k-line main.rs): `FieldSurface` holds a dedicated ed25519 `Signer` + a bounded ring of recent events + the `/ws/field` broadcast topic; `GET /api/field` and `GET /ws/field` handlers; a standalone `router()` for isolated testing. - Signer (defers the P2 key decision, ADR-262 §8 Q1): a STANDALONE dev/sensing key from `WDP_RUFIELD_SIGNING_SEED`, else a deterministic dev default with a logged WARN. Reusing the `cog-ha-matter` Ed25519 key is the deferred P2 call — P3 does not pre-empt it. - Tap: at the ESP32 governed-trust cycle (`main.rs` ~5886 observe_cycle / ~5938 SensingUpdate build), `emit_rufield_event` joins the cycle's features/classification/signal_field with the engine's effective_class/demoted trust state into a `SensingSnapshot` and surfaces it via the bridge. Existing endpoints (`/ws/sensing` etc.) are unchanged — purely additive. - Privacy egress: `network_egress_allowed` is fail-closed for an unattended live surface — only P1/P2 leave the box; P0 raw and P3/P4/P5 (identity/biometric/aggregate) are held edge-local. A `Derived` cycle maps to P4/P5 and never surfaces. - No-phantom: `emit` drops no-presence cycles (no fabricated events). Gates (tests/rufield_surface_test.rs, tower::oneshot, 4/0): well-formed signed event (WifiCsi, P2 not P1, is_fusable, real timestamp); empty cycle → no phantom; Derived trust never surfaces; mixed stream surfaces only egress-safe events. Honesty (ADR-262 §0/§6): real plumbing on a live endpoint, NOT accuracy. Single-link CSI with its existing caveats (no validated room-coordinate accuracy); dedicated dev signing key pending the P2 ownership decision; no accuracy claim. Co-Authored-By: claude-flow <ruv@ruv.net> * docs(ADR-262 P3): mark P1+P3 implemented; document /api/field + /ws/field; CHANGELOG - ADR-262 Status → "P1 + P3 implemented"; add a P3 implementation-status block (tap site, endpoints, dedicated dev signer deferring the §8 Q1 key decision, fail-closed egress, gates). Keep the honesty framing: real plumbing on a live endpoint, not accuracy. - CHANGELOG [Unreleased]: add the ADR-262 P3 entry. - user-guide: add `/api/field` to the REST table + a "RuField surface (ADR-262 P3)" section covering `/api/field` + `/ws/field`, the fail-closed P1/P2-only egress, the WDP_RUFIELD_SIGNING_SEED dev key, and the no-accuracy honesty note. Co-Authored-By: claude-flow <ruv@ruv.net> * ci: checkout submodules everywhere + Dockerfile copies vendor/rufield Making wifi-densepose-rufield (ADR-262 bridge) a v2 workspace member means EVERY cargo-on-workspace context must have the vendor/rufield submodule present (cargo loads all member manifests). P1 only fixed the rust-tests job; this adds `submodules: recursive` to all workflow checkouts that run cargo (mqtt-integration was failing on the missing submodule manifest), and makes Dockerfile.rust COPY vendor/rufield/ to /vendor/rufield (matches the bridge's ../../../vendor/rufield path-dep under the collapsed Docker layout). update-submodules.yml left alone (it manages submodules itself). Co-Authored-By: claude-flow <ruv@ruv.net> --------- Co-authored-by: ruv <ruvnet@gmail.com>
127 lines
4.7 KiB
YAML
127 lines
4.7 KiB
YAML
name: Verify Pipeline Determinism
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, master, 'claude/**' ]
|
|
paths:
|
|
- 'archive/v1/src/core/**'
|
|
- 'archive/v1/src/hardware/**'
|
|
- 'archive/v1/data/proof/**'
|
|
- 'archive/v1/requirements-lock.txt'
|
|
- '.github/workflows/verify-pipeline.yml'
|
|
pull_request:
|
|
branches: [ main, master ]
|
|
paths:
|
|
- 'archive/v1/src/core/**'
|
|
- 'archive/v1/src/hardware/**'
|
|
- 'archive/v1/data/proof/**'
|
|
- 'archive/v1/requirements-lock.txt'
|
|
- '.github/workflows/verify-pipeline.yml'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
verify-determinism:
|
|
name: Verify Pipeline Determinism
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
python-version: ['3.11']
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Set up Python ${{ matrix.python-version }}
|
|
uses: actions/setup-python@v6
|
|
with:
|
|
python-version: ${{ matrix.python-version }}
|
|
|
|
- name: Install pinned dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r archive/v1/requirements-lock.txt
|
|
|
|
- name: Verify reference signal is reproducible
|
|
run: |
|
|
echo "=== Regenerating reference signal ==="
|
|
python archive/v1/data/proof/generate_reference_signal.py
|
|
echo ""
|
|
echo "=== Checking data file matches committed version ==="
|
|
# The regenerated file should be identical to the committed one
|
|
# (We compare the metadata file since data file is large)
|
|
python -c "
|
|
import json, hashlib
|
|
with open('archive/v1/data/proof/sample_csi_meta.json') as f:
|
|
meta = json.load(f)
|
|
assert meta['is_synthetic'] == True, 'Metadata must mark signal as synthetic'
|
|
assert meta['numpy_seed'] == 42, 'Seed must be 42'
|
|
print('Reference signal metadata validated.')
|
|
"
|
|
|
|
- name: Run pipeline verification
|
|
working-directory: archive/v1
|
|
env:
|
|
# Pin thread count for scipy.fft / BLAS — multi-threaded reduction
|
|
# order is otherwise non-deterministic across CI runs (issue #560
|
|
# follow-up: 9- and 6-decimal quantization were not enough because
|
|
# the divergence is from threading order, not SIMD reordering).
|
|
# Single-threaded keeps the proof reproducible at a ~2-3x slowdown.
|
|
OMP_NUM_THREADS: "1"
|
|
OPENBLAS_NUM_THREADS: "1"
|
|
MKL_NUM_THREADS: "1"
|
|
VECLIB_MAXIMUM_THREADS: "1"
|
|
NUMEXPR_NUM_THREADS: "1"
|
|
run: |
|
|
echo "=== Running pipeline verification ==="
|
|
python data/proof/verify.py
|
|
echo ""
|
|
echo "Pipeline verification PASSED."
|
|
|
|
- name: Run verification twice to confirm determinism
|
|
working-directory: archive/v1
|
|
env:
|
|
OMP_NUM_THREADS: "1"
|
|
OPENBLAS_NUM_THREADS: "1"
|
|
MKL_NUM_THREADS: "1"
|
|
VECLIB_MAXIMUM_THREADS: "1"
|
|
NUMEXPR_NUM_THREADS: "1"
|
|
run: |
|
|
echo "=== Second run for determinism confirmation ==="
|
|
python data/proof/verify.py
|
|
echo "Determinism confirmed across multiple runs."
|
|
|
|
- name: Check for unseeded np.random in production code
|
|
run: |
|
|
echo "=== Scanning for unseeded np.random usage in production code ==="
|
|
# Search for np.random calls without a seed in production code
|
|
# Exclude test files, proof data generators, and known parser placeholders
|
|
VIOLATIONS=$(grep -rn "np\.random\." archive/v1/src/ \
|
|
--include="*.py" \
|
|
--exclude-dir="__pycache__" \
|
|
| grep -v "np\.random\.RandomState" \
|
|
| grep -v "np\.random\.seed" \
|
|
| grep -v "np\.random\.default_rng" \
|
|
| grep -v "# placeholder" \
|
|
| grep -v "# mock" \
|
|
| grep -v "# test" \
|
|
|| true)
|
|
|
|
if [ -n "$VIOLATIONS" ]; then
|
|
echo ""
|
|
echo "WARNING: Found potential unseeded np.random usage in production code:"
|
|
echo "$VIOLATIONS"
|
|
echo ""
|
|
echo "Each np.random call should either:"
|
|
echo " 1. Use np.random.RandomState(seed) or np.random.default_rng(seed)"
|
|
echo " 2. Be in a test/mock context (add '# placeholder' comment)"
|
|
echo ""
|
|
# Note: This is a warning, not a failure, because some existing
|
|
# placeholder code in parsers uses np.random for mock data.
|
|
# Once hardware integration is complete, these should be removed.
|
|
echo "WARNING: Review the above usages. Existing parser placeholders are expected."
|
|
else
|
|
echo "No unseeded np.random usage found in production code."
|
|
fi
|