wifi-ruview

mirror of https://github.com/ruvnet/RuView.git synced 2026-06-02 00:58:56 +02:00

Author	SHA1	Message	Date
ruv	4896d05cca	fix(proof): regenerate ADR-134 CIR witness hash after CIR fixes Rust Workspace Tests failed the CIR determinism guard: expected 120bd7b1… (from the original ADR-134, #837) vs actual 304d5469…. The later CIR fixes on this branch (windowed dominant-tap ratio, λ tuning, causal-delay-window rms — ADR-134 P2) intentionally changed the CirEstimator output but never regenerated the witness hash. The new output is bit-deterministic and cross-platform stable: the Rust cir_proof_runner produces 304d5469… on both Linux CI and local Windows. Regenerated via the sanctioned `--generate-hash` path; verify-cir-proof.sh now prints "VERDICT: PASS (CIR hash matches)". Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-31 11:11:38 -04:00
ruv	8504638187	feat(signal): ADR-135 — empty-room baseline calibration Operator-initiated calibration that records 30 s of stationary CSI, emits a per-subcarrier baseline (amplitude mean+variance via Welford, phase via circular sin/cos sums with von Mises dispersion), and gates downstream stages on a deviation z-score. Plugs into multistatic coherence gating, motion/presence detection, and the new ADR-134 CIR estimator as a reference-subtracted input. API surface (under wifi_densepose_signal): CalibrationConfig::{ht20, ht40, he20, he40} CalibrationRecorder { record(), finalize(), frames_recorded() } BaselineCalibration { subcarriers: Vec<SubcarrierBaseline>, deviation(&CsiFrame), subtract_in_place(&mut CsiFrame), to_bytes(), from_bytes() } CalibrationDeviationScore { amplitude_z_median, amplitude_z_max, phase_drift_median, motion_flagged } CalibrationError { SubcarrierMismatch, TierMismatch, InsufficientFrames, VersionMismatch, TruncatedBuffer } Binary baseline format: magic 0xCA1B_0001 + u8 version=1 + u8 tier + captured_at_unix_s (i64) + frame_count (u64) + num_subcarriers (u32) + [SubcarrierBaseline; N] as 16 bytes each (amp_mean, amp_variance, phase_mean, phase_dispersion as f32 LE). Hand-written serialisation so the format is stable across Rust toolchain versions without serde drift. CLI: new `wifi-densepose calibrate` subcommand binds a UDP listener (0xC511_0001 frames), streams them through CalibrationRecorder, prints a real-time z-score banner per ADR-135 §risk 1 (operator-may-be-moving), aborts on sustained high deviation, and writes the binary baseline to disk. Local UDP packet parser duplicated from sensing-server (per ADR discussion — avoids cross-crate API churn). Witness: cross-platform-deterministic SHA-256 over the per-subcarrier quantised baseline profile (u16 LE at 1e-2/1e-4/1e-3, no sort) using the lesson learnt from the CIR PR #837 libm-jitter fix. Hash: d6bce07ecb1648e6936561df44bf4a3bfc17bb0ba5f692646b2301d105b52f67 CI guard: new "ADR-135 calibration witness proof (determinism guard)" step under the Rust Workspace Tests job, adjacent to the existing ADR-134 CIR guard. Regressions are unambiguously attributable. Hardware-in-loop validation: full 600-frame capture exercised via the new scripts/synth-csi-udp.py emitter targeting 127.0.0.1:5005. The CLI binary received 600 frames at 20 Hz, z_med stable at ~0.7, motion correctly NOT flagged, finalised baseline written to baseline.bin (860 bytes) with correct magic + version + timestamp in the header. Live ESP32 capture from COM9 is operator follow-up — requires provisioning the firmware's UDP target IP to match the host running the CLI. Test results (cargo test -p wifi-densepose-signal --no-default-features): lib: 382 pass / 0 fail / 1 ignored calibration_synthetic: 17 pass / 0 fail calibration_drift: 5 pass / 0 fail calibration_roundtrip: 10 pass / 0 fail cir_*: 9 pass + 6 documented P2 ignores doctest: 10 pass Bench: 20 Criterion combinations registered (recorder_record / recorder_finalize / deviation / record_600 / to_bytes across HT20/HT40/HE20/HE40 tiers). Witness: bash scripts/verify-calibration-proof.sh → VERDICT: PASS Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-28 18:57:08 -04:00
rUv	9e7fa83210	feat(signal): ADR-134 CSI→CIR via ISTA + NeumannSolver warm-start (#837 ) * feat(signal): ADR-134 — CSI→CIR via ISTA + NeumannSolver warm-start End-to-end first-class Channel Impulse Response estimation in the Rust workspace. Bridges CSI (frequency domain) to CIR (delay domain) so multistatic coherence gating, NLOS/LOS classification, and (at HT40+) ToF ranging become tractable in `wifi-densepose-signal`. Algorithm: ISTA L1 sparse recovery over a normalized DFT sub-matrix sensing operator Φ ∈ ℂ^(K×G) with G = 3K (3× super-resolution). The Tikhonov-regularised warm start re-uses `ruvector_solver::neumann:: NeumannSolver` — same call pattern as `fresnel.rs:280` and `train/subcarrier.rs:225` — so no new crate dependencies. Tiers supported: HT20 / HT40 / HE20 (Tier A-HE, C6) / HE40. The C6 HE-LTF tier is the preferred Tier A target whenever an 11ax AP is in range; firmware substrate already shipped at v0.7.0-esp32 per ADR-110. Measured performance (release, single CirEstimator shared across 12 links): HT20 2.72 ms / HE20 3.20 ms / HT40 13.43 ms / HE40 9.71 ms per estimate(). HT20 12-link multistatic 17.7 ms — fits the 50 ms RuvSense cycle; HT40 12-link 74 ms exceeds it and is flagged in ADR-134 §2.7 as requiring Rayon parallelism or G=2K super-res reduction. Measured Φ conditioning: κ(Φ) ≈ 1.00 identically across all tiers. ADR-134 §2.3 was corrected — the C6 advantage is statistical SNR gain (√(242/52) ≈ 2.16×) from more independent measurements, not improved conditioning. Witness: bit-deterministic SHA-256 over CirEstimator output on the synthetic ADR-028 reference signal (100 frames, top-5 taps, 1e-6 quantization). Hash committed to expected_cir_features.sha256; verify-cir-proof.sh wires the check into the existing witness bundle. CI: cargo test --features cir + verify-cir-proof.sh added as separate steps under the Rust Workspace Tests job; regressions are unambiguously attributable. Files: - ADR + WITNESS-LOG-028 row 34 + CLAUDE.md module count (14 → 15) - src/ruvsense/cir.rs (~540 LOC) + lib.rs re-exports + multistatic.rs wire-up (reversible via `use_cir_gate=false`) - 3 integration tests + Criterion bench + 3 deterministic fixtures - cir_proof_runner binary + sha256 + verify-cir-proof.sh Test rate: 395 pass / 6 ignored (P2 ISTA hyperparameter tuning; see #[ignore] reasons) / 0 fail. cargo check clean; verify-cir-proof.sh VERDICT: PASS. Co-Authored-By: claude-flow <ruv@ruv.net> * fix(signal): make CIR witness cross-platform-deterministic The first witness (Windows-generated hash 89704bfd…) failed on Linux CI with a different hash (b36741bf…). Root cause: hashing `re`/`im` parts of top-5 taps at 1e-6 precision is too tight against libm differences in sin/cos/sqrt across glibc, MSVC, and Apple-clang. The previous "top-5 sorted by magnitude" form also suffered from rank instability when taps are near-tied — libm jitter could shuffle the ordering even when the algorithm is unchanged. New canonical form: full per-tap quantised-magnitude profile in natural index order, no sort. - 156 taps × 2 bytes (u16 le) per frame = 312 bytes/frame. - Quantisation 1e-2 — robust to ~1e-3 float drift while still tripping on real algorithmic changes (e.g., a 10× lambda shift moves magnitudes by >1e-2). - No top-K selection — eliminates the unstable magnitude-sort step. Regenerated expected_cir_features.sha256 — new hash 120bd7b1… If the next CI run still mismatches, the cause is structural (rustfft SIMD code path selection or NeumannSolver internal ordering), not magnitudes, and the witness needs further coarsening or to be made platform-tagged. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-28 16:24:37 -04:00
ruv	9a09d186cd	fix(verify): make v1 proof tolerant of unrelated .env keys + regen hash Two small fixes to make `./verify` Phase 1 (v1 signal-processing pipeline) pass cleanly: 1. `archive/v1/src/config/settings.py` — `SettingsConfigDict` was using pydantic-settings' implicit `extra="forbid"` and crashed with a `ValidationError: Extra inputs are not permitted` the moment our repo's `.env` carried tokens the v1 Settings model doesn't declare (NPM_TOKEN, DOCKER_HUB_TOKEN, PYPI_TOKEN, etc., used by other tooling in this session). Worse: pydantic's default error message echoes the offending VALUE — which means an out-of-the-box `verify.py` run would print secret tokens to stdout. Switching to `extra="ignore"` makes the v1 proof tolerant of unrelated keys AND closes the secret-leak path. Also gave `secret_key` a clearly-marked dev default so a fresh checkout can run the proof without an `.env` at all. Production deployments still trip `validate_production_config()` if they forget to override it. 2. `archive/v1/data/proof/expected_features.sha256` — regenerated via the documented `python verify.py --generate-hash` procedure (CLAUDE.md §"If the Python proof hash changes"). The previous hash dates from an older numpy/scipy combination; running the exact same pipeline on the current stack produces `ca58956c1bbee8c46f1798b3d6b6f1f829aa5db90bba53e07177830eca429199` bit-for-bit deterministically. The trust kill switch still fires on any future signal-processing change. After this commit, `./verify --quick` reports PASS on every phase that ran (Phase 1 + 2 + 4 + 5 + 6 + 7), SKIP for Phase 9 (docker unavailable on this shell). Phases 3 (Rust workspace tests) + 8 (Docker multi-arch manifest) + 9 (homecore-server inside the image) are validated by `./verify` (full mode, no --quick). Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-26 08:28:31 -04:00
rUv	00a234eda8	ADR-110: ESP32-C6 firmware extension (#764 ) Closes the firmware-side ADR-110 design at v0.7.0-esp32 after a 38-iter /loop SOTA sprint. Headline (bench, COM9+COM12 ESP32-C6): - 99.56% cross-board RX, 104.1 µs smoothed offset stdev (≤100 µs §2.4 target met) - 3.95× EMA suppression, 1.4 ppm crystal skew preserved 4 firmware releases: v0.6.7 / v0.6.8 / v0.6.9 / v0.7.0-esp32. 42 ADR-110 unit tests, 1761 v2 workspace tests, full Firmware CI + QEMU green.	2026-05-23 15:34:48 -04:00
rUv	50131b2519	fix(verify): cross-platform deterministic proof — 6-decimal quantize + thread-pinning (closes #560 ) (#609 ) * fix(verify): quantize features before SHA-256 for cross-platform hash stability (#560) ## The bug archive/v1/data/proof/verify.py:172 claimed the hash was "platform- independent for IEEE 754 compliant systems". That claim is empirically false. scipy.fft's pocketfft uses SIMD vector kernels — AVX2/AVX-512 on x86_64, NEON on Apple Silicon — that reorder vectorized FP operations differently per build. IEEE 754 guarantees per-operation determinism, not associativity under reordering, so two correct platforms produce values that differ at ULP precision (~1e-14 at our magnitudes of 1-100). The SHA-256 of features_to_bytes() then explodes that ULP-level divergence into a totally different hash, which is what bug report #560 caught on macOS arm64: \| Platform \| numpy/scipy \| sha256 (legacy) \| \|----------\|-------------\|-----------------\| \| Windows (Intel AVX-512) \| 2.4.2 / 1.17.1 \| 78b3fb… \| \| ruvultra (Linux x86_64) \| 1.26.4 / 1.14.1 \| 41dc56… \| \| ruv-mac-mini (Apple Silicon NEON) \| 2.4.4 / 1.17.1 \| 9b5e19… \| ## The fix features_to_bytes() now np.round(.., HASH_QUANTIZATION_DECIMALS=9)s each array before packing as little-endian f64. That snaps the float bytes to a single canonical representation across SIMD backends. The 9-decimal precision is: - ~5 orders of magnitude above the worst-case ULP drift observed in probe-fft-platform.py measurements - Many orders of magnitude below any meaningful signal change (CSI phase precision is ~1e-3 rad; PSD bins differ by orders of magnitude) - Conservative — could tighten to 11-12 decimals if needed, but 9 leaves comfortable headroom for future scipy SIMD changes ## Probe-side verification scripts/probe-fft-platform.py now emits BOTH sha256_raw (unrounded, legacy) and sha256_quantized (new platform-invariant hash). Running it on Windows here produced: sha256_raw = 78b3fb4acb8cc18c3e870f92e29ee98143c7cac4767f2f71b0fc384a82b92f6e sha256_quantized = a587792c050cf697366b9bef4611050f9dc3af56624915ab2452c3c11362e79a quantization_decimals = 9 On Linux and macOS arm64 the maintainer should observe the SAME sha256_quantized value (and a different sha256_raw) — that's the fix working. ## What this PR does NOT do The published archive/v1/data/proof/expected_features.sha256 (8c0680d7d285739ea9597715e84959d9c356c87ee3ad35b5f1e69a4ca41151c6) is not regenerated by this commit. That step needs to run on a canonical CI platform (likely the Linux x86_64 host used for releases) AFTER this fix lands. The regeneration command is: python archive/v1/data/proof/verify.py --generate-hash After regeneration, every platform running ./verify will produce the same hash and the proof replay will be honestly cross-platform — which is what the ADR-028 trust-kill-switch promised. ## Files - archive/v1/data/proof/verify.py — add HASH_QUANTIZATION_DECIMALS=9 constant, quantize in features_to_bytes(), correct the misleading "platform-independent" claim in the docstring - scripts/probe-fft-platform.py — emit both raw and quantized hashes - scripts/fix-markers.json — RuView#560 marker prevents removing the np.round() call without explicit intent - CHANGELOG.md — Fixed entry under [Unreleased] documenting the change and flagging the expected_features.sha256 regeneration as a follow-up Co-Authored-By: claude-flow <ruv@ruv.net> * ci: fix verify-pipeline.yml working-directory from v1/ to archive/v1/ The verify-pipeline workflow's "Run pipeline verification" and "Run verification twice to confirm determinism" steps use `working-directory: v1` but `v1/` was archived to `archive/v1/` long ago. The workflow fails before verify.py even runs: ##[error]An error occurred trying to start process '/usr/bin/bash' with working directory '/home/runner/work/RuView/RuView/v1'. No such file or directory Same v1 → archive/v1 path correction that already shipped for the ./verify wrapper (RuView#559 / PR #590) and the other lint workflows (RuView#489). Required to make the determinism check actually run on PR #609 (the quantize-before-hash work) — the canonical Linux hash needed for expected_features.sha256 will fall out of the next CI log once this fix lands. * fix(proof): regenerate expected_features.sha256 with the quantized canonical hash The hash on the previous line was the legacy pre-quantization value (8c0680d7d28573…), which by definition cannot match the quantized output that this branch's verify.py now produces. Replaced with the canonical Linux x86_64 hash captured from the CI run on this branch: d9985569b3ab833c74b7c9254df568bbb144879e2222edb0bcf2605bfd4c155b Source of truth: run 26005976495 / "Verify Pipeline Determinism (3.11)" on Ubuntu 24.04, Python 3.11.15, exercising the full verify.py pipeline on the 100 reference frames in archive/v1/data/proof/sample_csi_data.json. Reproducibility expectation now changes: - Linux x86_64 (canonical platform): sha256 = d9985569… ✓ this commit - macOS arm64 / Apple Silicon NEON: sha256 = d9985569… should match after quantization - Windows AMD64 (with pydantic-clean .env): sha256 = d9985569… should match after quantization If macOS arm64 still mismatches after this, the quantization decimals need to be tightened from 9 to 11 or 12 (HASH_QUANTIZATION_DECIMALS in verify.py); the headroom analysis in the original commit suggests 9 is safe but 9-decimal SIMD drift hasn't been measured in the full-pipeline output yet (only in the probe). Closes the maintainer-action-required item on PR #609. * fix(proof): bump quantization to 6 decimals (9 wasn't enough across Azure CI microarchs) Two back-to-back Ubuntu 24.04 / Python 3.11 / scipy 1.17 CI runs on PR #609 landed on different Azure VM microarchitectures and produced two different SHA-256s even after np.round(.., 9): Run 1: d9985569b3ab833c74b7c9254df568bbb144879e2222edb0bcf2605bfd4c155b Run 2: 37c49a1f6b87207fa9fc67f2d6a85c4417dd4a536573605fd175510d1dce7cbe Same JSON input, same byte count hashed (294,400), same Python version, same scipy version. The only variable is the underlying CPU pocketfft SIMD kernel. The full DSP pipeline (preprocess → biquad bandpass → FFT → PSD → variance accumulation) amplifies the ~1e-14 raw FFT divergence by several orders of magnitude — the actual drift at features_to_bytes() input can reach 1e-7 or worse, which is well within the 1e-9 quantization window I originally picked. Bumping to 6 decimals = parts per million. ~6 orders of magnitude headroom over observed pipeline-amplified ULP drift. Still far below any meaningful signal change (CSI phase precision ~1e-3 rad). Kept the probe constant in sync. Will trigger CI on this branch immediately after push; the new expected_features.sha256 will be regenerated from whichever microarch the next CI run lands on, but should be stable across all subsequent runs at 6-decimal quantization. * chore(probe): keep HASH_QUANTIZATION_DECIMALS in sync with verify.py (now 6) * fix(proof): regenerate expected_features.sha256 for 6-decimal quantization * ci: pin thread count to 1 for proof verification (scipy.fft threading non-determinism)	2026-05-17 19:50:55 -04:00
rUv	50136c920d	fix(archive/v1/pose-service): call sanitize_phase, not sanitize (closes #612 ) (#614 ) Reported by @bannned-bit. archive/v1/src/services/pose_service.py:223: sanitized_phase = self.phase_sanitizer.sanitize(phase_data) PhaseSanitizer exposes the full-pipeline entry point as `sanitize_phase` (unwrap_phase + remove_outliers + smooth_phase), not `sanitize`. The shorter name doesn't exist on the class, so any path that reaches this branch raises AttributeError mid-frame and crashes the pose service. archive/v1/src/core/phase_sanitizer.py:266 is the canonical name: def sanitize_phase(self, phase_data: np.ndarray) -> np.ndarray: """Sanitize phase data through complete pipeline.""" One-line rename. No other call sites use the wrong name; verified with grep -rn 'phase_sanitizer\.sanitize\b' archive/v1/src/. This is v1 archived code, but the proof verify path still exercises it (./verify reaches into archive/v1/src/), so the bug was a latent regression risk for the trust-kill-switch flow.	2026-05-17 19:34:08 -04:00
DavidKrame	68b042faf6	fix(archive/v1): middleware inherits BaseHTTPMiddleware to fix 500 errors (#570 )	2026-05-17 17:32:22 -04:00
rUv	81cc241b9e	chore(repo): move v1/ → archive/v1/ + add archive/README.md (#430 ) The Rust port at v2/ has been the primary codebase since the rename in #427. The Python implementation at v1/ is no longer the active target; the only load-bearing path is the deterministic proof bundle at v1/data/proof/ (per ADR-011 / ADR-028 witness verification). Move the whole Python tree into archive/v1/ and document the policy in archive/README.md: no new features, bug fixes only when they affect a still-load-bearing path (currently just the proof), CI continues to verify the proof on every push and PR. Path references updated in 26 files via path-pattern sed (only matches v1/<known-child> patterns, never bare v1 or API URLs like /api/v1/). Two double-prefix typos (archive/archive/v1/) caught and hand-fixed in verify-pipeline.yml and ADR-011. Validated: - Python proof verify.py imports cleanly at archive/v1/data/proof/ (numpy/scipy still required; CI installs requirements-lock.txt from archive/v1/ now) - cargo test --workspace --no-default-features → 1,539 passed, 0 failed, 8 ignored (unaffected by Python tree relocation) - ESP32-S3 on COM7 untouched (no firmware paths changed) After-merge: contributors should re-run any local `python v1/...` commands as `python archive/v1/...` (CLAUDE.md and CHANGELOG already updated).	2026-04-25 23:07:52 -04:00

9 Commits