wifi-ruview

awesome-bookmarks/wifi-ruview

Fork 0

mirror of https://github.com/ruvnet/RuView.git synced 2026-06-02 00:58:56 +02:00

Commit Graph

Author	SHA1	Message	Date
ruv	753f0a23b7	docs(adr-118): integrate Soul Signature into BFLD ADRs 118/120/121/122 Wire the Soul Signature research (docs/research/soul/) into BFLD as a consent-based opt-in that runs at privacy_class = 1 (derived). BFLD becomes the policy-enforcement and compliance layer for Soul Signature; the two share the AETHER encoder, the witness chain, the RVF container, and cross_room.rs. ADR-118 §1.4 (new): comparison table of intents, consent models, ID spaces, and shared assets. Explains why the two systems are complementary, not antagonistic. ADR-120 §2.7 (new): dual-ID-space contract. - Default BFLD: class 2, daily-rotated rf_signature_hash for all. - Soul Signature opt-in: class 1, rotating hash for unenrolled + stable opaque person_id for enrolled. No collision. - Class 3 (restricted): Soul Signature disabled. Static enforcement via --features soul-signature feature gate. ADR-121 §2.6 (new): Soul Signature Recalibrate exemption + enrollment- quality gate. - SoulMatchOracle suppresses Recalibrate when high score traces to an enrolled person_id (matched outcome is intended, not an attack). - identity_risk_score doubles as enrollment-quality signal: Soul Signature enrollment requires score >= 0.65 sustained over the 60s window. - Exemption is asymmetric: unknown high-separability clusters still trigger Recalibrate. ADR-122 §2.7 (new): three Soul Signature HA entities exposed at class 1 only, structurally rejected at the Matter boundary. Fourth blueprint (enrolled-person arrival notification) ships under feature flag, default off, per-person opt-in. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-24 12:35:06 -04:00
ruv	29233db6d5	docs(adr-118): BFLD — Beamforming Feedback Layer for Detection (6 ADRs + research bundle) Introduce the Beamforming Feedback Layer for Detection: the RuView safety layer that ingests WiFi BFI, measures identity-leakage risk, and structurally prevents identity-correlated data from leaving the node by default. ADRs (6): - ADR-118: umbrella decision, crate scaffolding, 6-phase rollout (~10.5 wk) - ADR-119: BfldFrame wire format, magic 0xBF1D_0001, deterministic serialization - ADR-120: 4 privacy classes, BLAKE3 keyed-hash rotation, #[must_classify] default-deny - ADR-121: 9-feature identity-risk scoring, coherence gate with hysteresis - ADR-122: 6 HA entities, 3 Matter clusters, mosquitto ACL, cognitum-v0 federation - ADR-123: Pi 5 / Nexmon production capture, AX210 dev path, ESP32-S3 self-only fallback Research bundle (docs/research/BFLD/, 13,544 words): - SOTA survey covering BFId (KIT, ACM CCS 2025) and LeakyBeam (NDSS 2025) - Architectural soul: defensive sensing primitive, not surveillance lens - Six-adversary threat model with attack trees and mitigations - Privacy-gating mechanics with structural cross-site isolation proof - Automation/integration surface (HA, Matter, MQTT, federation) - Concrete implementation plan with reuse map - Evaluation strategy with red-team protocol on KIT BFId dataset - Draft ADR, GitHub issue, and public gist Three structural invariants enforced by the type system, not policy: I1 — Raw BFI never exits the node I2 — Identity embedding is in-RAM-only (no Serialize impl) I3 — Cross-site identity correlation is cryptographically impossible (per-site BLAKE3 keyed-hash with daily epoch rotation) References: https://publikationen.bibliothek.kit.edu/1000185756 (BFId) https://www.ndss-symposium.org/wp-content/uploads/2025-5-paper.pdf (LeakyBeam) Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-24 12:20:52 -04:00

Author

SHA1

Message

Date

ruv

753f0a23b7

docs(adr-118): integrate Soul Signature into BFLD ADRs 118/120/121/122

Wire the Soul Signature research (docs/research/soul/) into BFLD as a
consent-based opt-in that runs at privacy_class = 1 (derived). BFLD becomes
the policy-enforcement and compliance layer for Soul Signature; the two
share the AETHER encoder, the witness chain, the RVF container, and
cross_room.rs.

ADR-118 §1.4 (new): comparison table of intents, consent models, ID spaces,
and shared assets. Explains why the two systems are complementary, not
antagonistic.

ADR-120 §2.7 (new): dual-ID-space contract.
- Default BFLD: class 2, daily-rotated rf_signature_hash for all.
- Soul Signature opt-in: class 1, rotating hash for unenrolled + stable
  opaque person_id for enrolled. No collision.
- Class 3 (restricted): Soul Signature disabled.
Static enforcement via --features soul-signature feature gate.

ADR-121 §2.6 (new): Soul Signature Recalibrate exemption + enrollment-
quality gate.
- SoulMatchOracle suppresses Recalibrate when high score traces to an
  enrolled person_id (matched outcome is intended, not an attack).
- identity_risk_score doubles as enrollment-quality signal: Soul Signature
  enrollment requires score >= 0.65 sustained over the 60s window.
- Exemption is asymmetric: unknown high-separability clusters still
  trigger Recalibrate.

ADR-122 §2.7 (new): three Soul Signature HA entities exposed at class 1
only, structurally rejected at the Matter boundary. Fourth blueprint
(enrolled-person arrival notification) ships under feature flag, default
off, per-person opt-in.

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-24 12:35:06 -04:00

ruv

29233db6d5

docs(adr-118): BFLD — Beamforming Feedback Layer for Detection (6 ADRs + research bundle)

Introduce the Beamforming Feedback Layer for Detection: the RuView safety layer
that ingests WiFi BFI, measures identity-leakage risk, and structurally prevents
identity-correlated data from leaving the node by default.

ADRs (6):
- ADR-118: umbrella decision, crate scaffolding, 6-phase rollout (~10.5 wk)
- ADR-119: BfldFrame wire format, magic 0xBF1D_0001, deterministic serialization
- ADR-120: 4 privacy classes, BLAKE3 keyed-hash rotation, #[must_classify] default-deny
- ADR-121: 9-feature identity-risk scoring, coherence gate with hysteresis
- ADR-122: 6 HA entities, 3 Matter clusters, mosquitto ACL, cognitum-v0 federation
- ADR-123: Pi 5 / Nexmon production capture, AX210 dev path, ESP32-S3 self-only fallback

Research bundle (docs/research/BFLD/, 13,544 words):
- SOTA survey covering BFId (KIT, ACM CCS 2025) and LeakyBeam (NDSS 2025)
- Architectural soul: defensive sensing primitive, not surveillance lens
- Six-adversary threat model with attack trees and mitigations
- Privacy-gating mechanics with structural cross-site isolation proof
- Automation/integration surface (HA, Matter, MQTT, federation)
- Concrete implementation plan with reuse map
- Evaluation strategy with red-team protocol on KIT BFId dataset
- Draft ADR, GitHub issue, and public gist

Three structural invariants enforced by the type system, not policy:
  I1 — Raw BFI never exits the node
  I2 — Identity embedding is in-RAM-only (no Serialize impl)
  I3 — Cross-site identity correlation is cryptographically impossible
       (per-site BLAKE3 keyed-hash with daily epoch rotation)

References:
  https://publikationen.bibliothek.kit.edu/1000185756 (BFId)
  https://www.ndss-symposium.org/wp-content/uploads/2025-5-paper.pdf (LeakyBeam)

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-24 12:20:52 -04:00

2 Commits