Strong concern #7 (PR #405): default HTTP bind leaked camera/CSI/vitals
to the LAN. The `serve` fn now takes a single `bind` arg and prints a
loud WARNING when bound outside loopback.
Strong concern #10 (PR #405): embedded HTML+JS was ~220 LOC of the 418
LOC stream.rs. Moved the markup verbatim into viewer.html and inlined
via `include_str!("viewer.html")`. Also:
- Drop the #![allow(dead_code)] crate-level silencing (reviewer point
#11). Remove the now-unused AppState.csi_pipeline field.
- capture_camera_cloud_with_luminance returns the mean luminance of the
captured frame; the background loop feeds that to
CsiPipelineState::set_light_level so the night-mode flag actually
toggles at runtime (previously it could only be set from tests).
Net effect on file size: stream.rs 418 → 232 LOC.
Co-Authored-By: claude-flow <ruv@ruv.net>
File-split (strong concern #9 in PR #405 review): csi_pipeline.rs was 602
LOC; extract the pure-function ADR-018 parser + synthetic frame builder
into src/parser.rs. Inline unit tests in parser.rs cover:
- 0xC5110001 (raw CSI, v1) roundtrip
- 0xC5110006 (feature state, v6) roundtrip
- wrong magic is rejected
- truncated header is rejected
- truncated payload is rejected
main.rs: expose `fingerprint NAME [--seconds N]` subcommand wiring
record_fingerprint() (this was the only caller needed to make the public
API non-dead on the runtime path). Also:
- Replace `--host/--port` + external `--csi` with a single `--bind`
defaulting to loopback (`127.0.0.1:9880`) — addresses strong concern
#7 about exposing camera/CSI/vitals by default.
- Update synthetic `csi-test` to target UDP 3333 (matching the ADR-018
listener) and use the shared parser::build_test_frame.
- Defence-in-depth: call training::sanitize_data_path on the expanded
--data-dir before TrainingSession::new does the same.
Co-Authored-By: claude-flow <ruv@ruv.net>
Blocker 3 (PR #405 review): The "WiFlow inference" path was a stub that
built a model from empty weight vectors and synthesised keypoints from
amplitude energy. Presenting this as "WiFlow inference" was misleading.
- Rename WiFlowModel to PoseModelMetadata (empty tag struct; we only care
if the on-disk file exists)
- Rename load_wiflow_model() -> detect_pose_model_metadata() and log
"amplitude-energy heuristic enabled/disabled" (no "WiFlow" claim)
- Rename estimate_pose() -> heuristic_pose_from_amplitude() with
prominent `STUB:` doc comment saying this is NOT a trained model
Blocker 4 (PR #405 review): The UDP receiver held the shared Arc<Mutex>
across a synchronous process_frame() call, starving HTTP handlers.
- Introduce a std::sync::mpsc channel between the UDP thread (which only
parses + pushes) and a dedicated processor thread (which locks only
briefly around a single process_frame). HTTP snapshots via
get_pipeline_output no longer contend with the socket read loop.
Also:
- Move ADR-018 parser to parser.rs (see next commit); csi_pipeline re-exports
- send_test_frames now uses parser::build_test_frame for synthetic frames
- Log a one-line node stats summary every 500 frames (reads every public
CsiFrame field on the runtime path)
Co-Authored-By: claude-flow <ruv@ruv.net>
- brain_bridge.rs: replace `Handle::current().block_on(...)` inside async fn
with `.await` (was a guaranteed "runtime within runtime" panic). Brain URL
now read from RUVIEW_BRAIN_URL env var (default http://127.0.0.1:9876),
logged once via OnceLock.
- wifi-densepose-geo: rename Cargo package from `ruview-geo` to
`wifi-densepose-geo` to match directory and workspace conventions. Update
all use sites (tests/examples/README). Same env-var pattern for brain URL
in brain.rs + temporal.rs.
- training.rs: add sanitize_data_path() rejecting `..` components and
safe_join() that canonicalises + enforces base-dir containment on every
write (calibration.json, samples.json, preference_pairs.jsonl,
occupancy_calibration.json). Defence-in-depth check also in main.rs
before TrainingSession::new.
- osm.rs: clamp Overpass radius to MAX_RADIUS_M=5000m; return Err beyond
that. Add parse_overpass_json() that rejects malformed payloads
(missing top-level `elements` array).
Co-Authored-By: claude-flow <ruv@ruv.net>
Renumbered provisioning tool ADR from 044 to 050 to avoid conflict
with geospatial satellite integration ADR-044.
Co-Authored-By: claude-flow <ruv@ruv.net>
Add COCO skeleton rendering with yellow keypoint spheres and white bone
lines, info panel sections for weather/buildings/CSI rate/confidence,
overhead camera at (0,2,-4), and denser point size with sizeAttenuation.
Co-Authored-By: claude-flow <ruv@ruv.net>
- OSM: use inclusive building filter with relation query and 25s timeout
- SRTM: switch to NASA public mirror with viewfinderpanoramas fallback
- Add detect_tile_changes() for pixel-diff satellite change detection
- Add is_night() solar-declination model for CSI-only night mode
- 6 new unit tests (night mode + tile change detection)
Co-Authored-By: claude-flow <ruv@ruv.net>
Extended geospatial data sources leveraging ruvector's existing web_ingest
and Common Crawl support for hyperlocal context.
Co-Authored-By: claude-flow <ruv@ruv.net>
Stores room scan summaries, motion events, and vital signs
in the ruOS brain as memories. Only syncs every 120 frames
(~60 seconds) to keep the brain sparse and optimized.
Categories: spatial-observation, spatial-motion, spatial-vitals.
Co-Authored-By: claude-flow <ruv@ruv.net>
- MiDaS depth server: PyTorch on CUDA, real monocular depth estimation
- Rust server calls MiDaS via HTTP for neural depth (falls back to luminance)
- Serial CSI reader for ESP32 with motion detection + presence estimation
- CSI disabled by default (RUVIEW_CSI=1 to enable) — serial reader needs baud config
- Edge-enhanced depth for better object boundaries
- All sensors wired: camera, ESP32 CSI, mmWave (CSI gated until serial fixed)
Co-Authored-By: claude-flow <ruv@ruv.net>
- Server captures from /dev/video0 at 2fps via ffmpeg
- Background tokio task refreshes cloud + splats every 500ms
- Viewer polls /api/splats every 500ms, only updates on new frame
- Shows 🟢 LIVE / 🔴 DEMO indicator
- Camera position set for first-person view (looking forward into scene)
- Downsample 4x for performance (19,200 points per frame)
- Graceful fallback to demo data if camera capture fails
Co-Authored-By: claude-flow <ruv@ruv.net>
Three new modules added to wifi-densepose-pointcloud:
1. camera.rs — Cross-platform camera capture
- macOS: AVFoundation via Swift, ffmpeg avfoundation
- Linux: V4L2, ffmpeg v4l2
- Camera detection, listing, frame capture to RGB
- Graceful fallback to synthetic data when no camera
2. csi.rs — WiFi CSI receiver for ESP32 nodes
- UDP listener for CSI JSON frames from ESP32
- Per-link attenuation tracking with EMA smoothing
- Simplified RF tomography (backprojection to occupancy grid)
- Test frame sender for development without hardware
- Ready for real ESP32 CSI data from ruvzen
3. training.rs — Calibration and training pipeline
- Depth calibration: grid search over scale/offset/gamma
- Occupancy training: threshold optimization for presence detection
- Ground truth reference points for depth RMSE measurement
- Preference pair export (JSONL) for DPO training on ruOS brain
- Brain integration: submit observations as memories
- Persistent calibration files (JSON)
New CLI commands:
ruview-pointcloud cameras # list available cameras
ruview-pointcloud train # run calibration + training
ruview-pointcloud csi-test # send test CSI frames
ruview-pointcloud serve --csi # serve with live CSI input
All tested: demo, training (10 samples, 4 reference points, 3 pairs),
CSI receiver (50 test frames), server API.
Co-Authored-By: claude-flow <ruv@ruv.net>
Users on multi-node ESP32 deployments have been reporting for months
that their provisioned `node_id` reverts to the Kconfig default of `1`
in UDP frames and the `csi_collector` init log, despite boot showing:
nvs_config: NVS override: node_id=4
main: ESP32-S3 CSI Node (ADR-018) - Node ID: 4
csi_collector: CSI collection initialized (node_id=1, channel=11)
See #232, #375, #385, #386, #390. The root memory-corruption path for
the `g_nvs_config.node_id` byte has not been definitively isolated
(does not reproduce on my attached ESP32-S3 running current source
and the v0.6.0 release binary), but the UDP frame header can be made
tamper-proof regardless:
1. `csi_collector_init()` now captures `g_nvs_config.node_id` into a
module-local `static uint8_t s_node_id` at init time.
2. `csi_serialize_frame()` reads `buf[4]` from `s_node_id`, not from
the global - so any later corruption of `g_nvs_config` cannot
affect outgoing CSI frames.
3. All other consumers (`edge_processing.c` x3, `wasm_runtime.c`,
`display_ui.c`, `main.c swarm_bridge_init`) now go through a new
`csi_collector_get_node_id()` accessor instead of reading the
global directly.
4. A canary at end-of-init logs `WARN` if `g_nvs_config.node_id`
already diverges from the captured value - this will pinpoint
the corruption path if it happens on a user's device.
Hardware validation on attached ESP32-S3 (COM8):
- NVS loads node_id=2
- Boot log: `main: ... Node ID: 2`
- NEW log: `csi_collector: Captured node_id=2 at init (defensive
copy for #232/#375/#385/#390)`
- Init log: `csi_collector: CSI collection initialized (node_id=2)`
- UDP frame byte[4] = 2 (verified via socket sniffer, 15/15 packets)
This is defense in depth - it shields the UDP frame from whatever
upstream bug is clobbering the struct. When a user hits the original
bug, the canary WARN will help isolate the root cause.
Refs #232#375#385#386#390
Co-Authored-By: claude-flow <ruv@ruv.net>
* fix: provision.py esptool v5 syntax + refuse partial NVS flashes (#391)
Bug 1: `write_flash` -> `write-flash` for esptool v5.x compat
- Actual flash command (flash_nvs, line 153) was already fixed
- Dry-run manual-flash hint (line 301) still printed old syntax
Bug 2: Refuse partial invocations that would silently wipe NVS
- provision.py flashes a fresh NVS binary at offset 0x9000, which
REPLACES the entire csi_cfg namespace. Any key not passed on the
CLI is erased.
- Previously: `provision.py --port COM8 --target-port 5005` would
silently wipe ssid, password, target_ip, node_id, etc., causing
"Retrying WiFi connection (10/10)" in the field.
- Now: refuse unless all of --ssid/--password/--target-ip provided,
or --force-partial is set (prints warning listing wiped keys).
Validation:
- Dry-run: binary generates to 24576 bytes, hint uses write-flash
- Safety check: partial invocation rejected with clear message
- Force-partial: warning lists keys that will be wiped
- Hardware: esptool v5.1.0 `read-flash 0x9000 0x100` works on
attached ESP32-S3 (COM8); NVS preserved, device reconnected at
192.168.1.104 with node_id=2 intact after reset.
Co-Authored-By: claude-flow <ruv@ruv.net>
* docs: CHANGELOG catch-up for v0.5.5, v0.6.0, v0.7.0 (#367)
The changelog was stale at v0.5.4 — three releases were cut without
updating it. Added full entries for each, plus an [Unreleased] block
for the #391 provision.py fixes.
version.txt correctly stays at 0.6.0 — v0.7.0 was a model/pipeline
release, not a new firmware binary. Latest firmware is v0.6.0-esp32.
Closes#367
Co-Authored-By: claude-flow <ruv@ruv.net>
- Add v0.7.0 section with 92.9% PCK@20 result and new scripts
- Add camera-supervised training section to user guide with step-by-step
- Update release table (v0.7.0 as latest)
- Update ADR count (62 → 79)
- Update beta notice with camera ground-truth link
Co-Authored-By: claude-flow <ruv@ruv.net>
- Add activation clamping [-10, 10] in TCN forward pass to prevent NaN
from real CSI amplitude ranges after normalization
- Add safe sigmoid with input clamping [-20, 20]
- Add scripts/record-csi-udp.py: lightweight ESP32 CSI UDP recorder
Validated on real paired data (345 samples):
ESP32 CSI: 7,000 frames at 23fps from COM8
Mac camera: 6,470 frames at 22fps via MediaPipe
PCK@20: 92.8% | Eval loss: 0.083 | Bone loss: 0.008
Co-Authored-By: claude-flow <ruv@ruv.net>
Address all 5 P0 issues from QE analysis (55/100 score):
- P0-1: Rate limiter bypass — validate X-Forwarded-For against trusted proxy list
- P0-2: Exception detail leak — generic 500 messages, exception_type gated by dev mode
- P0-3: WebSocket JWT in URL (CWE-598) — first-message auth pattern replaces query param
- P0-4: Rust tests not in CI — add rust-tests job gating docker-build and notify
- P0-5: WebSocket path mismatch — use WS_PATH constant instead of hardcoded /ws/sensing
Includes ADR-080 remediation plan and 9 QE reports (4,914 lines).
Firmware validated on ESP32-S3 (COM8): CSI collecting, calibration OK.
Co-Authored-By: claude-flow <ruv@ruv.net>
Add --scale flag with 4 presets for dataset-appropriate sizing:
lite: ~190K params, 2 TCN blocks k=3 (trains in seconds)
small: ~200K params, 4 TCN blocks k=5 (trains in minutes)
medium: ~800K params, 4 TCN blocks k=7 (trains in ~15 min)
full: ~7.7M params, 4 TCN blocks k=7 (trains in hours)
Refactored model to use dynamic TCN block count, kernel size,
channel widths, hidden dim, and SPSA perturbation count — all
driven by the scale preset. Default is 'lite' for fast iteration.
Validated: lite model completes 30 epochs on 265 samples in ~2 min
on Windows CPU (vs stuck at epoch 1 with full model).
Scale up with: --scale small|medium|full as dataset grows.
Co-Authored-By: claude-flow <ruv@ruv.net>
- ADR-079: strip SSH user/IP from optimization description
- mac-mini-train.sh: replace hardcoded IP with env var WINDOWS_HOST
Co-Authored-By: claude-flow <ruv@ruv.net>
Add 4 ruvector-inspired optimizations to the training pipeline:
- O6: Subcarrier selection (ruvector-solver) — variance-based top-K
selection reduces 128→56 subcarriers (56% input reduction)
- O7: Attention-weighted subcarriers (ruvector-attention) — motion-
correlated weighting amplifies informative channels
- O8: Stoer-Wagner min-cut person separation (ruvector-mincut) —
identifies person-specific subcarrier clusters via correlation
graph partitioning for multi-person training
- O9: Multi-SPSA gradient estimation — K=3 perturbations per step
reduces gradient variance by sqrt(3) vs single SPSA
Also fixes data loader to accept both `kp`/`keypoints` field names
and flat CSI arrays with `csi_shape`, and scalar `conf` values.
Co-Authored-By: claude-flow <ruv@ruv.net>
- Add version.txt (0.6.0) read by CMakeLists.txt so
esp_app_get_description()->version matches the release tag
- Log firmware version on boot: "v0.6.0 — Node ID: X"
- Remove stale Kconfig help text (said default 2.0, actual is 15.0)
Fixes the version mismatch reported in #354 where flashing v0.5.3
binaries showed v0.4.3 because PROJECT_VER was never set.
Co-Authored-By: claude-flow <ruv@ruv.net>
JSON.stringify fails on 1M+ triplets. Training succeeded (33.3%
improvement) but export crashed. Now skips export when >100K triplets.
Co-Authored-By: claude-flow <ruv@ruv.net>
