vrr/Ruview
2
0
Fork 0
mirror of https://github.com/ruvnet/RuView.git synced 2026-05-20 18:03:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 16
Ruview/verify
rUv 174e2365f0
fix: bug triage for #559, #561, #588 + CI fixes for fuzz/swarm tests (#590) 
* fix: bug triage from issues #559, #561, #588

- verify: point at archive/v1/ proof paths (v1/ was removed)         (#559)
- firmware README: app flash offset 0x10000 -> 0x20000, include
  ota_data_initial.bin at 0xf000, correct provision.py path from
  scripts/ to firmware/esp32-csi-node/                                (#561)
- provision.py: drop password-length leak in console output; print
  (set)/(empty) instead of len(password) asterisks                    (#588)

Co-Authored-By: claude-flow <ruv@ruv.net>

* ci: fix Fuzz Testing + Swarm Test (ADR-062) workflow regressions

Both have been red on main for ~5 weeks; root-causing them so PR #590
can land green rather than merging on top of pre-existing breakage.

- esp_stubs.h: add wifi_ps_type_t enum (WIFI_PS_NONE/MIN/MAX) and
  esp_wifi_set_ps() stub. csi_collector.c:346 added a real
  esp_wifi_set_ps(WIFI_PS_NONE) call to disable modem sleep
  (RuView#521 fix); the host-native fuzz target couldn't link.
- scripts/qemu_swarm.py: pass --force-partial to provision.py.
  The per-node TDM/channel overlay intentionally omits WiFi
  credentials (those live in the base flash image), but the
  issue #391 wifi-trio guard now rejects calls missing the
  --ssid/--password trio. --force-partial is exactly the opt-in
  for this case.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-17 17:00:37 -04:00

220 lines
7.3 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# ======================================================================
# WiFi-DensePose: Trust Kill Switch
#
# One-command proof replay that makes "it is mocked" a falsifiable,
# measurable claim that fails against evidence.
#
# Usage:
# ./verify Run the full proof pipeline
# ./verify --verbose Show detailed feature statistics
# ./verify --audit Also scan codebase for mock/random patterns
#
# Exit codes:
# 0 PASS -- pipeline hash matches published expected hash
# 1 FAIL -- hash mismatch or error
# 2 SKIP -- no expected hash file to compare against
# ======================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROOF_DIR="${SCRIPT_DIR}/archive/v1/data/proof"
VERIFY_PY="${PROOF_DIR}/verify.py"
V1_SRC="${SCRIPT_DIR}/archive/v1/src"
# Colors (disabled if not a terminal)
if [ -t 1 ]; then
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
BOLD='\033[1m'
RESET='\033[0m'
else
RED=''
GREEN=''
YELLOW=''
CYAN=''
BOLD=''
RESET=''
fi
echo ""
echo -e "${BOLD}======================================================================"
echo " WiFi-DensePose: Trust Kill Switch"
echo " One-command proof that the signal processing pipeline is real."
echo -e "======================================================================${RESET}"
echo ""
# ------------------------------------------------------------------
# PHASE 1: Environment checks
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 1] ENVIRONMENT CHECKS${RESET}"
echo ""
ERRORS=0
# Check Python
if command -v python3 &>/dev/null; then
PYTHON=python3
elif command -v python &>/dev/null; then
PYTHON=python
else
echo -e " ${RED}FAIL${RESET}: Python 3 not found. Install python3."
exit 1
fi
PY_VERSION=$($PYTHON --version 2>&1)
echo " Python: $PY_VERSION ($( command -v $PYTHON ))"
# Check numpy
if $PYTHON -c "import numpy; print(f' numpy: {numpy.__version__} ({numpy.__file__})')" 2>/dev/null; then
:
else
echo -e " ${RED}FAIL${RESET}: numpy not installed. Run: pip install numpy"
ERRORS=$((ERRORS + 1))
fi
# Check scipy
if $PYTHON -c "import scipy; print(f' scipy: {scipy.__version__} ({scipy.__file__})')" 2>/dev/null; then
:
else
echo -e " ${RED}FAIL${RESET}: scipy not installed. Run: pip install scipy"
ERRORS=$((ERRORS + 1))
fi
# Check proof files exist
echo ""
if [ -f "${PROOF_DIR}/sample_csi_data.json" ]; then
SIZE=$(wc -c < "${PROOF_DIR}/sample_csi_data.json" | tr -d ' ')
echo " Reference signal: sample_csi_data.json (${SIZE} bytes)"
else
echo -e " ${RED}FAIL${RESET}: Reference signal not found at ${PROOF_DIR}/sample_csi_data.json"
ERRORS=$((ERRORS + 1))
fi
if [ -f "${PROOF_DIR}/expected_features.sha256" ]; then
EXPECTED=$(cat "${PROOF_DIR}/expected_features.sha256" | tr -d '[:space:]')
echo " Expected hash: ${EXPECTED}"
else
echo -e " ${YELLOW}WARN${RESET}: No expected hash file found"
fi
if [ -f "${VERIFY_PY}" ]; then
echo " Verify script: ${VERIFY_PY}"
else
echo -e " ${RED}FAIL${RESET}: verify.py not found at ${VERIFY_PY}"
ERRORS=$((ERRORS + 1))
fi
echo ""
if [ $ERRORS -gt 0 ]; then
echo -e "${RED}Cannot proceed: $ERRORS prerequisite(s) missing.${RESET}"
exit 1
fi
echo -e " ${GREEN}All prerequisites satisfied.${RESET}"
echo ""
# ------------------------------------------------------------------
# PHASE 2: Run the proof pipeline
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 2] PROOF PIPELINE REPLAY${RESET}"
echo ""
# Pass through any flags (--verbose, --audit, --generate-hash)
PIPELINE_EXIT=0
$PYTHON "${VERIFY_PY}" "$@" || PIPELINE_EXIT=$?
echo ""
# ------------------------------------------------------------------
# PHASE 3: Mock/random scan of production codebase
# ------------------------------------------------------------------
echo -e "${CYAN}[PHASE 3] PRODUCTION CODE INTEGRITY SCAN${RESET}"
echo ""
echo " Scanning ${V1_SRC} for np.random.rand / np.random.randn calls..."
echo " (Excluding v1/src/testing/ -- test helpers are allowed to use random.)"
echo ""
MOCK_FINDINGS=0
# Scan for np.random.rand and np.random.randn in production code
# We exclude testing/ directories
while IFS= read -r line; do
if [ -n "$line" ]; then
echo -e " ${YELLOW}FOUND${RESET}: $line"
MOCK_FINDINGS=$((MOCK_FINDINGS + 1))
fi
done < <(
find "${V1_SRC}" -name "*.py" -type f \
! -path "*/testing/*" \
! -path "*/tests/*" \
! -path "*/test/*" \
! -path "*__pycache__*" \
-exec grep -Hn 'np\.random\.rand\b\|np\.random\.randn\b' {} \; 2>/dev/null || true
)
if [ $MOCK_FINDINGS -eq 0 ]; then
echo -e " ${GREEN}CLEAN${RESET}: No np.random.rand/randn calls in production code."
else
echo ""
echo -e " ${YELLOW}WARNING${RESET}: Found ${MOCK_FINDINGS} random generator call(s) in production code."
echo " These should be reviewed -- production signal processing should"
echo " never generate random data."
fi
echo ""
# ------------------------------------------------------------------
# FINAL SUMMARY
# ------------------------------------------------------------------
echo -e "${BOLD}======================================================================${RESET}"
if [ $PIPELINE_EXIT -eq 0 ]; then
echo ""
echo -e " ${GREEN}${BOLD}RESULT: PASS${RESET}"
echo ""
echo " The production pipeline replayed the published reference signal"
echo " and produced a SHA-256 hash that MATCHES the published expected hash."
echo ""
echo " What this proves:"
echo " - The signal processing code is REAL (not mocked)"
echo " - The pipeline is DETERMINISTIC (same input -> same hash)"
echo " - The code path includes: noise filtering, Hamming windowing,"
echo " amplitude normalization, FFT-based Doppler extraction,"
echo " and power spectral density computation via scipy.fft"
echo " - No randomness was injected (the hash is exact)"
echo ""
echo " To falsify: change any signal processing code and re-run."
echo " The hash will break. That is the point."
echo ""
if [ $MOCK_FINDINGS -eq 0 ]; then
echo -e " Mock scan: ${GREEN}CLEAN${RESET} (no random generators in production code)"
else
echo -e " Mock scan: ${YELLOW}${MOCK_FINDINGS} finding(s)${RESET} (review recommended)"
fi
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 0
elif [ $PIPELINE_EXIT -eq 2 ]; then
echo ""
echo -e " ${YELLOW}${BOLD}RESULT: SKIP${RESET}"
echo ""
echo " No expected hash file to compare against."
echo " Run: python v1/data/proof/verify.py --generate-hash"
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 2
else
echo ""
echo -e " ${RED}${BOLD}RESULT: FAIL${RESET}"
echo ""
echo " The pipeline hash does NOT match the expected hash."
echo " Something changed in the signal processing code."
echo ""
echo -e "${BOLD}======================================================================${RESET}"
exit 1
fi
Reference in a new issue View git blame Copy permalink