wifi-densepose

Commit Graph

Author	SHA1	Message	Date
ruv	c965e3e6c0	feat(adr-118/p1): scaffold wifi-densepose-bfld crate + frame header (3/3 tests GREEN) Land P1 of the BFLD rollout — the wire-format primitives: - New workspace member: v2/crates/wifi-densepose-bfld - PrivacyClass enum (Raw/Derived/Anonymous/Restricted) with allows_network() and allows_matter() const helpers reflecting ADR-120 §2.2 and ADR-122 §2.4 - BfldFrameHeader (#[repr(C, packed)]) per ADR-119 §2.1 - BFLD_MAGIC = 0xBF1D_0001, BFLD_VERSION = 1 - BfldError variants for InvalidMagic / UnsupportedVersion / Crc / PrivacyViolation - soul-signature cargo feature (gated, default OFF) per ADR-118 §1.4 - Compile-time size assertion via static_assertions::const_assert_eq! - 3 acceptance tests in tests/frame_header_size.rs (all pass) Bug fix: - ADR-119 AC1 claimed BfldFrameHeader is 40 bytes. Actual packed layout sums to 86 bytes. Updated AC1 and §2.1 prose to match. const_assert in frame.rs pins the value structurally — a future field addition that breaks the size fails to compile. Out of scope for this iter (deferred to later P1 commits): - Field-level missing-docs warnings (21) — addressed alongside accessor helpers - Payload section parsing — needs the section-length prefix tests - Round-trip serialize/parse — covered by a fixture-based test in the next iter cargo test -p wifi-densepose-bfld --no-default-features → 3 passed, 0 failed Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-24 13:34:05 -04:00
ruv	29233db6d5	docs(adr-118): BFLD — Beamforming Feedback Layer for Detection (6 ADRs + research bundle) Introduce the Beamforming Feedback Layer for Detection: the RuView safety layer that ingests WiFi BFI, measures identity-leakage risk, and structurally prevents identity-correlated data from leaving the node by default. ADRs (6): - ADR-118: umbrella decision, crate scaffolding, 6-phase rollout (~10.5 wk) - ADR-119: BfldFrame wire format, magic 0xBF1D_0001, deterministic serialization - ADR-120: 4 privacy classes, BLAKE3 keyed-hash rotation, #[must_classify] default-deny - ADR-121: 9-feature identity-risk scoring, coherence gate with hysteresis - ADR-122: 6 HA entities, 3 Matter clusters, mosquitto ACL, cognitum-v0 federation - ADR-123: Pi 5 / Nexmon production capture, AX210 dev path, ESP32-S3 self-only fallback Research bundle (docs/research/BFLD/, 13,544 words): - SOTA survey covering BFId (KIT, ACM CCS 2025) and LeakyBeam (NDSS 2025) - Architectural soul: defensive sensing primitive, not surveillance lens - Six-adversary threat model with attack trees and mitigations - Privacy-gating mechanics with structural cross-site isolation proof - Automation/integration surface (HA, Matter, MQTT, federation) - Concrete implementation plan with reuse map - Evaluation strategy with red-team protocol on KIT BFId dataset - Draft ADR, GitHub issue, and public gist Three structural invariants enforced by the type system, not policy: I1 — Raw BFI never exits the node I2 — Identity embedding is in-RAM-only (no Serialize impl) I3 — Cross-site identity correlation is cryptographically impossible (per-site BLAKE3 keyed-hash with daily epoch rotation) References: https://publikationen.bibliothek.kit.edu/1000185756 (BFId) https://www.ndss-symposium.org/wp-content/uploads/2025-5-paper.pdf (LeakyBeam) Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-24 12:20:52 -04:00

Author

SHA1

Message

Date

ruv

c965e3e6c0

feat(adr-118/p1): scaffold wifi-densepose-bfld crate + frame header (3/3 tests GREEN)

Land P1 of the BFLD rollout — the wire-format primitives:

- New workspace member: v2/crates/wifi-densepose-bfld
- PrivacyClass enum (Raw/Derived/Anonymous/Restricted) with allows_network()
  and allows_matter() const helpers reflecting ADR-120 §2.2 and ADR-122 §2.4
- BfldFrameHeader (#[repr(C, packed)]) per ADR-119 §2.1
- BFLD_MAGIC = 0xBF1D_0001, BFLD_VERSION = 1
- BfldError variants for InvalidMagic / UnsupportedVersion / Crc / PrivacyViolation
- soul-signature cargo feature (gated, default OFF) per ADR-118 §1.4
- Compile-time size assertion via static_assertions::const_assert_eq!
- 3 acceptance tests in tests/frame_header_size.rs (all pass)

Bug fix:
- ADR-119 AC1 claimed BfldFrameHeader is 40 bytes. Actual packed layout sums
  to 86 bytes. Updated AC1 and §2.1 prose to match. const_assert in frame.rs
  pins the value structurally — a future field addition that breaks the size
  fails to compile.

Out of scope for this iter (deferred to later P1 commits):
- Field-level missing-docs warnings (21) — addressed alongside accessor helpers
- Payload section parsing — needs the section-length prefix tests
- Round-trip serialize/parse — covered by a fixture-based test in the next iter

cargo test -p wifi-densepose-bfld --no-default-features → 3 passed, 0 failed

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-24 13:34:05 -04:00

ruv

29233db6d5

docs(adr-118): BFLD — Beamforming Feedback Layer for Detection (6 ADRs + research bundle)

Introduce the Beamforming Feedback Layer for Detection: the RuView safety layer
that ingests WiFi BFI, measures identity-leakage risk, and structurally prevents
identity-correlated data from leaving the node by default.

ADRs (6):
- ADR-118: umbrella decision, crate scaffolding, 6-phase rollout (~10.5 wk)
- ADR-119: BfldFrame wire format, magic 0xBF1D_0001, deterministic serialization
- ADR-120: 4 privacy classes, BLAKE3 keyed-hash rotation, #[must_classify] default-deny
- ADR-121: 9-feature identity-risk scoring, coherence gate with hysteresis
- ADR-122: 6 HA entities, 3 Matter clusters, mosquitto ACL, cognitum-v0 federation
- ADR-123: Pi 5 / Nexmon production capture, AX210 dev path, ESP32-S3 self-only fallback

Research bundle (docs/research/BFLD/, 13,544 words):
- SOTA survey covering BFId (KIT, ACM CCS 2025) and LeakyBeam (NDSS 2025)
- Architectural soul: defensive sensing primitive, not surveillance lens
- Six-adversary threat model with attack trees and mitigations
- Privacy-gating mechanics with structural cross-site isolation proof
- Automation/integration surface (HA, Matter, MQTT, federation)
- Concrete implementation plan with reuse map
- Evaluation strategy with red-team protocol on KIT BFId dataset
- Draft ADR, GitHub issue, and public gist

Three structural invariants enforced by the type system, not policy:
  I1 — Raw BFI never exits the node
  I2 — Identity embedding is in-RAM-only (no Serialize impl)
  I3 — Cross-site identity correlation is cryptographically impossible
       (per-site BLAKE3 keyed-hash with daily epoch rotation)

References:
  https://publikationen.bibliothek.kit.edu/1000185756 (BFId)
  https://www.ndss-symposium.org/wp-content/uploads/2025-5-paper.pdf (LeakyBeam)

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-24 12:20:52 -04:00

2 Commits