Previous `cargo test --workspace --no-default-features` was doubly broken:
1. --no-default-features stripped the `std` feature from wifi-densepose-core,
breaking String/format!/etc. in crates that feature-gate std.
2. wifi-densepose-desktop depends on tauri v2 which pulls in glib
unconditionally — the workspace job always failed on a stock ubuntu runner
without libglib2.0-dev installed.
Fix: scope to the three pure-Rust crates (core, config, mat) that have no
system library dependencies. Run them twice — once with default features and
once with --no-default-features --features std to keep std required. Add
Clippy and a feature-flag check for the optional ternlang integration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Address all 5 P0 issues from QE analysis (55/100 score):
- P0-1: Rate limiter bypass — validate X-Forwarded-For against trusted proxy list
- P0-2: Exception detail leak — generic 500 messages, exception_type gated by dev mode
- P0-3: WebSocket JWT in URL (CWE-598) — first-message auth pattern replaces query param
- P0-4: Rust tests not in CI — add rust-tests job gating docker-build and notify
- P0-5: WebSocket path mismatch — use WS_PATH constant instead of hardcoded /ws/sensing
Includes ADR-080 remediation plan and 9 QE reports (4,914 lines).
Firmware validated on ESP32-S3 (COM8): CSI collecting, calibration OK.
Co-Authored-By: claude-flow <ruv@ruv.net>
eriirfos-eng
ruv