4bb0b87465
feat: ADR-080 P1+P2 remediation — refactor, perf, tests, safety
...
P1 fixes (this sprint):
- P1-6: Extract sensing-server modules (cli, types, csi, pose) from main.rs
- P1-7: DDA ray march for tomography — O(max(n)) replaces O(n^3) voxel scan
- P1-8: Batch neural inference — Tensor::stack/split for single GPU call
- P1-10: Eliminate 112KB/frame alloc — islice replaces deque→list copy
P2 fixes (this quarter):
- P2-11: Python unit tests for 8 modules (rate_limit, auth, error_handler,
pose_service, stream_service, hardware_service, health_check, metrics)
- P2-13: MAT simulated data safety guard — blocking overlay + pulsing banner
- P2-14: Wire token blacklist into auth verification + logout endpoint
- P2-15: Frame budget benchmark — confirms pipeline well under 50ms budget
Addresses 8 of 10 remaining issues from QE analysis (ADR-080).
Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-06 17:01:07 -04:00
924c32547e
fix: ADR-080 P0 security + CI remediation from QE analysis
...
Address all 5 P0 issues from QE analysis (55/100 score):
- P0-1: Rate limiter bypass — validate X-Forwarded-For against trusted proxy list
- P0-2: Exception detail leak — generic 500 messages, exception_type gated by dev mode
- P0-3: WebSocket JWT in URL (CWE-598) — first-message auth pattern replaces query param
- P0-4: Rust tests not in CI — add rust-tests job gating docker-build and notify
- P0-5: WebSocket path mismatch — use WS_PATH constant instead of hardcoded /ws/sensing
Includes ADR-080 remediation plan and 9 QE reports (4,914 lines).
Firmware validated on ESP32-S3 (COM8): CSI collecting, calibration OK.
Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-06 16:12:13 -04:00
7afdad0723
security: Fix 10 vulnerabilities, remove 12 dead code instances
...
Critical fixes:
- Remove hardcoded admin/admin123 credentials from UserManager
- Enable JWT signature verification (was disabled for debugging)
- Redact secrets from /dev/config endpoint (was exposing os.environ)
- Remove hardcoded SSH admin/admin credentials from hardware service
- Add channel validation to prevent command injection in router interface
Rust fixes:
- Replace partial_cmp().unwrap() with .unwrap_or(Equal) to prevent
NaN panics in 6 locations across core, signal, nn, mat crates
- Replace .expect()/.unwrap() with safe fallbacks in utils, csi_receiver
- Replace SystemTime unwrap with unwrap_or_default
Dead code removed:
- Duplicate imports (CORSMiddleware, os, Path, ABC, subprocess)
- Unused AdaptiveRateLimit/RateLimitStorage/RedisRateLimitStorage (~110 lines)
- Unused _log_authentication_event method
- Unused Confidence::new_unchecked in Rust
- Fix bare except: clause to except Exception:
https://claude.ai/code/session_01Ki7pvEZtJDvqJkmyn6B714
2026-02-28 07:04:22 +00:00
6ed69a3d48
feat: Complete Rust port of WiFi-DensePose with modular crates
...
Major changes:
- Organized Python v1 implementation into v1/ subdirectory
- Created Rust workspace with 9 modular crates:
- wifi-densepose-core: Core types, traits, errors
- wifi-densepose-signal: CSI processing, phase sanitization, FFT
- wifi-densepose-nn: Neural network inference (ONNX/Candle/tch)
- wifi-densepose-api: Axum-based REST/WebSocket API
- wifi-densepose-db: SQLx database layer
- wifi-densepose-config: Configuration management
- wifi-densepose-hardware: Hardware abstraction
- wifi-densepose-wasm: WebAssembly bindings
- wifi-densepose-cli: Command-line interface
Documentation:
- ADR-001: Workspace structure
- ADR-002: Signal processing library selection
- ADR-003: Neural network inference strategy
- DDD domain model with bounded contexts
Testing:
- 69 tests passing across all crates
- Signal processing: 45 tests
- Neural networks: 21 tests
- Core: 3 doc tests
Performance targets:
- 10x faster CSI processing (~0.5ms vs ~5ms)
- 5x lower memory usage (~100MB vs ~500MB)
- WASM support for browser deployment
2026-01-13 03:11:16 +00:00
ruv
Claude