Address all 5 P0 issues from QE analysis (55/100 score):
- P0-1: Rate limiter bypass — validate X-Forwarded-For against trusted proxy list
- P0-2: Exception detail leak — generic 500 messages, exception_type gated by dev mode
- P0-3: WebSocket JWT in URL (CWE-598) — first-message auth pattern replaces query param
- P0-4: Rust tests not in CI — add rust-tests job gating docker-build and notify
- P0-5: WebSocket path mismatch — use WS_PATH constant instead of hardcoded /ws/sensing
Includes ADR-080 remediation plan and 9 QE reports (4,914 lines).
Firmware validated on ESP32-S3 (COM8): CSI collecting, calibration OK.
Co-Authored-By: claude-flow <ruv@ruv.net>
Production code:
- pose_service.py: real uptime tracking (_start_time), real calibration
state machine (_calibration_in_progress, _calibration_id), proper
get_calibration_status() using elapsed time, uptime in health_check()
- health.py: _APP_START_TIME module constant for real uptime_seconds
- dependencies.py: remove TODO, document JWT config requirement clearly
ADR-017 status: Proposed → Accepted (all 7 integrations complete)
Test fixes (170 unit tests — 0 failures):
- Fix hardcoded /workspaces/wifi-densepose devcontainer paths in 4 files;
replaced with os.path relative to __file__
- test_csi_extractor_tdd/standalone: update ESP32 fixture to provide
correct 3×56 amplitude+phase values (was only 3 values)
- test_csi_standalone/tdd_complete: Atheros tests now expect
CSIExtractionError (implementation raises it correctly)
- test_router_interface_tdd: register module in sys.modules so
patch('src.hardware.router_interface...') resolves; fix
test_should_parse_csi_response to expect RouterConnectionError
- test_csi_processor: rewrite to use actual preprocess_csi_data /
extract_features API with proper CSIData fixtures; fix constructor
- test_phase_sanitizer: fix constructor (requires config), rename
sanitize() → sanitize_phase(), fix empty-data fixture (use 2D array),
fix phase data to stay within [-π, π] validation range
Proof bundle: PASS — SHA-256 hash matches, no random patterns in prod code
https://claude.ai/code/session_01BSBAQJ34SLkiJy4A8SoiL4
- .github/workflows/verify-pipeline.yml: CI that verifies pipeline
determinism and checks for np.random in production code
- ui/components/body-model.js: Three.js 3D human body model with
24 DensePose body parts mapped to 3D geometry
- v1/requirements-lock.txt: Minimal pinned dependencies for verification
- v1/src/api/dependencies.py: Fix mock auth returns with proper errors
- v1/src/core/router_interface.py: Additional mock mode cleanup
- v1/src/services/pose_service.py: Further mock elimination in service
https://claude.ai/code/session_01Ki7pvEZtJDvqJkmyn6B714
ruv
Claude