End-to-end deployment fixes that took the two ESP32-S3 sensor boards
(room01, room02) from "boots but DSP frozen, OTA always rolls back" to
"motion/presence/breathing all live, two consecutive OTA round-trips
succeed". Full forensic write-up in docs/adr/ADR-098.
Firmware (firmware/esp32-csi-node/main/):
* csi_collector.c — remove esp_wifi_set_promiscuous(true): this call
silenced the CSI RX callback entirely on this silicon revision
(yield=0pps). Without it, callbacks resume at ~5-10 pps.
* edge_processing.c — root cause: incoming CSI frames carry 192
subcarriers but EDGE_MAX_SUBCARRIERS=128, so the size check
early-returned every frame and Step 8 (motion) never ran. Truncate
to 128 + warn once instead of returning.
* edge_processing.c — replace per-bin unwrapped-phase variance with
temporal variance of per-frame broadband mean amplitude. Empirical
separation on deployed hardware: empty 0.07-0.10, walking 3.5-14
(~44x). Scaled by /3.0 and clamped to [0,1].
* edge_processing.c — biquad fs 20.0 -> 10.0, matching the actual
callback rate (was halving the breathing passband).
* ota_update.c — OTA_WITH_SEQUENTIAL_WRITES -> OTA_SIZE_UNKNOWN to
erase the full target partition (stale tail of the previous larger
image was crashing the new image on boot, looking like rollback).
* ota_update.c — httpd_config_t.stack_size = 8192 (default 4 KB
overflowed in OTA verify path).
* main.c — log esp_reset_reason() and running_partition->label once
at app_main start, so OTA outcomes are visible without guesswork.
* sdkconfig.defaults — local deployment defaults: tier=2, display
disabled (no expander on these boards), 8192 timer stack.
Sensing server (v2/crates/wifi-densepose-sensing-server/):
* src/main.rs — parse_rv_feature_state() for the 0xC5110006
feature_state packet that RuView FW emits by default; this format
was previously unhandled. Wire ahead of parse_esp32_vitals.
* src/main.rs — BaselineTracker with hysteretic motion gating on top
of FW-reported scores, so UI sees clean boolean presence transitions.
* src/main.rs — refuse --source simulate; remove auto-fallback to
synthetic data. Production builds never run on fake signals.
* src/main.rs/csi.rs — parse_csi_lean() for legacy FW 5.47 CSV
packets; defence-in-depth for mistakenly flashed legacy sensors.
Desktop UI (v2/crates/wifi-densepose-desktop/):
* src/commands/discovery.rs — third discovery path: HTTP /status sweep
across the local /24 in parallel with mDNS/UDP. mDNS+UDP-beacon are
not advertised by current RuView FW. Replace sequential
for-task-in-tasks select-with-deadline (which blocked on slow
unrelated IPs) with futures::join_all + overall timeout.
* src/commands/server.rs — pass --bind-addr (was --bind); pass
RUST_LOG env instead of unsupported --log-level; auto-load bundled
wifi-densepose-v1.rvf next to the binary; reasonable defaults
(esp32 source, 0.0.0.0 bind).
* ui/* — keep last good node list when a poll returns 0 (discovery
is jittery on busy LANs); 8 s timeout (was 3 s); remove "simulate"
from DataSource enum and Sensing dropdown; default Sensing source
esp32.
Mobile UI (ui/mobile/):
* constants/websocket.ts — WS_PATH '/ws/sensing' + WS_PORT 8765 to
match the RuView sensing-server's WS endpoint (was the legacy
FastAPI /api/v1/stream/pose).
* services/ws.service.ts — derive WS host from serverUrl but use
WS_PORT; remove simulation fallback paths entirely (no
generateSimulatedData, no startSimulation on reconnect failure).
* stores/settingsStore.ts — serverUrl defaults to
http://100.123.189.10:8080 (deployed Mac's Tailscale IP), so the
phone connects from any network without LAN dependency.
* stores/matStore.ts — default dataSource='real',
simulationAcknowledged=true; no synthetic triage data.
* screens/MATScreen, VitalsScreen — hide simulation overlay/badge.
Docker:
* docker/docker-compose.yml — sensing-server host port 5005 -> 5006
to match the RuView FW's compiled CSI_TARGET_PORT default.
Documentation:
* docs/adr/ADR-098-esp32s3-csi-deployment-fixes.md — full forensic
ADR covering each decision, the empirical numbers that drove it,
the false hypotheses we ruled out along the way, and open items.
Verified on hardware (both nodes):
* motion empty < 0.05 (room01 0.018, room02 0.070)
* motion walking > 0.3 within 1-3 s, saturates at 1.0
* motion decay < 0.1 within 5 s after leaving
* breathing 21-22 BPM detected after ~30 s stationary
* two consecutive OTA round-trips succeed without USB intervention
* discovery finds both sensors via HTTP sweep in <2 s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* security: pin GitHub Actions to SHAs and bump vulnerable npm deps (#442)
Addresses confirmed findings from issue #442 (Pentesterra/DevGuard).
GitHub Actions — pin all third-party Action references in
security-scan.yml and ci.yml to verified commit SHAs (with the
matching version in a trailing comment for legibility):
* snyk/actions/python -> v1.0.0
* aquasecurity/trivy-action -> v0.36.0 (security-scan.yml + ci.yml)
* bridgecrewio/checkov-action -> v12.1347.0
* tenable/terrascan-action -> v1.4.1
* checkmarx/kics-github-action -> v2.1.20 (the action #442 named)
* trufflesecurity/trufflehog -> v3.95.2
Verification:
grep -rE 'uses:.*@(main|master|latest)$' .github/workflows/
returns no matches.
npm deps in ui/mobile — add `overrides` forcing patched versions of
the three packages flagged by the DevGuard scanner, regenerate
package-lock.json:
* @xmldom/xmldom@0.8.11 -> 0.8.13
* node-forge@1.3.3 -> ^1.4.0 (closes 3 HIGH advisories)
* picomatch@2.3.1 -> ^2.3.2 (transitive in jest tooling)
npm audit totals: 25 -> 22 advisories (5 HIGH -> 2 HIGH).
Out of scope for this PR (tracked separately):
* Sensing-server unauth REST API surface — opened as #443
pending design-intent confirmation from @ruvnet.
* Bearer-token-shaped string in git history — confirmed test
seed per repo owner; no rotation required.
Refs: #442
Co-Authored-By: claude-flow <ruv@ruv.net>
* chore: add Dependabot config for github-actions and ui/mobile npm (#442)
Pairs with the SHA pinning from the previous commit so the pinned
versions get automated weekly bumps rather than drifting back to
mutable refs over time.
Scoped to the two ecosystems #442 surfaced findings in:
* github-actions (root) — the supply-chain risk
* npm (ui/mobile) — the @xmldom/xmldom, node-forge, picomatch
advisories
Other ecosystems (pip, cargo, desktop UI npm) deliberately omitted —
they can be added in a separate PR if desired.
Refs: #442
Co-Authored-By: claude-flow <ruv@ruv.net>
* chore(dependabot): expand to pip, cargo, and desktop UI npm (#442)
Broadens the Dependabot config from the initial 2 ecosystems
(github-actions + ui/mobile npm) to cover all 5 package surfaces
in the repo so pinned dependencies stay current across the board:
+ npm /v2/crates/wifi-densepose-desktop/ui (vite advisory live)
+ pip / (requirements.txt loose pins)
+ cargo /v2 (no cargo audit in CI yet)
Marginal cost is zero — Dependabot only opens PRs when an upstream
bump exists, and per-ecosystem pull-request limits cap the noise.
Each ecosystem labelled distinctly so PRs route cleanly.
Refs: #442
Co-Authored-By: claude-flow <ruv@ruv.net>
---------
Co-authored-by: claude-flow <ruv@ruv.net>
Address all 5 P0 issues from QE analysis (55/100 score):
- P0-1: Rate limiter bypass — validate X-Forwarded-For against trusted proxy list
- P0-2: Exception detail leak — generic 500 messages, exception_type gated by dev mode
- P0-3: WebSocket JWT in URL (CWE-598) — first-message auth pattern replaces query param
- P0-4: Rust tests not in CI — add rust-tests job gating docker-build and notify
- P0-5: WebSocket path mismatch — use WS_PATH constant instead of hardcoded /ws/sensing
Includes ADR-080 remediation plan and 9 QE reports (4,914 lines).
Firmware validated on ESP32-S3 (COM8): CSI collecting, calibration OK.
Co-Authored-By: claude-flow <ruv@ruv.net>
The web UI had persistent 404 errors on model, recording, and training
endpoints, and the sensing WebSocket never connected on Dashboard/Live
Demo tabs because sensingService.start() was only called lazily on
Sensing tab visit.
Server (main.rs):
- Add 14 fully-functional Axum handlers: model CRUD (7), recording
lifecycle (4), training control (3)
- Scan data/models/ and data/recordings/ at startup
- Recording writes CSI frames to .jsonl via tokio background task
- Model load/unload lifecycle with state tracking
Web UI (app.js):
- Import and start sensingService early in initializeServices() so
Dashboard and Live Demo tabs connect to /ws/sensing immediately
Mobile (ws.service.ts):
- Fix WebSocket URL builder to use same-origin port instead of
hardcoded port 3001
Mobile (jest.config.js):
- Fix testPathIgnorePatterns that was ignoring the entire test directory
Mobile (25 test files):
- Replace all it.todo() placeholder tests with real implementations
covering components, services, stores, hooks, screens, and utils
ADR-043 documents all changes.
- Docker default changed from --source simulated to --source auto
(auto-detects ESP32 on UDP 5005, falls back to simulation)
- Pose derivation now driven by real sensing features: motion_band_power,
breathing_band_power, variance, dominant_freq_hz, change_points
- Temporal feature extraction: 100-frame circular buffer, Goertzel
breathing rate estimation (0.1-0.5 Hz), frame-to-frame L2 motion
detection, SNR-based signal quality metric
- Signal field driven by subcarrier variance spatial mapping instead
of fixed animation circle
- UI data source indicators: LIVE/RECONNECTING/SIMULATED banner on
sensing tab, estimation mode badge on live demo tab
- Setup guide panel explaining ESP32 count requirements for each
capability level (1x: presence, 3x: localization, 4x+: full pose)
- Tick rate improved from 500ms to 100ms (2fps to 10fps)
- Fixed Option<f64> division bug from PR #83
- ADR-035 documents all decisions
Closes#86
Co-Authored-By: claude-flow <ruv@ruv.net>
- Added IosRssiService to handle synthetic RSSI data for iOS.
- Created WebRssiService to simulate RSSI scanning on the web.
- Defined shared types for WifiNetwork and RssiService in rssi.service.ts.
- Introduced simulation service to generate synthetic sensing data.
- Implemented WebSocket service for real-time data handling with reconnection logic.
- Established Zustand stores for managing application state related to MAT and pose data.
- Developed theme context and utility functions for consistent styling and formatting.
- Added type definitions for various application entities including API responses and sensing data.
- Created utility functions for color mapping and URL validation.
- Configured TypeScript settings for the mobile application.
arsen
Dragan Spiridonov
ruv