* feat(ADR-262 P3): live RuField surface — RuView sensing speaks RuField on /api/field + /ws/field
Wire the P1 `wifi-densepose-rufield` bridge into the live
`wifi-densepose-sensing-server` so the governed sensing cycle emits real
signed RuField `FieldEvent`s on two additive endpoints.
- Cargo: add the `wifi-densepose-rufield` path dep (the single coupling
point, ADR-262 §5.4 — no new RuView-internal coupling).
- New `src/rufield_surface.rs` (kept out of the 8k-line main.rs):
`FieldSurface` holds a dedicated ed25519 `Signer` + a bounded ring of
recent events + the `/ws/field` broadcast topic; `GET /api/field` and
`GET /ws/field` handlers; a standalone `router()` for isolated testing.
- Signer (defers the P2 key decision, ADR-262 §8 Q1): a STANDALONE
dev/sensing key from `WDP_RUFIELD_SIGNING_SEED`, else a deterministic
dev default with a logged WARN. Reusing the `cog-ha-matter` Ed25519
key is the deferred P2 call — P3 does not pre-empt it.
- Tap: at the ESP32 governed-trust cycle (`main.rs` ~5886 observe_cycle
/ ~5938 SensingUpdate build), `emit_rufield_event` joins the cycle's
features/classification/signal_field with the engine's
effective_class/demoted trust state into a `SensingSnapshot` and
surfaces it via the bridge. Existing endpoints (`/ws/sensing` etc.)
are unchanged — purely additive.
- Privacy egress: `network_egress_allowed` is fail-closed for an
unattended live surface — only P1/P2 leave the box; P0 raw and
P3/P4/P5 (identity/biometric/aggregate) are held edge-local. A
`Derived` cycle maps to P4/P5 and never surfaces.
- No-phantom: `emit` drops no-presence cycles (no fabricated events).
Gates (tests/rufield_surface_test.rs, tower::oneshot, 4/0): well-formed
signed event (WifiCsi, P2 not P1, is_fusable, real timestamp); empty
cycle → no phantom; Derived trust never surfaces; mixed stream surfaces
only egress-safe events.
Honesty (ADR-262 §0/§6): real plumbing on a live endpoint, NOT accuracy.
Single-link CSI with its existing caveats (no validated room-coordinate
accuracy); dedicated dev signing key pending the P2 ownership decision;
no accuracy claim.
Co-Authored-By: claude-flow <ruv@ruv.net>
* docs(ADR-262 P3): mark P1+P3 implemented; document /api/field + /ws/field; CHANGELOG
- ADR-262 Status → "P1 + P3 implemented"; add a P3 implementation-status
block (tap site, endpoints, dedicated dev signer deferring the §8 Q1
key decision, fail-closed egress, gates). Keep the honesty framing:
real plumbing on a live endpoint, not accuracy.
- CHANGELOG [Unreleased]: add the ADR-262 P3 entry.
- user-guide: add `/api/field` to the REST table + a "RuField surface
(ADR-262 P3)" section covering `/api/field` + `/ws/field`, the
fail-closed P1/P2-only egress, the WDP_RUFIELD_SIGNING_SEED dev key,
and the no-accuracy honesty note.
Co-Authored-By: claude-flow <ruv@ruv.net>
* ci: checkout submodules everywhere + Dockerfile copies vendor/rufield
Making wifi-densepose-rufield (ADR-262 bridge) a v2 workspace member means
EVERY cargo-on-workspace context must have the vendor/rufield submodule
present (cargo loads all member manifests). P1 only fixed the rust-tests
job; this adds `submodules: recursive` to all workflow checkouts that run
cargo (mqtt-integration was failing on the missing submodule manifest), and
makes Dockerfile.rust COPY vendor/rufield/ to /vendor/rufield (matches the
bridge's ../../../vendor/rufield path-dep under the collapsed Docker layout).
update-submodules.yml left alone (it manages submodules itself).
Co-Authored-By: claude-flow <ruv@ruv.net>
---------
Co-authored-by: ruv <ruvnet@gmail.com>
GitHub's /traffic/clones and /traffic/views endpoints only retain the
last 14 days server-side. Without periodic scraping, that data falls
off the cliff and is gone forever. This commit:
* Adds a scheduled GitHub Action (.github/workflows/clone-tracking.yml)
that runs on the 1st and 15th of every month (~14-day cadence) and
appends a snapshot to data/clone-data.rvf via the GitHub API.
* Seeds the file with today's first snapshot so the historical record
starts immediately rather than waiting for the next cron fire.
File format: ruvector JSONL RVF (schema "ruvector.rvf.jsonl/v1"). Each
line is one segment:
{type: "metadata", ...} — file header, written once on
first run
{type: "clone_snapshot", fetched_at,
window_count, window_uniques,
per_day: [{timestamp, count, uniques}, ...]}
— appended every run
{type: "view_snapshot", fetched_at,
window_count, window_uniques,
per_day: [{timestamp, count, uniques}, ...]}
— appended every run
Per-day entries are keyed by `timestamp`, so a downstream reader can
de-duplicate across overlapping snapshot windows (cron drift, manual
re-runs, etc.).
Today's seed:
clones (14d): 27,887 total / 6,611 uniques
views (14d): 162,314 total / 75,464 uniques
The workflow's commit message includes cumulative observed totals
("16 days observed → 30K clones, 28 days observed → 180K views"
style) so the git log itself doubles as a traffic timeline.
This is the long-term storage layer for the "downloads" badge work —
once we have a few months of snapshots, a small script can roll the
per-day entries into a real defensible number.
rUv