berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/scripts
History
rUv 281c4cb0ce
fix(firmware): OTA upload fails closed when no PSK in NVS (RuView#596 audit) (#623) 
ota_check_auth() previously returned true when s_ota_psk[0] == '\0'
("permissive for dev"). A freshly-flashed node — or any node where
nobody had provisioned an OTA PSK yet — accepted attacker-controlled
firmware over plain HTTP on port 8032 from any host on the WiFi. No
Secure Boot V2, no signed-image verification, no transport encryption.
Single LAN call could brick or backdoor a node.

This was flagged in the deep security review of PR #596 but was a
PRE-EXISTING bug in main, not new code from that PR — so it stood as
a critical-severity production issue until this commit.

Fix:
- ota_check_auth() now returns false when no PSK is provisioned, with
  ESP_LOGW("OTA rejected: no PSK in NVS …") at the call site so the
  operator can diagnose the rejection from serial logs
- ota_update_init() ESP_LOGW message updated to surface the new posture
  at boot ("upload endpoint will REJECT all requests until provisioned")
- Doc comment on ota_check_auth() rewritten to make the contract
  explicit and reference the audit

The OTA HTTP server itself still starts even when no PSK is set. That
lets the operator run `provision.py --ota-psk <hex>` over USB-CDC to
write the NVS key without reflashing the firmware. The upload endpoint
just refuses every request in the meantime.

Breaking change for any deployment that depended on the unauthenticated
OTA path working out of the box. Documented in CHANGELOG under
[Unreleased] / Security so it's visible at the next release cut.

Fix-marker RuView#596-ota-fail-closed (scripts/fix-markers.json)
requires the new behaviour and forbids the old "permissive for dev"
fallback strings, so a future revert fails CI.
 		2026-05-18 08:56:07 -04:00
..
swarm_presets feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
align-ground-truth.js feat: camera ground-truth training pipeline (ADR-079, #362) 2026-04-06 14:07:25 -04:00
apnea-detector.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
benchmark-model.py feat: GCloud GPU training pipeline + data collection + benchmarking 2026-04-02 22:04:57 -04:00
benchmark-rf-scan.js feat: ADR-073 multi-frequency mesh RF scanning 2026-04-03 00:18:29 -04:00
benchmark-ruvllm.js fix: ruvllm pipeline — 7 critical fixes, all metrics improved 2026-04-02 22:40:48 -04:00
benchmark-wiflow.js feat: ADR-072 WiFlow SOTA architecture — TCN + axial attention + pose decoder 2026-04-02 23:40:23 -04:00
check_fix_markers.py ci: fix-marker regression guard (witness-style) 2026-05-11 10:48:14 -04:00
check_health.py feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
collect-ground-truth.py feat: camera ground-truth training pipeline (ADR-079, #362) 2026-04-06 14:07:25 -04:00
collect-training-data.py feat: GCloud GPU training pipeline + data collection + benchmarking 2026-04-02 22:04:57 -04:00
csi-graph-visualizer.js feat: ADR-075 min-cut person separation — fixes #348 2026-04-03 00:34:57 -04:00
csi-spectrogram.js feat: ADR-076 CNN spectrogram embeddings + graph transformer fusion 2026-04-03 00:36:38 -04:00
deep-scan.js feat: deep-scan.js — comprehensive RF intelligence report 2026-04-03 13:03:18 -04:00
device-fingerprint.js feat: ADR-078 — 5 multi-frequency mesh applications 2026-04-03 08:52:50 -04:00
esp32_jsonl_to_rvcsi.py fix(rvcsi): scale-relative baseline-drift thresholds + ESP32 end-to-end validation 2026-05-12 22:19:15 -04:00
esp32_wasm_test.py feat: add ADR-042 CHCI protocol, 24 new edge modules, README restructure 2026-03-03 11:35:57 -05:00
eval-wiflow.js feat: camera ground-truth training pipeline (ADR-079, #362) 2026-04-06 14:07:25 -04:00
fix-markers.json fix(firmware): OTA upload fails closed when no PSK in NVS (RuView#596 audit) (#623) 2026-05-18 08:56:07 -04:00
gait-analyzer.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
gcloud-train.sh chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00
generate-witness-bundle.sh chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00
generate_nvs_matrix.py fix(firmware): fall detection, 4MB flash, QEMU CI (#263, #265) 2026-03-15 11:49:29 -04:00
inject_fault.py feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
install-qemu.sh feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
mac-mini-train.sh fix: remove hardcoded Tailscale IPs and usernames from public files 2026-04-06 14:39:21 -04:00
material-classifier.js feat: ADR-078 — 5 multi-frequency mesh applications 2026-04-03 08:52:50 -04:00
material-detector.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
mesh-graph-transformer.js feat: ADR-076 CNN spectrogram embeddings + graph transformer fusion 2026-04-03 00:36:38 -04:00
mincut-person-counter.js feat: ADR-075 min-cut person separation — fixes #348 2026-04-03 00:34:57 -04:00
mmwave_fusion_bridge.py feat: ADR-063/064 mmWave sensor fusion + multimodal ambient intelligence (#269) 2026-03-15 16:10:10 -04:00
passive-radar.js feat: ADR-078 — 5 multi-frequency mesh applications 2026-04-03 08:52:50 -04:00
probe-fft-platform.py fix(verify): cross-platform deterministic proof — 6-decimal quantize + thread-pinning (closes #560) (#609) 2026-05-17 19:50:55 -04:00
provision.py fix: bug triage for #559, #561, #588 + CI fixes for fuzz/swarm tests (#590) 2026-05-17 17:00:37 -04:00
publish-huggingface.py feat: HuggingFace model publishing pipeline + model card 2026-04-02 22:04:16 -04:00
publish-huggingface.sh feat: HuggingFace model publishing pipeline + model card 2026-04-02 22:04:16 -04:00
qemu-chaos-test.sh feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
qemu-cli.sh feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
qemu-esp32s3-test.sh feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
qemu-mesh-test.sh chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00
qemu-snapshot-test.sh feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
qemu_swarm.py fix: bug triage for #559, #561, #588 + CI fixes for fuzz/swarm tests (#590) 2026-05-17 17:00:37 -04:00
record-csi-udp.py feat: NaN-safe TCN + CSI UDP recorder for real ESP32 training (#362) 2026-04-06 17:18:41 -04:00
release-v0.5.4.sh feat: ADR-069 ESP32 CSI → Cognitum Seed RVF pipeline (v0.5.4-esp32) 2026-04-02 19:32:18 -04:00
rf-scan-multifreq.js feat: ADR-073 multi-frequency mesh RF scanning 2026-04-03 00:18:29 -04:00
rf-scan.js fix: add --bind flag for Windows firewall compatibility 2026-04-03 09:09:53 -04:00
rf-tomography.js feat: ADR-078 — 5 multi-frequency mesh applications 2026-04-03 08:52:50 -04:00
room-fingerprint.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
seed_csi_bridge.py fix: add --bind flag for Windows firewall compatibility 2026-04-03 09:09:53 -04:00
sleep-monitor.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
snn-csi-processor.js feat: ADR-074 spiking neural network for real-time CSI sensing 2026-04-03 00:34:31 -04:00
stress-monitor.js feat: ADR-077 — 6 novel RF sensing applications 2026-04-03 08:50:48 -04:00
swarm_health.py feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
through-wall-detector.js feat: ADR-078 — 5 multi-frequency mesh applications 2026-04-03 08:52:50 -04:00
train-camera-free.js feat: camera-free 17-keypoint pose training (10 sensor signals) 2026-04-02 23:05:07 -04:00
train-ruvllm.js fix: skip triplet JSON export for large datasets (>100K) 2026-04-03 09:37:08 -04:00
train-wiflow-supervised.js feat: scalable WiFlow model with 4 size presets (#362) 2026-04-06 14:55:35 -04:00
train-wiflow.js feat: ADR-072 WiFlow SOTA architecture — TCN + axial attention + pose decoder 2026-04-02 23:40:23 -04:00
training-config-sweep.json feat: GCloud GPU training pipeline + data collection + benchmarking 2026-04-02 22:04:57 -04:00
udp-relay.py fix(docker): UDP relay for multi-source ESP32 on Docker Desktop Windows (#502) 2026-05-17 18:01:44 -04:00
validate_mesh_test.py feat: QEMU ESP32-S3 testing platform + swarm configurator (ADR-061/062) (#260) 2026-03-14 13:39:51 -04:00
validate_qemu_output.py ADR-081: Implement 5-layer adaptive CSI mesh firmware kernel (#404) 2026-04-20 10:38:23 -04:00
wiflow-model.js feat: ADR-072 WiFlow SOTA architecture — TCN + axial attention + pose decoder 2026-04-02 23:40:23 -04:00