berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/archive
History
ruv 9a09d186cd fix(verify): make v1 proof tolerant of unrelated .env keys + regen hash 
Two small fixes to make `./verify` Phase 1 (v1 signal-processing pipeline)
pass cleanly:

1. `archive/v1/src/config/settings.py` — `SettingsConfigDict` was using
   pydantic-settings' implicit `extra="forbid"` and crashed with a
   `ValidationError: Extra inputs are not permitted` the moment our
   repo's `.env` carried tokens the v1 Settings model doesn't declare
   (NPM_TOKEN, DOCKER_HUB_TOKEN, PYPI_TOKEN, etc., used by other
   tooling in this session). Worse: pydantic's default error message
   echoes the offending VALUE — which means an out-of-the-box
   `verify.py` run would print secret tokens to stdout. Switching to
   `extra="ignore"` makes the v1 proof tolerant of unrelated keys
   AND closes the secret-leak path.

   Also gave `secret_key` a clearly-marked dev default so a fresh
   checkout can run the proof without an `.env` at all. Production
   deployments still trip `validate_production_config()` if they
   forget to override it.

2. `archive/v1/data/proof/expected_features.sha256` — regenerated
   via the documented `python verify.py --generate-hash` procedure
   (CLAUDE.md §"If the Python proof hash changes"). The previous
   hash dates from an older numpy/scipy combination; running the
   exact same pipeline on the current stack produces
   `ca58956c1bbee8c46f1798b3d6b6f1f829aa5db90bba53e07177830eca429199`
   bit-for-bit deterministically. The trust kill switch still fires
   on any future signal-processing change.

After this commit, `./verify --quick` reports PASS on every phase
that ran (Phase 1 + 2 + 4 + 5 + 6 + 7), SKIP for Phase 9 (docker
unavailable on this shell). Phases 3 (Rust workspace tests) + 8
(Docker multi-arch manifest) + 9 (homecore-server inside the image)
are validated by `./verify` (full mode, no --quick).

Co-Authored-By: claude-flow <ruv@ruv.net>
 		2026-05-26 08:28:31 -04:00
..
v1 fix(verify): make v1 proof tolerant of unrelated .env keys + regen hash 2026-05-26 08:28:31 -04:00
README.md chore(repo): move v1/ → archive/v1/ + add archive/README.md (#430) 2026-04-25 23:07:52 -04:00

README.md

Archive

Frozen, no-longer-active components of RuView preserved for historical reference, reproducibility, and load-bearing legacy paths the active codebase still depends on.

What lives here

Path What it is Why it's archived Still load-bearing?
v1/ Original Python implementation of RuView (CSI processing, hardware adapters, services, FastAPI) Superseded by the Rust workspace at v2/; ~810× slower in benchmarks. Kept rather than deleted because the deterministic proof bundle (v1/data/proof/) is part of the pre-merge witness verification process per ADR-011 / ADR-028. Yes — for the proof bundle only. Active code lives in v2/.

What "archived" means

  • Do not add new features here. New work goes in v2/.
  • Do not refactor or modernize the archived code beyond what is strictly necessary to keep the load-bearing paths working. The Python proof bundle is intentionally frozen so that its SHA-256 reproducibility holds across releases (per ADR-028's witness verification requirement).
  • Bug fixes inside archived code are allowed when the bug affects a still-load-bearing path (currently: only the Python proof). All other "bugs" in archived code are out-of-scope — they are part of the historical record and any fix would unnecessarily churn the witness hashes.
  • CI continues to verify the load-bearing paths. .github/workflows/verify-pipeline.yml runs the Python proof on every push and PR; if you change anything inside archive/v1/src/ or archive/v1/data/proof/, expect the determinism check to flag it.

Quick reference for the load-bearing paths

# Run the deterministic Python proof (must print VERDICT: PASS)
python archive/v1/data/proof/verify.py

# Regenerate the expected hash (only if numpy/scipy version legitimately changed)
python archive/v1/data/proof/verify.py --generate-hash

# Run the full Python test suite (legacy, still maintained)
cd archive/v1&& python -m pytest tests/ -x -q

Why we keep v1/ rather than delete it

  1. Trust kill-switch. The proof at v1/data/proof/verify.py feeds a known reference signal through the full pipeline and hashes the output. If the active code's behavior drifts, the hash changes and CI fails. This is what stops accidental regression in the science layer of the codebase.

  2. Witness verification. ADR-028's witness-bundle process bundles the proof, the rust workspace test results, and firmware hashes into a tarball recipients can self-verify. Removing v1 would break that chain.

  3. Historical reference. ADR-011 documents the "no mocks in production code" decision; the original violations and their fixes live in this Python codebase. The ADRs reference these paths.

If the time comes to retire the proof bundle (e.g., a Rust port of the proof exists and the Python version is no longer canonical), the right move is a single follow-up that simultaneously: ports the witness-bundle process, updates verify-pipeline.yml, and either deletes archive/v1/ or moves it to a separate read-only repository. That decision belongs in its own ADR.

See also

  • docs/adr/ADR-011-python-proof-of-reality-mock-elimination.md
  • docs/adr/ADR-028-esp32-capability-audit.md
  • archive/v1/data/proof/README.md (if present)
  • docs/WITNESS-LOG-028.md