wifi-densepose/v2/crates/wifi-densepose-bfld/tests
ruv ac461f94fc feat(adr-118/p4.5): BfldPipeline facade + BfldConfig (146/146 GREEN)
Iter 19. Public lib.rs entry point per ADR-118 §2.1. Thin facade over
BfldEmitter that adds a config-driven builder and a privacy_mode
toggle for emergency demote-to-Restricted without rebuilding the
gate/ring/hasher state.

Added (gated on `feature = "std"`):
- src/pipeline.rs:
  * BfldConfig { node_id, default_zone_id, privacy_class, signature_hasher }
    with new/with_zone/with_privacy_class/with_signature_hasher builder
  * BfldPipeline { baseline_class, privacy_mode, emitter }
  * BfldPipeline::new(config) — initializes the underlying emitter
  * process(inputs, embedding) -> Option<BfldEvent>
    Delegates to emitter.emit() then post-processes: if privacy_mode is
    engaged, demotes the resulting event to Restricted and calls
    apply_privacy_gating to strip identity fields
  * enable_privacy_mode() / disable_privacy_mode() / is_privacy_mode_enabled()
  * current_privacy_class() — returns Restricted when privacy_mode else baseline
  * current_gate_action() — delegate diagnostic
- pub use BfldConfig, BfldPipeline from lib.rs

Design note: the privacy_mode override is applied post-emission, NOT by
rebuilding the emitter. This preserves gate state (current action,
pending transitions), ring contents, and hasher salt across the toggle —
critical for incident response where the operator needs to keep
detecting anomalies while temporarily redacting the public surface.

tests/pipeline_facade.rs (9 named tests, all green):
  config_defaults_to_anonymous_no_zone_no_hasher
  config_builder_methods_chain
  fresh_pipeline_is_not_in_privacy_mode
  pipeline_process_returns_anonymous_event_under_low_risk
  enable_privacy_mode_demotes_published_events_to_restricted
    (verifies BOTH identity_risk_score AND rf_signature_hash become None)
  disable_privacy_mode_restores_baseline_class
    (round-trip: enable → demoted → disable → restored to Anonymous)
  privacy_mode_overrides_derived_baseline_too
    (research-mode operator can still flip the emergency switch)
  pipeline_with_hasher_emits_derived_rf_signature_hash
  zone_is_threaded_from_config_to_event

ACs progressed:
- ADR-118 §2.1 — public entry point now matches the implementation
  plan §1.2 sketch: BfldPipeline::new(config) → process() → BfldEvent.
  Future iters add process_to_frame() and the tokio MQTT loop.
- ADR-118 §1.5 enable_privacy_mode requirement — operator can engage
  Restricted-class redaction without restarting the pipeline or
  losing in-flight detection state. First runtime witness of this.

Test config:
- cargo test --no-default-features → 72 passed (pipeline cfg-out)
- cargo test                       → 146 passed (137 + 9)

Out of scope (next iter target):
- process_to_frame(inputs, payload, embedding) -> Option<BfldFrame>
  for callers that need wire-format bytes rather than JSON events.
- BfldPipelineHandle wrapping the pipeline in Arc<Mutex<...>> + a
  tokio task that pumps an MQTT loop (ADR-122 §2.2 emitter half).

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-24 16:28:42 -04:00
..
coherence_gate.rs feat(adr-118/p3.3): CoherenceGate hysteresis + 5s debounce — 85/85 GREEN 2026-05-24 15:07:40 -04:00
embedding_ring.rs feat(adr-118/p2.2): EmbeddingRing 64-entry FIFO buffer — 53/53 GREEN 2026-05-24 14:37:03 -04:00
emitter_hasher.rs feat(adr-118/p4.3): wire SignatureHasher into BfldEmitter (123/123 GREEN) 2026-05-24 15:57:44 -04:00
emitter_pipeline.rs feat(adr-118/p4.2): BfldEmitter end-to-end pipeline (109/109 GREEN) 2026-05-24 15:37:23 -04:00
event_privacy_gating.rs feat(adr-118/p4.1): BfldEvent privacy-gated output + JSON (102/102 GREEN) 2026-05-24 15:27:49 -04:00
frame_header_size.rs feat(adr-118/p1): scaffold wifi-densepose-bfld crate + frame header (3/3 tests GREEN) 2026-05-24 13:34:05 -04:00
frame_payload_integration.rs feat(adr-118/p1.6): BfldFrame <-> BfldPayload wire integration (39/39 GREEN) 2026-05-24 14:16:54 -04:00
frame_roundtrip.rs feat(adr-118/p1.4): BfldFrame (header + payload + CRC32) — 24/24 GREEN 2026-05-24 13:58:26 -04:00
header_roundtrip.rs feat(adr-118/p1.2): header encode/decode + 6 round-trip tests (9/9 GREEN) 2026-05-24 13:38:11 -04:00
identity_embedding.rs feat(adr-118/p2.1): IdentityEmbedding newtype + zeroizing Drop — 44/44 GREEN 2026-05-24 14:27:28 -04:00
identity_features_encoder.rs feat(adr-118/p3.6): IdentityFeatures canonical-bytes encoder (137/137 GREEN) 2026-05-24 16:18:33 -04:00
identity_risk_score.rs feat(adr-118/p3.2): identity_risk score + GateAction enum — 72/72 GREEN 2026-05-24 14:57:08 -04:00
json_hash_format.rs feat(adr-118/p4.4): rf_signature_hash JSON as "blake3:<hex>" (128/128 GREEN) 2026-05-24 16:08:29 -04:00
payload_sections.rs feat(adr-118/p1.5): payload section parser (BfldPayload) — 32/32 GREEN 2026-05-24 14:07:14 -04:00
pipeline_facade.rs feat(adr-118/p4.5): BfldPipeline facade + BfldConfig (146/146 GREEN) 2026-05-24 16:28:42 -04:00
privacy_gate_demote.rs feat(adr-118/p3.1): PrivacyGate::demote monotonic class transformer (60/60 GREEN) 2026-05-24 14:48:01 -04:00
signature_hasher.rs feat(adr-118/p3.5): SignatureHasher (BLAKE3-keyed) — 117/117 GREEN 2026-05-24 15:47:21 -04:00
sink_enforcement.rs feat(adr-118/p1.3): Sink marker traits + PrivacyClass::try_from (17/17 GREEN) 2026-05-24 13:43:05 -04:00
soul_match_oracle.rs feat(adr-118/p3.4): SoulMatchOracle + Recalibrate exemption (93/93 GREEN) 2026-05-24 15:17:24 -04:00