cbb365729f
Iter 50. PR-readiness pivot iter #1. Lands the BFLD entry under CHANGELOG.md's [Unreleased] section per the project's pre-merge checklist (CLAUDE.md). Plus a validation test that catches drift if someone edits the entry and breaks the operator-facing summary. Added (in CHANGELOG.md): - New top-of-[Unreleased]-Added bullet for BFLD spanning: * ADR-118 umbrella + invariants I1/I2/I3 + their enforcement mechanism (Sink traits / Drop+no-Serialize / per-site BLAKE3) * ADR-119 frame format (86-byte header, payload sections, CRC32) * ADR-120 privacy classes + PrivacyGate::demote + apply_privacy_gating * ADR-121 multiplicative risk score + CoherenceGate + SoulMatchOracle * ADR-122 MQTT topic router + HA discovery + availability + LWT * ADR-123 capture path (reference; production capture is Pi5/Nexmon hardware-gated and remains skipped) * BfldPipelineHandle worker + spawn_with_oracle for Soul Signature * 3 operator HA blueprints (presence-lighting / motion-HVAC / identity-risk-anomaly) * Two runnable examples (bfld_minimal, bfld_handle) * eclipse-mosquitto:2 CI service container workflow * Performance measurements: 320k frames/sec, p95 0.9µs, 9.96 Hz * 327 default-feature tests, 101 no_std-compatible, 220+ with mqtt * Companion research dossier docs/research/BFLD/ (11 files, 13,544 words) * try-it command: cargo run -p wifi-densepose-bfld --example bfld_handle Added (in tests/changelog_entry.rs, 5 tests): - changelog_documents_bfld_entry_under_unreleased Slices CHANGELOG from `## [Unreleased]` to the first numbered version header and asserts the block contains BFLD, wifi-densepose-bfld, and the #787 tracking link. - changelog_bfld_entry_cites_companion_adrs Substring asserts ADR-118..123 each appear at least once. - changelog_bfld_entry_names_three_structural_invariants **I1**, **I2**, **I3** must be called out by name. - changelog_bfld_entry_documents_a_runnable_example Operators get a copy-pasteable cargo command. - changelog_bfld_entry_references_research_bundle Caught + fixed during iter: - First draft used "ADR-118 through ADR-123" shorthand; the per-ADR substring test fired for ADR-120 (not literally present). Re-wrote the parenthetical to "ADR-118 umbrella + ADR-119 frame format + ADR-120 privacy class + ADR-121 identity risk scoring + ADR-122 RuView HA/Matter exposure + ADR-123 capture path" so each ADR number is its own grep-discoverable token. ADR-124 status (iter step 0 sibling check): - docs/adr/ADR-124-rvagent-mcp-ruvector-npm-integration.md unchanged at 431 lines. SENSE-BRIDGE scope remains orthogonal. ACs progressed: - Pre-merge checklist item #5 (CLAUDE.md) — CHANGELOG `[Unreleased]` entry shipped. PR description can now link to the line + commit range as evidence. Test config: - cargo test --no-default-features → 101 passed (changelog_entry cfg-out) - cargo test → 332 passed (327 + 5) Out of scope (next iter target): - Pre-merge checklist remaining: README.md update (#3 — points at the new crate from the workspace level), user-guide.md (#6), witness bundle regeneration (#8). External-resource-gated work (KIT BFId, Pi5/Nexmon) still skipped. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|---|---|---|
| .. | ||
| examples | ||
| src | ||
| tests | ||
| Cargo.toml | ||
| README.md | ||
README.md
wifi-densepose-bfld
BFLD — Beamforming Feedback Layer for Detection. Privacy-gated WiFi sensing primitives derived from 802.11ac/ax Beamforming Feedback Information (BFI). See ADR-118 for the umbrella architecture decision and docs/research/BFLD/ for the full design dossier.
Three structural invariants
The crate enforces three privacy invariants structurally (via the type system + memory hygiene), not by policy text:
| ID | Invariant | Enforced by |
|---|---|---|
| I1 | Raw BFI never exits the node | [Sink] marker-trait hierarchy + [PrivacyClass::Raw.allows_network() == false] |
| I2 | Identity embedding is in-RAM-only | [IdentityEmbedding] has no Serialize / Clone / Copy + Drop zeroizes storage |
| I3 | Cross-site identity correlation is cryptographically impossible | [SignatureHasher] per-site BLAKE3-keyed hash with daily epoch rotation |
Quickstart
Minimal in-process consumer (see examples/bfld_minimal.rs):
use wifi_densepose_bfld::{
BfldConfig, BfldPipeline, IdentityEmbedding, SensingInputs,
SignatureHasher, EMBEDDING_DIM, SITE_SALT_LEN,
};
let mut pipeline = BfldPipeline::new(
BfldConfig::new("seed-01")
.with_signature_hasher(SignatureHasher::new([0xAB; SITE_SALT_LEN])),
);
let event = pipeline
.process(
SensingInputs { /* timestamp, presence, motion, ... */
timestamp_ns: 1_700_000_000_000_000_000, presence: true,
motion: 0.42, person_count: 1, sensing_confidence: 0.91,
sep: 0.2, stab: 0.2, consist: 0.2, risk_conf: 0.2,
rf_signature_hash: None,
},
Some(IdentityEmbedding::from_raw([0.05; EMBEDDING_DIM])),
)
.expect("low-risk emit");
println!("{}", event.to_json().unwrap());
Production worker-thread + HA-DISCO publishing (see examples/bfld_handle.rs):
use wifi_densepose_bfld::{
publish_availability_online, publish_discovery, BfldConfig, BfldPipeline,
BfldPipelineHandle, PipelineInput, PrivacyClass, SignatureHasher,
};
// Bootstrap: retained "online" + 6 retained HA-DISCO config payloads.
publish_availability_online(&mut publisher, "seed-01")?;
publish_discovery(&mut publisher, "seed-01", PrivacyClass::Anonymous)?;
// Spawn worker. Per-frame: handle.send(PipelineInput { inputs, embedding }).
let handle = BfldPipelineHandle::spawn(
BfldPipeline::new(BfldConfig::new("seed-01")
.with_signature_hasher(SignatureHasher::new(salt))),
publisher,
);
handle.send(PipelineInput { inputs, embedding })?;
Feature flags
| Feature | Default | Pulls in | Enables |
|---|---|---|---|
std |
✅ | (no extra deps) | BfldFrame, BfldPayload, BfldPipeline, BfldPipelineHandle, BfldEvent, BfldEmitter, PrivacyGate, MQTT topic router, HA discovery |
serde-json |
✅ | serde + serde_json |
BfldEvent::to_json(), custom rf_signature_hash: "blake3:<hex>" serializer, privacy_class string encoding |
mqtt |
— | rumqttc 0.24 (use-rustls) |
RumqttPublisher, connect_with_lwt, live broker integration |
soul-signature |
— | — | --features gate signaling Soul Signature deployment (ADR-118 §1.4, ADR-120 §2.7, ADR-121 §2.6) |
Stripping to --no-default-features keeps the no_std-compatible core (BfldFrameHeader, PrivacyClass, Sink traits, CoherenceGate, SignatureHasher, IdentityEmbedding, EmbeddingRing, risk-score function + GateAction).
Examples
cargo run -p wifi-densepose-bfld --example bfld_minimal # in-process consumer
cargo run -p wifi-densepose-bfld --example bfld_handle # worker-thread + HA-DISCO
Companion artifacts
| Path | Purpose |
|---|---|
docs/adr/ADR-118 through ADR-123 |
Architecture decisions |
docs/research/BFLD/ |
13,544-word design bundle (11 files) |
v2/crates/cog-ha-matter/blueprints/bfld/ |
Three HA operator blueprints (presence-lighting, motion-HVAC, identity-risk-anomaly) |
.github/workflows/bfld-mqtt-integration.yml |
CI matrix incl. live mosquitto Docker service |
ADR cross-reference
| ADR | Scope |
|---|---|
| 118 | Umbrella + invariants I1/I2/I3 |
| 119 | Wire format (86-byte header + payload sections + CRC-32/ISO-HDLC) |
| 120 | 4 privacy classes + per-site keyed hash with daily rotation |
| 121 | Multiplicative risk score + coherence-gate hysteresis + Soul Signature exemption |
| 122 | HA-DISCO + Matter cluster boundary + MQTT topic routing |
| 123 | Pi 5 / Nexmon capture adapter + ESP32 self-only mode |
Testing
cargo test -p wifi-densepose-bfld --no-default-features # no_std-compatible core
cargo test -p wifi-densepose-bfld # default std + serde-json
cargo test -p wifi-densepose-bfld --features mqtt # incl. rumqttc smoke
A BFLD_MQTT_BROKER=tcp://localhost:1883 env var unlocks the live-broker mosquitto_integration test suite (see tests/mosquitto_integration.rs).
License
MIT — same as the wifi-densepose workspace.