wifi-densepose

History

ruv f02b431b59 fix(security,firmware): secure-by-default Docker auth (#864 ) + CSI yield recovery (#866 ) #864 — Docker no longer exposes the sensing API/stream unauthenticated: - Add `require_ws_token` middleware gating `/ws/*` (sensing + introspection) with the API token via `?token=` (browser) or `Authorization: Bearer` (programmatic). Previously /ws/sensing was ungated even with a token set. - docker-entrypoint.sh now fails closed: auto-generates a strong RUVIEW_API_TOKEN when none is supplied and prints it; explicit RUVIEW_ALLOW_UNAUTHENTICATED=1 restores the open LAN posture. - compose/Dockerfile wire the env vars; startup logs + CI smoke test updated to assert secure-by-default (401 with no token) and the opt-out path. - 7 new bearer_auth unit tests (15 total pass). #866 — CSI callbacks were starving (~3 in 70s, 0pps) under the MGMT-only promiscuous filter: - The documented "10 Hz probe injection" never existed — implement it for real (csi_inject_probe_request + 10 Hz timer). Validated on ESP32-C6 (COM9): probe TX succeeds at 10 Hz, but management-frame CSI stays sparse. - Re-admit DATA frames (MGMT+DATA) now that the original wDev_ProcessFiq SPI-cache crash is mitigated by WiFi RX/TX IRAM opts + the existing 50 Hz rate gate. Kconfig CSI_PROMISC_MGMT_ONLY falls back if needed. - Hardware-validated on COM9: yield 0 -> ~9pps avg (peak 19), presence/motion sensing restored, 0 panics over 35s. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-30 11:37:07 -04:00
..
workflows	fix(security,firmware): secure-by-default Docker auth (#864 ) + CSI yield recovery (#866 )	2026-05-30 11:37:07 -04:00
dependabot.yml	security: pin GitHub Actions to SHAs and bump vulnerable npm deps (#442 )	2026-04-28 08:46:51 -04:00

ruv f02b431b59 fix(security,firmware): secure-by-default Docker auth (#864 ) + CSI yield recovery (#866 )

#864 — Docker no longer exposes the sensing API/stream unauthenticated:
- Add `require_ws_token` middleware gating `/ws/*` (sensing + introspection)
  with the API token via `?token=` (browser) or `Authorization: Bearer`
  (programmatic). Previously /ws/sensing was ungated even with a token set.
- docker-entrypoint.sh now fails closed: auto-generates a strong
  RUVIEW_API_TOKEN when none is supplied and prints it; explicit
  RUVIEW_ALLOW_UNAUTHENTICATED=1 restores the open LAN posture.
- compose/Dockerfile wire the env vars; startup logs + CI smoke test updated
  to assert secure-by-default (401 with no token) and the opt-out path.
- 7 new bearer_auth unit tests (15 total pass).

#866 — CSI callbacks were starving (~3 in 70s, 0pps) under the MGMT-only
promiscuous filter:
- The documented "10 Hz probe injection" never existed — implement it for
  real (csi_inject_probe_request + 10 Hz timer). Validated on ESP32-C6 (COM9):
  probe TX succeeds at 10 Hz, but management-frame CSI stays sparse.
- Re-admit DATA frames (MGMT+DATA) now that the original wDev_ProcessFiq
  SPI-cache crash is mitigated by WiFi RX/TX IRAM opts + the existing 50 Hz
  rate gate. Kconfig CSI_PROMISC_MGMT_ONLY falls back if needed.
- Hardware-validated on COM9: yield 0 -> ~9pps avg (peak 19), presence/motion
  sensing restored, 0 panics over 35s.

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-30 11:37:07 -04:00

workflows

fix(security,firmware): secure-by-default Docker auth (#864 ) + CSI yield recovery (#866 )

2026-05-30 11:37:07 -04:00

dependabot.yml

security: pin GitHub Actions to SHAs and bump vulnerable npm deps (#442 )

2026-04-28 08:46:51 -04:00