berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/v2/crates/wifi-densepose-sensing-server
History
ruv c641fc44ae feat(docker+sensing-server): refresh Docker publish + opt-in bearer-token API auth 
Closes #520, #514, #443.

## #520 / #514 — stale Docker image, missing UI assets

`ruvnet/wifi-densepose:latest` was published before `ui/observatory*` and
`ui/pose-fusion*` were added; users see /app/ui missing those files and the
v0.6+ packet format doesn't reach the server. Two fixes:

1. `docker/Dockerfile.rust` now `RUN`s a build-time guard after `COPY ui/`
   that fails the build if `index.html` / `observatory.html` / `pose-fusion.html`
   / `viz.html` (or the `observatory/` / `pose-fusion/` / `components/` /
   `services/` directories) are missing, plus an exec-bit check on
   `/app/sensing-server`. A stale image can never be silently produced again.

2. New `.github/workflows/sensing-server-docker.yml` rebuilds + pushes on
   every change to the Dockerfile, the server crate, the signal/vitals/
   wifiscan crates, the workspace manifests, the `ui/` tree, or itself —
   plus `v*` tags and manual dispatch. Pushes to both `docker.io/ruvnet/
   wifi-densepose` AND `ghcr.io/ruvnet/wifi-densepose` with `latest` +
   `vX.Y.Z` + `sha-<short>` tags, then post-push smoke-tests the artifact:
   /health, /api/v1/info, the observatory + pose-fusion HTML, AND the
   bearer-auth path (no token → 401, wrong → 401, correct → 200). Uses the
   `DOCKERHUB_USERNAME`/`DOCKERHUB_TOKEN` repo secrets; ghcr.io rides on
   the workflow's GITHUB_TOKEN.

## #443 — sensing-server REST API auth model

QE security audit raised that 40+ /api/v1/* routes have no auth layer with
a default `0.0.0.0` bind. New `wifi_densepose_sensing_server::bearer_auth`
module + middleware:

  - Env-var-gated: `RUVIEW_API_TOKEN` unset/empty ⇒ middleware is a no-op
    (current LAN-mode behaviour preserved — **no default change**); set ⇒
    every `/api/v1/*` request must carry `Authorization: Bearer <token>`
    or the server returns 401.
  - Constant-time byte compare via local `ct_eq` (no new dep).
  - `/health*`, `/ws/sensing`, and `/ui/*` are intentionally never gated
    (orchestrator probes + local browsers).
  - Startup logs which mode is active and warns when auth is ON with a
    `0.0.0.0` bind.
  - 8 unit tests on the middleware via `tower::ServiceExt::oneshot`
    (sensing-server lib tests 191 → 199, 0 failures).

Verified locally: `cargo build --workspace --no-default-features` ✓,
`cargo test -p wifi-densepose-sensing-server --no-default-features` ✓.

Co-Authored-By: claude-flow <ruv@ruv.net>
 		2026-05-13 08:52:25 -04:00
..
src feat(docker+sensing-server): refresh Docker publish + opt-in bearer-token API auth 2026-05-13 08:52:25 -04:00
tests chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00
Cargo.toml feat(docker+sensing-server): refresh Docker publish + opt-in bearer-token API auth 2026-05-13 08:52:25 -04:00
README.md chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00

README.md

wifi-densepose-sensing-server

Crates.io Documentation License

Lightweight Axum server for real-time WiFi sensing with RuVector signal processing.

Overview

wifi-densepose-sensing-server is the operational backend for WiFi-DensePose. It receives raw CSI frames from ESP32 hardware over UDP, runs them through the RuVector-powered signal processing pipeline, and broadcasts processed sensing updates to browser clients via WebSocket. A built-in static file server hosts the sensing UI on the same port.

The crate ships both a library (wifi_densepose_sensing_server) exposing the training and inference modules, and a binary (sensing-server) that starts the full server stack.

Integrates wifi-densepose-wifiscan for multi-BSSID WiFi scanning per ADR-022 Phase 3.

Features

  • UDP CSI ingestion -- Receives ESP32 CSI frames on port 5005 and parses them into the internal CsiFrame representation.
  • Vital sign detection -- Pure-Rust FFT-based breathing rate (0.1--0.5 Hz) and heart rate (0.67--2.0 Hz) estimation from CSI amplitude time series (ADR-021).
  • RVF container -- Standalone binary container format for packaging model weights, metadata, and configuration into a single .rvf file with 64-byte aligned segments.
  • RVF pipeline -- Progressive model loading with streaming segment decoding.
  • Graph Transformer -- Cross-attention bottleneck between antenna-space CSI features and the COCO 17-keypoint body graph, followed by GCN message passing (ADR-023 Phase 2). Pure std, no ML dependencies.
  • SONA adaptation -- LoRA + EWC++ online adaptation for environment drift without catastrophic forgetting (ADR-023 Phase 5).
  • Contrastive CSI embeddings -- Self-supervised SimCLR-style pretraining with InfoNCE loss, projection head, fingerprint indexing, and cross-modal pose alignment (ADR-024).
  • Sparse inference -- Activation profiling, sparse matrix-vector multiply, INT8/FP16 quantization, and a full sparse inference engine for edge deployment (ADR-023 Phase 6).
  • Dataset pipeline -- Training dataset loading and batching.
  • Multi-BSSID scanning -- Windows netsh integration for BSSID discovery via wifi-densepose-wifiscan (ADR-022).
  • WebSocket broadcast -- Real-time sensing updates pushed to all connected clients at ws://localhost:8765/ws/sensing.
  • Static file serving -- Hosts the sensing UI on port 8080 with CORS headers.

Modules

Module Description
vital_signs Breathing and heart rate extraction via FFT spectral analysis
rvf_container RVF binary format builder and reader
rvf_pipeline Progressive model loading from RVF containers
graph_transformer Graph Transformer + GCN for CSI-to-pose estimation
trainer Training loop orchestration
dataset Training data loading and batching
sona LoRA adapters and EWC++ continual learning
sparse_inference Neuron profiling, sparse matmul, INT8/FP16 quantization
embedding Contrastive CSI embedding model and fingerprint index

Quick Start

# Build the server
cargo build -p wifi-densepose-sensing-server

# Run with default settings (HTTP :8080, UDP :5005, WS :8765)
cargo run -p wifi-densepose-sensing-server

# Run with custom ports
cargo run -p wifi-densepose-sensing-server -- \
    --http-port 9000 \
    --udp-port 5005 \
    --static-dir ./ui

Using as a library

use wifi_densepose_sensing_server::vital_signs::VitalSignDetector;

// Create a detector with 20 Hz sample rate
let mut detector = VitalSignDetector::new(20.0);

// Feed CSI amplitude samples
for amplitude in csi_amplitudes.iter() {
    detector.push_sample(*amplitude);
}

// Extract vital signs
if let Some(vitals) = detector.detect() {
    println!("Breathing: {:.1} BPM", vitals.breathing_rate_bpm);
    println!("Heart rate: {:.0} BPM", vitals.heart_rate_bpm);
}

Architecture

ESP32 ──UDP:5005──> [ CSI Receiver ]
                          |
                    [ Signal Pipeline ]
                    (vital_signs, graph_transformer, sona)
                          |
                    [ WebSocket Broadcast ]
                          |
Browser <──WS:8765── [ Axum Server :8080 ] ──> Static UI files

Related Crates

Crate Role
wifi-densepose-wifiscan Multi-BSSID WiFi scanning (ADR-022)
wifi-densepose-core Shared types and traits
wifi-densepose-signal CSI signal processing algorithms
wifi-densepose-hardware ESP32 hardware interfaces
wifi-densepose-wasm Browser WASM bindings for the sensing UI
wifi-densepose-train Full training pipeline with ruvector
wifi-densepose-mat Disaster detection module

License

MIT OR Apache-2.0