github ruvnet/RuView v1075
Release v1075
on GitHub

latest releases: v1136, v1133, v1115...
4 hours ago

Automated release from CI pipeline

Changes:
adr-106: differential privacy + biometric primitive isolation for federation (#718)

Direct extension of ADR-105. Closes both items deferred from ADR-105:
(1) member-inference defence, (2) biometric primitive isolation
enforcement.

Three-layer defence:

  1. PRIMITIVE ISOLATION (R15 binding) -- API-level tagging of on-device-
    only tensors. Compile-time error when ✅ tagged tensors are passed
    to submit_delta().
  2. GRADIENT CLIPPING (Abadi 2016) -- per-sample L2 norm <= C (default
    C=1.0) before delta computation.
  3. GAUSSIAN NOISE (DP-SGD) -- N(0, sigma^2C^2I) added to aggregated
    LoRA delta before transmission.

Privacy budget via Moments Accountant (delta=1e-5):

  • Conservative (medical-grade): sigma=1.5, 50 rounds, epsilon=2.0
  • Standard (typical RuView): sigma=1.0, 100 rounds, epsilon=5.0
  • Lenient: sigma=0.5, 100 rounds, epsilon=8.0

On-device-only primitive list (R15-binding):

  • Raw CSI window
  • Gait stride frequency
  • Breathing rate (per-subject)
  • HRV rate signature
  • RCS frequency response curve
  • Limb timing vector
  • Per-subject embedding centroid

Implementation budget: +300 LOC on top of ADR-105's 500 LOC = total
~800 LOC ruview-fed crate. 3-week effort estimate.

Composes:

  • R3: Layer 1 blocks per-subject embedding centroid transmission
  • R7: mincut compatible with DP-noised deltas (operates on noised graph)
  • R12/R13 negative results: informed the noise-vs-structure-detection
    design choice (treat adversarial deltas as outliers from noisy
    distribution, not structural-detection problem)
  • R14: privacy framework now has formal (epsilon, delta) backing
  • R15: requirements basis = on-device-only primitive list made executable
  • ADR-105: DP-SGD slots into step 4 of federation protocol

Closes the privacy story: R3 + R14 + R15 + ADR-105 + ADR-106 = complete
chain from physics (R6) -> embeddings (R3) -> personalised features (R14)
-> trained how (ADR-105) -> defended how (R7) -> privacy-bounded how
(ADR-106).

Honest scope:

  • sigma values are recommendations, not measurements (per-cog tuning needed)
  • (epsilon, delta)-DP is worst-case bound; auxiliary info changes practical leakage
  • Moments Accountant is conservative
  • Subject-level DP not formalised (household of 4 = K=4 subjects)
  • Side-channel timing leaks out of scope (future ADR)

Explicitly deferred:

  • ADR-107: cross-installation federation w/ secure aggregation

Coordination: ticks/tick-15.md, no PROGRESS.md edit.

Docker Image:
ghcr.io/ruvnet/RuView:28d97e8f6a2fe787d66503d2d0d680f1b252a122

Check out latest releases or
releases around ruvnet/RuView v1075

Don't miss a new RuView release

NewReleases is sending notifications on new releases.

Get notifications