Automated release from CI pipeline
Changes:
fix(protocol): resolve 0xC511_0004 magic collision (closes #928) (#931)
- fix(ci): SAST actually scans the code + drop deprecated flaky semgrep action
Two real problems in the Static Application Security Testing job:
-
It scanned a path that no longer exists.
bandit -r src/and
semgrep … src/pointed at the repo-rootsrc/, but the Python code
moved toarchive/v1/src/(64 .py files) when the runtime was rewritten
in Rust. So the SAST scan matched nothing — a silent no-op (this is also
whybandit-results.sarifwas "Path does not exist" on recent runs).
Fixed both toarchive/v1/src/. -
Deprecated + redundant + flaky semgrep step. The
returntocorp/semgrep-action@v1step pulledreturntocorp/semgrep-agent:v1
from Docker Hub every run (intermittently timing out → red check, e.g. on
#929) and is EOL. It was redundant: the pipsemgrep --sarifstep is what
feeds GitHub Security; the action only pushed to the Semgrep cloud app via
SEMGREP_APP_TOKEN. Removed it and folded itsp/docker+p/kubernetes
rulesets into the pip semgrep command, so coverage is preserved with no
Docker pull.
The job stays continue-on-error: true (non-gating). YAML validated.
Co-Authored-By: claude-flow ruv@ruv.net
- fix(protocol): resolve 0xC511_0004 magic collision (closes #928)
Background
0xC511_0004 was assigned to two different packet formats in firmware
— EDGE_FUSED_MAGIC (ADR-063, 48-byte edge_fused_vitals_pkt_t) and
WASM_OUTPUT_MAGIC (ADR-040, variable-length wasm_output_pkt_t).
Both were transmitted. The sensing-server only had a WASM parser for
that magic and no fused-vitals parser, so on the ESP32-C6 + MR60BHA2
mmWave configuration the fused-vitals packet was silently misparsed
as a malformed WASM output — breathing_rate was read as
event_count, mmWave-fused vitals were lost, and spurious WASM events
were emitted to subscribers.
Fix
-
Reassign
WASM_OUTPUT_MAGICto0xC511_0007(next free slot per
the registry inrv_feature_state.h). Smaller blast radius than
moving fused-vitals — the registry already treats0xC511_0004as
fused-vitals canonical and several years of deployed feature
tracking depends on that assignment. -
Add
parse_edge_fused_vitals+EdgeFusedVitalsPacketin
wifi-densepose-sensing-server::main. Byte layout taken directly
fromedge_processing.h:129, mirroring the firmware's
_Static_assert(sizeof(edge_fused_vitals_pkt_t) == 48)so future
firmware changes that grow the packet will break this parser
loudly instead of silently. -
Add a dispatch arm in the UDP receive loop. Fused-vitals is tried
BEFORE WASM so a stale firmware (still emitting 0xC511_0004 with
the WASM payload) fails to parse as fused-vitals (size mismatch),
then fails to parse as WASM (magic mismatch on the new 0x...0007),
and gets dropped — a deliberate "fail loud" outcome rather than the
pre-fix silent garbage. -
Update the registry comment in
rv_feature_state.hto add the new
0x...0007 row. -
Add five tests in a new
issue_928_magic_collision_testsmod:parse_edge_fused_vitals_extracts_fields_correctlyparse_edge_fused_vitals_rejects_short_bufferparse_edge_fused_vitals_rejects_wrong_magicparse_wasm_output_rejects_legacy_0004_magicparse_wasm_output_accepts_new_0007_magic
WebSocket payload
Fused-vitals now broadcasts as {"type": "edge_fused_vitals", ...}
with the mmWave-specific block nested under mmwave. Schema is
additive — existing subscribers that only inspect type are
unaffected; subscribers that switch on type gain a new branch.
Deployment note
This is a wire-protocol change. Firmware older than this commit that
emits WASM output on 0xC511_0004 will lose its WASM event stream
against an updated host (host expects 0xC511_0007). Per the issue
discussion, "fail loud" is preferred to silent misparsing. Operators
running C6+mmWave should reflash firmware concurrent with the host
upgrade.
Test results
cargo test -p wifi-densepose-sensing-server --no-default-features
--bin sensing-server
→ 122 passed / 0 failed (5 new + 117 existing, unchanged)
Co-Authored-By: claude-flow ruv@ruv.net
Docker Image:
ghcr.io/ruvnet/RuView:2c136aca7456ee5555a21fdcf7176fae38b8cf38