Security Hardening Complete + Cross-Platform WiFi Fix + Sprint 2 Roadmap

[ruvnet]

What shipped this week

Two major PRs merged to main addressing security findings from the quality engineering analysis (#170) and a long-standing Docker/WSL crash:

PR #172 — Security Hardening (ADR-050 Sprint 1)

Fix	Before	After
HMAC authentication	XOR fold (trivially forgeable)	Real HMAC-SHA256 via hmac + sha2 crates
Path traversal	DELETE endpoints passed :id directly to PathBuf::join	file_name() sanitization rejects ../
Network exposure	Server bound to 0.0.0.0	Default 127.0.0.1, configurable via --bind-addr
OTA authentication	Anyone on the network could flash firmware	Bearer PSK auth with constant-time comparison
WASM signatures	Off by default (CONFIG_WASM_VERIFY_SIGNATURE)	On by default (CONFIG_WASM_SKIP_SIGNATURE to opt out)
Security tests	Zero	6 new tests (key sensitivity, bit-flip, wrong-key, enforcing mode)

106/106 Rust tests pass.

PR #173 — Cross-Platform WiFi Collector Factory (ADR-049)

Docker, WSL2, and headless Linux users previously got a hard RuntimeError: Cannot read /proc/net/wireless crash. Now:

• create_collector("auto") auto-detects the platform and never raises
• Falls back to SimulatedCollector with a clear WARNING log
• LinuxWifiCollector.is_available() probes without exceptions
• ws_server.py uses the factory, removing ~30 lines of duplicated platform detection
• 10 new unit tests covering all platform paths

45/45 Python tests pass.

Issues Resolved

• RuntimeError: Cannot read /proc/net/wireless #148 — RuntimeError: Cannot read /proc/net/wireless
• fix: graceful fallback when /proc/net/wireless is missing (ADR-049) #155 — Graceful fallback implementation
• Quality Engineering Analysis: 10-Report Assessment (Security, Performance, Testing, Architecture) #170 — Quality Engineering Analysis (Sprint 1 complete)

---

What is next: Sprint 2 (ADR-051)

Issue #174 tracks the main.rs decomposition:

• 3,765-line god object → 14 focused modules across 6 phases
• Target: no file over 500 lines
• AppStateInner (37 fields) split into domain sub-states
• Criterion benchmarks to back up performance claims

Branch refactor/sprint2-code-quality is ready.

Sprint 1 remaining

• WebSocket/HTTP auth middleware (42 endpoints still unprotected)
• Expanded security tests (CSI injection, beacon replay, auth bypass)

Sprint 3 (future)

• Vital sign accuracy verification with reference signals
• O(n^2) autocorrelation optimization (pending profiling)

---

ADR Index (new)

ADR	Status	Summary
ADR-049	Proposed	Cross-platform WiFi detection + graceful fallback
ADR-050	Accepted	Security hardening response (3 sprints)
ADR-051	Proposed	main.rs decomposition plan (14 modules)

Feedback welcome — especially on the Sprint 2 module boundaries and whether the AppStateInner sub-state split makes sense for your use case.