Integrate WNN telemetry into DSM and implement immediate safety rollback#23
Conversation
- Introduced `WnnTelemetry` struct and hard limits to `DeterministicSafetyMonitor` (`WNN_MAX_CURVATURE_PROXY`, `WNN_MIN_OSCILLATORY_PREFACTOR`). - Implemented `pollWnnAndEnforce` method to evaluate WNN parameters and execute immediate rollback on constraint violation. - Expanded `ITLEntry` structures with `WnnAlertPayload` and `WNN_ALERT` to ensure persistent ledger trace of trigger events via `ITLManager::log_wnn_rollback_event`. - Instantiated `StateSnapshotBuffer` using lock-free `TelemetryRingBuffer` to safely record and non-destructively peek (`try_peek_latest`) the last known safe state. - Wired the WNN limit breach to `execute_rollback_plan` without introducing dynamic memory allocation. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dfbbdaebc0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| inline raps::telemetry::TelemetryRingBuffer<PhysicsState, 64> StateSnapshotBuffer; | ||
|
|
||
| inline void store_state_snapshot_tick(const PhysicsState& state) { | ||
| StateSnapshotBuffer.try_push(state); |
There was a problem hiding this comment.
Because TelemetryRingBuffer::try_push drops writes once (w - r) >= CapacityPow2 and StateSnapshotBuffer is never popped anywhere in the repo (only this push and the rollback peek are referenced), the snapshot store becomes permanently full after 64 calls. In any longer-running mission, a later WNN rollback restores the 64th stored snapshot instead of the latest safe state, so this needs overwrite/eviction semantics or another way to advance the read index.
Useful? React with 👍 / 👎.
| rollback_entry.timestamp_ms = PlatformHAL::now_ms(); | ||
| // Payload for rollback commit (CommandExecutionPayload) | ||
| // we just commit the entry to mark the rollback execution triggered by WNN | ||
| commit(rollback_entry); |
There was a problem hiding this comment.
This helper commits a ROLLBACK_COMMIT before trigger_wnn_immediate_rollback has run, so when rollback_count == 0 or execute_rollback_plan fails, pollWnnAndEnforce returns false but the immutable ledger already contains a successful rollback commit. The reference rollback flow records rollback_commit only after actuator success (reference/python/hlv_governance_reference.py:137-143), so this should be moved after a successful rollback or changed to a pending/failure event.
Useful? React with 👍 / 👎.
| if (wnn_telem.curvature_proxy > DSM_Config::WNN_MAX_CURVATURE_PROXY || | ||
| wnn_telem.oscillatory_prefactor < DSM_Config::WNN_MIN_OSCILLATORY_PREFACTOR) { |
There was a problem hiding this comment.
When either WNN value is NaN (or an otherwise nonsensical non-finite prefactor), these comparisons evaluate false and the DSM takes no action, even though the existing DSM sensor path treats non-finite inputs as a full-shutdown condition. A WNN sensor/calculation fault can therefore bypass the immediate rollback enforcement; validate std::isfinite before threshold checks and fail safe on invalid telemetry.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR adds a WNN-telemetry enforcement path to the Deterministic Safety Monitor (DSM) that logs WNN constraint breaches to the Immutable Telemetry Ledger (ITL) and triggers an “immediate rollback” that attempts to restore the last buffered PhysicsState.
Changes:
- Introduces a global, statically allocated
StateSnapshotBufferand snapshot capture helper, plus a ring-buffertry_peek_latest()API. - Adds DSM WNN constraint thresholds and a new
pollWnnAndEnforce()method that logs and triggers rollback on breach. - Extends ITL schemas/sizing to support a new
WNN_ALERTentry type, and adds a helper to log WNN rollback events.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| src/safety/rollback_store.hpp | Adds a global snapshot ring buffer and snapshot “tick” storage helper. |
| src/raps/rollback_execution.hpp | Adds an immediate WNN rollback helper that executes the latest rollback plan and restores the latest snapshot. |
| src/itl/itl_state_snapshot.hpp | Adds missing include for ITL manager usage. |
| src/itl/itl_payload_sizing.hpp | Adds payload sizing support for the new WNN_ALERT ITL type. |
| include/raps/telemetry/telemetry_ring_buffer.hpp | Adds try_peek_latest() to read the latest buffered item without popping. |
| include/raps/safety/deterministic_safety_monitor.hpp | Adds WNN telemetry thresholds and enforcement method that logs + triggers rollback. |
| include/itl/itl_manager.hpp | Updates include paths and adds log_wnn_rollback_event() helper. |
| include/core/raps_definitions.hpp | Adds WnnAlertPayload and WNN_ALERT enum value to ITL entry definitions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| inline raps::telemetry::TelemetryRingBuffer<PhysicsState, 64> StateSnapshotBuffer; | ||
|
|
||
| inline void store_state_snapshot_tick(const PhysicsState& state) { | ||
| StateSnapshotBuffer.try_push(state); |
| // Peek the latest snapshot without destructive reading | ||
| PhysicsState last_valid_snapshot; | ||
| if (StateSnapshotBuffer.try_peek_latest(last_valid_snapshot)) { | ||
| // Point the active state pointer to the last valid state | ||
| active_state_pointer = last_valid_snapshot; | ||
| } | ||
|
|
| const RollbackPlan& latest_plan = rollback_store[rollback_count - 1]; | ||
|
|
||
| std::string tx_id; | ||
| if (!execute_rollback_plan(latest_plan, tx_id)) { | ||
| return false; | ||
| } |
| bool try_peek_latest(T& out) const noexcept { | ||
| const uint64_t w = _write_idx.load(std::memory_order_acquire); | ||
| const uint64_t r = _read_idx.load(std::memory_order_relaxed); | ||
|
|
||
| if (r == w) return false; | ||
|
|
||
| // The most recent valid write is at w - 1 | ||
| out = _data[(w - 1) & (CapacityPow2 - 1)]; | ||
| return true; | ||
| } |
| // Breach detected! Log to ITL and execute immediate rollback | ||
| itl_manager.log_wnn_rollback_event(wnn_telem.curvature_proxy, wnn_telem.oscillatory_prefactor); | ||
|
|
||
| return trigger_wnn_immediate_rollback( | ||
| rollback_store, | ||
| rollback_count, | ||
| active_state_pointer | ||
| ); |
| inline void ITLManager::log_wnn_rollback_event(double curvature, double prefactor) { | ||
| ITLEntry wnn_entry{}; | ||
| wnn_entry.type = ITLEntry::Type::WNN_ALERT; | ||
| wnn_entry.timestamp_ms = PlatformHAL::now_ms(); | ||
| wnn_entry.payload.wnn_alert.curvature_proxy = curvature; | ||
| wnn_entry.payload.wnn_alert.oscillatory_prefactor = prefactor; | ||
| commit(wnn_entry); | ||
|
|
||
| ITLEntry rollback_entry{}; | ||
| rollback_entry.type = ITLEntry::Type::ROLLBACK_COMMIT; | ||
| rollback_entry.timestamp_ms = PlatformHAL::now_ms(); | ||
| // Payload for rollback commit (CommandExecutionPayload) | ||
| // we just commit the entry to mark the rollback execution triggered by WNN | ||
| commit(rollback_entry); | ||
| } |
| const RollbackPlan* rollback_store, | ||
| uint32_t rollback_count, | ||
| PhysicsState& active_state_pointer | ||
| ) { |
| // Triggers an immediate rollback due to WNN constraints breach | ||
| inline bool trigger_wnn_immediate_rollback( | ||
| const RollbackPlan* rollback_store, | ||
| uint32_t rollback_count, | ||
| PhysicsState& active_state_pointer | ||
| ) { | ||
| if (rollback_count == 0) { | ||
| return false; | ||
| } | ||
|
|
||
| const RollbackPlan& latest_plan = rollback_store[rollback_count - 1]; | ||
|
|
||
| std::string tx_id; | ||
| if (!execute_rollback_plan(latest_plan, tx_id)) { | ||
| return false; | ||
| } | ||
|
|
||
| // Peek the latest snapshot without destructive reading | ||
| PhysicsState last_valid_snapshot; | ||
| if (StateSnapshotBuffer.try_peek_latest(last_valid_snapshot)) { | ||
| // Point the active state pointer to the last valid state | ||
| active_state_pointer = last_valid_snapshot; | ||
| } | ||
|
|
||
| return true; | ||
| } |
This PR integrates the Wave-Native Network (WNN) telemetry layer into the Recursive Autonomous Projection System (RAPS). It feeds curvature proxies and oscillatory prefactors into the Deterministic Safety Monitor (DSM), which strictly enforces these parameters. If any threshold is breached, the DSM directly triggers an immediate return to the last known safe state (via the new statically allocated
StateSnapshotBufferusingTelemetryRingBuffer) without dynamic memory allocation, and logs the event to the Immutable Telemetry Ledger.PR created automatically by Jules for task 2662924972226960742 started by @dfeen87