Skip to content

Harden WNN DSM enforcement#25

Merged
dfeen87 merged 1 commit into
mainfrom
codex/code-review-and-harden-codebase-for-wnn-dsm
May 7, 2026
Merged

Harden WNN DSM enforcement#25
dfeen87 merged 1 commit into
mainfrom
codex/code-review-and-harden-codebase-for-wnn-dsm

Conversation

@dfeen87
Copy link
Copy Markdown
Owner

@dfeen87 dfeen87 commented May 7, 2026

Motivation

  • Ensure the Deterministic Safety Monitor (DSM) fully enforces WNN-derived safety constraints and fails closed on invalid telemetry.
  • Make WNN-triggered rollbacks auditable and robust by durably logging events to the Immutable Telemetry Ledger (ITL) and hardening rollback execution checks.

Description

  • Strengthened DSM WNN handling by extending WnnTelemetry with defaults and a timestamp_ms, adding an upper oscillatory-prefactor guard (WNN_MAX_OSCILLATORY_PREFACTOR), and rejecting non-finite or negative telemetry values.
  • Made threshold checks inclusive and conservative by treating boundary values as breaches and by recording last_estimated_Rmax_, and made DSM fail closed when curvature estimates are non-finite.
  • Wire WNN enforcement to durable logging: implemented an ITLManager lifecycle (payload sizing, entry hashing, flash-backed commit, Merkle batching via process_merkle_batch, flush_pending) and changed log_wnn_rollback_event to return success/failure of ledger commits.
  • Hardened rollback execution: execute_rollback_plan now rejects non-finite thrust/gimbal values and negative thrust, and trigger_wnn_immediate_rollback validates rollback_count bounds and rollback_store before indexing and emits metrics when rollbacks are rejected or executed.
  • Added/updated SIL tests and CMake registration: new tests/sil/test_dsm_wnn.cpp covering nominal WNN behavior, boundary-triggered rollback, invalid telemetry fail-closed behavior, and reversed-dilation shutdown; expanded tests/sil/test_rollback_execution.cpp to cover non-finite thrust and out-of-range rollback count; updated tests/sil/CMakeLists.txt to add the new test target.

Testing

  • Built the SIL test tree with cmake -S tests/sil -B build/sil and cmake --build build/sil -j2 which produced the test executables.
  • Ran the SIL test suite with ctest --test-dir build/sil --output-on-failure and observed all tests pass.
  • Test summary: the SIL test set (including the new DSM WNN tests and updated rollback tests) passed with 0 failures.

Codex Task

Copilot AI review requested due to automatic review settings May 7, 2026 11:55
@dfeen87 dfeen87 merged commit f0ebbfe into main May 7, 2026
3 checks passed
@dfeen87 dfeen87 deleted the codex/code-review-and-harden-codebase-for-wnn-dsm branch May 7, 2026 11:55
@dfeen87 dfeen87 review requested due to automatic review settings May 7, 2026 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dfeen87