ContextQMD
Back to Ruflo

ruflo-iot-cognitum

plugins/ruflo-iot-cognitum/README.md

3.6.307.0 KB
Original Source

ruflo-iot-cognitum

IoT device lifecycle, telemetry anomaly detection, fleet management, and witness chain verification for Cognitum Seed hardware.

Hardware

This plugin requires a Cognitum Seed device. Get one at https://cognitum.one — the Seed is an edge appliance with on-device vector store, Ed25519 identity, OTA firmware, mesh networking, and a witness chain. Default address when attached via USB-C is http://169.254.42.1 (link-local, no auth) or https://169.254.42.1:8443 (LAN, bearer auth required for state-mutating operations).

Overview

Treats every Cognitum Seed device as a Ruflo agent with hardware capabilities. Devices progress through a 5-tier trust model, emit telemetry vectors for anomaly detection, participate in mesh networks, and maintain Ed25519 witness chains for provenance.

Backed by @claude-flow/plugin-iot-cognitum (239 tests, 32 source files).

Installation

bash
claude --plugin-dir plugins/ruflo-iot-cognitum

Agents

AgentModelRole
device-coordinatorsonnetDevice lifecycle, 5-tier trust scoring, mesh coordination
telemetry-analyzersonnetZ-score anomaly detection, SONA learning, AgentDB persistence
fleet-managersonnetFleet CRUD, firmware rollout state machine, fleet policies
witness-auditorhaikuWitness chain epoch verification, gap detection

Skills

SkillUsageDescription
iot-register/iot-register <endpoint>Register a Seed device
iot-fleet/iot-fleet <create|list|add|remove|delete>Fleet management
iot-anomalies/iot-anomalies <device-id>Detect telemetry anomalies
iot-firmware/iot-firmware <deploy|advance|rollback|status|list>Firmware rollouts
iot-witness-verify/iot-witness-verify <device-id>Verify witness chain integrity

Commands (25 subcommands)

bash
# Device lifecycle
# `endpoint` defaults to http://169.254.42.1/ (the Seed link-local USB Ethernet address)
iot register [endpoint] [--token TOKEN]
iot list
iot status <device-id>
iot pair <device-id>
iot unpair <device-id>
iot remove <device-id>

# Telemetry
iot ingest <device-id>
iot baseline <device-id> [--compute]
iot anomalies <device-id>
iot query <device-id> --vector "[1,2,3]" --k 10

# Fleet management
iot fleet create --name "my-fleet"
iot fleet list
iot fleet add <fleet-id> <device-id>
iot fleet remove <fleet-id> <device-id>
iot fleet delete <fleet-id>

# Firmware rollouts
iot firmware deploy <fleet-id> --version "2.0.0"
iot firmware advance <rollout-id>
iot firmware rollback <rollout-id>
iot firmware status <rollout-id>
iot firmware list

# Mesh & witness
iot mesh <device-id>
iot witness <device-id>
iot witness verify <device-id>
iot health <device-id>
iot trust <device-id>

Trust Model (5 Tiers)

LevelNameScore RangeCapabilities
0UNKNOWN0.0–0.19Discovery only
1REGISTERED0.2–0.39Status, identity queries
2PROVISIONED0.4–0.59Telemetry ingest, vector store
3CERTIFIED0.6–0.79Mesh participation, firmware deploy
4FLEET_TRUSTED0.8–1.0Full fleet operations, witness signing

Trust Score Formula:

0.3×pairingIntegrity + 0.15×firmwareCurrency + 0.2×uptimeStability
+ 0.15×witnessIntegrity + 0.1×anomalyHistory + 0.1×meshParticipation

Anomaly Detection

Z-score composite scoring: min(1, meanZ/3)

TypeDetection RuleTypical Cause
spikemaxZ > 5Sudden sensor failure
flatlineall zero + low ZSensor disconnected
drift1-2 dimensions high ZGradual calibration loss
oscillationalternating high/lowFeedback loop
pattern-breakmoderate Z, multiple dimsEnvironmental change
cluster-outlier>50% dimensions high ZMulti-sensor failure

Firmware Rollout State Machine

pending → canary → rolling → complete
                ↘ rolled-back ↙
  • canary: Deploy to ceil(deviceCount × canaryPercentage/100) devices
  • rolling: If canary anomaly score < rollback threshold, deploy to remaining
  • rolled-back: Force rollback triggered by anomaly threshold breach

Background Workers

WorkerIntervalEvent
HealthProbeWorker30siot:device-offline
TelemetryIngestWorker60s
AnomalyScanWorker120siot:anomaly-detected
MeshSyncWorker120siot:mesh-partition
FirmwareWatchWorker300siot:firmware-mismatch
WitnessAuditWorker600siot:witness-gap

Integrations

  • AgentDB HNSW: Telemetry vectors stored in iot-telemetry namespace with HNSW indexing (M=16, efConstruction=200)
  • SONA Neural: Anomaly patterns fed to SONA for cross-device correlation and predictive maintenance
  • Cognitum SDK: @cognitum-one/sdk/seed SeedClient with 12 typed endpoints

Compatibility

  • CLI: pinned to @claude-flow/cli v3.6 major+minor.
  • Hardware: requires Cognitum Seed device. SDK: @cognitum-one/sdk/seed.
  • Verification: bash plugins/ruflo-iot-cognitum/scripts/smoke.sh is the contract.

Namespace coordination

This plugin owns five AgentDB namespaces, all compliant with the ruflo-agentdb ADR-0001 §"Namespace convention" (<plugin-stem>-<intent> kebab-case):

NamespacePurpose
iot-devicesDevice trust history per Cognitum Seed
iot-telemetryTelemetry vectors (HNSW: M=16, efConstruction=200)
iot-telemetry-anomaliesDetected anomalies tagged by type + remedial action
iot-anomaliesSkill-level anomaly index (alias of above)
iot-auditWitness-chain gap records

Reserved namespaces (pattern, claude-memories, default) MUST NOT be shadowed.

Trust model parallel with federation

This plugin's 5-tier device trust model (UNKNOWN → REGISTERED → PROVISIONED → CERTIFIED → FLEET_TRUSTED) follows the same shape as the ruflo-federation 5-tier trust model (UNTRUSTED → VERIFIED → ATTESTED → TRUSTED → PRIVILEGED). Different surface (IoT devices vs federation peers) and distinct naming, but the score-driven progression and capability-gating principle are the same.

Verification

bash
bash plugins/ruflo-iot-cognitum/scripts/smoke.sh
# Expected: "12 passed, 0 failed"

Architecture Decisions

  • ruflo-agentdb — HNSW-indexed telemetry storage backend; namespace convention owner
  • ruflo-federation — 5-tier trust model parallel (different surface, distinct naming, same shape)
  • ruflo-intelligence — SONA neural pattern learning
  • ruflo-observability — Telemetry correlation and tracing

License

MIT