Visual SNN Design Studio¶
Status: Development preview — functional but under active development. API and UI may change between releases until the v4.0 stable API freeze.
The Visual SNN Design Studio is a web-based IDE for the complete spiking neural network lifecycle: design neuron models, build networks, train with surrogate gradients, compile to SystemVerilog, and synthesise to FPGA — all from a single browser tab.
First-Time Onboarding¶
On first visit, an 8-step guided tour introduces the key features: model browser, ODE mode, analysis views, FPGA pipeline, network canvas, training monitor, and keyboard shortcuts. The tour is dismissable and won't appear again (stored in localStorage).
Guided Flow¶
The left panel shows a guided default flow over the seven lifecycle steps —
design, simulate, analyse, train (optional), compile, synthesise, export
evidence — so the Studio reads as a sequence rather than a loose set of panels.
Each step derives its status from the evidence already produced: done when the
step's result exists (training also counts as done when explicitly skipped),
next for the earliest actionable step, ready for a later actionable step,
and blocked with a concrete reason when a prerequisite is missing or the
step's capability is unavailable in the capability registry. The panel reports a
completed/total count and never invents marketing or tutorial copy — it
reflects only the live store and capability state.
Operator Workbench¶
The first left-panel section is the operator workbench. It aggregates the live
workspace, selected design source, simulation run state, evidence health,
hardware path readiness, and evidence export state into six compact cards. The
cards reuse existing Studio state and /api/studio/operator/status; they do not
introduce a separate readiness authority. Actions route operators to the real
project, simulation, admin, compiler, synthesis, and evidence-bundle surfaces.
The workbench keeps the first screen operational:
- Workspace reports whether the current project is saved, plus the loaded server-project and local-session counts.
- Design source reports model or ODE mode and the loaded catalogue count.
- Simulation reports active progress or the latest path-free
studio.simulation-run.v1state. - Evidence health reports audit and capability posture from operator status without local paths or secrets.
- Hardware path reports compile and synthesis readiness from the guided flow and existing traceability/provenance state.
- Export targets the deepest available scoped evidence bundle: synthesis when a synthesis job exists, compile when compile traceability exists, and project evidence after the project is saved. When that scoped bundle already exists, the action opens the owning surface for artifact download instead of creating a duplicate bundle.
The next left-panel section is the Studio readiness panel. It derives from the
same /api/studio/operator/status payload and turns deployment profile, route
policy enforcement, identity mode, audit persistence, job-root configuration,
runtime ceilings, and capability health into explicit ready, warning, or
blocked rows. The panel is intentionally a UI projection rather than a second
preflight authority: promotion still uses sc-neurocore studio-preflight, while
the browser shows the same gaps early enough for a local operator to act on
them. The Admin Operator section renders the same readiness rows beside the raw
operator metrics.
Model Browser¶
Browse built-in neuron models by category, search by name, and run the model
scan workflow to classify firing patterns across the catalogue. The scan uses
the configured constant-current and duration pair as evidence input, caches
results by that pair only, and returns a path-free studio.model-scan.v1
metadata object. Because this preview scan still runs synchronously, the route
projects one simulation per catalogue model against the configured Studio
analysis budget before any scan work starts. After scanning, the browser shows
the evidence class, terminal status, model count, and shortened input/result
digests beside the pattern filters.
Launch¶
pip install sc-neurocore[studio]
sc-neurocore studio # http://127.0.0.1:8001
sc-neurocore studio --port 9000 # custom port
For development (hot reload):
# Terminal 1: backend
py -3.12 -c "from sc_neurocore.studio.app import create_app; import uvicorn; uvicorn.run(create_app(), host='127.0.0.1', port=8001)"
# Terminal 2: frontend (Vite dev server with HMR)
cd studio/frontend && npm run dev # http://localhost:5173
Architecture¶
┌──────────────────────────────────────────────────────────────────┐
│ Visual SNN Design Studio │
├──────────┬──────────┬──────────┬──────────┬──────────────────────┤
│ Equation │ Network │ Training │ Compiler │ Synthesis │
│ Editor │ Canvas │ Monitor │ Inspector│ Dashboard │
├──────────┴──────────┴──────────┴──────────┴──────────────────────┤
│ React + TypeScript + Zustand + React Flow │
├──────────────────────────────────────────────────────────────────┤
│ FastAPI Backend (Python) │
├──────────┬──────────┬──────────┬──────────┬──────────────────────┤
│ 118 │ PyTorch │ equation │ Yosys │ Project │
│ neurons │ training │ compiler │ nextpnr │ save/load │
├──────────┴──────────┴──────────┴──────────┴──────────────────────┤
│ SC-NeuroCore Python + Rust Engine │
└──────────────────────────────────────────────────────────────────┘
Platform Contracts¶
The backend exposes typed platform contracts before UI panels call into runtime features:
CapabilityRegistrylists Studio capabilities, user-visible status, requirement health, evidence class, UI placement, and documentation path./api/studio/capabilitiesand/api/studio/capabilities/{capability_id}return non-secret capability health payloads for the frontend shell.- The frontend shell loads the capability registry during startup, surfaces aggregate capability health in the header, lists each capability with status, evidence, missing requirements, and documentation links, and disables registered panels and matching toolbar/keyboard activation paths when backend or external-tool requirements are unavailable.
- The default registry covers the stateful Studio panel families: simulation workbench, analysis suite, compiler inspector, synthesis dashboard, training monitor, network canvas, project workspace, and export tools. Missing registry entries fail closed in the frontend shell.
PolicyGatewayis the fail-closed route authorization contract used for protected Studio API surfaces. Public routes may run without a principal; authenticated and admin routes require an explicit policy and emit audit decisions.- Runtime route-policy enforcement is opt-in for the development preview via
SC_NEUROCORE_STUDIO_ENFORCE_ROUTE_POLICIES=true. When enabled, protected HTTP routes and/ws/progressrequire an authenticated principal. Development builds may still useX-Studio-Principalplus comma-separatedX-Studio-Roles; production deployments should setSC_NEUROCORE_STUDIO_ALLOW_HEADER_PRINCIPAL=false. - Durable service-account identity is configured with
SC_NEUROCORE_STUDIO_IDENTITY_FILE. The file usessc-neurocore.studio.identity.v1, stores SHA-256 bearer-token hashes rather than raw tokens, grants explicit roles, and can include UTC expiry timestamps. Requests authenticate withAuthorization: Bearer <token>; invalid, disabled, or expired tokens fail closed and emit distinct audit reasons. - The same identity file can include persistent
browser_userswith PBKDF2-HMAC-SHA256 password verifiers, explicit roles, active state, and optional UTC expiry timestamps. Browser users authenticate throughPOST /api/studio/auth/login, which returns an expiring bearer token forAuthorization: Bearer <token>requests. Studio does not set browser auth cookies in this mode, so cookie CSRF tokens are not part of the current contract; deployments should protect the browser against script injection and transport the bearer token only over HTTPS or loopback-local channels. - Browser bearer sessions are server-side and expire after
SC_NEUROCORE_STUDIO_BROWSER_SESSION_TTL_SECONDS, defaulting to 12 hours./api/studio/auth/sessionreturns the current principal without token material, andPOST /api/studio/auth/logoutrevokes the presented session. - Browser login attempts are guarded by an in-memory, per-username lockout
policy. Defaults allow five invalid password attempts within five minutes
and then return
429 browser_login_throttledwith aRetry-Afterheader for a 15-minute cooldown. Tune the policy withSC_NEUROCORE_STUDIO_BROWSER_LOGIN_MAX_FAILURES,SC_NEUROCORE_STUDIO_BROWSER_LOGIN_FAILURE_WINDOW_SECONDS, andSC_NEUROCORE_STUDIO_BROWSER_LOGIN_COOLDOWN_SECONDS. Throttle denials emitstudio.auth.loginaudit rows without password material. The Admin panel Operator section reports the active lockout threshold, failure window, cooldown, active throttle-bucket count, locked-bucket count, and maximum retry interval from/api/studio/operator/statuswithout exposing usernames or password material. - First-deployment service-account identity files are created offline with
sc-neurocore studio-bootstrap-admin --identity-file <path>. The command writes only the SHA-256 token hash to disk, returns the bearer token once to the operator, refuses to overwrite existing files unless--allow-overwriteis supplied, and applies owner-only file permissions where the host platform supports POSIX modes. - Persistent browser users are added offline with
sc-neurocore studio-add-browser-user --identity-file <path> --username <name> --principal-id <principal> --role <role> --password-stdin. The command reads the password from standard input, writes only the PBKDF2-HMAC-SHA256 verifier to the same identity file, preserves existing service accounts, and returns a password-free JSON summary. /api/studio/identity/service-accountsreturns an admin-only, token-free service-account inventory for the configured persistent identity file./api/studio/identity/service-accounts/{principal_id}returns one account, andPATCH /api/studio/identity/service-accounts/{principal_id}updates roles, active state, and optional UTC expiry while preserving the stored bearer-token hash. The backend reloads the identity authenticator after a successful update, so role changes apply without a Studio restart. Updates fail with409if they would remove the final active unexpiredstudio.adminprincipal.- The Admin panel includes an Identity section backed by the same endpoints.
It displays principal IDs, active state, expiry, and role lists without
exposing token hashes or local identity-file paths. Role changes emit both
the route-policy audit decision and a dedicated
studio.identity.service_account.updateaudit event. - The Admin panel Audit section summarises exported
studio.auth.*browser authentication rows andstudio.identity.*lifecycle rows separately. It shows total, allowed, denied, and latest action labels for each class so login/session/logout activity and account/password-rotation activity can be checked without exposing secret material. /api/studio/identity/browser-usersreturns an admin-only, password-free browser-user inventory for the same identity file. The payload includes usernames, principal IDs, roles, active state, and expiry only.POST /api/studio/identity/browser-userscreates a new browser user, stores only a PBKDF2-HMAC-SHA256 verifier for the supplied password, reloads authentication immediately, and emitsstudio.identity.browser_user.createwithout password material. Duplicate usernames fail closed with409./api/studio/identity/browser-users/{username}returns one password-free browser-user record, andPATCH /api/studio/identity/browser-users/{username}updates roles, active state, and optional UTC expiry while preserving the stored password verifier. The backend reloads the identity authenticator after a successful update, so disabling a browser user or changing roles applies without a Studio restart. The same last-admin guard prevents browser-user changes that would remove the final active admin path. The Admin panel exposes create, lifecycle, and secret-rotation controls without returning password verifier material.- Admins rotate a browser user's password with
POST /api/studio/identity/browser-users/{username}/password. The request writes a fresh PBKDF2-HMAC-SHA256 verifier, preserves password-free user metadata, reloads authentication immediately, clears that user's login throttle bucket, revokes active browser sessions for the user's principal, and emitsstudio.identity.browser_user.password.rotatewithout password material. The Admin panel exposes this as a per-user secret-rotation control. - Policy decisions can be persisted to an append-only JSONL audit log by
setting
SC_NEUROCORE_STUDIO_AUDIT_LOG_PATHto a writable file path. Eachstudio.audit.v1line records the UTC timestamp, policy action, route template, principal identifier when present, request correlation ID when available, allow/deny decision, decision reason, previous event hash, and a SHA-256 event hash over the canonical row content. - If a protected route cannot append its required audit event, Studio returns
503 audit_append_failedinstead of executing the operation without audit evidence./api/studio/audit/statusreports a path-free audit sink status for operator dashboards. /api/studio/audit/exportreturns a bounded, path-free JSON export of recent persisted audit events. The route is classified as admin-only by the Studio policy registry and records its own audit decision when policy enforcement is enabled./api/studio/jobs/statusreports path-free local worker health for operator dashboards. Deployments can setSC_NEUROCORE_STUDIO_JOB_ROOTfor persistent per-job working directories andSC_NEUROCORE_STUDIO_JOB_TIMEOUT_SECONDSfor the default cooperative timeout. SetSC_NEUROCORE_STUDIO_JOB_MAX_ARTIFACT_BYTESto cap each worker artifact. External EDA child processes also receive host-supported CPU and memory ceilings fromSC_NEUROCORE_STUDIO_EDA_PROCESS_CPU_SECONDSandSC_NEUROCORE_STUDIO_EDA_PROCESS_MEMORY_BYTES. The local worker manager tracks allowed job kinds, active/completed/failed/timed-out counts, aggregate thread/process execution-model counts, and one resource profile per allowed job kind. Each profile records default timeout, per-artifact size ceiling, and supported execution models without exposing host filesystem paths. Job list and detail payloads also label each job asthreadorprocess, allowing operators to verify isolation coverage without reading local worker directories.- Synchronous analysis endpoints (simulation, f-I curve, bifurcation,
sensitivity, frequency response, heatmap, nullclines, precision,
characterisation, multi-simulate, compare) run inside the request worker. A fail-closed
synchronous analysis budget projects each request's integration cost
(
simulation_count * ceil(duration / dt)for simulation-backed routes, or nullcline grid points for/api/nullclines) and rejects an over-budget request with HTTP 422 before any work runs, keeping the worker responsive. The budget has three ceilings, configurable throughSC_NEUROCORE_STUDIO_MAX_SYNC_ANALYSIS_STEPS_PER_SIMULATION,SC_NEUROCORE_STUDIO_MAX_SYNC_ANALYSIS_TOTAL_STEPS, andSC_NEUROCORE_STUDIO_MAX_SYNC_ANALYSIS_SIMULATIONS. The 422 detail is path-free and reports the violatedlimit, theprojectedcost, and theallowedceiling so callers can shorten the duration, coarsen the timestep, or reduce the sweep, grid, or parameter count. A non-positive timestep is rejected with the same contract instead of failing deeper in the engine. The operator statusresource_limitspayload echoes the three ceilings. /api/training/startnow uses the process-backed local worker manager for bounded training execution, while/api/training/stop,/api/training/status/{job_id}, and/api/training/stream/{job_id}keep the parent-process control and observation surface for the Training Monitor. Process workers append liveconfig,epoch, and terminal rows totraining/events.jsonl; the parent SSE stream tails that path-confined event log before it is declared as a terminal artifact. Terminal training jobs also writetraining/status.jsonandtraining/evidence.json; the evidence manifest usesstudio.action-evidence.v1and records terminal status, action kind, replay route, job ID, evidence classification, status payload SHA-256, and status artifact metadata without local paths or secret material. Once the verified evidence artifact is declared by the worker record,/api/training/status/{job_id}includes a path-freestudio.training.evidence-summary.v1operator summary with the action kind, classification, replay route, evidence artifact digest, and result artifact metadata./api/training/checkpoint/{job_id}exports a portablestudio.training.checkpoint.v1JSON checkpoint for the selected Training Monitor job. Export and import validate embeddedstudio.training.evidence-summary.v1metadata as verifiedtrainingevidence before digesting or accepting a checkpoint./api/training/checkpoint/importvalidates checkpoint and config digests before returning the restored training config. The Training Monitor UI exposes matching import/export controls. Completed worker-backed training jobs also publishtraining/model_state.ptplustraining/model_state.jsonmetadata usingstudio.training.weight-checkpoint.v1; checkpoint JSON may reference that metadata, while raw tensors remain behind authenticated job artifact downloads./api/compile,/api/synth/run,/api/synth/multi-target,/api/synth/pnr, and/api/pipeline/runexecute through the same bounded local worker manager while preserving their synchronous response payloads. The Admin queue recordsstudio-compiler,studio-synthesis,studio-pnr, andstudio-pipelineowners with path-free result artifacts undercompiler/,synthesis/, andpipeline/./api/compileresponses includestudio.compile-traceability.v1metadata with the source equation payload, RTL module metadata, source and RTL SHA-256 digests,evidence_classification: "compile", and completed terminal status without host-local paths. Compile traceability validates that class and status through the shared Studio evidence-classification contract before returning public metadata./api/compare,/api/fi-curve,/api/bifurcation,/api/sensitivity,/api/heatmap,/api/freq-response,/api/precision,/api/nullclines, and/api/characterizeresponses includestudio.analysis-result.v1metadata with the analysis type, evidence classification, terminal status, source, input and result SHA-256 digests, and output keys without host-local paths./api/multi-simulateattachesstudio.simulation-run.v1metadata to each overlaid result, matching/api/simulate. Studio plot panels surface those class/source/status/digest labels beside analysis views, and the trace view surfaces the same labels fromstudio.simulation-run.v1metadata. Simulation, analysis, synthesis provenance, and Training Monitor evidence serializers validate their evidence class and terminal status through the shared Studio evidence-classification contract before returning public metadata, so malformed workflow metadata fails closed before export./api/models/scanreturns astudio.model-scan.v1envelope. The payload contains classified model behaviours plus scan metadata with the configured current, duration, model count, pattern counts,analysisevidence classification, completed terminal status, and input/result SHA-256 digests. The route is bounded by the same synchronous analysis budget as sweeps, using the current catalogue size as the projected simulation count. The Model Browser renders those labels after a scan completes, so the operator can distinguish a cached scan from an unclassified model list.- Those worker-backed compile, synthesis, PnR, and pipeline routes also write
studio.action-evidence.v1manifests beside the result artifacts. These manifests record action kind, replay route, job ID, evidence classification, result payload SHA-256, and result artifact metadata without local paths or secret material. The writer validates controlled action classes, terminal statuses, and replay routes, and rejects non-portable result JSON before hashing. Evidence bundle export validates selected job evidence artifacts (evidence.jsonand*-evidence.json) against this contract and marks them asaction_evidenceentries in the bundle manifest. - Studio evidence classifications are a shared backend contract, not free-form
labels. Current accepted classes are
analysis,compile,default_flow,local_regression,project_workspace,release_benchmark,simulation,synthesis, andtraining. Terminal evidence statuses arecompleted,failed,cancelled, andtimed_out. Bundle writers, action-evidence writers, and manifest validators reject unknown classes or non-terminal statuses before persisting evidence. Evidence bundle summaries include the known classification and terminal-status vocabularies for Admin/UI consumers, so client code can render available classes without hard-coded duplicate lists. /api/studio/jobsand/api/studio/jobs/{job_id}return admin-only, path-free job records for the Admin panel queue view. Records include job status, owner, request ID, timestamps, result metadata, and artifact manifests, but never host filesystem paths. The Admin queue view surfaces the declared artifact paths, counts evidence manifest artifacts (evidence.jsonand*-evidence.json), and lets an operator add a job ID directly to the evidence bundle export form./api/studio/jobs/{job_id}/artifacts/{artifact_path}downloads declared job artifacts for administrators. The server resolves artifacts through the job manifest only, revalidates size and SHA-256 before serving, and returns generic errors if the artifact is missing or fails integrity checks./api/training/checkpoint/importreturns a path-freestudio.training.weight-restore-plan.v1object when an imported checkpoint carries validated Training Monitor weight metadata. The plan points clients to the authenticated job artifact route and preserves the expected artifact hashes instead of moving raw model weights through checkpoint JSON./api/studio/training/weight-restoreis an admin-only endpoint that rebuilds the canonical restore plan from a completed training job's stored checkpoint metadata, fetches the integrity-checked weight and metadata artifacts, and runs the untrusted PyTorch deserialization inside a boundedstudio-training-restoreworker job. The worker loads the weights through aweights_only=Truestate-dictionary loader and writes a path-freestudio.training.weight-restore.v1evidence artifact holding only the verified digests, parameter count, and loaded-key total; the tensors never reach the API response./api/studio/training/weight-restore/attachis an admin-only endpoint that warm-starts a new bounded training job seeded with the verified weights of a completed source job. The integrity-checked weight artifacts are delivered to the worker as confined seed inputs through the reserved seed-input channel, and a strictload_state_dictat the epoch-zero checkpoint boundary fails closed on an architecture mismatch before training begins. The worker writes a path-freestudio.training.weight-restore-attach.v1evidence artifact recording the verified digests, resolved target architecture, and the architecture fingerprint that gated compatibility./api/studio/training/weight-restore/attach/liveis an admin-only endpoint that delivers the verified weights of a completed source job to a running target training job through the confined control channel — a reserved control directory in the job sandbox that the worker polls at each epoch boundary. The worker verifies and loads the weights with a strictload_state_dictat the next boundary and writes astudio.training.weight-restore-attach.v1(mode: live) evidence artifact. An incompatible or malformed attach is rejected without interrupting the running job, so a bad live attach can never crash an in-flight training run./api/studio/evidence/bundlecreates an admin-only evidence export as a boundedstudio-evidenceworker job. The request can name one saved project, selectedstudio.simulation-run.v1simulation responses, selectedstudio.analysis-result.v1analysis responses, selectedstudio.model-scan.v1model-scan responses classified as analysis evidence, selected default-flow run and attestation responses classified asdefault_flowevidence, selected job IDs, bounded audit export length, and command replay metadata. The resultingstudio.evidence-bundle.v1manifest, validatedproject_workspaceproject payload, simulation result payloads, analysis result payloads, model-scan result payloads, default-flow run/attestation payloads, job records, copied verified job artifacts, audit excerpt, and replay metadata are all written as job artifacts underevidence/. Simulation payloads are stored underevidence/simulations/; analysis payloads are stored underevidence/analyses/; model-scan payloads are stored underevidence/model-scans/; weight-restore payloads classified as training evidence are stored underevidence/training-weight-restores/; weight-restore attach payloads are stored underevidence/training-weight-restore-attaches/; default-flow payloads are stored underevidence/default-flows/. Selected job action-evidence artifacts are copied underevidence/jobs/{job_id}/artifacts/and classified asaction_evidenceonly afterstudio.action-evidence.v1validation. The response and manifest are path-free and omit bearer tokens, token hashes, password material, and local filesystem paths. Both surfaces include a summary with artifact-path count, manifest-entry count, entry-type counts, evidence classification counts for validated project-workspace, simulation, analysis, and action-evidence entries, and selected source-job counts by kind and owner.- The Admin panel surfaces that evidence route as an operator workflow with project, simulation JSON, analysis JSON, default-flow run JSON, default-flow attestation JSON, job ID, audit, and replay metadata fields. Operators can seed the job ID field from recent job rows, using the displayed artifact and evidence-manifest counts before exporting. After export it refreshes the job queue and displays the bundle ID, evidence job ID, artifact count, manifest entry count, entry-type summary, evidence-class summary, and selected source-job summary. The panel also lists manifest entries with entry type, evidence classification, source, and artifact or replay detail before the downloadable file rows. Bundle artifact rows show path, size, and SHA-256 labels and download through the authenticated job artifact endpoint, so bearer-session operators do not need unauthenticated direct links.
- New backend workflows can use
StudioJobManager.submit_process_task(...)for process-backed execution. The task is an importablemodule:functionthat receives aStudioJobContextplus a JSON payload and returns a JSON result. It shares the same artifact manifest contract as thread-backed jobs, while timeout and cancellation terminate the worker process./api/training/start,/api/compile,/api/synth/run,/api/synth/multi-target,/api/synth/pnr, and/api/pipeline/runuse this path for training, ODE-to-RTL compilation, synthesis, PnR, target comparison, and graph-to-synthesis execution while preserving their response contracts, writing the samestudio.action-evidence.v1artifacts, and reportingexecution_model: "process"in job rows. Existing Studio route closures remain compatible with the thread-backed path during migration. /api/studio/operator/statusis an admin-classified aggregate for the Studio control plane. It combines deployment profile, route-policy enforcement, route inventory counts, protected-route audit coverage, identity mode, audit health, job-worker health, job resource profiles, browser-login lockout aggregates, and capability counts into one path-free payload for the Admin panel. It also reports path-free worker and EDA process resource ceilings so operators can verify runtime bounds without reading environment files.- The browser readiness panel derives its promotion rows from the same
operator-status payload. It highlights disabled route-policy enforcement,
header-principal fallback, memory-only audit sinks, missing job roots,
incomplete runtime ceilings, unhealthy jobs, and unavailable capabilities as
visible operator actions, but it does not replace the fail-closed
studio-preflightgate used for deployment promotion. - Deployments can set
SC_NEUROCORE_STUDIO_AUDIT_ROTATION_BYTESto rotate the active JSONL audit file before the next append once it reaches the configured byte limit.SC_NEUROCORE_STUDIO_AUDIT_RETAINED_FILEScontrols how many rotated files are retained; the default is5. - Audit status performs path-free storage preflight checks and reports stable
operator error codes such as
AuditPathIsDirectoryandAuditParentIsNotDirectoryinstead of exposing local filesystem paths. RoutePolicyRegistryrecords the expected policy for each platform API route and lets startup or test code detect unclassified Studio endpoints before they become accidental public surfaces. The default registry classifies the current/api/*and/ws/*Studio surface, including stateful simulation, training, project, synthesis, and WebSocket progress routes. The progress WebSocket usesAuthorization: Bearer <token>for non-browser clients and thestudio-auth, studio-bearer.<token>WebSocket subprotocol pair for the browser frontend when route-policy enforcement is enabled.StudioRuntimeSettingsowns deployment-sensitive backend settings. CORS defaults are loopback-only for the packaged backend and Vite development server; production deployments must setSC_NEUROCORE_STUDIO_CORS_ORIGINSto a comma-separated allow-list instead of using wildcard origins.SC_NEUROCORE_STUDIO_DEPLOYMENT_PROFILE=productionis a fail-closed profile: route-policy enforcement must be enabled, development header principals must be disabled, identity, audit log, and job-root paths must be configured, and EDA process CPU and memory ceilings must be set before the backend can start. Both thelabandserverdeployment-profile packages provide bounded EDA ceilings;localdevelopment keeps the bounded defaults.sc-neurocore studio-deployment-profile --studio-profile local|lab|serveremits astudio.deployment-profile.v1package for the supported operating contexts.localis loopback-only development use.labandserverare production-profile packages with route-policy enforcement, disabled header principals, durable identity/audit/job-root placeholders, explicit host and origin allow-lists, preflight command, launch command, saved project workspace, and backup items. The command can emit JSON or shellexportlines and does not include secrets, token hashes, password material, or host-local paths.sc-neurocore studio-backup-planemits astudio.backup-plan.v1backup and restore manifest for identity, audit, job, and saved-project state. Default output is path-free and suitable for deployment logs; use--include-local-pathsonly for internal host-local handoffs.sc-neurocore studio-preflightruns the Studio release-readiness gate from the current environment and emits astudio.preflight.v1JSON report. The report exits non-zero on any failed check and verifies runtime settings, route-policy enforcement, disabled header-principal fallback, required admin route policies, at least one active unexpiredstudio.adminidentity, audit-log readiness, job-root readiness, and bounded EDA process and job artifact resource limits. Theresource_limitscheck surfaces the configured EDA CPU and memory ceilings and the per-job artifact byte limit; it reports a non-blockingwarnstatus when the ceilings cannot be enforced on the host (non-POSIX) rather than failing the gate. The required admin route set covers identity list/detail/update, browser-user create/update, and password rotation routes, job record and artifact access, and evidence bundle export in addition to operator/audit/synthesis checks. Its payload contains stable check IDs, booleans, counts, and path-free remediation steps; it does not expose local paths, bearer tokens, token hashes, passwords, or password verifiers.- Studio rejects requests whose
Hostheader is outside the configured allow-list. Packaged defaults accept only loopback hosts; deployments setSC_NEUROCORE_STUDIO_ALLOWED_HOSTSto a comma-separated host allow-list and wildcard hosts are rejected. - Studio rejects HTTP requests with a declared body larger than the configured
limit before route handlers run. The default is 1 MiB; deployments can set
SC_NEUROCORE_STUDIO_MAX_REQUEST_BODY_BYTESto a positive integer. - Studio WebSocket handshakes enforce an explicit
Originallow-list before accepting progress streams. By default this allow-list follows the HTTP CORS origins; deployments can setSC_NEUROCORE_STUDIO_WEBSOCKET_ALLOWED_ORIGINSto a comma-separated list. - The backend adds default HTTP hardening headers to API responses:
X-Content-Type-Options: nosniff,Referrer-Policy: no-referrer, andX-Frame-Options: DENY. - Every HTTP response carries an
X-Request-IDcorrelation header. Valid inbound request IDs are preserved; malformed values are replaced with a server-generated UUID.
The policy gateway is intentionally a platform contract first. Existing public health and capability routes stay backward compatible while protected route integration is added panel by panel.
Development Gate¶
Studio changes are shipped as complete slices. Each backend slice updates strict typing, public-symbol docstrings, module-specific tests, focused coverage for new modules, and documentation in the same change. Generic coverage-fill tests are not accepted.
Panels¶
Equation Editor & Model Browser¶
Browse 159 runtime catalogue entries by category (integrate-and-fire, biophysical, stochastic, hardware emulators, AI-optimised). Select a model and adjust parameters with sliders — the trace view updates live.
Switch to ODE mode to write custom equations with syntax highlighting:
dv/dt = -(v - E_L) / tau_m + I / C
The Monaco editor provides SC-NeuroCore-specific syntax highlighting:
- Blue bold: ODE derivatives (dv/dt, dw/dt)
- Teal: parameters (E_L, tau_m, g_Na, V_threshold)
- Light blue: state variables (v, w, m, h, n)
- Yellow: functions (exp, sqrt, tanh)
- Purple: directives (threshold, reset)
- Green: comments (# ...)
18+ Analysis Views¶
| View | Description |
|---|---|
| Trace | Membrane voltage + spike raster + current protocol |
| Phase | Phase portrait with nullclines (2D ODE) |
| ISI | Inter-spike interval histogram |
| f-I | Firing rate vs. injected current curve |
| Bifurcation | Parameter sweep → attractor diagram |
| 2D Heatmap | Two-parameter sweep → firing rate heatmap |
| Sensitivity | One-at-a-time parameter sensitivity |
| STA | Spike-triggered average |
| Frequency | Frequency response (sinusoidal input) |
| Characterise | One-click dashboard: pattern + f-I + sensitivities |
| Multi-model | Overlay up to 4 models for comparison |
| A/B Compare | Side-by-side model comparison |
| E-I Network | Balanced excitatory-inhibitory network raster + rates |
| Code | Python script generator + clipboard one-liner |
| Q8.8 | Float vs. fixed-point co-simulation diff |
| RTL | Equation → Verilog compiler output |
| IR | SC Intermediate Representation viewer |
| FPGA | Synthesis resource bars |
| Train | Live training monitor |
| Canvas | Network graph editor |
Data Export¶
| Format | Contents | Use Case |
|---|---|---|
| SVG | Vector traces with axes, legend, spike markers | Paper figures, LaTeX, Inkscape |
| CSV | Time column + state variables | External analysis (MATLAB, R, pandas) |
| JSON | Full simulation result (time, states, spikes, params) | Reproducibility, archival |
The SVG export produces a dark-themed 800x400 plot with grid lines, axis labels, colour-coded state variables, spike markers, and a legend. Polylines are downsampled to 2000 points for file-size efficiency while preserving trace shape.
Network Canvas¶
Drag-and-drop populations (excitatory = blue, inhibitory = red) and connect them with projections by dragging between node handles. Configure weights, delays, and connection probability per projection.
Export/import networks in NIR format for interoperability with snnTorch, Norse, and SpikingJelly.
Training Monitor¶
Start SNN training from the browser. Configure: - Dataset (synthetic 64D or MNIST 784D) - 6 surrogate gradient functions (atan, fast sigmoid, superspike, sigmoid, STE, triangular) - Learnable beta (membrane leak) and threshold - Batch size, learning rate, timesteps, epochs
Watch loss curves, accuracy, per-layer spike rates, and parameter
evolution update in real time via Server-Sent Events. The Training Monitor
tails process-worker rows from the path-confined training/events.jsonl
artifact for live config, epoch, and terminal updates, then surfaces the
path-free action-evidence contract for the current training run: evidence
classification, action kind, job ID, terminal status, replay route, terminal
artifact names, configuration summary, and latest epoch.
Terminal status responses also include a verified
studio.training.evidence-summary.v1 summary when training/evidence.json
is available from the worker artifact manifest.
The panel can export and import studio.training.checkpoint.v1 JSON
checkpoints to restore training configuration and source status metadata
without exposing local paths or raw model-weight tensors. Completed process
jobs publish the actual learned weights as authenticated job artifacts, with
path-free size, SHA-256, architecture, and parameter-count metadata attached to
status and checkpoint payloads.
Compiler Inspector¶
Build SC Intermediate Representation from ODE equations, verify the graph, and emit synthesisable SystemVerilog. View the IR text and generated Verilog side-by-side with a verification badge. Direct equation-to-Verilog output includes a source-to-RTL traceability strip with source, RTL, and manifest digests plus controlled terminal status for evidence review. The strip can export a compile evidence bundle with replay metadata for the direct SystemVerilog emit route. Adaptive-precision formal-bundle manifests also carry the controlled Studio compile evidence class and terminal generation status while keeping external proof and hardware claims fail-closed.
Synthesis Dashboard¶
Run Yosys synthesis on generated Verilog for 4 FPGA targets:
| Target | Device | LUTs | FFs | BRAMs | DSPs |
|---|---|---|---|---|---|
| ice40 | iCE40 UP5K | 5,280 | 5,280 | 30 | 0 |
| ECP5 | LFE5U-25F | 24,576 | 24,576 | 56 | 28 |
| Gowin | GW1N | 20,736 | 20,736 | 41 | 0 |
| Xilinx | Artix-7 | 20,800 | 41,600 | 50 | 90 |
Multi-target comparison table shows resource usage across all targets. Quick heuristic estimation available without Yosys installed. Synthesis responses include path-free target provenance with tool readiness, tool versions where available, capacity metadata, and a multi-target matrix digest for comparison runs. The FPGA panel renders the provenance matrix after all-target synthesis, including target device, synthesis readiness, PnR readiness, tool command state, evidence classification, and terminal status for each supported target and the aggregate matrix.
Full Pipeline¶
One-click pipeline from the Network Canvas:
Network Graph → Validate → Simulate → Compile → Synthesise
The Network Canvas displays the worker-backed pipeline evidence contract beside
the terminal result: evidence classification, action kind, terminal status,
target, step, replay route, and the pipeline/result.json plus
pipeline/evidence.json artifact names.
Project Save/Load¶
Save complete workspace state (equations, parameters, network graph,
synthesis target, training config) as JSON files. Restore any saved
project from the sidebar. The save API returns studio.project-save.v1
metadata with state and project SHA-256 digests plus the
project_workspace evidence classification and completed terminal status; it
does not expose resolved local filesystem paths.
After a save completes, the Projects panel renders the path-free evidence
summary returned by the API: classification, status, project name, state
digest, project digest, and schema version. That keeps the operator-visible
save confirmation tied to the persisted payload without leaking host-local
paths. Evidence bundle export revalidates the saved project shape and stores it
as a classified project_workspace entry before adding it to bundle summaries.
Detailed Guides¶
- Synthesis Dashboard — FPGA targets, multi-target comparison, API
- Training Monitor — surrogates, cell types, SSE streaming, API
- Network Canvas — populations, projections, NIR format, API
- Compiler Inspector — IR build/verify/emit, co-simulation, API
- Integration & Projects — pipeline, save/load, API
Tech Stack¶
| Component | Technology |
|---|---|
| Frontend | React 19 + TypeScript (strict) |
| Graph editor | @xyflow/react (React Flow) |
| State | Zustand |
| Responsive | 4 breakpoints (1024, 768, 480px) |
| Build | Vite |
| Frontend tests | Vitest contract tests + TypeScript build |
| Backend | FastAPI |
| Simulation | SC-NeuroCore Python + Rust engine |
| Training | PyTorch (optional [research] extra) |
| Synthesis | Yosys + nextpnr (external, optional) |
API Reference¶
The Studio exposes 40+ REST endpoints. See the per-block documentation for complete API details with request/response examples.
| Prefix | Block | Endpoints |
|---|---|---|
/api/simulate, /api/models/* |
Phase 1 | ODE/model simulation with path-free run metadata, templates, presets |
/api/fi-curve, /api/bifurcation, /api/heatmap, ... |
Phase 1 | Analysis views with path-free result metadata |
/api/ir/* |
Compiler Inspector | IR build, verify, emit SV, co-sim, direct-SV traceability |
/api/compile, /api/synth/* |
Compiler/Synthesis | Worker-backed compile traceability, Yosys synthesis, target provenance, multi-target, estimate |
/api/training/* |
Training Monitor | Start/stop, SSE stream, surrogates |
/api/studio/training/weight-restore |
Admin | Bounded worker materialization and verification of training weights into path-free restore evidence |
/api/studio/training/weight-restore/attach |
Admin | Warm-start a bounded training job seeded with verified weights at the epoch-zero checkpoint boundary |
/api/studio/training/weight-restore/attach/live |
Admin | Live-attach verified weights into a running training job at its next epoch boundary via the confined control channel |
/api/graph/* |
Network Canvas | Populations, projections, validate, simulate, NIR |
/api/project/*, /api/pipeline/* |
Integration | Save/load, worker-backed full pipeline |
/api/studio/audit/* |
Admin | Audit status and admin-gated export |
/api/studio/evidence/bundle |
Admin | Job-backed project/job/audit simulation, analysis, and default-flow evidence bundle |
/api/studio/auth/* |
Platform | Browser-user login, current bearer session, logout |
/api/studio/identity/* |
Admin | Token-free service-account inventory and role updates |
/api/studio/operator/status |
Admin | Aggregate operator control-plane health, including browser-login lockout limits |
Requirements¶
pip install sc-neurocore[studio] # FastAPI, uvicorn, React frontend
pip install sc-neurocore[research] # PyTorch training (optional)
# Optional Rust engine: prefer a matching release wheel.
python -m pip install sc_neurocore_engine
# Fallback when no wheel exists: build the local bridge with a local Rust toolchain.
cd bridge && python -m maturin develop --release
# Yosys + nextpnr for FPGA synthesis (optional)
Rust Engine¶
The optional sc_neurocore_engine bridge provides SIMD-accelerated
simulation. Release automation builds pre-built wheels with maturin for
Python 3.10-3.14 on Linux x86_64/aarch64, macOS, and Windows. Use a matching
release wheel when one is provided for your platform, or build it from the
source checkout with python -m maturin develop --release.
When installed, the Studio automatically uses it for E-I network simulation and
batch model runs. Without it, NumPy fallbacks are used — everything works, just
slower for large networks.
Developed by ANULUM / Fortis Studio