All three standalone tools (esp-cmd, esp-fleet, esp-ota) now fetch
device uptime before signing commands, matching what esp-ctl already
does. Includes 60ms delay after uptime fetch to avoid firmware rate
limiter (50ms inter-command throttle).
Start one HTTP server, send OTA commands to all devices simultaneously,
wait for reboot, then verify all in parallel. Cuts fleet OTA from ~90s
to ~30s. Sequential mode remains the default.
Usage: esp-fleet ota --parallel [firmware.bin]
Firmware:
- HMAC-SHA256 command authentication (AUTH command, NVS persisted)
- Deauth flood detection with ring buffer and aggregate ALERT_DATA
- FLOODTHRESH command (count + window, NVS persisted)
- New STATUS fields: auth=on/off, flood_thresh=5/10
- mbedtls dependency in CMakeLists.txt, rx_buf increased to 192
Tools:
- esp-cmd/esp-fleet/esp-ota import sign_command from esp_ctl.auth
- Commands auto-signed when ESP_CMD_SECRET env var is set
Docs:
- CHEATSHEET: AUTH, FLOODTHRESH, HMAC auth, OUI, watch, osint sections
- TASKS: v1.3 completed section with all new features
Dual OTA partition table (ota_0/ota_1, 1920 KB each) on 4MB flash.
Firmware gains OTA command, LED_OTA double-blink, version in STATUS,
and automatic rollback validation. Pi-side esp-ota tool serves firmware
via HTTP and orchestrates the update flow. esp-fleet gains ota subcommand.
Firmware:
- mDNS announcement as <hostname>.local (configurable via Kconfig)
- Task watchdog with 30s timeout and auto-reboot on hang
- STATUS now returns human-readable uptime (e.g., 3d2h15m) and hostname
Pi-side tools:
- esp-cmd: mDNS hostname resolution (esp-cmd amber-maple.local STATUS)
- esp-fleet: parallel command to all sensors (esp-fleet status)
Tested on amber-maple — mDNS resolves, watchdog active, fleet tool works.
