108 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
user	31724df63f	docs: Add pentest results and update project docs ... Executed non-invasive pentest against amber-maple (v1.12-dev): - Phase 1: mDNS, port scan, binary analysis, eFuse readout - Phase 2: HMAC timing, command injection (27 tests), replay (6 tests) - Phase 3: NVS analysis, CVE check (12 CVEs), binary structure All network-facing tests PASS. Physical security gaps documented.	2026-02-14 21:55:47 +01:00
user	8445fab1ce	docs: Add serial console and provisioning to cheatsheet	2026-02-14 20:49:03 +01:00
user	a81e7e3990	feat: Serial console AUTH + NVS provisioning tool ... - Add serial_task: UART console for AUTH management with physical access AUTH shows full secret, AUTH <secret> sets, AUTH OFF clears - Add esp-provision tool: provision auth secret via serial or NVS flash Supports auto-generate, custom secrets, --serial and --generate-only - Fix esp-ota uptime cache: avoid firmware rate limiter on consecutive udp_cmd calls by caching uptime_s for 3s	2026-02-14 20:48:40 +01:00
user	a4bd2a6315	fix: Add uptime sync to all tools for 5s HMAC replay window ... All three standalone tools (esp-cmd, esp-fleet, esp-ota) now fetch device uptime before signing commands, matching what esp-ctl already does. Includes 60ms delay after uptime fetch to avoid firmware rate limiter (50ms inter-command throttle).	2026-02-14 20:29:49 +01:00
user	8fcc90a6db	docs: Update cheatsheet for security hardening changes ... - HMAC protocol: 16 -> 32 hex chars, document replay window - Remove AUTH OFF (disabled remotely, use FACTORY reset) - Split STATUS fields into authed/unauthed columns - Update LED states for quiet mode (now default) - Update mDNS discovery note (service ad removed)	2026-02-14 20:15:55 +01:00
user	57927c7c22	fix: Address P2 security audit findings ... - VULN-012: Split STATUS into minimal (unauthed: hostname, uptime, rssi, version, motion, presence) and full (authed: all internals, build info, target IP, heap, NVS stats) - VULN-011: Remove mDNS service advertisement and hardcoded "ESP32 CSI Sensor" instance name; use hostname only - VULN-021: Increase HMAC tag from 64 bits (16 hex) to 128 bits (32 hex) — BREAKING: client scripts must update HMAC computation - VULN-023: Enable PMF (802.11w) in sdkconfig.defaults to prevent deauth attacks at protocol level	2026-02-14 20:10:14 +01:00
user	ed8669c0af	fix: Address P1 security audit findings ... - VULN-010: Prevent CSI UDP buffer overflow with bounds-checked serialization loops and clamped pos before sendto - VULN-019: Validate probe frame sig_len before body access - VULN-017: Add NVS write throttle to config_erase_key() - VULN-009: Tighten HMAC replay window from ±30s to ±5s, add nonce dedup cache (8 entries) to reject exact replays within window - VULN-004/018: Add 50ms rate limit on command socket (20 cmd/s max) - VULN-014: Stage baseline calibration in local buffer, gate with atomic nsub write to prevent partial reads from CSI callback	2026-02-14 20:05:06 +01:00
user	bbe0e3fb21	fix: Harden command auth and prevent remote auth disable ... - Flip cmd_requires_auth() from blacklist to whitelist: only read-only query commands are unauthenticated, all state-modifying commands now require HMAC (VULN-007) - Block AUTH OFF command to prevent remote auth disable; secret rotation still allowed, full reset via FACTORY (VULN-005) - Redact auth secret in boot log to first 4 chars only (VULN-003) - Update HELP text to reflect AUTH change	2026-02-14 20:01:19 +01:00
user	476a9beb3b	fix: Harden HMAC auth, sanitize inputs, throttle NVS writes ... - Constant-time HMAC comparison (prevents timing side-channel) - Add timestamp to HMAC scheme for replay protection (30s window) New format: HMAC:<16hex>:<uptime_s>:<cmd> - Validate HOSTNAME against [a-z0-9-] to prevent UDP stream injection - Sanitize probe request SSIDs (strip non-printable chars and commas) - Redact HMAC token from serial log output - NVS write throttle: max 20 writes per 10s to prevent flash wear	2026-02-14 18:41:21 +01:00
user	ebc8a00b46	feat: Auto-generate auth secret and enforce HMAC on privileged commands ... - Generate 128-bit random auth secret on first boot via hardware RNG, persist to NVS, log to serial for retrieval - Gate destructive commands (OTA, FACTORY, REBOOT, TARGET, AUTH, HOSTNAME set) behind HMAC authentication - Read-only and operational commands remain open for monitoring - Require WPA2/WPA3 for WiFi AP association (reject open/WEP)	2026-02-14 18:36:31 +01:00
user	00b3372a6d	docs: Update project docs with ALERT command and v1.11 completion	2026-02-14 17:42:02 +01:00
user	ce5205eb29	feat: Add ALERT command for temp/heap threshold monitoring ... ALERT TEMP <celsius> and ALERT HEAP <bytes> emit EVENT packets when thresholds are crossed (60s holdoff). NVS-persisted, shown in STATUS and CONFIG. Temp alerts require SOC_TEMP_SENSOR_SUPPORTED.	2026-02-14 17:40:12 +01:00
user	5d37bde414	docs: Mark OTA rollback test passed on amber-maple	2026-02-14 17:12:59 +01:00
user	09dd40df91	docs: Mark v1.11.0 deployed to fleet	2026-02-14 15:46:37 +01:00
user	3f9c0b935e	docs: Update TASKS with PING, LOG, RSSI RESET commands	2026-02-14 14:31:57 +01:00
user	35049df04e	feat: Add PING, LOG, RSSI RESET commands ... PING returns OK PONG for connectivity testing. LOG sets global esp_log_level at runtime (NONE/ERROR/WARN/INFO/DEBUG/VERBOSE). RSSI RESET clears min/max RSSI tracking counters. Compact HELP text to fit 1400-byte reply buffer.	2026-02-14 14:30:11 +01:00
user	468a97713c	feat: Add HELP, CONFIG, FACTORY commands; sync project docs ... Firmware: HELP lists all 27 commands with syntax, CONFIG dumps running config as key=value, FACTORY erases NVS and reboots. Docs: update PROJECT, ROADMAP, TASKS, TODO to reflect v1.10 completion, v1.11 unreleased work, and esp32-web v0.1.5 state. Remove stale v2.0 Flask phase-by-phase plan (now tracked in ~/git/esp32-web/). Clean deferred items from completed milestones.	2026-02-14 14:26:01 +01:00
user	aea0a06a5f	feat: Add CSI ON/OFF command to toggle CSI collection ... When CSI is OFF, probe request capture remains active. Persisted via NVS key 'csi_enabled'.	2026-02-06 16:21:52 +01:00
user	2e4fa30b84	ci: Remove deploy job (deploy locally instead) v1.10.3	2026-02-05 23:46:37 +01:00
user	89e05bbb7e	ci: Use absolute path for ESP-IDF on host runner	2026-02-05 23:43:59 +01:00
user	f9d22cbe39	ci: Use curl/tar for deploy checkout (host has no git)	2026-02-05 23:29:52 +01:00
user	12fa03a2d5	feat: Default LED to quiet mode (off, solid on motion)	2026-02-05 23:27:13 +01:00
user	9e3038e85f	ci: Run deploy on host with local HTTP server for OTA v1.10.2	2026-02-05 23:23:45 +01:00
user	de3e120c7e	ci: Use Gitea release URL for OTA instead of local HTTP server v1.10.1	2026-02-05 23:14:06 +01:00
user	b65256fa45	feat: Add LED quiet mode (off normally, solid on motion) ... LED command: LED [QUIET|AUTO] - QUIET: LED off, turns solid on motion/presence detection, blinks on OTA - AUTO: Original behavior (constant blink) Persisted via NVS key 'led_quiet'.	2026-02-05 23:13:32 +01:00
user	a84abf03ca	ci: Add security checks (secrets scan, config validation)	2026-02-05 23:02:46 +01:00
user	4da0679d4e	ci: Skip build job on tag pushes (deploy rebuilds)	2026-02-05 23:00:10 +01:00
user	da9859571b	ci: Remove shellcheck, run deploy in container with host network ... - Remove shellcheck job (no shell scripts) - Deploy job now uses espressif/idf container with --network=host - Install git, curl, jq, netcat in deploy container v1.10.0	2026-02-05 22:54:16 +01:00
user	52603fb097	fix: Use git clone instead of curl for deploy checkout	2026-02-05 22:47:51 +01:00
user	974ffadb1c	ci: Add firmware size check and version tag validation ... - Fail build if binary exceeds 1920 KB partition - Warn at 85% capacity - Warn if git tag differs from embedded version	2026-02-05 22:42:49 +01:00
user	eb4c3d1657	feat: Add build metadata to STATUS, enable size optimization ... STATUS now includes built=, idf=, chip= fields for diagnostics. Switch to -Os compiler optimization (saves ~75 KB).	2026-02-05 22:42:45 +01:00
user	456b4f0b9a	ci: Run build after checks pass, fix deploy checkout	2026-02-05 22:24:38 +01:00
user	a338c9f65f	ci: Fix multiline command syntax for host runner v1.9.7	2026-02-05 22:18:50 +01:00
user	fbf2e9a7c1	ci: Add OTA progress monitoring with version checks v1.9.6	2026-02-05 22:11:13 +01:00
user	1377abe248	ci: Run deploy on host instead of container for network access v1.9.5	2026-02-05 22:09:47 +01:00
user	551225d308	fix: Remove unused app_size variable (cppcheck) v1.9.4	2026-02-05 22:08:30 +01:00
user	7f2e3f6dad	ci: Add ccache for faster builds + parallel OTA deployment ... Build improvements: - Enable ccache via IDF_CCACHE_ENABLE=1 - Mount /var/cache/ccache volume for persistent cache - Show ccache stats after build Deployment improvements: - Deploy to all sensors in parallel (max 3) - Reduced total deploy time from ~2.5min to ~1min Note: Runner needs /var/cache/ccache directory with write permissions v1.9.3	2026-02-05 22:02:29 +01:00
user	a85a2d776b	ci: Use host network for deploy container v1.9.2	2026-02-05 21:55:21 +01:00
user	6dbab23329	ci: Serve firmware from runner for OTA deployment ... Instead of having ESP devices download from Gitea (TLS cert issues), the runner now serves firmware via local HTTP server and triggers OTA with the local URL. v1.9.1	2026-02-05 21:48:53 +01:00
user	4b3697c8e6	feat: Add NVS and partition info to STATUS response ... - nvs_used: NVS entries in use - nvs_free: free NVS entries - nvs_total: total NVS entries - part_size: running partition size in bytes v1.9.0	2026-02-05 21:33:20 +01:00
user	f87ddec742	docs: Add v2.0 Flask API backend roadmap ... Plan for REST API backend (purple team/OPSEC/OSINT): - Phase 1: Project scaffold, SQLAlchemy models, podman - Phase 2: UDP collector for sensor data streams - Phase 3: Core API endpoints (sensors, devices, alerts, probes, events) - Phase 4: OSINT features (OUI lookup, BLE company ID mapping) - Phase 5: Fleet management API Port allocation: - TCP 5500: HTTP REST API - UDP 5500: Sensor data collector - UDP 5501: Sensor commands (outbound) Also documents completed v1.8 (HTTPS OTA) and v1.9 (multi-channel scanning, BLE fingerprinting) milestones.	2026-02-05 20:41:24 +01:00
user	d58b6dd814	feat: v1.9 — multi-channel scanning, BLE fingerprinting ... Multi-channel scanning (CHANSCAN command): - Periodic channel hopping (1-13) with 100ms dwell for broader probe capture - CHANSCAN ON/OFF/NOW/INTERVAL subcommands - New NVS keys: chanscan (i8), chanscan_int (i32) - Emits EVENT,hostname,chanscan=done channels=13 on completion - PROBE_DATA now includes channel number BLE fingerprinting: - Extended BLE_DATA format with company_id, tx_power, flags - Extracts manufacturer data from BLE advertisements - Common IDs: 0x004C (Apple), 0x00E0 (Google), 0x0075 (Samsung) STATUS output now includes chanscan=on/off field.	2026-02-05 17:38:08 +01:00
user	9234ff00de	feat: Support HTTPS URLs for OTA updates v1.8.0	2026-02-05 13:57:08 +01:00
user	a1074319f2	ci: Upload firmware to Gitea releases for OTA v1.7.6	2026-02-05 13:48:08 +01:00
user	9ece83bac0	ci: Simplify deploy script to pure POSIX sh v1.7.5	2026-02-05 13:28:28 +01:00
user	cfa22e9e2a	ci: Fix deploy script for POSIX sh, use explicit bash v1.7.4	2026-02-05 13:21:38 +01:00
user	baf2c69aee	ci: Use hardcoded sensor IPs for deploy v1.7.3	2026-02-05 13:14:38 +01:00
user	7be795a26e	ci: Fix deploy job - use container with host networking v1.7.2	2026-02-05 12:29:22 +01:00
user	63ff9c4931	ci: Add deploy job for OTA firmware updates ... - Triggers on manual workflow_dispatch with deploy=true - Triggers automatically on version tags (v*) - Deploys to muddy-storm, amber-maple, hollow-acorn via OTA - Uses podman to rebuild, then serves firmware via HTTP v1.7.1	2026-02-05 12:20:19 +01:00
user	b4c898a741	ci: Source ESP-IDF export.sh before build	2026-02-05 12:16:20 +01:00