esp32-hacking

Author	SHA1	Message	Date
user	de3e120c7e	ci: Use Gitea release URL for OTA instead of local HTTP server All checks were successful Lint & Build / Security Flaw Analysis (push) Successful in 15s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / C/C++ Static Analysis (push) Successful in 27s Details Lint & Build / Build Firmware (push) Has been skipped Details Lint & Build / Deploy to ESP Fleet (push) Successful in 4m24s Details v1.10.1	2026-02-05 23:14:06 +01:00
user	b65256fa45	feat: Add LED quiet mode (off normally, solid on motion) LED command: LED [QUIET\|AUTO] - QUIET: LED off, turns solid on motion/presence detection, blinks on OTA - AUTO: Original behavior (constant blink) Persisted via NVS key 'led_quiet'.	2026-02-05 23:13:32 +01:00
user	a84abf03ca	ci: Add security checks (secrets scan, config validation)	2026-02-05 23:02:46 +01:00
user	4da0679d4e	ci: Skip build job on tag pushes (deploy rebuilds)	2026-02-05 23:00:10 +01:00
user	da9859571b	ci: Remove shellcheck, run deploy in container with host network Some checks failed Lint & Build / Security Flaw Analysis (push) Successful in 16s Details Lint & Build / Secret Scanning (push) Successful in 4s Details Lint & Build / C/C++ Static Analysis (push) Successful in 27s Details Lint & Build / Build Firmware (push) Successful in 2m41s Details Lint & Build / Deploy to ESP Fleet (push) Has been cancelled Details - Remove shellcheck job (no shell scripts) - Deploy job now uses espressif/idf container with --network=host - Install git, curl, jq, netcat in deploy container v1.10.0	2026-02-05 22:54:16 +01:00
user	52603fb097	fix: Use git clone instead of curl for deploy checkout Some checks failed Lint & Build / Security Flaw Analysis (push) Successful in 15s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / C/C++ Static Analysis (push) Successful in 28s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m52s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 0s Details	2026-02-05 22:47:51 +01:00
user	974ffadb1c	ci: Add firmware size check and version tag validation Some checks failed Lint & Build / Security Flaw Analysis (push) Successful in 15s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / C/C++ Static Analysis (push) Successful in 28s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 1m51s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 1s Details - Fail build if binary exceeds 1920 KB partition - Warn at 85% capacity - Warn if git tag differs from embedded version	2026-02-05 22:42:49 +01:00
user	eb4c3d1657	feat: Add build metadata to STATUS, enable size optimization STATUS now includes built=, idf=, chip= fields for diagnostics. Switch to -Os compiler optimization (saves ~75 KB).	2026-02-05 22:42:45 +01:00
user	456b4f0b9a	ci: Run build after checks pass, fix deploy checkout All checks were successful Lint & Build / Security Flaw Analysis (push) Successful in 15s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / C/C++ Static Analysis (push) Successful in 27s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 1m53s Details Lint & Build / Deploy to ESP Fleet (push) Has been skipped Details	2026-02-05 22:24:38 +01:00
user	a338c9f65f	ci: Fix multiline command syntax for host runner Some checks failed Lint & Build / C/C++ Static Analysis (push) Successful in 29s Details Lint & Build / Security Flaw Analysis (push) Successful in 20s Details Lint & Build / Secret Scanning (push) Successful in 8s Details Lint & Build / Shell Script Analysis (push) Successful in 9s Details Lint & Build / Build Firmware (push) Successful in 2m4s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 1s Details v1.9.7	2026-02-05 22:18:50 +01:00
user	fbf2e9a7c1	ci: Add OTA progress monitoring with version checks Some checks are pending Lint & Build / C/C++ Static Analysis (push) Successful in 29s Details Lint & Build / Deploy to ESP Fleet (push) Blocked by required conditions Details Lint & Build / Security Flaw Analysis (push) Successful in 21s Details Lint & Build / Secret Scanning (push) Successful in 8s Details Lint & Build / Shell Script Analysis (push) Successful in 9s Details Lint & Build / Build Firmware (push) Successful in 2m24s Details v1.9.6	2026-02-05 22:11:13 +01:00
user	1377abe248	ci: Run deploy on host instead of container for network access Some checks failed Lint & Build / Deploy to ESP Fleet (push) Has been cancelled Details Lint & Build / Security Flaw Analysis (push) Has been cancelled Details Lint & Build / Secret Scanning (push) Has been cancelled Details Lint & Build / Shell Script Analysis (push) Has been cancelled Details Lint & Build / C/C++ Static Analysis (push) Has been cancelled Details Lint & Build / Build Firmware (push) Has been cancelled Details v1.9.5	2026-02-05 22:09:47 +01:00
user	551225d308	fix: Remove unused app_size variable (cppcheck) All checks were successful Lint & Build / C/C++ Static Analysis (push) Successful in 29s Details Lint & Build / Security Flaw Analysis (push) Successful in 22s Details Lint & Build / Secret Scanning (push) Successful in 8s Details Lint & Build / Shell Script Analysis (push) Successful in 10s Details Lint & Build / Build Firmware (push) Successful in 2m21s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m20s Details v1.9.4	2026-02-05 22:08:30 +01:00
user	7f2e3f6dad	ci: Add ccache for faster builds + parallel OTA deployment Some checks failed Lint & Build / C/C++ Static Analysis (push) Failing after 32s Details Lint & Build / Security Flaw Analysis (push) Successful in 21s Details Lint & Build / Secret Scanning (push) Successful in 8s Details Lint & Build / Shell Script Analysis (push) Successful in 10s Details Lint & Build / Build Firmware (push) Successful in 2m7s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m0s Details Build improvements: - Enable ccache via IDF_CCACHE_ENABLE=1 - Mount /var/cache/ccache volume for persistent cache - Show ccache stats after build Deployment improvements: - Deploy to all sensors in parallel (max 3) - Reduced total deploy time from ~2.5min to ~1min Note: Runner needs /var/cache/ccache directory with write permissions v1.9.3	2026-02-05 22:02:29 +01:00
user	a85a2d776b	ci: Use host network for deploy container Some checks failed Lint & Build / C/C++ Static Analysis (push) Failing after 34s Details Lint & Build / Security Flaw Analysis (push) Successful in 21s Details Lint & Build / Secret Scanning (push) Successful in 7s Details Lint & Build / Shell Script Analysis (push) Successful in 10s Details Lint & Build / Build Firmware (push) Successful in 1m56s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 4m18s Details v1.9.2	2026-02-05 21:55:21 +01:00
user	6dbab23329	ci: Serve firmware from runner for OTA deployment Some checks failed Lint & Build / C/C++ Static Analysis (push) Failing after 37s Details Lint & Build / Security Flaw Analysis (push) Successful in 21s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 6s Details Lint & Build / Build Firmware (push) Successful in 2m12s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 4m19s Details Instead of having ESP devices download from Gitea (TLS cert issues), the runner now serves firmware via local HTTP server and triggers OTA with the local URL. v1.9.1	2026-02-05 21:48:53 +01:00
user	4b3697c8e6	feat: Add NVS and partition info to STATUS response Some checks failed Lint & Build / C/C++ Static Analysis (push) Failing after 38s Details Lint & Build / Security Flaw Analysis (push) Successful in 20s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m12s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m31s Details - nvs_used: NVS entries in use - nvs_free: free NVS entries - nvs_total: total NVS entries - part_size: running partition size in bytes v1.9.0	2026-02-05 21:33:20 +01:00
user	f87ddec742	docs: Add v2.0 Flask API backend roadmap Plan for REST API backend (purple team/OPSEC/OSINT): - Phase 1: Project scaffold, SQLAlchemy models, podman - Phase 2: UDP collector for sensor data streams - Phase 3: Core API endpoints (sensors, devices, alerts, probes, events) - Phase 4: OSINT features (OUI lookup, BLE company ID mapping) - Phase 5: Fleet management API Port allocation: - TCP 5500: HTTP REST API - UDP 5500: Sensor data collector - UDP 5501: Sensor commands (outbound) Also documents completed v1.8 (HTTPS OTA) and v1.9 (multi-channel scanning, BLE fingerprinting) milestones.	2026-02-05 20:41:24 +01:00
user	d58b6dd814	feat: v1.9 — multi-channel scanning, BLE fingerprinting Multi-channel scanning (CHANSCAN command): - Periodic channel hopping (1-13) with 100ms dwell for broader probe capture - CHANSCAN ON/OFF/NOW/INTERVAL subcommands - New NVS keys: chanscan (i8), chanscan_int (i32) - Emits EVENT,hostname,chanscan=done channels=13 on completion - PROBE_DATA now includes channel number BLE fingerprinting: - Extended BLE_DATA format with company_id, tx_power, flags - Extracts manufacturer data from BLE advertisements - Common IDs: 0x004C (Apple), 0x00E0 (Google), 0x0075 (Samsung) STATUS output now includes chanscan=on/off field.	2026-02-05 17:38:08 +01:00
user	9234ff00de	feat: Support HTTPS URLs for OTA updates All checks were successful Lint & Build / C/C++ Static Analysis (push) Successful in 35s Details Lint & Build / Security Flaw Analysis (push) Successful in 19s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m18s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m32s Details v1.8.0	2026-02-05 13:57:08 +01:00
user	a1074319f2	ci: Upload firmware to Gitea releases for OTA All checks were successful Lint & Build / C/C++ Static Analysis (push) Successful in 35s Details Lint & Build / Security Flaw Analysis (push) Successful in 19s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m17s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m29s Details v1.7.6	2026-02-05 13:48:08 +01:00
user	9ece83bac0	ci: Simplify deploy script to pure POSIX sh All checks were successful Lint & Build / C/C++ Static Analysis (push) Successful in 35s Details Lint & Build / Security Flaw Analysis (push) Successful in 18s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m17s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 3m28s Details v1.7.5	2026-02-05 13:28:28 +01:00
user	cfa22e9e2a	ci: Fix deploy script for POSIX sh, use explicit bash Some checks failed Lint & Build / C/C++ Static Analysis (push) Successful in 35s Details Lint & Build / Security Flaw Analysis (push) Successful in 19s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m18s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 1m51s Details v1.7.4	2026-02-05 13:21:38 +01:00
user	baf2c69aee	ci: Use hardcoded sensor IPs for deploy Some checks failed Lint & Build / C/C++ Static Analysis (push) Successful in 34s Details Lint & Build / Security Flaw Analysis (push) Successful in 19s Details Lint & Build / Secret Scanning (push) Successful in 5s Details Lint & Build / Build Firmware (push) Successful in 2m17s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 1m51s Details v1.7.3	2026-02-05 13:14:38 +01:00
user	7be795a26e	ci: Fix deploy job - use container with host networking All checks were successful Lint & Build / C/C++ Static Analysis (push) Successful in 35s Details Lint & Build / Security Flaw Analysis (push) Successful in 19s Details Lint & Build / Secret Scanning (push) Successful in 4s Details Lint & Build / Shell Script Analysis (push) Successful in 7s Details Lint & Build / Build Firmware (push) Successful in 2m16s Details Lint & Build / Deploy to ESP Fleet (push) Successful in 1m53s Details v1.7.2	2026-02-05 12:29:22 +01:00
user	63ff9c4931	ci: Add deploy job for OTA firmware updates Some checks failed Lint & Build / C/C++ Static Analysis (push) Successful in 29s Details Lint & Build / Security Flaw Analysis (push) Successful in 22s Details Lint & Build / Secret Scanning (push) Successful in 8s Details Lint & Build / Shell Script Analysis (push) Successful in 9s Details Lint & Build / Build Firmware (push) Successful in 1m56s Details Lint & Build / Deploy to ESP Fleet (push) Failing after 0s Details - Triggers on manual workflow_dispatch with deploy=true - Triggers automatically on version tags (v*) - Deploys to muddy-storm, amber-maple, hollow-acorn via OTA - Uses podman to rebuild, then serves firmware via HTTP v1.7.1	2026-02-05 12:20:19 +01:00
user	b4c898a741	ci: Source ESP-IDF export.sh before build All checks were successful Lint & Build / Secret Scanning (push) Successful in 2s Details Lint & Build / Shell Script Analysis (push) Successful in 3s Details Lint & Build / Security Flaw Analysis (push) Successful in 10s Details Lint & Build / C/C++ Static Analysis (push) Successful in 17s Details Lint & Build / Build Firmware (push) Successful in 50s Details	2026-02-05 12:16:20 +01:00
user	9e7fab9e09	ci: Add ESP-IDF firmware build job Some checks failed Lint & Build / Secret Scanning (push) Successful in 3s Details Lint & Build / Shell Script Analysis (push) Successful in 4s Details Lint & Build / Security Flaw Analysis (push) Successful in 11s Details Lint & Build / C/C++ Static Analysis (push) Successful in 18s Details Lint & Build / Build Firmware (push) Failing after 1m44s Details	2026-02-05 12:13:56 +01:00
user	cae599f49f	ci: Use containers for all lint jobs (podman) All checks were successful Lint & Security / Secret Scanning (push) Successful in 2s Details Lint & Security / Shell Script Analysis (push) Successful in 5s Details Lint & Security / C/C++ Static Analysis (push) Successful in 17s Details Lint & Security / Security Flaw Analysis (push) Successful in 16s Details	2026-02-05 12:10:16 +01:00
user	7b9f0b9242	ci: Download gitleaks binary, use python3 -m pip for flawfinder Some checks failed Lint & Security / C/C++ Static Analysis (push) Failing after 1s Details Lint & Security / Security Flaw Analysis (push) Failing after 2s Details Lint & Security / Secret Scanning (push) Successful in 1s Details Lint & Security / Shell Script Analysis (push) Successful in 1s Details	2026-02-05 12:08:17 +01:00
user	9430832dfc	ci: Remove sudo - assume tools pre-installed on runner Some checks failed Lint & Security / C/C++ Static Analysis (push) Failing after 1s Details Lint & Security / Security Flaw Analysis (push) Failing after 1s Details Lint & Security / Secret Scanning (push) Failing after 1s Details Lint & Security / Shell Script Analysis (push) Successful in 1s Details	2026-02-05 12:07:16 +01:00
user	5d8fbd4bf6	ci: Use github.token for authenticated checkout Some checks failed Lint & Security / C/C++ Static Analysis (push) Failing after 1s Details Lint & Security / Security Flaw Analysis (push) Failing after 1s Details Lint & Security / Secret Scanning (push) Failing after 1s Details Lint & Security / Shell Script Analysis (push) Failing after 1s Details	2026-02-05 12:06:31 +01:00
user	033aaccd46	ci: Use git clone instead of actions/checkout (runner lacks node) Some checks failed Lint & Security / Security Flaw Analysis (push) Has been cancelled Details Lint & Security / Shell Script Analysis (push) Has been cancelled Details Lint & Security / C/C++ Static Analysis (push) Has been cancelled Details Lint & Security / Secret Scanning (push) Has been cancelled Details	2026-02-05 12:02:15 +01:00
user	28db1f9fe3	docs: Update README for v1.7 with current features and CI Some checks failed Lint & Security / C/C++ Static Analysis (push) Failing after 3s Details Lint & Security / Security Flaw Analysis (push) Failing after 2s Details Lint & Security / Secret Scanning (push) Failing after 1s Details Lint & Security / Shell Script Analysis (push) Failing after 1s Details	2026-02-05 11:38:08 +01:00
user	8265f96f3b	ci: Add Gitea workflow for lint and security checks Some checks failed Lint & Security / C/C++ Static Analysis (push) Has been cancelled Details Lint & Security / Security Flaw Analysis (push) Has been cancelled Details Lint & Security / Secret Scanning (push) Has been cancelled Details Lint & Security / Shell Script Analysis (push) Has been cancelled Details - cppcheck: C/C++ static analysis (warnings, style, performance, portability) - flawfinder: Security-focused C/C++ analysis - gitleaks: Secret scanning across repo history - shellcheck: Shell script analysis All jobs run on 'anvil' labeled runner.	2026-02-05 11:33:44 +01:00
user	a1970639b9	docs: Mark firmware security audit done in TASKS.md	2026-02-05 11:32:54 +01:00
user	6f7490cd34	docs: Mark Pi-side presence event handling done in TASKS.md	2026-02-05 10:20:50 +01:00
user	528e34cb25	feat: Add baseline calibration & presence detection (v1.7) CALIBRATE command captures per-subcarrier CSI amplitudes over a timed window and stores the averaged baseline in NVS. PRESENCE command enables real-time scoring via normalized Euclidean distance against the baseline, with rolling window averaging and 10s holdoff on state transitions. New commands: CALIBRATE [3-60\|STATUS\|CLEAR], PRESENCE [ON\|OFF\|THRESHOLD] New NVS keys: bl_amps (blob), bl_nsub, presence, pr_thresh New STATUS fields: presence=, pr_score= New events: calibrate=done, presence=0\|1	2026-02-04 23:04:19 +01:00
user	738c759573	docs: Update TASKS.md for v1.6 completion	2026-02-04 22:36:59 +01:00
user	616181e279	docs: Mark v1.6 Power Management done in ROADMAP	2026-02-04 22:36:09 +01:00
user	47db176619	feat: Add POWERSAVE command with DFS + light sleep (v1.6) Enable ESP-IDF power management framework (DFS 240/80 MHz + light sleep) and add POWERSAVE command to toggle WiFi modem sleep. NVS-persisted, default off. Automatically disabled during POWERTEST.	2026-02-04 22:34:13 +01:00
user	b8f568890f	docs: Mark v1.5 done, bump Power Management to v1.6	2026-02-04 22:07:20 +01:00
user	4358ce8b96	feat: Add NVS persistence for SCANRATE and PROBERATE commands Both settings now save to NVS and restore on boot, matching the pattern used by other persisted config (rate, tx_power, etc).	2026-02-04 22:06:04 +01:00
user	8c79d20cd8	feat: Add POWERTEST command, update roadmap with v2.0 FTM milestone Add 7-phase power profiling command (POWERTEST) that cycles through idle, CSI 10/100 Hz, BLE-only, combined, tx_low/tx_high with EVENT markers for external power meter correlation. Saves/restores all settings on completion. Update roadmap: mark v1.4 done, add v2.0 hardware upgrade milestone for ESP32-S3/C6 with WiFi FTM / 802.11mc inter-sensor ranging.	2026-02-04 21:47:28 +01:00
user	84f2b33dac	docs: Update ROADMAP to reflect current state through v1.3 Mark v1.0-v1.1 as DONE, add missing v1.1 items (HOSTNAME, mDNS discovery, SCANRATE/PROBERATE, temp, channel/boots/RSSI stats). Rename v1.2 to On-Device CSI Processing, add v1.3 Security & OSINT, plan v1.4 Multi-Sensor & Validation, v1.5 Power Management. Remove stale/duplicate entries from Future.	2026-02-04 21:27:43 +01:00
user	6066832271	feat: Add parallel OTA to esp-fleet (--parallel flag) Start one HTTP server, send OTA commands to all devices simultaneously, wait for reboot, then verify all in parallel. Cuts fleet OTA from ~90s to ~30s. Sequential mode remains the default. Usage: esp-fleet ota --parallel [firmware.bin]	2026-02-04 21:18:17 +01:00
user	7511814976	docs: Add Pi-side tool prerequisites, build notes to INSTALL.md Document esp-ctl install, standalone tool symlinks, HMAC auth setup, watch daemon setup, and CMakeLists.txt REQUIRES caveat.	2026-02-04 21:12:14 +01:00
user	fa589b0238	fix: Revert explicit REQUIRES mbedtls, move flood globals before NVS load The main component in ESP-IDF auto-includes all components; explicit REQUIRES overrides this and breaks the build. mbedtls is available without it. Also moved flood detection globals above config_load_nvs to fix undeclared identifier errors.	2026-02-04 21:11:24 +01:00
user	2586234473	feat: Add HMAC command auth, deauth flood detection, sign all tools Firmware: - HMAC-SHA256 command authentication (AUTH command, NVS persisted) - Deauth flood detection with ring buffer and aggregate ALERT_DATA - FLOODTHRESH command (count + window, NVS persisted) - New STATUS fields: auth=on/off, flood_thresh=5/10 - mbedtls dependency in CMakeLists.txt, rx_buf increased to 192 Tools: - esp-cmd/esp-fleet/esp-ota import sign_command from esp_ctl.auth - Commands auto-signed when ESP_CMD_SECRET env var is set Docs: - CHEATSHEET: AUTH, FLOODTHRESH, HMAC auth, OUI, watch, osint sections - TASKS: v1.3 completed section with all new features	2026-02-04 21:07:00 +01:00
user	7ca58fee72	docs: Add STATUS field reference, PROFILE section, update completed items	2026-02-04 20:16:16 +01:00

1 2

85 Commits