Reflects the feature shipped on this branch: backend can push per-device
CV tuning in the heartbeat response, device validates + persists to NVS.
Removes the stale line_offset row from the operator-provisioning table
(moved into CVTuning, server-managed).
Also adds .agent/, firmware/.pio/, and graphify-out/ to .gitignore so
local working dirs and build artifacts don't get accidentally tracked.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Reorder reporter_heartbeat so NVS persistence commits before in-RAM apply.
If save fails, log and return without touching runtime state; RAM and NVS
stay consistent on the prior version instead of diverging until reboot.
Rewrite README "Trust model" to state reality: reporting is plain HTTP and
HMAC signs only requests, not responses. A LAN-local MITM can push any
config that passes the device range validator. Add roadmap entry for
authenticated config push (HTTPS or signed envelope).
- max_move now accepts bare int JSON literals (server may emit 12 vs 12.0)
- Present-but-wrong-type fields reject the whole update with a log,
preventing cfg_version from advancing on malformed payloads
- Zero-init CVTuning& out in cv_get_tuning before mutex take for safety
Heartbeat POST now captures the response body (up to 2048 bytes) and
looks for a "config" object. If cfg_version advances past the stored
value and all tunable fields pass range validation, the new tuning is
applied to g_cv and persisted to NVS.
- cv_tuning_validate: pure range checker (cv.cpp)
- cv_apply_tuning / cv_get_tuning: mutex-guarded helpers in main.cpp
exposed via cv_apply.h; 500 ms timeout, drop on contention
- post_json now returns int (HTTP status) and optionally captures the
response body; existing callers check == 200
- heartbeat: parse → cfg_version check → override present fields →
validate → apply → save. Silent no-op when server returns no config.
- 3 new native tests (15/15 pass). timercam flash 1,423,897 bytes
(+9,828 vs baseline).
cv_process and helpers (frame_diff, extract_blob, find_centroids) now read
diff_thresh, min_blob_px, max_move, max_missed, and line_offset from
state.tuning instead of file-scope static const constants. The four
thresholds are promoted to file-local constexpr defaults in cv.cpp
(CV_DEFAULT_*) and are no longer part of the public cv.h API — external
code can't depend on them.
cv_process signature drops the line_pct parameter; callers use
state.tuning.line_offset instead. This eliminates the drift hazard of
having two sources of truth (DeviceConfig.line_offset vs
CVTuning.line_offset); the former is deleted.
main.cpp now calls config_load_tuning(g_cv.tuning) after cv_init on boot
so previously persisted tuning survives reboot; logs whether tuning came
from NVS or defaults.
The legacy NVS key "line_offset" is intentionally left alone — harmless
and flash_device.py may still write it during provisioning. Migration is
out of scope.
Tests: 12/12 passing (11 existing + 1 new
test_cv_process_respects_runtime_min_blob proving the runtime-read path).
Flash: 1,414,069 bytes (89.9%).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds CVTuning to CVState, populates defaults from existing file-scope
constants in cv_init, and introduces config_load_tuning/config_save_tuning
backed by the doorcounter NVS namespace. No runtime behavior change yet;
CV code still reads the existing constants (Task 2 will migrate reads).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Reduce debug level to 1 (errors only) for production builds
- Replace BLE pause/resume with full deinit/reinit during HTTP uploads (~25KB freed)
- Add 60s boot report delay for fast post-deploy connectivity verification
- Add device_id to BLE batch and heartbeat request bodies
- Correct API host to http:// (plain HTTP, not HTTPS)
- Add HTTP response logging and CV entry/exit serial logging
- Create root README.md with operator setup and architecture overview
- Update design spec: HMAC format, BLE memory approach, request body shapes, reporting intervals
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
loopTask: cv_init() created a CVState{} temporary (9KB background
array) on the stack — fixed by initializing members directly.
cam task: cv_process() had uint8_t fg[CV_PIXELS] (9KB) as a local
variable — made static, matching the existing fg_copy fix.
cam task stack bumped from 4096 to 8192 for headroom.
Also: switch to 4MB OTA partition table (TimerCamera-F has 4MB flash,
not 8MB), add CONFIG_ARDUINO_LOOP_STACK_SIZE=16384 build flag,
upload_speed=115200 and --no-stub for reliable CH340 flashing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- hmac_sign now takes method+path instead of device_id; builds message as
method\npath\ntimestamp\nhex(sha256(body)) per server verify_device_hmac
- reporter: header renamed X-HMAC-Signature → X-Signature; passes "POST"+path
- test vector regenerated against new message format; timestamp-diff test updated
- .size() → .length() throughout (Arduino String has no size())
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add camera.h/camera.cpp for TimerCamera-F OV3660 init and box-filter
downscale to 96x96 grayscale. Add espressif/esp32-camera to lib_deps.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Self-contained server stub and pytest tests for the /api/v1/camera/events/batch
endpoint, mirroring the BLE batch pattern with idempotent INSERT on
(device_id, period_start).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces empty stub with full application: camera+CV task on core 1 at
5 fps, hourly reporter task on core 0, WiFi reconnect loop, 5-second
factory reset via BOOT button (GPIO37), LED on GPIO2 for status.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- reporter_submit_camera/ble: cap batch to REPORTER_MAX_BUFFER before
POST and assign whole capped batch back to buffer on failure, fixing
silent record drop when batch > buffer capacity
- post_json: reject sends when ts < 1700000000 (clock not NTP-synced)
- post_json: add comment documenting intentional no-cert-validation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add passive BLE scan module using NimBLE for WiFi coexistence. Tracks
unique devices per hour with SHA256-hashed MACs, RSSI bucketing
(near/mid/far), max concurrent count, and thread-safe collect/reset.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add BFS flood-fill blob extraction, centroid finding, and nearest-neighbour track matching/spawning inside cv_process. Add test verifying a new blob spawns a track.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace short-circuit boolean evaluation of putString return values with
separate size_t variables so both writes always execute regardless of
whether the first succeeds.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Switch board to m5stack-timer-cam (confirmed in pio boards)
- Pin platform to espressif32@6.6.0
- Replace huge_app.csv with custom partitions_8mb_ota.csv (8MB + OTA)
- Add -DCONFIG_BT_NIMBLE_ENABLED=1 and -DCONFIG_SPIRAM_USE_MALLOC=1
- Add h2zero/NimBLE-Arduino@^1.4.2 to lib_deps
- Raise CORE_DEBUG_LEVEL from 1 → 3
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
