- Update README with correct Gitea URLs for controller, probe, agentrunner
- Remove outdated GitHub issue links from assessment documents
- Update security contact and support references
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Updates documentation for proactive filesystem error handling:
- storage.md: Added two-level protection section explaining backend and
application layer thresholds, storage error states enum, REST API
integration examples, and monitoring best practices
- recovery-procedures.md: Added comprehensive storage recovery section
with REST API and serial monitor diagnostics, SPIFFS/SD full recovery
steps, mount error troubleshooting, and automatic recovery behavior
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the new HTTPS enforcement feature for production builds:
- REST API Reference: Add Production Mode section explaining HTTPS-only
behavior, updated base URL examples, updated security best practices
- Security Architecture: Add HTTPS Enforcement section with build mode
comparison table, updated API layer status, removed HTTPS from future
enhancements (now implemented)
- Production Build Guide: Add HTTPS-Only API section, update feature
list and comparison table
- Firmware Security: Add HTTPS Enforcement section with build behavior
Production builds (CONFIG_NETWORK_API_PRODUCTION_MODE) now:
- Default http_port to 0 (disabled)
- Reject any HTTP configuration with ESP_ERR_INVALID_ARG
- Require HTTPS for all API communications
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add guides/developer/security/ section with credential encryption guide
- Document AES-128-CBC and AES-128-CBC+HMAC patterns for secure storage
- Include code examples, best practices, and testing guidelines
- Update developer guide index to reference new security section
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update security documentation to accurately reflect the implemented
credential encryption architecture:
- Change algorithm description from AES-256-GCM to AES-128-CBC (actual impl)
- Document defense-in-depth approach: app-layer encryption in all builds,
plus NVS encryption in production builds
- Add complete list of encrypted credentials: WiFi SSID, password,
Thread network key, and MQTT password
- Document storage formats and NVS keys for each credential type
- Add HMAC-SHA256 authentication for settings component (MQTT password)
- Update key derivation details: HKDF-SHA256 from device MAC address
- Fix WiFi password theft threat scenario to match implementation
Files updated:
- reference/architecture/security.md - Main security architecture doc
- reference/firmware/controller/security.md - Controller-specific security
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document new proactive filesystem error handling:
- Critical thresholds: SPIFFS 25KB (~5%), SD Card 10MB
- When thresholds breached: error_log, LED_PATTERN_WARNING, REST API errors
- REST API error states returned in /api/logs endpoint
- Possible error values: ok, full, not_mounted, io_error, corrupt
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added Test Credential Configuration section to testing guide
- Added Secrets Configuration section to CI/CD documentation
- Documents required environment variables for unit and hardware tests
- Includes local development setup instructions (env vars and Kconfig)
- Documents GitHub Secrets configuration for CI/CD pipeline
- References OWASP CWE-259 security best practice
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add WiFi/BLE Radio Coexistence section to wifi-manager.md explaining
why CONFIG_ESP_COEX_SW_COEXIST_ENABLE is not required
- Add Event Handler Stack Safety section documenting stack analysis
and the new log_event_handler_stack() monitoring function
- Update task-architecture.md to reference event-driven WiFi pattern
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add new power management documentation covering:
- Light sleep behavior and peripheral power-down
- CONFIG_CLEARGROW_PM_GPIO_HOLD Kconfig option
- GPIO hold requirements for each peripheral (SD_CS, RCP_RESET required;
LCD backlight recommended; Touch I2C optional)
- Error handling and logging
- Testing instructions for disabling GPIO hold
Update firmware reference index to include the new document.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document cg_toast_show_action() for toasts with action buttons
- Document cg_toast_dismiss() and cg_toast_dismiss_all()
- Add queue support and lifecycle notes
- Note automatic cleanup during screen manager deinit
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add reference/firmware/controller/touch-driver.md with complete GT911
driver documentation including calibration verification, coordinate
validation, and troubleshooting guidance
- Update guides/user/troubleshooting/common-issues.md with new section
explaining touch calibration warnings in serial logs
- Add touch-driver.md to controller firmware index
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document ESP-IDF, OpenThread, and RCP minimum version requirements
- Explain version check behavior at initialization
- Document error handling for version mismatch
- Include instructions for updating RCP firmware
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When a tag is pushed, build PDFs and upload them to a
Gitea release. Uses wp-gitea-release plugin.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The pandoc/extra Alpine image doesn't include DejaVu fonts
which are required for XeLaTeX PDF generation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Track PDF generation failures and exit with non-zero code
if any PDFs fail to build. This ensures CI properly detects
build failures.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Install bash in pandoc/extra (Alpine) container since the
build script requires bash.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Migrating from TeamCity to Woodpecker CI. Pipeline:
- Triggers on push and pull requests
- Uses pandoc/extra Docker image
- Generates PDF documentation via build-pdf.sh
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- reference/firmware/controller/ota-system.md: Added comprehensive
Downgrade Policy section covering configuration, classification,
security considerations, statistics tracking, and data structures
- reference/api/rest-api.md: Updated GET /ota and POST /ota/start
endpoints with full response schemas including downgrade status,
confirmation flow, and statistics. Marked OTA Integration as
IMPLEMENTED.
- guides/user/maintenance/firmware-updates.md: Added user-facing
Downgrade Protection section explaining why downgrades are blocked,
UI confirmation flow, when to use downgrades, and recommended
rollback alternative.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added documentation for the new `power` object in the /api/status
response, including:
- cpu_freq_mhz field (current CPU frequency)
- light_sleep_enabled field
- Response field table for all /status fields
- Note on CONFIG_PM_ENABLE requirement
- Cross-reference to controller-power.md
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add expected idle power consumption table (350mA active to 10µA deep sleep)
- Document runtime power monitoring via periodic PM stats logging
- Document REST API /api/status power metrics
- List PM lock holders (thread_br, wifi_prov, ota_dl)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the Thread network credential validation feature including:
- Setup wizard input validation for network key and name
- Hardware RNG usage for secure key generation
- Reserved PAN ID value handling
- User-facing error messages and validation feedback
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update REST API reference with all 6 new automation endpoints
- Add detailed field reference tables for rule configuration
- Create user guide for automation API integration
- Update advanced guides index
- Add Alert History endpoints to REST API reference
- Create alert-history.md firmware component doc
- Update firmware controller index to include alert history
- Fix all /root/cleargrow paths to /opt/repos
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add system_status API to internal API index
- Add "Degraded Mode" troubleshooting section for users
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the new system_status public API for querying component
initialization status, including:
- Component classification (critical vs optional)
- API functions for querying status
- UI indication for degraded mode boot
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
