Implement JWT-authenticated remote serial command execution over MQTT
with comprehensive security measures:
- JWT verification with Ed25519 signatures for command authentication
- Nonce tracking for replay attack prevention
- Rate limiting per public key
- Command blacklist (get wifi.pwd, set mqtt.admin)
- ACL-based authorization using existing admin list
- Deferred command processing to avoid callback stack overflow
- Memory-pressure degraded mode: auto-disable one analyzer server
when heap drops below 60KB, with IATA-based geographic preference
Also includes:
- Git commit hash injection in version string via build script
- Graceful settings migration for new preference fields
- CLI commands: mqtt.remote, mqtt.useacl, mqtt.admin
Co-authored-by: Cursor <cursoragent@cursor.com>
- Switch from PubSub to PsychicMqttClient for async operations and websockets support
- Add support for US and EU Let's Mesh Analyzer servers with JWT authentication.
- Introduce CLI commands to enable/disable analyzer servers.
- Update NodePrefs to store analyzer server settings.
- Modify MQTTBridge to publish status and packet data to analyzer servers via WebSocket MQTT.
- Enhance documentation to reflect new features and configuration options.