Merge pull request #2753 from formtapez/cli-docs

Added some missing CLI commands
fix formatting
2026-06-13 07:41:38 +00:00 · 2026-06-13 00:17:36 +12:00 · 2026-06-12 12:14:46 +02:00 · 2026-06-12 12:11:12 +02:00 · 2026-06-12 03:24:26 +12:00 · 2026-06-12 03:20:44 +12:00
3 changed files with 114 additions and 1 deletions
@@ -0,0 +1,32 @@
+name: 'Run Stale Bot'
+on:
+  schedule:
+    - cron: '30 1 * * *' # daily at 1:30am
+  workflow_dispatch: {}
+
+permissions:
+  actions: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  close-issues:
+    # only run on main repo, not forks
+    if: github.repository == 'meshcore-dev/MeshCore'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close Stale Issues
+        uses: actions/stale@v10
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          # auto close issues
+          days-before-issue-stale: 60
+          days-before-issue-close: 7
+          exempt-issue-labels: "keep-open"
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 60 days with no activity. Remove the stale label or add a comment if this issue is still relevant, otherwise this issue will automatically close in 7 days."
+          close-issue-message: "This issue was closed because it has been inactive for 7 days since being marked as stale."
+          # don't auto close prs
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          
@@ -0,0 +1,57 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are applied to the latest release only. We do not backport
+fixes to older versions.
+
+| Version | Supported |
+|---------|-----------|
+| 1.15+ | ✅ |
+| <1.15 | ❌ |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Use GitHub's private vulnerability reporting instead:
+1. Go to the **Security** tab of this repository
+2. Click **Report a vulnerability**
+3. Fill in the details and submit
+
+### What to include
+
+A useful report tells us:
+- Which component or file is affected
+- What an attacker can do (impact) and under what conditions
+- A minimal reproduction case or proof-of-concept if you have one
+- Whether you believe it is remotely exploitable
+
+You do not need a working exploit to report. An incomplete report is better
+than no report.
+
+## What to expect
+
+This is a volunteer-maintained open-source project. We will do our best to
+respond in a reasonable timeframe, but cannot commit to specific deadlines.
+
+We ask that you give us a fair opportunity to investigate and address the
+issue before any public disclosure. If you have not heard back after
+**90 days**, feel free to follow up or proceed with disclosure at your
+discretion.
+
+## Scope
+
+In scope:
+- Remote code execution, memory corruption, or denial-of-service via crafted
+  radio packets
+- Authentication or encryption bypasses
+- Vulnerabilities in the packet routing or path handling logic
+
+Out of scope:
+- Physical access attacks (e.g., JTAG, UART extraction of keys)
+- Regulatory compliance (duty cycle, frequency restrictions)
+- Jamming or other physical-layer radio interference
+- Issues in third-party libraries (RadioLib, Crypto, etc.) — report those
+  upstream
+- "Best practice" suggestions without a demonstrated attack path
@@ -28,12 +28,25 @@ This document provides an overview of CLI commands that can be sent to MeshCore
 **Usage:** 
 - `reboot`

+**Note:** No reply is sent.
+
+---
+
+### Power-off the node
+**Usage:**
+- `poweroff`, or
+- `shutdown`
+
+**Note:** No reply is sent.
+
 ---

 ### Reset the clock and reboot
 **Usage:**
 - `clkreboot`

+**Note:** No reply is sent.
+
 ---

 ### Sync the clock with the remote device
@@ -632,10 +645,21 @@ This document provides an overview of CLI commands that can be sent to MeshCore
 **Parameters:**
 - `value`: Maximum flood hop count (0-64) for a packet without a scope (no region set)

-**Default:** `0xFF` - indicates it hasn't been set, will track flood.max until it is.
+**Default:** `64` - (`0xFF` indicates it hasn't been set, will track flood.max until it is.)

 **Note:** An alternative to `region denyf *`, setting `flood.max.unscoped` to a lower value such as `3` would allow for local unscoped messages to propagate, while preventing noisy neighbors from flooding a local region.

+---
+
+#### Limit the number of hops for an advert flood message
+**Usage:**
+- `get flood.max.advert`
+- `set flood.max.advert <value>`
+
+**Parameters:**
+- `value`: Maximum flood hop count (0-64) for an advert packet
+
+**Default:** `8`

 ---
Author	SHA1	Message	Date
Liam Cottle	e8d3c53ba1	Merge pull request #2753 from formtapez/cli-docs Added some missing CLI commands	2026-06-13 00:17:36 +12:00
formtapez	d3444e6b0b	fix formatting	2026-06-12 12:14:46 +02:00
formtapez	06130dce29	added some missing CLI commands	2026-06-12 12:11:12 +02:00
Liam Cottle	55ad7689d5	Merge pull request #2748 from liamcottle/github/stale-bot Configure GitHub Stale Bot	2026-06-12 03:24:26 +12:00
liamcottle	3b39925399	use single quotes for repo name	2026-06-12 03:20:44 +12:00
liamcottle	c94ed29ca3	add github workflow to close stale issues	2026-06-12 03:18:10 +12:00
Liam Cottle	5a342c7a20	Merge pull request #2691 from NoodlesNZ/security-policy Add Github Security policy	2026-06-11 19:25:53 +12:00
Nick Le Mouton	dea5ed790f	Add SECURITY.md	2026-06-05 21:25:25 +12:00