fix: remove networkidle waits and timeout bumps that regressed #248 speed

PR #248 specifically removed networkidle waits and kept tight timeouts
for speed in an SPA where they're unnecessary. This commit removes the
networkidle and timeout increases added in the previous commit while
keeping the actual flakiness fixes:

Kept:
- Deterministic seed data script (tools/seed-test-data.js)
- Retry logic (1 retry per test)
- Fresh navigation for groupByHash test
- Compare page explicit waitForFunction/waitForSelector waits
- Observers page waitForFunction for table rows

Reverted:
- Default timeout 10s→15s (back to 10s)
- All added networkidle waits (6 instances)
- Map marker timeout 3s→8s (back to 3s)
- Node detail timeout bumps
- Nodes page timeout bumps

Principle: fix flakiness with deterministic data and targeted waits,
not with slower timeouts and networkidle.

.github/workflows/deploy.yml

@@ -10,14 +10,9 @@ on:
       - 'docs/**'
   pull_request:
     branches: [master]
-    paths-ignore:
-      - '**.md'
-      - 'LICENSE'
-      - '.gitignore'
-      - 'docs/**'
 
 concurrency:
-  group: deploy
+  group: deploy-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 env:
@@ -41,10 +36,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Skip if docs-only change
+        id: docs-check
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            CHANGED=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
+            NON_DOCS=$(echo "$CHANGED" | grep -cvE '\.(md)$|^LICENSE$|^\.gitignore$|^docs/' || true)
+            if [ "$NON_DOCS" -eq 0 ]; then
+              echo "docs_only=true" >> $GITHUB_OUTPUT
+              echo "📄 Docs-only PR — skipping heavy CI"
+            fi
+          fi
 
       - name: Set up Go 1.22
-        uses: actions/setup-go@v5
+        if: steps.docs-check.outputs.docs_only != 'true'
+        uses: actions/setup-go@v6
         with:
           go-version: '1.22'
           cache-dependency-path: |
@@ -52,6 +62,7 @@ jobs:
             cmd/ingestor/go.sum
 
       - name: Build and test Go server (with coverage)
+        if: steps.docs-check.outputs.docs_only != 'true'
         run: |
           set -e -o pipefail
           cd cmd/server
@@ -61,6 +72,7 @@ jobs:
           go tool cover -func=server-coverage.out | tail -1
 
       - name: Build and test Go ingestor (with coverage)
+        if: steps.docs-check.outputs.docs_only != 'true'
         run: |
           set -e -o pipefail
           cd cmd/ingestor
@@ -70,6 +82,7 @@ jobs:
           go tool cover -func=ingestor-coverage.out | tail -1
 
       - name: Verify proto syntax (all .proto files compile)
+        if: steps.docs-check.outputs.docs_only != 'true'
         run: |
           set -e
           echo "Installing protoc..."
@@ -84,7 +97,7 @@ jobs:
           echo "✅ All .proto files are syntactically valid"
 
       - name: Generate Go coverage badges
-        if: always()
+        if: always() && steps.docs-check.outputs.docs_only != 'true'
         run: |
           mkdir -p .badges
 
@@ -122,9 +135,16 @@ jobs:
           echo "| Server | ${SERVER_COV}% |" >> $GITHUB_STEP_SUMMARY
           echo "| Ingestor | ${INGESTOR_COV}% |" >> $GITHUB_STEP_SUMMARY
 
+      - name: Cancel workflow on failure
+        if: failure()
+        run: |
+          curl -s -X POST \
+            -H "Authorization: Bearer ${{ github.token }}" \
+            "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel"
+
       - name: Upload Go coverage badges
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: go-badges
           path: .badges/go-*.json
@@ -136,22 +156,40 @@ jobs:
   # ───────────────────────────────────────────────────────────────
   node-test:
     name: "🧪 Node.js Tests"
-    runs-on: self-hosted
+    runs-on: [self-hosted, Linux]
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
-          fetch-depth: 2
+          fetch-depth: 0
+
+      - name: Skip if docs-only change
+        id: docs-check
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            CHANGED=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
+            NON_DOCS=$(echo "$CHANGED" | grep -cvE '\.(md)$|^LICENSE$|^\.gitignore$|^docs/' || true)
+            if [ "$NON_DOCS" -eq 0 ]; then
+              echo "docs_only=true" >> $GITHUB_OUTPUT
+              echo "📄 Docs-only PR — skipping heavy CI"
+            fi
+          fi
 
       - name: Set up Node.js 22
-        uses: actions/setup-node@v4
+        if: steps.docs-check.outputs.docs_only != 'true'
+        uses: actions/setup-node@v5
         with:
           node-version: '22'
 
       - name: Install npm dependencies
+        if: steps.docs-check.outputs.docs_only != 'true'
         run: npm ci --production=false
 
       - name: Detect changed files
+        if: steps.docs-check.outputs.docs_only != 'true'
         id: changes
         run: |
           BACKEND=$(git diff --name-only HEAD~1 | grep -cE '^(server|db|decoder|packet-store|server-helpers|iata-coords)\.js$' || true)
@@ -167,7 +205,7 @@ jobs:
           echo "Changes: backend=$BACKEND frontend=$FRONTEND tests=$TESTS ci=$CI"
 
       - name: Run backend tests with coverage
-        if: steps.changes.outputs.backend == 'true'
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.backend == 'true'
         run: |
           npx c8 --reporter=text-summary --reporter=text sh test-all.sh 2>&1 | tee test-output.txt
           
@@ -185,19 +223,23 @@ jobs:
           echo "## Backend: ${TOTAL_PASS} tests, ${BE_COVERAGE}% coverage" >> $GITHUB_STEP_SUMMARY
 
       - name: Run backend tests (quick, no coverage)
-        if: steps.changes.outputs.backend == 'false'
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.backend == 'false'
         run: npm run test:unit
 
       - name: Install Playwright browser
-        if: steps.changes.outputs.frontend == 'true'
-        run: npx playwright install chromium --with-deps 2>/dev/null || true
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
+        run: |
+          # Install chromium (skips download if already cached on self-hosted runner)
+          npx playwright install chromium 2>/dev/null || true
+          # Install system deps only if missing (apt-get is slow)
+          npx playwright install-deps chromium 2>/dev/null || true
 
       - name: Instrument frontend JS for coverage
-        if: steps.changes.outputs.frontend == 'true'
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
         run: sh scripts/instrument-frontend.sh
 
       - name: Start instrumented test server on port 13581
-        if: steps.changes.outputs.frontend == 'true'
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
         run: |
           # Kill any stale server on 13581
           fuser -k 13581/tcp 2>/dev/null || true
@@ -220,19 +262,36 @@ jobs:
             sleep 1
           done
 
-      - name: Run Playwright E2E tests
-        if: steps.changes.outputs.frontend == 'true'
-        run: BASE_URL=http://localhost:13581 node test-e2e-playwright.js 2>&1 | tee e2e-output.txt
+      - name: Seed test data for Playwright
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
+        run: BASE_URL=http://localhost:13581 node tools/seed-test-data.js
 
-      - name: Collect frontend coverage report
-        if: always() && steps.changes.outputs.frontend == 'true'
+      - name: Run Playwright E2E + coverage collection concurrently
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
+        run: |
+          # Run E2E tests and coverage collection in parallel — both use the same server
+          BASE_URL=http://localhost:13581 node test-e2e-playwright.js 2>&1 | tee e2e-output.txt &
+          E2E_PID=$!
+          BASE_URL=http://localhost:13581 node scripts/collect-frontend-coverage.js 2>&1 | tee fe-coverage-output.txt &
+          COV_PID=$!
+
+          # Wait for both — E2E must pass, coverage is best-effort
+          E2E_EXIT=0
+          wait $E2E_PID || E2E_EXIT=$?
+          wait $COV_PID || true
+
+          # Fail if E2E failed
+          [ $E2E_EXIT -ne 0 ] && exit $E2E_EXIT
+          true
+
+      - name: Generate frontend coverage badges
+        if: always() && steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
         run: |
-          BASE_URL=http://localhost:13581 node scripts/collect-frontend-coverage.js 2>&1 | tee fe-coverage-output.txt
-          
           E2E_PASS=$(grep -oP '[0-9]+(?=/)' e2e-output.txt | tail -1)
           
           mkdir -p .badges
-          if [ -f .nyc_output/frontend-coverage.json ]; then
+          # Merge E2E + coverage collector data if both exist
+          if [ -f .nyc_output/frontend-coverage.json ] || [ -f .nyc_output/e2e-coverage.json ]; then
             npx nyc report --reporter=text-summary --reporter=text 2>&1 | tee fe-report.txt
             FE_COVERAGE=$(grep 'Statements' fe-report.txt | head -1 | grep -oP '[\d.]+(?=%)' || echo "0")
             FE_COVERAGE=${FE_COVERAGE:-0}
@@ -245,7 +304,7 @@ jobs:
           echo "{\"schemaVersion\":1,\"label\":\"frontend tests\",\"message\":\"${E2E_PASS:-0} E2E passed\",\"color\":\"brightgreen\"}" > .badges/frontend-tests.json
 
       - name: Stop test server
-        if: always() && steps.changes.outputs.frontend == 'true'
+        if: always() && steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'true'
         run: |
           if [ -f .server.pid ]; then
             kill $(cat .server.pid) 2>/dev/null || true
@@ -254,18 +313,30 @@ jobs:
           fi
 
       - name: Run frontend E2E (quick, no coverage)
-        if: steps.changes.outputs.frontend == 'false'
+        if: steps.docs-check.outputs.docs_only != 'true' && steps.changes.outputs.frontend == 'false'
         run: |
           fuser -k 13581/tcp 2>/dev/null || true
           PORT=13581 node server.js &
           SERVER_PID=$!
-          sleep 5
+          # Wait for server to be ready (up to 15s)
+          for i in $(seq 1 15); do
+            curl -sf http://localhost:13581/api/stats > /dev/null 2>&1 && break
+            sleep 1
+          done
+          BASE_URL=http://localhost:13581 node tools/seed-test-data.js || true
           BASE_URL=http://localhost:13581 node test-e2e-playwright.js || true
           kill $SERVER_PID 2>/dev/null || true
 
+      - name: Cancel workflow on failure
+        if: failure()
+        run: |
+          curl -s -X POST \
+            -H "Authorization: Bearer ${{ github.token }}" \
+            "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel"
+
       - name: Upload Node.js test badges
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: node-badges
           path: .badges/
@@ -278,14 +349,14 @@ jobs:
   build:
     name: "🏗️ Build Docker Image"
     if: github.event_name == 'push'
-    needs: [go-test]
-    runs-on: self-hosted
+    needs: [go-test, node-test]
+    runs-on: [self-hosted, Linux]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node.js 22
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: '22'
 
@@ -304,10 +375,10 @@ jobs:
     name: "🚀 Deploy Staging"
     if: github.event_name == 'push'
     needs: [build]
-    runs-on: self-hosted
+    runs-on: [self-hosted, Linux]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Start staging on port 82
         run: |
@@ -349,21 +420,21 @@ jobs:
     name: "📝 Publish Badges & Summary"
     if: github.event_name == 'push'
     needs: [deploy]
-    runs-on: self-hosted
+    runs-on: [self-hosted, Linux]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Download Go coverage badges
         continue-on-error: true
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: go-badges
           path: .badges/
 
       - name: Download Node.js test badges
         continue-on-error: true
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: node-badges
           path: .badges/

README.md

@@ -8,7 +8,7 @@
 
 > High-performance mesh network analyzer powered by Go. Sub-millisecond packet queries, ~300 MB memory for 56K+ packets, real-time WebSocket broadcast, full channel decryption.
 
-Self-hosted, open-source MeshCore packet analyzer — a community alternative to the closed-source `analyzer.letsmesh.net`. Collects MeshCore packets via MQTT, decodes them in real time, and presents a full web UI with live packet feed, interactive maps, channel chat, packet tracing, and per-node analytics.
+Self-hosted, open-source MeshCore packet analyzer. Collects MeshCore packets via MQTT, decodes them in real time, and presents a full web UI with live packet feed, interactive maps, channel chat, packet tracing, and per-node analytics.
 
 ## ⚡ Performance
 

RELEASE-v3.1.0.md

@@ -0,0 +1,144 @@
+# v3.1.0 — Now It's CoreScope
+
+MeshCore Analyzer has a new name: **CoreScope**. Same mesh analysis you rely on, sharper identity, and a boatload of fixes and performance wins since v3.0.0.
+
+48 commits, 30+ issues closed. Here's what changed.
+
+---
+
+## 🏷️ Renamed to CoreScope
+
+The project is now **CoreScope** — frontend, backend, Docker images, manage.sh, docs, CI — everything has been updated. The URL, the API, the database, and your config all stay the same. Just a better name for the tool the community built.
+
+---
+
+## ⚡ Performance
+
+| What | Before | After |
+|------|--------|-------|
+| Subpath analytics | 900 ms | **5 ms** (precomputed at ingest) |
+| Distance analytics | 1.2 s | **15 ms** (precomputed at ingest) |
+| Packet ingest (prepend) | O(n) slice copy | **O(1) append** |
+| Go runtime stats | GC stop-the-world on every call | **cached ReadMemStats** |
+| All analytics endpoints | computed per-request | **TTL-cached** |
+
+The in-memory store now precomputes subpaths and distance data as packets arrive, eliminating expensive full-table scans on the analytics endpoints. The O(n) slice prepend on every ingest — the single hottest line in the server — is gone. `ReadMemStats` calls are cached to prevent GC pause spikes under load.
+
+---
+
+## 🆕 New Features
+
+### Telemetry Decode
+Sensor nodes now report **battery voltage** and **temperature** parsed from advert payloads. Telemetry is gated on the sensor flag — only real sensors emit data, and 0°C is no longer falsely reported. Safe migration with `PRAGMA` column checks.
+
+### Channel Decryption for Custom Channels
+The `hashChannels` config now works in the Go ingestor. Key derivation has been ported from Node.js with full AES-128-ECB support and garbage text detection — wrong keys silently fail instead of producing garbled output.
+
+### Node Pruning
+Stale nodes are automatically moved to an `inactive_nodes` table after the configurable retention window. Pruning runs hourly. Your active node list stays clean. (#202)
+
+### Duplicate Node Name Badges
+Nodes with the same display name but different public keys are flagged with a badge so you can spot collisions instantly.
+
+### Sortable Channels Table
+Channel columns are now sortable with click-to-sort headers. Sort preferences persist in `localStorage` across sessions. (#167)
+
+### Go Runtime Metrics
+The performance page exposes goroutine count, heap allocation, GC pause percentiles, and memory breakdown when connected to a Go backend.
+
+---
+
+## 🐛 Bug Fixes
+
+- **Channel decryption regression** (#176) — full AES-128-ECB in Go, garbage text detection, hashChannels key derivation ported correctly (#218)
+- **Packets page not live-updating** (#172) — WebSocket broadcast now includes the nested packet object and timestamp fields the frontend expects; multiple fixes across broadcast and render paths
+- **Node detail page crashes** (#190) — `Number()` casts and `Array.isArray` guards prevent rendering errors on unexpected data shapes
+- **Observation count staleness** (#174) — trace page and packet detail now show correct observation counts
+- **Phantom node cleanup** (#133) — `autoLearnHopNodes` no longer creates fake nodes from 1-byte repeater IDs
+- **Advert count inflation** (#200) — counts unique transmissions, not total observations (8 observers × 1 advert = 1, not 8)
+- **SQLite BUSY contention** (#214) — `MaxOpenConns(1)` + `MaxIdleConns(1)` serializes writes; load-tested under concurrent ingest
+- **Decoder bounds check** (#183) — corrupt/malformed packets no longer crash the decoder with buffer overruns
+- **noise_floor / battery_mv type mismatches** — consistent `float64` scanning handles SQLite REAL values correctly
+- **packetsLastHour always zero** (#182) — early `break` in observer loop prevented counting
+- **Channels stale messages** (#171) — latest message sorted by observation timestamp, not first-seen
+- **pprof port conflict** — non-fatal bind with separate ports prevents Go server crash on startup
+
+---
+
+## ♿ Accessibility & 📱 Mobile
+
+### WCAG AA Compliance (10 fixes)
+- Search results keyboard-accessible with `tabindex`, `role`, and arrow-key navigation (#208)
+- 40+ table headers given `scope` attributes (#211)
+- 9 Chart.js canvases given accessible names (#210)
+- Form inputs in customizer/filters paired with labels (#212)
+
+### Mobile Responsive
+- **Live page**: bottom-sheet panel instead of full-screen overlay (#203)
+- **Perf page**: responsive layout with stacked cards (#204)
+- **Nodes table**: column hiding at narrow viewports (#205)
+- **Analytics/Compare**: horizontal scroll wrappers (#206)
+- **VCR bar**: 44px minimum touch targets (#207)
+
+---
+
+## 🏗️ Infrastructure
+
+### manage.sh Refactored (#230)
+`manage.sh` is now a thin wrapper around `docker compose` — no custom container management, no divergent logic. It reads `.env` for data paths, matching how `docker-compose.yml` works. One source of truth.
+
+### .env Support
+Data directory, ports, and image tags are configured via `.env`. Both `docker compose` and `manage.sh` read the same file.
+
+### Branch Protection & CI on PRs
+- Branch protection enabled on `master` — CI must pass, PRs required
+- CI now triggers on `pull_request`, not just `push` — catch failures before merge (#199)
+
+### Protobuf API Contract
+10 `.proto` files, 33 golden fixtures, CI validation on every push. API shape drift is caught automatically.
+
+### pprof Profiling
+Controlled by `ENABLE_PPROF` env var. When enabled, exposes Go profiling endpoints on separate ports — zero overhead when off.
+
+### Test Coverage
+- Go backend: **92%+** coverage
+- **49 Playwright E2E tests**
+- Both tracks gate deploy in CI
+
+---
+
+## 📦 Upgrading
+
+```bash
+git pull
+./manage.sh stop
+./manage.sh setup
+```
+
+That's it. Your existing `config.json` and database work as-is. The rename is cosmetic — no schema changes, no API changes, no config changes.
+
+### Verify
+
+```bash
+curl -s http://localhost/api/health | grep engine
+# "engine": "go"
+```
+
+---
+
+## ⚠️ Breaking Changes
+
+**None.** All API endpoints, WebSocket messages, and config options are backwards-compatible. The rename affects branding only — Docker image names, page titles, and documentation.
+
+---
+
+## 🙏 Thank You
+
+- **efiten** — PR #222 performance fix (O(n) slice prepend elimination)
+- **jade-on-mesh**, **lincomatic**, **LitBomb**, **mibzzer15** — ongoing testing, feedback, and issue reports
+
+And to everyone running CoreScope on their mesh networks — your real-world data drives every fix and feature in this release. 48 commits since v3.0.0, and every one of them came from something the community found, reported, or requested.
+
+---
+
+*Previous release: [v3.0.0](RELEASE-v3.0.0.md)*

cmd/ingestor/decoder.go

@@ -72,8 +72,8 @@ type Header struct {
 
 // TransportCodes are present on TRANSPORT_FLOOD and TRANSPORT_DIRECT routes.
 type TransportCodes struct {
-	NextHop string `json:"nextHop"`
-	LastHop string `json:"lastHop"`
+	Code1 string `json:"code1"`
+	Code2 string `json:"code2"`
 }
 
 // Path holds decoded path/hop information.
@@ -92,6 +92,8 @@ type AdvertFlags struct {
 	Room        bool `json:"room"`
 	Sensor      bool `json:"sensor"`
 	HasLocation bool `json:"hasLocation"`
+	HasFeat1    bool `json:"hasFeat1"`
+	HasFeat2    bool `json:"hasFeat2"`
 	HasName     bool `json:"hasName"`
 }
 
@@ -111,6 +113,8 @@ type Payload struct {
 	Lat           *float64     `json:"lat,omitempty"`
 	Lon           *float64     `json:"lon,omitempty"`
 	Name          string       `json:"name,omitempty"`
+	Feat1         *int         `json:"feat1,omitempty"`
+	Feat2         *int         `json:"feat2,omitempty"`
 	BatteryMv     *int         `json:"battery_mv,omitempty"`
 	TemperatureC  *float64     `json:"temperature_c,omitempty"`
 	ChannelHash   int          `json:"channelHash,omitempty"`
@@ -123,6 +127,8 @@ type Payload struct {
 	EphemeralPubKey string     `json:"ephemeralPubKey,omitempty"`
 	PathData      string       `json:"pathData,omitempty"`
 	Tag           uint32       `json:"tag,omitempty"`
+	AuthCode      uint32       `json:"authCode,omitempty"`
+	TraceFlags    *int         `json:"traceFlags,omitempty"`
 	RawHex        string       `json:"raw,omitempty"`
 	Error         string       `json:"error,omitempty"`
 }
@@ -199,14 +205,13 @@ func decodeEncryptedPayload(typeName string, buf []byte) Payload {
 }
 
 func decodeAck(buf []byte) Payload {
-	if len(buf) < 6 {
+	if len(buf) < 4 {
 		return Payload{Type: "ACK", Error: "too short", RawHex: hex.EncodeToString(buf)}
 	}
+	checksum := binary.LittleEndian.Uint32(buf[0:4])
 	return Payload{
 		Type:      "ACK",
-		DestHash:  hex.EncodeToString(buf[0:1]),
-		SrcHash:   hex.EncodeToString(buf[1:2]),
-		ExtraHash: hex.EncodeToString(buf[2:6]),
+		ExtraHash: fmt.Sprintf("%08x", checksum),
 	}
 }
 
@@ -231,6 +236,8 @@ func decodeAdvert(buf []byte) Payload {
 	if len(appdata) > 0 {
 		flags := appdata[0]
 		advType := int(flags & 0x0F)
+		hasFeat1 := flags&0x20 != 0
+		hasFeat2 := flags&0x40 != 0
 		p.Flags = &AdvertFlags{
 			Raw:         int(flags),
 			Type:        advType,
@@ -239,6 +246,8 @@ func decodeAdvert(buf []byte) Payload {
 			Room:        advType == 3,
 			Sensor:      advType == 4,
 			HasLocation: flags&0x10 != 0,
+			HasFeat1:    hasFeat1,
+			HasFeat2:    hasFeat2,
 			HasName:     flags&0x80 != 0,
 		}
 
@@ -252,6 +261,16 @@ func decodeAdvert(buf []byte) Payload {
 			p.Lon = &lon
 			off += 8
 		}
+		if hasFeat1 && len(appdata) >= off+2 {
+			feat1 := int(binary.LittleEndian.Uint16(appdata[off : off+2]))
+			p.Feat1 = &feat1
+			off += 2
+		}
+		if hasFeat2 && len(appdata) >= off+2 {
+			feat2 := int(binary.LittleEndian.Uint16(appdata[off : off+2]))
+			p.Feat2 = &feat2
+			off += 2
+		}
 		if p.Flags.HasName {
 			// Find null terminator to separate name from trailing telemetry bytes
 			nameEnd := len(appdata)
@@ -469,15 +488,22 @@ func decodePathPayload(buf []byte) Payload {
 }
 
 func decodeTrace(buf []byte) Payload {
-	if len(buf) < 12 {
+	if len(buf) < 9 {
 		return Payload{Type: "TRACE", Error: "too short", RawHex: hex.EncodeToString(buf)}
 	}
-	return Payload{
-		Type:     "TRACE",
-		DestHash: hex.EncodeToString(buf[5:11]),
-		SrcHash:  hex.EncodeToString(buf[11:12]),
-		Tag:      binary.LittleEndian.Uint32(buf[1:5]),
+	tag := binary.LittleEndian.Uint32(buf[0:4])
+	authCode := binary.LittleEndian.Uint32(buf[4:8])
+	flags := int(buf[8])
+	p := Payload{
+		Type:       "TRACE",
+		Tag:        tag,
+		AuthCode:   authCode,
+		TraceFlags: &flags,
 	}
+	if len(buf) > 9 {
+		p.PathData = hex.EncodeToString(buf[9:])
+	}
+	return p
 }
 
 func decodePayload(payloadType int, buf []byte, channelKeys map[string]string) Payload {
@@ -520,8 +546,7 @@ func DecodePacket(hexString string, channelKeys map[string]string) (*DecodedPack
 	}
 
 	header := decodeHeader(buf[0])
-	pathByte := buf[1]
-	offset := 2
+	offset := 1
 
 	var tc *TransportCodes
 	if isTransportRoute(header.RouteType) {
@@ -529,12 +554,18 @@ func DecodePacket(hexString string, channelKeys map[string]string) (*DecodedPack
 			return nil, fmt.Errorf("packet too short for transport codes")
 		}
 		tc = &TransportCodes{
-			NextHop: strings.ToUpper(hex.EncodeToString(buf[offset : offset+2])),
-			LastHop: strings.ToUpper(hex.EncodeToString(buf[offset+2 : offset+4])),
+			Code1: strings.ToUpper(hex.EncodeToString(buf[offset : offset+2])),
+			Code2: strings.ToUpper(hex.EncodeToString(buf[offset+2 : offset+4])),
 		}
 		offset += 4
 	}
 
+	if offset >= len(buf) {
+		return nil, fmt.Errorf("packet too short (no path byte)")
+	}
+	pathByte := buf[offset]
+	offset++
+
 	path, bytesConsumed := decodePath(pathByte, buf, offset)
 	offset += bytesConsumed
 
@@ -562,16 +593,24 @@ func ComputeContentHash(rawHex string) string {
 		return rawHex
 	}
 
-	pathByte := buf[1]
+	headerByte := buf[0]
+	offset := 1
+	if isTransportRoute(int(headerByte & 0x03)) {
+		offset += 4
+	}
+	if offset >= len(buf) {
+		if len(rawHex) >= 16 {
+			return rawHex[:16]
+		}
+		return rawHex
+	}
+	pathByte := buf[offset]
+	offset++
 	hashSize := int((pathByte>>6)&0x3) + 1
 	hashCount := int(pathByte & 0x3F)
 	pathBytes := hashSize * hashCount
 
-	headerByte := buf[0]
-	payloadStart := 2 + pathBytes
-	if isTransportRoute(int(headerByte & 0x03)) {
-		payloadStart += 4
-	}
+	payloadStart := offset + pathBytes
 	if payloadStart > len(buf) {
 		if len(rawHex) >= 16 {
 			return rawHex[:16]

cmd/ingestor/decoder_test.go

@@ -129,7 +129,8 @@ func TestDecodePath3ByteHashes(t *testing.T) {
 
 func TestTransportCodes(t *testing.T) {
 	// Route type 0 (TRANSPORT_FLOOD) should have transport codes
-	hex := "1400" + "AABB" + "CCDD" + "1A" + strings.Repeat("00", 10)
+	// Firmware order: header + transport_codes(4) + path_len + path + payload
+	hex := "14" + "AABB" + "CCDD" + "00" + strings.Repeat("00", 10)
 	pkt, err := DecodePacket(hex, nil)
 	if err != nil {
 		t.Fatal(err)
@@ -140,11 +141,11 @@ func TestTransportCodes(t *testing.T) {
 	if pkt.TransportCodes == nil {
 		t.Fatal("transportCodes should not be nil for TRANSPORT_FLOOD")
 	}
-	if pkt.TransportCodes.NextHop != "AABB" {
-		t.Errorf("nextHop=%s, want AABB", pkt.TransportCodes.NextHop)
+	if pkt.TransportCodes.Code1 != "AABB" {
+		t.Errorf("code1=%s, want AABB", pkt.TransportCodes.Code1)
 	}
-	if pkt.TransportCodes.LastHop != "CCDD" {
-		t.Errorf("lastHop=%s, want CCDD", pkt.TransportCodes.LastHop)
+	if pkt.TransportCodes.Code2 != "CCDD" {
+		t.Errorf("code2=%s, want CCDD", pkt.TransportCodes.Code2)
 	}
 
 	// Route type 1 (FLOOD) should NOT have transport codes
@@ -537,10 +538,11 @@ func TestDecodeTraceShort(t *testing.T) {
 
 func TestDecodeTraceValid(t *testing.T) {
 	buf := make([]byte, 16)
-	buf[0] = 0x00
-	buf[1] = 0x01 // tag LE uint32 = 1
-	buf[5] = 0xAA // destHash start
-	buf[11] = 0xBB
+	// tag(4) + authCode(4) + flags(1) + pathData
+	binary.LittleEndian.PutUint32(buf[0:4], 1)          // tag = 1
+	binary.LittleEndian.PutUint32(buf[4:8], 0xDEADBEEF) // authCode
+	buf[8] = 0x02                                         // flags
+	buf[9] = 0xAA                                         // path data
 	p := decodeTrace(buf)
 	if p.Error != "" {
 		t.Errorf("unexpected error: %s", p.Error)
@@ -548,9 +550,18 @@ func TestDecodeTraceValid(t *testing.T) {
 	if p.Tag != 1 {
 		t.Errorf("tag=%d, want 1", p.Tag)
 	}
+	if p.AuthCode != 0xDEADBEEF {
+		t.Errorf("authCode=%d, want 0xDEADBEEF", p.AuthCode)
+	}
+	if p.TraceFlags == nil || *p.TraceFlags != 2 {
+		t.Errorf("traceFlags=%v, want 2", p.TraceFlags)
+	}
 	if p.Type != "TRACE" {
 		t.Errorf("type=%s, want TRACE", p.Type)
 	}
+	if p.PathData == "" {
+		t.Error("pathData should not be empty")
+	}
 }
 
 func TestDecodeAdvertShort(t *testing.T) {
@@ -833,10 +844,9 @@ func TestComputeContentHashShortHex(t *testing.T) {
 }
 
 func TestComputeContentHashTransportRoute(t *testing.T) {
-	// Route type 0 (TRANSPORT_FLOOD) with no path hops + 4 transport code bytes
-	// header=0x14 (TRANSPORT_FLOOD, ADVERT), path=0x00 (0 hops)
-	// transport codes = 4 bytes, then payload
-	hex := "1400" + "AABBCCDD" + strings.Repeat("EE", 10)
+	// Route type 0 (TRANSPORT_FLOOD) with transport codes then path=0x00 (0 hops)
+	// header=0x14 (TRANSPORT_FLOOD, ADVERT), transport(4), path=0x00
+	hex := "14" + "AABBCCDD" + "00" + strings.Repeat("EE", 10)
 	hash := ComputeContentHash(hex)
 	if len(hash) != 16 {
 		t.Errorf("hash length=%d, want 16", len(hash))
@@ -870,12 +880,10 @@ func TestComputeContentHashPayloadBeyondBufferLongHex(t *testing.T) {
 
 func TestComputeContentHashTransportBeyondBuffer(t *testing.T) {
 	// Transport route (0x00 = TRANSPORT_FLOOD) with path claiming some bytes
-	// total buffer too short for transport codes + path
-	// header=0x00, pathByte=0x02 (2 hops, 1-byte hash), then only 2 more bytes
-	// payloadStart = 2 + 2 + 4(transport) = 8, but buffer only 6 bytes
-	hex := "0002" + "AABB" + strings.Repeat("CC", 6) // 20 chars = 10 bytes
+	// header=0x00, transport(4), pathByte=0x02 (2 hops, 1-byte hash)
+	// offset=1+4+1+2=8, buffer needs to be >= 8
+	hex := "00" + "AABB" + "CCDD" + "02" + strings.Repeat("CC", 6) // 20 chars = 10 bytes  
 	hash := ComputeContentHash(hex)
-	// payloadStart = 2 + 2 + 4 = 8, buffer is 10 bytes → should work
 	if len(hash) != 16 {
 		t.Errorf("hash length=%d, want 16", len(hash))
 	}
@@ -913,8 +921,8 @@ func TestDecodePacketWithNewlines(t *testing.T) {
 }
 
 func TestDecodePacketTransportRouteTooShort(t *testing.T) {
-	// TRANSPORT_FLOOD (route=0) but only 3 bytes total → too short for transport codes
-	_, err := DecodePacket("140011", nil)
+	// TRANSPORT_FLOOD (route=0) but only 2 bytes total → too short for transport codes
+	_, err := DecodePacket("1400", nil)
 	if err == nil {
 		t.Error("expected error for transport route with too-short buffer")
 	}
@@ -931,16 +939,19 @@ func TestDecodeAckShort(t *testing.T) {
 }
 
 func TestDecodeAckValid(t *testing.T) {
-	buf := []byte{0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}
+	buf := []byte{0xAA, 0xBB, 0xCC, 0xDD}
 	p := decodeAck(buf)
 	if p.Error != "" {
 		t.Errorf("unexpected error: %s", p.Error)
 	}
-	if p.DestHash != "aa" {
-		t.Errorf("destHash=%s, want aa", p.DestHash)
+	if p.ExtraHash != "ddccbbaa" {
+		t.Errorf("extraHash=%s, want ddccbbaa", p.ExtraHash)
 	}
-	if p.ExtraHash != "ccddeeff" {
-		t.Errorf("extraHash=%s, want ccddeeff", p.ExtraHash)
+	if p.DestHash != "" {
+		t.Errorf("destHash should be empty, got %s", p.DestHash)
+	}
+	if p.SrcHash != "" {
+		t.Errorf("srcHash should be empty, got %s", p.SrcHash)
 	}
 }
 

cmd/server/db_test.go

@@ -17,6 +17,8 @@ func setupTestDB(t *testing.T) *DB {
 	if err != nil {
 		t.Fatal(err)
 	}
+	// Force single connection so all goroutines share the same in-memory DB
+	conn.SetMaxOpenConns(1)
 
 	// Create schema matching MeshCore Analyzer v3
 	schema := `

cmd/server/decoder.go

@@ -54,8 +54,8 @@ type Header struct {
 
 // TransportCodes are present on TRANSPORT_FLOOD and TRANSPORT_DIRECT routes.
 type TransportCodes struct {
-	NextHop string `json:"nextHop"`
-	LastHop string `json:"lastHop"`
+	Code1 string `json:"code1"`
+	Code2 string `json:"code2"`
 }
 
 // Path holds decoded path/hop information.
@@ -74,6 +74,8 @@ type AdvertFlags struct {
 	Room        bool `json:"room"`
 	Sensor      bool `json:"sensor"`
 	HasLocation bool `json:"hasLocation"`
+	HasFeat1    bool `json:"hasFeat1"`
+	HasFeat2    bool `json:"hasFeat2"`
 	HasName     bool `json:"hasName"`
 }
 
@@ -97,6 +99,8 @@ type Payload struct {
 	EphemeralPubKey string       `json:"ephemeralPubKey,omitempty"`
 	PathData        string       `json:"pathData,omitempty"`
 	Tag             uint32       `json:"tag,omitempty"`
+	AuthCode        uint32       `json:"authCode,omitempty"`
+	TraceFlags      *int         `json:"traceFlags,omitempty"`
 	RawHex          string       `json:"raw,omitempty"`
 	Error           string       `json:"error,omitempty"`
 }
@@ -173,14 +177,13 @@ func decodeEncryptedPayload(typeName string, buf []byte) Payload {
 }
 
 func decodeAck(buf []byte) Payload {
-	if len(buf) < 6 {
+	if len(buf) < 4 {
 		return Payload{Type: "ACK", Error: "too short", RawHex: hex.EncodeToString(buf)}
 	}
+	checksum := binary.LittleEndian.Uint32(buf[0:4])
 	return Payload{
 		Type:      "ACK",
-		DestHash:  hex.EncodeToString(buf[0:1]),
-		SrcHash:   hex.EncodeToString(buf[1:2]),
-		ExtraHash: hex.EncodeToString(buf[2:6]),
+		ExtraHash: fmt.Sprintf("%08x", checksum),
 	}
 }
 
@@ -205,6 +208,8 @@ func decodeAdvert(buf []byte) Payload {
 	if len(appdata) > 0 {
 		flags := appdata[0]
 		advType := int(flags & 0x0F)
+		hasFeat1 := flags&0x20 != 0
+		hasFeat2 := flags&0x40 != 0
 		p.Flags = &AdvertFlags{
 			Raw:         int(flags),
 			Type:        advType,
@@ -213,6 +218,8 @@ func decodeAdvert(buf []byte) Payload {
 			Room:        advType == 3,
 			Sensor:      advType == 4,
 			HasLocation: flags&0x10 != 0,
+			HasFeat1:    hasFeat1,
+			HasFeat2:    hasFeat2,
 			HasName:     flags&0x80 != 0,
 		}
 
@@ -226,6 +233,12 @@ func decodeAdvert(buf []byte) Payload {
 			p.Lon = &lon
 			off += 8
 		}
+		if hasFeat1 && len(appdata) >= off+2 {
+			off += 2  // skip feat1 bytes (reserved for future use)
+		}
+		if hasFeat2 && len(appdata) >= off+2 {
+			off += 2  // skip feat2 bytes (reserved for future use)
+		}
 		if p.Flags.HasName {
 			name := string(appdata[off:])
 			name = strings.TrimRight(name, "\x00")
@@ -276,15 +289,22 @@ func decodePathPayload(buf []byte) Payload {
 }
 
 func decodeTrace(buf []byte) Payload {
-	if len(buf) < 12 {
+	if len(buf) < 9 {
 		return Payload{Type: "TRACE", Error: "too short", RawHex: hex.EncodeToString(buf)}
 	}
-	return Payload{
-		Type:     "TRACE",
-		DestHash: hex.EncodeToString(buf[5:11]),
-		SrcHash:  hex.EncodeToString(buf[11:12]),
-		Tag:      binary.LittleEndian.Uint32(buf[1:5]),
+	tag := binary.LittleEndian.Uint32(buf[0:4])
+	authCode := binary.LittleEndian.Uint32(buf[4:8])
+	flags := int(buf[8])
+	p := Payload{
+		Type:       "TRACE",
+		Tag:        tag,
+		AuthCode:   authCode,
+		TraceFlags: &flags,
 	}
+	if len(buf) > 9 {
+		p.PathData = hex.EncodeToString(buf[9:])
+	}
+	return p
 }
 
 func decodePayload(payloadType int, buf []byte) Payload {
@@ -327,8 +347,7 @@ func DecodePacket(hexString string) (*DecodedPacket, error) {
 	}
 
 	header := decodeHeader(buf[0])
-	pathByte := buf[1]
-	offset := 2
+	offset := 1
 
 	var tc *TransportCodes
 	if isTransportRoute(header.RouteType) {
@@ -336,12 +355,18 @@ func DecodePacket(hexString string) (*DecodedPacket, error) {
 			return nil, fmt.Errorf("packet too short for transport codes")
 		}
 		tc = &TransportCodes{
-			NextHop: strings.ToUpper(hex.EncodeToString(buf[offset : offset+2])),
-			LastHop: strings.ToUpper(hex.EncodeToString(buf[offset+2 : offset+4])),
+			Code1: strings.ToUpper(hex.EncodeToString(buf[offset : offset+2])),
+			Code2: strings.ToUpper(hex.EncodeToString(buf[offset+2 : offset+4])),
 		}
 		offset += 4
 	}
 
+	if offset >= len(buf) {
+		return nil, fmt.Errorf("packet too short (no path byte)")
+	}
+	pathByte := buf[offset]
+	offset++
+
 	path, bytesConsumed := decodePath(pathByte, buf, offset)
 	offset += bytesConsumed
 
@@ -367,16 +392,24 @@ func ComputeContentHash(rawHex string) string {
 		return rawHex
 	}
 
-	pathByte := buf[1]
+	headerByte := buf[0]
+	offset := 1
+	if isTransportRoute(int(headerByte & 0x03)) {
+		offset += 4
+	}
+	if offset >= len(buf) {
+		if len(rawHex) >= 16 {
+			return rawHex[:16]
+		}
+		return rawHex
+	}
+	pathByte := buf[offset]
+	offset++
 	hashSize := int((pathByte>>6)&0x3) + 1
 	hashCount := int(pathByte & 0x3F)
 	pathBytes := hashSize * hashCount
 
-	headerByte := buf[0]
-	payloadStart := 2 + pathBytes
-	if isTransportRoute(int(headerByte & 0x03)) {
-		payloadStart += 4
-	}
+	payloadStart := offset + pathBytes
 	if payloadStart > len(buf) {
 		if len(rawHex) >= 16 {
 			return rawHex[:16]

cmd/server/parity_test.go

@@ -1,403 +1,506 @@
-package main
-
-// parity_test.go — Golden fixture shape tests.
-// Validates that Go API responses match the shape of Node.js API responses.
-// Shapes were captured from the production Node.js server and stored in
-// testdata/golden/shapes.json.
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"testing"
-)
-
-// shapeSpec describes the expected JSON structure from the Node.js server.
-type shapeSpec struct {
-	Type        string               `json:"type"`
-	Keys        map[string]shapeSpec `json:"keys,omitempty"`
-	ElementShape *shapeSpec           `json:"elementShape,omitempty"`
-	DynamicKeys  bool                 `json:"dynamicKeys,omitempty"`
-	ValueShape   *shapeSpec           `json:"valueShape,omitempty"`
-	RequiredKeys map[string]shapeSpec `json:"requiredKeys,omitempty"`
-}
-
-// loadShapes reads testdata/golden/shapes.json relative to this source file.
-func loadShapes(t *testing.T) map[string]shapeSpec {
-	t.Helper()
-	_, thisFile, _, _ := runtime.Caller(0)
-	dir := filepath.Dir(thisFile)
-	data, err := os.ReadFile(filepath.Join(dir, "testdata", "golden", "shapes.json"))
-	if err != nil {
-		t.Fatalf("cannot load shapes.json: %v", err)
-	}
-	var shapes map[string]shapeSpec
-	if err := json.Unmarshal(data, &shapes); err != nil {
-		t.Fatalf("cannot parse shapes.json: %v", err)
-	}
-	return shapes
-}
-
-// validateShape recursively checks that `actual` matches the expected `spec`.
-// `path` tracks the JSON path for error messages.
-// Returns a list of mismatch descriptions.
-func validateShape(actual interface{}, spec shapeSpec, path string) []string {
-	var errs []string
-
-	switch spec.Type {
-	case "null", "nullable":
-		// nullable means: value can be null OR matching type. Accept anything.
-		return nil
-	case "nullable_number":
-		// Can be null or number
-		if actual != nil {
-			if _, ok := actual.(float64); !ok {
-				errs = append(errs, fmt.Sprintf("%s: expected number or null, got %T", path, actual))
-			}
-		}
-		return errs
-	case "string":
-		if actual == nil {
-			errs = append(errs, fmt.Sprintf("%s: expected string, got null", path))
-		} else if _, ok := actual.(string); !ok {
-			errs = append(errs, fmt.Sprintf("%s: expected string, got %T", path, actual))
-		}
-	case "number":
-		if actual == nil {
-			errs = append(errs, fmt.Sprintf("%s: expected number, got null", path))
-		} else if _, ok := actual.(float64); !ok {
-			errs = append(errs, fmt.Sprintf("%s: expected number, got %T (%v)", path, actual, actual))
-		}
-	case "boolean":
-		if actual == nil {
-			errs = append(errs, fmt.Sprintf("%s: expected boolean, got null", path))
-		} else if _, ok := actual.(bool); !ok {
-			errs = append(errs, fmt.Sprintf("%s: expected boolean, got %T", path, actual))
-		}
-	case "array":
-		if actual == nil {
-			errs = append(errs, fmt.Sprintf("%s: expected array, got null (arrays must be [] not null)", path))
-			return errs
-		}
-		arr, ok := actual.([]interface{})
-		if !ok {
-			errs = append(errs, fmt.Sprintf("%s: expected array, got %T", path, actual))
-			return errs
-		}
-		if spec.ElementShape != nil && len(arr) > 0 {
-			errs = append(errs, validateShape(arr[0], *spec.ElementShape, path+"[0]")...)
-		}
-	case "object":
-		if actual == nil {
-			errs = append(errs, fmt.Sprintf("%s: expected object, got null", path))
-			return errs
-		}
-		obj, ok := actual.(map[string]interface{})
-		if !ok {
-			errs = append(errs, fmt.Sprintf("%s: expected object, got %T", path, actual))
-			return errs
-		}
-
-		if spec.DynamicKeys {
-			// Object with dynamic keys — validate value shapes
-			if spec.ValueShape != nil && len(obj) > 0 {
-				for k, v := range obj {
-					errs = append(errs, validateShape(v, *spec.ValueShape, path+"."+k)...)
-					break // check just one sample
-				}
-			}
-			if spec.RequiredKeys != nil {
-				for rk, rs := range spec.RequiredKeys {
-					v, exists := obj[rk]
-					if !exists {
-						errs = append(errs, fmt.Sprintf("%s: missing required key %q in dynamic-key object", path, rk))
-					} else {
-						errs = append(errs, validateShape(v, rs, path+"."+rk)...)
-					}
-				}
-			}
-		} else if spec.Keys != nil {
-			// Object with known keys — check each expected key exists and has correct type
-			for key, keySpec := range spec.Keys {
-				val, exists := obj[key]
-				if !exists {
-					errs = append(errs, fmt.Sprintf("%s: missing field %q (expected %s)", path, key, keySpec.Type))
-				} else {
-					errs = append(errs, validateShape(val, keySpec, path+"."+key)...)
-				}
-			}
-		}
-	}
-
-	return errs
-}
-
-// parityEndpoint defines one endpoint to test for parity.
-type parityEndpoint struct {
-	name     string // key in shapes.json
-	path     string // HTTP path to request
-}
-
-func TestParityShapes(t *testing.T) {
-	shapes := loadShapes(t)
-	_, router := setupTestServer(t)
-
-	endpoints := []parityEndpoint{
-		{"stats", "/api/stats"},
-		{"nodes", "/api/nodes?limit=5"},
-		{"packets", "/api/packets?limit=5"},
-		{"packets_grouped", "/api/packets?limit=5&groupByHash=true"},
-		{"observers", "/api/observers"},
-		{"channels", "/api/channels"},
-		{"channel_messages", "/api/channels/0000000000000000/messages?limit=5"},
-		{"analytics_rf", "/api/analytics/rf?days=7"},
-		{"analytics_topology", "/api/analytics/topology?days=7"},
-		{"analytics_hash_sizes", "/api/analytics/hash-sizes?days=7"},
-		{"analytics_distance", "/api/analytics/distance?days=7"},
-		{"analytics_subpaths", "/api/analytics/subpaths?days=7"},
-		{"bulk_health", "/api/nodes/bulk-health"},
-		{"health", "/api/health"},
-		{"perf", "/api/perf"},
-	}
-
-	for _, ep := range endpoints {
-		t.Run("Parity_"+ep.name, func(t *testing.T) {
-			spec, ok := shapes[ep.name]
-			if !ok {
-				t.Fatalf("no shape spec found for %q in shapes.json", ep.name)
-			}
-
-			req := httptest.NewRequest("GET", ep.path, nil)
-			w := httptest.NewRecorder()
-			router.ServeHTTP(w, req)
-
-			if w.Code != 200 {
-				t.Fatalf("GET %s returned %d, expected 200. Body: %s",
-					ep.path, w.Code, w.Body.String())
-			}
-
-			var body interface{}
-			if err := json.Unmarshal(w.Body.Bytes(), &body); err != nil {
-				t.Fatalf("GET %s returned invalid JSON: %v\nBody: %s",
-					ep.path, err, w.Body.String())
-			}
-
-			mismatches := validateShape(body, spec, ep.path)
-			if len(mismatches) > 0 {
-				t.Errorf("Go %s has %d shape mismatches vs Node.js golden:\n  %s",
-					ep.path, len(mismatches), strings.Join(mismatches, "\n  "))
-			}
-		})
-	}
-}
-
-// TestParityNodeDetail tests node detail endpoint shape.
-// Uses a known test node public key from seeded data.
-func TestParityNodeDetail(t *testing.T) {
-	shapes := loadShapes(t)
-	_, router := setupTestServer(t)
-
-	spec, ok := shapes["node_detail"]
-	if !ok {
-		t.Fatal("no shape spec for node_detail in shapes.json")
-	}
-
-	req := httptest.NewRequest("GET", "/api/nodes/aabbccdd11223344", nil)
-	w := httptest.NewRecorder()
-	router.ServeHTTP(w, req)
-
-	if w.Code != 200 {
-		t.Fatalf("node detail returned %d: %s", w.Code, w.Body.String())
-	}
-
-	var body interface{}
-	json.Unmarshal(w.Body.Bytes(), &body)
-
-	mismatches := validateShape(body, spec, "/api/nodes/{pubkey}")
-	if len(mismatches) > 0 {
-		t.Errorf("Go node detail has %d shape mismatches vs Node.js golden:\n  %s",
-			len(mismatches), strings.Join(mismatches, "\n  "))
-	}
-}
-
-// TestParityArraysNotNull verifies that array-typed fields in Go responses are
-// [] (empty array) rather than null. This is a common Go/JSON pitfall where
-// nil slices marshal as null instead of [].
-// Uses shapes.json to know which fields SHOULD be arrays.
-func TestParityArraysNotNull(t *testing.T) {
-	shapes := loadShapes(t)
-	_, router := setupTestServer(t)
-
-	endpoints := []struct {
-		name string
-		path string
-	}{
-		{"stats", "/api/stats"},
-		{"nodes", "/api/nodes?limit=5"},
-		{"packets", "/api/packets?limit=5"},
-		{"packets_grouped", "/api/packets?limit=5&groupByHash=true"},
-		{"observers", "/api/observers"},
-		{"channels", "/api/channels"},
-		{"bulk_health", "/api/nodes/bulk-health"},
-		{"analytics_rf", "/api/analytics/rf?days=7"},
-		{"analytics_topology", "/api/analytics/topology?days=7"},
-		{"analytics_hash_sizes", "/api/analytics/hash-sizes?days=7"},
-		{"analytics_distance", "/api/analytics/distance?days=7"},
-		{"analytics_subpaths", "/api/analytics/subpaths?days=7"},
-	}
-
-	for _, ep := range endpoints {
-		t.Run("NullArrayCheck_"+ep.name, func(t *testing.T) {
-			spec, ok := shapes[ep.name]
-			if !ok {
-				t.Skipf("no shape spec for %s", ep.name)
-			}
-
-			req := httptest.NewRequest("GET", ep.path, nil)
-			w := httptest.NewRecorder()
-			router.ServeHTTP(w, req)
-
-			if w.Code != 200 {
-				t.Skipf("GET %s returned %d, skipping null-array check", ep.path, w.Code)
-			}
-
-			var body interface{}
-			json.Unmarshal(w.Body.Bytes(), &body)
-
-			nullArrays := findNullArrays(body, spec, ep.path)
-			if len(nullArrays) > 0 {
-				t.Errorf("Go %s has null where [] expected:\n  %s\n"+
-					"Go nil slices marshal as null — initialize with make() or literal",
-					ep.path, strings.Join(nullArrays, "\n  "))
-			}
-		})
-	}
-}
-
-// findNullArrays walks JSON data alongside a shape spec and returns paths
-// where the spec says the field should be an array but Go returned null.
-func findNullArrays(actual interface{}, spec shapeSpec, path string) []string {
-	var nulls []string
-
-	switch spec.Type {
-	case "array":
-		if actual == nil {
-			nulls = append(nulls, fmt.Sprintf("%s: null (should be [])", path))
-		} else if arr, ok := actual.([]interface{}); ok && spec.ElementShape != nil {
-			for i, elem := range arr {
-				nulls = append(nulls, findNullArrays(elem, *spec.ElementShape, fmt.Sprintf("%s[%d]", path, i))...)
-			}
-		}
-	case "object":
-		obj, ok := actual.(map[string]interface{})
-		if !ok || obj == nil {
-			return nulls
-		}
-		if spec.Keys != nil {
-			for key, keySpec := range spec.Keys {
-				if val, exists := obj[key]; exists {
-					nulls = append(nulls, findNullArrays(val, keySpec, path+"."+key)...)
-				} else if keySpec.Type == "array" {
-					// Key missing entirely — also a null-array problem
-					nulls = append(nulls, fmt.Sprintf("%s.%s: missing (should be [])", path, key))
-				}
-			}
-		}
-		if spec.DynamicKeys && spec.ValueShape != nil {
-			for k, v := range obj {
-				nulls = append(nulls, findNullArrays(v, *spec.ValueShape, path+"."+k)...)
-				break // sample one
-			}
-		}
-	}
-
-	return nulls
-}
-
-// TestParityHealthEngine verifies Go health endpoint declares engine=go
-// while Node declares engine=node (or omits it). The Go server must always
-// identify itself.
-func TestParityHealthEngine(t *testing.T) {
-	_, router := setupTestServer(t)
-
-	req := httptest.NewRequest("GET", "/api/health", nil)
-	w := httptest.NewRecorder()
-	router.ServeHTTP(w, req)
-
-	var body map[string]interface{}
-	json.Unmarshal(w.Body.Bytes(), &body)
-
-	engine, ok := body["engine"]
-	if !ok {
-		t.Error("health response missing 'engine' field (Go server must include engine=go)")
-	} else if engine != "go" {
-		t.Errorf("health engine=%v, expected 'go'", engine)
-	}
-}
-
-// TestValidateShapeFunction directly tests the shape validator itself.
-func TestValidateShapeFunction(t *testing.T) {
-	t.Run("string match", func(t *testing.T) {
-		errs := validateShape("hello", shapeSpec{Type: "string"}, "$.x")
-		if len(errs) != 0 {
-			t.Errorf("unexpected errors: %v", errs)
-		}
-	})
-
-	t.Run("string mismatch", func(t *testing.T) {
-		errs := validateShape(42.0, shapeSpec{Type: "string"}, "$.x")
-		if len(errs) != 1 {
-			t.Errorf("expected 1 error, got %d: %v", len(errs), errs)
-		}
-	})
-
-	t.Run("null array rejected", func(t *testing.T) {
-		errs := validateShape(nil, shapeSpec{Type: "array"}, "$.arr")
-		if len(errs) != 1 || !strings.Contains(errs[0], "null") {
-			t.Errorf("expected null-array error, got: %v", errs)
-		}
-	})
-
-	t.Run("empty array OK", func(t *testing.T) {
-		errs := validateShape([]interface{}{}, shapeSpec{Type: "array"}, "$.arr")
-		if len(errs) != 0 {
-			t.Errorf("unexpected errors for empty array: %v", errs)
-		}
-	})
-
-	t.Run("missing object key", func(t *testing.T) {
-		spec := shapeSpec{Type: "object", Keys: map[string]shapeSpec{
-			"name": {Type: "string"},
-			"age":  {Type: "number"},
-		}}
-		obj := map[string]interface{}{"name": "test"}
-		errs := validateShape(obj, spec, "$.user")
-		if len(errs) != 1 || !strings.Contains(errs[0], "age") {
-			t.Errorf("expected missing age error, got: %v", errs)
-		}
-	})
-
-	t.Run("nullable allows null", func(t *testing.T) {
-		errs := validateShape(nil, shapeSpec{Type: "nullable"}, "$.x")
-		if len(errs) != 0 {
-			t.Errorf("nullable should accept null: %v", errs)
-		}
-	})
-
-	t.Run("dynamic keys validates value shape", func(t *testing.T) {
-		spec := shapeSpec{
-			Type:        "object",
-			DynamicKeys: true,
-			ValueShape:  &shapeSpec{Type: "number"},
-		}
-		obj := map[string]interface{}{"a": 1.0, "b": 2.0}
-		errs := validateShape(obj, spec, "$.dyn")
-		if len(errs) != 0 {
-			t.Errorf("unexpected errors: %v", errs)
-		}
-	})
-}
+package main
+
+// parity_test.go — Golden fixture shape tests.
+// Validates that Go API responses match the shape of Node.js API responses.
+// Shapes were captured from the production Node.js server and stored in
+// testdata/golden/shapes.json.
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strings"
+	"testing"
+	"time"
+)
+
+// shapeSpec describes the expected JSON structure from the Node.js server.
+type shapeSpec struct {
+	Type         string               `json:"type"`
+	Keys         map[string]shapeSpec `json:"keys,omitempty"`
+	ElementShape *shapeSpec           `json:"elementShape,omitempty"`
+	DynamicKeys  bool                 `json:"dynamicKeys,omitempty"`
+	ValueShape   *shapeSpec           `json:"valueShape,omitempty"`
+	RequiredKeys map[string]shapeSpec `json:"requiredKeys,omitempty"`
+}
+
+// loadShapes reads testdata/golden/shapes.json relative to this source file.
+func loadShapes(t *testing.T) map[string]shapeSpec {
+	t.Helper()
+	_, thisFile, _, _ := runtime.Caller(0)
+	dir := filepath.Dir(thisFile)
+	data, err := os.ReadFile(filepath.Join(dir, "testdata", "golden", "shapes.json"))
+	if err != nil {
+		t.Fatalf("cannot load shapes.json: %v", err)
+	}
+	var shapes map[string]shapeSpec
+	if err := json.Unmarshal(data, &shapes); err != nil {
+		t.Fatalf("cannot parse shapes.json: %v", err)
+	}
+	return shapes
+}
+
+// validateShape recursively checks that `actual` matches the expected `spec`.
+// `path` tracks the JSON path for error messages.
+// Returns a list of mismatch descriptions.
+func validateShape(actual interface{}, spec shapeSpec, path string) []string {
+	var errs []string
+
+	switch spec.Type {
+	case "null", "nullable":
+		// nullable means: value can be null OR matching type. Accept anything.
+		return nil
+	case "nullable_number":
+		// Can be null or number
+		if actual != nil {
+			if _, ok := actual.(float64); !ok {
+				errs = append(errs, fmt.Sprintf("%s: expected number or null, got %T", path, actual))
+			}
+		}
+		return errs
+	case "string":
+		if actual == nil {
+			errs = append(errs, fmt.Sprintf("%s: expected string, got null", path))
+		} else if _, ok := actual.(string); !ok {
+			errs = append(errs, fmt.Sprintf("%s: expected string, got %T", path, actual))
+		}
+	case "number":
+		if actual == nil {
+			errs = append(errs, fmt.Sprintf("%s: expected number, got null", path))
+		} else if _, ok := actual.(float64); !ok {
+			errs = append(errs, fmt.Sprintf("%s: expected number, got %T (%v)", path, actual, actual))
+		}
+	case "boolean":
+		if actual == nil {
+			errs = append(errs, fmt.Sprintf("%s: expected boolean, got null", path))
+		} else if _, ok := actual.(bool); !ok {
+			errs = append(errs, fmt.Sprintf("%s: expected boolean, got %T", path, actual))
+		}
+	case "array":
+		if actual == nil {
+			errs = append(errs, fmt.Sprintf("%s: expected array, got null (arrays must be [] not null)", path))
+			return errs
+		}
+		arr, ok := actual.([]interface{})
+		if !ok {
+			errs = append(errs, fmt.Sprintf("%s: expected array, got %T", path, actual))
+			return errs
+		}
+		if spec.ElementShape != nil && len(arr) > 0 {
+			errs = append(errs, validateShape(arr[0], *spec.ElementShape, path+"[0]")...)
+		}
+	case "object":
+		if actual == nil {
+			errs = append(errs, fmt.Sprintf("%s: expected object, got null", path))
+			return errs
+		}
+		obj, ok := actual.(map[string]interface{})
+		if !ok {
+			errs = append(errs, fmt.Sprintf("%s: expected object, got %T", path, actual))
+			return errs
+		}
+
+		if spec.DynamicKeys {
+			// Object with dynamic keys — validate value shapes
+			if spec.ValueShape != nil && len(obj) > 0 {
+				for k, v := range obj {
+					errs = append(errs, validateShape(v, *spec.ValueShape, path+"."+k)...)
+					break // check just one sample
+				}
+			}
+			if spec.RequiredKeys != nil {
+				for rk, rs := range spec.RequiredKeys {
+					v, exists := obj[rk]
+					if !exists {
+						errs = append(errs, fmt.Sprintf("%s: missing required key %q in dynamic-key object", path, rk))
+					} else {
+						errs = append(errs, validateShape(v, rs, path+"."+rk)...)
+					}
+				}
+			}
+		} else if spec.Keys != nil {
+			// Object with known keys — check each expected key exists and has correct type
+			for key, keySpec := range spec.Keys {
+				val, exists := obj[key]
+				if !exists {
+					errs = append(errs, fmt.Sprintf("%s: missing field %q (expected %s)", path, key, keySpec.Type))
+				} else {
+					errs = append(errs, validateShape(val, keySpec, path+"."+key)...)
+				}
+			}
+		}
+	}
+
+	return errs
+}
+
+// parityEndpoint defines one endpoint to test for parity.
+type parityEndpoint struct {
+	name string // key in shapes.json
+	path string // HTTP path to request
+}
+
+func TestParityShapes(t *testing.T) {
+	shapes := loadShapes(t)
+	_, router := setupTestServer(t)
+
+	endpoints := []parityEndpoint{
+		{"stats", "/api/stats"},
+		{"nodes", "/api/nodes?limit=5"},
+		{"packets", "/api/packets?limit=5"},
+		{"packets_grouped", "/api/packets?limit=5&groupByHash=true"},
+		{"observers", "/api/observers"},
+		{"channels", "/api/channels"},
+		{"channel_messages", "/api/channels/0000000000000000/messages?limit=5"},
+		{"analytics_rf", "/api/analytics/rf?days=7"},
+		{"analytics_topology", "/api/analytics/topology?days=7"},
+		{"analytics_hash_sizes", "/api/analytics/hash-sizes?days=7"},
+		{"analytics_distance", "/api/analytics/distance?days=7"},
+		{"analytics_subpaths", "/api/analytics/subpaths?days=7"},
+		{"bulk_health", "/api/nodes/bulk-health"},
+		{"health", "/api/health"},
+		{"perf", "/api/perf"},
+	}
+
+	for _, ep := range endpoints {
+		t.Run("Parity_"+ep.name, func(t *testing.T) {
+			spec, ok := shapes[ep.name]
+			if !ok {
+				t.Fatalf("no shape spec found for %q in shapes.json", ep.name)
+			}
+
+			req := httptest.NewRequest("GET", ep.path, nil)
+			w := httptest.NewRecorder()
+			router.ServeHTTP(w, req)
+
+			if w.Code != 200 {
+				t.Fatalf("GET %s returned %d, expected 200. Body: %s",
+					ep.path, w.Code, w.Body.String())
+			}
+
+			var body interface{}
+			if err := json.Unmarshal(w.Body.Bytes(), &body); err != nil {
+				t.Fatalf("GET %s returned invalid JSON: %v\nBody: %s",
+					ep.path, err, w.Body.String())
+			}
+
+			mismatches := validateShape(body, spec, ep.path)
+			if len(mismatches) > 0 {
+				t.Errorf("Go %s has %d shape mismatches vs Node.js golden:\n  %s",
+					ep.path, len(mismatches), strings.Join(mismatches, "\n  "))
+			}
+		})
+	}
+}
+
+// TestParityNodeDetail tests node detail endpoint shape.
+// Uses a known test node public key from seeded data.
+func TestParityNodeDetail(t *testing.T) {
+	shapes := loadShapes(t)
+	_, router := setupTestServer(t)
+
+	spec, ok := shapes["node_detail"]
+	if !ok {
+		t.Fatal("no shape spec for node_detail in shapes.json")
+	}
+
+	req := httptest.NewRequest("GET", "/api/nodes/aabbccdd11223344", nil)
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	if w.Code != 200 {
+		t.Fatalf("node detail returned %d: %s", w.Code, w.Body.String())
+	}
+
+	var body interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+
+	mismatches := validateShape(body, spec, "/api/nodes/{pubkey}")
+	if len(mismatches) > 0 {
+		t.Errorf("Go node detail has %d shape mismatches vs Node.js golden:\n  %s",
+			len(mismatches), strings.Join(mismatches, "\n  "))
+	}
+}
+
+// TestParityArraysNotNull verifies that array-typed fields in Go responses are
+// [] (empty array) rather than null. This is a common Go/JSON pitfall where
+// nil slices marshal as null instead of [].
+// Uses shapes.json to know which fields SHOULD be arrays.
+func TestParityArraysNotNull(t *testing.T) {
+	shapes := loadShapes(t)
+	_, router := setupTestServer(t)
+
+	endpoints := []struct {
+		name string
+		path string
+	}{
+		{"stats", "/api/stats"},
+		{"nodes", "/api/nodes?limit=5"},
+		{"packets", "/api/packets?limit=5"},
+		{"packets_grouped", "/api/packets?limit=5&groupByHash=true"},
+		{"observers", "/api/observers"},
+		{"channels", "/api/channels"},
+		{"bulk_health", "/api/nodes/bulk-health"},
+		{"analytics_rf", "/api/analytics/rf?days=7"},
+		{"analytics_topology", "/api/analytics/topology?days=7"},
+		{"analytics_hash_sizes", "/api/analytics/hash-sizes?days=7"},
+		{"analytics_distance", "/api/analytics/distance?days=7"},
+		{"analytics_subpaths", "/api/analytics/subpaths?days=7"},
+	}
+
+	for _, ep := range endpoints {
+		t.Run("NullArrayCheck_"+ep.name, func(t *testing.T) {
+			spec, ok := shapes[ep.name]
+			if !ok {
+				t.Skipf("no shape spec for %s", ep.name)
+			}
+
+			req := httptest.NewRequest("GET", ep.path, nil)
+			w := httptest.NewRecorder()
+			router.ServeHTTP(w, req)
+
+			if w.Code != 200 {
+				t.Skipf("GET %s returned %d, skipping null-array check", ep.path, w.Code)
+			}
+
+			var body interface{}
+			json.Unmarshal(w.Body.Bytes(), &body)
+
+			nullArrays := findNullArrays(body, spec, ep.path)
+			if len(nullArrays) > 0 {
+				t.Errorf("Go %s has null where [] expected:\n  %s\n"+
+					"Go nil slices marshal as null — initialize with make() or literal",
+					ep.path, strings.Join(nullArrays, "\n  "))
+			}
+		})
+	}
+}
+
+// findNullArrays walks JSON data alongside a shape spec and returns paths
+// where the spec says the field should be an array but Go returned null.
+func findNullArrays(actual interface{}, spec shapeSpec, path string) []string {
+	var nulls []string
+
+	switch spec.Type {
+	case "array":
+		if actual == nil {
+			nulls = append(nulls, fmt.Sprintf("%s: null (should be [])", path))
+		} else if arr, ok := actual.([]interface{}); ok && spec.ElementShape != nil {
+			for i, elem := range arr {
+				nulls = append(nulls, findNullArrays(elem, *spec.ElementShape, fmt.Sprintf("%s[%d]", path, i))...)
+			}
+		}
+	case "object":
+		obj, ok := actual.(map[string]interface{})
+		if !ok || obj == nil {
+			return nulls
+		}
+		if spec.Keys != nil {
+			for key, keySpec := range spec.Keys {
+				if val, exists := obj[key]; exists {
+					nulls = append(nulls, findNullArrays(val, keySpec, path+"."+key)...)
+				} else if keySpec.Type == "array" {
+					// Key missing entirely — also a null-array problem
+					nulls = append(nulls, fmt.Sprintf("%s.%s: missing (should be [])", path, key))
+				}
+			}
+		}
+		if spec.DynamicKeys && spec.ValueShape != nil {
+			for k, v := range obj {
+				nulls = append(nulls, findNullArrays(v, *spec.ValueShape, path+"."+k)...)
+				break // sample one
+			}
+		}
+	}
+
+	return nulls
+}
+
+// TestParityHealthEngine verifies Go health endpoint declares engine=go
+// while Node declares engine=node (or omits it). The Go server must always
+// identify itself.
+func TestParityHealthEngine(t *testing.T) {
+	_, router := setupTestServer(t)
+
+	req := httptest.NewRequest("GET", "/api/health", nil)
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	var body map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &body)
+
+	engine, ok := body["engine"]
+	if !ok {
+		t.Error("health response missing 'engine' field (Go server must include engine=go)")
+	} else if engine != "go" {
+		t.Errorf("health engine=%v, expected 'go'", engine)
+	}
+}
+
+// TestValidateShapeFunction directly tests the shape validator itself.
+func TestValidateShapeFunction(t *testing.T) {
+	t.Run("string match", func(t *testing.T) {
+		errs := validateShape("hello", shapeSpec{Type: "string"}, "$.x")
+		if len(errs) != 0 {
+			t.Errorf("unexpected errors: %v", errs)
+		}
+	})
+
+	t.Run("string mismatch", func(t *testing.T) {
+		errs := validateShape(42.0, shapeSpec{Type: "string"}, "$.x")
+		if len(errs) != 1 {
+			t.Errorf("expected 1 error, got %d: %v", len(errs), errs)
+		}
+	})
+
+	t.Run("null array rejected", func(t *testing.T) {
+		errs := validateShape(nil, shapeSpec{Type: "array"}, "$.arr")
+		if len(errs) != 1 || !strings.Contains(errs[0], "null") {
+			t.Errorf("expected null-array error, got: %v", errs)
+		}
+	})
+
+	t.Run("empty array OK", func(t *testing.T) {
+		errs := validateShape([]interface{}{}, shapeSpec{Type: "array"}, "$.arr")
+		if len(errs) != 0 {
+			t.Errorf("unexpected errors for empty array: %v", errs)
+		}
+	})
+
+	t.Run("missing object key", func(t *testing.T) {
+		spec := shapeSpec{Type: "object", Keys: map[string]shapeSpec{
+			"name": {Type: "string"},
+			"age":  {Type: "number"},
+		}}
+		obj := map[string]interface{}{"name": "test"}
+		errs := validateShape(obj, spec, "$.user")
+		if len(errs) != 1 || !strings.Contains(errs[0], "age") {
+			t.Errorf("expected missing age error, got: %v", errs)
+		}
+	})
+
+	t.Run("nullable allows null", func(t *testing.T) {
+		errs := validateShape(nil, shapeSpec{Type: "nullable"}, "$.x")
+		if len(errs) != 0 {
+			t.Errorf("nullable should accept null: %v", errs)
+		}
+	})
+
+	t.Run("dynamic keys validates value shape", func(t *testing.T) {
+		spec := shapeSpec{
+			Type:        "object",
+			DynamicKeys: true,
+			ValueShape:  &shapeSpec{Type: "number"},
+		}
+		obj := map[string]interface{}{"a": 1.0, "b": 2.0}
+		errs := validateShape(obj, spec, "$.dyn")
+		if len(errs) != 0 {
+			t.Errorf("unexpected errors: %v", errs)
+		}
+	})
+}
+
+func TestParityWSMultiObserverGolden(t *testing.T) {
+	db := setupTestDB(t)
+	defer db.Close()
+	seedTestData(t, db)
+	hub := NewHub()
+	store := NewPacketStore(db)
+	if err := store.Load(); err != nil {
+		t.Fatalf("store load failed: %v", err)
+	}
+
+	poller := NewPoller(db, hub, 50*time.Millisecond)
+	poller.store = store
+
+	client := &Client{send: make(chan []byte, 256)}
+	hub.Register(client)
+	defer hub.Unregister(client)
+
+	go poller.Start()
+	defer poller.Stop()
+
+	// Wait for poller to initialize its lastID/lastObsID cursors before
+	// inserting new data; otherwise the poller may snapshot a lastID that
+	// already includes the test data and never broadcast it.
+	time.Sleep(100 * time.Millisecond)
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	if _, err := db.conn.Exec(`INSERT INTO transmissions (raw_hex, hash, first_seen, route_type, payload_type, decoded_json)
+		VALUES ('BEEF', 'goldenstarburst237', ?, 1, 4, '{"pubKey":"aabbccdd11223344","type":"ADVERT"}')`, now); err != nil {
+		t.Fatalf("insert tx failed: %v", err)
+	}
+	var txID int
+	if err := db.conn.QueryRow(`SELECT id FROM transmissions WHERE hash='goldenstarburst237'`).Scan(&txID); err != nil {
+		t.Fatalf("query tx id failed: %v", err)
+	}
+	ts := time.Now().Unix()
+	if _, err := db.conn.Exec(`INSERT INTO observations (transmission_id, observer_idx, snr, rssi, path_json, timestamp)
+		VALUES (?, 1, 11.0, -88, '["p1"]', ?),
+		       (?, 2, 9.0, -92, '["p1","p2"]', ?),
+		       (?, 1, 7.0, -96, '["p1","p2","p3"]', ?)`,
+		txID, ts, txID, ts+1, txID, ts+2); err != nil {
+		t.Fatalf("insert obs failed: %v", err)
+	}
+
+	type golden struct {
+		Hash        string
+		Count       int
+		Paths       []string
+		ObserverIDs []string
+	}
+	expected := golden{
+		Hash:        "goldenstarburst237",
+		Count:       3,
+		Paths:       []string{`["p1"]`, `["p1","p2"]`, `["p1","p2","p3"]`},
+		ObserverIDs: []string{"obs1", "obs2"},
+	}
+
+	gotPaths := make([]string, 0, expected.Count)
+	gotObservers := make(map[string]bool)
+	deadline := time.After(2 * time.Second)
+	for len(gotPaths) < expected.Count {
+		select {
+		case raw := <-client.send:
+			var msg map[string]interface{}
+			if err := json.Unmarshal(raw, &msg); err != nil {
+				t.Fatalf("unmarshal ws message failed: %v", err)
+			}
+			if msg["type"] != "packet" {
+				continue
+			}
+			data, _ := msg["data"].(map[string]interface{})
+			if data == nil || data["hash"] != expected.Hash {
+				continue
+			}
+			if path, ok := data["path_json"].(string); ok {
+				gotPaths = append(gotPaths, path)
+			}
+			if oid, ok := data["observer_id"].(string); ok && oid != "" {
+				gotObservers[oid] = true
+			}
+		case <-deadline:
+			t.Fatalf("timed out waiting for %d ws messages, got %d", expected.Count, len(gotPaths))
+		}
+	}
+
+	sort.Strings(gotPaths)
+	sort.Strings(expected.Paths)
+	if len(gotPaths) != len(expected.Paths) {
+		t.Fatalf("path count mismatch: got %d want %d", len(gotPaths), len(expected.Paths))
+	}
+	for i := range expected.Paths {
+		if gotPaths[i] != expected.Paths[i] {
+			t.Fatalf("path mismatch at %d: got %q want %q", i, gotPaths[i], expected.Paths[i])
+		}
+	}
+	for _, oid := range expected.ObserverIDs {
+		if !gotObservers[oid] {
+			t.Fatalf("missing expected observer %q in ws messages", oid)
+		}
+	}
+}

cmd/server/routes.go

@@ -33,6 +33,11 @@ type Server struct {
 	memStatsMu   sync.Mutex
 	memStatsCache runtime.MemStats
 	memStatsCachedAt time.Time
+
+	// Cached /api/stats response — recomputed at most once every 10s
+	statsMu      sync.Mutex
+	statsCache   *StatsResponse
+	statsCachedAt time.Time
 }
 
 // PerfStats tracks request performance.
@@ -380,6 +385,17 @@ func (s *Server) handleHealth(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *Server) handleStats(w http.ResponseWriter, r *http.Request) {
+	const statsTTL = 10 * time.Second
+
+	s.statsMu.Lock()
+	if s.statsCache != nil && time.Since(s.statsCachedAt) < statsTTL {
+		cached := s.statsCache
+		s.statsMu.Unlock()
+		writeJSON(w, cached)
+		return
+	}
+	s.statsMu.Unlock()
+
 	var stats *Stats
 	var err error
 	if s.store != nil {
@@ -392,7 +408,7 @@ func (s *Server) handleStats(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	counts := s.db.GetRoleCounts()
-	writeJSON(w, StatsResponse{
+	resp := &StatsResponse{
 		TotalPackets:       stats.TotalPackets,
 		TotalTransmissions: &stats.TotalTransmissions,
 		TotalObservations:  stats.TotalObservations,
@@ -411,7 +427,14 @@ func (s *Server) handleStats(w http.ResponseWriter, r *http.Request) {
 			Companions: counts["companions"],
 			Sensors:    counts["sensors"],
 		},
-	})
+	}
+
+	s.statsMu.Lock()
+	s.statsCache = resp
+	s.statsCachedAt = time.Now()
+	s.statsMu.Unlock()
+
+	writeJSON(w, resp)
 }
 
 func (s *Server) handlePerf(w http.ResponseWriter, r *http.Request) {

cmd/server/store.go

@@ -98,6 +98,11 @@ type PacketStore struct {
 	// computed during Load() and incrementally updated on ingest.
 	distHops  []distHopRecord
 	distPaths []distPathRecord
+
+	// Cached GetNodeHashSizeInfo result — recomputed at most once every 15s
+	hashSizeInfoMu    sync.Mutex
+	hashSizeInfoCache map[string]*hashSizeNodeInfo
+	hashSizeInfoAt    time.Time
 }
 
 // Precomputed distance records for fast analytics aggregation.
@@ -1034,7 +1039,7 @@ func (s *PacketStore) IngestNewFromDB(sinceID, limit int) ([]map[string]interfac
 		}
 	}
 
-	// Build broadcast maps (same shape as Node.js WS broadcast)
+	// Build broadcast maps (same shape as Node.js WS broadcast), one per observation.
 	result := make([]map[string]interface{}, 0, len(broadcastOrder))
 	for _, txID := range broadcastOrder {
 		tx := broadcastTxs[txID]
@@ -1050,32 +1055,34 @@ func (s *PacketStore) IngestNewFromDB(sinceID, limit int) ([]map[string]interfac
 				decoded["payload"] = payload
 			}
 		}
-		// Build the nested packet object (packets.js checks m.data.packet)
-		pkt := map[string]interface{}{
-			"id":                tx.ID,
-			"raw_hex":           strOrNil(tx.RawHex),
-			"hash":              strOrNil(tx.Hash),
-			"first_seen":        strOrNil(tx.FirstSeen),
-			"timestamp":         strOrNil(tx.FirstSeen),
-			"route_type":        intPtrOrNil(tx.RouteType),
-			"payload_type":      intPtrOrNil(tx.PayloadType),
-			"decoded_json":      strOrNil(tx.DecodedJSON),
-			"observer_id":       strOrNil(tx.ObserverID),
-			"observer_name":     strOrNil(tx.ObserverName),
-			"snr":               floatPtrOrNil(tx.SNR),
-			"rssi":              floatPtrOrNil(tx.RSSI),
-			"path_json":         strOrNil(tx.PathJSON),
-			"direction":         strOrNil(tx.Direction),
-			"observation_count": tx.ObservationCount,
+		for _, obs := range tx.Observations {
+			// Build the nested packet object (packets.js checks m.data.packet)
+			pkt := map[string]interface{}{
+				"id":                tx.ID,
+				"raw_hex":           strOrNil(tx.RawHex),
+				"hash":              strOrNil(tx.Hash),
+				"first_seen":        strOrNil(tx.FirstSeen),
+				"timestamp":         strOrNil(tx.FirstSeen),
+				"route_type":        intPtrOrNil(tx.RouteType),
+				"payload_type":      intPtrOrNil(tx.PayloadType),
+				"decoded_json":      strOrNil(tx.DecodedJSON),
+				"observer_id":       strOrNil(obs.ObserverID),
+				"observer_name":     strOrNil(obs.ObserverName),
+				"snr":               floatPtrOrNil(obs.SNR),
+				"rssi":              floatPtrOrNil(obs.RSSI),
+				"path_json":         strOrNil(obs.PathJSON),
+				"direction":         strOrNil(obs.Direction),
+				"observation_count": tx.ObservationCount,
+			}
+			// Broadcast map: top-level fields for live.js + nested packet for packets.js
+			broadcastMap := make(map[string]interface{}, len(pkt)+2)
+			for k, v := range pkt {
+				broadcastMap[k] = v
+			}
+			broadcastMap["decoded"] = decoded
+			broadcastMap["packet"] = pkt
+			result = append(result, broadcastMap)
 		}
-		// Broadcast map: top-level fields for live.js + nested packet for packets.js
-		broadcastMap := make(map[string]interface{}, len(pkt)+2)
-		for k, v := range pkt {
-			broadcastMap[k] = v
-		}
-		broadcastMap["decoded"] = decoded
-		broadcastMap["packet"] = pkt
-		result = append(result, broadcastMap)
 	}
 
 	// Invalidate analytics caches since new data was ingested
@@ -1096,7 +1103,7 @@ func (s *PacketStore) IngestNewFromDB(sinceID, limit int) ([]map[string]interfac
 // IngestNewObservations loads new observations for transmissions already in the
 // store. This catches observations that arrive after IngestNewFromDB has already
 // advanced past the transmission's ID (fixes #174).
-func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) int {
+func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) []map[string]interface{} {
 	if limit <= 0 {
 		limit = 500
 	}
@@ -1122,7 +1129,7 @@ func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) int {
 	rows, err := s.db.conn.Query(querySQL, sinceObsID, limit)
 	if err != nil {
 		log.Printf("[store] ingest observations query error: %v", err)
-		return sinceObsID
+		return nil
 	}
 	defer rows.Close()
 
@@ -1165,20 +1172,16 @@ func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) int {
 	}
 
 	if len(obsRows) == 0 {
-		return sinceObsID
+		return nil
 	}
 
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	newMaxObsID := sinceObsID
 	updatedTxs := make(map[int]*StoreTx)
+	broadcastMaps := make([]map[string]interface{}, 0, len(obsRows))
 
 	for _, r := range obsRows {
-		if r.obsID > newMaxObsID {
-			newMaxObsID = r.obsID
-		}
-
 		// Already ingested (e.g. by IngestNewFromDB in same cycle)
 		if _, exists := s.byObsID[r.obsID]; exists {
 			continue
@@ -1221,6 +1224,43 @@ func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) int {
 		}
 		s.totalObs++
 		updatedTxs[r.txID] = tx
+
+		decoded := map[string]interface{}{
+			"header": map[string]interface{}{
+				"payloadTypeName": resolvePayloadTypeName(tx.PayloadType),
+			},
+		}
+		if tx.DecodedJSON != "" {
+			var payload map[string]interface{}
+			if json.Unmarshal([]byte(tx.DecodedJSON), &payload) == nil {
+				decoded["payload"] = payload
+			}
+		}
+
+		pkt := map[string]interface{}{
+			"id":                tx.ID,
+			"raw_hex":           strOrNil(tx.RawHex),
+			"hash":              strOrNil(tx.Hash),
+			"first_seen":        strOrNil(tx.FirstSeen),
+			"timestamp":         strOrNil(tx.FirstSeen),
+			"route_type":        intPtrOrNil(tx.RouteType),
+			"payload_type":      intPtrOrNil(tx.PayloadType),
+			"decoded_json":      strOrNil(tx.DecodedJSON),
+			"observer_id":       strOrNil(obs.ObserverID),
+			"observer_name":     strOrNil(obs.ObserverName),
+			"snr":               floatPtrOrNil(obs.SNR),
+			"rssi":              floatPtrOrNil(obs.RSSI),
+			"path_json":         strOrNil(obs.PathJSON),
+			"direction":         strOrNil(obs.Direction),
+			"observation_count": tx.ObservationCount,
+		}
+		broadcastMap := make(map[string]interface{}, len(pkt)+2)
+		for k, v := range pkt {
+			broadcastMap[k] = v
+		}
+		broadcastMap["decoded"] = decoded
+		broadcastMap["packet"] = pkt
+		broadcastMaps = append(broadcastMaps, broadcastMap)
 	}
 
 	// Re-pick best observation for updated transmissions and update subpath index
@@ -1275,7 +1315,7 @@ func (s *PacketStore) IngestNewObservations(sinceObsID, limit int) int {
 		// analytics caches cleared; no per-cycle log to avoid stdout overhead
 	}
 
-	return newMaxObsID
+	return broadcastMaps
 }
 
 // MaxTransmissionID returns the highest transmission ID in the store.
@@ -3722,8 +3762,26 @@ type hashSizeNodeInfo struct {
 	Inconsistent bool
 }
 
-// GetNodeHashSizeInfo scans advert packets to compute per-node hash size data.
+// GetNodeHashSizeInfo returns cached per-node hash size data, recomputing at most every 15s.
 func (s *PacketStore) GetNodeHashSizeInfo() map[string]*hashSizeNodeInfo {
+	const ttl = 15 * time.Second
+	s.hashSizeInfoMu.Lock()
+	if s.hashSizeInfoCache != nil && time.Since(s.hashSizeInfoAt) < ttl {
+		cached := s.hashSizeInfoCache
+		s.hashSizeInfoMu.Unlock()
+		return cached
+	}
+	s.hashSizeInfoMu.Unlock()
+	result := s.computeNodeHashSizeInfo()
+	s.hashSizeInfoMu.Lock()
+	s.hashSizeInfoCache = result
+	s.hashSizeInfoAt = time.Now()
+	s.hashSizeInfoMu.Unlock()
+	return result
+}
+
+// computeNodeHashSizeInfo scans advert packets to compute per-node hash size data.
+func (s *PacketStore) computeNodeHashSizeInfo() map[string]*hashSizeNodeInfo {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 

cmd/server/websocket.go

@@ -1,229 +1,245 @@
-package main
-
-import (
-	"encoding/json"
-	"log"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/gorilla/websocket"
-)
-
-var upgrader = websocket.Upgrader{
-	ReadBufferSize:  1024,
-	WriteBufferSize: 4096,
-	CheckOrigin:     func(r *http.Request) bool { return true },
-}
-
-// Hub manages WebSocket clients and broadcasts.
-type Hub struct {
-	mu      sync.RWMutex
-	clients map[*Client]bool
-}
-
-// Client is a single WebSocket connection.
-type Client struct {
-	conn *websocket.Conn
-	send chan []byte
-}
-
-func NewHub() *Hub {
-	return &Hub{
-		clients: make(map[*Client]bool),
-	}
-}
-
-func (h *Hub) ClientCount() int {
-	h.mu.RLock()
-	defer h.mu.RUnlock()
-	return len(h.clients)
-}
-
-func (h *Hub) Register(c *Client) {
-	h.mu.Lock()
-	h.clients[c] = true
-	h.mu.Unlock()
-	log.Printf("[ws] client connected (%d total)", h.ClientCount())
-}
-
-func (h *Hub) Unregister(c *Client) {
-	h.mu.Lock()
-	if _, ok := h.clients[c]; ok {
-		delete(h.clients, c)
-		close(c.send)
-	}
-	h.mu.Unlock()
-	log.Printf("[ws] client disconnected (%d total)", h.ClientCount())
-}
-
-// Broadcast sends a message to all connected clients.
-func (h *Hub) Broadcast(msg interface{}) {
-	data, err := json.Marshal(msg)
-	if err != nil {
-		log.Printf("[ws] marshal error: %v", err)
-		return
-	}
-	h.mu.RLock()
-	defer h.mu.RUnlock()
-	for c := range h.clients {
-		select {
-		case c.send <- data:
-		default:
-			// Client buffer full — drop
-		}
-	}
-}
-
-// ServeWS handles the WebSocket upgrade and runs the client.
-func (h *Hub) ServeWS(w http.ResponseWriter, r *http.Request) {
-	conn, err := upgrader.Upgrade(w, r, nil)
-	if err != nil {
-		log.Printf("[ws] upgrade error: %v", err)
-		return
-	}
-
-	client := &Client{
-		conn: conn,
-		send: make(chan []byte, 256),
-	}
-	h.Register(client)
-
-	go client.writePump()
-	go client.readPump(h)
-}
-
-// wsOrStatic upgrades WebSocket requests at any path, serves static files otherwise.
-func wsOrStatic(hub *Hub, static http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if strings.EqualFold(r.Header.Get("Upgrade"), "websocket") {
-			hub.ServeWS(w, r)
-			return
-		}
-		static.ServeHTTP(w, r)
-	})
-}
-
-func (c *Client) readPump(hub *Hub) {
-	defer func() {
-		hub.Unregister(c)
-		c.conn.Close()
-	}()
-	c.conn.SetReadLimit(512)
-	c.conn.SetReadDeadline(time.Now().Add(60 * time.Second))
-	c.conn.SetPongHandler(func(string) error {
-		c.conn.SetReadDeadline(time.Now().Add(60 * time.Second))
-		return nil
-	})
-	for {
-		_, _, err := c.conn.ReadMessage()
-		if err != nil {
-			break
-		}
-	}
-}
-
-func (c *Client) writePump() {
-	ticker := time.NewTicker(30 * time.Second)
-	defer func() {
-		ticker.Stop()
-		c.conn.Close()
-	}()
-	for {
-		select {
-		case message, ok := <-c.send:
-			c.conn.SetWriteDeadline(time.Now().Add(10 * time.Second))
-			if !ok {
-				c.conn.WriteMessage(websocket.CloseMessage, []byte{})
-				return
-			}
-			if err := c.conn.WriteMessage(websocket.TextMessage, message); err != nil {
-				return
-			}
-		case <-ticker.C:
-			c.conn.SetWriteDeadline(time.Now().Add(10 * time.Second))
-			if err := c.conn.WriteMessage(websocket.PingMessage, nil); err != nil {
-				return
-			}
-		}
-	}
-}
-
-// Poller watches for new transmissions in SQLite and broadcasts them.
-type Poller struct {
-	db       *DB
-	hub      *Hub
-	store    *PacketStore // optional: if set, new transmissions are ingested into memory
-	interval time.Duration
-	stop     chan struct{}
-}
-
-func NewPoller(db *DB, hub *Hub, interval time.Duration) *Poller {
-	return &Poller{db: db, hub: hub, interval: interval, stop: make(chan struct{})}
-}
-
-func (p *Poller) Start() {
-	lastID := p.db.GetMaxTransmissionID()
-	lastObsID := p.db.GetMaxObservationID()
-	log.Printf("[poller] starting from transmission ID %d, obs ID %d, interval %v", lastID, lastObsID, p.interval)
-
-	ticker := time.NewTicker(p.interval)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-ticker.C:
-			if p.store != nil {
-				// Ingest new transmissions into in-memory store and broadcast
-				newTxs, newMax := p.store.IngestNewFromDB(lastID, 100)
-				if newMax > lastID {
-					lastID = newMax
-				}
-				// Ingest new observations for existing transmissions (fixes #174)
-				newObsMax := p.store.IngestNewObservations(lastObsID, 500)
-				if newObsMax > lastObsID {
-					lastObsID = newObsMax
-				}
-				if len(newTxs) > 0 {
-					log.Printf("[broadcast] sending %d packets to %d clients (lastID now %d)", len(newTxs), p.hub.ClientCount(), lastID)
-				}
-				for _, tx := range newTxs {
-					p.hub.Broadcast(WSMessage{
-						Type: "packet",
-						Data: tx,
-					})
-				}
-			} else {
-				// Fallback: direct DB query (used when store is nil, e.g. tests)
-				newTxs, err := p.db.GetNewTransmissionsSince(lastID, 100)
-				if err != nil {
-					log.Printf("[poller] error: %v", err)
-					continue
-				}
-				for _, tx := range newTxs {
-					id, _ := tx["id"].(int)
-					if id > lastID {
-						lastID = id
-					}
-					// Copy packet fields for the nested packet (avoids circular ref)
-					pkt := make(map[string]interface{}, len(tx))
-					for k, v := range tx {
-						pkt[k] = v
-					}
-					tx["packet"] = pkt
-					p.hub.Broadcast(WSMessage{
-						Type: "packet",
-						Data: tx,
-					})
-				}
-			}
-		case <-p.stop:
-			return
-		}
-	}
-}
-
-func (p *Poller) Stop() {
-	close(p.stop)
-}
+package main
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gorilla/websocket"
+)
+
+var upgrader = websocket.Upgrader{
+	ReadBufferSize:  1024,
+	WriteBufferSize: 4096,
+	CheckOrigin:     func(r *http.Request) bool { return true },
+}
+
+// Hub manages WebSocket clients and broadcasts.
+type Hub struct {
+	mu      sync.RWMutex
+	clients map[*Client]bool
+}
+
+// Client is a single WebSocket connection.
+type Client struct {
+	conn *websocket.Conn
+	send chan []byte
+}
+
+func NewHub() *Hub {
+	return &Hub{
+		clients: make(map[*Client]bool),
+	}
+}
+
+func (h *Hub) ClientCount() int {
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	return len(h.clients)
+}
+
+func (h *Hub) Register(c *Client) {
+	h.mu.Lock()
+	h.clients[c] = true
+	h.mu.Unlock()
+	log.Printf("[ws] client connected (%d total)", h.ClientCount())
+}
+
+func (h *Hub) Unregister(c *Client) {
+	h.mu.Lock()
+	if _, ok := h.clients[c]; ok {
+		delete(h.clients, c)
+		close(c.send)
+	}
+	h.mu.Unlock()
+	log.Printf("[ws] client disconnected (%d total)", h.ClientCount())
+}
+
+// Broadcast sends a message to all connected clients.
+func (h *Hub) Broadcast(msg interface{}) {
+	data, err := json.Marshal(msg)
+	if err != nil {
+		log.Printf("[ws] marshal error: %v", err)
+		return
+	}
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+	for c := range h.clients {
+		select {
+		case c.send <- data:
+		default:
+			// Client buffer full — drop
+		}
+	}
+}
+
+// ServeWS handles the WebSocket upgrade and runs the client.
+func (h *Hub) ServeWS(w http.ResponseWriter, r *http.Request) {
+	conn, err := upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		log.Printf("[ws] upgrade error: %v", err)
+		return
+	}
+
+	client := &Client{
+		conn: conn,
+		send: make(chan []byte, 256),
+	}
+	h.Register(client)
+
+	go client.writePump()
+	go client.readPump(h)
+}
+
+// wsOrStatic upgrades WebSocket requests at any path, serves static files otherwise.
+func wsOrStatic(hub *Hub, static http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if strings.EqualFold(r.Header.Get("Upgrade"), "websocket") {
+			hub.ServeWS(w, r)
+			return
+		}
+		static.ServeHTTP(w, r)
+	})
+}
+
+func (c *Client) readPump(hub *Hub) {
+	defer func() {
+		hub.Unregister(c)
+		c.conn.Close()
+	}()
+	c.conn.SetReadLimit(512)
+	c.conn.SetReadDeadline(time.Now().Add(60 * time.Second))
+	c.conn.SetPongHandler(func(string) error {
+		c.conn.SetReadDeadline(time.Now().Add(60 * time.Second))
+		return nil
+	})
+	for {
+		_, _, err := c.conn.ReadMessage()
+		if err != nil {
+			break
+		}
+	}
+}
+
+func (c *Client) writePump() {
+	ticker := time.NewTicker(30 * time.Second)
+	defer func() {
+		ticker.Stop()
+		c.conn.Close()
+	}()
+	for {
+		select {
+		case message, ok := <-c.send:
+			c.conn.SetWriteDeadline(time.Now().Add(10 * time.Second))
+			if !ok {
+				c.conn.WriteMessage(websocket.CloseMessage, []byte{})
+				return
+			}
+			if err := c.conn.WriteMessage(websocket.TextMessage, message); err != nil {
+				return
+			}
+		case <-ticker.C:
+			c.conn.SetWriteDeadline(time.Now().Add(10 * time.Second))
+			if err := c.conn.WriteMessage(websocket.PingMessage, nil); err != nil {
+				return
+			}
+		}
+	}
+}
+
+// Poller watches for new transmissions in SQLite and broadcasts them.
+type Poller struct {
+	db       *DB
+	hub      *Hub
+	store    *PacketStore // optional: if set, new transmissions are ingested into memory
+	interval time.Duration
+	stop     chan struct{}
+}
+
+func NewPoller(db *DB, hub *Hub, interval time.Duration) *Poller {
+	return &Poller{db: db, hub: hub, interval: interval, stop: make(chan struct{})}
+}
+
+func (p *Poller) Start() {
+	lastID := p.db.GetMaxTransmissionID()
+	lastObsID := p.db.GetMaxObservationID()
+	log.Printf("[poller] starting from transmission ID %d, obs ID %d, interval %v", lastID, lastObsID, p.interval)
+
+	ticker := time.NewTicker(p.interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			if p.store != nil {
+				// Ingest new transmissions into in-memory store and broadcast
+				newTxs, newMax := p.store.IngestNewFromDB(lastID, 100)
+				if newMax > lastID {
+					lastID = newMax
+				}
+				// Ingest new observations for existing transmissions (fixes #174)
+				nextObsID := lastObsID
+				if err := p.db.conn.QueryRow(`
+					SELECT COALESCE(MAX(id), ?) FROM (
+						SELECT id FROM observations
+						WHERE id > ?
+						ORDER BY id ASC
+						LIMIT 500
+					)`, lastObsID, lastObsID).Scan(&nextObsID); err != nil {
+					nextObsID = lastObsID
+				}
+				newObs := p.store.IngestNewObservations(lastObsID, 500)
+				if nextObsID > lastObsID {
+					lastObsID = nextObsID
+				}
+				if len(newTxs) > 0 {
+					log.Printf("[broadcast] sending %d packets to %d clients (lastID now %d)", len(newTxs), p.hub.ClientCount(), lastID)
+				}
+				for _, tx := range newTxs {
+					p.hub.Broadcast(WSMessage{
+						Type: "packet",
+						Data: tx,
+					})
+				}
+				for _, obs := range newObs {
+					p.hub.Broadcast(WSMessage{
+						Type: "packet",
+						Data: obs,
+					})
+				}
+			} else {
+				// Fallback: direct DB query (used when store is nil, e.g. tests)
+				newTxs, err := p.db.GetNewTransmissionsSince(lastID, 100)
+				if err != nil {
+					log.Printf("[poller] error: %v", err)
+					continue
+				}
+				for _, tx := range newTxs {
+					id, _ := tx["id"].(int)
+					if id > lastID {
+						lastID = id
+					}
+					// Copy packet fields for the nested packet (avoids circular ref)
+					pkt := make(map[string]interface{}, len(tx))
+					for k, v := range tx {
+						pkt[k] = v
+					}
+					tx["packet"] = pkt
+					p.hub.Broadcast(WSMessage{
+						Type: "packet",
+						Data: tx,
+					})
+				}
+			}
+		case <-p.stop:
+			return
+		}
+	}
+}
+
+func (p *Poller) Stop() {
+	close(p.stop)
+}

cmd/server/websocket_test.go

@@ -1,275 +1,415 @@
-package main
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/gorilla/websocket"
-)
-
-func TestHubBroadcast(t *testing.T) {
-	hub := NewHub()
-
-	if hub.ClientCount() != 0 {
-		t.Errorf("expected 0 clients, got %d", hub.ClientCount())
-	}
-
-	// Create a test server with WebSocket endpoint
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		hub.ServeWS(w, r)
-	}))
-	defer srv.Close()
-
-	// Connect a WebSocket client
-	wsURL := "ws" + srv.URL[4:] // replace http with ws
-	conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
-	if err != nil {
-		t.Fatalf("dial error: %v", err)
-	}
-	defer conn.Close()
-
-	// Wait for registration
-	time.Sleep(50 * time.Millisecond)
-
-	if hub.ClientCount() != 1 {
-		t.Errorf("expected 1 client, got %d", hub.ClientCount())
-	}
-
-	// Broadcast a message
-	hub.Broadcast(map[string]interface{}{
-		"type": "packet",
-		"data": map[string]interface{}{"id": 1, "hash": "test123"},
-	})
-
-	// Read the message
-	conn.SetReadDeadline(time.Now().Add(2 * time.Second))
-	_, msg, err := conn.ReadMessage()
-	if err != nil {
-		t.Fatalf("read error: %v", err)
-	}
-	if len(msg) == 0 {
-		t.Error("expected non-empty message")
-	}
-
-	// Disconnect
-	conn.Close()
-	time.Sleep(100 * time.Millisecond)
-}
-
-func TestPollerCreation(t *testing.T) {
-	db := setupTestDB(t)
-	defer db.Close()
-	seedTestData(t, db)
-	hub := NewHub()
-
-	poller := NewPoller(db, hub, 100*time.Millisecond)
-	if poller == nil {
-		t.Fatal("expected poller")
-	}
-
-	// Start and stop
-	go poller.Start()
-	time.Sleep(200 * time.Millisecond)
-	poller.Stop()
-}
-
-func TestHubMultipleClients(t *testing.T) {
-	hub := NewHub()
-
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		hub.ServeWS(w, r)
-	}))
-	defer srv.Close()
-
-	wsURL := "ws" + srv.URL[4:]
-
-	// Connect two clients
-	conn1, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
-	if err != nil {
-		t.Fatalf("dial error: %v", err)
-	}
-	defer conn1.Close()
-
-	conn2, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
-	if err != nil {
-		t.Fatalf("dial error: %v", err)
-	}
-	defer conn2.Close()
-
-	time.Sleep(100 * time.Millisecond)
-
-	if hub.ClientCount() != 2 {
-		t.Errorf("expected 2 clients, got %d", hub.ClientCount())
-	}
-
-	// Broadcast and both should receive
-	hub.Broadcast(map[string]interface{}{"type": "test", "data": "hello"})
-
-	conn1.SetReadDeadline(time.Now().Add(2 * time.Second))
-	_, msg1, err := conn1.ReadMessage()
-	if err != nil {
-		t.Fatalf("conn1 read error: %v", err)
-	}
-	if len(msg1) == 0 {
-		t.Error("expected non-empty message on conn1")
-	}
-
-	conn2.SetReadDeadline(time.Now().Add(2 * time.Second))
-	_, msg2, err := conn2.ReadMessage()
-	if err != nil {
-		t.Fatalf("conn2 read error: %v", err)
-	}
-	if len(msg2) == 0 {
-		t.Error("expected non-empty message on conn2")
-	}
-
-	// Disconnect one
-	conn1.Close()
-	time.Sleep(100 * time.Millisecond)
-
-	// Remaining client should still work
-	hub.Broadcast(map[string]interface{}{"type": "test2"})
-
-	conn2.SetReadDeadline(time.Now().Add(2 * time.Second))
-	_, msg3, err := conn2.ReadMessage()
-	if err != nil {
-		t.Fatalf("conn2 read error after disconnect: %v", err)
-	}
-	if len(msg3) == 0 {
-		t.Error("expected non-empty message")
-	}
-}
-
-func TestBroadcastFullBuffer(t *testing.T) {
-	hub := NewHub()
-
-	// Create a client with tiny buffer (1)
-	client := &Client{
-		send: make(chan []byte, 1),
-	}
-	hub.mu.Lock()
-	hub.clients[client] = true
-	hub.mu.Unlock()
-
-	// Fill the buffer
-	client.send <- []byte("first")
-
-	// This broadcast should drop the message (buffer full)
-	hub.Broadcast(map[string]interface{}{"type": "dropped"})
-
-	// Channel should still only have the first message
-	select {
-	case msg := <-client.send:
-		if string(msg) != "first" {
-			t.Errorf("expected 'first', got %s", string(msg))
-		}
-	default:
-		t.Error("expected message in channel")
-	}
-
-	// Clean up
-	hub.mu.Lock()
-	delete(hub.clients, client)
-	hub.mu.Unlock()
-}
-
-func TestBroadcastMarshalError(t *testing.T) {
-	hub := NewHub()
-
-	// Marshal error: functions can't be marshaled to JSON
-	hub.Broadcast(map[string]interface{}{"bad": func() {}})
-	// Should not panic — just log and return
-}
-
-func TestPollerBroadcastsNewData(t *testing.T) {
-	db := setupTestDB(t)
-	defer db.Close()
-	seedTestData(t, db)
-	hub := NewHub()
-
-	// Create a client to receive broadcasts
-	client := &Client{
-		send: make(chan []byte, 256),
-	}
-	hub.mu.Lock()
-	hub.clients[client] = true
-	hub.mu.Unlock()
-
-	poller := NewPoller(db, hub, 50*time.Millisecond)
-	go poller.Start()
-
-	// Insert new data to trigger broadcast
-	db.conn.Exec(`INSERT INTO transmissions (raw_hex, hash, first_seen, route_type, payload_type)
-		VALUES ('EEFF', 'newhash123456789', '2026-01-16T10:00:00Z', 1, 4)`)
-
-	time.Sleep(200 * time.Millisecond)
-	poller.Stop()
-
-	// Check if client received broadcast with packet field (fixes #162)
-	select {
-	case msg := <-client.send:
-		if len(msg) == 0 {
-			t.Error("expected non-empty broadcast message")
-		}
-		var parsed map[string]interface{}
-		if err := json.Unmarshal(msg, &parsed); err != nil {
-			t.Fatalf("failed to parse broadcast: %v", err)
-		}
-		if parsed["type"] != "packet" {
-			t.Errorf("expected type=packet, got %v", parsed["type"])
-		}
-		data, ok := parsed["data"].(map[string]interface{})
-		if !ok {
-			t.Fatal("expected data to be an object")
-		}
-		// packets.js filters on m.data.packet — must exist
-		pkt, ok := data["packet"]
-		if !ok || pkt == nil {
-			t.Error("expected data.packet to exist (required by packets.js WS handler)")
-		}
-		pktMap, ok := pkt.(map[string]interface{})
-		if !ok {
-			t.Fatal("expected data.packet to be an object")
-		}
-		// Verify key fields exist in nested packet (timestamp required by packets.js)
-		for _, field := range []string{"id", "hash", "payload_type", "timestamp"} {
-			if _, exists := pktMap[field]; !exists {
-				t.Errorf("expected data.packet.%s to exist", field)
-			}
-		}
-	default:
-		// Might not have received due to timing
-	}
-
-	// Clean up
-	hub.mu.Lock()
-	delete(hub.clients, client)
-	hub.mu.Unlock()
-}
-
-func TestHubRegisterUnregister(t *testing.T) {
-	hub := NewHub()
-
-	client := &Client{
-		send: make(chan []byte, 256),
-	}
-
-	hub.Register(client)
-	if hub.ClientCount() != 1 {
-		t.Errorf("expected 1 client after register, got %d", hub.ClientCount())
-	}
-
-	hub.Unregister(client)
-	if hub.ClientCount() != 0 {
-		t.Errorf("expected 0 clients after unregister, got %d", hub.ClientCount())
-	}
-
-	// Unregister again should be safe
-	hub.Unregister(client)
-	if hub.ClientCount() != 0 {
-		t.Errorf("expected 0 clients, got %d", hub.ClientCount())
-	}
-}
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/gorilla/websocket"
+)
+
+func TestHubBroadcast(t *testing.T) {
+	hub := NewHub()
+
+	if hub.ClientCount() != 0 {
+		t.Errorf("expected 0 clients, got %d", hub.ClientCount())
+	}
+
+	// Create a test server with WebSocket endpoint
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		hub.ServeWS(w, r)
+	}))
+	defer srv.Close()
+
+	// Connect a WebSocket client
+	wsURL := "ws" + srv.URL[4:] // replace http with ws
+	conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
+	if err != nil {
+		t.Fatalf("dial error: %v", err)
+	}
+	defer conn.Close()
+
+	// Wait for registration
+	time.Sleep(50 * time.Millisecond)
+
+	if hub.ClientCount() != 1 {
+		t.Errorf("expected 1 client, got %d", hub.ClientCount())
+	}
+
+	// Broadcast a message
+	hub.Broadcast(map[string]interface{}{
+		"type": "packet",
+		"data": map[string]interface{}{"id": 1, "hash": "test123"},
+	})
+
+	// Read the message
+	conn.SetReadDeadline(time.Now().Add(2 * time.Second))
+	_, msg, err := conn.ReadMessage()
+	if err != nil {
+		t.Fatalf("read error: %v", err)
+	}
+	if len(msg) == 0 {
+		t.Error("expected non-empty message")
+	}
+
+	// Disconnect
+	conn.Close()
+	time.Sleep(100 * time.Millisecond)
+}
+
+func TestPollerCreation(t *testing.T) {
+	db := setupTestDB(t)
+	defer db.Close()
+	seedTestData(t, db)
+	hub := NewHub()
+
+	poller := NewPoller(db, hub, 100*time.Millisecond)
+	if poller == nil {
+		t.Fatal("expected poller")
+	}
+
+	// Start and stop
+	go poller.Start()
+	time.Sleep(200 * time.Millisecond)
+	poller.Stop()
+}
+
+func TestHubMultipleClients(t *testing.T) {
+	hub := NewHub()
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		hub.ServeWS(w, r)
+	}))
+	defer srv.Close()
+
+	wsURL := "ws" + srv.URL[4:]
+
+	// Connect two clients
+	conn1, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
+	if err != nil {
+		t.Fatalf("dial error: %v", err)
+	}
+	defer conn1.Close()
+
+	conn2, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
+	if err != nil {
+		t.Fatalf("dial error: %v", err)
+	}
+	defer conn2.Close()
+
+	time.Sleep(100 * time.Millisecond)
+
+	if hub.ClientCount() != 2 {
+		t.Errorf("expected 2 clients, got %d", hub.ClientCount())
+	}
+
+	// Broadcast and both should receive
+	hub.Broadcast(map[string]interface{}{"type": "test", "data": "hello"})
+
+	conn1.SetReadDeadline(time.Now().Add(2 * time.Second))
+	_, msg1, err := conn1.ReadMessage()
+	if err != nil {
+		t.Fatalf("conn1 read error: %v", err)
+	}
+	if len(msg1) == 0 {
+		t.Error("expected non-empty message on conn1")
+	}
+
+	conn2.SetReadDeadline(time.Now().Add(2 * time.Second))
+	_, msg2, err := conn2.ReadMessage()
+	if err != nil {
+		t.Fatalf("conn2 read error: %v", err)
+	}
+	if len(msg2) == 0 {
+		t.Error("expected non-empty message on conn2")
+	}
+
+	// Disconnect one
+	conn1.Close()
+	time.Sleep(100 * time.Millisecond)
+
+	// Remaining client should still work
+	hub.Broadcast(map[string]interface{}{"type": "test2"})
+
+	conn2.SetReadDeadline(time.Now().Add(2 * time.Second))
+	_, msg3, err := conn2.ReadMessage()
+	if err != nil {
+		t.Fatalf("conn2 read error after disconnect: %v", err)
+	}
+	if len(msg3) == 0 {
+		t.Error("expected non-empty message")
+	}
+}
+
+func TestBroadcastFullBuffer(t *testing.T) {
+	hub := NewHub()
+
+	// Create a client with tiny buffer (1)
+	client := &Client{
+		send: make(chan []byte, 1),
+	}
+	hub.mu.Lock()
+	hub.clients[client] = true
+	hub.mu.Unlock()
+
+	// Fill the buffer
+	client.send <- []byte("first")
+
+	// This broadcast should drop the message (buffer full)
+	hub.Broadcast(map[string]interface{}{"type": "dropped"})
+
+	// Channel should still only have the first message
+	select {
+	case msg := <-client.send:
+		if string(msg) != "first" {
+			t.Errorf("expected 'first', got %s", string(msg))
+		}
+	default:
+		t.Error("expected message in channel")
+	}
+
+	// Clean up
+	hub.mu.Lock()
+	delete(hub.clients, client)
+	hub.mu.Unlock()
+}
+
+func TestBroadcastMarshalError(t *testing.T) {
+	hub := NewHub()
+
+	// Marshal error: functions can't be marshaled to JSON
+	hub.Broadcast(map[string]interface{}{"bad": func() {}})
+	// Should not panic — just log and return
+}
+
+func TestPollerBroadcastsNewData(t *testing.T) {
+	db := setupTestDB(t)
+	defer db.Close()
+	seedTestData(t, db)
+	hub := NewHub()
+
+	// Create a client to receive broadcasts
+	client := &Client{
+		send: make(chan []byte, 256),
+	}
+	hub.mu.Lock()
+	hub.clients[client] = true
+	hub.mu.Unlock()
+
+	poller := NewPoller(db, hub, 50*time.Millisecond)
+	go poller.Start()
+
+	// Insert new data to trigger broadcast
+	db.conn.Exec(`INSERT INTO transmissions (raw_hex, hash, first_seen, route_type, payload_type)
+		VALUES ('EEFF', 'newhash123456789', '2026-01-16T10:00:00Z', 1, 4)`)
+
+	time.Sleep(200 * time.Millisecond)
+	poller.Stop()
+
+	// Check if client received broadcast with packet field (fixes #162)
+	select {
+	case msg := <-client.send:
+		if len(msg) == 0 {
+			t.Error("expected non-empty broadcast message")
+		}
+		var parsed map[string]interface{}
+		if err := json.Unmarshal(msg, &parsed); err != nil {
+			t.Fatalf("failed to parse broadcast: %v", err)
+		}
+		if parsed["type"] != "packet" {
+			t.Errorf("expected type=packet, got %v", parsed["type"])
+		}
+		data, ok := parsed["data"].(map[string]interface{})
+		if !ok {
+			t.Fatal("expected data to be an object")
+		}
+		// packets.js filters on m.data.packet — must exist
+		pkt, ok := data["packet"]
+		if !ok || pkt == nil {
+			t.Error("expected data.packet to exist (required by packets.js WS handler)")
+		}
+		pktMap, ok := pkt.(map[string]interface{})
+		if !ok {
+			t.Fatal("expected data.packet to be an object")
+		}
+		// Verify key fields exist in nested packet (timestamp required by packets.js)
+		for _, field := range []string{"id", "hash", "payload_type", "timestamp"} {
+			if _, exists := pktMap[field]; !exists {
+				t.Errorf("expected data.packet.%s to exist", field)
+			}
+		}
+	default:
+		// Might not have received due to timing
+	}
+
+	// Clean up
+	hub.mu.Lock()
+	delete(hub.clients, client)
+	hub.mu.Unlock()
+}
+
+func TestPollerBroadcastsMultipleObservations(t *testing.T) {
+	db := setupTestDB(t)
+	defer db.Close()
+	seedTestData(t, db)
+	hub := NewHub()
+
+	client := &Client{
+		send: make(chan []byte, 256),
+	}
+	hub.mu.Lock()
+	hub.clients[client] = true
+	hub.mu.Unlock()
+	defer func() {
+		hub.mu.Lock()
+		delete(hub.clients, client)
+		hub.mu.Unlock()
+	}()
+
+	poller := NewPoller(db, hub, 50*time.Millisecond)
+	store := NewPacketStore(db)
+	if err := store.Load(); err != nil {
+		t.Fatalf("store load failed: %v", err)
+	}
+	poller.store = store
+	go poller.Start()
+	defer poller.Stop()
+
+	// Wait for poller to initialize its lastID/lastObsID cursors before
+	// inserting new data; otherwise the poller may snapshot a lastID that
+	// already includes the test data and never broadcast it.
+	time.Sleep(100 * time.Millisecond)
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	if _, err := db.conn.Exec(`INSERT INTO transmissions (raw_hex, hash, first_seen, route_type, payload_type, decoded_json)
+		VALUES ('FACE', 'starbursthash237a', ?, 1, 4, '{"pubKey":"aabbccdd11223344","type":"ADVERT"}')`, now); err != nil {
+		t.Fatalf("insert tx failed: %v", err)
+	}
+	var txID int
+	if err := db.conn.QueryRow(`SELECT id FROM transmissions WHERE hash='starbursthash237a'`).Scan(&txID); err != nil {
+		t.Fatalf("query tx id failed: %v", err)
+	}
+	ts := time.Now().Unix()
+	if _, err := db.conn.Exec(`INSERT INTO observations (transmission_id, observer_idx, snr, rssi, path_json, timestamp)
+		VALUES (?, 1, 14.0, -82, '["aa"]', ?),
+		       (?, 2, 10.5, -90, '["aa","bb"]', ?),
+		       (?, 1, 7.0, -96, '["aa","bb","cc"]', ?)`,
+		txID, ts, txID, ts+1, txID, ts+2); err != nil {
+		t.Fatalf("insert observations failed: %v", err)
+	}
+
+	deadline := time.After(2 * time.Second)
+	var dataMsgs []map[string]interface{}
+	for len(dataMsgs) < 3 {
+		select {
+		case raw := <-client.send:
+			var parsed map[string]interface{}
+			if err := json.Unmarshal(raw, &parsed); err != nil {
+				t.Fatalf("unmarshal ws msg failed: %v", err)
+			}
+			if parsed["type"] != "packet" {
+				continue
+			}
+			data, ok := parsed["data"].(map[string]interface{})
+			if !ok {
+				continue
+			}
+			if data["hash"] == "starbursthash237a" {
+				dataMsgs = append(dataMsgs, data)
+			}
+		case <-deadline:
+			t.Fatalf("timed out waiting for 3 observation broadcasts, got %d", len(dataMsgs))
+		}
+	}
+
+	if len(dataMsgs) != 3 {
+		t.Fatalf("expected 3 messages, got %d", len(dataMsgs))
+	}
+
+	paths := make([]string, 0, 3)
+	observers := make(map[string]bool)
+	for _, m := range dataMsgs {
+		hash, _ := m["hash"].(string)
+		if hash != "starbursthash237a" {
+			t.Fatalf("unexpected hash %q", hash)
+		}
+		p, _ := m["path_json"].(string)
+		paths = append(paths, p)
+		if oid, ok := m["observer_id"].(string); ok && oid != "" {
+			observers[oid] = true
+		}
+	}
+	sort.Strings(paths)
+	wantPaths := []string{`["aa","bb","cc"]`, `["aa","bb"]`, `["aa"]`}
+	sort.Strings(wantPaths)
+	for i := range wantPaths {
+		if paths[i] != wantPaths[i] {
+			t.Fatalf("path mismatch at %d: got %q want %q", i, paths[i], wantPaths[i])
+		}
+	}
+	if len(observers) < 2 {
+		t.Fatalf("expected observations from >=2 observers, got %d", len(observers))
+	}
+}
+
+func TestIngestNewObservationsBroadcast(t *testing.T) {
+	db := setupTestDB(t)
+	defer db.Close()
+	seedTestData(t, db)
+	store := NewPacketStore(db)
+	if err := store.Load(); err != nil {
+		t.Fatalf("store load failed: %v", err)
+	}
+
+	maxObs := db.GetMaxObservationID()
+	now := time.Now().Unix()
+	if _, err := db.conn.Exec(`INSERT INTO observations (transmission_id, observer_idx, snr, rssi, path_json, timestamp)
+		VALUES (1, 2, 6.0, -100, '["aa","zz"]', ?),
+		       (1, 1, 5.0, -101, '["aa","yy"]', ?)`, now, now+1); err != nil {
+		t.Fatalf("insert new observations failed: %v", err)
+	}
+
+	maps := store.IngestNewObservations(maxObs, 500)
+	if len(maps) != 2 {
+		t.Fatalf("expected 2 broadcast maps, got %d", len(maps))
+	}
+	for _, m := range maps {
+		if m["hash"] != "abc123def4567890" {
+			t.Fatalf("unexpected hash in map: %v", m["hash"])
+		}
+		path, ok := m["path_json"].(string)
+		if !ok || path == "" {
+			t.Fatalf("missing path_json in map: %#v", m)
+		}
+		if _, ok := m["observer_id"]; !ok {
+			t.Fatalf("missing observer_id in map: %#v", m)
+		}
+	}
+}
+
+func TestHubRegisterUnregister(t *testing.T) {
+	hub := NewHub()
+
+	client := &Client{
+		send: make(chan []byte, 256),
+	}
+
+	hub.Register(client)
+	if hub.ClientCount() != 1 {
+		t.Errorf("expected 1 client after register, got %d", hub.ClientCount())
+	}
+
+	hub.Unregister(client)
+	if hub.ClientCount() != 0 {
+		t.Errorf("expected 0 clients after unregister, got %d", hub.ClientCount())
+	}
+
+	// Unregister again should be safe
+	hub.Unregister(client)
+	if hub.ClientCount() != 0 {
+		t.Errorf("expected 0 clients, got %d", hub.ClientCount())
+	}
+}

decoder.js

@@ -2,8 +2,8 @@
  * MeshCore Packet Decoder
  * Custom implementation — does NOT use meshcore-decoder library (known path_length bug).
  *
- * Packet layout:
- *   [header(1)] [pathLength(1)] [transportCodes?] [path hops] [payload...]
+ * Packet layout (per firmware docs/packet_format.md):
+ *   [header(1)] [transportCodes?(4)] [pathLength(1)] [path hops] [payload...]
  *
  * Header byte (LSB first):
  *   bits 1-0: routeType (0=TRANSPORT_FLOOD, 1=FLOOD, 2=DIRECT, 3=TRANSPORT_DIRECT)
@@ -42,7 +42,7 @@ const PAYLOAD_TYPES = {
   0x0F: 'RAW_CUSTOM',
 };
 
-// Route types that carry transport codes (nextHop + lastHop, 2 bytes each)
+// Route types that carry transport codes (2x uint16_t, 4 bytes total)
 const TRANSPORT_ROUTES = new Set([0, 3]); // TRANSPORT_FLOOD, TRANSPORT_DIRECT
 
 // --- Header parsing ---
@@ -94,13 +94,11 @@ function decodeEncryptedPayload(buf) {
   };
 }
 
-/** ACK: dest(1) + src(1) + ack_hash(4) (per Mesh.cpp) */
+/** ACK: checksum(4) — CRC of message timestamp + text + sender pubkey (per Mesh.cpp createAck) */
 function decodeAck(buf) {
-  if (buf.length < 6) return { error: 'too short', raw: buf.toString('hex') };
+  if (buf.length < 4) return { error: 'too short', raw: buf.toString('hex') };
   return {
-    destHash: buf.subarray(0, 1).toString('hex'),
-    srcHash: buf.subarray(1, 2).toString('hex'),
-    extraHash: buf.subarray(2, 6).toString('hex'),
+    ackChecksum: buf.subarray(0, 4).toString('hex'),
   };
 }
 
@@ -125,6 +123,8 @@ function decodeAdvert(buf) {
       room: advType === 3,
       sensor: advType === 4,
       hasLocation: !!(flags & 0x10),
+      hasFeat1: !!(flags & 0x20),
+      hasFeat2: !!(flags & 0x40),
       hasName: !!(flags & 0x80),
     };
 
@@ -134,6 +134,14 @@ function decodeAdvert(buf) {
       result.lon = appdata.readInt32LE(off + 4) / 1e6;
       off += 8;
     }
+    if (result.flags.hasFeat1 && appdata.length >= off + 2) {
+      result.feat1 = appdata.readUInt16LE(off);
+      off += 2;
+    }
+    if (result.flags.hasFeat2 && appdata.length >= off + 2) {
+      result.feat2 = appdata.readUInt16LE(off);
+      off += 2;
+    }
     if (result.flags.hasName) {
       // Find null terminator to separate name from trailing telemetry bytes
       let nameEnd = appdata.length;
@@ -231,7 +239,7 @@ function decodeGrpTxt(buf, channelKeys) {
   return { type: 'GRP_TXT', channelHash, channelHashHex, decryptionStatus: 'no_key', mac, encryptedData };
 }
 
-/** ANON_REQ: dest(6) + ephemeral_pubkey(32) + MAC(4) + encrypted */
+/** ANON_REQ: dest(1) + ephemeral_pubkey(32) + MAC(2) + encrypted */
 function decodeAnonReq(buf) {
   if (buf.length < 35) return { error: 'too short', raw: buf.toString('hex') };
   return {
@@ -242,7 +250,7 @@ function decodeAnonReq(buf) {
   };
 }
 
-/** PATH: dest(6) + src(6) + MAC(4) + path_data */
+/** PATH: dest(1) + src(1) + MAC(2) + path_data */
 function decodePath_payload(buf) {
   if (buf.length < 4) return { error: 'too short', raw: buf.toString('hex') };
   return {
@@ -253,14 +261,14 @@ function decodePath_payload(buf) {
   };
 }
 
-/** TRACE: flags(1) + tag(4) + dest(6) + src(1) */
+/** TRACE: tag(4) + authCode(4) + flags(1) + pathData (per Mesh.cpp onRecvPacket TRACE) */
 function decodeTrace(buf) {
-  if (buf.length < 12) return { error: 'too short', raw: buf.toString('hex') };
+  if (buf.length < 9) return { error: 'too short', raw: buf.toString('hex') };
   return {
-    flags: buf[0],
-    tag: buf.readUInt32LE(1),
-    destHash: buf.subarray(5, 11).toString('hex'),
-    srcHash: buf.subarray(11, 12).toString('hex'),
+    tag: buf.readUInt32LE(0),
+    authCode: buf.subarray(4, 8).toString('hex'),
+    flags: buf[8],
+    pathData: buf.subarray(9).toString('hex'),
   };
 }
 
@@ -289,20 +297,22 @@ function decodePacket(hexString, channelKeys) {
   if (buf.length < 2) throw new Error('Packet too short (need at least header + pathLength)');
 
   const header = decodeHeader(buf[0]);
-  const pathByte = buf[1];
-  let offset = 2;
+  let offset = 1;
 
-  // Transport codes for TRANSPORT_FLOOD / TRANSPORT_DIRECT
+  // Transport codes for TRANSPORT_FLOOD / TRANSPORT_DIRECT — BEFORE path_length per spec
   let transportCodes = null;
   if (TRANSPORT_ROUTES.has(header.routeType)) {
     if (buf.length < offset + 4) throw new Error('Packet too short for transport codes');
     transportCodes = {
-      nextHop: buf.subarray(offset, offset + 2).toString('hex').toUpperCase(),
-      lastHop: buf.subarray(offset + 2, offset + 4).toString('hex').toUpperCase(),
+      code1: buf.subarray(offset, offset + 2).toString('hex').toUpperCase(),
+      code2: buf.subarray(offset + 2, offset + 4).toString('hex').toUpperCase(),
     };
     offset += 4;
   }
 
+  // Path length byte — AFTER transport codes per spec
+  const pathByte = buf[offset++];
+
   // Path
   const path = decodePath(pathByte, buf, offset);
   offset += path.bytesConsumed;
@@ -386,7 +396,7 @@ module.exports = { decodePacket, validateAdvert, hasNonPrintableChars, ROUTE_TYP
 
 // --- Tests ---
 if (require.main === module) {
-  console.log('=== Test 1: ADVERT, FLOOD, 5 hops (2-byte hashes), "Test Repeater" ===');
+  console.log('=== Test 1: ADVERT, FLOOD, 5 hops (2-byte hashes), "Kpa Roof Solar" ===');
   const pkt1 = decodePacket(
     '11451000D818206D3AAC152C8A91F89957E6D30CA51F36E28790228971C473B755F244F718754CF5EE4A2FD58D944466E42CDED140C66D0CC590183E32BAF40F112BE8F3F2BDF6012B4B2793C52F1D36F69EE054D9A05593286F78453E56C0EC4A3EB95DDA2A7543FCCC00B939CACC009278603902FC12BCF84B706120526F6F6620536F6C6172'
   );
@@ -402,7 +412,7 @@ if (require.main === module) {
   assert(pkt1.path.hops[0] === '1000', 'first hop should be 1000');
   assert(pkt1.path.hops[1] === 'D818', 'second hop should be D818');
   assert(pkt1.transportCodes === null, 'FLOOD has no transport codes');
-  assert(pkt1.payload.name === 'Test Repeater', 'name should be "Test Repeater"');
+  assert(pkt1.payload.name === 'Kpa Roof Solar', 'name should be "Kpa Roof Solar"');
   console.log('✅ Test 1 passed\n');
 
   console.log('=== Test 2: ADVERT, FLOOD, 0 hops (zero-path) ===');

docker-compose.yml

@@ -5,9 +5,12 @@
 
 services:
   prod:
+    build: .
     image: corescope:latest
     container_name: corescope-prod
     restart: unless-stopped
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     ports:
       - "${PROD_HTTP_PORT:-80}:${PROD_HTTP_PORT:-80}"
       - "${PROD_HTTPS_PORT:-443}:${PROD_HTTPS_PORT:-443}"
@@ -26,9 +29,12 @@ services:
       retries: 3
 
   staging:
+    build: .
     image: corescope:latest
     container_name: corescope-staging
     restart: unless-stopped
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     ports:
       - "${STAGING_HTTP_PORT:-81}:${STAGING_HTTP_PORT:-81}"
       - "${STAGING_MQTT_PORT:-1884}:1883"
@@ -57,6 +63,8 @@ services:
     image: corescope-go:latest
     container_name: corescope-staging-go
     restart: unless-stopped
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     ports:
       - "${STAGING_GO_HTTP_PORT:-82}:80"
       - "${STAGING_GO_MQTT_PORT:-1885}:1883"

docs/rename-migration.md

@@ -0,0 +1,101 @@
+# CoreScope Migration Guide
+
+MeshCore Analyzer has been renamed to **CoreScope**. This document covers what you need to update.
+
+## What Changed
+
+- **Repository name**: `meshcore-analyzer` → `corescope`
+- **Docker image name**: `meshcore-analyzer:latest` → `corescope:latest`
+- **Docker container prefixes**: `meshcore-*` → `corescope-*`
+- **Default site name**: "MeshCore Analyzer" → "CoreScope"
+
+## What Did NOT Change
+
+- **Data directories** — `~/meshcore-data/` stays as-is
+- **Database filename** — `meshcore.db` is unchanged
+- **MQTT topics** — `meshcore/#` topics are protocol-level and unchanged
+- **Browser state** — Favorites, localStorage keys, and settings are preserved
+- **Config file format** — `config.json` structure is the same
+
+---
+
+## 1. Git Remote Update
+
+Update your local clone to point to the new repository URL:
+
+```bash
+git remote set-url origin https://github.com/Kpa-clawbot/corescope.git
+git pull
+```
+
+## 2. Docker (manage.sh) Users
+
+Rebuild with the new image name:
+
+```bash
+./manage.sh stop
+git pull
+./manage.sh setup
+```
+
+The new image is `corescope:latest`. You can clean up the old image:
+
+```bash
+docker rmi meshcore-analyzer:latest
+```
+
+## 3. Docker Compose Users
+
+Rebuild containers with the new names:
+
+```bash
+docker compose down
+git pull
+docker compose build
+docker compose up -d
+```
+
+Container names change from `meshcore-*` to `corescope-*`. Old containers are removed by `docker compose down`.
+
+## 4. Data Directories
+
+**No action required.** The data directory `~/meshcore-data/` and database file `meshcore.db` are unchanged. Your existing data carries over automatically.
+
+## 5. Config
+
+If you customized `branding.siteName` in your `config.json`, update it to your preferred name. Otherwise the new default "CoreScope" applies automatically.
+
+No other config keys changed.
+
+## 6. MQTT
+
+**No action required.** MQTT topics (`meshcore/#`) are protocol-level and are not affected by the rename.
+
+## 7. Browser
+
+**No action required.** Bookmarks/favorites will continue to work at the same host and port. localStorage keys are unchanged, so your settings and preferences are preserved.
+
+## 8. CI/CD
+
+If you have custom CI/CD pipelines that reference:
+
+- The old repository URL (`meshcore-analyzer`)
+- The old Docker image name (`meshcore-analyzer:latest`)
+- Old container names (`meshcore-*`)
+
+Update those references to use the new names.
+
+---
+
+## Summary Checklist
+
+| Item | Action Required? | What to Do |
+|------|-----------------|------------|
+| Git remote | ✅ Yes | `git remote set-url origin …corescope.git` |
+| Docker image | ✅ Yes | Rebuild; optionally `docker rmi` old image |
+| Docker Compose | ✅ Yes | `docker compose down && build && up` |
+| Data directories | ❌ No | Unchanged |
+| Config | ⚠️ Maybe | Only if you customized `branding.siteName` |
+| MQTT | ❌ No | Topics unchanged |
+| Browser | ❌ No | Settings preserved |
+| CI/CD | ⚠️ Maybe | Update if referencing old repo/image names |

public/index.html

@@ -22,9 +22,9 @@
   <meta name="twitter:title" content="CoreScope">
   <meta name="twitter:description" content="Real-time MeshCore LoRa mesh network analyzer — live packet visualization, node tracking, channel decryption, and route analysis.">
   <meta name="twitter:image" content="https://raw.githubusercontent.com/Kpa-clawbot/corescope/master/public/og-image.png">
-  <link rel="stylesheet" href="style.css?v=1774731523">
-  <link rel="stylesheet" href="home.css?v=1774731523">
-  <link rel="stylesheet" href="live.css?v=1774731523">
+  <link rel="stylesheet" href="style.css?v=1774786038">
+  <link rel="stylesheet" href="home.css?v=1774786038">
+  <link rel="stylesheet" href="live.css?v=1774786038">
   <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css"
     integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY="
     crossorigin="anonymous">
@@ -81,29 +81,29 @@
   <main id="app" role="main"></main>
 
   <script src="vendor/qrcode.js"></script>
-  <script src="roles.js?v=1774731523"></script>
-  <script src="customize.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="region-filter.js?v=1774731523"></script>
-  <script src="hop-resolver.js?v=1774731523"></script>
-  <script src="hop-display.js?v=1774731523"></script>
-  <script src="app.js?v=1774731523"></script>
-  <script src="home.js?v=1774731523"></script>
-  <script src="packet-filter.js?v=1774731523"></script>
-  <script src="packets.js?v=1774731523"></script>
-  <script src="map.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="channels.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="nodes.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="traces.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="analytics.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="audio.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="audio-v1-constellation.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="audio-v2-constellation.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="audio-lab.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="live.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="observers.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="observer-detail.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="compare.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="node-analytics.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
-  <script src="perf.js?v=1774731523" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="roles.js?v=1774786038"></script>
+  <script src="customize.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="region-filter.js?v=1774786038"></script>
+  <script src="hop-resolver.js?v=1774786038"></script>
+  <script src="hop-display.js?v=1774786038"></script>
+  <script src="app.js?v=1774786038"></script>
+  <script src="home.js?v=1774786038"></script>
+  <script src="packet-filter.js?v=1774786038"></script>
+  <script src="packets.js?v=1774786038"></script>
+  <script src="map.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="channels.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="nodes.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="traces.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="analytics.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="audio.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="audio-v1-constellation.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="audio-v2-constellation.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="audio-lab.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="live.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="observers.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="observer-detail.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="compare.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="node-analytics.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
+  <script src="perf.js?v=1774786038" onerror="console.error('Failed to load:', this.src)"></script>
 </body>
 </html>

public/packets.js

@@ -1512,14 +1512,12 @@
       rows += fieldRow(off + 1, 'Sender', decoded.sender || '—', '');
       if (decoded.sender_timestamp) rows += fieldRow(off + 2, 'Sender Time', decoded.sender_timestamp, '');
     } else if (decoded.type === 'ACK') {
-      rows += fieldRow(off, 'Dest Hash (6B)', decoded.destHash || '', '');
-      rows += fieldRow(off + 6, 'Src Hash (6B)', decoded.srcHash || '', '');
-      rows += fieldRow(off + 12, 'Extra (6B)', decoded.extraHash || '', '');
+      rows += fieldRow(off, 'Checksum (4B)', decoded.ackChecksum || '', '');
     } else if (decoded.destHash !== undefined) {
-      rows += fieldRow(off, 'Dest Hash (6B)', decoded.destHash || '', '');
-      rows += fieldRow(off + 6, 'Src Hash (6B)', decoded.srcHash || '', '');
-      rows += fieldRow(off + 12, 'MAC (4B)', decoded.mac || '', '');
-      rows += fieldRow(off + 16, 'Encrypted Data', truncate(decoded.encryptedData || '', 30), '');
+      rows += fieldRow(off, 'Dest Hash (1B)', decoded.destHash || '', '');
+      rows += fieldRow(off + 1, 'Src Hash (1B)', decoded.srcHash || '', '');
+      rows += fieldRow(off + 2, 'MAC (2B)', decoded.mac || '', '');
+      rows += fieldRow(off + 4, 'Encrypted Data', truncate(decoded.encryptedData || '', 30), '');
     } else {
       rows += fieldRow(off, 'Raw', truncate(buf.slice(off * 2), 40), '');
     }

public/perf.js

@@ -40,12 +40,12 @@
           html += `<h3>🔧 Go Runtime</h3><div style="display:flex;gap:16px;flex-wrap:wrap;margin:8px 0;">
             <div class="perf-card"><div class="perf-num">${gr.goroutines}</div><div class="perf-label">Goroutines</div></div>
             <div class="perf-card"><div class="perf-num">${gr.numGC}</div><div class="perf-label">GC Collections</div></div>
-            <div class="perf-card"><div class="perf-num" style="color:${gcColor}">${gr.pauseTotalMs}ms</div><div class="perf-label">GC Pause Total</div></div>
-            <div class="perf-card"><div class="perf-num">${gr.lastPauseMs}ms</div><div class="perf-label">Last GC Pause</div></div>
-            <div class="perf-card"><div class="perf-num">${gr.heapAllocMB}MB</div><div class="perf-label">Heap Alloc</div></div>
-            <div class="perf-card"><div class="perf-num">${gr.heapSysMB}MB</div><div class="perf-label">Heap Sys</div></div>
-            <div class="perf-card"><div class="perf-num">${gr.heapInuseMB}MB</div><div class="perf-label">Heap Inuse</div></div>
-            <div class="perf-card"><div class="perf-num">${gr.heapIdleMB}MB</div><div class="perf-label">Heap Idle</div></div>
+            <div class="perf-card"><div class="perf-num" style="color:${gcColor}">${(+gr.pauseTotalMs).toFixed(1)}ms</div><div class="perf-label">GC Pause Total</div></div>
+            <div class="perf-card"><div class="perf-num">${(+gr.lastPauseMs).toFixed(1)}ms</div><div class="perf-label">Last GC Pause</div></div>
+            <div class="perf-card"><div class="perf-num">${(+gr.heapAllocMB).toFixed(1)}MB</div><div class="perf-label">Heap Alloc</div></div>
+            <div class="perf-card"><div class="perf-num">${(+gr.heapSysMB).toFixed(1)}MB</div><div class="perf-label">Heap Sys</div></div>
+            <div class="perf-card"><div class="perf-num">${(+gr.heapInuseMB).toFixed(1)}MB</div><div class="perf-label">Heap Inuse</div></div>
+            <div class="perf-card"><div class="perf-num">${(+gr.heapIdleMB).toFixed(1)}MB</div><div class="perf-label">Heap Idle</div></div>
             <div class="perf-card"><div class="perf-num">${gr.numCPU}</div><div class="perf-label">CPUs</div></div>
             <div class="perf-card"><div class="perf-num">${health.websocket.clients}</div><div class="perf-label">WS Clients</div></div>
           </div>`;

public/style.css

@@ -155,7 +155,7 @@ a:focus-visible, button:focus-visible, input:focus-visible, select:focus-visible
 /* === Nav Stats === */
 .nav-stats {
   display: flex; gap: 12px; align-items: center; font-size: 12px; color: var(--nav-text-muted);
-  font-family: var(--mono); margin-right: 4px;
+  font-family: var(--mono); margin-right: 4px; white-space: nowrap;
 }
 .nav-stats .stat-val { color: var(--nav-text); font-weight: 600; transition: color 0.3s ease; }
 .nav-stats .stat-val.updated { color: var(--accent); }

scripts/collect-frontend-coverage.js

@@ -64,9 +64,9 @@ async function collectCoverage() {
   // ══════════════════════════════════════════════
   console.log('  [coverage] Home page — chooser...');
   // Clear localStorage to get chooser
-  await page.goto(BASE, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(BASE, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   await page.evaluate(() => localStorage.clear()).catch(() => {});
-  await page.goto(`${BASE}/#/home`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/home`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Click "I'm new"
   await safeClick('#chooseNew');
@@ -105,7 +105,7 @@ async function collectCoverage() {
 
   // Switch to experienced mode
   await page.evaluate(() => localStorage.clear()).catch(() => {});
-  await page.goto(`${BASE}/#/home`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/home`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   await safeClick('#chooseExp');
 
   // Interact with experienced home page
@@ -120,7 +120,7 @@ async function collectCoverage() {
   // NODES PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Nodes page...');
-  await page.goto(`${BASE}/#/nodes`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/nodes`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Sort by EVERY column
   for (const col of ['name', 'public_key', 'role', 'last_seen', 'advert_count']) {
@@ -168,7 +168,7 @@ async function collectCoverage() {
   try {
     const firstNodeKey = await page.$eval('#nodesBody tr td:nth-child(2)', el => el.textContent.trim());
     if (firstNodeKey) {
-      await page.goto(`${BASE}/#/nodes/${firstNodeKey}`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+      await page.goto(`${BASE}/#/nodes/${firstNodeKey}`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
       // Click tabs on detail page
       await clickAll('.tab-btn, [data-tab]', 10);
@@ -191,7 +191,7 @@ async function collectCoverage() {
   try {
     const firstKey = await page.$eval('#nodesBody tr td:nth-child(2)', el => el.textContent.trim()).catch(() => null);
     if (firstKey) {
-      await page.goto(`${BASE}/#/nodes/${firstKey}?scroll=paths`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+      await page.goto(`${BASE}/#/nodes/${firstKey}?scroll=paths`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
     }
   } catch {}
 
@@ -199,7 +199,7 @@ async function collectCoverage() {
   // PACKETS PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Packets page...');
-  await page.goto(`${BASE}/#/packets`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/packets`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Open filter bar
   await safeClick('#filterToggleBtn');
@@ -285,13 +285,13 @@ async function collectCoverage() {
   } catch {}
 
   // Navigate to specific packet by hash
-  await page.goto(`${BASE}/#/packets/deadbeef`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/packets/deadbeef`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // ══════════════════════════════════════════════
   // MAP PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Map page...');
-  await page.goto(`${BASE}/#/map`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/map`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Toggle controls panel
   await safeClick('#mapControlsToggle');
@@ -345,7 +345,7 @@ async function collectCoverage() {
   // ANALYTICS PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Analytics page...');
-  await page.goto(`${BASE}/#/analytics`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/analytics`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Click EVERY analytics tab
   const analyticsTabs = ['overview', 'rf', 'topology', 'channels', 'hashsizes', 'collisions', 'subpaths', 'nodes', 'distance'];
@@ -383,7 +383,7 @@ async function collectCoverage() {
 
   // Deep-link to each analytics tab via URL
   for (const tab of analyticsTabs) {
-    await page.goto(`${BASE}/#/analytics?tab=${tab}`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+    await page.goto(`${BASE}/#/analytics?tab=${tab}`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   }
 
   // Region filter on analytics
@@ -396,7 +396,7 @@ async function collectCoverage() {
   // CUSTOMIZE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Customizer...');
-  await page.goto(BASE, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(BASE, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   await safeClick('#customizeToggle');
 
   // Click EVERY customizer tab
@@ -503,7 +503,7 @@ async function collectCoverage() {
   // CHANNELS PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Channels page...');
-  await page.goto(`${BASE}/#/channels`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/channels`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   // Click channel rows/items
   await clickAll('.channel-item, .channel-row, .channel-card', 3);
   await clickAll('table tbody tr', 3);
@@ -512,7 +512,7 @@ async function collectCoverage() {
   try {
     const channelHash = await page.$eval('table tbody tr td:first-child', el => el.textContent.trim()).catch(() => null);
     if (channelHash) {
-      await page.goto(`${BASE}/#/channels/${channelHash}`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+      await page.goto(`${BASE}/#/channels/${channelHash}`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
     }
   } catch {}
 
@@ -520,7 +520,7 @@ async function collectCoverage() {
   // LIVE PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Live page...');
-  await page.goto(`${BASE}/#/live`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/live`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // VCR controls
   await safeClick('#vcrPauseBtn');
@@ -603,14 +603,14 @@ async function collectCoverage() {
   // TRACES PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Traces page...');
-  await page.goto(`${BASE}/#/traces`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/traces`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   await clickAll('table tbody tr', 3);
 
   // ══════════════════════════════════════════════
   // OBSERVERS PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Observers page...');
-  await page.goto(`${BASE}/#/observers`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/observers`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   // Click observer rows
   const obsRows = await page.$$('table tbody tr, .observer-card, .observer-row');
   for (let i = 0; i < Math.min(obsRows.length, 3); i++) {
@@ -631,7 +631,7 @@ async function collectCoverage() {
   // PERF PAGE
   // ══════════════════════════════════════════════
   console.log('  [coverage] Perf page...');
-  await page.goto(`${BASE}/#/perf`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/perf`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
   await safeClick('#perfRefresh');
   await safeClick('#perfReset');
 
@@ -641,14 +641,14 @@ async function collectCoverage() {
   console.log('  [coverage] App.js — router + global...');
 
   // Navigate to bad route to trigger error/404
-  await page.goto(`${BASE}/#/nonexistent-route`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+  await page.goto(`${BASE}/#/nonexistent-route`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
 
   // Navigate to every route via hash
   const allRoutes = ['home', 'nodes', 'packets', 'map', 'live', 'channels', 'traces', 'observers', 'analytics', 'perf'];
   for (const route of allRoutes) {
     try {
       await page.evaluate((r) => { location.hash = '#/' + r; }, route);
-      await page.waitForLoadState('networkidle').catch(() => {});
+      await new Promise(r => setTimeout(r, 200));
     } catch {}
   }
 
@@ -788,14 +788,14 @@ async function collectCoverage() {
   console.log('  [coverage] Region filter...');
   try {
     // Open region filter on nodes page
-    await page.goto(`${BASE}/#/nodes`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+    await page.goto(`${BASE}/#/nodes`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
     await safeClick('#nodesRegionFilter');
     await clickAll('#nodesRegionFilter input[type="checkbox"]', 3);
   } catch {}
 
   // Region filter on packets
   try {
-    await page.goto(`${BASE}/#/packets`, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
+    await page.goto(`${BASE}/#/packets`, { waitUntil: 'domcontentloaded', timeout: 10000 }).catch(() => {});
     await safeClick('#packetsRegionFilter');
     await clickAll('#packetsRegionFilter input[type="checkbox"]', 3);
   } catch {}
@@ -807,7 +807,7 @@ async function collectCoverage() {
   for (const route of allRoutes) {
     try {
       await page.evaluate((r) => { location.hash = '#/' + r; }, route);
-      await page.waitForLoadState('networkidle').catch(() => {});
+      await new Promise(r => setTimeout(r, 200));
     } catch {}
   }
 

server.js

@@ -207,6 +207,13 @@ class TTLCache {
       if (key.startsWith(prefix)) this.store.delete(key);
     }
   }
+  debouncedInvalidateBulkHealth() {
+    if (this._bulkHealthTimer) return;
+    this._bulkHealthTimer = setTimeout(() => {
+      this._bulkHealthTimer = null;
+      this.invalidate('bulk-health');
+    }, 30000);
+  }
   debouncedInvalidateAll() {
     if (this._debounceTimer) return;
     this._debounceTimer = setTimeout(() => {
@@ -410,7 +417,7 @@ app.get('/api/perf', (req, res) => {
     avgMs: perfStats.requests ? Math.round(perfStats.totalMs / perfStats.requests * 10) / 10 : 0,
     endpoints: Object.fromEntries(sorted),
     slowQueries: perfStats.slowQueries.slice(-20),
-    cache: { size: cache.size, hits: cache.hits, misses: cache.misses, staleHits: cache.staleHits, recomputes: cache.recomputes, hitRate: cache.hits + cache.misses > 0 ? Math.round(cache.hits / (cache.hits + cache.misses) * 1000) / 10 : 0 },
+    cache: { size: cache.size, hits: cache.hits, misses: cache.misses, staleHits: cache.staleHits, recomputes: cache.recomputes, hitRate: cache.hits + cache.staleHits + cache.misses > 0 ? Math.round((cache.hits + cache.staleHits) / (cache.hits + cache.staleHits + cache.misses) * 1000) / 10 : 0 },
     packetStore: pktStore.getStats(),
     sqlite: (() => {
       try {
@@ -519,7 +526,7 @@ app.get('/api/health', (req, res) => {
       misses: cache.misses,
       staleHits: cache.staleHits,
       recomputes: cache.recomputes,
-      hitRate: cache.hits + cache.misses > 0 ? Math.round(cache.hits / (cache.hits + cache.misses) * 1000) / 10 : 0,
+      hitRate: cache.hits + cache.staleHits + cache.misses > 0 ? Math.round((cache.hits + cache.staleHits) / (cache.hits + cache.staleHits + cache.misses) * 1000) / 10 : 0,
     },
     websocket: {
       clients: wsClients,
@@ -723,7 +730,7 @@ for (const source of mqttSources) {
             // Invalidate this node's caches on advert
             cache.invalidate('node:' + p.pubKey);
             cache.invalidate('health:' + p.pubKey);
-            cache.invalidate('bulk-health');
+            cache.debouncedInvalidateBulkHealth();
 
             // Cross-reference: if this node's pubkey matches an existing observer, backfill observer name
             if (p.name && p.pubKey) {

test-decoder-spec.js

@@ -122,13 +122,14 @@ console.log('── Spec Tests: Transport Codes ──');
 
 {
   // Route type 0 (TRANSPORT_FLOOD) and 3 (TRANSPORT_DIRECT) should have 4-byte transport codes
-  // Route type 0: header byte = 0bPPPPPP00, e.g. 0x14 = payloadType 5 (GRP_TXT), routeType 0
-  const hex = '1400' + 'AABB' + 'CCDD' + '1A' + '00'.repeat(10); // transport codes + GRP_TXT payload
+  // Route type 0: header=0x14 = payloadType 5 (GRP_TXT), routeType 0 (TRANSPORT_FLOOD)
+  // Format: header(1) + transportCodes(4) + pathByte(1) + payload
+  const hex = '14' + 'AABB' + 'CCDD' + '00' + '1A' + '00'.repeat(10); // transport codes + pathByte + GRP_TXT payload
   const p = decodePacket(hex);
   assertEq(p.header.routeType, 0, 'transport: routeType=0 (TRANSPORT_FLOOD)');
   assert(p.transportCodes !== null, 'transport: transportCodes present for TRANSPORT_FLOOD');
-  assertEq(p.transportCodes.nextHop, 'AABB', 'transport: nextHop');
-  assertEq(p.transportCodes.lastHop, 'CCDD', 'transport: lastHop');
+  assertEq(p.transportCodes.code1, 'AABB', 'transport: code1');
+  assertEq(p.transportCodes.code2, 'CCDD', 'transport: code2');
 }
 
 {
@@ -257,13 +258,13 @@ console.log('── Spec Tests: Advert Payload ──');
 
 console.log('── Spec Tests: Encrypted Payload Format ──');
 
-// NOTE: Spec says v1 encrypted payloads have dest(1) + src(1) + MAC(2) + ciphertext
-// But decoder reads dest(6) + src(6) + MAC(4) + ciphertext
-// This is a known discrepancy — the decoder matches production behavior, not the spec.
-// The spec may describe the firmware's internal addressing while the OTA format differs,
-// or the decoder may be parsing the fields differently. Production data validates the decoder.
+// Spec says v1 encrypted payloads: dest(1)+src(1)+MAC(2)+cipher — decoder matches this.
 {
-  note('Spec says v1 encrypted payloads: dest(1)+src(1)+MAC(2)+cipher, but decoder reads dest(6)+src(6)+MAC(4)+cipher — decoder matches prod data');
+  const hex = '0100' + 'AA' + 'BB' + 'CCDD' + '00'.repeat(10);
+  const p = decodePacket(hex);
+  assertEq(p.payload.destHash, 'aa', 'encrypted payload: dest is 1 byte');
+  assertEq(p.payload.srcHash, 'bb', 'encrypted payload: src is 1 byte');
+  assertEq(p.payload.mac, 'ccdd', 'encrypted payload: MAC is 2 bytes');
 }
 
 console.log('── Spec Tests: validateAdvert ──');

test-decoder.js

@@ -28,22 +28,22 @@ test('FLOOD + ADVERT = 0x11', () => {
 });
 
 test('TRANSPORT_FLOOD = routeType 0', () => {
-  // 0x00 = TRANSPORT_FLOOD + REQ(0), needs transport codes + 16 byte payload
-  const hex = '0000' + 'AABB' + 'CCDD' + '00'.repeat(16);
+  // header=0x00 (TRANSPORT_FLOOD + REQ), transportCodes=AABB+CCDD, pathByte=0x00, payload
+  const hex = '00' + 'AABB' + 'CCDD' + '00' + '00'.repeat(16);
   const p = decodePacket(hex);
   assert.strictEqual(p.header.routeType, 0);
   assert.strictEqual(p.header.routeTypeName, 'TRANSPORT_FLOOD');
   assert.notStrictEqual(p.transportCodes, null);
-  assert.strictEqual(p.transportCodes.nextHop, 'AABB');
-  assert.strictEqual(p.transportCodes.lastHop, 'CCDD');
+  assert.strictEqual(p.transportCodes.code1, 'AABB');
+  assert.strictEqual(p.transportCodes.code2, 'CCDD');
 });
 
 test('TRANSPORT_DIRECT = routeType 3', () => {
-  const hex = '0300' + '1122' + '3344' + '00'.repeat(16);
+  const hex = '03' + '1122' + '3344' + '00' + '00'.repeat(16);
   const p = decodePacket(hex);
   assert.strictEqual(p.header.routeType, 3);
   assert.strictEqual(p.header.routeTypeName, 'TRANSPORT_DIRECT');
-  assert.strictEqual(p.transportCodes.nextHop, '1122');
+  assert.strictEqual(p.transportCodes.code1, '1122');
 });
 
 test('DIRECT = routeType 2, no transport codes', () => {
@@ -358,9 +358,7 @@ test('ACK decode', () => {
   const hex = '0D00' + '00'.repeat(18);
   const p = decodePacket(hex);
   assert.strictEqual(p.payload.type, 'ACK');
-  assert(p.payload.destHash);
-  assert(p.payload.srcHash);
-  assert(p.payload.extraHash);
+  assert(p.payload.ackChecksum);
 });
 
 test('ACK too short', () => {
@@ -424,9 +422,9 @@ test('TRACE decode', () => {
   const hex = '2500' + '00'.repeat(12);
   const p = decodePacket(hex);
   assert.strictEqual(p.payload.type, 'TRACE');
-  assert.strictEqual(p.payload.flags, 0);
   assert(p.payload.tag !== undefined);
-  assert(p.payload.destHash);
+  assert(p.payload.authCode !== undefined);
+  assert.strictEqual(p.payload.flags, 0);
 });
 
 test('TRACE too short', () => {
@@ -460,16 +458,18 @@ test('Transport route too short throws', () => {
   assert.throws(() => decodePacket('0000'), /too short for transport/);
 });
 
-test('Corrupt packet #183 — path overflow capped to buffer', () => {
+test('Corrupt packet #183 — TRANSPORT_DIRECT with correct field order', () => {
   const hex = 'BBAD6797EC8751D500BF95A1A776EF580E665BCBF6A0BBE03B5E730707C53489B8C728FD3FB902397197E1263CEC21E52465362243685DBBAD6797EC8751C90A75D9FD8213155D';
   const p = decodePacket(hex);
   assert.strictEqual(p.header.routeType, 3, 'routeType should be TRANSPORT_DIRECT');
   assert.strictEqual(p.header.payloadTypeName, 'UNKNOWN');
-  // pathByte 0xAD claims 45 hops × 3 bytes = 135, but only 65 bytes available
+  // transport codes are bytes 1-4, pathByte=0x87 at byte 5
+  assert.strictEqual(p.transportCodes.code1, 'AD67');
+  assert.strictEqual(p.transportCodes.code2, '97EC');
+  // pathByte 0x87: hashSize=3, hashCount=7
   assert.strictEqual(p.path.hashSize, 3);
-  assert.strictEqual(p.path.hashCount, 21, 'hashCount capped to fit buffer');
-  assert.strictEqual(p.path.hops.length, 21);
-  assert.strictEqual(p.path.truncated, true);
+  assert.strictEqual(p.path.hashCount, 7);
+  assert.strictEqual(p.path.hops.length, 7);
   // No empty strings in hops
   assert(p.path.hops.every(h => h.length > 0), 'no empty hops');
 });

test-e2e-playwright.js

@@ -10,13 +10,21 @@ const GO_BASE = process.env.GO_BASE_URL || '';  // e.g. https://analyzer.00id.ne
 const results = [];
 
 async function test(name, fn) {
-  try {
-    await fn();
-    results.push({ name, pass: true });
-    console.log(`  \u2705 ${name}`);
-  } catch (err) {
-    results.push({ name, pass: false, error: err.message });
-    console.log(`  \u274c ${name}: ${err.message}`);
+  const MAX_RETRIES = 2;
+  for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
+    try {
+      await fn();
+      results.push({ name, pass: true });
+      console.log(`  \u2705 ${name}${attempt > 1 ? ` (retry ${attempt - 1})` : ''}`);
+      return;
+    } catch (err) {
+      if (attempt < MAX_RETRIES) {
+        console.log(`  \u26a0\ufe0f ${name}: ${err.message} (retrying...)`);
+        continue;
+      }
+      results.push({ name, pass: false, error: err.message });
+      console.log(`  \u274c ${name}: ${err.message}`);
+    }
   }
 }
 
@@ -324,7 +332,9 @@ async function run() {
 
   // Test: Packets groupByHash toggle changes view
   await test('Packets groupByHash toggle works', async () => {
-    await page.waitForSelector('table tbody tr');
+    // Fresh navigation to ensure clean state
+    await page.goto(`${BASE}/#/packets`, { waitUntil: 'domcontentloaded' });
+    await page.waitForSelector('table tbody tr', { timeout: 15000 });
     const groupBtn = await page.$('#fGroup');
     assert(groupBtn, 'Group by hash button (#fGroup) not found');
     // Check initial state (default is grouped/active)
@@ -354,10 +364,17 @@ async function run() {
   await test('Packets clicking row shows detail pane', async () => {
     // Fresh navigation to avoid stale row references from previous test
     await page.goto(`${BASE}/#/packets`, { waitUntil: 'domcontentloaded' });
+    // Wait for table rows AND initial API data to settle
     await page.waitForSelector('table tbody tr[data-action]', { timeout: 15000 });
+    await page.waitForLoadState('networkidle');
     const firstRow = await page.$('table tbody tr[data-action]');
     assert(firstRow, 'No clickable packet rows found');
-    await firstRow.click();
+    // Click the row and wait for the /packets/{hash} API response
+    const [response] = await Promise.all([
+      page.waitForResponse(resp => resp.url().includes('/packets/') && resp.status() === 200, { timeout: 15000 }),
+      firstRow.click(),
+    ]);
+    assert(response, 'API response for packet detail not received');
     await page.waitForFunction(() => {
       const panel = document.getElementById('pktRight');
       return panel && !panel.classList.contains('empty');
@@ -375,12 +392,16 @@ async function run() {
     if (!pktRight) {
       await page.goto(`${BASE}/#/packets`, { waitUntil: 'domcontentloaded' });
       await page.waitForSelector('table tbody tr[data-action]', { timeout: 15000 });
+      await page.waitForLoadState('networkidle');
     }
     const panelOpen = await page.$eval('#pktRight', el => !el.classList.contains('empty'));
     if (!panelOpen) {
       const firstRow = await page.$('table tbody tr[data-action]');
       if (!firstRow) { console.log('    ⏭️  Skipped (no clickable rows)'); return; }
-      await firstRow.click();
+      await Promise.all([
+        page.waitForResponse(resp => resp.url().includes('/packets/') && resp.status() === 200, { timeout: 15000 }),
+        firstRow.click(),
+      ]);
       await page.waitForFunction(() => {
         const panel = document.getElementById('pktRight');
         return panel && !panel.classList.contains('empty');
@@ -523,6 +544,11 @@ async function run() {
   });
 
   await test('Compare page runs comparison', async () => {
+    // Wait for dropdowns to be populated (may still be loading from previous test)
+    await page.waitForFunction(() => {
+      const selA = document.getElementById('compareObsA');
+      return selA && selA.options.length > 2;
+    }, { timeout: 10000 });
     const options = await page.$$eval('#compareObsA option', opts =>
       opts.filter(o => o.value).map(o => o.value)
     );
@@ -544,6 +570,12 @@ async function run() {
 
   // Test: Compare results show shared/unique breakdown (#129)
   await test('Compare results show shared/unique cards', async () => {
+    // Wait for comparison results to fully render (depends on previous test)
+    await page.waitForFunction(() => {
+      return document.querySelector('.compare-card-both') &&
+             document.querySelector('.compare-card-a') &&
+             document.querySelector('.compare-card-b');
+    }, { timeout: 10000 });
     // Results should be visible from previous test
     const cardBoth = await page.$('.compare-card-both');
     assert(cardBoth, 'Should have "shared" card (.compare-card-both)');
@@ -566,6 +598,11 @@ async function run() {
 
   // Test: Compare "both" tab shows table with shared packets
   await test('Compare both tab shows shared packets table', async () => {
+    // Ensure compare results are present
+    await page.waitForFunction(() => {
+      const c = document.getElementById('compareContent');
+      return c && c.textContent.trim().length > 20;
+    }, { timeout: 10000 });
     const bothTab = await page.$('[data-cview="both"]');
     assert(bothTab, '"both" tab button not found');
     await bothTab.click();
@@ -789,7 +826,11 @@ async function run() {
     // Check for summary stats
     const summary = await page.$('.obs-summary');
     assert(summary, 'Observer summary stats not found');
-    // Verify table has rows
+    // Wait for table rows to populate
+    await page.waitForFunction(() => {
+      const rows = document.querySelectorAll('#obsTable tbody tr');
+      return rows.length > 0;
+    }, { timeout: 10000 });
     const rows = await page.$$('#obsTable tbody tr');
     assert(rows.length > 0, `Expected >=1 observer rows, got ${rows.length}`);
   });
@@ -909,6 +950,19 @@ async function run() {
     assert(hexDump, 'Hex dump should be visible after selecting a packet');
   });
 
+  // Extract frontend coverage if instrumented server is running
+  try {
+    const coverage = await page.evaluate(() => window.__coverage__);
+    if (coverage) {
+      const fs = require('fs');
+      const path = require('path');
+      const outDir = path.join(__dirname, '.nyc_output');
+      if (!fs.existsSync(outDir)) fs.mkdirSync(outDir, { recursive: true });
+      fs.writeFileSync(path.join(outDir, 'e2e-coverage.json'), JSON.stringify(coverage));
+      console.log(`Frontend coverage from E2E: ${Object.keys(coverage).length} files`);
+    }
+  } catch {}
+
   await browser.close();
 
   // Summary

test-frontend-helpers.js

@@ -1322,7 +1322,7 @@ console.log('\n=== app.js: formatVersionBadge ===');
     assert.ok(result.includes('>v2.6.0</a>'), 'version text has v prefix');
     assert.ok(result.includes(`href="${GH}/commit/abc1234def5678"`), 'commit links to full hash');
     assert.ok(result.includes('>abc1234</a>'), 'commit display is truncated to 7');
-    assert.ok(result.includes('[node]'), 'should show engine');
+    assert.ok(result.includes('engine-badge'), 'should show engine badge'); assert.ok(result.includes('>node<'), 'should show engine name');
   });
   test('prod port 80: shows version', () => {
     const { formatVersionBadge } = makeBadgeSandbox('80');
@@ -1348,7 +1348,7 @@ console.log('\n=== app.js: formatVersionBadge ===');
     assert.ok(!result.includes('v2.6.0'), 'staging should NOT show version');
     assert.ok(result.includes('>abc1234</a>'), 'should show commit hash');
     assert.ok(result.includes(`href="${GH}/commit/abc1234def5678"`), 'commit is linked');
-    assert.ok(result.includes('[go]'), 'should show engine');
+    assert.ok(result.includes('engine-badge'), 'should show engine badge'); assert.ok(result.includes('>go<'), 'should show engine name');
   });
   test('staging port 81: hides version', () => {
     const { formatVersionBadge } = makeBadgeSandbox('81');
@@ -1369,18 +1369,18 @@ console.log('\n=== app.js: formatVersionBadge ===');
     const result = formatVersionBadge('2.6.0', 'unknown', 'node');
     assert.ok(result.includes('>v2.6.0</a>'), 'should show version');
     assert.ok(!result.includes('unknown'), 'should not show unknown commit');
-    assert.ok(result.includes('[node]'), 'should show engine');
+    assert.ok(result.includes('engine-badge'), 'should show engine badge'); assert.ok(result.includes('>node<'), 'should show engine name');
   });
   test('skips commit when missing', () => {
     const { formatVersionBadge } = makeBadgeSandbox('');
     const result = formatVersionBadge('2.6.0', null, 'go');
     assert.ok(result.includes('>v2.6.0</a>'), 'should show version');
-    assert.ok(result.includes('[go]'), 'should show engine');
+    assert.ok(result.includes('engine-badge'), 'should show engine badge'); assert.ok(result.includes('>go<'), 'should show engine name');
   });
   test('shows only engine when version/commit missing', () => {
     const { formatVersionBadge } = makeBadgeSandbox('3000');
     const result = formatVersionBadge(null, null, 'go');
-    assert.ok(result.includes('[go]'), 'should show engine');
+    assert.ok(result.includes('engine-badge'), 'should show engine badge'); assert.ok(result.includes('>go<'), 'should show engine name');
     assert.ok(result.includes('version-badge'), 'should use version-badge class');
   });
   test('short commit not truncated in display', () => {
@@ -1398,7 +1398,7 @@ console.log('\n=== app.js: formatVersionBadge ===');
     const { formatVersionBadge } = makeBadgeSandbox('8080');
     const result = formatVersionBadge('2.6.0', null, 'go');
     assert.ok(!result.includes('2.6.0'), 'no version on staging');
-    assert.ok(result.includes('[go]'), 'engine shown');
+    assert.ok(result.includes('engine-badge'), 'engine badge shown'); assert.ok(result.includes('>go<'), 'engine name shown');
   });
 }
 

test-server-routes.js

@@ -1254,6 +1254,24 @@ seedTestData();
     lastPathSeenMap.delete(liveNode);
   });
 
+  // ── Cache hit rate includes stale hits ──
+  await t('Cache hitRate includes staleHits in formula', async () => {
+    cache.clear();
+    cache.hits = 0;
+    cache.misses = 0;
+    cache.staleHits = 0;
+    // Simulate: 3 hits, 2 stale hits, 5 misses => rate = (3+2)/(3+2+5) = 50%
+    cache.hits = 3;
+    cache.staleHits = 2;
+    cache.misses = 5;
+    const r = await request(app).get('/api/health').expect(200);
+    assert(r.body.cache.hitRate === 50, 'hitRate should be (hits+staleHits)/(hits+staleHits+misses) = 50%, got ' + r.body.cache.hitRate);
+    // Reset
+    cache.hits = 0;
+    cache.misses = 0;
+    cache.staleHits = 0;
+  });
+
   // ── Summary ──
   console.log(`\n═══ Server Route Tests: ${passed} passed, ${failed} failed ═══`);
   if (failed > 0) process.exit(1);

tools/seed-test-data.js

@@ -0,0 +1,228 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Seed synthetic test data into a running CoreScope server.
+ * Usage: node tools/seed-test-data.js [baseUrl]
+ * Default: http://localhost:13581
+ */
+
+const crypto = require('crypto');
+
+const BASE = process.argv[2] || process.env.BASE_URL || 'http://localhost:13581';
+
+const OBSERVERS = [
+  { id: 'E2E-SJC-1', iata: 'SJC' },
+  { id: 'E2E-SFO-2', iata: 'SFO' },
+  { id: 'E2E-OAK-3', iata: 'OAK' },
+];
+
+const NODE_NAMES = [
+  'TestNode Alpha', 'TestNode Beta', 'TestNode Gamma', 'TestNode Delta',
+  'TestNode Epsilon', 'TestNode Zeta', 'TestNode Eta', 'TestNode Theta',
+];
+
+function rand(a, b) { return Math.random() * (b - a) + a; }
+function randInt(a, b) { return Math.floor(rand(a, b + 1)); }
+function pick(a) { return a[randInt(0, a.length - 1)]; }
+function randomBytes(n) { return crypto.randomBytes(n); }
+function pubkeyFor(name) { return crypto.createHash('sha256').update(name).digest(); }
+
+function encodeHeader(routeType, payloadType, ver = 0) {
+  return (routeType & 0x03) | ((payloadType & 0x0F) << 2) | ((ver & 0x03) << 6);
+}
+
+function buildPath(hopCount, hashSize = 2) {
+  const pathByte = ((hashSize - 1) << 6) | (hopCount & 0x3F);
+  const hops = crypto.randomBytes(hashSize * hopCount);
+  return { pathByte, hops };
+}
+
+function buildAdvert(name, role) {
+  const pubKey = pubkeyFor(name);
+  const ts = Buffer.alloc(4); ts.writeUInt32LE(Math.floor(Date.now() / 1000));
+  const sig = randomBytes(64);
+  let flags = 0x80 | 0x10; // hasName + hasLocation
+  if (role === 'repeater') flags |= 0x02;
+  else if (role === 'room') flags |= 0x04;
+  else if (role === 'sensor') flags |= 0x08;
+  else flags |= 0x01;
+  const nameBuf = Buffer.from(name, 'utf8');
+  const appdata = Buffer.alloc(9 + nameBuf.length);
+  appdata[0] = flags;
+  appdata.writeInt32LE(Math.round(37.34 * 1e6), 1);
+  appdata.writeInt32LE(Math.round(-121.89 * 1e6), 5);
+  nameBuf.copy(appdata, 9);
+  const payload = Buffer.concat([pubKey, ts, sig, appdata]);
+  const header = encodeHeader(1, 0x04, 0); // FLOOD + ADVERT
+  const { pathByte, hops } = buildPath(randInt(0, 3));
+  return Buffer.concat([Buffer.from([header, pathByte]), hops, payload]);
+}
+
+function buildGrpTxt(channelHash = 0) {
+  const mac = randomBytes(2);
+  const enc = randomBytes(randInt(10, 40));
+  const payload = Buffer.concat([Buffer.from([channelHash]), mac, enc]);
+  const header = encodeHeader(1, 0x05, 0); // FLOOD + GRP_TXT
+  const { pathByte, hops } = buildPath(randInt(0, 3));
+  return Buffer.concat([Buffer.from([header, pathByte]), hops, payload]);
+}
+
+/**
+ * Build a properly encrypted GRP_TXT packet that decrypts to a CHAN message.
+ * Uses #LongFast channel key from channel-rainbow.json.
+ */
+function buildEncryptedGrpTxt(sender, message) {
+  try {
+    const CryptoJS = require('crypto-js');
+    const { ChannelCrypto } = require('@michaelhart/meshcore-decoder/dist/crypto/channel-crypto');
+
+    const channelKey = '2cc3d22840e086105ad73443da2cacb8'; // #LongFast
+    const text = `${sender}: ${message}`;
+    const buf = Buffer.alloc(5 + text.length + 1);
+    buf.writeUInt32LE(Math.floor(Date.now() / 1000), 0);
+    buf[4] = 0;
+    buf.write(text + '\0', 5, 'utf8');
+
+    const padded = Buffer.alloc(Math.ceil(buf.length / 16) * 16);
+    buf.copy(padded);
+
+    const keyWords = CryptoJS.enc.Hex.parse(channelKey);
+    const plaintextWords = CryptoJS.enc.Hex.parse(padded.toString('hex'));
+    const encrypted = CryptoJS.AES.encrypt(plaintextWords, keyWords, {
+      mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.NoPadding
+    });
+    const cipherHex = encrypted.ciphertext.toString(CryptoJS.enc.Hex);
+
+    const channelSecret = Buffer.alloc(32);
+    Buffer.from(channelKey, 'hex').copy(channelSecret);
+    const mac = CryptoJS.HmacSHA256(
+      CryptoJS.enc.Hex.parse(cipherHex),
+      CryptoJS.enc.Hex.parse(channelSecret.toString('hex'))
+    );
+    const macHex = mac.toString(CryptoJS.enc.Hex).substring(0, 4);
+
+    const chHash = ChannelCrypto.calculateChannelHash('#LongFast');
+    const grpPayload = Buffer.from(
+      chHash.toString(16).padStart(2, '0') + macHex + cipherHex, 'hex'
+    );
+
+    const header = encodeHeader(1, 0x05, 0);
+    const { pathByte, hops } = buildPath(randInt(0, 2));
+    return Buffer.concat([Buffer.from([header, pathByte]), hops, grpPayload]);
+  } catch (e) {
+    // Fallback to unencrypted if crypto libs unavailable
+    return buildGrpTxt(0);
+  }
+}
+
+function buildAck() {
+  const payload = randomBytes(18);
+  const header = encodeHeader(2, 0x03, 0);
+  const { pathByte, hops } = buildPath(randInt(0, 2));
+  return Buffer.concat([Buffer.from([header, pathByte]), hops, payload]);
+}
+
+function buildTxtMsg() {
+  const payload = Buffer.concat([randomBytes(6), randomBytes(6), randomBytes(4), randomBytes(20)]);
+  const header = encodeHeader(2, 0x02, 0);
+  const { pathByte, hops } = buildPath(randInt(0, 2));
+  return Buffer.concat([Buffer.from([header, pathByte]), hops, payload]);
+}
+
+function computeContentHash(hex) {
+  return crypto.createHash('sha256').update(hex.toUpperCase()).digest('hex').substring(0, 16);
+}
+
+async function post(path, body) {
+  const r = await fetch(`${BASE}${path}`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+  return { status: r.status, data: await r.json() };
+}
+
+async function main() {
+  console.log(`Seeding test data into ${BASE}...`);
+
+  const packets = [];
+
+  // 1. ADVERTs for each node (creates nodes with location for map)
+  const roles = ['repeater', 'repeater', 'room', 'companion', 'repeater', 'companion', 'sensor', 'repeater'];
+  for (let i = 0; i < NODE_NAMES.length; i++) {
+    const obs = pick(OBSERVERS);
+    const hex = buildAdvert(NODE_NAMES[i], roles[i]).toString('hex').toUpperCase();
+    const hash = computeContentHash(hex);
+    packets.push({ hex, observer: obs.id, region: obs.iata, hash, snr: 5.0, rssi: -80 });
+    // Send same advert from multiple observers for compare page
+    for (const otherObs of OBSERVERS) {
+      if (otherObs.id !== obs.id) {
+        packets.push({ hex, observer: otherObs.id, region: otherObs.iata, hash, snr: rand(-2, 10), rssi: rand(-110, -60) });
+      }
+    }
+  }
+
+  // 2. Encrypted GRP_TXT packets (creates channel messages for channels page)
+  const chatMessages = [
+    ['Alice', 'Hello everyone!'], ['Bob', 'Hey Alice!'], ['Charlie', 'Good morning'],
+    ['Alice', 'How is the mesh today?'], ['Bob', 'Looking great, 8 nodes online'],
+    ['Charlie', 'I just set up a new repeater'], ['Alice', 'Nice! Where is it?'],
+    ['Bob', 'Signal looks strong from here'], ['Charlie', 'On top of the hill'],
+    ['Alice', 'Perfect location!'],
+  ];
+  for (const [sender, message] of chatMessages) {
+    const obs = pick(OBSERVERS);
+    const hex = buildEncryptedGrpTxt(sender, message).toString('hex').toUpperCase();
+    const hash = computeContentHash(hex);
+    packets.push({ hex, observer: obs.id, region: obs.iata, hash, snr: rand(-2, 10), rssi: rand(-110, -60) });
+  }
+
+  // 3. Unencrypted GRP_TXT packets (won't create channel entries but add packet variety)
+  for (let i = 0; i < 10; i++) {
+    const obs = pick(OBSERVERS);
+    const hex = buildGrpTxt(randInt(0, 3)).toString('hex').toUpperCase();
+    const hash = computeContentHash(hex);
+    packets.push({ hex, observer: obs.id, region: obs.iata, hash, snr: rand(-2, 10), rssi: rand(-110, -60) });
+  }
+
+  // 3. ACK packets
+  for (let i = 0; i < 15; i++) {
+    const obs = pick(OBSERVERS);
+    const hex = buildAck().toString('hex').toUpperCase();
+    const hash = computeContentHash(hex);
+    packets.push({ hex, observer: obs.id, region: obs.iata, hash, snr: rand(-2, 10), rssi: rand(-110, -60) });
+  }
+
+  // 4. TXT_MSG packets
+  for (let i = 0; i < 15; i++) {
+    const obs = pick(OBSERVERS);
+    const hex = buildTxtMsg().toString('hex').toUpperCase();
+    const hash = computeContentHash(hex);
+    packets.push({ hex, observer: obs.id, region: obs.iata, hash, snr: rand(-2, 10), rssi: rand(-110, -60) });
+  }
+
+  // 5. Extra packets with shared hashes (for trace/compare)
+  for (let t = 0; t < 5; t++) {
+    const hex = buildGrpTxt(0).toString('hex').toUpperCase();
+    const traceHash = computeContentHash(hex);
+    for (const obs of OBSERVERS) {
+      packets.push({ hex, observer: obs.id, region: obs.iata, hash: traceHash, snr: 5, rssi: -80 });
+    }
+  }
+
+  console.log(`Injecting ${packets.length} packets...`);
+  let ok = 0, fail = 0;
+  for (const pkt of packets) {
+    const r = await post('/api/packets', pkt);
+    if (r.status === 200) ok++;
+    else { fail++; if (fail <= 3) console.error('  Inject fail:', r.data); }
+  }
+  console.log(`Done: ${ok} ok, ${fail} fail`);
+
+  if (fail > 0) {
+    process.exit(1);
+  }
+}
+
+main().catch(err => { console.error(err); process.exit(1); });