Add SSRF host validation to maintenance.py send_nightly_email and
scheduler.py send_zombie_alert_email using validate_external_url().
New allow_local_smtp config key permits private-IP SMTP for local
relay setups.
Add sanitize_name() to security_utils and apply it to all log calls
in message_handler, repeater_manager, path_command, solarforecast_command,
command_manager, and discord_bridge_service to prevent log injection.
Move nightly email logic from duplicate scheduler._send_nightly_email()
into the canonical maintenance.py implementation, removing the duplicate.
Update tests to call maintenance.send_nightly_email() directly.
Add validate_external_url allow_private parameter with support for
loopback, RFC1918, CGN, and link-local address ranges.
- Increased the per-user rate limit from 5 to 30 seconds across multiple configuration files to reduce response frequency.
- Added the version command to the configuration examples and updated help text to include the new command.
- Refactored version information retrieval in the bot and web viewer to utilize a shared runtime resolver for consistency.
- Improved documentation in README.md to reflect changes in commands and configuration options.
- Updated type hints to use `|` for union types instead of `Optional` where applicable, enhancing readability and consistency.
- Cleaned up import statements by removing unnecessary imports and organizing them for better clarity.
- Adjusted function signatures in various modules to reflect the new type hinting style, improving type safety and code maintainability.
These changes contribute to a more modern and consistent codebase, aligning with current Python typing practices.
Resolve conflicts by combining v0.9 integration work with dev-only behavior:
- Keep channel_responses_enabled, greeter pause checks, and max_response_hops gating
- Retain TRACE/repeat handling, MQTT weather, temperature format helpers, and feed tooling
- Unify package-data globs, ruff/mypy/pytest config, Rate_Limits/Webhook in config example
- Web viewer: config panels + X-Requested-With on channel API; drop redundant DBManager import
Made-with: Cursor
- Added new configuration options in `config.ini.example` for enabling and configuring MQTT weather sources.
- Updated `WxCommand` and `GlobalWxCommand` classes to retrieve weather data from custom MQTT topics, enhancing flexibility in weather data sources.
- Introduced error handling for MQTT data retrieval, ensuring robust responses for various error scenarios.
- Expanded translation strings in `en.json` to support MQTT-related messages, improving user feedback.
These changes enhance the application's capability to utilize MQTT for weather data, providing users with more options for weather information retrieval.
- Updated `update_mesh_graph_from_trace_data` to clarify the format of `path_hashes` as per-hop hash strings from the trace payload.
- Modified `MessageHandler` to differentiate between TRACE packets and regular transmissions, preventing incorrect extraction of repeater prefixes from RF path bytes.
- Introduced `parse_trace_payload_route_hashes` utility to extract TRACE route hash segments from payloads, ensuring accurate handling of path data.
- Enhanced `PacketCaptureService` to correctly populate packet information for TRACE packets, including SNR path and route hashes.
- Expanded test coverage for TRACE payload decoding and path extraction to validate functionality and correctness.
These changes improve the accuracy and reliability of TRACE data processing in the application.
- Added new configuration options in `config.ini.example` for customizing the display of daily high/low temperatures.
- Introduced `format_temperature_high_low` function in `utils.py` to format temperature strings based on user-defined templates.
- Updated `WxCommand`, `GlobalWxCommand`, and `WeatherService` classes to utilize the new formatting function, enhancing the presentation of temperature data in weather forecasts.
- Refactored existing high/low temperature handling to improve code clarity and maintainability.
These changes enhance the flexibility and readability of temperature displays in weather-related outputs.
- Introduced a new configuration option for selecting Open-Meteo models in `config.ini.example`, allowing users to specify a model or default to "best_match".
- Implemented `_load_weather_model` method in `GlobalWxCommand` and `WeatherService` classes to handle model selection logic, including validation and fallback mechanisms.
- Updated API request parameters to include the selected weather model when available, enhancing the flexibility of weather data retrieval.
These changes improve the customization of weather data requests and ensure robust handling of model selection in the application.
- Added a regex pattern to validate SQLite column definitions, preventing SQL injection in the _add_column() function.
- Introduced a new validation function to ensure safe column definitions are used.
- Updated repeater_manager.py to use list() for iterating over contacts, ensuring compatibility with potential changes in the underlying data structure.
- Enhanced error handling in the MessageScheduler for better debugging during scheduler shutdown and message sending.
These changes improve the security and reliability of database operations and enhance the robustness of the repeater management system.
- Introduced an asyncio lock to serialize deduplication checks and updates to seen adverts, preventing race conditions during concurrent advert processing.
- Enhanced replay attack detection by ensuring deduplication state is consistent across await boundaries.
- Improved logging for duplicate advert uploads and invalid coordinate handling, providing clearer feedback on advert processing outcomes.
These changes enhance the reliability and integrity of advert uploads in the MapUploaderService.
- Added a new configuration option `condense_paths` in `config.ini.example` to control path formatting.
- Enhanced `MultitestCommand` to condense output paths using shared prefixes and tree branches when `condense_paths` is enabled.
- Introduced utility functions for path processing, including `_condense_path_lines` and `_path_to_tokens`.
- Updated tests to validate the new path condensing functionality and configuration behavior.
- Removed MQTT configuration from `config.ini.example` to streamline settings.
- Added new section for Repeater Prefix Collision Service in `config.ini.example`, including options for enabling notifications, alert channels, and prefix handling.
- Updated `service-plugins.md` to include documentation for the new Repeater Prefix Collision Service, enhancing user awareness of available plugins.
- Added today's high and low temperatures to the weather forecast output, improving clarity for users.
- Updated formatting to include labels for high and low temperatures, ensuring better readability of the forecast information.
- Removed MQTT configuration from `config.ini.example` to streamline settings.
- Added new section for Repeater Prefix Collision Service in `config.ini.example`, including options for enabling notifications, alert channels, and prefix handling.
- Updated `service-plugins.md` to include documentation for the new Repeater Prefix Collision Service, enhancing user awareness of available plugins.
- Added today's high and low temperatures to the weather forecast output, improving clarity for users.
- Updated formatting to include labels for high and low temperatures, ensuring better readability of the forecast information.
- Added configuration options for URL shortening in `config.ini.example` and updated documentation in `FEEDS.md`.
- Enhanced `FeedManager` to support URL shortening based on new settings, allowing for both global and per-link shortening.
- Refactored message formatting logic to incorporate URL shortening features, ensuring compatibility with existing link handling.
- Introduced new utility functions for encoding path length bytes in `utils.py`, improving path management in message handling.
- Added unit tests to validate the new URL shortening functionality and ensure proper behavior under various conditions.
- Added configuration options for URL shortening in `config.ini.example` and updated documentation in `FEEDS.md`.
- Enhanced `FeedManager` to support URL shortening based on new settings, allowing for both global and per-link shortening.
- Refactored message formatting logic to incorporate URL shortening features, ensuring compatibility with existing link handling.
- Introduced new utility functions for encoding path length bytes in `utils.py`, improving path management in message handling.
- Added unit tests to validate the new URL shortening functionality and ensure proper behavior under various conditions.
- Updated the `resolve_path` function in `utils.py` to clarify behavior regarding absolute paths.
- Changed type hints in `discord_bridge_service.py` for better clarity and consistency.
- Removed unused imports and unnecessary comments in various test files to improve code cleanliness and readability.
- Updated config.ini.example and discord-bridge.md to reflect the ability to fan out a single MeshCore channel to multiple Discord servers using a comma- or whitespace-separated list of webhook URLs.
- Modified DiscordBridgeService to handle multiple webhooks per channel, including validation and logging improvements for better monitoring of configured webhooks.
BUG-001: web viewer login/session auth (in web viewer commit)
BUG-002: db_manager ALTER TABLE for missing channel_operations and
feed_message_queue columns on startup
BUG-015: scheduler thread blocked on future.result(); replaced all
blocking waits with add_done_callback (fire-and-forget)
BUG-016: reboot_radio sends meshcore.commands.reboot() before disconnect
BUG-017: radio disconnect uses asyncio.wait_for(timeout=10)
BUG-022: custom asyncio loop exception handler suppresses IndexError
from meshcore parser at DEBUG level
BUG-024: last_db_backup_run updated after each run; 2-min startup
window; last-run seeded from DB on restart
BUG-025: send_channel_message retries up to 2 times (2s delay) on
no_event_received via _is_no_event_received() helper
BUG-026: split_text_into_chunks() and get_max_message_length() added
to CommandManager; keyword dispatch uses send_response_chunked()
BUG-028: byte_data = b"" initialised before try block in
decode_meshcore_packet to prevent UnboundLocalError in except handler
TraceCommand: path nodes reversed and return path truncated; fixed
format_elapsed_display: UTC normalisation before elapsed computation (#75)
RepeaterManager: auto_manage_contacts guard before any purge logic (#50)
Command aliases: [Aliases] config section injects shorthands at startup
JSON logging: _JsonFormatter; json_logging = true in [Logging]
Structured JSON logging compatible with Loki, Elasticsearch, Splunk
Discord bridge, Telegram bridge, and all service plugins updated
MeshGraph edge promotion logic corrected
Shutdown: scheduler and meshcore disconnect joined cleanly; log spam fixed
All modules: ruff and mypy cleanup applied (type annotations, imports)
Add POST /webhook endpoint to the web viewer. Authenticated via
Authorization: Bearer <token> set in [Webhook] config section. Relays
JSON or text payload to a configured MeshCore channel or user DM.
- Updated config.ini.example and discord-bridge.md to reflect the ability to fan out a single MeshCore channel to multiple Discord servers using a comma- or whitespace-separated list of webhook URLs.
- Modified DiscordBridgeService to handle multiple webhooks per channel, including validation and logging improvements for better monitoring of configured webhooks.
- Changed the default IATA code from 'LOC' to 'XYZ' in `config.ini.example` and `packet-capture.md` to reflect updated routing requirements.
- Updated the `PacketCaptureService` to use 'XYZ' as the fallback IATA code, ensuring consistency across the application.
- Added configuration options to bridge the bot's own channel responses to Discord and Telegram, allowing command replies to be sent to respective channels.
- Updated `DiscordBridgeService` and `TelegramBridgeService` to register listeners for bot-sent messages, ensuring they are included in the bridging process.
- Enhanced `CommandManager` to invoke listeners with a synthetic event when a message is successfully sent, providing context about the message.
- Updated `config.ini.example` to reflect the new `bridge_bot_responses` option for both services.
- Added tests to verify the correct invocation of listeners upon successful message sending.
- Introduced `filter_profanity` configuration option in `config.ini.example` to handle profanity in bridged messages: options include `drop` (default), `censor`, or `off`.
- Updated `requirements.txt` to include `better-profanity` for profanity filtering functionality.
- Enhanced `DiscordBridgeService` and `TelegramBridgeService` to implement the profanity filter logic, allowing messages with profanity to be dropped or censored before bridging.
- Updated documentation in `discord-bridge.md` and `telegram-bridge.md` to reflect the new profanity handling feature.
- Introduced a new utility function `decode_path_len_byte` to decode RF packet path length bytes, supporting both legacy and multi-byte paths.
- Updated various modules to utilize the new decoding logic, ensuring compatibility with configured prefix lengths.
- Modified database schemas to include `bytes_per_hop` and `out_bytes_per_hop` columns for better path management.
- Enhanced path parsing and validation across commands and services to accommodate variable prefix lengths.
- Improved logging and error handling for path-related operations, ensuring robustness during transitions.
- Introduced `[Earthquake_Service]` section in `config.ini.example` to enable earthquake alerts with customizable parameters such as polling interval, time window, and minimum magnitude.
- Updated `service-plugins.md` to include documentation for the new Earthquake Service, detailing its functionality and default settings.
- Updated packet logging to indicate whether packets are captured or skipped based on filtering criteria.
- Modified the `publish_packet_mqtt` method to return additional metrics, including a flag for packets skipped due to type filtering.
- Improved clarity in logging and metrics to aid in diagnosing packet handling behavior.
- Introduced new configuration options for specifying packet types to upload in `config.ini.example`.
- Enhanced `PacketCaptureService` to parse and apply these settings, allowing for selective packet type uploads based on user-defined criteria.
- Improved logging to provide feedback when packets are skipped due to type filtering.
- Updated logging setup to use default values when the [Logging] section is missing, ensuring consistent behavior.
- Improved handling of colored output and log file configuration based on the presence of the [Logging] section across multiple modules.
- Refactored related code in core and service plugins for better clarity and maintainability.
- Updated the logging level for captured packets to DEBUG to reduce verbosity in service lifecycle logs.
- Maintained detailed packet information output for debugging purposes while ensuring INFO level is reserved for lifecycle events.
- Added a new configuration option for service restart backoff timing in config.ini.example.
- Enhanced the MeshCoreBot class to track service health and manage restarts for unhealthy services.
- Introduced a new method for service health checks in the BaseServicePlugin class, allowing for custom health validation in subclasses.
- Updated the PacketCaptureService to include specific health check logic based on connection status.
- Introduced a QueuedMessage dataclass to manage messages queued for posting to Discord.
- Added a background task to process message queues, handling rate limits and retries.
- Updated message posting methods to support queuing and retry logic, ensuring robust message delivery.
- Implemented proactive rate limiting to prevent exceeding Discord's message limits.
- Added deep copy of event payloads in multiple modules to avoid segmentation faults when events are freed.
- Updated the handling of payloads in ChannelManager, MessageHandler, DiscordBridgeService, MapUploaderService, and PacketCaptureService to ensure safe access to event data.
- Enhanced logging for cases where payloads are missing, improving error handling and debugging capabilities.
- Introduced a new section in `config.ini.example` for the Discord bridge service, including options for enabling the service and configuring avatar styles and channel mappings.
- Updated `README.md` to document the new Discord bridge service and its integration, enhancing the overall service plugin section with relevant details.
- Improved the link extraction logic to prioritize HTML links over CAP XML links, ensuring more user-friendly URLs are used.
- Added a new method to convert CAP XML URLs to a more readable API format, accommodating changes in the NWS alerts webpage.
- Enhanced fallback mechanisms for link retrieval to ensure reliable access to alert information.
- Introduced a mechanism to utilize the main event loop for scheduling coroutines, preventing deadlocks when the main loop is running.
- Updated the JWT renewal interval to 12 hours, with tokens now valid for 24 hours, improving token management.
- Refactored various async function calls in the MessageScheduler, WeatherService, and PacketCaptureService to ensure consistent event loop usage.
- Improved error handling and logging for scheduled tasks, enhancing robustness and maintainability.
- Simplified logger handler setup to prevent duplicates by checking if handlers already exist.
- Introduced a new method to check for MQTT availability, improving error logging when MQTT support is not available.
- Enhanced MQTT connection handling to streamline the connection process and improve logging clarity.
- Simplified database connection management by using context managers to ensure connections are properly closed.
- Enhanced error handling during MQTT client disconnection in packet capture service, logging specific exceptions.
- Updated message handling in MessageHandler to capture command data for web viewer integration, improving response tracking.
- Replaced the validate_safe_path function with a new resolve_path utility to simplify database path resolution in BotDataViewer, BotIntegration, and MapUploaderService.
- Updated the logic to ensure that both relative and absolute paths are handled correctly, enhancing the robustness of database connections.
- Improved code readability and maintainability by centralizing path resolution logic.
- Centralized placeholder handling in utils instead of individual function handlers
- Updated connection and reconnection logic in PacketCaptureService to use asyncio's run_in_executor, preventing blocking of the event loop during MQTT operations.
- Enhanced WeatherService to implement non-blocking connection and subscription handling, ensuring smoother operation and improved error logging for connection failures.
- Added configuration sections for joke and dadjoke commands in config.ini.example, allowing channel restrictions for command usage.
- Updated BaseCommand to derive configuration section names for commands, improving consistency in command management.
- Implemented channel access checks in can_execute methods for JokeCommand and DadJokeCommand to ensure commands are only executed in allowed channels.
- Improved error logging in FeedManager and MessageScheduler to include database path information for better debugging.
- Updated WxCommand to better handle period identification for tomorrow's weather, ensuring accurate retrieval of daytime and nighttime periods based on current conditions.
- Added a cleanup mechanism in MapUploaderService to manage memory usage by periodically removing old entries from seen_adverts, preventing unbounded growth and improving performance.
- Optimized packet capture service to utilize indexed lookups for faster data retrieval and ensure fallback mechanisms for backward compatibility.
Stacy Olivas