- Add verbose_results flag to store full device details in sweep results
- Add non-interactive mode (--non-interactive) to setup.sh
- Add ask_yes_no helper for interactive prompts with TTY detection
- Update reports.py to handle new results structure with fallbacks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change /tscm/playbooks to return array instead of dict
- Add id, name, category fields to each playbook for JS compatibility
- Fix tscmViewPlaybook JS to use correct field names (action/details/safety_note)
- Display when_to_escalate and documentation_required sections
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement 9 major TSCM feature enhancements:
1. Capability & Coverage Reality Panel - Exposes what sweeps can/cannot
detect based on OS, privileges, adapters, and SDR limits
2. Baseline Diff & Health - Shows changes vs baseline with health scoring
(healthy/noisy/stale) based on age and device churn
3. Per-Device Timelines - Time-bucketed observations with RSSI stability,
movement patterns, and meeting correlation
4. Whitelist/Known-Good Registry + Case Grouping - Global and per-location
device registry with case management for sweeps/threats/notes
5. Meeting-Window Summary Enhancements - Tracks devices first seen during
meetings with scoring modifiers
6. Client-Ready PDF Report + Technical Annex - Executive summary, findings
by risk tier, JSON/CSV annex export
7. WiFi Advanced Indicators - Evil twin detection, probe request tracking,
deauth burst detection (auto-disables without monitor mode)
8. Bluetooth Risk Explainability - Proximity estimates, tracker brand
explanations, human-readable risk descriptions
9. Operator Playbooks - Procedural guidance by risk level with steps,
safety notes, and documentation requirements
All features include mandatory disclaimers, preserve existing architecture,
and follow TSCM best practices (no packet capture, no surveillance claims).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Import device identity functions (get_identity_engine, ingest_ble_dict, etc.)
- Initialize and clear identity engine at sweep start
- Feed BLE observations to identity engine during Bluetooth scan
- Feed WiFi observations to identity engine during WiFi scan
- Finalize sessions and emit identity_clusters event at sweep completion
- Include identity cluster statistics in sweep results
The device identity engine provides MAC-randomization resistant detection
by clustering observations using fingerprinting, timing patterns, and
RSSI trajectory analysis.
- Add startup check in app.py for root/sudo privileges
- Show warning in terminal if not running as root
- Add running_as_root flag to TSCM devices API response
- Display privilege warning in TSCM UI when not running as root
- Show command to run with sudo in the warning
- Add CSS styling for privilege warning banner
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove requirement for sdr_device to be set before RF scanning
- Add RTL-SDR device detection check with rtl_test before scanning
- Lower signal detection threshold from -50dBm to -70dBm
- Lower noise floor threshold from 15dB to 10dB above noise
- Add rf_status event for frontend feedback when RF unavailable
- Show status message in RF panel explaining why scanning isn't working
- Add CSS styling for status messages
- Reset RF status message when sweep starts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New device_identity.py: Clusters BLE/WiFi observations into probable
physical devices using passive fingerprinting (not MAC addresses)
- Fingerprinting based on manufacturer data, service UUIDs, capabilities,
timing patterns, and RSSI trajectories
- Session tracking with automatic gap detection
- Risk indicators: stable RSSI, MAC rotation, ESP32 chipsets, audio-capable
- Full audit trail for all clustering decisions
- New ble_scanner.py: Cross-platform BLE scanning with bleak library
- Detects AirTags, Tile, SmartTags, ESP32 by manufacturer ID
- Fallback to system tools (btmgmt, hcitool, system_profiler)
- Added API endpoints for device identity clustering (/tscm/identity/*)
- Updated setup.sh with bleak dependency
- Updated documentation with TSCM features and hardware requirements
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
WiFi Scanning:
- Add 'iw' scan method as primary (sometimes works without root)
- Auto-detect wireless interface from /sys/class/net
- Better error logging for permission issues
- Fall back to iwlist if iw fails
UI Updates:
- Replace Critical/High/Medium/Low cards with new scoring model
- Now shows: High Interest (6+), Needs Review (3-5), Informational (0-2)
- Add Correlations count card
- Update counts based on device classification scores
Tracker Detection:
- Add detection for Apple AirTag (by OUI and name)
- Add detection for Tile trackers
- Add detection for Samsung SmartTag
- Add detection for ESP32/ESP8266 devices (Espressif chipset)
- Add generic chipset vendor detection
- New indicator types with appropriate scoring weights
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The bt_device event was including 'type': device.get('type') which
overwrote the SSE event type 'bt_device' with 'ble', causing the
frontend to not recognize the events.
- Rename device type field from 'type' to 'device_type' in bt_device events
- Update frontend to use device_type for display
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Restore airodump-ng check for WiFi tools
- Add /sys/class/net/*/wireless fallback for WiFi detection
- Add /sys/class/bluetooth/hci* fallback for Bluetooth detection
- Add hciconfig to Bluetooth tool checks
- Add SubprocessError to exception handling
- Multiple fallback layers ensure detection works even with partial tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add macOS-specific WiFi detection using airport utility
- Add macOS-specific Bluetooth detection using system_profiler
- Add fallback to 'iw' command on Linux when iwconfig unavailable
- Properly handle platform differences for device availability checks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Classification levels:
- Green (Informational): Known devices in baseline, expected infrastructure
- Yellow (Needs Review): Unknown BLE devices, new WiFi APs, unidentified RF
- Red (High Interest): Persistent transmitters, audio-capable BLE, trackers,
devices with repeat detections across scans
Features:
- Device history tracking for repeat detection (24-hour window)
- Audio-capable BLE detection (headphones, mics, speakers)
- Classification reasons shown under each device
- Color-coded indicators with visual styling
- Microphone badge for audio-capable BLE devices
- Emit wifi_device, bt_device, rf_signal events as devices are found
- Add frontend handlers to populate device lists in real-time
- Add RF Signals panel to TSCM dashboard
- Dashboard now updates during sweep, not just at the end
- Add _scan_rf_signals() function using rtl_power to scan:
- FM broadcast band (88-108 MHz) for potential bugs
- 315/433/868/915 MHz ISM bands
- 1.2 GHz video transmitter band
- 2.4 GHz ISM band
- Integrate RF scanning into sweep with 60-second interval
- Add display_name field for all devices with friendly names
- Update frontend to use display_name in dropdowns
- Improve scan status display: '14 WiFi | 20 BT | 3 RF' instead of '14w 20b'
- Auto-select first SDR device when available
SDRFactory.detect_devices() returns SDRDevice dataclass objects,
not dictionaries. Fixed to access attributes directly instead of
using .get() method.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /tscm/devices endpoint to list available WiFi interfaces,
Bluetooth adapters, and SDR devices
- Add _scan_wifi_networks() for actual WiFi scanning (macOS/Linux)
- Add _scan_bluetooth_devices() for actual Bluetooth scanning
- Update _run_sweep() to perform real scans with selected interfaces
- Add severity_counts tracking in progress events
- Fix frontend to correctly access device and severity data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
