Remove some global reset styles in favor of explicit border colors, restore button cursors

* moved to vite plugin for tailwind (it's recommended now)
* removed autoprefixer (v4 uses its own CSS thing now)
* postcss.config.js was used to wire up tailwind and autoprefixer, so
  it's gone
* tailwind.config.ts is gone, because v4 stores config in app.css using
  css variables
* fixed some renamed classes

.cargo/audit.toml

@@ -0,0 +1,15 @@
+[advisories]
+ignore = [
+    # RSA Marvin Attack in `rsa`, dragged in through rustcrypto (dev builds)
+    # and adb_client (USB signing only, unrelated to marvin attack which
+    # targets decryption).
+    "RUSTSEC-2023-0071",
+    # paste crate being unmaintained is not important. it's not dealing with
+    # user-input. we could get rid of this warning by disabling the image
+    # dependency in adb-client.
+    "RUSTSEC-2024-0436",
+    # rustls-webpki 0.102.8 CRL Distribution Point flaw (via rustls-rustcrypto).
+    # Only affects dev builds, production firmware uses ring-tls.
+    # TODO: Remove once rustls-rustcrypto releases a version newer than 0.0.2-alpha.
+    "RUSTSEC-2026-0049",
+]

.cargo/config.toml

@@ -1,3 +1,17 @@
+[alias]
+# Build the daemon with "firmware" profile and post-quantum TLS backend.
+# Needs an arm-linux-musleabihf cross-compiler in PATH, e.g. a toolchain
+# from https://musl.cc, or run inside messense/rust-musl-cross:armv7-musleabihf
+# (which is what CI does, see .github/workflows/main.yml).
+build-daemon-firmware = "build -p rayhunter-daemon --bin rayhunter-daemon --target armv7-unknown-linux-musleabihf --profile firmware --no-default-features --features pq-tls"
+# Build the daemon with "firmware-devel" profile and "rustcrypto" backend.
+# Works with just the Rust toolchain, and is medium-slow to build. Binaries are slightly larger.
+build-daemon-firmware-devel = "build -p rayhunter-daemon --bin rayhunter-daemon --target armv7-unknown-linux-musleabihf --profile firmware-devel"
+# Build rootshell for firmware
+build-rootshell-firmware = "build -p rootshell --bin rootshell --target armv7-unknown-linux-musleabihf --profile firmware"
+# Build rootshell for development
+build-rootshell-firmware-devel = "build -p rootshell --bin rootshell --target armv7-unknown-linux-musleabihf --profile firmware-devel"
+
 [target.aarch64-apple-darwin]
 linker = "rust-lld"
 rustflags = ["-C", "target-feature=+crt-static"]

.gitattributes

@@ -0,0 +1,10 @@
+# Files that are distributed onto the Rayhunter device always have to have
+# Unix-style line endings, even if the installer is built on Windows with
+# autocrlf enabled.
+# Using CRLF for the init scripts will make them fail to execute on TP-Link.
+# See https://github.com/EFForg/rayhunter/issues/489
+
+dist/config.toml.in eol=lf
+dist/scripts/misc-daemon eol=lf
+dist/scripts/rayhunter_daemon eol=lf
+scripts/*.sh eol=lf

.github/ISSUE_TEMPLATE/bug.yaml

@@ -2,6 +2,12 @@ name: Bug Report
 description: File a bug report.
 labels: ["bug"]
 body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      options:
+        - label: I have read [CONTRIBUTING.md](https://github.com/EFForg/rayhunter/blob/main/CONTRIBUTING.md)
+          required: true
   - type: textarea
     attributes:
       label: Bug Report Details

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1,10 @@
-blank_issues_enabled: true
+blank_issues_enabled: false
 contact_links:
-  - name: Rayhunter Mattermost
+  - name: Frequently Asked Questions
-    url: https://opensource.eff.org/signup_user_complete/?id=6iqur37ucfrctfswrs14iscobw&md=link&sbr=su
+    url: https://efforg.github.io/rayhunter/faq.html
-    about: If you're having trouble using Rayhunter and aren't sure you've found a bug or request for a new feature, please first try asking for help here. There is a much larger community there of people familiar with the project who will be able to more quickly answer your questions.
+  - name: Questions and community
+    url: https://efforg.github.io/rayhunter/support-feedback-community.html
+    about: If you're having trouble using Rayhunter and aren't sure you've found a bug or request for a new feature, please first try asking for help on GitHub discussions or Mattermost
   - name: Rayhunter Security Policy
     url: https://github.com/EFForg/rayhunter/security/advisories/new
     about: Please report security vulnerabilities here.

.github/ISSUE_TEMPLATE/feature.yaml

@@ -2,6 +2,12 @@ name: Feature Request
 description: Suggest a new feature or improvement to Rayhunter
 labels: ["enhancement"]
 body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      options:
+        - label: I have read [CONTRIBUTING.md](https://github.com/EFForg/rayhunter/blob/main/CONTRIBUTING.md)
+          required: true
   - type: textarea
     id: problem
     attributes:

.github/ISSUE_TEMPLATE/installer-bug.yaml

@@ -0,0 +1,53 @@
+name: Installer Issue
+description: File an bug related to an installer issue.
+labels: ["bug", "installer"]
+body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      options:
+        - label: I have read [CONTRIBUTING.md](https://github.com/EFForg/rayhunter/blob/main/CONTRIBUTING.md)
+          required: true
+  - type: input
+    attributes:
+      label: Rayhunter Version
+      placeholder: 'v0.5.0'
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Device
+      description: |
+        What device are you trying to install Rayhunter on?
+      options:
+        - Orbic RC400L
+        - Tplink M7350
+        - Tplink M7310
+        - Tmobile TMOHS1
+        - Wingtech CT2MHS0
+        - Pinephone
+        - Other / I'm not sure
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Installer OS
+      description: What operating system are running the installer from
+      multiple: false
+      options:
+        - Linux
+        - macOS
+        - Windows
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the Issue
+      description: |
+        Please describe the issue you're having installing Rayhunter.
+        Include the logs outputed by the installer program. If the installer
+        is crashing, please try running the installer with `RUST_BACKTRACE=1`
+        environment variable set so we can see exactly where the installer is
+        crashing.
+    validations:
+      required: true

.github/dependabot.yml

@@ -0,0 +1,41 @@
+version: 2
+updates:
+  # Rust dependencies
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependency-type:
+        patterns:
+          - "*"
+
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/tools"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependency-type:
+        patterns:
+          - "*"
+
+  # daemon/web Node.js dependencies
+  - package-ecosystem: "npm"
+    directory: "/daemon/web"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependency-type:
+        patterns:
+          - "*"
+
+  # installer-gui Node.js dependencies
+  - package-ecosystem: "npm"
+    directory: "/installer-gui"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependency-type:
+        patterns:
+          - "*"

.github/pull_request_template.md

@@ -1,6 +1,13 @@
 ## Pull Request Checklist
 
-- [ ] The Rayhunter team has recently expressed interest in reviewing a PR for this. If not, this PR may be closed due our limited resources and need to prioritize how we spend them.
+- [ ] The Rayhunter team has recently expressed interest in reviewing a PR for this.
+  - If not, this PR may be closed due our limited resources and need to prioritize how we spend them.
 - [ ] Added or updated any documentation as needed to support the changes in this PR.
-- [ ] Code has been linted and run through `cargo fmt`
+- [ ] Code has been linted and run through `cargo fmt`.
-- [ ] If any new functionality has been added, unit tests were also added
+- [ ] If any new functionality has been added, unit tests were also added.
+- [ ] [CONTRIBUTING.md](https://github.com/EFForg/rayhunter/blob/main/CONTRIBUTING.md) has been read.
+- [ ] Your pull request is fewer than ~400 lines of code.
+
+You must check one of:
+- [ ] No generative AI (including LLMs) tools were used to create this PR.
+- [ ] Generative AI was used to create this PR. I certify that I have read and understand the code, and *that all comments and descriptions were authored by myself* and are not the product of generative AI.

.github/workflows/main.yml

@@ -11,6 +11,9 @@ env:
   CARGO_TERM_COLOR: always
   FILE_ROOTSHELL: ../../rootshell/rootshell
   FILE_RAYHUNTER_DAEMON: ../../rayhunter-daemon/rayhunter-daemon
+  FILE_WPA_SUPPLICANT: ../../wpa-supplicant/wpa_supplicant
+  FILE_WPA_CLI: ../../wpa-supplicant/wpa_cli
+  FILE_IW: ../../wpa-supplicant/iw
   RUSTFLAGS: "-Dwarnings"
 
 jobs:
@@ -20,66 +23,89 @@ jobs:
     permissions:
       contents: read
     outputs:
-      code_changed: ${{ steps.files_changed.outputs.code_count }}
+      code_changed: ${{ steps.files_changed.outputs.code_count != '0' }}
-      daemon_changed: ${{ steps.files_changed.outputs.daemon_count }}
+      daemon_changed: ${{ steps.files_changed.outputs.daemon_count != '0' }}
-      web_changed: ${{ steps.files_changed.outputs.web_count }}
+      daemon_needed: ${{ steps.files_changed.outputs.daemon_count != '0' || steps.files_changed.outputs.installer_build != '0' }}
-      docs_changed: ${{ steps.files_changed.outputs.docs_count }}
+      web_changed: ${{ steps.files_changed.outputs.web_count != '0' }}
-      installer_changed: ${{ steps.files_changed.outputs.installer_count }}
+      docs_changed: ${{ steps.files_changed.outputs.docs_count != '0' || steps.files_changed.outputs.daemon_count != '0' }}
-      rootshell_changed: ${{ steps.files_changed.outputs.rootshell_count }}
+      installer_changed: ${{ steps.files_changed.outputs.installer_count != '0' }}
+      installer_gui_changed: ${{ steps.files_changed.outputs.installer_gui_count != '0' }}
+      rootshell_needed: ${{ steps.files_changed.outputs.rootshell_count != '0' || steps.files_changed.outputs.installer_build != '0' }}
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
       - name: detect file changes
         id: files_changed
         run: |
           lcommit=${{ github.event.pull_request.base.sha || 'origin/main' }}
 
-          # If we are on main, or if these workflow files are being changed, run everything
+          # If we are on main, if workflow/cargo config files changed, or if
-          if [ ${{ github.ref }} = 'refs/heads/main' ] || git diff --name-only $lcommit..HEAD | grep -qe ^.github/workflows/ -e ^.cargo
+          # the latest commit message contains "#build-all", run everything.
+          # Use #build-all in a commit message to force a full build on a PR
+          # branch (useful for testing release builds without merging to main).
+          if [ ${GITHUB_REF} = 'refs/heads/main' ] || git diff --name-only $lcommit..HEAD | grep -qe ^.github/workflows/ -e ^.cargo || git log -1 --format='%s %b' | grep -qF '#build-all'
           then
             echo "building everything"
             echo code_count=forced >> "$GITHUB_OUTPUT"
             echo daemon_count=forced >> "$GITHUB_OUTPUT"
             echo web_count=forced >> "$GITHUB_OUTPUT"
             echo docs_count=forced >> "$GITHUB_OUTPUT"
+            echo installer_build=forced >> "$GITHUB_OUTPUT"
             echo installer_count=forced >> "$GITHUB_OUTPUT"
+            echo installer_gui_count=forced >> "$GITHUB_OUTPUT"
             echo rootshell_count=forced >> "$GITHUB_OUTPUT"
           else
             echo "code_count=$(git diff --name-only $lcommit...HEAD | grep -e ^daemon -e ^installer -e ^check -e ^lib -e ^rootshell -e ^telcom-parser | wc -l)" >> "$GITHUB_OUTPUT"
             echo "daemon_count=$(git diff --name-only $lcommit...HEAD | grep -e ^daemon -e ^lib -e ^telcom-parser | wc -l)" >> "$GITHUB_OUTPUT"
             echo "web_count=$(git diff --name-only $lcommit...HEAD | grep -e ^daemon/web | wc -l)" >> "$GITHUB_OUTPUT"
             echo "docs_count=$(git diff --name-only $lcommit...HEAD | grep -e ^book.toml -e ^doc | wc -l)" >> "$GITHUB_OUTPUT"
-            echo "installer_count=$(git diff --name-only $lcommit...HEAD | grep -e ^installer | wc -l)" >> "$GITHUB_OUTPUT"
             echo "rootshell_count=$(git diff --name-only $lcommit...HEAD | grep -e ^rootshell | wc -l)" >> "$GITHUB_OUTPUT"
+
+            installer_count=$(git diff --name-only $lcommit...HEAD | grep -e ^installer/ | wc -l)
+            installer_gui_count=$(git diff --name-only $lcommit...HEAD | grep -e ^installer-gui | wc -l)
+
+            if [ $installer_count != "0" ] || [ $installer_gui_count != "0" ]; then
+              echo "installer_build=1" >> "$GITHUB_OUTPUT"
+            else
+              echo "installer_build=0" >> "$GITHUB_OUTPUT"
+            fi
+
+            echo "installer_count=$installer_count" >> "$GITHUB_OUTPUT"
+            echo "installer_gui_count=$installer_gui_count" >> "$GITHUB_OUTPUT"
           fi
 
   mdbook_test:
     name: Test mdBook Documentation builds
     needs: files_changed
-    if: needs.files_changed.outputs.docs_changed != '0'
+    if: needs.files_changed.outputs.docs_changed == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: Swatinem/rust-cache@v2
       - name: Install mdBook
         run: |
           cargo install mdbook --no-default-features --features search --vers "^0.4" --locked
       - name: Test mdBook
         run: mdbook test
 
-  mdbook_publish:
+  mdbook_build:
-    name: Publish mdBook to Github Pages
+    name: Build mdBook for Github Pages
     needs: mdbook_test
     if: ${{ github.ref == 'refs/heads/main' }}
     permissions:
-      pages: write
       contents: write
-      id-token: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: Swatinem/rust-cache@v2
       - name: Install mdBook
         run: |
           cargo install mdbook --no-default-features --features search --vers "^0.4" --locked
@@ -87,23 +113,25 @@ jobs:
       - name: Build mdBook
         run: mdbook build
 
-      - name: Setup Pages
-        uses: actions/configure-pages@v4
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
+          name: book
           path: book
-      - name: Deploy to Github Pages
-        uses: actions/deploy-pages@v4
 
   check_and_test:
     needs: files_changed
-    if: needs.files_changed.outputs.code_changed != '0'
+    if: needs.files_changed.outputs.code_changed == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
     - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: rustfmt, clippy
     - uses: Swatinem/rust-cache@v2
     - name: Check formatting
       run: cargo fmt --all --check
@@ -121,9 +149,37 @@ jobs:
       run: |
         NO_FIRMWARE_BIN=true cargo clippy --verbose
 
-  test_web_frontend:
+  installer_gui_check:
+    # we test the GUI installer separately to:
+    # 1) mimic the default behavior of cargo commands for rayhunter devs where
+    #    installer-gui isn't one of the default workspace packages
+    # 2) avoid slowing down development on changes unrelated to the GUI installer
     needs: files_changed
-    if: needs.files_changed.outputs.web_changed != '0'
+    if: needs.files_changed.outputs.installer_gui_changed == 'true'
+    # we run this on macos simply because no additional OS packages need to be
+    # installed
+    runs-on: macos-latest
+    permissions:
+      contents: read
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: clippy
+    - uses: Swatinem/rust-cache@v2
+    # we don't need to run cargo fmt here because both cargo fmt and cargo
+    # fmt --all runs on all workspace packages so this is handled by
+    # check_and_test above
+    - name: Check
+      run: NO_FIRMWARE_BIN=true cargo check --package installer-gui --verbose
+    - name: Run clippy
+      run: NO_FIRMWARE_BIN=true cargo clippy --package installer-gui --verbose
+
+  test_daemon_frontend:
+    needs: files_changed
+    if: needs.files_changed.outputs.web_changed == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -132,19 +188,40 @@ jobs:
         working-directory: daemon/web
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - run: npm install
       - run: npm run lint
       - run: npm run check
       - run: npm run test
 
+  test_installer_frontend:
+    needs: files_changed
+    if: needs.files_changed.outputs.installer_gui_changed == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    defaults:
+      run:
+        working-directory: installer-gui
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - run: npm install
+      - run: npm run lint
+      - run: npm run check
+
   windows_installer_check_and_test:
     needs: files_changed
-    if: needs.files_changed.outputs.installer_changed != '0'
+    if: needs.files_changed.outputs.installer_changed == 'true'
     runs-on: windows-latest
     permissions:
       contents: read
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: Swatinem/rust-cache@v2
       - name: cargo check
         shell: bash
@@ -158,7 +235,7 @@ jobs:
           NO_FIRMWARE_BIN=true cargo test --verbose --no-default-features
 
   build_rayhunter_check:
-    if: needs.files_changed.outputs.daemon_changed != '0'
+    if: needs.files_changed.outputs.daemon_changed == 'true'
     needs:
       - check_and_test
       - files_changed
@@ -181,7 +258,7 @@ jobs:
             os: macos-latest
             target: aarch64-apple-darwin
           - name: macos-intel
-            os: macos-13
+            os: macos-latest
             target: x86_64-apple-darwin
           - name: windows-x86_64
             os: windows-latest
@@ -189,6 +266,8 @@ jobs:
     runs-on: ${{ matrix.platform.os }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@stable
         with:
           targets: ${{ matrix.platform.target }}
@@ -202,7 +281,7 @@ jobs:
           if-no-files-found: error
 
   build_rootshell:
-    if: needs.files_changed.outputs.rootshell_changed != '0'
+    if: needs.files_changed.outputs.rootshell_needed == 'true'
     needs:
       - check_and_test
       - files_changed
@@ -211,20 +290,46 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@stable
         with:
           targets: armv7-unknown-linux-musleabihf
       - uses: Swatinem/rust-cache@v2
       - name: Build rootshell (armv7)
-        run: cargo build --bin rootshell --target armv7-unknown-linux-musleabihf --profile=firmware
+        run: cargo build -p rootshell --bin rootshell --target armv7-unknown-linux-musleabihf --profile=firmware
       - uses: actions/upload-artifact@v4
         with:
           name: rootshell
           path: target/armv7-unknown-linux-musleabihf/firmware/rootshell
           if-no-files-found: error
 
+  build_wpa_supplicant:
+    if: needs.files_changed.outputs.installer_changed == 'true'
+    needs:
+      - files_changed
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Install cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-arm-linux-gnueabihf
+      - name: Build wpa_supplicant (armv7)
+        run: CC=arm-linux-gnueabihf-gcc STRIP=arm-linux-gnueabihf-strip HOST=arm-linux-gnueabihf scripts/build-wpa-supplicant.sh
+      - uses: actions/upload-artifact@v4
+        with:
+          name: wpa-supplicant
+          path: |
+            tools/build-wpa-supplicant/out/wpa_supplicant
+            tools/build-wpa-supplicant/out/wpa_cli
+            tools/build-wpa-supplicant/out/iw
+          if-no-files-found: error
+
   build_rayhunter:
-    if: needs.files_changed.outputs.daemon_changed != '0'
+    if: needs.files_changed.outputs.daemon_needed == 'true'
     needs:
       - check_and_test
       - files_changed
@@ -234,25 +339,27 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
         with:
-          targets: armv7-unknown-linux-musleabihf
+          persist-credentials: false
-      - uses: Swatinem/rust-cache@v2
+      - name: Build frontend
-      - name: Build rayhunter-daemon (armv7)
         run: |
           pushd daemon/web
           npm install
           npm run build
           popd
-          # Run with -p so that cargo will select the minimum feature set for this package.
+      - name: Build rayhunter-daemon (armv7)
-          #
+        # Cross-compile inside messense/rust-musl-cross, which bundles an
-          # Otherwise, it will consider the union of all requested features
+        # arm-linux-musleabihf cross gcc that aws-lc-sys needs.
-          # from all packages in the workspace. For example, if installer
+        run: |
-          # requires tokio with "full" feature, it will be included no matter
+          mkdir -p "$HOME/.cargo-musl-cross"
-          # what the feature selection in rayhunter-daemon is.
+          docker run --rm \
-          #
+            --user "$(id -u):$(id -g)" \
-          # https://github.com/rust-lang/cargo/issues/4463
+            -v "$PWD":/work \
-          cargo build -p rayhunter-daemon --bin rayhunter-daemon --target armv7-unknown-linux-musleabihf --profile=firmware
+            -v "$HOME/.cargo-musl-cross":/cargo-home \
+            -e CARGO_HOME=/cargo-home \
+            -w /work \
+            messense/rust-musl-cross:armv7-musleabihf \
+            cargo build-daemon-firmware
       - uses: actions/upload-artifact@v4
         with:
           name: rayhunter-daemon
@@ -260,13 +367,14 @@ jobs:
           if-no-files-found: error
 
   build_rust_installer:
-    if: needs.files_changed.outputs.installer_changed != '0'
+    if: needs.files_changed.outputs.installer_changed == 'true'
     permissions:
       contents: read
       packages: write
     needs:
       - build_rayhunter
       - build_rootshell
+      - build_wpa_supplicant
       - files_changed
       - windows_installer_check_and_test
     strategy:
@@ -285,7 +393,7 @@ jobs:
             os: macos-latest
             target: aarch64-apple-darwin
           - name: macos-intel
-            os: macos-13
+            os: macos-latest
             target: x86_64-apple-darwin
           - name: windows-x86_64
             os: windows-latest
@@ -293,6 +401,8 @@ jobs:
     runs-on: ${{ matrix.platform.os }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/download-artifact@v4
       - uses: dtolnay/rust-toolchain@stable
         with:
@@ -305,6 +415,145 @@ jobs:
           path: target/${{ matrix.platform.target }}/release/installer${{ matrix.platform.os == 'windows-latest' && '.exe' || '' }}
           if-no-files-found: error
 
+  build_installer_gui_linux:
+    if: needs.files_changed.outputs.installer_gui_changed == 'true'
+    permissions:
+      contents: read
+      packages: write
+    needs:
+      - build_rayhunter
+      - build_rootshell
+      - files_changed
+      - installer_gui_check
+      - test_installer_frontend
+    strategy:
+      matrix:
+        platform:
+          # we want to use the oldest supported version of ubuntu here to
+          # maximize compatibility with older versions of glibc
+          - name: linux-x64
+            os: ubuntu-22.04
+            target: x86_64-unknown-linux-gnu
+          - name: linux-aarch64
+            os: ubuntu-22.04-arm
+            target: aarch64-unknown-linux-gnu
+    runs-on: ${{ matrix.platform.os }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: actions/download-artifact@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform.target }}
+      - uses: Swatinem/rust-cache@v2
+      - name: Install tauri dependencies
+        run: sudo apt-get update && sudo apt-get install -y libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev xdg-utils
+      - name: Build GUI installer
+        shell: bash
+        run: |
+          cd installer-gui
+          npm install
+          npm run tauri build -- --target ${{ matrix.platform.target }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-${{ matrix.platform.name }}-appimage
+          path: target/${{ matrix.platform.target }}/release/bundle/appimage/*.AppImage
+          if-no-files-found: error
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-${{ matrix.platform.name }}-deb
+          path: target/${{ matrix.platform.target }}/release/bundle/deb/*.deb
+          if-no-files-found: error
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-${{ matrix.platform.name }}-rpm
+          path: target/${{ matrix.platform.target }}/release/bundle/rpm/*.rpm
+          if-no-files-found: error
+
+  build_installer_gui_macos:
+    if: needs.files_changed.outputs.installer_gui_changed == 'true'
+    permissions:
+      contents: read
+      packages: write
+    needs:
+      - build_rayhunter
+      - build_rootshell
+      - files_changed
+      - installer_gui_check
+      - test_installer_frontend
+    strategy:
+      matrix:
+        platform:
+          - name: macos-arm
+            target: aarch64-apple-darwin
+          - name: macos-intel
+            target: x86_64-apple-darwin
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: actions/download-artifact@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform.target }}
+      - uses: Swatinem/rust-cache@v2
+      - name: Build GUI installer
+        shell: bash
+        run: |
+          cd installer-gui
+          npm install
+          npm run tauri build -- --target ${{ matrix.platform.target }}
+          cd ..
+          mv "target/${{ matrix.platform.target }}/release/bundle/macos/"*.app .
+          zip -r "rayhunter-installer-${{ matrix.platform.name }}.app.zip" ./*.app
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-${{ matrix.platform.name }}-app
+          path: ./*.app.zip
+          if-no-files-found: error
+
+  build_installer_gui_windows:
+    if: needs.files_changed.outputs.installer_gui_changed == 'true'
+    permissions:
+      contents: read
+      packages: write
+    needs:
+      - build_rayhunter
+      - build_rootshell
+      - files_changed
+      - installer_gui_check
+      - test_installer_frontend
+    env:
+      TARGET: x86_64-pc-windows-msvc
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: actions/download-artifact@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ env.TARGET }}
+      - uses: Swatinem/rust-cache@v2
+      - name: Build GUI installer
+        shell: bash
+        run: |
+          cd installer-gui
+          npm install
+          npm run tauri build -- --target ${{ env.TARGET }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-msi
+          path: target/${{ env.TARGET }}/release/bundle/msi/*.msi
+          if-no-files-found: error
+      - uses: actions/upload-artifact@v4
+        with:
+          name: gui-installer-exe
+          path: target/${{ env.TARGET }}/release/bundle/nsis/*.exe
+          if-no-files-found: error
+
   build_release_zip:
     permissions:
       contents: read
@@ -326,6 +575,8 @@ jobs:
           - windows-x86_64
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/download-artifact@v4
       - name: Fix executable permissions on binaries
         run: chmod +x installer-*/installer rayhunter-check-*/rayhunter-check rayhunter-daemon/rayhunter-daemon
@@ -335,10 +586,15 @@ jobs:
       - name: Setup versioned release directory
         run: |
           platform="${{ matrix.platform }}"
-          dest="rayhunter-v${{ env.VERSION }}-${{ matrix.platform }}"
+          dest="rayhunter-v${VERSION}-${{ matrix.platform }}"
           mkdir "$dest"
-          mv installer-$platform/installer* "$dest"/installer
+          # Handle installer with proper extension for Windows
-          cp -r rayhunter-daemon rootshell/rootshell dist/* installer/install.ps1 "$dest"/
+          if [ "$platform" = "windows-x86_64" ]; then
+            mv installer-$platform/installer.exe "$dest"/installer.exe
+          else
+            mv installer-$platform/installer "$dest"/installer
+          fi
+          cp -r rayhunter-check-* rayhunter-daemon dist/scripts "$dest"/
           zip -r "$dest.zip" "$dest"
           sha256sum "$dest.zip" > "$dest.zip.sha256"
 
@@ -350,3 +606,57 @@ jobs:
             rayhunter-v${{ env.VERSION }}-${{ matrix.platform }}.zip
             rayhunter-v${{ env.VERSION }}-${{ matrix.platform }}.zip.sha256
           if-no-files-found: error
+
+  openapi_build:
+    if: needs.files_changed.outputs.docs_changed == 'true'
+    needs:
+      - files_changed
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: armv7-unknown-linux-musleabihf
+      - uses: Swatinem/rust-cache@v2
+      - name: Build rayhunter-daemon openapi docs
+        run: |
+          mkdir -p daemon/web/build
+          touch daemon/web/build/{favicon.png,index.html.gz,rayhunter_orca_only.png,rayhunter_text.png}
+          cargo run --bin gen_api --features apidocs -- ./rayhunter-openapi.json
+      - name: Make swagger folder
+        run: |
+          mkdir api-docs
+          mv doc/swagger-ui.html api-docs/index.html
+          mv rayhunter-openapi.json api-docs/
+      - uses: actions/upload-artifact@v4
+        with:
+          name: api-docs
+          path: api-docs
+
+  github_pages_publish:
+    name: Upload new documentation to Github Pages
+    if: ${{ github.ref == 'refs/heads/main' }}
+    permissions:
+      pages: write
+      contents: write
+      id-token: write
+    needs:
+      - mdbook_build
+      - openapi_build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+      - uses: actions/download-artifact@v4
+      - name: Organize pages into directory
+        run: cp -a api-docs book/
+      - name: Upload pages
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: book
+      - name: Deploy Github Pages
+        uses: actions/deploy-pages@v4

.github/workflows/release.yml

@@ -14,10 +14,12 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Ensure all Cargo.toml files have the same version defined.
         run: |
-          defined_versions=$(find lib check daemon installer rootshell telcom-parser -name Cargo.toml -exec grep ^version {} \; | sort -u | wc -l)
+          defined_versions=$(find lib check daemon installer installer-gui rootshell telcom-parser -name Cargo.toml -exec grep ^version {} \; | sort -u | wc -l)
-          find lib check daemon installer rootshell telcom-parser -name Cargo.toml -exec grep ^version {} \;
+          find lib check daemon installer installer-gui rootshell telcom-parser -name Cargo.toml -exec grep ^version {} \;
           echo number of defined versions = $defined_versions
           if [ $defined_versions != "1" ]
           then
@@ -41,6 +43,8 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/download-artifact@v4
       - name: Create release
         run: |

.gitignore

@@ -1,3 +1,4 @@
 /target
 /book
 .DS_Store
+/tools/build-wpa-supplicant

CONTRIBUTING.md

@@ -0,0 +1,85 @@
+# How to contribute to Rayhunter
+
+## Filing issues and starting discussions
+
+Our issue tracker is [on GitHub](https://github.com/EFForg/rayhunter/issues).
+
+- If your rayhunter has found an IMSI-catcher, we strongly encourage you to
+  [send us that information
+  privately.](https://efforg.github.io/rayhunter/faq.html#help-rayhunters-line-is-redorangeyellowdotteddashed-what-should-i-do) via Signal.
+
+- Issues should be actionable. If you don't have a
+  specific feature request or bug report, consider [creating a
+  discussion](https://github.com/EFForg/rayhunter/discussions) or [joining our Mattermost](https://efforg.github.io/rayhunter/support-feedback-community.html) instead.
+
+  Example of a good bug report:
+
+  - "Installer broken on TP-Link M7350 v3.0"
+  - "Display does not update to green after finding"
+  - "The documentation is wrong" (though we encourage you to file a pull request directly)
+
+  Example of a good feature request:
+
+  - "Use LED on device XYZ for showing recording status"
+
+  Example of something that belongs into discussion:
+
+  - "In region XYZ, do I need an activated SIM?"
+  - "Where to buy this device in region XYZ?"
+  - "Can this device be supported?" While this is a valid feature
+    request, we just get this request too often, and without some exploratory
+    work done upfront it's often unclear initially if that device can be
+    supported at all.
+
+- The issue templates are mostly there to give you a clue what kind of
+  information is needed from you, and whether your request belongs into the issue
+  tracker. Fill them out to be on the safe side, but they are not mandatory.
+
+## Contributing patches
+
+To edit documentation or fix a bug, make a pull request. If you're about to
+write a substantial amount of code or implement a new feature, we strongly
+encourage you to talk to us before implementing it or check if any issues have
+been opened for it already. Otherwise there is a chance we will reject your
+contribution after you have spent time on it.
+
+On the other hand, for small documentation fixes you can file a PR without
+filing an issue.
+
+Otherwise:
+
+- Refer to [installing from
+  source](https://efforg.github.io/rayhunter/installing-from-source.html) for
+  how to build Rayhunter from the git repository.
+
+- Ensure that `cargo fmt` and `cargo clippy` have been run.
+
+- If you add new features, please do your best to both write tests for and also
+  manually test them. Our test coverage isn't great, but as new features are
+  added we are trying to prevent it from becoming worse.
+
+- Please keep your contributions to less than approximately 400 lines of code not counting tests, (going slightly over is fine, we aren't dogmatic about it.) This is because we are not able to give quality code review to contributions larger than that and risk introducing bugs into the system. [There was a study showing 400 LOC is the max most humans can handle.](https://smartbear.com/learn/code-review/best-practices-for-peer-code-review/)
+
+If you have any questions [feel free to open a discussion or chat with us on Mattermost.](https://efforg.github.io/rayhunter/support-feedback-community.html)
+
+### Policy regarding AI-generated contributions:
+
+- Please refrain from submissions that you haven't thoroughly understood, reviewed, and tested.
+- Please disclose if your contribution was AI-generated
+- Descriptions and comments should be made by you
+
+You can read our [full policy](https://www.eff.org/about/opportunities/volunteer/coding-with-eff) and some writing on [our motivations](https://www.eff.org/deeplinks/2026/02/effs-policy-llm-assisted-contributions-our-open-source-projects).
+
+## Making releases
+
+This one is for maintainers of Rayhunter.
+
+1. Make a PR changing the versions in `Cargo.toml` and other files.
+   This could be automated better but right now it's manual. You can do this easily with sed:
+   `sed -i "" -E 's/x.x.x/y.y.y/g' */Cargo.toml`
+
+2. Merge PR and make a tag.
+
+3. [Run release workflow.](https://github.com/EFForg/rayhunter/actions/workflows/release.yml)
+
+4. Write changelog, edit it into the release, announce on mattermost.

Cargo.toml

@@ -7,5 +7,17 @@ members = [
     "rootshell",
     "telcom-parser",
     "installer",
+    "installer-gui/src-tauri",
+]
+# at least for now, let's keep installer-gui out of the list of default
+# packages. installer-gui is still experimental and requires many new packages
+# both from cargo and the underlying operating system
+default-members = [
+    "lib",
+    "daemon",
+    "check",
+    "rootshell",
+    "telcom-parser",
+    "installer",
 ]
 resolver = "2"

README.md

@@ -1,7 +1,19 @@
-![Rayhunter Logo - An Orca taking a bite out of a cellular signal bar](https://www.eff.org/files/styles/media_browser_preview/public/banner_library/rayhunter-banner.png)
-
 # Rayhunter
-
 ![Tests](https://github.com/EFForg/rayhunter/actions/workflows/main.yml/badge.svg)
 
-Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot. To learn more, check out the [Rayhunter Book](https://efforg.github.io/rayhunter/).
+![Rayhunter Logo - An Orca taking a bite out of a cellular signal bar](https://www.eff.org/files/styles/media_browser_preview/public/banner_library/rayhunter-banner.png)
+
+Rayhunter is a project for detecting IMSI catchers, also known as cell-site simulators or stingrays. It was first designed to run on a cheap mobile hotspot called the Orbic RC400L, but thanks to community efforts, it can [support some other devices as well](https://efforg.github.io/rayhunter/supported-devices.html).
+It's also designed to be as easy to install and use as possible, regardless of your level of technical skills, and to minimize false positives. 
+
+→  Check out the [installation guide](https://efforg.github.io/rayhunter/installation.html) to get started.
+
+→ To learn more about the aim of the project, and about IMSI catchers in general, please check out our [introductory blog post](https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying). 
+
+→ For discussion, help, or to join the mattermost channel and get involved with the project and community check out the [many ways listed here](https://efforg.github.io/rayhunter/support-feedback-community.html)!
+
+→ To learn more about the project in general check out the [Rayhunter Book](https://efforg.github.io/rayhunter/).
+
+**LEGAL DISCLAIMER:** Use this program at your own risk. We believe running this program does not currently violate any laws or regulations in the United States. However, we are not responsible for civil or criminal liability resulting from the use of this software. If you are located outside of the US please consult with an attorney in your country to help you assess the legal risks of running this program.
+
+*Good Hunting!*

book.toml

@@ -6,3 +6,4 @@ title = "Rayhunter - An IMSI Catcher Catcher"
 
 [output.html]
 edit-url-template = "https://github.com/efforg/rayhunter/edit/main/{path}"
+additional-css = ["doc/custom.css"]

check/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rayhunter-check"
-version = "0.5.0"
+version = "0.10.2"
 edition = "2024"
 
 [dependencies]
@@ -10,5 +10,4 @@ log = "0.4.20"
 tokio = { version = "1.44.2", default-features = false, features = ["fs", "signal", "process", "rt-multi-thread"] }
 pcap-file-tokio = "0.1.0"
 clap = { version = "4.5.2", features = ["derive"] }
-simple_logger = "5.0.0"
 walkdir = "2.5.0"

check/src/main.rs

@@ -16,19 +16,19 @@ use walkdir::WalkDir;
 #[derive(Parser, Debug)]
 #[command(version, about)]
 struct Args {
-    #[arg(short = 'p', long)]
+    #[arg(short = 'p', long, help = "A file or directory of packet captures")]
     path: PathBuf,
 
-    #[arg(short = 'P', long)]
+    #[arg(short = 'P', long, help = "Convert qmdl files to pcap before analysis")]
     pcapify: bool,
 
-    #[arg(long)]
+    #[arg(long, help = "Show why some packets were skipped during analysis")]
     show_skipped: bool,
 
-    #[arg(short, long)]
+    #[arg(short, long, help = "Only print warnings/errors to stdout")]
     quiet: bool,
 
-    #[arg(short, long)]
+    #[arg(short, long, help = "Show debug messages")]
     debug: bool,
 }
 
@@ -65,10 +65,10 @@ impl Report {
                 EventType::Informational => {
                     info!("{}: INFO - {} {}", self.file_path, timestamp, event.message,);
                 }
-                EventType::QualitativeWarning { severity } => {
+                EventType::Low | EventType::Medium | EventType::High => {
                     warn!(
                         "{}: WARNING (Severity: {:?}) - {} {}",
-                        self.file_path, severity, timestamp, event.message,
+                        self.file_path, event.event_type, timestamp, event.message,
                     );
                     self.warnings += 1;
                 }
@@ -177,14 +177,7 @@ async fn main() {
     } else {
         log::LevelFilter::Info
     };
-    simple_logger::SimpleLogger::new()
+    rayhunter::init_logging(level);
-        .with_colors(true)
-        .without_timestamps()
-        .with_level(level)
-        //Filter out a stupid massive amount of uneccesary warnings from hampi about undecoded extensions
-        .with_module_level("asn1_codecs", log::LevelFilter::Error)
-        .init()
-        .unwrap();
 
     let harness = Harness::new_with_config(&AnalyzerConfig::default());
     info!("Analyzers:");

daemon/Cargo.toml

@@ -1,10 +1,27 @@
 [package]
 name = "rayhunter-daemon"
-version = "0.5.0"
+version = "0.10.2"
 edition = "2024"
+rust-version = "1.88.0"
+
+[lib]
+name = "rayhunter_daemon"
+path = "src/lib.rs"
+
+[[bin]]
+name = "gen_api"
+path = "src/bin/gen_api.rs"
+required-features = ["apidocs"]
+
+[features]
+default = ["rustcrypto-tls"]
+rustcrypto-tls = ["reqwest/rustls-tls-webpki-roots-no-provider", "dep:rustls-rustcrypto"]
+pq-tls = ["reqwest/rustls-tls-webpki-roots-no-provider", "dep:rustls-post-quantum"]
+apidocs = ["dep:utoipa", "wifi-station/utoipa"]
 
 [dependencies]
 rayhunter = { path = "../lib" }
+wifi-station = { git = "https://github.com/BeigeBox/wifi-station", rev = "e8ec5b4" }
 toml = "0.8.8"
 serde = { version = "1.0.193", features = ["derive"] }
 tokio = { version = "1.44.2", default-features = false, features = ["fs", "signal", "process", "rt"] }
@@ -12,16 +29,20 @@ axum = { version = "0.8", default-features = false, features = ["http1", "tokio"
 thiserror = "1.0.52"
 libc = "0.2.150"
 log = "0.4.20"
-env_logger = { version = "0.11", default-features = false }
 tokio-util = { version = "0.7.10", features = ["rt", "io", "compat"] }
 futures-macro = "0.3.30"
 include_dir = "0.7.3"
 chrono = { version = "0.4.31", features = ["serde"] }
-tokio-stream = { version = "0.1.14", default-features = false }
+tokio-stream = { version = "0.1.14", default-features = false, features = ["io-util"] }
 futures = { version = "0.3.30", default-features = false }
 serde_json = "1.0.114"
 image = { version =  "0.25.1", default-features = false, features = ["png", "gif"] }
-tempfile = "3.10.1"
+tempfile = "3.10.2"
 async_zip = { version = "0.0.17", features = ["tokio"] }
 anyhow = "1.0.98"
+reqwest = { version = "0.12.20", default-features = false }
+rustls-rustcrypto = { version = "0.0.2-alpha", optional = true }
+rustls-post-quantum = { version = "0.2.4", optional = true }
 async-trait = "0.1.88"
+utoipa = { version = "5.4.0", optional = true }
+url = "2.5.4"

daemon/src/analysis.rs

@@ -1,5 +1,5 @@
 use std::sync::Arc;
-use std::{future, pin};
+use std::{cmp, future, pin};
 
 use axum::Json;
 use axum::{
@@ -8,7 +8,7 @@ use axum::{
 };
 use futures::TryStreamExt;
 use log::{error, info};
-use rayhunter::analysis::analyzer::{AnalyzerConfig, Harness};
+use rayhunter::analysis::analyzer::{AnalyzerConfig, EventType, Harness};
 use rayhunter::diag::{DataType, MessagesContainer};
 use rayhunter::qmdl::QmdlReader;
 use serde::Serialize;
@@ -47,15 +47,19 @@ impl AnalysisWriter {
 
     // Runs the analysis harness on the given container, serializing the results
     // to the analysis file, returning the whether any warnings were detected
-    pub async fn analyze(&mut self, container: MessagesContainer) -> Result<bool, std::io::Error> {
+    pub async fn analyze(
-        let mut warning_detected = false;
+        &mut self,
+        container: MessagesContainer,
+    ) -> Result<EventType, std::io::Error> {
+        let mut max_type = EventType::Informational;
+
         for row in self.harness.analyze_qmdl_messages(container) {
             if !row.is_empty() {
                 self.write(&row).await?;
             }
-            warning_detected |= row.contains_warnings();
+            max_type = cmp::max(max_type, row.get_max_event_type());
         }
-        Ok(warning_detected)
+        Ok(max_type)
     }
 
     async fn write<T: Serialize>(&mut self, value: &T) -> Result<(), std::io::Error> {
@@ -73,10 +77,15 @@ impl AnalysisWriter {
     }
 }
 
+/// The system status relating to QMDL file analysis
 #[derive(Debug, Serialize, Clone)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct AnalysisStatus {
+    /// The vector array of queued files
     queued: Vec<String>,
+    /// The file currently being analyzed
     running: Option<String>,
+    /// The vector array of finished files
     finished: Vec<String>,
 }
 
@@ -211,6 +220,16 @@ pub fn run_analysis_thread(
     });
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/analysis",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = AnalysisStatus)
+    ),
+    summary = "Analysis status",
+    description = "Show analysis status for all QMDL files."
+))]
 pub async fn get_analysis_status(
     State(state): State<Arc<ServerState>>,
 ) -> Result<Json<AnalysisStatus>, (StatusCode, String)> {
@@ -227,6 +246,20 @@ fn queue_qmdl(name: &str, analysis_status: &mut RwLockWriteGuard<AnalysisStatus>
     true
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/analysis/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Unable to queue analysis file")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL file to analyze")
+    ),
+    summary = "Start analysis",
+    description = "Begin analysis of QMDL file {name}."
+))]
 pub async fn start_analysis(
     State(state): State<Arc<ServerState>>,
     Path(qmdl_name): Path<String>,

daemon/src/battery/mod.rs

@@ -0,0 +1,121 @@
+use std::{path::Path, time::Duration};
+
+use log::{info, warn};
+use rayhunter::Device;
+use serde::Serialize;
+use tokio::select;
+use tokio_util::{sync::CancellationToken, task::TaskTracker};
+
+use crate::{
+    error::RayhunterError,
+    notifications::{Notification, NotificationType},
+};
+
+pub mod orbic;
+pub mod tmobile;
+pub mod tplink;
+pub mod wingtech;
+
+const LOW_BATTERY_LEVEL: u8 = 10;
+
+/// Device battery information
+#[derive(Clone, Copy, PartialEq, Debug, Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
+pub struct BatteryState {
+    /// The current level in percentage of the device battery
+    level: u8,
+    /// A boolean indicating whether the battery is currently being charged
+    is_plugged_in: bool,
+}
+
+async fn is_plugged_in_from_file(path: &Path) -> Result<bool, RayhunterError> {
+    match tokio::fs::read_to_string(path)
+        .await
+        .map_err(RayhunterError::TokioError)?
+        .chars()
+        .next()
+    {
+        Some('0') => Ok(false),
+        Some('1') => Ok(true),
+        _ => Err(RayhunterError::BatteryPluggedInStatusParseError),
+    }
+}
+
+async fn get_level_from_percentage_file(path: &Path) -> Result<u8, RayhunterError> {
+    tokio::fs::read_to_string(path)
+        .await
+        .map_err(RayhunterError::TokioError)?
+        .trim_end()
+        .parse()
+        .or(Err(RayhunterError::BatteryLevelParseError))
+}
+
+pub async fn get_battery_status(device: &Device) -> Result<BatteryState, RayhunterError> {
+    Ok(match device {
+        Device::Orbic => orbic::get_battery_state().await?,
+        Device::Wingtech => wingtech::get_battery_state().await?,
+        Device::Tmobile => tmobile::get_battery_state().await?,
+        Device::Tplink => tplink::get_battery_state().await?,
+        _ => return Err(RayhunterError::FunctionNotSupportedForDeviceError),
+    })
+}
+
+pub fn run_battery_notification_worker(
+    task_tracker: &TaskTracker,
+    device: Device,
+    notification_channel: tokio::sync::mpsc::Sender<Notification>,
+    shutdown_token: CancellationToken,
+) {
+    task_tracker.spawn(async move {
+        // Don't send a notification initially if the device starts at a low battery level.
+        let mut triggered = match get_battery_status(&device).await {
+            Err(RayhunterError::FunctionNotSupportedForDeviceError) => {
+                info!("Battery status not supported for this device, disabling battery notifications");
+                return;
+            }
+            Err(e) => {
+                warn!("Failed to get battery status: {e}");
+                true
+            }
+            Ok(status) => status.level <= LOW_BATTERY_LEVEL,
+        };
+
+        loop {
+            select! {
+                _ = shutdown_token.cancelled() => break,
+                _ = tokio::time::sleep(Duration::from_secs(15)) => {}
+            }
+
+            let status = match get_battery_status(&device).await {
+                Err(RayhunterError::FunctionNotSupportedForDeviceError) => {
+                    info!("Battery status not supported for this device, disabling battery notifications");
+                    break;
+                }
+                Err(e) => {
+                    warn!("Failed to get battery status: {e}");
+                    continue;
+                }
+                Ok(status) => status,
+            };
+
+            // To avoid flapping, if the notification has already been triggered
+            // wait until the device has been plugged in and the battery level
+            // is high enough to re-enable notifications.
+            if triggered && status.is_plugged_in && status.level > LOW_BATTERY_LEVEL {
+                triggered = false;
+                continue;
+            }
+            if !triggered && !status.is_plugged_in && status.level <= LOW_BATTERY_LEVEL {
+                notification_channel
+                    .send(Notification::new(
+                        NotificationType::LowBattery,
+                        "Rayhunter's battery is low".to_string(),
+                        None,
+                    ))
+                    .await
+                    .expect("Failed to send to notification channel");
+                triggered = true;
+            }
+        }
+    });
+}

daemon/src/battery/orbic.rs

@@ -0,0 +1,28 @@
+use std::path::Path;
+
+use crate::{
+    battery::{BatteryState, is_plugged_in_from_file},
+    error::RayhunterError,
+};
+
+const BATTERY_LEVEL_FILE: &str = "/sys/kernel/chg_info/level";
+const PLUGGED_IN_STATE_FILE: &str = "/sys/kernel/chg_info/chg_en";
+
+pub async fn get_battery_state() -> Result<BatteryState, RayhunterError> {
+    Ok(BatteryState {
+        level: match tokio::fs::read_to_string(&BATTERY_LEVEL_FILE)
+            .await
+            .map_err(RayhunterError::TokioError)?
+            .chars()
+            .next()
+        {
+            Some('1') => Ok(10),
+            Some('2') => Ok(25),
+            Some('3') => Ok(50),
+            Some('4') => Ok(75),
+            Some('5') => Ok(100),
+            _ => Err(RayhunterError::BatteryLevelParseError),
+        }?,
+        is_plugged_in: is_plugged_in_from_file(Path::new(PLUGGED_IN_STATE_FILE)).await?,
+    })
+}

daemon/src/battery/tmobile.rs

@@ -0,0 +1,16 @@
+use std::path::Path;
+
+use crate::{
+    battery::{BatteryState, get_level_from_percentage_file, is_plugged_in_from_file},
+    error::RayhunterError,
+};
+
+const BATTERY_LEVEL_FILE: &str = "/sys/class/power_supply/bms/capacity";
+const PLUGGED_IN_STATE_FILE: &str = "/sys/devices/78d9000.usb/power_supply/usb/online";
+
+pub async fn get_battery_state() -> Result<BatteryState, RayhunterError> {
+    Ok(BatteryState {
+        level: get_level_from_percentage_file(Path::new(BATTERY_LEVEL_FILE)).await?,
+        is_plugged_in: is_plugged_in_from_file(Path::new(PLUGGED_IN_STATE_FILE)).await?,
+    })
+}

daemon/src/battery/tplink.rs

@@ -0,0 +1,39 @@
+use crate::{battery::BatteryState, error::RayhunterError};
+
+pub async fn get_battery_state() -> Result<BatteryState, RayhunterError> {
+    let uci_battery = tokio::process::Command::new("uci")
+        .arg("get")
+        .arg("battery.battery_mgr.power_level")
+        .output()
+        .await?;
+
+    let uci_plugged_in = tokio::process::Command::new("uci")
+        .arg("get")
+        .arg("battery.battery_mgr.is_charging")
+        .output()
+        .await?;
+
+    if !uci_battery.status.success() {
+        return Err(RayhunterError::BatteryLevelParseError);
+    }
+
+    if !uci_plugged_in.status.success() {
+        return Err(RayhunterError::BatteryPluggedInStatusParseError);
+    }
+
+    let uci_battery = String::from_utf8_lossy(&uci_battery.stdout)
+        .trim_end()
+        .parse()
+        .map_err(|_| RayhunterError::BatteryLevelParseError)?;
+
+    let uci_plugged_in = match String::from_utf8_lossy(&uci_plugged_in.stdout).trim_end() {
+        "0" => Ok(false),
+        "1" => Ok(true),
+        _ => Err(RayhunterError::BatteryPluggedInStatusParseError),
+    }?;
+
+    Ok(BatteryState {
+        level: uci_battery,
+        is_plugged_in: uci_plugged_in,
+    })
+}

daemon/src/battery/wingtech.rs

@@ -0,0 +1,17 @@
+use std::path::Path;
+
+use crate::{
+    battery::{BatteryState, get_level_from_percentage_file, is_plugged_in_from_file},
+    error::RayhunterError,
+};
+
+const BATTERY_LEVEL_FILE: &str =
+    "/sys/devices/78b7000.i2c/i2c-3/3-0063/power_supply/cw2017-bat/capacity";
+const PLUGGED_IN_STATE_FILE: &str = "/sys/devices/8a00000.ssusb/power_supply/usb/online";
+
+pub async fn get_battery_state() -> Result<BatteryState, RayhunterError> {
+    Ok(BatteryState {
+        level: get_level_from_percentage_file(Path::new(BATTERY_LEVEL_FILE)).await?,
+        is_plugged_in: is_plugged_in_from_file(Path::new(PLUGGED_IN_STATE_FILE)).await?,
+    })
+}

daemon/src/bin/gen_api.rs

@@ -0,0 +1,12 @@
+use std::{env, fs};
+
+fn main() {
+    let content = rayhunter_daemon::ApiDocs::generate();
+    let mut filename = "openapi.json".to_string();
+    let args: Vec<String> = env::args().collect();
+    if args.len() > 1 {
+        filename = args[1].to_string();
+    }
+
+    fs::write(filename, content).unwrap();
+}

daemon/src/config.rs

@@ -5,18 +5,51 @@ use rayhunter::Device;
 use rayhunter::analysis::analyzer::AnalyzerConfig;
 
 use crate::error::RayhunterError;
+use crate::notifications::NotificationType;
 
+/// The structure of a valid rayhunter configuration
 #[derive(Debug, Clone, Deserialize, Serialize)]
 #[serde(default)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct Config {
+    /// Path to store QMDL files
     pub qmdl_store_path: String,
+    /// Listening port
     pub port: u16,
+    /// Debug mode
     pub debug_mode: bool,
+    /// Internal device name
     pub device: Device,
+    /// UI level
     pub ui_level: u8,
+    /// Colorblind mode
     pub colorblind_mode: bool,
+    /// Key input mode
     pub key_input_mode: u8,
+    /// ntfy.sh URL
+    pub ntfy_url: Option<String>,
+    /// Vector containing the types of enabled notifications
+    pub enabled_notifications: Vec<NotificationType>,
+    /// Vector containing the list of enabled analyzers
     pub analyzers: AnalyzerConfig,
+    /// Minimum disk space required to start a recording
+    pub min_space_to_start_recording_mb: u64,
+    /// Minimum disk space required to continue a recording
+    pub min_space_to_continue_recording_mb: u64,
+    /// Wifi client SSID
+    pub wifi_ssid: Option<String>,
+    /// Wifi client password
+    pub wifi_password: Option<String>,
+    /// Wifi security type (wpa_psk or sae)
+    pub wifi_security: Option<wifi_station::SecurityType>,
+    /// Wifi client mode
+    pub wifi_enabled: bool,
+    /// Vector containing wifi client DNS servers
+    pub dns_servers: Option<Vec<String>>,
+    /// Wifi client firewall mode
+    pub firewall_restrict_outbound: bool,
+    /// Vector containing additional wifi client firewall ports to open
+    pub firewall_allowed_ports: Option<Vec<u16>>,
 }
 
 impl Default for Config {
@@ -30,20 +63,87 @@ impl Default for Config {
             colorblind_mode: false,
             key_input_mode: 0,
             analyzers: AnalyzerConfig::default(),
+            ntfy_url: None,
+            enabled_notifications: vec![NotificationType::Warning, NotificationType::LowBattery],
+            min_space_to_start_recording_mb: 1,
+            min_space_to_continue_recording_mb: 1,
+            wifi_ssid: None,
+            wifi_password: None,
+            wifi_security: None,
+            wifi_enabled: false,
+            dns_servers: None,
+            firewall_restrict_outbound: true,
+            firewall_allowed_ports: None,
         }
     }
 }
 
+impl Config {
+    pub fn wifi_config(&self) -> wifi_station::WifiConfig {
+        let (wpa_bin, hostapd_conf, ctrl_interface) = match self.device {
+            Device::Tmobile | Device::Wingtech => (
+                Some("/usr/sbin/wpa_supplicant".into()),
+                Some("/data/configs/hostapd.conf".into()),
+                None,
+            ),
+            Device::Uz801 => (
+                Some("/system/bin/wpa_supplicant".into()),
+                Some("/data/misc/wifi/hostapd.conf".into()),
+                Some("/data/misc/wifi/sockets".into()),
+            ),
+            _ => (None, None, None),
+        };
+        wifi_station::WifiConfig {
+            wifi_enabled: self.wifi_enabled,
+            dns_servers: self.dns_servers.clone(),
+            wifi_ssid: self.wifi_ssid.clone(),
+            wifi_password: self.wifi_password.clone(),
+            security_type: self.wifi_security,
+            wpa_supplicant_bin: wpa_bin.or_else(|| resolve_bin("wpa_supplicant")),
+            hostapd_conf,
+            ctrl_interface,
+            udhcpc_hook_path: Some("/data/rayhunter/udhcpc-hook.sh".into()),
+            dhcp_lease_path: Some("/data/rayhunter/dhcp_lease".into()),
+            wpa_conf_path: Some("/data/rayhunter/wpa_sta.conf".into()),
+            iw_bin: resolve_bin("iw"),
+            udhcpc_bin: resolve_bin("udhcpc"),
+            crash_log_dir: Some("/data/rayhunter/crash-logs".into()),
+            wakelock_name: Some("rayhunter".into()),
+        }
+    }
+}
+
+fn resolve_bin(name: &str) -> Option<String> {
+    let local = format!("/data/rayhunter/bin/{name}");
+    if std::path::Path::new(&local).exists() {
+        return Some(local);
+    }
+    None
+}
+
 pub async fn parse_config<P>(path: P) -> Result<Config, RayhunterError>
 where
     P: AsRef<std::path::Path>,
 {
-    if let Ok(config_file) = tokio::fs::read_to_string(&path).await {
+    let mut config = if let Ok(config_file) = tokio::fs::read_to_string(&path).await {
-        Ok(toml::from_str(&config_file).map_err(RayhunterError::ConfigFileParsingError)?)
+        toml::from_str(&config_file).map_err(RayhunterError::ConfigFileParsingError)?
     } else {
         warn!("unable to read config file, using default config");
-        Ok(Config::default())
+        Config::default()
+    };
+
+    if let Some((ssid, security)) =
+        wifi_station::read_network_from_wpa_conf("/data/rayhunter/wpa_sta.conf")
+    {
+        config.wifi_ssid = Some(ssid);
+        config.wifi_security = Some(security);
+    } else {
+        config.wifi_ssid = None;
+        config.wifi_security = None;
     }
+    config.wifi_password = None;
+
+    Ok(config)
 }
 
 pub struct Args {

daemon/src/crypto_provider.rs

@@ -0,0 +1,23 @@
+use std::sync::Once;
+
+static INSTALL: Once = Once::new();
+
+/// Install the default rustls `CryptoProvider` for the current process.
+///
+/// This is idempotent so that it's easier to use in tests, but also panics loudly if the
+/// initialization fails.
+pub fn install_default() {
+    // Crypto providers fail if they get initialized multiple times, but we don't want to just
+    // ignore all errors, hence the use of once.
+    INSTALL.call_once(|| {
+        #[cfg(feature = "rustcrypto-tls")]
+        rustls_rustcrypto::provider()
+            .install_default()
+            .expect("failed to install rustcrypto crypto provider");
+
+        #[cfg(feature = "pq-tls")]
+        rustls_post_quantum::provider()
+            .install_default()
+            .expect("failed to install aws-lc-rs post-quantum crypto provider");
+    });
+}

daemon/src/diag.rs

@@ -1,143 +1,436 @@
+use std::ops::DerefMut;
 use std::pin::pin;
 use std::sync::Arc;
+use std::time::Duration;
 
 use axum::body::Body;
 use axum::extract::{Path, State};
 use axum::http::StatusCode;
 use axum::http::header::CONTENT_TYPE;
 use axum::response::{IntoResponse, Response};
-use futures::{StreamExt, TryStreamExt};
+use futures::{StreamExt, TryStreamExt, future};
 use log::{debug, error, info, warn};
-use rayhunter::analysis::analyzer::AnalyzerConfig;
+use tokio::fs::File;
-use rayhunter::diag::DataType;
+use tokio::io::{AsyncBufReadExt, BufReader};
+use tokio::sync::mpsc::{Receiver, Sender};
+use tokio::sync::{RwLock, oneshot};
+use tokio_stream::wrappers::LinesStream;
+use tokio_util::task::TaskTracker;
+
+#[cfg(feature = "apidocs")]
+use rayhunter::analysis::analyzer::ReportMetadata;
+use rayhunter::analysis::analyzer::{AnalysisLineNormalizer, AnalyzerConfig, EventType};
+use rayhunter::diag::{DataType, MessagesContainer};
 use rayhunter::diag_device::DiagDevice;
 use rayhunter::qmdl::QmdlWriter;
-use tokio::fs::File;
-use tokio::sync::RwLock;
-use tokio::sync::mpsc::{Receiver, Sender};
-use tokio_util::io::ReaderStream;
-use tokio_util::task::TaskTracker;
 
 use crate::analysis::{AnalysisCtrlMessage, AnalysisWriter};
 use crate::display;
-use crate::qmdl_store::{EntryType, RecordingStore, RecordingStoreError};
+use crate::notifications::{Notification, NotificationType};
+use crate::qmdl_store::{RecordingStore, RecordingStoreError};
 use crate::server::ServerState;
+use crate::stats::DiskStats;
+
+const DISK_CHECK_BYTES_INTERVAL: usize = 256 * 1024;
 
 pub enum DiagDeviceCtrlMessage {
     StopRecording,
-    StartRecording,
+    StartRecording {
+        response_tx: Option<oneshot::Sender<Result<(), String>>>,
+    },
+    DeleteEntry {
+        name: String,
+        response_tx: oneshot::Sender<Result<(), RecordingStoreError>>,
+    },
+    DeleteAllEntries {
+        response_tx: oneshot::Sender<Result<(), RecordingStoreError>>,
+    },
     Exit,
 }
 
+pub struct DiagTask {
+    ui_update_sender: Sender<display::DisplayState>,
+    analysis_sender: Sender<AnalysisCtrlMessage>,
+    analyzer_config: AnalyzerConfig,
+    notification_channel: tokio::sync::mpsc::Sender<Notification>,
+    min_space_to_start_mb: u64,
+    min_space_to_continue_mb: u64,
+    state: DiagState,
+    max_type_seen: EventType,
+    bytes_since_space_check: usize,
+    low_space_warned: bool,
+}
+
+enum DiagState {
+    Recording {
+        qmdl_writer: QmdlWriter<File>,
+        analysis_writer: Box<AnalysisWriter>,
+    },
+    Stopped,
+}
+
+enum DiskSpaceCheck {
+    Ok(u64),
+    Warning(u64),
+    Critical(u64),
+    Failed,
+}
+
+fn check_disk_space(path: &std::path::Path, warning_mb: u64, critical_mb: u64) -> DiskSpaceCheck {
+    match DiskStats::new(path.to_str().unwrap()) {
+        Ok(stats) => {
+            let available_mb = stats.available_bytes.unwrap_or(0) / 1024 / 1024;
+            if available_mb < critical_mb {
+                DiskSpaceCheck::Critical(available_mb)
+            } else if available_mb < warning_mb {
+                DiskSpaceCheck::Warning(available_mb)
+            } else {
+                DiskSpaceCheck::Ok(available_mb)
+            }
+        }
+        Err(e) => {
+            warn!("Failed to check disk space: {e}");
+            DiskSpaceCheck::Failed
+        }
+    }
+}
+
+impl DiagTask {
+    fn new(
+        ui_update_sender: Sender<display::DisplayState>,
+        analysis_sender: Sender<AnalysisCtrlMessage>,
+        analyzer_config: AnalyzerConfig,
+        notification_channel: tokio::sync::mpsc::Sender<Notification>,
+        min_space_to_start_mb: u64,
+        min_space_to_continue_mb: u64,
+    ) -> Self {
+        Self {
+            ui_update_sender,
+            analysis_sender,
+            analyzer_config,
+            notification_channel,
+            min_space_to_start_mb,
+            min_space_to_continue_mb,
+            state: DiagState::Stopped,
+            max_type_seen: EventType::Informational,
+            bytes_since_space_check: 0,
+            low_space_warned: false,
+        }
+    }
+
+    /// Start recording, returning an error if disk space is too low.
+    async fn start(&mut self, qmdl_store: &mut RecordingStore) -> Result<(), String> {
+        self.max_type_seen = EventType::Informational;
+        self.bytes_since_space_check = 0;
+        self.low_space_warned = false;
+
+        match check_disk_space(
+            &qmdl_store.path,
+            self.min_space_to_start_mb,
+            self.min_space_to_continue_mb,
+        ) {
+            DiskSpaceCheck::Critical(mb) | DiskSpaceCheck::Warning(mb) => {
+                let msg = format!(
+                    "Insufficient disk space: {}MB available, {}MB required",
+                    mb, self.min_space_to_start_mb
+                );
+                error!("{msg}");
+                return Err(msg);
+            }
+            DiskSpaceCheck::Ok(mb) => {
+                info!("Starting recording with {}MB disk space available", mb);
+            }
+            DiskSpaceCheck::Failed => {}
+        }
+
+        let (qmdl_file, analysis_file) = match qmdl_store.new_entry().await {
+            Ok(files) => files,
+            Err(e) => {
+                let msg = format!("failed creating QMDL file entry: {e}");
+                error!("{msg}");
+                return Err(msg);
+            }
+        };
+        self.stop_current_recording().await;
+        let qmdl_writer = QmdlWriter::new(qmdl_file);
+        let analysis_writer = match AnalysisWriter::new(analysis_file, &self.analyzer_config).await
+        {
+            Ok(writer) => Box::new(writer),
+            Err(e) => {
+                let msg = format!("failed to create analysis writer: {e}");
+                error!("{msg}");
+                return Err(msg);
+            }
+        };
+        self.state = DiagState::Recording {
+            qmdl_writer,
+            analysis_writer,
+        };
+        if let Err(e) = self
+            .ui_update_sender
+            .send(display::DisplayState::Recording)
+            .await
+        {
+            warn!("couldn't send ui update message: {e}");
+        }
+        Ok(())
+    }
+
+    /// Stop recording, optionally annotating the entry with a reason.
+    async fn stop(&mut self, qmdl_store: &mut RecordingStore, reason: Option<String>) {
+        self.stop_current_recording().await;
+        if let Some(reason) = reason
+            && let Err(e) = qmdl_store.set_current_stop_reason(reason).await
+        {
+            warn!("couldn't set stop reason: {e}");
+        }
+        if let Some((_, entry)) = qmdl_store.get_current_entry()
+            && let Err(e) = self
+                .analysis_sender
+                .send(AnalysisCtrlMessage::RecordingFinished(
+                    entry.name.to_string(),
+                ))
+                .await
+        {
+            warn!("couldn't send analysis message: {e}");
+        }
+        if let Err(e) = qmdl_store.close_current_entry().await {
+            error!("couldn't close current entry: {e}");
+        }
+        if let Err(e) = self
+            .ui_update_sender
+            .send(display::DisplayState::Paused)
+            .await
+        {
+            warn!("couldn't send ui update message: {e}");
+        }
+    }
+
+    async fn delete_entry(
+        &mut self,
+        qmdl_store: &mut RecordingStore,
+        name: &str,
+    ) -> Result<(), RecordingStoreError> {
+        if qmdl_store.is_current_entry(name) {
+            self.stop(qmdl_store, None).await;
+        }
+        let res = qmdl_store.delete_entry(name).await;
+        if let Err(e) = res.as_ref() {
+            error!("Error deleting QMDL entry {e}");
+        }
+        res
+    }
+
+    async fn delete_all_entries(
+        &mut self,
+        qmdl_store: &mut RecordingStore,
+    ) -> Result<(), RecordingStoreError> {
+        self.stop(qmdl_store, None).await;
+        let res = qmdl_store.delete_all_entries().await;
+        if let Err(e) = res.as_ref() {
+            error!("Error deleting QMDL entries {e}");
+        }
+        res
+    }
+
+    async fn stop_current_recording(&mut self) {
+        let mut state = DiagState::Stopped;
+        std::mem::swap(&mut self.state, &mut state);
+        if let DiagState::Recording {
+            analysis_writer, ..
+        } = state
+        {
+            analysis_writer
+                .close()
+                .await
+                .expect("failed to close analysis writer");
+        }
+    }
+
+    async fn process_container(
+        &mut self,
+        qmdl_store: &mut RecordingStore,
+        container: MessagesContainer,
+    ) {
+        if container.data_type != DataType::UserSpace {
+            debug!("skipping non-userspace diag messages...");
+            return;
+        }
+        // keep track of how many bytes were written to the QMDL file so we can read
+        // a valid block of data from it in the HTTP server
+        if let DiagState::Recording {
+            qmdl_writer,
+            analysis_writer,
+        } = &mut self.state
+        {
+            if self.bytes_since_space_check >= DISK_CHECK_BYTES_INTERVAL {
+                self.bytes_since_space_check = 0;
+                match check_disk_space(
+                    &qmdl_store.path,
+                    self.min_space_to_start_mb,
+                    self.min_space_to_continue_mb,
+                ) {
+                    DiskSpaceCheck::Critical(mb) => {
+                        let reason = format!(
+                            "Disk space critically low ({}MB free), recording stopped automatically",
+                            mb
+                        );
+                        error!("{reason}");
+
+                        self.notification_channel
+                            .send(Notification::new(
+                                NotificationType::Warning,
+                                reason.clone(),
+                                None,
+                            ))
+                            .await
+                            .ok();
+
+                        self.stop(qmdl_store, Some(reason)).await;
+                        return;
+                    }
+                    DiskSpaceCheck::Warning(mb) if !self.low_space_warned => {
+                        self.low_space_warned = true;
+                        warn!("Disk space low: {}MB remaining", mb);
+                        self.notification_channel
+                            .send(Notification::new(
+                                NotificationType::Warning,
+                                format!("Disk space low: {}MB free", mb),
+                                Some(Duration::from_secs(30)),
+                            ))
+                            .await
+                            .ok();
+                    }
+                    _ => {}
+                }
+            }
+
+            if let Err(e) = qmdl_writer.write_container(&container).await {
+                let reason = format!("failed to write to QMDL (disk full?): {e}");
+                error!("{reason}");
+                self.stop(qmdl_store, Some(reason)).await;
+                return;
+            }
+            debug!(
+                "total QMDL bytes written: {}, updating manifest...",
+                qmdl_writer.total_written
+            );
+            let index = qmdl_store
+                .current_entry
+                .expect("DiagDevice had qmdl_writer, but QmdlStore didn't have current entry???");
+            if let Err(e) = qmdl_store
+                .update_entry_qmdl_size(index, qmdl_writer.total_written)
+                .await
+            {
+                let reason = format!("failed to update manifest (disk full?): {e}");
+                error!("{reason}");
+                self.stop(qmdl_store, Some(reason)).await;
+                return;
+            }
+            debug!("done!");
+            let container_bytes: usize = container.messages.iter().map(|m| m.data.len()).sum();
+            self.bytes_since_space_check += container_bytes;
+            let max_type = match analysis_writer.analyze(container).await {
+                Ok(t) => t,
+                Err(e) => {
+                    warn!("failed to analyze container: {e}");
+                    EventType::Informational
+                }
+            };
+
+            if max_type > EventType::Informational {
+                info!("a heuristic triggered on this run!");
+                self.notification_channel
+                    .send(Notification::new(
+                        NotificationType::Warning,
+                        format!("Rayhunter has detected a {:?} severity event", max_type),
+                        Some(Duration::from_secs(60 * 5)),
+                    ))
+                    .await
+                    .expect("Failed to send to notification channel");
+            }
+
+            if max_type > self.max_type_seen {
+                self.max_type_seen = max_type;
+                if self.max_type_seen > EventType::Informational {
+                    self.ui_update_sender
+                        .send(display::DisplayState::WarningDetected {
+                            event_type: self.max_type_seen,
+                        })
+                        .await
+                        .expect("couldn't send ui update message: {}");
+                }
+            }
+        } else {
+            debug!("no qmdl_writer set, continuing...");
+        }
+    }
+}
+
 #[allow(clippy::too_many_arguments)]
 pub fn run_diag_read_thread(
     task_tracker: &TaskTracker,
     mut dev: DiagDevice,
     mut qmdl_file_rx: Receiver<DiagDeviceCtrlMessage>,
+    qmdl_file_tx: Sender<DiagDeviceCtrlMessage>,
     ui_update_sender: Sender<display::DisplayState>,
     qmdl_store_lock: Arc<RwLock<RecordingStore>>,
     analysis_sender: Sender<AnalysisCtrlMessage>,
     analyzer_config: AnalyzerConfig,
+    notification_channel: tokio::sync::mpsc::Sender<Notification>,
+    min_space_to_start_mb: u64,
+    min_space_to_continue_mb: u64,
 ) {
     task_tracker.spawn(async move {
-        let (initial_qmdl_file, initial_analysis_file) = qmdl_store_lock.write().await.new_entry().await.expect("failed creating QMDL file entry");
-        let mut maybe_qmdl_writer: Option<QmdlWriter<File>> = Some(QmdlWriter::new(initial_qmdl_file));
         let mut diag_stream = pin!(dev.as_stream().into_stream());
-        let mut maybe_analysis_writer = Some(AnalysisWriter::new(initial_analysis_file, &analyzer_config).await
+        let mut diag_task = DiagTask::new(ui_update_sender, analysis_sender, analyzer_config, notification_channel, min_space_to_start_mb, min_space_to_continue_mb);
-            .expect("failed to create analysis writer"));
+        qmdl_file_tx
+            .send(DiagDeviceCtrlMessage::StartRecording { response_tx: None })
+            .await
+            .unwrap();
         loop {
             tokio::select! {
                 msg = qmdl_file_rx.recv() => {
                     match msg {
-                        Some(DiagDeviceCtrlMessage::StartRecording) => {
+                        Some(DiagDeviceCtrlMessage::StartRecording { response_tx }) => {
                             let mut qmdl_store = qmdl_store_lock.write().await;
-                            let (qmdl_file, new_analysis_file) = match qmdl_store.new_entry().await {
+                            let result = diag_task.start(qmdl_store.deref_mut()).await;
-                                Ok(x) => x,
+                            if let Some(tx) = response_tx {
-                                Err(e) => {
+                                tx.send(result).ok();
-                                    error!("couldn't create new qmdl entry: {e}");
-                                    continue;
-                                }
-                            };
-
-                            maybe_qmdl_writer = Some(QmdlWriter::new(qmdl_file));
-
-                            if let Some(analysis_writer) = maybe_analysis_writer {
-                                analysis_writer.close().await.expect("failed to close analysis writer");
-                            }
-
-                            maybe_analysis_writer = Some(AnalysisWriter::new(new_analysis_file, &analyzer_config).await
-                                .expect("failed to write to analysis file"));
-
-                            if let Err(e) = ui_update_sender.send(display::DisplayState::Recording).await {
-                                warn!("couldn't send ui update message: {e}");
                             }
                         },
                         Some(DiagDeviceCtrlMessage::StopRecording) => {
                             let mut qmdl_store = qmdl_store_lock.write().await;
-                            if let Some((_, entry)) = qmdl_store.get_current_entry() {
+                            diag_task.stop(qmdl_store.deref_mut(), None).await;
-                                    if let Err(e) = analysis_sender
-                                    .send(AnalysisCtrlMessage::RecordingFinished(
-                                            entry.name.to_string(),
-                                    ))
-                                    .await {
-                                        warn!("couldn't send analysis message: {e}");
-                                    }
-                            }
-                            if let Err(e) = qmdl_store.close_current_entry().await {
-                                error!("couldn't close current entry: {e}");
-                            }
-
-                            maybe_qmdl_writer = None;
-                            if let Some(analysis_writer) = maybe_analysis_writer {
-                                analysis_writer.close().await.expect("failed to close analysis writer");
-                            }
-                            maybe_analysis_writer = None;
-
-                            if let Err(e) = ui_update_sender.send(display::DisplayState::Paused).await {
-                                warn!("couldn't send ui update message: {e}");
-                            }
                         },
                         // None means all the Senders have been dropped, so it's
                         // time to go
                         Some(DiagDeviceCtrlMessage::Exit) | None => {
                             info!("Diag reader thread exiting...");
-                            if let Some(analysis_writer) = maybe_analysis_writer {
+                            diag_task.stop_current_recording().await;
-                                analysis_writer.close().await.expect("failed to close analysis writer");
-                            }
                             return Ok(())
                         },
+                        Some(DiagDeviceCtrlMessage::DeleteEntry { name, response_tx }) => {
+                            let mut qmdl_store = qmdl_store_lock.write().await;
+                            let resp = diag_task.delete_entry(qmdl_store.deref_mut(), name.as_str()).await;
+                            if response_tx.send(resp).is_err() {
+                                error!("Failed to send delete entry respons, receiver dropped");
+                            }
+                        },
+                        Some(DiagDeviceCtrlMessage::DeleteAllEntries { response_tx }) => {
+                            let mut qmdl_store = qmdl_store_lock.write().await;
+                            let resp = diag_task.delete_all_entries(qmdl_store.deref_mut()).await;
+                            if response_tx.send(resp).is_err() {
+                                error!("Failed to send delete all entries respons, receiver dropped");
+                            }
+                        },
                     }
                 }
                 maybe_container = diag_stream.next() => {
                     match maybe_container.unwrap() {
                         Ok(container) => {
-                            if container.data_type != DataType::UserSpace {
+                            let mut qmdl_store = qmdl_store_lock.write().await;
-                                debug!("skipping non-userspace diag messages...");
+                            diag_task.process_container(qmdl_store.deref_mut(), container).await
-                                continue;
-                            }
-                            // keep track of how many bytes were written to the QMDL file so we can read
-                            // a valid block of data from it in the HTTP server
-                            if let Some(qmdl_writer) = maybe_qmdl_writer.as_mut() {
-                                qmdl_writer.write_container(&container).await.expect("failed to write to QMDL writer");
-                                debug!("total QMDL bytes written: {}, updating manifest...", qmdl_writer.total_written);
-                                let mut qmdl_store = qmdl_store_lock.write().await;
-                                let index = qmdl_store.current_entry.expect("DiagDevice had qmdl_writer, but QmdlStore didn't have current entry???");
-                                qmdl_store.update_entry_qmdl_size(index, qmdl_writer.total_written).await
-                                    .expect("failed to update qmdl file size");
-                                debug!("done!");
-                            } else {
-                                debug!("no qmdl_writer set, continuing...");
-                            }
-
-                            if let Some(analysis_writer) = maybe_analysis_writer.as_mut() {
-                                let heuristic_warning = analysis_writer.analyze(container).await
-                                    .expect("failed to analyze container");
-                                if heuristic_warning {
-                                    info!("a heuristic triggered on this run!");
-                                    ui_update_sender.send(display::DisplayState::WarningDetected).await
-                                        .expect("couldn't send ui update message: {}");
-                                }
-                            }
                         },
                         Err(err) => {
                             error!("error reading diag device: {err}");
@@ -150,6 +443,19 @@ pub fn run_diag_read_thread(
     });
 }
 
+/// Start recording API for web thread
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/start-recording",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::FORBIDDEN, description = "System is in debug mode"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Recording action unsuccessful")
+    ),
+    summary = "Start recording",
+    description = "Begin a new data capture."
+))]
 pub async fn start_recording(
     State(state): State<Arc<ServerState>>,
 ) -> Result<(StatusCode, String), (StatusCode, String)> {
@@ -157,9 +463,12 @@ pub async fn start_recording(
         return Err((StatusCode::FORBIDDEN, "server is in debug mode".to_string()));
     }
 
+    let (response_tx, response_rx) = oneshot::channel();
     state
         .diag_device_ctrl_sender
-        .send(DiagDeviceCtrlMessage::StartRecording)
+        .send(DiagDeviceCtrlMessage::StartRecording {
+            response_tx: Some(response_tx),
+        })
         .await
         .map_err(|e| {
             (
@@ -168,9 +477,29 @@ pub async fn start_recording(
             )
         })?;
 
-    Ok((StatusCode::ACCEPTED, "ok".to_string()))
+    match response_rx.await {
+        Ok(Ok(())) => Ok((StatusCode::ACCEPTED, "ok".to_string())),
+        Ok(Err(reason)) => Err((StatusCode::INSUFFICIENT_STORAGE, reason)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            format!("failed to receive start recording response: {e}"),
+        )),
+    }
 }
 
+/// Stop recording API for web thread
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/stop-recording",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::FORBIDDEN, description = "System is in debug mode"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Recording action unsuccessful")
+    ),
+    summary = "Stop recording",
+    description = "Stop current data capture."
+))]
 pub async fn stop_recording(
     State(state): State<Arc<ServerState>>,
 ) -> Result<(StatusCode, String), (StatusCode, String)> {
@@ -190,6 +519,22 @@ pub async fn stop_recording(
     Ok((StatusCode::ACCEPTED, "ok".to_string()))
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/delete-recording/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::FORBIDDEN, description = "System is in debug mode"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Delete action unsuccessful"),
+        (status = StatusCode::BAD_REQUEST, description = "Bad recording name or no such recording")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL file to delete")
+    ),
+    summary = "Delete recording",
+    description = "Remove data capture file named {name}."
+))]
 pub async fn delete_recording(
     State(state): State<Arc<ServerState>>,
     Path(qmdl_name): Path<String>,
@@ -197,8 +542,27 @@ pub async fn delete_recording(
     if state.config.debug_mode {
         return Err((StatusCode::FORBIDDEN, "server is in debug mode".to_string()));
     }
-    let mut qmdl_store = state.qmdl_store_lock.write().await;
+    let (response_tx, response_rx) = oneshot::channel();
-    match qmdl_store.delete_entry(&qmdl_name).await {
+    state
+        .diag_device_ctrl_sender
+        .send(DiagDeviceCtrlMessage::DeleteEntry {
+            name: qmdl_name.clone(),
+            response_tx,
+        })
+        .await
+        .map_err(|e| {
+            (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                format!("couldn't send delete entry message: {e}"),
+            )
+        })?;
+    match response_rx.await.map_err(|e| {
+        (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            format!("failed to receive delete response: {e}"),
+        )
+    })? {
+        Ok(_) => Ok((StatusCode::ACCEPTED, "ok".to_string())),
         Err(RecordingStoreError::NoSuchEntryError) => Err((
             StatusCode::BAD_REQUEST,
             format!("no recording with name {qmdl_name}"),
@@ -207,70 +571,67 @@ pub async fn delete_recording(
             StatusCode::INTERNAL_SERVER_ERROR,
             format!("couldn't delete recording: {e}"),
         )),
-        Ok(entry_type) => {
-            if entry_type == EntryType::Current {
-                state
-                    .diag_device_ctrl_sender
-                    .send(DiagDeviceCtrlMessage::StopRecording)
-                    .await
-                    .map_err(|e| {
-                        (
-                            StatusCode::INTERNAL_SERVER_ERROR,
-                            format!("couldn't send stop recording message: {e}"),
-                        )
-                    })?;
-                state
-                    .ui_update_sender
-                    .send(display::DisplayState::Paused)
-                    .await
-                    .map_err(|e| {
-                        (
-                            StatusCode::INTERNAL_SERVER_ERROR,
-                            format!("couldn't send ui update message: {e}"),
-                        )
-                    })?;
-            }
-            Ok((StatusCode::ACCEPTED, "ok".to_string()))
-        }
     }
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/delete-all-recordings",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::FORBIDDEN, description = "System is in debug mode"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Delete action unsuccessful")
+    ),
+    summary = "Delete all recordings",
+    description = "Remove all saved data capture files."
+))]
 pub async fn delete_all_recordings(
     State(state): State<Arc<ServerState>>,
 ) -> Result<(StatusCode, String), (StatusCode, String)> {
     if state.config.debug_mode {
         return Err((StatusCode::FORBIDDEN, "server is in debug mode".to_string()));
     }
+    let (response_tx, response_rx) = oneshot::channel();
     state
         .diag_device_ctrl_sender
-        .send(DiagDeviceCtrlMessage::StopRecording)
+        .send(DiagDeviceCtrlMessage::DeleteAllEntries { response_tx })
         .await
         .map_err(|e| {
             (
                 StatusCode::INTERNAL_SERVER_ERROR,
-                format!("couldn't send stop recording message: {e}"),
+                format!("couldn't send delete all entries message: {e}"),
             )
         })?;
-    let mut qmdl_store = state.qmdl_store_lock.write().await;
+    match response_rx.await.map_err(|e| {
-    qmdl_store.delete_all_entries().await.map_err(|e| {
         (
             StatusCode::INTERNAL_SERVER_ERROR,
-            format!("couldn't delete all recordings: {e}"),
+            format!("failed to receive delete all response: {e}"),
         )
-    })?;
+    })? {
-    state
+        Ok(_) => Ok((StatusCode::ACCEPTED, "ok".to_string())),
-        .ui_update_sender
+        Err(e) => Err((
-        .send(display::DisplayState::Paused)
+            StatusCode::INTERNAL_SERVER_ERROR,
-        .await
+            format!("couldn't delete recordings: {e}"),
-        .map_err(|e| {
+        )),
-            (
+    }
-                StatusCode::INTERNAL_SERVER_ERROR,
-                format!("couldn't send ui update message: {e}"),
-            )
-        })?;
-    Ok((StatusCode::ACCEPTED, "ok".to_string()))
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/analysis-report/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = ReportMetadata, content_type = "application/x-ndjson"),
+        (status = StatusCode::SERVICE_UNAVAILABLE, description = "No QMDL files available; start a new recording."),
+        (status = StatusCode::NOT_FOUND, description = "File {name} not found")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL file to analyze")
+    ),
+    summary = "Analysis report",
+    description = "Download processed analysis report for QMDL file {name}, as well as the types (and versions) of analyzers used."
+))]
 pub async fn get_analysis_report(
     State(state): State<Arc<ServerState>>,
     Path(qmdl_name): Path<String>,
@@ -291,9 +652,17 @@ pub async fn get_analysis_report(
         .open_entry_analysis(entry_index)
         .await
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, format!("{e:?}")))?;
-    let analysis_stream = ReaderStream::new(analysis_file);
+
+    // Read and normalize the NDJSON file
+    let reader = BufReader::new(analysis_file);
+    let lines_stream = LinesStream::new(reader.lines());
+
+    let mut normalizer = AnalysisLineNormalizer::new();
+    let normalized_stream = lines_stream
+        .try_filter(|line| future::ready(!line.is_empty()))
+        .map_ok(move |line| normalizer.normalize_line(line));
 
     let headers = [(CONTENT_TYPE, "application/x-ndjson")];
-    let body = Body::from_stream(analysis_stream);
+    let body = Body::from_stream(normalized_stream);
     Ok((headers, body).into_response())
 }

daemon/src/display/generic_framebuffer.rs

@@ -5,21 +5,29 @@ use std::time::Duration;
 
 use crate::config;
 use crate::display::DisplayState;
+use rayhunter::analysis::analyzer::EventType;
 
 use log::{error, info};
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::{sync::CancellationToken, task::TaskTracker};
-use tokio::sync::oneshot::error::TryRecvError;
-use tokio_util::task::TaskTracker;
 
 use include_dir::{Dir, include_dir};
 
+const REFRESH_RATE: u64 = 1000; //how often in milliseconds to refresh the display
+
 #[derive(Copy, Clone)]
 pub struct Dimensions {
     pub height: u32,
     pub width: u32,
 }
 
+#[derive(Copy, Clone)]
+pub enum LinePattern {
+    Solid,
+    Dashed, // _ _ _ _
+    Dotted, // . . . .
+}
+
 #[allow(dead_code)]
 #[derive(Copy, Clone)]
 pub enum Color {
@@ -31,6 +39,7 @@ pub enum Color {
     Cyan,
     Yellow,
     Pink,
+    Orange,
 }
 
 impl Color {
@@ -44,23 +53,33 @@ impl Color {
             Color::Cyan => (0, 0xff, 0xff),
             Color::Yellow => (0xff, 0xff, 0),
             Color::Pink => (0xfe, 0x24, 0xff),
+            Color::Orange => (0xff, 0xa5, 0),
         }
     }
 }
 
-impl Color {
+fn display_style_from_state(state: DisplayState, colorblind_mode: bool) -> (Color, LinePattern) {
-    fn from_state(state: DisplayState, colorblind_mode: bool) -> Self {
+    match state {
-        match state {
+        DisplayState::Paused => (Color::White, LinePattern::Solid),
-            DisplayState::Paused => Color::White,
+        DisplayState::Recording => {
-            DisplayState::Recording => {
+            if colorblind_mode {
+                (Color::Blue, LinePattern::Solid)
+            } else {
+                (Color::Green, LinePattern::Solid)
+            }
+        }
+        DisplayState::WarningDetected { event_type } => match event_type {
+            EventType::Informational => {
                 if colorblind_mode {
-                    Color::Blue
+                    (Color::Blue, LinePattern::Solid)
                 } else {
-                    Color::Green
+                    (Color::Green, LinePattern::Solid)
                 }
             }
-            DisplayState::WarningDetected => Color::Red,
+            EventType::Low => (Color::Yellow, LinePattern::Dotted),
-        }
+            EventType::Medium => (Color::Orange, LinePattern::Dashed),
+            EventType::High => (Color::Red, LinePattern::Solid),
+        },
     }
 }
 
@@ -83,7 +102,7 @@ pub trait GenericFramebuffer: Send + 'static {
             resized_img = img;
         }
         let img_rgba8 = resized_img.as_rgba8().unwrap();
-        let mut buf = Vec::new();
+        let mut buf = Vec::with_capacity((height * width).try_into().unwrap());
         for y in 0..height {
             for x in 0..width {
                 let px = img_rgba8.get_pixel(x, y);
@@ -120,11 +139,28 @@ pub trait GenericFramebuffer: Send + 'static {
     }
 
     async fn draw_line(&mut self, color: Color, height: u32) {
+        self.draw_patterned_line(color, height, LinePattern::Solid)
+            .await
+    }
+
+    async fn draw_patterned_line(&mut self, color: Color, height: u32, pattern: LinePattern) {
         let width = self.dimensions().width;
-        let px_num = height * width;
+        let mut buffer = Vec::with_capacity((height * width).try_into().unwrap());
-        let mut buffer = Vec::new();
+
-        for _ in 0..px_num {
+        for _row in 0..height {
-            buffer.push(color.rgb());
+            for col in 0..width {
+                let should_draw = match pattern {
+                    LinePattern::Solid => true,
+                    LinePattern::Dashed => (col / 4) % 2 == 0, // 4 pixels on, 4 pixels off
+                    LinePattern::Dotted => col % 4 == 0,       // 1 pixel on, 3 pixels off
+                };
+
+                if should_draw {
+                    buffer.push(color.rgb());
+                } else {
+                    buffer.push((0, 0, 0)); // Black background
+                }
+            }
         }
 
         self.write_buffer(buffer).await
@@ -135,17 +171,18 @@ pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
     mut fb: impl GenericFramebuffer,
-    mut ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     mut ui_update_rx: Receiver<DisplayState>,
 ) {
     static IMAGE_DIR: Dir<'_> = include_dir!("$CARGO_MANIFEST_DIR/images/");
     let display_level = config.ui_level;
     if display_level == 0 {
         info!("Invisible mode, not spawning UI.");
+        return;
     }
 
     let colorblind_mode = config.colorblind_mode;
-    let mut display_color = Color::from_state(DisplayState::Recording, colorblind_mode);
+    let mut display_style = display_style_from_state(DisplayState::Recording, colorblind_mode);
 
     task_tracker.spawn(async move {
         // this feels wrong, is there a more rusty way to do this?
@@ -166,25 +203,25 @@ pub fn update_ui(
             );
         }
         loop {
-            match ui_shutdown_rx.try_recv() {
+            if shutdown_token.is_cancelled() {
-                Ok(_) => {
+                info!("received UI shutdown");
-                    info!("received UI shutdown");
+                break;
-                    break;
-                }
-                Err(TryRecvError::Empty) => {}
-                Err(e) => panic!("error receiving shutdown message: {e}"),
             }
             match ui_update_rx.try_recv() {
                 Ok(state) => {
-                    display_color = Color::from_state(state, colorblind_mode);
+                    display_style = display_style_from_state(state, colorblind_mode);
                 }
                 Err(tokio::sync::mpsc::error::TryRecvError::Empty) => {}
                 Err(e) => error!("error receiving framebuffer update message: {e}"),
             }
 
+            let mut status_bar_height = 2;
             match display_level {
                 2 => fb.draw_gif(img.unwrap()).await,
                 3 => fb.draw_img(img.unwrap()).await,
+                4 => {
+                    status_bar_height = fb.dimensions().height;
+                }
                 128 => {
                     fb.draw_line(Color::Cyan, 128).await;
                     fb.draw_line(Color::Pink, 102).await;
@@ -192,12 +229,14 @@ pub fn update_ui(
                     fb.draw_line(Color::Pink, 50).await;
                     fb.draw_line(Color::Cyan, 25).await;
                 }
-                // this branch id for ui_level 1, which is also the default if an
+                // this branch is for ui_level 1, which is also the default if an
                 // unknown value is used
                 _ => {}
             };
-            fb.draw_line(display_color, 2).await;
+            let (color, pattern) = display_style;
-            tokio::time::sleep(Duration::from_millis(1000)).await;
+            fb.draw_patterned_line(color, status_bar_height, pattern)
+                .await;
+            tokio::time::sleep(Duration::from_millis(REFRESH_RATE)).await;
         }
     });
 }

daemon/src/display/headless.rs

@@ -1,6 +1,6 @@
 use log::info;
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 use crate::config;
@@ -9,7 +9,7 @@ use crate::display::DisplayState;
 pub fn update_ui(
     _task_tracker: &TaskTracker,
     _config: &config::Config,
-    _ui_shutdown_rx: oneshot::Receiver<()>,
+    _shutdown_token: CancellationToken,
     _ui_update_rx: Receiver<DisplayState>,
 ) {
     info!("Headless mode, not spawning UI.");

daemon/src/display/mod.rs

@@ -1,3 +1,6 @@
+use rayhunter::analysis::analyzer::EventType;
+use serde::{Deserialize, Serialize};
+
 mod generic_framebuffer;
 
 pub mod headless;
@@ -6,11 +9,20 @@ pub mod tmobile;
 pub mod tplink;
 pub mod tplink_framebuffer;
 pub mod tplink_onebit;
+pub mod uz801;
 pub mod wingtech;
 
-#[derive(Clone, Copy, PartialEq)]
+/// A list of available display states
+#[derive(Clone, Copy, PartialEq, Serialize, Deserialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub enum DisplayState {
+    /// We're recording but no warning has been found yet.
     Recording,
+    /// We're not recording.
     Paused,
-    WarningDetected,
+    /// A non-informational event has been detected.
+    ///
+    /// Note that EventType::Informational is never sent through this. If it is, it's the same as
+    /// Recording
+    WarningDetected { event_type: EventType },
 }

daemon/src/display/orbic.rs

@@ -4,7 +4,7 @@ use crate::display::generic_framebuffer::{self, Dimensions, GenericFramebuffer};
 use async_trait::async_trait;
 
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 const FB_PATH: &str = "/dev/fb0";
@@ -23,7 +23,7 @@ impl GenericFramebuffer for Framebuffer {
     }
 
     async fn write_buffer(&mut self, buffer: Vec<(u8, u8, u8)>) {
-        let mut raw_buffer = Vec::new();
+        let mut raw_buffer = Vec::with_capacity(buffer.len() * 2);
         for (r, g, b) in buffer {
             let mut rgb565: u16 = (r as u16 & 0b11111000) << 8;
             rgb565 |= (g as u16 & 0b11111100) << 3;
@@ -38,14 +38,14 @@ impl GenericFramebuffer for Framebuffer {
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     ui_update_rx: Receiver<DisplayState>,
 ) {
     generic_framebuffer::update_ui(
         task_tracker,
         config,
         Framebuffer,
-        ui_shutdown_rx,
+        shutdown_token,
         ui_update_rx,
     )
 }

daemon/src/display/tmobile.rs

@@ -1,10 +1,10 @@
 /// Display module for Tmobile TMOHS1, blink LEDs on the front of the device.
 /// DisplayState::Recording => Signal LED slowly blinks blue.
 /// DisplayState::Paused => WiFi LED blinks white.
-/// DisplayState::WarningDetected => Signal LED slowly blinks red.
+/// DisplayState::WarningDetected { .. } => Signal LED slowly blinks red.
 use log::{error, info};
 use tokio::sync::mpsc;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 use std::time::Duration;
@@ -27,7 +27,7 @@ async fn stop_blinking(path: String) {
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    mut ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     mut ui_update_rx: mpsc::Receiver<DisplayState>,
 ) {
     let mut invisible: bool = false;
@@ -40,13 +40,9 @@ pub fn update_ui(
         let mut last_state = DisplayState::Paused;
 
         loop {
-            match ui_shutdown_rx.try_recv() {
+            if shutdown_token.is_cancelled() {
-                Ok(_) => {
+                info!("received UI shutdown");
-                    info!("received UI shutdown");
+                break;
-                    break;
-                }
-                Err(oneshot::error::TryRecvError::Empty) => {}
-                Err(e) => panic!("error receiving shutdown message: {e}"),
             }
             match ui_update_rx.try_recv() {
                 Ok(new_state) => state = new_state,
@@ -68,7 +64,7 @@ pub fn update_ui(
                     stop_blinking(led!("signal_red")).await;
                     start_blinking(led!("signal_blue")).await;
                 }
-                DisplayState::WarningDetected => {
+                DisplayState::WarningDetected { .. } => {
                     stop_blinking(led!("wlan_white")).await;
                     stop_blinking(led!("signal_blue")).await;
                     start_blinking(led!("signal_red")).await;

daemon/src/display/tplink.rs

@@ -1,6 +1,6 @@
 use log::info;
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 use crate::config;
@@ -11,7 +11,7 @@ use std::fs;
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     ui_update_rx: Receiver<DisplayState>,
 ) {
     let display_level = config.ui_level;
@@ -23,9 +23,9 @@ pub fn update_ui(
     // The alternative would be to make the entire initialization async
     if fs::exists(tplink_onebit::OLED_PATH).unwrap_or_default() {
         info!("detected one-bit display");
-        tplink_onebit::update_ui(task_tracker, config, ui_shutdown_rx, ui_update_rx)
+        tplink_onebit::update_ui(task_tracker, config, shutdown_token, ui_update_rx)
     } else {
         info!("fallback to framebuffer");
-        tplink_framebuffer::update_ui(task_tracker, config, ui_shutdown_rx, ui_update_rx)
+        tplink_framebuffer::update_ui(task_tracker, config, shutdown_token, ui_update_rx)
     }
 }

daemon/src/display/tplink_framebuffer.rs

@@ -2,13 +2,13 @@ use async_trait::async_trait;
 use std::os::fd::AsRawFd;
 use tokio::fs::OpenOptions;
 use tokio::io::AsyncWriteExt;
+use tokio_util::sync::CancellationToken;
 
 use crate::config;
 use crate::display::DisplayState;
 use crate::display::generic_framebuffer::{self, Dimensions, GenericFramebuffer};
 
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
 use tokio_util::task::TaskTracker;
 
 const FB_PATH: &str = "/dev/fb0";
@@ -50,7 +50,7 @@ impl GenericFramebuffer for Framebuffer {
             rop: 0,
         };
 
-        let mut raw_buffer = Vec::new();
+        let mut raw_buffer = Vec::with_capacity(buffer.len() * 2);
         for (r, g, b) in buffer {
             let mut rgb565: u16 = (r as u16 & 0b11111000) << 8;
             rgb565 |= (g as u16 & 0b11111100) << 3;
@@ -80,14 +80,14 @@ impl GenericFramebuffer for Framebuffer {
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     ui_update_rx: Receiver<DisplayState>,
 ) {
     generic_framebuffer::update_ui(
         task_tracker,
         config,
         Framebuffer,
-        ui_shutdown_rx,
+        shutdown_token,
         ui_update_rx,
     )
 }

daemon/src/display/tplink_onebit.rs

@@ -6,8 +6,7 @@ use crate::display::DisplayState;
 
 use log::{error, info};
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
-use tokio::sync::oneshot::error::TryRecvError;
 use tokio_util::task::TaskTracker;
 
 use std::time::Duration;
@@ -112,7 +111,7 @@ const STATUS_WARNING: &[u8] = pixelart! {
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    mut ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     mut ui_update_rx: Receiver<DisplayState>,
 ) {
     let display_level = config.ui_level;
@@ -124,19 +123,15 @@ pub fn update_ui(
         let mut pixels = STATUS_SMILING;
 
         loop {
-            match ui_shutdown_rx.try_recv() {
+            if shutdown_token.is_cancelled() {
-                Ok(_) => {
+                info!("received UI shutdown");
-                    info!("received UI shutdown");
+                break;
-                    break;
-                }
-                Err(TryRecvError::Empty) => {}
-                Err(e) => panic!("error receiving shutdown message: {e}"),
             }
 
             match ui_update_rx.try_recv() {
                 Ok(DisplayState::Paused) => pixels = STATUS_PAUSED,
                 Ok(DisplayState::Recording) => pixels = STATUS_SMILING,
-                Ok(DisplayState::WarningDetected) => pixels = STATUS_WARNING,
+                Ok(DisplayState::WarningDetected { .. }) => pixels = STATUS_WARNING,
                 Err(tokio::sync::mpsc::error::TryRecvError::Empty) => {}
                 Err(e) => {
                     error!("error receiving framebuffer update message: {e}");
@@ -145,10 +140,10 @@ pub fn update_ui(
 
             // we write the status every second because it may have been overwritten through menu
             // navigation.
-            if display_level != 0 {
+            if display_level != 0
-                if let Err(e) = tokio::fs::write(OLED_PATH, pixels).await {
+                && let Err(e) = tokio::fs::write(OLED_PATH, pixels).await
-                    error!("failed to write to display: {e}");
+            {
-                }
+                error!("failed to write to display: {e}");
             }
 
             tokio::time::sleep(Duration::from_millis(1000)).await;

daemon/src/display/uz801.rs

@@ -0,0 +1,85 @@
+/// Display module for Uz801, light LEDs on the front of the device.
+/// DisplayState::Recording => Green LED is solid.
+/// DisplayState::Paused => Signal LED is solid blue (wifi LED).
+/// DisplayState::WarningDetected => Signal LED is solid red.
+use log::{error, info};
+use tokio::sync::mpsc;
+use tokio_util::sync::CancellationToken;
+use tokio_util::task::TaskTracker;
+
+use std::time::Duration;
+
+use crate::config;
+use crate::display::DisplayState;
+
+macro_rules! led {
+    ($l:expr) => {{ format!("/sys/class/leds/{}/brightness", $l) }};
+}
+
+async fn led_on(path: String) {
+    tokio::fs::write(&path, "1").await.ok();
+}
+
+async fn led_off(path: String) {
+    tokio::fs::write(&path, "0").await.ok();
+}
+
+pub fn update_ui(
+    task_tracker: &TaskTracker,
+    config: &config::Config,
+    shutdown_token: CancellationToken,
+    mut ui_update_rx: mpsc::Receiver<DisplayState>,
+) {
+    let mut invisible: bool = false;
+    if config.ui_level == 0 {
+        info!("Invisible mode, not spawning UI.");
+        invisible = true;
+    }
+    task_tracker.spawn(async move {
+        let mut state = DisplayState::Recording;
+        let mut last_state = DisplayState::Paused;
+        let mut last_update = std::time::Instant::now();
+
+        loop {
+            if shutdown_token.is_cancelled() {
+                info!("received UI shutdown");
+                break;
+            }
+            match ui_update_rx.try_recv() {
+                Ok(new_state) => state = new_state,
+                Err(mpsc::error::TryRecvError::Empty) => {}
+                Err(e) => error!("error receiving ui update message: {e}"),
+            };
+
+            // Update LEDs if state changed or if 5 seconds have passed since last update
+            let now = std::time::Instant::now();
+            let should_update = !invisible
+                && (state != last_state
+                    || now.duration_since(last_update) >= Duration::from_secs(5));
+
+            if should_update {
+                match state {
+                    DisplayState::Paused => {
+                        led_off(led!("red")).await;
+                        led_off(led!("green")).await;
+                        led_on(led!("wifi")).await;
+                    }
+                    DisplayState::Recording => {
+                        led_off(led!("red")).await;
+                        led_off(led!("wifi")).await;
+                        led_on(led!("green")).await;
+                    }
+                    DisplayState::WarningDetected { .. } => {
+                        led_off(led!("green")).await;
+                        led_off(led!("wifi")).await;
+                        led_on(led!("red")).await;
+                    }
+                }
+                last_state = state;
+                last_update = now;
+            }
+
+            tokio::time::sleep(Duration::from_secs(1)).await;
+        }
+    });
+}

daemon/src/display/wingtech.rs

@@ -10,7 +10,7 @@ use crate::display::generic_framebuffer::{self, Dimensions, GenericFramebuffer};
 use async_trait::async_trait;
 
 use tokio::sync::mpsc::Receiver;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 const FB_PATH: &str = "/dev/fb0";
@@ -28,7 +28,7 @@ impl GenericFramebuffer for Framebuffer {
     }
 
     async fn write_buffer(&mut self, buffer: Vec<(u8, u8, u8)>) {
-        let mut raw_buffer = Vec::new();
+        let mut raw_buffer = Vec::with_capacity(buffer.len() * 2);
         for (r, g, b) in buffer {
             let mut rgb565: u16 = (r as u16 & 0b11111000) << 8;
             rgb565 |= (g as u16 & 0b11111100) << 3;
@@ -43,14 +43,14 @@ impl GenericFramebuffer for Framebuffer {
 pub fn update_ui(
     task_tracker: &TaskTracker,
     config: &config::Config,
-    ui_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
     ui_update_rx: Receiver<DisplayState>,
 ) {
     generic_framebuffer::update_ui(
         task_tracker,
         config,
         Framebuffer,
-        ui_shutdown_rx,
+        shutdown_token,
         ui_update_rx,
     )
 }

daemon/src/error.rs

@@ -15,4 +15,10 @@ pub enum RayhunterError {
     QmdlStoreError(#[from] RecordingStoreError),
     #[error("No QMDL store found at path {0}, but can't create a new one due to debug mode")]
     NoStoreDebugMode(String),
+    #[error("Error parsing file to determine battery level")]
+    BatteryLevelParseError,
+    #[error("Error parsing file to determine whether device is plugged in")]
+    BatteryPluggedInStatusParseError,
+    #[error("The requested functionality is not supported for this device")]
+    FunctionNotSupportedForDeviceError,
 }

daemon/src/firewall.rs

@@ -0,0 +1,92 @@
+use anyhow::{Result, bail};
+use log::{info, warn};
+use tokio::process::Command;
+
+use wifi_station::detect_bridge_iface;
+
+use crate::config::Config;
+
+async fn run_iptables(args: &[&str]) -> Result<()> {
+    let out = Command::new("iptables").args(args).output().await?;
+    if !out.status.success() {
+        bail!(
+            "iptables {} failed: {}",
+            args.join(" "),
+            String::from_utf8_lossy(&out.stderr)
+        );
+    }
+    Ok(())
+}
+
+pub async fn apply(config: &Config) {
+    let _ = Command::new("iptables")
+        .args(["-F", "OUTPUT"])
+        .output()
+        .await;
+
+    if config.firewall_restrict_outbound {
+        // Fail open on partial setup error: reachability beats restriction when recovery means physical access.
+        match setup_outbound_whitelist(&config.firewall_allowed_ports, &config.ntfy_url).await {
+            Ok(()) => info!("outbound firewall active: allowing DHCP, DNS, HTTPS only"),
+            Err(e) => warn!("firewall setup failed: {e} (fail-open, outbound unrestricted)"),
+        }
+    }
+}
+
+async fn setup_outbound_whitelist(
+    extra_ports: &Option<Vec<u16>>,
+    ntfy_url: &Option<String>,
+) -> Result<()> {
+    run_iptables(&["-A", "OUTPUT", "-o", "lo", "-j", "ACCEPT"]).await?;
+    run_iptables(&["-A", "OUTPUT", "-o", detect_bridge_iface(), "-j", "ACCEPT"]).await?;
+    run_iptables(&[
+        "-A",
+        "OUTPUT",
+        "-m",
+        "state",
+        "--state",
+        "ESTABLISHED,RELATED",
+        "-j",
+        "ACCEPT",
+    ])
+    .await?;
+    run_iptables(&[
+        "-A", "OUTPUT", "-p", "udp", "--dport", "67:68", "-j", "ACCEPT",
+    ])
+    .await?;
+    run_iptables(&["-A", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "ACCEPT"]).await?;
+    run_iptables(&["-A", "OUTPUT", "-p", "tcp", "--dport", "53", "-j", "ACCEPT"]).await?;
+    run_iptables(&[
+        "-A", "OUTPUT", "-p", "tcp", "--dport", "443", "-j", "ACCEPT",
+    ])
+    .await?;
+
+    if let Some(url) = ntfy_url
+        && let Ok(parsed) = url::Url::parse(url)
+        && let Some(port) = parsed.port_or_known_default()
+        && port != 443
+    {
+        let port_str = port.to_string();
+        run_iptables(&[
+            "-A", "OUTPUT", "-p", "tcp", "--dport", &port_str, "-j", "ACCEPT",
+        ])
+        .await?;
+        info!("firewall: auto-allowed port {port} for ntfy");
+    }
+
+    if let Some(ports) = extra_ports {
+        for port in ports {
+            let port_str = port.to_string();
+            run_iptables(&[
+                "-A", "OUTPUT", "-p", "tcp", "--dport", &port_str, "-j", "ACCEPT",
+            ])
+            .await?;
+        }
+    }
+
+    run_iptables(&["-A", "OUTPUT", "-j", "DROP"]).await?;
+
+    let _ = tokio::fs::write("/proc/sys/net/bridge/bridge-nf-call-iptables", "0").await;
+
+    Ok(())
+}

daemon/src/key_input.rs

@@ -3,7 +3,7 @@ use std::time::{Duration, Instant};
 use tokio::fs::File;
 use tokio::io::AsyncReadExt;
 use tokio::sync::mpsc::Sender;
-use tokio::sync::oneshot;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 use crate::config;
@@ -21,7 +21,7 @@ pub fn run_key_input_thread(
     task_tracker: &TaskTracker,
     config: &config::Config,
     diag_tx: Sender<DiagDeviceCtrlMessage>,
-    mut ui_shutdown_rx: oneshot::Receiver<()>,
+    cancellation_token: CancellationToken,
 ) {
     if config.key_input_mode == 0 {
         return;
@@ -43,7 +43,7 @@ pub fn run_key_input_thread(
 
         loop {
             tokio::select! {
-                _ = &mut ui_shutdown_rx => {
+               _ = cancellation_token.cancelled() => {
                     info!("received key input shutdown");
                     return;
                 }
@@ -61,11 +61,11 @@ pub fn run_key_input_thread(
 
             // On orbic it was observed that pressing the power button can trigger many successive
             // events. Drop events that are too close together.
-            if let Some(last_time) = last_event_time {
+            if let Some(last_time) = last_event_time
-                if now.duration_since(last_time) < Duration::from_millis(50) {
+                && now.duration_since(last_time) < Duration::from_millis(50)
-                    last_event_time = Some(now);
+            {
-                    continue;
+                last_event_time = Some(now);
-                }
+                continue;
             }
             last_event_time = Some(now);
 
@@ -81,8 +81,9 @@ pub fn run_key_input_thread(
                             {
                                 error!("Failed to send StopRecording: {e}");
                             }
-                            if let Err(e) =
+                            if let Err(e) = diag_tx
-                                diag_tx.send(DiagDeviceCtrlMessage::StartRecording).await
+                                .send(DiagDeviceCtrlMessage::StartRecording { response_tx: None })
+                                .await
                             {
                                 error!("Failed to send StartRecording: {e}");
                             }

daemon/src/lib.rs

@@ -0,0 +1,73 @@
+pub mod analysis;
+pub mod battery;
+pub mod config;
+pub mod crypto_provider;
+pub mod diag;
+pub mod display;
+pub mod error;
+pub mod firewall;
+pub mod key_input;
+pub mod notifications;
+pub mod pcap;
+pub mod qmdl_store;
+pub mod server;
+pub mod stats;
+
+#[cfg(feature = "apidocs")]
+use utoipa::OpenApi;
+
+// Add anotated paths to api docs
+#[cfg(feature = "apidocs")]
+#[derive(OpenApi)]
+#[openapi(
+    info(
+        description = "OpenAPI documentation for Rayhunter daemon\n\n**Note:** API endpoints are subject to change as needs arise, though we will try to keep them as stable as possible and notify about breaking changes in the changelogs for new versions.\n\nNo endpoints require any authentication. To use the in-browser execution on this page, you may need to disable CORS temporarily for your browser.",
+        license(
+            name = "GNU General Public License v3.0",
+            url = "https://github.com/EFForg/rayhunter/blob/main/LICENSE"
+        )
+    ),
+    paths(
+        pcap::get_pcap,
+        server::get_qmdl,
+        server::get_zip,
+        stats::get_system_stats,
+        stats::get_qmdl_manifest,
+        stats::get_log,
+        diag::start_recording,
+        diag::stop_recording,
+        diag::delete_recording,
+        diag::delete_all_recordings,
+        diag::get_analysis_report,
+        analysis::get_analysis_status,
+        analysis::start_analysis,
+        server::get_config,
+        server::set_config,
+        server::test_notification,
+        server::get_time,
+        server::set_time_offset,
+        server::debug_set_display_state
+    ),
+    servers(
+        (
+            url = "http://localhost:8080",
+            description = "ADB port bridge"
+        ),
+        (
+            url = "http://192.168.1.1:8080",
+            description = "Orbic WiFi GUI"
+        ),
+        (
+            url = "http://192.168.0.1:8080",
+            description = "TPLink WiFi GUI"
+        ),
+    )
+)]
+pub struct ApiDocs;
+
+#[cfg(feature = "apidocs")]
+impl ApiDocs {
+    pub fn generate() -> String {
+        ApiDocs::openapi().to_pretty_json().unwrap()
+    }
+}

daemon/src/main.rs

@@ -1,25 +1,33 @@
 mod analysis;
+mod battery;
 mod config;
+mod crypto_provider;
 mod diag;
 mod display;
 mod error;
+mod firewall;
 mod key_input;
+mod notifications;
 mod pcap;
 mod qmdl_store;
 mod server;
 mod stats;
-
 use std::net::SocketAddr;
 use std::sync::Arc;
-use std::sync::atomic::{AtomicBool, Ordering};
 
+use crate::battery::run_battery_notification_worker;
 use crate::config::{parse_args, parse_config};
 use crate::diag::run_diag_read_thread;
 use crate::error::RayhunterError;
+use crate::notifications::{NotificationService, run_notification_worker};
 use crate::pcap::get_pcap;
 use crate::qmdl_store::RecordingStore;
-use crate::server::{ServerState, get_config, get_qmdl, get_zip, serve_static, set_config};
+use crate::server::{
+    ServerState, debug_set_display_state, get_config, get_qmdl, get_time, get_wifi_status, get_zip,
+    scan_wifi, serve_static, set_config, set_time_offset, test_notification,
+};
 use crate::stats::{get_qmdl_manifest, get_system_stats};
+use wifi_station::WifiStatus;
 
 use analysis::{
     AnalysisCtrlMessage, AnalysisStatus, get_analysis_status, run_analysis_thread, start_analysis,
@@ -35,11 +43,13 @@ use log::{error, info};
 use qmdl_store::RecordingStoreError;
 use rayhunter::Device;
 use rayhunter::diag_device::DiagDevice;
+use stats::get_log;
 use tokio::net::TcpListener;
 use tokio::select;
+use tokio::sync::RwLock;
 use tokio::sync::mpsc::{self, Sender};
-use tokio::sync::{RwLock, oneshot};
 use tokio::task::JoinHandle;
+use tokio_util::sync::CancellationToken;
 use tokio_util::task::TaskTracker;
 
 type AppRouter = Router<Arc<ServerState>>;
@@ -51,6 +61,7 @@ fn get_router() -> AppRouter {
         .route("/api/zip/{name}", get(get_zip))
         .route("/api/system-stats", get(get_system_stats))
         .route("/api/qmdl-manifest", get(get_qmdl_manifest))
+        .route("/api/log", get(get_log))
         .route("/api/start-recording", post(start_recording))
         .route("/api/stop-recording", post(stop_recording))
         .route("/api/delete-recording/{name}", post(delete_recording))
@@ -60,6 +71,12 @@ fn get_router() -> AppRouter {
         .route("/api/analysis/{name}", post(start_analysis))
         .route("/api/config", get(get_config))
         .route("/api/config", post(set_config))
+        .route("/api/test-notification", post(test_notification))
+        .route("/api/wifi-status", get(get_wifi_status))
+        .route("/api/wifi-scan", post(scan_wifi))
+        .route("/api/time", get(get_time))
+        .route("/api/time-offset", post(set_time_offset))
+        .route("/api/debug/display-state", post(debug_set_display_state))
         .route("/", get(|| async { Redirect::permanent("/index.html") }))
         .route("/{*path}", get(serve_static))
 }
@@ -70,7 +87,7 @@ fn get_router() -> AppRouter {
 async fn run_server(
     task_tracker: &TaskTracker,
     state: Arc<ServerState>,
-    server_shutdown_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
 ) -> JoinHandle<()> {
     info!("spinning up server");
     let addr = SocketAddr::from(([0, 0, 0, 0], state.config.port));
@@ -80,17 +97,12 @@ async fn run_server(
     task_tracker.spawn(async move {
         info!("The orca is hunting for stingrays...");
         axum::serve(listener, app)
-            .with_graceful_shutdown(server_shutdown_signal(server_shutdown_rx))
+            .with_graceful_shutdown(shutdown_token.cancelled_owned())
             .await
             .unwrap();
     })
 }
 
-async fn server_shutdown_signal(server_shutdown_rx: oneshot::Receiver<()>) {
-    server_shutdown_rx.await.unwrap();
-    info!("Server received shutdown signal, exiting...");
-}
-
 // Loads a RecordingStore if one exists, and if not, only create one if we're
 // not in debug mode. If we fail to parse the manifest AND we're not in debug
 // mode, try to recover the manifest from the existing QMDL files
@@ -122,15 +134,10 @@ async fn init_qmdl_store(config: &config::Config) -> Result<RecordingStore, Rayh
 // Start a thread that'll track when user hits ctrl+c. When that happens,
 // trigger various cleanup tasks, including sending signals to other threads to
 // shutdown
-#[allow(clippy::too_many_arguments)]
 fn run_shutdown_thread(
     task_tracker: &TaskTracker,
     diag_device_sender: Sender<DiagDeviceCtrlMessage>,
-    daemon_restart_rx: oneshot::Receiver<()>,
+    shutdown_token: CancellationToken,
-    should_restart_flag: Arc<AtomicBool>,
-    server_shutdown_tx: oneshot::Sender<()>,
-    maybe_ui_shutdown_tx: Option<oneshot::Sender<()>>,
-    maybe_key_input_shutdown_tx: Option<oneshot::Sender<()>>,
     qmdl_store_lock: Arc<RwLock<RecordingStore>>,
     analysis_tx: Sender<AnalysisCtrlMessage>,
 ) -> JoinHandle<Result<(), RayhunterError>> {
@@ -142,17 +149,9 @@ fn run_shutdown_thread(
                 if let Err(err) = res {
                     error!("Unable to listen for shutdown signal: {err}");
                 }
-
-                should_restart_flag.store(false, Ordering::Relaxed);
             }
-            res = daemon_restart_rx => {
+            _ = shutdown_token.cancelled() => {}
-                if let Err(err) = res {
+        }
-                    error!("Unable to listen for shutdown signal: {err}");
-                }
-
-                should_restart_flag.store(true, Ordering::Relaxed);
-            }
-        };
 
         let mut qmdl_store = qmdl_store_lock.write().await;
         if qmdl_store.current_entry.is_some() {
@@ -161,15 +160,7 @@ fn run_shutdown_thread(
             info!("Done!");
         }
 
-        server_shutdown_tx
+        shutdown_token.cancel();
-            .send(())
-            .expect("couldn't send server shutdown signal");
-        if let Some(ui_shutdown_tx) = maybe_ui_shutdown_tx {
-            let _ = ui_shutdown_tx.send(());
-        }
-        if let Some(key_input_shutdown_tx) = maybe_key_input_shutdown_tx {
-            let _ = key_input_shutdown_tx.send(());
-        }
         diag_device_sender
             .send(DiagDeviceCtrlMessage::Exit)
             .await
@@ -184,7 +175,9 @@ fn run_shutdown_thread(
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), RayhunterError> {
-    env_logger::init();
+    rayhunter::init_logging(log::LevelFilter::Info);
+
+    crate::crypto_provider::install_default();
 
     let args = parse_args();
 
@@ -211,11 +204,16 @@ async fn run_with_config(
     let (diag_tx, diag_rx) = mpsc::channel::<DiagDeviceCtrlMessage>(1);
     let (ui_update_tx, ui_update_rx) = mpsc::channel::<display::DisplayState>(1);
     let (analysis_tx, analysis_rx) = mpsc::channel::<AnalysisCtrlMessage>(5);
-    let mut maybe_ui_shutdown_tx = None;
+    let restart_token = CancellationToken::new();
-    let mut maybe_key_input_shutdown_tx = None;
+    let shutdown_token = restart_token.child_token();
+    // Ensure shutdown_token is cancelled when this function exits for any
+    // reason (e.g. diag device init failure), so all spawned tasks get
+    // signaled to stop.
+    let _shutdown_guard = shutdown_token.clone().drop_guard();
+
+    let notification_service = NotificationService::new(config.ntfy_url.clone());
+
     if !config.debug_mode {
-        let (ui_shutdown_tx, ui_shutdown_rx) = oneshot::channel();
-        maybe_ui_shutdown_tx = Some(ui_shutdown_tx);
         info!("Using configuration for device: {0:?}", config.device);
         let mut dev = DiagDevice::new(&config.device)
             .await
@@ -229,35 +227,36 @@ async fn run_with_config(
             &task_tracker,
             dev,
             diag_rx,
+            diag_tx.clone(),
             ui_update_tx.clone(),
             qmdl_store_lock.clone(),
             analysis_tx.clone(),
             config.analyzers.clone(),
+            notification_service.new_handler(),
+            config.min_space_to_start_recording_mb,
+            config.min_space_to_continue_recording_mb,
         );
         info!("Starting UI");
 
         let update_ui = match &config.device {
-            Device::Orbic => display::orbic::update_ui,
+            Device::Orbic | Device::Moxee => display::orbic::update_ui,
             Device::Tplink => display::tplink::update_ui,
             Device::Tmobile => display::tmobile::update_ui,
             Device::Wingtech => display::wingtech::update_ui,
             Device::Pinephone => display::headless::update_ui,
+            Device::Uz801 => display::uz801::update_ui,
         };
-        update_ui(&task_tracker, &config, ui_shutdown_rx, ui_update_rx);
+        update_ui(&task_tracker, &config, shutdown_token.clone(), ui_update_rx);
 
         info!("Starting Key Input service");
-        let (key_input_shutdown_tx, key_input_shutdown_rx) = oneshot::channel();
-        maybe_key_input_shutdown_tx = Some(key_input_shutdown_tx);
         key_input::run_key_input_thread(
             &task_tracker,
             &config,
             diag_tx.clone(),
-            key_input_shutdown_rx,
+            shutdown_token.clone(),
         );
     }
 
-    let (daemon_restart_tx, daemon_restart_rx) = oneshot::channel::<()>();
-    let (server_shutdown_tx, server_shutdown_rx) = oneshot::channel::<()>();
     let analysis_status_lock = Arc::new(RwLock::new(analysis_status));
     run_analysis_thread(
         &task_tracker,
@@ -266,36 +265,56 @@ async fn run_with_config(
         analysis_status_lock.clone(),
         config.analyzers.clone(),
     );
-    let should_restart_flag = Arc::new(AtomicBool::new(false));
 
     run_shutdown_thread(
         &task_tracker,
         diag_tx.clone(),
-        daemon_restart_rx,
+        shutdown_token.clone(),
-        should_restart_flag.clone(),
-        server_shutdown_tx,
-        maybe_ui_shutdown_tx,
-        maybe_key_input_shutdown_tx,
         qmdl_store_lock.clone(),
         analysis_tx.clone(),
     );
+
+    run_battery_notification_worker(
+        &task_tracker,
+        config.device.clone(),
+        notification_service.new_handler(),
+        shutdown_token.clone(),
+    );
+
+    run_notification_worker(
+        &task_tracker,
+        notification_service,
+        config.enabled_notifications.clone(),
+    );
+
+    let wifi_status = Arc::new(RwLock::new(WifiStatus::default()));
+    wifi_station::run_wifi_client(
+        &task_tracker,
+        &config.wifi_config(),
+        shutdown_token.clone(),
+        wifi_status.clone(),
+    );
+    firewall::apply(&config).await;
+
     let state = Arc::new(ServerState {
         config_path: args.config_path.clone(),
         config,
         qmdl_store_lock: qmdl_store_lock.clone(),
         diag_device_ctrl_sender: diag_tx,
-        ui_update_sender: ui_update_tx,
         analysis_status_lock,
         analysis_sender: analysis_tx,
-        daemon_restart_tx: Arc::new(RwLock::new(Some(daemon_restart_tx))),
+        daemon_restart_token: restart_token.clone(),
+        ui_update_sender: Some(ui_update_tx),
+        wifi_status,
+        wifi_scan_lock: tokio::sync::Mutex::new(()),
     });
-    run_server(&task_tracker, state, server_shutdown_rx).await;
+    run_server(&task_tracker, state, shutdown_token.clone()).await;
 
     task_tracker.close();
     task_tracker.wait().await;
 
     info!("see you space cowboy...");
-    Ok(should_restart_flag.load(Ordering::Relaxed))
+    Ok(restart_token.is_cancelled())
 }
 
 #[cfg(test)]

daemon/src/notifications.rs

@@ -0,0 +1,441 @@
+use std::{
+    cmp::min,
+    collections::HashMap,
+    time::{Duration, Instant},
+};
+
+use log::error;
+use serde::{Deserialize, Serialize};
+use thiserror::Error;
+use tokio::sync::mpsc::{self, error::TryRecvError};
+use tokio_util::task::TaskTracker;
+
+pub const DEFAULT_NOTIFICATION_TIMEOUT: u64 = 10; //seconds
+
+#[derive(Error, Debug)]
+pub enum NotificationError {
+    #[error("HTTP request failed: {0}")]
+    RequestFailed(#[from] reqwest::Error),
+    #[error("Server returned error status: {0}")]
+    HttpError(reqwest::StatusCode),
+}
+
+/// Enum of valid notification types
+#[derive(Hash, Eq, PartialEq, Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
+pub enum NotificationType {
+    Warning,
+    LowBattery,
+}
+
+pub struct Notification {
+    notification_type: NotificationType,
+    message: String,
+    debounce: Option<Duration>,
+}
+
+impl Notification {
+    pub fn new(
+        notification_type: NotificationType,
+        message: String,
+        debounce: Option<Duration>,
+    ) -> Self {
+        Notification {
+            notification_type,
+            message,
+            debounce,
+        }
+    }
+}
+
+struct NotificationStatus {
+    message: String,
+    needs_sending: bool,
+    last_sent: Option<Instant>,
+    last_attempt: Option<Instant>,
+    failed_since_last_success: u32,
+}
+
+pub struct NotificationService {
+    url: Option<String>,
+    timeout: u64,
+    tx: mpsc::Sender<Notification>,
+    rx: mpsc::Receiver<Notification>,
+}
+
+impl NotificationService {
+    pub fn new(url: Option<String>) -> Self {
+        let (tx, rx) = mpsc::channel(10);
+        Self {
+            url,
+            timeout: DEFAULT_NOTIFICATION_TIMEOUT,
+            tx,
+            rx,
+        }
+    }
+
+    pub fn new_handler(&self) -> mpsc::Sender<Notification> {
+        self.tx.clone()
+    }
+}
+
+/// Sends a notification message to the specified URL.
+pub async fn send_notification(
+    http_client: &reqwest::Client,
+    url: &str,
+    message: String,
+    timeout: u64,
+) -> Result<(), NotificationError> {
+    let response = http_client
+        .post(url)
+        .body(message)
+        .timeout(Duration::from_secs(timeout))
+        .send()
+        .await?;
+
+    if response.status().is_success() {
+        Ok(())
+    } else {
+        Err(NotificationError::HttpError(response.status()))
+    }
+}
+
+pub fn run_notification_worker(
+    task_tracker: &TaskTracker,
+    mut notification_service: NotificationService,
+    enabled_notifications: Vec<NotificationType>,
+) {
+    task_tracker.spawn(async move {
+        if let Some(url) = notification_service.url
+            && !url.is_empty()
+        {
+            let mut notification_statuses = HashMap::new();
+            let http_client = reqwest::Client::new();
+
+            loop {
+                // Get any notifications since the last time we checked
+                loop {
+                    match notification_service.rx.try_recv() {
+                        Ok(notification) => {
+                            if !enabled_notifications.contains(&notification.notification_type) {
+                                continue;
+                            }
+
+                            let status = notification_statuses
+                                .entry(notification.notification_type)
+                                .or_insert_with(|| NotificationStatus {
+                                    message: "".to_string(),
+                                    needs_sending: true,
+                                    last_sent: None,
+                                    last_attempt: None,
+                                    failed_since_last_success: 0,
+                                });
+                            // Ignore if we're in the debounce period
+                            if let Some(debounce) = notification.debounce
+                                && let Some(last_sent) = status.last_sent
+                                && last_sent.elapsed() < debounce
+                            {
+                                continue;
+                            }
+                            status.message = notification.message;
+                            status.needs_sending = true;
+                        }
+                        Err(TryRecvError::Empty) => {
+                            break;
+                        }
+                        Err(TryRecvError::Disconnected) => {
+                            return;
+                        }
+                    }
+                }
+
+                // Attempt to send pending notifications
+                for notification in notification_statuses.values_mut() {
+                    if !notification.needs_sending {
+                        continue;
+                    }
+
+                    // Backoff retries, up to a maximum of 256 seconds.
+                    if let Some(last_attempt) = notification.last_attempt {
+                        let min_wait_time = Duration::from_secs(
+                            2u64.pow(min(notification.failed_since_last_success, 8)),
+                        );
+                        if last_attempt.elapsed() < min_wait_time {
+                            continue;
+                        }
+                    }
+
+                    match send_notification(
+                        &http_client,
+                        &url,
+                        notification.message.clone(),
+                        notification_service.timeout,
+                    )
+                    .await
+                    {
+                        Ok(()) => {
+                            notification.last_sent = Some(Instant::now());
+                            notification.failed_since_last_success = 0;
+                            notification.needs_sending = false;
+                        }
+                        Err(e) => {
+                            error!("Failed to send notification: {e}");
+                            notification.failed_since_last_success += 1;
+                            notification.last_attempt = Some(Instant::now());
+                        }
+                    }
+                }
+
+                tokio::time::sleep(Duration::from_secs(2)).await;
+            }
+        }
+        // If there's no url to send to we'll just discard the notifications
+        else {
+            loop {
+                if notification_service.rx.recv().await.is_none() {
+                    break;
+                }
+            }
+        }
+    });
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::{Router, body::Bytes, extract::State, routing::post};
+    use std::sync::Arc;
+    use tokio::net::TcpListener;
+    use tokio::sync::Mutex;
+
+    #[derive(Clone)]
+    struct TestServerState {
+        received_messages: Arc<Mutex<Vec<String>>>,
+    }
+
+    async fn capture_notification(
+        State(state): State<TestServerState>,
+        body: Bytes,
+    ) -> &'static str {
+        let message = String::from_utf8_lossy(&body).to_string();
+        state.received_messages.lock().await.push(message);
+        "OK"
+    }
+
+    async fn setup_test_server() -> (Arc<Mutex<Vec<String>>>, String) {
+        crate::crypto_provider::install_default();
+
+        let received_messages = Arc::new(Mutex::new(Vec::new()));
+        let test_state = TestServerState {
+            received_messages: received_messages.clone(),
+        };
+
+        let app = Router::new()
+            .route("/", post(capture_notification))
+            .with_state(test_state);
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let url = format!("http://{}", addr);
+
+        tokio::spawn(async move {
+            axum::serve(listener, app).await.unwrap();
+        });
+
+        tokio::time::sleep(Duration::from_millis(100)).await;
+
+        (received_messages, url)
+    }
+
+    async fn setup_timeout_server(timeout: u64) -> String {
+        crate::crypto_provider::install_default();
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let url = format!("http://{}", addr);
+
+        tokio::spawn(async move {
+            // Accept the connection but don't respond in the timeout
+            let (_socket, _addr) = listener.accept().await.unwrap();
+            tokio::time::sleep(Duration::from_secs(timeout * 2)).await;
+        });
+
+        tokio::time::sleep(Duration::from_millis(100)).await;
+
+        url
+    }
+
+    async fn cleanup_worker(sender: mpsc::Sender<Notification>, tracker: TaskTracker) {
+        drop(sender);
+        tracker.close();
+        tracker.wait().await;
+    }
+
+    #[tokio::test]
+    async fn test_send_notification_times_out() {
+        let timeout: u64 = 2;
+        let url = setup_timeout_server(timeout).await;
+
+        let http_client = reqwest::Client::new();
+        let result = send_notification(
+            &http_client,
+            &url,
+            "test warning message".to_string(),
+            timeout,
+        )
+        .await;
+
+        match result {
+            Err(NotificationError::RequestFailed(reqwest_error)) => {
+                println!("error = {:?}", reqwest_error);
+                assert!(reqwest_error.is_timeout());
+            }
+            _ => assert!(false),
+        }
+    }
+
+    #[tokio::test]
+    async fn test_notification_worker_sends_message() {
+        let (received_messages, url) = setup_test_server().await;
+
+        let task_tracker = TaskTracker::new();
+        let notification_service = NotificationService::new(Some(url));
+        let notification_sender = notification_service.new_handler();
+
+        run_notification_worker(
+            &task_tracker,
+            notification_service,
+            vec![NotificationType::Warning],
+        );
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::Warning,
+                "test warning message".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        tokio::time::sleep(Duration::from_secs(3)).await;
+
+        let messages = received_messages.lock().await;
+        assert_eq!(messages.len(), 1);
+        assert_eq!(messages[0], "test warning message");
+        drop(messages);
+
+        cleanup_worker(notification_sender, task_tracker).await;
+    }
+
+    #[tokio::test]
+    async fn test_notification_worker_filters_disabled_types() {
+        let (received_messages, url) = setup_test_server().await;
+
+        let task_tracker = TaskTracker::new();
+        let notification_service = NotificationService::new(Some(url));
+        let notification_sender = notification_service.new_handler();
+
+        run_notification_worker(
+            &task_tracker,
+            notification_service,
+            vec![NotificationType::Warning],
+        );
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::Warning,
+                "test warning".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::LowBattery,
+                "test low battery".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        tokio::time::sleep(Duration::from_secs(3)).await;
+
+        let messages = received_messages.lock().await;
+        assert_eq!(messages.len(), 1);
+        assert_eq!(messages[0], "test warning");
+        drop(messages);
+
+        cleanup_worker(notification_sender, task_tracker).await;
+    }
+
+    #[tokio::test]
+    async fn test_notification_worker_sends_enabled_types() {
+        let (received_messages, url) = setup_test_server().await;
+
+        let task_tracker = TaskTracker::new();
+        let notification_service = NotificationService::new(Some(url));
+        let notification_sender = notification_service.new_handler();
+
+        run_notification_worker(
+            &task_tracker,
+            notification_service,
+            vec![NotificationType::Warning, NotificationType::LowBattery],
+        );
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::Warning,
+                "test warning".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::LowBattery,
+                "test low battery".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        tokio::time::sleep(Duration::from_secs(3)).await;
+
+        let messages = received_messages.lock().await;
+        assert_eq!(messages.len(), 2);
+        // these are interchangeable, ordering not guaranteed
+        assert!(messages.contains(&"test warning".to_string()));
+        assert!(messages.contains(&"test low battery".to_string()));
+        drop(messages);
+
+        cleanup_worker(notification_sender, task_tracker).await;
+    }
+
+    #[tokio::test]
+    async fn test_notification_worker_with_no_url() {
+        let task_tracker = TaskTracker::new();
+        let notification_service = NotificationService::new(None);
+        let notification_sender = notification_service.new_handler();
+
+        run_notification_worker(
+            &task_tracker,
+            notification_service,
+            vec![NotificationType::Warning],
+        );
+
+        notification_sender
+            .send(Notification::new(
+                NotificationType::Warning,
+                "test warning".to_string(),
+                None,
+            ))
+            .await
+            .unwrap();
+
+        tokio::time::sleep(Duration::from_millis(500)).await;
+
+        cleanup_worker(notification_sender, task_tracker).await;
+    }
+}

daemon/src/pcap.rs

@@ -1,4 +1,4 @@
-use crate::ServerState;
+use crate::server::ServerState;
 
 use anyhow::Error;
 use axum::body::Body;
@@ -18,6 +18,21 @@ use tokio_util::io::ReaderStream;
 // Streams a pcap file chunk-by-chunk to the client by reading the QMDL data
 // written so far. This is done by spawning a thread which streams chunks of
 // pcap data to a channel that's piped to the client.
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/pcap/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::OK, description = "PCAP conversion successful", content_type = "application/vnd.tcpdump.pcap"),
+        (status = StatusCode::NOT_FOUND, description = "Could not find file {name}"),
+        (status = StatusCode::SERVICE_UNAVAILABLE, description = "QMDL file is empty")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL filename to convert and download")
+    ),
+    summary = "Download a PCAP file",
+    description = "Stream a PCAP file to a client in chunks by converting the QMDL data for file {name} written so far."
+))]
 pub async fn get_pcap(
     State(state): State<Arc<ServerState>>,
     Path(mut qmdl_name): Path<String>,

daemon/src/qmdl_store.rs

@@ -45,26 +45,33 @@ pub struct Manifest {
     pub entries: Vec<ManifestEntry>,
 }
 
+/// The structure of an entry in the QMDL manifest table
 #[derive(Deserialize, Serialize, Clone, PartialEq, Debug)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct ManifestEntry {
+    /// The name of the entry
     pub name: String,
+    /// The system time when recording began
+    #[cfg_attr(feature = "apidocs", schema(value_type = String))]
     pub start_time: DateTime<Local>,
+    /// The system time when the last message was recorded to the file
+    #[cfg_attr(feature = "apidocs", schema(value_type = String))]
     pub last_message_time: Option<DateTime<Local>>,
+    /// The size of the QMDL file in bytes
     pub qmdl_size_bytes: usize,
+    /// The rayhunter daemon version which generated the file
     pub rayhunter_version: Option<String>,
+    /// The OS which created the file
     pub system_os: Option<String>,
+    /// The architecture on which the OS was running
     pub arch: Option<String>,
-}
+    #[serde(default)]
-
+    pub stop_reason: Option<String>,
-#[derive(PartialEq, Eq)]
-pub enum EntryType {
-    Current,
-    Past,
 }
 
 impl ManifestEntry {
     fn new() -> Self {
-        let now = Local::now();
+        let now = rayhunter::clock::get_adjusted_now();
         let metadata = RuntimeMetadata::new();
         ManifestEntry {
             name: format!("{}", now.timestamp()),
@@ -74,6 +81,7 @@ impl ManifestEntry {
             rayhunter_version: Some(metadata.rayhunter_version),
             system_os: Some(metadata.system_os),
             arch: Some(metadata.arch),
+            stop_reason: None,
         }
     }
 
@@ -203,11 +211,12 @@ impl RecordingStore {
                 rayhunter_version: None,
                 system_os: None,
                 arch: None,
+                stop_reason: None,
             });
         }
 
         // sort chronologically
-        manifest_entries.sort_by(|a, b| a.start_time.cmp(&b.start_time));
+        manifest_entries.sort_by_key(|a| a.start_time);
 
         let mut store = RecordingStore {
             path: path.as_ref().to_path_buf(),
@@ -306,7 +315,8 @@ impl RecordingStore {
         size_bytes: usize,
     ) -> Result<(), RecordingStoreError> {
         self.manifest.entries[entry_index].qmdl_size_bytes = size_bytes;
-        self.manifest.entries[entry_index].last_message_time = Some(Local::now());
+        self.manifest.entries[entry_index].last_message_time =
+            Some(rayhunter::clock::get_adjusted_now());
         self.write_manifest().await
     }
 
@@ -347,23 +357,42 @@ impl RecordingStore {
         Some((entry_index, &self.manifest.entries[entry_index]))
     }
 
-    pub async fn delete_entry(&mut self, name: &str) -> Result<EntryType, RecordingStoreError> {
+    pub async fn set_current_stop_reason(
+        &mut self,
+        reason: String,
+    ) -> Result<(), RecordingStoreError> {
+        if let Some(idx) = self.current_entry {
+            self.manifest.entries[idx].stop_reason = Some(reason);
+            self.write_manifest().await?;
+        }
+        Ok(())
+    }
+
+    pub fn is_current_entry(&self, name: &str) -> bool {
+        match self.current_entry {
+            Some(idx) => match self.manifest.entries.get(idx) {
+                Some(entry) => entry.name == name,
+                None => false,
+            },
+            None => false,
+        }
+    }
+
+    pub async fn delete_entry(&mut self, name: &str) -> Result<(), RecordingStoreError> {
         let entry_to_delete_idx = self
             .manifest
             .entries
             .iter()
             .position(|entry| entry.name == name)
             .ok_or(RecordingStoreError::NoSuchEntryError)?;
-        let is_current = match self.current_entry {
+        match self.current_entry {
             Some(current_entry) if current_entry == entry_to_delete_idx => {
                 self.close_current_entry().await?;
-                EntryType::Current
             }
             Some(current_entry) => {
                 self.current_entry = Some(current_entry - 1);
-                EntryType::Past
             }
-            None => EntryType::Past,
+            None => {}
         };
         let entry_to_delete = self.manifest.entries.remove(entry_to_delete_idx);
         self.write_manifest().await?;
@@ -375,7 +404,7 @@ impl RecordingStore {
         remove_file_if_exists(&analysis_filepath)
             .await
             .map_err(RecordingStoreError::DeleteFileError)?;
-        Ok(is_current)
+        Ok(())
     }
 
     pub async fn delete_all_entries(&mut self) -> Result<(), RecordingStoreError> {

daemon/src/server.rs

@@ -9,32 +9,54 @@ use axum::extract::State;
 use axum::http::header::{self, CONTENT_LENGTH, CONTENT_TYPE};
 use axum::http::{HeaderValue, StatusCode};
 use axum::response::{IntoResponse, Response};
+use chrono::{DateTime, Local};
 use log::{error, warn};
+use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tokio::fs::write;
 use tokio::io::{AsyncReadExt, copy, duplex};
+use tokio::sync::RwLock;
 use tokio::sync::mpsc::Sender;
-use tokio::sync::{RwLock, oneshot};
 use tokio_util::compat::FuturesAsyncWriteCompatExt;
 use tokio_util::io::ReaderStream;
+use tokio_util::sync::CancellationToken;
 
 use crate::analysis::{AnalysisCtrlMessage, AnalysisStatus};
 use crate::config::Config;
+use crate::diag::DiagDeviceCtrlMessage;
+use crate::display::DisplayState;
+use crate::notifications::DEFAULT_NOTIFICATION_TIMEOUT;
 use crate::pcap::generate_pcap_data;
 use crate::qmdl_store::RecordingStore;
-use crate::{DiagDeviceCtrlMessage, display};
 
 pub struct ServerState {
     pub config_path: String,
     pub config: Config,
     pub qmdl_store_lock: Arc<RwLock<RecordingStore>>,
     pub diag_device_ctrl_sender: Sender<DiagDeviceCtrlMessage>,
-    pub ui_update_sender: Sender<display::DisplayState>,
     pub analysis_status_lock: Arc<RwLock<AnalysisStatus>>,
     pub analysis_sender: Sender<AnalysisCtrlMessage>,
-    pub daemon_restart_tx: Arc<RwLock<Option<oneshot::Sender<()>>>>,
+    pub daemon_restart_token: CancellationToken,
+    pub ui_update_sender: Option<Sender<DisplayState>>,
+    pub wifi_status: Arc<RwLock<wifi_station::WifiStatus>>,
+    pub wifi_scan_lock: tokio::sync::Mutex<()>,
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/qmdl/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::OK, description = "QMDL download successful", content_type = "application/octet-stream"),
+        (status = StatusCode::NOT_FOUND, description = "Could not find file {name}"),
+        (status = StatusCode::SERVICE_UNAVAILABLE, description = "QMDL file is empty, or error opening file")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL filename to convert and download")
+    ),
+    summary = "Download a QMDL file",
+    description = "Stream the QMDL file {name} to the client."
+))]
 pub async fn get_qmdl(
     State(state): State<Arc<ServerState>>,
     Path(qmdl_name): Path<String>,
@@ -72,11 +94,6 @@ pub async fn serve_static(
     let path = path.trim_start_matches('/');
 
     match path {
-        "rayhunter_icon.png" => (
-            [(header::CONTENT_TYPE, HeaderValue::from_static("image/png"))],
-            include_bytes!("../web/build/rayhunter_icon.png"),
-        )
-            .into_response(),
         "rayhunter_orca_only.png" => (
             [(header::CONTENT_TYPE, HeaderValue::from_static("image/png"))],
             include_bytes!("../web/build/rayhunter_orca_only.png"),
@@ -107,17 +124,50 @@ pub async fn serve_static(
     }
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/config",
+    tag = "Configuration",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = Config)
+    ),
+    summary = "Get config",
+    description = "Show the running configuration for Rayhunter."
+))]
 pub async fn get_config(
     State(state): State<Arc<ServerState>>,
 ) -> Result<Json<Config>, (StatusCode, String)> {
-    Ok(Json(state.config.clone()))
+    let mut config = state.config.clone();
+    config.wifi_password = None;
+    Ok(Json(config))
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/config",
+    tag = "Configuration",
+    request_body(
+        content = Option<[Config]>,
+        description = "Any or all configuration elements from the valid config schema to be altered may be passed. Invalid keys will be discarded. Invalid values or value types will return an error."
+    ),
+    responses(
+        (status = StatusCode::ACCEPTED, description = "Success"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Failed to parse or write config file"),
+        (status = 422, description = "Failed to deserialize JSON body")
+    ),
+    summary = "Set config",
+    description = "Write a new configuration for Rayhunter and trigger a restart."
+))]
 pub async fn set_config(
     State(state): State<Arc<ServerState>>,
     Json(config): Json<Config>,
 ) -> Result<(StatusCode, String), (StatusCode, String)> {
-    let config_str = toml::to_string_pretty(&config).map_err(|err| {
+    let mut config_to_write = config.clone();
+    config_to_write.wifi_ssid = None;
+    config_to_write.wifi_password = None;
+    config_to_write.wifi_security = None;
+
+    let config_str = toml::to_string_pretty(&config_to_write).map_err(|err| {
         (
             StatusCode::INTERNAL_SERVER_ERROR,
             format!("failed to serialize config as TOML: {err}"),
@@ -131,27 +181,145 @@ pub async fn set_config(
         )
     })?;
 
+    wifi_station::update_wpa_conf(&config.wifi_config()).await;
+
     // Trigger daemon restart after writing config
-    let mut restart_tx = state.daemon_restart_tx.write().await;
+    state.daemon_restart_token.cancel();
-    if let Some(sender) = restart_tx.take() {
+    Ok((
-        sender.send(()).map_err(|_| {
+        StatusCode::ACCEPTED,
-            (
+        "wrote config and triggered restart".to_string(),
-                StatusCode::INTERNAL_SERVER_ERROR,
+    ))
-                "couldn't send restart signal".to_string(),
-            )
-        })?;
-        Ok((
-            StatusCode::ACCEPTED,
-            "wrote config and triggered restart".to_string(),
-        ))
-    } else {
-        Ok((
-            StatusCode::ACCEPTED,
-            "wrote config but restart already triggered".to_string(),
-        ))
-    }
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/test-notification",
+    tag = "Configuration",
+    responses(
+        (status = StatusCode::OK, description = "Success"),
+        (status = StatusCode::BAD_REQUEST, description = "No notification URL set"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Failed to send HTTP request. Ensure your device can reach the internet.")
+    ),
+    summary = "Test ntfy notification",
+    description = "Send a test notification to the ntfy_url in the running configuration for Rayhunter."
+))]
+pub async fn test_notification(
+    State(state): State<Arc<ServerState>>,
+) -> Result<(StatusCode, String), (StatusCode, String)> {
+    let url = state.config.ntfy_url.as_ref().ok_or((
+        StatusCode::BAD_REQUEST,
+        "No notification URL configured".to_string(),
+    ))?;
+
+    if url.is_empty() {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            "Notification URL is empty".to_string(),
+        ));
+    }
+
+    let http_client = reqwest::Client::new();
+    let message = "Test notification from Rayhunter".to_string();
+
+    crate::notifications::send_notification(
+        &http_client,
+        url,
+        message,
+        DEFAULT_NOTIFICATION_TIMEOUT,
+    )
+    .await
+    .map(|()| {
+        (
+            StatusCode::OK,
+            "Test notification sent successfully".to_string(),
+        )
+    })
+    .map_err(|e| {
+        (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            format!("Failed to send test notification: {e}"),
+        )
+    })
+}
+
+/// Response for GET /api/time
+#[derive(Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
+pub struct TimeResponse {
+    /// The raw system time (without clock offset)
+    #[cfg_attr(feature = "apidocs", schema(value_type = String))]
+    pub system_time: DateTime<Local>,
+    /// The adjusted time (system time + offset)
+    #[cfg_attr(feature = "apidocs", schema(value_type = String))]
+    pub adjusted_time: DateTime<Local>,
+    /// The current offset in seconds
+    pub offset_seconds: i64,
+}
+
+/// Request for POST /api/time-offset
+#[derive(Deserialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
+pub struct SetTimeOffsetRequest {
+    /// The offset to set, in seconds
+    pub offset_seconds: i64,
+}
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/time",
+    tag = "Configuration",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = TimeResponse)
+    ),
+    summary = "Get time",
+    description = "Get the current time and offset (in seconds) of the device."
+))]
+pub async fn get_time() -> Json<TimeResponse> {
+    let system_time = Local::now();
+    let adjusted_time = rayhunter::clock::get_adjusted_now();
+    let offset_seconds = adjusted_time
+        .signed_duration_since(system_time)
+        .num_seconds();
+    Json(TimeResponse {
+        system_time,
+        adjusted_time,
+        offset_seconds,
+    })
+}
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/time-offset",
+    tag = "Configuration",
+    request_body(
+        content = SetTimeOffsetRequest
+    ),
+    responses(
+        (status = StatusCode::OK, description = "Success", body = TimeResponse)
+    ),
+    summary = "Set time offset",
+    description = "Set the difference (in seconds) between the system time and the adjusted time for Rayhunter."
+))]
+pub async fn set_time_offset(Json(req): Json<SetTimeOffsetRequest>) -> StatusCode {
+    rayhunter::clock::set_offset(chrono::TimeDelta::seconds(req.offset_seconds));
+    StatusCode::OK
+}
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/zip/{name}",
+    tag = "Recordings",
+    responses(
+        (status = StatusCode::OK, description = "ZIP download successful. It is possible that if the PCAP fails to convert, the same status will be returned, but the file will contain only the QMDL file.", content_type = "application/zip"),
+        (status = StatusCode::NOT_FOUND, description = "Could not find file {name}"),
+        (status = StatusCode::SERVICE_UNAVAILABLE, description = "QMDL file is empty, or error opening file")
+    ),
+    params(
+        ("name" = String, Path, description = "QMDL filename to convert and download")
+    ),
+    summary = "Download a ZIP file",
+    description = "Stream a ZIP file to the client which contains the QMDL file {name} and a PCAP generated from the same file."
+))]
 pub async fn get_zip(
     State(state): State<Arc<ServerState>>,
     Path(entry_name): Path<String>,
@@ -243,6 +411,93 @@ pub async fn get_zip(
     Ok((headers, body).into_response())
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/wifi-status",
+    tag = "Configuration",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = wifi_station::WifiStatus)
+    ),
+    summary = "Get wifi status",
+    description = "Show the status of the wifi client."
+))]
+pub async fn get_wifi_status(
+    State(state): State<Arc<ServerState>>,
+) -> Json<wifi_station::WifiStatus> {
+    let status = state.wifi_status.read().await;
+    Json(status.clone())
+}
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/wifi-scan",
+    tag = "Configuration",
+    responses(
+        (status = StatusCode::OK, description = "Scan success", body = inline(Vec<wifi_station::WifiNetwork>), content_type = "application/json"),
+        (status = StatusCode::TOO_MANY_REQUESTS, description = "Scan already in progress"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Scan failed"),
+    ),
+    summary = "Wifi SSID scan",
+    description = "Poll for a list of available wifi networks. Returns an array of WifiNetwork objects."
+))]
+pub async fn scan_wifi(
+    State(state): State<Arc<ServerState>>,
+) -> Result<Json<Vec<wifi_station::WifiNetwork>>, (StatusCode, String)> {
+    let _guard = state.wifi_scan_lock.try_lock().map_err(|_| {
+        (
+            StatusCode::TOO_MANY_REQUESTS,
+            "WiFi scan already in progress".to_string(),
+        )
+    })?;
+    let networks = wifi_station::scan_wifi_networks(wifi_station::STA_IFACE)
+        .await
+        .map_err(|e| {
+            (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                format!("WiFi scan failed: {e}"),
+            )
+        })?;
+    Ok(Json(networks))
+}
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    post,
+    path = "/api/debug/display-state",
+    tag = "Configuration",
+    request_body(
+        content = DisplayState
+    ),
+    responses(
+        (status = StatusCode::OK, description = "Display state updated successfully"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Error sending update to the display"),
+        (status = StatusCode::SERVICE_UNAVAILABLE, description = "Display system not available")
+    ),
+    summary = "Set display state",
+    description = "Change the display state (color bar or otherwise) of the device for debugging purposes."
+))]
+pub async fn debug_set_display_state(
+    State(state): State<Arc<ServerState>>,
+    Json(display_state): Json<DisplayState>,
+) -> Result<(StatusCode, String), (StatusCode, String)> {
+    if let Some(ui_sender) = &state.ui_update_sender {
+        ui_sender.send(display_state).await.map_err(|_| {
+            (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                "failed to send display state update".to_string(),
+            )
+        })?;
+        Ok((
+            StatusCode::OK,
+            "display state updated successfully".to_string(),
+        ))
+    } else {
+        Err((
+            StatusCode::SERVICE_UNAVAILABLE,
+            "display system not available".to_string(),
+        ))
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -293,7 +548,6 @@ mod tests {
         store_lock: Arc<RwLock<crate::qmdl_store::RecordingStore>>,
     ) -> Arc<ServerState> {
         let (tx, _rx) = tokio::sync::mpsc::channel(1);
-        let (ui_tx, _ui_rx) = tokio::sync::mpsc::channel(1);
         let (analysis_tx, _analysis_rx) = tokio::sync::mpsc::channel(1);
 
         let analysis_status = {
@@ -306,10 +560,12 @@ mod tests {
             config: Config::default(),
             qmdl_store_lock: store_lock,
             diag_device_ctrl_sender: tx,
-            ui_update_sender: ui_tx,
             analysis_status_lock: Arc::new(RwLock::new(analysis_status)),
             analysis_sender: analysis_tx,
-            daemon_restart_tx: Arc::new(RwLock::new(None)),
+            daemon_restart_token: CancellationToken::new(),
+            ui_update_sender: None,
+            wifi_status: Arc::new(RwLock::new(wifi_station::WifiStatus::default())),
+            wifi_scan_lock: tokio::sync::Mutex::new(()),
         })
     }
 

daemon/src/stats.rs

@@ -1,67 +1,114 @@
+use std::ffi::CString;
 use std::sync::Arc;
 
-use crate::qmdl_store::ManifestEntry;
+use crate::battery::get_battery_status;
+use crate::error::RayhunterError;
 use crate::server::ServerState;
+use crate::{battery::BatteryState, qmdl_store::ManifestEntry};
 
 use axum::Json;
 use axum::extract::State;
 use axum::http::StatusCode;
 use log::error;
-use rayhunter::util::RuntimeMetadata;
+use rayhunter::{Device, util::RuntimeMetadata};
 use serde::Serialize;
 use tokio::process::Command;
 
+/// Structure of device system statistics
 #[derive(Debug, Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct SystemStats {
     pub disk_stats: DiskStats,
     pub memory_stats: MemoryStats,
     pub runtime_metadata: RuntimeMetadata,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub battery_status: Option<BatteryState>,
 }
 
 impl SystemStats {
-    pub async fn new(qmdl_path: &str) -> Result<Self, String> {
+    pub async fn new(qmdl_path: &str, device: &Device) -> Result<Self, String> {
         Ok(Self {
-            disk_stats: DiskStats::new(qmdl_path).await?,
+            disk_stats: DiskStats::new(qmdl_path)?,
-            memory_stats: MemoryStats::new().await?,
+            memory_stats: MemoryStats::new(device).await?,
             runtime_metadata: RuntimeMetadata::new(),
+            battery_status: match get_battery_status(device).await {
+                Ok(status) => Some(status),
+                Err(RayhunterError::FunctionNotSupportedForDeviceError) => None,
+                Err(err) => {
+                    log::error!("Failed to get battery status: {err}");
+                    None
+                }
+            },
         })
     }
 }
 
+/// Device storage information
 #[derive(Debug, Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct DiskStats {
+    /// The partition to which the daemon is installed
     partition: String,
+    /// The total disk size of the partition
     total_size: String,
+    /// Total used size of the partition
     used_size: String,
+    /// Remaining free space of the partition
     available_size: String,
+    /// Disk usage displayed as percentage
     used_percent: String,
+    /// The root folder to which the partition is mounted
     mounted_on: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub available_bytes: Option<u64>,
 }
 
 impl DiskStats {
-    // runs "df -h <qmdl_path>" to get storage statistics for the partition containing
+    #[allow(clippy::unnecessary_cast)] // c_ulong is u32 on ARM, u64 on macOS
-    // the QMDL file
+    pub fn new(qmdl_path: &str) -> Result<Self, String> {
-    pub async fn new(qmdl_path: &str) -> Result<Self, String> {
+        let c_path =
-        let mut df_cmd = Command::new("df");
+            CString::new(qmdl_path).map_err(|e| format!("invalid path {qmdl_path}: {e}"))?;
-        df_cmd.arg("-h");
+        let mut stat: libc::statvfs = unsafe { std::mem::zeroed() };
-        df_cmd.arg(qmdl_path);
+        if unsafe { libc::statvfs(c_path.as_ptr(), &mut stat) } != 0 {
-        let stdout = get_cmd_output(df_cmd).await?;
+            return Err(format!(
-        let mut parts = stdout.split_whitespace().skip(7).to_owned();
+                "statvfs({qmdl_path}) failed: {}",
+                std::io::Error::last_os_error()
+            ));
+        }
+
+        let block_size = stat.f_frsize as u64;
+        let total_kb = (stat.f_blocks as u64 * block_size / 1024) as usize;
+        let free_kb = (stat.f_bfree as u64 * block_size / 1024) as usize;
+        let available_kb = (stat.f_bavail as u64 * block_size / 1024) as usize;
+        let used_kb = total_kb.saturating_sub(free_kb);
+        let used_percent = format!(
+            "{}%",
+            ((stat.f_blocks - stat.f_bfree) * 100)
+                .checked_div(stat.f_blocks)
+                .unwrap_or(0)
+        );
+
         Ok(Self {
-            partition: parts.next().ok_or("error parsing df output")?.to_string(),
+            partition: qmdl_path.to_string(),
-            total_size: parts.next().ok_or("error parsing df output")?.to_string(),
+            total_size: humanize_kb(total_kb),
-            used_size: parts.next().ok_or("error parsing df output")?.to_string(),
+            used_size: humanize_kb(used_kb),
-            available_size: parts.next().ok_or("error parsing df output")?.to_string(),
+            available_size: humanize_kb(available_kb),
-            used_percent: parts.next().ok_or("error parsing df output")?.to_string(),
+            used_percent,
-            mounted_on: parts.next().ok_or("error parsing df output")?.to_string(),
+            mounted_on: qmdl_path.to_string(),
+            available_bytes: Some(stat.f_bavail as u64 * block_size),
         })
     }
 }
 
+/// Device memory information
 #[derive(Debug, Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct MemoryStats {
+    /// The total memory available on the device
     total: String,
+    /// The currently used memory
     used: String,
+    /// Remaining free memory
     free: String,
 }
 
@@ -83,9 +130,16 @@ async fn get_cmd_output(mut cmd: Command) -> Result<String, String> {
 }
 
 impl MemoryStats {
-    // runs "free -k" and parses the output to retrieve memory stats
+    // runs "free -k" and parses the output to retrieve memory stats for most devices,
-    pub async fn new() -> Result<Self, String> {
+    pub async fn new(device: &Device) -> Result<Self, String> {
-        let mut free_cmd = Command::new("free");
+        // Use busybox for Uz801
+        let mut free_cmd: Command;
+        if matches!(device, Device::Uz801) {
+            free_cmd = Command::new("busybox");
+            free_cmd.arg("free");
+        } else {
+            free_cmd = Command::new("free");
+        }
         free_cmd.arg("-k");
         let stdout = get_cmd_output(free_cmd).await?;
         let mut numbers = stdout
@@ -107,11 +161,22 @@ fn humanize_kb(kb: usize) -> String {
     format!("{:.1}M", kb as f64 / 1024.0)
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/system-stats",
+    tag = "Statistics",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = SystemStats),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Error collecting statistics")
+    ),
+    summary = "Get system info",
+    description = "Display system/device statistics."
+))]
 pub async fn get_system_stats(
     State(state): State<Arc<ServerState>>,
 ) -> Result<Json<SystemStats>, (StatusCode, String)> {
     let qmdl_store = state.qmdl_store_lock.read().await;
-    match SystemStats::new(qmdl_store.path.to_str().unwrap()).await {
+    match SystemStats::new(qmdl_store.path.to_str().unwrap(), &state.config.device).await {
         Ok(stats) => Ok(Json(stats)),
         Err(err) => {
             error!("error getting system stats: {err}");
@@ -123,12 +188,26 @@ pub async fn get_system_stats(
     }
 }
 
+/// QMDL manifest information
 #[derive(Serialize)]
+#[cfg_attr(feature = "apidocs", derive(utoipa::ToSchema))]
 pub struct ManifestStats {
+    /// A vector containing the names of the QMDL files
     pub entries: Vec<ManifestEntry>,
+    /// The currently open QMDL file
     pub current_entry: Option<ManifestEntry>,
 }
 
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/qmdl-manifest",
+    tag = "Statistics",
+    responses(
+        (status = StatusCode::OK, description = "Success", body = ManifestStats)
+    ),
+    summary = "QMDL Manifest",
+    description = "List QMDL files available on the device and some of their basic statistics."
+))]
 pub async fn get_qmdl_manifest(
     State(state): State<Arc<ServerState>>,
 ) -> Result<Json<ManifestStats>, (StatusCode, String)> {
@@ -140,3 +219,20 @@ pub async fn get_qmdl_manifest(
         current_entry,
     }))
 }
+
+#[cfg_attr(feature = "apidocs", utoipa::path(
+    get,
+    path = "/api/log",
+    tag = "Statistics",
+    responses(
+        (status = StatusCode::OK, description = "Success", content_type = "text/plain"),
+        (status = StatusCode::INTERNAL_SERVER_ERROR, description = "Could not read /data/rayhunter/rayhunter.log file")
+    ),
+    summary = "Display log",
+    description = "Download the current device log in UTF-8 plaintext."
+))]
+pub async fn get_log() -> Result<String, (StatusCode, String)> {
+    tokio::fs::read_to_string("/data/rayhunter/rayhunter.log")
+        .await
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))
+}

daemon/web/.gitignore

@@ -19,6 +19,3 @@ Thumbs.db
 # Vite
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
-
-package-lock.json
-yarn.lock

daemon/web/eslint.config.js

@@ -22,7 +22,7 @@ export default ts.config(
         },
     },
     {
-        files: ['**/*.svelte'],
+        files: ['**/*.svelte', '**/*.svelte.ts', '**/*.svelte.js'],
 
         languageOptions: {
             parserOptions: {
@@ -37,6 +37,22 @@ export default ts.config(
                 { argsIgnorePattern: '^_', varsIgnorePattern: '^_' },
             ],
             '@typescript-eslint/no-explicit-any': 'off',
+            '@typescript-eslint/naming-convention': [
+                'error',
+                {
+                    selector: 'function',
+                    format: ['snake_case'],
+                },
+                {
+                    selector: 'method',
+                    format: ['snake_case'],
+                },
+            ],
+            // these rules should eventually be enabled, just disabled them to
+            // make dependency upgrades easier.
+            'svelte/prefer-svelte-reactivity': 'off',
+            'svelte/require-each-key': 'off',
+            'svelte/no-navigation-without-resolve': 'off',
         },
     }
 );

daemon/web/package.json

@@ -15,24 +15,26 @@
         "fix": "eslint --fix ."
     },
     "devDependencies": {
-        "@sveltejs/adapter-auto": "^3.0.0",
+        "@eslint/js": "^10.0.1",
+        "@sveltejs/adapter-auto": "^7.0.1",
         "@sveltejs/adapter-static": "^3.0.5",
-        "@sveltejs/kit": "^2.13.0",
+        "@sveltejs/kit": "^2.57.1",
-        "@sveltejs/vite-plugin-svelte": "^4.0.0",
+        "@sveltejs/vite-plugin-svelte": "^7.0.0",
+        "@tailwindcss/vite": "^4.2.2",
         "@types/eslint": "^9.6.0",
-        "autoprefixer": "^10.4.20",
+        "@types/node": "^25.6.0",
-        "eslint": "^9.7.0",
+        "eslint": "^10.2.1",
-        "eslint-config-prettier": "^9.1.0",
+        "eslint-config-prettier": "^10.1.8",
-        "eslint-plugin-svelte": "^2.36.0",
+        "eslint-plugin-svelte": "^3.17.0",
-        "globals": "^15.0.0",
+        "globals": "^17.5.0",
-        "prettier": "^3.3.2",
+        "prettier": "^3.8.3",
-        "prettier-plugin-svelte": "^3.2.6",
+        "prettier-plugin-svelte": "^3.5.1",
-        "svelte": "^5.0.0",
+        "svelte": "^5.55.4",
-        "svelte-check": "^4.0.0",
+        "svelte-check": "^4.4.6",
-        "tailwindcss": "^3.4.9",
+        "tailwindcss": "^4.2.2",
-        "typescript": "^5.0.0",
+        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.0.0",
+        "typescript-eslint": "^8.58.2",
-        "vite": "^5.0.3",
+        "vite": "^8.0.9",
-        "vitest": "^2.0.4"
+        "vitest": "^4.1.4"
     }
 }

daemon/web/postcss.config.js

@@ -1,6 +0,0 @@
-export default {
-    plugins: {
-        tailwindcss: {},
-        autoprefixer: {},
-    },
-};

daemon/web/src/app.css

@@ -1,3 +1,16 @@
-@import 'tailwindcss/base';
+@import 'tailwindcss';
-@import 'tailwindcss/components';
+
-@import 'tailwindcss/utilities';
+@theme {
+    --color-rayhunter-blue: #4e4eb1;
+    --color-rayhunter-dark-blue: #3f3da0;
+    --color-rayhunter-green: #94ea18;
+}
+
+/* v4 dropped the v3 preflight rule that set `cursor: pointer` on buttons.
+ * Restore it so enabled buttons get the pointer cursor. */
+@layer base {
+    button:not(:disabled),
+    [role='button']:not(:disabled) {
+        cursor: pointer;
+    }
+}

daemon/web/src/app.html

@@ -6,7 +6,7 @@
         <meta name="viewport" content="width=device-width, initial-scale=1" />
         %sveltekit.head%
     </head>
-    <body data-sveltekit-preload-data="hover">
+    <body data-sveltekit-preload-data="hover" style="width: 100%">
         <div style="display: contents" class="m-4 xl:m-8">%sveltekit.body%</div>
     </body>
 </html>

daemon/web/src/lib/action_errors.svelte.ts

@@ -0,0 +1,24 @@
+export class ActionError extends Error {
+    // The number of this an identical error has happened.
+    // This is shown as a number next to the error in the UI.
+    times = $state(1);
+
+    constructor(message: string, cause: Error) {
+        super(message);
+        this.cause = cause;
+    }
+}
+
+export const action_errors: ActionError[] = $state([]);
+
+export function add_error(e: Error, msg: string): void {
+    for (const existing of action_errors) {
+        if (existing.message === msg) {
+            existing.times += 1;
+            return;
+        }
+    }
+    const action_error = new ActionError(msg, e);
+    action_errors.unshift(action_error);
+    console.log(action_errors.length);
+}

daemon/web/src/lib/analysis.svelte.spec.ts

@@ -1,43 +1,7 @@
 import { describe, it, expect } from 'vitest';
-import { AnalysisRowType, EventType, parse_finished_report, Severity } from './analysis.svelte';
+import { AnalysisRowType, parse_finished_report } from './analysis.svelte';
 import { type NewlineDeliminatedJson } from './ndjson';
 
-const SAMPLE_V1_REPORT_NDJSON: NewlineDeliminatedJson = [
-    {
-        analyzers: [
-            {
-                name: 'Analyzer 1',
-                description: 'A first analyzer',
-            },
-            {
-                name: 'Analyzer 2',
-                description: 'A second analyzer',
-            },
-        ],
-    },
-    {
-        timestamp: '2024-10-08T13:25:43.011689003-07:00',
-        skipped_message_reasons: ['The reason why the message was skipped'],
-        analysis: [],
-    },
-    {
-        timestamp: '2024-10-08T13:25:43.480872496-07:00',
-        skipped_message_reasons: [],
-        analysis: [
-            {
-                timestamp: '2024-08-19T03:33:54.318Z',
-                events: [
-                    null,
-                    {
-                        event_type: { type: 'QualitativeWarning', severity: 'Low' },
-                        message: 'Something nasty happened',
-                    },
-                ],
-            },
-        ],
-    },
-];
-
 const SAMPLE_V2_REPORT_NDJSON: NewlineDeliminatedJson = [
     {
         analyzers: [
@@ -62,7 +26,7 @@ const SAMPLE_V2_REPORT_NDJSON: NewlineDeliminatedJson = [
         events: [
             null,
             {
-                event_type: { type: 'QualitativeWarning', severity: 'Low' },
+                event_type: 'Low',
                 message: 'Something nasty happened',
             },
         ],
@@ -70,40 +34,6 @@ const SAMPLE_V2_REPORT_NDJSON: NewlineDeliminatedJson = [
 ];
 
 describe('analysis report parsing', () => {
-    it('parses v1 example analysis', () => {
-        const report = parse_finished_report(SAMPLE_V1_REPORT_NDJSON);
-        expect(report.metadata.report_version).toEqual(1);
-        expect(report.metadata.analyzers).toEqual([
-            {
-                name: 'Analyzer 1',
-                description: 'A first analyzer',
-                version: 0,
-            },
-            {
-                name: 'Analyzer 2',
-                description: 'A second analyzer',
-                version: 0,
-            },
-        ]);
-        expect(report.rows).toHaveLength(2);
-        expect(report.rows[0].type).toBe(AnalysisRowType.Skipped);
-        if (report.rows[1].type === AnalysisRowType.Analysis) {
-            const row = report.rows[1];
-            expect(row.events).toHaveLength(2);
-            expect(row.events[0]).toBeNull();
-            const event = row.events[1];
-            const expected_timestamp = new Date('2024-08-19T03:33:54.318Z');
-            expect(row.packet_timestamp.getTime()).toEqual(expected_timestamp.getTime());
-            if (event !== null && event.type === EventType.Warning) {
-                expect(event.severity).toEqual(Severity.Low);
-            } else {
-                throw 'wrong event type';
-            }
-        } else {
-            throw 'wrong row type';
-        }
-    });
-
     it('parses v2 example analysis', () => {
         const report = parse_finished_report(SAMPLE_V2_REPORT_NDJSON);
         expect(report.metadata.report_version).toEqual(2);
@@ -128,11 +58,7 @@ describe('analysis report parsing', () => {
             const event = row.events[1];
             const expected_timestamp = new Date('2024-08-19T03:33:54.318Z');
             expect(row.packet_timestamp.getTime()).toEqual(expected_timestamp.getTime());
-            if (event !== null && event.type === EventType.Warning) {
+            expect(event!.event_type).toEqual('Low');
-                expect(event.severity).toEqual(Severity.Low);
-            } else {
-                throw 'wrong event type';
-            }
         } else {
             throw 'wrong row type';
         }

daemon/web/src/lib/analysis.svelte.ts

@@ -21,17 +21,7 @@ export class ReportMetadata {
     constructor(ndjson: any) {
         this.analyzers = ndjson.analyzers;
         this.rayhunter = ndjson.rayhunter;
-        if (ndjson.report_version === undefined) {
+        this.report_version = ndjson.report_version || 2; // Default to v2
-            this.report_version = 1;
-            // we consider our legacy (unversioned) heuristics to be v0 --
-            // this'll let us clearly differentiate some known false-positive
-            // results from the pre-versioned era from v1 heuristics
-            this.analyzers.forEach((analyzer) => {
-                analyzer.version = 0;
-            });
-        } else {
-            this.report_version = ndjson.report_version;
-        }
     }
 }
 
@@ -64,77 +54,22 @@ export type PacketAnalysis = {
     events: Event[];
 };
 
-export type Event = QualitativeWarning | InformationalEvent | null;
+export type EventType = 'Informational' | 'Low' | 'Medium' | 'High';
-export enum EventType {
-    Informational,
-    Warning,
-}
 
-export type QualitativeWarning = {
+export type Event = {
-    type: EventType.Warning;
+    event_type: EventType;
-    severity: Severity;
     message: string;
-};
+} | null;
-
-export enum Severity {
-    Low,
-    Medium,
-    High,
-}
-
-export type InformationalEvent = {
-    type: EventType.Informational;
-    message: string;
-};
 
 function get_event(event_json: any): Event {
-    if (event_json.event_type.type === 'Informational') {
+    if (!['Informational', 'Low', 'Medium', 'High'].includes(event_json.event_type)) {
-        return {
+        throw `Invalid/unhandled event type: ${event_json.event_type}`;
-            type: EventType.Informational,
-            message: event_json.message,
-        };
-    } else {
-        return {
-            type: EventType.Warning,
-            severity:
-                event_json.event_type.severity === 'High'
-                    ? Severity.High
-                    : event_json.event_type.severity === 'Medium'
-                      ? Severity.Medium
-                      : Severity.Low,
-            message: event_json.message,
-        };
     }
+
+    return event_json;
 }
 
-function get_v1_rows(row_jsons: any[]): AnalysisRow[] {
+function get_rows(row_jsons: any[]): AnalysisRow[] {
-    const rows: AnalysisRow[] = [];
-    for (const row_json of row_jsons) {
-        for (const reason of row_json.skipped_message_reasons) {
-            rows.push({
-                type: AnalysisRowType.Skipped,
-                reason,
-            });
-        }
-        for (const analysis_json of row_json.analysis) {
-            const events: Event[] = analysis_json.events.map((event_json: any): Event | null => {
-                if (event_json === null) {
-                    return null;
-                } else {
-                    return get_event(event_json);
-                }
-            });
-            rows.push({
-                type: AnalysisRowType.Analysis,
-                packet_timestamp: new Date(analysis_json.timestamp),
-                events,
-            });
-        }
-    }
-    return rows;
-}
-
-function get_v2_rows(row_jsons: any[]): AnalysisRow[] {
     const rows: AnalysisRow[] = [];
     for (const row_json of row_jsons) {
         if (row_json.skipped_message_reason) {
@@ -170,7 +105,7 @@ function get_report_stats(rows: AnalysisRow[]): ReportStatistics {
         } else {
             for (const event of row.events) {
                 if (event !== null) {
-                    if (event.type === EventType.Informational) {
+                    if (event.event_type === 'Informational') {
                         num_informational_logs++;
                     } else {
                         num_warnings++;
@@ -188,12 +123,7 @@ function get_report_stats(rows: AnalysisRow[]): ReportStatistics {
 
 export function parse_finished_report(report_json: NewlineDeliminatedJson): AnalysisReport {
     const metadata = new ReportMetadata(report_json[0]);
-    let rows;
+    const rows = get_rows(report_json.slice(1));
-    if (metadata.report_version === 1) {
-        rows = get_v1_rows(report_json.slice(1));
-    } else {
-        rows = get_v2_rows(report_json.slice(1));
-    }
     const statistics = get_report_stats(rows);
     return {
         statistics,

daemon/web/src/lib/analysisManager.svelte.ts

@@ -23,11 +23,9 @@ export type AnalysisResult = {
 };
 
 export class AnalysisManager {
-    public status: Map<string, AnalysisStatus> = new Map();
+    public status: Map<string, AnalysisStatus> = $state(new Map());
-    public reports: Map<string, AnalysisReport | string> = new Map();
+    public reports: Map<string, AnalysisReport | string> = $state(new Map());
-
+    public set_queued_status(name: string) {
-    public async run_analysis(name: string) {
-        await req('POST', `/api/analysis/${name}`);
         this.status.set(name, AnalysisStatus.Queued);
         this.reports.delete(name);
     }

daemon/web/src/lib/components/ActionErrors.svelte

@@ -0,0 +1,100 @@
+<script lang="ts">
+    import { action_errors } from '../action_errors.svelte';
+
+    let pos = $state(0);
+    let current_error = $derived(action_errors[pos]);
+
+    function prev_error() {
+        if (pos > 0) pos -= 1;
+        else pos = action_errors.length - 1;
+    }
+    function next_error() {
+        if (pos + 1 < action_errors.length) pos += 1;
+        else pos = 0;
+    }
+    function clear_errors() {
+        pos = 0;
+        action_errors.length = 0;
+    }
+</script>
+
+{#if action_errors.length > 0}
+    <div
+        class="bg-red-100 border-red-100 drop-shadow-sm p-4 flex flex-col gap-2
+        border rounded-md flex-1 justify-between fixed z-10 right-3 bottom-3 ml-3"
+    >
+        <div class="flex flex-row justify-between">
+            <span class="text-xl font-bold mb-2 mr-5 flex flex-row items-center gap-1 text-red-600">
+                <svg
+                    class="w-6 h-6 text-red-600"
+                    aria-hidden="true"
+                    xmlns="http://www.w3.org/2000/svg"
+                    width="24"
+                    height="24"
+                    fill="currentColor"
+                    viewBox="0 0 24 24"
+                >
+                    <path
+                        fill-rule="evenodd"
+                        d="M2 12C2 6.477 6.477 2 12 2s10 4.477 10 10-4.477 10-10 10S2 17.523 2 12Zm11-4a1 1 0 1 0-2 0v5a1 1 0 1 0 2 0V8Zm-1 7a1 1 0 1 0 0 2h.01a1 1 0 1 0 0-2H12Z"
+                        clip-rule="evenodd"
+                    />
+                </svg>
+                Error Completing Action {current_error.times > 1 ? `x${current_error.times}` : ''}
+            </span>
+            <div class="flex items-center mb-2">
+                {#if action_errors.length > 1}
+                    <span>{pos + 1}/{action_errors.length}</span>
+                    <button title="previous error" aria-label="previous error" onclick={prev_error}>
+                        <svg
+                            aria-hidden="true"
+                            width="24"
+                            height="24"
+                            fill="none"
+                            viewBox="0 0 24 24"
+                        >
+                            <path
+                                stroke="currentColor"
+                                stroke-linecap="round"
+                                stroke-linejoin="round"
+                                stroke-width="2"
+                                d="m 15.499979,19.499979 -6.9999997,-7 6.9999997,-6.9999997"
+                            />
+                        </svg>
+                    </button>
+                    <button title="next error" aria-label="next error" onclick={next_error}>
+                        <svg
+                            aria-hidden="true"
+                            width="24"
+                            height="24"
+                            fill="none"
+                            viewBox="0 0 24 24"
+                        >
+                            <path
+                                stroke="currentColor"
+                                stroke-linecap="round"
+                                stroke-linejoin="round"
+                                stroke-width="2"
+                                d="m 8.5000207,5.4999793 7.0000003,6.9999997 -7.0000003,7"
+                            />
+                        </svg>
+                    </button>
+                {/if}
+                <button title="clear errors" aria-label="clear errors" onclick={clear_errors}>
+                    <svg style="width:24px;height:24px" viewBox="0 0 24 24">
+                        <path
+                            d="M19,4H15.5L14.5,3H9.5L8.5,4H5V6H19M6,19A2,2 0 0,0 8,21H16A2,2 0 0,0 18,19V7H6V19Z"
+                        />
+                    </svg>
+                </button>
+            </div>
+        </div>
+        <span>{current_error.message}</span>
+        {#if current_error.cause}
+            <details>
+                <summary>Details</summary>
+                <code>{current_error.cause}</code>
+            </details>
+        {/if}
+    </div>
+{/if}

daemon/web/src/lib/components/AnalysisStatus.svelte

@@ -35,15 +35,43 @@
         return finished && report_available;
     });
 
-    let button_class = $derived(ready ? 'text-blue-600 border rounded-full px-2' : '');
+    let button_class = $derived.by(() => {
+        if (!ready) {
+            return 'text-gray-700';
+        } else if ((entry.get_num_warnings() || 0) < 1) {
+            return 'text-green-700 border-green-500 bg-green-200 text-blue-600 border rounded-full px-2';
+        } else {
+            return 'text-red-700 border-red-500 bg-red-200 text-blue-600 border rounded-full px-2';
+        }
+    });
 </script>
 
 <button class="flex flex-row gap-1 lg:gap-2" disabled={!ready} {onclick}>
-    <span
+    <span class="flex flex-row items-center gap-1">
-        class="{button_class} {(entry.get_num_warnings() || 0) < 1
+        {#if entry.analysis_status === AnalysisStatus.Queued || entry.analysis_status === AnalysisStatus.Running || (entry.analysis_status === AnalysisStatus.Finished && entry.analysis_report === undefined)}
-            ? 'text-green-700 border-green-500 bg-green-200'
+            <svg
-            : 'text-red-700 border-red-500 bg-red-200'}">{summary}</span
+                class="animate-spin h-4 w-4 text-blue-600"
-    >
+                xmlns="http://www.w3.org/2000/svg"
+                fill="none"
+                viewBox="0 0 24 24"
+            >
+                <circle
+                    class="opacity-25"
+                    cx="12"
+                    cy="12"
+                    r="10"
+                    stroke="currentColor"
+                    stroke-width="4"
+                ></circle>
+                <path
+                    class="opacity-75"
+                    fill="currentColor"
+                    d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+                ></path>
+            </svg>
+        {/if}
+        <span class={button_class}>{summary}</span>
+    </span>
     <svg
         class="w-6 h-6 text-gray-800 transition-transform {analysis_visible ? 'rotate-180' : ''}"
         aria-hidden="true"

daemon/web/src/lib/components/AnalysisTable.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-    import { AnalysisRowType, EventType, type AnalysisReport } from '$lib/analysis.svelte';
+    import { AnalysisRowType, type AnalysisReport } from '$lib/analysis.svelte';
     let {
         report,
     }: {
@@ -11,7 +11,7 @@
         dateStyle: 'short',
     });
 
-    const analyzers = report.metadata.analyzers;
+    const analyzers = $derived(report.metadata.analyzers);
 
     const skipped_messages: Map<string, number> = $derived.by(() => {
         let map = new Map();
@@ -33,69 +33,71 @@
     {#if report.statistics.num_warnings === 0 && report.statistics.num_informational_logs === 0}
         <p>Nothing to show!</p>
     {:else}
-        <table class="table-auto text-left">
+        <div class="overflow-x-auto">
-            <thead class="p-2">
+            <table class="table-auto text-left">
-                <tr class="bg-gray-300">
+                <thead class="p-2">
-                    <th class="p-2">Timestamp</th>
+                    <tr class="bg-gray-300">
-                    <th class="p-2">Heuristic</th>
+                        <th class="p-2">Timestamp</th>
-                    <th class="p-2">Warning</th>
+                        <th class="p-2">Heuristic</th>
-                    <th class="p-2">Severity</th>
+                        <th class="p-2">Warning</th>
-                </tr>
+                        <th class="p-2">Severity</th>
-            </thead>
+                    </tr>
-            <tbody>
+                </thead>
-                {#each report.rows as row}
+                <tbody>
-                    {#if row.type === AnalysisRowType.Analysis}
+                    {#each report.rows as row}
-                        {@const parsed_date = new Date(row.packet_timestamp)}
+                        {#if row.type === AnalysisRowType.Analysis}
-                        {#each row.events.filter((e) => e !== null) as event, i}
+                            {@const parsed_date = new Date(row.packet_timestamp)}
-                            {@const analyzer = analyzers[i]}
+                            {#each row.events as event, analyzerIndex}
-                            <tr class="even:bg-gray-200 odd:bg-white">
+                                {#if event !== null}
-                                {#if event.type === EventType.Warning}
+                                    {@const analyzer = analyzers[analyzerIndex]}
-                                    {@const severity = ['Low', 'Medium', 'High'][event.severity]}
+                                    {@const event_type_class = {
-                                    {@const severity_class = [
+                                        Informational: '',
-                                        'bg-red-200',
+                                        Low: 'bg-yellow-200',
-                                        'bg-red-400',
+                                        Medium: 'bg-orange-400',
-                                        'bg-red-600',
+                                        High: 'bg-red-600',
-                                    ][event.severity]}
+                                    }[event.event_type]}
-                                    <td class="p-2">{date_formatter.format(parsed_date)}</td>
+                                    <tr class="even:bg-gray-200 odd:bg-white">
-                                    <td class="p-2">{analyzer.name} v{analyzer.version}</td>
+                                        <td class="p-2">{date_formatter.format(parsed_date)}</td>
-                                    <td class="p-2">{event.message}</td>
+                                        <td class="p-2">{analyzer.name} v{analyzer.version}</td>
-                                    <td class="p-2 {severity_class} text-center">{severity}</td>
+                                        <td class="p-2">{event.message}</td>
-                                {:else if event.type === EventType.Informational}
+                                        <td class="p-2 {event_type_class} text-center"
-                                    <td class="p-2">{date_formatter.format(parsed_date)}</td>
+                                            >{event.event_type}</td
-                                    <td class="p-2">{analyzer.name} v{analyzer.version}</td>
+                                        >
-                                    <td class="p-2">{event.message}</td>
+                                    </tr>
-                                    <td class="p-2">Info</td>
                                 {/if}
-                            </tr>
+                            {/each}
-                        {/each}
+                        {/if}
-                    {/if}
+                    {/each}
-                {/each}
+                </tbody>
-            </tbody>
+            </table>
-        </table>
+        </div>
     {/if}
 </div>
 {#if report.statistics.num_skipped_packets > 0}
     <div>
         <p class="text-lg underline">Unparsed Messages</p>
         <p>
-            These are due to a limitation or bug in Rayhunter's parser, and aren't ususally a
+            These are due to a limitation or bug in Rayhunter's parser, and aren't usually a
-            problem.
+            problem. We'll not accept bug reports about them unless something else is going wrong
+            (such as false-positives or definite false-negatives)
         </p>
-        <table class="table-auto text-left">
+        <div class="overflow-x-auto">
-            <thead class="p-2">
+            <table class="table-auto text-left">
-                <tr class="bg-gray-300">
+                <thead class="p-2">
-                    <th scope="col" class="p-2">Total Msgs Affected</th>
+                    <tr class="bg-gray-300">
-                    <th scope="col">Reason/Error</th>
+                        <th scope="col" class="p-2">Total Msgs Affected</th>
-                </tr>
+                        <th scope="col">Reason/Error</th>
-            </thead>
-            <tbody>
-                {#each skipped_messages.entries() as [message, count]}
-                    <tr class="even:bg-gray-200 odd:bg-white">
-                        <td class="text-center">{count}</td>
-                        <td>{message}</td>
                     </tr>
-                {/each}
+                </thead>
-            </tbody>
+                <tbody>
-        </table>
+                    {#each skipped_messages.entries() as [message, count]}
+                        <tr class="even:bg-gray-200 odd:bg-white">
+                            <td class="text-center">{count}</td>
+                            <td>{message}</td>
+                        </tr>
+                    {/each}
+                </tbody>
+            </table>
+        </div>
     </div>
 {/if}

daemon/web/src/lib/components/AnalysisView.svelte

@@ -1,11 +1,17 @@
 <script lang="ts">
     import { type ReportMetadata } from '$lib/analysis.svelte';
     import type { ManifestEntry } from '$lib/manifest.svelte';
+    import { AnalysisManager } from '$lib/analysisManager.svelte';
     import AnalysisTable from './AnalysisTable.svelte';
+    import ReAnalyzeButton from './ReAnalyzeButton.svelte';
     let {
         entry,
+        manager,
+        current,
     }: {
         entry: ManifestEntry;
+        manager: AnalysisManager;
+        current: boolean;
     } = $props();
 </script>
 
@@ -16,7 +22,28 @@
         <p>Error getting analysis report: {entry.analysis_report}</p>
     {:else}
         {@const metadata: ReportMetadata = entry.analysis_report.metadata}
+        {@const numWarnings: number = entry.get_num_warnings() || 0}
         <div class="flex flex-col gap-2">
+            {#if !!numWarnings || !current}
+                <div class="flex flex-row justify-between items-center">
+                    {#if !!numWarnings}
+                        <div
+                            class="text-red-700 border-red-500 border rounded-lg text-blue-600 px-2 py-1 mr-12"
+                        >
+                            Your Rayhunter device raised {`${numWarnings}`} warning{`${
+                                numWarnings > 1 ? 's' : ''
+                            }`}!
+                            <a
+                                href="https://efforg.github.io/rayhunter/faq.html#red"
+                                class="text-blue-600 underline">Read the FAQ</a
+                            > to learn what you can do about it
+                        </div>
+                    {/if}
+                    {#if !current}
+                        <ReAnalyzeButton {entry} {manager} />
+                    {/if}
+                </div>
+            {/if}
             {#if entry.analysis_report.rows.length > 0}
                 <AnalysisTable report={entry.analysis_report} />
             {:else}

daemon/web/src/lib/components/ApiRequestButton.svelte

@@ -0,0 +1,100 @@
+<script lang="ts">
+    import { user_action_req } from '$lib/utils.svelte';
+
+    let {
+        url,
+        method = 'POST',
+        label,
+        loadingLabel,
+        disabled = false,
+        variant = 'blue',
+        icon,
+        onclick,
+        ariaLabel,
+        errorMessage,
+        jsonBody,
+    }: {
+        url: string;
+        method?: string;
+        label: string;
+        loadingLabel?: string;
+        disabled?: boolean;
+        variant?: 'blue' | 'red' | 'green';
+        icon?: any; // Svelte snippet
+        onclick?: () => void | Promise<void>;
+        ariaLabel?: string;
+        errorMessage?: string;
+        jsonBody?: unknown;
+    } = $props();
+
+    let is_requesting = $state(false);
+    let is_disabled = $derived(disabled || is_requesting);
+
+    const variantClasses = {
+        blue: {
+            enabled: 'bg-blue-500 hover:bg-blue-700',
+            disabled: 'bg-blue-500 opacity-50 cursor-not-allowed',
+        },
+        red: {
+            enabled: 'bg-red-500 hover:bg-red-700',
+            disabled: 'bg-red-500 opacity-50 cursor-not-allowed',
+        },
+        green: {
+            enabled: 'bg-green-500 hover:bg-green-700',
+            disabled: 'bg-green-500 opacity-50 cursor-not-allowed',
+        },
+    };
+
+    async function handle_click() {
+        if (is_disabled) return;
+
+        is_requesting = true;
+        try {
+            await user_action_req(
+                method,
+                url,
+                errorMessage ? errorMessage : 'Error performing action',
+                jsonBody
+            );
+            if (onclick) {
+                await onclick();
+            }
+        } catch (err) {
+            console.error(`Failed to ${method} ${url}:`, err);
+            alert(`Request failed. Please try again.`);
+        } finally {
+            is_requesting = false;
+        }
+    }
+
+    let buttonClasses = $derived(
+        is_disabled ? variantClasses[variant].disabled : variantClasses[variant].enabled
+    );
+</script>
+
+<button
+    class="text-white font-bold py-2 px-2 sm:px-4 rounded-md flex flex-row items-center gap-1 {buttonClasses}"
+    onclick={handle_click}
+    disabled={is_disabled}
+    aria-label={ariaLabel || label}
+>
+    <span>{is_requesting && loadingLabel ? loadingLabel : label}</span>
+    {#if is_requesting}
+        <svg
+            class="w-4 h-4 text-white animate-spin"
+            xmlns="http://www.w3.org/2000/svg"
+            fill="none"
+            viewBox="0 0 24 24"
+        >
+            <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"
+            ></circle>
+            <path
+                class="opacity-75"
+                fill="currentColor"
+                d="m4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+            ></path>
+        </svg>
+    {:else if icon}
+        {@render icon()}
+    {/if}
+</button>

daemon/web/src/lib/components/ClockDriftAlert.svelte

@@ -0,0 +1,121 @@
+<script lang="ts">
+    import { get_daemon_time } from '$lib/utils.svelte';
+    import ApiRequestButton from './ApiRequestButton.svelte';
+
+    let show_alert = $state(false);
+    let device_system_time = $state('');
+    let device_adjusted_time = $state('');
+    let browser_time = $state('');
+    let has_offset = $state(false);
+    let computed_offset = $state(0);
+    let dismissed = $state(false);
+    let check_completed = $state(false);
+
+    const DRIFT_THRESHOLD_SECONDS = 30;
+
+    function format_time(date: Date): string {
+        return date.toLocaleString();
+    }
+
+    async function check_clock_drift() {
+        if (check_completed) return;
+
+        try {
+            const daemon_time_response = await get_daemon_time();
+            const browser_now = new Date();
+            const daemon_system_ms = new Date(daemon_time_response.system_time).getTime();
+            const device_adjusted_ms = new Date(daemon_time_response.adjusted_time).getTime();
+            const drift_seconds = Math.round((browser_now.getTime() - device_adjusted_ms) / 1000);
+
+            if (Math.abs(drift_seconds) > DRIFT_THRESHOLD_SECONDS && !dismissed) {
+                device_system_time = format_time(new Date(daemon_time_response.system_time));
+                device_adjusted_time = format_time(new Date(daemon_time_response.adjusted_time));
+                browser_time = format_time(browser_now);
+                has_offset = daemon_time_response.offset_seconds !== 0;
+                // Calculate offset needed: browser_time - daemon_system_time
+                computed_offset = Math.round((browser_now.getTime() - daemon_system_ms) / 1000);
+                show_alert = true;
+            }
+        } catch (err) {
+            console.error('Failed to check clock drift:', err);
+        }
+        check_completed = true;
+    }
+
+    function dismiss() {
+        show_alert = false;
+        dismissed = true;
+    }
+
+    // Check clock drift on component mount
+    $effect(() => {
+        check_clock_drift();
+    });
+</script>
+
+{#if show_alert}
+    <div
+        class="bg-yellow-100 border-yellow-400 drop-shadow-sm p-4 flex flex-col gap-2 border rounded-md"
+    >
+        <span class="text-xl font-bold flex flex-row items-center gap-2 text-yellow-700">
+            <svg
+                class="w-6 h-6 text-yellow-600"
+                aria-hidden="true"
+                xmlns="http://www.w3.org/2000/svg"
+                width="24"
+                height="24"
+                fill="currentColor"
+                viewBox="0 0 24 24"
+            >
+                <path
+                    fill-rule="evenodd"
+                    d="M2 12C2 6.477 6.477 2 12 2s10 4.477 10 10-4.477 10-10 10S2 17.523 2 12Zm11-4a1 1 0 1 0-2 0v4a1 1 0 0 0 .293.707l3 3a1 1 0 0 0 1.414-1.414L13 11.586V8Z"
+                    clip-rule="evenodd"
+                />
+            </svg>
+            Clock Mismatch Detected
+        </span>
+        <p>
+            Rayhunter's clock doesn't match your browser's, and may be incorrect. This can happen if
+            Rayhunter is unable to get the correct time from the internet. Consider synchronizing
+            your browser's clock with the button below, or using another SIM card for better
+            results.
+        </p>
+        <table class="w-fit">
+            <tbody>
+                <tr>
+                    <td class="pr-2">Rayhunter clock (system):</td>
+                    <td class="font-mono">{device_system_time}</td>
+                </tr>
+                {#if has_offset}
+                    <tr>
+                        <td class="pr-2">Rayhunter clock (adjusted):</td>
+                        <td class="font-mono">{device_adjusted_time}</td>
+                    </tr>
+                {/if}
+                <tr>
+                    <td class="pr-2">Browser clock:</td>
+                    <td class="font-mono">{browser_time}</td>
+                </tr>
+            </tbody>
+        </table>
+        <p>Copy browser clock to device?</p>
+        <div class="flex flex-row gap-2 justify-end">
+            <button
+                class="font-medium py-2 px-4 rounded-md border border-gray-400 hover:bg-yellow-200"
+                onclick={dismiss}
+            >
+                Dismiss
+            </button>
+            <ApiRequestButton
+                url="/api/time-offset"
+                label="Sync Clock"
+                loadingLabel="Syncing..."
+                variant="green"
+                jsonBody={{ offset_seconds: computed_offset }}
+                onclick={dismiss}
+                errorMessage="Error syncing clock"
+            />
+        </div>
+    </div>
+{/if}

daemon/web/src/lib/components/ConfigForm.svelte

@@ -1,20 +1,40 @@
 <script lang="ts">
-    import { get_config, set_config, type Config } from '../utils.svelte';
+    import {
+        get_config,
+        set_config,
+        test_notification,
+        get_wifi_status,
+        scan_wifi_networks,
+        type Config,
+        type WifiStatus,
+        type WifiNetwork,
+    } from '../utils.svelte';
+    import Modal from './Modal.svelte';
 
+    let { shown = $bindable() }: { shown: boolean } = $props();
     let config = $state<Config | null>(null);
 
     let loading = $state(false);
     let saving = $state(false);
+    let testingNotification = $state(false);
     let message = $state('');
     let messageType = $state<'success' | 'error' | null>(null);
-    let showConfig = $state(false);
+    let testMessage = $state('');
+    let testMessageType = $state<'success' | 'error' | null>(null);
+    let wifiStatus = $state<WifiStatus | null>(null);
+    let wifiStatusTimer = $state<ReturnType<typeof setInterval> | null>(null);
+    let scanning = $state(false);
+    let scanResults = $state<WifiNetwork[]>([]);
+    let dnsServersInput = $state('');
 
-    async function loadConfig() {
+    async function load_config() {
         try {
             loading = true;
             config = await get_config();
+            dnsServersInput = config.dns_servers ? config.dns_servers.join(', ') : '';
             message = '';
             messageType = null;
+            poll_wifi_status();
         } catch (error) {
             message = `Failed to load config: ${error}`;
             messageType = 'error';
@@ -23,9 +43,18 @@
         }
     }
 
-    async function saveConfig() {
+    async function save_config() {
         if (!config) return;
 
+        const trimmed = dnsServersInput.trim();
+        config.dns_servers =
+            trimmed.length > 0
+                ? trimmed
+                      .split(',')
+                      .map((s) => s.trim())
+                      .filter((s) => s.length > 0)
+                : null;
+
         try {
             saving = true;
             await set_config(config);
@@ -40,32 +69,84 @@
         }
     }
 
-    // Load config when first shown
+    async function poll_wifi_status() {
-    $effect(() => {
+        if (wifiStatusTimer) clearInterval(wifiStatusTimer);
-        if (showConfig && !config) {
+        try {
-            loadConfig();
+            wifiStatus = await get_wifi_status();
+        } catch {
+            wifiStatus = null;
         }
+        wifiStatusTimer = setInterval(async () => {
+            try {
+                wifiStatus = await get_wifi_status();
+            } catch {
+                wifiStatus = null;
+            }
+        }, 5000);
+    }
+
+    let scanError = $state('');
+
+    async function do_scan() {
+        scanning = true;
+        scanError = '';
+        try {
+            scanResults = await scan_wifi_networks();
+        } catch (error) {
+            scanResults = [];
+            scanError = `Scan failed: ${error}`;
+        } finally {
+            scanning = false;
+        }
+    }
+
+    function select_network(network: WifiNetwork) {
+        if (config) {
+            config.wifi_ssid = network.ssid;
+            config.wifi_password = '';
+            config.wifi_security =
+                network.security === 'WPA3' || network.security === 'WPA3 (transition)'
+                    ? 'sae'
+                    : 'wpa_psk';
+            scanResults = [];
+        }
+    }
+
+    async function send_test_notification() {
+        try {
+            testingNotification = true;
+            testMessage = '';
+            testMessageType = null;
+            await test_notification();
+            testMessage = 'Test notification sent successfully!';
+            testMessageType = 'success';
+        } catch (error) {
+            testMessage = `${error}`;
+            testMessageType = 'error';
+        } finally {
+            testingNotification = false;
+        }
+    }
+
+    $effect(() => {
+        if (shown && !config) {
+            load_config();
+        }
+        if (!shown && wifiStatusTimer) {
+            clearInterval(wifiStatusTimer);
+            wifiStatusTimer = null;
+        }
+        return () => {
+            if (wifiStatusTimer) {
+                clearInterval(wifiStatusTimer);
+                wifiStatusTimer = null;
+            }
+        };
     });
 </script>
 
-<div class="bg-white rounded-lg shadow-md p-6 m-4">
+<Modal bind:shown title="Configuration">
-    <button
+    <div class="p-2">
-        class="w-full flex justify-between items-center text-xl font-bold mb-4 text-rayhunter-dark-blue hover:text-rayhunter-blue"
-        onclick={() => (showConfig = !showConfig)}
-    >
-        <span>Configuration</span>
-        <svg
-            class="w-6 h-6 transition-transform {showConfig ? 'rotate-180' : ''}"
-            fill="none"
-            stroke="currentColor"
-            viewBox="0 0 24 24"
-        >
-            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 9l-7 7-7-7"
-            ></path>
-        </svg>
-    </button>
-
-    {#if showConfig}
         {#if loading}
             <div class="text-center py-4">Loading config...</div>
         {:else if config}
@@ -73,7 +154,7 @@
                 class="space-y-4"
                 onsubmit={(e) => {
                     e.preventDefault();
-                    saveConfig();
+                    save_config();
                 }}
             >
                 <div>
@@ -83,13 +164,18 @@
                     <select
                         id="ui_level"
                         bind:value={config.ui_level}
-                        class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-rayhunter-blue"
+                        class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
                     >
                         <option value={0}>0 - Invisible mode</option>
                         <option value={1}>1 - Subtle mode (colored line)</option>
                         <option value={2}>2 - Demo mode (orca gif)</option>
                         <option value={3}>3 - EFF logo</option>
+                        <option value={4}>4 - High visibility (full screen color)</option>
                     </select>
+                    <p class="text-xs text-gray-500 mt-1">
+                        Note: Rayhunter draws over the device's native UI, so some flickering is
+                        expected
+                    </p>
                 </div>
 
                 <div>
@@ -102,11 +188,10 @@
                     <select
                         id="key_input_mode"
                         bind:value={config.key_input_mode}
-                        class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-rayhunter-blue"
+                        class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
                     >
                         <option value={0}>0 - Disable button control</option>
-                        <option value={1}
+                        <option value={1}>1 - Double-tap power button to start new recording</option
-                            >1 - Double-tap power button to start/stop recording</option
                         >
                     </select>
                 </div>
@@ -117,7 +202,7 @@
                             id="colorblind_mode"
                             type="checkbox"
                             bind:checked={config.colorblind_mode}
-                            class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                            class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                         />
                         <label for="colorblind_mode" class="ml-2 block text-sm text-gray-700">
                             Colorblind Mode
@@ -125,7 +210,354 @@
                     </div>
                 </div>
 
-                <div class="border-t pt-4 mt-6">
+                <div class="border-t border-gray-200 pt-4 mt-6 space-y-3">
+                    <h3 class="text-lg font-semibold text-gray-800 mb-4">Notification Settings</h3>
+                    <div>
+                        <label for="ntfy_url" class="block text-sm font-medium text-gray-700 mb-1">
+                            ntfy URL for Sending Notifications (if unset you will not receive
+                            notifications)
+                        </label>
+                        <input
+                            id="ntfy_url"
+                            type="url"
+                            bind:value={config.ntfy_url}
+                            class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                        />
+                        <p class="text-xs text-gray-500 mt-1">
+                            Test button below uses the saved configuration URL, not the input above
+                        </p>
+                    </div>
+
+                    <div>
+                        <button
+                            type="button"
+                            onclick={send_test_notification}
+                            disabled={testingNotification}
+                            class="bg-rayhunter-blue hover:bg-rayhunter-dark-blue disabled:opacity-50 disabled:cursor-not-allowed text-white font-bold py-2 px-4 rounded-md flex flex-row gap-1 items-center"
+                        >
+                            {#if testingNotification}
+                                <div
+                                    class="w-4 h-4 border-2 border-white border-t-transparent rounded-full animate-spin"
+                                ></div>
+                                Sending...
+                            {:else}
+                                <svg
+                                    class="w-4 h-4"
+                                    fill="none"
+                                    stroke="currentColor"
+                                    viewBox="0 0 24 24"
+                                >
+                                    <path
+                                        stroke-linecap="round"
+                                        stroke-linejoin="round"
+                                        stroke-width="2"
+                                        d="M12 19l9 2-9-18-9 18 9-2zm0 0v-8"
+                                    ></path>
+                                </svg>
+                                Send Test Notification
+                            {/if}
+                        </button>
+                        {#if testMessage}
+                            <div
+                                class="mt-2 p-2 rounded-sm text-sm {testMessageType === 'error'
+                                    ? 'bg-red-100 text-red-700'
+                                    : 'bg-green-100 text-green-700'}"
+                            >
+                                {testMessage}
+                            </div>
+                        {/if}
+                    </div>
+
+                    <div class="space-y-2">
+                        <div class="block text-sm font-medium text-gray-700 mb-1">
+                            Enabled Notification Types
+                        </div>
+                        <div class="flex items-center">
+                            <input
+                                type="checkbox"
+                                id="enable_warning_notifications"
+                                value="Warning"
+                                bind:group={config.enabled_notifications}
+                            />
+                            <label
+                                for="enable_warning_notifications"
+                                class="ml-2 block text-sm text-gray-700"
+                            >
+                                Warnings
+                            </label>
+                        </div>
+                        <div class="flex items-center">
+                            <input
+                                type="checkbox"
+                                id="enable_lowbattery_notifications"
+                                value="LowBattery"
+                                bind:group={config.enabled_notifications}
+                            />
+                            <label
+                                for="enable_lowbattery_notifications"
+                                class="ml-2 block text-sm text-gray-700"
+                            >
+                                Low Battery
+                            </label>
+                        </div>
+                    </div>
+                </div>
+
+                <div class="border-t border-gray-200 pt-4 mt-6 space-y-3">
+                    <h3 class="text-lg font-semibold text-gray-800 mb-4">Storage Management</h3>
+
+                    <div>
+                        <label
+                            for="min_space_to_start_recording_mb"
+                            class="block text-sm font-medium text-gray-700 mb-1"
+                        >
+                            Minimum Space to Start Recording (MB)
+                        </label>
+                        <input
+                            id="min_space_to_start_recording_mb"
+                            type="number"
+                            min="1"
+                            bind:value={config.min_space_to_start_recording_mb}
+                            class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                        />
+                        <p class="text-xs text-gray-500 mt-1">
+                            Recording will not start if less than this amount of disk space is free
+                        </p>
+                    </div>
+
+                    <div>
+                        <label
+                            for="min_space_to_continue_recording_mb"
+                            class="block text-sm font-medium text-gray-700 mb-1"
+                        >
+                            Minimum Space to Continue Recording (MB)
+                        </label>
+                        <input
+                            id="min_space_to_continue_recording_mb"
+                            type="number"
+                            min="1"
+                            bind:value={config.min_space_to_continue_recording_mb}
+                            class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                        />
+                        <p class="text-xs text-gray-500 mt-1">
+                            Recording will stop automatically if disk space drops below this level
+                        </p>
+                    </div>
+                </div>
+
+                {#if config.device === 'orbic' || config.device === 'moxee' || config.device === 'tmobile' || config.device === 'wingtech'}
+                    <div class="border-t border-gray-200 pt-4 mt-6 space-y-3">
+                        <h3 class="text-lg font-semibold text-gray-800 mb-4">WiFi Client Mode</h3>
+                        <p class="text-xs text-gray-500">
+                            Connect the device to an existing WiFi network for internet access (e.g.
+                            notifications, remote access). The hotspot AP stays running alongside
+                            WiFi client mode.
+                        </p>
+
+                        <div class="flex items-center">
+                            <input
+                                id="wifi_enabled"
+                                type="checkbox"
+                                bind:checked={config.wifi_enabled}
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
+                            />
+                            <label for="wifi_enabled" class="ml-2 block text-sm text-gray-700">
+                                Enable WiFi
+                            </label>
+                        </div>
+                        <p class="text-xs text-gray-500">
+                            Unchecking stops WiFi without clearing saved credentials.
+                        </p>
+
+                        {#if wifiStatus && config.wifi_enabled}
+                            {#if wifiStatus.state === 'connected'}
+                                <p class="text-xs text-green-600">
+                                    Connected to "{wifiStatus.ssid}" ({wifiStatus.ip})
+                                </p>
+                            {:else if wifiStatus.state === 'connecting'}
+                                <p class="text-xs text-amber-600">Connecting...</p>
+                            {:else if wifiStatus.state === 'recovering'}
+                                <p class="text-xs text-amber-600">Recovering connection...</p>
+                            {:else if wifiStatus.state === 'dataPathDead'}
+                                <p class="text-xs text-amber-600">
+                                    Data path stalled, attempting recovery...
+                                </p>
+                            {:else if wifiStatus.state === 'failed'}
+                                <p class="text-xs text-red-600">
+                                    Failed: {wifiStatus.error}
+                                </p>
+                            {/if}
+                        {/if}
+
+                        <div>
+                            <label
+                                for="wifi_ssid"
+                                class="block text-sm font-medium text-gray-700 mb-1"
+                            >
+                                WiFi Network Name (SSID)
+                            </label>
+                            <div class="flex gap-2">
+                                <input
+                                    id="wifi_ssid"
+                                    type="text"
+                                    bind:value={config.wifi_ssid}
+                                    placeholder="MyWiFiNetwork"
+                                    class="flex-1 px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                                />
+                                <button
+                                    type="button"
+                                    onclick={do_scan}
+                                    disabled={scanning}
+                                    class="px-3 py-2 text-sm bg-gray-100 hover:bg-gray-200 disabled:opacity-50 border border-gray-300 rounded-md"
+                                >
+                                    {scanning ? 'Scanning...' : 'Scan'}
+                                </button>
+                            </div>
+                        </div>
+
+                        {#if scanError}
+                            <p class="text-xs text-red-600">{scanError}</p>
+                        {/if}
+
+                        {#if scanResults.length > 0}
+                            <div
+                                class="border border-gray-200 rounded-md max-h-40 overflow-y-auto divide-y divide-gray-200"
+                            >
+                                {#each scanResults as network}
+                                    <button
+                                        type="button"
+                                        class="w-full px-3 py-2 text-left text-sm hover:bg-gray-50 flex justify-between"
+                                        onclick={() => select_network(network)}
+                                    >
+                                        <span>{network.ssid}</span>
+                                        <span class="text-gray-400"
+                                            >{network.signal_dbm} dBm &middot; {network.security}</span
+                                        >
+                                    </button>
+                                {/each}
+                            </div>
+                        {/if}
+
+                        {#if config.wifi_ssid}
+                            <div>
+                                <label
+                                    for="wifi_security"
+                                    class="block text-sm font-medium text-gray-700 mb-1"
+                                >
+                                    Security Type
+                                </label>
+                                <select
+                                    id="wifi_security"
+                                    bind:value={config.wifi_security}
+                                    class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                                >
+                                    <option value="wpa_psk">WPA2 (WPA-PSK)</option>
+                                    <option value="sae">WPA3 (SAE)</option>
+                                </select>
+                            </div>
+                        {/if}
+
+                        <div>
+                            <label
+                                for="wifi_password"
+                                class="block text-sm font-medium text-gray-700 mb-1"
+                            >
+                                WiFi Password
+                            </label>
+                            <input
+                                id="wifi_password"
+                                type="password"
+                                bind:value={config.wifi_password}
+                                placeholder="Enter password"
+                                class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                            />
+                            <p class="text-xs text-gray-500 mt-1">
+                                Changing the network requires re-entering the password.
+                            </p>
+                        </div>
+
+                        {#if config.wifi_ssid}
+                            <div>
+                                <label
+                                    for="dns_servers"
+                                    class="block text-sm font-medium text-gray-700 mb-1"
+                                >
+                                    DNS Servers
+                                </label>
+                                <input
+                                    id="dns_servers"
+                                    type="text"
+                                    bind:value={dnsServersInput}
+                                    placeholder="9.9.9.9, 149.112.112.112"
+                                    class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                                />
+                                <p class="text-xs text-gray-500 mt-1">
+                                    Comma-separated. Used when WiFi is active. Defaults to 9.9.9.9,
+                                    149.112.112.112 (Quad9).
+                                </p>
+                            </div>
+                        {/if}
+                    </div>
+                {/if}
+
+                <div class="border-t border-gray-200 pt-4 mt-6 space-y-3">
+                    <h3 class="text-lg font-semibold text-gray-800 mb-4">Device Security</h3>
+
+                    <div class="flex items-center">
+                        <input
+                            id="firewall_restrict_outbound"
+                            type="checkbox"
+                            bind:checked={config.firewall_restrict_outbound}
+                            class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
+                        />
+                        <label
+                            for="firewall_restrict_outbound"
+                            class="ml-2 block text-sm text-gray-700"
+                        >
+                            Restrict outbound traffic
+                        </label>
+                    </div>
+                    <p class="text-xs text-gray-500">
+                        Only allows DNS, DHCP, and HTTPS (port 443) outbound. Blocks all other
+                        outbound connections on every interface (WiFi and cellular). Loopback and
+                        hotspot traffic are always allowed. Changes take effect immediately.
+                    </p>
+
+                    {#if config.firewall_restrict_outbound}
+                        <div>
+                            <label
+                                for="firewall_allowed_ports"
+                                class="block text-sm font-medium text-gray-700 mb-1"
+                            >
+                                Additional Allowed Ports
+                            </label>
+                            <input
+                                id="firewall_allowed_ports"
+                                type="text"
+                                value={config.firewall_allowed_ports
+                                    ? config.firewall_allowed_ports.join(', ')
+                                    : ''}
+                                oninput={(e) => {
+                                    const val = (e.target as HTMLInputElement).value.trim();
+                                    config!.firewall_allowed_ports =
+                                        val.length > 0
+                                            ? val
+                                                  .split(',')
+                                                  .map((s) => parseInt(s.trim()))
+                                                  .filter((n) => !isNaN(n) && n >= 1 && n <= 65535)
+                                            : null;
+                                }}
+                                placeholder="22, 80"
+                                class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                            />
+                            <p class="text-xs text-gray-500 mt-1">
+                                Comma-separated TCP ports, e.g. 22, 80
+                            </p>
+                        </div>
+                    {/if}
+                </div>
+
+                <div class="border-t border-gray-200 pt-4 mt-6">
                     <h3 class="text-lg font-semibold text-gray-800 mb-4">
                         Analyzer Heuristic Settings
                     </h3>
@@ -135,7 +567,7 @@
                                 id="imsi_requested"
                                 type="checkbox"
                                 bind:checked={config.analyzers.imsi_requested}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
                             <label for="imsi_requested" class="ml-2 block text-sm text-gray-700">
                                 IMSI Requested Heuristic
@@ -147,7 +579,7 @@
                                 id="connection_redirect_2g_downgrade"
                                 type="checkbox"
                                 bind:checked={config.analyzers.connection_redirect_2g_downgrade}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
                             <label
                                 for="connection_redirect_2g_downgrade"
@@ -162,7 +594,7 @@
                                 id="lte_sib6_and_7_downgrade"
                                 type="checkbox"
                                 bind:checked={config.analyzers.lte_sib6_and_7_downgrade}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
                             <label
                                 for="lte_sib6_and_7_downgrade"
@@ -177,7 +609,7 @@
                                 id="null_cipher"
                                 type="checkbox"
                                 bind:checked={config.analyzers.null_cipher}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
                             <label for="null_cipher" class="ml-2 block text-sm text-gray-700">
                                 Null Cipher Heuristic
@@ -189,7 +621,7 @@
                                 id="nas_null_cipher"
                                 type="checkbox"
                                 bind:checked={config.analyzers.nas_null_cipher}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
                             <label for="nas_null_cipher" class="ml-2 block text-sm text-gray-700">
                                 NAS Null Cipher Heuristic
@@ -201,12 +633,38 @@
                                 id="incomplete_sib"
                                 type="checkbox"
                                 bind:checked={config.analyzers.incomplete_sib}
-                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded"
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
                             />
-                            <label for="nas_null_cipher" class="ml-2 block text-sm text-gray-700">
+                            <label for="incomplete_sib" class="ml-2 block text-sm text-gray-700">
                                 Incomplete SIB Heuristic
                             </label>
                         </div>
+
+                        <div class="flex items-center">
+                            <input
+                                id="test_analyzer"
+                                type="checkbox"
+                                bind:checked={config.analyzers.test_analyzer}
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
+                            />
+                            <label for="test_analyzer" class="ml-2 block text-sm text-gray-700">
+                                Test Heuristic (noisy!)
+                            </label>
+                        </div>
+                        <div class="flex items-center">
+                            <input
+                                id="diagnostic_analyzer"
+                                type="checkbox"
+                                bind:checked={config.analyzers.diagnostic_analyzer}
+                                class="h-4 w-4 text-rayhunter-blue focus:ring-rayhunter-blue border-gray-300 rounded-sm"
+                            />
+                            <label
+                                for="diagnostic_analyzer"
+                                class="ml-2 block text-sm text-gray-700"
+                            >
+                                Diagnostic Analyzer
+                            </label>
+                        </div>
                     </div>
                 </div>
 
@@ -242,7 +700,7 @@
             </form>
             {#if message}
                 <div
-                    class="mt-4 p-3 rounded {messageType === 'error'
+                    class="mt-4 p-3 rounded-sm {messageType === 'error'
                         ? 'bg-red-100 text-red-700'
                         : 'bg-green-100 text-green-700'}"
                 >
@@ -254,5 +712,5 @@
                 Failed to load configuration. Please try reloading the page.
             </div>
         {/if}
-    {/if}
+    </div>
-</div>
+</Modal>

daemon/web/src/lib/components/DeleteAllButton.svelte

@@ -5,7 +5,8 @@
 <div class="flex flex-row justify-end gap-2">
     <DeleteButton
         text="Delete ALL Recordings"
-        prompt={`Are you sure you want to delete ALL recordings?`}
+        prompt="Are you sure you want to delete ALL recordings?"
-        url={`/api/delete-all-recordings`}
+        url="/api/delete-all-recordings"
+        name="all recodings"
     />
 </div>

daemon/web/src/lib/components/DeleteButton.svelte

@@ -1,25 +1,27 @@
 <script lang="ts">
-    import { req } from '$lib/utils.svelte';
+    import { user_action_req } from '$lib/utils.svelte';
     let {
         text,
         url,
         prompt,
+        name,
     }: {
         text?: string;
         url: string;
         prompt: string;
+        name: string;
     } = $props();
 
-    function confirmDelete() {
+    function confirm_delete() {
         if (window.confirm(prompt)) {
-            req('POST', url);
+            user_action_req('POST', url, 'Unable to delete recording ' + name);
         }
     }
 </script>
 
 <button
-    class="bg-red-500 hover:bg-red-700 text-white font-bold py-2 px-4 rounded-md flex flex-row"
+    class="bg-red-500 hover:bg-red-700 text-white font-bold py-2 px-2 sm:px-4 rounded-md flex flex-row"
-    onclick={confirmDelete}
+    onclick={confirm_delete}
     aria-label="delete"
 >
     <p>{text}</p>

daemon/web/src/lib/components/DownloadLink.svelte

@@ -8,20 +8,16 @@
         text: string;
         full_button?: boolean;
     } = $props();
-
-    function download() {
-        window.location.href = url;
-    }
 </script>
 
-<button
+<a
+    href={url}
     class="flex flex-row {full_button
-        ? 'bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded-md'
+        ? 'bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-2 sm:px-4 rounded-md'
         : 'text-blue-600 underline'}"
-    onclick={download}
 >
     {text}
     <svg class="fill-current w-4 h-4 m-1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
         <path d="M13 8V2H7v6H2l8 8 8-8h-5zM0 18h20v2H0v-2z" />
     </svg>
-</button>
+</a>

daemon/web/src/lib/components/LogView.svelte

@@ -0,0 +1,28 @@
+<script lang="ts">
+    import { get_logs } from '$lib/utils.svelte';
+    import Modal from './Modal.svelte';
+
+    let { shown = $bindable() }: { shown: boolean } = $props();
+    let content: string | undefined = $state(undefined);
+
+    $effect(() => {
+        const interval = setInterval(async () => {
+            try {
+                if (content !== undefined && (document.hidden || !shown)) {
+                    return;
+                }
+                content = await get_logs();
+            } catch (error) {
+                console.log(error);
+            }
+        }, 1000);
+
+        return () => clearInterval(interval);
+    });
+</script>
+
+<Modal bind:shown title="Logs">
+    <div class="bg-gray-100 border border-gray-100 rounded-md overflow-scroll">
+        <pre class="m-2">{content}</pre>
+    </div>
+</Modal>

daemon/web/src/lib/components/ManifestCard.svelte

@@ -1,5 +1,6 @@
 <script lang="ts">
     import { ManifestEntry } from '$lib/manifest.svelte';
+    import { AnalysisManager } from '$lib/analysisManager.svelte';
     import DownloadLink from '$lib/components/DownloadLink.svelte';
     import DeleteButton from '$lib/components/DeleteButton.svelte';
     import AnalysisStatus from './AnalysisStatus.svelte';
@@ -9,10 +10,12 @@
         entry,
         current,
         server_is_recording,
+        manager,
     }: {
         entry: ManifestEntry;
         current: boolean;
         server_is_recording: boolean;
+        manager: AnalysisManager;
     } = $props();
 
     // passing `undefined` as the locale uses the browser default
@@ -41,7 +44,7 @@
 </script>
 
 <div
-    class="{status_row_color} {status_border_color} drop-shadow p-4 flex flex-col gap-2 border rounded-md flex-1"
+    class="{status_row_color} {status_border_color} drop-shadow-sm p-4 flex flex-col gap-2 border rounded-md flex-1 overflow-x-auto overflow-y-hidden"
 >
     {#if current}
         <div class="flex flex-row justify-between gap-2">
@@ -78,7 +81,12 @@
                 'N/A'}</span
         >
     </div>
-    <div class="flex flex-row justify-between lg:justify-end gap-2 mt-2">
+    {#if entry.stop_reason}
+        <div class="bg-yellow-50 border border-yellow-300 rounded-sm p-2 text-yellow-800 text-sm">
+            {entry.stop_reason}
+        </div>
+    {/if}
+    <div class="flex flex-row justify-between lg:justify-end gap-1 mt-2 overflow-x-auto">
         <DownloadLink url={entry.get_pcap_url()} text="pcap" full_button />
         <DownloadLink url={entry.get_qmdl_url()} text="qmdl" full_button />
         <DownloadLink url={entry.get_zip_url()} text="zip" full_button />
@@ -88,10 +96,11 @@
             <DeleteButton
                 prompt={`Are you sure you want to delete entry ${entry.name}?`}
                 url={entry.get_delete_url()}
+                name={entry.name}
             />
         {/if}
     </div>
-    <div class="border-b {analysis_visible ? '' : 'hidden'}">
+    <div class="border-b border-gray-200 {analysis_visible ? '' : 'hidden'}">
-        <AnalysisView {entry} />
+        <AnalysisView {entry} {manager} {current} />
     </div>
 </div>

daemon/web/src/lib/components/ManifestTable.svelte

@@ -1,38 +1,42 @@
 <script lang="ts">
     import { ManifestEntry } from '$lib/manifest.svelte';
+    import { AnalysisManager } from '$lib/analysisManager.svelte';
+    import { screenIsLgUp } from '$lib/stores/breakpoint';
     import TableRow from './ManifestTableRow.svelte';
     import Card from './ManifestCard.svelte';
     interface Props {
         entries: ManifestEntry[];
         server_is_recording: boolean;
+        manager: AnalysisManager;
     }
-    let { entries, server_is_recording }: Props = $props();
+    let { entries, server_is_recording, manager }: Props = $props();
 </script>
 
 <!--For larger screens we use a table-->
-<table class="hidden table-auto text-left lg:table">
+{#if $screenIsLgUp}
-    <thead>
+    <table class="table-auto text-left table">
-        <tr class="bg-gray-100 drop-shadow">
+        <thead>
-            <th class="p-2" scope="col">ID</th>
+            <tr class="bg-gray-100 drop-shadow-sm">
-            <th class="p-2" scope="col">Started</th>
+                <th class="p-2" scope="col">ID</th>
-            <th class="p-2" scope="col">Last Message</th>
+                <th class="p-2" scope="col">Started</th>
-            <th class="p-2" scope="col">Size</th>
+                <th class="p-2" scope="col">Last Message</th>
-            <th class="p-2" scope="col">PCAP</th>
+                <th class="p-2" scope="col">Size</th>
-            <th class="p-2" scope="col">QMDL</th>
+                <th class="p-2" scope="col">Download</th>
-            <th class="p-2" scope="col">ZIP</th>
+                <th class="p-2" scope="col">Analysis</th>
-            <th class="p-2" scope="col">Analysis</th>
+                <th class="p-2" scope="col"></th>
-            <th class="p-2" scope="col"></th>
+            </tr>
-        </tr>
+        </thead>
-    </thead>
+        <tbody>
-    <tbody>
+            {#each entries as entry, i}
-        {#each entries as entry, i}
+                <TableRow {entry} current={false} {i} {manager} />
-            <TableRow {entry} current={false} {i} />
+            {/each}
+        </tbody>
+    </table>
+{:else}
+    <!--For smaller screens we use cards-->
+    <div class="flex flex-col gap-4">
+        {#each entries as entry}
+            <Card {entry} current={false} {server_is_recording} {manager} />
         {/each}
-    </tbody>
+    </div>
-</table>
+{/if}
-<!--For smaller screens we use cards-->
-<div class="lg:hidden flex flex-col gap-4">
-    {#each entries as entry}
-        <Card {entry} current={false} {server_is_recording} />
-    {/each}
-</div>

daemon/web/src/lib/components/ManifestTableRow.svelte

@@ -1,5 +1,6 @@
 <script lang="ts">
     import { ManifestEntry } from '$lib/manifest.svelte';
+    import { AnalysisManager } from '$lib/analysisManager.svelte';
     import DownloadLink from '$lib/components/DownloadLink.svelte';
     import DeleteButton from '$lib/components/DeleteButton.svelte';
     import AnalysisStatus from './AnalysisStatus.svelte';
@@ -8,10 +9,12 @@
         entry,
         current,
         i,
+        manager,
     }: {
         entry: ManifestEntry;
         current: boolean;
         i: number;
+        manager: AnalysisManager;
     } = $props();
 
     // passing `undefined` as the locale uses the browser default
@@ -33,16 +36,20 @@
     }
 </script>
 
-<tr class="{status_row_color} drop-shadow">
+<tr class="{status_row_color} drop-shadow-sm">
     <td class="p-2">{entry.name}</td>
     <td class="p-2">{date_formatter.format(entry.start_time)}</td>
     <td class="p-2"
         >{(entry.last_message_time && date_formatter.format(entry.last_message_time)) || 'N/A'}</td
     >
     <td class="p-2">{entry.get_readable_qmdl_size()}</td>
-    <td class="p-2"><DownloadLink url={entry.get_pcap_url()} text="pcap" /></td>
+    <td class="p-2">
-    <td class="p-2"><DownloadLink url={entry.get_qmdl_url()} text="qmdl" /></td>
+        <div class="flex flex-row gap-2">
-    <td class="p-2"><DownloadLink url={entry.get_zip_url()} text="zip" /></td>
+            <DownloadLink url={entry.get_pcap_url()} text="pcap" />
+            <DownloadLink url={entry.get_qmdl_url()} text="qmdl" />
+            <DownloadLink url={entry.get_zip_url()} text="zip" />
+        </div>
+    </td>
     <td class="p-2"
         ><AnalysisStatus onclick={toggle_analysis_visibility} {entry} {analysis_visible} /></td
     >
@@ -53,12 +60,13 @@
             <DeleteButton
                 prompt={`Are you sure you want to delete entry ${entry.name}?`}
                 url={entry.get_delete_url()}
+                name={entry.name}
             />
         </td>
     {/if}
 </tr>
-<tr class="{alternating_row_color} border-b {analysis_visible ? '' : 'hidden'}">
+<tr class="{alternating_row_color} border-b border-gray-200 {analysis_visible ? '' : 'hidden'}">
-    <td class="border-t border-dashed p-2" colspan="9">
+    <td class="border-t border-gray-200 border-dashed p-2" colspan="9">
-        <AnalysisView {entry} />
+        <AnalysisView {entry} {manager} {current} />
     </td>
 </tr>

daemon/web/src/lib/components/Modal.svelte

@@ -0,0 +1,64 @@
+<script lang="ts">
+    import type { Snippet } from 'svelte';
+    import { onMount } from 'svelte';
+
+    let {
+        shown = $bindable(),
+        title,
+        children,
+    }: { shown: boolean; title: string; children: Snippet } = $props();
+
+    onMount(() => {
+        const handler = () => {
+            document.documentElement.style.setProperty('--scroll-y', `${window.scrollY}px`);
+        };
+        window.addEventListener('scroll', handler);
+        return () => window.removeEventListener('scroll', handler);
+    });
+
+    $effect(() => {
+        if (shown) {
+            const scrollY = document.documentElement.style.getPropertyValue('--scroll-y');
+            const body = document.body;
+            body.style.position = 'fixed';
+            body.style.top = `-${scrollY}`;
+        } else {
+            const body = document.body;
+            const scrollY = body.style.top;
+            body.style.position = '';
+            body.style.top = '';
+            window.scrollTo(0, parseInt(scrollY || '0') * -1);
+        }
+    });
+</script>
+
+{#if shown}
+    <div
+        class="fixed left-5 right-5 top-5 bottom-5 z-50 bg-white border border-white rounded-md
+		flex flex-col p-2 drop-shadow-sm"
+    >
+        <div class="flex justify-between items-center p-1">
+            <span class="text-2xl">{title}</span>
+            <button onclick={() => (shown = false)} aria-label="close">
+                <svg
+                    xmlns="http://www.w3.org/2000/svg"
+                    aria-hidden="true"
+                    width="24"
+                    height="24"
+                    fill="currentColor"
+                    viewBox="0 0 24 24"
+                >
+                    <path
+                        fill-rule="evenodd"
+                        clip-rule="evenodd"
+                        d="M5.29289 5.29289C5.68342 4.90237 6.31658 4.90237 6.70711 5.29289L12 10.5858L17.2929 5.29289C17.6834 4.90237 18.3166 4.90237 18.7071 5.29289C19.0976 5.68342 19.0976 6.31658 18.7071 6.70711L13.4142 12L18.7071 17.2929C19.0976 17.6834 19.0976 18.3166 18.7071 18.7071C18.3166 19.0976 17.6834 19.0976 17.2929 18.7071L12 13.4142L6.70711 18.7071C6.31658 19.0976 5.68342 19.0976 5.29289 18.7071C4.90237 18.3166 4.90237 17.6834 5.29289 17.2929L10.5858 12L5.29289 6.70711C4.90237 6.31658 4.90237 5.68342 5.29289 5.29289Z"
+                        fill="#0F1729"
+                    />
+                </svg>
+            </button>
+        </div>
+        <div class="overflow-y-auto flex-1">
+            {@render children()}
+        </div>
+    </div>
+{/if}

daemon/web/src/lib/components/ReAnalyzeButton.svelte

@@ -0,0 +1,48 @@
+<script lang="ts">
+    import ApiRequestButton from './ApiRequestButton.svelte';
+    import { AnalysisStatus, AnalysisManager } from '$lib/analysisManager.svelte';
+    import type { ManifestEntry } from '$lib/manifest.svelte';
+
+    let {
+        entry,
+        manager,
+    }: {
+        entry: ManifestEntry;
+        manager: AnalysisManager;
+    } = $props();
+
+    let url = $derived(entry.get_reanalyze_url());
+    let entry_name = $derived(entry.name);
+    let analysis_status = $derived(entry.analysis_status);
+
+    let is_processing = $derived(
+        analysis_status === AnalysisStatus.Queued || analysis_status === AnalysisStatus.Running
+    );
+
+    async function handle_re_analyze() {
+        // Update the entry directly for immediate UI feedback
+        entry.analysis_status = AnalysisStatus.Queued;
+        entry.analysis_report = undefined;
+        manager.set_queued_status(entry_name);
+    }
+</script>
+
+<ApiRequestButton
+    {url}
+    label="Re-analyze"
+    loadingLabel="Analyzing..."
+    disabled={is_processing}
+    variant="blue"
+    onclick={handle_re_analyze}
+    ariaLabel="re-analyze"
+    errorMessage="Error re-analyzing recoding"
+>
+    {#snippet icon()}
+        <svg style="width:20px;height:20px" viewBox="0 0 24 24">
+            <path
+                fill="white"
+                d="M12,18A6,6 0 0,1 6,12C6,11 6.25,10.03 6.7,9.2L5.24,7.74C4.46,8.97 4,10.43 4,12A8,8 0 0,0 12,20V23L16,19L12,15M12,4V1L8,5L12,9V6A6,6 0 0,1 18,12C18,13 17.75,13.97 17.3,14.8L18.76,16.26C19.54,15.03 20,13.57 20,12A8,8 0 0,0 12,4Z"
+            />
+        </svg>
+    {/snippet}
+</ApiRequestButton>

daemon/web/src/lib/components/RecordingControls.svelte

@@ -1,100 +1,60 @@
 <script lang="ts">
-    import { req } from '$lib/utils.svelte';
+    import ApiRequestButton from './ApiRequestButton.svelte';
     let {
         server_is_recording,
     }: {
         server_is_recording: boolean;
     } = $props();
-
-    let client_set_recording = $state(server_is_recording);
-    let waiting_for_server = $derived(client_set_recording !== server_is_recording);
-
-    async function start_recording() {
-        await req('POST', '/api/start-recording');
-        client_set_recording = true;
-    }
-
-    async function stop_recording() {
-        await req('POST', '/api/stop-recording');
-        client_set_recording = false;
-    }
-
-    const recording_button_classes =
-        'text-white font-bold py-2 px-4 rounded-md flex flex-row gap-1';
-    const stop_recording_classes = `${recording_button_classes} bg-red-500 opacity-50 cursor-not-allowed`;
-    const start_recording_classes = `${recording_button_classes} bg-blue-500 opacity-50 cursor-not-allowed`;
 </script>
 
 <div>
-    {#if waiting_for_server}
+    {#if server_is_recording}
-        <button
+        <ApiRequestButton
-            class={server_is_recording ? stop_recording_classes : start_recording_classes}
+            url="/api/stop-recording"
-            disabled
+            label="Stop"
+            variant="red"
+            errorMessage="Error stoppping recording"
         >
-            <span>{server_is_recording ? 'Stopping...' : 'Starting...'}</span>
+            {#snippet icon()}
-            <svg
+                <svg
-                class="w-4 h-4 text-white animate-spin"
+                    class="w-6 h-6 text-white"
-                xmlns="http://www.w3.org/2000/svg"
+                    aria-hidden="true"
-                fill="none"
+                    xmlns="http://www.w3.org/2000/svg"
-                viewBox="0 0 24 24"
+                    width="24"
-            >
+                    height="24"
-                <circle
-                    class="opacity-25"
-                    cx="12"
-                    cy="12"
-                    r="10"
-                    stroke="currentColor"
-                    stroke-width="4"
-                ></circle>
-                <path
-                    class="opacity-75"
                     fill="currentColor"
-                    d="m4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+                    viewBox="0 0 24 24"
-                ></path>
+                >
-            </svg>
+                    <path
-        </button>
+                        d="M7 5a2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h10a2 2 0 0 0 2-2V7a2 2 0 0 0-2-2H7Z"
-    {:else if server_is_recording}
+                    />
-        <button
+                </svg>
-            class="{recording_button_classes} bg-red-500 hover:bg-red-700"
+            {/snippet}
-            onclick={stop_recording}
+        </ApiRequestButton>
-        >
-            <span>Stop</span>
-            <svg
-                class="w-6 h-6 text-white"
-                aria-hidden="true"
-                xmlns="http://www.w3.org/2000/svg"
-                width="24"
-                height="24"
-                fill="currentColor"
-                viewBox="0 0 24 24"
-            >
-                <path d="M7 5a2 2 0 0 0-2 2v10a2 2 0 0 0 2 2h10a2 2 0 0 0 2-2V7a2 2 0 0 0-2-2H7Z" />
-            </svg>
-        </button>
     {:else}
-        <button
+        <ApiRequestButton
-            class="{recording_button_classes} bg-blue-500 hover:bg-blue-700"
+            url="/api/start-recording"
-            onclick={start_recording}
+            label="Start"
+            variant="blue"
+            errorMessage="Error starting recording"
         >
-            <span>Start</span>
+            {#snippet icon()}
-            <svg
+                <svg
-                class="w-6 h-6 text-white"
+                    class="w-6 h-6 text-white"
-                aria-hidden="true"
+                    aria-hidden="true"
-                xmlns="http://www.w3.org/2000/svg"
+                    xmlns="http://www.w3.org/2000/svg"
-                width="24"
+                    width="24"
-                height="24"
+                    height="24"
-                fill="currentColor"
+                    fill="currentColor"
-                viewBox="0 0 24 24"
+                    viewBox="0 0 24 24"
-            >
+                >
-                <path
+                    <path
-                    fill-rule="evenodd"
+                        fill-rule="evenodd"
-                    d="M8.6 5.2A1 1 0 0 0 7 6v12a1 1 0 0 0 1.6.8l8-6a1 1 0 0 0 0-1.6l-8-6Z"
+                        d="M8.6 5.2A1 1 0 0 0 7 6v12a1 1 0 0 0 1.6.8l8-6a1 1 0 0 0 0-1.6l-8-6Z"
-                    clip-rule="evenodd"
+                        clip-rule="evenodd"
-                />
+                    />
-            </svg>
+                </svg>
-        </button>
+            {/snippet}
+        </ApiRequestButton>
     {/if}
 </div>
-
-<style>
-</style>

daemon/web/src/lib/components/SystemStatsTable.svelte

@@ -6,32 +6,116 @@
         stats: SystemStats;
     } = $props();
 
-    const table_cell_classes = 'border p-1 lg:p-2';
+    const table_cell_classes = 'border border-gray-200 p-1 lg:p-2';
+
+    let battery_level = $derived(stats.battery_status ? stats.battery_status.level : 0);
+    let bar_color = $derived.by(() => {
+        if (stats.battery_status === undefined) {
+            return '';
+        }
+        if (battery_level <= 10) {
+            return 'fill-red-500';
+        }
+        if (battery_level <= 25) {
+            return 'fill-yellow-300';
+        }
+        return 'fill-green-500';
+    });
+    let title_text = $derived.by(() => {
+        if (stats.battery_status === undefined) {
+            return 'Rayhunter does not yet support displaying the battery level for this device.';
+        }
+
+        let text = `Battery is ${stats.battery_status.level}% full`;
+
+        if (stats.battery_status.is_plugged_in) {
+            text += ' and plugged in';
+        }
+        return text;
+    });
 </script>
 
 <div
-    class="flex-1 drop-shadow p-4 flex flex-col gap-2 border rounded-md bg-gray-100 border-gray-100"
+    class="flex-1 drop-shadow-sm p-4 flex flex-col gap-2 border rounded-md bg-gray-100 border-gray-100"
 >
     <p class="text-xl mb-2">System Information</p>
-    <table class="table-auto border">
+    <table class="table-auto border border-gray-200">
         <tbody>
-            <tr class="border">
+            <tr class="border border-gray-200">
                 <th class={table_cell_classes}> Rayhunter Version </th>
                 <td class={table_cell_classes}>{stats.runtime_metadata.rayhunter_version}</td>
             </tr>
-            <tr class="border">
+            <tr class="border border-gray-200">
                 <th class={table_cell_classes}> Storage </th>
                 <td class={table_cell_classes}>
                     {stats.disk_stats.used_percent} used ({stats.disk_stats.used_size} used / {stats
                         .disk_stats.available_size} available)
                 </td>
             </tr>
-            <tr class="border-b">
+            <tr class="border-b border-gray-200">
                 <th class={table_cell_classes}> Memory (RAM) </th>
                 <td class={table_cell_classes}>
                     Free: {stats.memory_stats.free}, Used: {stats.memory_stats.used}
                 </td>
             </tr>
+            <tr class="border-b border-gray-200">
+                <th class={table_cell_classes}> Battery </th>
+                <td class={table_cell_classes}>
+                    <svg
+                        width="80"
+                        height="30"
+                        viewBox="0 0 80 30"
+                        role="img"
+                        xmlns="http://www.w3.org/2000/svg"
+                        class="battery-icon"
+                    >
+                        <title>{title_text}</title>
+                        <!-- Battery body -->
+                        <rect
+                            class="fill-none stroke-neutral-800 stroke-2"
+                            width="70"
+                            height="30"
+                            rx="3"
+                            ry="3"
+                        />
+                        <!-- Battery terminal -->
+                        <rect
+                            class="fill-neutral-800"
+                            x="70"
+                            y="7"
+                            width="8"
+                            height="16"
+                            rx="2"
+                            ry="2"
+                        />
+                        <!-- Battery charge bar -->
+                        <rect
+                            class={bar_color}
+                            x="2"
+                            y="2"
+                            height="26"
+                            rx="2"
+                            ry="2"
+                            style="width: {battery_level * 0.66}px;"
+                        />
+                        {#if stats.battery_status && stats.battery_status.is_plugged_in}
+                            <!-- Lightning bolt icon -->
+                            <path
+                                class="fill-yellow-300 stroke-neutral-800 stroke-1"
+                                d="M38 3 L28 17 L34 17 L30 27 L40 13 L34 13 Z"
+                            />
+                        {/if}
+                        {#if !stats.battery_status}
+                            <!-- Question mark icon -->
+                            <text
+                                class="fill-neutral-500 text-[20px] font-bold [text-anchor:middle] [dominant-baseline:central]"
+                                x="35"
+                                y="15">?</text
+                            >
+                        {/if}
+                    </svg>
+                </td>
+            </tr>
         </tbody>
     </table>
 </div>

daemon/web/src/lib/manifest.svelte.ts

@@ -11,6 +11,7 @@ interface JsonManifestEntry {
     start_time: string;
     last_message_time: string;
     qmdl_size_bytes: number;
+    stop_reason: string | null;
 }
 
 export class Manifest {
@@ -57,6 +58,7 @@ export class ManifestEntry {
     public analysis_size_bytes = $state(0);
     public analysis_status: AnalysisStatus | undefined = $state(undefined);
     public analysis_report: AnalysisReport | string | undefined = $state(undefined);
+    public stop_reason: string | undefined = $state(undefined);
 
     constructor(json: JsonManifestEntry) {
         this.name = json.name;
@@ -65,6 +67,9 @@ export class ManifestEntry {
         if (json.last_message_time) {
             this.last_message_time = new Date(json.last_message_time);
         }
+        if (json.stop_reason) {
+            this.stop_reason = json.stop_reason;
+        }
     }
 
     get_readable_qmdl_size(): string {
@@ -102,4 +107,8 @@ export class ManifestEntry {
     get_delete_url(): string {
         return `/api/delete-recording/${this.name}`;
     }
+
+    get_reanalyze_url(): string {
+        return `/api/analysis/${this.name}`;
+    }
 }

daemon/web/src/lib/ndjson.ts

@@ -19,7 +19,9 @@ export function parse_ndjson(input: string): NewlineDeliminatedJson {
             // however, if we've reached the end of the input, that means we
             // were given invalid nd-json
             if (lines.length === 0) {
-                throw new Error(`unable to parse invalid nd-json: ${e}, "${current_line}"`);
+                throw new Error(`unable to parse invalid nd-json: ${e}, "${current_line}"`, {
+                    cause: e,
+                });
             }
         }
     }

daemon/web/src/lib/stores/breakpoint.ts

@@ -0,0 +1,29 @@
+// stores/breakpoint.ts
+import { readable, type Readable } from 'svelte/store';
+import { breakpoints } from '../../theme';
+
+type Breakpoint = keyof typeof breakpoints;
+
+// Store that tracks if a specific breakpoint matches
+export function create_breakpoint_store(breakpoint: Breakpoint): Readable<boolean> {
+    return readable<boolean>(false, (set) => {
+        const width = breakpoints[breakpoint];
+        const mediaQuery = window.matchMedia(`(min-width: ${width})`);
+
+        // Set initial value
+        set(mediaQuery.matches);
+
+        // Update on change
+        const handler = (e: MediaQueryListEvent) => set(e.matches);
+        mediaQuery.addEventListener('change', handler);
+
+        // Cleanup
+        return () => mediaQuery.removeEventListener('change', handler);
+    });
+}
+
+// Create stores for each breakpoint
+export const screenIsSmUp: Readable<boolean> = create_breakpoint_store('sm');
+export const screenIsMdUp: Readable<boolean> = create_breakpoint_store('md');
+export const screenIsLgUp: Readable<boolean> = create_breakpoint_store('lg');
+export const screenIsXlUp: Readable<boolean> = create_breakpoint_store('xl');

daemon/web/src/lib/systemStats.ts

@@ -2,6 +2,7 @@ export interface SystemStats {
     disk_stats: DiskStats;
     memory_stats: MemoryStats;
     runtime_metadata: RuntimeMetadata;
+    battery_status?: BatteryStatus;
 }
 
 export interface RuntimeMetadata {
@@ -17,6 +18,7 @@ export interface DiskStats {
     available_size: string;
     used_percent: string;
     mounted_on: string;
+    available_bytes?: number;
 }
 
 export interface MemoryStats {
@@ -24,3 +26,8 @@ export interface MemoryStats {
     used: string;
     free: string;
 }
+
+export interface BatteryStatus {
+    level: number;
+    is_plugged_in: boolean;
+}

daemon/web/src/lib/utils.svelte.ts

@@ -1,3 +1,4 @@
+import { add_error } from './action_errors.svelte';
 import { Manifest } from './manifest.svelte';
 import type { SystemStats } from './systemStats';
 
@@ -8,24 +9,84 @@ export interface AnalyzerConfig {
     null_cipher: boolean;
     nas_null_cipher: boolean;
     incomplete_sib: boolean;
+    test_analyzer: boolean;
+    diagnostic_analyzer: boolean;
+}
+
+export enum enabled_notifications {
+    Warning = 'Warning',
+    LowBattery = 'LowBattery',
 }
 
 export interface Config {
+    device: string;
     ui_level: number;
     colorblind_mode: boolean;
     key_input_mode: number;
+    ntfy_url: string;
+    enabled_notifications: enabled_notifications[];
     analyzers: AnalyzerConfig;
+    min_space_to_start_recording_mb: number;
+    min_space_to_continue_recording_mb: number;
+    wifi_ssid: string | null;
+    wifi_password: string | null;
+    wifi_security: 'wpa_psk' | 'sae' | null;
+    wifi_enabled: boolean;
+    dns_servers: string[] | null;
+    firewall_restrict_outbound: boolean;
+    firewall_allowed_ports: number[] | null;
 }
 
-export async function req(method: string, url: string): Promise<string> {
+export interface WifiStatus {
-    const response = await fetch(url, {
+    state: string;
-        method: method,
+    ssid?: string;
-    });
+    ip?: string;
-    const body = await response.text();
+    error?: string;
+}
+
+export interface WifiNetwork {
+    ssid: string;
+    signal_dbm: number;
+    security: string;
+}
+
+export async function get_wifi_status(): Promise<WifiStatus> {
+    return JSON.parse(await req('GET', '/api/wifi-status'));
+}
+
+export async function scan_wifi_networks(): Promise<WifiNetwork[]> {
+    return JSON.parse(await req('POST', '/api/wifi-scan'));
+}
+
+export async function req(method: string, url: string, json_body?: unknown): Promise<string> {
+    const options: RequestInit = { method };
+    if (json_body !== undefined) {
+        options.body = JSON.stringify(json_body);
+        options.headers = { 'Content-Type': 'application/json' };
+    }
+    const response = await fetch(url, options);
+    const responseBody = await response.text();
     if (response.status >= 200 && response.status < 300) {
-        return body;
+        return responseBody;
     } else {
-        throw new Error(body);
+        throw new Error(responseBody);
+    }
+}
+
+// A wrapper around req that reports errors to the UI
+export async function user_action_req(
+    method: string,
+    url: string,
+    error_msg: string,
+    json_body?: unknown
+): Promise<string | undefined> {
+    try {
+        return await req(method, url, json_body);
+    } catch (error) {
+        if (error instanceof Error) {
+            add_error(error, error_msg);
+        }
+        return undefined;
     }
 }
 
@@ -38,6 +99,10 @@ export async function get_system_stats(): Promise<SystemStats> {
     return JSON.parse(await req('GET', '/api/system-stats'));
 }
 
+export async function get_logs(): Promise<string> {
+    return await req('GET', '/api/log');
+}
+
 export async function get_config(): Promise<Config> {
     return JSON.parse(await req('GET', '/api/config'));
 }
@@ -56,3 +121,24 @@ export async function set_config(config: Config): Promise<void> {
         throw new Error(error);
     }
 }
+
+export async function test_notification(): Promise<void> {
+    const response = await fetch('/api/test-notification', {
+        method: 'POST',
+    });
+
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(error);
+    }
+}
+
+export interface TimeResponse {
+    system_time: string;
+    adjusted_time: string;
+    offset_seconds: number;
+}
+
+export async function get_daemon_time(): Promise<TimeResponse> {
+    return JSON.parse(await req('GET', '/api/time'));
+}

daemon/web/src/routes/+page.svelte

@@ -7,34 +7,134 @@
     import { AnalysisManager } from '$lib/analysisManager.svelte';
     import SystemStatsTable from '$lib/components/SystemStatsTable.svelte';
     import DeleteAllButton from '$lib/components/DeleteAllButton.svelte';
-    import RecordingControls from '$lib/components//RecordingControls.svelte';
+    import RecordingControls from '$lib/components/RecordingControls.svelte';
     import ConfigForm from '$lib/components/ConfigForm.svelte';
+    import ActionErrors from '$lib/components/ActionErrors.svelte';
+    import ClockDriftAlert from '$lib/components/ClockDriftAlert.svelte';
+    import LogView from '$lib/components/LogView.svelte';
 
     let manager: AnalysisManager = new AnalysisManager();
     let loaded = $state(false);
+    let filter_threshold: boolean = $state(false);
     let entries: ManifestEntry[] = $state([]);
     let current_entry: ManifestEntry | undefined = $state(undefined);
     let system_stats: SystemStats | undefined = $state(undefined);
+    let update_error: string | undefined = $state(undefined);
+    let logview_shown: boolean = $state(false);
+    let config_shown: boolean = $state(false);
     $effect(() => {
         const interval = setInterval(async () => {
-            await manager.update();
+            try {
-            let new_manifest = await get_manifest();
+                // Don't update UI if browser tab isn't visible
-            await new_manifest.set_analysis_status(manager);
+                if (document.hidden) {
-            entries = new_manifest.entries;
+                    return;
-            current_entry = new_manifest.current_entry;
+                }
 
-            system_stats = await get_system_stats();
+                await manager.update();
-            loaded = true;
+                let new_manifest = await get_manifest();
+                await new_manifest.set_analysis_status(manager);
+                entries = filter_threshold
+                    ? new_manifest.entries.filter((e) => e.get_num_warnings())
+                    : new_manifest.entries;
+
+                current_entry = new_manifest.current_entry;
+
+                system_stats = await get_system_stats();
+                update_error = undefined;
+                loaded = true;
+            } catch (error) {
+                if (error instanceof Error) {
+                    update_error = error.message;
+                } else {
+                    update_error = '';
+                }
+            }
         }, 1000);
 
         return () => clearInterval(interval);
     });
 </script>
 
-<div class="p-4 xl:px-8 bg-rayhunter-blue drop-shadow flex flex-row justify-between items-center">
+<LogView bind:shown={logview_shown} />
+<ConfigForm bind:shown={config_shown} />
+<div
+    class="p-4 xl:px-8 bg-rayhunter-blue drop-shadow-sm flex flex-row justify-between items-center"
+>
     <!-- https://www.w3.org/WAI/tutorials/images/decorative/ -->
     <img src="/rayhunter_text.png" alt="" class="h-10 xl:h-12" />
     <div class="flex flex-row gap-4">
+        <button onclick={() => (logview_shown = true)} class="flex flex-row gap-1 group">
+            <span class="hidden text-white group-hover:text-gray-400 lg:flex">Logs</span>
+            <svg
+                class="w-6 h-6 text-white group-hover:text-gray-400"
+                aria-hidden="true"
+                xmlns="http://www.w3.org/2000/svg"
+                width="24"
+                height="24"
+                fill="currentColor"
+                viewBox="0 0 24 24"
+            >
+                <path
+                    d="M10 14H3"
+                    stroke="currentColor"
+                    stroke-width="1.5"
+                    stroke-linecap="round"
+                />
+                <path
+                    d="M10 18H3"
+                    stroke="currentColor"
+                    stroke-width="1.5"
+                    stroke-linecap="round"
+                />
+                <path
+                    d="M14 15L17.5 18L21 15"
+                    stroke="currentColor"
+                    stroke-width="1.5"
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                />
+                <path
+                    d="M3 6L13.5 6M20 6L17.75 6"
+                    stroke="currentColor"
+                    stroke-width="1.5"
+                    stroke-linecap="round"
+                />
+                <path
+                    d="M20 10L9.5 10M3 10H5.25"
+                    stroke="currentColor"
+                    stroke-width="1.5"
+                    stroke-linecap="round"
+                />
+            </svg>
+        </button>
+        <button onclick={() => (config_shown = true)} class="flex flex-row gap-1 group">
+            <span class="hidden text-white group-hover:text-gray-400 lg:flex">Config</span>
+            <svg
+                class="w-6 h-6 text-white group-hover:text-gray-400"
+                aria-hidden="true"
+                xmlns="http://www.w3.org/2000/svg"
+                width="24"
+                height="24"
+                fill="none"
+                viewBox="0 0 24 24"
+            >
+                <path
+                    stroke="currentColor"
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M21 13v-2a1 1 0 0 0-1-1h-.757l-.707-1.707.535-.536a1 1 0 0 0 0-1.414l-1.414-1.414a1 1 0 0 0-1.414 0l-.536.535L14 5.757V5a1 1 0 0 0-1-1h-2a1 1 0 0 0-1 1v.757L8.293 6.464l-.536-.535a1 1 0 0 0-1.414 0L4.929 7.343a1 1 0 0 0 0 1.414l.535.536L4.757 11H4a1 1 0 0 0-1 1v2a1 1 0 0 0 1 1h.757l.707 1.707-.535.536a1 1 0 0 0 0 1.414l1.414 1.414a1 1 0 0 0 1.414 0l.536-.535L10 18.243V19a1 1 0 0 0 1 1h2a1 1 0 0 0 1-1v-.757l1.707-.707.536.535a1 1 0 0 0 1.414 0l1.414-1.414a1 1 0 0 0 0-1.414l-.535-.536.707-1.707H20a1 1 0 0 0 1-1Z"
+                />
+                <path
+                    stroke="currentColor"
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    stroke-width="2"
+                    d="M12 15a3 3 0 1 0 0-6 3 3 0 0 0 0 6Z"
+                />
+            </svg>
+        </button>
+        <div class="w-px bg-white/30 self-stretch"></div>
         <a
             class="flex flex-row gap-1 group"
             href="https://github.com/EFForg/rayhunter/issues"
@@ -81,16 +181,77 @@
                 />
             </svg>
         </a>
+        <a
+            class="flex flex-row gap-1 group"
+            href="https://supporters.eff.org/donate"
+            target="_blank"
+        >
+            <span class="hidden text-white group-hover:text-gray-400 lg:flex">Donate</span>
+            <svg
+                class="w-6 h-6 text-white group-hover:text-gray-400"
+                aria-hidden="true"
+                xmlns="http://www.w3.org/2000/svg"
+                width="24"
+                height="24"
+                fill="currentColor"
+                viewBox="0 0 24 24"
+            >
+                <path
+                    d="m12.75 20.66 6.184-7.098c2.677-2.884 2.559-6.506.754-8.705-.898-1.095-2.206-1.816-3.72-1.855-1.293-.034-2.652.43-3.963 1.537-1.31-1.108-2.67-1.571-3.962-1.537-1.515.04-2.823.76-3.72 1.855-1.806 2.2-1.924 5.821.753 8.705l6.184 7.098.245.281a.75.75 0 0 0 1.09 0l.246-.281Z"
+                />
+            </svg>
+        </a>
     </div>
 </div>
 <div class="m-4 xl:mx-8 flex flex-col gap-4">
+    {#if update_error !== undefined}
+        <div
+            class="bg-red-100 border-red-100 drop-shadow-sm p-4 flex flex-col gap-2 border rounded-md flex-1 justify-between"
+        >
+            <span class="text-2xl font-bold mb-2 flex flex-row items-center gap-2 text-red-600">
+                <svg
+                    class="w-8 h-8 text-red-600"
+                    aria-hidden="true"
+                    xmlns="http://www.w3.org/2000/svg"
+                    width="24"
+                    height="24"
+                    fill="currentColor"
+                    viewBox="0 0 24 24"
+                >
+                    <path
+                        fill-rule="evenodd"
+                        d="M2 12C2 6.477 6.477 2 12 2s10 4.477 10 10-4.477 10-10 10S2 17.523 2 12Zm11-4a1 1 0 1 0-2 0v5a1 1 0 1 0 2 0V8Zm-1 7a1 1 0 1 0 0 2h.01a1 1 0 1 0 0-2H12Z"
+                        clip-rule="evenodd"
+                    />
+                </svg>
+                Connection Error
+            </span>
+            <span
+                >This webpage is not currently receiving updates from your Rayhunter device. This
+                could be due to loss of connection or some issue with your device.</span
+            >
+            {#if update_error}
+                <details>
+                    <summary>Error</summary>
+                    <code>{update_error}</code>
+                </details>
+            {/if}
+        </div>
+    {/if}
+    <ActionErrors />
+    <ClockDriftAlert />
     {#if loaded}
         <div class="flex flex-col lg:flex-row gap-4">
             {#if current_entry}
-                <Card entry={current_entry} current={true} server_is_recording={!!current_entry} />
+                <Card
+                    entry={current_entry}
+                    current={true}
+                    server_is_recording={!!current_entry}
+                    {manager}
+                />
             {:else}
                 <div
-                    class="bg-red-100 border-red-100 drop-shadow p-4 flex flex-col gap-2 border rounded-md flex-1 justify-between"
+                    class="bg-red-100 border-red-100 drop-shadow-sm p-4 flex flex-col gap-2 border rounded-md flex-1 justify-between"
                 >
                     <span
                         class="text-2xl font-bold mb-2 flex flex-row items-center gap-2 text-red-600"
@@ -112,9 +273,9 @@
                         </svg>
                         WARNING: Not Running
                     </span>
-                    <span
+                    <span>
-                        >Rayhunter is not currently running and will not detect abnormal behavior!</span
+                        Rayhunter is not currently running and will not detect abnormal behavior!
-                    >
+                    </span>
                     <div class="flex flex-row justify-end mt-2">
                         <RecordingControls server_is_recording={!!current_entry} />
                     </div>
@@ -123,11 +284,26 @@
             <SystemStatsTable stats={system_stats!} />
         </div>
         <div class="flex flex-col gap-2">
-            <span class="text-xl">History</span>
+            <div class="flex flex-row gap-2">
-            <ManifestTable {entries} server_is_recording={!!current_entry} />
+                <div class="text-xl flex-1">History</div>
+                <div class="flex flex-row items-center gap-2 px-3">
+                    <label
+                        for="filter_threshold"
+                        class="block text-md font-medium text-gray-700 mb-1"
+                    >
+                        Filter for Warnings
+                    </label>
+                    <input
+                        type="checkbox"
+                        id="filter_threshold"
+                        bind:checked={filter_threshold}
+                        class="px-3 py-2 border border-gray-300 rounded-md focus:outline-hidden focus:ring-2 focus:ring-rayhunter-blue"
+                    />
+                </div>
+            </div>
+            <ManifestTable {entries} server_is_recording={!!current_entry} {manager} />
         </div>
         <DeleteAllButton />
-        <ConfigForm />
     {:else}
         <div class="flex flex-col justify-center items-center">
             <!-- https://www.w3.org/WAI/tutorials/images/decorative/ -->

daemon/web/src/theme.ts

@@ -0,0 +1,11 @@
+/** These are the default Tailwind CSS breakpoints.
+ * We're defining them here so they can be referenced
+ * programmatically in other parts of the application.
+ */
+export const breakpoints = {
+    sm: '640px',
+    md: '768px',
+    lg: '1024px',
+    xl: '1280px',
+    '2xl': '1536px',
+} as const;

daemon/web/tailwind.config.ts

@@ -1,17 +0,0 @@
-import type { Config } from 'tailwindcss';
-
-export default {
-    content: ['./src/**/*.{html,js,svelte,ts}'],
-
-    theme: {
-        extend: {
-            colors: {
-                'rayhunter-blue': '#4e4eb1',
-                'rayhunter-dark-blue': '#3f3da0',
-                'rayhunter-green': '#94ea18',
-            },
-        },
-    },
-
-    plugins: [],
-} as Config;

daemon/web/vite.config.ts

@@ -1,11 +1,12 @@
 import { defineConfig } from 'vitest/config';
 import { sveltekit } from '@sveltejs/kit/vite';
+import tailwindcss from '@tailwindcss/vite';
 
 export default defineConfig({
     server: {
         proxy: {
             '/api': {
-                target: 'http://localhost:8080',
+                target: process.env.API_TARGET || 'http://localhost:8080',
                 changeOrigin: true,
                 secure: false,
                 configure: (proxy, _options) => {
@@ -26,7 +27,7 @@ export default defineConfig({
             },
         },
     },
-    plugins: [sveltekit()],
+    plugins: [tailwindcss(), sveltekit()],
     build: {
         // Force everything into one HTML file. SvelteKit will still generate
         // a lot of JS files but they are deadweight and will not be included

dist/config.toml.in

@@ -12,6 +12,7 @@ colorblind_mode = false
 # 1 = Subtle mode, display a colored line at the top of the screen when rayhunter is running (green=running, white=paused, red=warnings)
 # 2 = Demo Mode, display a fun orca gif
 # 3 = display the EFF logo
+# 4 = High Visibility mode, fill the entire screen with the status color (green=running, white=paused, red=warnings)
 #
 # TP-Link with one-bit display:
 # 0 = invisible mode
@@ -19,9 +20,41 @@ colorblind_mode = false
 ui_level = 1
 
 # 0 = rayhunter does not read button presses
-# 1 = double-tapping the power button starts/stops recordings
+# 1 = double-tapping the power button starts new recording
 key_input_mode = 0
 
+# If set, attempts to send a notification to the url when a new warning is triggered
+# ntfy_url = "https://ntfy.sh/your-topic"
+# What notification types to enable. Does nothing if the above ntfy_url is not set.
+enabled_notifications = ["Warning", "LowBattery"]
+
+# Disk Space Management
+# Minimum free space (MB) required to start recording
+min_space_to_start_recording_mb = 1
+# Minimum free space (MB) to continue recording (stops if below this)
+min_space_to_continue_recording_mb = 1
+
+# WiFi Client Mode
+# Toggle wifi_enabled to connect the device to an existing WiFi network.
+# Credentials are stored separately in wpa_sta.conf and managed via the web UI.
+wifi_enabled = false
+
+# DNS servers to use when WiFi client mode is active.
+# Defaults to ["9.9.9.9", "149.112.112.112"] (Quad9) if not specified.
+# dns_servers = ["9.9.9.9", "149.112.112.112"]
+
+# Device Security
+# Restrict outbound traffic to essential services only (DHCP, DNS,
+# HTTPS, and replies to inbound connections). Applies to all outbound
+# interfaces (WiFi and cellular). Loopback and hotspot bridge traffic
+# are always allowed. Defaults to true (recommended).
+firewall_restrict_outbound = true
+
+# Additional TCP ports to allow outbound when the firewall is active.
+# DHCP (67-68), DNS (53), and HTTPS (443) are always allowed.
+# Example: allow HTTP (80) and SSH (22).
+# firewall_allowed_ports = [80, 22]
+
 # Analyzer Configuration
 # Enable/disable specific IMSI catcher detection heuristics
 # See https://github.com/EFForg/rayhunter/blob/main/doc/heuristics.md for details
@@ -29,6 +62,8 @@ key_input_mode = 0
 imsi_requested = true
 connection_redirect_2g_downgrade = true
 lte_sib6_and_7_downgrade = true
-null_cipher = true 
+null_cipher = true
 nas_null_cipher = true
 incomplete_sib = true
+test_analyzer = false
+diagnostic_analyzer = true

dist/scripts/S01iptables

@@ -0,0 +1,24 @@
+#!/bin/sh
+CONFIG="/data/rayhunter/config.toml"
+
+case "$1" in
+  start)
+    if grep -q '^firewall_restrict_outbound = true' "$CONFIG" 2>/dev/null; then
+        iptables -F OUTPUT
+        iptables -A OUTPUT -o lo -j ACCEPT
+        for br in bridge0 br0; do
+            [ -d "/sys/class/net/$br" ] && iptables -A OUTPUT -o "$br" -j ACCEPT
+        done
+        iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+        iptables -A OUTPUT -p udp --dport 67:68 -j ACCEPT
+        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+        iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+        iptables -A OUTPUT -j DROP
+        echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables 2>/dev/null
+    fi
+    ;;
+  stop)
+    iptables -F OUTPUT
+    iptables -P OUTPUT ACCEPT
+    ;;
+esac

doc/SUMMARY.md

@@ -1,22 +1,26 @@
 # Summary
 
-[Introduction](./introduction.md)
+- [Introduction](./introduction.md)
+- [Support, feedback, and community](./support-feedback-community.md)
+- [Frequently Asked Questions](./faq.md)
 - [Installation](./installation.md)
   - [Installing from the latest release](./installing-from-release.md)
-    - [Installing from the latest release (Windows)](./installing-from-release-windows.md)
   - [Installing from source](./installing-from-source.md)
   - [Updating Rayhunter](./updating-rayhunter.md)
 - [Configuration](./configuration.md)
 - [Uninstalling](./uninstalling.md)
 - [Using Rayhunter](./using-rayhunter.md)
   - [Rayhunter's heuristics](./heuristics.md)
+  - [Re-analyzing recordings](./reanalyzing.md)
   - [How we analyze a capture](./analyzing-a-capture.md)
 - [Supported devices](./supported-devices.md)
-  - [Orbic RC400L](./orbic.md)
+  - [Porting to new devices](./porting.md)
+  - [Orbic/Kajeet RC400L](./orbic.md)
   - [TP-Link M7350](./tplink-m7350.md)
   - [TP-Link M7310](./tplink-m7310.md)
   - [Tmobile TMOHS1](./tmobile-tmohs1.md)
+  - [UZ801](./uz801.md)
   - [Wingtech CT2MHS01](./wingtech-ct2mhs01.md)
   - [PinePhone and PinePhone Pro](./pinephone.md)
-- [Support, feedback, and community](./support-feedback-community.md)
+  - [Moxee Hotspot](./moxee.md)
-  - [Frequently Asked Questions](./faq.md)
+- [REST API Documentation](./api-docs.md)

doc/analyzing-a-capture.md

@@ -1,3 +1,3 @@
 # How we analyze a capture
 
-TODO
+Teams of highly trained squirrels. Video coming soon!

doc/api-docs.md

@@ -0,0 +1,5 @@
+# REST API Documentation
+
+The rayhunter daemon has [REST API documentation](./api-docs/) available in the interactive swagger-ui.
+
+>**Note:** API endpoints are subject to change as needs arise, though we will try to keep them as stable as possible and notify about breaking changes in the changelogs for new versions.

doc/configuration.md

@@ -7,13 +7,52 @@ Rayhunter can be configured through web user interface or by editing `/data/rayh
 Through web UI you can set:
 - **Device UI Level**, which defines what Rayhunter shows on device's built-in screen. *Device UI Level* could be:
   - *Invisible mode*: Rayhunter does not show anything on the built-in screen
-  - *Subtle mode (colored line)*: Rayhunter shows green line if there are no warnings, red line if there are warnings (warnings could be checked through web UI) and white line if Rayhunter is not recording
+  - *Subtle mode (colored line)*: Rayhunter shows green line if there are no warnings, red line if there are warnings (warnings could be checked through web UI) and white line if Rayhunter is not recording.
-  - *Demo mode (orca gif)*, which shows image of orca fish *and* colored line
+  - *Demo mode (orca gif)*, which shows image of orcas *and* colored line.
-  - *EFF logo*, which shows EFF logo and *and* colored line.
+  - *EFF logo*, which shows EFF logo *and* colored line.
-- **Device Input Mode**, which defines behaviour of built-in power button of the device. *Device Input Mode* could be:
+  - *High visibility (full screen color)*: fills the entire screen with the status color (green for recording, red for warnings, white for paused).
-  - *Disable button control*: built-in power button of the device is not used by Rayhunter;
+- **Device Input Mode**, which defines behavior of built-in power button of the device. *Device Input Mode* could be:
-  - *Double-tap power button to start/stop recording*: double clicking on a built-in power button of the device stops and immediatelly restarts the recording. This could be useful if Rayhunter's heuristichs is triggered and you get the red line, and you want to "reset" the past warnings. Normally you can do that through web UI, but sometimes it is easier to double tap on power button.
+  - *Disable button control*: built-in power button of the device is not used by Rayhunter.
+  - *Double-tap power button to start new recording*: double clicking on a built-in power button of the device stops and immediately restarts the recording. This could be useful if Rayhunter's heuristics is triggered and you get the red line, and you want to "reset" the past warnings. Normally you can do that through web UI, but sometimes it is easier to double tap on power button.
 - **Colorblind Mode** enables color blind mode (blue line is shown instead of green line, red line remains red). Please note that this does not cover all types of color blindness, but switching green to blue should be about enough to differentiate the color change for most types of color blindness.
-- With **Analyzer Heuristic Settings** you can switch on or off built-in [Rayhunter heuristics](heuristics.md). Some heuristics are experimental or can trigger a lot of false positive warnings in some networks (our tests have shown that some heuristics have different behaviour in US or European networks). In that case you can decide whether you would like to have the heuristics that trigger a lot of false positives on or off. Please note that we are constantly improving and adding new heuristics, so new release may reduce false positives in existing heuristics as well.
+- **ntfy URL**, which allows setting a [ntfy](https://ntfy.sh/) URL to which notifications of new detections will be sent. The topic should be unique to your device, e.g., `https://ntfy.sh/rayhunter_notifications_ba9di7ie` or `https://myserver.example.com/rayhunter_notifications_ba9di7ie`. The ntfy Android and iOS apps can then be used to receive notifications. More information can be found in the [ntfy docs](https://docs.ntfy.sh/).
+- **Enabled Notification Types** allows enabling or disabling the following types of notifications:
+  - *Warnings*, which will alert when a heuristic is triggered. Alerts will be sent at most once every five minutes.
+  - *Low Battery*, which will alert when the device's battery is low. Notifications may not be supported for all devices—you can check if your device is supported by looking at whether the battery level indicator is functioning on the System Information section of the Rayhunter UI.
+- With **Analyzer Heuristic Settings** you can switch on or off built-in [Rayhunter heuristics](heuristics.md). Some heuristics are experimental or can trigger a lot of false positive warnings in some networks (our tests have shown that some heuristics have different behavior in US or European networks). In that case you can decide whether you would like to have the heuristics that trigger a lot of false positives on or off. Please note that we are constantly improving and adding new heuristics, so a new release may reduce false positives in existing heuristics as well.
 
-If you prefer editing `config.toml` file, you need to obtain a shell on your [Orbic](./orbic.md#obtaining-a-shell) or [TP-Link](./tplink-m7350.md#obtaining-a-shell) device and edit the file manually. You can view the [default configuration file on a GitHub](https://github.com/EFForg/rayhunter/blob/main/dist/config.toml.in).
+## WiFi Client Mode
+
+On the **Orbic**, **Moxee**, **UZ801**, **TMOHS1**, and **Wingtech**, Rayhunter can connect the device to an existing WiFi network while keeping the hotspot running. This gives the device internet access for [notifications](https://docs.ntfy.sh/) and lets you reach the web UI from any device on that network.
+
+- **Enable WiFi** turns WiFi client mode on or off. Disabling it does not erase saved credentials.
+- **Scan** searches for nearby networks. Select one from the dropdown, or type an SSID manually.
+- **Password** is required for WPA/WPA2 networks. The password is stored separately from `config.toml` (in `wpa_sta.conf` on the device) and is never exposed through the API.
+- **DNS Servers** lets you override the DNS servers used when connected. Defaults to `9.9.9.9` and `149.112.112.112` (Quad9) if not set.
+
+After saving, the connection status will show **connecting**, **connected** (with the assigned IP address), or **failed** (with an error message). If the connection fails, check that the SSID and password are correct and that the network is in range.
+
+### Crash Recovery
+
+The WiFi kernel module (`wlan.ko`) can occasionally crash or unload, taking both the hotspot and client interfaces down with it. Rayhunter includes a watchdog that detects this and automatically reloads the module, restarts the hotspot, and reconnects to the configured network. During recovery the WiFi status will show **recovering**.
+
+On the first detection of a crash, a diagnostic snapshot is saved to `/data/rayhunter/crash-logs/` on the device. You can pull these logs with `adb pull /data/rayhunter/crash-logs/` and inspect them to understand what went wrong. Each log contains:
+
+- **dmesg** output (kernel messages). Look for backtraces, `BUG:`/`Oops:` lines, or `wlan`/`wcnss` errors. The kernel ring buffer is small and gets overwritten quickly, so crash details may already be gone if the crash happened well before detection.
+- **/proc/modules** snapshot. If `wlan` is absent, the module fully unloaded. If present but interfaces are gone, the driver is stuck.
+- **ip addr** output confirming which network interfaces existed at snapshot time.
+- **ps** output showing which WiFi-related processes (`hostapd`, `wpa_supplicant`, `wland`) were still running.
+
+If recovery fails after 5 attempts, the status will change to **failed**. A reboot of the device will reset WiFi.
+
+You can also configure WiFi during installation:
+
+```sh
+./installer orbic --admin-password 'mypassword' --wifi-ssid 'MyNetwork' --wifi-password 'networkpass'
+```
+
+## Device Security
+
+- **Restrict outbound traffic** limits what the device can send over the network. When enabled, only DNS, DHCP, and HTTPS traffic is allowed; everything else is blocked. This is enabled by default and prevents the device from phoning home to the carrier over cellular. If you need to allow additional ports (for example, port 80 for HTTP or port 22 for SSH), add them to the **Additional allowed ports** list.
+
+If you prefer editing `config.toml` file, you need to obtain a shell on your [Orbic](./orbic.md#obtaining-a-shell) or [TP-Link](./tplink-m7350.md#obtaining-a-shell) device and edit the file manually. You can view the [default configuration file on GitHub](https://github.com/EFForg/rayhunter/blob/main/dist/config.toml.in).

doc/custom.css

@@ -0,0 +1,6 @@
+.warning-box {
+    padding: 0.75em 1em;
+    border-left: 4px solid #e33;
+    border-radius: 4px;
+    background-color: color-mix(in srgb, currentColor 10%, transparent);
+}

doc/faq.md

@@ -2,55 +2,80 @@
 
 ### Do I need an active SIM card to use Rayhunter?
 
-**It Depends**. Operation of Rayhunter does require the insertion of a SIM card into the device, but whether that SIM card has to be currently active for our tests to work is still under investigation. If you want to use the device as a hotspot in addition to a research device an active plan would of course be necessary, however we have not done enough testing yet to know whether an active subscription is required for detection. If you want to test the device with an inactive SIM card, we would certainly be interested in seeing any data you collect, and especially any runs that trigger an alert!
+**It Depends**. Operation of Rayhunter does require the insertion of a SIM card into the device, but that sim card does not have to be actively registered with a service plan. If you want to use the device as a hotspot in addition to a research device, or get [notifications](./configuration.md), an active plan would of course be necessary.
+
+### How can I test that my device is working?
+You can enable the `Test Heuristic` under `Analyzer Heuristic Settings` in the config section on your web dashboard. This will cause an alert to trigger every time your device sees a cell tower, you might need to reboot your device or move around a bit to get this one to trigger, but it will be very noisy once it does. People have also tested it by building IMSI catchers at home, but we don't recommend that, since it violates FCC regulations and will probably upset your neighbors.
 
 <a name="red"></a>
 
-### Help, Rayhunter's line is red! What should I do?
+### Help, Rayhunter's line is red/orange/yellow/dotted/dashed! What should I do?
 
-Unfortunately, the circumstances that might lead to a positive cell site simulator (CSS) signal are quite varied, so we don't have a universal recommendation for how to deal with the a positive signal. Depending on your circumstances and threat model, you may want to turn off your phone until you are out of the area (or put it on airplane mode) and tell your friends to do the same!
+Unfortunately, the circumstances that might lead to a positive cell site simulator (CSS) signal are quite varied, so we don't have a universal recommendation for how to deal with the a positive signal. Depending on your circumstances and threat model, you may want to turn off your phone until you are out of the area and tell your friends to do the same!
 
-If you've received a Rayhunter warning and would like to help us with our research, please send your Rayhunter data captures (QMDL and PCAP logs) to us at our [Signal](https://signal.org/) username [**ElectronicFrontierFoundation.90**](https://signal.me/#eu/HZbPPED5LyMkbTxJsG2PtWc2TXxPUR1OxBMcJGLOPeeCDGPuaTpOi5cfGRY6RrGf) with the following information: capture date, capture location, device, device model, and Rayhunter version. If you're unfamiliar with Signal, feel free to check out our [Security Self Defense guide on it](https://ssd.eff.org/module/how-to-use-signal).
+If you've received a Rayhunter warning and would like to help us with our research, please send your Rayhunter data captures (Zip file downloaded from the web interface) to us at our [Signal](https://signal.org/) username [**ElectronicFrontierFoundation.90**](https://signal.me/#eu/HZbPPED5LyMkbTxJsG2PtWc2TXxPUR1OxBMcJGLOPeeCDGPuaTpOi5cfGRY6RrGf) with the following information: capture date, capture location, device, device model, and Rayhunter version. If you're unfamiliar with Signal, feel free to check out our [Security Self Defense guide on it](https://ssd.eff.org/module/how-to-use-signal).
 
 Please note that this file may contain sensitive information such as your IMSI and the unique IDs of cell towers you were near which could be used to ascertain your location at the time.
 
 
 ### Should I get a locked or unlocked orbic device? What is the difference?
 
-If you want to use a non-Verizon SIM card you will probably need an unlocked device. But it's not clear how locked the locked devices are nor how to unlock them, we welcome any experimentation and information regarding the use of unlocked devices.
+If you want to use a non-Verizon SIM card you will probably need an unlocked device. But it's not clear which devices are locked nor how to unlock them, we welcome any experimentation and information regarding the use of unlocked devices. So far most verizon branded orbic devices we have encountered are actually unlocked.
 
+### I can't reach my Rayhunter's web UI after leaving it alone for a while
+
+Some hotspots (notably the T-Mobile TMOHS1 and Wingtech CT2MHS01) shut down their Wi-Fi access point after about 10 minutes with no connected clients to save battery. Rayhunter is still recording in the background, but you won't be able to reach the web UI until you power cycle the device or reconnect a client while Wi-Fi is still up.
+
+To avoid this, set Wi-Fi Standby to "Always on" in the hotspot's native admin UI. See [TMOHS1](./tmobile-tmohs1.md#wi-fi-auto-shutdown) or [CT2MHS01](./wingtech-ct2mhs01.md#wi-fi-auto-shutdown) for step-by-step instructions.
 
 ### How do I re-enable USB tethering after installing Rayhunter?
 
-Make sure USB tethering is also enabled in the Orbic's UI, and then run the following commands:
+If you have installed with `./installer orbic-usb`, you might find that USB
+tethering is now disabled. If you have run `./installer orbic`, this section is not
+relevant as it does not use or touch USB.
+
+[First obtain a shell](./orbic.md#shell), then:
+
 
 ```sh
-installer util shell "echo 9 > /usrdata/mode.cfg"
+# inside of Orbic's shell:
-installer util shell reboot
+echo 9 > /usrdata/mode.cfg
+reboot
 ```
 
+Make sure USB tethering is also enabled in the Orbic's UI.
+
 To disable tethering again:
 
 ```sh
-installer util shell "echo 3 > /usrdata/mode.cfg"
+# inside of Orbic's shell:
-installer util shell reboot
+echo 3 > /usrdata/mode.cfg
+reboot
 ```
 
 See `/data/usb/boot_hsusb_composition` for a list of USB modes and Android USB gadget settings.
 
 
+### How do I connect my device to an existing WiFi network?
+
+The Orbic, Moxee, UZ801, and TMOHS1 can connect to a nearby WiFi network while still running their own hotspot. This gives the device internet access for ntfy notifications and lets you reach the web UI from your home network. See [WiFi Client Mode](./configuration.md#wifi-client-mode) in the configuration guide for setup instructions.
+
+### WiFi client mode is connected but I can't reach the internet
+
+Check that the **DNS Servers** field in the config has valid entries (the default is `9.9.9.9` and `149.112.112.112`). If your home network and the device hotspot use the same subnet (for example, both are on `192.168.1.x`), try restarting the daemon by saving the config again from the web UI.
+
 ### How do I disable the WiFi hotspot on the Orbic RC400L?
 
-To disable both WiFi bands:
+To disable both WiFi bands, [first obtain a shell](./orbic.md#shell), then:
 
 ```sh
-adb shell
+# inside of Orbic's shell:
-/bin/rootshell -c "sed -i 's/<wlan><Feature><state>1<\/state>/<wlan><Feature><state>0<\/state>/g' /usrdata/data/usr/wlan/wlan_conf_6174.xml && reboot"
+sed -i 's/<wlan><Feature><state>1<\/state>/<wlan><Feature><state>0<\/state>/g' /usrdata/data/usr/wlan/wlan_conf_6174.xml && reboot
 ```
 
 To re-enable WiFi:
 
 ```sh
-adb shell
+# inside of Orbic's shell:
-/bin/rootshell -c "sed -i 's/<wlan><Feature><state>0<\/state>/<wlan><Feature><state>1<\/state>/g' /usrdata/data/usr/wlan/wlan_conf_6174.xml && reboot"
+sed -i 's/<wlan><Feature><state>0<\/state>/<wlan><Feature><state>1<\/state>/g' /usrdata/data/usr/wlan/wlan_conf_6174.xml && reboot
 ```

doc/heuristics.md

@@ -4,9 +4,78 @@ Rayhunter includes several analyzers to detect potential IMSI catcher activity.
 
 ## Available Analyzers
 
-- **IMSI Requested**: Tests whether the eNodeB sends an IMSI Identity Request NAS message. This can sometimes happen under normal circumstances when the network doesn't already have a TMSI (Temporary Mobile Subscriber ID or GUTI in 5G terminology) for your device. This most often happens when you first turn the device on, especially after it has been off for a long time or if you are in an area where there is absolutely no connection to your service provider. This can also happen if you leave your device on while on an airplane and it suddenly connects to a new tower after being disconnected for a long time. However, if you get this warning at a time when you have been steadily connected to towers and the device has been on for a while it can be treated as suspcious.
+### IMSI Requested (v3)
-- **Connection Release/Redirected Carrier 2G Downgrade**: Tests if a cell releases our connection and redirects us to a 2G cell. This heuristic mostly makes sense in the US or other countries where there are no more operating 2G base stations. In countries where 2G is still in service (such as most of EU), this heuristics may trigger a lot of false positives, so you may want to disable it. However it should be noted that many IMSI Catchers operate in a such way that they downgrade connection to 2G and also that this heuristics has been vastly improved to reduce false positive warnings. See [Wikipedia page on past 2G networks](https://en.wikipedia.org/wiki/2G#Past_2G_networks) for information about your country. 
+
-- **LTE SIB6/7 Downgrade**: Tests for LTE cells broadcasting a SIB type 6 and 7 messages which include 2G/3G frequencies with higher priorities.
+This analyzer tests whether the eNodeB sends an IMSI or IMEI Identity Request NAS message under suspicious .
-- **Null Cipher**: Tests whether the cell suggests using a null cipher (EEA0) in the RRC layer (that means that encryption between your mobile device and base staation is turned off).
+
-- **NAS Null Cipher**: Tests whether the security mode command at the NAS layer suggests using a null cipher (EEA0). This would usually only happen after a UE has successfully authenticated with the MME but still it shouldn't happen at all. This could be indicative of an attack though using SS7 to get key material from the HLR of the UE for a succesful authentication. It could also indicate an IMSI catcher which is connected to the mobile network MME and HLR through cooperation between government and telecom provider. Or it could be a false positive if the telecom provider is intending to use null ciphers (if encryption is illegal or they have some misconfiguration of the network), however this should be very rare case.
+Mobile networks primarily request IMSI or IMEI from a mobile device during initial network attachment or when the network cannot identify the mobile device by its temporary identification (TMSI - *Temporary Mobile Subscriber Identity* or GUTI - *Globally Unique Temporary Identifier* in 4G/5G terminology).
-- **Incomplete SIB**: Tests whether the SIB1 message contains a complete SIB chain (SIB3, SIB5, etc.) A legitimate SIB1 mesage should contain timing information for at least 2 additional sibs (sib3, 4, and 5 being the most common) but a fake base station will often not bother to send additional SIBs beyond 1 and 2. On its own this might just be a misconfigured base station (though we have only seen it in the wild under suspicious circumstances) but combined with other heuristics such as **ISMI Requested** detection it should be considered a strong indicator of malicious activity.
+
+IMSI request therefore usually happens when you first turn the device on especially after it has been off for a long time. Another possibility is, that you reboot your mobile device and your temporary ID expired. Sometimes temporary identification can expire if you have been in an area where there is absolutely no connection to your service provider or after you left your device on an airplane mode and then reconnect to the network (especially being disconnected for a long time). IMSI could also be requested when you connect to a new network (for instance for roaming), when you swap she SIM card or when your device moves to a new *Tracking Area* or *Location Area* and the network can not map the temporary identification to your device. IMSI number can also be requested after core network reboot.
+
+It should also be noted that the network periodically reassigns your device new temporary identification to enhance security and avoid tracking, but in that cases usually does not request IMSI.
+
+During these events the phone will typically go on to authenticate that the network is legitimate and then establish service with the network it is connected to. 
+
+What we consider suspicious is the following chain of events:
+
+* Phone connects to a new tower. 
+* Tower asks for phones identity (IMEI or IMSI.)
+* Authentication does *NOT* happen. 
+* Tower requests phone to disconnect. 
+
+Looking for this chain of events is much less prone to false positives than naively looking for any time the IMSI/IMEI is sent. We do still sometimes get false positives when users are in an airplane that is coming in for a landing however. This is likely due to having been disconnected for a while and then being over towers that are not able to route to your home network, but we are still researching.
+
+This is the attack used by commercial IMSI catchers used by law enforcement. 
+
+This heuristic will also alert you if any of the following happen:
+* Identity is requested after authentication.
+* Identity is requested without your phone connecting to the tower. 
+* Identity is requested and then authentication doesn't happen shortly thereafter. 
+
+This heuristic will also issue a notification every time your identity is sent to the network under non suspicious circumstances. This is for diagnostic purposes. 
+
+### Connection Release/Redirected Carrier 2G Downgrade
+
+This analyzer tests if a base station releases your device's connection and redirects your device to a 2G base station. This heuristic is useful, because some IMSI catchers may operate in a such way that they downgrade connection to 2G where they can intercept the communication (by performing man-in-the-middle attack).
+
+
+### LTE SIB6/7 Downgrade (v2)
+
+This analyzer tests if LTE base station is broadcasting a SIB type 6 and 7 messages which include 2G/3G frequencies with higher priorities.
+
+SIB (*System Information Block*) Type 6 and 7 are specific types of broadcast messages sent by the base station (eNodeB in 4G networks) to mobile devices. They contain essential radio-related configuration parameters to help mobile device perform cell reselection.
+
+This attack exploits the fact that SIB broadcast messages are not encrypted or authenticated. This allows them to pretend to be a legitimate cell by broadcasting fake system information in order to force mobile devices to downgrade from more secure 4G (LTE) to less secure 2G (GSM) network and then steal IMSI and/or perform man-in-the-middle attack. That is why this is also called a downgrade attack.
+
+SIB6 is used for cell reselection to CDMA2000 systems which are not supported by many modern mobile phones, and SIB7 Provides the mobile device with information to perform cell reselection to GSM/EDGE networks. Therefore SIB6 messages are quite rare, while malformed SIB7 messages are much more frequent in practice. 
+
+This heuristic is useful even in countries where 2g is still prevalent. A well behaved tower should always advertise its other 4g neighbors at a higher priority than 2g/3g neighbors. (Older versions of this heuristic were prone to false positives.)
+
+### Null Cipher
+
+This analyzer tests whether the cell suggests using a null cipher (EEA0) in the RRC layer. That means that encryption between your mobile device and base station is turned off.
+
+Normally this should never happen, because null cipher is used almost exclusively for testing and debugging in labs or in controlled environments. Sometimes null cipher is used if encryption negotiation fails or isn’t supported (however in most networks this should not be the case). Also, some regulations allow unencrypted communications in **specific** emergency cases.
+
+The general rule is that null cipher should never be used in commercial deployments, except in very controlled conditions (e.g., test labs) or in a very specific regulatory-approved use cases.
+
+On the other hand, IMSI catchers often use null cipher to avoid setting up secure contexts (because they lack valid keys) and/or to trick mobile device into using unencrypted links (which makes eavesdropping easier).
+
+### NAS Null Cipher
+
+This analyzer tests whether the security mode command at the NAS layer suggests using a null cipher (EEA0). This would usually only happen after a mobile device has successfully authenticated with the MME (*Mobility Management Entity* - core network component that handles signaling and control) but still it shouldn't happen at all. This could be indicative of an attack though using SS7 (*Signaling System 7* - a set of telecommunication protocols used to set up and manage calls and other services) to get key material from the HLR (*Home Location Register* - a database in mobile telecommunications networks that stores subscriber information) of the mobile phone for a successful authentication.
+
+It could also indicate an IMSI catcher which is connected to the mobile network MME and HLR through cooperation between government and telecom provider. Or it could be a false positive if the telecom provider is intending to use null ciphers (if encryption is illegal in some country, or they have some misconfiguration of the network), however this should be very rare case.
+
+### Incomplete SIB
+
+This analyzer tests whether the SIB1 message contains a complete SIB chain (SIB3, SIB5, etc.). A legitimate SIB1 message should contain timing information for at least 2 additional SIBs (SIB3, 4, and 5 being the most common) but a fake base station will often not bother to send additional SIBs beyond 1 and 2 (i. e. some IMSI catchers send just SIB1 and *one additional* SIB).
+
+On its own this might just be a misconfigured base station (though we have only seen it in the wild under suspicious circumstances) but combined with other heuristics such as **IMSI Requested** detection it should be considered as a strong indicator of malicious activity.
+
+### Diagnostic Information 
+This analyzer displays some diagnostic information about when your device connects and disconnects from certain towers. It is helpful for analysis of suspicious PCAPs. The informational warnings in here can safely be ignored until there is a low, medium, or high severity warning. 
+
+### Test Analyzer
+
+This analyzer is great for testing if your Rayhunter installation works. It will alert every time a new tower is seen (specifically every time a tower broadcasts a SIB1 message.) It is designed to be very noisy so we do not recommend leaving it on but if this alerts it means your Rayhunter device is working! 

doc/installation.md

@@ -3,5 +3,8 @@
 So, you've got one of the [supported devices](./supported-devices.md), and are ready to start catching IMSI catchers. You have two options for installing Rayhunter:
 
 * [installing from a release (recommended)](./installing-from-release.md)
-  * [installing from a release on Windows](./installing-from-release-windows.md)
 * [installing from source](./installing-from-source.md)
+
+Already have Rayhunter installed but looking to update?
+
+* [Updating Rayhunter](./updating-rayhunter.md)