npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/main/session.c, branch feature/cvm-integration

npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/main/session.c, branch feature/cvm-integration [no description] https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/atom?h=feature%2Fcvm-integration 2026-05-17T22:07:27+00:00 feat: ContextVM (MCP over Nostr) server with WS masking fix 2026-05-17T22:07:27+00:00 Your Name you@example.com 2026-05-17T22:07:27+00:00 urn:sha1:8a2f7a6c9423e0c00fae3c1233bee9e0bb3ae239 - Full CVM server: persistent WS relay listener, kind 25910 subscription - MCP protocol handlers: initialize, tools/list, tools/call, ping - 10 MCP tools: get_config, set_config, get_balance, wallet_send, get_sessions, get_usage, set_payout, set_metric, set_price, wallet_melt - CEP-6 announcements via WS (kinds 11316, 11317, 10002) - Auth check: owner npub only - Fix: WebSocket client-to-server frame masking (RFC 6455 requirement) - Fix: Raw event JSON in EVENT wrapper (no re-parsing that breaks sig) - SNTP init after STA gets IP - 282 unit tests passing (61 CVM + 60 MCP handler + 161 existing) - Integration test scaffold: tests/integration/test-cvm.mjs feat: per-client NAT filtering via LWIP_HOOK_IP4_CANFORWARD 2026-05-17T11:09:31+00:00 Your Name you@example.com 2026-05-17T11:09:31+00:00 urn:sha1:0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec - Add lwip_tollgate_hooks.h defining LWIP_HOOK_IP4_CANFORWARD macro - Inject hook into lwIP build via CMakeLists.txt ESP_IDF_LWIP_HOOK_FILENAME - Filter forwarded packets by source IP against firewall allowed list - Only filter packets from AP subnet (10.192.45.0/24), allow all others - Fix byte order bug: use network byte order for firewall_is_client_allowed - NAT always enabled, removed global NAT toggle functions - Remove spent-secret tracking from session.c (mint is authority) - Remove unused get_ap_netif() function - Reduce API server stack from 32KB to 16KB (fixes ESP_ERR_HTTPD_TASK) - Add esp_random.h stub for unit tests - All 186 unit tests passing - Verified on hardware: block->pay->allow->revoke->block E2E works feat(phase6): bytes-based billing - dual metric support 2026-05-16T23:20:07+00:00 Your Name you@example.com 2026-05-16T23:20:07+00:00 urn:sha1:edd125d0e3fe5fe7c0edf30c429723f3b0120c68 - session_create_bytes() + session_add_bytes() for bytes-metric sessions - session_is_expired() dispatches on config metric (bytes vs milliseconds) - cashu_calculate_allotment() unified dispatcher for both metrics - tollgate_api discovery/usage/session_event use configured metric - config: metric field defaults to 'bytes', step_size_bytes=22020096 (21MB) - 14 new unit tests (148 total passing) - ASSERT_EQ_UINT64 macro added to test framework test_cashu (10/10) + test_session (18/18): all 86 unit tests passing 2026-05-16T20:09:03+00:00 Your Name you@example.com 2026-05-16T20:09:03+00:00 urn:sha1:32844ac7c4a135659714aabf7d2414f156176d72 - Expand esp_http_client.h stub: full config struct + method enum + init/perform/cleanup - Add portTICK_PERIOD_MS + esp_err_to_name to stubs - session.c: reject duplicate spent secrets in session_create (double-spend protection) - .gitignore: add test binaries Captive portal detection fix + Phase 2 tests 16-18,20 passing (17/17) 2026-05-15T23:16:32+00:00 Your Name you@example.com 2026-05-15T23:16:32+00:00 urn:sha1:50b5975ac8793d6d820c35b5999f8a909f64e71b - Add DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback) - DNS hijack returns NXDOMAIN for all non-A query types (no forwarding for unauthed) - Shorter TTL on hijack responses (10s) for faster captive detection - Explicit 302 redirect handlers for /generate_204, /hotspot-detect.html, etc. - HTTP and DNS request logging for debugging captive detection - Per-MAC tracking in firewall (find_by_mac, get_mac_for_ip with ARP fallback) - Session MAC tracking (session_find_by_mac) - Phase 2 test 18: add route through TollGate before ping test - All 17 Phase 2 tests pass (15-21 + whoami + portal form) Phase 2 WIP: Cashu payment endpoints, session tracking, updated checklist 2026-05-15T16:57:14+00:00 Your Name you@example.com 2026-05-15T16:57:14+00:00 urn:sha1:1263d86314fc0760d9be8eea415ccecbc047a5eb - Add cashu.c/h: Cashu token decode (cashuA/base64url), proof state check via mint API, allotment calculator - Add session.c/h: time-based session management with allotment/expiry, spent secret tracking - Add tollgate_api.c/h: HTTP server on :2121 with GET / (kind=10021 discovery), POST / (payment processing), /usage, /whoami - Update captive portal HTML: replace Grant Free Access with Cashu token paste form + Pay & Connect button - Update tollgate_main.c: wire in session manager, TollGate API, 1s session tick loop - Add tests/phase2.mjs: Phase 2 test suite (discovery, invalid token, wrong mint, valid payment) - Update CHECKLIST.md: reflect Phase 1 complete, Phase 2 in progress with known bugs Known issues (not yet flashed): - Stack overflow crash in httpd POST handler (need stack_size=16384 + heap allocations) - cashu_decode_token uses 2KB stack buffer (needs heap alloc) - Mint URL should be testnut.cashu.space (nofee.testnut has API compat issues)