<feed xmlns='http://www.w3.org/2005/Atom'>
<title>npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/main/tollgate_api.c, branch backup/multi-mint-support-pre-rebase</title>
<subtitle>[no description]</subtitle>
<id>https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/atom?h=backup%2Fmulti-mint-support-pre-rebase</id>
<link rel='self' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/atom?h=backup%2Fmulti-mint-support-pre-rebase'/>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/'/>
<updated>2026-05-18T22:42:32+00:00</updated>
<entry>
<title>fix: merge readiness — display_enabled config, real pubkey, probe interval, dedup services</title>
<updated>2026-05-18T22:42:32+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-18T22:42:32+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=3aa372ccc3e11c837458b00088ffb6cbe99ff6ca'/>
<id>urn:sha1:3aa372ccc3e11c837458b00088ffb6cbe99ff6ca</id>
<content type='text'>
- Add display_enabled config field (default true, parsed from config.json)
- Guard display_init/display_update behind display_enabled check
- Fix discovery pubkey: replace hardcoded all-zeros with identity_get()-&gt;npub_hex
- Revert MINT_HEALTH_PROBE_INTERVAL_S from 30 (testing) to 300 (production)
- Remove duplicate services_start_task call in IP event handler
- Fix UTF-8 arrow in STA auth threshold log message
- Gitignore compiled test binaries (test_mcp_handler, test_mint_health, etc.)
- Remove tracked test binaries from git

Verified on Board B (stable):
- make test-discovery-b: pubkey=d6bfe100..., metric=milliseconds, price_per_step tags
- make test-mints-b: 4 mints listed with reachable field
- Wallet: 40 sats balance with 4 proofs from previous payment
- All API endpoints responding (discovery, mints, wallet, whoami, portal)
- 75/75 unit tests passing
</content>
</entry>
<entry>
<title>fix: divide-by-zero crash when no WiFi networks configured</title>
<updated>2026-05-18T14:25:33+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-18T14:25:33+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=65b4c9dc8626757f5f7cda279881b059e926916c'/>
<id>urn:sha1:65b4c9dc8626757f5f7cda279881b059e926916c</id>
<content type='text'>
- Guard tollgate_config_get_next_wifi against network_count=0
- Add fallback parsing for wifi_ssid/wifi_password flat fields
- Add heap info to API server failure log for debugging
- All 75 unit tests passing
</content>
</entry>
<entry>
<title>Move /mints to API server (port 2121), fix services persistence</title>
<updated>2026-05-18T13:37:08+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-18T13:37:08+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=859f9b14e033de9a0690ccbbb975b4b472b688ce'/>
<id>urn:sha1:859f9b14e033de9a0690ccbbb975b4b472b688ce</id>
<content type='text'>
- /mints handler moved from captive portal (port 80) to API server (port 2121)
  where it belongs (JSON endpoint, matches portal JS fetch URL)
- Remove stop_services() from STA disconnect and IP loss handlers
- Services now persist across WiFi STA reconnections
- Reduce MAX_STA_RETRY from 5 to 3
</content>
</entry>
<entry>
<title>feat: multi-mint health tracker, discovery, portal, multi-wallet (Phase 3-8)</title>
<updated>2026-05-18T09:20:41+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-18T09:20:41+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=2a86bec93273e2f4ceeab60683058c65dbb1da3d'/>
<id>urn:sha1:2a86bec93273e2f4ceeab60683058c65dbb1da3d</id>
<content type='text'>
- mint_health.h/c: FreeRTOS probing task, GET /v1/info every 5min,
  recovery threshold 3, immediate failure, mutex-protected state
- cashu.c: health-gated acceptance (config match AND reachable)
- tollgate_api.c: one price_per_step tag per reachable mint in discovery
- captive_portal.c: mint list with green/grey indicators, /mints API,
  auto-refresh every 30s via JS
- nucula_wallet.h/cpp: multi-wallet (up to 4), route receive to correct
  wallet by mint URL, balance sums across all wallets
- tollgate_main.c: init health tracker + multi-wallet on service start
- CMakeLists.txt: add mint_health.c
</content>
</entry>
<entry>
<title>feat: per-client NAT filtering via LWIP_HOOK_IP4_CANFORWARD</title>
<updated>2026-05-17T11:09:31+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-17T11:09:31+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec'/>
<id>urn:sha1:0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec</id>
<content type='text'>
- Add lwip_tollgate_hooks.h defining LWIP_HOOK_IP4_CANFORWARD macro
- Inject hook into lwIP build via CMakeLists.txt ESP_IDF_LWIP_HOOK_FILENAME
- Filter forwarded packets by source IP against firewall allowed list
- Only filter packets from AP subnet (10.192.45.0/24), allow all others
- Fix byte order bug: use network byte order for firewall_is_client_allowed
- NAT always enabled, removed global NAT toggle functions
- Remove spent-secret tracking from session.c (mint is authority)
- Remove unused get_ap_netif() function
- Reduce API server stack from 32KB to 16KB (fixes ESP_ERR_HTTPD_TASK)
- Add esp_random.h stub for unit tests
- All 186 unit tests passing
- Verified on hardware: block-&gt;pay-&gt;allow-&gt;revoke-&gt;block E2E works
</content>
</entry>
<entry>
<title>feat(phase6): bytes-based billing - dual metric support</title>
<updated>2026-05-16T23:20:07+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-16T23:20:07+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=edd125d0e3fe5fe7c0edf30c429723f3b0120c68'/>
<id>urn:sha1:edd125d0e3fe5fe7c0edf30c429723f3b0120c68</id>
<content type='text'>
- session_create_bytes() + session_add_bytes() for bytes-metric sessions
- session_is_expired() dispatches on config metric (bytes vs milliseconds)
- cashu_calculate_allotment() unified dispatcher for both metrics
- tollgate_api discovery/usage/session_event use configured metric
- config: metric field defaults to 'bytes', step_size_bytes=22020096 (21MB)
- 14 new unit tests (148 total passing)
- ASSERT_EQ_UINT64 macro added to test framework
</content>
</entry>
<entry>
<title>Phase 3: Nostr identity derivation + wifistr service discovery</title>
<updated>2026-05-16T18:25:05+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-16T18:25:05+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=4c47ae188b288e7d24bd9566ab3e6a6805d9484f'/>
<id>urn:sha1:4c47ae188b288e7d24bd9566ab3e6a6805d9484f</id>
<content type='text'>
- Add identity.c/h: HMAC-SHA512 derivation from nsec → npub, STA/AP MAC, SSID, AP IP
- Add nostr_event.c/h: NIP-01 event serialization + Schnorr signing (BIP-340)
- Add geohash.c/h: lat/lon to geohash encoding
- Add wifistr.c/h: kind 38787 event builder + WebSocket publish to Nostr relays
- Update config.c/h: nsec-based identity, Nostr relay/geo config, remove static SSID/IP
- Replace custom mbedTLS wallet with nucula library (libsecp256k1)
- Remove wallet.c/h, wallet_persist.c/h (replaced by nucula_lib component)
- Verified on Board A: derived SSID, captive portal, payment, wallet, wifistr publish
</content>
</entry>
<entry>
<title>Phase 3: on-device Cashu wallet with mbedTLS secp256k1 + SPIFFS persistence + PSRAM</title>
<updated>2026-05-16T10:02:55+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-16T10:02:55+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=133e40c82afb4d7659758b1fa57925ac57af4621'/>
<id>urn:sha1:133e40c82afb4d7659758b1fa57925ac57af4621</id>
<content type='text'>
- wallet.c/h: secp256k1 ECP primitives (hash_to_curve, scalar_mul, point_add)
- wallet_persist.c/h: SPIFFS persistence with threshold-based write protection
- Fee accounting for swap (input_fee_ppk from /v1/keysets)
- Keyset fetch via /v1/keysets (586 bytes vs 21KB for /v1/keys)
- Wallet API: GET /wallet, POST /wallet/swap, POST /wallet/send
- Payment proofs auto-stored to wallet + persisted on SPIFFS
- PSRAM enabled for large allocations (ESP32-S3 has 8MB)
- Wallet init deferred to dedicated task (avoids sys_evt stack overflow)
- Cashu proof ID buffer size fixed (66 hex chars, not 16)
- HTTP client: added fetch_headers() call for proper response handling
- persist_threshold_sats config parameter (default: 1 sat)
</content>
</entry>
<entry>
<title>Captive portal detection fix + Phase 2 tests 16-18,20 passing (17/17)</title>
<updated>2026-05-15T23:16:32+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-15T23:16:32+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=50b5975ac8793d6d820c35b5999f8a909f64e71b'/>
<id>urn:sha1:50b5975ac8793d6d820c35b5999f8a909f64e71b</id>
<content type='text'>
- Add DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback)
- DNS hijack returns NXDOMAIN for all non-A query types (no forwarding for unauthed)
- Shorter TTL on hijack responses (10s) for faster captive detection
- Explicit 302 redirect handlers for /generate_204, /hotspot-detect.html, etc.
- HTTP and DNS request logging for debugging captive detection
- Per-MAC tracking in firewall (find_by_mac, get_mac_for_ip with ARP fallback)
- Session MAC tracking (session_find_by_mac)
- Phase 2 test 18: add route through TollGate before ping test
- All 17 Phase 2 tests pass (15-21 + whoami + portal form)
</content>
</entry>
<entry>
<title>Phase 2 WIP: token decode works, TLS checkstate succeeds (crashes after response)</title>
<updated>2026-05-15T22:07:20+00:00</updated>
<author>
<name>Your Name</name>
<email>you@example.com</email>
</author>
<published>2026-05-15T22:07:20+00:00</published>
<link rel='alternate' type='text/html' href='https://upleb.uk/npub12m5exm2uk3xa674cc5r0hlyvccs5xxn7qv83ezuteefv5972nquq4j4szl/esp32-tollgate/commit/?id=c342801162e62ff017ead18688107397d229f606'/>
<id>urn:sha1:c342801162e62ff017ead18688107397d229f606</id>
<content type='text'>
- cashu.c: dynamic json_buf sizing (was 2048 stack, now heap based on token length)
- cashu.c: strip trailing newline/CR from token input (cashu CLI appends 'Balance: 0 sat')
- cashu.c: esp_crt_bundle_attach for HTTPS to mint API
- cashu.c: esp_http_client_open/write/fetch_headers/read pattern for HTTPS POST
- cashu.c: remove debug b64url_decode logging
- tollgate_api.c: loop httpd_req_recv for full body (was single call, missed TCP segments)
- tollgate_api.c: stack_size=32768 for TLS in httpd handler
- config.c: fix default mint URL from nofee.testnut to testnut.cashu.space
- CMakeLists.txt: add esp-tls dependency for cert bundle
- CHECKLIST.md: updated with infrastructure status and TDD plan

Known issue: device reboots after checkstate returns 966 bytes with status=200.
Crash likely in post-response processing (JSON parse or session create).
</content>
</entry>
</feed>
