Sulkta-Coop/adacam
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add status report 2026-03-22

Browse source
This commit is contained in:
kayos 2026-03-22 14:23:47 -07:00
parent 03954120da
commit 516cc0271b
1 changed files with 415 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

415
docs/ADAMAPS-STATUS-REPORT-2026-03-22.md Normal file
View file

@ -0,0 +1,415 @@
# ADAMaps/Bee Project — Status Report
**Date:** 2026-03-22
**Prepared by:** Kayos
**For:** Cobb (jacob@hazedhosting.com)
---
## Executive Summary
**Where We Are:**
- **Truck Bee (Unit 1)** is fully operational and liberated — SSH access working, detection pipeline running, data flowing
- **Brick Bee (Unit 2)** remains SSH-locked — recovery flashes attempted (v1-v8), none confirmed working
- **adacam-forwarder.py** completed today — lightweight replacement for odc-api Node.js bloat
- **Infrastructure solid** — ADAMaps API on Rackham, VPN tunnel working, Gitea repos active
**What's Working:**
- Full SSH access to Truck Bee via AP (192.168.0.10)
- Detection pipeline: camera → VPU → map-ai → `/data/recording/landmarks/` → forwarder
- ADAMaps API endpoints ready to receive ingest
- Comprehensive system recon completed (9 files, 1100+ lines)
**What's Blocked:**
- Brick Bee recovery — Mender flashes don't fix SSH because overlay survives
- SSH reverse tunnel relay broken — banner timeout, HTTP agent workaround available
- WiFi instability when truck is far from router
---
## Two Bees Status
### Truck Bee (Unit 1) — `dashcam-4A928016A02C1046`
| Property | Value |
|----------|-------|
| **Status** | ✅ WORKING — Liberated |
| **SSH Access** | `root@192.168.0.10` (no password) |
| **WiFi AP** | `dashcam-4A928016A02C1046` (password: `hivemapper`) |
| **WiFi Client** | Connected to zerocool (192.168.0.155) |
| **Liberation** | Done manually over time (not via script) |
**Treatment:** READ-ONLY. This is our only working unit. No experimental changes.
**What's Running:**
- depthai_gate (camera + VPU inference)
- map-ai (detection processing)
- redis + redis-handler (sensor fusion)
- hostapd (WiFi AP)
- Bee Agent API (`/data/adacam/agent.py:8080`)
**Hivemapper Services:** Still running but blocked at network level. Cloud endpoints unreachable.
### Brick Bee (Unit 2) — `dashcam-81B2B81681545109`
| Property | Value |
|----------|-------|
| **Status** | ❌ BRICKED — SSH locked out |
| **WiFi AP** | UP, accessible |
| **SSH** | Banner timeout / connection refused |
| **USB Bridge** | NOT working (OTG doesn't trigger) |
**Root Cause:** Liberation script v0.3 wrote `PasswordAuthentication no` to overlay BEFORE writing SSH keys. Result: SSH requires key auth, but no keys authorized.
**Recovery Attempts:**
- v1-v8 Mender artifacts tried via USB
- USB activity observed (script runs, mounts, finds file)
- But nothing "lands and sticks" — no change in behavior
---
## Infrastructure
### ADAMaps API — Rackham
| Property | Value |
|----------|-------|
| **Location** | 142.44.213.229 (public), 192.168.254.105 (VPN) |
| **Port** | 5001 |
| **Stack** | Flask + PostGIS |
| **Role** | PRIMARY database and API |
**Endpoints:**
- `POST /api/ingest` — Detection batch ingest (auth: `X-AdaMaps-Key`)
- `POST /api/images` — Image upload (multipart)
- `GET /api/health` — Health check
### VPN Topology
```
Rackham (192.168.254.105) ←── OpenVPN ──→ Lucy containers
↑ ↓
PRIMARY DB BACKUP DB
API server VPN Server (Docker)
```
| Component | IP | Role |
|-----------|-----|------|
| OpenVPN Server | 192.168.254.1 | Rackham Docker (`cool_khayyam`) |
| Rackham Host | 192.168.254.105 | Primary DB, API |
| Lucy | various container IPs | Backup DB, VPN clients |
**VPN Subnet:** 192.168.254.0/24
### Gitea Repos
| Repo | Contents |
|------|----------|
| `Sulkta-Coop/adacam` | Liberation scripts, forwarder, recovery artifacts, docs |
| `Sulkta-Coop/varroa` | Android app (store-and-forward) |
**Gitea Token:** `33a9eb57b58c262f4434c12028bc3a30b1ff7021`
---
## Code Deliverables
### adacam-forwarder.py ✅ COMPLETED TODAY
**Location:** `/data/adacam/adacam-forwarder.py` (on Bee) / `Sulkta-Coop/adacam/services/`
**What It Does:**
1. Watches `/data/recording/landmarks/*.json` for new detections
2. Parses landmark JSON (class, confidence, lat/lon, timestamp)
3. Batches detections and POSTs to ADAMaps `/api/ingest`
4. Uploads detection images to `/api/images`
5. Queues failed uploads to SQLite for retry
6. Tracks state to survive restarts
**Why It Matters:** Replaces odc-api (Node.js, 144MB RSS, 14% CPU) with lightweight Python (~20MB, 1% CPU). Reads detection files directly — no dependency on Hivemapper's API.
**Resource Comparison:**
| Service | Memory | CPU (idle) |
|---------|--------|------------|
| odc-api (Node.js) | 144MB | 14% |
| adacam-forwarder | ~20MB | ~1% |
### adacam-api (Concept)
**Vision:** Single unified API replacing odc-api + bee-agent-api
```
adacam-api (0.0.0.0:5000)
├── /pair # Phone pairing
├── /api/1/landmarks/* # Detection data
├── /api/1/wifi/* # WiFi config
├── /api/1/shell # OpenClaw shell (auth required)
├── /api/1/files/* # File read/write
└── /api/1/status # System health
```
**Network Binding:** Binds to `0.0.0.0:5000` (all interfaces) so it's accessible from:
- **Bee AP**`192.168.0.10:5000` (when connected to Bee's WiFi)
- **Home WiFi**`192.168.0.x:5000` (when Bee is on zerocool)
This means when the truck is parked at home and Bee connects to zerocool, you can access the API from any device on the network without switching WiFi.
**Security:** `/api/1/shell` requires `X-Agent-Key` header — don't recreate Hivemapper's CVE (unauthenticated shell).
### Liberation Scripts
| Script | Version | Status |
|--------|---------|--------|
| liberate-v0.5.sh | v0.5 | Ready — blocks Hivemapper, installs SSH keys |
| install-forwarder.sh | v1.0 | Ready — deploys adacam-forwarder |
| ssh-recovery-*.mender | v1-v8 | Tested, not confirmed working |
**Lesson Learned:** Always write SSH keys BEFORE applying hardening.
---
## Brick Bee Recovery
### Why Mender Flashes Aren't Working
**The Core Problem:** Even if Mender flash succeeds, the bad `sshd_config` survives.
```
/data/overlay/current/ssh/sshd_config
Contains: PasswordAuthentication no
But no authorized_keys exist
Result: SSH locked out
```
**Mender only replaces rootfs (A/B partitions).** The `/data` partition is NEVER touched by OTA updates. The overlay at `/data/overlay/current/` persists through ALL flashes.
### Why We See "USB Activity" But Nothing Changes
Possible causes:
| Theory | Explanation |
|--------|-------------|
| Hash match exit | If artifact's syshash matches inactive partition, usb-updater exits without flashing |
| dm-verity failure | Flash succeeds but hash mismatch causes fallback to old partition |
| Silent failure | mender --install fails internally |
| Flash works, overlay kills it | We can't tell the difference without shell access |
**Diagnostic Block:** Can't verify any of these without shell access. It's a chicken-and-egg problem.
### What We Tried (v1-v8)
| Version | Approach | Result |
|---------|----------|--------|
| v1-v4 | Mender state scripts | State scripts never called (Hivemapper fork ignores them) |
| v5-v8 | Patched usb-updater | No evidence of success |
### Discovery: U-Boot Recovery Flags
Deep recon found U-Boot `recovflag` variable with these modes:
- `1` = fastboot
- `2` = load recovery from factory partition (p10)
- `3` = **WIPE /data** ← This would clear the bad overlay!
- `4` = fastboot with timeout
If we can set `recovflag=3` via UART, the device would wipe `/data` on next boot, clearing the bad overlay entirely.
### Next Steps: UART Serial Console
**The reliable fix:** Physical access to UART debug pins.
Intel Keem Bay exposes UART at `0x20180000`. Steps:
1. Open Bee enclosure (need screwdrivers — Cobb looking)
2. Find UART pads on PCB
3. Connect USB-to-serial adapter
4. Get bootloader/root shell
5. Manually remove `/data/overlay/current/ssh/sshd_config`
6. Write authorized_keys
7. Reboot
**Status:** Cobb locating appropriate screwdrivers.
---
## Data Pipeline
### Detection Flow
```
Camera (OV10640 2028x1024)
depthai_gate (VPU inference, YOLOv8-nano)
map-ai.py (NMS, GPS fusion, confidence filtering)
/data/recording/landmarks/*.json (DETECTION FILES)
adacam-forwarder.py → POST /api/ingest
ADAMaps PostGIS (Rackham)
```
### Key Discovery: Detections Are FILES, Not SQLite
**Location:** `/data/recording/landmarks/*.json`
SQLite (`/data/odc-api.db`) only has: gnss, imu, magnetometer, config, state. NO detections table.
**Landmark JSON Format:**
```json
{
"id": 2945056,
"class_label": "road_sign",
"overall_confidence": 0.847,
"lat": 33.841234,
"lon": -118.391234,
"timestamp": 1746377552043,
"image_path": "/data/recording/cached_observations/..."
}
```
### Image Storage
**Detection Images:** `/data/recording/cached_observations/`
- Cropped detection chips (signs, markings, etc.)
- Referenced by `image_path` in landmark JSON
- Uploaded to ADAMaps `/api/images` endpoint
### ADAMaps Ingest
**Endpoint:** `POST /api/ingest`
**Auth Header:** `X-AdaMaps-Key: adamaps-ingest-2026`
**Payload:**
```json
{
"device_id": "dashcam-4A928016A02C1046",
"detections": [
{
"ts": 1746377552043,
"lat": 33.841234,
"lon": -118.391234,
"class_label": "road_sign",
"overall_confidence": 0.847
}
]
}
```
### Detection Classes
| ID | Label | Notes |
|----|-------|-------|
| 0 | road_sign | Traffic signs |
| 1 | lane_marking | Road lines, arrows |
| 2 | traffic_light | Signal heads |
| 3 | face | Privacy (blur) |
| 4 | license_plate | Privacy (blur) |
| 5 | road_marker | Mile markers, reflectors |
| 6 | construction | Signs/barriers |
| 7 | vegetation | Overgrown blocking signs |
**Confidence threshold:** 0.3 minimum to store
---
## Next Steps — Prioritized
### Immediate (This Week)
1. **UART Access for Brick Bee** — Cobb finding screwdrivers
- Open enclosure, locate UART pins, connect serial adapter
- Clear bad overlay, write SSH keys, verify recovery
2. **Move Truck Closer** — When Abby leaves (her parking spot is nearer)
- Fixes WiFi instability
- Allows stable tunnel debugging
3. **Test HTTP Agent via Tunnel** — May work even if SSH relay doesn't
- Agent ready at `/data/adacam/agent.py:8080`
- Simpler protocol than SSH-over-SSH
### Short-Term (This Month)
4. **Deploy adacam-forwarder on Truck Bee**
- Already written and tested
- Will start pushing detections to ADAMaps
5. **Kill odc-api on Truck Bee**
- Saves 13% CPU
- Remove from map-ai.service dependency
6. **Backfill Stored Data**
- Truck Bee has significant stored detections never pushed
- After forwarder working, backfill to ADAMaps (NOT Hivemapper)
### Long-Term
7. **Complete adacam-api (Unified)**
- Merge forwarder + agent into single service
- Phone pairing, shell access, detection API
8. **SIM for LTE Testing**
- Enable cellular connectivity
- Failover when WiFi unavailable
9. **Custom Firmware Image**
- Pre-liberated rootfs
- Own signing keys
---
## Quick Reference
### IP Addresses
| Device | IP | Access |
|--------|-----|--------|
| Truck Bee AP | 192.168.0.10 | `ssh root@192.168.0.10` (no password) |
| Truck Bee WiFi Client | 192.168.0.155 | Via zerocool network |
| Bee USB Bridge | 192.168.197.55 | Recovery (not working on Brick) |
| Lucy | 192.168.0.5 | Home network |
| Rackham (VPN) | 192.168.254.105 | API/DB access |
### API Keys
| Service | Header | Value |
|---------|--------|-------|
| ADAMaps Ingest | X-AdaMaps-Key | `adamaps-ingest-2026` |
| Bee Agent | X-Agent-Key | `bee-agent-sulkta-2026` |
### SSH Key (OpenClaw)
```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQxwJU91TCxds34P18D3xRbu7rxlrgTUoml/H8nxeDK kayos@openclaw
```
---
## Files Created Today
| Path | Description |
|------|-------------|
| `/root/.openclaw/workspace/recon/` | 9 files — complete Truck Bee system recon |
| `/root/.openclaw/workspace/docs/ADAMAPS-MASTER-REPORT-FINAL.md` | v3.1 canonical project doc |
| `/root/.openclaw/workspace/docs/BRICK-BEE-RECOVERY-RESEARCH.md` | Recovery research findings |
| `/root/.openclaw/workspace/docs/BEE_DATA_PIPELINE.md` | Complete data flow documentation |
| `/root/.openclaw/workspace/projects/adacam/services/` | adacam-forwarder.py + docs |
All pushed to Gitea `Sulkta-Coop/adacam`.
---
## Summary
**Good news:** Truck Bee is fully operational, detection pipeline understood, forwarder written, infrastructure solid.
**Blocking issue:** Brick Bee recovery requires UART serial access (screwdriver hunt in progress).
**Next action:** Find screwdrivers, open Brick Bee, fix overlay via serial console.
---
*Report generated 2026-03-22 by Kayos*