SenaxInc
diff --git a/‎CODE REVIEW/CODE_REVIEW_12222025.md‎
Lines changed: 148 additions & 0 deletions b/‎CODE REVIEW/CODE_REVIEW_12222025.md‎
Lines changed: 148 additions & 0 deletions
diff --git a/‎TankAlarm-112025-Client-BluesOpta/README.md‎
Lines changed: 74 additions & 17 deletions b/‎TankAlarm-112025-Client-BluesOpta/README.md‎
Lines changed: 74 additions & 17 deletions
@@ -0,0 +1,148 @@
+# Code Review: Tank Alarm 112025 (Opta + Blues)
+**Date:** December 22, 2025
+**Reviewer:** GitHub Copilot
+
+## Overview
+This review covers the "112025" version of the Tank Alarm system, specifically the Server, Client, and Viewer components designed for the Arduino Opta and Blues Wireless Notecard.
+
+**Scope:**
+- `TankAlarm-112025-Server-BluesOpta/`
+- `TankAlarm-112025-Client-BluesOpta/`
+- `TankAlarm-112025-Viewer-BluesOpta/`
+
+## Summary
+The codebase is well-structured, modular, and demonstrates a high level of maturity for an embedded system. It effectively leverages the capabilities of the Arduino Opta (STM32H7) and the Blues Notecard. The code handles complex tasks such as telemetry aggregation, remote configuration, and reliable communication with robust error handling.
+
+## Key Strengths
+1.  **Architecture**: Clear separation of concerns between Server, Client, and Viewer roles. The Server acts as the central hub, aggregating data and managing configuration, while Clients are focused on sensing and reporting.
+2.  **Hardware Abstraction**: The code uses conditional compilation (`#ifdef`) effectively to support different hardware platforms (Opta/Mbed vs. STM32duino), ensuring portability.
+3.  **Robustness**:
+    -   **Watchdog Timer**: Integrated watchdog support (`IWatchdog` or Mbed `Watchdog`) prevents system hangs.
+    -   **Error Handling**: Notecard requests and JSON parsing are checked for errors.
+    -   **Memory Management**: Heap allocation for large JSON documents is handled correctly with explicit `delete` calls.
+4.  **Configuration**: Extensive use of `#define` macros for compile-time configuration and `struct`s for runtime configuration.
+5.  **Features**:
+    -   **Remote Configuration**: The system supports pushing configuration updates from the Server to Clients via the Notecard.
+    -   **Calibration**: A learning-based calibration system is implemented.
+    -   **Web Interface**: The Server hosts a comprehensive web dashboard and configuration tools.
+
+## Findings & Recommendations
+
+### 1. Network Configuration (High Priority)
+**Observation:** IP addresses and MAC addresses are hardcoded in the firmware.
+-   `gStaticIp`, `gStaticGateway`, etc. are defined as `static` global variables.
+-   `gMacAddress` is hardcoded.
+
+**Risk:** This limits deployment flexibility. Multiple devices on the same network would require recompilation to avoid IP/MAC conflicts.
+
+**Recommendation:**
+-   **DHCP**: Enable DHCP by default, with a fallback to a static IP if DHCP fails.
+-   **Configuration File**: Load network settings (IP, Gateway, Subnet) from a configuration file on the filesystem (e.g., `network.json`) or from the Notecard's environment variables.
+-   **Unique MAC**: While the locally administered bit is used, ensure a mechanism to generate a unique MAC address (e.g., based on the MCU's unique ID) to avoid collisions.
+
+### 2. String Usage (Medium Priority)
+**Observation:** The `String` class is used in several places (e.g., `performFtpBackup`, HTTP handling).
+
+**Risk:** On embedded systems, excessive use of `String` can lead to heap fragmentation over time, potentially causing instability.
+
+**Recommendation:**
+-   While the Opta has ample RAM (1MB), it is best practice to minimize `String` usage. Prefer `char` arrays and `snprintf` for string manipulation where possible, especially in long-running loops.
+
+### 3. Security (Medium Priority)
+**Observation:**
+-   The system uses a PIN (`configPin`) for protecting sensitive web actions.
+-   `SERVER_PRODUCT_UID` and `VIEWER_PRODUCT_UID` are hardcoded.
+
+**Recommendation:**
+-   Ensure the PIN is strong and changed from any default.
+-   Consider loading Product UIDs from a secure configuration or Notecard environment variables to allow for easier fleet management without recompilation.
+
+### 4. Code Duplication (Low Priority)
+**Observation:** There is some code duplication between the Server, Client, and Viewer sketches (e.g., `initializeNotecard`, `ensureTimeSync`, Watchdog setup).
+
+**Recommendation:**
+-   If the project grows, consider creating a shared library (e.g., `TankAlarmCommon`) to encapsulate common functionality. This would reduce maintenance effort and ensure consistency.
+
+### 5. Memory Safety (Medium Priority)
+**Observation:** `DynamicJsonDocument` is allocated on the heap in multiple locations across Server, Client, and Viewer.
+
+**Findings:**
+-   ✅ **Server `sendClientDataJson`** (line 2668): Uses `std::unique_ptr` correctly - no leak possible.
+-   ✅ **Server HTTP body parsing** (line 2811): Uses `std::unique_ptr` correctly.
+-   ✅ **Viewer `sendTankJson`** (line 528): Uses `std::unique_ptr` correctly.
+-   ✅ **Viewer `fetchViewerSummary`** (line 591): Uses `std::unique_ptr` and properly calls `NoteFree(json)` in both success and OOM paths.
+-   ✅ **Client config loading** (lines 939, 958, 1154): Uses `std::unique_ptr` throughout.
+-   ⚠️ **Server `handleContactsGet`** (line 4279): Uses raw `new` with manual `delete` - see issue below.
+
+**Issue in `handleContactsGet`:**
+```cpp
+DynamicJsonDocument *docPtr = new DynamicJsonDocument(CONTACTS_JSON_CAPACITY);
+// ... processing ...
+delete docPtr;  // Only called at end of function
+```
+If `serializeJson` throws or memory operations fail between allocation and delete, memory will leak.
+
+**Recommendations:**
+-   **Convert `handleContactsGet`** to use `std::unique_ptr<DynamicJsonDocument>` for consistency with other functions.
+-   The Client code properly guards malloc with null checks and frees in error paths (line 929-946) - this pattern is correct.
+
+### 6. FTP Implementation Review (Medium Priority)
+**Observation:** The FTP backup/restore implementation is functional but has several areas for improvement.
+
+**Findings:**
+
+#### A. Connection Management ✅
+-   `ftpQuit()` properly sends QUIT command and closes the control connection.
+-   `ftpConnectAndLogin()` validates host presence and connection success.
+-   `FtpSession` struct correctly encapsulates the control connection.
+
+#### B. Error Handling ⚠️
+-   **Partial Failure Recovery**: When `performFtpBackup` fails mid-backup (e.g., after 2 of 5 files), there's no rollback or indication of which files succeeded.
+-   **Silent Failures**: In `ftpBackupClientConfigs`, individual file failures are logged but don't stop the backup or report to caller.
+
+**Recommendation:** Consider returning a more detailed result structure:
+```cpp
+struct FtpResult {
+  bool success;
+  uint8_t filesProcessed;
+  uint8_t filesFailed;
+  char lastError[128];
+};
+```
+
+#### C. Buffer Size Concerns ⚠️
+-   **`ftpBackupClientConfigs`** uses a 2KB manifest buffer (line 1867) - adequate for ~40 clients with typical UID/site lengths.
+-   **`ftpRestoreClientConfigs`** uses a 1KB config buffer (line 1962) per client - may truncate large configs.
+-   **`FTP_MAX_FILE_BYTES` = 24KB** - enforced correctly in `writeBufferToFile` but not in all retrieve paths.
+
+**Recommendation:** The 1KB client config buffer should be increased to match `FTP_MAX_FILE_BYTES` or at least 2KB to prevent silent truncation of larger configurations.
+
+#### D. Timeout Handling ✅
+-   `FTP_TIMEOUT_MS` (8 seconds) is applied consistently in `ftpReadResponse` and `ftpRetrieveBuffer`.
+-   The implementation correctly handles slow/stalled connections.
+
+#### E. Data Connection Cleanup ⚠️
+-   In `ftpStoreBuffer` and `ftpRetrieveBuffer`, the data connection (`dataClient`) is properly stopped before checking transfer completion.
+-   However, if `ftpEnterPassive` succeeds but `dataClient.connect` fails, subsequent operations may leave the server in an unexpected state.
+
+**Recommendation:** After a data connection failure, consider sending `ABOR` to reset server state before the next operation.
+
+#### F. Path Traversal Security ✅
+-   `buildRemotePath` constructs paths safely using `snprintf` with bounded output.
+-   No user-controlled input flows directly into path construction.
+
+### 7. Client Memory Management (Low Priority)
+**Observation:** The Client code (lines 929-946) uses `malloc`/`free` for file reading with proper null checks.
+
+**Findings:**
+-   ✅ Null check after `malloc` (line 930 equivalent).
+-   ✅ `free(buffer)` called in both success (line 946) and error (line 941) paths.
+-   ✅ File size validated before allocation (8KB limit, line 924-927).
+-   ✅ `std::unique_ptr` used for `DynamicJsonDocument` in same function.
+
+**Recommendation:** None - this pattern is correct and robust.
+
+## Conclusion
+The "112025" code release is in excellent shape. The logic is sound, and the implementation is robust. Addressing the network configuration rigidity is the most significant improvement to be made for scalable deployment.
+
+**Status:** **APPROVED** (with recommendations)
@@ -1,19 +1,43 @@
 # TankAlarm 112025 Client - Blues Opta
 
-Tank level monitoring client using Arduino Opta with Blues Wireless Notecard cellular connectivity.
+Multi-purpose monitoring client using Arduino Opta with Blues Wireless Notecard cellular connectivity.
 
 ## Overview
 
-The TankAlarm 112025 Client monitors tank levels using analog sensors and reports data to a central server via Blues Wireless Notecard. Key features include:
+The TankAlarm 112025 Client monitors tanks, engines, pumps, and other equipment using various sensor types and reports data to a central server via Blues Wireless Notecard. Key features include:
 
 - **Cellular connectivity** via Blues Wireless Notecard
-- **Multi-tank support** - Monitor up to 8 tanks per device
-- **Configurable alarms** - High and low thresholds per tank
+- **Multi-monitor support** - Monitor up to 8 sensors per device
+- **Flexible object types** - Tanks, engines, pumps, gas systems, flow meters
+- **Multiple sensor interfaces** - Digital, analog voltage, 4-20mA, pulse/RPM
+- **Configurable alarms** - High and low thresholds per monitor
 - **Remote configuration** - Update settings from server web interface
 - **Persistent storage** - LittleFS internal flash (no SD card needed)
 - **Fleet-based communication** - Simplified device-to-device routing
 - **Watchdog protection** - Auto-recovery from hangs
 
+## Architecture
+
+### Object Types (What You're Monitoring)
+The system separates **what** is being monitored from **how** it's measured:
+
+| Object Type | Description | Typical Sensors |
+|-------------|-------------|-----------------|
+| `tank` | Liquid storage tank | 4-20mA level sensor, float switch |
+| `engine` | Engine or motor | Hall effect RPM sensor |
+| `pump` | Pump operation | Digital status, flow meter |
+| `gas` | Gas pressure system | 4-20mA pressure transducer |
+| `flow` | Flow measurement | Pulse-based flow meter |
+| `custom` | User-defined | Any sensor type |
+
+### Sensor Interfaces (How You're Measuring)
+| Interface | Description | Output Type |
+|-----------|-------------|-------------|
+| `digital` | Binary on/off | Float state (0/1) |
+| `analog` | Voltage output | Raw voltage (V) |
+| `currentLoop` | 4-20mA | Raw milliamps (mA) |
+| `pulse` | Pulse counting | RPM or flow rate |
+
 ## Hardware
 
 - **Arduino Opta Lite** - Industrial controller with built-in connectivity
@@ -27,7 +51,7 @@ The TankAlarm 112025 Client monitors tank levels using analog sensors and report
 1. Install Blues Wireless for Opta carrier on Arduino Opta
 2. Activate Notecard with Blues Wireless (see [blues.io](https://blues.io))
 3. Connect Arduino Opta Ext A0602 for analog inputs
-4. Connect tank level sensors to analog inputs
+4. Connect sensors to appropriate inputs
 
 ### 2. Software Setup
 1. Install Arduino IDE 2.x or later
@@ -36,7 +60,7 @@ The TankAlarm 112025 Client monitors tank levels using analog sensors and report
    - **ArduinoJson** (version 7.x or later)
    - **Blues Wireless Notecard** (latest)
    - LittleFS (built into Mbed core)
-4. Open `TankAlarm-112025-Client-BluesOpta.ino` in Arduino IDE
+4. Open `TankAlarm-092025-Client-BluesOpta.ino` in Arduino IDE
 5. Update `PRODUCT_UID` to match your Blues Notehub project
 6. Compile and upload to Arduino Opta
 
@@ -56,12 +80,12 @@ The client creates a default configuration on first boot. You can update configu
 1. Deploy the TankAlarm 112025 Server
 2. Access server dashboard at `http://<server-ip>/`
 3. Select client from dropdown
-4. Update settings (site name, tanks, thresholds, etc.)
+4. Update settings (site name, monitors, thresholds, etc.)
 5. Click "Send Config to Client"
 
 **Default Configuration:**
 - Sample interval: 1800 seconds (30 minutes)
-- Single tank: "Tank A" 
+- Single monitor: "Tank A" (tank, analog)
 - High alarm: 110 inches
 - Low alarm: 18 inches
 - Server fleet: "tankalarm-server"
@@ -75,15 +99,17 @@ The client creates a default configuration on first boot. You can update configu
 
 ### Sampling Settings
 - **Sample Interval**: Seconds between sensor readings (default: 1800)
-- **Level Change Threshold**: Inches of change to trigger telemetry (0 to disable)
-
-### Tank Configuration (per tank)
-- **Tank ID**: Single letter identifier (A-H)
-- **Tank Name**: Descriptive name
-- **High Alarm**: Threshold in inches for high level alert
-- **Low Alarm**: Threshold in inches for low level alert
+- **Level Change Threshold**: Change amount to trigger telemetry (0 to disable)
+
+### Monitor Configuration (per monitor)
+- **Monitor ID**: Single letter identifier (A-H)
+- **Monitor Name**: Descriptive name
+- **Object Type**: What is being monitored (tank, engine, pump, gas, flow, custom)
+- **Sensor Interface**: How measurement is taken (digital, analog, currentLoop, pulse)
+- **High Alarm**: Threshold for high alarm
+- **Low Alarm**: Threshold for low alarm
+- **Measurement Unit**: Display unit ("inches", "rpm", "psi", "gpm", etc.)
 - **Analog Pin**: Arduino Opta analog input (A0-A7, I1-I8)
-- **Sensor Type**: "voltage" (0-10V), "current" (4-20mA), "digital" (float switch), or "rpm" (hall effect)
 
 ### 4-20mA Current Loop Sensor Configuration
 
@@ -240,10 +266,12 @@ Hall effect sensors can be used to measure RPM (rotations per minute) for applic
 **Detection Methods:**
 
 1. **Pulse Counting** (default)
-   - Counts all pulses over a fixed sampling period (3 seconds)
+   - Counts all pulses over a configurable sampling period (default 60 seconds)
    - More accurate for steady speeds
    - Averages multiple revolutions for better precision
    - Formula: RPM = (pulses × 60000) / (sample_duration_ms × pulses_per_rev)
+   - Minimum detectable RPM = 60000 / (sample_duration_ms × pulses_per_rev)
+     - With 60s sampling and 1 pulse/rev: minimum 1 RPM
 
 2. **Time-Based**
    - Measures the period between two consecutive pulses
@@ -252,6 +280,13 @@ Hall effect sensors can be used to measure RPM (rotations per minute) for applic
    - More flexible for different magnet types and orientations
    - Formula: RPM = 60000 / (period_ms × pulses_per_rev)
 
+3. **Accumulated Mode** (for very low RPM < 1)
+   - Counts pulses between telemetry reports (e.g., 30 minutes)
+   - Enable with `rpmAccumulatedMode: true`
+   - Ideal for slow-moving pumps, flow meters, or agitators
+   - Formula: RPM = (accumulated_pulses × 60000) / (elapsed_ms × pulses_per_rev)
+   - With sampleSeconds=1800 (30 min) and 1 pulse/rev: detects down to 0.033 RPM
+
 **Configuration Parameters:**
 - `sensorType`: "rpm"
 - `rpmPin`: Digital input pin for hall effect sensor (uses internal pull-up)
@@ -261,6 +296,12 @@ Hall effect sensors can be used to measure RPM (rotations per minute) for applic
   - **Note:** For **bipolar** or **omnipolar** sensors, a single magnet generates 2 pulses per revolution (one for each pole). Set `pulsesPerRevolution` to `2 × number of magnets` in these cases.
 - `hallEffectType`: Sensor type - "unipolar", "bipolar", "omnipolar", or "analog"
 - `hallEffectDetection`: Detection method - "pulse" or "time"
+- `rpmSampleDurationMs`: Sample duration in milliseconds (default: 60000 = 60 seconds)
+  - Longer durations detect lower RPM but increase measurement time
+  - For 0.1 RPM detection without accumulated mode: use 600000 (10 minutes)
+- `rpmAccumulatedMode`: Set to `true` for very low RPM measurement (< 1 RPM)
+  - Counts pulses between telemetry reports instead of during a fixed sample window
+  - Best for applications where RPM is very slow (e.g., 0.1 RPM = 1 rotation per 10 minutes)
 - `highAlarm`: Maximum expected RPM for alarm (e.g., 3000)
 - `lowAlarm`: Minimum expected RPM for alarm (e.g., 100)
 
@@ -278,6 +319,21 @@ Hall effect sensors can be used to measure RPM (rotations per minute) for applic
 ```
 Note: With omnipolar sensor and 4 magnets, use pulsesPerRev = 8 (2 pulses per magnet × 4 magnets)
 
+**Example Configuration** (Slow pump flow meter - 0.1 RPM detection):
+```json
+{
+  "sensor": "rpm",
+  "rpmPin": 3,
+  "pulsesPerRev": 1,
+  "hallEffectType": "unipolar",
+  "hallEffectDetection": "pulse",
+  "rpmAccumulatedMode": true,
+  "highAlarm": 10,
+  "lowAlarm": 0.05
+}
+```
+Note: With accumulated mode enabled and 30-minute sample intervals, this can detect down to 0.033 RPM
+
 **Wiring:**
 - Connect hall effect sensor VCC to 5V or 3.3V (check sensor datasheet)
 - Connect sensor GND to Arduino GND
@@ -287,6 +343,7 @@ Note: With omnipolar sensor and 4 magnets, use pulsesPerRev = 8 (2 pulses per ma
 **Tips:**
 - Use "time" detection for faster response to speed changes
 - Use "pulse" detection for better accuracy at steady speeds
+- Use `rpmAccumulatedMode: true` for very slow rotation (< 1 RPM)
 - For multiple magnets, set `pulsesPerRev` to the number of magnets
 - For omnipolar sensors, each magnet passing creates 2 pulses (both N and S poles trigger)
 - Monitor both high and low thresholds to detect over-speed and stall conditions