Merge branch 'release-3.1.14'

Author: curtishall

.gitignore

@@ -26,3 +26,5 @@ utils/onvif_tool
 /stage/
 
 .DS_Store
+
+.k*

.kilocode/api.yaml

@@ -0,0 +1,14 @@
+api_structure:
+  - REST-like AJAX endpoints in www/ajax/ (e.g., devices.php, events.php, storage.php)
+  - Some endpoints grouped in subfolders (e.g., events/, media/)
+  - C++ backend exposes HTTP API on port 7005 (e.g., /stats, /stats/cpu, /stats/memory)
+  - Endpoints use JSON for data exchange
+naming_conventions:
+  - Endpoints: lowercase, underscore-separated, .php extension for PHP endpoints
+  - C++ API: RESTful, path-based (e.g., /stats/cpu)
+authentication:
+  - Web UI: PHP session (session cookie, $_SESSION['id'])
+  - API: HTTP Basic Auth (server-to-server, not exposed to browser)
+legacy_vs_modern:
+  - Legacy: PHP endpoints in www/ajax/ (procedural, some inline SQL)
+  - Modern: C++ API (structured, JSON, background-updated stats) 

.kilocode/config.yaml

@@ -0,0 +1,29 @@
+project_name: Bluecherry
+summary: |
+  Bluecherry is a modular, open-source video surveillance and management system. It includes a C++ server backend for video processing and streaming, a PHP web frontend for configuration and monitoring, and a set of tools for device management, event handling, and user access control.
+  
+  Licensing and feature restrictions are enforced using Cryptlex, a commercial licensing and activation system. Cryptlex is integrated into both the backend (C++ daemons) and the web UI to validate license keys, enforce feature restrictions, and manage trial/activation states. Licensing checks occur at startup, during feature access, and when users attempt to activate or update their license. The system supports online activation, trial periods, and periodic license validation with the Cryptlex cloud service. License status and metadata are stored in the database (Licenses table) and referenced throughout the codebase for access control.
+  
+  **Integration Points:**
+    - C++ backend: Integrates Cryptlex SDK in files such as `server/v3license_server.cpp`, `server/v3license_processor.cpp`, and related headers. Handles license activation, validation, and feature gating.
+    - PHP web UI: License management and activation handled in `www/ajax/licenses.php`, `www/template/licenses.php`, and related AJAX endpoints. UI for entering license keys, viewing status, and triggering activation.
+    - Database: License data stored in the `Licenses` table (see `misc/sql/schema_mysql.sql`).
+    - API calls: Backend communicates with Cryptlex cloud via HTTPS for activation, validation, and status checks. Example API endpoints include `/api/licenses.php` (PHP) and internal C++ calls to Cryptlex SDK.
+    - Licensing logic: Enforced in both backend (C++ feature checks, daemon startup) and frontend (PHP access checks, UI restrictions).
+    - Trial and activation: Trial status, activation, and periodic re-validation are managed by both the backend and web UI, with status reflected in the database and UI.
+major_components:
+  - Bluecherry Server (C++): Handles video ingest, RTSP/HLS streaming, event processing, API, and Cryptlex license enforcement (see `server/v3license_server.cpp`, `server/v3license_processor.cpp`).
+  - www Frontend (PHP): Web UI for configuration, monitoring, user management, and license activation/validation (see `www/ajax/licenses.php`, `www/template/licenses.php`).
+  - RTSP/HLS Streaming: Real-time and historical video delivery.
+  - Licensing & User Restrictions: Enforces access and feature controls using Cryptlex (see `Licenses` table, `misc/sql/schema_mysql.sql`).
+primary_languages:
+  - C++
+  - PHP
+  - JavaScript (Chart.js, AJAX)
+  - SQL (MySQL, SQLite)
+  - Bash (scripts)
+language_guidance:
+  - Use C++ for performance-critical backend and streaming logic, including Cryptlex SDK integration (see `server/v3license_server.cpp`).
+  - Use PHP for web UI, AJAX endpoints, business logic, and license management UI (see `www/ajax/licenses.php`).
+  - Use SQL for relational data and event storage, including license metadata (see `Licenses` table).
+  - Use JavaScript for dynamic frontend features and charting. 

.kilocode/database.yaml

@@ -0,0 +1,23 @@
+major_tables:
+  - Devices: Camera/device configuration, RTSP/ONVIF info
+  - EventsCam: Camera event records (motion, triggers)
+  - Users: User accounts, hashed passwords, permissions
+  - Media: Video/audio file metadata
+  - Storage: Storage locations and usage
+  - Licenses: Licensing and feature restrictions
+  - EventComments, EventTags: Metadata for events
+  - ActiveUsers: Tracks logged-in users
+relationships:
+  - EventsCam.device_id -> Devices.id
+  - EventComments.event_id -> EventsCam.id
+  - EventComments.user_id -> Users.id
+  - EventTags.event_id -> EventsCam.id
+  - EventTags.user_id -> Users.id
+  - EventsCam.media_id -> Media.id
+  - Storage used by Devices
+naming_conventions:
+  - Tables: PascalCase (Devices, EventsCam, Users)
+  - Columns: snake_case or lowerCamelCase
+orm_vs_raw_sql:
+  - Raw SQL is used throughout (see www/ajax/ and lib/)
+  - No ORM; queries are constructed in PHP and C++ 

.kilocode/naming.yaml

@@ -0,0 +1,14 @@
+file_structure:
+  - server/: C++ backend, daemons, streaming, and API logic
+  - www/: PHP web frontend, AJAX endpoints, templates, and static assets
+  - lib/: Shared C++ libraries and device integration
+  - misc/: Scripts, SQL schema, and utilities
+  - installer/, debian/, rpm/: Packaging and deployment
+  - actions/, scripts/, utils/: Automation and helper scripts
+naming_conventions:
+  - Tables: PascalCase (e.g., Devices, EventsCam, Users)
+  - Columns: snake_case or lowerCamelCase
+  - PHP: snake_case for files, PascalCase for classes, lowerCamelCase for methods
+  - C++: snake_case for files, PascalCase for classes, lowerCamelCase for methods
+  - API endpoints: lowercase, underscore-separated (e.g., /ajax/devices.php)
+  - Config/constants: UPPER_SNAKE_CASE 

.kilocode/preferences.yaml

@@ -0,0 +1,13 @@
+preferred_libraries:
+  - Chart.js (frontend charting)
+  - Bootstrap (UI styling)
+  - jQuery (legacy AJAX, DOM manipulation)
+  - C++ STL (backend data structures)
+  - MySQL, SQLite (database)
+  - Bash (automation)
+design_patterns:
+  - PHP: MVC-like separation (templates, AJAX endpoints, lib/ helpers)
+  - C++: Daemon/service pattern for long-running processes
+  - Use of singletons for DB and config access
+  - Helper modules for device and protocol abstraction
+  - REST-like AJAX endpoints for frontend-backend communication 

.kilocode/security.yaml

@@ -0,0 +1,20 @@
+security_practices:
+  - Credentials (DB, API) stored in config files, not in code (recommended, but some legacy code may hardcode)
+  - Session-based authentication for web UI (PHP $_SESSION['id'])
+  - Basic Auth for API endpoints (server-side only)
+  - Access checks in most AJAX endpoints
+  - Use of prepared statements in some places, but some inline SQL remains
+  - Passwords hashed in DB (Users table)
+  - .htaccess and web server config restrict access to sensitive files
+do:
+  - Store secrets in config files with restricted permissions
+  - Use session checks for all sensitive AJAX endpoints
+  - Use HTTPS for all web and API traffic
+  - Regularly audit for inline SQL and credential leakage
+dont:
+  - Hardcode credentials in code (move to config if found)
+  - Expose API credentials to browser
+  - Allow unauthenticated access to AJAX endpoints
+notable_unsafe_patterns:
+  - Some inline SQL queries (risk of SQL injection if not sanitized)
+  - Some legacy endpoints may lack full access checks 

.vscode/mcp.json

@@ -0,0 +1,10 @@
+{
+  "servers": {
+    "git": {
+      "command": "uvx",
+      "args": [
+        "mcp-server-git"
+      ]
+    }
+  }
+}

clear_rrd_data.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Script to clear old RRD data and restart data collection
+# This will remove the old data and start fresh with network interface support
+
+echo "Clearing old RRD data..."
+
+# Backup the current RRD file
+sudo cp /var/lib/bluecherry/monitor.rrd /var/lib/bluecherry/monitor.rrd.backup.$(date +%Y%m%d_%H%M%S)
+
+# Remove the old RRD file
+sudo rm /var/lib/bluecherry/monitor.rrd
+
+# Restart bc-server to recreate RRD file with network interfaces
+echo "Restarting bc-server to recreate RRD file with network interface support..."
+sudo systemctl restart bc-server
+
+echo "RRD data cleared. New data collection will start with network interface monitoring."
+echo "Check the RRD file in a few minutes to see the new data including network interfaces."
+echo "Network interfaces will be automatically detected and added to the monitoring." 

debian/bluecherry.logrotate

@@ -6,6 +6,7 @@
 	notifempty
 	delaycompress
 	compress
+	create 644 root bluecherry
 	postrotate
 		/usr/lib/rsyslog/rsyslog-rotate
 	endscript