MeshMonitor

Appearance

GitHub Stars

MeshMonitor v4.7.0 β€” MeshCore Remote Admin & broker-managed MQTT topic rewrites

releaseimportantmeshcoremqttsecurity

What's new ​

v4.7.0 is mostly two things: a full MeshCore remote-administration surface, and the return of MQTT bridge topic rewriting with the configuration UI living on the broker side. It also reverts an earlier per-source MQTT dashboard experiment that replaced the v4.6.6 Channels / Telemetry / DMs / Map dashboard with a thin Map + Settings shell β€” those source types now fall through to the full Meshtastic dashboard again, exactly as they did in v4.6.6.

MeshCore Remote Administration ​

For any Repeater or Room Server contact in your MeshCore source, the contact-detail panel now hosts a Remote administration console. Log in with the node's admin password (or blank for guest), and you can:

  • Send arbitrary CLI commands (ver, stats, neighbors, set radio …) with the reply appearing inline in a terminal-style transcript.
  • Use quick-action buttons that pre-fill the common verbs and surface a typed-name confirmation modal for destructive commands (reboot, erase, clkreboot, factory). Mirrored server-side so a script can't bypass the prompt.
  • Read live stats in a structured panel β€” battery, queue depth, packet counts, air time, last RSSI / SNR β€” auto-refreshed every 30 seconds.
  • Manage the ACL via a setperm form: paste a 64-character hex pubkey, pick Remove / Guest / ReadWrite / Admin, click Apply.

A separate Device console lives in the Configuration tab for the locally connected node. Dispatch is device-type-aware: Repeater / Room Server gets the device's native serial CLI; Companion firmware gets a small synthetic CLI (ver / stats / clock / advert / help) that maps to existing companion-protocol calls.

Optionally save the admin password so subsequent visits auto-log-in silently. The plaintext is encrypted with AES-256-GCM using a key derived from SESSION_SECRET; a 4-byte fingerprint on each envelope makes secret rotation detectable and surfaced as a yellow banner instead of a silent auth-tag failure. The plaintext never crosses the wire back to the frontend β€” the auto-login route decrypts in-process, calls loginToNode, and never echoes the password.

Capability gating

When SESSION_SECRET was auto-generated rather than configured, the "Remember password" checkbox is disabled. Persisting against an ephemeral key would lose every saved password on restart. Set SESSION_SECRET=$(openssl rand -hex 32) in your environment to enable credential persistence.

Everything is gated by a new per-source remote_admin permission so you can grant CLI access to a subset of operators without unlocking source configuration.

Every CLI command, login outcome, and credential mutation also writes an audit_log row with distinct action names per outcome (meshcore_remote_cli, meshcore_remote_login, meshcore_credential_forget, etc.) β€” a forensic trail if you need to answer "who ran reboot against which repeater when?".

Full architecture write-up for the curious: docs/internal/dev-notes/MESHCORE_REMOTE_ADMIN.md.

MQTT topic rewriting (now broker-managed) ​

Topic rewriting lets a single MQTT bridge swap a literal topic prefix in either direction β€” typically used to glue together two meshes that publish under different MQTT roots (e.g. relay msh/US/TX/... from the public Houston broker as msh/US/LA/... so LA-attached devices subscribed to msh/US/LA/# actually see the traffic). The feature briefly shipped in v4.6.6 as part of the experimental per-source bridge dashboard and was reverted alongside that dashboard.

In v4.7 it's back, with the configuration UI moved to the broker's edit modal. Open the broker source's edit dialog, scroll to Bridge topic rewrites, and you'll see one collapsible panel per bridge attached to that broker β€” each with Downlink and Uplink columns of from / to prefix inputs. Saving the broker writes per-bridge config updates for whatever changed. The backend (publish-path rewriting + echo-cache integration + standalone-bridge rejection + wildcards-disallowed validator) is unchanged from the original implementation.

Full reference: MQTT broker docs β†’ Topic rewriting.

MQTT dashboard restored ​

If you saw the broker / bridge detail pages in v4.6.6 collapse into a Map + Settings shell with no Channels, Telemetry, DMs, or Map: that's been reverted. Broker and bridge sources route to the full Meshtastic dashboard again with every original surface available β€” same routing as v4.6.6.

Action items after upgrade ​

  • Try Remote Administration on a Repeater or Room Server contact. If you want the saved-password convenience, make sure SESSION_SECRET is configured.
  • If you were using topic rewrites in v4.6.6 (between the original merge and the revert), reopen the broker that owns the bridge and re-enter the rewrite rules under "Bridge topic rewrites" β€” the field locations changed.
  • Grant remote_admin per-source to operators who should be able to run CLI commands against your MeshCore Repeaters / Room Servers. Admins already have it implicitly.

Full release notes: CHANGELOG.md.

Last updated: