ferrite-sdk

Appearance

Server Configuration

The server is configured through a combination of command-line arguments and environment variables. Environment variables are loaded from a .env file via dotenvy (see .env.example).

Command-line arguments 

ferrite-server [OPTIONS] [COMMAND]

Global options

FlagDefaultDescription
--http <ADDR>0.0.0.0:4000HTTP listen address (ip:port)
--db <PATH>./ferrite.dbSQLite database file path
--elf-dir <PATH>./elfsDirectory for uploaded ELF files
--addr2line <PATH>Auto-detectPath to arm-none-eabi-addr2line binary

Subcommands

CommandDescription
serveStart the HTTP server (default if no command given)
reportPrint a summary of all devices to stdout
faultsList recent fault events to stdout
metricsList recent metrics to stdout

Environment variables

Authentication

VariableDefaultDescription
KEYCLOAK_URLKeycloak base URL (enables OIDC mode)
KEYCLOAK_REALMKeycloak realm name
KEYCLOAK_CLIENT_IDDashboard SPA client ID
KEYCLOAK_CLIENT_SECRET(Optional) Confidential client secret
BASIC_AUTH_USERadminPrimary basic auth username
BASIC_AUTH_PASSadminPrimary basic auth password
BASIC_AUTH_USERSAdditional users (format below)

BASIC_AUTH_USERS format: user1:pass1:role,user2:pass2:role

Roles: admin, provisioner, viewer.

API security

VariableDefaultDescription
INGEST_API_KEYAPI key for /ingest/* endpoints
CORS_ORIGIN* (all)Allowed CORS origin
CHUNK_ENCRYPTION_KEY32-char hex AES-128 key for encrypted chunks
RATE_LIMIT_RPSdisabledPer-IP rate limit (requests/second)

Alerting

VariableDefaultDescription
ALERT_WEBHOOK_URLWebhook URL for fault/offline alerts (Slack/Discord compatible)
ALERT_OFFLINE_MINUTES10Minutes before a device is marked offline

Data retention

VariableDefaultDescription
RETENTION_DAYS90Auto-purge data older than N days (0 = disabled)

HTTP API endpoints

Health & discovery

MethodPathAuthDescription
GET/healthPublicServer health check
GET/auth/modePublicAuth mode discovery
GET/metrics/prometheusPublicPrometheus metrics
GET/events/streamPublicSSE live event stream

Data ingest

MethodPathAuthDescription
POST/ingest/chunksAPI key (if configured)Accept binary chunks
POST/ingest/elfRequiredUpload ELF for symbolication (max 50 MB)

Device management

MethodPathAuthDescription
GET/devicesUserList all devices
POST/devices/registerProvisioner+Register a device
POST/devices/register/bulkProvisioner+Bulk register devices
GET/devices/:keyUserGet device by key
PUT/devices/:keyProvisioner+Update device metadata
DELETE/devices/:keyAdminDelete a device

Device data

MethodPathAuthDescription
GET/devices/:id/faultsUserDevice fault events
GET/devices/:id/metricsUserDevice metrics
GET/faultsUserAll fault events
GET/metricsUserAll metrics

Groups (fleet management)

MethodPathAuthDescription
GET/groupsUserList groups
POST/groupsAdminCreate group
GET/groups/:idUserGet group details
PUT/groups/:idAdminUpdate group
DELETE/groups/:idAdminDelete group
GET/groups/:id/devicesUserList group devices
POST/groups/:id/devices/:device_idAdminAdd device to group
DELETE/groups/:id/devices/:device_idAdminRemove device from group

OTA firmware updates

MethodPathAuthDescription
GET/ota/targetsUserList OTA targets
POST/ota/targetsAdminSet OTA target for a device
GET/ota/targets/:device_idUserGet target for device
DELETE/ota/targets/:device_idAdminRemove OTA target

Admin

MethodPathAuthDescription
GET/admin/backupAdminDownload database backup
GET/admin/retentionAdminView retention policy status

Ingest endpoint details

POST /ingest/chunks

Accepts a raw binary body containing one or more concatenated wire-format chunks.

Headers:

  • X-Device-Id (optional): Fallback device ID if no DeviceInfo chunk is present
  • X-API-Key (required if INGEST_API_KEY is set): API key for authentication

Response:

json
{
  "ok": true,
  "chunks_received": 4,
  "errors": []
}

POST /ingest/elf

Accepts a raw binary ELF file (max 50 MB). Requires authentication.

Headers:

  • X-Firmware-Version (recommended): Version string for the ELF file
  • Authorization: Bearer token or Basic auth
bash
curl -X POST http://localhost:4000/ingest/elf \
  -H "X-Firmware-Version: 1.2.3" \
  -H "Authorization: Basic $(echo -n admin:admin | base64)" \
  --data-binary @target/thumbv7em-none-eabihf/release/my-firmware

Prometheus metrics

The /metrics/prometheus endpoint exposes:

  • ferrite_devices_total — total registered devices
  • ferrite_devices_online — currently online devices
  • ferrite_faults_total — total fault events
  • ferrite_metrics_total — total metric data points
  • ferrite_reboots_total — total reboot events
  • ferrite_groups_total — number of device groups
  • ferrite_ingest_requests_total — ingest request counter
  • ferrite_chunks_processed_total — chunk processing counter
  • ferrite_auth_failures_total — authentication failure counter
  • ferrite_sse_connections — active SSE connections

Server-Sent Events (SSE)

The /events/stream endpoint provides real-time updates:

bash
curl -N http://localhost:4000/events/stream

Event types: heartbeat, fault, metric, reboot, device_registered, ota_available.

SQLite schema

The server creates these tables:

  • devices — device_id, name, status, firmware_version, device_key, tags, provisioned_by/at
  • fault_events — fault_type, pc, lr, cfsr, hfsr, mmfar, bfar, sp, stack_snapshot, symbol
  • metrics — key, metric_type, value_json, timestamp_ticks
  • reboot_events — reason, extra, boot_sequence, uptime_before_reboot
  • groups — name, description
  • group_memberships — group_id, device_id
  • ota_targets — device_id, target_version, build_id, firmware_url

All tables use SQLite WAL mode. Foreign keys are enabled.

Released under the MIT License.

Copyright 2024-present ferrite contributors