Honesty is a positioning advantage. We don’t list features as shipped until they actually ship. Here’s where things actually stand.
If we say it on the main page, it works in production. Live at tick.i4seer.com.
Both transports run continuously. WiFi-first dispatch with cell fallback, per send. Auto-recovery from outages without operator action. Modem-side TLS via SIM7028.
Bring your own backend, an enterprise Tick Private Portal, or the i4Seer-hosted portal. Same firmware behind all three.
Live device list over WebSocket, per-device panel with transport indicator, command queue, firmware OTA, audit. localStorage backfill on reconnect, exponential-backoff auto-reconnect.
Queue commands from the portal; device executes on next chkin and returns the result. UUID-keyed replay cache, signed both ways, written to audit.
Per-device targeting over WiFi or cellular. Kicked off from the portal (operator targets an image) or the device (ota go). Chunked download with compression and SHA verification, resume-on-crash via NVS, progress events sampled and rendered in the UI.
Factory-fresh devices land in the unclaimed pool on first HMAC-valid POST, with an auto-named label. Operator clicks Approve to bring it into service.
Every approval, label change, queued command, firmware target, OTA outcome — logged with operator identity. Per-device JSONL rotated monthly. Export via tick-cli audit --days/--device/--op.
64KB flash partition, up to 1024 indexed entries. chkin v2 carries a breadcrumb; the UI renders a colored chip per device. Drill in with queued errlog show. Survives reboot and reflash.
Dedicated 64 KB flash partition. 3,840-slot append-only ring — ~64 hours at one-minute records, ~26 days at ten minutes. Reboot-safe, CRC-16 per slot. Drains oldest-first as soon as the device gets back online.
HMAC-SHA256 of body + timestamp + nonce on device requests; signed responses back. Replay cache on command IDs. Salt rotation supported with overlap window.
Opt-in FRAME_FLAG_ENCRYPTED bit on operator↔device frames. AES-256-GCM with 12-byte per-frame nonce. HMAC-verified before GCM tag check — defense in depth on top of TLS.
Per-device HMAC secrets can be sealed with AES-256-GCM using a KEK loaded at boot. Opt-in via TICK_KEK_PATH. Plaintext fallback for development.
Operator HMAC token is wrapped in browser localStorage with AES-256-GCM, keyed by PBKDF2-SHA256 (600k iters) of a login passphrase. Plaintext in memory only during a session.
Per-op counters, queue depth, device counts, frame errors. Surfaced through OP_METRICS and rendered in the operator UI status header.
Strict CSP and security headers, HTTP-to-HTTPS redirect listener, graceful SIGTERM/SIGINT shutdown that drains in-flight requests, operator tokens with 14d idle / 90d hard expiry.
Active priorities. These are the next features customers will see.
End-customer accounts. Org as the security boundary, fleets as groupings, roles cascading from org to fleet, fleet members for outside-contractor scoping. Cascade designed and documented; build underway. Today: operator-only.
Fleet-level rules. Email and webhook delivery. Threshold breaches, dwell-time, cooldowns, resolved-notifications. The pager-at-3am feature.
The portal forwards data and state changes out to your destinations as they arrive. HTTPS routes ship first; other targets are in development:
1-Wire DS18B20 first — cheap, accurate, waterproof. Measure what your customer actually cares about, not the device’s internal temperature.
Self-service reset over email token. On the path with end-customer accounts.
Nightly automated backup to S3-compatible storage. Cheap, decoupled from any single server’s survival.
On the list, but waiting for a customer to ask. We don’t speculatively build.
One operational fleet exposed unauthenticated, field-scrubbed and rate-limited — the demo as the product. Behind alerting and Routes in priority.
Customer enters a one-time token printed on the device label and the device joins their org. Today: a platform operator clicks Approve.
Trend lines, range pickers, threshold overlays. Most useful once alerting overlays its rules on the same chart.
Per-device-per-month, billed to org owner. Won’t exist until someone’s offered to pay.
The other half of alerting: a device that should be reporting and isn’t. Same plumbing as threshold alerts, different trigger.
The current file-based store is fine to a few thousand devices. Beyond that, time-series indexing alongside. Files stay valid through the transition.
Things that sound like good ideas but trade off against the design. Listed here so we don’t get asked twice.
Editing reading cadences and send intervals from a browser form looks friendly but creates a misconfiguration surface that a typo can disable a fleet through. We’ll keep cadence changes in the command queue and the serial shell, where they go through audit and recover-from-typo paths the UI doesn’t have.
A live shell over the modem looks good in a demo but doesn’t survive cellular jitter or device sleep. The queued-command model fits the device’s actual lifecycle: command goes in, runs on next chkin, result comes back — signed, auditable, and replay-proof.