Summary
- fetch firmware packages from configured private stackdrift-firmware source with server-side auth
- treat configured package owner as authoritative so stale device metadata cannot redirect private fetches
- require flashable package manifests before serving update data
- protect ESPHome manifest and binary proxy routes with shared FIRMWARE_UPDATE_TOKEN
Verification
- pnpm test
- pnpm check
Summary
- fetch firmware packages from configured private stackdrift-firmware source with server-side auth
- treat configured package owner as authoritative so stale device metadata cannot redirect private fetches
- require flashable package manifests before serving update data
- protect ESPHome manifest and binary proxy routes with shared FIRMWARE_UPDATE_TOKEN
Verification
- pnpm test
- pnpm check
HGC-4