docs: align with per-camera recording + per-org timezone (v0.1.43)

Sbussiso · claude · Sbussiso · commit 2feec0e696c5 · 2026-04-29T20:27:53.000-07:00
Recording page rewritten around the three per-camera modes (Continuous
24/7, Scheduled, Off) with mutual-exclusion, plus the new Time Zone
setting and operator-chosen storage cap with disk-aware default at setup
time. ApiReference picks up PATCH /api/cameras/{id}/recording-settings
and POST /api/settings/timezone; Mcp page swaps the org-level
get_recording_settings tool for get/set_camera_recording_policy.
Configuration fixes the YAML default and corrects the credential-key
crypto description. Dashboard's Settings list now points at the new
per-camera + Time Zone sections.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/frontend/src/pages/docs/ApiReference.jsx b/frontend/src/pages/docs/ApiReference.jsx
@@ -97,7 +97,16 @@ function ApiReference() {
       <p>Create a new node. Returns the API key (shown once).</p>
 
       <div className="docs-endpoint"><span className="docs-endpoint-method get">GET</span><span className="docs-endpoint-path">/api/settings</span></div>
-      <p>Get recording settings (schedule, continuous mode).</p>
+      <p>Org-level settings: notifications + timezone. Recording is per-camera since v0.1.43 — see the camera endpoints below.</p>
+
+      <div className="docs-endpoint"><span className="docs-endpoint-method post">POST</span><span className="docs-endpoint-path">/api/settings/timezone</span></div>
+      <p>Set the org's IANA timezone (e.g. <code>"America/Los_Angeles"</code>). Drives the wall-clock interpretation of per-camera scheduled-recording windows. Admin only. 422 on unknown zones.</p>
+
+      <div className="docs-endpoint"><span className="docs-endpoint-method patch">PATCH</span><span className="docs-endpoint-path">/api/cameras/{"{camera_id}"}/recording-settings</span></div>
+      <p>Update a camera's recording policy. Optional fields: <code>continuous_24_7</code>, <code>scheduled_recording</code>, <code>scheduled_start</code>, <code>scheduled_end</code> (HH:MM 24-hour in the org's timezone). The two modes are mutually exclusive — passing both as <code>true</code> returns 422. Admin only.</p>
+
+      <div className="docs-endpoint"><span className="docs-endpoint-method post">POST</span><span className="docs-endpoint-path">/api/cameras/{"{camera_id}"}/recording</span></div>
+      <p>Manual record button — thin wrapper that flips <code>continuous_24_7</code> on the camera. The heartbeat reconciler picks it up within one tick. Body: <code>{"{recording: bool}"}</code>. Admin only.</p>
 
       <div className="docs-endpoint"><span className="docs-endpoint-method get">GET</span><span className="docs-endpoint-path">/api/audit/stream-logs</span></div>
       <p>Stream access history. Admin only. Filterable by camera and user.</p>
diff --git a/frontend/src/pages/docs/Configuration.jsx b/frontend/src/pages/docs/Configuration.jsx
@@ -66,7 +66,10 @@ motion:
   cooldown_secs: 30    # minimum seconds between motion events per camera
 
 storage:
-  max_size_gb: 20      # oldest recordings/snapshots evicted when over`}</code>
+  max_size_gb: 64      # oldest recordings/snapshots evicted when over;
+                       # the setup wizard suggests a disk-aware default
+                       # (~80% of free disk, 5-64 GB clamp) — operator
+                       # confirms or overrides at install time`}</code>
         <button className="docs-copy-btn" onClick={() => copyToClipboard(`node_id: "node_abc123"
 api_key: "nak_your_key_here"
 api_url: "https://opensentry-command.fly.dev"
@@ -77,16 +80,20 @@ motion:
   cooldown_secs: 30
 
 storage:
-  max_size_gb: 20`)}>Copy</button>
+  max_size_gb: 64`)}>Copy</button>
       </div>
 
       <h3>Credential storage</h3>
       <p>
         The node API key is encrypted at rest in the SQLite DB using AES-256-GCM
-        with a machine-derived key (SHA-256 of hostname + application salt). The
-        database is <strong>not portable</strong> — copying <code>node.db</code> to a
-        different host will make the stored key unreadable. Re-run <code>setup</code>
-        after moving to a new machine.
+        with a machine-derived key — SHA-256 of the OS-managed machine
+        identifier (<code>/etc/machine-id</code> on Linux,
+        <code>HKLM\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid</code> on
+        Windows, <code>IOPlatformUUID</code> on macOS) plus a domain-separation
+        tag. These are 128-bit values set once at OS install time, unique per
+        host, and not user-modifiable. The database is <strong>not portable</strong>
+        — copying <code>node.db</code> to a different host will make the stored
+        key unreadable. Re-run <code>setup</code> after moving to a new machine.
       </p>
 
       <h3>Resetting a node</h3>
diff --git a/frontend/src/pages/docs/Dashboard.jsx b/frontend/src/pages/docs/Dashboard.jsx
@@ -27,7 +27,8 @@ function Dashboard() {
       <p>Configure your org, nodes, and recording policy. Admin-only.</p>
       <ul>
         <li><strong>Node Management</strong> — Create nodes, copy API keys at creation time, rotate keys, delete nodes (cascades to cameras).</li>
-        <li><strong>Recording Settings</strong> — Toggle continuous 24/7 or scheduled recording and define the time window. See the <a href="#recording">Recording</a> section below.</li>
+        <li><strong>Per-camera recording</strong> — each camera card inside its node has Continuous 24/7 + Scheduled Recording toggles (mutually exclusive). The node card shows a storage usage bar against the operator-chosen cap. See the <a href="#recording">Recording</a> section below.</li>
+        <li><strong>Time Zone</strong> — set the org's IANA timezone so scheduled-recording windows are interpreted as local wall-clock time, not UTC. DST handled automatically.</li>
         <li><strong>Organization</strong> — Invite members, manage roles (Admin vs Member), view resource usage relative to plan caps.</li>
         <li><strong>Subscription</strong> — Current plan, usage bars for cameras and nodes, and an upgrade/downgrade flow.</li>
         <li><strong>Danger Zone</strong> — Wipe stream logs or perform a full organization reset. Pro/Pro Plus only and each action requires a typed confirmation.</li>
diff --git a/frontend/src/pages/docs/Mcp.jsx b/frontend/src/pages/docs/Mcp.jsx
@@ -154,9 +154,15 @@ function Mcp() {
       <div className="docs-mcp-tools">
         <div className="docs-endpoint">
           <span className="docs-endpoint-method get">READ</span>
-          <span className="docs-endpoint-path">get_recording_settings</span>
+          <span className="docs-endpoint-path">get_camera_recording_policy</span>
         </div>
-        <p>The org's recording configuration: whether 24/7 continuous recording is on, whether scheduled recording is on, and the scheduled start/end times. Use when the user asks "are we recording right now?", or before filing an incident if it matters whether the moment was being recorded to disk on the CloudNode.</p>
+        <p>A single camera's recording policy: <code>continuous_24_7</code>, <code>scheduled_recording</code>, and the scheduled start/end times (HH:MM in the org's timezone). Per-camera since v0.1.43 — replaced the previous org-level <code>get_recording_settings</code>. Use when the user asks "is the garage cam recording right now?" or before filing an incident if it matters whether the moment was being archived locally.</p>
+
+        <div className="docs-endpoint">
+          <span className="docs-endpoint-method post">WRITE</span>
+          <span className="docs-endpoint-path">set_camera_recording_policy</span>
+        </div>
+        <p>Set the recording policy for a specific camera. Any field omitted is left unchanged (PATCH semantics). Use when the user asks "turn on recording for the garage cam" or "set the front door cam to record from 6pm to 6am". Times are HH:MM 24-hour in the org's timezone. Continuous and scheduled are mutually exclusive — passing both as <code>true</code> returns <code>{"{error: 'modes_conflict'}"}</code>.</p>
 
         <div className="docs-endpoint">
           <span className="docs-endpoint-method get">READ</span>
diff --git a/frontend/src/pages/docs/Recording.jsx b/frontend/src/pages/docs/Recording.jsx
@@ -4,56 +4,95 @@ import { Link } from "react-router-dom"
 function Recording() {
   return (
     <section className="docs-section" id="recording">
-      <h2>Recording & Retention<a href="#recording" className="docs-anchor">#</a></h2>
+      <h2>Recording &amp; Retention<a href="#recording" className="docs-anchor">#</a></h2>
       <p>
-        Recording in SourceBox Sentry is <strong>node-local by design</strong>. Command Center
-        sends a policy down to every CloudNode; each node writes its own recordings into
-        an encrypted SQLite database next to the binary. No video is uploaded for
-        long-term storage — the cloud holds only the small in-memory segment buffer
-        needed for live playback.
+        Recording in SourceBox Sentry is <strong>node-local by design</strong>. Each
+        camera has its own recording policy; CloudNode reconciles its in-memory
+        recording state from the backend on every heartbeat (~30 s), and
+        encrypted recording segments land in the SQLite database next to the
+        binary. No video is uploaded for long-term storage — the cloud holds
+        only the small in-memory segment buffer needed for live playback.
       </p>
 
       <h3>Recording modes</h3>
+      <p>
+        Per-camera since v0.1.43. The two modes are mutually exclusive — turning
+        one on automatically turns the other off so the operator never has to
+        reason about a conflicting policy.
+      </p>
       <ul>
-        <li><strong>Continuous</strong> — Every camera records 24/7 while its node is online. Best for commercial deployments with plenty of local disk.</li>
-        <li><strong>Scheduled</strong> — Recording is on only during a defined time window (e.g. 6pm–6am). Useful for residential after-hours coverage.</li>
-        <li><strong>Manual</strong> — Neither continuous nor scheduled is active. Operators trigger recording on-demand from the dashboard.</li>
+        <li><strong>Continuous 24/7</strong> — the camera records all the time the node is online. Best for high-value coverage and commercial deployments.</li>
+        <li><strong>Scheduled</strong> — the camera records only during a defined wall-clock window (e.g. 18:00–06:00). Useful for residential after-hours coverage, business hours archiving, etc.</li>
+        <li><strong>Off</strong> (default) — the camera streams live but writes nothing to durable storage.</li>
       </ul>
 
       <h3>Configure</h3>
       <ol>
-        <li>Go to <Link to="/settings">Settings</Link> &gt; Recording</li>
-        <li>Pick a mode (<strong>Continuous</strong>, <strong>Scheduled</strong>, or leave off for manual-only)</li>
-        <li>For Scheduled, enter the start and end time. Times are in the browser's local timezone, converted to the node's local timezone on delivery.</li>
-        <li>Save. Nodes pick up the new setting on their next heartbeat (≤30 seconds).</li>
+        <li>Go to <Link to="/settings">Settings</Link> &gt; Camera Nodes.</li>
+        <li>Each camera lives inside its node's card, below the storage bar.</li>
+        <li>Toggle <strong>Continuous 24/7</strong> for always-on, or <strong>Scheduled Recording</strong> for a window.</li>
+        <li>For Scheduled, the start/end inputs default to <code>08:00–17:00</code>; pick whatever you need.</li>
+        <li>Nodes pick up the new policy on the next heartbeat (≤30 seconds), and segments start landing in the durable archive on the next 1-second segment rotation after that.</li>
       </ol>
 
-      <h3>Retention</h3>
+      <h3>Time zone</h3>
       <p>
-        CloudNode enforces retention by size, not by age. The <code>storage.max_size_gb</code>
-        config field (default <code>20</code>) is a soft cap — when total stored
-        recordings + snapshots exceed it, the oldest files are deleted first.
+        Scheduled-recording windows are interpreted in the org's timezone, not
+        UTC, so <code>08:00–17:00</code> means 8am to 5pm where the cameras
+        physically live. Pick the zone in <Link to="/settings">Settings</Link>{" "}
+        &gt; Time Zone (defaults to UTC for new orgs; one click to use the
+        browser's detected zone). DST transitions are handled automatically —
+        a schedule entered in <code>America/Los_Angeles</code> fires at the
+        correct local hour year-round, no operator intervention at the
+        spring-forward / fall-back boundaries.
+      </p>
+
+      <h3>Storage cap &amp; retention</h3>
+      <p>
+        Each node has a single <strong>storage cap</strong> chosen during the
+        setup wizard. The wizard reads the host's free disk space and suggests
+        a sensible default — 80% of free space, clamped to the historical
+        64 GB ceiling, with a 5 GB floor. A node on a 32 GB Pi SD card gets
+        ~25 GB; a node on a 1 TB drive gets the full 64 GB. The operator can
+        override during setup or by re-running it.
+      </p>
+      <p>
+        CloudNode enforces the cap every 5 minutes: when total stored bytes
+        exceed it, oldest recording segments are deleted first (FIFO). The
+        Settings dashboard surfaces a per-node usage bar with green / amber /
+        red bands at 75% / 90% so operators can see how full each node is at
+        a glance.
+      </p>
+      <p>
+        Independently of the cap, CloudNode pauses recording writes when host
+        free disk drops below a 1 GiB safety floor — a "don't blow up the
+        host" guardrail that fires regardless of how the cap was set. Live
+        streaming continues unchanged; only the durable archive is paused.
+      </p>
+
+      <h3>Manual record button</h3>
+      <p>
+        The per-camera record button on the dashboard is a thin wrapper that
+        flips <code>continuous_24_7</code> on the camera. Same end state as
+        toggling Continuous 24/7 in Settings — the heartbeat reconciler picks
+        it up within one tick.
       </p>
-      <ul>
-        <li>Recordings and snapshots are both stored as BLOBs in the encrypted <code>data/node.db</code></li>
-        <li>Retention is checked after every new recording or snapshot</li>
-        <li>Adjust the cap to match the disk free on the CloudNode box</li>
-      </ul>
 
       <h3>Playback</h3>
       <p>
-        Recordings are browsable from the node's local HTTP server on port 8080 —
-        <code>/recordings/list</code> returns the JSON list and <code>/recordings/&#123;file&#125;</code>
-        streams the bytes. Typically used from the Command Center dashboard in-app; for
-        manual access you must be on the same local network as the node.
+        Recordings are browsable from the node's local HTTP server on port
+        8080: <code>/recordings/list</code> returns the JSON list, and
+        <code>/recordings/&#123;file&#125;</code> streams the bytes. Typically
+        used from the Command Center dashboard in-app; for direct access you
+        must be on the same local network as the node.
       </p>
 
       <div className="docs-callout docs-callout-info">
         <p>
           <span className="docs-callout-icon">🔒</span>
-          <span>Because recordings never leave the node, even a Command Center compromise
-          cannot expose your archive. Protect the node machine with the same rigor you'd
-          apply to a physical NVR.</span>
+          <span>Because recordings never leave the node, even a Command Center
+          compromise cannot expose your archive. Protect the node machine with
+          the same rigor you'd apply to a physical NVR.</span>
         </p>
       </div>
     </section>
