Cyber Controller v1.1.0 — a large, backward-compatible feature + hardening release (10 PRs since v1.0.0). Suite green; key paths hardware-validated.
✨ Headline feature — Unified Action Broadcast
One intent verb (Find APs, BLE Scan, Deauth All, …) fans out to every connected radio at once, each in its own native command, with results converging into the shared Target Pool. New Broadcast tab + broadcast.py engine + BROADCAST_CAPABILITIES on all protocols. Live-validated: "Find APs" → BW16 AT+SCAN (dual-band) + GhostESP scanap (94 APs) simultaneously.
🔌 New flashing paths (all hardware-validated)
- GhostESP per-board
.zipbundles (merged.bin@0x0) — was previously un-flashable. - Meshtastic per-chip 128 MB zips (factory @0x0, bleota @0x260000, littlefs @0x300000) — validated on Heltec LoRa V3.
- BW16 / RTL8720DN (Realtek AmebaD, dual-band 2.4/5 GHz) — first-class non-ESP32 flash backend + serial protocol.
🔒 Security — full audit, all 10 findings closed
H-1 firmware SHA-256 pinning · H-2 no silent dev-server on LAN · M-1 serial-subscribe DoS · M-2 vault API SSRF allowlist · M-3 session-fixation rotation · M-4 admin_ip validation · L-1 Windows NTFS ACLs · L-2 durable tamper-evident audit trail · L-3 honest password handling · L-4 strict CSP nonce (no 'unsafe-inline').
⚡ Performance (no visual/behavior change)
Removed a 100 ms GUI-thread psutil block; memoized protocol command lists; bounded terminal/log memory.
🩹 Corrections
Bruce repo → canonical BruceDevices/firmware; firmware count → verified 19.
See CHANGELOG.md for the full list.
⚠️ Authorized-lab / lawful use only. Dangerous RF capabilities are labeled and gated, never removed; broadband jamming is excluded per 47 U.S.C. §333 / FCC.
