v0.5.2 — Control via SignalR hub (APK-confirmed)

Rewrote the control channel. All REST write paths returned 403/503. APK reverse engineering found the actual control hub: wss://signalr.globetools.systems:446/mowerSupport authenticated with the GUC bearer token. Hub methods confirmed from classes2.dex: StartMowerRequest, ParkMowerRequest, PauseMowerRequest. Negotiate returns 200 — the channel is live.

v0.5.1 — Retry on 503 from app_datapoint_value

The correct write endpoint (app_datapoint_value) is confirmed — auth passes, the xlink service just returns 503 transiently. This version retries once after 3 seconds automatically. If the service is up when you press a button, the command will go through.

v0.5.0 — Correct write API endpoint from APK reverse engineering

Fix: discovered the correct xlink write endpoint from the Android APK (classes2.dex): POST /v2/product/{product_id}/app_datapoint_value with standard user token. All previous attempts used wrong paths. Start mowing / Return to dock / Park buttons should now work.

v0.4.9 — Defensive device_authorize refresh on retry

Minor defensive fix: after force_reauth the retry now re-reads device_authorize from the coordinator data. Control buttons still require the correct write API endpoint to be discovered — see README / issue tracker.

v0.4.8 — Fix wrong field name for device authorize

Fix: the per-device write token was silently empty because the xlink subscribe/devices response uses the field name authorize_code, not authorize. The correct token 1e3e82c37ac79c23 is now extracted and used as the Access-Token for write operations.

v0.4.7 — Use per-device authorize token for writes

Fix attempt: the user-level authorize from login is expired. In xlink v2 each subscribed device carries its own authorize code in the subscribe/devices response. This version stores that per-device code and uses it as the write Access-Token.

v0.4.6 — Auto-retry after authorize token expiry

Fix: control buttons failed with Access-Token Expired (4031021). The xlink authorize write token expires independently of the read token. Buttons now detect the expiry, force a full re-authentication, and retry the command automatically — no manual HA reload needed.

v0.4.5 — Try authorize token for device writes

Attempt fix for 403 on control buttons: swap xlink authorize code into the Access-Token header for write operations. The user token is read-only; the authorize code from login may carry write permission.

v0.4.4 — Fix button 403: use Authorize token for writes

Fix: control buttons returned 403 Access-Token permission invalid. The xlink login response includes an authorize token separate from the access_token that grants write permission. This token is now stored and sent as an Authorize: header on PUT device-state requests.

v0.4.3 — Fix button write endpoint

Fix: pressing mower control buttons raised a 404 error because the xlink write path /dp-send/ doesn't exist. Changed to /dp-write/ which is the standard xlink control endpoint.