Argus — after the hundred-eyed, all-seeing watchman of Greek myth. Turn ordinary Android phones into secure remote IP cameras, viewable live and low-latency from one desktop dashboard. Built zero-trust, privacy-first, and to scale to thousands of devices.
A commercial-grade, privacy-first platform that turns Android phones into remote IP cameras, streamed live to a unified desktop dashboard. Phones can be anywhere in the world; the system is designed to scale from a handful of devices to thousands.
[Android phone] capture → encode (H264/AV1)
│ authenticate + short-lived token
▼
[Backend: ASP.NET Core + SignalR] ── signaling (who / room / token) ──┐
│ negotiate WebRTC (ICE / SDP / DTLS-SRTP) │
▼ │
[LiveKit SFU] ◄── relayed via coturn (TURN) when firewalled │
one stream in → fanned out to every viewer ────────────────────────┘
▼
[Desktop dashboard: Electron + React] renders the grid
The phone uploads once; the SFU fans the stream out to many viewers — that's what makes "one phone → many desktops" and "thousands of phones" affordable.
- Mobile: Android · Kotlin · CameraX/Camera2 · MediaCodec · Foreground Services
- Streaming: WebRTC · LiveKit (SFU) · STUN/TURN (coturn) · H264/AV1/VP8
- Backend: ASP.NET Core · SignalR · REST · PostgreSQL · Redis
- Desktop: Electron · React · TypeScript
- Infra: Docker · Docker Compose · Nginx
android/ # Kotlin camera app (publisher) — Phase 2 scaffold
backend/ # ASP.NET Core API + media tokens — Phase 0/1
desktop/ # Electron dashboard (subscriber) — Phase 2 scaffold
media/ # LiveKit + coturn configs
deploy/ # docker-compose, Nginx, env template
tools/ # media test harness (forced-relay validation)
docs/ # PRD, tech spec, plan, security designs
.claude/ # the specialist agent/skill ecosystem ("the team")
Requires Docker + Docker Compose. (The .NET SDK is only needed to develop the API outside Docker.)
cd deploy
cp .env.example .env # then fill in secrets
docker compose up -d --build # brings up api, postgres, redis, livekit, coturn, nginx
curl http://localhost/healthz # via the Nginx edge
curl http://localhost/api/pingPostgres/Redis are not exposed to the host in the base stack; the dev override exposes them on localhost for debugging.
| Doc | What |
|---|---|
| docs/QUICKSTART.md | Self-host 2 phones on your Wi-Fi (start here to run it) |
| docs/PRD.md | Product requirements (what & why) |
| docs/TECH_SPEC.md | Technical design (how) |
| docs/IMPLEMENTATION_PLAN.md | Phased build plan (agents/skills per task) |
| docs/security/ | Threat model, identity/PKI, token & session design |
| CLAUDE.md | Always-on project context |
| CLAUDE_ECOSYSTEM_DESIGN.md | The agent/skill ecosystem |
- ✅ Phase 0 — Foundations: security designs, Dockerized stack, backend skeleton, DB schema.
- ✅ Phase 1 — Core media path: LiveKit join-token + ephemeral TURN endpoints, forced-relay test harness (
tools/media-harness). - ✅ Phase 2 — Real clients: Electron dashboard (
desktop/) + Android camera app (android/) scaffolded; hardening baked in. - ✅ Phase 3 — E2EE + operability: E2EE media (design + client wiring), observability stack (OTel/Prometheus/Grafana), SLOs + burn-rate alerts, incident runbook.
- ✅ Phase 4 — Scale & govern: CI/CD + supply-chain gates (.github/workflows/), edge rate-limiting, and designs for scale-out, latency budget, fleet management, and privacy DPIA.
- 🚧 Phase 5 — Roadmap features: detection (on-device CV scaffold), recording (MinIO + LiveKit Egress overlay), notifications, and a runnable FinOps cost model.
Validated end-to-end (2026-06-29): full Docker stack runs; live video flows publisher → SFU → subscriber; backend endpoints + LiveKit token verified at runtime. See tools/media-harness/README.md.
See the implementation plan for the full breakdown (each task mapped to its agent/skill).
Zero-trust by design: per-device hardware-backed identity + attestation, short-lived key-bound tokens, TLS everywhere, and a goal of end-to-end media encryption so even the SFU cannot view streams. See docs/security/THREAT_MODEL.md. Do not commit secrets — use deploy/.env (gitignored).
TBD.