Skip to content

mba-x86/Argus

Repository files navigation

Argus — Multi-Camera Monitoring System

Argus — after the hundred-eyed, all-seeing watchman of Greek myth. Turn ordinary Android phones into secure remote IP cameras, viewable live and low-latency from one desktop dashboard. Built zero-trust, privacy-first, and to scale to thousands of devices.

status license


What it is

A commercial-grade, privacy-first platform that turns Android phones into remote IP cameras, streamed live to a unified desktop dashboard. Phones can be anywhere in the world; the system is designed to scale from a handful of devices to thousands.

[Android phone] capture → encode (H264/AV1)
   │ authenticate + short-lived token
   ▼
[Backend: ASP.NET Core + SignalR] ── signaling (who / room / token) ──┐
   │ negotiate WebRTC (ICE / SDP / DTLS-SRTP)                          │
   ▼                                                                   │
[LiveKit SFU] ◄── relayed via coturn (TURN) when firewalled           │
   one stream in → fanned out to every viewer ────────────────────────┘
   ▼
[Desktop dashboard: Electron + React] renders the grid

The phone uploads once; the SFU fans the stream out to many viewers — that's what makes "one phone → many desktops" and "thousands of phones" affordable.

Tech stack

  • Mobile: Android · Kotlin · CameraX/Camera2 · MediaCodec · Foreground Services
  • Streaming: WebRTC · LiveKit (SFU) · STUN/TURN (coturn) · H264/AV1/VP8
  • Backend: ASP.NET Core · SignalR · REST · PostgreSQL · Redis
  • Desktop: Electron · React · TypeScript
  • Infra: Docker · Docker Compose · Nginx

Repository layout

android/   # Kotlin camera app (publisher)   — Phase 2 scaffold
backend/   # ASP.NET Core API + media tokens — Phase 0/1
desktop/   # Electron dashboard (subscriber) — Phase 2 scaffold
media/     # LiveKit + coturn configs
deploy/    # docker-compose, Nginx, env template
tools/     # media test harness (forced-relay validation)
docs/      # PRD, tech spec, plan, security designs
.claude/   # the specialist agent/skill ecosystem ("the team")

Quick start (local dev)

Requires Docker + Docker Compose. (The .NET SDK is only needed to develop the API outside Docker.)

cd deploy
cp .env.example .env          # then fill in secrets
docker compose up -d --build  # brings up api, postgres, redis, livekit, coturn, nginx
curl http://localhost/healthz # via the Nginx edge
curl http://localhost/api/ping

Postgres/Redis are not exposed to the host in the base stack; the dev override exposes them on localhost for debugging.

Documentation

Doc What
docs/QUICKSTART.md Self-host 2 phones on your Wi-Fi (start here to run it)
docs/PRD.md Product requirements (what & why)
docs/TECH_SPEC.md Technical design (how)
docs/IMPLEMENTATION_PLAN.md Phased build plan (agents/skills per task)
docs/security/ Threat model, identity/PKI, token & session design
CLAUDE.md Always-on project context
CLAUDE_ECOSYSTEM_DESIGN.md The agent/skill ecosystem

Status & roadmap

  • Phase 0 — Foundations: security designs, Dockerized stack, backend skeleton, DB schema.
  • Phase 1 — Core media path: LiveKit join-token + ephemeral TURN endpoints, forced-relay test harness (tools/media-harness).
  • Phase 2 — Real clients: Electron dashboard (desktop/) + Android camera app (android/) scaffolded; hardening baked in.
  • Phase 3 — E2EE + operability: E2EE media (design + client wiring), observability stack (OTel/Prometheus/Grafana), SLOs + burn-rate alerts, incident runbook.
  • Phase 4 — Scale & govern: CI/CD + supply-chain gates (.github/workflows/), edge rate-limiting, and designs for scale-out, latency budget, fleet management, and privacy DPIA.
  • 🚧 Phase 5 — Roadmap features: detection (on-device CV scaffold), recording (MinIO + LiveKit Egress overlay), notifications, and a runnable FinOps cost model.

Validated end-to-end (2026-06-29): full Docker stack runs; live video flows publisher → SFU → subscriber; backend endpoints + LiveKit token verified at runtime. See tools/media-harness/README.md.

See the implementation plan for the full breakdown (each task mapped to its agent/skill).

Security

Zero-trust by design: per-device hardware-backed identity + attestation, short-lived key-bound tokens, TLS everywhere, and a goal of end-to-end media encryption so even the SFU cannot view streams. See docs/security/THREAT_MODEL.md. Do not commit secrets — use deploy/.env (gitignored).

License

TBD.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors