release: ESP32-S3 firmware v0.6.5 — Tmr Svc stack + OTA init refactor

[ruvnet]

Three real bugs fixed end-to-end on COM7. Required for cutting v0.6.5-esp32.

1. Tmr Svc stack overflow bootloop (sdkconfig.defaults regression)

sdkconfig.defaults.template had CONFIG_FREERTOS_TIMER_TASK_STACK_DEPTH=8192 (ADR-081 — adaptive_controller emits feature_state from inside Timer Svc callbacks, exceeding the 2 KiB FreeRTOS default). The fix was MISSING from sdkconfig.defaults (the canonical file the build reads). Result: any fresh build bootlooped:

***ERROR*** A stack overflow in task Tmr Svc has been detected.
Backtrace: 0x40375d41:0x3fcbe060 0x4037eac9:0x3fcbe080 …
Rebooting...

Cherry-picked the same line into sdkconfig.defaults. Verified on hardware (COM7, ESP32-S3 8MB, edge-tier=2 provisioned): 0 panics, 0 reboots in 30 s.

2. OTA PSK never loaded in production code path

main.c:230 calls ota_update_init_ex(), not ota_update_init(). Pre-this-PR, only ota_update_init() loaded the PSK from NVS. So in production:

• s_ota_psk stayed empty regardless of NVS contents
• My RuView#596 fail-closed check (just-merged PR fix(firmware): OTA upload fails closed when no PSK in NVS (RuView#596 audit) #623) rejected every request — correct security posture, but
• The boot-time diagnostic warning never printed, leaving operators no signal

Extracted ota_load_psk_from_nvs() and call it from both init paths. Verified on hardware:

W (3126) ota_update: NVS namespace 'security' not found —
OTA upload endpoint will REJECT all requests until provisioned.
Fail-closed per RuView#596.

3. version.txt bump

0.6.4 → 0.6.5 paired with the v0.6.5-esp32 tag. firmware-ci version-guard job (RuView#505 fix-marker) requires exact match.

Hardware validation matrix

Check	Status
8MB binary builds	✅ 1.10 MB, 47% partition free
4MB binary builds	✅ 894 KB, 53% partition free
Flash 8MB to COM7	✅ Hash verified
Boot at edge-tier=2 (the case #438 reported bootlooping on v0.4.3.1)	✅ Clean boot, edge DSP task started on core 1
30 s steady operation	✅ 0 panics, 0 reboots, 870 log lines, CSI streaming
OTA fail-closed warning	✅ Prints at boot 3.1 s after reset
Embedded version	✅ App version: 0.6.5

Incidentally closes by hardware-validation

• boot loop #438 — boot loop at edge-tier 2 (was v0.4.3.1, not reproducible on current main)
• Implicit re-validation of Ghost person detection, FPS infinity, skeleton flickering and jumpy vitals with ESP32-S3 multi-node setup (edge-tier 1 & 2) #519 Bug 4 — vital_signs circular variance (fix(vital_signs): use circular variance for wrapped phases #595) didn't introduce regressions

Release artifacts

Six binaries staged in /tmp/firmware-release-stage/ for the gh release create v0.6.5-esp32 step:

• bootloader.bin, partition-table.bin, ota_data_initial.bin, esp32-csi-node.bin (8MB)
• esp32-csi-node-4mb.bin, partition-table-4mb.bin

🤖 Generated with claude-flow