feat: Phase 6, Device provisioning and deployment of updates on git-pull

backend/manufacturing/audit.py

@@ -0,0 +1,41 @@
+import json
+import logging
+from mqtt.database import get_db
+
+logger = logging.getLogger("manufacturing.audit")
+
+
+async def log_action(
+    admin_user: str,
+    action: str,
+    serial_number: str | None = None,
+    detail: dict | None = None,
+):
+    """Write a manufacturing audit entry to SQLite.
+
+    action examples: batch_created, device_flashed, device_assigned, status_updated
+    """
+    try:
+        db = await get_db()
+        await db.execute(
+            """INSERT INTO mfg_audit_log (admin_user, action, serial_number, detail)
+               VALUES (?, ?, ?, ?)""",
+            (
+                admin_user,
+                action,
+                serial_number,
+                json.dumps(detail) if detail else None,
+            ),
+        )
+        await db.commit()
+    except Exception as e:
+        logger.error(f"Failed to write audit log: {e}")
+
+
+async def get_recent(limit: int = 20) -> list[dict]:
+    db = await get_db()
+    rows = await db.execute_fetchall(
+        "SELECT * FROM mfg_audit_log ORDER BY timestamp DESC LIMIT ?",
+        (limit,),
+    )
+    return [dict(r) for r in rows]

backend/manufacturing/models.py

@@ -59,3 +59,21 @@ class DeviceInventoryListResponse(BaseModel):
 class DeviceStatusUpdate(BaseModel):
     status: MfgStatus
     note: Optional[str] = None
+
+
+class DeviceAssign(BaseModel):
+    customer_email: str
+    customer_name: Optional[str] = None
+
+
+class RecentActivityItem(BaseModel):
+    serial_number: str
+    hw_type: str
+    mfg_status: str
+    owner: Optional[str] = None
+    updated_at: Optional[str] = None
+
+
+class ManufacturingStats(BaseModel):
+    counts: dict
+    recent_activity: List[RecentActivityItem]

backend/manufacturing/router.py

@@ -1,5 +1,6 @@
 from fastapi import APIRouter, Depends, Query
 from fastapi.responses import Response
+from fastapi.responses import RedirectResponse
 from typing import Optional
 
 from auth.models import TokenPayload
@@ -7,19 +8,48 @@ from auth.dependencies import require_permission
 from manufacturing.models import (
     BatchCreate, BatchResponse,
     DeviceInventoryItem, DeviceInventoryListResponse,
-    DeviceStatusUpdate,
+    DeviceStatusUpdate, DeviceAssign,
+    ManufacturingStats,
 )
 from manufacturing import service
+from manufacturing import audit
 
 router = APIRouter(prefix="/api/manufacturing", tags=["manufacturing"])
 
 
-@router.post("/batch", response_model=BatchResponse, status_code=201)
-def create_batch(
-    body: BatchCreate,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "add")),
+@router.get("/stats", response_model=ManufacturingStats)
+def get_stats(
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
 ):
-    return service.create_batch(body)
+    return service.get_stats()
+
+
+@router.get("/audit-log")
+async def get_audit_log(
+    limit: int = Query(20, ge=1, le=100),
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+):
+    entries = await audit.get_recent(limit=limit)
+    return {"entries": entries}
+
+
+@router.post("/batch", response_model=BatchResponse, status_code=201)
+async def create_batch(
+    body: BatchCreate,
+    user: TokenPayload = Depends(require_permission("manufacturing", "add")),
+):
+    result = service.create_batch(body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="batch_created",
+        detail={
+            "batch_id": result.batch_id,
+            "board_type": result.board_type,
+            "board_version": result.board_version,
+            "quantity": len(result.serial_numbers),
+        },
+    )
+    return result
 
 
 @router.get("/devices", response_model=DeviceInventoryListResponse)
@@ -50,22 +80,62 @@ def get_device(
 
 
 @router.patch("/devices/{sn}/status", response_model=DeviceInventoryItem)
-def update_status(
+async def update_status(
     sn: str,
     body: DeviceStatusUpdate,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
+    user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
 ):
-    return service.update_device_status(sn, body)
+    result = service.update_device_status(sn, body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="status_updated",
+        serial_number=sn,
+        detail={"status": body.status.value, "note": body.note},
+    )
+    return result
 
 
 @router.get("/devices/{sn}/nvs.bin")
-def download_nvs(
+async def download_nvs(
     sn: str,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+    user: TokenPayload = Depends(require_permission("manufacturing", "view")),
 ):
     binary = service.get_nvs_binary(sn)
+    await audit.log_action(
+        admin_user=user.email,
+        action="device_flashed",
+        serial_number=sn,
+    )
     return Response(
         content=binary,
         media_type="application/octet-stream",
         headers={"Content-Disposition": f'attachment; filename="{sn}_nvs.bin"'},
     )
+
+
+@router.post("/devices/{sn}/assign", response_model=DeviceInventoryItem)
+async def assign_device(
+    sn: str,
+    body: DeviceAssign,
+    user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
+):
+    result = service.assign_device(sn, body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="device_assigned",
+        serial_number=sn,
+        detail={"customer_email": body.customer_email, "customer_name": body.customer_name},
+    )
+    return result
+
+
+@router.get("/devices/{sn}/firmware.bin")
+def redirect_firmware(
+    sn: str,
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+):
+    """Redirect to the latest stable firmware binary for this device's hw_type.
+    Resolves to GET /api/firmware/{hw_type}/stable/{version}/firmware.bin.
+    """
+    url = service.get_firmware_url(sn)
+    return RedirectResponse(url=url, status_code=302)

backend/manufacturing/service.py

@@ -6,7 +6,7 @@ from shared.firebase import get_db
 from shared.exceptions import NotFoundError
 from utils.serial_number import generate_serial
 from utils.nvs_generator import generate as generate_nvs_binary
-from manufacturing.models import BatchCreate, BatchResponse, DeviceInventoryItem, DeviceStatusUpdate
+from manufacturing.models import BatchCreate, BatchResponse, DeviceInventoryItem, DeviceStatusUpdate, DeviceAssign, ManufacturingStats, RecentActivityItem
 
 COLLECTION = "devices"
 _BATCH_ID_CHARS = string.ascii_uppercase + string.digits
@@ -151,3 +151,77 @@ def get_nvs_binary(sn: str) -> bytes:
         hw_type=item.hw_type,
         hw_version=item.hw_version,
     )
+
+
+def assign_device(sn: str, data: DeviceAssign) -> DeviceInventoryItem:
+    from utils.email import send_device_assignment_invite
+
+    db = get_db()
+    docs = list(db.collection(COLLECTION).where("serial_number", "==", sn).limit(1).stream())
+    if not docs:
+        raise NotFoundError("Device")
+
+    doc_ref = docs[0].reference
+    doc_ref.update({
+        "owner": data.customer_email,
+        "assigned_to": data.customer_email,
+        "mfg_status": "sold",
+    })
+
+    send_device_assignment_invite(
+        customer_email=data.customer_email,
+        serial_number=sn,
+        customer_name=data.customer_name,
+    )
+
+    return _doc_to_inventory_item(doc_ref.get())
+
+
+def get_stats() -> ManufacturingStats:
+    db = get_db()
+    docs = list(db.collection(COLLECTION).stream())
+
+    all_statuses = ["manufactured", "flashed", "provisioned", "sold", "claimed", "decommissioned"]
+    counts = {s: 0 for s in all_statuses}
+
+    activity_candidates = []
+    for doc in docs:
+        data = doc.to_dict() or {}
+        status = data.get("mfg_status", "manufactured")
+        if status in counts:
+            counts[status] += 1
+
+        if status in ("provisioned", "sold", "claimed"):
+            # Use created_at as a proxy timestamp; Firestore DatetimeWithNanoseconds or plain datetime
+            ts = data.get("created_at")
+            if isinstance(ts, datetime):
+                ts_str = ts.strftime("%Y-%m-%dT%H:%M:%SZ")
+            else:
+                ts_str = str(ts) if ts else None
+
+            activity_candidates.append(RecentActivityItem(
+                serial_number=data.get("serial_number", ""),
+                hw_type=data.get("hw_type", ""),
+                mfg_status=status,
+                owner=data.get("owner"),
+                updated_at=ts_str,
+            ))
+
+    # Sort by updated_at descending, take latest 10
+    activity_candidates.sort(
+        key=lambda x: x.updated_at or "",
+        reverse=True,
+    )
+    recent = activity_candidates[:10]
+
+    return ManufacturingStats(counts=counts, recent_activity=recent)
+
+
+def get_firmware_url(sn: str) -> str:
+    """Return the FastAPI download URL for the latest stable firmware for this device's hw_type."""
+    from firmware.service import get_latest
+    item = get_device_by_sn(sn)
+    hw_type = item.hw_type.lower()
+    latest = get_latest(hw_type, "stable")
+    # download_url is a relative path like /api/firmware/vs/stable/1.4.2/firmware.bin
+    return latest.download_url