MeshMonitor v4.7.0

Minor release. Two headline features, one revert.

MeshCore Remote Administration — a full CLI-over-encrypted-DM admin surface for distant MeshCore nodes (Repeaters / Room Servers), plus an in-app console for the locally connected device. Includes an encrypted password store with rotation detection, a typed-name confirmation modal for destructive commands enforced both client- and server-side, a structured ACL setperm form, command history, sessionStorage-backed transcript persistence, and a per-command audit log with a canary test that asserts the plaintext password never reaches any audit row or response body.

MQTT bridge topic rewriting — re-introduces the cross-mesh prefix-replacement feature from #3170 (briefly merged and reverted), with the configuration UI moved to the broker's edit modal so one dialog covers every bridge attached to that broker. The backend (applyTopicRewrite, publish-path integration, validator) is unchanged.

MQTT dashboard restored — reverts #3169's experimental per-source detail shell that replaced the full v4.6.6 dashboard (Channels / Telemetry / DMs / Map) with a thin Map + Settings tab pair. Broker and bridge sources fall through to the full Meshtastic dashboard again as in v4.6.6.

Features

MeshCore Remote Administration

• #3160 feat(meshcore): remote-administration console with encrypted credentials
• #3161 feat(meshcore): stats panel, quick-action buttons, danger-command guard
• #3162 feat(meshcore): local-device CLI console in Configuration view
• #3165 feat(meshcore): ACL setperm form, command history, internal docs
• #3167 feat(meshcore): persistent transcript + per-command audit log

MQTT

• #3173 feat(mqtt): bridge topic rewrites managed from broker settings (re-implementation of #3170 with broker-side UI)

Bug Fixes

• #3172 revert(mqtt): restore v4.6.6 per-source dashboard for broker and bridge — reverts #3169 + #3170. MQTT broker and bridge sources fall through to the full Meshtastic dashboard again with every original surface available.

Docs

• #3174 chore: bump version to 4.7.0 + changelog and docs — new docs/features/meshcore.md Remote Administration section, updated docs/features/mqtt-broker.md topic-rewriting section, new internal architecture doc docs/internal/dev-notes/MESHCORE_REMOTE_ADMIN.md, release blog post.

Upgrade Notes

• MeshCore Remote Administration is gated by a new per-source remote_admin permission. Admins automatically pass. Grant it to non-admin operators who should be able to run CLI commands against your Repeaters / Room Servers.
• Saved admin passwords require SESSION_SECRET to be explicitly configured (not auto-generated). The "Remember password" checkbox is disabled with a tooltip when SESSION_SECRET is ephemeral. Set SESSION_SECRET=$(openssl rand -hex 32) in your environment to enable credential persistence.
• Migration 070 adds a nullable adminCredential column to meshcore_nodes. Runs automatically on first boot.
• Topic-rewriting UI moved: if you configured topic rewrites in v4.6.6 (between the original #3170 merge and the revert), reopen the broker that owns the bridge and re-enter the rewrite rules under the new "Bridge topic rewrites" section in the broker edit modal.

Issues Resolved

• #3166 feat(mqtt): topic rewriting on mqtt_bridge for cross-mesh routing

Full Changelog: https://github.com/Yeraze/meshmonitor/compare/v4.6.6...v4.7.0