ZeroTrace AirLeak
Settings Reference
Every persistent firmware setting, its default, and its effect
This page documents the persistent settings in the AirLeak firmware. They live in a JSON document on the unit's LittleFS filesystem (/config.json) and are read / written over Bluetooth with the config.get / config.set RPCs (see RPC Reference). All keys and defaults below are from src/handlers/config.cpp.
You don't edit these by hand. The app's Settings tab maps the user-facing controls onto these keys; config.set rejects any key that isn't in the table below.
Device
| Key | Default | Meaning |
|---|---|---|
device_name | (empty) | Friendly name shown for the unit |
LED
| Key | Default | Meaning |
|---|---|---|
startup_led_color | blue | LED color at boot |
led_brightness | 50 | LED brightness, 0–255 (non-numeric or out-of-range values are rejected) |
led_mode_indicate | false | Tint the LED by current mode |
led_threat_indicate | false | Drive the LED from the threat indicator (alerts) |
Threat indicator
These tune the on-device threat-indicator LED that reacts to alerts (src/controllers/threat_indicator.*).
| Key | Default | Meaning |
|---|---|---|
threat_window_sec | 30 | Rolling window for counting alerts |
threat_yellow_count | 1 | Alerts in the window to go yellow |
threat_red_count | 3 | Alerts in the window to go red |
threat_red_rules | unknown_tracker_near | Rules that force red immediately |
threat_red_severity | 2 | Severity that forces red immediately |
threat_ignore_rules | (empty) | Rules the indicator ignores |
threat_flash_ms | 500 | Flash period (ms) |
Capture emit policy
These gate when a device change is "worth" pushing as a delta on the capture stream (spec §7.2). See Throttle & emit policy.
| Key | Default | Meaning |
|---|---|---|
rssi_delta_emit | 6 | Minimum RSSI-EMA move (dBm) to emit a delta |
sev_delta_emit | 5 | Minimum leakage-score move to emit a delta |
Recon
| Key | Default | Meaning |
|---|---|---|
always_recon | false | Bias the unit toward recon (stream-paused) behaviour |
TraceNet (swarm)
Off by default so a hub not running a swarm keeps its WiFi modem off, zero cost to BLE scan duty.
| Key | Default | Meaning |
|---|---|---|
swarm_enabled | false | Enable ESP-NOW swarm node support |
swarm_channel | 1 | ESP-NOW / WiFi channel shared by every node |
Read-only fields
config.get also returns fields you can't write, derived at read time:
| Field | Meaning |
|---|---|
product_name | AirLeak (or AirLeak Custom on custom-board builds) |
firmware_version | Firmware version string |
serial_number | ZT-<efuse MAC> |
storage / space_left | Filesystem capacity / free space |
What's NOT a setting
The BLE scan window/interval are fixed in sdkconfig.defaults, not runtime-tunable settings. There are no WiFi channel / dwell / USB-throttle settings (those were WiFi-era controls and were removed). The capture mode is persisted separately via mode.set (NVS), not in /config.json.
config.set writes to a sibling file and atomically renames it over the live config, so a power loss mid-write leaves the previous config intact.