supervictor
fleet nominal
SHT SV-00 · FLEET OPERATIONS PLATFORM

Your hardware fleet,
under command.

Supervictor deploys, monitors, and sustains connected devices — with a cryptographic identity for every unit, a live dashboard for every site, and one command from bare board to reporting device.

Signal path — live

Device
mTLS 1.3
Gateway
Cloud
You
DeviceFWLast uplinkState
factory-010.1.02s agofresh
factory-020.1.011s agofresh
warehouse-070.0.946m agostale
lab-bench-33h agodark
SHT SV-01

Fleets don't fail loudly. They go quiet.

FAULT / 01

The silent dropout

A sensor stops reporting on a Friday. Nobody notices until the month-end report has a hole in it. Supervictor classifies every device fresh / stale / dark continuously and raises the dark ones before your customer does.

FAULT / 02

The password spreadsheet

Shared API keys in a wiki, one leak away from a fleet-wide incident. Here every device carries its own X.509 certificate — mutual TLS on every request, revocable per unit, no shared secrets anywhere.

FAULT / 03

The mystery firmware

Which units still run the version with the bug? Every uplink reports its firmware build, so the dashboard answers in one glance — the question every recall, patch, and audit starts with.

SHT SV-02

Deploy. Monitor. Sustain.

Deploy PROVISION & IDENTITY
  • One-command onboarding — issue the certificate, register the device, flash the firmware, verify the first handshake. One step, repeatable per unit.
  • Certificate authority built in — device, server, and operator credentials from a single managed root; browser bundles for your team included.
  • Runs where you run — the same service binary deploys serverless on AWS or on a $5/month box on your own network. No lock-in decision on day one.
Monitor SEE EVERY UNIT
  • Live fleet dashboard — telemetry streams in as it happens; freshness badges triage the fleet at a glance. Try the demo →
  • Machine-readable health — the same fleet view as JSON, for your alerting, your scripts, your ops tooling.
  • Dark-device watchdog — a device that goes quiet past its threshold is logged, flagged, and ready to page you.
Sustain KEEP IT RUNNING
  • Firmware accountability — every unit reports what it runs; version drift is visible the moment it exists.
  • Revoke and reactivate — device misbehaving or decommissioned? One click flips its status; its certificate stops working with it.
  • Audit trail — every operator action is logged with the operator's certificate identity. Who did what is never a mystery.
SHT SV-03

Security spec

TransportMutual TLS 1.2/1.3 on every connection, device-to-cloud and operator-to-dashboard. There is no unauthenticated surface.
Device identityPer-device X.509 client certificate signed by your CA. No shared keys, no passwords, revocable per unit.
Operator accessDashboard and fleet API require operator certificates with an admin role encoded in the certificate itself — spoof-resistant, parsed component-wise.
ActionsAll fleet mutations are CSRF-protected and audit-logged with the acting operator's identity; log output is injection-sanitized.
Blast-radius controlsAPI throttling and compute concurrency caps are set explicitly — a runaway client can't melt the bill or the service.
Memory safety100% Rust from device firmware to cloud handler — the class of memory-corruption CVEs that dominates embedded security simply isn't in the codebase. Dependencies are audited weekly.
SHT SV-04

One binary, laptop to cloud

DEVICE (ESP32-C3, no_std Rust)
   │
   ├──mTLS──►  AWS API Gateway ──► Lambda ──► DynamoDB      serverless
   │
   └──mTLS──►  Caddy ──► service on your hardware ──► SQLite  self-hosted
                        │
                        ├── /ui      live dashboard (admin mTLS)
                        ├── /fleet   health API for your tooling
                        └── watchdog dark-device alerting

The same wire types compile into the firmware and the cloud service — change a field and the compiler finds every affected line on both sides before anything ships. That's the practical meaning of one language, register to database: fleet bugs get caught at build time, not at 2 AM.

1
command to onboard a device
0
passwords or shared keys
100%
Rust, firmware to cloud
2
deploy targets: AWS or yours

Put your fleet on the board.

Watch the live dashboard demo, or talk to us about a pilot for your devices.