Your hardware fleet,
under command.
Supervictor deploys, monitors, and sustains connected devices — with a cryptographic identity for every unit, a live dashboard for every site, and one command from bare board to reporting device.
Signal path — live
| Device | FW | Last uplink | State |
|---|---|---|---|
| factory-01 | 0.1.0 | 2s ago | fresh |
| factory-02 | 0.1.0 | 11s ago | fresh |
| warehouse-07 | 0.0.9 | 46m ago | stale |
| lab-bench-3 | — | 3h ago | dark |
Fleets don't fail loudly. They go quiet.
The silent dropout
A sensor stops reporting on a Friday. Nobody notices until the
month-end report has a hole in it. Supervictor classifies every
device fresh / stale / dark continuously and raises the
dark ones before your customer does.
The password spreadsheet
Shared API keys in a wiki, one leak away from a fleet-wide incident. Here every device carries its own X.509 certificate — mutual TLS on every request, revocable per unit, no shared secrets anywhere.
The mystery firmware
Which units still run the version with the bug? Every uplink reports its firmware build, so the dashboard answers in one glance — the question every recall, patch, and audit starts with.
Deploy. Monitor. Sustain.
- One-command onboarding — issue the certificate, register the device, flash the firmware, verify the first handshake. One step, repeatable per unit.
- Certificate authority built in — device, server, and operator credentials from a single managed root; browser bundles for your team included.
- Runs where you run — the same service binary deploys serverless on AWS or on a $5/month box on your own network. No lock-in decision on day one.
- Live fleet dashboard — telemetry streams in as it happens; freshness badges triage the fleet at a glance. Try the demo →
- Machine-readable health — the same fleet view as JSON, for your alerting, your scripts, your ops tooling.
- Dark-device watchdog — a device that goes quiet past its threshold is logged, flagged, and ready to page you.
- Firmware accountability — every unit reports what it runs; version drift is visible the moment it exists.
- Revoke and reactivate — device misbehaving or decommissioned? One click flips its status; its certificate stops working with it.
- Audit trail — every operator action is logged with the operator's certificate identity. Who did what is never a mystery.
Security spec
| Transport | Mutual TLS 1.2/1.3 on every connection, device-to-cloud and operator-to-dashboard. There is no unauthenticated surface. |
|---|---|
| Device identity | Per-device X.509 client certificate signed by your CA. No shared keys, no passwords, revocable per unit. |
| Operator access | Dashboard and fleet API require operator certificates with an admin role encoded in the certificate itself — spoof-resistant, parsed component-wise. |
| Actions | All fleet mutations are CSRF-protected and audit-logged with the acting operator's identity; log output is injection-sanitized. |
| Blast-radius controls | API throttling and compute concurrency caps are set explicitly — a runaway client can't melt the bill or the service. |
| Memory safety | 100% Rust from device firmware to cloud handler — the class of memory-corruption CVEs that dominates embedded security simply isn't in the codebase. Dependencies are audited weekly. |
One binary, laptop to cloud
DEVICE (ESP32-C3, no_std Rust)
│
├──mTLS──► AWS API Gateway ──► Lambda ──► DynamoDB serverless
│
└──mTLS──► Caddy ──► service on your hardware ──► SQLite self-hosted
│
├── /ui live dashboard (admin mTLS)
├── /fleet health API for your tooling
└── watchdog dark-device alerting
The same wire types compile into the firmware and the cloud service —
change a field and the compiler finds every affected line on both
sides before anything ships. That's the practical meaning of
one language, register to database: fleet bugs get caught
at build time, not at 2 AM.
Put your fleet on the board.
Watch the live dashboard demo, or talk to us about a pilot for your devices.