Skip to main content

Operate

Running, securing, and maintaining a Heldar deployment. For getting a deployment up in the first place, start with Deploy.

The detailed operator and integrator guides currently live in the repository. Each link below opens the in-repo guide on GitHub:

  • Access Control
    • the plate-authorization entry engine, the vehicle/visitor/watchlist registry, the guard confirm/reject workflow, RBAC, and reports.
  • Movement
    • multi-signal cross-camera ReID candidates (human-reviewed) and restricted-zone breach incidents.
  • Search
    • deterministic query over stored event facts, with the natural-language plan as the single fallible step and a proof layer over every answer.
  • Observability
    • the health/metrics/events APIs, Prometheus exposition, the alert webhook, storage monitoring, and recording-gap reporting.
  • Remote Access
    • browser-based remote viewing over WebRTC, with NAT traversal handled by a signaling + TURN relay and the media stream end-to-end encrypted, plus an optional self-hosted network overlay for reaching a site behind CGNAT.
  • Production hardening
    • the security checklist for an internet-exposed deployment: required auth + TLS cookie, per-account login lockout, camera-credential encryption at rest, the fail-loud startup guardrails, and the rendezvous Worker secrets (including the optional Cloudflare Turnstile login challenge).
  • Sizing
    • capacity planning for cameras, storage, and the AI frame budget.
  • Commissioning
    • the checklist for bringing a new site online.

For the architecture behind these, see ARCHITECTURE.md and the Architecture overview.