AWS AI / KVS Production Validation — 2026-05-17
1. HLS Cloud Storage Playback
| Field | Value |
|---|---|
| aoviseDeviceId | aovis-n4k-000001 |
| deviceId | cmp3hyo970000qm97c1foeybk |
| KVS stream | aovis-stream-aovis-n4k-000001 |
| Media duration | ~45 seconds |
| Write method | GStreamer kvssink via KVS C++ SDK |
| Playback page | /devices/aovis-n4k-000001/playback |
| Authentication | Web session (Google OAuth, [email protected]) |
Result: KVS media fragments → AOVIS stream API → HLS playback page → authenticated browser playback: PASS
2. Web Session Auth Fix (PR #2)
| Field | Value |
|---|---|
| Release commit | 38292e450028e6de29c56c969036ed21ad244b89 |
| Fix scope | /api/devices/[id]/stream previously accepted only App Bearer tokens; web session was rejected |
Result: Browser login session can now access HLS stream API: PASS
3. Daily Summary Controlled Test
| Field | Value |
|---|---|
| userId | cmne10rir000h8mwi8gvxvwqs |
| deviceId | cmp3hyo970000qm97c1foeybk |
| DailySummary row | cmp9w4ugz0001qma2dd5119nh |
| summaryDate | 2026-05-17 00:00:00 (America/New_York) |
| eventCount | 2 |
| summaryText | "Device aovis-n4k-000001 experienced an unknown event at 3:57 AM and a feature diagram notification at 4:04 AM." |
| pushSent | false |
| pushSentAt | null |
| Active PushToken + endpointArn count | 0 |
Result: Production CloudEvent → Bedrock Nova Lite (us.amazon.nova-lite-v1:0) → DailySummary upsert: PASS
4. S3 Sample Video AI Analysis
| Field | Value |
|---|---|
| Sample video | s3://aovis-video-storage/ai-lab/inputs/AOVIS_test_short_00002.mp4 |
| Model | us.amazon.nova-lite-v1:0 (us-east-1) |
| Summary | "A person walks past a small building at night." |
| ClassifyEventType | walking |
| Confidence | 0.9 |
| Input tokens | 2,391 |
| Output tokens | 37 |
| Total tokens | 2,428 |
| Test CloudEvent DB id | f06f08fc-6daa-4308-99b2-166f3026c865 |
| Test CloudEvent eventId | p3c-sample-video-20260517-00002 |
| Daily Summary dryRun | processed=1, pushSent=0, errors=[] |
Result: S3 sample video → Nova Lite video analysis → test CloudEvent → Daily Summary dryRun: PASS
5. Bedrock Bearer Token Cleanup (PR #3)
| Field | Value |
|---|---|
| Release commit | 253bcac0496626afd3d74f207be4e4e1286116a1 |
| Root cause | AWS_BEARER_TOKEN_BEDROCK env var residue — stale bearer token overrides SigV4 credentials, causing "Bearer Token has expired" |
| Fix | delete process.env.AWS_BEARER_TOKEN_BEDROCK before creating BedrockRuntimeClient in both lib/aws/bedrock.ts and lib/aws/bedrock-daily.ts |
Result: All Bedrock call paths now clear the stale bearer token: PASS
AWS Access Key Rotation
During investigation, the root account access key was accidentally printed. It was treated as exposed and rotated on 2026-05-17:
- Old key: deleted
- New key: created and verified via STS / S3 / Bedrock
- Key IDs and secrets are not recorded here
6. Test Data Note
p3c-sample-video-20260517-00002 is a test CloudEvent, not a real device event. Do not delete this record — it is retained for regression verification. Future cleanup (if needed) must be a scoped DB deletion with prior backup and confirmation.
7. Remaining Items
- Mobile app PushToken / SNS endpoint registration — not yet verified
- Hardware IPC camera real streaming — not yet verified
- WebRTC live view — readiness only, not validated end-to-end
- IoT Credentials Provider / Fleet Provisioning — pending ODM / hardware flow confirmation
- IAM access key rotation was performed post-hoc — the exposed key ID has been deleted