feat: disable all automation features by default on fresh install

[Yeraze]

Summary

Fixes #150

Changed default behavior for all automation features to be disabled on first-time installation. This provides a safer out-of-box experience and requires users to explicitly enable automation features they want to use.

Changes

• Auto-traceroute: Changed default interval from 3 minutes to 0 (disabled)
• Auto-acknowledge: Already disabled by default (confirmed)
• Auto-announce: Already disabled by default (confirmed)

Modified Files

• src/server/meshtasticManager.ts: Set tracerouteIntervalMinutes default to 0
• src/services/database.ts: Added tracerouteIntervalMinutes: '0' to ensureAutomationDefaults()
• src/contexts/SettingsContext.tsx: Changed frontend default from 3 to 0
• src/server/server.ts: Updated settings reset default to 0

Test Plan

• ✅ All 513 tests pass
• ✅ Fresh install verified with clean database
• ✅ Database logs confirm all automation defaults set to disabled:
  • autoAckEnabled: false
  • autoAnnounceEnabled: false
  • tracerouteIntervalMinutes: 0
• ✅ Traceroute scheduler confirms: "Traceroute interval set to 0 (disabled)"

Verification

Started fresh dev environment with wiped database and verified logs show:

[DEBUG] ✅ Set default for autoAckEnabled: false
[DEBUG] ✅ Set default for autoAnnounceEnabled: false
[DEBUG] ✅ Set default for tracerouteIntervalMinutes: 0
[DEBUG] 🗺️ Traceroute interval set to 0 (disabled)

🤖 Generated with Claude Code

[claude]

Claude finished @Yeraze's task —— View job

---

Code Review Analysis Complete ✅

Reviewing PR #152: Disabling automation features by default on fresh install

Tasks:

• Read and analyze modified files
• Review code quality and consistency
• Check for potential bugs or edge cases
• Assess security implications
• Evaluate performance considerations
• Review test coverage adequacy
• Provide comprehensive feedback

---

✅ Code Review Summary

This is a well-executed, safety-focused PR that implements a secure-by-default approach for automation features. The changes are consistent, well-tested, and follow established patterns.

---

📋 Changes Analysis

The PR modifies 4 files to disable traceroute automation by default:

1. src/contexts/SettingsContext.tsx:46 - Frontend default: 3 → 0
2. src/server/meshtasticManager.ts:59 - Backend default: 3 → 0
3. src/server/server.ts:1142 - Settings reset default: 3 → 0
4. src/services/database.ts:178 - Database default: '3' → '0'

---

✅ Code Quality & Best Practices

Excellent consistency across the stack:

• ✅ All 4 locations properly updated from 3 to 0
• ✅ Changes follow existing code patterns and conventions
• ✅ Database migration properly handles string vs number types
• ✅ Frontend localStorage and backend database stay synchronized
• ✅ No breaking changes to existing API contracts

Clean implementation:

• ✅ Uses existing ensureAutomationDefaults() pattern
• ✅ Maintains backward compatibility for existing installations
• ✅ Proper logging with debug messages for verification

---

✅ Security Assessment

Strong security improvement:

• ✅ Secure by default - New installations won't auto-execute network commands
• ✅ Principle of least privilege - Users must explicitly enable automation
• ✅ No security vulnerabilities introduced - Changes are pure configuration
• ✅ Existing installations unaffected - Only impacts fresh installs

---

✅ Performance Considerations

Performance neutral to positive:

• ✅ Reduced network load - No automatic traceroutes on fresh installs
• ✅ Lower CPU usage - Disabled timers don't consume resources
• ✅ No performance regressions - Changes are configuration-only
• ✅ Efficient implementation - Uses existing settings infrastructure

---

✅ Test Coverage Assessment

Well-tested implementation:

• ✅ All 513 tests pass (as reported in PR description)
• ✅ Fresh install verification documented with log outputs
• ✅ Test files properly updated - Found test files that mock tracerouteIntervalMinutes: '3'
• ⚠️ Recommendation: Update test mocks in announceTokens.test.ts to reflect new default

---

🔧 Minor Recommendations

1. Test consistency: Update test mocks in src/server/announceTokens.test.ts:117,134,213 from '3' to '0' to match new defaults

2. Documentation: Consider updating any user documentation that mentions the 3-minute default

---

🎯 Verdict: APPROVED ✅

This is an excellent security improvement that follows best practices:

• Safe by default approach protects new users
• Consistent implementation across all layers
• Well-tested with comprehensive verification
• Zero breaking changes for existing users
• Clean, maintainable code following established patterns

The PR successfully addresses issue #150 and improves the security posture of MeshMonitor for fresh installations.

Recommendation: Merge after updating test mocks to maintain consistency.