Deployment Guide

From unboxing to live data
in under two hours.

Follow this guide to provision your MNEMOS gateways, install the Vigil Field App on your deployment device, register probes over PDP, and verify your first measurements in the Vigil dashboard.

Start Deployment → Open Field App ↗
1
Prerequisites
2
Gateway Setup
3
Field App
4
Probe Registration
5
Dashboard
6
Alerts & Go Live
1
Prerequisites

Gather hardware, prepare your network, and spin up the Vigil backend before physical installation begins.

Hardware checklist

  • One or more MNEMOS Gateway units (or any MQTT-capable device running the MNEMOS gateway firmware).
  • PDP-compatible probe(s) — any sensor with TEDS EEPROM or a supported legacy adapter.
  • A deployment laptop or tablet running the Vigil Field App.
  • Network access: gateways need outbound MQTT/TLS (port 8883) or local MQTT (port 1883) to the Vigil broker.

Software prerequisites

  • Docker and Docker Compose (for the Vigil backend stack).
  • Python 3.10+ (for the Field App and CLI tools).
  • A Continuis Labs account with an organisation provisioned.

Network requirements

  • Gateways require TCP egress on port 8883 (MQTT-TLS) or 1883 (local, non-production).
  • The Field App requires line-of-sight Wi-Fi or Ethernet to the gateway for initial QR scan and configuration push.
  • The Vigil API server requires HTTPS (port 443) inbound from gateways, or use the included Caddy reverse-proxy.
# Start the full Vigil backend stack git clone https://github.com/continuislabs/vigil cd vigil # Copy and edit environment variables cp .env.example .env # Set SECRET_KEY, POSTGRES_PASSWORD, MQTT_PASSWORD, SITE_URL docker compose up -d # Services: timescaledb, redis, mosquitto, vigil-api, vigil-worker # Confirm all services are healthy docker compose ps
Supported deployment targets
Docker Compose (on-premises)Live
Kubernetes (Helm chart)Q3 2026
Continuis Cloud (managed)Q4 2026
AWS / GCP / Azure Marketplace2027
2
Gateway provisioning

Issue a bearer token for each gateway, configure MQTT credentials, and perform the PDP JOIN handshake.

Each physical gateway authenticates with a per-device bearer token. The plaintext is shown exactly once at creation — store it immediately in your secrets manager or flash it directly to the firmware before closing this terminal.

The gateway token is bound to the gateway's hardware_id on first JOIN_REQUEST, so pre-provisioning is possible before hardware arrives. Simply omit --hardware-id and the gateway self-registers on its first call.

MQTT configuration

Broker host
your-vigil-host.local (or public FQDN)
Port (TLS)
8883
Port (local)
1883
Client ID
gw-{hardware_id} (must be unique)
Username
gateway
Password
{MQTT_PASSWORD from .env}
Ingest topic
mnemos/ingest/{hardware_id}
Command topic
mnemos/cmd/{hardware_id}
1
Issue a gateway token
python manage.py issue_gateway_token \ --org acme-corp \ --name "Site A — Press Hall #1" \ --hardware-id AA:BB:CC:DD:EE:01 ✓ Gateway token created Token: gw_k7HqXm2…vN8pA ← store now!
2
Flash token to firmware or gateway config
# In gateway config.json or firmware NVS: { "vigil_host": "vigil.acme-corp.local", "vigil_token": "gw_k7HqXm2…vN8pA", "mqtt_host": "vigil.acme-corp.local", "mqtt_port": 8883 }
3
Power on gateway — it self-joins
# Gateway firmware calls automatically: POST /api/v1/pdp/gateway/join/ Authorization: Bearer gw_k7HqXm2…vN8pA → 201 Created — device record provisioned
4
Verify in dashboard
curl -s http://localhost:8000/api/v1/devices/ \ -H "Authorization: Bearer {dashboard_token}" \ | python -m json.tool | grep hardware_id "hardware_id": "AA:BB:CC:DD:EE:01", "is_online": true
3
Vigil Field App

The Field App runs on any laptop or tablet with Python. Use it on-site to scan device QR codes, review manufacturing data, and push configuration to new nodes — no dashboard access needed from the factory floor.

The Field App is a lightweight local server that exposes a mobile-optimised web interface at http://localhost:7654. Open it on your tablet and scan device QR codes to instantly pull manufacturing data, firmware version, calibration records, and probe-specific tutorial videos.

What the Field App does

  • Scan gateway or probe QR codes to identify hardware instantly.
  • Pull manufacturing records and QC status from the Vigil API.
  • View probe-specific tutorial videos and wiring diagrams.
  • Push site labels, location coordinates, and group assignments.
  • Confirm live measurement flow and alert configuration before leaving site.
  • Offline mode: caches device data for use in RF-shielded environments.

Network connectivity

The Field App requires HTTPS access to the Vigil API server. On-premises deployments should ensure the deployment laptop can reach the API over the local network. For airgapped sites, a read-only snapshot can be pre-loaded before entering the facility.

Vigil Field App
Local deployment assistant · v0.9.0
Python 3.10+ FastAPI + Jinja2 Offline-capable Mobile-optimised
Open Field App (localhost:7654) Installation instructions View source on GitHub
# Install the Field App cd vigil/PDP/field-app pip install -r requirements.txt # Configure (edit field_app/.env) PLATFORM_URL=http://your-vigil-host:8000 PLATFORM_API_KEY=your-dashboard-api-key # Run the field server uvicorn field_app.main:app --port 7654 --host 0.0.0.0 # Open in browser on the same machine: http://localhost:7654 # Or from tablet on same Wi-Fi: http://192.168.1.x:7654
4
Probe registration

When a PDP-compatible probe is attached, the gateway reads its TEDS EEPROM and automatically registers each sensing channel with Vigil — binding probes to quantities without any manual configuration.

The Peripheral Detection Protocol (PDP) defines a five-phase handshake between probe and gateway. After physical attachment and mutual authentication, the gateway reads the probe's TEDS EEPROM — 2 KB of identity, calibration, and channel metadata stored in an AT24C16 on the probe PCB.

This EEPROM data is forwarded to the Vigil platform via the probe register endpoint, which automatically creates DeviceBinding records — linking each physical channel to a quantity (temperature, vibration, pressure, etc.) and assigning the correct sample-rate tier.

The gateway then receives a list of binding IDs in the response. These UUIDs are used in every subsequent ingest payload, routing each measurement to the correct database tier and alert rule evaluation queue.

Manual registration (fallback)

For legacy sensors without TEDS, the Field App provides a manual probe wizard — select probe type, map channels to quantities, and submit. The resulting binding IDs are written to a QR code sticker for future maintenance reference.

# Gateway firmware calls this automatically after EEPROM read. # For testing, you can call it directly: curl -X POST http://vigil/api/v1/pdp/probe/ \ -H "Authorization: Bearer gw_k7HqXm2…vN8pA" \ -H "Content-Type: application/json" \ -d '{ "probe_hardware_id": "PB-SN-00142", "pdp_type_id": "continuis.vibration.3axis.v2", "name": "Bearing Monitor — Press #3", "channels": [ {"channel": 0, "quantity_slug": "vibration-x", "role": "sensor", "sample_rate_tier": "high"}, {"channel": 1, "quantity_slug": "vibration-y", "role": "sensor", "sample_rate_tier": "high"}, {"channel": 2, "quantity_slug": "vibration-z", "role": "sensor", "sample_rate_tier": "high"}, {"channel": 3, "quantity_slug": "temperature", "role": "sensor", "sample_rate_tier": "low"} ] }'
# Response — save binding_ids to firmware/NVRAM for ingest payloads { "device_id": "a3f2…", "probe_hardware_id": "PB-SN-00142", "bindings": [ { "binding_id": "b1d4…", "channel": 0, "quantity_slug": "vibration-x" }, { "binding_id": "c7e9…", "channel": 1, "quantity_slug": "vibration-y" }, { "binding_id": "d0f1…", "channel": 2, "quantity_slug": "vibration-z" }, { "binding_id": "e2a7…", "channel": 3, "quantity_slug": "temperature" } ] }
5
Dashboard onboarding

Once measurements are flowing, complete device metadata, verify the live chart, and organise into sites and groups within the Vigil dashboard.

Send your first ingest payload

curl -X POST http://vigil/api/v1/ingest/ \ -H "Authorization: Bearer gw_k7HqXm2…vN8pA" \ -H "Content-Type: application/json" \ -d '{ "hardware_id": "AA:BB:CC:DD:EE:01", "measurements": [ { "binding_id": "b1d4…", "timestamp": "2026-04-13T10:00:00Z", "value": 0.032, "quality": 0 }, { "binding_id": "e2a7…", "timestamp": "2026-04-13T10:00:00Z", "value": 54.2, "quality": 0 } ] }'

Complete device setup in the dashboard

  • Navigate to Devices → [your device] and set a human-readable display name.
  • Assign the device to a Site for geographic grouping and map view.
  • Set AI Context — a free-text description of what this node monitors and why; used by Argus (the AI assistant) for anomaly narration and alert summarisation.
  • Confirm all bindings appear in the Channels tab with correct quantity labels and units.
  • Check the Live Chart to verify data is flowing with the correct range and sample rate.
Dashboard checklist
6
Configure alerts & go live

Set up alert rules, connect notification channels, define escalation policies, and confirm delivery before declaring the deployment complete.

Alert rule types

  • Threshold Above / Below — fires when a value crosses a fixed limit. Most common: bearing temperature > 85 °C.
  • Rate of Change — detects sudden shifts within a configurable window. Ideal for detecting pressure spikes or rapid motor speed changes.
  • Statistical Anomaly — z-score against a rolling 7-day baseline. No threshold needed — learns normal behaviour automatically.
  • Absence — fires when a device stops reporting for longer than the configured window. Essential for detecting network or power faults.
  • Deviation from Baseline — percentage drift from a weekly rolling average. Ideal for long-term equipment degradation tracking.

Notification channels

  • Email — HTML formatted with embedded chart image, one-click acknowledge link.
  • SMS — via Twilio, for critical alerts requiring immediate attention.
  • Slack — webhook-based, with colour-coded severity attachment cards.
  • Telegram — bot API with chart photo attachment.
  • Outbound Webhook — HMAC-SHA256 signed JSON payload to any endpoint.
Escalation policy example
{ "immediate": [ { "type": "group", "id": "on-call-uuid" } ], "escalate_after_minutes": 15, "escalate_to": [ { "type": "user", "id": "manager-uuid" } ], "re_notify_interval_minutes": 60, "auto_resolve_after_minutes": 240 }

Deployment complete

Once alerts are configured and a test event confirms delivery, your deployment is complete. Document the gateway token IDs and binding IDs in your asset management system for future maintenance.

Troubleshooting

Common issues.

The JOIN request succeeded (device record exists) but no ingest payload has been received yet. Power-cycle the gateway and confirm the MQTT credentials and broker address in firmware config. Check Docker logs: docker compose logs vigil-api | grep ingest.
The gateway token has either expired, been deactivated, or the is_active flag was cleared by an admin. Issue a new token via python manage.py issue_gateway_token and update the gateway firmware config.
The quantity slug in your probe registration payload does not exist in the Vigil quantity registry. Check available slugs via GET /api/v1/quantities/ and ensure the slug matches exactly (case-sensitive, hyphenated). If the quantity you need is missing, create it via the API or admin interface.
Verify the PLATFORM_URL in field_app/.env points to the correct host and port. Ensure the deployment laptop and Vigil server are on the same network segment. For HTTPS, confirm the TLS certificate is valid or the CA is trusted by the laptop's OS.
Check the time range in the dashboard — new deployments often have a very short history. Also verify the device_latest_values table has entries for the binding IDs (run GET /api/v1/devices/{id}/measurements/latest/). If absent, the ingest UPSERT failed silently — check the vigil-api container logs for SQL errors.
Confirm Celery workers are running: docker compose ps vigil-worker. Check worker logs for SMTP/webhook errors. Verify the NotificationChannel is_enabled and the alert rule has a RuleNotificationMapping pointing to it. Use the test alert management command to fire a synthetic event: python manage.py test_alerts.
Developer Docs → Read the White Papers