dsc-itv2-client 1.0.7

package/src/examples/interactive-cli.js

@@ -0,0 +1,1033 @@
+/**
+ * DSC TL280R ITV2 Protocol Server
+ *
+ * This server handles the ITV2 protocol handshake and session management
+ * for DSC alarm panels using TL280R communicators.
+ */
+
+import dgram from 'dgram';
+import readline from 'readline';
+import { ITv2Session, CMD, CMD_NAMES } from '../itv2-session.js';
+import { parseType1Initializer, type2InitializerTransform } from '../itv2-crypto.js';
+import { EventHandler } from '../event-handler.js';
+import { parseZoneStatus, formatZoneStatus, parsePartitionStatus, formatPartitionStatus, parseCommandResponse, parseCommandError } from '../response-parsers.js';
+
+// Configuration
+const INTEGRATION_ID = process.env.INTEGRATION_ID || '123123123123';
+const ACCESS_CODE = process.env.ACCESS_CODE || '12345678';
+const MASTER_CODE = process.env.MASTER_CODE || '5555';
+const UDP_PORT = parseInt(process.env.UDP_PORT || '3073', 10);
+
+// Session tracking
+let session = null;
+let panelAddress = null;
+let panelPort = null;
+let detectedEncryptionType = null; // Set during handshake: 1 or 2
+let handshakeState = 'WAITING';
+let testCommandSent = false;
+
+// Event Handler for zone/partition state management
+const eventHandler = new EventHandler(log);
+
+// Register event listeners
+eventHandler.on('zone:status', (status) => {
+  console.log(`\n[EVENT] Zone ${status.zoneNumber} status update: ${status.open ? 'OPEN' : 'CLOSED'}`);
+});
+
+eventHandler.on('zone:alarm', (alarm) => {
+  console.log(`\n[EVENT] *** ZONE ${alarm.zoneNumber} ALARM! ***`);
+});
+
+eventHandler.on('partition:status', (status) => {
+  console.log(`\n[EVENT] Partition ${status.partitionNumber} status: ${status.armedStateName}`);
+});
+
+eventHandler.on('partition:change', (change) => {
+  console.log(`\n[EVENT] Partition ${change.partition} changed: ${change.previousState || 'UNKNOWN'} -> ${change.newState}`);
+});
+
+// UDP Server
+const server = dgram.createSocket('udp4');
+
+function log(msg) {
+  console.log(`[${new Date().toISOString()}] ${msg}`);
+}
+
+function hexDump(buffer, prefix = '') {
+  const lines = [];
+  for (let i = 0; i < buffer.length; i += 16) {
+    const slice = buffer.slice(i, Math.min(i + 16, buffer.length));
+    const hex = Array.from(slice).map(b => b.toString(16).padStart(2, '0').toUpperCase()).join(' ');
+    const ascii = Array.from(slice).map(b => (b >= 32 && b <= 126) ? String.fromCharCode(b) : '.').join('');
+    lines.push(`${prefix}${i.toString(16).padStart(4, '0')}  ${hex.padEnd(48)}  |${ascii}|`);
+  }
+  console.log(lines.join('\n'));
+}
+
+function sendPacket(packet) {
+  if (!panelAddress || !panelPort) {
+    log('[Error] No panel address/port set');
+    return;
+  }
+  log(`\n[UDP] TX to ${panelAddress}:${panelPort} (${packet.length} bytes)`);
+  hexDump(packet);
+  server.send(packet, panelPort, panelAddress);
+}
+
+function sendTestZoneQuery() {
+  if (testCommandSent) return;
+  testCommandSent = true;
+
+  log('\n[Test] Session is stable, authenticating first...');
+  const authPayload = Buffer.from(MASTER_CODE.padStart(6, '0').slice(0, 6), 'ascii');
+  const authPacket = session.buildCommand(CMD.ACCESS_LEVEL_ENTER, authPayload);
+  sendPacket(authPacket);
+
+  // Wait for authentication to complete, then query system info
+  setTimeout(() => {
+    log('\n[Test] Sending SYSTEM_CAPABILITIES query...');
+    const capQuery = session.buildSystemCapabilitiesRequest();
+    sendPacket(capQuery);
+
+    setTimeout(() => {
+      log('\n[Test] Sending SOFTWARE_VERSION query...');
+      const verQuery = session.buildCommand(CMD.SOFTWARE_VERSION);
+      sendPacket(verQuery);
+    }, 2000);
+
+    setTimeout(() => {
+      log('\n[Test] Sending PANEL_STATUS query...');
+      const panelQuery = session.buildCommand(CMD.PANEL_STATUS);
+      sendPacket(panelQuery);
+    }, 4000);
+
+    setTimeout(() => {
+      log('\n[Test] Sending BUFFER_SIZES query...');
+      const bufferQuery = session.buildCommand(CMD.BUFFER_SIZES);
+      sendPacket(bufferQuery);
+    }, 6000);
+  }, 2000);
+}
+
+function handleSystemResponse(cmdName, parsed) {
+  const data = parsed.commandData;
+  log(`\n[${cmdName} Response] Received data`);
+
+  console.log(`\n========================================`);
+  console.log(`${cmdName} RESPONSE`);
+  console.log(`========================================`);
+  if (data && data.length > 0) {
+    console.log(`Data (${data.length} bytes):`);
+    console.log(`  HEX: ${data.toString('hex').toUpperCase()}`);
+    console.log(`  ASCII: ${Array.from(data).map(b => (b >= 32 && b <= 126) ? String.fromCharCode(b) : '.').join('')}`);
+    console.log(`  Bytes: [${Array.from(data).join(', ')}]`);
+  } else {
+    console.log(`No data returned`);
+  }
+  console.log(`========================================\n`);
+
+  // Send ACK
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleGlobalStatusResponse(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Global Status] Received global status data`);
+
+  console.log(`\n========================================`);
+  console.log(`GLOBAL STATUS RESPONSE`);
+  console.log(`========================================`);
+
+  if (data && data.length > 0) {
+    console.log(`Raw data (${data.length} bytes): ${data.toString('hex').toUpperCase()}`);
+
+    // Global status may contain partition and zone summary info
+    // Format depends on what the panel sends
+    // For now, display raw hex and let user interpret
+    console.log(`\nData breakdown:`);
+    for (let i = 0; i < data.length; i++) {
+      console.log(`  Byte ${i}: 0x${data[i].toString(16).padStart(2, '0').toUpperCase()} (${data[i]})`);
+    }
+  } else {
+    console.log(`No data returned`);
+  }
+  console.log(`========================================\n`);
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleZoneStatusResponse(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Zone Status] Received zone status data`);
+
+  if (data && data.length >= 3) {
+    const zoneNum = data.readUInt16BE(0);
+    const statusByte = data[2];
+
+    // Parse using new parser
+    const status = parseZoneStatus(statusByte);
+    status.zoneNumber = zoneNum;
+
+    // Also update EventHandler for internal tracking
+    eventHandler.handleZoneStatus(zoneNum, statusByte);
+
+    console.log(`\n========================================`);
+    console.log(`ZONE STATUS for Zone ${zoneNum}`);
+    console.log(`========================================`);
+    console.log(`Status Byte: 0x${statusByte.toString(16).padStart(2, '0').toUpperCase()}`);
+    console.log(`  Open:           ${status.open ? 'YES' : 'NO'}`);
+    console.log(`  Tamper:         ${status.tamper ? 'YES' : 'NO'}`);
+    console.log(`  Fault:          ${status.fault ? 'YES' : 'NO'}`);
+    console.log(`  Low Battery:    ${status.lowBattery ? 'YES' : 'NO'}`);
+    console.log(`  Delinquency:    ${status.delinquency ? 'YES' : 'NO'}`);
+    console.log(`  Alarm:          ${status.alarm ? 'YES' : 'NO'}`);
+    console.log(`  Alarm Memory:   ${status.alarmInMemory ? 'YES' : 'NO'}`);
+    console.log(`  Bypassed:       ${status.bypassed ? 'YES' : 'NO'}`);
+    console.log(`\n${formatZoneStatus(status)}`);
+    console.log(`========================================\n`);
+  }
+
+  // Send ACK
+  sendPacket(session.buildSimpleAck());
+}
+
+function handlePartitionStatusResponse(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Partition Status] Received partition status data`);
+
+  if (data && data.length >= 3) {
+    const partitionNum = data.readUInt16BE(0);
+    const statusBytes = data.slice(2);
+
+    // Parse using new parser
+    const status = parsePartitionStatus(statusBytes);
+    status.partitionNumber = partitionNum;
+
+    console.log(`\n========================================`);
+    console.log(`PARTITION STATUS for Partition ${partitionNum}`);
+    console.log(`========================================`);
+    console.log(`Status Bytes: ${statusBytes.toString('hex').toUpperCase()}`);
+    console.log(`  Armed State:    ${status.armedState}`);
+    console.log(`  Ready:          ${status.ready ? 'YES' : 'NO'}`);
+    console.log(`  Alarm:          ${status.alarm ? 'YES' : 'NO'}`);
+    console.log(`  Trouble:        ${status.trouble ? 'YES' : 'NO'}`);
+    console.log(`  Bypass Active:  ${status.bypass ? 'YES' : 'NO'}`);
+    console.log(`  Busy:           ${status.busy ? 'YES' : 'NO'}`);
+    console.log(`  Alarm Memory:   ${status.alarmMemory ? 'YES' : 'NO'}`);
+    console.log(`  Audible Bell:   ${status.audibleBell ? 'YES' : 'NO'}`);
+    console.log(`  Buzzer:         ${status.buzzer ? 'YES' : 'NO'}`);
+    console.log(`\n${formatPartitionStatus(status)}`);
+    console.log(`========================================\n`);
+  }
+
+  // Send ACK
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleZoneAlarmNotification(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Zone Alarm] Received zone alarm notification`);
+
+  if (data && data.length >= 3) {
+    const zoneNum = data.readUInt16BE(0);
+    const alarmType = data[2];
+
+    eventHandler.handleZoneAlarm(zoneNum, alarmType);
+
+    console.log(`\n========================================`);
+    console.log(`*** ZONE ALARM ***`);
+    console.log(`Zone: ${zoneNum}`);
+    console.log(`Alarm Type: ${alarmType}`);
+    console.log(`========================================\n`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleLifestyleZoneNotification(parsed) {
+  const data = parsed.commandData;
+
+  if (data && data.length >= 2) {
+    const zoneNum = data[0];  // Zone number (single byte for 0x0210)
+    const status = data[1];   // 0=Closed, 1=Closed, 2=Open (based on SDK output)
+
+    const statusText = status === 0 ? 'CLOSED' : (status === 1 ? 'CLOSED' : 'OPEN');
+
+    console.log(`\n[Zone ${zoneNum}] ${statusText}`);
+    log(`[Lifestyle Zone] Zone ${zoneNum}: ${statusText} (status byte: ${status})`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleTimeDateNotification(parsed) {
+  const data = parsed.commandData;
+
+  if (data && data.length >= 5) {
+    // Parse date/time from payload
+    log(`[Time/Date] Received time/date broadcast: ${data.toString('hex')}`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handlePartitionArmingNotification(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Partition Arming] Received partition arming notification`);
+
+  if (data && data.length >= 3) {
+    const partitionNum = data.readUInt16BE(0);
+    const armedState = data[2];
+
+    const status = eventHandler.handlePartitionArming(partitionNum, armedState);
+
+    console.log(`\n========================================`);
+    console.log(`PARTITION ARMING NOTIFICATION`);
+    console.log(`Partition: ${partitionNum}`);
+    console.log(`State: ${status.armedStateName}`);
+    console.log(`Armed: ${status.isArmed ? 'YES' : 'NO'}`);
+    console.log(`In Delay: ${status.inDelay ? 'YES' : 'NO'}`);
+    console.log(`========================================\n`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handlePartitionReadyNotification(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Partition Ready] Received partition ready notification`);
+
+  if (data && data.length >= 3) {
+    const partitionNum = data.readUInt16BE(0);
+    const isReady = data[2] !== 0;
+
+    eventHandler.handlePartitionReady(partitionNum, isReady);
+
+    console.log(`\n========================================`);
+    console.log(`PARTITION READY NOTIFICATION`);
+    console.log(`Partition: ${partitionNum}`);
+    console.log(`Ready: ${isReady ? 'YES' : 'NO'}`);
+    console.log(`========================================\n`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handlePartitionTroubleNotification(parsed) {
+  const data = parsed.commandData;
+  log(`\n[Partition Trouble] Received partition trouble notification`);
+
+  if (data && data.length >= 3) {
+    const partitionNum = data.readUInt16BE(0);
+    const troubleFlags = data[2];
+
+    eventHandler.handlePartitionTrouble(partitionNum, troubleFlags);
+
+    console.log(`\n========================================`);
+    console.log(`PARTITION TROUBLE NOTIFICATION`);
+    console.log(`Partition: ${partitionNum}`);
+    console.log(`Trouble Flags: 0x${troubleFlags.toString(16).padStart(2, '0')}`);
+    console.log(`========================================\n`);
+  }
+
+  sendPacket(session.buildSimpleAck());
+}
+
+function handleOpenSession(parsed) {
+  // OPEN_SESSION does NOT have an app sequence - the "appSequence" field is actually the device type
+  // Re-parse: [sender][receiver][cmd 2B][device_type][payload...]
+  // parsed.appSequence is actually the device type (first payload byte)
+  // parsed.commandData starts at the second payload byte
+
+  const deviceType = parsed.appSequence;  // This is actually the device type, not app seq
+  const data = parsed.commandData;
+
+  if (deviceType !== undefined && data && data.length >= 13) {
+    // Reconstruct full payload: [deviceType] + [rest of data]
+    const fullPayload = Buffer.concat([Buffer.from([deviceType]), data]);
+
+    const deviceId = fullPayload.slice(1, 3).toString('hex');
+    const firmware = fullPayload.slice(3, 5).toString('hex');
+    const protocol = fullPayload.slice(5, 7).toString('hex');
+    const txBuffer = fullPayload.readUInt16BE(7);
+    const rxBuffer = fullPayload.readUInt16BE(9);
+    const encType = fullPayload[13];
+
+    log(`[Session] OPEN_SESSION received:`);
+    log(`  Device Type: ${deviceType}`);
+    log(`  Device ID: ${deviceId}`);
+    log(`  Firmware: ${firmware}`);
+    log(`  Protocol: ${protocol}`);
+    log(`  TX Buffer: ${txBuffer}`);
+    log(`  RX Buffer: ${rxBuffer}`);
+    log(`  Encryption Type: ${encType}`);
+
+    // Reset session if panel is starting a new handshake
+    if (handshakeState !== 'WAITING' && handshakeState !== 'SENT_CMD_RESPONSE_1') {
+      log(`[Session] Panel restarting handshake (was in state ${handshakeState}), resetting session`);
+      session = new ITv2Session(INTEGRATION_ID, ACCESS_CODE, log);
+      testCommandSent = false;
+    }
+
+    session.remoteOpenSession = fullPayload;
+    log(`[Handshake] Panel advertises encryption Type ${encType}`);
+
+    // Respond with COMMAND_RESPONSE success
+    // SDK shows: COMMAND_RESPONSE echoes the first byte (device type) from OPEN_SESSION
+    log(`[Handshake] Sending COMMAND_RESPONSE success (echoing device type ${deviceType})`);
+    const response = session.buildCommandResponseWithAppSeq(deviceType, 0x00);
+    sendPacket(response);
+    handshakeState = 'SENT_CMD_RESPONSE_1';
+  }
+}
+
+function handleRequestAccess(parsed) {
+  const data = parsed.commandData;
+  log(`[Handshake] Got panel's REQUEST_ACCESS`);
+
+  // If already established, just ACK and ignore the retry
+  if (handshakeState === 'ESTABLISHED') {
+    log(`[Handshake] Session already established, ACKing panel's REQUEST_ACCESS retry`);
+    sendPacket(session.buildSimpleAck());
+    return;
+  }
+
+  if (data && data.length > 0) {
+    const initializerLength = data[0];
+    const initializer = data.slice(1);
+
+    log(`[Handshake] Processing panel's REQUEST_ACCESS (panel goes first)`);
+    log(`[Handshake] Panel initializer (${initializer.length} bytes): ${initializer.toString('hex')}`);
+
+    if (initializer.length === 48) {
+      // Type 1 encryption
+      detectedEncryptionType = 1;
+      log(`[Handshake] Encryption Type 1 (based on initializer length)`);
+      log(`[Handshake] Type 1: Parsing 48-byte initializer from panel`);
+      log(`[Handshake] Using access code: ${ACCESS_CODE}, integration ID: ${INTEGRATION_ID}`);
+
+      try {
+        const sendKey = parseType1Initializer(ACCESS_CODE, initializer, INTEGRATION_ID);
+        log(`[Handshake] Type 1 SEND key derived: ${sendKey.toString('hex')}`);
+
+        // Store the SEND key for later (after handshake completes)
+        // Based on SDK trace: ALL handshake frames are PLAINTEXT
+        session.derivedSendKey = sendKey;
+        log(`[Handshake] SEND key stored (will enable after handshake): ${sendKey.toString('hex')}`);
+
+        // Send PLAINTEXT COMMAND_RESPONSE (echoing the app sequence from REQUEST_ACCESS)
+        // SDK trace shows: 08 03 02 05 02 66 00 9B A9 (plaintext)
+        log(`[Handshake] Sending PLAINTEXT COMMAND_RESPONSE to panel's REQUEST_ACCESS`);
+        const appSeq = parsed.appSequence;  // Echo the app sequence from the request
+        const response = session.buildCommandResponseWithAppSeq(appSeq, 0x00);
+        sendPacket(response);
+
+        // Wait for panel to ACK our COMMAND_RESPONSE before sending our REQUEST_ACCESS
+        // Sending back-to-back was causing the panel to reset
+        handshakeState = 'WAITING_TO_SEND_REQUEST_ACCESS';
+        log(`[Handshake] Waiting for ACK before sending our REQUEST_ACCESS`);
+      } catch (err) {
+        log(`[Handshake] Error parsing Type 1 initializer: ${err.message}`);
+      }
+    } else if (initializer.length === 16) {
+      // Type 2 encryption
+      detectedEncryptionType = 2;
+      log(`[Handshake] Encryption Type 2 (based on initializer length)`);
+      log(`[Handshake] Type 2: Parsing 16-byte initializer from panel`);
+
+      try {
+        // Expand access code to 32 hex if it's 8 digits
+        let accessCode32 = ACCESS_CODE;
+        if (accessCode32.length === 8) {
+          accessCode32 = accessCode32 + accessCode32 + accessCode32 + accessCode32;
+        }
+
+        const sendKey = type2InitializerTransform(accessCode32, initializer);
+        log(`[Handshake] Type 2 SEND key derived: ${sendKey.toString('hex')}`);
+
+        session.derivedSendKey = sendKey;
+        log(`[Handshake] SEND key stored (will enable after handshake): ${sendKey.toString('hex')}`);
+
+        // Send PLAINTEXT COMMAND_RESPONSE
+        log(`[Handshake] Sending PLAINTEXT COMMAND_RESPONSE to panel's REQUEST_ACCESS`);
+        const appSeq = parsed.appSequence;
+        const response = session.buildCommandResponseWithAppSeq(appSeq, 0x00);
+        sendPacket(response);
+
+        handshakeState = 'WAITING_TO_SEND_REQUEST_ACCESS';
+        log(`[Handshake] Waiting for ACK before sending our REQUEST_ACCESS`);
+      } catch (err) {
+        log(`[Handshake] Error parsing Type 2 initializer: ${err.message}`);
+      }
+    }
+  }
+}
+
+function handleSimpleAck(parsed) {
+  const ackSeq = parsed.receiverSequence;
+  log(`[Handshake] Got ACK ${ackSeq}, state=${handshakeState}`);
+
+  if (handshakeState === 'SENT_CMD_RESPONSE_1') {
+    // Send our OPEN_SESSION (PLAINTEXT)
+    log(`[Handshake] Got ACK 1, sending our OPEN_SESSION`);
+    // SDK trace shows OPEN_SESSION payload does NOT have AppSeq prefix for server->panel direction
+    // SDK packet: 15 02 00 06 0A 01 80 00 00 02 01 02 41 02 00 02 00 00 01 01 A7 4B
+    // Payload starts with DeviceType=0x01, NOT ApplicationSequenceNumber
+    const openSessionPayload = Buffer.from([
+      0x01,             // Device Type (0x01 = server, vs 0x02 for panel)
+      0x80, 0x00,       // Device ID (our ID)
+      0x00, 0x02,       // Firmware version (0.2)
+      0x01, 0x02,       // Protocol version
+      0x41, 0x02,       // TX Buffer (little-endian 0x0241 = 577)
+      0x00, 0x02,       // RX Buffer (little-endian 0x0200 = 512)
+      0x00, 0x00,       // Future/reserved
+      0x01,             // Encryption Type (1 = Type 1)
+      0x01,             // Extra byte (matches SDK exactly)
+    ]);
+    const packet = session.buildOpenSessionResponse(openSessionPayload);
+    sendPacket(packet);
+    handshakeState = 'SENT_OPEN_SESSION';
+  } else if (handshakeState === 'WAITING_TO_SEND_REQUEST_ACCESS') {
+    // Panel ACKed our COMMAND_RESPONSE to their REQUEST_ACCESS
+    // Now send our REQUEST_ACCESS
+    log(`[Handshake] Got ACK, now sending our REQUEST_ACCESS`);
+    // Enable encryption with the SEND key derived from panel's initializer
+    session.sendAesActive = true;
+    session.sendAesKey = session.derivedSendKey;
+    log(`[Handshake] Encrypting REQUEST_ACCESS with SEND key: ${session.sendAesKey?.toString('hex')}`);
+
+    // Build REQUEST_ACCESS based on detected encryption type
+    let reqAccessPacket;
+    if (detectedEncryptionType === 2) {
+      log(`[Handshake] Using Type 2 REQUEST_ACCESS`);
+      reqAccessPacket = session.buildRequestAccessType2();
+    } else {
+      log(`[Handshake] Using Type 1 REQUEST_ACCESS`);
+      reqAccessPacket = session.buildRequestAccessType1();
+    }
+
+    log(`[Handshake] Pending receive key stored: ${session.pendingReceiveKey?.toString('hex')}`);
+    sendPacket(reqAccessPacket);
+
+    // Enable receive encryption immediately - panel will respond with encrypted COMMAND_RESPONSE
+    session.receiveAesActive = true;
+    session.receiveAesKey = session.pendingReceiveKey;
+    log(`[Handshake] Enabled receive encryption with RECV key: ${session.receiveAesKey?.toString('hex')}`);
+
+    handshakeState = 'SENT_REQUEST_ACCESS';
+  } else if (handshakeState === 'SENT_REQUEST_ACCESS') {
+    // Panel ACKed our REQUEST_ACCESS - session is established!
+    handshakeState = 'ESTABLISHED';
+    log(`[Handshake] *** SESSION ESTABLISHED ***`);
+    log(`[Handshake] Derived SEND key: ${session.derivedSendKey?.toString('hex')}`);
+    log(`[Handshake] Pending RECV key: ${session.pendingReceiveKey?.toString('hex')}`);
+
+    // NOW enable encryption for post-handshake communication
+    if (session.derivedSendKey) {
+      session.enableSendAes(session.derivedSendKey);
+      log(`[Handshake] SEND AES now enabled: ${session.derivedSendKey.toString('hex')}`);
+    }
+    if (session.pendingReceiveKey) {
+      session.enableReceiveAes(session.pendingReceiveKey);
+      log(`[Handshake] RECV AES now enabled: ${session.pendingReceiveKey.toString('hex')}`);
+    }
+
+    console.log(`\n[Ready] Session established!`);
+    console.log(`  SEND key: ${session.derivedSendKey?.toString('hex')}`);
+    console.log(`  RECV key: ${session.pendingReceiveKey?.toString('hex')}`);
+    console.log(`  Commands: z (zone status), p (partition), g (global), auth (authenticate)\n`);
+  }
+}
+
+function handleCommandResponse(parsed) {
+  const data = parsed.commandData;
+  // COMMAND_RESPONSE payload format: [echoed_byte, response_code]
+  // Note: parseHeader treats byte 4 as appSequence, which for COMMAND_RESPONSE is actually the echoed byte
+  const appSeqAsEcho = parsed.appSequence;  // This is actually the echoed byte from our request
+  const echoedByte = data && data.length >= 1 ? data[0] : (appSeqAsEcho !== undefined ? appSeqAsEcho : 0xFF);
+  const responseCode = data && data.length >= 1 ? data[0] : 0xFF;
+  log(`[Handshake] Got COMMAND_RESPONSE (echoed app_seq: ${appSeqAsEcho}, response_code: ${responseCode}), sending ACK`);
+
+  const ack = session.buildSimpleAck();
+  sendPacket(ack);
+
+  if (handshakeState === 'SENT_OPEN_SESSION') {
+    // Just waiting for panel's REQUEST_ACCESS now
+    handshakeState = 'WAITING_REQUEST_ACCESS';
+  } else if (handshakeState === 'SENT_REQUEST_ACCESS') {
+    // Session established!
+    handshakeState = 'ESTABLISHED';
+    log(`[Handshake] *** SESSION ESTABLISHED ***`);
+    log(`[Handshake] Derived SEND key: ${session.derivedSendKey?.toString('hex')}`);
+    log(`[Handshake] Pending RECV key: ${session.pendingReceiveKey?.toString('hex')}`);
+
+    // NOW enable send encryption for post-handshake commands
+    if (session.derivedSendKey) {
+      session.enableSendAes(session.derivedSendKey);
+      log(`[Handshake] Send AES ENABLED with key: ${session.derivedSendKey.toString('hex')}`);
+    }
+
+    // Enable receive AES decryption in case panel encrypts responses
+    if (session.pendingReceiveKey) {
+      session.enableReceiveAes(session.pendingReceiveKey);
+      log(`[Handshake] Receive AES ENABLED with key: ${session.pendingReceiveKey.toString('hex')}`);
+    }
+
+    console.log(`\n[Ready] Session established (Type ${detectedEncryptionType || 1} encryption)`);
+    console.log(`  SEND key: ${session.derivedSendKey?.toString('hex')}`);
+    console.log(`  RECV key: ${session.pendingReceiveKey?.toString('hex')}`);
+    console.log(`  Commands: z (zone status), p (partition), g (global), auth (authenticate)\n`);
+
+    // Wait for session to stabilize, then send test zone query
+    // setTimeout(() => {
+    //   sendTestZoneQuery();
+    // }, 3000);
+  }
+}
+
+function handleCommandError(parsed) {
+  const errorData = parsed.commandData;
+  log(`[Handshake] Received COMMAND_ERROR response`);
+  if (errorData) {
+    log(`[Handshake] Error data: ${errorData.toString('hex')}`);
+  }
+
+  // Send ACK anyway
+  const ack = session.buildSimpleAck();
+  sendPacket(ack);
+
+  if (handshakeState === 'SENT_REQUEST_ACCESS') {
+    // Session established despite error (we have keys)
+    handshakeState = 'ESTABLISHED';
+    log(`[Handshake] *** SESSION ESTABLISHED (despite error response) ***`);
+    log(`[Handshake] Derived SEND key: ${session.derivedSendKey?.toString('hex')}`);
+    log(`[Handshake] Pending RECV key: ${session.pendingReceiveKey?.toString('hex')}`);
+    console.log(`\n[Ready] Session established! (frames remain plaintext per SDK analysis)`);
+    console.log(`  Commands: z (zone status), p (partition), g (global), auth (authenticate)\n`);
+
+    // Wait for session to stabilize, then send test zone query
+    // setTimeout(() => {
+    //   sendTestZoneQuery();
+    // }, 3000);
+  }
+}
+
+server.on('message', (msg, rinfo) => {
+  log(`\n[UDP] RX from ${rinfo.address}:${rinfo.port} (${msg.length} bytes)`);
+  hexDump(msg);
+
+  // Track panel address
+  if (!panelAddress || panelAddress !== rinfo.address) {
+    panelAddress = rinfo.address;
+    panelPort = rinfo.port;
+    log(`[Session] Creating new session for ${panelAddress}`);
+    session = new ITv2Session(INTEGRATION_ID, ACCESS_CODE, log);
+    handshakeState = 'WAITING';
+    testCommandSent = false;
+  }
+
+  try {
+    const parsed = session.parsePacket(msg);
+
+    log(`[Packet] Integration ID: ${parsed.integrationId}`);
+    log(`[Packet] Sender Seq: ${parsed.senderSequence}, Receiver Seq: ${parsed.receiverSequence}`);
+
+    const cmdName = CMD_NAMES[parsed.command] || `0x${parsed.command?.toString(16)}`;
+    log(`[Packet] Command: ${cmdName}`);
+
+    if (parsed.appSequence !== undefined) {
+      log(`[Packet] App Seq: ${parsed.appSequence}`);
+    }
+    if (parsed.commandData && parsed.commandData.length > 0) {
+      log(`[Packet] Data (${parsed.commandData.length} bytes): ${parsed.commandData.toString('hex').toUpperCase().match(/.{2}/g).join(' ')}`);
+    }
+
+    // Handle by command
+    // Note: ACK packets have no command field (null), treat as SIMPLE_ACK
+    const cmd = parsed.command;
+
+    if (cmd === null || cmd === undefined || cmd === CMD.SIMPLE_ACK) {
+      handleSimpleAck(parsed);
+      return;
+    }
+
+    switch (cmd) {
+      case CMD.OPEN_SESSION:
+        handleOpenSession(parsed);
+        break;
+      case CMD.REQUEST_ACCESS:
+        handleRequestAccess(parsed);
+        break;
+      case CMD.COMMAND_RESPONSE:
+        handleCommandResponse(parsed);
+        break;
+      case CMD.COMMAND_ERROR:
+        handleCommandError(parsed);
+        break;
+      case CMD.POLL:
+        log(`[Session] Got POLL, sending ACK`);
+        sendPacket(session.buildSimpleAck());
+        break;
+      case CMD.ZONE_STATUS:
+        handleZoneStatusResponse(parsed);
+        break;
+      case CMD.PARTITION_STATUS:
+        handlePartitionStatusResponse(parsed);
+        break;
+      case CMD.GLOBAL_STATUS:
+        handleGlobalStatusResponse(parsed);
+        break;
+      case CMD.SYSTEM_CAPABILITIES:
+        handleSystemResponse('SYSTEM_CAPABILITIES', parsed);
+        break;
+      case CMD.SOFTWARE_VERSION:
+        handleSystemResponse('SOFTWARE_VERSION', parsed);
+        break;
+      case CMD.PANEL_STATUS:
+        handleSystemResponse('PANEL_STATUS', parsed);
+        break;
+      case CMD.BUFFER_SIZES:
+        handleSystemResponse('BUFFER_SIZES', parsed);
+        break;
+      // Notification events from panel
+      case CMD.NOTIFICATION_ARMING:
+        handlePartitionArmingNotification(parsed);
+        break;
+      case CMD.NOTIFICATION_PARTITION_READY:
+        handlePartitionReadyNotification(parsed);
+        break;
+      case CMD.NOTIFICATION_PARTITION_TROUBLE:
+        handlePartitionTroubleNotification(parsed);
+        break;
+      case CMD.ZONE_ALARM_STATUS:
+        handleZoneAlarmNotification(parsed);
+        break;
+      case CMD.LIFESTYLE_ZONE_STATUS:
+        handleLifestyleZoneNotification(parsed);
+        break;
+      case CMD.TIME_DATE_BROADCAST:
+        handleTimeDateNotification(parsed);
+        break;
+      case CMD.GENERAL_NOTIFICATION:
+      case CMD.DATA_UPDATE_NOTIFICATION:
+        log(`[Notification] Received ${CMD_NAMES[cmd] || cmd} notification`);
+        if (parsed.commandData) {
+          log(`[Notification] Data: ${parsed.commandData.toString('hex')}`);
+        }
+        sendPacket(session.buildSimpleAck());
+        break;
+      default:
+        if (handshakeState === 'ESTABLISHED') {
+          log(`[Session] Handling command ${CMD_NAMES[cmd] || '0x' + cmd.toString(16)} in established session`);
+          // Send ACK for unhandled commands
+          sendPacket(session.buildSimpleAck());
+        }
+        break;
+    }
+  } catch (err) {
+    log(`[Error] ${err.message}`);
+
+    // If we get a parse error, the panel might be sending encrypted data from a stale session
+    // Reset our state and wait for panel to timeout and restart with plaintext OPEN_SESSION
+    if (handshakeState !== 'WAITING') {
+      log(`[Recovery] Parse error during handshake state '${handshakeState}', resetting to wait for panel restart`);
+      handshakeState = 'WAITING';
+      session = new ITv2Session(INTEGRATION_ID, ACCESS_CODE, log);
+      log(`[Recovery] Session reset. Waiting for panel to timeout and send plaintext OPEN_SESSION...`);
+    } else {
+      log(`[Recovery] Ignoring unparseable packet, waiting for plaintext OPEN_SESSION...`);
+    }
+  }
+});
+
+server.on('listening', () => {
+  const addr = server.address();
+  log(`[UDP] Server listening on ${addr.address}:${addr.port}`);
+});
+
+server.on('error', (err) => {
+  log(`[UDP] Server error: ${err.message}`);
+  server.close();
+});
+
+// Interactive command handling
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+});
+
+rl.on('line', (line) => {
+  const [cmd, ...args] = line.trim().split(/\s+/);
+
+  if (!session || handshakeState !== 'ESTABLISHED') {
+    console.log('[Error] Session not established');
+    return;
+  }
+
+  switch (cmd) {
+    case 'auth': {
+      const code = args[0] || MASTER_CODE;
+      const partition = parseInt(args[1] || '1', 10);
+      log(`[Command] Authenticating with code ${code} on partition ${partition}`);
+      const packet = session.buildAccessLevelEnter(code, partition, 0, 'bcd');
+      sendPacket(packet);
+      break;
+    }
+
+    // ============ Arm/Disarm Commands ============
+    case 'arm': {
+      const partition = parseInt(args[0] || '1', 10);
+      const mode = parseInt(args[1] || '1', 10); // 0=stay, 1=away, 2=no-entry, 3=force
+      const code = args[2] || MASTER_CODE;
+
+      const modeNames = ['STAY', 'AWAY', 'NO_ENTRY', 'FORCE'];
+      log(`[Command] Arming partition ${partition} in ${modeNames[mode] || mode} mode`);
+      const packet = session.buildPartitionArm(partition, mode, code);
+      sendPacket(packet);
+      break;
+    }
+    case 'disarm': {
+      const partition = parseInt(args[0] || '1', 10);
+      const code = args[1] || MASTER_CODE;
+
+      log(`[Command] Disarming partition ${partition}`);
+      const packet = session.buildPartitionDisarm(partition, code);
+      sendPacket(packet);
+      break;
+    }
+    case 'stay': {
+      // Shortcut for arm stay
+      const partition = parseInt(args[0] || '1', 10);
+      const code = args[1] || MASTER_CODE;
+
+      log(`[Command] Arming partition ${partition} in STAY mode`);
+      const packet = session.buildPartitionArm(partition, 0, code);
+      sendPacket(packet);
+      break;
+    }
+    case 'away': {
+      // Shortcut for arm away
+      const partition = parseInt(args[0] || '1', 10);
+      const code = args[1] || MASTER_CODE;
+
+      log(`[Command] Arming partition ${partition} in AWAY mode`);
+      const packet = session.buildPartitionArm(partition, 1, code);
+      sendPacket(packet);
+      break;
+    }
+
+    // ============ Status Display Commands ============
+    case 'zones': {
+      // Show all zones with status from EventHandler
+      const zones = eventHandler.getAllZones();
+      console.log(`\n========================================`);
+      console.log(`ALL ZONES (${zones.length} with status)`);
+      console.log(`========================================`);
+      if (zones.length === 0) {
+        console.log('  No zone status received yet');
+        console.log('  (Open/close a zone to trigger notification)');
+      } else {
+        zones.forEach(z => {
+          const flags = [];
+          if (z.open) flags.push('OPEN');
+          if (z.bypassed) flags.push('BYPASSED');
+          if (z.alarm) flags.push('ALARM');
+          if (z.trouble) flags.push('TROUBLE');
+          if (z.tamper) flags.push('TAMPER');
+          console.log(`  Zone ${z.zoneNumber}: ${flags.length > 0 ? flags.join(', ') : 'OK/CLOSED'}`);
+        });
+      }
+      console.log(`========================================\n`);
+      break;
+    }
+    case 'partitions': {
+      // Show all partitions with status from EventHandler
+      const partitions = eventHandler.getAllPartitions();
+      console.log(`\n========================================`);
+      console.log(`ALL PARTITIONS (${partitions.length} with status)`);
+      console.log(`========================================`);
+      if (partitions.length === 0) {
+        console.log('  No partition status received yet');
+        console.log('  (Arm/disarm to trigger notification)');
+      } else {
+        partitions.forEach(p => {
+          console.log(`  Partition ${p.partitionNumber}: ${p.armedStateName || 'UNKNOWN'} ${p.ready ? '[READY]' : '[NOT READY]'}`);
+        });
+      }
+      console.log(`========================================\n`);
+      break;
+    }
+    case 'status': {
+      // Show complete system status
+      eventHandler.printStatus();
+      break;
+    }
+
+    // ============ Query Commands ============
+    case 'p': {
+      const partition = parseInt(args[0] || '1', 10);
+      log(`[Command] Querying partition ${partition} status`);
+      const packet = session.buildPartitionStatusRequest(partition);
+      sendPacket(packet);
+      break;
+    }
+    case 'z': {
+      const zone = parseInt(args[0] || '0', 10);
+      log(`[Command] Querying zone ${zone} status`);
+      const packet = session.buildZoneStatusRequest(zone);
+      sendPacket(packet);
+      break;
+    }
+    case 'g': {
+      log(`[Command] Querying global status`);
+      const packet = session.buildGlobalStatusRequest();
+      sendPacket(packet);
+      break;
+    }
+    case 't': {
+      log(`[Command] Querying trouble status`);
+      const packet = session.buildTroubleStatusRequest();
+      sendPacket(packet);
+      break;
+    }
+    case 'b': {
+      const zone = parseInt(args[0] || '0', 10);
+      log(`[Command] Querying zone ${zone} bypass status`);
+      const packet = session.buildZoneBypassStatusRequest(zone);
+      sendPacket(packet);
+      break;
+    }
+    case 'cap': {
+      log(`[Command] Requesting system capabilities`);
+      const packet = session.buildCommand(CMD.SYSTEM_CAPABILITIES);
+      sendPacket(packet);
+      break;
+    }
+    case 'poll': {
+      log(`[Command] Sending POLL/keepalive`);
+      const packet = session.buildPoll();
+      sendPacket(packet);
+      break;
+    }
+    case 'exit':
+    case 'quit': {
+      console.log('[Shutdown] Closing session...');
+      if (session && handshakeState === 'ESTABLISHED') {
+        try {
+          const endSessionPacket = session.buildEndSession();
+          sendPacket(endSessionPacket);
+          console.log('[Shutdown] END_SESSION sent to panel');
+        } catch (err) {
+          console.log(`[Shutdown] Error: ${err.message}`);
+        }
+      }
+      setTimeout(() => {
+        console.log('[Shutdown] Goodbye!');
+        process.exit(0);
+      }, 100);
+      break;
+    }
+    case 'help':
+      console.log(`
+Interactive Commands:
+
+  ARM/DISARM:
+    arm <part> <mode> [code]  - Arm partition (mode: 0=stay, 1=away, 2=no-entry, 3=force)
+    disarm <part> [code]      - Disarm partition
+    stay [part] [code]        - Shortcut: Arm partition in STAY mode
+    away [part] [code]        - Shortcut: Arm partition in AWAY mode
+
+  STATUS DISPLAY:
+    zones                     - Show all zones with current status
+    partitions                - Show all partitions with current status
+    status                    - Show complete system status summary
+
+  QUERY PANEL:
+    auth [code]               - Authenticate with access code (default=${MASTER_CODE})
+    p [n]                     - Query partition n status (default=1)
+    z [n]                     - Query zone n status (default=0=all)
+    g                         - Query global status
+    t                         - Query trouble status
+    b [n]                     - Query zone bypass status
+    cap                       - Request system capabilities
+    poll                      - Send poll/keepalive
+
+  OTHER:
+    help                      - Show this help
+
+Examples:
+    arm 1 0 5555             - Arm partition 1 in STAY mode with code 5555
+    arm 1 1                  - Arm partition 1 in AWAY mode with default code
+    disarm 1                 - Disarm partition 1 with default code
+    stay                     - Arm partition 1 in STAY mode
+    away                     - Arm partition 1 in AWAY mode
+    zones                    - Show current zone status
+    status                   - Show system summary
+`);
+      break;
+    default:
+      console.log(`[Error] Unknown command: ${cmd}. Type 'help' for available commands.`);
+  }
+});
+
+// Print banner
+console.log(`
+============================================================
+DSC TL280R ITV2 Protocol Server (Enhanced)
+============================================================
+
+Configuration:
+  Integration ID:    ${INTEGRATION_ID}
+  Access Code:       ${ACCESS_CODE}
+  Master Code:       ${MASTER_CODE}
+  UDP Port:          ${UDP_PORT}
+
+Set environment variables to override:
+  INTEGRATION_ID=${INTEGRATION_ID} ACCESS_CODE=12345678 MASTER_CODE=${MASTER_CODE} npm run server
+
+Interactive Commands (type when session established):
+
+  ARM/DISARM:
+    arm <part> <mode> [code]  - Arm partition (mode: 0=stay, 1=away)
+    disarm <part> [code]      - Disarm partition
+    stay [part] [code]        - Arm in STAY mode
+    away [part] [code]        - Arm in AWAY mode
+
+  STATUS:
+    zones                     - Show all zones with status
+    partitions                - Show all partitions with status
+    status                    - Show system status summary
+
+  QUERY:
+    z [n], p [n], g, t, b [n] - Query zone/partition/global/trouble/bypass
+    auth [code], cap, poll    - Authenticate/capabilities/keepalive
+
+  OTHER:
+    exit, quit                - Close session and exit gracefully
+
+  Type 'help' for full command list.
+
+Waiting for TL280R to connect...
+`);
+
+server.bind(UDP_PORT, '0.0.0.0');
+
+// Graceful shutdown handler
+process.on('SIGINT', () => {
+  console.log('\n\n[Shutdown] Closing session gracefully...');
+
+  if (session && handshakeState === 'ESTABLISHED') {
+    try {
+      const endSessionPacket = session.buildEndSession();
+      sendPacket(endSessionPacket);
+      console.log('[Shutdown] END_SESSION sent to panel');
+    } catch (err) {
+      console.log(`[Shutdown] Error sending END_SESSION: ${err.message}`);
+    }
+  }
+
+  setTimeout(() => {
+    console.log('[Shutdown] Goodbye!');
+    process.exit(0);
+  }, 100);
+});