Software Development Lifecycle

Oh My Ondas follows an iterative development process, open-source under GPL-3.0. The project targets two platforms in parallel: a web prototype (HTML/CSS/JS) for rapid iteration and an embedded firmware (C++/PlatformIO) for the final hardware instrument built on Teensy 4.1 + ESP32.

Development Workflow

  • Feature branches → pull request → code review → merge to main
  • Web prototype (HTML/CSS/JS) iterated in browser with live reload
  • Firmware (C++/PlatformIO) built for Teensy 4.1 + ESP32
  • Python utilities for audio processing tools

Versioning Policy

Semantic versioning: MAJOR.MINOR.PATCH

  • Major — breaking changes or architecture shifts
  • Minor — new features, capability additions
  • Patch — bug fixes, tweaks, sound adjustments

Current version: v2.5.2

Version tracked in: package.json, index.html, app.html, design.html, about.html, style.css, ise.html

CI/CD Pipeline

Automated workflows in .github/workflows/:

lint.yml
ESLint (JS) + flake8 (Python) on every push and pull request
test.yml
Puppeteer E2E tests with screenshot artifacts captured on failure
firmware.yml
PlatformIO matrix build targeting teensy41 and esp32
deploy.yml
GitHub Pages deployment from web/ on push to main
release.yml
Tag-triggered release with firmware binaries and web zip archive

Testing Strategy

End-to-end tests run via Puppeteer in headless Chrome. Screenshots are captured on failure for debugging.

  • 92 basic tests + 30 advanced tests + 8 workflow scenarios
  • Test categories: sequencer, sampler, performance, sync, UX

Current scores:

Category Score
UX 5/5
Sequencer 4/5
Sampler 3/4

Known gaps: keyboard shortcuts, pad latency (web limitation vs hardware target)

Security Testing

  • Content Security Policy headers for GitHub Pages
  • No user auth (client-side only app) — reduced attack surface
  • Web Audio API sandboxed in browser
  • GPS/mic permissions gated by browser permission model
  • Radio streams via CORS-proxied HTTPS
  • AI API calls (Claude) use ephemeral keys, no storage of credentials client-side
  • Dependency audit: npm audit in CI
  • No server-side code = no injection vectors (SQLi, command injection N/A)
  • XSS prevention: no dynamic innerHTML from user input

Validation Gates

  • Pre-merge: lint pass + E2E tests green
  • Pre-release: firmware builds for both targets
  • Audio latency <10ms (firmware)
  • Touch response <50ms
  • Boot time <30s
  • Web prototype: functional parity check against hardware spec
  • Manual validation: sound quality spot-check on pad/synth changes

Release Process

  • Version bump across all tracked files
  • Git tag v{MAJOR}.{MINOR}.{PATCH}
  • CI auto-builds firmware + packages web
  • GitHub Release created with changelog and binaries
  • GitHub Pages auto-deploys latest web/