Skip to content

v1.5.3

Release date: 2026-04-19

v1.5.3 is the research-and-booth hardening release.

This release turns the work that happened after the SBC launch into a more complete SDK story: reproducible study tooling, EUCYS-ready result packaging inside the SDK, a Maker Faire-ready Raspberry Pi booth flow, a more complete UNO Q bridge path, and a deeper security hardening pass across cloud imports, exported CSVs, and the live patient dashboard.

Highlights

1. Scientific study engine and richer benchmark reporting

The SDK now has a reusable study engine instead of a narrow preset-only fair workflow.

Key additions:

  • generic iints run-study
  • iints run-eucys-study kept as a compatibility wrapper
  • richer iints study-protocol bundles with:
  • study_design.json
  • study_matrix.csv
  • algorithms.json
  • expanded study summaries with:
  • by_algorithm
  • by_profile
  • by_arm
  • by_scenario
  • safety_summary
  • pairwise_baseline_deltas
  • stronger comparison and poster generation for baseline-vs-candidate analysis

This makes the SDK feel much more like a real benchmarking platform instead of a loose pile of analysis scripts.

2. EUCYS-ready result packaging inside the SDK

The SDK can now assemble a competition-ready results bundle directly from a study folder:

iints eucys-results results/eucys_study

The generated bundle includes:

  • EUCYS_SUMMARY.md
  • EUCYS_RESULTS_TABLE.csv
  • EUCYS_FIGURE_MANIFEST.json
  • EUCYS_REPRODUCIBILITY_BUNDLE.json
  • EUCYS_ABSTRACT_DRAFT.md
  • EUCYS_ABSTRACT_FILLED.md
  • EUCYS_MAIN_FIGURE.png
  • EUCYS_MAIN_FIGURE.csv
  • packaged protocol, comparison, and arm-level artifacts

This keeps the research workflow reproducible while still making it easy to extract poster- and jury-facing assets.

3. Maker Faire Pi mode is now a real product path

The Raspberry Pi booth path is now much stronger and simpler:

iints edge setup --output-dir iints_pi_demo --board raspberry_pi --scenario-profile expo_hot_start
cd iints_pi_demo
iints makerfaire up --project-dir .

New Maker Faire support includes:

  • iints makerfaire up
  • iints makerfaire autostart
  • iints makerfaire watchdog
  • generated project files such as:
  • start_makerfaire_patient.sh
  • install_makerfaire_autostart.sh
  • run_makerfaire_watchdog.sh
  • MAKERFAIRE_START.md
  • MAKERFAIRE_AUTOSTART.md
  • MAKERFAIRE_CHECKLIST.md

This means the Pi can now act as a stand-alone “physical virtual patient” booth rig, with the UNO Q kept as an optional physical indicator layer instead of a required part of the base flow.

4. Stronger autostart and booth recovery

The generated Raspberry Pi project now includes:

  • a systemd patient service
  • a desktop autostart entry for opening the kiosk after login
  • a watchdog service/timer that can bring the booth runtime back if it drops

That gives the SDK a much better story for real event conditions:

  • power interruptions
  • browser closure
  • runtime stalls
  • quick recovery between visitors

5. Hardened kiosk launch for real booths

The generated Maker Faire kiosk launcher now prefers a more show-safe browser path:

  • Chromium / Chrome in kiosk mode when available
  • Firefox kiosk mode as fallback
  • plain xdg-open only as a last fallback

It also now:

  • disables common first-run and restore prompts
  • suppresses session-crash bubbles
  • reduces background browser noise
  • disables screen blanking / DPMS when possible
  • keeps a dedicated kiosk browser profile

This makes the Pi booth flow much less fragile in practice.

6. UNO Q path is more complete

The UNO Q edge story is now much more coherent:

  • clearer UNO Q setup docs
  • visual quick-path onboarding
  • stronger bridge ACK handling
  • full edge CLI path for:
  • setup
  • bridge flash
  • bridge test
  • bridge run
  • better docs for what successful bridge behavior actually looks like on the board

The UNO Q remains an optional hybrid hardware layer, but it is no longer documented like a half-finished side note.

Security hardening

v1.5.3 continues the recent security sweep and closes several practical gaps.

Cloud import URL validation

Nightscout and Tidepool client configuration is now stricter:

  • only http or https base URLs are allowed
  • embedded credentials in URLs are rejected
  • query / fragment components are rejected for base URLs
  • non-local http endpoints are blocked in favor of https

This reduces the chance of accidentally feeding unsafe or ambiguous endpoints into cloud import paths.

Live patient dashboard response hardening

The FastAPI live patient dashboard now emits stronger security headers:

  • Cache-Control: no-store
  • Pragma: no-cache
  • Referrer-Policy: no-referrer
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • a stricter Content-Security-Policy

This matters especially when token-protected kiosk or dashboard URLs are used in a browser during demos.

CSV formula-injection protection

Exported study and competition CSV artifacts are now sanitized against spreadsheet-formula injection in user-controlled string cells.

This protection now covers key research-facing outputs such as:

  • study_matrix.csv
  • EUCYS main-figure CSV output
  • evidence-table CSV output
  • baseline comparison CSV output

That makes it safer to open result files in spreadsheet tools without unexpectedly executing formula-like payloads from labels or algorithm names.

Earlier hardening that is now part of the public SDK story

The recent release line also already added:

  • safer ZIP dataset extraction
  • fail-closed verification behavior for public datasets without pinned hashes
  • safer secret sourcing through env/file options for cloud imports
  • stronger remote API exposure guards for the live patient runtime

v1.5.3 builds on that line rather than treating security as a one-off patch.

What changed under the hood

Added

  • study engine structures and reusable study-matrix generation
  • EUCYS results packaging helpers and main-figure generation
  • Maker Faire Pi watchdog + autostart artifacts
  • dedicated Maker Faire checklist docs
  • CSV-safety helpers for exported research artifacts
  • shared cloud base-URL validation helper

Improved

  • analysis summaries and comparison outputs now surface more subgroup detail
  • poster generation is richer when study-level data is available
  • UNO Q docs and bridge flow are more realistic and less brittle
  • edge doctor and edge setup flows are clearer for non-expert makers
  • package/workflow smoke checks are stronger for installed-wheel edge paths

Why this release matters

Before v1.5.3, the SDK had already become much better at edge deployment, but the story still split into separate pieces:

  • one story for edge hardware
  • one story for research benchmarking
  • one story for booth demos
  • one story for security fixes

With v1.5.3, those pieces fit together much more cleanly:

  • the SDK can define and run reproducible study bundles
  • the results can be packaged for scientific competitions and poster work
  • the Raspberry Pi booth path can be run, auto-started, and recovered more reliably
  • exported public artifacts are safer to consume
  • cloud and dashboard boundaries are stricter by default

That makes the SDK feel more like a coherent platform and less like a set of advanced internal workflows.

Upgrade

Workstation:

python -m pip install -U "iints-sdk-python35[full,mdmp]==1.5.3"

SBC / edge device:

python -m pip install -U "iints-sdk-python35[edge,mdmp]==1.5.3"