feat: add packet authenticity policy setting#1261
Conversation
|
@RCGV1 is attempting to deploy a commit to the Meshtastic Team on Vercel. A member of the Team first needs to authorize it. |
|
@coderabbitai review |
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughAdds configurable packet authenticity policies to the protobuf schema, security validation and persistence flow, and web settings UI. The UI supports capability gating, translated policy descriptions, strict-mode confirmation, and associated component, hook, schema, and persistence tests. ChangesPacket Authenticity Configuration
Estimated code review effort: 4 (Complex) | ~45 minutes Sequence Diagram(s)sequenceDiagram
participant Security
participant PacketAuthenticityPolicyField
participant usePacketAuthenticityConfirmation
participant PacketAuthenticityStrictDialog
Security->>PacketAuthenticityPolicyField: Render policy selector and capability state
PacketAuthenticityPolicyField->>usePacketAuthenticityConfirmation: Validate selected policy
usePacketAuthenticityConfirmation->>PacketAuthenticityStrictDialog: Open dialog for STRICT
PacketAuthenticityStrictDialog-->>usePacketAuthenticityConfirmation: Confirm or cancel selection
usePacketAuthenticityConfirmation-->>PacketAuthenticityPolicyField: Resolve policy validation
PacketAuthenticityPolicyField-->>Security: Submit selected packet signature policy
Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
Comment |
✅ Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
apps/web/src/components/PageComponents/Settings/Security/usePacketAuthenticityConfirmation.ts (1)
3-3: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winConsider sourcing
STRICT_POLICY_KEYfrom the shared enum rather than a private literal.This string must stay in sync with whatever key format the policy selector/schema uses for the Strict value. Importing it from the protobuf-generated enum (or a shared constants module) would prevent silent drift if the source enum naming changes.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@apps/web/src/components/PageComponents/Settings/Security/usePacketAuthenticityConfirmation.ts` at line 3, The private literal used by STRICT_POLICY_KEY can drift from the policy selector’s canonical Strict value. Replace it with the corresponding protobuf-generated enum member or shared constant, update imports as needed, and keep consumers of STRICT_POLICY_KEY unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@apps/web/public/i18n/locales/en/dialog.json`:
- Around line 32-36: Update the packetAuthenticityStrict description in
dialog.json to retain the existing disappearing-node warning and explicitly add
that PKI-encrypted direct messages are outside this broadcast policy, while
authentication does not prove the content is truthful or fresh.
In `@packages/protobufs/meshtastic/mesh.proto`:
- Around line 2678-2683: Resolve the unused protobuf tag gap in DeviceMetadata:
either renumber has_xeddsa to field 13 if available, or explicitly declare tag
13 as reserved when it must remain unused.
---
Nitpick comments:
In
`@apps/web/src/components/PageComponents/Settings/Security/usePacketAuthenticityConfirmation.ts`:
- Line 3: The private literal used by STRICT_POLICY_KEY can drift from the
policy selector’s canonical Strict value. Replace it with the corresponding
protobuf-generated enum member or shared constant, update imports as needed, and
keep consumers of STRICT_POLICY_KEY unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 4ee48395-07c0-4f1f-b35c-fdfeb1390a2e
⛔ Files ignored due to path filters (3)
packages/protobufs/packages/ts/dist/meshtastic/config_pb.tsis excluded by!**/dist/**packages/protobufs/packages/ts/dist/meshtastic/mesh_pb.tsis excluded by!**/dist/**pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (17)
apps/web/public/i18n/locales/en/config.jsonapps/web/public/i18n/locales/en/dialog.jsonapps/web/src/components/Form/FormSelect.tsxapps/web/src/components/PageComponents/Settings/Security/PacketAuthenticityPolicyField.test.tsxapps/web/src/components/PageComponents/Settings/Security/PacketAuthenticityPolicyField.tsxapps/web/src/components/PageComponents/Settings/Security/PacketAuthenticityStrictDialog.test.tsxapps/web/src/components/PageComponents/Settings/Security/PacketAuthenticityStrictDialog.tsxapps/web/src/components/PageComponents/Settings/Security/Security.test.tsapps/web/src/components/PageComponents/Settings/Security/Security.tsxapps/web/src/components/PageComponents/Settings/Security/usePacketAuthenticityConfirmation.test.tsxapps/web/src/components/PageComponents/Settings/Security/usePacketAuthenticityConfirmation.tsapps/web/src/components/generic/Filter/useFilterNode.test.tsapps/web/src/validation/config/security.test.tsapps/web/src/validation/config/security.tspackages/protobufs/meshtastic/config.protopackages/protobufs/meshtastic/mesh.protopackages/sdk/package.json
323ec42 to
edf4cca
Compare
|
@coderabbitai review |
✅ Action performedReview finished.
|
Summary
Adds the Packet authenticity selector to Security settings for firmware that reports XEdDSA support.
The selector exposes the design-aligned receive policies in explicit product order:
Strict requires an explicit confirmation explaining that legacy unsigned nodes disappear and that authentication does not prove the truth or freshness of content such as positions.
Implementation
has_xeddsacapability to the local generated SDK surface pending protobuf publicationsetRadioSection("security", ...)Validation
oxlintpasses for the changed TypeScript filesoxfmtpasses for the changed TypeScript and localization filesHardware-connected browser verification is intentionally pending, so this PR remains a draft.
Depends on meshtastic/protobufs#983.
Closes #1260
Design: meshtastic/design#121
Summary by CodeRabbit