Skip to content

Add configurable packet authenticity settings#2066

Draft
RCGV1 wants to merge 1 commit into
meshtastic:mainfrom
RCGV1:codex/packet-auth-policy
Draft

Add configurable packet authenticity settings#2066
RCGV1 wants to merge 1 commit into
meshtastic:mainfrom
RCGV1:codex/packet-auth-policy

Conversation

@RCGV1

@RCGV1 RCGV1 commented Jul 9, 2026

Copy link
Copy Markdown
Member

What changed?

  • Added a native Security → Packet Authenticity selector for Compatible, Balanced, and Strict device policies.
  • Bound the control directly to SecurityConfig.packet_signature_policy, with Balanced as the default.
  • Added DeviceMetadata.has_xeddsa persistence and capability gating for unsupported/older firmware.
  • Added a Strict confirmation explaining older firmware, licensed/ham nodes, oversized traffic, and authenticated PKI direct messages.
  • Added localized copy, iPhone/iPad light/dark previews, persistence/save tests, generated protobuf updates, and user documentation.

Closes #2065. Coordinated by design#121.

Why did it change?

The packet authenticity policy is enforced by firmware, but every official client needs a consistent way to inspect and configure it. Apple platforms now use the same ordered values and compatibility warnings as Android/Desktop and Web, without adding an app-local message filter.

How is this tested?

  • Generated config.pb.swift and mesh.pb.swift typecheck against SwiftProtobuf.
  • All changed app/test Swift sources parse successfully.
  • Tests cover protobuf default/wire behavior, explicit UI order, capability states, Strict confirmation/cancel, real configuration upsert, and AccessoryManager send/persist behavior.
  • Localization catalog JSON and all 16 new localized keys validate.
  • User docs and the bundled 31-page documentation output regenerate exactly.
  • Independent diff review approved the draft.

Full Xcode execution is currently blocked before feature compilation by the upstream GzipSwift 7.0.0 manifest requiring Swift tools 6.3 while the installed Xcode provides Swift 6.2. This draft also depends on protobufs#983.

Screenshots/Videos (when applicable)

The source includes iPhone light/dark previews for supported policies and an unsupported iPad preview. Complete reviewed screenshots for all values, confirmation, and macOS remain pending alongside hardware configuration round-trip verification.

Checklist

  • My code adheres to the project's coding and style guidelines.
  • I have conducted a self-review of my code.
  • I have commented my code where the policy behavior is non-obvious.
  • I updated docs/user/settings.md and regenerated the in-app documentation bundle.
  • I have tested the change on Meshtastic hardware and across all Apple targets.

Keep this PR draft until the protobuf dependency, full Xcode test matrix, screenshots, and hardware verification are complete.

Summary by CodeRabbit

  • New Features

    • Added a new Packet Authenticity setting with Compatible, Balanced, and Strict options.
    • Added clearer guidance for when stricter packet protection is available and what happens when it isn’t.
  • Bug Fixes

    • Improved how device capability and security choices are saved and restored, so settings persist more reliably.
  • Documentation

    • Updated settings help text to explain packet authenticity behavior and added a new Mesh Beacon entry.

Expose firmware packet authenticity policy levels in Security settings, including capability gating and confirmation before Strict mode. Persist the policy and XEdDSA capability and regenerate the required Swift protobuf fields.
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Adds configurable Packet Authenticity policies, XEdDSA capability tracking, protobuf and persistence support, a gated Security settings UI with Strict confirmation, localization, documentation, and tests.

Changes

Packet Authenticity configuration

Layer / File(s) Summary
Protobuf policy and capability contracts
MeshtasticProtobufs/Sources/meshtastic/config.pb.swift, MeshtasticProtobufs/Sources/meshtastic/mesh.pb.swift
Adds PacketSignaturePolicy values and wire handling, plus the hasXeddsa_p device capability field.
Capability and policy persistence
Meshtastic/Model/..., Meshtastic/Helpers/MeshPackets.swift, Meshtastic/Persistence/...
Stores XEdDSA capability and packet signature policy values across metadata ingestion, backups, and security configuration upserts.
Security settings flow
Meshtastic/Views/Settings/Config/SecurityConfig.swift, Localizable.xcstrings
Adds policy selection, capability gating, Strict confirmation, change tracking, persistence wiring, previews, and localized copy.
Validation and user-facing documentation
MeshtasticTests/XEdDSASigningTests.swift, Meshtastic/Resources/docs/..., docs/user/settings.md
Tests serialization, state transitions, capability gating, and persistence; documents Packet Authenticity and Mesh Beacon settings.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant SecurityConfig
  participant Firmware
  participant SwiftData
  User->>SecurityConfig: Select protection level
  SecurityConfig->>SecurityConfig: Confirm Strict when required
  SecurityConfig->>Firmware: Save packetSignaturePolicy
  Firmware-->>SecurityConfig: Return security configuration
  SecurityConfig->>SwiftData: Persist policy and XEdDSA capability
Loading

Possibly related issues

  • meshtastic/device-ui issue 340 — Covers the same packet authenticity policy UI, enum, persistence, and tests.
  • meshtastic/Meshtastic-Android issue 6176 — Covers the corresponding policy UI, capability gating, and Strict confirmation flow.
  • meshtastic/web issue 1260 — Covers the same protobuf field and packet authenticity settings behavior.
  • meshtastic/protobufs issue 982 — Defines the packet signature policy schema and field 9.
  • meshtastic/firmware issue 10963 — Implements the corresponding firmware-facing policy and XEdDSA capability work.
  • meshtastic/design issue 121 — Specifies the configurable packet authenticity policy and confirmation behavior.
  • meshtastic/standalone-ui issue 39 — Contains matching Compatible, Balanced, and Strict settings UI behavior.

Suggested reviewers: garthvh

Poem

A bunny picked Balanced, then Strict with care,
XEdDSA flags hopped through the air.
Protobufs, settings, and tests joined the tune,
Docs bloomed softly beneath the moon.
“Protect every packet!” the rabbit did cheer.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 9.09% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title concisely describes the main change: adding configurable packet authenticity settings.
Description check ✅ Passed The PR description follows the template and covers what changed, why, testing, screenshots, and checklist items.
Linked Issues check ✅ Passed The changes implement the packet authenticity selector, firmware field binding, capability gating, strict confirmation, and tests requested by #2065.
Out of Scope Changes check ✅ Passed The diff stays focused on packet authenticity UI, persistence, protobufs, docs, tests, and localization with no clear unrelated additions.

Comment @coderabbitai help to get the list of available commands.

@RCGV1

RCGV1 commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Meshtastic/Views/Settings/Config/SecurityConfig.swift`:
- Around line 87-95: The packet authenticity labels in
SecurityConfig.packetAuthenticityTitle do not match the PR contract terminology.
Update the SwiftUI strings for the .balanced and .strict cases to use “Balanced
— Prefer signed (recommended/default)” and “Strict — Require signed,” and make
the same wording change in the corresponding localized strings/documentation so
all references stay consistent.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6567280a-2a6f-49fc-9f7e-2bbc96b89231

📥 Commits

Reviewing files that changed from the base of the PR and between 76da012 and 2c1ce4a.

📒 Files selected for processing (14)
  • Localizable.xcstrings
  • Meshtastic/Helpers/MeshPackets.swift
  • Meshtastic/Model/ConfigModels.swift
  • Meshtastic/Model/DeviceMetadataEntity.swift
  • Meshtastic/Persistence/NodeBackupManager+Import.swift
  • Meshtastic/Persistence/UpdateSwiftData.swift
  • Meshtastic/Resources/docs/index.json
  • Meshtastic/Resources/docs/markdown/user/settings.md
  • Meshtastic/Resources/docs/user/settings.html
  • Meshtastic/Views/Settings/Config/SecurityConfig.swift
  • MeshtasticProtobufs/Sources/meshtastic/config.pb.swift
  • MeshtasticProtobufs/Sources/meshtastic/mesh.pb.swift
  • MeshtasticTests/XEdDSASigningTests.swift
  • docs/user/settings.md

Comment thread Meshtastic/Views/Settings/Config/SecurityConfig.swift
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[2.8.0] Configure packet authenticity policy

1 participant