Skip to content

Address Copilot review follow-ups for runtime trace and SSL handling#87

Merged
matt2005 merged 1 commit intodevelopfrom
fix/copilot-pr86-followups
Mar 15, 2026
Merged

Address Copilot review follow-ups for runtime trace and SSL handling#87
matt2005 merged 1 commit intodevelopfrom
fix/copilot-pr86-followups

Conversation

@matt2005
Copy link

@matt2005 matt2005 commented Mar 15, 2026

Summary

This PR applies the actionable Copilot review follow-ups from #86 while preserving AA runtime behavior.

Changes

  • src/Messenger/MessageInStream.cpp
    • Replaced function-local static trace counter with atomic counter.
    • Replaced magic number MessageId(3) with named control enum MESSAGE_ENCAPSULATED_SSL.
    • Reduced high-frequency frame/payload logs from info to debug.
  • src/Transport/USBTransport.cpp
    • Reduced per-transfer send/receive logs from info to debug.
  • src/Transport/SSLWrapper.cpp
    • Treat non-fatal SSL_ERROR_WANT_* as expected control flow (debug level).
    • Drain OpenSSL error queue only for fatal paths.
  • debian/postinst
    • Hardened cert/key permissions: cert 644, key 600 by default.
    • Optional key group-read compatibility retained only when dedicated aasdk group exists.

Validation

AASDK build/install

  • Built and installed successfully from this branch:
    • TARGET_ARCH=$(dpkg --print-architecture) CROSS_COMPILE=false ./build.sh debug clean install --skip-protobuf --skip-absl

Crankshaft integration build/test

  • Rebuilt crankshaft.core debug (all targets): success.
  • Ran Android Auto-focused tests (headless):
    • AALifecycleTest: pass
    • AndroidAutoTopicContractTest: pass
    • AndroidAutoStatusIntegrationTest: pre-existing failure in QML signal signature (onServiceAvailabilityChanged(QVariant) mismatch in test)
    • AndroidAutoAoapRetryContractTest: pre-existing contract failure unrelated to aasdk changes

Live projection probe

  • Ran crankshaft-core runtime probe and verified projection markers:
    • projection_ready=true reason=video_first_frame
    • video_first_frame observed
  • No handshake-timeout marker observed during the successful probe window.

Notes

This PR is intentionally scoped to reviewed diagnostics/logging/thread-safety/SSL error-path behavior and does not change AA protocol flow semantics.

@matt2005
Copy link
Author

matt2005 commented Mar 15, 2026

Validation note from local integration check before opening this PR:

  1. aasdk built and installed successfully from this branch.
  2. crankshaft.core rebuilt successfully against the updated local install.
  3. Live crankshaft-core probe reached projection success markers:
  • projection_ready=true reason=video_first_frame
  • video_first_frame
  1. No handshake-timeout marker was seen during the successful probe window.

Known caveats from crankshaft.core test run:

  • AALifecycleTest: pass
  • AndroidAutoTopicContractTest: pass
  • AndroidAutoStatusIntegrationTest: failing due to existing QML signal/signature mismatch in the test path
  • AndroidAutoAoapRetryContractTest: existing contract failure unrelated to these aasdk changes

This PR remains scoped to logging/thread-safety/SSL error-path cleanup and permission hardening, with projection behavior revalidated on-device.

@matt2005 matt2005 merged commit 94d19c0 into develop Mar 15, 2026
3 checks passed
@matt2005 matt2005 deleted the fix/copilot-pr86-followups branch March 15, 2026 07:49
@matt2005 matt2005 mentioned this pull request Mar 15, 2026
Merged
matt2005 added a commit that referenced this pull request Mar 15, 2026
@matt2005
Merge develop into main (#86)
a264826 
* fix: USB AOAP recovery, TLS bridge guard, SSL decrypt drain, diagnostics (#84)

* Fix SSL decrypt handling and migrate cert install to /etc/aasdk

- handle SSL WANT_READ/WANT_WRITE as partial frame in Cryptor decrypt\n- add richer SSL diagnostics in SSLWrapper/Cryptor\n- move cert/key install path from /etc/openauto to /etc/aasdk\n- add debian postinst migration and permission/ownership fixups

* fix: USB AOAP recovery, TLS bridge, SSL decrypt drain, diagnostics

- AOAPDevice: detect LIBUSB_ERROR_BUSY on claimInterface and attempt
  releaseInterface + retry before throwing to handle stale ownership
  after abrupt transport teardown

- MessageInStream: conditionally inject ENCAPSULATED_SSL prefix (MessageId 3)
  only when the incoming payload looks like a TLS record (content-type
  0x14-0x17, version byte 0x03); plain payloads such as version responses
  are no longer misclassified; promote frame/payload logs to info level

- Cryptor: simplify SSL decrypt drain loop to pure while(true) with
  fixed 2048-byte read chunks; remove overhead/expected-bytes heuristics
  that caused premature loop exit; demote WANT_READ/WANT_WRITE to debug

- ControlServiceChannel: add info-level logs for sendVersionRequest
  (logs major/minor) and sendHandshake (logs payload size); promote
  incoming MessageId log to info for runtime visibility

- USBTransport: add diagnostic logs for doSend submission, sendComplete,
  sendError, enqueueReceive, receiveComplete and receiveError including
  endpoint address, byte count and error code/native code

* Add runtime-toggleable cryptor/message tracing and docs (#85)

* Address Copilot PR review follow-ups (#87)

* Add MessageInStream regression tests and run CI unit tests on PR/main/develop (#88)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matt2005