fix(rdpsnd-native)!: replace anyhow with typed RdpsndNativeError#1277
Open
Greg Lamberson (glamberson) wants to merge 1 commit into
Open
fix(rdpsnd-native)!: replace anyhow with typed RdpsndNativeError#1277Greg Lamberson (glamberson) wants to merge 1 commit into
Greg Lamberson (glamberson) wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates ironrdp-rdpsnd-native to expose a concrete, typed error (RdpsndNativeError) instead of returning anyhow::Result from DecodeStream::new, aligning the crate with the workspace convention of library crates providing typed error surfaces.
Changes:
- Introduces
RdpsndNativeErrorKindand associatedRdpsndNativeError/RdpsndNativeResultaliases. - Switches
DecodeStream::new(and related call sites) fromanyhow-based errors toironrdp_error::Error<Kind>with optional chained sources. - Moves
anyhowtodev-dependencies(kept for the example) and updates logging to usee.report().
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| crates/ironrdp-rdpsnd-native/src/lib.rs | Exposes the new typed error module/types; keeps anyhow referenced under cfg(test). |
| crates/ironrdp-rdpsnd-native/src/error.rs | Adds the new typed error kind and type aliases. |
| crates/ironrdp-rdpsnd-native/src/cpal.rs | Converts DecodeStream::new to typed errors and attaches sources; updates logging. |
| crates/ironrdp-rdpsnd-native/Cargo.toml | Replaces anyhow dependency with ironrdp-error (std) and moves anyhow to dev-deps. |
| Cargo.lock | Adds ironrdp-error to the lockfile dependency graph. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Greg Lamberson (glamberson)
force-pushed
the
fix/rdpsnd-native-typed-error
branch
from
60e5d79 to
8282d17
Compare
Greg Lamberson (glamberson)
added a commit
to lamco-admin/IronRDP
that referenced
this pull request
May 20, 2026
Reshape the public surface introduced earlier in this PR before it lands, to avoid a future breaking touch when ironrdp-server's anyhow-removal pass arrives. Mirrors the post-Devolutions#1264 hand-rolled error pattern (Display + core::error::Error impls, no thiserror). Trait signature was `Result<bool>` (i.e. anyhow::Result through the file-level `use anyhow::Result`). Two issues: - New public surface depending on anyhow at a moment when the workspace is moving the other way (Devolutions#1277 just removed anyhow from rdpsnd-native). - `Ok(true)` vs `Ok(false)` is stringly typed at the call site: a bare bool with no semantic clue. New shape: - `CredentialDecision::{Accept, Reject}` for the binary outcome. - `CredentialValidationError` wrapping any `core::error::Error + Send + Sync` for the case where the validator backend itself failed (LDAP unreachable, PAM transport error, etc.). Manual Display + Error impls; source chains through. - `validate(&self, &Credentials) -> Result<CredentialDecision, CredentialValidationError>`. The accept/reject/backend-error trichotomy is now explicit at every call site. Rejection is no longer an error; backend failure is. Log + bail strings updated to match the trichotomy. Also addresses the API consistency note: every other configurable on `RdpServerBuilder<BuilderDone>` goes through `with_*` on the builder. Added `with_credential_validator(Option<Arc<dyn ...>>)` following the same shape as `with_connection_handler`. The post-construction `set_credential_validator` setter is kept (now takes `Option` to match the field and the builder's setter shape) for dynamic reconfiguration after `build()`. Tests added in `server.rs` cover Accept / Reject / backend-error propagation and `Arc<dyn CredentialValidator>` Send + Sync + 'static bounds. Integration with `client_accepted` is exercised through the existing acceptor-side tests once the validator is wired via the builder; no new integration test in this commit (server-side precedent per Devolutions#1181 / Devolutions#1187 / Devolutions#1281). Verification: `cargo test -p ironrdp-server --lib` (14 passed), `cargo clippy -p ironrdp-server --all-targets -- -D warnings` clean, `cargo check -p ironrdp-server` clean. Refs Devolutions#1154, Devolutions#1150, Devolutions#1155.
Greg Lamberson (glamberson)
added a commit
to lamco-admin/IronRDP
that referenced
this pull request
May 20, 2026
Reshape the public surface introduced earlier in this PR before it lands, to avoid a future breaking touch when ironrdp-server's anyhow-removal pass arrives. Mirrors the post-Devolutions#1264 hand-rolled error pattern (Display + core::error::Error impls, no thiserror). Trait signature was `Result<bool>` (i.e. anyhow::Result through the file-level `use anyhow::Result`). Two issues: - New public surface depending on anyhow at a moment when the workspace is moving the other way (Devolutions#1277 just removed anyhow from rdpsnd-native). - `Ok(true)` vs `Ok(false)` is stringly typed at the call site: a bare bool with no semantic clue. New shape: - `CredentialDecision::{Accept, Reject}` for the binary outcome. - `CredentialValidationError` wrapping any `core::error::Error + Send + Sync` for the case where the validator backend itself failed (LDAP unreachable, PAM transport error, etc.). Manual Display + Error impls; source chains through. - `validate(&self, &Credentials) -> Result<CredentialDecision, CredentialValidationError>`. The accept/reject/backend-error trichotomy is now explicit at every call site. Rejection is no longer an error; backend failure is. Log + bail strings updated to match the trichotomy. Also addresses the API consistency note: every other configurable on `RdpServerBuilder<BuilderDone>` goes through `with_*` on the builder. Added `with_credential_validator(Option<Arc<dyn ...>>)` following the same shape as `with_connection_handler`. The post-construction `set_credential_validator` setter is kept (now takes `Option` to match the field and the builder's setter shape) for dynamic reconfiguration after `build()`. Tests for the trait, the `CredentialDecision` enum, the error wrapper's source chaining, and the `Send + Sync + 'static` bounds through `Arc<dyn _>` live in `crates/ironrdp-testsuite-core/tests/server/credential_validator.rs`, matching the canonical IronRDP split: public-API tests in `ironrdp-testsuite-core`, inline `#[cfg(test)]` only for crate-internal behavior (per the `autodetect.rs` precedent which has both: inline tests on internal state machine, public-API tests in `testsuite-core/tests/server/autodetect.rs`). Verification: `cargo xtask check fmt/lints/tests/typos/locks` all pass; new tests pass in the testsuite-core harness (4 added). Refs Devolutions#1154, Devolutions#1150, Devolutions#1155.
Greg Lamberson (glamberson)
added a commit
to lamco-admin/IronRDP
that referenced
this pull request
May 20, 2026
Reshape the public surface introduced earlier in this PR before it lands, to avoid a future breaking touch when ironrdp-server's anyhow-removal pass arrives. Mirrors the post-Devolutions#1264 hand-rolled error pattern (Display + core::error::Error impls, no thiserror). Trait signature was `Result<bool>` (i.e. anyhow::Result through the file-level `use anyhow::Result`). Two issues: - New public surface depending on anyhow at a moment when the workspace is moving the other way (Devolutions#1277 just removed anyhow from rdpsnd-native). - `Ok(true)` vs `Ok(false)` is stringly typed at the call site: a bare bool with no semantic clue. New shape: - `CredentialDecision::{Accept, Reject}` for the binary outcome. - `CredentialValidationError` wrapping any `core::error::Error + Send + Sync` for the case where the validator backend itself failed (LDAP unreachable, PAM transport error, etc.). Manual Display + Error impls; source chains through. - `validate(&self, &Credentials) -> Result<CredentialDecision, CredentialValidationError>`. The accept/reject/backend-error trichotomy is now explicit at every call site. Rejection is no longer an error; backend failure is. Log + bail strings updated to match the trichotomy. Also addresses the API consistency note: every other configurable on `RdpServerBuilder<BuilderDone>` goes through `with_*` on the builder. Added `with_credential_validator(Option<Arc<dyn ...>>)` following the same shape as `with_connection_handler`. The post-construction `set_credential_validator` setter is kept (now takes `Option` to match the field and the builder's setter shape) for dynamic reconfiguration after `build()`. Tests for the trait, the `CredentialDecision` enum, the error wrapper's source chaining, and the `Send + Sync + 'static` bounds through `Arc<dyn _>` live in `crates/ironrdp-testsuite-core/tests/server/credential_validator.rs`, matching the canonical IronRDP split: public-API tests in `ironrdp-testsuite-core`, inline `#[cfg(test)]` only for crate-internal behavior (per the `autodetect.rs` precedent which has both: inline tests on internal state machine, public-API tests in `testsuite-core/tests/server/autodetect.rs`). Verification: `cargo xtask check fmt/lints/tests/typos/locks` all pass; new tests pass in the testsuite-core harness (4 added). Refs Devolutions#1154, Devolutions#1150, Devolutions#1155.
Brings ironrdp-rdpsnd-native into line with the workspace convention from ARCHITECTURE.md that libraries provide concrete error types rather than anyhow::Result. Defines RdpsndNativeErrorKind with four variants covering the failure modes in DecodeStream::new (UnsupportedFormat, OpusInit, AudioDevice, StreamBuild). Display and core::error::Error impls are hand-rolled per the post-Devolutions#1264 pattern in ironrdp-pdu. DecodeStream::new now returns RdpsndNativeResult<Self> instead of anyhow::Result<Self>. Foreign error sources (opus2::Error, cpal::DefaultStreamConfigError, cpal::BuildStreamError) are attached via Error::with_source so the cause chain remains reachable through core::error::Error::source(). anyhow moves from [dependencies] to [dev-dependencies] for the cpal example binary. The internal log of construction failures switches from "{e:#}" to e.report() to preserve cause-chain output now that anyhow's alternate-format chain printing is no longer involved. Signed-off-by: Greg Lamberson <greg@lamco.io>
Greg Lamberson (glamberson)
force-pushed
the
fix/rdpsnd-native-typed-error
branch
from
8282d17 to
4365a85
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces
anyhow::ResultonDecodeStream::newwith a typedRdpsndNativeError, bringing the crate into line with the workspaceconvention from
ARCHITECTURE.mdthat libraries provide concreteerror types rather than
anyhow.Approach
errormodule definesRdpsndNativeErrorKindwith four variants(
UnsupportedFormat,OpusInit,AudioDevice,StreamBuild).Displayandcore::error::Errorimpls are hand-rolled, followingthe post-refactor(pdu): hand-roll Display/Error impls and remove thiserror dependency #1264 pattern in
ironrdp-pdu.RdpsndNativeError = ironrdp_error::Error<RdpsndNativeErrorKind>keeps the workspace's
Error<Kind>shape.DecodeStream::newreturnsRdpsndNativeResult<Self>instead ofanyhow::Result<Self>. Foreign error sources (opus2::Error,cpal::DefaultStreamConfigError,cpal::BuildStreamError) attachvia
Error::with_sourceso the cause chain stays reachable throughcore::error::Error::source().anyhowmoves from[dependencies]to[dev-dependencies]for thecpalexample binary.Alternatives considered
thiserrorderive: rejected for consistency with the post-refactor(pdu): hand-roll Display/Error impls and remove thiserror dependency #1264direction in
ironrdp-pdu.ironrdp-rdpsnd-nativeis not Core Tierand could technically use
thiserror, but staying hand-rolledmatches the recently-established workspace pattern.
ConnectorErrorKindstyle): rejected because the source types (
opus2::Error, multiplecpalerrors) would leak into the publicKindsurface formarginal matchability benefit.
anyhowinternally, change only the public signature:rejected because
anyhow::Errorwould still propagate through thesource chain to consumers.
Trade-offs accepted
The four-variant categorisation is coarser than per-error-type
matchability would offer. Consumers needing finer detail traverse the
source chain via
core::error::Error::source(). This matches theexisting pattern in
PduErrorKind.Verification
cargo xtask check fmt -vgreencargo xtask check lints -vgreencargo xtask check tests -vgreencargo xtask check typos -vgreencargo xtask check locks -vgreencargo check -p ironrdp-rdpsnd-native --no-default-featuresgreencargo check -p ironrdp-rdpsnd-native --examplesgreenReferences
Display/Errorinironrdp-pdu).bail!macro: feat(error): add shared bail! and ensure! macros to ironrdp-error #1263 (shared macros inironrdp-error).