Exhaustive enum switch

[cjen1-msft]

This adds -Wswitch-enum which requires a branch for every type of an enum.
And it also adds -Wcovered-switch-default which throws an error if every case of an enum is covered.

And then fixes all of the switch statements.

[Copilot]

Pull request overview

This PR tightens compiler warnings by enabling -Wswitch-enum and updates many switch statements across the codebase to explicitly cover enum values (often replacing broad default branches with specific cases), alongside some adjustments to error handling when unexpected enum values are encountered.

Changes:

• Enable -Wswitch-enum in the CMake warning checks.
• Update numerous enum switch statements to explicitly enumerate cases and make “unknown”/invalid states more explicit (often via throw).
• Minor related cleanups (eg removing unreachable returns, refining log/error messages).

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
cmake/preproject.cmake	Enables -Wswitch-enum under warning checks.
src/http/curl.h	Suppresses -Wswitch-enum for a deliberately non-exhaustive llhttp-method switch (currently Clang-only).
src/node/channels.h	Adjusts unestablished-channel handling to explicitly case on NodeMsgType::channel_msg.
src/consensus/aft/raft.h	Refines switch handling/logging for a specific Raft message type.
src/js/permissions_checks.h	Makes TxAccess handling explicit (replacing a default with a named case).
src/ds/actors.h	Makes ActorsType::unknown explicit (replacing default).
src/node/node_state.h	Refines node inbound message-type switch handling and error reporting.
src/node/hooks.h	Throws on unknown NodeStatus in configuration change hook.
src/node/rpc/node_frontend_utils.h	Makes “Verified”/unknown quote verification results explicit via exceptions.
src/node/rpc/node_frontend.h	Makes QuoteFormat handling explicit in service creation path.
src/node/quote.cpp	Makes QuoteFormat handling explicit in host data extraction.
src/pal/quote_generation.h	Makes platform cases explicit and returns early from handled cases.
src/node/uvm_endorsements.cpp	Makes unsupported JWK key type explicit (OKP).
src/kv/generic_serialise_wrapper.h	Includes serialized helpers and throws on invalid security domain sentinel.
src/enclave/tls_session.h	Makes TLS session status handling more explicit; adds an exception on unknown status in one switch.
src/quic/quic_session.h	Makes QUIC session status switches more explicit.
src/host/tcp.h	Enumerates Status cases more explicitly and tightens unexpected-state handling.
src/host/udp.h	Makes FRESH state explicit in switch.
src/crypto/openssl/hash.h	Removes unreachable return nullptr.
include/ccf/service/tables/proposals.h	Adds formatter support for ProposalState::FAILED; throws on unknown state.
include/ccf/endpoint.h	Refines formatter implementation and error message for invalid ForwardingRequired.
include/ccf/pal/attestation_sev_snp.h	Improves error message with unsupported product value.
include/ccf/crypto/jwk.h	Tightens curve mapping with explicit invalid/unsupported cases.
include/ccf/crypto/curve.h	Tightens ECDSA curve mapping and error message text.
samples/apps/programmability/programmability.cpp	Makes ApiResult handling explicit for additional cases.
src/node/recovery_decision_protocol.cpp	Adds explicit handling for OPEN state in a state machine switch.

Comments suppressed due to low confidence (2)

src/js/permissions_checks.h:86

• After replacing default with an explicit TxAccess::GOV_RO case, this switch no longer handles unexpected execution_context values, and there is no return after the switch. If an invalid enum value is ever observed (eg via cast/deserialisation), this becomes undefined behaviour (control reaches end without returning). Add a default (eg return ILLEGAL/throw) or an explicit unreachable after the switch.

            switch (execution_context)
            {
              case (TxAccess::APP_RW):
              {
                return KVAccessPermissions::READ_WRITE;
              }
              case (TxAccess::APP_RO):
              {
                return KVAccessPermissions::READ_ONLY;
              }
              case (TxAccess::GOV_RW):
              {
                return KVAccessPermissions::WRITE_ONLY;
              }
              case (TxAccess::GOV_RO):
              {
                return KVAccessPermissions::ILLEGAL;
              }
            }

src/ds/actors.h:45

• This switch no longer has a default, and the function has no return after the switch. If ActorsType ever holds an invalid value (eg via cast/deserialisation), control can reach the end without returning (UB). Add a default return or an explicit unreachable/throw after the switch to make this total.

      {
        return "node";
      }
      case ActorsType::unknown:
      {
        return "";
      }
    }
  }

---

You can also share your feedback on Copilot code review. Take the survey.