Use direct partition API for share storage

[kwsantiago]

Closes #8

Summary by CodeRabbit

• Documentation

  • Updated for ESP-IDF v6.1 with detailed ESP32-S3 hardware guidance, prerequisites, and revised usage examples.

• Bug Fixes

  • Switched storage to partition-backed slots and moved console IO to UART; default serial device changed to /dev/ttyUSB0.

• New Features

  • Added an RPC test suite and a serial monitor script for end-to-end device testing.

• Chores

  • Updated SDK defaults and removed legacy QEMU test runner and some internal component wiring.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@kwsantiago has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 42 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between c7f4fff and 2b67778.

⛔ Files ignored due to path filters (1)

• partitions.csv is excluded by !**/*.csv

📒 Files selected for processing (27)

• .github/workflows/ci.yml
• README.md
• components/libnostr-c/CMakeLists.txt
• components/libnostr-c/idf_component.yml
• components/libnostr-c/include/cjson/cJSON.h
• components/libnostr-c/include/noscrypt/noscrypt.h
• components/libnostr-c/include/noscrypt/noscryptutil.h
• components/libnostr-c/nostr_features.h
• components/noscrypt/CMakeLists.txt
• components/noscrypt/idf_component.yml
• components/noscrypt/include/noscrypt/noscrypt.h
• components/noscrypt/include/noscrypt/noscryptutil.h
• components/noscrypt/include/noscrypt/platform.h
• components/noscrypt/include/secp256k1/include/secp256k1.h
• components/noscrypt/include/secp256k1/include/secp256k1_ecdh.h
• components/noscrypt/include/secp256k1/include/secp256k1_extrakeys.h
• components/noscrypt/include/secp256k1/include/secp256k1_schnorrsig.h
• main/CMakeLists.txt
• main/main.c
• main/serial.c
• main/serial.h
• main/storage.c
• scripts/monitor_serial.py
• scripts/test_all_rpc.py
• sdkconfig.defaults
• tests/run_qemu_test.sh
• tests/test_rpc.py

Walkthrough

This PR removes libnostr-c/noscrypt component wiring, replaces NVS storage with a partition-backed slot storage, switches USB/ROM serial I/O to the UART driver with line buffering, restructures the main RPC loop and build deps, and adds new serial/RPC test scripts and sdkconfig defaults.

Changes

Cohort / File(s)	Summary
Component integration removals components/libnostr-c/{CMakeLists.txt, idf_component.yml, include/{cjson/cJSON.h, noscrypt/noscrypt.h, noscrypt/noscryptutil.h}, nostr_features.h} components/noscrypt/{CMakeLists.txt, idf_component.yml, include/noscrypt/{noscrypt.h, noscryptutil.h, platform.h}, include/secp256k1/include/{secp256k1.h, secp256k1_ecdh.h, secp256k1_extrakeys.h, secp256k1_schnorrsig.h}}	Removes ESP-IDF component manifests/CMake wiring and header redirect proxies; deletes nostr_features.h (feature macros and public declarations) and strips build-time feature compile defs.
Partition-backed storage main/storage.c	Replaces NVS with direct partition access: introduces fixed-size share_slot_t, sector-buffered read/erase/write logic, and rewrites storage_init/save/load/delete/list/has to operate on partition slots.
Serial I/O / API change main/serial.c, main/serial.h	Replaces ROM/USB console paths with UART driver (uart_driver_install, uart_read_bytes, uart_write_bytes); adds internal RX buffering and line-oriented read/write; changes serial_init return type to int.
Main application & build deps main/main.c, main/CMakeLists.txt	Switches main loop to line-based request/response buffers, renames JSON "shares"→"groups", relaxes some input checks, unconditionally initializes signer, continues on storage init failure with warning, and updates component REQUIRES (adds esp_partition, mbedtls, removes nvs_flash).
Testing, scripts, CI & config scripts/{test_all_rpc.py, monitor_serial.py}, tests/{test_rpc.py, run_qemu_test.sh}, .github/workflows/ci.yml, sdkconfig.defaults	Adds RPC test suite and serial monitor; updates default test serial device to /dev/ttyUSB0; removes QEMU test runner script; updates CI to use secp256k1-frost and ESP-IDF setup; inserts sdkconfig.defaults for UART console, custom partitions, 8MB flash, log levels, and stack size.
Documentation README.md	Updates storage description to partition-backed, adds Hardware section for ESP32-S3, adjusts prerequisites to ESP-IDF v6.1, and expands Testing with new RPC/monitor guidance and adjusted JSON-RPC IDs.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Host as Host (test_all_rpc.py / user)
    participant Serial as UART
    participant Firmware as ESP32-S3 Firmware
    participant Storage as Partition
    participant Crypto as FROST signer

    Host->>Serial: open /dev/ttyUSB0, send JSON-RPC request
    Serial->>Firmware: UART RX delivers full line
    Firmware->>Firmware: parse JSON request (line-based)
    alt storage-related
        Firmware->>Storage: read/scan slots (list/load/delete/save)
        Storage-->>Firmware: slot data / ack
    end
    alt signing flow
        Firmware->>Crypto: frost_commit / frost_sign operations
        Crypto-->>Firmware: commitment / signature or error
    end
    Firmware->>Serial: format JSON-RPC response line
    Serial->>Host: host reads response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Add native, hardware, and integration test infrastructure #7: Overlaps serial I/O and test harness changes (main/serial.c, main/main.c, README/testing).
• Implement FROST signer with NVS storage and two-round signing protocol #3: Introduced earlier NVS-backed storage and FROST signer integration—directly related to the storage replacement here.
• Add JSON-RPC protocol and USB serial handler #2: Related edits to serial interface and JSON-RPC handling; overlaps caller/handler code paths.

Poem

🐰 Hopping through code, a tiny bright spark,

Partitions now hum where NVS left its mark,
UART lines chatter, tests dance in a row,
Slots tuck the shares where the sectors will go,
I nibble the bugs and send builds on their way.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	Multiple changes appear unrelated to partition-based storage: README updates, serial communication refactoring, test script additions/removals, and config changes.	Scope this PR to partition storage migration only; separate serial/UART, testing, and documentation changes into dedicated pull requests.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Linked Issues check	❓ Inconclusive	Issue #8 provides no detailed requirements to assess. The PR closes issue #8 but lacks specific coding objectives to validate against.	Add detailed requirements to issue #8 or provide explicit coding objectives to enable thorough compliance assessment.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Use direct partition API for share storage' clearly summarizes the main change of replacing NVS-based storage with partition-backed storage throughout the codebase.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

🧹 Nitpick comments (4)

scripts/test_ping.py (1)

8-8: Remove unnecessary f-string prefix.

The string has no placeholders, so the f prefix is unnecessary.

🔎 Proposed fix

-    print(f'Sending ping...')
+    print('Sending ping...')

scripts/monitor_serial.py (1)

13-13: Consider reading in larger chunks for efficiency.

Reading one byte at a time can be inefficient. Consider reading in larger chunks (e.g., 1024 bytes) to reduce system call overhead while maintaining real-time display.

main/serial.c (1)

19-31: Simplify redundant newline stripping.

The code strips trailing newline/carriage return characters twice (lines 23-26, then 27-30). While defensive, this is redundant since a string can only have one trailing newline sequence. Consider simplifying.

🔎 Proposed fix

 int serial_read_line(char *buf, size_t len) {
     if (fgets(buf, len, stdin) == NULL) {
         return 0;
     }
     size_t l = strlen(buf);
-    if (l > 0 && (buf[l-1] == '\n' || buf[l-1] == '\r')) {
-        buf[l-1] = '\0';
-        l--;
-    }
-    if (l > 0 && (buf[l-1] == '\n' || buf[l-1] == '\r')) {
+    // Strip trailing \r\n or \n\r sequences
+    while (l > 0 && (buf[l-1] == '\n' || buf[l-1] == '\r')) {
         buf[l-1] = '\0';
         l--;
     }
     return (int)l;
 }

main/storage.c (1)

46-58: Consider handling uninitialized/corrupted partition data.

If the partition contains garbage data after first flash, slots with random share_len values could be misinterpreted as valid. Consider erasing the entire partition on first init or adding a magic number to share_slot_t to detect uninitialized slots.

🔎 Proposed enhancement

Add a magic number to the structure:

+#define SLOT_MAGIC 0x53484152  // "SHAR"
+
 typedef struct {
+    uint32_t magic;
     uint8_t group_hash[32];
     uint16_t share_len;
     uint8_t share_data[STORAGE_SHARE_LEN];
-    uint8_t reserved[226];
+    uint8_t reserved[222];  // Adjust for magic field
 } __attribute__((packed)) share_slot_t;

Then check slot.magic == SLOT_MAGIC when determining if a slot is valid.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 86374df and d6ae984.

⛔ Files ignored due to path filters (1)

• partitions.csv is excluded by !**/*.csv

📒 Files selected for processing (24)

• README.md
• components/libnostr-c/CMakeLists.txt
• components/libnostr-c/idf_component.yml
• components/libnostr-c/include/cjson/cJSON.h
• components/libnostr-c/include/noscrypt/noscrypt.h
• components/libnostr-c/include/noscrypt/noscryptutil.h
• components/libnostr-c/nostr_features.h
• components/noscrypt/CMakeLists.txt
• components/noscrypt/idf_component.yml
• components/noscrypt/include/noscrypt/noscrypt.h
• components/noscrypt/include/noscrypt/noscryptutil.h
• components/noscrypt/include/noscrypt/platform.h
• components/noscrypt/include/secp256k1/include/secp256k1.h
• components/noscrypt/include/secp256k1/include/secp256k1_ecdh.h
• components/noscrypt/include/secp256k1/include/secp256k1_extrakeys.h
• components/noscrypt/include/secp256k1/include/secp256k1_schnorrsig.h
• main/CMakeLists.txt
• main/main.c
• main/serial.c
• main/storage.c
• scripts/monitor_serial.py
• scripts/test_ping.py
• scripts/test_rpc.py
• sdkconfig.defaults

💤 Files with no reviewable changes (15)

• components/libnostr-c/include/noscrypt/noscryptutil.h
• components/libnostr-c/include/cjson/cJSON.h
• components/noscrypt/include/noscrypt/noscrypt.h
• components/noscrypt/include/secp256k1/include/secp256k1_ecdh.h
• components/noscrypt/CMakeLists.txt
• components/noscrypt/include/noscrypt/platform.h
• components/noscrypt/idf_component.yml
• components/noscrypt/include/secp256k1/include/secp256k1_extrakeys.h
• components/noscrypt/include/secp256k1/include/secp256k1.h
• components/libnostr-c/include/noscrypt/noscrypt.h
• components/noscrypt/include/secp256k1/include/secp256k1_schnorrsig.h
• components/libnostr-c/nostr_features.h
• components/libnostr-c/CMakeLists.txt
• components/noscrypt/include/noscrypt/noscryptutil.h
• components/libnostr-c/idf_component.yml

🧰 Additional context used

🧬 Code graph analysis (1)

main/main.c (3)

main/frost_signer.c (1)

• frost_signer_init (108-114)

main/serial.c (3)

• serial_init (14-16)
• serial_read_line (18-32)
• serial_write_line (34-38)

main/protocol.c (2)

• protocol_parse_request (17-64)
• protocol_format_response (66-93)

🪛 Ruff (0.14.10)

scripts/test_ping.py

8-8: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

25-25: Do not use bare except

(E722)

---

25-26: try-except-pass detected, consider logging the exception

(S110)

scripts/test_rpc.py

23-23: Do not use bare except

(E722)

scripts/monitor_serial.py

19-19: Do not catch blind exception: Exception

(BLE001)

---

22-22: Do not catch blind exception: Exception

(BLE001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (5)

main/CMakeLists.txt (1)

4-4: LGTM! Dependencies align with the storage refactor.

The addition of esp_partition and mbedtls dependencies supports the new partition-based storage implementation, while removing nvs_flash is consistent with eliminating NVS usage.

sdkconfig.defaults (2)

5-5: Consider the implications of disabling the task watchdog.

Disabling CONFIG_ESP_TASK_WDT_EN removes automatic detection of hung tasks. While this may be acceptable for development or if the application has its own monitoring, it could mask issues in production deployments.

---

2-3: No action needed—partitions.csv exists in the repository and is properly tracked by git.

The custom partition table file referenced in the configuration is present at the repository root.

Likely an incorrect or invalid review comment.

README.md (1)

9-9: LGTM! Documentation accurately reflects the implementation changes.

The documentation updates correctly describe:

• The migration from NVS to partition-backed storage
• Hardware requirements for ESP32-S3
• Updated device paths for USB Serial JTAG (/dev/ttyACM0)
• New test scripts and monitoring tools

These changes align well with the code refactoring throughout the PR.

Also applies to: 24-28, 33-40, 48-51, 57-82

main/main.c (1)

138-138: Good addition of task delay.

The 10ms delay prevents the main loop from spinning tightly and consuming excessive CPU, allowing other FreeRTOS tasks to run.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

sdkconfig.defaults (1)

12-12: Consider re-enabling the task watchdog for production.

Disabling CONFIG_ESP_TASK_WDT_EN is useful during development/debugging, but in production it removes protection against infinite loops or stuck tasks. Consider using CONFIG_ESP_TASK_WDT_PANIC=n instead to allow watchdog monitoring without immediate panic, or add a comment indicating this is intentional for testing.

main/CMakeLists.txt (1)

4-4: Dependencies updated correctly for partition-backed storage.

Adding esp_partition and mbedtls while removing nvs_flash aligns with the storage refactor.

Consider removing esp_driver_usb_serial_jtag if it's no longer used after switching to UART-based serial—this would reduce unnecessary dependencies.

main/storage.c (1)

59-64: Consider validating input parameters before processing.

The function doesn't validate that group and share_hex are non-NULL or that group length fits within STORAGE_GROUP_LEN. While callers may validate inputs, defensive checks here would prevent crashes from unexpected NULL pointers.

🔎 Proposed defensive checks

 int storage_save_share(const char *group, const char *share_hex) {
     if (!initialized) return -1;
+    if (!group || !share_hex || strlen(group) == 0) return -1;
+    if (strlen(group) > STORAGE_GROUP_LEN) return -1;
 
     unsigned char share_bytes[STORAGE_SHARE_LEN];
     int share_len = hex_to_bytes(share_hex, share_bytes, sizeof(share_bytes));

scripts/test_all_rpc.py (2)

79-79: Remove extraneous f-string prefixes.

Lines 79 and 97 use f-strings without any placeholders. Per static analysis (Ruff F541).

🔎 Proposed fix

     if resp and "result" in resp:
-        print(f"    PASS: commitment received")
+        print("    PASS: commitment received")
         return resp['result']

     if resp and "result" in resp:
-        print(f"    PASS: signature share received")
+        print("    PASS: signature share received")
         return True

Also applies to: 97-97

---

10-30: Consider consolidating shared RPC utilities with tests/test_rpc.py.

Both scripts/test_all_rpc.py and tests/test_rpc.py implement similar send_request/send_rpc functions with slight differences (line endings \r\n vs \n, timeout handling). Consider extracting common utilities to a shared module to reduce duplication and ensure consistent behavior.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d6ae984 and c7f4fff.

⛔ Files ignored due to path filters (1)

• partitions.csv is excluded by !**/*.csv

📒 Files selected for processing (25)

• README.md
• components/libnostr-c/CMakeLists.txt
• components/libnostr-c/idf_component.yml
• components/libnostr-c/include/cjson/cJSON.h
• components/libnostr-c/include/noscrypt/noscrypt.h
• components/libnostr-c/include/noscrypt/noscryptutil.h
• components/libnostr-c/nostr_features.h
• components/noscrypt/CMakeLists.txt
• components/noscrypt/idf_component.yml
• components/noscrypt/include/noscrypt/noscrypt.h
• components/noscrypt/include/noscrypt/noscryptutil.h
• components/noscrypt/include/noscrypt/platform.h
• components/noscrypt/include/secp256k1/include/secp256k1.h
• components/noscrypt/include/secp256k1/include/secp256k1_ecdh.h
• components/noscrypt/include/secp256k1/include/secp256k1_extrakeys.h
• components/noscrypt/include/secp256k1/include/secp256k1_schnorrsig.h
• main/CMakeLists.txt
• main/main.c
• main/serial.c
• main/storage.c
• scripts/monitor_serial.py
• scripts/test_all_rpc.py
• sdkconfig.defaults
• tests/run_qemu_test.sh
• tests/test_rpc.py

💤 Files with no reviewable changes (16)

• components/noscrypt/include/noscrypt/noscrypt.h
• components/libnostr-c/include/cjson/cJSON.h
• components/noscrypt/include/noscrypt/platform.h
• components/noscrypt/include/secp256k1/include/secp256k1.h
• components/noscrypt/include/noscrypt/noscryptutil.h
• components/noscrypt/include/secp256k1/include/secp256k1_ecdh.h
• components/libnostr-c/idf_component.yml
• components/libnostr-c/CMakeLists.txt
• components/noscrypt/CMakeLists.txt
• components/noscrypt/include/secp256k1/include/secp256k1_schnorrsig.h
• components/libnostr-c/include/noscrypt/noscryptutil.h
• tests/run_qemu_test.sh
• components/noscrypt/include/secp256k1/include/secp256k1_extrakeys.h
• components/libnostr-c/include/noscrypt/noscrypt.h
• components/noscrypt/idf_component.yml
• components/libnostr-c/nostr_features.h

🚧 Files skipped from review as they are similar to previous changes (1)

• scripts/monitor_serial.py

🧰 Additional context used

🧬 Code graph analysis (1)

scripts/test_all_rpc.py (1)

tests/test_rpc.py (6)

• test_ping (20-25)
• test_import_share (35-43)
• test_frost_commit (56-69)
• test_frost_sign (71-84)
• test_delete_share (86-90)
• main (95-140)

🪛 Ruff (0.14.10)

scripts/test_all_rpc.py

79-79: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

97-97: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

131-131: Do not catch blind exception: Exception

(BLE001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (12)

tests/test_rpc.py (1)

96-96: LGTM!

The default port change from /dev/ttyACM0 to /dev/ttyUSB0 aligns with the shift from USB Serial JTAG to UART-based serial communication configured in sdkconfig.defaults.

README.md (2)

9-9: Documentation improvements look good.

The updated storage description, new hardware section, and expanded testing documentation provide clear guidance for users. The testing section now properly references the new RPC test scripts.

Also applies to: 24-28, 68-78

---

80-81: The tests/test_qemu.py file exists in the repository and is correctly referenced in the documentation. No issues to address.

main/main.c (2)

108-112: Previous review concerns addressed, but continuing after storage failure may cause issues.

The error response for parse failures (lines 128-130) and format response check (lines 131-136) address past review comments. However, continuing after storage_init() failure (line 109) means all storage-dependent RPC methods (import_share, delete_share, list_shares, get_share_pubkey) will fail with storage errors. Consider whether this degraded mode is intentional or if it would be better to halt initialization.

---

117-138: Main loop implementation is clean and handles errors appropriately.

The static allocation for buffers avoids heap fragmentation on the embedded device. The loop properly:

• Resets response state each iteration
• Sends error responses for parse failures
• Checks format response return value before writing
• Yields to allow other FreeRTOS tasks to run

main/serial.c (1)

20-36: Line reading implementation is correct.

The buffered input approach properly handles:

• CR/LF line terminators
• Buffer overflow protection (line 31)
• Null-termination of output

One minor note: if the caller's buffer is smaller than the accumulated data, the line is silently truncated. This is acceptable given the matching buffer sizes used in main.c.

main/storage.c (3)

13-18: Previous critical issues resolved.

The struct sizing issue is now fixed with _Static_assert at line 153 ensuring share_slot_t equals SHARE_SLOT_SIZE (512 bytes). The struct now stores the group as a string instead of a hash, simplifying lookups and addressing the previous concern about needing to store original group strings.

Also applies to: 153-153

---

81-98: Partition erase alignment issue resolved.

The sector-based read-modify-write approach now properly aligns erase operations to 4KB boundaries (SECTOR_SIZE). The implementation:

1. Reads the entire 4KB sector containing the target slot
2. Modifies the specific slot within the buffer
3. Erases the aligned sector
4. Writes the complete sector back

This correctly addresses the previous critical issue about ESP32's 4KB flash sector alignment requirement.

---

155-170: storage_list_shares is now properly implemented.

The function correctly:

• Checks initialization state (returns -1 if uninitialized)
• Iterates slots to find valid entries
• Copies group strings with proper bounds
• Returns the count of groups found

This addresses the previous concern about the stub implementation.

scripts/test_all_rpc.py (2)

127-133: Broad exception handling is acceptable here.

While Ruff flags BLE001 for catching blind Exception, this is appropriate for serial port initialization where various OS-level errors can occur (permission denied, device not found, etc.). The error is logged with context before exiting.

---

84-103: Test logic appropriately handles expected errors.

The test_frost_sign function correctly treats an error response as a pass (lines 99-101) since invalid commitments are expected to fail. This is appropriate for testing error handling paths.

sdkconfig.defaults (1)

1-15: Serial driver missing explicit baud rate configuration.

While the configuration correctly enables UART0, the claim that it "correctly matches the serial driver configuration" is inaccurate. The serial.c implementation calls uart_driver_install() without a preceding uart_param_config() call to set the baud rate. The CONFIG_ESP_CONSOLE_UART_BAUDRATE=115200 in sdkconfig.defaults applies only to the ESP console subsystem, not to the custom serial driver. The serial driver will use UART defaults rather than explicitly configured 115200 baud.

The partitions.csv file correctly exists and defines the required "storage" partition. The stack size and partition table settings are appropriate, but the serial driver implementation needs a call to uart_param_config() to explicitly configure the UART parameters before use.

Likely an incorrect or invalid review comment.