telepath-wire 0.2.0

Shared wire protocol types for Telepath (no_std, no alloc)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326

//! Telepath wire protocol types.
//!
//! This crate is `no_std` and `no alloc`. It defines the shared types used by
//! both the firmware-side (`telepath-firmware`) and host-side (`telepath-host`)
//! libraries. All types must remain free of heap allocation.
//!
//! # Protocol overview
//!
//! - Framing: COBS downstream (Host→Target), rzCOBS upstream (Target→Host); 0x00 delimiter both directions
//! - Serialization: postcard (little-endian, varint-compressed)
//! - Packet type discriminant: 2-valued (Request / Response), per ONC RPC CALL/REPLY model
//! - Errors: expressed via `ResponseStatus`, not as a separate packet type
//! - Discovery: reserved CmdID 0x0000 (CoAP Empty / ONC RPC convention)
#![no_std]

pub mod cmd_id;
pub mod framing;
#[cfg(feature = "profile")]
pub mod metrics;
#[cfg(feature = "profile")]
pub use metrics::MetricsSnapshot;

use serde::{Deserialize, Serialize};

// ---------------------------------------------------------------------------
// Constants
// ---------------------------------------------------------------------------

/// Maximum payload size in bytes. Both sides MUST enforce this limit.
pub const MAX_PAYLOAD_SIZE: usize = 256;

/// Reserved command ID for the Command Discovery Protocol (CDP).
///
/// Sending a `Request` with this ID causes the target to reply with its full
/// command registry. Modeled after RFC 7252 CoAP Code 0.00 (Empty) and ONC RPC
/// NULL procedure convention.
pub const CMD_ID_DISCOVERY: u16 = 0x0000;

/// Reserved command ID for the framing/throughput metrics snapshot.
///
/// Sending a `Request` with this ID causes the target to reply with the current
/// [`MetricsSnapshot`] and atomically reset all counters. Only present when the
/// target is built with the `profile` feature; without it the command simply
/// does not exist and the host receives `SystemError`.
pub const CMD_ID_METRICS: u16 = 0xFFFE;

// ---------------------------------------------------------------------------
// PacketType
// ---------------------------------------------------------------------------

/// Wire-level packet type discriminant.
///
/// Only two variants exist (Request / Response), following the ONC RPC
/// RFC 5531 CALL/REPLY model. Error information is carried inside a
/// `Response` via [`ResponseStatus`], not as a distinct packet type.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[repr(u8)]
pub enum PacketType {
    /// A call from host to target (CALL in ONC RPC terminology).
    Request = 0x01,
    /// A reply from target to host (REPLY in ONC RPC terminology).
    Response = 0x02,
}

// ---------------------------------------------------------------------------
// ResponseStatus
// ---------------------------------------------------------------------------

/// Status code carried inside a [`Response`] packet.
///
/// Using a dedicated status field (rather than a separate packet type) keeps
/// the framing layer simple and mirrors HTTP status code semantics.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[repr(u8)]
pub enum ResponseStatus {
    /// The command executed successfully.
    Ok = 0x00,
    /// The command returned a user-defined application error.
    AppError = 0x01,
    /// A system-level error occurred (e.g., unknown CmdID, deserialize failure).
    SystemError = 0x02,
}

// ---------------------------------------------------------------------------
// Request / Response packets
// ---------------------------------------------------------------------------

/// An RPC call from host to target.
///
/// The `args` field is a postcard-serialized argument struct. Its schema is
/// identified by `cmd_id`, which encodes the function name and argument types
/// as a hash (computed at firmware build time).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Request<'a> {
    /// Packet kind — always [`PacketType::Request`] on the wire.
    pub kind: PacketType,
    /// Monotonically increasing sequence number for matching responses to calls.
    pub seq_no: u16,
    /// Command identifier: hash of (function name + input schema + output schema).
    pub cmd_id: u16,
    /// Postcard-serialized argument bytes. Lifetime tied to the receive buffer.
    #[serde(borrow)]
    pub args: &'a [u8],
}

/// An RPC reply from target to host.
///
/// On success (`status == Ok`) `payload` contains the postcard-serialized
/// return value. On error it contains a postcard-serialized error description.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Response<'a> {
    /// Packet kind — always [`PacketType::Response`] on the wire.
    pub kind: PacketType,
    /// Matches the `seq_no` of the originating [`Request`].
    pub seq_no: u16,
    /// Execution outcome.
    pub status: ResponseStatus,
    /// Postcard-serialized return value or error payload.
    #[serde(borrow)]
    pub payload: &'a [u8],
}

// ---------------------------------------------------------------------------
// DiscoveryEntry
// ---------------------------------------------------------------------------

/// A single entry returned by the Command Discovery Protocol (CmdID 0x0000).
///
/// The firmware serializes all registered commands as a postcard sequence of
/// these entries in response to a CDP request.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DiscoveryEntry<'a> {
    /// 16-bit command ID derived by [`telepath_wire::cmd_id::derive_cmd_id`].
    pub id: u16,
    /// Rust function name of the registered command.
    #[serde(borrow)]
    pub name: &'a str,
    /// Postcard-serialized `postcard_schema::schema::NamedType` for the
    /// argument tuple. Opaque bytes; decode with `postcard_schema` on the host.
    #[serde(borrow)]
    pub args_schema: &'a [u8],
    /// Postcard-serialized `postcard_schema::schema::NamedType` for the
    /// return type.
    #[serde(borrow)]
    pub ret_schema: &'a [u8],
    /// Comma-separated argument names, e.g. `"a,b"` for `fn foo(a: i32, b: i32)`.
    /// Empty string for zero-argument commands.
    #[serde(borrow)]
    pub arg_names: &'a str,
}

// ---------------------------------------------------------------------------
// Discovery paging types (CmdID 0x0000 with offset-based pagination)
// ---------------------------------------------------------------------------

/// Request payload for the Command Discovery Protocol when pagination is needed.
///
/// Empty `args` (legacy) is treated as `DiscoveryRequest { offset: 0 }` by
/// the firmware for backward compatibility. Non-empty args must deserialize
/// to this type.
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
pub struct DiscoveryRequest {
    /// Index of the first entry to include in this response page.
    pub offset: u16,
}

/// Response payload for a paged Command Discovery Protocol response.
///
/// `entries` carries a raw postcard sequence: `varint(count) ++ DiscoveryEntry × count`.
/// The host iterates pages until `offset + count_this_page >= total`.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DiscoveryPage<'a> {
    /// Total number of registered commands (across all pages).
    pub total: u16,
    /// Offset this page starts at (echoes the request's `offset` field).
    pub offset: u16,
    /// Serialized `varint(count) ++ DiscoveryEntry × count` for entries in
    /// this page. Opaque to this crate; parse with `postcard::take_from_bytes`.
    #[serde(borrow)]
    pub entries: &'a [u8],
}

// ---------------------------------------------------------------------------
// AppError payload
// ---------------------------------------------------------------------------

/// Payload carried inside a [`Response`] when `status == ResponseStatus::AppError`.
///
/// Encoded as postcard `(varint(code), varint(len), len-bytes UTF-8 message)`.
/// Borrows the message slice from the receive buffer for zero-copy decode on
/// targets that cannot allocate.
///
/// # Wire layout
///
/// | Field | Type | Encoding |
/// |-------|------|----------|
/// | `code` | `u16` | postcard varint (1–3 bytes) |
/// | `message` | `&str` | postcard varint(len) + UTF-8 bytes |
///
/// The `code` namespace is application-defined. Reserve `0` as a catch-all
/// "unspecified application error" when no finer classification is needed.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct AppErrorPayload<'a> {
    /// Application-defined error code.
    pub code: u16,
    /// Human-readable error message, borrowed from the receive buffer.
    #[serde(borrow)]
    pub message: &'a str,
}

/// Encode an [`AppErrorPayload`] into `out`, returning the number of bytes written.
///
/// # Errors
///
/// Returns [`WireError::SerdeError`] if the payload does not fit in `out`.
pub fn encode_app_error(payload: &AppErrorPayload<'_>, out: &mut [u8]) -> Result<usize, WireError> {
    let written = postcard::to_slice(payload, out)?;
    Ok(written.len())
}

/// Decode an [`AppErrorPayload`] from `bytes`, borrowing the message slice.
///
/// # Errors
///
/// Returns [`WireError::SerdeError`] if `bytes` is malformed.
pub fn decode_app_error(bytes: &[u8]) -> Result<AppErrorPayload<'_>, WireError> {
    Ok(postcard::from_bytes(bytes)?)
}

// ---------------------------------------------------------------------------
// WireError
// ---------------------------------------------------------------------------

/// Errors that can arise during wire-level encoding or decoding.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum WireError {
    /// Payload exceeded [`MAX_PAYLOAD_SIZE`].
    PayloadTooLarge,
    /// postcard serialization / deserialization failed; carries the underlying cause.
    SerdeError(postcard::Error),
    /// A reserved or unknown packet type discriminant was received.
    UnknownPacketType,
    /// The framing delimiter was encountered in an unexpected position.
    FramingError,
}

impl From<postcard::Error> for WireError {
    fn from(e: postcard::Error) -> Self {
        WireError::SerdeError(e)
    }
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn packet_type_discriminants() {
        assert_eq!(PacketType::Request as u8, 0x01);
        assert_eq!(PacketType::Response as u8, 0x02);
    }

    #[test]
    fn response_status_discriminants() {
        assert_eq!(ResponseStatus::Ok as u8, 0x00);
        assert_eq!(ResponseStatus::AppError as u8, 0x01);
        assert_eq!(ResponseStatus::SystemError as u8, 0x02);
    }

    #[test]
    fn cmd_id_discovery_is_zero() {
        assert_eq!(CMD_ID_DISCOVERY, 0x0000);
    }

    #[test]
    fn max_payload_size() {
        assert_eq!(MAX_PAYLOAD_SIZE, 256);
    }

    #[test]
    fn wire_error_from_postcard_error() {
        let pe = postcard::from_bytes::<u32>(&[]).unwrap_err();
        let we: WireError = pe.clone().into();
        assert_eq!(we, WireError::SerdeError(pe));
    }

    #[test]
    fn app_error_payload_roundtrip() {
        let original = AppErrorPayload {
            code: 42,
            message: "sensor not ready",
        };
        let mut buf = [0u8; 64];
        let n = encode_app_error(&original, &mut buf).expect("encode failed");
        let decoded = decode_app_error(&buf[..n]).expect("decode failed");
        assert_eq!(decoded.code, original.code);
        assert_eq!(decoded.message, original.message);
    }

    #[test]
    fn app_error_payload_wire_layout() {
        // code=42 (0x2A, 1 varint byte), message="hi" (len=2, bytes 0x68 0x69)
        let payload = AppErrorPayload {
            code: 42,
            message: "hi",
        };
        let mut buf = [0u8; 16];
        let n = encode_app_error(&payload, &mut buf).expect("encode failed");
        assert_eq!(&buf[..n], &[0x2A, 0x02, b'h', b'i']);
    }

    #[test]
    fn app_error_payload_buffer_too_small() {
        let payload = AppErrorPayload {
            code: 42,
            message: "hi",
        };
        let mut buf = [0u8; 2]; // too small (needs 4 bytes)
        let err = encode_app_error(&payload, &mut buf).unwrap_err();
        assert!(matches!(err, WireError::SerdeError(_)));
    }
}