Description
Implement the Android/Desktop client transport selection required by meshtastic/design#123 and meshtastic/firmware#10972.
When the connected local radio is licensed, every remote Admin getter, session request, and mutation must use channel 0 with pki_encrypted=false and an empty packet public key. Firmware then signs and authorizes the plaintext packet using existing XEdDSA. Normal-mode remote Admin behavior remains unchanged.
Scope
- Update the central
CommandSenderImpl Admin channel/packet selection, not each Admin command individually.
- Determine licensed mode from the connected local node's
User.is_licensed; never infer it from the destination callsign/licensed bit.
- Apply the same policy to
sendAdmin, sendAdminAwait, metadata/session refresh, and all flows that use buildAdminPacket.
- Preserve self Admin behavior.
- Preserve existing normal-mode PKI selection when local and destination keys are available.
- Do not display an encryption lock for licensed Admin; use verified-signature semantics only after firmware verification.
Acceptance criteria
- Licensed local → remote Admin uses channel 0,
pki_encrypted=false, and empty public key even when both nodes have keys.
- Non-licensed local with both keys retains existing PKI Admin behavior.
- Self Admin remains unchanged.
- Missing local owner state follows existing compatibility behavior rather than assuming licensed mode.
- Tests cover getter, session request, mutation, normal-mode regression, self, and unknown local mode.
- PR remains draft until paired two-radio validation with firmware#10972 proves plaintext readable Admin request/reply and successful signed authorization.
Dependencies
Description
Implement the Android/Desktop client transport selection required by meshtastic/design#123 and meshtastic/firmware#10972.
When the connected local radio is licensed, every remote Admin getter, session request, and mutation must use channel 0 with
pki_encrypted=falseand an empty packet public key. Firmware then signs and authorizes the plaintext packet using existing XEdDSA. Normal-mode remote Admin behavior remains unchanged.Scope
CommandSenderImplAdmin channel/packet selection, not each Admin command individually.User.is_licensed; never infer it from the destination callsign/licensed bit.sendAdmin,sendAdminAwait, metadata/session refresh, and all flows that usebuildAdminPacket.Acceptance criteria
pki_encrypted=false, and empty public key even when both nodes have keys.Dependencies