feat: telemetry parsing, direct messages, danger zone, and UX improvements

[Yeraze]

Summary

• Fix environment telemetry parsing to properly capture temperature, humidity, and pressure data
• Prevent telemetry data pollution from NodeInfo packets during refresh
• Isolate direct messages from channels with proper channel=-1 handling
• Preserve node names across non-NODEINFO packet updates
• Add Settings danger zone for data purge operations
• Improve UI notifications and reduce console spam

Key Changes

Telemetry Fixes

• Fix environment telemetry parsing: Access deviceMetrics, environmentMetrics, powerMetrics fields directly instead of using incorrect variant.case structure
• Stop telemetry pollution from NodeInfo: Only save telemetry from TELEMETRY_APP packets, not from node refresh packets
• Preserve current node states: Battery/voltage displayed in UI while historical data is properly tracked

Direct Message Isolation

• Channel -1 for DMs: Direct messages (non-broadcast) now use channel=-1 to separate them from channel messages
• Filter channel list: Channel -1 no longer appears in the Channels tab
• Proper DM retrieval: getDMMessages now explicitly filters for channel=-1
• Better logging: Distinguish between direct and channel messages in logs

Node Name Preservation

• Prevent name overwrites: Only update technical fields (SNR/RSSI/lastHeard) from MeshPackets
• Names from NODEINFO only: Node names like "Yeraze Mobile" only updated from NODEINFO packets
• Traceroute handling: Check if node exists before updating to avoid overwriting names

Danger Zone (Settings)

• Erase Node List: Purges all nodes + traceroutes, triggers refresh
• Purge Telemetry: Removes all historical telemetry data
• Purge Messages: Deletes all channel and DM messages
• Each action requires confirmation with impact explanation
• Styled with red borders and warning indicators

UX Improvements

• Remove console spam: Eliminated constant "Map render" and "Node X hops" logs
• DM notifications: Messages tab now shows unread badge for direct messages (channel -1)
• Channels tab badge fix: Excludes DM unread count from Channels tab badge
• Auto-clear DM badge: Switching to Messages tab clears the DM unread count

Test Plan

• ✅ Verify environment telemetry appears in graphs for nodes like "KE4JQ G2 Base"
• ✅ Confirm direct messages only appear in DM conversations, not Primary channel
• ✅ Check node names persist correctly (e.g., "Yeraze Mobile" doesn't revert to ID)
• ✅ Test danger zone buttons with confirmation dialogs
• ✅ Verify console is clean without constant logging
• ✅ Confirm DM notification badge works correctly

🤖 Generated with Claude Code

[claude]

Claude finished @Yeraze's task —— View job

---

PR Code Review ✅

I've completed my comprehensive review of this PR. Here's my analysis:

Overall Assessment

This is a well-structured PR that addresses several important issues in the Meshtastic mesh monitoring system. The changes are focused and implement proper isolation between different types of data and messages.

Code Quality & Best Practices ⭐⭐⭐⭐⭐

Strengths:

• Excellent separation of concerns: Telemetry data is now properly isolated from NodeInfo packets
• Proper channel handling: Direct messages are correctly isolated using channel -1
• Good error handling: Comprehensive try-catch blocks with descriptive logging
• Clear documentation: Comments explain the reasoning behind changes
• Consistent naming: Variables and functions follow established patterns

Areas for improvement:

• Console logging: Could be reduced in production (though noted in PR description)
• TypeScript types: Some any types could be more specific
• Function length: Some functions in meshtasticManager.ts are quite long and could benefit from extraction

Security Assessment 🔒

Danger Zone Implementation:

The danger zone operations in App.tsx and server.ts are properly implemented:

• ✅ Confirmation dialogs with clear impact descriptions
• ✅ Server-side validation with explicit endpoints
• ✅ No client-side only operations - all dangerous operations go through the server
• ✅ Clear user feedback about what will be deleted
• ✅ Appropriate styling with red borders and warning indicators

Security Concerns Found:

❌ Environment variable exposure: In server.ts:494-496, the server exposes the Meshtastic node IP through /api/config. While this may be intentional for configuration, consider if this should be restricted.

// Potentially sensitive endpoint
app.get('/api/config', (_req, res) => {
  res.json({
    meshtasticNodeIp: process.env.MESHTASTIC_NODE_IP || '192.168.1.100', // Exposes internal network info
    meshtasticUseTls: process.env.MESHTASTIC_USE_TLS === 'true'
  });
});

Potential Bugs 🐛

Critical Issues:

1. Missing validation in purge endpoints (server.ts:585-615): The purge endpoints don't validate request body or require additional confirmation.

2. Race condition potential in App.tsx:484-520: The unread count logic could have race conditions when messages arrive during channel switching.

3. Database transaction safety (database.ts:895-909): Purge operations should use transactions to ensure atomicity.

Minor Issues:

1. BigInt handling: The JSON replacer override in server.ts:22-29 globally modifies JSON.stringify which could affect other parts of the application.

2. Hardcoded timeout values: Several magic numbers for timeouts that should be configurable.

Performance Considerations ⚡

Positive aspects:

• ✅ Proper database indexing
• ✅ Efficient message filtering
• ✅ Limited query results with proper pagination

Potential improvements:

1. Database queries: Some queries in database.ts could benefit from prepared statements being cached
2. Memory usage: Large message arrays could grow unbounded in the frontend
3. Polling frequency: 5-second intervals might be excessive for large networks

Technical Implementation Analysis 🔧

Telemetry Parsing Fix (meshtasticManager.ts:832-936):

Excellent fix - The change from variant.case structure to direct field access is correct:

// Before (incorrect):
if (telemetry.variant?.case === 'deviceMetrics') 

// After (correct):
if (telemetry.deviceMetrics)

Direct Message Isolation (meshtasticManager.ts:693-695):

Well implemented - Using channel -1 for DMs is a clean solution:

const isDirectMessage = toNum !== 4294967295;
const channelIndex = isDirectMessage ? -1 : (meshPacket.channel !== undefined ? meshPacket.channel : 0);

Node Name Preservation:

Good approach - Only updating technical fields from MeshPackets while preserving names from NODEINFO packets prevents data corruption.

Test Coverage 📋

Missing test coverage:

• ❌ No automated tests for telemetry parsing changes
• ❌ No tests for DM isolation logic
• ❌ No tests for danger zone operations
• ❌ No integration tests for the complete message flow

Recommended tests:

1. Unit tests for telemetry parsing with different protobuf structures
2. Integration tests for message channel routing
3. Security tests for purge operations
4. Performance tests for large node networks

Recommendations 📝

Immediate fixes needed:

1. Add request validation to purge endpoints
2. Wrap purge operations in database transactions
3. Consider restricting the /api/config endpoint

Future improvements:

1. Add comprehensive test suite
2. Implement configurable timeouts
3. Add rate limiting to prevent API abuse
4. Consider using environment-specific logging levels

Verdict ✅

This PR addresses critical functionality issues and is ready for merge with the immediate security fixes noted above. The telemetry parsing and DM isolation improvements are solid and will significantly improve the application's reliability.

Recommendation: Merge after addressing the purge endpoint validation concern.