fix: prevent crash on boot in airplane mode (#218)

* fix: prevent crash on boot in airplane mode

Strimma crashed on every boot when the device had no network. The foreground
service entered an infinite restart loop because Ktor's CIO engine surfaces
DNS lookup failures as `java.nio.channels.UnresolvedAddressException`, which
extends `IllegalArgumentException` — NOT `IOException`. The 14 catch blocks
across the five HTTP-touching clients only caught `IOException`, so the
exception escaped the coroutine launched by `SyncOrchestrator.start()` on
`Dispatchers.Main` and killed the process.

Widen the catch in every HTTP-touching client to `Exception` (with
`@Suppress("TooGenericExceptionCaught")` and a rationale comment), preserving
the more specific `SerializationException` / `SQLiteException` catches above
it for differentiated error logging. Affects:

- NightscoutClient.kt (4 sites)
- NightscoutPuller.kt (1 site)
- TreatmentSyncer.kt (2 sites)
- LibreLinkUpClient.kt (4 sites)
- TidepoolClient.kt (3 sites)

Add regression tests using Ktor `MockEngine` to throw
`UnresolvedAddressException` directly from the request handler and assert
each client surfaces the failure as a return value (or, for `fetchTreatments`,
rethrows for the caller to catch) rather than propagating uncaught.

Verified on device: with airplane mode on, Strimma now boots cleanly into
the foreground notification instead of looping fatal restarts.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* refactor: address review feedback for airplane-mode crash fix

Extract `withNetworkBoundary` helper consolidating the catch policy across
12 of 14 sites. The two exceptions stay manual: TreatmentSyncer.syncSince
keeps per-type IntegrationStatus.Error differentiation (Sync failed / DB
error / network), and NightscoutClient.fetchTreatments keeps the rethrow
contract that callers depend on.

Add CoroutineExceptionHandler to StrimmaService.scope, NightscoutPusher.scope,
and TidepoolUploader.scope as defense in depth — anything that escapes the
leaf catches now logs and is swallowed instead of crashing the foreground
service. The leaf catches stay as primary mechanism; the handlers are the belt.

Include the exception class name in every catch log so a real programming bug
(NPE, ISE, IAE) is distinguishable from a transient network failure when
triaging from DebugLog.

Fix LibreLinkUpClient and TidepoolClient test seams: both now close the
production CIO HttpClient before swapping in the MockEngine-backed test client
(consistent with NightscoutClient — previously TidepoolClient leaked one CIO
engine per test instance).

Add airplane-mode regression tests:
- LibreLinkUpClientAirplaneModeTest (4 tests covering all widened catches)
- NightscoutPullerAirplaneModeTest (1 test, throwing FakeClient)
- TreatmentSyncerAirplaneModeTest (1 test using airplane-mode NightscoutClient)
- TidepoolClientAirplaneModeTest.createDataset (3rd test, closes the matrix)

Replace nested runBlocking + assertThrows with try/catch + fail() in the
fetchTreatments rethrow test (assertFailsWith would need kotlin-test on the
classpath).

Net diff: +146 / -269 lines.

Punted to follow-up: moving SyncOrchestrator off Dispatchers.Main onto a
dedicated IO scope. Independent of the changes here.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: psjostrom

app/src/main/java/com/psjostrom/strimma/network/LibreLinkUpClient.kt

@@ -11,11 +11,8 @@ import io.ktor.http.*
 import io.ktor.serialization.kotlinx.json.*
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.SerializationException
 import kotlinx.serialization.json.Json
-import java.io.IOException
 import java.security.MessageDigest
-import kotlin.coroutines.cancellation.CancellationException
 import javax.inject.Inject
 import javax.inject.Singleton
 
@@ -117,7 +114,7 @@ class LibreLinkUpClient @Inject constructor() {
 
     private val json = Json { ignoreUnknownKeys = true }
 
-    private val client = HttpClient(CIO) {
+    private var client = HttpClient(CIO) {
         install(HttpTimeout) {
             requestTimeoutMillis = REQUEST_TIMEOUT_MS
             socketTimeoutMillis = SOCKET_TIMEOUT_MS
@@ -127,6 +124,16 @@ class LibreLinkUpClient @Inject constructor() {
         }
     }
 
+    /**
+     * Test seam: replaces the production CIO client with a [MockEngine]-backed one.
+     * The default client is constructed by the primary constructor and immediately
+     * closed here so its engine threads/selectors don't leak per test run.
+     */
+    internal constructor(testClient: HttpClient) : this() {
+        client.close()
+        client = testClient
+    }
+
     private fun lluHeaders(session: LluSession? = null): HeadersBuilder.() -> Unit = {
         append("product", PRODUCT)
         append("version", CLIENT_VERSION)
@@ -146,22 +153,14 @@ class LibreLinkUpClient @Inject constructor() {
         baseUrl: String = DEFAULT_BASE_URL,
         allowRedirect: Boolean = true
     ): LluSession? {
-        return try {
+        return withNetworkBoundary<LluSession?>(label = "LLU login", onError = { null }) {
             val response = client.post("$baseUrl/llu/auth/login") {
                 headers(lluHeaders())
                 setBody(LluLoginRequest(email, password))
             }
 
             val loginResponse = response.body<LluLoginResponse>()
             parseLoginResponse(loginResponse, email, password, baseUrl, allowRedirect)
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            DebugLog.log(message = "LLU login error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
-        } catch (e: SerializationException) {
-            DebugLog.log(message = "LLU login parse error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
         }
     }
 
@@ -203,50 +202,35 @@ class LibreLinkUpClient @Inject constructor() {
     }
 
     suspend fun getConnections(session: LluSession): List<LluConnection>? {
-        return try {
+        return withNetworkBoundary<List<LluConnection>?>(label = "LLU connections", onError = { null }) {
             val response = client.get("${session.baseUrl}/llu/connections") {
                 headers(lluHeaders(session))
             }
             if (!response.status.isSuccess()) {
                 DebugLog.log(message = "LLU connections HTTP ${response.status.value}")
-                return null
+                return@withNetworkBoundary null
             }
             response.body<LluConnectionsResponse>().data
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            DebugLog.log(message = "LLU connections error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
-        } catch (e: SerializationException) {
-            DebugLog.log(message = "LLU connections parse error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
         }
     }
 
     suspend fun getGraph(session: LluSession, patientId: String): LluGraphData? {
-        return try {
+        return withNetworkBoundary<LluGraphData?>(label = "LLU graph", onError = { null }) {
             val response = client.get("${session.baseUrl}/llu/connections/$patientId/graph") {
                 headers(lluHeaders(session))
             }
             if (!response.status.isSuccess()) {
                 DebugLog.log(message = "LLU graph HTTP ${response.status.value}")
-                return null
+                return@withNetworkBoundary null
             }
             response.body<LluGraphResponse>().data
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            DebugLog.log(message = "LLU graph error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
-        } catch (e: SerializationException) {
-            DebugLog.log(message = "LLU graph parse error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
         }
     }
 
     @Suppress("CyclomaticComplexMethod") // 10-region lookup is inherently branchy
-    private suspend fun resolveRegionUrl(baseUrl: String, region: String): String? {
-        return try {
+    @androidx.annotation.VisibleForTesting
+    internal suspend fun resolveRegionUrl(baseUrl: String, region: String): String? {
+        return withNetworkBoundary<String?>(label = "LLU region resolve", onError = { null }) {
             val response = client.get("$baseUrl/llu/config/country?country=DE") {
                 headers(lluHeaders())
             }
@@ -266,14 +250,6 @@ class LibreLinkUpClient @Inject constructor() {
                 else -> null
             }
             regionDef?.lslApi?.takeIf { it.isNotBlank() }
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            DebugLog.log(message = "LLU region resolve error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
-        } catch (e: SerializationException) {
-            DebugLog.log(message = "LLU region resolve parse error: ${e.message?.take(NightscoutClient.MAX_ERROR_LENGTH)}")
-            null
         }
     }
 

app/src/main/java/com/psjostrom/strimma/network/NetworkBoundary.kt

@@ -0,0 +1,41 @@
+package com.psjostrom.strimma.network
+
+import com.psjostrom.strimma.receiver.DebugLog
+import kotlin.coroutines.cancellation.CancellationException
+
+private const val MAX_LOG_LENGTH = 80
+
+/**
+ * Wraps an HTTP/network call with the project's standard catch policy:
+ *
+ *  - `CancellationException` propagates so structured concurrency stays intact.
+ *  - Any other `Exception` is logged (with class name and message) and converted
+ *    to a return value via [onError].
+ *
+ * The broad catch is mandatory, not a smell. Ktor's CIO engine surfaces
+ * airplane-mode DNS failures as `UnresolvedAddressException`, which extends
+ * `IllegalArgumentException` rather than `IOException` — a narrower catch lets
+ * these escape the foreground-service scope and crash the process.
+ *
+ * The exception class name is included in the log so a real programming bug
+ * (NPE, ISE, IAE) is distinguishable from a transient network failure when
+ * triaging from `DebugLog`.
+ *
+ * Use [onError] to return a default (`{ false }`, `{ null }`,
+ * `{ Result.failure(it) }`) or to rethrow (`{ throw it }`).
+ */
+internal suspend inline fun <T> withNetworkBoundary(
+    label: String,
+    onError: (Exception) -> T,
+    block: () -> T,
+): T = try {
+    block()
+} catch (e: CancellationException) {
+    throw e
+} catch (
+    @Suppress("TooGenericExceptionCaught")
+    e: Exception
+) {
+    DebugLog.log("$label error [${e.javaClass.simpleName}]: ${e.message?.take(MAX_LOG_LENGTH)}")
+    onError(e)
+}

app/src/main/java/com/psjostrom/strimma/network/NightscoutClient.kt

@@ -24,7 +24,6 @@ import java.time.Instant
 import java.time.ZoneOffset
 import java.time.format.DateTimeFormatter
 import java.time.format.DateTimeParseException
-import kotlin.coroutines.cancellation.CancellationException
 import javax.inject.Inject
 import javax.inject.Singleton
 
@@ -131,7 +130,10 @@ open class NightscoutClient @Inject constructor() {
         val hashedSecret = hashSecret(apiSecret)
         val statusUrl = "${normalizeUrl(baseUrl)}/api/v1/status.json"
 
-        return try {
+        return withNetworkBoundary(
+            label = "Connection test",
+            onError = { ConnectionTestResult(false, error = it.message?.take(MAX_ERROR_LENGTH) ?: "Connection failed") }
+        ) {
             val response = client.get(statusUrl) { header("api-secret", hashedSecret) }
             if (response.status.isSuccess()) {
                 val body = response.bodyAsText()
@@ -140,24 +142,12 @@ open class NightscoutClient @Inject constructor() {
                         .jsonObject["settings"]
                         ?.jsonObject?.get("customTitle")
                         ?.jsonPrimitive?.contentOrNull
-                } catch (_: kotlinx.serialization.SerializationException) { null }
+                } catch (_: SerializationException) { null }
                   catch (_: IllegalArgumentException) { null }
                 ConnectionTestResult(true, serverName = name)
             } else {
                 ConnectionTestResult(false, error = "HTTP ${response.status.value}")
             }
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Connection test error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            ConnectionTestResult(false, error = e.message?.take(MAX_ERROR_LENGTH) ?: "Connection failed")
-        } catch (e: SerializationException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Connection test parse error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            ConnectionTestResult(false, error = e.message?.take(MAX_ERROR_LENGTH) ?: "Connection failed")
         }
     }
 
@@ -179,7 +169,7 @@ open class NightscoutClient @Inject constructor() {
             )
         }
 
-        return try {
+        return withNetworkBoundary(label = "Push", onError = { false }) {
             val fullUrl = "${normalizeUrl(baseUrl)}/api/v1/entries"
             val response = client.post(fullUrl) {
                 contentType(ContentType.Application.Json)
@@ -192,18 +182,6 @@ open class NightscoutClient @Inject constructor() {
                 )
             }
             response.status.isSuccess()
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Push error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            false
-        } catch (e: SerializationException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Push serialize error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            false
         }
     }
 
@@ -219,7 +197,7 @@ open class NightscoutClient @Inject constructor() {
         val hashedSecret = hashSecret(apiSecret)
         val fullUrl = buildFetchUrl(baseUrl, since, count, before)
 
-        return try {
+        return withNetworkBoundary<List<NightscoutEntryResponse>?>(label = "Fetch", onError = { null }) {
             val response = client.get(fullUrl) {
                 header("api-secret", hashedSecret)
             }
@@ -231,18 +209,6 @@ open class NightscoutClient @Inject constructor() {
             } else {
                 response.body<List<NightscoutEntryResponse>>()
             }
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Fetch error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            null
-        } catch (e: SerializationException) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Fetch parse error: ${e.message?.take(MAX_ERROR_LENGTH)}"
-            )
-            null
         }
     }
 
@@ -258,58 +224,46 @@ open class NightscoutClient @Inject constructor() {
         val sinceIso = isoFormatter.format(Instant.ofEpochMilli(since))
         val fullUrl = "${normalizeUrl(baseUrl)}/api/v1/treatments.json?find[created_at][\$gte]=$sinceIso&count=$count"
 
-        val response = try {
-            client.get(fullUrl) { header("api-secret", hashedSecret) }
-        } catch (e: CancellationException) {
-            throw e
-        } catch (e: IOException) {
-            debugLogAndRethrow(e, "Treatments fetch error: ${e.message?.take(MAX_ERROR_LENGTH)}")
-        }
-
-        if (response.status.value == HTTP_NOT_FOUND) {
-            com.psjostrom.strimma.receiver.DebugLog.log(
-                message = "Treatments: 404 — server doesn't support treatments"
-            )
-            return emptyList()
-        }
-        if (!response.status.isSuccess()) {
-            debugLogAndRethrow(
-                IOException("HTTP ${response.status.value}"),
-                "Treatments HTTP ${response.status.value}: $fullUrl"
-            )
-        }
+        return withNetworkBoundary<List<Treatment>>(label = "Treatments fetch", onError = { throw it }) {
+            val response = client.get(fullUrl) { header("api-secret", hashedSecret) }
 
-        val nsTreatments = try {
-            response.body<List<NightscoutTreatment>>()
-        } catch (e: SerializationException) {
-            debugLogAndRethrow(e, "Treatments parse error: ${e.message?.take(MAX_ERROR_LENGTH)}")
-        }
+            if (response.status.value == HTTP_NOT_FOUND) {
+                com.psjostrom.strimma.receiver.DebugLog.log(
+                    message = "Treatments: 404 — server doesn't support treatments"
+                )
+                return@withNetworkBoundary emptyList()
+            }
+            if (!response.status.isSuccess()) {
+                // IOException message is short ("HTTP 500") so callers can pattern-match on it;
+                // the helper logs class name + message, so URL detail goes in a separate log line.
+                com.psjostrom.strimma.receiver.DebugLog.log(
+                    message = "Treatments HTTP ${response.status.value}: $fullUrl"
+                )
+                throw IOException("HTTP ${response.status.value}")
+            }
 
-        val now = System.currentTimeMillis()
-        return nsTreatments.mapNotNull { ns ->
-            val createdAtStr = ns.createdAt ?: return@mapNotNull null
-            val eventType = ns.eventType ?: return@mapNotNull null
-            val createdAtMs = parseIsoTimestamp(createdAtStr) ?: return@mapNotNull null
-            val id = ns.id ?: generateTreatmentId(createdAtStr, eventType, ns.insulin, ns.carbs)
-            Treatment(
-                id = id,
-                createdAt = createdAtMs,
-                eventType = eventType,
-                insulin = ns.insulin,
-                carbs = ns.carbs,
-                basalRate = ns.absolute,
-                duration = ns.duration,
-                enteredBy = ns.enteredBy,
-                fetchedAt = now
-            )
+            val nsTreatments = response.body<List<NightscoutTreatment>>()
+            val now = System.currentTimeMillis()
+            nsTreatments.mapNotNull { ns ->
+                val createdAtStr = ns.createdAt ?: return@mapNotNull null
+                val eventType = ns.eventType ?: return@mapNotNull null
+                val createdAtMs = parseIsoTimestamp(createdAtStr) ?: return@mapNotNull null
+                val id = ns.id ?: generateTreatmentId(createdAtStr, eventType, ns.insulin, ns.carbs)
+                Treatment(
+                    id = id,
+                    createdAt = createdAtMs,
+                    eventType = eventType,
+                    insulin = ns.insulin,
+                    carbs = ns.carbs,
+                    basalRate = ns.absolute,
+                    duration = ns.duration,
+                    enteredBy = ns.enteredBy,
+                    fetchedAt = now
+                )
+            }
         }
     }
 
-    private fun debugLogAndRethrow(error: Throwable, message: String): Nothing {
-        com.psjostrom.strimma.receiver.DebugLog.log(message = message)
-        throw error
-    }
-
     private fun parseIsoTimestamp(iso: String): Long? {
         return try {
             java.time.OffsetDateTime.parse(iso).toInstant().toEpochMilli()