penv setup moved in platform

[Jason2866]

Checklist:

• The pull request is done against the latest develop branch
• Only relevant files were touched
• Only one feature/fix was added per PR, more changes are allowed when changing boards.json
• I accept the CLA

Summary by CodeRabbit

• New Features

  • Enhanced Arduino build flow: automatic component restore, Windows include-path shortening, and delegated Arduino‑IDF library build when Arduino is selected without ESP‑IDF.
  • Minimal virtualenv setup path and support for loading board‑specific configuration scripts; new centralized Python/env setup API.

• Improvements

  • Centralized Python/esptool environment across install/build flows, per‑package installs, longer timeouts, clearer logging and stronger error handling.
  • ESP‑IDF: board‑specific sdkconfig generation, improved sdkconfig composition, version-aware linker preprocessing, and framework version normalization.
  • Platform package and tool versions updated; example SDK config entries adjusted.

• Chores

  • Import reorders and comment/header wording refinements.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Centralizes Python penv setup via platform.setup_python_env, adds dynamic board-script loading, extends Arduino build path to initialize ComponentManager (register restore), optionally installs Windows include-length middleware, and delegates Arduino IDF lib builds to a new pioarduino-build.py SConscript.

Changes

Cohort / File(s)	Summary
Penv setup & helpers builder/penv_setup.py	Added setup_penv_minimal, _setup_python_environment_core, _setup_pipenv_minimal, _install_esptool_from_tl_install, _setup_certifi_env; introduced dual minimal vs SCons flows, per-package installs, longer timeouts, certifi propagation, socket-based internet check, and clearer error handling.
Platform integration & penv API platform.py	Added setup_python_env(self, env) and dynamic loading of penv_setup; stores _penv_python and _esptool_path, threads penv_python through _run_idf_tools_install/_install_with_idf_tools, and invokes minimal penv setup early in configure_default_packages.
Builder entry & board scripts builder/main.py	Replaced inline env setup with platform.setup_python_env(env); added dynamic board-script loading (importlib.util), ensured INTEGRATION_EXTRA_DATA exists, and propagated penv-derived executables into SCons env (mkfstool naming adjusted).
Arduino build orchestration builder/frameworks/arduino.py	When Arduino chosen without ESP-IDF and ARDUINO_LIB_COMPILE_FLAG permits: initialize ComponentManager, register its restore as a post-action, conditionally install Windows include-length shortening middleware, and delegate Arduino IDF lib building to pioarduino-build.py SConscript.
Component manager tweaks builder/frameworks/component_manager.py	Minor import reorder and comment/text tweaks in component YAML handling.
ESP-IDF build/config logic builder/frameworks/espidf.py	Added get_framework_version(), has_board_specific_config(), generate_board_specific_config(); expanded sdkconfig composition and board-derived flags, improved linker and bootloader preprocessing (changed preprocess_linker_file signature to accept config_dir and extra_include_dirs), and added ESP32 compatibility fixes.
Tool metadata updates platform.json	Bumped platform version and updated package versions/URLs for framework-arduinoespressif32, framework-arduinoespressif32-libs, framework-espidf, toolchains, and debugger packages.
Examples (sdkconfig adjustments) examples/arduino-blink/platformio.ini	Modified custom_sdkconfig for ESP32-S3 QIO_OPI_PER: removed some SPIRAM/CPU_FREQ options and added several IRAM/PSRAM/XIP/RODATA-related flags.
Docs / misc README.md, builder/*, builder/frameworks/*	Documentation string update to Arduino 3.3.2, and minor comment/import reorganizations across builder modules to align with centralized penv flows.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant Builder as builder/main.py
  participant Platform as Espressif32Platform
  participant Penv as builder/penv_setup.py
  participant Env as SConsEnv

  User->>Builder: start build
  Builder->>Platform: setup_python_env(env)
  alt core penv flow
    Platform->>Penv: _setup_python_environment_core(...)
    Penv-->>Platform: (penv_python, esptool_path)
  else minimal flow
    Platform->>Penv: setup_penv_minimal(...)
    Penv-->>Platform: (penv_python, esptool_path)
  end
  Platform-->>Builder: return penv paths
  Builder->>Env: inject PYTHON_EXE / tool paths
  note right of Builder: optional dynamic board script loading via importlib.util

Loading

sequenceDiagram
  autonumber
  participant Builder as builder/main.py
  participant Arduino as builder/frameworks/arduino.py
  participant CM as ComponentManager
  participant SConscript as pioarduino-build.py
  participant Win as WindowsMiddleware

  Builder->>Arduino: select Arduino framework (no ESP-IDF)
  Arduino->>CM: initialize ComponentManager()
  CM-->>Arduino: instance ready
  Arduino->>CM: register restore as post-action
  alt Windows && ARDUINO_LIB_COMPILE_FLAG
    Arduino->>Win: install include-length shortening middleware
  end
  Arduino->>SConscript: delegate to pioarduino-build.py
  SConscript-->>Builder: build Arduino IDF libs / continue build

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• Installation Issues on macOS Persist #308 — Centralizing penv and threading penv_python through install flows matches fixes for installation/runtime failures (macOS toolchain/install issues).

Possibly related PRs

• Enhance refactor #199 — Direct overlap with Arduino integration, ComponentManager initialization, and Windows include-path middleware changes.
• penv setup moved in platform #296 — Strongly related: centralizes penv setup and wires setup_penv_minimal through platform/penv modules, matching this change set.
• force explicit install of venv in .platformio folder #241 — Related refactor of virtualenv/penv creation and usage that aligns with the new platform.setup_python_env behavior.

Poem

In my burrow I hop and tidy every env,
Penvs snug like carrots stacked, each tool to lend.
Components wake, restore set tight and fair,
Windows trims long paths so includes fit there.
Build hops forward — tiny paws, big cheer! 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately reflects the core change of relocating the penv setup logic into the platform module and is concise and specific enough that a teammate reviewing the commit history will immediately understand the primary intent. It avoids vague wording or extraneous details while remaining directly tied to the substantive modifications in builder/penv_setup.py and platform.py.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e019ff and d9dbb00.

📒 Files selected for processing (1)

• README.md (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

builder/penv_setup.py (1)

421-491: Blocker: parameter name shadows function install_esptool (runtime TypeError)

The boolean parameter install_esptool shadows the install_esptool() function. At runtime the call install_esptool(...) will attempt to call a bool. Rename the parameter to avoid shadowing.

Apply:

-def _setup_python_environment_core(env, platform, platformio_dir, install_esptool=True):
+def _setup_python_environment_core(env, platform, platformio_dir, install_esptool_flag=True):
@@
-    # Install esptool after dependencies (if requested)
-    if install_esptool:
+    # Install esptool after dependencies (if requested)
+    if install_esptool_flag:
         if env is not None:
             # SCons version
-            install_esptool(env, platform, penv_python, uv_executable)
+            install_esptool(env, platform, penv_python, uv_executable)
         else:
             # Minimal version - install esptool from tl-install provided path
             _install_esptool_from_tl_install(platform, penv_python, uv_executable)

And forward the original flag name from call sites:

-def setup_penv_minimal(platform, platformio_dir, install_esptool=True):
+def setup_penv_minimal(platform, platformio_dir, install_esptool=True):
@@
-    return _setup_python_environment_core(None, platform, platformio_dir, install_esptool)
+    return _setup_python_environment_core(None, platform, platformio_dir, install_esptool)

(no signature change for setup_penv_minimal callers) and:

-def setup_python_environment(env, platform, platformio_dir):
+def setup_python_environment(env, platform, platformio_dir):
@@
-    return _setup_python_environment_core(env, platform, platformio_dir, install_esptool=True)
+    return _setup_python_environment_core(env, platform, platformio_dir, install_esptool_flag=True)

🧹 Nitpick comments (5)

builder/penv_setup.py (2)

493-549: Avoid shell=True; pass argv list to subprocess.run

shell=True isn’t needed here and triggers security linters. Use argv list to invoke venv creation.

-            cmd = f'"{sys.executable}" -m venv --clear "{penv_dir}"'
-            try:
-                subprocess.run(cmd, shell=True, check=True)
+            try:
+                subprocess.run([sys.executable, "-m", "venv", "--clear", penv_dir], check=True)
                 print(f"Created pioarduino Python virtual environment: {penv_dir}")

---

526-527: Don’t silently swallow exceptions

Catching bare Exception and pass hides actionable errors; at least log a short message.

-        except Exception:
-            pass
+        except Exception as e:
+            print(f"uv venv creation failed, falling back to python -m venv: {e}")

platform.py (3)

408-419: Type hints: use Optional[str] for nullable arguments

penv_python can be None; annotate as Optional[str] to satisfy linters and improve readability.

-from typing import Optional, Dict, List, Any, Union
+from typing import Optional, Dict, List, Any, Union
@@
-    def _run_idf_tools_install(self, tools_json_path: str, idf_tools_path: str, penv_python: str = None) -> bool:
+    def _run_idf_tools_install(self, tools_json_path: str, idf_tools_path: str, penv_python: Optional[str] = None) -> bool:

---

503-507: Same here: Optional[str]

Match the annotation in helper.

-    def _install_with_idf_tools(self, tool_name: str, paths: Dict[str, str], penv_python: str = None) -> bool:
+    def _install_with_idf_tools(self, tool_name: str, paths: Dict[str, str], penv_python: Optional[str] = None) -> bool:

---

524-540: Remove unused parameter penv_python

Parameter isn’t used in _handle_existing_tool; drop it and its call-site arg.

-    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str], penv_python: str = None) -> bool:
+    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str]) -> bool:
@@
-        if (status['has_idf_tools'] and status['has_piopm'] and
-                not status['has_tools_json']):
-            return self._handle_existing_tool(tool_name, paths, penv_python)
+        if (status['has_idf_tools'] and status['has_piopm'] and
+                not status['has_tools_json']):
+            return self._handle_existing_tool(tool_name, paths)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 85062ff and 7c18afd.

📒 Files selected for processing (6)

• builder/frameworks/arduino.py (1 hunks)
• builder/frameworks/component_manager.py (1 hunks)
• builder/frameworks/espidf.py (1 hunks)
• builder/main.py (2 hunks)
• builder/penv_setup.py (5 hunks)
• platform.py (7 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:192-194
Timestamp: 2025-08-26T14:53:03.852Z
Learning: Jason2866 prefers to trust the system for path handling in penv_setup.py and doesn't want additional path validation for security concerns around penv directory derivation, indicating confidence in the controlled environment and internal path generation.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/main.py
• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/main.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/main.py
• platform.py

🧬 Code graph analysis (2)

builder/main.py (1)

platform.py (1)

• setup_python_env (733-750)

platform.py (1)

builder/penv_setup.py (4)

• setup_python_environment (636-651)
• setup_penv_minimal (403-418)
• get_executable_path (74-81)
• install_esptool (342-400)

🪛 Ruff (0.13.1)

builder/penv_setup.py

517-517: subprocess call: check for execution of untrusted input

(S603)

---

526-527: try-except-pass detected, consider logging the exception

(S110)

---

526-526: Do not catch blind exception: Exception

(BLE001)

---

534-534: subprocess call with shell=True identified, security issue

(S602)

---

570-570: subprocess call: check for execution of untrusted input

(S603)

---

595-595: subprocess call: check for execution of untrusted input

(S603)

platform.py

408-408: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

---

503-503: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

---

524-524: Unused method argument: penv_python

(ARG002)

---

524-524: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

🔇 Additional comments (8)

builder/frameworks/component_manager.py (1)

17-17: Import reorder is fine

SafeLoader remains explicitly used below; no behavior change.

builder/frameworks/arduino.py (1)

25-29: Hashlib import usage LGTM

The new hashlib import is used by get_MD5_hash; import placement and usage are correct.

builder/frameworks/espidf.py (2)

27-33: Import reordering/aliasing looks good

Alias to sys_platform and reordered stdlib imports are harmless; no functional impact.

---

63-69: Dynamic import for penv_setup is correct

Loading penv_setup via importlib and wiring get_executable_path into this module is sound for SCons usage.

builder/main.py (1)

15-15: New dependency needed for dynamic board script load

importlib.util is appropriately added for board script loading.

platform.py (3)

48-54: Robust penv_setup import with fallback

Good defensive import path logic; keeps platform usable standalone.

---

733-751: Caching penv and propagating PYTHONEXE is correct

setup_python_env caches penv/python and returns paths; updating env ensures downstream tools use penv.

---

762-777: Early penv setup in configure_default_packages looks good

Doing penv first and storing paths enables consistent tool installs.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

platform.py (3)

408-415: Fix implicit Optional type hints to comply with PEP 484.

Implicit Optional is prohibited by PEP 484. It is confusing and inconsistent with the rest of the type system. It's recommended to use Optional[T] instead.

-    def _run_idf_tools_install(self, tools_json_path: str, idf_tools_path: str, penv_python: str = None) -> bool:
+    def _run_idf_tools_install(self, tools_json_path: str, idf_tools_path: str, penv_python: Optional[str] = None) -> bool:

Add the missing import at the top:

from typing import Optional, Dict, List, Any, Union

---

503-503: Fix implicit Optional type hint.

Implicit Optional is prohibited by PEP 484. It is confusing and inconsistent with the rest of the type system. It's recommended to use Optional[T] instead.

-    def _install_with_idf_tools(self, tool_name: str, paths: Dict[str, str], penv_python: str = None) -> bool:
+    def _install_with_idf_tools(self, tool_name: str, paths: Dict[str, str], penv_python: Optional[str] = None) -> bool:

---

524-524: Fix implicit Optional type hint.

The unused parameter warning is a false positive as the parameter maintains API consistency and may be used in future iterations of this method.

Implicit Optional is prohibited by PEP 484. It is confusing and inconsistent with the rest of the type system. It's recommended to use Optional[T] instead.

-    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str], penv_python: str = None) -> bool:
+    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str], penv_python: Optional[str] = None) -> bool:

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7c18afd and 46e0f5a.

📒 Files selected for processing (1)

• platform.py (7 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:192-194
Timestamp: 2025-08-26T14:53:03.852Z
Learning: Jason2866 prefers to trust the system for path handling in penv_setup.py and doesn't want additional path validation for security concerns around penv directory derivation, indicating confidence in the controlled environment and internal path generation.

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• platform.py

🧬 Code graph analysis (1)

platform.py (1)

builder/penv_setup.py (3)

• setup_penv_minimal (403-418)
• get_executable_path (74-81)
• install_esptool (342-400)

🪛 Ruff (0.13.1)

platform.py

408-408: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

---

503-503: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

---

524-524: Unused method argument: penv_python

(ARG002)

---

524-524: PEP 484 prohibits implicit Optional

Convert to Optional[T]

(RUF013)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: build (macos-15, examples/espidf-arduino-matter-light)
• GitHub Check: build (macos-15, examples/espidf-arduino-blink)
• GitHub Check: build (macos-15, examples/arduino-blink)
• GitHub Check: build (windows-latest, examples/espidf-http-request)
• GitHub Check: build (windows-latest, examples/espidf-hello-world)
• GitHub Check: build (windows-latest, examples/arduino-matter-light)
• GitHub Check: build (windows-latest, examples/tasmota)
• GitHub Check: build (windows-latest, examples/espidf-blink)
• GitHub Check: build (windows-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (windows-latest, examples/espidf-coap-server)
• GitHub Check: build (windows-latest, examples/espidf-exceptions)
• GitHub Check: build (windows-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (windows-latest, examples/arduino-wifiscan)
• GitHub Check: build (windows-latest, examples/arduino-rmt-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-http-request)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/tasmota)
• GitHub Check: build (ubuntu-latest, examples/arduino-wifiscan)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)

🔇 Additional comments (8)

platform.py (8)

30-33: Import reorganization looks good.

The addition of logging and shutil imports aligns well with the new filesystem safety utilities and logging functionality being introduced.

---

47-54: Well-structured fallback import pattern.

The try/except block with path insertion provides a clean fallback mechanism for standalone execution while prioritizing the expected import location.

---

120-192: Comprehensive filesystem safety utilities with proper error handling.

The decorator pattern and comprehensive filesystem utilities (file/directory operations with pattern matching) are well-implemented with appropriate logging and error boundaries. The use of pathlib throughout promotes modern Python practices.

---

414-416: Penv Python integration implemented correctly.

The fallback logic to system Python when penv_python is not available ensures backward compatibility while prioritizing the isolated environment approach.

---

488-490: Clean penv Python retrieval pattern.

Using getattr with a sensible default provides a clean way to access the stored penv Python path.

---

733-746: Clean integration with penv setup flow.

The setup_python_env method properly integrates with the centralized penv setup and provides a clean public API. The fallback logic ensures robustness while the warning helps identify configuration issues.

---

758-773: Well-orchestrated penv integration in configuration flow.

The early setup of the Python virtual environment using setup_penv_minimal is correctly positioned after the essential tools (installer and esptool) but before framework-specific configurations. The storage of both penv_python and esptool_path for later use is appropriate.

This aligns perfectly with the retrieved learnings about centralizing Python environment setup and works well with the minimal penv path design.

---

493-494: Proper penv propagation through tool installation pipeline.

The penv_python parameter is correctly propagated from install_tool → _install_with_idf_tools → _run_idf_tools_install, ensuring the isolated environment is used consistently throughout the tool installation process.

Also applies to: 505-507

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

builder/penv_setup.py (2)

186-339: Do not assume a uv binary exists inside the venv; add robust fallback to external uv or pip.

Today install_python_deps() only uses penv/bin/uv and then tries to “install uv into the venv” via uv pip install uv/pip install uv, which won’t produce a uv binary. On venvs created via python -m venv this path will fail, and subsequent calls to install_esptool() will also fail because uv_executable points to a non-existent file.

Refactor to:

• Prefer penv/bin/uv if present.
• Else use the used_uv_executable returned by venv creation.
• Else use shutil.which("uv").
• If no uv is found, fall back to python -m pip for both listing and installing deps.
• Stop attempting to “pip install uv”.

This keeps aligned with the project preference to trust system executables for fallbacks.

Apply:

@@
-    penv_uv_executable = get_executable_path(penv_dir, "uv")
-    
-    # Check if uv is available in the penv
-    uv_in_penv_available = False
-    try:
-        result = subprocess.run(
-            [penv_uv_executable, "--version"],
-            capture_output=True,
-            text=True,
-            timeout=10
-        )
-        uv_in_penv_available = result.returncode == 0
-    except (FileNotFoundError, subprocess.TimeoutExpired):
-        uv_in_penv_available = False
-    
-    # Install uv into penv if not available
-    if not uv_in_penv_available:
-        if external_uv_executable:
-            # Use external uv to install uv into the penv
-            try:
-                subprocess.check_call(
-                    [external_uv_executable, "pip", "install", "uv>=0.1.0", f"--python={python_exe}", "--quiet"],
-                    stdout=subprocess.DEVNULL,
-                    stderr=subprocess.STDOUT,
-                    timeout=120
-                )
-            except subprocess.CalledProcessError as e:
-                print(f"Error: uv installation failed with exit code {e.returncode}")
-                return False
-            except subprocess.TimeoutExpired:
-                print("Error: uv installation timed out")
-                return False
-            except FileNotFoundError:
-                print("Error: External uv executable not found")
-                return False
-            except Exception as e:
-                print(f"Error installing uv package manager into penv: {e}")
-                return False
-        else:
-            # No external uv available, use pip to install uv into penv
-            try:
-                subprocess.check_call(
-                    [python_exe, "-m", "pip", "install", "uv>=0.1.0", "--quiet"],
-                    stdout=subprocess.DEVNULL,
-                    stderr=subprocess.STDOUT,
-                    timeout=120
-                )
-            except subprocess.CalledProcessError as e:
-                print(f"Error: uv installation via pip failed with exit code {e.returncode}")
-                return False
-            except subprocess.TimeoutExpired:
-                print("Error: uv installation via pip timed out")
-                return False
-            except FileNotFoundError:
-                print("Error: Python executable not found")
-                return False
-            except Exception as e:
-                print(f"Error installing uv package manager via pip: {e}")
-                return False
+    penv_uv_executable = get_executable_path(penv_dir, "uv")
+    uv_cmd = penv_uv_executable if os.path.isfile(penv_uv_executable) else (external_uv_executable or shutil.which("uv"))
@@
-            cmd = [penv_uv_executable, "pip", "list", f"--python={python_exe}", "--format=json"]
+            if uv_cmd:
+                cmd = [uv_cmd, "pip", "list", f"--python={python_exe}", "--format=json"]
+            else:
+                cmd = [python_exe, "-m", "pip", "list", "--format=json"]
@@
-        cmd = [
-            penv_uv_executable, "pip", "install",
-            f"--python={python_exe}",
-            "--quiet", "--upgrade"
-        ] + packages_list
+        if uv_cmd:
+            cmd = [uv_cmd, "pip", "install", f"--python={python_exe}", "--quiet", "--upgrade"] + packages_list
+        else:
+            cmd = [python_exe, "-m", "pip", "install", "--quiet", "--upgrade"] + packages_list

Also add:

@@
-import subprocess
+import subprocess
+import shutil

at the imports block.

---

396-401: Catch FileNotFoundError when uv is missing during esptool install.

Currently only CalledProcessError is handled; missing uv raises FileNotFoundError and crashes.

-    except subprocess.CalledProcessError as e:
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
         sys.stderr.write(
-            f"Error: Failed to install esptool from {esptool_repo_path} (exit {e.returncode})\n"
+            f"Error: Failed to install esptool from {esptool_repo_path} ({e})\n"
         )
         sys.exit(1)

🧹 Nitpick comments (7)

builder/penv_setup.py (7)

466-469: Harden tool path resolution: fallback for esptool(.py) and uv.

• esptool entry can be esptool.py on some platforms.
• uv may not exist inside the venv; fallback to the creator used_uv_executable or PATH.

-    esptool_binary_path = get_executable_path(penv_dir, "esptool")
-    uv_executable = get_executable_path(penv_dir, "uv")
+    esptool_binary_path = get_executable_path(penv_dir, "esptool")
+    if not os.path.isfile(esptool_binary_path):
+        alt = get_executable_path(penv_dir, "esptool.py")
+        if os.path.isfile(alt):
+            esptool_binary_path = alt
+    uv_executable = get_executable_path(penv_dir, "uv")
+    if not os.path.isfile(uv_executable):
+        uv_executable = used_uv_executable or shutil.which("uv") or uv_executable

---

602-605: Minimal path: also handle missing uv gracefully.

Avoid breaking penv setup on hosts without uv.

-    except subprocess.CalledProcessError as e:
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
         print(f"Warning: Failed to install esptool from {esptool_repo_path} (exit {e.returncode})")
         # Don't exit - esptool installation is not critical for penv setup

---

61-71: Close sockets properly; prefer create_connection.

Avoid leaving sockets open and simplify error handling.

-    try:
-        socket.setdefaulttimeout(timeout)
-        socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect((host, port))
-        return True
-    except Exception:
-        return False
+    try:
+        with socket.create_connection((host, port), timeout=timeout):
+            return True
+    except OSError:
+        return False

---

37-38: Make GITHUB_ACTIONS a boolean to avoid truthy "false".

Environment values like "false" are truthy strings.

-github_actions = os.getenv('GITHUB_ACTIONS')
+github_actions = bool(os.getenv("GITHUB_ACTIONS"))

---

434-442: Remove duplicate Python version check (already enforced at import).

The second check is redundant; keep a single guard.

-    # Check Python version requirement
-    if sys.version_info < (3, 10):
-        sys.stderr.write(
-            f"Error: Python 3.10 or higher is required. "
-            f"Current version: {sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}\n"
-            f"Please update your Python installation.\n"
-        )
-        sys.exit(1)
+    # Python version is validated at import time.

---

526-527: Replace bare except/pass with minimal logging.

Silently swallowing errors makes debugging venv creation hard.

-        except Exception:
-            pass
+        except Exception as e:
+            print(f"Info: uv venv creation failed, falling back to python -m venv ({e})")

---

610-634: Certifi propagation looks good; consider also GIT_SSL_CAINFO.

Optional: set GIT_SSL_CAINFO to improve git CLI behavior behind custom CAs.

         env_vars.update({
             "CERTIFI_PATH": cert_path,
             "SSL_CERT_FILE": cert_path,
             "REQUESTS_CA_BUNDLE": cert_path,
             "CURL_CA_BUNDLE": cert_path,
+            "GIT_SSL_CAINFO": cert_path,
         })

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 46e0f5a and 5b5d254.

📒 Files selected for processing (1)

• builder/penv_setup.py (5 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

🪛 Ruff (0.13.1)

builder/penv_setup.py

517-517: subprocess call: check for execution of untrusted input

(S603)

---

526-527: try-except-pass detected, consider logging the exception

(S110)

---

526-526: Do not catch blind exception: Exception

(BLE001)

---

534-534: subprocess call with shell=True identified, security issue

(S602)

---

570-570: subprocess call: check for execution of untrusted input

(S603)

---

595-595: subprocess call: check for execution of untrusted input

(S603)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: build (macos-15, examples/espidf-arduino-blink)
• GitHub Check: build (windows-latest, examples/espidf-exceptions)
• GitHub Check: build (windows-latest, examples/espidf-coap-server)
• GitHub Check: build (windows-latest, examples/arduino-rmt-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp-lp)
• GitHub Check: build (windows-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-storage-sdcard)
• GitHub Check: build (ubuntu-latest, examples/espidf-peripherals-usb)
• GitHub Check: build (ubuntu-latest, examples/espidf-peripherals-uart)
• GitHub Check: build (ubuntu-latest, examples/espidf-http-request)
• GitHub Check: build (ubuntu-latest, examples/espidf-exceptions)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-C6-ULP-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-wifiscan)
• GitHub Check: build (ubuntu-latest, examples/arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/arduino-rmt-blink)

🔇 Additional comments (1)

builder/penv_setup.py (1)

403-419: Approve: setup_penv_minimal wrapper — call sites verified.

Only intended references remain: builder/penv_setup.py defines setup_penv_minimal (line 403) and setup_python_environment (line 636); platform.py imports setup_penv_minimal (line 49) and calls it in configure_default_packages (line 767); builder/main.py calls platform.setup_python_env (line 49). No other call sites to the old API found.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

builder/penv_setup.py (1)

61-72: Don’t mutate global socket timeout; close the socket.

socket.setdefaulttimeout() changes process-wide behavior and the raw socket is never explicitly closed. Use socket.create_connection with a per-call timeout.

-def has_internet_connection(host="1.1.1.1", port=53, timeout=2):
+def has_internet_connection(host="1.1.1.1", port=53, timeout=2):
@@
-    try:
-        socket.setdefaulttimeout(timeout)
-        socket.socket(socket.AF_INET, socket.SOCK_STREAM).connect((host, port))
-        return True
-    except Exception:
-        return False
+    try:
+        with socket.create_connection((host, port), timeout=timeout):
+            return True
+    except OSError:
+        return False

🧹 Nitpick comments (4)

builder/penv_setup.py (3)

466-469: Make esptool launcher discovery robust (esptool vs esptool.py).

Some environments expose the script as esptool.py. Prefer a fallback to avoid path-not-found issues.

-    esptool_binary_path = get_executable_path(penv_dir, "esptool")
+    # Prefer esptool, fall back to esptool.py if present
+    _candidates = [
+        get_executable_path(penv_dir, "esptool"),
+        get_executable_path(penv_dir, "esptool.py"),
+    ]
+    esptool_binary_path = next((p for p in _candidates if os.path.isfile(p)), _candidates[0])

Also applies to: 490-491

---

526-527: Don’t swallow exceptions on uv venv creation; log the reason.

Silent pass obscures failures and complicates troubleshooting.

-        except Exception:
-            pass
+        except Exception as e:
+            print(f"Info: uv venv creation failed ({e}); falling back to python -m venv")

---

434-442: Redundant Python version check.

Module-level guard already exits on Python < 3.10. Consider removing this duplicate check.

platform.py (1)

496-499: Remove unused penv_python parameter in _handle_existing_tool.

It’s not used and triggers linter noise; simplify signature and call site.

-    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str], penv_python: Optional[str] = None) -> bool:
+    def _handle_existing_tool(self, tool_name: str, paths: Dict[str, str]) -> bool:
@@
-            return self._handle_existing_tool(tool_name, paths, penv_python)
+            return self._handle_existing_tool(tool_name, paths)

Also applies to: 524-532

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5b5d254 and db0fa6d.

📒 Files selected for processing (2)

• builder/penv_setup.py (5 hunks)
• platform.py (7 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• platform.py

🧬 Code graph analysis (1)

platform.py (1)

builder/penv_setup.py (3)

• setup_penv_minimal (403-418)
• get_executable_path (74-81)
• install_esptool (342-400)

🪛 Ruff (0.13.1)

builder/penv_setup.py

517-517: subprocess call: check for execution of untrusted input

(S603)

---

526-527: try-except-pass detected, consider logging the exception

(S110)

---

526-526: Do not catch blind exception: Exception

(BLE001)

---

533-533: subprocess call: check for execution of untrusted input

(S603)

---

571-571: subprocess call: check for execution of untrusted input

(S603)

---

596-596: subprocess call: check for execution of untrusted input

(S603)

platform.py

524-524: Unused method argument: penv_python

(ARG002)

🔇 Additional comments (1)

builder/penv_setup.py (1)

533-537: Resolved: no shell=True; args passed as list.

The previous security concern about shell=True is fixed here. Good.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

platform.py (1)

427-445: Capture stderr on idf_tools failure for diagnosability.

All output is discarded, making failures opaque. Log a tail of stderr/stdout when returncode != 0.

-            result = subprocess.run(
-                cmd,
-                stdout=subprocess.DEVNULL,
-                stderr=subprocess.DEVNULL,
-                check=False
-            )
+            result = subprocess.run(
+                cmd,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True,
+                check=False
+            )
@@
-            if result.returncode != 0:
-                logger.error("idf_tools.py installation failed")
+            if result.returncode != 0:
+                tail = (result.stderr or result.stdout or "").strip()[-1000:]
+                logger.error("idf_tools.py installation failed (rc=%s). Tail:\n%s", result.returncode, tail)
                 return False

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between db0fa6d and 1821882.

📒 Files selected for processing (1)

• platform.py (7 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• platform.py

🧬 Code graph analysis (1)

platform.py (1)

builder/penv_setup.py (3)

• setup_penv_minimal (403-418)
• get_executable_path (74-81)
• install_esptool (342-400)

🔇 Additional comments (7)

platform.py (7)

30-34: Imports reorg looks fine.

No behavior change; nothing to fix.

---

47-55: Robust import fallback for penv_setup.

Good fallback to standalone mode by prepending builder/ to sys.path. Keep as-is.

---

408-416: Correct: prefer penv Python with system fallback.

Selecting penv_python when present avoids mixing interpreters during idf_tools.py runs.

---

488-494: Plumbing penv_python through install_tool.

Passing penv_python into the idf_tools path ensures consistent interpreter usage across tool installs. LGTM.

---

503-507: Signature extension is coherent.

Forwarding penv_python into _install_with_idf_tools matches the upstream change in _run_idf_tools_install.

---

758-772: Order of operations makes sense (esptool package → penv setup).

Installing tool-esptoolpy first and then wiring it into the penv via setup_penv_minimal aligns with the intended flow and the maintainer preference to manage tools inside PlatformIO’s core_dir/IDF_TOOLS_PATH.

Please verify that builder/main.py calls setup_python_env only once per build and does not assume the penv is ready prior to configure_default_packages. If it does, the fixed fallback here will cover it, but double-checking avoids redundant work.

---

733-746: Fix infinite recursion in setup_python_env fallback.

The fallback calls self.setup_python_env(env) again, recursing forever. Inline the minimal penv setup here.

 def setup_python_env(self, env):
     """Setup Python virtual environment and return executable paths."""
     # Penv should already be set up in configure_default_packages
     if hasattr(self, '_penv_python') and hasattr(self, '_esptool_path'):
         # Update SCons environment with penv python
         env.Replace(PYTHONEXE=self._penv_python)
         return self._penv_python, self._esptool_path
     
     # This should not happen, but provide fallback
     logger.warning("Penv not set up in configure_default_packages, setting up now")
-    
-    # Use the centralized setup method
-    return self.setup_python_env(env)
+    # Perform minimal setup directly and propagate into SCons
+    config = ProjectConfig.get_instance()
+    core_dir = config.get("platformio", "core_dir")
+    penv_python, esptool_path = setup_penv_minimal(self, core_dir, install_esptool=True)
+    self._penv_python = penv_python
+    self._esptool_path = esptool_path
+    env.Replace(PYTHONEXE=penv_python)
+    return penv_python, esptool_path

Run to confirm no remaining recursive call sites and to see who calls setup_python_env:

#!/bin/bash
rg -n -C2 'def setup_python_env' platform.py
rg -n -C2 'return\s+self\.setup_python_env\(' platform.py
fd -t f -a main.py | xargs -I{} rg -n -C2 '\bsetup_python_env\s*\(' {}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

builder/penv_setup.py (2)

185-339: Breakage risk: assumes uv inside penv; add robust fallback to external uv or pip

When uv isn’t installed into the venv, dependency listing/installation will fail because all calls use penv_uv_executable. Resolve uv as: penv uv if present, else external uv (passed-in or PATH), else fall back to python -m pip for both list and install. Also avoid trying to “pip install uv” (that doesn’t install the Astral uv CLI).

Apply this patch to make uv resolution and pip fallback robust:

@@
 def install_python_deps(python_exe, external_uv_executable):
@@
-    penv_uv_executable = get_executable_path(penv_dir, "uv")
+    penv_uv_executable = get_executable_path(penv_dir, "uv")
+    # Prefer uv in penv, else external uv, else uv on PATH, else None (pip fallback)
+    uv_cmd = penv_uv_executable if os.path.isfile(penv_uv_executable) else (
+        external_uv_executable if external_uv_executable else shutil.which("uv")
+    )
@@
-    # Check if uv is available in the penv
-    uv_in_penv_available = False
-    try:
-        result = subprocess.run(
-            [penv_uv_executable, "--version"],
-            capture_output=True,
-            text=True,
-            timeout=10
-        )
-        uv_in_penv_available = result.returncode == 0
-    except (FileNotFoundError, subprocess.TimeoutExpired):
-        uv_in_penv_available = False
-
-    # Install uv into penv if not available
-    if not uv_in_penv_available:
-        if external_uv_executable:
-            # Use external uv to install uv into the penv
-            try:
-                subprocess.check_call(
-                    [external_uv_executable, "pip", "install", "uv>=0.1.0", f"--python={python_exe}", "--quiet"],
-                    stdout=subprocess.DEVNULL,
-                    stderr=subprocess.STDOUT,
-                    timeout=120
-                )
-            except subprocess.CalledProcessError as e:
-                print(f"Error: uv installation failed with exit code {e.returncode}")
-                return False
-            except subprocess.TimeoutExpired:
-                print("Error: uv installation timed out")
-                return False
-            except FileNotFoundError:
-                print("Error: External uv executable not found")
-                return False
-            except Exception as e:
-                print(f"Error installing uv package manager into penv: {e}")
-                return False
-        else:
-            # No external uv available, use pip to install uv into penv
-            try:
-                subprocess.check_call(
-                    [python_exe, "-m", "pip", "install", "uv>=0.1.0", "--quiet"],
-                    stdout=subprocess.DEVNULL,
-                    stderr=subprocess.STDOUT,
-                    timeout=120
-                )
-            except subprocess.CalledProcessError as e:
-                print(f"Error: uv installation via pip failed with exit code {e.returncode}")
-                return False
-            except subprocess.TimeoutExpired:
-                print("Error: uv installation via pip timed out")
-                return False
-            except FileNotFoundError:
-                print("Error: Python executable not found")
-                return False
-            except Exception as e:
-                print(f"Error installing uv package manager via pip: {e}")
-                return False
+    # Note: do NOT attempt to install the uv CLI via pip; use pip as fallback instead
@@
-    def _get_installed_uv_packages():
+    def _get_installed_uv_packages():
@@
-            cmd = [penv_uv_executable, "pip", "list", f"--python={python_exe}", "--format=json"]
+            if uv_cmd:
+                cmd = [uv_cmd, "pip", "list", f"--python={python_exe}", "--format=json"]
+            else:
+                cmd = [python_exe, "-m", "pip", "list", "--format=json"]
@@
-        cmd = [
-            penv_uv_executable, "pip", "install",
-            f"--python={python_exe}",
-            "--quiet", "--upgrade"
-        ] + packages_list
+        if uv_cmd:
+            cmd = [uv_cmd, "pip", "install", f"--python={python_exe}", "--quiet", "--upgrade"] + packages_list
+        else:
+            cmd = [python_exe, "-m", "pip", "install", "--quiet", "--upgrade"] + packages_list

Add the missing import:

# at top-level imports
import shutil

---

388-399: Esptool install crashes when uv isn’t in penv; add uv detection and pip fallback

uv_executable points to penv/bin/uv even if it doesn’t exist. subprocess.check_call([... uv_executable ...]) will raise FileNotFoundError. Detect uv or fall back to python -m pip.

-    try:
-        subprocess.check_call([
-            uv_executable, "pip", "install", "--quiet", "--force-reinstall",
-            f"--python={python_exe}",
-            "-e", esptool_repo_path
-        ], timeout=60)
+    try:
+        cmd = None
+        if os.path.isfile(uv_executable) or shutil.which(uv_executable):
+            cmd = [uv_executable, "pip", "install", "--quiet", "--force-reinstall", f"--python={python_exe}", "-e", esptool_repo_path]
+        else:
+            cmd = [python_exe, "-m", "pip", "install", "--quiet", "--force-reinstall", "-e", esptool_repo_path]
+        subprocess.check_call(cmd, timeout=60)
 
-    except subprocess.CalledProcessError as e:
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
         sys.stderr.write(
             f"Error: Failed to install esptool from {esptool_repo_path} (exit {e.returncode})\n"
         )
         sys.exit(1)

🧹 Nitpick comments (4)

builder/penv_setup.py (3)

559-595: Non-critical path: also handle missing uv; fall back to pip

Minimal setup should not fail hard if uv is absent. Handle FileNotFoundError and use python -m pip.

-    try:
-        subprocess.check_call([
-            uv_executable, "pip", "install", "--quiet", "--force-reinstall",
-            f"--python={python_exe}",
-            "-e", esptool_repo_path
-        ], timeout=60)
+    try:
+        if os.path.isfile(uv_executable) or shutil.which(uv_executable):
+            cmd = [uv_executable, "pip", "install", "--quiet", "--force-reinstall", f"--python={python_exe}", "-e", esptool_repo_path]
+        else:
+            cmd = [python_exe, "-m", "pip", "install", "--quiet", "--force-reinstall", "-e", esptool_repo_path]
+        subprocess.check_call(cmd, timeout=60)
         print(f"Installed esptool from tl-install path: {esptool_repo_path}")
 
-    except subprocess.CalledProcessError as e:
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
         print(f"Warning: Failed to install esptool from {esptool_repo_path} (exit {getattr(e, 'returncode', 'ENOENT')})")
         # Don't exit - esptool installation is not critical for penv setup

---

37-38: Fix GITHUB_ACTIONS truthiness check

bool(os.getenv("GITHUB_ACTIONS")) is True even when set to "false". Use explicit string match.

-github_actions = bool(os.getenv("GITHUB_ACTIONS"))
+github_actions = os.getenv("GITHUB_ACTIONS", "").lower() == "true"

---

516-518: Avoid bare except/hidden failure while creating venv

Catching Exception and pass hides actionable errors. Narrow the exceptions and log once.

-        except Exception:
-            pass
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+            print(f"Info: uv venv creation skipped ({type(e).__name__}: {e})")

platform.py (1)

48-56: Harden dynamic import of penv_setup

If the file is missing/invalid, spec.loader can be None and crash. Add a small guard with a clear error.

-penv_setup_path = Path(__file__).parent / "builder" / "penv_setup.py"
-spec = importlib.util.spec_from_file_location("penv_setup", str(penv_setup_path))
-penv_setup_module = importlib.util.module_from_spec(spec)
-spec.loader.exec_module(penv_setup_module)
+penv_setup_path = Path(__file__).parent / "builder" / "penv_setup.py"
+spec = importlib.util.spec_from_file_location("penv_setup", str(penv_setup_path))
+if not spec or not spec.loader:
+    print(f"ERROR: Failed to load penv_setup from {penv_setup_path}", file=sys.stderr)
+    raise SystemExit(1)
+penv_setup_module = importlib.util.module_from_spec(spec)
+spec.loader.exec_module(penv_setup_module)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9eacb21 and 1ef6508.

📒 Files selected for processing (2)

• builder/penv_setup.py (5 hunks)
• platform.py (8 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• platform.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• platform.py

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

platform.py (1)

builder/penv_setup.py (3)

• setup_penv_minimal (402-417)
• get_executable_path (73-80)
• install_esptool (341-399)

🪛 Ruff (0.13.1)

builder/penv_setup.py

507-507: subprocess call: check for execution of untrusted input

(S603)

---

516-517: try-except-pass detected, consider logging the exception

(S110)

---

516-516: Do not catch blind exception: Exception

(BLE001)

---

523-523: subprocess call: check for execution of untrusted input

(S603)

---

561-561: subprocess call: check for execution of untrusted input

(S603)

---

586-586: subprocess call: check for execution of untrusted input

(S603)

🔇 Additional comments (4)

builder/penv_setup.py (1)

447-455: LGTM: SCons env propagation of penv python

Replacing PYTHONEXE in SCons aligns with project convention and avoids relying on env propagation. Matches earlier guidance.

platform.py (3)

410-447: LGTM: idf_tools uses penv Python when available

Using penv_python or python_exe honors the venv-first preference and falls back gracefully. Capturing output and tailing errors is reasonable.

---

737-756: LGTM: no-recursion fallback in setup_python_env

The fallback avoids the prior recursion issue and correctly updates SCons with penv Python, consistent with the minimal path setup.

---

767-782: Order check: esptool package install before penv

Installing tool-esptoolpy before penv means any idf_tools‑based installs will run under system Python. If you intended all installs to use penv, set up penv first; otherwise, keep as is.

Would you like me to flip the order (penv first) and verify tool installs under penv only?

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

builder/penv_setup.py (5)

116-118: Avoid silent fallback; log why uv venv creation failed

Catching Exception and passing hides useful context. Log once at info level and fall back.

Apply this diff:

-        except Exception:
-            pass
+        except Exception as e:
+            print(f"Info: uv venv creation failed, falling back to python -m venv ({e})")

---

530-533: Add timeout to python -m venv fallback

Parity with the uv path prevents indefinite hangs in CI.

-                subprocess.check_call([
-                    sys.executable, "-m", "venv", "--clear", penv_dir
-                ])
+                subprocess.check_call(
+                    [sys.executable, "-m", "venv", "--clear", penv_dir],
+                    timeout=90
+                )

---

227-228: Align long-running install/list timeouts with existing project norms

Package installs/listing can exceed 300s on slow mirrors. Prior art in this repo uses 600s for installs. Suggest bumping to reduce flaky CI.

-                    timeout=300
+                    timeout=600
@@
-                    timeout=300
+                    timeout=600
@@
-                timeout=300
+                timeout=600
@@
-                timeout=300
+                timeout=600

Also applies to: 248-249, 279-280, 327-328

---

566-569: Inconsistent return type and docstring in _install_esptool_from_tl_install

Function sometimes returns (None, None) but caller ignores returns; docstring claims it raises on missing package. Make behavior consistent: return None and clarify docstring.

-    Raises:
-        SystemExit: If esptool installation fails or package directory not found
+    Notes:
+        Returns None; missing esptool package is non-fatal in minimal setup.
@@
-    if not esptool_repo_path or not os.path.isdir(esptool_repo_path):
-        return (None, None)
+    if not esptool_repo_path or not os.path.isdir(esptool_repo_path):
+        return

Also applies to: 554-564

---

190-206: Dependency install flow via uv looks solid; minor nit on re-checking uv presence

After installing uv into penv, you rely on the precomputed penv_uv_executable path (which is fine). Optional: re-run a quick “uv --version” to surface installation issues earlier.

     # Install uv into penv if not available
     if not uv_in_penv_available:
@@
                 return False
-    
+    # Optional: verify uv is now available
+    try:
+        subprocess.check_call([penv_uv_executable, "--version"], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT, timeout=5)
+    except Exception as e:
+        print(f"Error: uv in penv not available after installation: {e}")
+        return False

Also applies to: 218-243, 263-343

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c08eb7d and 9152569.

📒 Files selected for processing (1)

• builder/penv_setup.py (12 hunks)

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.391Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

622-622: subprocess call: check for execution of untrusted input

(S603)

---

628-628: Do not catch blind exception: Exception

(BLE001)

---

634-634: Do not catch blind exception: Exception

(BLE001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: build (windows-latest, examples/tasmota)
• GitHub Check: build (macos-15, examples/arduino-blink)
• GitHub Check: build (windows-latest, examples/espidf-coap-server)
• GitHub Check: build (windows-latest, examples/espidf-blink)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-light)
• GitHub Check: build (windows-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp-lp)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp)
• GitHub Check: build (ubuntu-latest, examples/espidf-peripherals-usb)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp-riscv)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (ubuntu-latest, examples/espidf-hello-world)
• GitHub Check: build (ubuntu-latest, examples/espidf-http-request)
• GitHub Check: build (ubuntu-latest, examples/tasmota)
• GitHub Check: build (ubuntu-latest, examples/arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/espidf-coap-server)
• GitHub Check: build (ubuntu-latest, examples/arduino-rmt-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-zigbee-switch)
• GitHub Check: build (ubuntu-latest, examples/arduino-wifiscan)

🔇 Additional comments (5)

builder/penv_setup.py (5)

44-59: Confirm pinned dependency specs are intentional and resolvable across OSes

Specs for urllib3 (<2), cryptography (>=45.0.3), and certifi (>=2025.8.3) are stricter than typical. Please confirm these versions exist and are compatible with the rest of the stack on Windows/macOS/Linux.

---

612-654: Certifi sourcing from penv first is spot-on

Preferring penv’s certifi, with a safe fallback and propagating SSL vars (incl. GIT_SSL_CAINFO), is correct.

---

441-459: Good: hard-fail if penv Python is missing

Early exit matches the project’s preference to crash on critical setup failures.

---

37-37: GA flag usage is appropriate

Using GITHUB_ACTIONS to relax connectivity gating is reasonable.

---

68-71: Internet check implementation is fine

Lightweight and non-blocking; good default.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

builder/penv_setup.py (1)

44-59: Align cryptography pins to avoid cross-step conflicts

builder/penv_setup.py:53 — "cryptography": ">=45.0.3"
builder/frameworks/espidf.py:1531 — "cryptography": "~=44.0.0"

In a shared penv this will cause flip‑flopping installs; either change penv_setup to "cryptography": "~=44.0.0" (recommended to match espidf.py) or update builder/frameworks/espidf.py to accept ">=45.0.3" if the newer version is intentional.

🧹 Nitpick comments (5)

builder/penv_setup.py (5)

463-466: Compute esptool path after installation to avoid returning a non-existent path

Initialize uv path now, but defer esptool path until after the optional install step.

-    # Set executable paths from tools
-    esptool_binary_path = get_executable_path(penv_dir, "esptool")
-    uv_executable = get_executable_path(penv_dir, "uv")
+    # Set executable paths from tools
+    uv_executable = get_executable_path(penv_dir, "uv")

---

487-487: Defer esptool path computation until just before return

This guarantees the returned path reflects the final state post-install.

-    return penv_python, esptool_binary_path
+    esptool_binary_path = get_executable_path(penv_dir, "esptool")
+    return penv_python, esptool_binary_path

---

553-607: Docstring/behavior mismatch and dead tuple return in _install_esptool_from_tl_install

Docstring says it raises on missing package, but the code returns a (None, None) tuple. The caller ignores the return value, so returning a tuple is dead code. Recommend clarifying docstring and returning None with a warning.

 def _install_esptool_from_tl_install(platform, python_exe, uv_executable):
@@
-    Raises:
-        SystemExit: If esptool installation fails or package directory not found
+    Returns:
+        None. Logs a warning if the package is missing or installation fails.
@@
-    if not esptool_repo_path or not os.path.isdir(esptool_repo_path):
-        return (None, None)
+    if not esptool_repo_path or not os.path.isdir(esptool_repo_path):
+        print("Warning: 'tool-esptoolpy' package directory not found; skipping esptool installation")
+        return

---

523-524: Don’t silently swallow uv exceptions in minimal setup; log the fallback

A tiny log helps diagnostics without changing control flow.

-        except Exception:
-            pass
+        except Exception:
+            print("Info: uv venv creation failed; falling back to 'python -m venv'")

---

612-627: Guard against None python_exe in _setup_certifi_env

Currently assumes python_exe is provided; add a cheap guard for robustness.

 def _setup_certifi_env(env, python_exe=None):
@@
-    try:
+    if not python_exe:
+        return
+    try:

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9152569 and 3ea5eb0.

📒 Files selected for processing (1)

• builder/penv_setup.py (12 hunks)

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.391Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

619-619: subprocess call: check for execution of untrusted input

(S603)

---

625-625: Do not catch blind exception: Exception

(BLE001)

[Jason2866]

@coderabbitai This is wrong. Since espidf.py creates an extra new venv!

builder/penv_setup.py (1)
44-59: Align cryptography pins to avoid cross-step conflicts

builder/penv_setup.py:53 — "cryptography": ">=45.0.3"
builder/frameworks/espidf.py:1531 — "cryptography": "~=44.0.0"

In a shared penv this will cause flip‑flopping installs; either change penv_setup to "cryptography": "~=44.0.0" (recommended to match espidf.py) or update builder/frameworks/espidf.py to accept ">=45.0.3" if the newer version is intentional.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@Jason2866, you're absolutely right - I apologize for the incorrect analysis. If espidf.py creates its own separate virtual environment, then there would be no version conflict between the two cryptography pins since they operate in isolated environments.

Let me examine the code to better understand this architecture and correct my understanding.

---

🏁 Script executed:

#!/bin/bash
# Examine how espidf.py handles virtual environment creation
rg -n -A10 -B5 "venv\|virtual.*env\|python.*env" builder/frameworks/espidf.py

# Also look for cryptography version specification in espidf.py
rg -n -A3 -B3 "cryptography.*44\.0\.0" builder/frameworks/espidf.py

Length of output: 349

---

@Jason2866, thank you for the correction. You're absolutely right that my analysis was wrong. I need to better understand how espidf.py creates its separate virtual environment to see why the cryptography version differences don't cause conflicts.

Let me examine the Python environment setup patterns in the espidf.py file to understand this architecture properly.

---

🏁 Script executed:

#!/bin/bash
# Look for broader Python environment setup patterns in espidf.py
rg -n -A5 -B5 "pip.*install\|python.*-m\|subprocess.*python\|env.*python\|PYTHON\|install.*python" builder/frameworks/espidf.py

# Also search for any references to separate environments or isolation
rg -n -A5 -B5 "separate\|isolat\|dedicated" builder/frameworks/espidf.py

Length of output: 0

---

@Jason2866, I apologize for my incorrect analysis. Let me examine the espidf.py file more thoroughly to understand how it creates its separate virtual environment, which would indeed make the cryptography version differences irrelevant since they operate in isolated environments.

---

🏁 Script executed:

#!/bin/bash
# Get broader context around the cryptography dependency
sed -n '1520,1540p' builder/frameworks/espidf.py

# Look for function definitions that might handle environment setup
rg -n "def.*env\|def.*setup\|def.*install\|def.*python" builder/frameworks/espidf.py

# Examine imports and overall file structure 
head -50 builder/frameworks/espidf.py | rg -n "import\|from"

Length of output: 661

---

@Jason2866, thank you for the correction. I can see that espidf.py has its own Python dependency management with get_python_exe() and a separate deps dictionary. Let me find where this creates the separate virtual environment to fully understand why the cryptography version differences don't cause conflicts.

---

🏁 Script executed:

#!/bin/bash
# Search for get_python_exe function definition and usage
rg -n -A10 -B5 "def get_python_exe\|get_python_exe" builder/frameworks/espidf.py

# Look for virtual environment or pip install commands in the context
rg -n -A10 -B5 "pip\|virtualenv\|venv" builder/frameworks/espidf.py

# Search for where these deps are actually installed
rg -n -A15 -B5 "deps.*=.*{" builder/frameworks/espidf.py

Length of output: 83

---

@Jason2866, let me fix that regex error and search properly for how espidf.py creates its separate virtual environment. I understand you're saying my analysis was wrong because espidf.py isolates its Python environment from the penv setup.

---

🏁 Script executed:

#!/bin/bash
# Search for get_python_exe function definition and usage (fixed)
rg -n -A10 -B5 "get_python_exe" builder/frameworks/espidf.py

# Look for the deps installation logic
rg -n -A15 -B5 "deps.*=" builder/frameworks/espidf.py

# Search for subprocess calls that might install Python packages
rg -n -A5 -B5 "subprocess\|check_call\|run\|Popen" builder/frameworks/espidf.py

Length of output: 9602

---

@Jason2866, thank you for the correction - you are absolutely right! I now clearly see the architecture:

espidf.py creates its own separate IDF virtual environment:

• get_python_exe() (line 1660) returns the Python executable from get_idf_venv_dir()
• The cryptography dependency "~=44.0.0" gets installed into this separate IDF venv (line 1540)
• This IDF venv is completely isolated from the penv setup

No version conflict exists because:

• penv_setup.py uses "cryptography": ">=45.0.3" in the penv
• espidf.py uses "cryptography": "~=44.0.0" in the separate IDF venv
• These are two different, isolated virtual environments

My analysis was completely wrong because I didn't understand that espidf.py creates and manages its own separate virtual environment. There's no shared environment, so no flip-flopping installs can occur.

Thank you for setting the record straight!

---

✏ Learnings added

Learnt from: Jason2866
URL: https://github.com/pioarduino/platform-espressif32/pull/296

Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

---

Learnt from: Jason2866
URL: https://github.com/pioarduino/platform-espressif32/pull/296

Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#285
File: platform.py:670-683
Timestamp: 2025-09-09T18:07:14.583Z
Learning: In the pioarduino/platform-espressif32 project, when tools.json exists in mklittlefs tool directories, it triggers a reinstall via install_tool(). This is intentional behavior to convert tools installed via idf_tools.py method into the platform's tool management system, rather than a redundant check that should be avoided.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#252
File: builder/frameworks/espidf.py:1382-1388
Timestamp: 2025-08-08T09:50:01.969Z
Learning: Preference in pioarduino/platform-espressif32 (builder/frameworks/espidf.py): Avoid using {"name": "boot"} as a sentinel when resolving the default app partition offset. Instead, call parttool.py with --partition-boot-default directly (and optionally fall back to factory/ota_0) to prevent confusion with non-existent CSV names.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

---

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

builder/penv_setup.py (4)

116-118: Don't swallow uv errors silently; log and fall back

Catching bare Exception and passing hides useful diagnostics.

-        except Exception:
-            pass
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+            print(f"Warning: uv venv creation failed, will fall back to python -m venv: {e}")

---

523-524: Same here: avoid bare except+pass

Mirror the logging used above for the minimal path.

-        except Exception:
-            pass
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+            print(f"Warning: uv venv creation failed, will fall back to python -m venv: {e}")

---

612-617: Make python_exe required (or handle None) in _setup_certifi_env

The default python_exe=None is misleading—it's unconditionally used and would crash if called without a value. Since callers always pass penv_python, make it required.

-def _setup_certifi_env(env, python_exe=None):
+def _setup_certifi_env(env, python_exe):
     """
-    Setup certifi environment variables from the given python_exe virtual environment.
-    Uses a subprocess call to extract certifi path from that environment to guarantee penv usage.
+    Setup certifi environment variables from the given virtualenv python_exe.
+    Uses a subprocess call to extract certifi path from that environment to guarantee penv usage.
     """

---

629-634: Also export GIT_SSL_CAINFO to the process environment

You already set it in SCons ENV; exporting to os.environ keeps CLI git consistent outside SCons actions.

     os.environ["CERTIFI_PATH"] = cert_path
     os.environ["SSL_CERT_FILE"] = cert_path
     os.environ["REQUESTS_CA_BUNDLE"] = cert_path
     os.environ["CURL_CA_BUNDLE"] = cert_path
+    os.environ["GIT_SSL_CAINFO"] = cert_path

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ea5eb0 and 3886ceb.

📒 Files selected for processing (1)

• builder/penv_setup.py (12 hunks)

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.391Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

619-619: subprocess call: check for execution of untrusted input

(S603)

---

625-625: Do not catch blind exception: Exception

(BLE001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (19)

• GitHub Check: build (windows-latest, examples/espidf-peripherals-usb)
• GitHub Check: build (windows-latest, examples/espidf-exceptions)
• GitHub Check: build (windows-latest, examples/arduino-rmt-blink)
• GitHub Check: build (windows-latest, examples/espidf-peripherals-uart)
• GitHub Check: build (windows-latest, examples/espidf-storage-sdcard)
• GitHub Check: build (windows-latest, examples/espidf-http-request)
• GitHub Check: build (windows-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (windows-latest, examples/tasmota)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-light)
• GitHub Check: build (windows-latest, examples/arduino-matter-light)
• GitHub Check: build (windows-latest, examples/espidf-blink)
• GitHub Check: build (windows-latest, examples/espidf-hello-world)
• GitHub Check: build (windows-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (windows-latest, examples/espidf-arduino-blink)
• GitHub Check: build (windows-latest, examples/arduino-usb-keyboard)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-switch)
• GitHub Check: build (windows-latest, examples/espidf-coap-server)
• GitHub Check: build (windows-latest, examples/arduino-wifiscan)
• GitHub Check: build (windows-latest, examples/arduino-blink)

🔇 Additional comments (2)

builder/penv_setup.py (2)

62-71: LGTM: robust internet check

Using socket.create_connection with a context manager is correct and keeps resources tidy.

---

52-55: Keep certifi >=2025.8.3 — release verified on PyPI
certifi 2025.8.3 was released on PyPI (Aug 3, 2025); the existing requirement ("certifi": ">=2025.8.3") is valid.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

builder/penv_setup.py (1)

393-405: Make esptool install robust offline: fall back to pip if penv “uv” is missing

Current path mandates penv’s uv; if deps install is skipped offline, uv may not exist in penv and this exits. Prefer: try penv uv, then PATH uv, finally python -m pip -e (works offline from local dir).

Apply:

-    try:
-        subprocess.check_call([
-            uv_executable, "pip", "install", "--quiet", "--force-reinstall",
-            f"--python={python_exe}",
-            "-e", esptool_repo_path
-        ], timeout=60)
-
-    except subprocess.CalledProcessError as e:
-        sys.stderr.write(
-            f"Error: Failed to install esptool from {esptool_repo_path} (exit {e.returncode})\n"
-        )
-        sys.exit(1)
+    # Prefer penv uv, then PATH uv, then pip as last resort
+    try:
+        uv_cmd = uv_executable if os.path.isfile(uv_executable) else "uv"
+        subprocess.check_call([
+            uv_cmd, "pip", "install", "--quiet", "--force-reinstall",
+            f"--python={python_exe}",
+            "-e", esptool_repo_path
+        ], timeout=60)
+    except FileNotFoundError:
+        # No uv available; fall back to pip (works offline from local path)
+        try:
+            subprocess.check_call([
+                python_exe, "-m", "pip", "install", "--quiet", "--force-reinstall",
+                "-e", esptool_repo_path
+            ], timeout=60)
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as e:
+            sys.stderr.write(
+                f"Error: Failed to install esptool via pip from {esptool_repo_path}: {e}\n"
+            )
+            sys.exit(1)
+    except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as e:
+        sys.stderr.write(
+            f"Error: Failed to install esptool with uv from {esptool_repo_path}: {e}\n"
+        )
+        sys.exit(1)

Note: uses os.path.isfile which is already imported.

🧹 Nitpick comments (2)

builder/penv_setup.py (2)

596-607: Mirror uv→pip fallback for minimal path; keep non-fatal behavior

Minimal path should also install from local repo without relying on uv in penv. Add pip fallback but keep warnings (non-fatal).

-    try:
-        subprocess.check_call([
-            uv_executable, "pip", "install", "--quiet", "--force-reinstall",
-            f"--python={python_exe}",
-            "-e", esptool_repo_path
-        ], timeout=60)
-        print(f"Installed esptool from tl-install path: {esptool_repo_path}")
-
-    except subprocess.CalledProcessError as e:
-        print(f"Warning: Failed to install esptool from {esptool_repo_path} (exit {e.returncode})")
-        # Don't exit - esptool installation is not critical for penv setup
+    try:
+        uv_cmd = uv_executable if os.path.isfile(uv_executable) else "uv"
+        subprocess.check_call([
+            uv_cmd, "pip", "install", "--quiet", "--force-reinstall",
+            f"--python={python_exe}",
+            "-e", esptool_repo_path
+        ], timeout=60)
+        print(f"Installed esptool from tl-install path: {esptool_repo_path}")
+    except FileNotFoundError:
+        try:
+            subprocess.check_call([
+                python_exe, "-m", "pip", "install", "--quiet", "--force-reinstall",
+                "-e", esptool_repo_path
+            ], timeout=60)
+            print(f"Installed esptool via pip from tl-install path: {esptool_repo_path}")
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as e:
+            print(f"Warning: Failed to install esptool via pip from {esptool_repo_path}: {e}")
+    except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as e:
+        print(f"Warning: Failed to install esptool with uv from {esptool_repo_path}: {e}")

---

116-118: Avoid blind except/pass — log minimal context then fall back

Swallowing all exceptions hides real failures. Log once before falling back to venv via Python.

-        except Exception:
-            pass
+        except Exception as e:
+            print(f"uv venv creation failed; falling back to python -m venv: {e}")

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3886ceb and 00b5d0c.

📒 Files selected for processing (1)

• builder/penv_setup.py (12 hunks)

🧰 Additional context used

🧠 Learnings (11)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T14:47:08.813Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-26T14:52:29.044Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-20T14:13:13.842Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-04T15:27:18.112Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.391Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

619-619: subprocess call: check for execution of untrusted input

(S603)

---

625-625: Do not catch blind exception: Exception

(BLE001)

🔇 Additional comments (4)

builder/penv_setup.py (4)

425-437: Good abstraction: single core path for SCons and minimal

The shared core function simplifies flow and reduces drift between code paths.

---

562-569: Docstring mismatches behavior (returns instead of raising on missing package)

The function returns (None, None) when tool-esptoolpy is missing and prints warnings on failures; it does not raise as docstring states. Align the docstring.

-    Raises:
-        SystemExit: If esptool installation fails or package directory not found
+    Note:
+        Non-fatal in minimal mode: returns quietly if package directory is not found
+        or installation fails; prints a warning instead of raising.

---

52-55: No change required — certifi >=2025.8.3 exists on PyPI

PyPI shows certifi 2025.8.3 (uploaded 2025-08-03); keep the constraint in builder/penv_setup.py as-is.

---

467-474: Offline SCons setup can fail: install_esptool requires uv; add pip fallback

has_internet_connection() is skipped (builder/penv_setup.py ~lines 467–474) so penv may lack uv when created via python -m venv. install_esptool (builder/penv_setup.py: def install_esptool, uv pip call around ~lines 394–398) unconditionally invokes uv_executable to install -e tool-esptoolpy and sys.exit()s on failure, so offline SCons runs will fail. _install_esptool_from_tl_install only warns — behaviour is inconsistent.

Fix: in install_esptool detect missing/failed uv and fallback to [python_exe, "-m", "pip", "install", "-e", esptool_repo_path] (or at least avoid exiting on failure), to match the minimal path and support offline penv setups.

⛔ Skipped due to learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

builder/penv_setup.py (4)

92-113: Avoid swallowing all exceptions when trying uv first

Catching bare Exception and silently passing makes diagnosing failures harder. Narrow the except to specific subprocess errors and emit a single-line warning.

-        except Exception:
-            pass
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+            print(f"Warning: uv venv creation failed ({e}); will try python -m venv")

Also applies to: 119-128

---

264-305: Tighten exception handling in _get_installed_uv_packages()

Broad excepts hide actionable errors. Constrain to expected exceptions and keep a single catch‑all last if needed.

-        except subprocess.TimeoutExpired:
+        except subprocess.TimeoutExpired:
             print("Warning: uv pip list command timed out")
-        except (json.JSONDecodeError, KeyError) as e:
+        except (json.JSONDecodeError, KeyError) as e:
             print(f"Warning: Could not parse package list: {e}")
-        except FileNotFoundError:
+        except FileNotFoundError:
             print("Warning: uv command not found")
-        except Exception as e:
-            print(f"Warning! Couldn't extract the list of installed Python packages: {e}")
+        except (subprocess.CalledProcessError, OSError) as e:
+            print(f"Warning! Couldn't extract installed packages (uv pip list failed): {e}")

---

490-551: Mirror the uv-first pattern’s exception handling in minimal path

Same feedback as the SCons variant: avoid bare Exception and silent pass.

-        except Exception:
-            pass
+        except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+            print(f"Warning: uv venv creation failed ({e}); will try python -m venv")

---

609-625: Make certifi setup fail-fast (no host fallback) and narrow exceptions

Current code prints and returns, which can mask a broken penv. Prefer a clear fatal error and narrower exception types.

-    try:
+    try:
         # Run python executable from penv to get certifi path
         out = subprocess.check_output(
             [python_exe, "-c", "import certifi; print(certifi.where())"],
             text=True,
             timeout=5
         )
         cert_path = out.strip()
-    except Exception as e:
-        print(f"Error: Failed to obtain certifi path from the virtual environment: {e}")
-        return
+    except (subprocess.CalledProcessError, subprocess.TimeoutExpired, FileNotFoundError) as e:
+        sys.stderr.write(f"Error: Failed to obtain certifi path from penv ({python_exe}): {e}\n")
+        sys.exit(1)

If you want offline builds that skipped deps install to continue, pass a flag and make this fatal only when deps were attempted to be installed; I can wire that for you.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 00b5d0c and 4d54627.

📒 Files selected for processing (1)

• builder/penv_setup.py (12 hunks)

🧰 Additional context used

🧠 Learnings (14)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.725Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.428Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-23T16:55:39.725Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.725Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T14:47:08.813Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.813Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-26T14:52:29.044Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-20T14:13:13.842Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-04T15:27:18.112Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-26T14:53:03.852Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:192-194
Timestamp: 2025-08-26T14:53:03.852Z
Learning: Jason2866 prefers to trust the system for path handling in penv_setup.py and doesn't want additional path validation for security concerns around penv directory derivation, indicating confidence in the controlled environment and internal path generation.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-23T12:35:35.432Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.432Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.391Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.391Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

616-616: subprocess call: check for execution of untrusted input

(S603)

---

622-622: Do not catch blind exception: Exception

(BLE001)

🔇 Additional comments (12)

builder/penv_setup.py (12)

44-59: Deps pin set looks consistent; URL pin for platformio handled correctly

The URL-based pin for platformio paired with PLATFORMIO_URL_VERSION_RE and the SimpleSpec logic for others is sound. Separate IDF venv avoids cryptography pin conflicts.

---

62-71: Connectivity probe is correct and non-intrusive

Using socket.create_connection with a short timeout and a context manager is fine.

---

129-138: Good: explicit venv validation with clear fatal error

Replacing implicit checks with an explicit existence check and sys.exit(1) matches the fail-fast preference.

---

218-241: Reasonable uv bootstrapping flow

Installing uv into penv via external uv (if available) or pip is sensible; timeouts and error handling look adequate.

Also applies to: 242-262

---

360-366: Correct: hard‑fail when tool‑esptoolpy missing under SCons path

Failing fast here avoids half‑configured states.

---

407-423: API surface for minimal setup is clear

Minimal entrypoint delegating to the core with an explicit flag is a clean design.

---

440-447: Core flow split (SCons vs minimal) looks solid

Branching on env is straightforward; PYTHONEXE replacement ensures subprocesses use the penv interpreter.

Also applies to: 455-459

---

467-474: Install deps only with connectivity or on CI is pragmatic

This avoids brittle heuristics; the warning on offline is helpful.

---

475-483: esptool install flow separation is good

SCons path enforces presence; minimal path attempts install without failing the whole setup.

---

562-569: Docstring claims raise but code returns (None, None)

The behavior is intentionally non-fatal here. Update the docstring to match to avoid confusion.

-    Raises:
-        SystemExit: If esptool installation fails or package directory not found
+    Note:
+        Non-fatal: returns (None, None) if the package directory is not found or install is skipped.

---

626-644: ENV propagation to SCons is correct

Merging into env["ENV"] keeps existing variables intact; keys look complete.

---

646-662: Main setup delegating to core keeps entrypoints consistent

Good cohesion; signature and return values match the minimal entrypoint.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d54627 and cf44301.

📒 Files selected for processing (1)

• builder/penv_setup.py (13 hunks)

🧰 Additional context used

🧠 Learnings (14)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.788Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.425Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.855Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

📚 Learning: 2025-08-05T11:47:41.756Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#246
File: builder/main.py:0-0
Timestamp: 2025-08-05T11:47:41.756Z
Learning: In the ESP32 platform builder, subprocess calls correctly use the virtual environment Python by explicitly passing PYTHON_EXE (which is set to the venv python path) as the first argument in the command array, rather than relying on environment variable propagation. The env=os.environ parameter only affects environment variables, not the executable path itself.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-23T16:55:39.788Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.788Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T14:47:08.855Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.855Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-26T14:52:29.044Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T16:59:15.533Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:265-275
Timestamp: 2025-08-10T16:59:15.533Z
Learning: In the ESP32 platform builder's penv_setup.py, the esptool_repo_path used in subprocess calls comes from PlatformIO's internal package management system (platform.get_package_dir()) which is a trusted source. Command injection concerns are not applicable here since this is build infrastructure code with controlled inputs, not user-facing code accepting arbitrary input.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-20T14:13:13.842Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-04T15:27:18.112Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#281
File: builder/frameworks/component_manager.py:1047-1054
Timestamp: 2025-09-04T15:27:18.112Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers not to add guard checks for missing arduino_libs_mcu in backup operations, preferring to let the operation proceed rather than silently skip when the directory might be missing.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-26T14:53:03.852Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:192-194
Timestamp: 2025-08-26T14:53:03.852Z
Learning: Jason2866 prefers to trust the system for path handling in penv_setup.py and doesn't want additional path validation for security concerns around penv directory derivation, indicating confidence in the controlled environment and internal path generation.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-23T12:35:35.508Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T19:13:25.599Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:26-40
Timestamp: 2025-08-10T19:13:25.599Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, semantic_version is imported but intentionally not listed in python_deps because it's a transitive dependency of platformio-core (version 2.10.*). When platformio is installed from the GitHub URL, semantic_version is automatically installed as one of its dependencies.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-09-22T10:59:14.425Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.425Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-08-10T20:18:20.698Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#255
File: builder/penv_setup.py:141-161
Timestamp: 2025-08-10T20:18:20.698Z
Learning: In the pioarduino/platform-espressif32 repository's builder/penv_setup.py file, the subprocess timeouts (30s for pip install, 90s for listing, 600s for package installation) are intentionally kept at their current values. When timeouts occur, it's typically due to server-side connection aborts rather than slow networks, so increasing timeout values doesn't resolve the issue.

Applied to files:

• builder/penv_setup.py

📚 Learning: 2025-07-13T20:03:29.695Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#225
File: builder/main.py:99-108
Timestamp: 2025-07-13T20:03:29.695Z
Learning: In the ESP32 platform builder, the subprocess call to get site-packages directory in setup_python_paths() function is intentionally left without error handling because if this basic Python operation fails, it indicates a fundamental system issue that would cause the entire build process to fail anyway.

Applied to files:

• builder/penv_setup.py

🧬 Code graph analysis (1)

builder/penv_setup.py (1)

builder/frameworks/espidf.py (1)

• install_python_deps (1504-1569)

🪛 Ruff (0.13.1)

builder/penv_setup.py

299-299: Do not catch blind exception: Exception

(BLE001)

---

328-328: subprocess call: check for execution of untrusted input

(S603)

---

340-340: Do not catch blind exception: Exception

(BLE001)

---

514-514: subprocess call: check for execution of untrusted input

(S603)

---

523-524: try-except-pass detected, consider logging the exception

(S110)

---

523-523: Do not catch blind exception: Exception

(BLE001)

---

530-530: subprocess call: check for execution of untrusted input

(S603)

---

572-572: subprocess call: check for execution of untrusted input

(S603)

---

597-597: subprocess call: check for execution of untrusted input

(S603)

---

616-616: subprocess call: check for execution of untrusted input

(S603)

---

622-622: Do not catch blind exception: Exception

(BLE001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: build (macos-15, examples/espidf-http-request)
• GitHub Check: build (macos-15, examples/arduino-blink)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-switch)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp-lp)
• GitHub Check: build (ubuntu-latest, examples/espidf-storage-sdcard)
• GitHub Check: build (windows-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-peripherals-usb)
• GitHub Check: build (ubuntu-latest, examples/espidf-hello-world)
• GitHub Check: build (ubuntu-latest, examples/espidf-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-C6-ULP-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-coap-server)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (ubuntu-latest, examples/tasmota)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (ubuntu-latest, examples/arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/arduino-rmt-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-wifiscan)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

builder/frameworks/espidf.py (1)

27-33: Remove unused join import
The join function from os.path isn’t used in this file; remove the from os.path import join statement.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0691899 and 8e96845.

📒 Files selected for processing (1)

• builder/frameworks/espidf.py (8 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.788Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.425Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

📚 Learning: 2025-09-23T14:15:00.476Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Applied to files:

• builder/frameworks/espidf.py

🔇 Additional comments (2)

builder/frameworks/espidf.py (2)

1676-1677: LGTM: Comment and narrative improvements.

The updated comments and section headers improve code clarity and accurately describe the build system behavior. These changes make the codebase more maintainable without altering functionality.

Also applies to: 1716-1716, 1755-1755, 1760-1760, 1854-1854, 1999-2000, 2048-2048

---

533-533: Confirm pydantic v2.11.10 is up to date and has no known advisories.

Version 2.11.10 (released Oct 4, 2025) is the latest release and no security advisories affect it.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

builder/frameworks/espidf.py (2)

81-81: Consider removing unused flash_frequency variable.

The flash_frequency variable is assigned but never referenced elsewhere in the file. Similar conversions are performed inline where needed (e.g., lines 368, 446). This appears to be legacy code that can be removed.

Apply this diff to remove the unused variable:

-flash_frequency = str(flash_speed.replace("000000L", ""))

---

1481-1484: Clarify fallback usage of private API
ComponentManager currently only defines _get_lib_ignore_entries, so get_entries is always None and the code falls back to the private method. Since private APIs may change without notice, please coordinate with the component_manager maintainer to expose a public get_lib_ignore_entries or add a clear comment/issue to track this dependency.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff37a38 and 315b5b1.

📒 Files selected for processing (2)

• builder/frameworks/espidf.py (21 hunks)
• examples/arduino-blink/platformio.ini (1 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.788Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.425Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#263
File: platform.py:80-84
Timestamp: 2025-08-20T14:13:13.842Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to always override IDF_TOOLS_PATH environment variable with PlatformIO's core directory, rather than respecting any existing user-defined IDF_TOOLS_PATH values. This ensures consistent ESP32 tool management within PlatformIO.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates an extra/separate virtual environment from the penv setup, so cryptography version differences between penv_setup.py and espidf.py do not cause conflicts since they operate in isolated environments.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/main.py:49-50
Timestamp: 2025-09-22T14:47:08.855Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers that critical setup operations like platform.setup_python_env should crash immediately if they fail rather than having fallback mechanisms, as this ensures problems are detected early and clearly rather than being masked.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T12:35:35.508Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 has explicitly instructed to NEVER create issues or PRs outside of his repositories (pioarduino/*). All issue and PR creation must be strictly limited to his own repositories only, never in upstream or other repositories.

📚 Learning: 2025-06-26T09:56:30.658Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#199
File: examples/arduino-blink/platformio.ini:81-83
Timestamp: 2025-06-26T09:56:30.658Z
Learning: In examples/arduino-blink/platformio.ini, the different lib_ignore configurations across environments (some including wifi, some not, different syntax styles) are intentional test cases, not inconsistencies that need to be fixed.

Applied to files:

• examples/arduino-blink/platformio.ini

📚 Learning: 2025-09-23T14:15:00.476Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Applied to files:

• builder/frameworks/espidf.py

🧬 Code graph analysis (1)

builder/frameworks/espidf.py (1)

builder/frameworks/component_manager.py (1)

• _get_lib_ignore_entries (605-639)

🪛 Ruff (0.13.3)

builder/frameworks/espidf.py

135-135: Consider moving this statement to an else block

(TRY300)

---

322-322: Do not use bare except

(E722)

---

322-323: try-except-pass detected, consider logging the exception

(S110)

---

360-360: Do not use bare except

(E722)

---

360-361: try-except-pass detected, consider logging the exception

(S110)

---

397-397: Do not use bare except

(E722)

---

397-398: try-except-pass detected, consider logging the exception

(S110)

---

425-425: Do not use bare except

(E722)

---

425-426: try-except-pass detected, consider logging the exception

(S110)

---

435-435: Do not use bare except

(E722)

---

435-436: try-except-pass detected, consider logging the exception

(S110)

---

447-447: Local variable esptool_freq_val is assigned to but never used

Remove assignment to unused variable esptool_freq_val

(F841)

---

522-522: Do not use bare except

(E722)

---

522-523: try-except-pass detected, consider logging the exception

(S110)

---

1892-1892: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1896-1896: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1898-1898: Use explicit conversion flag

Replace with conversion flag

(RUF010)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: build (windows-latest, examples/espidf-arduino-blink)
• GitHub Check: build (windows-latest, examples/arduino-usb-keyboard)
• GitHub Check: build (ubuntu-latest, examples/espidf-hello-world)
• GitHub Check: build (ubuntu-latest, examples/espidf-coap-server)
• GitHub Check: build (ubuntu-latest, examples/espidf-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-C6-ULP-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (ubuntu-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-wifiscan)
• GitHub Check: build (ubuntu-latest, examples/arduino-rmt-blink)

🔇 Additional comments (10)

examples/arduino-blink/platformio.ini (1)

117-123: LGTM! Improved configuration management.

The removal of CONFIG_SPIRAM_MODE_OCT, CONFIG_SPIRAM_SPEED_120M, and CONFIG_ESP32S3_DEFAULT_CPU_FREQ_240 aligns with the new board-specific auto-generation logic in espidf.py::generate_board_specific_config(). These settings are now derived from the board manifest automatically, reducing duplication and configuration drift.

The retained ISR/PSRAM performance flags (e.g., CONFIG_GDMA_CTRL_FUNC_IN_IRAM, CONFIG_SPIRAM_XIP_FROM_PSRAM) are specialized performance settings not covered by auto-generation, so their explicit declaration here is appropriate.

builder/frameworks/espidf.py (9)

107-139: LGTM! Robust version extraction with proper fallbacks.

The version extraction logic is well-structured with appropriate fallbacks:

1. Package metadata (preferred)
2. CMake version file
3. Default "0.0.0"

The semver normalization handles edge cases like pre-release tags ("6.0.0-rc1") and partial versions correctly. The regex fallback at lines 137-138 provides additional safety.

---

141-145: LGTM! Version environment variable setup is correct.

The ESP_IDF_VERSION environment variable is properly set using major.minor format, which is then consumed by CMake configuration at lines 2215-2217. The version splitting and formatting logic is sound.

---

223-239: LGTM! Clear detection logic for board-specific configurations.

The function correctly identifies boards requiring special sdkconfig handling by checking:

1. PSRAM support via extra_flags
2. Special memory types (OPI) from board manifest

The nested dict access with fallback to build section is appropriate for handling different board.json structures.

---

580-625: LGTM! Clear configuration priority chain.

The updated build_idf_config_flags() establishes a well-defined precedence order:

1. Board-derived flags (auto-generated from manifest)
2. Board manifest espidf.custom_sdkconfig
3. Custom file content
4. Project-level custom_sdkconfig
5. ESP32 compatibility fixes

The ESP32-specific SPIRAM/UNICORE conflict resolution at lines 620-624 is correct and properly documented.

---

647-676: LGTM! Proper sdkconfig merge logic.

The modified implementation correctly:

• Preserves the source sdkconfig structure
• Replaces matching flags from custom config
• Appends remaining custom flags
• Provides clear logging of changes

The flag extraction and matching logic using extract_flag_name() handles both active and disabled flags correctly.

---

1371-1376: LGTM! Appropriate source file filtering.

The added filters correctly skip:

• .rule files (build system metadata, not sources)
• dummy_src.c (prevents duplicate build actions as noted in comment)

Both exclusions are necessary to avoid build errors.

---

1579-1656: LGTM! Comprehensive linker script preprocessing logic.

The bootloader linker script handling properly:

1. Distinguishes between IDF 6.x preprocessing requirements and legacy scripts
2. Prioritizes original .ld files when available (lines 1613-1618)
3. Falls back to template preprocessing from .ld.in files
4. Handles ESP32-P4 rev3-specific bootloader variant (lines 1626-1630)
5. Maintains proper dependency tracking

The iteration through extra_flags and accumulation of processed_extra_flags is correct, though the logic is somewhat complex. This complexity is justified by the version-specific requirements.

---

1836-1902: preprocess_linker_file signature is backward-compatible All existing calls use only the first two positional arguments or explicitly name config_dir, so the new optional parameters have no impact.

---

1986-1986: pydantic version verified

~=2.11.10 is the latest 2.x release as of October 2025 and has no known security vulnerabilities.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

builder/frameworks/espidf.py (1)

441-441: Remove unused variable esptool_flash_freq.

The variable esptool_flash_freq is assigned but never used. Only compile_freq_val is referenced in the subsequent logic.

Apply this diff to remove the unused variable:

         if f_flash and compile_freq:
             # Ensure frequency compatibility (>= 80MHz must be identical for Flash and PSRAM)
             compile_freq_val = int(str(compile_freq).replace("000000L", ""))
-            esptool_flash_freq = int(str(esptool_flash_freq).replace("000000L", ""))
             
             if compile_freq_val >= 80:

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 315b5b1 and 79eb38d.

📒 Files selected for processing (1)

• builder/frameworks/espidf.py (21 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#296
File: builder/penv_setup.py:612-647
Timestamp: 2025-09-23T16:55:39.788Z
Learning: In the pioarduino/platform-espressif32 project, Jason2866 prefers no fallback mechanisms in penv setup functions. The penv virtual environment setup must work properly and should crash immediately rather than falling back to host Python environments, to avoid using "unknown env" configurations.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#268
File: builder/penv_setup.py:87-96
Timestamp: 2025-08-26T14:52:29.044Z
Learning: For the pioarduino/platform-espressif32 project, Jason2866 prefers to trust system executables when falling back to PATH-based command resolution (like "uv"), rather than implementing additional validation checks for security concerns.

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-22T10:59:14.425Z
Learning: In the pioarduino/platform-espressif32 project, the penv setup ensures that uv gets installed in the venv (penv), so additional safeguards for uv availability are not needed.

📚 Learning: 2025-09-23T14:15:00.476Z

Learnt from: Jason2866
PR: pioarduino/platform-espressif32#0
File: :0-0
Timestamp: 2025-09-23T14:15:00.476Z
Learning: In the pioarduino/platform-espressif32 project, espidf.py creates and manages its own separate IDF virtual environment (accessed via get_python_exe() from get_idf_venv_dir()). This IDF venv is completely isolated from the penv setup, so different cryptography versions between penv_setup.py and espidf.py don't cause conflicts as they exist in separate virtual environments.

Applied to files:

• builder/frameworks/espidf.py

🧬 Code graph analysis (1)

builder/frameworks/espidf.py (1)

builder/frameworks/component_manager.py (1)

• _get_lib_ignore_entries (605-639)

🪛 Ruff (0.13.3)

builder/frameworks/espidf.py

135-135: Consider moving this statement to an else block

(TRY300)

---

322-322: Do not use bare except

(E722)

---

322-323: try-except-pass detected, consider logging the exception

(S110)

---

360-360: Do not use bare except

(E722)

---

360-361: try-except-pass detected, consider logging the exception

(S110)

---

397-397: Do not use bare except

(E722)

---

397-398: try-except-pass detected, consider logging the exception

(S110)

---

425-425: Do not use bare except

(E722)

---

425-426: try-except-pass detected, consider logging the exception

(S110)

---

435-435: Do not use bare except

(E722)

---

435-436: try-except-pass detected, consider logging the exception

(S110)

---

441-441: Local variable esptool_flash_freq is assigned to but never used

Remove assignment to unused variable esptool_flash_freq

(F841)

---

521-521: Do not use bare except

(E722)

---

521-522: try-except-pass detected, consider logging the exception

(S110)

---

1891-1891: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1895-1895: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1897-1897: Use explicit conversion flag

Replace with conversion flag

(RUF010)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: build (windows-latest, examples/espidf-storage-sdcard)
• GitHub Check: build (windows-latest, examples/espidf-peripherals-uart)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-switch)
• GitHub Check: build (ubuntu-latest, examples/espidf-ulp-lp)
• GitHub Check: build (windows-latest, examples/arduino-zigbee-light)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/espidf-http-request)
• GitHub Check: build (ubuntu-latest, examples/espidf-peripherals-usb)
• GitHub Check: build (ubuntu-latest, examples/espidf-hello-world)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-littlefs)
• GitHub Check: build (ubuntu-latest, examples/arduino-NimBLE-ext_client)
• GitHub Check: build (ubuntu-latest, examples/espidf-arduino-matter-light)
• GitHub Check: build (ubuntu-latest, examples/arduino-blink)
• GitHub Check: build (ubuntu-latest, examples/arduino-rmt-blink)