fix(macos): avoid camera-permission deadlock when opening off the main thread

[LeeGoDamn]

Problem

ProviderApple::open() requested camera authorization by dispatching the request onto the main dispatch queue for non-main-thread callers, then blocking on a semaphore (DISPATCH_TIME_FOREVER):

if (![NSThread isMainThread]) {
    dispatch_async(dispatch_get_main_queue(), ^{ requestAccess(); });
} else {
    requestAccess();
}
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);

When nothing is servicing the main queue — e.g. a ccap::Provider opened from a worker thread in a process with no CFRunLoop on its main thread (a Node.js/Electron addon, a head-less multi-threaded service) — the dispatched block never runs, so the permission request is never even issued and open() hangs forever. It is not "waiting for the user to decide"; the prompt is never shown, so no progress is possible.

This stayed dormant because the shipping paths don't hit it:

• Main-thread callers (CLI, examples) take the else branch — no dispatch, no deadlock.
• Apps with a running run loop (GUI/iOS) service the main queue, so the block runs.

It bites exactly the off-main-thread + no-run-loop context, which is what a native Node binding (libuv worker thread, no CFRunLoop) creates — relevant to where this library is headed.

Fix

requestAccessForMediaType: may be called from any thread and delivers its completion on an internal queue, so the main-queue hop is unnecessary. The "start an async request and block until it completes" logic is extracted into ccap::runBlockingAsyncRequest() (src/ccap_apple_async.h), which runs the request on the calling thread and waits on a portable std::condition_variable.

The blocking "wait until the user decides" behavior is preserved (the wait still blocks indefinitely for the user's response) — only the deadlock-prone main-queue dispatch is removed.

Test (runs in CI)

tests/test_apple_permission.cpp is a deterministic regression test that drives the real helper with a simulated async request — a countdown that fires the completion from a background thread, exactly how requestAccessForMediaType: delivers its completion off the caller's run loop. No camera required.

• It builds into the existing ccap_convert_test aggregate, so it runs in the macOS "Run Full Test Suite" CI job via ./run_tests.sh --functional.
• Empty translation unit on non-Apple platforms.

Verified locally (Apple toolchain):

Check	Result
libccap.a compiles with the change (ARC)	✅
ccap_convert_test builds with the new test	✅
AppleCameraPermission.* run & pass under ASAN	✅ (55 ms / 53 ms)
Negative control (re-add main-queue dispatch) → off-main-thread test deadlocks/fails	✅ proves the test catches the regression

[ RUN      ] AppleCameraPermission.OffMainThreadWithoutRunLoopDoesNotDeadlock
[       OK ] AppleCameraPermission.OffMainThreadWithoutRunLoopDoesNotDeadlock (55 ms)
[ RUN      ] AppleCameraPermission.MainThreadDoesNotDeadlock
[       OK ] AppleCameraPermission.MainThreadDoesNotDeadlock (53 ms)
[  PASSED  ] 2 tests.

Scope

macOS only. No public API change. Behavior for main-thread callers is unchanged.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added Apple-only support for safely waiting on callback-based async operations until completion is signaled (without requiring a run loop).

• Bug Fixes

  • Updated the Apple camera permission request flow to prevent cases where the app could wait indefinitely.

• Tests

  • Added an Apple-only regression test covering both async (worker-thread) and synchronous completion scenarios.

• Chores

  • Improved Windows CI stability by pinning VS2022 runners and adjusting CMake generator/toolset fallback behavior.

[coderabbitai]

Warning

Review limit reached

@wysaid, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 19 minutes and 7 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: daa7f189-306d-465a-9b9f-1a600b823708

📥 Commits

Reviewing files that changed from the base of the PR and between bd4e03c and dda3119.

📒 Files selected for processing (2)

• .github/workflows/windows-build.yml
• tests/test_file_playback.cpp

Walkthrough

Adds an Apple-only blocking helper for callback-based async requests, uses it for camera permission access on macOS, adds regression coverage for synchronous and asynchronous completion, and updates Windows build jobs and generator settings.

Changes

Apple Async Blocking Helper

Layer / File(s)	Summary
Blocking helper header src/ccap_apple_async.h	Adds a __APPLE__-guarded inline ccap::runBlockingAsyncRequest implementation using std::mutex, std::condition_variable, and a finished flag.
Camera permission wait integration src/ccap_imp_apple.mm	Adds the new helper include and <functional>, then replaces the semaphore-based permission wait in CameraCaptureObjc::open with ccap::runBlockingAsyncRequest around requestAccessForMediaType.
Deadlock regression test tests/test_apple_permission.cpp, tests/CMakeLists.txt	Adds an Apple-only GoogleTest file covering asynchronous and synchronous completion cases, and registers it in ccap_convert_test.

Windows Build Workflow Update

Layer / File(s)	Summary
Runner image updates .github/workflows/windows-build.yml	The VS2022 jobs run on windows-2022 and keep the added comments in the workflow definitions.
VS2026 generator fallback .github/workflows/windows-build.yml	The VS2026 configure step removes -T v144 from the primary and fallback CMake generator invocations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 Hop hop, the camera waits no more,
A mutex and CV unlock the door.
Windows jobs scoot to steadier ground,
And bunny-approved tests go round and round.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main macOS deadlock fix when opening off the main thread.
Docstring Coverage	✅ Passed	Docstring coverage is 83.33% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/macos-camera-permission-deadlock

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/test_apple_permission.cpp`:
- Around line 53-73: The timeout helper in the permission test can still hang
because the inline body path bypasses any real watchdog and the detached worker
keeps a reference to donePromise after return. Update the helper around the body
lambda and worker thread handling so the “main thread” case is exercised under
an external watchdog/subprocess rather than directly inline, and move the
promise/shared state to heap-managed storage before any detach so late
completion cannot access a freed reference.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 68d40a48-1016-433a-891a-46a752deddc8

📥 Commits

Reviewing files that changed from the base of the PR and between 0d1a0f7 and fc618ea.

📒 Files selected for processing (4)

• src/ccap_apple_async.h
• src/ccap_imp_apple.mm
• tests/CMakeLists.txt
• tests/test_apple_permission.cpp

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.