dohertj2/3yearplan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
dee56a68466c3128407e474930f8366b80a0f13c
Commit Graph

13 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joseph Doherty
dee56a6846 Mark corrections-doc B1 (data-path ACLs) and C5 (consumer cutover scope) as RESOLVED. B1: OtOpcUa team has designed and committed the OPC UA client data-path authorization model in lmxopcua/docs/v2/acl-design.md (decisions #129–132) covering NodePermissions bitmask flags for Browse/Read/Subscribe/HistoryRead/WriteOperate/WriteTune/WriteConfigure/AlarmRead/AlarmAck/AlarmConfirm/AlarmShelve/MethodCall plus common bundles, 6-level scope hierarchy with default-deny + additive grants, NodeAcl table generation-versioned alongside the rest of the content, cluster-create workflow seeding the v1 LDAP-role-to-permission map for v1 → v2 consumer migration parity, Admin UI ACL tab with bulk grant + permission simulator, denied-only audit logging; the "must work from day one of Tier 1 cutover" timing constraint is satisfied because Phase 1 (Configuration + Admin scaffold) completes before any driver phase. C5: consumer cutover (ScadaBridge / Ignition / System Platform IO) is OUT of v2 scope per lmxopcua decision #136 — OtOpcUa team's scope ends at Phase 5 (all drivers built, all stability protections in place, full Admin UI shipped including ACL editor); cutover sequencing per site, validation methodology, rollback procedures, and Aveva-pattern validation for tier 3 are deliverables of a separate integration / operations team that has yet to be named. Plan should explicitly assign ownership of the cutover plan to that team and link to their forthcoming doc. 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-17 11:59:01 -04:00
Joseph Doherty
bed8c8e12b Remove equipment protocol survey — driver list confirmed by v2 team 
The OtOpcUa v2 implementation team committed all 8 core drivers from
internal knowledge of the estate, making the formal protocol survey
unnecessary for driver scoping. Removed current-state/equipment-protocol-
survey.md and cleaned up all references across 7 files.

The UNS hierarchy snapshot (per-site equipment-instance walk for site/area/
line/equipment assignments + UUIDs) is now a standalone Year 1 deliverable,
decoupled from protocol discovery. Tracked in status.md and goal-state.md
UNS naming hierarchy section.

Eliminates ~52 TBDs (all placeholder data in the pre-seeded survey rows).
 2026-04-17 11:54:46 -04:00
Joseph Doherty
f53a775968 Mark corrections-doc C1 (driver list pre-survey) as RESOLVED — the OtOpcUa team has confirmed all seven v2 drivers (Modbus TCP including DL205, AB CIP, AB Legacy, S7, TwinCAT, FOCAS, OPC UA Client) plus Galaxy/MXAccess by direct knowledge of the equipment estate; the survey is no longer a v2 prerequisite. TwinCAT and AB Legacy specifically called out as committed by known Beckhoff and SLC/MicroLogix legacy installations. Survey may still inform long-tail driver scoping and per-site capacity planning per the handoff's Long-tail drivers section, but the v2 driver list is fixed. Recommends the handoff's "Core library scope is driven by the survey" wording be updated to reflect that the v2.0 core library is pre-committed by direct equipment-estate knowledge, with the survey informing only long-tail driver scoping. Captured as lmxopcua decision #128 (2026-04-17). 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-17 11:35:34 -04:00
Joseph Doherty
c3587b2efa Update equipment identifier model per v2 hardening addendum 
- EquipmentId is now system-generated ('EQ-' + 12 hex from UUID), never
  operator-supplied — eliminates duplicate-identity corruption from typos
  and bulk-import renames (lmxopcua decision #125)
- ZTag and SAPID fleet-wide uniqueness enforced via ExternalIdReservation
  table outside generation versioning — rollback-safe (decision #124)
- Identifier table now shows who-sets-it column (3 operator, 2 system)
- Note added: ExternalIdReservation pattern is a precedent for non-versioned
  cross-generation invariants; check for similar hazard when scoping ACLs
 2026-04-17 11:12:40 -04:00
Joseph Doherty
8a6c227dbc Add same-day addendum to OtOpcUa corrections doc noting four v2 design defects an adversarial review surfaced after the corrections doc was filed (one critical: cross-cluster namespace binding, three high: namespace state bypassing publish boundary, ZTag/SAPID rollback-reuse hazard, operator-supplied EquipmentId minting duplicate identities) — all four closed in lmxopcua v2 branch at commit a59ad2e (decisions #122–125). Two of the fixes refine claims this corrections doc made (C4 multi-identifier model: EquipmentId is now system-generated not operator-supplied; D3 ACL location: ExternalIdReservation precedent shows some cross-generation invariants need non-versioned tables) so plan-team awareness matters; the other two (same-cluster namespace invariant, Namespace generation-versioning) are purely internal correctness with no handoff relevance, included for audit trail. 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-17 11:10:05 -04:00
Joseph Doherty
68dbc014da Integrate OtOpcUa v2 implementation corrections into plan 
19 corrections from handoffs/otopcua-corrections-2026-04-17.md:

Inaccuracies fixed:
- A1: OPC UA-native equipment requires OpcUaClient gateway driver (~hours
  config), not "no driver build"
- A2: "single endpoint" is per-node (non-transparent redundancy), not
  per-cluster; no VIP planned

Missing constraints added:
- B1: ACL surface (EquipmentAcl table, Admin UI, NodeManager enforcement)
  as Year 1 deliverable before Tier 1 cutover
- B2: schemas-repo creation on OtOpcUa critical path with FANUC CNC pilot
- B3: Certificate-distribution as pre-cutover step (per-node ApplicationUri
  trust-pinning)

Architectural decisions incorporated:
- C1: 8 committed core drivers (added TwinCAT/Beckhoff, split AB Legacy)
- C2: Three-tier driver stability model (A/B/C with out-of-process for
  Galaxy and FOCAS)
- C3: Polly v8+ resilience with default-no-retry on writes
- C4: Multi-identifier equipment model (5 IDs: UUID, EquipmentId,
  MachineCode, ZTag, SAPID)
- C5: Consumer cutover plan needs an owner (flagged)
- C6: Per-building cluster implications at Warsaw clarified

TBDs resolved:
- D1: Pilot equipment class = FANUC CNC
- D2: Schemas repo format = JSON Schema (.json), Protobuf derived
- D3: ACL definitions in central config DB alongside driver/topology
- D4: Enterprise shortname still unresolved (flagged as pre-cutover blocker)

New TBDs added:
- E1: UUID generation authority (OtOpcUa vs external system)
- E2: Aveva System Platform IO pattern validation (Year 1/2 research)
- E3: Site-wide vs per-cluster consumer addressing at Warsaw
- E4: Cluster endpoint wording (resolved via A2)
 2026-04-17 10:05:07 -04:00
Joseph Doherty
9b2acfe699 Add OtOpcUa implementation corrections (2026-04-17) capturing mismatches between the otopcua-handoff and the v2 design work in lmxopcua/docs/v2/: 2 framing inaccuracies (native-OPC-UA-needs-no-driver, single-endpoint-per-cluster), 3 missing constraints (namespace ACLs not yet planned in the data path, schemas-repo dependencies blocking equipment-class templates, per-node ApplicationUri trust-pinning as a pre-cutover certificate-distribution step), 6 architectural decisions to revisit (driver list committed pre-survey, Tier A/B/C process-isolation model with Galaxy + FOCAS out-of-process, Polly v8+ resilience, 5-identifier equipment model with MachineCode/ZTag/SAPID alongside UUID, missing tier 1/2/3 consumer cutover plan, per-building cluster pattern interactions at Warsaw), 4 resolved TBDs (pilot class = FANUC CNC, schemas-repo format = JSON Schema, ACL location = central config DB co-located with topology, enterprise shortname still unresolved), and 4 new TBDs (UUID-generation authority, System Platform IO Aveva-pattern validation as Year 1/2 research, multi-cluster site addressing at Warsaw, cluster-endpoint mental model). Format follows the handoff's Sending-Corrections-Back protocol (what plan says / what was found / what plan should say). 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-17 09:54:36 -04:00
Joseph Doherty
8428b7c186 Fix ScadaBridge accuracy per design repo review 
Corrections:
- Notifications: email only, not Teams. Design repo documents SMTP/OAuth2
  email only; Teams was incorrectly claimed. Corrected in current-state.md
  and legacy-integrations.md (LEG-003).
- EventHub/Kafka forwarding: committed but not yet implemented. Clarified
  as a Year 1 ScadaBridge Extensions deliverable, not an existing capability.

Additions from design repo (previously undocumented):
- Dual transport (Akka.NET ClusterClient + gRPC server-streaming)
- Split-brain resolver (keep-oldest, 15s stability, ~25s failover)
- Staggered batch startup (20 instances at a time)
- Central UI: Blazor Server with LDAP/AD, JWT sessions, SignalR debug
- Comprehensive synchronous audit logging (JSON after-state)
- Three-phase deployment process with rollback
- Site-level SQLite (flattened config, not full SQL Server)
- Supervision detail: OneForOneStrategy, Resume/Stop per actor type
 2026-04-17 09:30:22 -04:00
Joseph Doherty
fc3e19fde1 Add OtOpcUa implementation handoff document 
Self-contained extract of all OtOpcUa design material from the plan:
architecture context, LmxOpcUa starting point, two namespaces, driver
strategy, deployment, auth, rollout tiers, UNS hierarchy, canonical
model integration, digital twin touchpoints, sites, roadmap, and all
open TBDs. Includes correction-submission protocol for the implementing
agent.
 2026-04-17 09:21:25 -04:00
Joseph Doherty
d89c23a659 Add ScadaBridge design repo link (repo name: scadalink-design) 2026-04-17 09:15:33 -04:00
Joseph Doherty
f46a9da0d8 Add links document with LmxOpcUa repo reference 2026-04-17 09:14:59 -04:00
Joseph Doherty
fcd8d24d60 Add README with plan overview, architecture, and document index 2026-04-17 09:13:50 -04:00
Joseph Doherty
ec1dfe59e4 Initial commit: 3-year shopfloor IT/OT transformation plan 
Core plan: current-state, goal-state (layered architecture, OtOpcUa,
Redpanda EventHub, SnowBridge, canonical model, UNS posture + naming
hierarchy, digital twin use cases absorbed), roadmap (7 workstreams x 3
years), and status bookmark.

Component detail files: legacy integrations inventory (3 integrations,
pillar 3 denominator closed), equipment protocol survey template (dual
mandate with UNS hierarchy snapshot), digital twin management brief
(conversation complete, outcome recorded).

Output generation pipeline: specs for 18-slide mixed-stakeholder PPTX
and faithful-typeset PDF, with README, design doc, and implementation
plan. No generated outputs yet — deferred until source data is stable.
 2026-04-17 09:12:35 -04:00