Integrate OtOpcUa v2 implementation corrections into plan
19 corrections from handoffs/otopcua-corrections-2026-04-17.md:
Inaccuracies fixed:
- A1: OPC UA-native equipment requires OpcUaClient gateway driver (~hours
config), not "no driver build"
- A2: "single endpoint" is per-node (non-transparent redundancy), not
per-cluster; no VIP planned
Missing constraints added:
- B1: ACL surface (EquipmentAcl table, Admin UI, NodeManager enforcement)
as Year 1 deliverable before Tier 1 cutover
- B2: schemas-repo creation on OtOpcUa critical path with FANUC CNC pilot
- B3: Certificate-distribution as pre-cutover step (per-node ApplicationUri
trust-pinning)
Architectural decisions incorporated:
- C1: 8 committed core drivers (added TwinCAT/Beckhoff, split AB Legacy)
- C2: Three-tier driver stability model (A/B/C with out-of-process for
Galaxy and FOCAS)
- C3: Polly v8+ resilience with default-no-retry on writes
- C4: Multi-identifier equipment model (5 IDs: UUID, EquipmentId,
MachineCode, ZTag, SAPID)
- C5: Consumer cutover plan needs an owner (flagged)
- C6: Per-building cluster implications at Warsaw clarified
TBDs resolved:
- D1: Pilot equipment class = FANUC CNC
- D2: Schemas repo format = JSON Schema (.json), Protobuf derived
- D3: ACL definitions in central config DB alongside driver/topology
- D4: Enterprise shortname still unresolved (flagged as pre-cutover blocker)
New TBDs added:
- E1: UUID generation authority (OtOpcUa vs external system)
- E2: Aveva System Platform IO pattern validation (Year 1/2 research)
- E3: Site-wide vs per-cluster consumer addressing at Warsaw
- E4: Cluster endpoint wording (resolved via A2)
Joseph Doherty
68dbc014da