fix(comm): route Search/Verify/WriteTag commands through SiteCommunicationActor + DeploymentManager (M7 end-to-end)

src/ZB.MOM.WW.ScadaBridge.Communication/Actors/SiteCommunicationActor.cs

@@ -161,6 +161,22 @@ public class SiteCommunicationActor : ReceiveActor, IWithTimers
         // children holding the live OPC UA sessions.
         Receive<ReadTagValuesCommand>(msg => _deploymentManagerProxy.Forward(msg));
 
+        // OPC UA tag-picker address-space search (T15) and secured-write execute
+        // (T14) — same singleton routing rationale as BrowseNodeCommand above: the
+        // DataConnectionActor children that own the live OPC UA sessions exist only
+        // on the singleton's (active) node, so these must hop through the Deployment
+        // Manager proxy too. Without these forwards the commands dead-letter and the
+        // central Ask times out. Forward preserves the central Ask sender so the
+        // result routes straight back to the waiting Ask.
+        Receive<SearchAddressSpaceCommand>(msg => _deploymentManagerProxy.Forward(msg));
+        Receive<Commons.Messages.DataConnection.WriteTagRequest>(msg => _deploymentManagerProxy.Forward(msg));
+
+        // OPC UA endpoint Verify (T17) — probes a (possibly unsaved) endpoint config
+        // WITHOUT persisting it. The Deployment Manager singleton's dcl-manager runs
+        // the probe directly (no existing connection required), so — like the
+        // commands above — Verify routes through the singleton's active node.
+        Receive<VerifyEndpointCommand>(msg => _deploymentManagerProxy.Forward(msg));
+
         // OPC UA server-certificate trust management (T17 / D6) — forward to the
         // Deployment Manager singleton, which owns the cross-node trust broadcast.
         // The trusted-peer PKI store is node-wide per site node, so a trust/remove