From c1043569f67c4d6f5826f84089ceaff542bf22a1 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Tue, 16 Jun 2026 07:24:57 -0400 Subject: [PATCH] =?UTF-8?q?docs(deployment):=20reconcile=20delete-from-Not?= =?UTF-8?q?Deployed=20=E2=80=94=20spec=20matrix=20now=20matches=20delibera?= =?UTF-8?q?te=20code=20(#31,=20M2.17)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git blame shows commit 1d5465f3 deliberately added NotDeployed to CanDelete so an undeployed instance can have its orphan record fully removed. Code + tests already permit it; the spec matrix said 'No'. Per M2.17, reconcile doc→code (not the reverse): matrix now reads 'Delete from Not deployed = Yes (removes the orphan record)' with a note, and CanDelete carries a remark citing the rationale + origin commit. --- docs/requirements/Component-DeploymentManager.md | 9 ++++++++- .../StateTransitionValidator.cs | 8 ++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/requirements/Component-DeploymentManager.md b/docs/requirements/Component-DeploymentManager.md index 637c1b21..50bf6f79 100644 --- a/docs/requirements/Component-DeploymentManager.md +++ b/docs/requirements/Component-DeploymentManager.md @@ -84,7 +84,14 @@ All mutating operations on a single instance (deploy, disable, enable, delete) s |---------------|--------|---------|--------|--------| | Enabled | Yes | Yes | No (already enabled) | Yes | | Disabled | Yes (enables on apply) | No (already disabled) | Yes | Yes | -| Not deployed | Yes (initial deploy) | No | No | No | +| Not deployed | Yes (initial deploy) | No | No | Yes (removes the orphan record) | + +> **Delete from Not deployed:** permitted so an instance that was previously +> undeployed (state `NotDeployed`) can have its record fully removed — +> deployment history, snapshot, attribute/alarm overrides, and connection +> bindings — rather than lingering as an unremovable orphan. There is no live +> site configuration to tear down in this state, so the delete is a +> central-side record cleanup (no site round-trip required). ## System-Wide Artifact Deployment Failure Handling diff --git a/src/ZB.MOM.WW.ScadaBridge.DeploymentManager/StateTransitionValidator.cs b/src/ZB.MOM.WW.ScadaBridge.DeploymentManager/StateTransitionValidator.cs index 84e91163..c12d4886 100644 --- a/src/ZB.MOM.WW.ScadaBridge.DeploymentManager/StateTransitionValidator.cs +++ b/src/ZB.MOM.WW.ScadaBridge.DeploymentManager/StateTransitionValidator.cs @@ -37,6 +37,14 @@ public static class StateTransitionValidator /// Returns true when a delete operation is allowed from the given state. /// The current instance state. /// if delete is permitted; otherwise . + /// + /// Delete is allowed from by design: an + /// undeployed instance would otherwise linger as an unremovable orphan record. + /// Delete from NotDeployed is a central-side record cleanup (no live site + /// config to tear down). This matches the state-transition matrix in + /// Component-DeploymentManager.md ("Delete from Not deployed = Yes") — reconciled + /// in M2.17 (#31); the deliberate behaviour was introduced in commit 1d5465f3. + /// public static bool CanDelete(InstanceState currentState) => currentState is InstanceState.NotDeployed or InstanceState.Enabled or InstanceState.Disabled;