dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(review): full code-review remediation — 5 High + Medium/Low across 16 modules

Browse Source 
Remediation from the full per-module code review at 4307c381 (findings recorded
separately in code-reviews/).

Highs fixed:
- DeploymentManager-025/SiteRuntime-031: stop broadcasting notification lists + SMTP
  configs (incl. credentials) to sites; site purges already-persisted rows on apply
  (enforces the central-only delivery design; clears plaintext SMTP creds at rest).
- DataConnectionLayer-023: guard the native-alarm subscribe path against the
  mid-flight-unsubscribe adapter-feed leak (mirrors the DCL-021 tag-path fix).
- SiteEventLogging-024: normalize From/To query bounds to UTC (the -016 fix the
  audit trail claimed but never committed).
- KpiHistory-001: add an in-flight guard to the recorder sample tick.
- ScriptAnalysis-001: harden the trust analyzer's TPA-absent fallback (resolve
  forbidden anchors in the minimal reference set; warn on degraded mode) — anchors
  added to validation references only, never the compile gate.
(InboundAPI-026 left to the feat/ipsen-movein effort per owner decision.)

Medium/Low: DM-026 deterministic deploy-status tiebreaker; SR-027/028/029/030
native-alarm leak/phantom-active/delete-during-redeploy fixes; AL-013/014/016;
TE-024 (folder-mutation audit rows now persisted)/025; SF-025 gauge-provider
clear-on-stop; ESG-025/026; SEC-023/024/025; SCA-007/008/009; plus doc/test
accuracy COM-023/024, HOST-025/026, HM-024/025, NS-027/028.

Full-solution build 0 warnings; ~3560 tests across 18 touched suites green.
This commit is contained in:
Joseph Doherty
2026-06-20 17:55:12 -04:00
parent 4307c38117
commit fd618cf1dc
52 changed files with 2239 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.SiteRuntime/Messages/NativeAlarmDropped.cs
+23
View File
@@ -0,0 +1,23 @@
namespace ZB.MOM.WW.ScadaBridge.SiteRuntime.Messages;
/// <summary>
/// SiteRuntime-027: terminal-drop signal sent from a <c>NativeAlarmActor</c> to its
/// parent <c>InstanceActor</c> when a native condition leaves the mirror for good —
/// the snapshot-swap removal, the live-transition retention drop
/// (<c>inactive &amp;&amp; acknowledged</c>), and the cap eviction. The parent removes the
/// condition's key (<see cref="SourceReference"/>) from its <c>_latestAlarmEvents</c>
/// map so the per-instance map and every DebugView snapshot do not accumulate one
/// permanently-retained (Normal) entry per distinct native condition the instance has
/// ever seen.
///
/// The actor still emits the condition's return-to-normal <c>AlarmStateChanged</c>
/// (so central/UI see it clear) immediately BEFORE this drop signal; only the
/// stale-key retention in <c>_latestAlarmEvents</c> is what this evicts. Computed-alarm
/// keys are configuration-bounded and are never dropped this way.
/// </summary>
/// <param name="SourceReference">
/// The native condition's source reference — the same value used as the
/// <c>AlarmStateChanged.AlarmName</c> key for native alarms, so the parent can remove
/// the matching <c>_latestAlarmEvents</c> entry.
/// </param>
public sealed record NativeAlarmDropped(string SourceReference);