Phase 1 Streams B–E scaffold + Phase 2 Streams A–C scaffold — 8 new projects with ~70 new tests, all green alongside the 494 v1 IntegrationTests baseline (parity preserved: no v1 tests broken; legacy OtOpcUa.Host untouched). Phase 1 finish: Configuration project (16 entities + 10 enums + DbContext + DesignTimeDbContextFactory + InitialSchema/StoredProcedures/AuthorizationGrants migrations — 8 procs including sp_PublishGeneration with MERGE on ExternalIdReservation per decision #124, sp_RollbackToGeneration cloning rows into a new published generation, sp_ValidateDraft with cross-cluster-namespace + EquipmentUuid-immutability + ZTag/SAPID reservation pre-flight, sp_ComputeGenerationDiff with CHECKSUM-based row signature — plus OtOpcUaNode/OtOpcUaAdmin SQL roles with EXECUTE grants scoped to per-principal-class proc sets and DENY UPDATE/DELETE/INSERT/SELECT on dbo schema); managed DraftValidator covering UNS segment regex, path length, EquipmentUuid immutability across generations, same-cluster namespace binding (decision #122), reservation pre-flight, EquipmentId derivation (decision #125), driver↔namespace compatibility — returning every failing rule in one pass; LiteDB local cache with round-trip + ring pruning + corruption-fast-fail; GenerationApplier with per-entity Added/Removed/Modified diff and dependency-ordered callbacks (namespace → driver → device → equipment → poll-group → tag, Removed before Added); Core project with GenericDriverNodeManager (scaffold for the Phase 2 Galaxy port) and DriverHost lifecycle registry; Server project using Microsoft.Extensions.Hosting BackgroundService replacing TopShelf, with NodeBootstrap that falls back to LiteDB cache when the central DB is unreachable (decision #79); Admin project scaffolded as Blazor Server with Bootstrap 5 sidebar layout, cookie auth, three admin roles (ConfigViewer/ConfigEditor/FleetAdmin), Cluster + Generation services fronting the stored procs. Phase 2 scaffold: Driver.Galaxy.Shared (netstandard2.0) with full MessagePack IPC contract surface — Hello version negotiation, Open/CloseSession, Heartbeat, DiscoverHierarchy + GalaxyObjectInfo/GalaxyAttributeInfo, Read/WriteValues, Subscribe/Unsubscribe/OnDataChange, AlarmSubscribe/Event/Ack, HistoryRead, HostConnectivityStatus, Recycle — plus length-prefixed framing (decision #28) with a 16 MiB cap and thread-safe FrameWriter/FrameReader; Driver.Galaxy.Host (net48) implementing the Tier C cross-cutting protections from driver-stability.md — strict PipeAcl (allow configured server SID only, explicit deny on LocalSystem + Administrators), PipeServer with caller-SID verification via pipe.RunAsClient + WindowsIdentity.GetCurrent and per-process shared-secret Hello, Galaxy-specific MemoryWatchdog (warn at max(1.5×baseline, +200 MB), soft-recycle at max(2×baseline, +200 MB), hard ceiling 1.5 GB, slope ≥5 MB/min over 30-min rolling window), RecyclePolicy (1 soft recycle per hour cap + 03:00 local daily scheduled), PostMortemMmf (1000-entry ring buffer in %ProgramData%\OtOpcUa\driver-postmortem\galaxy.mmf, survives hard crash, readable cross-process), MxAccessHandle : SafeHandle (ReleaseHandle loops Marshal.ReleaseComObject until refcount=0 then calls optional unregister callback), StaPump with responsiveness probe (BlockingCollection dispatcher for Phase 1 — real Win32 GetMessage/DispatchMessage pump slots in with the same semantics when the Galaxy code lift happens), IsExternalInit shim for init setters on .NET 4.8; Driver.Galaxy.Proxy (net10) implementing IDriver + ITagDiscovery forwarding over the IPC channel with MX data-type and security-classification mapping, plus Supervisor pieces — Backoff (5s → 15s → 60s capped, reset-on-stable-run), CircuitBreaker (3 crashes per 5 min opens; 1h → 4h → manual cooldown escalation; sticky alert doesn't auto-clear), HeartbeatMonitor (2s cadence, 3 consecutive misses = host dead per driver-stability.md). Infrastructure: docker SQL Server remapped to host port 14330 to coexist with the native MSSQL14 Galaxy ZB DB instance on 1433; NuGetAuditSuppress applied per-project for two System.Security.Cryptography.Xml advisories that only reach via EF Core Design with PrivateAssets=all (fix ships in 11.0.0-preview); .slnx gains 14 project registrations. Deferred with explicit TODOs in docs/v2/implementation/phase-2-partial-exit-evidence.md: Phase 1 Stream E Admin UI pages (Generations listing + draft-diff-publish, Equipment CRUD with OPC 40010 fields, UNS Areas/Lines tabs, ACLs + permission simulator, Generic JSON config editor, SignalR real-time, Release-Reservation + Merge-Equipment workflows, LDAP login page, AppServer smoke test per decision #142), Phase 2 Stream D (Galaxy MXAccess code lift out of legacy OtOpcUa.Host, dual-service installer, appsettings → DriverConfig migration script, legacy Host deletion — blocked by parity), Phase 2 Stream E (v1 IntegrationTests against v2 topology, Client.CLI walkthrough diff, four 2026-04-13 stability findings regression tests, adversarial review — requires live MXAccess runtime).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ApplyCallbacks.cs

@@ -0,0 +1,19 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
+
+/// <summary>
+///     Host-supplied callbacks invoked as the applier walks the diff. Callbacks are idempotent on
+///     retry (the applier may re-invoke with the same inputs if a later stage fails — nodes
+///     register-applied to the central DB only after success). Order: namespace → driver → device →
+///     equipment → poll group → tag, with Removed before Added/Modified.
+/// </summary>
+public sealed class ApplyCallbacks
+{
+    public Func<EntityChange<Namespace>, CancellationToken, Task>? OnNamespace { get; init; }
+    public Func<EntityChange<DriverInstance>, CancellationToken, Task>? OnDriver { get; init; }
+    public Func<EntityChange<Device>, CancellationToken, Task>? OnDevice { get; init; }
+    public Func<EntityChange<Equipment>, CancellationToken, Task>? OnEquipment { get; init; }
+    public Func<EntityChange<PollGroup>, CancellationToken, Task>? OnPollGroup { get; init; }
+    public Func<EntityChange<Tag>, CancellationToken, Task>? OnTag { get; init; }
+}

src/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ChangeKind.cs

@@ -0,0 +1,8 @@
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
+
+public enum ChangeKind
+{
+    Added,
+    Removed,
+    Modified,
+}

src/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs

@@ -0,0 +1,48 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
+
+public sealed class GenerationApplier(ApplyCallbacks callbacks) : IGenerationApplier
+{
+    public async Task<ApplyResult> ApplyAsync(DraftSnapshot? from, DraftSnapshot to, CancellationToken ct)
+    {
+        var diff = GenerationDiffer.Compute(from, to);
+        var errors = new List<string>();
+
+        // Removed first, then Added/Modified — prevents FK dangling while cascades settle.
+        await ApplyPass(diff.Tags, ChangeKind.Removed, callbacks.OnTag, errors, ct);
+        await ApplyPass(diff.PollGroups, ChangeKind.Removed, callbacks.OnPollGroup, errors, ct);
+        await ApplyPass(diff.Equipment, ChangeKind.Removed, callbacks.OnEquipment, errors, ct);
+        await ApplyPass(diff.Devices, ChangeKind.Removed, callbacks.OnDevice, errors, ct);
+        await ApplyPass(diff.Drivers, ChangeKind.Removed, callbacks.OnDriver, errors, ct);
+        await ApplyPass(diff.Namespaces, ChangeKind.Removed, callbacks.OnNamespace, errors, ct);
+
+        foreach (var kind in new[] { ChangeKind.Added, ChangeKind.Modified })
+        {
+            await ApplyPass(diff.Namespaces, kind, callbacks.OnNamespace, errors, ct);
+            await ApplyPass(diff.Drivers, kind, callbacks.OnDriver, errors, ct);
+            await ApplyPass(diff.Devices, kind, callbacks.OnDevice, errors, ct);
+            await ApplyPass(diff.Equipment, kind, callbacks.OnEquipment, errors, ct);
+            await ApplyPass(diff.PollGroups, kind, callbacks.OnPollGroup, errors, ct);
+            await ApplyPass(diff.Tags, kind, callbacks.OnTag, errors, ct);
+        }
+
+        return errors.Count == 0 ? ApplyResult.Ok(diff) : ApplyResult.Fail(diff, errors);
+    }
+
+    private static async Task ApplyPass<T>(
+        IReadOnlyList<EntityChange<T>> changes,
+        ChangeKind kind,
+        Func<EntityChange<T>, CancellationToken, Task>? callback,
+        List<string> errors,
+        CancellationToken ct)
+    {
+        if (callback is null) return;
+
+        foreach (var change in changes.Where(c => c.Kind == kind))
+        {
+            try { await callback(change, ct); }
+            catch (Exception ex) { errors.Add($"{typeof(T).Name} {change.Kind} '{change.LogicalId}': {ex.Message}"); }
+        }
+    }
+}

src/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationDiff.cs

@@ -0,0 +1,70 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
+using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
+
+/// <summary>
+///     Per-entity diff computed locally on the node. The enumerable order matches the dependency
+///     order expected by <see cref="IGenerationApplier"/>: namespace → driver → device → equipment →
+///     poll group → tag → ACL, with Removed processed before Added inside each bucket so cascades
+///     settle before new rows appear.
+/// </summary>
+public sealed record GenerationDiff(
+    IReadOnlyList<EntityChange<Namespace>> Namespaces,
+    IReadOnlyList<EntityChange<DriverInstance>> Drivers,
+    IReadOnlyList<EntityChange<Device>> Devices,
+    IReadOnlyList<EntityChange<Equipment>> Equipment,
+    IReadOnlyList<EntityChange<PollGroup>> PollGroups,
+    IReadOnlyList<EntityChange<Tag>> Tags);
+
+public sealed record EntityChange<T>(ChangeKind Kind, string LogicalId, T? From, T? To);
+
+public static class GenerationDiffer
+{
+    public static GenerationDiff Compute(DraftSnapshot? from, DraftSnapshot to)
+    {
+        from ??= new DraftSnapshot { GenerationId = 0, ClusterId = to.ClusterId };
+
+        return new GenerationDiff(
+            Namespaces: DiffById(from.Namespaces, to.Namespaces, x => x.NamespaceId,
+                (a, b) => (a.ClusterId, a.NamespaceUri, a.Kind, a.Enabled, a.Notes)
+                      == (b.ClusterId, b.NamespaceUri, b.Kind, b.Enabled, b.Notes)),
+            Drivers: DiffById(from.DriverInstances, to.DriverInstances, x => x.DriverInstanceId,
+                (a, b) => (a.ClusterId, a.NamespaceId, a.Name, a.DriverType, a.Enabled, a.DriverConfig)
+                      == (b.ClusterId, b.NamespaceId, b.Name, b.DriverType, b.Enabled, b.DriverConfig)),
+            Devices: DiffById(from.Devices, to.Devices, x => x.DeviceId,
+                (a, b) => (a.DriverInstanceId, a.Name, a.Enabled, a.DeviceConfig)
+                      == (b.DriverInstanceId, b.Name, b.Enabled, b.DeviceConfig)),
+            Equipment: DiffById(from.Equipment, to.Equipment, x => x.EquipmentId,
+                (a, b) => (a.EquipmentUuid, a.DriverInstanceId, a.UnsLineId, a.Name, a.MachineCode, a.ZTag, a.SAPID, a.Enabled)
+                      == (b.EquipmentUuid, b.DriverInstanceId, b.UnsLineId, b.Name, b.MachineCode, b.ZTag, b.SAPID, b.Enabled)),
+            PollGroups: DiffById(from.PollGroups, to.PollGroups, x => x.PollGroupId,
+                (a, b) => (a.DriverInstanceId, a.Name, a.IntervalMs)
+                      == (b.DriverInstanceId, b.Name, b.IntervalMs)),
+            Tags: DiffById(from.Tags, to.Tags, x => x.TagId,
+                (a, b) => (a.DriverInstanceId, a.DeviceId, a.EquipmentId, a.PollGroupId, a.FolderPath, a.Name, a.DataType, a.AccessLevel, a.WriteIdempotent, a.TagConfig)
+                      == (b.DriverInstanceId, b.DeviceId, b.EquipmentId, b.PollGroupId, b.FolderPath, b.Name, b.DataType, b.AccessLevel, b.WriteIdempotent, b.TagConfig)));
+    }
+
+    private static List<EntityChange<T>> DiffById<T>(
+        IReadOnlyList<T> from, IReadOnlyList<T> to,
+        Func<T, string> id, Func<T, T, bool> equal)
+    {
+        var fromById = from.ToDictionary(id);
+        var toById = to.ToDictionary(id);
+        var result = new List<EntityChange<T>>();
+
+        foreach (var (logicalId, src) in fromById.Where(kv => !toById.ContainsKey(kv.Key)))
+            result.Add(new(ChangeKind.Removed, logicalId, src, default));
+
+        foreach (var (logicalId, dst) in toById)
+        {
+            if (!fromById.TryGetValue(logicalId, out var src))
+                result.Add(new(ChangeKind.Added, logicalId, default, dst));
+            else if (!equal(src, dst))
+                result.Add(new(ChangeKind.Modified, logicalId, src, dst));
+        }
+
+        return result;
+    }
+}

src/ZB.MOM.WW.OtOpcUa.Configuration/Apply/IGenerationApplier.cs

@@ -0,0 +1,23 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
+
+/// <summary>
+///     Applies a <see cref="GenerationDiff"/> to whatever backing runtime the node owns: the OPC UA
+///     address space, driver subscriptions, the local cache, etc. The Core project wires concrete
+///     callbacks into this via <see cref="ApplyCallbacks"/> so the Configuration project stays free
+///     of a Core/Server dependency (interface independence per decision #59).
+/// </summary>
+public interface IGenerationApplier
+{
+    Task<ApplyResult> ApplyAsync(DraftSnapshot? from, DraftSnapshot to, CancellationToken ct);
+}
+
+public sealed record ApplyResult(
+    bool Succeeded,
+    GenerationDiff Diff,
+    IReadOnlyList<string> Errors)
+{
+    public static ApplyResult Ok(GenerationDiff diff) => new(true, diff, []);
+    public static ApplyResult Fail(GenerationDiff diff, IReadOnlyList<string> errors) => new(false, diff, errors);
+}