Phase 6.1 Stream A.3 complete — wire CapabilityInvoker into DriverNodeManager dispatch end-to-end

Every OnReadValue / OnWriteValue now routes through the process-singleton
DriverResiliencePipelineBuilder's CapabilityInvoker. Read / Write dispatch
paths gain timeout + per-capability retry + per-(driver, host) circuit breaker
+ bulkhead without touching the individual driver implementations.

Wiring:
- OpcUaApplicationHost: new optional DriverResiliencePipelineBuilder ctor
  parameter (default null → instance-owned builder). Keeps the 3 test call
  sites that construct OpcUaApplicationHost directly unchanged.
- OtOpcUaServer: requires the builder in its ctor; constructs one
  CapabilityInvoker per driver at CreateMasterNodeManager time with default
  Tier A DriverResilienceOptions. TODO: Stream B.1 will wire real per-driver-
  type tiers via DriverTypeRegistry; Phase 6.1 follow-up will read the
  DriverInstance.ResilienceConfig JSON column for per-instance overrides.
- DriverNodeManager: takes a CapabilityInvoker in its ctor. OnReadValue wraps
  the driver's ReadAsync through ExecuteAsync(DriverCapability.Read, hostName,
  ...); OnWriteValue wraps WriteAsync through ExecuteWriteAsync(hostName,
  isIdempotent, ...) where isIdempotent comes from the new
  _writeIdempotentByFullRef map populated at Variable() registration from
  DriverAttributeInfo.WriteIdempotent.

HostName defaults to driver.DriverInstanceId for now — a single-host pipeline
per driver. Multi-host drivers (Modbus with N PLCs) will expose their own per-
call host resolution in a follow-up so failing PLCs can trip per-PLC breakers
without poisoning siblings (decision #144).

Test fixup:
- FlakeyDriverIntegrationTests.Read_SurfacesSuccess_AfterTransientFailures:
  bumped TimeoutSeconds=2 → 30. 10 retries at exponential backoff with jitter
  can exceed 2s under parallel-test-run CPU pressure; the test asserts retry
  behavior, not timeout budget, so the longer slack keeps it deterministic.

Full solution dotnet test: 948 passing. Pre-existing Client.CLI Subscribe
flake unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/ZB.MOM.WW.OtOpcUa.Server/OpcUa/DriverNodeManager.cs

@@ -3,6 +3,7 @@ using Microsoft.Extensions.Logging;
 using Opc.Ua;
 using Opc.Ua.Server;
 using ZB.MOM.WW.OtOpcUa.Core.Abstractions;
+using ZB.MOM.WW.OtOpcUa.Core.Resilience;
 using ZB.MOM.WW.OtOpcUa.Server.Security;
 using DriverWriteRequest = ZB.MOM.WW.OtOpcUa.Core.Abstractions.WriteRequest;
 // Core.Abstractions defines a type-named HistoryReadResult (driver-side samples + continuation
@@ -33,8 +34,14 @@ public sealed class DriverNodeManager : CustomNodeManager2, IAddressSpaceBuilder
     private readonly IDriver _driver;
     private readonly IReadable? _readable;
     private readonly IWritable? _writable;
+    private readonly CapabilityInvoker _invoker;
     private readonly ILogger<DriverNodeManager> _logger;
 
+    // Per-variable idempotency flag populated during Variable() registration from
+    // DriverAttributeInfo.WriteIdempotent. Drives ExecuteWriteAsync's retry gating in
+    // OnWriteValue; absent entries default to false (decisions #44, #45, #143).
+    private readonly Dictionary<string, bool> _writeIdempotentByFullRef = new(StringComparer.OrdinalIgnoreCase);
+
     /// <summary>The driver whose address space this node manager exposes.</summary>
     public IDriver Driver => _driver;
 
@@ -53,12 +60,13 @@ public sealed class DriverNodeManager : CustomNodeManager2, IAddressSpaceBuilder
     private FolderState _currentFolder = null!;
 
     public DriverNodeManager(IServerInternal server, ApplicationConfiguration configuration,
-        IDriver driver, ILogger<DriverNodeManager> logger)
+        IDriver driver, CapabilityInvoker invoker, ILogger<DriverNodeManager> logger)
         : base(server, configuration, namespaceUris: $"urn:OtOpcUa:{driver.DriverInstanceId}")
     {
         _driver = driver;
         _readable = driver as IReadable;
         _writable = driver as IWritable;
+        _invoker = invoker;
         _logger = logger;
     }
 
@@ -148,6 +156,7 @@ public sealed class DriverNodeManager : CustomNodeManager2, IAddressSpaceBuilder
             AddPredefinedNode(SystemContext, v);
             _variablesByFullRef[attributeInfo.FullName] = v;
             _securityByFullRef[attributeInfo.FullName] = attributeInfo.SecurityClass;
+            _writeIdempotentByFullRef[attributeInfo.FullName] = attributeInfo.WriteIdempotent;
 
             v.OnReadValue = OnReadValue;
             v.OnWriteValue = OnWriteValue;
@@ -188,7 +197,11 @@ public sealed class DriverNodeManager : CustomNodeManager2, IAddressSpaceBuilder
         try
         {
             var fullRef = node.NodeId.Identifier as string ?? "";
-            var result = _readable.ReadAsync([fullRef], CancellationToken.None).GetAwaiter().GetResult();
+            var result = _invoker.ExecuteAsync(
+                DriverCapability.Read,
+                _driver.DriverInstanceId,
+                async ct => (IReadOnlyList<DataValueSnapshot>)await _readable.ReadAsync([fullRef], ct).ConfigureAwait(false),
+                CancellationToken.None).AsTask().GetAwaiter().GetResult();
             if (result.Count == 0)
             {
                 statusCode = StatusCodes.BadNoData;
@@ -381,9 +394,15 @@ public sealed class DriverNodeManager : CustomNodeManager2, IAddressSpaceBuilder
 
         try
         {
-            var results = _writable.WriteAsync(
-                [new DriverWriteRequest(fullRef!, value)],
-                CancellationToken.None).GetAwaiter().GetResult();
+            var isIdempotent = _writeIdempotentByFullRef.GetValueOrDefault(fullRef!, false);
+            var capturedValue = value;
+            var results = _invoker.ExecuteWriteAsync(
+                _driver.DriverInstanceId,
+                isIdempotent,
+                async ct => (IReadOnlyList<WriteResult>)await _writable.WriteAsync(
+                    [new DriverWriteRequest(fullRef!, capturedValue)],
+                    ct).ConfigureAwait(false),
+                CancellationToken.None).AsTask().GetAwaiter().GetResult();
             if (results.Count > 0 && results[0].StatusCode != 0)
             {
                 statusCode = results[0].StatusCode;