diff --git a/.github/workflows/v2-ci.yml b/.github/workflows/v2-ci.yml
new file mode 100644
index 0000000..233f048
--- /dev/null
+++ b/.github/workflows/v2-ci.yml
@@ -0,0 +1,70 @@
+# CI for the v2 branch — runs on every push + PR to the v2-akka-fuse / master
+# branches. Layered into three jobs:
+# build dotnet restore + build (fast feedback on compile errors)
+# unit-tests every v2 unit-test project
+# integration 2-node Host.IntegrationTests harness
+#
+# Skips E2E (Category=E2E) — that runs nightly via v2-e2e.yml against the full
+# four-node docker-dev stack.
+#
+# Compatible with both GitHub Actions and Gitea Actions (act_runner). The .NET 10
+# SDK is pinned via global.json at the repo root; if no global.json exists, the
+# setup-dotnet step falls back to dotnet-version below.
+
+name: v2-ci
+
+on:
+ push:
+ branches: [v2-akka-fuse, master]
+ pull_request:
+ branches: [v2-akka-fuse, master]
+ workflow_dispatch: {}
+
+env:
+ DOTNET_NOLOGO: "1"
+ DOTNET_CLI_TELEMETRY_OPTOUT: "1"
+
+jobs:
+
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 10.0.x
+ - name: dotnet restore
+ run: dotnet restore ZB.MOM.WW.OtOpcUa.slnx
+ - name: dotnet build
+ run: dotnet build ZB.MOM.WW.OtOpcUa.slnx --no-restore --configuration Release
+
+ unit-tests:
+ needs: build
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ project:
+ - tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests
+ - tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests
+ - tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests
+ - tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests
+ - tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 10.0.x
+ - name: dotnet test ${{ matrix.project }}
+ run: dotnet test ${{ matrix.project }} --configuration Release --filter "Category!=E2E"
+
+ integration:
+ needs: build
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 10.0.x
+ - name: dotnet test Host.IntegrationTests
+ run: dotnet test tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests --configuration Release --filter "Category!=E2E"
diff --git a/.github/workflows/v2-e2e.yml b/.github/workflows/v2-e2e.yml
new file mode 100644
index 0000000..6dd9bdf
--- /dev/null
+++ b/.github/workflows/v2-e2e.yml
@@ -0,0 +1,57 @@
+# Nightly E2E job. Runs against the docker-dev four-node fleet (admin-a +
+# admin-b + driver-a + driver-b + SQL + LDAP + Traefik). Trigger:
+# - cron at 03:00 UTC daily
+# - workflow_dispatch from the Actions UI for on-demand runs
+#
+# The E2E test project (tests/Server/ZB.MOM.WW.OtOpcUa.E2ETests) does not yet
+# exist — it lands when the F-series follow-ups F10/F11/F12 wire enough of the
+# SDK/historian/probe so an end-to-end driver round-trip is meaningful. Until
+# then this workflow is a green no-op (the `--filter Category=E2E` matches
+# zero tests, and `dotnet test` returns 0).
+
+name: v2-e2e
+
+on:
+ schedule:
+ - cron: "0 3 * * *"
+ workflow_dispatch: {}
+
+env:
+ DOTNET_NOLOGO: "1"
+ DOTNET_CLI_TELEMETRY_OPTOUT: "1"
+
+jobs:
+
+ e2e:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: actions/setup-dotnet@v4
+ with:
+ dotnet-version: 10.0.x
+
+ - name: dotnet restore
+ run: dotnet restore ZB.MOM.WW.OtOpcUa.slnx
+
+ - name: Build docker-dev fleet
+ run: docker compose -f docker-dev/docker-compose.yml up -d --build
+
+ - name: Wait for cluster
+ run: |
+ for i in $(seq 1 30); do
+ if curl -sf http://localhost/health/active >/dev/null; then
+ echo "Admin leader healthy after ${i}s"
+ exit 0
+ fi
+ sleep 2
+ done
+ echo "Timed out waiting for /health/active"
+ docker compose -f docker-dev/docker-compose.yml logs --tail=200
+ exit 1
+
+ - name: dotnet test (E2E only)
+ run: dotnet test --configuration Release --filter "Category=E2E"
+
+ - name: Tear down
+ if: always()
+ run: docker compose -f docker-dev/docker-compose.yml down -v
diff --git a/Directory.Build.props b/Directory.Build.props
new file mode 100644
index 0000000..9d534b0
--- /dev/null
+++ b/Directory.Build.props
@@ -0,0 +1,18 @@
+
+
+
+ net10.0
+ enable
+ enable
+ latest
+
+
diff --git a/Directory.Packages.props b/Directory.Packages.props
new file mode 100644
index 0000000..35ccaa6
--- /dev/null
+++ b/Directory.Packages.props
@@ -0,0 +1,103 @@
+
+
+
+ true
+
+
+
+
+
+
diff --git a/ZB.MOM.WW.OtOpcUa.slnx b/ZB.MOM.WW.OtOpcUa.slnx
index 49a09fd..124972d 100644
--- a/ZB.MOM.WW.OtOpcUa.slnx
+++ b/ZB.MOM.WW.OtOpcUa.slnx
@@ -2,6 +2,8 @@
-
-
| `cluster.id`, `node.id`, `from_role`, `to_role` | Incremented every time `FleetStatusPoller` observes a `RedundancyRole` change on a `ClusterNode` row. |
-| `otopcua.redundancy.primary_count` | ObservableGauge | `cluster.id` | Primary-role nodes per cluster — should be exactly 1 in nominal state. |
-| `otopcua.redundancy.secondary_count` | ObservableGauge | `cluster.id` | Secondary-role nodes per cluster. |
-| `otopcua.redundancy.stale_count` | ObservableGauge | `cluster.id` | Nodes whose `LastSeenAt` exceeded the stale threshold. |
+Per-node identity comes from `appsettings.json` + the `OTOPCUA_ROLES` env var:
-Admin `Program.cs` wires OpenTelemetry to the Prometheus exporter when `Metrics:Prometheus:Enabled=true` (default), exposing the meter under `/metrics`. The endpoint is intentionally unauthenticated — fleet conventions put it behind a reverse-proxy basic-auth gate if needed.
+```json
+{
+ "Cluster": {
+ "Hostname": "0.0.0.0",
+ "Port": 4053,
+ "PublicHostname": "node-a.lan",
+ "SeedNodes": ["akka.tcp://otopcua@node-a.lan:4053"],
+ "Roles": ["admin", "driver"]
+ }
+}
+```
-## Real-time notifications (Admin UI)
+```
+OTOPCUA_ROLES=admin,driver
+```
-`FleetStatusPoller` in `src/Server/ZB.MOM.WW.OtOpcUa.Admin/Hubs/` polls the `ClusterNode` table, records role transitions, updates `RedundancyMetrics.SetClusterCounts`, and pushes a `RoleChanged` SignalR event onto `FleetStatusHub` when a transition is observed. `RedundancyTab.razor` subscribes with `_hub.On("RoleChanged", …)` so connected Admin sessions see role swaps the moment they happen.
+Both nodes share the same `ConfigDb` connection string; `Cluster.PublicHostname` + `Roles` are what makes them distinct in cluster gossip. The first node bootstraps the cluster (its address goes in `SeedNodes`); the second node joins via the same `SeedNodes` list.
-## Configuring a redundant pair
+There is no longer a `Node:NodeId` setting, no `ClusterNode.RedundancyRole`, no `ServiceLevelBase`. NodeId is derived as `host:port` of the cluster `PublicHostname` (see `ClusterRoleInfo.LocalNode` for the formula).
-Redundancy is configured **in the Config DB, not appsettings.json**. The fields that must differ between the two instances:
+## Split-brain
-| Field | Location | Instance 1 | Instance 2 |
-|---|---|---|---|
-| `NodeId` | `appsettings.json` `Node:NodeId` (bootstrap) | `node-a` | `node-b` |
-| `ClusterNode.ApplicationUri` | Config DB | `urn:node-a:OtOpcUa` | `urn:node-b:OtOpcUa` |
-| `ClusterNode.RedundancyRole` | Config DB | `Primary` | `Secondary` |
-| `ClusterNode.ServiceLevelBase` | Config DB | typically 255 | typically 100 |
+`akka.conf` configures Akka's split-brain resolver with `active-strategy = keep-oldest`, `stable-after = 15s`, and `failure-detector.threshold = 10.0`. Under a clean partition: the oldest member stays up + the smaller (or younger) side downs itself within ~15 seconds. The `RedundancyStateActor` on the surviving partition re-computes from the post-partition `Cluster.State`.
-Shared between instances: `ClusterId`, Config DB connection string, published generation, cluster-level ACLs, UNS hierarchy, driver instances.
-
-Role swaps, stand-alone promotions, and base-level adjustments all happen through the Admin UI `RedundancyTab` — the operator edits the `ClusterNode` row in a draft generation and publishes. `RedundancyCoordinator.RefreshAsync` picks up the new topology without a process restart.
+There is no operator-driven role swap during a partition. Failover is what the cluster does automatically.
## Client-side failover
-The OtOpcUa Client CLI at `src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI` supports `-F` / `--failover-urls` for automatic client-side failover; for long-running subscriptions the CLI monitors session KeepAlive and reconnects to the next available server, recreating the subscription on the new endpoint. See [`Client.CLI.md`](Client.CLI.md) for the command reference.
+The OtOpcUa Client CLI at `src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI` supports `-F` / `--failover-urls` for automatic client-side failover; for long-running subscriptions the CLI monitors session KeepAlive and reconnects to the next available server, recreating the subscription on the new endpoint. See [`Client.CLI.md`](Client.CLI.md).
## Depth reference
-For the full decision trail and implementation plan — topology invariants, peer-probe cadence, recovery-dwell policy, compliance-script guard against enum-value drift — see `docs/v2/plan.md` §Phase 6.3.
+For the full design — message contracts, tiered calculator truth table, recovery semantics — see `docs/plans/2026-05-26-akka-hosting-alignment-design.md` §6.
diff --git a/docs/ServiceHosting.md b/docs/ServiceHosting.md
index 2a28a11..df0ff98 100644
--- a/docs/ServiceHosting.md
+++ b/docs/ServiceHosting.md
@@ -1,62 +1,76 @@
-# Service Hosting
+# Service Hosting (v2)
## Overview
-A production OtOpcUa deployment runs **two or three processes**, each
-with a distinct runtime and install surface:
+A production OtOpcUa deployment runs **one binary per node**, plus the optional Wonderware historian sidecar:
| Process | Project | Runtime | Platform | Responsibility |
|---|---|---|---|---|
-| **OtOpcUa Server** | `src/Server/ZB.MOM.WW.OtOpcUa.Server` | .NET 10 | x64 | Hosts the OPC UA endpoint; loads every driver in-process (Modbus, S7, AbCip, AbLegacy, TwinCAT, FOCAS, OPC UA Client, Galaxy via mxaccessgw); exposes `/healthz`. |
-| **OtOpcUa Admin** | `src/Server/ZB.MOM.WW.OtOpcUa.Admin` | .NET 10 (ASP.NET Core / Blazor Server) | x64 | Operator UI for Config DB editing + fleet status, SignalR hubs (`FleetStatusHub`, `AlertHub`), Prometheus `/metrics`. |
-| **OtOpcUa Wonderware Historian** *(optional)* | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware` | .NET Framework 4.8 | x86 (32-bit) | Out-of-process sidecar exposing the Wonderware Historian SDK over a named pipe. Required only when `Historian:Wonderware:Enabled=true` in `appsettings.json`. |
+| **OtOpcUa Host** | `src/Server/ZB.MOM.WW.OtOpcUa.Host` | .NET 10 | AnyCPU | Single fused binary. `OTOPCUA_ROLES` env decides what to mount: `admin` (Blazor + auth + control-plane singletons), `driver` (OPC UA endpoint + per-driver actors), or both. |
+| **OtOpcUa Wonderware Historian** *(optional)* | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware` | .NET Framework 4.8 | x86 (32-bit) | Out-of-process sidecar exposing the Wonderware Historian SDK over a named pipe. Required only when `Historian:Wonderware:Enabled=true`. |
-Galaxy access uses a separately-installed **mxaccessgw** running out
-of a sibling repo (`c:\Users\dohertj2\Desktop\mxaccessgw\`) — see
-`docs/v2/Galaxy.ParityRig.md` for setup. The mxaccessgw owns the
-MXAccess COM bitness constraint (its worker is x86 net48); nothing
-in the OtOpcUa repo carries that constraint anymore. PR 7.2 retired
-the legacy in-process `Galaxy.Host` / `Galaxy.Proxy` / `Galaxy.Shared`
-projects + the `OtOpcUaGalaxyHost` Windows service.
+Galaxy access still uses the separately-installed **mxaccessgw** sidecar (see `docs/v2/Galaxy.ParityRig.md`); the gateway owns the MXAccess COM bitness constraint (its worker is x86 net48). Nothing in the OtOpcUa repo carries that constraint anymore.
-## OtOpcUa Server
+> **v2 change.** v1's separate `OtOpcUa.Server` + `OtOpcUa.Admin` Windows services merged into a single role-gated `OtOpcUa.Host` binary. Two installers became one (with a `-Roles` parameter). The whole DI graph is composed in `OtOpcUa.Host/Program.cs`; per-role wiring is conditional on the env var.
-Hosted via `Microsoft.Extensions.Hosting` with `AddWindowsService`
-(decision #30 — replaced TopShelf in v2). The host's `Build()`
-returns immediately when launched interactively (e.g. `dotnet run`)
-but blocks for SCM signals when running as a Windows service.
+## Role gating
-In-process drivers are registered at startup in `Program.cs`'s
-`DriverFactoryRegistry` block; the `DriverInstance` rows in the
-central Config DB select which driver factories materialise into
-live `IDriver` instances. See `docs/v2/driver-specs.md` for the
-per-driver `DriverConfig` JSON shapes.
+`Program.cs` reads `OTOPCUA_ROLES`, parses it with `RoleParser`, and conditionally registers services:
-## OtOpcUa Admin
+| Role present | Wires |
+|---|---|
+| `admin` | `AddOtOpcUaAuth`, `AddAdminUI`, `AddSignalR`, `AddOtOpcUaAdminClients`, `MapOtOpcUaAuth`, `MapAdminUI`, `MapOtOpcUaHubs`, `WithOtOpcUaControlPlaneSingletons` (5 admin singletons via `Akka.Hosting`) |
+| `driver` | `WithOtOpcUaRuntimeActors` (DriverHostActor + DbHealthProbeActor) — and the OPC UA endpoint on port 4840 |
+| Either / both | `AddOtOpcUaConfigDb`, `AddOtOpcUaCluster`, `AddOtOpcUaHealth` (`/health/ready`, `/health/active`, `/healthz`) |
-Same hosting model; runs the Blazor Server UI + SignalR hubs.
-Reads from the same Config DB the Server writes to.
+Single-node dev: `OTOPCUA_ROLES=admin,driver`. Production: typically two admin nodes (HA pair) + N driver nodes.
+
+## Akka cluster
+
+The host joins an Akka.NET cluster bound to the address in `appsettings.json::Cluster`:
+
+```json
+{
+ "Cluster": {
+ "Hostname": "0.0.0.0",
+ "Port": 4053,
+ "PublicHostname": "node-a.lan",
+ "SeedNodes": ["akka.tcp://otopcua@node-a.lan:4053"],
+ "Roles": ["admin", "driver"]
+ }
+}
+```
+
+- `WithOtOpcUaClusterBootstrap` (in `OtOpcUa.Cluster`) loads the embedded HOCON (split-brain resolver, pinned dispatcher, failure detector tuning) and overlays remote endpoint + cluster options.
+- All cluster singletons + per-node actors live on this single ActorSystem — there is no second Akka instance.
+
+See [Redundancy.md](Redundancy.md) for the role-leader + ServiceLevel story.
+
+## Health endpoints
+
+Both admin and driver nodes expose:
+
+| Path | Status meaning |
+|---|---|
+| `/healthz` | Process alive. |
+| `/health/ready` | ConfigDb reachable + cluster member state is `Up`. |
+| `/health/active` | Admin-role leader (the node Traefik or an HA LB should route traffic to). |
+
+Used by Traefik for the active-leader-only routing pattern (see [Task 63 traefik docs](v2/Architecture-v2.md) — TODO).
## OtOpcUa Wonderware Historian (optional)
-When `Historian:Wonderware:Enabled=true`, the Server speaks to a
-sidecar that wraps the Wonderware Historian SDK (which is .NET
-Framework only). The pipe IPC contract is in
-`src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/Contracts/`
-and the sidecar's pipe handler lives at
-`src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware/Pipe/`.
-
-Install via the `-InstallWonderwareHistorian` switch on
-`scripts/install/Install-Services.ps1`.
+Unchanged from v1. Pipe IPC contract lives in `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/Contracts/`; sidecar pipe handler in `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware/Pipe/`. Install via `scripts/install/Install-Services.ps1 -InstallWonderwareHistorian`.
## Install / Uninstall
-- `scripts/install/Install-Services.ps1` — installs `OtOpcUa` and
- optionally `OtOpcUaWonderwareHistorian`.
-- `scripts/install/Uninstall-Services.ps1` — stops + removes both,
- plus `OtOpcUaGalaxyHost` if a pre-7.2 rig still carries it.
+- `scripts/install/Install-Services.ps1 -Roles admin,driver` — installs `OtOpcUaHost`. v2 rewrite tracked as plan Task 62.
+- `scripts/install/Uninstall-Services.ps1` — stops + removes the host service (and the historian sidecar if installed).
## Logging
-Serilog with rolling-daily file sinks. Each service writes to
-`%ProgramData%\OtOpcUa\-*.log` plus stdout (NSSM-friendly).
+Serilog with rolling-daily file sinks. Each host writes to `logs/otopcua-*.log` plus stdout (NSSM/systemd-friendly). Per-environment log level overrides go in `appsettings.{Environment}.json`.
+
+## Depth reference
+
+For the full host-architecture rationale (why fused vs. split, role-gating tradeoffs, multi-node deployment shapes), see `docs/plans/2026-05-26-akka-hosting-alignment-design.md` §3-4.
diff --git a/docs/plans/2026-05-26-akka-hosting-alignment-plan.md b/docs/plans/2026-05-26-akka-hosting-alignment-plan.md
index 1359be5..55a60ed 100644
--- a/docs/plans/2026-05-26-akka-hosting-alignment-plan.md
+++ b/docs/plans/2026-05-26-akka-hosting-alignment-plan.md
@@ -464,56 +464,173 @@ Commit: `feat(configdb): persist DataProtection keys in ConfigDb`.
---
-### Task 14: EF migration — drop `ConfigGeneration` and `ClusterNode.RedundancyRole`, add new tables
+### Tasks 14a-14f: Entity-model rewrite + V2HostingAlignment migration
+
+> **Plan rewrite, 2026-05-26**: the original single Task 14 (5-min EF migration) was
+> under-scoped — it only listed the schema drops/adds without addressing the 13+ entities
+> whose foreign keys + indexes are keyed on `GenerationId`. The design doc (§ live-edit
+> model) requires removing `GenerationId` from `Equipment`, `Driver`, `DriverInstance`,
+> `Namespace`, `UnsArea`, `UnsLine`, `Device`, `Tag`, `PollGroup`, `NodeAcl`, `Script`,
+> `VirtualTag`, `ScriptedAlarm` and adding `RowVersion` columns for last-write-wins
+> stale-write detection. That cascades into `GenerationApplier`/`GenerationDiff`/
+> `GenerationSealedCache` and the legacy Server/Admin CRUD services. Policy decision
+> (recorded with the user): the legacy `OtOpcUa.Server` + `OtOpcUa.Admin` projects are
+> allowed to fail-to-compile between Task 14c and Task 56 — only the new v2 projects need
+> to stay green.
+
+#### Task 14a: Add `RowVersion` to live-edit entities
+
+**Classification:** standard
+**Estimated implement time:** ~10 min
+**Parallelizable with:** none (foundation for 14b)
+
+**Files:** every live-edit entity class — `Equipment`, `DriverInstance`, `Device`, `Tag`,
+`PollGroup`, `Namespace`, `UnsArea`, `UnsLine`, `NodeAcl`, `Script`, `VirtualTag`,
+`ScriptedAlarm`. Add `public byte[] RowVersion { get; set; } = Array.Empty();` and a
+`e.Property(x => x.RowVersion).IsRowVersion();` mapping in `OtOpcUaConfigDbContext`.
+
+Commit: `feat(configdb): add RowVersion to live-edit entities for last-write-wins detection`.
+
+---
+
+#### Task 14b: Decouple live-edit entities from `ConfigGeneration`
**Classification:** high-risk
+**Estimated implement time:** ~30 min
+**Parallelizable with:** none
+
+Remove `GenerationId` property, `Generation` navigation property, and the
+`HasOne(x => x.Generation).WithMany().HasForeignKey(x => x.GenerationId)` mapping from each
+of the 13 live-edit entities listed above. Rewrite the `UX__Generation_LogicalId`
+indexes to drop the `GenerationId` column (logical IDs become globally unique). Drop
+`UX_*_Generation_*` filtered indexes where the filter referenced generation scope.
+
+Will break `OtOpcUa.Server` + `OtOpcUa.Admin` compilation — that is accepted (Task 56
+deletes them).
+
+Commit: `refactor(configdb): drop GenerationId FK from live-edit entities`.
+
+---
+
+#### Task 14c: Mark `GenerationApplier` / `GenerationDiff` / `GenerationSealedCache` obsolete
+
+**Classification:** high-risk
+**Estimated implement time:** ~20 min
+**Parallelizable with:** none
+
+`src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/` contains `GenerationApplier.cs`,
+`GenerationDiff.cs`, `ApplyCallbacks.cs`, `ChangeKind.cs`, `IGenerationApplier.cs`. These
+implement the v1 draft/publish lifecycle that v2 replaces with `AdminOperationsActor` +
+`ConfigComposer`.
+
+Inventory callers via `grep -rln 'GenerationApplier\|GenerationDiff' src tests`. Either:
+- Mark types `[Obsolete("Replaced by AdminOperationsActor in v2", error: true)]` so
+ surviving call sites become hard build errors (cleaner; surfaces the Server-breakage),
+- Or delete the files and accept the Server-side build break.
+
+Sweep `GenerationSealedCache` similarly. Keep the LiteDb cache concept (it's repurposed
+in Task 39 for stale-config fallback) but rename references to use `DeploymentArtifact`.
+
+Commit: `refactor(configdb): obsolete GenerationApplier/Diff/SealedCache (replaced by AdminOperationsActor)`.
+
+---
+
+#### Task 14d: Drop `RedundancyRole` from `ClusterNode`
+
+**Classification:** standard
**Estimated implement time:** ~5 min
-**Parallelizable with:** none (depends on Tasks 10-13)
+**Parallelizable with:** none
+
+Remove `ClusterNode.RedundancyRole` property + the
+`e.Property(x => x.RedundancyRole).HasConversion()` mapping + the
+`UX_ClusterNode_Primary_Per_Cluster` filtered unique index from
+`OtOpcUaConfigDbContext.ConfigureClusterNode`. Akka cluster leader-of-driver-role becomes
+the source of truth (Phase 5, Task 35).
+
+Commit: `refactor(configdb): drop ClusterNode.RedundancyRole (replaced by Akka leader)`.
+
+---
+
+#### Task 14e: Delete `ConfigGeneration` + `ClusterNodeGenerationState`
+
+**Classification:** small
+**Estimated implement time:** ~5 min
+**Parallelizable with:** none (depends on 14b clearing the FKs)
+
+Delete `Entities/ConfigGeneration.cs` and `Entities/ClusterNodeGenerationState.cs`. Remove
+the corresponding `DbSet<>` entries and `Configure*` methods from
+`OtOpcUaConfigDbContext`. Drop `GenerationStatus` and `NodeApplyStatus` enums.
+
+Commit: `refactor(configdb): delete ConfigGeneration + ClusterNodeGenerationState`.
+
+---
+
+#### Task 14f: Generate `V2HostingAlignment` EF migration
+
+**Classification:** high-risk
+**Estimated implement time:** ~15 min
+**Parallelizable with:** none (consolidates 14a-14e)
**Files:**
- Create: `src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/_V2HostingAlignment.cs`
- Create: `src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/_V2HostingAlignment.Designer.cs`
-- Modify: `OtOpcUaConfigDbContext.cs` — remove `DbSet` and `DbSet`; remove `ClusterNode.RedundancyRole` property
-- Delete: `src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigGeneration.cs`
-- Delete: `src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNodeGenerationState.cs`
+- Modify: `tests/Core/ZB.MOM.WW.OtOpcUa.Configuration.Tests/SchemaComplianceTests.cs` — update
+ the `expected` table list (remove ConfigGeneration + ClusterNodeGenerationState; add
+ Deployment + NodeDeploymentState + ConfigEdit + DataProtectionKeys).
**Step 1: Generate migration**
-Run: `dotnet ef migrations add V2HostingAlignment --project src/Core/ZB.MOM.WW.OtOpcUa.Configuration --startup-project src/Server/ZB.MOM.WW.OtOpcUa.Host`
+```bash
+dotnet ef migrations add V2HostingAlignment \
+ --project src/Core/ZB.MOM.WW.OtOpcUa.Configuration \
+ --startup-project src/Server/ZB.MOM.WW.OtOpcUa.Host
+```
If `dotnet-ef` isn't installed: `dotnet tool install --global dotnet-ef --version 10.0.7`.
**Step 2: Audit the generated migration** — it should:
-- `DropTable("ConfigGeneration")`
-- `DropTable("ClusterNodeGenerationState")`
+- `DropTable("ConfigGeneration")` and `DropTable("ClusterNodeGenerationState")`
- `DropColumn("RedundancyRole", "ClusterNode")`
-- `CreateTable("Deployment", ...)`
-- `CreateTable("NodeDeploymentState", ...)`
-- `CreateTable("ConfigEdit", ...)`
-- `CreateTable("DataProtectionKeys", ...)`
+- For each of the 13 live-edit tables: `DropForeignKey` on `GenerationId`,
+ `DropIndex` on `UX_*_Generation_LogicalId` (and any `UX_*_Generation_*`), `DropColumn` on
+ `GenerationId`, `AddColumn("RowVersion", "rowversion")`, `CreateIndex` on the new
+ globally-unique logical-id pattern.
+- `CreateTable("Deployment", ...)`, `CreateTable("NodeDeploymentState", ...)`,
+ `CreateTable("ConfigEdit", ...)`, `CreateTable("DataProtectionKeys", ...)`.
-If extra changes appear (e.g., column-type drift), reconcile by editing the entity classes — do not edit the migration directly.
+If extra changes appear (e.g., column-type drift), reconcile by editing the entity classes
+— do not edit the migration directly.
-**Step 3: Verify on a scratch SQL Server**
+**Step 3: Verify on a scratch SQL Server** (per CLAUDE.md, Docker is on the shared host
+`10.100.0.35`, not local).
```bash
-docker run --rm -d --name v2-migration-test -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Pass@word123" -p 14333:1433 mcr.microsoft.com/mssql/server:2022-latest
+# from this Mac dev:
+ssh dohertj2@10.100.0.35 'docker run --rm -d --name v2-migration-test \
+ -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Pass@word123" \
+ -p 14333:1433 mcr.microsoft.com/mssql/server:2022-latest'
# Wait ~10s for SQL Server to start
-ConnectionStrings__ConfigDb="Server=localhost,14333;Database=OtOpcUaV2Test;User Id=sa;Password=Pass@word123;TrustServerCertificate=true" \
- dotnet ef database update --project src/Core/ZB.MOM.WW.OtOpcUa.Configuration --startup-project src/Server/ZB.MOM.WW.OtOpcUa.Host
+ConnectionStrings__ConfigDb="Server=10.100.0.35,14333;Database=OtOpcUaV2Test;User Id=sa;Password=Pass@word123;TrustServerCertificate=true" \
+ dotnet ef database update \
+ --project src/Core/ZB.MOM.WW.OtOpcUa.Configuration \
+ --startup-project src/Server/ZB.MOM.WW.OtOpcUa.Host
+ssh dohertj2@10.100.0.35 'docker exec v2-migration-test /opt/mssql-tools/bin/sqlcmd \
+ -S localhost -U sa -P Pass@word123 -d OtOpcUaV2Test \
+ -Q "SELECT name FROM sys.tables ORDER BY name"'
+ssh dohertj2@10.100.0.35 'docker stop v2-migration-test'
```
-Expected: completes without error. Verify with `docker exec v2-migration-test /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P Pass@word123 -d OtOpcUaV2Test -Q "SELECT name FROM sys.tables ORDER BY name"`.
+Expected: migration completes; sys.tables contains the 4 new tables and not the 2 dropped
+ones; live-edit tables have `RowVersion` column.
-**Step 4: Tear down**
-
-`docker stop v2-migration-test`.
+**Step 4: Update `SchemaComplianceTests`** so its `expected` array matches the new schema.
**Step 5: Commit**
```bash
-git add src/Core/ZB.MOM.WW.OtOpcUa.Configuration/
-git commit -m "feat(configdb): V2HostingAlignment migration — drop ConfigGeneration, add Deployment+NodeDeploymentState+ConfigEdit"
+git add src/Core/ZB.MOM.WW.OtOpcUa.Configuration/ \
+ tests/Core/ZB.MOM.WW.OtOpcUa.Configuration.Tests/SchemaComplianceTests.cs
+git commit -m "feat(configdb): V2HostingAlignment migration — drop generation lifecycle, add deploy tables"
```
---
@@ -1888,7 +2005,12 @@ After Task 65:
| 11 | NodeDeploymentState entity | standard | 5m | 10,12,13 |
| 12 | ConfigEdit entity | small | 4m | 10,11,13 |
| 13 | DataProtection keys | small | 3m | 10-12 |
-| 14 | V2 migration | high-risk | 5m | — |
+| 14a | RowVersion on live-edit entities | standard | 10m | — |
+| 14b | Drop GenerationId FK from entities | high-risk | 30m | — |
+| 14c | Obsolete GenerationApplier/Diff/Cache | high-risk | 20m | — |
+| 14d | Drop ClusterNode.RedundancyRole | standard | 5m | — |
+| 14e | Delete ConfigGeneration + ClusterNodeGenerationState | small | 5m | — |
+| 14f | V2HostingAlignment migration (consolidator) | high-risk | 15m | — |
| 15 | Migrate-To-V2.ps1 | standard | 5m | 16-18 |
| 16 | Common types | standard | 5m | 17,18 |
| 17 | Message contracts | standard | 5m | 16,18 |
diff --git a/docs/plans/2026-05-26-akka-hosting-alignment-plan.md.tasks.json b/docs/plans/2026-05-26-akka-hosting-alignment-plan.md.tasks.json
index f5f6a1e..639022e 100644
--- a/docs/plans/2026-05-26-akka-hosting-alignment-plan.md.tasks.json
+++ b/docs/plans/2026-05-26-akka-hosting-alignment-plan.md.tasks.json
@@ -4,71 +4,98 @@
"designDoc": "docs/plans/2026-05-26-akka-hosting-alignment-design.md",
"lastUpdated": "2026-05-26T00:00:00Z",
"tasks": [
- {"id": 0, "subject": "Task 0: Create branch and central package management", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": []},
- {"id": 1, "subject": "Task 1: Create OtOpcUa.Commons project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [2,3,4,5,6,7,8], "blockedBy": [0]},
- {"id": 2, "subject": "Task 2: Create OtOpcUa.Cluster project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,3,4,5,6,7,8], "blockedBy": [0]},
- {"id": 3, "subject": "Task 3: Create OtOpcUa.Security project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,4,5,6,7,8], "blockedBy": [0]},
- {"id": 4, "subject": "Task 4: Create OtOpcUa.ControlPlane project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,5,6,7,8], "blockedBy": [0]},
- {"id": 5, "subject": "Task 5: Create OtOpcUa.Runtime project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,6,7,8], "blockedBy": [0]},
- {"id": 6, "subject": "Task 6: Create OtOpcUa.OpcUaServer project", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,5,7,8], "blockedBy": [0]},
- {"id": 7, "subject": "Task 7: Create OtOpcUa.AdminUI Razor class library", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,5,6,8], "blockedBy": [0]},
- {"id": 8, "subject": "Task 8: Create OtOpcUa.Host Web SDK project", "status": "pending", "classification": "small", "estMinutes": 5, "parallelizableWith": [1,2,3,4,5,6,7], "blockedBy": [0]},
- {"id": 9, "subject": "Task 9: Build green smoke check", "status": "pending", "classification": "trivial", "estMinutes": 2, "parallelizableWith": [], "blockedBy": [1,2,3,4,5,6,7,8]},
- {"id": 10, "subject": "Task 10: Add Deployment entity", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [11,12,13], "blockedBy": [9]},
- {"id": 11, "subject": "Task 11: Add NodeDeploymentState entity", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [10,12,13], "blockedBy": [9]},
- {"id": 12, "subject": "Task 12: Add ConfigEdit audit entity", "status": "pending", "classification": "small", "estMinutes": 4, "parallelizableWith": [10,11,13], "blockedBy": [9]},
- {"id": 13, "subject": "Task 13: Add DataProtection keys table", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [10,11,12], "blockedBy": [9]},
- {"id": 14, "subject": "Task 14: EF migration V2HostingAlignment", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [10,11,12,13]},
- {"id": 15, "subject": "Task 15: Migrate-To-V2.ps1 idempotent script", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [16,17,18], "blockedBy": [14]},
- {"id": 16, "subject": "Task 16: Common types (CorrelationId, ExecutionId, NodeId, ...)", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [17,18], "blockedBy": [9]},
- {"id": 17, "subject": "Task 17: Akka message contracts", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [16,18], "blockedBy": [16]},
- {"id": 18, "subject": "Task 18: Common interfaces", "status": "pending", "classification": "small", "estMinutes": 4, "parallelizableWith": [16,17], "blockedBy": [16]},
- {"id": 19, "subject": "Task 19: HOCON config", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [20,21,22], "blockedBy": [2]},
- {"id": 20, "subject": "Task 20: AkkaHostedService implementation", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [19,21,22], "blockedBy": [2,18]},
- {"id": 21, "subject": "Task 21: Role parser from OTOPCUA_ROLES env", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [19,20,22], "blockedBy": [2]},
- {"id": 22, "subject": "Task 22: ClusterRoleInfo implementation", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [19,20,21], "blockedBy": [18,20]},
- {"id": 23, "subject": "Task 23: Cluster test project + tests", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [19,20,21,22]},
- {"id": 24, "subject": "Task 24: Move LdapAuthService into OtOpcUa.Security", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [25], "blockedBy": [3]},
- {"id": 25, "subject": "Task 25: JwtTokenService", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [24], "blockedBy": [3]},
- {"id": 26, "subject": "Task 26: Cookie+JWT hybrid AddOtOpcUaAuth extension", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [27,28], "blockedBy": [13,24,25]},
- {"id": 27, "subject": "Task 27: /auth/login, /auth/ping, /auth/token endpoints", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [26,28], "blockedBy": [24,25]},
- {"id": 28, "subject": "Task 28: CookieAuthenticationStateProvider for Blazor", "status": "pending", "classification": "small", "estMinutes": 4, "parallelizableWith": [26,27], "blockedBy": [25]},
- {"id": 29, "subject": "Task 29: Security test project + tests", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [24,25,26,27,28]},
- {"id": 30, "subject": "Task 30: ConfigPublishCoordinator happy path", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [32,33,34,35], "blockedBy": [4,17,18,10,11]},
- {"id": 31, "subject": "Task 31: Coordinator timeout + failover recovery", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [32,33,34,35], "blockedBy": [30]},
- {"id": 32, "subject": "Task 32: AdminOperationsActor + StartDeployment", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,33,34,35], "blockedBy": [4,17,18,10,12]},
- {"id": 33, "subject": "Task 33: AuditWriterActor batched idempotent insert", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,32,34,35], "blockedBy": [4,17]},
- {"id": 34, "subject": "Task 34: FleetStatusBroadcaster", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,32,33,35], "blockedBy": [4,17]},
- {"id": 35, "subject": "Task 35: RedundancyStateActor + ServiceLevelCalculator", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [30,31,32,33,34], "blockedBy": [4,17,18]},
- {"id": 36, "subject": "Task 36: Singleton registration extension (admin role)", "status": "pending", "classification": "standard", "estMinutes": 4, "parallelizableWith": [], "blockedBy": [30,31,32,33,34,35]},
- {"id": 37, "subject": "Task 37: DriverHostActor scaffolding + PreStart recovery", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43,44], "blockedBy": [5,17,18,11]},
- {"id": 38, "subject": "Task 38: DriverHostActor DispatchDeployment handler", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43,44], "blockedBy": [37]},
- {"id": 39, "subject": "Task 39: DriverHostActor stale-config fallback", "status": "pending", "classification": "standard", "estMinutes": 4, "parallelizableWith": [41,42,43,44], "blockedBy": [38]},
- {"id": 40, "subject": "Task 40: Runtime test project bootstrap", "status": "pending", "classification": "small", "estMinutes": 3, "parallelizableWith": [], "blockedBy": [37,38,39]},
- {"id": 41, "subject": "Task 41: DriverInstanceActor state machine", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [42,43,44], "blockedBy": [5,17,40]},
- {"id": 42, "subject": "Task 42: VirtualTagActor", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [41,43,44], "blockedBy": [5,17,40]},
- {"id": 43, "subject": "Task 43: ScriptedAlarmActor", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [41,42,44], "blockedBy": [5,17,40]},
- {"id": 44, "subject": "Task 44: OpcUaPublishActor on synchronized dispatcher", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43], "blockedBy": [5,6,17,19,40]},
- {"id": 45, "subject": "Task 45: HistorianAdapter + PeerOpcUaProbe + DbHealthProbe actors", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [37,40]},
- {"id": 46, "subject": "Task 46: Extract OpcUaApplicationHost + Phase7Composer", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [6]},
- {"id": 47, "subject": "Task 47: Phase7Composer purity + property tests", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [48,49,50,51,52], "blockedBy": [46]},
- {"id": 48, "subject": "Task 48: Move Blazor components into AdminUI library", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [47], "blockedBy": [7]},
- {"id": 49, "subject": "Task 49: Move SignalR hubs and rewire to FleetStatusBroadcaster", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [50,51,52], "blockedBy": [34,48]},
- {"id": 50, "subject": "Task 50: IAdminOperationsClient via ClusterSingletonProxy", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,51,52], "blockedBy": [18,32,48]},
- {"id": 51, "subject": "Task 51: Replace DriverDiagnosticsClient with IFleetDiagnosticsClient", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,50,52], "blockedBy": [18,48]},
- {"id": 52, "subject": "Task 52: Drift indicator + Deploy button UI", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,50,51], "blockedBy": [50,48]},
- {"id": 53, "subject": "Task 53: Host Program.cs role-gated startup", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [54,55], "blockedBy": [8,15,20,21,22,26,36,40,45,46,48,49]},
- {"id": 54, "subject": "Task 54: Health endpoints + appsettings layout", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [53,55], "blockedBy": [8,22]},
- {"id": 55, "subject": "Task 55: Mac dev mode + DEV-STUB drivers", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [53,54], "blockedBy": [41]},
- {"id": 56, "subject": "Task 56: Delete OtOpcUa.Server + OtOpcUa.Admin projects", "status": "pending", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [53,54,55]},
- {"id": 57, "subject": "Task 57: Build & test green check", "status": "pending", "classification": "trivial", "estMinutes": 3, "parallelizableWith": [], "blockedBy": [56]},
- {"id": 58, "subject": "Task 58: 2-node integration test harness", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [57]},
- {"id": 59, "subject": "Task 59: Deploy + failover integration tests", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [60], "blockedBy": [58]},
+ {"id": 0, "subject": "Task 0: Create branch and central package management", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [], "commit": "2b81147"},
+ {"id": 1, "subject": "Task 1: Create OtOpcUa.Commons project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [2,3,4,5,6,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 2, "subject": "Task 2: Create OtOpcUa.Cluster project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,3,4,5,6,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 3, "subject": "Task 3: Create OtOpcUa.Security project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,4,5,6,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 4, "subject": "Task 4: Create OtOpcUa.ControlPlane project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,5,6,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 5, "subject": "Task 5: Create OtOpcUa.Runtime project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,6,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 6, "subject": "Task 6: Create OtOpcUa.OpcUaServer project", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,5,7,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 7, "subject": "Task 7: Create OtOpcUa.AdminUI Razor class library", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [1,2,3,4,5,6,8], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 8, "subject": "Task 8: Create OtOpcUa.Host Web SDK project", "status": "completed", "classification": "small", "estMinutes": 5, "parallelizableWith": [1,2,3,4,5,6,7], "blockedBy": [0], "commit": "30a2104"},
+ {"id": 9, "subject": "Task 9: Build green smoke check", "status": "completed", "classification": "trivial", "estMinutes": 2, "parallelizableWith": [], "blockedBy": [1,2,3,4,5,6,7,8], "commit": "30a2104"},
+ {"id": 10, "subject": "Task 10: Add Deployment entity", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [11,12,13], "blockedBy": [9], "commit": "8e2c4f2"},
+ {"id": 11, "subject": "Task 11: Add NodeDeploymentState entity", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [10,12,13], "blockedBy": [9], "commit": "8e2c4f2"},
+ {"id": 12, "subject": "Task 12: Add ConfigEdit audit entity", "status": "completed", "classification": "small", "estMinutes": 4, "parallelizableWith": [10,11,13], "blockedBy": [9], "commit": "8e2c4f2"},
+ {"id": 13, "subject": "Task 13: Add DataProtection keys table", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [10,11,12], "blockedBy": [9], "commit": "8e2c4f2"},
+ {"id": "14a", "subject": "Task 14a: Add RowVersion to live-edit entities", "status": "completed", "classification": "standard", "estMinutes": 10, "parallelizableWith": [], "blockedBy": [13], "commit": "4bb4ad8"},
+ {"id": "14b", "subject": "Task 14b: Decouple live-edit entities from ConfigGeneration", "status": "completed", "classification": "high-risk", "estMinutes": 30, "parallelizableWith": [], "blockedBy": ["14a"], "commit": "13d3aea"},
+ {"id": "14c", "subject": "Task 14c: Obsolete GenerationApplier/Diff/SealedCache", "status": "completed", "classification": "high-risk", "estMinutes": 20, "parallelizableWith": [], "blockedBy": ["14b"], "commit": "1ddf8bb"},
+ {"id": "14d", "subject": "Task 14d: Drop ClusterNode.RedundancyRole", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": ["14a","14b","14c"], "blockedBy": [13], "commit": "3c915e6"},
+ {"id": "14e", "subject": "Task 14e: Delete ConfigGeneration + ClusterNodeGenerationState", "status": "completed", "classification": "small", "estMinutes": 5, "parallelizableWith": [], "blockedBy": ["14b","14c"], "commit": "e00f46d"},
+ {"id": "14f", "subject": "Task 14f: V2HostingAlignment EF migration (consolidator)", "status": "completed", "classification": "high-risk", "estMinutes": 15, "parallelizableWith": [], "blockedBy": ["14a","14b","14c","14d","14e"], "commit": "605dbf3"},
+ {"id": 15, "subject": "Task 15: Migrate-To-V2.ps1 idempotent script", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [16,17,18], "blockedBy": ["14f"], "commit": "c168c1c"},
+ {"id": 16, "subject": "Task 16: Common types (CorrelationId, ExecutionId, NodeId, ...)", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [17,18], "blockedBy": [9], "commit": "fee4a8c"},
+ {"id": 17, "subject": "Task 17: Akka message contracts", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [16,18], "blockedBy": [16], "commit": "5d3a5a4"},
+ {"id": 18, "subject": "Task 18: Common interfaces", "status": "completed", "classification": "small", "estMinutes": 4, "parallelizableWith": [16,17], "blockedBy": [16], "commit": "136234e"},
+ {"id": 19, "subject": "Task 19: HOCON config", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [20,21,22], "blockedBy": [2], "commit": "3d0f4dc"},
+ {"id": 20, "subject": "Task 20: AkkaHostedService implementation", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [19,21,22], "blockedBy": [2,18], "commit": "f184f8e"},
+ {"id": 21, "subject": "Task 21: Role parser from OTOPCUA_ROLES env", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [19,20,22], "blockedBy": [2], "commit": "dfb0636"},
+ {"id": 22, "subject": "Task 22: ClusterRoleInfo implementation", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [19,20,21], "blockedBy": [18,20], "commit": "c217c49"},
+ {"id": 23, "subject": "Task 23: Cluster test project + tests", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [19,20,21,22], "commit": "e0b6d56"},
+ {"id": 24, "subject": "Task 24: Move LdapAuthService into OtOpcUa.Security", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [25], "blockedBy": [3], "commit": "567b8ca"},
+ {"id": 25, "subject": "Task 25: JwtTokenService", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [24], "blockedBy": [3], "commit": "93316e3"},
+ {"id": 26, "subject": "Task 26: Cookie+JWT hybrid AddOtOpcUaAuth extension", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [27,28], "blockedBy": [13,24,25], "commit": "207fc6a"},
+ {"id": 27, "subject": "Task 27: /auth/login, /auth/ping, /auth/token endpoints", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [26,28], "blockedBy": [24,25], "commit": "8be84ba"},
+ {"id": 28, "subject": "Task 28: CookieAuthenticationStateProvider for Blazor", "status": "completed", "classification": "small", "estMinutes": 4, "parallelizableWith": [26,27], "blockedBy": [25], "commit": "e38f22e"},
+ {"id": 29, "subject": "Task 29: Security test project + tests", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [24,25,26,27,28], "commit": "38ea0c5"},
+ {"id": 30, "subject": "Task 30: ConfigPublishCoordinator happy path", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [32,33,34,35], "blockedBy": [4,17,18,10,11], "commit": "62e12da"},
+ {"id": 31, "subject": "Task 31: Coordinator timeout + failover recovery", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [32,33,34,35], "blockedBy": [30], "commit": "f193872"},
+ {"id": 32, "subject": "Task 32: AdminOperationsActor + StartDeployment", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,33,34,35], "blockedBy": [4,17,18,10,12], "commit": "ef683f5"},
+ {"id": 33, "subject": "Task 33: AuditWriterActor batched idempotent insert", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,32,34,35], "blockedBy": [4,17], "commit": "23f669c"},
+ {"id": 34, "subject": "Task 34: FleetStatusBroadcaster", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [30,31,32,33,35], "blockedBy": [4,17], "commit": "dd122c4"},
+ {"id": 35, "subject": "Task 35: RedundancyStateActor + ServiceLevelCalculator", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [30,31,32,33,34], "blockedBy": [4,17,18], "commit": "6b37f99"},
+ {"id": 36, "subject": "Task 36: Singleton registration extension (admin role)", "status": "completed", "classification": "standard", "estMinutes": 4, "parallelizableWith": [], "blockedBy": [30,31,32,33,34,35], "commit": "52bf4b3"},
+ {"id": 37, "subject": "Task 37: DriverHostActor scaffolding + PreStart recovery", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43,44], "blockedBy": [5,17,18,11], "commit": "ed13013"},
+ {"id": 38, "subject": "Task 38: DriverHostActor DispatchDeployment handler", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43,44], "blockedBy": [37], "commit": "ed13013"},
+ {"id": 39, "subject": "Task 39: DriverHostActor stale-config fallback", "status": "completed", "classification": "standard", "estMinutes": 4, "parallelizableWith": [41,42,43,44], "blockedBy": [38], "commit": "ed13013"},
+ {"id": 40, "subject": "Task 40: Runtime test project bootstrap", "status": "completed", "classification": "small", "estMinutes": 3, "parallelizableWith": [], "blockedBy": [37,38,39], "commit": "ed13013"},
+ {"id": 41, "subject": "Task 41: DriverInstanceActor state machine", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [42,43,44], "blockedBy": [5,17,40], "commit": "64c627f"},
+ {"id": 42, "subject": "Task 42: VirtualTagActor", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [41,43,44], "blockedBy": [5,17,40], "commit": "39729bf"},
+ {"id": 43, "subject": "Task 43: ScriptedAlarmActor", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [41,42,44], "blockedBy": [5,17,40], "commit": "95ef533"},
+ {"id": 44, "subject": "Task 44: OpcUaPublishActor on synchronized dispatcher", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [41,42,43], "blockedBy": [5,6,17,19,40], "commit": "e115f13"},
+ {"id": 45, "subject": "Task 45: HistorianAdapter + PeerOpcUaProbe + DbHealthProbe actors", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [37,40], "commit": "28639cb"},
+ {"id": 46, "subject": "Task 46: Extract OpcUaApplicationHost + Phase7Composer", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [6], "commit": "2877a88"},
+ {"id": 47, "subject": "Task 47: Phase7Composer purity + property tests", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [48,49,50,51,52], "blockedBy": [46], "commit": "b7c117a"},
+ {"id": 48, "subject": "Task 48: Move Blazor components into AdminUI library", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [47], "blockedBy": [7], "commit": "1a067e6"},
+ {"id": 49, "subject": "Task 49: Move SignalR hubs and rewire to FleetStatusBroadcaster", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [50,51,52], "blockedBy": [34,48], "commit": "26d8f2f"},
+ {"id": 50, "subject": "Task 50: IAdminOperationsClient via ClusterSingletonProxy", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,51,52], "blockedBy": [18,32,48], "commit": "f022499"},
+ {"id": 51, "subject": "Task 51: Replace DriverDiagnosticsClient with IFleetDiagnosticsClient", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,50,52], "blockedBy": [18,48], "commit": "b83f099"},
+ {"id": 52, "subject": "Task 52: Drift indicator + Deploy button UI", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [49,50,51], "blockedBy": [50,48], "commit": "f167808"},
+ {"id": 53, "subject": "Task 53: Host Program.cs role-gated startup", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [54,55], "blockedBy": [8,15,20,21,22,26,36,40,45,46,48,49], "commit": "e2b357f"},
+ {"id": 54, "subject": "Task 54: Health endpoints + appsettings layout", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [53,55], "blockedBy": [8,22], "commit": "fa1d685"},
+ {"id": 55, "subject": "Task 55: Mac dev mode + DEV-STUB drivers", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [53,54], "blockedBy": [41], "commit": "8b4de80"},
+ {"id": 56, "subject": "Task 56: Delete OtOpcUa.Server + OtOpcUa.Admin projects", "status": "completed", "classification": "high-risk", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [53,54,55], "commit": "76310b8"},
+ {"id": 57, "subject": "Task 57: Build & test green check", "status": "completed", "classification": "trivial", "estMinutes": 3, "parallelizableWith": [], "blockedBy": [56], "commit": "76310b8"},
+ {"id": 58, "subject": "Task 58: 2-node integration test harness", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [57], "commit": "d6fac2d", "deviation": "Also consolidated to a single Akka.Hosting ActorSystem — Program.cs ran two competing ActorSystems (custom AkkaHostedService + Akka.Hosting AddAkka). Cluster singletons landed on the bare one. Fixed in this commit; AkkaHostedService.cs deleted. docker-compose.yml (SQL+OpenLDAP for real local runs) deferred — harness uses EF in-memory."},
+ {"id": 59, "subject": "Task 59: Deploy + failover integration tests", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [60], "blockedBy": [58], "commit": "5cfbe8b", "deviation": "Happy-path + idempotency landed. Failover scenarios (kill-mid-apply, split-brain, restart-during-deploy) deferred as F22 — they need node-down/restart primitives on the harness. Two production bugs fixed in this commit: (1) coordinator missing DPS subscription for ACKs, (2) NodeId collision on shared loopback host."},
{"id": 60, "subject": "Task 60: OPC UA dual-endpoint + ServiceLevel tests", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [59], "blockedBy": [58]},
- {"id": 61, "subject": "Task 61: E2E test infrastructure + GitHub Actions CI", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [59,60]},
- {"id": 62, "subject": "Task 62: Rewrite Install-Services.ps1", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [63,64,65], "blockedBy": [53]},
- {"id": 63, "subject": "Task 63: Traefik config + docker-dev compose", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,64,65], "blockedBy": [53]},
- {"id": 64, "subject": "Task 64: Update existing docs (Redundancy, ServiceHosting, security)", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,63,65], "blockedBy": [57]},
- {"id": 65, "subject": "Task 65: New v2 docs (Architecture-v2, Cluster, ControlPlane, Runtime)", "status": "pending", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,63,64], "blockedBy": [57]}
+ {"id": 61, "subject": "Task 61: E2E test infrastructure + GitHub Actions CI", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [59,60], "commit": "253fb60", "deviation": "CI workflow files landed but E2E test project (tests/Server/ZB.MOM.WW.OtOpcUa.E2ETests) deferred — it lands when F10/F11/F12 wire enough engine for an end-to-end round-trip to be meaningful. The E2E workflow runs against the docker-dev fleet but its --filter Category=E2E currently matches zero tests."},
+ {"id": 62, "subject": "Task 62: Rewrite Install-Services.ps1", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [63,64,65], "blockedBy": [53], "commit": "e40615d"},
+ {"id": 63, "subject": "Task 63: Traefik config + docker-dev compose", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,64,65], "blockedBy": [53], "commit": "7e3b56c", "deviation": "Untested on macOS (no local Docker). Compose file should work — exercise + adjust on first run against a real Docker host."},
+ {"id": 64, "subject": "Task 64: Update existing docs (Redundancy, ServiceHosting, security)", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,63,65], "blockedBy": [57], "commit": "3c3fef9", "deviation": "Redundancy.md + ServiceHosting.md full rewrites. security.md v2 banner only — full per-section rewrite waits for F15 (Admin pages migration) since security.md references many pages that will move. README.md platform-overview updated."},
+ {"id": 65, "subject": "Task 65: New v2 docs (Architecture-v2, Cluster, ControlPlane, Runtime)", "status": "completed", "classification": "standard", "estMinutes": 5, "parallelizableWith": [62,63,64], "blockedBy": [57], "commit": "1689901"},
+ {"id": "F1", "subject": "Follow-up: AuthEndpoints integration tests against fused Host", "status": "completed", "classification": "small", "estMinutes": 10, "parallelizableWith": ["F2"], "blockedBy": [53], "commit": "463512d", "origin": "Deviation from Task 29 (commit 38ea0c5) — deferred until Task 53 wires AddOtOpcUaAuth/MapOtOpcUaAuth in Program. Add WebApplicationFactory tests for /auth/login (204/401/503), /auth/ping (401/200), /auth/token (200+JWT), /auth/logout (204+cookie clear) using a stub ILdapAuthService.", "deviation": "Used HostBuilder + TestServer directly (Security.Tests/AuthEndpointsIntegrationTests) instead of WebApplicationFactory — Host needs Akka cluster bootstrap that's out of scope for this contract test. Cluster-mode auth coverage belongs in Task 58."},
+ {"id": "F2", "subject": "Follow-up: Replace JwtBearer BuildServiceProvider antipattern with IPostConfigureOptions", "status": "completed", "classification": "small", "estMinutes": 5, "parallelizableWith": ["F1"], "blockedBy": [], "commit": "45a8c79", "origin": "Deviation from Task 26 (commit 207fc6a) — AddOtOpcUaAuth uses services.BuildServiceProvider().CreateScope() inside .AddJwtBearer lambda (ASP0000). Refactor to IPostConfigureOptions so validation parameters resolve lazily from the real request provider."},
+ {"id": "F3", "subject": "Follow-up: Add EventId unique column to ConfigAuditLog for cross-restart audit idempotency", "status": "completed", "classification": "small", "estMinutes": 15, "parallelizableWith": ["F4"], "blockedBy": [], "commit": "f57f61d", "origin": "Deviation from Task 33 — AuditWriterActor only dedups in-buffer; ConfigAuditLog lacks EventId column so a duplicate AuditEvent that arrives after a flush becomes a duplicate row. Add nullable EventId Guid + filtered unique index, migration, and refactor AuditWriterActor.WrapDetails away."},
+ {"id": "F4", "subject": "Follow-up: Harden AuditWriterActor.WrapDetails JSON synthesis with System.Text.Json", "status": "completed", "classification": "small", "estMinutes": 5, "parallelizableWith": ["F3"], "blockedBy": [], "commit": "f57f61d", "deviation": "Moot — F3 deleted WrapDetails entirely (EventId/CorrelationId now live in dedicated columns).", "origin": "Self-review of Task 33 — WrapDetails uses string concat; malformed caller DetailsJson would produce invalid JSON and trip the CK_ConfigAuditLog_DetailsJson_IsJson constraint, killing the entire flush batch. Discard this task if F3 lands first (F3 removes WrapDetails entirely)."},
+ {"id": "F5", "subject": "Follow-up: ConfigPublishCoordinator multi-node happy-path test", "status": "completed", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "commit": "5cfbe8b", "deviation": "Delivered by Task 59 — DeployHappyPathTests.StartDeployment_seals_after_both_nodes_apply exercises the exact 'dispatch to N driver nodes, all ack, seals' flow via the real 2-node TwoNodeClusterHarness rather than a multi-system TestKit. Cleaner because it tests the production code path end-to-end.", "origin": "Self-review of Task 30 — single-ActorSystem TestKit can't simulate the plan's 'dispatch to N driver nodes, all ack, seals' happy path because DiscoverDriverNodes() needs real cluster membership. Add a multi-system test (two ActorSystems joined into one cluster, driver-role on the second)."},
+ {"id": "F6", "subject": "Follow-up: RedundancyStateActor publisher abstraction so tests don't need DPS bootstrap", "status": "completed", "classification": "small", "estMinutes": 10, "parallelizableWith": [], "blockedBy": [], "commit": "dfc143c", "origin": "Self-review of Task 35 — RedundancyStateActorTests are skipped because single-node DistributedPubSub bootstrap is unreliable in TestKit. Inject an Action broadcast so tests can replace it with a probe; un-skip both tests."},
+ {"id": "F7", "subject": "Follow-up: DriverInstanceActor full engine wiring (subscriptions, writes, ApplyDelta diff)", "status": "completed", "classification": "standard", "estMinutes": 45, "parallelizableWith": [], "blockedBy": [44], "origin": "Self-review of Task 41 — subscription publishing, ApplyDelta diffing, bad-quality-on-disconnect, write path, and supervisor backoff are stubbed. Wire after OpcUaPublishActor lands.", "shipped": "All three pieces landed: (1) spawn lifecycle in DriverHostActor (DriverSpawnPlanner + IDriverFactory seam) — da14149, (2) ISubscribable wiring + OPC UA status-code → OpcUaQuality severity-bit mapping + DetachSubscription on disconnect/PostStop, (3) IWritable.WriteAsync write path with 5s timeout, status-code bubble-up, and AttributeValuePublished published to parent on every OnDataChange — both shipped in the F7-residual batch. Host DI binding (DriverFactoryBootstrap registers AbCip/AbLegacy/FOCAS/Galaxy/Modbus/S7/TwinCAT factories) lives in src/Server/ZB.MOM.WW.OtOpcUa.Host/Drivers/."},
+ {"id": "F8", "subject": "Follow-up: VirtualTagActor engine wiring (compile expression, subscribe deps, publish result)", "status": "partial", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "origin": "Self-review of Task 42 — VirtualTagEngine.Evaluate not called; DependencyValueChanged just buffers.", "shipped": "(1) IVirtualTagEvaluator seam + NullVirtualTagEvaluator default. VirtualTagActor calls evaluator on DependencyValueChanged, dedupes unchanged results, emits EvaluationResult to parent, publishes Warning ScriptLogEntry on failure. (2) DependencyMuxActor in Runtime fans out DriverInstanceActor.AttributeValuePublished from DriverHostActor through to interested VirtualTagActor subscribers. VirtualTagActor takes dependencyRefs + mux ActorRef in Props, registers interest in PreStart, unregisters in PostStop. WithOtOpcUaRuntimeActors spawns the mux + threads it into DriverHostActor. Production binding to Core.VirtualTags.VirtualTagEngine (expression compile + dep extraction) still TODO — split as F8b."},
+ {"id": "F9", "subject": "Follow-up: ScriptedAlarmActor engine wiring + state persistence", "status": "partial", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "origin": "Self-review of Task 43 — AlarmConditionService not called; PreRestart persistence to ScriptedAlarmState DB not wired; HistorianAdapter rows not emitted.", "shipped": "(1) IScriptedAlarmEvaluator seam + NullScriptedAlarmEvaluator default. ScriptedAlarmActor takes AlarmConfig (id/name/path/severity/predicate), evaluates on DependencyValueChanged, publishes AlarmTransitionEvent + ScriptLogEntry on every transition. (2) IAlarmActorStateStore seam in Commons.Engines + NullAlarmActorStateStore default + EfAlarmActorStateStore production adapter over the ScriptedAlarmState entity. ScriptedAlarmActor PreStart loads + restores; every Transition fires a fire-and-forget save with lastAckUser. Predicate binding to Core.ScriptedAlarms.ScriptedAlarmEngine still TODO — split as F9b."},
+ {"id": "F10", "subject": "Follow-up: OpcUaPublishActor SDK integration (address-space writes + ServiceLevel + RebuildAddressSpace)", "status": "partial", "classification": "high-risk", "estMinutes": 60, "parallelizableWith": [], "blockedBy": [47], "origin": "Self-review of Task 44 — SDK calls stubbed; counters only. Wire after Phase 7 OpcUaServer extraction.", "shipped": "(1) IOpcUaAddressSpaceSink + IServiceLevelPublisher seams in Commons.OpcUa with Null* defaults. OpcUaPublishActor routes through the sink, dedupes ServiceLevelChanged, subscribes to redundancy-state DPS topic, maps redundancy snapshot to a coarse ServiceLevel (Primary+leader=240, Primary=200, Secondary=100, Detached=0). (2) OtOpcUaNodeManager (CustomNodeManager2) + OtOpcUaSdkServer (StandardServer subclass) + SdkAddressSpaceSink in OpcUaServer — lazy variable creation on first WriteValue, WriteAlarmState shape, RebuildAddressSpace tear-down. Variable updates propagate via ClearChangeMasks so subscribed OPC UA clients see them. Tests boot a real StandardServer + verify sink writes show up in the manager. Production wiring through OpcUaApplicationHost.StartAsync (default server = OtOpcUaSdkServer) + IServiceLevelPublisher SDK binding + #109 OpcUaPublishActor→Phase7Applier integration are the remaining pieces."},
+ {"id": "F11", "subject": "Follow-up: HistorianAdapterActor named-pipe IPC + SqliteStoreAndForwardSink wiring", "status": "completed", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "commit": "6861381", "deviationNotes": "Reshaped HistorianAdapterActor around the existing IAlarmHistorianSink abstraction (alarm-event shape, not the original tag-history-row stub). Defaults to NullAlarmHistorianSink; production deployments wire SqliteStoreAndForwardSink + WonderwareHistorianClient via AddOtOpcUaRuntime overrides. Actor now exposes GetStatus returning HistorianSinkStatus for diagnostics. Named-pipe transport implementation lives unchanged in src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/WonderwareHistorianClient.cs — the actor is intentionally just a fire-and-forget bridge.", "origin": "Self-review of Task 45 — stub buffers in-memory; named-pipe + SQLite store-and-forward not wired."},
+ {"id": "F12", "subject": "Follow-up: PeerOpcUaProbeActor real opc.tcp ping (replace Ok=true stub)", "status": "completed", "classification": "small", "estMinutes": 20, "parallelizableWith": [], "blockedBy": [], "commit": "b06e3ae", "deviation": "TCP-connect probe rather than full OPC UA Hello/Acknowledge handshake. Enough for the redundancy calc; deeper liveness signals can layer on later without changing the actor's contract.", "origin": "Self-review of Task 45 — RunProbe always returns Ok=true; replace with OPC UA Client connect."},
+ {"id": "F13", "subject": "Follow-up: Full OpcUaApplicationHost extraction (security/alarms/history/observability)", "status": "partial", "classification": "high-risk", "estMinutes": 120, "parallelizableWith": [], "blockedBy": [], "commit": "36c4751-partial", "deviationNotes": "F13a (cert auto-creation) shipped in 36c4751. Remaining: endpoint-security wiring (SecurityProfileResolver into ServerConfiguration.SecurityPolicies), LDAP user-token validator (the OPC UA UserNameToken path; HTTP-layer LDAP auth is separate and already in OtOpcUa.Security), scripted-alarm node manager creation, history backend wiring, observability hooks (OpenTelemetry metrics + traces). These are gated by F10's OpcUaPublishActor SDK integration — until F10 lands, nothing instantiates OpcUaApplicationHost so the missing wiring is dead weight.", "origin": "Self-review of Task 46 — facade only boots ApplicationInstance + StandardServer. Legacy 391-line file pulls Server.Security/Alarms/History/Observability. Pull those into thin OpcUaServer interfaces."},
+ {"id": "F14", "subject": "Follow-up: Migrate side-effecting Phase7Composer (EquipmentNodeWalker, trace logs, node cache)", "status": "partial", "classification": "standard", "estMinutes": 60, "parallelizableWith": [], "blockedBy": [], "origin": "Self-review of Task 47 — pure version covers the projection. Walker + alarm sink registration + cache mutation stay in legacy until split into Phase7Applier.", "shipped": "Phase7Plan + Phase7Planner.Compute (pure diff over EquipmentNodes/DriverInstancePlans/ScriptedAlarmPlans by stable id, with Added/Removed/Changed lists). Phase7Applier consumes plan + IOpcUaAddressSpaceSink: drives RebuildAddressSpace on Equipment/Alarm topology change, writes inactive AlarmState for removed nodes, catches + logs sink faults. Driver-only changes correctly skip the rebuild (DriverHostActor's spawn-plan in Runtime handles those). Walker integration with the real SDK NodeManager is the remaining piece — split as F14b (consumes the existing EquipmentNodeWalker once F10b lands an SDK builder)."},
+ {"id": "F15", "subject": "Follow-up: Migrate 47 legacy Admin Blazor components into AdminUI library", "status": "completed", "classification": "high-risk", "estMinutes": 180, "commit": "Phase A-D (read views) + F15.2 batches 1-4 (live-edit CRUD) + F15.3 (live alerts/script-log/CSV import/Monaco)", "deviationNotes": "All 4 phases of read-only views shipped: Phase A (shell/auth/fleet/hosts), B (cluster CRUD + Overview/Redundancy), C (Equipment/UNS/Namespaces/Drivers/Tags/ACLs), D (Audit/VirtualTags/ScriptedAlarms/Scripts/RoleGrants/Certificates/Reservations/AlarmsHistorian). Per Q1–Q5 of docs/v2/AdminUI-rebuild-plan.md: typed driver editors deferred, top-level VirtualTags/ScriptedAlarms kept (Q2 reversed for cross-cluster discoverability), routes-not-tabs adopted, fleet-wide LDAP→role map only, generic login errors. Live-edit forms (F15.2) and ScriptLog page (depends on F16 ScriptLogHub) are explicit follow-ups.", "parallelizableWith": [], "blockedBy": [], "origin": "Self-review of Task 48 — only MapAdminUI scaffold + 1 new page (Deployments). 47 pages stay in legacy Admin (accepted-broken) until Task 56."},
+ {"id": "F16", "subject": "Follow-up: Bridge FleetStatusBroadcaster → SignalR hubs (FleetStatusHub / AlertHub / ScriptLogHub)", "status": "completed", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "commit": "f18c285", "deviation": "FleetStatusHub bridge landed. AlertHub + ScriptLogHub deferred — they need upstream message contracts that aren't defined yet (alerts emerge from F9 ScriptedAlarmActor, script logs from F8 VirtualTagActor).", "origin": "Self-review of Task 49 — hubs are passive Hub subclasses; the bridge from FleetStatusBroadcaster.broadcast → IHubContext is not wired."},
+ {"id": "F17", "subject": "Follow-up: FleetDiagnosticsClient real Akka ActorSelection round-trip (GetDiagnosticsRequest)", "status": "completed", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "commit": "8f32b89", "origin": "Self-review of Task 51 — client returns an empty snapshot stub. Add GetDiagnosticsRequest contract + DriverHostActor handler + real Ask/Reply."},
+ {"id": "F18", "subject": "Follow-up: Thread HttpContext.User.Identity.Name into Deployments page (createdBy)", "status": "completed", "classification": "small", "estMinutes": 5, "parallelizableWith": [], "blockedBy": [], "commit": "b266f63", "origin": "Self-review of Task 52 — Deployments.razor hardcodes createdBy=\"(current user)\"; needs @inject AuthenticationStateProvider."},
+ {"id": "F19", "subject": "Follow-up: RuntimeStartup extension for driver-role node-actor spawn", "status": "completed", "classification": "standard", "estMinutes": 20, "parallelizableWith": [], "blockedBy": [], "commit": "09d6676", "origin": "Self-review of Task 53 — only admin-role singletons are wired via WithOtOpcUaControlPlaneSingletons. Driver-role nodes need a parallel WithOtOpcUaRuntimeActors that spawns DriverHostActor."},
+ {"id": "F20", "subject": "Follow-up: Wire DriverInstanceActor.ShouldStub() into DriverHostActor child spawn", "status": "completed", "classification": "small", "estMinutes": 10, "parallelizableWith": ["F7"], "blockedBy": [], "origin": "Self-review of Task 55 — ShouldStub helper exists but nothing calls it. Folds into F7 when DriverHostActor learns to spawn DriverInstanceActor children.", "shipped": "DriverHostActor.SpawnChild now calls DriverInstanceActor.ShouldStub(type, _localRoles) and routes Windows-only driver types to the stub path on non-Windows / dev-role hosts. Verified by DriverHostActorReconcileTests.Galaxy_on_non_windows_is_stubbed_by_ShouldStub_check."},
+ {"id": "F21", "subject": "Follow-up: docker-compose.yml for Host.IntegrationTests (real SQL Server + OpenLDAP)", "status": "completed", "classification": "standard", "estMinutes": 30, "parallelizableWith": [], "blockedBy": [], "commit": "b0a2bb0", "deviationNotes": "Stack shipped (SQL on 14331, OpenLDAP on 3894). HarnessMode reads OTOPCUA_HARNESS_USE_SQL=1 / USE_LDAP=1 from env; SQL mode uses per-harness unique DB via EnsureCreated. Compose itself not local-validated — DESKTOP-6JL3KKO has no Docker per CLAUDE.md; CI on Linux will exercise the real path. The xunit test-trait split was punted — env vars are simpler and cover the same use case (one suite, two modes, no test-class duplication).", "origin": "Deviation from Task 58 — TwoNodeClusterHarness uses EF InMemoryDatabase + StubLdapAuthService. For Mac-friendly local runs against real SQL constraints + LDAP, add tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/docker-compose.yml (SQL Server + OpenLDAP), wire EF SqlServer provider behind an env var (OTOPCUA_HARNESS_USE_SQL=1), and add a test trait so CI can run both modes."},
+ {"id": "F22", "subject": "Follow-up: failover scenario integration tests (kill-mid-apply, split-brain, restart-during-deploy)", "status": "completed", "classification": "standard", "estMinutes": 60, "parallelizableWith": [], "blockedBy": [], "commit": "cd5540c", "deviationNotes": "Shipped 3 scenarios on the existing 2-node harness: stop-shrinks, restart-rejoins-same-port, deploy-with-one-node-down. Split-brain via simulated partition deferred — Akka.Hosting + xunit don't expose transport-level interference cleanly. The graceful-shutdown + rejoin path is what production actually exercises; ungraceful kill-mid-apply non-deterministic under SBR's 15s stable-after.", "origin": "Deviation from Task 59 — happy-path + idempotency landed but design §8 cases 3-7 need controlled node-down primitives on TwoNodeClusterHarness (StopNodeAsync, RestartNodeAsync, PartitionBetweenAsync). Add those + 5 scenario tests."}
]
}
diff --git a/docs/security.md b/docs/security.md
index e8d4bb3..ab2a450 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -1,5 +1,19 @@
# Security
+> **v2 status (2026-05-26).** The four security concerns below are unchanged in v2.
+> Paths + project names moved: `OtOpcUa.Server/Security/` → `OtOpcUa.Security/`
+> (`Ldap/`, `Jwt/`, `Endpoints/AuthEndpoints.cs`), `OtOpcUa.Admin` is gone (its
+> auth + role-grant pages live in `OtOpcUa.AdminUI`), and Admin auth policies
+> register in `OtOpcUa.Host/Program.cs` via `AddOtOpcUaAuth` rather than in a
+> separate Admin process. The v2 `Security:Jwt` section adds JWT bearer auth
+> alongside the existing cookie scheme (`AddJwtBearer` wired via
+> `IPostConfigureOptions` in `OtOpcUa.Security`). DataProtection
+> keys persist to the shared `ConfigDb.DataProtectionKeys` table so cookies
+> survive failover between admin-role nodes.
+>
+> See `docs/plans/2026-05-26-akka-hosting-alignment-design.md` §5 for the v2
+> auth + DataProtection rationale.
+
OtOpcUa has four independent security concerns. This document covers all four:
1. **Transport security** — OPC UA secure channel (signing, encryption, X.509 trust).
diff --git a/docs/v2/AdminUI-rebuild-plan.md b/docs/v2/AdminUI-rebuild-plan.md
new file mode 100644
index 0000000..b5236ed
--- /dev/null
+++ b/docs/v2/AdminUI-rebuild-plan.md
@@ -0,0 +1,265 @@
+# Admin UI rebuild plan (F15)
+
+**Status:** UX kickoff — proposals to react to before any per-page rebuild starts.
+**Last updated:** 2026-05-26 on `v2-akka-fuse`.
+
+## Why this isn't a straight port
+
+The v1 Admin UI was built around `ConfigGeneration` draft → publish:
+operators edited a **draft** generation, the system computed a **diff** against the
+last published one, and a manual **Publish** sealed it. Six full pages
+(`DraftEditor`, `DiffViewer`, `DiffSection`, `Generations`, plus the per-tab
+"viewing draft N" header) lived to make this workflow legible.
+
+v2 replaces that with **live-edit + snapshot-deploy** (decisions #14a–#14e on this
+branch). Edits write directly to live tables guarded by `RowVersion`
+concurrency; deploying is a single click that snapshots the current live state
+and dispatches it via Akka. Drift between "current live" and "last sealed
+deployment" surfaces as a one-line indicator on the
+[Deployments](../../src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Deployments.razor)
+page.
+
+That collapses **six pages → zero** before we ship a line of new Razor. The
+remaining ~41 legacy pages map to ~30 v2 pages once redundant fleet-wide views
+fold into their cluster-tab equivalents.
+
+## Inventory: 47 legacy pages → v2 disposition
+
+Source: `git show 76310b8^ -- 'src/Server/ZB.MOM.WW.OtOpcUa.Admin/**/*.razor'`.
+
+### Site shell (5 files) — port
+
+| Legacy | v2 status | Notes |
+|---|---|---|
+| `App.razor`, `Routes.razor`, `_Imports.razor` | Port | Boilerplate; minor render-mode tweaks |
+| `Layout/MainLayout.razor` | ✅ Already in v2 | Done in Task 48 |
+| `Components/Pages/Login.razor`, `Account.razor` | Port | Auth endpoints changed (cookie+JWT hybrid, Task 26); login form posts to `/auth/login` now |
+
+### Shared widgets (5 files) — port
+
+| Legacy | v2 status |
+|---|---|
+| `StatusBadge.razor` | ✅ Already in v2 |
+| `LoadingSpinner.razor` | ✅ Already in v2 |
+| `ToastNotification.razor` | ✅ Already in v2 |
+| `ClusterAuthorizeView.razor`, `RedirectToLogin.razor` | Port — adjust for v2 `IUserAuthenticator` |
+
+### Fleet (1 file) — reshape
+
+| Legacy | v2 strategy |
+|---|---|
+| `Fleet.razor` | **Reshape.** Drop the v1 "poller reads central DB" data source. v2 reads `NodeDeploymentState` (Applied / Failed / Stale per node) + subscribes to `FleetStatusHub` for live `ServiceLevel` updates (already wired in F16) + queries `IFleetDiagnosticsClient.GetDiagnostics` (F17) for per-node driver health. Single page, similar shape to v1. |
+
+### Cluster CRUD (3 files) — port
+
+| Legacy | v2 strategy |
+|---|---|
+| `ClustersList.razor` | Port |
+| `NewCluster.razor` | Port |
+| `ClusterDetail.razor` | **Port — drop draft/publish chrome.** No "New draft" button; no "current published" sidebar. Replace with "Last deployed" badge + a "Deploy" button (already a SignalR-aware widget on the Deployments page; this becomes a cluster-scoped variant). |
+
+### Draft/publish workflow (4 files) — **drop entirely**
+
+| Legacy | v2 strategy |
+|---|---|
+| `DraftEditor.razor` | **Drop.** No drafts in v2. |
+| `DiffViewer.razor` | **Drop.** Drift indicator replaces it on Deployments page. |
+| `DiffSection.razor` | **Drop.** |
+| `Generations.razor` | **Drop — replaced by `Deployments.razor`** (already shipped in v2 ahead of F15). |
+
+### Cluster tabs (11 files) — port as live-edit forms
+
+Each becomes a live-edit surface: load the entity, bind to a form, save with
+`RowVersion` concurrency check (409 on conflict → toast + reload). No "viewing
+draft N" header; no per-tab snapshot view.
+
+| Legacy tab | v2 strategy |
+|---|---|
+| `EquipmentTab.razor` | Port — UNS path tree picker stays |
+| `UnsTab.razor` | Port — same |
+| `NamespacesTab.razor` | Port |
+| `DriversTab.razor` | Port — **driver-type-specific editors are a separate question (see below)** |
+| `TagsTab.razor` | Port |
+| `AclsTab.razor` | Port — wire to v2 LDAP group → role mapping (see RoleGrants question) |
+| `RedundancyTab.razor` | Port — surface v2 `ServiceLevel` calc (Task 35) instead of v1 redundancy state machine |
+| `ScriptedAlarmsTab.razor` | Port |
+| `ScriptsTab.razor` | Port |
+| `VirtualTagsTab.razor` | Port |
+| `AuditTab.razor` | Port — wire to v2 `ConfigAuditLog` (post-F3 schema: `EventId`, `CorrelationId` columns) |
+
+### Cluster-scoped editors (3 files) — port as reusable inputs
+
+| Legacy | v2 strategy |
+|---|---|
+| `IdentificationFields.razor` | Port |
+| `ImportEquipment.razor` | Port |
+| `ScriptEditor.razor` | Port |
+
+### Cross-cluster pages (8 files) — mixed
+
+| Legacy | v2 strategy |
+|---|---|
+| `Hosts.razor` | Port — reshape to "Akka cluster members" (showing `host:port` NodeIds, roles, redundancy state) |
+| `Certificates.razor` | Port — F13a's `PkiStoreRoot` becomes the data source |
+| `Reservations.razor` | Port |
+| `RoleGrants.razor` | **Reshape.** v1 was cluster-scoped role grants; v2 uses LDAP group → role mapping (see Q4 below) |
+| `AlarmsHistorian.razor` | Port — wire to F11's `HistorianAdapterActor.GetStatus` (queue depth + drain state) |
+| `ScriptLog.razor` | Port — needs SignalR hub bridge (F16 deferred ScriptLogHub) |
+| `ScriptedAlarms.razor` (top-level) | **Possibly drop** (see Q2 below) |
+| `VirtualTags.razor` (top-level) | **Possibly drop** (see Q2 below) |
+
+### Driver-typed editors (5 files) — sequencing decision needed
+
+| Legacy | v2 strategy |
+|---|---|
+| `Drivers/FocasDetail.razor` | Defer — JSON editor in `DriversTab` covers the same config initially |
+| `Modbus/ModbusOptionsEditor.razor` | Same |
+| `Modbus/ModbusAddressEditor.razor` | Same |
+| `Modbus/ModbusAddressPreview.razor` | Same |
+| `Modbus/ModbusDiagnostics.razor` | Port — separate from the config editor, this is operational telemetry |
+
+### Account (1 file) — port
+
+| Legacy | v2 strategy |
+|---|---|
+| `Account.razor` | Port — minor reshape for JWT (token expiry UI, refresh button) |
+
+## Summary by disposition
+
+| Disposition | Count |
+|---|---|
+| Already in v2 | 5 |
+| Port as-is | 22 |
+| Port + reshape | 7 |
+| **Drop (replaced by live-edit / Deployments page)** | **5** |
+| Drop (redundant with cluster tab) | 2 (pending Q2) |
+| Defer (driver-typed editors) | 4 |
+| **Total active rebuild** | ~30 pages |
+
+## Open design questions
+
+These need answers before per-page sequencing starts. They drive how many
+phases the rebuild takes and what gets cut.
+
+### Q1 — Driver-typed editors: ship now or defer?
+
+**Context.** v1 had typed editors for Modbus + FOCAS driver config. They sat
+behind a generic JSON editor for the other six driver types. The typed editors
+caught operator typos that the JSON editor missed (port ranges, slave-ID
+collisions, address-map overlaps).
+
+**Options.**
+- **Defer all typed editors.** Ship `DriversTab` with a JSON editor first; add
+ typed editors per-driver as field requests come in. Saves ~1 day on F15.
+- **Port the existing two.** Modbus + FOCAS were already validated against
+ field use. The other six driver types stay JSON-only.
+- **Ship all eight typed editors.** Most work, best UX. ~3 extra days on F15.
+
+**Recommendation:** Defer. The OPC UA dual-endpoint tests + driver
+engine wiring (F7-F10) are higher-leverage and need attention first.
+
+### Q2 — Top-level `ScriptedAlarms.razor` and `VirtualTags.razor`: keep or drop?
+
+**Context.** In v1, these were fleet-wide views of every scripted alarm and
+virtual tag across every cluster. The cluster tabs let you edit them; the
+top-level pages let you find them across clusters.
+
+**Options.**
+- **Drop.** Fleet-wide view is rare; cluster scope covers 95% of use.
+- **Keep as read-only.** Cross-cluster search + drill-down to the per-cluster tab.
+
+**Recommendation:** Drop, but expose a global search on the top nav that
+matches cluster + alarm/tag names if operators ask.
+
+### Q3 — ClusterDetail: 10 tabs or split routes?
+
+**Context.** v1 had 10 nav-tabs inside `ClusterDetail.razor`. Some are very
+heavy (Tags can be 10k rows; AuditTab streams). All 10 share render state.
+
+**Options.**
+- **Keep tabs.** Familiar; one URL per cluster.
+- **Split into routes.** `/clusters/{id}/equipment`, `/clusters/{id}/tags`,
+ etc. Better deep-linking, better load (one tab's data per page), easier auth
+ scoping.
+
+**Recommendation:** Split into routes. The v1 monolith was already groaning
+under the live-update SignalR fan-in; routes let each surface manage its own
+subscription lifecycle.
+
+### Q4 — RoleGrants: cluster-scoped table or LDAP group → role map?
+
+**Context.** v1 had a per-cluster `RoleGrants` table where you mapped users to
+cluster-scoped roles (ClusterAdmin, ClusterOperator, etc.). v2 introduced
+LDAP-driven auth: LDAP group membership maps to OPC UA permissions
+(`ReadOnly`, `WriteOperate`, `WriteTune`, `WriteConfigure`, `AlarmAck`)
+fleet-wide.
+
+**Options.**
+- **Keep v1 model.** Cluster-scoped grants survive; LDAP just provides the
+ username.
+- **Replace with fleet-wide LDAP-group → role mapping.** v2's `LdapOptions`
+ already has a `GroupToRole` dictionary; surface that in a single fleet-level
+ page.
+- **Both.** LDAP map for fleet-wide defaults; per-cluster overrides for
+ scoping.
+
+**Recommendation:** Fleet-wide LDAP-group → role map only. Per-cluster scoping
+adds combinatorial complexity that v2's redundancy model doesn't need
+(every driver-role node runs every driver in the fleet).
+
+### Q5 — Login UI: backed by `/auth/login` (cookie+JWT hybrid) — what about LDAP error UX?
+
+**Context.** v2's `/auth/login` does an LDAP bind. Failures come back as
+specific reasons (invalid creds vs. service-account misconfig vs. server
+unreachable). The default behavior is to lump them all into "Login failed."
+
+**Options.**
+- **Generic "Login failed."** Safer; doesn't leak whether the username exists.
+- **Specific error categories.** Helps operators diagnose deploy issues.
+
+**Recommendation:** Generic for production deployments, specific when
+`Authentication:Ldap:AllowInsecureLdap=true` (dev mode signal).
+
+## Proposed sequencing (4 phases)
+
+Each phase is independently mergeable. The branch ships when Phase A is in;
+Phases B–D can follow as smaller PRs.
+
+### Phase A — Shell + auth + fleet (minimum-viable Admin)
+~½–1 day. Ships a working admin surface with no config editing.
+- Port `App.razor`, `Routes.razor`, `_Imports.razor`
+- Port `Login.razor` (post Q5)
+- Port `Account.razor`
+- Reshape `Fleet.razor` against v2 data sources
+- Port `Hosts.razor` reshape
+
+### Phase B — Cluster CRUD + Overview/Redundancy tabs
+~1 day. Adds cluster browse + readonly redundancy view.
+- Port `ClustersList`, `NewCluster`, `ClusterDetail` (Overview tab only)
+- Port `RedundancyTab` (read-only — surfaces v2 `ServiceLevel`)
+- Split into routes if Q3 = split
+
+### Phase C — Config editor tabs
+~2 days. The big chunk — the live-edit config surface.
+- `EquipmentTab`, `UnsTab`, `NamespacesTab`
+- `DriversTab` (JSON-only initially per Q1)
+- `TagsTab`
+- `AclsTab` post Q4 reshape
+- `ImportEquipment`, `IdentificationFields`
+
+### Phase D — Logic + ops pages
+~1 day.
+- `VirtualTagsTab`, `ScriptedAlarmsTab`, `ScriptsTab`, `ScriptEditor`
+- `AuditTab` against new ConfigAuditLog schema
+- `RoleGrants` post Q4 reshape
+- `Certificates`
+- `Reservations`
+- `AlarmsHistorian`, `ScriptLog` (depends on F16 ScriptLogHub deferred)
+
+## Out of scope for F15
+
+- Typed driver editors (Q1, deferred unless reversed)
+- Top-level fleet-wide ScriptedAlarms / VirtualTags pages (Q2, recommended drop)
+- Per-cluster RoleGrants (Q4, recommended drop)
+- ScriptLogHub SignalR bridge (F16 deferred — only needed for Phase D's
+ ScriptLog page; can move to a separate F16-extension follow-up)
diff --git a/docs/v2/Architecture-v2.md b/docs/v2/Architecture-v2.md
new file mode 100644
index 0000000..1f35833
--- /dev/null
+++ b/docs/v2/Architecture-v2.md
@@ -0,0 +1,127 @@
+# OtOpcUa v2 Architecture
+
+Single-page tour of the v2 layout. For decision history + tradeoffs, see [`2026-05-26-akka-hosting-alignment-design.md`](../plans/2026-05-26-akka-hosting-alignment-design.md).
+
+## Big picture
+
+```
+ ┌─────────────────────────────────────────────┐
+ │ OtOpcUa.Host │ (fused binary)
+ │ │
+ │ reads OTOPCUA_ROLES env, mounts: │
+ │ ┌─────────────────────────────────────┐ │
+ │ │ admin → Blazor + auth + control- │ │
+ │ │ plane singletons │ │
+ │ │ driver → OPC UA endpoint + │ │
+ │ │ per-node actors │ │
+ │ └─────────────────────────────────────┘ │
+ └─────────────────────────────────────────────┘
+ │
+ │ joins
+ ▼
+ ┌─────────────────────────────────────────────┐
+ │ Akka.NET cluster │
+ │ (split-brain resolver: keep-oldest, 15s) │
+ └─────────────────────────────────────────────┘
+
+shared by every node: ┌─────────────────┐
+ │ ConfigDb (SQL) │ live-edit + Deployment artifacts + audit
+ └─────────────────┘
+```
+
+The v1 setup was two separate Windows services (`OtOpcUa.Server` + `OtOpcUa.Admin`) talking through the DB. v2 collapses them into one binary with role gating, and adds an Akka cluster so admin singletons can drive deploys and the redundancy story is automatic.
+
+## Project layout
+
+```
+src/Core/ shared abstractions, no Server deps
+ ZB.MOM.WW.OtOpcUa.Commons types + Akka message contracts + interfaces
+ ZB.MOM.WW.OtOpcUa.Cluster HOCON, AkkaClusterOptions, IClusterRoleInfo
+ ZB.MOM.WW.OtOpcUa.Configuration EF Core DbContext + entities
+
+src/Server/ server-side projects
+ ZB.MOM.WW.OtOpcUa.Security cookie+JWT auth, LDAP, JwtTokenService
+ ZB.MOM.WW.OtOpcUa.ControlPlane admin-role cluster singletons
+ ZB.MOM.WW.OtOpcUa.Runtime driver-role per-node actors
+ ZB.MOM.WW.OtOpcUa.OpcUaServer OPC UA endpoint facade + Phase7Composer
+ ZB.MOM.WW.OtOpcUa.AdminUI Blazor Razor class library
+ ZB.MOM.WW.OtOpcUa.Host fused binary (Program.cs)
+```
+
+| Project | Role | Doc |
+|---|---|---|
+| Cluster | Bootstrap + cluster topology view | [Cluster.md](Cluster.md) |
+| ControlPlane | Admin singletons (deploy, audit, fleet, redundancy) | [ControlPlane.md](ControlPlane.md) |
+| Runtime | Driver-role actor tree | [Runtime.md](Runtime.md) |
+| Security | Cookie+JWT auth, LDAP, /auth/* endpoints | [../security.md](../security.md) |
+| OpcUaServer | OPC UA endpoint host + composer | [../OpcUaServer.md](../OpcUaServer.md) |
+| Host | Role-gated DI graph + Program.cs | [../ServiceHosting.md](../ServiceHosting.md) |
+
+## Role gating
+
+`Program.cs` reads `OTOPCUA_ROLES` once (per process) and decides what to wire:
+
+```csharp
+var roles = RoleParser.Parse(Environment.GetEnvironmentVariable("OTOPCUA_ROLES"));
+var hasAdmin = roles.Contains("admin");
+var hasDriver = roles.Contains("driver");
+
+builder.Services.AddOtOpcUaConfigDb(builder.Configuration);
+builder.Services.AddOtOpcUaCluster(builder.Configuration);
+
+builder.Services.AddAkka("otopcua", (ab, sp) =>
+{
+ ab.WithOtOpcUaClusterBootstrap(sp); // HOCON + remote + cluster options
+ if (hasAdmin) ab.WithOtOpcUaControlPlaneSingletons();
+ if (hasDriver) ab.WithOtOpcUaRuntimeActors();
+});
+
+if (hasAdmin)
+{
+ builder.Services.AddOtOpcUaAuth(builder.Configuration);
+ builder.Services.AddAdminUI();
+ // SignalR, AdminOpsClient, etc.
+}
+
+builder.Services.AddOtOpcUaHealth();
+```
+
+There is a **single** ActorSystem. Cluster singletons + per-node actors share it via the `Akka.Hosting` registry. This was a v2 fix (the initial Phase 9 wiring ran two ActorSystems by mistake; see commit `d6fac2d`).
+
+## Live-edit vs draft/publish
+
+v1 had `ConfigGeneration(Draft|Published)` with every live-edit entity FK'd to a generation. Edits accumulated in a Draft until Publish promoted them.
+
+v2 removes that entirely:
+
+- No `ConfigGeneration` table, no `GenerationId` columns.
+- Every live-edit entity has a `RowVersion` (`IsRowVersion()`) for last-write-wins.
+- Audit goes to `ConfigEdit` (per-row delta) and `ConfigAuditLog` (event-level).
+- Deploys snapshot the *current* DB state into an immutable `Deployment.ArtifactBlob` + its `RevisionHash`. That artifact is what driver nodes apply.
+
+See [ControlPlane.md § Deploy flow](ControlPlane.md#deploy-flow) for the end-to-end dispatch + ACK + seal sequence.
+
+## NodeId
+
+Each cluster member has a `NodeId` derived as `{PublicHostname}:{Port}` of the Akka remote endpoint. `ClusterRoleInfo.LocalNode` + `ConfigPublishCoordinator.DiscoverDriverNodes()` use the same formula so they always agree. The port suffix makes loopback test deployments distinguishable (commit `5cfbe8b`); in production the hostname alone is already unique.
+
+## Health endpoints
+
+| Path | Returns 200 when… |
+|---|---|
+| `/healthz` | Process is alive (no checks). |
+| `/health/ready` | DB reachable + this node is `Up` in the cluster. |
+| `/health/active` | This node is the admin role-leader (used by Traefik/HA-LB to pin traffic). |
+
+## What lives where (quick map)
+
+| Concern | Project | Entry point |
+|---|---|---|
+| Read OTOPCUA_ROLES | `Cluster.RoleParser` | static `Parse(string?)` |
+| Cluster lifecycle | `Cluster.WithOtOpcUaClusterBootstrap` | extension on `AkkaConfigurationBuilder` |
+| Local node identity | `Cluster.IClusterRoleInfo.LocalNode` | DI singleton |
+| Admin singletons | `ControlPlane.WithOtOpcUaControlPlaneSingletons` | extension on `AkkaConfigurationBuilder` |
+| Driver actors | `Runtime.WithOtOpcUaRuntimeActors` | extension on `AkkaConfigurationBuilder` |
+| Auth pipeline | `Security.AddOtOpcUaAuth` + `MapOtOpcUaAuth` | extensions on `IServiceCollection` / `IEndpointRouteBuilder` |
+| OPC UA facade | `OpcUaServer.OpcUaApplicationHost` | runtime host, started by driver-role startup |
+| Health endpoints | `Host.Health.AddOtOpcUaHealth` + `MapOtOpcUaHealth` | extensions on `IServiceCollection` / `IEndpointRouteBuilder` |
diff --git a/docs/v2/Cluster.md b/docs/v2/Cluster.md
new file mode 100644
index 0000000..beed2cb
--- /dev/null
+++ b/docs/v2/Cluster.md
@@ -0,0 +1,102 @@
+# OtOpcUa.Cluster
+
+Akka.NET cluster bootstrap + topology view. Used by every other server-side project to talk to the live cluster.
+
+Path: `src/Core/ZB.MOM.WW.OtOpcUa.Cluster/`
+
+## Public surface
+
+| Type | Role |
+|---|---|
+| `AkkaClusterOptions` | DI-bound options from `appsettings.json::Cluster`. Hostname/Port/PublicHostname/SeedNodes/Roles. |
+| `IClusterRoleInfo` (interface in Commons) | Live view of cluster membership + role-leader topology. Thread-safe + event-raising. |
+| `ClusterRoleInfo` | Implementation. Subscribes to `ClusterEvent.IMemberEvent` + `RoleLeaderChanged` + `LeaderChanged`. |
+| `HoconLoader.LoadBaseConfig()` | Reads the embedded `Resources/akka.conf`. |
+| `RoleParser.Parse(string?)` | Parses `OTOPCUA_ROLES` env var into a deduped `string[]`. |
+| `ServiceCollectionExtensions.AddOtOpcUaCluster(configuration)` | Binds options + registers `IClusterRoleInfo` singleton. **Does not** start an ActorSystem. |
+| `WithOtOpcUaClusterBootstrap(serviceProvider)` | Extension on `AkkaConfigurationBuilder`. Loads embedded HOCON + applies `WithRemoting(...)` + `WithClustering(...)` from options. |
+
+## Bootstrap flow
+
+```csharp
+// Program.cs
+builder.Services.AddOtOpcUaCluster(builder.Configuration);
+
+builder.Services.AddAkka("otopcua", (ab, sp) =>
+{
+ ab.WithOtOpcUaClusterBootstrap(sp); // HOCON + remote + cluster
+ // …singletons + node actors layered on
+});
+```
+
+Order matters: `AddOtOpcUaCluster` must come before `AddAkka` so the options binding has run by the time the `AddAkka` lambda fires. Inside the lambda, `WithOtOpcUaClusterBootstrap` resolves `IOptions` from `sp` and writes them into the Akka builder.
+
+The single ActorSystem this produces is what every other v2 piece runs on. There is no second Akka instance — that was a Phase 9 bug (commit `d6fac2d` consolidated).
+
+## Embedded HOCON
+
+`src/Core/ZB.MOM.WW.OtOpcUa.Cluster/Resources/akka.conf` contains:
+
+| Setting | Value | Why |
+|---|---|---|
+| `akka.actor.provider` | `cluster` | Required for `Cluster.Get(system)` to work. |
+| `akka.cluster.split-brain-resolver.active-strategy` | `keep-oldest` | Smaller/younger side downs itself on partition. |
+| `akka.cluster.split-brain-resolver.stable-after` | `15s` | Time before SBR acts. |
+| `akka.cluster.failure-detector.threshold` | `10.0` | Higher than default (8.0) for GC-pause tolerance. |
+| `opcua-synchronized-dispatcher.type` | `PinnedDispatcher` | Dedicated thread for `OpcUaPublishActor` so SDK calls stay marshalled. |
+
+The Cluster.Tests project verifies these key values stay correct (`HoconLoaderTests`).
+
+## Configuration
+
+```json
+{
+ "Cluster": {
+ "Hostname": "0.0.0.0",
+ "Port": 4053,
+ "PublicHostname": "node-a.lan",
+ "SeedNodes": ["akka.tcp://otopcua@node-a.lan:4053"],
+ "Roles": ["admin", "driver"]
+ }
+}
+```
+
+- `Hostname`: interface to bind. `0.0.0.0` listens on every interface.
+- `Port`: TCP port for cluster gossip. Default 4053.
+- `PublicHostname`: address advertised in cluster gossip. Must be reachable by every other node.
+- `SeedNodes`: where new nodes go to join. List one (or two) stable nodes. First node bootstraps the cluster from its own address.
+- `Roles`: free-form tags Akka gossip propagates. v2 uses `admin` + `driver`; per-role wiring in `Program.cs` reads `OTOPCUA_ROLES` env var, not this list — these two should stay in sync.
+
+## IClusterRoleInfo
+
+Anywhere in the host that needs the local node's identity or a view of who-else-is-in-the-cluster, inject `IClusterRoleInfo`:
+
+```csharp
+public sealed class MyService(IClusterRoleInfo cluster)
+{
+ public NodeId Self => cluster.LocalNode;
+ public IReadOnlyList Drivers => cluster.MembersWithRole("driver");
+ public NodeId? AdminLeader => cluster.RoleLeader("admin");
+
+ public MyService(IClusterRoleInfo cluster)
+ {
+ cluster.RoleLeaderChanged += (_, e) =>
+ Console.WriteLine($"role={e.Role}: {e.PreviousLeader} → {e.NewLeader}");
+ }
+}
+```
+
+`LocalNode` is `{PublicHostname}:{Port}` (the port suffix lets loopback test deployments stay distinct; production hostnames are already unique). `ConfigPublishCoordinator` uses the same `{host}:{port}` formula so the expected-ack set and the driver self-identification agree (commit `5cfbe8b`).
+
+## Lifecycle
+
+Akka.Hosting owns the lifecycle: `IHostedService` starts the ActorSystem at host start, runs `CoordinatedShutdown.ClusterLeavingReason` on host stop. The Cluster project does not register its own `IHostedService` (the v1 `AkkaHostedService` was deleted in commit `d6fac2d`).
+
+## Tests
+
+`tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests/` covers:
+
+- `HoconLoaderTests` — embedded resource loads + key settings parse correctly.
+- `RoleParserTests` — comma-split + dedup + trim semantics.
+
+Cross-project integration is in `tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/` (cluster formation, deploy round-trip).
diff --git a/docs/v2/ControlPlane.md b/docs/v2/ControlPlane.md
new file mode 100644
index 0000000..9dbd30b
--- /dev/null
+++ b/docs/v2/ControlPlane.md
@@ -0,0 +1,99 @@
+# OtOpcUa.ControlPlane
+
+Five admin-role cluster singletons that drive the v2 deploy, audit, fleet, and redundancy stories. Path: `src/Server/ZB.MOM.WW.OtOpcUa.ControlPlane/`.
+
+## Singletons
+
+| Actor | File | Marker key | Role |
+|---|---|---|---|
+| `ConfigPublishCoordinator` | `Coordinators/ConfigPublishCoordinator.cs` | `ConfigPublishCoordinatorKey` | Dispatches `DispatchDeployment`, collects `ApplyAck`s, seals/fails/times-out. |
+| `AdminOperationsActor` | `AdminOperations/AdminOperationsActor.cs` | `AdminOperationsActorKey` | Receives `StartDeployment` from the UI, snapshots ConfigDb via `ConfigComposer`, persists `Deployment` row + `ConfigEdit` marker, tells the coordinator to dispatch. |
+| `AuditWriterActor` | `Audit/AuditWriterActor.cs` | `AuditWriterActorKey` | Batched `ConfigAuditLog` writer. Flushes every 500 events or 5 s. In-buffer dedup; cross-restart dedup tracked as F3. |
+| `FleetStatusBroadcaster` | `Fleet/FleetStatusBroadcaster.cs` | `FleetStatusBroadcasterKey` | Aggregates per-node `FleetNodeStatus` heartbeats; publishes `FleetStatusChanged` on the `fleet-status` DPS topic (SignalR bridge tracked as F16). |
+| `RedundancyStateActor` | `Redundancy/RedundancyStateActor.cs` | `RedundancyStateActorKey` | Cluster-event subscriber; debounces 250 ms; publishes `RedundancyStateChanged` on the `redundancy-state` DPS topic. |
+
+All five register via `WithOtOpcUaControlPlaneSingletons()` (extension on `AkkaConfigurationBuilder`). Each uses `ClusterSingletonOptions { Role = "admin" }` so the singleton runs on the admin role-leader and migrates to the next admin node on failover.
+
+```csharp
+// Program.cs (admin role only)
+builder.Services.AddAkka("otopcua", (ab, sp) =>
+{
+ ab.WithOtOpcUaClusterBootstrap(sp);
+ if (hasAdmin) ab.WithOtOpcUaControlPlaneSingletons();
+ if (hasDriver) ab.WithOtOpcUaRuntimeActors();
+});
+```
+
+Resolve from anywhere via `IRequiredActor` or the `ActorRegistry`:
+
+```csharp
+public sealed class AdminOperationsClient(ActorRegistry registry) : IAdminOperationsClient
+{
+ private readonly IActorRef _proxy = registry.Get();
+ // ...
+}
+```
+
+## Deploy flow
+
+```
+UI → IAdminOperationsClient.StartDeploymentAsync(createdBy)
+ │ Ask the AdminOperationsActor singleton proxy
+ ▼
+AdminOperationsActor
+ │ ConfigComposer.SnapshotAndFlattenAsync(db) → ConfigArtifact(blob, revHash)
+ │ insert Deployment(Dispatching) + ConfigEdit marker
+ │ Tell coordinator → DispatchDeployment
+ ▼
+ConfigPublishCoordinator
+ │ DiscoverDriverNodes() → expected ACK set (host:port per member)
+ │ insert NodeDeploymentState(Applying) per driver
+ │ Publish DispatchDeployment on "deployments" topic
+ │ Start apply-deadline timer (2 min default)
+ ▼ DistributedPubSub
+DriverHostActor (on each driver node — subscribed to "deployments")
+ │ PreStart subscribed; current state Steady(rev)
+ │ if currentRev == msg.rev → immediate ApplyAck(Applied) (idempotent)
+ │ else Become(Applying) → write NodeDeploymentStatus → ApplyAck
+ ▼ via "deployment-acks" topic
+ConfigPublishCoordinator (subscribed to "deployment-acks" in PreStart)
+ │ PersistNodeAck + collect
+ │ all-Applied → Sealed
+ │ any-Failed → PartiallyFailed
+ │ deadline → TimedOut
+```
+
+The dedicated `deployment-acks` topic + coordinator subscription was added in commit `5cfbe8b`. Before that, ACKs were published back on `deployments` and the coordinator (not subscribed) silently dropped them — deployments hung at `AwaitingApplyAcks` forever in multi-node tests.
+
+### Failover recovery
+
+If the admin singleton fails over mid-deploy, the new instance's `PreStart` queries `NodeDeploymentState` for any `Dispatching`/`AwaitingApplyAcks` row, rebuilds `_expectedAcks` + `_acks` from persisted state, and resumes the deadline timer. See `Coordinators/ConfigPublishCoordinator.cs::PreStart`.
+
+## ConfigComposer
+
+Pure function `SnapshotAndFlattenAsync(db) → ConfigArtifact(byte[], string)`:
+
+1. Reads every live-edit table.
+2. Serialises to a stable byte[] (deterministic ordering).
+3. Computes SHA-256 over the bytes → 64-hex `RevisionHash`.
+
+Same DB state → same artifact + same hash. That's what makes the `NoChanges` outcome work (AdminOperations compares the proposed hash to the last sealed deployment's hash).
+
+## ServiceLevelCalculator
+
+Pure function exposed at `Redundancy/ServiceLevelCalculator.Compute(NodeHealthInputs)`. Returns the OPC UA `ServiceLevel` byte per the truth table in [Redundancy.md](../Redundancy.md#servicelevel-tiers-part-5-65). No side effects; trivially unit-testable.
+
+## DPS topics
+
+| Topic | Publisher | Subscribers |
+|---|---|---|
+| `deployments` | ConfigPublishCoordinator | DriverHostActor (per-node) |
+| `deployment-acks` | DriverHostActor | ConfigPublishCoordinator |
+| `fleet-status` | FleetStatusBroadcaster | (SignalR bridge — F16) |
+| `redundancy-state` | RedundancyStateActor | (per-node ServiceLevel calc — F10) |
+
+## Tests
+
+`tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests/` — 29 tests covering coordinator (happy path, timeout, failover recovery), AdminOps (StartDeployment outcomes), AuditWriter (batching, dedup), FleetStatusBroadcaster (heartbeat staleness), RedundancyStateActor (debounce, snapshot), ConfigComposer (purity), ServiceLevelCalculator (truth table).
+
+Multi-node tests (cross-ActorSystem) are in `tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/`.
diff --git a/docs/v2/Runtime.md b/docs/v2/Runtime.md
new file mode 100644
index 0000000..40bf820
--- /dev/null
+++ b/docs/v2/Runtime.md
@@ -0,0 +1,126 @@
+# OtOpcUa.Runtime
+
+Driver-role actor tree — one set per node. Path: `src/Server/ZB.MOM.WW.OtOpcUa.Runtime/`.
+
+## Actor tree
+
+```
+ DriverHostActor (per node)
+ │ state machine: Steady ⇄ Applying ⇄ Stale
+ │
+ ├──▶ DriverInstanceActor (per configured DriverInstance row)
+ │ state: Connecting → Connected → Reconnecting (or Stubbed)
+ │
+ ├──▶ VirtualTagActor (per VirtualTag row)
+ │ compiles + evaluates expression, publishes derived value
+ │
+ ├──▶ ScriptedAlarmActor (per ScriptedAlarm row)
+ │ state: Inactive ⇄ Active ⇄ Acknowledged
+ │
+ ├──▶ OpcUaPublishActor (per node, pinned dispatcher)
+ │ marshalled OPC UA SDK writes + RebuildAddressSpace
+ │
+ ├──▶ HistorianAdapterActor (per node)
+ │ pipe IPC to Wonderware historian sidecar
+ │
+ ├──▶ PeerOpcUaProbeActor (per peer node)
+ │ opc.tcp ping → redundancy-state DPS topic
+ │
+ └──▶ DbHealthProbeActor (per node)
+ cached SELECT 1; consumed by /health/ready + redundancy calc
+```
+
+## Public surface
+
+| Type | File |
+|---|---|
+| `WithOtOpcUaRuntimeActors()` | `ServiceCollectionExtensions.cs` — extension on `AkkaConfigurationBuilder`. Spawns `DriverHostActor` + `DbHealthProbeActor` on the host's ActorSystem. |
+| `DriverHostActor` | `Drivers/DriverHostActor.cs` |
+| `DriverInstanceActor` | `Drivers/DriverInstanceActor.cs` |
+| `VirtualTagActor` | `VirtualTags/VirtualTagActor.cs` |
+| `ScriptedAlarmActor` | `ScriptedAlarms/ScriptedAlarmActor.cs` |
+| `OpcUaPublishActor` | `OpcUa/OpcUaPublishActor.cs` |
+| `HistorianAdapterActor` | `Historian/HistorianAdapterActor.cs` |
+| `PeerOpcUaProbeActor` | `Health/PeerOpcUaProbeActor.cs` |
+| `DbHealthProbeActor` | `Health/DbHealthProbeActor.cs` |
+
+Marker keys for registry lookup: `DriverHostActorKey`, `DbHealthProbeActorKey`.
+
+## DriverHostActor
+
+Per-node supervisor with three Become states:
+
+| State | Meaning |
+|---|---|
+| `Steady(rev)` | Caught up. `DispatchDeployment` with `msg.rev == currentRev` → immediate `ApplyAck(Applied)` (idempotent). New rev → `Become(Applying)`. |
+| `Applying(id)` | Apply in progress. Further `DispatchDeployment` for in-flight ID → debug-log + ignore. For new ID → defer via `Self.Forward`. |
+| `Stale` | ConfigDb unreachable on bootstrap. Periodic `RetryConfigDbConnection` tries to advance to `Steady`. |
+
+`PreStart`:
+
+1. Subscribe to `deployments` DPS topic.
+2. Read most-recent `NodeDeploymentState` for this node from ConfigDb.
+3. If `Applied` → restore `_currentRevision`, `Become(Steady)`.
+4. If `Applying` (orphan from crash) → replay apply (idempotent).
+5. If `Failed` → `Become(Steady)` at last known rev.
+6. DB unreachable → `Become(Stale)`, start retry timer.
+
+ACK publishing: when no `_coordinatorOverride` is set (production), `SendAck` publishes on the dedicated `deployment-acks` DPS topic which the coordinator subscribes to (commit `5cfbe8b`).
+
+## DriverInstanceActor
+
+Per-driver-instance child. State machine:
+
+- `Connecting` → first attempt to reach the underlying driver
+- `Connected` → subscriptions active, reads/writes flow
+- `Reconnecting` → temporary disconnect; backoff retry
+- `Stubbed` → DEV-STUB mode for Windows-only drivers (Galaxy, Wonderware Historian) on non-Windows or when `roles` contains `dev`
+
+`ShouldStub(driverType, roles)` returns `true` for `"Galaxy" | "Historian.Wonderware"` on non-Windows; the actor goes straight to `Stubbed` and returns deterministic success without touching real hardware. Wiring this into the DriverHost child-spawn path is follow-up F20 (folds into F7).
+
+Engine wiring (subscription publishing, ApplyDelta diff, bad-quality-on-disconnect, write path, supervisor backoff) is stubbed — tracked as F7. Tests exercise message contracts, not engine behaviour.
+
+## VirtualTagActor / ScriptedAlarmActor
+
+Skeleton state machines + message handlers. Engine work:
+
+- `VirtualTagEngine.Evaluate()` not yet called from `VirtualTagActor.DependencyValueChanged` (F8).
+- `AlarmConditionService` not yet called from `ScriptedAlarmActor` (F9).
+- `ScriptedAlarmState` DB persistence on `PreRestart` not wired (F9).
+
+## OpcUaPublishActor
+
+The only actor on the **pinned dispatcher** (`opcua-synchronized-dispatcher` from `akka.conf`). All OPC UA SDK address-space writes go through it so the SDK's threading model isn't violated.
+
+Message contracts are defined; actual SDK calls are stubbed (counters only). Real address-space writes + `ServiceLevel` Variable updates + `RebuildAddressSpace` after a deploy land in F10 (gated on F13 — full `OpcUaApplicationHost` extraction).
+
+## HistorianAdapterActor, PeerOpcUaProbeActor
+
+Both have message contracts wired. Engine integration deferred:
+
+- `HistorianAdapterActor` — named-pipe IPC to the Wonderware historian sidecar + `SqliteStoreAndForwardSink` (F11).
+- `PeerOpcUaProbeActor` — real `opc.tcp://peer:4840` ping (F12). Current stub always returns `Ok=true`.
+
+## DbHealthProbeActor
+
+`Ask` returns cached state (refreshed every 5 s by an internal `SELECT 1`). Consumed by `/health/ready` and `RedundancyStateActor`.
+
+## Lifecycle wiring
+
+```csharp
+// Program.cs (driver role only)
+builder.Services.AddAkka("otopcua", (ab, sp) =>
+{
+ ab.WithOtOpcUaClusterBootstrap(sp);
+ if (hasAdmin) ab.WithOtOpcUaControlPlaneSingletons();
+ if (hasDriver) ab.WithOtOpcUaRuntimeActors();
+});
+```
+
+`WithOtOpcUaRuntimeActors` resolves `IDbContextFactory` + `IClusterRoleInfo` from DI, then spawns `DbHealthProbeActor` and `DriverHostActor` as top-level `/user/` actors. Both register marker keys in `ActorRegistry` so the registry lookup works from anywhere.
+
+## Tests
+
+`tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests/` — 16 tests covering DriverHostActor (Steady ack, Applying transitions, Stale recovery), DriverInstanceActor (state machine, stub mode), VirtualTagActor + ScriptedAlarmActor (message contracts), OpcUaPublishActor (props + message acceptance), DbHealthProbe + PeerOpcUaProbe (probe loop), and the `WithOtOpcUaRuntimeActors` registration round-trip.
+
+End-to-end deploy from admin → driver via the cluster is in `tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests/DeployHappyPathTests.cs`.
diff --git a/scripts/install/Install-Services.ps1 b/scripts/install/Install-Services.ps1
index 15a5b0a..32e6bc3 100644
--- a/scripts/install/Install-Services.ps1
+++ b/scripts/install/Install-Services.ps1
@@ -1,46 +1,63 @@
<#
.SYNOPSIS
- Registers the v2 Windows services on a node: OtOpcUa (main server, net10) and
- optionally OtOpcUaWonderwareHistorian (Wonderware historian sidecar).
+ Registers the v2 Windows service on a node: OtOpcUaHost (fused binary, .NET 10)
+ and optionally OtOpcUaWonderwareHistorian (Wonderware historian sidecar, net48 x86).
.DESCRIPTION
- PR 7.2 retired the legacy out-of-process OtOpcUaGalaxyHost service alongside the
- GalaxyProxyDriver / GalaxyHost / GalaxyShared projects. Galaxy access now flows
- through the in-process GalaxyDriver talking gRPC to a separately-installed
- mxaccessgw. The mxaccessgw server runs out of its own repo
- (`c:\Users\dohertj2\Desktop\mxaccessgw\`) — see
- `docs/v2/Galaxy.ParityRig.md` for the gw setup recipe.
+ v2 consolidates the legacy OtOpcUa + OtOpcUaAdmin services into a single role-gated
+ OtOpcUaHost binary. The -Roles parameter sets the OTOPCUA_ROLES service env so
+ Program.cs decides what to mount (admin / driver / both). The Wonderware historian
+ sidecar logic is unchanged from v1; install it with -InstallWonderwareHistorian.
+
+ Galaxy access flows through the mxaccessgw sibling repo (separate service); see
+ docs/v2/Galaxy.ParityRig.md for the gateway setup.
.PARAMETER InstallRoot
- Where the binaries live (typically C:\Program Files\OtOpcUa).
+ Where the binaries live (typically C:\Program Files\OtOpcUa). The OtOpcUaHost
+ service runs OtOpcUa.Host.exe from this directory; publish the Host project there
+ with `dotnet publish -c Release -r win-x64 --self-contained` first.
.PARAMETER ServiceAccount
- Service account SID or DOMAIN\name. The OtOpcUa service runs under this account.
+ Service account SID or DOMAIN\name. The OtOpcUaHost service runs under this account.
+
+.PARAMETER Roles
+ Comma-separated cluster roles for this node. One of:
+ - "admin,driver" — single-node dev or all-in-one production node
+ - "admin" — admin-only HA pair member (Blazor + control-plane singletons)
+ - "driver" — driver-only node (OPC UA endpoint + per-node actors)
+ Written to the service env as OTOPCUA_ROLES.
+
+.PARAMETER HttpPort
+ HTTP port for the AdminUI + auth endpoints. Default 9000. Written as ASPNETCORE_URLS.
+ Ignored on driver-only nodes (no Blazor surface).
.PARAMETER InstallWonderwareHistorian
- Gate the OtOpcUaWonderwareHistorian sidecar install. Off by default; set when
- the deployment uses the Wonderware historian for history reads + alarm-event
- persistence.
+ Gate the OtOpcUaWonderwareHistorian sidecar install. Off by default; set when the
+ deployment uses the Wonderware historian for history reads + alarm-event persistence.
.PARAMETER HistorianSharedSecret
- Per-process secret passed to the Historian sidecar via env var. Generated
- freshly per install when not supplied.
+ Per-process secret passed to the historian sidecar via env var. Generated freshly
+ per install when not supplied.
.EXAMPLE
- .\Install-Services.ps1 -InstallRoot 'C:\Program Files\OtOpcUa' -ServiceAccount 'OTOPCUA\svc-otopcua'
+ .\Install-Services.ps1 -InstallRoot 'C:\Program Files\OtOpcUa' `
+ -ServiceAccount 'OTOPCUA\svc-otopcua' -Roles 'admin,driver'
.EXAMPLE
- .\Install-Services.ps1 -InstallRoot 'C:\Program Files\OtOpcUa' -ServiceAccount 'OTOPCUA\svc-otopcua' `
+ .\Install-Services.ps1 -InstallRoot 'C:\Program Files\OtOpcUa' `
+ -ServiceAccount 'OTOPCUA\svc-otopcua' -Roles 'driver' `
-InstallWonderwareHistorian
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)] [string]$InstallRoot,
[Parameter(Mandatory)] [string]$ServiceAccount,
+ [Parameter(Mandatory)] [ValidateSet('admin', 'driver', 'admin,driver', 'driver,admin')]
+ [string]$Roles,
+ [int]$HttpPort = 9000,
- # PR 3.W — Wonderware historian sidecar. Optional; gates the
- # OtOpcUaWonderwareHistorian service. Secret + pipe defaults match the server's
- # Historian:Wonderware appsettings block.
+ # Wonderware historian sidecar. Optional; gates the OtOpcUaWonderwareHistorian
+ # service. Secret + pipe defaults match the server's Historian:Wonderware appsettings.
[switch]$InstallWonderwareHistorian,
[string]$HistorianSharedSecret,
[string]$HistorianPipeName = 'OtOpcUaWonderwareHistorian',
@@ -51,18 +68,19 @@ param(
$ErrorActionPreference = 'Stop'
-if (-not (Test-Path "$InstallRoot\OtOpcUa.Server.exe")) {
- Write-Error "OtOpcUa.Server.exe not found at $InstallRoot — copy the publish output first"
+if (-not (Test-Path "$InstallRoot\OtOpcUa.Host.exe")) {
+ Write-Error "OtOpcUa.Host.exe not found at $InstallRoot — copy the publish output first"
exit 1
}
-# Generate fresh shared secrets per install if not supplied.
function New-SharedSecret {
$bytes = New-Object byte[] 32
[System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes)
return [Convert]::ToBase64String($bytes)
}
-if ($InstallWonderwareHistorian -and -not $HistorianSharedSecret) { $HistorianSharedSecret = New-SharedSecret }
+if ($InstallWonderwareHistorian -and -not $HistorianSharedSecret) {
+ $HistorianSharedSecret = New-SharedSecret
+}
if ($InstallWonderwareHistorian -and -not (Test-Path "$InstallRoot\WonderwareHistorian\OtOpcUa.Driver.Historian.Wonderware.exe")) {
Write-Error "OtOpcUa.Driver.Historian.Wonderware.exe not found at $InstallRoot\WonderwareHistorian — copy the publish output first"
@@ -76,10 +94,7 @@ $sid = if ($ServiceAccount.StartsWith('S-1-')) {
(New-Object System.Security.Principal.NTAccount $ServiceAccount).Translate([System.Security.Principal.SecurityIdentifier]).Value
}
-# --- Install OtOpcUaWonderwareHistorian (PR 3.W) — separate sidecar that exposes the
-# Wonderware Historian SDK via a named-pipe protocol consumed by the .NET 10 server.
-# Optional: only installed when -InstallWonderwareHistorian is supplied. Depends on the
-# hard AVEVA services that host the historian SDK runtime path.
+# --- OtOpcUaWonderwareHistorian sidecar (optional, unchanged from v1) -------
$historianDepend = $null
if ($InstallWonderwareHistorian) {
$historianEnv = @(
@@ -87,14 +102,10 @@ if ($InstallWonderwareHistorian) {
"OTOPCUA_ALLOWED_SID=$sid"
"OTOPCUA_HISTORIAN_SECRET=$HistorianSharedSecret"
"OTOPCUA_HISTORIAN_ENABLED=true"
- # Default-on when the historian sidecar is installed; flip to false for a
- # read-only deployment that still loads aahClientManaged for reads but
- # rejects WriteAlarmEvents frames.
"OTOPCUA_HISTORIAN_ALARM_WRITE_ENABLED=true"
"OTOPCUA_HISTORIAN_SERVER=$HistorianServer"
"OTOPCUA_HISTORIAN_PORT=$HistorianPort"
- ) -join "`0"
- $historianEnv += "`0`0"
+ )
Write-Host "Installing OtOpcUaWonderwareHistorian..."
& sc.exe create OtOpcUaWonderwareHistorian binPath= "`"$InstallRoot\WonderwareHistorian\OtOpcUa.Driver.Historian.Wonderware.exe`"" `
@@ -105,36 +116,59 @@ if ($InstallWonderwareHistorian) {
& sc.exe config OtOpcUaWonderwareHistorian start= delayed-auto | Out-Null
$svcKey = "HKLM:\SYSTEM\CurrentControlSet\Services\OtOpcUaWonderwareHistorian"
- $envValue = $historianEnv.Split("`0") | Where-Object { $_ -ne '' }
- Set-ItemProperty -Path $svcKey -Name 'Environment' -Type MultiString -Value $envValue
+ Set-ItemProperty -Path $svcKey -Name 'Environment' -Type MultiString -Value $historianEnv
+
+ & sc.exe failure OtOpcUaWonderwareHistorian reset= 86400 actions= restart/5000/restart/30000/restart/60000 | Out-Null
$historianDepend = 'OtOpcUaWonderwareHistorian'
}
-# --- Install OtOpcUa. Galaxy access flows through GalaxyDriver → mxaccessgw (gRPC),
-# so OtOpcUa no longer depends on a sibling service for Galaxy connectivity. The
-# mxaccessgw is installed separately. When the Wonderware sidecar is installed,
-# depend on it for startup ordering.
-$otOpcUaDepends = @()
-if ($historianDepend) { $otOpcUaDepends += $historianDepend }
+# --- OtOpcUaHost (the fused v2 binary) --------------------------------------
+$normalisedRoles = ($Roles -split ',' | ForEach-Object { $_.Trim() } | Sort-Object -Unique) -join ','
-Write-Host "Installing OtOpcUa..."
+$hasAdmin = $normalisedRoles -split ',' -contains 'admin'
+
+$hostEnv = @(
+ "OTOPCUA_ROLES=$normalisedRoles",
+ 'DOTNET_ENVIRONMENT=Production'
+)
+if ($hasAdmin) {
+ $hostEnv += "ASPNETCORE_URLS=http://+:$HttpPort"
+}
+
+$hostDepends = @()
+if ($historianDepend) { $hostDepends += $historianDepend }
+
+Write-Host "Installing OtOpcUaHost (roles=$normalisedRoles)..."
$createArgs = @(
- 'create', 'OtOpcUa',
- 'binPath=', "`"$InstallRoot\OtOpcUa.Server.exe`"",
- 'DisplayName=', 'OtOpcUa Server',
+ 'create', 'OtOpcUaHost',
+ 'binPath=', "`"$InstallRoot\OtOpcUa.Host.exe`"",
+ 'DisplayName=', "OtOpcUa Host ($normalisedRoles)",
'start=', 'auto',
'obj=', $ServiceAccount
)
-if ($otOpcUaDepends.Count -gt 0) {
- $createArgs += @('depend=', ($otOpcUaDepends -join '/'))
+if ($hostDepends.Count -gt 0) {
+ $createArgs += @('depend=', ($hostDepends -join '/'))
}
& sc.exe @createArgs | Out-Null
+# Env block via registry MultiString (sc.exe doesn't take env directly).
+$svcKey = "HKLM:\SYSTEM\CurrentControlSet\Services\OtOpcUaHost"
+Set-ItemProperty -Path $svcKey -Name 'Environment' -Type MultiString -Value $hostEnv
+
+# Restart-on-failure: 5s, 30s, 60s; reset counter after a clean 24h run.
+& sc.exe failure OtOpcUaHost reset= 86400 actions= restart/5000/restart/30000/restart/60000 | Out-Null
+
Write-Host ""
-Write-Host "Installed. Start with:"
+Write-Host "Installed OtOpcUaHost:"
+Write-Host " Roles: $normalisedRoles"
+if ($hasAdmin) { Write-Host " HTTP port: $HttpPort" }
+Write-Host " Binary: $InstallRoot\OtOpcUa.Host.exe"
+Write-Host " Account: $ServiceAccount"
+Write-Host ""
+Write-Host "Start with:"
if ($InstallWonderwareHistorian) { Write-Host " sc.exe start OtOpcUaWonderwareHistorian" }
-Write-Host " sc.exe start OtOpcUa"
+Write-Host " sc.exe start OtOpcUaHost"
if ($InstallWonderwareHistorian) {
Write-Host ""
Write-Host "Wonderware historian shared secret (configure into appsettings.json Historian:Wonderware:SharedSecret):"
@@ -142,5 +176,5 @@ if ($InstallWonderwareHistorian) {
}
Write-Host ""
Write-Host "NOTE: Galaxy access flows through mxaccessgw — install + run that separately"
-Write-Host " per docs/v2/Galaxy.ParityRig.md. OtOpcUa connects via the Galaxy.Gateway"
-Write-Host " section of appsettings.json (default endpoint http://localhost:5120)."
+Write-Host " per docs/v2/Galaxy.ParityRig.md. OtOpcUaHost connects via the"
+Write-Host " Galaxy.Gateway section of appsettings.json (default http://localhost:5120)."
diff --git a/scripts/install/Install-Traefik.ps1 b/scripts/install/Install-Traefik.ps1
new file mode 100644
index 0000000..49cd817
--- /dev/null
+++ b/scripts/install/Install-Traefik.ps1
@@ -0,0 +1,68 @@
+<#
+.SYNOPSIS
+ Installs Traefik as a Windows service that routes admin HTTP traffic to whichever
+ OtOpcUa.Host node holds the admin role-leader (via /health/active).
+
+.DESCRIPTION
+ Downloads the Traefik Windows binary into $InstallRoot, drops traefik.yml +
+ traefik-dynamic.yml from this directory next to it, and registers Traefik as a
+ Windows service via sc.exe with restart-on-failure.
+
+ Companion to Install-Services.ps1. Run on the box that fronts the admin HTTP
+ traffic (typically a separate node from OtOpcUaHost, or co-located on the
+ primary admin node).
+
+.PARAMETER InstallRoot
+ Where the Traefik binary + config land. Default 'C:\Program Files\Traefik'.
+
+.PARAMETER TraefikVersion
+ Traefik version to download. Default 'v3.1.6'.
+
+.EXAMPLE
+ .\Install-Traefik.ps1 -InstallRoot 'C:\Program Files\Traefik'
+#>
+[CmdletBinding()]
+param(
+ [string]$InstallRoot = 'C:\Program Files\Traefik',
+ [string]$TraefikVersion = 'v3.1.6'
+)
+
+$ErrorActionPreference = 'Stop'
+
+if (-not (Test-Path $InstallRoot)) {
+ New-Item -ItemType Directory -Path $InstallRoot | Out-Null
+}
+
+$zip = Join-Path $env:TEMP "traefik-$TraefikVersion.zip"
+$url = "https://github.com/traefik/traefik/releases/download/$TraefikVersion/traefik_${TraefikVersion}_windows_amd64.zip"
+
+Write-Host "Downloading Traefik $TraefikVersion..."
+Invoke-WebRequest -Uri $url -OutFile $zip
+Expand-Archive -Path $zip -DestinationPath $InstallRoot -Force
+Remove-Item $zip
+
+$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+Copy-Item -Force (Join-Path $scriptDir 'traefik.yml') $InstallRoot
+Copy-Item -Force (Join-Path $scriptDir 'traefik-dynamic.yml') (Join-Path $InstallRoot 'dynamic.yml')
+
+# Traefik reads dynamic.yml from /etc/traefik on Linux; on Windows place it next to the
+# binary and point the file provider at it. Edit traefik.yml's `filename:` if you want
+# to change the location.
+(Get-Content -Raw (Join-Path $InstallRoot 'traefik.yml')) `
+ -replace '/etc/traefik/dynamic.yml', (Join-Path $InstallRoot 'dynamic.yml').Replace('\', '/') `
+ | Set-Content (Join-Path $InstallRoot 'traefik.yml')
+
+Write-Host "Installing Traefik Windows service..."
+& sc.exe create OtOpcUaTraefik binPath= "`"$InstallRoot\traefik.exe`" --configFile=`"$InstallRoot\traefik.yml`"" `
+ DisplayName= 'OtOpcUa Traefik (admin HTTP front door)' `
+ start= auto | Out-Null
+
+& sc.exe failure OtOpcUaTraefik reset= 86400 actions= restart/5000/restart/30000/restart/60000 | Out-Null
+
+Write-Host ""
+Write-Host "Installed OtOpcUaTraefik. Edit:"
+Write-Host " $InstallRoot\dynamic.yml (router + service definitions)"
+Write-Host "Start with:"
+Write-Host " sc.exe start OtOpcUaTraefik"
+Write-Host ""
+Write-Host "Traefik dashboard: http://localhost:8080 (turn off api.insecure in production)"
diff --git a/scripts/install/Refresh-Services.ps1 b/scripts/install/Refresh-Services.ps1
index 1b7a62e..bd81e10 100644
--- a/scripts/install/Refresh-Services.ps1
+++ b/scripts/install/Refresh-Services.ps1
@@ -43,11 +43,11 @@ function Test-NssmService([string]$Name) {
# Step 1: Stop in reverse dependency order
# ------------------------------------------------------------------------
-Step "Stopping services (OtOpcUa → OtOpcUaWonderwareHistorian → MxAccessGw)"
+Step "Stopping services (OtOpcUaHost > OtOpcUaWonderwareHistorian > MxAccessGw)"
-foreach ($name in @('OtOpcUa', 'OtOpcUaWonderwareHistorian', 'MxAccessGw')) {
+foreach ($name in @('OtOpcUaHost', 'OtOpcUaWonderwareHistorian', 'MxAccessGw')) {
if (Test-NssmService $name) {
- Run { nssm stop $name } "stop $name"
+ Run { Stop-Service $name -Force -ErrorAction SilentlyContinue } "stop $name"
}
else {
Write-Host " ($name not installed; skipping)" -ForegroundColor DarkGray
@@ -56,7 +56,7 @@ foreach ($name in @('OtOpcUa', 'OtOpcUaWonderwareHistorian', 'MxAccessGw')) {
if (-not $WhatIf) {
Start-Sleep -Seconds 3
- Get-Process MxGateway.Server, MxGateway.Worker, OtOpcUa.Server, OtOpcUa.Driver.Historian.Wonderware -ErrorAction SilentlyContinue |
+ Get-Process MxGateway.Server, MxGateway.Worker, OtOpcUa.Host, OtOpcUa.Driver.Historian.Wonderware -ErrorAction SilentlyContinue |
ForEach-Object {
Write-Host " killing residual process $($_.ProcessName) (PID=$($_.Id))" -ForegroundColor DarkYellow
Stop-Process -Id $_.Id -Force -ErrorAction SilentlyContinue
@@ -109,14 +109,14 @@ Run {
# Step 4: Refresh OtOpcUa + Wonderware historian sidecar
# ------------------------------------------------------------------------
-Step "Publishing OtOpcUa server + Wonderware historian sidecar from $RepoRoot"
+Step "Publishing OtOpcUa.Host + Wonderware historian sidecar from $RepoRoot"
Run {
- & dotnet publish "$RepoRoot\src\Server\ZB.MOM.WW.OtOpcUa.Server" `
+ & dotnet publish "$RepoRoot\src\Server\ZB.MOM.WW.OtOpcUa.Host" `
-c Release -o (Join-Path $PublishRoot "lmxopcua") | Out-Null
& dotnet publish "$RepoRoot\src\Drivers\ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware" `
-c Release -o (Join-Path $PublishRoot "lmxopcua\WonderwareHistorian") | Out-Null
-} "dotnet publish (Server + sidecar)"
+} "dotnet publish (Host + sidecar)"
# ------------------------------------------------------------------------
# Step 5: Service env block — ensure OTOPCUA_HISTORIAN_ALARM_WRITE_ENABLED
@@ -143,16 +143,16 @@ if (Test-NssmService 'OtOpcUaWonderwareHistorian') {
# Step 6: Start in forward dependency order
# ------------------------------------------------------------------------
-Step "Starting services (MxAccessGw → OtOpcUaWonderwareHistorian → OtOpcUa)"
+Step "Starting services (MxAccessGw > OtOpcUaWonderwareHistorian > OtOpcUaHost)"
foreach ($pair in @(
@{ Name = 'MxAccessGw'; Wait = 4 },
@{ Name = 'OtOpcUaWonderwareHistorian'; Wait = 4 },
- @{ Name = 'OtOpcUa'; Wait = 8 }
+ @{ Name = 'OtOpcUaHost'; Wait = 8 }
)) {
$name = $pair.Name
if (Test-NssmService $name) {
- Run { nssm start $name } "start $name"
+ Run { Start-Service $name } "start $name"
if (-not $WhatIf) { Start-Sleep -Seconds $pair.Wait }
}
else {
@@ -167,7 +167,7 @@ foreach ($pair in @(
Step "Smoke verification"
if (-not $WhatIf) {
- foreach ($name in @('MxAccessGw', 'OtOpcUaWonderwareHistorian', 'OtOpcUa')) {
+ foreach ($name in @('MxAccessGw', 'OtOpcUaWonderwareHistorian', 'OtOpcUaHost')) {
if (Test-NssmService $name) {
$status = (Get-Service $name).Status
$color = if ($status -eq 'Running') { 'Green' } else { 'Red' }
diff --git a/scripts/install/Uninstall-Services.ps1 b/scripts/install/Uninstall-Services.ps1
index f5c8206..2fd172b 100644
--- a/scripts/install/Uninstall-Services.ps1
+++ b/scripts/install/Uninstall-Services.ps1
@@ -3,16 +3,17 @@
Stops + removes the v2 services. Mirrors Install-Services.ps1.
.DESCRIPTION
- PR 7.2 retired the legacy OtOpcUaGalaxyHost service. Galaxy access now flows
- through the in-process GalaxyDriver against a separately-installed mxaccessgw.
- OtOpcUaGalaxyHost is included in the cleanup loop below so this script safely
- removes it from any rig still carrying the legacy service from a pre-7.2
- install.
+ Removes the v2 OtOpcUaHost service plus the optional OtOpcUaWonderwareHistorian
+ sidecar. Also cleans up legacy service names from prior installs:
+ - OtOpcUa (v1 server) — replaced by OtOpcUaHost in v2
+ - OtOpcUaAdmin (v1 admin) — fused into OtOpcUaHost in v2
+ - OtOpcUaGalaxyHost (pre-7.2 Galaxy host) — long-retired
#>
[CmdletBinding()] param()
$ErrorActionPreference = 'Continue'
-foreach ($svc in 'OtOpcUa', 'OtOpcUaWonderwareHistorian', 'OtOpcUaGalaxyHost') {
+foreach ($svc in 'OtOpcUaHost', 'OtOpcUaWonderwareHistorian',
+ 'OtOpcUa', 'OtOpcUaAdmin', 'OtOpcUaGalaxyHost') {
if (Get-Service $svc -ErrorAction SilentlyContinue) {
Write-Host "Stopping $svc..."
Stop-Service $svc -Force -ErrorAction SilentlyContinue
diff --git a/scripts/install/traefik-dynamic.yml b/scripts/install/traefik-dynamic.yml
new file mode 100644
index 0000000..00fe687
--- /dev/null
+++ b/scripts/install/traefik-dynamic.yml
@@ -0,0 +1,24 @@
+# Dynamic (file-provider) Traefik config for the OtOpcUa admin HTTP routing.
+# Picked up by traefik.yml's file provider (with watch: true) so router/service
+# edits hot-reload without a Traefik restart.
+
+http:
+ routers:
+ otopcua-admin:
+ entryPoints: ["web"]
+ rule: "HostRegexp(`otopcua.*`)"
+ service: otopcua-admin
+
+ services:
+ otopcua-admin:
+ loadBalancer:
+ servers:
+ - url: "http://admin-a:9000"
+ - url: "http://admin-b:9000"
+ healthCheck:
+ path: /health/active
+ interval: 5s
+ timeout: 2s
+ # Default expected status is 2xx. Followers return 503 from
+ # /health/active so Traefik will drop them from the balancer
+ # within the next interval after a leadership change.
diff --git a/scripts/install/traefik.yml b/scripts/install/traefik.yml
new file mode 100644
index 0000000..cc0bd46
--- /dev/null
+++ b/scripts/install/traefik.yml
@@ -0,0 +1,30 @@
+# Traefik static configuration for the OtOpcUa fleet HTTP front door.
+#
+# Routes admin-role HTTP traffic (Blazor + auth + SignalR + /auth/*) to whichever
+# OtOpcUa.Host node currently holds the admin role-leader. Uses the /health/active
+# endpoint as the active-leader signal: a node returns 200 only when it is the
+# Akka admin role-leader; followers return 503 and Traefik routes around them.
+#
+# OPC UA traffic is NOT routed through Traefik — clients connect directly to
+# opc.tcp://node:4840 on every driver node and use the standard ServiceLevel
+# heuristic for failover.
+
+entryPoints:
+ web:
+ address: ":80"
+
+providers:
+ file:
+ filename: /etc/traefik/dynamic.yml
+ watch: true
+
+api:
+ insecure: true
+ dashboard: true
+
+log:
+ level: INFO
+ format: common
+
+accessLog:
+ format: common
diff --git a/scripts/migration/Migrate-To-V2.ps1 b/scripts/migration/Migrate-To-V2.ps1
new file mode 100644
index 0000000..cbd512e
--- /dev/null
+++ b/scripts/migration/Migrate-To-V2.ps1
@@ -0,0 +1,59 @@
+<#
+.SYNOPSIS
+ Idempotent migration runner that takes the OtOpcUaConfig database from the v1 schema
+ (with ConfigGeneration / ClusterNodeGenerationState) to the v2 hosting-aligned schema
+ (with Deployment / NodeDeploymentState / ConfigEdit / DataProtectionKeys).
+
+.DESCRIPTION
+ Backs the database up, applies the idempotent EF migration script, then validates that
+ expected tables exist and legacy tables are gone. Safe to re-run — the EF script itself
+ is idempotent, and the backup picks a unique filename per invocation.
+
+.PARAMETER ConnectionString
+ Mandatory. Full ADO.NET connection string with permissions to BACKUP DATABASE and
+ apply DDL on the target ConfigDb.
+
+.PARAMETER BackupPath
+ Optional. Full path for the backup file. Defaults to a timestamped path under $env:TEMP.
+
+.EXAMPLE
+ .\Migrate-To-V2.ps1 -ConnectionString "Server=sql01;Database=OtOpcUaConfig;Trusted_Connection=True;TrustServerCertificate=True"
+#>
+[CmdletBinding()]
+param(
+ [Parameter(Mandatory)][string] $ConnectionString,
+ [string] $BackupPath = "$env:TEMP\OtOpcUa-V1-Backup-$(Get-Date -Format yyyyMMddHHmmss).bak"
+)
+
+$ErrorActionPreference = 'Stop'
+
+if (-not (Get-Command Invoke-Sqlcmd -ErrorAction SilentlyContinue)) {
+ throw "Invoke-Sqlcmd not available. Install module: Install-Module SqlServer -Scope CurrentUser"
+}
+
+Write-Host "Step 1/4 — Backup ConfigDb to $BackupPath" -ForegroundColor Cyan
+Invoke-Sqlcmd -ConnectionString $ConnectionString `
+ -Query "BACKUP DATABASE [OtOpcUaConfig] TO DISK = '$BackupPath' WITH FORMAT, COMPRESSION"
+
+Write-Host "Step 2/4 — Row counts (before)" -ForegroundColor Cyan
+$beforeCounts = Invoke-Sqlcmd -ConnectionString $ConnectionString -InputFile "$PSScriptRoot\count-rows.sql"
+$beforeCounts | Format-Table
+
+Write-Host "Step 3/4 — Apply Migrate-To-V2.sql" -ForegroundColor Cyan
+Invoke-Sqlcmd -ConnectionString $ConnectionString -InputFile "$PSScriptRoot\Migrate-To-V2.sql" -QueryTimeout 1800
+
+Write-Host "Step 4/4 — Row counts (after) + validation" -ForegroundColor Cyan
+$afterCounts = Invoke-Sqlcmd -ConnectionString $ConnectionString -InputFile "$PSScriptRoot\count-rows.sql"
+$afterCounts | Format-Table
+
+$tablesNow = (Invoke-Sqlcmd -ConnectionString $ConnectionString `
+ -Query "SELECT name FROM sys.tables ORDER BY name").name
+
+foreach ($t in 'Deployment','NodeDeploymentState','ConfigEdit','DataProtectionKeys') {
+ if ($tablesNow -notcontains $t) { throw "Expected v2 table $t missing." }
+}
+foreach ($t in 'ConfigGeneration','ClusterNodeGenerationState') {
+ if ($tablesNow -contains $t) { throw "Legacy v1 table $t still present." }
+}
+
+Write-Host "Migration complete. Backup at $BackupPath" -ForegroundColor Green
diff --git a/scripts/migration/Migrate-To-V2.sql b/scripts/migration/Migrate-To-V2.sql
new file mode 100644
index 0000000..f3cc25d
--- /dev/null
+++ b/scripts/migration/Migrate-To-V2.sql
@@ -0,0 +1,3259 @@
+IF OBJECT_ID(N'[__EFMigrationsHistory]') IS NULL
+BEGIN
+ CREATE TABLE [__EFMigrationsHistory] (
+ [MigrationId] nvarchar(150) NOT NULL,
+ [ProductVersion] nvarchar(32) NOT NULL,
+ CONSTRAINT [PK___EFMigrationsHistory] PRIMARY KEY ([MigrationId])
+ );
+END;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ConfigAuditLog] (
+ [AuditId] bigint NOT NULL IDENTITY,
+ [Timestamp] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [Principal] nvarchar(128) NOT NULL,
+ [EventType] nvarchar(64) NOT NULL,
+ [ClusterId] nvarchar(64) NULL,
+ [NodeId] nvarchar(64) NULL,
+ [GenerationId] bigint NULL,
+ [DetailsJson] nvarchar(max) NULL,
+ CONSTRAINT [PK_ConfigAuditLog] PRIMARY KEY ([AuditId]),
+ CONSTRAINT [CK_ConfigAuditLog_DetailsJson_IsJson] CHECK (DetailsJson IS NULL OR ISJSON(DetailsJson) = 1)
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ExternalIdReservation] (
+ [ReservationId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [Kind] nvarchar(16) NOT NULL,
+ [Value] nvarchar(64) NOT NULL,
+ [EquipmentUuid] uniqueidentifier NOT NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [FirstPublishedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [FirstPublishedBy] nvarchar(128) NOT NULL,
+ [LastPublishedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [ReleasedAt] datetime2(3) NULL,
+ [ReleasedBy] nvarchar(128) NULL,
+ [ReleaseReason] nvarchar(512) NULL,
+ CONSTRAINT [PK_ExternalIdReservation] PRIMARY KEY ([ReservationId])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ServerCluster] (
+ [ClusterId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [Enterprise] nvarchar(32) NOT NULL,
+ [Site] nvarchar(32) NOT NULL,
+ [NodeCount] tinyint NOT NULL,
+ [RedundancyMode] nvarchar(16) NOT NULL,
+ [Enabled] bit NOT NULL,
+ [Notes] nvarchar(1024) NULL,
+ [CreatedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [CreatedBy] nvarchar(128) NOT NULL,
+ [ModifiedAt] datetime2(3) NULL,
+ [ModifiedBy] nvarchar(128) NULL,
+ CONSTRAINT [PK_ServerCluster] PRIMARY KEY ([ClusterId]),
+ CONSTRAINT [CK_ServerCluster_RedundancyMode_NodeCount] CHECK (((NodeCount = 1 AND RedundancyMode = 'None') OR (NodeCount = 2 AND RedundancyMode IN ('Warm', 'Hot'))))
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ClusterNode] (
+ [NodeId] nvarchar(64) NOT NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [RedundancyRole] nvarchar(16) NOT NULL,
+ [Host] nvarchar(255) NOT NULL,
+ [OpcUaPort] int NOT NULL,
+ [DashboardPort] int NOT NULL,
+ [ApplicationUri] nvarchar(256) NOT NULL,
+ [ServiceLevelBase] tinyint NOT NULL,
+ [DriverConfigOverridesJson] nvarchar(max) NULL,
+ [Enabled] bit NOT NULL,
+ [LastSeenAt] datetime2(3) NULL,
+ [CreatedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [CreatedBy] nvarchar(128) NOT NULL,
+ CONSTRAINT [PK_ClusterNode] PRIMARY KEY ([NodeId]),
+ CONSTRAINT [FK_ClusterNode_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ConfigGeneration] (
+ [GenerationId] bigint NOT NULL IDENTITY,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [Status] nvarchar(16) NOT NULL,
+ [ParentGenerationId] bigint NULL,
+ [PublishedAt] datetime2(3) NULL,
+ [PublishedBy] nvarchar(128) NULL,
+ [Notes] nvarchar(1024) NULL,
+ [CreatedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [CreatedBy] nvarchar(128) NOT NULL,
+ CONSTRAINT [PK_ConfigGeneration] PRIMARY KEY ([GenerationId]),
+ CONSTRAINT [FK_ConfigGeneration_ConfigGeneration_ParentGenerationId] FOREIGN KEY ([ParentGenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_ConfigGeneration_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ClusterNodeCredential] (
+ [CredentialId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [NodeId] nvarchar(64) NOT NULL,
+ [Kind] nvarchar(32) NOT NULL,
+ [Value] nvarchar(512) NOT NULL,
+ [Enabled] bit NOT NULL,
+ [RotatedAt] datetime2(3) NULL,
+ [CreatedAt] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [CreatedBy] nvarchar(128) NOT NULL,
+ CONSTRAINT [PK_ClusterNodeCredential] PRIMARY KEY ([CredentialId]),
+ CONSTRAINT [FK_ClusterNodeCredential_ClusterNode_NodeId] FOREIGN KEY ([NodeId]) REFERENCES [ClusterNode] ([NodeId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [ClusterNodeGenerationState] (
+ [NodeId] nvarchar(64) NOT NULL,
+ [CurrentGenerationId] bigint NULL,
+ [LastAppliedAt] datetime2(3) NULL,
+ [LastAppliedStatus] nvarchar(16) NULL,
+ [LastAppliedError] nvarchar(2048) NULL,
+ [LastSeenAt] datetime2(3) NULL,
+ CONSTRAINT [PK_ClusterNodeGenerationState] PRIMARY KEY ([NodeId]),
+ CONSTRAINT [FK_ClusterNodeGenerationState_ClusterNode_NodeId] FOREIGN KEY ([NodeId]) REFERENCES [ClusterNode] ([NodeId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_ClusterNodeGenerationState_ConfigGeneration_CurrentGenerationId] FOREIGN KEY ([CurrentGenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [Device] (
+ [DeviceRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [DeviceId] nvarchar(64) NULL,
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [Enabled] bit NOT NULL,
+ [DeviceConfig] nvarchar(max) NOT NULL,
+ CONSTRAINT [PK_Device] PRIMARY KEY ([DeviceRowId]),
+ CONSTRAINT [CK_Device_DeviceConfig_IsJson] CHECK (ISJSON(DeviceConfig) = 1),
+ CONSTRAINT [FK_Device_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [DriverInstance] (
+ [DriverInstanceRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [DriverInstanceId] nvarchar(64) NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [NamespaceId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [DriverType] nvarchar(32) NOT NULL,
+ [Enabled] bit NOT NULL,
+ [DriverConfig] nvarchar(max) NOT NULL,
+ CONSTRAINT [PK_DriverInstance] PRIMARY KEY ([DriverInstanceRowId]),
+ CONSTRAINT [CK_DriverInstance_DriverConfig_IsJson] CHECK (ISJSON(DriverConfig) = 1),
+ CONSTRAINT [FK_DriverInstance_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_DriverInstance_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [Equipment] (
+ [EquipmentRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [EquipmentId] nvarchar(64) NULL,
+ [EquipmentUuid] uniqueidentifier NOT NULL,
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [DeviceId] nvarchar(64) NULL,
+ [UnsLineId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(32) NOT NULL,
+ [MachineCode] nvarchar(64) NOT NULL,
+ [ZTag] nvarchar(64) NULL,
+ [SAPID] nvarchar(64) NULL,
+ [Manufacturer] nvarchar(64) NULL,
+ [Model] nvarchar(64) NULL,
+ [SerialNumber] nvarchar(64) NULL,
+ [HardwareRevision] nvarchar(32) NULL,
+ [SoftwareRevision] nvarchar(32) NULL,
+ [YearOfConstruction] smallint NULL,
+ [AssetLocation] nvarchar(256) NULL,
+ [ManufacturerUri] nvarchar(512) NULL,
+ [DeviceManualUri] nvarchar(512) NULL,
+ [EquipmentClassRef] nvarchar(128) NULL,
+ [Enabled] bit NOT NULL,
+ CONSTRAINT [PK_Equipment] PRIMARY KEY ([EquipmentRowId]),
+ CONSTRAINT [FK_Equipment_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [Namespace] (
+ [NamespaceRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [NamespaceId] nvarchar(64) NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [Kind] nvarchar(32) NOT NULL,
+ [NamespaceUri] nvarchar(256) NOT NULL,
+ [Enabled] bit NOT NULL,
+ [Notes] nvarchar(1024) NULL,
+ CONSTRAINT [PK_Namespace] PRIMARY KEY ([NamespaceRowId]),
+ CONSTRAINT [FK_Namespace_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_Namespace_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [NodeAcl] (
+ [NodeAclRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [NodeAclId] nvarchar(64) NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [LdapGroup] nvarchar(256) NOT NULL,
+ [ScopeKind] nvarchar(16) NOT NULL,
+ [ScopeId] nvarchar(64) NULL,
+ [PermissionFlags] int NOT NULL,
+ [Notes] nvarchar(512) NULL,
+ CONSTRAINT [PK_NodeAcl] PRIMARY KEY ([NodeAclRowId]),
+ CONSTRAINT [FK_NodeAcl_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [PollGroup] (
+ [PollGroupRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [PollGroupId] nvarchar(64) NULL,
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [IntervalMs] int NOT NULL,
+ CONSTRAINT [PK_PollGroup] PRIMARY KEY ([PollGroupRowId]),
+ CONSTRAINT [CK_PollGroup_IntervalMs_Min] CHECK (IntervalMs >= 50),
+ CONSTRAINT [FK_PollGroup_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [Tag] (
+ [TagRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [TagId] nvarchar(64) NULL,
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [DeviceId] nvarchar(64) NULL,
+ [EquipmentId] nvarchar(64) NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [FolderPath] nvarchar(512) NULL,
+ [DataType] nvarchar(32) NOT NULL,
+ [AccessLevel] nvarchar(16) NOT NULL,
+ [WriteIdempotent] bit NOT NULL,
+ [PollGroupId] nvarchar(64) NULL,
+ [TagConfig] nvarchar(max) NOT NULL,
+ CONSTRAINT [PK_Tag] PRIMARY KEY ([TagRowId]),
+ CONSTRAINT [CK_Tag_TagConfig_IsJson] CHECK (ISJSON(TagConfig) = 1),
+ CONSTRAINT [FK_Tag_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [UnsArea] (
+ [UnsAreaRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [UnsAreaId] nvarchar(64) NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(32) NOT NULL,
+ [Notes] nvarchar(512) NULL,
+ CONSTRAINT [PK_UnsArea] PRIMARY KEY ([UnsAreaRowId]),
+ CONSTRAINT [FK_UnsArea_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_UnsArea_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE TABLE [UnsLine] (
+ [UnsLineRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [UnsLineId] nvarchar(64) NULL,
+ [UnsAreaId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(32) NOT NULL,
+ [Notes] nvarchar(512) NULL,
+ CONSTRAINT [PK_UnsLine] PRIMARY KEY ([UnsLineRowId]),
+ CONSTRAINT [FK_UnsLine_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_ClusterNode_ApplicationUri] ON [ClusterNode] ([ApplicationUri]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ClusterNode_Primary_Per_Cluster] ON [ClusterNode] ([ClusterId]) WHERE [RedundancyRole] = ''Primary''');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ClusterNodeCredential_NodeId] ON [ClusterNodeCredential] ([NodeId], [Enabled]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ClusterNodeCredential_Value] ON [ClusterNodeCredential] ([Kind], [Value]) WHERE [Enabled] = 1');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ClusterNodeGenerationState_Generation] ON [ClusterNodeGenerationState] ([CurrentGenerationId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ConfigAuditLog_Cluster_Time] ON [ConfigAuditLog] ([ClusterId], [Timestamp] DESC);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_ConfigAuditLog_Generation] ON [ConfigAuditLog] ([GenerationId]) WHERE [GenerationId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ConfigGeneration_Cluster_Published] ON [ConfigGeneration] ([ClusterId], [Status], [GenerationId] DESC) INCLUDE ([PublishedAt]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ConfigGeneration_ParentGenerationId] ON [ConfigGeneration] ([ParentGenerationId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ConfigGeneration_Draft_Per_Cluster] ON [ConfigGeneration] ([ClusterId]) WHERE [Status] = ''Draft''');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Device_Generation_Driver] ON [Device] ([GenerationId], [DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Device_Generation_LogicalId] ON [Device] ([GenerationId], [DeviceId]) WHERE [DeviceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_DriverInstance_ClusterId] ON [DriverInstance] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_DriverInstance_Generation_Cluster] ON [DriverInstance] ([GenerationId], [ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_DriverInstance_Generation_Namespace] ON [DriverInstance] ([GenerationId], [NamespaceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_DriverInstance_Generation_LogicalId] ON [DriverInstance] ([GenerationId], [DriverInstanceId]) WHERE [DriverInstanceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_Generation_Driver] ON [Equipment] ([GenerationId], [DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_Generation_Line] ON [Equipment] ([GenerationId], [UnsLineId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_Generation_MachineCode] ON [Equipment] ([GenerationId], [MachineCode]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Equipment_Generation_SAPID] ON [Equipment] ([GenerationId], [SAPID]) WHERE [SAPID] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Equipment_Generation_ZTag] ON [Equipment] ([GenerationId], [ZTag]) WHERE [ZTag] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Equipment_Generation_LinePath] ON [Equipment] ([GenerationId], [UnsLineId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Equipment_Generation_LogicalId] ON [Equipment] ([GenerationId], [EquipmentId]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Equipment_Generation_Uuid] ON [Equipment] ([GenerationId], [EquipmentUuid]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ExternalIdReservation_Equipment] ON [ExternalIdReservation] ([EquipmentUuid]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ExternalIdReservation_KindValue_Active] ON [ExternalIdReservation] ([Kind], [Value]) WHERE [ReleasedAt] IS NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Namespace_ClusterId] ON [Namespace] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Namespace_Generation_Cluster] ON [Namespace] ([GenerationId], [ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Namespace_Generation_Cluster_Kind] ON [Namespace] ([GenerationId], [ClusterId], [Kind]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Namespace_Generation_LogicalId] ON [Namespace] ([GenerationId], [NamespaceId]) WHERE [NamespaceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Namespace_Generation_LogicalId_Cluster] ON [Namespace] ([GenerationId], [NamespaceId], [ClusterId]) WHERE [NamespaceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Namespace_Generation_NamespaceUri] ON [Namespace] ([GenerationId], [NamespaceUri]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_NodeAcl_Generation_Cluster] ON [NodeAcl] ([GenerationId], [ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_NodeAcl_Generation_Group] ON [NodeAcl] ([GenerationId], [LdapGroup]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_NodeAcl_Generation_Scope] ON [NodeAcl] ([GenerationId], [ScopeKind], [ScopeId]) WHERE [ScopeId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_NodeAcl_Generation_GroupScope] ON [NodeAcl] ([GenerationId], [ClusterId], [LdapGroup], [ScopeKind], [ScopeId]) WHERE [ScopeId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_NodeAcl_Generation_LogicalId] ON [NodeAcl] ([GenerationId], [NodeAclId]) WHERE [NodeAclId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_PollGroup_Generation_Driver] ON [PollGroup] ([GenerationId], [DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_PollGroup_Generation_LogicalId] ON [PollGroup] ([GenerationId], [PollGroupId]) WHERE [PollGroupId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_ServerCluster_Site] ON [ServerCluster] ([Site]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_ServerCluster_Name] ON [ServerCluster] ([Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_Tag_Generation_Driver_Device] ON [Tag] ([GenerationId], [DriverInstanceId], [DeviceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Tag_Generation_Equipment] ON [Tag] ([GenerationId], [EquipmentId]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_Generation_EquipmentPath] ON [Tag] ([GenerationId], [EquipmentId], [Name]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_Generation_FolderPath] ON [Tag] ([GenerationId], [DriverInstanceId], [FolderPath], [Name]) WHERE [EquipmentId] IS NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_Generation_LogicalId] ON [Tag] ([GenerationId], [TagId]) WHERE [TagId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_UnsArea_ClusterId] ON [UnsArea] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_UnsArea_Generation_Cluster] ON [UnsArea] ([GenerationId], [ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_UnsArea_Generation_ClusterName] ON [UnsArea] ([GenerationId], [ClusterId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_UnsArea_Generation_LogicalId] ON [UnsArea] ([GenerationId], [UnsAreaId]) WHERE [UnsAreaId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE INDEX [IX_UnsLine_Generation_Area] ON [UnsLine] ([GenerationId], [UnsAreaId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_UnsLine_Generation_AreaName] ON [UnsLine] ([GenerationId], [UnsAreaId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_UnsLine_Generation_LogicalId] ON [UnsLine] ([GenerationId], [UnsLineId]) WHERE [UnsLineId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417212220_InitialSchema'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260417212220_InitialSchema', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_GetCurrentGenerationForCluster
+ @NodeId nvarchar(64),
+ @ClusterId nvarchar(64)
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ DECLARE @Caller nvarchar(128) = SUSER_SNAME();
+
+ IF NOT EXISTS (
+ SELECT 1 FROM dbo.ClusterNodeCredential
+ WHERE NodeId = @NodeId AND Value = @Caller AND Enabled = 1)
+ BEGIN
+ RAISERROR('Unauthorized: caller %s is not bound to NodeId %s', 16, 1, @Caller, @NodeId);
+ RETURN;
+ END
+
+ IF NOT EXISTS (
+ SELECT 1 FROM dbo.ClusterNode
+ WHERE NodeId = @NodeId AND ClusterId = @ClusterId AND Enabled = 1)
+ BEGIN
+ RAISERROR('Forbidden: NodeId %s does not belong to ClusterId %s', 16, 1, @NodeId, @ClusterId);
+ RETURN;
+ END
+
+ SELECT TOP 1 GenerationId, ClusterId, Status, PublishedAt, PublishedBy, Notes
+ FROM dbo.ConfigGeneration
+ WHERE ClusterId = @ClusterId AND Status = 'Published'
+ ORDER BY GenerationId DESC;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_GetGenerationContent
+ @NodeId nvarchar(64),
+ @GenerationId bigint
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ DECLARE @Caller nvarchar(128) = SUSER_SNAME();
+ DECLARE @ClusterId nvarchar(64);
+
+ SELECT @ClusterId = ClusterId FROM dbo.ConfigGeneration WHERE GenerationId = @GenerationId;
+
+ IF @ClusterId IS NULL
+ BEGIN
+ RAISERROR('GenerationId %I64d not found', 16, 1, @GenerationId);
+ RETURN;
+ END
+
+ IF NOT EXISTS (
+ SELECT 1
+ FROM dbo.ClusterNodeCredential c
+ JOIN dbo.ClusterNode n ON n.NodeId = c.NodeId
+ WHERE c.NodeId = @NodeId AND c.Value = @Caller AND c.Enabled = 1
+ AND n.ClusterId = @ClusterId AND n.Enabled = 1)
+ BEGIN
+ RAISERROR('Forbidden: caller %s not bound to a node in ClusterId %s', 16, 1, @Caller, @ClusterId);
+ RETURN;
+ END
+
+ SELECT * FROM dbo.Namespace WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.UnsArea WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.UnsLine WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.DriverInstance WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.Device WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.Equipment WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.PollGroup WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.Tag WHERE GenerationId = @GenerationId;
+ SELECT * FROM dbo.NodeAcl WHERE GenerationId = @GenerationId;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_RegisterNodeGenerationApplied
+ @NodeId nvarchar(64),
+ @GenerationId bigint,
+ @Status nvarchar(16),
+ @Error nvarchar(max) = NULL
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ DECLARE @Caller nvarchar(128) = SUSER_SNAME();
+
+ IF NOT EXISTS (
+ SELECT 1 FROM dbo.ClusterNodeCredential
+ WHERE NodeId = @NodeId AND Value = @Caller AND Enabled = 1)
+ BEGIN
+ RAISERROR('Unauthorized: caller %s is not bound to NodeId %s', 16, 1, @Caller, @NodeId);
+ RETURN;
+ END
+
+ MERGE dbo.ClusterNodeGenerationState AS tgt
+ USING (SELECT @NodeId AS NodeId) AS src ON tgt.NodeId = src.NodeId
+ WHEN MATCHED THEN UPDATE SET
+ CurrentGenerationId = @GenerationId,
+ LastAppliedAt = SYSUTCDATETIME(),
+ LastAppliedStatus = @Status,
+ LastAppliedError = @Error,
+ LastSeenAt = SYSUTCDATETIME()
+ WHEN NOT MATCHED THEN INSERT
+ (NodeId, CurrentGenerationId, LastAppliedAt, LastAppliedStatus, LastAppliedError, LastSeenAt)
+ VALUES (@NodeId, @GenerationId, SYSUTCDATETIME(), @Status, @Error, SYSUTCDATETIME());
+
+ -- Build DetailsJson via STRING_ESCAPE so a @Status containing a double-quote/backslash cannot
+ -- produce malformed JSON (which would fail CK_ConfigAuditLog_DetailsJson_IsJson and abort the
+ -- transaction) or inject extra JSON structure into the audit record.
+ INSERT dbo.ConfigAuditLog (Principal, EventType, NodeId, GenerationId, DetailsJson)
+ VALUES (@Caller, 'NodeApplied', @NodeId, @GenerationId,
+ CONCAT('{"status":"', STRING_ESCAPE(@Status, 'json'), '"}'));
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_ValidateDraft
+ @DraftGenerationId bigint
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ DECLARE @ClusterId nvarchar(64);
+ DECLARE @Status nvarchar(16);
+
+ SELECT @ClusterId = ClusterId, @Status = Status
+ FROM dbo.ConfigGeneration WHERE GenerationId = @DraftGenerationId;
+
+ IF @ClusterId IS NULL
+ BEGIN
+ RAISERROR('GenerationId %I64d not found', 16, 1, @DraftGenerationId);
+ RETURN;
+ END
+
+ IF @Status <> 'Draft'
+ BEGIN
+ RAISERROR('GenerationId %I64d is not in Draft status (current=%s)', 16, 1, @DraftGenerationId, @Status);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1 FROM dbo.Tag t
+ LEFT JOIN dbo.DriverInstance d ON d.GenerationId = t.GenerationId AND d.DriverInstanceId = t.DriverInstanceId
+ WHERE t.GenerationId = @DraftGenerationId AND d.DriverInstanceId IS NULL)
+ BEGIN
+ RAISERROR('Draft has tags with unresolved DriverInstanceId', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1 FROM dbo.Tag t
+ LEFT JOIN dbo.Device dv ON dv.GenerationId = t.GenerationId AND dv.DeviceId = t.DeviceId
+ WHERE t.GenerationId = @DraftGenerationId AND t.DeviceId IS NOT NULL AND dv.DeviceId IS NULL)
+ BEGIN
+ RAISERROR('Draft has tags with unresolved DeviceId', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1 FROM dbo.Tag t
+ LEFT JOIN dbo.PollGroup pg ON pg.GenerationId = t.GenerationId AND pg.PollGroupId = t.PollGroupId
+ WHERE t.GenerationId = @DraftGenerationId AND t.PollGroupId IS NOT NULL AND pg.PollGroupId IS NULL)
+ BEGIN
+ RAISERROR('Draft has tags with unresolved PollGroupId', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1
+ FROM dbo.DriverInstance di
+ JOIN dbo.Namespace ns ON ns.GenerationId = di.GenerationId AND ns.NamespaceId = di.NamespaceId
+ WHERE di.GenerationId = @DraftGenerationId
+ AND ns.ClusterId <> di.ClusterId)
+ BEGIN
+ INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId)
+ VALUES (SUSER_SNAME(), 'CrossClusterNamespaceAttempt', @ClusterId, @DraftGenerationId);
+ RAISERROR('BadCrossClusterNamespaceBinding: namespace and driver must belong to the same cluster', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1
+ FROM dbo.Equipment draft
+ JOIN dbo.Equipment prior
+ ON prior.EquipmentId = draft.EquipmentId
+ AND prior.EquipmentUuid <> draft.EquipmentUuid
+ AND prior.GenerationId <> draft.GenerationId
+ JOIN dbo.ConfigGeneration pg ON pg.GenerationId = prior.GenerationId
+ WHERE draft.GenerationId = @DraftGenerationId
+ AND pg.ClusterId = @ClusterId)
+ BEGIN
+ RAISERROR('EquipmentUuid immutability violated for an EquipmentId that existed in a prior generation', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1
+ FROM dbo.Equipment draft
+ JOIN dbo.ExternalIdReservation r
+ ON r.Kind = 'ZTag' AND r.Value = draft.ZTag AND r.ReleasedAt IS NULL
+ AND r.EquipmentUuid <> draft.EquipmentUuid
+ WHERE draft.GenerationId = @DraftGenerationId AND draft.ZTag IS NOT NULL)
+ BEGIN
+ RAISERROR('BadDuplicateExternalIdentifier: a ZTag in the draft is reserved by a different EquipmentUuid', 16, 1);
+ RETURN;
+ END
+
+ IF EXISTS (
+ SELECT 1
+ FROM dbo.Equipment draft
+ JOIN dbo.ExternalIdReservation r
+ ON r.Kind = 'SAPID' AND r.Value = draft.SAPID AND r.ReleasedAt IS NULL
+ AND r.EquipmentUuid <> draft.EquipmentUuid
+ WHERE draft.GenerationId = @DraftGenerationId AND draft.SAPID IS NOT NULL)
+ BEGIN
+ RAISERROR('BadDuplicateExternalIdentifier: a SAPID in the draft is reserved by a different EquipmentUuid', 16, 1);
+ RETURN;
+ END
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_PublishGeneration
+ @ClusterId nvarchar(64),
+ @DraftGenerationId bigint,
+ @Notes nvarchar(1024) = NULL
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+ SET XACT_ABORT ON;
+
+ -- Transaction-nesting awareness: if a caller (e.g. sp_RollbackToGeneration) already
+ -- holds a transaction, we use SAVE TRANSACTION so our failure path rolls back only to
+ -- the savepoint instead of issuing a bare ROLLBACK that wipes the caller's transaction
+ -- (which sets @@TRANCOUNT = 0 and causes error 3902 on the caller's subsequent COMMIT).
+ DECLARE @OwnsTxn bit = 0;
+ DECLARE @SaveName nvarchar(32) = N'sp_PublishGeneration';
+
+ IF @@TRANCOUNT = 0
+ BEGIN
+ BEGIN TRANSACTION;
+ SET @OwnsTxn = 1;
+ END
+ ELSE
+ BEGIN
+ SAVE TRANSACTION sp_PublishGeneration;
+ END
+
+ DECLARE @Lock nvarchar(255) = N'OtOpcUa_Publish_' + @ClusterId;
+ DECLARE @LockResult int;
+ EXEC @LockResult = sp_getapplock @Resource = @Lock, @LockMode = 'Exclusive', @LockTimeout = 0;
+ IF @LockResult < 0
+ BEGIN
+ RAISERROR('PublishConflict: another publish is in progress for cluster %s', 16, 1, @ClusterId);
+ IF @OwnsTxn = 1 ROLLBACK;
+ ELSE ROLLBACK TRANSACTION sp_PublishGeneration;
+ RETURN;
+ END
+
+ -- sp_ValidateDraft signals every rejection with RAISERROR(..., 16, 1) — a severity-16 error is
+ -- NOT batch-aborting and SET XACT_ABORT ON does not abort the transaction for it, so without a
+ -- TRY/CATCH control would return here and the draft would publish despite failed validation.
+ -- Catch the validation error, roll back the publish transaction (only to our savepoint when a
+ -- caller owns the outer transaction), and re-raise so the caller sees the real validation failure.
+ BEGIN TRY
+ EXEC dbo.sp_ValidateDraft @DraftGenerationId = @DraftGenerationId;
+ END TRY
+ BEGIN CATCH
+ IF @OwnsTxn = 1 ROLLBACK;
+ ELSE ROLLBACK TRANSACTION sp_PublishGeneration;
+ THROW;
+ END CATCH
+
+ MERGE dbo.ExternalIdReservation AS tgt
+ USING (
+ SELECT 'ZTag' AS Kind, ZTag AS Value, EquipmentUuid
+ FROM dbo.Equipment
+ WHERE GenerationId = @DraftGenerationId AND ZTag IS NOT NULL
+ UNION ALL
+ SELECT 'SAPID', SAPID, EquipmentUuid
+ FROM dbo.Equipment
+ WHERE GenerationId = @DraftGenerationId AND SAPID IS NOT NULL
+ ) AS src
+ ON tgt.Kind = src.Kind AND tgt.Value = src.Value AND tgt.EquipmentUuid = src.EquipmentUuid
+ WHEN MATCHED THEN UPDATE SET LastPublishedAt = SYSUTCDATETIME()
+ WHEN NOT MATCHED BY TARGET THEN
+ INSERT (Kind, Value, EquipmentUuid, ClusterId, FirstPublishedBy, LastPublishedAt)
+ VALUES (src.Kind, src.Value, src.EquipmentUuid, @ClusterId, SUSER_SNAME(), SYSUTCDATETIME());
+
+ UPDATE dbo.ConfigGeneration
+ SET Status = 'Superseded'
+ WHERE ClusterId = @ClusterId AND Status = 'Published';
+
+ UPDATE dbo.ConfigGeneration
+ SET Status = 'Published',
+ PublishedAt = SYSUTCDATETIME(),
+ PublishedBy = SUSER_SNAME(),
+ Notes = ISNULL(@Notes, Notes)
+ WHERE GenerationId = @DraftGenerationId AND ClusterId = @ClusterId AND Status = 'Draft';
+
+ IF @@ROWCOUNT = 0
+ BEGIN
+ RAISERROR('Draft %I64d for cluster %s not in Draft status (was it already published?)', 16, 1, @DraftGenerationId, @ClusterId);
+ IF @OwnsTxn = 1 ROLLBACK;
+ ELSE ROLLBACK TRANSACTION sp_PublishGeneration;
+ RETURN;
+ END
+
+ INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId)
+ VALUES (SUSER_SNAME(), 'Published', @ClusterId, @DraftGenerationId);
+
+ IF @OwnsTxn = 1 COMMIT;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_RollbackToGeneration
+ @ClusterId nvarchar(64),
+ @TargetGenerationId bigint,
+ @Notes nvarchar(1024) = NULL
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+ SET XACT_ABORT ON;
+ BEGIN TRANSACTION;
+
+ IF NOT EXISTS (
+ SELECT 1 FROM dbo.ConfigGeneration
+ WHERE GenerationId = @TargetGenerationId AND ClusterId = @ClusterId
+ AND Status IN ('Published', 'Superseded'))
+ BEGIN
+ RAISERROR('Target generation %I64d not found or not rollback-eligible', 16, 1, @TargetGenerationId);
+ ROLLBACK; RETURN;
+ END
+
+ DECLARE @NewGenId bigint;
+ INSERT dbo.ConfigGeneration (ClusterId, Status, CreatedAt, CreatedBy, PublishedAt, PublishedBy, Notes)
+ VALUES (@ClusterId, 'Draft', SYSUTCDATETIME(), SUSER_SNAME(), NULL, NULL,
+ ISNULL(@Notes, CONCAT('Rollback clone of generation ', @TargetGenerationId)));
+ SET @NewGenId = SCOPE_IDENTITY();
+
+ INSERT dbo.Namespace (GenerationId, NamespaceId, ClusterId, Kind, NamespaceUri, Enabled, Notes)
+ SELECT @NewGenId, NamespaceId, ClusterId, Kind, NamespaceUri, Enabled, Notes FROM dbo.Namespace WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.UnsArea (GenerationId, UnsAreaId, ClusterId, Name, Notes)
+ SELECT @NewGenId, UnsAreaId, ClusterId, Name, Notes FROM dbo.UnsArea WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.UnsLine (GenerationId, UnsLineId, UnsAreaId, Name, Notes)
+ SELECT @NewGenId, UnsLineId, UnsAreaId, Name, Notes FROM dbo.UnsLine WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.DriverInstance (GenerationId, DriverInstanceId, ClusterId, NamespaceId, Name, DriverType, Enabled, DriverConfig)
+ SELECT @NewGenId, DriverInstanceId, ClusterId, NamespaceId, Name, DriverType, Enabled, DriverConfig FROM dbo.DriverInstance WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.Device (GenerationId, DeviceId, DriverInstanceId, Name, Enabled, DeviceConfig)
+ SELECT @NewGenId, DeviceId, DriverInstanceId, Name, Enabled, DeviceConfig FROM dbo.Device WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.Equipment (GenerationId, EquipmentId, EquipmentUuid, DriverInstanceId, DeviceId, UnsLineId, Name, MachineCode, ZTag, SAPID, Manufacturer, Model, SerialNumber, HardwareRevision, SoftwareRevision, YearOfConstruction, AssetLocation, ManufacturerUri, DeviceManualUri, EquipmentClassRef, Enabled)
+ SELECT @NewGenId, EquipmentId, EquipmentUuid, DriverInstanceId, DeviceId, UnsLineId, Name, MachineCode, ZTag, SAPID, Manufacturer, Model, SerialNumber, HardwareRevision, SoftwareRevision, YearOfConstruction, AssetLocation, ManufacturerUri, DeviceManualUri, EquipmentClassRef, Enabled FROM dbo.Equipment WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.PollGroup (GenerationId, PollGroupId, DriverInstanceId, Name, IntervalMs)
+ SELECT @NewGenId, PollGroupId, DriverInstanceId, Name, IntervalMs FROM dbo.PollGroup WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.Tag (GenerationId, TagId, DriverInstanceId, DeviceId, EquipmentId, Name, FolderPath, DataType, AccessLevel, WriteIdempotent, PollGroupId, TagConfig)
+ SELECT @NewGenId, TagId, DriverInstanceId, DeviceId, EquipmentId, Name, FolderPath, DataType, AccessLevel, WriteIdempotent, PollGroupId, TagConfig FROM dbo.Tag WHERE GenerationId = @TargetGenerationId;
+ INSERT dbo.NodeAcl (GenerationId, NodeAclId, ClusterId, LdapGroup, ScopeKind, ScopeId, PermissionFlags, Notes)
+ SELECT @NewGenId, NodeAclId, ClusterId, LdapGroup, ScopeKind, ScopeId, PermissionFlags, Notes FROM dbo.NodeAcl WHERE GenerationId = @TargetGenerationId;
+
+ EXEC dbo.sp_PublishGeneration @ClusterId = @ClusterId, @DraftGenerationId = @NewGenId, @Notes = @Notes;
+
+ -- @TargetGenerationId is a bigint, but build the JSON value via an explicit numeric CONVERT so
+ -- the emitted token is always a bare JSON number — never reliant on implicit string coercion.
+ INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId, DetailsJson)
+ VALUES (SUSER_SNAME(), 'RolledBack', @ClusterId, @NewGenId,
+ CONCAT('{"rolledBackTo":', CONVERT(nvarchar(20), CONVERT(bigint, @TargetGenerationId)), '}'));
+
+ COMMIT;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_ComputeGenerationDiff
+ @FromGenerationId bigint,
+ @ToGenerationId bigint
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ CREATE TABLE #diff (TableName nvarchar(32), LogicalId nvarchar(64), ChangeKind nvarchar(16));
+
+ WITH f AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Namespace', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'DriverInstance', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Equipment', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Tag', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ SELECT TableName, LogicalId, ChangeKind FROM #diff;
+ DROP TABLE #diff;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_ReleaseExternalIdReservation
+ @Kind nvarchar(16),
+ @Value nvarchar(64),
+ @ReleaseReason nvarchar(512)
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+ SET XACT_ABORT ON;
+
+ IF @ReleaseReason IS NULL OR LEN(@ReleaseReason) = 0
+ BEGIN
+ RAISERROR('ReleaseReason is required', 16, 1);
+ RETURN;
+ END
+
+ UPDATE dbo.ExternalIdReservation
+ SET ReleasedAt = SYSUTCDATETIME(),
+ ReleasedBy = SUSER_SNAME(),
+ ReleaseReason = @ReleaseReason
+ WHERE Kind = @Kind AND Value = @Value AND ReleasedAt IS NULL;
+
+ IF @@ROWCOUNT = 0
+ BEGIN
+ RAISERROR('No active reservation found for (%s, %s)', 16, 1, @Kind, @Value);
+ RETURN;
+ END
+
+ -- Escape both caller-supplied values via STRING_ESCAPE so quotes/backslashes cannot break the
+ -- JSON document or inject additional structure into the audit record.
+ INSERT dbo.ConfigAuditLog (Principal, EventType, DetailsJson)
+ VALUES (SUSER_SNAME(), 'ExternalIdReleased',
+ CONCAT('{"kind":"', STRING_ESCAPE(@Kind, 'json'),
+ '","value":"', STRING_ESCAPE(@Value, 'json'), '"}'));
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417215224_StoredProcedures'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260417215224_StoredProcedures', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417220857_AuthorizationGrants'
+)
+BEGIN
+
+ IF DATABASE_PRINCIPAL_ID('OtOpcUaNode') IS NULL
+ CREATE ROLE OtOpcUaNode;
+ IF DATABASE_PRINCIPAL_ID('OtOpcUaAdmin') IS NULL
+ CREATE ROLE OtOpcUaAdmin;
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417220857_AuthorizationGrants'
+)
+BEGIN
+
+ GRANT EXECUTE ON OBJECT::dbo.sp_GetCurrentGenerationForCluster TO OtOpcUaNode;
+ GRANT EXECUTE ON OBJECT::dbo.sp_GetGenerationContent TO OtOpcUaNode;
+ GRANT EXECUTE ON OBJECT::dbo.sp_RegisterNodeGenerationApplied TO OtOpcUaNode;
+
+ GRANT EXECUTE ON OBJECT::dbo.sp_GetCurrentGenerationForCluster TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_GetGenerationContent TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_ValidateDraft TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_PublishGeneration TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_RollbackToGeneration TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_ComputeGenerationDiff TO OtOpcUaAdmin;
+ GRANT EXECUTE ON OBJECT::dbo.sp_ReleaseExternalIdReservation TO OtOpcUaAdmin;
+
+ DENY UPDATE, DELETE, INSERT ON SCHEMA::dbo TO OtOpcUaNode;
+ DENY UPDATE, DELETE, INSERT ON SCHEMA::dbo TO OtOpcUaAdmin;
+ DENY SELECT ON SCHEMA::dbo TO OtOpcUaNode;
+ -- Admins may SELECT for reporting views in the future — grant views explicitly, not the schema.
+ DENY SELECT ON SCHEMA::dbo TO OtOpcUaAdmin;
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260417220857_AuthorizationGrants'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260417220857_AuthorizationGrants', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260418193608_AddDriverHostStatus'
+)
+BEGIN
+ CREATE TABLE [DriverHostStatus] (
+ [NodeId] nvarchar(64) NOT NULL,
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [HostName] nvarchar(256) NOT NULL,
+ [State] nvarchar(16) NOT NULL,
+ [StateChangedUtc] datetime2(3) NOT NULL,
+ [LastSeenUtc] datetime2(3) NOT NULL,
+ [Detail] nvarchar(1024) NULL,
+ CONSTRAINT [PK_DriverHostStatus] PRIMARY KEY ([NodeId], [DriverInstanceId], [HostName])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260418193608_AddDriverHostStatus'
+)
+BEGIN
+ CREATE INDEX [IX_DriverHostStatus_LastSeen] ON [DriverHostStatus] ([LastSeenUtc]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260418193608_AddDriverHostStatus'
+)
+BEGIN
+ CREATE INDEX [IX_DriverHostStatus_Node] ON [DriverHostStatus] ([NodeId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260418193608_AddDriverHostStatus'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260418193608_AddDriverHostStatus', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419124034_AddDriverInstanceResilienceStatus'
+)
+BEGIN
+ CREATE TABLE [DriverInstanceResilienceStatus] (
+ [DriverInstanceId] nvarchar(64) NOT NULL,
+ [HostName] nvarchar(256) NOT NULL,
+ [LastCircuitBreakerOpenUtc] datetime2(3) NULL,
+ [ConsecutiveFailures] int NOT NULL,
+ [CurrentBulkheadDepth] int NOT NULL,
+ [LastRecycleUtc] datetime2(3) NULL,
+ [BaselineFootprintBytes] bigint NOT NULL,
+ [CurrentFootprintBytes] bigint NOT NULL,
+ [LastSampledUtc] datetime2(3) NOT NULL,
+ CONSTRAINT [PK_DriverInstanceResilienceStatus] PRIMARY KEY ([DriverInstanceId], [HostName])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419124034_AddDriverInstanceResilienceStatus'
+)
+BEGIN
+ CREATE INDEX [IX_DriverResilience_LastSampled] ON [DriverInstanceResilienceStatus] ([LastSampledUtc]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419124034_AddDriverInstanceResilienceStatus'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260419124034_AddDriverInstanceResilienceStatus', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419131444_AddLdapGroupRoleMapping'
+)
+BEGIN
+ CREATE TABLE [LdapGroupRoleMapping] (
+ [Id] uniqueidentifier NOT NULL,
+ [LdapGroup] nvarchar(512) NOT NULL,
+ [Role] nvarchar(32) NOT NULL,
+ [ClusterId] nvarchar(64) NULL,
+ [IsSystemWide] bit NOT NULL,
+ [CreatedAtUtc] datetime2(3) NOT NULL,
+ [Notes] nvarchar(512) NULL,
+ CONSTRAINT [PK_LdapGroupRoleMapping] PRIMARY KEY ([Id]),
+ CONSTRAINT [FK_LdapGroupRoleMapping_ServerCluster_ClusterId] FOREIGN KEY ([ClusterId]) REFERENCES [ServerCluster] ([ClusterId]) ON DELETE CASCADE
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419131444_AddLdapGroupRoleMapping'
+)
+BEGIN
+ CREATE INDEX [IX_LdapGroupRoleMapping_ClusterId] ON [LdapGroupRoleMapping] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419131444_AddLdapGroupRoleMapping'
+)
+BEGIN
+ CREATE INDEX [IX_LdapGroupRoleMapping_Group] ON [LdapGroupRoleMapping] ([LdapGroup]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419131444_AddLdapGroupRoleMapping'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_LdapGroupRoleMapping_Group_Cluster] ON [LdapGroupRoleMapping] ([LdapGroup], [ClusterId]) WHERE [ClusterId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419131444_AddLdapGroupRoleMapping'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260419131444_AddLdapGroupRoleMapping', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419161932_AddDriverInstanceResilienceConfig'
+)
+BEGIN
+ ALTER TABLE [DriverInstance] ADD [ResilienceConfig] nvarchar(max) NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419161932_AddDriverInstanceResilienceConfig'
+)
+BEGIN
+ EXEC(N'ALTER TABLE [DriverInstance] ADD CONSTRAINT [CK_DriverInstance_ResilienceConfig_IsJson] CHECK (ResilienceConfig IS NULL OR ISJSON(ResilienceConfig) = 1)');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419161932_AddDriverInstanceResilienceConfig'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260419161932_AddDriverInstanceResilienceConfig', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419185124_AddEquipmentImportBatch'
+)
+BEGIN
+ CREATE TABLE [EquipmentImportBatch] (
+ [Id] uniqueidentifier NOT NULL,
+ [ClusterId] nvarchar(64) NOT NULL,
+ [CreatedBy] nvarchar(128) NOT NULL,
+ [CreatedAtUtc] datetime2(3) NOT NULL,
+ [RowsStaged] int NOT NULL,
+ [RowsAccepted] int NOT NULL,
+ [RowsRejected] int NOT NULL,
+ [FinalisedAtUtc] datetime2(3) NULL,
+ CONSTRAINT [PK_EquipmentImportBatch] PRIMARY KEY ([Id])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419185124_AddEquipmentImportBatch'
+)
+BEGIN
+ CREATE TABLE [EquipmentImportRow] (
+ [Id] uniqueidentifier NOT NULL,
+ [BatchId] uniqueidentifier NOT NULL,
+ [LineNumberInFile] int NOT NULL,
+ [IsAccepted] bit NOT NULL,
+ [RejectReason] nvarchar(512) NULL,
+ [ZTag] nvarchar(128) NOT NULL,
+ [MachineCode] nvarchar(128) NOT NULL,
+ [SAPID] nvarchar(128) NOT NULL,
+ [EquipmentId] nvarchar(64) NOT NULL,
+ [EquipmentUuid] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [UnsAreaName] nvarchar(64) NOT NULL,
+ [UnsLineName] nvarchar(64) NOT NULL,
+ [Manufacturer] nvarchar(256) NULL,
+ [Model] nvarchar(256) NULL,
+ [SerialNumber] nvarchar(256) NULL,
+ [HardwareRevision] nvarchar(64) NULL,
+ [SoftwareRevision] nvarchar(64) NULL,
+ [YearOfConstruction] nvarchar(8) NULL,
+ [AssetLocation] nvarchar(512) NULL,
+ [ManufacturerUri] nvarchar(512) NULL,
+ [DeviceManualUri] nvarchar(512) NULL,
+ CONSTRAINT [PK_EquipmentImportRow] PRIMARY KEY ([Id]),
+ CONSTRAINT [FK_EquipmentImportRow_EquipmentImportBatch_BatchId] FOREIGN KEY ([BatchId]) REFERENCES [EquipmentImportBatch] ([Id]) ON DELETE CASCADE
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419185124_AddEquipmentImportBatch'
+)
+BEGIN
+ CREATE INDEX [IX_EquipmentImportBatch_Creator_Finalised] ON [EquipmentImportBatch] ([CreatedBy], [FinalisedAtUtc]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419185124_AddEquipmentImportBatch'
+)
+BEGIN
+ CREATE INDEX [IX_EquipmentImportRow_Batch] ON [EquipmentImportRow] ([BatchId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260419185124_AddEquipmentImportBatch'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260419185124_AddEquipmentImportBatch', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420000001_ExtendComputeGenerationDiffWithNodeAcl'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_ComputeGenerationDiff
+ @FromGenerationId bigint,
+ @ToGenerationId bigint
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ CREATE TABLE #diff (TableName nvarchar(32), LogicalId nvarchar(128), ChangeKind nvarchar(16));
+
+ WITH f AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Namespace', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'DriverInstance', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Equipment', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Tag', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ -- NodeAcl section. Logical id is the (LdapGroup, ScopeKind, ScopeId) triple so the diff
+ -- distinguishes same row with new permissions (Modified via CHECKSUM on PermissionFlags + Notes)
+ -- from a scope move (which surfaces as Added + Removed of different logical ids).
+ WITH f AS (
+ SELECT CONVERT(nvarchar(128), LdapGroup + '|' + CONVERT(nvarchar(16), ScopeKind) + '|' + ISNULL(ScopeId, '(cluster)')) AS LogicalId,
+ CHECKSUM(ClusterId, PermissionFlags, Notes) AS Sig
+ FROM dbo.NodeAcl WHERE GenerationId = @FromGenerationId),
+ t AS (
+ SELECT CONVERT(nvarchar(128), LdapGroup + '|' + CONVERT(nvarchar(16), ScopeKind) + '|' + ISNULL(ScopeId, '(cluster)')) AS LogicalId,
+ CHECKSUM(ClusterId, PermissionFlags, Notes) AS Sig
+ FROM dbo.NodeAcl WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'NodeAcl', COALESCE(f.LogicalId, t.LogicalId),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ SELECT TableName, LogicalId, ChangeKind FROM #diff;
+ DROP TABLE #diff;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420000001_ExtendComputeGenerationDiffWithNodeAcl'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260420000001_ExtendComputeGenerationDiffWithNodeAcl', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE TABLE [Script] (
+ [ScriptRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [ScriptId] nvarchar(64) NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [SourceCode] nvarchar(max) NOT NULL,
+ [SourceHash] nvarchar(64) NOT NULL,
+ [Language] nvarchar(16) NOT NULL,
+ CONSTRAINT [PK_Script] PRIMARY KEY ([ScriptRowId]),
+ CONSTRAINT [FK_Script_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE TABLE [ScriptedAlarm] (
+ [ScriptedAlarmRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [ScriptedAlarmId] nvarchar(64) NULL,
+ [EquipmentId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [AlarmType] nvarchar(32) NOT NULL,
+ [Severity] int NOT NULL,
+ [MessageTemplate] nvarchar(1024) NOT NULL,
+ [PredicateScriptId] nvarchar(64) NOT NULL,
+ [HistorizeToAveva] bit NOT NULL,
+ [Retain] bit NOT NULL,
+ [Enabled] bit NOT NULL,
+ CONSTRAINT [PK_ScriptedAlarm] PRIMARY KEY ([ScriptedAlarmRowId]),
+ CONSTRAINT [CK_ScriptedAlarm_AlarmType] CHECK (AlarmType IN ('AlarmCondition','LimitAlarm','OffNormalAlarm','DiscreteAlarm')),
+ CONSTRAINT [CK_ScriptedAlarm_Severity_Range] CHECK (Severity BETWEEN 1 AND 1000),
+ CONSTRAINT [FK_ScriptedAlarm_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE TABLE [ScriptedAlarmState] (
+ [ScriptedAlarmId] nvarchar(64) NOT NULL,
+ [EnabledState] nvarchar(16) NOT NULL,
+ [AckedState] nvarchar(16) NOT NULL,
+ [ConfirmedState] nvarchar(16) NOT NULL,
+ [ShelvingState] nvarchar(16) NOT NULL,
+ [ShelvingExpiresUtc] datetime2(3) NULL,
+ [LastAckUser] nvarchar(128) NULL,
+ [LastAckComment] nvarchar(1024) NULL,
+ [LastAckUtc] datetime2(3) NULL,
+ [LastConfirmUser] nvarchar(128) NULL,
+ [LastConfirmComment] nvarchar(1024) NULL,
+ [LastConfirmUtc] datetime2(3) NULL,
+ [CommentsJson] nvarchar(max) NOT NULL,
+ [UpdatedAtUtc] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ CONSTRAINT [PK_ScriptedAlarmState] PRIMARY KEY ([ScriptedAlarmId]),
+ CONSTRAINT [CK_ScriptedAlarmState_CommentsJson_IsJson] CHECK (ISJSON(CommentsJson) = 1)
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE TABLE [VirtualTag] (
+ [VirtualTagRowId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [GenerationId] bigint NOT NULL,
+ [VirtualTagId] nvarchar(64) NULL,
+ [EquipmentId] nvarchar(64) NOT NULL,
+ [Name] nvarchar(128) NOT NULL,
+ [DataType] nvarchar(32) NOT NULL,
+ [ScriptId] nvarchar(64) NOT NULL,
+ [ChangeTriggered] bit NOT NULL,
+ [TimerIntervalMs] int NULL,
+ [Historize] bit NOT NULL,
+ [Enabled] bit NOT NULL,
+ CONSTRAINT [PK_VirtualTag] PRIMARY KEY ([VirtualTagRowId]),
+ CONSTRAINT [CK_VirtualTag_TimerInterval_Min] CHECK (TimerIntervalMs IS NULL OR TimerIntervalMs >= 50),
+ CONSTRAINT [CK_VirtualTag_Trigger_AtLeastOne] CHECK (ChangeTriggered = 1 OR TimerIntervalMs IS NOT NULL),
+ CONSTRAINT [FK_VirtualTag_ConfigGeneration_GenerationId] FOREIGN KEY ([GenerationId]) REFERENCES [ConfigGeneration] ([GenerationId]) ON DELETE NO ACTION
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE INDEX [IX_Script_Generation_SourceHash] ON [Script] ([GenerationId], [SourceHash]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Script_Generation_LogicalId] ON [Script] ([GenerationId], [ScriptId]) WHERE [ScriptId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE INDEX [IX_ScriptedAlarm_Generation_Script] ON [ScriptedAlarm] ([GenerationId], [PredicateScriptId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_ScriptedAlarm_Generation_EquipmentPath] ON [ScriptedAlarm] ([GenerationId], [EquipmentId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ScriptedAlarm_Generation_LogicalId] ON [ScriptedAlarm] ([GenerationId], [ScriptedAlarmId]) WHERE [ScriptedAlarmId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE INDEX [IX_VirtualTag_Generation_Script] ON [VirtualTag] ([GenerationId], [ScriptId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_VirtualTag_Generation_EquipmentPath] ON [VirtualTag] ([GenerationId], [EquipmentId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_VirtualTag_Generation_LogicalId] ON [VirtualTag] ([GenerationId], [VirtualTagId]) WHERE [VirtualTagId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420231641_AddPhase7ScriptingTables'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260420231641_AddPhase7ScriptingTables', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420232000_ExtendComputeGenerationDiffWithPhase7'
+)
+BEGIN
+
+ CREATE OR ALTER PROCEDURE dbo.sp_ComputeGenerationDiff
+ @FromGenerationId bigint,
+ @ToGenerationId bigint
+ AS
+ BEGIN
+ SET NOCOUNT ON;
+
+ CREATE TABLE #diff (TableName nvarchar(32), LogicalId nvarchar(128), ChangeKind nvarchar(16));
+
+ WITH f AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Namespace', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'DriverInstance', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Equipment', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Tag', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ WITH f AS (
+ SELECT CONVERT(nvarchar(128), LdapGroup + '|' + CONVERT(nvarchar(16), ScopeKind) + '|' + ISNULL(ScopeId, '(cluster)')) AS LogicalId,
+ CHECKSUM(ClusterId, PermissionFlags, Notes) AS Sig
+ FROM dbo.NodeAcl WHERE GenerationId = @FromGenerationId),
+ t AS (
+ SELECT CONVERT(nvarchar(128), LdapGroup + '|' + CONVERT(nvarchar(16), ScopeKind) + '|' + ISNULL(ScopeId, '(cluster)')) AS LogicalId,
+ CHECKSUM(ClusterId, PermissionFlags, Notes) AS Sig
+ FROM dbo.NodeAcl WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'NodeAcl', COALESCE(f.LogicalId, t.LogicalId),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ -- Phase 7 — Script section. CHECKSUM picks up source changes via SourceHash + rename
+ -- via Name; Language future-proofs for non-C# engines. Same Name + same Source =
+ -- Unchanged (identical hash).
+ WITH f AS (SELECT ScriptId AS LogicalId, CHECKSUM(Name, SourceHash, Language) AS Sig FROM dbo.Script WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT ScriptId AS LogicalId, CHECKSUM(Name, SourceHash, Language) AS Sig FROM dbo.Script WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'Script', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ -- Phase 7 — VirtualTag section.
+ WITH f AS (SELECT VirtualTagId AS LogicalId, CHECKSUM(EquipmentId, Name, DataType, ScriptId, ChangeTriggered, TimerIntervalMs, Historize, Enabled) AS Sig FROM dbo.VirtualTag WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT VirtualTagId AS LogicalId, CHECKSUM(EquipmentId, Name, DataType, ScriptId, ChangeTriggered, TimerIntervalMs, Historize, Enabled) AS Sig FROM dbo.VirtualTag WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'VirtualTag', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ -- Phase 7 — ScriptedAlarm section. ScriptedAlarmState (operator ack trail) is
+ -- logical-id keyed outside the generation scope + intentionally excluded here —
+ -- diffing ack state between generations is semantically meaningless.
+ WITH f AS (SELECT ScriptedAlarmId AS LogicalId, CHECKSUM(EquipmentId, Name, AlarmType, Severity, MessageTemplate, PredicateScriptId, HistorizeToAveva, Retain, Enabled) AS Sig FROM dbo.ScriptedAlarm WHERE GenerationId = @FromGenerationId),
+ t AS (SELECT ScriptedAlarmId AS LogicalId, CHECKSUM(EquipmentId, Name, AlarmType, Severity, MessageTemplate, PredicateScriptId, HistorizeToAveva, Retain, Enabled) AS Sig FROM dbo.ScriptedAlarm WHERE GenerationId = @ToGenerationId)
+ INSERT #diff
+ SELECT 'ScriptedAlarm', CONVERT(nvarchar(128), COALESCE(f.LogicalId, t.LogicalId)),
+ CASE WHEN f.LogicalId IS NULL THEN 'Added'
+ WHEN t.LogicalId IS NULL THEN 'Removed'
+ WHEN f.Sig <> t.Sig THEN 'Modified'
+ ELSE 'Unchanged' END
+ FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
+ WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
+
+ SELECT TableName, LogicalId, ChangeKind FROM #diff;
+ DROP TABLE #diff;
+ END
+
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260420232000_ExtendComputeGenerationDiffWithPhase7'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260420232000_ExtendComputeGenerationDiffWithPhase7', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
+BEGIN TRANSACTION;
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Device] DROP CONSTRAINT [FK_Device_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [DriverInstance] DROP CONSTRAINT [FK_DriverInstance_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Equipment] DROP CONSTRAINT [FK_Equipment_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Namespace] DROP CONSTRAINT [FK_Namespace_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [NodeAcl] DROP CONSTRAINT [FK_NodeAcl_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [PollGroup] DROP CONSTRAINT [FK_PollGroup_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Script] DROP CONSTRAINT [FK_Script_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [ScriptedAlarm] DROP CONSTRAINT [FK_ScriptedAlarm_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Tag] DROP CONSTRAINT [FK_Tag_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [UnsArea] DROP CONSTRAINT [FK_UnsArea_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [UnsLine] DROP CONSTRAINT [FK_UnsLine_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [VirtualTag] DROP CONSTRAINT [FK_VirtualTag_ConfigGeneration_GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP TABLE [ClusterNodeGenerationState];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP TABLE [ConfigGeneration];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_VirtualTag_Generation_Script] ON [VirtualTag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_VirtualTag_Generation_EquipmentPath] ON [VirtualTag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_VirtualTag_Generation_LogicalId] ON [VirtualTag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_UnsLine_Generation_Area] ON [UnsLine];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_UnsLine_Generation_AreaName] ON [UnsLine];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_UnsLine_Generation_LogicalId] ON [UnsLine];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_UnsArea_Generation_Cluster] ON [UnsArea];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_UnsArea_Generation_ClusterName] ON [UnsArea];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_UnsArea_Generation_LogicalId] ON [UnsArea];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Tag_Generation_Driver_Device] ON [Tag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Tag_Generation_Equipment] ON [Tag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Tag_Generation_EquipmentPath] ON [Tag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Tag_Generation_FolderPath] ON [Tag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Tag_Generation_LogicalId] ON [Tag];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_ScriptedAlarm_Generation_Script] ON [ScriptedAlarm];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_ScriptedAlarm_Generation_EquipmentPath] ON [ScriptedAlarm];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_ScriptedAlarm_Generation_LogicalId] ON [ScriptedAlarm];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Script_Generation_SourceHash] ON [Script];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Script_Generation_LogicalId] ON [Script];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_PollGroup_Generation_Driver] ON [PollGroup];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_PollGroup_Generation_LogicalId] ON [PollGroup];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_NodeAcl_Generation_Cluster] ON [NodeAcl];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_NodeAcl_Generation_Group] ON [NodeAcl];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_NodeAcl_Generation_Scope] ON [NodeAcl];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_NodeAcl_Generation_GroupScope] ON [NodeAcl];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_NodeAcl_Generation_LogicalId] ON [NodeAcl];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Namespace_Generation_Cluster] ON [Namespace];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Namespace_Generation_Cluster_Kind] ON [Namespace];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Namespace_Generation_LogicalId] ON [Namespace];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Namespace_Generation_LogicalId_Cluster] ON [Namespace];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Namespace_Generation_NamespaceUri] ON [Namespace];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Equipment_Generation_Driver] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Equipment_Generation_Line] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Equipment_Generation_MachineCode] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Equipment_Generation_SAPID] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Equipment_Generation_ZTag] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Equipment_Generation_LinePath] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Equipment_Generation_LogicalId] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Equipment_Generation_Uuid] ON [Equipment];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_DriverInstance_Generation_Cluster] ON [DriverInstance];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_DriverInstance_Generation_Namespace] ON [DriverInstance];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_DriverInstance_Generation_LogicalId] ON [DriverInstance];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [IX_Device_Generation_Driver] ON [Device];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_Device_Generation_LogicalId] ON [Device];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DROP INDEX [UX_ClusterNode_Primary_Per_Cluster] ON [ClusterNode];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var nvarchar(max);
+ SELECT @var = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[VirtualTag]') AND [c].[name] = N'GenerationId');
+ IF @var IS NOT NULL EXEC(N'ALTER TABLE [VirtualTag] DROP CONSTRAINT ' + @var + ';');
+ ALTER TABLE [VirtualTag] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var1 nvarchar(max);
+ SELECT @var1 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[UnsLine]') AND [c].[name] = N'GenerationId');
+ IF @var1 IS NOT NULL EXEC(N'ALTER TABLE [UnsLine] DROP CONSTRAINT ' + @var1 + ';');
+ ALTER TABLE [UnsLine] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var2 nvarchar(max);
+ SELECT @var2 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[UnsArea]') AND [c].[name] = N'GenerationId');
+ IF @var2 IS NOT NULL EXEC(N'ALTER TABLE [UnsArea] DROP CONSTRAINT ' + @var2 + ';');
+ ALTER TABLE [UnsArea] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var3 nvarchar(max);
+ SELECT @var3 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[Tag]') AND [c].[name] = N'GenerationId');
+ IF @var3 IS NOT NULL EXEC(N'ALTER TABLE [Tag] DROP CONSTRAINT ' + @var3 + ';');
+ ALTER TABLE [Tag] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var4 nvarchar(max);
+ SELECT @var4 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[ScriptedAlarm]') AND [c].[name] = N'GenerationId');
+ IF @var4 IS NOT NULL EXEC(N'ALTER TABLE [ScriptedAlarm] DROP CONSTRAINT ' + @var4 + ';');
+ ALTER TABLE [ScriptedAlarm] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var5 nvarchar(max);
+ SELECT @var5 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[Script]') AND [c].[name] = N'GenerationId');
+ IF @var5 IS NOT NULL EXEC(N'ALTER TABLE [Script] DROP CONSTRAINT ' + @var5 + ';');
+ ALTER TABLE [Script] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var6 nvarchar(max);
+ SELECT @var6 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[PollGroup]') AND [c].[name] = N'GenerationId');
+ IF @var6 IS NOT NULL EXEC(N'ALTER TABLE [PollGroup] DROP CONSTRAINT ' + @var6 + ';');
+ ALTER TABLE [PollGroup] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var7 nvarchar(max);
+ SELECT @var7 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[NodeAcl]') AND [c].[name] = N'GenerationId');
+ IF @var7 IS NOT NULL EXEC(N'ALTER TABLE [NodeAcl] DROP CONSTRAINT ' + @var7 + ';');
+ ALTER TABLE [NodeAcl] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var8 nvarchar(max);
+ SELECT @var8 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[Namespace]') AND [c].[name] = N'GenerationId');
+ IF @var8 IS NOT NULL EXEC(N'ALTER TABLE [Namespace] DROP CONSTRAINT ' + @var8 + ';');
+ ALTER TABLE [Namespace] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var9 nvarchar(max);
+ SELECT @var9 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[Equipment]') AND [c].[name] = N'GenerationId');
+ IF @var9 IS NOT NULL EXEC(N'ALTER TABLE [Equipment] DROP CONSTRAINT ' + @var9 + ';');
+ ALTER TABLE [Equipment] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var10 nvarchar(max);
+ SELECT @var10 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[DriverInstance]') AND [c].[name] = N'GenerationId');
+ IF @var10 IS NOT NULL EXEC(N'ALTER TABLE [DriverInstance] DROP CONSTRAINT ' + @var10 + ';');
+ ALTER TABLE [DriverInstance] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var11 nvarchar(max);
+ SELECT @var11 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[Device]') AND [c].[name] = N'GenerationId');
+ IF @var11 IS NOT NULL EXEC(N'ALTER TABLE [Device] DROP CONSTRAINT ' + @var11 + ';');
+ ALTER TABLE [Device] DROP COLUMN [GenerationId];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ DECLARE @var12 nvarchar(max);
+ SELECT @var12 = QUOTENAME([d].[name])
+ FROM [sys].[default_constraints] [d]
+ INNER JOIN [sys].[columns] [c] ON [d].[parent_column_id] = [c].[column_id] AND [d].[parent_object_id] = [c].[object_id]
+ WHERE ([d].[parent_object_id] = OBJECT_ID(N'[ClusterNode]') AND [c].[name] = N'RedundancyRole');
+ IF @var12 IS NOT NULL EXEC(N'ALTER TABLE [ClusterNode] DROP CONSTRAINT ' + @var12 + ';');
+ ALTER TABLE [ClusterNode] DROP COLUMN [RedundancyRole];
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC sp_rename N'[UnsArea].[IX_UnsArea_ClusterId]', N'IX_UnsArea_Cluster', 'INDEX';
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC sp_rename N'[Namespace].[IX_Namespace_ClusterId]', N'IX_Namespace_Cluster', 'INDEX';
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC sp_rename N'[DriverInstance].[IX_DriverInstance_ClusterId]', N'IX_DriverInstance_Cluster', 'INDEX';
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [VirtualTag] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [UnsLine] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [UnsArea] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Tag] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [ScriptedAlarm] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Script] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [PollGroup] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [NodeAcl] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Namespace] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Equipment] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [DriverInstance] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ ALTER TABLE [Device] ADD [RowVersion] rowversion NOT NULL;
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE TABLE [ConfigEdit] (
+ [EditId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [EntityType] nvarchar(64) NOT NULL,
+ [EntityId] uniqueidentifier NOT NULL,
+ [FieldsJson] nvarchar(max) NOT NULL,
+ [ExecutionId] uniqueidentifier NULL,
+ [EditedBy] nvarchar(128) NOT NULL,
+ [EditedAtUtc] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [SourceNode] nvarchar(64) NOT NULL,
+ CONSTRAINT [PK_ConfigEdit] PRIMARY KEY ([EditId]),
+ CONSTRAINT [CK_ConfigEdit_FieldsJson_IsJson] CHECK (ISJSON(FieldsJson) = 1)
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE TABLE [DataProtectionKeys] (
+ [Id] int NOT NULL IDENTITY,
+ [FriendlyName] nvarchar(max) NULL,
+ [Xml] nvarchar(max) NULL,
+ CONSTRAINT [PK_DataProtectionKeys] PRIMARY KEY ([Id])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE TABLE [Deployment] (
+ [DeploymentId] uniqueidentifier NOT NULL DEFAULT (NEWSEQUENTIALID()),
+ [RevisionHash] nvarchar(64) NOT NULL,
+ [Status] int NOT NULL,
+ [CreatedBy] nvarchar(128) NOT NULL,
+ [CreatedAtUtc] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [ArtifactBlob] varbinary(max) NOT NULL,
+ [RowVersion] rowversion NOT NULL,
+ [FailureReason] nvarchar(2048) NULL,
+ [SealedAtUtc] datetime2(3) NULL,
+ CONSTRAINT [PK_Deployment] PRIMARY KEY ([DeploymentId])
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE TABLE [NodeDeploymentState] (
+ [NodeId] nvarchar(64) NOT NULL,
+ [DeploymentId] uniqueidentifier NOT NULL,
+ [Status] int NOT NULL,
+ [StartedAtUtc] datetime2(3) NOT NULL DEFAULT (SYSUTCDATETIME()),
+ [AppliedAtUtc] datetime2(3) NULL,
+ [FailureReason] nvarchar(2048) NULL,
+ [RowVersion] rowversion NOT NULL,
+ CONSTRAINT [PK_NodeDeploymentState] PRIMARY KEY ([NodeId], [DeploymentId]),
+ CONSTRAINT [FK_NodeDeploymentState_ClusterNode_NodeId] FOREIGN KEY ([NodeId]) REFERENCES [ClusterNode] ([NodeId]) ON DELETE NO ACTION,
+ CONSTRAINT [FK_NodeDeploymentState_Deployment_DeploymentId] FOREIGN KEY ([DeploymentId]) REFERENCES [Deployment] ([DeploymentId]) ON DELETE CASCADE
+ );
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_VirtualTag_Script] ON [VirtualTag] ([ScriptId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_VirtualTag_EquipmentPath] ON [VirtualTag] ([EquipmentId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_VirtualTag_LogicalId] ON [VirtualTag] ([VirtualTagId]) WHERE [VirtualTagId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_UnsLine_Area] ON [UnsLine] ([UnsAreaId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_UnsLine_AreaName] ON [UnsLine] ([UnsAreaId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_UnsLine_LogicalId] ON [UnsLine] ([UnsLineId]) WHERE [UnsLineId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_UnsArea_ClusterName] ON [UnsArea] ([ClusterId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_UnsArea_LogicalId] ON [UnsArea] ([UnsAreaId]) WHERE [UnsAreaId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Tag_Driver_Device] ON [Tag] ([DriverInstanceId], [DeviceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Tag_Equipment] ON [Tag] ([EquipmentId]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_EquipmentPath] ON [Tag] ([EquipmentId], [Name]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_FolderPath] ON [Tag] ([DriverInstanceId], [FolderPath], [Name]) WHERE [EquipmentId] IS NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Tag_LogicalId] ON [Tag] ([TagId]) WHERE [TagId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_ScriptedAlarm_Script] ON [ScriptedAlarm] ([PredicateScriptId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_ScriptedAlarm_EquipmentPath] ON [ScriptedAlarm] ([EquipmentId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_ScriptedAlarm_LogicalId] ON [ScriptedAlarm] ([ScriptedAlarmId]) WHERE [ScriptedAlarmId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Script_SourceHash] ON [Script] ([SourceHash]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Script_LogicalId] ON [Script] ([ScriptId]) WHERE [ScriptId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_PollGroup_Driver] ON [PollGroup] ([DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_PollGroup_LogicalId] ON [PollGroup] ([PollGroupId]) WHERE [PollGroupId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_NodeAcl_Cluster] ON [NodeAcl] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_NodeAcl_Group] ON [NodeAcl] ([LdapGroup]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_NodeAcl_Scope] ON [NodeAcl] ([ScopeKind], [ScopeId]) WHERE [ScopeId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_NodeAcl_GroupScope] ON [NodeAcl] ([ClusterId], [LdapGroup], [ScopeKind], [ScopeId]) WHERE [ScopeId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_NodeAcl_LogicalId] ON [NodeAcl] ([NodeAclId]) WHERE [NodeAclId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Namespace_Cluster_Kind] ON [Namespace] ([ClusterId], [Kind]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Namespace_LogicalId] ON [Namespace] ([NamespaceId]) WHERE [NamespaceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Namespace_NamespaceUri] ON [Namespace] ([NamespaceUri]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_Driver] ON [Equipment] ([DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_Line] ON [Equipment] ([UnsLineId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Equipment_MachineCode] ON [Equipment] ([MachineCode]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Equipment_SAPID] ON [Equipment] ([SAPID]) WHERE [SAPID] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_Equipment_ZTag] ON [Equipment] ([ZTag]) WHERE [ZTag] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Equipment_LinePath] ON [Equipment] ([UnsLineId], [Name]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Equipment_LogicalId] ON [Equipment] ([EquipmentId]) WHERE [EquipmentId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE UNIQUE INDEX [UX_Equipment_Uuid] ON [Equipment] ([EquipmentUuid]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_DriverInstance_Namespace] ON [DriverInstance] ([NamespaceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_DriverInstance_LogicalId] ON [DriverInstance] ([DriverInstanceId]) WHERE [DriverInstanceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Device_Driver] ON [Device] ([DriverInstanceId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE UNIQUE INDEX [UX_Device_LogicalId] ON [Device] ([DeviceId]) WHERE [DeviceId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_ClusterNode_ClusterId] ON [ClusterNode] ([ClusterId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_ConfigEdit_EditedAt] ON [ConfigEdit] ([EditedAtUtc]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_ConfigEdit_Entity] ON [ConfigEdit] ([EntityType], [EntityId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ EXEC(N'CREATE INDEX [IX_ConfigEdit_Execution] ON [ConfigEdit] ([ExecutionId]) WHERE [ExecutionId] IS NOT NULL');
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Deployment_CreatedAt] ON [Deployment] ([CreatedAtUtc]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_Deployment_Status] ON [Deployment] ([Status]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_NodeDeploymentState_Deployment] ON [NodeDeploymentState] ([DeploymentId]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ CREATE INDEX [IX_NodeDeploymentState_Status] ON [NodeDeploymentState] ([Status]);
+END;
+
+IF NOT EXISTS (
+ SELECT * FROM [__EFMigrationsHistory]
+ WHERE [MigrationId] = N'20260526081556_V2HostingAlignment'
+)
+BEGIN
+ INSERT INTO [__EFMigrationsHistory] ([MigrationId], [ProductVersion])
+ VALUES (N'20260526081556_V2HostingAlignment', N'10.0.7');
+END;
+
+COMMIT;
+GO
+
diff --git a/scripts/migration/count-rows.sql b/scripts/migration/count-rows.sql
new file mode 100644
index 0000000..7b52c86
--- /dev/null
+++ b/scripts/migration/count-rows.sql
@@ -0,0 +1,26 @@
+-- Per-table row counts for pre/post-migration audit.
+-- Covers every table relevant to the v1 -> v2 transition so the operator can confirm
+-- live-edit data was preserved and v2 tables came up empty.
+
+SELECT TableName = t.name, [Rows] = SUM(p.[rows])
+FROM sys.tables t
+JOIN sys.partitions p ON p.object_id = t.object_id AND p.index_id IN (0,1)
+WHERE t.name IN (
+ -- Live-edit configuration (rows must survive)
+ 'ServerCluster','ClusterNode','ClusterNodeCredential',
+ 'Namespace','UnsArea','UnsLine',
+ 'DriverInstance','Device','Equipment','Tag','PollGroup','VirtualTag',
+ 'NodeAcl','ExternalIdReservation',
+ 'Script','ScriptedAlarm','ScriptedAlarmState',
+ 'LdapGroupRoleMapping',
+ 'EquipmentImportBatch','EquipmentImportRow',
+ -- Status tables (rebuilt at runtime; counts informational)
+ 'DriverHostStatus','DriverInstanceResilienceStatus',
+ -- Audit (preserved)
+ 'ConfigAuditLog',
+ -- v2 deploy model (empty pre-migration, populated post)
+ 'Deployment','NodeDeploymentState','ConfigEdit','DataProtectionKeys'
+)
+GROUP BY t.name
+ORDER BY t.name;
+GO
diff --git a/src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI/ZB.MOM.WW.OtOpcUa.Client.CLI.csproj b/src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI/ZB.MOM.WW.OtOpcUa.Client.CLI.csproj
index 5802a5b..fa00ef1 100644
--- a/src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI/ZB.MOM.WW.OtOpcUa.Client.CLI.csproj
+++ b/src/Client/ZB.MOM.WW.OtOpcUa.Client.CLI/ZB.MOM.WW.OtOpcUa.Client.CLI.csproj
@@ -9,9 +9,9 @@
-
diff --git a/src/Client/ZB.MOM.WW.OtOpcUa.Client.Shared/ZB.MOM.WW.OtOpcUa.Client.Shared.csproj b/src/Client/ZB.MOM.WW.OtOpcUa.Client.Shared/ZB.MOM.WW.OtOpcUa.Client.Shared.csproj
index 57c7dff..4ad0202 100644
--- a/src/Client/ZB.MOM.WW.OtOpcUa.Client.Shared/ZB.MOM.WW.OtOpcUa.Client.Shared.csproj
+++ b/src/Client/ZB.MOM.WW.OtOpcUa.Client.Shared/ZB.MOM.WW.OtOpcUa.Client.Shared.csproj
@@ -8,8 +8,8 @@
-
diff --git a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ZB.MOM.WW.OtOpcUa.Client.UI.csproj b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ZB.MOM.WW.OtOpcUa.Client.UI.csproj
index 550a4fd..1bceb59 100644
--- a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ZB.MOM.WW.OtOpcUa.Client.UI.csproj
+++ b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ZB.MOM.WW.OtOpcUa.Client.UI.csproj
@@ -9,17 +9,17 @@
-
@@ -35,4 +35,11 @@
+
+
+
+
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/AkkaClusterOptions.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/AkkaClusterOptions.cs
new file mode 100644
index 0000000..89a7cc7
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/AkkaClusterOptions.cs
@@ -0,0 +1,26 @@
+namespace ZB.MOM.WW.OtOpcUa.Cluster;
+
+public sealed class AkkaClusterOptions
+{
+ public const string SectionName = "Cluster";
+
+ public string SystemName { get; set; } = "otopcua";
+ public string Hostname { get; set; } = "0.0.0.0";
+ public int Port { get; set; } = 4053;
+
+ ///
+ /// Hostname advertised in cluster gossip. Must be reachable by other nodes.
+ /// In docker-compose this is the container DNS name; in bare metal it's the
+ /// host's stable LAN address.
+ ///
+ public string PublicHostname { get; set; } = "127.0.0.1";
+
+ public string[] SeedNodes { get; set; } = Array.Empty();
+
+ ///
+ /// Cluster roles for this node. When empty the role list comes from
+ /// OTOPCUA_ROLES via admin , driver , dev .
+ ///
+ public string[] Roles { get; set; } = Array.Empty();
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ClusterRoleInfo.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ClusterRoleInfo.cs
new file mode 100644
index 0000000..ef1a145
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ClusterRoleInfo.cs
@@ -0,0 +1,188 @@
+using Akka.Actor;
+using Akka.Cluster;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+using CommonsNodeId = ZB.MOM.WW.OtOpcUa.Commons.Types.NodeId;
+
+namespace ZB.MOM.WW.OtOpcUa.Cluster;
+
+///
+/// Thread-safe live view of cluster membership and role topology. Subscribes to
+///
+public sealed class ClusterRoleInfo : IClusterRoleInfo, IDisposable
+{
+ private readonly Akka.Cluster.Cluster _cluster;
+ private readonly ILogger _logger;
+ private readonly CommonsNodeId _localNode;
+ private readonly HashSet _localRoles;
+ private readonly object _lock = new();
+ private readonly Dictionary _roleLeaders = new(StringComparer.Ordinal);
+ private readonly Dictionary> _membersByRole = new(StringComparer.Ordinal);
+ private IActorRef? _subscriber;
+
+ public ClusterRoleInfo(ActorSystem system, IOptions options, ILogger logger)
+ {
+ _cluster = Akka.Cluster.Cluster.Get(system);
+ _logger = logger;
+ // NodeId encodes host:port so cluster members on shared hosts (test loopback, dev VMs
+ // sharing a bind IP) stay distinct. Production hosts have unique DNS names so the port
+ // suffix is harmless redundancy.
+ _localNode = CommonsNodeId.Parse($"{options.Value.PublicHostname}:{options.Value.Port}");
+ _localRoles = new HashSet(options.Value.Roles, StringComparer.Ordinal);
+
+ SeedFromCurrentState();
+ _subscriber = system.ActorOf(Props.Create(() => new SubscriberActor(this)), "clusterroleinfo-subscriber");
+ }
+
+ public CommonsNodeId LocalNode => _localNode;
+
+ public IReadOnlySet LocalRoles => _localRoles;
+
+ public bool HasRole(string role) => _localRoles.Contains(role);
+
+ public IReadOnlyList MembersWithRole(string role)
+ {
+ lock (_lock)
+ {
+ if (!_membersByRole.TryGetValue(role, out var members)) return Array.Empty();
+ return members
+ .Select(m => ToNodeId(m.Address))
+ .ToArray();
+ }
+ }
+
+ public CommonsNodeId? RoleLeader(string role)
+ {
+ lock (_lock)
+ {
+ return _roleLeaders.TryGetValue(role, out var leader) && leader is not null
+ ? ToNodeId(leader.Address)
+ : (CommonsNodeId?)null;
+ }
+ }
+
+ public event EventHandler? RoleLeaderChanged;
+
+ private void SeedFromCurrentState()
+ {
+ var snapshot = _cluster.State;
+ lock (_lock)
+ {
+ foreach (var member in snapshot.Members)
+ foreach (var role in member.Roles)
+ {
+ if (!_membersByRole.TryGetValue(role, out var set))
+ _membersByRole[role] = set = new HashSet();
+ set.Add(member);
+ }
+
+ foreach (var role in snapshot.Members.SelectMany(m => m.Roles).Distinct())
+ {
+ var leaderAddr = _cluster.State.RoleLeader(role);
+ _roleLeaders[role] = leaderAddr is not null
+ ? snapshot.Members.FirstOrDefault(m => m.Address == leaderAddr)
+ : null;
+ }
+ }
+ }
+
+ internal void HandleMemberEvent(ClusterEvent.IMemberEvent evt)
+ {
+ lock (_lock)
+ {
+ switch (evt)
+ {
+ case ClusterEvent.MemberUp up:
+ foreach (var role in up.Member.Roles)
+ {
+ if (!_membersByRole.TryGetValue(role, out var set))
+ _membersByRole[role] = set = new HashSet();
+ set.Add(up.Member);
+ }
+ break;
+ case ClusterEvent.MemberRemoved removed:
+ foreach (var role in removed.Member.Roles)
+ if (_membersByRole.TryGetValue(role, out var set))
+ set.Remove(removed.Member);
+ break;
+ }
+ }
+ }
+
+ internal void HandleRoleLeaderChanged(ClusterEvent.RoleLeaderChanged evt)
+ {
+ CommonsNodeId? previous = null;
+ CommonsNodeId? next = null;
+ var raise = false;
+
+ lock (_lock)
+ {
+ _roleLeaders.TryGetValue(evt.Role, out var prevMember);
+ if (prevMember is not null)
+ previous = ToNodeId(prevMember.Address);
+
+ var nextMember = evt.Leader is null
+ ? null
+ : _cluster.State.Members.FirstOrDefault(m => m.Address == evt.Leader);
+
+ _roleLeaders[evt.Role] = nextMember;
+ if (nextMember is not null)
+ next = ToNodeId(nextMember.Address);
+
+ raise = !Nullable.Equals(previous, next);
+ }
+
+ if (!raise) return;
+ try
+ {
+ RoleLeaderChanged?.Invoke(this, new RoleLeaderChangedEventArgs
+ {
+ Role = evt.Role,
+ PreviousLeader = previous,
+ NewLeader = next,
+ });
+ }
+ catch (Exception ex)
+ {
+ _logger.LogWarning(ex, "RoleLeaderChanged subscriber threw for role {Role}", evt.Role);
+ }
+ }
+
+ private static CommonsNodeId ToNodeId(Akka.Actor.Address address) =>
+ CommonsNodeId.Parse($"{address.Host ?? string.Empty}:{address.Port ?? 0}");
+
+ public void Dispose()
+ {
+ _subscriber?.Tell(PoisonPill.Instance);
+ _subscriber = null;
+ }
+
+ private sealed class SubscriberActor : ReceiveActor
+ {
+ public SubscriberActor(ClusterRoleInfo owner)
+ {
+ Receive(e => owner.HandleMemberEvent(e));
+ Receive(e => owner.HandleRoleLeaderChanged(e));
+ Receive(_ => { /* no-op for now; reserved for ServiceLevel calc */ });
+ Receive(_ => { /* seeded from initial snapshot */ });
+ }
+
+ protected override void PreStart()
+ {
+ Akka.Cluster.Cluster.Get(Context.System).Subscribe(
+ Self,
+ ClusterEvent.InitialStateAsEvents,
+ typeof(ClusterEvent.IMemberEvent),
+ typeof(ClusterEvent.LeaderChanged),
+ typeof(ClusterEvent.RoleLeaderChanged));
+ }
+
+ protected override void PostStop() =>
+ Akka.Cluster.Cluster.Get(Context.System).Unsubscribe(Self);
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/HoconLoader.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/HoconLoader.cs
new file mode 100644
index 0000000..23f1b00
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/HoconLoader.cs
@@ -0,0 +1,15 @@
+namespace ZB.MOM.WW.OtOpcUa.Cluster;
+
+public static class HoconLoader
+{
+ private const string ResourceName = "ZB.MOM.WW.OtOpcUa.Cluster.Resources.akka.conf";
+
+ public static string LoadBaseConfig()
+ {
+ using var stream = typeof(HoconLoader).Assembly.GetManifestResourceStream(ResourceName)
+ ?? throw new InvalidOperationException(
+ $"Embedded resource '{ResourceName}' not found. Verify EmbeddedResource glob in csproj.");
+ using var reader = new StreamReader(stream);
+ return reader.ReadToEnd();
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/Resources/akka.conf b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/Resources/akka.conf
new file mode 100644
index 0000000..46b9711
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/Resources/akka.conf
@@ -0,0 +1,73 @@
+# Base Akka.NET cluster configuration for OtOpcUa fused-host nodes.
+#
+# Roles, seed nodes, public hostname/port, and the actor system name are overlaid
+# at runtime by AkkaHostedService — see ZB.MOM.WW.OtOpcUa.Cluster/AkkaHostedService.cs.
+# Everything else here is the cluster-wide tuning that should match across nodes.
+#
+# Tuning sourced from ScadaLink (ScadaLink.Host/Actors/AkkaHostedService.BuildHocon);
+# any divergence must be deliberate and recorded in docs/v2/Architecture.md.
+
+akka {
+ extensions = [
+ "Akka.Cluster.Tools.PublishSubscribe.DistributedPubSubExtensionProvider, Akka.Cluster.Tools"
+ ]
+
+ actor {
+ provider = cluster
+ }
+
+ remote {
+ dot-netty.tcp {
+ hostname = "0.0.0.0"
+ port = 4053
+ }
+ transport-failure-detector {
+ heartbeat-interval = 2s
+ acceptable-heartbeat-pause = 10s
+ }
+ }
+
+ cluster {
+ seed-nodes = []
+ roles = []
+ min-nr-of-members = 1
+
+ split-brain-resolver {
+ active-strategy = "keep-oldest"
+ stable-after = 15s
+ keep-oldest {
+ down-if-alone = on
+ }
+ }
+
+ failure-detector {
+ heartbeat-interval = 2s
+ threshold = 10.0
+ acceptable-heartbeat-pause = 10s
+ }
+
+ down-removal-margin = 15s
+ run-coordinated-shutdown-when-down = on
+
+ singleton {
+ singleton-name = "singleton"
+ }
+ singleton-proxy {
+ singleton-identification-interval = 1s
+ }
+ }
+
+ coordinated-shutdown {
+ run-by-clr-shutdown-hook = on
+ default-phase-timeout = 30s
+ }
+}
+
+# Pinned dispatcher used by OpcUaPublishActor (Task 44) so the OPC UA SDK sees
+# only one thread per actor instance — its session/subscription locks expect
+# strict single-threaded access.
+opcua-synchronized-dispatcher {
+ type = "PinnedDispatcher"
+ executor = "thread-pool-executor"
+ throughput = 1
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/RoleParser.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/RoleParser.cs
new file mode 100644
index 0000000..c233a19
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/RoleParser.cs
@@ -0,0 +1,29 @@
+namespace ZB.MOM.WW.OtOpcUa.Cluster;
+
+public static class RoleParser
+{
+ private static readonly HashSet Allowed = new(StringComparer.Ordinal)
+ {
+ "admin", "driver", "dev",
+ };
+
+ public static string[] Parse(string? raw)
+ {
+ if (string.IsNullOrWhiteSpace(raw)) return Array.Empty();
+
+ var roles = raw
+ .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+ .Select(r => r.ToLowerInvariant())
+ .Distinct()
+ .ToArray();
+
+ foreach (var r in roles)
+ {
+ if (!Allowed.Contains(r))
+ throw new ArgumentException(
+ $"Unknown role '{r}'. Allowed: {string.Join(", ", Allowed)}.", nameof(raw));
+ }
+
+ return roles;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ServiceCollectionExtensions.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ServiceCollectionExtensions.cs
new file mode 100644
index 0000000..eb743d0
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ServiceCollectionExtensions.cs
@@ -0,0 +1,67 @@
+using Akka.Cluster.Hosting;
+using Akka.Hosting;
+using Akka.Remote.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+namespace ZB.MOM.WW.OtOpcUa.Cluster;
+
+public static class ServiceCollectionExtensions
+{
+ ///
+ /// Binds AddAkka(...)
+ /// configurator via
+ public static IServiceCollection AddOtOpcUaCluster(this IServiceCollection services, IConfiguration configuration)
+ {
+ services.AddOptions()
+ .Bind(configuration.GetSection(AkkaClusterOptions.SectionName));
+
+ services.AddSingleton();
+
+ return services;
+ }
+
+ ///
+ /// Configures the Akka.Hosting builder with the embedded OtOpcUa HOCON (split-brain resolver,
+ /// pinned dispatcher, failure detector tuning) + remote endpoint + cluster bootstrap derived
+ /// from
+ /// services.AddAkka("otopcua", (ab, sp) =>
+ /// {
+ /// ab.WithOtOpcUaClusterBootstrap(sp);
+ /// if (hasAdmin) ab.WithOtOpcUaControlPlaneSingletons();
+ /// if (hasDriver) ab.WithOtOpcUaRuntimeActors();
+ /// });
+ ///
+ ///
+ public static AkkaConfigurationBuilder WithOtOpcUaClusterBootstrap(
+ this AkkaConfigurationBuilder builder,
+ IServiceProvider serviceProvider)
+ {
+ var options = serviceProvider.GetRequiredService>().Value;
+
+ builder.AddHocon(HoconLoader.LoadBaseConfig(), HoconAddMode.Append);
+
+ builder.WithRemoting(new RemoteOptions
+ {
+ HostName = options.Hostname,
+ Port = options.Port,
+ PublicHostName = options.PublicHostname,
+ });
+
+ builder.WithClustering(new ClusterOptions
+ {
+ SeedNodes = options.SeedNodes,
+ Roles = options.Roles,
+ });
+
+ return builder;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ZB.MOM.WW.OtOpcUa.Cluster.csproj b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ZB.MOM.WW.OtOpcUa.Cluster.csproj
new file mode 100644
index 0000000..234de21
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ZB.MOM.WW.OtOpcUa.Cluster.csproj
@@ -0,0 +1,32 @@
+
+
+
+ ZB.MOM.WW.OtOpcUa.Cluster
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IAlarmActorStateStore.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IAlarmActorStateStore.cs
new file mode 100644
index 0000000..d84d382
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IAlarmActorStateStore.cs
@@ -0,0 +1,41 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Engines;
+
+///
+/// Persistence seam for ScriptedAlarmActor 's in-memory state across actor restarts.
+/// Captures only the slice the actor's 3-state machine needs (Inactive / Active /
+/// Acknowledged + last transition + last-ack user). The fuller GxP audit trail
+/// (
+public interface IAlarmActorStateStore
+{
+ Task LoadAsync(string alarmId, CancellationToken ct);
+ Task SaveAsync(AlarmActorStateSnapshot snapshot, CancellationToken ct);
+}
+
+/// Persisted slice of ScriptedAlarmActor 's state. Active is NOT persisted —
+/// it re-derives from the evaluator on startup per Phase 7 decision #14. State here
+/// distinguishes Acknowledged vs not-yet-acknowledged for cases where the actor came up
+/// Active and operator interaction had already happened.
+/// ScriptedAlarm.ScriptedAlarmId .
+/// No-op default. Bound when no production store is configured (tests, smoke runs).
+/// Load returns null → actor boots Inactive; Save is a no-op so state doesn't leak.
+public sealed class NullAlarmActorStateStore : IAlarmActorStateStore
+{
+ public static readonly NullAlarmActorStateStore Instance = new();
+ private NullAlarmActorStateStore() { }
+ public Task LoadAsync(string alarmId, CancellationToken ct) =>
+ Task.FromResult(null);
+ public Task SaveAsync(AlarmActorStateSnapshot snapshot, CancellationToken ct) =>
+ Task.CompletedTask;
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IScriptedAlarmEvaluator.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IScriptedAlarmEvaluator.cs
new file mode 100644
index 0000000..b123936
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IScriptedAlarmEvaluator.cs
@@ -0,0 +1,30 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Engines;
+
+///
+/// Abstraction over the scripted-alarm predicate engine. Production binds this to a
+/// wrapper around ScriptedAlarmEngine from Core.ScriptedAlarms ; default
+/// binding is
+public interface IScriptedAlarmEvaluator
+{
+ ScriptedAlarmEvalResult Evaluate(string alarmId, string predicate, IReadOnlyDictionary dependencies);
+}
+
+/// Result of one alarm-predicate evaluation. Active is only meaningful when
+/// Success is true; on failure the caller should keep the prior state and log Reason.
+public sealed record ScriptedAlarmEvalResult(bool Success, bool Active, string? Reason)
+{
+ public static ScriptedAlarmEvalResult Ok(bool active) => new(true, active, null);
+ public static ScriptedAlarmEvalResult Failure(string reason) => new(false, false, reason);
+}
+
+/// Default that always returns Active = false, Success = true . Safe no-op:
+/// no alarm fires when no real engine is bound.
+public sealed class NullScriptedAlarmEvaluator : IScriptedAlarmEvaluator
+{
+ public static readonly NullScriptedAlarmEvaluator Instance = new();
+ private NullScriptedAlarmEvaluator() { }
+ public ScriptedAlarmEvalResult Evaluate(string alarmId, string predicate, IReadOnlyDictionary dependencies)
+ => ScriptedAlarmEvalResult.Ok(active: false);
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IVirtualTagEvaluator.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IVirtualTagEvaluator.cs
new file mode 100644
index 0000000..ce0d15e
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Engines/IVirtualTagEvaluator.cs
@@ -0,0 +1,36 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Engines;
+
+///
+/// Abstraction over the compiled virtual-tag expression engine. Runtime consumes this so
+/// VirtualTagEngine from
+/// Core.VirtualTags .
+///
+public interface IVirtualTagEvaluator
+{
+ ///
+ /// Evaluate
+ VirtualTagEvalResult Evaluate(string virtualTagId, string expression, IReadOnlyDictionary dependencies);
+}
+
+/// Result of one virtual-tag expression eval. Stash a Reason on every Failure so
+/// callers can emit a useful ScriptLogEntry to operators.
+public sealed record VirtualTagEvalResult(bool Success, object? Value, string? Reason)
+{
+ public static readonly VirtualTagEvalResult NoChange = new(true, null, "no-change");
+ public static VirtualTagEvalResult Ok(object? value) => new(true, value, null);
+ public static VirtualTagEvalResult Failure(string reason) => new(false, null, reason);
+}
+
+/// Returns VirtualTagEngine adapter hasn't been registered (Mac dev, tests).
+public sealed class NullVirtualTagEvaluator : IVirtualTagEvaluator
+{
+ public static readonly NullVirtualTagEvaluator Instance = new();
+ private NullVirtualTagEvaluator() { }
+ public VirtualTagEvalResult Evaluate(string virtualTagId, string expression, IReadOnlyDictionary dependencies)
+ => VirtualTagEvalResult.NoChange;
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/.gitkeep b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IAdminOperationsClient.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IAdminOperationsClient.cs
new file mode 100644
index 0000000..3a09986
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IAdminOperationsClient.cs
@@ -0,0 +1,13 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Messages.Admin;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+///
+/// Cluster-singleton-proxy client for the AdminOperationsActor . The Blazor UI calls
+/// this from any host (admin or driver role); the proxy routes the request to whichever node
+/// holds the admin singleton.
+///
+public interface IAdminOperationsClient
+{
+ Task StartDeploymentAsync(string createdBy, CancellationToken ct);
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IClusterRoleInfo.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IClusterRoleInfo.cs
new file mode 100644
index 0000000..29c1dc1
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IClusterRoleInfo.cs
@@ -0,0 +1,20 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+///
+/// Live view of the local node's identity and the cluster's role topology. Implemented by
+/// ClusterRoleInfo in OtOpcUa.Cluster ; consumed by everything that needs to
+/// distinguish admin-role vs driver-role members or react to role-leader changes (e.g. OPC UA
+/// ServiceLevel computation).
+///
+public interface IClusterRoleInfo
+{
+ NodeId LocalNode { get; }
+ IReadOnlySet LocalRoles { get; }
+ bool HasRole(string role);
+ IReadOnlyList MembersWithRole(string role);
+ NodeId? RoleLeader(string role);
+
+ event EventHandler? RoleLeaderChanged;
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IFleetDiagnosticsClient.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IFleetDiagnosticsClient.cs
new file mode 100644
index 0000000..cab512a
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/IFleetDiagnosticsClient.cs
@@ -0,0 +1,12 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+///
+/// Per-node diagnostics fetched on demand. Implemented in Phase 8 (AdminUI/Runtime wiring)
+/// over an Akka request/response — the diagnostics actor lives on the target driver node.
+///
+public interface IFleetDiagnosticsClient
+{
+ Task GetDiagnosticsAsync(NodeId nodeId, CancellationToken ct);
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/NodeDiagnosticsSnapshot.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/NodeDiagnosticsSnapshot.cs
new file mode 100644
index 0000000..e31b62f
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/NodeDiagnosticsSnapshot.cs
@@ -0,0 +1,21 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+public sealed record DriverInstanceDiagnostics(
+ Guid DriverInstanceId,
+ string Name,
+ string State,
+ int ConnectedDevices,
+ int FaultedDevices,
+ DateTime LastChangeUtc);
+
+///
+/// Per-node diagnostics returned by IFleetDiagnosticsClient . Populated by the node's
+/// local DriverHostActor via a request/response over Akka.
+///
+public sealed record NodeDiagnosticsSnapshot(
+ NodeId NodeId,
+ RevisionHash? CurrentRevision,
+ IReadOnlyList Drivers,
+ DateTime AsOfUtc);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/RoleLeaderChangedEventArgs.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/RoleLeaderChangedEventArgs.cs
new file mode 100644
index 0000000..50fb8f1
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Interfaces/RoleLeaderChangedEventArgs.cs
@@ -0,0 +1,10 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Interfaces;
+
+public sealed class RoleLeaderChangedEventArgs : EventArgs
+{
+ public required string Role { get; init; }
+ public required NodeId? PreviousLeader { get; init; }
+ public required NodeId? NewLeader { get; init; }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/.gitkeep b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeployment.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeployment.cs
new file mode 100644
index 0000000..797097c
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeployment.cs
@@ -0,0 +1,11 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Admin;
+
+///
+/// Request from the admin UI to the AdminOperationsActor singleton asking it to snapshot
+/// the current live-edit state and start a deployment.
+///
+public sealed record StartDeployment(
+ string CreatedBy,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeploymentResult.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeploymentResult.cs
new file mode 100644
index 0000000..8e72a5d
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Admin/StartDeploymentResult.cs
@@ -0,0 +1,23 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Admin;
+
+public enum StartDeploymentOutcome
+{
+ Accepted,
+ NoChanges,
+ AnotherDeploymentInFlight,
+ Rejected,
+}
+
+///
+/// Reply from the AdminOperationsActor singleton. Accepted means the snapshot
+/// was sealed and a Deployment row was created; the in-flight deployment can be
+/// tracked through fleet-status broadcasts.
+///
+public sealed record StartDeploymentResult(
+ StartDeploymentOutcome Outcome,
+ DeploymentId? DeploymentId,
+ RevisionHash? RevisionHash,
+ string? Message,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Alerts/AlarmTransitionEvent.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Alerts/AlarmTransitionEvent.cs
new file mode 100644
index 0000000..53bb6ed
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Alerts/AlarmTransitionEvent.cs
@@ -0,0 +1,25 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Alerts;
+
+///
+/// Live alarm transition published on the cluster alerts DistributedPubSub topic.
+/// Emitted by ScriptedAlarmActor (and future native-alarm bridges) when an alarm condition
+/// transitions; consumed by AlertSignalRBridge for browser fan-out and by historian
+/// adapters for durable storage.
+///
+/// ScriptedAlarm.ScriptedAlarmId for scripted alarms).
+///
+/// Cluster-broadcast audit event consumed by the AuditWriterActor singleton, which
+/// batches and idempotently inserts into ConfigAuditLog .
+///
+public sealed record AuditEvent(
+ Guid EventId,
+ string Category,
+ string Action,
+ string Actor,
+ DateTime OccurredAtUtc,
+ string? DetailsJson,
+ NodeId SourceNode,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/ApplyAck.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/ApplyAck.cs
new file mode 100644
index 0000000..10ff6f7
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/ApplyAck.cs
@@ -0,0 +1,15 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Deploy;
+
+public enum ApplyAckOutcome { Applied, Failed }
+
+///
+/// Per-node acknowledgment returned by DriverHostActor to the dispatching coordinator.
+///
+public sealed record ApplyAck(
+ DeploymentId DeploymentId,
+ NodeId NodeId,
+ ApplyAckOutcome Outcome,
+ string? FailureReason,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentFailed.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentFailed.cs
new file mode 100644
index 0000000..93878f9
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentFailed.cs
@@ -0,0 +1,14 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Deploy;
+
+///
+/// Coordinator-published event indicating that the deployment failed and was rolled back.
+/// Includes the set of nodes that NACKed or timed out so the admin UI can surface which
+/// node(s) are sticky on the prior good revision.
+///
+public sealed record DeploymentFailed(
+ DeploymentId DeploymentId,
+ string FailureReason,
+ IReadOnlyList FailedNodes,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentSealed.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentSealed.cs
new file mode 100644
index 0000000..7f98333
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DeploymentSealed.cs
@@ -0,0 +1,13 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Deploy;
+
+///
+/// Coordinator-published event indicating that every active driver node successfully applied
+/// the deployment and the row in Deployment has been transitioned to Sealed .
+///
+public sealed record DeploymentSealed(
+ DeploymentId DeploymentId,
+ RevisionHash RevisionHash,
+ DateTime SealedAtUtc,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DispatchDeployment.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DispatchDeployment.cs
new file mode 100644
index 0000000..616398f
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Deploy/DispatchDeployment.cs
@@ -0,0 +1,13 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Deploy;
+
+///
+/// Sent from the admin-role ConfigPublishCoordinator singleton to each driver node's
+/// DriverHostActor . Tells the node to fetch the deployment artifact identified by
+///
+public sealed record DispatchDeployment(
+ DeploymentId DeploymentId,
+ RevisionHash RevisionHash,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/FleetStatusChanged.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/FleetStatusChanged.cs
new file mode 100644
index 0000000..e5095e9
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/FleetStatusChanged.cs
@@ -0,0 +1,21 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Fleet;
+
+public enum FleetNodeHealth { Healthy, Degraded, Unreachable }
+
+public sealed record FleetNodeStatus(
+ NodeId NodeId,
+ FleetNodeHealth Health,
+ RevisionHash? CurrentRevision,
+ DateTime LastSeenUtc);
+
+///
+/// Periodic fleet-wide status broadcast pushed by FleetStatusBroadcaster to admin UI
+/// subscribers via SignalR.
+///
+public sealed record FleetStatusChanged(
+ IReadOnlyList Nodes,
+ DeploymentId? CurrentDeployment,
+ DateTime AsOfUtc,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/GetDiagnostics.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/GetDiagnostics.cs
new file mode 100644
index 0000000..a9efac9
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Fleet/GetDiagnostics.cs
@@ -0,0 +1,10 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Fleet;
+
+///
+/// Request a diagnostic snapshot from a per-node DriverHostActor . Sent by the admin UI's
+/// IFleetDiagnosticsClient via ActorSelection over the cluster; the local
+/// DriverHostActor responds with a NodeDiagnosticsSnapshot .
+///
+public sealed record GetDiagnostics(CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Logging/ScriptLogEntry.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Logging/ScriptLogEntry.cs
new file mode 100644
index 0000000..fe43f37
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Logging/ScriptLogEntry.cs
@@ -0,0 +1,23 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Logging;
+
+///
+/// One line of script log output published on the cluster script-logs DPS topic.
+/// Emitted by VirtualTagActor + ScriptedAlarmActor when their hosted scripts call into
+/// the runtime's logging facade; consumed by ScriptLogSignalRBridge for live
+/// browser tail-style viewing.
+///
+/// Script.ScriptId ).
+///
+/// Snapshot of a single node's redundancy state. Aggregated by RedundancyStateActor
+/// to compute fleet-wide ServiceLevel.
+///
+public sealed record NodeRedundancyState(
+ NodeId NodeId,
+ RedundancyRole Role,
+ bool IsClusterLeader,
+ bool IsRoleLeaderForDriver,
+ DateTime AsOfUtc);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Redundancy/RedundancyStateChanged.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Redundancy/RedundancyStateChanged.cs
new file mode 100644
index 0000000..6b21638
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Messages/Redundancy/RedundancyStateChanged.cs
@@ -0,0 +1,11 @@
+using ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Messages.Redundancy;
+
+///
+/// Broadcast whenever the cluster's redundancy topology changes (node up/down, role-leader
+/// change, partition heal). Subscribers compute their local OPC UA ServiceLevel from this.
+///
+public sealed record RedundancyStateChanged(
+ IReadOnlyList Nodes,
+ CorrelationId CorrelationId);
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Observability/OtOpcUaTelemetry.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Observability/OtOpcUaTelemetry.cs
new file mode 100644
index 0000000..efb9909
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Observability/OtOpcUaTelemetry.cs
@@ -0,0 +1,81 @@
+using System.Diagnostics;
+using System.Diagnostics.Metrics;
+
+namespace ZB.MOM.WW.OtOpcUa.Commons.Observability;
+
+///
+/// Central Host
+/// catches everything. No exporter is required — instruments are no-op until a listener
+/// attaches, so tests and dev hosts pay nothing for instrumentation that nobody scrapes.
+///
+/// Instrument names follow the OpenTelemetry semantic convention pattern
+/// otopcua.<subsystem>.<event> . Subsystem is one of: deploy, driver,
+/// virtualtag, scriptedalarm, opcua, redundancy.
+///
+public static class OtOpcUaTelemetry
+{
+ public const string MeterName = "ZB.MOM.WW.OtOpcUa";
+ public const string ActivitySourceName = "ZB.MOM.WW.OtOpcUa";
+
+ /// Singleton
+ public static readonly Meter Meter = new(MeterName);
+
+ /// Singleton
+ public static readonly ActivitySource ActivitySource = new(ActivitySourceName);
+
+ // ---------------- Deployment / driver-host coordination ----------------
+
+ /// Incremented every time DriverHostActor finishes applying a deployment (Ack or Reject).
+ public static readonly Counter DeploymentApplied =
+ Meter.CreateCounter("otopcua.deploy.applied", unit: "{deployment}",
+ description: "Deployments applied by a driver-role node (outcome=ack|reject).");
+
+ /// Time from DriverHostActor receiving DispatchDeployment to emitting the ack/reject.
+ public static readonly Histogram DeploymentApplyDurationSec =
+ Meter.CreateHistogram("otopcua.deploy.apply.duration", unit: "s",
+ description: "Driver-role apply latency from DispatchDeployment → Ack/Reject.");
+
+ /// DriverInstanceActor spawn count (added=new instance; stop=disposed).
+ public static readonly Counter DriverInstanceLifecycle =
+ Meter.CreateCounter("otopcua.driver.lifecycle", unit: "{event}",
+ description: "DriverInstanceActor lifecycle transitions (event=spawn|stop|fault).");
+
+ // ---------------- VirtualTag / ScriptedAlarm engines ----------------
+
+ public static readonly Counter VirtualTagEval =
+ Meter.CreateCounter("otopcua.virtualtag.eval", unit: "{eval}",
+ description: "Virtual-tag evaluations attempted (outcome=ok|fail|skip).");
+
+ public static readonly Counter ScriptedAlarmTransition =
+ Meter.CreateCounter("otopcua.scriptedalarm.transition", unit: "{transition}",
+ description: "Scripted-alarm state transitions (state=active|acknowledged|inactive).");
+
+ // ---------------- OPC UA address-space + redundancy ----------------
+
+ public static readonly Counter OpcUaSinkWrite =
+ Meter.CreateCounter("otopcua.opcua.sink.write", unit: "{write}",
+ description: "Writes that landed in IOpcUaAddressSpaceSink (kind=value|alarm|rebuild).");
+
+ public static readonly Counter ServiceLevelChange =
+ Meter.CreateCounter("otopcua.redundancy.service_level_change", unit: "{change}",
+ description: "OPC UA Server.ServiceLevel transitions emitted by the redundancy state.");
+
+ // ---------------- Convenience helpers ----------------
+
+ ///
+ /// Starts a deploy span tagged with the deployment id. Caller disposes to close. Returns
+ /// null when no listener is attached so the call site stays cheap on undecorated builds.
+ ///
+ public static Activity? StartDeployApplySpan(string deploymentId)
+ {
+ var activity = ActivitySource.StartActivity("otopcua.deploy.apply", ActivityKind.Internal);
+ activity?.SetTag("otopcua.deployment_id", deploymentId);
+ return activity;
+ }
+
+ /// Span wrapping a full OPC UA address-space rebuild (Phase7 plan → apply).
+ public static Activity? StartAddressSpaceRebuildSpan()
+ => ActivitySource.StartActivity("otopcua.opcua.address_space_rebuild", ActivityKind.Internal);
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredAddressSpaceSink.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredAddressSpaceSink.cs
new file mode 100644
index 0000000..5cd8384
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredAddressSpaceSink.cs
@@ -0,0 +1,34 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.OpcUa;
+
+///
+/// Wrapper SdkAddressSpaceSink ) wraps an
+/// OtOpcUaNodeManager that only exists after the SDK StandardServer has
+/// started — but Akka actors resolve their sink dependency at construction time, before
+/// the hosted service has booted the SDK.
+///
+/// Bound as a singleton in DI on driver-role hosts; the OPC UA hosted service calls
+///
+public sealed class DeferredAddressSpaceSink : IOpcUaAddressSpaceSink
+{
+ private volatile IOpcUaAddressSpaceSink _inner = NullOpcUaAddressSpaceSink.Instance;
+
+ /// Swap in the production sink. Pass null to revert to the null sink
+ /// (used during graceful shutdown so post-stop writes don't hit a half-disposed manager).
+ public void SetSink(IOpcUaAddressSpaceSink? sink) =>
+ _inner = sink ?? NullOpcUaAddressSpaceSink.Instance;
+
+ public void WriteValue(string nodeId, object? value, OpcUaQuality quality, DateTime sourceTimestampUtc)
+ => _inner.WriteValue(nodeId, value, quality, sourceTimestampUtc);
+
+ public void WriteAlarmState(string alarmNodeId, bool active, bool acknowledged, DateTime sourceTimestampUtc)
+ => _inner.WriteAlarmState(alarmNodeId, active, acknowledged, sourceTimestampUtc);
+
+ public void EnsureFolder(string folderNodeId, string? parentNodeId, string displayName)
+ => _inner.EnsureFolder(folderNodeId, parentNodeId, displayName);
+
+ public void RebuildAddressSpace() => _inner.RebuildAddressSpace();
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredServiceLevelPublisher.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredServiceLevelPublisher.cs
new file mode 100644
index 0000000..092845c
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/DeferredServiceLevelPublisher.cs
@@ -0,0 +1,19 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.OpcUa;
+
+///
+/// Late-binding adapter that holds an inner SdkServiceLevelPublisher only exists
+/// after StandardServer.Start . The Host's hosted service swaps the inner once the SDK
+/// is up; until then writes route through
+public sealed class DeferredServiceLevelPublisher : IServiceLevelPublisher
+{
+ private volatile IServiceLevelPublisher _inner = NullServiceLevelPublisher.Instance;
+
+ /// Swap the underlying publisher. Pass null to revert to the Null no-op.
+ public void SetInner(IServiceLevelPublisher? inner) =>
+ _inner = inner ?? NullServiceLevelPublisher.Instance;
+
+ public void Publish(byte serviceLevel) => _inner.Publish(serviceLevel);
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IOpcUaAddressSpaceSink.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IOpcUaAddressSpaceSink.cs
new file mode 100644
index 0000000..7082ddf
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IOpcUaAddressSpaceSink.cs
@@ -0,0 +1,46 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.OpcUa;
+
+///
+/// Abstraction over the OPC UA SDK's address space. OpcUaPublishActor consumes this
+/// so the Runtime project doesn't reference Opc.Ua.Server directly — production
+/// binds a real SDK-backed sink in the fused Host's wiring, dev/Mac binds the
+///
+public interface IOpcUaAddressSpaceSink
+{
+ /// Write a Variable node's current value + quality + source timestamp.
+ void WriteValue(string nodeId, object? value, OpcUaQuality quality, DateTime sourceTimestampUtc);
+
+ /// Write an alarm-condition Variable's active/acknowledged state.
+ void WriteAlarmState(string alarmNodeId, bool active, bool acknowledged, DateTime sourceTimestampUtc);
+
+ ///
+ /// Ensure a folder node exists under the given parent. Used by Phase7Applier to
+ /// materialise the UNS Area/Line/Equipment hierarchy in the address space. When
+ ///
+ void EnsureFolder(string folderNodeId, string? parentNodeId, string displayName);
+
+ ///
+ /// Tear down + repopulate the address space. Called by OpcUaPublishActor after a
+ /// successful deployment apply so the node manager reflects the new config. Idempotent.
+ ///
+ void RebuildAddressSpace();
+}
+
+/// OPC UA status code projection — Good / Uncertain / Bad. Real SDK has finer-grained
+/// codes; the engine actors only need this 3-state classification.
+public enum OpcUaQuality { Good, Uncertain, Bad }
+
+/// No-op sink. Bound by default so the actors are safe to run in dev / Mac /
+/// integration tests without a real SDK behind them.
+public sealed class NullOpcUaAddressSpaceSink : IOpcUaAddressSpaceSink
+{
+ public static readonly NullOpcUaAddressSpaceSink Instance = new();
+ private NullOpcUaAddressSpaceSink() { }
+ public void WriteValue(string nodeId, object? value, OpcUaQuality quality, DateTime sourceTimestampUtc) { }
+ public void WriteAlarmState(string alarmNodeId, bool active, bool acknowledged, DateTime sourceTimestampUtc) { }
+ public void EnsureFolder(string folderNodeId, string? parentNodeId, string displayName) { }
+ public void RebuildAddressSpace() { }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IServiceLevelPublisher.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IServiceLevelPublisher.cs
new file mode 100644
index 0000000..67f66e0
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/OpcUa/IServiceLevelPublisher.cs
@@ -0,0 +1,22 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.OpcUa;
+
+///
+/// Writes the OPC UA Server object's ServiceLevel Variable (0–255). Production binds
+/// a sink that pokes the SDK's ServiceLevel node; tests + dev mode bind
+///
+public interface IServiceLevelPublisher
+{
+ void Publish(byte serviceLevel);
+}
+
+/// No-op default that retains the last-written ServiceLevel in
+///
+public sealed class NullServiceLevelPublisher : IServiceLevelPublisher
+{
+ public static readonly NullServiceLevelPublisher Instance = new();
+ private NullServiceLevelPublisher() { }
+ public byte LastPublished { get; private set; }
+ public void Publish(byte serviceLevel) => LastPublished = serviceLevel;
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/.gitkeep b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/CorrelationId.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/CorrelationId.cs
new file mode 100644
index 0000000..da7894e
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/CorrelationId.cs
@@ -0,0 +1,13 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+public readonly record struct CorrelationId(Guid Value)
+{
+ public static CorrelationId NewId() => new(Guid.NewGuid());
+ public override string ToString() => Value.ToString("N");
+ public static CorrelationId Parse(string s) => new(Guid.ParseExact(s, "N"));
+ public static bool TryParse(string? s, out CorrelationId id)
+ {
+ if (Guid.TryParseExact(s, "N", out var g)) { id = new CorrelationId(g); return true; }
+ id = default; return false;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/DeploymentId.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/DeploymentId.cs
new file mode 100644
index 0000000..8d74194
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/DeploymentId.cs
@@ -0,0 +1,13 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+public readonly record struct DeploymentId(Guid Value)
+{
+ public static DeploymentId NewId() => new(Guid.NewGuid());
+ public override string ToString() => Value.ToString("N");
+ public static DeploymentId Parse(string s) => new(Guid.ParseExact(s, "N"));
+ public static bool TryParse(string? s, out DeploymentId id)
+ {
+ if (Guid.TryParseExact(s, "N", out var g)) { id = new DeploymentId(g); return true; }
+ id = default; return false;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/ExecutionId.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/ExecutionId.cs
new file mode 100644
index 0000000..7920a66
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/ExecutionId.cs
@@ -0,0 +1,13 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+public readonly record struct ExecutionId(Guid Value)
+{
+ public static ExecutionId NewId() => new(Guid.NewGuid());
+ public override string ToString() => Value.ToString("N");
+ public static ExecutionId Parse(string s) => new(Guid.ParseExact(s, "N"));
+ public static bool TryParse(string? s, out ExecutionId id)
+ {
+ if (Guid.TryParseExact(s, "N", out var g)) { id = new ExecutionId(g); return true; }
+ id = default; return false;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/NodeId.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/NodeId.cs
new file mode 100644
index 0000000..273f7a3
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/NodeId.cs
@@ -0,0 +1,20 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+///
+/// Logical cluster node identifier — typically the host name configured on a fused
+/// OtOpcUa.Host instance. NOT to be confused with OPC UA NodeId from the
+/// Opc.Ua.Core stack.
+///
+public readonly record struct NodeId(string Value)
+{
+ public override string ToString() => Value;
+ public static NodeId Parse(string s) =>
+ string.IsNullOrWhiteSpace(s)
+ ? throw new ArgumentException("NodeId value cannot be empty.", nameof(s))
+ : new NodeId(s);
+ public static bool TryParse(string? s, out NodeId id)
+ {
+ if (!string.IsNullOrWhiteSpace(s)) { id = new NodeId(s); return true; }
+ id = default; return false;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/RevisionHash.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/RevisionHash.cs
new file mode 100644
index 0000000..30440eb
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/Types/RevisionHash.cs
@@ -0,0 +1,19 @@
+namespace ZB.MOM.WW.OtOpcUa.Commons.Types;
+
+///
+/// SHA-256 hex digest identifying a config snapshot revision. Storage form is lowercase
+/// 64-char hex (no 0x prefix). Empty hash is invalid.
+///
+public readonly record struct RevisionHash(string Value)
+{
+ public override string ToString() => Value;
+ public static RevisionHash Parse(string s) =>
+ string.IsNullOrWhiteSpace(s)
+ ? throw new ArgumentException("RevisionHash value cannot be empty.", nameof(s))
+ : new RevisionHash(s);
+ public static bool TryParse(string? s, out RevisionHash hash)
+ {
+ if (!string.IsNullOrWhiteSpace(s)) { hash = new RevisionHash(s); return true; }
+ hash = default; return false;
+ }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Commons/ZB.MOM.WW.OtOpcUa.Commons.csproj b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/ZB.MOM.WW.OtOpcUa.Commons.csproj
new file mode 100644
index 0000000..e92789a
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Commons/ZB.MOM.WW.OtOpcUa.Commons.csproj
@@ -0,0 +1,12 @@
+
+
+
+ ZB.MOM.WW.OtOpcUa.Commons
+ true
+
+
+
+
+
+
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ApplyCallbacks.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ApplyCallbacks.cs
deleted file mode 100644
index 585ed19..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ApplyCallbacks.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
-
-///
-/// Host-supplied callbacks invoked as the applier walks the diff. Callbacks are idempotent on
-/// retry (the applier may re-invoke with the same inputs if a later stage fails — nodes
-/// register-applied to the central DB only after success). Order: namespace → driver → device →
-/// equipment → poll group → tag, with Removed before Added/Modified.
-///
-public sealed class ApplyCallbacks
-{
- public Func, CancellationToken, Task>? OnNamespace { get; init; }
- public Func, CancellationToken, Task>? OnDriver { get; init; }
- public Func, CancellationToken, Task>? OnDevice { get; init; }
- public Func, CancellationToken, Task>? OnEquipment { get; init; }
- public Func, CancellationToken, Task>? OnPollGroup { get; init; }
- public Func, CancellationToken, Task>? OnTag { get; init; }
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ChangeKind.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ChangeKind.cs
deleted file mode 100644
index 56f3618..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/ChangeKind.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
-
-public enum ChangeKind
-{
- Added,
- Removed,
- Modified,
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs
deleted file mode 100644
index 982b026..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
-
-public sealed class GenerationApplier(ApplyCallbacks callbacks) : IGenerationApplier
-{
- public async Task ApplyAsync(DraftSnapshot? from, DraftSnapshot to, CancellationToken ct)
- {
- var diff = GenerationDiffer.Compute(from, to);
- var errors = new List();
-
- // Removed first, then Added/Modified — prevents FK dangling while cascades settle.
- await ApplyPass(diff.Tags, ChangeKind.Removed, callbacks.OnTag, errors, ct);
- await ApplyPass(diff.PollGroups, ChangeKind.Removed, callbacks.OnPollGroup, errors, ct);
- await ApplyPass(diff.Equipment, ChangeKind.Removed, callbacks.OnEquipment, errors, ct);
- await ApplyPass(diff.Devices, ChangeKind.Removed, callbacks.OnDevice, errors, ct);
- await ApplyPass(diff.Drivers, ChangeKind.Removed, callbacks.OnDriver, errors, ct);
- await ApplyPass(diff.Namespaces, ChangeKind.Removed, callbacks.OnNamespace, errors, ct);
-
- foreach (var kind in new[] { ChangeKind.Added, ChangeKind.Modified })
- {
- // Honour cancellation between passes — a caller can abort the apply between Removed
- // and Added phases even if individual callbacks don't observe the token themselves
- // (Configuration-007).
- ct.ThrowIfCancellationRequested();
- await ApplyPass(diff.Namespaces, kind, callbacks.OnNamespace, errors, ct);
- await ApplyPass(diff.Drivers, kind, callbacks.OnDriver, errors, ct);
- await ApplyPass(diff.Devices, kind, callbacks.OnDevice, errors, ct);
- await ApplyPass(diff.Equipment, kind, callbacks.OnEquipment, errors, ct);
- await ApplyPass(diff.PollGroups, kind, callbacks.OnPollGroup, errors, ct);
- await ApplyPass(diff.Tags, kind, callbacks.OnTag, errors, ct);
- }
-
- return errors.Count == 0 ? ApplyResult.Ok(diff) : ApplyResult.Fail(diff, errors);
- }
-
- private static async Task ApplyPass(
- IReadOnlyList> changes,
- ChangeKind kind,
- Func, CancellationToken, Task>? callback,
- List errors,
- CancellationToken ct)
- {
- if (callback is null) return;
-
- foreach (var change in changes.Where(c => c.Kind == kind))
- {
- try { await callback(change, ct); }
- // Configuration-007: cancellation must propagate, not be silently recorded as an
- // entity error. Distinguish caller cancellation (token signalled) from any
- // OperationCanceledException raised independently of the caller's token, which we
- // still want to surface as an entity error so a single misbehaving callback does
- // not crash the entire apply.
- catch (OperationCanceledException) when (ct.IsCancellationRequested) { throw; }
- catch (Exception ex) { errors.Add($"{typeof(T).Name} {change.Kind} '{change.LogicalId}': {ex.Message}"); }
- }
- }
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationDiff.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationDiff.cs
deleted file mode 100644
index 6813f62..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationDiff.cs
+++ /dev/null
@@ -1,70 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
-using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
-
-///
-/// Per-entity diff computed locally on the node. The enumerable order matches the dependency
-/// order expected by
-public sealed record GenerationDiff(
- IReadOnlyList> Namespaces,
- IReadOnlyList> Drivers,
- IReadOnlyList> Devices,
- IReadOnlyList> Equipment,
- IReadOnlyList> PollGroups,
- IReadOnlyList> Tags);
-
-public sealed record EntityChange(ChangeKind Kind, string LogicalId, T? From, T? To);
-
-public static class GenerationDiffer
-{
- public static GenerationDiff Compute(DraftSnapshot? from, DraftSnapshot to)
- {
- from ??= new DraftSnapshot { GenerationId = 0, ClusterId = to.ClusterId };
-
- return new GenerationDiff(
- Namespaces: DiffById(from.Namespaces, to.Namespaces, x => x.NamespaceId,
- (a, b) => (a.ClusterId, a.NamespaceUri, a.Kind, a.Enabled, a.Notes)
- == (b.ClusterId, b.NamespaceUri, b.Kind, b.Enabled, b.Notes)),
- Drivers: DiffById(from.DriverInstances, to.DriverInstances, x => x.DriverInstanceId,
- (a, b) => (a.ClusterId, a.NamespaceId, a.Name, a.DriverType, a.Enabled, a.DriverConfig)
- == (b.ClusterId, b.NamespaceId, b.Name, b.DriverType, b.Enabled, b.DriverConfig)),
- Devices: DiffById(from.Devices, to.Devices, x => x.DeviceId,
- (a, b) => (a.DriverInstanceId, a.Name, a.Enabled, a.DeviceConfig)
- == (b.DriverInstanceId, b.Name, b.Enabled, b.DeviceConfig)),
- Equipment: DiffById(from.Equipment, to.Equipment, x => x.EquipmentId,
- (a, b) => (a.EquipmentUuid, a.DriverInstanceId, a.UnsLineId, a.Name, a.MachineCode, a.ZTag, a.SAPID, a.Enabled)
- == (b.EquipmentUuid, b.DriverInstanceId, b.UnsLineId, b.Name, b.MachineCode, b.ZTag, b.SAPID, b.Enabled)),
- PollGroups: DiffById(from.PollGroups, to.PollGroups, x => x.PollGroupId,
- (a, b) => (a.DriverInstanceId, a.Name, a.IntervalMs)
- == (b.DriverInstanceId, b.Name, b.IntervalMs)),
- Tags: DiffById(from.Tags, to.Tags, x => x.TagId,
- (a, b) => (a.DriverInstanceId, a.DeviceId, a.EquipmentId, a.PollGroupId, a.FolderPath, a.Name, a.DataType, a.AccessLevel, a.WriteIdempotent, a.TagConfig)
- == (b.DriverInstanceId, b.DeviceId, b.EquipmentId, b.PollGroupId, b.FolderPath, b.Name, b.DataType, b.AccessLevel, b.WriteIdempotent, b.TagConfig)));
- }
-
- private static List> DiffById(
- IReadOnlyList from, IReadOnlyList to,
- Func id, Func equal)
- {
- var fromById = from.ToDictionary(id);
- var toById = to.ToDictionary(id);
- var result = new List>();
-
- foreach (var (logicalId, src) in fromById.Where(kv => !toById.ContainsKey(kv.Key)))
- result.Add(new(ChangeKind.Removed, logicalId, src, default));
-
- foreach (var (logicalId, dst) in toById)
- {
- if (!fromById.TryGetValue(logicalId, out var src))
- result.Add(new(ChangeKind.Added, logicalId, default, dst));
- else if (!equal(src, dst))
- result.Add(new(ChangeKind.Modified, logicalId, src, dst));
- }
-
- return result;
- }
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/IGenerationApplier.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/IGenerationApplier.cs
deleted file mode 100644
index 257fc4b..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/IGenerationApplier.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Validation;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Apply;
-
-///
-/// Applies a
-public interface IGenerationApplier
-{
- Task ApplyAsync(DraftSnapshot? from, DraftSnapshot to, CancellationToken ct);
-}
-
-public sealed record ApplyResult(
- bool Succeeded,
- GenerationDiff Diff,
- IReadOnlyList Errors)
-{
- public static ApplyResult Ok(GenerationDiff diff) => new(true, diff, []);
- public static ApplyResult Fail(GenerationDiff diff, IReadOnlyList errors) => new(false, diff, errors);
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNode.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNode.cs
index f86fbb4..5c95ec9 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNode.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNode.cs
@@ -1,5 +1,3 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
/// Physical OPC UA server node within a
@@ -10,8 +8,6 @@ public sealed class ClusterNode
public required string ClusterId { get; set; }
- public required RedundancyRole RedundancyRole { get; set; }
-
/// Machine hostname / IP.
public required string Host { get; set; }
@@ -47,5 +43,4 @@ public sealed class ClusterNode
// Navigation
public ServerCluster? Cluster { get; set; }
public ICollection Credentials { get; set; } = [];
- public ClusterNodeGenerationState? GenerationState { get; set; }
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNodeGenerationState.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNodeGenerationState.cs
deleted file mode 100644
index f66bc73..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ClusterNodeGenerationState.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
-
-///
-/// Tracks which generation each node has applied. Per-node (not per-cluster) — both nodes of a
-/// 2-node cluster track independently per decision #84.
-///
-public sealed class ClusterNodeGenerationState
-{
- public required string NodeId { get; set; }
-
- public long? CurrentGenerationId { get; set; }
-
- public DateTime? LastAppliedAt { get; set; }
-
- public NodeApplyStatus? LastAppliedStatus { get; set; }
-
- public string? LastAppliedError { get; set; }
-
- /// Updated on every poll for liveness detection.
- public DateTime? LastSeenAt { get; set; }
-
- public ClusterNode? Node { get; set; }
- public ConfigGeneration? CurrentGeneration { get; set; }
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigAuditLog.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigAuditLog.cs
index 35eaa89..627d5ee 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigAuditLog.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigAuditLog.cs
@@ -22,4 +22,16 @@ public sealed class ConfigAuditLog
public long? GenerationId { get; set; }
public string? DetailsJson { get; set; }
+
+ ///
+ /// Stable per-event identifier from AuditEvent.EventId . Filtered unique index on
+ /// this column gives cross-restart idempotency for the batched AuditWriterActor: a flush
+ /// that retries after a process crash can re-send the same EventId without producing a
+ /// duplicate row. Nullable so pre-v2 rows backfill cleanly.
+ ///
+ public Guid? EventId { get; set; }
+
+ /// Correlation ID from AuditEvent.CorrelationId so an audit row joins to its
+ /// originating request/workflow. Nullable for the same backfill reason as
+ public Guid? CorrelationId { get; set; }
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigEdit.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigEdit.cs
new file mode 100644
index 0000000..237fcb1
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigEdit.cs
@@ -0,0 +1,27 @@
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
+
+///
+/// Append-only audit row written by AdminOperationsActor on every mutating live-edit
+/// operation. The ExecutionId optionally correlates a sequence of edits that ran inside one
+/// admin transaction (e.g. an import batch that updates many Equipment rows).
+///
+public sealed class ConfigEdit
+{
+ public Guid EditId { get; init; } = Guid.NewGuid();
+
+ public required string EntityType { get; init; }
+
+ public Guid EntityId { get; init; }
+
+ /// JSON payload of the column-name → new-value pairs touched by this edit.
+ public required string FieldsJson { get; init; }
+
+ /// Optional correlation across edits inside a single admin operation.
+ public Guid? ExecutionId { get; init; }
+
+ public required string EditedBy { get; init; }
+
+ public DateTime EditedAtUtc { get; init; } = DateTime.UtcNow;
+
+ public required string SourceNode { get; init; }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigGeneration.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigGeneration.cs
deleted file mode 100644
index eb9da1a..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ConfigGeneration.cs
+++ /dev/null
@@ -1,32 +0,0 @@
-using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
-
-///
-/// Atomic, immutable snapshot of one cluster's configuration.
-/// Per decision #82 — cluster-scoped, not fleet-scoped.
-///
-public sealed class ConfigGeneration
-{
- /// Monotonically increasing ID, generated by IDENTITY(1, 1) .
- public long GenerationId { get; set; }
-
- public required string ClusterId { get; set; }
-
- public required GenerationStatus Status { get; set; }
-
- public long? ParentGenerationId { get; set; }
-
- public DateTime? PublishedAt { get; set; }
-
- public string? PublishedBy { get; set; }
-
- public string? Notes { get; set; }
-
- public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
-
- public required string CreatedBy { get; set; }
-
- public ServerCluster? Cluster { get; set; }
- public ConfigGeneration? Parent { get; set; }
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Deployment.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Deployment.cs
new file mode 100644
index 0000000..8a4afac
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Deployment.cs
@@ -0,0 +1,30 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
+
+///
+/// Immutable snapshot of a config artifact dispatched to every driver-role node by the
+/// ConfigPublishCoordinator. Replaces the v1 ConfigGeneration draft/publish
+/// row; the ArtifactBlob carries the SnapshotAndFlatten() output produced by
+/// AdminOperationsActor.
+///
+public sealed class Deployment
+{
+ public Guid DeploymentId { get; init; } = Guid.NewGuid();
+
+ public required string RevisionHash { get; init; }
+
+ public DeploymentStatus Status { get; set; } = DeploymentStatus.Dispatching;
+
+ public required string CreatedBy { get; init; }
+
+ public DateTime CreatedAtUtc { get; init; } = DateTime.UtcNow;
+
+ public byte[] ArtifactBlob { get; init; } = Array.Empty();
+
+ public byte[] RowVersion { get; set; } = Array.Empty();
+
+ public string? FailureReason { get; set; }
+
+ public DateTime? SealedAtUtc { get; set; }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Device.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Device.cs
index 603005b..736cef3 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Device.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Device.cs
@@ -5,8 +5,6 @@ public sealed class Device
{
public Guid DeviceRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string DeviceId { get; set; }
/// Logical FK to
@@ -19,5 +17,6 @@ public sealed class Device
/// Schemaless per-driver-type device config (host, port, unit ID, slot, etc.).
public required string DeviceConfig { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/DriverInstance.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/DriverInstance.cs
index f2168a3..3927622 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/DriverInstance.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/DriverInstance.cs
@@ -5,8 +5,6 @@ public sealed class DriverInstance
{
public Guid DriverInstanceRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string DriverInstanceId { get; set; }
public required string ClusterId { get; set; }
@@ -45,6 +43,8 @@ public sealed class DriverInstance
///
public string? ResilienceConfig { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
+
public ServerCluster? Cluster { get; set; }
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Equipment.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Equipment.cs
index adc68ae..d4cd5e6 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Equipment.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Equipment.cs
@@ -9,8 +9,6 @@ public sealed class Equipment
{
public Guid EquipmentRowId { get; set; }
- public long GenerationId { get; set; }
-
///
/// System-generated stable internal logical ID. Format: 'EQ-' + first 12 hex chars of EquipmentUuid .
/// NEVER operator-supplied, NEVER in CSV imports, NEVER editable in Admin UI (decision #125).
@@ -60,5 +58,6 @@ public sealed class Equipment
public bool Enabled { get; set; } = true;
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Namespace.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Namespace.cs
index fea7459..c22b789 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Namespace.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Namespace.cs
@@ -10,9 +10,7 @@ public sealed class Namespace
{
public Guid NamespaceRowId { get; set; }
- public long GenerationId { get; set; }
-
- /// Stable logical ID across generations, e.g. "LINE3-OPCUA-equipment".
+ /// Stable logical ID, e.g. "LINE3-OPCUA-equipment". Globally unique in v2.
public required string NamespaceId { get; set; }
public required string ClusterId { get; set; }
@@ -26,6 +24,8 @@ public sealed class Namespace
public string? Notes { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
+
public ServerCluster? Cluster { get; set; }
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeAcl.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeAcl.cs
index 57cb906..a69287b 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeAcl.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeAcl.cs
@@ -10,8 +10,6 @@ public sealed class NodeAcl
{
public Guid NodeAclRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string NodeAclId { get; set; }
public required string ClusterId { get; set; }
@@ -28,5 +26,6 @@ public sealed class NodeAcl
public string? Notes { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeDeploymentState.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeDeploymentState.cs
new file mode 100644
index 0000000..0a53094
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/NodeDeploymentState.cs
@@ -0,0 +1,29 @@
+using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
+
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
+
+///
+/// Per-(node, deployment) apply progress row owned by the DriverHostActor. Replaces the
+/// v1 ClusterNodeGenerationState single-row-per-node model with a history
+/// of every apply attempt so the ConfigPublishCoordinator can reconstruct in-flight state
+/// after a failover.
+///
+public sealed class NodeDeploymentState
+{
+ public required string NodeId { get; init; }
+
+ public Guid DeploymentId { get; init; }
+
+ public NodeDeploymentStatus Status { get; set; } = NodeDeploymentStatus.Applying;
+
+ public DateTime StartedAtUtc { get; set; } = DateTime.UtcNow;
+
+ public DateTime? AppliedAtUtc { get; set; }
+
+ public string? FailureReason { get; set; }
+
+ public byte[] RowVersion { get; set; } = Array.Empty();
+
+ public ClusterNode? Node { get; set; }
+ public Deployment? Deployment { get; set; }
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/PollGroup.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/PollGroup.cs
index 856fad2..5d6c99b 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/PollGroup.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/PollGroup.cs
@@ -5,8 +5,6 @@ public sealed class PollGroup
{
public Guid PollGroupRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string PollGroupId { get; set; }
public required string DriverInstanceId { get; set; }
@@ -15,5 +13,6 @@ public sealed class PollGroup
public int IntervalMs { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Script.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Script.cs
index 67174bf..056340e 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Script.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Script.cs
@@ -17,9 +17,8 @@ namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
public sealed class Script
{
public Guid ScriptRowId { get; set; }
- public long GenerationId { get; set; }
- /// Stable logical id. Carries across generations.
+ /// Stable logical id. Globally unique in v2.
public required string ScriptId { get; set; }
/// Operator-friendly name for log filtering + Admin UI list view.
@@ -34,5 +33,6 @@ public sealed class Script
/// Language — always "CSharp" today; placeholder for future engines (Python/Lua).
public string Language { get; set; } = "CSharp";
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ScriptedAlarm.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ScriptedAlarm.cs
index f99f4be..cb5d171 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ScriptedAlarm.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ScriptedAlarm.cs
@@ -17,9 +17,8 @@ namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
public sealed class ScriptedAlarm
{
public Guid ScriptedAlarmRowId { get; set; }
- public long GenerationId { get; set; }
- /// Stable logical id — drives AlarmConditionType.ConditionName .
+ /// Stable logical id — drives AlarmConditionType.ConditionName . Globally unique in v2.
public required string ScriptedAlarmId { get; set; }
/// Logical FK to
@@ -55,5 +54,6 @@ public sealed class ScriptedAlarm
public bool Enabled { get; set; } = true;
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ServerCluster.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ServerCluster.cs
index 08f429a..159bb79 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ServerCluster.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/ServerCluster.cs
@@ -38,5 +38,4 @@ public sealed class ServerCluster
// Navigation
public ICollection Nodes { get; set; } = [];
public ICollection Namespaces { get; set; } = [];
- public ICollection Generations { get; set; } = [];
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Tag.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Tag.cs
index 35f2c17..ec2f822 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Tag.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/Tag.cs
@@ -11,8 +11,6 @@ public sealed class Tag
{
public Guid TagRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string TagId { get; set; }
public required string DriverInstanceId { get; set; }
@@ -43,5 +41,6 @@ public sealed class Tag
/// Register address / scaling / poll group / byte-order / etc. — schemaless per driver type.
public required string TagConfig { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsArea.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsArea.cs
index d1b0bd0..36fad95 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsArea.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsArea.cs
@@ -5,8 +5,6 @@ public sealed class UnsArea
{
public Guid UnsAreaRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string UnsAreaId { get; set; }
public required string ClusterId { get; set; }
@@ -16,6 +14,8 @@ public sealed class UnsArea
public string? Notes { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
+
public ServerCluster? Cluster { get; set; }
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsLine.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsLine.cs
index 1a41b74..d95e7d1 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsLine.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/UnsLine.cs
@@ -5,11 +5,9 @@ public sealed class UnsLine
{
public Guid UnsLineRowId { get; set; }
- public long GenerationId { get; set; }
-
public required string UnsLineId { get; set; }
- /// Logical FK to
+ /// Logical FK to
public required string UnsAreaId { get; set; }
/// UNS level 4 segment: matches ^[a-z0-9-]{1,32}$ OR equals literal _default .
@@ -17,5 +15,6 @@ public sealed class UnsLine
public string? Notes { get; set; }
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/VirtualTag.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/VirtualTag.cs
index eff66a6..bf160cc 100644
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/VirtualTag.cs
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Entities/VirtualTag.cs
@@ -21,9 +21,8 @@ namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;
public sealed class VirtualTag
{
public Guid VirtualTagRowId { get; set; }
- public long GenerationId { get; set; }
- /// Stable logical id.
+ /// Stable logical id. Globally unique in v2.
public required string VirtualTagId { get; set; }
/// Logical FK to
@@ -49,5 +48,6 @@ public sealed class VirtualTag
public bool Enabled { get; set; } = true;
- public ConfigGeneration? Generation { get; set; }
+ /// Optimistic concurrency token for last-write-wins detection in the v2 live-edit model.
+ public byte[] RowVersion { get; set; } = Array.Empty();
}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/DeploymentStatus.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/DeploymentStatus.cs
new file mode 100644
index 0000000..e268048
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/DeploymentStatus.cs
@@ -0,0 +1,15 @@
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Enums;
+
+///
+/// Lifecycle of a deployment artifact dispatched by the v2 ConfigPublishCoordinator.
+/// Replaces the v1 ConfigGeneration draft/publish lifecycle (decision tracked in the
+/// v2 hosting-alignment design doc).
+///
+public enum DeploymentStatus
+{
+ Dispatching = 0,
+ AwaitingApplyAcks = 1,
+ Sealed = 2,
+ PartiallyFailed = 3,
+ TimedOut = 4,
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/GenerationStatus.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/GenerationStatus.cs
deleted file mode 100644
index 1ff8847..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/GenerationStatus.cs
+++ /dev/null
@@ -1,10 +0,0 @@
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
-/// Generation lifecycle state. Draft → Published → Superseded | RolledBack.
-public enum GenerationStatus
-{
- Draft,
- Published,
- Superseded,
- RolledBack,
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeApplyStatus.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeApplyStatus.cs
deleted file mode 100644
index 44bc0ca..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeApplyStatus.cs
+++ /dev/null
@@ -1,10 +0,0 @@
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
-/// Status tracked per node in
-public enum NodeApplyStatus
-{
- Applied,
- RolledBack,
- Failed,
- InProgress,
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeDeploymentStatus.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeDeploymentStatus.cs
new file mode 100644
index 0000000..1ce5de6
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodeDeploymentStatus.cs
@@ -0,0 +1,12 @@
+namespace ZB.MOM.WW.OtOpcUa.Configuration.Enums;
+
+///
+/// Per-node deployment apply state. Replaces the v1 NodeApplyStatus that was attached to
+/// ClusterNodeGenerationState.
+///
+public enum NodeDeploymentStatus
+{
+ Applying = 0,
+ Applied = 1,
+ Failed = 2,
+}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/RedundancyRole.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/RedundancyRole.cs
deleted file mode 100644
index e0e9ece..0000000
--- a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/RedundancyRole.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-namespace ZB.MOM.WW.OtOpcUa.Configuration.Enums;
-
-/// Per-node redundancy role within a cluster. Per decision #84.
-public enum RedundancyRole
-{
- Primary,
- Secondary,
- Standalone,
-}
diff --git a/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260526081556_V2HostingAlignment.Designer.cs b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260526081556_V2HostingAlignment.Designer.cs
new file mode 100644
index 0000000..7b1008c
--- /dev/null
+++ b/src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260526081556_V2HostingAlignment.Designer.cs
@@ -0,0 +1,1744 @@
+// ("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("int");
+
+ SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("Id"));
+
+ b.Property("FriendlyName")
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("Xml")
+ .HasColumnType("nvarchar(max)");
+
+ b.HasKey("Id");
+
+ b.ToTable("DataProtectionKeys", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.ClusterNode", b =>
+ {
+ b.Property("NodeId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("ApplicationUri")
+ .IsRequired()
+ .HasMaxLength(256)
+ .HasColumnType("nvarchar(256)");
+
+ b.Property("ClusterId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("CreatedAt")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("datetime2(3)")
+ .HasDefaultValueSql("SYSUTCDATETIME()");
+
+ b.Property("CreatedBy")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("DashboardPort")
+ .HasColumnType("int");
+
+ b.Property("DriverConfigOverridesJson")
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("Enabled")
+ .HasColumnType("bit");
+
+ b.Property("Host")
+ .IsRequired()
+ .HasMaxLength(255)
+ .HasColumnType("nvarchar(255)");
+
+ b.Property("LastSeenAt")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("OpcUaPort")
+ .HasColumnType("int");
+
+ b.Property("ServiceLevelBase")
+ .HasColumnType("tinyint");
+
+ b.HasKey("NodeId");
+
+ b.HasIndex("ApplicationUri")
+ .IsUnique()
+ .HasDatabaseName("UX_ClusterNode_ApplicationUri");
+
+ b.HasIndex("ClusterId")
+ .HasDatabaseName("IX_ClusterNode_ClusterId");
+
+ b.ToTable("ClusterNode", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.ClusterNodeCredential", b =>
+ {
+ b.Property("CredentialId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("CreatedAt")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("datetime2(3)")
+ .HasDefaultValueSql("SYSUTCDATETIME()");
+
+ b.Property("CreatedBy")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("Enabled")
+ .HasColumnType("bit");
+
+ b.Property("Kind")
+ .IsRequired()
+ .HasMaxLength(32)
+ .HasColumnType("nvarchar(32)");
+
+ b.Property("NodeId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("RotatedAt")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("Value")
+ .IsRequired()
+ .HasMaxLength(512)
+ .HasColumnType("nvarchar(512)");
+
+ b.HasKey("CredentialId");
+
+ b.HasIndex("Kind", "Value")
+ .IsUnique()
+ .HasDatabaseName("UX_ClusterNodeCredential_Value")
+ .HasFilter("[Enabled] = 1");
+
+ b.HasIndex("NodeId", "Enabled")
+ .HasDatabaseName("IX_ClusterNodeCredential_NodeId");
+
+ b.ToTable("ClusterNodeCredential", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.ConfigAuditLog", b =>
+ {
+ b.Property("AuditId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("bigint");
+
+ SqlServerPropertyBuilderExtensions.UseIdentityColumn(b.Property("AuditId"));
+
+ b.Property("ClusterId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DetailsJson")
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("EventType")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("GenerationId")
+ .HasColumnType("bigint");
+
+ b.Property("NodeId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("Principal")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("Timestamp")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("datetime2(3)")
+ .HasDefaultValueSql("SYSUTCDATETIME()");
+
+ b.HasKey("AuditId");
+
+ b.HasIndex("GenerationId")
+ .HasDatabaseName("IX_ConfigAuditLog_Generation")
+ .HasFilter("[GenerationId] IS NOT NULL");
+
+ b.HasIndex("ClusterId", "Timestamp")
+ .IsDescending(false, true)
+ .HasDatabaseName("IX_ConfigAuditLog_Cluster_Time");
+
+ b.ToTable("ConfigAuditLog", null, t =>
+ {
+ t.HasCheckConstraint("CK_ConfigAuditLog_DetailsJson_IsJson", "DetailsJson IS NULL OR ISJSON(DetailsJson) = 1");
+ });
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.ConfigEdit", b =>
+ {
+ b.Property("EditId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("EditedAtUtc")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("datetime2(3)")
+ .HasDefaultValueSql("SYSUTCDATETIME()");
+
+ b.Property("EditedBy")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("EntityId")
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("EntityType")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("ExecutionId")
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("FieldsJson")
+ .IsRequired()
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("SourceNode")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.HasKey("EditId");
+
+ b.HasIndex("EditedAtUtc")
+ .HasDatabaseName("IX_ConfigEdit_EditedAt");
+
+ b.HasIndex("ExecutionId")
+ .HasDatabaseName("IX_ConfigEdit_Execution")
+ .HasFilter("[ExecutionId] IS NOT NULL");
+
+ b.HasIndex("EntityType", "EntityId")
+ .HasDatabaseName("IX_ConfigEdit_Entity");
+
+ b.ToTable("ConfigEdit", null, t =>
+ {
+ t.HasCheckConstraint("CK_ConfigEdit_FieldsJson_IsJson", "ISJSON(FieldsJson) = 1");
+ });
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.Deployment", b =>
+ {
+ b.Property("DeploymentId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("ArtifactBlob")
+ .IsRequired()
+ .HasColumnType("varbinary(max)");
+
+ b.Property("CreatedAtUtc")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("datetime2(3)")
+ .HasDefaultValueSql("SYSUTCDATETIME()");
+
+ b.Property("CreatedBy")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("FailureReason")
+ .HasMaxLength(2048)
+ .HasColumnType("nvarchar(2048)");
+
+ b.Property("RevisionHash")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("RowVersion")
+ .IsConcurrencyToken()
+ .IsRequired()
+ .ValueGeneratedOnAddOrUpdate()
+ .HasColumnType("rowversion");
+
+ b.Property("SealedAtUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("Status")
+ .HasColumnType("int");
+
+ b.HasKey("DeploymentId");
+
+ b.HasIndex("CreatedAtUtc")
+ .HasDatabaseName("IX_Deployment_CreatedAt");
+
+ b.HasIndex("Status")
+ .HasDatabaseName("IX_Deployment_Status");
+
+ b.ToTable("Deployment", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.Device", b =>
+ {
+ b.Property("DeviceRowId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("DeviceConfig")
+ .IsRequired()
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("DeviceId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DriverInstanceId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("Enabled")
+ .HasColumnType("bit");
+
+ b.Property("Name")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("RowVersion")
+ .IsConcurrencyToken()
+ .IsRequired()
+ .ValueGeneratedOnAddOrUpdate()
+ .HasColumnType("rowversion");
+
+ b.HasKey("DeviceRowId");
+
+ b.HasIndex("DeviceId")
+ .IsUnique()
+ .HasDatabaseName("UX_Device_LogicalId")
+ .HasFilter("[DeviceId] IS NOT NULL");
+
+ b.HasIndex("DriverInstanceId")
+ .HasDatabaseName("IX_Device_Driver");
+
+ b.ToTable("Device", null, t =>
+ {
+ t.HasCheckConstraint("CK_Device_DeviceConfig_IsJson", "ISJSON(DeviceConfig) = 1");
+ });
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.DriverHostStatus", b =>
+ {
+ b.Property("NodeId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DriverInstanceId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("HostName")
+ .HasMaxLength(256)
+ .HasColumnType("nvarchar(256)");
+
+ b.Property("Detail")
+ .HasMaxLength(1024)
+ .HasColumnType("nvarchar(1024)");
+
+ b.Property("LastSeenUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("State")
+ .IsRequired()
+ .HasMaxLength(16)
+ .HasColumnType("nvarchar(16)");
+
+ b.Property("StateChangedUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.HasKey("NodeId", "DriverInstanceId", "HostName");
+
+ b.HasIndex("LastSeenUtc")
+ .HasDatabaseName("IX_DriverHostStatus_LastSeen");
+
+ b.HasIndex("NodeId")
+ .HasDatabaseName("IX_DriverHostStatus_Node");
+
+ b.ToTable("DriverHostStatus", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.DriverInstance", b =>
+ {
+ b.Property("DriverInstanceRowId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("ClusterId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DriverConfig")
+ .IsRequired()
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("DriverInstanceId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DriverType")
+ .IsRequired()
+ .HasMaxLength(32)
+ .HasColumnType("nvarchar(32)");
+
+ b.Property("Enabled")
+ .HasColumnType("bit");
+
+ b.Property("Name")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("NamespaceId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("ResilienceConfig")
+ .HasColumnType("nvarchar(max)");
+
+ b.Property("RowVersion")
+ .IsConcurrencyToken()
+ .IsRequired()
+ .ValueGeneratedOnAddOrUpdate()
+ .HasColumnType("rowversion");
+
+ b.HasKey("DriverInstanceRowId");
+
+ b.HasIndex("ClusterId")
+ .HasDatabaseName("IX_DriverInstance_Cluster");
+
+ b.HasIndex("DriverInstanceId")
+ .IsUnique()
+ .HasDatabaseName("UX_DriverInstance_LogicalId")
+ .HasFilter("[DriverInstanceId] IS NOT NULL");
+
+ b.HasIndex("NamespaceId")
+ .HasDatabaseName("IX_DriverInstance_Namespace");
+
+ b.ToTable("DriverInstance", null, t =>
+ {
+ t.HasCheckConstraint("CK_DriverInstance_DriverConfig_IsJson", "ISJSON(DriverConfig) = 1");
+
+ t.HasCheckConstraint("CK_DriverInstance_ResilienceConfig_IsJson", "ResilienceConfig IS NULL OR ISJSON(ResilienceConfig) = 1");
+ });
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.DriverInstanceResilienceStatus", b =>
+ {
+ b.Property("DriverInstanceId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("HostName")
+ .HasMaxLength(256)
+ .HasColumnType("nvarchar(256)");
+
+ b.Property("BaselineFootprintBytes")
+ .HasColumnType("bigint");
+
+ b.Property("ConsecutiveFailures")
+ .HasColumnType("int");
+
+ b.Property("CurrentBulkheadDepth")
+ .HasColumnType("int");
+
+ b.Property("CurrentFootprintBytes")
+ .HasColumnType("bigint");
+
+ b.Property("LastCircuitBreakerOpenUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("LastRecycleUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("LastSampledUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.HasKey("DriverInstanceId", "HostName");
+
+ b.HasIndex("LastSampledUtc")
+ .HasDatabaseName("IX_DriverResilience_LastSampled");
+
+ b.ToTable("DriverInstanceResilienceStatus", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.Equipment", b =>
+ {
+ b.Property("EquipmentRowId")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier")
+ .HasDefaultValueSql("NEWSEQUENTIALID()");
+
+ b.Property("AssetLocation")
+ .HasMaxLength(256)
+ .HasColumnType("nvarchar(256)");
+
+ b.Property("DeviceId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("DeviceManualUri")
+ .HasMaxLength(512)
+ .HasColumnType("nvarchar(512)");
+
+ b.Property("DriverInstanceId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("Enabled")
+ .HasColumnType("bit");
+
+ b.Property("EquipmentClassRef")
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("EquipmentId")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("EquipmentUuid")
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("HardwareRevision")
+ .HasMaxLength(32)
+ .HasColumnType("nvarchar(32)");
+
+ b.Property("MachineCode")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("Manufacturer")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("ManufacturerUri")
+ .HasMaxLength(512)
+ .HasColumnType("nvarchar(512)");
+
+ b.Property("Model")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("Name")
+ .IsRequired()
+ .HasMaxLength(32)
+ .HasColumnType("nvarchar(32)");
+
+ b.Property("RowVersion")
+ .IsConcurrencyToken()
+ .IsRequired()
+ .ValueGeneratedOnAddOrUpdate()
+ .HasColumnType("rowversion");
+
+ b.Property("SAPID")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("SerialNumber")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("SoftwareRevision")
+ .HasMaxLength(32)
+ .HasColumnType("nvarchar(32)");
+
+ b.Property("UnsLineId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("YearOfConstruction")
+ .HasColumnType("smallint");
+
+ b.Property("ZTag")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.HasKey("EquipmentRowId");
+
+ b.HasIndex("DriverInstanceId")
+ .HasDatabaseName("IX_Equipment_Driver");
+
+ b.HasIndex("EquipmentId")
+ .IsUnique()
+ .HasDatabaseName("UX_Equipment_LogicalId")
+ .HasFilter("[EquipmentId] IS NOT NULL");
+
+ b.HasIndex("EquipmentUuid")
+ .IsUnique()
+ .HasDatabaseName("UX_Equipment_Uuid");
+
+ b.HasIndex("MachineCode")
+ .HasDatabaseName("IX_Equipment_MachineCode");
+
+ b.HasIndex("SAPID")
+ .HasDatabaseName("IX_Equipment_SAPID")
+ .HasFilter("[SAPID] IS NOT NULL");
+
+ b.HasIndex("UnsLineId")
+ .HasDatabaseName("IX_Equipment_Line");
+
+ b.HasIndex("ZTag")
+ .HasDatabaseName("IX_Equipment_ZTag")
+ .HasFilter("[ZTag] IS NOT NULL");
+
+ b.HasIndex("UnsLineId", "Name")
+ .IsUnique()
+ .HasDatabaseName("UX_Equipment_LinePath");
+
+ b.ToTable("Equipment", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.EquipmentImportBatch", b =>
+ {
+ b.Property("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("ClusterId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("CreatedAtUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("CreatedBy")
+ .IsRequired()
+ .HasMaxLength(128)
+ .HasColumnType("nvarchar(128)");
+
+ b.Property("FinalisedAtUtc")
+ .HasColumnType("datetime2(3)");
+
+ b.Property("RowsAccepted")
+ .HasColumnType("int");
+
+ b.Property("RowsRejected")
+ .HasColumnType("int");
+
+ b.Property("RowsStaged")
+ .HasColumnType("int");
+
+ b.HasKey("Id");
+
+ b.HasIndex("CreatedBy", "FinalisedAtUtc")
+ .HasDatabaseName("IX_EquipmentImportBatch_Creator_Finalised");
+
+ b.ToTable("EquipmentImportBatch", (string)null);
+ });
+
+ modelBuilder.Entity("ZB.MOM.WW.OtOpcUa.Configuration.Entities.EquipmentImportRow", b =>
+ {
+ b.Property("Id")
+ .ValueGeneratedOnAdd()
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("AssetLocation")
+ .HasMaxLength(512)
+ .HasColumnType("nvarchar(512)");
+
+ b.Property("BatchId")
+ .HasColumnType("uniqueidentifier");
+
+ b.Property("DeviceManualUri")
+ .HasMaxLength(512)
+ .HasColumnType("nvarchar(512)");
+
+ b.Property("EquipmentId")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("EquipmentUuid")
+ .IsRequired()
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("HardwareRevision")
+ .HasMaxLength(64)
+ .HasColumnType("nvarchar(64)");
+
+ b.Property("IsAccepted")
+ .HasColumnType("bit");
+
+ b.Property