fix(client-cli): resolve Low code-review findings (Client.CLI-002,003,004,006,007,008,009,010)

- Client.CLI-002: SubscribeCommand's neverWentBad list now requires the
  node to be present in lastStatus (i.e. received at least one update)
  so the 'suspect' bucket only contains observed nodes.
- Client.CLI-003: every long-running command validates numeric option
  ranges (Interval / Depth / MaxDepth / Duration / Max) and throws
  CliFx CommandException on out-of-range values.
- Client.CLI-004: SubscribeCommand carries XML summary docs on the
  type, ctor, every [CommandOption] property, and ExecuteAsync —
  matching the sibling commands' style.
- Client.CLI-006: HistoryReadCommand parses --start / --end with
  InvariantCulture+UTC and surfaces FormatException as CommandException;
  every NodeIdParser.ParseRequired call wraps FormatException /
  ArgumentException as CommandException.
- Client.CLI-007: CommandBase.ConfigureLogging calls Log.CloseAndFlush()
  before assigning a new Log.Logger so prior sinks are disposed.
- Client.CLI-008: rewrote the subscribe and historyread sections of
  docs/Client.CLI.md (every flag documented, summary-bucket vocabulary,
  StandardDeviation aggregate, UTC --start/--end convention).
- Client.CLI-009: SubscribeCommand / AlarmsCommand use named local
  handlers and detach them via -= after UnsubscribeAsync so no
  notification reaches the console after the command's output phase
  ends.
- Client.CLI-010: added CommandRangeValidationTests,
  EventHandlerLifecycleTests, InputValidationErrorsTests,
  LoggerLifecycleTests, and SubscribeCommandSummaryTests pinning every
  Low fix; FakeOpcUaClientService gained AddDiscoveredVariable +
  RaiseDataChanged + BrowseResultsByParent helpers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

code-reviews/Client.CLI/findings.md

@@ -7,7 +7,7 @@
 | Review date | 2026-05-22 |
 | Commit reviewed | `76d35d1` |
 | Status | Reviewed |
-| Open findings | 8 |
+| Open findings | 0 |
 
 ## Checklist coverage
 
@@ -62,7 +62,7 @@ assumption precisely.
 | Severity | Low |
 | Category | Correctness & logic bugs |
 | Location | `Commands/SubscribeCommand.cs:129-137` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** The summary computes `neverWentBad` as every target whose node-id key is
 absent from the `everBad` dictionary. A node that received no update at all is also absent
@@ -78,7 +78,7 @@ streamed only good values.
 "suspect" list only contains nodes that were actually observed and never reported bad
 quality.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — `neverWentBad` now requires the node to be present in `lastStatus` (i.e. it received at least one update) before being counted, so the "suspect" bucket only contains nodes that were actually observed and never reported bad quality.
 
 ### Client.CLI-003
 
@@ -87,7 +87,7 @@ quality.
 | Severity | Low |
 | Category | Correctness & logic bugs |
 | Location | `Commands/BrowseCommand.cs:29-30`, `Commands/SubscribeCommand.cs:20-27`, `Commands/AlarmsCommand.cs:28-29`, `Commands/HistoryReadCommand.cs:42-43` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** Numeric command options accept any value with no range validation.
 `--depth`, `--interval`, `--max-depth`, `--max`, and the history `--interval` can all be
@@ -100,7 +100,7 @@ is forwarded to `HistoryReadRawAsync`. None of these produce a clear operator-fa
 `CliFx.Exceptions.CommandException` with an actionable message when a value is out of
 range.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — every command's `ExecuteAsync` now validates the numeric option ranges (`--interval`, `--depth`, `--max-depth`, `--max`, `--duration`) and throws `CliFx.Exceptions.CommandException` with the offending value when a non-positive (or otherwise out-of-range) value is supplied. Pinned by `CommandRangeValidationTests`.
 
 ### Client.CLI-004
 
@@ -109,7 +109,7 @@ range.
 | Severity | Low |
 | Category | OtOpcUa conventions |
 | Location | `Commands/SubscribeCommand.cs:13-37` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `SubscribeCommand` is the only command in the module whose constructor
 and all `[CommandOption]` properties have no XML doc comments. Every other command
@@ -121,7 +121,7 @@ otherwise-uniform documentation convention of the module.
 **Recommendation:** Add `<summary>` XML docs to the `SubscribeCommand` constructor and to
 each of its option properties, matching the style used by the sibling commands.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — `SubscribeCommand` now carries `<summary>` XML docs on the type, the constructor, every `[CommandOption]` property, and `ExecuteAsync`, matching the style used by the sibling commands.
 
 ### Client.CLI-005
 
@@ -156,7 +156,7 @@ callback.
 | Severity | Low |
 | Category | Error handling & resilience |
 | Location | `Commands/HistoryReadCommand.cs:73`, `Commands/HistoryReadCommand.cs:76`, `Helpers/NodeIdParser.cs:39` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** Operator input-format errors surface as raw .NET exceptions rather than
 clean CLI errors. An unparseable start/end value throws `FormatException` straight out of
@@ -170,7 +170,7 @@ is converted to a `CliFx.Exceptions.CommandException` with a clean exit code.
 `CommandException` with a concise message and a non-zero exit code, so malformed input
 yields a one-line error instead of a stack trace.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — `HistoryReadCommand` parses `--start`/`--end` with `CultureInfo.InvariantCulture` + `AssumeUniversal`/`AdjustToUniversal`, catches `FormatException`, and rethrows as `CommandException` with the offending value. Every command's call to `NodeIdParser.ParseRequired` is wrapped in a `catch (FormatException or ArgumentException)` block that surfaces the underlying message as a clean CLI error. Pinned by `InputValidationErrorsTests`.
 
 ### Client.CLI-007
 
@@ -179,7 +179,7 @@ yields a one-line error instead of a stack trace.
 | Severity | Low |
 | Category | Performance & resource management |
 | Location | `CommandBase.cs:112-123` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `ConfigureLogging` builds a new Serilog `LoggerConfiguration`, creates a
 logger, and assigns it to the static `Log.Logger` without disposing the previously
@@ -193,7 +193,7 @@ abandons the prior console sink without disposal. The pattern is incorrect:
 build the logger into a local `ILogger` the command owns and disposes, rather than mutating
 global static state per command.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — `CommandBase.ConfigureLogging` now calls `Log.CloseAndFlush()` before assigning a new `Log.Logger`, so a prior logger's console sink is disposed before the next one is installed. Pinned by `LoggerLifecycleTests`.
 
 ### Client.CLI-008
 
@@ -202,7 +202,7 @@ global static state per command.
 | Severity | Low |
 | Category | Documentation & comments |
 | Location | `docs/Client.CLI.md:158-217` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `docs/Client.CLI.md` is stale relative to the code at this commit.
 (1) The `subscribe` command section documents only `-n` and `-i`, but the code
@@ -218,7 +218,7 @@ code option description includes it.
 `docs/Client.CLI.md` from the current option set, including the five new subscribe flags
 and the `StandardDeviation` aggregate row.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — rewrote the `subscribe` section of `docs/Client.CLI.md` to document every flag (`-r/--recursive`, `--max-depth`, `-q/--quiet`, `--duration`, `--summary-file`) plus the summary-bucket vocabulary, and added the `StandardDeviation` row plus the UTC `--start`/`--end` convention note to the `historyread` section.
 
 ### Client.CLI-009
 
@@ -227,7 +227,7 @@ and the `StandardDeviation` aggregate row.
 | Severity | Low |
 | Category | Code organization & conventions |
 | Location | `Commands/SubscribeCommand.cs:66-165`, `Commands/AlarmsCommand.cs:52-91` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** Both long-running commands attach an event handler
 (`service.DataChanged += ...`, `service.AlarmEvent += ...`) with a lambda and never detach
@@ -243,7 +243,7 @@ but never the .NET event.
 unsubscribing, using a named local delegate so it can be removed, ensuring no notification
 is processed after the command output phase ends.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — `SubscribeCommand` and `AlarmsCommand` declare named local handlers (`DataChangedHandler` / `AlarmEventHandler`) and detach them via `service.DataChanged -= ...` / `service.AlarmEvent -= ...` right after `UnsubscribeAsync` so no notification reaches the console once the command's output phase ends. Pinned by `EventHandlerLifecycleTests`.
 
 ### Client.CLI-010
 
@@ -252,7 +252,7 @@ is processed after the command output phase ends.
 | Severity | Low |
 | Category | Testing coverage |
 | Location | `tests/Client/ZB.MOM.WW.OtOpcUa.Client.CLI.Tests/SubscribeCommandTests.cs` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** The new `SubscribeCommand` capabilities are largely untested. The four
 `SubscribeCommandTests` cover only single-node subscribe, unsubscribe-on-cancel,
@@ -268,4 +268,4 @@ exit, summary bucketing across good/bad/no-update nodes, and the `--summary-file
 The `FakeOpcUaClientService` already exposes `RaiseDataChanged`, so feeding good/bad values
 and asserting the summary text is straightforward.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-23 — added `SubscribeCommandSummaryTests` (covering recursive collection via `FakeOpcUaClientService.AddDiscoveredVariable`, `--duration` auto-exit, summary bucketing for good/bad/never/never-went-bad, and the `--summary-file` write), `CommandRangeValidationTests`, `EventHandlerLifecycleTests`, `InputValidationErrorsTests`, and `LoggerLifecycleTests` to pin the other Low findings; `FakeOpcUaClientService` was extended with `AddDiscoveredVariable` / `RaiseDataChanged` helpers.