Merge branch 'worktree-agent-af51f33c034e99fd4' into feat/scripted-alarm-shelve-routing
This commit is contained in:
Joseph Doherty
@@ -7,7 +7,7 @@
|
||||
| Review date | 2026-05-22 |
|
||||
| Commit reviewed | `76d35d1` |
|
||||
| Status | Reviewed |
|
||||
| Open findings | 10 |
|
||||
| Open findings | 5 |
|
||||
|
||||
## Checklist coverage
|
||||
|
||||
@@ -95,7 +95,7 @@ or op-mode read to be `IsOk` before declaring the capability present.
|
||||
| Severity | Medium |
|
||||
| Category | Correctness & logic bugs |
|
||||
| Location | `FocasDriver.cs:71-79` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** In `InitializeAsync`, capability-matrix validation only runs when
|
||||
`_devices.TryGetValue(tag.DeviceHostAddress, out var device)` succeeds. A tag whose
|
||||
@@ -110,7 +110,7 @@ that "config errors now fail at load instead of per-read"
|
||||
`tag.DeviceHostAddress`, throw an `InvalidOperationException` naming the tag and the
|
||||
unresolved device host so the operator fixes the typo at startup.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-22 — `InitializeAsync` now throws `InvalidOperationException` naming the tag and the unresolved device when `_devices` does not contain `tag.DeviceHostAddress`, preventing silent skip-and-defer to per-read `BadNodeIdUnknown`.
|
||||
|
||||
### Driver.FOCAS-004
|
||||
|
||||
@@ -119,7 +119,7 @@ unresolved device host so the operator fixes the typo at startup.
|
||||
| Severity | Medium |
|
||||
| Category | OtOpcUa conventions |
|
||||
| Location | `FocasDriver.cs:374-379`, `WireFocasClient.cs:48-50` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `DiscoverAsync` emits user tags with
|
||||
`SecurityClass = tag.Writable ? SecurityClassification.Operate : SecurityClassification.ViewOnly`,
|
||||
@@ -137,7 +137,7 @@ be written.
|
||||
write. Given the wire backend is read-only and is the only production backend, treating
|
||||
all FOCAS tags as `ViewOnly` is the simplest correct behaviour.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-22 — `DiscoverAsync` now unconditionally emits `SecurityClassification.ViewOnly` for all user-authored tags; the `Writable` config field no longer influences the advertised security class since the wire backend never writes.
|
||||
|
||||
### Driver.FOCAS-005
|
||||
|
||||
@@ -146,7 +146,7 @@ all FOCAS tags as `ViewOnly` is the simplest correct behaviour.
|
||||
| Severity | Medium |
|
||||
| Category | Concurrency & thread safety |
|
||||
| Location | `FocasDriver.cs:28`, `FocasDriver.cs:206-215`, `FocasDriver.cs:261`, `FocasDriver.cs:274` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `_health` is a plain (non-volatile) field mutated from multiple
|
||||
concurrent contexts - `ReadAsync`, `WriteAsync`, and the per-device `ProbeLoopAsync` can
|
||||
@@ -163,7 +163,7 @@ torn-in-time state and successful-read timestamps can regress.
|
||||
value from a single captured snapshot. The `DeviceState`/`HostState` transition already
|
||||
uses `ProbeLock`; apply the same discipline to driver health.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-22 — All `_health` reads use `Volatile.Read(ref _health)` and all writes use `Volatile.Write(ref _health, ...)`, ensuring every thread observes the latest reference and multi-step read-modify-write sequences capture a stable snapshot before computing the new value.
|
||||
|
||||
### Driver.FOCAS-006
|
||||
|
||||
@@ -172,7 +172,7 @@ uses `ProbeLock`; apply the same discipline to driver health.
|
||||
| Severity | Medium |
|
||||
| Category | Error handling & resilience |
|
||||
| Location | `FocasDriver.cs:859-874`, `WireFocasClient.cs:22-31` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `EnsureConnectedAsync` reuses the cached `IFocasClient` instance across
|
||||
a transient disconnect: it only checks `device.Client is { IsConnected: true }` and
|
||||
@@ -191,7 +191,7 @@ as unrecoverable and recreate it from `_clientFactory`. Simplest: in
|
||||
null it before creating a fresh instance, rather than retrying `ConnectAsync` on the
|
||||
stale object.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-22 — `EnsureConnectedAsync` now unconditionally disposes and nulls any existing non-connected client before calling `_clientFactory.Create()`, preventing `ObjectDisposedException` loops on a stale `WireFocasClient` after a `HandleRecycle` race or prior teardown.
|
||||
|
||||
### Driver.FOCAS-007
|
||||
|
||||
@@ -310,7 +310,7 @@ expected by `ReadAlarmsAsync`.
|
||||
| Severity | Medium |
|
||||
| Category | Testing coverage |
|
||||
| Location | `FocasDriverFactoryExtensions.cs`, `FocasDriver.cs:495-629` (`FixedTreeLoopAsync`) |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** The unit test project does not exercise
|
||||
`FocasDriverFactoryExtensions.CreateInstance` with `FixedTree` / `AlarmProjection` /
|
||||
@@ -327,4 +327,4 @@ three opt-in sections and assert the options reach the driver; add a
|
||||
(including the unsupported-program-info case); add a reconnect test that disposes the
|
||||
fake client mid-session and asserts recovery.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-22 — Added `FocasDriverMediumFindingsTests.cs` covering: unknown-DeviceHostAddress init throw (003), ViewOnly enforcement for all tags (004), Volatile `_health` under concurrent reads (005), reconnect-after-external-dispose recovery (006), and a factory full-round-trip test for all three opt-in config sections (012).
|
||||
|
||||
Reference in New Issue
Block a user