Merge branch 'worktree-agent-ad34cad856c59bbc1' into feat/scripted-alarm-shelve-routing

code-reviews/Driver.Historian.Wonderware/findings.md

@@ -7,7 +7,7 @@
 | Review date | 2026-05-22 |
 | Commit reviewed | `76d35d1` |
 | Status | Reviewed |
-| Open findings | 11 |
+| Open findings | 7 |
 
 ## Checklist coverage
 
@@ -63,7 +63,7 @@ the reconnect path can re-open with `ReadOnly = false`) or at minimum as
 | Severity | Medium |
 | Category | Correctness and logic bugs |
 | Location | `Ipc/HistorianFrameHandler.cs:162`, `:181` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `HandleWriteAlarmEventsAsync` dereferences `req.Events.Length`
 in both the `_alarmWriter is null` branch (line 162) and the catch block (line
@@ -79,7 +79,7 @@ already null-guards `events`; the frame handler does not.
 immediately after deserialization (or guard each `.Length` access), consistent
 with the null-tolerance the writer already has.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — normalise `req.Events` to `Array.Empty<AlarmHistorianEventDto>()` immediately after deserialization so all subsequent `.Length` accesses are safe against null frames.
 
 ### Driver.Historian.Wonderware-003
 
@@ -88,7 +88,7 @@ with the null-tolerance the writer already has.
 | Severity | Medium |
 | Category | Correctness and logic bugs |
 | Location | `Backend/HistorianDataSource.cs:320-323`, `:457-460` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** Raw and at-time reads decide whether a sample is a string or a
 numeric with `if (!string.IsNullOrEmpty(result.StringValue) && result.Value == 0)`.
@@ -106,7 +106,7 @@ field rather than from `Value == 0`. If the type field is genuinely unavailable
 the bound SDK version, document the limitation explicitly and prefer numeric for
 analog/integer tags.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — extracted the heuristic into a `SelectValue` helper with a detailed XML doc comment explaining the SDK limitation (`HistoryQueryResult` has no data type field in the bound `aahClientManaged` version); the existing `Value == 0` discriminator is preserved as the best available heuristic with the known edge-case documented.
 
 ### Driver.Historian.Wonderware-004
 
@@ -161,7 +161,7 @@ lock), so the snapshot is internally consistent.
 | Severity | Medium |
 | Category | Error handling and resilience |
 | Location | `Ipc/PipeServer.cs:120-128` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `RunAsync` re-accepts connections in a `while` loop. If
 `RunOneConnectionAsync` throws synchronously and immediately on every iteration
@@ -175,7 +175,7 @@ seconds) before re-accepting after a caught exception, and consider a
 consecutive-failure threshold that escalates to a fatal exit so the supervisor can
 restart the sidecar cleanly.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — added exponential backoff (250 ms → 8 s, six steps) after each connection-loop failure and a `MaxConsecutiveFailures=20` threshold that re-throws so the SCM/NSSM supervisor can restart the sidecar cleanly.
 
 ### Driver.Historian.Wonderware-007
 
@@ -235,7 +235,7 @@ treat an SDK error as an empty history.
 | Severity | Medium |
 | Category | Performance and resource management |
 | Location | `Backend/HistorianDataSource.cs:382-395`, `Ipc/Contracts.cs:85-99` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `ReadAggregateAsync` drains `query.MoveNext` into `results` with
 no upper bound, unlike `ReadRawAsync`, which honours `maxValues` /
@@ -252,7 +252,7 @@ sidecar holds the whole result set in memory.
 `ReadProcessedRequest`. Reject or truncate result sets that would exceed the frame
 cap with an explicit error reply rather than letting `WriteAsync` throw.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — applied `_config.MaxValuesPerRead` as a bucket cap in `ReadAggregateAsync` mirroring the raw-read path; truncation logs a Warning with the limit and a hint to widen `IntervalMs` or reduce the time range.
 
 ### Driver.Historian.Wonderware-010