Wraps the 4 HistoryRead overrides and OnAlarmAcknowledge with PerformanceMetrics.BeginOperation, adds alarm counters to LmxNodeManager, publishes a structured HistorianPluginOutcome from HistorianPluginLoader, and extends HealthCheckService with plugin-load, history-read, and alarm-ack-failure degradation rules.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The aahClientManaged SDK is now isolated in ZB.MOM.WW.LmxOpcUa.Historian.Aveva and loaded via HistorianPluginLoader from a Historian/ subfolder only when enabled, removing the SDK from Host's compile-time and deploy-time surface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move subscribe/unsubscribe I/O outside lock(Lock) in SyncAddressSpace to avoid
blocking all OPC UA operations during rebuilds. Replace blocking ReadAsync calls
for alarm priority/description in dispatch loop with cached subscription values.
Extract IHistorianConnectionFactory so EnsureConnected can be tested without the
SDK runtime — adds 5 connection lifecycle tests (failure, timeout, reconnect,
state resilience, dispose-after-failure). All stability review findings and test
coverage gaps are now fully resolved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ServerCapabilities/OperationLimits node, enable diagnostics, add OnModifyMonitoredItemsComplete
override for DA compliance. Wire shelving, enable/disable, confirm, and addcomment handlers on
alarm conditions with LocalTime/Quality event fields for Part 9 compliance. Add Aes128/Aes256
security profiles, X.509 certificate authentication, and AUDIT-prefixed auth logging. Fix flaky
probe monitor test. Update docs for all changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace direct SQL queries against Historian Runtime database with the Wonderware
Historian managed SDK (ArchestrA.HistorianAccess). Add HistoryServerCapabilities node,
AggregateFunctions folder, continuation points, ReadAtTime interpolation, ReturnBounds,
ReadModified rejection, HistoricalDataConfiguration per node, historical event access,
and client-side StandardDeviation aggregate support. Remove screenshot tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Major changes across the client stack:
- Settings persistence (connection, subscriptions, alarm source)
- Deferred OPC UA SDK init for instant startup
- Array/status code formatting, write value popup, alarm acknowledgment
- Severity-colored alarm rows, condition dedup on server side
- DateTimeRangePicker control with preset buttons and UTC text input
- Historian queries use wwTimezone=UTC and OPCQuality column
- Recursive subscribe from tree, multi-select remove
- Connection panel with expander, folder chooser for cert path
- Dynamic tab headers showing subscription/alarm counts
- Client.UI.md documentation with headless-rendered screenshots
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Linter/formatter pass across the full codebase. Restores required partial
keyword on AXAML code-behind classes that the formatter incorrectly removed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Right-click on browse tree nodes to Subscribe (multi-select) or View History
(Variable nodes only), with automatic tab switching. Add missing UI controls
for failover URLs, session timeout, auto-accept certificates, and certificate
store path. Fix tree expansion by adding two-way IsExpanded binding on
TreeViewItem.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements Client.Shared (IOpcUaClientService with connection lifecycle, failover,
browse, read/write, subscriptions, alarms, history, redundancy), Client.CLI (8 CliFx
commands mirroring tools/opcuacli-dotnet), and Client.UI (Avalonia desktop app with
tree browser, read/write, subscriptions, alarms, and history tabs). All three target
.NET 10 and are covered by 249 unit tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Map LDAP groups to custom OPC UA role NodeIds on RoleBasedIdentity.GrantedRoleIds
during authentication, replacing the username-to-role side cache. Split ReadWrite
into WriteOperate/WriteTune/WriteConfigure so write access is gated per Galaxy
security classification. AnonymousCanWrite now behaves consistently regardless
of LDAP state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously alarms were only reported to the immediate parent node and the Server node.
Now ReportEventUpNotifierChain walks the full parent chain so clients subscribed at
TestArea see alarms from TestMachine_001, and EventNotifier is set on all ancestors
of alarm-containing nodes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove ConfigUserAuthenticationProvider and Users property — LDAP is the only auth mechanism
- Fix historian quality mapping to use existing QualityMapper (OPC DA quality bytes, not custom mapping)
- Add AppRoles constants, unify HasWritePermission/HasAlarmAckPermission into shared HasRole helper
- Hoist write permission check out of per-item loop, eliminate redundant _ldapRolesEnabled field
- Update docs (Configuration.md, Security.md, OpcUaServer.md, HistoricalDataAccess.md)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace static user list with GLAuth LDAP authentication. Group
membership (ReadOnly, ReadWrite, AlarmAck) maps to granular OPC UA
permissions for write and alarm-ack operations. Anonymous can still
browse and read but not write.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enhance /api/health with component-level health, ServiceLevel, and
redundancy state for load balancer probes. Add /health HTML page for
operators to monitor node health in clustered System Platform deployments.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shows mode, role, ServiceLevel, ApplicationUri, and redundant server
set when redundancy is enabled. Primary renders with a green border,
secondary with yellow. Also included in the JSON API response.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Separates ApplicationUri from namespace identity so each instance in a
redundant pair has a unique server URI while sharing the same Galaxy
namespace. Exposes RedundancySupport, ServerUriArray, and dynamic
ServiceLevel through the standard OPC UA server object. ServiceLevel
is computed from role (Primary/Secondary) and runtime health (MXAccess
and DB connectivity). Adds CLI redundancy command, second deployed
service instance, and 31 new tests including paired-server integration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds Security section to appsettings.json with configurable OPC UA
transport profiles (None, Basic256Sha256-Sign, Basic256Sha256-SignAndEncrypt),
certificate policy settings, and a configurable BindAddress for the
OPC UA endpoint. Defaults preserve backward compatibility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements configurable user authentication (anonymous + username/password)
with pluggable credential provider (IUserAuthenticationProvider). Anonymous
writes can be disabled via AnonymousCanWrite setting while reads remain
open. Adds -U/-P flags to all CLI commands for authenticated sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set a new EventId (GUID) on AlarmConditionState each time an alarm event
is reported so the framework can match it when clients call Acknowledge.
Without this, the framework rejected all ack attempts with BadEventIdUnknown.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds alarm_ack.md documenting the two-way acknowledge flow (OPC UA client
writes AckMsg, Galaxy confirms via Acked data change). Includes external
code review fixes for subscriptions and node manager, and removes stale
plan files now superseded by component documentation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On Galaxy deploy changes, only the affected gobject subtrees are torn down
and rebuilt instead of destroying the entire address space. Unchanged nodes,
subscriptions, and alarm tracking continue uninterrupted.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both features now default to disabled and require explicit opt-in via
OpcUa.AlarmTrackingEnabled and Historian.Enabled in appsettings.json,
preventing errors in environments without a Historian database or alarm setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wire Galaxy security_classification to OPC UA AccessLevel (ReadOnly for SecuredWrite/VerifiedWrite/ViewOnly).
Use deployed package chain for attribute queries to exclude undeployed attributes.
Group primitive attributes under their parent variable node (merged Variable+Object).
Add is_historized and is_alarm detection via HistoryExtension/AlarmExtension primitives.
Implement OPC UA HistoryRead backed by Wonderware Historian Runtime database.
Implement AlarmConditionState nodes driven by InAlarm with condition refresh support.
Add historyread and alarms CLI commands for testing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Windows services default to System32 as working directory, causing logs to land in the wrong location. Set Environment.CurrentDirectory to AppDomain.CurrentDomain.BaseDirectory before Serilog init. Also fix ZB root folder not appearing under Objects folder — BuildAddressSpace runs after CreateAddressSpace completes so the externalReferences dict is already consumed; use Server.NodeManager.AddReferences instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Preserve and replay subscription ref counts across address space rebuilds to prevent MXAccess subscription leaks
- Mark read timeouts and write failures as unsuccessful in PerformanceMetrics for accurate health reporting
- Add deferred MxAccess reconnect path when initial connection fails at startup
- Update code review document with verified completions and new findings
- Add covering tests for all fixes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
P1: Wire OPC UA monitored items to MXAccess subscriptions
- Override OnCreateMonitoredItemsComplete/OnDeleteMonitoredItemsComplete
in LmxNodeManager to trigger ref-counted SubscribeTag/UnsubscribeTag
- Clients subscribing to tags now start live MXAccess data pushes
P1: Write timeout now returns false instead of true
- Previously a missing OnWriteComplete callback was treated as success
- Now correctly reports failure so OPC UA clients see the error
P1: Auto-reconnect retries from Error state (not just Disconnected)
- Monitor loop now checks both Disconnected and Error states
- Prevents permanent outages after a single failed reconnect attempt
P2: Topological sort on hierarchy before building address space
- Parents guaranteed to appear before children regardless of input order
- Prevents misplaced nodes when SQL returns unsorted results
P3: Skip redundant first-poll rebuild on startup
- ChangeDetectionService accepts initial deploy time from OpcUaService
- First poll only triggers rebuild if deploy time is actually unknown
- Eliminates duplicate DB fetch and address space rebuild at startup
All 212 tests pass (205 unit + 7 integration).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests verify nodes can be added/removed from the OPC UA server at
runtime by mutating FakeGalaxyRepository and triggering a rebuild.
Uses real OPC UA client sessions to browse, subscribe, and observe
changes.
Tests cover:
- Browse initial hierarchy via OPC UA client
- Add object at runtime → new node appears on browse
- Remove object → node disappears from browse
- Subscribe to node, then remove it → publishes Bad quality
- Surviving nodes still browsable after partial rebuild
- Add/remove individual attributes at runtime
Infrastructure:
- OpcUaTestClient helper for programmatic OPC UA client connections
- OpcUaServerFixture updated with GalaxyRepository/MxProxy accessors
- OpcUaService.TriggerRebuild() exposed for test-driven rebuilds
- Namespace index resolved dynamically via session namespace table
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OpcUaServiceBuilder provides fluent API for constructing OpcUaService
with dependency overrides (IMxProxy, IGalaxyRepository, IMxAccessClient).
WithMxAccessClient skips the STA thread and COM interop entirely.
OpcUaServerFixture wraps the service lifecycle with automatic port
allocation (atomic counter starting at 16000), guaranteed cleanup via
IAsyncLifetime, and factory methods for common test scenarios:
- WithFakes() — FakeMxProxy + FakeGalaxyRepository with standard data
- WithFakeMxAccessClient() — bypasses COM, fastest for most tests
Also adds TestData helper with reusable hierarchy/attributes matching
gr/layout.md, and 5 fixture tests verifying startup, shutdown, port
isolation, and address space building.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When GalaxyRepository.ExtendedAttributes is true, uses the extended
attributes query that includes both primitive (system) and dynamic
(user-defined) attributes. Default is false (dynamic only, preserving
existing behavior). Extended mode returns ~564 attributes vs ~48.
Adds PrimitiveName and AttributeSource fields to GalaxyAttributeInfo.
Includes 5 new unit tests and 6 new integration tests covering both
standard and extended attribute modes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Full OPC UA server on .NET Framework 4.8 (x86) exposing AVEVA System
Platform Galaxy tags via MXAccess. Mirrors Galaxy object hierarchy as
OPC UA address space, translating contained-name browse paths to
tag-name runtime references.
Components implemented:
- Configuration: AppConfiguration with 4 sections, validator
- Domain: ConnectionState, Quality, Vtq, MxDataTypeMapper, error codes
- MxAccess: StaComThread, MxAccessClient (partial classes), MxProxyAdapter
using strongly-typed ArchestrA.MxAccess COM interop
- Galaxy Repository: SQL queries (hierarchy, attributes, change detection),
ChangeDetectionService with auto-rebuild on deploy
- OPC UA Server: LmxNodeManager (CustomNodeManager2), LmxOpcUaServer,
OpcUaServerHost with programmatic config, SecurityPolicy None
- Status Dashboard: HTTP server with HTML/JSON/health endpoints
- Integration: Full 14-step startup, graceful shutdown, component wiring
175 tests (174 unit + 1 integration), all passing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
