dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
318 Commits 11 Branches 0 Tags
60b8d6f2d0ec3437bd7c612aeb4893333494e79b
Commit Graph

6 Commits

Author SHA1 Message Date
Joseph Doherty 3b2d0474a7 v2 release-readiness capstone — aggregate compliance runner + release-readiness dashboard 
Closes out Phase 6 with the two pieces a release engineer needs before
tagging v2 GA:

1. scripts/compliance/phase-6-all.ps1 — meta-runner that invokes every
   per-phase Phase 6.N compliance script in sequence + aggregates results.
   Each sub-script runs in its own powershell.exe child process so per-script
   $ErrorActionPreference + exit semantics can't interfere with the parent.
   Exit 0 = every phase passes; exit 1 = one or more phases failed. Prints a
   PASS/FAIL summary matrix at the end.

2. docs/v2/v2-release-readiness.md — single-view dashboard of everything
   shipped + everything still deferred + release exit criteria. Called out
   explicitly:
   - Three release BLOCKERS (must close before v2 GA):
     * Phase 6.2 Stream C dispatch wiring — AuthorizationGate exists but no
       DriverNodeManager Read/Write/etc. path calls it (task #143).
     * Phase 6.1 Stream D follow-up — ResilientConfigReader + sealed-cache
       hook not yet consumed by any read path (task #136).
     * Phase 6.3 Streams A/C/F — coordinator + UA-node wiring + client
       interop still deferred (tasks #145, #147, #150).
   - Three nice-to-haves (not release-blocking) — Admin UI polish, background
     services, multi-host dispatch.
   - Release exit criteria: all 4 compliance scripts exit 0, dotnet test ≤ 1
     known flake, blockers closed or v2.1-deferred with written decision,
     Fleet Admin signoff on deployment checklist, live-Galaxy smoke test,
     OPC UA CTT pass, redundancy cutover validated with at least one
     production client.
   - Change log at the bottom so future ships of deferred follow-ups just
     append dates + close out dashboard rows.

Meta-runner verified locally:
  Phase 6.1 — PASS
  Phase 6.2 — PASS
  Phase 6.3 — PASS
  Phase 6.4 — PASS
  Aggregate: PASS (elapsed 340 s — most of that is the full solution
  `dotnet test` each phase runs).

Net counts at capstone time: 906 baseline → 1159 passing across Phase 6
(+253). 15 deferred follow-up tasks tracked with IDs (#134-137, #143-144,
#145, #147, #149-150, #153, #155-157). v2 is NOT YET release-ready —
capstone makes that explicit rather than letting the "shipped" label on
each phase imply full readiness.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 10:32:21 -04:00
Joseph Doherty 99cf1197c5 Phase 6.4 exit gate — compliance real-checks + phase doc = SHIPPED (data layer) 
scripts/compliance/phase-6-4-compliance.ps1 turns stub TODOs into 11 real
checks covering:
- Stream A data layer: UnsImpactAnalyzer + DraftRevisionToken + cross-cluster
  rejection (decision #82) + all three move kinds (LineMove / AreaRename /
  LineMerge).
- Stream B data layer: EquipmentCsvImporter + version marker
  '# OtOpcUaCsv v1' + decision-#117 required columns + decision-#139
  optional columns including DeviceManualUri + duplicate-ZTag rejection +
  unknown-column rejection.

Four [DEFERRED] surfaces tracked explicitly with task IDs:
  - Stream A UI drag/drop (task #153)
  - Stream B staging + finalize + UI (task #155)
  - Stream C DiffViewer refactor (task #156)
  - Stream D OPC 40010 Identification sub-folder + Razor component (task #157)

Cross-cutting: full solution dotnet test passes 1159 >= 1137 pre-Phase-6.4
baseline; pre-existing Client.CLI Subscribe flake tolerated.

docs/v2/implementation/phase-6-4-admin-ui-completion.md status updated from
DRAFT to SHIPPED (data layer). Four Blazor / SignalR / EF / address-space
follow-ups tracked as tasks — the visual-compliance review pattern from
Phase 6.1 Stream E applies to each.

`Phase 6.4 compliance: PASS` — exit 0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 10:13:46 -04:00
Joseph Doherty 2fe4bac508 Phase 6.3 exit gate — compliance real-checks + phase doc = SHIPPED (core) 
scripts/compliance/phase-6-3-compliance.ps1 turns stub TODOs into 21 real
checks covering:
- Stream B 8-state matrix: ServiceLevelCalculator + ServiceLevelBand present;
  Maintenance=0, NoData=1, InvalidTopology=2, AuthoritativePrimary=255,
  IsolatedPrimary=230, PrimaryMidApply=200, RecoveringPrimary=180,
  AuthoritativeBackup=100, IsolatedBackup=80, BackupMidApply=50,
  RecoveringBackup=30 — every numeric band pattern-matched in source (any
  drift turns a check red).
- Stream B RecoveryStateManager with dwell + publish-witness gate + 60s
  default dwell.
- Stream D ApplyLeaseRegistry: BeginApplyLease returns IAsyncDisposable;
  key includes PublishRequestId (decision #162); PruneStale watchdog present;
  10 min default ApplyMaxDuration.

Five [DEFERRED] follow-up surfaces explicitly listed with task IDs:
  - Stream A topology loader (task #145)
  - Stream C OPC UA node wiring (task #147)
  - Stream E Admin UI (task #149)
  - Stream F interop + Galaxy failover (task #150)
  - sp_PublishGeneration Transparent-mode rejection (task #148 part 2)

Cross-cutting: full solution dotnet test passes 1137 >= 1097 pre-Phase-6.3
baseline; pre-existing Client.CLI Subscribe flake tolerated.

docs/v2/implementation/phase-6-3-redundancy-runtime.md status updated from
DRAFT to SHIPPED (core). Non-transparent redundancy per decision #84 keeps
role election out of scope — operator-driven failover is the v2.0 model.

`Phase 6.3 compliance: PASS` — exit 0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 10:00:30 -04:00
Joseph Doherty bd53ebd192 Phase 6.2 exit gate — compliance script real-checks + phase doc = SHIPPED (core) 
scripts/compliance/phase-6-2-compliance.ps1 replaces the stub TODOs with 23
real checks spanning:
- Stream A: LdapGroupRoleMapping entity + AdminRole enum + ILdapGroupRoleMappingService
  + impl + write-time invariant + EF migration all present.
- Stream B: OpcUaOperation enum + NodeScope + AuthorizationDecision tri-state
  + IPermissionEvaluator + PermissionTrie + Builder + Cache keyed on
  GenerationId + UserAuthorizationState with MembershipFreshnessInterval=15m
  and AuthCacheMaxStaleness=5m + TriePermissionEvaluator + HistoryRead uses
  its own flag.
- Control/data-plane separation: the evaluator + trie + cache + builder +
  interface all have zero references to LdapGroupRoleMapping (decision #150).
- Stream C foundation: ILdapGroupsBearer + AuthorizationGate with StrictMode
  knob. DriverNodeManager dispatch-path wiring (11 surfaces) is Deferred,
  tracked as task #143.
- Stream D data layer: ValidatedNodeAclAuthoringService + exception type +
  rejects None permissions. Blazor UI pieces (RoleGrantsTab, AclsTab,
  SignalR invalidation, draft diff) are Deferred, tracked as task #144.
- Cross-cutting: full solution dotnet test runs; 1097 >= 1042 baseline;
  tolerates the one pre-existing Client.CLI Subscribe flake.

IPermissionEvaluator doc-comment reworded to avoid mentioning the literal
type name "LdapGroupRoleMapping" — the compliance check does a text-absence
sweep for that identifier across the data-plane files.

docs/v2/implementation/phase-6-2-authorization-runtime.md status updated from
DRAFT to SHIPPED (core). Two deferred follow-ups explicitly called out so
operators see what's still pending for the "Phase 6.2 fully wired end-to-end"
milestone.

`Phase 6.2 compliance: PASS` — exit 0. Any regression that deletes a class
or re-introduces an LdapGroupRoleMapping reference into the data-plane
evaluator turns a green check red + exit non-zero.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 09:45:58 -04:00
Joseph Doherty f29043c66a Phase 6.1 exit gate — compliance script real-checks + phase doc status = SHIPPED 
scripts/compliance/phase-6-1-compliance.ps1 replaces the stub TODOs with 34
real checks covering:
- Stream A: pipeline builder + CapabilityInvoker + WriteIdempotentAttribute
  present; pipeline key includes HostName (per-device isolation per decision
  #144); OnReadValue / OnWriteValue / HistoryRead route through invoker in
  DriverNodeManager; Galaxy supervisor CircuitBreaker + Backoff preserved.
- Stream B: DriverTier enum; DriverTypeMetadata requires Tier; MemoryTracking
  + MemoryRecycle (Tier C-gated) + ScheduledRecycleScheduler (rejects Tier
  A/B) + demand-aware WedgeDetector all present.
- Stream C: DriverHealthReport + HealthEndpointsHost; state matrix Healthy=200
  / Faulted=503 asserted in code; LogContextEnricher; JSON sink opt-in via
  Serilog:WriteJson.
- Stream D: GenerationSealedCache + ReadOnly marking + GenerationCacheUnavailable
  exception path; ResilientConfigReader + StaleConfigFlag.
- Stream E data layer: DriverInstanceResilienceStatus entity +
  DriverResilienceStatusTracker. SignalR/Blazor surface is Deferred per the
  visual-compliance follow-up pattern borrowed from Phase 6.4.
- Cross-cutting: full solution `dotnet test` runs; asserts 1042 >= 906
  baseline; tolerates the one pre-existing Client.CLI Subscribe flake and
  flags any new failure.

Running the script locally returns "Phase 6.1 compliance: PASS" — exit 0. Any
future regression that deletes a class or un-wires a dispatch path turns a
green check red + exit non-zero.

docs/v2/implementation/phase-6-1-resilience-and-observability.md status
updated from DRAFT to SHIPPED with the merged-PRs summary + test count delta +
the single deferred follow-up (visual review of the Admin /hosts columns).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 08:53:47 -04:00
Joseph Doherty ba31f200f6 Phase 6 reconcile — merge adjustments into plan bodies, add decisions #143-162, scaffold compliance stubs 
After shipping the four Phase 6 plan drafts (PRs 77-80), the adversarial-review
adjustments lived only as trailing "Review" sections. An implementer reading
Stream A would find the original unadjusted guidance, then have to cross-reference
the review to reconcile. This PR makes the plans genuinely executable:

1. Merges every ACCEPTed review finding into the actual Scope / Stream / Compliance
   sections of each phase plan:
   - phase-6-1: Scope table rewrite (per-capability retry, (instance,host) pipeline key,
     MemoryTracking vs MemoryRecycle split, hybrid watchdog formula, demand-aware
     wedge detector, generation-sealed LiteDB). Streams A/B/D + Compliance rewritten.
   - phase-6-2: AuthorizationDecision tri-state, control/data-plane separation,
     MembershipFreshnessInterval (15 min), AuthCacheMaxStaleness (5 min),
     subscription stamp-and-reevaluate. Stream C widened to 11 OPC UA operations.
   - phase-6-3: 8-state ServiceLevel matrix (OPC UA Part 5 §6.3.34-compliant),
     two-layer peer probe (/healthz + UaHealthProbe), apply-lease via await using,
     publish-generation fencing, InvalidTopology runtime state, ServerUriArray
     self-first + peers. New Stream F (interop matrix + Galaxy failover).
   - phase-6-4: DraftRevisionToken concurrency control, staged-import via
     EquipmentImportBatch with user-scoped visibility, CSV header version marker,
     decision-#117-aligned identifier columns, 1000-row diff cap,
     decision-#139 OPC 40010 fields, Identification inherits Equipment ACL.

2. Appends decisions #143 through #162 to docs/v2/plan.md capturing the
   architectural commitments the adjustments created. Each decision carries its
   dated rationale so future readers know why the choice was made.

3. Scaffolds scripts/compliance/phase-6-{1,2,3,4}-compliance.ps1 — PowerShell
   stubs with Assert-Todo / Assert-Pass / Assert-Fail helpers. Every check
   maps to a Stream task ID from the corresponding phase plan. Currently all
   checks are TODO and scripts exit 0; each implementation task is responsible
   for replacing its TODO with a real check before closing that task. Saved
   as UTF-8 with BOM so Windows PowerShell 5.1 parses em-dash characters
   without breaking.

Net result: the Phase 6.1 plan is genuinely ready to execute. Stream A.3 can
start tomorrow without reconciling Streams vs. Review on every task; the
compliance script is wired to the Stream IDs; plan.md has the architectural
commitments that justify the Stream choices.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-19 03:49:41 -04:00