0307a498ed
Resolve enterprise shortname = zb (decision #140, closes corrections-doc D4) — matches the existing ZB.MOM.WW.* namespace prefix used throughout the codebase, short by design since this segment appears in every equipment path (zb/warsaw-west/bldg-3/line-2/cnc-mill-05/RunState), operators already say "ZB" colloquially. Updated plan.md UNS browse-path example, plan.md Namespace schema sketch NamespaceUri example, plan.md ServerCluster schema sketch Enterprise comment, admin-ui.md cluster-create workflow form (Enterprise field default-prefilled zb), config-db-schema.md ServerCluster.Enterprise column comment.
Joseph Doherty
2026-04-17 13:12:41 -04:00
d8fa3a0ddd
Add OPC 40010 Machinery identity columns to the Equipment table (Manufacturer, Model, SerialNumber, HardwareRevision, SoftwareRevision, YearOfConstruction, AssetLocation, ManufacturerUri, DeviceManualUri — all nullable so equipment can be added before identity is fully captured) and surface them via a dedicated Identification panel in the Admin UI Equipment editor. These pair with the new _base equipment-class template seeded in 3yearplan/schemas/classes/_base.json that every other class extends — Manufacturer + Model are declared isRequired: true in the base, the rest optional. Drivers that can read these dynamically (FANUC cnc_sysinfo() returning SoftwareRevision, Beckhoff TwinCAT.SystemInfo, etc.) override the static value at runtime; static value is the operator-set fallback. Exposed on the OPC UA equipment node under the OPC 40010-standard Identification sub-folder per the category → folder mapping in schemas/docs/format-decisions.md D10. Decisions #138 (_base class with extends inheritance, references OPC 40010 + Part 9 + ISO 22400 + handoff canonical state vocabulary) and #139 (Equipment table identity columns) capture the rationale.
Joseph Doherty
2026-04-17 12:54:35 -04:00
4903a19ec9
Add data-path ACL design (acl-design.md, closes corrections B1) + dev-environment inventory and setup plan (dev-environment.md), and remove consumer cutover from OtOpcUa v2 scope.
Joseph Doherty
2026-04-17 11:58:33 -04:00
2a6c9828e4
Confirm the v2 driver list as fixed (decision #128) and remove the Equipment Protocol Survey from the v2 prerequisites — the seven committed drivers (Modbus TCP including DL205, AB CIP, AB Legacy, S7, TwinCAT, FOCAS, OPC UA Client) plus Galaxy/MXAccess are confirmed by direct knowledge of the equipment estate (TwinCAT and AB Legacy specifically called out by the OtOpcUa team based on known Beckhoff installations and SLC/MicroLogix legacy equipment); the survey may still inform long-tail driver scoping and per-site capacity planning but adding/removing drivers from the v2 implementation list is now out of scope. Phase-1 implementation doc loses the survey row from its Out-of-Scope table.
Joseph Doherty
2026-04-17 11:35:04 -04:00
592fa79e3c
Add Phase 0 + Phase 1 detailed implementation plans under docs/v2/implementation/ with a phase-gate model so the work can be verified for compliance to the v2 design as it lands. Three-gate structure per phase (entry / mid / exit) with explicit compliance-check categories: schema compliance (live DB introspected against config-db-schema.md DDL via xUnit), decision compliance (every decision number cited in the phase doc must have at least one code/test citation in the codebase, verified via git grep), visual compliance (Admin UI screenshots reviewed side-by-side against ScadaLink CentralUI's equivalent screens), behavioral compliance (per-phase end-to-end smoke test that always passes at exit, never "known broken fix later"), stability compliance (cross-cutting protections from driver-stability.md wired up and regression-tested for Tier C drivers), and documentation compliance (any deviation from v2 design docs reflected back as decision-log updates with explicit "supersedes" notes). Exit gate requires two-reviewer signoff and an exit-gate-{phase}.md record; silent deviation is the failure mode the gates exist to make impossible to ship. Phase 0 doc covers the mechanical LmxOpcUa → OtOpcUa rename with 9 tasks, 7 compliance checks, and a completion checklist that gates on baseline test count parity. Phase 1 doc covers the largest greenfield phase — 5 work streams (Core.Abstractions, Configuration project with EF Core schema + stored procs + LiteDB cache + generation-diff applier, Core with GenericDriverNodeManager rename + IAddressSpaceBuilder + driver isolation, Server with Microsoft.Extensions.Hosting replacing TopShelf + credential-bound bootstrap, Admin Blazor Server app mirroring ScadaLink CentralUI verbatim with LDAP cookie auth + draft/diff/publish workflow + UNS structure management + equipment CRUD + release-reservation and merge-equipment operator flows) — with task-level acceptance criteria, a 14-step end-to-end smoke test, and decision citation requirements for #1-125. New decisions #126-127 capture the gate model and per-phase doc structure. Cross-references added to plan.md Reference Documents section.
Joseph Doherty
2026-04-17 11:25:09 -04:00
a59ad2e0c6
Harden v2 design against the four findings from the 2026-04-17 Codex adversarial review of the db schema and admin UI: (1) DriverInstance.NamespaceId now enforces a same-cluster invariant in three layers (sp_ValidateDraft cross-table check using the new UX_Namespace_Generation_LogicalId_Cluster composite index, server-side namespace-selection API scoping that prevents bypass via crafted requests, and audit-log entries on cross-cluster attempts) so a draft for cluster A can no longer bind to cluster B's namespace and leak its URI into A's endpoint; (2) the Namespace table moves from cluster-level to generation-versioned with append-only logical-ID identity and locked NamespaceUri/Kind across generations so admins can no longer disable a namespace that a published driver depends on outside the publish/diff/rollback flow, the cluster-create workflow opens an initial draft containing the default namespaces instead of writing namespace rows directly, and the Admin UI Namespaces tab becomes hybrid (read-only over published, click-to-edit opens draft) like the UNS Structure tab; (3) ZTag/SAPID fleet-wide uniqueness moves from per-generation indexes (which silently allow rollback or re-enable to reintroduce duplicates) into a new ExternalIdReservation table that sits outside generation versioning, with sp_PublishGeneration reserving atomically via MERGE under transaction lock so a different EquipmentUuid attempting the same active value rolls the whole publish back, an FleetAdmin-only sp_ReleaseExternalIdReservation as the only path to free a value for reuse with audit trail, and a corresponding Release-reservation operator workflow in the Admin UI; (4) Equipment.EquipmentId is now system-generated as 'EQ-' + first 12 hex chars of EquipmentUuid, never operator-supplied or editable, removed from the Equipment CSV import schema entirely (rows match by EquipmentUuid for updates or create new equipment with auto-generated identifiers when no UUID is supplied), with a new Merge-or-Rebind-equipment operator workflow handling the rare case where two UUIDs need to be reconciled — closing the corruption path where typos and bulk-import renames were minting duplicate identities and breaking downstream UUID-keyed lineage. New decisions #122-125 with explicit "supersedes" notes for the earlier #107 (cluster-level namespace) and #116 (operator-set EquipmentId) frames they revise.
Joseph Doherty
2026-04-17 11:08:58 -04:00
449bc454b7
Ignore .claude/ so per-developer Claude Code settings, runtime lock files (scheduled_tasks.lock), and background-agent transcripts stop appearing in git status — these are local IDE state, not project artifacts.
Joseph Doherty
2026-04-17 09:19:40 -04:00
a1e79cdb06
Draft v2 multi-driver planning docs (docs/v2/) so Phase 0–5 work has a complete reference: rename to OtOpcUa, migrate to .NET 10 x64 (Galaxy stays .NET 4.8 x86 out-of-process), add seven new drivers behind composable capability interfaces (Modbus TCP / DL205, AB CIP, AB Legacy, S7, TwinCAT, FOCAS, OPC UA Client), introduce a central MSSQL config DB with cluster-scoped immutable generations and per-node credential binding, deploy as two-node site clusters with non-transparent redundancy and minimal per-node overrides, classify drivers by stability tier (A pure-managed / B wrapped-native / C out-of-process Windows service) with Tier C deep dives for both Galaxy and FOCAS, define per-driver test data sources (libplctag ab_server, Snap7, NModbus in-proc, TwinCAT XAR VM, FOCAS TCP stub plus native FaultShim) plus a 6-axis cross-driver test matrix, and ship a Blazor Server admin UI mirroring ScadaLink CentralUI's Bootstrap 5 / LDAP cookie auth / dark-sidebar look-and-feel — 106 numbered decisions across six docs (plan.md, driver-specs.md, driver-stability.md, test-data-sources.md, config-db-schema.md, admin-ui.md), DRAFT only and intentionally not yet wired to code.
Joseph Doherty
2026-04-17 09:17:49 -04:00
bc282b6788
Add Galaxy platform scope filter so multi-node deployments can restrict the OPC UA address space to only objects hosted by the local platform, reducing memory footprint and MXAccess subscription count from the full Galaxy (49 objects / 4206 attributes) down to the local subtree (3 objects / 386 attributes on the dev Galaxy).
Joseph Doherty
2026-04-16 00:39:11 -04:00
c76ab8fdee
Close all four stability-review 2026-04-13 findings so a failed runtime probe subscription can no longer leave a phantom entry that Tick() flips to Stopped and fans out false BadOutOfService quality across a host's subtree, a silently-failed dashboard bind no longer lets the service advertise a successful start while an operator-visible endpoint is dead, the seven sync-over-async sites in LmxNodeManager (rebuild probe sync, Read, Write, four HistoryRead overrides) can no longer park the OPC UA stack thread indefinitely on a hung backend, and alarm auto-subscribe + transferred-subscription restore no longer race shutdown as untracked fire-and-forget tasks.
Joseph Doherty
2026-04-14 00:48:07 -04:00
731092595f
Stop MxAccess from overwriting Bad quality on stopped-host variables: suppress pending data changes at dispatch, guard cross-host clear from wiping sibling state, and silence the Unknown→Running startup callback so recovering DevPlatform can no longer reset variables that a still-stopped DevAppEngine marked Bad.
Joseph Doherty
2026-04-13 23:22:28 -04:00
4b209f64bb
Expose per-host runtime status as synthetic OPC UA variables so clients can observe Platform/Engine ScanState transitions without the status dashboard
Joseph Doherty
2026-04-13 17:07:16 -04:00
0003984c1a
Document the Galaxy runtime status feature across the architecture guides so operators and future maintainers can find probe machinery, config fields, dashboard panel, and HealthCheck Rule 2e without having to dig through runtimestatus.md or service_info.md
Joseph Doherty
2026-04-13 16:36:35 -04:00
f2ea751e2b
Document the Galaxy runtime status deploy so operators can reconstruct the stop/start verification sequence, the two bugs found in-flight, and the phase-2 client-freeze decision gate without having to dig through the plan file or chat transcript
Joseph Doherty
2026-04-13 16:24:18 -04:00
98ed6bd47b
Stop OPC UA Read requests from serving stale Good-quality cached values while a Galaxy runtime host is Stopped, and defer probe-transition callbacks through a dispatch-thread queue so MarkHostVariablesBadQuality can no longer deadlock against worker threads waiting on the MxAccess STA thread
Joseph Doherty
2026-04-13 16:20:01 -04:00
9d49cdcc58
Track Galaxy Platform and AppEngine runtime state via ScanState probes and proactively invalidate descendant variable quality on Stopped transitions so operators can detect a stopped runtime host before downstream clients read stale data and so the bridge delivers a uniform bad-quality signal instead of relying on MxAccess per-tag fan-out
Joseph Doherty
2026-04-13 15:40:44 -04:00
8f340553d9
Instrument the historian plugin with runtime query health counters and read-only cluster failover so operators can detect silent query degradation and keep serving history when a single cluster node goes down
Joseph Doherty
2026-04-13 14:08:32 -04:00
4fe37fd1b7
Promote service version into the dashboard title and surface the active alarm filter patterns in the Alarms panel so operators can verify scope at a glance without reading logs or the footer block
Joseph Doherty
2026-04-13 10:05:47 -04:00
517d92c76f
Scope alarm tracking to selected templates and surface endpoint/security state on the dashboard so operators can deploy in large galaxies without drowning clients in irrelevant alarms or guessing what the server is advertising
Joseph Doherty
2026-04-13 09:48:57 -04:00
c5ed5312a9
Surface historian plugin and alarm-tracking health in the status dashboard so operators can detect misconfiguration and runtime degradation that previously showed as fully healthy
Joseph Doherty
2026-04-12 15:52:03 -04:00
9b42b61eb6
Extract historian into a runtime-loaded plugin so hosts without the Wonderware SDK can run with Historian.Enabled=false
Joseph Doherty
2026-04-12 15:16:07 -04:00
9e1a180ce3
Resolve blocking I/O finding and complete Historian lifecycle test coverage
Joseph Doherty
2026-04-07 16:16:03 -04:00
95ad9c6866
Resolve 6 of 7 stability review findings and close test coverage gaps
Joseph Doherty
2026-04-07 15:37:27 -04:00
a28600ab1b
Remove OPC PLC sample server — no longer needed with live Galaxy instances
Joseph Doherty
2026-04-06 23:30:07 -04:00
6d47687573
Resolve DA, A&C, and security spec gaps with ServerCapabilities, alarm methods, and modern profiles
Joseph Doherty
2026-04-06 22:02:05 -04:00
41f0e9ec4c
Migrate historian from SQL to aahClientManaged SDK and resolve all OPC UA Part 11 gaps
Joseph Doherty
2026-04-06 16:38:00 -04:00
5c89a44255
Document client stack XML docs progress
Joseph Doherty
2026-04-01 08:58:17 -04:00
b2be438d33
Add clean export script for distributing repo without git history
Joseph Doherty
2026-04-01 03:31:25 -04:00
500d0a8602
Restructure README to separate server (.NET 4.8) and client (.NET 10) sections
Joseph Doherty
2026-04-01 03:24:51 -04:00
188cbf7d24
Add UI features, alarm ack, historian UTC fix, and Client.UI documentation
Joseph Doherty
2026-03-31 20:46:45 -04:00
8fae2cb790
Remove tools/opcuacli-dotnet and point all docs to Client.CLI
Joseph Doherty
2026-03-31 08:08:57 -04:00
29e917b05f
Move ClientRequirements.md to docs/reqs/ and update CliTool.md for Client.CLI
Joseph Doherty
2026-03-31 08:04:14 -04:00
41a6b66943
Apply code style formatting and restore partial modifiers on Avalonia views
Joseph Doherty
2026-03-31 07:58:13 -04:00
55ef854612
Add tree context menu, missing connection settings, and fix lazy-load browse
Joseph Doherty
2026-03-30 17:45:29 -04:00
a2883b82d9
Add cross-platform OPC UA client stack: shared library, CLI tool, and Avalonia UI
Joseph Doherty
2026-03-30 15:49:42 -04:00
50b85d41bd
Consolidate LDAP roles into OPC UA session roles with granular write permissions
Joseph Doherty
2026-03-29 01:50:16 -04:00
50b9603465
Propagate alarm events up the full notifier chain so subscribers at any ancestor see them
Joseph Doherty
2026-03-28 20:25:55 -04:00
d9463d6998
Remove static Users auth, use shared QualityMapper for historian, simplify LDAP permission checks
Joseph Doherty
2026-03-28 19:23:20 -04:00
74107ea95e
Add LDAP authentication with role-based OPC UA permissions
Joseph Doherty
2026-03-28 18:57:30 -04:00
9d3599fbb6
Add rich HTTP health endpoints for cluster monitoring
Joseph Doherty
2026-03-28 16:44:31 -04:00
f0a076ec26
Add redundancy panel to status dashboard
Joseph Doherty
2026-03-28 15:27:52 -04:00
afd6c33d9d
Add client-side failover to CLI tool for redundancy testing
Joseph Doherty
2026-03-28 14:41:06 -04:00
a55153d7d5
Add configurable non-transparent OPC UA server redundancy
Joseph Doherty
2026-03-28 13:32:17 -04:00
a3c2d9b243
Add OPC UA server redundancy implementation plan
Joseph Doherty
2026-03-28 12:52:15 -04:00
55173665b1
Add configurable transport security profiles and bind address
Joseph Doherty
2026-03-27 15:59:43 -04:00
bbd043e97b
Add authentication and role-based write access control
Joseph Doherty
2026-03-27 02:14:37 -04:00
b27d355763
Fix alarm acknowledge EventId validation and add auth plan
Joseph Doherty
2026-03-27 01:39:21 -04:00
9368767b1b
Add alarm acknowledge plan and incorporate code review fixes
Joseph Doherty
2026-03-27 01:02:47 -04:00
e3fedcc8f0
Trim README to avoid duplicating component-level documentation
Joseph Doherty
2026-03-26 15:52:30 -04:00
965e430f48
Add component-level documentation for all 14 server subsystems
Joseph Doherty
2026-03-26 15:47:59 -04:00
ce0b291664
Refine XML docs for historian, OPC UA, and tests
Joseph Doherty
2026-03-26 15:33:14 -04:00
3c326e2d45
Replace full address space rebuild with incremental subtree sync
Joseph Doherty
2026-03-26 15:23:11 -04:00
bfd360a6db
Add enable/disable configuration for alarm tracking and historian integration
Joseph Doherty
2026-03-26 13:56:38 -04:00
415e62c585
Add security classification, alarm detection, historical data access, and primitive grouping
Joseph Doherty
2026-03-26 11:32:33 -04:00
bb0a89b2a1
Publish default values for null static arrays
Joseph Doherty
2026-03-25 14:12:37 -04:00
ed42b33512
Use bracketless OPC UA node IDs for arrays
Joseph Doherty
2026-03-25 12:57:05 -04:00
4833765606
Expand XML docs across bridge and test code
Joseph Doherty
2026-03-25 11:45:12 -04:00
3f813b3869
Add OPC UA array element write integration test
Joseph Doherty
2026-03-25 11:05:04 -04:00
4351854754
Fix service deployment: set working directory for correct log paths and use MasterNodeManager for Objects→ZB reference
Joseph Doherty
2026-03-25 10:57:18 -04:00
09ed15bdda
Fix second-pass review findings: subscription leak on rebuild, metrics accuracy, and MxAccess startup recovery
Joseph Doherty
2026-03-25 09:41:12 -04:00
Joseph Doherty