namespace ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient; ///

/// OPC UA Client (gateway) driver configuration. Bound from DriverConfig JSON at /// driver-host registration time. Models the settings documented in /// docs/v2/driver-specs.md §8. ///

/// /// This driver connects to a REMOTE OPC UA server and re-exposes its address space /// through the local OtOpcUa server — the opposite direction from the usual "server /// exposes PLC data" flow. Tier A (pure managed, OPC Foundation reference SDK); universal /// protections cover it. /// public sealed class OpcUaClientDriverOptions { ///

Remote OPC UA endpoint URL, e.g. opc.tcp://plc.internal:4840.

public string EndpointUrl { get; init; } = "opc.tcp://localhost:4840"; ///

Security policy. One of None, Basic256Sha256, Aes128_Sha256_RsaOaep.

public string SecurityPolicy { get; init; } = "None"; ///

Security mode.

public OpcUaSecurityMode SecurityMode { get; init; } = OpcUaSecurityMode.None; ///

Authentication type.

public OpcUaAuthType AuthType { get; init; } = OpcUaAuthType.Anonymous; ///

User name (required only for ).

public string? Username { get; init; } ///

Password (required only for ).

public string? Password { get; init; } ///

Server-negotiated session timeout. Default 120s per driver-specs.md §8.

public TimeSpan SessionTimeout { get; init; } = TimeSpan.FromSeconds(120); ///

Client-side keep-alive interval.

public TimeSpan KeepAliveInterval { get; init; } = TimeSpan.FromSeconds(5); ///

Initial reconnect delay after a session drop.

public TimeSpan ReconnectPeriod { get; init; } = TimeSpan.FromSeconds(5); ///

/// When true, the driver accepts any self-signed / untrusted server certificate. /// Dev-only — must be false in production so MITM attacks against the opc.tcp /// channel fail closed. ///

public bool AutoAcceptCertificates { get; init; } = false; ///

/// Application URI the driver reports during session creation. Must match the /// subject-alt-name on the client certificate if one is used, which is why it's a /// config knob rather than hard-coded. ///

public string ApplicationUri { get; init; } = "urn:localhost:OtOpcUa:GatewayClient"; ///

/// Friendly name sent to the remote server for diagnostics. Shows up in the remote /// server's session-list so operators can identify which gateway instance is calling. ///

public string SessionName { get; init; } = "OtOpcUa-Gateway"; ///

Connect + per-operation timeout.

public TimeSpan Timeout { get; init; } = TimeSpan.FromSeconds(10); ///

/// Root NodeId to mirror. Default null = ObjectsFolder (i=85). Set to /// a scoped root to restrict the address space the driver exposes locally — useful /// when the remote server has tens of thousands of nodes and only a subset is /// needed downstream. ///

public string? BrowseRoot { get; init; } ///

/// Cap on total nodes discovered during DiscoverAsync. Default 10_000 — /// bounds memory on runaway remote servers without being so low that normal /// deployments hit it. When the cap is reached discovery stops and a warning is /// written to the driver health surface; the partially-discovered tree is still /// projected into the local address space. ///

public int MaxDiscoveredNodes { get; init; } = 10_000; ///

/// Max hierarchical depth of the browse. Default 10 — deep enough for realistic /// OPC UA information models, shallow enough that cyclic graphs can't spin the /// browse forever. ///

public int MaxBrowseDepth { get; init; } = 10; } ///

OPC UA message security mode.

public enum OpcUaSecurityMode { None, Sign, SignAndEncrypt, } ///

User authentication type sent to the remote server.

public enum OpcUaAuthType { Anonymous, Username, Certificate, }