70d7166a39
Add DeferredGateHardeningTests (28 unit tests) covering the Phase 6.2 compliance-checklist gaps left by the per-gate unit suites that shipped with the gate implementations: - Lax-mode fall-through for CreateMonitoredItems and Call gates (null identity and identity-without-LDAP-groups both skip denial in lax mode, consistent with BrowseGatingTests.Lax_mode_null_identity) - Flag isolation: Subscribe-only grant does NOT imply Read; Read-only grant does NOT imply Subscribe; HistoryRead-only grant does NOT imply Read and vice versa (Phase 6.2 compliance: "HistoryRead uses its own flag") - Alarm-bit isolation: AlarmAcknowledge alone does not grant AlarmConfirm or AlarmShelve; Browse alone does not grant AlarmAcknowledge - AlarmShelve falls through to OpcUaOperation.Call in MapCallOperation (documents the ShelvedStateMachine per-instance NodeId limitation noted in the implementation, with the follow-up path: MethodCall grant covers it) - Complete OpcUaOperation→NodePermissions mapping coverage for all deferred operations (Browse, CreateMonitoredItems, TransferSubscriptions, Call, AlarmAcknowledge, AlarmConfirm, AlarmShelve) — both positive and wrong-bit negative cases - Multi-group union for deferred gates (grp-browse ∪ grp-ack gives both Browse and AlarmAcknowledge without leaking Read or Call) Build: 0 errors on Server.csproj (verified against main repo build which carries the gRPC-generated Galaxy driver artifacts the isolated worktree lacks — that pre-existing gap is unrelated to these changes). Test count: 247 → 275 (+28 unit, 0 failures). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
18 KiB
18 KiB