5c513f99fd
The Resolution prose was already recorded under Core.Scripting commit (0454822); status was left as Open. Flip to Won't Fix to match. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Code Reviews
Cross-module code review index for the OtOpcUa server codebase (lmxopcua). The review process is defined in ../REVIEW-PROCESS.md.
Each module's findings.md is the source of truth; this file is generated from them by regen-readme.py and must not be edited by hand.
Module status
| Module | Reviewer | Date | Commit | Status | Open | Total |
|---|---|---|---|---|---|---|
| Admin | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 13 |
| Analyzers | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 7 |
| Client.CLI | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 8 | 10 |
| Client.Shared | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 11 |
| Client.UI | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 6 | 11 |
| Configuration | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 11 |
| Core | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 12 |
| Core.Abstractions | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 8 |
| Core.AlarmHistorian | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 11 |
| Core.ScriptedAlarms | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 12 |
| Core.Scripting | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 11 |
| Core.VirtualTags | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 13 |
| Driver.AbCip | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 15 |
| Driver.AbCip.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 6 | 8 |
| Driver.AbLegacy | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 3 | 13 |
| Driver.AbLegacy.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 6 | 7 |
| Driver.Cli.Common | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 2 | 6 |
| Driver.FOCAS | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 12 |
| Driver.FOCAS.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 5 |
| Driver.Galaxy | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 4 | 14 |
| Driver.Historian.Wonderware | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 7 | 12 |
| Driver.Historian.Wonderware.Client | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 10 |
| Driver.Modbus | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 7 | 12 |
| Driver.Modbus.Addressing | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 3 | 9 |
| Driver.Modbus.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 6 | 8 |
| Driver.OpcUaClient | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 2 | 15 |
| Driver.S7 | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 14 |
| Driver.S7.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 4 | 7 |
| Driver.TwinCAT | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 5 | 16 |
| Driver.TwinCAT.Cli | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 7 | 7 |
| Server | Claude Code | 2026-05-22 | 76d35d1 |
Reviewed | 0 | 15 |
Pending findings
Findings with status Open or In Progress, ordered by severity.
| ID | Severity | Category | Location | Description |
|---|---|---|---|---|
| Client.CLI-002 | Low | Correctness & logic bugs | Commands/SubscribeCommand.cs:129-137 |
The summary computes neverWentBad as every target whose node-id key is absent from the everBad dictionary. A node that received no update at all is also absent from everBad, so it is counted in neverWentBad and printed under the he… |
| Client.CLI-003 | Low | Correctness & logic bugs | Commands/BrowseCommand.cs:29-30, Commands/SubscribeCommand.cs:20-27, Commands/AlarmsCommand.cs:28-29, Commands/HistoryReadCommand.cs:42-43 |
Numeric command options accept any value with no range validation. --depth, --interval, --max-depth, --max, and the history --interval can all be supplied as 0 or a negative number. A negative --depth/--max-depth silently d… |
| Client.CLI-004 | Low | OtOpcUa conventions | Commands/SubscribeCommand.cs:13-37 |
SubscribeCommand is the only command in the module whose constructor and all [CommandOption] properties have no XML doc comments. Every other command (ConnectCommand, ReadCommand, WriteCommand, BrowseCommand, AlarmsCommand, `… |
| Client.CLI-006 | Low | Error handling & resilience | Commands/HistoryReadCommand.cs:73, Commands/HistoryReadCommand.cs:76, Helpers/NodeIdParser.cs:39 |
Operator input-format errors surface as raw .NET exceptions rather than clean CLI errors. An unparseable start/end value throws FormatException straight out of DateTime.Parse; an invalid node id throws FormatException/`ArgumentExcept… |
| Client.CLI-007 | Low | Performance & resource management | CommandBase.cs:112-123 |
ConfigureLogging builds a new Serilog LoggerConfiguration, creates a logger, and assigns it to the static Log.Logger without disposing the previously assigned logger. For a single CLI invocation this leaks at most one logger and the… |
| Client.CLI-008 | Low | Documentation & comments | docs/Client.CLI.md:158-217 |
docs/Client.CLI.md is stale relative to the code at this commit. (1) The subscribe command section documents only -n and -i, but the code (SubscribeCommand) also exposes -r/--recursive, --max-depth, -q/--quiet, --duration… |
| Client.CLI-009 | Low | Code organization & conventions | Commands/SubscribeCommand.cs:66-165, Commands/AlarmsCommand.cs:52-91 |
Both long-running commands attach an event handler (service.DataChanged += ..., service.AlarmEvent += ...) with a lambda and never detach it. Because the handler closes over console, the captured console and the closure remain refere… |
| Client.CLI-010 | Low | Testing coverage | tests/Client/ZB.MOM.WW.OtOpcUa.Client.CLI.Tests/SubscribeCommandTests.cs |
The new SubscribeCommand capabilities are largely untested. The four SubscribeCommandTests cover only single-node subscribe, unsubscribe-on-cancel, disconnect-in-finally, and the subscription message. There is no test for the `--recurs… |
| Client.Shared-003 | Low | Correctness & logic bugs | Adapters/DefaultSessionAdapter.cs:76, Adapters/DefaultSessionAdapter.cs:273 |
WriteValueAsync returns response.Results[0] and CallMethodAsync reads result.Results[0] without first checking the Results collection is non-empty. A malformed or service-level-faulted response (empty Results alongside a servic… |
| Client.Shared-004 | Low | OtOpcUa conventions | Adapters/DefaultSessionAdapter.cs:228, Adapters/DefaultSessionAdapter.cs:121, Adapters/DefaultSessionAdapter.cs:172 |
CloseAsync, HistoryReadRawAsync, and HistoryReadAggregateAsync are declared async Task but call the synchronous Session.Close() / Session.HistoryRead(...) APIs and contain no await. The history methods run a blocking synchron… |
| Client.Shared-009 | Low | Error handling & resilience / Documentation & comments | OpcUaClientService.cs:302-322 |
AcknowledgeAlarmAsync is typed Task<StatusCode> and its XML doc implies the returned code reports the ack outcome, but the method unconditionally return StatusCodes.Good. The actual failure path is `DefaultSessionAdapter.CallMethodAs… |
| Client.Shared-010 | Low | Performance & resource management | Models/ConnectionSettings.cs:48, OpcUaClientService.cs:408-417 |
ConnectionSettings.CertificateStorePath is initialized to ClientStoragePaths.GetPkiPath() as a property initializer, so every ConnectionSettings instantiation runs Environment.GetFolderPath + Path.Combine and, on the first call p… |
| Client.Shared-011 | Low | Testing coverage | tests/Client/ZB.MOM.WW.OtOpcUa.Client.Shared.Tests/OpcUaClientServiceTests.cs |
The test suite is solid for the happy paths, connection lifecycle, and single-failover behavior. Gaps relative to the findings above: (a) no test exercises concurrent SubscribeAsync/failover to expose the _activeDataSubscriptions race… |
| Client.UI-003 | Low | OtOpcUa conventions | ZB.MOM.WW.OtOpcUa.Client.UI.csproj:20-21, Program.cs:14-20 |
The csproj references Serilog and Serilog.Sinks.Console, and docs/Client.UI.md lists Serilog as the logging technology, but no source file in the module uses Serilog. Program.BuildAvaloniaApp() uses Avalonia's LogToTrace() and th… |
| Client.UI-004 | Low | OtOpcUa conventions | Views/MainWindow.axaml.cs:125-138 |
OnBrowseCertPathClicked uses OpenFolderDialog, which is obsolete in Avalonia 11.x (the version pinned in the csproj). The supported replacement is the StorageProvider API (StorageProvider.OpenFolderPickerAsync). Using the obsolete… |
| Client.UI-006 | Low | Error handling & resilience | ViewModels/MainWindowViewModel.cs:244-252, ViewModels/AlarmsViewModel.cs:88-112, ViewModels/SubscriptionsViewModel.cs:79-94 |
Many catch blocks swallow exceptions silently with an empty body and only a comment (// Redundancy info not available, // Subscribe failed, // Subscription failed; no item added, and others). When a subscribe, alarm-subscribe, or red… |
| Client.UI-009 | Low | Design-document adherence | ViewModels/HistoryViewModel.cs:44-54 |
HistoryViewModel.AggregateTypes exposes eight entries: null (Raw) plus Average, Minimum, Maximum, Count, Start, End, and StandardDeviation. docs/Client.UI.md ("Query Options" table) lists only "Raw (default), Average, Minimum, Maxi… |
| Client.UI-010 | Low | Code organization & conventions | Controls/DateTimeRangePicker.axaml.cs:33-37, Controls/DateTimeRangePicker.axaml.cs:70-80 |
DateTimeRangePicker declares MinDateTimeProperty / MaxDateTimeProperty styled properties with public CLR accessors, but neither is read anywhere in the control. TryParseDateTime, OnStartLostFocus, and OnEndLostFocus never clamp… |
| Client.UI-011 | Low | Documentation & comments | Views/MainWindow.axaml:81, Services/JsonSettingsService.cs:11-15 |
The certificate-store-path TextBox watermark reads (default: AppData/LmxOpcUaClient/pki), referencing the legacy pre-task-#208 folder name. Per CLAUDE.md / docs/Client.UI.md the canonical path is now {LocalAppData}/OtOpcUaClient/… |
| Driver.AbCip-007 | Low | OtOpcUa conventions | AbCipDriver.cs (whole file), AbCipAlarmProjection.cs, LibplctagTagRuntime.cs |
CLAUDE.md Library Preferences mandate Serilog with a rolling daily file sink. The driver has no logging at all: no ILogger/Serilog dependency is injected or used. Failure paths instead swallow exceptions into the _health string (`Rea… |
| Driver.AbCip-011 | Low | Error handling & resilience | AbCipDriver.cs:144-152, AbCipDriverOptions.cs:131-143 |
InitializeAsync only starts probe loops when _options.Probe.Enabled is true AND Probe.ProbeTagPath is non-blank. When Probe.Enabled is true (the default) but ProbeTagPath is null (also the default; the doc comment says "PR 8 wire… |
| Driver.AbCip-012 | Low | Performance & resource management | LibplctagTemplateReader.cs:15-35, AbCipDriver.cs:88-92 |
LibplctagTemplateReader is created per FetchUdtShapeAsync call, and each call constructs a fresh libplctag Tag for the @udt pseudo-tag, initializes it (a CIP connection handshake), reads, and disposes it. There is no reuse of the `Ta… |
| Driver.AbCip-013 | Low | Design-document adherence | AbCipDriverOptions.cs:70-73, PlcFamilies/AbCipPlcFamilyProfile.cs:13-19, LibplctagTagRuntime.cs:16-27 |
driver-specs.md specifies the AB CIP per-device connection settings as discrete fields: Host, Path, PlcType, TimeoutMs, AllowPacking, ConnectionSize. The implementation instead collapses host + path into a single opaque ab:// URL string… |
| Driver.AbCip-015 | Low | Documentation & comments | AbCipDriver.cs:9-11, PlcTagHandle.cs:23-27,53-58, AbCipTemplateCache.cs:12-15, IAbCipTagEnumerator.cs:6-11, AbCipDriverOptions.cs:21 |
Numerous comments are stale relative to the commit under review. AbCipDriver.cs:9-11 says the driver "Implements IDriver only for now" with capabilities shipping "in subsequent PRs (3-8)" while the class already implements all of them. `… |
| Driver.AbCip.Cli-003 | Low | Concurrency & thread safety | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Commands/SubscribeCommand.cs:50-56,60-61 |
The OnDataChange handler writes change lines to console.Output (a TextWriter) from the driver's poll-engine callback thread, while the command's main flow concurrently writes the "Subscribed to ... Ctrl+C to stop." line on the CLI th… |
| Driver.AbCip.Cli-004 | Low | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Commands/SubscribeCommand.cs:28,58; AbCipCommandBase.cs:26-34 |
--interval-ms (IntervalMs) is taken verbatim and passed as TimeSpan.FromMilliseconds(IntervalMs) to SubscribeAsync with no validation. A zero or negative value produces a non-positive TimeSpan; the option description claims "Poll… |
| Driver.AbCip.Cli-005 | Low | Performance & resource management | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/DriverCommandBase.cs:51-59 |
ConfigureLogging assigns a freshly created Serilog logger to the process-global Log.Logger but never calls Log.CloseAndFlush(). For a short-lived one-shot command (probe, read, write) the process exit flushes the console sink,… |
| Driver.AbCip.Cli-006 | Low | Design-document adherence | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/AbCipCommandBase.cs:29-34 |
AbCipCommandBase overrides the abstract DriverCommandBase.Timeout property with a getter derived from TimeoutMs and an empty init body (init { /* driven by TimeoutMs */ }). Because the override has no [CommandOption] attribute,… |
| Driver.AbCip.Cli-007 | Low | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli.Tests/WriteCommandParseValueTests.cs |
The only test file covers WriteCommand.ParseValue and ReadCommand.SynthesiseTagName — both pure static helpers. There is no coverage for AbCipCommandBase.BuildOptions (the flag-to-AbCipDriverOptions mapping that all four commands d… |
| Driver.AbCip.Cli-008 | Low | Documentation & comments | docs/Driver.AbCip.Cli.md:8-9 |
docs/Driver.AbCip.Cli.md opens with "Second of four driver test-client CLIs (Modbus -> AB CIP -> AB Legacy -> S7 -> TwinCAT)." The count "four" contradicts the chain that follows it (five names) and contradicts docs/DriverClis.md, whic… |
| Driver.AbLegacy-005 | Low | OtOpcUa conventions | AbLegacyDriver.cs (whole file) |
The driver uses no ILogger/Serilog at all. Probe-loop failures, runtime initialisation failures, libplctag non-zero statuses, and read/write exceptions are folded into DriverHealth.Detail strings but never logged. CLAUDE.md names Seril… |
| Driver.AbLegacy-011 | Low | Performance & resource management | AbLegacyDriver.cs:440 |
Dispose() is implemented as DisposeAsync().AsTask().GetAwaiter().GetResult() - sync-over-async. ShutdownAsync awaits _poll.DisposeAsync() (which completes synchronously) and does no other real async work, so a deadlock is unlikely… |
| Driver.AbLegacy-013 | Low | Code organization & conventions | AbLegacyDriver.cs:340-345, AbLegacyDriver.cs:238-264 |
Two minor organisational issues: 1. ResolveHost returns _options.Devices.FirstOrDefault()?.HostAddress ?? DriverInstanceId when the reference is unknown and no devices are configured. DriverInstanceId is not a host address (ab://...)… |
| Driver.AbLegacy.Cli-002 | Low | Correctness & logic bugs | Commands/WriteCommand.cs:27-29, Program.cs:6-9 |
The --value option help text states "booleans accept true/false/1/0", but ParseBool (WriteCommand.cs:74-80) and the error message also accept on/off and yes/no, and DriverClis.md documents the full `true/false/1/0/yes/no/on/off… |
| Driver.AbLegacy.Cli-003 | Low | Concurrency & thread safety | Commands/SubscribeCommand.cs:47-53 |
The OnDataChange handler calls console.Output.WriteLine(line) (the synchronous overload) directly from the PollGroupEngine poll thread. The poll engine raises change events from a background timer/loop thread, so two ticks that fire… |
| Driver.AbLegacy.Cli-004 | Low | Error handling & resilience | Commands/ProbeCommand.cs:37-56, Commands/ReadCommand.cs:39-50, Commands/WriteCommand.cs:48-59, Commands/SubscribeCommand.cs:41-76 |
Every command does await using var driver = new AbLegacyDriver(...) and an explicit await driver.ShutdownAsync(...) in the finally. AbLegacyDriver DisposeAsync itself calls ShutdownAsync, so the driver is shut down twice on t… |
| Driver.AbLegacy.Cli-005 | Low | Design-document adherence | Commands/SubscribeCommand.cs:23-25, docs/Driver.AbLegacy.Cli.md:94-96 |
The subscribe command interval option is --interval-ms (default 1000). docs/Driver.AbLegacy.Cli.md shows the subscribe example as otopcua-ablegacy-cli subscribe ... -i 500, which works because of the short alias 'i', but the doc ne… |
| Driver.AbLegacy.Cli-006 | Low | Code organization & conventions | Commands/ProbeCommand.cs:20-22 |
ProbeCommand declares its --type option with no short alias, while ReadCommand, WriteCommand, and SubscribeCommand all declare --type with the short alias 't'. ProbeCommand also gives --address the alias 'a', matching t… |
| Driver.AbLegacy.Cli-007 | Low | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Cli.Tests/WriteCommandParseValueTests.cs |
The only test file in the CLI test project covers WriteCommand.ParseValue and ReadCommand.SynthesiseTagName. Two behaviours that are pure logic (testable without a device) are uncovered: (1) AbLegacyCommandBase.BuildOptions — that it… |
| Driver.Cli.Common-004 | Low | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:68-70 |
FormatTable calls rows.Max(r => r.Tag.Length) (and the same for the value and status columns) without guarding against empty input. When tagNames and snapshots are both empty (equal length, so the mismatch check at line 56 passes),… |
| Driver.Cli.Common-006 | Low | Documentation & comments | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:71, src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/DriverCommandBase.cs:9 |
Two minor doc inaccuracies. (1) The comment at SnapshotFormatter.cs:71 states the "source-time column is fixed-width (ISO-8601 to ms) so no max-measurement needed" — true only when every snapshot has a non-null SourceTimestampUtc. `For… |
| Driver.FOCAS-007 | Low | Error handling & resilience | FocasDriver.cs:140-148, FocasDriver.cs:478-484, FocasDriver.cs:529-533, FocasAlarmProjection.cs:61-63 |
Numerous try { ... } catch {} blocks swallow every exception with no logging - ShutdownAsync (CTS cancel/dispose), RecycleLoopAsync (DisposeClient), FixedTreeLoopAsync transient catches, ProbeLoopAsync, and the alarm projection… |
| Driver.FOCAS-008 | Low | Performance & resource management | FocasDriver.cs:201, FocasDriver.cs:253 |
ReadAsync and WriteAsync call FocasAddress.TryParse(def.Address) on every operation, even though InitializeAsync already parsed and validated every tag address. On a subscription hot path (each poll tick re-enters ReadAsync) this… |
| Driver.FOCAS-009 | Low | Design-document adherence | FocasDriverOptions.cs:110-115, FocasDriver.cs:468-486, FocasDriverFactoryExtensions.cs:75-80 |
FocasProbeOptions.Timeout is parsed by the factory (FocasProbeDto.TimeoutMs to FocasProbeOptions.Timeout) but never consumed. ProbeLoopAsync calls client.ProbeAsync(ct) with only the probe-loop cancellation token; no per-probe ti… |
| Driver.FOCAS-010 | Low | Code organization & conventions | IFocasClient.cs:210-227 (FocasOpMode), FocasConstants.cs:42-78 (FocasOperationMode) |
There are two parallel operation-mode-to-text mappings with divergent labels. FocasOpMode.ToText (used by the driver fixed-tree OperationMode/ModeText node) yields "TJOG", "TEACH_IN_HANDLE"; FocasOperationModeExtensions.ToText (i… |
| Driver.FOCAS-011 | Low | Code organization & conventions | IFocasClient.cs:275-287 (FocasAlarmType), FocasAlarmProjection.cs:149-175 |
FocasAlarmType declares its constants as public const int, but the only consumers - FocasAlarmProjection.MapAlarmType(short type) and MapSeverity(short type) - take a short and switch against these int constants. It compiles… |
| Driver.FOCAS.Cli-001 | Low | Error handling & resilience | Commands/WriteCommand.cs:58-68 |
WriteCommand.ParseValue parses the numeric --value types (Byte/Int16/Int32/Float32/Float64) with sbyte.Parse / short.Parse / etc. These throw raw FormatException or OverflowException for malformed or out-of-range inpu… |
| Driver.FOCAS.Cli-002 | Low | Concurrency & thread safety | Commands/SubscribeCommand.cs:45-51 |
The subscribe command attaches an OnDataChange handler that calls the synchronous console.Output.WriteLine. OnDataChange is raised from the driver's PollGroupEngine tick thread, while the command's main flow writes the "Subscribe… |
| Driver.FOCAS.Cli-003 | Low | Error handling & resilience | FocasCommandBase.cs:19 (CncPort), FocasCommandBase.cs:27 (TimeoutMs), Commands/SubscribeCommand.cs:23 (IntervalMs) |
The numeric command options --cnc-port, --timeout-ms, and --interval-ms are accepted without range validation. A zero or negative --cnc-port produces an invalid focas://host:<n> string; --timeout-ms 0 yields a zero TimeSpan o… |
| Driver.FOCAS.Cli-004 | Low | Performance & resource management | Commands/ProbeCommand.cs:37,54; Commands/ReadCommand.cs:37,46; Commands/WriteCommand.cs:45,54; Commands/SubscribeCommand.cs:39,73 |
Every command declares await using var driver = new FocasDriver(...) |
| Driver.FOCAS.Cli-005 | Low | Design-document adherence | Commands/WriteCommand.cs:50, Commands/ProbeCommand.cs:50 (via SnapshotFormatter.FormatStatus) |
docs/Driver.FOCAS.Cli.md documents BadDeviceFailure and BadCommunicationError as the key diagnostic signals an operator reads off probe / write output ("A BadCommunicationError means ... BadDeviceFailure after a successful co… |
| Driver.Galaxy-005 | Low | OtOpcUa conventions | Runtime/EventPump.cs:81-88 |
The BoundedChannelOptions comment states "Newest-dropped policy: when full, the producer's TryWrite returns false ... We do this manually rather than relying on BoundedChannelFullMode.DropWrite" — but the option is then set to `FullMod… |
| Driver.Galaxy-010 | Low | Security | GalaxyDriver.cs:311-341 |
ResolveApiKey supports an env:/file: indirection and otherwise treats the config string as the literal API key ("Anything else — used as the literal API key. Convenient for dev"). GalaxyGatewayOptions' own XML doc claims "the API k… |
| Driver.Galaxy-012 | Low | Performance & resource management | Runtime/SubscriptionRegistry.cs:65-67, GalaxyDriver.cs:538, GalaxyDriver.cs:675 |
Several hot paths are O(n^2) per call. SubscriptionRegistry.ResolveSubscribers does entry.Bindings.FirstOrDefault(b => b.ItemHandle == itemHandle) — a linear scan of the whole binding list for every event dispatch; at 50k tags this is… |
| Driver.Galaxy-013 | Low | Design-document adherence | GalaxyDriver.cs:14-27, GalaxyDriver.cs:374-382, Config/GalaxyDriverOptions.cs:84-86 |
Multiple doc comments are stale relative to the shipped code. GalaxyDriver's class summary still describes the file as "the project skeleton with IDriver bodies that wire to a future IGalaxyGatewayClient abstraction. Capability inter… |
| Driver.Historian.Wonderware-004 | Low | Correctness and logic bugs | Backend/SdkAlarmHistorianWriteBackend.cs:198-201 |
ToHistorianEvent only assigns historianEvent.Id when Guid.TryParse(dto.EventId, ...) succeeds. If EventId is not a parseable GUID (or is empty), Id stays Guid.Empty and the event is written to the historian with an all-zeros id… |
| Driver.Historian.Wonderware-005 | Low | Concurrency and thread safety | Backend/HistorianDataSource.cs:124, :126-127 |
GetHealthSnapshot reads _activeProcessNode and _activeEventNode inside _healthLock, but those two fields are written under _connectionLock / _eventConnectionLock (lines 183, 243, 209-210, 266-269) — a different lock. The health… |
| Driver.Historian.Wonderware-007 | Low | Error handling and resilience | Ipc/PipeServer.cs:70-75 |
When VerifyCaller rejects the peer SID, the server logs the reason and calls _current.Disconnect() with no HelloAck frame sent. The shared-secret-mismatch and major-version-mismatch paths below it both send a rejecting HelloAck so… |
| Driver.Historian.Wonderware-008 | Low | Error handling and resilience | Backend/HistorianDataSource.cs:301-307, :374-380 |
When query.StartQuery returns false, ReadRawAsync and ReadAggregateAsync call HandleConnectionError() and return an empty result list. A failed StartQuery is not necessarily a connection failure — it can be a bad tag name, an i… |
| Driver.Historian.Wonderware-010 | Low | Performance and resource management | Backend/HistorianConfiguration.cs:32-36, Backend/HistorianDataSource.cs (all read methods) |
HistorianConfiguration.RequestTimeoutSeconds is documented as the "outer safety timeout applied to sync-over-async Historian operations" and is copied around (SdkAlarmHistorianWriteBackend.CloneConfigWithServerName:346), but it is neve… |
| Driver.Historian.Wonderware-011 | Low | Design-document adherence | Backend/HistorianDataSource.cs:9-12, Backend/IHistorianDataSource.cs:9-11, Backend/HistorianSample.cs:7-9, Backend/HistorianConfiguration.cs:7-9 |
Several XML doc comments reference the retired v1 architecture as if it were current: "inside Galaxy.Host", "the Proxy maps returned samples", "the Host returns these across the IPC boundary as GalaxyDataValue", "Populated from ... the P… |
| Driver.Historian.Wonderware-012 | Low | Testing coverage | Backend/HistorianDataSource.cs, tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Tests/ |
The unit-test suite covers HistorianQualityMapper, HistorianClusterEndpointPicker, SdkAlarmHistorianWriteBackend, AahClientManagedAlarmEventWriter, the IPC round trip, and Program alarm-writer wiring. HistorianDataSource itself… |
| Driver.Historian.Wonderware.Client-003 | Low | Concurrency & thread safety | WonderwareHistorianClient.cs:207, WonderwareHistorianClient.cs:132-150 |
_totalQueries is mutated with Interlocked.Increment in Invoke, but read inside GetHealthSnapshot under _healthLock, and every other counter (_totalSuccesses, _totalFailures, _consecutiveFailures) is mutated only under `_hea… |
| Driver.Historian.Wonderware.Client-004 | Low | Concurrency & thread safety | WonderwareHistorianClient.cs:203-267 |
A sidecar-reported failure is recorded in two non-atomic steps under separate lock acquisitions: Invoke calls RecordSuccess() (line 211) and then the caller calls ThrowIfFailed which calls ReclassifySuccessAsFailure() (line 256), d… |
| Driver.Historian.Wonderware.Client-006 | Low | Error handling & resilience | Internal/PipeChannel.cs:96-107, WonderwareHistorianClientOptions.cs:11-12 |
PipeChannel.InvokeAsync retries exactly once on transport failure and otherwise propagates. The options expose ReconnectInitialBackoff and ReconnectMaxBackoff and WonderwareHistorianClientOptions documents them as exponential backo… |
| Driver.Historian.Wonderware.Client-008 | Low | Security | ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.csproj:29-32 |
The csproj suppresses two NuGet audit advisories (GHSA-37gx-xxp4-5rgx, GHSA-w3x6-4m5h-cxqf) for the MessagePack 2.5.187 dependency with no inline comment recording why the suppression is safe, who reviewed it, or when it should be re… |
| Driver.Historian.Wonderware.Client-010 | Low | Documentation & comments | WonderwareHistorianClient.cs:355-361, WonderwareHistorianClient.cs:132-150 |
Two doc/behaviour mismatches. (1) The Dispose() XML comment asserts the underlying channel async cleanup is non-blocking so the GetAwaiter()/GetResult() bridge is safe. PipeChannel.DisposeAsync calls ResetTransport(), which invokes… |
| Driver.Modbus-003 | Low | Concurrency & thread safety | ModbusDriver.cs:59,188,241,259,266,726,745,759 |
_health is a non-volatile reference field written from multiple threads (concurrent ReadAsync callers, the coalesced-read path, WriteAsync indirectly, and ProbeLoopAsync) and read by GetHealth(). Reference assignment is atomic… |
| Driver.Modbus-007 | Low | Design-document adherence | ModbusDriver.cs:1392, ModbusDriverOptions.cs:74-80 |
Two design-vs-code drifts. (1) MapDataType maps Int64/UInt64 to DriverDataType.Int32 with the inline comment "widening to Int32 loses precision; PR 25 adds Int64 to DriverDataType". The address-space node for a 64-bit Modbus tag is… |
| Driver.Modbus-008 | Low | Documentation & comments | ModbusDriver.cs:411-417,700-703,737-744 |
Stale/misleading comments. (1) The <summary> block at ModbusDriver.cs:411-417 says auto-prohibited ranges are "Cleared by ReinitializeAsync ... or by an explicit re-probe API (not yet shipped)" — the re-probe loop has shipped (#151, `R… |
| Driver.Modbus-009 | Low | Correctness & logic bugs | ModbusDriver.cs:1160-1167, ModbusTcpTransport.cs:94-95 |
Two edge cases. (1) RegisterCount for ModbusDataType.String computes (tag.StringLength + 1) / 2; a tag configured with StringLength = 0 yields a register count of 0, flowing into ReadOneAsync as totalRegs = 0 and producing an F… |
| Driver.Modbus-010 | Low | Error handling & resilience | ModbusDriver.cs:864-868, ModbusDriverOptions.cs:116-125 |
When WriteOnChangeOnly is enabled and IsRedundantWrite returns true, WriteAsync returns WriteResult(0u) (Good) without touching the wire. The suppression baseline (_lastWrittenByRef) is only invalidated by a read that returns a… |
| Driver.Modbus-011 | Low | Code organization & conventions | ModbusDriver.cs:23-43,89-97,408-432 |
Field and member declarations are interleaved with methods throughout ModbusDriver. ResolveHost (a public method) is the first member of the class, followed by BuildSlaveHostName, then a block of fields; _lastPublishedByRef/`_lastW… |
| Driver.Modbus-012 | Low | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Tests/ |
The unit suite is broad (coalescing, bisection, auto-recovery, byte order, arrays, BCD, RMW, caps, multi-unit, probe, reconnect, subscription). Gaps relative to the findings above: (1) no test exercises concurrent multi-subscription publis… |
| Driver.Modbus.Addressing-006 | Low | Error handling & resilience | ModbusAddressParser.cs:297-301 |
TryParseFamilyNative catches only ArgumentException and OverflowException. The current helpers throw only those (including ArgumentOutOfRangeException, which derives from ArgumentException), so today it is correct. But the parser… |
| Driver.Modbus.Addressing-007 | Low | Design-document adherence | ModbusDataType.cs:91-95, docs/v2/dl205.md section Strings |
ModbusStringByteOrder (HighByteFirst / LowByteFirst) is defined in this assembly and documented as the DL205 low-byte-first string-packing knob, but ParsedModbusAddress has no field for it and ModbusAddressParser never produces or co… |
| Driver.Modbus.Addressing-009 | Low | Documentation & comments | ModbusModiconAddress.cs:55-64, ModbusModiconAddress.cs:104-110 |
The comments on ModbusModiconAddress.TryParse are slightly inaccurate. The remark that 5-digit Modicon is always exactly 5 chars (40001..49999) and 6-digit is exactly 6 (400001..465536-shaped) implies the leading digit is always 4, but t… |
| Driver.Modbus.Cli-003 | Low | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/ModbusCommandBase.cs:14-24 |
Port (int) and TimeoutMs (int) accept any 32-bit value, including negatives and ports above 65535. UnitId is a byte, so it accepts 0-255 even though the option description and docs/Driver.Modbus.Cli.md both say the valid rang… |
| Driver.Modbus.Cli-004 | Low | Concurrency & thread safety | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:61-67 |
The OnDataChange handler is invoked from the driver's PollGroupEngine background thread and calls console.Output.WriteLine synchronously. An exception thrown inside this handler (e.g. an IOException on a redirected or closed stdout… |
| Driver.Modbus.Cli-005 | Low | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ProbeCommand.cs:21-54; Commands/ReadCommand.cs:46-75; Commands/WriteCommand.cs:54-89 |
All three commands call ConfigureLogging() then console.RegisterCancellationHandler(), but if the operator presses Ctrl+C before InitializeAsync completes, the resulting OperationCancelledException propagates out of ExecuteAsync… |
| Driver.Modbus.Cli-006 | Low | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ProbeCommand.cs:35-53 |
probe reports Health: {health.State} from GetHealth(). After a successful InitializeAsync the driver sets state to Healthy regardless of whether the subsequent probe register read returns Good or a Bad status code. ReadAsync do… |
| Driver.Modbus.Cli-007 | Low | Design-document adherence | docs/Driver.Modbus.Cli.md:124-156; src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ReadCommand.cs |
docs/Driver.Modbus.Cli.md devotes a whole "v2 addressing grammar" section to the industry-standard tag-address strings (40001:F:CDAB, HR1:I, C100, V2000:F:CDAB, etc.) and says "set the per-tag addressString field instead of the… |
| Driver.Modbus.Cli-008 | Low | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli.Tests/ |
The test project covers only the two pure-function seams: ReadCommand.SynthesiseTagName and WriteCommand.ParseValue. There is no coverage for WriteCommand's read-only-region rejection (Region is not (Coils or HoldingRegisters)), no… |
| Driver.OpcUaClient-011 | Low | Documentation & comments | OpcUaClientDriver.cs:783-784 |
The comment on the isArray computation states "-1 = scalar; 1+ = array dimensions; 0 = one-dimensional array". This is inaccurate against OPC UA ValueRank semantics: -3 is ScalarOrOneDimension, -2 is Any, -1 is Scalar, and 0 is OneOrMoreDi… |
| Driver.OpcUaClient-014 | Low | Performance & resource management | OpcUaClientDriver.cs:904, :1035 |
MonitoredItem.Notification += (mi, args) => ... (and the alarm-event equivalent) attaches a closure-capturing lambda to each monitored item's event. The lambda is never detached. When UnsubscribeAsync removes a subscription it calls Subs… |
| Driver.S7-003 | Low | Correctness & logic bugs | S7Driver.cs:172, S7Driver.cs:255 |
ReadAsync and WriteAsync dereference fullReferences.Count / writes.Count with no null guard. A null argument throws NullReferenceException rather than ArgumentNullException, and the NRE escapes before the _gate is taken so it is not wrappe… |
| Driver.S7-005 | Low | OtOpcUa conventions | S7Driver.cs:33, S7Driver.cs:433 |
System.Collections.Concurrent.ConcurrentDictionary is written out with a fully-qualified namespace at the field declarations instead of a using System.Collections.Concurrent directive. ImplicitUsings is enabled and the rest of the codebase… |
| Driver.S7-009 | Low | Error handling & resilience | S7Driver.cs:392 |
The subscription poll loop never reflects sustained polling failure anywhere an operator can see it. PollLoopAsync swallows every non-cancellation exception with an empty catch and the comment claims "the health surface reflects it" - but… |
| Driver.S7-010 | Low | Performance & resource management | S7Driver.cs:504 |
Dispose() is implemented as DisposeAsync().AsTask().GetAwaiter().GetResult() - sync-over-async. Inside the generic host this is currently safe (no captured SynchronizationContext), but it is a known deadlock pattern. The only async work be… |
| Driver.S7-013 | Low | Code organization & conventions | S7DriverOptions.cs:90, S7Driver.cs:300 |
S7TagDefinition.StringLength is a public configured/JSON-bound parameter (default 254) but is dead: S7DataType.String reads and writes both throw NotSupportedException ("...land in a follow-up PR"), so StringLength is never consumed. Likew… |
| Driver.S7.Cli-004 | Low | Performance & resource management | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/ProbeCommand.cs:36,53, Commands/ReadCommand.cs:45,54, Commands/WriteCommand.cs:51,60, Commands/SubscribeCommand.cs:39,73 |
Every command declares the driver with await using var driver = new S7Driver(...) and also calls await driver.ShutdownAsync(...) in a finally block. S7Driver.DisposeAsync itself calls ShutdownAsync, so shutdown runs twice per c… |
| Driver.S7.Cli-005 | Low | Code organization & conventions | tests/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli.Tests/ |
A stale directory tests/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli.Tests/ exists containing only an obj/ folder — no .csproj, no source. The real test project lives at tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli.Tests/. The empty direct… |
| Driver.S7.Cli-006 | Low | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli.Tests/WriteCommandParseValueTests.cs |
The only test file covers WriteCommand.ParseValue and ReadCommand.SynthesiseTagName. S7CommandBase.BuildOptions — which maps the host / port / CPU / rack / slot / timeout flags onto an S7DriverOptions and forces `Probe.Enabled = fa… |
| Driver.S7.Cli-007 | Low | Documentation & comments | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/SubscribeCommand.cs:45-51 |
The Modbus CLI SubscribeCommand carries an explanatory comment on the OnDataChange handler ("Route every data-change event to the CliFx console (not System.Console — the analyzer flags it + IConsole is the testable abstraction)"). The… |
| Driver.TwinCAT-004 | Low | Correctness & logic bugs | TwinCATDataType.cs:24-27 |
The inline comments for the IEC time types are inaccurate. TwinCAT TIME is a duration (32-bit, milliseconds) — not "ms since epoch of day". DATE is stored as seconds since 1970-01-01 (truncated to a day boundary), not "days since 1970-… |
| Driver.TwinCAT-006 | Low | OtOpcUa conventions | TwinCATDriver.cs:406-411 |
ResolveHost falls back to DriverInstanceId when there are no configured devices and the reference is unknown. DriverInstanceId is a logical config-DB identifier, not a host address; IPerCallHostResolver consumers expect a host key… |
| Driver.TwinCAT-014 | Low | Design-document adherence | TwinCATDriverOptions.cs:41-43, TwinCATDriverOptions.cs:57-62, AdsTwinCATClient.cs:145 |
Several drifts between the implemented config surface and docs/v2/driver-specs.md section 6. The spec connection-settings list has separate Host (IP), AmsNetId, and AmsPort fields; the implementation collapses these into a single `… |
| Driver.TwinCAT-015 | Low | Code organization & conventions | TwinCATDriver.cs:431-432 |
Dispose() runs DisposeAsync().AsTask().GetAwaiter().GetResult() — sync-over-async. docs/v2/driver-stability.md section Galaxy explicitly lists "sync-over-async on the OPC UA stack thread" among the four 2026-04-13 stability findings… |
| Driver.TwinCAT-016 | Low | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.TwinCAT.Tests/ |
Unit coverage exists for AMS-address parsing, symbol-path parsing, read/write, native notifications, symbol browse, and the capability surface. Gaps tied to the findings above: no test exercises ReinitializeAsync with a changed config (D… |
| Driver.TwinCAT.Cli-001 | Low | Correctness & logic bugs | TwinCATCommandBase.cs:23-24, Commands/SubscribeCommand.cs:23-24, Commands/BrowseCommand.cs:21-24 |
Numeric command options are accepted without range validation. --timeout-ms feeds Timeout => TimeSpan.FromMilliseconds(TimeoutMs); passing --timeout-ms 0 or a negative value yields TimeSpan.Zero/a negative TimeSpan, which is then… |
| Driver.TwinCAT.Cli-002 | Low | Concurrency & thread safety | Commands/SubscribeCommand.cs:46-58 |
The OnDataChange handler calls console.Output.WriteLine(line) synchronously. In native ADS-notification mode the event is raised from the Beckhoff.TwinCAT.Ads notification callback thread (see TwinCATDriver.SubscribeAsync, which in… |
| Driver.TwinCAT.Cli-003 | Low | Error handling & resilience | Commands/SubscribeCommand.cs:56-58 |
The subscribe banner reports the mechanism purely from the --poll-only flag (var mode = PollOnly ? "polling" : "ADS notification"). The doc (docs/Driver.TwinCAT.Cli.md) states the banner "announces which mechanism is in play". The CL… |
| Driver.TwinCAT.Cli-004 | Low | Design-document adherence | TwinCATCommandBase.cs:26-29, Commands/BrowseCommand.cs |
--poll-only is declared on TwinCATCommandBase, so it is inherited by browse. BrowseCommand only ever calls DiscoverAsync — it never subscribes — so UseNativeNotifications = !PollOnly has no observable effect on a browse run. Th… |
| Driver.TwinCAT.Cli-005 | Low | Code organization & conventions | Commands/ProbeCommand.cs:23, Commands/ReadCommand.cs:20, Commands/WriteCommand.cs:20, Commands/SubscribeCommand.cs:18 |
The --type option is declared with the short alias -t on read, write, and subscribe, but ProbeCommand declares [CommandOption("type", ...)] with no short alias. An operator who has internalised -t from the other three verbs… |
| Driver.TwinCAT.Cli-006 | Low | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.TwinCAT.Cli.Tests/WriteCommandParseValueTests.cs |
The only test file covers WriteCommand.ParseValue and ReadCommand.SynthesiseTagName. Other deterministic, router-independent logic is untested: TwinCATCommandBase.Gateway (the ads://{netId}:{port} string the driver's `TwinCATAmsAdd… |
| Driver.TwinCAT.Cli-007 | Low | Documentation & comments | TwinCATCommandBase.cs:31-36 |
The Timeout override has an empty init accessor with the comment /* driven by TimeoutMs */. Because the base DriverCommandBase.Timeout is declared abstract { get; init; }, the override must supply an init, but here it silently… |
Closed findings
Findings with status Resolved, Won't Fix, or Deferred.
| ID | Severity | Status | Category | Location |
|---|---|---|---|---|
| Admin-001 | Critical | Resolved | Security | Components/Routes.razor:4-11, Program.cs:150 |
| Admin-002 | Critical | Resolved | Security | Components/Pages/Clusters/NewCluster.razor:1-7, Home.razor, Fleet.razor, Hosts.razor, AlarmsHistorian.razor, Clusters/ClustersList.razor, Clusters/Generations.razor, Drivers/FocasDetail.razor |
| Core.AlarmHistorian-001 | Critical | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:255-278 |
| Core.Scripting-001 | Critical | Resolved | Security | ForbiddenTypeAnalyzer.cs:45, ScriptSandbox.cs:54 |
| Driver.Galaxy-001 | Critical | Resolved | Error handling & resilience | Runtime/EventPump.cs:128, GalaxyDriver.cs:222 |
| Server-001 | Critical | Resolved | Correctness & logic bugs | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/DriverNodeManager.cs:1791 |
| Admin-003 | High | Resolved | Security | Program.cs:137-139, Hubs/FleetStatusHub.cs:11, Hubs/AlertHub.cs:10, Hubs/ScriptLogHub.cs:30 |
| Admin-004 | High | Resolved | Security | appsettings.json:3,13-14 |
| Admin-005 | High | Resolved | Correctness & logic bugs | Components/Pages/Login.razor:15,107-110 |
| Admin-013 | High | Resolved | Error handling & resilience | Components/Pages/Clusters/ClusterDetail.razor:180-197, Components/Pages/Clusters/AclsTab.razor, Components/Pages/Clusters/RedundancyTab.razor, Components/Pages/RoleGrants.razor, Components/Pages/Hosts.razor, Components/Pages/ScriptLog.razor, Program.cs:157-159 |
| Client.Shared-005 | High | Resolved | Concurrency & thread safety | OpcUaClientService.cs:19, OpcUaClientService.cs:226-249, OpcUaClientService.cs:499-521 |
| Client.Shared-006 | High | Resolved | Concurrency & thread safety | OpcUaClientService.cs:97-100, OpcUaClientService.cs:432-497 |
| Configuration-001 | High | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417215224_StoredProcedures.cs:282 |
| Configuration-008 | High | Resolved | Security | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417215224_StoredProcedures.cs:150, :373, :468 |
| Core-001 | High | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/UserAuthorizationState.cs:50-68 |
| Core-002 | High | Resolved | Security | src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/TriePermissionEvaluator.cs:24-50 |
| Core.AlarmHistorian-002 | High | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:99-105,386-388 |
| Core.AlarmHistorian-004 | High | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:90,112,176,259 |
| Core.AlarmHistorian-006 | High | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:103,135-216 |
| Core.ScriptedAlarms-001 | High | Resolved | Concurrency & thread safety | ScriptedAlarmEngine.cs:175, ScriptedAlarmEngine.cs:178, ScriptedAlarmEngine.cs:73, ScriptedAlarmEngine.cs:368 |
| Core.Scripting-002 | High | Resolved | Security | ForbiddenTypeAnalyzer.cs:70 |
| Core.VirtualTags-001 | High | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:306 |
| Driver.AbCip-001 | High | Resolved | Correctness & logic bugs | AbCipDriver.cs:111, AbCipDriver.cs:163-167 |
| Driver.AbCip-002 | High | Resolved | Correctness & logic bugs | AbCipStatusMapper.cs:65-78 |
| Driver.AbCip-003 | High | Resolved | Correctness & logic bugs | AbCipUdtMemberLayout.cs:32-54, AbCipDriver.cs:426-430, AbCipUdtReadPlanner.cs:48 |
| Driver.AbCip-008 | High | Resolved | Concurrency & thread safety | AbCipDriver.cs:144-152, AbCipDriver.cs:169-183, AbCipDriver.cs:235-281 |
| Driver.AbLegacy-001 | High | Resolved | Correctness & logic bugs | AbLegacyAddress.cs:54, AbLegacyDriver.cs:368-374 |
| Driver.AbLegacy-006 | High | Resolved | Concurrency & thread safety | AbLegacyDriver.cs:107-158, AbLegacyDriver.cs:162-234, LibplctagLegacyTagRuntime.cs |
| Driver.Cli.Common-001 | High | Resolved | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:106-119 |
| Driver.FOCAS-001 | High | Resolved | Correctness & logic bugs | FocasDriverFactoryExtensions.cs:54-86, FocasDriverFactoryExtensions.cs:132-140 |
| Driver.FOCAS-002 | High | Resolved | Correctness & logic bugs | WireFocasClient.cs:164-179, FocasDriver.cs:513, FocasDriver.cs:593 |
| Driver.Galaxy-002 | High | Resolved | Correctness & logic bugs | Browse/DataTypeMap.cs:13, Runtime/MxValueDecoder.cs:9 |
| Driver.Galaxy-008 | High | Resolved | Error handling & resilience | GalaxyDriver.cs:264-276, Runtime/EventPump.cs:97-103 |
| Driver.Historian.Wonderware-001 | High | Resolved | Correctness and logic bugs | Backend/SdkAlarmHistorianWriteBackend.cs:68, Backend/AahClientManagedAlarmEventWriter.cs:82-103 |
| Driver.Historian.Wonderware.Client-001 | High | Resolved | Correctness & logic bugs | WonderwareHistorianClient.cs:98-113 |
| Driver.Modbus-001 | High | Resolved | Concurrency & thread safety | ModbusDriver.cs:92,99-122 |
| Driver.Modbus.Addressing-001 | High | Resolved | Correctness & logic bugs | ModbusAddressParser.cs:230-235, DirectLogicAddress.cs:66-73 |
| Driver.OpcUaClient-001 | High | Resolved | Correctness & logic bugs | OpcUaClientDriver.cs:444, :466, :517, :540, :599, :610 |
| Driver.OpcUaClient-002 | High | Resolved | Error handling & resilience | OpcUaClientDriver.cs:1330-1359 |
| Driver.OpcUaClient-003 | High | Resolved | Correctness & logic bugs | OpcUaClientDriver.cs:644-711 |
| Driver.OpcUaClient-004 | High | Resolved | Design-document adherence | OpcUaClientDriver.cs:596-632, :789, OpcUaClientDriverOptions.cs |
| Driver.OpcUaClient-005 | High | Resolved | Concurrency & thread safety | OpcUaClientDriver.cs:1297-1319 |
| Driver.S7-001 | High | Resolved | Correctness & logic bugs | S7AddressParser.cs:93, S7Driver.cs:231 |
| Driver.S7-006 | High | Resolved | Concurrency & thread safety | S7Driver.cs:140, S7Driver.cs:457, S7Driver.cs:506 |
| Driver.S7-007 | High | Resolved | Error handling & resilience | S7Driver.cs:200, S7DriverOptions.cs:13, docs/v2/driver-specs.md:434 |
| Driver.S7-011 | High | Resolved | Design-document adherence | S7Driver.cs:82, S7Driver.cs:134, IDriver.cs:24 |
| Driver.TwinCAT-001 | High | Resolved | Correctness & logic bugs | TwinCATDriver.cs:41-78 |
| Driver.TwinCAT-002 | High | Resolved | Correctness & logic bugs | TwinCATDataType.cs:34-48, AdsTwinCATClient.cs:264-281 |
| Driver.TwinCAT-007 | High | Resolved | Concurrency & thread safety | TwinCATDriver.cs:413-429 |
| Driver.TwinCAT-008 | High | Resolved | Concurrency & thread safety | AdsTwinCATClient.cs:162-169, TwinCATDriver.cs:319-324 |
| Driver.TwinCAT-013 | High | Resolved | Design-document adherence | TwinCATDriver.cs:11-12 (capability list), whole file |
| Server-002 | High | Resolved | Correctness & logic bugs | src/Server/ZB.MOM.WW.OtOpcUa.Server/Security/AuthorizationGate.cs:60-63 |
| Server-009 | High | Resolved | Security | src/Server/ZB.MOM.WW.OtOpcUa.Server/Security/LdapOptions.cs:44, src/Server/ZB.MOM.WW.OtOpcUa.Server/Program.cs:74 |
| Admin-006 | Medium | Resolved | Security | Components/Layout/MainLayout.razor:47-49, Program.cs:129,131-135 |
| Admin-007 | Medium | Resolved | Design-document adherence | Components/Pages/Clusters/NewCluster.razor:91,95-96 |
| Admin-008 | Medium | Resolved | Error handling & resilience | Services/ReservationService.cs:28-37 |
| Admin-009 | Medium | Resolved | Testing coverage | src/Server/ZB.MOM.WW.OtOpcUa.Admin (whole module) |
| Analyzers-001 | Medium | Resolved | Correctness & logic bugs | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:135-139 |
| Analyzers-006 | Medium | Resolved | Testing coverage | tests/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers.Tests/UnwrappedCapabilityCallAnalyzerTests.cs |
| Client.CLI-001 | Medium | Resolved | Correctness & logic bugs | Commands/HistoryReadCommand.cs:73, Commands/HistoryReadCommand.cs:76 |
| Client.CLI-005 | Medium | Resolved | Concurrency & thread safety | Commands/SubscribeCommand.cs:66-78, Commands/AlarmsCommand.cs:52-64 |
| Client.Shared-001 | Medium | Resolved | Correctness & logic bugs | OpcUaClientService.cs:552 |
| Client.Shared-002 | Medium | Resolved | Correctness & logic bugs | OpcUaClientService.cs:351-355, OpcUaClientService.cs:373 |
| Client.Shared-007 | Medium | Resolved | Concurrency & thread safety | OpcUaClientService.cs:581-622 |
| Client.Shared-008 | Medium | Resolved | Error handling & resilience | OpcUaClientService.cs:170-180, Helpers/ValueConverter.cs:15-31 |
| Client.UI-001 | Medium | Resolved | Correctness & logic bugs | ViewModels/HistoryViewModel.cs:76, ViewModels/HistoryViewModel.cs:77 |
| Client.UI-002 | Medium | Resolved | Correctness & logic bugs | ViewModels/MainWindowViewModel.cs:255, ViewModels/MainWindowViewModel.cs:333 |
| Client.UI-005 | Medium | Resolved | Concurrency & thread safety | ViewModels/MainWindowViewModel.cs:286-304, ViewModels/MainWindowViewModel.cs:155-189 |
| Client.UI-007 | Medium | Resolved | Security | Services/UserSettings.cs:22-23, Services/JsonSettingsService.cs:38-50, ViewModels/MainWindowViewModel.cs:393-408 |
| Client.UI-008 | Medium | Resolved | Performance & resource management | ViewModels/MainWindowViewModel.cs:18, ViewModels/MainWindowViewModel.cs:125-148, App.axaml.cs:18-32 |
| Configuration-002 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417215224_StoredProcedures.cs:325 |
| Configuration-003 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Validation/DraftValidator.cs:73 |
| Configuration-006 | Medium | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/LocalCache/ResilientConfigReader.cs:79 |
| Configuration-009 | Medium | Resolved | Security | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/DesignTimeDbContextFactory.cs:14 |
| Core-003 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/PermissionTrie.cs:80-98 |
| Core-005 | Medium | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/PermissionTrieCache.cs:59-70 |
| Core-006 | Medium | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core/OpcUa/GenericDriverNodeManager.cs:42-64 |
| Core-007 | Medium | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core/Resilience/AlarmSurfaceInvoker.cs:75-83 |
| Core.Abstractions-001 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/PollGroupEngine.cs:112 |
| Core.Abstractions-002 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/PollGroupEngine.cs:105-109 |
| Core.Abstractions-003 | Medium | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/PollGroupEngine.cs:64,121-130 |
| Core.AlarmHistorian-003 | Medium | Resolved | OtOpcUa conventions | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:107-127,218-243,246-253 |
| Core.AlarmHistorian-005 | Medium | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:66-71,141-143,199,386-388 |
| Core.AlarmHistorian-007 | Medium | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:172-174 |
| Core.AlarmHistorian-009 | Medium | Resolved | Design-document adherence | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:317-347 |
| Core.AlarmHistorian-010 | Medium | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian.Tests/SqliteStoreAndForwardSinkTests.cs |
| Core.ScriptedAlarms-002 | Medium | Resolved | Correctness & logic bugs | ScriptedAlarmEngine.cs:162, ScriptedAlarmEngine.cs:90 |
| Core.ScriptedAlarms-004 | Medium | Resolved | Concurrency & thread safety | ScriptedAlarmEngine.cs:138-143, ScriptedAlarmEngine.cs:227-234 |
| Core.ScriptedAlarms-005 | Medium | Resolved | Concurrency & thread safety | ScriptedAlarmEngine.cs:365-369, ScriptedAlarmEngine.cs:416-424 |
| Core.ScriptedAlarms-007 | Medium | Resolved | Error handling & resilience | ScriptedAlarmEngine.cs:216, ScriptedAlarmEngine.cs:251, ScriptedAlarmEngine.cs:154, ScriptedAlarmEngine.cs:387 |
| Core.ScriptedAlarms-012 | Medium | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.ScriptedAlarms.Tests/ScriptedAlarmEngineTests.cs |
| Core.Scripting-003 | Medium | Resolved | Security | TimedScriptEvaluator.cs:9, ScriptSandbox.cs:30 |
| Core.Scripting-004 | Medium | Resolved | Correctness & logic bugs | DependencyExtractor.cs:73 |
| Core.Scripting-007 | Medium | Resolved | Error handling & resilience | TimedScriptEvaluator.cs:60 |
| Core.Scripting-010 | Medium | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests/ScriptSandboxTests.cs:54 |
| Core.VirtualTags-002 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:237 |
| Core.VirtualTags-003 | Medium | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:117-120 |
| Core.VirtualTags-005 | Medium | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagSource.cs:50-64 |
| Core.VirtualTags-008 | Medium | Resolved | Performance & resource management | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/DependencyGraph.cs:81-115 |
| Core.VirtualTags-012 | Medium | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags.Tests/ |
| Driver.AbCip-004 | Medium | Resolved | Correctness & logic bugs | AbCipDataType.cs:51-58, LibplctagTagRuntime.cs:47-49,53 |
| Driver.AbCip-005 | Medium | Resolved | Correctness & logic bugs | AbCipDriver.cs:124-141 |
| Driver.AbCip-006 | Medium | Resolved | OtOpcUa conventions | PlcTagHandle.cs:28-59, AbCipDriver.cs:806-807,832-833, LibplctagTagRuntime.cs:117 |
| Driver.AbCip-009 | Medium | Resolved | Concurrency & thread safety | AbCipDriver.cs:621-648, AbCipDriver.cs:591-614 |
| Driver.AbCip-010 | Medium | Resolved | Error handling & resilience | AbCipDriver.cs:621-648, AbCipDriver.cs:346-391 |
| Driver.AbCip-014 | Medium | Resolved | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Tests/AbCipStatusMapperTests.cs:28-40 |
| Driver.AbCip.Cli-001 | Medium | Resolved | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Commands/WriteCommand.cs:70-85 |
| Driver.AbCip.Cli-002 | Medium | Resolved | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Commands/ProbeCommand.cs:21-23; Commands/ReadCommand.cs:24-25; Commands/SubscribeCommand.cs:20-22 |
| Driver.AbLegacy-002 | Medium | Resolved | Correctness & logic bugs | AbLegacyDriver.cs:368 |
| Driver.AbLegacy-003 | Medium | Resolved | Correctness & logic bugs | AbLegacyAddress.cs:62-95 |
| Driver.AbLegacy-004 | Medium | Resolved | Correctness & logic bugs | LibplctagLegacyTagRuntime.cs:36-37 |
| Driver.AbLegacy-007 | Medium | Resolved | Concurrency & thread safety | AbLegacyDriver.cs:411-438, AbLegacyDriver.cs:386-409 |
| Driver.AbLegacy-008 | Medium | Resolved | Concurrency & thread safety | AbLegacyDriver.cs:21, AbLegacyDriver.cs:138-146, AbLegacyDriver.cs:216-229 |
| Driver.AbLegacy-009 | Medium | Resolved | Error handling & resilience | AbLegacyDriver.cs:41-74 |
| Driver.AbLegacy-010 | Medium | Resolved | Error handling & resilience | AbLegacyStatusMapper.cs:26-56 |
| Driver.AbLegacy-012 | Medium | Resolved | Design-document adherence | PlcFamilies/AbLegacyPlcFamilyProfile.cs:7-54, AbLegacyDriver.cs:48-52 |
| Driver.AbLegacy.Cli-001 | Medium | Resolved | Error handling & resilience | Commands/WriteCommand.cs:46, Commands/WriteCommand.cs:62-72 |
| Driver.Cli.Common-002 | Medium | Resolved | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:101-122 |
| Driver.Cli.Common-003 | Medium | Resolved | Concurrency & thread safety | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/DriverCommandBase.cs:51-59 |
| Driver.Cli.Common-005 | Medium | Resolved | Testing coverage | tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common.Tests/SnapshotFormatterTests.cs:27-37 |
| Driver.FOCAS-003 | Medium | Resolved | Correctness & logic bugs | FocasDriver.cs:71-79 |
| Driver.FOCAS-004 | Medium | Resolved | OtOpcUa conventions | FocasDriver.cs:374-379, WireFocasClient.cs:48-50 |
| Driver.FOCAS-005 | Medium | Resolved | Concurrency & thread safety | FocasDriver.cs:28, FocasDriver.cs:206-215, FocasDriver.cs:261, FocasDriver.cs:274 |
| Driver.FOCAS-006 | Medium | Resolved | Error handling & resilience | FocasDriver.cs:859-874, WireFocasClient.cs:22-31 |
| Driver.FOCAS-012 | Medium | Resolved | Testing coverage | FocasDriverFactoryExtensions.cs, FocasDriver.cs:495-629 (FixedTreeLoopAsync) |
| Driver.Galaxy-003 | Medium | Resolved | Correctness & logic bugs | Runtime/StatusCodeMap.cs:86 |
| Driver.Galaxy-004 | Medium | Resolved | Correctness & logic bugs | GalaxyDriver.cs:901 |
| Driver.Galaxy-006 | Medium | Resolved | Concurrency & thread safety | GalaxyDriver.cs:848-861 |
| Driver.Galaxy-007 | Medium | Resolved | Concurrency & thread safety | GalaxyDriver.cs:937-968 |
| Driver.Galaxy-009 | Medium | Resolved | Error handling & resilience | GalaxyDriver.cs:354-371 |
| Driver.Galaxy-011 | Medium | Resolved | Performance & resource management | GalaxyDriver.cs:411 |
| Driver.Galaxy-014 | Medium | Resolved | Testing coverage | src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy (module-wide) |
| Driver.Historian.Wonderware-002 | Medium | Resolved | Correctness and logic bugs | Ipc/HistorianFrameHandler.cs:162, :181 |
| Driver.Historian.Wonderware-003 | Medium | Resolved | Correctness and logic bugs | Backend/HistorianDataSource.cs:320-323, :457-460 |
| Driver.Historian.Wonderware-006 | Medium | Resolved | Error handling and resilience | Ipc/PipeServer.cs:120-128 |
| Driver.Historian.Wonderware-009 | Medium | Resolved | Performance and resource management | Backend/HistorianDataSource.cs:382-395, Ipc/Contracts.cs:85-99 |
| Driver.Historian.Wonderware.Client-002 | Medium | Resolved | Correctness & logic bugs | WonderwareHistorianClient.cs:154-199, IAlarmHistorianSink.cs:66-74 |
| Driver.Historian.Wonderware.Client-005 | Medium | Resolved | Error handling & resilience | Ipc/FrameReader.cs:31-32 |
| Driver.Historian.Wonderware.Client-007 | Medium | Resolved | Security | WonderwareHistorianClient.cs:276 |
| Driver.Historian.Wonderware.Client-009 | Medium | Resolved | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Tests/WonderwareHistorianClientTests.cs |
| Driver.Modbus-002 | Medium | Resolved | Correctness & logic bugs | ModbusDriver.cs:127-186 |
| Driver.Modbus-004 | Medium | Resolved | Performance & resource management | ModbusDriver.cs:1468-1473 |
| Driver.Modbus-005 | Medium | Resolved | Correctness & logic bugs | ModbusDriver.cs:777-798,323-330 |
| Driver.Modbus-006 | Medium | Resolved | Error handling & resilience | ModbusDriver.cs:514-524,532-550 |
| Driver.Modbus.Addressing-002 | Medium | Resolved | Correctness & logic bugs | ModbusAddressParser.cs:86-94 |
| Driver.Modbus.Addressing-003 | Medium | Resolved | Correctness & logic bugs | ModbusAddressParser.cs:405-406, ModbusAddressParser.cs:128 |
| Driver.Modbus.Addressing-004 | Medium | Resolved | Correctness & logic bugs | ModbusAddressParser.cs:182-194 |
| Driver.Modbus.Addressing-005 | Medium | Resolved | Error handling & resilience | ModbusAddressParser.cs:200-213 |
| Driver.Modbus.Addressing-008 | Medium | Resolved | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Addressing.Tests/ |
| Driver.Modbus.Cli-001 | Medium | Resolved | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:43-51 |
| Driver.Modbus.Cli-002 | Medium | Resolved | Correctness & logic bugs | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/WriteCommand.cs:54-89 |
| Driver.OpcUaClient-006 | Medium | Resolved | Concurrency & thread safety | OpcUaClientDriver.cs:1330-1359 |
| Driver.OpcUaClient-007 | Medium | Resolved | Concurrency & thread safety | OpcUaClientDriver.cs:1374, :1376-1383, :508 |
| Driver.OpcUaClient-008 | Medium | Resolved | Error handling & resilience | OpcUaClientDriver.cs:1092-1099 |
| Driver.OpcUaClient-009 | Medium | Resolved | Error handling & resilience | OpcUaClientDriver.cs:560-564 |
| Driver.OpcUaClient-010 | Medium | Resolved | Correctness & logic bugs | OpcUaClientDriver.cs:823-824 |
| Driver.OpcUaClient-012 | Medium | Resolved | Security | OpcUaClientDriver.cs:210-217 |
| Driver.OpcUaClient-013 | Medium | Resolved | Performance & resource management | OpcUaClientDriver.cs:436-437 |
| Driver.OpcUaClient-015 | Medium | Resolved | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Tests/*, tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/OpcUaClientSmokeTests.cs |
| Driver.S7-002 | Medium | Resolved | Correctness & logic bugs | S7Driver.cs:350 |
| Driver.S7-004 | Medium | Resolved | OtOpcUa conventions | S7Driver.cs (whole file) |
| Driver.S7-008 | Medium | Resolved | Error handling & resilience | S7Driver.cs:286 |
| Driver.S7-012 | Medium | Resolved | Design-document adherence | S7DriverOptions.cs:59, S7Driver.cs:457 |
| Driver.S7-014 | Medium | Resolved | Testing coverage | tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.S7.Tests/ |
| Driver.S7.Cli-001 | Medium | Resolved | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/WriteCommand.cs:65-80 |
| Driver.S7.Cli-002 | Medium | Resolved | Design-document adherence | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/ReadCommand.cs:22-29, Commands/WriteCommand.cs:21-33, Commands/SubscribeCommand.cs:18-21; docs/Driver.S7.Cli.md:70-73,80-81 |
| Driver.S7.Cli-003 | Medium | Resolved | Error handling & resilience | src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/ProbeCommand.cs:38-50 |
| Driver.TwinCAT-003 | Medium | Resolved | Correctness & logic bugs | AdsTwinCATClient.cs:264-281, 283-300 |
| Driver.TwinCAT-005 | Medium | Resolved | OtOpcUa conventions | TwinCATDriver.cs (whole file), AdsTwinCATClient.cs (whole file) |
| Driver.TwinCAT-009 | Medium | Resolved | Concurrency & thread safety | TwinCATDriver.cs:80-99, 41-72, 366-388 |
| Driver.TwinCAT-010 | Medium | Resolved | Error handling & resilience | AdsTwinCATClient.cs:178-195 |
| Driver.TwinCAT-011 | Medium | Resolved | Error handling & resilience | TwinCATStatusMapper.cs:29-42 |
| Driver.TwinCAT-012 | Medium | Resolved | Performance & resource management | TwinCATDriver.cs:102, AdsTwinCATClient.cs:178-195 |
| Server-003 | Medium | Resolved | Correctness & logic bugs | src/Server/ZB.MOM.WW.OtOpcUa.Server/Phase7/RingBufferHistoryWriter.cs:96-119 |
| Server-005 | Medium | Resolved | Concurrency & thread safety | src/Server/ZB.MOM.WW.OtOpcUa.Server/Alarms/AlarmConditionService.cs:166, src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/DriverNodeManager.cs:303-311 |
| Server-007 | Medium | Resolved | Error handling & resilience | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaApplicationHost.cs:179-183 |
| Server-010 | Medium | Resolved | Security | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaServerOptions.cs:59, src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaApplicationHost.cs:284-291 |
| Server-011 | Medium | Resolved | Security | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaApplicationHost.cs:322-346 |
| Server-013 | Medium | Resolved | Design-document adherence | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaServerOptions.cs:9-19, src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaApplicationHost.cs:296-346, src/Server/ZB.MOM.WW.OtOpcUa.Server/Program.cs:89 |
| Admin-010 | Low | Resolved | OtOpcUa conventions | Components/App.razor:9,16 |
| Admin-011 | Low | Resolved | Concurrency & thread safety | Hubs/FleetStatusPoller.cs:24-26,98-103 |
| Admin-012 | Low | Resolved | Design-document adherence | Services/EquipmentCsvImporter.cs:18-19,33-37,229,232 |
| Analyzers-002 | Low | Resolved | Correctness & logic bugs | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:46-50,130 |
| Analyzers-003 | Low | Resolved | Error handling & resilience | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:80,114-116 |
| Analyzers-004 | Low | Resolved | Performance & resource management | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:95-112 |
| Analyzers-005 | Low | Resolved | Design-document adherence | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:33-43 |
| Analyzers-007 | Low | Resolved | Documentation & comments | src/Tooling/ZB.MOM.WW.OtOpcUa.Analyzers/UnwrappedCapabilityCallAnalyzer.cs:21-26 |
| Configuration-004 | Low | Resolved | OtOpcUa conventions | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodePermissions.cs:8, src/Core/ZB.MOM.WW.OtOpcUa.Configuration/OtOpcUaConfigDbContext.cs:417 |
| Configuration-005 | Low | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/LocalCache/LiteDbConfigCache.cs:50 |
| Configuration-007 | Low | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs:44 |
| Configuration-010 | Low | Resolved | Security | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/LocalCache/ResilientConfigReader.cs:81 |
| Configuration-011 | Low | Resolved | Testing coverage | src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Apply/GenerationApplier.cs:7, src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Validation/DraftValidator.cs:60 |
| Core-004 | Low | Resolved | OtOpcUa conventions | src/Core/ZB.MOM.WW.OtOpcUa.Core/Hosting/DriverHost.cs:55,72,87 |
| Core-008 | Low | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core/OpcUa/GenericDriverNodeManager.cs:42-64 |
| Core-009 | Low | Resolved | Performance & resource management | src/Core/ZB.MOM.WW.OtOpcUa.Core/Resilience/CapabilityInvoker.cs:121-128 |
| Core-010 | Low | Resolved | Code organization & conventions | src/Core/ZB.MOM.WW.OtOpcUa.Core/Resilience/DriverResilienceOptions.cs:45-52 |
| Core-011 | Low | Resolved | Testing coverage | src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/PermissionTrieBuilder.cs:58-75 |
| Core-012 | Low | Resolved | Documentation & comments | src/Core/ZB.MOM.WW.OtOpcUa.Core/Stability/WedgeDetector.cs:26, src/Core/ZB.MOM.WW.OtOpcUa.Core/Observability/DriverHealthReport.cs:11-22 |
| Core.Abstractions-004 | Low | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/DriverTypeRegistry.cs:23-40 |
| Core.Abstractions-005 | Low | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/PollGroupEngine.cs:90,99 |
| Core.Abstractions-006 | Low | Resolved | Code organization & conventions | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/IHistoryProvider.cs:63,84-86, src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/Historian/IHistorianDataSource.cs:30,63 |
| Core.Abstractions-007 | Low | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions.Tests/PollGroupEngineTests.cs |
| Core.Abstractions-008 | Low | Resolved | Documentation & comments | src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/DriverHealth.cs:9, src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/IHistoryProvider.cs:39-43,65-69 |
| Core.AlarmHistorian-008 | Low | Resolved | Performance & resource management | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/SqliteStoreAndForwardSink.cs:107-127,255-278 |
| Core.AlarmHistorian-011 | Low | Resolved | Documentation & comments | src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/IAlarmHistorianSink.cs:5-9,76, AlarmHistorianEvent.cs:20 |
| Core.ScriptedAlarms-003 | Low | Resolved | Documentation & comments | ScriptedAlarmEngine.cs:343, docs/ScriptedAlarms.md:107 |
| Core.ScriptedAlarms-006 | Low | Resolved | Concurrency & thread safety | ScriptedAlarmEngine.cs:232, ScriptedAlarmEngine.cs:369 |
| Core.ScriptedAlarms-008 | Low | Resolved | Performance & resource management | Part9StateMachine.cs:261-268 |
| Core.ScriptedAlarms-009 | Low | Won't Fix | Performance & resource management | ScriptedAlarmEngine.cs:309-315, ScriptedAlarmEngine.cs:271 |
| Core.ScriptedAlarms-010 | Low | Resolved | Design-document adherence | ScriptedAlarmEngine.cs:325-336, AlarmPredicateContext.cs:33-40, MessageTemplate.cs:47 |
| Core.ScriptedAlarms-011 | Low | Resolved | Code organization & conventions | Part9StateMachine.cs:275 |
| Core.Scripting-005 | Low | Resolved | Correctness & logic bugs | DependencyExtractor.cs:97 |
| Core.Scripting-006 | Low | Resolved | Concurrency & thread safety | CompiledScriptCache.cs:55 |
| Core.Scripting-008 | Low | Won't Fix | Performance & resource management | CompiledScriptCache.cs:34, ScriptEvaluator.cs:34 |
| Core.Scripting-009 | Low | Resolved | Design-document adherence | ForbiddenTypeAnalyzer.cs:45 |
| Core.Scripting-011 | Low | Resolved | Testing coverage | tests/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests/ |
| Core.VirtualTags-004 | Low | Resolved | Correctness & logic bugs | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:349 |
| Core.VirtualTags-006 | Low | Resolved | Concurrency & thread safety | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:177-182, :395-401 |
| Core.VirtualTags-007 | Low | Resolved | Error handling & resilience | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/TimerTriggerScheduler.cs:58 |
| Core.VirtualTags-009 | Low | Resolved | Performance & resource management | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/DependencyGraph.cs:64-65, :72-73 |
| Core.VirtualTags-010 | Low | Resolved | Documentation & comments | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/ITagUpstreamSource.cs:18, VirtualTagContext.cs:30, VirtualTagDefinition.cs:28 |
| Core.VirtualTags-011 | Low | Resolved | Code organization & conventions | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/VirtualTagEngine.cs:404-409 |
| Core.VirtualTags-013 | Low | Resolved | Documentation & comments | src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/DependencyGraph.cs:266-270 |
| Server-004 | Low | Resolved | OtOpcUa conventions | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OtOpcUaServer.cs:187-200 |
| Server-006 | Low | Resolved | Concurrency & thread safety | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/DriverNodeManager.cs:478-482, 1342-1348 |
| Server-008 | Low | Resolved | Error handling & resilience | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/DriverNodeManager.cs:736 |
| Server-012 | Low | Resolved | Performance & resource management | src/Server/ZB.MOM.WW.OtOpcUa.Server/Hosting/PeerHttpProbeLoop.cs:78-79 |
| Server-014 | Low | Resolved | Code organization & conventions | src/Server/ZB.MOM.WW.OtOpcUa.Server/SealedBootstrap.cs |
| Server-015 | Low | Resolved | Documentation & comments | src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OtOpcUaServer.cs:16-21, src/Server/ZB.MOM.WW.OtOpcUa.Server/OpcUa/OpcUaServerOptions.cs:21-26 |