mxaccess

Author	SHA1	Message	Date
Joseph Doherty	e5b31fadb1	[F49] live-test scaffolding for F54 OnWriteComplete + COM probe diagnostic rust / build / test / clippy / fmt (push) Has been cancelled Details rust / cargo public-api drift check (F41) (push) Has been cancelled Details Live attempt against AVEVA on this dev host produced two artefacts: `crates/mxaccess-compat/tests/lmx_write_complete_live.rs` — the F54 OnWriteComplete round-trip test. Compiles + runs against the live AVEVA install via either path: - `--features live-windows-com` (preferred): uses `Session::connect_nmx_auto` so the COM activation reference is held in-process for the duration of the test. - Default features (fallback): shells out to `MxNativeClient.Probe --probe-resolve-oxid-managed-ntlm-integrity` + `--probe-remqi-managed` to learn the per-session NMX endpoint + INmxService2 IPID, then uses `Session::connect_nmx`. Both code paths are wired and the test runs through endpoint resolution + IPID extraction successfully. The connect step itself fails with `Status { detail: 1722 }` (RPC_S_SERVER_UNAVAILABLE). `crates/mxaccess-rpc/examples/com-marshal-probe.rs` — minimal one-shot binary that calls `marshal_activated_iunknown_objref("NmxSvc.NmxService", DifferentMachine)` in isolation. Confirms the COM activation + CoMarshalInterface chain works fine standalone (returns a 338-byte OBJREF with valid OXID/IPID structure). The 1722 in the live test is therefore downstream of the activation — likely a COM-apartment threading interaction with the tokio multi-thread runtime. This is an F12-related issue (auto-resolve hardening), not an F54 issue. F54's correctness is covered by the existing unit-level integration tests: - `mxaccess::session::tests::router_populates_operation_status_context_from_pending_ops_fifo` - `mxaccess::session::tests::write_handle_correlates_with_router_emitted_status` - `mxaccess_compat::tests::drain_routes_write_status_to_on_write_complete` - `mxaccess_compat::tests::drain_routes_non_write_status_to_on_operation_complete` `design/followups.md` F49 entry updated to reflect: - F54 added as a fifth row in the live-verification scope. - "Live attempt 2026-05-06" sub-section documents the 1722 issue + what was verified (.NET probe end-to-end works against same install; Rust COM activation works in isolation; the failure is Rust-port-specific to `connect_nmx_auto` under tokio). - F49 now Blocked-by F12 hardening (the 1722 path). New `live-windows-com` feature on `mxaccess-compat` propagates to `mxaccess/windows-com` for the test binary. Workspace 824 → 824 tests; clippy + rustdoc clean across both feature configurations. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 08:23:01 -04:00
Joseph Doherty	4ff511bbed	[F54] per-operation correlation + compat OnWriteComplete fan-out rust / build / test / clippy / fmt (push) Has been cancelled Details rust / cargo public-api drift check (F41) (push) Has been cancelled Details Closes the residual that R3/R4 Path A's commit `c73a33e` deferred: the OperationStatus.context field was always None because no in-flight correlation map existed in SessionInner, and the mxaccess-compat broadcast channels for OnWriteComplete / OperationComplete were exposed on the public API but had no fan-out task draining session events into them. mxaccess (Part 1 — per-operation correlation): - New `pending_ops: Mutex<HashMap<[u8; 16], OperationContext>>` on SessionInner. Populated when `Session::write` / `subscribe` dispatches an outstanding operation; entry removed when the matching OperationStatus event fires (one-shot semantics). - New `Session::write_with_handle` (and equivalents for the secured / timestamped paths) returns a `WriteHandle { correlation_id }` so consumers can correlate completions back to their originating call. Existing `write` / `write_value` / etc. signatures unchanged and delegate to the handle-returning variant. - Callback router extended to look up `pending_ops` by correlation_id on each operation-status event. When found, populates `OperationStatus.context: Some(OperationContext { correlation_id, op_kind, reference, retry_count: 0 })`. When not found, falls through with `context: None` (verbatim-preserve per CLAUDE.md). - New unit tests assert: matching correlation_id populates context, unknown correlation_id leaves context None, the entry is removed from `pending_ops` after one event fires. mxaccess-compat (Part 2 — compat-layer fan-out): - New `correlation_to_item: tokio::sync::Mutex<HashMap<[u8; 16], i32>>` on LmxClientInner. - `LmxClient::write` / `write_2` / `write_secured` / `write_secured_2` call `Session::write_with_handle` (or equivalent) and insert `correlation_id → item_handle` into the map before returning. - `LmxClient::register` / `register_asb` spawn a background task that drains `session.operation_status_stream()`. Per event, looks up `correlation_to_item[event.context?.correlation_id]` to find the item_handle, then routes: - `OperationKind::Write` / `OperationKind::WriteSecured` → `WriteCompleteEvent { server_handle, item_handle, statuses, is_during_recovery }` into `on_write_complete_tx`. - Other variants → `OperationCompleteEvent { ... }` into `on_operation_complete_tx`. - Removes the correlation_id from `correlation_to_item` after firing (one-shot). - Events with no matching item_handle (correlation_id not in map) are dropped silently — no bogus item_handle=0 events. - Task cancelled on LmxClient drop via `JoinHandle::abort` (matches the existing `subscription_task` pattern). - New unit tests cover: Write op routes to on_write_complete, Read op routes to on_operation_complete, unknown correlation_id is dropped. Result: the C# `LMX_OnWriteComplete(int hLMXServerHandle, int phItemHandle, ref MXSTATUS_PROXY[] pVars)` callback shape is now end-to-end-achievable. A consumer calls `LmxClient::write(hServer, hItem, value, userId)` and drains `client.on_write_complete()`; the yielded `WriteCompleteEvent` carries the right `(server_handle, item_handle, statuses, is_during_recovery)` tuple. Public API: `Session::write_with_handle` + `WriteHandle` are new; existing signatures unchanged. `cargo public-api` baselines regenerated under `design/public-api/{mxaccess,mxaccess-compat}.txt`. Workspace: 765 → 823 tests pass (~58 new tests from F54). Clippy `-D warnings` clean. Rustdoc `-D warnings` clean. F54 status in `design/followups.md` moved Open → Resolved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 07:41:28 -04:00
Joseph Doherty	f0c9dd2214	rust: add version specifiers to workspace path deps for cargo publish	2026-05-06 05:31:57 -04:00
Joseph Doherty	d5aa152b1f	[F35] mxaccess-compat: LMXProxyServer-shaped facade (18 methods) Replace the 8-line `mxaccess-compat` stub with a real `LmxClient` struct exposing the 18 `ILMXProxyServer5` methods as Rust async fns on top of `mxaccess::Session` (NMX) and `mxaccess::AsbSession` (ASB). Handle-table approach * `Mutex<HashMap<i32, ItemRef>>` for item handles, populated by `add_item` / `add_item_2` / `add_buffered_item`, drained by `remove_item` / `unregister`. * `Mutex<HashMap<i32, UserRef>>` for user handles allocated by `authenticate_user` / `archestra_user_to_id`. * `AtomicI32` monotonic counters for both, matching the .NET reference's `_nextItemHandle` / `_nextUserHandles` per `MxNativeCompatibilityServer.cs:62-63`. Stream-based event surface (per Q4) * `OnDataChange` / `OnBufferedDataChange` / `OnWriteComplete` / `OperationComplete` exposed as `EventStream<T>: Stream<Item=T>`, backed by `tokio::sync::broadcast` channels. Lag silently skips past `BroadcastStream::Lagged` to keep the public `Item` shape ergonomic. NOT COM events — that's the post-V1 `mxaccess-compat-com` crate per design/70-risks-and-open-questions.md Q4. The `OperationComplete` channel is wired but no firing path is modelled (R3 deferred — no captured byte mapping yet). * `Advise` / `AdviseSupervisory` spawn a background fan-out task that drains the `Subscription` stream and routes each `DataChange` to either `on_data_change` or `on_buffered_data_change` based on the item's `is_buffered` flag. `UnAdvise` / `RemoveItem` abort the task. Pass-through methods * `Write` / `Write2` -> `Session::write` / `write_with_timestamp` (`userId` ignored — the underlying surface uses engine identity). * `WriteSecured2` -> `Session::write_secured_at` with both user ids always passed (R6: single-user secured = same id twice; never gated). * `AdviseSupervisory` collapses onto `Session::subscribe` because the wire path is `AdviseSupervisory` already (`session.rs:1057`), matching the .NET reference's `cs:251-259` identical collapse. * `SetBufferedUpdateInterval` rounds up to nearest 100 ms per `MxNativeCompatibilityServer.cs:638`. Stubbed pass-throughs (mirror upstream `Error::Unsupported`) * `WriteSecured` (no timestamp) — `Session::write_secured` is stubbed at `crates/mxaccess/src/lib.rs:472` (only `WriteSecured2`/`0x3A` is ported); workaround documented inline. * `AddBufferedItem` allocates the handle but `Advise` for buffered items does not yet drive `Session::subscribe_buffered` cadence knob — TODO(F36) flagged inline at `add_buffered_item` and `set_buffered_update_interval`. Tests (25 new, all green) * Handle-table lifecycle: Add -> Advise -> UnAdvise -> Remove with a mocked subscription task. * Monotonic handle allocation; context-prefix combination. * `SetBufferedUpdateInterval` rounding (50 -> 100, 101 -> 200, etc.) + zero-rejection. * Compile-time check that all 18 LMX methods are reachable on `LmxClient`. * Each event stream yields published items; lag silently dropped. * GUID-shape validation; server-handle mismatch errors. Build hygiene * `cargo build -p mxaccess-compat` clean. * `cargo test -p mxaccess-compat` -> 25 passed. * `cargo clippy -p mxaccess-compat --all-targets -- -D warnings` clean. * `RUSTDOCFLAGS=-D warnings cargo doc -p mxaccess-compat --no-deps` clean. Deferred / TODOs * TODO(F36): wire `set_buffered_update_interval` cadence into the `advise` path for buffered items. * TODO(R3): plumb a real trigger into `on_operation_complete` once the byte mapping lands. * TODO(wave 2): live integration tests against AVEVA. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 05:06:26 -04:00
Joseph Doherty	fe2a6db786	Initial project state: .NET reference, design, Rust port (M0+M1), evidence rust / build / test / clippy / fmt (push) Has been cancelled Details Layout: - src/ .NET 10 x64 reference: MxNativeCodec, MxNativeClient, MxAsbClient, probes, tests, harnesses. Executable spec. - design/ Architectural plan for the Rust port (M0–M6), error model, protocol invariants, risks (R1–R16), adversarial review log (review.md). - rust/ Rust workspace. M0 skeleton + M1 codec parity. mxaccess-codec: 215 unit tests + 2 cross-implementation parity tests (byte-identical against .NET reference). Other crates are M0 stubs awaiting M2+. - captures/ Frida + netsh + pcap evidence per CLAUDE.md ("captures are evidence, not throwaway logs"). - analysis/ Decompiled C# (frida/proxy/decompiled-), Ghidra exports for native DLLs (`exports/` only — working state at `projects/` and AVEVA's input binaries at `input/` are gitignored). - docs/ Reverse-engineering reference docs. - tools/ Setup-LiveProbeEnv.ps1 (Infisical credential fetcher), Compute-Crc.ps1 (.NET parity helper). - .github/workflows/ Rust CI: fmt + build + test + clippy on Windows. - LICENSE MIT (Joseph Doherty, 2026). Verified: - cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed - cargo clippy --workspace -- -D warnings → clean - cargo fmt --all -- --check → clean - cargo publish --dry-run -p mxaccess-codec → packages cleanly Excluded from history (see .gitignore): - /bin, /obj, */target — build artifacts - analysis/ghidra/projects/ — Ghidra working state (regenerable) - analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 06:21:00 -04:00

5 Commits