Joseph Doherty
1aafd6bde4
Second re-review pass at commit a020350 caught 48 new findings — including
one High-severity regression I introduced in the prior sweep — and fixed
them all in one parallel wave.
High (1)
- Client.Python-018: prior sweep set `license = "Proprietary"` in
pyproject.toml. setuptools >= 77 enforces PEP 639 and rejects the
string (it must be a valid SPDX expression), so `pip wheel .` and
`pip install -e .` both fail before any source compiles. Tests
still pass because pytest bypasses the build backend via
`pythonpath`. Dropped the invalid license string, kept the
`License :: Other/Proprietary License` classifier, and added
`tests/test_packaging.py` so a future regression of the same shape
is caught in CI.
Mediums (6)
- Worker-023: `HeartbeatStuckCeiling` (default 75s = 5x HeartbeatGrace)
on WorkerPipeSessionOptions bounds the in-flight-command watchdog
suppression so a truly stuck COM call still triggers StaHung
instead of permanently defeating the watchdog.
- Client.Rust-018: reverted Rust's `latencyMs` split so the
cross-language bench comparison is apples-to-apples again;
`failureLatencyMs` kept as Rust-only enrichment.
- Client.Java-021: applied Client.Java-002's terminal-state
serialisation pattern to DeployEventStream so close() arriving
after queue-overflow can't erase the overflow exception.
- IntegrationTests-017: teardown-parity test now uses a two-window
stability check after UnAdvise instead of strict equality against
the pre-UnAdvise count (which raced against in-flight events).
- IntegrationTests-019: new RecordingTestOutputHelper wraps every
log sink the WriteSecured live test owns (worker stdout/stderr,
gateway logs, direct WriteLine) so the credential is proven
absent from the full output buffer, not just the diagnostic
message.
- Tests-020: added MxAccessGatewayServiceConstraintTests coverage
for the previously-uncovered Write2Bulk and WriteSecured2Bulk
arms of WriteBulkConstraintPlan.SetPayload.
Lows (41 — highlights)
- Server: Galaxy glob cache eviction is race-free (Server-024);
GalaxyRepositoryGrpcService takes IGalaxyRepository (Server-025);
AlarmsOptions validated at startup (Server-026); Authorization.md
Constraint Enforcement snippet/prose enumerate the bulk write/read
family (Server-027); bulk-read-commands and bulk-write-commands
capability tokens added to OpenSession (Server-029);
NotWiredAlarmRpcDispatcher XML doc and missing scope-resolver and
state-machine tests cleaned up (023, 028).
- Worker: AlarmCommandHandler now invokes the same STA-affinity
guard the poll path uses, at every command entry (Worker-024);
RunAsync null-checks the runtime-session factory result
(Worker-025).
- Worker.Tests: shared LiveMxAccessOptInVariableName lives on
GatewayContractInfo (Worker.Tests-025); MxAccessSession.CreateForTesting
rejects production sinks (Worker.Tests-026); FakeRuntimeSession's
CancelCommandReturnValue serialised under lock (Worker.Tests-027);
Probes namespace lifted to MxGateway.Worker.Tests.Probes
(Worker.Tests-029); cancel-envelope sequence numbers monotonised
(Worker.Tests-030); docs/GatewayTesting.md gains a "Dev-rig Probes"
section (Worker.Tests-028).
- Tests: ManualTimeProvider consolidated into one TestSupport/ copy
(Tests-021); SessionManagerBulkTests adds a mid-flight cancellation
test backed by a TaskCompletionSource fake (Tests-022); companion
FakeWorkerProcess.WaitForExitAsync no longer fakes its exit signal
(Tests-023); constraint plan reply-count divergence pinned
(Tests-024).
- IntegrationTests: TryGetSession chain carries [MaybeNullWhen(false)]
end-to-end (IntegrationTests-018); abnormal-exit keyword set
tightened to pipe-disconnected/end-of-stream and the test now
asserts streamTask.IsFaulted (020, 021).
- Client.Dotnet: bench commands added to isLongRunning so the
default 30s wall-clock budget doesn't kill them (015);
BenchStreamEventsAsync observes the inner stream task on every
exit path (016).
- Client.Go: parseValue wraps strconv errors with flag context and
%w (017); bench loops honour ctx.Done() (018); galaxy-watch parses
RFC3339Nano with fractional seconds (019); runStreamEvents installs
signal.NotifyContext like runGalaxyWatch (020); five new CLI-level
table-driven tests cover the bulk/bench subcommands (021).
- Client.Java: toCompletable Javadoc rewritten to match the actual
cancellation contract Client.Java-015 established (022); stream-events
text path uses Long.toUnsignedString for worker_sequence (023);
bench-read-bulk no longer pollutes success-latency histogram with
failure durations (024); --shutdown-timeout CLI option propagates
through to ClientOptions (025); seven new MxGatewayCliTests cover
the bulk and bench commands (026).
- Client.Python: mxgateway_cli ships its own py.typed marker (019);
wheel-build smoke test added under tests/test_packaging.py (020);
README documents the Galaxy CLI parity gap explicitly (021).
- Client.Rust: RustClientDesign.md signatures match session.rs and
document the AsRef<str> read_bulk genericism (019);
next_correlation_id re-exported at the crate root, with a
property-style doc contract and an explicit disclaimer that the
literal textual format is not part of the contract (020).
- Contracts: BulkWriteResult comment names the actual
IConstraintEnforcer mechanism instead of "tag-allowlist filter"
(014); BulkReadResult gains explicit per-arm payload-population
documentation for the success vs failure cases (015).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
243 lines
8.9 KiB
Markdown
243 lines
8.9 KiB
Markdown
# Go Client
|
|
|
|
The Go client module contains the generated MXAccess Gateway protobuf bindings,
|
|
a small handwritten `mxgateway` package, and the `mxgw-go` test CLI scaffold.
|
|
The module uses the shared proto inputs documented in
|
|
`../../docs/ClientProtoGeneration.md` so gateway and client contracts stay in
|
|
sync.
|
|
|
|
## Layout
|
|
|
|
```text
|
|
clients/go/
|
|
go.mod
|
|
generate-proto.ps1
|
|
internal/generated/
|
|
mxgateway/
|
|
cmd/mxgw-go/
|
|
```
|
|
|
|
`internal/generated` contains code produced by `protoc`, `protoc-gen-go`, and
|
|
`protoc-gen-go-grpc`. Do not edit generated files by hand.
|
|
|
|
## Regenerating Protobuf Bindings
|
|
|
|
Run generation after the shared `.proto` files or the Go output path changes:
|
|
|
|
```powershell
|
|
./generate-proto.ps1
|
|
```
|
|
|
|
The script uses the tool paths recorded in `../../docs/ToolchainLinks.md`.
|
|
|
|
## Build And Test
|
|
|
|
Run the Go module checks from `clients/go`:
|
|
|
|
```powershell
|
|
go test ./...
|
|
go build ./...
|
|
go vet ./...
|
|
```
|
|
|
|
The tests parse the shared JSON fixtures, exercise value and status conversion,
|
|
use `bufconn` for fake gateway auth and streaming behavior, and cover CLI JSON
|
|
redaction.
|
|
|
|
## Packaging
|
|
|
|
Build a local CLI executable from `clients/go`:
|
|
|
|
```powershell
|
|
New-Item -ItemType Directory -Force ../../artifacts/clients/go | Out-Null
|
|
go build -o ../../artifacts/clients/go/mxgw-go.exe ./cmd/mxgw-go
|
|
```
|
|
|
|
Install the CLI into the active `GOBIN` or `GOPATH/bin`:
|
|
|
|
```powershell
|
|
go install ./cmd/mxgw-go
|
|
```
|
|
|
|
Other Go modules can consume the library package with the module path
|
|
`gitea.dohertylan.com/dohertj2/mxaccessgw/clients/go/mxgateway`.
|
|
|
|
## Client API
|
|
|
|
Use `mxgateway.Dial` with `mxgateway.Options` to configure plaintext or TLS
|
|
transport, API-key metadata, dial timeout, and per-call timeout:
|
|
|
|
```go
|
|
client, err := mxgateway.Dial(ctx, mxgateway.Options{
|
|
Endpoint: "localhost:5000",
|
|
APIKey: os.Getenv("MXGATEWAY_API_KEY"),
|
|
Plaintext: true,
|
|
})
|
|
```
|
|
|
|
`Client.OpenSession` returns a `Session` with helpers for `Register`,
|
|
`AddItem`, `AddItem2`, `Advise`, `Write`, the full bulk family
|
|
(`AddItemBulk`, `AdviseItemBulk`, `RemoveItemBulk`, `UnAdviseItemBulk`,
|
|
`SubscribeBulk`, `UnsubscribeBulk`, `WriteBulk`, `Write2Bulk`,
|
|
`WriteSecuredBulk`, `WriteSecured2Bulk`, `ReadBulk`), `Events`, and
|
|
`Close`. Bulk variants carry a list of entries in one round-trip and
|
|
return one result per entry; per-entry MXAccess failures appear as
|
|
`was_successful = false` and never return as Go errors. `ReadBulk` accepts
|
|
a `time.Duration` per-tag timeout and returns cached `OnDataChange`
|
|
values when the tag is already advised (`WasCached = true`) without
|
|
touching the existing subscription. Prefer
|
|
`SubscribeEvents` or `SubscribeEventsAfter` for long-running streams because the
|
|
returned subscription owns cancellation and exposes `Close` for deterministic
|
|
goroutine cleanup. `Events` and `EventsAfter` are a compatibility shim with a
|
|
bounded internal buffer: if the consumer drains too slowly the buffer fills,
|
|
the underlying stream is cancelled, and a terminal `EventResult` carrying
|
|
`ErrEventBufferOverflow` is delivered as the channel's last item before it
|
|
closes — so a slow consumer can distinguish dropped events from a normal
|
|
end-of-stream. `SubscribeEvents` blocks instead of dropping, so use it when no
|
|
events may be lost. Raw protobuf messages remain available through the
|
|
`mxgateway` package aliases and the `Raw` helper methods. Typed errors support
|
|
`errors.As` for `GatewayError`, `CommandError`, and `MxAccessError`; command
|
|
errors preserve the raw reply.
|
|
|
|
`Dial` and `DialGalaxy` create the connection lazily (`grpc.NewClient`): a
|
|
gateway that is briefly unavailable no longer turns into a hard error — the
|
|
connection recovers once the gateway comes up. To keep fail-fast behavior,
|
|
both run a readiness probe bounded by `DialTimeout` (default 10s, or the
|
|
context deadline when sooner) and return a `*GatewayError` if the gateway
|
|
cannot be reached in that window.
|
|
|
|
For retry, timeout, and auth handling, `GatewayError.Code()` exposes the
|
|
wrapped gRPC `codes.Code`, and `mxgateway.IsTransient(err)` reports whether a
|
|
failure (`Unavailable`, `DeadlineExceeded`, `ResourceExhausted`, `Aborted`)
|
|
may succeed on retry — so callers do not have to unwrap the error and call
|
|
`status.Code` themselves.
|
|
|
|
## Galaxy Repository browse
|
|
|
|
The `GalaxyRepository` service (proto package `galaxy_repository.v1`) is a
|
|
read-only metadata-only browse over the AVEVA System Platform Galaxy
|
|
Repository. It uses the same API-key authentication as the MXAccess Gateway
|
|
and requires the `metadata:read` scope. Use `mxgateway.DialGalaxy` to obtain a
|
|
`*GalaxyClient` that mirrors the connection-management conventions of
|
|
`Client`:
|
|
|
|
```go
|
|
galaxy, err := mxgateway.DialGalaxy(ctx, mxgateway.Options{
|
|
Endpoint: "localhost:5000",
|
|
APIKey: os.Getenv("MXGATEWAY_API_KEY"),
|
|
Plaintext: true,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer galaxy.Close()
|
|
|
|
ok, err := galaxy.TestConnection(ctx)
|
|
deployTime, present, err := galaxy.GetLastDeployTime(ctx)
|
|
objects, err := galaxy.DiscoverHierarchy(ctx)
|
|
```
|
|
|
|
`GetLastDeployTime` returns `(time.Time{}, false, nil)` when the server
|
|
reports `present=false` (no deploy recorded). `DiscoverHierarchy` returns
|
|
the generated `*GalaxyObject` slice with each object's dynamic attributes
|
|
populated for direct contract access.
|
|
|
|
### Watching deploy events
|
|
|
|
`WatchDeployEvents` opens a server-streaming subscription. The server emits a
|
|
bootstrap event with the current Galaxy state immediately on subscribe, then
|
|
one `DeployEvent` per new deploy. `Sequence` is monotonic per server start;
|
|
gaps signal dropped events. Pass a non-nil `lastSeenDeployTime` to suppress the
|
|
bootstrap event when resuming from a known checkpoint:
|
|
|
|
```go
|
|
streamCtx, cancel := context.WithCancel(ctx)
|
|
defer cancel()
|
|
|
|
events, errs, err := galaxy.WatchDeployEvents(streamCtx, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for {
|
|
select {
|
|
case ev, ok := <-events:
|
|
if !ok {
|
|
return nil // stream completed (server EOF or ctx cancelled)
|
|
}
|
|
log.Printf("seq=%d objects=%d attrs=%d",
|
|
ev.GetSequence(), ev.GetObjectCount(), ev.GetAttributeCount())
|
|
case streamErr := <-errs:
|
|
if streamErr != nil {
|
|
return streamErr // *GatewayError
|
|
}
|
|
case <-ctx.Done():
|
|
return ctx.Err()
|
|
}
|
|
}
|
|
```
|
|
|
|
Cancel the supplied context to tear down the stream cleanly. Both channels
|
|
close after EOF, cancellation, or a terminal error; surfaced errors are wrapped
|
|
in `*GatewayError`.
|
|
|
|
The CLI exposes the same RPC via `galaxy-watch`:
|
|
|
|
```powershell
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext -json
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext -last-seen-deploy-time 2026-04-28T10:00:00Z # whole-second RFC 3339
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext -last-seen-deploy-time 2026-04-28T10:00:00.123Z # fractional seconds also accepted
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext -limit 5
|
|
```
|
|
|
|
The command runs until Ctrl+C (or the optional `-limit` is reached) and prints
|
|
one line per event in text mode or one JSON object per event with `-json`.
|
|
|
|
## CLI
|
|
|
|
The `mxgw-go` CLI emits JSON with redacted API keys for commands that connect to
|
|
the gateway:
|
|
|
|
```powershell
|
|
go run ./cmd/mxgw-go version -json
|
|
go run ./cmd/mxgw-go open-session -endpoint localhost:5000 -plaintext -json
|
|
go run ./cmd/mxgw-go register -session-id <id> -client-name mxgw-go -plaintext -json
|
|
go run ./cmd/mxgw-go add-item -session-id <id> -server-handle 1 -item Area001.Tag.Value -plaintext -json
|
|
go run ./cmd/mxgw-go advise -session-id <id> -server-handle 1 -item-handle 1 -plaintext -json
|
|
go run ./cmd/mxgw-go write -session-id <id> -server-handle 1 -item-handle 1 -type int32 -value 123 -plaintext -json
|
|
go run ./cmd/mxgw-go stream-events -session-id <id> -plaintext -json
|
|
go run ./cmd/mxgw-go smoke -item Area001.Tag.Value -plaintext -json
|
|
go run ./cmd/mxgw-go galaxy-test-connection -plaintext -json
|
|
go run ./cmd/mxgw-go galaxy-last-deploy -plaintext -json
|
|
go run ./cmd/mxgw-go galaxy-discover -plaintext -json
|
|
go run ./cmd/mxgw-go galaxy-watch -plaintext -json
|
|
```
|
|
|
|
Use `-api-key-env MXGATEWAY_API_KEY` or `-api-key <key>` when authentication is
|
|
enabled. CLI output redacts the key value and never writes the raw secret.
|
|
|
|
Use TLS options for a secured gateway:
|
|
|
|
```powershell
|
|
go run ./cmd/mxgw-go smoke -endpoint mxgateway.example.local:5001 -ca-cert C:\certs\mxgateway-ca.pem -server-name-override mxgateway.example.local -api-key-env MXGATEWAY_API_KEY -item Area001.Tag.Value -json
|
|
```
|
|
|
|
## Integration Checks
|
|
|
|
Run live checks only when a gateway and MXAccess-backed worker are available:
|
|
|
|
```powershell
|
|
$env:MXGATEWAY_INTEGRATION = '1'
|
|
$env:MXGATEWAY_ENDPOINT = 'localhost:5000'
|
|
$env:MXGATEWAY_API_KEY = '<gateway-api-key>'
|
|
$env:MXGATEWAY_TEST_ITEM = 'Area001.Tag.Value'
|
|
go run ./cmd/mxgw-go smoke -endpoint $env:MXGATEWAY_ENDPOINT -plaintext -api-key-env MXGATEWAY_API_KEY -item $env:MXGATEWAY_TEST_ITEM -json
|
|
```
|
|
|
|
## Related Documentation
|
|
|
|
- [Client Packaging](../../docs/ClientPackaging.md)
|
|
- [Client Proto Generation](../../docs/ClientProtoGeneration.md)
|
|
- [Go Client Detailed Design](./GoClientDesign.md)
|