From ca2a9ac5079ca73db0bac2c697d4593c2a2ca7a6 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Tue, 2 Jun 2026 10:26:55 -0400
Subject: [PATCH] plan(phase2): OtOpcUa 2.1/2.2 + MxGateway 2.3 DONE (deep
 audit adoption, spec+code reviewed, local-only); ScadaBridge 2.5 pending
 variant decision

---
 ...02-auth-audit-normalization-phase2-deep.md | 21 +++++++++++++++++++
 ...-02-auth-audit-normalization.md.tasks.json |  6 +++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/docs/plans/2026-06-02-auth-audit-normalization-phase2-deep.md b/docs/plans/2026-06-02-auth-audit-normalization-phase2-deep.md
index 502c120..4b23e0f 100644
--- a/docs/plans/2026-06-02-auth-audit-normalization-phase2-deep.md
+++ b/docs/plans/2026-06-02-auth-audit-normalization-phase2-deep.md
@@ -172,6 +172,27 @@ gutting the partitioned store, the state machine, the filter, or the reporting 
 | 2.3 | MxGateway | new canonical SQLite `audit_event` store + migrator; `IAuditWriter`; `IApiKeyAuditStore`→canonical adapter (for library-internal CLI events) incl. `ListRecentAsync`; rewrite local producers; CorrelationId/Target capture; DI; tests | **high-risk** (↑ from standard) | Med–High |
 | 2.5 | ScadaBridge | **DEEP = audit-subsystem re-arch** (24-field→9-field record everywhere; domain fields→`DetailsJson`; SQL partitioned-table migration; forwarding state machine + filter + reporting rewrite; contract/perf tests) — **OR** the bounded "deep-at-the-seam" alternative above | **very-high-risk** | **VERY HIGH** |
 
+## Implementation status (2026-06-02, deep adoption underway)
+
+- **✅ OtOpcUa 2.1 + 2.2 DONE** (`feat/adopt-zb-audit`, spec ✅ + code ✅): `933dd1a` — deleted bespoke Commons
+  `AuditEvent`, adopted library `ZB.MOM.WW.Audit.AuditEvent`, `AuditWriterActor : IAuditWriter` (best-effort
+  `WriteAsync` wraps `Self.Tell`), `AuditOutcomeMapper.FromAction` derivation, batching/dedup intact; `b7f5e88` —
+  nullable `Outcome` column + migration `20260602135350_AddConfigAuditLogOutcome` (additive, chains after
+  CanonicalizeAdminRoles, no pending model changes) + `ClusterAudit` fix via shared `ClusterAuditQuery` (OR-predicate
+  joining `ClusterNode` membership). SP path untouched. ControlPlane 45/45, Configuration 80/80 (+3), AdminUI 121/121.
+  Minor backlog: no `IX_ConfigAuditLog_NodeId` (irrelevant while structured path dormant).
+- **✅ MxGateway 2.3 DONE** (`feat/adopt-zb-audit`, spec ✅ + code ✅): `a5944bb` — new MxGateway-owned canonical
+  SQLite `audit_event` store (same auth DB file via the library's `AuthSqliteConnectionFactory`; library tables
+  untouched), `CanonicalAuditWriter : IAuditWriter` (best-effort, never throws — closes the library's no-wrap gap),
+  `CanonicalForwardingApiKeyAuditStore : IApiKeyAuditStore` adapter (maps `ApiKeyAuditEntry`→canonical w/ system/cli
+  fallback + constraint-denied→Denied + DetailsJson wrap; `ListRecent` round-trips for the dashboard view), DI
+  overrides the library's `TryAddSingleton`'d store; `7ea8358` — Dashboard + ConstraintEnforcer rewritten to emit
+  canonical `AuditEvent` directly via `IAuditWriter` with structured `Target` + (dashboard) `CorrelationId`. 587 pass,
+  3 pre-existing FakeWorker reds, +10 tests. `api_key_audit` left unused (documented). Minor backlog: dup `WrapDetail`,
+  per-op `EnsureTable`, a test temp-dir leak, unfiltered `ListRecent` category.
+- **⏳ ScadaBridge 2.5 — NOT STARTED.** Branch `feat/adopt-zb-audit` created (stacked on auth) but untouched. Awaiting
+  the variant decision below (full re-arch vs bounded "deep-at-the-seam").
+
 ## Open items to confirm at review
 1. **ScadaBridge:** full audit re-architecture (pure 9-col storage) vs the **bounded "deep-at-the-seam"** variant
    (canonical record at the seam/reporting boundary; keep typed storage columns + state machine). Strongly
diff --git a/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json b/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json
index 4cfbabd..842407c 100644
--- a/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json
+++ b/docs/plans/2026-06-02-auth-audit-normalization.md.tasks.json
@@ -24,9 +24,9 @@
     {"id": 24, "subject": "Task 1.7: Canonical roles native expansion (#8) [high-risk] — DONE all 3, full-value canonical (MxGw 04bce3ff, OtOpcUa c1619d9 +DB-mig, SB b104760+4118452 +DB-mig +SoD collapse)", "status": "completed", "blockedBy": [18]},
 
     {"id": 25, "subject": "Task 2.0: GATE confirm audit source refs — DONE; found plan specs materially off → DEEP re-scope in -phase2-deep.md; PAUSED for user review before 2.1/2.2/2.3/2.5", "status": "completed", "blockedBy": [8]},
-    {"id": 26, "subject": "Task 2.1: OtOpcUa canonical record + IAuditWriter + Outcome (#1) [high-risk]", "status": "pending", "blockedBy": [25]},
-    {"id": 27, "subject": "Task 2.2: OtOpcUa Outcome migration + ClusterId fix (#1,#5) [high-risk]", "status": "pending", "blockedBy": [26]},
-    {"id": 28, "subject": "Task 2.3: MxGateway store→IAuditWriter adapter (#2,#6)", "status": "pending", "blockedBy": [25]},
+    {"id": 26, "subject": "Task 2.1: OtOpcUa canonical record + IAuditWriter + Outcome (#1) [high-risk] — DONE 933dd1a (spec+code reviewed)", "status": "completed", "blockedBy": [25]},
+    {"id": 27, "subject": "Task 2.2: OtOpcUa Outcome migration + ClusterId fix (#1,#5) [high-risk] — DONE b7f5e88 (spec+code reviewed)", "status": "completed", "blockedBy": [26]},
+    {"id": 28, "subject": "Task 2.3: MxGateway store→IAuditWriter adapter (#2,#6) [re-scoped high-risk] — DONE a5944bb+7ea8358 (canonical SQLite store+adapter; spec+code reviewed)", "status": "completed", "blockedBy": [25]},
     {"id": 29, "subject": "Task 2.5: ScadaBridge rename→IAuditRedactor + AuditOutcome (#3) [high-risk]", "status": "pending", "blockedBy": [25]},
 
     {"id": 30, "subject": "Task 3.1: Introduce IAuditActorAccessor seam", "status": "pending", "blockedBy": [9]},