mbproxy: Wave 3 cleanups, docs, and test gaps from 2026-05-14 review

Closes the Wave 3 (cleanup) tier of codereviews/2026-05-14/RemediationPlan.md.
Tests: 378 pass / 0 fail (baseline 370 + 8 new W3 regression tests).

Code cleanups:
  * PlcMultiplexer: removed dead `elapsedMs` calculation (the actual EWMA
    conversion uses Stopwatch ticks two lines below).
  * UpstreamPipe.FillAsync: dropped the meaningless `firstRead && remaining
    == count ? false : false` ternary; both branches were `false`.
  * InFlightByKeyMap.TryAttachOrCreate (always returned `true`) renamed to
    `AttachOrCreate` and made `void`. Test sites updated to drop the dead
    `bool ok = ...; ok.ShouldBeTrue();` assertions.
  * BcdCodec.HasBadNibble promoted from private to internal; the duplicate
    copy in BcdPduPipeline removed and the call sites updated to
    `BcdCodec.HasBadNibble`.
  * PlcMultiplexer watchdog comment fixed: said "1-second floor", code uses
    100 ms. Now both agree.
  * StatusSnapshotBuilder: simplified the unreachable
    `RemoteEp?.ToString() ?? RemoteEp?.Address.ToString() ?? "?"` to
    `RemoteEp?.ToString() ?? "?"`.
  * Mbproxy.csproj: stale "deferred" Polly comment replaced with a real
    description of where Polly is used (BackendConnect + ListenerRecovery).

Doc updates:
  * README: added a callout about the unconventional 32-bit BCD wire format
    ("two base-10000 digits in CDAB", not standard binary CDAB Int32) so
    integrators using off-the-shelf clients learn about the silent-corruption
    hazard before configuring writes.
  * docs/design.md: clarified `cacheMissCount` and `coalescedMissCount`
    semantics — "miss" means "did not find a fresh entry / did not coalesce",
    NOT "produced a backend round-trip". Operators wanting actual backend
    traffic should compute `miss − coalescedHit − exception04`.
  * docs/Architecture/ResponseCache.md: documented the structural
    "skip invalidation while recovering" gating (no backend reader during
    recovery → no FC06/FC16 response → no invalidation).
  * docs/Operations/Configuration.md: noted that the Event Log sink is the
    custom EventLogBridge, not Serilog.Sinks.EventLog (W2.23 cached check).
  * docs/plan/README.md: added a Phase 12 row pointing at the remediation
    plan and linking out to codereviews/2026-05-14/.

Test additions (W3 high-value gaps):
  * BcdPduPipelineTests:
    - FC16_WriteStartsOnHighWord_Of32BitPair_PassesThroughRaw_WithPartialWarning
      (symmetric inverse of the existing low-side partial-overlap test).
    - FC03_Mixed_16Bit_32Bit_AndNonBcd_InOneRead_OnlyConfiguredSlotsRewritten
      (mixed-slot routing in a single FC03 read).
    - FC16_Response_PassesThroughUnchanged_RegardlessOfTagMap (FC16 response
      carries no register data; rewriter must pass through).
  * AdminEndpointTests:
    - NonGetMethod_AgainstAdminRoutes_Returns405 (Theory: POST/PUT/DELETE/
      PATCH against `/` and `/status.json` must return 405; guards against
      an accidental MapPost being added later).
  * HotReloadE2ETests:
    - E2E_TagListReload_OnCacheablePlc_EmitsCacheFlushedEvent (validates the
      W2.8 cache.flushed wiring end-to-end via the real FileSystemWatcher
      reload path).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

mbproxy/tests/Mbproxy.Tests/Proxy/BcdPduPipelineTests.cs

@@ -404,6 +404,87 @@ public sealed class BcdPduPipelineTests
         ctx.Counters.Snapshot().RewrittenSlots.ShouldBe(0);
     }
 
+    /// <summary>
+    /// Phase 12 (W3 test gap) — symmetric inverse of the existing partial-overlap test:
+    /// the write range starts ON the high register of a 32-bit pair (low word is BEFORE
+    /// the write range). Must also be passed through raw with a partial warning, not
+    /// half-rewritten.
+    /// </summary>
+    [Fact]
+    public void FC16_WriteStartsOnHighWord_Of32BitPair_PassesThroughRaw_WithPartialWarning()
+    {
+        // 32-bit BCD tag at 700/701; write range 701–702 (qty=2). Low (700) is OUT of
+        // range; high (701) is IN range — partial overlap on the high side.
+        var ctx = MakeContext(BcdTag.Create(700, 32));
+        var pdu = Fc16Request(701, 0xCCCC, 0xDDDD);
+        byte[] original = [..pdu];
+
+        Pipeline.Process(MbapDirection.RequestToBackend, ReadOnlySpan<byte>.Empty, pdu.AsSpan(), ctx);
+
+        pdu.ShouldBe(original, "high-only partial overlap must pass through raw");
+        ctx.Counters.Snapshot().PartialBcdWarnings.ShouldBe(1);
+        ctx.Counters.Snapshot().RewrittenSlots.ShouldBe(0);
+    }
+
+    /// <summary>
+    /// Phase 12 (W3 test gap) — mixed slots in a single FC03 read: a 16-bit BCD tag, a
+    /// 32-bit BCD pair, and an unconfigured register. Each slot should be handled
+    /// independently — the 16-bit and 32-bit rewritten, the unconfigured register passed
+    /// through unchanged.
+    /// </summary>
+    [Fact]
+    public void FC03_Mixed_16Bit_32Bit_AndNonBcd_InOneRead_OnlyConfiguredSlotsRewritten()
+    {
+        // Layout:
+        //   addr 100: 16-bit BCD     → wire 0x1234 → decoded 1234 (= 0x04D2 binary)
+        //   addr 101: unconfigured   → passes through 0x9999
+        //   addr 102: 32-bit BCD low → wire 0x5678 (BCD digits 5,6,7,8 → 5678)
+        //   addr 103: 32-bit BCD high→ wire 0x1234 (BCD digits 1,2,3,4 → 1234)
+        //                              decoded = 1234*10_000 + 5678 = 12_345_678
+        //                              emitted as base-10000 binary CDAB:
+        //                                low  = 12_345_678 % 10_000 = 5678  (binary 0x162E)
+        //                                high = 12_345_678 / 10_000 = 1234  (binary 0x04D2)
+        var ctx = MakeContext(BcdTag.Create(100, 16), BcdTag.Create(102, 32));
+        var inFlight = MakeInFlight(0x03, startAddress: 100, qty: 4);
+        var responseCtx = ctx.WithCurrentRequest(inFlight);
+
+        var pdu = Fc03Response(0x1234, 0x9999, 0x5678, 0x1234);
+
+        Pipeline.Process(MbapDirection.ResponseToClient, ReadOnlySpan<byte>.Empty, pdu.AsSpan(), responseCtx);
+
+        // pdu[0]=fc, pdu[1]=byteCount, pdu[2..] = register bytes (2 per register).
+        ushort reg100 = (ushort)((pdu[2] << 8) | pdu[3]);
+        ushort reg101 = (ushort)((pdu[4] << 8) | pdu[5]);
+        ushort reg102 = (ushort)((pdu[6] << 8) | pdu[7]);
+        ushort reg103 = (ushort)((pdu[8] << 8) | pdu[9]);
+
+        reg100.ShouldBe((ushort)1234,   "16-bit BCD slot must decode to 1234");
+        reg101.ShouldBe((ushort)0x9999, "unconfigured register must pass through unchanged");
+        reg102.ShouldBe((ushort)5678,   "32-bit pair low must emit decimal 5678 as binary");
+        reg103.ShouldBe((ushort)1234,   "32-bit pair high must emit decimal 1234 as binary");
+        // Slot count: 1 from 16-bit + 2 from 32-bit pair = 3 rewritten slots.
+        ctx.Counters.Snapshot().RewrittenSlots.ShouldBe(3);
+    }
+
+    /// <summary>
+    /// Phase 12 (W3 test gap) — FC16 response handling. The response carries no register
+    /// values (just an echo of [fc][start][qty]) so the rewriter must pass it through
+    /// unchanged regardless of tag-map content.
+    /// </summary>
+    [Fact]
+    public void FC16_Response_PassesThroughUnchanged_RegardlessOfTagMap()
+    {
+        var ctx = MakeContext(BcdTag.Create(100, 16), BcdTag.Create(200, 32));
+        // FC16 response: [fc=10][startHi][startLo][qtyHi][qtyLo] = 5 bytes total.
+        var pdu = new byte[] { 0x10, 0x00, 0x64, 0x00, 0x05 };
+        byte[] original = [..pdu];
+
+        Pipeline.Process(MbapDirection.ResponseToClient, ReadOnlySpan<byte>.Empty, pdu.AsSpan(), ctx);
+
+        pdu.ShouldBe(original, "FC16 response carries no register data and must pass through");
+        ctx.Counters.Snapshot().RewrittenSlots.ShouldBe(0);
+    }
+
     [Fact]
     public void FC16_WritePartiallyOverlapping32BitPair_PassesThroughRaw_WithPartialWarning()
     {