mbproxy: remediate the 2026-05-16 code-review findings

Fixes every finding from the codereviews/2026-05-16 multi-agent review (2 Critical, 20 Major, 38 Minor) and adds that review to the repo. Highlights: dashboard XSS escape; response cache invalidated on the write request (not just the response); ReloadValidator now runs at startup so port collisions / duplicate names / malformed Resilience profiles fail fast; AdminPort 0 genuinely disables the admin endpoint; PlcListener accept-loop faults propagate to the supervisor's faulted path; reconciler Restart builds before removing; Resilience pipelines are restart-only from a frozen snapshot; multiplexer connect-race leak, watchdog party-list snapshot, backend-response and FC16 framing validation; frontend reconnect retry and util.js load guard; plus the log-event/doc drift sweep and test-port hygiene. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 18:08:06 -04:00
parent 0308490aef
commit b222362ce0
45 changed files with 1735 additions and 151 deletions
@@ -64,7 +64,9 @@ public sealed class ProxyForwardingTests

        var config = new Dictionary<string, string?>
        {
-            ["Mbproxy:AdminPort"] = "8080",
+            // 0 disables the admin endpoint — this test does not exercise it, and a
+            // fixed port would collide under parallel test execution.
+            ["Mbproxy:AdminPort"] = "0",
            [$"Mbproxy:Plcs:0:Name"]       = "TestPLC",
            [$"Mbproxy:Plcs:0:ListenPort"] = proxyPort.ToString(),
            [$"Mbproxy:Plcs:0:Host"]       = _sim.Host,
@@ -239,7 +241,9 @@ public sealed class ProxyForwardingTests

        var config = new Dictionary<string, string?>
        {
-            ["Mbproxy:AdminPort"] = "8080",
+            // 0 disables the admin endpoint — this test does not exercise it, and a
+            // fixed port would collide under parallel test execution.
+            ["Mbproxy:AdminPort"] = "0",
            [$"Mbproxy:Plcs:0:Name"]       = "BadPLC",
            [$"Mbproxy:Plcs:0:ListenPort"] = proxyPort.ToString(),
            [$"Mbproxy:Plcs:0:Host"]       = "127.0.0.1",
@@ -307,7 +311,9 @@ public sealed class ProxyForwardingTests

        var config = new Dictionary<string, string?>
        {
-            ["Mbproxy:AdminPort"] = "8080",
+            // 0 disables the admin endpoint — this test does not exercise it, and a
+            // fixed port would collide under parallel test execution.
+            ["Mbproxy:AdminPort"] = "0",
            [$"Mbproxy:Plcs:0:Name"]       = "TestPLC",
            [$"Mbproxy:Plcs:0:ListenPort"] = proxyPort.ToString(),
            [$"Mbproxy:Plcs:0:Host"]       = _sim.Host,