From 684ca9da85cb9bc1d0553e99a0e13b7f87d3ae5d Mon Sep 17 00:00:00 2001
From: caoqianming <caoqianming@foxmail.com>
Date: Tue, 24 Mar 2026 14:44:48 +0800
Subject: [PATCH] feat(control): reject manual commands when unit is fault/comm
 locked

---
 src/control/validator.rs | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/control/validator.rs b/src/control/validator.rs
index 494556d..1e7a608 100644
--- a/src/control/validator.rs
+++ b/src/control/validator.rs
@@ -115,7 +115,36 @@ pub async fn validate_manual_control(
         }
     }
 
-    let command_value_type = monitor_guard
+    drop(monitor_guard);
+
+    // Runtime state checks — block commands if unit is locked
+    if let Some(unit_id) = equipment.unit_id {
+        if let Some(runtime) = state.control_runtime.get(unit_id).await {
+            if runtime.comm_locked {
+                return Err(ApiErr::Forbidden(
+                    "Unit communication is locked".to_string(),
+                    Some(json!({ "unit_id": unit_id })),
+                ));
+            }
+            if runtime.fault_locked {
+                return Err(ApiErr::Forbidden(
+                    "Unit is fault locked".to_string(),
+                    Some(json!({ "unit_id": unit_id, "manual_ack_required": runtime.manual_ack_required })),
+                ));
+            }
+            if runtime.manual_ack_required {
+                return Err(ApiErr::Forbidden(
+                    "Fault acknowledgement required before issuing commands".to_string(),
+                    Some(json!({ "unit_id": unit_id })),
+                ));
+            }
+        }
+    }
+
+    let command_value_type = state
+        .connection_manager
+        .get_point_monitor_data_read_guard()
+        .await
         .get(&command_point.point_id)
         .and_then(|item| item.value_type.clone());