feat(control): reject manual commands when unit is fault/comm locked

src/control/validator.rs

@@ -115,7 +115,36 @@ pub async fn validate_manual_control(
         }
     }
 
-    let command_value_type = monitor_guard
+    drop(monitor_guard);
+
+    // Runtime state checks — block commands if unit is locked
+    if let Some(unit_id) = equipment.unit_id {
+        if let Some(runtime) = state.control_runtime.get(unit_id).await {
+            if runtime.comm_locked {
+                return Err(ApiErr::Forbidden(
+                    "Unit communication is locked".to_string(),
+                    Some(json!({ "unit_id": unit_id })),
+                ));
+            }
+            if runtime.fault_locked {
+                return Err(ApiErr::Forbidden(
+                    "Unit is fault locked".to_string(),
+                    Some(json!({ "unit_id": unit_id, "manual_ack_required": runtime.manual_ack_required })),
+                ));
+            }
+            if runtime.manual_ack_required {
+                return Err(ApiErr::Forbidden(
+                    "Fault acknowledgement required before issuing commands".to_string(),
+                    Some(json!({ "unit_id": unit_id })),
+                ));
+            }
+        }
+    }
+
+    let command_value_type = state
+        .connection_manager
+        .get_point_monitor_data_read_guard()
+        .await
         .get(&command_point.point_id)
         .and_then(|item| item.value_type.clone());