When any equipment's REM signal switches to local mode, fire a dedicated
`unit.rem_local` event (with unit + equipment context) and record it to
the event log. Also fire `unit.rem_recovered` when all REM signals return
to remote. AutoControlStopped is still fired alongside RemLocal when
auto was running at the time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add `rem_local: bool` to UnitRuntime; set true when any equipment's
REM signal is false with good quality
- Engine check_fault_comm: stop auto-control and fire AutoControlStopped
when any equipment switches to local mode
- Block start-auto when rem_local (backend + error message)
- Frontend: disable Start Auto button in units/ops views when rem_local
- Frontend: disable equipment Start/Stop buttons in config view when
unit's rem_local is true
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reuses the existing API.md drawer for README; switching between
docs reloads content and updates the drawer title. Backend serves
README.md via /api/docs/readme-md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prevent starting unit auto control while fault_locked or manual_ack_required,
enforcing that faults must be manually acknowledged before resuming automation.
Also disable the Start Auto button in the frontend with descriptive tooltips.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Unit list and single-unit endpoints now include per-unit equipment list
with signal-role points and monitor data, consistent with unit detail.
Uses batch queries to avoid N+1 DB calls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moved simulate_run_feedback from command.rs into simulate.rs where it
reuses patch_signal. command.rs now only contains real PLC command logic.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When SIMULATE_PLC=true, a background task randomly disrupts rem or flt
signals on equipment (rem=false for 5-15s, flt=true for 3-10s) to
exercise fault detection, comm lock, and recovery logic in the engine.
Uses XorShift64 PRNG with no extra dependencies.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Event messages are now stored and displayed in Chinese. Names/codes are
resolved via lightweight DB lookups in persist_event_if_needed (entities
still exist at processing time). SourceDelete passes the name explicitly
since the source is deleted before the async event is processed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Equipment list response now includes signal-role points with monitor data,
so the ops view can render signal dots directly from state.equipments
without fetching /api/unit/:id/detail.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the standalone GET /api/unit/runtimes endpoint in favour of
embedding runtime directly in existing responses:
- GET /api/unit → each item now includes `runtime` field
- GET /api/unit/:id → returns UnitWithRuntime
- GET /api/unit/:id/detail → UnitDetail now includes `runtime`
runtime is null when the engine has not yet initialised the unit.
Frontend loadUnits() reads the embedded runtime field to populate
state.runtimes — one request instead of two.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause: state.runtimes was empty after refresh because the engine
only pushes UnitRuntimeChanged on state transitions — if the engine
is mid-wait-phase, no push occurs and badges show OFFLINE.
Fix: add GET /api/unit/runtimes batch endpoint (returns all known
runtimes as { unit_id: UnitRuntime }) and call it in parallel with
the unit list fetch inside loadUnits(), so runtime badges are correct
immediately after page load.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- engine.rs: replace HashSet<Uuid> with HashMap<Uuid, JoinHandle> in
supervise(); use is_finished() to detect exited tasks so units that
are disabled then re-enabled get a new task on next 10s scan
- control/mod.rs: extract shared monitor_value_as_bool (using the more
complete validator version that includes "yes"); remove duplicate
copies from engine.rs and validator.rs
- runtime.rs: fix get_or_create_notify TOCTOU by using entry API
instead of read-drop-write pattern
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When auto_enabled or fault_locked changes externally, the engine task
wakes via notify but previously only pushed WS on the next state
transition (potentially seconds later). Now push the fresh runtime
immediately in the notify.notified() arm so the frontend reflects
the change without delay.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Engine now spawns one async task per enabled unit (supervised every 10s)
- wait_phase uses sleep_until + select! for precise timing; 500ms fault-tick
runs inside each phase so fault/comm is still checked promptly
- WS UnitRuntimeChanged pushed only on state transitions, not every tick
- ControlRuntimeStore gains notify_unit/get_or_create_notify for instant
wake-up when handlers change auto_enabled or fault_locked
- UnitRuntime: remove last_tick_at, current_run/stop/distributor_elapsed_sec;
add display_acc_sec (snapshot at transition, avoids mid-cycle jitter)
- accumulated_run_sec now increments by exact run_time_sec*1000 per cycle
- unit.state_changed events no longer written to DB (too frequent)
- Frontend: show display_acc_sec instead of accumulated_run_sec
- styles: event-card flex-shrink:0 fixes text overlap under flex column
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend:
- POST /api/control/unit/batch-start-auto — starts auto on all enabled
units that are not fault/comm locked and not already running auto
- POST /api/control/unit/batch-stop-auto — stops auto on all units
Frontend (ops view):
- Add "全部启动" / "全部停止" buttons in the unit sidebar header
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When accumulated_run_sec reaches acc_time_sec, the coal feeder must be stopped
before entering DistributorRunning state. Previously the feeder was left running
while the distributor also ran, which is incorrect per the control spec.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of always patching the local cache, first attempt to write the RUN
point value through the normal OPC UA path. If the proxy accepts the write,
write_point_values_batch already emits PointNewValue locally so no extra work
is needed. Only fall back to direct cache patching when the write is rejected.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- validator: reject equipment start/stop when unit auto_enabled
- engine: fix stop_time_sec==0 causing infinite Stopped state (never starts)
- engine: call simulate_run_feedback after auto commands when SIMULATE_PLC=true
- command: extract simulate_run_feedback to shared module (was private in handler)
- web: disable Start/Stop buttons when unit auto is active; sync on WS runtime update
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After a successful start/stop command, write run=true/false directly
into the point monitor cache and broadcast PointNewValue via WebSocket.
Gated by SIMULATE_PLC=true env var; real OPC-UA values override it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add 运维/配置 tab switch; grid-ops / grid-config layout classes
- New ops-panel: unit sidebar + equipment card grid (REM/RUN/FLT signals)
- All equipment cards shown by default; unit click acts as filter
- Signal cells seed from point_monitor cache on render, then update via WS PointNewValue
- New log-stream-panel: SSE realtime log stream, active only in config view
- Backend: get_unit_detail now includes point_monitor (current value) in each point
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Returns unit with its equipments, each embedding their bound points.
Uses 2 queries (equipment list + points via ANY) to avoid N+1.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prevents browser from caching JS/CSS modules, so frontend changes take
effect immediately on page refresh without needing hard refresh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the special-case that silently ignored BadTimeout in the
subscription status callback. BadTimeout means the server has already
dropped the subscription, so reconnect must be triggered immediately
rather than waiting for the heartbeat check.
Also reduce lifetime_count (120→15) and max_keep_alive_count (10→5)
so failures are detected within 15s instead of 120s, while still
satisfying the OPC UA spec requirement of lifetime >= 3×keepalive.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
caoqianming