nc_program_manager/.paul/ISSUES.md
dtrentin d4bb3419e8 docs(issues): create ISSUES.md from deferred items and codebase concerns
11 tracked issues from STATE.md deferred items + CONCERNS.md analysis:
- ISS-001: MachineFingerprint null dereference (High, Quick)
- ISS-002: Blocking async .GetAwaiter().GetResult() (Medium, Medium)
- ISS-003: Silent catch {} blocks (High, Quick-Medium)
- ISS-004: No structured logging framework (Medium, Substantial)
- ISS-005: SHA256 not disposed (Low, Quick)
- ISS-006: LSV2 connect timeout doesn't abort (Medium, Quick)
- ISS-007: Integration tests hardcoded IPs (Medium, Quick-Medium)
- ISS-008: MachineFingerprint untested on real hardware (High, Medium)
- ISS-009: Heidenhain ReadActiveProgram not implemented (Low, Substantial)
- ISS-010: Siemens ReadActiveProgram not implemented (Low, Substantial)
- ISS-011: Obsolete crypto APIs (Low, Quick when upgrading)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 22:52:35 +02:00

7.6 KiB

Project Issues Log

Enhancements and known issues discovered during execution and codebase analysis.

Open Issues

ISS-001: MachineFingerprint null dereference on unusual hardware

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Bug / Robustness
  • Description: mo.Properties["processorID"].Value.ToString() and obj["SerialNumber"] called without null guard. If WMI property missing on non-standard hardware, throws NullReferenceException. Customer gets no useful error message.
  • Files: Licensing/MachineFingerprint.cs
  • Fix: mo.Properties["processorID"]?.Value?.ToString() ?? "unknown" — same for SerialNumber
  • Impact: High — licensing failure with no diagnostic for customer
  • Effort: Quick (< 30 min)
  • Suggested phase: Next robustness phase

ISS-002: Blocking async calls at CLI boundary

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Refactoring / Reliability
  • Description: 56+ .GetAwaiter().GetResult() calls in Program.cs and machine classes block the thread pool. .NET 4.7.2 supports async Task<int> Main. Risk of deadlock in certain SynchronizationContext scenarios.
  • Files: Program.cs (lines 90, 101, 122, 142, 166, 200, 221, 240, 262)
  • Fix: Refactor Main to static async Task<int> Main(string[] args), propagate await throughout
  • Impact: Medium — currently works, but fragile; blocks async benefits
  • Effort: Medium (1-2 hours)
  • Suggested phase: Future refactor phase

ISS-003: Silent exception handlers swallow failures

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Reliability / Observability
  • Description: 23 try { ... } catch { } blocks swallow exceptions silently. Disconnect/cleanup paths fail with no trace. Production issues become undiagnosable.
  • Files: Cnc/Fanuc/FanucMachine.cs, Cnc/Siemens/SiemensMachine.cs, Cnc/Heidenhain/HeidenhainMachine.cs, Cnc/Heidenhain/Lsv2Client.cs
  • Fix: At minimum catch (Exception ex) { /* log or Debug.WriteLine */ } — better with logging framework (ISS-004)
  • Impact: High — hidden failures, connection leaks masked
  • Effort: Quick-Medium (dependent on ISS-004)
  • Suggested phase: Same phase as ISS-004

ISS-004: No structured logging framework

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Observability / Reliability
  • Description: Entire codebase uses Console.WriteLine (98+ calls). No log levels, no timestamps, no file output. Production issues undiagnosable without attaching a terminal.
  • Files: Program.cs, all machine implementations
  • Fix: Add Serilog or NLog. Replace Console.WriteLine with leveled logging. Add request/response tracing for FOCAS/LSV2/FTP operations.
  • Impact: Medium — works today, but operational burden grows with deployments
  • Effort: Substantial (half day+)
  • Suggested phase: v0.4 Operational Quality

ISS-005: SHA256 crypto provider not disposed

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Bug / Resource Management
  • Description: new SHA256CryptoServiceProvider() created inside license validation but not wrapped in using. Minor resource leak on every startup.
  • Files: Licensing/LicenseValidator.cs
  • Fix: using (var sha = new SHA256CryptoServiceProvider()) { ... }
  • Impact: Low — minor resource leak
  • Effort: Quick (5 min)
  • Suggested phase: Next robustness phase (same as ISS-001)

ISS-006: LSV2 connect timeout doesn't abort hung task

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Reliability
  • Description: _tcp.ConnectAsync().Wait(timeout) — if the TCP connect never completes, returns false but doesn't cancel the pending task. Thread pool slot held indefinitely.
  • Files: Cnc/Heidenhain/Lsv2Client.cs
  • Fix: Use CancellationTokenSource + Task.WhenAny(connectTask, Task.Delay(timeout, ct)) pattern
  • Impact: Medium — Heidenhain machine unreachable = hung process
  • Effort: Quick (30 min)
  • Suggested phase: Heidenhain robustness phase

ISS-007: Integration tests use hardcoded IPs

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Testing
  • Description: Integration tests for Siemens, Mitsubishi, Heidenhain hardcode IPs (127.0.0.1, 192.168.1.x). Fail in CI without physical hardware. Tests should use stub servers by default and make real IPs configurable via environment variable.
  • Files: NcProgramManager.Tests/Integration/SiemensMachineIntegrationTests.cs, HeidenhainMachineIntegrationTests.cs, MitsubishiMachineIntegrationTests.cs
  • Fix: Extract IPs to Environment.GetEnvironmentVariable("SIEMENS_IP") ?? "127.0.0.1". Ensure stub-based tests always run; hardware tests skipped unless env var set.
  • Impact: Medium — CI unreliable
  • Effort: Quick-Medium
  • Suggested phase: Testing improvement phase

ISS-008: MachineFingerprint untested — full license flow unverified on real hardware

  • Discovered: STATE.md deferred issues (ongoing)
  • Type: Testing
  • Description: MachineFingerprint.cs uses WMI (Windows-only). No unit tests exist for this class. Full license sign → deploy → validate flow never tested end-to-end on real Windows hardware.
  • Files: Licensing/MachineFingerprint.cs, Licensing/LicenseFile.cs
  • Fix: Add unit tests with mocked IMachineFingerprint. Document manual test procedure for real hardware flow. Verify on target Windows machine before customer delivery.
  • Impact: High — shipping unverified license flow
  • Effort: Medium
  • Suggested phase: License hardening phase

ISS-009: Heidenhain ReadActiveProgramAsync / SelectMainProgram not implemented

  • Discovered: STATE.md deferred issues (2026-05-13)
  • Type: Feature / Incomplete Implementation
  • Description: HeidenhainMachine.ReadActiveProgramAsync() and SelectMainProgramAsync() return hard-coded CncResult.Fail("Not supported via basic LSV2"). LSV2 may support these via additional commands not yet implemented.
  • Files: Cnc/Heidenhain/HeidenhainMachine.cs
  • Impact: Low — current use case requires explicit program path; feature unused
  • Effort: Substantial (requires LSV2 spec research + hardware testing)
  • Suggested phase: Heidenhain advanced features (future)

ISS-010: Siemens ReadActiveProgramAsync / SelectMainProgram not implemented

  • Discovered: STATE.md deferred issues (2026-05-13)
  • Type: Feature / Incomplete Implementation
  • Description: Same as ISS-009 for Siemens. FTP protocol may not expose active program info natively.
  • Files: Cnc/Siemens/SiemensMachine.cs
  • Impact: Low — current use case requires explicit program path
  • Effort: Substantial (requires Sinumerik FTP extension research)
  • Suggested phase: Siemens advanced features (future)

ISS-011: Obsolete crypto APIs (RSACryptoServiceProvider, SHA256CryptoServiceProvider)

  • Discovered: Codebase analysis (2026-05-18)
  • Type: Technical Debt
  • Description: Both classes marked obsolete in .NET 6+. Currently safe on .NET 4.7.2 (only warnings), but blocks future framework upgrade path.
  • Files: Licensing/LicenseValidator.cs
  • Fix (when upgrading): RSA.Create() + rsa.VerifyData(data, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1) — eliminates both obsolete types
  • Impact: Low — no runtime impact on .NET 4.7.2
  • Effort: Quick (when .NET version is upgraded)
  • Suggested phase: Future .NET upgrade phase

Closed Issues

None yet.


Last updated: 2026-05-18 Sources: STATE.md deferred issues + CONCERNS.md codebase analysis