11 tracked issues from STATE.md deferred items + CONCERNS.md analysis:
- ISS-001: MachineFingerprint null dereference (High, Quick)
- ISS-002: Blocking async .GetAwaiter().GetResult() (Medium, Medium)
- ISS-003: Silent catch {} blocks (High, Quick-Medium)
- ISS-004: No structured logging framework (Medium, Substantial)
- ISS-005: SHA256 not disposed (Low, Quick)
- ISS-006: LSV2 connect timeout doesn't abort (Medium, Quick)
- ISS-007: Integration tests hardcoded IPs (Medium, Quick-Medium)
- ISS-008: MachineFingerprint untested on real hardware (High, Medium)
- ISS-009: Heidenhain ReadActiveProgram not implemented (Low, Substantial)
- ISS-010: Siemens ReadActiveProgram not implemented (Low, Substantial)
- ISS-011: Obsolete crypto APIs (Low, Quick when upgrading)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7.6 KiB
7.6 KiB
Project Issues Log
Enhancements and known issues discovered during execution and codebase analysis.
Open Issues
ISS-001: MachineFingerprint null dereference on unusual hardware
- Discovered: Codebase analysis (2026-05-18)
- Type: Bug / Robustness
- Description:
mo.Properties["processorID"].Value.ToString()andobj["SerialNumber"]called without null guard. If WMI property missing on non-standard hardware, throwsNullReferenceException. Customer gets no useful error message. - Files:
Licensing/MachineFingerprint.cs - Fix:
mo.Properties["processorID"]?.Value?.ToString() ?? "unknown"— same forSerialNumber - Impact: High — licensing failure with no diagnostic for customer
- Effort: Quick (< 30 min)
- Suggested phase: Next robustness phase
ISS-002: Blocking async calls at CLI boundary
- Discovered: Codebase analysis (2026-05-18)
- Type: Refactoring / Reliability
- Description: 56+
.GetAwaiter().GetResult()calls inProgram.csand machine classes block the thread pool. .NET 4.7.2 supportsasync Task<int> Main. Risk of deadlock in certain SynchronizationContext scenarios. - Files:
Program.cs(lines 90, 101, 122, 142, 166, 200, 221, 240, 262) - Fix: Refactor
Maintostatic async Task<int> Main(string[] args), propagateawaitthroughout - Impact: Medium — currently works, but fragile; blocks async benefits
- Effort: Medium (1-2 hours)
- Suggested phase: Future refactor phase
ISS-003: Silent exception handlers swallow failures
- Discovered: Codebase analysis (2026-05-18)
- Type: Reliability / Observability
- Description: 23
try { ... } catch { }blocks swallow exceptions silently. Disconnect/cleanup paths fail with no trace. Production issues become undiagnosable. - Files:
Cnc/Fanuc/FanucMachine.cs,Cnc/Siemens/SiemensMachine.cs,Cnc/Heidenhain/HeidenhainMachine.cs,Cnc/Heidenhain/Lsv2Client.cs - Fix: At minimum
catch (Exception ex) { /* log or Debug.WriteLine */ }— better with logging framework (ISS-004) - Impact: High — hidden failures, connection leaks masked
- Effort: Quick-Medium (dependent on ISS-004)
- Suggested phase: Same phase as ISS-004
ISS-004: No structured logging framework
- Discovered: Codebase analysis (2026-05-18)
- Type: Observability / Reliability
- Description: Entire codebase uses
Console.WriteLine(98+ calls). No log levels, no timestamps, no file output. Production issues undiagnosable without attaching a terminal. - Files:
Program.cs, all machine implementations - Fix: Add Serilog or NLog. Replace
Console.WriteLinewith leveled logging. Add request/response tracing for FOCAS/LSV2/FTP operations. - Impact: Medium — works today, but operational burden grows with deployments
- Effort: Substantial (half day+)
- Suggested phase: v0.4 Operational Quality
ISS-005: SHA256 crypto provider not disposed
- Discovered: Codebase analysis (2026-05-18)
- Type: Bug / Resource Management
- Description:
new SHA256CryptoServiceProvider()created inside license validation but not wrapped inusing. Minor resource leak on every startup. - Files:
Licensing/LicenseValidator.cs - Fix:
using (var sha = new SHA256CryptoServiceProvider()) { ... } - Impact: Low — minor resource leak
- Effort: Quick (5 min)
- Suggested phase: Next robustness phase (same as ISS-001)
ISS-006: LSV2 connect timeout doesn't abort hung task
- Discovered: Codebase analysis (2026-05-18)
- Type: Reliability
- Description:
_tcp.ConnectAsync().Wait(timeout)— if the TCP connect never completes, returnsfalsebut doesn't cancel the pending task. Thread pool slot held indefinitely. - Files:
Cnc/Heidenhain/Lsv2Client.cs - Fix: Use
CancellationTokenSource+Task.WhenAny(connectTask, Task.Delay(timeout, ct))pattern - Impact: Medium — Heidenhain machine unreachable = hung process
- Effort: Quick (30 min)
- Suggested phase: Heidenhain robustness phase
ISS-007: Integration tests use hardcoded IPs
- Discovered: Codebase analysis (2026-05-18)
- Type: Testing
- Description: Integration tests for Siemens, Mitsubishi, Heidenhain hardcode IPs (127.0.0.1, 192.168.1.x). Fail in CI without physical hardware. Tests should use stub servers by default and make real IPs configurable via environment variable.
- Files:
NcProgramManager.Tests/Integration/SiemensMachineIntegrationTests.cs,HeidenhainMachineIntegrationTests.cs,MitsubishiMachineIntegrationTests.cs - Fix: Extract IPs to
Environment.GetEnvironmentVariable("SIEMENS_IP") ?? "127.0.0.1". Ensure stub-based tests always run; hardware tests skipped unless env var set. - Impact: Medium — CI unreliable
- Effort: Quick-Medium
- Suggested phase: Testing improvement phase
ISS-008: MachineFingerprint untested — full license flow unverified on real hardware
- Discovered: STATE.md deferred issues (ongoing)
- Type: Testing
- Description:
MachineFingerprint.csuses WMI (Windows-only). No unit tests exist for this class. Full license sign → deploy → validate flow never tested end-to-end on real Windows hardware. - Files:
Licensing/MachineFingerprint.cs,Licensing/LicenseFile.cs - Fix: Add unit tests with mocked
IMachineFingerprint. Document manual test procedure for real hardware flow. Verify on target Windows machine before customer delivery. - Impact: High — shipping unverified license flow
- Effort: Medium
- Suggested phase: License hardening phase
ISS-009: Heidenhain ReadActiveProgramAsync / SelectMainProgram not implemented
- Discovered: STATE.md deferred issues (2026-05-13)
- Type: Feature / Incomplete Implementation
- Description:
HeidenhainMachine.ReadActiveProgramAsync()andSelectMainProgramAsync()return hard-codedCncResult.Fail("Not supported via basic LSV2"). LSV2 may support these via additional commands not yet implemented. - Files:
Cnc/Heidenhain/HeidenhainMachine.cs - Impact: Low — current use case requires explicit program path; feature unused
- Effort: Substantial (requires LSV2 spec research + hardware testing)
- Suggested phase: Heidenhain advanced features (future)
ISS-010: Siemens ReadActiveProgramAsync / SelectMainProgram not implemented
- Discovered: STATE.md deferred issues (2026-05-13)
- Type: Feature / Incomplete Implementation
- Description: Same as ISS-009 for Siemens. FTP protocol may not expose active program info natively.
- Files:
Cnc/Siemens/SiemensMachine.cs - Impact: Low — current use case requires explicit program path
- Effort: Substantial (requires Sinumerik FTP extension research)
- Suggested phase: Siemens advanced features (future)
ISS-011: Obsolete crypto APIs (RSACryptoServiceProvider, SHA256CryptoServiceProvider)
- Discovered: Codebase analysis (2026-05-18)
- Type: Technical Debt
- Description: Both classes marked obsolete in .NET 6+. Currently safe on .NET 4.7.2 (only warnings), but blocks future framework upgrade path.
- Files:
Licensing/LicenseValidator.cs - Fix (when upgrading):
RSA.Create()+rsa.VerifyData(data, sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)— eliminates both obsolete types - Impact: Low — no runtime impact on .NET 4.7.2
- Effort: Quick (when .NET version is upgraded)
- Suggested phase: Future .NET upgrade phase
Closed Issues
None yet.
Last updated: 2026-05-18 Sources: STATE.md deferred issues + CONCERNS.md codebase analysis