From 777fe7372ed6469f2e218643ccc7a80f00da17dc Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Tue, 17 Feb 2026 12:37:27 +0100 Subject: Remove CLAUDE.md from version control Keep the file locally but gitignore it so project-specific Claude Code instructions are not pushed to the repository. --- .gitignore | 3 + CLAUDE.md | 197 ------------------------------------------------------------- 2 files changed, 3 insertions(+), 197 deletions(-) delete mode 100644 CLAUDE.md diff --git a/.gitignore b/.gitignore index 285b7d5..2bef7c5 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,6 @@ certs/ # Claude Code local state .claude/ + +# Relevant to the project but not to be pushed +CLAUDE.md diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index cabc688..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,197 +0,0 @@ -# CLAUDE.md — OPC UA Discovery Project - -## Project Overview - -C project exploring OPC UA discovery using the open62541 library (git submodule at `deps/open62541`). CMake build system (C11). Source files live in `src/`, certificates in `certs/`, helper scripts in `tools/`. - -## Build - -```sh -cmake --build build --parallel -``` - -If the build directory doesn't exist yet or dependencies need reconfiguring: - -```sh -cmake -B build -cmake --build build --parallel -``` - -open62541 is built automatically via `cmake/BuildDeps.cmake` with `UA_ENABLE_ENCRYPTION=OPENSSL` and `UA_ENABLE_DISCOVERY=ON`, installed to `build/deps/open62541-install`. The open62541 build directory is `build/deps/open62541`. - -After building, verify that `compile_commands.json` is symlinked from `build/` to the project root. - -### Building Documentation - -To build the open62541 HTML documentation (requires `python3-sphinx`, `python3-sphinx-rtd-theme`, `graphviz`): - -```sh -cmake -B build -DBUILD_DOC=ON -cmake --build build --target doc -``` - -Output goes to `build/deps/open62541/doc/index.html`. - -## Code Style - -- Follow the `.clang-format` file in the project root (GNU-based style). -- Key points: 2-space indent, braces on own line (`BreakBeforeBraces: GNU`), space before parens (`SpaceBeforeParens: Always`), pointer star on the right (`PointerAlignment: Right`), 79-column limit, return type on its own line for definitions. -- Do **not** reformat code you didn't change. - -## Workflow Preferences - -- **Ask before committing.** Never commit without explicit confirmation. -- **Ask when ambiguous.** If a task or requirement is unclear, ask rather than guess. -- **Plan mode:** Ask before entering plan mode — don't assume it's needed. -- **Validation:** After making changes, confirm the project compiles with `cmake --build build --parallel`. When asked to run or test, start all three programs (LDS, ServerRegister, ClientFindServers) using the commands in the **Running** section below, then verify the client output. -- **Verbosity:** Give detailed explanations of what was done and why. - -## Certificates - -Generate DER certificates with `tools/generate_certificate.sh `. This creates `_cert.der` and `_key.der` in the given directory. Four identities are needed: - -```sh -tools/generate_certificate.sh certs ServerLDS -tools/generate_certificate.sh certs ServerRegister -tools/generate_certificate.sh certs ServerRegisterClient -tools/generate_certificate.sh certs ClientFindServers -``` - -Existing certs live in `certs/`. Only regenerate if missing. - -## Running - -Each program takes a configuration file and an optional log level: ` [log-level]`. The log level defaults to `info`. Valid levels: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. Example config files are in `config/`. Start programs in order in separate terminals from the project root: - -**1. Local Discovery Server (LDS)** - -```sh -build/ServerLDS config/server_lds.conf -``` - -**2. Register Server** - -```sh -build/ServerRegister config/server_register.conf -``` - -**3. Find Servers Client** - -```sh -build/ClientFindServers config/client_find_servers.conf -``` - -## Configuration Files - -Config files use a simple `key = value` format, one entry per line. Lines starting with `#` are comments. Blank lines are ignored. Repeated keys are used for list values (e.g. multiple `trustList` entries). - -### ServerLDS Keys - -| Key | Required | Description | -|-----|----------|-------------| -| `port` | yes | Server port number | -| `applicationUri` | yes | OPC UA application URI | -| `certificate` | yes | Path to server certificate (.der) | -| `privateKey` | yes | Path to server private key (.der) | -| `cleanupTimeout` | yes | Seconds before stale registrations are removed (must be > 10) | -| `authMode` | yes | `anonymous` or `user` | -| `username` | if user | Username for authentication | -| `password` | if user | Password for authentication | -| `trustList` | no | Trusted certificate path (repeat for multiple) | - -### ServerRegister Keys - -| Key | Required | Description | -|-----|----------|-------------| -| `port` | yes | Server port number | -| `applicationUri` | yes | OPC UA application URI | -| `serverCertificate` | yes | Path to server certificate (.der) | -| `serverPrivateKey` | yes | Path to server private key (.der) | -| `clientCertificate` | yes | Path to client certificate for LDS connection (.der) | -| `clientPrivateKey` | yes | Path to client private key for LDS connection (.der) | -| `discoveryEndpoint` | yes | LDS endpoint URL (e.g. `opc.tcp://localhost:4840`) | -| `registerInterval` | yes | Seconds between re-registrations | -| `securityMode` | yes | `None`, `Sign`, or `SignAndEncrypt` | -| `securityPolicy` | yes | `None`, `Basic256Sha256`, `Aes256_Sha256_RsaPss`, `Aes128_Sha256_RsaOaep`, or `ECC_nistP256` | -| `serverAuthMode` | yes | Auth for clients connecting to this server: `anonymous` or `user` | -| `serverUsername` | if user | Server-side username | -| `serverPassword` | if user | Server-side password | -| `clientAuthMode` | yes | Auth for LDS connection: `anonymous` or `user` | -| `clientUsername` | if user | Client-side username (for LDS) | -| `clientPassword` | if user | Client-side password (for LDS) | -| `trustList` | no | Trusted certificate path (repeat for multiple) | - -### ClientFindServers Keys - -| Key | Required | Description | -|-----|----------|-------------| -| `discoveryEndpoint` | yes | LDS endpoint URL (e.g. `opc.tcp://localhost:4840`) | -| `applicationUri` | yes | OPC UA application URI | -| `certificate` | yes | Path to client certificate (.der) | -| `privateKey` | yes | Path to client private key (.der) | -| `securityMode` | yes | `None`, `Sign`, or `SignAndEncrypt` | -| `securityPolicy` | yes | `None`, `Basic256Sha256`, `Aes256_Sha256_RsaPss`, `Aes128_Sha256_RsaOaep`, or `ECC_nistP256` | -| `authMode` | yes | `anonymous` or `user` | -| `username` | if user | Username for session auth | -| `password` | if user | Password for session auth | -| `trustList` | no | Trusted certificate path (repeat for multiple) | - -## Testing - -Integration tests use CTest and cover 6 combinations of security mode/policy and authentication: - -| Test | Security | Auth | -|------|----------|------| -| `none_anon` | None / None | anonymous | -| `none_user` | None / None | user | -| `basic256sha256_anon` | SignAndEncrypt / Basic256Sha256 | anonymous | -| `basic256sha256_user` | SignAndEncrypt / Basic256Sha256 | user | -| `aes128_anon` | SignAndEncrypt / Aes128_Sha256_RsaOaep | anonymous | -| `aes128_user` | SignAndEncrypt / Aes128_Sha256_RsaOaep | user | - -Run all tests: - -```sh -ctest --test-dir build --output-on-failure -``` - -Each test starts ServerLDS (port 14840) and ServerRegister (port 14841), runs ClientFindServers, then validates: -1. Client exits with code 0 -2. FindServers output contains `urn:bobink.ServerRegister` -3. Client read the current time (`date is:`) -4. Endpoint listing contains the expected security policy - -To add a new test case: create a directory under `tests/` with 3 config files (`server_lds.conf`, `server_register.conf`, `client_find_servers.conf`), then add a `"name;ExpectedPolicy"` entry to the `INTEGRATION_TESTS` list in `CMakeLists.txt`. - -### Memory Leak Check (ASan) - -Rebuild with AddressSanitizer, then run the tests: - -```sh -cmake -B build -DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" -cmake --build build --parallel -ASAN_OPTIONS="detect_leaks=1" ctest --test-dir build --output-on-failure -``` - -Reconfigure without the flags afterwards to return to a normal build: - -```sh -cmake -B build -DCMAKE_C_FLAGS="" -DCMAKE_EXE_LINKER_FLAGS="" -cmake --build build --parallel -``` - -## Project Structure - -| Path | Purpose | -|------|---------| -| `src/common.h` / `src/common.c` | Shared helpers: `loadFile()`, `createSecureServer()`, `createSecureClientConfig()`, `parseSecurityMode()`, `resolveSecurityPolicyUri()` | -| `src/config.h` / `src/config.c` | Config file parser: `configLoad()`, `configGet()`, `configRequire()`, `configRequireInt()`, `configGetAll()`, `configFree()` | -| `src/server_lds.c` | Local Discovery Server | -| `src/server_register.c` | Server that registers with LDS | -| `src/client_find_servers.c` | Client that queries LDS and displays endpoints | -| `config/` | Example configuration files for all three programs | -| `tests/` | Integration tests: `run_test.sh` helper and per-test config directories | -| `certs/` | TLS certificates for server, client, and LDS | -| `tools/` | Helper scripts | -| `cmake/BuildDeps.cmake` | Configures, builds, and installs open62541 | -| `deps/open62541` | open62541 git submodule | -- cgit v1.2.3