OKTO L2 Pilot Readiness Checklist
Living document. Maps every commitment in
proposals/output/OKTO_Technical_Proposal.pdf
to a concrete test, owner, and sign-off state for the LUZ pilot (Phase Ф4,
September 2026). Update this file on every release.
How to read
Each row references the proposal section (e.g. §4.2), describes the
commitment in one line, points at the implementation + test artefact, and
tracks status as one of:
READY — production-grade code + automated test + manual sign-off.VERIFY — code merged, needs HIL bench run before pilot.GATED — feature gated behind a flag; enable only if the pilot site opts in.OUT-OF-SCOPE — proposal explicitly marked optional (e.g. §1.2 aggregation).
§1 Architecture & reliability
| Item |
Implementation |
Test |
Status |
| L2 Server + thin client on one IPC |
docker-compose.terminal.yml |
Manual deploy + smoke |
READY |
| Offline queue, transactional scans |
edge-service/.../OfflineQueueService.kt |
OperationQueueRecoveryTest |
READY |
| Auto-reconnect exponential backoff |
edge-service/.../ServerConnectionService.kt |
FactoryServerSyncClientTest |
READY |
| Signed firmware + staged rollout |
kiosk/okto-update.sh (cosign + SHA-256) |
Manual image sign + update test |
VERIFY |
| Full audit of every action |
AuditChainService + EventService |
AuditChainServiceTest |
READY |
§4.1 Edge core
| Item |
Implementation |
Test |
Status |
| Multi-driver managers (scanner/printer/PLC) |
ScannerManagerService, PrinterManagerService, PlcManagerService |
L2DomainTest, ScannerManagerMergeTest, L2PrinterDriversTest |
READY |
| 12+ DataMatrix validation rules |
edge-service/.../validation/ |
ServiceTest |
READY |
| ≤50 ms accept/reject decision |
ScanTelemetryService + HUD |
load-test/l2-ten-scanners.js (p95 < 50 ms) |
VERIFY |
| Structured event journal with µs |
EventService + EventsTable |
EdgeStatusPagesTest |
READY |
| Batch accounting ("Партионный учёт") |
BatchAccountingService |
BatchAccountingServiceTest (add if missing) |
VERIFY |
§4.2 Operator terminal (thin client)
| Item |
Implementation |
Test |
Status |
| Touch web kiosk |
operator-ui/ + Chromium kiosk script |
Manual HIL bench |
READY |
| RU/EN per operator account |
LoginPage honours user.language; i18n swap on login |
Manual |
READY |
| Primary nav Scanner/Batch/Status/Modes/Settings |
operator-ui/src/components/Layout.tsx |
Manual |
READY |
| Journal + L2 settings + PLC page |
In Layout secondary menu; pages live under operator-ui/src/pages/ |
Manual |
READY |
| Embeddable PLC Web-HMI |
PlcVisualisationPage.tsx |
Manual |
READY |
| Kiosk autostart + lockdown |
kiosk/install-kiosk.sh |
Manual boot test |
VERIFY |
§4.3 Fleet control centre (factory-server)
Out of scope for the terminal deployment. See factory-server/ + dashboard.
§5 Data flow
| Item |
Implementation |
Test |
Status |
| µs-precision event flow |
EventService.record |
AuditChainServiceTest |
READY |
| Offline queue depth surfaced |
/api/v1/operator/hud |
load-test HUD probe |
READY |
| Decision latency SLO p99 ≤ 50 ms |
ScanTelemetryService + load test thresholds |
load-test/l2-ten-scanners.js |
VERIFY |
§8 PLC integration
| Protocol |
Driver |
Status |
| Modbus TCP |
ModbusTcpPlcClient |
READY |
| Modbus RTU |
ModbusRtuPlcClient (jSerialComm + hand-rolled CRC16) |
READY — verify on bench |
| OPC UA |
OpcUaPlcClient (Eclipse Milo 0.6.12) |
VERIFY on Prosys/opcua-sim |
| EtherNet/IP |
EthernetIpPlcClient |
GATED — via Modbus TCP gateway (risk matrix #2) |
| Profinet |
ProfinetPlcClient |
GATED — via industrial gateway (risk matrix #1) |
| TCP Socket |
TcpSocketPlcClient |
READY |
§9 Logging / diagnostics
| Item |
Implementation |
Test |
Status |
| Structured journal, µs timestamps |
EventService |
EdgeStatusPagesTest |
READY |
| ACK with actor + ts |
EventService.ack + audit chain |
AuditChainServiceTest |
READY |
| CSV/JSON/XML export |
EventService.export |
TODO add regression |
VERIFY |
Live /ws stream |
Routes.kt webSocket + EventService.stream() |
Manual (JournalPage) |
READY |
| FTP sink |
LogSinkService.FtpSink |
Manual (local FTP) |
READY |
| HTTP sink |
LogSinkService.HttpSink |
Manual |
READY |
| SMB / S3 sinks |
Stubs with clear warnings |
— |
GATED |
§10 Physical controls & safety
| Item |
Implementation |
Test |
Status |
| GPIO reset button, status lamps |
GpioService (sysfs) |
Manual, pending bench |
VERIFY |
| UPS → safe shutdown timeline |
UpsMonitorService + executeSafeShutdown flag |
Pending HIL |
VERIFY |
| OWEN IBP120K monitor |
Megatec/Q1 over RS-232 |
Pending OWEN on bench |
VERIFY |
| NUT fallback |
NUT TCP client |
Manual |
READY |
| Item |
Implementation |
Test |
Status |
| VLAN segmentation |
Cabinet network design (off-code) |
Deployment |
OUT-OF-SCOPE here |
| RBAC (ADMIN / MANAGER / OPERATOR / VIEWER) |
EdgeAuthService + EdgeRoles |
EdgeAuthServiceTest (add) |
READY |
| JWT + rotation + revocation |
EdgeAuthService.issueToken / revoke |
Manual |
READY |
| TLS 1.2+ on all external links |
docker/nginx-terminal.conf |
Manual curl |
READY |
| Secrets in OS keystore |
Config-file (Hoplite) + AppConfig.validateConfig |
Manual |
VERIFY |
| Firmware signatures |
okto-update.sh cosign verify + SHA-256 |
Manual end-to-end |
VERIFY |
| Audit integrity |
AuditChainService append-only hash chain + /api/v1/audit/chain/verify |
AuditChainServiceTest |
READY |
| Simulation endpoints disabled by default |
allowSimulationEndpoints flag + ADMIN gate |
Manual |
READY |
| AppArmor hardening |
packaging/apparmor/okto_edge |
Manual aa-enforce |
VERIFY |
§14 Risk matrix
| # |
Risk |
Mitigation |
Status |
| 1 |
Profinet availability |
Gateway Profinet↔Modbus TCP |
GATED |
| 2 |
EtherNet/IP on Linux |
Same gateway strategy |
GATED |
| 3 |
OWEN IBP120K protocol |
NUT + Megatec Q1 fallback |
READY |
| 4 |
GPIO vendor variance |
sysfs backend + MOCK fallback |
READY |
| 5 |
10 scanners on one IPC — throughput |
load-test/l2-ten-scanners.js with p99 ≤ 50 ms |
VERIFY |
| 6 |
Migration from legacy L2 |
packages/okto-migrate |
OUT-OF-SCOPE here |
| 7 |
Hardware lead time |
Dual-source BOM |
OUT-OF-SCOPE here |
| 8 |
PLC / HMI is the customer's |
Contractual in Ф1 |
OUT-OF-SCOPE |
Sign-off log
| Date |
Reviewer |
Section(s) |
Result |
| fill in |
fill in |
fill in |
fill in |