Security (P0):
- Remove hardcoded MQTT/TDengine credentials from IotProperties defaults
- Clear password fallbacks in application.yml (was ${ENV:real_password})
- Add @PostConstruct validation to block startup on missing credentials
- Add Redis distributed locks to VehicleSyncTask 4 @Scheduled methods
- Move static thread pools to Spring-managed beans with destroyMethod

Robustness (P1):
- Split broad catch(Exception) into specific types (MqttException,
  InterruptedException, TimeoutException, ExecutionException)
- Restore InterruptedException flag in all catch blocks
- Add closeQuietly() for JDBC Statement/ResultSet cleanup
- Configure RestTemplate with 5s connect / 10s read timeouts

Quality (P2):
- Production log levels: debug/trace → info
- Tomcat: max 800→200, min-spare 100→20, accept-count 1000→100
- Redis pool: max-active 8→16, max-idle 8→16, min-idle 0→4, max-wait 5s

Monitoring (P3):
- Actuator: show-details always→never, exposure health,info→health only

Testing:
- Add JaCoCo plugin for coverage reporting
- Add IotProperties, ExecutorConfig, RestTemplateConfig unit tests
- 26 tests passing

Security (P0):
- Remove hardcoded MySQL password from SysrealtimeService
- Add table name whitelist validation (regex + length limit)
- Validate ${tableName} in SysrealtimeMapper.xml
- Externalize all credentials to .env file
- Fix unbounded thread pools in MQTT consumers
- Fix mysqlWritePool leak in MqttFaultConsumer

Quality (P1):
- Extract AbstractMqttConsumer base class (-500+ duplicate lines)
- Refactor VehicleSyncTask: SCAN instead of KEYS, batch ops,
  RestTemplate timeout, loop-invariant extraction
- Add unit tests (RedisKeys, SysrealtimeService, MqttConsumer)

Architecture (P2):
- Add Spring Boot Actuator (/actuator/health)
- Create RedisKeys constants class for key namespace
- Add .env.example and start.sh for local development

Deployment:
- Add systemd service (iot-platform.service)
- Add deploy.sh with build, upload, backup, health check, rollback
- Add setup-server.sh for server initialization
- Add health-check.sh (Actuator + TCP port fallback)

Docs:
- Update CLAUDE.md for standalone iot-platform architecture
- Update README.md with build/deploy instructions
- Add deploy/README.md

- Delete 6 legacy RuoYi modules (ruoyi-admin/framework/system/common/quartz/generator)
- Create new iot-platform Spring Boot 2.5.15 module with all IoT business
- Migrate 5 MQTT consumers, VehicleSyncTask, 14 services, 15 domains/mappers
- P0 security fixes:
  - Replace string-concat SQL with field whitelist + escapeValue in TDengineService, DynamicSqlProvider, TDegnineAlarm
  - Externalize hardcoded MQTT/TDengine credentials to application.yml via IotProperties
  - Fix thread-unsafe static shared Connection/Statement in TDegnineAlarm (use per-method connections)
- Logging normalization: replace 148 System.out/err.println with SLF4J, add logback-spring.xml (100MB rolling, 30d retention)
- Dead code cleanup: NumericIdGenerator (238→65 lines), merge TDengineConnecting into TDengineService
- Verified: mvn clean package passes, app boots with all 5 MQTT consumers

- Delete 6 legacy RuoYi modules (ruoyi-admin/framework/system/common/quartz/generator)
- Create new iot-platform Spring Boot 2.5.15 module with all IoT business
- Migrate 5 MQTT consumers, VehicleSyncTask, 14 services, 15 domains/mappers
- P0 security fixes:
  - Replace string-concat SQL with field whitelist + escapeValue in TDengineService, DynamicSqlProvider, TDegnineAlarm
  - Externalize hardcoded MQTT/TDengine credentials to application.yml via IotProperties
  - Fix thread-unsafe static shared Connection/Statement in TDegnineAlarm (use per-method connections)
- Logging normalization: replace 148 System.out/err.println with SLF4J, add logback-spring.xml (100MB rolling, 30d retention)
- Dead code cleanup: NumericIdGenerator (238→65 lines), merge TDengineConnecting into TDengineService
- Verified: mvn clean package passes, app boots with all 5 MQTT consumers