- tdengine-operator 同时启动 taosd + taosadapter（host 网络）
- 删除单独的 taosadapter bridge 容器
- explorer REST API 地址改为 host.containers.internal:6041
- explorer 去掉 cluster_native（bridge 网络 native 连接不可用）
- iot-platform JDBC URL 改为 host.containers.internal:6031
- start-tdengine-operator.sh 不传 taosd 参数，禁用 keeper/explorer

网络架构:
- iot-platform: host -> bridge (新增 -p 8887:8887 端口映射)
- taos-explorer: bridge (新增 /mnt/taos-explorer-data 数据持久化)
- tdengine-operator: 保持 host 网络

配置更新:
- TDengine URL: 127.0.0.1 -> 172.21.185.173 (宿主机内网 IP)
- Redis host: localhost -> ${REDIS_HOST:localhost} 环境变量
- taos.cfg fqdn: 127.0.0.1 -> 172.21.185.173
- explorer.toml cluster: localhost -> 172.21.185.173

部署脚本:
- REMOTE_DIR: /opt/iot-platform -> /mnt/iot-platform
- 日志目录: /opt/iot-platform/logs -> /mnt/iot-platform/logs
- 去掉自动回滚逻辑，保留容器用于排查
- 新增 -p 8887:8887 端口映射

新增服务器配置文件到仓库:
- deploy/Dockerfile
- deploy/start-container.sh
- deploy/config/taos.cfg
- deploy/config/explorer.toml
- deploy/config/tdengine-explorer.conf
- .env (移除 .gitignore 忽略)

- application.yml: localhost → 127.0.0.1 避免 IPv6 解析问题
- IotProperties.java: 同步修改默认 URL

- 服务器新建独立 TDengine 容器实例（Podman），端口 6031
- 数据卷挂载至 /mnt/tdengine-new/（大容量数据盘）
- 部署 taos-explorer Web 控制台，nginx 6060 端口反向代理 + Basic Auth
- 升级 taos-jdbcdriver 3.2.7 → 3.3.2
- 应用 JDBC URL 指向新实例 localhost:6031
- TdEngineService 删除 device_id VARCHAR(32) 特殊处理，统一 VARCHAR(255)

selectjingweidu → selectCoordinates，与 Java 接口定义保持一致。

变量名:
- weather → faultData（消除误导性命名）
- jingdu/weidu → longitude/latitude（消除中文拼音）
- jingduValue/weiduValue → longitudeValue/latitudeValue
- tdEngineshuju → tdEngineData（消除中文拼音）
- companyid → companyId
- controllername → controllerName
- tablename → tableNames

方法名（camelCase 规范化）:
- selectall → selectAll
- insertfault → insertFault, updatefault → updateFault
- insertalarm → insertAlarm
- createmessage → createMessage
- selecttables → selectTables, inserttables → insertTables
- selectjingweidu → selectCoordinates（消除中文拼音）
- triggermethod → triggerMethod
- 等 40+ 个 mapper/service 方法名

类名:
- Sysrealtime → SysRealtime
- SysrealtimeMapper → SysRealtimeMapper
- SysrealtimeService → SysRealtimeService
- 所有引用同步更新

安全修复:
- MqttFaultConsumer: 修复 SSRF 漏洞，使用 UriComponentsBuilder + controllerId 白名单
- TdEngineService: 修复 SQL 注入，information_schema 查询改用 PreparedStatement
- TdEngineService: 收紧 ALLOWED_COLUMNS 正则，仅允许 ASCII 字母数字下划线
- TdEngineService: 修复静默数据丢失，超长字符串截断存储而非返回 NULL
- TdEngineAlarm: SQL 查询参数化，防止注入
- MqttFaultConsumer/MqttDynamicConsumer: topic/controllerId/dbName 白名单校验
- SysDeviceService: 添加表名校验

代码质量:
- 统一使用 Fastjson2 替代 Jackson ObjectMapper
- Domain 类字段全部改为 private（13 个类）
- topics.java 重命名为 Topics.java
- SimpleDateFormat 替换为线程安全的 DateTimeFormatter
- 提取魔法数字为常量（DEFAULT_BATCH_SIZE 等）
- SysWorkorderMapper.xml 修复 SQL 逻辑错误（AND/OR 括号）
- SysIndicatorsMapper.xml 修正字段名 createtime -> createdata
- SysControllerService 移除 Service 层 @Param 注解
- MqttGenericConsumer 提取过长方法
- NumericIdGenerator 支持 @Value 注入 workerId/dataCenterId
- 空 catch 块补充日志

日志级别优化:
- WARN 31 -> 9 (-71%)，数据校验/格式问题降级为 INFO
- INFO 28 -> 50 (+79%)，正常业务流使用 INFO
- ERROR 37 -> 33 (-11%)，仅最终失败使用 ERROR

Security:
- Remove hardcoded password fallbacks from application-druid.yml
- Add table name whitelist validation to SysFaultService & SysAlarmService
- Externalize VehicleSyncTask webhook URL to IotProperties config

Concurrency & Resource Management:
- Fix AbstractMqttConsumer reconnect/disconnect race (synchronized)
- Fix MqttClient resource leaks in disconnect() with separate try blocks
- Fix AbstractDynamicMqttConsumer broken-state MqttClient reuse
- Fix TDengineService stableColumnCache unbounded growth (MAX_CACHE_SIZE=1000)

Input Validation:
- Add null/empty checks to MqttGenericConsumer (controllerId, path, timestamp)
- Add null/empty checks to MqttFaultConsumer (controllerId, deviceId, type, desc)
- Guard against ArrayIndexOutOfBoundsException on topic path split

Tests:
- Update VehicleSyncTaskTest for new IotProperties constructor param
- All 79 tests pass, build succeeds

- 新建 AbstractDynamicMqttConsumer 抽象基类，抽取连接/订阅/重连公共逻辑
- MqttDynamicConsumer extends 基类，仅保留 fetchTopics + processMessage
- MqttChargeStationConsumer extends 基类，仅保留 fetchTopics + processMessage
- 配置化 ChargeStation topic（IotProperties + application.yml）
- 修复 @DependsOn 位置（方法→类级别）
- 从 disconnect() 中移除 tdengineService.close()（Spring单例不应被消费者关闭）
- 基类日志统一使用 {} 占位符，移除 emoji

- Delete old RuoYi scripts: bin/*.bat, ry.bat, ry.sh
- Delete empty directories: controller/, service/impl/, static/, templates/
- Delete unused mybatis-config.xml (Spring Boot auto-configures MyBatis)
- Remove unused Maven dependencies: fastjson2, poi-ooxml
- Clean root pom.xml: remove bitwalker, kaptcha, oshi, velocity, poi, fastjson2 version management

Build verified: mvn clean package passes.

- Delete 6 legacy RuoYi modules (ruoyi-admin/framework/system/common/quartz/generator)
- Create new iot-platform Spring Boot 2.5.15 module with all IoT business
- Migrate 5 MQTT consumers, VehicleSyncTask, 14 services, 15 domains/mappers
- P0 security fixes:
  - Replace string-concat SQL with field whitelist + escapeValue in TDengineService, DynamicSqlProvider, TDegnineAlarm
  - Externalize hardcoded MQTT/TDengine credentials to application.yml via IotProperties
  - Fix thread-unsafe static shared Connection/Statement in TDegnineAlarm (use per-method connections)
- Logging normalization: replace 148 System.out/err.println with SLF4J, add logback-spring.xml (100MB rolling, 30d retention)
- Dead code cleanup: NumericIdGenerator (238→65 lines), merge TDengineConnecting into TDengineService
- Verified: mvn clean package passes, app boots with all 5 MQTT consumers

Security (P0):
- Remove hardcoded MQTT/TDengine credentials from IotProperties defaults
- Clear password fallbacks in application.yml (was ${ENV:real_password})
- Add @PostConstruct validation to block startup on missing credentials
- Add Redis distributed locks to VehicleSyncTask 4 @Scheduled methods
- Move static thread pools to Spring-managed beans with destroyMethod

Robustness (P1):
- Split broad catch(Exception) into specific types (MqttException,
  InterruptedException, TimeoutException, ExecutionException)
- Restore InterruptedException flag in all catch blocks
- Add closeQuietly() for JDBC Statement/ResultSet cleanup
- Configure RestTemplate with 5s connect / 10s read timeouts

Quality (P2):
- Production log levels: debug/trace → info
- Tomcat: max 800→200, min-spare 100→20, accept-count 1000→100
- Redis pool: max-active 8→16, max-idle 8→16, min-idle 0→4, max-wait 5s

Monitoring (P3):
- Actuator: show-details always→never, exposure health,info→health only

Testing:
- Add JaCoCo plugin for coverage reporting
- Add IotProperties, ExecutorConfig, RestTemplateConfig unit tests
- 26 tests passing

Security (P0):
- Remove hardcoded MySQL password from SysrealtimeService
- Add table name whitelist validation (regex + length limit)
- Validate ${tableName} in SysrealtimeMapper.xml
- Externalize all credentials to .env file
- Fix unbounded thread pools in MQTT consumers
- Fix mysqlWritePool leak in MqttFaultConsumer

Quality (P1):
- Extract AbstractMqttConsumer base class (-500+ duplicate lines)
- Refactor VehicleSyncTask: SCAN instead of KEYS, batch ops,
  RestTemplate timeout, loop-invariant extraction
- Add unit tests (RedisKeys, SysrealtimeService, MqttConsumer)

Architecture (P2):
- Add Spring Boot Actuator (/actuator/health)
- Create RedisKeys constants class for key namespace
- Add .env.example and start.sh for local development

Deployment:
- Add systemd service (iot-platform.service)
- Add deploy.sh with build, upload, backup, health check, rollback
- Add setup-server.sh for server initialization
- Add health-check.sh (Actuator + TCP port fallback)

Docs:
- Update CLAUDE.md for standalone iot-platform architecture
- Update README.md with build/deploy instructions
- Add deploy/README.md

- Delete 6 legacy RuoYi modules (ruoyi-admin/framework/system/common/quartz/generator)
- Create new iot-platform Spring Boot 2.5.15 module with all IoT business
- Migrate 5 MQTT consumers, VehicleSyncTask, 14 services, 15 domains/mappers
- P0 security fixes:
  - Replace string-concat SQL with field whitelist + escapeValue in TDengineService, DynamicSqlProvider, TDegnineAlarm
  - Externalize hardcoded MQTT/TDengine credentials to application.yml via IotProperties
  - Fix thread-unsafe static shared Connection/Statement in TDegnineAlarm (use per-method connections)
- Logging normalization: replace 148 System.out/err.println with SLF4J, add logback-spring.xml (100MB rolling, 30d retention)
- Dead code cleanup: NumericIdGenerator (238→65 lines), merge TDengineConnecting into TDengineService
- Verified: mvn clean package passes, app boots with all 5 MQTT consumers

- Delete 6 legacy RuoYi modules (ruoyi-admin/framework/system/common/quartz/generator)
- Create new iot-platform Spring Boot 2.5.15 module with all IoT business
- Migrate 5 MQTT consumers, VehicleSyncTask, 14 services, 15 domains/mappers
- P0 security fixes:
  - Replace string-concat SQL with field whitelist + escapeValue in TDengineService, DynamicSqlProvider, TDegnineAlarm
  - Externalize hardcoded MQTT/TDengine credentials to application.yml via IotProperties
  - Fix thread-unsafe static shared Connection/Statement in TDegnineAlarm (use per-method connections)
- Logging normalization: replace 148 System.out/err.println with SLF4J, add logback-spring.xml (100MB rolling, 30d retention)
- Dead code cleanup: NumericIdGenerator (238→65 lines), merge TDengineConnecting into TDengineService
- Verified: mvn clean package passes, app boots with all 5 MQTT consumers