openc3 7.1.0 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa824943ce72cce586cdfe03c1a5a8395120801bd845174c25433a15bf986306
-  data.tar.gz: 620cc66576e14e7e696419e5be0b5704190452d29efc35a315a489099b20f82e
+  metadata.gz: 90e17f6bf28158ea786646171220e3c23aca07cce30559b3e64a29f83dabb50d
+  data.tar.gz: 9a13e73273ba67e7d6003a9578a34a8b1c0abadea3b8d4d369f1fd3803a4f0ec
 SHA512:
-  metadata.gz: 1f392d51b2e5870128a995aa9e5717f9a4ed3bf0b8f55952b9141ec34898406734a2a834cf18d09b78d6e82f5675c2c0f3269e2ef62964ec58f2b96b8933ce80
-  data.tar.gz: a92a073ff672da55a44b85b700cb5b6a908208e9a10ddcad77828f02de0f877c3db2252d7d93857ab5b65d55b39594dfc109d72028a82cbfeaa6e468878eef94
+  metadata.gz: eec5ccdb945747570717e5f60f9a89158d500d994f1fa5e6ebc81ed8bb263229950f10e1f277e0c68bf5d9fb531f3470354d45fda2164f7608c9ad22413b2022
+  data.tar.gz: a32f7675eacf6b41b345a4b5ae554292db011499d12a9e5e65173c514e5fac7e66da3bacea7ad5cf9a3738fcb96e3a82009997993fc70722d4a9ba4edd236261

data/bin/openc3cli

@@ -444,6 +444,9 @@ def unload_plugin(plugin_name, scope:)
       plugin_model = OpenC3::PluginModel.get_model(name: plugin_name, scope: scope)
       plugin_model.destroy
       OpenC3::LocalMode.remove_local_plugin(plugin_name, scope: scope)
+      # Remove the backing gem now that no PluginModel references it,
+      # so it disappears from the admin Packages tab.
+      OpenC3::PluginModel.cleanup_gem(plugin_name, scope: scope)
       OpenC3::Logger.info("PluginModel destroyed: #{plugin_name}", scope: scope)
     rescue => e
       abort("Error uninstalling plugin: #{scope}: #{plugin_name}: #{e.formatted}")

data/data/config/command_modifiers.yaml

@@ -417,12 +417,12 @@ VALIDATOR:
                 return [False, "TGT PKT ITEM is 0"]
             self.cmd_acpt_cnt = tlm("INST HEALTH_STATUS CMD_ACPT_CNT")
             # Return true to indicate Success, false to indicate Failure,
-            # and nil to indicate Unknown. The second value is the optional message.
+            # and None to indicate Unknown. The second value is the optional message.
             return [True, None]
 
         def post_check(self, command):
             wait_check(f"INST HEALTH_STATUS CMD_ACPT_CNT > {self.cmd_acpt_cnt}", 10)
             # Return true to indicate Success, false to indicate Failure,
-            # and nil to indicate Unknown. The second value is the optional message.
+            # and None to indicate Unknown. The second value is the optional message.
             return [True, None]
   since: 5.19.0

data/data/config/interface_modifiers.yaml

@@ -212,7 +212,9 @@ WORK_DIR:
     WORK_DIR '/openc3/lib/openc3/microservices'
 PORT:
   summary: Open port for the microservice
-  description: Kubernetes needs a Service to be applied to open a port so this is required for Kubernetes support
+  description:
+    Kubernetes needs a Service to be applied to open a port so this is required for Kubernetes support
+    See [Exposing Microservices](/docs/guides/exposing-microservices) for more information.
   since: 5.7.0
   parameters:
     - name: Number

data/data/config/item_modifiers.yaml

@@ -111,20 +111,27 @@ CONVERTED_DATA:
       values: \d+
 LIMITS:
   summary: Defines a set of limits for a telemetry item
-  description: If limits are violated a message is printed in the Command and Telemetry Server
+  description: |
+    If limits are violated a message is printed in the Command and Telemetry Server
     to indicate an item went out of limits. Other tools also use this information
     to update displays with different colored telemetry items or other useful information.
     The concept of "limits sets" is defined to allow for different limits values
     in different environments. For example, you might want tighter or looser limits
     on telemetry if your environment changes such as during thermal vacuum testing.
+
+    A DEFAULT limits set is required for every telemetry item with limits. If you
+    define additional named sets (e.g. TVAC), the DEFAULT set must be defined first.
+    Attempting to define a named set before DEFAULT will raise an error of the form
+    "DEFAULT limits set must be defined for TARGET PACKET ITEM before setting limits set NAME".
   example: |
     LIMITS DEFAULT 3 ENABLED -80.0 -70.0 60.0 80.0 -20.0 20.0
     LIMITS TVAC 3 ENABLED -80.0 -30.0 30.0 80.0
   parameters:
     - name: Limits Set
       required: true
-      description: Name of the limits set. If you have no unique limits sets use
-        the keyword DEFAULT.
+      description: Name of the limits set. A DEFAULT set is required and must be
+        defined before any other named sets for this item. If you have no unique
+        limits sets use the keyword DEFAULT.
       values: .+
     - name: Persistence
       required: true

data/data/config/microservice.yaml

@@ -40,7 +40,9 @@ MICROSERVICE:
           WORK_DIR .
     PORT:
       summary: Open port for the microservice
-      description: Kubernetes needs a Service to be applied to open a port so this is required for Kubernetes support
+      description:
+        Kubernetes needs a Service to be applied to open a port so this is required for Kubernetes support.
+        See [Exposing Microservices](/docs/guides/exposing-microservices) for more information.
       since: 5.0.10
       parameters:
         - name: Number

data/data/config/plugins.yaml

@@ -38,6 +38,7 @@ VARIABLE_STATE:
     VARIABLE log_retain_time 172800
     VARIABLE_STATE "24 hours" 86400
     VARIABLE_STATE "48 hours" 172800
+    VARIABLE_STATE 60 # Both description and value are set to 60
   parameters:
     - name: State Description
       required: false

data/lib/openc3/api/api.rb

@@ -17,6 +17,7 @@
 
 require 'openc3/script/extract'
 require 'openc3/script/api_shared'
+require 'openc3/api/calendar_api'
 require 'openc3/api/cmd_api'
 require 'openc3/api/config_api'
 require 'openc3/api/interface_api'

data/lib/openc3/api/calendar_api.rb

@@ -0,0 +1,183 @@
+# encoding: ascii-8bit
+
+# Copyright 2026 OpenC3, Inc.
+# All Rights Reserved.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See LICENSE.md for more details.
+#
+# This file may also be used under the terms of a commercial license
+# if purchased from OpenC3, Inc.
+
+require 'date'
+require 'openc3/models/timeline_model'
+require 'openc3/models/activity_model'
+require 'openc3/topics/timeline_topic'
+
+module OpenC3
+  module Api
+    # NOTE: These methods are intentionally NOT added to WHITELIST. Their signatures
+    # match openc3/lib/openc3/script/calendar.rb (no manual:/token: kwargs), so they
+    # cannot be dispatched via JSON-RPC (which auto-injects manual/token from headers).
+    # The script-side calendar methods reach the server through the timeline/activity
+    # HTTP controllers, which call these helpers after performing their own
+    # authorization.
+
+    # Returns an array of all timelines for the given scope.
+    def list_timelines(scope: $openc3_scope)
+      ret = []
+      TimelineModel.all.each do |timeline, value|
+        if scope == timeline.split('__')[0]
+          ret << value
+        end
+      end
+      ret
+    end
+
+    # Creates a new timeline and deploys its microservice.
+    # @return [Hash] the created timeline as a hash
+    def create_timeline(name, color: nil, scope: $openc3_scope)
+      model = TimelineModel.new(name: name, color: color, scope: scope)
+      model.create()
+      model.deploy()
+      model.as_json()
+    end
+
+    # @return [Hash, nil] the timeline as a hash, or nil if not found
+    def get_timeline(name, scope: $openc3_scope)
+      model = TimelineModel.get(name: name, scope: scope)
+      return nil if model.nil?
+      model.as_json()
+    end
+
+    # Updates the color of an existing timeline.
+    # @return [Hash, nil] the updated timeline as a hash, or nil if not found
+    def set_timeline_color(name, color, scope: $openc3_scope)
+      model = TimelineModel.get(name: name, scope: scope)
+      return nil if model.nil?
+      model.color = color
+      model.update()
+      model.notify(kind: 'updated')
+      model.as_json()
+    end
+
+    # Updates the execute flag of an existing timeline.
+    # @return [Hash, nil] the updated timeline as a hash, or nil if not found
+    def set_timeline_execute(name, enable, scope: $openc3_scope)
+      model = TimelineModel.get(name: name, scope: scope)
+      return nil if model.nil?
+      model.execute = enable
+      model.update()
+      model.notify(kind: 'updated')
+      model.as_json()
+    end
+
+    # Deletes a timeline (and optionally all of its activities when force is true).
+    # @return [Hash, nil] {'name' => name}, or nil if not found
+    def delete_timeline(name, force: false, scope: $openc3_scope)
+      model = TimelineModel.get(name: name, scope: scope)
+      return nil if model.nil?
+      TimelineModel.delete(name: name, scope: scope, force: force)
+      model.undeploy()
+      model.notify(kind: 'deleted')
+      { 'name' => name }
+    end
+
+    # Creates a new activity on the specified timeline.
+    # username is read from data['username'] if present and is used for the audit event.
+    # @return [Hash] the created activity as a hash
+    def create_timeline_activity(name, kind:, start:, stop:, data: {}, recurring: nil, scope: $openc3_scope)
+      data ||= {}
+      hash = {
+        kind: kind,
+        start: _cal_to_epoch(start),
+        stop: _cal_to_epoch(stop),
+        data: data,
+      }
+      if recurring
+        recurring = recurring.dup
+        if recurring['end']
+          recurring['end'] = _cal_to_epoch(recurring['end'])
+        end
+        hash[:recurring] = recurring
+      end
+      model = ActivityModel.from_json(hash, name: name, scope: scope)
+      model.create(username: data['username'])
+      model.as_json()
+    end
+
+    # Updates an existing activity on the specified timeline.
+    # @return [Hash, nil] the updated activity as a hash, or nil if not found
+    def update_timeline_activity(name, id:, kind:, start:, stop:, uuid:, data: {}, scope: $openc3_scope)
+      data ||= {}
+      model = ActivityModel.score(name: name, score: id.to_i, uuid: uuid, scope: scope)
+      return nil if model.nil?
+      model.update(
+        start: _cal_to_epoch(start),
+        stop: _cal_to_epoch(stop),
+        kind: kind,
+        data: data,
+        username: data['username'],
+      )
+      model.as_json()
+    end
+
+    # @return [Hash, nil] the activity as a hash, or nil if not found
+    def get_timeline_activity(name, start, uuid, scope: $openc3_scope)
+      model = ActivityModel.score(name: name, score: start.to_i, uuid: uuid, scope: scope)
+      return nil if model.nil?
+      model.as_json()
+    end
+
+    # Returns activities on the timeline in the given window.
+    # When start/stop are nil, defaults to a window of [now - 7 days, now + 7 days].
+    # When limit is nil, defaults to one event per minute over the window.
+    # @return [Array<Hash>] the matching activities
+    def get_timeline_activities(name, start: nil, stop: nil, limit: nil, scope: $openc3_scope)
+      now = DateTime.now.new_offset(0)
+      start_score = start.nil? ? (now - 7).strftime('%s').to_i : _cal_to_epoch(start)
+      stop_score = stop.nil? ? (now + 7).strftime('%s').to_i : _cal_to_epoch(stop)
+      limit ||= ((stop_score - start_score) / 60).to_i
+      ActivityModel.get(name: name, scope: scope, start: start_score, stop: stop_score, limit: limit)
+    end
+
+    # Removes an activity (or all members of its recurring group when recurring is truthy).
+    # @return [Integer] number of activities removed (0 indicates not found)
+    def delete_timeline_activity(name, start, uuid, recurring: nil, scope: $openc3_scope)
+      ActivityModel.destroy(name: name, scope: scope, score: start.to_i, uuid: uuid, recurring: recurring)
+    end
+
+    # @return [Integer] count of activities on the timeline
+    def count_timeline_activities(name, scope: $openc3_scope)
+      ActivityModel.count(name: name, scope: scope)
+    end
+
+    # Commits an event to an existing activity.
+    # @return [Hash, nil] the activity as a hash, or nil if not found
+    def commit_timeline_activity(name, start, uuid, status:, message: nil, scope: $openc3_scope)
+      model = ActivityModel.score(name: name, score: start.to_i, uuid: uuid, scope: scope)
+      return nil if model.nil?
+      model.commit(status: status, message: message)
+      model.as_json()
+    end
+
+    # Convert a value to an epoch integer. Accepts Integer/Numeric (treated as already-epoch),
+    # numeric strings, and ISO-style date/time strings or DateTime/Time objects.
+    def _cal_to_epoch(value)
+      case value
+      when Integer
+        value
+      when Numeric
+        value.to_i
+      when DateTime, Time, Date
+        value.to_datetime.strftime('%s').to_i
+      else
+        s = value.to_s
+        return s.to_i if s.match?(/\A-?\d+\z/)
+        DateTime.parse(s).strftime('%s').to_i
+      end
+    end
+  end
+end

data/lib/openc3/api/tlm_api.rb

@@ -457,6 +457,12 @@ module OpenC3
     alias subscribe_packet subscribe_packets
 
     # Get packets based on ID returned from subscribe_packet.
+    # Packets are ordered within each subscribed packet stream (target/packet pair)
+    # but are NOT interleaved by time across streams. If chronological order across
+    # streams is required, sort the returned array by the 'time' field. Sorting only
+    # orders the current batch - packets across separate get_packets calls may still
+    # arrive out of order, so subscribers needing global ordering must buffer and merge
+    # across calls.
     # @param id [String] ID returned from subscribe_packets or last call to get_packets
     # @param block [Integer] Unused - Blocking must be implemented at the client
     # @param count [Integer] Maximum number of packets to return from EACH packet stream

data/lib/openc3/microservices/decom_microservice.rb

@@ -94,13 +94,15 @@ module OpenC3
       @limits_event_topic = "#{@scope}__openc3_limits_events"
       @topics << @limits_event_topic
       Topic.update_topic_offsets(@topics, db_shard: @db_shard)
+      # Initialize before assigning limits_change_callback - sync_system below
+      # can fire the callback synchronously for any persisted-disabled items.
+      @limits_response_queue = Queue.new
+      @limits_response_thread = nil
       System.telemetry.limits_change_callback = method(:limits_change_callback)
       LimitsEventTopic.sync_system(scope: @scope)
       @error_count = 0
       @metric.set(name: 'decom_total', value: @count, type: 'counter')
       @metric.set(name: 'decom_error_total', value: @error_count, type: 'counter')
-      @limits_response_queue = Queue.new
-      @limits_response_thread = nil
     end
 
     def run

data/lib/openc3/microservices/microservice.rb

@@ -155,11 +155,26 @@ module OpenC3
 
         prefix = "#{@scope}/microservices/#{@name}/"
         file_count = 0
-        client.list_objects(bucket: bucket, prefix: prefix).each do |object|
-          response_target = OpenC3.sanitize_path(File.join(@temp_dir, object.key.split(prefix)[-1]))
-          FileUtils.mkdir_p(File.dirname(response_target))
-          client.get_object(bucket: bucket, key: object.key, path: response_target)
-          file_count += 1
+        # Tolerate transient object store failures during startup. On a busy or
+        # underpowered cluster the bucket store (e.g. MinIO) can be briefly
+        # unreachable while many microservices start at once. Rather than crash
+        # and CrashLoopBackOff (which can outlast deploy timeouts), retry for a
+        # bounded time before giving up.
+        startup_timeout = (ENV['OPENC3_MICROSERVICE_STARTUP_BUCKET_TIMEOUT'] || 60).to_f
+        startup_deadline = Time.now + startup_timeout
+        begin
+          file_count = 0
+          client.list_objects(bucket: bucket, prefix: prefix).each do |object|
+            response_target = OpenC3.sanitize_path(File.join(@temp_dir, object.key.split(prefix)[-1]))
+            FileUtils.mkdir_p(File.dirname(response_target))
+            client.get_object(bucket: bucket, key: object.key, path: response_target)
+            file_count += 1
+          end
+        rescue => error
+          raise if Time.now >= startup_deadline
+          @logger.warn("Microservice #{@name} startup: bucket access failed (#{error.class}: #{error.message}); retrying for up to #{startup_timeout.to_i}s")
+          sleep(5)
+          retry
         end
 
         # Adjust @work_dir to microservice files downloaded if files and a relative path

data/lib/openc3/models/plugin_model.rb

@@ -158,12 +158,12 @@ module OpenC3
             variables[current_variable_name]['description'] = params[0]
           when 'VARIABLE_STATE'
             usage = "#{keyword} <Display Text> <Value>"
-            parser.verify_num_parameters(2, 2, usage)
+            parser.verify_num_parameters(1, 2, usage)
             unless current_variable_name
               raise "VARIABLE_STATE must follow a VARIABLE definition"
             end
             variables[current_variable_name]['options'] ||= []
-            option = { 'value' => params[1], 'text' => params[0] }
+            option = { 'value' => params[1] || params[0], 'text' => params[0] }
             variables[current_variable_name]['options'] << option
           end
         end
@@ -229,12 +229,13 @@ module OpenC3
         plugin_model.homepage = pkg.spec.homepage
         plugin_model.repository = pkg.spec.metadata['source_code_uri'] # this key because it's in the official gemspec examples
         plugin_model.keywords = pkg.spec.metadata['openc3_store_keywords']&.split(/, ?/)
-        img_path = pkg.spec.metadata['openc3_store_image']
-        unless img_path
-          default_img_path = 'public/store_img.png'
-          full_default_path = File.join(gem_path, default_img_path)
-          img_path = default_img_path if File.exist? full_default_path
-        end
+        # Resolve the plugin's store image path. The gemspec generated by
+        # `cli generate plugin` sets `openc3_store_image` to `public/store_img.png`
+        # but does not create that file, so we must verify existence regardless
+        # of whether the path came from metadata or the default — otherwise the
+        # frontend hits a 500 when fetching the missing file.
+        img_path = pkg.spec.metadata['openc3_store_image'] || 'public/store_img.png'
+        img_path = nil unless File.exist?(File.join(gem_path, img_path))
         package_name = "#{pkg.spec.name}-#{pkg.spec.version}"
         plugin_model.img_path = File.join('gems', package_name, img_path) if img_path # convert this filesystem path to volumes mount path
         plugin_model.update() unless validate_only
@@ -525,5 +526,16 @@ module OpenC3
       end
       return result.sort
     end
+
+    # Remove the backing gem for an unloaded plugin so it disappears from
+    # GemModel.names (and the admin Packages tab). Skips the removal if any
+    # other PluginModel (any scope, any counter) still references the gem,
+    # via the existing PluginModel.gem_names check inside GemModel.destroy.
+    def self.cleanup_gem(plugin_name, scope:)
+      gem_filename = plugin_name.split("__")[0]
+      OpenC3::GemModel.destroy(gem_filename, log_and_raise_needed_errors: false)
+    rescue => e
+      Logger.warn("Could not remove gem #{gem_filename}: #{e.message}", scope: scope)
+    end
   end
 end

data/lib/openc3/models/queue_model.rb

@@ -44,34 +44,37 @@ module OpenC3
       model = get_model(name: name, scope: scope)
       raise QueueError, "Queue '#{name}' not found in scope '#{scope}'" unless model
 
-      if model.state != 'DISABLE'
-        result = Store.zrevrange("#{scope}:#{name}", 0, 0, with_scores: true)
-        if result.empty?
-          id = 1.0
-        else
-          id = result[0][1].to_f + 1
-        end
-
-        # Build command data with support for both formats
-        command_data = { username: username, timestamp: Time.now.to_nsec_from_epoch, validate: validate, timeout: timeout }
-        if target_name && cmd_name
-          # New format: store target_name, cmd_name, and cmd_params separately
-          command_data[:target_name] = target_name
-          command_data[:cmd_name] = cmd_name
-          command_data[:cmd_params] = JSON.generate(cmd_params.as_json, allow_nan: true) if cmd_params
-        elsif command
-          # Legacy format: store command string for backwards compatibility
-          command_data[:value] = command
-        else
-          raise QueueError, "Must provide either command string or target_name/cmd_name parameters"
-        end
-
-        Store.zadd("#{scope}:#{name}", id, command_data.to_json)
-        model.notify(kind: 'command')
-      else
+      if model.state == 'DISABLE'
         error_msg = command || "#{target_name} #{cmd_name}"
         raise QueueError, "Queue '#{name}' is disabled. Command '#{error_msg}' not queued."
       end
+
+      result = Store.zrevrange("#{scope}:#{name}", 0, 0, with_scores: true)
+      id = result.empty? ? 1.0 : result[0][1].to_f + 1
+
+      command_data = build_command_data(username: username, command: command, target_name: target_name,
+                                        cmd_name: cmd_name, cmd_params: cmd_params, validate: validate, timeout: timeout)
+      Store.zadd("#{scope}:#{name}", id, command_data.to_json)
+      model.notify(kind: 'command')
+    end
+
+    # Build the hash that gets serialized into Redis. Always uses symbol keys so
+    # downstream code in this class can access values consistently. cmd_params is
+    # JSON-encoded as a string so binary data survives the round-trip via as_json.
+    def self.build_command_data(username:, command: nil, target_name: nil, cmd_name: nil, cmd_params: nil, validate: nil, timeout: nil)
+      command_data = { username: username, timestamp: Time.now.to_nsec_from_epoch }
+      if target_name && cmd_name
+        command_data[:target_name] = target_name
+        command_data[:cmd_name] = cmd_name
+        command_data[:cmd_params] = JSON.generate(cmd_params.as_json, allow_nan: true) if cmd_params
+      elsif command
+        command_data[:value] = command
+      else
+        raise QueueError, "Must provide either command string or target_name/cmd_name parameters"
+      end
+      command_data[:validate] = validate unless validate.nil?
+      command_data[:timeout] = timeout unless timeout.nil?
+      command_data
     end
 
     attr_accessor :name, :state
@@ -115,49 +118,36 @@ module OpenC3
       QueueTopic.write_notification(notification, scope: @scope)
     end
 
-    def insert_command(id, command_data)
+    def insert_command(id: nil, username:, command: nil, target_name: nil, cmd_name: nil, cmd_params: nil, validate: nil, timeout: nil)
       if @state == 'DISABLE'
-        if command_data['value']
-          command_name = command_data['value']
-        else
-          command_name = "#{command_data['target_name']} #{command_data['cmd_name']}"
-        end
+        command_name = command || "#{target_name} #{cmd_name}"
         raise QueueError, "Queue '#{@name}' is disabled. Command '#{command_name}' not queued."
       end
 
       unless id
         result = Store.zrevrange("#{@scope}:#{@name}", 0, 0, with_scores: true)
-        if result.empty?
-          id = 1.0
-        else
-          id = result[0][1].to_f + 1
-        end
+        id = result.empty? ? 1.0 : result[0][1].to_f + 1
       end
 
-      # Convert cmd_params values to JSON-safe format if present
-      if command_data['cmd_params']
-        command_data['cmd_params'] = JSON.generate(command_data['cmd_params'].as_json, allow_nan: true)
-      end
+      command_data = self.class.build_command_data(username: username, command: command, target_name: target_name,
+                                                   cmd_name: cmd_name, cmd_params: cmd_params, validate: validate, timeout: timeout)
       Store.zadd("#{@scope}:#{@name}", id, command_data.to_json)
       notify(kind: 'command')
     end
 
-    def update_command(id:, command:, username:, validate: nil, timeout: nil)
+    def update_command(id:, username:, command: nil, target_name: nil, cmd_name: nil, cmd_params: nil, validate: nil, timeout: nil)
       if @state == 'DISABLE'
         raise QueueError, "Queue '#{@name}' is disabled. Command at id #{id} not updated."
       end
 
-      # Check if command exists at the given id
       existing = Store.zrangebyscore("#{@scope}:#{@name}", id, id)
       if existing.empty?
         raise QueueError, "No command found at id #{id} in queue '#{@name}'"
       end
 
-      # Remove the existing command and add the new one at the same id
       Store.zremrangebyscore("#{@scope}:#{@name}", id, id)
-      command_data = { username: username, value: command, timestamp: Time.now.to_nsec_from_epoch }
-      command_data[:validate] = validate unless validate.nil?
-      command_data[:timeout] = timeout unless timeout.nil?
+      command_data = self.class.build_command_data(username: username, command: command, target_name: target_name,
+                                                   cmd_name: cmd_name, cmd_params: cmd_params, validate: validate, timeout: timeout)
       Store.zadd("#{@scope}:#{@name}", id, command_data.to_json)
       notify(kind: 'command')
     end

data/lib/openc3/models/trigger_model.rb

@@ -107,7 +107,7 @@ module OpenC3
       group:,
       left:,
       operator:,
-      right:,
+      right: nil,
       state: false,
       enabled: true,
       dependents: nil,

data/lib/openc3/operators/operator.rb

@@ -238,6 +238,11 @@ module OpenC3
 
       OperatorProcess.setup()
       @cycle_time = (ENV['OPERATOR_CYCLE_TIME'] and ENV['OPERATOR_CYCLE_TIME'].to_f) || CYCLE_TIME # time in seconds
+      # Maximum number of new microservices to start per cycle. This spreads a
+      # large startup burst (e.g. installing a plugin with many targets) across
+      # multiple cycles so the shared services (object store, redis) aren't
+      # stampeded by every microservice connecting at once. 0 = no limit.
+      @max_start_per_cycle = (ENV['OPENC3_OPERATOR_MAX_START_PER_CYCLE'] || 5).to_i
 
       @ruby_process_name = ENV['OPENC3_RUBY']
       if RUBY_ENGINE != 'ruby'
@@ -262,10 +267,17 @@ module OpenC3
     def start_new
       @mutex.synchronize do
         if @new_processes.length > 0
-          # Start all the processes
-          Logger.info("#{self.class} starting each new process...")
-          @new_processes.each { |_name, p| p.start }
-          @new_processes = {}
+          # Start at most @max_start_per_cycle processes this cycle; any
+          # remaining stay queued in @new_processes and start on later cycles.
+          # This avoids a startup stampede when many microservices appear at
+          # once (e.g. a plugin install) overwhelming the object store / redis.
+          start_names = @new_processes.keys
+          start_names = start_names[0...@max_start_per_cycle] if @max_start_per_cycle > 0
+          Logger.info("#{self.class} starting #{start_names.length} of #{@new_processes.length} new process(es)...")
+          start_names.each do |name|
+            @new_processes[name].start
+            @new_processes.delete(name)
+          end
         end
       end
     end
@@ -273,12 +285,22 @@ module OpenC3
     def respawn_changed
       @mutex.synchronize do
         if @changed_processes.length > 0
-          Logger.info("Cycling #{@changed_processes.length} changed microservices...")
-          shutdown_processes(@changed_processes)
+          # Cycle at most @max_start_per_cycle changed microservices this cycle;
+          # any remaining stay queued in @changed_processes and are cycled on
+          # later cycles. This avoids a restart stampede when many microservices
+          # change at once (e.g. a configmap change) overwhelming shared
+          # services. Processes not yet cycled keep running until their turn.
+          cycle_names = @changed_processes.keys
+          cycle_names = cycle_names[0...@max_start_per_cycle] if @max_start_per_cycle > 0
+          cycle = @changed_processes.slice(*cycle_names)
+          Logger.info("Cycling #{cycle.length} of #{@changed_processes.length} changed microservices...")
+          shutdown_processes(cycle)
           break if @shutdown
 
-          @changed_processes.each { |_name, p| p.start }
-          @changed_processes = {}
+          cycle_names.each do |name|
+            @changed_processes[name].start
+            @changed_processes.delete(name)
+          end
         end
       end
     end
@@ -295,8 +317,11 @@ module OpenC3
 
     def respawn_dead
       @mutex.synchronize do
-        @processes.each do |_name, p|
+        @processes.each do |name, p|
           break if @shutdown
+          # Skip processes still queued by the per-cycle start limit; they
+          # haven't been started yet so they aren't "dead" to be respawned.
+          next if @new_processes[name]
           p.output_increment
           unless p.alive?
             # Respawn process

data/lib/openc3/packets/packet_config.rb

@@ -437,12 +437,25 @@ module OpenC3
       if packet.id_items.length > 0
         key = []
         id_signature = ""
-        # Accessor class is part of the signature so packets in the same target
-        # with different accessors trigger unique_id_mode (different accessors
-        # decode the buffer differently, so the hash-lookup path is unsafe).
+        # Accessor class AND args are part of the signature so packets in the
+        # same target with different accessors -- or the same accessor class
+        # configured with different args -- trigger unique_id_mode. Different
+        # accessors (or same accessor, different args) decode the buffer
+        # differently, so the shared hash-lookup path is unsafe.
         packet.id_items.each do |item|
           key << item.id_value
-          id_signature << "__#{item.key}__#{item.bit_offset}__#{item.bit_size}__#{item.data_type}__#{packet.accessor.class.to_s}"
+          id_signature << "__#{item.key}__#{item.bit_offset}__#{item.bit_size}__#{item.data_type}__#{packet.accessor.class.to_s}__#{packet.accessor.args.inspect}"
+          # STRUCTURE-derived id_items are decoded by the parent's structure
+          # accessor (see Accessor#read_item), so include that accessor's class
+          # and args in the signature too.
+          if item.parent_item
+            parent = packet.get_item(item.parent_item)
+            structure = parent.structure
+            if structure
+              structure_accessor = structure.accessor
+              id_signature << "__#{structure_accessor.class.to_s}__#{structure_accessor.args.inspect}"
+            end
+          end
         end
         target_id_value_hash[key] = packet
         target_id_signature = id_signature_hash[packet.target_name]