eclipse-milo · kevinherron · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
diff --git a/.gitignore b/.gitignore
@@ -34,3 +34,6 @@ CLAUDE.local.md
 
 # External src and other files
 external/
+
+# Claude project MCP configuration
+.mcp.json
diff --git a/docs/architecture/reverse-connect.md b/docs/architecture/reverse-connect.md
diff --git a/...-examples/src/main/java/org/eclipse/milo/examples/client/ReverseConnectExampleProsys.java b/...-examples/src/main/java/org/eclipse/milo/examples/client/ReverseConnectExampleProsys.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2026 the Eclipse Milo Authors
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+
+package org.eclipse.milo.examples.client;
+
+import static java.util.Objects.requireNonNull;
+
+import java.net.InetSocketAddress;
+import java.security.Security;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.eclipse.milo.opcua.sdk.client.OpcUaClient;
+import org.eclipse.milo.opcua.stack.core.NodeIds;
+import org.eclipse.milo.opcua.stack.core.Stack;
+import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
+import org.eclipse.milo.opcua.stack.core.types.builtin.DataValue;
+import org.eclipse.milo.opcua.stack.core.types.builtin.LocalizedText;
+import org.eclipse.milo.opcua.stack.core.types.builtin.NodeId;
+import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
+import org.eclipse.milo.opcua.stack.core.types.enumerated.ServerState;
+import org.eclipse.milo.opcua.stack.core.types.enumerated.TimestampsToReturn;
+import org.eclipse.milo.opcua.stack.transport.client.tcp.OpcTcpReverseConnectTransportConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Example demonstrating OPC UA Reverse Connect with the Prosys OPC UA Simulation Server.
+ *
+ * <p>In Reverse Connect, the client listens for inbound connections from the server. The Prosys
+ * Simulation Server must be configured to initiate reverse connections to this client's listen
+ * address (default: opc.tcp://localhost:48060).
+ *
+ * <p>Setup steps for the Prosys OPC UA Simulation Server:
+ *
+ * <ol>
+ *   <li>Open the Prosys OPC UA Simulation Server.
+ *   <li>Navigate to the Endpoints tab, Reverse Connections section.
+ *   <li>Add a new reverse connection with Client URL: opc.tcp://localhost:48060
+ *   <li>Restart the server.
+ *   <li>Run this example — it will wait for the server to connect.
+ * </ol>
+ *
+ * <p>This example uses {@link SecurityPolicy#None} for simplicity. For secured connections, see
+ * {@link KeyStoreLoader} and the certificate setup in {@link ClientExampleRunner}.
+ */
+public class ReverseConnectExampleProsys {
+
+  /**
+   * The address this client listens on for inbound server connections. Configure the Prosys server
+   * to reverse-connect to this address.
+   */
+  private static final InetSocketAddress LISTEN_ADDRESS = new InetSocketAddress("localhost", 48060);
+
+  private static final Logger logger = LoggerFactory.getLogger(ReverseConnectExampleProsys.class);
+
+  static {
+    Security.addProvider(new BouncyCastleProvider());
+  }
+
+  public static void main(String[] args) throws Exception {
+    OpcUaClient client = createClient();
+
+    try {
+      logger.info("Waiting for Prosys server to reverse-connect to {}...", LISTEN_ADDRESS);
+
+      client.connectAsync().get(30, TimeUnit.SECONDS);
+
+      logger.info("Connected via Reverse Connect.");
+
+      // Read server state and current time
+      List<NodeId> nodeIds =
+          List.of(NodeIds.Server_ServerStatus_State, NodeIds.Server_ServerStatus_CurrentTime);
+
+      List<DataValue> values =
+          client.readValuesAsync(0.0, TimestampsToReturn.Both, nodeIds).get(5, TimeUnit.SECONDS);
+
+      DataValue stateValue = values.get(0);
+      DataValue timeValue = values.get(1);
+
+      logger.info(
+          "State={}", ServerState.from((Integer) requireNonNull(stateValue.value().value())));
+      logger.info("CurrentTime={}", timeValue.value().value());
+    } finally {
+      client.disconnectAsync().get(5, TimeUnit.SECONDS);
+      Stack.releaseSharedResources();
+    }
+  }
+
+  private static OpcUaClient createClient() throws Exception {
+    var transportConfig =
+        OpcTcpReverseConnectTransportConfig.newBuilder().setListenAddress(LISTEN_ADDRESS).build();
+
+    return OpcUaClient.createReverseConnect(
+            transportConfig,
+            endpoints ->
+                endpoints.stream()
+                    .filter(e -> SecurityPolicy.None.getUri().equals(e.getSecurityPolicyUri()))
+                    .filter(e -> e.getSecurityMode() == MessageSecurityMode.None)
+                    .findFirst(),
+            clientConfig ->
+                clientConfig
+                    .setApplicationName(LocalizedText.english("eclipse milo opc-ua client"))
+                    .setApplicationUri("urn:eclipse:milo:examples:client"))
+        .get(60, TimeUnit.SECONDS);
+  }
+}
diff --git a/...on-tests/src/test/java/org/eclipse/milo/opcua/sdk/client/ReverseConnectDiscoveryTest.java b/...on-tests/src/test/java/org/eclipse/milo/opcua/sdk/client/ReverseConnectDiscoveryTest.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 2025 the Eclipse Milo Authors
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+
+package org.eclipse.milo.opcua.sdk.client;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.net.InetSocketAddress;
+import java.time.Duration;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import org.eclipse.milo.opcua.sdk.server.EndpointConfig;
+import org.eclipse.milo.opcua.sdk.server.OpcUaServer;
+import org.eclipse.milo.opcua.sdk.server.ReverseConnectHandle;
+import org.eclipse.milo.opcua.sdk.server.ReverseConnectManager;
+import org.eclipse.milo.opcua.sdk.test.TestServer;
+import org.eclipse.milo.opcua.stack.core.types.structured.ApplicationDescription;
+import org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription;
+import org.eclipse.milo.opcua.stack.transport.client.tcp.OpcTcpReverseConnectTransportConfig;
+import org.eclipse.milo.opcua.stack.transport.server.tcp.OpcTcpServerTransportConfig;
+import org.eclipse.milo.opcua.stack.transport.server.tcp.ReverseConnectConfig;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+
+/**
+ * Integration tests for the {@link DiscoveryClient} static Reverse Connect discovery methods:
+ * {@link DiscoveryClient#getEndpoints(OpcTcpReverseConnectTransportConfig)} and {@link
+ * DiscoveryClient#findServers(OpcTcpReverseConnectTransportConfig)}.
+ *
+ * <p>A fixed listen port is used because the static methods create and manage the transport
+ * internally, so the test cannot extract an OS-assigned ephemeral port via reflection. The server's
+ * retry loop (500ms interval) quickly finds the client once the listening socket opens.
+ */
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+class ReverseConnectDiscoveryTest {
+
+  /**
+   * Fixed listen port. The static {@link DiscoveryClient} methods manage the transport internally,
+   * so the test cannot read an OS-assigned ephemeral port. See class Javadoc.
+   */
+  private static final int LISTEN_PORT = 48070;
+
+  private static final long TIMEOUT_SECONDS = 30;
+
+  private OpcUaServer server;
+
+  @BeforeAll
+  void setUp() throws Exception {
+    TestServer testServer = TestServer.create();
+    server = testServer.getServer();
+
+    ReverseConnectConfig rcConfig =
+        ReverseConnectConfig.newBuilder()
+            .setConnectInterval(Duration.ofMillis(500))
+            .setConnectTimeout(Duration.ofSeconds(5))
+            .setRejectBackoff(Duration.ofMillis(500))
+            .setMaxReconnectDelay(Duration.ofSeconds(2))
+            .build();
+
+    OpcTcpServerTransportConfig transportConfig = OpcTcpServerTransportConfig.newBuilder().build();
+
+    var manager = new ReverseConnectManager(rcConfig, transportConfig);
+    server.setReverseConnectManager(manager);
+    server.startup().get();
+  }
+
+  @AfterAll
+  void tearDown() throws Exception {
+    server.shutdown().get(10, TimeUnit.SECONDS);
+  }
+
+  @Test
+  void getEndpointsViaReverseConnect() throws Exception {
+    var config =
+        OpcTcpReverseConnectTransportConfig.newBuilder()
+            .setListenAddress(new InetSocketAddress("localhost", LISTEN_PORT))
+            .build();
+
+    ReverseConnectHandle handle =
+        server.addReverseConnect("opc.tcp://localhost:" + LISTEN_PORT, getServerEndpointUrl());
+
+    try {
+      List<EndpointDescription> endpoints =
+          DiscoveryClient.getEndpoints(config).get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+
+      assertFalse(endpoints.isEmpty(), "expected at least one endpoint");
+
+      String serverAppUri = server.getConfig().getApplicationUri();
+      assertTrue(
+          endpoints.stream()
+              .anyMatch(
+                  e ->
+                      e.getServer() != null
+                          && serverAppUri.equals(e.getServer().getApplicationUri())),
+          "expected an endpoint with the server's application URI");
+    } finally {
+      server.removeReverseConnect(handle);
+    }
+  }
+
+  @Test
+  void findServersViaReverseConnect() throws Exception {
+    var config =
+        OpcTcpReverseConnectTransportConfig.newBuilder()
+            .setListenAddress(new InetSocketAddress("localhost", LISTEN_PORT))
+            .build();
+
+    ReverseConnectHandle handle =
+        server.addReverseConnect("opc.tcp://localhost:" + LISTEN_PORT, getServerEndpointUrl());
+
+    try {
+      List<ApplicationDescription> servers =
+          DiscoveryClient.findServers(config).get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+
+      assertFalse(servers.isEmpty(), "expected at least one server");
+
+      String serverAppUri = server.getConfig().getApplicationUri();
+      assertTrue(
+          servers.stream().anyMatch(s -> serverAppUri.equals(s.getApplicationUri())),
+          "expected a server with the server's application URI");
+    } finally {
+      server.removeReverseConnect(handle);
+    }
+  }
+
+  @Test
+  void getEndpointsCleanup() throws Exception {
+    var config =
+        OpcTcpReverseConnectTransportConfig.newBuilder()
+            .setListenAddress(new InetSocketAddress("localhost", LISTEN_PORT))
+            .build();
+
+    // First call
+    ReverseConnectHandle handle1 =
+        server.addReverseConnect("opc.tcp://localhost:" + LISTEN_PORT, getServerEndpointUrl());
+
+    try {
+      List<EndpointDescription> endpoints1 =
+          DiscoveryClient.getEndpoints(config).get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+      assertFalse(endpoints1.isEmpty());
+    } finally {
+      server.removeReverseConnect(handle1);
+    }
+
+    // Second call on the same port — would fail with a bind exception if the
+    // first call did not properly release the listening socket.
+    ReverseConnectHandle handle2 =
+        server.addReverseConnect("opc.tcp://localhost:" + LISTEN_PORT, getServerEndpointUrl());
+
+    try {
+      List<EndpointDescription> endpoints2 =
+          DiscoveryClient.getEndpoints(config).get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
+      assertFalse(endpoints2.isEmpty());
+    } finally {
+      server.removeReverseConnect(handle2);
+    }
+  }
+
+  private String getServerEndpointUrl() {
+    return server.getConfig().getEndpoints().stream()
+        .map(EndpointConfig::getEndpointUrl)
+        .filter(url -> url != null && !url.endsWith("/discovery"))
+        .findFirst()
+        .orElseThrow();
+  }
+}