This should fix a dangeerous situation when paths

tmeinlschmidt · tmeinlschmidt · commit a56879370ff0 · 2026-01-28T21:10:36.000+01:00
/Debug/BatteryOperationalLimits/SolarVoltageOffset
	/Debug/BatteryOperationalLimits/VebusVoltageOffset
	/Debug/BatteryOperationalLimits/CurrentOffset

were not handled correctly and as a writable paths allowed to enter any
value.

These values are used in _adjust_battery_operational_limits and
_update_solarchargers_and_vecan

Setting a large positive voltage offset could cause overcharging
of batteries, potentially leading to thermal runaway, fire, or explosion
in lithium battery systems. Setting a large negative current offset could
prevent charging entirely. These debug paths override BMS safety limits
which exist specifically to prevent dangerous conditions.

Implemented sort of a limit, applied to all three values and based on
tests I found.
Unfortunately there's no deployment code to exclude these paths from
production releases.
diff --git a/delegates/dvcc.py b/delegates/dvcc.py
@@ -1043,9 +1043,28 @@ def _property(path, self):
 		except ValueError:
 			return None
 
-	solarvoltageoffset = property(partial(_property, '/Debug/BatteryOperationalLimits/SolarVoltageOffset'))
-	invertervoltageoffset = property(partial(_property, '/Debug/BatteryOperationalLimits/VebusVoltageOffset'))
-	currentoffset = property(partial(_property, '/Debug/BatteryOperationalLimits/CurrentOffset'))
+	# these +- limitations should work with intention bounds set in tests/hub_test.py:876-915
+	MAX_VOLTAGE_OFFSET = 0.5  # Volts
+	MAX_CURRENT_OFFSET = 5.0  # Amps
+
+	# just a helper
+	@staticmethod
+	def _clamp(value, limit):
+		if value is None:
+			return None
+		return min(max(value, -limit), limit)
+
+	@property
+	def solarvoltageoffset(self):
+		return self._clamp(Dvcc._property('/Debug/BatteryOperationalLimits/SolarVoltageOffset', self), self.MAX_VOLTAGE_OFFSET)
+
+	@property
+	def invertervoltageoffset(self):
+		return self._clamp(Dvcc._property('/Debug/BatteryOperationalLimits/VebusVoltageOffset', self), self.MAX_VOLTAGE_OFFSET)
+
+	@property
+	def currentoffset(self):
+		return self._clamp(Dvcc._property('/Debug/BatteryOperationalLimits/CurrentOffset', self), self.MAX_CURRENT_OFFSET)
 
 	@property
 	def internal_maxchargepower(self):
diff --git a/tests/hub_test.py b/tests/hub_test.py
@@ -924,6 +924,55 @@ def test_debug_chargeoffsets(self):
 				'/Dc/0/MaxChargeCurrent': 999
 			}})
 
+	def test_debug_chargeoffsets_clamped(self):
+		self._update_values()
+		self._monitor.add_value('com.victronenergy.vebus.ttyO1', '/Hub/ChargeVoltage', 12.6)
+		self._monitor.set_value('com.victronenergy.vebus.ttyO1', '/State', 2)
+		self._add_device('com.victronenergy.solarcharger.ttyO1', {
+			 '/State': 0,
+			 '/Link/NetworkMode': 0,
+			 '/Link/ChargeVoltage': None,
+			 '/Link/VoltageSense': None,
+			 '/Dc/0/Voltage': 12.4,
+			 '/Dc/0/Current': 9.7,
+			 '/FirmwareVersion': 0x129},
+			 connection='VE.Direct')
+		self._add_device('com.victronenergy.battery.ttyO2', product_name='battery',
+			 values={
+					 '/Dc/0/Voltage': 12.5,
+					 '/Dc/0/Current': 5.3,
+					 '/Dc/0/Power': 65,
+					 '/Soc': 15.3,
+					 '/DeviceInstance': 2,
+					 '/Info/BatteryLowVoltage': 10,
+					 '/Info/MaxChargeCurrent': 25,
+					 '/Info/MaxChargeVoltage': 12.6,
+					 '/Info/MaxDischargeCurrent': 50})
+
+		# Set extreme offsets that exceed safe bounds
+		self._service.set_value('/Debug/BatteryOperationalLimits/SolarVoltageOffset', 10.0)
+		self._service.set_value('/Debug/BatteryOperationalLimits/VebusVoltageOffset', 5.0)
+		self._service.set_value('/Debug/BatteryOperationalLimits/CurrentOffset', 100)
+		self._update_values(3000)
+
+		# Voltage offset should be clamped to 0.5V, not 10V
+		# BMS MaxChargeVoltage=12.6, solar offset clamped to 0.5 => 13.1
+		self._check_external_values({
+			 'com.victronenergy.solarcharger.ttyO1': {
+					 '/Link/ChargeVoltage': 13.1
+			 }})
+
+		# Vebus offset clamped to 0.5V => 12.6 + 0.5 = 13.1
+		self._check_external_values({
+			 'com.victronenergy.vebus.ttyO1': {
+					 '/BatteryOperationalLimits/MaxChargeVoltage': 13.1
+			 }})
+		# Current offset clamped to 5A => 15 + 5 = 20 (not 115)
+		self._check_external_values({
+			 'com.victronenergy.vebus.ttyO1': {
+					 '/BatteryOperationalLimits/MaxChargeCurrent': 20
+			 }})
+
 	def test_hub1_legacy_voltage_control(self):
 		# BOL support is off initialy
 		self._set_setting('/Settings/Services/Bol', 0)
@@ -1258,7 +1307,6 @@ def test_bms_selection(self):
 		# Check that this is also used as the Bms Service
 		self._check_values({'/ActiveBmsService': 'com.victronenergy.battery.ttyO2'})
 
-
 	def test_bms_selection_lowest_deviceinstance(self):
 		""" Test that if there is more than one BMS in the system,
 		    the lowest device instance """
@@ -1307,7 +1355,7 @@ def test_bms_selection_no_bms(self):
 				'/DeviceInstance': 0})
 		self.assertEqual(Dvcc.instance.bms, None)
 		self._check_values({'/ActiveBmsService': None})
-	
+
 	def test_bms_explicitly_selected(self):
 		# Default battery selection will pick the lowest DeviceInstance
 		self._set_setting('/Settings/SystemSetup/BatteryService', 'default')
