stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint: save features

Browse Source
This commit is contained in:
master
2026-02-12 10:27:23 +02:00
parent dca86e1248
commit 5bca406787
8837 changed files with 1796879 additions and 5294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docs/features/checked/notifier/ack-tokens-for-approval-workflows.md Normal file
View File

@@ -0,0 +1,41 @@
# Ack Tokens for Approval Workflows
## Module
Notifier
## Status
VERIFIED
## Description
HMAC-based ack token service with bridge integration for acknowledgement workflows. Note: uses HMAC rather than DSSE-signed tokens as described in the advisory.
## Implementation Details
- **IAckTokenService interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Security/IAckTokenService.cs` -- `CreateToken`, `VerifyToken`, `CreateAckUrl` for signed acknowledgement tokens with configurable expiration and metadata
- **HmacAckTokenService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Security/HmacAckTokenService.cs` -- HMAC-SHA256 implementation with HKDF key derivation, `soa1` token prefix, versioned token format, configurable signing key
- **IAckBridge interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Escalation/IAckBridge.cs` -- bridge between ack tokens and escalation engine
- **AckBridge**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Escalation/AckBridge.cs` -- processes ack requests, maps external IDs to internal incident IDs, integrates with `IEscalationEngine` and `IIncidentManager`, supports audit logging
- **SecurityContracts**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Contracts/SecurityContracts.cs` -- ack token request/response DTOs
- **PackApprovalAckRequest**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Contracts/PackApprovalAckRequest.cs` -- pack approval ack request model
- **EscalationEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/EscalationEndpoints.cs` -- REST endpoints for ack token processing
- **SecurityEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/SecurityEndpoints.cs` -- security-related endpoints
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService.Tests/Escalation/AckBridgeTests.cs`
- **OpenAPI**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/openapi/pack-approvals.yaml`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify HMAC ack token creation with configurable expiration (default 7 days)
- [ ] Test token verification rejects expired, tampered, or malformed tokens
- [ ] Verify AckBridge routes ack actions (ack, resolve, escalate) to escalation engine
- [ ] Test ack URL generation and round-trip verification
- [ ] Verify pack approval ack workflow through EscalationEndpoints
- [ ] Test audit logging of ack processing events
## Verification
- Verified on 2026-02-11 with `run-001`.
- Tier 0 source checks passed for ack token service, ack bridge, security/escalation endpoints, request contracts, and OpenAPI surface.
- Tier 1 build and focused behavior tests passed (`10/10` class-scoped, `505/505` full suite).
- Tier 2 API behavior checks passed using Notifier test-host routes for pack approval ack flows (positive + negative) and token verification behavior evidence.
- Evidence:
- `docs/qa/feature-checks/runs/notifier/ack-tokens-for-approval-workflows/run-001/tier0-source-check.json`
- `docs/qa/feature-checks/runs/notifier/ack-tokens-for-approval-workflows/run-001/tier1-build-check.json`
- `docs/qa/feature-checks/runs/notifier/ack-tokens-for-approval-workflows/run-001/tier2-api-check.json`

44
docs/features/checked/notifier/digest-windows-and-throttling.md Normal file
View File

@@ -0,0 +1,44 @@
# Digest Windows and Throttling
## Module
Notifier
## Status
VERIFIED
## Description
Digest generation for coalescing notifications within configurable time windows.
## Implementation Details
- **INotifyThrottler interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/NotifyThrottler.cs` -- `RecordEventAsync`, `CheckAsync` (with configurable window/maxEvents), `ClearAsync` for per-key throttle management
- **InMemoryNotifyThrottler**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/NotifyThrottler.cs` -- in-memory sliding window throttler with `ConcurrentDictionary<string, ThrottleState>`, `ThrottlerOptions` for default window/max
- **IThrottleConfigService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/IThrottleConfigService.cs` -- per-tenant throttle configuration
- **ThrottleConfigService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/ThrottleConfigService.cs` -- resolves throttle windows per event kind
- **ThrottleConfigurationService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/ThrottleConfigurationService.cs` -- advanced throttle configuration management
- **QuietHoursServiceExtensions**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/QuietHoursServiceExtensions.cs` -- quiet hours integration with throttling
- **ThrottleEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/ThrottleEndpoints.cs` -- REST API for throttle configuration
- **QuietHoursContracts**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Contracts/QuietHoursContracts.cs` -- quiet hours request/response models
- **IOperatorOverrideService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/IOperatorOverrideService.cs` -- operator override for throttle bypass
- **OperatorOverrideService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/OperatorOverrideService.cs` -- operator override implementation
- **OperatorOverrideEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/OperatorOverrideEndpoints.cs` -- REST API for operator overrides
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Correlation/NotifyThrottlerTests.cs`, `ThrottleConfigServiceTests.cs`, `ThrottleConfigurationServiceTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Endpoints/SuppressionEndpointsTests.cs`
- **Source**: Feature matrix scan
## E2E Test Plan
- [x] Verify sliding window throttling suppresses notifications exceeding maxEvents within window
- [x] Test per-tenant throttle configuration via ThrottleEndpoints API
- [x] Verify quiet hours suppress notifications during configured periods
- [x] Test operator override allows bypassing throttle for specific keys
- [x] Verify throttle state clears after incident resolution
- [ ] Test throttle configuration persists across service restarts
## Verification
- Verified on 2026-02-11 with `run-002`.
- Tier 0 source checks passed for throttler, throttle configuration, quiet-hours, and operator override services/endpoints.
- Tier 1 passed after fixing missing DI registrations that made `/api/v2/throttles`, `/api/v2/quiet-hours`, and `/api/v2/overrides` unusable at runtime; focused suppression suite passed (`53/53`) and full Notifier suite passed (`513/513`).
- Tier 2 API behavior checks passed for positive and negative user flows across throttle config round-trip, delete fallback, quiet-hours evaluation, override bypass checks, and throttle clear lifecycle behavior.
- Note: throttle/quiet-hours configuration is currently in-memory and not guaranteed to persist across process restarts.
- Evidence:
- `docs/qa/feature-checks/runs/notifier/digest-windows-and-throttling/run-002/tier0-source-check.json`
- `docs/qa/feature-checks/runs/notifier/digest-windows-and-throttling/run-002/tier1-build-check.json`
- `docs/qa/feature-checks/runs/notifier/digest-windows-and-throttling/run-002/tier2-api-check.json`

45
docs/features/checked/notifier/multi-channel-delivery.md Normal file
View File

@@ -0,0 +1,45 @@
# Multi-Channel Delivery (Slack, Teams, Email, Webhooks)
## Module
Notifier
## Status
VERIFIED
## Description
Multi-channel notification delivery with Slack, Webhook connectors (and PagerDuty in Notifier), with snapshot testing and error handling.
## Implementation Details
- **IChannelAdapter interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/IChannelAdapter.cs` -- `DispatchAsync` and `CheckHealthAsync` typed by `NotifyChannelType`.
- **ChannelAdapterFactory**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/ChannelAdapterFactory.cs` -- resolves channel adapters by type.
- **Slack/Webhook/ChatWebhook adapters**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/SlackChannelAdapter.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/WebhookChannelAdapter.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/ChatWebhookChannelAdapter.cs`.
- **PagerDuty/OpsGenie/Email/InApp adapters**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/PagerDutyChannelAdapter.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/OpsGenieChannelAdapter.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/EmailChannelAdapter.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/InAppChannelAdapter.cs`.
- **WebhookChannelDispatcher**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Dispatch/WebhookChannelDispatcher.cs`.
- **IWebhookSecurityService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Security/IWebhookSecurityService.cs`.
- **IFallbackHandler**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Fallback/IFallbackHandler.cs`.
- **HttpEgressSloSink**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Processing/HttpEgressSloSink.cs`.
- **Templates**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/offline/notifier/templates/`.
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Channels/WebhookChannelAdapterTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Dispatch/WebhookChannelDispatcherTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Dispatch/SimpleTemplateRendererTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Security/WebhookSecurityServiceTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Fallback/FallbackHandlerTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/HttpEgressSloSinkTests.cs`.
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify Slack channel adapter delivers notifications with Block Kit formatting.
- [ ] Test webhook channel adapter posts to configured URLs with HMAC signature.
- [ ] Verify PagerDuty adapter creates incidents with correct severity mapping.
- [ ] Test OpsGenie adapter creates alerts with priority.
- [ ] Verify email adapter sends with subject and rendered body.
- [ ] Test in-app notification adapter records notifications for UI retrieval.
- [ ] Verify channel health checks detect unreachable endpoints.
- [ ] Test fallback handler routes to secondary channel on primary failure.
- [ ] Verify egress SLO tracking records delivery latency.
## Verification
- Verified on 2026-02-11 with `run-003`.
- Tier 0 source checks passed for adapter surfaces, dispatcher/security/fallback interfaces, template assets, and test coverage points.
- Tier 1 build + tests passed (builds green; full Notifier suite `520/520`).
- Tier 2 behavioral checks passed (`48/48`) across webhook adapter behavior, dispatcher flows, fallback routing, egress SLO publication, and identity alert multi-channel rendering.
- Evidence:
- `docs/qa/feature-checks/runs/notifier/multi-channel-delivery/run-003/tier0-source-check.json`
- `docs/qa/feature-checks/runs/notifier/multi-channel-delivery/run-003/tier1-build-check.json`
- `docs/qa/feature-checks/runs/notifier/multi-channel-delivery/run-003/tier2-integration-check.json`
- `docs/qa/feature-checks/runs/notifier/multi-channel-delivery/run-003/retest-result.json`

43
docs/features/checked/notifier/notification-correlation-engine.md Normal file
View File

@@ -0,0 +1,43 @@
# Notification Correlation Engine
## Module
Notifier
## Status
VERIFIED
## Description
Correlates related notification events across time windows to reduce noise and group related alerts, preventing notification storms during large-scale vulnerability disclosures or policy changes.
## Implementation Details
- **ICorrelationEngine interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/ICorrelationEngine.cs` -- `CorrelateAsync` for event correlation.
- **CorrelationEngine**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/CorrelationEngine.cs` -- orchestrates correlation key building, incident management, throttling, and quiet hours evaluation.
- **ICorrelationKeyBuilder**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/ICorrelationKeyBuilder.cs` -- builds correlation keys from events.
- **ICorrelationKeyEvaluator**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/ICorrelationKeyEvaluator.cs` -- evaluates correlation key expressions.
- **DefaultCorrelationKeyEvaluator**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/DefaultCorrelationKeyEvaluator.cs` -- default key evaluator implementation.
- **IncidentManager**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/IncidentManager.cs` -- creates and manages incidents from correlated events.
- **NotifyIncident**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/NotifyIncident.cs` -- incident model.
- **CorrelationServiceExtensions**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Correlation/CorrelationServiceExtensions.cs` -- DI registration for correlation services.
- **NotifierEventProcessor**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Processing/NotifierEventProcessor.cs` -- integrates correlation engine into event processing pipeline.
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Correlation/CorrelationEngineTests.cs`, `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Correlation/IncidentManagerTests.cs`.
- **Source**: SPRINT_0172_0001_0002_notifier_ii.md
## E2E Test Plan
- [ ] Verify events with same correlation key are grouped into a single incident.
- [ ] Test time-window-based correlation correctly groups events within window.
- [ ] Verify throttling suppresses repeat notifications for same incident.
- [ ] Test quiet hours evaluation defers notifications during configured periods.
- [ ] Verify new incidents are created when correlation window expires.
- [ ] Test correlation key building for different event kinds (CVE, policy, attestation).
## Verification
- Re-verified on 2026-02-11 with fresh `run-002`.
- Tier 0 source checks passed for correlation interfaces/services, incident model, processor integration, and test surfaces.
- Tier 1 build + tests passed (`521/521`) with code-review parity confirming correlation pipeline stages and service wiring.
- Tier 2 behavioral checks passed (`86/86`) across correlation engine decisions, incident lifecycle behavior, throttling windows, quiet-hours suppression, correlation key composition, and incident API interactions.
- Runtime gap fixed during verification: Notifier WebService startup DI was missing `IIncidentManager` and `ICryptoHmac` registrations; `Program.cs` now registers correlation services and HMAC crypto, and `StartupDependencyWiringTests` guards the wiring path.
- Evidence:
- `docs/qa/feature-checks/runs/notifier/notification-correlation-engine/run-002/tier0-source-check.json`
- `docs/qa/feature-checks/runs/notifier/notification-correlation-engine/run-002/tier1-build-check.json`
- `docs/qa/feature-checks/runs/notifier/notification-correlation-engine/run-002/tier2-integration-check.json`
- `docs/qa/feature-checks/runs/notifier/notification-correlation-engine/run-002/tier2-api-check.json`

27
docs/features/checked/notifier/notification-digest-generator.md Normal file
View File

@@ -0,0 +1,27 @@
# Notification Digest Generator
## Module
Notifier
## Status
IMPLEMENTED
## Description
Configurable digest aggregation that batches notifications into scheduled summary digests (hourly/daily/weekly) with customizable grouping and priority thresholds.
## Implementation Details
- **IDigestGenerator interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Digest/IDigestGenerator.cs` -- `GenerateAsync` and `PreviewAsync` for producing digest reports
- **DigestGenerator**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Digest/DigestGenerator.cs` -- default implementation; queries IncidentManager for events in time range, produces `DigestResult` with `DigestId`, `TotalIncidentCount`, and `Summary.TotalEvents`; supports preview mode
- **DigestScheduleRunner**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Digest/DigestScheduleRunner.cs` -- `BackgroundService` that runs digest generation on configured schedules; uses `IDigestDistributor` to deliver digests, `IDigestTenantProvider` for multi-tenant support; configurable via `DigestScheduleOptions.Enabled` and `Schedules`
- **DigestTypes**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Digest/DigestTypes.cs` -- digest models (`DigestResult`, `DigestQuery`, `DigestSummary`)
- **DigestServiceExtensions**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Digest/DigestServiceExtensions.cs` -- DI registration for digest services
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Digest/DigestGeneratorTests.cs`
- **Source**: SPRINT_0172_0001_0002_notifier_ii.md
## E2E Test Plan
- [ ] Verify scheduled digest generation runs at configured intervals (hourly/daily/weekly)
- [ ] Test digest aggregates incidents within the configured time window
- [ ] Verify preview mode returns digest without side effects
- [ ] Test multi-tenant digest generation processes each tenant independently
- [ ] Verify digest distribution delivers summary to configured channels
- [ ] Test DigestScheduleRunner respects Enabled=false configuration

33
docs/features/checked/notifier/notification-rules-engine.md Normal file
View File

@@ -0,0 +1,33 @@
# Notification Rules Engine
## Module
Notifier
## Status
IMPLEMENTED
## Description
Rules engine with NotifyRule model, rule evaluator interface, evaluation outcomes, and schema migration support.
## Implementation Details
- **DefaultNotifyRuleEvaluator**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Processing/DefaultNotifyRuleEvaluator.cs` -- evaluates `NotifyRule` against `NotifyEvent`; matches on event kind, namespace, repository, digest, severity (ranked none=0 through blocker=6); returns `NotifyRuleEvaluationOutcome` with match/not-matched reason
- **NotifierEventProcessor**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Processing/NotifierEventProcessor.cs` -- integrates rule evaluation into the event processing pipeline
- **SimulationEngine**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Simulation/SimulationEngine.cs` -- dry-run simulation of rule evaluation
- **DefaultNotifySimulationEngine**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Simulation/DefaultNotifySimulationEngine.cs` -- default simulation engine implementation
- **ISimulationEngine**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Simulation/ISimulationEngine.cs` -- simulation interface
- **RuleEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/RuleEndpoints.cs` -- REST API for rule CRUD and testing
- **SimulationEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/SimulationEndpoints.cs` -- REST API for rule simulation
- **RiskTemplateSeeder**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Setup/RiskTemplateSeeder.cs` -- seeds default risk notification rules
- **AttestationTemplateSeeder**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Setup/AttestationTemplateSeeder.cs` -- seeds attestation notification rules
- **InMemoryNotifyRepositories**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Storage/InMemoryNotifyRepositories.cs` -- in-memory rule storage
- **Sample rules**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.docs/risk-rules.sample.json`
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/RuleEvaluatorTests.cs`, `Simulation/SimulationEngineTests.cs`, `EventProcessorTests.cs`, `Endpoints/NotifyApiEndpointsTests.cs`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify rule evaluator matches events by kind, namespace, repository, and severity
- [ ] Test disabled rules are skipped with "rule_disabled" reason
- [ ] Verify severity-based filtering (e.g., minimum severity threshold)
- [ ] Test rule CRUD through RuleEndpoints API
- [ ] Verify simulation endpoints allow dry-run rule testing without side effects
- [ ] Test seeded default rules for risk and attestation scenarios

31
docs/features/checked/notifier/notification-storm-breaker.md Normal file
View File

@@ -0,0 +1,31 @@
# Notification Storm Breaker
## Module
Notifier
## Status
VERIFIED
## Description
Circuit breaker mechanism that detects notification storms and applies adaptive throttling to prevent overwhelming downstream channels during mass event cascades.
## Implementation Details
- **IStormBreaker interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/StormBreaker/IStormBreaker.cs` -- `EvaluateAsync` (records event and checks storm condition), `GetStateAsync` (gets current storm state for a key), `GetActiveStormsAsync` (lists all active storms for a tenant)
- **StormBreakerServiceExtensions**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/StormBreaker/StormBreakerServiceExtensions.cs` -- DI registration for storm breaker services
- **ChannelAdapterOptions**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Channels/ChannelAdapterOptions.cs` -- circuit breaker configuration for channel adapters
- **StormBreakerEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/StormBreakerEndpoints.cs` -- REST API for viewing and managing active storms
- **INotifierMetrics**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Observability/INotifierMetrics.cs` -- metrics counters for storm detection events
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/StormBreaker/StormBreakerTests.cs`
- **Source**: SPRINT_0172_0001_0002_notifier_ii.md
## E2E Test Plan
- [ ] Verify storm detection triggers when event rate exceeds configured threshold
- [ ] Test storm consolidation batches events into summary notifications
- [ ] Verify active storm state is queryable via StormBreakerEndpoints API
- [ ] Test storm resolution when event rate drops below threshold
- [ ] Verify per-tenant storm isolation (storms in one tenant do not affect others)
- [ ] Test metrics emission for storm detection and resolution events
## Verification
- Run: `docs/qa/feature-checks/runs/notifier/notification-storm-breaker/run-001/`
- Date (UTC): 2026-02-11