Add unit tests and implementations for MongoDB index models and OpenAPI metadata

- Implemented `MongoIndexModelTests` to verify index models for various stores. - Created `OpenApiMetadataFactory` with methods to generate OpenAPI metadata. - Added tests for `OpenApiMetadataFactory` to ensure expected defaults and URL overrides. - Introduced `ObserverSurfaceSecrets` and `WebhookSurfaceSecrets` for managing secrets. - Developed `RuntimeSurfaceFsClient` and `WebhookSurfaceFsClient` for manifest retrieval. - Added dependency injection tests for `SurfaceEnvironmentRegistration` in both Observer and Webhook contexts. - Implemented tests for secret resolution in `ObserverSurfaceSecretsTests` and `WebhookSurfaceSecretsTests`. - Created `EnsureLinkNotMergeCollectionsMigrationTests` to validate MongoDB migration logic. - Added project files for MongoDB tests and NuGet package mirroring.
2025-11-17 21:21:56 +02:00
parent d3128aec24
commit 9075bad2d9
146 changed files with 152183 additions and 82 deletions
--- a/offline/notifier/templates/attestation/tmpl-attest-expiry-warning.slack.en-us.template.json
+++ b/offline/notifier/templates/attestation/tmpl-attest-expiry-warning.slack.en-us.template.json
@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-expiry-warning-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-attest-expiry-warning",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack reminder for attestations approaching their expiration window.",
+  "body": ":warning: Attestation for `{{payload.subject.digest}}` expires {{expires_in payload.attestation.expiresAt event.ts}}\nRepo: `{{payload.subject.repository}}`{{#if payload.subject.tag}} ({{payload.subject.tag}}){{/if}}\nSigner: `{{fingerprint payload.signer.kid}}` ({{payload.signer.algorithm}})\nIssued: {{payload.attestation.issuedAt}} · Expires: {{payload.attestation.expiresAt}}\nRenewal steps: {{link \"Docs\" payload.links.docs}} · Console: {{link \"Open\" payload.links.console}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-16"
+  }
+}
--- a/offline/notifier/templates/deprecation/tmpl-api-deprecation.email.en-us.template.json
+++ b/offline/notifier/templates/deprecation/tmpl-api-deprecation.email.en-us.template.json
@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-api-deprecation-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-api-deprecation",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email notification for retiring Notifier API versions.",
+  "body": "<h2>Notifier API deprecation notice</h2>\n<p>The Notifier API v1 endpoints are scheduled for sunset on <strong>{{metadata.sunset}}</strong>.</p>\n<ul>\n  <li>Paths affected: {{metadata.paths}}</li>\n  <li>Scope: notify.*</li>\n  <li>Replacement: {{metadata.replacement}}</li>\n</ul>\n<p>Action: {{metadata.action}}</p>\n<p>Details: <a href=\"{{metadata.docs}}\">Deprecation bulletin</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-17"
+  }
+}
--- a/offline/notifier/templates/deprecation/tmpl-api-deprecation.slack.en-us.template.json
+++ b/offline/notifier/templates/deprecation/tmpl-api-deprecation.slack.en-us.template.json
@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-api-deprecation-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-api-deprecation",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack notice for retiring Notifier API versions.",
+  "body": ":warning: Notifier API v1 is being deprecated.\nSunset: {{metadata.sunset}}\nPaths affected: {{metadata.paths}}\nDocs: {{link \"Deprecation details\" metadata.docs}}\nAction: {{metadata.action}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-17"
+  }
+}
--- a/offline/telemetry/dashboards/ledger/alerts.yml
+++ b/offline/telemetry/dashboards/ledger/alerts.yml
@@ -0,0 +1,39 @@
+groups:
+  - name: ledger-observability
+    interval: 30s
+    rules:
+      - alert: LedgerWriteLatencyHighP95
+        expr: histogram_quantile(0.95, sum(rate(ledger_write_latency_seconds_bucket[5m])) by (le, tenant)) > 0.12
+        for: 10m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Ledger write latency p95 high (tenant {{ $labels.tenant }})"
+          description: "ledger_write_latency_seconds p95 > 120ms for >10m. Check DB/queue."
+
+      - alert: ProjectionLagHigh
+        expr: max_over_time(ledger_projection_lag_seconds[10m]) > 30
+        for: 10m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Ledger projection lag high"
+          description: "projection lag over 30s; projections falling behind ingest."
+
+      - alert: MerkleAnchorFailures
+        expr: sum(rate(ledger_merkle_anchor_failures_total[15m])) by (tenant, reason) > 0
+        for: 15m
+        labels:
+          severity: critical
+        annotations:
+          summary: "Merkle anchor failures (tenant {{ $labels.tenant }})"
+          description: "Anchoring failures detected (reason={{ $labels.reason }}). Investigate signing/storage."
+
+      - alert: AttachmentFailures
+        expr: sum(rate(ledger_attachments_encryption_failures_total[10m])) by (tenant, stage) > 0
+        for: 10m
+        labels:
+          severity: warning
+        annotations:
+          summary: "Attachment pipeline failures (tenant {{ $labels.tenant }}, stage {{ $labels.stage }})"
+          description: "Attachment encryption/sign/upload reported failures in the last 10m."
--- a/offline/telemetry/dashboards/ledger/ledger-observability.json
+++ b/offline/telemetry/dashboards/ledger/ledger-observability.json
@@ -0,0 +1,91 @@
+{
+  "id": null,
+  "title": "StellaOps Findings Ledger",
+  "timezone": "utc",
+  "schemaVersion": 39,
+  "version": 1,
+  "refresh": "30s",
+  "tags": ["ledger", "findings", "stellaops"],
+  "panels": [
+    {
+      "type": "timeseries",
+      "title": "Ledger Write Latency (P50/P95)",
+      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 0 },
+      "targets": [
+        { "expr": "histogram_quantile(0.5, sum(rate(ledger_write_latency_seconds_bucket{tenant=\"$tenant\"}[5m])) by (le))", "legendFormat": "p50" },
+        { "expr": "histogram_quantile(0.95, sum(rate(ledger_write_latency_seconds_bucket{tenant=\"$tenant\"}[5m])) by (le))", "legendFormat": "p95" }
+      ],
+      "fieldConfig": { "defaults": { "unit": "s" } }
+    },
+    {
+      "type": "timeseries",
+      "title": "Write Throughput",
+      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 0 },
+      "targets": [
+        { "expr": "sum(rate(ledger_events_total{tenant=\"$tenant\"}[5m])) by (event_type)", "legendFormat": "{{event_type}}" }
+      ],
+      "fieldConfig": { "defaults": { "unit": "ops" } }
+    },
+    {
+      "type": "timeseries",
+      "title": "Projection Lag",
+      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 8 },
+      "targets": [
+        { "expr": "max(ledger_projection_lag_seconds{tenant=\"$tenant\"})", "legendFormat": "lag" }
+      ],
+      "fieldConfig": { "defaults": { "unit": "s" } }
+    },
+    {
+      "type": "timeseries",
+      "title": "Merkle Anchor Duration",
+      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 8 },
+      "targets": [
+        { "expr": "histogram_quantile(0.95, sum(rate(ledger_merkle_anchor_duration_seconds_bucket{tenant=\"$tenant\"}[5m])) by (le))", "legendFormat": "p95" }
+      ],
+      "fieldConfig": { "defaults": { "unit": "s" } }
+    },
+    {
+      "type": "stat",
+      "title": "Merkle Anchor Failures (5m)",
+      "gridPos": { "h": 4, "w": 6, "x": 0, "y": 16 },
+      "targets": [
+        { "expr": "sum(rate(ledger_merkle_anchor_failures_total{tenant=\"$tenant\"}[5m]))", "legendFormat": "fail/s" }
+      ],
+      "options": { "reduceOptions": { "calcs": ["lastNotNull"] } }
+    },
+    {
+      "type": "stat",
+      "title": "Attachment Failures (5m)",
+      "gridPos": { "h": 4, "w": 6, "x": 6, "y": 16 },
+      "targets": [
+        { "expr": "sum(rate(ledger_attachments_encryption_failures_total{tenant=\"$tenant\"}[5m])) by (stage)", "legendFormat": "{{stage}}" }
+      ],
+      "options": { "reduceOptions": { "calcs": ["lastNotNull"] } }
+    },
+    {
+      "type": "stat",
+      "title": "Ledger Backlog",
+      "gridPos": { "h": 4, "w": 6, "x": 12, "y": 16 },
+      "targets": [
+        { "expr": "sum(ledger_ingest_backlog_events{tenant=\"$tenant\"})", "legendFormat": "events" }
+      ]
+    }
+  ],
+  "templating": {
+    "list": [
+      {
+        "name": "tenant",
+        "type": "query",
+        "label": "Tenant",
+        "datasource": null,
+        "query": "label_values(ledger_events_total, tenant)",
+        "refresh": 1,
+        "multi": false,
+        "includeAll": false
+      }
+    ]
+  },
+  "annotations": { "list": [] },
+  "time": { "from": "now-6h", "to": "now" },
+  "timepicker": { "refresh_intervals": ["30s", "1m", "5m", "15m", "1h"] }
+}