Refactor code structure and optimize performance across multiple modules

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-expiry-warning.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-expiry-warning-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-attest-expiry-warning",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Expiry warning for attestations approaching their expiration window.",
+  "body": "<h2>Attestation expiry notice</h2>\n<p>The attestation for <code>{{payload.subject.repository}}</code> (digest {{payload.subject.digest}}) expires on <strong>{{payload.attestation.expiresAt}}</strong>.</p>\n<ul>\n  <li>Issued: {{payload.attestation.issuedAt}}</li>\n  <li>Signer: <code>{{payload.signer.kid}}</code> ({{payload.signer.algorithm}})</li>\n  <li>Time remaining: {{expires_in payload.attestation.expiresAt event.ts}}</li>\n</ul>\n<p>Please rotate the attestation before expiry using <a href=\"{{payload.links.docs}}\">these instructions</a>.</p>\n<p>Console: <a href=\"{{payload.links.console}}\">{{payload.links.console}}</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-expiry-warning.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-expiry-warning-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-attest-expiry-warning",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack reminder for attestations approaching their expiration window.",
+  "body": ":warning: Attestation for `{{payload.subject.digest}}` expires {{expires_in payload.attestation.expiresAt event.ts}}\nRepo: `{{payload.subject.repository}}`{{#if payload.subject.tag}} ({{payload.subject.tag}}){{/if}}\nSigner: `{{fingerprint payload.signer.kid}}` ({{payload.signer.algorithm}})\nIssued: {{payload.attestation.issuedAt}} · Expires: {{payload.attestation.expiresAt}}\nRenewal steps: {{link \"Docs\" payload.links.docs}} · Console: {{link \"Open\" payload.links.console}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-16"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-key-rotation.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-key-rotation-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-attest-key-rotation",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email bulletin for attestation key rotation or revocation events.",
+  "body": "<h2>Attestation key rotation notice</h2>\n<p>Authority rotated or revoked signing keys at {{payload.rotation.executedAt}}.</p>\n<ul>\n  <li>Rotation batch: {{payload.rotation.batchId}}</li>\n  <li>Impacted services: {{payload.rotation.impactedServices}}</li>\n  <li>Reason: {{payload.rotation.reason}}</li>\n</ul>\n<p>Recommended action: {{payload.recommendation}}</p>\n<p>Docs: <a href=\"{{payload.links.docs}}\">Rotation playbook</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-key-rotation.webhook.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-key-rotation-webhook-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "webhook",
+  "key": "tmpl-attest-key-rotation",
+  "locale": "en-us",
+  "renderMode": "json",
+  "format": "webhook",
+  "description": "Webhook payload for attestation key rotation/revocation events.",
+  "body": "{\n  \"event\": \"authority.keys.rotated\",\n  \"tenantId\": \"{{event.tenant}}\",\n  \"batchId\": \"{{payload.rotation.batchId}}\",\n  \"executedAt\": \"{{payload.rotation.executedAt}}\",\n  \"impactedServices\": \"{{payload.rotation.impactedServices}}\",\n  \"reason\": \"{{payload.rotation.reason}}\",\n  \"links\": {\n    \"docs\": \"{{payload.links.docs}}\",\n    \"console\": \"{{payload.links.console}}\"\n  }\n}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-transparency-anomaly.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-transparency-anomaly-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-attest-transparency-anomaly",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack alert for transparency witness anomalies.",
+  "body": ":warning: Transparency anomaly detected for `{{payload.subject.digest}}`\nWitness: `{{payload.transparency.witnessId}}` ({{payload.transparency.classification}})\nRekor index: {{payload.transparency.rekorIndex}}\nAnomaly window: {{payload.transparency.windowStart}} → {{payload.transparency.windowEnd}}\nRecommended action: {{payload.recommendation}}\nConsole details: {{link \"Open in Console\" payload.links.console}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-transparency-anomaly.webhook.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-transparency-anomaly-webhook-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "webhook",
+  "key": "tmpl-attest-transparency-anomaly",
+  "locale": "en-us",
+  "renderMode": "json",
+  "format": "webhook",
+  "description": "Webhook payload for Rekor transparency anomalies.",
+  "body": "{\n  \"event\": \"attestor.transparency.anomaly\",\n  \"tenantId\": \"{{event.tenant}}\",\n  \"subjectDigest\": \"{{payload.subject.digest}}\",\n  \"witnessId\": \"{{payload.transparency.witnessId}}\",\n  \"classification\": \"{{payload.transparency.classification}}\",\n  \"rekorIndex\": {{payload.transparency.rekorIndex}},\n  \"window\": {\n    \"start\": \"{{payload.transparency.windowStart}}\",\n    \"end\": \"{{payload.transparency.windowEnd}}\"\n  },\n  \"links\": {\n    \"console\": \"{{payload.links.console}}\",\n    \"rekor\": \"{{payload.links.rekor}}\"\n  },\n  \"recommendation\": \"{{payload.recommendation}}\"\n}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-verify-fail.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-verify-fail-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-attest-verify-fail",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email notice for attestation verification failures.",
+  "body": "<h2>Attestation verification failure</h2>\n<p>The attestation for <code>{{payload.subject.repository}}</code> (digest {{payload.subject.digest}}) failed verification at {{event.ts}}.</p>\n<ul>\n  <li>Reason: <code>{{payload.failure.reasonCode}}</code> — {{payload.failure.reason}}</li>\n  <li>Signer: <code>{{payload.signer.kid}}</code> ({{payload.signer.algorithm}})</li>\n  <li>Rekor entry: <a href=\"{{payload.links.rekor}}\">{{payload.links.rekor}}</a></li>\n  <li>Last valid attestation: <a href=\"{{payload.links.console}}\">Console report</a></li>\n</ul>\n<p>{{payload.recommendation}}</p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-verify-fail.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-verify-fail-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-attest-verify-fail",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack alert for attestation verification failures with Rekor traceability.",
+  "body": ":rotating_light: {{attestation_status_badge payload.failure.status}} verification failed for `{{payload.subject.digest}}`\nSigner: `{{fingerprint payload.signer.kid}}` ({{payload.signer.algorithm}})\nReason: `{{payload.failure.reasonCode}}` — {{payload.failure.reason}}\nLast valid attestation: {{link \"Console\" payload.links.console}}\nRekor entry: {{link \"Transparency log\" payload.links.rekor}}\nRecommended action: {{payload.recommendation}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/attestation/tmpl-attest-verify-fail.webhook.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-attest-verify-fail-webhook-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "webhook",
+  "key": "tmpl-attest-verify-fail",
+  "locale": "en-us",
+  "renderMode": "json",
+  "format": "webhook",
+  "description": "JSON payload for Pager/SOC integrations on attestation verification failures.",
+  "body": "{\n  \"event\": \"attestor.verification.failed\",\n  \"tenantId\": \"{{event.tenant}}\",\n  \"subjectDigest\": \"{{payload.subject.digest}}\",\n  \"repository\": \"{{payload.subject.repository}}\",\n  \"reasonCode\": \"{{payload.failure.reasonCode}}\",\n  \"reason\": \"{{payload.failure.reason}}\",\n  \"signer\": {\n    \"kid\": \"{{payload.signer.kid}}\",\n    \"algorithm\": \"{{payload.signer.algorithm}}\"\n  },\n  \"rekor\": {\n    \"url\": \"{{payload.links.rekor}}\",\n    \"uuid\": \"{{payload.rekor.uuid}}\",\n    \"index\": {{payload.rekor.index}}\n  },\n  \"recommendation\": \"{{payload.recommendation}}\"\n}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-12"
+  }
+}

devops/offline/fixtures/notifier/templates/deprecation/tmpl-api-deprecation.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-api-deprecation-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-api-deprecation",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email notification for retiring Notifier API versions.",
+  "body": "<h2>Notifier API deprecation notice</h2>\n<p>The Notifier API v1 endpoints are scheduled for sunset on <strong>{{metadata.sunset}}</strong>.</p>\n<ul>\n  <li>Paths affected: {{metadata.paths}}</li>\n  <li>Scope: notify.*</li>\n  <li>Replacement: {{metadata.replacement}}</li>\n</ul>\n<p>Action: {{metadata.action}}</p>\n<p>Details: <a href=\"{{metadata.docs}}\">Deprecation bulletin</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-17"
+  }
+}

devops/offline/fixtures/notifier/templates/deprecation/tmpl-api-deprecation.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-api-deprecation-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-api-deprecation",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "slack",
+  "description": "Slack notice for retiring Notifier API versions.",
+  "body": ":warning: Notifier API v1 is being deprecated.\nSunset: {{metadata.sunset}}\nPaths affected: {{metadata.paths}}\nDocs: {{link \"Deprecation details\" metadata.docs}}\nAction: {{metadata.action}}\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-17"
+  }
+}

devops/offline/fixtures/notifier/templates/risk/tmpl-risk-profile-state.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-risk-profile-state-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-risk-profile-state",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email notice when risk profiles are published, deprecated, or thresholds change.",
+  "body": "<h2>Risk profile update</h2>\n<p>Profile <strong>{{payload.profile.id}}</strong> is now <strong>{{payload.state}}</strong> (version {{payload.profile.version}}).</p>\n<ul>\n  <li>Thresholds: {{payload.thresholds}}</li>\n  <li>Owner: {{payload.owner}}</li>\n  <li>Effective at: {{payload.effectiveAt}}</li>\n</ul>\n<p>Notes: {{payload.notes}}</p>\n<p>Console: <a href=\"{{payload.links.console}}\">View profile</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-24"
+  }
+}

devops/offline/fixtures/notifier/templates/risk/tmpl-risk-profile-state.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-risk-profile-state-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-risk-profile-state",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "json",
+  "description": "Slack notice when risk profiles publish, deprecate, or thresholds change.",
+  "body": "*Risk profile {{payload.profile.id}}* is now *{{payload.state}}* (v{{payload.profile.version}})\n• thresholds: {{payload.thresholds}}\n• owner: {{payload.owner}}\n• effective: {{payload.effectiveAt}}\n<{{payload.links.console}}|View profile>",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-24"
+  }
+}

devops/offline/fixtures/notifier/templates/risk/tmpl-risk-severity-change.email.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-risk-severity-change-email-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "email",
+  "key": "tmpl-risk-severity-change",
+  "locale": "en-us",
+  "renderMode": "html",
+  "format": "email",
+  "description": "Email notice for risk severity escalation or downgrade.",
+  "body": "<h2>Risk severity updated</h2>\n<p>Risk profile <strong>{{payload.profile.id}}</strong> changed severity from {{payload.previous.severity}} to {{payload.current.severity}} at {{event.ts}}.</p>\n<ul>\n  <li>Asset: {{payload.asset.purl}}</li>\n  <li>Profile version: {{payload.profile.version}}</li>\n  <li>Reason: {{payload.reason}}</li>\n</ul>\n<p>View details: <a href=\"{{payload.links.console}}\">Console</a></p>\n",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-24"
+  }
+}

devops/offline/fixtures/notifier/templates/risk/tmpl-risk-severity-change.slack.en-us.template.json

@@ -0,0 +1,16 @@
+{
+  "schemaVersion": "notify.template@1",
+  "templateId": "tmpl-risk-severity-change-slack-en-us",
+  "tenantId": "bootstrap",
+  "channelType": "slack",
+  "key": "tmpl-risk-severity-change",
+  "locale": "en-us",
+  "renderMode": "markdown",
+  "format": "json",
+  "description": "Slack notice for risk severity escalation or downgrade.",
+  "body": "*Risk severity changed* for {{payload.profile.id}}\n• from: {{payload.previous.severity}} → to: {{payload.current.severity}}\n• asset: {{payload.asset.purl}}\n• version: {{payload.profile.version}}\n• reason: {{payload.reason}}\n<{{payload.links.console}}|Open in console>",
+  "metadata": {
+    "author": "notifications-bootstrap",
+    "version": "2025-11-24"
+  }
+}