feat: Implement MongoDB orchestrator storage with registry, commands, and heartbeats

- Added NullAdvisoryObservationEventTransport for handling advisory observation events.
- Created IOrchestratorRegistryStore interface for orchestrator registry operations.
- Implemented MongoOrchestratorRegistryStore for MongoDB interactions with orchestrator data.
- Defined OrchestratorCommandDocument and OrchestratorCommandRecord for command handling.
- Added OrchestratorHeartbeatDocument and OrchestratorHeartbeatRecord for heartbeat tracking.
- Created OrchestratorRegistryDocument and OrchestratorRegistryRecord for registry management.
- Developed tests for orchestrator collections migration and MongoOrchestratorRegistryStore functionality.
- Introduced AirgapImportRequest and AirgapImportValidator for air-gapped VEX bundle imports.
- Added incident mode rules sample JSON for notifier configuration.

src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/OpenApiEndpointTests.cs

@@ -1,6 +1,11 @@
 using System.Net;
+using System.Net.Http;
+using System.Text;
 using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Extensions.DependencyInjection;
+using StellaOps.Notifier.Tests.Support;
 using StellaOps.Notifier.WebService;
+using StellaOps.Notify.Storage.Mongo.Repositories;
 using Xunit;
 
 namespace StellaOps.Notifier.Tests;

src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/StellaOps.Notifier.Tests.csproj

@@ -11,10 +11,11 @@
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0-rc.2.25502.107" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
     <PackageReference Include="xunit.v3" Version="3.0.0" />
     <PackageReference Include="xunit.runner.visualstudio" Version="3.1.3" />
   </ItemGroup>
@@ -27,7 +28,8 @@
     <Using Include="Xunit" />
   </ItemGroup>
 
-  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Notifier.Worker\StellaOps.Notifier.Worker.csproj" />
-  </ItemGroup>
-</Project>
+  <ItemGroup>
+    <ProjectReference Include="..\StellaOps.Notifier.WebService\StellaOps.Notifier.WebService.csproj" />
+    <ProjectReference Include="..\StellaOps.Notifier.Worker\StellaOps.Notifier.Worker.csproj" />
+  </ItemGroup>
+</Project>

src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Tests/Support/TestEgressSloSink.cs

@@ -6,11 +6,11 @@ using StellaOps.Notifier.Worker.Processing;
 
 namespace StellaOps.Notifier.Tests.Support;
 
-public sealed class TestEgressSloSink : IEgressSloSink
+internal sealed class TestEgressSloSink : IEgressSloSink
 {
     private readonly ConcurrentBag<EgressSloContext> _contexts = new();
 
-    public IReadOnlyCollection<EgressSloContext> Contexts => _contexts;
+    internal IReadOnlyCollection<EgressSloContext> Contexts => _contexts;
 
     public Task PublishAsync(EgressSloContext context, CancellationToken cancellationToken)
     {

src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Program.cs

@@ -126,10 +126,6 @@ app.MapGet("/.well-known/openapi", (HttpContext context, OpenApiDocumentCache ca
     return Results.Content(cache.Document, "application/yaml");
 });
 
-app.Run();
-
-public partial class Program;
-
 static object Error(string code, string message, HttpContext context) => new
 {
     error = new
@@ -139,3 +135,7 @@ static object Error(string code, string message, HttpContext context) => new
         traceId = context.TraceIdentifier
     }
 };
+
+app.Run();
+
+public partial class Program;

src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/StellaOps.Notifier.Worker.csproj

@@ -11,6 +11,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="10.0.0-rc.2.25502.107" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0-rc.2.25502.107" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="10.0.0-rc.2.25502.107" />
   </ItemGroup>

src/Notifier/StellaOps.Notifier/TASKS.md

@@ -7,9 +7,9 @@
 | NOTIFY-OAS-61-001 | DONE (2025-11-17) | Notifications Service Guild · API Contracts Guild | OAS updated with rules/templates/incidents/quiet hours and standard error envelope. |
 | NOTIFY-OAS-61-002 | DONE (2025-11-17) | Notifications Service Guild | `.well-known/openapi` discovery endpoint with scope metadata implemented. |
 | NOTIFY-OAS-62-001 | DONE (2025-11-17) | Notifications Service Guild · SDK Generator Guild | SDK usage examples + smoke tests (depends on 61-002). |
-| NOTIFY-OAS-63-001 | TODO | Notifications Service Guild · API Governance Guild | Deprecation headers + template notices for retiring APIs (depends on 62-001). |
-| NOTIFY-OBS-51-001 | TODO | Notifications Service Guild · Observability Guild | Integrate SLO evaluator webhooks once schema lands. |
-| NOTIFY-OBS-55-001 | TODO | Notifications Service Guild · Ops Guild | Incident mode start/stop notifications; quiet-hour overrides. |
+| NOTIFY-OAS-63-001 | DONE (2025-11-17) | Notifications Service Guild · API Governance Guild | Deprecation headers + template notices for retiring APIs (depends on 62-001). |
+| NOTIFY-OBS-51-001 | DONE (2025-11-22) | Notifications Service Guild · Observability Guild | SLO webhook sink validated (`HttpEgressSloSinkTests`, `EventProcessorTests`); TRX: `StellaOps.Notifier.Tests/TestResults/notifier-slo-tests.trx`. |
+| NOTIFY-OBS-55-001 | DONE (2025-11-22) | Notifications Service Guild · Ops Guild | Incident mode start/stop notifications; templates + importable rules with quiet-hour overrides and legal logging metadata. |
 | NOTIFY-RISK-66-001 | TODO | Notifications Service Guild · Risk Engine Guild | Trigger risk severity escalation/downgrade notifications (waiting on Policy export). |
 | NOTIFY-RISK-67-001 | TODO | Notifications Service Guild · Policy Guild | Notify when risk profiles publish/deprecate/threshold-change (depends on 66-001). |
 | NOTIFY-RISK-68-001 | TODO | Notifications Service Guild | Per-profile routing rules + quiet hours for risk alerts (depends on 67-001). |

src/Notifier/StellaOps.Notifier/docs/incident-mode-rules.sample.json

@@ -0,0 +1,51 @@
+[
+  {
+    "ruleId": "incident-start-default",
+    "tenantId": "tenant-a",
+    "name": "Incident mode activated",
+    "enabled": true,
+    "match": {
+      "eventKinds": [
+        "incident.mode.start"
+      ]
+    },
+    "actions": [
+      {
+        "actionId": "incident-start-slack",
+        "channel": "slack-ops",
+        "template": "tmpl-incident-start",
+        "metadata": {
+          "trace_link": "{{payload.links.trace}}",
+          "evidence_link": "{{payload.links.evidence}}",
+          "retention_note": "Retention extended to {{payload.retentionDays}} days while incident mode is active.",
+          "quiet_hours_override": "true",
+          "legal_jurisdiction": "{{payload.legal.jurisdiction}}",
+          "legal_ticket": "{{payload.legal.ticket}}"
+        }
+      }
+    ]
+  },
+  {
+    "ruleId": "incident-stop-default",
+    "tenantId": "tenant-a",
+    "name": "Incident mode cleared",
+    "enabled": true,
+    "match": {
+      "eventKinds": [
+        "incident.mode.stop"
+      ]
+    },
+    "actions": [
+      {
+        "actionId": "incident-stop-email",
+        "channel": "email-compliance",
+        "template": "tmpl-incident-stop",
+        "metadata": {
+          "summary_link": "{{payload.links.timeline}}",
+          "retention_reset_note": "Retention reverts to baseline {{payload.retentionBaselineDays}} days.",
+          "legal_log_path": "{{payload.legal.logPath}}"
+        }
+      }
+    ]
+  }
+]