Implement M3: expiration threshold alerting with dedup and status transitions

- Add alert_thresholds_days JSONB column to renewal_policies (default [30,14,7,0]) - Add RenewalPolicy.AlertThresholdsDays field + EffectiveAlertThresholds() helper - Add RenewalPolicyRepository interface + postgres implementation - Rewrite CheckExpiringCertificates with per-policy threshold alerting - Add SendThresholdAlert + HasThresholdNotification for deduplication via [threshold:N] tags - Add Type and MessageLike filters to NotificationFilter + postgres query support - Auto-transition certs to Expiring (>0 days) or Expired (<=0 days) status - Record expiration_alert_sent audit events per threshold crossing - Fix .gitignore: allow SQL migration files, scope server/agent build artifact rules - Track previously untracked cmd/ and migrations/ directories - Update docs (README, architecture, demo-advanced) for threshold alerting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-11 21:58:53 +00:00 · 2026-03-15 00:03:43 -04:00
parent ae67b10708
commit 1d1b89c9b5
17 changed files with 1485 additions and 37 deletions
@@ -54,12 +54,26 @@ const (

 // RenewalPolicy defines renewal parameters for a managed certificate.
 type RenewalPolicy struct {
-	ID                string    `json:"id"`
-	Name              string    `json:"name"`
-	RenewalWindowDays int       `json:"renewal_window_days"`
-	AutoRenew         bool      `json:"auto_renew"`
-	MaxRetries        int       `json:"max_retries"`
-	RetryInterval     int       `json:"retry_interval_seconds"`
-	CreatedAt         time.Time `json:"created_at"`
-	UpdatedAt         time.Time `json:"updated_at"`
+	ID                  string    `json:"id"`
+	Name                string    `json:"name"`
+	RenewalWindowDays   int       `json:"renewal_window_days"`
+	AutoRenew           bool      `json:"auto_renew"`
+	MaxRetries          int       `json:"max_retries"`
+	RetryInterval       int       `json:"retry_interval_seconds"`
+	AlertThresholdsDays []int     `json:"alert_thresholds_days"`
+	CreatedAt           time.Time `json:"created_at"`
+	UpdatedAt           time.Time `json:"updated_at"`
+}
+
+// DefaultAlertThresholds returns the standard alert thresholds when none are configured.
+func DefaultAlertThresholds() []int {
+	return []int{30, 14, 7, 0}
+}
+
+// EffectiveAlertThresholds returns the configured thresholds or defaults if empty.
+func (p *RenewalPolicy) EffectiveAlertThresholds() []int {
+	if len(p.AlertThresholdsDays) > 0 {
+		return p.AlertThresholdsDays
+	}
+	return DefaultAlertThresholds()
 }