feat(m28+m29+m30): ACME ARI, email digest, and Helm chart

M28: ACME Renewal Information (RFC 9702) — CA-directed renewal timing with cert ID computation, directory endpoint discovery, graceful degradation for non-ARI CAs. 19 tests. M29: Email notifier wiring + scheduled certificate digest — SMTP connector bridged to service layer via NotifierAdapter, DigestService with HTML email template, 7th scheduler loop (24h), digest preview/send API endpoints and GUI card. 21 tests. M30: Production-ready Helm chart — server Deployment, PostgreSQL StatefulSet, agent DaemonSet, ConfigMaps, Secrets, Ingress, security contexts, health probes, example values for dev/prod/ACME scenarios. Also: OpenAPI spec updates, MCP tool additions, CI helm-lint job, documentation updates across 5 doc files and README. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-11 05:08:52 +00:00 · 2026-03-28 21:18:35 -04:00
parent 7cbcf69d72
commit 3f1f94f56b
61 changed files with 6106 additions and 27 deletions
@@ -0,0 +1,35 @@
+package domain
+
+import "time"
+
+// RenewalInfo represents ACME Renewal Information (ARI) per RFC 9702.
+// It provides CA-directed renewal timing via a suggested renewal window.
+type RenewalInfo struct {
+	// SuggestedWindowStart is the beginning of the time window during which the CA suggests renewal.
+	SuggestedWindowStart time.Time `json:"suggested_window_start"`
+
+	// SuggestedWindowEnd is the end of the time window during which the CA suggests renewal.
+	SuggestedWindowEnd time.Time `json:"suggested_window_end"`
+
+	// RetryAfter is the earliest time the client should re-poll for updated ARI.
+	// Zero value means no retry constraint.
+	RetryAfter time.Time `json:"retry_after,omitempty"`
+
+	// ExplanationURL is an optional URL with human-readable explanation for the renewal timing.
+	ExplanationURL string `json:"explanation_url,omitempty"`
+}
+
+// ShouldRenewNow returns true if the current time is within or past the suggested renewal window.
+// This is the primary decision point: if true, renewal should proceed immediately.
+func (r *RenewalInfo) ShouldRenewNow() bool {
+	now := time.Now()
+	return !now.Before(r.SuggestedWindowStart)
+}
+
+// OptimalRenewalTime returns the midpoint of the suggested renewal window,
+// which is the recommended time to initiate renewal per RFC 9702.
+// This can be used for scheduling if the current time is before the window.
+func (r *RenewalInfo) OptimalRenewalTime() time.Time {
+	duration := r.SuggestedWindowEnd.Sub(r.SuggestedWindowStart)
+	return r.SuggestedWindowStart.Add(duration / 2)
+}
@@ -0,0 +1,100 @@
+package domain
+
+import (
+	"testing"
+	"time"
+)
+
+func TestRenewalInfo_ShouldRenewNow_BeforeWindow(t *testing.T) {
+	now := time.Now()
+	windowStart := now.Add(1 * time.Hour)
+	windowEnd := now.Add(2 * time.Hour)
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	if ri.ShouldRenewNow() {
+		t.Error("ShouldRenewNow should be false before window start")
+	}
+}
+
+func TestRenewalInfo_ShouldRenewNow_AtWindowStart(t *testing.T) {
+	now := time.Now()
+	windowStart := now
+	windowEnd := now.Add(1 * time.Hour)
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	if !ri.ShouldRenewNow() {
+		t.Error("ShouldRenewNow should be true at window start")
+	}
+}
+
+func TestRenewalInfo_ShouldRenewNow_DuringWindow(t *testing.T) {
+	now := time.Now()
+	windowStart := now.Add(-30 * time.Minute)
+	windowEnd := now.Add(30 * time.Minute)
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	if !ri.ShouldRenewNow() {
+		t.Error("ShouldRenewNow should be true during window")
+	}
+}
+
+func TestRenewalInfo_ShouldRenewNow_AfterWindowEnd(t *testing.T) {
+	now := time.Now()
+	windowStart := now.Add(-2 * time.Hour)
+	windowEnd := now.Add(-1 * time.Hour)
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	if !ri.ShouldRenewNow() {
+		t.Error("ShouldRenewNow should be true after window end")
+	}
+}
+
+func TestRenewalInfo_OptimalRenewalTime_Midpoint(t *testing.T) {
+	windowStart := time.Unix(1000, 0)
+	windowEnd := time.Unix(3000, 0)
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	optimal := ri.OptimalRenewalTime()
+	expected := time.Unix(2000, 0) // (1000 + 3000) / 2
+
+	if !optimal.Equal(expected) {
+		t.Errorf("OptimalRenewalTime: expected %v, got %v", expected, optimal)
+	}
+}
+
+func TestRenewalInfo_OptimalRenewalTime_AsymmetricWindow(t *testing.T) {
+	windowStart := time.Unix(1000, 0)
+	windowEnd := time.Unix(1300, 0) // 300 second window
+
+	ri := &RenewalInfo{
+		SuggestedWindowStart: windowStart,
+		SuggestedWindowEnd:   windowEnd,
+	}
+
+	optimal := ri.OptimalRenewalTime()
+	expected := time.Unix(1150, 0) // start + 150 seconds
+
+	if !optimal.Equal(expected) {
+		t.Errorf("OptimalRenewalTime: expected %v, got %v", expected, optimal)
+	}
+}