mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-13 23:48:51 +00:00
shankar0123
2886b58daf
Strategic naming cleanup. Earlier doc-comments + commit messages framed Rank 4 / Rank 5 / Rank 7 work as 'Rank N of the 2026-05-03 Infisical deep-research deliverable' — the 'Infisical' qualifier was a holdover from the original deep-research framing where Infisical (a competing secrets-management platform) was the comparator. Keeping the comparator's name in our source adds noise without value; an external reader sees 'Infisical' and assumes a dependency or shared lineage rather than reading it as the competitive context it was. Mechanical sed across 34 files (32 source / docs + 2 follow-up Python passes to collapse 'deep-research deep-research' duplicates that emerged where the original phrase wrapped across lines): s|Infisical deep-research|deep-research|g s|infisical-deep-research-results|deep-research-results-2026-05-03|g s|infisical-deep-research-prompt|deep-research-prompt-2026-05-03|g s|infisical-deep-research|deep-research|g s|Infisical|deep-research|g s|deep-research deep-research|deep-research|g # collapse-pass Net diff: 63 insertions / 64 deletions across cmd/, docs/, internal/, migrations/. Pure text substitution; zero behavior change. Code path unchanged — go vet clean, tests for TestApproval pass on both internal/service and internal/api/handler packages. Workspace docs (cowork/) carry the same references and will be swept separately — they're not under certctl/ git control. The two filename references (cowork/infisical-deep-research-results.md + cowork/infisical-deep-research-prompt.md) get renamed alongside that sweep to deep-research-results-2026-05-03.md / deep-research-prompt-2026-05-03.md so cross-references in the certctl repo doc-comments resolve cleanly.
24 lines
1.2 KiB
SQL
24 lines
1.2 KiB
SQL
-- Rank 4 of the 2026-05-03 deep-research deliverable
|
|
-- (cowork/deep-research-results-2026-05-03.md Part 5). Adds the
|
|
-- per-policy channel matrix that the multi-channel expiry-alert
|
|
-- routing reads from. Two JSONB columns:
|
|
--
|
|
-- alert_channels — map[severity_tier][]channel_name. Default
|
|
-- is '{}' so the runtime falls through to
|
|
-- domain.DefaultAlertChannels() (Email-only
|
|
-- across all tiers, the back-compat
|
|
-- behaviour).
|
|
-- alert_severity_map — map[threshold_days]severity_tier. Default
|
|
-- is '{}' so the runtime falls through to
|
|
-- domain.DefaultAlertSeverityMap() (the
|
|
-- canonical 30/14/7/0 → informational/warning/
|
|
-- warning/critical mapping).
|
|
--
|
|
-- Both columns use IF NOT EXISTS so the migration is idempotent —
|
|
-- safe to re-run on every certctl-server boot per the
|
|
-- "Idempotent migrations" architecture decision in CLAUDE.md.
|
|
|
|
ALTER TABLE renewal_policies
|
|
ADD COLUMN IF NOT EXISTS alert_channels JSONB NOT NULL DEFAULT '{}'::jsonb,
|
|
ADD COLUMN IF NOT EXISTS alert_severity_map JSONB NOT NULL DEFAULT '{}'::jsonb;
|