ScadaBridge/docs/requirements/Component-NotificationService.md

Component: Notification Service

Purpose

The Notification Service is the central component that manages notification-list, SMTP, and SMS definitions and provides the per-type delivery adapters used to send notifications. It manages notification-list and delivery-channel definitions, and supplies the stateless "deliver one notification" adapter implementations that the Notification Outbox invokes at delivery time.

The Notification Service no longer delivers notifications from sites. Notification delivery has been inverted: a site script's notification is store-and-forwarded to the central cluster, and the central Notification Outbox owns dispatch and delivery, calling an INotificationDeliveryAdapter supplied by this component. See Component-NotificationOutbox.md.

Location

Central cluster only. The Notification Service manages definitions in the central configuration database and provides the delivery adapters that run on the central cluster. It is no longer present at site clusters, and notification definitions and SMTP configuration are no longer deployed to sites.

Responsibilities

Definitions (Central)

• Store notification lists in the configuration database: list name, list type, and type-specific targets (e.g. recipients for an Email list, phone numbers for an Sms list).
• Store email server configuration (SMTP settings).
• Store SMS provider configuration (SmsConfiguration: Twilio credentials and endpoint settings).
• Managed by users with the Designer role (notification lists) and Admin role (SMTP and SMS configuration).
• Notification lists, SMTP configuration, and SMS configuration are not deployed to sites — they exist centrally only. There is no deploy-to-sites artifact and no local SQLite copy.

Delivery Adapters (Central)

• Provide a delivery adapter implementing INotificationDeliveryAdapter for each notification Type.
• Each adapter is a stateless "deliver one notification" implementation: it composes and sends a single notification and classifies the outcome.
• The Email adapter is the relocated SMTP composition and send logic — formerly run at sites, it now runs on the central cluster.
• The SMS adapter delivers notifications via Twilio REST to a list's phone-number recipients — see SMS Delivery Adapter below.
• Resolve a notification list name to its concrete targets (e.g. recipient addresses or phone numbers) at delivery time, on behalf of the Notification Outbox.

Notification List Definition

Each notification list includes:

• Name: Unique identifier (e.g., "Maintenance-Team", "Shift-Supervisors").
• Type: The notification channel — Email or Sms. Notify.To("list") works transparently for any type — the calling script does not care about the type. The type is chosen at list creation and is fixed — it cannot be changed on update (prevents email/phone recipient mismatch within a list).
• Type-specific targets: The targets appropriate to the list type:
  • Email list — one or more recipient entries, each with a recipient name and email address.
  • SMS list — one or more recipient entries, each with a recipient name and E.164 phone number.

Lists are defined and stored centrally only. Recipient resolution happens at central, at delivery time — a site forwards only (listName, subject, body) plus provenance; the Notification Outbox asks the Notification Service to resolve the list when it dispatches the notification.

Email Server Configuration

The SMTP configuration is defined centrally and used by the central Email delivery adapter. It is not deployed to sites. It includes:

• Server hostname: SMTP server address (e.g., smtp.office365.com).
• Port: SMTP port (e.g., 587 for StartTLS, 465 for SSL).
• Authentication mode: One of:
  • Basic Auth: Username and password. For on-prem SMTP relays or servers that support basic authentication.
  • OAuth2 Client Credentials: Tenant ID, Client ID, and Client Secret. For Microsoft 365 and other modern SMTP providers that require OAuth2. The Email adapter handles the token lifecycle internally (fetch, cache, refresh on expiry).
• TLS mode: None, StartTLS, or SSL.
• From address: The sender email address for all notifications (e.g., scada-notifications@company.com).
• Connection timeout: Maximum time to wait for SMTP connection (default: 30 seconds).
• Max concurrent connections: Maximum simultaneous SMTP connections from the central cluster (default: 5).
• Retry settings: Max retry count, fixed time between retries. The Notification Outbox reuses these for delivery retry of transient failures.

SMS Configuration

The SmsConfiguration entity is defined centrally and used by the central SMS delivery adapter. It mirrors SmtpConfiguration in structure and is not deployed to sites. It is managed by Admin-role users via the CLI (notification sms list|update) and the Central UI /notifications/sms page. It includes:

• Account SID: Twilio Account SID (plaintext; also appears in the API URL path).
• Auth Token: Twilio Auth Token, encrypted at rest via ASP.NET Data Protection (EncryptedStringConverter). The Auth Token is never returned from the list command — the listing reports it only as a hasAuthToken presence flag.
• From number: Sender phone number in E.164 format (e.g., +15551234567). Used unless a Messaging Service SID is specified.
• Messaging Service SID (optional): Twilio Messaging Service SID. When present, Twilio uses it for sender selection; overrides the From number.
• API base URL (optional): Override for the Twilio REST API base URL (default: https://api.twilio.com). Allows pointing at a test/stub handler or a regional endpoint.
• Connection timeout: Maximum time to wait for a Twilio API response.
• Max retries / Retry delay: Delivery retry settings, mirroring the SMTP retry model.

The SmsConfiguration entity travels in Transport bundles — the Auth Token rides the encrypted SecretsBlock (keyed by Account SID), consistent with how SMTP credentials are bundled.

Script API

NotificationId id = Notify.To("listName").Send("subject", "message");
NotificationStatus status = Notify.Status(id);

• Available to instance scripts (via Script Execution Actors), alarm on-trigger scripts (via Alarm Execution Actors), and shared scripts (executing inline).
• Notify.To("listName").Send(...) is asynchronous: it generates a NotificationId (GUID) locally, hands the notification to the site Store-and-Forward Engine for forwarding to central, and returns the NotificationId to the script immediately. The script does not block waiting for delivery.
• The message body is plain text only. No HTML content.
• Notify.Status(notificationId) returns a small status record — the current status, retry count, last error, and key timestamps (enqueued, delivered). While the notification is still in the site Store-and-Forward buffer, the site answers the query locally with status Forwarding; once forwarded to central, the query round-trips to central and reads the Notifications table.
• The returned NotificationId is a TrackedOperationId — the shared Commons tracking-handle type used by all store-and-forward producers; NotificationId is simply the notification-domain name for it. Likewise, Notify.Status is a thin alias of the unified Tracking.Status accessor, retained for backward compatibility. This is a naming/type clarification only — notification delivery behavior is unchanged.

Notification Delivery Behavior

Delivery is performed centrally by the Notification Outbox, which calls the INotificationDeliveryAdapter registered for the notification's Type.

Recipient Handling (Email)

• A single email is sent per notification, with all list recipients in BCC. The from address is placed in the To field.
• Recipients do not see each other's email addresses.
• No per-recipient deduplication — if the same email address appears in multiple lists and a script sends to both, they receive multiple emails.

SMS Delivery Adapter

The SmsNotificationDeliveryAdapter delivers notifications to an SMS list via the Twilio REST API (no Twilio SDK — uses IHttpClientFactory with a named "Twilio" HttpClient and HTTP Basic auth with AccountSid:AuthToken). It is outbound-only; true per-recipient delivery confirmation requires a status-callback webhook (out of scope for v1). "Accepted by Twilio" is treated as delivered, consistent with how the Email adapter treats "accepted by SMTP."

Message Format

• SMS has no subject line. The message body is composed as Subject + newline + Body (whichever are present), plain text, truncated to a configurable cap (SmsOptions.MaxMessageLength, default 1600 — the Twilio maximum) with an ellipsis when over. Twilio segments at 160 GSM-7 characters and bills per segment.

Per-Recipient Delivery (no BCC equivalent)

SMS has no BCC mechanism. The adapter sends one Twilio request per recipient and classifies each:

• All accepted → Success; ResolvedTargets is snapshotted with the accepted numbers.
• Any transient failure → Transient (the whole notification retries at the fixed interval, then Parks after max-retries). Numbers already accepted on a prior attempt are re-texted on retry — the same "re-send to all" characteristic the Email adapter already has with BCC. (v1 does not track per-recipient state; that is a documented future enhancement.)
• No transient failures, mix of accepted + permanent-bad → Success to the good numbers; permanently-bad numbers are recorded in LastError. The notification is not parked if anything got through.
• All permanent / no recipients / no SMS config / list-not-found → Permanent (Park).

Error Classification (SMS)

A small SmsErrorClassifier mirrors the External System Gateway pattern:

• Transient: HTTP 5xx, 408, 429; HttpRequestException, timeout (non-caller-cancel).
• Permanent: other 4xx (including 401/403 bad credentials, 400 invalid/unsubscribed number).

Error Classification (Email)

Each Deliver(...) call returns one of success | transient failure | permanent failure, consistent with the External System Gateway pattern. There is no synchronous permanent-failure return to the script — Send() returns immediately, before any delivery is attempted.

• Transient failures (connection refused, timeout, SMTP 4xx temporary errors): The Notification Outbox moves the row to Retrying and schedules another attempt per the SMTP configuration's retry settings.
• Permanent failures (SMTP 5xx permanent errors, e.g., mailbox not found): The Notification Outbox moves the row to Parked with the error in LastError. The notification will never deliver, and an operator can review or discard it on the Central UI Notification Outbox page.
• Retries exhausted on a transient failure also result in a Parked row.
• A script observes failures only by calling Notify.Status(id) and seeing a Parked status — not as a synchronous exception.

No Rate Limiting

• No application-level rate limiting. If the delivery endpoint enforces sending limits (e.g., Microsoft 365 throttling or Twilio rate limits), those manifest as transient failures and are retried naturally by the Notification Outbox.

Dependencies

• Configuration Database (MS SQL): Stores notification list definitions (name, type, type-specific targets), SMTP configuration, and SmsConfiguration.
• Notification Outbox: Invokes the delivery adapters supplied by this component and asks it to resolve notification lists at delivery time.
• Security & Auth: Designer role manages notification lists.
• Configuration Database (via IAuditService): Notification list changes are audit logged.

Interactions

• Notification Outbox: Consumes the per-type delivery adapters and the list-resolution service this component provides; the outbox owns dispatch, retry, parking, and status.
• Site Runtime (Script/Alarm Execution Actors): Scripts invoke Notify.To().Send() and Notify.Status(). Send() generates a NotificationId and hands the notification to the site Store-and-Forward Engine; it does not contact this component synchronously.
• Store-and-Forward Engine (site): Forwards a script's notification to central; the central Notification Outbox ingests it for delivery. The Notification Service does not interact with the site Store-and-Forward Engine directly.