From 75856123471765fed62b39ed28945a70b90023df Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Mon, 18 May 2026 23:40:01 -0400 Subject: [PATCH] docs(notification-outbox): split overstuffed CLAUDE.md design-decision bullet --- CLAUDE.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CLAUDE.md b/CLAUDE.md index 425adcc..94a7126 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -113,7 +113,13 @@ This project contains design documentation for a distributed SCADA system built - Async best-effort replication to standby (no ack wait). - Messages not cleared on instance deletion. - CachedCall idempotency is the caller's responsibility. -- Notification Outbox: central `NotificationOutboxActor` singleton on the active central node — the first centrally-hosted outbox (S&F Engine remains site-only). Owns the durable `Notifications` table in central MS SQL — the single source of audit truth (one row per notification). Dispatcher loop polls due rows, resolves the list, delivers via the typed adapter; transient failures retry to `Parked`, permanent failures park immediately. `Notifications` table is type-agnostic via the `Type` discriminator; status lifecycle `Pending → Retrying → Delivered / Parked / Discarded` (plus site-local `Forwarding`, never persisted centrally). Site→central handoff is at-least-once with ack-after-persist and insert-if-not-exists on `NotificationId`. No Akka replication — MS SQL is the HA store; daily purge of terminal rows after a configurable window (default 365 days). Retry reuses central SMTP max-retry-count and fixed interval. +- Notification Outbox: central `NotificationOutboxActor` singleton on the active central node — the first centrally-hosted outbox (S&F Engine remains site-only). +- `Notifications` table in central MS SQL is the single source of audit truth (one row per notification); type-agnostic via the `Type` discriminator. +- Status lifecycle `Pending → Retrying → Delivered / Parked / Discarded`, plus site-local `Forwarding` (never persisted centrally). +- Dispatcher loop polls due rows, resolves the list, delivers via the typed adapter; transient failures retry to `Parked`, permanent failures park immediately. +- Site→central handoff is at-least-once: ack-after-persist plus insert-if-not-exists on `NotificationId`. +- No Akka replication — MS SQL is the HA store; daily purge of terminal rows after a configurable window (default 365 days). +- Notification Outbox retry reuses central SMTP max-retry-count and fixed interval. ### Security & Auth - Authentication: direct LDAP bind (username/password), no Kerberos/NTLM. LDAPS/StartTLS required.