Phase 8: Production readiness — failover tests, security hardening, sandboxing, deployment docs

- WP-1-3: Central/site failover + dual-node recovery tests (17 tests)
- WP-4: Performance testing framework for target scale (7 tests)
- WP-5: Security hardening (LDAPS, JWT key length, no secrets in logs) (11 tests)
- WP-6: Script sandboxing adversarial tests (28 tests, all forbidden APIs)
- WP-7: Recovery drill test scaffolds (5 tests)
- WP-8: Observability validation (structured logs, correlation IDs, metrics) (6 tests)
- WP-9: Message contract compatibility (forward/backward compat) (18 tests)
- WP-10: Deployment packaging (installation guide, production checklist, topology)
- WP-11: Operational runbooks (failover, troubleshooting, maintenance)
92 new tests, all passing. Zero warnings.

src/ScadaLink.ConfigurationDatabase/Repositories/ExternalSystemRepository.cs

@@ -0,0 +1,72 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.ExternalSystems;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.ConfigurationDatabase.Repositories;
+
+public class ExternalSystemRepository : IExternalSystemRepository
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public ExternalSystemRepository(ScadaLinkDbContext context)
+    {
+        _context = context;
+    }
+
+    public async Task<ExternalSystemDefinition?> GetExternalSystemByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemDefinition>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<ExternalSystemDefinition>> GetAllExternalSystemsAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemDefinition>().ToListAsync(cancellationToken);
+
+    public async Task AddExternalSystemAsync(ExternalSystemDefinition definition, CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemDefinition>().AddAsync(definition, cancellationToken);
+
+    public Task UpdateExternalSystemAsync(ExternalSystemDefinition definition, CancellationToken cancellationToken = default)
+    { _context.Set<ExternalSystemDefinition>().Update(definition); return Task.CompletedTask; }
+
+    public async Task DeleteExternalSystemAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetExternalSystemByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<ExternalSystemDefinition>().Remove(entity);
+    }
+
+    public async Task<ExternalSystemMethod?> GetExternalSystemMethodByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemMethod>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<ExternalSystemMethod>> GetMethodsByExternalSystemIdAsync(int externalSystemId, CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemMethod>().Where(m => m.ExternalSystemDefinitionId == externalSystemId).ToListAsync(cancellationToken);
+
+    public async Task AddExternalSystemMethodAsync(ExternalSystemMethod method, CancellationToken cancellationToken = default)
+        => await _context.Set<ExternalSystemMethod>().AddAsync(method, cancellationToken);
+
+    public Task UpdateExternalSystemMethodAsync(ExternalSystemMethod method, CancellationToken cancellationToken = default)
+    { _context.Set<ExternalSystemMethod>().Update(method); return Task.CompletedTask; }
+
+    public async Task DeleteExternalSystemMethodAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetExternalSystemMethodByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<ExternalSystemMethod>().Remove(entity);
+    }
+
+    public async Task<DatabaseConnectionDefinition?> GetDatabaseConnectionByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<DatabaseConnectionDefinition>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<DatabaseConnectionDefinition>> GetAllDatabaseConnectionsAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<DatabaseConnectionDefinition>().ToListAsync(cancellationToken);
+
+    public async Task AddDatabaseConnectionAsync(DatabaseConnectionDefinition definition, CancellationToken cancellationToken = default)
+        => await _context.Set<DatabaseConnectionDefinition>().AddAsync(definition, cancellationToken);
+
+    public Task UpdateDatabaseConnectionAsync(DatabaseConnectionDefinition definition, CancellationToken cancellationToken = default)
+    { _context.Set<DatabaseConnectionDefinition>().Update(definition); return Task.CompletedTask; }
+
+    public async Task DeleteDatabaseConnectionAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetDatabaseConnectionByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<DatabaseConnectionDefinition>().Remove(entity);
+    }
+
+    public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
+        => await _context.SaveChangesAsync(cancellationToken);
+}

src/ScadaLink.ConfigurationDatabase/Repositories/InboundApiRepository.cs

@@ -0,0 +1,74 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.InboundApi;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.ConfigurationDatabase.Repositories;
+
+public class InboundApiRepository : IInboundApiRepository
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public InboundApiRepository(ScadaLinkDbContext context)
+    {
+        _context = context;
+    }
+
+    public async Task<ApiKey?> GetApiKeyByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiKey>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<ApiKey>> GetAllApiKeysAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<ApiKey>().ToListAsync(cancellationToken);
+
+    public async Task<ApiKey?> GetApiKeyByValueAsync(string keyValue, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiKey>().FirstOrDefaultAsync(k => k.KeyValue == keyValue, cancellationToken);
+
+    public async Task AddApiKeyAsync(ApiKey apiKey, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiKey>().AddAsync(apiKey, cancellationToken);
+
+    public Task UpdateApiKeyAsync(ApiKey apiKey, CancellationToken cancellationToken = default)
+    { _context.Set<ApiKey>().Update(apiKey); return Task.CompletedTask; }
+
+    public async Task DeleteApiKeyAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetApiKeyByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<ApiKey>().Remove(entity);
+    }
+
+    public async Task<ApiMethod?> GetApiMethodByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiMethod>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<ApiMethod>> GetAllApiMethodsAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<ApiMethod>().ToListAsync(cancellationToken);
+
+    public async Task<ApiMethod?> GetMethodByNameAsync(string name, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiMethod>().FirstOrDefaultAsync(m => m.Name == name, cancellationToken);
+
+    public async Task<IReadOnlyList<ApiKey>> GetApprovedKeysForMethodAsync(int methodId, CancellationToken cancellationToken = default)
+    {
+        var method = await _context.Set<ApiMethod>().FindAsync(new object[] { methodId }, cancellationToken);
+        if (method?.ApprovedApiKeyIds == null)
+            return new List<ApiKey>();
+
+        var keyIds = method.ApprovedApiKeyIds.Split(',', StringSplitOptions.RemoveEmptyEntries)
+            .Select(s => int.TryParse(s.Trim(), out var id) ? id : -1)
+            .Where(id => id > 0)
+            .ToList();
+
+        return await _context.Set<ApiKey>().Where(k => keyIds.Contains(k.Id)).ToListAsync(cancellationToken);
+    }
+
+    public async Task AddApiMethodAsync(ApiMethod method, CancellationToken cancellationToken = default)
+        => await _context.Set<ApiMethod>().AddAsync(method, cancellationToken);
+
+    public Task UpdateApiMethodAsync(ApiMethod method, CancellationToken cancellationToken = default)
+    { _context.Set<ApiMethod>().Update(method); return Task.CompletedTask; }
+
+    public async Task DeleteApiMethodAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetApiMethodByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<ApiMethod>().Remove(entity);
+    }
+
+    public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
+        => await _context.SaveChangesAsync(cancellationToken);
+}

src/ScadaLink.ConfigurationDatabase/Repositories/NotificationRepository.cs

@@ -0,0 +1,75 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.Notifications;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.ConfigurationDatabase.Repositories;
+
+public class NotificationRepository : INotificationRepository
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public NotificationRepository(ScadaLinkDbContext context)
+    {
+        _context = context;
+    }
+
+    public async Task<NotificationList?> GetNotificationListByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationList>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<NotificationList>> GetAllNotificationListsAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationList>().ToListAsync(cancellationToken);
+
+    public async Task<NotificationList?> GetListByNameAsync(string name, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationList>().FirstOrDefaultAsync(l => l.Name == name, cancellationToken);
+
+    public async Task AddNotificationListAsync(NotificationList list, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationList>().AddAsync(list, cancellationToken);
+
+    public Task UpdateNotificationListAsync(NotificationList list, CancellationToken cancellationToken = default)
+    { _context.Set<NotificationList>().Update(list); return Task.CompletedTask; }
+
+    public async Task DeleteNotificationListAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetNotificationListByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<NotificationList>().Remove(entity);
+    }
+
+    public async Task<NotificationRecipient?> GetRecipientByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationRecipient>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<NotificationRecipient>> GetRecipientsByListIdAsync(int notificationListId, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationRecipient>().Where(r => r.NotificationListId == notificationListId).ToListAsync(cancellationToken);
+
+    public async Task AddRecipientAsync(NotificationRecipient recipient, CancellationToken cancellationToken = default)
+        => await _context.Set<NotificationRecipient>().AddAsync(recipient, cancellationToken);
+
+    public Task UpdateRecipientAsync(NotificationRecipient recipient, CancellationToken cancellationToken = default)
+    { _context.Set<NotificationRecipient>().Update(recipient); return Task.CompletedTask; }
+
+    public async Task DeleteRecipientAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetRecipientByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<NotificationRecipient>().Remove(entity);
+    }
+
+    public async Task<SmtpConfiguration?> GetSmtpConfigurationByIdAsync(int id, CancellationToken cancellationToken = default)
+        => await _context.Set<SmtpConfiguration>().FindAsync(new object[] { id }, cancellationToken);
+
+    public async Task<IReadOnlyList<SmtpConfiguration>> GetAllSmtpConfigurationsAsync(CancellationToken cancellationToken = default)
+        => await _context.Set<SmtpConfiguration>().ToListAsync(cancellationToken);
+
+    public async Task AddSmtpConfigurationAsync(SmtpConfiguration configuration, CancellationToken cancellationToken = default)
+        => await _context.Set<SmtpConfiguration>().AddAsync(configuration, cancellationToken);
+
+    public Task UpdateSmtpConfigurationAsync(SmtpConfiguration configuration, CancellationToken cancellationToken = default)
+    { _context.Set<SmtpConfiguration>().Update(configuration); return Task.CompletedTask; }
+
+    public async Task DeleteSmtpConfigurationAsync(int id, CancellationToken cancellationToken = default)
+    {
+        var entity = await GetSmtpConfigurationByIdAsync(id, cancellationToken);
+        if (entity != null) _context.Set<SmtpConfiguration>().Remove(entity);
+    }
+
+    public async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
+        => await _context.SaveChangesAsync(cancellationToken);
+}

src/ScadaLink.ConfigurationDatabase/Services/InstanceLocator.cs

@@ -0,0 +1,33 @@
+using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Interfaces.Services;
+
+namespace ScadaLink.ConfigurationDatabase.Services;
+
+/// <summary>
+/// Resolves instance unique names to site identifiers using the configuration database.
+/// </summary>
+public class InstanceLocator : IInstanceLocator
+{
+    private readonly ScadaLinkDbContext _context;
+
+    public InstanceLocator(ScadaLinkDbContext context)
+    {
+        _context = context;
+    }
+
+    public async Task<string?> GetSiteIdForInstanceAsync(
+        string instanceUniqueName,
+        CancellationToken cancellationToken = default)
+    {
+        var instance = await _context.Set<Commons.Entities.Instances.Instance>()
+            .FirstOrDefaultAsync(i => i.UniqueName == instanceUniqueName, cancellationToken);
+
+        if (instance == null)
+            return null;
+
+        var site = await _context.Set<Commons.Entities.Sites.Site>()
+            .FindAsync(new object[] { instance.SiteId }, cancellationToken);
+
+        return site?.SiteIdentifier;
+    }
+}