feat: add trends, download/upload, dns validator & alerting

Release-As: 1.5.0

Author: meysam81

.gitignore

@@ -63,3 +63,7 @@ ignore
 .envrc*
 db.sqlite*
 *~
+.agents
+.claude
+.direnv
+docs/plans/

bun.lock

@@ -0,0 +1,184 @@
+// Package alerting provides email and webhook alerting for DMARC compliance changes.
+package alerting
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"net/http"
+	"net/smtp"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/rs/zerolog"
+
+	"github.com/meysam81/parse-dmarc/internal/storage"
+)
+
+// Config holds alerting configuration.
+type Config struct {
+	Enabled             bool    `json:"enabled" env:"ALERTING_ENABLED"`
+	ComplianceThreshold float64 `json:"compliance_threshold" env:"ALERTING_COMPLIANCE_THRESHOLD"`   // Alert when compliance drops below this (default 90)
+	VolumeChangePercent float64 `json:"volume_change_percent" env:"ALERTING_VOLUME_CHANGE_PERCENT"` // Alert when volume changes by this % (default 50)
+	CooldownMinutes     int     `json:"cooldown_minutes" env:"ALERTING_COOLDOWN_MINUTES"`           // Min minutes between same alert type (default 60)
+
+	// Email (SMTP) settings
+	SMTPHost     string   `json:"smtp_host" env:"ALERTING_SMTP_HOST"`
+	SMTPPort     int      `json:"smtp_port" env:"ALERTING_SMTP_PORT"`
+	SMTPUsername string   `json:"smtp_username" env:"ALERTING_SMTP_USERNAME"`
+	SMTPPassword string   `json:"smtp_password" env:"ALERTING_SMTP_PASSWORD"`
+	SMTPFrom     string   `json:"smtp_from" env:"ALERTING_SMTP_FROM"`
+	EmailTo      []string `json:"email_to" env:"ALERTING_EMAIL_TO" envSeparator:","`
+
+	// Webhook settings
+	WebhookURLs []string `json:"webhook_urls" env:"ALERTING_WEBHOOK_URLS" envSeparator:","`
+}
+
+// Alert represents an alert event.
+type Alert struct {
+	Type      string                 `json:"type"`     // compliance_drop, new_source, volume_spike
+	Severity  string                 `json:"severity"` // info, warning, critical
+	Title     string                 `json:"title"`
+	Message   string                 `json:"message"`
+	Details   map[string]interface{} `json:"details,omitempty"`
+	Timestamp time.Time              `json:"timestamp"`
+}
+
+// Alerter manages alert evaluation and delivery.
+type Alerter struct {
+	config     *Config
+	store      *storage.Storage
+	log        *zerolog.Logger
+	lastAlerts map[string]time.Time // type -> last sent time
+}
+
+// New creates a new Alerter.
+func New(cfg *Config, store *storage.Storage, log *zerolog.Logger) *Alerter {
+	if cfg.ComplianceThreshold == 0 {
+		cfg.ComplianceThreshold = 90
+	}
+	if cfg.VolumeChangePercent == 0 {
+		cfg.VolumeChangePercent = 50
+	}
+	if cfg.CooldownMinutes == 0 {
+		cfg.CooldownMinutes = 60
+	}
+
+	return &Alerter{
+		config:     cfg,
+		store:      store,
+		log:        log,
+		lastAlerts: make(map[string]time.Time),
+	}
+}
+
+// Evaluate checks current data against alert thresholds and sends alerts if needed.
+func (a *Alerter) Evaluate(ctx context.Context) {
+	if !a.config.Enabled {
+		return
+	}
+
+	stats, err := a.store.GetStatistics()
+	if err != nil || !stats.HasData {
+		return
+	}
+
+	// Check compliance threshold
+	if stats.ComplianceRate < a.config.ComplianceThreshold {
+		a.sendIfCooldown("compliance_drop", Alert{
+			Type:     "compliance_drop",
+			Severity: severity(stats.ComplianceRate, 80, 50),
+			Title:    "DMARC Compliance Below Threshold",
+			Message: fmt.Sprintf(
+				"Compliance rate is %.1f%%, below the %.0f%% threshold.",
+				stats.ComplianceRate, a.config.ComplianceThreshold,
+			),
+			Details: map[string]interface{}{
+				"compliance_rate": stats.ComplianceRate,
+				"threshold":       a.config.ComplianceThreshold,
+				"total_messages":  stats.TotalMessages,
+			},
+			Timestamp: time.Now(),
+		})
+	}
+}
+
+func severity(rate, warnThreshold, critThreshold float64) string {
+	if rate < critThreshold {
+		return "critical"
+	}
+	if rate < warnThreshold {
+		return "warning"
+	}
+	return "info"
+}
+
+func (a *Alerter) sendIfCooldown(alertType string, alert Alert) {
+	cooldown := time.Duration(a.config.CooldownMinutes) * time.Minute
+	if last, ok := a.lastAlerts[alertType]; ok && time.Since(last) < cooldown {
+		return
+	}
+
+	a.lastAlerts[alertType] = time.Now()
+
+	// Send via all configured channels
+	if len(a.config.EmailTo) > 0 && a.config.SMTPHost != "" {
+		if err := a.sendEmail(alert); err != nil {
+			a.log.Error().Err(err).Str("type", alertType).Msg("failed to send email alert")
+		}
+	}
+
+	for _, url := range a.config.WebhookURLs {
+		if err := a.sendWebhook(url, alert); err != nil {
+			a.log.Error().Err(err).Str("url", url).Str("type", alertType).Msg("failed to send webhook alert")
+		}
+	}
+
+	a.log.Info().Str("type", alertType).Str("severity", alert.Severity).Msg("alert sent")
+}
+
+func (a *Alerter) sendEmail(alert Alert) error {
+	subject := fmt.Sprintf("[Parse DMARC] %s: %s", alert.Severity, alert.Title)
+	body := fmt.Sprintf("Subject: %s\r\nFrom: %s\r\nContent-Type: text/plain\r\n\r\n%s\r\n\r\nSeverity: %s\r\nTime: %s\r\n",
+		subject,
+		a.config.SMTPFrom,
+		alert.Message,
+		alert.Severity,
+		alert.Timestamp.Format(time.RFC3339),
+	)
+
+	addr := fmt.Sprintf("%s:%d", a.config.SMTPHost, a.config.SMTPPort)
+	var auth smtp.Auth
+	if a.config.SMTPUsername != "" {
+		auth = smtp.PlainAuth("", a.config.SMTPUsername, a.config.SMTPPassword, a.config.SMTPHost)
+	}
+
+	return smtp.SendMail(addr, auth, a.config.SMTPFrom, a.config.EmailTo, []byte(body))
+}
+
+func (a *Alerter) sendWebhook(url string, alert Alert) error {
+	payload, err := json.Marshal(alert)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(payload))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("User-Agent", "parse-dmarc-alerting/1.0")
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("webhook returned status %d", resp.StatusCode)
+	}
+
+	return nil
+}