77a23c270b
First of three sequenced plans for the alerting feature. Covers: - Cross-cutting http/ module (OutboundHttpClientFactory, SslContextBuilder, TLS trust composition, startup validation) - Admin-managed OutboundConnection with PG persistence, AES-GCM-encrypted HMAC secret (resolves spec §20 item 2) - Admin CRUD REST + test endpoint + RBAC + audit - Admin UI page with TLS config, allowed-envs multi-select, test action - OIDC retrofit deliberately deferred (documented in Task 4 audit) Plan 02 (alerting backend) and Plan 03 (alerting UI) written after Plan 01 executes — lets reality inform their details, especially the secret-cipher interface and the rules-referencing integration point. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>