@checkmate-monitor/incident-backend 0.0.2

package/CHANGELOG.md

@@ -0,0 +1,22 @@
+# @checkmate-monitor/incident-backend
+
+## 0.0.2
+
+### Patch Changes
+
+- Updated dependencies [ffc28f6]
+- Updated dependencies [4dd644d]
+- Updated dependencies [71275dd]
+- Updated dependencies [ae19ff6]
+- Updated dependencies [b55fae6]
+- Updated dependencies [b354ab3]
+- Updated dependencies [81f3f85]
+  - @checkmate-monitor/common@0.1.0
+  - @checkmate-monitor/backend-api@1.0.0
+  - @checkmate-monitor/catalog-common@0.1.0
+  - @checkmate-monitor/incident-common@0.1.0
+  - @checkmate-monitor/integration-common@0.1.0
+  - @checkmate-monitor/signal-common@0.1.0
+  - @checkmate-monitor/catalog-backend@0.0.2
+  - @checkmate-monitor/command-backend@0.0.2
+  - @checkmate-monitor/integration-backend@0.0.2

package/drizzle/0000_sticky_unus.sql

@@ -0,0 +1,29 @@
+CREATE TYPE "incident_severity" AS ENUM('minor', 'major', 'critical');--> statement-breakpoint
+CREATE TYPE "incident_status" AS ENUM('investigating', 'identified', 'fixing', 'monitoring', 'resolved');--> statement-breakpoint
+CREATE TABLE "incident_systems" (
+	"incident_id" text NOT NULL,
+	"system_id" text NOT NULL,
+	CONSTRAINT "incident_systems_incident_id_system_id_pk" PRIMARY KEY("incident_id","system_id")
+);
+--> statement-breakpoint
+CREATE TABLE "incident_updates" (
+	"id" text PRIMARY KEY NOT NULL,
+	"incident_id" text NOT NULL,
+	"message" text NOT NULL,
+	"status_change" "incident_status",
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"created_by" text
+);
+--> statement-breakpoint
+CREATE TABLE "incidents" (
+	"id" text PRIMARY KEY NOT NULL,
+	"title" text NOT NULL,
+	"description" text,
+	"status" "incident_status" DEFAULT 'investigating' NOT NULL,
+	"severity" "incident_severity" DEFAULT 'major' NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "incident_systems" ADD CONSTRAINT "incident_systems_incident_id_incidents_id_fk" FOREIGN KEY ("incident_id") REFERENCES "incidents"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "incident_updates" ADD CONSTRAINT "incident_updates_incident_id_incidents_id_fk" FOREIGN KEY ("incident_id") REFERENCES "incidents"("id") ON DELETE cascade ON UPDATE no action;

package/drizzle/meta/0000_snapshot.json

@@ -0,0 +1,213 @@
+{
+  "id": "b27ece12-64f5-454b-aef9-e0f95aeda850",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.incident_systems": {
+      "name": "incident_systems",
+      "schema": "",
+      "columns": {
+        "incident_id": {
+          "name": "incident_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "system_id": {
+          "name": "system_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "incident_systems_incident_id_incidents_id_fk": {
+          "name": "incident_systems_incident_id_incidents_id_fk",
+          "tableFrom": "incident_systems",
+          "tableTo": "incidents",
+          "columnsFrom": [
+            "incident_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "incident_systems_incident_id_system_id_pk": {
+          "name": "incident_systems_incident_id_system_id_pk",
+          "columns": [
+            "incident_id",
+            "system_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.incident_updates": {
+      "name": "incident_updates",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "incident_id": {
+          "name": "incident_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "status_change": {
+          "name": "status_change",
+          "type": "incident_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "incident_updates_incident_id_incidents_id_fk": {
+          "name": "incident_updates_incident_id_incidents_id_fk",
+          "tableFrom": "incident_updates",
+          "tableTo": "incidents",
+          "columnsFrom": [
+            "incident_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.incidents": {
+      "name": "incidents",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "status": {
+          "name": "status",
+          "type": "incident_status",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'investigating'"
+        },
+        "severity": {
+          "name": "severity",
+          "type": "incident_severity",
+          "typeSchema": "public",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'major'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {
+    "public.incident_severity": {
+      "name": "incident_severity",
+      "schema": "public",
+      "values": [
+        "minor",
+        "major",
+        "critical"
+      ]
+    },
+    "public.incident_status": {
+      "name": "incident_status",
+      "schema": "public",
+      "values": [
+        "investigating",
+        "identified",
+        "fixing",
+        "monitoring",
+        "resolved"
+      ]
+    }
+  },
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

package/drizzle/meta/_journal.json

@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1767395825368,
+      "tag": "0000_sticky_unus",
+      "breakpoints": true
+    }
+  ]
+}

package/drizzle.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from "drizzle-kit";
+
+export default defineConfig({
+  schema: "./src/schema.ts",
+  out: "./drizzle",
+  dialect: "postgresql",
+});

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@checkmate-monitor/incident-backend",
+  "version": "0.0.2",
+  "type": "module",
+  "main": "src/index.ts",
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "generate": "drizzle-kit generate",
+    "lint": "bun run lint:code",
+    "lint:code": "eslint . --max-warnings 0"
+  },
+  "dependencies": {
+    "@checkmate-monitor/backend-api": "workspace:*",
+    "@checkmate-monitor/incident-common": "workspace:*",
+    "@checkmate-monitor/catalog-common": "workspace:*",
+    "@checkmate-monitor/catalog-backend": "workspace:*",
+    "@checkmate-monitor/command-backend": "workspace:*",
+    "@checkmate-monitor/signal-common": "workspace:*",
+    "@checkmate-monitor/integration-backend": "workspace:*",
+    "@checkmate-monitor/integration-common": "workspace:*",
+    "@checkmate-monitor/common": "workspace:*",
+    "drizzle-orm": "^0.45.1",
+    "zod": "^4.2.1"
+  },
+  "devDependencies": {
+    "@checkmate-monitor/drizzle-helper": "workspace:*",
+    "@checkmate-monitor/scripts": "workspace:*",
+    "@checkmate-monitor/test-utils-backend": "workspace:*",
+    "@checkmate-monitor/tsconfig": "workspace:*",
+    "@orpc/server": "^1.13.2",
+    "@types/bun": "^1.0.0",
+    "drizzle-kit": "^0.31.8",
+    "typescript": "^5.0.0"
+  }
+}

package/src/hooks.ts

@@ -0,0 +1,47 @@
+import { createHook } from "@checkmate-monitor/backend-api";
+
+/**
+ * Incident hooks for cross-plugin communication.
+ * Other plugins can subscribe to these hooks to react to incident lifecycle events.
+ */
+export const incidentHooks = {
+  /**
+   * Emitted when a new incident is created.
+   * Plugins can subscribe (work-queue mode) to react to new incidents.
+   */
+  incidentCreated: createHook<{
+    incidentId: string;
+    systemIds: string[];
+    title: string;
+    description?: string;
+    severity: string;
+    status: string;
+    createdAt: string;
+  }>("incident.created"),
+
+  /**
+   * Emitted when an incident is updated (info or status change).
+   * Plugins can subscribe (work-queue mode) to react to updates.
+   */
+  incidentUpdated: createHook<{
+    incidentId: string;
+    systemIds: string[];
+    title: string;
+    description?: string;
+    severity: string;
+    status: string;
+    statusChange?: string;
+  }>("incident.updated"),
+
+  /**
+   * Emitted when an incident is resolved.
+   * Plugins can subscribe to clean up or log incident resolutions.
+   */
+  incidentResolved: createHook<{
+    incidentId: string;
+    systemIds: string[];
+    title: string;
+    severity: string;
+    resolvedAt: string;
+  }>("incident.resolved"),
+} as const;

package/src/index.ts

@@ -0,0 +1,179 @@
+import * as schema from "./schema";
+import type { NodePgDatabase } from "drizzle-orm/node-postgres";
+import { z } from "zod";
+import {
+  permissionList,
+  pluginMetadata,
+  incidentContract,
+  incidentRoutes,
+  permissions,
+} from "@checkmate-monitor/incident-common";
+import {
+  createBackendPlugin,
+  coreServices,
+} from "@checkmate-monitor/backend-api";
+import { integrationEventExtensionPoint } from "@checkmate-monitor/integration-backend";
+import { IncidentService } from "./service";
+import { createRouter } from "./router";
+import { CatalogApi } from "@checkmate-monitor/catalog-common";
+import { catalogHooks } from "@checkmate-monitor/catalog-backend";
+import { registerSearchProvider } from "@checkmate-monitor/command-backend";
+import { resolveRoute } from "@checkmate-monitor/common";
+import { incidentHooks } from "./hooks";
+
+// =============================================================================
+// Integration Event Payload Schemas
+// =============================================================================
+
+const incidentCreatedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  description: z.string().optional(),
+  severity: z.string(),
+  status: z.string(),
+  createdAt: z.string(),
+});
+
+const incidentUpdatedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  description: z.string().optional(),
+  severity: z.string(),
+  status: z.string(),
+  statusChange: z.string().optional(),
+});
+
+const incidentResolvedPayloadSchema = z.object({
+  incidentId: z.string(),
+  systemIds: z.array(z.string()),
+  title: z.string(),
+  severity: z.string(),
+  resolvedAt: z.string(),
+});
+
+// =============================================================================
+// Plugin Definition
+// =============================================================================
+
+export default createBackendPlugin({
+  metadata: pluginMetadata,
+  register(env) {
+    env.registerPermissions(permissionList);
+
+    // Register hooks as integration events
+    const integrationEvents = env.getExtensionPoint(
+      integrationEventExtensionPoint
+    );
+
+    integrationEvents.registerEvent(
+      {
+        hook: incidentHooks.incidentCreated,
+        displayName: "Incident Created",
+        description: "Fired when a new incident is created",
+        category: "Incidents",
+        payloadSchema: incidentCreatedPayloadSchema,
+      },
+      pluginMetadata
+    );
+
+    integrationEvents.registerEvent(
+      {
+        hook: incidentHooks.incidentUpdated,
+        displayName: "Incident Updated",
+        description:
+          "Fired when an incident is updated (info or status change)",
+        category: "Incidents",
+        payloadSchema: incidentUpdatedPayloadSchema,
+      },
+      pluginMetadata
+    );
+
+    integrationEvents.registerEvent(
+      {
+        hook: incidentHooks.incidentResolved,
+        displayName: "Incident Resolved",
+        description: "Fired when an incident is marked as resolved",
+        category: "Incidents",
+        payloadSchema: incidentResolvedPayloadSchema,
+      },
+      pluginMetadata
+    );
+
+    env.registerInit({
+      schema,
+      deps: {
+        logger: coreServices.logger,
+        rpc: coreServices.rpc,
+        rpcClient: coreServices.rpcClient,
+        signalService: coreServices.signalService,
+      },
+      init: async ({ logger, database, rpc, rpcClient, signalService }) => {
+        logger.debug("🔧 Initializing Incident Backend...");
+
+        const catalogClient = rpcClient.forPlugin(CatalogApi);
+
+        const service = new IncidentService(
+          database as NodePgDatabase<typeof schema>
+        );
+        const router = createRouter(
+          service,
+          signalService,
+          catalogClient,
+          logger
+        );
+        rpc.registerRouter(router, incidentContract);
+
+        // Register "Create Incident" command in the command palette
+        registerSearchProvider({
+          pluginMetadata,
+          commands: [
+            {
+              id: "create",
+              title: "Create Incident",
+              subtitle: "Report a new incident affecting systems",
+              iconName: "AlertCircle",
+              route:
+                resolveRoute(incidentRoutes.routes.config) + "?action=create",
+              requiredPermissions: [permissions.incidentManage],
+            },
+            {
+              id: "manage",
+              title: "Manage Incidents",
+              subtitle: "Manage incidents affecting systems",
+              iconName: "AlertCircle",
+              shortcuts: ["meta+shift+i", "ctrl+shift+i"],
+              route: resolveRoute(incidentRoutes.routes.config),
+              requiredPermissions: [permissions.incidentManage],
+            },
+          ],
+        });
+
+        logger.debug("✅ Incident Backend initialized.");
+      },
+      // Phase 3: Subscribe to catalog events for cleanup
+      afterPluginsReady: async ({ database, logger, onHook }) => {
+        const typedDb = database as NodePgDatabase<typeof schema>;
+        const service = new IncidentService(typedDb);
+
+        // Subscribe to catalog system deletion to clean up associations
+        onHook(
+          catalogHooks.systemDeleted,
+          async (payload) => {
+            logger.debug(
+              `Cleaning up incident associations for deleted system: ${payload.systemId}`
+            );
+            await service.removeSystemAssociations(payload.systemId);
+          },
+          { mode: "work-queue", workerGroup: "incident-system-cleanup" }
+        );
+
+        logger.debug("✅ Incident Backend afterPluginsReady complete.");
+      },
+    });
+  },
+});
+
+// Re-export hooks for other plugins to use
+export { incidentHooks } from "./hooks";

package/src/router.ts

@@ -0,0 +1,265 @@
+import { implement, ORPCError } from "@orpc/server";
+import {
+  incidentContract,
+  INCIDENT_UPDATED,
+  incidentRoutes,
+} from "@checkmate-monitor/incident-common";
+import {
+  autoAuthMiddleware,
+  Logger,
+  type RpcContext,
+} from "@checkmate-monitor/backend-api";
+import type { SignalService } from "@checkmate-monitor/signal-common";
+import type { IncidentService } from "./service";
+import { CatalogApi } from "@checkmate-monitor/catalog-common";
+import type { InferClient } from "@checkmate-monitor/common";
+import { resolveRoute } from "@checkmate-monitor/common";
+import { incidentHooks } from "./hooks";
+
+export function createRouter(
+  service: IncidentService,
+  signalService: SignalService,
+  catalogClient: InferClient<typeof CatalogApi>,
+  logger: Logger
+) {
+  const os = implement(incidentContract)
+    .$context<RpcContext>()
+    .use(autoAuthMiddleware);
+
+  /**
+   * Helper to notify subscribers of affected systems about an incident event.
+   * Each system triggers a separate notification call, but within each call
+   * the subscribers are deduplicated (system + its groups).
+   */
+  const notifyAffectedSystems = async (props: {
+    incidentId: string;
+    incidentTitle: string;
+    systemIds: string[];
+    action: "created" | "updated" | "resolved";
+    severity: string;
+  }) => {
+    const { incidentId, incidentTitle, systemIds, action, severity } = props;
+
+    const actionText =
+      action === "created"
+        ? "reported"
+        : action === "resolved"
+        ? "resolved"
+        : "updated";
+
+    const importance =
+      severity === "critical"
+        ? "critical"
+        : severity === "major"
+        ? "warning"
+        : "info";
+
+    const incidentDetailPath = resolveRoute(incidentRoutes.routes.detail, {
+      incidentId,
+    });
+
+    // Deduplicate: collect unique system IDs
+    const uniqueSystemIds = [...new Set(systemIds)];
+
+    for (const systemId of uniqueSystemIds) {
+      try {
+        await catalogClient.notifySystemSubscribers({
+          systemId,
+          title: `Incident ${actionText}`,
+          body: `Incident **"${incidentTitle}"** has been ${actionText} for a system you're subscribed to.`,
+          importance: importance as "info" | "warning" | "critical",
+          action: { label: "View Incident", url: incidentDetailPath },
+          includeGroupSubscribers: true,
+        });
+      } catch (error) {
+        // Log but don't fail the operation - notifications are best-effort
+        logger.warn(
+          `Failed to notify subscribers for system ${systemId}:`,
+          error
+        );
+      }
+    }
+  };
+
+  return os.router({
+    listIncidents: os.listIncidents.handler(async ({ input }) => {
+      return service.listIncidents(input ?? {});
+    }),
+
+    getIncident: os.getIncident.handler(async ({ input }) => {
+      const result = await service.getIncident(input.id);
+      // eslint-disable-next-line unicorn/no-null -- oRPC contract requires null for missing values
+      return result ?? null;
+    }),
+
+    getIncidentsForSystem: os.getIncidentsForSystem.handler(
+      async ({ input }) => {
+        return service.getIncidentsForSystem(input.systemId);
+      }
+    ),
+
+    createIncident: os.createIncident.handler(async ({ input, context }) => {
+      const userId =
+        context.user && "id" in context.user ? context.user.id : undefined;
+      const result = await service.createIncident(input, userId);
+
+      // Broadcast signal for realtime updates
+      await signalService.broadcast(INCIDENT_UPDATED, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        action: "created",
+      });
+
+      // Emit hook for cross-plugin coordination
+      await context.emitHook(incidentHooks.incidentCreated, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        title: result.title,
+        description: result.description,
+        severity: result.severity,
+        status: result.status,
+        createdAt: result.createdAt.toISOString(),
+      });
+
+      // Send notifications to system subscribers
+      await notifyAffectedSystems({
+        incidentId: result.id,
+        incidentTitle: result.title,
+        systemIds: result.systemIds,
+        action: "created",
+        severity: result.severity,
+      });
+
+      return result;
+    }),
+
+    updateIncident: os.updateIncident.handler(async ({ input, context }) => {
+      const result = await service.updateIncident(input);
+      if (!result) {
+        throw new ORPCError("NOT_FOUND", { message: "Incident not found" });
+      }
+
+      // Broadcast signal for realtime updates
+      await signalService.broadcast(INCIDENT_UPDATED, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        action: "updated",
+      });
+
+      // Emit hook for cross-plugin coordination
+      await context.emitHook(incidentHooks.incidentUpdated, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        title: result.title,
+        description: result.description,
+        severity: result.severity,
+        status: result.status,
+      });
+
+      // Send notifications to system subscribers
+      await notifyAffectedSystems({
+        incidentId: result.id,
+        incidentTitle: result.title,
+        systemIds: result.systemIds,
+        action: "updated",
+        severity: result.severity,
+      });
+
+      return result;
+    }),
+
+    addUpdate: os.addUpdate.handler(async ({ input, context }) => {
+      const userId =
+        context.user && "id" in context.user ? context.user.id : undefined;
+      const result = await service.addUpdate(input, userId);
+
+      // Get incident to broadcast with correct systemIds
+      const incident = await service.getIncident(input.incidentId);
+      if (incident) {
+        await signalService.broadcast(INCIDENT_UPDATED, {
+          incidentId: input.incidentId,
+          systemIds: incident.systemIds,
+          action: "updated",
+        });
+
+        // Emit hook for cross-plugin coordination
+        await context.emitHook(incidentHooks.incidentUpdated, {
+          incidentId: input.incidentId,
+          systemIds: incident.systemIds,
+          title: incident.title,
+          description: incident.description,
+          severity: incident.severity,
+          status: incident.status,
+          statusChange: input.statusChange,
+        });
+
+        // If status changed to resolved, emit resolved hook
+        if (input.statusChange === "resolved") {
+          await context.emitHook(incidentHooks.incidentResolved, {
+            incidentId: input.incidentId,
+            systemIds: incident.systemIds,
+            title: incident.title,
+            severity: incident.severity,
+            resolvedAt: new Date().toISOString(),
+          });
+        }
+      }
+
+      return result;
+    }),
+
+    resolveIncident: os.resolveIncident.handler(async ({ input, context }) => {
+      const userId =
+        context.user && "id" in context.user ? context.user.id : undefined;
+      const result = await service.resolveIncident(
+        input.id,
+        input.message,
+        userId
+      );
+      if (!result) {
+        throw new ORPCError("NOT_FOUND", { message: "Incident not found" });
+      }
+
+      // Broadcast signal for realtime updates
+      await signalService.broadcast(INCIDENT_UPDATED, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        action: "resolved",
+      });
+
+      // Emit hook for cross-plugin coordination
+      await context.emitHook(incidentHooks.incidentResolved, {
+        incidentId: result.id,
+        systemIds: result.systemIds,
+        title: result.title,
+        severity: result.severity,
+        resolvedAt: new Date().toISOString(),
+      });
+
+      // Send notifications to system subscribers
+      await notifyAffectedSystems({
+        incidentId: result.id,
+        incidentTitle: result.title,
+        systemIds: result.systemIds,
+        action: "resolved",
+        severity: result.severity,
+      });
+
+      return result;
+    }),
+
+    deleteIncident: os.deleteIncident.handler(async ({ input }) => {
+      // Get incident before deleting to get systemIds
+      const incident = await service.getIncident(input.id);
+      const success = await service.deleteIncident(input.id);
+      if (success && incident) {
+        await signalService.broadcast(INCIDENT_UPDATED, {
+          incidentId: input.id,
+          systemIds: incident.systemIds,
+          action: "deleted",
+        });
+      }
+      return { success };
+    }),
+  });
+}

package/src/schema.ts

@@ -0,0 +1,70 @@
+import {
+  pgTable,
+  pgEnum,
+  text,
+  timestamp,
+  primaryKey,
+} from "drizzle-orm/pg-core";
+
+/**
+ * Incident status enum
+ */
+export const incidentStatusEnum = pgEnum("incident_status", [
+  "investigating",
+  "identified",
+  "fixing",
+  "monitoring",
+  "resolved",
+]);
+
+/**
+ * Incident severity enum
+ */
+export const incidentSeverityEnum = pgEnum("incident_severity", [
+  "minor",
+  "major",
+  "critical",
+]);
+
+/**
+ * Main incidents table
+ */
+export const incidents = pgTable("incidents", {
+  id: text("id").primaryKey(),
+  title: text("title").notNull(),
+  description: text("description"),
+  status: incidentStatusEnum("status").notNull().default("investigating"),
+  severity: incidentSeverityEnum("severity").notNull().default("major"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+});
+
+/**
+ * Junction table for incident-system many-to-many relationship
+ */
+export const incidentSystems = pgTable(
+  "incident_systems",
+  {
+    incidentId: text("incident_id")
+      .notNull()
+      .references(() => incidents.id, { onDelete: "cascade" }),
+    systemId: text("system_id").notNull(),
+  },
+  (t) => ({
+    pk: primaryKey(t.incidentId, t.systemId),
+  })
+);
+
+/**
+ * Status updates for incidents
+ */
+export const incidentUpdates = pgTable("incident_updates", {
+  id: text("id").primaryKey(),
+  incidentId: text("incident_id")
+    .notNull()
+    .references(() => incidents.id, { onDelete: "cascade" }),
+  message: text("message").notNull(),
+  statusChange: incidentStatusEnum("status_change"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  createdBy: text("created_by"),
+});

package/src/service.ts

@@ -0,0 +1,331 @@
+import { eq, and, inArray, ne } from "drizzle-orm";
+import type { NodePgDatabase } from "drizzle-orm/node-postgres";
+import * as schema from "./schema";
+import { incidents, incidentSystems, incidentUpdates } from "./schema";
+import type {
+  IncidentWithSystems,
+  IncidentDetail,
+  IncidentUpdate,
+  CreateIncidentInput,
+  UpdateIncidentInput,
+  AddIncidentUpdateInput,
+  IncidentStatus,
+} from "@checkmate-monitor/incident-common";
+
+type Db = NodePgDatabase<typeof schema>;
+
+function generateId(): string {
+  return crypto.randomUUID();
+}
+
+export class IncidentService {
+  constructor(private db: Db) {}
+
+  /**
+   * List incidents with optional filters
+   */
+  async listIncidents(filters?: {
+    status?: IncidentStatus;
+    systemId?: string;
+    includeResolved?: boolean;
+  }): Promise<IncidentWithSystems[]> {
+    let incidentRows;
+
+    if (filters?.systemId) {
+      // Filter by system - need to join
+      const systemIncidentIds = await this.db
+        .select({ incidentId: incidentSystems.incidentId })
+        .from(incidentSystems)
+        .where(eq(incidentSystems.systemId, filters.systemId));
+
+      const ids = systemIncidentIds.map((r) => r.incidentId);
+      if (ids.length === 0) return [];
+
+      const statusFilter = filters.status
+        ? eq(incidents.status, filters.status)
+        : filters.includeResolved
+        ? undefined
+        : ne(incidents.status, "resolved");
+
+      incidentRows = await this.db
+        .select()
+        .from(incidents)
+        .where(and(inArray(incidents.id, ids), statusFilter));
+    } else {
+      const statusFilter = filters?.status
+        ? eq(incidents.status, filters.status)
+        : filters?.includeResolved
+        ? undefined
+        : ne(incidents.status, "resolved");
+
+      incidentRows = await this.db.select().from(incidents).where(statusFilter);
+    }
+
+    // Fetch all system associations
+    const result: IncidentWithSystems[] = [];
+    for (const i of incidentRows) {
+      const systems = await this.db
+        .select({ systemId: incidentSystems.systemId })
+        .from(incidentSystems)
+        .where(eq(incidentSystems.incidentId, i.id));
+
+      result.push({
+        ...i,
+        description: i.description ?? undefined,
+        systemIds: systems.map((s) => s.systemId),
+      });
+    }
+
+    return result;
+  }
+
+  /**
+   * Get single incident with full details
+   */
+  async getIncident(id: string): Promise<IncidentDetail | undefined> {
+    const [incident] = await this.db
+      .select()
+      .from(incidents)
+      .where(eq(incidents.id, id));
+
+    if (!incident) return undefined;
+
+    const systems = await this.db
+      .select({ systemId: incidentSystems.systemId })
+      .from(incidentSystems)
+      .where(eq(incidentSystems.incidentId, id));
+
+    const updates = await this.db
+      .select()
+      .from(incidentUpdates)
+      .where(eq(incidentUpdates.incidentId, id));
+
+    return {
+      ...incident,
+      description: incident.description ?? undefined,
+      systemIds: systems.map((s) => s.systemId),
+      updates: updates.map((u) => ({
+        ...u,
+        statusChange: u.statusChange ?? undefined,
+        createdBy: u.createdBy ?? undefined,
+      })),
+    };
+  }
+
+  /**
+   * Get active incidents for a system
+   */
+  async getIncidentsForSystem(
+    systemId: string
+  ): Promise<IncidentWithSystems[]> {
+    // Get incident IDs for this system
+    const systemIncidents = await this.db
+      .select({ incidentId: incidentSystems.incidentId })
+      .from(incidentSystems)
+      .where(eq(incidentSystems.systemId, systemId));
+
+    const ids = systemIncidents.map((r) => r.incidentId);
+    if (ids.length === 0) return [];
+
+    // Get only non-resolved incidents
+    const rows = await this.db
+      .select()
+      .from(incidents)
+      .where(and(inArray(incidents.id, ids), ne(incidents.status, "resolved")));
+
+    // Fetch system IDs for each
+    const result: IncidentWithSystems[] = [];
+    for (const i of rows) {
+      const systems = await this.db
+        .select({ systemId: incidentSystems.systemId })
+        .from(incidentSystems)
+        .where(eq(incidentSystems.incidentId, i.id));
+
+      result.push({
+        ...i,
+        description: i.description ?? undefined,
+        systemIds: systems.map((s) => s.systemId),
+      });
+    }
+
+    return result;
+  }
+
+  /**
+   * Create a new incident
+   */
+  async createIncident(
+    input: CreateIncidentInput,
+    userId?: string
+  ): Promise<IncidentWithSystems> {
+    const id = generateId();
+
+    await this.db.insert(incidents).values({
+      id,
+      title: input.title,
+      description: input.description,
+      status: "investigating",
+      severity: input.severity,
+    });
+
+    // Insert system associations
+    for (const systemId of input.systemIds) {
+      await this.db.insert(incidentSystems).values({
+        incidentId: id,
+        systemId,
+      });
+    }
+
+    // Add initial update if provided
+    if (input.initialMessage) {
+      await this.db.insert(incidentUpdates).values({
+        id: generateId(),
+        incidentId: id,
+        message: input.initialMessage,
+        statusChange: "investigating",
+        createdBy: userId,
+      });
+    }
+
+    return (await this.getIncident(id))!;
+  }
+
+  /**
+   * Update an existing incident
+   */
+  async updateIncident(
+    input: UpdateIncidentInput
+  ): Promise<IncidentWithSystems | undefined> {
+    const [existing] = await this.db
+      .select()
+      .from(incidents)
+      .where(eq(incidents.id, input.id));
+
+    if (!existing) return undefined;
+
+    // Build update object
+    const updateData: Partial<typeof incidents.$inferInsert> = {
+      updatedAt: new Date(),
+    };
+    if (input.title !== undefined) updateData.title = input.title;
+    if (input.description !== undefined)
+      updateData.description = input.description;
+    if (input.severity !== undefined) updateData.severity = input.severity;
+
+    await this.db
+      .update(incidents)
+      .set(updateData)
+      .where(eq(incidents.id, input.id));
+
+    // Update system associations if provided
+    if (input.systemIds !== undefined) {
+      await this.db
+        .delete(incidentSystems)
+        .where(eq(incidentSystems.incidentId, input.id));
+
+      for (const systemId of input.systemIds) {
+        await this.db.insert(incidentSystems).values({
+          incidentId: input.id,
+          systemId,
+        });
+      }
+    }
+
+    return (await this.getIncident(input.id))!;
+  }
+
+  /**
+   * Add a status update to an incident
+   */
+  async addUpdate(
+    input: AddIncidentUpdateInput,
+    userId?: string
+  ): Promise<IncidentUpdate> {
+    const id = generateId();
+
+    // If status change is provided, update the incident status
+    if (input.statusChange) {
+      await this.db
+        .update(incidents)
+        .set({ status: input.statusChange, updatedAt: new Date() })
+        .where(eq(incidents.id, input.incidentId));
+    }
+
+    await this.db.insert(incidentUpdates).values({
+      id,
+      incidentId: input.incidentId,
+      message: input.message,
+      statusChange: input.statusChange,
+      createdBy: userId,
+    });
+
+    const [update] = await this.db
+      .select()
+      .from(incidentUpdates)
+      .where(eq(incidentUpdates.id, id));
+
+    return {
+      ...update,
+      statusChange: update.statusChange ?? undefined,
+      createdBy: update.createdBy ?? undefined,
+    };
+  }
+
+  /**
+   * Resolve an incident
+   */
+  async resolveIncident(
+    id: string,
+    message?: string,
+    userId?: string
+  ): Promise<IncidentWithSystems | undefined> {
+    const [existing] = await this.db
+      .select()
+      .from(incidents)
+      .where(eq(incidents.id, id));
+
+    if (!existing) return undefined;
+
+    await this.db
+      .update(incidents)
+      .set({ status: "resolved", updatedAt: new Date() })
+      .where(eq(incidents.id, id));
+
+    // Add resolution update entry
+    await this.db.insert(incidentUpdates).values({
+      id: generateId(),
+      incidentId: id,
+      message: message ?? "Incident resolved",
+      statusChange: "resolved",
+      createdBy: userId,
+    });
+
+    return (await this.getIncident(id))!;
+  }
+
+  /**
+   * Delete an incident
+   */
+  async deleteIncident(id: string): Promise<boolean> {
+    const [existing] = await this.db
+      .select()
+      .from(incidents)
+      .where(eq(incidents.id, id));
+
+    if (!existing) return false;
+
+    // Cascade delete handles junctions and updates
+    await this.db.delete(incidents).where(eq(incidents.id, id));
+    return true;
+  }
+
+  /**
+   * Remove all incident associations for a system.
+   * Called when a system is deleted from the catalog.
+   */
+  async removeSystemAssociations(systemId: string): Promise<void> {
+    await this.db
+      .delete(incidentSystems)
+      .where(eq(incidentSystems.systemId, systemId));
+  }
+}

package/tsconfig.json

@@ -0,0 +1,6 @@
+{
+  "extends": "@checkmate-monitor/tsconfig/backend.json",
+  "include": [
+    "src"
+  ]
+}