@wademorris in this case CRITICAL refers to the condition’s threshold that has been violated. The chain of logic here is that you’re getting a notification for an incident opening, incidents open when a new critical threshold has been violated and settings dictate that the violation should not be rolled up into an existing incident, the notification is sent telling you that a new incident has opened as a result of a critical violation. Incidents only close when all critical violations associated with the incident have closed, so the notification of incident close is also related to a critical violation.
This would probably be more obvious if we supported functionality for warning level violations to open incidents (triggering notifications) and that’s something that is being considered as a possible feature at some future point. No promises on whether that will materialize, though!
I completely understand your confusion and the request for a change to the payload. My explanation is purely that (explanation) and not justification I think that the best course of action here is to file this as a feature-idea so that your feedback can make it up to @NateHeinrich, who is the Alerts PM. Please let me know if you have any other questions about what we’re doing and why.