feat(shipote): health endpoint + audit log + token-bucket real (fase R)

- Request::Health → Response::Health { version, uptime_ms, alive_*, active_flows, dirty }. CLI: shipote health. - handle_client lee peer_uid una vez al accept. audit_request emite info!(target: "audit", uid, action, detail) por mutación (create/stop/ run/pipeline.*/flow.drop). Reads omitidos. Filtrable con SHIPOTE_LOG= warn,audit=info. - TokenBucket real reemplaza rate_limit_sleep: refill por wall time, capacity = 1s de rate, debt negativo dispara sleep proporcional. Permite burst real, no chunk-by-chunk uniforme. 85 tests pasan (ente-incarnate 16, nouser-core 27, shipote-card 8, shipote-core 26, shipote-discern 5, yahweh-provider-fs 3). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-11 16:58:10 +00:00
parent 18c0344a52
commit a9124449f9
5 changed files with 180 additions and 13 deletions
@@ -30,6 +30,9 @@ pub enum Request {
    /// Health-check.
    Ping,

+    /// Health endpoint estructurado: versión + uptime + counts.
+    Health,
+
    /// Crear un workspace nuevo.
    WorkspaceCreate { spec: WorkspaceSpec },

@@ -145,6 +148,16 @@ pub enum Request {
 pub enum Response {
    Pong,

+    Health {
+        version: String,
+        uptime_ms: u64,
+        alive_workspaces: u32,
+        alive_commands: u32,
+        alive_pipelines: u32,
+        active_flows: u32,
+        dirty: bool,
+    },
+
    WorkspaceCreated {
        id: WorkspaceId,
        warnings: Vec<String>,