fix(api): add security sentinel ingest compatibility endpoint

[Bbowlby22]

Summary

• add POST /ingest compatibility endpoint for OmniLore Security Sentinel calls
• include ingest capability metadata in /health
• keep a bounded in-memory security event buffer for observability

Why

OmniLore white-label gateway points security sentinel URL at 127.0.0.1:8001 (FastCode). Without /ingest, events fell back to vector-store mode. This PR restores native ingest behavior.

Validation

• restart FastCode service
• POST /ingest returns status=received
• OmniLore security_sentinel_ingest returns HTTP 200 (no fallback)

[Copilot]

Pull request overview

Adds an OmniLore Security Sentinel compatibility surface to FastCode’s FastAPI service so security events can be POSTed to a dedicated endpoint and basic ingest observability is surfaced via /health.

Changes:

• Add POST /ingest endpoint that accepts a security event payload and records it in a bounded in-memory buffer.
• Extend /health with ingest capability metadata and current buffer size.
• Add env-configurable buffer sizing and UTC receive timestamps for stored records.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

SECURITY_EVENT_BUFFER_LIMIT is computed with int(os.getenv(...)). If FASTCODE_SECURITY_EVENT_BUFFER_LIMIT is set to a non-integer value, this will raise ValueError at import time and prevent the API from starting. Consider parsing defensively (try/except with a fallback) and optionally clamping to a reasonable maximum to avoid accidental huge memory usage.

Suggested change

	SECURITY_EVENT_BUFFER_LIMIT = max(
	10,
	int(os.getenv("FASTCODE_SECURITY_EVENT_BUFFER_LIMIT", "500")),
	)
	_raw_security_event_buffer_limit = os.getenv("FASTCODE_SECURITY_EVENT_BUFFER_LIMIT", "500")
	try:
	_parsed_security_event_buffer_limit = int(_raw_security_event_buffer_limit)
	except (TypeError, ValueError):
	_parsed_security_event_buffer_limit = 500
	# Clamp to avoid accidental huge memory usage
	SECURITY_EVENT_BUFFER_LIMIT = max(10, min(_parsed_security_event_buffer_limit, 10_000))

[Copilot]

In /health, the "healthy" response now includes security_ingest_enabled and security_event_buffer_size, but the earlier "initializing" return path does not. If clients rely on /health to detect ingest capability (per PR description), consider adding these fields to the initializing response as well for a consistent schema.

[Copilot]

security_event_buffer uses a list and trims with pop(0), which is O(n) due to shifting elements. Since this is a bounded FIFO buffer, consider using collections.deque with maxlen (or popleft) to keep trimming O(1) and simplify the logic.

[Copilot]

Every /ingest call logs at WARNING level. If security events are high-volume, this can quickly flood logs and trigger alerting; consider logging at INFO/DEBUG, adding sampling/rate-limiting, or only warning on malformed/unexpected payloads.

Suggested change

	logger.warning(
	"Security ingest accepted (compat): event_type=%s tenant_id=%s",
	event_type,
	tenant_id,
	)
	log_message = "Security ingest accepted (compat): event_type=%s tenant_id=%s"
	if event_type == "unknown" or tenant_id == "unknown":
	logger.warning(log_message, event_type, tenant_id)
	else:
	logger.info(log_message, event_type, tenant_id)