合并 master 并保留外部生成 worker 模式

合入 master 的生产健康巡检、JumpHop 和 SpacetimeDB 更新
保留外部生成 worker、队列/内联模式与 lease guard 口径
合并 Server-Provision 工具复用、health patrol 和外部生成 worker systemd 配置
补齐 SpacetimeDB 生成绑定并通过本地检查

deploy/systemd/genarrative-health-patrol.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=Genarrative Production Health Patrol
+After=network-online.target genarrative-api.service spacetimedb.service nginx.service
+Wants=network-online.target
+ConditionPathExists=/opt/genarrative/current/scripts/ops/production-health-patrol.mjs
+
+[Service]
+Type=oneshot
+User=root
+Group=root
+WorkingDirectory=/opt/genarrative/current
+EnvironmentFile=-/etc/genarrative/health-patrol.env
+ExecStart=/usr/bin/node /opt/genarrative/current/scripts/ops/production-health-patrol.mjs --status-file /var/lib/genarrative/health-patrol/status.json
+TimeoutStartSec=30
+
+# 巡检只读 systemd、HTTP 和 journal；只允许写入自己的最近一次状态文件。
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ReadWritePaths=/var/lib/genarrative/health-patrol

deploy/systemd/genarrative-health-patrol.timer

@@ -0,0 +1,13 @@
+[Unit]
+Description=Run Genarrative Production Health Patrol
+
+[Timer]
+OnBootSec=2min
+OnCalendar=*-*-* *:0/5:00
+Persistent=true
+RandomizedDelaySec=30
+AccuracySec=30s
+Unit=genarrative-health-patrol.service
+
+[Install]
+WantedBy=timers.target