feat(health): support non-HTTP health checks for TCP/CLI services (#666)

[Arifuzzamanjoy]

Closes #666. Flagged the approach in the issue and didn't hear back — opening this for review, happy to redirect if the direction's wrong.

Adds health_type: http | tcp | none to the service manifest. Defaults to http, so existing manifests don't need changes.

• http — unchanged
• tcp — opens a connection to the port, short timeout, no HTTP path needed
• none — skip the check, show as N/A

Wired through schema, audit, service-registry.sh, health-check.sh, dream-doctor.sh, and dashboard-api so all five surfaces agree on the same states.

Real services updated

• piper-audio → tcp (Wyoming protocol, not HTTP)
• aider → none (CLI tool, no server)

Tests

bash dream-server/tests/test-service-registry.sh   # 223 pass
bash dream-server/tests/test-health-check.sh       # 10 pass
bash dream-server/tests/test-extension-audit.sh    # 19 pass

Health-check test spins up a real HTTP server and TCP listener and verifies ok / ok / not_applicable. Audit test also rejects an invalid health_type: smtp fixture.

21 files, +553 / -182. No new dependencies. Happy to split schema + plumbing from the manifest updates if you'd prefer.

[Lightheartdevs]

Thanks for the PR. I think this is a genuinely useful feature: the current HTTP-only model gives false health signals for services like Piper/Wyoming and CLI/no-server tools like Aider, and health_type: http | tcp | none is the right shape for making extension health more accurate.

I verified the main contract tests locally against a branch merged with current main:

• bash tests/test-health-check.sh -> 10 passed
• bash tests/test-extension-audit.sh -> 19 passed
• bash tests/test-service-registry.sh -> 223 passed

CI is also green. The one thing I want fixed before merge is the TCP probe shell invocation:

• dream-server/scripts/health-check.sh: the TCP probe interpolates the resolved port into bash -c:

bash -c "cat < /dev/null > /dev/tcp/127.0.0.1/$port"

• dream-server/scripts/dream-doctor.sh does the same thing.

Since the port can come from manifest/env-derived configuration, please treat it as untrusted input. A malformed value should not be able to become shell text. A simple guard like [[ "$port" =~ ^[0-9]+$ ]] before the probe, plus optionally checking 1 <= port <= 65535, would be enough. Another good pattern is passing the value as an argument to the child shell and validating inside that shell before using /dev/tcp.

Once that TCP probe hardening is in, I think this is a valuable and mergeable change.

[Arifuzzamanjoy]

Two commits added for the TCP probe hardening:

64fb4c9 — health-check.sh + dream-doctor.sh: ^[0-9]+$ guard + range 1–65535, switched to bash -c '…/$1' _ "$port" so the port never hits shell text. health-check marks fail, dream-doctor marks unhealthy + invalid_port.

54d5d50 — dream-test.sh: same pattern for test_tcp() which had the identical interpolation. Added a hostname allowlist too since that function takes $host as a param.

No unguarded /dev/tcp interpolation left.