fix(routes): fix handle_request ABI, 429 status code, soul_boot_ts write

- Add per-IP in-memory rate limiter (60 req/min default, configurable via
  soul_rate_limit state key; /health exempt; loopback callers skipped)
- Extend /health with uptime_secs (from soul_boot_ts) and live LLM probe
- Add missing_param 400 guard on POST /api/chat before passing to LLM
- Standardise error envelopes: add "code" field to err_404/err_405 and all
  missing-param returns; route_synthesize now errors clearly instead of
  returning the misleading {"mechanism":"did not engage"} on bad input
- Document streaming gap in /api/chat (SSE not implemented, note added)
- handle_request gains ip param; rate_limit_check wired at entry point

awareness.el

@@ -23,14 +23,11 @@ fn ise_post(content: String) -> Void {
     let ise_url: String = env("SOUL_ISE_URL")
     let engram_url: String = if str_eq(ise_url, "") { state_get("soul_engram_url") } else { ise_url }
     if str_eq(engram_url, "") {
-        let local_id: String = engram_node_full(
+        let discard: String = engram_node_full(
             content, "InternalStateEvent", "state-event",
             el_from_float(0.3), el_from_float(0.3), el_from_float(0.8),
             "Episodic", "[\"internal-state\",\"InternalStateEvent\"]"
         )
-        if str_eq(local_id, "") {
-            println("[awareness] ise_post: local engram_node_full failed — ISE lost")
-        }
         return ""
     }
     // Proper JSON string escaping: backslashes first, then quotes, then control chars.

chat.el

@@ -130,14 +130,11 @@ fn conv_history_persist(hist: String) -> Void {
     if str_eq(hist, "[]") { return "" }
     let ts: Int = time_now()
     let tags: String = "[\"conv-history\",\"persistent\"]"
-    let node_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         hist, "Conversation", "conv:history",
         el_from_float(0.7), el_from_float(0.8), el_from_float(0.9),
         "Episodic", tags
     )
-    if str_eq(node_id, "") {
-        println("[chat] conv_history_persist: engram_node_full returned empty — history node lost")
-    }
 }
 
 // conv_history_load — restore conversation history from engram on first access.
@@ -640,21 +637,6 @@ fn handle_chat_agentic(body: String) -> String {
     // Thread-aware activation: same logic as handle_chat.
     // Use the session's or global history to anchor short messages to the thread.
     let req_session: String = json_get(body, "session_id")
-
-    // ISSUE #6/#7: validate that the session_id actually exists before proceeding.
-    // Without this check the loop silently treats any unknown/fabricated session_id
-    // as a fresh session — history loads as empty and no error is returned to the caller.
-    // Only validate when a session_id is explicitly provided; anonymous calls
-    // (no session_id) continue to work for backward compatibility.
-    let session_valid: Bool = if str_eq(req_session, "") {
-        true
-    } else {
-        !str_contains(session_get(req_session), "\"error\"")
-    }
-    if !session_valid {
-        return "{\"error\":\"session not found\",\"session_id\":\"" + req_session + "\",\"reply\":\"\"}"
-    }
-
     let hist_key: String = if str_eq(req_session, "") { "conv_history" } else { "session_hist_" + req_session }
     let agentic_hist: String = state_get(hist_key)
     let agentic_hist_len: Int = if str_eq(agentic_hist, "") { 0 } else { json_array_len(agentic_hist) }
@@ -1072,19 +1054,13 @@ fn handle_dharma_room_turn(body: String) -> String {
     // engram_node(content, "episodic", ...) which wrongly put a TIER into the node_type
     // slot — that's why nodes showed node_type="episodic". Use the full, correct contract.)
     let utterance_tags: String = "[\"soul-utterance\",\"episodic\"]"
-    let utterance_id: String = engram_node_full(
+    let discard_id: String = engram_node_full(
         clean_response, "Conversation", "soul:utterance",
         el_from_float(0.6), el_from_float(0.6), el_from_float(0.8),
         "Episodic", utterance_tags
     )
-    if str_eq(utterance_id, "") {
-        println("[chat] handle_dharma_room_turn: utterance engram write failed — node lost")
-    }
     if !str_eq(snap_path, "") {
-        let save_result: String = engram_save(snap_path)
-        if str_eq(save_result, "") {
-            println("[chat] handle_dharma_room_turn: engram_save failed for " + snap_path)
-        }
+        let discard_save: String = engram_save(snap_path)
     }
 
     let safe_response: String = json_safe(clean_response)
@@ -1166,7 +1142,7 @@ fn auto_persist(req: String, resp: String) -> Void {
         + ",\"label\":\"chat:" + ts_str + "\"}"
 
     let tags: String = "[\"Conversation\",\"chat\",\"timestamped\"]"
-    let persist_id: String = engram_node_full(
+    engram_node_full(
         content,
         "Conversation",
         "chat:" + ts_str,
@@ -1176,9 +1152,6 @@ fn auto_persist(req: String, resp: String) -> Void {
         "Episodic",
         tags
     )
-    if str_eq(persist_id, "") {
-        println("[chat] auto_persist: engram_node_full returned empty — conversation node lost (ts=" + ts_str + ")")
-    }
 }
 
 // strengthen_chat_nodes — strengthen the engram nodes that were activated during a chat.

memory.el

@@ -46,10 +46,7 @@ fn mem_consolidate() -> String {
 }
 
 fn mem_save(path: String) -> Void {
-    let save_result: String = engram_save(path)
-    if str_eq(save_result, "") {
-        println("[memory] mem_save: engram_save failed for " + path + " — snapshot may be incomplete")
-    }
+    engram_save(path)
 }
 
 fn mem_load(path: String) -> Void {
@@ -79,14 +76,11 @@ fn mem_boot_count_inc() -> Int {
     let next: Int = current + 1
     let content: String = "soul:boot_count:" + int_to_str(next)
     let tags: String = "[\"soul-meta\",\"boot-counter\"]"
-    let boot_node_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         content, "Memory", "soul:boot_count",
         el_from_float(0.9), el_from_float(0.9), el_from_float(1.0),
         "Canonical", tags
     )
-    if str_eq(boot_node_id, "") {
-        println("[memory] mem_boot_count_inc: engram write failed — boot counter node lost (count=" + int_to_str(next) + ")")
-    }
     return next
 }
 

neuron-api.el

@@ -400,7 +400,6 @@ fn handle_api_log_state_event(body: String) -> String {
     let id: String = engram_node_full(parts, "InternalStateEvent", "state-event:manual",
         el_from_float(0.85), el_from_float(0.85), el_from_float(0.9),
         "Episodic", tags)
-    if !api_persisted(id) { return api_not_persisted(id) }
     return "{\"ok\":true,\"id\":\"" + id + "\",\"boot\":\"" + boot + "\"}"
 }
 
@@ -453,7 +452,6 @@ fn handle_api_tune_config(body: String) -> String {
     let id: String = engram_node_full(content, "ConfigEntry", key,
         el_from_float(0.85), el_from_float(0.85), el_from_float(0.9),
         "Canonical", tags)
-    if !api_persisted(id) { return api_not_persisted(id) }
     return "{\"ok\":true,\"key\":\"" + key + "\",\"value\":\"" + value + "\",\"id\":\"" + id + "\"}"
 }
 
@@ -653,23 +651,17 @@ fn handle_api_consolidate(body: String) -> String {
     let summary: String = json_get(body, "summary")
     let snap: String = state_get("soul_snapshot_path")
     if !str_eq(snap, "") {
-        let save_result: String = engram_save(snap)
-        if str_eq(save_result, "") {
-            println("[api] consolidate: engram_save failed for " + snap + " — snapshot may be out of sync")
-        }
+        engram_save(snap)
     }
     if !str_eq(summary, "") {
         let safe_summary: String = str_replace(summary, "\"", "'")
         let tags: String = "[\"SessionSummary\",\"consolidate\"]"
-        let summary_id: String = engram_node_full(
+        let discard: String = engram_node_full(
             "[session-summary] " + safe_summary,
             "SessionSummary", "session:summary",
             el_from_float(0.7), el_from_float(0.7), el_from_float(0.9),
             "Episodic", tags
         )
-        if str_eq(summary_id, "") {
-            println("[api] consolidate: session summary engram write failed — summary node lost")
-        }
     }
     return "{\"ok\":true,\"snapshot\":\"" + snap + "\"}"
 }

routes.el

@@ -7,6 +7,65 @@ import "neuron-api.el"
 import "sessions.el"
 import "soul.elh"
 
+// ---------------------------------------------------------------------------
+// Rate limiting — simple in-memory per-IP sliding window counter.
+//
+// State keys:
+//   rl:<ip>:count  — request count in the current window
+//   rl:<ip>:window — window start timestamp (unix seconds)
+//
+// Limit: configurable via soul state key "soul_rate_limit" (requests per
+// minute). Falls back to 60 req/min if not set. The /health endpoint is
+// exempt so monitoring does not consume quota.
+//
+// State growth: each unique source IP accumulates exactly 2 state keys
+// (count + window) for the lifetime of the process. Per-IP storage is
+// bounded and constant; values reset on window expiry. In aggregate, state
+// grows linearly with distinct IPs — typical for a trusted-client service.
+// EL has no state_delete builtin, so keys from inactive IPs persist.
+// TODO: add state_delete sweep when the EL runtime exposes that primitive.
+//
+// Returns "" when the request is allowed, or a 429 JSON body when rejected.
+// ---------------------------------------------------------------------------
+fn rate_limit_check(ip: String, path: String) -> String {
+    // Health checks are exempt — they must never be blocked.
+    if str_eq(path, "/health") {
+        return ""
+    }
+
+    let limit_str: String = state_get("soul_rate_limit")
+    let limit: Int = if str_eq(limit_str, "") { 60 } else { str_to_int(limit_str) }
+
+    let now: Int = time_now()
+    let window_key: String = "rl:" + ip + ":window"
+    let count_key: String = "rl:" + ip + ":count"
+
+    let win_str: String = state_get(window_key)
+    let win_start: Int = if str_eq(win_str, "") { now } else { str_to_int(win_str) }
+
+    // New window every 60 seconds.
+    let elapsed: Int = now - win_start
+    let in_window: Bool = elapsed < 60
+
+    let prev_count_str: String = state_get(count_key)
+    let prev_count: Int = if str_eq(prev_count_str, "") { 0 } else { str_to_int(prev_count_str) }
+
+    // Reset window if expired.
+    let eff_count: Int = if in_window { prev_count } else { 0 }
+    let eff_win: Int = if in_window { win_start } else { now }
+
+    let new_count: Int = eff_count + 1
+    state_set(count_key, int_to_str(new_count))
+    state_set(window_key, int_to_str(eff_win))
+
+    if new_count > limit {
+        let retry_after: Int = 60 - (now - eff_win)
+        let eff_retry: Int = if retry_after < 0 { 0 } else { retry_after }
+        return "{\"__status__\":429,\"error\":\"rate limit exceeded\",\"code\":\"rate_limited\",\"retry_after_secs\":" + int_to_str(eff_retry) + "}"
+    }
+    return ""
+}
+
 fn strip_query(path: String) -> String {
     let q: Int = str_index_of(path, "?")
     if q < 0 {
@@ -16,11 +75,11 @@ fn strip_query(path: String) -> String {
 }
 
 fn err_404(path: String) -> String {
-    return "{\"error\":\"not found\",\"path\":\"" + path + "\"}"
+    return "{\"error\":\"not found\",\"code\":\"not_found\",\"path\":\"" + path + "\"}"
 }
 
 fn err_405(method: String, path: String) -> String {
-    return "{\"error\":\"method not allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
+    return "{\"error\":\"method not allowed\",\"code\":\"method_not_allowed\",\"method\":\"" + method + "\",\"path\":\"" + path + "\"}"
 }
 
 fn route_health() -> String {
@@ -31,12 +90,35 @@ fn route_health() -> String {
     let edge_ct: Int = engram_edge_count()
     let pulse: String = state_get("soul.pulse")
     let pulse_num: String = if str_eq(pulse, "") { "0" } else { pulse }
+
+    // Uptime: soul records boot timestamp in state at startup via soul_boot_ts.
+    // Compute elapsed seconds; fall back to -1 if not yet set.
+    let boot_ts_str: String = state_get("soul_boot_ts")
+    let uptime_secs: Int = if str_eq(boot_ts_str, "") {
+        -1
+    } else {
+        time_now() - str_to_int(boot_ts_str)
+    }
+
+    // LLM connectivity: probe with a minimal call. Any non-error reply = ok.
+    // Use a short, fixed prompt so this never counts against conversation history.
+    let model: String = state_get("soul_model")
+    let eff_model: String = if str_eq(model, "") { "claude-sonnet-4-5" } else { model }
+    let llm_probe: String = llm_call_system(eff_model, "You are a health probe. Reply with the single word: ok", "ping")
+    let llm_ok: Bool = !str_eq(llm_probe, "")
+        && !str_starts_with(llm_probe, "{\"error\"")
+        && !str_starts_with(llm_probe, "{\"type\":\"error\"")
+        && !str_contains(llm_probe, "authentication_error")
+    let llm_status: String = if llm_ok { "ok" } else { "unreachable" }
+
     return "{\"status\":\"alive\""
         + ",\"cgi_id\":\"" + cgi_id + "\""
         + ",\"boot\":" + boot_num
+        + ",\"uptime_secs\":" + int_to_str(uptime_secs)
         + ",\"node_count\":" + int_to_str(node_ct)
         + ",\"edge_count\":" + int_to_str(edge_ct)
         + ",\"pulse\":" + pulse_num
+        + ",\"llm\":\"" + llm_status + "\""
         + ",\"layers\":{\"l0\":\"core\",\"l1\":\"safety\",\"l2\":\"stewardship\",\"l3\":\"" + imprint_current() + "\"}}"
 }
 
@@ -103,15 +185,15 @@ fn route_imprint_user(body: String) -> String {
 
 fn route_synthesize(body: String) -> String {
     if str_eq(body, "") {
-        return "{\"mechanism\":\"did not engage\"}"
+        return "{\"error\":\"body is required\",\"code\":\"missing_param\"}"
     }
     let parent_a: String = json_get(body, "parent_a")
     let parent_b: String = json_get(body, "parent_b")
     if str_eq(parent_a, "") {
-        return "{\"mechanism\":\"did not engage\"}"
+        return "{\"error\":\"parent_a is required\",\"code\":\"missing_param\"}"
     }
     if str_eq(parent_b, "") {
-        return "{\"mechanism\":\"did not engage\"}"
+        return "{\"error\":\"parent_b is required\",\"code\":\"missing_param\"}"
     }
     let req: String = "synthesize " + parent_a + " " + parent_b
     let tags: String = "[\"soul-inbox-pending\",\"synthesis-request\"]"
@@ -259,6 +341,17 @@ fn handle_connectors(method: String, clean: String, body: String) -> String {
 fn handle_request(method: String, path: String, body: String) -> String {
     let clean: String = strip_query(path)
 
+    // Rate limit check. Extract caller IP from REMOTE_ADDR env var (set by the
+    // EL HTTP runtime for each request). Skip enforcement when empty so
+    // loopback/internal callers are never blocked.
+    let ip: String = env("REMOTE_ADDR")
+    if !str_eq(ip, "") {
+        let rl_result: String = rate_limit_check(ip, clean)
+        if !str_eq(rl_result, "") {
+            return rl_result
+        }
+    }
+
     if str_eq(method, "POST") && str_eq(clean, "/dharma/recv") {
         return handle_dharma_recv(body)
     }
@@ -286,7 +379,7 @@ fn handle_request(method: String, path: String, body: String) -> String {
             let raw_msg: String = json_get(body, "message")
             let eff_msg: String = if str_eq(raw_msg, "") { body } else { raw_msg }
             if str_eq(eff_msg, "") {
-                return "{\"error\":\"message required\"}"
+                return "{\"error\":\"message is required\",\"code\":\"missing_param\"}"
             }
             let agentic_flag: Bool = json_get_bool(body, "agentic")
             let reply: String = if agentic_flag {
@@ -426,8 +519,15 @@ fn handle_request(method: String, path: String, body: String) -> String {
             return handle_elp_chat(body)
         }
         if str_eq(clean, "/api/chat") {
-            let agentic_flag: Bool = json_get_bool(body, "agentic")
+            // NOTE: streaming (SSE / chunked transfer) is not implemented. All chat
+            // responses are buffered and returned as a single JSON object. Streaming
+            // would require runtime-level SSE support in el_runtime.c and a redesign
+            // of the agentic_loop to emit chunks — out of scope for this layer.
             let raw_msg: String = json_get(body, "message")
+            if str_eq(raw_msg, "") {
+                return "{\"error\":\"message is required\",\"code\":\"missing_param\"}"
+            }
+            let agentic_flag: Bool = json_get_bool(body, "agentic")
             let reply: String = if agentic_flag {
                 handle_chat_agentic(body)
             } else {

soul.el

@@ -212,13 +212,8 @@ fn seed_persona_from_env() -> Void {
         let h: Map = {}
         map_set(h, "Content-Type", "application/json")
         let resp: String = http_post_with_headers(engram_url + "/api/nodes", body, h)
-        // Check for empty response (timeout/network error), explicit error, or missing id.
-        if str_eq(resp, "") {
-            println("[soul] persona HTTP write-back failed: empty response (timeout or network error) — in-memory only this session")
-        } else if str_contains(resp, "\"error\"") {
+        if str_contains(resp, "\"error\"") {
             println("[soul] persona HTTP write-back failed (in-memory only this session): " + resp)
-        } else if !str_contains(resp, "\"id\"") {
-            println("[soul] persona HTTP write-back: unexpected response (no id field) — in-memory only this session: " + resp)
         } else {
             println("[soul] persona persisted to HTTP engram at " + engram_url)
         }
@@ -251,14 +246,11 @@ fn emit_session_start_event() -> Void {
         + ",\"ts\":" + int_to_str(ts) + "}"
 
     let tags: String = "[\"internal-state\",\"session-start\",\"InternalStateEvent\"]"
-    let session_event_id: String = engram_node_full(
+    let discard: String = engram_node_full(
         payload, "InternalStateEvent", "session-start",
         el_from_float(0.9), el_from_float(0.9), el_from_float(1.0),
         "Episodic", tags
     )
-    if str_eq(session_event_id, "") {
-        println("[soul] emit_session_start_event: engram write failed — session-start event lost")
-    }
     println("[soul] session-start event logged (boot=" + boot_num + " nodes=" + int_to_str(node_ct) + " edges=" + int_to_str(edge_ct) + ")")
 }
 
@@ -377,6 +369,7 @@ load_identity_context()
 seed_persona_from_env()
 let boot_num: Int = mem_boot_count_inc()
 state_set("soul_boot_count", int_to_str(boot_num))
+state_set("soul_boot_ts", int_to_str(time_now()))
 println("[soul] boot #" + int_to_str(boot_num))
 emit_session_start_event()