saravanakumardb1 141435fe95 feat(fleet): bind advertised capabilities to the enrolled token scope ... The claim path already constrained a factory to its enrolled scope, but the heartbeat trusted self-reported capabilities — so (with enforcement on) a factory could advertise e.g. engine:codex it was never granted, polluting the engine picker (GET /fleet/factories) and routing/explain decisions even though a codex job still couldn't be claimed by it. Heartbeat now intersects the factory's self-reported capabilities with the token scope when enforcement is ON: it may report FEWER (an engine temporarily unavailable) but never MORE than enrolled. Enforcement OFF is unchanged (self-reported caps pass through verbatim). Covered by new route tests. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>		2026-06-01 12:14:09 -07:00
..
cowork-service	chore(deps): bump @types/node 22 -> 25 (dev types)	2026-05-31 04:02:56 -07:00
extraction-service	chore(deps): bump @types/node 22 -> 25 (dev types)	2026-05-31 04:02:56 -07:00
mcp-server	chore(deps): bump @types/node 22 -> 25 (dev types)	2026-05-31 04:02:56 -07:00
monitoring	chore(deps): bump @types/node 22 -> 25 (dev types)	2026-05-31 04:02:56 -07:00
platform-service	feat(fleet): bind advertised capabilities to the enrolled token scope	2026-06-01 12:14:09 -07:00