Add a rules controller

app/controllers/api/events_controller.rb

@@ -18,8 +18,42 @@ class Api::EventsController < ApplicationController
       headers: extract_serializable_headers(request)
     )
 
-    # Always return 200 OK to avoid agent retries
-    head :ok
+    # Include rule version in response for agent optimization
+    rule_version = Rule.latest_version
+    response.headers['X-Rule-Version'] = rule_version.to_s
+
+    # Get current sampling for back-pressure management
+    current_sampling = HubLoad.current_sampling
+    response.headers['X-Sample-Rate'] = current_sampling[:allowed_requests].to_s
+    response.headers['X-Sample-Until'] = current_sampling[:effective_until]
+
+    # Check if agent sent a rule version to compare against
+    client_version = request.headers['X-Rule-Version']&.to_i
+
+    response_data = {
+      success: true,
+      rule_version: rule_version,
+      sampling: current_sampling
+    }
+
+    # If agent has old rules or no version, include new rules in response
+    if client_version.blank? || client_version != rule_version
+      # Get rules updated since client version
+      if client_version.present?
+        since_time = Time.at(client_version / 1_000_000, client_version % 1_000_000)
+        rules = Rule.where("updated_at > ?", since_time).enabled.sync_order
+      else
+        # Full sync for new agents
+        rules = Rule.active.sync_order
+      end
+
+      response_data[:rules] = rules.map(&:to_agent_format)
+      response_data[:rules_changed] = true
+    else
+      response_data[:rules_changed] = false
+    end
+
+    render json: response_data
   rescue DsnAuthenticationService::AuthenticationError => e
     Rails.logger.warn "DSN authentication failed: #{e.message}"
     head :unauthorized

app/controllers/api/rules_controller.rb

@@ -9,15 +9,18 @@ module Api
     # GET /api/:public_key/rules/version
     # Quick version check - returns latest updated_at timestamp
     def version
+      current_sampling = HubLoad.current_sampling
+      response.headers['X-Sample-Rate'] = current_sampling[:allowed_requests].to_s
+
       render json: {
         version: Rule.latest_version,
         count: Rule.active.count,
-        sampling: HubLoad.current_sampling
+        sampling: current_sampling
       }
     end
 
-    # GET /api/:public_key/rules?since=2024-11-03T12:00:00.000Z
-    # Incremental sync - returns rules updated since timestamp
+    # GET /api/:public_key/rules?since=1730646186272060
+    # Incremental sync - returns rules updated since timestamp (microsecond Unix timestamp)
     # GET /api/:public_key/rules
     # Full sync - returns all active rules
     def index
@@ -30,9 +33,12 @@ module Api
         Rule.active.sync_order
       end
 
+      current_sampling = HubLoad.current_sampling
+      response.headers['X-Sample-Rate'] = current_sampling[:allowed_requests].to_s
+
       render json: {
         version: Rule.latest_version,
-        sampling: HubLoad.current_sampling,
+        sampling: current_sampling,
         rules: rules.map(&:to_agent_format)
       }
     rescue ArgumentError => e
@@ -59,9 +65,17 @@ module Api
     end
 
     def parse_timestamp(timestamp_str)
-      Time.parse(timestamp_str)
+      # Parse microsecond Unix timestamp
+      unless timestamp_str.match?(/^\d+$/)
+        raise ArgumentError, "Invalid timestamp format. Expected microsecond Unix timestamp (e.g., 1730646186272060)"
+      end
+
+      total_microseconds = timestamp_str.to_i
+      seconds = total_microseconds / 1_000_000
+      microseconds = total_microseconds % 1_000_000
+      Time.at(seconds, microseconds)
     rescue ArgumentError => e
-      raise ArgumentError, "Invalid timestamp format. Expected ISO8601 format (e.g., 2024-11-03T12:00:00.000Z)"
+      raise ArgumentError, "Invalid timestamp format: #{e.message}. Use microsecond Unix timestamp (e.g., 1730646186272060)"
     end
   end
 end