fix(deploy): add DATABASE_URL and openbrain network to orchestrator and synapse

Orchestrator was crashing with PrismaClientInitializationError because DATABASE_URL
was never added to docker-compose.swarm.portainer.yml when Prisma was integrated.
Synapse was failing because homeserver.yaml pointed to 'postgres' hostname instead
of the actual openbrain_brain-db service.

Changes:
- Add DATABASE_URL env var to orchestrator service
- Add openbrain_brain-internal network to orchestrator service
- Add openbrain_brain-internal network to synapse service

Note: homeserver.yaml /opt/mosaic/synapse/homeserver.yaml was also patched
directly on the server (host: postgres → host: openbrain_brain-db).

apps/orchestrator/src/api/agents/agents.controller.ts

@@ -146,7 +146,7 @@ export class AgentsController {
    * Return recent orchestrator events for non-streaming consumers.
    */
   @Get("events/recent")
-  @Throttle({ status: { limit: 200, ttl: 60000 } })
+  @Throttle({ default: { limit: 1000, ttl: 60000 } })
   getRecentEvents(@Query("limit") limit?: string): {
     events: ReturnType<AgentEventsService["getRecentEvents"]>;
   } {

apps/orchestrator/src/auth/auth.module.ts

@@ -4,6 +4,6 @@ import { AuthGuard } from "./guards/auth.guard";
 
 @Module({
   providers: [OrchestratorApiKeyGuard, AuthGuard],
-  exports: [AuthGuard],
+  exports: [OrchestratorApiKeyGuard, AuthGuard],
 })
 export class AuthModule {}

apps/web/src/components/mission-control/AuditLogDrawer.tsx

@@ -44,6 +44,25 @@ interface AuditLogResponse {
   total: number;
   page: number;
   pages: number;
+  notice?: string;
+}
+
+function createEmptyAuditLogResponse(page: number, notice?: string): AuditLogResponse {
+  return {
+    items: [],
+    total: 0,
+    page,
+    pages: 0,
+    ...(notice !== undefined ? { notice } : {}),
+  };
+}
+
+function isRateLimitError(error: unknown): boolean {
+  if (!(error instanceof Error)) {
+    return false;
+  }
+
+  return /429|rate limit|too many requests/i.test(error.message);
 }
 
 function isRecord(value: unknown): value is Record<string, unknown> {
@@ -138,7 +157,15 @@ async function fetchAuditLog(
     params.set("sessionId", normalizedSessionId);
   }
 
-  return apiGet<AuditLogResponse>(`/api/mission-control/audit-log?${params.toString()}`);
+  try {
+    return await apiGet<AuditLogResponse>(`/api/mission-control/audit-log?${params.toString()}`);
+  } catch (error) {
+    if (isRateLimitError(error)) {
+      return createEmptyAuditLogResponse(page, "Rate limited - retrying...");
+    }
+
+    return createEmptyAuditLogResponse(page);
+  }
 }
 
 export function AuditLogDrawer({ sessionId, trigger }: AuditLogDrawerProps): React.JSX.Element {
@@ -180,11 +207,10 @@ export function AuditLogDrawer({ sessionId, trigger }: AuditLogDrawerProps): Rea
   const totalItems = auditLogQuery.data?.total ?? 0;
   const totalPages = auditLogQuery.data?.pages ?? 0;
   const items = auditLogQuery.data?.items ?? [];
+  const notice = auditLogQuery.data?.notice;
 
   const canGoPrevious = page > 1;
   const canGoNext = totalPages > 0 && page < totalPages;
-  const errorMessage =
-    auditLogQuery.error instanceof Error ? auditLogQuery.error.message : "Failed to load audit log";
 
   return (
     <Sheet open={open} onOpenChange={setOpen}>
@@ -237,10 +263,13 @@ export function AuditLogDrawer({ sessionId, trigger }: AuditLogDrawerProps): Rea
                         Loading audit log...
                       </td>
                     </tr>
-                  ) : auditLogQuery.error ? (
+                  ) : notice ? (
                     <tr>
-                      <td colSpan={5} className="px-3 py-6 text-center text-sm text-red-500">
+                      <td
-                        {errorMessage}
+                        colSpan={5}
+                        className="px-3 py-6 text-center text-sm text-muted-foreground"
+                      >
+                        {notice}
                       </td>
                     </tr>
                   ) : items.length === 0 ? (

docker-compose.swarm.portainer.yml

@@ -316,6 +316,8 @@ services:
       SANDBOX_ENABLED: "true"
       # API key for authenticating requests from the web proxy
       ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
+      # Prisma database connection (uses the shared openbrain postgres)
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@openbrain_brain-db:5432/${POSTGRES_DB:-mosaic}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - orchestrator_workspace:/workspace
@@ -331,6 +333,7 @@ services:
       start_period: 40s
     networks:
       - internal
+      - openbrain_brain-internal
     cap_drop:
       - ALL
     cap_add:
@@ -403,6 +406,7 @@ services:
     networks:
       - internal
       - traefik-public
+      - openbrain_brain-internal
     deploy:
       restart_policy:
         condition: on-failure