e2a5150542
distd stops being read-only. http.sx learns the write-side request surface: header capture with case-insensitive lookup, a Content-Length- bounded body read loop (8K header cap, 512 MiB body cap -> 413, 411 for length-less POST/PUT), and the matching status texts. Auth (server/auth.sx): Authorization: Bearer is re-hashed and resolved via find_token_by_hash, then gated through check_token — 401 for missing/malformed/unknown credentials, 403 with a refusal-specific code (auth.revoked/expired/missing_scope/app_forbidden/channel_forbidden); successful auth stamps last_used_at. check_token's app gate now treats an empty REQUEST app like an empty request channel (uploads are app-agnostic until a release references them). Write routes (POST, publish scope): /api/upload content-addresses the body; /api/apps/<slug>/releases publishes over already-uploaded objects through commit_publish — the back half extracted from run_publish so CLI and HTTP publishes share one find/create-app -> transaction -> audit -> persist pipeline; channels/<name>/promote|rollback delegate to the P3.5 CLI pipelines. Reads stay public. make test 17/17 (new: server_write.sx pinned acceptance over curl).