feat: expanded health checks, deploy filtering, per-project notifications, error sanitization, and audit trail

- Expand health endpoint to check DB, Docker, and NPM connectivity (FUNC-M4)
- Add project_id, stage_id, offset query params to deploys endpoint (FUNC-M5, FUNC-M6)
- Add notification_url field to Stage model for per-project overrides (FUNC-M2)
- Add NPM Ping method for health checking
- Sanitize all internal error messages in API handlers (SEC-M4)
- Add audit trail events for admin actions (FUNC-M3)
- Add EventLog event type to event bus

internal/store/deploys.go

@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/google/uuid"
 )
@@ -166,6 +167,36 @@ func IsTerminalDeployStatus(status string) bool {
 	}
 }
 
+// GetDeploys returns deploys with optional filtering by project and stage, with pagination.
+func (s *Store) GetDeploys(projectID, stageID string, limit, offset int) ([]Deploy, error) {
+	query := `SELECT id, project_id, stage_id, instance_id, image_tag, status, started_at, finished_at, error FROM deploys`
+	var args []any
+	var conditions []string
+
+	if projectID != "" {
+		conditions = append(conditions, "project_id = ?")
+		args = append(args, projectID)
+	}
+	if stageID != "" {
+		conditions = append(conditions, "stage_id = ?")
+		args = append(args, stageID)
+	}
+
+	if len(conditions) > 0 {
+		query += " WHERE " + strings.Join(conditions, " AND ")
+	}
+	query += " ORDER BY started_at DESC LIMIT ? OFFSET ?"
+	args = append(args, limit, offset)
+
+	rows, err := s.db.Query(query, args...)
+	if err != nil {
+		return nil, fmt.Errorf("query deploys: %w", err)
+	}
+	defer rows.Close()
+
+	return scanDeploys(rows)
+}
+
 // CleanupOldDeploys removes deploy records and their logs older than the given
 // number of days. Returns the number of deploys removed.
 func (s *Store) CleanupOldDeploys(retentionDays int) (int64, error) {