fix(fabric): use broadcast subject for NATS capabilities discovery

NATS wildcards (node.*.capabilities.get) only work for subscriptions,
not for publish. Switch to a dedicated broadcast subject
(fabric.capabilities.discover) that all NCS instances subscribe to,
enabling proper scatter-gather discovery across nodes.

Made-with: Cursor

crews/agromatrix_crew/audit.py

@@ -8,7 +8,8 @@ from nats.aio.client import Client as NATS
 import asyncio
 
 NATS_URL = os.getenv('NATS_URL', 'nats://localhost:4222')
-AUDIT_FILE = os.getenv('AGX_AUDIT_FILE', 'artifacts/audit.log.jsonl')
+# Default: /app/logs (mounted rw volume) або /tmp як fallback
+AUDIT_FILE = os.getenv('AGX_AUDIT_FILE', '/app/logs/stepan_audit.log.jsonl')
 
 
 def _hash(text: str):
@@ -17,16 +18,19 @@ def _hash(text: str):
 
 async def _publish_nats(subject: str, payload: dict):
     nc = NATS()
-    await nc.connect(servers=[NATS_URL])
+    await nc.connect(servers=[NATS_URL], connect_timeout=2)
     await nc.publish(subject, json.dumps(payload).encode())
     await nc.flush(1)
     await nc.drain()
 
 
 def audit_event(event: dict):
-    Path(AUDIT_FILE).parent.mkdir(parents=True, exist_ok=True)
-    with open(AUDIT_FILE, 'a', encoding='utf-8') as f:
-        f.write(json.dumps(event, ensure_ascii=False) + '\n')
+    try:
+        Path(AUDIT_FILE).parent.mkdir(parents=True, exist_ok=True)
+        with open(AUDIT_FILE, 'a', encoding='utf-8') as f:
+            f.write(json.dumps(event, ensure_ascii=False) + '\n')
+    except Exception:
+        pass
     try:
         asyncio.run(_publish_nats('agx.audit.delegation', event))
     except Exception: