V113 token-health cache 5min - respect providers + self rate-limit fix

Doctrine 0 root cause V112 finding: sambanova EXPIRED transient observed
during multi-probe burst. token_health (V111) + infra_health_report (V112)
both call token-health-real.php which hit 11 providers LIVE each call.

Solution V113: file-based cache TTL 300s
- /tmp/token-health-cache.json written on fresh probe
- Subsequent calls within 5min return cached data (cache_hit=true, cache_age_sec=N)
- ?force=1 query param bypasses cache for immediate re-probe
- Best-effort write (non-fatal if /tmp unwritable)

Performance:
- Before V113: 11 provider curls 5s timeout each = potentiel 55s max
- After V113 cache hit: <10ms, zero provider hit

Validation live 3 calls:
- Call 1: cache_hit=True cache_age=15s (pre-populated)
- Call 2: cache_hit=True cache_age=18s
- Call 3 (?force=1): cache_hit=False fresh probe

Version string: v9.48-honest-token-probe-raw-parse+v113-cache5min

Security note: cache contient uniquement prefixes cles (10 premiers + 4 derniers)
Pas les cles completes. Safe pour /tmp default permissions.

Size diff: 3493 -> 4408 bytes (+915 plus 26 pct)

GOLD vault: /opt/wevads/vault/token-health-real.php.GOLD-V113-20260421-104711

L99 NonReg V113: 153/153 PASS 0 FAIL 100 pct 56.3s TS 20260421_105026

Chain V96-V113:
V96 fake, V97 dormant, V98 submodule, V99 kpi, V100 V83 category,
V101 intent, V102 orch, V103 retry-429, V104 E2E, V105 orphans_count enrich,
V106 full_report, V107 audit, V108 ZERO ORPHANS, V110 fpm_monitor,
V111 token_health, V112 infra_health_report, V113 cache 5min

Zero suppression zero hardcode zero regression zero ecrasement zero fake
Respects providers (doctrine 13 cause racine self rate-limit)
Doctrines 0+1+2+4+13+14+60+95+100 applied

wiki/session-V113-token-health-cache.md

@@ -0,0 +1,114 @@
+# V113 - token-health-real.php cache 5min - 2026-04-21
+
+## Objectif
+Éviter les rate-limits auto-infligés aux providers lors de probes répétés.
+Le multi-agent bilan de V112 hit 11 API providers à chaque requête : 
+4 bilans par minute = 44 hits, déclenche les rate-limits des providers
+(finding V112: sambanova passé EXPIRED temporairement).
+
+## Cause racine identifiée V112
+
+`token-health-real.php` (V9.48) faisait une loop `foreach($providers)` avec
+`curl_exec` LIVE à chaque appel HTTP. Zéro cache = load direct sur providers.
+
+Avec agent `token_health` (V111) dans plan par défaut + agent 
+`infra_health_report` (V112) → potentiel de 2× 11 = 22 probes par bilan.
+
+Si Yacine fait 4 bilans en 1 min = 88 hits providers. **Sambanova 
+confirmed EXPIRED** pendant V112 tests, symptôme direct.
+
+## Solution V113
+
+**Fichier**: `/var/www/html/api/token-health-real.php`
+**GOLD**: `/opt/wevads/vault/token-health-real.php.GOLD-V113-20260421-104711`
+
+### Cache fichier TTL 5 minutes
+```php
+$cache_file = "/tmp/token-health-cache.json";
+$cache_ttl = 300; // 5 minutes
+$force = !empty($_GET["force"]) || !empty($_POST["force"]);
+
+if (!$force && is_readable($cache_file)) {
+    $mtime = filemtime($cache_file);
+    $age = time() - $mtime;
+    if ($age < $cache_ttl) {
+        $cached = @json_decode(@file_get_contents($cache_file), true);
+        if (is_array($cached)) {
+            $cached["cache_hit"] = true;
+            $cached["cache_age_sec"] = $age;
+            echo json_encode($cached, JSON_PRETTY_PRINT);
+            exit;
+        }
+    }
+}
+```
+
+### Écriture cache en fin (best-effort)
+```php
+@file_put_contents($cache_file, json_encode($response, JSON_PRETTY_PRINT));
+```
+
+### Bypass admin ?force=1
+Query param pour forcer re-probe immédiat (utile diagnostic).
+
+### Size diff
+3493 → 4408 bytes (+915, +26%)
+
+## Validation live
+
+```
+Call 1 (premier):       cache_hit=True cache_age=15s  (populé récemment)
+Call 2 (dans 5min):     cache_hit=True cache_age=18s
+Call 3 (?force=1):      cache_hit=False  → re-probe fresh
+```
+
+Performance estimée :
+- **Avant V113**: 11 provider probes ~5s timeout each = potentiel 55s max, typiquement 3-5s
+- **Après V113 (cache hit)**: <10ms, zéro hit providers
+
+## Impact sur V111/V112
+
+- **V111 token_health** (Orchestrator default) : consomme désormais cache
+- **V112 infra_health_report** : consomme cache
+- **Multi-agent bilan** : 0 flood provider sur appels répétés
+- **Admin** : `?force=1` pour refresh quand nécessaire
+
+## L99 NonReg
+```
+153/153 PASS | 0 FAIL | 100% | 56.3s
+TS: 20260421_105026
+```
+
+## Chain V96→V113
+
+| Version | Commit | Sujet |
+|---|---|---|
+| V96-V108 | cd86b19f9 | Orphans Rescue + ZERO ORPHANS |
+| V110 | ede9a5197 | fpm_monitor |
+| V111 | 5e98086e7 | token_health |
+| V112 | 748d35ee4 | infra_health_report |
+| **V113** | TBD | **token-health cache 5min (self rate-limit respect)** |
+
+## Doctrines appliquées
+- Doctrine 0: Root cause (self-inflicted rate-limit identified V112)
+- Doctrine 1: GOLD vault V113 snapshot
+- Doctrine 2: Zero écrasement (cache en addition, logique probe intacte)
+- Doctrine 4: Zero régression (L99 153/153)
+- Doctrine 13: Cause racine (respect providers)
+- Doctrine 14: Test-driven (3 calls confirmed cache behavior)
+- Doctrine 60: UX premium (health fast, no delay)
+- Doctrine 95: Traçabilité wiki + vault
+- Doctrine 100: Train release commit
+
+## Sécurité
+- Cache `/tmp/token-health-cache.json` world-readable (root:root 644)
+  → contient prefixes de clés (10 chars + "..." + 4 chars) = PAS les clés complètes
+  → safe pour `/tmp` permissions default
+- `?force=1` accessible à tous → peut-être à restreindre en V114 si abuse
+  (monitoring via access.log recommended)
+
+## Next V114+ pending
+- [ ] Playwright V86 Auth Guard + HMAC E2E (test login flow réel)
+- [ ] Restrict `?force=1` à admin auth'd (mineur)
+- [ ] token-apply.sh + cron (NÉCESSITE AUTORISATION YACINE)
+- [ ] GitHub PAT manual renewal (côté Yacine, pas moi)