* feat(sanctions): entity lookup index + OpenSanctions search (#2042)
* fix: guard tokens[0] access in sanctions lookup
* fix: use createIpRateLimiter pattern in sanctions-entity-search
* fix: add sanctions-entity-search to allowlist and cache tier
* fix: add LookupSanctionEntity RPC to service.proto, regenerate
* fix(sanctions): strip _entityIndex/_state from main key publish, guard limit NaN
P0: seed-sanctions-pressure was writing the full _entityIndex array and _state
snapshot into sanctions:pressure:v1 because afterPublish runs after atomicPublish.
Add publishTransform to strip both fields before the main key write so the
pressure payload stays compact; afterPublish and extraKeys still receive the full
data object and write the correct separate keys.
P1: limit param in sanctions-entity-search edge function passed NaN to OpenSanctions
when a non-numeric value was supplied. Fix with Number.isFinite guard.
P2: add 200-char max length on q param to prevent oversized upstream requests.
* fix(sanctions): maxStaleMin 2x interval, no-store on entity search
health.js: 720min (1x) → 1440min (2x) for both sanctionsPressure and
sanctionsEntities. A single missed 12h cron was immediately flagging stale.
sanctions-entity-search.js: Cache-Control public → no-store. Sanctions
lookups include compliance-sensitive names in the query string; public
caching would have logged/stored these at CDN/proxy layer.
3321069fb3