feat(v1.1.4): outbound HTTP SDK + cron triggers

HTTP (`http::*`):
- `HttpService` trait (picloud-shared) + reqwest-backed `HttpServiceImpl`
  (manager-core), wired into the `Services` bundle.
- SSRF deny-list applied to the resolved IP via a custom reqwest
  `dns_resolver` (covers every redirect hop + defeats DNS rebinding) plus
  a literal-IP check at URL-parse time. Scheme/port restrictions, request
  + response body caps (stream-with-cap), layered timeout. Error reason is
  a CIDR category, never the IP. `PICLOUD_HTTP_ALLOW_PRIVATE` dev override
  (logs a startup warning).
- Rhai bridge with three-arg split `verb(url, body, opts)` (resolves the
  brief's body-vs-opts contradiction; unknown opt keys throw). Body
  dispatch by type; response `#{status,headers,body,body_raw}` with JSON
  auto-parse; non-2xx does not throw.
- `Capability::AppHttpRequest` → existing `script:write` scope (no new
  Scope variant). `SdkCallCx` gains `script_id` (attribution + User-Agent).

Cron triggers (4th trigger kind):
- Migration 0017 widens the kind/source_kind CHECKs and adds
  `cron_trigger_details`. `cron`/`chrono-tz` parse + validate 6-field
  schedules and IANA timezones.
- `spawn_cron_scheduler` polls due triggers and enqueues to the universal
  outbox; the dispatcher delivers them (one-line match-arm extension).
  Catch-up fires exactly once per trigger per tick, not once per missed
  window. `ctx.event.cron` for handlers.
- `POST /api/v1/admin/apps/{id}/triggers/cron` reuses the v1.1.3
  cross-app + kind!=module target check.
- Dashboard: admin-gated Triggers tab (cron create form + list).

Follow-ups: redact module backend errors at the resolver boundary (log
original at error level); pin `rhai = "=1.24"`; CHANGELOG incl. retroactive
v1.1.3 cross-app-trigger security note. Version bumps: workspace 1.1.4,
SDK 1.5, dashboard 0.10.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

crates/picloud/src/lib.rs

@@ -16,10 +16,10 @@ use picloud_manager_core::{
     AdminPrincipalResolver, AdminSessionRepository, AdminState, AdminUserRepository, AdminsState,
     ApiKeyRepository, ApiKeysState, AppDomainRepository, AppMembersRepository, AppMembersState,
     AppRepository, AppsState, AuthState, AuthzRepo, DeadLetterRepo, DeadLettersState, Dispatcher,
-    DocsServiceImpl, KvServiceImpl, OutboxEventEmitter, OutboxRepo, PostgresAbandonedRepo,
-    PostgresAdminSessionRepository, PostgresAdminUserRepository, PostgresApiKeyRepository,
-    PostgresAppDomainRepository, PostgresAppMembersRepository, PostgresAppRepository,
-    PostgresDeadLetterRepo, PostgresDeadLetterService, PostgresDocsRepo,
+    DocsServiceImpl, HttpConfig, HttpServiceImpl, KvServiceImpl, OutboxEventEmitter, OutboxRepo,
+    PostgresAbandonedRepo, PostgresAdminSessionRepository, PostgresAdminUserRepository,
+    PostgresApiKeyRepository, PostgresAppDomainRepository, PostgresAppMembersRepository,
+    PostgresAppRepository, PostgresDeadLetterRepo, PostgresDeadLetterService, PostgresDocsRepo,
     PostgresExecutionLogRepository, PostgresExecutionLogSink, PostgresKvRepo, PostgresOutboxRepo,
     PostgresRouteRepository, PostgresScriptRepository, PostgresTriggerRepo, PrincipalResolver,
     RepoResolver, RouteAdminState, RouteRepository, SandboxCeiling, ScriptRepository,
@@ -31,9 +31,9 @@ use picloud_orchestrator_core::{
     LocalExecutorClient,
 };
 use picloud_shared::{
-    DeadLetterService, DocsService, ExecutionLogSink, InboxResolver, KvService, OutboxWriter,
-    ScriptValidator, ServiceEventEmitter, Services, API_VERSION, PRODUCT_VERSION, SDK_VERSION,
-    WIRE_VERSION,
+    DeadLetterService, DocsService, ExecutionLogSink, HttpService, InboxResolver, KvService,
+    OutboxWriter, ScriptValidator, ServiceEventEmitter, Services, API_VERSION, PRODUCT_VERSION,
+    SDK_VERSION, WIRE_VERSION,
 };
 use sqlx::postgres::PgPoolOptions;
 use sqlx::PgPool;
@@ -143,9 +143,21 @@ pub async fn build_app(pool: PgPool, auth: AuthDeps) -> anyhow::Result<Router> {
         outbox_repo.clone(),
         authz.clone(),
     ));
-    let modules: Arc<dyn picloud_shared::ModuleSource> =
-        Arc::new(picloud_manager_core::PostgresModuleSource::new(pool));
-    let services = Services::new(kv, docs, dl_service.clone(), events, modules);
+    let modules: Arc<dyn picloud_shared::ModuleSource> = Arc::new(
+        picloud_manager_core::PostgresModuleSource::new(pool.clone()),
+    );
+    // v1.1.4 outbound HTTP. The reqwest client is built once here with
+    // the SSRF deny-list resolver. `PICLOUD_HTTP_ALLOW_PRIVATE=true`
+    // disables the deny-list entirely — dev/test only, so warn loudly.
+    let http_config = HttpConfig::from_env();
+    if http_config.allow_private {
+        tracing::warn!(
+            "PICLOUD_HTTP_ALLOW_PRIVATE is set — the outbound-HTTP SSRF deny-list is DISABLED. \
+             Scripts can reach loopback/private/link-local addresses. Do NOT use in production."
+        );
+    }
+    let http: Arc<dyn HttpService> = Arc::new(HttpServiceImpl::new(http_config, authz.clone()));
+    let services = Services::new(kv, docs, dl_service.clone(), events, modules, http);
     let engine = Arc::new(Engine::new(Limits::default(), services));
 
     // Compile the routes table once at startup; admin writes refresh it.
@@ -241,6 +253,10 @@ pub async fn build_app(pool: PgPool, auth: AuthDeps) -> anyhow::Result<Router> {
         abandoned_repo.clone(),
         trigger_config.abandoned_retention_days,
     );
+    // v1.1.4: cron scheduler. Polls cron_trigger_details on a tick and
+    // enqueues due triggers into the outbox; the dispatcher above
+    // delivers them like any other async trigger.
+    picloud_manager_core::spawn_cron_scheduler(pool, trigger_config.cron_tick_interval_ms);
     let triggers_state = TriggersState {
         triggers: trigger_repo,
         apps: apps_repo.clone(),