Implement 30-Day Retention Policy for DevIndex Penalty Box

[tobiu]

We need a mechanism to handle user deletions and long-term suspensions in compliance with privacy expectations ("Right to be Forgotten"). Currently, users who return 404s are moved to the Penalty Box (failed.json) indefinitely if they have prior history.

The Solution: Penalty Box Retention Policy (TTL)

1. Schema Migration: Convert apps/devindex/resources/failed.json from a simple Array ["login"] to a Map {"login": "2026-02-13T..."} to track when the failure first occurred.
2. Cleanup Logic: Update Cleanup.mjs to check this timestamp.
3. Policy: If a user remains in the Penalty Box for 30 Days:
   • Assume the account is permanently deleted or banned.
   • Hard Delete: Remove from users.jsonl, tracker.json, and failed.json.
   • Log the deletion.

This ensures that our index eventually reflects reality and respects user deletion.

[tobiu]

Input from Gemini 3 Pro:

✦ Implemented the 30-day retention policy for the Penalty Box (failed.json).

Changes:

1. Schema Migration: Storage.getFailed() now lazily migrates failed.json from a legacy Array to a Map<String, Timestamp>.
2. Retention Logic: Cleanup.mjs now checks the timestamp of failed users. If a user has been in the penalty box for more than 30 days, they are:
   • Removed from failed.json.
   • Pruned from users.jsonl (Rich Data).
   • Pruned from tracker.json (via Orphan logic).
3. Persistence: Cleanup.mjs now forces a save of failed.json on every run. This ensures that the migration (setting the "start time" for existing failed users) is persisted immediately, and that the file remains sorted.

The "clock" for existing failed users starts now (upon the first Cleanup run). New failures will use the time of failure.