feat: announcement purgatory

Extends purgatory to hold repository announcements until git data arrives,
preventing empty repositories from being served to clients.

When an announcement is received, a bare repo is created immediately and the
announcement is held in purgatory. It is only promoted and served once a git
push confirms real content exists. If no push arrives before expiry, the bare
repo is deleted and the announcement is silently discarded.

Key behaviours:
- Soft expiry: announcements are hidden from clients but kept alive while git
  pushes are in progress, reviving on successful push
- Expiry is extended when a matching state event or git push is observed
- NIP-09 deletion events remove announcements from purgatory
- Purgatory state (announcements, state events, PR events, expired set) is
  persisted to disk on graceful shutdown and restored on startup, with elapsed
  downtime subtracted from expiry deadlines
- Purgatory announcements drive StateOnly sync in the sync system so state
  events are fetched from listed relays before promotion
- SyncLevel added to RepoSyncIndex to distinguish purgatory repos (StateOnly)
  from promoted repos (Full L2+L3 sync)

1 files changed, 30 insertions, 0 deletions

diff --git a/grasp-audit/src/client.rs b/grasp-audit/src/client.rs
index 91a93dc..5c263ad 100644
--- a/grasp-audit/src/client.rs
+++ b/grasp-audit/src/client.rs
@@ -209,6 +209,36 @@ impl AuditClient {
         Ok(event_id)
     }
 
+    /// Send event and note whether it entered purgatory (not served) or was served immediately.
+    ///
+    /// This is a tolerant version of `send_event_expect_purgatory_not_served` that doesn't
+    /// fail if purgatory is not observed. It returns whether purgatory was observed so
+    /// fixtures can proceed regardless of relay implementation status.
+    ///
+    /// Returns (EventId, bool) where bool = true if event was NOT served (purgatory observed).
+    pub async fn send_event_and_note_purgatory(&self, event: Event) -> Result<(EventId, bool)> {
+        if self.config.read_only {
+            return Err(anyhow!("Client is in read-only mode"));
+        }
+
+        let output = self.client.send_event(&event).await?;
+        let event_id = *output.id();
+
+        // Check if any relay rejected the event and return the error message
+        if !output.failed.is_empty() {
+            let (relay_url, error) = output.failed.iter().next().unwrap();
+            return Err(anyhow!("Relay {} rejected event: {}", relay_url, error));
+        }
+
+        // Wait a bit for event to propagate
+        tokio::time::sleep(Duration::from_millis(300)).await;
+
+        // Check if event is served (not in purgatory) or not served (in purgatory)
+        let in_purgatory = !self.is_event_on_relay(event.id).await?;
+
+        Ok((event_id, in_purgatory))
+    }
+
     /// check if an event is on the relay
     pub async fn is_event_on_relay(&self, id: EventId) -> Result<bool> {
         Ok(!self