Add a rules controller

app/controllers/api/events_controller.rb

@@ -18,8 +18,42 @@ class Api::EventsController < ApplicationController
       headers: extract_serializable_headers(request)
     )
 
-    # Always return 200 OK to avoid agent retries
-    head :ok
+    # Include rule version in response for agent optimization
+    rule_version = Rule.latest_version
+    response.headers['X-Rule-Version'] = rule_version.to_s
+
+    # Get current sampling for back-pressure management
+    current_sampling = HubLoad.current_sampling
+    response.headers['X-Sample-Rate'] = current_sampling[:allowed_requests].to_s
+    response.headers['X-Sample-Until'] = current_sampling[:effective_until]
+
+    # Check if agent sent a rule version to compare against
+    client_version = request.headers['X-Rule-Version']&.to_i
+
+    response_data = {
+      success: true,
+      rule_version: rule_version,
+      sampling: current_sampling
+    }
+
+    # If agent has old rules or no version, include new rules in response
+    if client_version.blank? || client_version != rule_version
+      # Get rules updated since client version
+      if client_version.present?
+        since_time = Time.at(client_version / 1_000_000, client_version % 1_000_000)
+        rules = Rule.where("updated_at > ?", since_time).enabled.sync_order
+      else
+        # Full sync for new agents
+        rules = Rule.active.sync_order
+      end
+
+      response_data[:rules] = rules.map(&:to_agent_format)
+      response_data[:rules_changed] = true
+    else
+      response_data[:rules_changed] = false
+    end
+
+    render json: response_data
   rescue DsnAuthenticationService::AuthenticationError => e
     Rails.logger.warn "DSN authentication failed: #{e.message}"
     head :unauthorized