feat(ops): add ops-hub service inventory now view (CUST-WP-0047)

Seed a non-secret service inventory (environments, hosts, clusters,
services, endpoints, access paths, evidence, gaps) with a JSON schema,
a renderer, and a generated service-catalog view. Adds the
`make ops-inventory-view` target, probe ActivityDefinition, and docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

activity-definitions/ops-service-inventory-probes.md

@@ -0,0 +1,88 @@
+---
+id: "40d15a87-7ff6-4d8e-992c-37df15f95110"
+name: "Ops Service Inventory Probes"
+type: activity-definition
+version: "0.1"
+enabled: false
+owner: custodian
+governance: custodian
+status: proposed
+created: "2026-06-05"
+trigger:
+  type: cron
+  cron_expression: "15 * * * *"
+  timezone: Europe/Berlin
+  misfire_policy: skip
+context_sources:
+  - type: static
+    bind_to: context.inventory_path
+    config:
+      value: /home/worsch/the-custodian/ops/service-inventory.yml
+  - type: static
+    bind_to: context.catalog_path
+    config:
+      value: /home/worsch/the-custodian/docs/ops-hub-service-catalog.md
+---
+
+# ActivityDefinition: Ops Service Inventory Probes
+
+## Purpose
+
+This disabled draft is the activity-core handoff point for
+`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
+
+The future enabled routine should read the non-secret inventory, run repeatable
+probes for declared endpoints and access paths, render the catalog view, and
+submit non-secret ops evidence events against stable inventory ids.
+
+## Runner Status
+
+This definition is intentionally `enabled: false`.
+
+Do not enable it until both of these are true:
+
+- activity-core has an inventory probe runner or State Hub resolver that can
+  execute the checks without embedding secrets in ActivityRun context
+- the ops-hub Inter-Hub widget/event sink can accept `ops-service-observed`,
+  `ops-endpoint-verified`, `ops-access-path-checked`, `ops-backup-verified`,
+  and `ops-inventory-drift` events
+
+## Trigger
+
+Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.
+
+This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
+
+## Probe Candidates
+
+Initial deterministic probes:
+
+- State Hub local health endpoint:
+  `http://127.0.0.1:8000/state/health`
+- Inter-Hub OpenAPI endpoint:
+  `https://hub.coulomb.social/api/v2/openapi.json`
+- Gitea OCI registry auth challenge:
+  `https://gitea.coulomb.social/v2/`
+- activity-core API health and Temporal schedule availability
+- ops-bridge tunnel reachability
+- Haskell build-agent State Hub registration and tunnel state
+
+## Output Contract
+
+Each successful run should produce:
+
+- an updated `docs/ops-hub-service-catalog.md`
+- one evidence event per checked service/endpoint/access path
+- one ActivityRun with compact non-secret summary metadata
+- no credentials, tokens, cookies, private key material, or sensitive command
+  output in context snapshots, event metadata, reports, or logs
+
+## Event Mapping
+
+| Probe result | Event type |
+|---|---|
+| Runtime object observed | `ops-service-observed` |
+| HTTP/HTTPS/tunnel endpoint matches expected signal | `ops-endpoint-verified` |
+| SSH, Kubernetes, or HTTP access path checked | `ops-access-path-checked` |
+| Backup and restore evidence found | `ops-backup-verified` |
+| Observed runtime differs from inventory | `ops-inventory-drift` |