Harden health dashboard: XSS escaping, appEvents guard, incremental logs, stale sweep, timer lifecycle
- Escape all server-sourced strings in innerHTML across updateVitals, updateCortexGrid,
updateImporterGrid, updateDreamCard, updateSyncCard, and renderLogs service headers
- Guard window.appEvents.listen for availability
- Add incremental log append path (DOM append when following with unchanged filters)
- Add 60s stale sweep for agents and imports Maps (safety net for missed terminal events)
- Clear elapsedTimer when no agents remain; restarts on reappear
- Declare deepLinkMode: false in initial state object
- Replace undefined CSS custom properties (--text-muted, --text-secondary) with hardcoded colors