fix: remove pool_size/max_overflow when using NullPool in alembic migrations

The alembic env.py calls build_engine_kwargs() which adds pool_size and
max_overflow for PostgreSQL, then sets poolclass=NullPool. NullPool rejects
those arguments, causing TypeError on startup. Also removes duplicate helper
function definitions at the end of main.py.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: biru-codeastromer

server/alembic/env.py

@@ -33,6 +33,9 @@ def run_migrations_offline() -> None:
 def run_migrations_online() -> None:
     engine_kwargs = build_engine_kwargs(settings.db_url)
     engine_kwargs["poolclass"] = pool.NullPool
+    # NullPool doesn't accept pool-sizing arguments
+    engine_kwargs.pop("pool_size", None)
+    engine_kwargs.pop("max_overflow", None)
     connectable = create_engine(settings.db_url, **engine_kwargs)
 
     with connectable.connect() as connection:

server/worldmodel_server/main.py

@@ -418,50 +418,3 @@ def _artifact_response(key: str, media_type: str, not_found_detail: str) -> Resp
     return Response(content=payload, media_type=media_type)
 
 
-def _client_host(request: Request) -> str:
-    forwarded = request.headers.get("x-forwarded-for")
-    if forwarded:
-        return forwarded.split(",")[0].strip()
-    if request.client and request.client.host:
-        return request.client.host
-    return "unknown"
-
-
-def _should_rate_limit_public_request(request: Request) -> bool:
-    if request.method not in {"GET", "HEAD"}:
-        return False
-    if not request.url.path.startswith("/api/"):
-        return False
-    if request.headers.get("authorization") or request.headers.get("x-api-key"):
-        return False
-    return True
-
-
-def _require_write_access(
-    request: Request,
-    principal: AuthenticatedPrincipal = Depends(require_scope("runs:write")),
-) -> AuthenticatedPrincipal:
-    _enforce_principal_rate_limit(request, principal)
-    return principal
-
-
-def _require_admin_access(
-    request: Request,
-    principal: AuthenticatedPrincipal = Depends(require_scope("admin")),
-) -> AuthenticatedPrincipal:
-    _enforce_principal_rate_limit(request, principal)
-    return principal
-
-
-def _enforce_principal_rate_limit(request: Request, principal: AuthenticatedPrincipal) -> None:
-    client_host = _client_host(request)
-    result = rate_limiter.hit(
-        f"write:{principal.identifier}:{client_host}",
-        principal.rate_limit_per_minute,
-    )
-    if not result.allowed:
-        raise HTTPException(
-            status_code=429,
-            detail="authenticated write rate limit exceeded",
-            headers={"Retry-After": str(result.retry_after)},
-        )