fix(zero): add replicator health check and statement timeout (tldraw#8437)

After the 16+ hour Zero replication stall with no automated detection,
this adds a health check endpoint and a safety net for stuck queries.

**Health check** (`/health-check/zero-replicator`): queries
`pg_stat_replication` for the `zero-replicator` application and returns
500 if it's disconnected, stalled (`write_lsn IS NULL`), or lagging
(`write_lag > 1 minute`). Uses the existing Kysely pool, same pattern as
`/health-check/db`. Configure Updown.io to hit this endpoint every 60s
with the `HEALTH_CHECK_BEARER_TOKEN`.

**Statement timeout**: changes `statement_timeout=0` (infinite) to
`statement_timeout=1800000` (30 min) on Zero's connection strings.
Prevents stuck queries from blocking forever while still allowing
initial sync to complete.

### Change type

- [x] `improvement`

### Test plan

1. Deploy to staging
2. Hit `/health-check/zero-replicator` with bearer token — should return
200
3. Stop the zero-replicator process — endpoint should return 500 after
Updown confirmation
4. Verify Zero still boots and completes initial sync with the 30-min
statement timeout

### Code changes

| Section        | LOC change |
| -------------- | ---------- |
| Apps           | +25 / -0   |
| Config/tooling | +1 / -1    |

Author: MitjaBezensek

apps/dotcom/sync-worker/src/healthCheckRoutes.ts

@@ -1,4 +1,5 @@
 import { createRouter, notFound } from '@tldraw/worker-shared'
+import { sql } from 'kysely'
 import { createPostgresConnectionPool } from './postgres'
 import { isDebugLogging, type Environment } from './types'
 import { getStatsDurableObjct } from './utils/durableObjects'
@@ -48,8 +49,9 @@ export const healthCheckRoutes = createRouter<Environment>()
 		}
 	})
 	.get('/health-check/db', async (_, env) => {
+		const db = createPostgresConnectionPool(env, '/health-check/db')
 		try {
-			await createPostgresConnectionPool(env, '/health-check/db')
+			await db
 				.selectFrom('user')
 				.select('name')
 				.where('email', '=', 'mitja@tldraw.com')
@@ -58,6 +60,35 @@ export const healthCheckRoutes = createRouter<Environment>()
 			return new Response('ok', { status: 200 })
 		} catch (_e) {
 			return new Response('Could not reach the database', { status: 500 })
+		} finally {
+			await db.destroy()
+		}
+	})
+	.get('/health-check/zero-replicator', async (_, env) => {
+		const db = createPostgresConnectionPool(env, '/health-check/zero-replicator')
+		try {
+			const result = await sql<{ status: string }>`
+				SELECT
+					CASE
+						WHEN write_lsn IS NULL THEN 'STALLED'
+						WHEN write_lag > interval '1 minute' THEN 'LAGGING'
+						ELSE 'HEALTHY'
+					END AS status
+				FROM pg_stat_replication
+				WHERE application_name = 'zero-replicator'
+			`.execute(db)
+			if (result.rows.length === 0) {
+				return new Response('zero-replicator not connected', { status: 500 })
+			}
+			const status = result.rows[0].status
+			if (status !== 'HEALTHY') {
+				return new Response(`zero-replicator: ${status}`, { status: 500 })
+			}
+			return new Response('ok', { status: 200 })
+		} catch (_e) {
+			return new Response('Could not check zero-replicator status', { status: 500 })
+		} finally {
+			await db.destroy()
 		}
 	})
 	.all('*', notFound)

internal/scripts/deploy-dotcom.ts

@@ -669,7 +669,7 @@ async function vercelCli(command: string, args: string[], opts?: ExecOpts) {
 
 function withStatementTimeout(connString: string): string {
 	const separator = connString.includes('?') ? '&' : '?'
-	return `${connString}${separator}statement_timeout=0`
+	return `${connString}${separator}statement_timeout=1800000`
 }
 
 function updateFlyioToml(appName: string): void {