feat(swarm): remote teardown API + UI (per-decky and per-host)
Agents already exposed POST /teardown; the master was missing the plumbing
to reach it. Add:
- POST /api/v1/swarm/hosts/{uuid}/teardown — admin-gated. Body
{decky_id: str|null}: null tears the whole host, a value tears one decky.
On worker failure the master returns 502 and leaves DB shards intact so
master and agent stay aligned.
- BaseRepository.delete_decky_shard(name) + sqlmodel impl for per-decky
cleanup after a single-decky teardown.
- SwarmHosts page: "Teardown all" button (keeps host enrolled).
- SwarmDeckies page: per-row "Teardown" button.
Also exclude setuptools' build/ staging dir from the enrollment tarball —
`pip install -e` on the master generates build/lib/decnet_web/node_modules
and the bundle walker was leaking it to agents. Align pyproject's bandit
exclude with the git-hook invocation so both skip decnet/templates/.
This commit is contained in:
@@ -111,6 +111,9 @@ include = ["decnet*"]
|
||||
decnet = ["templates/**/*"]
|
||||
|
||||
[tool.bandit]
|
||||
# Docker build contexts — code runs inside decoy containers, not in the
|
||||
# master/agent process. Skipping keeps honeypot service scripts (hashlib.md5
|
||||
# for JA3, /tmp/build in Dockerfile helpers, etc.) out of the scan.
|
||||
exclude_dirs = [
|
||||
"decnet/templates/syslog_bridge.py",
|
||||
"decnet/templates",
|
||||
]
|
||||
|
||||
Reference in New Issue
Block a user