fix(xff): truncate LEAKED IPs + ROTATION badge for rotation attacks

`for i in $(seq 1 100); do curl -H "X-Forwarded-For: 191.100.20.$i" ...`
was dumping 100 distinct IPs into AttackerDetail's LEAKED IPs row,
drowning the rest of the ORIGIN section. The 100-IP wall is itself a
signal (WAF-bypass-list probing) that deserves a short badge, not a
flood.

Backend:
- get_attacker_ip_leaks gains `limit: int = 10` parameter — caller
  only ever needs a sample, not the full set.
- New count_attacker_ip_leaks() returns the unbounded COUNT(*) via
  one cheap SQL aggregate.
- Detail endpoint returns {ip_leaks: [first 10], ip_leaks_total: N}
  so the UI can render a rotation badge independent of list length.

UI:
- New LeakedIPsRow component. First 5 distinct IPs rendered inline
  with hover tooltips (unchanged). When > 5, a `+ N more` expand
  button reveals the rest of the sample; when total exceeds the
  10-row cap, a subtle `(+M beyond sample)` note appears.
- When total ≥ 20, a red `ROTATION · N` tag renders leading the
  row with a tooltip explaining the semantic: "almost certainly
  XFF-rotation / WAF-bypass probing, not a real attribution leak."

DB churn is deliberately not capped — 100k rows × ~500 B is tolerable.
If it becomes a problem we can add an ingester-side count-and-skip;
for now the UX fix is the whole story.

Added test_ip_leaks_total_reported_separately_from_list asserting
the endpoint shape matches what the UI consumes.

decnet/web/db/repository.py

@@ -258,12 +258,20 @@ class BaseRepository(ABC):
         raise NotImplementedError
 
     async def get_attacker_ip_leaks(
-        self, attacker_uuid: str
+        self, attacker_uuid: str, *, limit: int = 10,
     ) -> list[dict[str, Any]]:
-        """Return ``bounty_type='ip_leak'`` rows for the attacker, newest
-        first. Each row's payload carries the TCP source IP, the header
-        that leaked, and the claimed real IP — see the XFF-mismatch
-        extractor in ``decnet.web.ingester`` for the shape."""
+        """Return up to ``limit`` ``bounty_type='ip_leak'`` rows for the
+        attacker, newest first. Each row's payload carries the TCP
+        source IP, the header that leaked, and the claimed real IP —
+        see the XFF-mismatch extractor in ``decnet.web.ingester`` for
+        the shape. Caller pairs with :meth:`count_attacker_ip_leaks`
+        to detect XFF-rotation (100+ claimed IPs from one source)."""
+        raise NotImplementedError
+
+    async def count_attacker_ip_leaks(self, attacker_uuid: str) -> int:
+        """Total number of ``ip_leak`` bounties recorded for this
+        attacker. Used to detect XFF-rotation signal where the attacker
+        cycles through many claimed IPs (WAF-bypass-list probing)."""
         raise NotImplementedError
 
     @abstractmethod

decnet/web/db/sqlmodel_repo.py

@@ -908,12 +908,14 @@ class SQLModelRepository(BaseRepository):
             return [(svc, evt) for svc, evt in rows.all()]
 
     async def get_attacker_ip_leaks(
-        self, attacker_uuid: str
+        self, attacker_uuid: str, *, limit: int = 10,
     ) -> list[dict[str, Any]]:
         """Return ``bounty_type='ip_leak'`` rows for this attacker, newest
-        first.  Shape matches the XFF-mismatch payload emitted by the
-        ingester: keys include ``real_ip_claim``, ``source_header``,
-        ``headers_seen``, ``path``, ``method``."""
+        first, capped at ``limit``. Shape matches the XFF-mismatch
+        payload emitted by the ingester: keys include ``real_ip_claim``,
+        ``source_header``, ``headers_seen``. Use
+        :meth:`count_attacker_ip_leaks` to get the unbounded total for
+        rotation detection."""
         async with self._session() as session:
             ip_res = await session.execute(
                 select(Attacker.ip).where(Attacker.uuid == attacker_uuid)
@@ -926,6 +928,7 @@ class SQLModelRepository(BaseRepository):
                 .where(Bounty.attacker_ip == ip)
                 .where(Bounty.bounty_type == "ip_leak")
                 .order_by(desc(Bounty.timestamp))
+                .limit(limit)
             )
             out: list[dict[str, Any]] = []
             for row in rows.scalars().all():
@@ -940,6 +943,22 @@ class SQLModelRepository(BaseRepository):
                 out.append(rec)
             return out
 
+    async def count_attacker_ip_leaks(self, attacker_uuid: str) -> int:
+        """Cheap COUNT(*) for XFF-rotation detection."""
+        async with self._session() as session:
+            ip_res = await session.execute(
+                select(Attacker.ip).where(Attacker.uuid == attacker_uuid)
+            )
+            ip = ip_res.scalar_one_or_none()
+            if not ip:
+                return 0
+            count_res = await session.execute(
+                select(func.count(Bounty.id))
+                .where(Bounty.attacker_ip == ip)
+                .where(Bounty.bounty_type == "ip_leak")
+            )
+            return int(count_res.scalar() or 0)
+
     async def get_attacker_artifacts(self, uuid: str) -> list[dict[str, Any]]:
         """Return `file_captured` logs for the attacker identified by UUID.
 

decnet/web/router/attackers/api_get_attacker_detail.py

@@ -35,7 +35,10 @@ async def get_attacker_detail(
     pairs = await repo.get_attacker_service_activity(uuid)
     attacker["service_activity"] = bucket_services(pairs)
     # Attribution leaks — XFF / Forwarded / X-Real-IP mismatches captured
-    # by the HTTP bounty extractor. Empty list when no HTTP interaction
-    # or no mismatch.
-    attacker["ip_leaks"] = await repo.get_attacker_ip_leaks(uuid)
+    # by the HTTP bounty extractor. Cap the returned list at 10 so a
+    # rotation attack (100s of forged XFF values) doesn't flood the UI;
+    # `ip_leaks_total` carries the unbounded count so the UI can render
+    # a ROTATION DETECTED badge when the count crosses a threshold.
+    attacker["ip_leaks"] = await repo.get_attacker_ip_leaks(uuid, limit=10)
+    attacker["ip_leaks_total"] = await repo.count_attacker_ip_leaks(uuid)
     return attacker