chore: relicense to AGPL-3.0-or-later and add SPDX headers

Replaces LICENSE (GPLv3 -> AGPLv3) and prepends
`SPDX-License-Identifier: AGPL-3.0-or-later` to every source file
across decnet/, decnet_web/, tests/, scripts/, and tools/.

Rationale: closes the GPLv3 ASP loophole so any party operating a
modified DECNET as a network service must offer their modified
source. Personal copyright (Samuel Paschuan) + inbound=outbound
contributions make a future unilateral relicense infeasible.

- LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt)
- COPYRIGHT: project copyright notice
- tools/add_spdx_headers.py: idempotent header injector
  (shebang- and PEP 263-aware)

Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh).
No behavior change; comments only.

decnet/web/db/sqlmodel_repo/__init__.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """
 Shared SQLModel-based repository implementation.
 

decnet/web/db/sqlmodel_repo/_helpers.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Module-level session helpers shared by every repository mixin.
 
 ``_safe_session`` and ``_detach_close`` make session cleanup robust under

decnet/web/db/sqlmodel_repo/attacker_intel.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Attacker-intel domain methods.
 
 Owns reads/writes for ``AttackerIntel`` rows: per-attacker enrichment

decnet/web/db/sqlmodel_repo/attackers/__init__.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Attacker repository methods.
 
 Per-concern submixins composed onto ``AttackersMixin``. The legacy

decnet/web/db/sqlmodel_repo/attackers/_core.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Core ``Attacker`` row CRUD + the ``_deserialize_attacker`` helper.
 
 The helper lives here because sibling submixins and ``IdentitiesMixin``

decnet/web/db/sqlmodel_repo/attackers/activity.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Log-derived activity views: commands, service activity, IP leaks,
 artifacts, stored mail, recorded sessions, transcripts.
 

decnet/web/db/sqlmodel_repo/attackers/behavior.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Per-attacker behavior signals (TCP fingerprint, timing stats, phase
 sequence, tool guesses, KEX order, SSH client banners)."""
 from __future__ import annotations

decnet/web/db/sqlmodel_repo/attackers/smtp.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """SMTP victim-domain tracking (per-attacker counters and
 cross-attacker aggregate)."""
 from __future__ import annotations

decnet/web/db/sqlmodel_repo/attribution.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Repo mixin for the ``attribution_state`` table + identity stub
 materialisation.
 

decnet/web/db/sqlmodel_repo/auth.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """User CRUD."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/bounties.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Bounty CRUD + the global purge helper that wipes logs/bounties/credentials/attackers together."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/campaigns.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Campaign reads + writes.
 
 Campaign = the second-tier clustering output that groups multiple

decnet/web/db/sqlmodel_repo/canary.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Canary blob/token CRUD + trigger ingestion."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/credentials/__init__.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Credential capture + credential-reuse correlation.
 
 Capture (per-attempt rows) lives in ``_core.py``; the reuse correlator

decnet/web/db/sqlmodel_repo/credentials/_core.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Credential capture: per-attempt rows in the ``Credential`` table."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/credentials/reuse.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Credential-reuse correlation: ``CredentialReuse`` finding rows that
 group ``Credential`` attempts sharing the same (secret_sha256,
 secret_kind, principal) triple."""

decnet/web/db/sqlmodel_repo/deckies.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Decky-shard CRUD (per-host shard registrations)."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/decky_lifecycle.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """DeckyLifecycle CRUD + sweep.
 
 One row per (decky, operation) attempt.  States: pending → running →

decnet/web/db/sqlmodel_repo/fleet.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Fleet decky CRUD + cross-source running-decky aggregator."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/identities.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """AttackerIdentity reads + writes.
 
 Identity = the clustering output that groups multiple ``Attacker`` rows

decnet/web/db/sqlmodel_repo/logs.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Log ingestion, query, and the stats summary endpoint.
 
 ``get_log_histogram`` is the per-dialect override point; the abstract

decnet/web/db/sqlmodel_repo/observations.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Repo mixin for the ``observations`` table.
 
 Composed onto :class:`SQLModelRepository`. Three public methods:

decnet/web/db/sqlmodel_repo/observed_attachments.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Repo mixin for the ``observed_attachments`` table.
 
 Composed onto :class:`SQLModelRepository` alongside the existing

decnet/web/db/sqlmodel_repo/orchestrator.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Orchestrator event log + email log + per-pool prune helpers."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/realism.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Synthetic-file CRUD + realism config key/value store."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/swarm.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Swarm host CRUD."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/tarpit.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Tarpit rule CRUD."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/topology/__init__.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """MazeNET topology repository methods.
 
 The full domain spans ~700 lines of methods across topologies, LANs,

decnet/web/db/sqlmodel_repo/topology/_core.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Topology table CRUD + the optimistic-locking helpers that the
 sibling LAN / decky / edge / mutation mixins call through MRO."""
 from __future__ import annotations

decnet/web/db/sqlmodel_repo/topology/deckies.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Topology decky CRUD + the running-decky listing the fleet aggregator
 calls through MRO."""
 from __future__ import annotations

decnet/web/db/sqlmodel_repo/topology/edges.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Topology edge CRUD + status-event log."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/topology/lans.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """LAN CRUD within a topology."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/topology/mutations.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Live-reconciler mutation queue: enqueue + atomic claim + state writes."""
 from __future__ import annotations
 

decnet/web/db/sqlmodel_repo/ttp.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """TTP-tagging repository — ``ttp_tag`` reads + idempotent inserts.
 
 Implementation phase E.3.3 of ``development/TTP_TAGGING.md``. The

decnet/web/db/sqlmodel_repo/webhooks.py

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
 """Webhook subscription CRUD + delivery bookkeeping."""
 from __future__ import annotations