anti 5415e98458 sec(api): mode-gate and eager-load JWT secret in lifespan ...

Refuse to start decnet.web.api when DECNET_MODE=agent (unless the
operator explicitly opts into dual-role with DECNET_DISALLOW_MASTER=
false). The Typer CLI already hides master-only commands on agents,
but a misconfigured systemd unit or a direct uvicorn invocation
would bypass that — now the lifespan itself refuses, before any
worker, DB or bus comes up.

Resolve DECNET_JWT_SECRET eagerly at startup so a missing or known-
bad value fails at boot rather than on the first auth-gated request.
The lazy-load shape stays useful for non-master CLIs.

2026-04-27 21:26:03 -04:00

..

db

feat(realism): operator-tunable planner weights via realism_config

2026-04-27 18:00:08 -04:00

router

feat(realism): operator-tunable planner weights via realism_config

2026-04-27 18:00:08 -04:00

services

feat(web): add systemd_control helper for worker unit management

2026-04-22 14:08:35 -04:00

templates

feat(swarm): unbundle master-only code from agent tarball + sync systemd units on update

2026-04-19 19:19:17 -04:00

_uvicorn_tls_scope.py

fix(swarm): inject peer cert into ASGI scope for uvicorn <= 0.44

2026-04-19 22:09:11 -04:00

api.py

sec(api): mode-gate and eager-load JWT secret in lifespan

2026-04-27 21:26:03 -04:00

auth.py

perf: run bcrypt on a thread so it doesn't block the event loop

2026-04-17 14:52:22 -04:00

dependencies.py

chores: fix linting

2026-04-18 06:46:10 -04:00

ingester.py

feat(correlation): credential-reuse engine + reuse-correlate worker

2026-04-26 03:37:49 -04:00

limiter.py

fix(stress): unblock Locust runs from login rate-limit self-DoS

2026-04-24 00:13:15 -04:00

sse_limits.py

feat(api/sse): per-user connection cap + viewer-safe invariant

2026-04-24 15:01:20 -04:00

swarm_api.py

fix(swarm): inject peer cert into ASGI scope for uvicorn <= 0.44

2026-04-19 22:09:11 -04:00

worker_registry.py

feat(workers): surface clusterer, campaign-clusterer, reconciler in panel

2026-04-26 21:31:34 -04:00