anti b27332169d feat(init): create /var/lib/decnet/artifacts with setgid + group-write ...

DEBT-035 step 2. Today the artifacts subtree is auto-created by
Docker as root when a decoy container's bind-mount fires for the
first time. The resulting permissions are root:root 0o755 — the API
process (running as the decnet user) hits PermissionError trying to
read transcripts written by the container, and the soft-fail 404
path gets exercised on every fresh deploy.

Add `/var/lib/decnet/artifacts` to init's dirs list with mode 0o2775:

* 0o2000 — setgid bit. New files inherit the directory's group
  (decnet), regardless of which uid created them. This is the load-
  bearing bit for cross-container reads.
* 0o0775 — owner+group rwx, world rx. Group-write lets the API
  process and the local TTP worker read each other's outputs
  without a manual chown.

`_ensure_dir` already respects the full mode word via `os.chmod`,
no helper change needed.

Test asserts the resulting directory carries exactly 0o2775 after
a fresh `decnet init --prefix`. Defence-in-depth: this works even
if the per-decoy compose `user:` directive (next commit) misses a
template — files still land in the decnet group.

2026-05-02 19:35:20 -04:00

..

__init__.py

feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI

2026-05-02 01:35:17 -04:00

agent.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

api.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

bus.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

canary.py

feat(canary): ship Node helper with wheel + install-toolchain CLI

2026-04-29 16:53:27 -04:00

db.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

deploy.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

forwarder.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

gating.py

feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI

2026-05-02 01:35:17 -04:00

geoip.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

init.py

feat(init): create /var/lib/decnet/artifacts with setgid + group-write

2026-05-02 19:35:20 -04:00

inventory.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

lifecycle.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

listener.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

orchestrator.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

profiler.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

realism.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

reconciler.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

sniffer.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

swarm.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

swarmctl.py

feat(config): add swarmctl-host to INI, env, CLI; drop hardcoded bind from systemd unit

2026-04-30 22:16:00 -04:00

topology.py

refactor(topology): introduce TopologyRepository protocol with DTO return types

2026-04-30 23:51:41 -04:00

ttp.py

feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI

2026-05-02 01:35:17 -04:00

updater.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

utils.py

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

web.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

webhook.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

workers.py

feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI

2026-05-02 01:35:17 -04:00