From 201023ed17d9c645018ade334344a4874905386d Mon Sep 17 00:00:00 2001
From: anti <samuel@securejump.cl>
Date: Sun, 19 Apr 2026 00:23:25 -0400
Subject: [PATCH] docs(swarm): added

---
 SWARM-Mode.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/SWARM-Mode.md b/SWARM-Mode.md
index 0eea475..b2c62da 100644
--- a/SWARM-Mode.md
+++ b/SWARM-Mode.md
@@ -240,6 +240,10 @@ decnet swarm enroll \
      --out-dir /tmp/decky-vm-bundle
 ```
 
+Add `--updater` to also issue a second bundle for the remote-update
+daemon (see [Remote-Updates](Remote-Updates)); the updater bundle lands
+in `/tmp/decky-vm-bundle-updater/`.
+
 `--name` is the worker's DECNET identity — it becomes the cert CN and the
 `source_worker` tag on every log line forwarded from that host. Pick names
 you can grep for. Must be unique; re-enrolling the same name is rejected.
@@ -441,6 +445,21 @@ Synchronously polls every active/enrolled agent's `/health`. On success,
 flips status to `active` and stamps `last_heartbeat`. On failure, flips to
 `unreachable` and records the error.
 
+### `decnet swarm deckies`
+
+Lists every deployed decky across the swarm, joined with its owning worker
+host's identity. `swarm list` answers *which workers are enrolled*; this
+answers *which deckies are running and where*.
+
+```
+--host <name|uuid>  Filter to a single worker (name is looked up → uuid).
+--state <state>     Filter by shard state: pending | running | failed | torn_down.
+--json              Emit JSON, not a table.
+```
+
+Columns: `decky`, `host`, `address`, `state`, `services`. State is colored
+(green=running, red=failed, yellow=pending, dim=torn_down).
+
 ### `decnet swarm decommission`
 
 Marks a host `decommissioned` in the repo, tears down any running deckies
@@ -506,6 +525,14 @@ cannot impersonate another worker's name.
 
 ## Operational concerns
 
+### Pushing code updates without SSH
+
+Once enrolled with `--updater`, the master can push new code to workers
+over mTLS — no more `scp`/`sshpass` cycles. See
+[Remote-Updates](Remote-Updates) for the `decnet swarm update` command,
+auto-rollback semantics, and the `--include-self` opt-in for upgrading
+the updater itself.
+
 ### Master crash / restart
 
 Kill the listener mid-shipment. The forwarder detects the dropped