Conversation
Per 1.100.1b.B narrow boundary (locked 2026-04-26 after read-only breakage-map scoping pass): zero non-self Go consumers, zero compile- survival edits required. Files removed: cmd/nftban-ui/main.go (474 LOC) cmd/nftban-ui/handlers/goth.go (3,408 LOC) cmd/nftban-ui/handlers/metrics_handlers.go (1,284 LOC) cmd/nftban-ui/handlers/settings_handlers.go (671 LOC) cmd/nftban-ui/handlers/settings_handlers_test.go (396 LOC) cmd/nftban-ui/handlers/sse_handlers.go (359 LOC) cmd/nftban-ui/handlers/chart_handlers.go (187 LOC) cmd/nftban-ui/disable-dev-mode.sh (script) cmd/nftban-ui/enable-dev-mode.sh (script) Total: 9 files, ~6,779 LOC + 2 dev-mode shell scripts. The packages internal/api, internal/middleware, internal/auth, internal/session, internal/authproto become orphaned-but-still- compiling; their deletion is deferred to 1.100.1b.C. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per 1.100.1b.B narrow boundary: zero non-self Go consumers, zero compile-survival edits required. Files removed: cmd/nftban-ui-auth/main.go (249 LOC) cmd/nftban-ui-auth was the PAM-backed authentication daemon that served the Web GUI. Its imports of internal/auth + internal/authproto leave with this delete; the packages themselves become orphaned-but- still-compiling (they have other internal callers via internal/api + internal/middleware) and are deferred to 1.100.1b.C. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per 1.100.1b.B narrow boundary: only cmd/nftban-ui imported this
package; that consumer was deleted in the prior commit on this branch.
Now zero callers, zero compile-survival edits required.
Files removed:
internal/ui/types.go (1,185 LOC)
internal/ui/layout.templ + _templ (~1,000 LOC compiled)
internal/ui/pages/ (7 pages: health, metrics, modules, network,
system, whitelist, settings — both .templ and
generated _templ.go pairs)
internal/ui/components/ (templ component subtree)
internal/ui/ui-registry.json (UI route registry)
Total: 34 files, ~23,894 LOC.
This is the largest single deletion of v1.100.1b.B by LOC count.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Document the 3-directory narrow source delete: cmd/nftban-ui (~6,947 LOC), cmd/nftban-ui-auth (249 LOC), internal/ui (~23,894 LOC). Total ~31,090 LOC removed across 44 files. Note that orphaned-but-still-compiling packages (internal/api, internal/middleware, internal/auth, internal/session, internal/authproto) remain for 1.100.1b.C, and lifecycle completion (PR-25-30) remains explicitly open. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
Removed dependencies that were only used by the deleted GOTH UI surface: - github.com/a-h/templ (templ rendering — used by internal/ui) - github.com/msteinert/pam/v2 (PAM bindings — used by cmd/nftban-ui-auth) Plus go.sum lines for transitively-removed deps (76 → 70 lines). Mechanical fallout from the source-tree delete in this same PR. No new dependencies added; no version bumps. Verified via `go mod tidy` on lab2 (Go 1.25.0). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
itcmsgr
force-pushed
the
chore/v1.100.1b.B-delete-goth-source-trees
branch
from
1630fe2 to
15dc19e
Compare
Mechanical fallout of cmd/nftban-ui + cmd/nftban-ui-auth + internal/ui deletion. Removes the build-graph references that no longer exist: - linux-pam-dev (build) — only required by nftban-ui-auth - go install templ + templ generate — only generated internal/ui/*.templ - go build ./cmd/nftban-ui — directory deleted - linux-pam (runtime) — only required by nftban-ui-auth - COPY /out/nftban-ui — binary no longer built No general Docker refactor; no image slimming beyond stale-line removal; no behavior change for nftban-core or nftband. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
10 tasks
itcmsgr
added a commit
that referenced
this pull request
Apr 27, 2026
CI Policy Gates fired on PR #503 because: - build/fhs-spec.yaml is the source-of-truth that drives build/generate-fhs-outputs.sh - I had manually pre-edited the generated outputs (fhs_directories.json and nftban_fhs_spec.sh) to drop /run/nftban-ui, but missed the YAML source — so the regenerator was emitting the entry back. - This commit removes /run/nftban-ui from the YAML and runs the regenerator, which also drops the matching tmpfiles directive (d /run/nftban-ui 0755 root nftban -). Net mechanical fallout of 1.100.1b.D2 (parallel to the go mod tidy convergence fixes on PRs #500 / #501). After this commit, regenerator output matches committed state (verified locally: ./build/generate-fhs-outputs.sh is a no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
itcmsgr
added a commit
that referenced
this pull request
Apr 27, 2026
#503) * chore(v1.100.1b.D2): cli/lib core — drop GOTH UI health checks + FHS entry Removes the UI/auth health check + FHS spec entries that became orphan after 1.100.1b.A retired the Web GUI surface. cli/lib/nftban/core/nftban_health.sh: - drop nftban_health_check_gui call site from main check loop - drop matching export - drop nftban-ui.service from optional_services[] - drop /usr/lib/nftban/bin/nftban-ui + nftban-ui-auth from optional_binaries[] (now empty array) - drop nftban-ui from optional_bins[] cli/lib/nftban/core/nftban_health_checks_integrations.sh: - delete nftban_health_check_gui() function in full (199 lines) The function inspected /usr/sbin/nftban-ui binary, GUI service state, /run/nftban-ui auth socket dir, /run/nftban-ui/auth.sock, nftban-ui-auth.service — every target deleted in earlier C2 work. - drop matching export - update header purpose comment (drop "gui" from list) cli/lib/nftban/core/nftban_health_checks_security.sh: - drop nftban-ui.service from systemd-analyze key_services list cli/lib/nftban/core/nftban_fhs_spec.sh: - drop /run/nftban-ui from NFTBAN_FHS_DIRECTORIES (was the auth socket directory; no longer created by tmpfiles after C2 removed the staging entry). cli/lib/nftban/exporters/: - delete nftban_exporter_gui_cache.sh in full — generated UI-only cache files (traffic_history.json, dropped_by_country.json, dropped_by_port.json) that the retired Web GUI consumed. - drop the matching source + generate_gui_cache_files call from nftban_unified_exporter_collect.sh (the only sourcing site). Verified on lab2: go build ./... clean, go test ./internal/... all pass with etc/ shipped, go mod tidy no-op, bash -n clean on all edited shell files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): cli/lib JSON registries — drop UI surface entries Removes registry entries that referenced the retired Web GUI surface. cli/lib/nftban/data/fhs_directories.json: - drop /run/nftban-ui directory entry (the GUI/API runtime socket directory; no longer created by any installer/tmpfiles path). cli/lib/nftban/data/config-schema.json: - drop NFTBAN_UI_BIN property - drop NFTBAN_AUTH_BIN property - drop NFTBAN_SERVICE_UI property cli/lib/nftban/data/reports-registry.json: - drop the "api" channel entry (depended on nftban-ui.service for its base_endpoint /api/v1/; no daemon serves this endpoint anymore after the Web GUI retirement). Verified: all 3 JSON files parse clean (json.load). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): CI workflows — drop obsolete templ + libpam steps After 1.100.1b.B/C1/C2 deleted all .templ files, _templ.go generated files, msteinert/pam/v2 imports, and PAM-using packages, the templ-install + libpam0g-dev apt-install steps in CI workflows are pure dead steps. Verified: zero .templ / _templ.go / "C" / msteinert/pam references remain in tree (across cmd/, internal/, pkg/). Removed steps: - ci-go.yml: templ install/generate/verify + libpam0g-dev install - build-packages.yml: templ install + libpam0g-dev install - ci-smoke.yml: templ install/generate + libpam0g-dev (kept nftables, jq) - codeql.yml: templ install/generate + libpam0g-dev install - secure-go.yml: templ install/generate + libpam0g-dev install - osv-scanner.yml: libpam0g-dev install + matching comment - project-health.yml: templ install/generate + libpam0g-dev (kept shellcheck/shfmt/yamllint/jq/devscripts/nftables) - release.yml: libpam0g-dev install + 2 decommission comments - slsa-go-releaser.yml: 3 decommission comments - ci-runtime-truth.yml: refresh templ-stub comments to reflect CGO-required (not templ-required) reasoning CGO build flags preserved (still required transitively by nftban-core + nftband; verified by go build ./... on lab2). Also: CHANGELOG entry under [Unreleased] documenting D as the closing phase of the GOTH/UI removal track. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): FHS YAML + tmpfiles — close the regenerator gap CI Policy Gates fired on PR #503 because: - build/fhs-spec.yaml is the source-of-truth that drives build/generate-fhs-outputs.sh - I had manually pre-edited the generated outputs (fhs_directories.json and nftban_fhs_spec.sh) to drop /run/nftban-ui, but missed the YAML source — so the regenerator was emitting the entry back. - This commit removes /run/nftban-ui from the YAML and runs the regenerator, which also drops the matching tmpfiles directive (d /run/nftban-ui 0755 root nftban -). Net mechanical fallout of 1.100.1b.D2 (parallel to the go mod tidy convergence fixes on PRs #500 / #501). After this commit, regenerator output matches committed state (verified locally: ./build/generate-fhs-outputs.sh is a no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Third step of v1.100.x stabilization train. GOTH PR-D4 stage 2 — narrow source delete of the 3 directories with zero non-self Go consumers.
Scope (locked narrow boundary, 2026-04-26)
Deletes only:
cmd/nftban-ui/(~6,947 LOC, 9 files)cmd/nftban-ui-auth/(249 LOC, 1 file)internal/ui/(~23,894 LOC, 34 files)Total: 44 source files, 31,072 LOC deleted. Plus 18 lines added (CHANGELOG entry).
Why narrow
A read-only breakage map (2026-04-26) showed these 3 directories are the only ones with zero non-self Go consumers. Deleting them needs zero compile-survival edits.
The other 5 packages originally listed for 1.100.1b.B (
internal/auth,internal/session,internal/authproto, plus the orphaned-by-cmd/nftban-ui-deletioninternal/apiandinternal/middleware) still have inter-package import chains and are intentionally deferred to 1.100.1b.C alongside the cross-cutting cleanup ofcli/lib/,internal/installer/,internal/nftbanconf/.This keeps the split-discipline established for the v1.100.x stabilization train: each step is "clean delete + minimal risk," not mixed cleanup.
Build status (pre-push verified)
go build ./...passes after these deletes. The orphaned-but-still-compiling packages (internal/api,internal/middleware,internal/auth,internal/session,internal/authproto) retain their internal dependency graph and compile fine even with zero external callers. Their dead-code closure is C's job.Out of scope (deliberately deferred)
internal/api/— orphaned-but-compiling; deferred to 1.100.1b.Cinternal/middleware/— orphaned-but-compiling; deferred to 1.100.1b.Cinternal/auth/— has internal/api + internal/middleware as callers; deferred to Cinternal/session/— has internal/api + internal/middleware as callers; deferred to Cinternal/authproto/— has internal/auth as caller; deferred to Ccli/lib/shell modules with 17 nftban-ui references — deferred to 1.100.1b.Cinternal/installer/(4 files) andinternal/nftbanconf/(3 files) UI references — deferred to 1.100.1b.CCommit sequence
chore(goth): delete cmd/nftban-ui/ source tree(6,947 LOC)chore(goth): delete cmd/nftban-ui-auth/ source tree(249 LOC)chore(goth): delete internal/ui/ package(23,894 LOC)docs(changelog): v1.100.1b.B — GOTH PR-D4 stage 2Each delete is independently revertable.
Test plan
Build & Testgreen (go build ./...succeeds)Build NFTBan Packagesgreen (DEB ×4 + RPM ×2)Install CanonizationgreenUninstall CanonizationgreenUpdate CanonizationgreenRestore Canonization Gategreen (PR-24 surfaces untouched)🤖 Generated with Claude Code