chore(v1.100.1b.C1): delete GOTH orphan Go packages#501
Merged
Conversation
Removes the 5 packages that became orphaned-but-still-compiling after 1.100.1b.B deleted cmd/nftban-ui, cmd/nftban-ui-auth, internal/ui: - internal/api/ (35 files, ~9.4k LOC) - internal/middleware/ (3 files, ~932 LOC) - internal/auth/ (2 files, ~457 LOC) - internal/session/ (1 file, ~219 LOC) - internal/authproto/ (1 file, ~53 LOC) These 5 packages form a closed dependency subgraph: every cross-edge is internal to the set, and zero non-self packages import any of them. The single outside reference (cmd/nftband/daemon_http.go:82) is a TODO comment, not an import. Verified: `go build ./...` is expected to remain clean — no other binary (nftban-core, nftband, nftban-installer, nftban-validate) imports these packages. Tests removed with their packages: - internal/api/handlers_logs_test.go - internal/api/helpers_test.go - internal/middleware/rate_limiter_test.go Out of scope for C1 (deferred to C2): - internal/nftbanconf/ UIService field removals - cli/lib/cmd_*.sh nftban-ui carveouts + cli/cmd_ui.sh dead-file delete - internal/installer/ UI socket/payload/path carveouts - packaging/ (rpm spec, deb rules, build_nftban.sh) carveouts Lifecycle completion lane (PR-25..PR-30) remains explicitly OPEN. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
Mechanical fallout: removes the 2 GOTH dependencies that were only imported by the deleted orphan packages. - github.com/golang-jwt/jwt/v5 v5.3.1 (was used by internal/auth) - github.com/gorilla/mux v1.8.1 (was used by internal/api) go.mod: -2 lines | go.sum: -4 lines | no behavior change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
itcmsgr
added a commit
that referenced
this pull request
Apr 27, 2026
CI Policy Gates fired on PR #503 because: - build/fhs-spec.yaml is the source-of-truth that drives build/generate-fhs-outputs.sh - I had manually pre-edited the generated outputs (fhs_directories.json and nftban_fhs_spec.sh) to drop /run/nftban-ui, but missed the YAML source — so the regenerator was emitting the entry back. - This commit removes /run/nftban-ui from the YAML and runs the regenerator, which also drops the matching tmpfiles directive (d /run/nftban-ui 0755 root nftban -). Net mechanical fallout of 1.100.1b.D2 (parallel to the go mod tidy convergence fixes on PRs #500 / #501). After this commit, regenerator output matches committed state (verified locally: ./build/generate-fhs-outputs.sh is a no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
itcmsgr
added a commit
that referenced
this pull request
Apr 27, 2026
#503) * chore(v1.100.1b.D2): cli/lib core — drop GOTH UI health checks + FHS entry Removes the UI/auth health check + FHS spec entries that became orphan after 1.100.1b.A retired the Web GUI surface. cli/lib/nftban/core/nftban_health.sh: - drop nftban_health_check_gui call site from main check loop - drop matching export - drop nftban-ui.service from optional_services[] - drop /usr/lib/nftban/bin/nftban-ui + nftban-ui-auth from optional_binaries[] (now empty array) - drop nftban-ui from optional_bins[] cli/lib/nftban/core/nftban_health_checks_integrations.sh: - delete nftban_health_check_gui() function in full (199 lines) The function inspected /usr/sbin/nftban-ui binary, GUI service state, /run/nftban-ui auth socket dir, /run/nftban-ui/auth.sock, nftban-ui-auth.service — every target deleted in earlier C2 work. - drop matching export - update header purpose comment (drop "gui" from list) cli/lib/nftban/core/nftban_health_checks_security.sh: - drop nftban-ui.service from systemd-analyze key_services list cli/lib/nftban/core/nftban_fhs_spec.sh: - drop /run/nftban-ui from NFTBAN_FHS_DIRECTORIES (was the auth socket directory; no longer created by tmpfiles after C2 removed the staging entry). cli/lib/nftban/exporters/: - delete nftban_exporter_gui_cache.sh in full — generated UI-only cache files (traffic_history.json, dropped_by_country.json, dropped_by_port.json) that the retired Web GUI consumed. - drop the matching source + generate_gui_cache_files call from nftban_unified_exporter_collect.sh (the only sourcing site). Verified on lab2: go build ./... clean, go test ./internal/... all pass with etc/ shipped, go mod tidy no-op, bash -n clean on all edited shell files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): cli/lib JSON registries — drop UI surface entries Removes registry entries that referenced the retired Web GUI surface. cli/lib/nftban/data/fhs_directories.json: - drop /run/nftban-ui directory entry (the GUI/API runtime socket directory; no longer created by any installer/tmpfiles path). cli/lib/nftban/data/config-schema.json: - drop NFTBAN_UI_BIN property - drop NFTBAN_AUTH_BIN property - drop NFTBAN_SERVICE_UI property cli/lib/nftban/data/reports-registry.json: - drop the "api" channel entry (depended on nftban-ui.service for its base_endpoint /api/v1/; no daemon serves this endpoint anymore after the Web GUI retirement). Verified: all 3 JSON files parse clean (json.load). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): CI workflows — drop obsolete templ + libpam steps After 1.100.1b.B/C1/C2 deleted all .templ files, _templ.go generated files, msteinert/pam/v2 imports, and PAM-using packages, the templ-install + libpam0g-dev apt-install steps in CI workflows are pure dead steps. Verified: zero .templ / _templ.go / "C" / msteinert/pam references remain in tree (across cmd/, internal/, pkg/). Removed steps: - ci-go.yml: templ install/generate/verify + libpam0g-dev install - build-packages.yml: templ install + libpam0g-dev install - ci-smoke.yml: templ install/generate + libpam0g-dev (kept nftables, jq) - codeql.yml: templ install/generate + libpam0g-dev install - secure-go.yml: templ install/generate + libpam0g-dev install - osv-scanner.yml: libpam0g-dev install + matching comment - project-health.yml: templ install/generate + libpam0g-dev (kept shellcheck/shfmt/yamllint/jq/devscripts/nftables) - release.yml: libpam0g-dev install + 2 decommission comments - slsa-go-releaser.yml: 3 decommission comments - ci-runtime-truth.yml: refresh templ-stub comments to reflect CGO-required (not templ-required) reasoning CGO build flags preserved (still required transitively by nftban-core + nftband; verified by go build ./... on lab2). Also: CHANGELOG entry under [Unreleased] documenting D as the closing phase of the GOTH/UI removal track. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(v1.100.1b.D2): FHS YAML + tmpfiles — close the regenerator gap CI Policy Gates fired on PR #503 because: - build/fhs-spec.yaml is the source-of-truth that drives build/generate-fhs-outputs.sh - I had manually pre-edited the generated outputs (fhs_directories.json and nftban_fhs_spec.sh) to drop /run/nftban-ui, but missed the YAML source — so the regenerator was emitting the entry back. - This commit removes /run/nftban-ui from the YAML and runs the regenerator, which also drops the matching tmpfiles directive (d /run/nftban-ui 0755 root nftban -). Net mechanical fallout of 1.100.1b.D2 (parallel to the go mod tidy convergence fixes on PRs #500 / #501). After this commit, regenerator output matches committed state (verified locally: ./build/generate-fhs-outputs.sh is a no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Deletes the 5 Go packages that became orphaned-but-still-compiling after 1.100.1b.B (PR #500) removed
cmd/nftban-ui,cmd/nftban-ui-auth, andinternal/ui.Why this is safe
These 5 packages form a closed dependency subgraph:
```
internal/api ──┬─ internal/middleware ── internal/auth ── internal/authproto
├─ internal/auth (direct)
└─ internal/session
```
Scope discipline (C1 + C2 split, locked 2026-04-26)
C1 (this PR): Pure Go orphan-package delete only. Smallest proof step. Same successful pattern as 1.100.1b.B (#500).
C2 (next PR, after this merges):
1.100.1b.D (later): workflow comment cleanup, doc cleanup, changelog narrative cleanup.
Lifecycle completion lane (PR-25–PR-30): remains explicitly OPEN — not folded into stabilization.
Test plan
🤖 Generated with Claude Code