Refactor backend services and jail configuration

- Refactor action_config_service, filter_config_service, jail_config_service, and jail_service
- Add jail_socket utility module for socket communication
- Update test_jail_service with new test cases
- Update architecture and task documentation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Docs/Architekture.md

@@ -252,6 +252,7 @@ Pure helper modules with no framework dependencies.
 | Module | Purpose |
 |---|---|
 | `fail2ban_client.py` | Async client that communicates with fail2ban via its Unix domain socket — sends commands and parses responses using the fail2ban protocol. Modelled after [`./fail2ban-master/fail2ban/client/csocket.py`](../fail2ban-master/fail2ban/client/csocket.py) and [`./fail2ban-master/fail2ban/client/fail2banclient.py`](../fail2ban-master/fail2ban/client/fail2banclient.py). |
+| `jail_socket.py` | Low-level jail reload operations (`reload_all`) extracted to break service dependencies. Used by `jail_service`, `jail_config_service`, `action_config_service`, and `filter_config_service` to avoid circular imports between sibling services. |
 | `ip_utils.py` | Validates IPv4/IPv6 addresses and CIDR ranges using the `ipaddress` stdlib module, normalises formats |
 | `jail_utils.py` | Jail helper functions for configuration and status inference |
 | `jail_config.py` | Jail config parser and serializer for fail2ban config manipulation |
@@ -774,6 +775,7 @@ These principles govern all architectural decisions in BanGUI.
 | Principle | Application |
 |---|---|
 | **Separation of Concerns** | Frontend and backend are independent. Backend layers (router → service → repository) never mix responsibilities. |
+| **Service Independence** | Services must not import other services at the same layer (e.g., `jail_config_service` must not import `jail_service`). Shared logic belongs in the utils layer (`app/utils/`). This prevents circular dependencies, improves testability, and keeps each service focused on its domain. |
 | **Single Responsibility** | Each module, service, and component has one well-defined job. |
 | **Dependency Inversion** | Services depend on abstractions (protocols), not concrete implementations. FastAPI `Depends()` wires everything. |
 | **Async Everything** | All I/O is non-blocking. No synchronous database, HTTP, or socket calls anywhere in the backend. |

Docs/Tasks.md

@@ -1,26 +1,3 @@
-### T-06 · Eliminate `AppState` Protocol / `ApplicationContext` dataclass redundancy
-
-**Where found:** `backend/app/dependencies.py` — `AppState` Protocol (lines ~40–60) and `ApplicationContext` dataclass (lines ~62–75) describe identical fields.
-
-**Why this is needed:** Every new field must be added to both. The Protocol is only used for a single `cast()` call inside `_build_app_context`. Maintenance burden with no benefit.
-
-**Goal:** One typed representation. Remove `AppState` Protocol; cast directly or use `ApplicationContext`.
-
-**What to do:**
-1. Delete the `AppState` Protocol class.
-2. Replace `state = cast("AppState", request.app.state)` with `state = request.app.state` (type: ignore or use `ApplicationState` directly since it's the concrete type set in `create_app`).
-3. Access fields from `state` directly using the `ApplicationState` / `RuntimeState` types.
-
-**Possible traps and issues:**
-- `mypy` / pyright may report type errors on `request.app.state` accesses — use `cast(ApplicationState, request.app.state)` once, then access typed.
-- Ensure all fields accessed in `_build_app_context` are present on `ApplicationState`.
-
-**Docs changes needed:** None.
-
-**Doc references:** `backend/app/dependencies.py`, `backend/app/utils/runtime_state.py`
-
----
-
 ### T-07 · Break cross-service import: `jail_config_service` imports `jail_service`
 
 **Where found:** `backend/app/services/jail_config_service.py` — `import app.services.jail_service as jail_service`