Expose ban-time escalation settings in jail detail and config UI

- Backend: Add BantimeEscalation + BantimeEscalationUpdate Pydantic models
  to app/models/config.py; add bantime_escalation field to Jail in jail.py
- Backend: jail_service.get_jail_detail() fetches 7 bantime.* socket commands
  (increment, factor, formula, multipliers, maxtime, rndtime, overalljails)
  and populates bantime_escalation on the returned Jail object
- Backend: config_service.get_jail_config() fetches same 7 commands;
  update_jail_config() writes escalation fields when provided
- Frontend: Add BantimeEscalation + BantimeEscalationUpdate interfaces to
  types/config.ts; extend JailConfig + JailConfigUpdate; extend Jail in
  types/jail.ts
- Frontend: JailDetailPage.tsx adds BantimeEscalationSection component that
  renders only when increment is enabled (shows factor, formula, multipliers,
  max_time, rnd_time, overall_jails)
- Frontend: ConfigPage.tsx JailAccordionPanel adds full escalation edit form
  (Switch for enable/disable, number inputs for factor/max_time/rnd_time,
  text inputs for formula/multipliers, Switch for overall_jails);
  handleSave includes bantime_escalation in the JailConfigUpdate payload
- Tests: Update ConfigPageLogPath.test.tsx mock to include bantime_escalation:null
- Docs: Mark Task 6 as DONE in Tasks.md

backend/app/models/config.py

@@ -5,6 +5,60 @@ Request, response, and domain models for the config router and service.
 
 from pydantic import BaseModel, ConfigDict, Field
 
+# ---------------------------------------------------------------------------
+# Ban-time escalation
+# ---------------------------------------------------------------------------
+
+
+class BantimeEscalation(BaseModel):
+    """Incremental ban-time escalation configuration for a jail."""
+
+    model_config = ConfigDict(strict=True)
+
+    increment: bool = Field(
+        default=False,
+        description="Whether incremental banning is enabled.",
+    )
+    factor: float | None = Field(
+        default=None,
+        description="Multiplier applied to the base ban time on each repeat offence.",
+    )
+    formula: str | None = Field(
+        default=None,
+        description="Python expression evaluated to compute the escalated ban time.",
+    )
+    multipliers: str | None = Field(
+        default=None,
+        description="Space-separated integers used as per-offence multipliers.",
+    )
+    max_time: int | None = Field(
+        default=None,
+        description="Maximum ban duration in seconds when escalation is active.",
+    )
+    rnd_time: int | None = Field(
+        default=None,
+        description="Random jitter (seconds) added to each escalated ban time.",
+    )
+    overall_jails: bool = Field(
+        default=False,
+        description="Count repeat offences across all jails, not just the current one.",
+    )
+
+
+class BantimeEscalationUpdate(BaseModel):
+    """Partial update payload for ban-time escalation settings."""
+
+    model_config = ConfigDict(strict=True)
+
+    increment: bool | None = Field(default=None)
+    factor: float | None = Field(default=None)
+    formula: str | None = Field(default=None)
+    multipliers: str | None = Field(default=None)
+    max_time: int | None = Field(default=None)
+    rnd_time: int | None = Field(default=None)
+    overall_jails: bool | None = Field(default=None)
+
+
 # ---------------------------------------------------------------------------
 # Jail configuration models
 # ---------------------------------------------------------------------------
@@ -26,6 +80,10 @@ class JailConfig(BaseModel):
     log_encoding: str = Field(default="UTF-8", description="Log file encoding.")
     backend: str = Field(default="polling", description="Log monitoring backend.")
     actions: list[str] = Field(default_factory=list, description="Names of actions attached to this jail.")
+    bantime_escalation: BantimeEscalation | None = Field(
+        default=None,
+        description="Incremental ban-time escalation settings, or None if not configured.",
+    )
 
 
 class JailConfigResponse(BaseModel):
@@ -58,6 +116,10 @@ class JailConfigUpdate(BaseModel):
     date_pattern: str | None = Field(default=None)
     dns_mode: str | None = Field(default=None, description="DNS lookup mode: raw | warn | no.")
     enabled: bool | None = Field(default=None)
+    bantime_escalation: BantimeEscalationUpdate | None = Field(
+        default=None,
+        description="Incremental ban-time escalation settings to update.",
+    )
 
 
 # ---------------------------------------------------------------------------

backend/app/models/jail.py

@@ -5,6 +5,8 @@ Request, response, and domain models used by the jails router and service.
 
 from pydantic import BaseModel, ConfigDict, Field
 
+from app.models.config import BantimeEscalation
+
 
 class JailStatus(BaseModel):
     """Runtime metrics for a single jail."""
@@ -37,6 +39,10 @@ class Jail(BaseModel):
     ban_time: int = Field(..., description="Duration (seconds) of a ban. -1 means permanent.")
     max_retry: int = Field(..., description="Number of failures before a ban is issued.")
     actions: list[str] = Field(default_factory=list, description="Names of actions attached to this jail.")
+    bantime_escalation: BantimeEscalation | None = Field(
+        default=None,
+        description="Incremental ban-time escalation settings, or None if not configured.",
+    )
     status: JailStatus | None = Field(default=None, description="Runtime counters.")
 
 

backend/app/services/config_service.py

@@ -25,6 +25,7 @@ if TYPE_CHECKING:
 
 from app.models.config import (
     AddLogPathRequest,
+    BantimeEscalation,
     GlobalConfigResponse,
     GlobalConfigUpdate,
     JailConfig,
@@ -200,6 +201,13 @@ async def get_jail_config(socket_path: str, name: str) -> JailConfigResponse:
         logencoding_raw,
         backend_raw,
         actions_raw,
+        bt_increment_raw,
+        bt_factor_raw,
+        bt_formula_raw,
+        bt_multipliers_raw,
+        bt_maxtime_raw,
+        bt_rndtime_raw,
+        bt_overalljails_raw,
     ) = await asyncio.gather(
         _safe_get(client, ["get", name, "bantime"], 600),
         _safe_get(client, ["get", name, "findtime"], 600),
@@ -211,6 +219,23 @@ async def get_jail_config(socket_path: str, name: str) -> JailConfigResponse:
         _safe_get(client, ["get", name, "logencoding"], "UTF-8"),
         _safe_get(client, ["get", name, "backend"], "polling"),
         _safe_get(client, ["get", name, "actions"], []),
+        _safe_get(client, ["get", name, "bantime.increment"], False),
+        _safe_get(client, ["get", name, "bantime.factor"], None),
+        _safe_get(client, ["get", name, "bantime.formula"], None),
+        _safe_get(client, ["get", name, "bantime.multipliers"], None),
+        _safe_get(client, ["get", name, "bantime.maxtime"], None),
+        _safe_get(client, ["get", name, "bantime.rndtime"], None),
+        _safe_get(client, ["get", name, "bantime.overalljails"], False),
+    )
+
+    bantime_escalation = BantimeEscalation(
+        increment=bool(bt_increment_raw),
+        factor=float(bt_factor_raw) if bt_factor_raw is not None else None,
+        formula=str(bt_formula_raw) if bt_formula_raw else None,
+        multipliers=str(bt_multipliers_raw) if bt_multipliers_raw else None,
+        max_time=int(bt_maxtime_raw) if bt_maxtime_raw is not None else None,
+        rnd_time=int(bt_rndtime_raw) if bt_rndtime_raw is not None else None,
+        overall_jails=bool(bt_overalljails_raw),
     )
 
     jail_cfg = JailConfig(
@@ -225,6 +250,7 @@ async def get_jail_config(socket_path: str, name: str) -> JailConfigResponse:
         log_encoding=str(logencoding_raw or "UTF-8"),
         backend=str(backend_raw or "polling"),
         actions=_ensure_list(actions_raw),
+        bantime_escalation=bantime_escalation,
     )
 
     log.info("jail_config_fetched", jail=name)
@@ -333,6 +359,24 @@ async def update_jail_config(
     if update.enabled is not None:
         await _set("idle", "off" if update.enabled else "on")
 
+    # Ban-time escalation fields.
+    if update.bantime_escalation is not None:
+        esc = update.bantime_escalation
+        if esc.increment is not None:
+            await _set("bantime.increment", "true" if esc.increment else "false")
+        if esc.factor is not None:
+            await _set("bantime.factor", str(esc.factor))
+        if esc.formula is not None:
+            await _set("bantime.formula", esc.formula)
+        if esc.multipliers is not None:
+            await _set("bantime.multipliers", esc.multipliers)
+        if esc.max_time is not None:
+            await _set("bantime.maxtime", esc.max_time)
+        if esc.rnd_time is not None:
+            await _set("bantime.rndtime", esc.rnd_time)
+        if esc.overall_jails is not None:
+            await _set("bantime.overalljails", "true" if esc.overall_jails else "false")
+
     # Replacing regex lists requires deleting old entries then adding new ones.
     if update.fail_regex is not None:
         await _replace_regex_list(client, name, "failregex", update.fail_regex)

backend/app/services/jail_service.py

@@ -19,6 +19,7 @@ from typing import Any
 import structlog
 
 from app.models.ban import ActiveBan, ActiveBanListResponse
+from app.models.config import BantimeEscalation
 from app.models.jail import (
     Jail,
     JailDetailResponse,
@@ -362,6 +363,13 @@ async def get_jail(socket_path: str, name: str) -> JailDetailResponse:
         backend_raw,
         idle_raw,
         actions_raw,
+        bt_increment_raw,
+        bt_factor_raw,
+        bt_formula_raw,
+        bt_multipliers_raw,
+        bt_maxtime_raw,
+        bt_rndtime_raw,
+        bt_overalljails_raw,
     ) = await asyncio.gather(
         _safe_get(client, ["get", name, "logpath"], []),
         _safe_get(client, ["get", name, "failregex"], []),
@@ -375,6 +383,24 @@ async def get_jail(socket_path: str, name: str) -> JailDetailResponse:
         _safe_get(client, ["get", name, "backend"], "polling"),
         _safe_get(client, ["get", name, "idle"], False),
         _safe_get(client, ["get", name, "actions"], []),
+        _safe_get(client, ["get", name, "bantime.increment"], False),
+        _safe_get(client, ["get", name, "bantime.factor"], None),
+        _safe_get(client, ["get", name, "bantime.formula"], None),
+        _safe_get(client, ["get", name, "bantime.multipliers"], None),
+        _safe_get(client, ["get", name, "bantime.maxtime"], None),
+        _safe_get(client, ["get", name, "bantime.rndtime"], None),
+        _safe_get(client, ["get", name, "bantime.overalljails"], False),
+    )
+
+    bt_increment: bool = bool(bt_increment_raw)
+    bantime_escalation = BantimeEscalation(
+        increment=bt_increment,
+        factor=float(bt_factor_raw) if bt_factor_raw is not None else None,
+        formula=str(bt_formula_raw) if bt_formula_raw else None,
+        multipliers=str(bt_multipliers_raw) if bt_multipliers_raw else None,
+        max_time=int(bt_maxtime_raw) if bt_maxtime_raw is not None else None,
+        rnd_time=int(bt_rndtime_raw) if bt_rndtime_raw is not None else None,
+        overall_jails=bool(bt_overalljails_raw),
     )
 
     jail = Jail(
@@ -392,6 +418,7 @@ async def get_jail(socket_path: str, name: str) -> JailDetailResponse:
         find_time=int(findtime_raw or 600),
         ban_time=int(bantime_raw or 600),
         max_retry=int(maxretry_raw or 5),
+        bantime_escalation=bantime_escalation,
         status=jail_status,
         actions=_ensure_list(actions_raw),
     )