Add jail distribution chart (Stage 5)

- backend: GET /api/dashboard/bans/by-jail endpoint
  - JailBanCount + BansByJailResponse Pydantic models in ban.py
  - bans_by_jail() service function with origin filter support
  - Route added to dashboard router
  - 17 new tests (7 service, 10 router); full suite 497 passed, 83% coverage

- frontend: JailDistributionChart component
  - JailBanCount / BansByJailResponse types in types/ban.ts
  - dashboardBansByJail endpoint constant in api/endpoints.ts
  - fetchBansByJail() in api/dashboard.ts
  - useJailDistribution hook in hooks/useJailDistribution.ts
  - JailDistributionChart component (horizontal bar chart, Recharts)
  - DashboardPage: full-width Jail Distribution section below Top Countries

backend/app/models/ban.py

@@ -280,3 +280,29 @@ class BanTrendResponse(BaseModel):
         ...,
         description="Human-readable bucket size label (e.g. '1h', '6h', '1d', '7d').",
     )
+
+
+# ---------------------------------------------------------------------------
+# By-jail endpoint models
+# ---------------------------------------------------------------------------
+
+
+class JailBanCount(BaseModel):
+    """A single jail entry in the bans-by-jail aggregation."""
+
+    model_config = ConfigDict(strict=True)
+
+    jail: str = Field(..., description="Jail name.")
+    count: int = Field(..., ge=0, description="Number of bans recorded in this jail.")
+
+
+class BansByJailResponse(BaseModel):
+    """Response for the ``GET /api/dashboard/bans/by-jail`` endpoint."""
+
+    model_config = ConfigDict(strict=True)
+
+    jails: list[JailBanCount] = Field(
+        default_factory=list,
+        description="Jails ordered by ban count descending.",
+    )
+    total: int = Field(..., ge=0, description="Total ban count in the selected window.")

backend/app/routers/dashboard.py

@@ -5,8 +5,9 @@ fail2ban server health snapshot.  The snapshot is maintained by the
 background health-check task and refreshed every 30 seconds.
 
 Also provides ``GET /api/dashboard/bans`` for the dashboard ban-list table,
-``GET /api/dashboard/bans/by-country`` for country aggregation, and
-``GET /api/dashboard/bans/trend`` for time-bucketed ban counts.
+``GET /api/dashboard/bans/by-country`` for country aggregation,
+``GET /api/dashboard/bans/trend`` for time-bucketed ban counts, and
+``GET /api/dashboard/bans/by-jail`` for per-jail ban counts.
 """
 
 from __future__ import annotations
@@ -22,6 +23,7 @@ from app.dependencies import AuthDep
 from app.models.ban import (
     BanOrigin,
     BansByCountryResponse,
+    BansByJailResponse,
     BanTrendResponse,
     DashboardBanListResponse,
     TimeRange,
@@ -206,3 +208,39 @@ async def get_ban_trend(
     socket_path: str = request.app.state.settings.fail2ban_socket
 
     return await ban_service.ban_trend(socket_path, range, origin=origin)
+
+
+@router.get(
+    "/bans/by-jail",
+    response_model=BansByJailResponse,
+    summary="Return ban counts aggregated by jail",
+)
+async def get_bans_by_jail(
+    request: Request,
+    _auth: AuthDep,
+    range: TimeRange = Query(default=_DEFAULT_RANGE, description="Time-range preset."),
+    origin: BanOrigin | None = Query(
+        default=None,
+        description="Filter by ban origin: 'blocklist' or 'selfblock'. Omit for all.",
+    ),
+) -> BansByJailResponse:
+    """Return ban counts grouped by jail name for the selected time window.
+
+    Queries the fail2ban database and returns a list of jails sorted by
+    ban count descending.  This endpoint is intended for the dashboard jail
+    distribution bar chart.
+
+    Args:
+        request: The incoming request (used to access ``app.state``).
+        _auth: Validated session dependency.
+        range: Time-range preset — ``"24h"``, ``"7d"``, ``"30d"``, or
+            ``"365d"``.
+        origin: Optional filter by ban origin.
+
+    Returns:
+        :class:`~app.models.ban.BansByJailResponse` with per-jail counts
+        sorted descending and the total for the selected window.
+    """
+    socket_path: str = request.app.state.settings.fail2ban_socket
+
+    return await ban_service.bans_by_jail(socket_path, range, origin=origin)

backend/app/services/ban_service.py

@@ -24,10 +24,12 @@ from app.models.ban import (
     TIME_RANGE_SECONDS,
     BanOrigin,
     BansByCountryResponse,
+    BansByJailResponse,
     BanTrendBucket,
     BanTrendResponse,
     DashboardBanItem,
     DashboardBanListResponse,
+    JailBanCount,
     TimeRange,
     _derive_origin,
     bucket_count,
@@ -573,3 +575,70 @@ async def ban_trend(
         buckets=buckets,
         bucket_size=BUCKET_SIZE_LABEL[range_],
     )
+
+
+# ---------------------------------------------------------------------------
+# bans_by_jail
+# ---------------------------------------------------------------------------
+
+
+async def bans_by_jail(
+    socket_path: str,
+    range_: TimeRange,
+    *,
+    origin: BanOrigin | None = None,
+) -> BansByJailResponse:
+    """Return ban counts aggregated per jail for the selected time window.
+
+    Queries the fail2ban database ``bans`` table, groups records by jail
+    name, and returns them ordered by count descending.  The origin filter
+    is applied when provided so callers can restrict results to blocklist-
+    imported bans or organic fail2ban bans.
+
+    Args:
+        socket_path: Path to the fail2ban Unix domain socket.
+        range_: Time-range preset (``"24h"``, ``"7d"``, ``"30d"``, or
+            ``"365d"``).
+        origin: Optional origin filter — ``"blocklist"`` restricts to the
+            ``blocklist-import`` jail, ``"selfblock"`` excludes it.
+
+    Returns:
+        :class:`~app.models.ban.BansByJailResponse` with per-jail counts
+        sorted descending and the total ban count.
+    """
+    since: int = _since_unix(range_)
+    origin_clause, origin_params = _origin_sql_filter(origin)
+
+    db_path: str = await _get_fail2ban_db_path(socket_path)
+    log.info(
+        "ban_service_bans_by_jail",
+        db_path=db_path,
+        since=since,
+        range=range_,
+        origin=origin,
+    )
+
+    async with aiosqlite.connect(f"file:{db_path}?mode=ro", uri=True) as f2b_db:
+        f2b_db.row_factory = aiosqlite.Row
+
+        async with f2b_db.execute(
+            "SELECT COUNT(*) FROM bans WHERE timeofban >= ?" + origin_clause,
+            (since, *origin_params),
+        ) as cur:
+            count_row = await cur.fetchone()
+            total: int = int(count_row[0]) if count_row else 0
+
+        async with f2b_db.execute(
+            "SELECT jail, COUNT(*) AS cnt "
+            "FROM bans "
+            "WHERE timeofban >= ?"
+            + origin_clause
+            + " GROUP BY jail ORDER BY cnt DESC",
+            (since, *origin_params),
+        ) as cur:
+            rows = await cur.fetchall()
+
+    jails: list[JailBanCount] = [
+        JailBanCount(jail=str(row["jail"]), count=int(row["cnt"])) for row in rows
+    ]
+    return BansByJailResponse(jails=jails, total=total)