feat(docker): scan/inspect passifs des stacks Compose (tâche 2 SJ-4)

- 4 tables Docker (settings/compose_roots/compose_stacks/stack_services)
  + migration 0004 (timestamps journal monotones)
- templates docker/scan-compose + inspect-compose ; renderTemplate bascule
  sur délimiteurs <% %> pour les templates docker/ afin de préserver les
  Go-templates {{.ID}} intacts
- dockerScan: parseDockerScan (TDD) + scanDockerStacks (persiste stacks
  candidats, complète la détection par labels)
- action docker_scan branchée dans execute (route dédiée, archivage report/log)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

server/db/migrations/0004_thin_ted_forrester.sql

@@ -0,0 +1,53 @@
+CREATE TABLE `docker_compose_roots` (
+	`id` text PRIMARY KEY NOT NULL,
+	`machine_id` text NOT NULL,
+	`path` text NOT NULL,
+	`enabled` integer DEFAULT 1 NOT NULL,
+	`scan_depth` integer,
+	`created_at` text NOT NULL,
+	`updated_at` text NOT NULL,
+	FOREIGN KEY (`machine_id`) REFERENCES `machines`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE TABLE `docker_compose_stacks` (
+	`id` text PRIMARY KEY NOT NULL,
+	`machine_id` text NOT NULL,
+	`name` text NOT NULL,
+	`working_dir` text NOT NULL,
+	`compose_files_json` text NOT NULL,
+	`project_name` text,
+	`env_file` text,
+	`status` text NOT NULL,
+	`detected_by` text,
+	`last_scan_at` text,
+	`last_update_at` text,
+	`created_at` text NOT NULL,
+	`updated_at` text NOT NULL,
+	FOREIGN KEY (`machine_id`) REFERENCES `machines`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE TABLE `docker_settings` (
+	`machine_id` text PRIMARY KEY NOT NULL,
+	`enabled` integer DEFAULT 0 NOT NULL,
+	`scan_depth` integer DEFAULT 4 NOT NULL,
+	`prune_mode` text DEFAULT 'safe' NOT NULL,
+	`last_scan_at` text,
+	`last_pull_check_at` text,
+	`updated_at` text NOT NULL,
+	FOREIGN KEY (`machine_id`) REFERENCES `machines`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE TABLE `docker_stack_services` (
+	`id` text PRIMARY KEY NOT NULL,
+	`stack_id` text NOT NULL,
+	`service_name` text NOT NULL,
+	`image_ref` text,
+	`current_image_id` text,
+	`current_digest` text,
+	`candidate_image_id` text,
+	`candidate_digest` text,
+	`version_label` text,
+	`status` text,
+	`updated_at` text NOT NULL,
+	FOREIGN KEY (`stack_id`) REFERENCES `docker_compose_stacks`(`id`) ON UPDATE no action ON DELETE cascade
+);

server/db/migrations/meta/_journal.json

@@ -29,6 +29,13 @@
       "when": 1780669200000,
       "tag": "0003_magical_psylocke",
       "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "6",
+      "when": 1780684150263,
+      "tag": "0004_thin_ted_forrester",
+      "breakpoints": true
     }
   ]
 }

server/db/schema.test.ts

@@ -57,3 +57,39 @@ describe("schéma Phase 2", () => {
     expect(columnNames(sqlite, "machines")).toContain("enc_password");
   });
 });
+
+describe("schéma SJ-4 Docker", () => {
+  it("crée les tables docker_*", () => {
+    const sqlite = freshMigratedDb();
+    const tables = tableNames(sqlite);
+    for (const t of [
+      "docker_settings",
+      "docker_compose_roots",
+      "docker_compose_stacks",
+      "docker_stack_services",
+    ]) {
+      expect(tables, `table ${t}`).toContain(t);
+    }
+  });
+
+  it("docker_settings a les colonnes attendues", () => {
+    const sqlite = freshMigratedDb();
+    expect(columnNames(sqlite, "docker_settings")).toEqual(
+      expect.arrayContaining(["machine_id", "enabled", "scan_depth", "prune_mode", "last_scan_at", "updated_at"]),
+    );
+  });
+
+  it("docker_compose_stacks a les colonnes attendues", () => {
+    const sqlite = freshMigratedDb();
+    expect(columnNames(sqlite, "docker_compose_stacks")).toEqual(
+      expect.arrayContaining(["id", "machine_id", "name", "working_dir", "compose_files_json", "status", "detected_by"]),
+    );
+  });
+
+  it("docker_stack_services a les colonnes attendues", () => {
+    const sqlite = freshMigratedDb();
+    expect(columnNames(sqlite, "docker_stack_services")).toEqual(
+      expect.arrayContaining(["id", "stack_id", "service_name", "image_ref", "current_image_id", "current_digest"]),
+    );
+  });
+});

server/db/schema.ts

@@ -226,3 +226,54 @@ export const machineHostKeys = sqliteTable("machine_host_keys", {
   firstSeenAt: text("first_seen_at").notNull(),
   lastSeenAt: text("last_seen_at").notNull(),
 });
+
+// --- SJ-4 : Docker (passif) ---
+export const dockerSettings = sqliteTable("docker_settings", {
+  machineId: text("machine_id").primaryKey().references(() => machines.id, { onDelete: "cascade" }),
+  enabled: integer("enabled").notNull().default(0),
+  scanDepth: integer("scan_depth").notNull().default(4),
+  pruneMode: text("prune_mode").notNull().default("safe"),
+  lastScanAt: text("last_scan_at"),
+  lastPullCheckAt: text("last_pull_check_at"),
+  updatedAt: text("updated_at").notNull(),
+});
+
+export const dockerComposeRoots = sqliteTable("docker_compose_roots", {
+  id: text("id").primaryKey(),
+  machineId: text("machine_id").notNull().references(() => machines.id, { onDelete: "cascade" }),
+  path: text("path").notNull(),
+  enabled: integer("enabled").notNull().default(1),
+  scanDepth: integer("scan_depth"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull(),
+});
+
+export const dockerComposeStacks = sqliteTable("docker_compose_stacks", {
+  id: text("id").primaryKey(),
+  machineId: text("machine_id").notNull().references(() => machines.id, { onDelete: "cascade" }),
+  name: text("name").notNull(),
+  workingDir: text("working_dir").notNull(),
+  composeFilesJson: text("compose_files_json").notNull(),
+  projectName: text("project_name"),
+  envFile: text("env_file"),
+  status: text("status").notNull(),          // candidate | enabled | ignored | error
+  detectedBy: text("detected_by"),           // root_scan | label | manual
+  lastScanAt: text("last_scan_at"),
+  lastUpdateAt: text("last_update_at"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull(),
+});
+
+export const dockerStackServices = sqliteTable("docker_stack_services", {
+  id: text("id").primaryKey(),
+  stackId: text("stack_id").notNull().references(() => dockerComposeStacks.id, { onDelete: "cascade" }),
+  serviceName: text("service_name").notNull(),
+  imageRef: text("image_ref"),
+  currentImageId: text("current_image_id"),
+  currentDigest: text("current_digest"),
+  candidateImageId: text("candidate_image_id"),
+  candidateDigest: text("candidate_digest"),
+  versionLabel: text("version_label"),
+  status: text("status"),                    // up_to_date | updates_available | error
+  updatedAt: text("updated_at").notNull(),
+});