# 2026-02-07 — Host controls + delete failsafe

## Problem

- The frontend gained a **Delete Server** button with confirmation.
- Backend has a **failsafe**: do not allow deleting a container unless the host (LXC) is stopped.
- At the time, the portal only had "server" controls (game server process), not host controls (LXC start/stop).

## Decision

✅ Keep the failsafe.

Instead of removing safety checks, add **Host Controls** to the UI and wire them to the API:
- Start Host
- Stop Host
- Restart Host

This keeps the deletion gate meaningful, and also gives users a way to stop compute spend / idle containers.

## UX wording

Avoid saying "container" in the user-facing UI if possible.

Use:
- "Host Controls" or "Server Host"
- "Start Host / Stop Host / Restart Host"

(Internally it is Proxmox LXC lifecycle, but the UI doesn't need to expose that.)

## Backend wiring (high-level)

Routes in `servers.js`:

- `POST /servers/:id/host/start`
- `POST /servers/:id/host/stop`
- `POST /servers/:id/host/restart`

Implementation calls `proxmoxClient.startContainer(vmid)`, `stopContainer(...)` or `shutdownContainer(...)`.

## Delete gate

Delete endpoint should enforce something like:

- refuse delete if host is still running
- or auto-stop then delete (only if you explicitly want that behavior)

Current stance:
- keep it strict to avoid accidental data loss.
- make the user stop the host first, then delete.

## Testing checklist

- Start Host → LXC goes running
- Stop Host → LXC shuts down
- Restart Host → stop then start
- Delete Server:
  - while running → denied (expected)
  - after stop → allowed (expected)