docs

Signed-off-by: jokob-sk <jokob.sk@gmail.com>
LOADED_PLUGINS not processed #1195
2025-12-07 01:26:11 -08:00 · 2025-09-29 13:11:58 +10:00 · 2025-09-29 08:04:53 +10:00 · 2025-09-28 20:22:50 +10:00 · 2025-09-28 19:08:38 +13:00 · 2025-09-28 17:29:21 +13:00
473 changed files with 40914 additions and 16253 deletions
--- a/.coverage
+++ b/.coverage
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,112 @@
+# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh
+
+# ---/Dockerfile---
+FROM alpine:3.22 AS builder
+
+ARG INSTALL_DIR=/app
+
+ENV PYTHONUNBUFFERED=1
+
+# Install build dependencies
+RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git \
+    && python -m venv /opt/venv
+
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH"
+
+
+RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git
+
+# Append Iliadbox certificate to aiofreepybox
+
+# second stage
+FROM alpine:3.22 AS runner
+
+ARG INSTALL_DIR=/app
+
+COPY --from=builder /opt/venv /opt/venv
+COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/
+
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH" 
+
+# default port and listen address
+ENV PORT=20211 LISTEN_ADDR=0.0.0.0 
+
+# needed for s6-overlay
+ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
+
+# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗ 
+
+RUN apk update --no-cache \
+    && apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
+    && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates \
+    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
+    && apk add --no-cache python3 nginx \
+    && ln -s /usr/bin/awake /usr/bin/wakeonlan \
+    && rm -f /etc/nginx/http.d/default.conf
+
+
+# Add crontab file
+COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root
+
+# Start all required services
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=2 \
+    CMD curl -sf -o /dev/null ${LISTEN_ADDR}:${PORT}/php/server/query_json.php?file=app_state.json
+
+ENTRYPOINT ["/init"]
+
+# ---/resources/devcontainer-Dockerfile---
+
+# Devcontainer build stage (do not build directly)
+# This file is combined with the root /Dockerfile by
+#   .devcontainer/scripts/generate-dockerfile.sh
+# The generator appends this stage to produce .devcontainer/Dockerfile.
+# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
+
+FROM runner AS devcontainer
+ENV INSTALL_DIR=/app 
+ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
+
+# Install common tools, create user, and set up sudo
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
+    adduser -D -s /bin/sh netalertx && \
+    addgroup netalertx nginx && \
+    addgroup netalertx www-data && \
+    echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
+    chmod 440 /etc/sudoers.d/90-netalertx
+# Install debugpy in the virtualenv if present, otherwise into system python3
+RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
+# setup nginx
+COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
+RUN set -e; \
+    chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
+    install -d -o netalertx -g www-data -m 775 /app; \
+    install -d -o netalertx -g www-data -m 755 /run/nginx; \
+    install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
+    rm -f /var/lib/nginx/logs/* || true; \
+    for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
+    install -d -o netalertx -g www-data -m 777 /run/php; \
+    install -d -o netalertx -g www-data -m 775 /var/log/php; \
+    chown -R netalertx:www-data /etc/nginx/http.d; \
+    chmod -R 775 /etc/nginx/http.d; \
+    chown -R netalertx:www-data /var/lib/nginx; \
+    chmod -R 755 /var/lib/nginx && \
+    chown -R netalertx:www-data /var/log/nginx/ && \
+    sed -i '/^user /d' /etc/nginx/nginx.conf; \
+    sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
+    sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
+    sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    mkdir -p /run/openrc; \
+    chown netalertx:nginx /run/openrc/; \
+    rm -Rf /run/openrc/*;
+
+# setup pytest
+RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
+
+WORKDIR /workspaces/NetAlertX
+
+
+ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -0,0 +1,30 @@
+# NetAlertX Devcontainer Notes
+
+This devcontainer replicates the production container as closely as practical, with a few development-oriented differences.
+
+Key behavior
+- No init process: Services are managed by shell scripts using killall, setsid, and nohup. Startup and restarts are script-driven rather than supervised by an init system.
+- Autogenerated Dockerfile: The effective devcontainer Dockerfile is generated on demand by `.devcontainer/scripts/generate-dockerfile.sh`. It combines the root `Dockerfile` (with certain COPY instructions removed) and an extra "devcontainer" stage from `.devcontainer/resources/devcontainer-Dockerfile`. When you change the resource Dockerfile, re-run the generator to refresh `.devcontainer/Dockerfile`.
+- Where to put setup: Prefer baking setup into `.devcontainer/resources/devcontainer-Dockerfile`. Use `.devcontainer/scripts/setup.sh` only for steps that must happen at container start (e.g., cleaning up nginx/php ownership, creating directories, touching runtime files) or depend on runtime paths.
+
+Debugging (F5)
+The Frontend and backend run in debug mode always.  You can attach your debugger at any time.  
+- Python Backend Debug: Attach - The backend runs with a debugger on port 5678. Set breakpoints in the code and press F5 to begin triggering them.
+- PHP Frontend (XDebug) Xdebug listens on 9003. Start listening and use an Xdebug extension in your browser to debug PHP.
+
+Common workflows (F1->Tasks: Run Task)
+- Regenerate the devcontainer Dockerfile: Run the VS Code task "Generate Dockerfile" or execute `.devcontainer/scripts/generate-dockerfile.sh`. The result is `.devcontainer/Dockerfile`.
+- Re-run startup provisioning: Use the task "Re-Run Startup Script" to execute `.devcontainer/scripts/setup.sh` in the container.
+- Start services:
+  - Backend (GraphQL/Flask): `.devcontainer/scripts/restart-backend.sh` starts it under debugpy and logs to `/app/log/app.log`
+  - Frontend (nginx + PHP-FPM): Started via setup.sh; can be restarted by the task "Start Frontend (nginx and PHP-FPM)".
+
+Testing
+- pytest is installed via Alpine packages (py3-pytest, py3-pytest-cov).
+- PYTHONPATH includes workspace and venv site-packages so tests can import `server/*` modules and third-party libs.
+- Run tests via VS Code Pytest Runner or `pytest -q` from the workspace root.
+
+Conventions
+- Don’t edit `.devcontainer/Dockerfile` directly; edit `.devcontainer/resources/devcontainer-Dockerfile` and regenerate.
+- Keep setup in the resource Dockerfile when possible; reserve `setup.sh` for runtime fixes.
+- Avoid hardcoding ports/secrets; prefer existing settings and helpers (see `.github/copilot-instructions.md`).
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,79 @@
+{
+  "name": "NetAlertX DevContainer",
+  "remoteUser": "netalertx",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": "..",
+    "target": "devcontainer"
+  },
+  "workspaceFolder": "/workspaces/NetAlertX",
+  "runArgs": [
+    "--add-host=host.docker.internal:host-gateway",
+    "--security-opt", "apparmor=unconfined" // for alowing ramdisk mounts
+  ],
+
+  "capAdd": [
+    "SYS_ADMIN", // For mounting ramdisks
+    "NET_ADMIN", // For network interface configuration
+    "NET_RAW"    // For raw packet manipulation
+  ],
+  
+  
+  
+  "postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh",
+  
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-python.python",
+        "ms-azuretools.vscode-docker",
+        "felixfbecker.php-debug",
+        "bmewburn.vscode-intelephense-client",
+        "xdebug.php-debug",
+        "ms-python.vscode-pylance",
+        "pamaron.pytest-runner",
+        "coderabbit.coderabbit-vscode",
+        "ms-python.black-formatter"
+      ]
+      ,
+      "settings": {
+        "terminal.integrated.cwd": "${containerWorkspaceFolder}",
+        // Python testing configuration
+        "python.testing.pytestEnabled": true,
+        "python.testing.unittestEnabled": false,
+        "python.testing.pytestArgs": [
+          "test"
+        ],
+        // Make sure we discover tests and import server correctly
+        "python.analysis.extraPaths": [
+          "/workspaces/NetAlertX",
+          "/workspaces/NetAlertX/server",
+          "/app",
+          "/app/server"
+        ]
+      }
+    }
+  },
+  "forwardPorts": [5678, 9000, 9003, 20211, 20212],
+
+  "portsAttributes": {
+    "20211": {
+      "label": "Frontend:Nginx+PHP"
+    },
+    "20212": {
+      "label": "Backend:GraphQL"
+    },
+    "9003": {
+      "label": "PHP Debug:Xdebug"
+    },
+    "9000": {
+      "label": "PHP-FPM:FastCGI"
+    },
+    "5678": {
+      "label": "Python Debug:debugpy"
+    }
+  },
+
+  // Optional: ensures compose services are stopped when you close the window
+  "shutdownAction": "stopContainer"
+}
--- a/.devcontainer/resources/99-xdebug.ini
+++ b/.devcontainer/resources/99-xdebug.ini
@@ -0,0 +1,8 @@
+zend_extension="xdebug.so"
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.log_level=0
+xdebug.client_host=host.docker.internal
+xdebug.client_port=9003
+xdebug.start_with_request=yes
+xdebug.discover_client_host=1
--- a/.devcontainer/resources/devcontainer-Dockerfile
+++ b/.devcontainer/resources/devcontainer-Dockerfile
@@ -0,0 +1,51 @@
+# Devcontainer build stage (do not build directly)
+# This file is combined with the root /Dockerfile by
+#   .devcontainer/scripts/generate-dockerfile.sh
+# The generator appends this stage to produce .devcontainer/Dockerfile.
+# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
+
+FROM runner AS devcontainer
+ENV INSTALL_DIR=/app 
+ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
+
+# Install common tools, create user, and set up sudo
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
+    adduser -D -s /bin/sh netalertx && \
+    addgroup netalertx nginx && \
+    addgroup netalertx www-data && \
+    echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
+    chmod 440 /etc/sudoers.d/90-netalertx
+# Install debugpy in the virtualenv if present, otherwise into system python3
+RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
+# setup nginx
+COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
+RUN set -e; \
+    chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
+    install -d -o netalertx -g www-data -m 775 /app; \
+    install -d -o netalertx -g www-data -m 755 /run/nginx; \
+    install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
+    rm -f /var/lib/nginx/logs/* || true; \
+    for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
+    install -d -o netalertx -g www-data -m 777 /run/php; \
+    install -d -o netalertx -g www-data -m 775 /var/log/php; \
+    chown -R netalertx:www-data /etc/nginx/http.d; \
+    chmod -R 775 /etc/nginx/http.d; \
+    chown -R netalertx:www-data /var/lib/nginx; \
+    chmod -R 755 /var/lib/nginx && \
+    chown -R netalertx:www-data /var/log/nginx/ && \
+    sed -i '/^user /d' /etc/nginx/nginx.conf; \
+    sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
+    sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
+    sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    mkdir -p /run/openrc; \
+    chown netalertx:nginx /run/openrc/; \
+    rm -Rf /run/openrc/*;
+
+# setup pytest
+RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
+
+WORKDIR /workspaces/NetAlertX
+
+
+ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
--- a/.devcontainer/resources/netalertx-devcontainer.conf
+++ b/.devcontainer/resources/netalertx-devcontainer.conf
@@ -0,0 +1,26 @@
+log_format netalertx '$remote_addr - $remote_user [$time_local] "$request" '
+                     '$status $body_bytes_sent "$http_referer" '
+                     '"$http_user_agent" "$http_x_forwarded_for"';
+access_log /var/log/nginx/access.log netalertx flush=1s;
+error_log  /var/log/nginx/error.log  warn;
+
+server {
+    listen 20211 default_server;
+    root /app/front;
+    index index.php;
+
+    add_header X-Forwarded-Prefix "/netalertx" always;
+    proxy_set_header X-Forwarded-Prefix "/netalertx";
+
+    location ~* \.php$ {
+        add_header Cache-Control "no-store";
+        fastcgi_pass 127.0.0.1:9000;
+        include         fastcgi_params;
+        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+        fastcgi_param   PHP_VALUE "xdebug.remote_enable=1";
+        fastcgi_connect_timeout 75;
+        fastcgi_send_timeout 600;
+        fastcgi_read_timeout 600;
+    }
+}
--- a/.devcontainer/scripts/generate-dockerfile.sh
+++ b/.devcontainer/scripts/generate-dockerfile.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Generator for .devcontainer/Dockerfile
+# Combines the root /Dockerfile (with some COPY lines removed) and
+# the dev-only stage in .devcontainer/resources/devcontainer-Dockerfile.
+# Run this script after modifying the resource Dockerfile to refresh
+# the final .devcontainer/Dockerfile used by the devcontainer.
+
+# Make a copy of the original Dockerfile to the .devcontainer folder
+# but remove the COPY . ${INSTALL_DIR}/ command from it. This avoids
+# overwriting /app (which uses symlinks to the workspace) and preserves
+# debugging capabilities inside the devcontainer.
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+DEVCONTAINER_DIR="${SCRIPT_DIR%/scripts}"
+ROOT_DIR="${DEVCONTAINER_DIR%/.devcontainer}"
+
+OUT_FILE="${DEVCONTAINER_DIR}/Dockerfile"
+
+echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh" > "$OUT_FILE"
+echo "" >> "$OUT_FILE"
+echo "# ---/Dockerfile---" >> "$OUT_FILE"
+
+sed '/${INSTALL_DIR}/d' "${ROOT_DIR}/Dockerfile" >> "$OUT_FILE"
+
+# sed the line https://github.com/foreign-sub/aiofreepybox.git \\ to remove trailing backslash
+sed -i '/aiofreepybox.git/ s/ \\$//' "$OUT_FILE"
+
+# don't cat the file, just copy it in because it doesn't exist at build time
+sed -i 's|^ RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem$| COPY install/freebox_certificate.pem /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem |' "$OUT_FILE"
+
+echo "" >> "$OUT_FILE"
+echo "# ---/resources/devcontainer-Dockerfile---" >> "$OUT_FILE"
+echo "" >> "$OUT_FILE"
+
+cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" >> "$OUT_FILE"
+
+echo "Generated $OUT_FILE using root dir $ROOT_DIR" >&2
--- a/.devcontainer/scripts/restart-backend.sh
+++ b/.devcontainer/scripts/restart-backend.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+# Start (or restart) the NetAlertX Python backend under debugpy in background.
+# This script is invoked by the VS Code task "Restart GraphQL".
+# It exists to avoid complex inline command chains that were being mangled by the task runner.
+
+set -e
+
+LOG_DIR=/app/log
+APP_DIR=/app/server
+PY=python3
+PORT_DEBUG=5678
+
+# Kill any prior debug/run instances
+sudo killall python3 2>/dev/null || true
+sleep 2
+
+echo ''|tee $LOG_DIR/stdout.log $LOG_DIR/stderr.log $LOG_DIR/app.log
+
+cd "$APP_DIR"
+
+# Launch using absolute module path for clarity; rely on cwd for local imports
+setsid nohup "${PY}" -m debugpy --listen "0.0.0.0:${PORT_DEBUG}" /app/server/__main__.py \
+  1>>"$LOG_DIR/stdout.log" \
+  2>>"$LOG_DIR/stderr.log" &
+PID=$!
+sleep 2
--- a/.devcontainer/scripts/run-tests.sh
+++ b/.devcontainer/scripts/run-tests.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# shellcheck shell=sh
+# Simple helper to run pytest inside the devcontainer with correct paths
+set -eu
+
+# Ensure we run from the workspace root
+cd /workspaces/NetAlertX
+
+# Make sure PYTHONPATH includes server and workspace
+export PYTHONPATH="/workspaces/NetAlertX:/workspaces/NetAlertX/server:/app:/app/server:${PYTHONPATH:-}"
+
+# Default to running the full test suite under /workspaces/NetAlertX/test
+pytest -q --maxfail=1 --disable-warnings test "$@"
--- a/.devcontainer/scripts/setup.sh
+++ b/.devcontainer/scripts/setup.sh
@@ -0,0 +1,200 @@
+#! /bin/bash
+# Runtime setup for devcontainer (executed after container starts).
+# Prefer building setup into resources/devcontainer-Dockerfile when possible.
+# Use this script for runtime-only adjustments (permissions, sockets, ownership,
+# and services managed without init) that are difficult at build time.
+id
+
+# Define variables (paths, ports, environment)
+
+export APP_DIR="/app"
+export APP_COMMAND="/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh"
+export PHP_FPM_BIN="/usr/sbin/php-fpm83"
+export NGINX_BIN="/usr/sbin/nginx"
+export CROND_BIN="/usr/sbin/crond -f"
+
+
+export ALWAYS_FRESH_INSTALL=false
+export INSTALL_DIR=/app
+export APP_DATA_LOCATION=/app/config
+export APP_CONFIG_LOCATION=/app/config
+export LOGS_LOCATION=/app/logs
+export CONF_FILE="app.conf"
+export NGINX_CONF_FILE=netalertx.conf
+export DB_FILE="app.db"
+export FULL_FILEDB_PATH="${INSTALL_DIR}/db/${DB_FILE}"
+export NGINX_CONFIG_FILE="/etc/nginx/http.d/${NGINX_CONF_FILE}"
+export OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
+export TZ=Europe/Paris
+export PORT=20211
+export SOURCE_DIR="/workspaces/NetAlertX"
+
+
+ 
+main() {
+    echo "=== NetAlertX Development Container Setup ==="
+    echo "Setting up ${SOURCE_DIR}..."
+    configure_source
+    
+    echo "--- Starting Development Services ---"
+    configure_php
+
+
+    start_services
+}
+
+# safe_link: create a symlink from source to target, removing existing target if necessary
+# bypassing the default behavior of symlinking the directory into the target directory if it is a directory
+safe_link() {
+    # usage: safe_link <source> <target>
+    local src="$1"
+    local dst="$2"
+
+    # Ensure parent directory exists
+    install -d -m 775 "$(dirname "$dst")" >/dev/null 2>&1 || true
+
+    # If target exists, remove it without dereferencing symlinks
+    if [ -L "$dst" ] || [ -e "$dst" ]; then
+        rm -rf "$dst"
+    fi
+
+    # Create link; -n prevents deref, -f replaces if somehow still exists
+    ln -sfn "$src" "$dst"
+}
+
+# Setup source directory
+configure_source() {
+    echo "[1/3] Configuring Source..."
+    echo "  -> Linking source to ${INSTALL_DIR}"
+    echo "Dev">${INSTALL_DIR}/.VERSION
+
+    echo "  -> Mounting ramdisks for /log and /api"
+    sudo mount -t tmpfs -o size=256M tmpfs "${SOURCE_DIR}/log"
+    sudo mount -t tmpfs -o size=512M tmpfs "${SOURCE_DIR}/api"
+    safe_link ${SOURCE_DIR}/api           ${INSTALL_DIR}/api
+    safe_link ${SOURCE_DIR}/back          ${INSTALL_DIR}/back
+    safe_link "${SOURCE_DIR}/config"     "${INSTALL_DIR}/config"
+    safe_link "${SOURCE_DIR}/db"         "${INSTALL_DIR}/db"
+    if [ ! -f "${SOURCE_DIR}/config/app.conf" ]; then
+        cp ${SOURCE_DIR}/back/app.conf ${INSTALL_DIR}/config/
+        cp ${SOURCE_DIR}/back/app.db ${INSTALL_DIR}/db/
+    fi
+
+    safe_link "${SOURCE_DIR}/docs"       "${INSTALL_DIR}/docs"
+    safe_link "${SOURCE_DIR}/front"      "${INSTALL_DIR}/front"
+    safe_link "${SOURCE_DIR}/install"    "${INSTALL_DIR}/install"
+    safe_link "${SOURCE_DIR}/scripts"    "${INSTALL_DIR}/scripts"
+    safe_link "${SOURCE_DIR}/server"     "${INSTALL_DIR}/server"
+    safe_link "${SOURCE_DIR}/test"       "${INSTALL_DIR}/test"
+    safe_link "${SOURCE_DIR}/log"       "${INSTALL_DIR}/log"
+    safe_link "${SOURCE_DIR}/mkdocs.yml" "${INSTALL_DIR}/mkdocs.yml"
+
+    echo "  -> Copying static files to ${INSTALL_DIR}"
+    cp -R ${SOURCE_DIR}/CODE_OF_CONDUCT.md ${INSTALL_DIR}/
+    cp -R ${SOURCE_DIR}/dockerfiles ${INSTALL_DIR}/dockerfiles
+    sudo cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
+    sudo cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"
+    if [ -e "${INSTALL_DIR}/api/user_notifications.json" ]; then
+        echo "  -> Removing existing user_notifications.json"
+        sudo rm "${INSTALL_DIR}"/api/user_notifications.json
+    fi
+
+
+    
+    echo "  -> Setting ownership and permissions"
+    sudo find ${INSTALL_DIR}/ -type d -exec chmod 775 {} \;
+    sudo find ${INSTALL_DIR}/ -type f -exec chmod 664 {} \;
+    sudo date +%s > "${INSTALL_DIR}/front/buildtimestamp.txt"
+    sudo chmod 640 "${INSTALL_DIR}/config/${CONF_FILE}" || true
+
+
+
+    echo "  -> Setting up log directory"
+    install -d -o netalertx -g www-data -m 777 ${INSTALL_DIR}/log/plugins
+
+    echo "  -> Empty log"|tee ${INSTALL_DIR}/log/app.log \
+        ${INSTALL_DIR}/log/app_front.log \
+        ${INSTALL_DIR}/log/stdout.log
+    touch ${INSTALL_DIR}/log/stderr.log \
+    ${INSTALL_DIR}/log/execution_queue.log
+    echo 0>${INSTALL_DIR}/log/db_is_locked.log
+
+    date +%s > /app/front/buildtimestamp.txt
+
+    killall python &>/dev/null
+    sleep 1
+}
+
+#
+
+# start_services: start crond, PHP-FPM, nginx and the application
+start_services() {
+    echo "[3/3] Starting services..."
+
+    killall nohup &>/dev/null || true
+
+    killall php-fpm83 &>/dev/null || true
+    killall crond &>/dev/null || true
+    # Give the OS a moment to release the php-fpm socket
+    sleep 0.3
+    echo "      -> Starting CronD"
+    setsid nohup $CROND_BIN &>/dev/null &
+
+    echo "      -> Starting PHP-FPM"
+    setsid nohup $PHP_FPM_BIN &>/dev/null &
+
+    sudo killall nginx &>/dev/null || true
+    # Wait for the previous nginx processes to exit and for the port to free up
+    tries=0
+    while ss -ltn | grep -q ":${PORT}[[:space:]]" && [ $tries -lt 10 ]; do
+        echo "  -> Waiting for port ${PORT} to free..."
+        sleep 0.2
+        tries=$((tries+1))
+    done
+    sleep 0.2
+    echo "      -> Starting Nginx"
+    setsid nohup $NGINX_BIN &>/dev/null &
+    echo "      -> Starting Backend ${APP_DIR}/server..."
+    $APP_COMMAND 
+    sleep 2
+}
+
+# configure_php: configure PHP-FPM and enable dev debug options
+configure_php() {
+    echo "[2/3] Configuring PHP-FPM..."
+    sudo killall php-fpm83 &>/dev/null || true
+    install -d -o nginx -g www-data /run/php/ &>/dev/null
+    sudo sed -i "/^;pid/c\pid = /run/php/php8.3-fpm.pid" /etc/php83/php-fpm.conf
+    sudo sed -i 's|^listen = .*|listen = 127.0.0.1:9000|' /etc/php83/php-fpm.d/www.conf
+    sudo sed -i 's|fastcgi_pass .*|fastcgi_pass 127.0.0.1:9000;|' /etc/nginx/http.d/*.conf
+
+    #increase max child process count to 10
+    sudo sed -i -e 's/pm.max_children = 5/pm.max_children = 10/' /etc/php83/php-fpm.d/www.conf 
+
+    # find any line in php-fmp that starts with either ;error_log or error_log = and replace it with error_log = /app/log/app.php_errors.log
+    sudo sed -i '/^;*error_log\s*=/c\error_log = /app/log/app.php_errors.log' /etc/php83/php-fpm.conf
+    # If the line was not found, append it to the end of the file
+    if ! grep -q '^error_log\s*=' /etc/php83/php-fpm.conf; then
+        echo 'error_log = /app/log/app.php_errors.log' | sudo tee -a /etc/php83/php-fpm.conf
+    fi
+
+    sudo mkdir -p /etc/php83/conf.d
+    sudo cp /workspaces/NetAlertX/.devcontainer/resources/99-xdebug.ini /etc/php83/conf.d/99-xdebug.ini
+
+    sudo rm -R /var/log/php83 &>/dev/null || true
+    install -d -o netalertx -g www-data -m 755 var/log/php83;
+
+    sudo chmod 644 /etc/php83/conf.d/99-xdebug.ini || true
+
+}
+
+# (duplicate start_services removed)
+
+
+
+echo "$(git rev-parse --short=8 HEAD)">/app/.VERSION
+# Run the main function
+main
+
+
+
--- a/.devcontainer/scripts/stream-logs.sh
+++ b/.devcontainer/scripts/stream-logs.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Stream NetAlertX logs to stdout so the Dev Containers output channel shows them.
+# This script waits briefly for the files to appear and then tails them with -F.
+
+LOG_FILES="/app/log/app.log  /app/log/db_is_locked.log /app/log/execution_queue.log /app/log/app_front.log /app/log/app.php_errors.log /app/log/IP_changes.log /app/stderr.log /app/stdout.log"
+
+wait_for_files() {
+  # Wait up to ~10s for at least one of the files to exist
+  attempts=0
+  while [ $attempts -lt 20 ]; do
+    for f in $LOG_FILES; do
+      if [ -f "$f" ]; then
+        return 0
+      fi
+    done
+    attempts=$((attempts+1))
+    sleep 0.5
+  done
+  return 1
+}
+
+if wait_for_files; then
+  echo "Starting log stream for:"
+  for f in $LOG_FILES; do
+    [ -f "$f" ] && echo "  $f"
+  done
+
+  # Use tail -F where available. If tail -F isn't supported, tail -f is used as fallback.
+  # Some minimal images may have busybox tail without -F; this handles both.
+  if tail --version >/dev/null 2>&1; then
+    # GNU tail supports -F
+    tail -n +1 -F $LOG_FILES
+  else
+    # Fallback to -f for busybox; will exit if files rotate or do not exist initially
+    tail -n +1 -f $LOG_FILES
+  fi
+else
+  echo "No log files appeared after wait; exiting stream script."
+  exit 0
+fi
--- a/.devcontainer/xdebug-trigger.ini
+++ b/.devcontainer/xdebug-trigger.ini
@@ -0,0 +1,11 @@
+zend_extension=xdebug.so
+xdebug.mode=debug
+xdebug.start_with_request=trigger
+xdebug.trigger_value=VSCODE
+xdebug.client_host=host.docker.internal
+xdebug.client_port=9003
+xdebug.log=/var/log/xdebug.log
+xdebug.log_level=7
+xdebug.idekey=VSCODE
+xdebug.discover_client_host=true
+xdebug.max_nesting_level=512
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+github: jokob-sk
+patreon: netalertx
+buy_me_a_coffee: jokobsk
--- a/.github/ISSUE_TEMPLATE/documentation-feedback.yml
+++ b/.github/ISSUE_TEMPLATE/documentation-feedback.yml
@@ -0,0 +1,56 @@
+name: Documentation Feedback 📝
+description: Suggest improvements, clarify inconsistencies, or report issues related to the documentation.
+labels: ['documentation 📚']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please search to see if an open or closed issue already exists for the documentation change you're suggesting.
+    options:
+      - label: I have searched the existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What document or section does this relate to?
+    description: |
+      Please include a link to the file and section, if applicable. Be specific about what part of the documentation you are referencing.
+    placeholder: e.g. https://github.com/jokob-sk/NetAlertX/blob/main/docs/FRONTEND_DEVELOPMENT.md
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the issue
+    description: A clear and concise explanation of the issue or inconsistency you found in the documentation.
+    placeholder: e.g. The linked file is referred to as "Contributor Guidelines" but only covers frontend topics.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Your suggestion or proposed solution
+    description: Suggest how the documentation could be improved, clarified, or reorganized.
+    placeholder: e.g. Combine frontend and backend development into a single CONTRIBUTING.md file with common sections to reduce fragmentation.
+  validations:
+    required: true
+- type: checkboxes
+  attributes:
+    label: What type of issue is this?
+    options:
+      - label: Missing information
+      - label: Inaccurate or outdated information
+      - label: Unclear or confusing content
+      - label: Structure or organization improvements
+      - label: Other (explain in issue)
+- type: textarea
+  attributes:
+    label: Anything else?
+    description: |
+      Additional context, references, screenshots, or related issues. You can also mention if you’re willing to help implement the suggestion.
+  validations:
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can I help implement this? 👩‍💻👨‍💻 
+    description: The maintainer can provide guidance and review your changes.
+    options:
+      - label: "Yes, I’d like to help implement the improvement"
+      - label: "No, I’m just suggesting the idea"
--- a/.github/ISSUE_TEMPLATE/enhancement-request.yml
+++ b/.github/ISSUE_TEMPLATE/enhancement-request.yml
@@ -0,0 +1,33 @@
+name: Enhancement Request
+description: Propose an improvement to an existing feature or UX behavior.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What is the enhancement?
+    description: Describe the change or optimization you’d like to see to an existing feature.
+    placeholder: e.g. Make scan intervals configurable from UI instead of just `app.conf`
+    required: true
+- type: textarea
+  attributes:
+    label: What problem does this solve or improve?
+    description: Describe why this change would improve user experience or project maintainability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: |
+      Screenshots? Comparisons? Reference repos?
+    required: false
+- type: checkboxes
+  attributes:
+    label: Are you willing to help implement this?
+    options:
+      - label: "Yes"
+      - label: "No"
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -1,6 +1,6 @@
 name: Feature Request
 description: 'Suggest an idea for NetAlertX'
-labels: ['Feature request➕']
+labels: ['Feature request ➕']
 body:
 - type: checkboxes
  attributes:
@@ -46,7 +46,7 @@ body:
 - type: checkboxes
  attributes:
    label: Can I help implement this? 👩‍💻👨‍💻 
-    description: The maintainer will provide guidance and help. The implementer will read the PR guidelines https://github.com/jokob-sk/NetAlertX/tree/main/docs#-pull-requests-prs
+    description: The maintainer will provide guidance and help. The implementer will read the PR guidelines https://jokob-sk.github.io/NetAlertX/DEV_ENV_SETUP/
    options:
    - label: "Yes"
    - label: "No"
--- a/.github/ISSUE_TEMPLATE/i-have-an-issue.yml
+++ b/.github/ISSUE_TEMPLATE/i-have-an-issue.yml
@@ -7,7 +7,7 @@ body:
    label: Is there an existing issue for this?
    description: Please search to see if an open or closed issue already exists for the bug you encountered.
    options:
-    - label: I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs
+    - label: I have searched the existing open and closed issues and I checked the docs https://jokob-sk.github.io/NetAlertX/
      required: true
 - type: checkboxes
  attributes:
@@ -59,12 +59,15 @@ body:
  validations:
    required: false
 - type: dropdown
+  id: installation_type
  attributes:
    label: What installation are you running?
    options:
      - Production (netalertx)
      - Dev (netalertx-dev)
      - Home Assistant (addon)
+      - Home Assistant fa (full-access addon)
+      - Bare-metal (community only support - Check Discord)
  validations:
    required: true
 - type: textarea
--- a/.github/ISSUE_TEMPLATE/refactor-codequality-request.yml
+++ b/.github/ISSUE_TEMPLATE/refactor-codequality-request.yml
@@ -0,0 +1,37 @@
+name: Refactor / Code Quality Request ♻️
+description: Suggest improvements to code structure, style, or maintainability.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please check if a similar request already exists.
+    options:
+      - label: I have searched the existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What part of the code needs refactoring or improvement?
+    description: Specify files, modules, or components.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the proposed changes
+    description: Explain the refactoring or quality improvements you suggest.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this improvement needed?
+    description: Benefits such as maintainability, readability, performance, or scalability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: Any relevant links, references, or related issues.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help implement this change?
+    options:
+      - label: Yes
+      - label: No
--- a/.github/ISSUE_TEMPLATE/security-report.yml
+++ b/.github/ISSUE_TEMPLATE/security-report.yml
@@ -0,0 +1,28 @@
+name: Security Report 🔐
+description: Report a security vulnerability or concern privately.
+labels: ['security 🔐']
+body:
+- type: markdown
+  attributes:
+    value: |
+      **Important:** For security reasons, please do **not** post sensitive security issues publicly in the issue tracker.
+      Instead, send details to our security contact email: [jokob@duck.com](mailto:jokob@duck.com).
+      
+      We appreciate your responsible disclosure.
+- type: textarea
+  attributes:
+    label: Brief summary (non-sensitive)
+    description: Provide a non-sensitive overview of the security issue.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Any other information or related reports.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Have you sent this report via email to the security contact?
+    options:
+      - label: Yes, I have sent the details to jokob@duck.com
+        required: true
+      - label: Not yet, I will send it after opening this issue
--- a/.github/ISSUE_TEMPLATE/setup-help.yml
+++ b/.github/ISSUE_TEMPLATE/setup-help.yml
@@ -0,0 +1,75 @@
+name: Setup help
+description: 'When submitting an issue enable LOG_LEVEL="trace" and re-search first.'
+labels: ['Setup 📥']
+body:
+- type: checkboxes
+  attributes:
+    label: Did I research?
+    description: Please confirm you checked the usual places before opening a setup support request.
+    options:
+    - label: I have searched the docs https://jokob-sk.github.io/NetAlertX/
+      required: true
+    - label: I have searched the existing open and closed issues
+      required: true
+    - label: I confirm my SCAN_SUBNETS is configured and tested as per https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md
+      required: true
+- type: checkboxes
+  attributes:
+    label: The issue occurs in the following browsers. Select at least 2.
+    description: This step helps me understand if this is a cache or browser-specific issue. 
+    options:
+    - label: "Firefox"
+    - label: "Chrome"
+    - label: "Other (unsupported) - PRs welcome"
+    - label: "N/A - This is an issue with the backend"
+- type: textarea
+  attributes:
+    label: What I want to do
+    description: Describe what you want to achieve.
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Relevant settings you changed
+    description: |
+      Paste a screenshot or setting values of the settings you changed. 
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: docker-compose.yml
+    description: |
+      Paste your `docker-compose.yml`    
+    render: python
+  validations:
+    required: false
+- type: dropdown
+  id: installation_type
+  attributes:
+    label: What installation are you running?
+    options:
+      - Production (netalertx)
+      - Dev (netalertx-dev)
+      - Home Assistant (addon)
+      - Home Assistant fa (full-access addon)
+      - Bare-metal (community only support - Check Discord)
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: app.log
+    description: |
+      Logs with debug enabled (https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md) ⚠
+      ***Generally speaking, all bug reports should have logs provided.***
+      Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+      Additionally, any additional info? Screenshots? References? Anything that will give us more context about the issue you are encountering!
+      You can use `tail -100 /app/log/app.log` in the container if you have trouble getting to the log files. 
+  validations:
+    required: false
+- type: checkboxes
+  attributes:
+    label: Debug enabled
+    description: I confirm I enabled `debug`
+    options:
+    - label: I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.
+      required: true
--- a/.github/ISSUE_TEMPLATE/translation-request.yml
+++ b/.github/ISSUE_TEMPLATE/translation-request.yml
@@ -0,0 +1,36 @@
+name: Translation / Localization Request 🌐
+description: Suggest adding or improving translations or localization support.
+labels: ['enhancement 🌐']
+body:
+- type: checkboxes
+  attributes:
+    label: Have you checked for existing translation efforts or related issues?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: Language(s) involved
+    description: Specify the language(s) this request pertains to.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the translation or localization improvement
+    description: Examples include adding new language support, fixing translation errors, or improving formatting.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this important for the project or users?
+    description: Describe the benefits or target audience.
+    required: false
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Link to files, previous translation PRs, or external resources.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help with translation or review?
+    options:
+      - label: Yes
+      - label: No
--- a/.github/PULL_REQUEST_TEMPLATE/code-pr-template.md
+++ b/.github/PULL_REQUEST_TEMPLATE/code-pr-template.md
@@ -0,0 +1,53 @@
+## 📌 Description
+
+<!-- Provide a brief description of the changes you're introducing. Be clear and concise. -->
+
+---
+
+## 🔍 Related Issues
+
+<!-- Reference any related issues (e.g., closes #123, fixes #456) -->
+
+---
+
+## 📋 Type of Change
+
+Please check the relevant option(s):
+
+- [ ] 🐛 Bug fix
+- [ ] ✨ New feature
+- [ ] ♻️ Code refactor
+- [ ] 📚 Documentation update
+- [ ] 🧪 Test addition or change
+- [ ] 🔧 Build/config update
+- [ ] 🚀 Performance improvement
+- [ ] 🔨 CI/CD or automation
+- [ ] 🧹 Cleanup / chore
+
+---
+
+## 📷 Screenshots or Logs (if applicable)
+
+<!-- Add screenshots, terminal output, logs, or anything that helps understand your change -->
+
+---
+
+## 🧪 Testing Steps
+
+<!-- Describe how the change was tested. Manual steps, test cases, or automated test runs -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I have read the [Contribution Guidelines](../../CONTRIBUTING)
+- [ ] I have tested my changes locally
+- [ ] I have updated relevant documentation (if applicable)
+- [ ] I have verified my changes do not break existing behavior
+- [ ] I am willing to respond to requested changes and feedback
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Anything else you want reviewers to know? Future follow-ups? Questions? -->
--- a/.github/PULL_REQUEST_TEMPLATE/docs-pr-template.md
+++ b/.github/PULL_REQUEST_TEMPLATE/docs-pr-template.md
@@ -0,0 +1,37 @@
+## 📚 Documentation Update
+
+<!-- Describe the purpose of this PR in one or two sentences. Example: "This PR updates the contributor guidelines by merging frontend and backend sections." -->
+
+---
+
+## 📝 What’s Changed?
+
+<!-- Briefly outline what parts of the documentation were added, changed, removed, or reorganized -->
+
+- Combined frontend and backend development guidelines into a single file
+- Updated `mkdocs.yml` to reflect new structure
+- Added clarification on contribution process
+- Fixed outdated links in sidebar
+
+---
+
+## 🔍 Related Issue(s)
+
+<!-- Link to related issues, discussions, or context (e.g., closes #123) -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I followed the formatting/style of existing documentation
+- [ ] I have read the [Contribution Guidelines](../../CONTRIBUTING)
+- [ ] I updated `mkdocs.yml` if necessary
+- [ ] I verified links and references still work
+- [ ] I checked that my changes improve clarity, structure, or accuracy
+- [ ] I'm open to feedback and suggestions
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Optional: Include anything you want reviewers to be aware of -->
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,62 @@
+This is NetAlertX — network monitoring & alerting.
+
+Purpose: Guide AI assistants to follow NetAlertX architecture, conventions, and safety practices. Be concise, opinionated, and prefer existing helpers/settings over new code or hardcoded values.
+
+## Architecture (what runs where)
+- Backend (Python): main loop + GraphQL/REST endpoints orchestrate scans, plugins, workflows, notifications, and JSON export.
+	- Key: `server/__main__.py`, `server/plugin.py`, `server/initialise.py`, `server/api_server/api_server_start.py`
+- Data (SQLite): persistent state in `db/app.db`; helpers in `server/database.py` and `server/db/*`.
+- Frontend (Nginx + PHP + JS): UI reads JSON, triggers execution queue events.
+	- Key: `front/`, `front/js/common.js`, `front/php/server/*.php`
+- Plugins (Python): acquisition/enrichment/publishers under `front/plugins/*` with `config.json` manifests.
+- Messaging/Workflows: `server/messaging/*`, `server/workflows/*`
+- API JSON Cache for UI: generated under `api/*.json`
+
+Backend loop phases (see `server/__main__.py` and `server/plugin.py`): `once`, `schedule`, `always_after_scan`, `before_name_updates`, `on_new_device`, `on_notification`, plus ad‑hoc `run` via execution queue. Plugins execute as scripts that write result logs for ingestion.
+
+## Plugin patterns that matter
+- Manifest lives at `front/plugins/<code_name>/config.json`; `code_name` == folder, `unique_prefix` drives settings and filenames (e.g., `ARPSCAN`).
+- Control via settings: `<PREF>_RUN` (phase), `<PREF>_RUN_SCHD` (cron-like), `<PREF>_CMD` (script path), `<PREF>_RUN_TIMEOUT`, `<PREF>_WATCH` (diff columns).
+- Data contract: scripts write `/app/log/plugins/last_result.<PREF>.log` (pipe‑delimited: 9 required cols + optional 4). Use `front/plugins/plugin_helper.py`’s `Plugin_Objects` to sanitize text and normalize MACs, then `write_result_file()`.
+- Device import: define `database_column_definitions` when creating/updating devices; watched fields trigger notifications.
+
+### Standard Plugin Formats
+* publisher: Sends notifications to services. Runs `on_notification`. Data source: self.
+* dev scanner: Creates devices and manages online/offline status. Runs on `schedule`. Data source: self / SQLite DB.
+* name discovery: Discovers device names via various protocols. Runs `before_name_updates` or on `schedule`. Data source: self.
+* importer: Imports devices from another service. Runs on `schedule`. Data source: self / SQLite DB.
+* system: Provides core system functionality. Runs on `schedule` or is always on. Data source: self / Template.
+* other: Miscellaneous plugins. Runs at various times. Data source: self / Template.
+
+### Plugin logging & outputs
+- Always log via `mylog()` like other plugins do (no `print()`). Example: `mylog('verbose', [f'[{pluginName}] In script'])`.
+- Collect results with `Plugin_Objects.add_object(...)` during processing and call `plugin_objects.write_result_file()` exactly once at the end of the script.
+- Prefer to log a brief summary before writing (e.g., total objects added) to aid troubleshooting; keep logs concise at `verbose` level unless debugging.
+
+- Do not write ad‑hoc files for results; the only consumable output is `last_result.<PREF>.log` generated by `Plugin_Objects`.
+## API/Endpoints quick map
+- Flask app: `server/api_server/api_server_start.py` exposes routes like `/device/<mac>`, `/devices`, `/devices/export/{csv,json}`, `/devices/import`, `/devices/totals`, `/devices/by-status`, plus `nettools`, `events`, `sessions`, `dbquery`, `metrics`, `sync`.
+- Authorization: all routes expect header `Authorization: Bearer <API_TOKEN>` via `get_setting_value('API_TOKEN')`.
+
+## Conventions & helpers to reuse
+- Settings: add/modify via `ccd()` in `server/initialise.py` or per‑plugin manifest. Never hardcode ports or secrets; use `get_setting_value()`.
+- Logging: use `logger.mylog(level, [message])`; levels: none/minimal/verbose/debug/trace.
+- Time/MAC/strings: `helper.py` (`timeNowTZ`, `normalize_mac`, sanitizers). Validate MACs before DB writes.
+- DB helpers: prefer `server/db/db_helper.py` functions (e.g., `get_table_json`, device condition helpers) over raw SQL in new paths.
+
+## Dev workflow (devcontainer)
+- Services: use tasks to (re)start backend and nginx/PHP-FPM. Backend runs with debugpy on 5678; attach a Python debugger if needed.
+- Run a plugin manually: `python3 front/plugins/<code_name>/script.py` (ensure `sys.path` includes `/app/front/plugins` and `/app/server` like the template).
+- Testing: pytest available via Alpine packages. Tests live in `test/`; app code is under `server/`. PYTHONPATH is preconfigured to include workspace and `/opt/venv` site‑packages.
+
+## What “done right” looks like
+- When adding a plugin, start from `front/plugins/__template`, implement with `plugin_helper`, define manifest settings, and wire phase via `<PREF>_RUN`. Verify logs in `/app/log/plugins/` and data in `api/*.json`.
+- When introducing new config, define it once (core `ccd()` or plugin manifest) and read it via helpers everywhere.
+- When exposing new server functionality, add endpoints in `server/api_server/*` and keep authorization consistent; update UI by reading/writing JSON cache rather than bypassing the pipeline.
+
+## Useful references
+- Docs: `docs/PLUGINS_DEV.md`, `docs/SETTINGS_SYSTEM.md`, `docs/API_*.md`, `docs/DEBUG_*.md`
+- Logs: backend `/app/log/app.log`, plugin logs under `/app/log/plugins/`, nginx/php logs under `/var/log/*`
+
+Assistant expectations
+- Reference concrete files/paths. Use existing helpers/settings. Keep changes idempotent and safe. Offer a quick validation step (log line, API hit, or JSON export) for anything you add.
--- a/.github/workflows/code_checks.yml
+++ b/.github/workflows/code_checks.yml
@@ -0,0 +1,41 @@
+name: Code checks
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - '*.*.*'
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check-url-paths:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check for incorrect absolute '/php/' URLs in frontend code
+        run: |
+          echo "🔍 Checking for incorrect absolute '/php/' URLs (should be 'php/' or './php/')..."
+
+          MATCHES=$(grep -rE "['\"]\/php\/" --include=\*.{js,php,html} ./front | grep -E "\.get|\.post|\.ajax|fetch|url\s*:") || true
+
+          if [ -n "$MATCHES" ]; then
+            echo "$MATCHES"
+            echo "❌ Found incorrectly absolute '/php/' URLs. Use 'php/' or './php/' for relative paths."
+            exit 1
+          else
+            echo "✅ No bad '/php/' URLs found."
+          fi
+
+
+
+      - name: Check Python syntax
+        run: |
+          set -e
+          echo "🔍 Checking Python syntax..."
+          find . -name "*.py" -print0 | xargs -0 -n1 python3 -m py_compile
+
--- a/.github/workflows/docker_dev.yml
+++ b/.github/workflows/docker_dev.yml
@@ -1,15 +1,14 @@
---
 name: docker

 on:
  push:
    branches:
-      - '**'
+      - main
    tags:
      - '*.*.*'
  pull_request:
    branches:
-      - master
+      - main

 jobs: 
  docker_dev:
@@ -37,7 +36,7 @@ jobs:

      - name: Get release version
        id: get_version
-        run: echo "::set-output name=version::${{ 'Dev' }}"
+        run: echo "version=Dev" >> $GITHUB_OUTPUT

      - name: Create .VERSION file
        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION
@@ -46,13 +45,11 @@ jobs:
        id: meta
        uses: docker/metadata-action@v4
        with:
-          # list of Docker images to use as base name for tags
          images: |
+            ghcr.io/jokob-sk/netalertx-dev
            jokobsk/netalertx-dev
-          # generate Docker tags based on the following events/attributes
          tags: |
            type=raw,value=latest
-            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
@@ -60,24 +57,20 @@ jobs:
            type=semver,pattern={{major}}
            type=sha

-      - name: Log in to Github Container registry
+      - name: Log in to Github Container Registry (GHCR)
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: jokob-sk
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Login to DockerHub
+      - name: Log in to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      # # Disable this after use
-      # - name: Prune Docker Builder
-      #   run: docker builder prune --force
-
      - name: Build and push
        uses: docker/build-push-action@v3
        with:
@@ -86,6 +79,3 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-          # # ⚠ disable cache if build is failing to download debian packages
-          # cache-from: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache
-          # cache-to: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache,mode=max
--- a/.github/workflows/docker_prod.yml
+++ b/.github/workflows/docker_prod.yml
@@ -48,8 +48,8 @@ jobs:
        with:
          # list of Docker images to use as base name for tags
          images: |
-            jokobsk/pi.alert
-            jokobsk/netalertx
+            ghcr.io/jokob-sk/netalertx
+            jokobsk/netalertx  
          # generate Docker tags based on the following events/attributes
          tags: |
            type=semver,pattern={{version}},value=${{ inputs.version }}
--- a/.github/workflows/docker_rewrite.yml
+++ b/.github/workflows/docker_rewrite.yml
@@ -0,0 +1,81 @@
+name: docker
+
+on:
+  push:
+    branches:
+      - rewrite
+    tags:
+      - '*.*.*'
+  pull_request:
+    branches:
+      - rewrite
+
+jobs: 
+  docker_rewrite:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
+    if: >
+      contains(github.event.head_commit.message, 'PUSHPROD') != 'True' &&
+      github.repository == 'jokob-sk/NetAlertX'  
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up dynamic build ARGs
+        id: getargs        
+        run: echo "version=$(cat ./stable/VERSION)" >> $GITHUB_OUTPUT
+
+      - name: Get release version
+        id: get_version
+        run: echo "version=Dev" >> $GITHUB_OUTPUT
+
+      - name: Create .VERSION file
+        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/jokob-sk/netalertx-dev-rewrite
+            jokobsk/netalertx-dev-rewrite
+          tags: |
+            type=raw,value=latest
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Log in to Github Container Registry (GHCR)
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: jokob-sk
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/label-issues.yml
+++ b/.github/workflows/label-issues.yml
@@ -0,0 +1,43 @@
+name: Label Issues by Installation Type
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  issues: write
+
+jobs:
+  add-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get issue content
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const body = context.payload.issue.body;
+
+            const lowerBody = body.toLowerCase();
+
+            let labelsToAdd = [];
+
+            if (lowerBody.includes('bare-metal')) {
+              labelsToAdd.push('bare-metal ❗');
+            }
+
+            if (lowerBody.includes('home assistant')) {
+              labelsToAdd.push('Home Assistant 🏠');
+            }
+
+            if (lowerBody.includes('production (netalertx)') || lowerBody.includes('dev (netalertx-dev)')) {
+              labelsToAdd.push('Docker 🐋');
+            }
+
+            if (labelsToAdd.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: labelsToAdd
+              });
+            }
--- a/.github/workflows/mkdocs.yml
+++ b/.github/workflows/mkdocs.yml
@@ -0,0 +1,25 @@
+name: Deploy MkDocs
+
+on:
+  push:
+    branches:
+      - main  # Change if your default branch is different
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install MkDocs
+        run: |
+          pip install mkdocs mkdocs-material && pip install mkdocs-github-admonitions-plugin 
+
+      - name: Deploy MkDocs
+        run: mkdocs gh-deploy --force
--- a/.github/workflows/social_post_on_release.yml
+++ b/.github/workflows/social_post_on_release.yml
@@ -1,32 +1,18 @@
-name: 📧 Twitter and Discord Posts
+name: 📧 Social Posts
 on:
  release:
    types: [published]

 jobs:
-  post-release:
+  post-discord:
    runs-on: ubuntu-latest
    steps:
      - name: Wait for 15 minutes
        run: sleep 900  # 15 minutes delay

-      # Post to Twitter
-      - name: Post to Twitter
-        uses: gr2m/twitter-together@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TWITTER_API_KEY: ${{ secrets.TWITTER_API_KEY }}
-          TWITTER_API_SECRET: ${{ secrets.TWITTER_API_SECRET }}
-          TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
-          TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
-        with:
-          tweet: |
-            🎉 New release: **${{ github.event.release.name }}** is live! 🚀
-            Check it out here: ${{ github.event.release.html_url }}
-
-      # Post to Discord
      - name: Post to Discord
        run: |
          curl -X POST -H "Content-Type: application/json" \
          -d '{"content": "🎉 New release: **${{ github.event.release.name }}** is live! 🚀\nCheck it out here: ${{ github.event.release.html_url }}"}' \
          ${{ secrets.DISCORD_WEBHOOK_URL }}
+
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -0,0 +1,34 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python Backend Debug: Attach",
+            "type": "debugpy",
+            "request": "attach",
+            "connect": {
+                "host": "localhost",
+                "port": 5678
+            },
+            "pathMappings": [
+                {
+                    // Map workspace root to /app for PHP and other resources, plus explicit server mapping for Python.
+                    "localRoot": "${workspaceFolder}",
+                    "remoteRoot": "/app"
+                },
+                {
+                    "localRoot": "${workspaceFolder}/server",
+                    "remoteRoot": "/app/server"
+                }
+            ]
+        },
+        {
+            "name": "PHP Frontend Xdebug: Listen",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "pathMappings": {
+                "/app": "${workspaceFolder}"
+            }
+        }
+    ]
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,13 @@
+{
+    "terminal.integrated.suggest.enabled": true,
+    // Use pytest and look under the test/ folder
+    "python.testing.pytestEnabled": true,
+    "python.testing.unittestEnabled": false,
+    "python.testing.pytestArgs": [
+        "test"
+    ],
+    // Ensure VS Code uses the devcontainer virtualenv
+    "python.defaultInterpreterPath": "/opt/venv/bin/python",
+    // Let the Python extension invoke pytest via the interpreter; avoid hardcoded paths
+    // Removed python.testing.pytestPath and legacy pytest.command overrides
+}
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -0,0 +1,94 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Generate Dockerfile",
+      "type": "shell",
+      "command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/generate-dockerfile.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "group": {
+        "kind": "build",
+        "isDefault": false
+      },
+      "options": {
+        "cwd": "${workspaceFolder:NetAlertX}"
+      },
+      "icon": {
+        "id": "tools",
+        "color": "terminal.ansiYellow"
+      }
+    },
+    {
+      "label": "Re-Run Startup Script",
+      "type": "shell",
+      "command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/setup.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "beaker",
+        "color": "terminal.ansiBlue"
+      }
+    },
+    {
+      "label": "Start Backend (Python)",
+      "type": "shell",
+      "command": "/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false,
+        "clear": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-restart",
+        "color": "terminal.ansiGreen"
+      }
+    },
+    {
+      "label": "Start Frontend (nginx and PHP-FPM)",
+      "type": "shell",
+      "command": "killall php-fpm83 nginx 2>/dev/null || true; sleep 1; php-fpm83 & nginx",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false,
+        "clear": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-restart",
+        "color": "terminal.ansiGreen"
+      }
+    },
+    {
+      "label": "Stop Frontend & Backend Services",
+      "type": "shell",
+      "command": "pkill -f 'php-fpm83|nginx|crond|python3' || true",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-stop",
+        "color": "terminal.ansiRed"
+      }
+    }
+  ]
+}
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,137 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at <jokob@duck.com>.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Ethical Use Clause (Project-Specific)
+
+While NetAlertX is a tool designed to empower users with greater insight into their own networks, we expect and encourage all users to use this software **ethically and legally**.
+
+- Do not use this software to scan or monitor networks without **explicit authorization**.
+- Respect privacy, consent, and data protection laws applicable in your jurisdiction.
+- Any use of NetAlertX for malicious surveillance, stalking, or unauthorized access is explicitly discouraged and may be grounds for removal from the community and revocation of support.
+
+We reserve the right to take appropriate action to uphold the ethical integrity of this project.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the
+[Contributor Covenant](https://www.contributor-covenant.org/), version 2.1,
+available at
+<https://www.contributor-covenant.org/version/2/1/code_of_conduct/>.
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion).
+
+For answers to common questions about this code of conduct, see the FAQ at
+<https://www.contributor-covenant.org/faq/>. Translations are available at
+<https://www.contributor-covenant.org/translations/>.
--- a/55
+++ b/55
@@ -1,14 +1,53 @@
-# Contributing to this project
+# 🤝 Contributing to NetAlertX

-## Issues, bugs, feature requests
+First off, **thank you** for taking the time to contribute! NetAlertX is built and improved with the help of passionate people like you.

-The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.
+---

-Before submitting a new issue please spend a couple of minutes on research:
+## 📂 Issues, Bugs, and Feature Requests

-* Check [🛑 Common issues](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues) 
-* Check [💡 Closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
+Please use the [GitHub Issue Tracker](https://github.com/jokob-sk/NetAlertX/issues) for:
+- Bug reports 🐞
+- Feature requests 💡
+- Documentation feedback 📖

-## Pull-requests (PRs)
+Before opening a new issue:
+- 🛑 [Check Common Issues & Debug Tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues)
+- 🔍 [Search Closed Issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed)

-If you submit a PR please do check that your changes are backward compatible with existing installations. Existing features should be always preserved.
+---
+
+## 🚀 Submitting Pull Requests (PRs)
+
+We welcome PRs to improve the code, docs, or UI!
+
+Please:
+- Ensure **backward compatibility** with existing installations
+- Preserve existing features unless a breaking change is intentional and discussed
+- Follow existing **code style and structure**
+- Provide a clear title and description for your PR
+- If relevant, add or update tests and documentation
+- For plugins, refer to the [Plugin Dev Guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)
+
+---
+
+## 🌟 First-Time Contributors
+
+New to open source? Check out these resources:
+- [How to Fork and Submit a PR](https://opensource.guide/how-to-contribute/)
+- Ask questions or get support in our [Discord](https://discord.gg/NczTUTWyRr)
+
+---
+
+## 🔐 Code of Conduct
+
+By participating, you agree to follow our [Code of Conduct](./CODE_OF_CONDUCT.md), which ensures a respectful and welcoming community.
+
+---
+
+## 📬 Contact
+
+If you have more in-depth questions or want to discuss contributing in other ways, feel free to reach out at:  
+📧 [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX%20Contribution)
+
+We appreciate every contribution, big or small! 💙
--- a/32
+++ b/32
@@ -1,11 +1,11 @@
-FROM alpine:3.20 AS builder
+FROM alpine:3.22 AS builder

 ARG INSTALL_DIR=/app

 ENV PYTHONUNBUFFERED=1

 # Install build dependencies
-RUN apk add --no-cache bash python3 python3-dev gcc musl-dev libffi-dev openssl-dev git\
+RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git \
    && python -m venv /opt/venv

 # Enable venv
@@ -13,34 +13,21 @@ ENV PATH="/opt/venv/bin:$PATH"

 COPY . ${INSTALL_DIR}/

-
-RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask netifaces tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros git+https://github.com/foreign-sub/aiofreepybox.git \
+RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git \
    && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
    && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
    && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py'  -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"

 # Append Iliadbox certificate to aiofreepybox
-RUN printf "\n-----BEGIN CERTIFICATE-----\n\
-MIICOjCCAcCgAwIBAgIUI0Tu7zsrBJACQIZgLMJobtbdNn4wCgYIKoZIzj0EAwIw\n\
-TDELMAkGA1UEBhMCSVQxDjAMBgNVBAgMBUl0YWx5MQ4wDAYDVQQKDAVJbGlhZDEd\n\
-MBsGA1UEAwwUSWxpYWRib3ggRUNDIFJvb3QgQ0EwHhcNMjAxMTI3MDkzODEzWhcN\n\
-NDAxMTIyMDkzODEzWjBMMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDjAM\n\
-BgNVBAoMBUlsaWFkMR0wGwYDVQQDDBRJbGlhZGJveCBFQ0MgUm9vdCBDQTB2MBAG\n\
-ByqGSM49AgEGBSuBBAAiA2IABMryJyb2loHNAioY8IztN5MI3UgbVHVP/vZwcnre\n\
-ZvJOyDvE4HJgIti5qmfswlnMzpNbwf/MkT+7HAU8jJoTorRm1wtAnQ9cWD3Ebv79\n\
-RPwtjjy3Bza3SgdVxmd6fWPUKaNjMGEwHQYDVR0OBBYEFDUij/4lpoJ+kOXRyrcM\n\
-jf2RPzOqMB8GA1UdIwQYMBaAFDUij/4lpoJ+kOXRyrcMjf2RPzOqMA8GA1UdEwEB\n\
-/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQC6eUV1\n\
-pFh4UpJOTc1JToztN4ttnQR6rIzxMZ6mNCe+nhjkohWp24pr7BpUYSbEizYCMAQ6\n\
-LCiBKV2j7QQGy7N1aBmdur17ZepYzR1YV0eI+Kd978aZggsmhjXENQYVTmm/XA==\n\
-----END CERTIFICATE-----\n" >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem
+RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem

 # second stage
-FROM alpine:3.20 AS runner
+FROM alpine:3.22 AS runner

 ARG INSTALL_DIR=/app

 COPY --from=builder /opt/venv /opt/venv
+COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/

 # Enable venv
 ENV PATH="/opt/venv/bin:$PATH" 
@@ -54,11 +41,10 @@ ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
 # ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗ 

 RUN apk update --no-cache \
-    && apk add --no-cache bash zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
-    && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates  \
+    && apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
+    && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates \
    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
    && apk add --no-cache python3 nginx \
-    && apk add --no-cache dcron \
    && ln -s /usr/bin/awake /usr/bin/wakeonlan \
    && bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \
    && rm -f /etc/nginx/http.d/default.conf
@@ -66,7 +52,7 @@ RUN apk update --no-cache \
 COPY --from=builder --chown=nginx:www-data ${INSTALL_DIR}/ ${INSTALL_DIR}/

 # Add crontab file
-COPY install/crontab /etc/crontabs/root
+COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root

 # Start all required services
 RUN ${INSTALL_DIR}/dockerfiles/start.sh
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@@ -43,7 +43,7 @@ RUN phpenmod -v 8.2 sqlite3
 RUN apt-get install -y python3-venv
 RUN python3 -m venv myenv

-RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask netifaces tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros "
+RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag "

 # Create a buildtimestamp.txt to later check if a new version was released
 RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt
--- a/FUNDING.yml
+++ b/FUNDING.yml
@@ -1,2 +0,0 @@
-github: jokob-sk
-patreon: 84385063
--- a/README.md
+++ b/README.md
@@ -6,10 +6,46 @@

 # NetAlertX - Network, presence scanner and alert framework

-Get visibility of what's going on on your WIFI/LAN network and enable presence detection of important devices. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
+Get visibility of what's going on on your WIFI/LAN network and enable presence detection of important devices. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
+
+## 📋 Table of Contents
+
+- [Features](#-features)
+- [Documentation](#-documentation)
+- [Quick Start](#-quick-start)
+- [Alternative Apps](#-other-alternative-apps)
+- [Security & Privacy](#-security--privacy)
+- [FAQ](#-faq)
+- [Known Issues](#-known-issues)
+- [Donations](#-donations)
+- [Contributors](#-contributors)
+- [Translations](#-translations)
+- [License](#license)


-| [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
+## 🚀 Quick Start
+
+Start NetAlertX in seconds with Docker:
+
+```bash
+docker run -d --rm --network=host \
+  -v local_path/config:/app/config \
+  -v local_path/db:/app/db \
+  --mount type=tmpfs,target=/app/api \
+  -e PUID=200 -e PGID=300 \
+  -e TZ=Europe/Berlin \
+  -e PORT=20211 \
+  ghcr.io/jokob-sk/netalertx:latest
+```
+
+Need help configuring it? Check the [usage guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/README.md) or [full documentation](https://jokob-sk.github.io/NetAlertX/).
+
+For Home Assistant users: [Click here to add NetAlertX](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+
+For other install methods, check the [installation docs](#-documentation)
+
+
+| [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://jokob-sk.github.io/NetAlertX/) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
 |----------------------| ----------------------|  ----------------------| ----------------------| ----------------------| 

 ![showcase][showcase] 
@@ -30,7 +66,7 @@ Get visibility of what's going on on your WIFI/LAN network and enable presence d

 ### Scanners

-The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) docs for a full lits of avaliable plugins. 
+The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) docs for a full list of avaliable plugins. 

 ### Notification gateways

@@ -39,7 +75,11 @@ Send notifications to more than 80+ services, including Telegram via [Apprise](h
 ### Integrations and Plugins

 Feed your data and device changes into [Home Assistant](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HOME_ASSISTANT.md), read [API endpoints](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md), or use [Webhooks](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WEBHOOK_N8N.md) to setup custom automation flows. You can also 
-build your own scanners with the [Plugin system](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) in as little as [15 minutes](https://www.youtube.com/watch?v=cdbxlwiWhv8).
+build your own scanners with the [Plugin system](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) in as little as [15 minutes](https://www.youtube.com/watch?v=cdbxlwiWhv8).
+
+### Workflows
+
+The [workflows module](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WORKFLOWS.md) allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs.


 ## 📚 Documentation
@@ -55,6 +95,46 @@ Supported browsers: Chrome, Firefox
 - [[Development] API docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md)
 - [[Development] Custom Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)

+...or explore all the [documentation here](https://jokob-sk.github.io/NetAlertX/).
+
+## 🔐 Security & Privacy
+
+NetAlertX scans your local network and can store metadata about connected devices. By default, all data is stored **locally**. No information is sent to external services unless you explicitly configure notifications or integrations.
+
+To further secure your installation:
+- Run it behind a reverse proxy with authentication
+- Use firewalls to restrict access to the web UI
+- Regularly update to the latest version for security patches
+
+See [Security Best Practices](https://github.com/jokob-sk/NetAlertX/security) for more details.
+
+
+## ❓ FAQ
+
+**Q: Why don’t I see any devices?**  
+A: Ensure the container has proper network access (e.g., use `--network host` on Linux). Also check that your scan method is properly configured in the UI.
+
+**Q: Does this work on Wi-Fi-only devices like Raspberry Pi?**  
+A: Yes, but some scanners (e.g. ARP) work best on Ethernet. For Wi-Fi, try SNMP, DHCP, or Pi-hole import.
+
+**Q: Will this send any data to the internet?**  
+A: No. All scans and data remain local, unless you set up cloud-based notifications.
+
+**Q: Can I use this without Docker?**  
+A: Yes! You can install it bare-metal. See the [bare metal installation guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md).
+
+**Q: Where is the data stored?**  
+A: In the `/config` and `/db` folders, mapped in Docker. Back up these folders regularly.
+
+
+## 🐞 Known Issues
+
+- Some scanners (e.g. ARP) may not detect devices on different subnets. See the [Remote networks guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REMOTE_NETWORKS.md) for workarounds.
+- Wi-Fi-only networks may require alternate scanners for accurate detection.
+- Notification throttling may be needed for large networks to prevent spam.
+- On some systems, elevated permissions (like `CAP_NET_RAW`) may be needed for low-level scanning.
+
+Check the [GitHub Issues](https://github.com/jokob-sk/NetAlertX/issues) for the latest bug reports and solutions and consult [the official documentation](https://jokob-sk.github.io/NetAlertX/).

 ## 📃 Everything else
 <!--- --------------------------------------------------------------------- --->
@@ -107,7 +187,6 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out

 ### License
 >  GPL 3.0 | [Read more here](LICENSE.txt) | Source of the [animated GIF (Loading Animation)](https://commons.wikimedia.org/wiki/File:Loading_Animation.gif) | Source of the [selfhosted Fonts](https://github.com/adobe-fonts/source-sans)
-  


 <!--- --------------------------------------------------------------------- --->
@@ -119,7 +198,6 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 [network]:                  ./docs/img/network.png                        "Screen 5"
 [settings]:                 ./docs/img/settings.png                       "Screen 6"
 [showcase]:                 ./docs/img/showcase.gif                       "Screen 6"
-[help_faq]:                 ./docs/img/help_faq.png                       "Screen 7"
 [sync_hub]:                 ./docs/img/sync_hub.png                       "Screen 8"
 [notification_center]:      ./docs/img/notification_center.png            "Screen 8"
 [sent_reports_text]:        ./docs/img/sent_reports_text.png              "Screen 8"
@@ -128,4 +206,3 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 [main_dark]:                /docs/img/1_devices_dark.jpg                  "Main screen dark"
 [maintain_dark]:            /docs/img/5_maintain.jpg                      "Maintain screen dark"
 [follow_star]:              /docs/img/Follow_Releases_and_Star.gif        "Follow and Star"
-
--- a/api/.git-placeholder
+++ b/api/.git-placeholder
--- a/api/.gitignore
+++ b/api/.gitignore
@@ -1,2 +0,0 @@
-*
-!.gitignore
--- a/back/app.conf
+++ b/back/app.conf
@@ -18,18 +18,20 @@
 # SCAN_SUBNETS    = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]

 DISCOVER_PLUGINS=True
-SCAN_SUBNETS=['192.168.1.0/24 --interface=eth0']
+SCAN_SUBNETS=['--localnet']
 TIMEZONE='Europe/Berlin'
-LOADED_PLUGINS = ['ARPSCAN','CSVBCKP','DBCLNP', 'INTRNT','MAINT','NEWDEV','NSLOOKUP','NTFPRCS', 'AVAHISCAN', 'SETPWD','SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']
+LOADED_PLUGINS=['ARPSCAN', 'AVAHISCAN', 'CSVBCKP','DBCLNP', 'DIGSCAN', 'INTRNT', 'MAINT', 'NEWDEV', 'NBTSCAN', 'NSLOOKUP','NTFPRCS', 'SETPWD', 'SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']

 DAYS_TO_KEEP_EVENTS=90
 # Used for generating links in emails. Make sure not to add a trailing slash!
-REPORT_DASHBOARD_URL='http://netalertx'
+REPORT_DASHBOARD_URL='update_REPORT_DASHBOARD_URL_setting'

 # Make sure at least these scanners are enabled for new installs, other defaults are taken from the config.json
 INTRNT_RUN='schedule'
 ARPSCAN_RUN='schedule'
 NSLOOKUP_RUN='before_name_updates'
+AVAHISCAN_RUN='before_name_updates'
+NBTSCAN_RUN='before_name_updates'

 # Email 
 #-------------------------------------
--- a/back/app.db
+++ b/back/app.db
--- a/back/app_clean.db
+++ b/back/app_clean.db
--- a/back/app_old.db
+++ b/back/app_old.db
--- a/back/cron_script.sh
+++ b/back/cron_script.sh
@@ -5,8 +5,9 @@ LOG_FILE="${INSTALL_DIR}/log/execution_queue.log"

 # Check if there are any entries with cron_restart_backend
 if grep -q "cron_restart_backend" "$LOG_FILE"; then
-  # Kill all python processes (restart handled by s6 overlay)
-  pkill -f "python " && echo 'done'
+  # Restart python application using s6
+  s6-svc -r /var/run/s6-rc/servicedirs/netalertx
+  echo 'done'

  # Remove all lines containing cron_restart_backend from the log file
  sed -i '/cron_restart_backend/d' "$LOG_FILE"
--- a/back/device_heuristics_rules.json
+++ b/back/device_heuristics_rules.json
@@ -0,0 +1,200 @@
+[
+  {
+    "dev_type": "Gateway",
+    "icon_html": "<i class=\"fa fa-globe\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "INTERNET", "vendor": "" }
+    ],
+    "name_pattern": []
+  },
+  {
+    "dev_type": "Access Point",
+    "icon_html": "<i class=\"fa fa-network-wired\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "74ACB9", "vendor": "Ubiquiti" },
+      { "mac_prefix": "002468", "vendor": "Cisco" },
+      { "mac_prefix": "F4F5D8", "vendor": "TP-Link" },
+      { "mac_prefix": "F88E85", "vendor": "Netgear" }
+    ],
+    "name_pattern": ["router", "gateway", "ap", "access point", "access-point", "switch"]
+  },
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-brands fa-apple\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001A79", "vendor": "Apple" },
+      { "mac_prefix": "B0BE83", "vendor": "Samsung" },
+      { "mac_prefix": "BC926B", "vendor": "Motorola" }
+    ],
+    "name_pattern": ["iphone", "ipad", "pixel", "galaxy", "redmi"]
+  },
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-solid fa-mobile\"></i>",
+    "matching_pattern": [
+    ],
+    "name_pattern": ["android","samsung"]
+  },
+  {
+    "dev_type": "Tablet",
+    "icon_html": "<i class=\"fa fa-tablet\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001B63", "vendor": "Apple" },
+      { "mac_prefix": "BC4C4C", "vendor": "Samsung" }
+    ],
+    "name_pattern": ["tablet", "pad"]
+  },  
+  {
+    "dev_type": "IoT",
+    "icon_html": "<i class=\"fa-brands fa-raspberry-pi\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "B827EB", "vendor": "Raspberry Pi" },
+      { "mac_prefix": "DCA632", "vendor": "Raspberry Pi" }
+    ],
+    "name_pattern": ["raspberry", "pi"]
+  },
+  {
+    "dev_type": "IoT",
+    "icon_html": "<i class=\"fa-solid fa-microchip\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "840D8E", "vendor": "Espressif" },
+      { "mac_prefix": "ECFABC", "vendor": "Espressif" },
+      { "mac_prefix": "7C9EBD", "vendor": "Espressif" }
+    ],
+    "name_pattern": ["raspberry", "pi"]
+  },
+  {
+    "dev_type": "Desktop",
+    "icon_html": "<i class=\"fa fa-desktop\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001422", "vendor": "Dell" },
+      { "mac_prefix": "001874", "vendor": "Lenovo" },
+      { "mac_prefix": "00E04C", "vendor": "Hewlett Packard" }
+    ],
+    "name_pattern": ["desktop", "pc", "computer"]
+  },
+  {
+    "dev_type": "Laptop",
+    "icon_html": "<i class=\"fa fa-laptop\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "3C0754", "vendor": "HP" },
+      { "mac_prefix": "0017A4", "vendor": "Dell" },
+      { "mac_prefix": "F4CE46", "vendor": "Lenovo" },
+      { "mac_prefix": "409F38", "vendor": "Acer" }
+    ],
+    "name_pattern": ["macbook", "imac", "laptop", "notebook"]
+  },
+  {
+    "dev_type": "Server",
+    "icon_html": "<i class=\"fa fa-server\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001CBF", "vendor": "Supermicro" },
+      { "mac_prefix": "002186", "vendor": "Dell" },
+      { "mac_prefix": "D02788", "vendor": "Hewlett Packard" },
+      { "mac_prefix": "002590", "vendor": "IBM" }
+    ],
+    "name_pattern": ["server", "nas"]
+  },
+  {
+    "dev_type": "VM",
+    "icon_html": "<i class=\"fa fa-server\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "525400", "vendor": "QEMU" },
+      { "mac_prefix": "005056", "vendor": "VMware" },
+      { "mac_prefix": "000C29", "vendor": "VMware" },
+      { "mac_prefix": "000569", "vendor": "VMware" },
+      { "mac_prefix": "00163E", "vendor": "Xen" },
+      { "mac_prefix": "080027", "vendor": "VirtualBox" }
+    ]
+  },
+  {
+    "dev_type": "TV",
+    "icon_html": "<i class=\"fa fa-tv\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "0013CE", "vendor": "Samsung" },
+      { "mac_prefix": "0017C8", "vendor": "LG" },
+      { "mac_prefix": "D46E0E", "vendor": "Sony" }
+    ],
+    "name_pattern": ["tv", "television", "smarttv"]
+  },
+  {
+    "dev_type": "Gaming Console",
+    "icon_html": "<i class=\"fa fa-gamepad\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001FA7", "vendor": "Sony" },
+      { "mac_prefix": "7C04D0", "vendor": "Nintendo" },
+      { "mac_prefix": "EC26CA", "vendor": "Sony" }
+    ],
+    "name_pattern": ["playstation", "xbox"]
+  },
+  {
+    "dev_type": "Camera",
+    "icon_html": "<i class=\"fa fa-camera\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "A45E60", "vendor": "Hikvision" },
+      { "mac_prefix": "00408C", "vendor": "Axis" },
+      { "mac_prefix": "00156D", "vendor": "Amcrest" },
+      { "mac_prefix": "AC9E17", "vendor": "Reolink" }
+    ],
+    "name_pattern": ["camera", "cam", "webcam"]
+  },
+  {
+    "dev_type": "Smart Speaker",
+    "icon_html": "<i class=\"fa fa-volume-up\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "44650D", "vendor": "Amazon" },
+      { "mac_prefix": "74ACB9", "vendor": "Google" }
+    ],
+    "name_pattern": ["echo", "alexa", "dot"]
+  },
+  {
+    "dev_type": "Router",
+    "icon_html": "<i class=\"fa fa-random\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "000C29", "vendor": "Cisco" },
+      { "mac_prefix": "00155D", "vendor": "MikroTik" }
+    ],
+    "name_pattern": ["router", "gateway", "ap", "access point", "access-point"],
+    "ip_pattern": [
+      "^192\\.168\\.[0-1]\\.1$",
+      "^10\\.0\\.0\\.1$"
+    ]
+  },
+  {
+    "dev_type": "Smart Light",
+    "icon_html": "<i class=\"fa fa-lightbulb\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["hue", "lifx", "bulb"]
+  },
+  {
+    "dev_type": "Smart Home",
+    "icon_html": "<i class=\"fa fa-house\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["google", "chromecast", "nest"]
+  },
+  {
+    "dev_type": "Smartwatch",
+    "icon_html": "<i class=\"fa fa-watch\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["watch", "wear"]
+  },
+  {
+    "dev_type": "Printer",
+    "icon_html": "<i class=\"fa fa-print\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["printer", "print"]
+  },
+  {
+    "dev_type": "Security Device",
+    "icon_html": "<i class=\"fa fa-shield-alt\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["doorbell", "lock", "security"]
+  },
+  {
+    "dev_type": "Smart Light",
+    "icon_html": "<i class=\"fa-solid fa-lightbulb\"></i>",
+    "matching_pattern": [
+    ],
+    "name_pattern": ["light","bulb"]
+  }
+]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,11 +23,13 @@ services:
      # - ${DEV_LOCATION}/api:/app/api
      # ---------------------------------------------------------------------------
      # DELETE START anyone trying to use this file: comment out / delete BELOW lines, they are only for development purposes
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases      
-      - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db    
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases        # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db    # test data for PIHOLE plugin
+      - ${DEV_LOCATION}/mkdocs.yml:/app/mkdocs.yml
+      - ${DEV_LOCATION}/docs:/app/docs
      - ${DEV_LOCATION}/server:/app/server            
      - ${DEV_LOCATION}/test:/app/test            
      - ${DEV_LOCATION}/dockerfiles:/app/dockerfiles
@@ -50,20 +52,24 @@ services:
      - ${DEV_LOCATION}/front/events.php:/app/front/events.php
      - ${DEV_LOCATION}/front/plugins.php:/app/front/plugins.php
      - ${DEV_LOCATION}/front/pluginsCore.php:/app/front/pluginsCore.php
-      - ${DEV_LOCATION}/front/help_faq.php:/app/front/help_faq.php
      - ${DEV_LOCATION}/front/index.php:/app/front/index.php
+      - ${DEV_LOCATION}/front/initCheck.php:/app/front/initCheck.php
      - ${DEV_LOCATION}/front/maintenance.php:/app/front/maintenance.php
      - ${DEV_LOCATION}/front/network.php:/app/front/network.php
      - ${DEV_LOCATION}/front/presence.php:/app/front/presence.php
      - ${DEV_LOCATION}/front/settings.php:/app/front/settings.php      
      - ${DEV_LOCATION}/front/systeminfo.php:/app/front/systeminfo.php      
+      - ${DEV_LOCATION}/front/systeminfoNetwork.php:/app/front/systeminfoNetwork.php      
+      - ${DEV_LOCATION}/front/systeminfoServer.php:/app/front/systeminfoServer.php      
+      - ${DEV_LOCATION}/front/systeminfoStorage.php:/app/front/systeminfoStorage.php      
      - ${DEV_LOCATION}/front/cloud_services.php:/app/front/cloud_services.php      
      - ${DEV_LOCATION}/front/report.php:/app/front/report.php      
      - ${DEV_LOCATION}/front/workflows.php:/app/front/workflows.php      
+      - ${DEV_LOCATION}/front/workflowsCore.php:/app/front/workflowsCore.php      
+      - ${DEV_LOCATION}/front/appEvents.php:/app/front/appEvents.php      
      - ${DEV_LOCATION}/front/appEventsCore.php:/app/front/appEventsCore.php      
      - ${DEV_LOCATION}/front/multiEditCore.php:/app/front/multiEditCore.php      
-      - ${DEV_LOCATION}/front/donations.php:/app/front/donations.php      
-      - ${DEV_LOCATION}/front/plugins:/app/front/plugins      
+      - ${DEV_LOCATION}/front/plugins:/app/front/plugins    
      # DELETE END anyone trying to use this file: comment out / delete ABOVE lines, they are only for development purposes
      # ---------------------------------------------------------------------------
    environment:      
@@ -72,4 +78,5 @@ services:
      - PORT=${PORT}      
      # ❗ DANGER ZONE BELOW - Setting ALWAYS_FRESH_INSTALL=true will delete the content of the /db & /config folders
      - ALWAYS_FRESH_INSTALL=${ALWAYS_FRESH_INSTALL}
+      # - LOADED_PLUGINS=["DHCPLSS","PIHOLE","ASUSWRT","FREEBOX"]
      
--- a/dockerfiles/README.md
+++ b/dockerfiles/README.md
@@ -6,7 +6,7 @@

 # NetAlertX - Network scanner & notification framework

-| [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
+| [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://jokob-sk.github.io/NetAlertX/) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
 |----------------------| ----------------------|  ----------------------| ----------------------| ----------------------| 

 <a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" target="_blank">
@@ -21,31 +21,35 @@ Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and scree
 ## 📕 Basic Usage 

 > [!WARNING]
-> You will have to run the container on the `host` network and specify `SCAN_SUBNETS` unless you use other [plugin scanners](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md). The initial scan can take a few minutes, so please wait 5-10 minutes for the initial discovery to finish.
+> You will have to run the container on the `host` network and specify `SCAN_SUBNETS` unless you use other [plugin scanners](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md). The initial scan can take a few minutes, so please wait 5-10 minutes for the initial discovery to finish.

 ```yaml
 docker run -d --rm --network=host \
  -v local_path/config:/app/config \
  -v local_path/db:/app/db \
  --mount type=tmpfs,target=/app/api \
+  -e PUID=200 -e PGID=300 \
  -e TZ=Europe/Berlin \
  -e PORT=20211 \
-  jokobsk/netalertx:latest
+  ghcr.io/jokob-sk/netalertx:latest
 ```

 See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md).

 ### Docker environment variables

-| Variable | Description | Default |
-| :------------- |:-------------| -----:|
+| Variable | Description | Example Value |
+| :------------- |:------------------------| -----:|
 | `PORT`      |Port of the web interface  |  `20211` |
+| `PUID`      |Application User UID  |  `102` |
+| `PGID`      |Application User GID  |  `82` |
 | `LISTEN_ADDR`      |Set the specific IP Address for the listener address for the nginx webserver (web interface). This could be useful when using multiple subnets to hide the web interface from all untrusted networks. |  `0.0.0.0` |
 |`TZ` |Time zone to display stats correctly. Find your time zone [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)  |  `Europe/Berlin` |
-|`APP_CONF_OVERRIDE` | JSON override for settings, e.g. `{"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20212"}`  |  `N/A` |
-|`ALWAYS_FRESH_INSTALL` | If `true` will delete the content of the `/db` & `/config` folders. For testing purposes. Can be coupled with [watchtower](https://github.com/containrrr/watchtower) to have an always freshly installed `netalertx`/`netalertx-dev` image.   |    `N/A` |
+|`LOADED_PLUGINS` | Default [plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) to load. Plugins cannot be loaded with `APP_CONF_OVERRIDE`, you need to use this variable instead and then specify the plugins settings with `APP_CONF_OVERRIDE`. |  `["PIHOLE","ASUSWRT"]` |
+|`APP_CONF_OVERRIDE` | JSON override for settings (except `LOADED_PLUGINS`).   |  `{"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20212"}` |
+|`ALWAYS_FRESH_INSTALL` | ⚠ If `true` will delete the content of the `/db` & `/config` folders. For testing purposes. Can be coupled with [watchtower](https://github.com/containrrr/watchtower) to have an always freshly installed `netalertx`/`netalertx-dev` image.   |    `true` |

-> You can override the default GraphQL port setting `GRAPHQL_PORT` (set to `20212`) by using the `APP_CONF_OVERRIDE` env variable. 
+> You can override the default GraphQL port setting `GRAPHQL_PORT` (set to `20212`) by using the `APP_CONF_OVERRIDE` env variable. `LOADED_PLUGINS` and settings in `APP_CONF_OVERRIDE` can be specified via the UI as well.

 ### Docker paths

@@ -58,7 +62,7 @@ See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/
 | ✅ | `:/app/db` | Folder which will contain the `app.db` database file  | 
 | | `:/app/log` |  Logs folder useful for debugging if you have issues setting up the container  | 
 | | `:/app/api` |  A simple [API endpoint](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) containing static (but regularly updated) json and other files.   | 
-| | `:/app/front/plugins/<plugin>/ignore_plugin` | Map a file `ignore_plugin` to ignore a plugin. Plugins can be soft-disabled via settings. More in the [Plugin docs](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md).  | 
+| | `:/app/front/plugins/<plugin>/ignore_plugin` | Map a file `ignore_plugin` to ignore a plugin. Plugins can be soft-disabled via settings. More in the [Plugin docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md).  | 
 | | `:/etc/resolv.conf` | Use a custom `resolv.conf` file for [better name resolution](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REVERSE_DNS.md).  | 

 > Use separate `db` and `config` directories, do not nest them.
@@ -68,7 +72,7 @@ See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/
 - If unavailable, the app generates a default `app.conf` and `app.db` file on the first run.
 - The preferred way is to manage the configuration via the Settings section in the UI, if UI is inaccessible you can modify [app.conf](https://github.com/jokob-sk/NetAlertX/tree/main/back) in the `/app/config/` folder directly 

-### Setting up scanners
+#### Setting up scanners

 You have to specify which network(s) should be scanned. This is done by entering subnets that are accessible from the host. If you use the default `ARPSCAN` plugin, you have to specify at least one valid subnet and interface in the `SCAN_SUBNETS` setting. See the documentation on [How to set up multiple SUBNETS, VLANs and what are limitations](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) for troubleshooting and more advanced scenarios. 

@@ -77,19 +81,18 @@ If you are running PiHole you can synchronize devices directly. Check the [PiHol
 > [!NOTE]
 > You can bulk-import devices via the [CSV import method](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md).

-#### 🧭 Community guides
+#### Community guides

 You can read or watch several [community configuration guides](https://github.com/jokob-sk/NetAlertX/blob/main/docs/COMMUNITY_GUIDES.md) in Chinese, Korean, German, or French. 

 > Please note these might be outdated. Rely on official documentation first. 
 
-### **Common issues** 
+#### Common issues

-💡 Before creating a new issue, please check if a similar issue was [already resolved](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed). 
+- Before creating a new issue, please check if a similar issue was [already resolved](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed). 
+- Check also common issues and [debugging tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md). 

-⚠ Check also common issues and [debugging tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md). 
-
-## ❤ Support me 
+## 💙 Support me 

 | [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) | 
 | --- | --- | --- | 
--- a/dockerfiles/init.sh
+++ b/dockerfiles/init.sh
@@ -1,8 +1,36 @@
 #!/usr/bin/with-contenv bash

-echo "---------------------------------------------------------"
-echo "[INSTALL]                                    Run init.sh"
-echo "---------------------------------------------------------"
+echo "---------------------------------------------------------
+[INSTALL]                                    Run init.sh
+---------------------------------------------------------"
+
+DEFAULT_PUID=102
+DEFAULT_GID=82
+
+PUID=${PUID:-${DEFAULT_PUID}}
+PGID=${PGID:-${DEFAULT_GID}}
+
+echo "[INSTALL] Setting up user UID and GID"
+
+if ! groupmod -o -g "$PGID" www-data && [ "$PGID" != "$DEFAULT_GID" ] ; then
+   echo "Failed to set user GID to ${PGID}, trying with default GID ${DEFAULT_GID}"
+   groupmod -o -g "$DEFAULT_GID" www-data
+fi
+if ! usermod -o -u "$PUID" nginx && [ "$PUID" != "$DEFAULT_PUID" ] ; then
+   echo "Failed to set user UID to ${PUID}, trying with default PUID ${DEFAULT_PUID}"
+   usermod -o -u "$DEFAULT_PUID" nginx
+fi
+
+echo "
+---------------------------------------------------------
+GID/UID
+---------------------------------------------------------
+User UID:    $(id -u nginx)
+User GID:    $(getent group www-data | cut -d: -f3)
+---------------------------------------------------------"
+
+chown nginx:nginx /run/nginx/ /var/log/nginx/ /var/lib/nginx/ /var/lib/nginx/tmp/
+chgrp www-data /var/www/localhost/htdocs/

 export INSTALL_DIR=/app  # Specify the installation directory here

@@ -26,8 +54,6 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi

-echo "[INSTALL] Copy starter ${DB_FILE} and ${CONF_FILE} if they don't exist"
-
 # DANGER ZONE: ALWAYS_FRESH_INSTALL
 if [ "$ALWAYS_FRESH_INSTALL" = true ]; then
  echo "[INSTALL] ❗ ALERT /db and /config folders are cleared because the ALWAYS_FRESH_INSTALL is set to: $ALWAYS_FRESH_INSTALL❗"
@@ -55,7 +81,7 @@ else
  echo "Config file saved to ${INSTALL_DIR}/config/app_conf_override.json"
 fi

-# 🔻 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2024
+# 🔻 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2025

 # Check if pialert.db exists, then create a symbolic link to app.db
 if [ -f "${INSTALL_DIR_OLD}/db/${OLD_APP_NAME}.db" ]; then
@@ -66,9 +92,11 @@ fi
 if [ -f "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" ]; then
    ln -s "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" "${INSTALL_DIR}/config/${CONF_FILE}"
 fi
-# 🔺 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2024
+# 🔺 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2025

-# Copy starter .db and .conf if they don't exist
+echo "[INSTALL] Copy starter ${DB_FILE} and ${CONF_FILE} if they don't exist"
+
+# Copy starter app.db, app.conf if they don't exist
 cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
 cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"

@@ -83,6 +111,13 @@ if [ -n "${TZ}" ]; then
  echo $TZ > /etc/timezone
 fi

+# if custom variables not set we do not need to do anything
+if [ -n "${LOADED_PLUGINS}" ]; then
+  FILECONF="${INSTALL_DIR}/config/${CONF_FILE}"
+  echo "[INSTALL] Setup custom LOADED_PLUGINS variable"
+  sed -i "\#^LOADED_PLUGINS=#c\LOADED_PLUGINS=${LOADED_PLUGINS}" "${FILECONF}"
+fi
+
 echo "[INSTALL] Setup NGINX"
 echo "Setting webserver to address ($LISTEN_ADDR) and port ($PORT)"
 envsubst '$INSTALL_DIR $LISTEN_ADDR $PORT' < "${INSTALL_DIR}/install/netalertx.template.conf" > "${NGINX_CONFIG_FILE}"
@@ -108,12 +143,12 @@ fi
 # Create the execution_queue.log and app_front.log files if they don't exist
 touch "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
 touch "${INSTALL_DIR}"/api/user_notifications.json
+
 # Create plugins sub-directory if it doesn't exist in case a custom log folder is used
 mkdir -p "${INSTALL_DIR}"/log/plugins

 echo "[INSTALL] Fixing permissions after copied starter config & DB"
-chown -R nginx:www-data "${INSTALL_DIR}"/{config,log,db,api}
-chown -R nginx:www-data "${INSTALL_DIR}"/api/user_notifications.json
+chown -R nginx:www-data "${INSTALL_DIR}"

 chmod 750 "${INSTALL_DIR}"/{config,log,db}
 find "${INSTALL_DIR}"/{config,log,db} -type f -exec chmod 640 {} \;
@@ -125,10 +160,6 @@ if [ ! -f "${INSTALL_DIR}/front/buildtimestamp.txt" ]; then
    chown nginx:www-data "${INSTALL_DIR}/front/buildtimestamp.txt"
 fi

-# Start crond service in the background
-echo "[INSTALL] Starting crond service..."
-crond -f -d 8 > /dev/null 2>&1 &
-
 echo -e "
            [ENV] PATH                      is ${PATH}
            [ENV] PORT                      is ${PORT}
--- a/dockerfiles/start.sh
+++ b/dockerfiles/start.sh
@@ -20,7 +20,14 @@ echo "longrun" > /etc/s6-overlay/s6-rc.d/php-fpm/type
 echo "longrun" > /etc/s6-overlay/s6-rc.d/nginx/type
 echo "longrun" > /etc/s6-overlay/s6-rc.d/$APP_NAME/type
 echo -e "${INSTALL_DIR}/dockerfiles/init.sh" > /etc/s6-overlay/s6-rc.d/SetupOneshot/up
-echo -e "#!/bin/execlineb -P\n/usr/sbin/crond -f -d 8" > /etc/s6-overlay/s6-rc.d/crond/run
+echo -e '#!/bin/execlineb -P
+
+        if { echo
+        "
+            [INSTALL] Starting crond service...
+
+        " }' > /etc/s6-overlay/s6-rc.d/crond/run
+echo -e "/usr/sbin/crond -f" >> /etc/s6-overlay/s6-rc.d/crond/run
 echo -e "#!/bin/execlineb -P\n/usr/sbin/php-fpm83 -F" > /etc/s6-overlay/s6-rc.d/php-fpm/run
 echo -e '#!/bin/execlineb -P\nnginx -g "daemon off;"' > /etc/s6-overlay/s6-rc.d/nginx/run
 echo -e '#!/bin/execlineb -P
@@ -39,4 +46,4 @@ touch /etc/s6-overlay/s6-rc.d/nginx/dependencies.d/php-fpm
 touch /etc/s6-overlay/s6-rc.d/$APP_NAME/dependencies.d/nginx

 # this removes the current file
-# rm -f $0
+rm -f $0
--- a/docs/API.md
+++ b/docs/API.md
@@ -1,6 +1,6 @@
-# API endpoints
+# NetAlertX API Documentation

-NetAlertX comes with a couple of API endpoints. All requests need to be authorized (executed in a logged in browser session) or you have to pass the value of the `API_TOKEN` settings as authorization bearer, for example:
+This API provides programmatic access to **devices, events, sessions, metrics, network tools, and sync** in NetAlertX. It is implemented as a **REST and GraphQL server**. All requests require authentication via **API Token** (`API_TOKEN` setting) unless explicitly noted. For example, to authorize a GraphQL request, you need to use a `Authorization: Bearer API_TOKEN` header as per example below:

 ```graphql
 curl 'http://host:GRAPHQL_PORT/graphql' \
@@ -21,239 +21,59 @@ curl 'http://host:GRAPHQL_PORT/graphql' \
  }'
 ```

-## API Endpoint: GraphQL
+The API server runs on `0.0.0.0:<graphql_port>` with **CORS enabled** for all main endpoints.

-Endpoint URL: `php/server/query_graphql.php`
-Host: `same as front end (web ui)`
-Port: `20212` or as defined by the `GRAPHQL_PORT` setting
+---

-### Example Query to Fetch Devices
+## Authentication

-First, let's define the GraphQL query to fetch devices with pagination and sorting options.
+All endpoints require an API token provided in the HTTP headers:

-```graphql
-query GetDevices($options: PageQueryOptionsInput) {
-  devices(options: $options) {
-    devices {
-      rowid
-      devMac
-      devName
-      devOwner
-      devType
-      devVendor
-      devLastConnection
-      devStatus
-    }
-    count
-  }
-}
+```http
+Authorization: Bearer <API_TOKEN>
 ```

-### `curl` Command
-
-You can use the following `curl` command to execute the query. 
-
-```sh
-curl 'http://host:GRAPHQL_PORT/graphql'   -X POST   -H 'Authorization: Bearer API_TOKEN'  -H 'Content-Type: application/json'   --data '{
-    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
-    "variables": {
-      "options": {
-        "page": 1,
-        "limit": 10,
-        "sort": [{ "field": "devName", "order": "asc" }],
-        "search": "",
-        "status": "connected"
-      }
-    }
-  }'
-```
-
-### Explanation:
-
-1. **GraphQL Query**:
-   - The `query` parameter contains the GraphQL query as a string.
-   - The `variables` parameter contains the input variables for the query.
-
-2. **Query Variables**:
-   - `page`: Specifies the page number of results to fetch.
-   - `limit`: Specifies the number of results per page.
-   - `sort`: Specifies the sorting options, with `field` being the field to sort by and `order` being the sort order (`asc` for ascending or `desc` for descending).
-   - `search`: A search term to filter the devices.
-   - `status`: The status filter to apply (valid values are `my_devices` (determined by the `UI_MY_DEVICES` setting), `connected`, `favorites`, `new`, `down`, `archived`, `offline`).
-
-3. **`curl` Command**:
-   - The `-X POST` option specifies that we are making a POST request.
-   - The `-H "Content-Type: application/json"` option sets the content type of the request to JSON.
-   - The `-d` option provides the request payload, which includes the GraphQL query and variables.
-
-### Sample Response
-
-The response will be in JSON format, similar to the following:
+If the token is missing or invalid, the server will return:

 ```json
-{
-  "data": {
-    "devices": {
-      "devices": [
-        {
-          "rowid": 1,
-          "devMac": "00:11:22:33:44:55",
-          "devName": "Device 1",
-          "devOwner": "Owner 1",
-          "devType": "Type 1",
-          "devVendor": "Vendor 1",
-          "devLastConnection": "2025-01-01T00:00:00Z",
-          "devStatus": "connected"
-        },
-        {
-          "rowid": 2,
-          "devMac": "66:77:88:99:AA:BB",
-          "devName": "Device 2",
-          "devOwner": "Owner 2",
-          "devType": "Type 2",
-          "devVendor": "Vendor 2",
-          "devLastConnection": "2025-01-02T00:00:00Z",
-          "devStatus": "connected"
-        }
-      ],
-      "count": 2
-    }
-  }
-}
+{ "error": "Forbidden" }
 ```

-## API Endpoint: JSON files 
+---

-This API endpoint retrieves static files, that are periodically updated. 
-
-Endpoint URL: `php/server/query_json.php?file=<file name>`
-Host: `same as front end (web ui)`
-Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
-
-### When are the endpoints updated
-
-The endpoints are updated when objects in the API endpoints are changed.
-
-### Location of the endpoints
-
-In the container, these files are located under the `/app/api/` folder. You can access them via the `/php/server/query_json.php?file=user_notifications.json` endpoint.
-
-### Available endpoints
-
-You can access the following files:
-
-  | File name | Description | 
-  |----------------------|----------------------| 
-  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json)). |
-  | `table_devices.json` | All of the available Devices detected by the app. |  
-  | `table_plugins_events.json` | The list of the unprocessed (pending) notification events (plugins_events DB table). |
-  | `table_plugins_history.json` | The list of notification events history. |  
-  | `table_plugins_objects.json` | The content of the plugins_objects table. Find more info on the [Plugin system here](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins)|
-  | `language_strings.json` | The content of the language_strings table, which in turn is loaded from the plugins `config.json` definitions. |  
-  | `table_custom_endpoint.json` | A custom endpoint generated by the SQL query specified by the `API_CUSTOM_SQL` setting. |
-  | `table_settings.json` | The content of the settings table. |
-  | `app_state.json` | Contains the current application state. |
-  
-
-### JSON Data format
-
-The endpoints starting with the `table_` prefix contain most, if not all, data contained in the corresponding database table. The common format for those is:
-
-```JSON
-{
-  "data": [
-        {
-          "db_column_name": "data",
-          "db_column_name2": "data2"      
-        }, 
-        {
-          "db_column_name": "data3",
-          "db_column_name2": "data4" 
-        }
-    ]
-}
+## Base URL

 ```
-
-Example JSON of the `table_devices.json` endpoint with two Devices (database rows):
-
-```JSON
-{
-  "data": [
-        {
-          "devMac": "Internet",
-          "devName": "Net - Huawei",
-          "devType": "Router",
-          "devVendor": null,
-          "devGroup": "Always on",
-          "devFirstConnection": "2021-01-01 00:00:00",
-          "devLastConnection": "2021-01-28 22:22:11",
-          "devLastIP": "192.168.1.24",
-          "devStaticIP": 0,
-          "devPresentLastScan": 1,
-          "devLastNotification": "2023-01-28 22:22:28.998715",
-          "devIsNew": 0,
-          "devParentMAC": "",
-          "devParentPort": "",
-          "devIcon": "globe"
-        }, 
-        {
-          "devMac": "a4:8f:ff:aa:ba:1f",
-          "devName": "Net - USG",
-          "devType": "Firewall",
-          "devVendor": "Ubiquiti Inc",
-          "devGroup": "",
-          "devFirstConnection": "2021-02-12 22:05:00",
-          "devLastConnection": "2021-07-17 15:40:00",
-          "devLastIP": "192.168.1.1",
-          "devStaticIP": 1,
-          "devPresentLastScan": 1,
-          "devLastNotification": "2021-07-17 15:40:10.667717",
-          "devIsNew": 0,
-          "devParentMAC": "Internet",
-          "devParentPort": 1,
-          "devIcon": "shield-halved"
-      }
-    ]
-}
-
+http://<server>:<GRAPHQL_PORT>/
 ```

-## API Endpoint: /log files
+---

-This API endpoint retrieves files from the `/app/log` folder. 
+## Endpoints

-Endpoint URL: `php/server/query_logs.php?file=<file name>`
-Host: `same as front end (web ui)`
-Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+> [!TIP]
+> When retrieving devices or settings try using the GraphQL API endpoint first as it is read-optimized.

-| File                     | Description                                                   |
-|--------------------------|---------------------------------------------------------------|
-| `IP_changes.log`         | Logs of IP address changes                                    |
-| `app.log`                | Main application log                                          |
-| `app.php_errors.log`     | PHP error log                                                 |
-| `app_front.log`          | Frontend application log                                      |
-| `app_nmap.log`           | Logs of Nmap scan results                                     |
-| `db_is_locked.log`       | Logs when the database is locked                              |
-| `execution_queue.log`    | Logs of execution queue activities                            |
-| `plugins/`               | Directory for temporary plugin-related files (not accessible) |
-| `report_output.html`     | HTML report output                                            |
-| `report_output.json`     | JSON format report output                                     |
-| `report_output.txt`      | Text format report output                                     |
-| `stderr.log`             | Logs of standard error output                                 |
-| `stdout.log`             | Logs of standard output                                       |
+* [Device API Endpoints](API_DEVICE.md) – Manage individual devices
+* [Devices Collection](API_DEVICES.md) – Bulk operations on multiple devices
+* [Events](API_EVENTS.md) – Device event logging and management
+* [Sessions](API_SESSIONS.md) – Connection sessions and history
+* [Settings](API_SETTINGS.md) – Settings
+* [Metrics](API_METRICS.md) – Prometheus metrics and per-device status
+* [Network Tools](API_NETTOOLS.md) – Utilities like Wake-on-LAN, traceroute, nslookup, nmap, and internet info
+* [Online History](API_ONLINEHISTORY.md) – Online/offline device records
+* [GraphQL](API_GRAPHQL.md) – Advanced queries and filtering
+* [Sync](API_SYNC.md) – Synchronization between multiple NetAlertX instances
+* [DB query](API_DBQUERY.md) (⚠ Internal) - Low level database access - use other endpoints if possible

+See [Testing](API_TESTS.md) for example requests and usage.

-## API Endpoint: /config files
+---

-To retrieve files from the `/app/config` folder. 
-
-Endpoint URL: `php/server/query_config.php?file=<file name>`
-Host: `same as front end (web ui)`
-Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
-
-| File                     | Description                                      |
-|--------------------------|--------------------------------------------------|
-| `devices.csv`            | Devices csv file                                 |
-| `app.conf`               | Application config file                          |
+## Notes

+* All endpoints enforce **Bearer token authentication**.
+* Errors return JSON with `success: False` and an error message.
+* GraphQL is available for advanced queries, while REST endpoints cover structured use cases.
+* Endpoints run on `0.0.0.0:<GRAPHQL_PORT>` with **CORS enabled**.
+* Use consistent API tokens and node/plugin names when interacting with `/sync` to ensure data integrity.
--- a/docs/API_DBQUERY.md
+++ b/docs/API_DBQUERY.md
@@ -0,0 +1,183 @@
+# Database Query API
+
+The **Database Query API** provides direct, low-level access to the NetAlertX database. It allows **read, write, update, and delete** operations against tables, using **base64-encoded** SQL or structured parameters.
+
+> [!Warning] 
+> This API is primarily used internally to generate and render the application UI. These endpoints are low-level and powerful, and should be used with caution. Wherever possible, prefer the [standard API endpoints](API.md). Invalid or unsafe queries can corrupt data.
+> If you need data in a specific format that is not already provided, please open an issue or pull request with a clear, broadly useful use case. This helps ensure new endpoints benefit the wider community rather than relying on raw database queries.
+
+---
+
+## Authentication
+
+All `/dbquery/*` endpoints require an API token in the HTTP headers:
+
+```http
+Authorization: Bearer <API_TOKEN>
+```
+
+If the token is missing or invalid:
+
+```json
+{ "error": "Forbidden" }
+```
+
+---
+
+## Endpoints
+
+### 1. `POST /dbquery/read`
+
+Execute a **read-only** SQL query (e.g., `SELECT`).
+
+#### Request Body
+
+```json
+{
+  "rawSql": "U0VMRUNUICogRlJPTSBERVZJQ0VT"   // base64 encoded SQL
+}
+```
+
+Decoded SQL:
+
+```sql
+SELECT * FROM Devices;
+```
+
+#### Response
+
+```json
+{
+  "success": true,
+  "results": [
+    { "devMac": "AA:BB:CC:DD:EE:FF", "devName": "Phone" }
+  ]
+}
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/read" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "rawSql": "U0VMRUNUICogRlJPTSBERVZJQ0VT"
+  }'
+```
+
+---
+
+### 2. `POST /dbquery/update` (safer than `/dbquery/write`)
+
+Update rows in a table by `columnName` + `id`. `/dbquery/update` is parameterized to reduce the risk of SQL injection, while `/dbquery/write` executes raw SQL directly.
+
+#### Request Body
+
+```json
+{
+  "columnName": "devMac",
+  "id": ["AA:BB:CC:DD:EE:FF"],
+  "dbtable": "Devices",
+  "columns": ["devName", "devOwner"],
+  "values": ["Laptop", "Alice"]
+}
+```
+
+#### Response
+
+```json
+{ "success": true, "updated_count": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/update" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "columnName": "devMac",
+    "id": ["AA:BB:CC:DD:EE:FF"],
+    "dbtable": "Devices",
+    "columns": ["devName", "devOwner"],
+    "values": ["Laptop", "Alice"]
+  }'
+```
+
+---
+
+### 3. `POST /dbquery/write`
+
+Execute a **write query** (`INSERT`, `UPDATE`, `DELETE`).
+
+#### Request Body
+
+```json
+{
+  "rawSql": "SU5TRVJUIElOVE8gRGV2aWNlcyAoZGV2TWFjLCBkZXYgTmFtZSwgZGV2Rmlyc3RDb25uZWN0aW9uLCBkZXZMYXN0Q29ubmVjdGlvbiwgZGV2TGFzdElQKSBWQUxVRVMgKCc2QTpCQjo0Qzo1RDo2RTonLCAnVGVzdERldmljZScsICcyMDI1LTA4LTMwIDEyOjAwOjAwJywgJzIwMjUtMDgtMzAgMTI6MDA6MDAnLCAnMTAuMC4wLjEwJyk="
+}
+```
+
+Decoded SQL:
+
+```sql
+INSERT INTO Devices (devMac, devName, devFirstConnection, devLastConnection, devLastIP)
+VALUES ('6A:BB:4C:5D:6E', 'TestDevice', '2025-08-30 12:00:00', '2025-08-30 12:00:00', '10.0.0.10');
+```
+
+#### Response
+
+```json
+{ "success": true, "affected_rows": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/write" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "rawSql": "SU5TRVJUIElOVE8gRGV2aWNlcyAoZGV2TWFjLCBkZXYgTmFtZSwgZGV2Rmlyc3RDb25uZWN0aW9uLCBkZXZMYXN0Q29ubmVjdGlvbiwgZGV2TGFzdElQKSBWQUxVRVMgKCc2QTpCQjo0Qzo1RDo2RTonLCAnVGVzdERldmljZScsICcyMDI1LTA4LTMwIDEyOjAwOjAwJywgJzIwMjUtMDgtMzAgMTI6MDA6MDAnLCAnMTAuMC4wLjEwJyk="
+  }'
+```
+
+---
+
+### 4. `POST /dbquery/delete`
+
+Delete rows in a table by `columnName` + `id`.
+
+#### Request Body
+
+```json
+{
+  "columnName": "devMac",
+  "id": ["AA:BB:CC:DD:EE:FF"],
+  "dbtable": "Devices"
+}
+```
+
+#### Response
+
+```json
+{ "success": true, "deleted_count": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/delete" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "columnName": "devMac",
+    "id": ["AA:BB:CC:DD:EE:FF"],
+    "dbtable": "Devices"
+  }'
+```
--- a/docs/API_DEVICE.md
+++ b/docs/API_DEVICE.md
@@ -0,0 +1,233 @@
+# Device API Endpoints
+
+Manage a **single device** by its MAC address. Operations include retrieval, updates, deletion, resetting properties, and copying data between devices. All endpoints require **authorization** via Bearer token.
+
+---
+
+## 1. Retrieve Device Details
+
+* **GET** `/device/<mac>`
+  Fetch all details for a single device, including:
+
+* Computed status (`devStatus`) → `On-line`, `Off-line`, or `Down`
+* Session and event counts (`devSessions`, `devEvents`, `devDownAlerts`)
+* Presence hours (`devPresenceHours`)
+* Children devices (`devChildrenDynamic`) and NIC children (`devChildrenNicsDynamic`)
+
+**Special case**: `mac=new` returns a template for a new device with default values.
+
+**Response** (success):
+
+```json
+{
+  "devMac": "AA:BB:CC:DD:EE:FF",
+  "devName": "Net - Huawei",
+  "devOwner": "Admin",
+  "devType": "Router",
+  "devVendor": "Huawei",
+  "devStatus": "On-line",
+  "devSessions": 12,
+  "devEvents": 5,
+  "devDownAlerts": 1,
+  "devPresenceHours": 32,
+  "devChildrenDynamic": [...],
+  "devChildrenNicsDynamic": [...],
+  ...
+}
+```
+
+**Error Responses**:
+
+* Device not found → HTTP 404
+* Unauthorized → HTTP 403
+
+---
+
+## 2. Update Device Fields
+
+* **POST** `/device/<mac>`
+  Create or update a device record.
+
+**Request Body**:
+
+```json
+{
+  "devName": "New Device",
+  "devOwner": "Admin",
+  "createNew": true
+}
+```
+
+**Behavior**:
+
+* If `createNew=true` → creates a new device
+* Otherwise → updates existing device fields
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+## 3. Delete a Device
+
+* **DELETE** `/device/<mac>/delete`
+  Deletes the device with the given MAC.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+## 4. Delete All Events for a Device
+
+* **DELETE** `/device/<mac>/events/delete`
+  Removes all events associated with a device.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+---
+
+## 5. Reset Device Properties
+
+* **POST** `/device/<mac>/reset-props`
+  Resets the device's custom properties to default values.
+
+**Request Body**: Optional JSON for additional parameters.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+---
+
+## 6. Copy Device Data
+
+* **POST** `/device/copy`
+  Copy all data from one device to another. If a device exists with `macTo`, it is replaced.
+
+**Request Body**:
+
+```json
+{
+  "macFrom": "AA:BB:CC:DD:EE:FF",
+  "macTo": "11:22:33:44:55:66"
+}
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "message": "Device copied from AA:BB:CC:DD:EE:FF to 11:22:33:44:55:66"
+}
+```
+
+**Error Responses**:
+
+* Missing `macFrom` or `macTo` → HTTP 400
+* Unauthorized → HTTP 403
+
+---
+
+## 7. Update a Single Column
+
+* **POST** `/device/<mac>/update-column`
+  Update one specific column for a device.
+
+**Request Body**:
+
+```json
+{
+  "columnName": "devName",
+  "columnValue": "Updated Device Name"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Device not found → HTTP 404
+* Missing `columnName` or `columnValue` → HTTP 400
+* Unauthorized → HTTP 403
+
+---
+
+## Example `curl` Requests
+
+**Get Device Details**:
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Update Device Fields**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devName": "New Device Name"}'
+```
+
+**Delete Device**:
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF/delete" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Copy Device Data**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/copy" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"macFrom":"AA:BB:CC:DD:EE:FF","macTo":"11:22:33:44:55:66"}'
+```
+
+**Update Single Column**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF/update-column" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"columnName":"devName","columnValue":"Updated Device"}'
+```
+
--- a/docs/API_DEVICES.md
+++ b/docs/API_DEVICES.md
@@ -0,0 +1,249 @@
+# Devices Collection API Endpoints
+
+The Devices Collection API provides operations to **retrieve, manage, import/export, and filter devices** in bulk. All endpoints require **authorization** via Bearer token.
+
+---
+
+## Endpoints
+
+### 1. Get All Devices
+
+* **GET** `/devices`
+  Retrieves all devices from the database.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "devices": [
+    {
+      "devName": "Net - Huawei",
+      "devMAC": "AA:BB:CC:DD:EE:FF",
+      "devIP": "192.168.1.1",
+      "devType": "Router",
+      "devFavorite": 0,
+      "devStatus": "online"
+    },
+    ...
+  ]
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### 2. Delete Devices by MAC
+
+* **DELETE** `/devices`
+  Deletes devices by MAC address. Supports exact matches or wildcard `*`.
+
+**Request Body**:
+
+```json
+{
+  "macs": ["AA:BB:CC:DD:EE:FF", "11:22:33:*"]
+}
+```
+
+**Behavior**:
+
+* If `macs` is omitted or `null` → deletes **all devices**.
+* Wildcards `*` match multiple devices.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted_count": 5
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### 3. Delete Devices with Empty MACs
+
+* **DELETE** `/devices/empty-macs`
+  Removes all devices where MAC address is null or empty.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted": 3
+}
+```
+
+---
+
+### 4. Delete Unknown Devices
+
+* **DELETE** `/devices/unknown`
+  Deletes devices with names marked as `(unknown)` or `(name not found)`.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted": 2
+}
+```
+
+---
+
+### 5. Export Devices
+
+* **GET** `/devices/export` or `/devices/export/<format>`
+  Exports all devices in **CSV** (default) or **JSON** format.
+
+**Query Parameter / URL Parameter**:
+
+* `format` (optional) → `csv` (default) or `json`
+
+**CSV Response**:
+
+* Returns as a downloadable CSV file: `Content-Disposition: attachment; filename=devices.csv`
+
+**JSON Response**:
+
+```json
+{
+  "data": [
+    { "devName": "Net - Huawei", "devMAC": "AA:BB:CC:DD:EE:FF", ... },
+    ...
+  ],
+  "columns": ["devName", "devMAC", "devIP", "devType", "devFavorite", "devStatus"]
+}
+```
+
+**Error Responses**:
+
+* Unsupported format → HTTP 400
+
+---
+
+### 6. Import Devices from CSV
+
+* **POST** `/devices/import`
+  Imports devices from an uploaded CSV or base64-encoded CSV content.
+
+**Request Body** (multipart file or JSON with `content` field):
+
+```json
+{
+  "content": "<base64-encoded CSV content>"
+}
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "inserted": 25,
+  "skipped_lines": [3, 7]
+}
+```
+
+**Error Responses**:
+
+* Missing file or content → HTTP 400 / 404
+* CSV malformed → HTTP 400
+
+---
+
+### 7. Get Device Totals
+
+* **GET** `/devices/totals`
+  Returns counts of devices by various categories.
+
+**Response**:
+
+```json
+[ 
+  120,    // Total devices
+  85,     // Connected
+  5,      // Favorites
+  10,     // New
+  8,      // Down
+  12      // Archived
+]
+```
+
+*Order: `[all, connected, favorites, new, down, archived]`*
+
+---
+
+### 8. Get Devices by Status
+
+* **GET** `/devices/by-status?status=<status>`
+  Returns devices filtered by status.
+
+**Query Parameter**:
+
+* `status` → Supported values: `online`, `offline`, `down`, `archived`, `favorites`, `new`, `my`
+* If omitted, returns **all devices**.
+
+**Response** (success):
+
+```json
+[
+  { "id": "AA:BB:CC:DD:EE:FF", "title": "Net - Huawei", "favorite": 0 },
+  { "id": "11:22:33:44:55:66", "title": "★ USG Firewall", "favorite": 1 }
+]
+```
+
+*If `devFavorite=1`, the title is prepended with a star `★`.*
+
+---
+
+## Example `curl` Requests
+
+**Get All Devices**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Delete Devices by MAC**:
+
+```sh
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/devices" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"macs":["AA:BB:CC:DD:EE:FF","11:22:33:*"]}'
+```
+
+**Export Devices CSV**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices/export?format=csv" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Import Devices from CSV**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/devices/import" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -F "file=@devices.csv"
+```
+
+**Get Devices by Status**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices/by-status?status=online" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
--- a/docs/API_EVENTS.md
+++ b/docs/API_EVENTS.md
@@ -0,0 +1,169 @@
+# Events API Endpoints
+
+The Events API provides access to **device event logs**, allowing creation, retrieval, deletion, and summary of events over time.
+
+---
+
+## Endpoints
+
+### 1. Create Event
+
+* **POST** `/events/create/<mac>`
+  Create an event for a device identified by its MAC address.
+
+**Request Body** (JSON):
+
+```json
+{
+  "ip": "192.168.1.10",
+  "event_type": "Device Down",
+  "additional_info": "Optional info about the event",
+  "pending_alert": 1,
+  "event_time": "2025-08-24T12:00:00Z"
+}
+```
+
+* **Parameters**:
+
+  * `ip` (string, optional): IP address of the device
+  * `event_type` (string, optional): Type of event (default `"Device Down"`)
+  * `additional_info` (string, optional): Extra information
+  * `pending_alert` (int, optional): 1 if alert email is pending (default 1)
+  * `event_time` (ISO datetime, optional): Event timestamp; defaults to current time
+
+**Response** (JSON):
+
+```json
+{
+  "success": true,
+  "message": "Event created for 00:11:22:33:44:55"
+}
+```
+
+---
+
+### 2. Get Events
+
+* **GET** `/events`
+  Retrieve all events, optionally filtered by MAC address:
+
+```
+/events?mac=<mac>
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "events": [
+    {
+      "eve_MAC": "00:11:22:33:44:55",
+      "eve_IP": "192.168.1.10",
+      "eve_DateTime": "2025-08-24T12:00:00Z",
+      "eve_EventType": "Device Down",
+      "eve_AdditionalInfo": "",
+      "eve_PendingAlertEmail": 1
+    }
+  ]
+}
+```
+
+---
+
+### 3. Delete Events
+
+* **DELETE** `/events/<mac>` → Delete events for a specific MAC
+* **DELETE** `/events` → Delete **all** events
+* **DELETE** `/events/<days>` → Delete events older than N days
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "message": "Deleted events older than <days> days"
+}
+```
+
+---
+
+### 4. Event Totals Over a Period
+
+* **GET** `/sessions/totals?period=<period>`
+  Return event and session totals over a given period.
+
+**Query Parameters**:
+
+| Parameter | Description                                                                      |
+| --------- | -------------------------------------------------------------------------------- |
+| `period`  | Time period for totals, e.g., `"7 days"`, `"1 month"`, `"1 year"`, `"100 years"` |
+
+**Sample Response** (JSON Array):
+
+```json
+[120, 85, 5, 10, 3, 7]
+```
+
+**Meaning of Values**:
+
+1. Total events in the period
+2. Total sessions
+3. Missing sessions
+4. Voided events (`eve_EventType LIKE 'VOIDED%'`)
+5. New device events (`eve_EventType LIKE 'New Device'`)
+6. Device down events (`eve_EventType LIKE 'Device Down'`)
+
+---
+
+## Notes
+
+* All endpoints require **authorization** (Bearer token). Unauthorized requests return:
+
+```json
+{ "error": "Forbidden" }
+```
+
+* Events are stored in the **Events table** with the following fields:
+  `eve_MAC`, `eve_IP`, `eve_DateTime`, `eve_EventType`, `eve_AdditionalInfo`, `eve_PendingAlertEmail`.
+
+* Event creation automatically logs activity for debugging.
+
+---
+
+## Example `curl` Requests
+
+**Create Event**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/events/create/00:11:22:33:44:55" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{
+    "ip": "192.168.1.10",
+    "event_type": "Device Down",
+    "additional_info": "Power outage",
+    "pending_alert": 1
+  }'
+```
+
+**Get Events for a Device**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/events?mac=00:11:22:33:44:55" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Delete Events Older Than 30 Days**:
+
+```sh
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/events/30" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Get Event Totals for 7 Days**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/sessions/totals?period=7 days" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
--- a/docs/API_GRAPHQL.md
+++ b/docs/API_GRAPHQL.md
@@ -0,0 +1,200 @@
+# GraphQL API Endpoint
+
+GraphQL queries are **read-optimized for speed**. Data may be slightly out of date until the file system cache refreshes. The GraphQL endpoints allows you to access the following objects:
+
+- Devices
+- Settings
+
+## Endpoints
+
+* **GET** `/graphql`
+  Returns a simple status message (useful for browser or debugging).
+
+* **POST** `/graphql`
+  Execute GraphQL queries against the `devicesSchema`.
+
+---
+
+## Devices Query
+
+### Sample Query
+
+```graphql
+query GetDevices($options: PageQueryOptionsInput) {
+  devices(options: $options) {
+    devices {
+      rowid
+      devMac
+      devName
+      devOwner
+      devType
+      devVendor
+      devLastConnection
+      devStatus
+    }
+    count
+  }
+}
+```
+
+### Query Parameters
+
+| Parameter | Description                                                                                             |
+| --------- | ------------------------------------------------------------------------------------------------------- |
+| `page`    | Page number of results to fetch.                                                                        |
+| `limit`   | Number of results per page.                                                                             |
+| `sort`    | Sorting options (`field` = field name, `order` = `asc` or `desc`).                                      |
+| `search`  | Term to filter devices.                                                                                 |
+| `status`  | Filter devices by status: `my_devices`, `connected`, `favorites`, `new`, `down`, `archived`, `offline`. |
+| `filters` | Additional filters (array of `{ filterColumn, filterValue }`).                                          |
+
+---
+
+### `curl` Example
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+---
+
+### Sample Response
+
+```json
+{
+  "data": {
+    "devices": {
+      "devices": [
+        {
+          "rowid": 1,
+          "devMac": "00:11:22:33:44:55",
+          "devName": "Device 1",
+          "devOwner": "Owner 1",
+          "devType": "Type 1",
+          "devVendor": "Vendor 1",
+          "devLastConnection": "2025-01-01T00:00:00Z",
+          "devStatus": "connected"
+        }
+      ],
+      "count": 1
+    }
+  }
+}
+```
+
+---
+
+## Settings Query
+
+The **settings query** provides access to NetAlertX configuration stored in the settings table.
+
+### Sample Query
+
+```graphql
+query GetSettings {
+  settings {
+    settings {
+      setKey
+      setName
+      setDescription
+      setType
+      setOptions
+      setGroup
+      setValue
+      setEvents
+      setOverriddenByEnv
+    }
+    count
+  }
+}
+```
+
+### Schema Fields
+
+| Field                | Type    | Description                                                              |
+| -------------------- | ------- | ------------------------------------------------------------------------ |
+| `setKey`             | String  | Unique key identifier for the setting.                                   |
+| `setName`            | String  | Human-readable name.                                                     |
+| `setDescription`     | String  | Description or documentation of the setting.                             |
+| `setType`            | String  | Data type (`string`, `int`, `bool`, `json`, etc.).                       |
+| `setOptions`         | String  | Available options (for dropdown/select-type settings).                   |
+| `setGroup`           | String  | Group/category the setting belongs to.                                   |
+| `setValue`           | String  | Current value of the setting.                                            |
+| `setEvents`          | String  | Events or triggers related to this setting.                              |
+| `setOverriddenByEnv` | Boolean | Whether the setting is overridden by an environment variable at runtime. |
+
+---
+
+### `curl` Example
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetSettings { settings { settings { setKey setName setDescription setType setOptions setGroup setValue setEvents setOverriddenByEnv } count } }"
+  }'
+```
+
+---
+
+### Sample Response
+
+```json
+{
+  "data": {
+    "settings": {
+      "settings": [
+        {
+          "setKey": "UI_MY_DEVICES",
+          "setName": "My Devices Filter",
+          "setDescription": "Defines which statuses to include in the 'My Devices' view.",
+          "setType": "list",
+          "setOptions": "[\"online\",\"new\",\"down\",\"offline\",\"archived\"]",
+          "setGroup": "UI",
+          "setValue": "[\"online\",\"new\"]",
+          "setEvents": null,
+          "setOverriddenByEnv": false
+        },
+        {
+          "setKey": "NETWORK_DEVICE_TYPES",
+          "setName": "Network Device Types",
+          "setDescription": "Types of devices considered as network infrastructure.",
+          "setType": "list",
+          "setOptions": "[\"Router\",\"Switch\",\"AP\"]",
+          "setGroup": "Network",
+          "setValue": "[\"Router\",\"Switch\"]",
+          "setEvents": null,
+          "setOverriddenByEnv": true
+        }
+      ],
+      "count": 2
+    }
+  }
+}
+```
+
+---
+
+## Notes
+
+* Device and settings queries can be combined in one request since GraphQL supports batching.
+* The `setOverriddenByEnv` flag helps identify setting values that are locked at container runtime.
+* The schema is **read-only** — updates must be performed through other APIs or configuration management. See the other [API](API.md) endpoints for details. 
+
--- a/docs/API_METRICS.md
+++ b/docs/API_METRICS.md
@@ -0,0 +1,103 @@
+# Metrics API Endpoint
+
+The `/metrics` endpoint exposes **Prometheus-compatible metrics** for NetAlertX, including aggregate device counts and per-device status.
+
+---
+
+## Endpoint Details
+
+* **GET** `/metrics` → Returns metrics in plain text.
+* **Host**: NetAlertX server
+* **Port**: As configured in `GRAPHQL_PORT` (default: `20212`)
+
+---
+
+## Example Output
+
+```text
+netalertx_connected_devices 31
+netalertx_offline_devices 54
+netalertx_down_devices 0
+netalertx_new_devices 0
+netalertx_archived_devices 31
+netalertx_favorite_devices 2
+netalertx_my_devices 54
+
+netalertx_device_status{device="Net - Huawei", mac="Internet", ip="1111.111.111.111", vendor="None", first_connection="2021-01-01 00:00:00", last_connection="2025-08-04 17:57:00", dev_type="Router", device_status="Online"} 1
+netalertx_device_status{device="Net - USG", mac="74:ac:74:ac:74:ac", ip="192.168.1.1", vendor="Ubiquiti Networks Inc.", first_connection="2022-02-12 22:05:00", last_connection="2025-06-07 08:16:49", dev_type="Firewall", device_status="Archived"} 1
+netalertx_device_status{device="Raspberry Pi 4 LAN", mac="74:ac:74:ac:74:74", ip="192.168.1.9", vendor="Raspberry Pi Trading Ltd", first_connection="2022-02-12 22:05:00", last_connection="2025-08-04 17:57:00", dev_type="Singleboard Computer (SBC)", device_status="Online"} 1
+...
+```
+
+---
+
+## Metrics Overview
+
+### 1. Aggregate Device Counts
+
+| Metric                        | Description                              |
+| ----------------------------- | ---------------------------------------- |
+| `netalertx_connected_devices` | Devices currently connected              |
+| `netalertx_offline_devices`   | Devices currently offline                |
+| `netalertx_down_devices`      | Down/unreachable devices                 |
+| `netalertx_new_devices`       | Recently detected devices                |
+| `netalertx_archived_devices`  | Archived devices                         |
+| `netalertx_favorite_devices`  | User-marked favorites                    |
+| `netalertx_my_devices`        | Devices associated with the current user |
+
+---
+
+### 2. Per-Device Status
+
+Metric: `netalertx_device_status`
+Each device has labels:
+
+* `device`: friendly name
+* `mac`: MAC address (or placeholder)
+* `ip`: last recorded IP
+* `vendor`: manufacturer or "None"
+* `first_connection`: timestamp of first detection
+* `last_connection`: most recent contact
+* `dev_type`: device type/category
+* `device_status`: current status (`Online`, `Offline`, `Archived`, `Down`, …)
+
+Metric value is always `1` (presence indicator).
+
+---
+
+## Querying with `curl`
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/metrics' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: text/plain'
+```
+
+Replace placeholders:
+
+* `<server_ip>` – NetAlertX host IP/hostname
+* `<GRAPHQL_PORT>` – configured port (default `20212`)
+* `<API_TOKEN>` – your API token
+
+---
+
+## Prometheus Scraping Configuration
+
+```yaml
+scrape_configs:
+  - job_name: 'netalertx'
+    metrics_path: /metrics
+    scheme: http
+    scrape_interval: 60s
+    static_configs:
+      - targets: ['<server_ip>:<GRAPHQL_PORT>']
+    authorization:
+      type: Bearer
+      credentials: <API_TOKEN>
+```
+
+---
+
+## Grafana Dashboard Template
+
+Sample template JSON: [Download](./samples/API/Grafana_Dashboard.json)
--- a/docs/API_NETTOOLS.md
+++ b/docs/API_NETTOOLS.md
@@ -0,0 +1,243 @@
+# Net Tools API Endpoints
+
+The Net Tools API provides **network diagnostic utilities**, including Wake-on-LAN, traceroute, speed testing, DNS resolution, nmap scanning, and internet connection information.
+
+All endpoints require **authorization** via Bearer token.
+
+---
+
+## Endpoints
+
+### 1. Wake-on-LAN
+
+* **POST** `/nettools/wakeonlan`
+  Sends a Wake-on-LAN packet to wake a device.
+
+**Request Body** (JSON):
+
+```json
+{
+  "devMac": "AA:BB:CC:DD:EE:FF"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "message": "WOL packet sent",
+  "output": "Sent magic packet to AA:BB:CC:DD:EE:FF"
+}
+```
+
+**Error Responses**:
+
+* Invalid MAC address → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 2. Traceroute
+
+* **POST** `/nettools/traceroute`
+  Performs a traceroute to a specified IP address.
+
+**Request Body**:
+
+```json
+{
+  "devLastIP": "192.168.1.1"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": "traceroute output as string"
+}
+```
+
+**Error Responses**:
+
+* Invalid IP → HTTP 400
+* Traceroute command failure → HTTP 500
+
+---
+
+### 3. Speedtest
+
+* **GET** `/nettools/speedtest`
+  Runs an internet speed test using `speedtest-cli`.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": [
+    "Ping: 15 ms",
+    "Download: 120.5 Mbit/s",
+    "Upload: 22.4 Mbit/s"
+  ]
+}
+```
+
+**Error Responses**:
+
+* Command failure → HTTP 500
+
+---
+
+### 4. DNS Lookup (nslookup)
+
+* **POST** `/nettools/nslookup`
+  Resolves an IP address or hostname using `nslookup`.
+
+**Request Body**:
+
+```json
+{
+  "devLastIP": "8.8.8.8"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": [
+    "Server: 8.8.8.8",
+    "Address: 8.8.8.8#53",
+    "Name: google-public-dns-a.google.com"
+  ]
+}
+```
+
+**Error Responses**:
+
+* Missing or invalid `devLastIP` → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 5. Nmap Scan
+
+* **POST** `/nettools/nmap`
+  Runs an nmap scan on a target IP address or range.
+
+**Request Body**:
+
+```json
+{
+  "scan": "192.168.1.0/24",
+  "mode": "fast"
+}
+```
+
+**Supported Modes**:
+
+| Mode            | nmap Arguments |
+| --------------- | -------------- |
+| `fast`          | `-F`           |
+| `normal`        | default        |
+| `detail`        | `-A`           |
+| `skipdiscovery` | `-Pn`          |
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "mode": "fast",
+  "ip": "192.168.1.0/24",
+  "output": [
+    "Starting Nmap 7.91",
+    "Host 192.168.1.1 is up",
+    "... scan results ..."
+  ]
+}
+```
+
+**Error Responses**:
+
+* Invalid IP → HTTP 400
+* Invalid mode → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 6. Internet Connection Info
+
+* **GET** `/nettools/internetinfo`
+  Fetches public internet connection information using `ipinfo.io`.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": "IP: 203.0.113.5 City: Sydney Country: AU Org: Example ISP"
+}
+```
+
+**Error Responses**:
+
+* Failed request or empty response → HTTP 500
+
+---
+
+## Example `curl` Requests
+
+**Wake-on-LAN**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/wakeonlan" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devMac":"AA:BB:CC:DD:EE:FF"}'
+```
+
+**Traceroute**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/traceroute" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devLastIP":"192.168.1.1"}'
+```
+
+**Speedtest**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/nettools/speedtest" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Nslookup**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/nslookup" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devLastIP":"8.8.8.8"}'
+```
+
+**Nmap Scan**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/nmap" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"scan":"192.168.1.0/24","mode":"fast"}'
+```
+
+**Internet Info**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/nettools/internetinfo" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
--- a/docs/API_OLD.md
+++ b/docs/API_OLD.md
@@ -0,0 +1,370 @@
+# [Deprecated] API endpoints
+
+> [!WARNING] 
+> Some of these endpoints will be deprecated soon. Please refere to the new [API](API.md) endpoints docs for details on the new API layer. 
+
+NetAlertX comes with a couple of API endpoints. All requests need to be authorized (executed in a logged in browser session) or you have to pass the value of the `API_TOKEN` settings as authorization bearer, for example:
+
+```graphql
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+## API Endpoint: GraphQL
+
+- Endpoint URL: `php/server/query_graphql.php`
+- Host: `same as front end (web ui)`
+- Port: `20212` or as defined by the `GRAPHQL_PORT` setting
+
+### Example Query to Fetch Devices
+
+First, let's define the GraphQL query to fetch devices with pagination and sorting options.
+
+```graphql
+query GetDevices($options: PageQueryOptionsInput) {
+  devices(options: $options) {
+    devices {
+      rowid
+      devMac
+      devName
+      devOwner
+      devType
+      devVendor
+      devLastConnection
+      devStatus
+    }
+    count
+  }
+}
+```
+
+See also: [Debugging GraphQL issues](./DEBUG_GRAPHQL.md)
+
+### `curl` Command
+
+You can use the following `curl` command to execute the query. 
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql'   -X POST   -H 'Authorization: Bearer API_TOKEN'  -H 'Content-Type: application/json'   --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+### Explanation:
+
+1. **GraphQL Query**:
+   - The `query` parameter contains the GraphQL query as a string.
+   - The `variables` parameter contains the input variables for the query.
+
+2. **Query Variables**:
+   - `page`: Specifies the page number of results to fetch.
+   - `limit`: Specifies the number of results per page.
+   - `sort`: Specifies the sorting options, with `field` being the field to sort by and `order` being the sort order (`asc` for ascending or `desc` for descending).
+   - `search`: A search term to filter the devices.
+   - `status`: The status filter to apply (valid values are `my_devices` (determined by the `UI_MY_DEVICES` setting), `connected`, `favorites`, `new`, `down`, `archived`, `offline`).
+
+3. **`curl` Command**:
+   - The `-X POST` option specifies that we are making a POST request.
+   - The `-H "Content-Type: application/json"` option sets the content type of the request to JSON.
+   - The `-d` option provides the request payload, which includes the GraphQL query and variables.
+
+### Sample Response
+
+The response will be in JSON format, similar to the following:
+
+```json
+{
+  "data": {
+    "devices": {
+      "devices": [
+        {
+          "rowid": 1,
+          "devMac": "00:11:22:33:44:55",
+          "devName": "Device 1",
+          "devOwner": "Owner 1",
+          "devType": "Type 1",
+          "devVendor": "Vendor 1",
+          "devLastConnection": "2025-01-01T00:00:00Z",
+          "devStatus": "connected"
+        },
+        {
+          "rowid": 2,
+          "devMac": "66:77:88:99:AA:BB",
+          "devName": "Device 2",
+          "devOwner": "Owner 2",
+          "devType": "Type 2",
+          "devVendor": "Vendor 2",
+          "devLastConnection": "2025-01-02T00:00:00Z",
+          "devStatus": "connected"
+        }
+      ],
+      "count": 2
+    }
+  }
+}
+```
+
+## API Endpoint: JSON files 
+
+This API endpoint retrieves static files, that are periodically updated. 
+
+- Endpoint URL: `php/server/query_json.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+### When are the endpoints updated
+
+The endpoints are updated when objects in the API endpoints are changed.
+
+### Location of the endpoints
+
+In the container, these files are located under the `/app/api/` folder. You can access them via the `/php/server/query_json.php?file=user_notifications.json` endpoint.
+
+### Available endpoints
+
+You can access the following files:
+
+  | File name | Description | 
+  |----------------------|----------------------| 
+  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json)). |
+  | `table_devices.json` | All of the available Devices detected by the app. |  
+  | `table_plugins_events.json` | The list of the unprocessed (pending) notification events (plugins_events DB table). |
+  | `table_plugins_history.json` | The list of notification events history. |  
+  | `table_plugins_objects.json` | The content of the plugins_objects table. Find more info on the [Plugin system here](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md)|
+  | `language_strings.json` | The content of the language_strings table, which in turn is loaded from the plugins `config.json` definitions. |  
+  | `table_custom_endpoint.json` | A custom endpoint generated by the SQL query specified by the `API_CUSTOM_SQL` setting. |
+  | `table_settings.json` | The content of the settings table. |
+  | `app_state.json` | Contains the current application state. |
+  
+
+### JSON Data format
+
+The endpoints starting with the `table_` prefix contain most, if not all, data contained in the corresponding database table. The common format for those is:
+
+```JSON
+{
+  "data": [
+        {
+          "db_column_name": "data",
+          "db_column_name2": "data2"      
+        }, 
+        {
+          "db_column_name": "data3",
+          "db_column_name2": "data4" 
+        }
+    ]
+}
+
+```
+
+Example JSON of the `table_devices.json` endpoint with two Devices (database rows):
+
+```JSON
+{
+  "data": [
+        {
+          "devMac": "Internet",
+          "devName": "Net - Huawei",
+          "devType": "Router",
+          "devVendor": null,
+          "devGroup": "Always on",
+          "devFirstConnection": "2021-01-01 00:00:00",
+          "devLastConnection": "2021-01-28 22:22:11",
+          "devLastIP": "192.168.1.24",
+          "devStaticIP": 0,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2023-01-28 22:22:28.998715",
+          "devIsNew": 0,
+          "devParentMAC": "",
+          "devParentPort": "",
+          "devIcon": "globe"
+        }, 
+        {
+          "devMac": "a4:8f:ff:aa:ba:1f",
+          "devName": "Net - USG",
+          "devType": "Firewall",
+          "devVendor": "Ubiquiti Inc",
+          "devGroup": "",
+          "devFirstConnection": "2021-02-12 22:05:00",
+          "devLastConnection": "2021-07-17 15:40:00",
+          "devLastIP": "192.168.1.1",
+          "devStaticIP": 1,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2021-07-17 15:40:10.667717",
+          "devIsNew": 0,
+          "devParentMAC": "Internet",
+          "devParentPort": 1,
+          "devIcon": "shield-halved"
+      }
+    ]
+}
+
+```
+
+## API Endpoint: Prometheus Exporter
+
+* **Endpoint URL**: `/metrics`
+* **Host**: (where NetAlertX exporter is running)
+* **Port**: as configured in the `GRAPHQL_PORT` setting (`20212` by default)
+
+---
+
+### Example Output of the `/metrics` Endpoint
+
+Below is a representative snippet of the metrics you may find when querying the `/metrics` endpoint for `netalertx`. It includes both aggregate counters and `device_status` labels per device.
+
+```
+netalertx_connected_devices 31
+netalertx_offline_devices 54
+netalertx_down_devices 0
+netalertx_new_devices 0
+netalertx_archived_devices 31
+netalertx_favorite_devices 2
+netalertx_my_devices 54
+
+netalertx_device_status{device="Net - Huawei", mac="Internet", ip="1111.111.111.111", vendor="None", first_connection="2021-01-01 00:00:00", last_connection="2025-08-04 17:57:00", dev_type="Router", device_status="Online"} 1
+netalertx_device_status{device="Net - USG", mac="74:ac:74:ac:74:ac", ip="192.168.1.1", vendor="Ubiquiti Networks Inc.", first_connection="2022-02-12 22:05:00", last_connection="2025-06-07 08:16:49", dev_type="Firewall", device_status="Archived"} 1
+netalertx_device_status{device="Raspberry Pi 4 LAN", mac="74:ac:74:ac:74:74", ip="192.168.1.9", vendor="Raspberry Pi Trading Ltd", first_connection="2022-02-12 22:05:00", last_connection="2025-08-04 17:57:00", dev_type="Singleboard Computer (SBC)", device_status="Online"} 1
+...
+```
+
+---
+
+### Metrics Explanation
+
+#### 1. Aggregate Device Counts
+
+Metric names prefixed with `netalertx_` provide aggregated counts by device status:
+
+* `netalertx_connected_devices`: number of devices currently connected
+* `netalertx_offline_devices`: devices currently offline
+* `netalertx_down_devices`: down/unreachable devices
+* `netalertx_new_devices`: devices recently detected
+* `netalertx_archived_devices`: archived devices
+* `netalertx_favorite_devices`: user-marked favorite devices
+* `netalertx_my_devices`: devices associated with the current user context
+
+These numeric values give a high-level overview of device distribution.
+
+#### 2. Per‑Device Status with Labels
+
+Each individual device is represented by a `netalertx_device_status` metric, with descriptive labels:
+
+* `device`: friendly name of the device
+* `mac`: MAC address (or placeholder)
+* `ip`: last recorded IP address
+* `vendor`: manufacturer or "None" if unknown
+* `first_connection`: timestamp when the device was first observed
+* `last_connection`: most recent contact timestamp
+* `dev_type`: device category or type
+* `device_status`: current status (Online / Offline / Archived / Down / ...)
+
+The metric value is always `1` (indicating presence or active state) and the combination of labels identifies the device.
+
+---
+
+### How to Query with `curl`
+
+To fetch the metrics from the NetAlertX exporter:
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/metrics' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: text/plain'
+```
+
+Replace:
+
+* `<server_ip>`: IP or hostname of the NetAlertX server
+* `<GRAPHQL_PORT>`: port specified in your `GRAPHQL_PORT` setting  (default: `20212`)
+* `<API_TOKEN>` your Bearer token from the `API_TOKEN` setting
+
+---
+
+### Summary
+
+* **Endpoint**: `/metrics` provides both summary counters and per-device status entries.
+* **Aggregate metrics** help monitor overall device states.
+* **Detailed metrics** expose each device’s metadata via labels.
+* **Use case**: feed into Prometheus for scraping, monitoring, alerting, or charting dashboard views.
+
+### Prometheus Scraping Configuration
+
+```yaml
+scrape_configs:
+  - job_name: 'netalertx'
+    metrics_path: /metrics
+    scheme: http
+    scrape_interval: 60s
+    static_configs:
+      - targets: ['<server_ip>:<GRAPHQL_PORT>']
+    authorization:
+      type: Bearer
+      credentials: <API_TOKEN>
+```
+
+### Grafana template
+
+Grafana template sample: [Download json](./samples/API/Grafana_Dashboard.json)
+
+## API Endpoint: /log files
+
+This API endpoint retrieves files from the `/app/log` folder. 
+
+- Endpoint URL: `php/server/query_logs.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+| File                     | Description                                                   |
+|--------------------------|---------------------------------------------------------------|
+| `IP_changes.log`         | Logs of IP address changes                                    |
+| `app.log`                | Main application log                                          |
+| `app.php_errors.log`     | PHP error log                                                 |
+| `app_front.log`          | Frontend application log                                      |
+| `app_nmap.log`           | Logs of Nmap scan results                                     |
+| `db_is_locked.log`       | Logs when the database is locked                              |
+| `execution_queue.log`    | Logs of execution queue activities                            |
+| `plugins/`               | Directory for temporary plugin-related files (not accessible) |
+| `report_output.html`     | HTML report output                                            |
+| `report_output.json`     | JSON format report output                                     |
+| `report_output.txt`      | Text format report output                                     |
+| `stderr.log`             | Logs of standard error output                                 |
+| `stdout.log`             | Logs of standard output                                       |
+
+
+## API Endpoint: /config files
+
+To retrieve files from the `/app/config` folder. 
+
+- Endpoint URL: `php/server/query_config.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+| File                     | Description                                      |
+|--------------------------|--------------------------------------------------|
+| `devices.csv`            | Devices csv file                                 |
+| `app.conf`               | Application config file                          |
+
--- a/docs/API_ONLINEHISTORY.md
+++ b/docs/API_ONLINEHISTORY.md
@@ -0,0 +1,32 @@
+# Online History API Endpoints
+
+Manage the **online history records** of devices. Currently, the API supports deletion of all history entries. All endpoints require **authorization**.
+
+---
+
+## 1. Delete Online History
+
+* **DELETE** `/history`
+  Remove **all records** from the online history table (`Online_History`). This operation **cannot be undone**.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "message": "Deleted online history"
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### Example `curl` Request
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/history" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
--- a/docs/API_SESSIONS.md
+++ b/docs/API_SESSIONS.md
@@ -0,0 +1,240 @@
+# Sessions API Endpoints
+
+Track and manage device connection sessions. Sessions record when a device connects or disconnects on the network.
+
+### Create a Session
+
+* **POST** `/sessions/create` → Create a new session for a device
+
+  **Request Body:**
+
+  ```json
+  {
+    "mac": "AA:BB:CC:DD:EE:FF",
+    "ip": "192.168.1.10",
+    "start_time": "2025-08-01T10:00:00",
+    "end_time": "2025-08-01T12:00:00",      // optional
+    "event_type_conn": "Connected",         // optional, default "Connected"
+    "event_type_disc": "Disconnected"       // optional, default "Disconnected"
+  }
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "message": "Session created for MAC AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/sessions/create" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "mac": "AA:BB:CC:DD:EE:FF",
+    "ip": "192.168.1.10",
+    "start_time": "2025-08-01T10:00:00",
+    "end_time": "2025-08-01T12:00:00",
+    "event_type_conn": "Connected",
+    "event_type_disc": "Disconnected"
+  }'
+
+```
+
+---
+
+### Delete Sessions
+
+* **DELETE** `/sessions/delete` → Delete all sessions for a given MAC
+
+  **Request Body:**
+
+  ```json
+  {
+    "mac": "AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "message": "Deleted sessions for MAC AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/sessions/delete" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "mac": "AA:BB:CC:DD:EE:FF"
+  }'
+```
+
+---
+
+### List Sessions
+
+* **GET** `/sessions/list` → Retrieve sessions optionally filtered by device and date range
+
+  **Query Parameters:**
+
+  * `mac` (optional) → Filter by device MAC address
+  * `start_date` (optional) → Filter sessions starting from this date (`YYYY-MM-DD`)
+  * `end_date` (optional) → Filter sessions ending by this date (`YYYY-MM-DD`)
+
+  **Example:**
+
+  ```
+  /sessions/list?mac=AA:BB:CC:DD:EE:FF&start_date=2025-08-01&end_date=2025-08-21
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "ses_MAC": "AA:BB:CC:DD:EE:FF",
+        "ses_Connection": "2025-08-01 10:00",
+        "ses_Disconnection": "2025-08-01 12:00",
+        "ses_Duration": "2h 0m",
+        "ses_IP": "192.168.1.10",
+        "ses_Info": ""
+      }
+    ]
+  }
+  ```
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/list?mac=AA:BB:CC:DD:EE:FF&start_date=2025-08-01&end_date=2025-08-21" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+---
+
+### Calendar View of Sessions
+
+* **GET** `/sessions/calendar` → View sessions in calendar format
+
+  **Query Parameters:**
+
+  * `start` → Start date (`YYYY-MM-DD`)
+  * `end` → End date (`YYYY-MM-DD`)
+
+  **Example:**
+
+  ```
+  /sessions/calendar?start=2025-08-01&end=2025-08-21
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "resourceId": "AA:BB:CC:DD:EE:FF",
+        "title": "",
+        "start": "2025-08-01T10:00:00",
+        "end": "2025-08-01T12:00:00",
+        "color": "#00a659",
+        "tooltip": "Connection: 2025-08-01 10:00\nDisconnection: 2025-08-01 12:00\nIP: 192.168.1.10",
+        "className": "no-border"
+      }
+    ]
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/calendar?start=2025-08-01&end=2025-08-21" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+
+---
+
+### Device Sessions
+
+* **GET** `/sessions/<mac>` → Retrieve sessions for a specific device
+
+  **Query Parameters:**
+
+  * `period` → Period to retrieve sessions (`1 day`, `7 days`, `1 month`, etc.)
+    Default: `1 day`
+
+  **Example:**
+
+  ```
+  /sessions/AA:BB:CC:DD:EE:FF?period=7 days
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "ses_MAC": "AA:BB:CC:DD:EE:FF",
+        "ses_Connection": "2025-08-01 10:00",
+        "ses_Disconnection": "2025-08-01 12:00",
+        "ses_Duration": "2h 0m",
+        "ses_IP": "192.168.1.10",
+        "ses_Info": ""
+      }
+    ]
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/AA:BB:CC:DD:EE:FF?period=7%20days" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+
+---
+
+### Session Events Summary
+
+* **GET** `/sessions/session-events` → Retrieve a summary of session events
+
+  **Query Parameters:**
+
+  * `type` → Event type (`all`, `sessions`, `missing`, `voided`, `new`, `down`)
+    Default: `all`
+  * `period` → Period to retrieve events (`7 days`, `1 month`, etc.)
+
+  **Example:**
+
+  ```
+  /sessions/session-events?type=all&period=7 days
+  ```
+
+  **Response:**
+  Returns a list of events or sessions with formatted connection, disconnection, duration, and IP information.
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/session-events?type=all&period=7%20days" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
--- a/docs/API_SETTINGS.md
+++ b/docs/API_SETTINGS.md
@@ -0,0 +1,92 @@
+# Settings API Endpoints
+
+Retrieve application settings stored in the configuration system. This endpoint is useful for quickly fetching individual settings such as `API_TOKEN` or `TIMEZONE`.
+
+For bulk or structured access (all settings, schema details, or filtering), use the [GraphQL API Endpoint](API_GRAPHQL.md).
+
+---
+
+### Get a Setting
+
+* **GET** `/settings/<key>` → Retrieve the value of a specific setting
+
+**Path Parameter:**
+
+* `key` → The setting key to retrieve (e.g., `API_TOKEN`, `TIMEZONE`)
+
+**Authorization:**
+Requires a valid API token in the `Authorization` header.
+
+---
+
+#### `curl` Example (Success)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/API_TOKEN' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "success": true,
+  "value": "my-secret-token"
+}
+```
+
+---
+
+#### `curl` Example (Invalid Key)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/DOES_NOT_EXIST' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "success": true,
+  "value": null
+}
+```
+
+---
+
+#### `curl` Example (Unauthorized)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/API_TOKEN' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "error": "Forbidden"
+}
+```
+
+---
+
+### Notes
+
+* This endpoint is optimized for **direct retrieval of a single setting**.
+* For **complex retrieval scenarios** (listing all settings, retrieving schema metadata like `setName`, `setDescription`, `setType`, or checking if a setting is overridden by environment variables), use the **GraphQL Settings Query**:
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetSettings { settings { settings { setKey setName setDescription setType setOptions setGroup setValue setEvents setOverriddenByEnv } count } }"
+  }'
+```
+
+See the [GraphQL API Endpoint](API_GRAPHQL.md) for more details.
--- a/docs/API_SYNC.md
+++ b/docs/API_SYNC.md
@@ -0,0 +1,125 @@
+# Sync API Endpoint 
+
+---
+
+The `/sync` endpoint is used by the **SYNC plugin** to synchronize data between multiple NetAlertX instances (e.g., from a node to a hub). It supports both **GET** and **POST** requests.
+
+#### 9.1 GET `/sync`
+
+Fetches data from a node to the hub. The data is returned as a **base64-encoded JSON file**.
+
+**Example Request:**
+
+```sh
+curl 'http://<server>:<GRAPHQL_PORT>/sync' \
+  -H 'Authorization: Bearer <API_TOKEN>'
+```
+
+**Response Example:**
+
+```json
+{
+  "node_name": "NODE-01",
+  "status": 200,
+  "message": "OK",
+  "data_base64": "eyJkZXZpY2VzIjogW3siZGV2TWFjIjogIjAwOjExOjIyOjMzOjQ0OjU1IiwiZGV2TmFtZSI6ICJEZXZpY2UgMSJ9XSwgImNvdW50Ijog1fQ==",
+  "timestamp": "2025-08-24T10:15:00+10:00"
+}
+```
+
+**Notes:**
+
+* `data_base64` contains the full JSON data encoded in Base64.
+* `node_name` corresponds to the `SYNC_node_name` setting on the node.
+* Errors (e.g., missing file) return HTTP 500 with an error message.
+
+---
+
+#### 9.2 POST `/sync` 
+
+The **POST** endpoint is used by nodes to **send data to the hub**. The hub expects the data as **form-encoded fields** (application/x-www-form-urlencoded or multipart/form-data). The hub then stores the data in the plugin log folder for processing.
+
+#### Required Fields
+
+| Field       | Type              | Description                                                                                                                                                                  |
+| ----------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `data`      | string            | The payload from the plugin or devices. Typically **plain text**, **JSON**, or **encrypted Base64** data. In your Python script, `encrypt_data()` is applied before sending. |
+| `node_name` | string            | The name of the node sending the data. Matches the node’s `SYNC_node_name` setting. Used to generate the filename on the hub.                                                |
+| `plugin`    | string            | The name of the plugin sending the data. Determines the filename prefix (`last_result.<plugin>...`).                                                                         |
+| `file_path` | string (optional) | Path of the local file being sent. Used only for logging/debugging purposes on the hub; **not required for processing**.                                                     |
+
+---
+
+### How the Hub Processes the POST Data
+
+1. **Receives the data** and validates the API token.
+2. **Stores the raw payload** in:
+
+```
+INSTALL_PATH/log/plugins/last_result.<plugin>.encoded.<node_name>.<sequence>.log
+```
+
+* `<plugin>` → plugin name from the POST request.
+* `<node_name>` → node name from the POST request.
+* `<sequence>` → incremented number for each submission.
+
+3. **Decodes / decrypts the data** if necessary (Base64 or encrypted) before processing.
+4. **Processes JSON payloads** (e.g., device info) to:
+
+   * Avoid duplicates by tracking `devMac`.
+   * Add metadata like `devSyncHubNode`.
+   * Insert new devices into the database.
+5. **Renames files** to indicate they have been processed:
+
+```
+processed_last_result.<plugin>.<node_name>.<sequence>.log
+```
+
+---
+
+### Example POST Payload
+
+If a node is sending device data:
+
+```bash
+curl -X POST 'http://<hub>:<PORT>/sync' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -F 'data={"data":[{"devMac":"00:11:22:33:44:55","devName":"Device 1","devVendor":"Vendor A","devLastIP":"192.168.1.10"}]}' \
+  -F 'node_name=NODE-01' \
+  -F 'plugin=SYNC'
+```
+
+* The `data` field contains JSON with a **`data` array**, where each element is a **device object** or **plugin data object**.
+* The `plugin` and `node_name` fields allow the hub to **organize and store the file correctly**.
+* The data is only processed if the relevant plugins are enabled and run on the target server. 
+
+---
+
+### Key Notes
+
+* **Always use the same `plugin` and `node_name` values** for consistent storage.
+* **Encrypted data**: The Python script uses `encrypt_data()` before sending, and the hub decodes it before processing.
+* **Sequence numbers**: Every submission generates a new sequence, preventing overwriting previous data.
+* **Form-encoded**: The hub expects `multipart/form-data` (cURL `-F`) or `application/x-www-form-urlencoded`.
+
+**Storage Details:**
+
+* Data is stored under `INSTALL_PATH/log/plugins` with filenames following the pattern:
+
+```
+last_result.<plugin>.encoded.<node_name>.<sequence>.log
+```
+
+* Both encoded and decoded files are tracked, and new submissions increment the sequence number.
+* If storing fails, the API returns HTTP 500 with an error message.
+* The data is only processed if the relevant plugins are enabled and run on the target server. 
+
+---
+
+#### 9.3 Notes and Best Practices
+
+* **Authorization Required** – Both GET and POST require a valid API token.
+* **Data Integrity** – Ensure that `node_name` and `plugin` are consistent to avoid overwriting files.
+* **Monitoring** – Notifications are generated whenever data is sent or received (`write_notification`), which can be used for alerting or auditing.
+* **Use Case** – Typically used in multi-node deployments to consolidate device and event data on a central hub.
+
--- a/docs/API_TESTS.md
+++ b/docs/API_TESTS.md
@@ -0,0 +1,12 @@
+### Unit Tests
+
+>[!WARNING]
+> Please note these test modify data in the database. 
+
+1. See the `/test` directory for available test cases. These are not exhaustive but cover the main API endpoints.  
+2. To run a test case, SSH into the container:  
+   `sudo docker exec -it netalertx /bin/bash`  
+3. Inside the container, install pytest (if not already installed):  
+   `pip install pytest`  
+4. Run a specific test case:  
+   `pytest /app/test/TESTFILE.py`
--- a/docs/AUTHELIA.md
+++ b/docs/AUTHELIA.md
@@ -1,6 +1,8 @@
-(DRAFT) Authelia support
-
+## Authelia support

+> [!WARNING] 
+>
+> This is community contributed content and work in progress. Contributions are welcome. 

 ```yaml
 theme: dark
--- a/docs/BACKUPS.md
+++ b/docs/BACKUPS.md
@@ -1,16 +1,59 @@
-# 💾 Backing things up
+# Backing things up

 > [!NOTE]
 > To backup 99% of your configuration backup at least the `/app/config` folder. Please read the whole page (or at least "Scenario 2: Corrupted database") for details.
-> Please also note that database definitions might change over versions. The safest way is to restore your older backups into the **same version** of the app and then gradually upgarde between releases to the latest version.
+> Note that database definitions might change over time. The safest way is to restore your older backups into the **same version** of the app they were taken from and then gradually upgarde between releases to the latest version.

-There are 3 artifacts that can be used to backup the application:
+There are 4 artifacts that can be used to backup the application:

 | File                  | Description                   | Limitations                   |
 |-----------------------|-------------------------------|-------------------------------|
 | `/db/app.db`       | Database file(s)  | The database file might be in an uncommitted state or corrupted |
 | `/config/app.conf` | Configuration file |  Can be overridden with the [`APP_CONF_OVERRIDE` env variable](https://github.com/jokob-sk/NetAlertX/tree/main/dockerfiles#docker-environment-variables).  |
 | `/config/devices.csv`  | CSV file containing device information |     Doesn't contain historical data        |
+| `/config/workflows.json`  | A JSON file containing your workflows |     N/A        |
+
+
+## Backup strategies
+
+The safest approach to backups is to backup everything, by taking regular file system backups of the `/db` and `/config` folders (I use [Kopia](https://github.com/kopia/kopia)). 
+
+Arguably, the most time is spent setting up the device list, so if only one file is kept I'd recommend to have a latest backup of the `devices_<timestamp>.csv` or `devices.csv` file, followed by the `app.conf` and `workflows.json` files. You can also download `app.conf` and `devices.csv` file in the Maintenance section:
+
+![Backup and Restore Section in Maintenance](./img/BACKUPS/Maintenance_Backup_Restore.png)
+
+### Scenario 1: Full backup
+
+End-result: Full restore
+
+#### 💾 Source artifacts:
+
+- `/app/db/app.db` (uncorrupted)
+- `/app/config/app.conf`
+- `/app/config/workflows.json`
+
+#### 📥 Recovery:
+
+To restore the application map the above files as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths). 
+
+
+### Scenario 2: Corrupted database
+
+End-result: Partial restore (historical data and some plugin data will be missing)
+
+#### 💾 Source artifacts:
+
+- `/app/config/app.conf`
+- `/app/config/devices_<timestamp>.csv` or `/app/config/devices.csv`
+- `/app/config/workflows.json`
+
+#### 📥 Recovery:
+
+Even with a corrupted database you can recover what I would argue is 99% of the configuration. 
+
+- upload the `app.conf` and `workflows.json` files into the mounted `/app/config/` folder as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths).
+- rename the `devices_<timestamp>.csv` to `devices.csv` and place it in the `/app/config` folder
+- Restore the `devices.csv` backup via the [Maintenance section](./DEVICES_BULK_EDITING.md)

 ## Data and backup storage

@@ -18,7 +61,7 @@ To decide on a backup strategy, check where the data is stored:

 ### Core Configuration

-The core application configuration is in the `app.conf` file (See [Settings System](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SETTINGS_SYSTEM.md) for details), such as:
+The core application configuration is in the `app.conf` file (See [Settings System](./SETTINGS_SYSTEM.md) for details), such as:

 - Notification settings
 - Scanner settings
@@ -37,50 +80,11 @@ The core device data is backed up to the `devices_<timestamp>.csv` or `devices.c

 ### Historical data

-Historical data is stored in the `app.db` database (See [Database overview](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DATABASE.md) for details). This data includes:
+Historical data is stored in the `app.db` database (See [Database overview](./DATABASE.md) for details). This data includes:

 - Plugin objects
 - Plugin historical entries
 - History of Events, Notifications, Workflow Events
 - Presence history

-## 🧭 Backup strategies
-
-The safest approach to backups is to backup all of the above, by taking regular file system backups (I use [Kopia](https://github.com/kopia/kopia)). 
-
-Arguably, the most time is spent setting up the device list, so if only one file is kept I'd recommend to have a latest backup of the `devices_<timestamp>.csv` or `devices.csv` file, followed by the `app.conf` file. You can also download `app.conf` and `devices.csv` file in the Maintenance section:
-
-![Backup and Restore Section in Maintenance](/docs/img/BACKUPS/Maintenance_Backup_Restore.png)
-
-### Scenario 1: Full backup
-
-End-result: Full restore
-
-#### Source artifacts:
-
- `/app/db/app.db` (uncorrupted)
- `/app/config/app.conf`
-
-#### Recovery:
-
-To restore the application map the above files as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths). 
-
-
-### Scenario 2: Corrupted database
-
-End-result: Partial restore (historical data & configurations from the Maintenance section will be missing)
-
-#### Source artifacts:
-
- `/app/config/app.conf`
- `/app/config/devices_<timestamp>.csv` or `/app/config/devices.csv`
-
-#### Recovery:
-
-Even with a corrupted database you can recover what I would argue is 99% of the configuration. 
-
- upload the `app.conf` file into the mounted `/app/config/` folder as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths).
- rename the `devices_<timestamp>.csv` to `devices.csv` and place it in the `/app/config` folder
- Restore the `devices.csv` backup via the [Maintenance section](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md)
-

--- a/docs/COMMON_ISSUES.md
+++ b/docs/COMMON_ISSUES.md
@@ -0,0 +1,57 @@
+### Loading...
+
+Often if the application is misconfigured the `Loading...` dialog is continuously displayed. This is most likely caused by the backed failing to start. The **Maintenance -> Logs** section should give you more details on what's happening. If there is no exception, check the Portainer log, or start the container in the foreground (without the `-d` parameter) to observe any exceptions. It's advisable to enable `trace` or `debug`. Check the [Debug tips](./DEBUG_TIPS.md) on detailed instructions. 
+
+### Incorrect SCAN_SUBNETS
+
+One of the most common issues is not configuring `SCAN_SUBNETS` correctly. If this setting is misconfigured you will only see one or two devices in your devices list after a scan. Please read the [subnets docs](./SUBNETS.md) carefully to resolve this.
+
+### Duplicate devices and notifications
+
+The app uses the MAC address as an unique identifier for devices. If a new MAC is detected a new device is added to the application and corresponding notifications are triggered. This means that if the MAC of an existing device changes, the device will be logged as a new device. You can usually prevent this from happening by changing the device configuration (in Android, iOS, or Windows) for your network. See the [Random Macs](./RANDOM_MAC.md) guide for details. 
+
+### Permissions
+
+Make sure you [File permissions](./FILE_PERMISSIONS.md) are set correctly.
+
+* If facing issues (AJAX errors, can't write to DB, empty screen, etc,) make sure permissions are set correctly, and check the logs under `/app/log`. 
+* To solve permission issues you can try setting the owner and group of the `app.db` by executing the following on the host system: `docker exec netalertx chown -R www-data:www-data /app/db/app.db`. 
+* If still facing issues, try to map the app.db file (⚠ not folder) to `:/app/db/app.db` (see [docker-compose Examples](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#-docker-composeyml-examples) for details)
+
+### Container restarts / crashes
+
+* Check the logs for details. Often a required setting for a notification method is missing. 
+
+### unable to resolve host
+
+* Check that your `SCAN_SUBNETS` variable is using the correct mask and `--interface`. See the [subnets docs for details](./SUBNETS.md).  
+
+### Invalid JSON
+
+Check the [Invalid JSON errors debug help](./DEBUG_INVALID_JSON.md) docs on how to proceed.
+
+### sudo execution failing (e.g.: on arpscan) on a Raspberry Pi 4 
+
+> sudo: unexpected child termination condition: 0
+
+Resolution based on [this issue](https://github.com/linuxserver/docker-papermerge/issues/4#issuecomment-1003657581)
+
+```
+wget ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.3-2_armhf.deb
+sudo dpkg -i libseccomp2_2.5.3-2_armhf.deb
+```
+
+The link above will probably break in time too. Go to https://packages.debian.org/sid/armhf/libseccomp2/download to find the new version number and put that in the url.
+
+### Only Router and own device show up
+
+Make sure that the subnet and interface in `SCAN_SUBNETS` are correct. If your device/NAS has multiple ethernet ports, you probably need to change `eth0` to something else.
+
+### Losing my settings and devices after an update
+
+If you lose your devices and/or settings after an update that means you don't have the `/app/db` and `/app/config` folders mapped to a permanent storage. That means every time you update these folders are re-created. Make sure you have the [volumes specified correctly](./DOCKER_COMPOSE.md) in your `docker-compose.yml` or run command.
+
+
+### The application is slow
+
+Slowness is usually caused by incorrect settings (the app might restart, so check the `app.log`), too many background processes (disable unnecessary scanners), too long scans (limit the number of scanned devices), too many disk operations, or some maintenance plugins might have failed. See the [Performance tips](./PERFORMANCE.md) docs for details.
--- a/docs/COMMUNITY_GUIDES.md
+++ b/docs/COMMUNITY_GUIDES.md
@@ -2,6 +2,7 @@

 Use the official installation guides at first and use community content as supplementary material. Open an issue or PR if you'd like to add your link to the list 🙏 (Ordered by last update time)

+- ▶ [Discover & Monitor Your Network with This Self-Hosted Open Source Tool - Lawrence Systems](https://www.youtube.com/watch?v=R3b5cxLZMpo) (June 2025)
 - ▶ [Home Lab Network Monitoring - Scotti-BYTE Enterprise Consulting Services](https://www.youtube.com/watch?v=0DryhzrQSJA) (July 2024)
 - 📄 [How to Install NetAlertX on Your Synology NAS - Marius hosting](https://mariushosting.com/how-to-install-pi-alert-on-your-synology-nas/) (Updated frequently)
 - 📄 [Using the PiAlert Network Security Scanner on a Raspberry Pi - PiMyLifeUp](https://pimylifeup.com/raspberry-pi-pialert/)
--- a/docs/CUSTOM_PROPERTIES.md
+++ b/docs/CUSTOM_PROPERTIES.md
@@ -1,10 +1,10 @@
 # Custom Properties for Devices

-![Custom Properties](/docs/img/CUSTOM_PROPERTIES/Device_Custom_Properties.png)
+![Custom Properties](./img/CUSTOM_PROPERTIES/Device_Custom_Properties.png)

 ## Overview

-This functionality allows you to define **custom properties** for devices, which can store and display additional information on the device listing page. By marking properties as visible, you can enhance the user interface with quick actions, notes, or external links.
+This functionality allows you to define **custom properties** for devices, which can store and display additional information on the device listing page. By marking properties as "Show", you can enhance the user interface with quick actions, notes, or external links.

 ### Key Features:
 - **Customizable Properties**: Define specific properties for each device.
@@ -41,7 +41,7 @@ Custom properties are structured as a list of objects, where each property inclu

 ## Usage on the Device Listing Page

-![Custom Properties](/docs/img/CUSTOM_PROPERTIES/Device_Custom_Properties_vid.gif)
+![Custom Properties](./img/CUSTOM_PROPERTIES/Device_Custom_Properties_vid.gif)

 Visible properties (`CUSTPROP_show: true`) are displayed as interactive icons in the device listing. Each icon can perform one of the following actions based on the `CUSTPROP_type`:

@@ -63,10 +63,10 @@ Visible properties (`CUSTPROP_show: true`) are displayed as interactive icons in

 ---

-## Example Scenarios
+## Example Use Cases

 1. **Device Documentation Link**:
-   - Add a custom property with `CUSTPROP_type` set to `link` or `link_new_tab` to allow quick navigation to the documentation.
+   - Add a custom property with `CUSTPROP_type` set to `link` or `link_new_tab` to allow quick navigation to the external documentation of the device.

 2. **Firmware Details**:
   - Use `CUSTPROP_type: show_notes` to display firmware versions or upgrade instructions in a modal.
--- a/docs/DATABASE.md
+++ b/docs/DATABASE.md
@@ -1,11 +1,56 @@
  
-  # A high-level description of the database structure
+# A high-level description of the database structure

-  ⚠ Disclaimer: As I'm not the original author, some of the information might be inaccurate. Feel free to submit a PR to correct anything within this page or documentation in general. 
+ An overview of the most important database tables as well as an detailed overview of the Devices table. The MAC address is used as a foreign key in most cases. 

-  The MAC address is used as a foreign key in most cases. 
+## Devices database table

-  ## 🔍Tables overview
+| Field Name              | Description | Sample Value |
+|-------------------------|-------------|--------------|
+| `devMac`               | MAC address of the device. | `00:1A:2B:3C:4D:5E` |
+| `devName`              | Name of the device. | `iPhone 12` |
+| `devOwner`             | Owner of the device. | `John Doe` |
+| `devType`              | Type of the device (e.g., phone, laptop, etc.). If set to a network type (e.g., switch), it will become selectable as a Network Parent Node. | `Laptop` |
+| `devVendor`            | Vendor/manufacturer of the device. | `Apple` |
+| `devFavorite`          | Whether the device is marked as a favorite. | `1` |
+| `devGroup`             | Group the device belongs to. | `Home Devices` |
+| `devComments`          | User comments or notes about the device. | `Used for work purposes` |
+| `devFirstConnection`   | Timestamp of the device's first connection. | `2025-03-22 12:07:26+11:00` |
+| `devLastConnection`    | Timestamp of the device's last connection. | `2025-03-22 12:07:26+11:00` |
+| `devLastIP`            | Last known IP address of the device. | `192.168.1.5` |
+| `devStaticIP`          | Whether the device has a static IP address. | `0` |
+| `devScan`              | Whether the device should be scanned. | `1` |
+| `devLogEvents`         | Whether events related to the device should be logged. | `0` |
+| `devAlertEvents`       | Whether alerts should be generated for events. | `1` |
+| `devAlertDown`         | Whether an alert should be sent when the device goes down. | `0` |
+| `devSkipRepeated`      | Whether to skip repeated alerts for this device. | `1` |
+| `devLastNotification`  | Timestamp of the last notification sent for this device. | `2025-03-22 12:07:26+11:00` |
+| `devPresentLastScan`   | Whether the device was present during the last scan. | `1` |
+| `devIsNew`             | Whether the device is marked as new. | `0` |
+| `devLocation`          | Physical or logical location of the device. | `Living Room` |
+| `devIsArchived`        | Whether the device is archived. | `0` |
+| `devParentMAC`         | MAC address of the parent device (if applicable) to build the [Network Tree](./NETWORK_TREE.md). | `00:1A:2B:3C:4D:5F` |
+| `devParentPort`        | Port of the parent device to which this device is connected. | `Port 3` |
+| `devIcon`              | [Icon](./ICONS.md) representing the device. The value is a base64-encoded SVG or Font Awesome HTML tag. | `PHN2ZyB...` |
+| `devGUID`              | Unique identifier for the device. | `a2f4b5d6-7a8c-9d10-11e1-f12345678901` |
+| `devSite`              | Site or location where the device is registered. | `Office` |
+| `devSSID`              | SSID of the Wi-Fi network the device is connected to. | `HomeNetwork` |
+| `devSyncHubNode`       | The NetAlertX node ID used for synchronization between NetAlertX instances. | `node_1` |
+| `devSourcePlugin`      | Source plugin that discovered the device. | `ARPSCAN` |
+| `devCustomProps`       | [Custom properties](./CUSTOM_PROPERTIES.md) related to the device. The value is a base64-encoded JSON object. | `PHN2ZyB...` |
+| `devFQDN`              | Fully qualified domain name. | `raspberrypi.local` |
+| `devParentRelType`     | The type of relationship between the current device and it's parent node. By default, selecting `nic` will hide it from lists. | `nic` |
+| `devReqNicsOnline`     | If all NICs are required to be online to mark teh current device online. | `0` |
+
+
+To understand how values of these fields influuence application behavior, such as Notifications or Network topology, see also: 
+
+- [Device Management](./DEVICE_MANAGEMENT.md)
+- [Network Tree Topology Setup](./NETWORK_TREE.md)
+- [Notifications](./NOTIFICATIONS.md)
+
+
+## Other Tables overview
  
  | Table name | Description  | Sample data |
  |----------------------|----------------------| ----------------------| 
@@ -23,15 +68,15 @@



-  [screen1]: /docs/img/DATABASE/CurrentScan.png
-  [screen2]: /docs/img/DATABASE/Devices.png
-  [screen4]: /docs/img/DATABASE/Events.png  
-  [screen6]: /docs/img/DATABASE/Online_History.png
-  [screen7]: /docs/img/DATABASE/Parameters.png
-  [screen10]: /docs/img/DATABASE/Plugins_Events.png
-  [screen11]: /docs/img/DATABASE/Plugins_History.png
-  [screen12]: /docs/img/DATABASE/Plugins_Language_Strings.png
-  [screen13]: /docs/img/DATABASE/Plugins_Objects.png  
-  [screen15]: /docs/img/DATABASE/Sessions.png
-  [screen16]: /docs/img/DATABASE/Settings.png
+  [screen1]: ./img/DATABASE/CurrentScan.png
+  [screen2]: ./img/DATABASE/Devices.png
+  [screen4]: ./img/DATABASE/Events.png  
+  [screen6]: ./img/DATABASE/Online_History.png
+  [screen7]: ./img/DATABASE/Parameters.png
+  [screen10]: ./img/DATABASE/Plugins_Events.png
+  [screen11]: ./img/DATABASE/Plugins_History.png
+  [screen12]: ./img/DATABASE/Plugins_Language_Strings.png
+  [screen13]: ./img/DATABASE/Plugins_Objects.png  
+  [screen15]: ./img/DATABASE/Sessions.png
+  [screen16]: ./img/DATABASE/Settings.png

--- a/docs/DEBUG_GRAPHQL.md
+++ b/docs/DEBUG_GRAPHQL.md
@@ -0,0 +1,64 @@
+# Debugging GraphQL server issues
+
+The GraphQL server is an API middle layer, running on it's own port specified by `GRAPHQL_PORT`, to retrieve and show the data in the UI. It can also be used to retrieve data for custom third party integarions. Check the [API documentation](./API.md) for details. 
+
+The most common issue is that the GraphQL server doesn't start properly, usually due to a **port conflict**. If you are running multiple NetAlertX instances, make sure to use **unique ports** by changing the `GRAPHQL_PORT` setting. The default is `20212`.
+
+## How to update the `GRAPHQL_PORT` in case of issues
+
+As a first troubleshooting step try changing the default `GRAPHQL_PORT` setting. Please remember NetAlertX is running on the host so any application uising the same port will cause issues.  
+
+### Updating the setting via the Settings UI
+
+Ideally use the Settings UI to update the setting under General -> Core -> GraphQL port:
+
+![GrapQL settings](./img/DEBUG_GRAPHQL/graphql_settings_port_token.png)
+
+You might need to temporarily stop other applications or NetAlertX instances causing conflicts to update the setting. The `API_TOKEN` is used to authenticate any API calls, including GraphQL requests. 
+
+### Updating the `app.conf` file
+
+If the UI is not accessible, you can directly edit the `app.conf` file in your `/config` folder:
+
+![Editing app.conf](./img/DEBUG_GRAPHQL/app_conf_graphql_port.png)
+
+### Using a docker variable
+
+All application settings can also be initialized via the `APP_CONF_OVERRIDE` docker env variable. 
+
+```yaml
+...
+ environment:
+      - TZ=Europe/Berlin      
+      - PORT=20213
+      - APP_CONF_OVERRIDE={"GRAPHQL_PORT":"20214"}
+...
+```
+
+## How to check the GraphQL server is running?
+
+There are several ways to check if the GraphQL server is running.
+
+### Init Check
+
+You can navigate to Maintenance -> Init Check to see if `isGraphQLServerRunning` is ticked:
+
+![Init Check](./img/DEBUG_GRAPHQL/Init_check.png)
+
+### Checking the Logs
+
+You can navigate to Maintenance -> Logs and search for `graphql` to see if it started correctly and serving requests:
+
+![GraphQL Logs](./img/DEBUG_GRAPHQL/graphql_running_logs.png)
+
+### Inspecting the Browser console
+
+In your browser open the dev console (usually F12) and navigate to the Network tab where you can filter GraphQL requests (e.g., reload the Devices page).
+
+![Browser Network Tab](./img/DEBUG_GRAPHQL/network_graphql.png)
+
+You can then inspect any of the POST requests by opening them in a new tab.
+
+![Browser GraphQL Json](./img/DEBUG_GRAPHQL/dev_console_graphql_json.png)
+
+
--- a/docs/DEBUG_INVALID_JSON.md
+++ b/docs/DEBUG_INVALID_JSON.md
@@ -10,7 +10,7 @@ Check the the HTTP response of the failing backend call by following these steps
 - Copy the URL causing the error and enter it in the address bar of your browser directly and hit enter. The copied URLs could look something like this (notice the query strings at the end):
  - `http://<NetAlertX URL>:20211/api/table_devices.json?nocache=1704141103121`
  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesTotals`
-  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesList&status=all`  
+

 - Post the error response in the existing issue thread on GitHub or create a new issue and include the redacted response of the failing query.

--- a/docs/DEBUG_PHP.md
+++ b/docs/DEBUG_PHP.md
@@ -0,0 +1,34 @@
+# Debugging backend PHP issues
+
+## Logs in UI
+
+![Logs UI](./img/DEBUG/maintenance_debug_php.png)
+
+You can view recent backend PHP errors directly in the **Maintenance > Logs** section of the UI. This provides quick access to logs without needing terminal access.
+
+## Accessing logs directly
+
+Sometimes, the UI might not be accessible. In that case, you can access the logs directly inside the container.
+
+### Step-by-step:
+
+1. **Open a shell into the container:**
+
+   ```bash
+   docker exec -it netalertx /bin/sh
+   ```
+
+2. **Check the NGINX error log:**
+
+   ```bash
+   cat /var/log/nginx/error.log
+   ```
+
+3. **Check the PHP application error log:**
+
+   ```bash
+   cat /app/log/app.php_errors.log
+   ```
+
+These logs will help identify syntax issues, fatal errors, or startup problems when the UI fails to load properly.
+
--- a/docs/DEBUG_PLUGINS.md
+++ b/docs/DEBUG_PLUGINS.md
@@ -2,14 +2,14 @@

 ## High-level overview

-If a Plugin supplies data to the main app it's doine either vie a SQL query or via a script that updates the `last_result.log` file in the plugin folder (`front/plugins/<plugin>`).
+If a Plugin supplies data to the main app it's done either vie a SQL query or via a script that updates the `last_result.log` file in the plugin log folder (`app/log/plugins/`).

-For a more in-depth overview on how plugins work check the [Plugins development docs](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md).
+For a more in-depth overview on how plugins work check the [Plugins development docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md).

 ### Prerequisites

 - Make sure you read and followed the specific plugin setup instructions.
- Ensure you have [debug enabled (see More Logging)](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#1-more-logging-) 
+- Ensure you have [debug enabled (see More Logging)](./DEBUG_TIPS.md) 

 ### Potential issues

@@ -75,7 +75,7 @@ In the above output notice the section logging how many events are produced by t

 These values, if formatted correctly, will also show up in the UI:

-![Plugins table](/docs/img/DEBUG_PLUGINS/plugin_objects_pihole.png)
+![Plugins table](./img/DEBUG_PLUGINS/plugin_objects_pihole.png)


 ### Sharing application state
--- a/docs/DEBUG_TIPS.md
+++ b/docs/DEBUG_TIPS.md
@@ -2,14 +2,13 @@

 Please follow tips 1 - 4 to get a more detailed error. 

-## 1. More Logging 📃
+## 1. More Logging 

 When debugging an issue always set the highest log level:

 `LOG_LEVEL='trace'`

-
-## 2. Surfacing errors when container restarts 🔁
+## 2. Surfacing errors when container restarts 

 Start the container via the **terminal** with a command similar to this one:

@@ -19,23 +18,23 @@ docker run --rm --network=host \
  -v local/path/netalertx/db:/app/db \
  -e TZ=Europe/Berlin \
  -e PORT=20211 \
-  jokobsk/netalertx:latest
+  ghcr.io/jokob-sk/netalertx:latest

 ```

 > ⚠ Please note, don't use the `-d` parameter so you see the error when the container crashes. Use this error in your issue description.

-## 3. Check the _dev image and open issues ❓
+## 3. Check the _dev image and open issues 

 If possible, check if your issue got fixed in the `_dev` image before opening a new issue. The container is:

-`jokobsk/netalertx-dev:latest`
+`ghcr.io/jokob-sk/netalertx-dev:latest`

 > ⚠ Please backup your DB and config beforehand!

 Please also search [open issues](https://github.com/jokob-sk/NetAlertX/issues).

-## 4. Disable restart behavior 🛑
+## 4. Disable restart behavior 

 To prevent a Docker container from automatically restarting in a Docker Compose file, specify the restart policy as `no`:

@@ -60,39 +59,6 @@ Sometimes specific log sections are needed to debug issues. The Devices and Curr
 5. Open a new issue and post (redacted) output into the issue description (or send to the netalertx@gmail.com email if sensitive data present).
 6. Please set `LOG_LEVEL` to `debug` or lower.

-## 📃Common issues
+## Common issues

-### Permissions
-
-* If facing issues (AJAX errors, can't write to DB, empty screen, etc,) make sure permissions are set correctly, and check the logs under `/app/log`. 
-* To solve permission issues you can try setting the owner and group of the `app.db` by executing the following on the host system: `docker exec netalertx chown -R www-data:www-data /app/db/app.db`. 
-* If still facing issues, try to map the app.db file (⚠ not folder) to `:/app/db/app.db` (see [docker-compose Examples](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#-docker-composeyml-examples) for details)
-
-### Container restarts / crashes
-
-* Check the logs for details. Often a required setting for a notification method is missing. 
-
-### unable to resolve host
-
-* Check that your `SCAN_SUBNETS` variable is using the correct mask and `--interface`. See teh [subnets docs for details](/docs/SUBNETS.md).  
-
-### Invalid JSON
-
-Check the [Invalid JSON errors debug help](/docs/DEBUG_INVALID_JSON.md) docs on how to proceed.
-
-### sudo execution failing (e.g.: on arpscan) on a Raspberry Pi 4 
-
-> sudo: unexpected child termination condition: 0
-
-Resolution based on [this issue](https://github.com/linuxserver/docker-papermerge/issues/4#issuecomment-1003657581)
-
-```
-wget ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.3-2_armhf.deb
-sudo dpkg -i libseccomp2_2.5.3-2_armhf.deb
-```
-
-The link above will probably break in time too. Go to https://packages.debian.org/sid/armhf/libseccomp2/download to find the new version number and put that in the url.
-
-### Only Router and own device show up
-
-Make sure that the subnet and interface in `SCAN_SUBNETS` are correct. If your device/NAS has multiple ethernet ports, you probably need to change `eth0` to something else.
+See [Common issues](./COMMON_ISSUES.md) for details. 
--- a/docs/DEVICES_BULK_EDITING.md
+++ b/docs/DEVICES_BULK_EDITING.md
@@ -1,14 +1,20 @@
-# 🖊 Multi-editing via the UI
+# Editing multiple devices at once
+
+NetAlertX allows you to mass-edit devices via a CSV export and import feature, or directly in the UI.
+
+## UI multi edit

 > [!NOTE] 
-> Make sure you have your backups saved and restorable before doing any mass edits. Check [Backup strategies](/docs/BACKUPS.md). 
+> Make sure you have your backups saved and restorable before doing any mass edits. Check [Backup strategies](./BACKUPS.md). 

 You can select devices in the _Devices_ view by selecting devices to edit and then clicking the _Multi-edit_ button or via the _Maintenance_ > _Multi-Edit_ section.

-![Maintenance > Multi-edit](/docs/img/DEVICES_BULK_EDITING/MULTI-EDIT.gif)
+![Maintenance > Multi-edit](./img/DEVICES_BULK_EDITING/MULTI-EDIT.gif)


-# 📝Bulk-edit devices via CSV Export/Import
+## CSV bulk edit
+
+The database and device structure may change with new releases. When using the CSV import functionality, ensure the format matches what the application expects. To avoid issues, you can first export the devices and review the column formats before importing any custom data.

 > [!NOTE] 
 > As always, backup everything, just in case.
@@ -17,17 +23,19 @@ You can select devices in the _Devices_ view by selecting devices to edit and th
 2. A `devices.csv` is generated in the `/config` folder
 3. Edit the `devices.csv` file however you like. 

-![Maintenance > CSV Export](/docs/img/DEVICES_BULK_EDITING/MAINTENANCE_CSV_EXPORT.png)
+![Maintenance > CSV Export](./img/DEVICES_BULK_EDITING/MAINTENANCE_CSV_EXPORT.png)

 > [!NOTE] 
 > The file containing a list of Devices including the Network relationships between Network Nodes and connected devices. You can also trigger this by acessing this URL: `<your netalertx url>/php/server/devices.php?action=ExportCSV` or via the `CSV Backup` plugin. (💡 You can schedule this)

-![Settings > CSV Backup](/docs/img/DEVICES_BULK_EDITING/CSV_BACKUP_SETTINGS.png)
+![Settings > CSV Backup](./img/DEVICES_BULK_EDITING/CSV_BACKUP_SETTINGS.png)
+
+### File encoding format

 > [!NOTE] 
 > Keep Linux line endings (suggested editors: Nano, Notepad++)

-![Nodepad++ line endings](/docs/img/DEVICES_BULK_EDITING/NOTEPAD++.png)
+![Nodepad++ line endings](./img/DEVICES_BULK_EDITING/NOTEPAD++.png)



--- a/docs/DEVICE_DISPLAY_SETTINGS.md
+++ b/docs/DEVICE_DISPLAY_SETTINGS.md
@@ -3,4 +3,18 @@
 This set of settings allows you to group Devices under different views. The Archived toggle allows you to exclude a Device from most listings and notifications. 


-![Display settings](/docs/img/DEVICE_MANAGEMENT/DeviceDetails_DisplaySettings.png)
+![Display settings](./img/DEVICE_MANAGEMENT/DeviceDetails_DisplaySettings.png)
+
+
+## Status Colors
+
+![Sattus colors](./img/DEVICE_MANAGEMENT/device_management_status_colors.png)
+
+1. 🔌 Online (Green) = A device that is no longer marked as a "New Device".
+2. 🔌 New (Green) = A newly discovered device that is online and is still marked as a "New Device".
+3. ✖ New (Grey) = Same as No.2 but device is now offline.
+4. ✖ Offline (Grey) = A device that was not detected online in the last scan. 
+5. ⚠ Down (Red) = A device that has "Alert Down" marked and has been offline for the time set in the Setting `NTFPRCS_alert_down_time`. 
+
+
+See also [Notification guide](./NOTIFICATIONS.md).
--- a/docs/DEVICE_HEURISTICS.md
+++ b/docs/DEVICE_HEURISTICS.md
@@ -0,0 +1,114 @@
+# Device Heuristics: Icon and Type Guessing
+
+This module is responsible for inferring the most likely **device type** and **icon** based on minimal identifying data like MAC address, vendor, IP, or device name.
+
+It does this using a set of heuristics defined in an external JSON rules file, which it evaluates **in priority order**.
+
+>[!NOTE]
+> You can find the full source code of the heuristics module in the `device_heuristics.py` file.  
+
+---
+
+## JSON Rule Format
+
+Rules are defined in a file called `device_heuristics_rules.json` (located under `/back`), structured like:
+
+```json
+[
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-brands fa-apple\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001A79", "vendor": "Apple" }
+    ],
+    "name_pattern": ["iphone", "pixel"]
+  }
+]
+```
+
+>[!NOTE]
+> Feel free to raise a PR in case you'd like to add any rules into the `device_heuristics_rules.json` file. Please place new rules into the correct position and consider the priority of already available rules.
+
+### Supported fields:
+
+| Field              | Type                 | Description                                                     |
+| ------------------ | -------------------- | --------------------------------------------------------------- |
+| `dev_type`         | `string`             | Type to assign if rule matches (e.g. `"Gateway"`, `"Phone"`)    |
+| `icon_html`        | `string`             | Icon (HTML string) to assign if rule matches. Encoded to base64 at load time. |
+| `matching_pattern` | `array`              | List of `{ mac_prefix, vendor }` objects for first strict and then loose matching    |
+| `name_pattern`     | `array` *(optional)* | List of lowercase substrings (used with regex)                  |
+| `ip_pattern`       | `array` *(optional)* | Regex patterns to match IPs                                     |
+
+**Order in this array defines priority** — rules are checked top-down and short-circuit on first match.
+
+---
+
+## Matching Flow (in Priority Order)
+
+The function `guess_device_attributes(...)` runs a series of matching functions in strict order:
+
+1. MAC + Vendor → `match_mac_and_vendor()`
+2. Vendor only → `match_vendor()`
+3. Name pattern → `match_name()`
+4. IP pattern → `match_ip()`
+5. Final fallback → defaults defined in the `NEWDEV_devIcon` and `NEWDEV_devType` settings.
+
+> [!NOTE]
+> The app will try guessing the device type or icon if `devType` or `devIcon` are `""` or `"null"`.
+
+### Use of default values
+
+The guessing process runs for every device **as long as the current type or icon still matches the default values**. Even if earlier heuristics return a match, the system continues evaluating additional clues — like name or IP — to try and replace placeholders.
+
+```python
+# Still considered a match attempt if current values are defaults
+if (not type_ or type_ == default_type) or (not icon or icon == default_icon):
+    type_, icon = match_ip(ip, default_type, default_icon)
+```
+
+In other words: if the type or icon is still `"unknown"` (or matches the default), the system assumes the match isn’t final — and keeps looking. It stops only when both values are non-default (defaults are defined in the `NEWDEV_devIcon` and `NEWDEV_devType` settings).
+
+---
+
+## Match Behavior (per function)
+
+These functions are executed in the following order:
+
+### `match_mac_and_vendor(mac_clean, vendor, ...)`
+
+* Looks for MAC prefix **and** vendor substring match
+* Most precise
+* Stops as soon as a match is found
+
+### `match_vendor(vendor, ...)`
+
+* Falls back to substring match on vendor only
+* Ignores rules where `mac_prefix` is present (ensures this is really a fallback)
+
+### `match_name(name, ...)`
+
+* Lowercase name is compared against all `name_pattern` values using regex
+* Good for user-assigned labels (e.g. "AP Office", "iPhone")
+
+### `match_ip(ip, ...)`
+
+* If IP is present and matches regex patterns under any rule, it returns that type/icon
+* Usually used for gateways or local IP ranges
+
+---
+
+## Icons
+
+* Each rule can define an `icon_html`, which is converted to a `icon_base64` on load
+* If missing, it falls back to the passed-in `default_icon` (`NEWDEV_devIcon` setting)
+* If a match is found but icon is still blank, default is used
+
+**TL;DR:** Type and icon must both be matched. If only one is matched, the other falls back to the default.
+
+---
+
+## Priority Mechanics
+
+* JSON rules are evaluated **top-to-bottom**
+* Matching is **first-hit wins** — no scoring, no weights
+* Rules that are more specific (e.g. exact MAC prefixes) should be listed earlier
--- a/docs/DEVICE_MANAGEMENT.md
+++ b/docs/DEVICE_MANAGEMENT.md
@@ -4,20 +4,20 @@ The Main Info section is where most of the device identifiable information is st

 > [!NOTE] 
 >
-> You can multi-edit devices by selecting them in the main Devices view, from the Mainetence section, or via the CSV Export functionality under Maintenance. More info can be found in the [Devices Bulk-editing docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md).
+> You can multi-edit devices by selecting them in the main Devices view, from the Mainetence section, or via the CSV Export functionality under Maintenance. More info can be found in the [Devices Bulk-editing docs](./DEVICES_BULK_EDITING.md).


- ![Main Info](/docs/img/DEVICE_MANAGEMENT/DeviceManagement_MainInfo.png)
+ ![Main Info](./img/DEVICE_MANAGEMENT/DeviceManagement_MainInfo.png)

 ## Main Info

  - **MAC**: MAC addres of the device. Not editable, unless creating a new dummy device.
  - **Last IP**: IP addres of the device. Not editable, unless creating a new dummy device.
-  - **Name**: Friendly device name. Autodetected via various 🆎 Name discovery [plugins](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md). The app attaches `(IP match)` if the name is discovered via an IP match and not MAC match which could mean the name could be incorrect as IPs might change.
-  - **Icon**: Partially autodetected. Select an existing or [add a custom icon](https://github.com/jokob-sk/NetAlertX/blob/main/docs/ICONS.md). You can also auto-apply the same icon on all devices of the same type. 
+  - **Name**: Friendly device name. Autodetected via various 🆎 Name discovery [plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md). The app attaches `(IP match)` if the name is discovered via an IP match and not MAC match which could mean the name could be incorrect as IPs might change.
+  - **Icon**: Partially autodetected. Select an existing or [add a custom icon](./ICONS.md). You can also auto-apply the same icon on all devices of the same type. 
  - **Owner**: Device owner (The list is self-populated with existing owners and you can add custom values).
  - **Type**: Select a device type from the dropdown list (`Smartphone`, `Tablet`,
-      `Laptop`, `TV`, `router`, etc.) or add a new device type. If you want the device to act as a **Network device** (and be able to be a network node in the Network view), select a type under Network Devices or add a new Network Device type in Settings. More information can be found in the [Network Setup docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/NETWORK_TREE.md). 
+      `Laptop`, `TV`, `router`, etc.) or add a new device type. If you want the device to act as a **Network device** (and be able to be a network node in the Network view), select a type under Network Devices or add a new Network Device type in Settings. More information can be found in the [Network Setup docs](./NETWORK_TREE.md). 
  - **Vendor**: The manufacturing vendor. Automatically updated by NetAlertX when empty or unknown, can be edited.
  - **Group**: Select a group (`Always on`, `Personal`, `Friends`, etc.) or type
      your own Group name.
@@ -32,11 +32,11 @@ The Main Info section is where most of the device identifiable information is st

 You can create dummy devices from the Devices listing screen. 

-![Create Dummy Device](/docs/img/DEVICE_MANAGEMENT/Devices_CreateDummyDevice.png)
+![Create Dummy Device](./img/DEVICE_MANAGEMENT/Devices_CreateDummyDevice.png)

 The **MAC** field and the **Last IP** field will then become editable.

-![Save Dummy Device](/docs/img/DEVICE_MANAGEMENT/DeviceEdit_SaveDummyDevice.png)
+![Save Dummy Device](./img/DEVICE_MANAGEMENT/DeviceEdit_SaveDummyDevice.png)


 > [!NOTE] 
--- a/docs/DEV_DEVCONTAINER.md
+++ b/docs/DEV_DEVCONTAINER.md
@@ -0,0 +1,63 @@
+# Devcontainer for NetAlertX Guide
+
+This devcontainer is designed to mirror the production container environment as closely as possible, while providing a rich set of tools for development.
+
+## How to Get Started
+
+1.  **Prerequisites:**
+    * A working **Docker installation** that can be managed by your user. This can be [Docker Desktop](https://www.docker.com/products/docker-desktop/) or Docker Engine installed via other methods (like the official [get-docker script](https://get.docker.com)).
+    * [Visual Studio Code](https://code.visualstudio.com/) installed.
+    * The [VS Code Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) installed.
+
+2.  **Launch the Devcontainer:**
+    * Clone this repository.
+    * Open the repository folder in VS Code.
+    * A notification will pop up in the bottom-right corner asking to **"Reopen in Container"**. Click it.
+    * VS Code will now build the Docker image and connect your editor to the container. Your terminal, debugger, and all tools will now be running inside this isolated environment.
+
+## Key Workflows & Features
+
+Once you're inside the container, everything is set up for you.
+
+### 1. Services (Frontend & Backend)
+
+![Services](./img/DEV/devcontainer_1.png)
+
+The container's startup script (`.devcontainer/scripts/setup.sh`) automatically starts the Nginx/PHP frontend and the Python backend. You can restart them at any time using the built-in tasks.
+
+### 2. Integrated Debugging (Just Press F5!)
+
+![Debugging](./img/DEV/devcontainer_2.png)
+
+Debugging for both the Python backend and PHP frontend is pre-configured and ready to go.
+
+* **Python Backend (debugpy):** The backend automatically starts with a debugger attached on port `5678`. Simply open a Python file (e.g., `server/__main__.py`), set a breakpoint, and press **F5** (or select "Python Backend Debug: Attach") to connect the debugger.
+* **PHP Frontend (Xdebug):** Xdebug listens on port `9003`. In VS Code, start listening for Xdebug connections and use a browser extension (like "Xdebug helper") to start a debugging session for the web UI.
+
+### 3. Common Tasks (F1 -> Run Task)
+
+![Common tasks](./img/DEV/devcontainer_3.png)
+
+We've created several VS Code Tasks to simplify common operations. Access them by pressing `F1` and typing "Tasks: Run Task".
+
+* `Generate Dockerfile`: **This is important.** The actual `.devcontainer/Dockerfile` is auto-generated. If you need to change the container environment, edit `.devcontainer/resources/devcontainer-Dockerfile` and then run this task.
+* `Re-Run Startup Script`: Manually re-runs the `.devcontainer/scripts/setup.sh` script to re-link files and restart services.
+* `Start Backend (Python)` / `Start Frontend (nginx and PHP-FPM)`: Manually restart the services if needed.
+
+### 4. Running Tests
+
+![Running tests](./img/DEV/devcontainer_4.png)
+
+The environment includes `pytest`. You can run tests directly from the VS Code Test Explorer UI or by running `pytest -q` in the integrated terminal. The necessary `PYTHONPATH` is already configured so that tests can correctly import the server modules.
+
+## How to Maintain This Devcontainer
+
+The setup is designed to be easy to manage. Here are the core principles:
+
+* **Don't Edit `Dockerfile` Directly:** The main `.devcontainer/Dockerfile` is a combination of the project's root `Dockerfile` and a special dev-only stage. To add new tools or dependencies, **edit `.devcontainer/resources/devcontainer-Dockerfile`** and then run the `Generate Dockerfile` task.
+* **Build-Time vs. Run-Time Setup:**
+    * For changes that can be baked into the image (like installing a new package with `apk add`), add them to the resource Dockerfile.
+    * For changes that must happen when the container *starts* (like creating symlinks, setting permissions, or starting services), use `.devcontainer/scripts/setup.sh`.
+* **Project Conventions:** The `.github/copilot-instructions.md` file is an excellent resource to help AI and humans understand the project's architecture, conventions, and how to use existing helper functions instead of hardcoding values.
+
+This setup provides a powerful and consistent foundation for all current and future contributors to NetAlertX.
--- a/docs/DEV_ENV_SETUP.md
+++ b/docs/DEV_ENV_SETUP.md
@@ -1,14 +1,51 @@
-## Development environment set up
+# Development Environment Setup
+
+I truly appreciate all contributions! To help keep this project maintainable, this guide provides an overview of project priorities, key design considerations, and overall philosophy. It also includes instructions for setting up your environment so you can start contributing right away.
+
+## Development Guidelines
+
+Before starting development, please review the following guidelines.
+
+### Priority Order (Highest to Lowest)
+
+1. 🔼 Fixing core bugs that lack workarounds  
+2. 🔵 Adding core functionality that unlocks other features (e.g., plugins)  
+3. 🔵 Refactoring to enable faster development  
+4. 🔽 UI improvements (PRs welcome, but low priority)  
+
+### Design Philosophy
+
+The application architecture is designed for extensibility and maintainability. It relies heavily on configuration manifests via plugins and settings to dynamically build the UI and populate the application with data from various sources.  
+
+For details, see:  
+- [Plugins Development](PLUGINS_DEV.md) (includes video)  
+- [Settings System](SETTINGS_SYSTEM.md)  
+
+Focus on **core functionality** and integrate with existing tools rather than reinventing the wheel.  
+
+Examples:  
+- Using **Apprise** for notifications instead of implementing multiple separate gateways  
+- Implementing **regex-based validation** instead of one-off validation for each setting  
+
+> [!NOTE]  
+> UI changes have lower priority. PRs are welcome, but please keep them **small and focused**.
+
+## Development Environment Set Up
+
+>[!TIP]
+> There is also a ready to use [devcontainer](DEV_DEVCONTAINER.md) available.
+
+The following steps will guide you to set up your environment for local development and to run a custom docker build on your system. For most changes the container doesn't need to be rebuild which speeds up the development significantly.

 >[!NOTE]
 > Replace `/development` with the path where your code files will be stored. The default container name is `netalertx` so there might be a conflict with your running containers.

-## 1. Download the code:
+### 1. Download the code:

 - `mkdir /development`
 - `cd /development && git clone https://github.com/jokob-sk/NetAlertX.git`

-## 2. Create a DEV .env_dev file
+### 2. Create a DEV .env_dev file

 `touch /development/.env_dev && sudo nano /development/.env_dev`

@@ -22,10 +59,12 @@ TZ=Europe/Berlin
 PORT=22222    # make sure this port is unique on your whole network
 DEV_LOCATION=/development/NetAlertX
 APP_DATA_LOCATION=/volume/docker_appdata
+# Make sure your GRAPHQL_PORT setting has a port that is unique on your whole host network
+APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22223"} 
 # ALWAYS_FRESH_INSTALL=true # uncommenting this will always delete the content of /config and /db dirs on boot to simulate a fresh install
 ```

-## 3. Create /db and /config dirs 
+### 3. Create /db and /config dirs 

 Create a folder `netalertx` in the `APP_DATA_LOCATION` (in this example in `/volume/docker_appdata`) with 2 subfolders `db` and `config`. 

@@ -33,7 +72,7 @@ Create a folder `netalertx` in the `APP_DATA_LOCATION` (in this example in `/vol
 - `mkdir /volume/docker_appdata/netalertx/db`
 - `mkdir /volume/docker_appdata/netalertx/config`

-## 4. Run the container
+### 4. Run the container

 - `cd /development/NetAlertX &&  sudo docker-compose --env-file ../.env_dev `

@@ -42,7 +81,7 @@ You can then modify the python script without restarting/rebuilding the containe
 ![image](https://github.com/jokob-sk/NetAlertX/assets/96159884/3cbf2748-03c8-49e7-b801-f38c7755246b)


-## 💡 Tips
+## Tips

 A quick cheat sheet of useful commands. 

@@ -54,17 +93,45 @@ A command to stop, remove the container and the image (replace `netalertx` and `

 ### Restart the server backend

-Most code changes can be tetsed without rebuilding the container. When working on the python server backend, you only need to restart the server.
+Most code changes can be tested without rebuilding the container. When working on the python server backend, you only need to restart the server.

-1. You can usually restart the backend via Maintenance > Logs > Restart server
+1. You can usually restart the backend via _Maintenance > Logs > Restart_ server

-![image](/docs/img/DEV_ENV_SETUP/Maintenance_Logs_Restart_server.png)
+![image](./img/DEV/Maintenance_Logs_Restart_server.png)

 2. If above doesn't work, SSH into the container and kill & restart the main script loop 

 - `sudo docker exec -it netalertx /bin/bash`
 - `pkill -f "python /app/server" && python /app/server & `

-3. If none of the above work, restart the docker image. This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. 
+3. If none of the above work, restart the docker container. 

+- This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. 

+## Contributing & Pull Requests
+
+### Before submitting a PR, please ensure:
+
+✔ Changes are **backward-compatible** with existing installs.  
+✔ No unnecessary changes are made.  
+✔ New features are **reusable**, not narrowly scoped.  
+✔ Features are implemented via **plugins** if possible.  
+
+### Mandatory Test Cases
+
+- Fresh install (no DB/config).
+- Existing DB/config compatibility.
+- Notification testing:
+
+    - Email  
+    - Apprise (e.g., Telegram)  
+    - Webhook (e.g., Discord)  
+    - MQTT (e.g., Home Assistant)  
+
+- Updating Settings and their persistence.
+- Updating a Device
+- Plugin functionality.
+- Error log inspection.
+
+> [!NOTE]  
+> Always run all available tests as per the [Testing documentation](API_TESTS.md).
--- a/docs/DOCKER_COMPOSE.md
+++ b/docs/DOCKER_COMPOSE.md
@@ -1,5 +1,8 @@
 # `docker-compose.yaml` Examples

+> [!NOTE] 
+> The container needs to run in `network_mode:"host"`. This also means that not all functionality is supported on a Windows host as Docker for Windows doesn't support this networking option. 
+
 ### Example 1

 ```yaml
@@ -7,8 +10,8 @@ services:
  netalertx:
    container_name: netalertx
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: "jokobsk/netalertx:latest"      
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
    network_mode: "host"        
    restart: unless-stopped
    volumes:
@@ -33,13 +36,14 @@ To run the container execute: `sudo docker-compose up -d`
 Example by [SeimuS](https://github.com/SeimusS).

 ```yaml
+services:
  netalertx:
    container_name: NetAlertX
    hostname: NetAlertX
    privileged: true
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: jokobsk/netalertx:latest
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: ghcr.io/jokob-sk/netalertx:latest
    environment:
      - TZ=Europe/Bratislava
    restart: always
@@ -60,12 +64,12 @@ services:
  netalertx:
    container_name: netalertx
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: "jokobsk/netalertx:latest"      
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
    network_mode: "host"        
    restart: unless-stopped
    volumes:
-      - ${APP_DATA_LOCATION}/netalertx/config:/app/config
+      - ${APP_CONFIG_LOCATION}/netalertx/config:/app/config
      - ${APP_DATA_LOCATION}/netalertx/db/:/app/db/      
      # (optional) useful for debugging if you have issues setting up the container
      - ${LOGS_LOCATION}:/app/log
@@ -100,29 +104,100 @@ DEV_LOCATION=/path/to/local/source/code

 To run the container execute: `sudo docker-compose --env-file /path/to/.env up`

-### Example 4

-Courtesy of [pbek](https://github.com/pbek). The volume `netalertx_db` is used by the db directory. The two config files are mounted directly from a local folder to their places in the config folder. You can backup the `docker-compose.yaml` folder and the docker volumes folder.
+### Example 4: Docker swarm
+
+Notice how the host network is defined in a swarm setup:

 ```yaml
+services:
  netalertx:
-    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: jokobsk/netalertx
-    ports:
-      - "80:20211/tcp"
+    # Use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest"
+    image: "ghcr.io/jokob-sk/netalertx:latest"
+    volumes:
+      - /mnt/MYSERVER/netalertx/config:/config:rw
+      - /mnt/MYSERVER/netalertx/db:/netalertx/db:rw
+      - /mnt/MYSERVER/netalertx/logs:/netalertx/front/log:rw
    environment:
-      - TZ=Europe/Vienna
+      - TZ=Europe/London
+      - PORT=20211
    networks:
-      local:
-        ipv4_address: 192.168.1.2
+      - outside
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+
+networks:
+  outside:
+    external:
+      name: "host"
+
+
+```
+
+### Example 5: same as 3 but with a top-level root directory; also works in Portainer as-is
+
+`docker-compose.yml` 
+
+```yaml
+services:
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image instead of the stable release
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
+
+    network_mode: "host"        
    restart: unless-stopped
    volumes:
-      - netalertx_db:/app/db
-      - ./netalertx/:/app/config/      
-      # (API: OPTION 1) use for performance
+      - ${APP_FOLDER}/netalertx/config:/app/config
+      - ${APP_FOLDER}/netalertx/db:/app/db     
+      # (optional) useful for debugging if you have issues setting up the container
+      - ${APP_FOLDER}/netalertx/log:/app/log
+      # (API: OPTION 1) default -> use for performance
      - type: tmpfs
        target: /app/api
      # (API: OPTION 2) use when debugging issues 
-      # -  local/path/api:/app/api
-```
+      # -  ${APP_FOLDER}/netalertx/api:/app/api
+    environment:
+
+      - TZ=${TZ}
+      - PORT=${PORT}
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - LISTEN_ADDR=${LISTEN_ADDR}
+```
+
+`.env` file
+
+```yaml
+APP_FOLDER=/path/to/local/NetAlertX/location
+
+#ENVIRONMENT VARIABLES
+
+PUID=200
+PGID=300
+
+TZ=America/New_York
+LISTEN_ADDR=0.0.0.0
+PORT=20211
+#GLOBAL PATH VARIABLE
+
+# you may want to create a dedicated user and group to run the container with 
+# sudo groupadd -g 300 nax-g 
+# sudo useradd -u 200 -g 300 nax-u
+# mkdir -p $APP_FOLDER/{db,config,log} 
+# chown -R 200:300 $APP_FOLDER
+# chmod -R 775 $APP_FOLDER
+
+# DEVELOPMENT VARIABLES
+# you can create  multiple env files called .env.dev1, .env.dev2 etc and use them by running:
+# docker compose --env-file .env.dev1 up -d
+# you can then clone  multiple dev copies of NetAlertX just make sure to change the APP_FOLDER and PORT variables in each .env.devX file
+
+```
+
+To run the container execute: `sudo docker-compose --env-file /path/to/.env up`
--- a/docs/DOCKER_PORTAINER.md
+++ b/docs/DOCKER_PORTAINER.md
@@ -0,0 +1,97 @@
+# Deploying NetAlertX in Portainer (via Stacks)
+
+This guide shows you how to set up **NetAlertX** using Portainer’s **Stacks** feature.
+
+![Portainer > Stacks](./img/DOCKER/DOCKER_PORTAINER.png)
+
+---
+
+## 1. Prepare Your Host
+
+Before deploying, make sure you have a folder on your Docker host for NetAlertX data. Replace `APP_FOLDER` with your preferred location, for example `/opt` here:
+
+```bash
+mkdir -p /opt/netalertx/config
+mkdir -p /opt/netalertx/db
+mkdir -p /opt/netalertx/log
+```
+
+---
+
+## 2. Open Portainer Stacks
+
+1. Log in to your **Portainer UI**.
+2. Navigate to **Stacks** → **Add stack**.
+3. Give your stack a name (e.g., `netalertx`).
+
+---
+
+## 3. Paste the Stack Configuration
+
+Copy and paste the following YAML into the **Web editor**:
+
+```yaml
+services:
+  netalertx:
+    container_name: netalertx
+
+    # Use this line for stable release
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
+
+    # Or, use this for the latest development build
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+
+    network_mode: "host"
+    restart: unless-stopped
+
+    volumes:
+      - ${APP_FOLDER}/netalertx/config:/app/config
+      - ${APP_FOLDER}/netalertx/db:/app/db
+      # Optional: logs (useful for debugging setup issues, comment out for performance)
+      - ${APP_FOLDER}/netalertx/log:/app/log
+
+      # API storage options:
+      # (Option 1) tmpfs (default, best performance)
+      - type: tmpfs
+        target: /app/api
+
+      # (Option 2) bind mount (useful for debugging)
+      # - ${APP_FOLDER}/netalertx/api:/app/api
+
+    environment:
+      - TZ=${TZ}
+      - PORT=${PORT}
+      - APP_CONF_OVERRIDE=${APP_CONF_OVERRIDE}
+```
+
+---
+
+## 4. Configure Environment Variables
+
+In the **Environment variables** section of Portainer, add the following:
+
+* `APP_FOLDER=/opt` (or wherever you created the directories in step 1)
+* `TZ=Europe/Berlin` (replace with your timezone)
+* `PORT=22022` (or another port if needed)
+* `APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22023"}` (optional advanced settings)
+
+---
+
+## 5. Deploy the Stack
+
+1. Scroll down and click **Deploy the stack**.
+2. Portainer will pull the image and start NetAlertX.
+3. Once running, access the app at:
+
+```
+http://<your-docker-host-ip>:22022
+```
+
+---
+
+## 6. Verify and Troubleshoot
+
+* Check logs via Portainer → **Containers** → `netalertx` → **Logs**.
+* Logs are stored under `${APP_FOLDER}/netalertx/log` if you enabled that volume.
+
+Once the application is running, configure it by reading the [initial setup](INITIAL_SETUP.md) guide, or [troubleshoot common issues](COMMON_ISSUES.md). 
--- a/docs/DOCKER_SWARM.md
+++ b/docs/DOCKER_SWARM.md
@@ -0,0 +1,79 @@
+# Docker Swarm Deployment Guide (IPvlan)
+
+This guide describes how to deploy **NetAlertX** in a **Docker Swarm** environment using an `ipvlan` network. This enables the container to receive a LAN IP address directly, which is ideal for network monitoring.
+
+---
+
+## ⚙️ Step 1: Create an IPvlan Config-Only Network on All Nodes
+
+> Run this command on **each node** in the Swarm.
+
+```bash
+docker network create -d ipvlan \
+  --subnet=192.168.1.0/24 \              # 🔧 Replace with your LAN subnet
+  --gateway=192.168.1.1 \                # 🔧 Replace with your LAN gateway
+  -o ipvlan_mode=l2 \
+  -o parent=eno1 \                       # 🔧 Replace with your network interface (e.g., eth0, eno1)
+  --config-only \
+  ipvlan-swarm-config
+```
+
+---
+
+## 🖥️ Step 2: Create the Swarm-Scoped IPvlan Network (One-Time Setup)
+
+> Run this on **one Swarm manager node only**.
+
+```bash
+docker network create -d ipvlan \
+  --scope swarm \
+  --config-from ipvlan-swarm-config \
+  swarm-ipvlan
+```
+
+---
+
+## 🧾 Step 3: Deploy NetAlertX with Docker Compose
+
+Use the following Compose snippet to deploy NetAlertX with a **static LAN IP** assigned via the `swarm-ipvlan` network.
+
+```yaml
+services:
+  netalertx:
+    image: ghcr.io/jokob-sk/netalertx:latest
+    ports:
+      - 20211:20211
+    volumes:
+      - /mnt/YOUR_SERVER/netalertx/config:/app/config:rw
+      - /mnt/YOUR_SERVER/netalertx/db:/netalertx/app/db:rw
+      - /mnt/YOUR_SERVER/netalertx/logs:/netalertx/app/log:rw
+    environment:
+      - TZ=Europe/London
+      - PORT=20211
+    networks:
+      swarm-ipvlan:
+        ipv4_address: 192.168.1.240     # ⚠️ Choose a free IP from your LAN
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager        # 🔄 Or use: node.labels.netalertx == true
+
+networks:
+  swarm-ipvlan:
+    external: true
+```
+
+---
+
+## ✅ Notes
+
+* The `ipvlan` setup allows **NetAlertX** to have a direct IP on your LAN.
+* Replace `eno1` with your interface, IP addresses, and volume paths to match your environment.
+* Make sure the assigned IP (`192.168.1.240` above) is not in use or managed by DHCP.
+* You may also use a node label constraint instead of `node.role == manager` for more control.
+
+
--- a/docs/FILE_PERMISSIONS.md
+++ b/docs/FILE_PERMISSIONS.md
@@ -5,37 +5,19 @@
 >  ``` 
 >  docker run -d --rm --network=host \
 >  -e TZ=Europe/Berlin \
+>  -e PUID=200 -e PGID=200 \
 >  -e PORT=20211 \
->  jokobsk/netalertx:latest
+>  ghcr.io/jokob-sk/netalertx:latest
 > ```
-NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (user ID 101, group ID 82 - `www-data`). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`.
+NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (if PUID and GID environment variables are not specified, nginx user UID will be set to 102, and its supplementary group `www-data` ID to 82). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`.

-Upon starting, NetAlertX changes the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (ID 101 and GID 82). On different systems, this ID:GID may belong to different users (on Debian, the user with ID 82 is `uuidd`), or there may not be a user with ID 82 at all.
+Upon starting, NetAlertX changes nginx user UID and www-data GID to specified values (or defaults), and the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (defaults are ID 102 and GID 82). On different systems, this ID:GID may belong to different users, or there may not be a group with ID 82 at all.

-While this generally isn't problematic, it can cause issues for host system users needing to access these files (e.g., backup scripts). If users other than root need access to these files, it is recommended to add those users to the group with GID 82. If that group doesn't exist, it should be created.
+Option to set specific user UID and GID can be useful for host system users needing to access these files (e.g., backup scripts).

 ### Permissions Table for Individual Folders

 | Folder         | User   | User ID | Group     | Group ID | Permissions | Notes                                                               |
 |----------------|--------|---------|-----------|----------|-------------|---------------------------------------------------------------------|
-| `/app/config`  | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Ensure `nginx` can read/write; other users can read if in `www-data` |
-| `/app/db`      | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Same as above                                                       |
-
-### Steps to Add Users to Group
-
-1. **Check if group exists:**
-    ```sh
-    getent group www-data
-    ```
-
-2. **Create group if it does not exist:**
-    ```sh
-    sudo groupadd -g 82 www-data
-    ```
-
-3. **Add user to group:**
-    ```sh
-    sudo usermod -aG www-data <username>
-    ```
-
-Replace `<username>` with the actual username that requires access.
+| `/app/config`  | nginx  | PUID (default 102)     | www-data  | PGID (default 82)       | rwxr-xr-x   | Ensure `nginx` can read/write; other users can read if in `www-data` |
+| `/app/db`      | nginx  | PUID (default 102)     | www-data  | PGID (default 82)       | rwxr-xr-x   | Same as above                                                       |
--- a/docs/FIX_OFFLINE_DETECTION.md
+++ b/docs/FIX_OFFLINE_DETECTION.md
@@ -0,0 +1,78 @@
+# Troubleshooting: Devices Show Offline When They Are Online
+
+In some network setups, certain devices may intermittently appear as **offline** in NetAlertX, even though they are connected and responsive. This issue is often more noticeable with devices that have **higher IP addresses** within the subnet.
+
+> [!NOTE]
+>
+> Network presence graph showing increased drop outs before enabling additional `ICMP` scans and continuous online presence after following this guide. This graph shows a sudden spike in drop outs probably caused by a device software update.
+> ![before after presence](./img/FIX_OFFLINE_DETECTION/presence_graph_before_after.png)
+
+## Symptoms
+
+* Devices sporadically show as offline in the presence timeline.
+* This behavior often affects devices with higher IPs (e.g., `192.168.1.240+`).
+* Presence data appears inconsistent or unreliable despite the device being online.
+
+## Cause
+
+This issue is typically related to scanning limitations:
+
+* **ARP scan timeouts** may prevent full subnet coverage.
+* **Sole reliance on ARP** can result in missed detections:
+
+  * Some devices (like iPhones) suppress or reject frequent ARP requests.
+  * ARP responses may be blocked or delayed due to power-saving features or OS behavior.
+
+* **Scanning frequency conflicts**, where devices ignore repeated scans within a short period.
+
+## Recommended Fixes
+
+To improve presence accuracy and reduce false offline states:
+
+### ✅ Increase ARP Scan Timeout
+
+Extend the ARP scanner timeout to ensure full subnet coverage:
+
+```env
+ARPSCAN_RUN_TIMEOUT=360
+```
+
+> Adjust based on your network size and device count.
+
+### ✅ Add ICMP (Ping) Scanning
+
+Enable the `ICMP` scan plugin to complement ARP detection. ICMP is often more reliable for detecting active hosts, especially when ARP fails. 
+
+### ✅ Use Multiple Detection Methods
+
+A combined approach greatly improves detection robustness:
+
+* `ARPSCAN` (default)
+* `ICMP` (ping)
+* `NMAPDEV` (nmap)
+
+This hybrid strategy increases reliability, especially for down detection and alerting. See [other plugins](./PLUGINS.md) that might be compatible with your setup. See benefits and drawbacks of individual scan methods in their respective docs. 
+
+## Results
+
+After increasing the ARP timeout and adding ICMP scanning (on select IP ranges), users typically report:
+
+* More consistent presence graphs
+* Fewer false offline events
+* Better coverage across all IP ranges
+
+## Summary
+
+| Setting               | Recommendation                                |
+| --------------------- | --------------------------------------------- |
+| `ARPSCAN_RUN_TIMEOUT` | Increase to ensure scans reach all IPs        |
+| `ICMP` Scan           | Enable to detect devices ARP might miss       |
+| Multi-method Scanning | Use a mix of ARP, ICMP, and NMAP-based methods |
+
+---
+
+**Tip:** Each environment is unique. Consider fine-tuning scan settings based on your network size, device behavior, and desired detection accuracy.
+
+Let us know in the [NetAlertX Discussions](https://github.com/jokob-sk/NetAlertX/discussions) if you have further feedback or edge cases.
+
+See also [Remote Networks](./REMOTE_NETWORKS.md) for more advanced setups. 
--- a/docs/FRONTEND_DEVELOPMENT.md
+++ b/docs/FRONTEND_DEVELOPMENT.md
@@ -1,4 +1,4 @@
-# 🖼 Frontend development 
+# Frontend development 

 This page contains tips for frontend development when extending NetAlertX. Guiding principles are:

--- a/docs/HELPER_SCRIPTS.md
+++ b/docs/HELPER_SCRIPTS.md
@@ -0,0 +1,21 @@
+# NetAlertX Community Helper Scripts Overview
+
+This page provides an overview of community-contributed scripts for NetAlertX. These scripts are not actively maintained and are provided as-is.
+
+## Community Scripts
+
+You can find all scripts in this [scripts GitHub folder](https://github.com/jokob-sk/NetAlertX/tree/main/scripts).
+
+| Script Name | Description | Author | Version | Release Date |
+|------------|-------------|--------|---------|--------------|
+| **New Devices Checkmk Script** | Checks for new devices in NetAlertX and reports status to Checkmk. | N/A | 1.0 | 08-Jan-2025 |
+| **DB Cleanup Script** | Queries and removes old device-related entries from the database. | [laxduke](https://github.com/laxduke) | 1.0 | 23-Dec-2024 |
+| **OPNsense DHCP Lease Converter** | Retrieves DHCP lease data from OPNsense and converts it to `dnsmasq` format. | [im-redactd](https://github.com/im-redactd) | 1.0 | 24-Feb-2025 |
+
+## Important Notes
+
+> [!NOTE]  
+> These scripts are community-supplied and not actively maintained. Use at your own discretion.  
+
+For detailed usage instructions, refer to each script's documentation in each [scripts GitHub folder](https://github.com/jokob-sk/NetAlertX/tree/main/scripts).
+
--- a/docs/HOME_ASSISTANT.md
+++ b/docs/HOME_ASSISTANT.md
@@ -1,9 +1,9 @@
-# Overview
+# Home Assistant integration overview

 NetAlertX comes with MQTT support, allowing you to show all detected devices as devices in Home Assistant. It also supplies a collection of stats, such as number of online devices.

 > [!TIP]
-> You can install NetAlertX also as a Home Assistant addon [![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) via the [alexbelgium/hassio-addons](https://github.com/alexbelgium/hassio-addons/).
+> You can install NetAlertX also as a Home Assistant addon [![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) via the [alexbelgium/hassio-addons](https://github.com/alexbelgium/hassio-addons/) repository. This is only possible if you run a supervised instance of Home Assistant. If not, you can still run NetAlertX in a separate Docker container and follow this guide to configure MQTT.

 ## ⚠ Note 

@@ -21,15 +21,18 @@ NetAlertX comes with MQTT support, allowing you to show all detected devices as
 2. Configure a user name and password on your broker.

 3. Note down the following details that you will need to configure NetAlertX:
-   - MQTT host url (usually your Home Assistant IP)
-   - MQTT broker port
-   - User
-   - Password
+
+      - MQTT host url (usually your Home Assistant IP)
+      - MQTT broker port
+      - User
+      - Password

 4. Open the _NetAlertX_ > _Settings_ > _MQTT_ settings group
-   - Enable MQTT
-   - Fill in the details from above
-   - Fill in remaining settings as per description
+
+      - Enable MQTT
+      - Fill in the details from above
+      - Fill in remaining settings as per description
+      - set MQTT_RUN to schedule or on_notification depending on requirements

 ![Configuration Example][configuration] 

@@ -40,9 +43,50 @@ NetAlertX comes with MQTT support, allowing you to show all detected devices as
  | ![Screen 3][list] | ![Screen 4][overview] | 
  

-  [configuration]:   /docs/img/HOME_ASISSTANT/HomeAssistant-Configuration.png           "configuration"
-  [sensors]:         /docs/img/HOME_ASISSTANT/HomeAssistant-Device-as-Sensors.png       "sensors"
-  [history]:         /docs/img/HOME_ASISSTANT/HomeAssistant-Device-Presence-History.png "history"
-  [list]:            /docs/img/HOME_ASISSTANT/HomeAssistant-Devices-List.png            "list"  
-  [overview]:        /docs/img/HOME_ASISSTANT/HomeAssistant-Overview-Card.png           "overview"
+  [configuration]:   ./img/HOME_ASISSTANT/HomeAssistant-Configuration.png           "configuration"
+  [sensors]:         ./img/HOME_ASISSTANT/HomeAssistant-Device-as-Sensors.png       "sensors"
+  [history]:         ./img/HOME_ASISSTANT/HomeAssistant-Device-Presence-History.png "history"
+  [list]:            ./img/HOME_ASISSTANT/HomeAssistant-Devices-List.png            "list"  
+  [overview]:        ./img/HOME_ASISSTANT/HomeAssistant-Overview-Card.png           "overview"

+## Troubleshooting
+
+If you can't see all devices detected, run `sudo arp-scan  --interface=eth0 192.168.1.0/24` (change these based on your setup, read [Subnets](./SUBNETS.md) docs for details). This command has to be executed the NetAlertX container, not in the Home Assistant container.
+
+You can access the NetAlertX container via Portainer on your host or via ssh. The container name will be something like `addon_db21ed7f_netalertx` (you can copy the `db21ed7f_netalertx` part from the browser when accessing the UI of NetAlertX). 
+
+## Accessing the NetAlertX container via SSH
+
+1. Log into your Home Assistant host via SSH
+
+```bash
+local@local:~ $ ssh pi@192.168.1.9
+```
+2. Find the NetAlertX container name, in this case `addon_db21ed7f_netalertx`
+
+```bash
+pi@raspberrypi:~ $ sudo docker container ls | grep netalertx
+06c540d97f67   ghcr.io/alexbelgium/netalertx-armv7:25.3.1                   "/init"               6 days ago      Up 6 days (healthy)    addon_db21ed7f_netalertx
+```
+
+3. SSH into the NetAlertX cointainer
+
+```bash
+pi@raspberrypi:~ $ sudo docker exec -it addon_db21ed7f_netalertx  /bin/sh
+/ #
+```
+
+4. Execute a test `asrp-scan` scan
+
+```bash
+/ # sudo arp-scan --ignoredups --retry=6 192.168.1.0/24 --interface=eth0
+Interface: eth0, type: EN10MB, MAC: dc:a6:32:73:8a:b1, IPv4: 192.168.1.9
+Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
+192.168.1.1     74:ac:b9:54:09:fb       Ubiquiti Networks Inc.
+192.168.1.21    74:ac:b9:ad:c3:30       Ubiquiti Networks Inc.
+192.168.1.58    1c:69:7a:a2:34:7b       EliteGroup Computer Systems Co., LTD
+192.168.1.57    f4:92:bf:a3:f3:56       Ubiquiti Networks Inc.
+...
+```
+
+If your result doesn't contain results similar to the above, double check your subnet, interface and if you are dealing with an inaccessible network segment, read the [Remote networks documentation](./REMOTE_NETWORKS.md).
--- a/docs/HW_INSTALL.md
+++ b/docs/HW_INSTALL.md
@@ -5,50 +5,71 @@ To download and install NetAlertX on the hardware/server directly use the `curl`
 > [!NOTE]
 > This is an Experimental feature 🧪 and it relies on community support.
 >
-> 🙏 Looking for maintainers for this installation method 🙂
+> 🙏 Looking for maintainers for this installation method 🙂 Current community volunteers: 
+>   - [slammingprogramming](https://github.com/slammingprogramming)
+>   - [ingoratsdorf](https://github.com/ingoratsdorf)
 >
 > There is no guarantee that the install script or any other script will gracefully handle other installed software.
 > Data loss is a possibility, **it is recommended to install NetAlertX using the supplied Docker image**.

-A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
+> [!WARNING]
+> A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
 be dangerous, as you cannot see the code that's about to be executed on your system.

-Alternatively you can download the installation script `install/install.debian.sh` from the repository and check the code yourself (beware other scripts are
-downloaded too - only from this repo).
+If you trust this repo, you can download the install script via one of the methods (curl/wget) below and it will fo its best to install NetAlertX on your system.
+
+Alternatively you can download the installation script from the repository and check the code yourself.

 NetAlertX will be installed in `/app` and run on port number `20211`.

 Some facts about what and where something will be changed/installed by the HW install setup (may not contain everything!):

+- dependencies will be installed from the respective system repos
+- required python modules will be installed
 - `/app` directory will be deleted and newly created
- `/app` will contain the whole repository (downloaded by `install/install.debian.sh`)
+- `/app` will contain the whole repository (downloaded by the install script)
 - The default NGINX site `/etc/nginx/sites-enabled/default` will be disabled (sym-link deleted or backed up to `sites-available`)
 - `/var/www/html/netalertx` directory will be deleted and newly created
- `/etc/nginx/conf.d/netalertx.conf` will be sym-linked to `/app/install/netalertx.debian.conf`
+- `/etc/nginx/conf.d/netalertx.conf` will be sym-linked to the appropriate installer location (depending on your system installer script)
 - Some files (IEEE device vendors info, ...) will be created in the directory where the installation script is executed

 ## Limitations

- No system service is provided. NetAlertX must be started using `/app/install/start.debian.sh`.
+- No system service is provided. NetAlertX must be started using `/app/install/<system>/start.<system>.sh`.
 - No checks for other running software is done.
- Only tested to work on Debian Bookworm (Debian 12).
+- Only tested to work on the system listed in the install directory.
 - **EXPERIMENTAL** and not recommended way to install NetAlertX.

-## 📥 Installation via CURL
-
 > [!TIP]  
 > If the below fails try grabbing and installing one of the [previous releases](https://github.com/jokob-sk/NetAlertX/releases) and run the installation from the zip package.

-```bash
-curl -o install.debian.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
-```
-
-## 📥 Installation via WGET
-
-```bash
-wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh -O install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
-```
-
-These commands will download the `install.debian.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.debian.sh`.
+These commands will download the `install.debian12.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.debian12.sh`.

 Make sure you have the necessary permissions to execute the script.
+
+
+## 📥 Debian 12 (Bookworm)
+
+### Installation via curl
+```bash
+curl -o install.debian12.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/debian12/install.debian12.sh && sudo chmod +x install.debian12.sh && sudo ./install.debian12.sh
+```
+
+### Installation via wget
+
+```bash
+wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/debian12/install.debian12.sh -O install.debian12.sh && sudo chmod +x install.debian12.sh && sudo ./install.debian12.sh
+```
+
+## 📥 Ubuntu 24 (Noble Numbat)
+
+### Installation via curl
+```bash
+curl -o install.ubuntu24.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
+```
+
+### Installation via wget
+
+```bash
+wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh -O install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
+```
--- a/docs/ICONS.md
+++ b/docs/ICONS.md
@@ -1,8 +1,8 @@
 ## Icons overview

-Icons are used to visually distinguish devices in the app in most of the device listing tables and the [network tree](/docs/NETWORK_TREE.md). 
+Icons are used to visually distinguish devices in the app in most of the device listing tables and the [network tree](./NETWORK_TREE.md). 

-![Raspberry Pi with a brand icon](/docs/img/ICONS/devices-icons.png)
+![Raspberry Pi with a brand icon](./img/ICONS/devices-icons.png)

 ### Icons Support

@@ -19,19 +19,19 @@ You can assign icons individually on each device in the Details tab.

 Copying the SVG (for example from [iconify.design](https://icon-sets.iconify.design/)): 

-![iconify svg](/docs/img/ICONS/iconify_design_copy_svg.png)
+![iconify svg](./img/ICONS/iconify_design_copy_svg.png)

 Copying the HTML code from [Font Awesome](https://fontawesome.com/search?o=r&m=free).

-![Font awesome](/docs/img/ICONS/font_awesome_copy_html.png)
+![Font awesome](./img/ICONS/font_awesome_copy_html.png)

 2. Navigate to the device you want to use the icon on and click the "+" icon:

-![preview](/docs/img/ICONS/device_add_icon.png)
+![preview](./img/ICONS/device_add_icon.png)

 3. Paste in the copied HTML or SVG code and click "OK":

-![Paste SVG](/docs/img/ICONS/paste-svg.png)
+![Paste SVG](./img/ICONS/paste-svg.png)

 6. "Save" the device

@@ -40,7 +40,7 @@ Copying the HTML code from [Font Awesome](https://fontawesome.com/search?o=r&m=f

 - The dropdown contains all icons already used in the app for device icons. You might need to navigate away or refresh the page once you add a new icon. 

-## 🌟 Pro Font Awesome icons
+## Font Awesome Pro icons

 If you own the premium package of Font Awesome icons you can mount it in your Docker container the following way:

--- a/docs/INITIAL_SETUP.md
+++ b/docs/INITIAL_SETUP.md
@@ -0,0 +1,109 @@
+# ⚡ Quick Start Guide
+
+Get **NetAlertX** up and running in a few simple steps.
+
+---
+
+### 1. Configure Scanner Plugin(s)
+
+> [!TIP]
+> Enable additional plugins under **Settings → `LOADED_PLUGINS`**.
+> Make sure to **save** your changes and **reload the page** to activate them.
+> ![Loaded plugins settings](./img/PLUGINS/enable_plugin.gif)
+
+**Initial configuration**: `ARPSCAN`, `INTRNT`
+
+> [!NOTE]
+> `ARPSCAN` and `INTRNT` scan the current network. You can complement them with other `🔍 dev scanner` plugins like `NMAPDEV`, or import devices using `📥 importer` plugins.
+> See the [Subnet & VLAN Setup Guide](./SUBNETS.md) and [Remote Networks](./REMOTE_NETWORKS.md) for advanced configurations.
+
+---
+
+### 2. Choose a Publisher Plugin
+
+**Initial configuration**: `SMTP`
+
+> [!NOTE]
+> Configure your SMTP settings or enable additional `▶️ publisher` plugins to send alerts.
+> For more flexibility, try [📚 `_publisher_apprise`](/front/plugins/_publisher_apprise/), which supports over 80 notification services.
+
+---
+
+### 3. Set Up a Network Topology Diagram
+
+![Network tree](./img/NETWORK_TREE/Network_tree_details.png)
+
+**Initial configuration**: The app auto-selects a root node (MAC `internet`) and attempts to identify other network devices by vendor or name.
+
+> [!NOTE]
+> Visualize and manage your network using the [Network Guide](./NETWORK_TREE.md).
+> Some plugins (e.g., `UNFIMP`) build the topology automatically, or you can use [Custom Workflows](./WORKFLOWS.md) to generate it based on your own rules.
+
+---
+
+### 4. Configure Notifications
+
+![Notification settings](./img/NOTIFICATIONS/Global-notification-settings.png)
+
+**Initial configuration**: Notifies on `new_devices`, `down_devices`, and `events` as defined in `NTFPRCS_INCLUDED_SECTIONS`.
+
+> [!NOTE]
+> Notification settings support global, plugin-specific, and per-device rules.
+> For fine-tuning, refer to the [Notification Guide](./NOTIFICATIONS.md).
+
+---
+
+### 5. Set Up Workflows
+
+![Workflows](./img/WORKFLOWS/workflows.png)
+
+**Initial configuration**: N/A
+
+> [!NOTE]
+> Automate responses to device status changes, group management, topology updates, and more.
+> See the [Workflows Guide](./WORKFLOWS.md) to simplify your network operations.
+
+---
+
+### 6. Backup Your Configuration
+
+![Backups](./img/BACKUPS/Maintenance_Backup_Restore.png)
+
+**Initial configuration**: The `CSVBCKP` plugin creates a daily backup to `/config/devices.csv`.
+
+> [!NOTE]
+> For a complete backup strategy, follow the [Backup Guide](./BACKUPS.md).
+
+---
+
+### 7. (Optional) Create Custom Plugins
+
+[![Custom Plugin Video](./img/YouTube_thumbnail.png)](https://youtu.be/cdbxlwiWhv8)
+
+**Initial configuration**: N/A
+
+> [!NOTE]
+> Build your own scanner, importer, or publisher plugin.
+> See the [Plugin Development Guide](./PLUGINS_DEV.md) and included video tutorials.
+
+---
+
+## 📁 Recommended Guides
+
+* 📘 [PiHole Setup Guide](./PIHOLE_GUIDE.md)
+* 📘 [CSV Import Method](./DEVICES_BULK_EDITING.md)
+* 📘 [Community Guides (Chinese, Korean, German, French)](./COMMUNITY_GUIDES.md)
+
+---
+
+## 🛠️ Troubleshooting & Help
+
+Before opening a new issue:
+
+* 📘 [Common Issues](./COMMON_ISSUES.md)
+* 🧰 [Debugging Tips](./DEBUG_TIPS.md)
+* ✅ [Browse resolved GitHub issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed)
+
+---
+
+Let me know if you want a condensed README version, separate pages for each section, or UI copy based on this!
--- a/docs/INSTALLATION.md
+++ b/docs/INSTALLATION.md
@@ -0,0 +1,25 @@
+# Installation
+
+## Installation options
+
+NetAlertX can be installed several ways. The best supported option is Docker, followed by a supervised Home Assistant instance, as an Unraid app, and lastly, on bare metal. 
+
+- [[Installation] Docker (recommended)](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) 
+- [[Installation] Home Assistant](https://github.com/alexbelgium/hassio-addons/tree/master/netalertx) 
+- [[Installation] Unraid App](https://unraid.net/community/apps) 
+- [[Installation] Bare metal (experimental - looking for maintainers)](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) 
+
+
+## Help
+
+If facing issues, please spend a few minutes seraching. 
+
+- Check [common issues](./COMMON_ISSUES.md)
+- Have a look at [Community guides](./COMMUNITY_GUIDES.md) 
+- [Search closed or open issues or discussions](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue) 
+- Check [Discord](https://discord.gg/NczTUTWyRr)
+
+> [!NOTE]
+> If you can't find a solution anywhere, ask in Discord if you think it's a quick question, otherwise open a new [issue](https://github.com/jokob-sk/NetAlertX/issues/new?template=setup-help.yml). Please fill in as much as possible to speed up the help process. 
+>
+
--- a/docs/LOGGING.md
+++ b/docs/LOGGING.md
@@ -0,0 +1,26 @@
+# Logging
+
+NetAlertX comes with several logs that help to identify application issues. 
+
+For plugin-specific log debugging, please read the [Debug Plugins](./DEBUG_PLUGINS.md) guide.
+
+When debugging any issue, increase the `LOG_LEVEL` Setting as per the [Debug tips](./DEBUG_TIPS.md) documentation.
+
+
+## Main logs
+
+You can find most of the logs exposed in the UI under _Maintenance -> Logs_. 
+
+If the UI is inaccessible, you can access them under `/app/log`.
+
+![Logs](./img/LOGGING/maintenance_logs.png)
+
+In the _Maintennace -> Logs_ you can **Purge logs**, download the full log file or Filter the lines with some substring to narrow down your search. 
+
+## Plugin logging
+
+If a Plugin supplies data to the main app it's done either vie a SQL query or via a script that updates the `last_result.log` file in the plugin log folder (`app/log/plugins/`). These files are processed at the end of the scan and deleted on successful processing.
+
+The data is in most of the cases then displayed in the application under _Integrations -> Plugins_ (or _Device -> Plugins_ if the plugin is supplying device-specific data). 
+
+![Plugin objects](./img/LOGGING/logging_integrations_plugins.png)
--- a/docs/MIGRATION.md
+++ b/docs/MIGRATION.md
@@ -1,12 +1,12 @@
 # Migration form PiAlert to NetAlertX

 > [!WARNING] 
-> Follow this guide only after you you downloaded and started NetAlert X at least once after previously using the PiAlert image.
+> Follow this guide only after you you downloaded and started a version of NetAlertX prior to v25.6.7 (e.g. `docker pull ghcr.io/jokob-sk/netalertx:25.5.24`) at least once after previously using the PiAlert image. Later versions don't support migration and devices and settings will have to migrated manually, e.g. via [CSV import](./DEVICES_BULK_EDITING.md).

 ## STEPS: 

 > [!TIP] 
-> In short: The application will auto-migrate the database, config, and all device information. A ticker message on top will be displayed until you update your docker mount points. It's always good to have a [backup strategy](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md) in place.
+> In short: The application will auto-migrate the database, config, and all device information. A ticker message on top will be displayed until you update your docker mount points. It's always good to have a [backup strategy](./BACKUPS.md) in place.

 1. Backup your current config and database (optional `devices.csv` to have a backup) (See bellow tip if facing issues)
 2. Stop the container 
@@ -38,24 +38,23 @@ The application installation folder in the docker container has changed from `/h


 > [!NOTE] 
-> The application uses symlinks linking the old db and config locations to the new ones, so data loss should not occur. [Backup strategies](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md) are still recommended to backup your setup.
+> The application uses symlinks linking the old db and config locations to the new ones, so data loss should not occur. [Backup strategies](./BACKUPS.md) are still recommended to backup your setup.


 # Examples

-Exmaples of docker files with the new mount points.
+Examples of docker files with the new mount points.

 ## Example 1: Mapping folders

 ### Old docker-compose.yml

 ```yaml
-version: "3"
 services:
  pialert:
    container_name: pialert
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
    image: "jokobsk/pialert:latest"      
    network_mode: "host"        
    restart: unless-stopped
@@ -72,13 +71,12 @@ services:
 ### New docker-compose.yml

 ```yaml
-version: "3"
 services:
  netalertx:                                  # ⚠  This has changed (🟡optional) 
    container_name: netalertx                 # ⚠  This has changed (🟡optional) 
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: "jokobsk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
    network_mode: "host"        
    restart: unless-stopped
    volumes:
@@ -100,12 +98,11 @@ services:
 ### Old docker-compose.yml

 ```yaml
-version: "3"
 services:
  pialert:
    container_name: pialert
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
    image: "jokobsk/pialert:latest"      
    network_mode: "host"        
    restart: unless-stopped
@@ -122,13 +119,12 @@ services:
 ### New docker-compose.yml

 ```yaml
-version: "3"
 services:
  netalertx:                                  # ⚠  This has changed (🟡optional) 
    container_name: netalertx                 # ⚠  This has changed (🟡optional) 
    # use the below line if you want to test the latest dev image
-    # image: "jokobsk/netalertx-dev:latest" 
-    image: "jokobsk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
    network_mode: "host"        
    restart: unless-stopped
    volumes:
--- a/docs/NAME_RESOLUTION.md
+++ b/docs/NAME_RESOLUTION.md
@@ -0,0 +1,54 @@
+# Device Name Resolution
+
+Name resolution in NetAlertX relies on multiple plugins to resolve device names from IP addresses. If you are seeing `(name not found)` as device names, follow these steps to diagnose and fix the issue.
+
+> [!TIP]  
+> Before proceeding, make sure [Reverse DNS](./REVERSE_DNS.md) is enabled on your network.  
+> You can control how names are handled and cleaned using the `NEWDEV_NAME_CLEANUP_REGEX` setting.  
+> To auto-update Fully Qualified Domain Names (FQDN), enable the `REFRESH_FQDN` setting.
+
+
+## Required Plugins
+
+For best results, ensure the following name resolution plugins are enabled:
+
+- **AVAHISCAN** – Uses mDNS/Avahi to resolve local network names.
+- **NBTSCAN** – Queries NetBIOS to find device names.
+- **NSLOOKUP** – Performs standard DNS lookups.
+- **DIGSCAN** – Performs Name Resolution with the Dig utility (DNS).
+
+You can check which plugins are active in your _Settings_ section and enable any that are missing.
+
+There are other plugins that can supply device names as well, but they rely on bespoke hardware and services. See [Plugins overview](./PLUGINS.md) for details and look for plugins with name discovery (🆎) features.
+
+## Checking Logs
+
+If names are not resolving, check the logs for errors or timeouts.
+
+See how to explore logs in the [Logging guide](./LOGGING.md).
+
+Logs will show which plugins attempted resolution and any failures encountered.
+
+## Adjusting Timeout Settings
+
+If resolution is slow or failing due to timeouts, increase the timeout settings in your configuration, for example.
+
+```ini
+NSLOOKUP_RUN_TIMEOUT = 30
+```
+
+Raising the timeout may help if your network has high latency or slow DNS responses.
+
+## Checking Plugin Objects
+
+Each plugin stores results in its respective object. You can inspect these objects to see if they contain valid name resolution data.
+
+See [Logging guide](./LOGGING.md) and [Debug plugins](./DEBUG_PLUGINS.md) guides for details.
+
+If the object contains no results, the issue may be with DNS settings or network access.
+
+## Improving name resolution
+
+For more details how to improve name resolution refer to the 
+[Reverse DNS Documentation](./REVERSE_DNS.md).
+
--- a/docs/NETWORK_TREE.md
+++ b/docs/NETWORK_TREE.md
@@ -1,63 +1,110 @@
-## How to setup your Network page
+## How to Set Up Your Network Page

-Make sure you have a root device with the MAC `Internet` (No other MAC addresses are currently supported as the root node) set to a network device type (e.g.: **Type**:`Router`).
+The **Network** page lets you map how devices connect — visually and logically.  
+It’s especially useful for planning infrastructure, assigning parent-child relationships, and spotting gaps.

-> 💡 Tip: You can add dummy devices via the [Create dummy device](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICE_MANAGEMENT.md#dummy-devices) button in the Devices listing page.
+![Network tree details](./img/NETWORK_TREE/Network_Sample.png)

-> 💡 Tip: Export your configuration of the Network and Devices once in a while via the Export CSV feature under **Maintenance** -> **Backup/Restore** -> **CSV Export**.   
+To get started, you’ll need to define at least one root node and mark certain devices as network nodes (like Switches or Routers).

-## ⚡Quick setup:
+---

-* Go to a Device you want to use as network device (network nodes, such as a Switch). 
-* Set the **Type** of such a device to one of the following: AP, Firewall, Gateway, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN (you can create a custom network type device with in Settings -> General -> `NETWORK_DEVICE_TYPES`).
-* Save and go to Network where the devices you've marked as network devices (by selecting the Type as mentioned above) will show up as tabs.
-* You can now assign the Unassigend devices to the network node.
-* If port is empty or 0 a wifi icon is rendered, otherwise a ethernet port icon.
+Start by creating a root device with the MAC address `Internet`, if the application didn’t create one already.  
+This special MAC address (`Internet`) is required for the root network node — no other value is currently supported.  
+Set its **Type** to a valid network type — such as `Router` or `Gateway`.

+> [!TIP]  
+> If you don’t have one, use the [Create new device](./DEVICE_MANAGEMENT.md#dummy-devices) button on the **Devices** page to add a root device.

-> [!NOTE] 
->
-> [Bulk-edit devices](/docs/DEVICES_BULK_EDITING.md) by using the _CSV Export_ functionality in the _Maintenance_ section. You can use this to fix `Internet` node assignment issues. 
+---

-## 🔍Detailed example:
+## ⚡ Quick Setup

-In this example you will setup a device named `rapberrypi` as a `Switch` in our network. 
+1. Open the device you want to use as a network node (e.g. a Switch).
+2. Set its **Type** to one of the following:  
+   `AP`, `Firewall`, `Gateway`, `PLC`, `Powerline`, `Router`, `Switch`, `USB LAN Adapter`, `USB WIFI Adapter`, `WLAN`  
+   *(Or add custom types under **Settings → General → `NETWORK_DEVICE_TYPES`**.)*
+3. Save the device.
+4. Go to the **Network** page — supported device types will appear as tabs.
+5. Use the **Assign** button to connect unassigned devices to a network node.
+6. If the **Port** is `0` or empty, a Wi-Fi icon is shown. Otherwise, an Ethernet icon appears.

-### 1. Device details page
+> [!NOTE]  
+> Use [bulk editing](./DEVICES_BULK_EDITING.md) with _CSV Export_ to fix `Internet` root assignments or update many devices at once.

- Go to the `Devices` (1) page:
+---

-![Device details](/docs/img/NETWORK_TREE/Device_Details_Network_Type.png)
+## Example: Setting up a `raspberrypi` as a Switch

- In the (2) `Details` tab navigate to the the `Type` (3) dropdown and select the type `Switch` (4).
+Let’s walk through setting up a device named `raspberrypi` to act as a network Switch that other devices connect through.

-> Note: Only the following device types will show up as selectable Network nodes ( = devices you can connect other devices to):
-> AP, Firewall, Gateway, Hypervisor, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN. Custom types can be added via the `NETWORK_DEVICE_TYPES` setting.
+---

- Assign a device to your root device from the `Node` (5) dropdown which has the MAC `Internet` (6) (Your name may differ, but the MAC needs to be set to `Internet` - this is done by default). 
+### 1. Set Device Type and Parent

- Save your changes (7)
+- Go to the **Devices** page  
+- Open the device detail view for `raspberrypi`
+- In the **Type** dropdown, select `Switch`

-### 2. Network page
+![Device details](./img/NETWORK_TREE/Network_Device_Details.png)

- Navigate to your `Network` (1) page:
+- Optionally assign a **Parent Node** (where this device connects to) and the **Relationship type** of the connection.  
+  The `nic` relationship type can affect parent notifications — see the setting description and [Notifications documentation](./NOTIFICATIONS.md) for more.

-![Network page](/docs/img/NETWORK_TREE/Network_Page.png)
+![Device details](./img/NETWORK_TREE/Network_Device_Details_Parent.png)  

- Notice the newly added `raspberrypi` (2) tab which now represents a network node, also showing up in the tree (3).
- As we asssigned the `raspberrypi` in the previous (1) Device details page section to the `Internet` parent network node in step (6), the link is also showing up in the tree diagram (4)
- We can now assign the device `(AppleTV)` (5) to this `raspberrypi` node, representing a network Switch in this example
+> [!NOTE]  
+> Only certain device types can act as network nodes:  
+> `AP`, `Firewall`, `Gateway`, `Hypervisor`, `PLC`, `Powerline`, `Router`, `Switch`, `USB LAN Adapter`, `USB WIFI Adapter`, `WLAN`  
+> You can add custom types via the `NETWORK_DEVICE_TYPES` setting.

-### 3. Network page with 2 levels
+- Click **Save**

- After clicking the `Assign` button in the previous section, the `(AppleTV)` (1) device is now connected to our `raspberrypi` (2).
+---

-![Network page with 2 levels](/docs/img/NETWORK_TREE/Network_Page_2_Levels.png)
+### 2. Confirm The Device Appears as a Network Node

- You can see the `raspberrypi` represents the Network node type `Switch` (3)
- The `(AppleTV)` to `raspberrypi` connection is also displayed in the table of `Connected devices` (4).
- You can also see that our `raspberrypi` node is connected to it's Parent network device node with the MAC `Internet` (5). This connection again shows up in the tree (6) as well.
+You can confirm that `raspberrypi` now acts as a network device in two places:

+- Navigate to a different device and verify that `raspberrypi` now appears as an option for a **Parent Node**:

+![Parent Node dropdown](./img/NETWORK_TREE/Network_Device_ParentDropdown.png)

+- Go to the **Network** page — you'll now see a `raspberrypi` tab, meaning it's recognized as a network node (Switch):

+![Network page](./img/NETWORK_TREE/Network_Assign.png)
+
+- You can now assign other devices to it.
+
+---
+
+### 3. Assign Connected Devices
+
+- Use the **Assign** button to link other devices (e.g. PCs) to `raspberrypi`.
+- After assigning, connected devices will appear beneath the `raspberrypi` switch node.  
+
+![Assigned nodes](./img/NETWORK_TREE/Network_Assigned_Nodes.png)
+
+- Relationship lines may vary in color based on the selected Relationship type. These are editable on the device details page where you can also assign a parent node.
+
+![Hover detail](./img/NETWORK_TREE/Network_tree_setup_hover.png)
+
+> Hovering over devices in the tree reveals connection details and tooltips for quick inspection.
+
+> [!NOTE]
+> Selecting certain relationship types hides the device in the default device views.  
+> You can change this behavior by adjusting the `UI_hide_rel_types` setting, which by default is set to `["nic","virtual"]`.  
+> This means devices with `devParentRelType` set to `nic` or `virtual` will not be shown.  
+> All devices, regardless of relationship type, are always accessible in the **All devices** view.
+
+---
+
+## ✅ Summary
+
+To configure devices on the **Network** page:
+
+- Ensure a device with MAC `Internet` is set up as the root
+- Assign valid **Type** values to switches, routers, and other supported nodes that represent network devices
+- Use the **Assign** button to connect devices logically to their parent node
+
+Need to reset or undo changes? [Use backups](./BACKUPS.md) or [bulk editing](./DEVICES_BULK_EDITING.md) to manage devices at scale. You can also automate device assignment with [Workflows](./WORKFLOWS.md).
--- a/Show More
+++ b/Show More