docs

Signed-off-by: jokob-sk <jokob.sk@gmail.com>

.devcontainer/Dockerfile

@@ -0,0 +1,112 @@
+# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh
+
+# ---/Dockerfile---
+FROM alpine:3.22 AS builder
+
+ARG INSTALL_DIR=/app
+
+ENV PYTHONUNBUFFERED=1
+
+# Install build dependencies
+RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git \
+    && python -m venv /opt/venv
+
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH"
+
+
+RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git
+
+# Append Iliadbox certificate to aiofreepybox
+
+# second stage
+FROM alpine:3.22 AS runner
+
+ARG INSTALL_DIR=/app
+
+COPY --from=builder /opt/venv /opt/venv
+COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/
+
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH" 
+
+# default port and listen address
+ENV PORT=20211 LISTEN_ADDR=0.0.0.0 
+
+# needed for s6-overlay
+ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
+
+# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗ 
+
+RUN apk update --no-cache \
+    && apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
+    && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates \
+    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
+    && apk add --no-cache python3 nginx \
+    && ln -s /usr/bin/awake /usr/bin/wakeonlan \
+    && rm -f /etc/nginx/http.d/default.conf
+
+
+# Add crontab file
+COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root
+
+# Start all required services
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=2 \
+    CMD curl -sf -o /dev/null ${LISTEN_ADDR}:${PORT}/php/server/query_json.php?file=app_state.json
+
+ENTRYPOINT ["/init"]
+
+# ---/resources/devcontainer-Dockerfile---
+
+# Devcontainer build stage (do not build directly)
+# This file is combined with the root /Dockerfile by
+#   .devcontainer/scripts/generate-dockerfile.sh
+# The generator appends this stage to produce .devcontainer/Dockerfile.
+# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
+
+FROM runner AS devcontainer
+ENV INSTALL_DIR=/app 
+ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
+
+# Install common tools, create user, and set up sudo
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
+    adduser -D -s /bin/sh netalertx && \
+    addgroup netalertx nginx && \
+    addgroup netalertx www-data && \
+    echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
+    chmod 440 /etc/sudoers.d/90-netalertx
+# Install debugpy in the virtualenv if present, otherwise into system python3
+RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
+# setup nginx
+COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
+RUN set -e; \
+    chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
+    install -d -o netalertx -g www-data -m 775 /app; \
+    install -d -o netalertx -g www-data -m 755 /run/nginx; \
+    install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
+    rm -f /var/lib/nginx/logs/* || true; \
+    for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
+    install -d -o netalertx -g www-data -m 777 /run/php; \
+    install -d -o netalertx -g www-data -m 775 /var/log/php; \
+    chown -R netalertx:www-data /etc/nginx/http.d; \
+    chmod -R 775 /etc/nginx/http.d; \
+    chown -R netalertx:www-data /var/lib/nginx; \
+    chmod -R 755 /var/lib/nginx && \
+    chown -R netalertx:www-data /var/log/nginx/ && \
+    sed -i '/^user /d' /etc/nginx/nginx.conf; \
+    sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
+    sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
+    sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    mkdir -p /run/openrc; \
+    chown netalertx:nginx /run/openrc/; \
+    rm -Rf /run/openrc/*;
+
+# setup pytest
+RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
+
+WORKDIR /workspaces/NetAlertX
+
+
+ENTRYPOINT ["/bin/sh","-c","sleep infinity"]

.devcontainer/README.md

@@ -0,0 +1,30 @@
+# NetAlertX Devcontainer Notes
+
+This devcontainer replicates the production container as closely as practical, with a few development-oriented differences.
+
+Key behavior
+- No init process: Services are managed by shell scripts using killall, setsid, and nohup. Startup and restarts are script-driven rather than supervised by an init system.
+- Autogenerated Dockerfile: The effective devcontainer Dockerfile is generated on demand by `.devcontainer/scripts/generate-dockerfile.sh`. It combines the root `Dockerfile` (with certain COPY instructions removed) and an extra "devcontainer" stage from `.devcontainer/resources/devcontainer-Dockerfile`. When you change the resource Dockerfile, re-run the generator to refresh `.devcontainer/Dockerfile`.
+- Where to put setup: Prefer baking setup into `.devcontainer/resources/devcontainer-Dockerfile`. Use `.devcontainer/scripts/setup.sh` only for steps that must happen at container start (e.g., cleaning up nginx/php ownership, creating directories, touching runtime files) or depend on runtime paths.
+
+Debugging (F5)
+The Frontend and backend run in debug mode always.  You can attach your debugger at any time.  
+- Python Backend Debug: Attach - The backend runs with a debugger on port 5678. Set breakpoints in the code and press F5 to begin triggering them.
+- PHP Frontend (XDebug) Xdebug listens on 9003. Start listening and use an Xdebug extension in your browser to debug PHP.
+
+Common workflows (F1->Tasks: Run Task)
+- Regenerate the devcontainer Dockerfile: Run the VS Code task "Generate Dockerfile" or execute `.devcontainer/scripts/generate-dockerfile.sh`. The result is `.devcontainer/Dockerfile`.
+- Re-run startup provisioning: Use the task "Re-Run Startup Script" to execute `.devcontainer/scripts/setup.sh` in the container.
+- Start services:
+  - Backend (GraphQL/Flask): `.devcontainer/scripts/restart-backend.sh` starts it under debugpy and logs to `/app/log/app.log`
+  - Frontend (nginx + PHP-FPM): Started via setup.sh; can be restarted by the task "Start Frontend (nginx and PHP-FPM)".
+
+Testing
+- pytest is installed via Alpine packages (py3-pytest, py3-pytest-cov).
+- PYTHONPATH includes workspace and venv site-packages so tests can import `server/*` modules and third-party libs.
+- Run tests via VS Code Pytest Runner or `pytest -q` from the workspace root.
+
+Conventions
+- Don’t edit `.devcontainer/Dockerfile` directly; edit `.devcontainer/resources/devcontainer-Dockerfile` and regenerate.
+- Keep setup in the resource Dockerfile when possible; reserve `setup.sh` for runtime fixes.
+- Avoid hardcoding ports/secrets; prefer existing settings and helpers (see `.github/copilot-instructions.md`).

.devcontainer/devcontainer.json

@@ -0,0 +1,79 @@
+{
+  "name": "NetAlertX DevContainer",
+  "remoteUser": "netalertx",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": "..",
+    "target": "devcontainer"
+  },
+  "workspaceFolder": "/workspaces/NetAlertX",
+  "runArgs": [
+    "--add-host=host.docker.internal:host-gateway",
+    "--security-opt", "apparmor=unconfined" // for alowing ramdisk mounts
+  ],
+
+  "capAdd": [
+    "SYS_ADMIN", // For mounting ramdisks
+    "NET_ADMIN", // For network interface configuration
+    "NET_RAW"    // For raw packet manipulation
+  ],
+  
+  
+  
+  "postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh",
+  
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-python.python",
+        "ms-azuretools.vscode-docker",
+        "felixfbecker.php-debug",
+        "bmewburn.vscode-intelephense-client",
+        "xdebug.php-debug",
+        "ms-python.vscode-pylance",
+        "pamaron.pytest-runner",
+        "coderabbit.coderabbit-vscode",
+        "ms-python.black-formatter"
+      ]
+      ,
+      "settings": {
+        "terminal.integrated.cwd": "${containerWorkspaceFolder}",
+        // Python testing configuration
+        "python.testing.pytestEnabled": true,
+        "python.testing.unittestEnabled": false,
+        "python.testing.pytestArgs": [
+          "test"
+        ],
+        // Make sure we discover tests and import server correctly
+        "python.analysis.extraPaths": [
+          "/workspaces/NetAlertX",
+          "/workspaces/NetAlertX/server",
+          "/app",
+          "/app/server"
+        ]
+      }
+    }
+  },
+  "forwardPorts": [5678, 9000, 9003, 20211, 20212],
+
+  "portsAttributes": {
+    "20211": {
+      "label": "Frontend:Nginx+PHP"
+    },
+    "20212": {
+      "label": "Backend:GraphQL"
+    },
+    "9003": {
+      "label": "PHP Debug:Xdebug"
+    },
+    "9000": {
+      "label": "PHP-FPM:FastCGI"
+    },
+    "5678": {
+      "label": "Python Debug:debugpy"
+    }
+  },
+
+  // Optional: ensures compose services are stopped when you close the window
+  "shutdownAction": "stopContainer"
+}

.devcontainer/resources/99-xdebug.ini

@@ -0,0 +1,8 @@
+zend_extension="xdebug.so"
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.log_level=0
+xdebug.client_host=host.docker.internal
+xdebug.client_port=9003
+xdebug.start_with_request=yes
+xdebug.discover_client_host=1

.devcontainer/resources/devcontainer-Dockerfile

@@ -0,0 +1,51 @@
+# Devcontainer build stage (do not build directly)
+# This file is combined with the root /Dockerfile by
+#   .devcontainer/scripts/generate-dockerfile.sh
+# The generator appends this stage to produce .devcontainer/Dockerfile.
+# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
+
+FROM runner AS devcontainer
+ENV INSTALL_DIR=/app 
+ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
+
+# Install common tools, create user, and set up sudo
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
+    adduser -D -s /bin/sh netalertx && \
+    addgroup netalertx nginx && \
+    addgroup netalertx www-data && \
+    echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
+    chmod 440 /etc/sudoers.d/90-netalertx
+# Install debugpy in the virtualenv if present, otherwise into system python3
+RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
+# setup nginx
+COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
+RUN set -e; \
+    chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
+    install -d -o netalertx -g www-data -m 775 /app; \
+    install -d -o netalertx -g www-data -m 755 /run/nginx; \
+    install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
+    rm -f /var/lib/nginx/logs/* || true; \
+    for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
+    install -d -o netalertx -g www-data -m 777 /run/php; \
+    install -d -o netalertx -g www-data -m 775 /var/log/php; \
+    chown -R netalertx:www-data /etc/nginx/http.d; \
+    chmod -R 775 /etc/nginx/http.d; \
+    chown -R netalertx:www-data /var/lib/nginx; \
+    chmod -R 755 /var/lib/nginx && \
+    chown -R netalertx:www-data /var/log/nginx/ && \
+    sed -i '/^user /d' /etc/nginx/nginx.conf; \
+    sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
+    sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
+    sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
+    mkdir -p /run/openrc; \
+    chown netalertx:nginx /run/openrc/; \
+    rm -Rf /run/openrc/*;
+
+# setup pytest
+RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
+
+WORKDIR /workspaces/NetAlertX
+
+
+ENTRYPOINT ["/bin/sh","-c","sleep infinity"]

.devcontainer/resources/netalertx-devcontainer.conf

@@ -0,0 +1,26 @@
+log_format netalertx '$remote_addr - $remote_user [$time_local] "$request" '
+                     '$status $body_bytes_sent "$http_referer" '
+                     '"$http_user_agent" "$http_x_forwarded_for"';
+access_log /var/log/nginx/access.log netalertx flush=1s;
+error_log  /var/log/nginx/error.log  warn;
+
+server {
+    listen 20211 default_server;
+    root /app/front;
+    index index.php;
+
+    add_header X-Forwarded-Prefix "/netalertx" always;
+    proxy_set_header X-Forwarded-Prefix "/netalertx";
+
+    location ~* \.php$ {
+        add_header Cache-Control "no-store";
+        fastcgi_pass 127.0.0.1:9000;
+        include         fastcgi_params;
+        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+        fastcgi_param   PHP_VALUE "xdebug.remote_enable=1";
+        fastcgi_connect_timeout 75;
+        fastcgi_send_timeout 600;
+        fastcgi_read_timeout 600;
+    }
+}

.devcontainer/scripts/generate-dockerfile.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Generator for .devcontainer/Dockerfile
+# Combines the root /Dockerfile (with some COPY lines removed) and
+# the dev-only stage in .devcontainer/resources/devcontainer-Dockerfile.
+# Run this script after modifying the resource Dockerfile to refresh
+# the final .devcontainer/Dockerfile used by the devcontainer.
+
+# Make a copy of the original Dockerfile to the .devcontainer folder
+# but remove the COPY . ${INSTALL_DIR}/ command from it. This avoids
+# overwriting /app (which uses symlinks to the workspace) and preserves
+# debugging capabilities inside the devcontainer.
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+DEVCONTAINER_DIR="${SCRIPT_DIR%/scripts}"
+ROOT_DIR="${DEVCONTAINER_DIR%/.devcontainer}"
+
+OUT_FILE="${DEVCONTAINER_DIR}/Dockerfile"
+
+echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh" > "$OUT_FILE"
+echo "" >> "$OUT_FILE"
+echo "# ---/Dockerfile---" >> "$OUT_FILE"
+
+sed '/${INSTALL_DIR}/d' "${ROOT_DIR}/Dockerfile" >> "$OUT_FILE"
+
+# sed the line https://github.com/foreign-sub/aiofreepybox.git \\ to remove trailing backslash
+sed -i '/aiofreepybox.git/ s/ \\$//' "$OUT_FILE"
+
+# don't cat the file, just copy it in because it doesn't exist at build time
+sed -i 's|^ RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem$| COPY install/freebox_certificate.pem /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem |' "$OUT_FILE"
+
+echo "" >> "$OUT_FILE"
+echo "# ---/resources/devcontainer-Dockerfile---" >> "$OUT_FILE"
+echo "" >> "$OUT_FILE"
+
+cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" >> "$OUT_FILE"
+
+echo "Generated $OUT_FILE using root dir $ROOT_DIR" >&2

.devcontainer/scripts/restart-backend.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+# Start (or restart) the NetAlertX Python backend under debugpy in background.
+# This script is invoked by the VS Code task "Restart GraphQL".
+# It exists to avoid complex inline command chains that were being mangled by the task runner.
+
+set -e
+
+LOG_DIR=/app/log
+APP_DIR=/app/server
+PY=python3
+PORT_DEBUG=5678
+
+# Kill any prior debug/run instances
+sudo killall python3 2>/dev/null || true
+sleep 2
+
+echo ''|tee $LOG_DIR/stdout.log $LOG_DIR/stderr.log $LOG_DIR/app.log
+
+cd "$APP_DIR"
+
+# Launch using absolute module path for clarity; rely on cwd for local imports
+setsid nohup "${PY}" -m debugpy --listen "0.0.0.0:${PORT_DEBUG}" /app/server/__main__.py \
+  1>>"$LOG_DIR/stdout.log" \
+  2>>"$LOG_DIR/stderr.log" &
+PID=$!
+sleep 2

.devcontainer/scripts/run-tests.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+# shellcheck shell=sh
+# Simple helper to run pytest inside the devcontainer with correct paths
+set -eu
+
+# Ensure we run from the workspace root
+cd /workspaces/NetAlertX
+
+# Make sure PYTHONPATH includes server and workspace
+export PYTHONPATH="/workspaces/NetAlertX:/workspaces/NetAlertX/server:/app:/app/server:${PYTHONPATH:-}"
+
+# Default to running the full test suite under /workspaces/NetAlertX/test
+pytest -q --maxfail=1 --disable-warnings test "$@"

.devcontainer/scripts/setup.sh

@@ -0,0 +1,200 @@
+#! /bin/bash
+# Runtime setup for devcontainer (executed after container starts).
+# Prefer building setup into resources/devcontainer-Dockerfile when possible.
+# Use this script for runtime-only adjustments (permissions, sockets, ownership,
+# and services managed without init) that are difficult at build time.
+id
+
+# Define variables (paths, ports, environment)
+
+export APP_DIR="/app"
+export APP_COMMAND="/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh"
+export PHP_FPM_BIN="/usr/sbin/php-fpm83"
+export NGINX_BIN="/usr/sbin/nginx"
+export CROND_BIN="/usr/sbin/crond -f"
+
+
+export ALWAYS_FRESH_INSTALL=false
+export INSTALL_DIR=/app
+export APP_DATA_LOCATION=/app/config
+export APP_CONFIG_LOCATION=/app/config
+export LOGS_LOCATION=/app/logs
+export CONF_FILE="app.conf"
+export NGINX_CONF_FILE=netalertx.conf
+export DB_FILE="app.db"
+export FULL_FILEDB_PATH="${INSTALL_DIR}/db/${DB_FILE}"
+export NGINX_CONFIG_FILE="/etc/nginx/http.d/${NGINX_CONF_FILE}"
+export OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
+export TZ=Europe/Paris
+export PORT=20211
+export SOURCE_DIR="/workspaces/NetAlertX"
+
+
+ 
+main() {
+    echo "=== NetAlertX Development Container Setup ==="
+    echo "Setting up ${SOURCE_DIR}..."
+    configure_source
+    
+    echo "--- Starting Development Services ---"
+    configure_php
+
+
+    start_services
+}
+
+# safe_link: create a symlink from source to target, removing existing target if necessary
+# bypassing the default behavior of symlinking the directory into the target directory if it is a directory
+safe_link() {
+    # usage: safe_link <source> <target>
+    local src="$1"
+    local dst="$2"
+
+    # Ensure parent directory exists
+    install -d -m 775 "$(dirname "$dst")" >/dev/null 2>&1 || true
+
+    # If target exists, remove it without dereferencing symlinks
+    if [ -L "$dst" ] || [ -e "$dst" ]; then
+        rm -rf "$dst"
+    fi
+
+    # Create link; -n prevents deref, -f replaces if somehow still exists
+    ln -sfn "$src" "$dst"
+}
+
+# Setup source directory
+configure_source() {
+    echo "[1/3] Configuring Source..."
+    echo "  -> Linking source to ${INSTALL_DIR}"
+    echo "Dev">${INSTALL_DIR}/.VERSION
+
+    echo "  -> Mounting ramdisks for /log and /api"
+    sudo mount -t tmpfs -o size=256M tmpfs "${SOURCE_DIR}/log"
+    sudo mount -t tmpfs -o size=512M tmpfs "${SOURCE_DIR}/api"
+    safe_link ${SOURCE_DIR}/api           ${INSTALL_DIR}/api
+    safe_link ${SOURCE_DIR}/back          ${INSTALL_DIR}/back
+    safe_link "${SOURCE_DIR}/config"     "${INSTALL_DIR}/config"
+    safe_link "${SOURCE_DIR}/db"         "${INSTALL_DIR}/db"
+    if [ ! -f "${SOURCE_DIR}/config/app.conf" ]; then
+        cp ${SOURCE_DIR}/back/app.conf ${INSTALL_DIR}/config/
+        cp ${SOURCE_DIR}/back/app.db ${INSTALL_DIR}/db/
+    fi
+
+    safe_link "${SOURCE_DIR}/docs"       "${INSTALL_DIR}/docs"
+    safe_link "${SOURCE_DIR}/front"      "${INSTALL_DIR}/front"
+    safe_link "${SOURCE_DIR}/install"    "${INSTALL_DIR}/install"
+    safe_link "${SOURCE_DIR}/scripts"    "${INSTALL_DIR}/scripts"
+    safe_link "${SOURCE_DIR}/server"     "${INSTALL_DIR}/server"
+    safe_link "${SOURCE_DIR}/test"       "${INSTALL_DIR}/test"
+    safe_link "${SOURCE_DIR}/log"       "${INSTALL_DIR}/log"
+    safe_link "${SOURCE_DIR}/mkdocs.yml" "${INSTALL_DIR}/mkdocs.yml"
+
+    echo "  -> Copying static files to ${INSTALL_DIR}"
+    cp -R ${SOURCE_DIR}/CODE_OF_CONDUCT.md ${INSTALL_DIR}/
+    cp -R ${SOURCE_DIR}/dockerfiles ${INSTALL_DIR}/dockerfiles
+    sudo cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
+    sudo cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"
+    if [ -e "${INSTALL_DIR}/api/user_notifications.json" ]; then
+        echo "  -> Removing existing user_notifications.json"
+        sudo rm "${INSTALL_DIR}"/api/user_notifications.json
+    fi
+
+
+    
+    echo "  -> Setting ownership and permissions"
+    sudo find ${INSTALL_DIR}/ -type d -exec chmod 775 {} \;
+    sudo find ${INSTALL_DIR}/ -type f -exec chmod 664 {} \;
+    sudo date +%s > "${INSTALL_DIR}/front/buildtimestamp.txt"
+    sudo chmod 640 "${INSTALL_DIR}/config/${CONF_FILE}" || true
+
+
+
+    echo "  -> Setting up log directory"
+    install -d -o netalertx -g www-data -m 777 ${INSTALL_DIR}/log/plugins
+
+    echo "  -> Empty log"|tee ${INSTALL_DIR}/log/app.log \
+        ${INSTALL_DIR}/log/app_front.log \
+        ${INSTALL_DIR}/log/stdout.log
+    touch ${INSTALL_DIR}/log/stderr.log \
+    ${INSTALL_DIR}/log/execution_queue.log
+    echo 0>${INSTALL_DIR}/log/db_is_locked.log
+
+    date +%s > /app/front/buildtimestamp.txt
+
+    killall python &>/dev/null
+    sleep 1
+}
+
+#
+
+# start_services: start crond, PHP-FPM, nginx and the application
+start_services() {
+    echo "[3/3] Starting services..."
+
+    killall nohup &>/dev/null || true
+
+    killall php-fpm83 &>/dev/null || true
+    killall crond &>/dev/null || true
+    # Give the OS a moment to release the php-fpm socket
+    sleep 0.3
+    echo "      -> Starting CronD"
+    setsid nohup $CROND_BIN &>/dev/null &
+
+    echo "      -> Starting PHP-FPM"
+    setsid nohup $PHP_FPM_BIN &>/dev/null &
+
+    sudo killall nginx &>/dev/null || true
+    # Wait for the previous nginx processes to exit and for the port to free up
+    tries=0
+    while ss -ltn | grep -q ":${PORT}[[:space:]]" && [ $tries -lt 10 ]; do
+        echo "  -> Waiting for port ${PORT} to free..."
+        sleep 0.2
+        tries=$((tries+1))
+    done
+    sleep 0.2
+    echo "      -> Starting Nginx"
+    setsid nohup $NGINX_BIN &>/dev/null &
+    echo "      -> Starting Backend ${APP_DIR}/server..."
+    $APP_COMMAND 
+    sleep 2
+}
+
+# configure_php: configure PHP-FPM and enable dev debug options
+configure_php() {
+    echo "[2/3] Configuring PHP-FPM..."
+    sudo killall php-fpm83 &>/dev/null || true
+    install -d -o nginx -g www-data /run/php/ &>/dev/null
+    sudo sed -i "/^;pid/c\pid = /run/php/php8.3-fpm.pid" /etc/php83/php-fpm.conf
+    sudo sed -i 's|^listen = .*|listen = 127.0.0.1:9000|' /etc/php83/php-fpm.d/www.conf
+    sudo sed -i 's|fastcgi_pass .*|fastcgi_pass 127.0.0.1:9000;|' /etc/nginx/http.d/*.conf
+
+    #increase max child process count to 10
+    sudo sed -i -e 's/pm.max_children = 5/pm.max_children = 10/' /etc/php83/php-fpm.d/www.conf 
+
+    # find any line in php-fmp that starts with either ;error_log or error_log = and replace it with error_log = /app/log/app.php_errors.log
+    sudo sed -i '/^;*error_log\s*=/c\error_log = /app/log/app.php_errors.log' /etc/php83/php-fpm.conf
+    # If the line was not found, append it to the end of the file
+    if ! grep -q '^error_log\s*=' /etc/php83/php-fpm.conf; then
+        echo 'error_log = /app/log/app.php_errors.log' | sudo tee -a /etc/php83/php-fpm.conf
+    fi
+
+    sudo mkdir -p /etc/php83/conf.d
+    sudo cp /workspaces/NetAlertX/.devcontainer/resources/99-xdebug.ini /etc/php83/conf.d/99-xdebug.ini
+
+    sudo rm -R /var/log/php83 &>/dev/null || true
+    install -d -o netalertx -g www-data -m 755 var/log/php83;
+
+    sudo chmod 644 /etc/php83/conf.d/99-xdebug.ini || true
+
+}
+
+# (duplicate start_services removed)
+
+
+
+echo "$(git rev-parse --short=8 HEAD)">/app/.VERSION
+# Run the main function
+main
+
+
+

.devcontainer/scripts/stream-logs.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+# Stream NetAlertX logs to stdout so the Dev Containers output channel shows them.
+# This script waits briefly for the files to appear and then tails them with -F.
+
+LOG_FILES="/app/log/app.log  /app/log/db_is_locked.log /app/log/execution_queue.log /app/log/app_front.log /app/log/app.php_errors.log /app/log/IP_changes.log /app/stderr.log /app/stdout.log"
+
+wait_for_files() {
+  # Wait up to ~10s for at least one of the files to exist
+  attempts=0
+  while [ $attempts -lt 20 ]; do
+    for f in $LOG_FILES; do
+      if [ -f "$f" ]; then
+        return 0
+      fi
+    done
+    attempts=$((attempts+1))
+    sleep 0.5
+  done
+  return 1
+}
+
+if wait_for_files; then
+  echo "Starting log stream for:"
+  for f in $LOG_FILES; do
+    [ -f "$f" ] && echo "  $f"
+  done
+
+  # Use tail -F where available. If tail -F isn't supported, tail -f is used as fallback.
+  # Some minimal images may have busybox tail without -F; this handles both.
+  if tail --version >/dev/null 2>&1; then
+    # GNU tail supports -F
+    tail -n +1 -F $LOG_FILES
+  else
+    # Fallback to -f for busybox; will exit if files rotate or do not exist initially
+    tail -n +1 -f $LOG_FILES
+  fi
+else
+  echo "No log files appeared after wait; exiting stream script."
+  exit 0
+fi

.devcontainer/xdebug-trigger.ini

@@ -0,0 +1,11 @@
+zend_extension=xdebug.so
+xdebug.mode=debug
+xdebug.start_with_request=trigger
+xdebug.trigger_value=VSCODE
+xdebug.client_host=host.docker.internal
+xdebug.client_port=9003
+xdebug.log=/var/log/xdebug.log
+xdebug.log_level=7
+xdebug.idekey=VSCODE
+xdebug.discover_client_host=true
+xdebug.max_nesting_level=512

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+github: jokob-sk
+patreon: netalertx
+buy_me_a_coffee: jokobsk

.github/ISSUE_TEMPLATE/documentation-feedback.yml

@@ -0,0 +1,56 @@
+name: Documentation Feedback 📝
+description: Suggest improvements, clarify inconsistencies, or report issues related to the documentation.
+labels: ['documentation 📚']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please search to see if an open or closed issue already exists for the documentation change you're suggesting.
+    options:
+      - label: I have searched the existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What document or section does this relate to?
+    description: |
+      Please include a link to the file and section, if applicable. Be specific about what part of the documentation you are referencing.
+    placeholder: e.g. https://github.com/jokob-sk/NetAlertX/blob/main/docs/FRONTEND_DEVELOPMENT.md
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the issue
+    description: A clear and concise explanation of the issue or inconsistency you found in the documentation.
+    placeholder: e.g. The linked file is referred to as "Contributor Guidelines" but only covers frontend topics.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Your suggestion or proposed solution
+    description: Suggest how the documentation could be improved, clarified, or reorganized.
+    placeholder: e.g. Combine frontend and backend development into a single CONTRIBUTING.md file with common sections to reduce fragmentation.
+  validations:
+    required: true
+- type: checkboxes
+  attributes:
+    label: What type of issue is this?
+    options:
+      - label: Missing information
+      - label: Inaccurate or outdated information
+      - label: Unclear or confusing content
+      - label: Structure or organization improvements
+      - label: Other (explain in issue)
+- type: textarea
+  attributes:
+    label: Anything else?
+    description: |
+      Additional context, references, screenshots, or related issues. You can also mention if you’re willing to help implement the suggestion.
+  validations:
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can I help implement this? 👩‍💻👨‍💻 
+    description: The maintainer can provide guidance and review your changes.
+    options:
+      - label: "Yes, I’d like to help implement the improvement"
+      - label: "No, I’m just suggesting the idea"

.github/ISSUE_TEMPLATE/enhancement-request.yml

@@ -0,0 +1,33 @@
+name: Enhancement Request
+description: Propose an improvement to an existing feature or UX behavior.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What is the enhancement?
+    description: Describe the change or optimization you’d like to see to an existing feature.
+    placeholder: e.g. Make scan intervals configurable from UI instead of just `app.conf`
+    required: true
+- type: textarea
+  attributes:
+    label: What problem does this solve or improve?
+    description: Describe why this change would improve user experience or project maintainability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: |
+      Screenshots? Comparisons? Reference repos?
+    required: false
+- type: checkboxes
+  attributes:
+    label: Are you willing to help implement this?
+    options:
+      - label: "Yes"
+      - label: "No"

.github/ISSUE_TEMPLATE/refactor-codequality-request.yml

@@ -0,0 +1,37 @@
+name: Refactor / Code Quality Request ♻️
+description: Suggest improvements to code structure, style, or maintainability.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please check if a similar request already exists.
+    options:
+      - label: I have searched the existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What part of the code needs refactoring or improvement?
+    description: Specify files, modules, or components.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the proposed changes
+    description: Explain the refactoring or quality improvements you suggest.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this improvement needed?
+    description: Benefits such as maintainability, readability, performance, or scalability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: Any relevant links, references, or related issues.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help implement this change?
+    options:
+      - label: Yes
+      - label: No

.github/ISSUE_TEMPLATE/security-report.yml

@@ -0,0 +1,28 @@
+name: Security Report 🔐
+description: Report a security vulnerability or concern privately.
+labels: ['security 🔐']
+body:
+- type: markdown
+  attributes:
+    value: |
+      **Important:** For security reasons, please do **not** post sensitive security issues publicly in the issue tracker.
+      Instead, send details to our security contact email: [jokob@duck.com](mailto:jokob@duck.com).
+      
+      We appreciate your responsible disclosure.
+- type: textarea
+  attributes:
+    label: Brief summary (non-sensitive)
+    description: Provide a non-sensitive overview of the security issue.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Any other information or related reports.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Have you sent this report via email to the security contact?
+    options:
+      - label: Yes, I have sent the details to jokob@duck.com
+        required: true
+      - label: Not yet, I will send it after opening this issue

.github/ISSUE_TEMPLATE/translation-request.yml

@@ -0,0 +1,36 @@
+name: Translation / Localization Request 🌐
+description: Suggest adding or improving translations or localization support.
+labels: ['enhancement 🌐']
+body:
+- type: checkboxes
+  attributes:
+    label: Have you checked for existing translation efforts or related issues?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: Language(s) involved
+    description: Specify the language(s) this request pertains to.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the translation or localization improvement
+    description: Examples include adding new language support, fixing translation errors, or improving formatting.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this important for the project or users?
+    description: Describe the benefits or target audience.
+    required: false
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Link to files, previous translation PRs, or external resources.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help with translation or review?
+    options:
+      - label: Yes
+      - label: No

.github/PULL_REQUEST_TEMPLATE/code-pr-template.md

@@ -0,0 +1,53 @@
+## 📌 Description
+
+<!-- Provide a brief description of the changes you're introducing. Be clear and concise. -->
+
+---
+
+## 🔍 Related Issues
+
+<!-- Reference any related issues (e.g., closes #123, fixes #456) -->
+
+---
+
+## 📋 Type of Change
+
+Please check the relevant option(s):
+
+- [ ] 🐛 Bug fix
+- [ ] ✨ New feature
+- [ ] ♻️ Code refactor
+- [ ] 📚 Documentation update
+- [ ] 🧪 Test addition or change
+- [ ] 🔧 Build/config update
+- [ ] 🚀 Performance improvement
+- [ ] 🔨 CI/CD or automation
+- [ ] 🧹 Cleanup / chore
+
+---
+
+## 📷 Screenshots or Logs (if applicable)
+
+<!-- Add screenshots, terminal output, logs, or anything that helps understand your change -->
+
+---
+
+## 🧪 Testing Steps
+
+<!-- Describe how the change was tested. Manual steps, test cases, or automated test runs -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I have read the [Contribution Guidelines](../../CONTRIBUTING)
+- [ ] I have tested my changes locally
+- [ ] I have updated relevant documentation (if applicable)
+- [ ] I have verified my changes do not break existing behavior
+- [ ] I am willing to respond to requested changes and feedback
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Anything else you want reviewers to know? Future follow-ups? Questions? -->

.github/PULL_REQUEST_TEMPLATE/docs-pr-template.md

@@ -0,0 +1,37 @@
+## 📚 Documentation Update
+
+<!-- Describe the purpose of this PR in one or two sentences. Example: "This PR updates the contributor guidelines by merging frontend and backend sections." -->
+
+---
+
+## 📝 What’s Changed?
+
+<!-- Briefly outline what parts of the documentation were added, changed, removed, or reorganized -->
+
+- Combined frontend and backend development guidelines into a single file
+- Updated `mkdocs.yml` to reflect new structure
+- Added clarification on contribution process
+- Fixed outdated links in sidebar
+
+---
+
+## 🔍 Related Issue(s)
+
+<!-- Link to related issues, discussions, or context (e.g., closes #123) -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I followed the formatting/style of existing documentation
+- [ ] I have read the [Contribution Guidelines](../../CONTRIBUTING)
+- [ ] I updated `mkdocs.yml` if necessary
+- [ ] I verified links and references still work
+- [ ] I checked that my changes improve clarity, structure, or accuracy
+- [ ] I'm open to feedback and suggestions
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Optional: Include anything you want reviewers to be aware of -->

.github/copilot-instructions.md

@@ -0,0 +1,62 @@
+This is NetAlertX — network monitoring & alerting.
+
+Purpose: Guide AI assistants to follow NetAlertX architecture, conventions, and safety practices. Be concise, opinionated, and prefer existing helpers/settings over new code or hardcoded values.
+
+## Architecture (what runs where)
+- Backend (Python): main loop + GraphQL/REST endpoints orchestrate scans, plugins, workflows, notifications, and JSON export.
+	- Key: `server/__main__.py`, `server/plugin.py`, `server/initialise.py`, `server/api_server/api_server_start.py`
+- Data (SQLite): persistent state in `db/app.db`; helpers in `server/database.py` and `server/db/*`.
+- Frontend (Nginx + PHP + JS): UI reads JSON, triggers execution queue events.
+	- Key: `front/`, `front/js/common.js`, `front/php/server/*.php`
+- Plugins (Python): acquisition/enrichment/publishers under `front/plugins/*` with `config.json` manifests.
+- Messaging/Workflows: `server/messaging/*`, `server/workflows/*`
+- API JSON Cache for UI: generated under `api/*.json`
+
+Backend loop phases (see `server/__main__.py` and `server/plugin.py`): `once`, `schedule`, `always_after_scan`, `before_name_updates`, `on_new_device`, `on_notification`, plus ad‑hoc `run` via execution queue. Plugins execute as scripts that write result logs for ingestion.
+
+## Plugin patterns that matter
+- Manifest lives at `front/plugins/<code_name>/config.json`; `code_name` == folder, `unique_prefix` drives settings and filenames (e.g., `ARPSCAN`).
+- Control via settings: `<PREF>_RUN` (phase), `<PREF>_RUN_SCHD` (cron-like), `<PREF>_CMD` (script path), `<PREF>_RUN_TIMEOUT`, `<PREF>_WATCH` (diff columns).
+- Data contract: scripts write `/app/log/plugins/last_result.<PREF>.log` (pipe‑delimited: 9 required cols + optional 4). Use `front/plugins/plugin_helper.py`’s `Plugin_Objects` to sanitize text and normalize MACs, then `write_result_file()`.
+- Device import: define `database_column_definitions` when creating/updating devices; watched fields trigger notifications.
+
+### Standard Plugin Formats
+* publisher: Sends notifications to services. Runs `on_notification`. Data source: self.
+* dev scanner: Creates devices and manages online/offline status. Runs on `schedule`. Data source: self / SQLite DB.
+* name discovery: Discovers device names via various protocols. Runs `before_name_updates` or on `schedule`. Data source: self.
+* importer: Imports devices from another service. Runs on `schedule`. Data source: self / SQLite DB.
+* system: Provides core system functionality. Runs on `schedule` or is always on. Data source: self / Template.
+* other: Miscellaneous plugins. Runs at various times. Data source: self / Template.
+
+### Plugin logging & outputs
+- Always log via `mylog()` like other plugins do (no `print()`). Example: `mylog('verbose', [f'[{pluginName}] In script'])`.
+- Collect results with `Plugin_Objects.add_object(...)` during processing and call `plugin_objects.write_result_file()` exactly once at the end of the script.
+- Prefer to log a brief summary before writing (e.g., total objects added) to aid troubleshooting; keep logs concise at `verbose` level unless debugging.
+
+- Do not write ad‑hoc files for results; the only consumable output is `last_result.<PREF>.log` generated by `Plugin_Objects`.
+## API/Endpoints quick map
+- Flask app: `server/api_server/api_server_start.py` exposes routes like `/device/<mac>`, `/devices`, `/devices/export/{csv,json}`, `/devices/import`, `/devices/totals`, `/devices/by-status`, plus `nettools`, `events`, `sessions`, `dbquery`, `metrics`, `sync`.
+- Authorization: all routes expect header `Authorization: Bearer <API_TOKEN>` via `get_setting_value('API_TOKEN')`.
+
+## Conventions & helpers to reuse
+- Settings: add/modify via `ccd()` in `server/initialise.py` or per‑plugin manifest. Never hardcode ports or secrets; use `get_setting_value()`.
+- Logging: use `logger.mylog(level, [message])`; levels: none/minimal/verbose/debug/trace.
+- Time/MAC/strings: `helper.py` (`timeNowTZ`, `normalize_mac`, sanitizers). Validate MACs before DB writes.
+- DB helpers: prefer `server/db/db_helper.py` functions (e.g., `get_table_json`, device condition helpers) over raw SQL in new paths.
+
+## Dev workflow (devcontainer)
+- Services: use tasks to (re)start backend and nginx/PHP-FPM. Backend runs with debugpy on 5678; attach a Python debugger if needed.
+- Run a plugin manually: `python3 front/plugins/<code_name>/script.py` (ensure `sys.path` includes `/app/front/plugins` and `/app/server` like the template).
+- Testing: pytest available via Alpine packages. Tests live in `test/`; app code is under `server/`. PYTHONPATH is preconfigured to include workspace and `/opt/venv` site‑packages.
+
+## What “done right” looks like
+- When adding a plugin, start from `front/plugins/__template`, implement with `plugin_helper`, define manifest settings, and wire phase via `<PREF>_RUN`. Verify logs in `/app/log/plugins/` and data in `api/*.json`.
+- When introducing new config, define it once (core `ccd()` or plugin manifest) and read it via helpers everywhere.
+- When exposing new server functionality, add endpoints in `server/api_server/*` and keep authorization consistent; update UI by reading/writing JSON cache rather than bypassing the pipeline.
+
+## Useful references
+- Docs: `docs/PLUGINS_DEV.md`, `docs/SETTINGS_SYSTEM.md`, `docs/API_*.md`, `docs/DEBUG_*.md`
+- Logs: backend `/app/log/app.log`, plugin logs under `/app/log/plugins/`, nginx/php logs under `/var/log/*`
+
+Assistant expectations
+- Reference concrete files/paths. Use existing helpers/settings. Keep changes idempotent and safe. Offer a quick validation step (log line, API hit, or JSON export) for anything you add.

.github/tweet.md

@@ -1,2 +0,0 @@
-🎉 New release: **v25.4.1 - 🔀 Workflows - automate device management ** is live! 🚀
-Check it out here: https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.1

.github/workflows/code_checks.yml

@@ -17,14 +17,22 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Check for absolute path URLs
+      - name: Check for incorrect absolute '/php/' URLs in frontend code
         run: |
-          if grep -r -E "\burl:\s*['\"]\/php" --include=\*.{js,php} .; then
-            echo "❌ Found absolute path URLs starting with '/php/'. Please use relative paths."
+          echo "🔍 Checking for incorrect absolute '/php/' URLs (should be 'php/' or './php/')..."
+
+          MATCHES=$(grep -rE "['\"]\/php\/" --include=\*.{js,php,html} ./front | grep -E "\.get|\.post|\.ajax|fetch|url\s*:") || true
+
+          if [ -n "$MATCHES" ]; then
+            echo "$MATCHES"
+            echo "❌ Found incorrectly absolute '/php/' URLs. Use 'php/' or './php/' for relative paths."
             exit 1
           else
-            echo "✅ No absolute path URLs found."
+            echo "✅ No bad '/php/' URLs found."
           fi
+
+
+
       - name: Check Python syntax
         run: |
           set -e

.github/workflows/docker_rewrite.yml

@@ -0,0 +1,81 @@
+name: docker
+
+on:
+  push:
+    branches:
+      - rewrite
+    tags:
+      - '*.*.*'
+  pull_request:
+    branches:
+      - rewrite
+
+jobs: 
+  docker_rewrite:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
+    if: >
+      contains(github.event.head_commit.message, 'PUSHPROD') != 'True' &&
+      github.repository == 'jokob-sk/NetAlertX'  
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up dynamic build ARGs
+        id: getargs        
+        run: echo "version=$(cat ./stable/VERSION)" >> $GITHUB_OUTPUT
+
+      - name: Get release version
+        id: get_version
+        run: echo "version=Dev" >> $GITHUB_OUTPUT
+
+      - name: Create .VERSION file
+        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/jokob-sk/netalertx-dev-rewrite
+            jokobsk/netalertx-dev-rewrite
+          tags: |
+            type=raw,value=latest
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Log in to Github Container Registry (GHCR)
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: jokob-sk
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/social_post_on_release.yml

@@ -1,4 +1,4 @@
-name: 📧 Twitter and Discord Posts
+name: 📧 Social Posts
 on:
   release:
     types: [published]
@@ -16,38 +16,3 @@ jobs:
           -d '{"content": "🎉 New release: **${{ github.event.release.name }}** is live! 🚀\nCheck it out here: ${{ github.event.release.html_url }}"}' \
           ${{ secrets.DISCORD_WEBHOOK_URL }}
 
-  post-twitter:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Wait for 15 minutes
-        run: sleep 900  # 15 minutes delay     
-
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: Set Git config
-        run: |
-          git config --global user.email "github-actions@github.com"
-          git config --global user.name "GitHub Actions"
-
-      - name: Create tweet file
-        run: |
-          echo "🎉 New release: **${{ github.event.release.name }}** is live! 🚀" > .github/tweet.md
-          echo "Check it out here: ${{ github.event.release.html_url }}" >> .github/tweet.md
-          git add .github/tweet.md
-          git commit -m "Add release tweet for ${{ github.event.release.name }}"
-
-      - name: Push changes
-        run: |
-          git push https://github.com/${{ github.repository }}.git HEAD:main
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Tweet
-        uses: twitter-together/action@v3
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
-          TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
-          TWITTER_API_KEY: ${{ secrets.TWITTER_API_KEY }}
-          TWITTER_API_SECRET_KEY: ${{ secrets.TWITTER_API_SECRET_KEY }}

.vscode/launch.json

@@ -0,0 +1,34 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python Backend Debug: Attach",
+            "type": "debugpy",
+            "request": "attach",
+            "connect": {
+                "host": "localhost",
+                "port": 5678
+            },
+            "pathMappings": [
+                {
+                    // Map workspace root to /app for PHP and other resources, plus explicit server mapping for Python.
+                    "localRoot": "${workspaceFolder}",
+                    "remoteRoot": "/app"
+                },
+                {
+                    "localRoot": "${workspaceFolder}/server",
+                    "remoteRoot": "/app/server"
+                }
+            ]
+        },
+        {
+            "name": "PHP Frontend Xdebug: Listen",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "pathMappings": {
+                "/app": "${workspaceFolder}"
+            }
+        }
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,13 @@
+{
+    "terminal.integrated.suggest.enabled": true,
+    // Use pytest and look under the test/ folder
+    "python.testing.pytestEnabled": true,
+    "python.testing.unittestEnabled": false,
+    "python.testing.pytestArgs": [
+        "test"
+    ],
+    // Ensure VS Code uses the devcontainer virtualenv
+    "python.defaultInterpreterPath": "/opt/venv/bin/python",
+    // Let the Python extension invoke pytest via the interpreter; avoid hardcoded paths
+    // Removed python.testing.pytestPath and legacy pytest.command overrides
+}

.vscode/tasks.json

@@ -0,0 +1,94 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Generate Dockerfile",
+      "type": "shell",
+      "command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/generate-dockerfile.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "group": {
+        "kind": "build",
+        "isDefault": false
+      },
+      "options": {
+        "cwd": "${workspaceFolder:NetAlertX}"
+      },
+      "icon": {
+        "id": "tools",
+        "color": "terminal.ansiYellow"
+      }
+    },
+    {
+      "label": "Re-Run Startup Script",
+      "type": "shell",
+      "command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/setup.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "beaker",
+        "color": "terminal.ansiBlue"
+      }
+    },
+    {
+      "label": "Start Backend (Python)",
+      "type": "shell",
+      "command": "/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false,
+        "clear": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-restart",
+        "color": "terminal.ansiGreen"
+      }
+    },
+    {
+      "label": "Start Frontend (nginx and PHP-FPM)",
+      "type": "shell",
+      "command": "killall php-fpm83 nginx 2>/dev/null || true; sleep 1; php-fpm83 & nginx",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false,
+        "clear": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-restart",
+        "color": "terminal.ansiGreen"
+      }
+    },
+    {
+      "label": "Stop Frontend & Backend Services",
+      "type": "shell",
+      "command": "pkill -f 'php-fpm83|nginx|crond|python3' || true",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": [],
+      "icon": {
+        "id": "debug-stop",
+        "color": "terminal.ansiRed"
+      }
+    }
+  ]
+}

CODE_OF_CONDUCT.md

@@ -0,0 +1,137 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at <jokob@duck.com>.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Ethical Use Clause (Project-Specific)
+
+While NetAlertX is a tool designed to empower users with greater insight into their own networks, we expect and encourage all users to use this software **ethically and legally**.
+
+- Do not use this software to scan or monitor networks without **explicit authorization**.
+- Respect privacy, consent, and data protection laws applicable in your jurisdiction.
+- Any use of NetAlertX for malicious surveillance, stalking, or unauthorized access is explicitly discouraged and may be grounds for removal from the community and revocation of support.
+
+We reserve the right to take appropriate action to uphold the ethical integrity of this project.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the
+[Contributor Covenant](https://www.contributor-covenant.org/), version 2.1,
+available at
+<https://www.contributor-covenant.org/version/2/1/code_of_conduct/>.
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion).
+
+For answers to common questions about this code of conduct, see the FAQ at
+<https://www.contributor-covenant.org/faq/>. Translations are available at
+<https://www.contributor-covenant.org/translations/>.

CONTRIBUTING

@@ -1,14 +1,53 @@
-# Contributing to this project
+# 🤝 Contributing to NetAlertX
 
-## Issues, bugs, feature requests
+First off, **thank you** for taking the time to contribute! NetAlertX is built and improved with the help of passionate people like you.
 
-The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.
+---
 
-Before submitting a new issue please spend a couple of minutes on research:
+## 📂 Issues, Bugs, and Feature Requests
 
-* Check [🛑 Common issues](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues) 
-* Check [💡 Closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
+Please use the [GitHub Issue Tracker](https://github.com/jokob-sk/NetAlertX/issues) for:
+- Bug reports 🐞
+- Feature requests 💡
+- Documentation feedback 📖
 
-## Pull-requests (PRs)
+Before opening a new issue:
+- 🛑 [Check Common Issues & Debug Tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues)
+- 🔍 [Search Closed Issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed)
 
-If you submit a PR please do check that your changes are backward compatible with existing installations. Existing features should be always preserved.
+---
+
+## 🚀 Submitting Pull Requests (PRs)
+
+We welcome PRs to improve the code, docs, or UI!
+
+Please:
+- Ensure **backward compatibility** with existing installations
+- Preserve existing features unless a breaking change is intentional and discussed
+- Follow existing **code style and structure**
+- Provide a clear title and description for your PR
+- If relevant, add or update tests and documentation
+- For plugins, refer to the [Plugin Dev Guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)
+
+---
+
+## 🌟 First-Time Contributors
+
+New to open source? Check out these resources:
+- [How to Fork and Submit a PR](https://opensource.guide/how-to-contribute/)
+- Ask questions or get support in our [Discord](https://discord.gg/NczTUTWyRr)
+
+---
+
+## 🔐 Code of Conduct
+
+By participating, you agree to follow our [Code of Conduct](./CODE_OF_CONDUCT.md), which ensures a respectful and welcoming community.
+
+---
+
+## 📬 Contact
+
+If you have more in-depth questions or want to discuss contributing in other ways, feel free to reach out at:  
+📧 [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX%20Contribution)
+
+We appreciate every contribution, big or small! 💙

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.21 AS builder
+FROM alpine:3.22 AS builder
 
 ARG INSTALL_DIR=/app
 
@@ -13,7 +13,7 @@ ENV PATH="/opt/venv/bin:$PATH"
 
 COPY . ${INSTALL_DIR}/
 
-RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros git+https://github.com/foreign-sub/aiofreepybox.git \
+RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git \
     && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
     && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
     && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py'  -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
@@ -22,7 +22,7 @@ RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask tplin
 RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem
 
 # second stage
-FROM alpine:3.21 AS runner
+FROM alpine:3.22 AS runner
 
 ARG INSTALL_DIR=/app
 

Dockerfile.debian

@@ -43,7 +43,7 @@ RUN phpenmod -v 8.2 sqlite3
 RUN apt-get install -y python3-venv
 RUN python3 -m venv myenv
 
-RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros "
+RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag "
 
 # Create a buildtimestamp.txt to later check if a new version was released
 RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt

FUNDING.yml

@@ -1,2 +0,0 @@
-github: jokob-sk
-patreon: 84385063

README.md

@@ -8,6 +8,42 @@
 
 Get visibility of what's going on on your WIFI/LAN network and enable presence detection of important devices. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
 
+## 📋 Table of Contents
+
+- [Features](#-features)
+- [Documentation](#-documentation)
+- [Quick Start](#-quick-start)
+- [Alternative Apps](#-other-alternative-apps)
+- [Security & Privacy](#-security--privacy)
+- [FAQ](#-faq)
+- [Known Issues](#-known-issues)
+- [Donations](#-donations)
+- [Contributors](#-contributors)
+- [Translations](#-translations)
+- [License](#license)
+
+
+## 🚀 Quick Start
+
+Start NetAlertX in seconds with Docker:
+
+```bash
+docker run -d --rm --network=host \
+  -v local_path/config:/app/config \
+  -v local_path/db:/app/db \
+  --mount type=tmpfs,target=/app/api \
+  -e PUID=200 -e PGID=300 \
+  -e TZ=Europe/Berlin \
+  -e PORT=20211 \
+  ghcr.io/jokob-sk/netalertx:latest
+```
+
+Need help configuring it? Check the [usage guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/README.md) or [full documentation](https://jokob-sk.github.io/NetAlertX/).
+
+For Home Assistant users: [Click here to add NetAlertX](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+
+For other install methods, check the [installation docs](#-documentation)
+
 
 | [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://jokob-sk.github.io/NetAlertX/) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
 |----------------------| ----------------------|  ----------------------| ----------------------| ----------------------| 
@@ -30,7 +66,7 @@ Get visibility of what's going on on your WIFI/LAN network and enable presence d
 
 ### Scanners
 
-The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) docs for a full lits of avaliable plugins. 
+The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) docs for a full list of avaliable plugins. 
 
 ### Notification gateways
 
@@ -43,7 +79,7 @@ build your own scanners with the [Plugin system](https://github.com/jokob-sk/Net
 
 ### Workflows
 
-The [workflows module](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WORKFLOWS.md) in NetAlertX allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs.
+The [workflows module](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WORKFLOWS.md) allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs.
 
 
 ## 📚 Documentation
@@ -59,6 +95,46 @@ Supported browsers: Chrome, Firefox
 - [[Development] API docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md)
 - [[Development] Custom Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)
 
+...or explore all the [documentation here](https://jokob-sk.github.io/NetAlertX/).
+
+## 🔐 Security & Privacy
+
+NetAlertX scans your local network and can store metadata about connected devices. By default, all data is stored **locally**. No information is sent to external services unless you explicitly configure notifications or integrations.
+
+To further secure your installation:
+- Run it behind a reverse proxy with authentication
+- Use firewalls to restrict access to the web UI
+- Regularly update to the latest version for security patches
+
+See [Security Best Practices](https://github.com/jokob-sk/NetAlertX/security) for more details.
+
+
+## ❓ FAQ
+
+**Q: Why don’t I see any devices?**  
+A: Ensure the container has proper network access (e.g., use `--network host` on Linux). Also check that your scan method is properly configured in the UI.
+
+**Q: Does this work on Wi-Fi-only devices like Raspberry Pi?**  
+A: Yes, but some scanners (e.g. ARP) work best on Ethernet. For Wi-Fi, try SNMP, DHCP, or Pi-hole import.
+
+**Q: Will this send any data to the internet?**  
+A: No. All scans and data remain local, unless you set up cloud-based notifications.
+
+**Q: Can I use this without Docker?**  
+A: Yes! You can install it bare-metal. See the [bare metal installation guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md).
+
+**Q: Where is the data stored?**  
+A: In the `/config` and `/db` folders, mapped in Docker. Back up these folders regularly.
+
+
+## 🐞 Known Issues
+
+- Some scanners (e.g. ARP) may not detect devices on different subnets. See the [Remote networks guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REMOTE_NETWORKS.md) for workarounds.
+- Wi-Fi-only networks may require alternate scanners for accurate detection.
+- Notification throttling may be needed for large networks to prevent spam.
+- On some systems, elevated permissions (like `CAP_NET_RAW`) may be needed for low-level scanning.
+
+Check the [GitHub Issues](https://github.com/jokob-sk/NetAlertX/issues) for the latest bug reports and solutions and consult [the official documentation](https://jokob-sk.github.io/NetAlertX/).
 
 ## 📃 Everything else
 <!--- --------------------------------------------------------------------- --->
@@ -113,7 +189,6 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 >  GPL 3.0 | [Read more here](LICENSE.txt) | Source of the [animated GIF (Loading Animation)](https://commons.wikimedia.org/wiki/File:Loading_Animation.gif) | Source of the [selfhosted Fonts](https://github.com/adobe-fonts/source-sans)
 
 
-
 <!--- --------------------------------------------------------------------- --->
 [main]:                     ./docs/img/devices_split.png                  "Main screen"
 [device_details]:           ./docs/img/device_details.png                 "Screen 1"
@@ -131,4 +206,3 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 [main_dark]:                /docs/img/1_devices_dark.jpg                  "Main screen dark"
 [maintain_dark]:            /docs/img/5_maintain.jpg                      "Maintain screen dark"
 [follow_star]:              /docs/img/Follow_Releases_and_Star.gif        "Follow and Star"
-

api/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

back/app.conf

@@ -18,18 +18,20 @@
 # SCAN_SUBNETS    = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]
 
 DISCOVER_PLUGINS=True
-SCAN_SUBNETS=['192.168.1.0/24 --interface=eth0']
+SCAN_SUBNETS=['--localnet']
 TIMEZONE='Europe/Berlin'
-LOADED_PLUGINS=['ARPSCAN','CSVBCKP','DBCLNP', 'INTRNT','MAINT','NEWDEV','NSLOOKUP','NTFPRCS', 'AVAHISCAN', 'SETPWD','SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']
+LOADED_PLUGINS=['ARPSCAN', 'AVAHISCAN', 'CSVBCKP','DBCLNP', 'DIGSCAN', 'INTRNT', 'MAINT', 'NEWDEV', 'NBTSCAN', 'NSLOOKUP','NTFPRCS', 'SETPWD', 'SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']
 
 DAYS_TO_KEEP_EVENTS=90
 # Used for generating links in emails. Make sure not to add a trailing slash!
-REPORT_DASHBOARD_URL='http://netalertx'
+REPORT_DASHBOARD_URL='update_REPORT_DASHBOARD_URL_setting'
 
 # Make sure at least these scanners are enabled for new installs, other defaults are taken from the config.json
 INTRNT_RUN='schedule'
 ARPSCAN_RUN='schedule'
 NSLOOKUP_RUN='before_name_updates'
+AVAHISCAN_RUN='before_name_updates'
+NBTSCAN_RUN='before_name_updates'
 
 # Email 
 #-------------------------------------

back/device_heuristics_rules.json

@@ -0,0 +1,200 @@
+[
+  {
+    "dev_type": "Gateway",
+    "icon_html": "<i class=\"fa fa-globe\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "INTERNET", "vendor": "" }
+    ],
+    "name_pattern": []
+  },
+  {
+    "dev_type": "Access Point",
+    "icon_html": "<i class=\"fa fa-network-wired\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "74ACB9", "vendor": "Ubiquiti" },
+      { "mac_prefix": "002468", "vendor": "Cisco" },
+      { "mac_prefix": "F4F5D8", "vendor": "TP-Link" },
+      { "mac_prefix": "F88E85", "vendor": "Netgear" }
+    ],
+    "name_pattern": ["router", "gateway", "ap", "access point", "access-point", "switch"]
+  },
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-brands fa-apple\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001A79", "vendor": "Apple" },
+      { "mac_prefix": "B0BE83", "vendor": "Samsung" },
+      { "mac_prefix": "BC926B", "vendor": "Motorola" }
+    ],
+    "name_pattern": ["iphone", "ipad", "pixel", "galaxy", "redmi"]
+  },
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-solid fa-mobile\"></i>",
+    "matching_pattern": [
+    ],
+    "name_pattern": ["android","samsung"]
+  },
+  {
+    "dev_type": "Tablet",
+    "icon_html": "<i class=\"fa fa-tablet\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001B63", "vendor": "Apple" },
+      { "mac_prefix": "BC4C4C", "vendor": "Samsung" }
+    ],
+    "name_pattern": ["tablet", "pad"]
+  },  
+  {
+    "dev_type": "IoT",
+    "icon_html": "<i class=\"fa-brands fa-raspberry-pi\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "B827EB", "vendor": "Raspberry Pi" },
+      { "mac_prefix": "DCA632", "vendor": "Raspberry Pi" }
+    ],
+    "name_pattern": ["raspberry", "pi"]
+  },
+  {
+    "dev_type": "IoT",
+    "icon_html": "<i class=\"fa-solid fa-microchip\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "840D8E", "vendor": "Espressif" },
+      { "mac_prefix": "ECFABC", "vendor": "Espressif" },
+      { "mac_prefix": "7C9EBD", "vendor": "Espressif" }
+    ],
+    "name_pattern": ["raspberry", "pi"]
+  },
+  {
+    "dev_type": "Desktop",
+    "icon_html": "<i class=\"fa fa-desktop\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001422", "vendor": "Dell" },
+      { "mac_prefix": "001874", "vendor": "Lenovo" },
+      { "mac_prefix": "00E04C", "vendor": "Hewlett Packard" }
+    ],
+    "name_pattern": ["desktop", "pc", "computer"]
+  },
+  {
+    "dev_type": "Laptop",
+    "icon_html": "<i class=\"fa fa-laptop\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "3C0754", "vendor": "HP" },
+      { "mac_prefix": "0017A4", "vendor": "Dell" },
+      { "mac_prefix": "F4CE46", "vendor": "Lenovo" },
+      { "mac_prefix": "409F38", "vendor": "Acer" }
+    ],
+    "name_pattern": ["macbook", "imac", "laptop", "notebook"]
+  },
+  {
+    "dev_type": "Server",
+    "icon_html": "<i class=\"fa fa-server\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001CBF", "vendor": "Supermicro" },
+      { "mac_prefix": "002186", "vendor": "Dell" },
+      { "mac_prefix": "D02788", "vendor": "Hewlett Packard" },
+      { "mac_prefix": "002590", "vendor": "IBM" }
+    ],
+    "name_pattern": ["server", "nas"]
+  },
+  {
+    "dev_type": "VM",
+    "icon_html": "<i class=\"fa fa-server\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "525400", "vendor": "QEMU" },
+      { "mac_prefix": "005056", "vendor": "VMware" },
+      { "mac_prefix": "000C29", "vendor": "VMware" },
+      { "mac_prefix": "000569", "vendor": "VMware" },
+      { "mac_prefix": "00163E", "vendor": "Xen" },
+      { "mac_prefix": "080027", "vendor": "VirtualBox" }
+    ]
+  },
+  {
+    "dev_type": "TV",
+    "icon_html": "<i class=\"fa fa-tv\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "0013CE", "vendor": "Samsung" },
+      { "mac_prefix": "0017C8", "vendor": "LG" },
+      { "mac_prefix": "D46E0E", "vendor": "Sony" }
+    ],
+    "name_pattern": ["tv", "television", "smarttv"]
+  },
+  {
+    "dev_type": "Gaming Console",
+    "icon_html": "<i class=\"fa fa-gamepad\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001FA7", "vendor": "Sony" },
+      { "mac_prefix": "7C04D0", "vendor": "Nintendo" },
+      { "mac_prefix": "EC26CA", "vendor": "Sony" }
+    ],
+    "name_pattern": ["playstation", "xbox"]
+  },
+  {
+    "dev_type": "Camera",
+    "icon_html": "<i class=\"fa fa-camera\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "A45E60", "vendor": "Hikvision" },
+      { "mac_prefix": "00408C", "vendor": "Axis" },
+      { "mac_prefix": "00156D", "vendor": "Amcrest" },
+      { "mac_prefix": "AC9E17", "vendor": "Reolink" }
+    ],
+    "name_pattern": ["camera", "cam", "webcam"]
+  },
+  {
+    "dev_type": "Smart Speaker",
+    "icon_html": "<i class=\"fa fa-volume-up\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "44650D", "vendor": "Amazon" },
+      { "mac_prefix": "74ACB9", "vendor": "Google" }
+    ],
+    "name_pattern": ["echo", "alexa", "dot"]
+  },
+  {
+    "dev_type": "Router",
+    "icon_html": "<i class=\"fa fa-random\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "000C29", "vendor": "Cisco" },
+      { "mac_prefix": "00155D", "vendor": "MikroTik" }
+    ],
+    "name_pattern": ["router", "gateway", "ap", "access point", "access-point"],
+    "ip_pattern": [
+      "^192\\.168\\.[0-1]\\.1$",
+      "^10\\.0\\.0\\.1$"
+    ]
+  },
+  {
+    "dev_type": "Smart Light",
+    "icon_html": "<i class=\"fa fa-lightbulb\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["hue", "lifx", "bulb"]
+  },
+  {
+    "dev_type": "Smart Home",
+    "icon_html": "<i class=\"fa fa-house\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["google", "chromecast", "nest"]
+  },
+  {
+    "dev_type": "Smartwatch",
+    "icon_html": "<i class=\"fa fa-watch\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["watch", "wear"]
+  },
+  {
+    "dev_type": "Printer",
+    "icon_html": "<i class=\"fa fa-print\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["printer", "print"]
+  },
+  {
+    "dev_type": "Security Device",
+    "icon_html": "<i class=\"fa fa-shield-alt\"></i>",
+    "matching_pattern": [],
+    "name_pattern": ["doorbell", "lock", "security"]
+  },
+  {
+    "dev_type": "Smart Light",
+    "icon_html": "<i class=\"fa-solid fa-lightbulb\"></i>",
+    "matching_pattern": [
+    ],
+    "name_pattern": ["light","bulb"]
+  }
+]

docker-compose.yml

@@ -23,11 +23,11 @@ services:
       # - ${DEV_LOCATION}/api:/app/api
       # ---------------------------------------------------------------------------
       # DELETE START anyone trying to use this file: comment out / delete BELOW lines, they are only for development purposes
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      
-      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases      
-      - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db    
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases        # test data for DCPLSS plugin
+      - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db    # test data for PIHOLE plugin
       - ${DEV_LOCATION}/mkdocs.yml:/app/mkdocs.yml
       - ${DEV_LOCATION}/docs:/app/docs
       - ${DEV_LOCATION}/server:/app/server            
@@ -53,11 +53,15 @@ services:
       - ${DEV_LOCATION}/front/plugins.php:/app/front/plugins.php
       - ${DEV_LOCATION}/front/pluginsCore.php:/app/front/pluginsCore.php
       - ${DEV_LOCATION}/front/index.php:/app/front/index.php
+      - ${DEV_LOCATION}/front/initCheck.php:/app/front/initCheck.php
       - ${DEV_LOCATION}/front/maintenance.php:/app/front/maintenance.php
       - ${DEV_LOCATION}/front/network.php:/app/front/network.php
       - ${DEV_LOCATION}/front/presence.php:/app/front/presence.php
       - ${DEV_LOCATION}/front/settings.php:/app/front/settings.php      
       - ${DEV_LOCATION}/front/systeminfo.php:/app/front/systeminfo.php      
+      - ${DEV_LOCATION}/front/systeminfoNetwork.php:/app/front/systeminfoNetwork.php      
+      - ${DEV_LOCATION}/front/systeminfoServer.php:/app/front/systeminfoServer.php      
+      - ${DEV_LOCATION}/front/systeminfoStorage.php:/app/front/systeminfoStorage.php      
       - ${DEV_LOCATION}/front/cloud_services.php:/app/front/cloud_services.php      
       - ${DEV_LOCATION}/front/report.php:/app/front/report.php      
       - ${DEV_LOCATION}/front/workflows.php:/app/front/workflows.php      

docs/API.md

@@ -1,6 +1,6 @@
-# API endpoints
+# NetAlertX API Documentation
 
-NetAlertX comes with a couple of API endpoints. All requests need to be authorized (executed in a logged in browser session) or you have to pass the value of the `API_TOKEN` settings as authorization bearer, for example:
+This API provides programmatic access to **devices, events, sessions, metrics, network tools, and sync** in NetAlertX. It is implemented as a **REST and GraphQL server**. All requests require authentication via **API Token** (`API_TOKEN` setting) unless explicitly noted. For example, to authorize a GraphQL request, you need to use a `Authorization: Bearer API_TOKEN` header as per example below:
 
 ```graphql
 curl 'http://host:GRAPHQL_PORT/graphql' \
@@ -21,239 +21,59 @@ curl 'http://host:GRAPHQL_PORT/graphql' \
   }'
 ```
 
-## API Endpoint: GraphQL
+The API server runs on `0.0.0.0:<graphql_port>` with **CORS enabled** for all main endpoints.
 
-- Endpoint URL: `php/server/query_graphql.php`
-- Host: `same as front end (web ui)`
-- Port: `20212` or as defined by the `GRAPHQL_PORT` setting
+---
 
-### Example Query to Fetch Devices
+## Authentication
 
-First, let's define the GraphQL query to fetch devices with pagination and sorting options.
+All endpoints require an API token provided in the HTTP headers:
 
-```graphql
-query GetDevices($options: PageQueryOptionsInput) {
-  devices(options: $options) {
-    devices {
-      rowid
-      devMac
-      devName
-      devOwner
-      devType
-      devVendor
-      devLastConnection
-      devStatus
-    }
-    count
-  }
-}
+```http
+Authorization: Bearer <API_TOKEN>
 ```
 
-### `curl` Command
-
-You can use the following `curl` command to execute the query. 
-
-```sh
-curl 'http://host:GRAPHQL_PORT/graphql'   -X POST   -H 'Authorization: Bearer API_TOKEN'  -H 'Content-Type: application/json'   --data '{
-    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
-    "variables": {
-      "options": {
-        "page": 1,
-        "limit": 10,
-        "sort": [{ "field": "devName", "order": "asc" }],
-        "search": "",
-        "status": "connected"
-      }
-    }
-  }'
-```
-
-### Explanation:
-
-1. **GraphQL Query**:
-   - The `query` parameter contains the GraphQL query as a string.
-   - The `variables` parameter contains the input variables for the query.
-
-2. **Query Variables**:
-   - `page`: Specifies the page number of results to fetch.
-   - `limit`: Specifies the number of results per page.
-   - `sort`: Specifies the sorting options, with `field` being the field to sort by and `order` being the sort order (`asc` for ascending or `desc` for descending).
-   - `search`: A search term to filter the devices.
-   - `status`: The status filter to apply (valid values are `my_devices` (determined by the `UI_MY_DEVICES` setting), `connected`, `favorites`, `new`, `down`, `archived`, `offline`).
-
-3. **`curl` Command**:
-   - The `-X POST` option specifies that we are making a POST request.
-   - The `-H "Content-Type: application/json"` option sets the content type of the request to JSON.
-   - The `-d` option provides the request payload, which includes the GraphQL query and variables.
-
-### Sample Response
-
-The response will be in JSON format, similar to the following:
+If the token is missing or invalid, the server will return:
 
 ```json
-{
-  "data": {
-    "devices": {
-      "devices": [
-        {
-          "rowid": 1,
-          "devMac": "00:11:22:33:44:55",
-          "devName": "Device 1",
-          "devOwner": "Owner 1",
-          "devType": "Type 1",
-          "devVendor": "Vendor 1",
-          "devLastConnection": "2025-01-01T00:00:00Z",
-          "devStatus": "connected"
-        },
-        {
-          "rowid": 2,
-          "devMac": "66:77:88:99:AA:BB",
-          "devName": "Device 2",
-          "devOwner": "Owner 2",
-          "devType": "Type 2",
-          "devVendor": "Vendor 2",
-          "devLastConnection": "2025-01-02T00:00:00Z",
-          "devStatus": "connected"
-        }
-      ],
-      "count": 2
-    }
-  }
-}
+{ "error": "Forbidden" }
 ```
 
-## API Endpoint: JSON files 
+---
 
-This API endpoint retrieves static files, that are periodically updated. 
-
-- Endpoint URL: `php/server/query_json.php?file=<file name>`
-- Host: `same as front end (web ui)`
-- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
-
-### When are the endpoints updated
-
-The endpoints are updated when objects in the API endpoints are changed.
-
-### Location of the endpoints
-
-In the container, these files are located under the `/app/api/` folder. You can access them via the `/php/server/query_json.php?file=user_notifications.json` endpoint.
-
-### Available endpoints
-
-You can access the following files:
-
-  | File name | Description | 
-  |----------------------|----------------------| 
-  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json)). |
-  | `table_devices.json` | All of the available Devices detected by the app. |  
-  | `table_plugins_events.json` | The list of the unprocessed (pending) notification events (plugins_events DB table). |
-  | `table_plugins_history.json` | The list of notification events history. |  
-  | `table_plugins_objects.json` | The content of the plugins_objects table. Find more info on the [Plugin system here](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md)|
-  | `language_strings.json` | The content of the language_strings table, which in turn is loaded from the plugins `config.json` definitions. |  
-  | `table_custom_endpoint.json` | A custom endpoint generated by the SQL query specified by the `API_CUSTOM_SQL` setting. |
-  | `table_settings.json` | The content of the settings table. |
-  | `app_state.json` | Contains the current application state. |
-  
-
-### JSON Data format
-
-The endpoints starting with the `table_` prefix contain most, if not all, data contained in the corresponding database table. The common format for those is:
-
-```JSON
-{
-  "data": [
-        {
-          "db_column_name": "data",
-          "db_column_name2": "data2"      
-        }, 
-        {
-          "db_column_name": "data3",
-          "db_column_name2": "data4" 
-        }
-    ]
-}
+## Base URL
 
 ```
-
-Example JSON of the `table_devices.json` endpoint with two Devices (database rows):
-
-```JSON
-{
-  "data": [
-        {
-          "devMac": "Internet",
-          "devName": "Net - Huawei",
-          "devType": "Router",
-          "devVendor": null,
-          "devGroup": "Always on",
-          "devFirstConnection": "2021-01-01 00:00:00",
-          "devLastConnection": "2021-01-28 22:22:11",
-          "devLastIP": "192.168.1.24",
-          "devStaticIP": 0,
-          "devPresentLastScan": 1,
-          "devLastNotification": "2023-01-28 22:22:28.998715",
-          "devIsNew": 0,
-          "devParentMAC": "",
-          "devParentPort": "",
-          "devIcon": "globe"
-        }, 
-        {
-          "devMac": "a4:8f:ff:aa:ba:1f",
-          "devName": "Net - USG",
-          "devType": "Firewall",
-          "devVendor": "Ubiquiti Inc",
-          "devGroup": "",
-          "devFirstConnection": "2021-02-12 22:05:00",
-          "devLastConnection": "2021-07-17 15:40:00",
-          "devLastIP": "192.168.1.1",
-          "devStaticIP": 1,
-          "devPresentLastScan": 1,
-          "devLastNotification": "2021-07-17 15:40:10.667717",
-          "devIsNew": 0,
-          "devParentMAC": "Internet",
-          "devParentPort": 1,
-          "devIcon": "shield-halved"
-      }
-    ]
-}
-
+http://<server>:<GRAPHQL_PORT>/
 ```
 
-## API Endpoint: /log files
+---
 
-This API endpoint retrieves files from the `/app/log` folder. 
+## Endpoints
 
-- Endpoint URL: `php/server/query_logs.php?file=<file name>`
-- Host: `same as front end (web ui)`
-- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+> [!TIP]
+> When retrieving devices or settings try using the GraphQL API endpoint first as it is read-optimized.
 
-| File                     | Description                                                   |
-|--------------------------|---------------------------------------------------------------|
-| `IP_changes.log`         | Logs of IP address changes                                    |
-| `app.log`                | Main application log                                          |
-| `app.php_errors.log`     | PHP error log                                                 |
-| `app_front.log`          | Frontend application log                                      |
-| `app_nmap.log`           | Logs of Nmap scan results                                     |
-| `db_is_locked.log`       | Logs when the database is locked                              |
-| `execution_queue.log`    | Logs of execution queue activities                            |
-| `plugins/`               | Directory for temporary plugin-related files (not accessible) |
-| `report_output.html`     | HTML report output                                            |
-| `report_output.json`     | JSON format report output                                     |
-| `report_output.txt`      | Text format report output                                     |
-| `stderr.log`             | Logs of standard error output                                 |
-| `stdout.log`             | Logs of standard output                                       |
+* [Device API Endpoints](API_DEVICE.md) – Manage individual devices
+* [Devices Collection](API_DEVICES.md) – Bulk operations on multiple devices
+* [Events](API_EVENTS.md) – Device event logging and management
+* [Sessions](API_SESSIONS.md) – Connection sessions and history
+* [Settings](API_SETTINGS.md) – Settings
+* [Metrics](API_METRICS.md) – Prometheus metrics and per-device status
+* [Network Tools](API_NETTOOLS.md) – Utilities like Wake-on-LAN, traceroute, nslookup, nmap, and internet info
+* [Online History](API_ONLINEHISTORY.md) – Online/offline device records
+* [GraphQL](API_GRAPHQL.md) – Advanced queries and filtering
+* [Sync](API_SYNC.md) – Synchronization between multiple NetAlertX instances
+* [DB query](API_DBQUERY.md) (⚠ Internal) - Low level database access - use other endpoints if possible
 
+See [Testing](API_TESTS.md) for example requests and usage.
 
-## API Endpoint: /config files
+---
 
-To retrieve files from the `/app/config` folder. 
-
-- Endpoint URL: `php/server/query_config.php?file=<file name>`
-- Host: `same as front end (web ui)`
-- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
-
-| File                     | Description                                      |
-|--------------------------|--------------------------------------------------|
-| `devices.csv`            | Devices csv file                                 |
-| `app.conf`               | Application config file                          |
+## Notes
 
+* All endpoints enforce **Bearer token authentication**.
+* Errors return JSON with `success: False` and an error message.
+* GraphQL is available for advanced queries, while REST endpoints cover structured use cases.
+* Endpoints run on `0.0.0.0:<GRAPHQL_PORT>` with **CORS enabled**.
+* Use consistent API tokens and node/plugin names when interacting with `/sync` to ensure data integrity.

docs/API_DBQUERY.md

@@ -0,0 +1,183 @@
+# Database Query API
+
+The **Database Query API** provides direct, low-level access to the NetAlertX database. It allows **read, write, update, and delete** operations against tables, using **base64-encoded** SQL or structured parameters.
+
+> [!Warning] 
+> This API is primarily used internally to generate and render the application UI. These endpoints are low-level and powerful, and should be used with caution. Wherever possible, prefer the [standard API endpoints](API.md). Invalid or unsafe queries can corrupt data.
+> If you need data in a specific format that is not already provided, please open an issue or pull request with a clear, broadly useful use case. This helps ensure new endpoints benefit the wider community rather than relying on raw database queries.
+
+---
+
+## Authentication
+
+All `/dbquery/*` endpoints require an API token in the HTTP headers:
+
+```http
+Authorization: Bearer <API_TOKEN>
+```
+
+If the token is missing or invalid:
+
+```json
+{ "error": "Forbidden" }
+```
+
+---
+
+## Endpoints
+
+### 1. `POST /dbquery/read`
+
+Execute a **read-only** SQL query (e.g., `SELECT`).
+
+#### Request Body
+
+```json
+{
+  "rawSql": "U0VMRUNUICogRlJPTSBERVZJQ0VT"   // base64 encoded SQL
+}
+```
+
+Decoded SQL:
+
+```sql
+SELECT * FROM Devices;
+```
+
+#### Response
+
+```json
+{
+  "success": true,
+  "results": [
+    { "devMac": "AA:BB:CC:DD:EE:FF", "devName": "Phone" }
+  ]
+}
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/read" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "rawSql": "U0VMRUNUICogRlJPTSBERVZJQ0VT"
+  }'
+```
+
+---
+
+### 2. `POST /dbquery/update` (safer than `/dbquery/write`)
+
+Update rows in a table by `columnName` + `id`. `/dbquery/update` is parameterized to reduce the risk of SQL injection, while `/dbquery/write` executes raw SQL directly.
+
+#### Request Body
+
+```json
+{
+  "columnName": "devMac",
+  "id": ["AA:BB:CC:DD:EE:FF"],
+  "dbtable": "Devices",
+  "columns": ["devName", "devOwner"],
+  "values": ["Laptop", "Alice"]
+}
+```
+
+#### Response
+
+```json
+{ "success": true, "updated_count": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/update" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "columnName": "devMac",
+    "id": ["AA:BB:CC:DD:EE:FF"],
+    "dbtable": "Devices",
+    "columns": ["devName", "devOwner"],
+    "values": ["Laptop", "Alice"]
+  }'
+```
+
+---
+
+### 3. `POST /dbquery/write`
+
+Execute a **write query** (`INSERT`, `UPDATE`, `DELETE`).
+
+#### Request Body
+
+```json
+{
+  "rawSql": "SU5TRVJUIElOVE8gRGV2aWNlcyAoZGV2TWFjLCBkZXYgTmFtZSwgZGV2Rmlyc3RDb25uZWN0aW9uLCBkZXZMYXN0Q29ubmVjdGlvbiwgZGV2TGFzdElQKSBWQUxVRVMgKCc2QTpCQjo0Qzo1RDo2RTonLCAnVGVzdERldmljZScsICcyMDI1LTA4LTMwIDEyOjAwOjAwJywgJzIwMjUtMDgtMzAgMTI6MDA6MDAnLCAnMTAuMC4wLjEwJyk="
+}
+```
+
+Decoded SQL:
+
+```sql
+INSERT INTO Devices (devMac, devName, devFirstConnection, devLastConnection, devLastIP)
+VALUES ('6A:BB:4C:5D:6E', 'TestDevice', '2025-08-30 12:00:00', '2025-08-30 12:00:00', '10.0.0.10');
+```
+
+#### Response
+
+```json
+{ "success": true, "affected_rows": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/write" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "rawSql": "SU5TRVJUIElOVE8gRGV2aWNlcyAoZGV2TWFjLCBkZXYgTmFtZSwgZGV2Rmlyc3RDb25uZWN0aW9uLCBkZXZMYXN0Q29ubmVjdGlvbiwgZGV2TGFzdElQKSBWQUxVRVMgKCc2QTpCQjo0Qzo1RDo2RTonLCAnVGVzdERldmljZScsICcyMDI1LTA4LTMwIDEyOjAwOjAwJywgJzIwMjUtMDgtMzAgMTI6MDA6MDAnLCAnMTAuMC4wLjEwJyk="
+  }'
+```
+
+---
+
+### 4. `POST /dbquery/delete`
+
+Delete rows in a table by `columnName` + `id`.
+
+#### Request Body
+
+```json
+{
+  "columnName": "devMac",
+  "id": ["AA:BB:CC:DD:EE:FF"],
+  "dbtable": "Devices"
+}
+```
+
+#### Response
+
+```json
+{ "success": true, "deleted_count": 1 }
+```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/dbquery/delete" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "columnName": "devMac",
+    "id": ["AA:BB:CC:DD:EE:FF"],
+    "dbtable": "Devices"
+  }'
+```

docs/API_DEVICE.md

@@ -0,0 +1,233 @@
+# Device API Endpoints
+
+Manage a **single device** by its MAC address. Operations include retrieval, updates, deletion, resetting properties, and copying data between devices. All endpoints require **authorization** via Bearer token.
+
+---
+
+## 1. Retrieve Device Details
+
+* **GET** `/device/<mac>`
+  Fetch all details for a single device, including:
+
+* Computed status (`devStatus`) → `On-line`, `Off-line`, or `Down`
+* Session and event counts (`devSessions`, `devEvents`, `devDownAlerts`)
+* Presence hours (`devPresenceHours`)
+* Children devices (`devChildrenDynamic`) and NIC children (`devChildrenNicsDynamic`)
+
+**Special case**: `mac=new` returns a template for a new device with default values.
+
+**Response** (success):
+
+```json
+{
+  "devMac": "AA:BB:CC:DD:EE:FF",
+  "devName": "Net - Huawei",
+  "devOwner": "Admin",
+  "devType": "Router",
+  "devVendor": "Huawei",
+  "devStatus": "On-line",
+  "devSessions": 12,
+  "devEvents": 5,
+  "devDownAlerts": 1,
+  "devPresenceHours": 32,
+  "devChildrenDynamic": [...],
+  "devChildrenNicsDynamic": [...],
+  ...
+}
+```
+
+**Error Responses**:
+
+* Device not found → HTTP 404
+* Unauthorized → HTTP 403
+
+---
+
+## 2. Update Device Fields
+
+* **POST** `/device/<mac>`
+  Create or update a device record.
+
+**Request Body**:
+
+```json
+{
+  "devName": "New Device",
+  "devOwner": "Admin",
+  "createNew": true
+}
+```
+
+**Behavior**:
+
+* If `createNew=true` → creates a new device
+* Otherwise → updates existing device fields
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+## 3. Delete a Device
+
+* **DELETE** `/device/<mac>/delete`
+  Deletes the device with the given MAC.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+## 4. Delete All Events for a Device
+
+* **DELETE** `/device/<mac>/events/delete`
+  Removes all events associated with a device.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+---
+
+## 5. Reset Device Properties
+
+* **POST** `/device/<mac>/reset-props`
+  Resets the device's custom properties to default values.
+
+**Request Body**: Optional JSON for additional parameters.
+
+**Response**:
+
+```json
+{
+  "success": true
+}
+```
+
+---
+
+## 6. Copy Device Data
+
+* **POST** `/device/copy`
+  Copy all data from one device to another. If a device exists with `macTo`, it is replaced.
+
+**Request Body**:
+
+```json
+{
+  "macFrom": "AA:BB:CC:DD:EE:FF",
+  "macTo": "11:22:33:44:55:66"
+}
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "message": "Device copied from AA:BB:CC:DD:EE:FF to 11:22:33:44:55:66"
+}
+```
+
+**Error Responses**:
+
+* Missing `macFrom` or `macTo` → HTTP 400
+* Unauthorized → HTTP 403
+
+---
+
+## 7. Update a Single Column
+
+* **POST** `/device/<mac>/update-column`
+  Update one specific column for a device.
+
+**Request Body**:
+
+```json
+{
+  "columnName": "devName",
+  "columnValue": "Updated Device Name"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true
+}
+```
+
+**Error Responses**:
+
+* Device not found → HTTP 404
+* Missing `columnName` or `columnValue` → HTTP 400
+* Unauthorized → HTTP 403
+
+---
+
+## Example `curl` Requests
+
+**Get Device Details**:
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Update Device Fields**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devName": "New Device Name"}'
+```
+
+**Delete Device**:
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF/delete" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Copy Device Data**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/copy" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"macFrom":"AA:BB:CC:DD:EE:FF","macTo":"11:22:33:44:55:66"}'
+```
+
+**Update Single Column**:
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/device/AA:BB:CC:DD:EE:FF/update-column" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"columnName":"devName","columnValue":"Updated Device"}'
+```
+

docs/API_DEVICES.md

@@ -0,0 +1,249 @@
+# Devices Collection API Endpoints
+
+The Devices Collection API provides operations to **retrieve, manage, import/export, and filter devices** in bulk. All endpoints require **authorization** via Bearer token.
+
+---
+
+## Endpoints
+
+### 1. Get All Devices
+
+* **GET** `/devices`
+  Retrieves all devices from the database.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "devices": [
+    {
+      "devName": "Net - Huawei",
+      "devMAC": "AA:BB:CC:DD:EE:FF",
+      "devIP": "192.168.1.1",
+      "devType": "Router",
+      "devFavorite": 0,
+      "devStatus": "online"
+    },
+    ...
+  ]
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### 2. Delete Devices by MAC
+
+* **DELETE** `/devices`
+  Deletes devices by MAC address. Supports exact matches or wildcard `*`.
+
+**Request Body**:
+
+```json
+{
+  "macs": ["AA:BB:CC:DD:EE:FF", "11:22:33:*"]
+}
+```
+
+**Behavior**:
+
+* If `macs` is omitted or `null` → deletes **all devices**.
+* Wildcards `*` match multiple devices.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted_count": 5
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### 3. Delete Devices with Empty MACs
+
+* **DELETE** `/devices/empty-macs`
+  Removes all devices where MAC address is null or empty.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted": 3
+}
+```
+
+---
+
+### 4. Delete Unknown Devices
+
+* **DELETE** `/devices/unknown`
+  Deletes devices with names marked as `(unknown)` or `(name not found)`.
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "deleted": 2
+}
+```
+
+---
+
+### 5. Export Devices
+
+* **GET** `/devices/export` or `/devices/export/<format>`
+  Exports all devices in **CSV** (default) or **JSON** format.
+
+**Query Parameter / URL Parameter**:
+
+* `format` (optional) → `csv` (default) or `json`
+
+**CSV Response**:
+
+* Returns as a downloadable CSV file: `Content-Disposition: attachment; filename=devices.csv`
+
+**JSON Response**:
+
+```json
+{
+  "data": [
+    { "devName": "Net - Huawei", "devMAC": "AA:BB:CC:DD:EE:FF", ... },
+    ...
+  ],
+  "columns": ["devName", "devMAC", "devIP", "devType", "devFavorite", "devStatus"]
+}
+```
+
+**Error Responses**:
+
+* Unsupported format → HTTP 400
+
+---
+
+### 6. Import Devices from CSV
+
+* **POST** `/devices/import`
+  Imports devices from an uploaded CSV or base64-encoded CSV content.
+
+**Request Body** (multipart file or JSON with `content` field):
+
+```json
+{
+  "content": "<base64-encoded CSV content>"
+}
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "inserted": 25,
+  "skipped_lines": [3, 7]
+}
+```
+
+**Error Responses**:
+
+* Missing file or content → HTTP 400 / 404
+* CSV malformed → HTTP 400
+
+---
+
+### 7. Get Device Totals
+
+* **GET** `/devices/totals`
+  Returns counts of devices by various categories.
+
+**Response**:
+
+```json
+[ 
+  120,    // Total devices
+  85,     // Connected
+  5,      // Favorites
+  10,     // New
+  8,      // Down
+  12      // Archived
+]
+```
+
+*Order: `[all, connected, favorites, new, down, archived]`*
+
+---
+
+### 8. Get Devices by Status
+
+* **GET** `/devices/by-status?status=<status>`
+  Returns devices filtered by status.
+
+**Query Parameter**:
+
+* `status` → Supported values: `online`, `offline`, `down`, `archived`, `favorites`, `new`, `my`
+* If omitted, returns **all devices**.
+
+**Response** (success):
+
+```json
+[
+  { "id": "AA:BB:CC:DD:EE:FF", "title": "Net - Huawei", "favorite": 0 },
+  { "id": "11:22:33:44:55:66", "title": "★ USG Firewall", "favorite": 1 }
+]
+```
+
+*If `devFavorite=1`, the title is prepended with a star `★`.*
+
+---
+
+## Example `curl` Requests
+
+**Get All Devices**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Delete Devices by MAC**:
+
+```sh
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/devices" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"macs":["AA:BB:CC:DD:EE:FF","11:22:33:*"]}'
+```
+
+**Export Devices CSV**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices/export?format=csv" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Import Devices from CSV**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/devices/import" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -F "file=@devices.csv"
+```
+
+**Get Devices by Status**:
+
+```sh
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/devices/by-status?status=online" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+

docs/API_EVENTS.md

@@ -0,0 +1,169 @@
+# Events API Endpoints
+
+The Events API provides access to **device event logs**, allowing creation, retrieval, deletion, and summary of events over time.
+
+---
+
+## Endpoints
+
+### 1. Create Event
+
+* **POST** `/events/create/<mac>`
+  Create an event for a device identified by its MAC address.
+
+**Request Body** (JSON):
+
+```json
+{
+  "ip": "192.168.1.10",
+  "event_type": "Device Down",
+  "additional_info": "Optional info about the event",
+  "pending_alert": 1,
+  "event_time": "2025-08-24T12:00:00Z"
+}
+```
+
+* **Parameters**:
+
+  * `ip` (string, optional): IP address of the device
+  * `event_type` (string, optional): Type of event (default `"Device Down"`)
+  * `additional_info` (string, optional): Extra information
+  * `pending_alert` (int, optional): 1 if alert email is pending (default 1)
+  * `event_time` (ISO datetime, optional): Event timestamp; defaults to current time
+
+**Response** (JSON):
+
+```json
+{
+  "success": true,
+  "message": "Event created for 00:11:22:33:44:55"
+}
+```
+
+---
+
+### 2. Get Events
+
+* **GET** `/events`
+  Retrieve all events, optionally filtered by MAC address:
+
+```
+/events?mac=<mac>
+```
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "events": [
+    {
+      "eve_MAC": "00:11:22:33:44:55",
+      "eve_IP": "192.168.1.10",
+      "eve_DateTime": "2025-08-24T12:00:00Z",
+      "eve_EventType": "Device Down",
+      "eve_AdditionalInfo": "",
+      "eve_PendingAlertEmail": 1
+    }
+  ]
+}
+```
+
+---
+
+### 3. Delete Events
+
+* **DELETE** `/events/<mac>` → Delete events for a specific MAC
+* **DELETE** `/events` → Delete **all** events
+* **DELETE** `/events/<days>` → Delete events older than N days
+
+**Response**:
+
+```json
+{
+  "success": true,
+  "message": "Deleted events older than <days> days"
+}
+```
+
+---
+
+### 4. Event Totals Over a Period
+
+* **GET** `/sessions/totals?period=<period>`
+  Return event and session totals over a given period.
+
+**Query Parameters**:
+
+| Parameter | Description                                                                      |
+| --------- | -------------------------------------------------------------------------------- |
+| `period`  | Time period for totals, e.g., `"7 days"`, `"1 month"`, `"1 year"`, `"100 years"` |
+
+**Sample Response** (JSON Array):
+
+```json
+[120, 85, 5, 10, 3, 7]
+```
+
+**Meaning of Values**:
+
+1. Total events in the period
+2. Total sessions
+3. Missing sessions
+4. Voided events (`eve_EventType LIKE 'VOIDED%'`)
+5. New device events (`eve_EventType LIKE 'New Device'`)
+6. Device down events (`eve_EventType LIKE 'Device Down'`)
+
+---
+
+## Notes
+
+* All endpoints require **authorization** (Bearer token). Unauthorized requests return:
+
+```json
+{ "error": "Forbidden" }
+```
+
+* Events are stored in the **Events table** with the following fields:
+  `eve_MAC`, `eve_IP`, `eve_DateTime`, `eve_EventType`, `eve_AdditionalInfo`, `eve_PendingAlertEmail`.
+
+* Event creation automatically logs activity for debugging.
+
+---
+
+## Example `curl` Requests
+
+**Create Event**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/events/create/00:11:22:33:44:55" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{
+    "ip": "192.168.1.10",
+    "event_type": "Device Down",
+    "additional_info": "Power outage",
+    "pending_alert": 1
+  }'
+```
+
+**Get Events for a Device**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/events?mac=00:11:22:33:44:55" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Delete Events Older Than 30 Days**:
+
+```sh
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/events/30" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Get Event Totals for 7 Days**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/sessions/totals?period=7 days" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```

docs/API_GRAPHQL.md

@@ -0,0 +1,200 @@
+# GraphQL API Endpoint
+
+GraphQL queries are **read-optimized for speed**. Data may be slightly out of date until the file system cache refreshes. The GraphQL endpoints allows you to access the following objects:
+
+- Devices
+- Settings
+
+## Endpoints
+
+* **GET** `/graphql`
+  Returns a simple status message (useful for browser or debugging).
+
+* **POST** `/graphql`
+  Execute GraphQL queries against the `devicesSchema`.
+
+---
+
+## Devices Query
+
+### Sample Query
+
+```graphql
+query GetDevices($options: PageQueryOptionsInput) {
+  devices(options: $options) {
+    devices {
+      rowid
+      devMac
+      devName
+      devOwner
+      devType
+      devVendor
+      devLastConnection
+      devStatus
+    }
+    count
+  }
+}
+```
+
+### Query Parameters
+
+| Parameter | Description                                                                                             |
+| --------- | ------------------------------------------------------------------------------------------------------- |
+| `page`    | Page number of results to fetch.                                                                        |
+| `limit`   | Number of results per page.                                                                             |
+| `sort`    | Sorting options (`field` = field name, `order` = `asc` or `desc`).                                      |
+| `search`  | Term to filter devices.                                                                                 |
+| `status`  | Filter devices by status: `my_devices`, `connected`, `favorites`, `new`, `down`, `archived`, `offline`. |
+| `filters` | Additional filters (array of `{ filterColumn, filterValue }`).                                          |
+
+---
+
+### `curl` Example
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+---
+
+### Sample Response
+
+```json
+{
+  "data": {
+    "devices": {
+      "devices": [
+        {
+          "rowid": 1,
+          "devMac": "00:11:22:33:44:55",
+          "devName": "Device 1",
+          "devOwner": "Owner 1",
+          "devType": "Type 1",
+          "devVendor": "Vendor 1",
+          "devLastConnection": "2025-01-01T00:00:00Z",
+          "devStatus": "connected"
+        }
+      ],
+      "count": 1
+    }
+  }
+}
+```
+
+---
+
+## Settings Query
+
+The **settings query** provides access to NetAlertX configuration stored in the settings table.
+
+### Sample Query
+
+```graphql
+query GetSettings {
+  settings {
+    settings {
+      setKey
+      setName
+      setDescription
+      setType
+      setOptions
+      setGroup
+      setValue
+      setEvents
+      setOverriddenByEnv
+    }
+    count
+  }
+}
+```
+
+### Schema Fields
+
+| Field                | Type    | Description                                                              |
+| -------------------- | ------- | ------------------------------------------------------------------------ |
+| `setKey`             | String  | Unique key identifier for the setting.                                   |
+| `setName`            | String  | Human-readable name.                                                     |
+| `setDescription`     | String  | Description or documentation of the setting.                             |
+| `setType`            | String  | Data type (`string`, `int`, `bool`, `json`, etc.).                       |
+| `setOptions`         | String  | Available options (for dropdown/select-type settings).                   |
+| `setGroup`           | String  | Group/category the setting belongs to.                                   |
+| `setValue`           | String  | Current value of the setting.                                            |
+| `setEvents`          | String  | Events or triggers related to this setting.                              |
+| `setOverriddenByEnv` | Boolean | Whether the setting is overridden by an environment variable at runtime. |
+
+---
+
+### `curl` Example
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetSettings { settings { settings { setKey setName setDescription setType setOptions setGroup setValue setEvents setOverriddenByEnv } count } }"
+  }'
+```
+
+---
+
+### Sample Response
+
+```json
+{
+  "data": {
+    "settings": {
+      "settings": [
+        {
+          "setKey": "UI_MY_DEVICES",
+          "setName": "My Devices Filter",
+          "setDescription": "Defines which statuses to include in the 'My Devices' view.",
+          "setType": "list",
+          "setOptions": "[\"online\",\"new\",\"down\",\"offline\",\"archived\"]",
+          "setGroup": "UI",
+          "setValue": "[\"online\",\"new\"]",
+          "setEvents": null,
+          "setOverriddenByEnv": false
+        },
+        {
+          "setKey": "NETWORK_DEVICE_TYPES",
+          "setName": "Network Device Types",
+          "setDescription": "Types of devices considered as network infrastructure.",
+          "setType": "list",
+          "setOptions": "[\"Router\",\"Switch\",\"AP\"]",
+          "setGroup": "Network",
+          "setValue": "[\"Router\",\"Switch\"]",
+          "setEvents": null,
+          "setOverriddenByEnv": true
+        }
+      ],
+      "count": 2
+    }
+  }
+}
+```
+
+---
+
+## Notes
+
+* Device and settings queries can be combined in one request since GraphQL supports batching.
+* The `setOverriddenByEnv` flag helps identify setting values that are locked at container runtime.
+* The schema is **read-only** — updates must be performed through other APIs or configuration management. See the other [API](API.md) endpoints for details. 
+

docs/API_METRICS.md

@@ -0,0 +1,103 @@
+# Metrics API Endpoint
+
+The `/metrics` endpoint exposes **Prometheus-compatible metrics** for NetAlertX, including aggregate device counts and per-device status.
+
+---
+
+## Endpoint Details
+
+* **GET** `/metrics` → Returns metrics in plain text.
+* **Host**: NetAlertX server
+* **Port**: As configured in `GRAPHQL_PORT` (default: `20212`)
+
+---
+
+## Example Output
+
+```text
+netalertx_connected_devices 31
+netalertx_offline_devices 54
+netalertx_down_devices 0
+netalertx_new_devices 0
+netalertx_archived_devices 31
+netalertx_favorite_devices 2
+netalertx_my_devices 54
+
+netalertx_device_status{device="Net - Huawei", mac="Internet", ip="1111.111.111.111", vendor="None", first_connection="2021-01-01 00:00:00", last_connection="2025-08-04 17:57:00", dev_type="Router", device_status="Online"} 1
+netalertx_device_status{device="Net - USG", mac="74:ac:74:ac:74:ac", ip="192.168.1.1", vendor="Ubiquiti Networks Inc.", first_connection="2022-02-12 22:05:00", last_connection="2025-06-07 08:16:49", dev_type="Firewall", device_status="Archived"} 1
+netalertx_device_status{device="Raspberry Pi 4 LAN", mac="74:ac:74:ac:74:74", ip="192.168.1.9", vendor="Raspberry Pi Trading Ltd", first_connection="2022-02-12 22:05:00", last_connection="2025-08-04 17:57:00", dev_type="Singleboard Computer (SBC)", device_status="Online"} 1
+...
+```
+
+---
+
+## Metrics Overview
+
+### 1. Aggregate Device Counts
+
+| Metric                        | Description                              |
+| ----------------------------- | ---------------------------------------- |
+| `netalertx_connected_devices` | Devices currently connected              |
+| `netalertx_offline_devices`   | Devices currently offline                |
+| `netalertx_down_devices`      | Down/unreachable devices                 |
+| `netalertx_new_devices`       | Recently detected devices                |
+| `netalertx_archived_devices`  | Archived devices                         |
+| `netalertx_favorite_devices`  | User-marked favorites                    |
+| `netalertx_my_devices`        | Devices associated with the current user |
+
+---
+
+### 2. Per-Device Status
+
+Metric: `netalertx_device_status`
+Each device has labels:
+
+* `device`: friendly name
+* `mac`: MAC address (or placeholder)
+* `ip`: last recorded IP
+* `vendor`: manufacturer or "None"
+* `first_connection`: timestamp of first detection
+* `last_connection`: most recent contact
+* `dev_type`: device type/category
+* `device_status`: current status (`Online`, `Offline`, `Archived`, `Down`, …)
+
+Metric value is always `1` (presence indicator).
+
+---
+
+## Querying with `curl`
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/metrics' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: text/plain'
+```
+
+Replace placeholders:
+
+* `<server_ip>` – NetAlertX host IP/hostname
+* `<GRAPHQL_PORT>` – configured port (default `20212`)
+* `<API_TOKEN>` – your API token
+
+---
+
+## Prometheus Scraping Configuration
+
+```yaml
+scrape_configs:
+  - job_name: 'netalertx'
+    metrics_path: /metrics
+    scheme: http
+    scrape_interval: 60s
+    static_configs:
+      - targets: ['<server_ip>:<GRAPHQL_PORT>']
+    authorization:
+      type: Bearer
+      credentials: <API_TOKEN>
+```
+
+---
+
+## Grafana Dashboard Template
+
+Sample template JSON: [Download](./samples/API/Grafana_Dashboard.json)

docs/API_NETTOOLS.md

@@ -0,0 +1,243 @@
+# Net Tools API Endpoints
+
+The Net Tools API provides **network diagnostic utilities**, including Wake-on-LAN, traceroute, speed testing, DNS resolution, nmap scanning, and internet connection information.
+
+All endpoints require **authorization** via Bearer token.
+
+---
+
+## Endpoints
+
+### 1. Wake-on-LAN
+
+* **POST** `/nettools/wakeonlan`
+  Sends a Wake-on-LAN packet to wake a device.
+
+**Request Body** (JSON):
+
+```json
+{
+  "devMac": "AA:BB:CC:DD:EE:FF"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "message": "WOL packet sent",
+  "output": "Sent magic packet to AA:BB:CC:DD:EE:FF"
+}
+```
+
+**Error Responses**:
+
+* Invalid MAC address → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 2. Traceroute
+
+* **POST** `/nettools/traceroute`
+  Performs a traceroute to a specified IP address.
+
+**Request Body**:
+
+```json
+{
+  "devLastIP": "192.168.1.1"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": "traceroute output as string"
+}
+```
+
+**Error Responses**:
+
+* Invalid IP → HTTP 400
+* Traceroute command failure → HTTP 500
+
+---
+
+### 3. Speedtest
+
+* **GET** `/nettools/speedtest`
+  Runs an internet speed test using `speedtest-cli`.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": [
+    "Ping: 15 ms",
+    "Download: 120.5 Mbit/s",
+    "Upload: 22.4 Mbit/s"
+  ]
+}
+```
+
+**Error Responses**:
+
+* Command failure → HTTP 500
+
+---
+
+### 4. DNS Lookup (nslookup)
+
+* **POST** `/nettools/nslookup`
+  Resolves an IP address or hostname using `nslookup`.
+
+**Request Body**:
+
+```json
+{
+  "devLastIP": "8.8.8.8"
+}
+```
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": [
+    "Server: 8.8.8.8",
+    "Address: 8.8.8.8#53",
+    "Name: google-public-dns-a.google.com"
+  ]
+}
+```
+
+**Error Responses**:
+
+* Missing or invalid `devLastIP` → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 5. Nmap Scan
+
+* **POST** `/nettools/nmap`
+  Runs an nmap scan on a target IP address or range.
+
+**Request Body**:
+
+```json
+{
+  "scan": "192.168.1.0/24",
+  "mode": "fast"
+}
+```
+
+**Supported Modes**:
+
+| Mode            | nmap Arguments |
+| --------------- | -------------- |
+| `fast`          | `-F`           |
+| `normal`        | default        |
+| `detail`        | `-A`           |
+| `skipdiscovery` | `-Pn`          |
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "mode": "fast",
+  "ip": "192.168.1.0/24",
+  "output": [
+    "Starting Nmap 7.91",
+    "Host 192.168.1.1 is up",
+    "... scan results ..."
+  ]
+}
+```
+
+**Error Responses**:
+
+* Invalid IP → HTTP 400
+* Invalid mode → HTTP 400
+* Command failure → HTTP 500
+
+---
+
+### 6. Internet Connection Info
+
+* **GET** `/nettools/internetinfo`
+  Fetches public internet connection information using `ipinfo.io`.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "output": "IP: 203.0.113.5 City: Sydney Country: AU Org: Example ISP"
+}
+```
+
+**Error Responses**:
+
+* Failed request or empty response → HTTP 500
+
+---
+
+## Example `curl` Requests
+
+**Wake-on-LAN**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/wakeonlan" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devMac":"AA:BB:CC:DD:EE:FF"}'
+```
+
+**Traceroute**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/traceroute" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devLastIP":"192.168.1.1"}'
+```
+
+**Speedtest**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/nettools/speedtest" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```
+
+**Nslookup**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/nslookup" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"devLastIP":"8.8.8.8"}'
+```
+
+**Nmap Scan**:
+
+```sh
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/nettools/nmap" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Content-Type: application/json" \
+  --data '{"scan":"192.168.1.0/24","mode":"fast"}'
+```
+
+**Internet Info**:
+
+```sh
+curl "http://<server_ip>:<GRAPHQL_PORT>/nettools/internetinfo" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```

docs/API_OLD.md

@@ -0,0 +1,370 @@
+# [Deprecated] API endpoints
+
+> [!WARNING] 
+> Some of these endpoints will be deprecated soon. Please refere to the new [API](API.md) endpoints docs for details on the new API layer. 
+
+NetAlertX comes with a couple of API endpoints. All requests need to be authorized (executed in a logged in browser session) or you have to pass the value of the `API_TOKEN` settings as authorization bearer, for example:
+
+```graphql
+curl 'http://host:GRAPHQL_PORT/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer API_TOKEN' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+## API Endpoint: GraphQL
+
+- Endpoint URL: `php/server/query_graphql.php`
+- Host: `same as front end (web ui)`
+- Port: `20212` or as defined by the `GRAPHQL_PORT` setting
+
+### Example Query to Fetch Devices
+
+First, let's define the GraphQL query to fetch devices with pagination and sorting options.
+
+```graphql
+query GetDevices($options: PageQueryOptionsInput) {
+  devices(options: $options) {
+    devices {
+      rowid
+      devMac
+      devName
+      devOwner
+      devType
+      devVendor
+      devLastConnection
+      devStatus
+    }
+    count
+  }
+}
+```
+
+See also: [Debugging GraphQL issues](./DEBUG_GRAPHQL.md)
+
+### `curl` Command
+
+You can use the following `curl` command to execute the query. 
+
+```sh
+curl 'http://host:GRAPHQL_PORT/graphql'   -X POST   -H 'Authorization: Bearer API_TOKEN'  -H 'Content-Type: application/json'   --data '{
+    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
+    "variables": {
+      "options": {
+        "page": 1,
+        "limit": 10,
+        "sort": [{ "field": "devName", "order": "asc" }],
+        "search": "",
+        "status": "connected"
+      }
+    }
+  }'
+```
+
+### Explanation:
+
+1. **GraphQL Query**:
+   - The `query` parameter contains the GraphQL query as a string.
+   - The `variables` parameter contains the input variables for the query.
+
+2. **Query Variables**:
+   - `page`: Specifies the page number of results to fetch.
+   - `limit`: Specifies the number of results per page.
+   - `sort`: Specifies the sorting options, with `field` being the field to sort by and `order` being the sort order (`asc` for ascending or `desc` for descending).
+   - `search`: A search term to filter the devices.
+   - `status`: The status filter to apply (valid values are `my_devices` (determined by the `UI_MY_DEVICES` setting), `connected`, `favorites`, `new`, `down`, `archived`, `offline`).
+
+3. **`curl` Command**:
+   - The `-X POST` option specifies that we are making a POST request.
+   - The `-H "Content-Type: application/json"` option sets the content type of the request to JSON.
+   - The `-d` option provides the request payload, which includes the GraphQL query and variables.
+
+### Sample Response
+
+The response will be in JSON format, similar to the following:
+
+```json
+{
+  "data": {
+    "devices": {
+      "devices": [
+        {
+          "rowid": 1,
+          "devMac": "00:11:22:33:44:55",
+          "devName": "Device 1",
+          "devOwner": "Owner 1",
+          "devType": "Type 1",
+          "devVendor": "Vendor 1",
+          "devLastConnection": "2025-01-01T00:00:00Z",
+          "devStatus": "connected"
+        },
+        {
+          "rowid": 2,
+          "devMac": "66:77:88:99:AA:BB",
+          "devName": "Device 2",
+          "devOwner": "Owner 2",
+          "devType": "Type 2",
+          "devVendor": "Vendor 2",
+          "devLastConnection": "2025-01-02T00:00:00Z",
+          "devStatus": "connected"
+        }
+      ],
+      "count": 2
+    }
+  }
+}
+```
+
+## API Endpoint: JSON files 
+
+This API endpoint retrieves static files, that are periodically updated. 
+
+- Endpoint URL: `php/server/query_json.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+### When are the endpoints updated
+
+The endpoints are updated when objects in the API endpoints are changed.
+
+### Location of the endpoints
+
+In the container, these files are located under the `/app/api/` folder. You can access them via the `/php/server/query_json.php?file=user_notifications.json` endpoint.
+
+### Available endpoints
+
+You can access the following files:
+
+  | File name | Description | 
+  |----------------------|----------------------| 
+  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json)). |
+  | `table_devices.json` | All of the available Devices detected by the app. |  
+  | `table_plugins_events.json` | The list of the unprocessed (pending) notification events (plugins_events DB table). |
+  | `table_plugins_history.json` | The list of notification events history. |  
+  | `table_plugins_objects.json` | The content of the plugins_objects table. Find more info on the [Plugin system here](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md)|
+  | `language_strings.json` | The content of the language_strings table, which in turn is loaded from the plugins `config.json` definitions. |  
+  | `table_custom_endpoint.json` | A custom endpoint generated by the SQL query specified by the `API_CUSTOM_SQL` setting. |
+  | `table_settings.json` | The content of the settings table. |
+  | `app_state.json` | Contains the current application state. |
+  
+
+### JSON Data format
+
+The endpoints starting with the `table_` prefix contain most, if not all, data contained in the corresponding database table. The common format for those is:
+
+```JSON
+{
+  "data": [
+        {
+          "db_column_name": "data",
+          "db_column_name2": "data2"      
+        }, 
+        {
+          "db_column_name": "data3",
+          "db_column_name2": "data4" 
+        }
+    ]
+}
+
+```
+
+Example JSON of the `table_devices.json` endpoint with two Devices (database rows):
+
+```JSON
+{
+  "data": [
+        {
+          "devMac": "Internet",
+          "devName": "Net - Huawei",
+          "devType": "Router",
+          "devVendor": null,
+          "devGroup": "Always on",
+          "devFirstConnection": "2021-01-01 00:00:00",
+          "devLastConnection": "2021-01-28 22:22:11",
+          "devLastIP": "192.168.1.24",
+          "devStaticIP": 0,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2023-01-28 22:22:28.998715",
+          "devIsNew": 0,
+          "devParentMAC": "",
+          "devParentPort": "",
+          "devIcon": "globe"
+        }, 
+        {
+          "devMac": "a4:8f:ff:aa:ba:1f",
+          "devName": "Net - USG",
+          "devType": "Firewall",
+          "devVendor": "Ubiquiti Inc",
+          "devGroup": "",
+          "devFirstConnection": "2021-02-12 22:05:00",
+          "devLastConnection": "2021-07-17 15:40:00",
+          "devLastIP": "192.168.1.1",
+          "devStaticIP": 1,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2021-07-17 15:40:10.667717",
+          "devIsNew": 0,
+          "devParentMAC": "Internet",
+          "devParentPort": 1,
+          "devIcon": "shield-halved"
+      }
+    ]
+}
+
+```
+
+## API Endpoint: Prometheus Exporter
+
+* **Endpoint URL**: `/metrics`
+* **Host**: (where NetAlertX exporter is running)
+* **Port**: as configured in the `GRAPHQL_PORT` setting (`20212` by default)
+
+---
+
+### Example Output of the `/metrics` Endpoint
+
+Below is a representative snippet of the metrics you may find when querying the `/metrics` endpoint for `netalertx`. It includes both aggregate counters and `device_status` labels per device.
+
+```
+netalertx_connected_devices 31
+netalertx_offline_devices 54
+netalertx_down_devices 0
+netalertx_new_devices 0
+netalertx_archived_devices 31
+netalertx_favorite_devices 2
+netalertx_my_devices 54
+
+netalertx_device_status{device="Net - Huawei", mac="Internet", ip="1111.111.111.111", vendor="None", first_connection="2021-01-01 00:00:00", last_connection="2025-08-04 17:57:00", dev_type="Router", device_status="Online"} 1
+netalertx_device_status{device="Net - USG", mac="74:ac:74:ac:74:ac", ip="192.168.1.1", vendor="Ubiquiti Networks Inc.", first_connection="2022-02-12 22:05:00", last_connection="2025-06-07 08:16:49", dev_type="Firewall", device_status="Archived"} 1
+netalertx_device_status{device="Raspberry Pi 4 LAN", mac="74:ac:74:ac:74:74", ip="192.168.1.9", vendor="Raspberry Pi Trading Ltd", first_connection="2022-02-12 22:05:00", last_connection="2025-08-04 17:57:00", dev_type="Singleboard Computer (SBC)", device_status="Online"} 1
+...
+```
+
+---
+
+### Metrics Explanation
+
+#### 1. Aggregate Device Counts
+
+Metric names prefixed with `netalertx_` provide aggregated counts by device status:
+
+* `netalertx_connected_devices`: number of devices currently connected
+* `netalertx_offline_devices`: devices currently offline
+* `netalertx_down_devices`: down/unreachable devices
+* `netalertx_new_devices`: devices recently detected
+* `netalertx_archived_devices`: archived devices
+* `netalertx_favorite_devices`: user-marked favorite devices
+* `netalertx_my_devices`: devices associated with the current user context
+
+These numeric values give a high-level overview of device distribution.
+
+#### 2. Per‑Device Status with Labels
+
+Each individual device is represented by a `netalertx_device_status` metric, with descriptive labels:
+
+* `device`: friendly name of the device
+* `mac`: MAC address (or placeholder)
+* `ip`: last recorded IP address
+* `vendor`: manufacturer or "None" if unknown
+* `first_connection`: timestamp when the device was first observed
+* `last_connection`: most recent contact timestamp
+* `dev_type`: device category or type
+* `device_status`: current status (Online / Offline / Archived / Down / ...)
+
+The metric value is always `1` (indicating presence or active state) and the combination of labels identifies the device.
+
+---
+
+### How to Query with `curl`
+
+To fetch the metrics from the NetAlertX exporter:
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/metrics' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: text/plain'
+```
+
+Replace:
+
+* `<server_ip>`: IP or hostname of the NetAlertX server
+* `<GRAPHQL_PORT>`: port specified in your `GRAPHQL_PORT` setting  (default: `20212`)
+* `<API_TOKEN>` your Bearer token from the `API_TOKEN` setting
+
+---
+
+### Summary
+
+* **Endpoint**: `/metrics` provides both summary counters and per-device status entries.
+* **Aggregate metrics** help monitor overall device states.
+* **Detailed metrics** expose each device’s metadata via labels.
+* **Use case**: feed into Prometheus for scraping, monitoring, alerting, or charting dashboard views.
+
+### Prometheus Scraping Configuration
+
+```yaml
+scrape_configs:
+  - job_name: 'netalertx'
+    metrics_path: /metrics
+    scheme: http
+    scrape_interval: 60s
+    static_configs:
+      - targets: ['<server_ip>:<GRAPHQL_PORT>']
+    authorization:
+      type: Bearer
+      credentials: <API_TOKEN>
+```
+
+### Grafana template
+
+Grafana template sample: [Download json](./samples/API/Grafana_Dashboard.json)
+
+## API Endpoint: /log files
+
+This API endpoint retrieves files from the `/app/log` folder. 
+
+- Endpoint URL: `php/server/query_logs.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+| File                     | Description                                                   |
+|--------------------------|---------------------------------------------------------------|
+| `IP_changes.log`         | Logs of IP address changes                                    |
+| `app.log`                | Main application log                                          |
+| `app.php_errors.log`     | PHP error log                                                 |
+| `app_front.log`          | Frontend application log                                      |
+| `app_nmap.log`           | Logs of Nmap scan results                                     |
+| `db_is_locked.log`       | Logs when the database is locked                              |
+| `execution_queue.log`    | Logs of execution queue activities                            |
+| `plugins/`               | Directory for temporary plugin-related files (not accessible) |
+| `report_output.html`     | HTML report output                                            |
+| `report_output.json`     | JSON format report output                                     |
+| `report_output.txt`      | Text format report output                                     |
+| `stderr.log`             | Logs of standard error output                                 |
+| `stdout.log`             | Logs of standard output                                       |
+
+
+## API Endpoint: /config files
+
+To retrieve files from the `/app/config` folder. 
+
+- Endpoint URL: `php/server/query_config.php?file=<file name>`
+- Host: `same as front end (web ui)`
+- Port: `20211` or as defined by the $PORT docker environment variable (same as the port for the web ui)
+
+| File                     | Description                                      |
+|--------------------------|--------------------------------------------------|
+| `devices.csv`            | Devices csv file                                 |
+| `app.conf`               | Application config file                          |
+

docs/API_ONLINEHISTORY.md

@@ -0,0 +1,32 @@
+# Online History API Endpoints
+
+Manage the **online history records** of devices. Currently, the API supports deletion of all history entries. All endpoints require **authorization**.
+
+---
+
+## 1. Delete Online History
+
+* **DELETE** `/history`
+  Remove **all records** from the online history table (`Online_History`). This operation **cannot be undone**.
+
+**Response** (success):
+
+```json
+{
+  "success": true,
+  "message": "Deleted online history"
+}
+```
+
+**Error Responses**:
+
+* Unauthorized → HTTP 403
+
+---
+
+### Example `curl` Request
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/history" \
+  -H "Authorization: Bearer <API_TOKEN>"
+```

docs/API_SESSIONS.md

@@ -0,0 +1,240 @@
+# Sessions API Endpoints
+
+Track and manage device connection sessions. Sessions record when a device connects or disconnects on the network.
+
+### Create a Session
+
+* **POST** `/sessions/create` → Create a new session for a device
+
+  **Request Body:**
+
+  ```json
+  {
+    "mac": "AA:BB:CC:DD:EE:FF",
+    "ip": "192.168.1.10",
+    "start_time": "2025-08-01T10:00:00",
+    "end_time": "2025-08-01T12:00:00",      // optional
+    "event_type_conn": "Connected",         // optional, default "Connected"
+    "event_type_disc": "Disconnected"       // optional, default "Disconnected"
+  }
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "message": "Session created for MAC AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/sessions/create" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "mac": "AA:BB:CC:DD:EE:FF",
+    "ip": "192.168.1.10",
+    "start_time": "2025-08-01T10:00:00",
+    "end_time": "2025-08-01T12:00:00",
+    "event_type_conn": "Connected",
+    "event_type_disc": "Disconnected"
+  }'
+
+```
+
+---
+
+### Delete Sessions
+
+* **DELETE** `/sessions/delete` → Delete all sessions for a given MAC
+
+  **Request Body:**
+
+  ```json
+  {
+    "mac": "AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "message": "Deleted sessions for MAC AA:BB:CC:DD:EE:FF"
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/sessions/delete" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "mac": "AA:BB:CC:DD:EE:FF"
+  }'
+```
+
+---
+
+### List Sessions
+
+* **GET** `/sessions/list` → Retrieve sessions optionally filtered by device and date range
+
+  **Query Parameters:**
+
+  * `mac` (optional) → Filter by device MAC address
+  * `start_date` (optional) → Filter sessions starting from this date (`YYYY-MM-DD`)
+  * `end_date` (optional) → Filter sessions ending by this date (`YYYY-MM-DD`)
+
+  **Example:**
+
+  ```
+  /sessions/list?mac=AA:BB:CC:DD:EE:FF&start_date=2025-08-01&end_date=2025-08-21
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "ses_MAC": "AA:BB:CC:DD:EE:FF",
+        "ses_Connection": "2025-08-01 10:00",
+        "ses_Disconnection": "2025-08-01 12:00",
+        "ses_Duration": "2h 0m",
+        "ses_IP": "192.168.1.10",
+        "ses_Info": ""
+      }
+    ]
+  }
+  ```
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/list?mac=AA:BB:CC:DD:EE:FF&start_date=2025-08-01&end_date=2025-08-21" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+---
+
+### Calendar View of Sessions
+
+* **GET** `/sessions/calendar` → View sessions in calendar format
+
+  **Query Parameters:**
+
+  * `start` → Start date (`YYYY-MM-DD`)
+  * `end` → End date (`YYYY-MM-DD`)
+
+  **Example:**
+
+  ```
+  /sessions/calendar?start=2025-08-01&end=2025-08-21
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "resourceId": "AA:BB:CC:DD:EE:FF",
+        "title": "",
+        "start": "2025-08-01T10:00:00",
+        "end": "2025-08-01T12:00:00",
+        "color": "#00a659",
+        "tooltip": "Connection: 2025-08-01 10:00\nDisconnection: 2025-08-01 12:00\nIP: 192.168.1.10",
+        "className": "no-border"
+      }
+    ]
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/calendar?start=2025-08-01&end=2025-08-21" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+
+---
+
+### Device Sessions
+
+* **GET** `/sessions/<mac>` → Retrieve sessions for a specific device
+
+  **Query Parameters:**
+
+  * `period` → Period to retrieve sessions (`1 day`, `7 days`, `1 month`, etc.)
+    Default: `1 day`
+
+  **Example:**
+
+  ```
+  /sessions/AA:BB:CC:DD:EE:FF?period=7 days
+  ```
+
+  **Response:**
+
+  ```json
+  {
+    "success": true,
+    "sessions": [
+      {
+        "ses_MAC": "AA:BB:CC:DD:EE:FF",
+        "ses_Connection": "2025-08-01 10:00",
+        "ses_Disconnection": "2025-08-01 12:00",
+        "ses_Duration": "2h 0m",
+        "ses_IP": "192.168.1.10",
+        "ses_Info": ""
+      }
+    ]
+  }
+  ```
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/AA:BB:CC:DD:EE:FF?period=7%20days" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```
+
+---
+
+### Session Events Summary
+
+* **GET** `/sessions/session-events` → Retrieve a summary of session events
+
+  **Query Parameters:**
+
+  * `type` → Event type (`all`, `sessions`, `missing`, `voided`, `new`, `down`)
+    Default: `all`
+  * `period` → Period to retrieve events (`7 days`, `1 month`, etc.)
+
+  **Example:**
+
+  ```
+  /sessions/session-events?type=all&period=7 days
+  ```
+
+  **Response:**
+  Returns a list of events or sessions with formatted connection, disconnection, duration, and IP information.
+
+#### `curl` Example
+
+```bash
+curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/sessions/session-events?type=all&period=7%20days" \
+  -H "Authorization: Bearer <API_TOKEN>" \
+  -H "Accept: application/json"
+```

docs/API_SETTINGS.md

@@ -0,0 +1,92 @@
+# Settings API Endpoints
+
+Retrieve application settings stored in the configuration system. This endpoint is useful for quickly fetching individual settings such as `API_TOKEN` or `TIMEZONE`.
+
+For bulk or structured access (all settings, schema details, or filtering), use the [GraphQL API Endpoint](API_GRAPHQL.md).
+
+---
+
+### Get a Setting
+
+* **GET** `/settings/<key>` → Retrieve the value of a specific setting
+
+**Path Parameter:**
+
+* `key` → The setting key to retrieve (e.g., `API_TOKEN`, `TIMEZONE`)
+
+**Authorization:**
+Requires a valid API token in the `Authorization` header.
+
+---
+
+#### `curl` Example (Success)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/API_TOKEN' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "success": true,
+  "value": "my-secret-token"
+}
+```
+
+---
+
+#### `curl` Example (Invalid Key)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/DOES_NOT_EXIST' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "success": true,
+  "value": null
+}
+```
+
+---
+
+#### `curl` Example (Unauthorized)
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/settings/API_TOKEN' \
+  -H 'Accept: application/json'
+```
+
+**Response:**
+
+```json
+{
+  "error": "Forbidden"
+}
+```
+
+---
+
+### Notes
+
+* This endpoint is optimized for **direct retrieval of a single setting**.
+* For **complex retrieval scenarios** (listing all settings, retrieving schema metadata like `setName`, `setDescription`, `setType`, or checking if a setting is overridden by environment variables), use the **GraphQL Settings Query**:
+
+```sh
+curl 'http://<server_ip>:<GRAPHQL_PORT>/graphql' \
+  -X POST \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -H 'Content-Type: application/json' \
+  --data '{
+    "query": "query GetSettings { settings { settings { setKey setName setDescription setType setOptions setGroup setValue setEvents setOverriddenByEnv } count } }"
+  }'
+```
+
+See the [GraphQL API Endpoint](API_GRAPHQL.md) for more details.

docs/API_SYNC.md

@@ -0,0 +1,125 @@
+# Sync API Endpoint 
+
+---
+
+The `/sync` endpoint is used by the **SYNC plugin** to synchronize data between multiple NetAlertX instances (e.g., from a node to a hub). It supports both **GET** and **POST** requests.
+
+#### 9.1 GET `/sync`
+
+Fetches data from a node to the hub. The data is returned as a **base64-encoded JSON file**.
+
+**Example Request:**
+
+```sh
+curl 'http://<server>:<GRAPHQL_PORT>/sync' \
+  -H 'Authorization: Bearer <API_TOKEN>'
+```
+
+**Response Example:**
+
+```json
+{
+  "node_name": "NODE-01",
+  "status": 200,
+  "message": "OK",
+  "data_base64": "eyJkZXZpY2VzIjogW3siZGV2TWFjIjogIjAwOjExOjIyOjMzOjQ0OjU1IiwiZGV2TmFtZSI6ICJEZXZpY2UgMSJ9XSwgImNvdW50Ijog1fQ==",
+  "timestamp": "2025-08-24T10:15:00+10:00"
+}
+```
+
+**Notes:**
+
+* `data_base64` contains the full JSON data encoded in Base64.
+* `node_name` corresponds to the `SYNC_node_name` setting on the node.
+* Errors (e.g., missing file) return HTTP 500 with an error message.
+
+---
+
+#### 9.2 POST `/sync` 
+
+The **POST** endpoint is used by nodes to **send data to the hub**. The hub expects the data as **form-encoded fields** (application/x-www-form-urlencoded or multipart/form-data). The hub then stores the data in the plugin log folder for processing.
+
+#### Required Fields
+
+| Field       | Type              | Description                                                                                                                                                                  |
+| ----------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `data`      | string            | The payload from the plugin or devices. Typically **plain text**, **JSON**, or **encrypted Base64** data. In your Python script, `encrypt_data()` is applied before sending. |
+| `node_name` | string            | The name of the node sending the data. Matches the node’s `SYNC_node_name` setting. Used to generate the filename on the hub.                                                |
+| `plugin`    | string            | The name of the plugin sending the data. Determines the filename prefix (`last_result.<plugin>...`).                                                                         |
+| `file_path` | string (optional) | Path of the local file being sent. Used only for logging/debugging purposes on the hub; **not required for processing**.                                                     |
+
+---
+
+### How the Hub Processes the POST Data
+
+1. **Receives the data** and validates the API token.
+2. **Stores the raw payload** in:
+
+```
+INSTALL_PATH/log/plugins/last_result.<plugin>.encoded.<node_name>.<sequence>.log
+```
+
+* `<plugin>` → plugin name from the POST request.
+* `<node_name>` → node name from the POST request.
+* `<sequence>` → incremented number for each submission.
+
+3. **Decodes / decrypts the data** if necessary (Base64 or encrypted) before processing.
+4. **Processes JSON payloads** (e.g., device info) to:
+
+   * Avoid duplicates by tracking `devMac`.
+   * Add metadata like `devSyncHubNode`.
+   * Insert new devices into the database.
+5. **Renames files** to indicate they have been processed:
+
+```
+processed_last_result.<plugin>.<node_name>.<sequence>.log
+```
+
+---
+
+### Example POST Payload
+
+If a node is sending device data:
+
+```bash
+curl -X POST 'http://<hub>:<PORT>/sync' \
+  -H 'Authorization: Bearer <API_TOKEN>' \
+  -F 'data={"data":[{"devMac":"00:11:22:33:44:55","devName":"Device 1","devVendor":"Vendor A","devLastIP":"192.168.1.10"}]}' \
+  -F 'node_name=NODE-01' \
+  -F 'plugin=SYNC'
+```
+
+* The `data` field contains JSON with a **`data` array**, where each element is a **device object** or **plugin data object**.
+* The `plugin` and `node_name` fields allow the hub to **organize and store the file correctly**.
+* The data is only processed if the relevant plugins are enabled and run on the target server. 
+
+---
+
+### Key Notes
+
+* **Always use the same `plugin` and `node_name` values** for consistent storage.
+* **Encrypted data**: The Python script uses `encrypt_data()` before sending, and the hub decodes it before processing.
+* **Sequence numbers**: Every submission generates a new sequence, preventing overwriting previous data.
+* **Form-encoded**: The hub expects `multipart/form-data` (cURL `-F`) or `application/x-www-form-urlencoded`.
+
+**Storage Details:**
+
+* Data is stored under `INSTALL_PATH/log/plugins` with filenames following the pattern:
+
+```
+last_result.<plugin>.encoded.<node_name>.<sequence>.log
+```
+
+* Both encoded and decoded files are tracked, and new submissions increment the sequence number.
+* If storing fails, the API returns HTTP 500 with an error message.
+* The data is only processed if the relevant plugins are enabled and run on the target server. 
+
+---
+
+#### 9.3 Notes and Best Practices
+
+* **Authorization Required** – Both GET and POST require a valid API token.
+* **Data Integrity** – Ensure that `node_name` and `plugin` are consistent to avoid overwriting files.
+* **Monitoring** – Notifications are generated whenever data is sent or received (`write_notification`), which can be used for alerting or auditing.
+* **Use Case** – Typically used in multi-node deployments to consolidate device and event data on a central hub.
+

docs/API_TESTS.md

@@ -0,0 +1,12 @@
+### Unit Tests
+
+>[!WARNING]
+> Please note these test modify data in the database. 
+
+1. See the `/test` directory for available test cases. These are not exhaustive but cover the main API endpoints.  
+2. To run a test case, SSH into the container:  
+   `sudo docker exec -it netalertx /bin/bash`  
+3. Inside the container, install pytest (if not already installed):  
+   `pip install pytest`  
+4. Run a specific test case:  
+   `pytest /app/test/TESTFILE.py`

docs/COMMUNITY_GUIDES.md

@@ -2,6 +2,7 @@
 
 Use the official installation guides at first and use community content as supplementary material. Open an issue or PR if you'd like to add your link to the list 🙏 (Ordered by last update time)
 
+- ▶ [Discover & Monitor Your Network with This Self-Hosted Open Source Tool - Lawrence Systems](https://www.youtube.com/watch?v=R3b5cxLZMpo) (June 2025)
 - ▶ [Home Lab Network Monitoring - Scotti-BYTE Enterprise Consulting Services](https://www.youtube.com/watch?v=0DryhzrQSJA) (July 2024)
 - 📄 [How to Install NetAlertX on Your Synology NAS - Marius hosting](https://mariushosting.com/how-to-install-pi-alert-on-your-synology-nas/) (Updated frequently)
 - 📄 [Using the PiAlert Network Security Scanner on a Raspberry Pi - PiMyLifeUp](https://pimylifeup.com/raspberry-pi-pialert/)

docs/DATABASE.md

@@ -38,6 +38,9 @@
 | `devSyncHubNode`       | The NetAlertX node ID used for synchronization between NetAlertX instances. | `node_1` |
 | `devSourcePlugin`      | Source plugin that discovered the device. | `ARPSCAN` |
 | `devCustomProps`       | [Custom properties](./CUSTOM_PROPERTIES.md) related to the device. The value is a base64-encoded JSON object. | `PHN2ZyB...` |
+| `devFQDN`              | Fully qualified domain name. | `raspberrypi.local` |
+| `devParentRelType`     | The type of relationship between the current device and it's parent node. By default, selecting `nic` will hide it from lists. | `nic` |
+| `devReqNicsOnline`     | If all NICs are required to be online to mark teh current device online. | `0` |
 
 
 To understand how values of these fields influuence application behavior, such as Notifications or Network topology, see also: 

docs/DEBUG_GRAPHQL.md

@@ -0,0 +1,64 @@
+# Debugging GraphQL server issues
+
+The GraphQL server is an API middle layer, running on it's own port specified by `GRAPHQL_PORT`, to retrieve and show the data in the UI. It can also be used to retrieve data for custom third party integarions. Check the [API documentation](./API.md) for details. 
+
+The most common issue is that the GraphQL server doesn't start properly, usually due to a **port conflict**. If you are running multiple NetAlertX instances, make sure to use **unique ports** by changing the `GRAPHQL_PORT` setting. The default is `20212`.
+
+## How to update the `GRAPHQL_PORT` in case of issues
+
+As a first troubleshooting step try changing the default `GRAPHQL_PORT` setting. Please remember NetAlertX is running on the host so any application uising the same port will cause issues.  
+
+### Updating the setting via the Settings UI
+
+Ideally use the Settings UI to update the setting under General -> Core -> GraphQL port:
+
+![GrapQL settings](./img/DEBUG_GRAPHQL/graphql_settings_port_token.png)
+
+You might need to temporarily stop other applications or NetAlertX instances causing conflicts to update the setting. The `API_TOKEN` is used to authenticate any API calls, including GraphQL requests. 
+
+### Updating the `app.conf` file
+
+If the UI is not accessible, you can directly edit the `app.conf` file in your `/config` folder:
+
+![Editing app.conf](./img/DEBUG_GRAPHQL/app_conf_graphql_port.png)
+
+### Using a docker variable
+
+All application settings can also be initialized via the `APP_CONF_OVERRIDE` docker env variable. 
+
+```yaml
+...
+ environment:
+      - TZ=Europe/Berlin      
+      - PORT=20213
+      - APP_CONF_OVERRIDE={"GRAPHQL_PORT":"20214"}
+...
+```
+
+## How to check the GraphQL server is running?
+
+There are several ways to check if the GraphQL server is running.
+
+### Init Check
+
+You can navigate to Maintenance -> Init Check to see if `isGraphQLServerRunning` is ticked:
+
+![Init Check](./img/DEBUG_GRAPHQL/Init_check.png)
+
+### Checking the Logs
+
+You can navigate to Maintenance -> Logs and search for `graphql` to see if it started correctly and serving requests:
+
+![GraphQL Logs](./img/DEBUG_GRAPHQL/graphql_running_logs.png)
+
+### Inspecting the Browser console
+
+In your browser open the dev console (usually F12) and navigate to the Network tab where you can filter GraphQL requests (e.g., reload the Devices page).
+
+![Browser Network Tab](./img/DEBUG_GRAPHQL/network_graphql.png)
+
+You can then inspect any of the POST requests by opening them in a new tab.
+
+![Browser GraphQL Json](./img/DEBUG_GRAPHQL/dev_console_graphql_json.png)
+
+

docs/DEBUG_INVALID_JSON.md

@@ -10,7 +10,7 @@ Check the the HTTP response of the failing backend call by following these steps
 - Copy the URL causing the error and enter it in the address bar of your browser directly and hit enter. The copied URLs could look something like this (notice the query strings at the end):
   - `http://<NetAlertX URL>:20211/api/table_devices.json?nocache=1704141103121`
   - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesTotals`
-  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesList&status=all`  
+
 
 - Post the error response in the existing issue thread on GitHub or create a new issue and include the redacted response of the failing query.
 

docs/DEBUG_PHP.md

@@ -0,0 +1,34 @@
+# Debugging backend PHP issues
+
+## Logs in UI
+
+![Logs UI](./img/DEBUG/maintenance_debug_php.png)
+
+You can view recent backend PHP errors directly in the **Maintenance > Logs** section of the UI. This provides quick access to logs without needing terminal access.
+
+## Accessing logs directly
+
+Sometimes, the UI might not be accessible. In that case, you can access the logs directly inside the container.
+
+### Step-by-step:
+
+1. **Open a shell into the container:**
+
+   ```bash
+   docker exec -it netalertx /bin/sh
+   ```
+
+2. **Check the NGINX error log:**
+
+   ```bash
+   cat /var/log/nginx/error.log
+   ```
+
+3. **Check the PHP application error log:**
+
+   ```bash
+   cat /app/log/app.php_errors.log
+   ```
+
+These logs will help identify syntax issues, fatal errors, or startup problems when the UI fails to load properly.
+

docs/DEVICES_BULK_EDITING.md

@@ -14,6 +14,8 @@ You can select devices in the _Devices_ view by selecting devices to edit and th
 
 ## CSV bulk edit
 
+The database and device structure may change with new releases. When using the CSV import functionality, ensure the format matches what the application expects. To avoid issues, you can first export the devices and review the column formats before importing any custom data.
+
 > [!NOTE] 
 > As always, backup everything, just in case.
 

docs/DEVICE_DISPLAY_SETTINGS.md

@@ -4,3 +4,17 @@ This set of settings allows you to group Devices under different views. The Arch
 
 
 ![Display settings](./img/DEVICE_MANAGEMENT/DeviceDetails_DisplaySettings.png)
+
+
+## Status Colors
+
+![Sattus colors](./img/DEVICE_MANAGEMENT/device_management_status_colors.png)
+
+1. 🔌 Online (Green) = A device that is no longer marked as a "New Device".
+2. 🔌 New (Green) = A newly discovered device that is online and is still marked as a "New Device".
+3. ✖ New (Grey) = Same as No.2 but device is now offline.
+4. ✖ Offline (Grey) = A device that was not detected online in the last scan. 
+5. ⚠ Down (Red) = A device that has "Alert Down" marked and has been offline for the time set in the Setting `NTFPRCS_alert_down_time`. 
+
+
+See also [Notification guide](./NOTIFICATIONS.md).

docs/DEVICE_HEURISTICS.md

@@ -0,0 +1,114 @@
+# Device Heuristics: Icon and Type Guessing
+
+This module is responsible for inferring the most likely **device type** and **icon** based on minimal identifying data like MAC address, vendor, IP, or device name.
+
+It does this using a set of heuristics defined in an external JSON rules file, which it evaluates **in priority order**.
+
+>[!NOTE]
+> You can find the full source code of the heuristics module in the `device_heuristics.py` file.  
+
+---
+
+## JSON Rule Format
+
+Rules are defined in a file called `device_heuristics_rules.json` (located under `/back`), structured like:
+
+```json
+[
+  {
+    "dev_type": "Phone",
+    "icon_html": "<i class=\"fa-brands fa-apple\"></i>",
+    "matching_pattern": [
+      { "mac_prefix": "001A79", "vendor": "Apple" }
+    ],
+    "name_pattern": ["iphone", "pixel"]
+  }
+]
+```
+
+>[!NOTE]
+> Feel free to raise a PR in case you'd like to add any rules into the `device_heuristics_rules.json` file. Please place new rules into the correct position and consider the priority of already available rules.
+
+### Supported fields:
+
+| Field              | Type                 | Description                                                     |
+| ------------------ | -------------------- | --------------------------------------------------------------- |
+| `dev_type`         | `string`             | Type to assign if rule matches (e.g. `"Gateway"`, `"Phone"`)    |
+| `icon_html`        | `string`             | Icon (HTML string) to assign if rule matches. Encoded to base64 at load time. |
+| `matching_pattern` | `array`              | List of `{ mac_prefix, vendor }` objects for first strict and then loose matching    |
+| `name_pattern`     | `array` *(optional)* | List of lowercase substrings (used with regex)                  |
+| `ip_pattern`       | `array` *(optional)* | Regex patterns to match IPs                                     |
+
+**Order in this array defines priority** — rules are checked top-down and short-circuit on first match.
+
+---
+
+## Matching Flow (in Priority Order)
+
+The function `guess_device_attributes(...)` runs a series of matching functions in strict order:
+
+1. MAC + Vendor → `match_mac_and_vendor()`
+2. Vendor only → `match_vendor()`
+3. Name pattern → `match_name()`
+4. IP pattern → `match_ip()`
+5. Final fallback → defaults defined in the `NEWDEV_devIcon` and `NEWDEV_devType` settings.
+
+> [!NOTE]
+> The app will try guessing the device type or icon if `devType` or `devIcon` are `""` or `"null"`.
+
+### Use of default values
+
+The guessing process runs for every device **as long as the current type or icon still matches the default values**. Even if earlier heuristics return a match, the system continues evaluating additional clues — like name or IP — to try and replace placeholders.
+
+```python
+# Still considered a match attempt if current values are defaults
+if (not type_ or type_ == default_type) or (not icon or icon == default_icon):
+    type_, icon = match_ip(ip, default_type, default_icon)
+```
+
+In other words: if the type or icon is still `"unknown"` (or matches the default), the system assumes the match isn’t final — and keeps looking. It stops only when both values are non-default (defaults are defined in the `NEWDEV_devIcon` and `NEWDEV_devType` settings).
+
+---
+
+## Match Behavior (per function)
+
+These functions are executed in the following order:
+
+### `match_mac_and_vendor(mac_clean, vendor, ...)`
+
+* Looks for MAC prefix **and** vendor substring match
+* Most precise
+* Stops as soon as a match is found
+
+### `match_vendor(vendor, ...)`
+
+* Falls back to substring match on vendor only
+* Ignores rules where `mac_prefix` is present (ensures this is really a fallback)
+
+### `match_name(name, ...)`
+
+* Lowercase name is compared against all `name_pattern` values using regex
+* Good for user-assigned labels (e.g. "AP Office", "iPhone")
+
+### `match_ip(ip, ...)`
+
+* If IP is present and matches regex patterns under any rule, it returns that type/icon
+* Usually used for gateways or local IP ranges
+
+---
+
+## Icons
+
+* Each rule can define an `icon_html`, which is converted to a `icon_base64` on load
+* If missing, it falls back to the passed-in `default_icon` (`NEWDEV_devIcon` setting)
+* If a match is found but icon is still blank, default is used
+
+**TL;DR:** Type and icon must both be matched. If only one is matched, the other falls back to the default.
+
+---
+
+## Priority Mechanics
+
+* JSON rules are evaluated **top-to-bottom**
+* Matching is **first-hit wins** — no scoring, no weights
+* Rules that are more specific (e.g. exact MAC prefixes) should be listed earlier

docs/DEV_DEVCONTAINER.md

@@ -0,0 +1,63 @@
+# Devcontainer for NetAlertX Guide
+
+This devcontainer is designed to mirror the production container environment as closely as possible, while providing a rich set of tools for development.
+
+## How to Get Started
+
+1.  **Prerequisites:**
+    * A working **Docker installation** that can be managed by your user. This can be [Docker Desktop](https://www.docker.com/products/docker-desktop/) or Docker Engine installed via other methods (like the official [get-docker script](https://get.docker.com)).
+    * [Visual Studio Code](https://code.visualstudio.com/) installed.
+    * The [VS Code Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) installed.
+
+2.  **Launch the Devcontainer:**
+    * Clone this repository.
+    * Open the repository folder in VS Code.
+    * A notification will pop up in the bottom-right corner asking to **"Reopen in Container"**. Click it.
+    * VS Code will now build the Docker image and connect your editor to the container. Your terminal, debugger, and all tools will now be running inside this isolated environment.
+
+## Key Workflows & Features
+
+Once you're inside the container, everything is set up for you.
+
+### 1. Services (Frontend & Backend)
+
+![Services](./img/DEV/devcontainer_1.png)
+
+The container's startup script (`.devcontainer/scripts/setup.sh`) automatically starts the Nginx/PHP frontend and the Python backend. You can restart them at any time using the built-in tasks.
+
+### 2. Integrated Debugging (Just Press F5!)
+
+![Debugging](./img/DEV/devcontainer_2.png)
+
+Debugging for both the Python backend and PHP frontend is pre-configured and ready to go.
+
+* **Python Backend (debugpy):** The backend automatically starts with a debugger attached on port `5678`. Simply open a Python file (e.g., `server/__main__.py`), set a breakpoint, and press **F5** (or select "Python Backend Debug: Attach") to connect the debugger.
+* **PHP Frontend (Xdebug):** Xdebug listens on port `9003`. In VS Code, start listening for Xdebug connections and use a browser extension (like "Xdebug helper") to start a debugging session for the web UI.
+
+### 3. Common Tasks (F1 -> Run Task)
+
+![Common tasks](./img/DEV/devcontainer_3.png)
+
+We've created several VS Code Tasks to simplify common operations. Access them by pressing `F1` and typing "Tasks: Run Task".
+
+* `Generate Dockerfile`: **This is important.** The actual `.devcontainer/Dockerfile` is auto-generated. If you need to change the container environment, edit `.devcontainer/resources/devcontainer-Dockerfile` and then run this task.
+* `Re-Run Startup Script`: Manually re-runs the `.devcontainer/scripts/setup.sh` script to re-link files and restart services.
+* `Start Backend (Python)` / `Start Frontend (nginx and PHP-FPM)`: Manually restart the services if needed.
+
+### 4. Running Tests
+
+![Running tests](./img/DEV/devcontainer_4.png)
+
+The environment includes `pytest`. You can run tests directly from the VS Code Test Explorer UI or by running `pytest -q` in the integrated terminal. The necessary `PYTHONPATH` is already configured so that tests can correctly import the server modules.
+
+## How to Maintain This Devcontainer
+
+The setup is designed to be easy to manage. Here are the core principles:
+
+* **Don't Edit `Dockerfile` Directly:** The main `.devcontainer/Dockerfile` is a combination of the project's root `Dockerfile` and a special dev-only stage. To add new tools or dependencies, **edit `.devcontainer/resources/devcontainer-Dockerfile`** and then run the `Generate Dockerfile` task.
+* **Build-Time vs. Run-Time Setup:**
+    * For changes that can be baked into the image (like installing a new package with `apk add`), add them to the resource Dockerfile.
+    * For changes that must happen when the container *starts* (like creating symlinks, setting permissions, or starting services), use `.devcontainer/scripts/setup.sh`.
+* **Project Conventions:** The `.github/copilot-instructions.md` file is an excellent resource to help AI and humans understand the project's architecture, conventions, and how to use existing helper functions instead of hardcoding values.
+
+This setup provides a powerful and consistent foundation for all current and future contributors to NetAlertX.

docs/DEV_ENV_SETUP.md

@@ -1,32 +1,45 @@
-# Development environment set up
+# Development Environment Setup
 
->[!NOTE]
-> Replace `/development` with the path where your code files will be stored. The default container name is `netalertx` so there might be a conflict with your running containers.
+I truly appreciate all contributions! To help keep this project maintainable, this guide provides an overview of project priorities, key design considerations, and overall philosophy. It also includes instructions for setting up your environment so you can start contributing right away.
 
 ## Development Guidelines
 
-Before starting development, please scan the below development guidelines.
+Before starting development, please review the following guidelines.
 
 ### Priority Order (Highest to Lowest)
 
-1. 🔼 Fixing core bugs that lack workarounds.
-2. 🔵 Adding core functionality that unlocks other features (e.g., plugins).
-3. 🔵 Refactoring to enable faster development.
-4. 🔽 UI improvements (PRs welcome).
+1. 🔼 Fixing core bugs that lack workarounds  
+2. 🔵 Adding core functionality that unlocks other features (e.g., plugins)  
+3. 🔵 Refactoring to enable faster development  
+4. 🔽 UI improvements (PRs welcome, but low priority)  
 
 ### Design Philosophy
 
-Focus on core functionality and integrate with existing tools rather than reinventing the wheel.  
-Examples:
+The application architecture is designed for extensibility and maintainability. It relies heavily on configuration manifests via plugins and settings to dynamically build the UI and populate the application with data from various sources.  
 
-- Using **Apprise** for notifications instead of implementing multiple separate gateways.
-- Implementing **regex-based validation** instead of one-off validation for each setting.
+For details, see:  
+- [Plugins Development](PLUGINS_DEV.md) (includes video)  
+- [Settings System](SETTINGS_SYSTEM.md)  
+
+Focus on **core functionality** and integrate with existing tools rather than reinventing the wheel.  
+
+Examples:  
+- Using **Apprise** for notifications instead of implementing multiple separate gateways  
+- Implementing **regex-based validation** instead of one-off validation for each setting  
 
 > [!NOTE]  
-> UI changes have lower priority, however, PRs are welcome, but **keep them small & focused**.
+> UI changes have lower priority. PRs are welcome, but please keep them **small and focused**.
 
 ## Development Environment Set Up
 
+>[!TIP]
+> There is also a ready to use [devcontainer](DEV_DEVCONTAINER.md) available.
+
+The following steps will guide you to set up your environment for local development and to run a custom docker build on your system. For most changes the container doesn't need to be rebuild which speeds up the development significantly.
+
+>[!NOTE]
+> Replace `/development` with the path where your code files will be stored. The default container name is `netalertx` so there might be a conflict with your running containers.
+
 ### 1. Download the code:
 
 - `mkdir /development`
@@ -84,14 +97,14 @@ Most code changes can be tested without rebuilding the container. When working o
 
 1. You can usually restart the backend via _Maintenance > Logs > Restart_ server
 
-![image](./img/DEV_ENV_SETUP/Maintenance_Logs_Restart_server.png)
+![image](./img/DEV/Maintenance_Logs_Restart_server.png)
 
 2. If above doesn't work, SSH into the container and kill & restart the main script loop 
 
 - `sudo docker exec -it netalertx /bin/bash`
 - `pkill -f "python /app/server" && python /app/server & `
 
-3. If none of the above work, restart the docker caontainer. 
+3. If none of the above work, restart the docker container. 
 
 - This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. 
 
@@ -119,3 +132,6 @@ Most code changes can be tested without rebuilding the container. When working o
 - Updating a Device
 - Plugin functionality.
 - Error log inspection.
+
+> [!NOTE]  
+> Always run all available tests as per the [Testing documentation](API_TESTS.md).

docs/DOCKER_COMPOSE.md

@@ -69,7 +69,7 @@ services:
     network_mode: "host"        
     restart: unless-stopped
     volumes:
-      - ${APP_DATA_LOCATION}/netalertx/config:/app/config
+      - ${APP_CONFIG_LOCATION}/netalertx/config:/app/config
       - ${APP_DATA_LOCATION}/netalertx/db/:/app/db/      
       # (optional) useful for debugging if you have issues setting up the container
       - ${LOGS_LOCATION}:/app/log
@@ -137,3 +137,67 @@ networks:
 
 
 ```
+
+### Example 5: same as 3 but with a top-level root directory; also works in Portainer as-is
+
+`docker-compose.yml` 
+
+```yaml
+services:
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image instead of the stable release
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
+
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - ${APP_FOLDER}/netalertx/config:/app/config
+      - ${APP_FOLDER}/netalertx/db:/app/db     
+      # (optional) useful for debugging if you have issues setting up the container
+      - ${APP_FOLDER}/netalertx/log:/app/log
+      # (API: OPTION 1) default -> use for performance
+      - type: tmpfs
+        target: /app/api
+      # (API: OPTION 2) use when debugging issues 
+      # -  ${APP_FOLDER}/netalertx/api:/app/api
+    environment:
+
+      - TZ=${TZ}
+      - PORT=${PORT}
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - LISTEN_ADDR=${LISTEN_ADDR}
+```
+
+`.env` file
+
+```yaml
+APP_FOLDER=/path/to/local/NetAlertX/location
+
+#ENVIRONMENT VARIABLES
+
+PUID=200
+PGID=300
+
+TZ=America/New_York
+LISTEN_ADDR=0.0.0.0
+PORT=20211
+#GLOBAL PATH VARIABLE
+
+# you may want to create a dedicated user and group to run the container with 
+# sudo groupadd -g 300 nax-g 
+# sudo useradd -u 200 -g 300 nax-u
+# mkdir -p $APP_FOLDER/{db,config,log} 
+# chown -R 200:300 $APP_FOLDER
+# chmod -R 775 $APP_FOLDER
+
+# DEVELOPMENT VARIABLES
+# you can create  multiple env files called .env.dev1, .env.dev2 etc and use them by running:
+# docker compose --env-file .env.dev1 up -d
+# you can then clone  multiple dev copies of NetAlertX just make sure to change the APP_FOLDER and PORT variables in each .env.devX file
+
+```
+
+To run the container execute: `sudo docker-compose --env-file /path/to/.env up`

docs/DOCKER_PORTAINER.md

@@ -0,0 +1,97 @@
+# Deploying NetAlertX in Portainer (via Stacks)
+
+This guide shows you how to set up **NetAlertX** using Portainer’s **Stacks** feature.
+
+![Portainer > Stacks](./img/DOCKER/DOCKER_PORTAINER.png)
+
+---
+
+## 1. Prepare Your Host
+
+Before deploying, make sure you have a folder on your Docker host for NetAlertX data. Replace `APP_FOLDER` with your preferred location, for example `/opt` here:
+
+```bash
+mkdir -p /opt/netalertx/config
+mkdir -p /opt/netalertx/db
+mkdir -p /opt/netalertx/log
+```
+
+---
+
+## 2. Open Portainer Stacks
+
+1. Log in to your **Portainer UI**.
+2. Navigate to **Stacks** → **Add stack**.
+3. Give your stack a name (e.g., `netalertx`).
+
+---
+
+## 3. Paste the Stack Configuration
+
+Copy and paste the following YAML into the **Web editor**:
+
+```yaml
+services:
+  netalertx:
+    container_name: netalertx
+
+    # Use this line for stable release
+    image: "ghcr.io/jokob-sk/netalertx:latest"      
+
+    # Or, use this for the latest development build
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest" 
+
+    network_mode: "host"
+    restart: unless-stopped
+
+    volumes:
+      - ${APP_FOLDER}/netalertx/config:/app/config
+      - ${APP_FOLDER}/netalertx/db:/app/db
+      # Optional: logs (useful for debugging setup issues, comment out for performance)
+      - ${APP_FOLDER}/netalertx/log:/app/log
+
+      # API storage options:
+      # (Option 1) tmpfs (default, best performance)
+      - type: tmpfs
+        target: /app/api
+
+      # (Option 2) bind mount (useful for debugging)
+      # - ${APP_FOLDER}/netalertx/api:/app/api
+
+    environment:
+      - TZ=${TZ}
+      - PORT=${PORT}
+      - APP_CONF_OVERRIDE=${APP_CONF_OVERRIDE}
+```
+
+---
+
+## 4. Configure Environment Variables
+
+In the **Environment variables** section of Portainer, add the following:
+
+* `APP_FOLDER=/opt` (or wherever you created the directories in step 1)
+* `TZ=Europe/Berlin` (replace with your timezone)
+* `PORT=22022` (or another port if needed)
+* `APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22023"}` (optional advanced settings)
+
+---
+
+## 5. Deploy the Stack
+
+1. Scroll down and click **Deploy the stack**.
+2. Portainer will pull the image and start NetAlertX.
+3. Once running, access the app at:
+
+```
+http://<your-docker-host-ip>:22022
+```
+
+---
+
+## 6. Verify and Troubleshoot
+
+* Check logs via Portainer → **Containers** → `netalertx` → **Logs**.
+* Logs are stored under `${APP_FOLDER}/netalertx/log` if you enabled that volume.
+
+Once the application is running, configure it by reading the [initial setup](INITIAL_SETUP.md) guide, or [troubleshoot common issues](COMMON_ISSUES.md). 

docs/DOCKER_SWARM.md

@@ -0,0 +1,79 @@
+# Docker Swarm Deployment Guide (IPvlan)
+
+This guide describes how to deploy **NetAlertX** in a **Docker Swarm** environment using an `ipvlan` network. This enables the container to receive a LAN IP address directly, which is ideal for network monitoring.
+
+---
+
+## ⚙️ Step 1: Create an IPvlan Config-Only Network on All Nodes
+
+> Run this command on **each node** in the Swarm.
+
+```bash
+docker network create -d ipvlan \
+  --subnet=192.168.1.0/24 \              # 🔧 Replace with your LAN subnet
+  --gateway=192.168.1.1 \                # 🔧 Replace with your LAN gateway
+  -o ipvlan_mode=l2 \
+  -o parent=eno1 \                       # 🔧 Replace with your network interface (e.g., eth0, eno1)
+  --config-only \
+  ipvlan-swarm-config
+```
+
+---
+
+## 🖥️ Step 2: Create the Swarm-Scoped IPvlan Network (One-Time Setup)
+
+> Run this on **one Swarm manager node only**.
+
+```bash
+docker network create -d ipvlan \
+  --scope swarm \
+  --config-from ipvlan-swarm-config \
+  swarm-ipvlan
+```
+
+---
+
+## 🧾 Step 3: Deploy NetAlertX with Docker Compose
+
+Use the following Compose snippet to deploy NetAlertX with a **static LAN IP** assigned via the `swarm-ipvlan` network.
+
+```yaml
+services:
+  netalertx:
+    image: ghcr.io/jokob-sk/netalertx:latest
+    ports:
+      - 20211:20211
+    volumes:
+      - /mnt/YOUR_SERVER/netalertx/config:/app/config:rw
+      - /mnt/YOUR_SERVER/netalertx/db:/netalertx/app/db:rw
+      - /mnt/YOUR_SERVER/netalertx/logs:/netalertx/app/log:rw
+    environment:
+      - TZ=Europe/London
+      - PORT=20211
+    networks:
+      swarm-ipvlan:
+        ipv4_address: 192.168.1.240     # ⚠️ Choose a free IP from your LAN
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager        # 🔄 Or use: node.labels.netalertx == true
+
+networks:
+  swarm-ipvlan:
+    external: true
+```
+
+---
+
+## ✅ Notes
+
+* The `ipvlan` setup allows **NetAlertX** to have a direct IP on your LAN.
+* Replace `eno1` with your interface, IP addresses, and volume paths to match your environment.
+* Make sure the assigned IP (`192.168.1.240` above) is not in use or managed by DHCP.
+* You may also use a node label constraint instead of `node.role == manager` for more control.
+
+

docs/FIX_OFFLINE_DETECTION.md

@@ -0,0 +1,78 @@
+# Troubleshooting: Devices Show Offline When They Are Online
+
+In some network setups, certain devices may intermittently appear as **offline** in NetAlertX, even though they are connected and responsive. This issue is often more noticeable with devices that have **higher IP addresses** within the subnet.
+
+> [!NOTE]
+>
+> Network presence graph showing increased drop outs before enabling additional `ICMP` scans and continuous online presence after following this guide. This graph shows a sudden spike in drop outs probably caused by a device software update.
+> ![before after presence](./img/FIX_OFFLINE_DETECTION/presence_graph_before_after.png)
+
+## Symptoms
+
+* Devices sporadically show as offline in the presence timeline.
+* This behavior often affects devices with higher IPs (e.g., `192.168.1.240+`).
+* Presence data appears inconsistent or unreliable despite the device being online.
+
+## Cause
+
+This issue is typically related to scanning limitations:
+
+* **ARP scan timeouts** may prevent full subnet coverage.
+* **Sole reliance on ARP** can result in missed detections:
+
+  * Some devices (like iPhones) suppress or reject frequent ARP requests.
+  * ARP responses may be blocked or delayed due to power-saving features or OS behavior.
+
+* **Scanning frequency conflicts**, where devices ignore repeated scans within a short period.
+
+## Recommended Fixes
+
+To improve presence accuracy and reduce false offline states:
+
+### ✅ Increase ARP Scan Timeout
+
+Extend the ARP scanner timeout to ensure full subnet coverage:
+
+```env
+ARPSCAN_RUN_TIMEOUT=360
+```
+
+> Adjust based on your network size and device count.
+
+### ✅ Add ICMP (Ping) Scanning
+
+Enable the `ICMP` scan plugin to complement ARP detection. ICMP is often more reliable for detecting active hosts, especially when ARP fails. 
+
+### ✅ Use Multiple Detection Methods
+
+A combined approach greatly improves detection robustness:
+
+* `ARPSCAN` (default)
+* `ICMP` (ping)
+* `NMAPDEV` (nmap)
+
+This hybrid strategy increases reliability, especially for down detection and alerting. See [other plugins](./PLUGINS.md) that might be compatible with your setup. See benefits and drawbacks of individual scan methods in their respective docs. 
+
+## Results
+
+After increasing the ARP timeout and adding ICMP scanning (on select IP ranges), users typically report:
+
+* More consistent presence graphs
+* Fewer false offline events
+* Better coverage across all IP ranges
+
+## Summary
+
+| Setting               | Recommendation                                |
+| --------------------- | --------------------------------------------- |
+| `ARPSCAN_RUN_TIMEOUT` | Increase to ensure scans reach all IPs        |
+| `ICMP` Scan           | Enable to detect devices ARP might miss       |
+| Multi-method Scanning | Use a mix of ARP, ICMP, and NMAP-based methods |
+
+---
+
+**Tip:** Each environment is unique. Consider fine-tuning scan settings based on your network size, device behavior, and desired detection accuracy.
+
+Let us know in the [NetAlertX Discussions](https://github.com/jokob-sk/NetAlertX/discussions) if you have further feedback or edge cases.
+
+See also [Remote Networks](./REMOTE_NETWORKS.md) for more advanced setups. 

docs/HOME_ASSISTANT.md

@@ -1,4 +1,4 @@
-# Overview
+# Home Assistant integration overview
 
 NetAlertX comes with MQTT support, allowing you to show all detected devices as devices in Home Assistant. It also supplies a collection of stats, such as number of online devices.
 

docs/HW_INSTALL.md

@@ -5,50 +5,71 @@ To download and install NetAlertX on the hardware/server directly use the `curl`
 > [!NOTE]
 > This is an Experimental feature 🧪 and it relies on community support.
 >
-> 🙏 Looking for maintainers for this installation method 🙂
+> 🙏 Looking for maintainers for this installation method 🙂 Current community volunteers: 
+>   - [slammingprogramming](https://github.com/slammingprogramming)
+>   - [ingoratsdorf](https://github.com/ingoratsdorf)
 >
 > There is no guarantee that the install script or any other script will gracefully handle other installed software.
 > Data loss is a possibility, **it is recommended to install NetAlertX using the supplied Docker image**.
 
-A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
+> [!WARNING]
+> A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
 be dangerous, as you cannot see the code that's about to be executed on your system.
 
-Alternatively you can download the installation script `install/install.debian.sh` from the repository and check the code yourself (beware other scripts are
-downloaded too - only from this repo).
+If you trust this repo, you can download the install script via one of the methods (curl/wget) below and it will fo its best to install NetAlertX on your system.
+
+Alternatively you can download the installation script from the repository and check the code yourself.
 
 NetAlertX will be installed in `/app` and run on port number `20211`.
 
 Some facts about what and where something will be changed/installed by the HW install setup (may not contain everything!):
 
+- dependencies will be installed from the respective system repos
+- required python modules will be installed
 - `/app` directory will be deleted and newly created
-- `/app` will contain the whole repository (downloaded by `install/install.debian.sh`)
+- `/app` will contain the whole repository (downloaded by the install script)
 - The default NGINX site `/etc/nginx/sites-enabled/default` will be disabled (sym-link deleted or backed up to `sites-available`)
 - `/var/www/html/netalertx` directory will be deleted and newly created
-- `/etc/nginx/conf.d/netalertx.conf` will be sym-linked to `/app/install/netalertx.debian.conf`
+- `/etc/nginx/conf.d/netalertx.conf` will be sym-linked to the appropriate installer location (depending on your system installer script)
 - Some files (IEEE device vendors info, ...) will be created in the directory where the installation script is executed
 
 ## Limitations
 
-- No system service is provided. NetAlertX must be started using `/app/install/start.debian.sh`.
+- No system service is provided. NetAlertX must be started using `/app/install/<system>/start.<system>.sh`.
 - No checks for other running software is done.
-- Only tested to work on Debian Bookworm (Debian 12).
+- Only tested to work on the system listed in the install directory.
 - **EXPERIMENTAL** and not recommended way to install NetAlertX.
 
-## 📥 Installation via CURL
-
 > [!TIP]  
 > If the below fails try grabbing and installing one of the [previous releases](https://github.com/jokob-sk/NetAlertX/releases) and run the installation from the zip package.
 
-```bash
-curl -o install.debian.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
-```
-
-## 📥 Installation via WGET
-
-```bash
-wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh -O install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
-```
-
-These commands will download the `install.debian.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.debian.sh`.
+These commands will download the `install.debian12.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.debian12.sh`.
 
 Make sure you have the necessary permissions to execute the script.
+
+
+## 📥 Debian 12 (Bookworm)
+
+### Installation via curl
+```bash
+curl -o install.debian12.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/debian12/install.debian12.sh && sudo chmod +x install.debian12.sh && sudo ./install.debian12.sh
+```
+
+### Installation via wget
+
+```bash
+wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/debian12/install.debian12.sh -O install.debian12.sh && sudo chmod +x install.debian12.sh && sudo ./install.debian12.sh
+```
+
+## 📥 Ubuntu 24 (Noble Numbat)
+
+### Installation via curl
+```bash
+curl -o install.ubuntu24.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
+```
+
+### Installation via wget
+
+```bash
+wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh -O install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
+```

docs/INITIAL_SETUP.md

@@ -1,42 +1,109 @@
-# ⚙ Initial Setup
+# ⚡ Quick Start Guide
 
-## 📁 Configuration Files
-
-- On first run, the app generates a default `app.conf` and `app.db` if unavailable.
-- Preferred method: Use the **Settings UI**.
-- If the UI is inaccessible, manually edit [`app.conf`](https://github.com/jokob-sk/NetAlertX/tree/main/back) in `/app/config/`.
+Get **NetAlertX** up and running in a few simple steps.
 
 ---
 
-## 🖥️ Setting Up Scanners
+### 1. Configure Scanner Plugin(s)
 
-- Define networks to scan by entering accessible subnets.
-- Default plugin: **ARPSCAN** → Requires at least one valid subnet + interface in `SCAN_SUBNETS`.
-- 📖 [Subnet & VLAN setup guide](./SUBNETS.md) (for troubleshooting and advanced scenarios).
+> [!TIP]
+> Enable additional plugins under **Settings → `LOADED_PLUGINS`**.
+> Make sure to **save** your changes and **reload the page** to activate them.
+> ![Loaded plugins settings](./img/PLUGINS/enable_plugin.gif)
 
-### 🔄 PiHole Sync
-- If using **PiHole**, devices can be synced automatically.  
-- 📖 [PiHole configuration guide](./PIHOLE_GUIDE.md).
+**Initial configuration**: `ARPSCAN`, `INTRNT`
 
-### 📦 Bulk Import
 > [!NOTE]
-> You can bulk-import devices via the [CSV import method](./DEVICES_BULK_EDITING.md).
+> `ARPSCAN` and `INTRNT` scan the current network. You can complement them with other `🔍 dev scanner` plugins like `NMAPDEV`, or import devices using `📥 importer` plugins.
+> See the [Subnet & VLAN Setup Guide](./SUBNETS.md) and [Remote Networks](./REMOTE_NETWORKS.md) for advanced configurations.
 
 ---
 
-## 🌍 Community Guides
+### 2. Choose a Publisher Plugin
 
-- Various community-written configuration guides in **Chinese, Korean, German, French**.  
-- 📖 [Community Guides](./COMMUNITY_GUIDES.md)  
+**Initial configuration**: `SMTP`
 
-> ⚠️ **Note:** These guides may be outdated. Always refer to the official documentation first.
+> [!NOTE]
+> Configure your SMTP settings or enable additional `▶️ publisher` plugins to send alerts.
+> For more flexibility, try [📚 `_publisher_apprise`](/front/plugins/_publisher_apprise/), which supports over 80 notification services.
 
 ---
 
-## 🛠️ Common Issues
+### 3. Set Up a Network Topology Diagram
 
-Before creating a new issue:
+![Network tree](./img/NETWORK_TREE/Network_tree_details.png)
 
-- Check if a similar issue was [already resolved](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed).
-- Review [common debugging tips](./DEBUG_TIPS.md).
-- Check [Common Issues](./COMMON_ISSUES.md)
+**Initial configuration**: The app auto-selects a root node (MAC `internet`) and attempts to identify other network devices by vendor or name.
+
+> [!NOTE]
+> Visualize and manage your network using the [Network Guide](./NETWORK_TREE.md).
+> Some plugins (e.g., `UNFIMP`) build the topology automatically, or you can use [Custom Workflows](./WORKFLOWS.md) to generate it based on your own rules.
+
+---
+
+### 4. Configure Notifications
+
+![Notification settings](./img/NOTIFICATIONS/Global-notification-settings.png)
+
+**Initial configuration**: Notifies on `new_devices`, `down_devices`, and `events` as defined in `NTFPRCS_INCLUDED_SECTIONS`.
+
+> [!NOTE]
+> Notification settings support global, plugin-specific, and per-device rules.
+> For fine-tuning, refer to the [Notification Guide](./NOTIFICATIONS.md).
+
+---
+
+### 5. Set Up Workflows
+
+![Workflows](./img/WORKFLOWS/workflows.png)
+
+**Initial configuration**: N/A
+
+> [!NOTE]
+> Automate responses to device status changes, group management, topology updates, and more.
+> See the [Workflows Guide](./WORKFLOWS.md) to simplify your network operations.
+
+---
+
+### 6. Backup Your Configuration
+
+![Backups](./img/BACKUPS/Maintenance_Backup_Restore.png)
+
+**Initial configuration**: The `CSVBCKP` plugin creates a daily backup to `/config/devices.csv`.
+
+> [!NOTE]
+> For a complete backup strategy, follow the [Backup Guide](./BACKUPS.md).
+
+---
+
+### 7. (Optional) Create Custom Plugins
+
+[![Custom Plugin Video](./img/YouTube_thumbnail.png)](https://youtu.be/cdbxlwiWhv8)
+
+**Initial configuration**: N/A
+
+> [!NOTE]
+> Build your own scanner, importer, or publisher plugin.
+> See the [Plugin Development Guide](./PLUGINS_DEV.md) and included video tutorials.
+
+---
+
+## 📁 Recommended Guides
+
+* 📘 [PiHole Setup Guide](./PIHOLE_GUIDE.md)
+* 📘 [CSV Import Method](./DEVICES_BULK_EDITING.md)
+* 📘 [Community Guides (Chinese, Korean, German, French)](./COMMUNITY_GUIDES.md)
+
+---
+
+## 🛠️ Troubleshooting & Help
+
+Before opening a new issue:
+
+* 📘 [Common Issues](./COMMON_ISSUES.md)
+* 🧰 [Debugging Tips](./DEBUG_TIPS.md)
+* ✅ [Browse resolved GitHub issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed)
+
+---
+
+Let me know if you want a condensed README version, separate pages for each section, or UI copy based on this!

docs/MIGRATION.md

@@ -1,7 +1,7 @@
 # Migration form PiAlert to NetAlertX
 
 > [!WARNING] 
-> Follow this guide only after you you downloaded and started NetAlert X at least once after previously using the PiAlert image.
+> Follow this guide only after you you downloaded and started a version of NetAlertX prior to v25.6.7 (e.g. `docker pull ghcr.io/jokob-sk/netalertx:25.5.24`) at least once after previously using the PiAlert image. Later versions don't support migration and devices and settings will have to migrated manually, e.g. via [CSV import](./DEVICES_BULK_EDITING.md).
 
 ## STEPS: 
 

docs/NAME_RESOLUTION.md

@@ -2,6 +2,12 @@
 
 Name resolution in NetAlertX relies on multiple plugins to resolve device names from IP addresses. If you are seeing `(name not found)` as device names, follow these steps to diagnose and fix the issue.
 
+> [!TIP]  
+> Before proceeding, make sure [Reverse DNS](./REVERSE_DNS.md) is enabled on your network.  
+> You can control how names are handled and cleaned using the `NEWDEV_NAME_CLEANUP_REGEX` setting.  
+> To auto-update Fully Qualified Domain Names (FQDN), enable the `REFRESH_FQDN` setting.
+
+
 ## Required Plugins
 
 For best results, ensure the following name resolution plugins are enabled:
@@ -9,6 +15,7 @@ For best results, ensure the following name resolution plugins are enabled:
 - **AVAHISCAN** – Uses mDNS/Avahi to resolve local network names.
 - **NBTSCAN** – Queries NetBIOS to find device names.
 - **NSLOOKUP** – Performs standard DNS lookups.
+- **DIGSCAN** – Performs Name Resolution with the Dig utility (DNS).
 
 You can check which plugins are active in your _Settings_ section and enable any that are missing.
 

docs/NETWORK_TREE.md

@@ -1,63 +1,110 @@
-## How to setup your Network page
+## How to Set Up Your Network Page
 
-Make sure you have a root device with the MAC `Internet` (No other MAC addresses are currently supported as the root node) set to a network device type (e.g.: **Type**:`Router`).
+The **Network** page lets you map how devices connect — visually and logically.  
+It’s especially useful for planning infrastructure, assigning parent-child relationships, and spotting gaps.
 
-> 💡 Tip: You can add dummy devices via the [Create dummy device](./DEVICE_MANAGEMENT.md#dummy-devices) button in the Devices listing page.
+![Network tree details](./img/NETWORK_TREE/Network_Sample.png)
 
-> 💡 Tip: Export your configuration of the Network and Devices once in a while via the Export CSV feature under **Maintenance** -> **Backup/Restore** -> **CSV Export**.   
+To get started, you’ll need to define at least one root node and mark certain devices as network nodes (like Switches or Routers).
 
-## ⚡Quick setup:
+---
 
-* Go to a Device you want to use as network device (network nodes, such as a Switch). 
-* Set the **Type** of such a device to one of the following: AP, Firewall, Gateway, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN (you can create a custom network type device with in Settings -> General -> `NETWORK_DEVICE_TYPES`).
-* Save and go to Network where the devices you've marked as network devices (by selecting the Type as mentioned above) will show up as tabs.
-* You can now assign the Unassigend devices to the network node.
-* If port is empty or 0 a wifi icon is rendered, otherwise a ethernet port icon.
+Start by creating a root device with the MAC address `Internet`, if the application didn’t create one already.  
+This special MAC address (`Internet`) is required for the root network node — no other value is currently supported.  
+Set its **Type** to a valid network type — such as `Router` or `Gateway`.
 
+> [!TIP]  
+> If you don’t have one, use the [Create new device](./DEVICE_MANAGEMENT.md#dummy-devices) button on the **Devices** page to add a root device.
+
+---
+
+## ⚡ Quick Setup
+
+1. Open the device you want to use as a network node (e.g. a Switch).
+2. Set its **Type** to one of the following:  
+   `AP`, `Firewall`, `Gateway`, `PLC`, `Powerline`, `Router`, `Switch`, `USB LAN Adapter`, `USB WIFI Adapter`, `WLAN`  
+   *(Or add custom types under **Settings → General → `NETWORK_DEVICE_TYPES`**.)*
+3. Save the device.
+4. Go to the **Network** page — supported device types will appear as tabs.
+5. Use the **Assign** button to connect unassigned devices to a network node.
+6. If the **Port** is `0` or empty, a Wi-Fi icon is shown. Otherwise, an Ethernet icon appears.
 
 > [!NOTE]  
->
-> [Bulk-edit devices](./DEVICES_BULK_EDITING.md) by using the _CSV Export_ functionality in the _Maintenance_ section. You can use this to fix `Internet` node assignment issues. 
+> Use [bulk editing](./DEVICES_BULK_EDITING.md) with _CSV Export_ to fix `Internet` root assignments or update many devices at once.
 
-## 🔍Detailed example:
+---
 
-In this example you will setup a device named `rapberrypi` as a `Switch` in our network. 
+## Example: Setting up a `raspberrypi` as a Switch
 
-### 1. Device details page
+Let’s walk through setting up a device named `raspberrypi` to act as a network Switch that other devices connect through.
 
-- Go to the `Devices` (1) page:
+---
 
-![Device details](./img/NETWORK_TREE/Device_Details_Network_Type.png)
+### 1. Set Device Type and Parent
 
-- In the (2) `Details` tab navigate to the the `Type` (3) dropdown and select the type `Switch` (4).
+- Go to the **Devices** page  
+- Open the device detail view for `raspberrypi`
+- In the **Type** dropdown, select `Switch`
 
-> Note: Only the following device types will show up as selectable Network nodes ( = devices you can connect other devices to):
-> AP, Firewall, Gateway, Hypervisor, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN. Custom types can be added via the `NETWORK_DEVICE_TYPES` setting.
+![Device details](./img/NETWORK_TREE/Network_Device_Details.png)
 
-- Assign a device to your root device from the `Node` (5) dropdown which has the MAC `Internet` (6) (Your name may differ, but the MAC needs to be set to `Internet` - this is done by default). 
+- Optionally assign a **Parent Node** (where this device connects to) and the **Relationship type** of the connection.  
+  The `nic` relationship type can affect parent notifications — see the setting description and [Notifications documentation](./NOTIFICATIONS.md) for more.
 
-- Save your changes (7)
+![Device details](./img/NETWORK_TREE/Network_Device_Details_Parent.png)  
 
-### 2. Network page
+> [!NOTE]  
+> Only certain device types can act as network nodes:  
+> `AP`, `Firewall`, `Gateway`, `Hypervisor`, `PLC`, `Powerline`, `Router`, `Switch`, `USB LAN Adapter`, `USB WIFI Adapter`, `WLAN`  
+> You can add custom types via the `NETWORK_DEVICE_TYPES` setting.
 
-- Navigate to your `Network` (1) page:
+- Click **Save**
 
-![Network page](./img/NETWORK_TREE/Network_Page.png)
+---
 
-- Notice the newly added `raspberrypi` (2) tab which now represents a network node, also showing up in the tree (3).
-- As we asssigned the `raspberrypi` in the previous (1) Device details page section to the `Internet` parent network node in step (6), the link is also showing up in the tree diagram (4)
-- We can now assign the device `(AppleTV)` (5) to this `raspberrypi` node, representing a network Switch in this example
+### 2. Confirm The Device Appears as a Network Node
 
-### 3. Network page with 2 levels
+You can confirm that `raspberrypi` now acts as a network device in two places:
 
-- After clicking the `Assign` button in the previous section, the `(AppleTV)` (1) device is now connected to our `raspberrypi` (2).
+- Navigate to a different device and verify that `raspberrypi` now appears as an option for a **Parent Node**:
 
-![Network page with 2 levels](./img/NETWORK_TREE/Network_Page_2_Levels.png)
+![Parent Node dropdown](./img/NETWORK_TREE/Network_Device_ParentDropdown.png)
 
-- You can see the `raspberrypi` represents the Network node type `Switch` (3)
-- The `(AppleTV)` to `raspberrypi` connection is also displayed in the table of `Connected devices` (4).
-- You can also see that our `raspberrypi` node is connected to it's Parent network device node with the MAC `Internet` (5). This connection again shows up in the tree (6) as well.
+- Go to the **Network** page — you'll now see a `raspberrypi` tab, meaning it's recognized as a network node (Switch):
 
+![Network page](./img/NETWORK_TREE/Network_Assign.png)
 
+- You can now assign other devices to it.
 
+---
 
+### 3. Assign Connected Devices
+
+- Use the **Assign** button to link other devices (e.g. PCs) to `raspberrypi`.
+- After assigning, connected devices will appear beneath the `raspberrypi` switch node.  
+
+![Assigned nodes](./img/NETWORK_TREE/Network_Assigned_Nodes.png)
+
+- Relationship lines may vary in color based on the selected Relationship type. These are editable on the device details page where you can also assign a parent node.
+
+![Hover detail](./img/NETWORK_TREE/Network_tree_setup_hover.png)
+
+> Hovering over devices in the tree reveals connection details and tooltips for quick inspection.
+
+> [!NOTE]
+> Selecting certain relationship types hides the device in the default device views.  
+> You can change this behavior by adjusting the `UI_hide_rel_types` setting, which by default is set to `["nic","virtual"]`.  
+> This means devices with `devParentRelType` set to `nic` or `virtual` will not be shown.  
+> All devices, regardless of relationship type, are always accessible in the **All devices** view.
+
+---
+
+## ✅ Summary
+
+To configure devices on the **Network** page:
+
+- Ensure a device with MAC `Internet` is set up as the root
+- Assign valid **Type** values to switches, routers, and other supported nodes that represent network devices
+- Use the **Assign** button to connect devices logically to their parent node
+
+Need to reset or undo changes? [Use backups](./BACKUPS.md) or [bulk editing](./DEVICES_BULK_EDITING.md) to manage devices at scale. You can also automate device assignment with [Workflows](./WORKFLOWS.md).

docs/NOTIFICATIONS.md

@@ -15,11 +15,12 @@ There are 4 ways how to influence notifications:
 
 ![Device notification settings](./img/NOTIFICATIONS/Device-notification-settings.png)
 
-There are 4 settings on the device for influencing notifications. You can:
+The following device properties influence notifications. You can:
 
 1. **Alert Events** - Enables alerts of connections, disconnections, IP changes (down and down reconnected notifications are still sent even if this is disabled).
 2. **Alert Down** - Alerts when a device goes down. This setting overrides a disabled **Alert Events** setting, so you will get a notification of a device going down even if you don't have **Alert Events** ticked. Disabling this will disable down and down reconnected notifications on the device.
 3. **Skip repeated notifications**, if for example you know there is a temporary issue and want to pause the same notification for this device for a given time.
+4. **Require NICs Online** - Indicates whether this device should be considered online only if all associated NICs (devices with the `nic` relationship type) are online. If disabled, the device is considered online if any NIC is online. If a NIC is online it sets the parent (this) device's status to online irrespectivelly of the detected device's status. The Relationship type is set on the childern device.
 
 > [!NOTE]
 > Please read through the [NTFPRCS plugin](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/notification_processing/README.md) documentation to understand how device and global settings influence the notification processing. 

docs/PERFORMANCE.md

@@ -85,8 +85,8 @@ services:
       # (Optional) Useful for debugging setup issues
       - local/path/logs:/app/log
       # (API: OPTION 1) Store temporary files in memory (recommended for performance)
-      - type: tmpfs              # ◀ 
-        target: /app/api         # ◀ 
+      - type: tmpfs              # ◀ 🔺
+        target: /app/api         # ◀ 🔺
       # (API: OPTION 2) Store API data on disk (useful for debugging)
       # - local/path/api:/app/api
     environment:

docs/PLUGINS.md

@@ -9,7 +9,7 @@ NetAlertX supports additional plugins to extend its functionality, each with its
 
 > [!TIP]
 > You can load additional Plugins via the General -> `LOADED_PLUGINS` setting. You need to save the settings for the new plugins to load (cache/page reload may be necessary). 
-> ![Loaded plugins settings](./img/PLUGINS/loaded_plugins_setting.png)
+> ![Loaded plugins settings](./img/PLUGINS/enable_plugin.gif)
 
 1. Pick your `🔍 dev scanner` plugin (e.g. `ARPSCAN` or `NMAPDEV`), or import devices into the application with an `📥 importer` plugin. (See **Enabling plugins** below)
 2. Pick a `▶️ publisher` plugin, if you want to send notifications. If you don't see a publisher you'd like to use, look at the  [📚_publisher_apprise](/front/plugins/_publisher_apprise/) plugin which is a proxy for over 80 notification services. 
@@ -43,54 +43,55 @@ NetAlertX supports additional plugins to extend its functionality, each with its
  
 Device-detecting plugins insert values into the `CurrentScan` database table.  The plugins that are not required are safe to ignore, however, it makes sense to have at least some device-detecting plugins enabled, such as `ARPSCAN` or `NMAPDEV`. 
 
-
-| ID            | Type    | Description                                | Features | Required | Data source  | Detailed docs                                                       |
-|---------------|---------|--------------------------------------------|----------|----------|--------------|---------------------------------------------------------------------|
-| `APPRISE`     | ▶️      | Apprise notification proxy                |           |          | Script       | [_publisher_apprise](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_apprise/)          |
-| `ARPSCAN`     | 🔍      | ARP-scan on current network               |           |          | Script       | [arp_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/arp_scan/)                              |
-| `AVAHISCAN`   | 🆎      | Avahi (mDNS-based) name resolution        |           |          | Script       | [avahi_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/avahi_scan/)                          |
-| `ASUSWRT`     | 🔍       | Import connected devices from AsusWRT    |           |          | Script       | [asuswrt_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/asuswrt_import/)                  |
-| `CSVBCKP`     | ⚙       | CSV devices backup                        |           |          | Script       | [csv_backup](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup/)                          |
-| `CUSTPROP`    | ⚙       | Managing custom device properties values  |           |  Yes     | Template     | [custom_props](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/custom_props/)                      |
-| `DBCLNP`      | ⚙       | Database cleanup                          |           |  Yes*    | Script       | [db_cleanup](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/db_cleanup/)                          |
-| `DDNS`        | ⚙       | DDNS update                               |           |          | Script       | [ddns_update](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ddns_update/)                        |
-| `DHCPLSS`     | 🔍/📥/🆎| Import devices from DHCP leases          |           |          | Script       | [dhcp_leases](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dhcp_leases/)                        |
-| `DHCPSRVS`    | ♻       | DHCP servers                              |           |          | Script       | [dhcp_servers](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dhcp_servers/)                      |
-| `FREEBOX`     | 🔍/♻/🆎| Pull data and names from Freebox/Iliadbox |          |          | Script       | [freebox](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/freebox/)                                 |
-| `ICMP`        | ♻      | ICMP (ping) status checker                |           |          | Script       | [icmp_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/icmp_scan/)                            |
-| `INTRNT`      | 🔍      | Internet IP scanner                       |           |          | Script       | [internet_ip](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/internet_ip/)                        |
-| `INTRSPD`     | ♻       | Internet speed test                       |           |          | Script       | [internet_speedtest](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/internet_speedtest/)          |
-| `IPNEIGH`     | 🔍       | Scan ARP (IPv4) and NDP (IPv6) tables    |           |          | Script       | [ipneigh](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ipneigh/)                                |
-| `LUCIRPC`     | 🔍       | Import connected devices from OpenWRT    |           |          | Script       | [luci_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/luci_import/)                        |
-| `MAINT`       | ⚙       | Maintenance of logs, etc.                 |           |          | Script       | [maintenance](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/maintenance/)                        |
-| `MQTT`        | ▶️      | MQTT for synching to Home Assistant       |           |          | Script       | [_publisher_mqtt](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_mqtt/)                |
-| `NBTSCAN`     | 🆎       | Nbtscan (NetBIOS-based) name resolution  |           |          | Script       | [nbtscan_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nbtscan_scan/)                      |
-| `NEWDEV`      | ⚙       | New device template                       |           |  Yes     | Template     | [newdev_template](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/newdev_template/)                |
-| `NMAP`        | ♻       | Nmap port scanning & discovery            |           |          | Script       | [nmap_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_scan/)                            |
-| `NMAPDEV`     | 🔍      | Nmap dev scan on current network          |           |          | Script       | [nmap_dev_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_dev_scan/)                    |
-| `NSLOOKUP`    | 🆎       | NSLookup (DNS-based) name resolution     |           |          | Script       | [nslookup_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nslookup_scan/)                    |
-| `NTFPRCS`     | ⚙       | Notification processing                   |           |  Yes     | Template     | [notification_processing](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/notification_processing/)|
-| `NTFY`        | ▶️      | NTFY notifications                        |           |          | Script       | [_publisher_ntfy](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_ntfy/)                |
-| `OMDSDN`      | 📥/🆎   | OMADA TP-Link import                      |   🖧 🔄  |          | Script       | [omada_sdn_imp](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/omada_sdn_imp/)                    |
-| `OMDSDNOPENAPI`| 📥/🆎   | OMADA TP-Link import via OpenAPI        |   🖧      |          | Script       | [omada_sdn_openapi](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/omada_sdn_openapi/)                    |
-| `PIHOLE`      | 🔍/🆎/📥| Pi-hole device import & sync             |           |          | SQLite DB    | [pihole_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/pihole_scan/)                        |
-| `PUSHSAFER`   | ▶️      | Pushsafer notifications                   |           |          | Script       | [_publisher_pushsafer](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_pushsafer/)      |
-| `PUSHOVER`    | ▶️      | Pushover notifications                    |           |          | Script       | [_publisher_pushover](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_pushover/)        |
-| `SETPWD`      | ⚙       | Set password                              |           |  Yes     | Template     | [set_password](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/set_password/)                      |
-| `SMTP`        | ▶️      | Email notifications                       |           |          | Script       | [_publisher_email](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_email/)              |
-| `SNMPDSC`     | 🔍/📥   | SNMP device import & sync                 |           |          | Script       | [snmp_discovery](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/snmp_discovery/)                  |
-| `SYNC`        | 🔍/⚙/📥| Sync & import from NetAlertX instances    |   🖧 🔄   | Yes     | Script        | [sync](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/sync/)                                      |
-| `TELEGRAM`    | ▶️      | Telegram notifications                    |           |          | Script       | [_publisher_telegram](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_telegram/)        |
-| `UI`          | ♻       | UI specific settings                      |           |  Yes     | Template     | [ui_settings](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ui_settings/)                        |
-| `UNFIMP`      | 🔍/📥/🆎| UniFi device import & sync               |  🖧       |          | Script       | [unifi_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/unifi_import/)                      |
-| `VNDRPDT`     | ⚙       | Vendor database update                    |           |          | Script       | [vendor_update](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/vendor_update/)                    |
-| `WEBHOOK`     | ▶️      | Webhook notifications                     |           |          | Script       | [_publisher_webhook](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_webhook/)          |
-| `WEBMON`      | ♻       | Website down monitoring                   |           |          | Script       | [website_monitor](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/website_monitor/)                |
-| `WOL`         | ♻       | Automatic wake-on-lan                     |           |          | Script       | [wake_on_lan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/wake_on_lan/)                        |
+| ID              | Plugin docs                                                                                                      | Type     | Description                               | Features | Required |
+| --------------- | ------------------------------------------------------------------------------------------------------------------ | -------- | ----------------------------------------- | -------- | -------- |
+| `APPRISE`       | [_publisher_apprise](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_apprise/)          | ▶️       | Apprise notification proxy                |          |          |
+| `ARPSCAN`       | [arp_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/arp_scan/)                               | 🔍       | ARP-scan on current network               |          |          |
+| `AVAHISCAN`     | [avahi_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/avahi_scan/)                           | 🆎       | Avahi (mDNS-based) name resolution        |          |          |
+| `ASUSWRT`       | [asuswrt_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/asuswrt_import/)                   | 🔍       | Import connected devices from AsusWRT     |          |          |
+| `CSVBCKP`       | [csv_backup](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup/)                           | ⚙        | CSV devices backup                        |          |          |
+| `CUSTPROP`      | [custom_props](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/custom_props/)                       | ⚙        | Managing custom device properties values  |          | Yes      |
+| `DBCLNP`        | [db_cleanup](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/db_cleanup/)                           | ⚙        | Database cleanup                          |          | Yes\*    |
+| `DDNS`          | [ddns_update](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ddns_update/)                         | ⚙        | DDNS update                               |          |          |
+| `DHCPLSS`       | [dhcp_leases](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dhcp_leases/)                         | 🔍/📥/🆎 | Import devices from DHCP leases           |          |          |
+| `DHCPSRVS`      | [dhcp_servers](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dhcp_servers/)                       | ♻        | DHCP servers                              |          |          |
+| `DIGSCAN`       | [dig_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dig_scan/)                               | 🆎       | Dig (DNS) Name resolution                 |          |          |
+| `FREEBOX`       | [freebox](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/freebox/)                                  | 🔍/♻/🆎  | Pull data and names from Freebox/Iliadbox |          |          |
+| `ICMP`          | [icmp_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/icmp_scan/)                             | ♻        | ICMP (ping) status checker                |          |          |
+| `INTRNT`        | [internet_ip](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/internet_ip/)                         | 🔍       | Internet IP scanner                       |          |          |
+| `INTRSPD`       | [internet_speedtest](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/internet_speedtest/)           | ♻        | Internet speed test                       |          |          |
+| `IPNEIGH`       | [ipneigh](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ipneigh/)                                  | 🔍       | Scan ARP (IPv4) and NDP (IPv6) tables     |          |          |
+| `LUCIRPC`       | [luci_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/luci_import/)                         | 🔍       | Import connected devices from OpenWRT     |          |          |
+| `MAINT`         | [maintenance](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/maintenance/)                          | ⚙        | Maintenance of logs, etc.                 |          |          |
+| `MQTT`          | [_publisher_mqtt](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_mqtt/)                | ▶️       | MQTT for synching to Home Assistant       |          |          |
+| `NBTSCAN`       | [nbtscan_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nbtscan_scan/)                       | 🆎       | Nbtscan (NetBIOS-based) name resolution   |          |          |
+| `NEWDEV`        | [newdev_template](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/newdev_template/)                 | ⚙        | New device template                       |          | Yes      |
+| `NMAP`          | [nmap_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_scan/)                             | ♻        | Nmap port scanning & discovery            |          |          |
+| `NMAPDEV`       | [nmap_dev_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_dev_scan/)                    | 🔍       | Nmap dev scan on current network          |          |          |
+| `NSLOOKUP`      | [nslookup_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nslookup_scan/)                     | 🆎       | NSLookup (DNS-based) name resolution      |          |          |
+| `NTFPRCS`       | [notification_processing](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/notification_processing/) | ⚙        | Notification processing                   |          | Yes      |
+| `NTFY`          | [_publisher_ntfy](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_ntfy/)                | ▶️       | NTFY notifications                        |          |          |
+| `OMDSDN`        | [omada_sdn_imp](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/omada_sdn_imp/)                    | 📥/🆎 ❌  | UNMAINTAINED use `OMDSDNOPENAPI`          | 🖧 🔄    |          |
+| `OMDSDNOPENAPI` | [omada_sdn_openapi](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/omada_sdn_openapi/)            | 📥/🆎    | OMADA TP-Link import via OpenAPI          | 🖧       |          |
+| `PIHOLE`        | [pihole_scan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/pihole_scan/)                         | 🔍/🆎/📥 | Pi-hole device import & sync              |          |          |
+| `PUSHSAFER`     | [_publisher_pushsafer](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_pushsafer/)      | ▶️       | Pushsafer notifications                   |          |          |
+| `PUSHOVER`      | [_publisher_pushover](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_pushover/)        | ▶️       | Pushover notifications                    |          |          |
+| `SETPWD`        | [set_password](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/set_password/)                       | ⚙        | Set password                              |          | Yes      |
+| `SMTP`          | [_publisher_email](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_email/)              | ▶️       | Email notifications                       |          |          |
+| `SNMPDSC`       | [snmp_discovery](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/snmp_discovery/)                   | 🔍/📥    | SNMP device import & sync                 |          |          |
+| `SYNC`          | [sync](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/sync/)                                      | 🔍/⚙/📥  | Sync & import from NetAlertX instances    | 🖧 🔄    | Yes      |
+| `TELEGRAM`      | [_publisher_telegram](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_telegram/)        | ▶️       | Telegram notifications                    |          |          |
+| `UI`            | [ui_settings](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/ui_settings/)                         | ♻        | UI specific settings                      |          | Yes      |
+| `UNFIMP`        | [unifi_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/unifi_import/)                       | 🔍/📥/🆎 | UniFi device import & sync                | 🖧       |          |
+| `UNIFIAPI`      | [unifi_api_import](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/unifi_api_import/)               | 🔍/📥/🆎 | UniFi device import (SM API, multi-site) |           |         |
+| `VNDRPDT`       | [vendor_update](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/vendor_update/)                     | ⚙        | Vendor database update                    |          |          |
+| `WEBHOOK`       | [_publisher_webhook](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_webhook/)          | ▶️       | Webhook notifications                     |          |          |
+| `WEBMON`        | [website_monitor](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/website_monitor/)                 | ♻        | Website down monitoring                   |          |          |
+| `WOL`           | [wake_on_lan](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/wake_on_lan/)                        | ♻        | Automatic wake-on-lan                     |          |          |
 
 
 > \* The database cleanup plugin (`DBCLNP`) is not _required_ but the app will become unusable after a while if not executed.
-> ❌ marked for removal
+> ❌ marked for removal/unmaintained - looking for help
 > ⌚It's recommended to use the same schedule interval for all plugins responsible for discovering new devices.
 
 

docs/PLUGINS_DEV.md

@@ -10,6 +10,9 @@ NetAlertX comes with a plugin system to feed events from third-party scripts int
 
 > (Currently, update/overwriting of existing objects is only supported for devices via the `CurrentScan` table.)
 
+> [!NOTE]
+> For a high-level overview of how the `config.json` is used and it's lifecycle check the [config.json Lifecycle in NetAlertX Guide](PLUGINS_DEV_CONFIG.md).
+
 ### 🎥 Watch the video:
 
 > [!TIP]

docs/PLUGINS_DEV_CONFIG.md

@@ -0,0 +1,146 @@
+## config.json Lifecycle in NetAlertX
+
+This document describes on a high level how `config.json` is read, processed, and used by the NetAlertX core and plugins. It also outlines the plugin output contract and the main plugin types.
+
+> [!NOTE]
+> For a deep-dive on the specific configuration options and sections of the `config.json` plugin manifest, consult the [Plugins Development Guide](PLUGINS_DEV.md).
+
+---
+
+### 1. Loading
+
+* On startup, the app core loads `config.json` for each plugin.
+* The `config.json` represents a plugin manifest, that contains metadata and runtime settings.
+
+---
+
+### 2. Validation
+
+* The core checks that each required settings key (such as `RUN`) for a plugin exists.
+* Invalid or missing values may be replaced with defaults, or the plugin may be disabled.
+
+---
+
+### 3. Preparation
+
+* The plugin’s settings (paths, commands, parameters) are prepared.
+* Database mappings (`mapped_to_table`, `database_column_definitions`) for data ingestion into the core app are parsed.
+
+---
+
+### 4. Execution
+
+* Plugins can be run at different core app execution points, such as on schedule, once on start, after a notification, etc. 
+* At runtime, the scheduler triggers plugins according to their `interval`.
+* The plugin executes its command or script.
+
+---
+
+### 5. Parsing
+
+* Plugin output is expected in **pipe (`|`)-delimited format**.
+* The core parses lines into fields, matching the **plugin interface contract**.
+
+---
+
+### 6. Mapping
+
+* Each parsed field is moved into the `Plugins_` database tables and can be mapped into a configured database table.
+* Controlled by `database_column_definitions` and `mapped_to_table`.
+* Example: `Object_PrimaryID → Devices.MAC`.
+
+---
+
+### 6a. Plugin Output Contract
+
+Each plugin must output results in the **plugin interface contract format**, pipe (`|`)-delimited values, in the column order described under [Plugin Interface Contract](PLUGINS_DEV.md)
+
+#### IDs
+
+  * `Object_PrimaryID` and `Object_SecondaryID` identify the record (e.g. `MAC|IP`).
+
+#### **Watched values (`Watched_Value1–4`)**
+
+  * Used by the core to detect changes between runs.
+  * Changes here can trigger **notifications**.
+
+#### **Extra value (`Extra`)**
+
+  * Optional, extra field.
+  * Stored in the database but **not used for alerts**.
+
+#### **Helper values (`Helper_Value1–3`)**
+
+  * Added for cases where more than IDs + watched + extra are needed.
+  * Can be made visible in the UI.
+  * Stored in the database but **not used for alerts**.
+
+#### **Mapping matters**
+
+  * While the plugin output is free-form, the `database_column_definitions` and `mapped_to_table` settings in `config.json` determine the **target columns and data types** in NetAlertX.
+
+---
+
+### 7. Persistence
+
+* Data is upserted into the database.
+* Conflicts are resolved using `Object_PrimaryID` + `Object_SecondaryID`.
+
+---
+
+### 8. Plugin Types and Expected Outputs
+
+Beyond the `data_source` setting, plugins fall into functional categories. Each has its own input requirements and output expectations:
+
+#### **Device discovery plugins**
+
+  * **Inputs:** `N/A`, subnet, or API for discovery service, or similar.
+  * **Outputs:** At minimum `MAC` and `IP` that results in a new or updated device records in the `Devices` table.
+  * **Mapping:** Must be mapped to the `CurrentScan` table via `database_column_definitions` and `data_filters`.
+  * **Examples:** ARP-scan, NMAP device discovery (e.g., `ARPSCAN`, `NMAPDEV`).
+
+#### **Device-data enrichment plugins**
+
+  * **Inputs:** Device identifier (usually `MAC`, `IP`).
+  * **Outputs:** Additional data for that device (e.g. open ports).
+  * **Mapping:** Controlled via `database_column_definitions` and `data_filters`.
+  * **Examples:** Ports, MQTT messages (e.g., `NMAP`, `MQTT`)
+
+#### **Name resolver plugins**
+
+  * **Inputs:** Device identifiers (MAC, IP, or hostname).
+  * **Outputs:** Updated `devName` and `devFQDN` fields.
+  * **Mapping:** Not expected.
+  * **Note:** Currently requires **core app modification** to add new plugins, not fully driven by the plugins’ `config.json`.
+  * **Examples:** Avahiscan (e.g., `NBTSCAN`, `NSLOOKUP`).
+
+#### **Generic plugins**
+
+  * **Inputs:** Whatever the script or query provides.
+  * **Outputs:** Data shown only in **Integrations → Plugins**, not tied to devices.
+  * **Mapping:** Not expected.
+  * **Examples:** External monitoring data (e.g., `INTRSPD`)
+
+#### **Configuration-only plugins**
+
+  * **Inputs/Outputs:** None at runtime.
+  * **Mapping:** Not expected. 
+  * **Examples:** Used to provide additional settings or execute scripts (e.g., `MAINT`, `CSVBCKP`).
+
+---
+
+### 9. Post-Processing
+
+* Notifications are generated if watched values change.
+* UI is updated with new or updated records.
+* All values that are configured to be shown in teh UI appear in the Plugins section.
+
+---
+
+### 10. Summary
+
+The lifecycle of `config.json` entries is:
+
+**Load → Validate → Prepare → Execute → Parse → Map → Persist → Post-process**
+
+Plugins must follow the **output contract**, and their category (discovery, specific, resolver, generic, config-only) defines what inputs they require and what outputs are expected.

docs/REVERSE_DNS.md

@@ -2,6 +2,11 @@
 
 If you are running a DNS server, such as **AdGuard**, set up **Private reverse DNS servers** for a better name resolution on your network. Enabling this setting will enable NetAlertX to execute dig and nslookup commands to automatically resolve device names based on their IP addresses.
 
+> [!TIP]  
+> Before proceeding, ensure that [name resolution plugins](./NAME_RESOLUTION.md) are enabled.  
+> You can customize how names are cleaned using the `NEWDEV_NAME_CLEANUP_REGEX` setting.  
+> To auto-update Fully Qualified Domain Names (FQDN), enable the `REFRESH_FQDN` setting.
+
 
 > Example 1: Reverse DNS `disabled`
 > 

docs/REVERSE_PROXY.md

@@ -2,9 +2,13 @@
 
 > Submitted by amazing [cvc90](https://github.com/cvc90) 🙏
 
-
 > [!NOTE] 
-> There are 2 NGINX files for NetAlertX, one for the bare-metal Debian install (`netalertx.debian.conf`), and one for the docker container (`netalertx.template.conf`). Both can be found in the [install](https://github.com/jokob-sk/NetAlertX/tree/main/install) folder. Map, or use, the one appropriate for your setup. 
+> There are various NGINX config files for NetAlertX, some for the bare-metal install, currently Debian 12 and Ubuntu 24 (`netalertx.conf`), and one for the docker container (`netalertx.template.conf`).
+> 
+> The first one you can find in the respective bare metal installer folder `/app/install/\<system\>/netalertx.conf`.
+> The docker one can be found in the [install](https://github.com/jokob-sk/NetAlertX/tree/main/install) folder. Map, or use, the one appropriate for your setup.
+
+<br/>
 
 ## NGINX HTTP Configuration (Direct Path)
 
@@ -26,9 +30,11 @@
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/
+4. Check your config with `nginx -t`. If there are any issues, it will tell you.
 
-<br>
+5. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/
+
+<br/>
 
 ## NGINX HTTP Configuration (Sub Path)
 
@@ -50,13 +56,15 @@
     }
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `nginx -t`. If there are any issues, it will tell you.
+
+4. Activate the new website by running the following command:
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
+5. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
 
-<br>
+<br/>
 
 ## NGINX HTTP Configuration (Sub Path) with module ngx_http_sub_module
 
@@ -86,13 +94,15 @@
     }
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `nginx -t`. If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
+5. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
 
-<br>
+<br/>
 
 **NGINX HTTPS Configuration (Direct Path)**
 
@@ -113,13 +123,15 @@
     }
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `nginx -t`. If there are any issues, it will tell you.
+
+4. Activate the new website by running the following command:
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/
+5. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/
 
-<br>
+<br/>
 
 **NGINX HTTPS Configuration (Sub Path)**
 
@@ -143,13 +155,15 @@
     }
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `nginx -t`. If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+5. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
 
-<br>
+<br/>
 
 ## NGINX HTTPS Configuration (Sub Path) with module ngx_http_sub_module
 
@@ -181,13 +195,15 @@
     }
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `nginx -t`. If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `nginx -s reload` or `systemctl restart nginx`
 
-4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+5. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
 
-<br>
+<br/>
 
 ## Apache HTTP Configuration (Direct Path)
 
@@ -204,13 +220,15 @@
     </VirtualHost>
 ``` 
 
-3. Activate the new website by running the following command:
+3. Check your config with `httpd -t` (or `apache2ctl -t` on Debian/Ubuntu). If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `a2ensite netalertx` or `service apache2 reload`
 
-4. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
+5. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
 
-<br>
+<br/>
 
 ## Apache HTTP Configuration (Sub Path)
 
@@ -229,13 +247,15 @@
     </VirtualHost>
 ```   
 
-3. Activate the new website by running the following command:
+3. Check your config with `httpd -t` (or `apache2ctl -t` on Debian/Ubuntu). If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `a2ensite netalertx` or `service apache2 reload`
 
-4. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
+5. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
 
-<br>
+<br/>
 
 ## Apache HTTPS Configuration (Direct Path)
 
@@ -255,13 +275,15 @@
     </VirtualHost>
 ```   
 
-3. Activate the new website by running the following command:
+3. Check your config with `httpd -t` (or `apache2ctl -t` on Debian/Ubuntu). If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
     `a2ensite netalertx` or `service apache2 reload`
 
-4. Once Apache restarts, you should be able to access the proxy website at https://netalertx/
+5. Once Apache restarts, you should be able to access the proxy website at https://netalertx/
 
-<br>
+<br/>
 
 ## Apache HTTPS Configuration (Sub Path)
 
@@ -283,11 +305,15 @@
     </VirtualHost>
 ```       
 
-3. Activate the new website by running the following command:
+3. Check your config with `httpd -t` (or `apache2ctl -t` on Debian/Ubuntu). If there are any issues, it will tell you.
+   
+4. Activate the new website by running the following command:
 
    `a2ensite netalertx` or `service apache2 reload`
 
-4. Once Apache restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+5. Once Apache restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+
+<br/>
 
 ## Reverse proxy example by using LinuxServer's SWAG container.
 
@@ -349,12 +375,13 @@ location ^~ /netalertx/ {
 }
 ```
 
+<br/>
 
 ## Traefik
 
 > Submitted by [Isegrimm](https://github.com/Isegrimm) 🙏 (based on this [discussion](https://github.com/jokob-sk/NetAlertX/discussions/449#discussioncomment-7281442))
 
-Asuming the user already has a working Traefik setup, this is what's needed to make NetAlertX work at a URL like www.domain.com/netalertx/. 
+Assuming the user already has a working Traefik setup, this is what's needed to make NetAlertX work at a URL like www.domain.com/netalertx/. 
 
 Note: Everything in these configs assumes '**www.domain.com**' as your domainname and '**section31**' as an arbitrary name for your certificate setup. You will have to substitute these with your own.
 
@@ -480,4 +507,3 @@ docker run -d --rm --network=host \
   ghcr.io/jokob-sk/netalertx:latest
 
 ```
-

docs/SECURITY.md

@@ -1,29 +1,102 @@
-# Securing your NetAlertX instance
+## 🧭 Responsibility Disclaimer
 
-NetAlertX is an execution framework. In order to run scanners and plugins, the application has to have access to privileged system resources. It is not recommended to expose NetAlertX to the internet without taking basic security precautions. It is highly recommended to use a VPN to access the application and to set up a password for the web interface before exposing the UI online.
+NetAlertX provides powerful tools for network scanning, presence detection, and automation. However, **it is up to you—the deployer—to ensure that your instance is properly secured**.
 
-## VPN
+This includes (but is not limited to):
+- Controlling who has access to the UI and API
+- Following network and container security best practices
+- Running NetAlertX only on networks where you have legal authorization
+- Keeping your deployment up to date with the latest patches
 
-VPNs allow you to securely access your NetAlertX instance from remote locations without exposing it to the internet. A VPN encrypts your connection and prevents unauthorized access.
+> NetAlertX is not responsible for misuse, misconfiguration, or unsecure deployments. Always test and secure your setup before exposing it to the outside world.
 
-### Tailscale as an Alternative
+# 🔐 Securing Your NetAlertX Instance
 
-If setting up a traditional VPN is not ideal, you can use [Tailscale](https://tailscale.com/) as an easy alternative. Tailscale creates a secure, encrypted connection between your devices without complex configuration. Since NetAlertX is designed to be run on private networks, Tailscale can provide a simple way to securely connect to your instance from anywhere.
+NetAlertX is a powerful network scanning and automation framework. With that power comes responsibility. **It is your responsibility to secure your deployment**, especially if you're running it outside a trusted local environment.
 
-## Setting a Password
+---
 
-By default, NetAlertX does not enforce authentication, but it is highly recommended to set a password before exposing the web interface.
+## ⚠️ TL;DR – Key Security Recommendations
 
-Configure `SETPWD_enable_password` to `true` and enter your password in `SETPWD_password`. When enabled, a login dialog is displayed. If facing issues, you can always disable the login by setting `SETPWD_enable_password=false` in your `app.conf` file.
+- ✅ **NEVER expose NetAlertX directly to the internet without protection**
+- ✅ Use a **VPN or Tailscale** to access remotely
+- ✅ Enable **password protection** for the web UI
+- ✅ Harden your container environment (e.g., no unnecessary privileges)
+- ✅ Use **firewalls and IP whitelisting**
+- ✅ Keep the software **updated**
+- ✅ Limit the scope of **plugins and API keys**
 
-- The default password is `123456`.  
-- Passwords are stored as SHA256 hashes for security.  
+---
 
-## Additional Security Measures
+## 🔗 Access Control with VPN (or Tailscale)
 
-- **Firewall Rules**: Ensure that only trusted IPs can access the NetAlertX instance.  
-- **Limit Plugin Permissions**: Only enable the plugins necessary for your setup.  
-- **Keep Software Updated**: Regularly update NetAlertX to receive the latest security patches.  
-- **Use Read-Only API Keys**: If exposing APIs, limit privileges with read-only keys where applicable.  
+NetAlertX is designed to be run on **private LANs**, not the open internet.
 
-By following these security recommendations, you can help protect your NetAlertX instance from unauthorized access and potential misuse.
+**Recommended**: Use a VPN to access NetAlertX from remote locations.
+
+### ✅ Tailscale (Easy VPN Alternative)
+
+Tailscale sets up a private mesh network between your devices. It's fast to configure and ideal for NetAlertX.  
+👉 [Get started with Tailscale](https://tailscale.com/)
+
+---
+
+## 🔑 Web UI Password Protection
+
+By default, NetAlertX does **not** require login. Before exposing the UI in any way:
+
+1. Enable password protection:
+   ```ini
+   SETPWD_enable_password=true
+   SETPWD_password=your_secure_password
+   ```
+
+2. Passwords are stored as SHA256 hashes
+
+3. Default password (if not changed): 123456 — change it ASAP!
+
+
+> To disable authenticated login, set `SETPWD_enable_password=false` in `app.conf`
+
+
+---
+
+## 🔥 Additional Security Measures
+
+- **Firewall / Network Rules**  
+  Restrict UI/API access to trusted IPs only.
+
+- **Limit Docker Capabilities**  
+  Avoid `--privileged`. Use `--cap-add=NET_RAW` and others **only if required** by your scan method.
+
+- **Keep NetAlertX Updated**  
+  Regular updates contain bug fixes and security patches.
+
+- **Plugin Permissions**  
+  Disable unused plugins. Only install from trusted sources.
+
+- **Use Read-Only API Keys**  
+  When integrating NetAlertX with other tools, scope keys tightly.
+
+---
+
+## 🧱 Docker Hardening Tips
+
+- Use `read-only` mount options where possible (`:ro`)
+- Avoid running as `root` unless absolutely necessary
+- Consider using `docker scan` or other container image vulnerability scanners
+- Run with `--network host` **only on trusted networks** and only if needed for ARP-based scans
+
+---
+
+## 📣 Responsible Disclosure
+
+If you discover a vulnerability or security concern, please report it **privately** to:
+
+📧 [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX%20Security%20Disclosure)
+
+We take security seriously and will work to patch confirmed issues promptly. Your help in responsible disclosure is appreciated!
+
+---
+
+By following these recommendations, you can ensure your NetAlertX deployment is both powerful **and** secure.

docs/SMTP.md

@@ -1,6 +1,49 @@
-# 📧 SMTP guides
+# 📧 SMTP server guides
 
-## Using the GMX SMTP server
+The SMTP plugin supports any SMTP server. Here are some commonly used services to help speed up your configuration.
+
+> [!NOTE]
+> If you are using a self hosted SMTP server ssh into the container and verify (e.g. via ping) that your server is reachable from within the NetAlertX container. See also how to ssh into the container if you are running it as a [Home Assistant](./HOME_ASSISTANT.md) addon. 
+
+## Gmail
+    
+1. Create an app password by following the instructions from Google, you need to Enable 2FA for this to work.
+[https://support.google.com/accounts/answer/185833](https://support.google.com/accounts/answer/185833)
+
+2. Specify the following settings:
+
+```python
+    SMTP_RUN='on_notification'
+    SMTP_SKIP_TLS=True
+    SMTP_FORCE_SSL=True 
+    SMTP_PORT=465
+    SMTP_SERVER='smtp.gmail.com'
+    SMTP_PASS='16-digit passcode from google'
+    SMTP_REPORT_TO='some_target_email@gmail.com'
+```
+
+## Brevo
+
+Brevo allows for 300 free emails per day as of time of writing. 
+
+1. Create an account on Brevo: https://www.brevo.com/free-smtp-server/
+2. Click your name -> SMTP & API
+3. Click Generate a new SMTP key
+4. Save the details and fill in the NetAlertX settings as below.
+
+```python
+SMTP_SERVER='smtp-relay.brevo.com'
+SMTP_PORT=587
+SMTP_SKIP_LOGIN=False
+SMTP_USER='user@email.com'
+SMTP_PASS='xsmtpsib-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxx'
+SMTP_SKIP_TLS=False
+SMTP_FORCE_SSL=False
+SMTP_REPORT_TO='some_target_email@gmail.com'
+SMTP_REPORT_FROM='NetAlertX <user@email.com>'
+```
+
+## GMX
 
 1. Go to your GMX account https://account.gmx.com
 2. Under Security Options enable 2FA (Two-factor authentication)
@@ -21,21 +64,3 @@
     SMTP_REPORT_TO='some_target_email@gmail.com'
 ```
 
-
-## Using the Gmail SMTP server
-    
-1. Create an app password by following the instructions from Google, you need to Enable 2FA for this to work.
-[https://support.google.com/accounts/answer/185833](https://support.google.com/accounts/answer/185833)
-
-2. Specify the following settings:
-
-```python
-    SMTP_RUN='on_notification'
-    SMTP_SKIP_TLS=True
-    SMTP_FORCE_SSL=True 
-    SMTP_PORT=465
-    SMTP_SERVER='smtp.gmail.com'
-    SMTP_PASS='16-digit passcode from google'
-    SMTP_REPORT_TO='some_target_email@gmail.com'
-```
-

docs/UPDATES.md

@@ -1,10 +1,14 @@
 # Docker Update Strategies to upgrade NetAlertX
 
+> [!WARNING] 
+> For versions prior to `v25.6.7` upgrade to version `v25.5.24` first (`docker pull ghcr.io/jokob-sk/netalertx:25.5.24`) as later versions don't support a full upgrade. Alternatively, devices and settings can be migrated manually, e.g. via [CSV import](./DEVICES_BULK_EDITING.md).
+
 This guide outlines approaches for updating Docker containers, usually when upgrading to a newer version of NetAlertX. Each method offers different benefits depending on the situation. Here are the methods:
 
 - Manual: Direct commands to stop, remove, and rebuild containers.
 - Dockcheck: Semi-automated with more control, suited for bulk updates.
 - Watchtower: Fully automated, runs continuously to check and update containers.
+- Portainer: Manual with UI.
 
 You can choose any approach that fits your workflow.
 
@@ -104,10 +108,42 @@ docker run -d \
 
 ```
 
+## 4. Portainer controlled image
+
+This assumes you're using Portainer to manage Docker (or Docker Swarm) and want to pull the latest version of an image and redeploy the container.
+
+> [!NOTE]
+> * Portainer does **not auto-update** containers. For automation, use **Watchtower** or similar tools.
+> * Make sure you have the [persistent volumes mounted or backups ready](BACKUPS.md) before recreating.
+
+### 4.1 Steps to Update an Image in Portainer (Standalone Docker)
+
+1. **Login to Portainer.**
+2. Go to **"Containers"** in the left sidebar.
+3. Find the container you want to update, click its name.
+4. Click **"Recreate"** (top right).
+5. **Tick**: _Pull latest image_ (this ensures Portainer fetches the newest version from Docker Hub or your registry).
+6. Click **"Recreate"** again.
+7. Wait for the container to be stopped, removed, and recreated with the updated image.
+
+### 4.2 For Docker Swarm Services
+
+If you're using Docker Swarm (under **"Stacks"** or **"Services"**):
+
+1. Go to **"Stacks"**.
+2. Select the stack managing the container.
+3. Click **"Editor"** (or "Update the Stack").
+4. Add a version tag or use `:latest` if your image tag is `latest` (not recommended for production).
+5. Click **"Update the Stack"**. ⚠ Portainer will not pull the new image unless the tag changes OR the stack is forced to recreate.
+6. If image tag hasn't changed, go to **"Services"**, find the service, and click **"Force Update"**.
+
 ## Summary
 
-- Manual: Ideal for individual or critical updates.
-- Dockcheck: Suitable for controlled, mass updates.
-- Watchtower: Fully automated, best for continuous deployment setups.
+| Method     | Type         | Pros                            | Cons                         |
+|------------|--------------|----------------------------------|------------------------------|
+| Manual     | CLI          | Full control, no dependencies   | Tedious for many containers |
+| Dockcheck  | CLI Script   | Great for batch updates         | Needs setup, semi-automated |
+| Watchtower | Daemonized   | Fully automated updates         | Less control, version drift |
+| Portainer  | UI           | Easy via web interface          | No auto-updates             |
 
 These approaches allow you to maintain flexibility in how you update Docker containers, depending on the urgency and scale of the update.

docs/VERSIONS.md

@@ -22,4 +22,4 @@ For a comparison, this is how the UI looks like if you are on the latest stable
 
 ## Implementation details
 
-During build a [/app/front/buildtimestamp.txt](https://github.com/jokob-sk/NetAlertX/blob/092797e75ccfa8359444ad149e727358ac4da05f/Dockerfile#L44) file is created. The app then periodically checks if a new release is available with a newer timestamp in GitHub's rest-based JSON endpoint (check the `def isNewVersion():` method for details).   
+During build a [/app/front/buildtimestamp.txt](https://github.com/jokob-sk/NetAlertX/blob/092797e75ccfa8359444ad149e727358ac4da05f/Dockerfile#L44) file is created. The app then periodically checks if a new release is available with a newer timestamp in GitHub's rest-based JSON endpoint (check the `def isNewVersion:` method for details).   

docs/WEBHOOK_N8N.md

@@ -1,5 +1,8 @@
 ### Create a simple n8n workflow
 
+> [!NOTE]
+> You need to enable the `WEBHOOK` plugin first in order to follow this guide. See the [Plugins guide](./PLUGINS.md) for details.  
+
 N8N can be used for more advanced conditional notification use cases. For example, you want only to get notified if two out of a specified list of devices is down. Or you can use other plugins to process the notifiations further. The below is a simple example of sending an email on a webhook.  
 
 ![n8n workflow](./img/WEBHOOK_N8N/n8n_workflow.png)

docs/WEBHOOK_SECRET.md

@@ -1,5 +1,8 @@
 # Webhook Secrets
 
+> [!NOTE]
+> You need to enable the `WEBHOOK` plugin first in order to follow this guide. See the [Plugins guide](./PLUGINS.md) for details.  
+
 ## How does the signing work?
 
 NetAlertX will use the configured secret to create a hash signature of the request body. This SHA256-HMAC signature will appear in the `X-Webhook-Signature` header of each request to the webhook target URL. You can use the value of this header to validate the request was sent by NetAlertX.

docs/WORKFLOWS.md

@@ -1,6 +1,6 @@
 # Workflows Overview
 
-The workflows module in NetAlertX allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs.
+The workflows module in allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs.
 
 ![Workflows diagram](./img/WORKFLOWS/workflows_diagram.png)
 
@@ -63,68 +63,8 @@ You can include multiple actions that should execute once the conditions are met
 
 # Examples
 
-Below you can find a couple of configuration examples.
+You can find a couple of configuration examples in [Workflow Examples](WORKFLOW_EXAMPLES.md).
 
-![Workflow example](./img/WORKFLOWS/workflows.png)
-
----
-
-## Example 1: Assign Device to Network Node Based on IP
-
-This workflow assigns newly added devices with IP addresses in the `192.168.1.*` range to the device with the MAC address `6c:6d:6d:6c:6c:6c`.
-
-### Trigger:
-- **Object Type**: `Devices`
-- **Event Type**: `insert`
-
-### Conditions:
-- **Logic**: `AND`
-  - `Field`: `devLastIP`
-  - `Operator`: `contains`
-  - `Value`: `192.168.1.`
-  
-  This condition ensures that the workflow only applies to devices with an IP address in the `192.168.1.*` range.
-
-### Actions:
-- **Action Type**: `update_field`
-  - **Field**: `devNetworkNode`
-  - **Value**: `6c:6d:6d:6c:6c:6c`
-
----
-
-## Example 2: Mark Device as Not New and Delete If from Google Vendor
-
-This workflow automates the process of marking Google devices as not new and deleting them if they meet the criteria.
-
-### Trigger:
-- **Object Type**: `Devices`
-- **Event Type**: `update`
-
-### Conditions:
-- **Logic**: `AND`
-  - `Field`: `devVendor`
-  - `Operator`: `contains`
-  - `Value`: `Google`
-  
-  This condition checks if the device's vendor is `Google`.
-
-- **Logic**: `AND`
-  - `Field`: `devIsNew`
-  - `Operator`: `equals`
-  - `Value`: `1`
-  
-  This ensures the workflow applies only to new devices.
-
-### Actions:
-1. **Action Type**: `update_field`
-   - **Field**: `devIsNew`
-   - **Value**: `0`
-
-   This action marks the device as no longer new.
-
-2. **Action Type**: `delete_device`
-   
-   This action deletes the device after it is marked as not new.
 
 > [!TIP]
 > Share your workflows in [Discord](https://discord.com/invite/NczTUTWyRr) or [GitHub Discussions](https://github.com/jokob-sk/NetAlertX/discussions).  

docs/WORKFLOW_EXAMPLES.md

@@ -0,0 +1,185 @@
+# Workflow examples
+
+Workflows in NetAlertX automate actions based on real-time events and conditions. Below are practical examples that demonstrate how to build automation using triggers, conditions, and actions.
+
+## Example 1: Un-archive devices if detected online
+
+This workflow automatically unarchives a device if it was previously archived but has now been detected as online.
+
+### 📋 Use Case
+
+Sometimes devices are manually archived (e.g., no longer expected on the network), but they reappear unexpectedly. This workflow reverses the archive status when such devices are detected during a scan.
+
+### ⚙️ Workflow Configuration
+
+```json
+{
+  "name": "Un-archive devices if detected online",
+  "trigger": {
+    "object_type": "Devices",
+    "event_type": "update"
+  },
+  "conditions": [
+    {
+      "logic": "AND",
+      "conditions": [
+        {
+          "field": "devIsArchived",
+          "operator": "equals",
+          "value": "1"
+        },
+        {
+          "field": "devPresentLastScan",
+          "operator": "equals",
+          "value": "1"
+        }
+      ]
+    }
+  ],
+  "actions": [
+    {
+      "type": "update_field",
+      "field": "devIsArchived",
+      "value": "0"
+    }
+  ],
+  "enabled": "Yes"
+}
+```
+
+### 🔍 Explanation
+
+    - Trigger: Listens for updates to device records.
+    - Conditions:
+        - `devIsArchived` is `1` (archived).
+        - `devPresentLastScan` is `1` (device was detected in the latest scan).
+    - Action: Updates the device to set `devIsArchived` to `0` (unarchived).
+
+### ✅ Result
+
+Whenever a previously archived device shows up during a network scan, it will be automatically unarchived — allowing it to reappear in your device lists and dashboards.
+
+
+Here is your updated version of **Example 2** and **Example 3**, fully aligned with the format and structure of **Example 1** for consistency and professionalism:
+
+---
+
+## Example 2: Assign Device to Network Node Based on IP
+
+This workflow assigns newly added devices with IP addresses in the `192.168.1.*` range to a specific network node with MAC address `6c:6d:6d:6c:6c:6c`.
+
+### 📋 Use Case
+
+When new devices join your network, assigning them to the correct network node is important for accurate topology and grouping. This workflow ensures devices in a specific subnet are automatically linked to the intended node.
+
+### ⚙️ Workflow Configuration
+
+```json
+{
+  "name": "Assign Device to Network Node Based on IP",
+  "trigger": {
+    "object_type": "Devices",
+    "event_type": "insert"
+  },
+  "conditions": [
+    {
+      "logic": "AND",
+      "conditions": [
+        {
+          "field": "devLastIP",
+          "operator": "contains",
+          "value": "192.168.1."
+        }
+      ]
+    }
+  ],
+  "actions": [
+    {
+      "type": "update_field",
+      "field": "devNetworkNode",
+      "value": "6c:6d:6d:6c:6c:6c"
+    }
+  ],
+  "enabled": "Yes"
+}
+```
+
+### 🔍 Explanation
+
+* **Trigger**: Activates when a new device is added.
+* **Condition**:
+
+  * `devLastIP` contains `192.168.1.` (matches subnet).
+* **Action**:
+
+  * Sets `devNetworkNode` to the specified MAC address.
+
+### ✅ Result
+
+New devices with IPs in the `192.168.1.*` subnet are automatically assigned to the correct network node, streamlining device organization and reducing manual work.
+
+---
+
+## Example 3: Mark Device as Not New and Delete If from Google Vendor
+
+This workflow automatically marks newly detected Google devices as not new and deletes them immediately.
+
+### 📋 Use Case
+
+You may want to automatically clear out newly detected Google devices (such as Chromecast or Google Home) if they’re not needed in your device database. This workflow handles that clean-up automatically.
+
+### ⚙️ Workflow Configuration
+
+```json
+{
+  "name": "Mark Device as Not New and Delete If from Google Vendor",
+  "trigger": {
+    "object_type": "Devices",
+    "event_type": "update"
+  },
+  "conditions": [
+    {
+      "logic": "AND",
+      "conditions": [
+        {
+          "field": "devVendor",
+          "operator": "contains",
+          "value": "Google"
+        },
+        {
+          "field": "devIsNew",
+          "operator": "equals",
+          "value": "1"
+        }
+      ]
+    }
+  ],
+  "actions": [
+    {
+      "type": "update_field",
+      "field": "devIsNew",
+      "value": "0"
+    },
+    {
+      "type": "delete_device"
+    }
+  ],
+  "enabled": "Yes"
+}
+```
+
+### 🔍 Explanation
+
+* **Trigger**: Runs on device updates.
+* **Conditions**:
+
+  * Vendor contains `Google`.
+  * Device is marked as new (`devIsNew` is `1`).
+* **Actions**:
+
+  1. Set `devIsNew` to `0` (mark as not new).
+  2. Delete the device.
+
+### ✅ Result
+
+Any newly detected Google devices are cleaned up instantly — first marked as not new, then deleted — helping you avoid clutter in your device records.