Releases: adminsyspro/proxcenter-ui
Release list
v1.4.5
ProxCenter v1.4.5
Maintenance release: security compliance frameworks, a fix for the v1.4.4 OIDC role demotion, plus a batch of migration, inventory and DRS improvements.
Compliance (Enterprise)
- Security compliance frameworks. A new Frameworks tab in Compliance assesses a connection against NIST 800-53 r5, NIST 800-171 r2, CMMC Level 2 and ISO/IEC 27001:2022, reusing the existing hardening checks through a check-to-control crosswalk. Each framework shows a score donut and a satisfied / partial / failed breakdown, with a per-node result table, and exports a styled PDF report (cover, per-control table, provenance and source link) rendered by the WeasyPrint sidecar.
RBAC & access
- OIDC role preserved on login (v1.4.4 regression fix). v1.4.4 re-derived every OIDC user's role from IdP groups on each login and demoted anyone with no group match to viewer, which could lock out admins whose role was assigned manually. The re-sync is now authoritative only when a group-to-role mapping is configured and the IdP actually sent a groups array; otherwise the existing assignment is preserved, mirroring the LDAP path. First login still seeds the configured default role.
- Correct OIDC account handling. OIDC accounts now show an OIDC auth method instead of being labelled "Local", and setting a local password is blocked on OIDC and LDAP accounts on every surface (user edit dialog, profile, and the API), so an SSO account cannot gain a credentials login path that bypasses SSO and MFA. The profile shows "OIDC / SSO" as the login method with a provider-aware notice.
Migration
- SDN VNets in the network selector. The migration target-network dropdown now lists SDN VNets alongside classic Linux and OVS bridges, so nodes whose guest networks are VNets no longer get an empty list. VNets are labelled to distinguish them from bridges, and non-SDN clusters are unaffected.
- Source MAC preserved. Warm and direct-ESXi migrations now carry over the source NIC's MAC address (matching the cold / virt-v2v path), so the migrated guest keeps its network identity instead of booting with a fresh adapter and a stranded IP. The target boots only after the source is powered off, so there is no MAC collision.
- Warm migration reliability. A stale /dev/nbdN device is now released before attaching, and the warm delta-apply is chunked to stay under the SSH argument-size limit, so large or busy disks no longer fail late in the transfer.
- Cleaner vCenter logs. The misleading "vSAN datastore detected" line is no longer logged on the vCenter NFC path.
- Running LXC migration fixed. Migrating a running container now uses restart mode (restart=1) instead of online=1, which Proxmox rejects for containers, so an online CT migration no longer fails outright.
Inventory
- Open in Proxmox. A button next to the cluster or node name opens the native Proxmox web interface in a new tab. Clusters and standalone hosts open the connection origin; a cluster member node deep-links to its own management IP, falling back to the connection origin when the node IP is unknown or the connection sits behind a reverse proxy.
- Network view on VM-less clusters. The Inventory Network view now enumerates host bridges and VLANs per node, so a cluster with no VMs is no longer empty. Bridges are listed once at the node level and open a detail panel (type, VLAN, IP/CIDR, ports, vlan-aware, active/autostart, attached VMs); SDN VNet ids resolve to their friendly alias. Provider / full-cluster scope only; vDC tenants keep their pool-filtered, VM-derived data.
- Per-tenant tree state. The inventory tree expand/collapse state is scoped per tenant, so switching tenant no longer carries over the previous tenant's expansion.
- Clearer VM delete dialog. The VM delete confirmation dialog spells out exactly what will be removed.
- No clipped "100%". The percent chart Y-axis is widened so the "100%" label is no longer clipped.
DRS & maintenance
- Balance Types is now honored. The DRS load balancer respects the VM / CT Balance Types selection, which was previously a dead knob: candidates are filtered by guest type for both reactive balancing and homogenization, the setting is persisted and validated (an empty or non vm/ct value is rejected), and a guest-type gate is applied at execution time so a stale recommendation cannot move a guest of an excluded type.
- Simpler node maintenance. Entering node maintenance now just triggers Proxmox node-maintenance (HA guests are evacuated and spread by Proxmox), with a note that non-HA guests must be migrated or shut down manually. The forced single-target migration and the client-side storage scan are gone; the SSH-required notice and a disabled confirm button show only when SSH is disabled.
- DRS settings cleanup. The settings panel drops the balancing-method and balancing-mode selectors (knobs the engine never read, which also silences a backend warning), guards the Balance Types selection at a minimum of one, puts the three resource-weight sliders on one row, and adds cluster, node and guest icons with status across the exclusions and balance-types controls.
Connections
- Per-node SSH test results on failure. The cluster SSH test now shows the per-node ok / error breakdown on failure too, so one unreachable or misconfigured node no longer hides behind a bare "SSH test failed". The orchestrator resolves each node's own management IP for the test rather than reusing the connection endpoint.
Reliability
- No stale task re-alerts. Old completed tasks are no longer surfaced as new alerts about a week after they ran, when the event poller's dedup window outlived Proxmox task retention.
Security
- Patched orchestrator CVEs. The Go orchestrator's dependencies are bumped (golang.org/x/crypto, x/net, x/sys) to clear the SSH, HTML and IDNA advisories.
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.5
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.5
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.5v1.4.4
ProxCenter v1.4.4
Maintenance release: stability and security hardening, shared migration tasks, plus MSP per-tenant dashboards.
MSP & dashboards
- Header tenant switcher. Switch the active tenant from the navbar; dashboards are scoped to the selected tenant, so the provider can review each tenant's view without leaving the dashboard.
Migration
- Shared migration tasks. In-flight migrations now appear in the footer for every user, so the whole team sees what is running, with a link to the warm-migration setup docs.
- Correct stream exit code. A failed block-device transfer is now reported as a failure instead of being masked as success.
- Bounded thick-target zero-fill. Warm migration to a thick target bounds the zero-fill so it can no longer exit on a false ENOSPC on the destination volume.
Backups
- Real gateway errors. The Backups tab now surfaces the underlying gateway error instead of failing with "Unexpected token '<'" when a reverse proxy returns an HTML error page.
RBAC & access
- OIDC role re-sync on login. OIDC users re-sync their role from IdP group membership on every login, so group changes take effect immediately.
- Resource-scoped performance graphs. RRD performance graphs are scoped to the individual resource rather than the whole connection, closing an RBAC scope leak.
Reliability
- Stable performance chart axes. RRD charts show dates on the axes for multi-day timeframes, not just times.
- Stable inventory NETWORK section. The NETWORK section stays in place when a connection briefly blips instead of collapsing.
- Real errors surfaced. Guest and node API routes no longer swallow underlying errors, so failures are reported instead of showing empty data.
- Faster console previews. VM console screenshots are served as JPEG instead of raw PPM, for lighter and faster previews.
- Writable cache for the runtime user. The container creates a writable .next/cache for the non-root runtime user, fixing a startup EACCES behind some deployments.
- Safer DR config writes. Replication writes the DR config with cp -f on pmxcfs, avoiding a transient failure window during the write.
Security
- Reduced image surface. The unused npm binary is removed from the runtime image, clearing the bundled undici advisories.
- Patched CVEs. Dependency CVEs are patched (including OpenSSL on the orchestrator image), a feature-route error log is sanitized, and front-end dependencies are refreshed (postcss, tailwindcss, @novnc/novnc, next-intl, nanoid, ws).
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.4
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.4
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.4v1.4.3
ProxCenter v1.4.3
Feature release: MSP mode (whole-cluster tenant ownership), multi-license stacking, connection health diagnostics, and guest names in alerts and event emails.
MSP mode
- Whole-cluster tenant ownership. An MSP tenant can own entire Proxmox clusters (full-cluster view), alongside the existing vDC / IaaS slicing. The provider / NOC sees the whole fleet (dashboard, VMs, alerts, reports) for supervision and license aggregation, while each MSP tenant operates only its owned clusters.
- Provider provisioning. Assign or release connections to MSP tenants from Settings, with a "Tenant / vDC" ownership column on the connection lists and an owner selector when creating a connection.
- Scoped operations. MSP tenants get fleet-wide scope on their owned clusters: inventory tree, dashboard, alerts, reports, backup jobs, and VM migration among their owned connections (intra-cluster always, cross-cluster between two owned clusters).
Multi-license
- License stacking. Import additional licenses to grow fleet capacity without regenerating the primary license. Fleet-total node quota, per-tenant rollup, "Licensed to" per import, plus edit-mapping and remove, all from the Settings license tab. A single-license install behaves exactly as before (one license, no imports).
Connections
- Connection health diagnostics. A per-connection Diagnostic column and modal run read-only checks: reachability, authentication and permissions, version, cluster health / quorum / Ceph, storage, and SSH for PVE; version, auth and datastores for PBS; basic reachability for external migration sources. Works in Community mode (no orchestrator dependency).
- Nodes column collapses to the first node plus a count, with the full list on hover.
Alerts & notifications
- Guest names in alerts and event emails. VM and CT alerts and event notifications now show the guest name next to the vmid ("Name (vmid)") in the alerts table, the navbar dropdown, and the email template.
Templates
- Deploy wizard exposes real bridges and an editable VLAN tag for provider and MSP modes (vDC tenants keep the VNet picker).
Fixes
- Orchestrator API authentication. The orchestrator now reads the API key from
PROXCENTER_API_API_KEY(the value docker-compose already injects, identical to the frontend's key), so authentication can be enabled and matches the frontend. An unset key keeps authentication disabled as a safe fallback, so installs without a shared key are unaffected. - Green Score insight moves to its own row so longer suggestions stay fully readable.
- The What's New panel no longer opens automatically on a new version; open it any time from the profile menu.
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.3
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.3
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.3v1.4.2
ProxCenter v1.4.2
Feature release: warm migration for VMware (no data loss), in-browser SPICE consoles, a Ceph CRUSH topology view, role-level RBAC scopes, SSO-only and local 2FA policies, plus a security hardening sprint.
Migration
- Warm migration for VMware sources (CBT). VMware VMs migrate with changed-block tracking and a final delta sync, so there is no data loss on large or busy disks. Covers ESXi-direct and vCenter (including vSAN), single and bulk, with a go/no-go preflight and SOAP-session keepalive (#395).
- Local migration from the cluster Guests tab (node-to-node), instead of forcing cross-cluster only (#388).
- Partial-VM cleanup no longer leaks the target VMID after a failed conversion (#403).
Consoles
- In-browser SPICE console for QEMU VMs, alongside noVNC (#390).
- Serial / headless VMs show a badge instead of looping on a failing screenshot (#375).
Ceph
- CRUSH topology view in the cluster Ceph tab: read-only CRUSH tree with details and pools (#407).
- Full cluster config with working OSD flag toggles (#405).
Security & access
- Security hardening sprint: critical findings closed plus follow-ups (#369), TOFU host-key verification on the ssh2 path (#372), per-connection ws-proxy TLS and Dependabot overrides (#371), js-cookie bumped to clear a high-severity advisory (#346), Node 26 pipeline hardening for XCP-ng / Hyper-V / Nutanix (#345).
- Role-level default RBAC scope, inherited by every assignment of that role (#386).
- SSO-only login policy for OIDC (hide the local form, force the SSO redirect) (#362), plus an issuer fix for manual endpoint overrides (#361).
- Local TOTP two-factor with an admin enforcement policy (#351).
- VM User role gains the read access the Inventory needs to load (#387).
- Standalone hosts behind NAT: node management connects to the public host, not the private interface (#385).
Backups & reports
- Reports and notifications overhaul: connection scoping, backup report polish, per-category severity, and an event-email rework (English copy, task-log details, one mail per event) (#384).
- Empty guest Backups tab now explains why (no connected PBS vs no snapshots) (#399).
- "Run now" works again (a missing route returned an HTML 404) (#398).
- Real local backup time and Proxmox-style columns (#382), and legacy maxfiles is translated to prune-backups (#342).
Inventory & guests
- Clone a VM from a snapshot restore point, choosing a snapshot as the clone source (#412).
- Guest VLANs resolved from host bond sub-interfaces so tagged guests group correctly (#391).
- Resume paused VMs, allow dots in tags (#409), and the guest icon dims when off for color-blind legibility (#411).
- Dashboard widgets honor the appearance settings: font-size, corner-rounding, shared gauge (#377).
- Tree sections stay open when clicking the PROXMOX VE / NETWORK headers (#367).
Alerts
- Pull-based threshold evaluation with silence sync (#365); silences are respected in the home dashboard widget (#368).
Dependencies
- Routine bumps (@mui/lab, tsx, @tailwindcss/postcss, trivy-action, sonarqube-scan-action) and an SSO group-name trim fix for LDAP / OIDC mapping (#343).
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.2
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.2
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.2v1.4.1
ProxCenter v1.4.1
Patch release: DRS automatic-mode hardening, vSphere migration fixes,
rolling-update reliability, security.
DRS, automatic mode hardening
The automatic-mode DRS is significantly safer in this release. Several
latent issues surfaced under multi-cluster workloads with scheduled
rebalancing and are now closed.
- Per-cluster migration cap replaces the global cap as the user-facing
throttle. Operators reason per cluster, not globally, so the legacy
global setting is removed from the UI. Each cluster gets its own slot
budget, preventing one busy cluster from monopolizing every scheduled
tick (backend #5, frontend #333). - Per-target inflow cap (opt-in). Caps how many migrations may target
the same node within one Rebalance cycle, preventing ping-pong when
several recommendations converge on the same "least-loaded" node and
overshoot it. - Post-migration snowball fix.
triggerPostMigrationEvaluationno
longer auto-runsRebalance()after every load-balance or rule-violation
migration completes. The scheduled cron is now the only periodic
trigger. Maintenance evacuations still self-loop so node drains progress
batch by batch (backend #4). - Vague 1 hardening bundle (backend #3, 10 commits):
- 64-bit UUID generation prevents recommendation / migration ID collisions.
- Post-migration singleflight guards against concurrent re-entry into
Evaluate. - Exclusive scheduler registration so cron overlaps cannot fire two cycles in parallel.
- Freshness gate (StaleTTL) rejects recommendations that aged out before execution.
- Storage gate scoped strictly to maintenance evacuation + QEMU, never to automatic rule-violation migrations on local-disk VMs.
- Affinity enforcement preserved across PVE flap (zero LastSeenAt fail-closed).
- Target mutation in mergeRecommendations resets confirmation counter.
mergeRecommendationspartitions by recommendation origin (maintenance / rule / load-balance) so flags can't bleed across classes.EvacuateNodesupersedes prior pending evacuations for the same (cluster, source-node).
- DRS settings UI cleanup. Advanced section reorganized into Migration
limits, Migration behavior, and Resource weights subsections with icons.
Slider helper text moved to tooltip with?icon. Dead-knob toggles
removed ("Migrate larger first", "Prevent overprovisioning" with
misleading scope). EWMA formula descriptive block removed. - Rebalance interval supports 15m and 30m in addition to hourly options.
Migration
- Migrate-to-Proxmox button greyed out on single-disk Proxmox nodes
fixed (#331). When/is the only large filesystem on the target
(no separate/var/lib/vz, LVM-thin storage not visible todf), the
preflight returned an emptytempStorageslist, hiding the Temporary
Storage selector and silently disabling the Migrate button./tmpis
now synthesized as a fallback when the root filesystem has at least
1 GiB free, and a defensive Alert surfaces the truly degenerate case. - Long-running PVE config PUT timeouts on slow storage fixed
(#332, #334). ZFS-over-iSCSI auto-attach was failing with an 8s
timeout while the underlying PUT took 20+ seconds. The failover
masquerade then reported a fake "all cluster nodes unreachable"
error. All migration-time/qemu/{vmid}/configPUTs now use a 120s
timeout. - curl stderr surfaced + orphan LVM freed on stream failure (#316).
Rolling update
- Respect
reboot_timeoutend-to-end with sustained-online polling- verify retry (backend #2).
waitForNodeOnlineused to return on the
first online sighting. After a reboot pmxcfs can briefly report online
while corosync re-joins, then flip back to unknown. Now requires 3
consecutive online sightings (10s sustained), andverifyNodeHealth
polls for up to 60s instead of one-shot.
- verify retry (backend #2).
- Scope
reboot_timeoutdeadline to the reboot path only so a short
value doesn't shorten the standalone verify window for non-reboot
updates. - Run apt / ha-manager / ceph / reboot as root via
sudo -nwhen
the PVE connection uses a non-root SSH user (backend #1). - Surface node version and API token permission errors in the
rolling-update UI (#318).
Deployment & install
- Backfill
ORCHESTRATOR_API_KEYon upgrade and refuse placeholder
at startup (#330). Pre-v1.4.0 installs without the key, and
.env.exampleplaceholder leakage, are detected and fixed by the
installer. The frontend container refuses to boot with the placeholder. - Auto-generate
INTERNAL_API_TOKENoutside Docker for source-built
installs. - Install URL uses
proxcenter.io/install/*instead of theget.
subdomain.
AI
- Test connection for Ollama fixed (#314, #315). The provider check
was broken since the auth refactor.
Security
- SSRF guard on AI test and models endpoints (#335). The
ai/test
andai/modelsroutes accept user-supplied base URLs for Ollama and
OpenAI-compatible providers. The validator now blocks cloud metadata
endpoints (AWS 169.254.169.254, Alibaba 100.100.100.200, OCI
192.0.0.192, AWS IPv6 IMDS), strips IPv6 brackets before comparison,
and performs a DNS lookup so DNS aliases (such as*.nip.iostyle
hostnames) that resolve to blocked addresses are rejected. Loopback
and RFC1918 remain reachable for legitimate local Ollama setups.
Closes the 2 critical CodeQL alerts (js/request-forgery) on these
routes. - Bump
wsto 8.20.1 (CVE-2026-45736) (#335). - Bump bundled
npmto 11.15.0 in the runner image (covers
brace-expansion< 5.0.6 / CVE-2026-45149) (#335). - Patch bundled npm in runner image for CVE-2026-42338 (
ip-address
< 10.1.1) (#311). - Tighten enterprise.proxmox.com URL spoofing check in the license
validator (#306). - Backend: bump
go-ntlmsspto v0.1.1, Alpine base 3.19 to 3.22,
sanitise filename components against path injection in the reports
generator. - Frontend: add shell-arg validators on routes that build SSH commands,
allow testing SSH against unsaved form values.
Quality & test coverage
- New PR-only SonarCloud Quality Gate workflow with proper LCOV path
rewriting and baseline analysis on main. - New Vitest route-handler harness, with tests for the connections POST
route, SSH test endpoint, orchestrator client, and SSH helpers. - Multiple Sonar bug, vulnerability, and smell cleanups.
Dependencies
- Node 22-alpine to 26-alpine on the frontend image.
- Various dependabot bumps (eslint-config-next, stylelint,
softprops/action-gh-release).
Upgrade notes
- No schema changes since v1.4.0. PostgreSQL connection string unchanged.
- The DRS Settings UI presents
max_concurrent_migrations_per_cluster
instead ofmax_concurrent_migrations. Existing configs are
auto-migrated at runtime (per-cluster falls back to 2 when persisted
value is 0). The legacymax_concurrent_migrationsfield is still
parsed from existing YAML / DB rows but no longer enforced. rebalance_intervalnow accepts 15m and 30m in addition to the
hourly options.- AI provider URLs are now subject to an SSRF guard. URLs targeting
cloud metadata endpoints (link-local 169.254.x, Alibaba, OCI, AWS
IPv6 IMDS) are refused with an explicit error message. Local Ollama
setups usinglocalhost,127.0.0.1, or RFC1918 addresses are
unaffected.
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.1
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.1
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.1v1.4.0
ProxCenter v1.4.0
MSP / IaaS release: vDC cockpit, native IPAM, multi-tenant PBS, Postgres cutover.
Breaking change: SQLite to PostgreSQL
ProxCenter v1.4.0 drops SQLite and requires PostgreSQL. No automatic data migration ships with this release. Upgrading starts on an empty Postgres.
Why this change. SQLite's single-writer model produced visible lock contention as soon as multi-tenant workloads, vDC quotas, replication metadata, and the report generator's per-tenant queries kicked in concurrently. PostgreSQL removes those locks, scales to the cross-tenant aggregations and JSONB queries we now rely on, and unlocks the next milestone: ProxCenter running in HA with PostgreSQL streaming replication and a shared cluster store between frontend and orchestrator.
Headline feature: MSP / IaaS with vDC
ProxCenter becomes an MSP-ready IaaS surface. Tenants get a cloud-style abstraction (no node or cluster details) backed by per-tenant resource pools.
- vDC tenant cockpit (
/my-vdc) with live consumption, donut quotas (CPU, RAM, Storage, Snapshots, Backups), datacenter map, Green KPIs. - Cloud-style deploy flow with quota enforcement on every step (template, ISO, clone, qmrestore). Foreign nodes, storages, bridges refused upfront.
- Native IPAM at the vDC level: SDN VNet/subnet management, automatic IP and MAC reservation on deploy/clone/restore, PVE pool scan to merge externally created VMs.
- Per-vDC PBS bindings with auto-provisioning of namespace, sub-token, ACL, and PVE storage. Manual mode also supported.
- Tenant restore from PBS (overwrite source or restore as new VM into the tenant pool).
- Tenant-scoped PVE backup jobs with structured schedule picker, Verify/Delete actions.
- Datacenters, country, Green configuration: per-datacenter assignments tree, country flags, Green factors per node.
- Tenant-scoped reports (alerts, capacity, compliance, inventory, security, site recovery, utilization). New vDC report type gated to super-admin. Rendered via WeasyPrint sidecar with per-tenant white-label.
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.4.0
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.4.0
docker pull ghcr.io/adminsyspro/proxcenter-weasyprint:v1.4.0v1.3.5
Changes
- fix(sonar/S2871): sort sudoers paths with localeCompare for stable ordering
- fix(inventory/types): add movedTo field to DetailsPayload to match helpers payload
- chore(tsconfig): switch moduleResolution to bundler
- refactor(migration): extract crossClusterMigrate helper used by TreeDialogs and useVmActions
- fix(inventory/helpers): follow VM to its new node after intra-cluster migration
- fix(migration): follow VM after intra-cluster qmigrate, silence stale-node noise
- feat(network-flows): clearer collector-off state and faster agents probe
- fix(i18n): respect user locale in date formatting across the product
- fix(migration): set pre-enrolled-keys=1 on efidisk0 for UEFI guests
- feat(inventory): add PBS server horizontal tabs view
- feat(vm/hardware): allow editing and removing USB/PCI/serial/audio/RNG devices
- feat(alerts): expose Exclude pattern field on alert rules UI
- feat(migration/esxi-direct): route Windows Cold through virt-v2v for auto driver injection
- fix(migration/esxi-direct): robust EFI Windows boot + vSAN guard + custom temp storage
- refactor(settings/ssh-commands): read executablePath from allowlist API
- i18n(settings/ssh-commands): fr, de, zh-CN translations
- feat(settings/ssh-commands): add Security Recommendations card with sudoers template
- feat(settings/ssh-commands): add searchable Allowlist card
- feat(settings/ssh-commands): add Connection Status card
- feat(settings): scaffold SSH Commands tab
- feat(api): add /api/v1/ssh/allowlist proxy to orchestrator
- docs(ssh-commands): add design spec and implementation plan
- fix(network-flows): route OVS commands through executeSSH to respect sshUseSudo
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.3.5
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.3.5v1.3.4
Changes
- fix(cross-cluster-migration): delete source VM + block cpu=host mismatch
- fix(site-recovery): hydration error on Pool chip inside Typography
- feat(settings): show NFR / Not For Resale badge in license panel
- feat(ui): show NFR / Not For Resale chip in topbar
- feat(license-context): expose isNFR flag
- fix: address 7 SonarCloud reliability issues
- feat(settings): move alert thresholds to Settings, make Community-accessible
- fix(storage): NFS content fetch times out at 8s with misleading error
- fix(dashboard): respect configured alert thresholds instead of hardcoded 80/90
- fix(inventory): health alert drill-down, i18n dashboard alerts, Recharts/Menu warnings
- ci: skip backend-dependent jobs on Dependabot PRs
- fix(site-recovery): React hooks placement + leaked values in ReplicationFlow
- chore(deps): bump dependencies to close Dependabot alerts
- chore(security): address SonarCloud findings
- feat(site-recovery): pair-by-pair dashboard + VM list with console in failover
- feat(site-recovery): bandwidth history, auto-retry badge, dashboard refresh
- feat(site-recovery): per-VM status panel in protection drawer
- feat(site-recovery): bandwidth windows, preflight UI, delete confirm, polish
- feat(site-recovery): job names, snapshots tab, protection UI polish
- i18n: site-recovery scheduler keys in 4 locales
- feat(site-recovery): wire EditJobDialog in page.tsx
- feat(site-recovery): Edit button + planning label in ProtectionTab
- feat(site-recovery): EditJobDialog for safe edits
- feat(site-recovery): integrate ScheduleBuilder into CreateJobDialog
- feat(schedule): ScheduleBuilder orchestrator
- feat(schedule): ModeToggle RPO vs Scheduled
- feat(schedule): FrequencyPicker with 4 tabs
- feat(schedule): TimezonePicker (IANA autocomplete)
- feat(schedule): SchedulePreview — next 5 executions
- feat(site-recovery): extend types with schedule_spec and timezone
- feat(schedule): scheduleToLabel i18n-aware label + tests
- feat(schedule): scheduleToCron pure function + tests
- feat(schedule): ScheduleSpec TS types
- chore: add cron-parser for schedule preview
- fix(metrics): create metric server via correct PVE endpoint and schema
- fix(migration): handle KRBD path format from pvesm path on Ceph targets
- feat(inventory): edit VGA memory and clipboard on Display row (#260)
- docs: implementation plan for Set Display Memory feature (#260)
- docs: spec for Set Display Memory feature (issue #260)
- feat(inventory): kebab menu detach + inline attach/delete on unused disks (#259)
- feat(hardware): relabel regular-disk Delete as Detach; add initialTab prop
- feat(hardware): add DeleteUnusedDiskDialog component
- fix(hardware): reset DetachConfirmDialog state on reopen
- feat(hardware): add DetachConfirmDialog component
- refactor: rename handleDeleteDisk to handleDetachDisk (semantic fix)
- feat(i18n): add detach/attach/delete-unused keys for disk management
- docs: implementation plan for detach/attach disk feature (#259)
- docs: spec for detach/attach disk feature (issue #259)
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.3.4
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.3.4v1.3.3
Changes
- fix(types): unblock production build with four latent TypeScript errors
- fix(sdn): use brand primary color for Apply buttons instead of warning yellow
- feat(migration-ui): power-state and VMware Tools guards in migration modals
- feat(migration): vCenter live pipeline hardening + sparse-aware disk import
- feat(vmware): expose guest VMware Tools status + snapshot quiesce query
- fix(ssh): preserve stdout on non-zero exit for diagnostic visibility
- feat(migration-ui): enable Live migration toggle for vCenter sources
- feat(migration): vCenter live migration via NFC-on-snapshot + Windows EFI boot fallback
- feat(migration): tempStorage selector in bulk migration modal
- fix(migration): harden vCenter v2v pipeline for multi-disk and bulk scenarios
- fix(ssh): honor timeoutMs in ssh2 fallback and orchestrator fetch
- fix(inventory): strip flex when applying persisted column widths (#188)
- fix(migration): expose virtio-win download endpoints in preflight route
- chore(gitignore): ignore .gitnexus cache and .worktrees directory
- fix(sdn): UX polish on parent tab and fabrics route
- fix(sdn): address code review findings
- feat(sdn): apply flow with pending banner and audit
- feat(sdn): fabrics sub-tab with PVE 9 gate
- feat(sdn): vnet firewall sub-tab with rules viewer
- feat(sdn): ipam sub-tab with allocations viewer
- feat(sdn): options sub-tab with controllers / ipam / dns
- feat(sdn): vnets sub-tab with read-only list
- feat(sdn): zones sub-tab with read-only list
- fix(migration): unblock Windows UEFI VMs via virt-v2v (ovmf, efidisk, virtio-blk fallback, rhsrvany)
- fix(sdn): align scaffolding with design spec
- feat(cluster): add SDN tab scaffolding with 6 stub sub-tabs
- fix(hardware): allow clearing VM cores/sockets/memory inputs + RAM slider step 1 (#257)
- fix(export): pass maxcpu/mem/disk to VmsTable in InventoryDetails
- feat(export): add vCPU, RAM/Disk allocated vs used columns to XLSX export
- feat(create-vm): import existing disk during VM creation (issue #250)
- feat(options): pending change indicators + revert button in Options tab
- fix(hardware): delete CD/DVD with ISO in boot order + MUI confirm dialog + task progress UX
- fix(migration): check sshConfigured in addition to sshEnabled for delete source
- fix(ssh): wrap sudo commands in sh -c for compound command support
- fix(migration): disable delete source checkbox when SSH not enabled
- fix(failover): add circuit breaker to pveFetch for auto-recovery
- feat(ldap): add group-based access restriction
- feat(inventory): show lock icon on VMs in tree
- feat(inventory): add toggle to show VM-ID in tree
- fix(vnc): add auto-reconnect with exponential backoff
- fix(migration): always unlock source VM after successful cross-cluster migration
- fix(storage): type-aware shared storage detection (#249)
- feat(migration): vCenter NFC transport + multi-disk + bulk sequential + adaptive UI
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.3.3
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.3.3v1.3.2
Changes
- fix(migration): add vSAN support for ESXi disk transfer
Docker Images
docker pull ghcr.io/adminsyspro/proxcenter-frontend:v1.3.2
docker pull ghcr.io/adminsyspro/proxcenter-orchestrator:v1.3.2