Merge pull request #8 from mzac/dependabot/pip/pip-d832887a00

build(deps): bump python-multipart from 0.0.22 to 0.0.26 in the pip group across 1 directory

fix: address code scanning security alerts in Network Tools

- HTTP Check: restrict to admin-only (require_admin); log exception
  server-side and return only the exception class name to avoid
  leaking internal details (py/stack-trace-exposure, py/full-ssrf)
- SSL Inspector: log exception server-side and return only the exception
  class name to avoid stack-trace exposure (py/stack-trace-exposure)
- Add explanatory comments for intentional CERT_NONE and verify=False
  usage (diagnostic tools must inspect invalid/self-signed certificates)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Merge pull request #7 from mzac/dependabot/pip/pip-3344959f9f

build(deps): bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory

security: sanitize etcd metrics error to prevent exception exposure

str(exc) on the etcd health endpoint could leak internal details (k8s API
server hostnames, paths) to the client. Log the full exception server-side
and return a generic message instead — matches CWE-209 / CodeQL alert #14.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

security: sanitize remote_tcpdump stream error to prevent exception e…

…xposure

Log full exception server-side via logger.exception(); send a generic
'Capture stream failed' message to the SSE client instead of str(exc),
matching the same pattern applied to network_tools in the previous release.

Resolves CodeQL py/stack-trace-exposure alert #13.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

security: sanitize network tools stream errors and bump lodash

feat: add streaming diagnostics, NPM CRUD, and multi-provider LLM sup…

…port

- add SSE streaming for ping/traceroute with frontend live rendering

- add Nginx Proxy Manager host/certificate CRUD and enable/disable actions

- add LLM Assistant provider-aware handling for OpenAI/Ollama/Anthropic/OpenWebUI

- fix sidebar custom menu order persistence across reloads

- update README, ARCHITECTURE, CLAUDE, and CHANGELOG for release 2026.03.31-05

Menu customization with sections + Speedtest display fixes

Release 2026.03.31-03

Add auth (TOTP 2FA, passkeys, OAuth), multi-user roles, K8s node acti…

…ons + pod detail, UniFi trunk network names

- TOTP 2FA: enrollment via QR code/manual key, partial-JWT second-factor gate, Fernet-encrypted secrets
- Passkeys (WebAuthn): register/login with hardware keys or platform authenticators; rp_id/origin auto-derived from request Origin header
- OAuth/OIDC: Entra ID, Google, GitHub; env-var configured; optional auto-provisioning
- Multi-user with roles: admin/viewer, is_active flag, Settings → Users admin panel
- Settings → Account: password change, TOTP setup, passkey management
- Kubernetes: pod detail modal (containers, volumes, events); node cordon/uncordon/drain/delete actions
- UniFi: trunk port tagged VLANs now show network name alongside VLAN ID; filter sentinel 'all' ID
- Fix migrate_db() early return that skipped users/assets table migrations
- Fix webauthn 2.x API: remove non-existent parse_*_credential_json calls, fix helpers path
- Add dashboard screenshot to README