put bash in for proxmox

new binary
Fixed some prisma issue on kernel displaying
2025-11-20 14:38:30 +00:00 · 2025-11-18 21:46:37 +00:00 · 2025-11-18 20:13:12 +00:00 · 2025-11-18 20:08:34 +00:00 · 2025-11-18 18:10:38 +00:00 · 2025-11-17 21:59:19 +00:00
47 changed files with 2190 additions and 1449 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -43,6 +43,8 @@ jobs:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: linux/arm64
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -74,3 +76,4 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.image }}
          cache-to: type=gha,mode=max,scope=${{ matrix.image }}
          provenance: false
--- a/agents/direct_host_auto_enroll.sh
+++ b/agents/direct_host_auto_enroll.sh
@@ -0,0 +1,270 @@
 #!/bin/sh
 # PatchMon Direct Host Auto-Enrollment Script
 # POSIX-compliant shell script (works with dash, ash, bash, etc.)
 # Usage: curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | sh
 set -e
 SCRIPT_VERSION="1.0.0"
 # =============================================================================
 # PatchMon Direct Host Auto-Enrollment Script
 # =============================================================================
 # This script automatically enrolls the current host into PatchMon for patch
 # management.
 #
 # Usage:
 #   curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | sh
 #
 #   With custom friendly name:
 #   curl -s "https://patchmon.example.com/api/v1/auto-enrollment/script?type=direct-host&token_key=KEY&token_secret=SECRET" | FRIENDLY_NAME="My Server" sh
 #
 # Requirements:
 #   - Run as root or with sudo
 #   - Auto-enrollment token from PatchMon
 #   - Network access to PatchMon server
 # =============================================================================
 # ===== CONFIGURATION =====
 PATCHMON_URL="${PATCHMON_URL:-https://patchmon.example.com}"
 AUTO_ENROLLMENT_KEY="${AUTO_ENROLLMENT_KEY:-}"
 AUTO_ENROLLMENT_SECRET="${AUTO_ENROLLMENT_SECRET:-}"
 CURL_FLAGS="${CURL_FLAGS:--s}"
 FORCE_INSTALL="${FORCE_INSTALL:-false}"
 FRIENDLY_NAME="${FRIENDLY_NAME:-}" # Optional: Custom friendly name for the host
 # ===== COLOR OUTPUT =====
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 # ===== LOGGING FUNCTIONS =====
 info() { printf "%b\n" "${GREEN}[INFO]${NC} $1"; }
 warn() { printf "%b\n" "${YELLOW}[WARN]${NC} $1"; }
 error() { printf "%b\n" "${RED}[ERROR]${NC} $1" >&2; exit 1; }
 success() { printf "%b\n" "${GREEN}[SUCCESS]${NC} $1"; }
 debug() { [ "${DEBUG:-false}" = "true" ] && printf "%b\n" "${BLUE}[DEBUG]${NC} $1" || true; }
 # ===== BANNER =====
 cat << "EOF"
 ╔═══════════════════════════════════════════════════════════════╗
 ║                                                               ║
 ║   ____       _       _     __  __                             ║
 ║  |  _ \ __ _| |_ ___| |__ |  \/  | ___  _ __                  ║
 ║  | |_) / _` | __/ __| '_ \| |\/| |/ _ \| '_ \                 ║
 ║  |  __/ (_| | || (__| | | | |  | | (_) | | | |                ║
 ║  |_|   \__,_|\__\___|_| |_|_|  |_|\___/|_| |_|                ║
 ║                                                               ║
 ║            Direct Host Auto-Enrollment Script                 ║
 ║                                                               ║
 ╚═══════════════════════════════════════════════════════════════╝
 EOF
 echo ""
 # ===== VALIDATION =====
 info "Validating configuration..."
 if [ -z "$AUTO_ENROLLMENT_KEY" ] || [ -z "$AUTO_ENROLLMENT_SECRET" ]; then
    error "AUTO_ENROLLMENT_KEY and AUTO_ENROLLMENT_SECRET must be set"
 fi
 if [ -z "$PATCHMON_URL" ]; then
    error "PATCHMON_URL must be set"
 fi
 # Check if running as root
 if [ "$(id -u)" -ne 0 ]; then
   error "This script must be run as root (use sudo)"
 fi
 # Check for required commands
 for cmd in curl; do
    if ! command -v $cmd >/dev/null 2>&1; then
        error "Required command '$cmd' not found. Please install it first."
    fi
 done
 info "Configuration validated successfully"
 info "PatchMon Server: $PATCHMON_URL"
 echo ""
 # ===== GATHER HOST INFORMATION =====
 info "Gathering host information..."
 # Get hostname
 hostname=$(hostname)
 # Use FRIENDLY_NAME env var if provided, otherwise use hostname
 if [ -n "$FRIENDLY_NAME" ]; then
    friendly_name="$FRIENDLY_NAME"
    info "Using custom friendly name: $friendly_name"
 else
    friendly_name="$hostname"
 fi
 # Try to get machine_id (optional, for tracking)
 machine_id=""
 if [ -f /etc/machine-id ]; then
    machine_id=$(cat /etc/machine-id 2>/dev/null || echo "")
 elif [ -f /var/lib/dbus/machine-id ]; then
    machine_id=$(cat /var/lib/dbus/machine-id 2>/dev/null || echo "")
 fi
 # Get OS information
 os_info="unknown"
 if [ -f /etc/os-release ]; then
    os_info=$(grep "^PRETTY_NAME=" /etc/os-release 2>/dev/null | cut -d'"' -f2 || echo "unknown")
 fi
 # Get IP address (first non-loopback)
 ip_address=$(hostname -I 2>/dev/null | awk '{print $1}' || echo "unknown")
 # Detect architecture
 arch_raw=$(uname -m 2>/dev/null || echo "unknown")
 case "$arch_raw" in
    "x86_64")
        architecture="amd64"
        ;;
    "i386"|"i686")
        architecture="386"
        ;;
    "aarch64"|"arm64")
        architecture="arm64"
        ;;
    "armv7l"|"armv6l"|"arm")
        architecture="arm"
        ;;
    *)
        warn "  ⚠ Unknown architecture '$arch_raw', defaulting to amd64"
        architecture="amd64"
        ;;
 esac
 info "Hostname: $hostname"
 info "Friendly Name: $friendly_name"
 info "IP Address: $ip_address"
 info "OS: $os_info"
 info "Architecture: $architecture"
 if [ -n "$machine_id" ]; then
    # POSIX-compliant substring (first 16 chars)
    machine_id_short=$(printf "%.16s" "$machine_id")
    info "Machine ID: ${machine_id_short}..."
 else
    info "Machine ID: (not available)"
 fi
 echo ""
 # ===== CHECK IF AGENT ALREADY INSTALLED =====
 info "Checking if agent is already configured..."
 config_check=$(sh -c "
    if [ -f /etc/patchmon/config.yml ] && [ -f /etc/patchmon/credentials.yml ]; then
        if [ -f /usr/local/bin/patchmon-agent ]; then
            # Try to ping using existing configuration
            if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
                echo 'ping_success'
            else
                echo 'ping_failed'
            fi
        else
            echo 'binary_missing'
        fi
    else
        echo 'not_configured'
    fi
 " 2>/dev/null || echo "error")
 if [ "$config_check" = "ping_success" ]; then
    success "Host already enrolled and agent ping successful - nothing to do"
    exit 0
 elif [ "$config_check" = "ping_failed" ]; then
    warn "Agent configuration exists but ping failed - will reinstall"
 elif [ "$config_check" = "binary_missing" ]; then
    warn "Config exists but agent binary missing - will reinstall"
 elif [ "$config_check" = "not_configured" ]; then
    info "Agent not yet configured - proceeding with enrollment"
 else
    warn "Could not check agent status - proceeding with enrollment"
 fi
 echo ""
 # ===== ENROLL HOST =====
 info "Enrolling $friendly_name in PatchMon..."
 # Build JSON payload
 json_payload=$(cat <<EOF
 {
    "friendly_name": "$friendly_name",
    "metadata": {
        "hostname": "$hostname",
        "ip_address": "$ip_address",
        "os_info": "$os_info",
        "architecture": "$architecture"
    }
 }
 EOF
 )
 # Add machine_id if available
 if [ -n "$machine_id" ]; then
    json_payload=$(echo "$json_payload" | sed "s/\"friendly_name\"/\"machine_id\": \"$machine_id\",\n    \"friendly_name\"/")
 fi
 response=$(curl $CURL_FLAGS -X POST \
    -H "X-Auto-Enrollment-Key: $AUTO_ENROLLMENT_KEY" \
    -H "X-Auto-Enrollment-Secret: $AUTO_ENROLLMENT_SECRET" \
    -H "Content-Type: application/json" \
    -d "$json_payload" \
    "$PATCHMON_URL/api/v1/auto-enrollment/enroll" \
    -w "\n%{http_code}" 2>&1)
 http_code=$(echo "$response" | tail -n 1)
 body=$(echo "$response" | sed '$d')
 if [ "$http_code" = "201" ]; then
    # Use grep and cut instead of jq since jq may not be installed
    api_id=$(echo "$body" | grep -o '"api_id":"[^"]*' | cut -d'"' -f4 || echo "")
    api_key=$(echo "$body" | grep -o '"api_key":"[^"]*' | cut -d'"' -f4 || echo "")
    if [ -z "$api_id" ] || [ -z "$api_key" ]; then
        error "Failed to parse API credentials from response"
    fi
    success "Host enrolled successfully: $api_id"
    echo ""
    # ===== INSTALL AGENT =====
    info "Installing PatchMon agent..."
    # Build install URL with force flag and architecture
    install_url="$PATCHMON_URL/api/v1/hosts/install?arch=$architecture"
    if [ "$FORCE_INSTALL" = "true" ]; then
        install_url="$install_url&force=true"
        info "Using force mode - will bypass broken packages"
    fi
    info "Using architecture: $architecture"
    # Download and execute installation script
    install_exit_code=0
    install_output=$(curl $CURL_FLAGS \
        -H "X-API-ID: $api_id" \
        -H "X-API-KEY: $api_key" \
        "$install_url" | sh 2>&1) || install_exit_code=$?
    # Check both exit code AND success message in output
    if [ "$install_exit_code" -eq 0 ] || echo "$install_output" | grep -q "PatchMon Agent installation completed successfully"; then
        success "Agent installed successfully"
    else
        error "Failed to install agent (exit: $install_exit_code)"
    fi
 else
    printf "%b\n" "${RED}[ERROR]${NC} Failed to enroll $friendly_name - HTTP $http_code" >&2
    printf "%b\n" "Response: $body" >&2
    exit 1
 fi
 echo ""
 success "Auto-enrollment complete!"
 exit 0
--- a/agents/patchmon-agent-linux-386
+++ b/agents/patchmon-agent-linux-386
--- a/agents/patchmon-agent-linux-amd64
+++ b/agents/patchmon-agent-linux-amd64
--- a/agents/patchmon-agent-linux-arm
+++ b/agents/patchmon-agent-linux-arm
--- a/agents/patchmon-agent-linux-arm64
+++ b/agents/patchmon-agent-linux-arm64
--- a/agents/patchmon_install.sh
+++ b/agents/patchmon_install.sh
@@ -1,31 +1,6 @@
 #!/bin/sh
 # PatchMon Agent Installation Script
-# This script requires bash for full functionality
+# POSIX-compliant shell script (works with dash, ash, bash, etc.)
 # Usage: curl -s {PATCHMON_URL}/api/v1/hosts/install -H "X-API-ID: {API_ID}" -H "X-API-KEY: {API_KEY}" | sh
 # Check if bash is available, if not try to install it (for Alpine Linux)
 if ! command -v bash >/dev/null 2>&1; then
    if command -v apk >/dev/null 2>&1; then
        echo "Installing bash for script compatibility..."
        apk add --no-cache bash >/dev/null 2>&1 || true
    fi
 fi
 # If bash is available and we're not already running in bash, switch to bash
 # When piped, we can't re-execute easily, so we'll continue with sh
 # but ensure bash is available for bash-specific features
 if command -v bash >/dev/null 2>&1 && [ -z "${BASH_VERSION:-}" ]; then
    # Check if we're being piped (stdin is not a terminal)
    if [ -t 0 ]; then
        # Direct execution, re-execute with bash
        exec bash "$0" "$@"
        exit $?
    fi
    # When piped, we continue with sh but bash is now available
    # The script will use bash-specific features which should work if bash is installed
 fi
 # PatchMon Agent Installation Script
 # Usage: curl -s {PATCHMON_URL}/api/v1/hosts/install -H "X-API-ID: {API_ID}" -H "X-API-KEY: {API_KEY}" | sh
 set -e
@@ -44,20 +19,20 @@ NC='\033[0m' # No Color
 # Functions
 error() {
-    echo -e "${RED}❌ ERROR: $1${NC}" >&2
+    printf "%b\n" "${RED}ERROR: $1${NC}" >&2
    exit 1
 }
 info() {
-    echo -e "${BLUE}ℹ️  $1${NC}"
+    printf "%b\n" "${BLUE}INFO: $1${NC}"
 }
 success() {
-    echo -e "${GREEN}✅ $1${NC}"
+    printf "%b\n" "${GREEN}SUCCESS: $1${NC}"
 }
 warning() {
-    echo -e "${YELLOW}⚠️  $1${NC}"
+    printf "%b\n" "${YELLOW}WARNING: $1${NC}"
 }
 # Check if running as root
@@ -67,7 +42,7 @@ fi
 # Verify system datetime and timezone
 verify_datetime() {
-    info "🕐 Verifying system datetime and timezone..."
+    info "Verifying system datetime and timezone..."
    # Get current system time
    system_time=$(date)
@@ -75,7 +50,7 @@ verify_datetime() {
    # Display current datetime info
    echo ""
-    echo -e "${BLUE}📅 Current System Date/Time:${NC}"
+    printf "%b\n" "${BLUE}Current System Date/Time:${NC}"
    echo "   • Date/Time: $system_time"
    echo "   • Timezone: $timezone"
    echo ""
@@ -87,26 +62,26 @@ verify_datetime() {
        read -r response
        case "$response" in
            [Yy]*) 
-                success "✅ Date/time verification passed"
+                success "Date/time verification passed"
                echo ""
                return 0
                ;;
            *)
            echo ""
-            echo -e "${RED}❌ Date/time verification failed${NC}"
+            printf "%b\n" "${RED}Date/time verification failed${NC}"
            echo ""
-            echo -e "${YELLOW}💡 Please fix the date/time and re-run the installation script:${NC}"
+            printf "%b\n" "${YELLOW}Please fix the date/time and re-run the installation script:${NC}"
            echo "   sudo timedatectl set-time 'YYYY-MM-DD HH:MM:SS'"
            echo "   sudo timedatectl set-timezone 'America/New_York'  # or your timezone"
            echo "   sudo timedatectl list-timezones  # to see available timezones"
            echo ""
-                echo -e "${BLUE}ℹ️  After fixing the date/time, re-run this installation script.${NC}"
+                printf "%b\n" "${BLUE}After fixing the date/time, re-run this installation script.${NC}"
                error "Installation cancelled - please fix date/time and re-run"
                ;;
        esac
    else
        # Non-interactive (piped from curl) - show warning and continue
-        echo -e "${YELLOW}⚠️  Non-interactive installation detected${NC}"
+        printf "%b\n" "${YELLOW}Non-interactive installation detected${NC}"
        echo ""
        echo "Please verify the date/time shown above is correct."
        echo "If the date/time is incorrect, it may cause issues with:"
@@ -114,8 +89,8 @@ verify_datetime() {
        echo "   • Scheduled updates"
        echo "   • Data synchronization"
        echo ""
-        echo -e "${GREEN}✅ Continuing with installation...${NC}"
+        printf "%b\n" "${GREEN}Continuing with installation...${NC}"
-        success "✅ Date/time verification completed (assumed correct)"
+        success "Date/time verification completed (assumed correct)"
        echo ""
    fi
 }
@@ -184,7 +159,7 @@ if [ -z "$ARCHITECTURE" ]; then
            ARCHITECTURE="arm"
            ;;
        *)
-            warning "⚠️  Unknown architecture '$arch_raw', defaulting to amd64"
+            warning "Unknown architecture '$arch_raw', defaulting to amd64"
            ARCHITECTURE="amd64"
            ;;
    esac
@@ -202,31 +177,21 @@ case "$*" in
 esac
 if [ "$FORCE_INSTALL" = "true" ]; then
    FORCE_INSTALL="true"
-    warning "⚠️  Force mode enabled - will bypass broken packages"
+    warning "Force mode enabled - will bypass broken packages"
 fi
 # Get unique machine ID for this host
 MACHINE_ID=$(get_machine_id)
 export MACHINE_ID
-info "🚀 Starting PatchMon Agent Installation..."
+info "Starting PatchMon Agent Installation..."
-info "📋 Server: $PATCHMON_URL"
+info "Server: $PATCHMON_URL"
-info "🔑 API ID: ${API_ID:0:16}..."
+info "API ID: $(echo "$API_ID" | cut -c1-16)..."
-info "🆔 Machine ID: ${MACHINE_ID:0:16}..."
+info "Machine ID: $(echo "$MACHINE_ID" | cut -c1-16)..."
-info "🏗️  Architecture: $ARCHITECTURE"
+info "Architecture: $ARCHITECTURE"
 # Display diagnostic information
 echo ""
 echo -e "${BLUE}🔧 Installation Diagnostics:${NC}"
 echo "   • URL: $PATCHMON_URL"
 echo "   • CURL FLAGS: $CURL_FLAGS"
 echo "   • API ID: ${API_ID:0:16}..."
 echo "   • API Key: ${API_KEY:0:16}..."
 echo "   • Architecture: $ARCHITECTURE"
 echo ""
 # Install required dependencies
-info "📦 Installing required dependencies..."
+info "Installing required dependencies..."
 echo ""
 # Function to check if a command exists
@@ -236,52 +201,56 @@ command_exists() {
 # Function to install packages with error handling
 install_apt_packages() {
-    local packages=("$@")
+    # Space-separated list of packages
-    local missing_packages=()
+    _packages="$*"
    _missing_packages=""
    # Check which packages are missing
-    for pkg in "${packages[@]}"; do
+    for pkg in $_packages; do
        if ! command_exists "$pkg"; then
-            missing_packages+=("$pkg")
+            _missing_packages="$_missing_packages $pkg"
        fi
    done
-    if [ ${#missing_packages[@]} -eq 0 ]; then
+    # Trim leading space
    _missing_packages=$(echo "$_missing_packages" | sed 's/^ //')
    if [ -z "$_missing_packages" ]; then
        success "All required packages are already installed"
        return 0
    fi
-    info "Need to install: ${missing_packages[*]}"
+    info "Need to install: $_missing_packages"
    # Build apt-get command based on force mode
-    local apt_cmd="apt-get install ${missing_packages[*]} -y"
+    _apt_cmd="apt-get install $_missing_packages -y"
    if [ "$FORCE_INSTALL" = "true" ]; then
        info "Using force mode - bypassing broken packages..."
-        apt_cmd="$apt_cmd -o APT::Get::Fix-Broken=false -o DPkg::Options::=\"--force-confold\" -o DPkg::Options::=\"--force-confdef\""
+        _apt_cmd="$_apt_cmd -o APT::Get::Fix-Broken=false -o DPkg::Options::=\"--force-confold\" -o DPkg::Options::=\"--force-confdef\""
    fi
    # Try to install packages
-    if eval "$apt_cmd" 2>&1 | tee /tmp/patchmon_apt_install.log; then
+    if eval "$_apt_cmd" 2>&1 | tee /tmp/patchmon_apt_install.log; then
        success "Packages installed successfully"
        return 0
    else
        warning "Package installation encountered issues, checking if required tools are available..."
        # Verify critical dependencies are actually available
-        local all_ok=true
+        _all_ok=true
-        for pkg in "${packages[@]}"; do
+        for pkg in $_packages; do
            if ! command_exists "$pkg"; then
                if [ "$FORCE_INSTALL" = "true" ]; then
                    error "Critical dependency '$pkg' is not available even with --force. Please install manually."
                else
                    error "Critical dependency '$pkg' is not available. Try again with --force flag or install manually: apt-get install $pkg"
                fi
-                all_ok=false
+                _all_ok=false
            fi
        done
-        if $all_ok; then
+        if $_all_ok; then
            success "All required tools are available despite installation warnings"
            return 0
        else
@@ -292,121 +261,133 @@ install_apt_packages() {
 # Function to check and install packages for yum/dnf
 install_yum_dnf_packages() {
-    local pkg_manager="$1"
+    _pkg_manager="$1"
    shift
-    local packages=("$@")
+    _packages="$*"
-    local missing_packages=()
+    _missing_packages=""
    # Check which packages are missing
-    for pkg in "${packages[@]}"; do
+    for pkg in $_packages; do
        if ! command_exists "$pkg"; then
-            missing_packages+=("$pkg")
+            _missing_packages="$_missing_packages $pkg"
        fi
    done
-    if [ ${#missing_packages[@]} -eq 0 ]; then
+    # Trim leading space
    _missing_packages=$(echo "$_missing_packages" | sed 's/^ //')
    if [ -z "$_missing_packages" ]; then
        success "All required packages are already installed"
        return 0
    fi
-    info "Need to install: ${missing_packages[*]}"
+    info "Need to install: $_missing_packages"
-    if [ "$pkg_manager" = "yum" ]; then
+    if [ "$_pkg_manager" = "yum" ]; then
-        yum install -y "${missing_packages[@]}"
+        yum install -y $_missing_packages
    else
-        dnf install -y "${missing_packages[@]}"
+        dnf install -y $_missing_packages
    fi
 }
 # Function to check and install packages for zypper
 install_zypper_packages() {
-    local packages=("$@")
+    _packages="$*"
-    local missing_packages=()
+    _missing_packages=""
    # Check which packages are missing
-    for pkg in "${packages[@]}"; do
+    for pkg in $_packages; do
        if ! command_exists "$pkg"; then
-            missing_packages+=("$pkg")
+            _missing_packages="$_missing_packages $pkg"
        fi
    done
-    if [ ${#missing_packages[@]} -eq 0 ]; then
+    # Trim leading space
    _missing_packages=$(echo "$_missing_packages" | sed 's/^ //')
    if [ -z "$_missing_packages" ]; then
        success "All required packages are already installed"
        return 0
    fi
-    info "Need to install: ${missing_packages[*]}"
+    info "Need to install: $_missing_packages"
-    zypper install -y "${missing_packages[@]}"
+    zypper install -y $_missing_packages
 }
 # Function to check and install packages for pacman
 install_pacman_packages() {
-    local packages=("$@")
+    _packages="$*"
-    local missing_packages=()
+    _missing_packages=""
    # Check which packages are missing
-    for pkg in "${packages[@]}"; do
+    for pkg in $_packages; do
        if ! command_exists "$pkg"; then
-            missing_packages+=("$pkg")
+            _missing_packages="$_missing_packages $pkg"
        fi
    done
-    if [ ${#missing_packages[@]} -eq 0 ]; then
+    # Trim leading space
    _missing_packages=$(echo "$_missing_packages" | sed 's/^ //')
    if [ -z "$_missing_packages" ]; then
        success "All required packages are already installed"
        return 0
    fi
-    info "Need to install: ${missing_packages[*]}"
+    info "Need to install: $_missing_packages"
-    pacman -S --noconfirm "${missing_packages[@]}"
+    pacman -S --noconfirm $_missing_packages
 }
 # Function to check and install packages for apk
 install_apk_packages() {
-    local packages=("$@")
+    _packages="$*"
-    local missing_packages=()
+    _missing_packages=""
    # Check which packages are missing
-    for pkg in "${packages[@]}"; do
+    for pkg in $_packages; do
        if ! command_exists "$pkg"; then
-            missing_packages+=("$pkg")
+            _missing_packages="$_missing_packages $pkg"
        fi
    done
-    if [ ${#missing_packages[@]} -eq 0 ]; then
+    # Trim leading space
    _missing_packages=$(echo "$_missing_packages" | sed 's/^ //')
    if [ -z "$_missing_packages" ]; then
        success "All required packages are already installed"
        return 0
    fi
-    info "Need to install: ${missing_packages[*]}"
+    info "Need to install: $_missing_packages"
    # Update package index before installation
    info "Updating package index..."
    apk update -q || true
    # Build apk command
-    local apk_cmd="apk add --no-cache ${missing_packages[*]}"
+    _apk_cmd="apk add --no-cache $_missing_packages"
    # Try to install packages
-    if eval "$apk_cmd" 2>&1 | tee /tmp/patchmon_apk_install.log; then
+    if eval "$_apk_cmd" 2>&1 | tee /tmp/patchmon_apk_install.log; then
        success "Packages installed successfully"
        return 0
    else
        warning "Package installation encountered issues, checking if required tools are available..."
        # Verify critical dependencies are actually available
-        local all_ok=true
+        _all_ok=true
-        for pkg in "${packages[@]}"; do
+        for pkg in $_packages; do
            if ! command_exists "$pkg"; then
                if [ "$FORCE_INSTALL" = "true" ]; then
                    error "Critical dependency '$pkg' is not available even with --force. Please install manually."
                else
                    error "Critical dependency '$pkg' is not available. Try again with --force flag or install manually: apk add $pkg"
                fi
-                all_ok=false
+                _all_ok=false
            fi
        done
-        if $all_ok; then
+        if $_all_ok; then
            success "All required tools are available despite installation warnings"
            return 0
        else
@@ -426,7 +407,7 @@ if command -v apt-get >/dev/null 2>&1; then
        if [ "$FORCE_INSTALL" = "true" ]; then
            warning "Detected broken packages on system - force mode will work around them"
        else
-            warning "⚠️  Broken packages detected on system"
+            warning "Broken packages detected on system"
            warning "If installation fails, retry with: curl -s {URL}/api/v1/hosts/install --force -H ..."
        fi
    fi
@@ -475,88 +456,88 @@ success "Dependencies installation completed"
 echo ""
 # Step 1: Handle existing configuration directory
-info "📁 Setting up configuration directory..."
+info "Setting up configuration directory..."
 # Check if configuration directory already exists
 if [ -d "/etc/patchmon" ]; then
-    warning "⚠️  Configuration directory already exists at /etc/patchmon"
+    warning "Configuration directory already exists at /etc/patchmon"
-    warning "⚠️  Preserving existing configuration files"
+    warning "Preserving existing configuration files"
    # List existing files for user awareness
-    info "📋 Existing files in /etc/patchmon:"
+    info "Existing files in /etc/patchmon:"
    ls -la /etc/patchmon/ 2>/dev/null | grep -v "^total" | while read -r line; do
        echo "   $line"
    done
 else
-    info "📁 Creating new configuration directory..."
+    info "Creating new configuration directory..."
    mkdir -p /etc/patchmon
 fi
 # Check if agent is already configured and working (before we overwrite anything)
-info "🔍 Checking if agent is already configured..."
+info "Checking if agent is already configured..."
 if [ -f /etc/patchmon/config.yml ] && [ -f /etc/patchmon/credentials.yml ]; then
    if [ -f /usr/local/bin/patchmon-agent ]; then
-        info "📋 Found existing agent configuration"
+        info "Found existing agent configuration"
-        info "🧪 Testing existing configuration with ping..."
+        info "Testing existing configuration with ping..."
        if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
-            success "✅ Agent is already configured and ping successful"
+            success "Agent is already configured and ping successful"
-            info "📋 Existing configuration is working - skipping installation"
+            info "Existing configuration is working - skipping installation"
            info ""
            info "If you want to reinstall, remove the configuration files first:"
            info "  sudo rm -f /etc/patchmon/config.yml /etc/patchmon/credentials.yml"
            echo ""
            exit 0
        else
-            warning "⚠️  Agent configuration exists but ping failed"
+            warning "Agent configuration exists but ping failed"
-            warning "⚠️  Will move existing configuration and reinstall"
+            warning "Will move existing configuration and reinstall"
            echo ""
        fi
    else
-        warning "⚠️  Configuration files exist but agent binary is missing"
+        warning "Configuration files exist but agent binary is missing"
-        warning "⚠️  Will move existing configuration and reinstall"
+        warning "Will move existing configuration and reinstall"
        echo ""
    fi
 else
-    success "✅ Agent not yet configured - proceeding with installation"
+    success "Agent not yet configured - proceeding with installation"
    echo ""
 fi
 # Step 2: Create configuration files
-info "🔐 Creating configuration files..."
+info "Creating configuration files..."
 # Check if config file already exists
 if [ -f "/etc/patchmon/config.yml" ]; then
-    warning "⚠️  Config file already exists at /etc/patchmon/config.yml"
+    warning "Config file already exists at /etc/patchmon/config.yml"
-    warning "⚠️  Moving existing file out of the way for fresh installation"
+    warning "Moving existing file out of the way for fresh installation"
    # Clean up old config backups (keep only last 3)
    ls -t /etc/patchmon/config.yml.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
    # Move existing file out of the way
    mv /etc/patchmon/config.yml /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)
-    info "📋 Moved existing config to: /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)"
+    info "Moved existing config to: /etc/patchmon/config.yml.backup.$(date +%Y%m%d_%H%M%S)"
 fi
 # Check if credentials file already exists
 if [ -f "/etc/patchmon/credentials.yml" ]; then
-    warning "⚠️  Credentials file already exists at /etc/patchmon/credentials.yml"
+    warning "Credentials file already exists at /etc/patchmon/credentials.yml"
-    warning "⚠️  Moving existing file out of the way for fresh installation"
+    warning "Moving existing file out of the way for fresh installation"
    # Clean up old credential backups (keep only last 3)
    ls -t /etc/patchmon/credentials.yml.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
    # Move existing file out of the way
    mv /etc/patchmon/credentials.yml /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)
-    info "📋 Moved existing credentials to: /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)"
+    info "Moved existing credentials to: /etc/patchmon/credentials.yml.backup.$(date +%Y%m%d_%H%M%S)"
 fi
 # Clean up old credentials file if it exists (from previous installations)
 if [ -f "/etc/patchmon/credentials" ]; then
-    warning "⚠️  Found old credentials file, removing it..."
+    warning "Found old credentials file, removing it..."
    rm -f /etc/patchmon/credentials
-    info "📋 Removed old credentials file"
+    info "Removed old credentials file"
 fi
 # Create main config file
@@ -583,29 +564,29 @@ chmod 600 /etc/patchmon/config.yml
 chmod 600 /etc/patchmon/credentials.yml
 # Step 3: Download the PatchMon agent binary using API credentials
-info "📥 Downloading PatchMon agent binary..."
+info "Downloading PatchMon agent binary..."
 # Determine the binary filename based on architecture
 BINARY_NAME="patchmon-agent-linux-${ARCHITECTURE}"
 # Check if agent binary already exists
 if [ -f "/usr/local/bin/patchmon-agent" ]; then
-    warning "⚠️  Agent binary already exists at /usr/local/bin/patchmon-agent"
+    warning "Agent binary already exists at /usr/local/bin/patchmon-agent"
-    warning "⚠️  Moving existing file out of the way for fresh installation"
+    warning "Moving existing file out of the way for fresh installation"
    # Clean up old agent backups (keep only last 3)
    ls -t /usr/local/bin/patchmon-agent.backup.* 2>/dev/null | tail -n +4 | xargs -r rm -f
    # Move existing file out of the way
    mv /usr/local/bin/patchmon-agent /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)
-    info "📋 Moved existing agent to: /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)"
+    info "Moved existing agent to: /usr/local/bin/patchmon-agent.backup.$(date +%Y%m%d_%H%M%S)"
 fi
 # Clean up old shell script if it exists (from previous installations)
 if [ -f "/usr/local/bin/patchmon-agent.sh" ]; then
-    warning "⚠️  Found old shell script agent, removing it..."
+    warning "Found old shell script agent, removing it..."
    rm -f /usr/local/bin/patchmon-agent.sh
-    info "📋 Removed old shell script agent"
+    info "Removed old shell script agent"
 fi
 # Download the binary
@@ -619,30 +600,30 @@ chmod +x /usr/local/bin/patchmon-agent
 # Get the agent version from the binary
 AGENT_VERSION=$(/usr/local/bin/patchmon-agent version 2>/dev/null || echo "Unknown")
-info "📋 Agent version: $AGENT_VERSION"
+info "Agent version: $AGENT_VERSION"
 # Handle existing log files and create log directory
-info "📁 Setting up log directory..."
+info "Setting up log directory..."
 # Create log directory if it doesn't exist
 mkdir -p /etc/patchmon/logs
 # Handle existing log files
 if [ -f "/etc/patchmon/logs/patchmon-agent.log" ]; then
-    warning "⚠️  Existing log file found at /etc/patchmon/logs/patchmon-agent.log"
+    warning "Existing log file found at /etc/patchmon/logs/patchmon-agent.log"
-    warning "⚠️  Rotating log file for fresh start"
+    warning "Rotating log file for fresh start"
    # Rotate the log file
    mv /etc/patchmon/logs/patchmon-agent.log /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)
-    info "📋 Log file rotated to: /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)"
+    info "Log file rotated to: /etc/patchmon/logs/patchmon-agent.log.old.$(date +%Y%m%d_%H%M%S)"
 fi
 # Step 4: Test the configuration
-info "🧪 Testing API credentials and connectivity..."
+info "Testing API credentials and connectivity..."
 if /usr/local/bin/patchmon-agent ping; then
-    success "✅ TEST: API credentials are valid and server is reachable"
+    success "TEST: API credentials are valid and server is reachable"
 else
-    error "❌ Failed to validate API credentials or reach server"
+    error "Failed to validate API credentials or reach server"
 fi
 # Step 5: Setup service for WebSocket connection
@@ -650,16 +631,16 @@ fi
 # Detect init system and create appropriate service
 if command -v systemctl >/dev/null 2>&1; then
    # Systemd is available
-    info "🔧 Setting up systemd service..."
+    info "Setting up systemd service..."
    # Stop and disable existing service if it exists
    if systemctl is-active --quiet patchmon-agent.service 2>/dev/null; then
-        warning "⚠️  Stopping existing PatchMon agent service..."
+        warning "Stopping existing PatchMon agent service..."
        systemctl stop patchmon-agent.service
    fi
    if systemctl is-enabled --quiet patchmon-agent.service 2>/dev/null; then
-        warning "⚠️  Disabling existing PatchMon agent service..."
+        warning "Disabling existing PatchMon agent service..."
        systemctl disable patchmon-agent.service
    fi
@@ -689,9 +670,9 @@ EOF
    # Clean up old crontab entries if they exist (from previous installations)
    if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
-        warning "⚠️  Found old crontab entries, removing them..."
+        warning "Found old crontab entries, removing them..."
        crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
-        info "📋 Removed old crontab entries"
+        info "Removed old crontab entries"
    fi
    # Reload systemd and enable/start the service
@@ -701,25 +682,25 @@ EOF
    # Check if service started successfully
    if systemctl is-active --quiet patchmon-agent.service; then
-        success "✅ PatchMon Agent service started successfully"
+        success "PatchMon Agent service started successfully"
-        info "🔗 WebSocket connection established"
+        info "WebSocket connection established"
    else
-        warning "⚠️  Service may have failed to start. Check status with: systemctl status patchmon-agent"
+        warning "Service may have failed to start. Check status with: systemctl status patchmon-agent"
    fi
    SERVICE_TYPE="systemd"
 elif [ -d /etc/init.d ] && command -v rc-service >/dev/null 2>&1; then
    # OpenRC is available (Alpine Linux)
-    info "🔧 Setting up OpenRC service..."
+    info "Setting up OpenRC service..."
    # Stop and disable existing service if it exists
    if rc-service patchmon-agent status >/dev/null 2>&1; then
-        warning "⚠️  Stopping existing PatchMon agent service..."
+        warning "Stopping existing PatchMon agent service..."
        rc-service patchmon-agent stop
    fi
    if rc-update show default 2>/dev/null | grep -q "patchmon-agent"; then
-        warning "⚠️  Disabling existing PatchMon agent service..."
+        warning "Disabling existing PatchMon agent service..."
        rc-update del patchmon-agent default
    fi
@@ -746,9 +727,9 @@ EOF
    # Clean up old crontab entries if they exist (from previous installations)
    if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
-        warning "⚠️  Found old crontab entries, removing them..."
+        warning "Found old crontab entries, removing them..."
        crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
-        info "📋 Removed old crontab entries"
+        info "Removed old crontab entries"
    fi
    # Enable and start the service
@@ -757,40 +738,40 @@ EOF
    # Check if service started successfully
    if rc-service patchmon-agent status >/dev/null 2>&1; then
-        success "✅ PatchMon Agent service started successfully"
+        success "PatchMon Agent service started successfully"
-        info "🔗 WebSocket connection established"
+        info "WebSocket connection established"
    else
-        warning "⚠️  Service may have failed to start. Check status with: rc-service patchmon-agent status"
+        warning "Service may have failed to start. Check status with: rc-service patchmon-agent status"
    fi
    SERVICE_TYPE="openrc"
 else
    # No init system detected, use crontab as fallback
-    warning "⚠️  No init system detected (systemd or OpenRC). Using crontab for service management."
+    warning "No init system detected (systemd or OpenRC). Using crontab for service management."
    # Clean up old crontab entries if they exist
    if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
-        warning "⚠️  Found old crontab entries, removing them..."
+        warning "Found old crontab entries, removing them..."
        crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
-        info "📋 Removed old crontab entries"
+        info "Removed old crontab entries"
    fi
    # Add crontab entry to run the agent
    (crontab -l 2>/dev/null; echo "@reboot /usr/local/bin/patchmon-agent serve >/dev/null 2>&1") | crontab -
-    info "📋 Added crontab entry for PatchMon agent"
+    info "Added crontab entry for PatchMon agent"
    # Start the agent manually
    /usr/local/bin/patchmon-agent serve >/dev/null 2>&1 &
-    success "✅ PatchMon Agent started in background"
+    success "PatchMon Agent started in background"
-    info "🔗 WebSocket connection established"
+    info "WebSocket connection established"
    SERVICE_TYPE="crontab"
 fi
 # Installation complete
-success "🎉 PatchMon Agent installation completed successfully!"
+success "PatchMon Agent installation completed successfully!"
 echo ""
-echo -e "${GREEN}📋 Installation Summary:${NC}"
+printf "%b\n" "${GREEN}Installation Summary:${NC}"
 echo "   • Configuration directory: /etc/patchmon"
 echo "   • Agent binary installed: /usr/local/bin/patchmon-agent"
 echo "   • Architecture: $ARCHITECTURE"
@@ -810,16 +791,16 @@ echo "   • Logs directory: /etc/patchmon/logs"
 MOVED_FILES=$(ls /etc/patchmon/credentials.yml.backup.* /etc/patchmon/config.yml.backup.* /usr/local/bin/patchmon-agent.backup.* /etc/patchmon/logs/patchmon-agent.log.old.* /usr/local/bin/patchmon-agent.sh.backup.* /etc/patchmon/credentials.backup.* 2>/dev/null || true)
 if [ -n "$MOVED_FILES" ]; then
    echo ""
-    echo -e "${YELLOW}📋 Files Moved for Fresh Installation:${NC}"
+    printf "%b\n" "${YELLOW}Files Moved for Fresh Installation:${NC}"
    echo "$MOVED_FILES" | while read -r moved_file; do
        echo "   • $moved_file"
    done
    echo ""
-    echo -e "${BLUE}💡 Note: Old files are automatically cleaned up (keeping last 3)${NC}"
+    printf "%b\n" "${BLUE}Note: Old files are automatically cleaned up (keeping last 3)${NC}"
 fi
 echo ""
-echo -e "${BLUE}🔧 Management Commands:${NC}"
+printf "%b\n" "${BLUE}Management Commands:${NC}"
 echo "   • Test connection: /usr/local/bin/patchmon-agent ping"
 echo "   • Manual report: /usr/local/bin/patchmon-agent report"
 echo "   • Check status: /usr/local/bin/patchmon-agent diagnostics"
@@ -836,4 +817,4 @@ else
    echo "   • Restart service: pkill -f 'patchmon-agent serve' && /usr/local/bin/patchmon-agent serve &"
 fi
 echo ""
-success "✅ Your system is now being monitored by PatchMon!"
+success "Your system is now being monitored by PatchMon!"
--- a/agents/patchmon_remove.sh
+++ b/agents/patchmon_remove.sh
@@ -1,7 +1,10 @@
-#!/bin/bash
+#!/bin/sh
 # PatchMon Agent Removal Script
-# Usage: curl -s {PATCHMON_URL}/api/v1/hosts/remove | bash
+# POSIX-compliant shell script (works with dash, ash, bash, etc.)
 # Usage: curl -s {PATCHMON_URL}/api/v1/hosts/remove | sudo sh
 #        curl -s {PATCHMON_URL}/api/v1/hosts/remove | sudo REMOVE_BACKUPS=1 sh
 #        curl -s {PATCHMON_URL}/api/v1/hosts/remove | sudo SILENT=1 sh
 # This script completely removes PatchMon from the system
 set -e
@@ -11,80 +14,271 @@ set -e
 # future (left for consistency with install script).
 CURL_FLAGS=""
-# Colors for output
+# Detect if running in silent mode (only with explicit SILENT env var)
-RED='\033[0;31m'
+SILENT_MODE=0
-GREEN='\033[0;32m'
+if [ -n "$SILENT" ]; then
-YELLOW='\033[1;33m'
+    SILENT_MODE=1
-BLUE='\033[0;34m'
+fi
-NC='\033[0m' # No Color
+
 # Check if backup files should be removed (default: preserve for safety)
 # Usage: REMOVE_BACKUPS=1 when piping the script
 REMOVE_BACKUPS="${REMOVE_BACKUPS:-0}"
 # Colors for output (disabled in silent mode)
 if [ "$SILENT_MODE" -eq 0 ]; then
    RED='\033[0;31m'
    GREEN='\033[0;32m'
    YELLOW='\033[1;33m'
    BLUE='\033[0;34m'
    NC='\033[0m' # No Color
 else
    RED=''
    GREEN=''
    YELLOW=''
    BLUE=''
    NC=''
 fi
 # Functions
 error() {
-    echo -e "${RED}❌ ERROR: $1${NC}" >&2
+    printf "%b\n" "${RED}❌ ERROR: $1${NC}" >&2
    exit 1
 }
 info() {
-    echo -e "${BLUE}ℹ️  $1${NC}"
+    if [ "$SILENT_MODE" -eq 0 ]; then
        printf "%b\n" "${BLUE}ℹ️  $1${NC}"
    fi
 }
 success() {
-    echo -e "${GREEN}✅ $1${NC}"
+    if [ "$SILENT_MODE" -eq 0 ]; then
        printf "%b\n" "${GREEN}✅ $1${NC}"
    fi
 }
 warning() {
-    echo -e "${YELLOW}⚠️  $1${NC}"
+    if [ "$SILENT_MODE" -eq 0 ]; then
        printf "%b\n" "${YELLOW}⚠️  $1${NC}"
    fi
 }
 # Check if running as root
-if [[ $EUID -ne 0 ]]; then
+if [ "$(id -u)" -ne 0 ]; then
   error "This script must be run as root (use sudo)"
 fi
 info "🗑️  Starting PatchMon Agent Removal..."
-echo ""
+[ "$SILENT_MODE" -eq 0 ] && echo ""
-# Step 1: Stop any running PatchMon processes
+# Step 1: Stop systemd/OpenRC service if it exists
-info "🛑 Stopping PatchMon processes..."
+info "🛑 Stopping PatchMon service..."
-if pgrep -f "patchmon-agent.sh" >/dev/null; then
+SERVICE_STOPPED=0
-    warning "Found running PatchMon processes, stopping them..."
+
-    pkill -f "patchmon-agent.sh" || true
+# Check for systemd service
 if command -v systemctl >/dev/null 2>&1; then
    info "📋 Checking systemd service status..."
    # Check if service is active
    if systemctl is-active --quiet patchmon-agent.service 2>/dev/null; then
        SERVICE_STATUS=$(systemctl is-active patchmon-agent.service 2>/dev/null || echo "unknown")
        warning "Service is active (status: $SERVICE_STATUS). Stopping it now..."
        if systemctl stop patchmon-agent.service 2>/dev/null; then
            success "✓ Service stopped successfully"
            SERVICE_STOPPED=1
        else
            warning "✗ Failed to stop service (continuing anyway...)"
        fi
        # Verify it stopped
        sleep 1
        if systemctl is-active --quiet patchmon-agent.service 2>/dev/null; then
            warning "⚠️  Service is STILL ACTIVE after stop command!"
        else
            info "✓ Verified: Service is no longer active"
        fi
    else
        info "Service is not active"
    fi
    # Check if service is enabled
    if systemctl is-enabled --quiet patchmon-agent.service 2>/dev/null; then
        ENABLED_STATUS=$(systemctl is-enabled patchmon-agent.service 2>/dev/null || echo "unknown")
        warning "Service is enabled (status: $ENABLED_STATUS). Disabling it now..."
        if systemctl disable patchmon-agent.service 2>/dev/null; then
            success "✓ Service disabled successfully"
        else
            warning "✗ Failed to disable service (may already be disabled)"
        fi
    else
        info "Service is not enabled"
    fi
    # Check for service file
    if [ -f "/etc/systemd/system/patchmon-agent.service" ]; then
        warning "Found service file: /etc/systemd/system/patchmon-agent.service"
        info "Removing service file..."
        if rm -f /etc/systemd/system/patchmon-agent.service 2>/dev/null; then
            success "✓ Service file removed"
        else
            warning "✗ Failed to remove service file (check permissions)"
        fi
        info "Reloading systemd daemon..."
        if systemctl daemon-reload 2>/dev/null; then
            success "✓ Systemd daemon reloaded"
        else
            warning "✗ Failed to reload systemd daemon"
        fi
        SERVICE_STOPPED=1
        # Verify the file is gone
        if [ -f "/etc/systemd/system/patchmon-agent.service" ]; then
            warning "⚠️  Service file STILL EXISTS after removal!"
        else
            info "✓ Verified: Service file removed"
        fi
    else
        info "Service file not found at /etc/systemd/system/patchmon-agent.service"
    fi
    # Final status check
    info "📊 Final systemd status check..."
    FINAL_STATUS=$(systemctl is-active patchmon-agent.service 2>&1 || echo "not-found")
    info "Service status: $FINAL_STATUS"
 fi
 # Check for OpenRC service (Alpine Linux)
 if command -v rc-service >/dev/null 2>&1; then
    if rc-service patchmon-agent status >/dev/null 2>&1; then
        warning "Stopping OpenRC service..."
        rc-service patchmon-agent stop || true
        SERVICE_STOPPED=1
    fi
    if rc-update show default 2>/dev/null | grep -q "patchmon-agent"; then
        warning "Removing from runlevel..."
        rc-update del patchmon-agent default || true
    fi
    if [ -f "/etc/init.d/patchmon-agent" ]; then
        warning "Removing OpenRC service file..."
        rm -f /etc/init.d/patchmon-agent
        success "OpenRC service removed"
        SERVICE_STOPPED=1
    fi
 fi
 # Stop any remaining running processes (legacy or manual starts)
 info "🔍 Checking for running PatchMon processes..."
 if pgrep -f "patchmon-agent" >/dev/null; then
    PROCESS_COUNT=$(pgrep -f "patchmon-agent" | wc -l | tr -d ' ')
    warning "Found $PROCESS_COUNT running PatchMon process(es)"
    # Show process details
    if [ "$SILENT_MODE" -eq 0 ]; then
        info "Process details:"
        ps aux | grep "[p]atchmon-agent" | while IFS= read -r line; do
            echo "   $line"
        done
    fi
    warning "Sending SIGTERM to all patchmon-agent processes..."
    if pkill -f "patchmon-agent" 2>/dev/null; then
        success "✓ Sent SIGTERM signal"
    else
        warning "Failed to send SIGTERM (processes may have already stopped)"
    fi
    sleep 2
-    success "PatchMon processes stopped"
+    
    # Check if processes still exist
    if pgrep -f "patchmon-agent" >/dev/null; then
        REMAINING=$(pgrep -f "patchmon-agent" | wc -l | tr -d ' ')
        warning "⚠️  $REMAINING process(es) still running! Sending SIGKILL..."
        pkill -9 -f "patchmon-agent" 2>/dev/null || true
        sleep 1
        if pgrep -f "patchmon-agent" >/dev/null; then
            warning "⚠️  CRITICAL: Processes still running after SIGKILL!"
        else
            success "✓ All processes terminated"
        fi
    else
        success "✓ All processes stopped successfully"
    fi
    SERVICE_STOPPED=1
 else
    info "No running PatchMon processes found"
 fi
 if [ "$SERVICE_STOPPED" -eq 1 ]; then
    success "PatchMon service/processes stopped"
 else
    info "No running PatchMon service or processes found"
 fi
 # Step 2: Remove crontab entries
 info "📅 Removing PatchMon crontab entries..."
-if crontab -l 2>/dev/null | grep -q "patchmon-agent.sh"; then
+if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
    warning "Found PatchMon crontab entries, removing them..."
-    crontab -l 2>/dev/null | grep -v "patchmon-agent.sh" | crontab -
+    crontab -l 2>/dev/null | grep -v "patchmon-agent" | crontab -
    success "Crontab entries removed"
 else
    info "No PatchMon crontab entries found"
 fi
-# Step 3: Remove agent script
+# Step 3: Remove agent binaries and scripts
-info "📄 Removing agent script..."
+info "📄 Removing agent binaries and scripts..."
-if [[ -f "/usr/local/bin/patchmon-agent.sh" ]]; then
+AGENTS_REMOVED=0
-    warning "Removing agent script: /usr/local/bin/patchmon-agent.sh"
+
 # Remove Go agent binary
 if [ -f "/usr/local/bin/patchmon-agent" ]; then
    warning "Removing Go agent binary: /usr/local/bin/patchmon-agent"
    rm -f /usr/local/bin/patchmon-agent
    AGENTS_REMOVED=1
 fi
 # Remove legacy shell script agent
 if [ -f "/usr/local/bin/patchmon-agent.sh" ]; then
    warning "Removing legacy agent script: /usr/local/bin/patchmon-agent.sh"
    rm -f /usr/local/bin/patchmon-agent.sh
-    success "Agent script removed"
+    AGENTS_REMOVED=1
 fi
 # Remove backup files for Go agent
 if ls /usr/local/bin/patchmon-agent.backup.* >/dev/null 2>&1; then
    warning "Removing Go agent backup files..."
    rm -f /usr/local/bin/patchmon-agent.backup.*
    AGENTS_REMOVED=1
 fi
 # Remove backup files for legacy shell script
 if ls /usr/local/bin/patchmon-agent.sh.backup.* >/dev/null 2>&1; then
    warning "Removing legacy agent backup files..."
    rm -f /usr/local/bin/patchmon-agent.sh.backup.*
    AGENTS_REMOVED=1
 fi
 if [ "$AGENTS_REMOVED" -eq 1 ]; then
    success "Agent binaries and scripts removed"
 else
-    info "Agent script not found"
+    info "No agent binaries or scripts found"
 fi
 # Step 4: Remove configuration directory and files
 info "📁 Removing configuration files..."
-if [[ -d "/etc/patchmon" ]]; then
+if [ -d "/etc/patchmon" ]; then
    warning "Removing configuration directory: /etc/patchmon"
-    # Show what's being removed
+    # Show what's being removed (only in verbose mode)
-    info "📋 Files in /etc/patchmon:"
+    if [ "$SILENT_MODE" -eq 0 ]; then
-    ls -la /etc/patchmon/ 2>/dev/null | grep -v "^total" | while read -r line; do
+        info "📋 Files in /etc/patchmon:"
-        echo "   $line"
+        ls -la /etc/patchmon/ 2>/dev/null | grep -v "^total" | while read -r line; do
-    done
+            echo "   $line"
        done
    fi
    # Remove the directory
    rm -rf /etc/patchmon
@@ -95,7 +289,7 @@ fi
 # Step 5: Remove log files
 info "📝 Removing log files..."
-if [[ -f "/var/log/patchmon-agent.log" ]]; then
+if [ -f "/var/log/patchmon-agent.log" ]; then
    warning "Removing log file: /var/log/patchmon-agent.log"
    rm -f /var/log/patchmon-agent.log
    success "Log file removed"
@@ -103,120 +297,164 @@ else
    info "Log file not found"
 fi
-# Step 6: Clean up backup files (optional)
+# Step 6: Clean up backup files
-info "🧹 Cleaning up backup files..."
+info "🧹 Checking backup files..."
 BACKUP_COUNT=0
 BACKUP_REMOVED=0
-# Count credential backups
+if [ "$REMOVE_BACKUPS" -eq 1 ]; then
-CRED_BACKUPS=$(ls /etc/patchmon/credentials.backup.* 2>/dev/null | wc -l || echo "0")
+    info "Removing backup files (REMOVE_BACKUPS=1)..."
 if [[ $CRED_BACKUPS -gt 0 ]]; then
    BACKUP_COUNT=$((BACKUP_COUNT + CRED_BACKUPS))
 fi
 # Count agent backups
 AGENT_BACKUPS=$(ls /usr/local/bin/patchmon-agent.sh.backup.* 2>/dev/null | wc -l || echo "0")
 if [[ $AGENT_BACKUPS -gt 0 ]]; then
    BACKUP_COUNT=$((BACKUP_COUNT + AGENT_BACKUPS))
 fi
 # Count log backups
 LOG_BACKUPS=$(ls /var/log/patchmon-agent.log.old.* 2>/dev/null | wc -l || echo "0")
 if [[ $LOG_BACKUPS -gt 0 ]]; then
    BACKUP_COUNT=$((BACKUP_COUNT + LOG_BACKUPS))
 fi
 if [[ $BACKUP_COUNT -gt 0 ]]; then
    warning "Found $BACKUP_COUNT backup files"
    echo ""
    echo -e "${YELLOW}📋 Backup files found:${NC}"
-    # Show credential backups
+    # Remove credential backups (already removed with /etc/patchmon directory, but check anyway)
-    if [[ $CRED_BACKUPS -gt 0 ]]; then
+    if ls /etc/patchmon/credentials.backup.* >/dev/null 2>&1; then
-        echo "   Credential backups:"
+        CRED_BACKUPS=$(ls /etc/patchmon/credentials.backup.* 2>/dev/null | wc -l | tr -d ' ')
-        ls /etc/patchmon/credentials.backup.* 2>/dev/null | while read -r file; do
+        warning "Removing $CRED_BACKUPS credential backup file(s)..."
-            echo "     • $file"
+        rm -f /etc/patchmon/credentials.backup.*
-        done
+        BACKUP_COUNT=$((BACKUP_COUNT + CRED_BACKUPS))
        BACKUP_REMOVED=1
    fi
-    # Show agent backups
+    # Remove config backups (already removed with /etc/patchmon directory, but check anyway)
-    if [[ $AGENT_BACKUPS -gt 0 ]]; then
+    if ls /etc/patchmon/*.backup.* >/dev/null 2>&1; then
-        echo "   Agent script backups:"
+        CONFIG_BACKUPS=$(ls /etc/patchmon/*.backup.* 2>/dev/null | wc -l | tr -d ' ')
-        ls /usr/local/bin/patchmon-agent.sh.backup.* 2>/dev/null | while read -r file; do
+        warning "Removing $CONFIG_BACKUPS config backup file(s)..."
-            echo "     • $file"
+        rm -f /etc/patchmon/*.backup.*
-        done
+        BACKUP_COUNT=$((BACKUP_COUNT + CONFIG_BACKUPS))
        BACKUP_REMOVED=1
    fi
-    # Show log backups
+    # Remove Go agent backups
-    if [[ $LOG_BACKUPS -gt 0 ]]; then
+    if ls /usr/local/bin/patchmon-agent.backup.* >/dev/null 2>&1; then
-        echo "   Log file backups:"
+        GO_AGENT_BACKUPS=$(ls /usr/local/bin/patchmon-agent.backup.* 2>/dev/null | wc -l | tr -d ' ')
-        ls /var/log/patchmon-agent.log.old.* 2>/dev/null | while read -r file; do
+        warning "Removing $GO_AGENT_BACKUPS Go agent backup file(s)..."
-            echo "     • $file"
+        rm -f /usr/local/bin/patchmon-agent.backup.*
-        done
+        BACKUP_COUNT=$((BACKUP_COUNT + GO_AGENT_BACKUPS))
        BACKUP_REMOVED=1
    fi
-    echo ""
+    # Remove legacy shell agent backups
-    echo -e "${BLUE}💡 Note: Backup files are preserved for safety${NC}"
+    if ls /usr/local/bin/patchmon-agent.sh.backup.* >/dev/null 2>&1; then
-    echo -e "${BLUE}💡 You can remove them manually if not needed${NC}"
+        SHELL_AGENT_BACKUPS=$(ls /usr/local/bin/patchmon-agent.sh.backup.* 2>/dev/null | wc -l | tr -d ' ')
        warning "Removing $SHELL_AGENT_BACKUPS legacy agent backup file(s)..."
        rm -f /usr/local/bin/patchmon-agent.sh.backup.*
        BACKUP_COUNT=$((BACKUP_COUNT + SHELL_AGENT_BACKUPS))
        BACKUP_REMOVED=1
    fi
    # Remove log backups
    if ls /var/log/patchmon-agent.log.old.* >/dev/null 2>&1; then
        LOG_BACKUPS=$(ls /var/log/patchmon-agent.log.old.* 2>/dev/null | wc -l | tr -d ' ')
        warning "Removing $LOG_BACKUPS log backup file(s)..."
        rm -f /var/log/patchmon-agent.log.old.*
        BACKUP_COUNT=$((BACKUP_COUNT + LOG_BACKUPS))
        BACKUP_REMOVED=1
    fi
    if [ "$BACKUP_REMOVED" -eq 1 ]; then
        success "Removed $BACKUP_COUNT backup file(s)"
    else
        info "No backup files found to remove"
    fi
 else
-    info "No backup files found"
+    # Just count backup files without removing
    CRED_BACKUPS=0
    CONFIG_BACKUPS=0
    GO_AGENT_BACKUPS=0
    SHELL_AGENT_BACKUPS=0
    LOG_BACKUPS=0
    if ls /etc/patchmon/credentials.backup.* >/dev/null 2>&1; then
        CRED_BACKUPS=$(ls /etc/patchmon/credentials.backup.* 2>/dev/null | wc -l | tr -d ' ')
    fi
    if ls /etc/patchmon/*.backup.* >/dev/null 2>&1; then
        CONFIG_BACKUPS=$(ls /etc/patchmon/*.backup.* 2>/dev/null | wc -l | tr -d ' ')
    fi
    if ls /usr/local/bin/patchmon-agent.backup.* >/dev/null 2>&1; then
        GO_AGENT_BACKUPS=$(ls /usr/local/bin/patchmon-agent.backup.* 2>/dev/null | wc -l | tr -d ' ')
    fi
    if ls /usr/local/bin/patchmon-agent.sh.backup.* >/dev/null 2>&1; then
        SHELL_AGENT_BACKUPS=$(ls /usr/local/bin/patchmon-agent.sh.backup.* 2>/dev/null | wc -l | tr -d ' ')
    fi
    if ls /var/log/patchmon-agent.log.old.* >/dev/null 2>&1; then
        LOG_BACKUPS=$(ls /var/log/patchmon-agent.log.old.* 2>/dev/null | wc -l | tr -d ' ')
    fi
    BACKUP_COUNT=$((CRED_BACKUPS + CONFIG_BACKUPS + GO_AGENT_BACKUPS + SHELL_AGENT_BACKUPS + LOG_BACKUPS))
    if [ "$BACKUP_COUNT" -gt 0 ]; then
        info "Found $BACKUP_COUNT backup file(s) - preserved for safety"
        if [ "$SILENT_MODE" -eq 0 ]; then
            printf "%b\n" "${BLUE}💡 To remove backups, run with: REMOVE_BACKUPS=1${NC}"
        fi
    else
        info "No backup files found"
    fi
 fi
-# Step 7: Remove dependencies (optional)
+# Step 7: Final verification
 info "📦 Checking for PatchMon-specific dependencies..."
 if command -v jq >/dev/null 2>&1; then
    warning "jq is installed (used by PatchMon)"
    echo -e "${BLUE}💡 Note: jq may be used by other applications${NC}"
    echo -e "${BLUE}💡 Consider keeping it unless you're sure it's not needed${NC}"
 else
    info "jq not found"
 fi
 if command -v curl >/dev/null 2>&1; then
    warning "curl is installed (used by PatchMon)"
    echo -e "${BLUE}💡 Note: curl is commonly used by many applications${NC}"
    echo -e "${BLUE}💡 Consider keeping it unless you're sure it's not needed${NC}"
 else
    info "curl not found"
 fi
 # Step 8: Final verification
 info "🔍 Verifying removal..."
 REMAINING_FILES=0
-if [[ -f "/usr/local/bin/patchmon-agent.sh" ]]; then
+if [ -f "/usr/local/bin/patchmon-agent" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
-if [[ -d "/etc/patchmon" ]]; then
+if [ -f "/usr/local/bin/patchmon-agent.sh" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
-if [[ -f "/var/log/patchmon-agent.log" ]]; then
+if [ -f "/etc/systemd/system/patchmon-agent.service" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
-if crontab -l 2>/dev/null | grep -q "patchmon-agent.sh"; then
+if [ -f "/etc/init.d/patchmon-agent" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
-if [[ $REMAINING_FILES -eq 0 ]]; then
+if [ -d "/etc/patchmon" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
 if [ -f "/var/log/patchmon-agent.log" ]; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
 if crontab -l 2>/dev/null | grep -q "patchmon-agent"; then
    REMAINING_FILES=$((REMAINING_FILES + 1))
 fi
 if [ "$REMAINING_FILES" -eq 0 ]; then
    success "✅ PatchMon has been completely removed from the system!"
 else
    warning "⚠️  Some PatchMon files may still remain ($REMAINING_FILES items)"
-    echo -e "${BLUE}💡 You may need to remove them manually${NC}"
+    if [ "$SILENT_MODE" -eq 0 ]; then
        printf "%b\n" "${BLUE}💡 You may need to remove them manually${NC}"
    fi
 fi
-echo ""
+if [ "$SILENT_MODE" -eq 0 ]; then
-echo -e "${GREEN}📋 Removal Summary:${NC}"
+    echo ""
-echo "   • Agent script: Removed"
+    printf "%b\n" "${GREEN}📋 Removal Summary:${NC}"
-echo "   • Configuration files: Removed"
+    echo "   • Agent binaries: Removed"
-echo "   • Log files: Removed"
+    echo "   • System services: Removed (systemd/OpenRC)"
-echo "   • Crontab entries: Removed"
+    echo "   • Configuration files: Removed"
-echo "   • Running processes: Stopped"
+    echo "   • Log files: Removed"
-echo "   • Backup files: Preserved (if any)"
+    echo "   • Crontab entries: Removed"
-echo ""
+    echo "   • Running processes: Stopped"
-echo -e "${BLUE}🔧 Manual cleanup (if needed):${NC}"
+    if [ "$REMOVE_BACKUPS" -eq 1 ]; then
-echo "   • Remove backup files: rm /etc/patchmon/credentials.backup.* /usr/local/bin/patchmon-agent.sh.backup.* /var/log/patchmon-agent.log.old.*"
+        echo "   • Backup files: Removed"
-echo "   • Remove dependencies: apt remove jq curl (if not needed by other apps)"
+    else
-echo ""
+        echo "   • Backup files: Preserved (${BACKUP_COUNT} files)"
    fi
    echo ""
    if [ "$REMOVE_BACKUPS" -eq 0 ] && [ "$BACKUP_COUNT" -gt 0 ]; then
        printf "%b\n" "${BLUE}🔧 Manual cleanup (if needed):${NC}"
        echo "   • Remove backup files: curl -s \${PATCHMON_URL}/api/v1/hosts/remove | sudo REMOVE_BACKUPS=1 sh"
        echo ""
    fi
 fi
 success "🎉 PatchMon removal completed!"
--- a/agents/proxmox_auto_enroll.sh
+++ b/agents/proxmox_auto_enroll.sh
@@ -197,6 +197,40 @@ while IFS= read -r line; do
        continue
    fi
    # Check if agent is already installed and working BEFORE enrollment
    info "  Checking if agent is already configured..."
    config_check=$(timeout 10 pct exec "$vmid" -- bash -c "
        if [[ -f /etc/patchmon/config.yml ]] && [[ -f /etc/patchmon/credentials.yml ]]; then
            if [[ -f /usr/local/bin/patchmon-agent ]]; then
                # Try to ping using existing configuration
                if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
                    echo 'ping_success'
                else
                    echo 'ping_failed'
                fi
            else
                echo 'binary_missing'
            fi
        else
            echo 'not_configured'
        fi
    " 2>/dev/null </dev/null || echo "error")
    if [[ "$config_check" == "ping_success" ]]; then
        info "  ✓ Host already enrolled and agent ping successful - skipping enrollment"
        ((skipped_count++)) || true
        echo ""
        continue
    elif [[ "$config_check" == "ping_failed" ]]; then
        warn "  ⚠ Agent configuration exists but ping failed - will re-enroll and reinstall"
    elif [[ "$config_check" == "binary_missing" ]]; then
        warn "  ⚠ Config exists but agent binary missing - will re-enroll and reinstall"
    elif [[ "$config_check" == "not_configured" ]]; then
        info "  ℹ Agent not yet configured - proceeding with enrollment"
    else
        warn "  ⚠ Could not check agent status - proceeding with enrollment"
    fi
    # Call PatchMon auto-enrollment API
    info "  Enrolling $friendly_name in PatchMon..."
@@ -230,40 +264,6 @@ while IFS= read -r line; do
        info "  ✓ Host enrolled successfully: $api_id"
        # Check if agent is already installed and working
        info "  Checking if agent is already configured..."
        config_check=$(timeout 10 pct exec "$vmid" -- bash -c "
            if [[ -f /etc/patchmon/config.yml ]] && [[ -f /etc/patchmon/credentials.yml ]]; then
                if [[ -f /usr/local/bin/patchmon-agent ]]; then
                    # Try to ping using existing configuration
                    if /usr/local/bin/patchmon-agent ping >/dev/null 2>&1; then
                        echo 'ping_success'
                    else
                        echo 'ping_failed'
                    fi
                else
                    echo 'binary_missing'
                fi
            else
                echo 'not_configured'
            fi
        " 2>/dev/null </dev/null || echo "error")
        if [[ "$config_check" == "ping_success" ]]; then
            info "  ✓ Host already enrolled and agent ping successful - skipping"
            ((skipped_count++)) || true
            echo ""
            continue
        elif [[ "$config_check" == "ping_failed" ]]; then
            warn "  ⚠ Agent configuration exists but ping failed - will reinstall"
        elif [[ "$config_check" == "binary_missing" ]]; then
            warn "  ⚠ Config exists but agent binary missing - will reinstall"
        elif [[ "$config_check" == "not_configured" ]]; then
            info "  ℹ Agent not yet configured - proceeding with installation"
        else
            warn "  ⚠ Could not check agent status - proceeding with installation"
        fi
        # Ensure curl is installed in the container
        info "  Checking for curl in container..."
        curl_check=$(timeout 10 pct exec "$vmid" -- bash -c "command -v curl >/dev/null 2>&1 && echo 'installed' || echo 'missing'" 2>/dev/null </dev/null || echo "error")
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "patchmon-backend",
-	"version": "1.3.3",
+	"version": "1.3.6",
 	"description": "Backend API for Linux Patch Monitoring System",
 	"license": "AGPL-3.0",
 	"main": "src/server.js",
--- a/backend/prisma/migrations/20251114215738_remove_machine_id_unique_constraint/migration.sql
+++ b/backend/prisma/migrations/20251114215738_remove_machine_id_unique_constraint/migration.sql
@@ -0,0 +1,13 @@
 -- Remove machine_id unique constraint and make it nullable
 -- This allows multiple hosts with the same machine_id
 -- Duplicate detection now relies on config.yml/credentials.yml checking instead
 -- Drop the unique constraint
 ALTER TABLE "hosts" DROP CONSTRAINT IF EXISTS "hosts_machine_id_key";
 -- Make machine_id nullable
 ALTER TABLE "hosts" ALTER COLUMN "machine_id" DROP NOT NULL;
 -- Keep the index for query performance (but not unique)
 CREATE INDEX IF NOT EXISTS "hosts_machine_id_idx" ON "hosts"("machine_id");
--- a/backend/prisma/migrations/20251116000000_add_needs_reboot_field/migration.sql
+++ b/backend/prisma/migrations/20251116000000_add_needs_reboot_field/migration.sql
@@ -0,0 +1,7 @@
 -- AlterTable
 ALTER TABLE "hosts" ADD COLUMN "needs_reboot" BOOLEAN DEFAULT false;
 ALTER TABLE "hosts" ADD COLUMN "installed_kernel_version" TEXT;
 -- CreateIndex
 CREATE INDEX "hosts_needs_reboot_idx" ON "hosts"("needs_reboot");
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -1,5 +1,6 @@
 generator client {
-  provider = "prisma-client-js"
+  provider      = "prisma-client-js"
  binaryTargets = ["native", "linux-musl-openssl-3.0.x", "linux-musl-arm64-openssl-3.0.x"]
 }
 datasource db {
@@ -81,7 +82,7 @@ model host_repositories {
 model hosts {
  id                      String                    @id
-  machine_id              String                    @unique
+  machine_id              String?
  friendly_name           String
  ip                      String?
  os_type                 String
@@ -102,6 +103,7 @@ model hosts {
  gateway_ip              String?
  hostname                String?
  kernel_version          String?
  installed_kernel_version String?
  load_average             Json?
  network_interfaces      Json?
  ram_installed           Int?
@@ -109,6 +111,7 @@ model hosts {
  swap_size               Int?
  system_uptime           String?
  notes                   String?
  needs_reboot            Boolean?                  @default(false)
  host_packages           host_packages[]
  host_repositories       host_repositories[]
  host_group_memberships  host_group_memberships[]
@@ -120,6 +123,7 @@ model hosts {
  @@index([machine_id])
  @@index([friendly_name])
  @@index([hostname])
  @@index([needs_reboot])
 }
 model packages {
--- a/backend/src/routes/autoEnrollmentRoutes.js
+++ b/backend/src/routes/autoEnrollmentRoutes.js
@@ -481,19 +481,22 @@ router.delete(
 );
 // ========== AUTO-ENROLLMENT ENDPOINTS (Used by Scripts) ==========
-// Future integrations can follow this pattern:
+// Universal script-serving endpoint with type parameter
-//   - /proxmox-lxc     - Proxmox LXC containers
+// Supported types:
-//   - /vmware-esxi     - VMware ESXi VMs
+//   - proxmox-lxc     - Proxmox LXC containers
-//   - /docker          - Docker containers
+//   - direct-host     - Direct host enrollment
-//   - /kubernetes      - Kubernetes pods
+// Future types:
-//   - /aws-ec2         - AWS EC2 instances
+//   - vmware-esxi     - VMware ESXi VMs
 //   - docker          - Docker containers
 //   - kubernetes      - Kubernetes pods
-// Serve the Proxmox LXC enrollment script with credentials injected
+// Serve auto-enrollment scripts with credentials injected
-router.get("/proxmox-lxc", async (req, res) => {
+router.get("/script", async (req, res) => {
 	try {
-		// Get token from query params
+		// Get parameters from query params
 		const token_key = req.query.token_key;
 		const token_secret = req.query.token_secret;
 		const script_type = req.query.type;
 		if (!token_key || !token_secret) {
 			return res
@@ -501,6 +504,25 @@ router.get("/proxmox-lxc", async (req, res) => {
 				.json({ error: "Token key and secret required as query parameters" });
 		}
 		if (!script_type) {
 			return res.status(400).json({
 				error:
 					"Script type required as query parameter (e.g., ?type=proxmox-lxc or ?type=direct-host)",
 			});
 		}
 		// Map script types to script file paths
 		const scriptMap = {
 			"proxmox-lxc": "proxmox_auto_enroll.sh",
 			"direct-host": "direct_host_auto_enroll.sh",
 		};
 		if (!scriptMap[script_type]) {
 			return res.status(400).json({
 				error: `Invalid script type: ${script_type}. Supported types: ${Object.keys(scriptMap).join(", ")}`,
 			});
 		}
 		// Validate token
 		const token = await prisma.auto_enrollment_tokens.findUnique({
 			where: { token_key: token_key },
@@ -526,13 +548,13 @@ router.get("/proxmox-lxc", async (req, res) => {
 		const script_path = path.join(
 			__dirname,
-			"../../../agents/proxmox_auto_enroll.sh",
+			`../../../agents/${scriptMap[script_type]}`,
 		);
 		if (!fs.existsSync(script_path)) {
-			return res
+			return res.status(404).json({
-				.status(404)
+				error: `Enrollment script not found: ${scriptMap[script_type]}`,
-				.json({ error: "Proxmox enrollment script not found" });
+			});
 		}
 		let script = fs.readFileSync(script_path, "utf8");
@@ -566,8 +588,11 @@ router.get("/proxmox-lxc", async (req, res) => {
 		// Check for --force parameter
 		const force_install = req.query.force === "true" || req.query.force === "1";
 		// Use bash for proxmox-lxc, sh for others
 		const shebang = script_type === "proxmox-lxc" ? "#!/bin/bash" : "#!/bin/sh";
 		// Inject the token credentials, server URL, curl flags, and force flag into the script
-		const env_vars = `#!/bin/bash
+		const env_vars = `${shebang}
 # PatchMon Auto-Enrollment Configuration (Auto-generated)
 export PATCHMON_URL="${server_url}"
 export AUTO_ENROLLMENT_KEY="${token.token_key}"
@@ -591,11 +616,11 @@ export FORCE_INSTALL="${force_install ? "true" : "false"}"
 		res.setHeader("Content-Type", "text/plain");
 		res.setHeader(
 			"Content-Disposition",
-			'inline; filename="proxmox_auto_enroll.sh"',
+			`inline; filename="${scriptMap[script_type]}"`,
 		);
 		res.send(script);
 	} catch (error) {
-		console.error("Proxmox script serve error:", error);
+		console.error("Script serve error:", error);
 		res.status(500).json({ error: "Failed to serve enrollment script" });
 	}
 });
@@ -609,8 +634,11 @@ router.post(
 			.isLength({ min: 1, max: 255 })
 			.withMessage("Friendly name is required"),
 		body("machine_id")
 			.optional()
 			.isLength({ min: 1, max: 255 })
-			.withMessage("Machine ID is required"),
+			.withMessage(
 				"Machine ID must be between 1 and 255 characters if provided",
 			),
 		body("metadata").optional().isObject(),
 	],
 	async (req, res) => {
@@ -626,24 +654,7 @@ router.post(
 			const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
 			const api_key = crypto.randomBytes(32).toString("hex");
-			// Check if host already exists by machine_id (not hostname)
+			// Create host (no duplicate check - using config.yml checking instead)
 			const existing_host = await prisma.hosts.findUnique({
 				where: { machine_id },
 			});
 			if (existing_host) {
 				return res.status(409).json({
 					error: "Host already exists",
 					host_id: existing_host.id,
 					api_id: existing_host.api_id,
 					machine_id: existing_host.machine_id,
 					friendly_name: existing_host.friendly_name,
 					message:
 						"This machine is already enrolled in PatchMon (matched by machine ID)",
 				});
 			}
 			// Create host
 			const host = await prisma.hosts.create({
 				data: {
 					id: uuidv4(),
@@ -760,30 +771,7 @@ router.post(
 				try {
 					const { friendly_name, machine_id } = host_data;
-					if (!machine_id) {
+					// Generate credentials (no duplicate check - using config.yml checking instead)
 						results.failed.push({
 							friendly_name,
 							error: "Machine ID is required",
 						});
 						continue;
 					}
 					// Check if host already exists by machine_id
 					const existing_host = await prisma.hosts.findUnique({
 						where: { machine_id },
 					});
 					if (existing_host) {
 						results.skipped.push({
 							friendly_name,
 							machine_id,
 							reason: "Machine already enrolled",
 							api_id: existing_host.api_id,
 						});
 						continue;
 					}
 					// Generate credentials
 					const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
 					const api_key = crypto.randomBytes(32).toString("hex");
--- a/backend/src/routes/dashboardPreferencesRoutes.js
+++ b/backend/src/routes/dashboardPreferencesRoutes.js
@@ -92,58 +92,63 @@ async function createDefaultDashboardPreferences(userId, userRole = "user") {
 				requiredPermission: "can_view_hosts",
 				order: 5,
 			},
 			{
 				cardId: "hostsNeedingReboot",
 				requiredPermission: "can_view_hosts",
 				order: 6,
 			},
 			// Repository-related cards
-			{ cardId: "totalRepos", requiredPermission: "can_view_hosts", order: 6 },
+			{ cardId: "totalRepos", requiredPermission: "can_view_hosts", order: 7 },
 			// User management cards (admin only)
-			{ cardId: "totalUsers", requiredPermission: "can_view_users", order: 7 },
+			{ cardId: "totalUsers", requiredPermission: "can_view_users", order: 8 },
 			// System/Report cards
 			{
 				cardId: "osDistribution",
 				requiredPermission: "can_view_reports",
-				order: 8,
+				order: 9,
 			},
 			{
 				cardId: "osDistributionBar",
 				requiredPermission: "can_view_reports",
-				order: 9,
+				order: 10,
 			},
 			{
 				cardId: "osDistributionDoughnut",
 				requiredPermission: "can_view_reports",
-				order: 10,
+				order: 11,
 			},
 			{
 				cardId: "recentCollection",
 				requiredPermission: "can_view_hosts",
-				order: 11,
+				order: 12,
 			},
 			{
 				cardId: "updateStatus",
 				requiredPermission: "can_view_reports",
-				order: 12,
+				order: 13,
 			},
 			{
 				cardId: "packagePriority",
 				requiredPermission: "can_view_packages",
-				order: 13,
+				order: 14,
 			},
 			{
 				cardId: "packageTrends",
 				requiredPermission: "can_view_packages",
-				order: 14,
+				order: 15,
 			},
 			{
 				cardId: "recentUsers",
 				requiredPermission: "can_view_users",
-				order: 15,
+				order: 16,
 			},
 			{
 				cardId: "quickStats",
 				requiredPermission: "can_view_dashboard",
-				order: 16,
+				order: 17,
 			},
 		];
@@ -290,26 +295,33 @@ router.get("/defaults", authenticateToken, async (_req, res) => {
 				enabled: true,
 				order: 5,
 			},
 			{
 				cardId: "hostsNeedingReboot",
 				title: "Needs Reboots",
 				icon: "RotateCcw",
 				enabled: true,
 				order: 6,
 			},
 			{
 				cardId: "totalRepos",
 				title: "Repositories",
 				icon: "GitBranch",
 				enabled: true,
-				order: 6,
+				order: 7,
 			},
 			{
 				cardId: "totalUsers",
 				title: "Users",
 				icon: "Users",
 				enabled: true,
-				order: 7,
+				order: 8,
 			},
 			{
 				cardId: "osDistribution",
 				title: "OS Distribution",
 				icon: "BarChart3",
 				enabled: true,
-				order: 8,
+				order: 9,
 			},
 			{
 				cardId: "osDistributionBar",
--- a/backend/src/routes/dashboardRoutes.js
+++ b/backend/src/routes/dashboardRoutes.js
@@ -41,6 +41,7 @@ router.get(
 				erroredHosts,
 				securityUpdates,
 				offlineHosts,
 				hostsNeedingReboot,
 				totalHostGroups,
 				totalUsers,
 				totalRepos,
@@ -106,6 +107,13 @@ router.get(
 					},
 				}),
 				// Hosts needing reboot
 				prisma.hosts.count({
 					where: {
 						needs_reboot: true,
 					},
 				}),
 				// Total host groups count
 				prisma.host_groups.count(),
@@ -174,6 +182,7 @@ router.get(
 					erroredHosts,
 					securityUpdates,
 					offlineHosts,
 					hostsNeedingReboot,
 					totalHostGroups,
 					totalUsers,
 					totalRepos,
@@ -217,6 +226,7 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 				auto_update: true,
 				notes: true,
 				api_id: true,
 				needs_reboot: true,
 				host_group_memberships: {
 					include: {
 						host_groups: {
@@ -232,33 +242,48 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 			orderBy: { last_update: "desc" },
 		});
-		// OPTIMIZATION: Get all package counts in 2 batch queries instead of N*2 queries
+		// OPTIMIZATION: Get all package counts in 3 batch queries instead of N*3 queries
 		const hostIds = hosts.map((h) => h.id);
-		const [updateCounts, totalCounts] = await Promise.all([
+		const [updateCounts, securityUpdateCounts, totalCounts] = await Promise.all(
-			// Get update counts for all hosts at once
+			[
-			prisma.host_packages.groupBy({
+				// Get update counts for all hosts at once
-				by: ["host_id"],
+				prisma.host_packages.groupBy({
-				where: {
+					by: ["host_id"],
-					host_id: { in: hostIds },
+					where: {
-					needs_update: true,
+						host_id: { in: hostIds },
-				},
+						needs_update: true,
-				_count: { id: true },
+					},
-			}),
+					_count: { id: true },
-			// Get total counts for all hosts at once
+				}),
-			prisma.host_packages.groupBy({
+				// Get security update counts for all hosts at once
-				by: ["host_id"],
+				prisma.host_packages.groupBy({
-				where: {
+					by: ["host_id"],
-					host_id: { in: hostIds },
+					where: {
-				},
+						host_id: { in: hostIds },
-				_count: { id: true },
+						needs_update: true,
-			}),
+						is_security_update: true,
-		]);
+					},
 					_count: { id: true },
 				}),
 				// Get total counts for all hosts at once
 				prisma.host_packages.groupBy({
 					by: ["host_id"],
 					where: {
 						host_id: { in: hostIds },
 					},
 					_count: { id: true },
 				}),
 			],
 		);
 		// Create lookup maps for O(1) access
 		const updateCountMap = new Map(
 			updateCounts.map((item) => [item.host_id, item._count.id]),
 		);
 		const securityUpdateCountMap = new Map(
 			securityUpdateCounts.map((item) => [item.host_id, item._count.id]),
 		);
 		const totalCountMap = new Map(
 			totalCounts.map((item) => [item.host_id, item._count.id]),
 		);
@@ -266,6 +291,7 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 		// Process hosts with counts from maps (no more DB queries!)
 		const hostsWithUpdateInfo = hosts.map((host) => {
 			const updatesCount = updateCountMap.get(host.id) || 0;
 			const securityUpdatesCount = securityUpdateCountMap.get(host.id) || 0;
 			const totalPackagesCount = totalCountMap.get(host.id) || 0;
 			// Calculate effective status based on reporting interval
@@ -282,6 +308,7 @@ router.get("/hosts", authenticateToken, requireViewHosts, async (_req, res) => {
 			return {
 				...host,
 				updatesCount,
 				securityUpdatesCount,
 				totalPackagesCount,
 				isStale,
 				effectiveStatus,
--- a/backend/src/routes/hostGroupRoutes.js
+++ b/backend/src/routes/hostGroupRoutes.js
@@ -59,6 +59,7 @@ router.get("/:id", authenticateToken, async (req, res) => {
 								os_version: true,
 								status: true,
 								last_update: true,
 								needs_reboot: true,
 							},
 						},
 					},
@@ -259,6 +260,7 @@ router.get("/:id/hosts", authenticateToken, async (req, res) => {
 				status: true,
 				last_update: true,
 				created_at: true,
 				needs_reboot: true,
 			},
 			orderBy: {
 				friendly_name: "asc",
--- a/backend/src/routes/hostRoutes.js
+++ b/backend/src/routes/hostRoutes.js
@@ -12,7 +12,7 @@ const {
 } = require("../middleware/permissions");
 const { queueManager, QUEUE_NAMES } = require("../services/automation");
 const { pushIntegrationToggle, isConnected } = require("../services/agentWs");
-const agentVersionService = require("../services/agentVersionService");
+const { compareVersions } = require("../services/automation/shared/utils");
 const router = express.Router();
 const prisma = getPrismaClient();
@@ -169,109 +169,101 @@ router.get("/agent/version", async (req, res) => {
 			});
 		} else {
 			// Go agent version check
-			// Detect server architecture and map to Go architecture names
+			// Always check the server's local binary for the requested architecture
-			const os = require("node:os");
+			// The server's agents folder is the source of truth, not GitHub
 			const { exec } = require("node:child_process");
 			const { promisify } = require("node:util");
 			const execAsync = promisify(exec);
-			const serverArch = os.arch();
+			const binaryName = `patchmon-agent-linux-${architecture}`;
-			// Map Node.js architecture to Go architecture names
+			const binaryPath = path.join(__dirname, "../../../agents", binaryName);
 			const archMap = {
 				x64: "amd64",
 				ia32: "386",
 				arm64: "arm64",
 				arm: "arm",
 			};
 			const serverGoArch = archMap[serverArch] || serverArch;
-			// If requested architecture matches server architecture, execute the binary
+			if (fs.existsSync(binaryPath)) {
-			if (architecture === serverGoArch) {
+				// Binary exists in server's agents folder - use its version
-				const binaryName = `patchmon-agent-linux-${architecture}`;
+				let serverVersion = null;
 				const binaryPath = path.join(__dirname, "../../../agents", binaryName);
-				if (!fs.existsSync(binaryPath)) {
+				// Try method 1: Execute binary (works for same architecture)
-					// Binary doesn't exist, fall back to GitHub
+				try {
-					console.log(`Binary ${binaryName} not found, falling back to GitHub`);
+					const { stdout } = await execAsync(`${binaryPath} --help`, {
-				} else {
+						timeout: 10000,
-					// Execute the binary to get its version
+					});
 					// Parse version from help output (e.g., "PatchMon Agent v1.3.1")
 					const versionMatch = stdout.match(
 						/PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i,
 					);
 					if (versionMatch) {
 						serverVersion = versionMatch[1];
 					}
 				} catch (execError) {
 					// Execution failed (likely cross-architecture) - try alternative method
 					console.warn(
 						`Failed to execute binary ${binaryName} to get version (may be cross-architecture): ${execError.message}`,
 					);
 					// Try method 2: Extract version using strings command (works for cross-architecture)
 					try {
-						const { stdout } = await execAsync(`${binaryPath} --help`, {
+						const { stdout: stringsOutput } = await execAsync(
-							timeout: 10000,
+							`strings "${binaryPath}" | grep -E "PatchMon Agent v[0-9]+\\.[0-9]+\\.[0-9]+" | head -1`,
-						});
+							{
 								timeout: 10000,
 							},
 						);
-						// Parse version from help output (e.g., "PatchMon Agent v1.3.1")
+						const versionMatch = stringsOutput.match(
 						const versionMatch = stdout.match(
 							/PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i,
 						);
 						if (versionMatch) {
-							const serverVersion = versionMatch[1];
+							serverVersion = versionMatch[1];
-							const agentVersion = req.query.currentVersion || serverVersion;
+							console.log(
-
+								`✅ Extracted version ${serverVersion} from binary using strings command`,
-							// Simple version comparison (assuming semantic versioning)
+							);
 							const hasUpdate = agentVersion !== serverVersion;
 							return res.json({
 								currentVersion: agentVersion,
 								latestVersion: serverVersion,
 								hasUpdate: hasUpdate,
 								downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
 								releaseNotes: `PatchMon Agent v${serverVersion}`,
 								minServerVersion: null,
 								architecture: architecture,
 								agentType: "go",
 							});
 						}
-					} catch (execError) {
+					} catch (stringsError) {
-						// Execution failed, fall back to GitHub
+						console.warn(
-						console.log(
+							`Failed to extract version using strings command: ${stringsError.message}`,
 							`Failed to execute binary ${binaryName}: ${execError.message}, falling back to GitHub`,
 						);
 					}
 				}
 			}
-			// Fall back to GitHub if architecture doesn't match or binary execution failed
+				// If we successfully got the version, return it
-			try {
+				if (serverVersion) {
-				const versionInfo = await agentVersionService.getVersionInfo();
+					const agentVersion = req.query.currentVersion || serverVersion;
 				const latestVersion = versionInfo.latestVersion;
 				const agentVersion =
 					req.query.currentVersion || latestVersion || "unknown";
-				if (!latestVersion) {
+					// Proper semantic version comparison: only update if server version is NEWER
-					return res.status(503).json({
+					const hasUpdate = compareVersions(serverVersion, agentVersion) > 0;
-						error: "Unable to determine latest version from GitHub releases",
+
 					return res.json({
 						currentVersion: agentVersion,
-						latestVersion: null,
+						latestVersion: serverVersion,
-						hasUpdate: false,
+						hasUpdate: hasUpdate,
 						downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
 						releaseNotes: `PatchMon Agent v${serverVersion}`,
 						minServerVersion: null,
 						architecture: architecture,
 						agentType: "go",
 					});
 				}
-				// Simple version comparison (assuming semantic versioning)
+				// If we couldn't get version, fall through to error response
-				const hasUpdate =
+				console.warn(
-					agentVersion !== latestVersion && latestVersion !== null;
+					`Could not determine version for binary ${binaryName} using any method`,
 				res.json({
 					currentVersion: agentVersion,
 					latestVersion: latestVersion,
 					hasUpdate: hasUpdate,
 					downloadUrl: `/api/v1/hosts/agent/download?arch=${architecture}`,
 					releaseNotes: `PatchMon Agent v${latestVersion}`,
 					minServerVersion: null,
 					architecture: architecture,
 					agentType: "go",
 				});
 			} catch (serviceError) {
 				console.error(
 					"Failed to get version from agentVersionService:",
 					serviceError.message,
 				);
 				return res.status(500).json({
 					error: "Failed to get agent version from service",
 					details: serviceError.message,
 				});
 			}
 			// Binary doesn't exist or couldn't get version - return error
 			// Don't fall back to GitHub - the server's agents folder is the source of truth
 			const agentVersion = req.query.currentVersion || "unknown";
 			return res.status(404).json({
 				error: `Agent binary not found for architecture: ${architecture}. Please ensure the binary is in the server's agents folder.`,
 				currentVersion: agentVersion,
 				latestVersion: null,
 				hasUpdate: false,
 				architecture: architecture,
 				agentType: "go",
 			});
 		}
 	} catch (error) {
 		console.error("Version check error:", error);
@@ -514,6 +506,10 @@ router.post(
 			.optional()
 			.isString()
 			.withMessage("Kernel version must be a string"),
 		body("installedKernelVersion")
 			.optional()
 			.isString()
 			.withMessage("Installed kernel version must be a string"),
 		body("selinuxStatus")
 			.optional()
 			.isIn(["enabled", "disabled", "permissive"])
@@ -530,6 +526,14 @@ router.post(
 			.optional()
 			.isString()
 			.withMessage("Machine ID must be a string"),
 		body("needsReboot")
 			.optional()
 			.isBoolean()
 			.withMessage("Needs reboot must be a boolean"),
 		body("rebootReason")
 			.optional()
 			.isString()
 			.withMessage("Reboot reason must be a string"),
 	],
 	async (req, res) => {
 		try {
@@ -551,8 +555,11 @@ router.post(
 				updated_at: new Date(),
 			};
-			// Update machine_id if provided and current one is a placeholder
+			// Update machine_id if provided and current one is a placeholder or null
-			if (req.body.machineId && host.machine_id.startsWith("pending-")) {
+			if (
 				req.body.machineId &&
 				(host.machine_id === null || host.machine_id.startsWith("pending-"))
 			) {
 				updateData.machine_id = req.body.machineId;
 			}
@@ -584,12 +591,18 @@ router.post(
 			// System Information
 			if (req.body.kernelVersion)
 				updateData.kernel_version = req.body.kernelVersion;
 			if (req.body.installedKernelVersion)
 				updateData.installed_kernel_version = req.body.installedKernelVersion;
 			if (req.body.selinuxStatus)
 				updateData.selinux_status = req.body.selinuxStatus;
 			if (req.body.systemUptime)
 				updateData.system_uptime = req.body.systemUptime;
 			if (req.body.loadAverage) updateData.load_average = req.body.loadAverage;
 			// Reboot Status
 			if (req.body.needsReboot !== undefined)
 				updateData.needs_reboot = req.body.needsReboot;
 			// If this is the first update (status is 'pending'), change to 'active'
 			if (host.status === "pending") {
 				updateData.status = "active";
@@ -1682,7 +1695,7 @@ router.get("/install", async (req, res) => {
 		const archExport = architecture
 			? `export ARCHITECTURE="${architecture}"\n`
 			: "";
-		const envVars = `#!/bin/bash
+		const envVars = `#!/bin/sh
 export PATCHMON_URL="${serverUrl}"
 export API_ID="${host.api_id}"
 export API_KEY="${host.api_key}"
@@ -1708,47 +1721,7 @@ ${archExport}
 	}
 });
-// Check if machine_id already exists (requires auth)
+// Note: /check-machine-id endpoint removed - using config.yml checking method instead
 router.post("/check-machine-id", validateApiCredentials, async (req, res) => {
 	try {
 		const { machine_id } = req.body;
 		if (!machine_id) {
 			return res.status(400).json({
 				error: "machine_id is required",
 			});
 		}
 		// Check if a host with this machine_id exists
 		const existing_host = await prisma.hosts.findUnique({
 			where: { machine_id },
 			select: {
 				id: true,
 				friendly_name: true,
 				machine_id: true,
 				api_id: true,
 				status: true,
 				created_at: true,
 			},
 		});
 		if (existing_host) {
 			return res.status(200).json({
 				exists: true,
 				host: existing_host,
 				message: "This machine is already enrolled",
 			});
 		}
 		return res.status(200).json({
 			exists: false,
 			message: "Machine not yet enrolled",
 		});
 	} catch (error) {
 		console.error("Error checking machine_id:", error);
 		res.status(500).json({ error: "Failed to check machine_id" });
 	}
 });
 // Serve the removal script (public endpoint - no authentication required)
 router.get("/remove", async (_req, res) => {
@@ -1781,7 +1754,7 @@ router.get("/remove", async (_req, res) => {
 		} catch (_) {}
 		// Prepend environment for CURL_FLAGS so script can use it if needed
-		const envPrefix = `#!/bin/bash\nexport CURL_FLAGS="${curlFlags}"\n\n`;
+		const envPrefix = `#!/bin/sh\nexport CURL_FLAGS="${curlFlags}"\n\n`;
 		script = script.replace(/^#!/, "#");
 		script = envPrefix + script;
--- a/backend/src/routes/packageRoutes.js
+++ b/backend/src/routes/packageRoutes.js
@@ -142,6 +142,7 @@ router.get("/", async (req, res) => {
 								friendly_name: true,
 								hostname: true,
 								os_type: true,
 								needs_reboot: true,
 							},
 						},
 						current_version: true,
@@ -236,6 +237,7 @@ router.get("/:packageId", async (req, res) => {
 								os_type: true,
 								os_version: true,
 								last_update: true,
 								needs_reboot: true,
 							},
 						},
 					},
@@ -365,6 +367,7 @@ router.get("/:packageId/hosts", async (req, res) => {
 						os_type: true,
 						os_version: true,
 						last_update: true,
 						needs_reboot: true,
 					},
 				},
 			},
@@ -386,6 +389,7 @@ router.get("/:packageId/hosts", async (req, res) => {
 			needsUpdate: hp.needs_update,
 			isSecurityUpdate: hp.is_security_update,
 			lastChecked: hp.last_checked,
 			needsReboot: hp.hosts.needs_reboot,
 		}));
 		res.json({
--- a/backend/src/routes/repositoryRoutes.js
+++ b/backend/src/routes/repositoryRoutes.js
@@ -119,6 +119,7 @@ router.get(
 									os_version: true,
 									status: true,
 									last_update: true,
 									needs_reboot: true,
 								},
 							},
 						},
--- a/docker/backend.Dockerfile
+++ b/docker/backend.Dockerfile
@@ -10,8 +10,6 @@ ENV NODE_ENV=development \
 RUN apk add --no-cache openssl tini curl libc6-compat
 USER node
 WORKDIR /app
 COPY --chown=node:node package*.json ./
@@ -20,9 +18,10 @@ COPY --chown=node:node agents ./agents_backup
 COPY --chown=node:node agents ./agents
 COPY --chmod=755 docker/backend.docker-entrypoint.sh ./entrypoint.sh
-WORKDIR /app/backend
+USER node
-RUN npm ci --ignore-scripts && npx prisma generate
+RUN npm install --workspace=backend --ignore-scripts && cd backend && npx prisma generate && \
    chmod -R u+w /app/node_modules/@prisma/engines 2>/dev/null || true
 EXPOSE 3001
@@ -35,22 +34,22 @@ ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/app/entrypoint.sh"]
 # Builder stage for production
-FROM node:lts-alpine AS builder
+# Use Debian-based Node for better QEMU ARM64 compatibility
 FROM node:lts-slim AS builder
-RUN apk add --no-cache openssl
+# Install OpenSSL for Prisma
 RUN apt-get update -y && apt-get install -y openssl && rm -rf /var/lib/apt/lists/*
 WORKDIR /app
 COPY --chown=node:node package*.json ./
 COPY --chown=node:node backend/ ./backend/
 WORKDIR /app/backend
 RUN npm cache clean --force &&\
    rm -rf node_modules ~/.npm /root/.npm &&\
-    npm ci --ignore-scripts --legacy-peer-deps --no-audit --prefer-online --fetch-retries=3 --fetch-retry-mintimeout=20000 --fetch-retry-maxtimeout=120000 &&\
+    npm install --workspace=backend --ignore-scripts --legacy-peer-deps --no-audit --prefer-online --fetch-retries=3 --fetch-retry-mintimeout=20000 --fetch-retry-maxtimeout=120000 &&\
-    PRISMA_CLI_BINARY_TYPE=binary npm run db:generate &&\
+    cd backend && npx prisma generate &&\
-    npm prune --omit=dev &&\
+    cd .. && npm prune --omit=dev --workspace=backend &&\
    npm cache clean --force
 # Production stage
@@ -68,16 +67,22 @@ ENV NODE_ENV=production \
 RUN apk add --no-cache openssl tini curl libc6-compat
 USER node
 WORKDIR /app
-COPY --from=builder /app/backend ./backend
+COPY --from=builder --chown=node:node /app/backend ./backend
-COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder --chown=node:node /app/node_modules ./node_modules
 COPY --chown=node:node agents ./agents_backup
 COPY --chown=node:node agents ./agents
 COPY --chmod=755 docker/backend.docker-entrypoint.sh ./entrypoint.sh
 # Ensure Prisma engines directory is writable for rootless Docker (Prisma 6.1.0+ requirement)
 # This must be done as root before switching to node user
 # Order: chown first (sets ownership), then chmod (sets permissions)
 RUN chown -R node:node /app/node_modules/@prisma/engines && \
    chmod -R u+w /app/node_modules/@prisma/engines
 USER node
 WORKDIR /app/backend
 EXPOSE 3001
--- a/docker/frontend.Dockerfile
+++ b/docker/frontend.Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /app
 COPY package*.json ./
 COPY frontend/ ./frontend/
-RUN npm ci --ignore-scripts
+RUN npm install --workspace=frontend --ignore-scripts
 WORKDIR /app/frontend
@@ -15,7 +15,8 @@ EXPOSE 3000
 CMD ["npm", "run", "dev", "--", "--host", "0.0.0.0", "--port", "3000"]
 # Builder stage for production
-FROM node:lts-alpine AS builder
+# Use Debian-based Node for better QEMU ARM64 compatibility
 FROM node:lts-slim AS builder
 WORKDIR /app/frontend
--- a/docker/nginx.conf.template
+++ b/docker/nginx.conf.template
@@ -24,6 +24,9 @@ server {
    add_header X-Content-Type-Options nosniff always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    # Prevent search engine indexing
    add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet" always;
    # Bull Board proxy - must come before the root location to avoid conflicts
    location /bullboard {
--- a/frontend/env.example
+++ b/frontend/env.example
@@ -6,5 +6,5 @@ VITE_API_URL=http://localhost:3001/api/v1
 # Application Metadata
 VITE_APP_NAME=PatchMon
-VITE_APP_VERSION=1.3.1
+VITE_APP_VERSION=1.3.6
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -4,6 +4,18 @@
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/assets/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <!-- Prevent search engine indexing -->
    <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" />
    <meta name="googlebot" content="noindex, nofollow, noarchive, nosnippet" />
    <meta name="bingbot" content="noindex, nofollow, noarchive, nosnippet" />
    <meta name="description" content="" />
    <!-- Prevent caching -->
    <meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate" />
    <meta http-equiv="pragma" content="no-cache" />
    <meta http-equiv="expires" content="0" />
    <title>PatchMon - Linux Patch Monitoring Dashboard</title>
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "patchmon-frontend",
 	"private": true,
-	"version": "1.3.3",
+	"version": "1.3.6",
 	"license": "AGPL-3.0",
 	"type": "module",
 	"scripts": {
--- a/frontend/public/robots.txt
+++ b/frontend/public/robots.txt
@@ -0,0 +1,26 @@
 # Disallow all search engine crawlers
 User-agent: *
 Disallow: /
 # Specifically target major search engines
 User-agent: Googlebot
 Disallow: /
 User-agent: Bingbot
 Disallow: /
 User-agent: Slurp
 Disallow: /
 User-agent: DuckDuckBot
 Disallow: /
 User-agent: Baiduspider
 Disallow: /
 User-agent: YandexBot
 Disallow: /
 # Prevent indexing of all content
 Disallow: /*
--- a/frontend/server.js
+++ b/frontend/server.js
@@ -11,6 +11,12 @@ const app = express();
 const PORT = process.env.PORT || 3000;
 const BACKEND_URL = process.env.BACKEND_URL || "http://backend:3001";
 // Add security headers to prevent search engine indexing
 app.use((_req, res, next) => {
 	res.setHeader("X-Robots-Tag", "noindex, nofollow, noarchive, nosnippet");
 	next();
 });
 // Enable CORS for API calls
 app.use(
 	cors({
--- a/frontend/src/components/InlineMultiGroupEdit.jsx
+++ b/frontend/src/components/InlineMultiGroupEdit.jsx
@@ -203,7 +203,7 @@ const InlineMultiGroupEdit = ({
 												className="mr-2 h-4 w-4 text-primary-600 focus:ring-primary-500 border-secondary-300 rounded"
 											/>
 											<span
-												className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium text-white"
+												className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium text-white"
 												style={{ backgroundColor: option.color }}
 											>
 												{option.name}
@@ -250,7 +250,7 @@ const InlineMultiGroupEdit = ({
 	return (
 		<div className={`flex items-center gap-1 group ${className}`}>
 			{displayGroups.length === 0 ? (
-				<span className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-secondary-100 text-secondary-800">
+				<span className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-secondary-100 text-secondary-800">
 					Ungrouped
 				</span>
 			) : (
@@ -258,7 +258,7 @@ const InlineMultiGroupEdit = ({
 					{displayGroups.map((group) => (
 						<span
 							key={group.id}
-							className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium text-white"
+							className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium text-white"
 							style={{ backgroundColor: group.color }}
 						>
 							{group.name}
--- a/frontend/src/components/InlineToggle.jsx
+++ b/frontend/src/components/InlineToggle.jsx
@@ -56,7 +56,7 @@ const InlineToggle = ({
 					type="button"
 					onClick={handleToggle}
 					disabled={isLoading}
-					className={`relative inline-flex h-5 w-9 items-center rounded-full transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 disabled:opacity-50 disabled:cursor-not-allowed ${
+					className={`relative inline-flex h-5 w-9 items-center rounded-md transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 disabled:opacity-50 disabled:cursor-not-allowed ${
 						value
 							? "bg-primary-600 dark:bg-primary-500"
 							: "bg-secondary-200 dark:bg-secondary-600"
--- a/frontend/src/components/settings/AgentUpdatesTab.jsx
+++ b/frontend/src/components/settings/AgentUpdatesTab.jsx
@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
-import { AlertCircle, CheckCircle, Save, Shield } from "lucide-react";
+import { AlertCircle, CheckCircle, Save, Shield, X } from "lucide-react";
 import { useEffect, useId, useState } from "react";
 import { permissionsAPI, settingsAPI } from "../../utils/api";
@@ -18,9 +18,60 @@ const AgentUpdatesTab = () => {
 	});
 	const [errors, setErrors] = useState({});
 	const [isDirty, setIsDirty] = useState(false);
 	const [toast, setToast] = useState(null);
 	const queryClient = useQueryClient();
 	// Auto-hide toast after 3 seconds
 	useEffect(() => {
 		if (toast) {
 			const timer = setTimeout(() => {
 				setToast(null);
 			}, 3000);
 			return () => clearTimeout(timer);
 		}
 	}, [toast]);
 	const showToast = (message, type = "success") => {
 		setToast({ message, type });
 	};
 	// Fallback clipboard copy function for HTTP and older browsers
 	const copyToClipboard = async (text) => {
 		// Try modern clipboard API first
 		if (navigator.clipboard && navigator.clipboard.writeText) {
 			try {
 				await navigator.clipboard.writeText(text);
 				return true;
 			} catch (err) {
 				console.warn("Clipboard API failed, using fallback:", err);
 			}
 		}
 		// Fallback for HTTP or unsupported browsers
 		try {
 			const textArea = document.createElement("textarea");
 			textArea.value = text;
 			textArea.style.position = "fixed";
 			textArea.style.left = "-999999px";
 			textArea.style.top = "-999999px";
 			document.body.appendChild(textArea);
 			textArea.focus();
 			textArea.select();
 			const successful = document.execCommand("copy");
 			document.body.removeChild(textArea);
 			if (successful) {
 				return true;
 			}
 			throw new Error("execCommand failed");
 		} catch (err) {
 			console.error("Fallback copy failed:", err);
 			throw err;
 		}
 	};
 	// Fetch current settings
 	const {
 		data: settings,
@@ -167,6 +218,53 @@ const AgentUpdatesTab = () => {
 	return (
 		<div className="space-y-6">
 			{/* Toast Notification */}
 			{toast && (
 				<div
 					className={`fixed top-4 right-4 z-50 max-w-md rounded-lg shadow-lg border-2 p-4 flex items-start space-x-3 animate-in slide-in-from-top-5 ${
 						toast.type === "success"
 							? "bg-green-50 dark:bg-green-900/90 border-green-500 dark:border-green-600"
 							: "bg-red-50 dark:bg-red-900/90 border-red-500 dark:border-red-600"
 					}`}
 				>
 					<div
 						className={`flex-shrink-0 rounded-full p-1 ${
 							toast.type === "success"
 								? "bg-green-100 dark:bg-green-800"
 								: "bg-red-100 dark:bg-red-800"
 						}`}
 					>
 						{toast.type === "success" ? (
 							<CheckCircle className="h-5 w-5 text-green-600 dark:text-green-400" />
 						) : (
 							<AlertCircle className="h-5 w-5 text-red-600 dark:text-red-400" />
 						)}
 					</div>
 					<div className="flex-1">
 						<p
 							className={`text-sm font-medium ${
 								toast.type === "success"
 									? "text-green-800 dark:text-green-100"
 									: "text-red-800 dark:text-red-100"
 							}`}
 						>
 							{toast.message}
 						</p>
 					</div>
 					<button
 						type="button"
 						onClick={() => setToast(null)}
 						className={`flex-shrink-0 rounded-lg p-1 transition-colors ${
 							toast.type === "success"
 								? "hover:bg-green-100 dark:hover:bg-green-800 text-green-600 dark:text-green-400"
 								: "hover:bg-red-100 dark:hover:bg-red-800 text-red-600 dark:text-red-400"
 						}`}
 					>
 						<X className="h-4 w-4" />
 					</button>
 				</div>
 			)}
 			{errors.general && (
 				<div className="bg-red-50 dark:bg-red-900 border border-red-200 dark:border-red-700 rounded-md p-4">
 					<div className="flex">
@@ -226,7 +324,7 @@ const AgentUpdatesTab = () => {
 								key={m}
 								type="button"
 								onClick={() => handleInputChange("updateInterval", m)}
-								className={`px-3 py-1.5 rounded-full text-xs font-medium border ${
+								className={`px-3 py-1.5 rounded-md text-xs font-medium border ${
 									formData.updateInterval === m
 										? "bg-primary-600 text-white border-primary-600"
 										: "bg-white dark:bg-secondary-700 text-secondary-700 dark:text-secondary-200 border-secondary-300 dark:border-secondary-600 hover:bg-secondary-50 dark:hover:bg-secondary-600"
@@ -458,19 +556,74 @@ const AgentUpdatesTab = () => {
 						<div className="mt-2 text-sm text-red-700 dark:text-red-300">
 							<p className="mb-3">To completely remove PatchMon from a host:</p>
-							{/* Go Agent Uninstall */}
+							{/* Agent Removal Script - Standard */}
 							<div className="mb-3">
 								<div className="space-y-2">
 									<div className="text-xs font-semibold text-red-700 dark:text-red-300 mb-1">
 										Standard Removal (preserves backups):
 									</div>
 									<div className="flex items-center gap-2">
 										<div className="bg-red-100 dark:bg-red-800 rounded p-2 font-mono text-xs flex-1">
-											sudo patchmon-agent uninstall
+											curl {formData.ignoreSslSelfSigned ? "-sk" : "-s"}{" "}
 											{window.location.origin}/api/v1/hosts/remove | sudo sh
 										</div>
 										<button
 											type="button"
-											onClick={() => {
+											onClick={async () => {
-												navigator.clipboard.writeText(
+												try {
-													"sudo patchmon-agent uninstall",
+													const curlFlags = formData.ignoreSslSelfSigned
-												);
+														? "-sk"
 														: "-s";
 													await copyToClipboard(
 														`curl ${curlFlags} ${window.location.origin}/api/v1/hosts/remove | sudo sh`,
 													);
 													showToast(
 														"Standard removal command copied!",
 														"success",
 													);
 												} catch (err) {
 													console.error("Failed to copy:", err);
 													showToast("Failed to copy to clipboard", "error");
 												}
 											}}
 											className="px-2 py-1 bg-red-200 dark:bg-red-700 text-red-800 dark:text-red-200 rounded text-xs hover:bg-red-300 dark:hover:bg-red-600 transition-colors"
 										>
 											Copy
 										</button>
 									</div>
 								</div>
 							</div>
 							{/* Agent Removal Script - Complete */}
 							<div className="mb-3">
 								<div className="space-y-2">
 									<div className="text-xs font-semibold text-red-700 dark:text-red-300 mb-1">
 										Complete Removal (includes backups):
 									</div>
 									<div className="flex items-center gap-2">
 										<div className="bg-red-100 dark:bg-red-800 rounded p-2 font-mono text-xs flex-1">
 											curl {formData.ignoreSslSelfSigned ? "-sk" : "-s"}{" "}
 											{window.location.origin}/api/v1/hosts/remove | sudo
 											REMOVE_BACKUPS=1 sh
 										</div>
 										<button
 											type="button"
 											onClick={async () => {
 												try {
 													const curlFlags = formData.ignoreSslSelfSigned
 														? "-sk"
 														: "-s";
 													await copyToClipboard(
 														`curl ${curlFlags} ${window.location.origin}/api/v1/hosts/remove | sudo REMOVE_BACKUPS=1 sh`,
 													);
 													showToast(
 														"Complete removal command copied!",
 														"success",
 													);
 												} catch (err) {
 													console.error("Failed to copy:", err);
 													showToast("Failed to copy to clipboard", "error");
 												}
 											}}
 											className="px-2 py-1 bg-red-200 dark:bg-red-700 text-red-800 dark:text-red-200 rounded text-xs hover:bg-red-300 dark:hover:bg-red-600 transition-colors"
 										>
@@ -478,16 +631,15 @@ const AgentUpdatesTab = () => {
 										</button>
 									</div>
 									<div className="text-xs text-red-600 dark:text-red-400">
-										Options: <code>--remove-config</code>,{" "}
+										This removes: binaries, systemd/OpenRC services,
-										<code>--remove-logs</code>, <code>--remove-all</code>,{" "}
+										configuration files, logs, crontab entries, and backup files
 										<code>--force</code>
 									</div>
 								</div>
 							</div>
-							<p className="mt-2 text-xs">
+							<p className="mt-2 text-xs text-red-700 dark:text-red-400">
-								⚠️ This command will remove all PatchMon files, configuration,
+								⚠️ Standard removal preserves backup files for safety. Use
-								and crontab entries
+								complete removal to delete everything.
 							</p>
 						</div>
 					</div>
--- a/frontend/src/components/settings/RolesTab.jsx
+++ b/frontend/src/components/settings/RolesTab.jsx
@@ -318,7 +318,7 @@ const RolePermissionsCard = ({
 							{role.role}
 						</h3>
 						{isBuiltInRole && (
-							<span className="ml-2 inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-primary-100 text-primary-800">
+							<span className="ml-2 inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-primary-100 text-primary-800">
 								Built-in Role
 							</span>
 						)}
--- a/frontend/src/components/settings/UsersTab.jsx
+++ b/frontend/src/components/settings/UsersTab.jsx
@@ -179,7 +179,7 @@ const UsersTab = () => {
 															{user.username}
 														</div>
 														{user.id === currentUser?.id && (
-															<span className="ml-2 inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800">
+															<span className="ml-2 inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-blue-100 text-blue-800">
 																You
 															</span>
 														)}
@@ -195,7 +195,7 @@ const UsersTab = () => {
 										</td>
 										<td className="px-6 py-4 whitespace-nowrap">
 											<span
-												className={`inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium ${
+												className={`inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium ${
 													user.role === "admin"
 														? "bg-primary-100 text-primary-800"
 														: user.role === "host_manager"
--- a/frontend/src/pages/Dashboard.jsx
+++ b/frontend/src/pages/Dashboard.jsx
@@ -13,10 +13,12 @@ import {
 } from "chart.js";
 import {
 	AlertTriangle,
 	CheckCircle,
 	Folder,
 	GitBranch,
 	Package,
 	RefreshCw,
 	RotateCcw,
 	Server,
 	Settings,
 	Shield,
@@ -99,6 +101,20 @@ const Dashboard = () => {
 		navigate("/repositories");
 	};
 	const handleNeedsRebootClick = () => {
 		// Navigate to hosts with reboot filter, clearing any other filters
 		const newSearchParams = new URLSearchParams();
 		newSearchParams.set("reboot", "true");
 		navigate(`/hosts?${newSearchParams.toString()}`);
 	};
 	const handleUpToDateClick = () => {
 		// Navigate to hosts with upToDate filter, clearing any other filters
 		const newSearchParams = new URLSearchParams();
 		newSearchParams.set("filter", "upToDate");
 		navigate(`/hosts?${newSearchParams.toString()}`);
 	};
 	const _handleOSDistributionClick = () => {
 		navigate("/hosts?showFilters=true", { replace: true });
 	};
@@ -308,9 +324,10 @@ const Dashboard = () => {
 			[
 				"totalHosts",
 				"hostsNeedingUpdates",
 				"upToDateHosts",
 				"totalOutdatedPackages",
 				"securityUpdates",
-				"upToDateHosts",
+				"hostsNeedingReboot",
 				"totalHostGroups",
 				"totalUsers",
 				"totalRepos",
@@ -341,7 +358,7 @@ const Dashboard = () => {
 	const getGroupClassName = (cardType) => {
 		switch (cardType) {
 			case "stats":
-				return "grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-4 gap-4";
+				return "grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-5 gap-4";
 			case "charts":
 				return "grid grid-cols-1 lg:grid-cols-3 gap-6";
 			case "widecharts":
@@ -356,23 +373,33 @@ const Dashboard = () => {
 	// Helper function to render a card by ID
 	const renderCard = (cardId) => {
 		switch (cardId) {
-			case "upToDateHosts":
+			case "hostsNeedingReboot":
 				return (
-					<div className="card p-4">
+					<button
 						type="button"
 						className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 w-full text-left"
 						onClick={handleNeedsRebootClick}
 						onKeyDown={(e) => {
 							if (e.key === "Enter" || e.key === " ") {
 								e.preventDefault();
 								handleNeedsRebootClick();
 							}
 						}}
 					>
 						<div className="flex items-center">
 							<div className="flex-shrink-0">
-								<TrendingUp className="h-5 w-5 text-success-600 mr-2" />
+								<RotateCcw className="h-5 w-5 text-orange-600 mr-2" />
 							</div>
 							<div className="w-0 flex-1">
 								<p className="text-sm text-secondary-500 dark:text-white">
-									Up to date
+									Needs Reboots
 								</p>
 								<p className="text-xl font-semibold text-secondary-900 dark:text-white">
-									{stats.cards.upToDateHosts}/{stats.cards.totalHosts}
+									{stats.cards.hostsNeedingReboot}
 								</p>
 							</div>
 						</div>
-					</div>
+					</button>
 				);
 			case "totalHosts":
 				return (
@@ -432,6 +459,35 @@ const Dashboard = () => {
 					</button>
 				);
 			case "upToDateHosts":
 				return (
 					<button
 						type="button"
 						className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 w-full text-left"
 						onClick={handleUpToDateClick}
 						onKeyDown={(e) => {
 							if (e.key === "Enter" || e.key === " ") {
 								e.preventDefault();
 								handleUpToDateClick();
 							}
 						}}
 					>
 						<div className="flex items-center">
 							<div className="flex-shrink-0">
 								<CheckCircle className="h-5 w-5 text-success-600 mr-2" />
 							</div>
 							<div className="w-0 flex-1">
 								<p className="text-sm text-secondary-500 dark:text-white">
 									Up to date
 								</p>
 								<p className="text-xl font-semibold text-secondary-900 dark:text-white">
 									{stats.cards.upToDateHosts}
 								</p>
 							</div>
 						</div>
 					</button>
 				);
 			case "totalOutdatedPackages":
 				return (
 					<button
--- a/frontend/src/pages/HostDetail.jsx
+++ b/frontend/src/pages/HostDetail.jsx
@@ -21,6 +21,7 @@ import {
 	Monitor,
 	Package,
 	RefreshCw,
 	RotateCcw,
 	Server,
 	Shield,
 	Terminal,
@@ -493,6 +494,12 @@ const HostDetail = () => {
 								{getStatusIcon(isStale, host.stats.outdated_packages > 0)}
 								{getStatusText(isStale, host.stats.outdated_packages > 0)}
 							</div>
 							{host.needs_reboot && (
 								<span className="inline-flex items-center gap-1 px-2 py-0.5 rounded-md text-xs font-medium bg-orange-100 text-orange-800 dark:bg-orange-900 dark:text-orange-200">
 									<RotateCcw className="h-3 w-3" />
 									Reboot Required
 								</span>
 							)}
 						</div>
 						{/* Info row with uptime and last updated */}
 						<div className="flex items-center gap-4 text-sm text-secondary-600 dark:text-secondary-400">
@@ -849,7 +856,7 @@ const HostDetail = () => {
 												toggleAutoUpdateMutation.mutate(!host.auto_update)
 											}
 											disabled={toggleAutoUpdateMutation.isPending}
-											className={`relative inline-flex h-5 w-9 items-center rounded-full transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
+											className={`relative inline-flex h-5 w-9 items-center rounded-md transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
 												host.auto_update
 													? "bg-primary-600 dark:bg-primary-500"
 													: "bg-secondary-200 dark:bg-secondary-600"
@@ -994,7 +1001,7 @@ const HostDetail = () => {
 											<Terminal className="h-4 w-4 text-primary-600 dark:text-primary-400" />
 											System Information
 										</h4>
-										<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
+										<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
 											{host.architecture && (
 												<div>
 													<p className="text-xs text-secondary-500 dark:text-secondary-300">
@@ -1009,16 +1016,24 @@ const HostDetail = () => {
 											{host.kernel_version && (
 												<div>
 													<p className="text-xs text-secondary-500 dark:text-secondary-300">
-														Kernel Version
+														Running Kernel
 													</p>
-													<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm">
+													<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
 														{host.kernel_version}
 													</p>
 												</div>
 											)}
-											{/* Empty div to push SELinux status to the right */}
+											{host.installed_kernel_version && (
-											<div></div>
+												<div>
 													<p className="text-xs text-secondary-500 dark:text-secondary-300">
 														Installed Kernel
 													</p>
 													<p className="font-medium text-secondary-900 dark:text-white font-mono text-sm break-all">
 														{host.installed_kernel_version}
 													</p>
 												</div>
 											)}
 											{host.selinux_status && (
 												<div>
@@ -1574,7 +1589,7 @@ const HostDetail = () => {
 																	? "Disable Docker integration"
 																	: "Enable Docker integration"
 														}
-														className={`relative inline-flex h-5 w-9 items-center rounded-full transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
+														className={`relative inline-flex h-5 w-9 items-center rounded-md transition-colors focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
 															integrationsData?.data?.integrations?.docker
 																? "bg-primary-600 dark:bg-primary-500"
 																: "bg-secondary-200 dark:bg-secondary-600"
@@ -1645,10 +1660,8 @@ const CredentialsModal = ({ host, isOpen, onClose }) => {
 	const [showApiKey, setShowApiKey] = useState(false);
 	const [activeTab, setActiveTab] = useState("quick-install");
 	const [forceInstall, setForceInstall] = useState(false);
 	const [architecture, setArchitecture] = useState("amd64");
 	const apiIdInputId = useId();
 	const apiKeyInputId = useId();
 	const architectureSelectId = useId();
 	const { data: serverUrlData } = useQuery({
 		queryKey: ["serverUrl"],
@@ -1668,13 +1681,13 @@ const CredentialsModal = ({ host, isOpen, onClose }) => {
 		return settings?.ignore_ssl_self_signed ? "-sk" : "-s";
 	};
-	// Helper function to build installation URL with optional force flag and architecture
+	// Helper function to build installation URL with optional force flag
 	const getInstallUrl = () => {
 		const baseUrl = `${serverUrl}/api/v1/hosts/install`;
-		const params = new URLSearchParams();
+		if (forceInstall) {
-		if (forceInstall) params.append("force", "true");
+			return `${baseUrl}?force=true`;
-		params.append("arch", architecture);
+		}
-		return `${baseUrl}?${params.toString()}`;
+		return baseUrl;
 	};
 	const copyToClipboard = async (text) => {
@@ -1790,34 +1803,10 @@ const CredentialsModal = ({ host, isOpen, onClose }) => {
 								</p>
 							</div>
 							{/* Architecture Selection */}
 							<div className="mb-3">
 								<label
 									htmlFor={architectureSelectId}
 									className="block text-sm font-medium text-primary-800 dark:text-primary-200 mb-2"
 								>
 									Target Architecture
 								</label>
 								<select
 									id={architectureSelectId}
 									value={architecture}
 									onChange={(e) => setArchitecture(e.target.value)}
 									className="px-3 py-2 border border-primary-300 dark:border-primary-600 rounded-md bg-white dark:bg-secondary-800 text-sm text-secondary-900 dark:text-white focus:ring-primary-500 focus:border-primary-500"
 								>
 									<option value="amd64">AMD64 (x86_64) - Default</option>
 									<option value="386">386 (i386) - 32-bit</option>
 									<option value="arm64">ARM64 (aarch64) - ARM 64-bit</option>
 									<option value="arm">ARM (armv7l/armv6l) - ARM 32-bit</option>
 								</select>
 								<p className="text-xs text-primary-600 dark:text-primary-400 mt-1">
 									Select the architecture of the target host
 								</p>
 							</div>
 							<div className="flex items-center gap-2">
 								<input
 									type="text"
-									value={`curl ${getCurlFlags()} ${getInstallUrl()} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" | bash`}
+									value={`curl ${getCurlFlags()} ${getInstallUrl()} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" | sh`}
 									readOnly
 									className="flex-1 px-3 py-2 border border-primary-300 dark:border-primary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 								/>
@@ -1825,7 +1814,7 @@ const CredentialsModal = ({ host, isOpen, onClose }) => {
 									type="button"
 									onClick={() =>
 										copyToClipboard(
-											`curl ${getCurlFlags()} ${getInstallUrl()} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" | bash`,
+											`curl ${getCurlFlags()} ${getInstallUrl()} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" | sh`,
 										)
 									}
 									className="btn-primary flex items-center gap-1"
@@ -1835,270 +1824,6 @@ const CredentialsModal = ({ host, isOpen, onClose }) => {
 								</button>
 							</div>
 						</div>
 						<div className="bg-secondary-50 dark:bg-secondary-700 rounded-lg p-4">
 							<h4 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 								Manual Installation
 							</h4>
 							<p className="text-sm text-secondary-600 dark:text-secondary-300 mb-3">
 								If you prefer to install manually, follow these steps:
 							</p>
 							<div className="space-y-3">
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										1. Create Configuration Directory
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value="sudo mkdir -p /etc/patchmon"
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard("sudo mkdir -p /etc/patchmon")
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										2. Download and Install Agent Binary
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value={`curl ${getCurlFlags()} -o /usr/local/bin/patchmon-agent ${serverUrl}/api/v1/hosts/agent/download?arch=${architecture} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" && sudo chmod +x /usr/local/bin/patchmon-agent`}
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													`curl ${getCurlFlags()} -o /usr/local/bin/patchmon-agent ${serverUrl}/api/v1/hosts/agent/download?arch=${architecture} -H "X-API-ID: ${host.api_id}" -H "X-API-KEY: ${host.api_key}" && sudo chmod +x /usr/local/bin/patchmon-agent`,
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										3. Configure Credentials
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value={`sudo /usr/local/bin/patchmon-agent config set-api "${host.api_id}" "${host.api_key}" "${serverUrl}"`}
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													`sudo /usr/local/bin/patchmon-agent config set-api "${host.api_id}" "${host.api_key}" "${serverUrl}"`,
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										4. Test Configuration
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value="sudo /usr/local/bin/patchmon-agent ping"
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													"sudo /usr/local/bin/patchmon-agent ping",
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										5. Send Initial Data
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value="sudo /usr/local/bin/patchmon-agent report"
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													"sudo /usr/local/bin/patchmon-agent report",
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										6. Create Systemd Service File
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value={`sudo tee /etc/systemd/system/patchmon-agent.service > /dev/null << 'EOF'
 [Unit]
 Description=PatchMon Agent Service
 After=network.target
 Wants=network.target
 [Service]
 Type=simple
 User=root
 ExecStart=/usr/local/bin/patchmon-agent serve
 Restart=always
 RestartSec=10
 WorkingDirectory=/etc/patchmon
 # Logging
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier=patchmon-agent
 [Install]
 WantedBy=multi-user.target
 EOF`}
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													`sudo tee /etc/systemd/system/patchmon-agent.service > /dev/null << 'EOF'
 [Unit]
 Description=PatchMon Agent Service
 After=network.target
 Wants=network.target
 [Service]
 Type=simple
 User=root
 ExecStart=/usr/local/bin/patchmon-agent serve
 Restart=always
 RestartSec=10
 WorkingDirectory=/etc/patchmon
 # Logging
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier=patchmon-agent
 [Install]
 WantedBy=multi-user.target
 EOF`,
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										7. Enable and Start Service
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value="sudo systemctl daemon-reload && sudo systemctl enable patchmon-agent && sudo systemctl start patchmon-agent"
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard(
 													"sudo systemctl daemon-reload && sudo systemctl enable patchmon-agent && sudo systemctl start patchmon-agent",
 												)
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 									<p className="text-xs text-secondary-600 dark:text-secondary-400 mt-2">
 										This will start the agent service and establish WebSocket
 										connection for real-time communication
 									</p>
 								</div>
 								<div className="bg-white dark:bg-secondary-800 rounded-md p-3 border border-secondary-200 dark:border-secondary-600">
 									<h5 className="text-sm font-medium text-secondary-900 dark:text-white mb-2">
 										8. Verify Service Status
 									</h5>
 									<div className="flex items-center gap-2">
 										<input
 											type="text"
 											value="sudo systemctl status patchmon-agent"
 											readOnly
 											className="flex-1 px-3 py-2 border border-secondary-300 dark:border-secondary-600 rounded-md bg-white dark:bg-secondary-800 text-sm font-mono text-secondary-900 dark:text-white"
 										/>
 										<button
 											type="button"
 											onClick={() =>
 												copyToClipboard("sudo systemctl status patchmon-agent")
 											}
 											className="btn-secondary flex items-center gap-1"
 										>
 											<Copy className="h-4 w-4" />
 											Copy
 										</button>
 									</div>
 									<p className="text-xs text-secondary-600 dark:text-secondary-400 mt-2">
 										Check that the service is running and WebSocket connection
 										is established
 									</p>
 								</div>
 							</div>
 						</div>
 					</div>
 				)}
--- a/frontend/src/pages/Hosts.jsx
+++ b/frontend/src/pages/Hosts.jsx
@@ -16,6 +16,7 @@ import {
 	GripVertical,
 	Plus,
 	RefreshCw,
 	RotateCcw,
 	Search,
 	Server,
 	Square,
@@ -331,10 +332,17 @@ const Hosts = () => {
 			},
 			{ id: "ws_status", label: "Connection", visible: true, order: 9 },
 			{ id: "status", label: "Status", visible: true, order: 10 },
-			{ id: "updates", label: "Updates", visible: true, order: 11 },
+			{ id: "needs_reboot", label: "Reboot", visible: true, order: 11 },
-			{ id: "notes", label: "Notes", visible: false, order: 12 },
+			{ id: "updates", label: "Updates", visible: true, order: 12 },
-			{ id: "last_update", label: "Last Update", visible: true, order: 13 },
+			{
-			{ id: "actions", label: "Actions", visible: true, order: 14 },
+				id: "security_updates",
 				label: "Security Updates",
 				visible: true,
 				order: 13,
 			},
 			{ id: "notes", label: "Notes", visible: false, order: 14 },
 			{ id: "last_update", label: "Last Update", visible: true, order: 15 },
 			{ id: "actions", label: "Actions", visible: true, order: 16 },
 		];
 		const saved = localStorage.getItem("hosts-column-config");
@@ -356,8 +364,25 @@ const Hosts = () => {
 					localStorage.removeItem("hosts-column-config");
 					return defaultConfig;
 				} else {
-					// Ensure ws_status column is visible in saved config
+					// Merge saved config with defaults to handle new columns
-					const updatedConfig = savedConfig.map((col) =>
+					// This preserves user's visibility preferences while adding new columns
 					const mergedConfig = defaultConfig.map((defaultCol) => {
 						const savedCol = savedConfig.find(
 							(col) => col.id === defaultCol.id,
 						);
 						if (savedCol) {
 							// Use saved visibility preference, but keep default order and label
 							return {
 								...defaultCol,
 								visible: savedCol.visible,
 							};
 						}
 						// New column not in saved config, use default
 						return defaultCol;
 					});
 					// Ensure ws_status column is visible
 					const updatedConfig = mergedConfig.map((col) =>
 						col.id === "ws_status" ? { ...col, visible: true } : col,
 					);
 					return updatedConfig;
@@ -624,11 +649,27 @@ const Hosts = () => {
 		);
 	};
-	const handleSelectAll = () => {
+	const handleSelectAll = (hostsToSelect) => {
-		if (selectedHosts.length === hosts.length) {
+		const hostIdsToSelect = hostsToSelect.map((host) => host.id);
-			setSelectedHosts([]);
+		const allSelected = hostIdsToSelect.every((id) =>
 			selectedHosts.includes(id),
 		);
 		if (allSelected) {
 			// Deselect all hosts in this group
 			setSelectedHosts((prev) =>
 				prev.filter((id) => !hostIdsToSelect.includes(id)),
 			);
 		} else {
-			setSelectedHosts(hosts.map((host) => host.id));
+			// Select all hosts in this group (merge with existing selections)
 			setSelectedHosts((prev) => {
 				const newSelection = [...prev];
 				hostIdsToSelect.forEach((id) => {
 					if (!newSelection.includes(id)) {
 						newSelection.push(id);
 					}
 				});
 				return newSelection;
 			});
 		}
 	};
@@ -673,8 +714,9 @@ const Hosts = () => {
 				osFilter === "all" ||
 				host.os_type?.toLowerCase() === osFilter.toLowerCase();
-			// URL filter for hosts needing updates, inactive hosts, up-to-date hosts, stale hosts, or offline hosts
+			// URL filter for hosts needing updates, inactive hosts, up-to-date hosts, stale hosts, offline hosts, or reboot required
 			const filter = searchParams.get("filter");
 			const rebootParam = searchParams.get("reboot");
 			const matchesUrlFilter =
 				(filter !== "needsUpdates" ||
 					(host.updatesCount && host.updatesCount > 0)) &&
@@ -682,7 +724,9 @@ const Hosts = () => {
 					(host.effectiveStatus || host.status) === "inactive") &&
 				(filter !== "upToDate" || (!host.isStale && host.updatesCount === 0)) &&
 				(filter !== "stale" || host.isStale) &&
-				(filter !== "offline" || wsStatusMap[host.api_id]?.connected !== true);
+				(filter !== "offline" ||
 					wsStatusMap[host.api_id]?.connected !== true) &&
 				(!rebootParam || host.needs_reboot === true);
 			// Hide stale filter
 			const matchesHideStale = !hideStale || !host.isStale;
@@ -758,6 +802,15 @@ const Hosts = () => {
 					aValue = a.updatesCount || 0;
 					bValue = b.updatesCount || 0;
 					break;
 				case "security_updates":
 					aValue = a.securityUpdatesCount || 0;
 					bValue = b.securityUpdatesCount || 0;
 					break;
 				case "needs_reboot":
 					// Sort by boolean: false (0) comes before true (1)
 					aValue = a.needs_reboot ? 1 : 0;
 					bValue = b.needs_reboot ? 1 : 0;
 					break;
 				case "last_update":
 					aValue = new Date(a.last_update);
 					bValue = new Date(b.last_update);
@@ -917,10 +970,17 @@ const Hosts = () => {
 			},
 			{ id: "ws_status", label: "Connection", visible: true, order: 9 },
 			{ id: "status", label: "Status", visible: true, order: 10 },
-			{ id: "updates", label: "Updates", visible: true, order: 11 },
+			{ id: "needs_reboot", label: "Reboot", visible: true, order: 11 },
-			{ id: "notes", label: "Notes", visible: false, order: 12 },
+			{ id: "updates", label: "Updates", visible: true, order: 12 },
-			{ id: "last_update", label: "Last Update", visible: true, order: 13 },
+			{
-			{ id: "actions", label: "Actions", visible: true, order: 14 },
+				id: "security_updates",
 				label: "Security Updates",
 				visible: true,
 				order: 13,
 			},
 			{ id: "notes", label: "Notes", visible: false, order: 14 },
 			{ id: "last_update", label: "Last Update", visible: true, order: 15 },
 			{ id: "actions", label: "Actions", visible: true, order: 16 },
 		];
 		updateColumnConfig(defaultConfig);
 	};
@@ -1042,7 +1102,7 @@ const Hosts = () => {
 				const wsStatus = wsStatusMap[host.api_id];
 				if (!wsStatus) {
 					return (
-						<span className="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400">
+						<span className="inline-flex items-center px-2 py-1 rounded-md text-xs font-medium bg-gray-100 text-gray-600 dark:bg-gray-700 dark:text-gray-400">
 							<div className="w-2 h-2 bg-gray-400 rounded-full mr-1.5"></div>
 							Unknown
 						</span>
@@ -1050,7 +1110,7 @@ const Hosts = () => {
 				}
 				return (
 					<span
-						className={`inline-flex items-center px-2 py-1 rounded-full text-xs font-medium ${
+						className={`inline-flex items-center px-2 py-1 rounded-md text-xs font-medium ${
 							wsStatus.connected
 								? "bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200"
 								: "bg-red-100 text-red-800 dark:bg-red-900 dark:text-red-200"
@@ -1077,6 +1137,22 @@ const Hosts = () => {
 							(host.effectiveStatus || host.status).slice(1)}
 					</div>
 				);
 			case "needs_reboot":
 				return (
 					<div className="flex justify-center">
 						{host.needs_reboot ? (
 							<span className="inline-flex items-center gap-1 px-2 py-1 rounded-md text-xs font-medium bg-orange-100 text-orange-800 dark:bg-orange-900 dark:text-orange-200">
 								<RotateCcw className="h-3 w-3" />
 								Required
 							</span>
 						) : (
 							<span className="inline-flex items-center gap-1 px-2 py-1 rounded-md text-xs font-medium bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200">
 								<CheckCircle className="h-3 w-3" />
 								No
 							</span>
 						)}
 					</div>
 				);
 			case "updates":
 				return (
 					<button
@@ -1090,6 +1166,19 @@ const Hosts = () => {
 						{host.updatesCount || 0}
 					</button>
 				);
 			case "security_updates":
 				return (
 					<button
 						type="button"
 						onClick={() =>
 							navigate(`/packages?host=${host.id}&filter=security-updates`)
 						}
 						className="text-sm text-red-600 hover:text-red-900 dark:text-red-400 dark:hover:text-red-300 font-medium hover:underline"
 						title="View security updates for this host"
 					>
 						{host.securityUpdatesCount || 0}
 					</button>
 				);
 			case "last_update":
 				return (
 					<div className="text-sm text-secondary-500 dark:text-secondary-300">
@@ -1145,13 +1234,14 @@ const Hosts = () => {
 		navigate("/hosts", { replace: true });
 	};
-	const handleUpToDateClick = () => {
+	const _handleUpToDateClick = () => {
 		// Filter to show only up-to-date hosts
 		setStatusFilter("active");
 		setShowFilters(true);
-		// Use the upToDate URL filter
+		// Clear conflicting filters and set upToDate filter
 		const newSearchParams = new URLSearchParams(window.location.search);
 		newSearchParams.set("filter", "upToDate");
 		newSearchParams.delete("reboot"); // Clear reboot filter when switching to upToDate
 		navigate(`/hosts?${newSearchParams.toString()}`, { replace: true });
 	};
@@ -1159,9 +1249,10 @@ const Hosts = () => {
 		// Filter to show hosts needing updates (regardless of status)
 		setStatusFilter("all");
 		setShowFilters(true);
-		// We'll use the existing needsUpdates URL filter logic
+		// Clear conflicting filters and set needsUpdates filter
 		const newSearchParams = new URLSearchParams(window.location.search);
 		newSearchParams.set("filter", "needsUpdates");
 		newSearchParams.delete("reboot"); // Clear reboot filter when switching to needsUpdates
 		navigate(`/hosts?${newSearchParams.toString()}`, { replace: true });
 	};
@@ -1169,9 +1260,10 @@ const Hosts = () => {
 		// Filter to show offline hosts (not connected via WebSocket)
 		setStatusFilter("all");
 		setShowFilters(true);
-		// Use a new URL filter for connection status
+		// Clear conflicting filters and set offline filter
 		const newSearchParams = new URLSearchParams(window.location.search);
 		newSearchParams.set("filter", "offline");
 		newSearchParams.delete("reboot"); // Clear reboot filter when switching to offline
 		navigate(`/hosts?${newSearchParams.toString()}`, { replace: true });
 	};
@@ -1262,24 +1354,6 @@ const Hosts = () => {
 						</div>
 					</div>
 				</button>
 				<button
 					type="button"
 					className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 text-left w-full"
 					onClick={handleUpToDateClick}
 				>
 					<div className="flex items-center">
 						<CheckCircle className="h-5 w-5 text-success-600 mr-2" />
 						<div>
 							<p className="text-sm text-secondary-500 dark:text-white">
 								Up to Date
 							</p>
 							<p className="text-xl font-semibold text-secondary-900 dark:text-white">
 								{hosts?.filter((h) => !h.isStale && h.updatesCount === 0)
 									.length || 0}
 							</p>
 						</div>
 					</div>
 				</button>
 				<button
 					type="button"
 					className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 text-left w-full"
@@ -1297,6 +1371,28 @@ const Hosts = () => {
 						</div>
 					</div>
 				</button>
 				<button
 					type="button"
 					className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 text-left w-full"
 					onClick={() => {
 						const newSearchParams = new URLSearchParams();
 						newSearchParams.set("reboot", "true");
 						// Clear filter parameter when setting reboot filter
 						navigate(`/hosts?${newSearchParams.toString()}`, { replace: true });
 					}}
 				>
 					<div className="flex items-center">
 						<RotateCcw className="h-5 w-5 text-orange-600 mr-2" />
 						<div>
 							<p className="text-sm text-secondary-500 dark:text-white">
 								Needs Reboots
 							</p>
 							<p className="text-xl font-semibold text-secondary-900 dark:text-white">
 								{hosts?.filter((h) => h.needs_reboot === true).length || 0}
 							</p>
 						</div>
 					</div>
 				</button>
 				<button
 					type="button"
 					className="card p-4 cursor-pointer hover:shadow-card-hover dark:hover:shadow-card-hover-dark transition-shadow duration-200 text-left w-full"
@@ -1575,11 +1671,14 @@ const Hosts = () => {
 																		{column.id === "select" ? (
 																			<button
 																				type="button"
-																				onClick={handleSelectAll}
+																				onClick={() =>
 																					handleSelectAll(groupHosts)
 																				}
 																				className="flex items-center gap-2 hover:text-secondary-700"
 																			>
-																				{selectedHosts.length ===
+																				{groupHosts.every((host) =>
-																				groupHosts.length ? (
+																					selectedHosts.includes(host.id),
 																				) ? (
 																					<CheckSquare className="h-4 w-4" />
 																				) : (
 																					<Square className="h-4 w-4" />
@@ -1679,6 +1778,28 @@ const Hosts = () => {
 																				{column.label}
 																				{getSortIcon("updates")}
 																			</button>
 																		) : column.id === "security_updates" ? (
 																			<button
 																				type="button"
 																				onClick={() =>
 																					handleSort("security_updates")
 																				}
 																				className="flex items-center gap-2 hover:text-secondary-700"
 																			>
 																				{column.label}
 																				{getSortIcon("security_updates")}
 																			</button>
 																		) : column.id === "needs_reboot" ? (
 																			<button
 																				type="button"
 																				onClick={() =>
 																					handleSort("needs_reboot")
 																				}
 																				className="flex items-center gap-2 hover:text-secondary-700"
 																			>
 																				{column.label}
 																				{getSortIcon("needs_reboot")}
 																			</button>
 																		) : column.id === "last_update" ? (
 																			<button
 																				type="button"
--- a/frontend/src/pages/PackageDetail.jsx
+++ b/frontend/src/pages/PackageDetail.jsx
@@ -8,6 +8,7 @@ import {
 	Download,
 	Package,
 	RefreshCw,
 	RotateCcw,
 	Search,
 	Server,
 	Shield,
@@ -370,6 +371,9 @@ const PackageDetail = () => {
 										<th className="px-6 py-3 text-left text-xs font-medium text-secondary-500 dark:text-secondary-300 uppercase tracking-wider">
 											Last Updated
 										</th>
 										<th className="px-6 py-3 text-left text-xs font-medium text-secondary-500 dark:text-secondary-300 uppercase tracking-wider">
 											Reboot Required
 										</th>
 									</tr>
 								</thead>
 								<tbody className="bg-white dark:bg-secondary-800 divide-y divide-secondary-200 dark:divide-secondary-600">
@@ -420,6 +424,18 @@ const PackageDetail = () => {
 													? formatRelativeTime(host.lastUpdate)
 													: "Never"}
 											</td>
 											<td className="px-6 py-4 whitespace-nowrap">
 												{host.needsReboot ? (
 													<span className="inline-flex items-center gap-1 px-2 py-1 rounded-md text-xs font-medium bg-orange-100 text-orange-800 dark:bg-orange-900 dark:text-orange-200">
 														<RotateCcw className="h-3 w-3" />
 														Required
 													</span>
 												) : (
 													<span className="text-sm text-secondary-500 dark:text-secondary-300">
 														No
 													</span>
 												)}
 											</td>
 										</tr>
 									))}
 								</tbody>
--- a/frontend/src/pages/Profile.jsx
+++ b/frontend/src/pages/Profile.jsx
@@ -206,7 +206,7 @@ const Profile = () => {
 						</p>
 						<div className="mt-2">
 							<span
-								className={`inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium ${
+								className={`inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium ${
 									user?.role === "admin"
 										? "bg-primary-100 text-primary-800"
 										: user?.role === "host_manager"
@@ -400,7 +400,7 @@ const Profile = () => {
 										<button
 											type="button"
 											onClick={toggleTheme}
-											className={`relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer rounded-full border-2 border-transparent transition-colors duration-200 ease-in-out focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
+											className={`relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer rounded-md border-2 border-transparent transition-colors duration-200 ease-in-out focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
 												isDark ? "bg-primary-600" : "bg-secondary-200"
 											}`}
 											role="switch"
@@ -1345,12 +1345,12 @@ const SessionsTab = () => {
 													{session.device_info?.os}
 												</h4>
 												{session.is_current_session && (
-													<span className="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
+													<span className="inline-flex items-center px-2 py-1 rounded-md text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
 														Current Session
 													</span>
 												)}
 												{session.tfa_remember_me && (
-													<span className="inline-flex items-center px-2 py-1 rounded-full text-xs font-medium bg-success-100 text-success-800 dark:bg-success-900 dark:text-success-200">
+													<span className="inline-flex items-center px-2 py-1 rounded-md text-xs font-medium bg-success-100 text-success-800 dark:bg-success-900 dark:text-success-200">
 														Remembered
 													</span>
 												)}
--- a/frontend/src/pages/RepositoryDetail.jsx
+++ b/frontend/src/pages/RepositoryDetail.jsx
@@ -6,6 +6,7 @@ import {
 	Database,
 	Globe,
 	Lock,
 	RotateCcw,
 	Search,
 	Server,
 	Shield,
@@ -556,6 +557,9 @@ const RepositoryDetail = () => {
 										<th className="px-6 py-3 text-left text-xs font-medium text-secondary-500 dark:text-secondary-300 uppercase tracking-wider">
 											Last Update
 										</th>
 										<th className="px-6 py-3 text-left text-xs font-medium text-secondary-500 dark:text-secondary-300 uppercase tracking-wider">
 											Reboot Required
 										</th>
 									</tr>
 								</thead>
 								<tbody className="bg-white dark:bg-secondary-800 divide-y divide-secondary-200 dark:divide-secondary-600">
@@ -604,6 +608,18 @@ const RepositoryDetail = () => {
 													? formatRelativeTime(hostRepo.hosts.last_update)
 													: "Never"}
 											</td>
 											<td className="px-6 py-4 whitespace-nowrap">
 												{hostRepo.hosts.needs_reboot ? (
 													<span className="inline-flex items-center gap-1 px-2 py-1 rounded-md text-xs font-medium bg-orange-100 text-orange-800 dark:bg-orange-900 dark:text-orange-200">
 														<RotateCcw className="h-3 w-3" />
 														Required
 													</span>
 												) : (
 													<span className="text-sm text-secondary-500 dark:text-secondary-300">
 														No
 													</span>
 												)}
 											</td>
 										</tr>
 									))}
 								</tbody>
--- a/frontend/src/pages/Settings.jsx
+++ b/frontend/src/pages/Settings.jsx
@@ -53,6 +53,7 @@ const Settings = () => {
 	});
 	const [errors, setErrors] = useState({});
 	const [isDirty, setIsDirty] = useState(false);
 	const [toast, setToast] = useState(null);
 	// Tab management
 	const [activeTab, setActiveTab] = useState("server");
@@ -60,6 +61,56 @@ const Settings = () => {
 	// Get update notification state
 	const { updateAvailable } = useUpdateNotification();
 	// Auto-hide toast after 3 seconds
 	useEffect(() => {
 		if (toast) {
 			const timer = setTimeout(() => {
 				setToast(null);
 			}, 3000);
 			return () => clearTimeout(timer);
 		}
 	}, [toast]);
 	const showToast = (message, type = "success") => {
 		setToast({ message, type });
 	};
 	// Fallback clipboard copy function for HTTP and older browsers
 	const copyToClipboard = async (text) => {
 		// Try modern clipboard API first
 		if (navigator.clipboard && navigator.clipboard.writeText) {
 			try {
 				await navigator.clipboard.writeText(text);
 				return true;
 			} catch (err) {
 				console.warn("Clipboard API failed, using fallback:", err);
 			}
 		}
 		// Fallback for HTTP or unsupported browsers
 		try {
 			const textArea = document.createElement("textarea");
 			textArea.value = text;
 			textArea.style.position = "fixed";
 			textArea.style.left = "-999999px";
 			textArea.style.top = "-999999px";
 			document.body.appendChild(textArea);
 			textArea.focus();
 			textArea.select();
 			const successful = document.execCommand("copy");
 			document.body.removeChild(textArea);
 			if (successful) {
 				return true;
 			}
 			throw new Error("execCommand failed");
 		} catch (err) {
 			console.error("Fallback copy failed:", err);
 			throw err;
 		}
 	};
 	// Tab configuration
 	const tabs = [
 		{ id: "server", name: "Server Configuration", icon: Server },
@@ -120,7 +171,7 @@ const Settings = () => {
 	});
 	// Helper function to get curl flags based on settings
-	const _getCurlFlags = () => {
+	const getCurlFlags = () => {
 		return settings?.ignore_ssl_self_signed ? "-sk" : "-s";
 	};
@@ -442,6 +493,53 @@ const Settings = () => {
 	return (
 		<div className="max-w-4xl mx-auto p-6">
 			{/* Toast Notification */}
 			{toast && (
 				<div
 					className={`fixed top-4 right-4 z-50 max-w-md rounded-lg shadow-lg border-2 p-4 flex items-start space-x-3 animate-in slide-in-from-top-5 ${
 						toast.type === "success"
 							? "bg-green-50 dark:bg-green-900/90 border-green-500 dark:border-green-600"
 							: "bg-red-50 dark:bg-red-900/90 border-red-500 dark:border-red-600"
 					}`}
 				>
 					<div
 						className={`flex-shrink-0 rounded-full p-1 ${
 							toast.type === "success"
 								? "bg-green-100 dark:bg-green-800"
 								: "bg-red-100 dark:bg-red-800"
 						}`}
 					>
 						{toast.type === "success" ? (
 							<CheckCircle className="h-5 w-5 text-green-600 dark:text-green-400" />
 						) : (
 							<AlertCircle className="h-5 w-5 text-red-600 dark:text-red-400" />
 						)}
 					</div>
 					<div className="flex-1">
 						<p
 							className={`text-sm font-medium ${
 								toast.type === "success"
 									? "text-green-800 dark:text-green-100"
 									: "text-red-800 dark:text-red-100"
 							}`}
 						>
 							{toast.message}
 						</p>
 					</div>
 					<button
 						type="button"
 						onClick={() => setToast(null)}
 						className={`flex-shrink-0 rounded-lg p-1 transition-colors ${
 							toast.type === "success"
 								? "hover:bg-green-100 dark:hover:bg-green-800 text-green-600 dark:text-green-400"
 								: "hover:bg-red-100 dark:hover:bg-red-800 text-red-600 dark:text-red-400"
 						}`}
 					>
 						<X className="h-4 w-4" />
 					</button>
 				</div>
 			)}
 			<div className="mb-8">
 				<p className="text-secondary-600 dark:text-secondary-300">
 					Configure your PatchMon server settings. These settings will be used
@@ -819,7 +917,7 @@ const Settings = () => {
 												key={m}
 												type="button"
 												onClick={() => handleInputChange("updateInterval", m)}
-												className={`px-3 py-1.5 rounded-full text-xs font-medium border ${
+												className={`px-3 py-1.5 rounded-md text-xs font-medium border ${
 													formData.updateInterval === m
 														? "bg-primary-600 text-white border-primary-600"
 														: "bg-white dark:bg-secondary-700 text-secondary-700 dark:text-secondary-200 border-secondary-300 dark:border-secondary-600 hover:bg-secondary-50 dark:hover:bg-secondary-600"
@@ -1159,19 +1257,74 @@ const Settings = () => {
 														To completely remove PatchMon from a host:
 													</p>
-													{/* Go Agent Uninstall */}
+													{/* Agent Removal Script - Standard */}
 													<div className="mb-3">
 														<div className="space-y-2">
 															<div className="text-xs font-semibold text-red-700 dark:text-red-300 mb-1">
 																Standard Removal (preserves backups):
 															</div>
 															<div className="flex items-center gap-2">
 																<div className="bg-red-100 dark:bg-red-800 rounded p-2 font-mono text-xs flex-1">
-																	sudo patchmon-agent uninstall
+																	curl {getCurlFlags()} {window.location.origin}
 																	/api/v1/hosts/remove | sudo sh
 																</div>
 																<button
 																	type="button"
-																	onClick={() => {
+																	onClick={async () => {
-																		navigator.clipboard.writeText(
+																		try {
-																			"sudo patchmon-agent uninstall",
+																			await copyToClipboard(
-																		);
+																				`curl ${getCurlFlags()} ${window.location.origin}/api/v1/hosts/remove | sudo sh`,
 																			);
 																			showToast(
 																				"Standard removal command copied!",
 																				"success",
 																			);
 																		} catch (err) {
 																			console.error("Failed to copy:", err);
 																			showToast(
 																				"Failed to copy to clipboard",
 																				"error",
 																			);
 																		}
 																	}}
 																	className="px-2 py-1 bg-red-200 dark:bg-red-700 text-red-800 dark:text-red-200 rounded text-xs hover:bg-red-300 dark:hover:bg-red-600 transition-colors"
 																>
 																	Copy
 																</button>
 															</div>
 														</div>
 													</div>
 													{/* Agent Removal Script - Complete */}
 													<div className="mb-3">
 														<div className="space-y-2">
 															<div className="text-xs font-semibold text-red-700 dark:text-red-300 mb-1">
 																Complete Removal (includes backups):
 															</div>
 															<div className="flex items-center gap-2">
 																<div className="bg-red-100 dark:bg-red-800 rounded p-2 font-mono text-xs flex-1">
 																	curl {getCurlFlags()} {window.location.origin}
 																	/api/v1/hosts/remove | sudo REMOVE_BACKUPS=1
 																	sh
 																</div>
 																<button
 																	type="button"
 																	onClick={async () => {
 																		try {
 																			await copyToClipboard(
 																				`curl ${getCurlFlags()} ${window.location.origin}/api/v1/hosts/remove | sudo REMOVE_BACKUPS=1 sh`,
 																			);
 																			showToast(
 																				"Complete removal command copied!",
 																				"success",
 																			);
 																		} catch (err) {
 																			console.error("Failed to copy:", err);
 																			showToast(
 																				"Failed to copy to clipboard",
 																				"error",
 																			);
 																		}
 																	}}
 																	className="px-2 py-1 bg-red-200 dark:bg-red-700 text-red-800 dark:text-red-200 rounded text-xs hover:bg-red-300 dark:hover:bg-red-600 transition-colors"
 																>
@@ -1179,16 +1332,16 @@ const Settings = () => {
 																</button>
 															</div>
 															<div className="text-xs text-red-600 dark:text-red-400">
-																Options: <code>--remove-config</code>,{" "}
+																This removes: binaries, systemd/OpenRC services,
-																<code>--remove-logs</code>,{" "}
+																configuration files, logs, crontab entries, and
-																<code>--remove-all</code>, <code>--force</code>
+																backup files
 															</div>
 														</div>
 													</div>
-													<p className="mt-2 text-xs">
+													<p className="mt-2 text-xs text-red-700 dark:text-red-400">
-														⚠️ This command will remove all PatchMon files,
+														⚠️ Standard removal preserves backup files for
-														configuration, and crontab entries
+														safety. Use complete removal to delete everything.
 													</p>
 												</div>
 											</div>
--- a/frontend/src/pages/settings/AlertChannels.jsx
+++ b/frontend/src/pages/settings/AlertChannels.jsx
@@ -32,7 +32,7 @@ const AlertChannels = () => {
 							including email, Slack, Discord, and webhooks.
 						</p>
 						<div className="mt-3">
-							<span className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
+							<span className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
 								In Development
 							</span>
 						</div>
--- a/frontend/src/pages/settings/Integrations.jsx
+++ b/frontend/src/pages/settings/Integrations.jsx
--- a/frontend/src/pages/settings/Notifications.jsx
+++ b/frontend/src/pages/settings/Notifications.jsx
@@ -33,7 +33,7 @@ const Notifications = () => {
 							triggers.
 						</p>
 						<div className="mt-3">
-							<span className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
+							<span className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
 								In Development
 							</span>
 						</div>
--- a/frontend/src/pages/settings/PatchManagement.jsx
+++ b/frontend/src/pages/settings/PatchManagement.jsx
@@ -34,7 +34,7 @@ const PatchManagement = () => {
 								patch policies to give you granular control over updates.
 							</p>
 							<div className="mt-3">
-								<span className="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
+								<span className="inline-flex items-center px-2.5 py-0.5 rounded-md text-xs font-medium bg-primary-100 text-primary-800 dark:bg-primary-900 dark:text-primary-200">
 									In Development
 								</span>
 							</div>
--- a/frontend/src/pages/settings/SettingsMetrics.jsx
+++ b/frontend/src/pages/settings/SettingsMetrics.jsx
@@ -212,7 +212,7 @@ const SettingsMetrics = () => {
 								toggleMetricsMutation.mutate(!metricsSettings?.metrics_enabled)
 							}
 							disabled={toggleMetricsMutation.isPending}
-							className={`ml-4 relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer rounded-full border-2 border-transparent transition-colors duration-200 ease-in-out focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
+							className={`ml-4 relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer rounded-md border-2 border-transparent transition-colors duration-200 ease-in-out focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 ${
 								metricsSettings?.metrics_enabled
 									? "bg-primary-600"
 									: "bg-secondary-200 dark:bg-secondary-700"
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
 	"name": "patchmon",
-	"version": "1.3.2",
+	"version": "1.3.4",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "patchmon",
-			"version": "1.3.2",
+			"version": "1.3.4",
 			"license": "AGPL-3.0",
 			"workspaces": [
 				"backend",
@@ -23,7 +23,7 @@
 		},
 		"backend": {
 			"name": "patchmon-backend",
-			"version": "1.3.2",
+			"version": "1.3.4",
 			"license": "AGPL-3.0",
 			"dependencies": {
 				"@bull-board/api": "^6.13.1",
@@ -59,7 +59,7 @@
 		},
 		"frontend": {
 			"name": "patchmon-frontend",
-			"version": "1.3.2",
+			"version": "1.3.4",
 			"license": "AGPL-3.0",
 			"dependencies": {
 				"@dnd-kit/core": "^6.3.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "patchmon",
-	"version": "1.3.3",
+	"version": "1.3.6",
 	"description": "Linux Patch Monitoring System",
 	"license": "AGPL-3.0",
 	"private": true,
Author	SHA1	Message	Date
Muhammad Ibrahim	6f7dbdb04b	put bash in for proxmox	2025-11-18 21:46:37 +00:00
Muhammad Ibrahim	aaed443081	new binary	2025-11-18 20:13:12 +00:00
Muhammad Ibrahim	5b96b67db9	Fixed some prisma issue on kernel displaying Fixed multi host selection button to not select all updating to 1.3.6	2025-11-18 20:08:34 +00:00
Muhammad Ibrahim	b55ee6a6e0	Fixing proxmox auto-enrolment script	2025-11-18 18:10:38 +00:00
Muhammad Ibrahim	189de7a593	fixed linting	2025-11-17 21:59:19 +00:00
Muhammad Ibrahim	f57d87e1c0	fixing host route of version checking for other architectures	2025-11-17 21:49:05 +00:00
Muhammad Ibrahim	fa1f0fd7d7	Fixing critical bug on agent version handling causing agents to fill up deisk	2025-11-17 19:30:29 +00:00
Muhammad Ibrahim	334357a12e	Added arm64 support for running PatchMon in Docker Appended with bash for proxmox auto-enrolment Fixed rootless docker issues for prisma 6.1 requirements	2025-11-17 18:40:28 +00:00
9 Technology Group LTD	19f8f85d38	Merge pull request #309 from jaas666/qol/remove-arch-selection Remove architecture selection from agent installation UI	2025-11-17 01:35:31 +00:00
9 Technology Group LTD	2b7aeda980	Merge pull request #321 from PatchMon/feature/alpine ui improvements on the toggle	2025-11-17 01:23:24 +00:00
Muhammad Ibrahim	d2b36f36c9	ui improvements on the toggle	2025-11-17 01:18:20 +00:00
9 Technology Group LTD	b02ed6aa3b	Merge pull request #320 from PatchMon/feature/alpine added reboot required flag	2025-11-16 22:54:15 +00:00
Muhammad Ibrahim	539bbb7fbc	added reboot required flag added kernel running/installed version Added dasboard card and filteres for reboot fixed security qty updated on dnf	2025-11-16 22:50:41 +00:00
9 Technology Group LTD	3a6f04f748	Merge pull request #319 from PatchMon/feature/alpine updated agent files	2025-11-16 19:03:27 +00:00
Muhammad Ibrahim	8df6ca2342	updated agent files Fixed removal script Fixed agent version checking	2025-11-16 19:00:10 +00:00
9 Technology Group LTD	0e8d74e821	Merge pull request #318 from PatchMon/feature/alpine openssl alpine binary for Docker	2025-11-15 01:04:44 +00:00
Muhammad Ibrahim	0dbcc3c2c3	openssl alpine binary for Docker	2025-11-15 01:03:43 +00:00
9 Technology Group LTD	ab23eaf7bd	Merge pull request #317 from PatchMon/feature/alpine fixed node permissions	2025-11-15 00:54:29 +00:00
Muhammad Ibrahim	bfc1cc3bf0	fixed node permissions	2025-11-15 00:53:37 +00:00
9 Technology Group LTD	d33992b5f7	Merge pull request #316 from PatchMon/feature/alpine adding ssl	2025-11-15 00:46:00 +00:00
Muhammad Ibrahim	3e5af312b6	adding ssl	2025-11-15 00:34:19 +00:00
9 Technology Group LTD	823b89f2c1	Merge pull request #315 from PatchMon/feature/alpine arm builder	2025-11-15 00:30:43 +00:00
Muhammad Ibrahim	84cdc7224f	arm builder	2025-11-15 00:24:08 +00:00
9 Technology Group LTD	c770bf1444	API for auto-enrollment Api	2025-11-15 00:08:37 +00:00
Muhammad Ibrahim	307970ebd4	Fixed formatting	2025-11-15 00:03:02 +00:00
Muhammad Ibrahim	9da341f84c	auto-enrolment enhancements	2025-11-14 23:57:43 +00:00
Muhammad Ibrahim	1ca8bf8581	better auto-enrollment system	2025-11-14 22:53:48 +00:00
Muhammad Ibrahim	a4bc9c4aed	workspace fix	2025-11-14 21:00:55 +00:00
Muhammad Ibrahim	8f25bc5b8b	fixed docker build	2025-11-14 20:54:43 +00:00
Muhammad Ibrahim	a37b479de6	1.3.4	2025-11-14 20:45:40 +00:00
Juan A.	8cf29c9bbb	remove-architecture-selection	2025-11-13 19:28:11 -06:00
9 Technology Group LTD	3f18074f01	Merge pull request #304 from PatchMon/feature/alpine new binary for alpie apk support	2025-11-11 12:49:09 +00:00
Muhammad Ibrahim	ab700a3bc8	new binary for alpie apk support	2025-11-11 12:42:00 +00:00
9 Technology Group LTD	9857d7cdfc	Merge pull request #302 from PatchMon/feature/api added the migration file	2025-11-10 22:02:37 +00:00
9 Technology Group LTD	d7d47089b2	Merge pull request #301 from PatchMon/feature/api Feature/api	2025-11-10 20:41:36 +00:00
9 Technology Group LTD	427743b81e	Merge pull request #294 from PatchMon/feature/alpine alpine support (apk) support agents	2025-11-08 21:26:04 +00:00
9 Technology Group LTD	a4922b4e54	Merge pull request #292 from PatchMon/feature/alpine arm support	2025-11-08 12:24:42 +00:00