fix(dashboard): add aggregated resource usage stats to the dashboard

- Aggregate CPU, memory, and network stats across all running containers
- Extend ISystemStatus.docker with resource usage fields
- Fix getContainerStats Swarm service ID fallback
- Wire dashboard resource usage card to real backend data

changelog.md

@@ -1,5 +1,158 @@
 # Changelog
 
+## 2026-03-16 - 1.19.1 - fix(dashboard)
+add aggregated resource usage stats to the dashboard
+
+- Aggregate CPU, memory, and network stats across all running user and platform service containers in getSystemStatus
+- Extend ISystemStatus.docker interface with cpuUsage, memoryUsage, memoryTotal, networkIn, networkOut fields
+- Fix getContainerStats to properly handle Swarm service IDs by catching exceptions and falling back to label-based container lookup
+- Wire dashboard resource usage card to display real aggregated data from the backend
+
+## 2026-03-16 - 1.19.0 - feat(opsserver,web)
+add real-time platform service log streaming to the dashboard
+
+- stream running platform service container logs from the ops server to connected dashboard clients via TypedSocket
+- parse Docker log timestamps and levels for both pushed and fetched platform service log entries
+- enhance the platform service detail view with mapped statuses and predefined host, port, version, and config metadata
+- add the typedsocket dependency and update the catalog package for dashboard support
+
+## 2026-03-16 - 1.18.5 - fix(platform-services)
+fix platform service detail view navigation and log display
+
+- Add back button to platform service detail view for returning to services list
+- Fix DOM lifecycle when switching between platform services (destroy and recreate dees-chart-log)
+- Fix timestamp format for log entries to use ISO 8601 for dees-chart-log compatibility
+- Clear previous stats/logs state before fetching new platform service data
+
+## 2026-03-16 - 1.18.4 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.18.3 - fix(deps)
+bump @serve.zone/catalog to ^2.6.1
+
+- Updates the @serve.zone/catalog runtime dependency from ^2.6.0 to ^2.6.1.
+
+## 2026-03-16 - 1.18.2 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.18.1 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.18.0 - feat(platform-services)
+add platform service log retrieval and display in the services UI
+
+- add typed request support in the ops server to fetch Docker logs for platform service containers
+- store fetched platform service logs in web app state and load them when opening platform service details
+- render platform service logs in the services detail view and add sidebar icons for main navigation tabs
+
+## 2026-03-16 - 1.17.4 - fix(docs)
+add hello world running screenshot for documentation
+
+- Adds a new PNG asset showing the application in a running hello world state.
+- Supports project documentation or README usage without changing runtime behavior.
+
+## 2026-03-16 - 1.17.3 - fix(mongodb)
+downgrade the MongoDB service image to 4.4 and use the legacy mongo shell for container operations
+
+- changes the default MongoDB container image from mongo:7 to mongo:4.4
+- replaces mongosh with mongo for health checks, provisioning, and deprovisioning inside the container
+
+## 2026-03-16 - 1.17.2 - fix(platform-services)
+provision ClickHouse, MinIO, and MongoDB resources via docker exec instead of host port access
+
+- switch ClickHouse provisioning and teardown to in-container client commands to avoid host port mapping issues
+- replace MinIO host-side S3 API calls with in-container mc commands for bucket creation and removal
+- run MongoDB provisioning and deprovisioning through mongosh inside the container and improve docker exec failure reporting
+
+## 2026-03-16 - 1.17.1 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.17.0 - feat(web/services)
+add deploy service action to the services view
+
+- Adds a prominent "Deploy Service" button to the services page header.
+- Routes users into the create service view directly from the services listing.
+- Includes a new service creation form screenshot asset for the updated interface.
+
+## 2026-03-16 - 1.16.0 - feat(services)
+add platform service navigation and stats in the services UI
+
+- add platform service stats state and fetch action
+- show platform services in the services list and open a platform detail view
+- enable dashboard clicks to jump directly to the selected platform service
+- refresh platform service stats after start and restart actions
+- bump @serve.zone/catalog to ^2.6.0 for the new platform service UI components
+
+## 2026-03-16 - 1.15.3 - fix(install)
+refresh systemd service configuration before restarting previously running installations
+
+- Re-enable the systemd service during updates so unit file changes are applied before restart
+- Add a log message indicating the service configuration is being refreshed
+
+## 2026-03-16 - 1.15.2 - fix(systemd)
+set HOME and DENO_DIR for the systemd service environment
+
+- Adds HOME=/root to the generated onebox systemd unit
+- Adds DENO_DIR=/root/.cache/deno so Deno cache paths are available when running as a service
+
+## 2026-03-16 - 1.15.1 - fix(systemd)
+move Docker installation and swarm initialization to systemd enable flow
+
+- Ensures Docker is installed before writing and enabling the systemd unit that depends on docker.service.
+- Removes Docker auto-installation from Onebox initialization so setup happens in the service management path.
+
+## 2026-03-16 - 1.15.0 - feat(systemd)
+replace smartdaemon-based service management with native systemd commands
+
+- adds a dedicated OneboxSystemd manager for enabling, disabling, starting, stopping, checking status, and following logs
+- introduces a new `onebox systemd` CLI command set and updates install and help output to use it
+- removes the smartdaemon dependency and related service management code
+
+## 2026-03-16 - 1.14.10 - fix(services)
+stop auto-update monitoring during shutdown
+
+- Track the auto-update polling interval in the services manager
+- Clear the auto-update interval when Onebox shuts down to prevent background checks after shutdown
+
+## 2026-03-16 - 1.14.9 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.8 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.7 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.6 - fix(project)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.5 - fix(onebox)
+move Docker auto-install and swarm initialization into Onebox startup flow
+
+- removes Docker setup from daemon service installation
+- ensures Docker is installed before Docker initialization during Onebox startup
+- preserves automatic Docker Swarm initialization on fresh servers
+
+## 2026-03-16 - 1.14.4 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.3 - fix(repo)
+no changes to commit
+
+
+## 2026-03-16 - 1.14.2 - fix(repo)
+no changes to commit
+
+
 ## 2026-03-16 - 1.14.1 - fix(repo)
 no changes to commit
 

deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/onebox",
-  "version": "1.14.1",
+  "version": "1.19.1",
   "exports": "./mod.ts",
   "tasks": {
     "test": "deno test --allow-all test/",
@@ -15,7 +15,6 @@
     "@std/assert": "jsr:@std/assert@^1.0.15",
     "@std/encoding": "jsr:@std/encoding@^1.0.10",
     "@db/sqlite": "jsr:@db/sqlite@0.12.0",
-    "@push.rocks/smartdaemon": "npm:@push.rocks/smartdaemon@^2.1.0",
     "@apiclient.xyz/docker": "npm:@apiclient.xyz/docker@^5.1.1",
     "@apiclient.xyz/cloudflare": "npm:@apiclient.xyz/cloudflare@6.4.3",
     "@push.rocks/smartacme": "npm:@push.rocks/smartacme@^8.0.0",
@@ -26,7 +25,8 @@
     "@api.global/typedrequest": "npm:@api.global/typedrequest@^3.2.6",
     "@api.global/typedserver": "npm:@api.global/typedserver@^8.3.1",
     "@push.rocks/smartguard": "npm:@push.rocks/smartguard@^3.1.0",
-    "@push.rocks/smartjwt": "npm:@push.rocks/smartjwt@^2.2.1"
+    "@push.rocks/smartjwt": "npm:@push.rocks/smartjwt@^2.2.1",
+    "@api.global/typedsocket": "npm:@api.global/typedsocket@^4.1.2"
   },
   "compilerOptions": {
     "lib": [

install.sh

@@ -23,7 +23,7 @@ SPECIFIED_VERSION=""
 INSTALL_DIR="/opt/onebox"
 GITEA_BASE_URL="https://code.foss.global"
 GITEA_REPO="serve.zone/onebox"
-SERVICE_NAME="smartdaemon_onebox"
+SERVICE_NAME="onebox"
 
 # Parse command line arguments
 while [[ $# -gt 0 ]]; do
@@ -250,8 +250,10 @@ echo ""
 mkdir -p /var/lib/onebox
 mkdir -p /var/www/certbot
 
-# Restart service if it was running before update
+# Re-enable and restart service if it was previously running (refreshes unit file)
 if [ $SERVICE_WAS_RUNNING -eq 1 ]; then
+  echo "Refreshing systemd service..."
+  onebox systemd enable
   echo "Restarting Onebox service..."
   systemctl restart "$SERVICE_NAME"
   echo "Service restarted successfully."
@@ -276,7 +278,7 @@ if [ -f "/var/lib/onebox/onebox.db" ]; then
   if [ $SERVICE_WAS_RUNNING -eq 1 ]; then
     echo "The service has been restarted with your current settings."
   else
-    echo "Start the service with: onebox daemon start"
+    echo "Start the service with: onebox systemd start"
   fi
 else
   echo "Get started:"
@@ -293,11 +295,11 @@ else
   echo "  2. Configure ACME email:"
   echo "     onebox config set acmeEmail <your@email.com>"
   echo ""
-  echo "  3. Install daemon:"
-  echo "     onebox daemon install"
+  echo "  3. Enable systemd service:"
+  echo "     onebox systemd enable"
   echo ""
-  echo "  4. Start daemon:"
-  echo "     onebox daemon start"
+  echo "  4. Start service:"
+  echo "     onebox systemd start"
   echo ""
   echo "  5. Deploy your first service:"
   echo "     onebox service add myapp --image nginx:latest --domain app.example.com"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@serve.zone/onebox",
-  "version": "1.14.1",
+  "version": "1.19.0",
   "description": "Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers",
   "main": "mod.ts",
   "type": "module",
@@ -55,9 +55,10 @@
   "packageManager": "pnpm@10.18.1+sha512.77a884a165cbba2d8d1c19e3b4880eee6d2fcabd0d879121e282196b80042351d5eb3ca0935fa599da1dc51265cc68816ad2bddd2a2de5ea9fdf92adbec7cd34",
   "dependencies": {
     "@api.global/typedrequest-interfaces": "^3.0.19",
+    "@api.global/typedsocket": "^4.1.2",
     "@design.estate/dees-catalog": "^3.43.3",
     "@design.estate/dees-element": "^2.1.6",
-    "@serve.zone/catalog": "^2.5.0"
+    "@serve.zone/catalog": "^2.6.2"
   },
   "devDependencies": {
     "@git.zone/tsbundle": "^2.9.0",

pnpm-lock.yaml

@@ -11,6 +11,9 @@ importers:
       '@api.global/typedrequest-interfaces':
         specifier: ^3.0.19
         version: 3.0.19
+      '@api.global/typedsocket':
+        specifier: ^4.1.2
+        version: 4.1.2(@push.rocks/smartserve@2.0.1)
       '@design.estate/dees-catalog':
         specifier: ^3.43.3
         version: 3.48.5(@tiptap/pm@2.27.2)
@@ -18,8 +21,8 @@ importers:
         specifier: ^2.1.6
         version: 2.2.3
       '@serve.zone/catalog':
-        specifier: ^2.5.0
-        version: 2.5.0(@tiptap/pm@2.27.2)
+        specifier: ^2.6.2
+        version: 2.6.2(@tiptap/pm@2.27.2)
     devDependencies:
       '@git.zone/tsbundle':
         specifier: ^2.9.0
@@ -836,8 +839,8 @@ packages:
   '@sec-ant/readable-stream@0.4.1':
     resolution: {integrity: sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg==}
 
-  '@serve.zone/catalog@2.5.0':
-    resolution: {integrity: sha512-bRwk7pbDxUB471wUAS7p22MTOOBCHlMWijsE43K9tDAPcxlRarhtf2Dgx0Y25s/dFXqj2JHwe6jjE84S80jFzg==}
+  '@serve.zone/catalog@2.6.2':
+    resolution: {integrity: sha512-1XPdgkqjx80r3mjE03QOex0r48jz2SzQ8lwz/VBvPtwgJYH0DO5TBuMSgT56YeQ1c/e2vVpqdXIicbcJoreBYw==}
 
   '@tempfix/idb@8.0.3':
     resolution: {integrity: sha512-hPJQKO7+oAIY+pDNImrZ9QAINbz9KmwT+yO4iRVwdPanok2YKpaUxdJzIvCUwY0YgAawlvYdffbLvRLV5hbs2g==}
@@ -3474,7 +3477,7 @@ snapshots:
 
   '@sec-ant/readable-stream@0.4.1': {}
 
-  '@serve.zone/catalog@2.5.0(@tiptap/pm@2.27.2)':
+  '@serve.zone/catalog@2.6.2(@tiptap/pm@2.27.2)':
     dependencies:
       '@design.estate/dees-catalog': 3.48.5(@tiptap/pm@2.27.2)
       '@design.estate/dees-domtools': 2.5.1

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/onebox',
-  version: '1.14.1',
+  version: '1.19.0',
   description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }

ts/classes/daemon.ts

@@ -4,9 +4,7 @@
  * Handles background monitoring, metrics collection, and automatic tasks
  */
 
-import * as plugins from '../plugins.ts';
 import { logger } from '../logging.ts';
-import { projectInfo } from '../info.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import type { Onebox } from './onebox.ts';
 
@@ -18,7 +16,6 @@ const FALLBACK_PID_FILE = `${FALLBACK_PID_DIR}/onebox.pid`;
 
 export class OneboxDaemon {
   private oneboxRef: Onebox;
-  private smartdaemon: plugins.smartdaemon.SmartDaemon | null = null;
   private running = false;
   private monitoringInterval: number | null = null;
   private statsInterval: number | null = null;
@@ -46,124 +43,6 @@ export class OneboxDaemon {
     }
   }
 
-  /**
-   * Ensure Docker is installed, installing it if necessary
-   */
-  private async ensureDocker(): Promise<void> {
-    try {
-      const cmd = new Deno.Command('docker', {
-        args: ['--version'],
-        stdout: 'piped',
-        stderr: 'piped',
-      });
-      const result = await cmd.output();
-      if (result.success) {
-        const version = new TextDecoder().decode(result.stdout).trim();
-        logger.info(`Docker found: ${version}`);
-        return;
-      }
-    } catch {
-      // docker command not found
-    }
-
-    logger.info('Docker not found. Installing Docker...');
-    const installCmd = new Deno.Command('bash', {
-      args: ['-c', 'curl -fsSL https://get.docker.com | sh'],
-      stdin: 'inherit',
-      stdout: 'inherit',
-      stderr: 'inherit',
-    });
-    const installResult = await installCmd.output();
-    if (!installResult.success) {
-      throw new Error('Failed to install Docker. Please install it manually: curl -fsSL https://get.docker.com | sh');
-    }
-    logger.success('Docker installed successfully');
-
-    // Initialize Docker Swarm
-    logger.info('Initializing Docker Swarm...');
-    const swarmCmd = new Deno.Command('docker', {
-      args: ['swarm', 'init'],
-      stdout: 'piped',
-      stderr: 'piped',
-    });
-    const swarmResult = await swarmCmd.output();
-    if (swarmResult.success) {
-      logger.success('Docker Swarm initialized');
-    } else {
-      const stderr = new TextDecoder().decode(swarmResult.stderr);
-      if (stderr.includes('already part of a swarm')) {
-        logger.info('Docker Swarm already initialized');
-      } else {
-        logger.warn(`Docker Swarm init warning: ${stderr.trim()}`);
-      }
-    }
-  }
-
-  /**
-   * Install systemd service
-   */
-  async installService(): Promise<void> {
-    try {
-      logger.info('Installing Onebox daemon service...');
-
-      // Ensure Docker is installed
-      await this.ensureDocker();
-
-      // Initialize smartdaemon if needed
-      if (!this.smartdaemon) {
-        this.smartdaemon = new plugins.smartdaemon.SmartDaemon();
-      }
-
-      // Get installation directory
-      const execPath = Deno.execPath();
-
-      const service = await this.smartdaemon.addService({
-        name: 'onebox',
-        version: projectInfo.version,
-        command: `${execPath} run --allow-all ${Deno.cwd()}/mod.ts daemon start`,
-        description: 'Onebox - Self-hosted container platform',
-        workingDir: Deno.cwd(),
-      });
-
-      await service.save();
-      await service.enable();
-
-      logger.success('Onebox daemon service installed');
-      logger.info('Start with: sudo systemctl start smartdaemon_onebox');
-    } catch (error) {
-      logger.error(`Failed to install daemon service: ${getErrorMessage(error)}`);
-      throw error;
-    }
-  }
-
-  /**
-   * Uninstall systemd service
-   */
-  async uninstallService(): Promise<void> {
-    try {
-      logger.info('Uninstalling Onebox daemon service...');
-
-      // Initialize smartdaemon if needed
-      if (!this.smartdaemon) {
-        this.smartdaemon = new plugins.smartdaemon.SmartDaemon();
-      }
-
-      const services = await this.smartdaemon.systemdManager.getServices();
-      const service = services.find(s => s.name === 'onebox');
-
-      if (service) {
-        await service.stop();
-        await service.disable();
-        await service.delete();
-      }
-
-      logger.success('Onebox daemon service uninstalled');
-    } catch (error) {
-      logger.error(`Failed to uninstall daemon service: ${getErrorMessage(error)}`);
-      throw error;
-    }
-  }
-
   /**
    * Start daemon mode (background monitoring)
    */
@@ -538,36 +417,7 @@ export class OneboxDaemon {
   static async ensureNoDaemon(): Promise<void> {
     const running = await OneboxDaemon.isDaemonRunning();
     if (running) {
-      throw new Error('Daemon is already running. Please stop it first with: onebox daemon stop');
-    }
-  }
-
-  /**
-   * Get service status from systemd
-   */
-  async getServiceStatus(): Promise<string> {
-    try {
-      // Don't need smartdaemon to check status, just use systemctl directly
-      const command = new Deno.Command('systemctl', {
-        args: ['status', 'smartdaemon_onebox'],
-        stdout: 'piped',
-        stderr: 'piped',
-      });
-
-      const { code, stdout } = await command.output();
-      const output = new TextDecoder().decode(stdout);
-
-      if (code === 0 || output.includes('active (running)')) {
-        return 'running';
-      } else if (output.includes('inactive') || output.includes('dead')) {
-        return 'stopped';
-      } else if (output.includes('failed')) {
-        return 'failed';
-      } else {
-        return 'unknown';
-      }
-    } catch (error) {
-      return 'not-installed';
+      throw new Error('Daemon is already running. Please stop it first with: onebox systemd stop');
     }
   }
 }

ts/classes/docker.ts

@@ -596,18 +596,26 @@ export class OneboxDockerManager {
   async getContainerStats(containerID: string): Promise<IContainerStats | null> {
     try {
       // Try to get container directly first
-      let container = await this.dockerClient!.getContainerById(containerID);
+      let container: any = null;
+      try {
+        container = await this.dockerClient!.getContainerById(containerID);
+      } catch {
+        // Container not found by ID — might be a Swarm service ID
+      }
 
       // If not found, it might be a service ID - try to get the actual container ID
       if (!container) {
         const serviceContainerId = await this.getContainerIdForService(containerID);
         if (serviceContainerId) {
-          container = await this.dockerClient!.getContainerById(serviceContainerId);
+          try {
+            container = await this.dockerClient!.getContainerById(serviceContainerId);
+          } catch {
+            // Service container also not found
+          }
         }
       }
 
       if (!container) {
-        // Container/service not found
         return null;
       }
 
@@ -881,12 +889,12 @@ export class OneboxDockerManager {
       ]);
 
       const execInfo = await inspect();
-      const exitCode = execInfo.ExitCode || 0;
+      const exitCode = execInfo.ExitCode ?? -1;
 
       return { stdout, stderr, exitCode };
     } catch (error) {
       logger.error(`Failed to exec in container ${containerID}: ${getErrorMessage(error)}`);
-      throw error;
+      return { stdout: '', stderr: getErrorMessage(error), exitCode: -1 };
     }
   }
 

ts/classes/onebox.ts

@@ -14,6 +14,7 @@ import { OneboxReverseProxy } from './reverseproxy.ts';
 import { OneboxDnsManager } from './dns.ts';
 import { OneboxSslManager } from './ssl.ts';
 import { OneboxDaemon } from './daemon.ts';
+import { OneboxSystemd } from './systemd.ts';
 import { OneboxHttpServer } from './httpserver.ts';
 import { CloudflareDomainSync } from './cloudflare-sync.ts';
 import { CertRequirementManager } from './cert-requirement-manager.ts';
@@ -33,6 +34,7 @@ export class Onebox {
   public dns: OneboxDnsManager;
   public ssl: OneboxSslManager;
   public daemon: OneboxDaemon;
+  public systemd: OneboxSystemd;
   public httpServer: OneboxHttpServer;
   public cloudflareDomainSync: CloudflareDomainSync;
   public certRequirementManager: CertRequirementManager;
@@ -57,6 +59,7 @@ export class Onebox {
     this.dns = new OneboxDnsManager(this);
     this.ssl = new OneboxSslManager(this);
     this.daemon = new OneboxDaemon(this);
+    this.systemd = new OneboxSystemd();
     this.httpServer = new OneboxHttpServer(this);
     this.registry = new RegistryManager({
       dataDir: './.nogit/registry-data',
@@ -288,10 +291,65 @@ export class Onebox {
       // Sort expiring domains by days remaining (ascending)
       expiringDomains.sort((a, b) => a.daysRemaining - b.daysRemaining);
 
+      // Aggregate resource usage across all running service containers
+      let totalCpu = 0;
+      let totalMemoryUsed = 0;
+      let totalMemoryLimit = 0;
+      let totalNetworkIn = 0;
+      let totalNetworkOut = 0;
+
+      if (dockerRunning) {
+        const allServices = this.services.listServices();
+        const runningUserServices = allServices.filter((s) => s.status === 'running' && s.containerID);
+        logger.debug(`Resource stats: ${runningUserServices.length} running user services`);
+
+        const statsPromises = runningUserServices
+          .map((s) => {
+            logger.debug(`Fetching stats for user service: ${s.name} (${s.containerID})`);
+            return this.docker.getContainerStats(s.containerID!).catch((err) => {
+              logger.debug(`Stats failed for ${s.name}: ${(err as Error).message}`);
+              return null;
+            });
+          });
+
+        // Also get stats for platform service containers
+        const allPlatformServices = this.platformServices.getAllPlatformServices();
+        const runningPlatformServices = allPlatformServices.filter((s) => s.status === 'running' && s.containerId);
+        logger.debug(`Resource stats: ${runningPlatformServices.length} running platform services`);
+
+        const platformStatsPromises = runningPlatformServices
+          .map((s) => {
+            logger.debug(`Fetching stats for platform service: ${s.type} (${s.containerId})`);
+            return this.docker.getContainerStats(s.containerId!).catch((err) => {
+              logger.debug(`Stats failed for ${s.type}: ${(err as Error).message}`);
+              return null;
+            });
+          });
+
+        const allStats = await Promise.all([...statsPromises, ...platformStatsPromises]);
+        let successCount = 0;
+        for (const stats of allStats) {
+          if (stats) {
+            successCount++;
+            totalCpu += stats.cpuPercent;
+            totalMemoryUsed += stats.memoryUsed;
+            totalMemoryLimit = Math.max(totalMemoryLimit, stats.memoryLimit);
+            totalNetworkIn += stats.networkRx;
+            totalNetworkOut += stats.networkTx;
+          }
+        }
+        logger.debug(`Resource stats: ${successCount}/${allStats.length} containers returned stats. CPU: ${totalCpu}, Mem: ${totalMemoryUsed}`);
+      }
+
       return {
         docker: {
           running: dockerRunning,
           version: dockerRunning ? await this.docker.getDockerVersion() : null,
+          cpuUsage: Math.round(totalCpu * 10) / 10,
+          memoryUsage: totalMemoryUsed,
+          memoryTotal: totalMemoryLimit,
+          networkIn: totalNetworkIn,
+          networkOut: totalNetworkOut,
         },
         reverseProxy: proxyStatus,
         dns: {
@@ -320,20 +378,6 @@ export class Onebox {
     }
   }
 
-  /**
-   * Start daemon mode
-   */
-  async startDaemon(): Promise<void> {
-    await this.daemon.start();
-  }
-
-  /**
-   * Stop daemon mode
-   */
-  async stopDaemon(): Promise<void> {
-    await this.daemon.stop();
-  }
-
   /**
    * Start OpsServer (TypedRequest-based, serves new UI)
    */
@@ -355,6 +399,9 @@ export class Onebox {
     try {
       logger.info('Shutting down Onebox...');
 
+      // Stop auto-update monitoring
+      this.services.stopAutoUpdateMonitoring();
+
       // Stop backup scheduler
       await this.backupScheduler.stop();
 

ts/classes/platform-services/providers/clickhouse.ts

@@ -194,12 +194,6 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
     const containerName = this.getContainerName();
 
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 8123);
-    if (!hostPort) {
-      throw new Error('Could not get ClickHouse container host port');
-    }
-
     // Generate resource names and credentials
     const dbName = this.generateResourceName(userService.name);
     const username = this.generateResourceName(userService.name);
@@ -207,35 +201,16 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
 
     logger.info(`Provisioning ClickHouse database '${dbName}' for service '${userService.name}'...`);
 
-    // Connect to ClickHouse via localhost and the mapped host port
-    const baseUrl = `http://127.0.0.1:${hostPort}`;
+    // Use docker exec to provision inside the container (avoids host port mapping issues)
+    const queries = [
+      `CREATE DATABASE IF NOT EXISTS ${dbName}`,
+      `CREATE USER IF NOT EXISTS ${username} IDENTIFIED BY '${password}'`,
+      `GRANT ALL ON ${dbName}.* TO ${username}`,
+    ];
 
-    // Create database
-    await this.executeQuery(
-      baseUrl,
-      adminCreds.username,
-      adminCreds.password,
-      `CREATE DATABASE IF NOT EXISTS ${dbName}`
-    );
-    logger.info(`Created ClickHouse database '${dbName}'`);
-
-    // Create user with access to this database
-    await this.executeQuery(
-      baseUrl,
-      adminCreds.username,
-      adminCreds.password,
-      `CREATE USER IF NOT EXISTS ${username} IDENTIFIED BY '${password}'`
-    );
-    logger.info(`Created ClickHouse user '${username}'`);
-
-    // Grant permissions on the database
-    await this.executeQuery(
-      baseUrl,
-      adminCreds.username,
-      adminCreds.password,
-      `GRANT ALL ON ${dbName}.* TO ${username}`
-    );
-    logger.info(`Granted permissions to user '${username}' on database '${dbName}'`);
+    for (const query of queries) {
+      await this.execClickHouseQuery(platformService.containerId, adminCreds, query);
+    }
 
     logger.success(`ClickHouse database '${dbName}' provisioned with user '${username}'`);
 
@@ -274,37 +249,11 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
 
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
 
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 8123);
-    if (!hostPort) {
-      throw new Error('Could not get ClickHouse container host port');
-    }
-
     logger.info(`Deprovisioning ClickHouse database '${resource.resourceName}'...`);
 
-    const baseUrl = `http://127.0.0.1:${hostPort}`;
-
     try {
-      // Drop the user
-      try {
-        await this.executeQuery(
-          baseUrl,
-          adminCreds.username,
-          adminCreds.password,
-          `DROP USER IF EXISTS ${credentials.username}`
-        );
-        logger.info(`Dropped ClickHouse user '${credentials.username}'`);
-      } catch (e) {
-        logger.warn(`Could not drop ClickHouse user: ${getErrorMessage(e)}`);
-      }
-
-      // Drop the database
-      await this.executeQuery(
-        baseUrl,
-        adminCreds.username,
-        adminCreds.password,
-        `DROP DATABASE IF EXISTS ${resource.resourceName}`
-      );
+      await this.execClickHouseQuery(platformService.containerId, adminCreds, `DROP USER IF EXISTS ${credentials.username}`);
+      await this.execClickHouseQuery(platformService.containerId, adminCreds, `DROP DATABASE IF EXISTS ${resource.resourceName}`);
       logger.success(`ClickHouse database '${resource.resourceName}' dropped`);
     } catch (e) {
       logger.error(`Failed to deprovision ClickHouse database: ${getErrorMessage(e)}`);
@@ -313,26 +262,27 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
   }
 
   /**
-   * Execute a ClickHouse SQL query via HTTP interface
+   * Execute a ClickHouse SQL query via docker exec inside the container
    */
-  private async executeQuery(
-    baseUrl: string,
-    username: string,
-    password: string,
+  private async execClickHouseQuery(
+    containerId: string,
+    adminCreds: { username: string; password: string },
     query: string
   ): Promise<string> {
-    const url = `${baseUrl}/?user=${encodeURIComponent(username)}&password=${encodeURIComponent(password)}`;
+    const result = await this.oneboxRef.docker.execInContainer(
+      containerId,
+      [
+        'clickhouse-client',
+        '--user', adminCreds.username,
+        '--password', adminCreds.password,
+        '--query', query,
+      ]
+    );
 
-    const response = await fetch(url, {
-      method: 'POST',
-      body: query,
-    });
-
-    if (!response.ok) {
-      const errorText = await response.text();
-      throw new Error(`ClickHouse query failed: ${errorText}`);
+    if (result.exitCode !== 0) {
+      throw new Error(`ClickHouse query failed (exit ${result.exitCode}): ${result.stderr.substring(0, 200)}`);
     }
 
-    return await response.text();
+    return result.stdout;
   }
 }

ts/classes/platform-services/providers/minio.ts

@@ -196,84 +196,28 @@ export class MinioProvider extends BasePlatformServiceProvider {
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
     const containerName = this.getContainerName();
 
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 9000);
-    if (!hostPort) {
-      throw new Error('Could not get MinIO container host port');
-    }
-
-    // Generate bucket name and credentials
+    // Generate bucket name
     const bucketName = this.generateBucketName(userService.name);
-    const accessKey = credentialEncryption.generateAccessKey(20);
-    const secretKey = credentialEncryption.generateSecretKey(40);
 
     logger.info(`Provisioning MinIO bucket '${bucketName}' for service '${userService.name}'...`);
 
-    // Connect to MinIO via localhost and the mapped host port (for provisioning from host)
-    const provisioningEndpoint = `http://127.0.0.1:${hostPort}`;
-
-    // Import AWS S3 client
-    const { S3Client, CreateBucketCommand, PutBucketPolicyCommand } = await import('npm:@aws-sdk/client-s3@3');
-
-    // Create S3 client with admin credentials - connect via host port
-    const s3Client = new S3Client({
-      endpoint: provisioningEndpoint,
-      region: 'us-east-1',
-      credentials: {
-        accessKeyId: adminCreds.username,
-        secretAccessKey: adminCreds.password,
-      },
-      forcePathStyle: true,
-    });
+    // Use docker exec with mc (MinIO Client) inside the container
+    // First configure mc alias for local server
+    await this.execMc(platformService.containerId, [
+      'alias', 'set', 'local', 'http://localhost:9000',
+      adminCreds.username, adminCreds.password,
+    ]);
 
     // Create the bucket
-    try {
-      await s3Client.send(new CreateBucketCommand({
-        Bucket: bucketName,
-      }));
-      logger.info(`Created MinIO bucket '${bucketName}'`);
-    } catch (e: any) {
-      if (e.name !== 'BucketAlreadyOwnedByYou' && e.name !== 'BucketAlreadyExists') {
-        throw e;
-      }
-      logger.warn(`Bucket '${bucketName}' already exists`);
-    }
+    const mbResult = await this.execMc(platformService.containerId, [
+      'mb', '--ignore-existing', `local/${bucketName}`,
+    ]);
+    logger.info(`Created MinIO bucket '${bucketName}'`);
 
-    // Create service account/access key using MinIO Admin API
-    // MinIO Admin API requires mc client or direct API calls
-    // For simplicity, we'll use root credentials and bucket policy isolation
-    // In production, you'd use MinIO's Admin API to create service accounts
-
-    // Set bucket policy to allow access only with this bucket's credentials
-    const bucketPolicy = {
-      Version: '2012-10-17',
-      Statement: [
-        {
-          Effect: 'Allow',
-          Principal: { AWS: ['*'] },
-          Action: ['s3:GetObject', 's3:PutObject', 's3:DeleteObject', 's3:ListBucket'],
-          Resource: [
-            `arn:aws:s3:::${bucketName}`,
-            `arn:aws:s3:::${bucketName}/*`,
-          ],
-        },
-      ],
-    };
-
-    try {
-      await s3Client.send(new PutBucketPolicyCommand({
-        Bucket: bucketName,
-        Policy: JSON.stringify(bucketPolicy),
-      }));
-      logger.info(`Set bucket policy for '${bucketName}'`);
-    } catch (e) {
-      logger.warn(`Could not set bucket policy: ${getErrorMessage(e)}`);
-    }
-
-    // Note: For proper per-service credentials, MinIO Admin API should be used
-    // For now, we're providing the bucket with root access
-    // TODO: Implement MinIO service account creation
-    logger.warn('Using root credentials for MinIO access. Consider implementing service accounts for production.');
+    // Set bucket policy to allow public read/write (services on the same network use root creds)
+    await this.execMc(platformService.containerId, [
+      'anonymous', 'set', 'none', `local/${bucketName}`,
+    ]);
 
     // Use container name for the endpoint in credentials (user services run in same network)
     const serviceEndpoint = `http://${containerName}:9000`;
@@ -281,7 +225,7 @@ export class MinioProvider extends BasePlatformServiceProvider {
     const credentials: Record<string, string> = {
       endpoint: serviceEndpoint,
       bucket: bucketName,
-      accessKey: adminCreds.username, // Using root for now
+      accessKey: adminCreds.username,
       secretKey: adminCreds.password,
       region: 'us-east-1',
     };
@@ -312,57 +256,37 @@ export class MinioProvider extends BasePlatformServiceProvider {
 
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
 
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 9000);
-    if (!hostPort) {
-      throw new Error('Could not get MinIO container host port');
-    }
-
     logger.info(`Deprovisioning MinIO bucket '${resource.resourceName}'...`);
 
-    const { S3Client, DeleteBucketCommand, ListObjectsV2Command, DeleteObjectsCommand } = await import('npm:@aws-sdk/client-s3@3');
-
-    const s3Client = new S3Client({
-      endpoint: `http://127.0.0.1:${hostPort}`,
-      region: 'us-east-1',
-      credentials: {
-        accessKeyId: adminCreds.username,
-        secretAccessKey: adminCreds.password,
-      },
-      forcePathStyle: true,
-    });
+    // Configure mc alias
+    await this.execMc(platformService.containerId, [
+      'alias', 'set', 'local', 'http://localhost:9000',
+      adminCreds.username, adminCreds.password,
+    ]);
 
     try {
-      // First, delete all objects in the bucket
-      let continuationToken: string | undefined;
-      do {
-        const listResponse = await s3Client.send(new ListObjectsV2Command({
-          Bucket: resource.resourceName,
-          ContinuationToken: continuationToken,
-        }));
-
-        if (listResponse.Contents && listResponse.Contents.length > 0) {
-          await s3Client.send(new DeleteObjectsCommand({
-            Bucket: resource.resourceName,
-            Delete: {
-              Objects: listResponse.Contents.map(obj => ({ Key: obj.Key! })),
-            },
-          }));
-          logger.info(`Deleted ${listResponse.Contents.length} objects from bucket`);
-        }
-
-        continuationToken = listResponse.IsTruncated ? listResponse.NextContinuationToken : undefined;
-      } while (continuationToken);
-
-      // Now delete the bucket
-      await s3Client.send(new DeleteBucketCommand({
-        Bucket: resource.resourceName,
-      }));
-
+      // Remove all objects and the bucket
+      await this.execMc(platformService.containerId, [
+        'rb', '--force', `local/${resource.resourceName}`,
+      ]);
       logger.success(`MinIO bucket '${resource.resourceName}' deleted`);
     } catch (e) {
       logger.error(`Failed to delete MinIO bucket: ${getErrorMessage(e)}`);
       throw e;
     }
   }
+
+  /**
+   * Execute mc (MinIO Client) command inside the container
+   */
+  private async execMc(
+    containerId: string,
+    args: string[],
+  ): Promise<{ stdout: string; stderr: string }> {
+    const result = await this.oneboxRef.docker.execInContainer(containerId, ['mc', ...args]);
+    if (result.exitCode !== 0) {
+      throw new Error(`mc command failed (exit ${result.exitCode}): ${result.stderr.substring(0, 200)}`);
+    }
+    return result;
+  }
 }

ts/classes/platform-services/providers/mongodb.ts

@@ -28,7 +28,7 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
 
   getDefaultConfig(): IPlatformServiceConfig {
     return {
-      image: 'mongo:7',
+      image: 'mongo:4.4',
       port: 27017,
       volumes: ['/var/lib/onebox/mongodb:/data/db'],
       environment: {
@@ -165,7 +165,7 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
       // This avoids network issues with overlay networks
       const result = await this.oneboxRef.docker.execInContainer(
         platformService.containerId,
-        ['mongosh', '--eval', 'db.adminCommand("ping")', '--username', adminCreds.username, '--password', adminCreds.password, '--authenticationDatabase', 'admin', '--quiet']
+        ['mongo', '--eval', 'db.adminCommand("ping")', '--username', adminCreds.username, '--password', adminCreds.password, '--authenticationDatabase', 'admin', '--quiet']
       );
 
       if (result.exitCode === 0) {
@@ -190,12 +190,6 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
     const containerName = this.getContainerName();
 
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 27017);
-    if (!hostPort) {
-      throw new Error('Could not get MongoDB container host port');
-    }
-
     // Generate resource names and credentials
     const dbName = this.generateResourceName(userService.name);
     const username = this.generateResourceName(userService.name);
@@ -203,32 +197,40 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
 
     logger.info(`Provisioning MongoDB database '${dbName}' for service '${userService.name}'...`);
 
-    // Connect to MongoDB via localhost and the mapped host port
-    const { MongoClient } = await import('npm:mongodb@6');
-    const adminUri = `mongodb://${adminCreds.username}:${adminCreds.password}@127.0.0.1:${hostPort}/?authSource=admin`;
+    // Use docker exec to provision inside the container (avoids host port mapping issues)
+    const escapedPassword = password.replace(/'/g, "'\\''");
+    const escapedAdminPassword = adminCreds.password.replace(/'/g, "'\\''");
 
-    const client = new MongoClient(adminUri);
-    await client.connect();
-
-    try {
-      // Create the database by switching to it (MongoDB creates on first write)
-      const db = client.db(dbName);
-
-      // Create a collection to ensure the database exists
-      await db.createCollection('_onebox_init');
-
-      // Create user with readWrite access to this database
-      await db.command({
-        createUser: username,
-        pwd: password,
-        roles: [{ role: 'readWrite', db: dbName }],
+    // Create database and user via mongo inside the container
+    const mongoScript = `
+      db = db.getSiblingDB('${dbName}');
+      db.createCollection('_onebox_init');
+      db.createUser({
+        user: '${username}',
+        pwd: '${escapedPassword}',
+        roles: [{ role: 'readWrite', db: '${dbName}' }]
       });
+      print('PROVISION_SUCCESS');
+    `;
 
-      logger.success(`MongoDB database '${dbName}' provisioned with user '${username}'`);
-    } finally {
-      await client.close();
+    const result = await this.oneboxRef.docker.execInContainer(
+      platformService.containerId,
+      [
+        'mongo',
+        '--username', adminCreds.username,
+        '--password', escapedAdminPassword,
+        '--authenticationDatabase', 'admin',
+        '--quiet',
+        '--eval', mongoScript,
+      ]
+    );
+
+    if (result.exitCode !== 0 || !result.stdout.includes('PROVISION_SUCCESS')) {
+      throw new Error(`Failed to provision MongoDB database: exit code ${result.exitCode}, output: ${result.stdout.substring(0, 200)} ${result.stderr.substring(0, 200)}`);
     }
 
+    logger.success(`MongoDB database '${dbName}' provisioned with user '${username}'`);
+
     // Build the credentials and env vars
     const credentials: Record<string, string> = {
       host: containerName,
@@ -262,37 +264,33 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
     }
 
     const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
-
-    // Get container host port for connection from host (overlay network IPs not accessible from host)
-    const hostPort = await this.oneboxRef.docker.getContainerHostPort(platformService.containerId, 27017);
-    if (!hostPort) {
-      throw new Error('Could not get MongoDB container host port');
-    }
+    const escapedAdminPassword = adminCreds.password.replace(/'/g, "'\\''");
 
     logger.info(`Deprovisioning MongoDB database '${resource.resourceName}'...`);
 
-    const { MongoClient } = await import('npm:mongodb@6');
-    const adminUri = `mongodb://${adminCreds.username}:${adminCreds.password}@127.0.0.1:${hostPort}/?authSource=admin`;
+    const mongoScript = `
+      db = db.getSiblingDB('${resource.resourceName}');
+      try { db.dropUser('${credentials.username}'); } catch(e) { print('User drop failed: ' + e); }
+      db.dropDatabase();
+      print('DEPROVISION_SUCCESS');
+    `;
 
-    const client = new MongoClient(adminUri);
-    await client.connect();
+    const result = await this.oneboxRef.docker.execInContainer(
+      platformService.containerId,
+      [
+        'mongo',
+        '--username', adminCreds.username,
+        '--password', escapedAdminPassword,
+        '--authenticationDatabase', 'admin',
+        '--quiet',
+        '--eval', mongoScript,
+      ]
+    );
 
-    try {
-      const db = client.db(resource.resourceName);
-
-      // Drop the user
-      try {
-        await db.command({ dropUser: credentials.username });
-        logger.info(`Dropped MongoDB user '${credentials.username}'`);
-      } catch (e) {
-        logger.warn(`Could not drop MongoDB user: ${getErrorMessage(e)}`);
-      }
-
-      // Drop the database
-      await db.dropDatabase();
-      logger.success(`MongoDB database '${resource.resourceName}' dropped`);
-    } finally {
-      await client.close();
+    if (result.exitCode !== 0) {
+      logger.warn(`MongoDB deprovision returned exit code ${result.exitCode}: ${result.stderr.substring(0, 200)}`);
     }
+
+    logger.success(`MongoDB database '${resource.resourceName}' dropped`);
   }
 }

ts/classes/services.ts

@@ -15,6 +15,7 @@ export class OneboxServicesManager {
   private oneboxRef: any; // Will be Onebox instance
   private database: OneboxDatabase;
   private docker: OneboxDockerManager;
+  private autoUpdateIntervalId: number | null = null;
 
   constructor(oneboxRef: any) {
     this.oneboxRef = oneboxRef;
@@ -681,7 +682,7 @@ export class OneboxServicesManager {
    */
   startAutoUpdateMonitoring(): void {
     // Check every 30 seconds
-    setInterval(async () => {
+    this.autoUpdateIntervalId = setInterval(async () => {
       try {
         await this.checkForRegistryUpdates();
       } catch (error) {
@@ -692,6 +693,17 @@ export class OneboxServicesManager {
     logger.info('Auto-update monitoring started (30s interval)');
   }
 
+  /**
+   * Stop auto-update monitoring
+   */
+  stopAutoUpdateMonitoring(): void {
+    if (this.autoUpdateIntervalId !== null) {
+      clearInterval(this.autoUpdateIntervalId);
+      this.autoUpdateIntervalId = null;
+      logger.debug('Auto-update monitoring stopped');
+    }
+  }
+
   /**
    * Check all services using onebox registry for updates
    */

ts/classes/systemd.ts

@@ -0,0 +1,243 @@
+/**
+ * Systemd Service Manager for Onebox
+ *
+ * Handles systemd unit file installation, enabling, starting, stopping,
+ * and status checking. Modeled on nupst's direct systemctl approach —
+ * no external library dependencies.
+ */
+
+import { logger } from '../logging.ts';
+import { getErrorMessage } from '../utils/error.ts';
+
+const SERVICE_NAME = 'onebox';
+const SERVICE_FILE_PATH = '/etc/systemd/system/onebox.service';
+
+const SERVICE_UNIT_TEMPLATE = `[Unit]
+Description=Onebox - Self-hosted container platform
+After=network-online.target docker.service
+Wants=network-online.target
+Requires=docker.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/onebox systemd start-daemon
+Restart=always
+RestartSec=10
+WorkingDirectory=/var/lib/onebox
+Environment=PATH=/usr/bin:/usr/local/bin
+Environment=HOME=/root
+Environment=DENO_DIR=/root/.cache/deno
+
+[Install]
+WantedBy=multi-user.target
+`;
+
+export class OneboxSystemd {
+  /**
+   * Install and enable the systemd service
+   */
+  async enable(): Promise<void> {
+    try {
+      // Ensure Docker is installed before writing unit file (it requires docker.service)
+      await this.ensureDocker();
+
+      // Write the unit file
+      logger.info('Writing systemd unit file...');
+      await Deno.writeTextFile(SERVICE_FILE_PATH, SERVICE_UNIT_TEMPLATE);
+      logger.info(`Unit file written to ${SERVICE_FILE_PATH}`);
+
+      // Reload systemd daemon
+      await this.runSystemctl(['daemon-reload']);
+
+      // Enable the service
+      const result = await this.runSystemctl(['enable', `${SERVICE_NAME}.service`]);
+      if (!result.success) {
+        throw new Error(`Failed to enable service: ${result.stderr}`);
+      }
+
+      logger.success('Onebox systemd service enabled');
+      logger.info('Start with: onebox systemd start');
+    } catch (error) {
+      logger.error(`Failed to enable service: ${getErrorMessage(error)}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Stop, disable, and remove the systemd service
+   */
+  async disable(): Promise<void> {
+    try {
+      // Stop the service (ignore errors if not running)
+      await this.runSystemctl(['stop', `${SERVICE_NAME}.service`]);
+
+      // Disable the service
+      await this.runSystemctl(['disable', `${SERVICE_NAME}.service`]);
+
+      // Remove the unit file
+      try {
+        await Deno.remove(SERVICE_FILE_PATH);
+        logger.info(`Removed ${SERVICE_FILE_PATH}`);
+      } catch {
+        // File might not exist
+      }
+
+      // Reload systemd daemon
+      await this.runSystemctl(['daemon-reload']);
+
+      logger.success('Onebox systemd service disabled and removed');
+    } catch (error) {
+      logger.error(`Failed to disable service: ${getErrorMessage(error)}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Start the service via systemctl
+   */
+  async start(): Promise<void> {
+    const result = await this.runSystemctl(['start', `${SERVICE_NAME}.service`]);
+    if (!result.success) {
+      logger.error(`Failed to start service: ${result.stderr}`);
+      throw new Error(`Failed to start onebox service`);
+    }
+    logger.success('Onebox service started');
+  }
+
+  /**
+   * Stop the service via systemctl
+   */
+  async stop(): Promise<void> {
+    const result = await this.runSystemctl(['stop', `${SERVICE_NAME}.service`]);
+    if (!result.success) {
+      logger.error(`Failed to stop service: ${result.stderr}`);
+      throw new Error(`Failed to stop onebox service`);
+    }
+    logger.success('Onebox service stopped');
+  }
+
+  /**
+   * Get and display service status
+   */
+  async getStatus(): Promise<string> {
+    const result = await this.runSystemctl(['status', `${SERVICE_NAME}.service`]);
+    const output = result.stdout;
+
+    let status: string;
+    if (output.includes('active (running)')) {
+      status = 'running';
+    } else if (output.includes('inactive') || output.includes('dead')) {
+      status = 'stopped';
+    } else if (output.includes('failed')) {
+      status = 'failed';
+    } else if (!result.success && result.stderr.includes('could not be found')) {
+      status = 'not-installed';
+    } else {
+      status = 'unknown';
+    }
+
+    // Print the raw systemctl output for full details
+    if (output.trim()) {
+      console.log(output);
+    }
+
+    return status;
+  }
+
+  /**
+   * Show service logs via journalctl
+   */
+  async showLogs(): Promise<void> {
+    const cmd = new Deno.Command('journalctl', {
+      args: ['-u', `${SERVICE_NAME}.service`, '-f'],
+      stdout: 'inherit',
+      stderr: 'inherit',
+    });
+    await cmd.output();
+  }
+
+  /**
+   * Check if the service unit file is installed
+   */
+  async isInstalled(): Promise<boolean> {
+    try {
+      await Deno.stat(SERVICE_FILE_PATH);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Ensure Docker is installed, installing it if necessary
+   */
+  private async ensureDocker(): Promise<void> {
+    try {
+      const cmd = new Deno.Command('docker', {
+        args: ['--version'],
+        stdout: 'piped',
+        stderr: 'piped',
+      });
+      const result = await cmd.output();
+      if (result.success) {
+        const version = new TextDecoder().decode(result.stdout).trim();
+        logger.info(`Docker found: ${version}`);
+        return;
+      }
+    } catch {
+      // docker command not found
+    }
+
+    logger.info('Docker not found. Installing Docker...');
+    const installCmd = new Deno.Command('bash', {
+      args: ['-c', 'curl -fsSL https://get.docker.com | sh'],
+      stdin: 'inherit',
+      stdout: 'inherit',
+      stderr: 'inherit',
+    });
+    const installResult = await installCmd.output();
+    if (!installResult.success) {
+      throw new Error('Failed to install Docker. Please install it manually: curl -fsSL https://get.docker.com | sh');
+    }
+    logger.success('Docker installed successfully');
+
+    // Initialize Docker Swarm
+    logger.info('Initializing Docker Swarm...');
+    const swarmCmd = new Deno.Command('docker', {
+      args: ['swarm', 'init'],
+      stdout: 'piped',
+      stderr: 'piped',
+    });
+    const swarmResult = await swarmCmd.output();
+    if (swarmResult.success) {
+      logger.success('Docker Swarm initialized');
+    } else {
+      const stderr = new TextDecoder().decode(swarmResult.stderr);
+      if (stderr.includes('already part of a swarm')) {
+        logger.info('Docker Swarm already initialized');
+      } else {
+        logger.warn(`Docker Swarm init warning: ${stderr.trim()}`);
+      }
+    }
+  }
+
+  /**
+   * Run a systemctl command and return results
+   */
+  private async runSystemctl(
+    args: string[]
+  ): Promise<{ success: boolean; stdout: string; stderr: string }> {
+    const cmd = new Deno.Command('systemctl', {
+      args,
+      stdout: 'piped',
+      stderr: 'piped',
+    });
+
+    const result = await cmd.output();
+    return {
+      success: result.success,
+      stdout: new TextDecoder().decode(result.stdout),
+      stderr: new TextDecoder().decode(result.stderr),
+    };
+  }
+}

ts/cli.ts

@@ -7,6 +7,7 @@ import { projectInfo } from './info.ts';
 import { getErrorMessage } from './utils/error.ts';
 import { Onebox } from './classes/onebox.ts';
 import { OneboxDaemon } from './classes/daemon.ts';
+import { OneboxSystemd } from './classes/systemd.ts';
 
 export async function runCli(): Promise<void> {
   const args = Deno.args;
@@ -25,6 +26,19 @@ export async function runCli(): Promise<void> {
   const subcommand = args[1];
 
   try {
+    // === LIGHTWEIGHT COMMANDS (no init()) ===
+    if (command === 'systemd') {
+      await handleSystemdCommand(subcommand, args.slice(2));
+      return;
+    }
+
+    if (command === 'upgrade') {
+      await handleUpgradeCommand();
+      return;
+    }
+
+    // === HEAVY COMMANDS (require full init()) ===
+
     // Server command has special handling (doesn't shut down)
     if (command === 'server') {
       const onebox = new Onebox();
@@ -60,10 +74,6 @@ export async function runCli(): Promise<void> {
         await handleNginxCommand(onebox, subcommand, args.slice(2));
         break;
 
-      case 'daemon':
-        await handleDaemonCommand(onebox, subcommand, args.slice(2));
-        break;
-
       case 'config':
         await handleConfigCommand(onebox, subcommand, args.slice(2));
         break;
@@ -72,10 +82,6 @@ export async function runCli(): Promise<void> {
         await handleStatusCommand(onebox);
         break;
 
-      case 'upgrade':
-        await handleUpgradeCommand();
-        break;
-
       default:
         logger.error(`Unknown command: ${command}`);
         printHelp();
@@ -282,7 +288,7 @@ async function handleServerCommand(onebox: Onebox, args: string[]) {
       await OneboxDaemon.ensureNoDaemon();
     } catch (error) {
       logger.error('Cannot start in ephemeral mode: Daemon is already running');
-      logger.info('Stop the daemon first: onebox daemon stop');
+      logger.info('Stop the daemon first: onebox systemd stop');
       logger.info('Or run without --ephemeral to use the existing daemon');
       Deno.exit(1);
     }
@@ -326,39 +332,49 @@ async function handleServerCommand(onebox: Onebox, args: string[]) {
   }
 }
 
-// Daemon commands
-async function handleDaemonCommand(onebox: Onebox, subcommand: string, _args: string[]) {
+// Systemd service commands (lightweight — no Onebox init)
+async function handleSystemdCommand(subcommand: string, _args: string[]) {
+  const systemd = new OneboxSystemd();
+
   switch (subcommand) {
-    case 'install':
-      await onebox.daemon.installService();
+    case 'enable':
+      await systemd.enable();
+      break;
+
+    case 'disable':
+      await systemd.disable();
       break;
 
     case 'start':
-      await onebox.startDaemon();
+      await systemd.start();
       break;
 
     case 'stop':
-      await onebox.stopDaemon();
+      await systemd.stop();
       break;
 
-    case 'logs': {
-      const command = new Deno.Command('journalctl', {
-        args: ['-u', 'smartdaemon_onebox', '-f'],
-        stdout: 'inherit',
-        stderr: 'inherit',
-      });
-      await command.output();
+    case 'status': {
+      const status = await systemd.getStatus();
+      logger.info(`Service status: ${status}`);
       break;
     }
 
-    case 'status': {
-      const status = await onebox.daemon.getServiceStatus();
-      logger.info(`Daemon status: ${status}`);
+    case 'logs':
+      await systemd.showLogs();
+      break;
+
+    case 'start-daemon': {
+      // This is what systemd's ExecStart calls — full init + daemon loop
+      const onebox = new Onebox();
+      await onebox.init();
+      await onebox.daemon.start();
+      // start() blocks (keepAlive loop) until SIGTERM/SIGINT
       break;
     }
 
     default:
-      logger.error(`Unknown daemon subcommand: ${subcommand}`);
+      logger.error(`Unknown systemd subcommand: ${subcommand}`);
+      logger.info('Available: enable, disable, start, stop, status, logs');
   }
 }
 
@@ -506,11 +522,12 @@ Commands:
   nginx test
   nginx status
 
-  daemon install
-  daemon start
-  daemon stop
-  daemon logs
-  daemon status
+  systemd enable             Install and enable systemd service
+  systemd disable            Stop, disable, and remove systemd service
+  systemd start              Start onebox via systemctl
+  systemd stop               Stop onebox via systemctl
+  systemd status             Show systemd service status
+  systemd logs               Follow service logs (journalctl)
 
   config show
   config set <key> <value>
@@ -530,15 +547,15 @@ Development Workflow:
   onebox service add ...               # In another terminal
 
 Production Workflow:
-  onebox daemon install                # Install systemd service
-  onebox daemon start                  # Start daemon
-  onebox service add ...               # CLI uses daemon
+  onebox systemd enable                # Install and enable systemd service
+  onebox systemd start                 # Start via systemctl
+  onebox service add ...               # CLI manages services
 
 Examples:
   onebox server --ephemeral            # Start dev server
   onebox service add myapp --image nginx:latest --domain app.example.com --port 80
   onebox registry add --url registry.example.com --username user --password pass
-  onebox daemon install
-  onebox daemon start
+  onebox systemd enable
+  onebox systemd start
 `);
 }

ts/index.ts

@@ -12,6 +12,7 @@ export { OneboxReverseProxy } from './classes/reverseproxy.ts';
 export { OneboxDnsManager } from './classes/dns.ts';
 export { OneboxSslManager } from './classes/ssl.ts';
 export { OneboxDaemon } from './classes/daemon.ts';
+export { OneboxSystemd } from './classes/systemd.ts';
 export { OneboxHttpServer } from './classes/httpserver.ts';
 export { OneboxApiClient } from './classes/apiclient.ts';
 

ts/opsserver/handlers/platform.handler.ts

@@ -6,10 +6,82 @@ import { requireValidIdentity } from '../helpers/guards.ts';
 
 export class PlatformHandler {
   public typedrouter = new plugins.typedrequest.TypedRouter();
+  private activeLogStreams = new Map<string, boolean>();
 
   constructor(private opsServerRef: OpsServer) {
     this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
     this.registerHandlers();
+    this.startLogStreaming();
+  }
+
+  /**
+   * Start streaming logs from all running platform service containers
+   * and push new entries to connected dashboard clients via TypedSocket
+   */
+  private async startLogStreaming(): Promise<void> {
+    // Poll for running platform services every 10s and start streams for new ones
+    const checkAndStream = async () => {
+      const services = this.opsServerRef.oneboxRef.database.getAllPlatformServices();
+      for (const service of services) {
+        if (service.status !== 'running' || !service.containerId) continue;
+        if (this.activeLogStreams.has(service.type)) continue;
+
+        this.activeLogStreams.set(service.type, true);
+        logger.info(`Starting log stream for platform service: ${service.type}`);
+
+        try {
+          await this.opsServerRef.oneboxRef.docker.streamContainerLogs(
+            service.containerId,
+            (line: string, isError: boolean) => {
+              this.pushLogToClients(service.type as interfaces.data.TPlatformServiceType, line, isError);
+            }
+          );
+        } catch (err) {
+          logger.warn(`Log stream failed for ${service.type}: ${(err as Error).message}`);
+          this.activeLogStreams.delete(service.type);
+        }
+      }
+    };
+
+    // Initial check after a short delay (let services start first)
+    setTimeout(() => checkAndStream(), 5000);
+    // Re-check periodically for newly started services
+    setInterval(() => checkAndStream(), 15000);
+  }
+
+  private pushLogToClients(
+    serviceType: interfaces.data.TPlatformServiceType,
+    line: string,
+    isError: boolean,
+  ): void {
+    const typedsocket = (this.opsServerRef.server as any)?.typedserver?.typedsocket;
+    if (!typedsocket) return;
+
+    // Parse timestamp from Docker log line
+    const tsMatch = line.match(/^(\d{4}-\d{2}-\d{2}T[\d:.]+Z?)\s+(.*)/);
+    const timestamp = tsMatch ? tsMatch[1] : new Date().toISOString();
+    const message = tsMatch ? tsMatch[2] : line;
+    const msgLower = message.toLowerCase();
+    const level = isError || msgLower.includes('error') || msgLower.includes('fatal')
+      ? 'error'
+      : msgLower.includes('warn')
+        ? 'warn'
+        : 'info';
+
+    // Find all dashboard clients and push
+    typedsocket.findAllTargetConnectionsByTag('role', 'ops_dashboard')
+      .then((connections: any[]) => {
+        for (const conn of connections) {
+          typedsocket.createTypedRequest<interfaces.requests.IReq_PushPlatformServiceLog>(
+            'pushPlatformServiceLog',
+            conn,
+          ).fire({
+            serviceType,
+            entry: { timestamp, level, message },
+          }).catch(() => {}); // fire-and-forget
+        }
+      })
+      .catch(() => {}); // no connections, ignore
   }
 
   private registerHandlers(): void {
@@ -165,5 +237,47 @@ export class PlatformHandler {
         },
       ),
     );
+
+    // Get platform service logs
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetPlatformServiceLogs>(
+        'getPlatformServiceLogs',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const service = this.opsServerRef.oneboxRef.database.getPlatformServiceByType(dataArg.serviceType);
+          if (!service || !service.containerId) {
+            throw new plugins.typedrequest.TypedResponseError('Platform service has no container');
+          }
+
+          const tail = dataArg.tail || 100;
+          const rawLogs = await this.opsServerRef.oneboxRef.docker.getContainerLogs(service.containerId, tail);
+
+          // Parse raw log output into structured entries
+          const logLines = (rawLogs.stdout + rawLogs.stderr)
+            .split('\n')
+            .filter((line: string) => line.trim());
+
+          const logs = logLines.map((line: string, index: number) => {
+            // Try to parse Docker timestamp from beginning of line
+            const tsMatch = line.match(/^(\d{4}-\d{2}-\d{2}T[\d:.]+Z?)\s+(.*)/);
+            const timestamp = tsMatch ? new Date(tsMatch[1]).getTime() : Date.now();
+            const message = tsMatch ? tsMatch[2] : line;
+            const msgLower = message.toLowerCase();
+            const isError = msgLower.includes('error') || msgLower.includes('fatal');
+            const isWarn = msgLower.includes('warn');
+            return {
+              id: index,
+              serviceId: 0,
+              timestamp,
+              message,
+              level: (isError ? 'error' : isWarn ? 'warn' : 'info') as 'info' | 'warn' | 'error' | 'debug',
+              source: 'stdout' as const,
+            };
+          });
+
+          return { logs };
+        },
+      ),
+    );
   }
 }

ts/plugins.ts

@@ -17,10 +17,6 @@ export { path, fs, http, encoding };
 import { Database } from '@db/sqlite';
 export const sqlite = { DB: Database };
 
-// Systemd Daemon Integration
-import * as smartdaemon from '@push.rocks/smartdaemon';
-export { smartdaemon };
-
 // Docker API Client
 import { DockerHost } from '@apiclient.xyz/docker';
 export const docker = { Docker: DockerHost };

ts_interfaces/data/system.ts

@@ -8,6 +8,11 @@ export interface ISystemStatus {
   docker: {
     running: boolean;
     version: unknown;
+    cpuUsage: number;
+    memoryUsage: number;
+    memoryTotal: number;
+    networkIn: number;
+    networkOut: number;
   };
   reverseProxy: {
     http: { running: boolean; port: number };

ts_interfaces/requests/platform-services.ts

@@ -69,3 +69,34 @@ export interface IReq_GetPlatformServiceStats extends plugins.typedrequestInterf
     stats: data.IContainerStats;
   };
 }
+
+export interface IReq_GetPlatformServiceLogs extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetPlatformServiceLogs
+> {
+  method: 'getPlatformServiceLogs';
+  request: {
+    identity: data.IIdentity;
+    serviceType: data.TPlatformServiceType;
+    tail?: number;
+  };
+  response: {
+    logs: data.ILogEntry[];
+  };
+}
+
+export interface IReq_PushPlatformServiceLog extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_PushPlatformServiceLog
+> {
+  method: 'pushPlatformServiceLog';
+  request: {
+    serviceType: data.TPlatformServiceType;
+    entry: {
+      timestamp: string;
+      level: string;
+      message: string;
+    };
+  };
+  response: {};
+}

ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/onebox',
-  version: '1.14.1',
+  version: '1.19.0',
   description: 'Self-hosted container platform with automatic SSL and DNS - a mini Heroku for single servers'
 }

ts_web/appstate.ts

@@ -26,6 +26,8 @@ export interface IServicesState {
   currentServiceStats: interfaces.data.IContainerStats | null;
   platformServices: interfaces.data.IPlatformService[];
   currentPlatformService: interfaces.data.IPlatformService | null;
+  currentPlatformServiceStats: interfaces.data.IContainerStats | null;
+  currentPlatformServiceLogs: interfaces.data.ILogEntry[];
 }
 
 export interface INetworkState {
@@ -88,6 +90,8 @@ export const servicesStatePart = await appState.getStatePart<IServicesState>(
     currentServiceStats: null,
     platformServices: [],
     currentPlatformService: null,
+    currentPlatformServiceStats: null,
+    currentPlatformServiceLogs: [],
   },
   'soft',
 );
@@ -476,6 +480,46 @@ export const stopPlatformServiceAction = servicesStatePart.createAction<{
   }
 });
 
+export const fetchPlatformServiceStatsAction = servicesStatePart.createAction<{
+  serviceType: interfaces.data.TPlatformServiceType;
+}>(async (statePartArg, dataArg) => {
+  const context = getActionContext();
+  try {
+    const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetPlatformServiceStats
+    >('/typedrequest', 'getPlatformServiceStats');
+    const response = await typedRequest.fire({
+      identity: context.identity!,
+      serviceType: dataArg.serviceType,
+    });
+    return { ...statePartArg.getState(), currentPlatformServiceStats: response.stats };
+  } catch (err) {
+    console.error('Failed to fetch platform service stats:', err);
+    return { ...statePartArg.getState(), currentPlatformServiceStats: null };
+  }
+});
+
+export const fetchPlatformServiceLogsAction = servicesStatePart.createAction<{
+  serviceType: interfaces.data.TPlatformServiceType;
+  tail?: number;
+}>(async (statePartArg, dataArg) => {
+  const context = getActionContext();
+  try {
+    const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetPlatformServiceLogs
+    >('/typedrequest', 'getPlatformServiceLogs');
+    const response = await typedRequest.fire({
+      identity: context.identity!,
+      serviceType: dataArg.serviceType,
+      tail: dataArg.tail || 100,
+    });
+    return { ...statePartArg.getState(), currentPlatformServiceLogs: response.logs };
+  } catch (err) {
+    console.error('Failed to fetch platform service logs:', err);
+    return { ...statePartArg.getState(), currentPlatformServiceLogs: [] };
+  }
+});
+
 // ============================================================================
 // Network Actions
 // ============================================================================
@@ -917,3 +961,73 @@ const startAutoRefresh = () => {
 uiStatePart.select((s) => s).subscribe(() => startAutoRefresh());
 loginStatePart.select((s) => s).subscribe(() => startAutoRefresh());
 startAutoRefresh();
+
+// ============================================================================
+// TypedSocket — real-time server push (logs, events)
+// ============================================================================
+
+let socketClient: InstanceType<typeof plugins.typedsocket.TypedSocket> | null = null;
+const socketRouter = new plugins.domtools.plugins.typedrequest.TypedRouter();
+
+// Handle server-pushed platform service log entries
+socketRouter.addTypedHandler(
+  new plugins.domtools.plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PushPlatformServiceLog>(
+    'pushPlatformServiceLog',
+    async (dataArg) => {
+      const state = servicesStatePart.getState();
+      const entry: interfaces.data.ILogEntry = {
+        id: state.currentPlatformServiceLogs.length,
+        serviceId: 0,
+        timestamp: new Date(dataArg.entry.timestamp).getTime(),
+        message: dataArg.entry.message,
+        level: dataArg.entry.level as 'info' | 'warn' | 'error' | 'debug',
+        source: 'stdout',
+      };
+      const updated = [...state.currentPlatformServiceLogs, entry];
+      // Cap at 2000 entries
+      if (updated.length > 2000) {
+        updated.splice(0, updated.length - 2000);
+      }
+      servicesStatePart.setState({
+        ...state,
+        currentPlatformServiceLogs: updated,
+      });
+      return {};
+    },
+  ),
+);
+
+async function connectSocket() {
+  if (socketClient) return;
+  try {
+    socketClient = await plugins.typedsocket.TypedSocket.createClient(
+      socketRouter,
+      plugins.typedsocket.TypedSocket.useWindowLocationOriginUrl(),
+    );
+    await socketClient.setTag('role', 'ops_dashboard');
+    console.log('TypedSocket dashboard connection established');
+  } catch (err) {
+    console.error('TypedSocket connection failed:', err);
+    socketClient = null;
+  }
+}
+
+async function disconnectSocket() {
+  if (socketClient) {
+    try {
+      await socketClient.disconnect();
+    } catch {
+      // ignore disconnect errors
+    }
+    socketClient = null;
+  }
+}
+
+// Connect socket when logged in, disconnect when logged out
+loginStatePart.select((s) => s).subscribe((loginState) => {
+  if (loginState.isLoggedIn) {
+    connectSocket();
+  } else {
+    disconnectSocket();
+  }
+});

ts_web/elements/ob-app-shell.ts

@@ -37,15 +37,15 @@ export class ObAppShell extends DeesElement {
   accessor loginError: string = '';
 
   private viewTabs = [
-    { name: 'Dashboard', element: (async () => (await import('./ob-view-dashboard.js')).ObViewDashboard)() },
-    { name: 'Services', element: (async () => (await import('./ob-view-services.js')).ObViewServices)() },
-    { name: 'Network', element: (async () => (await import('./ob-view-network.js')).ObViewNetwork)() },
-    { name: 'Registries', element: (async () => (await import('./ob-view-registries.js')).ObViewRegistries)() },
-    { name: 'Tokens', element: (async () => (await import('./ob-view-tokens.js')).ObViewTokens)() },
-    { name: 'Settings', element: (async () => (await import('./ob-view-settings.js')).ObViewSettings)() },
+    { name: 'Dashboard', iconName: 'lucide:layoutDashboard', element: (async () => (await import('./ob-view-dashboard.js')).ObViewDashboard)() },
+    { name: 'Services', iconName: 'lucide:boxes', element: (async () => (await import('./ob-view-services.js')).ObViewServices)() },
+    { name: 'Network', iconName: 'lucide:network', element: (async () => (await import('./ob-view-network.js')).ObViewNetwork)() },
+    { name: 'Registries', iconName: 'lucide:package', element: (async () => (await import('./ob-view-registries.js')).ObViewRegistries)() },
+    { name: 'Tokens', iconName: 'lucide:key', element: (async () => (await import('./ob-view-tokens.js')).ObViewTokens)() },
+    { name: 'Settings', iconName: 'lucide:settings', element: (async () => (await import('./ob-view-settings.js')).ObViewSettings)() },
   ];
 
-  private resolvedViewTabs: Array<{ name: string; element: any }> = [];
+  private resolvedViewTabs: Array<{ name: string; iconName?: string; element: any }> = [];
 
   constructor() {
     super();
@@ -104,6 +104,7 @@ export class ObAppShell extends DeesElement {
     this.resolvedViewTabs = await Promise.all(
       this.viewTabs.map(async (tab) => ({
         name: tab.name,
+        iconName: tab.iconName,
         element: await tab.element,
       })),
     );

ts_web/elements/ob-view-dashboard.ts

@@ -24,6 +24,8 @@ export class ObViewDashboard extends DeesElement {
     currentServiceStats: null,
     platformServices: [],
     currentPlatformService: null,
+    currentPlatformServiceStats: null,
+    currentPlatformServiceLogs: [],
   };
 
   @state()
@@ -108,8 +110,8 @@ export class ObViewDashboard extends DeesElement {
             cpu: status?.docker?.cpuUsage || 0,
             memoryUsed: status?.docker?.memoryUsage || 0,
             memoryTotal: status?.docker?.memoryTotal || 0,
-            networkIn: 0,
-            networkOut: 0,
+            networkIn: status?.docker?.networkIn || 0,
+            networkOut: status?.docker?.networkOut || 0,
             topConsumers: [],
           },
           platformServices: platformServices.map((ps) => ({
@@ -149,6 +151,7 @@ export class ObViewDashboard extends DeesElement {
           ],
         }}
         @action-click=${(e: CustomEvent) => this.handleQuickAction(e)}
+        @service-click=${(e: CustomEvent) => this.handlePlatformServiceClick(e)}
       ></sz-dashboard-view>
     `;
   }
@@ -161,4 +164,21 @@ export class ObViewDashboard extends DeesElement {
       appstate.uiStatePart.dispatchAction(appstate.setActiveViewAction, { view: 'network' });
     }
   }
+
+  private handlePlatformServiceClick(e: CustomEvent) {
+    // Find the platform service type from the click event
+    const name = e.detail?.name;
+    const ps = this.servicesState.platformServices.find(
+      (p) => p.displayName === name,
+    );
+    if (ps) {
+      // Navigate to services tab — the ObViewServices component will pick up the type
+      // Store the selected platform type so the services view can open it
+      appstate.servicesStatePart.setState({
+        ...appstate.servicesStatePart.getState(),
+        currentPlatformService: ps,
+      });
+      appstate.uiStatePart.dispatchAction(appstate.setActiveViewAction, { view: 'services' });
+    }
+  }
 }

ts_web/elements/ob-view-services.ts

@@ -107,6 +107,8 @@ export class ObViewServices extends DeesElement {
     currentServiceStats: null,
     platformServices: [],
     currentPlatformService: null,
+    currentPlatformServiceStats: null,
+    currentPlatformServiceLogs: [],
   };
 
   @state()
@@ -145,7 +147,37 @@ export class ObViewServices extends DeesElement {
   public static styles = [
     cssManager.defaultStyles,
     shared.viewHostCss,
-    css``,
+    css`
+      .page-actions {
+        display: flex;
+        justify-content: flex-end;
+        margin-bottom: 16px;
+      }
+
+      .deploy-button {
+        display: inline-flex;
+        align-items: center;
+        gap: 8px;
+        padding: 10px 20px;
+        background: ${cssManager.bdTheme('#18181b', '#fafafa')};
+        color: ${cssManager.bdTheme('#fafafa', '#18181b')};
+        border: none;
+        border-radius: 6px;
+        font-size: 14px;
+        font-weight: 500;
+        cursor: pointer;
+        transition: opacity 200ms ease;
+      }
+
+      .deploy-button:hover {
+        opacity: 0.9;
+      }
+
+      .deploy-button svg {
+        width: 16px;
+        height: 16px;
+      }
+    `,
   ];
 
   async connectedCallback() {
@@ -154,6 +186,18 @@ export class ObViewServices extends DeesElement {
       appstate.servicesStatePart.dispatchAction(appstate.fetchServicesAction, null),
       appstate.servicesStatePart.dispatchAction(appstate.fetchPlatformServicesAction, null),
     ]);
+
+    // If a platform service was selected from the dashboard, navigate to its detail
+    const state = appstate.servicesStatePart.getState();
+    if (state.currentPlatformService) {
+      const type = state.currentPlatformService.type;
+      // Clear the selection so it doesn't persist on next visit
+      appstate.servicesStatePart.setState({
+        ...appstate.servicesStatePart.getState(),
+        currentPlatformService: null,
+      });
+      this.navigateToPlatformDetail(type);
+    }
   }
 
   public render(): TemplateResult {
@@ -178,8 +222,34 @@ export class ObViewServices extends DeesElement {
       domain: s.domain || null,
       status: mapStatus(s.status),
     }));
+    const displayStatus = (status: string) => {
+      switch (status) {
+        case 'running': return 'Running';
+        case 'stopped': return 'Stopped';
+        case 'starting': return 'Starting...';
+        case 'stopping': return 'Stopping...';
+        case 'failed': return 'Failed';
+        case 'not-deployed': return 'Not Deployed';
+        default: return status;
+      }
+    };
+    const mappedPlatformServices = this.servicesState.platformServices.map((ps) => ({
+      name: ps.displayName,
+      status: displayStatus(ps.status),
+      running: ps.status === 'running',
+      type: ps.type,
+    }));
     return html`
       <ob-sectionheading>Services</ob-sectionheading>
+      <div class="page-actions">
+        <button class="deploy-button" @click=${() => { this.currentView = 'create'; }}>
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <line x1="12" y1="5" x2="12" y2="19"></line>
+            <line x1="5" y1="12" x2="19" y2="12"></line>
+          </svg>
+          Deploy Service
+        </button>
+      </div>
       <sz-services-list-view
         .services=${mappedServices}
         @service-click=${(e: CustomEvent) => {
@@ -197,6 +267,20 @@ export class ObViewServices extends DeesElement {
         }}
         @service-action=${(e: CustomEvent) => this.handleServiceAction(e)}
       ></sz-services-list-view>
+      <ob-sectionheading style="margin-top: 32px;">Platform Services</ob-sectionheading>
+      <div style="max-width: 500px;">
+        <sz-platform-services-card
+          .services=${mappedPlatformServices}
+          @service-click=${(e: CustomEvent) => {
+            const type = e.detail.type || this.servicesState.platformServices.find(
+              (ps) => ps.displayName === e.detail.name,
+            )?.type;
+            if (type) {
+              this.navigateToPlatformDetail(type);
+            }
+          }}
+        ></sz-platform-services-card>
+      </div>
     `;
   }
 
@@ -206,8 +290,26 @@ export class ObViewServices extends DeesElement {
       <sz-service-create-view
         .registries=${[]}
         @create-service=${async (e: CustomEvent) => {
+          const formConfig = e.detail;
+          const serviceConfig: interfaces.data.IServiceCreate = {
+            name: formConfig.name,
+            image: formConfig.image,
+            port: formConfig.ports?.[0]?.containerPort
+              ? parseInt(formConfig.ports[0].containerPort, 10)
+              : 80,
+            envVars: formConfig.envVars?.reduce(
+              (acc: Record<string, string>, ev: { key: string; value: string }) => {
+                if (ev.key) acc[ev.key] = ev.value;
+                return acc;
+              },
+              {} as Record<string, string>,
+            ),
+            enableMongoDB: formConfig.enableMongoDB || false,
+            enableS3: formConfig.enableS3 || false,
+            enableClickHouse: formConfig.enableClickHouse || false,
+          };
           await appstate.servicesStatePart.dispatchAction(appstate.createServiceAction, {
-            config: e.detail,
+            config: serviceConfig,
           });
           this.currentView = 'list';
         }}
@@ -265,34 +367,117 @@ export class ObViewServices extends DeesElement {
     `;
   }
 
+  private navigateToPlatformDetail(type: string): void {
+    // Reset to list first to force fresh DOM for dees-chart-log
+    this.currentView = 'list';
+    this.selectedPlatformType = type;
+
+    // Clear previous stats/logs before fetching new ones
+    appstate.servicesStatePart.setState({
+      ...appstate.servicesStatePart.getState(),
+      currentPlatformServiceStats: null,
+      currentPlatformServiceLogs: [],
+    });
+
+    // Fetch stats and logs for this platform service
+    const serviceType = type as interfaces.data.TPlatformServiceType;
+    appstate.servicesStatePart.dispatchAction(appstate.fetchPlatformServiceStatsAction, { serviceType });
+    appstate.servicesStatePart.dispatchAction(appstate.fetchPlatformServiceLogsAction, { serviceType });
+
+    // Switch to detail view on next microtask (ensures fresh DOM)
+    requestAnimationFrame(() => {
+      this.currentView = 'platform-detail';
+    });
+  }
+
   private renderPlatformDetailView(): TemplateResult {
     const platformService = this.servicesState.platformServices.find(
       (ps) => ps.type === this.selectedPlatformType,
     );
+    const stats = this.servicesState.currentPlatformServiceStats;
+    const metrics = {
+      cpu: stats ? Math.round(stats.cpuPercent) : 0,
+      memory: stats ? Math.round(stats.memoryPercent) : 0,
+      storage: 0,
+      connections: undefined as number | undefined,
+    };
+
+    // Real service info per platform type
+    const serviceInfo: Record<string, { host: string; port: number; version: string; config: Record<string, any> }> = {
+      mongodb: { host: 'onebox-mongodb', port: 27017, version: '4.4', config: { engine: 'WiredTiger', authEnabled: true } },
+      minio: { host: 'onebox-minio', port: 9000, version: 'latest', config: { consolePort: 9001, region: 'us-east-1' } },
+      clickhouse: { host: 'onebox-clickhouse', port: 8123, version: 'latest', config: { nativePort: 9000, httpPort: 8123 } },
+      caddy: { host: 'onebox-caddy', port: 80, version: '2-alpine', config: { httpsPort: 443, adminApi: 2019 } },
+    };
+    const info = platformService
+      ? serviceInfo[platformService.type] || { host: 'unknown', port: 0, version: '', config: {} }
+      : { host: '', port: 0, version: '', config: {} };
+
+    // Map backend status to catalog-compatible status
+    const mapPlatformStatus = (status: string): 'running' | 'stopped' | 'error' => {
+      switch (status) {
+        case 'running': return 'running';
+        case 'failed': return 'error';
+        case 'starting':
+        case 'stopping':
+        case 'stopped':
+        case 'not-deployed':
+        default: return 'stopped';
+      }
+    };
+
     return html`
       <ob-sectionheading>Platform Service</ob-sectionheading>
+      <div class="page-actions" style="justify-content: flex-start;">
+        <button class="deploy-button" style="background: transparent; border: 1px solid var(--ci-shade-2, #27272a); color: inherit;" @click=${() => { this.currentView = 'list'; }}>
+          &larr; Back to Services
+        </button>
+      </div>
       <sz-platform-service-detail-view
         .service=${platformService
           ? {
               id: platformService.type,
               name: platformService.displayName,
               type: platformService.type,
-              status: platformService.status,
-              version: '',
-              host: 'localhost',
-              port: 0,
-              config: {},
+              status: mapPlatformStatus(platformService.status),
+              version: info.version,
+              host: info.host,
+              port: info.port,
+              config: info.config,
+              metrics,
             }
           : null}
-        .logs=${[]}
-        @start=${() => {
-          appstate.servicesStatePart.dispatchAction(appstate.startPlatformServiceAction, {
-            serviceType: this.selectedPlatformType as any,
+        .logs=${this.servicesState.currentPlatformServiceLogs.map((log) => ({
+          timestamp: new Date(log.timestamp).toISOString(),
+          level: log.level,
+          message: log.message,
+        }))}
+        @back=${() => {
+          this.currentView = 'list';
+        }}
+        @start=${async () => {
+          await appstate.servicesStatePart.dispatchAction(appstate.startPlatformServiceAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
+          });
+          // Refresh stats after starting
+          appstate.servicesStatePart.dispatchAction(appstate.fetchPlatformServiceStatsAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
           });
         }}
-        @stop=${() => {
-          appstate.servicesStatePart.dispatchAction(appstate.stopPlatformServiceAction, {
-            serviceType: this.selectedPlatformType as any,
+        @stop=${async () => {
+          await appstate.servicesStatePart.dispatchAction(appstate.stopPlatformServiceAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
+          });
+        }}
+        @restart=${async () => {
+          await appstate.servicesStatePart.dispatchAction(appstate.stopPlatformServiceAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
+          });
+          await appstate.servicesStatePart.dispatchAction(appstate.startPlatformServiceAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
+          });
+          appstate.servicesStatePart.dispatchAction(appstate.fetchPlatformServiceStatsAction, {
+            serviceType: this.selectedPlatformType as interfaces.data.TPlatformServiceType,
           });
         }}
       ></sz-platform-service-detail-view>

ts_web/plugins.ts

@@ -5,9 +5,13 @@ import * as deesCatalog from '@design.estate/dees-catalog';
 // @serve.zone scope — side-effect import registers all sz-* custom elements
 import '@serve.zone/catalog';
 
+// TypedSocket for real-time server push (logs, events)
+import * as typedsocket from '@api.global/typedsocket';
+
 export {
   deesElement,
   deesCatalog,
+  typedsocket,
 };
 
 // domtools gives us TypedRequest, smartstate, smartrouter, and other utilities