feat: separate NPM and Traefik settings tabs, add Events to sidebar nav

- Create /settings/npm page with NPM credentials + SSL certificate picker - Create /settings/traefik page with entrypoint, cert resolver, network, API URL + labels reference - Dynamic settings nav: NPM/Traefik tabs only visible when respective provider is selected - Remove inline Traefik config from general settings page - Remove old credentials page (replaced by NPM tab) - Add Events page to sidebar navigation - Fix SystemHealthCard after standalone proxy removal
2026-04-04 23:27:00 +03:00
parent 308547a3d7
commit 1aa9c3f0e9
8 changed files with 332 additions and 269 deletions
@@ -248,6 +248,10 @@
    "proxyNoneDesc": "No proxy — containers are accessed directly by port",
    "proxyNpm": "Nginx Proxy Manager",
    "proxyNpmDesc": "Routes managed via NPM API (configure credentials below)",
    "npm": "Nginx Proxy Manager",
    "traefik": "Traefik",
    "traefikLabelsTitle": "Docker Labels Reference",
    "traefikLabelsDesc": "These labels are automatically added to deployed containers. Shown here for reference.",
    "proxyTraefik": "Traefik",
    "proxyTraefikDesc": "Auto-discovery via Docker labels — no API calls needed",
    "proxyNoneWarning": "Switching to None does not remove existing proxy routes. You may need to clean them up manually.",
@@ -248,6 +248,10 @@
    "proxyNoneDesc": "Без прокси — контейнеры доступны напрямую по порту",
    "proxyNpm": "Nginx Proxy Manager",
    "proxyNpmDesc": "Маршруты через NPM API (настройте учётные данные ниже)",
    "npm": "Nginx Proxy Manager",
    "traefik": "Traefik",
    "traefikLabelsTitle": "Справка по Docker-меткам",
    "traefikLabelsDesc": "Эти метки автоматически добавляются к развёрнутым контейнерам. Показаны для справки.",
    "proxyTraefik": "Traefik",
    "proxyTraefikDesc": "Автообнаружение через Docker-метки — без API-вызовов",
    "proxyNoneWarning": "Переключение на «Нет» не удаляет существующие прокси-маршруты. Возможно, потребуется очистить их вручную.",
@@ -6,7 +6,7 @@
 	import Toast from '$lib/components/Toast.svelte';
 	import ThemeToggle from '$lib/components/ThemeToggle.svelte';
 	import LocaleSwitcher from '$lib/components/LocaleSwitcher.svelte';
-	import { IconDashboard, IconProjects, IconDeploy, IconSettings, IconMenu, IconX, IconLogout, IconChevronDown } from '$lib/components/icons';
+	import { IconDashboard, IconProjects, IconDeploy, IconEvents, IconSettings, IconMenu, IconX, IconLogout, IconChevronDown } from '$lib/components/icons';
 	import { goto } from '$app/navigation';
 	import { connectGlobalEvents, type SSEConnection } from '$lib/sse';
 	import { instanceStatusStore } from '$lib/stores/instance-status';
@@ -26,6 +26,7 @@
 		{ href: '/', labelKey: 'nav.dashboard', icon: 'dashboard' },
 		{ href: '/projects', labelKey: 'nav.projects', icon: 'projects' },
 		{ href: '/deploy', labelKey: 'nav.deploy', icon: 'deploy' },
 		{ href: '/events', labelKey: 'nav.events', icon: 'events' },
 		{ href: '/settings', labelKey: 'nav.settings', icon: 'settings' }
 	] as const;
@@ -169,6 +170,8 @@
 						<IconProjects size={18} class="{active ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)] group-hover:text-[var(--text-secondary)]'} transition-colors duration-150" />
 					{:else if item.icon === 'deploy'}
 						<IconDeploy size={18} class="{active ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)] group-hover:text-[var(--text-secondary)]'} transition-colors duration-150" />
 					{:else if item.icon === 'events'}
 						<IconEvents size={18} class="{active ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)] group-hover:text-[var(--text-secondary)]'} transition-colors duration-150" />
 					{:else if item.icon === 'settings'}
 						<IconSettings size={18} class="{active ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)] group-hover:text-[var(--text-secondary)]'} transition-colors duration-150" />
 					{/if}
@@ -1,23 +1,37 @@
 <script lang="ts">
 	import type { Snippet } from 'svelte';
 	import { page } from '$app/stores';
 	import { getSettings } from '$lib/api';
 	import { t } from '$lib/i18n';
-	import { IconSettings, IconDatabase, IconKey, IconShield, IconHardDrive } from '$lib/components/icons';
+	import { IconSettings, IconDatabase, IconShield, IconHardDrive, IconWifi } from '$lib/components/icons';
 	interface Props {
 		children: Snippet;
 	}
 	let { children }: Props = $props();
 	let proxyProvider = $state('npm');
-	const navItems = [
+	// Load the proxy provider setting to show/hide tabs.
-		{ href: '/settings', labelKey: 'settings.general', icon: 'general' },
+	$effect(() => {
-		{ href: '/settings/registries', labelKey: 'settings.registries', icon: 'registries' },
+		getSettings().then((s) => {
-		{ href: '/settings/credentials', labelKey: 'settings.credentials', icon: 'credentials' },
+			proxyProvider = s.proxy_provider ?? 'npm';
-		{ href: '/settings/auth', labelKey: 'settings.authentication', icon: 'auth' },
+		}).catch(() => {});
-		{ href: '/settings/backup', labelKey: 'settings.backup', icon: 'backup' }
+	});
 	const baseItems = [
 		{ href: '/settings', labelKey: 'settings.general', icon: 'general', always: true },
 		{ href: '/settings/registries', labelKey: 'settings.registries', icon: 'registries', always: true },
 		{ href: '/settings/npm', labelKey: 'settings.npm', icon: 'npm', provider: 'npm' },
 		{ href: '/settings/traefik', labelKey: 'settings.traefik', icon: 'traefik', provider: 'traefik' },
 		{ href: '/settings/auth', labelKey: 'settings.authentication', icon: 'auth', always: true },
 		{ href: '/settings/backup', labelKey: 'settings.backup', icon: 'backup', always: true }
 	];
 	const navItems = $derived(
 		baseItems.filter((item) => item.always || item.provider === proxyProvider)
 	);
 	let currentPath = $derived($page.url.pathname);
 	function isActive(href: string): boolean {
@@ -46,8 +60,8 @@
 								<IconSettings size={16} class="{isActive(item.href) ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)]'}" />
 							{:else if item.icon === 'registries'}
 								<IconDatabase size={16} class="{isActive(item.href) ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)]'}" />
-							{:else if item.icon === 'credentials'}
+							{:else if item.icon === 'npm' || item.icon === 'traefik'}
-								<IconKey size={16} class="{isActive(item.href) ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)]'}" />
+								<IconWifi size={16} class="{isActive(item.href) ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)]'}" />
 							{:else if item.icon === 'auth'}
 								<IconShield size={16} class="{isActive(item.href) ? 'text-[var(--color-brand-600)]' : 'text-[var(--text-tertiary)]'}" />
 							{:else if item.icon === 'backup'}
@@ -26,12 +26,6 @@
 	// Proxy provider state.
 	let proxyProvider = $state('npm');
 	// Traefik settings state.
 	let traefikEntrypoint = $state('websecure');
 	let traefikCertResolver = $state('letsencrypt');
 	let traefikNetwork = $state('');
 	let traefikApiUrl = $state('');
 	// DNS settings state.
 	let wildcardDns = $state(true);
 	let dnsProvider = $state('');
@@ -97,10 +91,6 @@
 			notificationUrl = settings.notification_url ?? '';
 			staleThresholdDays = String(settings.stale_threshold_days ?? 7);
 			proxyProvider = settings.proxy_provider ?? 'npm';
 			traefikEntrypoint = settings.traefik_entrypoint ?? 'websecure';
 			traefikCertResolver = settings.traefik_cert_resolver ?? 'letsencrypt';
 			traefikNetwork = settings.traefik_network ?? '';
 			traefikApiUrl = settings.traefik_api_url ?? '';
 			wildcardDns = settings.wildcard_dns ?? true;
 			dnsProvider = settings.dns_provider ?? '';
 			hasCloudflareApiToken = settings.has_cloudflare_api_token ?? false;
@@ -128,10 +118,6 @@
 				subdomain_pattern: subdomainPattern.trim(), polling_interval: pollingInterval.trim(),
 				base_volume_path: baseVolumePath.trim(), notification_url: notificationUrl.trim(),
 				proxy_provider: proxyProvider,
 				traefik_entrypoint: traefikEntrypoint.trim() || 'websecure',
 				traefik_cert_resolver: traefikCertResolver.trim(),
 				traefik_network: traefikNetwork.trim(),
 				traefik_api_url: traefikApiUrl.trim(),
 				stale_threshold_days: Math.max(1, parseInt(staleThresholdDays, 10) || 7),
 				wildcard_dns: wildcardDns,
 				dns_provider: wildcardDns ? '' : dnsProvider,
@@ -317,18 +303,8 @@
 						<p class="text-sm text-amber-800 dark:text-amber-300">{$t('settings.proxyNoneWarning')}</p>
 					</div>
 				{/if}
 				{#if proxyProvider === 'traefik'}
 					<div class="mt-3 grid grid-cols-1 gap-3 sm:grid-cols-2 rounded-lg border border-[var(--border-primary)] bg-[var(--surface-card-hover)] p-4">
 						<FormField label={$t('settings.traefikEntrypoint')} name="traefikEntrypoint" bind:value={traefikEntrypoint} placeholder="websecure" helpText={$t('settings.traefikEntrypointHelp')} />
 						<FormField label={$t('settings.traefikCertResolver')} name="traefikCertResolver" bind:value={traefikCertResolver} placeholder="letsencrypt" helpText={$t('settings.traefikCertResolverHelp')} />
 						<FormField label={$t('settings.traefikNetwork')} name="traefikNetwork" bind:value={traefikNetwork} placeholder="" helpText={$t('settings.traefikNetworkHelp')} />
 						<FormField label={$t('settings.traefikApiUrl')} name="traefikApiUrl" bind:value={traefikApiUrl} placeholder="http://traefik:8080" helpText={$t('settings.traefikApiUrlHelp')} />
 					</div>
 				{/if}
 			</div>
 			<!-- SSL Certificate moved to Credentials page -->
 			<!-- Stale Detection -->
 			<div class="mt-6 border-t border-[var(--border-primary)] pt-4">
 				<h3 class="mb-3 text-sm font-semibold text-[var(--text-primary)]">{$t('stale.title')}</h3>
@@ -1,127 +1,5 @@
 <script lang="ts">
 	import { getSettings, updateSettings, listNpmCertificates } from '$lib/api';
 	import type { EntityPickerItem } from '$lib/types';
 	import FormField from '$lib/components/FormField.svelte';
 	import EntityPicker from '$lib/components/EntityPicker.svelte';
 	import Skeleton from '$lib/components/Skeleton.svelte';
 	import { toasts } from '$lib/stores/toast';
 	import { t } from '$lib/i18n';
 	import { IconLoader, IconCheck, IconEdit, IconShield, IconX } from '$lib/components/icons';
 	let loading = $state(true);
 	let saving = $state(false);
 	let proxyProvider = $state('npm');
 	let npmUrl = $state('');
 	let npmEmail = $state('');
 	let npmPassword = $state('');
 	let npmHasCredentials = $state(false);
 	let editingNpm = $state(false);
 	let errors = $state<Record<string, string>>({});
 	// SSL certificate state
 	let sslCertificateId = $state(0);
 	let sslCertName = $state('');
 	let certPickerOpen = $state(false);
 	let certPickerItems = $state<EntityPickerItem[]>([]);
 	let loadingCerts = $state(false);
 	function validateNpmForm(): boolean {
 		const newErrors: Record<string, string> = {};
 		if (!npmUrl.trim()) { newErrors.npmUrl = $t('validation.required', { field: 'NPM URL' }); } else { try { new URL(npmUrl.trim()); } catch { newErrors.npmUrl = $t('validation.invalidUrl'); } }
 		if (!npmEmail.trim()) { newErrors.npmEmail = $t('validation.required', { field: 'Email' }); } else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(npmEmail.trim())) { newErrors.npmEmail = $t('validation.invalidEmail'); }
 		if (editingNpm && !npmPassword.trim()) { newErrors.npmPassword = $t('validation.requiredWhenUpdating', { field: 'Password' }); }
 		errors = newErrors;
 		return Object.keys(newErrors).length === 0;
 	}
 	async function loadCredentials() {
 		loading = true;
 		try {
 			const settings = await getSettings();
 			proxyProvider = settings.proxy_provider ?? 'npm';
 			npmUrl = settings.npm_url ?? '';
 			npmEmail = settings.npm_email ?? '';
 			npmHasCredentials = !!(settings.npm_url && settings.npm_email);
 			npmPassword = '';
 			sslCertificateId = settings.ssl_certificate_id ?? 0;
 		} catch (err) { toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.loadFailed')); } finally { loading = false; }
 	}
 	async function handleSaveNpm() {
 		if (!validateNpmForm()) return;
 		saving = true;
 		try {
 			const payload: Record<string, unknown> = { npm_url: npmUrl.trim(), npm_email: npmEmail.trim() };
 			if (npmPassword.trim()) payload.npm_password = npmPassword.trim();
 			await updateSettings(payload);
 			npmHasCredentials = true;
 			editingNpm = false;
 			npmPassword = '';
 			toasts.success($t('settingsCredentials.saved'));
 		} catch (err) { toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.saveFailed')); } finally { saving = false; }
 	}
 	async function openCertPicker() {
 		loadingCerts = true;
 		try {
 			const certs = await listNpmCertificates();
 			if (certs.length === 0) {
 				toasts.info($t('settingsGeneral.noCertificatesFound'));
 				return;
 			}
 			certPickerItems = certs.map((cert): EntityPickerItem => ({
 				value: String(cert.id),
 				label: cert.nice_name || `Certificate #${cert.id}`,
 				description: cert.domain_names.join(', ')
 			}));
 			certPickerOpen = true;
 		} catch (err) {
 			toasts.error(err instanceof Error ? err.message : $t('settingsGeneral.noCertificatesFound'));
 		} finally {
 			loadingCerts = false;
 		}
 	}
 	async function saveCertificate(id: number) {
 		try {
 			await updateSettings({ ssl_certificate_id: id });
 			toasts.success($t('settingsCredentials.saved'));
 		} catch (err) {
 			toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.saveFailed'));
 		}
 	}
 	function handleCertSelect(value: string) {
 		sslCertificateId = parseInt(value, 10);
 		const item = certPickerItems.find((i) => i.value === value);
 		sslCertName = item?.label ?? '';
 		certPickerOpen = false;
 		saveCertificate(sslCertificateId);
 	}
 	function clearCertificate() {
 		sslCertificateId = 0;
 		sslCertName = '';
 		saveCertificate(0);
 	}
 	async function resolveCertName() {
 		if (sslCertificateId <= 0) return;
 		try {
 			const certs = await listNpmCertificates();
 			const match = certs.find((c) => c.id === sslCertificateId);
 			sslCertName = match ? (match.nice_name || `Certificate #${match.id}`) : `Certificate #${sslCertificateId}`;
 		} catch {
 			sslCertName = `Certificate #${sslCertificateId}`;
 		}
 	}
 	async function init() {
 		await loadCredentials();
 		await resolveCertName();
 	}
 	$effect(() => { init(); });
 </script>
 <svelte:head>
@@ -130,118 +8,11 @@
 <div class="space-y-6">
 	<div>
-		<h2 class="text-lg font-semibold text-[var(--text-primary)]">{$t('settingsCredentials.title')}</h2>
+		<h2 class="text-lg font-semibold text-[var(--text-primary)]">{$t('settingsCredentials.registryTokens')}</h2>
-		<p class="text-sm text-[var(--text-secondary)]">{$t('settingsCredentials.description')}</p>
+		<p class="text-sm text-[var(--text-secondary)]">
 			{$t('settingsCredentials.registryTokensDesc')}
 			<a href="/settings/registries" class="text-[var(--text-link)] hover:text-[var(--text-link-hover)] underline transition-colors">{$t('settingsCredentials.registriesLink')}</a>
 			{$t('settingsCredentials.registryTokensSuffix')}
 		</p>
 	</div>
 	{#if loading}
 		<div class="space-y-4"><Skeleton height="12rem" /></div>
 	{:else}
 		{#if proxyProvider === 'npm'}
 		<!-- NPM Credentials -->
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<div class="flex items-center justify-between mb-4">
 				<div>
 					<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settingsCredentials.npm')}</h3>
 					<p class="text-xs text-[var(--text-tertiary)]">{$t('settingsCredentials.npmDesc')}</p>
 				</div>
 				{#if npmHasCredentials && !editingNpm}
 					<span class="inline-flex items-center gap-1 rounded-full bg-emerald-50 px-2.5 py-0.5 text-xs font-medium text-emerald-700">
 						<IconCheck size={12} />
 						{$t('settingsCredentials.configured')}
 					</span>
 				{/if}
 			</div>
 			{#if !editingNpm && npmHasCredentials}
 				<div class="space-y-2">
 					{#each [{ label: $t('settingsCredentials.npmUrl'), value: npmUrl }, { label: $t('settingsCredentials.email'), value: npmEmail }, { label: $t('settingsCredentials.password'), value: '--------' }] as item}
 						<div class="flex items-center justify-between rounded-lg bg-[var(--surface-card-hover)] px-4 py-2.5">
 							<div>
 								<p class="text-xs font-medium text-[var(--text-tertiary)]">{item.label}</p>
 								<p class="text-sm text-[var(--text-secondary)] {item.label === $t('settingsCredentials.password') ? 'font-mono' : ''}">{item.value || $t('settingsCredentials.notSet')}</p>
 							</div>
 						</div>
 					{/each}
 					<button onclick={() => { editingNpm = true; }} class="mt-3 inline-flex items-center gap-2 rounded-lg border border-[var(--border-primary)] px-4 py-2 text-sm font-medium text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors">
 						<IconEdit size={16} />
 						{$t('settingsCredentials.changeCredentials')}
 					</button>
 				</div>
 			{:else}
 				<div class="space-y-4">
 					<FormField label={$t('settingsCredentials.npmUrl')} name="npmUrl" bind:value={npmUrl} placeholder="http://npm:81" required error={errors.npmUrl ?? ''} helpText={$t('settingsCredentials.npmUrlHelp')} />
 					<FormField label={$t('settingsCredentials.email')} name="npmEmail" type="email" bind:value={npmEmail} placeholder="admin@example.com" required error={errors.npmEmail ?? ''} helpText={$t('settingsCredentials.emailHelp')} />
 					<FormField label={$t('settingsCredentials.password')} name="npmPassword" type="password" bind:value={npmPassword} placeholder={npmHasCredentials ? '(enter new password)' : 'npm-password'} required={editingNpm} error={errors.npmPassword ?? ''} helpText={npmHasCredentials ? $t('settingsCredentials.passwordHelpEdit') : $t('settingsCredentials.passwordHelpNew')} />
 					<div class="flex gap-3">
 						<button onclick={handleSaveNpm} disabled={saving} class="inline-flex items-center gap-2 rounded-lg bg-[var(--color-brand-600)] px-4 py-2.5 text-sm font-medium text-white shadow-sm hover:bg-[var(--color-brand-700)] disabled:opacity-50 transition-colors active:animate-press">
 							{#if saving}<IconLoader size={16} />{/if}
 							{saving ? $t('settingsCredentials.saving') : $t('settingsCredentials.save')}
 						</button>
 						{#if npmHasCredentials}
 							<button onclick={() => { editingNpm = false; npmPassword = ''; errors = {}; }} class="rounded-lg border border-[var(--border-primary)] px-4 py-2.5 text-sm font-medium text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors">
 								{$t('common.cancel')}
 							</button>
 						{/if}
 					</div>
 				</div>
 			{/if}
 		</div>
 		<!-- SSL Certificate -->
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<div class="flex items-start gap-3">
 				<div class="flex-1">
 					<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settingsGeneral.sslCertificate')}</h3>
 					<p class="mt-0.5 text-xs text-[var(--text-tertiary)]">{$t('settingsGeneral.sslCertificateHelp')}</p>
 					<div class="mt-3 flex items-center gap-2">
 						<button
 							type="button"
 							onclick={openCertPicker}
 							disabled={loadingCerts}
 							class="inline-flex items-center gap-2 rounded-lg border border-[var(--border-primary)] px-3 py-2 text-sm text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors disabled:opacity-50"
 						>
 							<IconShield size={16} />
 							{#if loadingCerts}
 								{$t('settingsGeneral.loadingCertificates')}
 							{:else if sslCertificateId > 0 && sslCertName}
 								{sslCertName}
 							{:else}
 								{$t('settingsGeneral.noCertificate')}
 							{/if}
 						</button>
 						{#if sslCertificateId > 0}
 							<button
 								type="button"
 								onclick={clearCertificate}
 								class="inline-flex items-center gap-1 rounded-lg border border-[var(--border-primary)] px-2 py-2 text-sm text-[var(--text-tertiary)] hover:text-[var(--color-danger)] hover:bg-[var(--surface-card-hover)] transition-colors"
 								title={$t('settingsGeneral.clearCertificate')}
 							>
 								<IconX size={14} />
 							</button>
 						{/if}
 					</div>
 				</div>
 			</div>
 		</div>
 		{/if}
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settingsCredentials.registryTokens')}</h3>
 			<p class="mt-1 text-sm text-[var(--text-secondary)]">
 				{$t('settingsCredentials.registryTokensDesc')}
 				<a href="/settings/registries" class="text-[var(--text-link)] hover:text-[var(--text-link-hover)] underline transition-colors">{$t('settingsCredentials.registriesLink')}</a>
 				{$t('settingsCredentials.registryTokensSuffix')}
 			</p>
 		</div>
 	{/if}
 </div>
 <EntityPicker
 	bind:open={certPickerOpen}
 	items={certPickerItems}
 	current={String(sslCertificateId)}
 	title={$t('settingsGeneral.selectCertificate')}
 	onselect={handleCertSelect}
 	onclose={() => { certPickerOpen = false; }}
 />
@@ -0,0 +1,204 @@
 <script lang="ts">
 	import { getSettings, updateSettings, listNpmCertificates } from '$lib/api';
 	import type { EntityPickerItem } from '$lib/types';
 	import FormField from '$lib/components/FormField.svelte';
 	import EntityPicker from '$lib/components/EntityPicker.svelte';
 	import Skeleton from '$lib/components/Skeleton.svelte';
 	import { toasts } from '$lib/stores/toast';
 	import { t } from '$lib/i18n';
 	import { IconLoader, IconCheck, IconEdit, IconShield, IconX } from '$lib/components/icons';
 	let loading = $state(true);
 	let saving = $state(false);
 	let npmUrl = $state('');
 	let npmEmail = $state('');
 	let npmPassword = $state('');
 	let npmHasCredentials = $state(false);
 	let editingNpm = $state(false);
 	let errors = $state<Record<string, string>>({});
 	let sslCertificateId = $state(0);
 	let sslCertName = $state('');
 	let certPickerOpen = $state(false);
 	let certPickerItems = $state<EntityPickerItem[]>([]);
 	let loadingCerts = $state(false);
 	function validateNpmForm(): boolean {
 		const newErrors: Record<string, string> = {};
 		if (!npmUrl.trim()) { newErrors.npmUrl = $t('validation.required', { field: 'NPM URL' }); } else { try { new URL(npmUrl.trim()); } catch { newErrors.npmUrl = $t('validation.invalidUrl'); } }
 		if (!npmEmail.trim()) { newErrors.npmEmail = $t('validation.required', { field: 'Email' }); } else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(npmEmail.trim())) { newErrors.npmEmail = $t('validation.invalidEmail'); }
 		if (editingNpm && !npmPassword.trim()) { newErrors.npmPassword = $t('validation.requiredWhenUpdating', { field: 'Password' }); }
 		errors = newErrors;
 		return Object.keys(newErrors).length === 0;
 	}
 	async function loadData() {
 		loading = true;
 		try {
 			const settings = await getSettings();
 			npmUrl = settings.npm_url ?? '';
 			npmEmail = settings.npm_email ?? '';
 			npmHasCredentials = !!(settings.npm_url && settings.npm_email);
 			npmPassword = '';
 			sslCertificateId = settings.ssl_certificate_id ?? 0;
 		} catch (err) { toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.loadFailed')); } finally { loading = false; }
 	}
 	async function handleSaveNpm() {
 		if (!validateNpmForm()) return;
 		saving = true;
 		try {
 			const payload: Record<string, unknown> = { npm_url: npmUrl.trim(), npm_email: npmEmail.trim() };
 			if (npmPassword.trim()) payload.npm_password = npmPassword.trim();
 			await updateSettings(payload);
 			npmHasCredentials = true;
 			editingNpm = false;
 			npmPassword = '';
 			toasts.success($t('settingsCredentials.saved'));
 		} catch (err) { toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.saveFailed')); } finally { saving = false; }
 	}
 	async function openCertPicker() {
 		loadingCerts = true;
 		try {
 			const certs = await listNpmCertificates();
 			if (certs.length === 0) { toasts.info($t('settingsGeneral.noCertificatesFound')); return; }
 			certPickerItems = certs.map((cert): EntityPickerItem => ({
 				value: String(cert.id),
 				label: cert.nice_name || `Certificate #${cert.id}`,
 				description: cert.domain_names.join(', ')
 			}));
 			certPickerOpen = true;
 		} catch (err) {
 			toasts.error(err instanceof Error ? err.message : $t('settingsGeneral.noCertificatesFound'));
 		} finally { loadingCerts = false; }
 	}
 	async function saveCertificate(id: number) {
 		try { await updateSettings({ ssl_certificate_id: id }); toasts.success($t('settingsCredentials.saved')); }
 		catch (err) { toasts.error(err instanceof Error ? err.message : $t('settingsCredentials.saveFailed')); }
 	}
 	function handleCertSelect(value: string) {
 		sslCertificateId = parseInt(value, 10);
 		const item = certPickerItems.find((i) => i.value === value);
 		sslCertName = item?.label ?? '';
 		certPickerOpen = false;
 		saveCertificate(sslCertificateId);
 	}
 	function clearCertificate() { sslCertificateId = 0; sslCertName = ''; saveCertificate(0); }
 	async function resolveCertName() {
 		if (sslCertificateId <= 0) return;
 		try {
 			const certs = await listNpmCertificates();
 			const match = certs.find((c) => c.id === sslCertificateId);
 			sslCertName = match ? (match.nice_name || `Certificate #${match.id}`) : `Certificate #${sslCertificateId}`;
 		} catch { sslCertName = `Certificate #${sslCertificateId}`; }
 	}
 	async function init() { await loadData(); await resolveCertName(); }
 	$effect(() => { init(); });
 </script>
 <svelte:head>
 	<title>{$t('settings.npm')} - {$t('app.name')}</title>
 </svelte:head>
 <div class="space-y-6">
 	<div>
 		<h2 class="text-lg font-semibold text-[var(--text-primary)]">{$t('settings.npm')}</h2>
 		<p class="text-sm text-[var(--text-secondary)]">{$t('settingsCredentials.npmDesc')}</p>
 	</div>
 	{#if loading}
 		<div class="space-y-4"><Skeleton height="12rem" /></div>
 	{:else}
 		<!-- NPM Credentials -->
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<div class="flex items-center justify-between mb-4">
 				<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settingsCredentials.npm')}</h3>
 				{#if npmHasCredentials && !editingNpm}
 					<span class="inline-flex items-center gap-1 rounded-full bg-emerald-50 dark:bg-emerald-950/30 px-2.5 py-0.5 text-xs font-medium text-emerald-700 dark:text-emerald-400">
 						<IconCheck size={12} />
 						{$t('settingsCredentials.configured')}
 					</span>
 				{/if}
 			</div>
 			{#if !editingNpm && npmHasCredentials}
 				<div class="space-y-2">
 					{#each [{ label: $t('settingsCredentials.npmUrl'), value: npmUrl }, { label: $t('settingsCredentials.email'), value: npmEmail }, { label: $t('settingsCredentials.password'), value: '--------' }] as item}
 						<div class="flex items-center justify-between rounded-lg bg-[var(--surface-card-hover)] px-4 py-2.5">
 							<div>
 								<p class="text-xs font-medium text-[var(--text-tertiary)]">{item.label}</p>
 								<p class="text-sm text-[var(--text-secondary)] {item.label === $t('settingsCredentials.password') ? 'font-mono' : ''}">{item.value || $t('settingsCredentials.notSet')}</p>
 							</div>
 						</div>
 					{/each}
 					<button onclick={() => { editingNpm = true; }} class="mt-3 inline-flex items-center gap-2 rounded-lg border border-[var(--border-primary)] px-4 py-2 text-sm font-medium text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors">
 						<IconEdit size={16} />
 						{$t('settingsCredentials.changeCredentials')}
 					</button>
 				</div>
 			{:else}
 				<div class="space-y-4">
 					<FormField label={$t('settingsCredentials.npmUrl')} name="npmUrl" bind:value={npmUrl} placeholder="http://npm:81" required error={errors.npmUrl ?? ''} helpText={$t('settingsCredentials.npmUrlHelp')} />
 					<FormField label={$t('settingsCredentials.email')} name="npmEmail" type="email" bind:value={npmEmail} placeholder="admin@example.com" required error={errors.npmEmail ?? ''} helpText={$t('settingsCredentials.emailHelp')} />
 					<FormField label={$t('settingsCredentials.password')} name="npmPassword" type="password" bind:value={npmPassword} placeholder={npmHasCredentials ? '(enter new password)' : 'npm-password'} required={editingNpm} error={errors.npmPassword ?? ''} helpText={npmHasCredentials ? $t('settingsCredentials.passwordHelpEdit') : $t('settingsCredentials.passwordHelpNew')} />
 					<div class="flex gap-3">
 						<button onclick={handleSaveNpm} disabled={saving} class="inline-flex items-center gap-2 rounded-lg bg-[var(--color-brand-600)] px-4 py-2.5 text-sm font-medium text-white shadow-sm hover:bg-[var(--color-brand-700)] disabled:opacity-50 transition-colors active:animate-press">
 							{#if saving}<IconLoader size={16} />{/if}
 							{saving ? $t('settingsCredentials.saving') : $t('settingsCredentials.save')}
 						</button>
 						{#if npmHasCredentials}
 							<button onclick={() => { editingNpm = false; npmPassword = ''; errors = {}; }} class="rounded-lg border border-[var(--border-primary)] px-4 py-2.5 text-sm font-medium text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors">
 								{$t('common.cancel')}
 							</button>
 						{/if}
 					</div>
 				</div>
 			{/if}
 		</div>
 		<!-- SSL Certificate -->
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<div class="flex items-start gap-3">
 				<div class="flex-1">
 					<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settingsGeneral.sslCertificate')}</h3>
 					<p class="mt-0.5 text-xs text-[var(--text-tertiary)]">{$t('settingsGeneral.sslCertificateHelp')}</p>
 					<div class="mt-3 flex items-center gap-2">
 						<button type="button" onclick={openCertPicker} disabled={loadingCerts}
 							class="inline-flex items-center gap-2 rounded-lg border border-[var(--border-primary)] px-3 py-2 text-sm text-[var(--text-secondary)] hover:bg-[var(--surface-card-hover)] transition-colors disabled:opacity-50">
 							<IconShield size={16} />
 							{#if loadingCerts}
 								{$t('settingsGeneral.loadingCertificates')}
 							{:else if sslCertificateId > 0 && sslCertName}
 								{sslCertName}
 							{:else}
 								{$t('settingsGeneral.noCertificate')}
 							{/if}
 						</button>
 						{#if sslCertificateId > 0}
 							<button type="button" onclick={clearCertificate}
 								class="inline-flex items-center gap-1 rounded-lg border border-[var(--border-primary)] px-2 py-2 text-sm text-[var(--text-tertiary)] hover:text-[var(--color-danger)] hover:bg-[var(--surface-card-hover)] transition-colors"
 								title={$t('settingsGeneral.clearCertificate')}>
 								<IconX size={14} />
 							</button>
 						{/if}
 					</div>
 				</div>
 			</div>
 		</div>
 	{/if}
 </div>
 <EntityPicker
 	bind:open={certPickerOpen}
 	items={certPickerItems}
 	current={String(sslCertificateId)}
 	title={$t('settingsGeneral.selectCertificate')}
 	onselect={handleCertSelect}
 	onclose={() => { certPickerOpen = false; }}
 />
@@ -0,0 +1,87 @@
 <script lang="ts">
 	import { getSettings, updateSettings } from '$lib/api';
 	import FormField from '$lib/components/FormField.svelte';
 	import Skeleton from '$lib/components/Skeleton.svelte';
 	import { toasts } from '$lib/stores/toast';
 	import { t } from '$lib/i18n';
 	import { IconLoader } from '$lib/components/icons';
 	let loading = $state(true);
 	let saving = $state(false);
 	let traefikEntrypoint = $state('websecure');
 	let traefikCertResolver = $state('letsencrypt');
 	let traefikNetwork = $state('');
 	let traefikApiUrl = $state('');
 	async function loadData() {
 		loading = true;
 		try {
 			const settings = await getSettings();
 			traefikEntrypoint = settings.traefik_entrypoint ?? 'websecure';
 			traefikCertResolver = settings.traefik_cert_resolver ?? 'letsencrypt';
 			traefikNetwork = settings.traefik_network ?? '';
 			traefikApiUrl = settings.traefik_api_url ?? '';
 		} catch (err) {
 			toasts.error(err instanceof Error ? err.message : $t('settingsGeneral.loadFailed'));
 		} finally { loading = false; }
 	}
 	async function handleSave() {
 		saving = true;
 		try {
 			await updateSettings({
 				traefik_entrypoint: traefikEntrypoint.trim() || 'websecure',
 				traefik_cert_resolver: traefikCertResolver.trim(),
 				traefik_network: traefikNetwork.trim(),
 				traefik_api_url: traefikApiUrl.trim()
 			} as any);
 			toasts.success($t('settingsGeneral.saved'));
 		} catch (err) {
 			toasts.error(err instanceof Error ? err.message : $t('settingsGeneral.saveFailed'));
 		} finally { saving = false; }
 	}
 	$effect(() => { loadData(); });
 </script>
 <svelte:head>
 	<title>{$t('settings.traefik')} - {$t('app.name')}</title>
 </svelte:head>
 <div class="space-y-6">
 	<div>
 		<h2 class="text-lg font-semibold text-[var(--text-primary)]">{$t('settings.traefik')}</h2>
 		<p class="text-sm text-[var(--text-secondary)]">{$t('settings.proxyTraefikDesc')}</p>
 	</div>
 	{#if loading}
 		<div class="space-y-4"><Skeleton height="12rem" /></div>
 	{:else}
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<div class="grid grid-cols-1 gap-4 sm:grid-cols-2">
 				<FormField label={$t('settings.traefikEntrypoint')} name="traefikEntrypoint" bind:value={traefikEntrypoint} placeholder="websecure" helpText={$t('settings.traefikEntrypointHelp')} />
 				<FormField label={$t('settings.traefikCertResolver')} name="traefikCertResolver" bind:value={traefikCertResolver} placeholder="letsencrypt" helpText={$t('settings.traefikCertResolverHelp')} />
 				<FormField label={$t('settings.traefikNetwork')} name="traefikNetwork" bind:value={traefikNetwork} placeholder="" helpText={$t('settings.traefikNetworkHelp')} />
 				<FormField label={$t('settings.traefikApiUrl')} name="traefikApiUrl" bind:value={traefikApiUrl} placeholder="http://traefik:8080" helpText={$t('settings.traefikApiUrlHelp')} />
 			</div>
 			<button onclick={handleSave} disabled={saving}
 				class="mt-6 inline-flex items-center gap-2 rounded-lg bg-[var(--color-brand-600)] px-4 py-2.5 text-sm font-medium text-white shadow-sm hover:bg-[var(--color-brand-700)] disabled:opacity-50 transition-colors active:animate-press">
 				{#if saving}<IconLoader size={16} />{/if}
 				{saving ? $t('settingsGeneral.saving') : $t('settingsGeneral.saveSettings')}
 			</button>
 		</div>
 		<div class="rounded-xl border border-[var(--border-primary)] bg-[var(--surface-card)] p-6 shadow-[var(--shadow-sm)]">
 			<h3 class="text-sm font-semibold text-[var(--text-primary)]">{$t('settings.traefikLabelsTitle')}</h3>
 			<p class="mt-1 text-sm text-[var(--text-secondary)]">{$t('settings.traefikLabelsDesc')}</p>
 			<pre class="mt-3 overflow-x-auto rounded-lg bg-[var(--surface-card-hover)] p-4 text-xs font-mono text-[var(--text-secondary)] leading-relaxed">traefik.enable=true
 traefik.http.routers.&lt;name&gt;.rule=Host(`your-domain.com`)
 traefik.http.routers.&lt;name&gt;.entrypoints={traefikEntrypoint || 'websecure'}
 traefik.http.services.&lt;name&gt;.loadbalancer.server.port=&lt;port&gt;{#if traefikCertResolver}
 traefik.http.routers.&lt;name&gt;.tls.certresolver={traefikCertResolver}{/if}{#if traefikNetwork}
 traefik.docker.network={traefikNetwork}{/if}</pre>
 		</div>
 	{/if}
 </div>