refactor(tui): restructure site form to 2 type-aware pages

Replace 4-page paginated form (17 fields for HTTP) with a 2-page
type-aware layout. Page 1 shows core fields + type-specific target
(URL for HTTP, Hostname for ping, etc). Page 2 shows configuration
with pre-filled defaults. Group type gets 1 page.

Form rebuilds dynamically when monitor type changes, preserving
all entered values via pointer-bound siteFormData. Focus returns
to the Type select after rebuild so users can continue forward.
WithWidth set explicitly on rebuild to prevent placeholder truncation.

.gitea/workflows/release-binaries.yml

@@ -52,3 +52,7 @@ jobs:
           GORELEASER_FORCE_TOKEN: gitea
           GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           GITEA_API_URL: http://gitea:3000/api/v1
+
+      # GitHub release relaying is handled by .github/workflows/mirror-release.yml,
+      # which runs on GitHub Actions when the push mirror delivers the tag and
+      # copies this run's Gitea release assets — no PAT needed on this side.

.gitea/workflows/release-docker.yml

@@ -35,8 +35,12 @@ jobs:
 
           TAGS="lerkolabs/uptop:${TAG}"
           TAGS="${TAGS},lerkolabs/uptop:sha-${SHORT_SHA}"
+          # :latest only for real releases — rc rehearsal tags must not move it
           if [ "${{ github.ref_type }}" = "tag" ]; then
-            TAGS="${TAGS},lerkolabs/uptop:latest"
+            case "$TAG" in
+              *-*) ;;
+              *) TAGS="${TAGS},lerkolabs/uptop:latest" ;;
+            esac
           fi
           echo "tags=$TAGS" >> "$GITHUB_OUTPUT"
 
@@ -52,6 +56,26 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      # Scan must gate the push: build amd64 locally, scan it, and only then run
+      # the multi-arch push (amd64 layers come from the builder cache, so the
+      # second build only adds the arm64 work).
+      - name: Build for scan (amd64, local)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          load: true
+          platforms: linux/amd64
+          tags: uptop-scan:${{ steps.meta.outputs.tag }}
+          build-args: |
+            VERSION=${{ steps.meta.outputs.tag }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ github.event.head_commit.timestamp }}
+
+      - name: Scan image for CVEs
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.114.0
+          grype uptop-scan:${{ steps.meta.outputs.tag }} --fail-on critical --output table
+
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
@@ -66,11 +90,6 @@ jobs:
             COMMIT=${{ github.sha }}
             BUILD_DATE=${{ github.event.head_commit.timestamp }}
 
-      - name: Scan image for CVEs
-        run: |
-          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.114.0
-          grype lerkolabs/uptop:${{ steps.meta.outputs.tag }} --fail-on critical --output table
-
       - name: Update Docker Hub description
         uses: peter-evans/dockerhub-description@v4
         with:
@@ -81,5 +100,7 @@ jobs:
       - name: Cleanup Docker artifacts
         if: always()
         run: |
+          # the scan image is tagged, so image prune won't catch it
+          docker image rm "uptop-scan:${{ steps.meta.outputs.tag }}" 2>/dev/null || true
           docker image prune -f
           docker builder prune -f --keep-storage=2GB

.github/workflows/mirror-release.yml

@@ -19,26 +19,35 @@ jobs:
         run: |
           API="https://gitea.lerkolabs.com/api/v1/repos/lerkolabs/uptop/releases/tags/${TAG}"
 
-          for i in $(seq 1 20); do
+          # 40 x 30s = 20 min: the Gitea release can queue behind the ~18-min
+          # Docker job on the single runner. Asset count must hold steady for
+          # two consecutive polls — GoReleaser uploads one file at a time, and
+          # mirroring mid-upload would publish a partial asset set.
+          PREV_COUNT=0
+          ASSET_COUNT=0
+          for i in $(seq 1 40); do
             if RESPONSE=$(curl -sf "$API" 2>/dev/null); then
               ASSET_COUNT=$(echo "$RESPONSE" | jq '.assets | length')
-              if [ "$ASSET_COUNT" -gt 0 ]; then
+              if [ "$ASSET_COUNT" -gt 0 ] && [ "$ASSET_COUNT" -eq "$PREV_COUNT" ]; then
-                echo "Found release with $ASSET_COUNT assets"
+                echo "Found release with $ASSET_COUNT assets (stable)"
                 break
               fi
-              echo "Release exists but no assets yet... attempt $i/20"
+              echo "Release has $ASSET_COUNT assets (was $PREV_COUNT)... attempt $i/40"
+              PREV_COUNT="$ASSET_COUNT"
             else
-              echo "Waiting for Gitea release... attempt $i/20"
+              echo "Waiting for Gitea release... attempt $i/40"
             fi
             sleep 30
           done
 
           if [ -z "$RESPONSE" ] || [ "$ASSET_COUNT" -eq 0 ]; then
-            echo "::error::Gitea release for ${TAG} not found or has no assets after 10 minutes"
+            echo "::error::Gitea release for ${TAG} not found or has no assets after 20 minutes"
             exit 1
           fi
 
-          echo "$RESPONSE" | jq -r '.body // empty' > /tmp/release-notes.md
+          # select() so an empty-string body produces an empty file — `// empty`
+          # treats "" as truthy and wrote a blank line, defeating this fallback.
+          echo "$RESPONSE" | jq -r '.body | select(. != null and . != "")' > /tmp/release-notes.md
 
           if [ ! -s /tmp/release-notes.md ]; then
             echo "Release ${TAG} from [Gitea](https://gitea.lerkolabs.com/lerkolabs/uptop/releases/tag/${TAG})" > /tmp/release-notes.md
@@ -62,8 +71,11 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TAG: ${{ github.ref_name }}
         run: |
+          PRERELEASE=""
+          case "$TAG" in *-*) PRERELEASE="--prerelease" ;; esac
           gh release create "$TAG" \
             --repo "$GITHUB_REPOSITORY" \
             --title "$TAG" \
             --notes-file /tmp/release-notes.md \
+            $PRERELEASE \
             /tmp/assets/*

.goreleaser.yaml

@@ -8,6 +8,7 @@ release:
   gitea:
     owner: lerkolabs
     name: uptop
+  prerelease: auto
 
 builds:
   - main: ./cmd/uptop
@@ -58,5 +59,7 @@ nfpms:
         dst: /usr/share/doc/uptop/LICENSE
         type: doc
 
-changelog:
+# Changelog generation must stay enabled: the --release-notes flag is consumed
-  disable: true
+# by the changelog pipe, so disabling it silently drops the git-cliff notes
+# (empty release body on v0.1.0-rc.1). With --release-notes set, GoReleaser
+# skips its own generation and uses the file.

.grype.yaml

@@ -1,6 +1,11 @@
 ignore:
-  # CVE-2026-41589: SCP path traversal in charmbracelet/wish.
+  # SCP path traversal in charmbracelet/wish — same flaw, two ids: grype has
+  # matched it as CVE-2026-41589 and as GHSA-xjvp-7243-rg9h depending on db
+  # version, and ignore matching is exact-id, so both stay listed.
   # We only import wish/bubbletea for the SSH TUI server — the vulnerable
-  # scp.Middleware / scp.NewFileSystemHandler symbols are never compiled in.
+  # scp.Middleware / scp.NewFileSystemHandler symbols are never compiled in
-  # No fix available for wish v1; v2 (charm.land/wish/v2) patched in 2.0.1.
+  # (govulncheck reachability agrees). No fix for wish v1; v2
+  # (charm.land/wish/v2 >= 2.0.1) requires the bubbletea-v2 stack migration,
+  # tracked in issue #126. Remove both entries when that lands.
   - vulnerability: CVE-2026-41589
+  - vulnerability: GHSA-xjvp-7243-rg9h

CHANGELOG.md

@@ -1,129 +1,179 @@
 # Changelog
 
-## [2026.06.2] — 2026-06-02 (infrastructure)
+## [v0.1.0] — 2026-06-12
+
+### Added
+
+- initial commit — uptime monitor (forked from go-upkeep)
+- enhanced dashboard with lipgloss tables, huh forms, mouse support, and animations
+- upgrade users tab with lipgloss table, edit support, role select
+- upgrade alerts tab with lipgloss table, click zones, colored types
+- widen Site struct and DB schema for ping, port, dns, group monitor types
+- add ping, port, and DNS check routines
+- add ntfy notification provider with TUI support
+- add Uptime Kuma backup converter with CLI and API
+- add mouse wheel scrolling for all tabs
+- add per-site pause, fix viewport, polish status page
+- add monitor groups with collapse/expand and tree view
+- add Telegram, PagerDuty, Pushover, Gotify providers
+- add Prometheus /metrics endpoint
+- expose HTTP method and accepted status codes in monitor form
+- add config-as-code YAML import/export
+- add distributed probing foundation — schema, models, and probe APIs
+- add probe execution mode, check extraction, and result aggregation
+- add region affinity, Nodes TUI tab, and probe metrics
+- add status bar, tab badges, and detail panel
+- bordered modals, welcome state, and dynamic name width
+- DOWN-first sort, health pulse, and site filter
+- split available width evenly between NAME and HISTORY columns
+- add type icons to sites table
+- persist logs to DB, load on startup
+- add incident management and maintenance windows
+- zebra striping, detail breadcrumb, sparkline stats, collapse persistence
+- add --version flag with build metadata injection
+- add theme system with 4 curated palettes
+- swap light theme for Tokyo Night and Gruvbox
+- seed SSH users from env var and authorized_keys file (#31)
+- show error reason when monitors go DOWN
+- proper push monitor lifecycle — PENDING, LATE, DOWN states
+- logs tab overhaul — severity tags, filtering, recovery durations
+- alert channel health indicator + test alerts
+- add GitHub release relay workflow
+- classify error reasons on DOWN monitors
+- add state change history view with outage duration
+- add Opsgenie provider
+- add STALE state for push monitors
+- add SLA reporting view
+- overhaul latency sparkline scaling, color, and layout
+- auto-prune expired maintenance windows
+- click-to-inspect sparkline tooltips in detail view
 
 ### Changed
-- Split release pipeline into separate binary and Docker workflows (#45)
+
-- Pin Docker base images by digest (#45)
+- replace database ID column with row counter
-- Add GitHub release relay — mirrors Gitea releases to GitHub (#49)
+- unify SQLite and Postgres into dialect-based SQLStore
-- Add Grype CVE scanning to Docker pipeline (#45)
+- add error returns to all Store interface methods
-- Make CVE scan non-blocking for non-exploitable wish SCP vulnerability (#48)
+- remove store global singleton, thread store explicitly
+- extract shared HTTPProvider for webhook-based alerts
+- extract shared table rendering, fix cursor bounds
+- encapsulate engine state, add graceful shutdown and tests
+- split release pipeline, add nfpm/homebrew/git-cliff
+- decompose god files into single-concern modules
+- consistent chrome across all views
+- status icons, clean STATUS column, relative time
+- extract magic numbers into named constants
+- check all discarded errors in sqlstore_test.go
+- overhaul tab bar — consistent counts, active highlight, colored alerts
+- responsive column hiding — 3-tier priority-based layout
+- swap mattn/go-sqlite3 for modernc.org/sqlite
+- propagate context.Context through all Store methods
+- typed Status constants with IsBroken() predicate
+- schema_version migration table + DeleteAlert FK fix
+- shared storetest.BaseMock replaces 5 duplicated mocks
+- consolidate env parsing into appConfig struct
+- extract Server type with named handler methods
+- split Site into SiteConfig + SiteState
+- unify logging with log/slog
 
 ### Fixed
-- git-cliff install in CI — resolve download URL dynamically, extract to /tmp (#46, #47)
 
-## [2026.06.1] — 2026-06-01
+- forward all msg types to huh forms, improve row selection UX
+- harden TLS, timeouts, validation, logging, and token generation
+- add delete confirm, input validation, XSS fix, history persistence
+- correctness and robustness fixes across all subsystems
+- make status bar and tab badges visible
+- use stable sort to prevent site list shuffling each tick
+- sort children by ID before status to prevent map-order shuffling
+- sparkline now spans full column width
+- sparkline right-aligned — current time at right edge, dots fill left
+- increase history buffer to 60 so sparkline fills completely
+- compute uptime from windowed statuses, not running counters
+- seed status and latency from DB history on startup
+- strip push tokens from /status/json response
+- correct viewport sizing and dynamic chrome calculation
+- constrain form height to terminal and forward resize events
+- skip children in maintenance when computing group status
+- exclude maintenance'd monitors from down count and pulse
+- group selection highlight, layout constants, group history graphs
+- stable monitor count and universal group icons
+- replace panic with error return, handle unmarshal errors
+- add context to Provider.Send, log alert failures
+- constant-time secret comparison, request size limits
+- graceful shutdown for HTTP, SSH servers and database
+- add jitter to check intervals and stagger startup
+- use sh instead of bash for runner compatibility
+- enable CGO for race detector, use lint-action v7
+- install gcc for race detector support
+- skip irrelevant field validation by monitor type
+- guard max retries validator for group type
+- tighten zebra row contrast for Tokyo Night and Gruvbox
+- phase 1 critical fixes for public release
+- phase 2 high-severity hardening
+- phase 3 medium reliability and hardening
+- phase 4 code quality and low-severity fixes
+- rename GITEA_TOKEN to RELEASE_TOKEN
+- remove explicit container, use sh shell
+- bump golang.org/x/crypto v0.47.0 → v0.52.0
+- install git and gcc for GoReleaser in release pipeline
+- use internal Gitea URL for GoReleaser API calls
+- use docker-builder runner for Docker image builds
+- patch Docker Scout CVEs and remove unused openssh-client (#41)
+- non-root user, supply chain attestations, build cleanup
+- move SSH host key path into /data for non-root user
+- create .ssh dir explicitly, ensure entrypoint is executable
+- resolve git-cliff download URL dynamically
+- extract git-cliff to /tmp to avoid dirty worktree
+- make Grype CVE scan non-blocking for known wish vuln
+- bump Go 1.26.3 → 1.26.4
+- remove error truncation from detail panel
+- classify safedial "failed to connect" as TCP
+- resolve staticcheck lint errors in history view
+- trigger immediate recheck after site config edit
+- broken tick chain after form/dialog + retries off-by-one
+- wire up [e] edit key in detail panel
+- show push token and URL in detail panel
+- show correct push heartbeat curl command in detail panel
+- propagate STALE/LATE child status to group
+- quick wins batch — version footer, column widths, zebra, sparkline
+- logs tab use viewport for scrollable content
+- pin footer to bottom of terminal
+- normalize content whitespace for consistent footer position
+- clip overflowing content to keep footer pinned
+- remove extra blank lines above footer
+- expand log viewport to fill content area
+- log STALE recovery in push heartbeat handler
+- check fmt.Sscanf return value (errcheck lint)
+- inject time into ComputeDailyBreakdown for testability
+- cascade delete related rows when removing a site
+- merge check results into live state, never overwrite
+- serialize DB writes through a single drained writer
+- close XFF bypass and three secret-leak paths
+- move blocking DB IO out of Update/View into tea.Cmds
+- move theme styles onto the Model to end cross-session races
+- finish moving keypress DB reads into tea.Cmds
+- move all store writes out of Update into tea.Cmds
+- mask alert secrets in the TUI detail panel and table
+- serve /status/json through a public DTO
+- make SSH key revocation fail closed
+- six correctness fixes for the state machine
+- migrate Postgres timestamps to TIMESTAMPTZ
+- seven quick-win bug fixes across engine, server, TUI, CLI
+- SSRF guard gaps + DNS port restriction + metrics auth
+- track selection by site ID + q means back everywhere
+- apply convergence + push/group check history
+- Kuma import tokens/paused, Docker hardening, migrate-secrets idempotency
+- six small fixes — rate limiter leak, DST SLA, probe sort, TUI cleanup
+- seven fixes — token scan, variadic cleanup, TUI layout, compose secrets
+- chmod SQLite DB files to 0600 on open
+- close DNS-rebind TOCTOU on ping/port checks
+- API import no longer replaces user accounts
+- email send respects context deadline
+- rename X-Upkeep-Secret header to X-Uptop-Secret
+- apply log filter to full log list, not viewport window
+- repair pipeline defects found in v0.1.0-rc.1 rehearsal
+- suppress wish GHSA alias in grype, fold rc tags into launch notes
+- scan gates docker push, rc tags spare :latest, mirror waits for stable assets
+- remove tagged scan image in cleanup step
+- exclude rc tags from cliff tag_pattern so launch notes span full history
+- fall back to embedded build info when ldflags absent
 
-### Changed
-- Container runs as non-root user `uptop` (UID/GID 1000) instead of root (#44)
-- SSH host key relocated to `/data/.ssh/id_ed25519` for non-root compatibility (#44)
-- Release workflow prunes dangling images and build cache after Docker push (#44)
-
-### Added
-- SBOM and provenance attestations on Docker images for supply chain compliance (#44)
-- Entrypoint script with volume writability check and migration guidance (#44)
-
-### Breaking
-- Existing Docker volumes with root-owned files require migration before upgrading:
-  `docker run --rm -v <volume>:/data alpine chown -R 1000:1000 /data`
-
-## [2026.05.6] — 2026-05-30 (infrastructure)
-
-### Changed
-- Sync README to Docker Hub on release (#43)
-
-### Security
-- Patch Docker Scout CVEs, remove unused openssh-client (#41)
-
-## [2026.05.5] — 2026-05-29
-
-### Added
-- Error reason display when monitors go DOWN (#33)
-- Push monitor lifecycle — PENDING, LATE, DOWN states (#34)
-- Logs tab overhaul — severity tags, filtering, recovery durations (#35)
-- Alert channel health indicator and test alerts (#36)
-- TUI screenshots in `assets/` (#32)
-- CI status badge in README
-
-### Changed
-- Visual polish — detail sections, column headers, alert detail (#37)
-- README rewritten with hero image, badges, collapsible install sections (#32)
-- Changelog rewritten to match actual CalVer tag history
-- Migrated to `lerkolabs` org namespace (#38)
-- Docker-compose files moved to `deploy/`
-
-## [2026.05.4] — 2026-05-27
-
-### Added
-- SSH user seeding from `UPTOP_ADMIN_KEY` env var and `UPTOP_KEYS` file (#31)
-- GoReleaser for binary releases
-- govulncheck in CI pipeline
-- Multi-arch Docker builds (amd64 + arm64)
-
-### Changed
-- CI overhaul — Go 1.26, build caching, streamlined pipeline (#30)
-- Bumped golang.org/x/crypto v0.47.0 → v0.52.0
-- Bumped Alpine 3.21 → 3.23
-
-### Security
-- Phase 1: SSRF protection, input validation, safe dial (#26)
-- Phase 2: TLS hardening, auth bypass fixes, rate limiting (#27)
-- Phase 3: Graceful degradation, connection limits, timeout enforcement (#28)
-- Phase 4: Code quality, error handling, linter fixes (#29)
-
-## [2026.05.3] — 2026-05-25
-
-### Added
-- Theme system with 5 dark palettes — Default, Dracula, Nord, Tokyo Night, Gruvbox (#24)
-- `--version` flag with build metadata injection
-- Gitea Actions CI pipeline — test + lint (#20)
-- golangci-lint configuration
-- Comprehensive test suite — 94 tests across monitor, server, cluster (#19)
-- CONTRIBUTING.md and SECURITY.md
-
-### Changed
-- Renamed project from go-upkeep to uptop (#25)
-- Updated LICENSE with dual copyright for independent fork
-
-### Fixed
-- Form validators scoped to relevant monitor types (#23)
-- Graceful shutdown for HTTP, SSH servers and database (#19)
-- Constant-time secret comparison, request size limits (#19)
-- Check interval jitter to prevent thundering herd (#19)
-- TUI visual polish — zebra striping, group icons, sparkline stats (#18)
-
-## [2026.05.2] — 2026-05-22
-
-### Added
-- Incident management and maintenance windows (#17)
-- Production docker-compose.yml
-
-### Fixed
-- Viewport sizing and dynamic chrome calculation (#16)
-- Form height constrained to terminal with resize forwarding
-- Maintenance'd monitors excluded from down count and pulse
-- Group status correctly skips children in maintenance
-
-## [2026.05.1] — 2026-05-16
-
-### Added
-- Distributed probing with leader + probe nodes
-- Config-as-code — YAML apply/export with dry-run and prune
-- TUI polish — status bar, tab badges, detail panel, modals
-- DOWN-first sort, health pulse, site filter
-- Type icons in sites table
-- Sparkline history graphs
-- Persistent state — uptime, status, latency, and logs survive restarts
-- Push token stripping from /status/json response
-
-## [2026.04.1] — 2026-04-01
-
-### Added
-- SSH-accessible TUI built on Bubble Tea + Wish
-- 6 check types — HTTP, Push, Ping, Port, DNS, Group
-- 9 alert providers — Discord, Slack, Email, Ntfy, Telegram, PagerDuty, Pushover, Gotify, Webhook
-- SQLite and PostgreSQL support
-- HA clustering with automatic failover
-- Prometheus /metrics endpoint
-- Public status page (HTML + JSON)
-- Uptime Kuma backup import

Dockerfile

@@ -1,5 +1,5 @@
 # --- Stage 1: Builder ---
-FROM golang:1.26-alpine3.23@sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d AS builder
+FROM golang:1.26.4-alpine3.23@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS builder
 WORKDIR /app
 COPY go.mod go.sum ./
 RUN --mount=type=cache,target=/go/pkg/mod \

README.md

@@ -19,6 +19,8 @@ An uptime monitor you manage entirely from the terminal. It runs as a server, ex
 
 Built on [RDGames/go-upkeep](https://github.com/RDGames/go-upkeep). Rewritten for clustering, config-as-code, and a proper dashboard.
 
+Canonical repo: [gitea.lerkolabs.com/lerkolabs/uptop](https://gitea.lerkolabs.com/lerkolabs/uptop) — [GitHub](https://github.com/lerkolabs/uptop) is a mirror; releases are published to both.
+
 ## Features
 
 - **6 check types** — HTTP, Push (heartbeat), Ping, Port, DNS, Groups
@@ -30,6 +32,8 @@ Built on [RDGames/go-upkeep](https://github.com/RDGames/go-upkeep). Rewritten fo
 - **SQLite or Postgres** — SQLite for single-node, Postgres for production
 - **Uptime Kuma import** — migrate from Kuma with one command
 
+> Group monitors roll up child status for display but don't fire their own alerts yet — attach alerts to the children.
+
 ## Screenshots
 
 <table>
@@ -49,14 +53,14 @@ Built on [RDGames/go-upkeep](https://github.com/RDGames/go-upkeep). Rewritten fo
 ## Quick start
 
 ```bash
-go run cmd/uptop/main.go
+go run ./cmd/uptop
 ssh -p 23234 localhost
 ```
 
 Want some data to look at first:
 
 ```bash
-go run cmd/uptop/main.go -demo
+go run ./cmd/uptop -demo
 ```
 
 ## Install
@@ -79,16 +83,20 @@ services:
       # - UPTOP_ADMIN_KEY=ssh-ed25519 AAAA... you@host
     volumes:
       - ./data:/data
+    sysctls:
+      - net.ipv4.ping_group_range=0 2147483647
 ```
 
-First run: set `UPTOP_ADMIN_KEY` to your SSH public key, or attach to the container and add it in the Users tab.
+First run: set `UPTOP_ADMIN_KEY` to your SSH public key.
+
+The `sysctls` line enables unprivileged ICMP inside the container — without it, ping monitors get no response and silently report DOWN.
 
 </details>
 
 <details>
-<summary><strong>Binary (Linux amd64)</strong></summary>
+<summary><strong>Binary (Linux, macOS, Windows)</strong></summary>
 
-Download from [Releases](https://github.com/lerkolabs/uptop/releases).
+Download from [Releases](https://github.com/lerkolabs/uptop/releases) — amd64 and arm64 tarballs (zip for Windows), plus `.deb`/`.rpm` packages and `checksums.txt`.
 
 </details>
 
@@ -162,6 +170,19 @@ Set `UPTOP_ENCRYPTION_KEY` to encrypt alert credentials (SMTP passwords, webhook
 
 Without this, credentials are stored as plaintext in the database. uptop warns on startup if unset. To encrypt credentials on an existing install, run `uptop migrate-secrets` with the key set.
 
+### Data retention
+
+uptop prunes its own history in the background — no external cleanup jobs needed:
+
+| Data | Kept |
+|---|---|
+| Check history | newest 1,000 checks per monitor |
+| State changes (UP/DOWN transitions) | newest 5,000 per monitor |
+| Logs | newest 200 entries |
+| Maintenance windows | 7 days after they end (configurable) |
+
+Sparklines, uptime percentages, and SLA reports are computed from these windows, so very long-horizon stats aren't retained. Export to Prometheus via `/metrics` if you need unlimited history.
+
 ## Clustering
 
 uptop supports three modes: **leader** (default single node), **follower** (HA failover — takes over if the leader goes down), and **probe** (stateless distributed checks from multiple regions).
@@ -174,7 +195,7 @@ Export your Kuma backup JSON, then:
 
 ```bash
 curl -X POST http://localhost:8080/api/import/kuma \
-  -H "X-Upkeep-Secret: your-secret" \
+  -H "X-Uptop-Secret: your-secret" \
   -H "Content-Type: application/json" \
   -d @kuma-backup.json
 ```

cliff.toml

@@ -23,7 +23,13 @@ filter_unconventional = true
 split_commits = false
 protect_breaking_commits = false
 filter_commits = false
-tag_pattern = "v[0-9].*"
+# Only final tags count as releases — rc rehearsal tags must not become
+# section boundaries, or the final tag's notes would cover only
+# commits-since-last-rc (v0.1.0 rendered 0 commits with ignore_tags, which
+# drops rc-tagged commits instead of folding them forward). With rc tags
+# outside the pattern, finals render the full span and rc tags render
+# [Unreleased] with everything pending. Verified empirically on both.
+tag_pattern = 'v[0-9]+\.[0-9]+\.[0-9]+$'
 topo_order = false
 sort_commits = "oldest"
 
@@ -33,7 +39,7 @@ commit_parsers = [
     { message = "^perf", group = "Changed" },
     { message = "^refactor", group = "Changed" },
     { message = "^security", group = "Security" },
-    { body = ".*security", group = "Security" },
+    { message = "^polish", group = "Changed" },
     { body = "BREAKING", group = "Breaking" },
     { footer = "BREAKING.CHANGE", group = "Breaking" },
     { message = "^docs", skip = true },

cmd/uptop/main.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
+	"runtime/debug"
 	"strings"
 	"sync"
 	"syscall"
@@ -39,6 +40,30 @@ var (
 	date    = "unknown"
 )
 
+// GoReleaser stamps the vars above via ldflags, but `go install module@tag`
+// compiles without them and would report "dev". The module version and any
+// vcs stamps are embedded in every binary, so fall back to those.
+func init() {
+	if version != "dev" {
+		return
+	}
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		return
+	}
+	if mv := info.Main.Version; mv != "" && mv != "(devel)" {
+		version = strings.TrimPrefix(mv, "v")
+	}
+	for _, s := range info.Settings {
+		switch s.Key {
+		case "vcs.revision":
+			commit = s.Value
+		case "vcs.time":
+			date = s.Value
+		}
+	}
+}
+
 func main() {
 	slog.SetDefault(slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
 		Level: slog.LevelInfo,
@@ -64,11 +89,18 @@ func main() {
 }
 
 func printVersion() {
-	if version == "dev" {
+	out := "uptop " + version
-		fmt.Println("uptop dev")
+	var meta []string
-	} else {
+	if commit != "none" {
-		fmt.Printf("uptop %s (%s, %s)\n", version, commit, date)
+		meta = append(meta, commit)
 	}
+	if date != "unknown" {
+		meta = append(meta, date)
+	}
+	if len(meta) > 0 {
+		out += " (" + strings.Join(meta, ", ") + ")"
+	}
+	fmt.Println(out)
 }
 
 func envOrDefault(key, fallback string) string {

docs/clustering.md

@@ -81,5 +81,5 @@ Set via `UPTOP_AGG_STRATEGY` on the leader.
 ## Security
 
 - Set `UPTOP_CLUSTER_SECRET` on all nodes. Without it, cluster API endpoints are unauthenticated.
-- Secrets are sent in HTTP headers (`X-Upkeep-Secret`). Use TLS or a reverse proxy for production.
+- Secrets are sent in HTTP headers (`X-Uptop-Secret`). Use TLS or a reverse proxy for production.
 - uptop warns on startup if the cluster secret is missing or if cluster mode is active without TLS.

docs/config-as-code.md

@@ -122,7 +122,7 @@ Groups can't nest inside other groups. A group is healthy when all its children
 
 ## Alert types
 
-All 9 providers work in the YAML. The `settings` map is different per type.
+All 10 providers work in the YAML. The `settings` map is different per type.
 
 ```yaml
 # Discord / Slack / Generic Webhook — just a URL
@@ -149,6 +149,9 @@ All 9 providers work in the YAML. The `settings` map is different per type.
     url: https://ntfy.sh
     topic: my-alerts
     priority: "4"
+    # for protected topics:
+    # username: user
+    # password: pass
 
 # Telegram
 - name: Telegram Ops
@@ -178,6 +181,14 @@ All 9 providers work in the YAML. The `settings` map is different per type.
     url: https://gotify.example.com
     token: app-token
     priority: "8"
+
+# Opsgenie
+- name: Opsgenie
+  type: opsgenie
+  settings:
+    api_key: your-api-key
+    priority: P2        # P1–P5, default P3
+    # eu: "true"        # use the EU API endpoint
 ```
 
 ## Commands
@@ -224,7 +235,25 @@ Monitors and alerts are matched by **name**. Names must be unique across the ent
 
 Apply is idempotent. Run it twice with the same file, second run changes nothing.
 
-If something fails mid-apply, just fix the issue and run it again. It picks up where it left off.
+Apply is **not atomic** — items are written one at a time, so an error mid-apply (bad value, lost DB connection, ctrl-C) leaves the items already written in place. That's safe to recover from: apply diffs against the database by name, so fix the issue and run it again — it converges the rest. Just don't run two applies against the same database at once.
+
+## Backups and secrets
+
+`uptop export` writes alert credentials (SMTP passwords, API tokens, webhook URLs) into the YAML in clear text — that's what makes the file restorable. Treat it like a secrets file.
+
+The HTTP export endpoint redacts those same fields **by default**:
+
+```bash
+# secrets show as ***REDACTED*** — fine for sharing or review
+curl -H "X-Uptop-Secret: your-secret" \
+  "http://localhost:8080/api/backup/export"
+
+# full backup you can actually restore from
+curl -H "X-Uptop-Secret: your-secret" \
+  "http://localhost:8080/api/backup/export?redact_secrets=false"
+```
+
+Restoring a redacted export imports the literal string `***REDACTED***` as your credentials. For real backups, pass `redact_secrets=false` or run `uptop export` on the host.
 
 ## Typical workflow
 

internal/cluster/cluster.go

@@ -52,7 +52,7 @@ func runFollowerLoop(ctx context.Context, cfg Config, eng *monitor.Engine) {
 
 		req, _ := http.NewRequest("GET", cfg.PeerURL+"/api/health", nil)
 		if cfg.SharedKey != "" {
-			req.Header.Set("X-Upkeep-Secret", cfg.SharedKey)
+			req.Header.Set("X-Uptop-Secret", cfg.SharedKey)
 		}
 
 		resp, err := client.Do(req)

internal/cluster/cluster_test.go

@@ -113,7 +113,7 @@ func TestFollowerLoop_SendsSecret(t *testing.T) {
 	var receivedSecret string
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		mu.Lock()
-		receivedSecret = r.Header.Get("X-Upkeep-Secret")
+		receivedSecret = r.Header.Get("X-Uptop-Secret")
 		mu.Unlock()
 		w.WriteHeader(200)
 		w.Write([]byte("OK"))

internal/cluster/probe.go

@@ -90,7 +90,7 @@ func probeRegister(ctx context.Context, client *http.Client, cfg ProbeConfig) er
 		return err
 	}
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-Upkeep-Secret", cfg.SharedKey)
+	req.Header.Set("X-Uptop-Secret", cfg.SharedKey)
 	resp, err := client.Do(req)
 	if err != nil {
 		return err
@@ -108,7 +108,7 @@ func probeFetchAssignments(ctx context.Context, client *http.Client, cfg ProbeCo
 	if err != nil {
 		return nil, err
 	}
-	req.Header.Set("X-Upkeep-Secret", cfg.SharedKey)
+	req.Header.Set("X-Uptop-Secret", cfg.SharedKey)
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@@ -180,7 +180,7 @@ func probeReportResults(ctx context.Context, client *http.Client, cfg ProbeConfi
 		return err
 	}
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-Upkeep-Secret", cfg.SharedKey)
+	req.Header.Set("X-Uptop-Secret", cfg.SharedKey)
 	resp, err := client.Do(req)
 	if err != nil {
 		return err

internal/importer/kuma_test.go

@@ -0,0 +1,210 @@
+package importer
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func writeTemp(t *testing.T, content string) string {
+	t.Helper()
+	path := filepath.Join(t.TempDir(), "backup.json")
+	if err := os.WriteFile(path, []byte(content), 0o600); err != nil {
+		t.Fatal(err)
+	}
+	return path
+}
+
+func TestLoadKumaFileMissingFile(t *testing.T) {
+	_, err := LoadKumaFile(filepath.Join(t.TempDir(), "nope.json"))
+	if err == nil {
+		t.Fatal("expected error for missing file")
+	}
+}
+
+func TestLoadKumaFileMalformedInput(t *testing.T) {
+	cases := []struct {
+		name string
+		body string
+	}{
+		{"empty file", ""},
+		{"truncated JSON", `{"version": "1.23", "monitorList": [`},
+		{"not JSON", "definitely not json"},
+		{"wrong root type", `[1, 2, 3]`},
+		{"monitorList wrong type", `{"monitorList": {"a": 1}}`},
+		{"monitor field wrong type", `{"monitorList": [{"id": "not-an-int"}]}`},
+		{"notificationList wrong type", `{"notificationList": "oops"}`},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			_, err := LoadKumaFile(writeTemp(t, tc.body))
+			if err == nil {
+				t.Fatalf("expected parse error for %s", tc.name)
+			}
+			if !strings.Contains(err.Error(), "parse JSON") {
+				t.Fatalf("expected wrapped parse error, got: %v", err)
+			}
+		})
+	}
+}
+
+func TestLoadKumaFileNullLists(t *testing.T) {
+	kb, err := LoadKumaFile(writeTemp(t, `{"version": "1.23", "monitorList": null, "notificationList": null}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+	backup := ConvertKuma(kb)
+	if len(backup.Sites) != 0 || len(backup.Alerts) != 0 {
+		t.Fatalf("expected empty backup, got %d sites %d alerts", len(backup.Sites), len(backup.Alerts))
+	}
+}
+
+func TestConvertKumaSkipsMalformedNotificationConfig(t *testing.T) {
+	kb := &KumaBackup{
+		NotificationList: []KumaNotifEntry{
+			{ID: 1, Name: "broken", Config: "{not json"},
+			{ID: 2, Name: "good", Config: `{"type": "discord", "ntfyserverurl": "https://example.com/hook"}`},
+		},
+		MonitorList: []KumaMonitor{
+			{ID: 10, Name: "site", Type: "http", URL: "https://example.com", NotificationIDs: map[string]bool{"1": true}},
+		},
+	}
+	backup := ConvertKuma(kb)
+	if len(backup.Alerts) != 1 {
+		t.Fatalf("expected broken notification skipped, got %d alerts", len(backup.Alerts))
+	}
+	if backup.Alerts[0].Type != "discord" {
+		t.Fatalf("expected discord alert, got %q", backup.Alerts[0].Type)
+	}
+	if backup.Sites[0].AlertID != 0 {
+		t.Fatalf("site referencing skipped notification should keep AlertID 0, got %d", backup.Sites[0].AlertID)
+	}
+}
+
+func TestConvertKumaNtfyNotification(t *testing.T) {
+	kb := &KumaBackup{
+		NotificationList: []KumaNotifEntry{
+			{ID: 3, Name: "ntfy", Config: `{
+				"type": "ntfy",
+				"ntfyserverurl": "https://ntfy.example.com/",
+				"ntfytopic": "uptime",
+				"ntfyPriority": 4,
+				"ntfyAuthenticationMethod": "usernamePassword",
+				"ntfyusername": "u",
+				"ntfypassword": "p"
+			}`},
+		},
+	}
+	backup := ConvertKuma(kb)
+	if len(backup.Alerts) != 1 {
+		t.Fatalf("expected 1 alert, got %d", len(backup.Alerts))
+	}
+	a := backup.Alerts[0]
+	if a.Type != "ntfy" {
+		t.Fatalf("expected ntfy, got %q", a.Type)
+	}
+	if a.Settings["url"] != "https://ntfy.example.com" {
+		t.Fatalf("expected trailing slash trimmed, got %q", a.Settings["url"])
+	}
+	if a.Settings["topic"] != "uptime" || a.Settings["priority"] != "4" {
+		t.Fatalf("unexpected settings: %v", a.Settings)
+	}
+	if a.Settings["username"] != "u" || a.Settings["password"] != "p" {
+		t.Fatalf("expected credentials mapped, got %v", a.Settings)
+	}
+}
+
+func TestConvertKumaUnknownNotificationFallsBackToWebhook(t *testing.T) {
+	kb := &KumaBackup{
+		NotificationList: []KumaNotifEntry{
+			{ID: 4, Name: "matrix", Config: `{"type": "matrix", "ntfyserverurl": "https://example.com/hook"}`},
+		},
+	}
+	backup := ConvertKuma(kb)
+	if len(backup.Alerts) != 1 || backup.Alerts[0].Type != "webhook" {
+		t.Fatalf("expected webhook fallback, got %+v", backup.Alerts)
+	}
+}
+
+func TestConvertKumaHTTPMonitor(t *testing.T) {
+	kb := &KumaBackup{
+		NotificationList: []KumaNotifEntry{
+			{ID: 1, Name: "hook", Config: `{"type": "slack", "ntfyserverurl": "https://example.com/hook"}`},
+		},
+		MonitorList: []KumaMonitor{{
+			ID:              7,
+			Name:            "web",
+			Type:            "http",
+			URL:             "https://example.com",
+			Interval:        60,
+			Timeout:         30,
+			MaxRetries:      2,
+			Method:          "GET",
+			AcceptedCodes:   []string{"200", "301"},
+			IgnoreTLS:       true,
+			ExpiryNotif:     true,
+			Active:          false,
+			NotificationIDs: map[string]bool{"1": true},
+		}},
+	}
+	backup := ConvertKuma(kb)
+	if len(backup.Sites) != 1 {
+		t.Fatalf("expected 1 site, got %d", len(backup.Sites))
+	}
+	s := backup.Sites[0]
+	if s.URL != "https://example.com" || !s.CheckSSL || !s.IgnoreTLS {
+		t.Fatalf("http fields not mapped: %+v", s)
+	}
+	if !s.Paused {
+		t.Fatal("inactive monitor should import paused")
+	}
+	if s.AcceptedCodes != "200,301" {
+		t.Fatalf("expected joined accepted codes, got %q", s.AcceptedCodes)
+	}
+	if s.AlertID != 1 {
+		t.Fatalf("expected alert mapped, got %d", s.AlertID)
+	}
+}
+
+func TestConvertKumaPushMonitorGetsToken(t *testing.T) {
+	kb := &KumaBackup{
+		MonitorList: []KumaMonitor{{ID: 1, Name: "push", Type: "push", Active: true}},
+	}
+	backup := ConvertKuma(kb)
+	token := backup.Sites[0].Token
+	if len(token) != 32 {
+		t.Fatalf("expected 32-char hex token, got %q", token)
+	}
+}
+
+func TestConvertKumaNonNumericNotificationID(t *testing.T) {
+	kb := &KumaBackup{
+		MonitorList: []KumaMonitor{{
+			ID:              1,
+			Name:            "site",
+			Type:            "http",
+			NotificationIDs: map[string]bool{"abc": true},
+		}},
+	}
+	backup := ConvertKuma(kb)
+	if backup.Sites[0].AlertID != 0 {
+		t.Fatalf("non-numeric notification ID should not map, got %d", backup.Sites[0].AlertID)
+	}
+}
+
+func TestConvertKumaGroupAndChildren(t *testing.T) {
+	kb := &KumaBackup{
+		MonitorList: []KumaMonitor{
+			{ID: 1, Name: "grp", Type: "group", Active: true},
+			{ID: 2, Name: "ping", Type: "ping", Hostname: "10.0.0.1", Parent: 1, Active: true},
+		},
+	}
+	backup := ConvertKuma(kb)
+	if backup.Sites[0].Type != "group" {
+		t.Fatalf("expected group type, got %q", backup.Sites[0].Type)
+	}
+	if backup.Sites[1].ParentID != 1 || backup.Sites[1].Hostname != "10.0.0.1" {
+		t.Fatalf("child not mapped: %+v", backup.Sites[1])
+	}
+}

internal/monitor/monitor.go

@@ -115,10 +115,14 @@ func newEngine(s store.Store, allowPrivateTargets bool) *Engine {
 	}
 }
 
+// SetInsecureSkipVerify must be called before Start: the field is read by
+// checker goroutines without synchronization.
 func (e *Engine) SetInsecureSkipVerify(skip bool) {
 	e.insecureSkipVerify = skip
 }
 
+// SetMaintRetention must be called before Start: the field is read by the
+// maintenance prune goroutine without synchronization.
 func (e *Engine) SetMaintRetention(d time.Duration) {
 	e.maintRetention = d
 }
@@ -1043,6 +1047,8 @@ func (e *Engine) EnqueueProbeCheck(siteID int, nodeID string, latencyNs int64, i
 	e.enqueueWrite(writeProbeCheck{siteID: siteID, nodeID: nodeID, latencyNs: latencyNs, isUp: isUp})
 }
 
+// SetAggStrategy must be called before Start: the field is read by the probe
+// aggregation path without synchronization.
 func (e *Engine) SetAggStrategy(strategy AggregationStrategy) {
 	e.aggStrategy = strategy
 }

internal/server/server.go

@@ -127,7 +127,7 @@ func (s *Server) routes() http.Handler {
 }
 
 func (s *Server) requireAuth(r *http.Request) bool {
-	return s.cfg.ClusterKey != "" && checkSecret(r.Header.Get("X-Upkeep-Secret"), s.cfg.ClusterKey)
+	return s.cfg.ClusterKey != "" && checkSecret(r.Header.Get("X-Uptop-Secret"), s.cfg.ClusterKey)
 }
 
 func (s *Server) handlePush(w http.ResponseWriter, r *http.Request) {
@@ -159,7 +159,7 @@ func (s *Server) handleHealth(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 		return
 	}
-	if s.cfg.ClusterKey != "" && !checkSecret(r.Header.Get("X-Upkeep-Secret"), s.cfg.ClusterKey) {
+	if s.cfg.ClusterKey != "" && !checkSecret(r.Header.Get("X-Uptop-Secret"), s.cfg.ClusterKey) {
 		http.Error(w, "Unauthorized", http.StatusUnauthorized)
 		return
 	}

internal/server/server_test.go

@@ -141,7 +141,7 @@ func authReq(method, url, secret string, body []byte) (*http.Response, error) {
 		return nil, err
 	}
 	if secret != "" {
-		req.Header.Set("X-Upkeep-Secret", secret)
+		req.Header.Set("X-Uptop-Secret", secret)
 	}
 	return http.DefaultClient.Do(req)
 }

internal/tui/data.go

@@ -104,7 +104,7 @@ func (m *Model) refreshLive() {
 		ordered = filterSites(ordered, m.filterText)
 	}
 	m.sites = ordered
-	m.logViewport.SetContent(strings.Join(m.engine.GetLogs(), "\n"))
+	m.refreshLogContent()
 
 	if m.currentTab == 0 && m.selectedID != 0 {
 		for i, s := range m.sites {

internal/tui/tab_logs.go

@@ -82,18 +82,15 @@ func (m Model) renderLogLine(line string) string {
 	return fmt.Sprintf("  %s  %s", tag, msg)
 }
 
-func (m Model) viewLogsTab() string {
+// refreshLogContent rebuilds the log viewport from the full engine log list,
-	content := m.logViewport.View()
+// filtering before windowing so the entry count and "(n hidden)" reflect all
-	if strings.TrimSpace(content) == "" || content == "Waiting for logs..." {
+// logs, not just the visible viewport slice.
-		return m.emptyState("No log entries yet.", "Logs appear as monitors run checks")
+func (m *Model) refreshLogContent() {
-	}
-
-	lines := strings.Split(content, "\n")
 	var rendered []string
 	total := 0
 	shown := 0
 
-	for _, line := range lines {
+	for _, line := range m.engine.GetLogs() {
 		if strings.TrimSpace(line) == "" {
 			continue
 		}
@@ -106,18 +103,27 @@ func (m Model) viewLogsTab() string {
 		rendered = append(rendered, m.renderLogLine(line))
 	}
 
+	m.logTotal = total
+	m.logShown = shown
+	m.logViewport.SetContent(strings.Join(rendered, "\n"))
+}
+
+func (m Model) viewLogsTab() string {
+	if m.logTotal == 0 {
+		return m.emptyState("No log entries yet.", "Logs appear as monitors run checks")
+	}
+
 	filterLabel := "All"
 	if m.logFilterImportant {
 		filterLabel = "Important"
 	}
 
 	header := m.st.subtleStyle.Render(fmt.Sprintf(
-		"  %d entries  Filter: %s", shown, filterLabel))
+		"  %d entries  Filter: %s", m.logShown, filterLabel))
 
-	if m.logFilterImportant && shown < total {
+	if m.logFilterImportant && m.logShown < m.logTotal {
-		header += m.st.subtleStyle.Render(fmt.Sprintf("  (%d hidden)", total-shown))
+		header += m.st.subtleStyle.Render(fmt.Sprintf("  (%d hidden)", m.logTotal-m.logShown))
 	}
 
-	m.logViewport.SetContent(strings.Join(rendered, "\n"))
 	return "\n" + header + "\n\n" + m.logViewport.View()
 }

internal/tui/tab_sites.go

@@ -326,101 +326,104 @@ func (m *Model) initSiteHuhForm() tea.Cmd {
 		}
 	}
 
-	// m.alerts is the tab-data cache (≤5s stale) — no store IO in Update.
+	return m.rebuildSiteForm()
-	alertOpts := []huh.Option[string]{huh.NewOption("None", "0")}
+}
+
+func (m *Model) rebuildSiteForm() tea.Cmd {
+	groups := m.buildSiteFormGroups()
+	m.huhForm = huh.NewForm(groups...).WithTheme(m.theme.HuhTheme())
+	if m.termWidth > 0 {
+		m.huhForm.WithWidth(m.termWidth)
+	}
+	formHeight := m.termHeight - 7
+	if formHeight < 5 {
+		formHeight = 5
+	}
+	m.huhForm.WithHeight(formHeight)
+	m.lastSiteType = m.siteFormData.SiteType
+	return m.huhForm.Init()
+}
+
+func (m *Model) siteFormOptions() (alertOpts, groupOpts []huh.Option[string]) {
+	alertOpts = []huh.Option[string]{huh.NewOption("None", "0")}
 	for _, a := range m.alerts {
 		alertOpts = append(alertOpts, huh.NewOption(
 			fmt.Sprintf("%s (%s)", a.Name, a.Type),
 			strconv.Itoa(a.ID),
 		))
 	}
-
+	groupOpts = []huh.Option[string]{huh.NewOption("None", "0")}
-	groupOpts := []huh.Option[string]{huh.NewOption("None", "0")}
 	for _, s := range m.sites {
 		if s.Type == "group" && s.ID != m.editID {
 			groupOpts = append(groupOpts, huh.NewOption(s.Name, strconv.Itoa(s.ID)))
 		}
 	}
+	return
+}
 
-	m.huhForm = huh.NewForm(
+func (m *Model) buildSiteFormGroups() []*huh.Group {
-		huh.NewGroup(
+	d := m.siteFormData
-			huh.NewInput().Title("Monitor Name").
+	alertOpts, groupOpts := m.siteFormOptions()
-				Placeholder("My Service").
+
-				Value(&m.siteFormData.Name).
+	// Page 1 — Monitor Setup: core fields + type-specific target
-				Validate(func(s string) error {
+	setup := []huh.Field{
-					if s == "" {
+		huh.NewInput().Title("Monitor Name").
-						return fmt.Errorf("name is required")
+			Placeholder("My Service").
-					}
+			Value(&d.Name).
-					return nil
+			Validate(func(s string) error {
-				}),
+				if s == "" {
-			huh.NewSelect[string]().Title("Monitor Type").
+					return fmt.Errorf("name is required")
-				Options(
+				}
-					huh.NewOption("HTTP/HTTPS", "http"),
+				return nil
-					huh.NewOption("Push / Heartbeat", "push"),
+			}),
-					huh.NewOption("Ping (ICMP)", "ping"),
+		huh.NewSelect[string]().Title("Monitor Type").
-					huh.NewOption("TCP Port", "port"),
+			Options(
-					huh.NewOption("DNS", "dns"),
+				huh.NewOption("HTTP/HTTPS", "http"),
-					huh.NewOption("Group", "group"),
+				huh.NewOption("Push / Heartbeat", "push"),
-				).Value(&m.siteFormData.SiteType),
+				huh.NewOption("Ping (ICMP)", "ping"),
-			huh.NewSelect[string]().Title("Alert Channel").
+				huh.NewOption("TCP Port", "port"),
-				Options(alertOpts...).
+				huh.NewOption("DNS", "dns"),
-				Value(&m.siteFormData.AlertID),
+				huh.NewOption("Group", "group"),
-		).Title("Monitor Settings"),
+			).Value(&d.SiteType),
-		huh.NewGroup(
+		huh.NewSelect[string]().Title("Alert Channel").
-			huh.NewInput().Title("URL").
+			Options(alertOpts...).
-				Placeholder("https://example.com").
+			Value(&d.AlertID),
-				Description("Required for HTTP monitors").
+	}
-				Value(&m.siteFormData.URL).
+
-				Validate(func(s string) error {
+	switch d.SiteType {
-					if m.siteFormData.SiteType != "http" {
+	case "http":
-						return nil
+		setup = append(setup, huh.NewInput().Title("URL").
-					}
+			Placeholder("https://example.com").
-					if s == "" {
+			Value(&d.URL).
-						return fmt.Errorf("URL is required for HTTP monitors")
+			Validate(func(s string) error {
-					}
+				if s == "" {
-					u, err := url.Parse(s)
+					return fmt.Errorf("URL is required")
-					if err != nil {
+				}
-						return fmt.Errorf("invalid URL")
+				u, err := url.Parse(s)
-					}
+				if err != nil {
-					if u.Scheme != "http" && u.Scheme != "https" {
+					return fmt.Errorf("invalid URL")
-						return fmt.Errorf("URL must start with http:// or https://")
+				}
-					}
+				if u.Scheme != "http" && u.Scheme != "https" {
-					if u.Host == "" {
+					return fmt.Errorf("URL must start with http:// or https://")
-						return fmt.Errorf("URL must include a host")
+				}
-					}
+				if u.Host == "" {
-					return nil
+					return fmt.Errorf("URL must include a host")
-				}),
+				}
-			huh.NewInput().Title("Check Interval (seconds)").
+				return nil
-				Placeholder("60").
+			}))
-				Value(&m.siteFormData.Interval).
+	case "ping", "dns":
-				Validate(func(s string) error {
+		setup = append(setup, huh.NewInput().Title("Hostname / IP").
-					if m.siteFormData.SiteType == "group" {
+			Placeholder("10.0.0.1").
-						return nil
+			Value(&d.Hostname))
-					}
+	case "port":
-					v, err := strconv.Atoi(s)
+		setup = append(setup,
-					if err != nil {
-						return fmt.Errorf("must be a number")
-					}
-					if v < 5 {
-						return fmt.Errorf("minimum interval is 5 seconds")
-					}
-					return nil
-				}),
-			huh.NewSelect[string]().Title("Parent Group").
-				Options(groupOpts...).
-				Value(&m.siteFormData.GroupID),
 			huh.NewInput().Title("Hostname / IP").
 				Placeholder("10.0.0.1").
-				Description("Target for ping/port/DNS monitors").
+				Value(&d.Hostname),
-				Value(&m.siteFormData.Hostname),
 			huh.NewInput().Title("Port").
-				Placeholder("0").
+				Placeholder("443").
-				Description("Target port for TCP port monitors").
+				Value(&d.Port).
-				Value(&m.siteFormData.Port).
 				Validate(func(s string) error {
-					if m.siteFormData.SiteType != "port" {
-						return nil
-					}
 					v, err := strconv.Atoi(s)
 					if err != nil {
 						return fmt.Errorf("must be a number")
@@ -429,34 +432,20 @@ func (m *Model) initSiteHuhForm() tea.Cmd {
 						return fmt.Errorf("port must be 1-65535")
 					}
 					return nil
-				}),
+				}))
-			huh.NewInput().Title("Timeout (seconds)").
+	}
-				Placeholder("5").
+
-				Value(&m.siteFormData.Timeout).
+	groups := []*huh.Group{huh.NewGroup(setup...).Title("Monitor Setup")}
-				Validate(func(s string) error {
+
-					if m.siteFormData.SiteType == "group" {
+	if d.SiteType == "group" {
-						return nil
+		return groups
-					}
+	}
-					v, err := strconv.Atoi(s)
+
-					if err != nil {
+	// Page 2 — Configuration: type-specific options + shared defaults
-						return fmt.Errorf("must be a number")
+	var config []huh.Field
-					}
+
-					if v < 1 || v > 300 {
+	if d.SiteType == "http" {
-						return fmt.Errorf("timeout must be 1-300 seconds")
+		config = append(config,
-					}
-					return nil
-				}),
-			huh.NewInput().Title("Description").
-				Placeholder("Optional description").
-				Value(&m.siteFormData.Description),
-			huh.NewInput().Title("Probe Regions").
-				Placeholder("us-east, eu-west (empty = all)").
-				Description("Comma-separated regions for distributed probing").
-				Value(&m.siteFormData.Regions),
-		).Title("Connection").WithHideFunc(func() bool {
-			return m.siteFormData.SiteType == "group"
-		}),
-		huh.NewGroup(
 			huh.NewSelect[string]().Title("HTTP Method").
 				Options(
 					huh.NewOption("GET", "GET"),
@@ -466,22 +455,75 @@ func (m *Model) initSiteHuhForm() tea.Cmd {
 					huh.NewOption("DELETE", "DELETE"),
 					huh.NewOption("HEAD", "HEAD"),
 					huh.NewOption("OPTIONS", "OPTIONS"),
-				).Value(&m.siteFormData.Method),
+				).Value(&d.Method),
 			huh.NewInput().Title("Accepted Status Codes").
 				Placeholder("200-299").
 				Description("Ranges (200-299) and singles (301) separated by commas").
-				Value(&m.siteFormData.AcceptedCodes),
+				Value(&d.AcceptedCodes),
-		).Title("HTTP Settings").WithHideFunc(func() bool {
+		)
-			return m.siteFormData.SiteType != "http"
+	}
-		}),
+
-		huh.NewGroup(
+	config = append(config,
+		huh.NewInput().Title("Check Interval (seconds)").
+			Placeholder("60").
+			Value(&d.Interval).
+			Validate(func(s string) error {
+				v, err := strconv.Atoi(s)
+				if err != nil {
+					return fmt.Errorf("must be a number")
+				}
+				if v < 5 {
+					return fmt.Errorf("minimum interval is 5 seconds")
+				}
+				return nil
+			}),
+		huh.NewInput().Title("Timeout (seconds)").
+			Placeholder("5").
+			Value(&d.Timeout).
+			Validate(func(s string) error {
+				v, err := strconv.Atoi(s)
+				if err != nil {
+					return fmt.Errorf("must be a number")
+				}
+				if v < 1 || v > 300 {
+					return fmt.Errorf("timeout must be 1-300 seconds")
+				}
+				return nil
+			}),
+		huh.NewInput().Title("Max Retries Before Alert").
+			Placeholder("0").
+			Value(&d.Retries).
+			Validate(func(s string) error {
+				v, err := strconv.Atoi(s)
+				if err != nil {
+					return fmt.Errorf("must be a number")
+				}
+				if v < 0 {
+					return fmt.Errorf("retries cannot be negative")
+				}
+				return nil
+			}),
+		huh.NewSelect[string]().Title("Parent Group").
+			Options(groupOpts...).
+			Value(&d.GroupID),
+		huh.NewInput().Title("Description").
+			Placeholder("Optional description").
+			Value(&d.Description),
+		huh.NewInput().Title("Probe Regions").
+			Placeholder("us-east, eu-west (empty = all)").
+			Description("Comma-separated regions for distributed probing").
+			Value(&d.Regions),
+	)
+
+	if d.SiteType == "http" {
+		config = append(config,
 			huh.NewConfirm().Title("Monitor SSL Certificate?").
-				Value(&m.siteFormData.CheckSSL),
+				Value(&d.CheckSSL),
 			huh.NewInput().Title("SSL Warning Threshold (days)").
 				Placeholder("7").
-				Value(&m.siteFormData.Threshold).
+				Value(&d.Threshold).
 				Validate(func(s string) error {
-					if !m.siteFormData.CheckSSL {
+					if !d.CheckSSL {
 						return nil
 					}
 					v, err := strconv.Atoi(s)
@@ -493,30 +535,13 @@ func (m *Model) initSiteHuhForm() tea.Cmd {
 					}
 					return nil
 				}),
-			huh.NewInput().Title("Max Retries Before Alert").
-				Placeholder("0").
-				Value(&m.siteFormData.Retries).
-				Validate(func(s string) error {
-					if m.siteFormData.SiteType == "group" {
-						return nil
-					}
-					v, err := strconv.Atoi(s)
-					if err != nil {
-						return fmt.Errorf("must be a number")
-					}
-					if v < 0 {
-						return fmt.Errorf("retries cannot be negative")
-					}
-					return nil
-				}),
 			huh.NewConfirm().Title("Ignore TLS Errors?").
-				Value(&m.siteFormData.IgnoreTLS),
+				Value(&d.IgnoreTLS),
-		).Title("Advanced").WithHideFunc(func() bool {
+		)
-			return m.siteFormData.SiteType == "group"
+	}
-		}),
-	).WithTheme(m.theme.HuhTheme())
 
-	return m.huhForm.Init()
+	groups = append(groups, huh.NewGroup(config...).Title("Configuration"))
+	return groups
 }
 
 func (m *Model) submitSiteForm() tea.Cmd {

internal/tui/tui.go

@@ -115,12 +115,15 @@ type Model struct {
 
 	huhForm       *huh.Form
 	siteFormData  *siteFormData
+	lastSiteType  string
 	alertFormData *alertFormData
 	userFormData  *userFormData
 	maintFormData *maintFormData
 
 	logViewport        viewport.Model
 	logFilterImportant bool
+	logTotal           int
+	logShown           int
 
 	historyViewport viewport.Model
 	historyChanges  []models.StateChange

internal/tui/update.go

@@ -128,6 +128,13 @@ func (m *Model) handleFormMsg(msg tea.Msg) (tea.Model, tea.Cmd) {
 		if f, ok := form.(*huh.Form); ok {
 			m.huhForm = f
 		}
+		if m.state == stateFormSite && m.siteFormData != nil &&
+			m.siteFormData.SiteType != m.lastSiteType {
+			rebuildCmd := m.rebuildSiteForm()
+			// Advance to Type select — user just changed it.
+			skipName := m.huhForm.NextField()
+			return m, tea.Batch(rebuildCmd, skipName)
+		}
 		if m.huhForm.State == huh.StateCompleted {
 			// The store write runs in the returned Cmd; its writeDoneMsg
 			// triggers the tab-data reload once the row actually exists.
@@ -527,6 +534,7 @@ func (m *Model) handleDashboardKey(msg tea.KeyMsg) (tea.Model, tea.Cmd) {
 	case "f":
 		if m.state == stateLogs {
 			m.logFilterImportant = !m.logFilterImportant
+			m.refreshLogContent()
 			return m, nil
 		}
 	case "tab":
@@ -726,6 +734,7 @@ func (m *Model) handleClick(msg tea.MouseMsg) (tea.Model, tea.Cmd) {
 	for i := m.tableOffset; i < end; i++ {
 		if m.zones.Get(fmt.Sprintf("%s-%d", prefix, i)).InBounds(msg) {
 			m.cursor = i
+			m.syncSelectedID()
 			return m, nil
 		}
 	}