v4.6.0

RemotePower v4.6.0 — "RepellantMatters"

A visual-identity release. RemotePower's default look has been the same dark slate-navy + blue + Inter palette that most self-hosted dashboards share — so the product never looked like itself. v4.6.0 ships a distinctive Industrial interface as the new default, and — because taste is personal and nobody should be forced into a redesign — a one-click New UI / Old UI toggle that restores the classic look. No markup, navigation, layout or functional changes — only the skin — and it's entirely CSP-safe.

After upgrading, hard-reload the dashboard once so the new front-end loads (service-worker cache remotepower-shell-v4.6.0).

The Industrial "New UI"

The new default trades the generic template aesthetic for an instrument-panel look that still keeps the RemotePower blue accent:

• Warm graphite / steel palette instead of slate-navy.
• A distinct type voice: the sidebar / navigation are set in IBM Plex Mono (self-hosted, added to the existing vendor/fonts/), giving the chrome a technical, instrument-panel feel, while the rest of the UI keeps the familiar Inter for readability. No external font requests (which the strict CSP would block anyway).
• Corner ticks on the primary panels (stat tiles, tables, dashboard widgets), dashed technical rules, mono, uppercase, tracked eyebrow labels and tabular figures — the technical-drawing / control-panel tells.
• Mono, uppercase panel-control buttons and sharper corners throughout.
• The RemotePower logo reads as a machined badge.

It's implemented as a single CSS layer scoped to body[data-ui="industrial"], placed after the theme blocks so its palette wins by source order — a genuine re-skin of the chrome (sidebar, headers, cards, tables, controls), not just a recolour.

New UI / Old UI — your choice

A new Settings → Interface tab lets you switch between the Industrial New UI and the classic Old UI. The same control also lives in My Account → Appearance, so users who don't see the admin Settings page can still switch.

• The choice is a per-browser preference (rp_ui), defaulting to New.
• It applies instantly, with no reload (it just toggles a data-ui attribute; the CSS does the rest).
• The colour themes (nord, dracula, gruvbox, …) under My Account → Appearance continue to apply to the Old UI.

CSP-safe by construction

The whole feature is pure CSS plus one data attribute set from JavaScript. The toggle buttons are wired through the existing delegated data-action dispatch (data-action="setUIVersion"), with no inline scripts, inline styles, or on* handlers — so it composes with the production CSP (script-src 'self'; style-src 'self') untouched.

Beyond the skin — a project-wide polish pass

v4.6.0 also ships a thorough sweep across the whole project, not just the new UI:

• Navigation. A dedicated Admin sidebar group (Links lives there now), and every sidebar group is alphabetically sorted for quicker scanning.
• Bind it together. The device drawer now surfaces CPU model, kernel, total RAM and total disk beside the live usage figures (previously only on the CMDB page). More lists and the Hardware / SNMP drawer tables cap at ~15 rows then scroll internally, and the disk-forecast table sorts correctly by both GB and percent.
• Security — independently pentested clean. The server and all three agents were re-audited and the web surface scanned with wapiti, nikto, nuclei, bandit and OWASP ZAP with no exploitable findings. SSRF pre-flights were extended to the OPNsense, Proxmox, AI-provider and TLS-monitor integration targets (matching the RouterOS guard); two read endpoints now gate on the resolved role record rather than a name denylist; and agent credential storage is hardened on Windows (restrictive ACLs), macOS (atomic 0600 writes) and Linux (the command stash uses the O_NOFOLLOW state-file helpers). Details in security-review-4.6.0.
• Performance. The dashboard's 7-day uptime stripe is cached for 5 minutes instead of firing a second round-trip every tick; the offline-sweep transition handler uses single-row reads; and the agent heartbeat is lighter — memoized tool-path and CPU-model lookups, one memory read instead of two, and a non-blocking uptime probe that reads /proc/uptime directly.
• Correctness. Custom-script OK↔FAIL alerts no longer drop under the SQLite backend; the device runbook actually injects its RAG context and recent-command history; the kernel_outdated device-list filter works again; and the CMDB asset modal shows real free-memory / free-disk figures.

---

Upgrade is in-place; see upgrading. Older release notes live in CHANGELOG.