Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment

Co-authored-by: Cursor <cursoragent@cursor.com>

UDM_PRO_INTERNET_BLOCKING_CONFIRMED.md

@@ -0,0 +1,141 @@
+# UDM Pro Internet Blocking - CONFIRMED
+
+**Date**: 2026-01-21  
+**Evidence Source**: UniFi Network Controller Screenshot  
+**Client**: NPMplus dot 167 (192.168.11.167)
+
+---
+
+## Critical Finding: Zero Internet Activity
+
+### UDM Pro Client Overview
+- **Client Name**: NPMplus dot 167
+- **IP Address**: 192.168.11.167
+- **MAC Address** (from UDM Pro): `bc:24:11:8d:ec:b7`
+- **24H Internet Activity**: **0 B** ⚠️
+- **Virtual Network**: MGMT-LAN (VLAN ID 11)
+- **Manufacturer**: Proxmox Server Solutions GmbH
+
+---
+
+## Analysis
+
+### ✅ Device Recognition
+UDM Pro correctly identifies the NPMplus container:
+- IP address matches: 192.168.11.167
+- Manufacturer correctly identified as Proxmox
+- Connected via UDM Pro GbE
+
+### ❌ Internet Access Blocked
+**24H Internet Activity: 0 B** confirms:
+- UDM Pro firewall is blocking outbound internet traffic
+- This explains why Docker Hub pulls are timing out
+- This explains why container cannot reach 8.8.8.8
+
+### ⚠️ MAC Address Discrepancy
+- **UDM Pro shows**: `bc:24:11:8d:ec:b7`
+- **Container config shows**: `BC:24:11:A8:C1:5D`
+
+**Possible explanations**:
+1. UDM Pro may be showing a different MAC (bridge/veth pair)
+2. MAC address may have changed
+3. UDM Pro may be tracking a different interface
+
+**Action**: Verify which MAC is actually active
+
+---
+
+## Root Cause Confirmed
+
+The **0 B internet activity** definitively proves:
+- ✅ Container is recognized by UDM Pro
+- ❌ **Outbound internet traffic is blocked by UDM Pro firewall**
+- ❌ This is preventing Docker Hub access
+- ❌ This is preventing NPMplus updates
+
+---
+
+## Solution: UDM Pro Firewall Rule
+
+### Step 1: Access UDM Pro
+1. Open: `https://192.168.11.1`
+2. Navigate to: **Clients** → **NPMplus dot 167**
+
+### Step 2: Check Current Firewall Rules
+1. Go to: **Settings → Firewall & Security → Firewall Rules**
+2. Look for rules affecting:
+   - Source: `192.168.11.167`
+   - Virtual Network: `MGMT-LAN` (VLAN 11)
+   - Outbound traffic
+
+### Step 3: Add Allow Rule
+Create a new firewall rule:
+
+**Rule Configuration**:
+- **Name**: `Allow NPMplus Outbound`
+- **Action**: `Accept` / `Allow`
+- **Source**:
+  - Type: `IP Address`
+  - Address: `192.168.11.167`
+  - Or use MAC: `bc:24:11:8d:ec:b7`
+- **Destination**: `Any` (or `Internet`)
+- **Protocol**: `Any`
+- **Port**: `Any`
+- **Direction**: `Outbound` or `Both`
+- **Virtual Network**: `MGMT-LAN` (VLAN 11)
+- **Placement**: **BEFORE** any deny/drop rules
+
+### Step 4: Verify Fix
+After adding the rule, wait 30 seconds, then:
+
+```bash
+# Test from container
+ssh root@r630-01
+pct exec 10233 -- ping -c 2 8.8.8.8
+
+# Test Docker Hub
+pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3
+
+# Check UDM Pro client overview again
+# Should show internet activity > 0 B
+```
+
+---
+
+## Alternative: MAC-Based Rule
+
+If IP-based rules don't work, try MAC-based:
+
+- **Source MAC**: `bc:24:11:8d:ec:b7`
+- **Action**: `Accept`
+- **Destination**: `Any`
+
+---
+
+## Expected Result
+
+After adding the firewall rule:
+- ✅ Container can reach internet (8.8.8.8)
+- ✅ Container can reach Docker Hub
+- ✅ Docker pull will succeed
+- ✅ UDM Pro client overview will show internet activity > 0 B
+
+---
+
+## Summary
+
+**Status**: ✅ **ROOT CAUSE CONFIRMED**
+
+**Evidence**:
+- UDM Pro shows 0 B internet activity for 192.168.11.167
+- This confirms firewall blocking outbound traffic
+
+**Solution**:
+- Add UDM Pro firewall rule to allow outbound from 192.168.11.167
+- Use IP address or MAC address (`bc:24:11:8d:ec:b7`)
+
+**Next Step**: Add firewall rule in UDM Pro Web UI
+
+---
+
+**Action Required**: Configure UDM Pro firewall rule to allow outbound internet access