docs: Update tracking files for Metrics Dashboard + WAF hot-reload

- Added LuCI Metrics Dashboard to HISTORY.md
- Documented WAF hot-reload discovery
- Updated WIP.md with completed work
- Noted HAProxy health check fix and test site cleanup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/HISTORY.md

@@ -1,6 +1,21 @@
 # SecuBox UI & Theme History
 
-_Last updated: 2026-03-17 (HAProxy/mitmproxy WAF routing fix)_
+_Last updated: 2026-03-17 (LuCI Metrics Dashboard + WAF hot-reload)_
+
+0. **LuCI Metrics Dashboard + WAF Hot-Reload (2026-03-17)**
+   - NEW: `luci-app-metrics-dashboard` package - Real-time system metrics dashboard
+     - RPCD backend: `luci.metrics` with 9 methods (overview, certs, vhosts, metablogs, streamlits, waf_stats, connections, firewall_stats, all)
+     - Shows: uptime, memory, load, vHosts, certificates, MetaBlogs, Streamlits, LXC containers
+     - WAF stats: active bans, alerts today, threats detected, blocked requests
+     - Connections: HTTP, HTTPS, SSH, total TCP (live counts)
+     - Service status: HAProxy, mitmproxy, CrowdSec running indicators
+     - Auto-refresh every 5 seconds via poll.add()
+     - Menu: Status → Metrics Dashboard
+   - WAF Filters page: Stats layout changed from 3 boxes to single compact line
+   - Discovered mitmproxy haproxy_router.py already has hot-reload (checks file mtime every request)
+   - Updated metablogizerctl to use hot-reload instead of restart for faster publishing
+   - Fixed HAProxy 503 errors: Disabled health check on mitmproxy backend (mitmproxy returns 404 without valid Host)
+   - Cleaned up test sites (testsite, lblstest)
 
 0. **HAProxy/mitmproxy WAF Routing Fix (2026-03-17)**
    - Fixed published sites returning 503 errors due to misconfigured WAF routing

.claude/WIP.md

@@ -1,6 +1,6 @@
 # Work In Progress (Claude)
 
-_Last updated: 2026-03-17 (HAProxy/mitmproxy WAF routing fix)_
+_Last updated: 2026-03-17 (LuCI Metrics Dashboard + WAF hot-reload)_
 
 > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches
 
@@ -10,6 +10,36 @@ _Last updated: 2026-03-17 (HAProxy/mitmproxy WAF routing fix)_
 
 ### 2026-03-17
 
+- **LuCI Metrics Dashboard (Complete)**
+  - New `luci-app-metrics-dashboard` package with real-time system metrics
+  - RPCD backend: `luci.metrics` with 9 methods (overview, certs, vhosts, metablogs, streamlits, waf_stats, connections, firewall_stats, all)
+  - Dashboard shows: uptime, memory, load, vHosts, certificates, MetaBlogs, Streamlits, LXC containers
+  - WAF stats: active bans, alerts today, threats detected, blocked requests
+  - Connections: HTTP, HTTPS, SSH, total TCP (live counts)
+  - Service status: HAProxy, mitmproxy, CrowdSec running indicators
+  - Auto-refresh every 5 seconds via poll.add()
+  - Menu: Status → Metrics Dashboard
+
+- **WAF Filters Stats Layout Fix (Complete)**
+  - Changed stats from 3 separate boxes to single compact line
+  - Shows: "X Categories · Y Active · Z Rules" inline
+  - Cleaner header with KISS theme styling
+
+- **Mitmproxy Hot-Reload Discovery (Complete)**
+  - Discovered haproxy_router.py already supports hot-reload (`_check_interval = 1`)
+  - Routes file is checked every request; no restart needed for new routes
+  - Updated metablogizerctl `_add_mitmproxy_route()` to skip mitmproxy restart
+  - Significantly faster site publishing workflow
+
+- **HAProxy Health Check Fix (Complete)**
+  - Root cause of 503 errors: HAProxy health check failing because mitmproxy returns 404 for requests without valid Host header
+  - Fix: Disabled health check on mitmproxy_inspector backend (`check="0"`)
+  - HAProxy container required full restart (reload not sufficient for backend server changes)
+
+- **Test Sites Cleanup (Complete)**
+  - Removed testsite and lblstest (test sites no longer needed)
+  - Cleaned up UCI config, mitmproxy routes, HAProxy backends
+
 - **HAProxy/mitmproxy WAF Routing Fix (Complete)**
   - Fixed published sites returning 503 errors
   - **Root causes identified and fixed**: