diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md
index b2e76ed1..6fe9a174 100644
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@@ -1830,3 +1830,13 @@ git checkout HEAD -- index.html
 - **Fixed** `secubox-evolution` repo which was public → now private
 - **API call**: `PATCH /api/v1/repos/gandalf/secubox-evolution` with `{"private":true}`
 - All 30 Gitea repos now private
+
+### 2026-02-15: Mitmproxy WAF Dashboard Data Path Fix
+- **Fixed** RPCD handler reading from wrong data path
+  - Was reading from `/srv/mitmproxy` (outbound instance, no threats)
+  - Now reads from `/srv/mitmproxy-in` (WAF input instance)
+- **Added** `WAF_DATA_PATH` constant for clarity
+- **Updated methods**: get_status, get_alerts, get_threat_stats, get_subdomain_metrics, clear_alerts
+- **Fixed** container running check to detect mitmproxy-in and mitmproxy-out
+- **Result**: Dashboard now shows 997 threats today, 29 pending autobans
+- **Committed**: 42d85c4d
diff --git a/.claude/WIP.md b/.claude/WIP.md
index c9374474..808682f2 100644
--- a/.claude/WIP.md
+++ b/.claude/WIP.md
@@ -1,6 +1,6 @@
 # Work In Progress (Claude)
 
-_Last updated: 2026-02-15 (Mailserver gk2 restore + Gitea privacy fix)_
+_Last updated: 2026-02-15 (Mitmproxy WAF dashboard data path fix)_
 
 > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches
 
@@ -95,6 +95,13 @@ _Last updated: 2026-02-15 (Mailserver gk2 restore + Gitea privacy fix)_
   - Same password hash preserved (no password change needed)
   - Note: Maildir was already empty in backup (emails lost before Feb 6)
 
+- **Mitmproxy WAF Dashboard Data Path Fix** — DONE (2026-02-15)
+  - Dashboard was showing 0 threats because RPCD read from `/srv/mitmproxy` (out)
+  - Fixed to read from `/srv/mitmproxy-in` (WAF input instance)
+  - Now displays correct stats: 997 threats today, 29 pending autobans
+  - Updated: get_status, get_alerts, get_threat_stats, get_subdomain_metrics
+  - Committed: 42d85c4d
+
 - **PeerTube Video Platform Package** — DONE (2026-02-15)
   - Created `secubox-app-peertube` package for self-hosted video streaming
   - LXC Debian Bookworm container with PostgreSQL 15, Redis 7, Node.js 18, FFmpeg