New translations en-us.json (French)

[ci skip]
Merge branch 'dev' of github.com:fosrl/pangolin into dev
2026-05-07 00:39:53 +00:00 · 2026-05-06 17:13:33 -07:00 · 2026-05-06 16:58:39 -07:00 · 2026-05-06 16:58:28 -07:00 · 2026-05-06 16:21:45 -07:00 · 2026-05-06 16:17:46 -07:00
874 changed files with 72340 additions and 21246 deletions
--- a/.cursor/rules/Localization.mdc
+++ b/.cursor/rules/Localization.mdc
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+Always localize strings and use the `t` function to convert keys to strings. Add the keys to the en-us.json file. Never edit the other language files, as en-us.json is the single source of truth.
--- a/.cursor/rules/Nomenclature.mdc
+++ b/.cursor/rules/Nomenclature.mdc
@@ -0,0 +1,7 @@
+---
+description: 
+alwaysApply: true
+---
+
+Proxy resources = public resources
+Private resources = client resources = site resources
--- a/.dockerignore
+++ b/.dockerignore
@@ -28,9 +28,9 @@ LICENSE
 CONTRIBUTING.md
 dist
 .git
-migrations/
+server/migrations/
 config/
 build.ts
 tsconfig.json
 Dockerfile*
-migrations/
+drizzle.config.ts
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @oschwartz10612 @miloschwartz
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -29,7 +29,7 @@ jobs:
        permissions: write-all
        steps:
            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v5
+              uses: aws-actions/configure-aws-credentials@v6
              with:
                  role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
                  role-duration-seconds: 3600
@@ -62,7 +62,7 @@ jobs:

        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Monitor storage space
              run: |
@@ -77,7 +77,7 @@ jobs:
                  fi

            - name: Log in to Docker Hub
-              uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -134,7 +134,7 @@ jobs:

        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Monitor storage space
              run: |
@@ -149,7 +149,7 @@ jobs:
                  fi

            - name: Log in to Docker Hub
-              uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -201,10 +201,10 @@ jobs:
        timeout-minutes: 30
        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Log in to Docker Hub
-              uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -256,7 +256,7 @@ jobs:

        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Extract tag name
              id: get-tag
@@ -264,9 +264,9 @@ jobs:
              shell: bash

            - name: Install Go
-              uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+              uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
              with:
-                  go-version: 1.24
+                  go-version: 1.25

            - name: Update version in package.json
              run: |
@@ -289,25 +289,17 @@ jobs:
                  echo "LATEST_BADGER_TAG=$LATEST_TAG" >> $GITHUB_ENV
              shell: bash

-            - name: Update install/main.go
-              run: |
-                  PANGOLIN_VERSION=${{ env.TAG }}
-                  GERBIL_VERSION=${{ env.LATEST_GERBIL_TAG }}
-                  BADGER_VERSION=${{ env.LATEST_BADGER_TAG }}
-                  sed -i "s/config.PangolinVersion = \".*\"/config.PangolinVersion = \"$PANGOLIN_VERSION\"/" install/main.go
-                  sed -i "s/config.GerbilVersion = \".*\"/config.GerbilVersion = \"$GERBIL_VERSION\"/" install/main.go
-                  sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"$BADGER_VERSION\"/" install/main.go
-                  echo "Updated install/main.go with Pangolin version $PANGOLIN_VERSION, Gerbil version $GERBIL_VERSION, and Badger version $BADGER_VERSION"
-                  cat install/main.go
-              shell: bash
-
            - name: Build installer
              working-directory: install
              run: |
-                  make go-build-release
+                  make go-build-release \
+                    PANGOLIN_VERSION=${{ env.TAG }} \
+                    GERBIL_VERSION=${{ env.LATEST_GERBIL_TAG }} \
+                    BADGER_VERSION=${{ env.LATEST_BADGER_TAG }}
+              shell: bash

            - name: Upload artifacts from /install/bin
-              uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+              uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
              with:
                  name: install-bin
                  path: install/bin/
@@ -415,35 +407,25 @@ jobs:
              shell: bash

            - name: Login to GitHub Container Registry (for cosign)
-              uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
              with:
                registry: ghcr.io
                username: ${{ github.actor }}
                password: ${{ secrets.GITHUB_TOKEN }}

            - name: Install cosign
-              # cosign is used to sign and verify container images (key and keyless)
-              uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+              # cosign is used to sign container images using keyless (OIDC) signing
+              uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1

-            - name: Dual-sign and verify (GHCR & Docker Hub)
-              # Sign each image by digest using keyless (OIDC) and key-based signing,
-              # then verify both the public key signature and the keyless OIDC signature.
+            - name: Sign (GHCR, keyless)
+              # Sign each GHCR image by digest using keyless (OIDC) signing via Sigstore/Rekor.
+              # Signatures are stored in the registry alongside the image.
              env:
                  TAG: ${{ env.TAG }}
-                  COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-                  COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-                  COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
                  COSIGN_YES: "true"
              run: |
                  set -euo pipefail

-                  issuer="https://token.actions.githubusercontent.com"
-                  id_regex="^https://github.com/${{ github.repository }}/.+"  # accept this repo (all workflows/refs)
-
-                  # Track failures
-                  FAILED_TAGS=()
-                  SUCCESSFUL_TAGS=()
-
                  # Determine if this is an RC release
                  IS_RC="false"
                  if [[ "$TAG" == *"-rc."* ]]; then
@@ -471,95 +453,47 @@ jobs:
                      )
                  fi

-                  # Sign each image variant for both registries
-                  for BASE_IMAGE in "${GHCR_IMAGE}" "${DOCKERHUB_IMAGE}"; do
-                    for IMAGE_TAG in "${IMAGE_TAGS[@]}"; do
-                      echo "Processing ${BASE_IMAGE}:${IMAGE_TAG}"
-                      TAG_FAILED=false
+                  FAILED_TAGS=()
+                  SUCCESSFUL_TAGS=()

-                      # Wrap the entire tag processing in error handling
-                      (
-                        set -e
-                        DIGEST="$(skopeo inspect --retry-times 3 docker://${BASE_IMAGE}:${IMAGE_TAG} | jq -r '.Digest')"
-                        REF="${BASE_IMAGE}@${DIGEST}"
-                        echo "Resolved digest: ${REF}"
+                  for IMAGE_TAG in "${IMAGE_TAGS[@]}"; do
+                    echo "Processing ${GHCR_IMAGE}:${IMAGE_TAG}"
+                    TAG_FAILED=false

-                        echo "==> cosign sign (keyless) --recursive ${REF}"
-                        cosign sign --recursive "${REF}"
+                    (
+                      set -e
+                      DIGEST="$(skopeo inspect --retry-times 3 docker://${GHCR_IMAGE}:${IMAGE_TAG} | jq -r '.Digest')"
+                      REF="${GHCR_IMAGE}@${DIGEST}"
+                      echo "Resolved digest: ${REF}"

-                        echo "==> cosign sign (key) --recursive ${REF}"
-                        cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
+                      echo "==> cosign sign (keyless) --recursive ${REF}"
+                      cosign sign --recursive "${REF}"
+                    ) || TAG_FAILED=true

-                        # Retry wrapper for verification to handle registry propagation delays
-                        retry_verify() {
-                          local cmd="$1"
-                          local attempts=6
-                          local delay=5
-                          local i=1
-                          until eval "$cmd"; do
-                            if [ $i -ge $attempts ]; then
-                              echo "Verification failed after $attempts attempts"
-                              return 1
-                            fi
-                            echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
-                            sleep $delay
-                            i=$((i+1))
-                            delay=$((delay*2))
-                            # Cap the delay to avoid very long waits
-                            if [ $delay -gt 60 ]; then delay=60; fi
-                          done
-                          return 0
-                        }
-
-                        echo "==> cosign verify (public key) ${REF}"
-                        if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"; then
-                          VERIFIED_INDEX=true
-                        else
-                          VERIFIED_INDEX=false
-                        fi
-
-                        echo "==> cosign verify (keyless policy) ${REF}"
-                        if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"; then
-                          VERIFIED_INDEX_KEYLESS=true
-                        else
-                          VERIFIED_INDEX_KEYLESS=false
-                        fi
-
-                        # Check if verification succeeded
-                        if [ "${VERIFIED_INDEX}" != "true" ] && [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
-                          echo "⚠️  WARNING: Verification not available for ${BASE_IMAGE}:${IMAGE_TAG}"
-                          echo "This may be due to registry propagation delays. Continuing anyway."
-                        fi
-                      ) || TAG_FAILED=true
-
-                      if [ "$TAG_FAILED" = "true" ]; then
-                        echo "⚠️  WARNING: Failed to sign/verify ${BASE_IMAGE}:${IMAGE_TAG}"
-                        FAILED_TAGS+=("${BASE_IMAGE}:${IMAGE_TAG}")
-                      else
-                        echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
-                        SUCCESSFUL_TAGS+=("${BASE_IMAGE}:${IMAGE_TAG}")
-                      fi
-                    done
+                    if [ "$TAG_FAILED" = "true" ]; then
+                      echo "⚠️  WARNING: Failed to sign ${GHCR_IMAGE}:${IMAGE_TAG}"
+                      FAILED_TAGS+=("${GHCR_IMAGE}:${IMAGE_TAG}")
+                    else
+                      echo "✓ Successfully signed ${GHCR_IMAGE}:${IMAGE_TAG}"
+                      SUCCESSFUL_TAGS+=("${GHCR_IMAGE}:${IMAGE_TAG}")
+                    fi
                  done

-                  # Report summary
                  echo ""
                  echo "=========================================="
-                  echo "Sign and Verify Summary"
+                  echo "Sign Summary"
                  echo "=========================================="
                  echo "Successful: ${#SUCCESSFUL_TAGS[@]}"
                  echo "Failed: ${#FAILED_TAGS[@]}"
-                  echo ""

                  if [ ${#FAILED_TAGS[@]} -gt 0 ]; then
                    echo "Failed tags:"
                    for tag in "${FAILED_TAGS[@]}"; do
                      echo "  - $tag"
                    done
-                    echo ""
-                    echo "⚠️  WARNING: Some tags failed to sign/verify, but continuing anyway"
+                    echo "⚠️  WARNING: Some tags failed to sign, but continuing anyway"
                  else
-                    echo "✓ All images signed and verified successfully!"
+                    echo "✓ All images signed successfully!"
                  fi
              shell: bash

@@ -578,7 +512,7 @@ jobs:
        permissions: write-all
        steps:
            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v5
+              uses: aws-actions/configure-aws-credentials@v6
              with:
                  role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
                  role-duration-seconds: 3600
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -21,10 +21,10 @@ jobs:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Set up Node.js
-              uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+              uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
              with:
                node-version: '24'

--- a/.github/workflows/mirror.yaml
+++ b/.github/workflows/mirror.yaml
@@ -23,7 +23,7 @@ jobs:
          skopeo --version

      - name: Install cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1

      - name: Input check
        run: |
--- a/.github/workflows/restart-runners.yml
+++ b/.github/workflows/restart-runners.yml
@@ -14,7 +14,7 @@ jobs:
    permissions: write-all
    steps:
      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v5
+        uses: aws-actions/configure-aws-credentials@v6
        with:
          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
          role-duration-seconds: 3600
--- a/.github/workflows/saas.yml
+++ b/.github/workflows/saas.yml
@@ -23,7 +23,7 @@ jobs:
        permissions: write-all
        steps:
            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v5
+              uses: aws-actions/configure-aws-credentials@v6
              with:
                  role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
                  role-duration-seconds: 3600
@@ -54,7 +54,42 @@ jobs:

        steps:
            - name: Checkout code
-              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+            - name: Download MaxMind GeoLite2 databases
+              env:
+                MAXMIND_LICENSE_KEY: ${{ secrets.MAXMIND_LICENSE_KEY }}
+              run: |
+                echo "Downloading MaxMind GeoLite2 databases..."
+
+                # Download GeoLite2-Country
+                curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz" \
+                  -o GeoLite2-Country.tar.gz
+
+                # Download GeoLite2-ASN
+                curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz" \
+                  -o GeoLite2-ASN.tar.gz
+
+                # Extract the .mmdb files
+                tar -xzf GeoLite2-Country.tar.gz --strip-components=1 --wildcards '*.mmdb'
+                tar -xzf GeoLite2-ASN.tar.gz --strip-components=1 --wildcards '*.mmdb'
+
+                # Verify files exist
+                if [ ! -f "GeoLite2-Country.mmdb" ]; then
+                  echo "ERROR: Failed to download GeoLite2-Country.mmdb"
+                  exit 1
+                fi
+
+                if [ ! -f "GeoLite2-ASN.mmdb" ]; then
+                  echo "ERROR: Failed to download GeoLite2-ASN.mmdb"
+                  exit 1
+                fi
+
+                # Clean up tar files
+                rm -f GeoLite2-Country.tar.gz GeoLite2-ASN.tar.gz
+
+                echo "MaxMind databases downloaded successfully"
+                ls -lh GeoLite2-*.mmdb

            - name: Monitor storage space
              run: |
@@ -69,7 +104,7 @@ jobs:
                  fi

            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v5
+              uses: aws-actions/configure-aws-credentials@v6
              with:
                  role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ secrets.AWS_ROLE_NAME }}
                  role-duration-seconds: 3600
@@ -110,7 +145,7 @@ jobs:
        permissions: write-all
        steps:
            - name: Configure AWS credentials
-              uses: aws-actions/configure-aws-credentials@v5
+              uses: aws-actions/configure-aws-credentials@v6
              with:
                  role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
                  role-duration-seconds: 3600
--- a/.github/workflows/stale-bot.yml
+++ b/.github/workflows/stale-bot.yml
@@ -14,7 +14,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
        with:
          days-before-stale: 14
          days-before-close: 14
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,10 +14,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Install Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: '24'

@@ -62,7 +62,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Build Docker image sqlite
        run: make dev-build-sqlite
@@ -71,7 +71,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Build Docker image pg
        run: make dev-build-pg
--- a/26
+++ b/26
@@ -1,8 +1,9 @@
-FROM node:24-alpine AS base
+# FROM node:24-slim AS base
+FROM public.ecr.aws/docker/library/node:24-slim AS base

 WORKDIR /app

-RUN apk add --no-cache python3 make g++
+RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*

 COPY package*.json ./

@@ -23,15 +24,20 @@ RUN if [ "$BUILD" = "oss" ]; then rm -rf server/private; fi && \
    npm run build:cli && \
    test -f dist/server.mjs

+# Create placeholder files for MaxMind databases to avoid COPY errors
+# Real files should be present for saas builds, placeholders for oss builds
+RUN touch /app/GeoLite2-Country.mmdb /app/GeoLite2-ASN.mmdb
+
 FROM base AS builder

 RUN npm ci --omit=dev

-FROM node:24-alpine AS runner
+# FROM node:24-slim AS runner
+FROM public.ecr.aws/docker/library/node:24-slim AS runner

 WORKDIR /app

-RUN apk add --no-cache curl tzdata
+RUN apt-get update && apt-get install -y curl tzdata && rm -rf /var/lib/apt/lists/*

 COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/package.json ./package.json
@@ -49,6 +55,18 @@ COPY server/db/ios_models.json ./dist/ios_models.json
 COPY server/db/mac_models.json ./dist/mac_models.json
 COPY public ./public

+# Copy MaxMind databases for SaaS builds
+ARG BUILD=oss
+
+RUN mkdir -p ./maxmind
+
+# Copy MaxMind databases (placeholders exist for oss builds, real files for saas)
+COPY --from=builder-dev /app/GeoLite2-Country.mmdb ./maxmind/GeoLite2-Country.mmdb
+COPY --from=builder-dev /app/GeoLite2-ASN.mmdb ./maxmind/GeoLite2-ASN.mmdb
+
+# Remove MaxMind databases for non-saas builds (keep only for saas)
+RUN if [ "$BUILD" != "saas" ]; then rm -rf ./maxmind; fi
+
 # OCI Image Labels - Build Args for dynamic values
 ARG VERSION="dev"
 ARG REVISION=""
--- a/README.md
+++ b/README.md
@@ -35,43 +35,53 @@

 </div>

-<p align="center">
-    <a href="https://docs.pangolin.net/careers/join-us">
-        <img src="https://img.shields.io/badge/🚀_We're_Hiring!-Join_Our_Team-brightgreen?style=for-the-badge" alt="We're Hiring!" />
-    </a>
-</p>
-
 <p align="center">
    <strong>
-        Start testing Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
+        Get started with Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
    </strong>
 </p>

-Pangolin is an open-source, identity-based remote access platform built on WireGuard that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources, all with zero-trust security and granular access control.
+Pangolin is an open-source, identity-based remote access platform built on WireGuard® that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources with NAT traversal, all with granular access controls.

 ## Installation

- Check out the [quick install guide](https://docs.pangolin.net/self-host/quick-install) for how to install and set up Pangolin.
- Install from the [DigitalOcean marketplace](https://marketplace.digitalocean.com/apps/pangolin-ce-1?refcode=edf0480eeb81) for a one-click pre-configured installer.
+- Get started for free with [Pangolin Cloud](https://app.pangolin.net/).
+- Or, check out the [quick install guide](https://docs.pangolin.net/self-host/quick-install) for how to self-host Pangolin.
+  - Install from the [DigitalOcean marketplace](https://marketplace.digitalocean.com/apps/pangolin-ce-1?refcode=edf0480eeb81) for a one-click pre-configured installer.

-<img src="public/screenshots/hero.png" />
+<img src="public/screenshots/hero.png" alt="Pangolin" width="100%" />

 ## Deployment Options

-| <img width=500 /> | Description |
-|-----------------|--------------|
-| **Self-Host: Community Edition** | Free, open source, and licensed under AGPL-3. |
-| **Self-Host: Enterprise Edition** | Licensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under \$100K USD annually. |
-| **Pangolin Cloud** | Fully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own [remote node](https://docs.pangolin.net/manage/remote-node/nodes) and connect to our control plane. |
+- **Pangolin Cloud** - Fully managed service - no infrastructure required.
+- **Self-Host: Community Edition** - Free, open source, and licensed under AGPL-3.
+- **Self-Host: Enterprise Edition** - Licensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses making less than \$100K USD gross annual revenue.

 ## Key Features

-| <img width=500 />                                                                                                                                                                                                                                                                                                                                                                | <img width=500 />                                                  |
-|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
-| **Connect remote networks with sites**<br /><br />Pangolin's lightweight site connectors create secure tunnels from remote networks without requiring public IP addresses or open ports. Sites make any network anywhere available for authorized access.                                                                                                                                                                                   | <img src="public/screenshots/sites.png" width=500 /><tr></tr>               |
-| **Browser-based reverse proxy access**<br /><br />Expose web applications through identity and context-aware tunneled reverse proxies. Pangolin handles routing, load balancing, health checking, and automatic SSL certificates without exposing your network directly to the internet. Users access applications through any web browser with authentication and granular access control.                                                                                                  | <img src="public/clip.gif" width=500 /><tr></tr>          |
-| **Client-based private resource access**<br /><br />Access private resources like SSH servers, databases, RDP, and entire network ranges through Pangolin clients. Intelligent NAT traversal enables connections even through restrictive firewalls, while DNS aliases provide friendly names and fast connections to resources across all your sites.                                                                                                                                                                                                | <img src="public/screenshots/private-resources.png" width=500 /><tr></tr>               |
-| **Zero-trust granular access**<br /><br />Grant users access to specific resources, not entire networks. Unlike traditional VPNs that expose full network access, Pangolin's zero-trust model ensures users can only reach the applications and services you explicitly define, reducing security risk and attack surface.                                                                                                                                                                                    | <img src="public/screenshots/user-devices.png" width=500 /><tr></tr> |
+### Connect remote networks with sites and NAT traversal
+
+Pangolin's site connectors provide gateways into networks so you can access any networked resources. Sites use outbound tunnels and intelligent NAT traversal to make networks behind restrictive firewalls available for authorized access without public IPs or open ports. Easily deploy a site as a binary or container on any platform.
+
+<img src="public/screenshots/sites.png" alt="Sites" width="100%" />
+
+### Browser-based reverse proxy access
+
+Expose web applications through identity and context-aware tunneled reverse proxies. Users access applications through any web browser with authentication and granular access control without installing a client. Pangolin handles routing, load balancing, health checking, and automatic SSL certificates without exposing your network directly to the internet.
+
+<img src="public/clip.gif" alt="Reverse proxy access" width="100%" />
+
+### Client-based private resource access
+
+Access private resources like SSH servers, databases, RDP, and entire network ranges through Pangolin clients. Intelligent NAT traversal enables connections even through restrictive firewalls, while DNS aliases provide friendly names and fast connections to resources across all your sites. Add redundancy by routing traffic through multiple connectors in your network.
+
+<img src="public/screenshots/private-resources.png" alt="Private resources" width="100%" />
+
+### Give users and roles access to resources
+
+Use Pangolin's built in users or bring your own identity provider and set up role based access control (RBAC). Grant users access to specific resources, not entire networks. Unlike traditional VPNs that expose full network access, Pangolin's zero-trust model ensures users can only reach the applications, services, and routes you explicitly define.
+
+<img src="public/screenshots/users.png" alt="Users from identity provider with roles" width="100%" />

 ## Download Clients

@@ -85,17 +95,16 @@ Download the Pangolin client for your platform:

 ## Get Started

+### Sign up now
+
+Create a free account at [app.pangolin.net](https://app.pangolin.net) to get started with Pangolin Cloud.
+
 ### Check out the docs

 We encourage everyone to read the full documentation first, which is
 available at [docs.pangolin.net](https://docs.pangolin.net). This README provides only a very brief subset of
 the docs to illustrate some basic ideas.

-### Sign up and try now
-
-For Pangolin's managed service, you will first need to create an account at
-[app.pangolin.net](https://app.pangolin.net). We have a generous free tier to get started.
-
 ## Licensing

 Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
@@ -103,7 +112,3 @@ Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License
 ## Contributions

 Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices.
-
---
-
-WireGuard® is a registered trademark of Jason A. Donenfeld.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,7 +3,7 @@
 If you discover a security vulnerability, please follow the steps below to responsibly disclose it to us:

 1. **Do not create a public GitHub issue or discussion post.** This could put the security of other users at risk.
-2. Send a detailed report to [security@pangolin.net](mailto:security@pangolin.net) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
+2. Send a detailed report to [security@pangolin.net](mailto:security@pangolin.net) with the following information:

 -   Description and location of the vulnerability.
 -   Potential impact of the vulnerability.
--- a/Keys/Create
+++ b/Keys/Create
@@ -1,17 +0,0 @@
-meta {
-  name: Create API Key
-  type: http
-  seq: 1
-}
-
-put {
-  url: http://localhost:3000/api/v1/api-key
-  body: json
-  auth: inherit
-}
-
-body:json {
-  {
-    "isRoot": true
-  }
-}
--- a/Keys/Delete
+++ b/Keys/Delete
@@ -1,11 +0,0 @@
-meta {
-  name: Delete API Key
-  type: http
-  seq: 2
-}
-
-delete {
-  url: http://localhost:3000/api/v1/api-key/dm47aacqxxn3ubj
-  body: none
-  auth: inherit
-}
--- a/Actions.bru
+++ b/Actions.bru
@@ -1,11 +0,0 @@
-meta {
-  name: List API Key Actions
-  type: http
-  seq: 6
-}
-
-get {
-  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/actions
-  body: none
-  auth: inherit
-}
--- a/Keys/List
+++ b/Keys/List
@@ -1,11 +0,0 @@
-meta {
-  name: List Org API Keys
-  type: http
-  seq: 4
-}
-
-get {
-  url: http://localhost:3000/api/v1/org/home-lab/api-keys
-  body: none
-  auth: inherit
-}
--- a/Keys/List
+++ b/Keys/List
@@ -1,11 +0,0 @@
-meta {
-  name: List Root API Keys
-  type: http
-  seq: 3
-}
-
-get {
-  url: http://localhost:3000/api/v1/root/api-keys
-  body: none
-  auth: inherit
-}
--- a/Actions.bru
+++ b/Actions.bru
@@ -1,17 +0,0 @@
-meta {
-  name: Set API Key Actions
-  type: http
-  seq: 5
-}
-
-post {
-  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/actions
-  body: json
-  auth: inherit
-}
-
-body:json {
-  {
-    "actionIds": ["listSites"]
-  }
-}
--- a/bruno/API
+++ b/bruno/API
@@ -1,17 +0,0 @@
-meta {
-  name: Set API Key Orgs
-  type: http
-  seq: 7
-}
-
-post {
-  url: http://localhost:3000/api/v1/api-key/ex0izu2c37fjz9x/orgs
-  body: json
-  auth: inherit
-}
-
-body:json {
-  {
-    "orgIds": ["home-lab"]
-  }
-}
--- a/Keys/folder.bru
+++ b/Keys/folder.bru
@@ -1,3 +0,0 @@
-meta {
-  name: API Keys
-}
--- a/bruno/Auth/2fa-disable.bru
+++ b/bruno/Auth/2fa-disable.bru
@@ -1,18 +0,0 @@
-meta {
-  name: 2fa-disable
-  type: http
-  seq: 6
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/2fa/disable
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "password": "aaaaa-1A",
-      "code": "377289"
-  }
-}
--- a/bruno/Auth/2fa-enable.bru
+++ b/bruno/Auth/2fa-enable.bru
@@ -1,17 +0,0 @@
-meta {
-  name: 2fa-enable
-  type: http
-  seq: 4
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/2fa/enable
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "code": "374138"
-  }
-}
--- a/bruno/Auth/2fa-request.bru
+++ b/bruno/Auth/2fa-request.bru
@@ -1,17 +0,0 @@
-meta {
-  name: 2fa-request
-  type: http
-  seq: 5
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/2fa/request
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "password": "aaaaa-1A"
-  }
-}
--- a/bruno/Auth/change-password.bru
+++ b/bruno/Auth/change-password.bru
@@ -1,18 +0,0 @@
-meta {
-  name: change-password
-  type: http
-  seq: 9
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/change-password
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "oldPassword": "",
-      "newPassword": ""
-  }
-}
--- a/bruno/Auth/login.bru
+++ b/bruno/Auth/login.bru
@@ -1,18 +0,0 @@
-meta {
-  name: login
-  type: http
-  seq: 1
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/login
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-    "email": "admin@fosrl.io",
-    "password": "Password123!"
-  }
-}
--- a/bruno/Auth/logout.bru
+++ b/bruno/Auth/logout.bru
@@ -1,11 +0,0 @@
-meta {
-  name: logout
-  type: http
-  seq: 3
-}
-
-post {
-  url: http://localhost:4000/api/v1/auth/logout
-  body: none
-  auth: none
-}
--- a/bruno/Auth/reset-password-request.bru
+++ b/bruno/Auth/reset-password-request.bru
@@ -1,17 +0,0 @@
-meta {
-  name: reset-password-request
-  type: http
-  seq: 10
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/reset-password/request
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "email": "milo@pangolin.net"
-  }
-}
--- a/bruno/Auth/reset-password.bru
+++ b/bruno/Auth/reset-password.bru
@@ -1,19 +0,0 @@
-meta {
-  name: reset-password
-  type: http
-  seq: 11
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/reset-password
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "token": "3uhsbom72dwdhboctwrtntyd6jrlg4jtf5oaxy4k",
-      "newPassword": "aaaaa-1A",
-      "code": "6irqCGR3"
-  }
-}
--- a/bruno/Auth/signup.bru
+++ b/bruno/Auth/signup.bru
@@ -1,18 +0,0 @@
-meta {
-  name: signup
-  type: http
-  seq: 2
-}
-
-put {
-  url: http://localhost:3000/api/v1/auth/signup
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-    "email": "numbat@pangolin.net",
-    "password": "Password123!"
-  }
-}
--- a/bruno/Auth/verify-email-request.bru
+++ b/bruno/Auth/verify-email-request.bru
@@ -1,11 +0,0 @@
-meta {
-  name: verify-email-request
-  type: http
-  seq: 8
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/verify-email/request
-  body: none
-  auth: none
-}
--- a/bruno/Auth/verify-email.bru
+++ b/bruno/Auth/verify-email.bru
@@ -1,17 +0,0 @@
-meta {
-  name: verify-email
-  type: http
-  seq: 7
-}
-
-post {
-  url: http://localhost:3000/api/v1/auth/verify-email
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "code": "50317187"
-  }
-}
--- a/bruno/Auth/verify-user.bru
+++ b/bruno/Auth/verify-user.bru
@@ -1,15 +0,0 @@
-meta {
-  name: verify-user
-  type: http
-  seq: 4
-}
-
-get {
-  url: http://localhost:3001/api/v1/badger/verify-user?sessionId=mb52273jkb6t3oys2bx6ur5x7rcrkl26c7warg3e
-  body: none
-  auth: none
-}
-
-params:query {
-  sessionId: mb52273jkb6t3oys2bx6ur5x7rcrkl26c7warg3e
-}
--- a/bruno/Clients/createClient.bru
+++ b/bruno/Clients/createClient.bru
@@ -1,22 +0,0 @@
-meta {
-  name: createClient
-  type: http
-  seq: 1
-}
-
-put {
-  url: http://localhost:3000/api/v1/site/1/client
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-      "siteId": 1,
-      "name": "test",
-      "type": "olm",
-      "subnet": "100.90.129.4/30",
-      "olmId": "029yzunhx6nh3y5",
-      "secret": "l0ymp075y3d4rccb25l6sqpgar52k09etunui970qq5gj7x6"
-  }
-}
--- a/bruno/Clients/pickClientDefaults.bru
+++ b/bruno/Clients/pickClientDefaults.bru
@@ -1,11 +0,0 @@
-meta {
-  name: pickClientDefaults
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/site/1/pick-client-defaults
-  body: none
-  auth: none
-}
--- a/bruno/IDP/Create
+++ b/bruno/IDP/Create
@@ -1,22 +0,0 @@
-meta {
-  name: Create OIDC Provider
-  type: http
-  seq: 1
-}
-
-put {
-  url: http://localhost:3000/api/v1/org/home-lab/idp/oidc
-  body: json
-  auth: inherit
-}
-
-body:json {
-  {
-    "clientId": "JJoSvHCZcxnXT2sn6CObj6a21MuKNRXs3kN5wbys",
-    "clientSecret": "2SlGL2wOGgMEWLI9yUuMAeFxre7qSNJVnXMzyepdNzH1qlxYnC4lKhhQ6a157YQEkYH3vm40KK4RCqbYiF8QIweuPGagPX3oGxEj2exwutoXFfOhtq4hHybQKoFq01Z3",
-    "authUrl": "http://localhost:9000/application/o/authorize/",
-    "tokenUrl": "http://localhost:9000/application/o/token/",
-    "scopes": ["email", "openid", "profile"],
-    "userIdentifier": "email"
-  }
-}
--- a/bruno/IDP/Generate
+++ b/bruno/IDP/Generate
@@ -1,11 +0,0 @@
-meta {
-  name: Generate OIDC URL
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1
-  body: none
-  auth: inherit
-}
--- a/bruno/IDP/folder.bru
+++ b/bruno/IDP/folder.bru
@@ -1,3 +0,0 @@
-meta {
-  name: IDP
-}
--- a/bruno/Internal/Traefik
+++ b/bruno/Internal/Traefik
@@ -1,11 +0,0 @@
-meta {
-  name: Traefik Config
-  type: http
-  seq: 1
-}
-
-get {
-  url: http://localhost:3001/api/v1/traefik-config
-  body: none
-  auth: inherit
-}
--- a/bruno/Internal/folder.bru
+++ b/bruno/Internal/folder.bru
@@ -1,3 +0,0 @@
-meta {
-  name: Internal
-}
--- a/bruno/Newt/Create
+++ b/bruno/Newt/Create
@@ -1,11 +0,0 @@
-meta {
-  name: Create Newt
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/newt
-  body: none
-  auth: none
-}
--- a/bruno/Newt/Get
+++ b/bruno/Newt/Get
@@ -1,18 +0,0 @@
-meta {
-  name: Get Token
-  type: http
-  seq: 1
-}
-
-get {
-  url: http://localhost:3000/api/v1/auth/newt/get-token
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-   "newtId": "o0d4rdxq3stnz7b",
-    "secret": "sy7l09fnaesd03iwrfp9m3qf0ryn19g0zf3dqieaazb4k7vk"
-  }
-}
--- a/bruno/Olm/createOlm.bru
+++ b/bruno/Olm/createOlm.bru
@@ -1,15 +0,0 @@
-meta {
-  name: createOlm
-  type: http
-  seq: 1
-}
-
-put {
-  url: http://localhost:3000/api/v1/olm
-  body: none
-  auth: inherit
-}
-
-settings {
-  encodeUrl: true
-}
--- a/bruno/Olm/folder.bru
+++ b/bruno/Olm/folder.bru
@@ -1,8 +0,0 @@
-meta {
-  name: Olm
-  seq: 15
-}
-
-auth {
-  mode: inherit
-}
--- a/bruno/Orgs/Check
+++ b/bruno/Orgs/Check
@@ -1,11 +0,0 @@
-meta {
-  name: Check Id
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/org/checkId
-  body: none
-  auth: none
-}
--- a/bruno/Orgs/listOrgs.bru
+++ b/bruno/Orgs/listOrgs.bru
@@ -1,11 +0,0 @@
-meta {
-  name: listOrgs
-  type: http
-  seq: 1
-}
-
-get {
-  url: 
-  body: none
-  auth: none
-}
--- a/Node/createRemoteExitNode.bru
+++ b/Node/createRemoteExitNode.bru
@@ -1,11 +0,0 @@
-meta {
-  name: createRemoteExitNode
-  type: http
-  seq: 1
-}
-
-put {
-  url: http://localhost:4000/api/v1/org/org_i21aifypnlyxur2/remote-exit-node
-  body: none
-  auth: none
-}
--- a/bruno/Resources/listResourcesByOrg.bru
+++ b/bruno/Resources/listResourcesByOrg.bru
@@ -1,11 +0,0 @@
-meta {
-  name: listResourcesByOrg
-  type: http
-  seq: 1
-}
-
-get {
-  url: 
-  body: none
-  auth: none
-}
--- a/bruno/Resources/listResourcesBySite.bru
+++ b/bruno/Resources/listResourcesBySite.bru
@@ -1,16 +0,0 @@
-meta {
-  name: listResourcesBySite
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/site/1/resources?limit=10&offset=0
-  body: none
-  auth: none
-}
-
-params:query {
-  limit: 10
-  offset: 0
-}
--- a/bruno/Sites/Get
+++ b/bruno/Sites/Get
@@ -1,11 +0,0 @@
-meta {
-  name: Get Site
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/org/test/sites/mexican-mole-lizard-windy
-  body: none
-  auth: none
-}
--- a/bruno/Sites/listSites.bru
+++ b/bruno/Sites/listSites.bru
@@ -1,11 +0,0 @@
-meta {
-  name: listSites
-  type: http
-  seq: 1
-}
-
-get {
-  url: 
-  body: none
-  auth: none
-}
--- a/bruno/Targets/listTargets.bru
+++ b/bruno/Targets/listTargets.bru
@@ -1,16 +0,0 @@
-meta {
-  name: listTargets
-  type: http
-  seq: 1
-}
-
-get {
-  url: http://localhost:3000/api/v1/resource/web.main.localhost/targets?limit=10&offset=0
-  body: none
-  auth: none
-}
-
-params:query {
-  limit: 10
-  offset: 0
-}
--- a/bruno/Test.bru
+++ b/bruno/Test.bru
@@ -1,11 +0,0 @@
-meta {
-  name: Test
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1
-  body: none
-  auth: inherit
-}
--- a/bruno/Traefik/traefik-config.bru
+++ b/bruno/Traefik/traefik-config.bru
@@ -1,11 +0,0 @@
-meta {
-  name: traefik-config
-  type: http
-  seq: 1
-}
-
-get {
-  url: http://localhost:3001/api/v1/traefik-config
-  body: none
-  auth: none
-}
--- a/bruno/Users/adminListUsers.bru
+++ b/bruno/Users/adminListUsers.bru
@@ -1,11 +0,0 @@
-meta {
-  name: adminListUsers
-  type: http
-  seq: 2
-}
-
-get {
-  url: http://localhost:3000/api/v1/users
-  body: none
-  auth: none
-}
--- a/bruno/Users/adminRemoveUser.bru
+++ b/bruno/Users/adminRemoveUser.bru
@@ -1,11 +0,0 @@
-meta {
-  name: adminRemoveUser
-  type: http
-  seq: 3
-}
-
-delete {
-  url: http://localhost:3000/api/v1/user/ky5r7ivqs8wc7u4
-  body: none
-  auth: none
-}
--- a/bruno/Users/getUser.bru
+++ b/bruno/Users/getUser.bru
@@ -1,11 +0,0 @@
-meta {
-  name: getUser
-  type: http
-  seq: 1
-}
-
-get {
-  url: 
-  body: none
-  auth: none
-}
--- a/bruno/bruno.json
+++ b/bruno/bruno.json
@@ -1,13 +0,0 @@
-{
-  "version": "1",
-  "name": "Pangolin",
-  "type": "collection",
-  "ignore": [
-    "node_modules",
-    ".git"
-  ],
-  "presets": {
-    "requestType": "http",
-    "requestUrl": "http://localhost:3000/api/v1"
-  }
-}
--- a/cli/commands/clearCertificates.ts
+++ b/cli/commands/clearCertificates.ts
@@ -0,0 +1,28 @@
+import { CommandModule } from "yargs";
+import { db, certificates } from "@server/db";
+
+type ClearCertificatesArgs = {};
+
+export const clearCertificates: CommandModule<{}, ClearCertificatesArgs> = {
+    command: "clear-certificates",
+    describe: "Delete all entries from the certificates table",
+    builder: (yargs) => {
+        return yargs;
+    },
+    handler: async (argv: {}) => {
+        try {
+            console.log("Clearing all certificates from the database...");
+
+            const deleted = await db.delete(certificates).returning();
+
+            console.log(
+                `Deleted ${deleted.length} certificate(s) from the database`
+            );
+
+            process.exit(0);
+        } catch (error) {
+            console.error("Error:", error);
+            process.exit(1);
+        }
+    }
+};
--- a/cli/commands/generateOrgCaKeys.ts
+++ b/cli/commands/generateOrgCaKeys.ts
@@ -0,0 +1,121 @@
+import { CommandModule } from "yargs";
+import { db, orgs } from "@server/db";
+import { eq } from "drizzle-orm";
+import { encrypt } from "@server/lib/crypto";
+import { configFilePath1, configFilePath2 } from "@server/lib/consts";
+import { generateCA } from "@server/lib/sshCA";
+import fs from "fs";
+import yaml from "js-yaml";
+
+type GenerateOrgCaKeysArgs = {
+    orgId: string;
+    secret?: string;
+    force?: boolean;
+};
+
+export const generateOrgCaKeys: CommandModule<{}, GenerateOrgCaKeysArgs> = {
+    command: "generate-org-ca-keys",
+    describe:
+        "Generate SSH CA public/private key pair for an organization and store them in the database (private key encrypted with server secret)",
+    builder: (yargs) => {
+        return yargs
+            .option("orgId", {
+                type: "string",
+                demandOption: true,
+                describe: "The organization ID"
+            })
+            .option("secret", {
+                type: "string",
+                describe:
+                    "Server secret used to encrypt the CA private key. If omitted, read from config file (config.yml or config.yaml)."
+            })
+            .option("force", {
+                type: "boolean",
+                default: false,
+                describe:
+                    "Overwrite existing CA keys for the org if they already exist"
+            });
+    },
+    handler: async (argv: {
+        orgId: string;
+        secret?: string;
+        force?: boolean;
+    }) => {
+        try {
+            const { orgId, force } = argv;
+            let secret = argv.secret;
+
+            if (!secret) {
+                const configPath = fs.existsSync(configFilePath1)
+                    ? configFilePath1
+                    : fs.existsSync(configFilePath2)
+                      ? configFilePath2
+                      : null;
+
+                if (!configPath) {
+                    console.error(
+                        "Error: No server secret provided and config file not found. " +
+                            "Expected config.yml or config.yaml in the config directory, or pass --secret."
+                    );
+                    process.exit(1);
+                }
+
+                const configContent = fs.readFileSync(configPath, "utf8");
+                const config = yaml.load(configContent) as {
+                    server?: { secret?: string };
+                };
+
+                if (!config?.server?.secret) {
+                    console.error(
+                        "Error: No server.secret in config file. Pass --secret or set server.secret in config."
+                    );
+                    process.exit(1);
+                }
+                secret = config.server.secret;
+            }
+
+            const [org] = await db
+                .select({
+                    orgId: orgs.orgId,
+                    sshCaPrivateKey: orgs.sshCaPrivateKey,
+                    sshCaPublicKey: orgs.sshCaPublicKey
+                })
+                .from(orgs)
+                .where(eq(orgs.orgId, orgId))
+                .limit(1);
+
+            if (!org) {
+                console.error(`Error: Organization with orgId "${orgId}" not found.`);
+                process.exit(1);
+            }
+
+            if (org.sshCaPrivateKey != null || org.sshCaPublicKey != null) {
+                if (!force) {
+                    console.error(
+                        "Error: This organization already has CA keys. Use --force to overwrite."
+                    );
+                    process.exit(1);
+                }
+            }
+
+            const ca = generateCA(`pangolin-ssh-ca-${orgId}`);
+            const encryptedPrivateKey = encrypt(ca.privateKeyPem, secret);
+
+            await db
+                .update(orgs)
+                .set({
+                    sshCaPrivateKey: encryptedPrivateKey,
+                    sshCaPublicKey: ca.publicKeyOpenSSH
+                })
+                .where(eq(orgs.orgId, orgId));
+
+            console.log("SSH CA keys generated and stored for org:", orgId);
+            console.log("\nPublic key (OpenSSH format):");
+            console.log(ca.publicKeyOpenSSH);
+            process.exit(0);
+        } catch (error) {
+            console.error("Error generating org CA keys:", error);
+            process.exit(1);
+        }
+    }
+};
--- a/cli/commands/rotateServerSecret.ts
+++ b/cli/commands/rotateServerSecret.ts
@@ -1,5 +1,5 @@
 import { CommandModule } from "yargs";
-import { db, idpOidcConfig, licenseKey } from "@server/db";
+import { db, idpOidcConfig, licenseKey, certificates, eventStreamingDestinations, alertWebhookActions } from "@server/db";
 import { encrypt, decrypt } from "@server/lib/crypto";
 import { configFilePath1, configFilePath2 } from "@server/lib/consts";
 import { eq } from "drizzle-orm";
@@ -129,9 +129,15 @@ export const rotateServerSecret: CommandModule<
            console.log("\nReading encrypted data from database...");
            const idpConfigs = await db.select().from(idpOidcConfig);
            const licenseKeys = await db.select().from(licenseKey);
+            const certs = await db.select().from(certificates);
+            const streamingDestinations = await db.select().from(eventStreamingDestinations);
+            const webhookActions = await db.select().from(alertWebhookActions);

            console.log(`Found ${idpConfigs.length} OIDC IdP configuration(s)`);
            console.log(`Found ${licenseKeys.length} license key(s)`);
+            console.log(`Found ${certs.length} certificate(s)`);
+            console.log(`Found ${streamingDestinations.length} event streaming destination(s)`);
+            console.log(`Found ${webhookActions.length} alert webhook action(s)`);

            // Prepare all decrypted and re-encrypted values
            console.log("\nDecrypting and re-encrypting values...");
@@ -149,8 +155,27 @@ export const rotateServerSecret: CommandModule<
                encryptedInstanceId: string;
            };

+            type CertUpdate = {
+                certId: number;
+                encryptedCertFile: string | null;
+                encryptedKeyFile: string | null;
+            };
+
+            type StreamingDestinationUpdate = {
+                destinationId: number;
+                encryptedConfig: string;
+            };
+
+            type WebhookActionUpdate = {
+                webhookActionId: number;
+                encryptedConfig: string;
+            };
+
            const idpUpdates: IdpUpdate[] = [];
            const licenseKeyUpdates: LicenseKeyUpdate[] = [];
+            const certUpdates: CertUpdate[] = [];
+            const streamingDestinationUpdates: StreamingDestinationUpdate[] = [];
+            const webhookActionUpdates: WebhookActionUpdate[] = [];

            // Process idpOidcConfig entries
            for (const idpConfig of idpConfigs) {
@@ -217,6 +242,70 @@ export const rotateServerSecret: CommandModule<
                }
            }

+            // Process certificate entries
+            for (const cert of certs) {
+                try {
+                    const encryptedCertFile = cert.certFile
+                        ? encrypt(decrypt(cert.certFile, oldSecret), newSecret)
+                        : null;
+                    const encryptedKeyFile = cert.keyFile
+                        ? encrypt(decrypt(cert.keyFile, oldSecret), newSecret)
+                        : null;
+
+                    certUpdates.push({
+                        certId: cert.certId,
+                        encryptedCertFile,
+                        encryptedKeyFile
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing certificate ${cert.certId} (${cert.domain}):`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
+            // Process eventStreamingDestinations entries
+            for (const dest of streamingDestinations) {
+                try {
+                    const decryptedConfig = decrypt(dest.config, oldSecret);
+                    const encryptedConfig = encrypt(decryptedConfig, newSecret);
+
+                    streamingDestinationUpdates.push({
+                        destinationId: dest.destinationId,
+                        encryptedConfig
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing event streaming destination ${dest.destinationId}:`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
+            // Process alertWebhookActions entries
+            for (const webhook of webhookActions) {
+                try {
+                    if (webhook.config == null) continue;
+
+                    const decryptedConfig = decrypt(webhook.config, oldSecret);
+                    const encryptedConfig = encrypt(decryptedConfig, newSecret);
+
+                    webhookActionUpdates.push({
+                        webhookActionId: webhook.webhookActionId,
+                        encryptedConfig
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing alert webhook action ${webhook.webhookActionId}:`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
            // Perform all database updates in a single transaction
            console.log("\nUpdating database in transaction...");
            await db.transaction(async (trx) => {
@@ -250,10 +339,50 @@ export const rotateServerSecret: CommandModule<
                        instanceId: update.encryptedInstanceId
                    });
                }
+
+                // Update certificate entries
+                for (const update of certUpdates) {
+                    await trx
+                        .update(certificates)
+                        .set({
+                            certFile: update.encryptedCertFile,
+                            keyFile: update.encryptedKeyFile
+                        })
+                        .where(eq(certificates.certId, update.certId));
+                }
+
+                // Update event streaming destination entries
+                for (const update of streamingDestinationUpdates) {
+                    await trx
+                        .update(eventStreamingDestinations)
+                        .set({ config: update.encryptedConfig })
+                        .where(
+                            eq(
+                                eventStreamingDestinations.destinationId,
+                                update.destinationId
+                            )
+                        );
+                }
+
+                // Update alert webhook action entries
+                for (const update of webhookActionUpdates) {
+                    await trx
+                        .update(alertWebhookActions)
+                        .set({ config: update.encryptedConfig })
+                        .where(
+                            eq(
+                                alertWebhookActions.webhookActionId,
+                                update.webhookActionId
+                            )
+                        );
+                }
            });

            console.log(`Rotated ${idpUpdates.length} OIDC IdP configuration(s)`);
            console.log(`Rotated ${licenseKeyUpdates.length} license key(s)`);
+            console.log(`Rotated ${certUpdates.length} certificate(s)`);
+            console.log(`Rotated ${streamingDestinationUpdates.length} event streaming destination(s)`);
+            console.log(`Rotated ${webhookActionUpdates.length} alert webhook action(s)`);

            // Update config file with new secret
            console.log("\nUpdating config file...");
@@ -270,6 +399,9 @@ export const rotateServerSecret: CommandModule<
            console.log(`\nSummary:`);
            console.log(`  - OIDC IdP configurations: ${idpUpdates.length}`);
            console.log(`  - License keys: ${licenseKeyUpdates.length}`);
+            console.log(`  - Certificates: ${certUpdates.length}`);
+            console.log(`  - Event streaming destinations: ${streamingDestinationUpdates.length}`);
+            console.log(`  - Alert webhook actions: ${webhookActionUpdates.length}`);
            console.log(
                `\n  IMPORTANT: Restart the server for the new secret to take effect.`
            );
--- a/cli/index.ts
+++ b/cli/index.ts
@@ -8,6 +8,8 @@ import { clearExitNodes } from "./commands/clearExitNodes";
 import { rotateServerSecret } from "./commands/rotateServerSecret";
 import { clearLicenseKeys } from "./commands/clearLicenseKeys";
 import { deleteClient } from "./commands/deleteClient";
+import { generateOrgCaKeys } from "./commands/generateOrgCaKeys";
+import { clearCertificates } from "./commands/clearCertificates";

 yargs(hideBin(process.argv))
    .scriptName("pangctl")
@@ -17,5 +19,7 @@ yargs(hideBin(process.argv))
    .command(rotateServerSecret)
    .command(clearLicenseKeys)
    .command(deleteClient)
+    .command(generateOrgCaKeys)
+    .command(clearCertificates)
    .demandCommand()
    .help().argv;
--- a/config/db/.gitignore
+++ b/config/db/.gitignore
@@ -0,0 +1 @@
+*-journal
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -4,6 +4,12 @@ services:
    image: fosrl/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1g
+        reservations:
+          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
--- a/docker-compose.mailpit.yml
+++ b/docker-compose.mailpit.yml
@@ -0,0 +1,12 @@
+services:
+  mailer:
+    image: axllent/mailpit
+    ports:
+      - 8025:8025
+      - 1025:1025
+    volumes:
+      - mailpit-storage:/data
+    environment:
+      - MP_DATABASE=/data/mailpit.db
+volumes:
+  mailpit-storage:
--- a/docker-compose.pgr.yml
+++ b/docker-compose.pgr.yml
@@ -7,8 +7,8 @@ services:
      POSTGRES_DB: postgres # Default database name
      POSTGRES_USER: postgres # Default user
      POSTGRES_PASSWORD: password # Default password (change for production!)
-    # volumes:
-    #   - ./config/postgres:/var/lib/postgresql/data
+    volumes:
+      - ./config/postgres:/var/lib/postgresql/data
    ports:
      - "5432:5432" # Map host port 5432 to container port 5432
    restart: no
--- a/install/Makefile
+++ b/install/Makefile
@@ -1,41 +1,24 @@
-all: update-versions go-build-release put-back
-dev-all: dev-update-versions dev-build dev-clean
+all: go-build-release
+
+# Build with version injection via ldflags
+# Versions can be passed via: make go-build-release PANGOLIN_VERSION=x.x.x GERBIL_VERSION=x.x.x BADGER_VERSION=x.x.x
+# Or fetched automatically if not provided (requires curl and jq)
+
+PANGOLIN_VERSION ?= $(shell curl -s https://api.github.com/repos/fosrl/pangolin/tags | jq -r '.[0].name')
+GERBIL_VERSION ?= $(shell curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name')
+BADGER_VERSION ?= $(shell curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name')
+
+LDFLAGS = -X main.pangolinVersion=$(PANGOLIN_VERSION) \
+          -X main.gerbilVersion=$(GERBIL_VERSION) \
+          -X main.badgerVersion=$(BADGER_VERSION)

 go-build-release:
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/installer_linux_amd64
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/installer_linux_arm64
+	@echo "Building with versions - Pangolin: $(PANGOLIN_VERSION), Gerbil: $(GERBIL_VERSION), Badger: $(BADGER_VERSION)"
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o bin/installer_linux_amd64
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$(LDFLAGS)" -o bin/installer_linux_arm64

 clean:
 	rm -f bin/installer_linux_amd64
 	rm -f bin/installer_linux_arm64

-update-versions:
-	@echo "Fetching latest versions..."
-	cp main.go main.go.bak && \
-	$(MAKE) dev-update-versions
-
-put-back:
-	mv main.go.bak main.go
-
-dev-update-versions:
-	if [ -z "$(tag)" ]; then \
-		PANGOLIN_VERSION=$$(curl -s https://api.github.com/repos/fosrl/pangolin/tags | jq -r '.[0].name'); \
-	else \
-		PANGOLIN_VERSION=$(tag); \
-	fi && \
-	GERBIL_VERSION=$$(curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name') && \
-	BADGER_VERSION=$$(curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name') && \
-	echo "Latest versions - Pangolin: $$PANGOLIN_VERSION, Gerbil: $$GERBIL_VERSION, Badger: $$BADGER_VERSION" && \
-	sed -i "s/config.PangolinVersion = \".*\"/config.PangolinVersion = \"$$PANGOLIN_VERSION\"/" main.go && \
-	sed -i "s/config.GerbilVersion = \".*\"/config.GerbilVersion = \"$$GERBIL_VERSION\"/" main.go && \
-	sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"$$BADGER_VERSION\"/" main.go && \
-	echo "Updated main.go with latest versions"
-
-dev-build: go-build-release
-
-dev-clean:
-	@echo "Restoring version values ..."
-	sed -i "s/config.PangolinVersion = \".*\"/config.PangolinVersion = \"replaceme\"/" main.go && \
-	sed -i "s/config.GerbilVersion = \".*\"/config.GerbilVersion = \"replaceme\"/" main.go && \
-	sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"replaceme\"/" main.go
-	@echo "Restored version strings in main.go"
+.PHONY: all go-build-release clean
--- a/install/config.go
+++ b/install/config.go
@@ -99,11 +99,6 @@ func ReadAppConfig(configPath string) (*AppConfigValues, error) {
 	return values, nil
 }

-// findPattern finds the start of a pattern in a string
-func findPattern(s, pattern string) int {
-	return bytes.Index([]byte(s), []byte(pattern))
-}
-
 func copyDockerService(sourceFile, destFile, serviceName string) error {
 	// Read source file
 	sourceData, err := os.ReadFile(sourceFile)
@@ -118,19 +113,19 @@ func copyDockerService(sourceFile, destFile, serviceName string) error {
 	}

 	// Parse source Docker Compose YAML
-	var sourceCompose map[string]interface{}
+	var sourceCompose map[string]any
 	if err := yaml.Unmarshal(sourceData, &sourceCompose); err != nil {
 		return fmt.Errorf("error parsing source Docker Compose file: %w", err)
 	}

 	// Parse destination Docker Compose YAML
-	var destCompose map[string]interface{}
+	var destCompose map[string]any
 	if err := yaml.Unmarshal(destData, &destCompose); err != nil {
 		return fmt.Errorf("error parsing destination Docker Compose file: %w", err)
 	}

 	// Get services section from source
-	sourceServices, ok := sourceCompose["services"].(map[string]interface{})
+	sourceServices, ok := sourceCompose["services"].(map[string]any)
 	if !ok {
 		return fmt.Errorf("services section not found in source file or has invalid format")
 	}
@@ -142,10 +137,10 @@ func copyDockerService(sourceFile, destFile, serviceName string) error {
 	}

 	// Get or create services section in destination
-	destServices, ok := destCompose["services"].(map[string]interface{})
+	destServices, ok := destCompose["services"].(map[string]any)
 	if !ok {
 		// If services section doesn't exist, create it
-		destServices = make(map[string]interface{})
+		destServices = make(map[string]any)
 		destCompose["services"] = destServices
 	}

@@ -187,17 +182,21 @@ func backupConfig() error {
 	return nil
 }

-func MarshalYAMLWithIndent(data interface{}, indent int) ([]byte, error) {
+func MarshalYAMLWithIndent(data any, indent int) (resp []byte, err error) {
 	buffer := new(bytes.Buffer)
 	encoder := yaml.NewEncoder(buffer)
 	encoder.SetIndent(indent)

-	err := encoder.Encode(data)
-	if err != nil {
+	if err := encoder.Encode(data); err != nil {
 		return nil, err
 	}

-	defer encoder.Close()
+	defer func() {
+		if cerr := encoder.Close(); cerr != nil && err == nil {
+			err = cerr
+		}
+	}()
+
 	return buffer.Bytes(), nil
 }

@@ -209,7 +208,7 @@ func replaceInFile(filepath, oldStr, newStr string) error {
 	}

 	// Replace the string
-	newContent := strings.Replace(string(content), oldStr, newStr, -1)
+	newContent := strings.ReplaceAll(string(content), oldStr, newStr)

 	// Write the modified content back to the file
 	err = os.WriteFile(filepath, []byte(newContent), 0644)
@@ -228,28 +227,28 @@ func CheckAndAddTraefikLogVolume(composePath string) error {
 	}

 	// Parse YAML into a generic map
-	var compose map[string]interface{}
+	var compose map[string]any
 	if err := yaml.Unmarshal(data, &compose); err != nil {
 		return fmt.Errorf("error parsing compose file: %w", err)
 	}

 	// Get services section
-	services, ok := compose["services"].(map[string]interface{})
+	services, ok := compose["services"].(map[string]any)
 	if !ok {
 		return fmt.Errorf("services section not found or invalid")
 	}

 	// Get traefik service
-	traefik, ok := services["traefik"].(map[string]interface{})
+	traefik, ok := services["traefik"].(map[string]any)
 	if !ok {
 		return fmt.Errorf("traefik service not found or invalid")
 	}

 	// Check volumes
 	logVolume := "./config/traefik/logs:/var/log/traefik"
-	var volumes []interface{}
+	var volumes []any

-	if existingVolumes, ok := traefik["volumes"].([]interface{}); ok {
+	if existingVolumes, ok := traefik["volumes"].([]any); ok {
 		// Check if volume already exists
 		for _, v := range existingVolumes {
 			if v.(string) == logVolume {
@@ -295,13 +294,13 @@ func MergeYAML(baseFile, overlayFile string) error {
 	}

 	// Parse base YAML into a map
-	var baseMap map[string]interface{}
+	var baseMap map[string]any
 	if err := yaml.Unmarshal(baseContent, &baseMap); err != nil {
 		return fmt.Errorf("error parsing base YAML: %v", err)
 	}

 	// Parse overlay YAML into a map
-	var overlayMap map[string]interface{}
+	var overlayMap map[string]any
 	if err := yaml.Unmarshal(overlayContent, &overlayMap); err != nil {
 		return fmt.Errorf("error parsing overlay YAML: %v", err)
 	}
@@ -324,8 +323,8 @@ func MergeYAML(baseFile, overlayFile string) error {
 }

 // mergeMap recursively merges two maps
-func mergeMap(base, overlay map[string]interface{}) map[string]interface{} {
-	result := make(map[string]interface{})
+func mergeMap(base, overlay map[string]any) map[string]any {
+	result := make(map[string]any)

 	// Copy all key-values from base map
 	for k, v := range base {
@@ -336,8 +335,8 @@ func mergeMap(base, overlay map[string]interface{}) map[string]interface{} {
 	for k, v := range overlay {
 		// If both maps have the same key and both values are maps, merge recursively
 		if baseVal, ok := base[k]; ok {
-			if baseMap, isBaseMap := baseVal.(map[string]interface{}); isBaseMap {
-				if overlayMap, isOverlayMap := v.(map[string]interface{}); isOverlayMap {
+			if baseMap, isBaseMap := baseVal.(map[string]any); isBaseMap {
+				if overlayMap, isOverlayMap := v.(map[string]any); isOverlayMap {
 					result[k] = mergeMap(baseMap, overlayMap)
 					continue
 				}
--- a/install/config/crowdsec/traefik_config.yml
+++ b/install/config/crowdsec/traefik_config.yml
@@ -81,11 +81,19 @@ entryPoints:
    transport:
      respondingTimeouts:
        readTimeout: "30m"
+    http3:
+      advertisedPort: 443
    http:
      tls:
        certResolver: "letsencrypt"
-      middlewares: 
+      middlewares:
        - crowdsec@file
+      encodedCharacters:
+        allowEncodedSlash: true
+        allowEncodedQuestionMark: true

 serversTransport:
-  insecureSkipVerify: true
+  insecureSkipVerify: true
+
+ping:
+  entryPoint: "web"
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -4,6 +4,12 @@ services:
    image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
    container_name: pangolin
    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1g
+        reservations:
+          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
@@ -32,15 +38,14 @@ services:
      - 51820:51820/udp
      - 21820:21820/udp
      - 443:443
+      - 443:443/udp # For http3 QUIC if desired
      - 80:80
 {{end}}
  traefik:
    image: docker.io/traefik:v3.6
    container_name: traefik
    restart: unless-stopped
-{{if .InstallGerbil}}
-    network_mode: service:gerbil # Ports appear on the gerbil service
-{{end}}{{if not .InstallGerbil}}
+{{if .InstallGerbil}}    network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
    ports:
      - 443:443
      - 80:80
--- a/install/config/traefik/traefik_config.yml
+++ b/install/config/traefik/traefik_config.yml
@@ -40,6 +40,8 @@ entryPoints:
    transport:
      respondingTimeouts:
        readTimeout: "30m"
+    http3:
+      advertisedPort: 443
    http:
      tls:
        certResolver: "letsencrypt"
--- a/install/containers.go
+++ b/install/containers.go
@@ -144,12 +144,13 @@ func installDocker() error {
 }

 func startDockerService() error {
-	if runtime.GOOS == "linux" {
+	switch runtime.GOOS {
+	case "linux":
 		cmd := exec.Command("systemctl", "enable", "--now", "docker")
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 		return cmd.Run()
-	} else if runtime.GOOS == "darwin" {
+	case "darwin":
 		// On macOS, Docker is usually started via the Docker Desktop application
 		fmt.Println("Please start Docker Desktop manually on macOS.")
 		return nil
@@ -302,7 +303,7 @@ func pullContainers(containerType SupportedContainer) error {
 		return nil
 	}

-	return fmt.Errorf("Unsupported container type: %s", containerType)
+	return fmt.Errorf("unsupported container type: %s", containerType)
 }

 // startContainers starts the containers using the appropriate command.
@@ -325,7 +326,7 @@ func startContainers(containerType SupportedContainer) error {
 		return nil
 	}

-	return fmt.Errorf("Unsupported container type: %s", containerType)
+	return fmt.Errorf("unsupported container type: %s", containerType)
 }

 // stopContainers stops the containers using the appropriate command.
@@ -347,7 +348,7 @@ func stopContainers(containerType SupportedContainer) error {
 		return nil
 	}

-	return fmt.Errorf("Unsupported container type: %s", containerType)
+	return fmt.Errorf("unsupported container type: %s", containerType)
 }

 // restartContainer restarts a specific container using the appropriate command.
@@ -369,5 +370,5 @@ func restartContainer(container string, containerType SupportedContainer) error
 		return nil
 	}

-	return fmt.Errorf("Unsupported container type: %s", containerType)
+	return fmt.Errorf("unsupported container type: %s", containerType)
 }
--- a/install/crowdsec.go
+++ b/install/crowdsec.go
@@ -6,12 +6,13 @@ import (
 	"log"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"

 	"gopkg.in/yaml.v3"
 )

-func installCrowdsec(config Config) error {
+func installCrowdsec(config Config, installDir string) error {

 	if err := stopContainers(config.InstallationContainerType); err != nil {
 		return fmt.Errorf("failed to stop containers: %v", err)
@@ -27,9 +28,20 @@ func installCrowdsec(config Config) error {
 		os.Exit(1)
 	}

-	os.MkdirAll("config/crowdsec/db", 0755)
-	os.MkdirAll("config/crowdsec/acquis.d", 0755)
-	os.MkdirAll("config/traefik/logs", 0755)
+	if err := os.MkdirAll("config/crowdsec/db", 0755); err != nil {
+		fmt.Printf("Error creating config files: %v\n", err)
+		os.Exit(1)
+	}
+	if err := os.MkdirAll("config/crowdsec/acquis.d", 0755); err != nil {
+		fmt.Printf("Error creating config files: %v\n", err)
+		os.Exit(1)
+	}
+	if err := os.MkdirAll("config/traefik/logs", 0755); err != nil {
+		fmt.Printf("Error creating config files: %v\n", err)
+		os.Exit(1)
+	}
+
+	setupTraefikLogRotate(installDir)

 	if err := copyDockerService("config/crowdsec/docker-compose.yml", "docker-compose.yml", "crowdsec"); err != nil {
 		fmt.Printf("Error copying docker service: %v\n", err)
@@ -153,34 +165,34 @@ func CheckAndAddCrowdsecDependency(composePath string) error {
 	}

 	// Parse YAML into a generic map
-	var compose map[string]interface{}
+	var compose map[string]any
 	if err := yaml.Unmarshal(data, &compose); err != nil {
 		return fmt.Errorf("error parsing compose file: %w", err)
 	}

 	// Get services section
-	services, ok := compose["services"].(map[string]interface{})
+	services, ok := compose["services"].(map[string]any)
 	if !ok {
 		return fmt.Errorf("services section not found or invalid")
 	}

 	// Get traefik service
-	traefik, ok := services["traefik"].(map[string]interface{})
+	traefik, ok := services["traefik"].(map[string]any)
 	if !ok {
 		return fmt.Errorf("traefik service not found or invalid")
 	}

 	// Get dependencies
-	dependsOn, ok := traefik["depends_on"].(map[string]interface{})
+	dependsOn, ok := traefik["depends_on"].(map[string]any)
 	if ok {
 		// Append the new block for crowdsec
-		dependsOn["crowdsec"] = map[string]interface{}{
+		dependsOn["crowdsec"] = map[string]any{
 			"condition": "service_healthy",
 		}
 	} else {
 		// No dependencies exist, create it
-		traefik["depends_on"] = map[string]interface{}{
-			"crowdsec": map[string]interface{}{
+		traefik["depends_on"] = map[string]any{
+			"crowdsec": map[string]any{
 				"condition": "service_healthy",
 			},
 		}
@@ -199,3 +211,69 @@ func CheckAndAddCrowdsecDependency(composePath string) error {
 	fmt.Println("Added dependency of crowdsec to traefik")
 	return nil
 }
+
+// setupTraefikLogRotate writes a logrotate config for the Traefik access log
+// that CrowdSec depends on. This is only needed when CrowdSec is installed
+// because the default Pangolin install does not enable Traefik access logs.
+//
+// copytruncate is used so Traefik does not need to be restarted or sent a
+// signal after rotation — it keeps writing to the same file descriptor while
+// the rotated copy is made and the original is truncated in place.
+func setupTraefikLogRotate(installDir string) {
+	const logrotateDir = "/etc/logrotate.d"
+	const logrotateFile = "/etc/logrotate.d/pangolin-traefik"
+
+	logPath := filepath.Join(installDir, "config/traefik/logs/access.log")
+
+	if os.Geteuid() != 0 {
+		fmt.Println("\n[logrotate] Skipping automatic logrotate setup: not running as root.")
+		fmt.Println("[logrotate] To prevent unbounded growth of the Traefik access log used by CrowdSec,")
+		fmt.Println("[logrotate] create the file /etc/logrotate.d/pangolin-traefik manually with:")
+		printLogrotateConfig(logPath)
+		return
+	}
+
+	config := fmt.Sprintf(`# Logrotate config for Traefik access logs used by CrowdSec.
+# Generated by the Pangolin installer. Safe to edit.
+%s {
+    daily
+    rotate 7
+    compress
+    delaycompress
+    missingok
+    notifempty
+    copytruncate
+}
+`, logPath)
+
+	if err := os.MkdirAll(logrotateDir, 0755); err != nil {
+		fmt.Printf("[logrotate] Warning: could not create %s: %v\n", logrotateDir, err)
+		return
+	}
+
+	if err := os.WriteFile(logrotateFile, []byte(config), 0644); err != nil {
+		fmt.Printf("[logrotate] Warning: could not write %s: %v\n", logrotateFile, err)
+		fmt.Println("[logrotate] Set it up manually:")
+		printLogrotateConfig(logPath)
+		return
+	}
+
+	fmt.Printf("[logrotate] Wrote logrotate config to %s\n", logrotateFile)
+	fmt.Println("[logrotate] Traefik access logs will be rotated daily, keeping 7 compressed copies.")
+}
+
+// printLogrotateConfig prints a logrotate config block to stdout so users can
+// set it up manually when the installer cannot write to /etc.
+func printLogrotateConfig(logPath string) {
+	fmt.Printf(`
+  %s {
+      daily
+      rotate 7
+      compress
+      delaycompress
+      missingok
+      notifempty
+      copytruncate
+  }
+`, logPath)
+}
--- a/install/go.mod
+++ b/install/go.mod
@@ -1,10 +1,38 @@
 module installer

-go 1.24.0
+go 1.25.0

 require (
-	golang.org/x/term v0.39.0
+	github.com/charmbracelet/huh v1.0.0
+	github.com/charmbracelet/lipgloss v1.1.0
+	golang.org/x/term v0.42.0
 	gopkg.in/yaml.v3 v3.0.1
 )

-require golang.org/x/sys v0.40.0 // indirect
+require (
+	github.com/atotto/clipboard v0.1.4 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/catppuccin/go v0.3.0 // indirect
+	github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 // indirect
+	github.com/charmbracelet/bubbletea v1.3.6 // indirect
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/x/ansi v0.9.3 // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
+	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
+	github.com/charmbracelet/x/term v0.2.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-localereader v0.0.1 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
+	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
+	github.com/muesli/cancelreader v0.2.2 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	golang.org/x/sync v0.15.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+)
--- a/install/go.sum
+++ b/install/go.sum
@@ -1,7 +1,80 @@
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
+github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
+github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
+github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
+github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/aymanbagabas/go-udiff v0.3.1 h1:LV+qyBQ2pqe0u42ZsUEtPiCaUoqgA9gYRDs3vj1nolY=
+github.com/aymanbagabas/go-udiff v0.3.1/go.mod h1:G0fsKmG+P6ylD0r6N/KgQD/nWzgfnl8ZBcNLgcbrw8E=
+github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
+github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
+github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 h1:JFgG/xnwFfbezlUnFMJy0nusZvytYysV4SCS2cYbvws=
+github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7/go.mod h1:ISC1gtLcVilLOf23wvTfoQuYbW2q0JevFxPfUzZ9Ybw=
+github.com/charmbracelet/bubbletea v1.3.6 h1:VkHIxPJQeDt0aFJIsVxw8BQdh/F/L2KKZGsK6et5taU=
+github.com/charmbracelet/bubbletea v1.3.6/go.mod h1:oQD9VCRQFF8KplacJLo28/jofOI2ToOfGYeFgBBxHOc=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=
+github.com/charmbracelet/huh v1.0.0 h1:wOnedH8G4qzJbmhftTqrpppyqHakl/zbbNdXIWJyIxw=
+github.com/charmbracelet/huh v1.0.0/go.mod h1:5YVc+SlZ1IhQALxRPpkGwwEKftN/+OlJlnJYlDRFqN4=
+github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
+github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
+github.com/charmbracelet/x/ansi v0.9.3 h1:BXt5DHS/MKF+LjuK4huWrC6NCvHtexww7dMayh6GXd0=
+github.com/charmbracelet/x/ansi v0.9.3/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=
+github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k=
+github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
+github.com/charmbracelet/x/conpty v0.1.0 h1:4zc8KaIcbiL4mghEON8D72agYtSeIgq8FSThSPQIb+U=
+github.com/charmbracelet/x/conpty v0.1.0/go.mod h1:rMFsDJoDwVmiYM10aD4bH2XiRgwI7NYJtQgl5yskjEQ=
+github.com/charmbracelet/x/errors v0.0.0-20240508181413-e8d8b6e2de86 h1:JSt3B+U9iqk37QUU2Rvb6DSBYRLtWqFqfxf8l5hOZUA=
+github.com/charmbracelet/x/errors v0.0.0-20240508181413-e8d8b6e2de86/go.mod h1:2P0UgXMEa6TsToMSuFqKFQR+fZTO9CNGUNokkPatT/0=
+github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91 h1:payRxjMjKgx2PaCWLZ4p3ro9y97+TVLZNaRZgJwSVDQ=
+github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
+github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 h1:qko3AQ4gK1MTS/de7F5hPGx6/k1u0w4TeYmBFwzYVP4=
+github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0/go.mod h1:pBhA0ybfXv6hDjQUZ7hk1lVxBiUbupdw5R31yPUViVQ=
+github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
+github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
+github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8JawjaNZY=
+github.com/charmbracelet/x/termios v0.1.1/go.mod h1:rB7fnv1TgOPOyyKRJ9o+AsTU/vK5WHJ2ivHeut/Pcwo=
+github.com/charmbracelet/x/xpty v0.1.2 h1:Pqmu4TEJ8KeA9uSkISKMU3f+C1F6OGBn8ABuGlqCbtI=
+github.com/charmbracelet/x/xpty v0.1.2/go.mod h1:XK2Z0id5rtLWcpeNiMYBccNNBrP2IJnzHI0Lq13Xzq4=
+github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
+github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
+github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
+github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
+github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
+github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
+github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
+github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
+golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/install/input.go
+++ b/install/input.go
@@ -1,92 +1,208 @@
 package main

 import (
-	"bufio"
+	"errors"
 	"fmt"
-	"strings"
-	"syscall"
+	"os"
+	"strconv"

+	"github.com/charmbracelet/huh"
 	"golang.org/x/term"
 )

-func readString(reader *bufio.Reader, prompt string, defaultValue string) string {
+// pangolinTheme is the custom theme using brand colors
+var pangolinTheme = ThemePangolin()
+
+// isAccessibleMode checks if we should use accessible mode (simple prompts)
+// This is true for: non-TTY, TERM=dumb, or ACCESSIBLE env var set
+func isAccessibleMode() bool {
+	// Check if stdin is not a terminal (piped input, CI, etc.)
+	if !term.IsTerminal(int(os.Stdin.Fd())) {
+		return true
+	}
+	// Check for dumb terminal
+	if os.Getenv("TERM") == "dumb" {
+		return true
+	}
+	// Check for explicit accessible mode request
+	if os.Getenv("ACCESSIBLE") != "" {
+		return true
+	}
+	return false
+}
+
+// handleAbort checks if the error is a user abort (Ctrl+C) and exits if so
+func handleAbort(err error) {
+	if err != nil && errors.Is(err, huh.ErrUserAborted) {
+		fmt.Println("\nInstallation cancelled.")
+		os.Exit(0)
+	}
+}
+
+// runField runs a single field with the Pangolin theme, handling accessible mode
+func runField(field huh.Field) error {
+	if isAccessibleMode() {
+		return field.RunAccessible(os.Stdout, os.Stdin)
+	}
+	form := huh.NewForm(huh.NewGroup(field)).WithTheme(pangolinTheme)
+	return form.Run()
+}
+
+func readString(prompt string, defaultValue string) string {
+	var value string
+
+	title := prompt
 	if defaultValue != "" {
-		fmt.Printf("%s (default: %s): ", prompt, defaultValue)
-	} else {
-		fmt.Print(prompt + ": ")
+		title = fmt.Sprintf("%s (default: %s)", prompt, defaultValue)
 	}
-	input, _ := reader.ReadString('\n')
-	input = strings.TrimSpace(input)
-	if input == "" {
-		return defaultValue
-	}
-	return input
-}

-func readStringNoDefault(reader *bufio.Reader, prompt string) string {
-	fmt.Print(prompt + ": ")
-	input, _ := reader.ReadString('\n')
-	return strings.TrimSpace(input)
-}
+	input := huh.NewInput().
+		Title(title).
+		Value(&value)

-func readPassword(prompt string, reader *bufio.Reader) string {
-	if term.IsTerminal(int(syscall.Stdin)) {
-		fmt.Print(prompt + ": ")
-		// Read password without echo if we're in a terminal
-		password, err := term.ReadPassword(int(syscall.Stdin))
-		fmt.Println() // Add a newline since ReadPassword doesn't add one
-		if err != nil {
-			return ""
-		}
-		input := strings.TrimSpace(string(password))
-		if input == "" {
-			return readPassword(prompt, reader)
-		}
-		return input
-	} else {
-		// Fallback to reading from stdin if not in a terminal
-		return readString(reader, prompt, "")
+	// If no default value, this field is required
+	if defaultValue == "" {
+		input = input.Validate(func(s string) error {
+			if s == "" {
+				return fmt.Errorf("this field is required")
+			}
+			return nil
+		})
 	}
-}

-func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
-	defaultStr := "no"
-	if defaultValue {
-		defaultStr = "yes"
-	}
-	for {
-		input := readString(reader, prompt+" (yes/no)", defaultStr)
-		lower := strings.ToLower(input)
-		if lower == "yes" {
-			return true
-		} else if lower == "no" {
-			return false
-		} else {
-			fmt.Println("Please enter 'yes' or 'no'.")
-		}
-	}
-}
+	err := runField(input)
+	handleAbort(err)

-func readBoolNoDefault(reader *bufio.Reader, prompt string) bool {
-	for {
-		input := readStringNoDefault(reader, prompt+" (yes/no)")
-		lower := strings.ToLower(input)
-		if lower == "yes" {
-			return true
-		} else if lower == "no" {
-			return false
-		} else {
-			fmt.Println("Please enter 'yes' or 'no'.")
-		}
+	if value == "" {
+		value = defaultValue
 	}
-}

-func readInt(reader *bufio.Reader, prompt string, defaultValue int) int {
-	input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue))
-	if input == "" {
-		return defaultValue
+	// Print the answer so it remains visible in terminal history (skip in accessible mode as it already shows)
+	if !isAccessibleMode() {
+		fmt.Printf("%s: %s\n", prompt, value)
 	}
-	value := defaultValue
-	fmt.Sscanf(input, "%d", &value)
+
 	return value
 }
+
+func readPassword(prompt string) string {
+	var value string
+
+	for {
+		input := huh.NewInput().
+			Title(prompt).
+			Value(&value).
+			EchoMode(huh.EchoModePassword).
+			Validate(func(s string) error {
+				if s == "" {
+					return fmt.Errorf("password is required")
+				}
+				return nil
+			})
+
+		err := runField(input)
+		handleAbort(err)
+
+		if value != "" {
+			// Print confirmation without revealing the password
+			if !isAccessibleMode() {
+				fmt.Printf("%s: %s\n", prompt, "********")
+			}
+			return value
+		}
+	}
+}
+
+func readBool(prompt string, defaultValue bool) bool {
+	var value = defaultValue
+
+	confirm := huh.NewConfirm().
+		Title(prompt).
+		Value(&value).
+		Affirmative("Yes").
+		Negative("No")
+
+	err := runField(confirm)
+	handleAbort(err)
+
+	// Print the answer so it remains visible in terminal history
+	if !isAccessibleMode() {
+		answer := "No"
+		if value {
+			answer = "Yes"
+		}
+		fmt.Printf("%s: %s\n", prompt, answer)
+	}
+
+	return value
+}
+
+func readBoolNoDefault(prompt string) bool {
+	var value bool
+
+	confirm := huh.NewConfirm().
+		Title(prompt).
+		Value(&value).
+		Affirmative("Yes").
+		Negative("No")
+
+	err := runField(confirm)
+	handleAbort(err)
+
+	// Print the answer so it remains visible in terminal history
+	if !isAccessibleMode() {
+		answer := "No"
+		if value {
+			answer = "Yes"
+		}
+		fmt.Printf("%s: %s\n", prompt, answer)
+	}
+
+	return value
+}
+
+func readInt(prompt string, defaultValue int) int {
+	var value string
+
+	title := fmt.Sprintf("%s (default: %d)", prompt, defaultValue)
+
+	input := huh.NewInput().
+		Title(title).
+		Value(&value).
+		Validate(func(s string) error {
+			if s == "" {
+				return nil
+			}
+			_, err := strconv.Atoi(s)
+			if err != nil {
+				return fmt.Errorf("please enter a valid number")
+			}
+			return nil
+		})
+
+	err := runField(input)
+	handleAbort(err)
+
+	if value == "" {
+		// Print the answer so it remains visible in terminal history
+		if !isAccessibleMode() {
+			fmt.Printf("%s: %d\n", prompt, defaultValue)
+		}
+		return defaultValue
+	}
+
+	result, err := strconv.Atoi(value)
+	if err != nil {
+		if !isAccessibleMode() {
+			fmt.Printf("%s: %d\n", prompt, defaultValue)
+		}
+		return defaultValue
+	}
+
+	// Print the answer so it remains visible in terminal history
+	if !isAccessibleMode() {
+		fmt.Printf("%s: %d\n", prompt, result)
+	}
+
+	return result
+}
--- a/install/main.go
+++ b/install/main.go
@@ -1,30 +1,35 @@
 package main

 import (
-	"bufio"
+	"crypto/rand"
 	"embed"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"io/fs"
-	"crypto/rand"
-	"encoding/base64"
 	"net"
-	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
+	"strconv"
 	"strings"
 	"text/template"
 	"time"
 )

-// DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD
+// Version variables injected at build time via -ldflags
+var (
+	pangolinVersion string
+	gerbilVersion   string
+	badgerVersion   string
+)
+
 func loadVersions(config *Config) {
-	config.PangolinVersion = "replaceme"
-	config.GerbilVersion = "replaceme"
-	config.BadgerVersion = "replaceme"
+	config.PangolinVersion = pangolinVersion
+	config.GerbilVersion = gerbilVersion
+	config.BadgerVersion = badgerVersion
 }

 //go:embed config/*
@@ -82,14 +87,19 @@ func main() {
 		}
 	}

-	reader := bufio.NewReader(os.Stdin)
-
 	var config Config
 	var alreadyInstalled = false

+	// Determine installation directory
+	installDir := findOrSelectInstallDirectory()
+	if err := os.Chdir(installDir); err != nil {
+		fmt.Printf("Error changing to installation directory: %v\n", err)
+		os.Exit(1)
+	}
+
 	// check if there is already a config file
 	if _, err := os.Stat("config/config.yml"); err != nil {
-		config = collectUserInput(reader)
+		config = collectUserInput()

 		loadVersions(&config)
 		config.DoCrowdsecInstall = false
@@ -102,7 +112,10 @@ func main() {
 			os.Exit(1)
 		}

-		moveFile("config/docker-compose.yml", "docker-compose.yml")
+		if err := moveFile("config/docker-compose.yml", "docker-compose.yml"); err != nil {
+			fmt.Printf("Error moving docker-compose.yml: %v\n", err)
+			os.Exit(1)
+		}

 		fmt.Println("\nConfiguration files created successfully!")

@@ -117,13 +130,17 @@ func main() {

 		fmt.Println("\n=== Starting installation ===")

-		if readBool(reader, "Would you like to install and start the containers?", true) {
+		if readBool("Would you like to install and start the containers?", true) {

-			config.InstallationContainerType = podmanOrDocker(reader)
+			config.InstallationContainerType = podmanOrDocker()

 			if !isDockerInstalled() && runtime.GOOS == "linux" && config.InstallationContainerType == Docker {
-				if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
-					installDocker()
+				if readBool("Docker is not installed. Would you like to install it?", true) {
+					if err := installDocker(); err != nil {
+						fmt.Printf("Error installing Docker: %v\n", err)
+						return
+					}
+
 					// try to start docker service but ignore errors
 					if err := startDockerService(); err != nil {
 						fmt.Println("Error starting Docker service:", err)
@@ -132,7 +149,7 @@ func main() {
 					}
 					// wait 10 seconds for docker to start checking if docker is running every 2 seconds
 					fmt.Println("Waiting for Docker to start...")
-					for i := 0; i < 5; i++ {
+					for range 5 {
 						if isDockerRunning() {
 							fmt.Println("Docker is running!")
 							break
@@ -167,7 +184,7 @@ func main() {
 		fmt.Println("\n=== MaxMind Database Update ===")
 		if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
 			fmt.Println("MaxMind GeoLite2 Country database found.")
-			if readBool(reader, "Would you like to update the MaxMind database to the latest version?", false) {
+			if readBool("Would you like to update the MaxMind database to the latest version?", false) {
 				if err := downloadMaxMindDatabase(); err != nil {
 					fmt.Printf("Error updating MaxMind database: %v\n", err)
 					fmt.Println("You can try updating it manually later if needed.")
@@ -175,7 +192,7 @@ func main() {
 			}
 		} else {
 			fmt.Println("MaxMind GeoLite2 Country database not found.")
-			if readBool(reader, "Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
+			if readBool("Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
 				if err := downloadMaxMindDatabase(); err != nil {
 					fmt.Printf("Error downloading MaxMind database: %v\n", err)
 					fmt.Println("You can try downloading it manually later if needed.")
@@ -192,11 +209,11 @@ func main() {
 	if !checkIsCrowdsecInstalledInCompose() {
 		fmt.Println("\n=== CrowdSec Install ===")
 		// check if crowdsec is installed
-		if readBool(reader, "Would you like to install CrowdSec?", false) {
+		if readBool("Would you like to install CrowdSec?", false) {
 			fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.")

 			// BUG: crowdsec installation will be skipped if the user chooses to install on the first installation.
-			if readBool(reader, "Are you willing to manage CrowdSec?", false) {
+			if readBool("Are you willing to manage CrowdSec?", false) {
 				if config.DashboardDomain == "" {
 					traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml")
 					if err != nil {
@@ -225,8 +242,8 @@ func main() {
 					fmt.Printf("Let's Encrypt Email: %s\n", config.LetsEncryptEmail)
 					fmt.Printf("Badger Version: %s\n", config.BadgerVersion)

-					if !readBool(reader, "Are these values correct?", true) {
-						config = collectUserInput(reader)
+					if !readBool("Are these values correct?", true) {
+						config = collectUserInput()
 					}
 				}

@@ -235,14 +252,14 @@ func main() {
 				if detectedType == Undefined {
 					// If detection fails, prompt the user
 					fmt.Println("Unable to detect container type from existing installation.")
-					config.InstallationContainerType = podmanOrDocker(reader)
+					config.InstallationContainerType = podmanOrDocker()
 				} else {
 					config.InstallationContainerType = detectedType
 					fmt.Printf("Detected container type: %s\n", config.InstallationContainerType)
 				}

 				config.DoCrowdsecInstall = true
-				err := installCrowdsec(config)
+				err := installCrowdsec(config, installDir)
 				if err != nil {
 					fmt.Printf("Error installing CrowdSec: %v\n", err)
 					return
@@ -277,8 +294,119 @@ func main() {
 	fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain)
 }

-func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
-	inputContainer := readString(reader, "Would you like to run Pangolin as Docker or Podman containers?", "docker")
+func hasExistingInstall(dir string) bool {
+	configPath := filepath.Join(dir, "config", "config.yml")
+	_, err := os.Stat(configPath)
+	return err == nil
+}
+
+func findOrSelectInstallDirectory() string {
+	const defaultInstallDir = "/opt/pangolin"
+
+	// Get current working directory
+	cwd, err := os.Getwd()
+	if err != nil {
+		fmt.Printf("Error getting current directory: %v\n", err)
+		os.Exit(1)
+	}
+
+	// 1. Check current directory for existing install
+	if hasExistingInstall(cwd) {
+		fmt.Printf("Found existing Pangolin installation in current directory: %s\n", cwd)
+		return cwd
+	}
+
+	// 2. Check default location (/opt/pangolin) for existing install
+	if cwd != defaultInstallDir && hasExistingInstall(defaultInstallDir) {
+		fmt.Printf("\nFound existing Pangolin installation at: %s\n", defaultInstallDir)
+		if readBool(fmt.Sprintf("Would you like to use the existing installation at %s?", defaultInstallDir), true) {
+			return defaultInstallDir
+		}
+	}
+
+	// 3. No existing install found, prompt for installation directory
+	fmt.Println("\n=== Installation Directory ===")
+	fmt.Println("No existing Pangolin installation detected.")
+
+	installDir := readString("Enter the installation directory", defaultInstallDir)
+
+	// Expand ~ to home directory if present
+	if strings.HasPrefix(installDir, "~") {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			fmt.Printf("Error getting home directory: %v\n", err)
+			os.Exit(1)
+		}
+		installDir = filepath.Join(home, installDir[1:])
+	}
+
+	// Convert to absolute path
+	absPath, err := filepath.Abs(installDir)
+	if err != nil {
+		fmt.Printf("Error resolving path: %v\n", err)
+		os.Exit(1)
+	}
+	installDir = absPath
+
+	// Check if directory exists
+	if _, err := os.Stat(installDir); os.IsNotExist(err) {
+		// Directory doesn't exist, create it
+		if readBool(fmt.Sprintf("Directory %s does not exist. Create it?", installDir), true) {
+			if err := os.MkdirAll(installDir, 0755); err != nil {
+				fmt.Printf("Error creating directory: %v\n", err)
+				os.Exit(1)
+			}
+			fmt.Printf("Created directory: %s\n", installDir)
+
+			// Offer to change ownership if running via sudo
+			changeDirectoryOwnership(installDir)
+		} else {
+			fmt.Println("Installation cancelled.")
+			os.Exit(0)
+		}
+	}
+
+	fmt.Printf("Installation directory: %s\n", installDir)
+	return installDir
+}
+
+func changeDirectoryOwnership(dir string) {
+	// Check if we're running via sudo by looking for SUDO_USER
+	sudoUser := os.Getenv("SUDO_USER")
+	if sudoUser == "" || os.Geteuid() != 0 {
+		return
+	}
+
+	sudoUID := os.Getenv("SUDO_UID")
+	sudoGID := os.Getenv("SUDO_GID")
+
+	if sudoUID == "" || sudoGID == "" {
+		return
+	}
+
+	fmt.Printf("\nRunning as root via sudo (original user: %s)\n", sudoUser)
+	if readBool(fmt.Sprintf("Would you like to change ownership of %s to user '%s'? This makes it easier to manage config files without sudo.", dir, sudoUser), true) {
+		uid, err := strconv.Atoi(sudoUID)
+		if err != nil {
+			fmt.Printf("Warning: Could not parse SUDO_UID: %v\n", err)
+			return
+		}
+		gid, err := strconv.Atoi(sudoGID)
+		if err != nil {
+			fmt.Printf("Warning: Could not parse SUDO_GID: %v\n", err)
+			return
+		}
+
+		if err := os.Chown(dir, uid, gid); err != nil {
+			fmt.Printf("Warning: Could not change ownership: %v\n", err)
+		} else {
+			fmt.Printf("Changed ownership of %s to %s\n", dir, sudoUser)
+		}
+	}
+}
+
+func podmanOrDocker() SupportedContainer {
+	inputContainer := readString("Would you like to run Pangolin as Docker or Podman containers?", "docker")

 	chosenContainer := Docker
 	if strings.EqualFold(inputContainer, "docker") {
@@ -290,7 +418,8 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 		os.Exit(1)
 	}

-	if chosenContainer == Podman {
+	switch chosenContainer {
+	case Podman:
 		if !isPodmanInstalled() {
 			fmt.Println("Podman or podman-compose is not installed. Please install both manually. Automated installation will be available in a later release.")
 			os.Exit(1)
@@ -299,7 +428,7 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 		if err := exec.Command("bash", "-c", "cat /etc/sysctl.d/99-podman.conf 2>/dev/null | grep 'net.ipv4.ip_unprivileged_port_start=' || cat /etc/sysctl.conf 2>/dev/null | grep 'net.ipv4.ip_unprivileged_port_start='").Run(); err != nil {
 			fmt.Println("Would you like to configure ports >= 80 as unprivileged ports? This enables podman containers to listen on low-range ports.")
 			fmt.Println("Pangolin will experience startup issues if this is not configured, because it needs to listen on port 80/443 by default.")
-			approved := readBool(reader, "The installer is about to execute \"echo 'net.ipv4.ip_unprivileged_port_start=80' > /etc/sysctl.d/99-podman.conf && sysctl --system\". Approve?", true)
+			approved := readBool("The installer is about to execute \"echo 'net.ipv4.ip_unprivileged_port_start=80' > /etc/sysctl.d/99-podman.conf && sysctl --system\". Approve?", true)
 			if approved {
 				if os.Geteuid() != 0 {
 					fmt.Println("You need to run the installer as root for such a configuration.")
@@ -311,7 +440,7 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 				// Linux only.

 				if err := run("bash", "-c", "echo 'net.ipv4.ip_unprivileged_port_start=80' > /etc/sysctl.d/99-podman.conf && sysctl --system"); err != nil {
-				    fmt.Printf("Error configuring unprivileged ports: %v\n", err)
+					fmt.Printf("Error configuring unprivileged ports: %v\n", err)
 					os.Exit(1)
 				}
 			} else {
@@ -321,7 +450,7 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 			fmt.Println("Unprivileged ports have been configured.")
 		}

-	} else if chosenContainer == Docker {
+	case Docker:
 		// check if docker is not installed and the user is root
 		if !isDockerInstalled() {
 			if os.Geteuid() != 0 {
@@ -336,7 +465,7 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 			fmt.Println("The installer will not be able to run docker commands without running it as root.")
 			os.Exit(1)
 		}
-	} else {
+	default:
 		// This shouldn't happen unless there's a third container runtime.
 		os.Exit(1)
 	}
@@ -344,35 +473,35 @@ func podmanOrDocker(reader *bufio.Reader) SupportedContainer {
 	return chosenContainer
 }

-func collectUserInput(reader *bufio.Reader) Config {
+func collectUserInput() Config {
 	config := Config{}

 	// Basic configuration
 	fmt.Println("\n=== Basic Configuration ===")

-	config.IsEnterprise = readBoolNoDefault(reader, "Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
+	config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")

-	config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
+	config.BaseDomain = readString("Enter your base domain (no subdomain e.g. example.com)", "")

 	// Set default dashboard domain after base domain is collected
 	defaultDashboardDomain := ""
 	if config.BaseDomain != "" {
 		defaultDashboardDomain = "pangolin." + config.BaseDomain
 	}
-	config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
-	config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
-	config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
+	config.DashboardDomain = readString("Enter the domain for the Pangolin dashboard", defaultDashboardDomain)
+	config.LetsEncryptEmail = readString("Enter email for Let's Encrypt certificates", "")
+	config.InstallGerbil = readBool("Do you want to use Gerbil to allow tunneled connections", true)

 	// Email configuration
 	fmt.Println("\n=== Email Configuration ===")
-	config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
+	config.EnableEmail = readBool("Enable email functionality (SMTP)", false)

 	if config.EnableEmail {
-		config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
-		config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
-		config.EmailSMTPUser = readString(reader, "Enter SMTP username", "")
-		config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
-		config.EmailNoReply = readString(reader, "Enter no-reply email address (often the same as SMTP username)", "")
+		config.EmailSMTPHost = readString("Enter SMTP host", "")
+		config.EmailSMTPPort = readInt("Enter SMTP port (default 587)", 587)
+		config.EmailSMTPUser = readString("Enter SMTP username", "")
+		config.EmailSMTPPass = readPassword("Enter SMTP password")
+		config.EmailNoReply = readString("Enter no-reply email address (often the same as SMTP username)", "")
 	}

 	// Validate required fields
@@ -393,8 +522,8 @@ func collectUserInput(reader *bufio.Reader) Config {

 	fmt.Println("\n=== Advanced Configuration ===")

-	config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true)
-	config.EnableGeoblocking = readBool(reader, "Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)
+	config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
+	config.EnableGeoblocking = readBool("Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)

 	if config.DashboardDomain == "" {
 		fmt.Println("Error: Dashboard Domain name is required")
@@ -405,15 +534,23 @@ func collectUserInput(reader *bufio.Reader) Config {
 }

 func createConfigFiles(config Config) error {
-	os.MkdirAll("config", 0755)
-	os.MkdirAll("config/letsencrypt", 0755)
-	os.MkdirAll("config/db", 0755)
-	os.MkdirAll("config/logs", 0755)
+	if err := os.MkdirAll("config", 0755); err != nil {
+		return fmt.Errorf("failed to create config directory: %v", err)
+	}
+	if err := os.MkdirAll("config/letsencrypt", 0755); err != nil {
+		return fmt.Errorf("failed to create letsencrypt directory: %v", err)
+	}
+	if err := os.MkdirAll("config/db", 0755); err != nil {
+		return fmt.Errorf("failed to create db directory: %v", err)
+	}
+	if err := os.MkdirAll("config/logs", 0755); err != nil {
+		return fmt.Errorf("failed to create logs directory: %v", err)
+	}

 	// Walk through all embedded files
-	err := fs.WalkDir(configFiles, "config", func(path string, d fs.DirEntry, err error) error {
-		if err != nil {
-			return err
+	err := fs.WalkDir(configFiles, "config", func(path string, d fs.DirEntry, walkErr error) (err error) {
+		if walkErr != nil {
+			return walkErr
 		}

 		// Skip the root fs directory itself
@@ -464,7 +601,11 @@ func createConfigFiles(config Config) error {
 		if err != nil {
 			return fmt.Errorf("failed to create %s: %v", path, err)
 		}
-		defer outFile.Close()
+		defer func() {
+			if cerr := outFile.Close(); cerr != nil && err == nil {
+				err = cerr
+			}
+		}()

 		// Execute template
 		if err := tmpl.Execute(outFile, config); err != nil {
@@ -480,18 +621,26 @@ func createConfigFiles(config Config) error {
 	return nil
 }

-func copyFile(src, dst string) error {
+func copyFile(src, dst string) (err error) {
 	source, err := os.Open(src)
 	if err != nil {
 		return err
 	}
-	defer source.Close()
+	defer func() {
+		if cerr := source.Close(); cerr != nil && err == nil {
+			err = cerr
+		}
+	}()

 	destination, err := os.Create(dst)
 	if err != nil {
 		return err
 	}
-	defer destination.Close()
+	defer func() {
+		if cerr := destination.Close(); cerr != nil && err == nil {
+			err = cerr
+		}
+	}()

 	_, err = io.Copy(destination, source)
 	return err
@@ -562,22 +711,24 @@ func showSetupTokenInstructions(containerType SupportedContainer, dashboardDomai
 	fmt.Println("To get your setup token, you need to:")
 	fmt.Println("")
 	fmt.Println("1. Start the containers")
-	if containerType == Docker {
+	switch containerType {
+	case Docker:
 		fmt.Println("   docker compose up -d")
-	} else if containerType == Podman {
+	case Podman:
 		fmt.Println("   podman-compose up -d")
-	} else {
 	}
+
 	fmt.Println("")
 	fmt.Println("2. Wait for the Pangolin container to start and generate the token")
 	fmt.Println("")
 	fmt.Println("3. Check the container logs for the setup token")
-	if containerType == Docker {
+	switch containerType {
+	case Docker:
 		fmt.Println("   docker logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
-	} else if containerType == Podman {
+	case Podman:
 		fmt.Println("   podman logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'")
-	} else {
 	}
+
 	fmt.Println("")
 	fmt.Println("4. Look for output like")
 	fmt.Println("   === SETUP TOKEN GENERATED ===")
@@ -601,32 +752,6 @@ func generateRandomSecretKey() string {
 	return base64.StdEncoding.EncodeToString(secret)
 }

-func getPublicIP() string {
-	client := &http.Client{
-		Timeout: 10 * time.Second,
-	}
-
-	resp, err := client.Get("https://ifconfig.io/ip")
-	if err != nil {
-		return ""
-	}
-	defer resp.Body.Close()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return ""
-	}
-
-	ip := strings.TrimSpace(string(body))
-
-	// Validate that it's a valid IP address
-	if net.ParseIP(ip) != nil {
-		return ip
-	}
-
-	return ""
-}
-
 // Run external commands with stdio/stderr attached.
 func run(name string, args ...string) error {
 	cmd := exec.Command(name, args...)
@@ -639,10 +764,7 @@ func checkPortsAvailable(port int) error {
 	addr := fmt.Sprintf(":%d", port)
 	ln, err := net.Listen("tcp", addr)
 	if err != nil {
-		return fmt.Errorf(
-			"ERROR: port %d is occupied or cannot be bound: %w\n\n",
-			port, err,
-		)
+		return fmt.Errorf("ERROR: port %d is occupied or cannot be bound: %w", port, err)
 	}
 	if closeErr := ln.Close(); closeErr != nil {
 		fmt.Fprintf(os.Stderr,
--- a/install/theme.go
+++ b/install/theme.go
@@ -0,0 +1,51 @@
+package main
+
+import (
+	"github.com/charmbracelet/huh"
+	"github.com/charmbracelet/lipgloss"
+)
+
+// Pangolin brand colors (converted from oklch to hex)
+var (
+	// Primary orange/amber - oklch(0.6717 0.1946 41.93)
+	primaryColor = lipgloss.AdaptiveColor{Light: "#D97706", Dark: "#F59E0B"}
+	// Muted foreground
+	mutedColor = lipgloss.AdaptiveColor{Light: "#737373", Dark: "#A3A3A3"}
+	// Success green
+	successColor = lipgloss.AdaptiveColor{Light: "#16A34A", Dark: "#22C55E"}
+	// Error red - oklch(0.577 0.245 27.325)
+	errorColor = lipgloss.AdaptiveColor{Light: "#DC2626", Dark: "#EF4444"}
+	// Normal text
+	normalFg = lipgloss.AdaptiveColor{Light: "#171717", Dark: "#FAFAFA"}
+)
+
+// ThemePangolin returns a huh theme using Pangolin brand colors
+func ThemePangolin() *huh.Theme {
+	t := huh.ThemeBase()
+
+	// Focused state styles
+	t.Focused.Base = t.Focused.Base.BorderForeground(primaryColor)
+	t.Focused.Title = t.Focused.Title.Foreground(primaryColor).Bold(true)
+	t.Focused.Description = t.Focused.Description.Foreground(mutedColor)
+	t.Focused.ErrorIndicator = t.Focused.ErrorIndicator.Foreground(errorColor)
+	t.Focused.ErrorMessage = t.Focused.ErrorMessage.Foreground(errorColor)
+	t.Focused.SelectSelector = t.Focused.SelectSelector.Foreground(primaryColor)
+	t.Focused.NextIndicator = t.Focused.NextIndicator.Foreground(primaryColor)
+	t.Focused.PrevIndicator = t.Focused.PrevIndicator.Foreground(primaryColor)
+	t.Focused.Option = t.Focused.Option.Foreground(normalFg)
+	t.Focused.SelectedOption = t.Focused.SelectedOption.Foreground(primaryColor)
+	t.Focused.SelectedPrefix = lipgloss.NewStyle().Foreground(successColor).SetString("✓ ")
+	t.Focused.UnselectedPrefix = lipgloss.NewStyle().Foreground(mutedColor).SetString("  ")
+	t.Focused.FocusedButton = t.Focused.FocusedButton.Foreground(lipgloss.Color("#FFFFFF")).Background(primaryColor)
+	t.Focused.BlurredButton = t.Focused.BlurredButton.Foreground(normalFg).Background(lipgloss.AdaptiveColor{Light: "#E5E5E5", Dark: "#404040"})
+	t.Focused.TextInput.Cursor = t.Focused.TextInput.Cursor.Foreground(primaryColor)
+	t.Focused.TextInput.Prompt = t.Focused.TextInput.Prompt.Foreground(primaryColor)
+
+	// Blurred state inherits from focused but with hidden border
+	t.Blurred = t.Focused
+	t.Blurred.Base = t.Focused.Base.BorderStyle(lipgloss.HiddenBorder())
+	t.Blurred.Title = t.Blurred.Title.Foreground(mutedColor).Bold(false)
+	t.Blurred.TextInput.Prompt = t.Blurred.TextInput.Prompt.Foreground(mutedColor)
+
+	return t
+}
--- a/license_header_checker.py
+++ b/license_header_checker.py
@@ -0,0 +1,137 @@
+import os
+import sys
+
+# --- Configuration ---
+# The header text to be added to the files.
+HEADER_TEXT = """/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+"""
+
+HEADER_NORMALIZED = HEADER_TEXT.strip()
+
+
+def extract_leading_block_comment(content):
+    """
+    If the file content begins with a /* ... */ block comment, return the
+    full text of that comment (including the delimiters) and the index at
+    which the rest of the file starts (after any trailing newlines).
+    Returns (None, 0) when no such comment is found.
+    """
+    stripped = content.lstrip()
+    if not stripped.startswith('/*'):
+        return None, 0
+
+    # Account for any leading whitespace before the comment
+    comment_start = content.index('/*')
+    end_marker = content.find('*/', comment_start + 2)
+    if end_marker == -1:
+        return None, 0
+
+    comment_end = end_marker + 2  # position just after '*/'
+    comment_text = content[comment_start:comment_end].strip()
+
+    # Advance past any whitespace / newlines that follow the closing */
+    rest_start = comment_end
+    while rest_start < len(content) and content[rest_start] in '\n\r':
+        rest_start += 1
+
+    return comment_text, rest_start
+
+
+def should_add_header(file_path):
+    """
+    Checks if a file should receive the commercial license header.
+    Returns True if 'server/private' is in the path.
+    """
+    if 'server/private' in file_path.lower():
+        return True
+
+    return False
+
+
+def process_directory(root_dir):
+    """
+    Recursively scans a directory and adds/replaces/removes headers in
+    qualifying .ts or .tsx files, skipping any 'node_modules' directories.
+    """
+    print(f"Scanning directory: {root_dir}")
+    files_processed = 0
+    files_modified = 0
+
+    for root, dirs, files in os.walk(root_dir):
+        # Exclude 'node_modules' directories from the scan.
+        if 'node_modules' in dirs:
+            dirs.remove('node_modules')
+
+        for file in files:
+            if not (file.endswith('.ts') or file.endswith('.tsx')):
+                continue
+
+            file_path = os.path.join(root, file)
+            files_processed += 1
+
+            try:
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    original_content = f.read()
+
+                existing_comment, body_start = extract_leading_block_comment(
+                    original_content
+                )
+                has_any_header = existing_comment is not None
+                has_correct_header = existing_comment == HEADER_NORMALIZED
+
+                body = original_content[body_start:] if has_any_header else original_content
+
+                if should_add_header(file_path):
+                    if has_correct_header:
+                        print(f"Header up-to-date:  {file_path}")
+                    else:
+                        # Either no header exists or the header is outdated - write
+                        # the correct one.
+                        action = "Replaced header in" if has_any_header else "Added header to"
+                        new_content = HEADER_NORMALIZED + '\n\n' + body
+                        with open(file_path, 'w', encoding='utf-8') as f:
+                            f.write(new_content)
+                        print(f"{action}: {file_path}")
+                        files_modified += 1
+                else:
+                    if has_any_header:
+                        # Remove the header - it shouldn't be here.
+                        with open(file_path, 'w', encoding='utf-8') as f:
+                            f.write(body)
+                        print(f"Removed header from: {file_path}")
+                        files_modified += 1
+                    else:
+                        print(f"No header needed:   {file_path}")
+
+            except Exception as e:
+                print(f"Error processing file {file_path}: {e}")
+
+    print("\n--- Scan Complete ---")
+    print(f"Total .ts or .tsx files found:          {files_processed}")
+    print(f"Files modified (added/replaced/removed): {files_modified}")
+
+
+if __name__ == "__main__":
+    # Get the target directory from the command line arguments.
+    # If no directory is provided, it uses the current directory ('.').
+    if len(sys.argv) > 1:
+        target_directory = sys.argv[1]
+    else:
+        target_directory = '.'  # Default to current directory
+
+    if not os.path.isdir(target_directory):
+        print(f"Error: Directory '{target_directory}' not found.")
+        sys.exit(1)
+
+    process_directory(os.path.abspath(target_directory))
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "Vertrieb kontaktieren, um diese Funktion zu aktivieren.",
+    "contactSalesBookDemo": "Demo vereinbaren",
+    "contactSalesOr": "oder",
+    "contactSalesContactUs": "kontaktieren Sie uns",
    "setupCreate": "Organisation, Standort und Ressourcen erstellen",
    "headerAuthCompatibilityInfo": "Aktivieren Sie dies, um eine 401 Nicht autorisierte Antwort zu erzwingen, wenn ein Authentifizierungs-Token fehlt. Dies ist erforderlich für Browser oder bestimmte HTTP-Bibliotheken, die keine Anmeldedaten ohne Server-Challenge senden.",
    "headerAuthCompatibility": "Erweiterte Kompatibilität",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "Ungültige oder abgelaufene Lizenzschlüssel erkannt. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
    "dismiss": "Verwerfen",
    "subscriptionViolationMessage": "Sie überschreiten Ihre Grenzen für Ihr aktuelles Paket. Korrigieren Sie das Problem, indem Sie Webseiten, Benutzer oder andere Ressourcen entfernen, um in Ihrem Paket zu bleiben.",
+    "trialBannerMessage": "Ihre Testversion läuft in {countdown} ab. Upgraden, um den Zugriff zu behalten.",
+    "trialBannerExpired": "Ihre Testversion ist abgelaufen. Jetzt upgraden, um den Zugriff wiederherzustellen.",
+    "billingTrialBannerTitle": "Kostenlose Testversion aktiv",
+    "billingTrialBannerDescription": "Sie nutzen derzeit eine kostenlose Testversion auf der Geschäftsstufe. Wenn die Testversion endet, wird Ihr Konto automatisch auf die Funktionen und Beschränkungen der Basisstufe zurückgesetzt. Upgraden Sie jederzeit, um weiterhin Zugriff auf die Funktionen Ihres aktuellen Plans zu behalten.",
+    "billingTrialBannerUpgrade": "Jetzt upgraden",
+    "billingTrialBadge": "Kostenlose Testversion",
+    "trialActive": "Kostenlose Testversion aktiv",
+    "trialExpired": "Testversion abgelaufen",
+    "trialHasEnded": "Ihre Testversion ist beendet.",
+    "trialDaysRemaining": "{count, plural, one {# Tag übrig} other {# Tage übrig}}",
+    "trialDaysLeftShort": "Noch {days}d in der Testversion",
+    "trialGoToBilling": "Zur Rechnungsseite gehen",
    "subscriptionViolationViewBilling": "Rechnung anzeigen",
    "componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Standorte, was das Lizenzlimit von {maxSites} Standorten überschreitet. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
    "componentsSupporterMessage": "Vielen Dank für die Unterstützung von Pangolin als {tier}!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "Ich habe die Konfiguration kopiert",
    "searchSitesProgress": "Standorte durchsuchen...",
    "siteAdd": "Standort hinzufügen",
+    "sitesTableViewPublicResources": "Öffentliche Ressourcen anzeigen",
+    "sitesTableViewPrivateResources": "Private Ressourcen anzeigen",
    "siteInstallNewt": "Newt installieren",
    "siteInstallNewtDescription": "Installiere Newt auf deinem System.",
    "WgConfiguration": "WireGuard Konfiguration",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "Der Standort wurde aktualisiert.",
    "siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren",
    "siteSettingDescription": "Standorteinstellungen konfigurieren",
+    "siteResourcesTab": "Ressourcen",
+    "siteResourcesNoneOnSite": "Diese Seite hat noch keine öffentlichen oder privaten Ressourcen.",
+    "siteResourcesSectionPublic": "Öffentliche Ressourcen",
+    "siteResourcesSectionPrivate": "Private Ressourcen",
+    "siteResourcesSectionPublicDescription": "Ressourcen, die extern über Domains oder Ports bereitgestellt werden.",
+    "siteResourcesSectionPrivateDescription": "Ressourcen, die in Ihrem privaten Netzwerk über die Seite verfügbar sind.",
+    "siteResourcesViewAllPublic": "Alle Ressourcen anzeigen",
+    "siteResourcesViewAllPrivate": "Alle Ressourcen anzeigen",
+    "siteResourcesDialogDescription": "Überblick über öffentliche und private Ressourcen, die mit dieser Seite verbunden sind.",
+    "siteResourcesShowMore": "Mehr anzeigen",
+    "siteResourcesPermissionDenied": "Sie haben keine Berechtigung, diese Ressourcen aufzulisten.",
+    "siteResourcesEmptyPublic": "Noch sind keine öffentlichen Ressourcen für diese Seite vorhanden.",
+    "siteResourcesEmptyPrivate": "Noch sind keine privaten Ressourcen mit dieser Seite verbunden.",
+    "siteResourcesHowToAccess": "Zugriffsmöglichkeiten",
+    "siteResourcesTargetsOnSite": "Ziele auf dieser Seite",
    "siteSetting": "{siteName} Einstellungen",
    "siteNewtTunnel": "Newt Standort (empfohlen)",
    "siteNewtTunnelDescription": "Einfachster Weg, einen Einstiegspunkt in jedes Netzwerk zu erstellen. Keine zusätzliche Einrichtung.",
@@ -148,6 +181,11 @@
    "createLink": "Link erstellen",
    "resourcesNotFound": "Keine Ressourcen gefunden",
    "resourceSearch": "Suche Ressourcen",
+    "machineSearch": "Maschinen suchen",
+    "machinesSearch": "Suche Maschinen-Klienten...",
+    "machineNotFound": "Keine Maschinen gefunden",
+    "userDeviceSearch": "Benutzergeräte durchsuchen",
+    "userDevicesSearch": "Benutzergeräte durchsuchen...",
    "openMenu": "Menü öffnen",
    "resource": "Ressource",
    "title": "Titel",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "Proxy-Anfragen über HTTPS mit einem voll qualifizierten Domain-Namen.",
    "resourceRaw": "Direkte TCP/UDP Ressource (raw)",
    "resourceRawDescription": "Proxy-Anfragen über rohes TCP/UDP mit einer Portnummer.",
+    "resourceRawDescriptionCloud": "Proxy-Anfragen über rohe TCP/UDP mit Portnummer. Benötigt Sites, um sich mit einem entfernten Knoten zu verbinden.",
    "resourceCreate": "Ressource erstellen",
    "resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen",
    "resourceSeeAll": "Alle Ressourcen anzeigen",
@@ -261,8 +300,11 @@
    "orgMissing": "Organisations-ID fehlt",
    "orgMissingMessage": "Einladung kann ohne Organisations-ID nicht neu generiert werden.",
    "accessUsersManage": "Benutzer verwalten",
+    "accessUserManage": "Benutzer verwalten",
    "accessUsersDescription": "Benutzer mit Zugriff auf diese Organisation einladen und verwalten",
    "accessUsersSearch": "Benutzer suchen...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# Rolle} other {# Rollen}}",
+    "accessUsersRoleFilterClear": "Rollenfilter löschen",
    "accessUserCreate": "Benutzer erstellen",
    "accessUserRemove": "Benutzer entfernen",
    "username": "Benutzername",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "API-Schlüssel löschen",
    "apiKeysManage": "API-Schlüssel verwalten",
    "apiKeysDescription": "API-Schlüssel werden zur Authentifizierung mit der Integrations-API verwendet",
+    "provisioningKeysTitle": "Bereitstellungsschlüssel",
+    "provisioningKeysManage": "Bereitstellungsschlüssel verwalten",
+    "provisioningKeysDescription": "Bereitstellungsschlüssel werden verwendet, um die automatisierte Bereitstellung von Seiten für Ihr Unternehmen zu authentifizieren.",
+    "provisioningManage": "Bereitstellung",
+    "provisioningDescription": "Bereitstellungsschlüssel verwalten und ausstehende Seiten prüfen, die noch auf Genehmigung warten.",
+    "pendingSites": "Ausstehende Seiten",
+    "siteApproveSuccess": "Site erfolgreich freigegeben",
+    "siteApproveError": "Fehler beim Bestätigen der Seite",
+    "provisioningKeys": "Bereitstellungsschlüssel",
+    "searchProvisioningKeys": "Bereitstellungsschlüssel suchen...",
+    "provisioningKeysAdd": "Bereitstellungsschlüssel generieren",
+    "provisioningKeysErrorDelete": "Fehler beim Löschen des Bereitstellungsschlüssels",
+    "provisioningKeysErrorDeleteMessage": "Fehler beim Löschen des Bereitstellungsschlüssels",
+    "provisioningKeysQuestionRemove": "Sind Sie sicher, dass Sie diesen Bereitstellungsschlüssel aus der Organisation entfernen möchten?",
+    "provisioningKeysMessageRemove": "Einmal entfernt, kann der Schlüssel nicht mehr für die Bereitstellung der Site verwendet werden.",
+    "provisioningKeysDeleteConfirm": "Bereitstellungsschlüssel löschen bestätigen",
+    "provisioningKeysDelete": "Bereitstellungsschlüssel löschen",
+    "provisioningKeysCreate": "Bereitstellungsschlüssel generieren",
+    "provisioningKeysCreateDescription": "Einen neuen Bereitstellungsschlüssel für die Organisation generieren",
+    "provisioningKeysSeeAll": "Alle Bereitstellungsschlüssel anzeigen",
+    "provisioningKeysSave": "Bereitstellungsschlüssel speichern",
+    "provisioningKeysSaveDescription": "Sie können dies nur einmal sehen. Kopieren Sie es an einen sicheren Ort.",
+    "provisioningKeysErrorCreate": "Fehler beim Erstellen des Bereitstellungsschlüssels",
+    "provisioningKeysList": "Neuer Bereitstellungsschlüssel",
+    "provisioningKeysMaxBatchSize": "Max. Batch-Größe",
+    "provisioningKeysUnlimitedBatchSize": "Unbegrenzte Batch-Größe (kein Limit)",
+    "provisioningKeysMaxBatchUnlimited": "Unbegrenzt",
+    "provisioningKeysMaxBatchSizeInvalid": "Geben Sie eine gültige maximale Batchgröße ein (1–1.000.000).",
+    "provisioningKeysValidUntil": "Gültig bis",
+    "provisioningKeysValidUntilHint": "Leer lassen für keine Verjährung.",
+    "provisioningKeysValidUntilInvalid": "Geben Sie ein gültiges Datum und Zeit ein.",
+    "provisioningKeysNumUsed": "Verwendete Zeiten",
+    "provisioningKeysLastUsed": "Zuletzt verwendet",
+    "provisioningKeysNoExpiry": "Kein Ablauf",
+    "provisioningKeysNeverUsed": "Nie",
+    "provisioningKeysEdit": "Bereitstellungsschlüssel bearbeiten",
+    "provisioningKeysEditDescription": "Aktualisieren Sie die maximale Batch-Größe und Ablaufzeit für diesen Schlüssel.",
+    "provisioningKeysApproveNewSites": "Neue Seiten genehmigen",
+    "provisioningKeysApproveNewSitesDescription": "Sites, die sich mit diesem Schlüssel registrieren, automatisch freigeben.",
+    "provisioningKeysUpdateError": "Fehler beim Aktualisieren des Bereitstellungsschlüssels",
+    "provisioningKeysUpdated": "Bereitstellungsschlüssel aktualisiert",
+    "provisioningKeysUpdatedDescription": "Ihre Änderungen wurden gespeichert.",
+    "provisioningKeysBannerTitle": "Website-Bereitstellungsschlüssel",
+    "provisioningKeysBannerDescription": "Generieren Sie einen Bereitstellungsschlüssel und verwenden Sie ihn mit dem Newt-Connector, um Standorte beim ersten Start automatisch zu erstellen - keine Notwendigkeit, separate Anmeldedaten für jede Seite einzurichten.",
+    "provisioningKeysBannerButtonText": "Mehr erfahren",
+    "pendingSitesBannerTitle": "Ausstehende Seiten",
+    "pendingSitesBannerDescription": "Websites, die mit einem Bereitstellungsschlüssel verbunden sind, erscheinen hier zur Überprüfung.",
+    "pendingSitesBannerButtonText": "Mehr erfahren",
    "apiKeysSettings": "{apiKeyName} Einstellungen",
    "userTitle": "Alle Benutzer verwalten",
    "userDescription": "Alle Benutzer im System anzeigen und verwalten",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "Fehler beim Aktivieren des Lizenzschlüssels",
    "licenseErrorKeyActivateDescription": "Beim Aktivieren des Lizenzschlüssels ist ein Fehler aufgetreten.",
    "licenseAbout": "Über Lizenzierung",
+    "licenseBannerTitle": "Aktivieren Sie Ihre Enterprise-Lizenz",
+    "licenseBannerDescription": "Schalten Sie Unternehmensfunktionen für Ihre selbstgehostete Pangolin-Instanz frei. Kaufen Sie einen Lizenzschlüssel, um Premium-Funktionen zu aktivieren, und fügen Sie ihn dann unten hinzu.",
+    "licenseBannerGetLicense": "Lizenz erhalten",
+    "licenseBannerViewDocs": "Dokumentation anzeigen",
    "communityEdition": "Community-Edition",
    "licenseAboutDescription": "Dies ist für Geschäfts- und Unternehmensanwender, die Pangolin in einem kommerziellen Umfeld einsetzen. Wenn Sie Pangolin für den persönlichen Gebrauch verwenden, können Sie diesen Abschnitt ignorieren.",
    "licenseKeyActivated": "Lizenzschlüssel aktiviert",
@@ -508,9 +602,12 @@
    "userSaved": "Benutzer gespeichert",
    "userSavedDescription": "Der Benutzer wurde aktualisiert.",
    "autoProvisioned": "Automatisch bereitgestellt",
+    "autoProvisionSettings": "Auto-Bereitstellungseinstellungen",
    "autoProvisionedDescription": "Erlaube diesem Benutzer die automatische Verwaltung durch Identitätsanbieter",
    "accessControlsDescription": "Verwalten Sie, worauf dieser Benutzer in der Organisation zugreifen und was er tun kann",
    "accessControlsSubmit": "Zugriffskontrollen speichern",
+    "singleRolePerUserPlanNotice": "Ihr Plan unterstützt nur eine Rolle pro Benutzer.",
+    "singleRolePerUserEditionNotice": "Diese Ausgabe unterstützt nur eine Rolle pro Benutzer.",
    "roles": "Rollen",
    "accessUsersRoles": "Benutzer & Rollen verwalten",
    "accessUsersRolesDescription": "Lade Benutzer ein und füge sie zu Rollen hinzu, um den Zugriff auf die Organisation zu verwalten",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "Bitte geben Sie eine gültige Portnummer ein",
    "targetErrorNoSite": "Kein Standort ausgewählt",
    "targetErrorNoSiteDescription": "Bitte wähle einen Standort für das Ziel aus",
+    "targetTargetsCleared": "Ziele gelöscht",
+    "targetTargetsClearedDescription": "Alle Ziele wurden aus dieser Ressource entfernt",
    "targetCreated": "Ziel erstellt",
    "targetCreatedDescription": "Ziel wurde erfolgreich erstellt",
    "targetErrorCreate": "Fehler beim Erstellen des Ziels",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "Fehler beim Umschalten der Ressource",
    "resourcesErrorUpdateDescription": "Beim Aktualisieren der Ressource ist ein Fehler aufgetreten",
    "access": "Zugriff",
+    "accessControl": "Zugriffskontrolle",
    "shareLink": "{resource} Freigabe-Link",
    "resourceSelect": "Ressource auswählen",
    "shareLinks": "Freigabe-Links",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpunkt",
    "newtId": "ID",
    "newtSecretKey": "Geheimnis",
+    "newtVersion": "Version",
    "architecture": "Architektur",
    "sites": "Standorte",
    "siteWgAnyClients": "Verwenden Sie jeden WireGuard-Client um sich zu verbinden. Sie müssen interne Ressourcen über die Peer-IP ansprechen.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "Rolle entfernt",
    "accessRoleRemovedDescription": "Die Rolle wurde erfolgreich entfernt.",
    "accessRoleRequiredRemove": "Bevor Sie diese Rolle löschen, wählen Sie bitte eine neue Rolle aus, zu der die bestehenden Mitglieder übertragen werden sollen.",
+    "network": "Netzwerk",
    "manage": "Verwalten",
    "sitesNotFound": "Keine Standorte gefunden.",
    "pangolinServerAdmin": "Server-Admin - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "Ein Anzeigename für diesen Identitätsanbieter",
    "idpAutoProvisionUsers": "Automatische Benutzerbereitstellung",
    "idpAutoProvisionUsersDescription": "Wenn aktiviert, werden Benutzer beim ersten Login automatisch im System erstellt, mit der Möglichkeit, Benutzer Rollen und Organisationen zuzuordnen.",
+    "idpAutoProvisionConfigureAfterCreate": "Sie können die automatische Bereitstellung einstellen, sobald der Identitätsanbieter erstellt ist.",
    "licenseBadge": "EE",
    "idpType": "Anbietertyp",
    "idpTypeDescription": "Wählen Sie den Typ des Identitätsanbieters, den Sie konfigurieren möchten",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "Standard-Rollenzuordnung",
    "defaultMappingsRoleDescription": "JMESPath zur Extraktion von Rolleninformationen aus dem ID-Token. Das Ergebnis dieses Ausdrucks muss den Rollennamen als String zurückgeben, wie er in der Organisation definiert ist.",
    "defaultMappingsOrg": "Standard-Organisationszuordnung",
-    "defaultMappingsOrgDescription": "JMESPath zur Extraktion von Organisationsinformationen aus dem ID-Token. Dieser Ausdruck muss die Organisations-ID oder true zurückgeben, damit der Benutzer Zugriff auf die Organisation erhält.",
+    "defaultMappingsOrgDescription": "Wenn diese Einstellung festgelegt ist, muss dieser Ausdruck die Organisations-ID oder wahr zurückgeben, damit der Benutzer diese Organisation betreten kann. Ist sie nicht festgelegt, reicht die Definition einer Rollenzuordnung aus: Der Benutzer darf eintreten, solange eine gültige Rollenzuordnung innerhalb der Organisation für ihn aufgelöst werden kann.",
    "defaultMappingsSubmit": "Standardzuordnungen speichern",
    "orgPoliciesEdit": "Organisationsrichtlinie bearbeiten",
    "org": "Organisation",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "Hoppla! Die gesuchte Seite existiert nicht.",
    "overview": "Übersicht",
    "home": "Startseite",
-    "accessControl": "Zugriffskontrolle",
    "settings": "Einstellungen",
    "usersAll": "Alle Benutzer",
    "license": "Lizenz",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "Benutzer abrufen",
    "actionGetOrgUser": "Organisationsbenutzer abrufen",
    "actionListOrgDomains": "Organisationsdomains auflisten",
+    "actionGetDomain": "Domain abrufen",
+    "actionCreateOrgDomain": "Domain erstellen",
+    "actionUpdateOrgDomain": "Domain aktualisieren",
+    "actionDeleteOrgDomain": "Domain löschen",
+    "actionGetDNSRecords": "DNS-Einträge abrufen",
+    "actionRestartOrgDomain": "Domain neu starten",
    "actionCreateSite": "Standort erstellen",
    "actionDeleteSite": "Standort löschen",
    "actionGetSite": "Standort abrufen",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "Geben Sie das Setup-Token von der Serverkonsole ein.",
    "setupTokenRequired": "Setup-Token ist erforderlich",
    "actionUpdateSite": "Standorte aktualisieren",
+    "actionResetSiteBandwidth": "Organisations-Bandbreite zurücksetzen",
    "actionListSiteRoles": "Erlaubte Standort-Rollen auflisten",
    "actionCreateResource": "Ressource erstellen",
    "actionDeleteResource": "Ressource löschen",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "Benutzer entfernen",
    "actionListUsers": "Benutzer auflisten",
    "actionAddUserRole": "Benutzerrolle hinzufügen",
+    "actionSetUserOrgRoles": "Benutzerrollen festlegen",
    "actionGenerateAccessToken": "Zugriffstoken generieren",
    "actionDeleteAccessToken": "Zugriffstoken löschen",
    "actionListAccessTokens": "Zugriffstoken auflisten",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "Logs anzeigen",
    "noneSelected": "Keine ausgewählt",
    "orgNotFound2": "Keine Organisationen gefunden.",
+    "search": "Suche…",
    "searchPlaceholder": "Suche...",
    "emptySearchOptions": "Keine Optionen gefunden",
    "create": "Erstellen",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "Privat",
    "sidebarAccessControl": "Zugriffskontrolle",
    "sidebarLogsAndAnalytics": "Protokolle & Analysen",
+    "sidebarTeam": "Team",
    "sidebarUsers": "Benutzer",
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Einladungen",
    "sidebarRoles": "Rollen",
    "sidebarShareableLinks": "Links",
    "sidebarApiKeys": "API-Schlüssel",
+    "sidebarProvisioning": "Bereitstellung",
    "sidebarSettings": "Einstellungen",
    "sidebarAllUsers": "Alle Benutzer",
    "sidebarIdentityProviders": "Identitätsanbieter",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "Verwalten",
    "sidebarLogAndAnalytics": "Log & Analytik",
    "sidebarBluePrints": "Blaupausen",
+    "sidebarAlerting": "Benachrichtigung",
+    "sidebarHealthChecks": "Gesundheits-Checks",
    "sidebarOrganization": "Organisation",
+    "sidebarManagement": "Management",
    "sidebarBillingAndLicenses": "Abrechnung & Lizenzen",
    "sidebarLogsAnalytics": "Analytik",
+    "alertingTitle": "Benachrichtigung",
+    "alertingDescription": "Quellen, Auslöser und Aktionen für Benachrichtigungen festlegen",
+    "alertingRules": "Benachrichtigungsregeln",
+    "alertingSearchRules": "Suchregeln…",
+    "alertingAddRule": "Regel erstellen",
+    "alertingColumnSource": "Quelle",
+    "alertingColumnTrigger": "Auslöser",
+    "alertingColumnActions": "Aktionen",
+    "alertingColumnEnabled": "Aktiviert",
+    "alertingDeleteQuestion": "Bitte bestätigen Sie, dass Sie diese Benachrichtigungsregel löschen möchten.",
+    "alertingDeleteRule": "Benachrichtigungsregel löschen",
+    "alertingRuleDeleted": "Benachrichtigungsregel gelöscht",
+    "alertingRuleSaved": "Benachrichtigungsregel gespeichert",
+    "alertingRuleSavedCreatedDescription": "Ihre neue Benachrichtigungsregel wurde erstellt. Sie können sie auf dieser Seite weiter bearbeiten.",
+    "alertingRuleSavedUpdatedDescription": "Ihre Änderungen an dieser Benachrichtigungsregel wurden gespeichert.",
+    "alertingEditRule": "Benachrichtigungsregel bearbeiten",
+    "alertingCreateRule": "Benachrichtigungsregel erstellen",
+    "alertingRuleCredenzaDescription": "Wählen Sie aus, was beobachtet, wann ausgelöst und wie benachrichtigt werden soll",
+    "alertingRuleNamePlaceholder": "Produktionsseite ausgefallen",
+    "alertingRuleEnabled": "Regel aktiviert",
+    "alertingSectionSource": "Quelle",
+    "alertingSourceType": "Quellentyp",
+    "alertingSourceSite": "Standort",
+    "alertingSourceHealthCheck": "Gesundheits-Check",
+    "alertingPickSites": "Standorte",
+    "alertingPickHealthChecks": "Gesundheits-Checks",
+    "alertingPickResources": "Ressourcen",
+    "alertingAllSites": "Alle Standorte",
+    "alertingAllSitesDescription": "Benachrichtigung für jeden Standort",
+    "alertingSpecificSites": "Bestimmte Standorte",
+    "alertingSpecificSitesDescription": "Wählen Sie spezifische Standorte zur Beobachtung aus",
+    "alertingAllHealthChecks": "Alle Gesundheits-Checks",
+    "alertingAllHealthChecksDescription": "Benachrichtigung für jeden Gesundheits-Check",
+    "alertingSpecificHealthChecks": "Bestimmte Gesundheits-Checks",
+    "alertingSpecificHealthChecksDescription": "Wählen Sie spezifische Gesundheits-Checks zur Beobachtung aus",
+    "alertingAllResources": "Alle Ressourcen",
+    "alertingAllResourcesDescription": "Benachrichtigung für jede Ressource",
+    "alertingSpecificResources": "Spezifische Ressourcen",
+    "alertingSpecificResourcesDescription": "Wählen Sie spezifische Ressourcen zur Beobachtung aus",
+    "alertingSelectResources": "Ressourcen auswählen…",
+    "alertingResourcesSelected": "{count} Ressourcen ausgewählt",
+    "alertingResourcesEmpty": "Keine Ressourcen mit Zielen in den ersten 10 Ergebnissen.",
+    "alertingSectionTrigger": "Auslöser",
+    "alertingTrigger": "Wann benachrichtigen",
+    "alertingTriggerSiteOnline": "Seite online",
+    "alertingTriggerSiteOffline": "Seite offline",
+    "alertingTriggerSiteToggle": "Seitenstatus ändern",
+    "alertingTriggerHcHealthy": "Gesundheits-Check gesund",
+    "alertingTriggerHcUnhealthy": "Gesundheits-Check ungesund",
+    "alertingTriggerHcToggle": "Gesundheits-Check-Status ändern",
+    "alertingTriggerResourceHealthy": "Ressource gesund",
+    "alertingTriggerResourceUnhealthy": "Ressource ungesund",
+    "alertingTriggerResourceDegraded": "Ressource verschlechtert",
+    "alertingSearchHealthChecks": "Gesundheits-Checks suchen…",
+    "alertingHealthChecksEmpty": "Keine Gesundheits-Checks verfügbar.",
+    "alertingTriggerResourceToggle": "Ressourcenstatus ändern",
+    "alertingSourceResource": "Ressource",
+    "alertingSectionActions": "Aktionen",
+    "alertingAddAction": "Aktion hinzufügen",
+    "alertingActionNotify": "E-Mail",
+    "alertingActionNotifyDescription": "Versenden Sie E-Mail-Benachrichtigungen an Benutzer oder Rollen",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "Senden Sie eine HTTP-Anfrage an einen benutzerdefinierten Endpunkt",
+    "alertingExternalIntegration": "Externe Integration",
+    "alertingExternalPagerDutyDescription": "Senden Sie Benachrichtigungen an PagerDuty für Incident Management",
+    "alertingExternalOpsgenieDescription": "Leiten Sie Benachrichtigungen an Opsgenie für On-Call Management",
+    "alertingExternalServiceNowDescription": "Erstellen Sie ServiceNow-Incidents aus Benachrichtigungsereignissen",
+    "alertingExternalIncidentIoDescription": "Starten Sie Incident.io-Workflows aus Benachrichtigungsereignissen",
+    "alertingActionType": "Aktionstyp",
+    "alertingNotifyUsers": "Benutzer",
+    "alertingNotifyRoles": "Rollen",
+    "alertingNotifyEmails": "E-Mail-Adressen",
+    "alertingEmailPlaceholder": "E-Mail hinzufügen und Enter drücken",
+    "alertingWebhookMethod": "HTTP-Methode",
+    "alertingWebhookSecret": "Signatur geheim (optional)",
+    "alertingWebhookSecretPlaceholder": "HMAC-Geheimnis",
+    "alertingWebhookHeaders": "Header",
+    "alertingAddHeader": "Header hinzufügen",
+    "alertingSelectSites": "Standorte auswählen…",
+    "alertingSitesSelected": "{count} Standorte ausgewählt",
+    "alertingSelectHealthChecks": "Gesundheits-Checks auswählen…",
+    "alertingHealthChecksSelected": "{count} Gesundheits-Checks ausgewählt",
+    "alertingNoHealthChecks": "Keine Ziele mit aktivierten Gesundheits-Checks",
+    "alertingHealthCheckStub": "Gesundheits-Quellenauswahl ist noch nicht verdrahtet – Sie können trotzdem Auslöser und Aktionen konfigurieren.",
+    "alertingSelectUsers": "Benutzer auswählen…",
+    "alertingUsersSelected": "{count} Benutzer ausgewählt",
+    "alertingSelectRoles": "Rollen auswählen…",
+    "alertingRolesSelected": "{count} Rollen ausgewählt",
+    "alertingSummarySites": "Standorte ({count})",
+    "alertingSummaryAllSites": "Alle Standorte",
+    "alertingSummaryHealthChecks": "Gesundheits-Checks ({count})",
+    "alertingSummaryAllHealthChecks": "Alle Gesundheits-Checks",
+    "alertingSummaryResources": "Ressourcen ({count})",
+    "alertingSummaryAllResources": "Alle Ressourcen",
+    "alertingErrorNameRequired": "Einen Namen eingeben",
+    "alertingErrorActionsMin": "Mindestens eine Aktion hinzufügen",
+    "alertingErrorPickSites": "Wählen Sie mindestens einen Standort aus",
+    "alertingErrorPickHealthChecks": "Wählen Sie mindestens einen Gesundheits-Check aus",
+    "alertingErrorPickResources": "Wählen Sie mindestens eine Ressource aus",
+    "alertingErrorTriggerSite": "Wählen Sie einen Auslöser für den Standort",
+    "alertingErrorTriggerHealth": "Wählen Sie einen Auslöser für den Gesundheits-Check",
+    "alertingErrorTriggerResource": "Wählen Sie einen Auslöser für die Ressource",
+    "alertingErrorNotifyRecipients": "Wählen Sie Benutzer, Rollen oder mindestens eine E-Mail aus",
+    "alertingConfigureSource": "Quelle konfigurieren",
+    "alertingConfigureTrigger": "Auslöser konfigurieren",
+    "alertingConfigureActions": "Aktionen konfigurieren",
+    "alertingBackToRules": "Zurück zu den Regeln",
+    "alertingRuleCooldown": "Cooldown (Sekunden)",
+    "alertingRuleCooldownDescription": "Mindest-Zeit zwischen wiederholten Benachrichtigungen für dieselbe Regel. Auf 0 setzen, um jedes Mal auszulösen.",
+    "alertingDraftBadge": "Entwurf - speichern, um diese Regel zu sichern",
+    "alertingSidebarHint": "Klicken Sie auf einen Schritt auf der Leinwand, um ihn hier zu bearbeiten.",
+    "alertingGraphCanvasTitle": "Regelfluss",
+    "alertingGraphCanvasDescription": "Visuelle Übersicht über Quelle, Auslöser und Aktionen. Wählen Sie einen Knoten aus, um ihn im Panel zu bearbeiten.",
+    "alertingNodeNotConfigured": "Noch nicht konfiguriert",
+    "alertingNodeActionsCount": "{count, plural, one {# Aktion} other {# Aktionen}}",
+    "alertingNodeRoleSource": "Quelle",
+    "alertingNodeRoleTrigger": "Auslöser",
+    "alertingNodeRoleAction": "Aktion",
+    "alertingTabRules": "Benachrichtigungsregeln",
+    "alertingTabHealthChecks": "Gesundheits-Checks",
+    "alertingRulesBannerTitle": "Benachrichtigt werden",
+    "alertingRulesBannerDescription": "Jede Regel verknüpft, was beobachtet werden soll (eine Seite, ein Gesundheits-Check oder eine Ressource), wann es ausgelöst werden soll (zum Beispiel offline oder ungesund), und wie Ihr Team benachrichtigt wird, z. B. per E-Mail, Webhooks oder Integrationen. Verwenden Sie diese Liste, um diese Regeln zu erstellen, zu aktivieren und zu verwalten.",
+    "alertingHealthChecksBannerTitle": "Gesundheit & Ressourcen überwachen",
+    "alertingHealthChecksBannerDescription": "Gesundheits-Checks sind HTTP- oder TCP-Monitore, die Sie einmal definieren. Sie können sie dann als Quellen in Benachrichtigungsregeln verwenden, so dass Sie benachrichtigt werden, wenn ein Ziel gesund oder ungesund wird. Gesundheits-Checks für Ressourcen erscheinen ebenfalls hier.",
+    "standaloneHcTableTitle": "Gesundheits-Checks",
+    "standaloneHcSearchPlaceholder": "Gesundheits-Checks suchen…",
+    "standaloneHcAddButton": "Gesundheits-Check erstellen",
+    "standaloneHcCreateTitle": "Gesundheits-Check erstellen",
+    "standaloneHcEditTitle": "Gesundheits-Check bearbeiten",
+    "standaloneHcDescription": "Konfigurieren Sie einen HTTP- oder TCP-Gesundheits-Check zur Verwendung in Benachrichtigungsregeln.",
+    "standaloneHcNameLabel": "Name",
+    "standaloneHcNamePlaceholder": "Mein HTTP-Monitor",
+    "standaloneHcDeleteTitle": "Gesundheits-Check löschen",
+    "standaloneHcDeleteQuestion": "Bitte bestätigen Sie, dass Sie diesen Gesundheits-Check löschen möchten.",
+    "standaloneHcDeleted": "Gesundheits-Check gelöscht",
+    "standaloneHcSaved": "Gesundheits-Check gespeichert",
+    "standaloneHcColumnHealth": "Gesundheit",
+    "standaloneHcColumnMode": "Modus",
+    "standaloneHcColumnTarget": "Ziel",
+    "standaloneHcHealthStateHealthy": "Gesund",
+    "standaloneHcHealthStateUnhealthy": "Ungesund",
+    "standaloneHcHealthStateUnknown": "Unbekannt",
+    "standaloneHcFilterAnySite": "Alle Standorte",
+    "standaloneHcFilterAnyResource": "Alle Ressourcen",
+    "standaloneHcFilterMode": "Modus",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "Gesundheit",
+    "standaloneHcFilterEnabled": "Aktiviert",
+    "standaloneHcFilterEnabledOn": "Aktiviert",
+    "standaloneHcFilterEnabledOff": "Deaktiviert",
+    "standaloneHcFilterSiteIdFallback": "Standort {id}",
+    "standaloneHcFilterResourceIdFallback": "Ressource {id}",
    "blueprints": "Blaupausen",
    "blueprintsDescription": "Deklarative Konfigurationen anwenden und vorherige Abläufe anzeigen",
    "blueprintAdd": "Blueprint hinzufügen",
@@ -1289,7 +1560,6 @@
    "parsedContents": "Analysierte Inhalte (Nur lesen)",
    "enableDockerSocket": "Docker Blueprint aktivieren",
    "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blueprintbeschriftungen. Der Socket-Pfad muss neu angegeben werden.",
-    "enableDockerSocketLink": "Mehr erfahren",
    "viewDockerContainers": "Docker Container anzeigen",
    "containersIn": "Container in {siteName}",
    "selectContainerDescription": "Wählen Sie einen Container, der als Hostname für dieses Ziel verwendet werden soll. Klicken Sie auf einen Port, um einen Port zu verwenden.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "Erstellen Sie das initiale Server-Admin-Konto. Es kann nur einen Server-Admin geben. Sie können diese Anmeldedaten später immer ändern.",
    "createAdminAccount": "Admin-Konto erstellen",
    "setupErrorCreateAdmin": "Beim Erstellen des Server-Admin-Kontos ist ein Fehler aufgetreten.",
-    "certificateStatus": "Zertifikatsstatus",
+    "certificateStatus": "Zertifikat",
+    "certificateStatusAutoRefreshHint": "Der Status wird automatisch aktualisiert.",
    "loading": "Laden",
    "loadingAnalytics": "Analytik wird geladen",
    "restart": "Neustart",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "Versionshinweise anzeigen",
    "newtUpdateAvailable": "Update verfügbar",
    "newtUpdateAvailableInfo": "Eine neue Version von Newt ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
+    "pangolinNodeUpdateAvailableInfo": "Eine neue Version von Pangolin Node ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
    "domainPickerEnterDomain": "Domäne",
    "domainPickerPlaceholder": "myapp.example.com",
    "domainPickerDescription": "Geben Sie die vollständige Domain der Ressource ein, um verfügbare Optionen zu sehen.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "Namespace: {namespace}",
    "domainPickerShowMore": "Mehr anzeigen",
    "regionSelectorTitle": "Region auswählen",
+    "domainPickerRemoteExitNodeWarning": "Angegebene Domains werden nicht unterstützt, wenn sich Websites mit externen Exit-Knoten verbinden. Damit Ressourcen auf entfernten Knoten verfügbar sind, verwenden Sie stattdessen eine eigene Domain.",
    "regionSelectorInfo": "Das Auswählen einer Region hilft uns, eine bessere Leistung für Ihren Standort bereitzustellen. Sie müssen sich nicht in derselben Region wie Ihr Server befinden.",
    "regionSelectorPlaceholder": "Wähle eine Region",
    "regionSelectorComingSoon": "Kommt bald",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "Verfügbarkeitshinweis",
    "billingFeatureLossDescription": "Durch Herabstufung werden Funktionen, die im neuen Paket nicht verfügbar sind, automatisch deaktiviert. Einige Einstellungen und Konfigurationen können verloren gehen. Bitte überprüfen Sie die Preismatrix um zu verstehen, welche Funktionen nicht mehr verfügbar sein werden.",
    "billingUsageExceedsLimit": "Aktuelle Nutzung ({current}) überschreitet das Limit ({limit})",
+    "billingPastDueTitle": "Zahlung vergangene Fälligkeit",
+    "billingPastDueDescription": "Ihre Zahlung ist abgelaufen. Bitte aktualisieren Sie Ihre Zahlungsmethode, um die aktuellen Funktionen Ihres Pakets weiter zu nutzen. Wenn nicht geklärt, wird Ihr Abonnement abgebrochen und Sie werden auf die kostenlose Stufe zurückgekehrt.",
+    "billingUnpaidTitle": "Unbezahltes Abonnement",
+    "billingUnpaidDescription": "Dein Abonnement ist unbezahlt und du wurdest auf die kostenlose Stufe zurückgekehrt. Bitte aktualisiere deine Zahlungsmethode, um dein Abonnement wiederherzustellen.",
+    "billingIncompleteTitle": "Zahlung unvollständig",
+    "billingIncompleteDescription": "Ihre Zahlung ist unvollständig. Bitte schließen Sie den Zahlungsvorgang ab, um Ihr Abonnement zu aktivieren.",
+    "billingIncompleteExpiredTitle": "Zahlung abgelaufen",
+    "billingIncompleteExpiredDescription": "Deine Zahlung wurde nie abgeschlossen und ist abgelaufen. Du wurdest zur kostenlosen Stufe zurückgekehrt. Bitte melde dich erneut an, um den Zugriff auf kostenpflichtige Funktionen wiederherzustellen.",
+    "billingManageSubscription": "Verwalten Sie Ihr Abonnement",
+    "billingResolvePaymentIssue": "Bitte beheben Sie Ihr Zahlungsproblem vor dem Upgrade oder Herabstufen",
    "signUpTerms": {
        "IAgreeToThe": "Ich stimme den",
        "termsOfService": "Nutzungsbedingungen zu",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "Gesundheits-Check konfigurieren",
    "configureHealthCheckDescription": "Richten Sie die Gesundheitsüberwachung für {target} ein",
    "enableHealthChecks": "Gesundheits-Checks aktivieren",
+    "healthCheckDisabledStateDescription": "Wenn deaktiviert, führt die Seite keine Gesundheitsprüfungen durch und der Zustand wird als unbekannt betrachtet.",
    "enableHealthChecksDescription": "Überwachen Sie die Gesundheit dieses Ziels. Bei Bedarf können Sie einen anderen Endpunkt als das Ziel überwachen.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Methode auswählen",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "Zeit ist in Sekunden",
    "requireDeviceApproval": "Gerätegenehmigungen erforderlich",
    "requireDeviceApprovalDescription": "Benutzer mit dieser Rolle benötigen neue Geräte, die von einem Administrator genehmigt wurden, bevor sie sich verbinden und auf Ressourcen zugreifen können.",
+    "sshAccess": "SSH-Zugriff",
+    "roleAllowSsh": "SSH erlauben",
+    "roleAllowSshAllow": "Erlauben",
+    "roleAllowSshDisallow": "Nicht zulassen",
+    "roleAllowSshDescription": "Benutzern mit dieser Rolle erlauben, sich über SSH mit Ressourcen zu verbinden. Wenn deaktiviert, kann die Rolle keinen SSH-Zugriff verwenden.",
+    "sshSudoMode": "Sudo-Zugriff",
+    "sshSudoModeNone": "Keine",
+    "sshSudoModeNoneDescription": "Benutzer kann keine Befehle mit sudo ausführen.",
+    "sshSudoModeFull": "Volles Sudo",
+    "sshSudoModeFullDescription": "Benutzer kann jeden Befehl mit sudo ausführen.",
+    "sshSudoModeCommands": "Befehle",
+    "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
+    "sshSudo": "sudo erlauben",
+    "sshSudoCommands": "Sudo-Befehle",
+    "sshSudoCommandsDescription": "Kommagetrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf.",
+    "sshCreateHomeDir": "Home-Verzeichnis erstellen",
+    "sshUnixGroups": "Unix-Gruppen",
+    "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
    "retryAttempts": "Wiederholungsversuche",
    "expectedResponseCodes": "Erwartete Antwortcodes",
    "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "Prüfintervall muss mindestens 5 Sekunden betragen",
    "healthCheckTimeoutMin": "Zeitüberschreitung muss mindestens 1 Sekunde betragen",
    "healthCheckRetryMin": "Wiederholungsversuche müssen mindestens 1 betragen",
+    "healthCheckMode": "Überprüfungsmodus",
+    "healthCheckStrategy": "Strategie",
+    "healthCheckModeDescription": "TCP-Modus überprüft nur die Konnektivität. HTTP-Modus validiert die HTTP-Antwort.",
+    "healthyThreshold": "Gesundheitsschwelle",
+    "healthyThresholdDescription": "Erforderliche aufeinanderfolgende Erfolge, bevor als gesund markiert wird.",
+    "unhealthyThreshold": "Ungesunde Schwelle",
+    "unhealthyThresholdDescription": "Erforderliche aufeinanderfolgende Fehlschläge, bevor als ungesund markiert wird.",
+    "healthCheckHealthyThresholdMin": "Gesundheitsschwelle muss mindestens 1 betragen",
+    "healthCheckUnhealthyThresholdMin": "Ungesunde Schwelle muss mindestens 1 betragen",
    "httpMethod": "HTTP-Methode",
    "selectHttpMethod": "HTTP-Methode auswählen",
    "domainPickerSubdomainLabel": "Subdomain",
+    "domainPickerWildcard": "Platzhalter",
+    "domainPickerWildcardPaidOnly": "Wildcard-Subdomains sind ein kostenpflichtiges Feature. Bitte upgraden Sie, um auf dieses Feature zuzugreifen.",
    "domainPickerBaseDomainLabel": "Basisdomain",
    "domainPickerSearchDomains": "Domains suchen...",
    "domainPickerNoDomainsFound": "Keine Domains gefunden",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "Diese Adresse ist Teil des Utility-Subnetzes der Organisation. Sie wird verwendet, um Alias-Einträge mit interner DNS-Auflösung aufzulösen.",
    "resourcesTableClients": "Clients",
    "resourcesTableAndOnlyAccessibleInternally": "und sind nur intern zugänglich, wenn mit einem Client verbunden.",
-    "resourcesTableNoTargets": "Keine Ziele",
    "resourcesTableHealthy": "Gesund",
    "resourcesTableDegraded": "Degradiert",
-    "resourcesTableOffline": "Offline",
+    "resourcesTableUnhealthy": "Ungesund",
    "resourcesTableUnknown": "Unbekannt",
    "resourcesTableNotMonitored": "Nicht überwacht",
+    "resourcesTableNoTargets": "Keine Ziele",
    "editInternalResourceDialogEditClientResource": "Private Ressource bearbeiten",
    "editInternalResourceDialogUpdateResourceProperties": "Ressourcen-Konfiguration und Zugriffssteuerung für {resourceName} aktualisieren",
    "editInternalResourceDialogResourceProperties": "Ressourceneigenschaften",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "Port",
    "editInternalResourceDialogModeHost": "Host",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "Schema",
+    "editInternalResourceDialogEnableSsl": "SSL aktivieren",
+    "editInternalResourceDialogEnableSslDescription": "SSL/TLS-Verschlüsselung für sichere HTTPS-Verbindungen zum Ziel aktivieren.",
    "editInternalResourceDialogDestination": "Ziel",
    "editInternalResourceDialogDestinationHostDescription": "Die IP-Adresse oder der Hostname der Ressource im Netzwerk der Website.",
    "editInternalResourceDialogDestinationIPDescription": "Die IP-Adresse oder Hostname Adresse der Ressource im Netzwerk der Website.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "Name",
    "createInternalResourceDialogSite": "Standort",
    "selectSite": "Standort auswählen...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# Standort} other {# Standorte}}",
    "noSitesFound": "Keine Standorte gefunden.",
    "createInternalResourceDialogProtocol": "Protokoll",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "Port",
    "createInternalResourceDialogModeHost": "Host",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "Schema",
+    "createInternalResourceDialogScheme": "Schema",
+    "createInternalResourceDialogEnableSsl": "SSL aktivieren",
+    "createInternalResourceDialogEnableSslDescription": "SSL/TLS-Verschlüsselung für sichere HTTPS-Verbindungen zum Ziel aktivieren.",
    "createInternalResourceDialogDestination": "Ziel",
    "createInternalResourceDialogDestinationHostDescription": "Die IP-Adresse oder der Hostname der Ressource im Netzwerk der Website.",
    "createInternalResourceDialogDestinationCidrDescription": "Der CIDR-Bereich der Ressource im Netzwerk der Website.",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "Ein optionaler interner DNS-Alias für diese Ressource.",
+    "internalResourceDownstreamSchemeRequired": "Schema ist für HTTP-Ressourcen erforderlich",
+    "internalResourceHttpPortRequired": "Zielport ist für HTTP-Ressourcen erforderlich",
    "siteConfiguration": "Konfiguration",
    "siteAcceptClientConnections": "Clientverbindungen akzeptieren",
    "siteAcceptClientConnectionsDescription": "Erlaube Benutzer-Geräten und Clients Zugriff auf Ressourcen auf diesem Standort. Dies kann später geändert werden.",
@@ -1851,6 +2178,40 @@
    "exitNode": "Exit-Node",
    "country": "Land",
    "rulesMatchCountry": "Derzeit basierend auf der Quell-IP",
+    "region": "Region",
+    "selectRegion": "Region wählen...",
+    "searchRegions": "Regionen suchen...",
+    "noRegionFound": "Keine Region gefunden.",
+    "rulesMatchRegion": "Wählen Sie eine Regionalgruppe von Ländern",
+    "rulesErrorInvalidRegion": "Ungültige Region",
+    "rulesErrorInvalidRegionDescription": "Bitte wählen Sie eine gültige Region aus.",
+    "regionAfrica": "Afrika",
+    "regionNorthernAfrica": "Nordafrika",
+    "regionEasternAfrica": "Ostafrika",
+    "regionMiddleAfrica": "Zentralafrika",
+    "regionSouthernAfrica": "Südliches Afrika",
+    "regionWesternAfrica": "Westafrika",
+    "regionAmericas": "Amerika",
+    "regionCaribbean": "Karibik",
+    "regionCentralAmerica": "Mittelamerika",
+    "regionSouthAmerica": "Südamerika",
+    "regionNorthernAmerica": "Nordamerika",
+    "regionAsia": "Asien",
+    "regionCentralAsia": "Zentralasien",
+    "regionEasternAsia": "Ostasien",
+    "regionSouthEasternAsia": "Südostasien",
+    "regionSouthernAsia": "Südasien",
+    "regionWesternAsia": "Westasien",
+    "regionEurope": "Europa",
+    "regionEasternEurope": "Osteuropa",
+    "regionNorthernEurope": "Nordeuropa",
+    "regionSouthernEurope": "Südeuropa",
+    "regionWesternEurope": "Westeuropa",
+    "regionOceania": "Ozeanien",
+    "regionAustraliaAndNewZealand": "Australien und Neuseeland",
+    "regionMelanesia": "Melanesien",
+    "regionMicronesia": "Mikronesien",
+    "regionPolynesia": "Polynesien",
    "managedSelfHosted": {
        "title": "Verwaltetes Selbsthosted",
        "description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichen Glocken und Pfeifen",
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "Internationale Domain erkannt",
    "willbestoredas": "Wird gespeichert als:",
-    "roleMappingDescription": "Legen Sie fest, wie den Benutzern Rollen zugewiesen werden, wenn sie sich anmelden, wenn Auto Provision aktiviert ist.",
+    "roleMappingDescription": "Bestimmen Sie, wie Rollen zugewiesen werden, wenn sich Benutzer mit diesem Identitätsanbieter anmelden.",
    "selectRole": "Wählen Sie eine Rolle",
    "roleMappingExpression": "Ausdruck",
    "selectRolePlaceholder": "Rolle auswählen",
@@ -1899,6 +2260,25 @@
    "invalidValue": "Ungültiger Wert",
    "idpTypeLabel": "Identitätsanbietertyp",
    "roleMappingExpressionPlaceholder": "z. B. enthalten(Gruppen, 'admin') && 'Admin' || 'Mitglied'",
+    "roleMappingModeFixedRoles": "Feste Rollen",
+    "roleMappingModeMappingBuilder": "Mapping Builder",
+    "roleMappingModeRawExpression": "Roher Ausdruck",
+    "roleMappingFixedRolesPlaceholderSelect": "Wählen Sie eine oder mehrere Rollen",
+    "roleMappingFixedRolesPlaceholderFreeform": "Rollennamen eingeben (exakte Übereinstimmung pro Organisation)",
+    "roleMappingFixedRolesDescriptionSameForAll": "Weisen Sie jedem auto-provisionierten Benutzer die gleiche Rolle zu.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "Für Standardrichtlinien geben Sie Rollennamen ein, die in jeder Organisation existieren, in der Benutzer angegeben sind. Namen müssen exakt übereinstimmen.",
+    "roleMappingClaimPath": "Pfad einfordern",
+    "roleMappingClaimPathPlaceholder": "gruppen",
+    "roleMappingClaimPathDescription": "Pfad in der Token Payload mit Quellwerten (zum Beispiel Gruppen).",
+    "roleMappingMatchValue": "Match-Wert",
+    "roleMappingAssignRoles": "Rollen zuweisen",
+    "roleMappingAddMappingRule": "Zuordnungsregel hinzufügen",
+    "roleMappingRawExpressionResultDescription": "Ausdruck muss zu einem String oder String Array ausgewertet werden.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "Ausdruck muss zu einem String (einem einzigen Rollennamen) ausgewertet werden.",
+    "roleMappingMatchValuePlaceholder": "Match-Wert (z. B.: Admin)",
+    "roleMappingAssignRolesPlaceholderFreeform": "Rollennamen eingeben (exakt pro Ort)",
+    "roleMappingBuilderFreeformRowHint": "Rollennamen müssen mit einer Rolle in jeder Zielorganisation übereinstimmen.",
+    "roleMappingRemoveRule": "Entfernen",
    "idpGoogleConfiguration": "Google-Konfiguration",
    "idpGoogleConfigurationDescription": "Google OAuth2 Zugangsdaten konfigurieren",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "Wählen Sie eine Domain für die Authentifizierungsseite der Organisation",
    "domainPickerProvidedDomain": "Angegebene Domain",
    "domainPickerFreeProvidedDomain": "Kostenlose Domain",
+    "domainPickerFreeDomainsPaidFeature": "Bereitgestellte Domains sind ein kostenpflichtiges Feature. Abonnieren Sie, um eine Domain in Ihrem Tarif zu erhalten – keine Notwendigkeit, Ihre eigene mitzubringen.",
    "domainPickerVerified": "Verifiziert",
    "domainPickerUnverified": "Nicht verifiziert",
-    "domainPickerInvalidSubdomainStructure": "Diese Subdomain enthält ungültige Zeichen oder Struktur. Sie wird beim Speichern automatisch bereinigt.",
+    "domainPickerManual": "Manuell",
+    "domainPickerInvalidSubdomainStructure": "Ungültige Zeichen werden beim Speichern bereinigt.",
    "domainPickerError": "Fehler",
    "domainPickerErrorLoadDomains": "Fehler beim Laden der Organisations-Domains",
    "domainPickerErrorCheckAvailability": "Fehler beim Prüfen der Domain-Verfügbarkeit",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "Wähle deinen Identitätsanbieter um fortzufahren",
    "orgAuthNoIdpConfigured": "Diese Organisation hat keine Identitätsanbieter konfiguriert. Sie können sich stattdessen mit Ihrer Pangolin-Identität anmelden.",
    "orgAuthSignInWithPangolin": "Mit Pangolin anmelden",
-    "orgAuthSignInToOrg": "Bei einer Organisation anmelden",
+    "orgAuthSignInToOrg": "Organisations-Identitätsanbieter (SSO)",
    "orgAuthSelectOrgTitle": "Organisations-Anmeldung",
    "orgAuthSelectOrgDescription": "Geben Sie Ihre Organisations-ID ein, um fortzufahren",
    "orgAuthOrgIdPlaceholder": "Ihre Organisation",
@@ -2138,7 +2520,7 @@
        "alerts": {
            "commercialUseDisclosure": {
                "title": "Verwendungsanzeige",
-                "description": "Wählen Sie die Lizenz-Ebene, die Ihre beabsichtigte Nutzung genau widerspiegelt. Die Persönliche Lizenz erlaubt die freie Nutzung der Software für individuelle, nicht-kommerzielle oder kleine kommerzielle Aktivitäten mit jährlichen Brutto-Einnahmen von 100.000 USD. Über diese Grenzen hinausgehende Verwendungszwecke – einschließlich der Verwendung innerhalb eines Unternehmens, einer Organisation, oder eine andere umsatzgenerierende Umgebung — erfordert eine gültige Enterprise-Lizenz und die Zahlung der Lizenzgebühr. Alle Benutzer, ob Personal oder Enterprise, müssen die Fossorial Commercial License Bedingungen einhalten."
+                "description": "Wählen Sie die Lizenz-Ebene, die Ihre beabsichtigte Nutzung genau widerspiegelt. Die Persönliche Lizenz erlaubt die freie Nutzung der Software für individuelle, nicht-kommerzielle oder kleine kommerzielle Aktivitäten mit jährlichen Brutto-Einnahmen von 100.000 USD. Über diese Grenzen hinausgehende Verwendungszwecke – einschließlich der Verwendung innerhalb eines Unternehmens, einer Organisation, oder eine andere umsatzgenerierende Umgebung - erfordert eine gültige Enterprise-Lizenz und die Zahlung der Lizenzgebühr. Alle Benutzer, ob Personal oder Enterprise, müssen die Fossorial Commercial License Bedingungen einhalten."
            },
            "trialPeriodInformation": {
                "title": "Testperiode Information",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "Maßstab",
-                "description": "Enterprise Features, 50 Benutzer, 50 Sites und Prioritätsunterstützung."
+                "description": "Unternehmensmerkmale, 50 Benutzer, 100 Standorte und prioritärer Support."
            }
        },
-        "personalUseOnly": "Nur persönliche Nutzung (kostenlose Lizenz — keine Kasse)",
+        "personalUseOnly": "Nur persönliche Nutzung (kostenlose Lizenz - kein Checkout)",
        "buttons": {
            "continueToCheckout": "Weiter zur Kasse"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "Gültiges Passwort",
    "validEmail": "Gültige E-Mail-Adresse",
    "validSSO": "Gültige SSO-Anmeldung",
+    "connectedClient": "Verbundenes Gerät",
    "resourceBlocked": "Ressource blockiert",
    "droppedByRule": "Abgelegt durch Regel",
    "noSessions": "Keine Sitzungen",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "Keine gültige Authentifizierungsmethode verfügbar",
    "ip": "IP",
    "reason": "Grund",
-    "requestLogs": "Logs anfordern",
+    "requestLogs": "HTTP Anforderungsprotokolle",
    "requestAnalytics": "Anfrage-Analyse anzeigen",
    "host": "Host",
    "location": "Standort",
    "actionLogs": "Aktionsprotokolle",
-    "sidebarLogsRequest": "Logs anfordern",
+    "sidebarLogsRequest": "HTTP Anforderungsprotokolle",
    "sidebarLogsAccess": "Zugriffsprotokolle",
    "sidebarLogsAction": "Aktionsprotokolle",
    "logRetention": "Log-Speicherung",
    "logRetentionDescription": "Verwalten, wie lange verschiedene Logs für diese Organisation gespeichert werden oder deaktivieren",
    "requestLogsDescription": "Detaillierte Request-Logs für Ressourcen in dieser Organisation anzeigen",
    "requestAnalyticsDescription": "Detaillierte Anfrage-Analyse für Ressourcen in dieser Organisation anzeigen",
-    "logRetentionRequestLabel": "Log-Speicherung anfordern",
+    "logRetentionRequestLabel": "HTTP Anforderungsprotokoll Aufbewahrung",
    "logRetentionRequestDescription": "Wie lange sollen Request-Logs gespeichert werden",
    "logRetentionAccessLabel": "Zugriffsprotokoll-Speicherung",
    "logRetentionAccessDescription": "Wie lange Zugriffsprotokolle beibehalten werden sollen",
    "logRetentionActionLabel": "Aktionsprotokoll-Speicherung",
    "logRetentionActionDescription": "Dauer des Action-Logs",
+    "logRetentionConnectionLabel": "Verbindungsprotokoll-Speicherung",
+    "logRetentionConnectionDescription": "Wie lange Verbindungsprotokolle gespeichert werden sollen",
    "logRetentionDisabled": "Deaktiviert",
    "logRetention3Days": "3 Tage",
    "logRetention7Days": "7 Tage",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "Ende des folgenden Jahres",
    "actionLogsDescription": "Verlauf der in dieser Organisation durchgeführten Aktionen anzeigen",
    "accessLogsDescription": "Zugriffsauth-Anfragen für Ressourcen in dieser Organisation anzeigen",
-    "licenseRequiredToUse": "Um diese Funktion nutzen zu können, ist eine <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> Lizenz erforderlich. Diese Funktion ist auch in der <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> verfügbar.",
-    "ossEnterpriseEditionRequired": "Um diese Funktion nutzen zu können, ist die <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> erforderlich. Diese Funktion ist auch in der <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> verfügbar.",
+    "connectionLogs": "Verbindungsprotokolle",
+    "connectionLogsDescription": "Verbindungsprotokolle für Tunnel in dieser Organisation anzeigen",
+    "sidebarLogsConnection": "Verbindungsprotokolle",
+    "sidebarLogsStreaming": "Streaming",
+    "sourceAddress": "Quelladresse",
+    "destinationAddress": "Zieladresse",
+    "duration": "Dauer",
+    "licenseRequiredToUse": "Eine <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> Lizenz oder <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> wird benötigt, um diese Funktion nutzen zu können. <bookADemoLink>Buchen Sie eine Demo oder POC Testversion</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "Die <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> wird benötigt, um diese Funktion nutzen zu können. Diese Funktion ist auch in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>verfügbar. <bookADemoLink>Buchen Sie eine Demo oder POC Testversion</bookADemoLink>.",
    "certResolver": "Zertifikatsauflöser",
    "certResolverDescription": "Wählen Sie den Zertifikatslöser aus, der für diese Ressource verwendet werden soll.",
    "selectCertResolver": "Zertifikatsauflöser auswählen",
@@ -2448,6 +2840,9 @@
    "machineClients": "Maschinen-Clients",
    "install": "Installieren",
    "run": "Ausführen",
+    "envFile": "Umgebungsdatei",
+    "serviceFile": "Servicedatei",
+    "enableAndStart": "Aktivieren und Starten",
    "clientNameDescription": "Der Anzeigename des Clients, der später geändert werden kann.",
    "clientAddress": "Clientadresse (Erweitert)",
    "setupFailedToFetchSubnet": "Fehler beim Abrufen des Standard-Subnetzes",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "Clients hinzufügen",
    "editInternalResourceDialogDestinationLabel": "Ziel",
    "editInternalResourceDialogDestinationDescription": "Geben Sie die Zieladresse für die interne Ressource an. Dies kann ein Hostname, eine IP-Adresse oder ein CIDR-Bereich sein, abhängig vom gewählten Modus. Legen Sie optional einen internen DNS-Alias für eine vereinfachte Identifizierung fest.",
+    "internalResourceFormMultiSiteRoutingHelp": "Durch die Auswahl mehrerer Seiten wird ein ausfallsicheres Routing und Failover für hohe Verfügbarkeit ermöglicht.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "Mehr erfahren",
    "editInternalResourceDialogPortRestrictionsDescription": "Den Zugriff auf bestimmte TCP/UDP-Ports beschränken oder alle Ports erlauben/blockieren.",
+    "createInternalResourceDialogHttpConfiguration": "HTTP-Konfiguration",
+    "createInternalResourceDialogHttpConfigurationDescription": "Wählen Sie die Domain, die Clients verwenden, um über HTTP oder HTTPS auf diese Ressource zuzugreifen.",
+    "editInternalResourceDialogHttpConfiguration": "HTTP-Konfiguration",
+    "editInternalResourceDialogHttpConfigurationDescription": "Wählen Sie die Domain, die Clients verwenden, um über HTTP oder HTTPS auf diese Ressource zuzugreifen.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "Zugriffskontrolle",
    "editInternalResourceDialogAccessControlDescription": "Kontrollieren Sie, welche Rollen, Benutzer und Maschinen-Clients Zugriff auf diese Ressource haben, wenn sie verbunden sind. Admins haben immer Zugriff.",
    "editInternalResourceDialogPortRangeValidationError": "Der Port-Bereich muss \"*\" für alle Ports sein, oder eine kommaseparierte Liste von Ports und Bereichen (z.B. \"80,443.8000-9000\"). Ports müssen zwischen 1 und 65535 liegen.",
+    "internalResourceAuthDaemonStrategy": "SSH Auth-Daemon Standort",
+    "internalResourceAuthDaemonStrategyDescription": "Wählen Sie aus, wo der SSH-Authentifizierungs-Daemon läuft: auf der Site (Newt) oder auf einem entfernten Host.",
+    "internalResourceAuthDaemonDescription": "Der SSH-Authentifizierungs-Daemon verarbeitet SSH-Schlüsselsignaturen und PAM-Authentifizierung für diese Ressource. Wählen Sie, ob sie auf der Website (Newt) oder auf einem separaten entfernten Host ausgeführt wird. Siehe <docsLink>die Dokumentation</docsLink> für mehr.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "Strategie auswählen",
+    "internalResourceAuthDaemonStrategyLabel": "Standort",
+    "internalResourceAuthDaemonSite": "Vor Ort",
+    "internalResourceAuthDaemonSiteDescription": "Der Auth Daemon läuft auf der Seite (Newt).",
+    "internalResourceAuthDaemonRemote": "Entfernter Host",
+    "internalResourceAuthDaemonRemoteDescription": "Der Auth Daemon läuft auf einem Host, der nicht die Site ist.",
+    "internalResourceAuthDaemonPort": "Daemon-Port (optional)",
    "orgAuthWhatsThis": "Wo finde ich meine Organisations-ID?",
    "learnMore": "Mehr erfahren",
    "backToHome": "Zurück zur Startseite",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "Wir sind bald wieder da! Unsere Seite wird derzeit planmäßig gewartet.",
    "maintenancePageMessageDescription": "Detaillierte Meldung zur Erklärung der Wartung",
    "maintenancePageTimeTitle": "Geschätzte Abschlusszeit (Optional)",
+    "privateMaintenanceScreenTitle": "Privater Platzhalterschirm",
+    "privateMaintenanceScreenMessage": "Diese Domain wird auf einer privaten Ressource verwendet. Bitte verbinden Sie sich mit dem Pangolin-Client, um auf diese Ressource zuzugreifen.",
+    "privateMaintenanceScreenSteps": "Sobald verbunden, wenn Sie diese Nachricht weiterhin sehen, zeigt der DNS-Cache Ihres Browsers möglicherweise noch auf die alte Adresse. Um dies zu beheben: Schließen Sie diesen Tab vollständig und öffnen Sie ihn erneut oder starten Sie Ihren Browser neu und rufen Sie dann diese Seite erneut auf.",
    "maintenanceTime": "z.B.: 2 Stunden, Nov 1 um 17:00 Uhr",
    "maintenanceEstimatedTimeDescription": "Wann Sie den Abschluss der Wartung erwarten",
    "editDomain": "Domain bearbeiten",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "Gerätegenehmigungen aktivieren",
    "approvalsEmptyStateStep2Description": "Bearbeite eine Rolle und aktiviere die Option 'Gerätegenehmigung erforderlich'. Benutzer mit dieser Rolle benötigen Administrator-Genehmigung für neue Geräte.",
    "approvalsEmptyStatePreviewDescription": "Vorschau: Wenn aktiviert, werden ausstehende Geräteanfragen hier zur Überprüfung angezeigt",
-    "approvalsEmptyStateButtonText": "Rollen verwalten"
+    "approvalsEmptyStateButtonText": "Rollen verwalten",
+    "domainErrorTitle": "Wir haben Probleme mit der Überprüfung deiner Domain",
+    "idpAdminAutoProvisionPoliciesTabHint": "Konfigurieren Sie Rollenzuordnungs- und Organisationsrichtlinien auf der Registerkarte <policiesTabLink>Auto-Bereitstellungseinstellungen</policiesTabLink>.",
+    "streamingTitle": "Event Streaming",
+    "streamingDescription": "Streamen Sie Events aus Ihrem Unternehmen in Echtzeit zu externen Zielen.",
+    "streamingUnnamedDestination": "Unbenanntes Ziel",
+    "streamingNoUrlConfigured": "Keine URL konfiguriert",
+    "streamingAddDestination": "Ziel hinzufügen",
+    "streamingHttpWebhookTitle": "HTTP Webhook",
+    "streamingHttpWebhookDescription": "Sende Ereignisse an jeden HTTP-Endpunkt mit flexibler Authentifizierung und Vorlage.",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "Streame Ereignisse in eine S3-kompatible Objekt-Speicher-Eimer. Kommt bald.",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "Events direkt an Ihr Datadog Konto weiterleiten. Kommen Sie bald.",
+    "streamingTypePickerDescription": "Wählen Sie einen Zieltyp aus, um loszulegen.",
+    "streamingFailedToLoad": "Fehler beim Laden der Ziele",
+    "streamingUnexpectedError": "Ein unerwarteter Fehler ist aufgetreten.",
+    "streamingFailedToUpdate": "Fehler beim Aktualisieren des Ziels",
+    "streamingDeletedSuccess": "Ziel erfolgreich gelöscht",
+    "streamingFailedToDelete": "Fehler beim Löschen des Ziels",
+    "streamingDeleteTitle": "Ziel löschen",
+    "streamingDeleteButtonText": "Ziel löschen",
+    "streamingDeleteDialogAreYouSure": "Sind Sie sicher, dass Sie löschen möchten",
+    "streamingDeleteDialogThisDestination": "dieses Ziel",
+    "streamingDeleteDialogPermanentlyRemoved": "? Alle Konfiguration wird dauerhaft entfernt.",
+    "httpDestEditTitle": "Ziel bearbeiten",
+    "httpDestAddTitle": "HTTP-Ziel hinzufügen",
+    "httpDestEditDescription": "Aktualisiere die Konfiguration für dieses HTTP-Streaming-Ziel.",
+    "httpDestAddDescription": "Konfigurieren Sie einen neuen HTTP-Endpunkt, um die Ereignisse Ihrer Organisation zu empfangen.",
+    "S3DestEditTitle": "Ziel bearbeiten",
+    "S3DestAddTitle": "S3-Ziel hinzufügen",
+    "S3DestEditDescription": "Konfiguration für dieses S3-Ereignis-Streamingziel aktualisieren.",
+    "S3DestAddDescription": "Neuen S3-Endpunkt konfigurieren, um die Ereignisse Ihrer Organisation zu erhalten.",
+    "datadogDestEditTitle": "Ziel bearbeiten",
+    "datadogDestAddTitle": "Datadog-Ziel hinzufügen",
+    "datadogDestEditDescription": "Konfiguration für dieses Datadog-Ereignis-Streamingziel aktualisieren.",
+    "datadogDestAddDescription": "Neuen Datadog-Endpunkt konfigurieren, um die Ereignisse Ihrer Organisation zu erhalten.",
+    "httpDestTabSettings": "Einstellungen",
+    "httpDestTabHeaders": "Kopfzeilen",
+    "httpDestTabBody": "Körper",
+    "httpDestTabLogs": "Logs",
+    "httpDestNamePlaceholder": "Mein HTTP-Ziel",
+    "httpDestUrlLabel": "Ziel-URL",
+    "httpDestUrlErrorHttpRequired": "URL muss http oder https verwenden",
+    "httpDestUrlErrorHttpsRequired": "HTTPS wird für Cloud-Deployment benötigt",
+    "httpDestUrlErrorInvalid": "Geben Sie eine gültige URL ein (z.B. https://example.com/webhook)",
+    "httpDestAuthTitle": "Authentifizierung",
+    "httpDestAuthDescription": "Legen Sie fest, wie Anfragen an Ihren Endpunkt authentifiziert werden.",
+    "httpDestAuthNoneTitle": "Keine Authentifizierung",
+    "httpDestAuthNoneDescription": "Sendet Anfragen ohne Autorisierungs-Header.",
+    "httpDestAuthBearerTitle": "Bären-Token",
+    "httpDestAuthBearerDescription": "Fügt jedem Anfrage-Header eine \"Authorization: Bearer '<token>'\" hinzu.",
+    "httpDestAuthBearerPlaceholder": "Ihr API-Schlüssel oder Token",
+    "httpDestAuthBasicTitle": "Einfacher Auth",
+    "httpDestAuthBasicDescription": "Fügt einen \"Authorization: Basic '<credentials>'\"-Header hinzu. Geben Sie die Anmeldedaten als Benutzername:Passwort an.",
+    "httpDestAuthBasicPlaceholder": "benutzername:password",
+    "httpDestAuthCustomTitle": "Eigene Kopfzeile",
+    "httpDestAuthCustomDescription": "Geben Sie einen eigenen HTTP-Header-Namen und einen Wert für die Authentifizierung an (z.B. X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "Headername (z.B. X-API-Key)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "Header-Wert",
+    "httpDestCustomHeadersTitle": "Eigene HTTP-Header",
+    "httpDestCustomHeadersDescription": "Fügen Sie jeder ausgehenden Anfrage benutzerdefinierte Kopfzeilen hinzu. Nützlich für statische Tokens oder einen benutzerdefinierten Content-Typ. Standardmäßig wird Content-Type: application/json gesendet.",
+    "httpDestNoHeadersConfigured": "Keine benutzerdefinierten Header konfiguriert. Klicken Sie auf \"Header hinzufügen\", um einen hinzuzufügen.",
+    "httpDestHeaderNamePlaceholder": "Header-Name",
+    "httpDestHeaderValuePlaceholder": "Wert",
+    "httpDestAddHeader": "Header hinzufügen",
+    "httpDestBodyTemplateTitle": "Eigene Body-Vorlage",
+    "httpDestBodyTemplateDescription": "Steuere die JSON-Payload-Struktur, die an deinen Endpunkt gesendet wurde. Wenn deaktiviert, wird für jede Veranstaltung ein Standard-JSON-Objekt gesendet.",
+    "httpDestEnableBodyTemplate": "Eigene Körpervorlage aktivieren",
+    "httpDestBodyTemplateLabel": "Body-Vorlage (JSON)",
+    "httpDestBodyTemplateHint": "Verwenden Sie Template-Variablen, um Ereignisfelder in Ihrer Payload zu referenzieren.",
+    "httpDestPayloadFormatTitle": "Payload-Format",
+    "httpDestPayloadFormatDescription": "Wie Ereignisse in jedes Anfragegremium serialisiert werden.",
+    "httpDestFormatJsonArrayTitle": "JSON Array",
+    "httpDestFormatJsonArrayDescription": "Eine Anfrage pro Stapel ist ein JSON-Array. Kompatibel mit den meisten generischen Webhooks und Datadog.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "Eine Anfrage pro Batch, der Körper ist newline-getrenntes JSON - ein Objekt pro Zeile, kein äußeres Array. Benötigt von Splunk HEC, Elastic / OpenSearch, und Grafana Loki.",
+    "httpDestFormatSingleTitle": "Ein Ereignis pro Anfrage",
+    "httpDestFormatSingleDescription": "Sendet eine separate HTTP-POST für jedes einzelne Ereignis. Nur für Endpunkte, die Batches nicht handhaben können.",
+    "httpDestLogTypesTitle": "Log-Typen",
+    "httpDestLogTypesDescription": "Wählen Sie, welche Log-Typen an dieses Ziel weitergeleitet werden. Nur aktivierte Log-Typen werden gestreamt.",
+    "httpDestAccessLogsTitle": "Zugriffsprotokolle",
+    "httpDestAccessLogsDescription": "Ressourcenzugriffe, einschließlich authentifizierter und abgelehnter Anfragen.",
+    "httpDestActionLogsTitle": "Aktionsprotokolle",
+    "httpDestActionLogsDescription": "Administrative Maßnahmen, die von Benutzern innerhalb der Organisation durchgeführt werden.",
+    "httpDestConnectionLogsTitle": "Verbindungsprotokolle",
+    "httpDestConnectionLogsDescription": "Site- und Tunnelverbindungen, einschließlich Verbindungen und Trennungen.",
+    "httpDestRequestLogsTitle": "HTTP Anforderungsprotokolle",
+    "httpDestRequestLogsDescription": "HTTP-Request-Protokolle für proxiierte Ressourcen, einschließlich Methode, Pfad und Antwort-Code.",
+    "httpDestSaveChanges": "Änderungen speichern",
+    "httpDestCreateDestination": "Ziel erstellen",
+    "httpDestUpdatedSuccess": "Ziel erfolgreich aktualisiert",
+    "httpDestCreatedSuccess": "Ziel erfolgreich erstellt",
+    "httpDestUpdateFailed": "Fehler beim Aktualisieren des Ziels",
+    "httpDestCreateFailed": "Fehler beim Erstellen des Ziels",
+    "followRedirects": "Weiterleitungen folgen",
+    "followRedirectsDescription": "HTTP-Weiterleitungen für Anfragen automatisch folgen.",
+    "alertingErrorWebhookUrl": "Bitte geben Sie eine gültige URL für das Webhook ein.",
+    "healthCheckStrategyHttp": "Prüft die Konnektivität und den HTTP-Antwort-Status.",
+    "healthCheckStrategyTcp": "Verifiziert nur die TCP-Konnektivität, ohne die Antwort zu überprüfen.",
+    "healthCheckStrategySnmp": "Stellt eine SNMP-Get-Anfrage, um die Gesundheit von Netzwerkgeräten und Infrastruktur zu überprüfen.",
+    "healthCheckStrategyIcmp": "Verwendet ICMP-Echo-Anfragen (Pings), um zu überprüfen, ob eine Ressource erreichbar und reaktionsfähig ist.",
+    "healthCheckTabStrategy": "Strategie",
+    "healthCheckTabConnection": "Verbindung",
+    "healthCheckTabAdvanced": "Fortgeschritten",
+    "healthCheckStrategyNotAvailable": "Diese Strategie ist nicht verfügbar. Bitte kontaktieren Sie den Vertrieb, um diese Funktion zu aktivieren.",
+    "uptime30d": "Betriebszeit (30 Tage)",
+    "idpAddActionCreateNew": "Neuen Identitätsanbieter erstellen",
+    "idpAddActionImportFromOrg": "Von einer anderen Organisation importieren",
+    "idpImportDialogTitle": "Identitätsanbieter importieren",
+    "idpImportDialogDescription": "Wählen Sie einen Identitätsanbieter aus einer Organisation, in der Sie Administrator sind. Er wird mit dieser Organisation verknüpft.",
+    "idpImportSearchPlaceholder": "Nach Organisation oder Anbieternamen suchen...",
+    "idpImportEmpty": "Keine Identitätsanbieter gefunden.",
+    "idpImportedDescription": "Identitätsanbieter erfolgreich importiert.",
+    "idpDeleteGlobalQuestion": "Sind Sie sicher, dass Sie diesen Identitätsanbieter dauerhaft löschen möchten?",
+    "idpDeleteGlobalDescription": "Dies wird den Identitätsanbieter dauerhaft von allen Organisationen löschen, mit denen er verbunden ist.",
+    "idpUnassociateTitle": "Verknüpfung mit Identitätsanbieter aufheben",
+    "idpUnassociateQuestion": "Sind Sie sicher, dass Sie die Verknüpfung dieses Identitätsanbieters mit dieser Organisation aufheben möchten?",
+    "idpUnassociateDescription": "Alle Benutzer, die mit diesem Identitätsanbieter verbunden sind, werden aus dieser Organisation entfernt, aber der Identitätsanbieter bleibt für andere verbundene Organisationen weiterhin bestehen.",
+    "idpUnassociateConfirm": "Verknüpfung des Identitätsanbieters aufheben bestätigen",
+    "idpUnassociateWarning": "Dies kann für diese Organisation nicht rückgängig gemacht werden.",
+    "idpUnassociatedDescription": "Identitätsanbieter erfolgreich von dieser Organisation gelöst",
+    "idpUnassociateMenu": "Verknüpfung aufheben",
+    "idpDeleteAllOrgsMenu": "Löschen",
+    "publicIpEndpoint": "Endpunkt",
+    "lastTriggeredAt": "Letzter Auslöser",
+    "reject": "Zurückweisen",
+    "uptimeDaysAgo": "vor {count} Tagen",
+    "uptimeToday": "Heute",
+    "uptimeNoDataAvailable": "Keine Daten verfügbar",
+    "uptimeSuffix": "Betriebzeit",
+    "uptimeDowntimeSuffix": "Ausfallzeit",
+    "uptimeTooltipUptimeLabel": "Betriebszeit",
+    "uptimeTooltipDowntimeLabel": "Ausfallzeit",
+    "uptimeOngoing": "im Gange",
+    "uptimeNoMonitoringData": "Keine Überwachungsdaten",
+    "uptimeNoData": "Keine Daten",
+    "uptimeMiniBarDown": "Unten",
+    "uptimeSectionTitle": "Betriebszeit",
+    "uptimeSectionDescription": "Verfügbarkeit in den letzten {days} Tagen",
+    "uptimeAddAlert": "Warnmeldung hinzufügen",
+    "uptimeViewAlerts": "Warnungen anzeigen",
+    "uptimeCreateEmailAlert": "E-Mail Alarm erstellen",
+    "uptimeAlertDescriptionSite": "Werde per E-Mail benachrichtigt, wenn diese Seite offline oder wieder online ist.",
+    "uptimeAlertDescriptionResource": "Werde per E-Mail benachrichtigt, wenn diese Ressource offline oder wieder online ist.",
+    "uptimeAlertNamePlaceholder": "Alarmname",
+    "uptimeAdditionalEmails": "Zusätzliche E-Mails",
+    "uptimeCreateAlert": "Alarm erstellen",
+    "uptimeAlertNoRecipients": "Kein Empfänger",
+    "uptimeAlertNoRecipientsDescription": "Bitte fügen Sie mindestens einen Benutzer, eine Rolle oder eine E-Mail zur Benachrichtigung hinzu.",
+    "uptimeAlertCreated": "Alarm erstellt",
+    "uptimeAlertCreatedDescription": "Sie werden benachrichtigt, wenn dieser Status sich ändert",
+    "uptimeAlertCreateFailed": "Fehler beim Erstellen der Benachrichtigung",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "Schlüssel",
+    "webhookHeaderValuePlaceholder": "Wert",
+    "alertLabel": "Alarm",
+    "domainPickerWildcardSubdomainNotAllowed": "Wildcard-Subdomains sind nicht erlaubt.",
+    "domainPickerWildcardCertWarning": "Wildcard-Ressourcen erfordern möglicherweise zusätzliche Konfigurationen, um ordnungsgemäß zu funktionieren.",
+    "domainPickerWildcardCertWarningLink": "Mehr erfahren",
+    "health": "Gesundheit",
+    "domainPendingErrorTitle": "Verifizierungsproblem",
+    "memberPortalTitle": "Ressourcen",
+    "memberPortalDescription": "Ressourcen, auf die Sie in dieser Organisation Zugriff haben",
+    "memberPortalSortBy": "Sortieren nach...",
+    "memberPortalSortNameAsc": "Name A-Z",
+    "memberPortalSortNameDesc": "Name Z-A",
+    "memberPortalSortDomainAsc": "Domain A-Z",
+    "memberPortalSortDomainDesc": "Domain Z-A",
+    "memberPortalSortEnabledFirst": "Zuerst aktiviert",
+    "memberPortalSortDisabledFirst": "Zuerst deaktiviert",
+    "memberPortalRefresh": "Aktualisieren",
+    "memberPortalRefreshResources": "Ressourcen aktualisieren",
+    "memberPortalFailedToLoad": "Fehler beim Laden der Ressourcen",
+    "memberPortalFailedToLoadDescription": "Fehler beim Laden der Ressourcen. Bitte überprüfen Sie Ihre Verbindung und versuchen Sie es erneut.",
+    "memberPortalUnableToLoad": "Ressourcen konnten nicht geladen werden",
+    "memberPortalTryAgain": "Nochmal versuchen",
+    "memberPortalNoResourcesFound": "Keine Ressourcen gefunden",
+    "memberPortalNoResourcesAvailable": "Keine Ressourcen verfügbar",
+    "memberPortalNoResourcesMatchSearch": "Keine Ressourcen passen zu \"{query}\". Versuchen Sie, Ihre Suchbegriffe anzupassen oder die Suche zu löschen, um alle Ressourcen anzuzeigen.",
+    "memberPortalNoResourcesAccess": "Sie haben noch keinen Zugriff auf Ressourcen. Wenden Sie sich an Ihren Administrator, um Zugriff auf die benötigten Ressourcen zu erhalten.",
+    "memberPortalClearSearch": "Suchverlauf löschen",
+    "memberPortalPublicResources": "Öffentliche Ressourcen",
+    "memberPortalPublicResourcesDescription": "Webanwendungen und Dienste, die über den Browser zugänglich sind",
+    "memberPortalCopiedToClipboard": "In die Zwischenablage kopiert",
+    "memberPortalCopiedUrlDescription": "Ressourcen-URL wurde in Ihre Zwischenablage kopiert.",
+    "memberPortalOpenResource": "Ressource öffnen",
+    "memberPortalPrivateResources": "Private Ressourcen",
+    "memberPortalPrivateResourcesDescription": "Interne Netzwerkressourcen, die über den Client zugänglich sind",
+    "memberPortalResourceDetails": "Ressourcendetails",
+    "memberPortalMode": "Modus",
+    "memberPortalDestination": "Ziel",
+    "memberPortalAlias": "Alias",
+    "memberPortalCopiedAliasDescription": "Ressourcenalias wurde in Ihre Zwischenablage kopiert.",
+    "memberPortalCopiedDestinationDescription": "Ressourcenziel wurde in Ihre Zwischenablage kopiert.",
+    "memberPortalRequiresClientConnection": "Erfordert Client-Verbindung",
+    "memberPortalAuthMethods": "Authentifizierungsmethoden",
+    "memberPortalSso": "Single Sign-On (SSO)",
+    "memberPortalPasswordProtected": "Passwortgeschützt",
+    "memberPortalPinCode": "PIN-Code",
+    "memberPortalEmailWhitelist": "E-Mail-Whitelist",
+    "memberPortalResourceDisabled": "Ressource deaktiviert",
+    "memberPortalShowingResources": "Zeige {start}-{end} von {total} Ressourcen",
+    "memberPortalPrevious": "Vorherige",
+    "memberPortalNext": "Nächste"
 }
--- a/messages/en-US.json
+++ b/messages/en-US.json
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "Contacta ventas para habilitar esta función.",
+    "contactSalesBookDemo": "Reservar una demostración",
+    "contactSalesOr": "o",
+    "contactSalesContactUs": "contáctenos",
    "setupCreate": "Crear la organización, el sitio y los recursos",
    "headerAuthCompatibilityInfo": "Habilite esto para forzar una respuesta 401 no autorizada cuando falte un token de autenticación. Esto es necesario para navegadores o bibliotecas HTTP específicas que no envían credenciales sin un desafío del servidor.",
    "headerAuthCompatibility": "Compatibilidad extendida",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "Se han detectado claves de licencia inválidas o caducadas. Siga los términos de licencia para seguir usando todas las características.",
    "dismiss": "Descartar",
    "subscriptionViolationMessage": "Estás más allá de tus límites para tu plan actual. Corrija el problema eliminando sitios, usuarios u otros recursos para permanecer dentro de tu plan.",
+    "trialBannerMessage": "Su prueba expira en {countdown}. Actualice para mantener el acceso.",
+    "trialBannerExpired": "Su prueba ha expirado. Actualice ahora para restaurar el acceso.",
+    "billingTrialBannerTitle": "Prueba gratuita activada",
+    "billingTrialBannerDescription": "Actualmente estás en una prueba gratuita en el nivel empresarial. Cuando finalice la prueba, tu cuenta volverá automáticamente a las características y límites del nivel Básico. Mejora en cualquier momento para mantener el acceso a las características de tu plan actual.",
+    "billingTrialBannerUpgrade": "Actualizar ahora",
+    "billingTrialBadge": "Prueba Gratuita",
+    "trialActive": "Prueba gratuita activa",
+    "trialExpired": "Prueba expirada",
+    "trialHasEnded": "Su prueba ha terminado.",
+    "trialDaysRemaining": "{count, plural, one {# día restante} other {# días restantes}}",
+    "trialDaysLeftShort": "Quedan {days}d en la prueba",
+    "trialGoToBilling": "Ir a la página de facturación",
    "subscriptionViolationViewBilling": "Ver facturación",
    "componentsLicenseViolation": "Violación de la Licencia: Este servidor está usando sitios {usedSites} que exceden su límite de licencias de sitios {maxSites} . Siga los términos de licencia para seguir usando todas las características.",
    "componentsSupporterMessage": "¡Gracias por apoyar a Pangolin como {tier}!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "He copiado la configuración",
    "searchSitesProgress": "Buscar sitios...",
    "siteAdd": "Añadir sitio",
+    "sitesTableViewPublicResources": "Ver Recursos Públicos",
+    "sitesTableViewPrivateResources": "Ver Recursos Privados",
    "siteInstallNewt": "Instalar Newt",
    "siteInstallNewtDescription": "Recibe Newt corriendo en tu sistema",
    "WgConfiguration": "Configuración de Wirex Guard",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "El sitio ha sido actualizado.",
    "siteGeneralDescription": "Configurar la configuración general de este sitio",
    "siteSettingDescription": "Configurar los ajustes en el sitio",
+    "siteResourcesTab": "Recursos",
+    "siteResourcesNoneOnSite": "Este sitio aún no tiene recursos públicos o privados.",
+    "siteResourcesSectionPublic": "Recursos Públicos",
+    "siteResourcesSectionPrivate": "Recursos Privados",
+    "siteResourcesSectionPublicDescription": "Recursos expuestos externamente a través de dominios o puertos.",
+    "siteResourcesSectionPrivateDescription": "Recursos disponibles en tu red privada a través del sitio.",
+    "siteResourcesViewAllPublic": "Ver todos los recursos",
+    "siteResourcesViewAllPrivate": "Ver todos los recursos",
+    "siteResourcesDialogDescription": "Descripción general de los recursos públicos y privados asociados con este sitio.",
+    "siteResourcesShowMore": "Mostrar más",
+    "siteResourcesPermissionDenied": "No tienes permiso para listar estos recursos.",
+    "siteResourcesEmptyPublic": "Aún no hay recursos públicos apuntando a este sitio.",
+    "siteResourcesEmptyPrivate": "Aún no hay recursos privados asociados con este sitio.",
+    "siteResourcesHowToAccess": "Cómo acceder",
+    "siteResourcesTargetsOnSite": "Objetivos en este sitio",
    "siteSetting": "Ajustes {siteName}",
    "siteNewtTunnel": "Sitio nuevo (recomendado)",
    "siteNewtTunnelDescription": "La forma más fácil de crear un punto de entrada en cualquier red. Sin configuración extra.",
@@ -148,6 +181,11 @@
    "createLink": "Crear enlace",
    "resourcesNotFound": "No se encontraron recursos",
    "resourceSearch": "Buscar recursos",
+    "machineSearch": "Buscar máquinas",
+    "machinesSearch": "Buscar clientes...",
+    "machineNotFound": "No hay máquinas",
+    "userDeviceSearch": "Buscar dispositivos de usuario",
+    "userDevicesSearch": "Buscar dispositivos de usuario...",
    "openMenu": "Abrir menú",
    "resource": "Recurso",
    "title": "Título",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "Proxy proporciona solicitudes sobre HTTPS usando un nombre de dominio completamente calificado.",
    "resourceRaw": "Recurso TCP/UDP sin procesar",
    "resourceRawDescription": "Proxy proporciona solicitudes sobre TCP/UDP usando un número de puerto.",
+    "resourceRawDescriptionCloud": "Las peticiones de proxy sobre TCP/UDP crudas usando un número de puerto. Requiere que los sitios se conecten a un nodo remoto.",
    "resourceCreate": "Crear Recurso",
    "resourceCreateDescription": "Siga los siguientes pasos para crear un nuevo recurso",
    "resourceSeeAll": "Ver todos los recursos",
@@ -261,8 +300,11 @@
    "orgMissing": "Falta el ID de la organización",
    "orgMissingMessage": "No se puede regenerar la invitación sin el ID de la organización.",
    "accessUsersManage": "Administrar usuarios",
+    "accessUserManage": "Administrar usuario",
    "accessUsersDescription": "Invitar y administrar usuarios con acceso a esta organización",
    "accessUsersSearch": "Buscar usuarios...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# rol} other {# roles}}",
+    "accessUsersRoleFilterClear": "Borrar filtros de rol",
    "accessUserCreate": "Crear usuario",
    "accessUserRemove": "Eliminar usuario",
    "username": "Usuario",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "Borrar Clave API",
    "apiKeysManage": "Administrar claves API",
    "apiKeysDescription": "Las claves API se utilizan para autenticar con la API de integración",
+    "provisioningKeysTitle": "Clave de aprovisionamiento",
+    "provisioningKeysManage": "Administrar Claves de Aprovisionamiento",
+    "provisioningKeysDescription": "Las claves de aprovisionamiento se utilizan para autenticar la provisión automatizada del sitio para su organización.",
+    "provisioningManage": "Aprovisionamiento",
+    "provisioningDescription": "Administrar las claves de aprovisionamiento y revisar los sitios pendientes de aprobación.",
+    "pendingSites": "Sitios pendientes",
+    "siteApproveSuccess": "Sitio aprobado con éxito",
+    "siteApproveError": "Error al aprobar el sitio",
+    "provisioningKeys": "Claves de aprovisionamiento",
+    "searchProvisioningKeys": "Buscar claves de suministro...",
+    "provisioningKeysAdd": "Generar clave de aprovisionamiento",
+    "provisioningKeysErrorDelete": "Error al eliminar la clave de aprovisionamiento",
+    "provisioningKeysErrorDeleteMessage": "Error al eliminar la clave de aprovisionamiento",
+    "provisioningKeysQuestionRemove": "¿Está seguro que desea eliminar esta clave de aprovisionamiento de la organización?",
+    "provisioningKeysMessageRemove": "Una vez eliminada, la clave ya no se puede utilizar para la disposición del sitio.",
+    "provisioningKeysDeleteConfirm": "Confirmar Eliminar Clave de Aprovisionamiento",
+    "provisioningKeysDelete": "Eliminar clave de aprovisionamiento",
+    "provisioningKeysCreate": "Generar clave de aprovisionamiento",
+    "provisioningKeysCreateDescription": "Generar una nueva clave de aprovisionamiento para la organización",
+    "provisioningKeysSeeAll": "Ver todas las claves de aprovisionamiento",
+    "provisioningKeysSave": "Guardar la clave de aprovisionamiento",
+    "provisioningKeysSaveDescription": "Sólo podrás verlo una vez. Copítalo a un lugar seguro.",
+    "provisioningKeysErrorCreate": "Error al crear la clave de provisioning",
+    "provisioningKeysList": "Nueva clave de aprovisionamiento",
+    "provisioningKeysMaxBatchSize": "Tamaño máximo de lote",
+    "provisioningKeysUnlimitedBatchSize": "Tamaño ilimitado del lote (sin límite)",
+    "provisioningKeysMaxBatchUnlimited": "Ilimitado",
+    "provisioningKeysMaxBatchSizeInvalid": "Introduzca un tamaño máximo de lote válido (1–1,000,000).",
+    "provisioningKeysValidUntil": "Válido hasta",
+    "provisioningKeysValidUntilHint": "Dejar vacío para no expirar.",
+    "provisioningKeysValidUntilInvalid": "Introduzca una fecha y hora válidas.",
+    "provisioningKeysNumUsed": "Tiempos usados",
+    "provisioningKeysLastUsed": "Último uso",
+    "provisioningKeysNoExpiry": "No expiración",
+    "provisioningKeysNeverUsed": "Nunca",
+    "provisioningKeysEdit": "Editar clave de aprovisionamiento",
+    "provisioningKeysEditDescription": "Actualizar el tamaño máximo de lote y el tiempo de caducidad para esta clave.",
+    "provisioningKeysApproveNewSites": "Aprobar nuevos sitios",
+    "provisioningKeysApproveNewSitesDescription": "Aprobar automáticamente los sitios que se registran con esta clave.",
+    "provisioningKeysUpdateError": "Error al actualizar la clave de aprovisionamiento",
+    "provisioningKeysUpdated": "Clave de aprovisionamiento actualizada",
+    "provisioningKeysUpdatedDescription": "Sus cambios han sido guardados.",
+    "provisioningKeysBannerTitle": "Claves de aprovisionamiento del sitio",
+    "provisioningKeysBannerDescription": "Genere una clave de aprovisionamiento y utilícela con el conector Newt para crear automáticamente sitios en el primer inicio: no es necesario configurar credenciales separadas para cada sitio.",
+    "provisioningKeysBannerButtonText": "Saber más",
+    "pendingSitesBannerTitle": "Sitios pendientes",
+    "pendingSitesBannerDescription": "Los sitios que se conectan utilizando una clave de aprovisionamiento aparecerán aquí para su revisión.",
+    "pendingSitesBannerButtonText": "Saber más",
    "apiKeysSettings": "Ajustes {apiKeyName}",
    "userTitle": "Administrar todos los usuarios",
    "userDescription": "Ver y administrar todos los usuarios en el sistema",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "Error al activar la clave de licencia",
    "licenseErrorKeyActivateDescription": "Se ha producido un error al activar la clave de licencia.",
    "licenseAbout": "Acerca de la licencia",
+    "licenseBannerTitle": "Habilitar su Licencia Enterprise",
+    "licenseBannerDescription": "Desbloquea funciones empresariales para tu instancia autohospedada de Pangolin. Compra una clave de licencia para activar capacidades premium, luego agréguela a continuación.",
+    "licenseBannerGetLicense": "Obtener una Licencia",
+    "licenseBannerViewDocs": "Ver Documentación",
    "communityEdition": "Edición comunitaria",
    "licenseAboutDescription": "Esto es para usuarios empresariales y empresariales que utilizan Pangolin en un entorno comercial. Si estás usando Pangolin para uso personal, puedes ignorar esta sección.",
    "licenseKeyActivated": "Clave de licencia activada",
@@ -508,9 +602,12 @@
    "userSaved": "Usuario guardado",
    "userSavedDescription": "El usuario ha sido actualizado.",
    "autoProvisioned": "Auto asegurado",
+    "autoProvisionSettings": "Configuración de Auto Provision",
    "autoProvisionedDescription": "Permitir a este usuario ser administrado automáticamente por el proveedor de identidad",
    "accessControlsDescription": "Administrar lo que este usuario puede acceder y hacer en la organización",
    "accessControlsSubmit": "Guardar controles de acceso",
+    "singleRolePerUserPlanNotice": "Tu plan sólo soporta un rol por usuario.",
+    "singleRolePerUserEditionNotice": "Esta edición sólo soporta un rol por usuario.",
    "roles": "Roles",
    "accessUsersRoles": "Administrar usuarios y roles",
    "accessUsersRolesDescription": "Invitar usuarios y añadirlos a roles para administrar el acceso a la organización",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "Por favor, introduzca un número de puerto válido",
    "targetErrorNoSite": "Ningún sitio seleccionado",
    "targetErrorNoSiteDescription": "Por favor, seleccione un sitio para el objetivo",
+    "targetTargetsCleared": "Objetivos eliminados",
+    "targetTargetsClearedDescription": "Todos los objetivos han sido eliminados de este recurso",
    "targetCreated": "Objetivo creado",
    "targetCreatedDescription": "El objetivo se ha creado correctamente",
    "targetErrorCreate": "Error al crear el objetivo",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "Error al cambiar el recurso",
    "resourcesErrorUpdateDescription": "Se ha producido un error al actualizar el recurso",
    "access": "Acceder",
+    "accessControl": "Control de acceso",
    "shareLink": "{resource} Compartir Enlace",
    "resourceSelect": "Seleccionar recurso",
    "shareLinks": "Compartir enlaces",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Secreto",
+    "newtVersion": "Versión",
    "architecture": "Arquitectura",
    "sites": "Sitios",
    "siteWgAnyClients": "Usa cualquier cliente de Wirex para conectarte. Tendrás que dirigirte a los recursos internos usando la IP de compañeros.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "Rol eliminado",
    "accessRoleRemovedDescription": "El rol se ha eliminado correctamente.",
    "accessRoleRequiredRemove": "Antes de eliminar este rol, seleccione un nuevo rol al que transferir miembros existentes.",
+    "network": "Red",
    "manage": "Gestionar",
    "sitesNotFound": "Sitios no encontrados.",
    "pangolinServerAdmin": "Admin Servidor - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "Un nombre mostrado para este proveedor de identidad",
    "idpAutoProvisionUsers": "Auto-Provisión de Usuarios",
    "idpAutoProvisionUsersDescription": "Cuando está habilitado, los usuarios serán creados automáticamente en el sistema al iniciar sesión con la capacidad de asignar a los usuarios a roles y organizaciones.",
+    "idpAutoProvisionConfigureAfterCreate": "Puede configurar las configuraciones de provisión automática una vez que se haya creado el proveedor de identidad.",
    "licenseBadge": "EE",
    "idpType": "Tipo de proveedor",
    "idpTypeDescription": "Seleccione el tipo de proveedor de identidad que desea configurar",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "Mapeo de Rol por defecto",
    "defaultMappingsRoleDescription": "El resultado de esta expresión debe devolver el nombre del rol tal y como se define en la organización como una cadena.",
    "defaultMappingsOrg": "Mapeo de organización por defecto",
-    "defaultMappingsOrgDescription": "Esta expresión debe devolver el ID de org o verdadero para que el usuario pueda acceder a la organización.",
+    "defaultMappingsOrgDescription": "Cuando se establece, esta expresión debe devolver el ID de la organización o verdadero para que el usuario acceda a esa organización. Cuando no se establece, definir un mapeo de roles es suficiente: se permite la entrada del usuario siempre que se pueda resolver un mapeo de roles válido para él dentro de la organización.",
    "defaultMappingsSubmit": "Guardar asignaciones por defecto",
    "orgPoliciesEdit": "Editar Política de Organización",
    "org": "Organización",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "¡Vaya! La página que estás buscando no existe.",
    "overview": "Resumen",
    "home": "Inicio",
-    "accessControl": "Control de acceso",
    "settings": "Ajustes",
    "usersAll": "Todos los usuarios",
    "license": "Licencia",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "Obtener usuario",
    "actionGetOrgUser": "Obtener usuario de la organización",
    "actionListOrgDomains": "Listar dominios de la organización",
+    "actionGetDomain": "Obtener dominio",
+    "actionCreateOrgDomain": "Crear dominio",
+    "actionUpdateOrgDomain": "Actualizar dominio",
+    "actionDeleteOrgDomain": "Eliminar dominio",
+    "actionGetDNSRecords": "Obtener registros DNS",
+    "actionRestartOrgDomain": "Reiniciar dominio",
    "actionCreateSite": "Crear sitio",
    "actionDeleteSite": "Eliminar sitio",
    "actionGetSite": "Obtener sitio",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.",
    "setupTokenRequired": "Se requiere el token de configuración",
    "actionUpdateSite": "Actualizar sitio",
+    "actionResetSiteBandwidth": "Restablecer ancho de banda de la organización",
    "actionListSiteRoles": "Lista de roles permitidos del sitio",
    "actionCreateResource": "Crear Recurso",
    "actionDeleteResource": "Eliminar Recurso",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "Eliminar usuario",
    "actionListUsers": "Listar usuarios",
    "actionAddUserRole": "Añadir rol de usuario",
+    "actionSetUserOrgRoles": "Establecer roles de usuario",
    "actionGenerateAccessToken": "Generar token de acceso",
    "actionDeleteAccessToken": "Eliminar token de acceso",
    "actionListAccessTokens": "Lista de Tokens de Acceso",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "Ver registros",
    "noneSelected": "Ninguno seleccionado",
    "orgNotFound2": "No se encontraron organizaciones.",
+    "search": "Buscar…",
    "searchPlaceholder": "Buscar...",
    "emptySearchOptions": "No se encontraron opciones",
    "create": "Crear",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "Privado",
    "sidebarAccessControl": "Control de acceso",
    "sidebarLogsAndAnalytics": "Registros y análisis",
+    "sidebarTeam": "Equipo",
    "sidebarUsers": "Usuarios",
    "sidebarAdmin": "Admin",
    "sidebarInvitations": "Invitaciones",
    "sidebarRoles": "Roles",
    "sidebarShareableLinks": "Enlaces",
    "sidebarApiKeys": "Claves API",
+    "sidebarProvisioning": "Aprovisionamiento",
    "sidebarSettings": "Ajustes",
    "sidebarAllUsers": "Todos los usuarios",
    "sidebarIdentityProviders": "Proveedores de identidad",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "Gestionar",
    "sidebarLogAndAnalytics": "Registro y análisis",
    "sidebarBluePrints": "Planos",
+    "sidebarAlerting": "Alertas",
+    "sidebarHealthChecks": "Chequeos de salud",
    "sidebarOrganization": "Organización",
+    "sidebarManagement": "Gestión",
    "sidebarBillingAndLicenses": "Facturación y licencias",
    "sidebarLogsAnalytics": "Analíticas",
+    "alertingTitle": "Alertas",
+    "alertingDescription": "Definir fuentes, disparadores y acciones para notificaciones",
+    "alertingRules": "Reglas de alerta",
+    "alertingSearchRules": "Buscar reglas…",
+    "alertingAddRule": "Crear regla",
+    "alertingColumnSource": "Fuente",
+    "alertingColumnTrigger": "Disparador",
+    "alertingColumnActions": "Acciones",
+    "alertingColumnEnabled": "Activado",
+    "alertingDeleteQuestion": "Por favor, confirme que desea eliminar esta regla de alerta.",
+    "alertingDeleteRule": "Eliminar regla de alerta",
+    "alertingRuleDeleted": "Regla de alerta eliminada",
+    "alertingRuleSaved": "Regla de alerta guardada",
+    "alertingRuleSavedCreatedDescription": "Tu nueva regla de alerta fue creada. Puedes seguir editándola en esta página.",
+    "alertingRuleSavedUpdatedDescription": "Tus cambios a esta regla de alerta fueron guardados.",
+    "alertingEditRule": "Editar regla de alerta",
+    "alertingCreateRule": "Crear regla de alerta",
+    "alertingRuleCredenzaDescription": "Elija qué observar, cuándo disparar y cómo notificar",
+    "alertingRuleNamePlaceholder": "Sitio de producción caído",
+    "alertingRuleEnabled": "Regla habilitada",
+    "alertingSectionSource": "Fuente",
+    "alertingSourceType": "Tipo de fuente",
+    "alertingSourceSite": "Sitio",
+    "alertingSourceHealthCheck": "Chequeo de salud",
+    "alertingPickSites": "Sitios",
+    "alertingPickHealthChecks": "Chequeos de salud",
+    "alertingPickResources": "Recursos",
+    "alertingAllSites": "Todos los sitios",
+    "alertingAllSitesDescription": "Las alertas se activan para cualquier sitio",
+    "alertingSpecificSites": "Sitios específicos",
+    "alertingSpecificSitesDescription": "Escoja sitios específicos para observar",
+    "alertingAllHealthChecks": "Todos los chequeos de salud",
+    "alertingAllHealthChecksDescription": "Las alertas se activan para cualquier chequeo de salud",
+    "alertingSpecificHealthChecks": "Chequeos de salud específicos",
+    "alertingSpecificHealthChecksDescription": "Elija chequeos de salud específicos para observar",
+    "alertingAllResources": "Todos los recursos",
+    "alertingAllResourcesDescription": "Las alertas se activan para cualquier recurso",
+    "alertingSpecificResources": "Recursos específicos",
+    "alertingSpecificResourcesDescription": "Elija recursos específicos para observar",
+    "alertingSelectResources": "Seleccionar recursos…",
+    "alertingResourcesSelected": "{count} recursos seleccionados",
+    "alertingResourcesEmpty": "No hay recursos con objetivos en los primeros 10 resultados.",
+    "alertingSectionTrigger": "Disparador",
+    "alertingTrigger": "Cuándo alertar",
+    "alertingTriggerSiteOnline": "Sitio en línea",
+    "alertingTriggerSiteOffline": "Sitio fuera de línea",
+    "alertingTriggerSiteToggle": "El estado del sitio cambia",
+    "alertingTriggerHcHealthy": "Chequeo de salud saludable",
+    "alertingTriggerHcUnhealthy": "Chequeo de salud no saludable",
+    "alertingTriggerHcToggle": "El estado del chequeo de salud cambia",
+    "alertingTriggerResourceHealthy": "Recurso saludable",
+    "alertingTriggerResourceUnhealthy": "Recurso no saludable",
+    "alertingTriggerResourceDegraded": "Recurso degradado",
+    "alertingSearchHealthChecks": "Buscar chequeos de salud…",
+    "alertingHealthChecksEmpty": "No hay chequeos de salud disponibles.",
+    "alertingTriggerResourceToggle": "El estado del recurso cambia",
+    "alertingSourceResource": "Recurso",
+    "alertingSectionActions": "Acciones",
+    "alertingAddAction": "Añadir acción",
+    "alertingActionNotify": "E-mail",
+    "alertingActionNotifyDescription": "Enviar notificaciones por correo electrónico a usuarios o roles",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "Enviar una solicitud HTTP a un punto final personalizado",
+    "alertingExternalIntegration": "Integración externa",
+    "alertingExternalPagerDutyDescription": "Enviar alertas a PagerDuty para gestión de incidentes",
+    "alertingExternalOpsgenieDescription": "Dirigir alertas a Opsgenie para gestión de llamadas",
+    "alertingExternalServiceNowDescription": "Crear incidentes de ServiceNow a partir de eventos de alerta",
+    "alertingExternalIncidentIoDescription": "Activar flujos de trabajo de Incident.io a partir de eventos de alerta",
+    "alertingActionType": "Tipo de acción",
+    "alertingNotifyUsers": "Usuarios",
+    "alertingNotifyRoles": "Roles",
+    "alertingNotifyEmails": "Direcciones de correo electrónico",
+    "alertingEmailPlaceholder": "Añadir email y presionar Enter",
+    "alertingWebhookMethod": "Método HTTP",
+    "alertingWebhookSecret": "Firma secreta (opcional)",
+    "alertingWebhookSecretPlaceholder": "Secreto HMAC",
+    "alertingWebhookHeaders": "Encabezados",
+    "alertingAddHeader": "Añadir encabezado",
+    "alertingSelectSites": "Seleccionar sitios…",
+    "alertingSitesSelected": "{count} sitios seleccionados",
+    "alertingSelectHealthChecks": "Seleccionar chequeos de salud…",
+    "alertingHealthChecksSelected": "{count} chequeos de salud seleccionados",
+    "alertingNoHealthChecks": "No hay objetivos con chequeos de salud habilitados",
+    "alertingHealthCheckStub": "La selección de chequeo de salud no está conectada aún - todavía puede configurar disparadores y acciones.",
+    "alertingSelectUsers": "Seleccionar usuarios…",
+    "alertingUsersSelected": "{count} usuarios seleccionados",
+    "alertingSelectRoles": "Seleccionar roles…",
+    "alertingRolesSelected": "{count} roles seleccionados",
+    "alertingSummarySites": "Sitios ({count})",
+    "alertingSummaryAllSites": "Todos los sitios",
+    "alertingSummaryHealthChecks": "Chequeos de salud ({count})",
+    "alertingSummaryAllHealthChecks": "Todos los chequeos de salud",
+    "alertingSummaryResources": "Recursos ({count})",
+    "alertingSummaryAllResources": "Todos los recursos",
+    "alertingErrorNameRequired": "Introduce un nombre",
+    "alertingErrorActionsMin": "Añada al menos una acción",
+    "alertingErrorPickSites": "Seleccione al menos un sitio",
+    "alertingErrorPickHealthChecks": "Seleccione al menos un chequeo de salud",
+    "alertingErrorPickResources": "Seleccione al menos un recurso",
+    "alertingErrorTriggerSite": "Elija un disparador de sitio",
+    "alertingErrorTriggerHealth": "Elija un disparador de chequeo de salud",
+    "alertingErrorTriggerResource": "Elija un disparador de recurso",
+    "alertingErrorNotifyRecipients": "Elija usuarios, roles o al menos un correo electrónico",
+    "alertingConfigureSource": "Configurar fuente",
+    "alertingConfigureTrigger": "Configurar disparador",
+    "alertingConfigureActions": "Configurar acciones",
+    "alertingBackToRules": "Volver a las reglas",
+    "alertingRuleCooldown": "Tiempo de espera (segundos)",
+    "alertingRuleCooldownDescription": "Tiempo mínimo entre alertas repetidas para la misma regla. Establezca en 0 para disparar cada vez.",
+    "alertingDraftBadge": "Borrador - guardarlo para almacenar esta regla",
+    "alertingSidebarHint": "Haga clic en un paso en el lienzo para editarlo aquí.",
+    "alertingGraphCanvasTitle": "Flujo de regla",
+    "alertingGraphCanvasDescription": "Visión general visual de fuente, disparador y acciones. Selecciona un nodo para editarlo en el panel.",
+    "alertingNodeNotConfigured": "Aún no configurado",
+    "alertingNodeActionsCount": "{count, plural, one {# acción} other {# acciones}}",
+    "alertingNodeRoleSource": "Fuente",
+    "alertingNodeRoleTrigger": "Disparador",
+    "alertingNodeRoleAction": "Acción",
+    "alertingTabRules": "Reglas de Alerta",
+    "alertingTabHealthChecks": "Chequeos de salud",
+    "alertingRulesBannerTitle": "Obtenga notificaciones",
+    "alertingRulesBannerDescription": "Cada regla vincula lo que se debe observar (un sitio, chequeo de salud o recurso), cuándo disparar (por ejemplo, fuera de línea o no saludable), y cómo notificar a su equipo vía email, webhooks o integraciones. Use esta lista para crear, habilitar y administrar esas reglas.",
+    "alertingHealthChecksBannerTitle": "Monitorear Salud y Recursos",
+    "alertingHealthChecksBannerDescription": "Los chequeos de salud son monitores HTTP o TCP que define una vez. Luego puede usarlos como fuentes en reglas de alerta para que se le notifique cuando un objetivo se vuelva saludable o no saludable. Los chequeos de salud en recursos también aparecen aquí.",
+    "standaloneHcTableTitle": "Chequeos de salud",
+    "standaloneHcSearchPlaceholder": "Buscar chequeos de salud…",
+    "standaloneHcAddButton": "Crear chequeo de salud",
+    "standaloneHcCreateTitle": "Crear chequeo de salud",
+    "standaloneHcEditTitle": "Editar chequeo de salud",
+    "standaloneHcDescription": "Configurar un chequeo de salud HTTP o TCP para usar en reglas de alerta.",
+    "standaloneHcNameLabel": "Nombre",
+    "standaloneHcNamePlaceholder": "Mi monitor HTTP",
+    "standaloneHcDeleteTitle": "Eliminar chequeo de salud",
+    "standaloneHcDeleteQuestion": "Por favor, confirme que desea eliminar este chequeo de salud.",
+    "standaloneHcDeleted": "Chequeo de salud eliminado",
+    "standaloneHcSaved": "Chequeo de salud guardado",
+    "standaloneHcColumnHealth": "Salud",
+    "standaloneHcColumnMode": "Modo",
+    "standaloneHcColumnTarget": "Destino",
+    "standaloneHcHealthStateHealthy": "Saludable",
+    "standaloneHcHealthStateUnhealthy": "No saludable",
+    "standaloneHcHealthStateUnknown": "Desconocido",
+    "standaloneHcFilterAnySite": "Todos los sitios",
+    "standaloneHcFilterAnyResource": "Todos los recursos",
+    "standaloneHcFilterMode": "Modo",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "Salud",
+    "standaloneHcFilterEnabled": "Activado",
+    "standaloneHcFilterEnabledOn": "Activado",
+    "standaloneHcFilterEnabledOff": "Deshabilitado",
+    "standaloneHcFilterSiteIdFallback": "Sitio {id}",
+    "standaloneHcFilterResourceIdFallback": "Recurso {id}",
    "blueprints": "Planos",
    "blueprintsDescription": "Aplicar configuraciones declarativas y ver ejecuciones anteriores",
    "blueprintAdd": "Añadir plano",
@@ -1289,7 +1560,6 @@
    "parsedContents": "Contenido analizado (Sólo lectura)",
    "enableDockerSocket": "Habilitar Plano Docker",
    "enableDockerSocketDescription": "Activar el raspado de etiquetas de Socket Docker para etiquetas de planos. La ruta del Socket debe proporcionarse a Newt.",
-    "enableDockerSocketLink": "Saber más",
    "viewDockerContainers": "Ver contenedores Docker",
    "containersIn": "Contenedores en {siteName}",
    "selectContainerDescription": "Seleccione cualquier contenedor para usar como nombre de host para este objetivo. Haga clic en un puerto para usar un puerto.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "Cree la cuenta de administrador del servidor inicial. Solo puede existir un administrador del servidor. Siempre puede cambiar estas credenciales más tarde.",
    "createAdminAccount": "Crear cuenta de administrador",
    "setupErrorCreateAdmin": "Se produjo un error al crear la cuenta de administrador del servidor.",
-    "certificateStatus": "Estado del certificado",
+    "certificateStatus": "Certificado",
+    "certificateStatusAutoRefreshHint": "El estado se actualiza automáticamente.",
    "loading": "Cargando",
    "loadingAnalytics": "Cargando analíticas",
    "restart": "Reiniciar",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "Ver notas de lanzamiento",
    "newtUpdateAvailable": "Nueva actualización disponible",
    "newtUpdateAvailableInfo": "Hay una nueva versión de Newt disponible. Actualice a la última versión para la mejor experiencia.",
+    "pangolinNodeUpdateAvailableInfo": "Hay una nueva versión de Pangolin Node disponible. Actualice a la última versión para la mejor experiencia.",
    "domainPickerEnterDomain": "Dominio",
    "domainPickerPlaceholder": "miapp.ejemplo.com",
    "domainPickerDescription": "Ingresa el dominio completo del recurso para ver las opciones disponibles.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "Espacio de nombres: {namespace}",
    "domainPickerShowMore": "Mostrar más",
    "regionSelectorTitle": "Seleccionar Región",
+    "domainPickerRemoteExitNodeWarning": "Los dominios suministrados no son compatibles cuando los sitios se conectan a nodos de salida remotos. Para que los recursos estén disponibles en nodos remotos, utilice un dominio personalizado en su lugar.",
    "regionSelectorInfo": "Seleccionar una región nos ayuda a brindar un mejor rendimiento para tu ubicación. No tienes que estar en la misma región que tu servidor.",
    "regionSelectorPlaceholder": "Elige una región",
    "regionSelectorComingSoon": "Próximamente",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "Aviso de disponibilidad de funcionalidad",
    "billingFeatureLossDescription": "Al degradar, las características no disponibles en el nuevo plan se desactivarán automáticamente. Algunas configuraciones y configuraciones pueden perderse. Por favor, revise la matriz de precios para entender qué características ya no estarán disponibles.",
    "billingUsageExceedsLimit": "El uso actual ({current}) supera el límite ({limit})",
+    "billingPastDueTitle": "Pago vencido",
+    "billingPastDueDescription": "Su pago ha vencido. Por favor, actualice su método de pago para seguir utilizando las características actuales de su plan. Si no se resuelve, tu suscripción se cancelará y serás revertido al nivel gratuito.",
+    "billingUnpaidTitle": "Suscripción no pagada",
+    "billingUnpaidDescription": "Tu suscripción no está pagada y has sido revertido al nivel gratuito. Por favor, actualiza tu método de pago para restaurar tu suscripción.",
+    "billingIncompleteTitle": "Pago incompleto",
+    "billingIncompleteDescription": "Su pago está incompleto. Por favor, complete el proceso de pago para activar su suscripción.",
+    "billingIncompleteExpiredTitle": "Pago expirado",
+    "billingIncompleteExpiredDescription": "Tu pago nunca se completó y ha expirado. Has sido revertido al nivel gratuito. Suscríbete de nuevo para restaurar el acceso a las funciones de pago.",
+    "billingManageSubscription": "Administra tu suscripción",
+    "billingResolvePaymentIssue": "Por favor resuelva su problema de pago antes de actualizar o bajar de calificación",
    "signUpTerms": {
        "IAgreeToThe": "Estoy de acuerdo con los",
        "termsOfService": "términos del servicio",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "Configurar Chequeo de Salud",
    "configureHealthCheckDescription": "Configura la monitorización de salud para {target}",
    "enableHealthChecks": "Activar Chequeos de Salud",
+    "healthCheckDisabledStateDescription": "Cuando está deshabilitado, el sitio no realizará comprobaciones de salud y el estado se considerará desconocido.",
    "enableHealthChecksDescription": "Controlar la salud de este objetivo. Puedes supervisar un punto final diferente al objetivo si es necesario.",
    "healthScheme": "Método",
    "healthSelectScheme": "Seleccionar método",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "El tiempo está en segundos",
    "requireDeviceApproval": "Requiere aprobaciones del dispositivo",
    "requireDeviceApprovalDescription": "Los usuarios con este rol necesitan nuevos dispositivos aprobados por un administrador antes de poder conectarse y acceder a los recursos.",
+    "sshAccess": "Acceso a SSH",
+    "roleAllowSsh": "Permitir SSH",
+    "roleAllowSshAllow": "Permitir",
+    "roleAllowSshDisallow": "Rechazar",
+    "roleAllowSshDescription": "Permitir a los usuarios con este rol conectarse a recursos a través de SSH. Cuando está desactivado, el rol no puede usar acceso SSH.",
+    "sshSudoMode": "Acceso Sudo",
+    "sshSudoModeNone": "Ninguna",
+    "sshSudoModeNoneDescription": "El usuario no puede ejecutar comandos con sudo.",
+    "sshSudoModeFull": "Sudo completo",
+    "sshSudoModeFullDescription": "El usuario puede ejecutar cualquier comando con sudo.",
+    "sshSudoModeCommands": "Comandos",
+    "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
+    "sshSudo": "Permitir sudo",
+    "sshSudoCommands": "Comandos Sudo",
+    "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo.",
+    "sshCreateHomeDir": "Crear directorio principal",
+    "sshUnixGroups": "Grupos Unix",
+    "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
    "retryAttempts": "Intentos de Reintento",
    "expectedResponseCodes": "Códigos de respuesta esperados",
    "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "El intervalo de comprobación debe ser de al menos 5 segundos",
    "healthCheckTimeoutMin": "El tiempo de espera debe ser de al menos 1 segundo",
    "healthCheckRetryMin": "Los intentos de reintento deben ser de al menos 1",
+    "healthCheckMode": "Modo de chequeo",
+    "healthCheckStrategy": "Estrategia",
+    "healthCheckModeDescription": "El modo TCP verifica solo la conectividad. El modo HTTP valida la respuesta HTTP.",
+    "healthyThreshold": "Umbral Saludable",
+    "healthyThresholdDescription": "Éxitos consecutivos requeridos antes de marcar como saludable.",
+    "unhealthyThreshold": "Umbral No Saludable",
+    "unhealthyThresholdDescription": "Fallos consecutivos requeridos antes de marcar como no saludable.",
+    "healthCheckHealthyThresholdMin": "El umbral saludable debe ser al menos 1",
+    "healthCheckUnhealthyThresholdMin": "El umbral no saludable debe ser al menos 1",
    "httpMethod": "Método HTTP",
    "selectHttpMethod": "Seleccionar método HTTP",
    "domainPickerSubdomainLabel": "Subdominio",
+    "domainPickerWildcard": "Comodín",
+    "domainPickerWildcardPaidOnly": "Los subdominios comodín son una característica paga. Por favor, mejora tu plan para acceder a esta característica.",
    "domainPickerBaseDomainLabel": "Dominio base",
    "domainPickerSearchDomains": "Buscar dominios...",
    "domainPickerNoDomainsFound": "No se encontraron dominios",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "Esta dirección es parte de la subred de utilidad de la organización. Se utiliza para resolver registros de alias usando resolución DNS interna.",
    "resourcesTableClients": "Clientes",
    "resourcesTableAndOnlyAccessibleInternally": "y solo son accesibles internamente cuando se conectan con un cliente.",
-    "resourcesTableNoTargets": "Sin objetivos",
    "resourcesTableHealthy": "Saludable",
    "resourcesTableDegraded": "Degrado",
-    "resourcesTableOffline": "Desconectado",
+    "resourcesTableUnhealthy": "No saludable",
    "resourcesTableUnknown": "Desconocido",
    "resourcesTableNotMonitored": "No supervisado",
+    "resourcesTableNoTargets": "Sin objetivos",
    "editInternalResourceDialogEditClientResource": "Editar recurso privado",
    "editInternalResourceDialogUpdateResourceProperties": "Actualizar la configuración del recurso y los controles de acceso para {resourceName}",
    "editInternalResourceDialogResourceProperties": "Propiedades del recurso",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "Puerto",
    "editInternalResourceDialogModeHost": "Anfitrión",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "Esquema",
+    "editInternalResourceDialogEnableSsl": "Activar SSL",
+    "editInternalResourceDialogEnableSslDescription": "Habilitar cifrado SSL/TLS para conexiones HTTPS seguras al destino.",
    "editInternalResourceDialogDestination": "Destino",
    "editInternalResourceDialogDestinationHostDescription": "La dirección IP o nombre de host del recurso en la red del sitio.",
    "editInternalResourceDialogDestinationIPDescription": "La dirección IP o nombre de host del recurso en la red del sitio.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "Nombre",
    "createInternalResourceDialogSite": "Sitio",
    "selectSite": "Seleccionar sitio...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# sitio} other {# sitios}}",
    "noSitesFound": "Sitios no encontrados.",
    "createInternalResourceDialogProtocol": "Protocolo",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "Puerto",
    "createInternalResourceDialogModeHost": "Anfitrión",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "Esquema",
+    "createInternalResourceDialogScheme": "Esquema",
+    "createInternalResourceDialogEnableSsl": "Activar SSL",
+    "createInternalResourceDialogEnableSslDescription": "Habilitar cifrado SSL/TLS para conexiones HTTPS seguras al destino.",
    "createInternalResourceDialogDestination": "Destino",
    "createInternalResourceDialogDestinationHostDescription": "La dirección IP o nombre de host del recurso en la red del sitio.",
    "createInternalResourceDialogDestinationCidrDescription": "El rango CIDR del recurso en la red del sitio.",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "Un alias DNS interno opcional para este recurso.",
+    "internalResourceDownstreamSchemeRequired": "Se requiere el método para recursos HTTP",
+    "internalResourceHttpPortRequired": "Se requiere el puerto de destino para recursos HTTP",
    "siteConfiguration": "Configuración",
    "siteAcceptClientConnections": "Aceptar conexiones de clientes",
    "siteAcceptClientConnectionsDescription": "Permitir a los dispositivos de usuario y clientes acceder a los recursos de este sitio. Esto se puede cambiar más tarde.",
@@ -1851,6 +2178,40 @@
    "exitNode": "Nodo de Salida",
    "country": "País",
    "rulesMatchCountry": "Actualmente basado en IP de origen",
+    "region": "Región",
+    "selectRegion": "Seleccionar región",
+    "searchRegions": "Buscar regiones...",
+    "noRegionFound": "Región no encontrada.",
+    "rulesMatchRegion": "Seleccione una agrupación regional de países",
+    "rulesErrorInvalidRegion": "Región no válida",
+    "rulesErrorInvalidRegionDescription": "Por favor, seleccione una región válida.",
+    "regionAfrica": "Africa",
+    "regionNorthernAfrica": "África septentrional",
+    "regionEasternAfrica": "África oriental",
+    "regionMiddleAfrica": "África central",
+    "regionSouthernAfrica": "África del Sur",
+    "regionWesternAfrica": "África Occidental",
+    "regionAmericas": "Américas",
+    "regionCaribbean": "Caribe",
+    "regionCentralAmerica": "América Central",
+    "regionSouthAmerica": "América del Sur",
+    "regionNorthernAmerica": "América del Norte",
+    "regionAsia": "Asia",
+    "regionCentralAsia": "Asia Central",
+    "regionEasternAsia": "Asia oriental",
+    "regionSouthEasternAsia": "Asia sudoriental",
+    "regionSouthernAsia": "Asia meridional",
+    "regionWesternAsia": "Asia Occidental",
+    "regionEurope": "Europa",
+    "regionEasternEurope": "Europa del Este",
+    "regionNorthernEurope": "Europa septentrional",
+    "regionSouthernEurope": "Europa meridional",
+    "regionWesternEurope": "Europa Occidental",
+    "regionOceania": "Oceania",
+    "regionAustraliaAndNewZealand": "Australia y Nueva Zelanda",
+    "regionMelanesia": "Melanesia",
+    "regionMicronesia": "Micronesia",
+    "regionPolynesia": "Polynesia",
    "managedSelfHosted": {
        "title": "Autogestionado",
        "description": "Servidor Pangolin autoalojado más fiable y de bajo mantenimiento con campanas y silbidos extra",
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "Dominio Internacional detectado",
    "willbestoredas": "Se almacenará como:",
-    "roleMappingDescription": "Determinar cómo se asignan los roles a los usuarios cuando se registran cuando está habilitada la provisión automática.",
+    "roleMappingDescription": "Determine cómo se asignan los roles a los usuarios cuando inician sesión con este proveedor de identidad.",
    "selectRole": "Seleccione un rol",
    "roleMappingExpression": "Expresión",
    "selectRolePlaceholder": "Elija un rol",
@@ -1899,6 +2260,25 @@
    "invalidValue": "Valor inválido",
    "idpTypeLabel": "Tipo de proveedor de identidad",
    "roleMappingExpressionPlaceholder": "e.g., contiene(grupos, 'administrador') && 'administrador' || 'miembro'",
+    "roleMappingModeFixedRoles": "Roles fijos",
+    "roleMappingModeMappingBuilder": "Constructor de mapeo",
+    "roleMappingModeRawExpression": "Expresión sin procesar",
+    "roleMappingFixedRolesPlaceholderSelect": "Seleccione uno o más roles",
+    "roleMappingFixedRolesPlaceholderFreeform": "Nombre de rol de tipo (coincidencia exacta por organización)",
+    "roleMappingFixedRolesDescriptionSameForAll": "Asignar el mismo rol establecido a cada usuario auto-provisionado.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "Para las políticas predeterminadas, escriba nombres de roles que existen en cada organización donde los usuarios son proporcionados. Los nombres deben coincidir exactamente.",
+    "roleMappingClaimPath": "Reclamar ruta",
+    "roleMappingClaimPathPlaceholder": "grupos",
+    "roleMappingClaimPathDescription": "Ruta en el payload del token que contiene valores de origen (por ejemplo, grupos).",
+    "roleMappingMatchValue": "Valor de partida",
+    "roleMappingAssignRoles": "Asignar roles",
+    "roleMappingAddMappingRule": "Añadir regla de mapeo",
+    "roleMappingRawExpressionResultDescription": "La expresión debe evaluar a un array de cadenas o cadenas.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "La expresión debe evaluar una cadena (un solo nombre de rol).",
+    "roleMappingMatchValuePlaceholder": "Valor coincidente (por ejemplo: admin)",
+    "roleMappingAssignRolesPlaceholderFreeform": "Escriba nombres de rol (exacto por org)",
+    "roleMappingBuilderFreeformRowHint": "Los nombres de rol deben coincidir con un rol en cada organización objetivo.",
+    "roleMappingRemoveRule": "Eliminar",
    "idpGoogleConfiguration": "Configuración de Google",
    "idpGoogleConfigurationDescription": "Configurar las credenciales de Google OAuth2",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "Seleccione un dominio para la página de autenticación de la organización",
    "domainPickerProvidedDomain": "Dominio proporcionado",
    "domainPickerFreeProvidedDomain": "Dominio proporcionado gratis",
+    "domainPickerFreeDomainsPaidFeature": "Los dominios proporcionados son una función de pago. Suscríbete para obtener un dominio incluido con tu plan - no necesitas traer el tuyo propio.",
    "domainPickerVerified": "Verificado",
    "domainPickerUnverified": "Sin verificar",
-    "domainPickerInvalidSubdomainStructure": "Este subdominio contiene caracteres o estructura no válidos. Se limpiará automáticamente al guardar.",
+    "domainPickerManual": "Manual",
+    "domainPickerInvalidSubdomainStructure": "Los caracteres inválidos serán saneados al guardar.",
    "domainPickerError": "Error",
    "domainPickerErrorLoadDomains": "Error al cargar los dominios de la organización",
    "domainPickerErrorCheckAvailability": "No se pudo comprobar la disponibilidad del dominio",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "Elige tu proveedor de identidad para continuar",
    "orgAuthNoIdpConfigured": "Esta organización no tiene ningún proveedor de identidad configurado. En su lugar puedes iniciar sesión con tu identidad de Pangolin.",
    "orgAuthSignInWithPangolin": "Iniciar sesión con Pangolin",
-    "orgAuthSignInToOrg": "Iniciar sesión en una organización",
+    "orgAuthSignInToOrg": "Proveedor de identidad de la organización (SSO)",
    "orgAuthSelectOrgTitle": "Inicio de sesión de organización",
    "orgAuthSelectOrgDescription": "Ingrese el ID de su organización para continuar",
    "orgAuthOrgIdPlaceholder": "tu-organización",
@@ -2138,7 +2520,7 @@
        "alerts": {
            "commercialUseDisclosure": {
                "title": "Divulgación de uso",
-                "description": "Seleccione el nivel de licencia que refleje con precisión su uso previsto. La Licencia Personal permite el uso libre del Software para actividades comerciales individuales, no comerciales o de pequeña escala con ingresos brutos anuales inferiores a $100,000 USD. Cualquier uso más allá de estos límites — incluyendo el uso dentro de una empresa, organización, u otro entorno de generación de ingresos — requiere una Licencia Empresarial válida y el pago de la cuota de licencia aplicable. Todos los usuarios, ya sean personales o empresariales, deben cumplir con las Condiciones de Licencia Comercial Fossorial."
+                "description": "Seleccione el nivel de licencia que refleje con precisión su uso previsto. La Licencia Personal permite el uso libre del Software para actividades comerciales individuales, no comerciales o de pequeña escala con ingresos brutos anuales inferiores a $100,000 USD. Cualquier uso más allá de estos límites - incluyendo el uso dentro de una empresa, organización, u otro entorno de generación de ingresos - requiere una Licencia Empresarial válida y el pago de la cuota de licencia aplicable. Todos los usuarios, ya sean personales o empresariales, deben cumplir con las Condiciones de Licencia Comercial Fossorial."
            },
            "trialPeriodInformation": {
                "title": "Información del período de prueba",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "Escala",
-                "description": "Características de la empresa, 50 usuarios, 50 sitios y soporte prioritario."
+                "description": "Funcionalidades empresariales, 50 usuarios, 100 sitios y soporte prioritario."
            }
        },
-        "personalUseOnly": "Solo uso personal (licencia gratuita, sin pago)",
+        "personalUseOnly": "Solo uso personal (licencia gratuita - sin salida)",
        "buttons": {
            "continueToCheckout": "Continuar con el pago"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "Contraseña válida",
    "validEmail": "Valid email",
    "validSSO": "Valid SSO",
+    "connectedClient": "Cliente conectado",
    "resourceBlocked": "Recurso bloqueado",
    "droppedByRule": "Soltado por regla",
    "noSessions": "No hay sesiones",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "No Valid Auth",
    "ip": "IP",
    "reason": "Razón",
-    "requestLogs": "Registros de Solicitud",
+    "requestLogs": "Registros de Solicitud HTTP",
    "requestAnalytics": "Analítica de Solicitud",
    "host": "Anfitrión",
    "location": "Ubicación",
    "actionLogs": "Registros de acción",
-    "sidebarLogsRequest": "Registros de Solicitud",
+    "sidebarLogsRequest": "Registros de Solicitud HTTP",
    "sidebarLogsAccess": "Registros de acceso",
    "sidebarLogsAction": "Registros de acción",
    "logRetention": "Retención de Log",
    "logRetentionDescription": "Administrar cuánto tiempo se conservan los diferentes tipos de registros para esta organización o desactivarlos",
    "requestLogsDescription": "Ver registros de solicitudes detallados para los recursos de esta organización",
    "requestAnalyticsDescription": "Ver análisis de solicitudes detalladas de recursos en esta organización",
-    "logRetentionRequestLabel": "Retención de Registro de Solicitud",
+    "logRetentionRequestLabel": "Retención de Registro de Solicitud HTTP",
    "logRetentionRequestDescription": "Cuánto tiempo conservar los registros de solicitudes",
    "logRetentionAccessLabel": "Retención de Log de Acceso",
    "logRetentionAccessDescription": "Cuánto tiempo retener los registros de acceso",
    "logRetentionActionLabel": "Retención de registro de acción",
    "logRetentionActionDescription": "Cuánto tiempo retener los registros de acción",
+    "logRetentionConnectionLabel": "Retención de Registro de Conexión",
+    "logRetentionConnectionDescription": "Cuánto tiempo conservar los registros de conexión",
    "logRetentionDisabled": "Deshabilitado",
    "logRetention3Days": "3 días",
    "logRetention7Days": "7 días",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "Fin del año siguiente",
    "actionLogsDescription": "Ver un historial de acciones realizadas en esta organización",
    "accessLogsDescription": "Ver solicitudes de acceso a los recursos de esta organización",
-    "licenseRequiredToUse": "Se requiere una licencia <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> para utilizar esta función. Esta característica también está disponible en <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
-    "ossEnterpriseEditionRequired": "La <enterpriseEditionLink>versión Enterprise</enterpriseEditionLink> es necesaria para utilizar esta función. Esta función también está disponible en <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
+    "connectionLogs": "Registros de conexión",
+    "connectionLogsDescription": "Ver registros de conexión para túneles en esta organización",
+    "sidebarLogsConnection": "Registros de conexión",
+    "sidebarLogsStreaming": "Transmisión",
+    "sourceAddress": "Dirección de origen",
+    "destinationAddress": "Dirección de destino",
+    "duration": "Duración",
+    "licenseRequiredToUse": "Se requiere una licencia <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> o <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> para usar esta función. <bookADemoLink>Reserve una demostración o prueba POC</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "La <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> es necesaria para utilizar esta función. Esta función también está disponible en <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>. <bookADemoLink>Reserva una demostración o prueba POC</bookADemoLink>.",
    "certResolver": "Resolver certificado",
    "certResolverDescription": "Seleccione la resolución de certificados a utilizar para este recurso.",
    "selectCertResolver": "Seleccionar Resolver Certificado",
@@ -2448,6 +2840,9 @@
    "machineClients": "Clientes de la máquina",
    "install": "Instalar",
    "run": "Ejecutar",
+    "envFile": "Archivo de Entorno",
+    "serviceFile": "Archivo de Servicio",
+    "enableAndStart": "Habilitar y empezar",
    "clientNameDescription": "El nombre mostrado del cliente que se puede cambiar más adelante.",
    "clientAddress": "Dirección del cliente (Avanzado)",
    "setupFailedToFetchSubnet": "No se pudo obtener la subred por defecto",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "Agregar clientes",
    "editInternalResourceDialogDestinationLabel": "Destino",
    "editInternalResourceDialogDestinationDescription": "Especifique la dirección de destino para el recurso interno. Puede ser un nombre de host, dirección IP o rango CIDR dependiendo del modo seleccionado. Opcionalmente establezca un alias DNS interno para una identificación más fácil.",
+    "internalResourceFormMultiSiteRoutingHelp": "Seleccionar múltiples sitios habilita el enrutamiento resistente y la conmutación por error para alta disponibilidad.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "Más información",
    "editInternalResourceDialogPortRestrictionsDescription": "Restringir el acceso a puertos TCP/UDP específicos o permitir/bloquear todos los puertos.",
+    "createInternalResourceDialogHttpConfiguration": "Configuración HTTP",
+    "createInternalResourceDialogHttpConfigurationDescription": "Elija el dominio que los clientes usarán para alcanzar este recurso a través de HTTP o HTTPS.",
+    "editInternalResourceDialogHttpConfiguration": "Configuración HTTP",
+    "editInternalResourceDialogHttpConfigurationDescription": "Elija el dominio que los clientes usarán para alcanzar este recurso a través de HTTP o HTTPS.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "Control de acceso",
    "editInternalResourceDialogAccessControlDescription": "Controla qué roles, usuarios y clientes de máquinas tienen acceso a este recurso cuando están conectados. Los administradores siempre tienen acceso.",
    "editInternalResourceDialogPortRangeValidationError": "El rango de puertos debe ser \"*\" para todos los puertos, o una lista separada por comas de puertos y rangos (por ejemplo, \"80,443,8000-9000\"). Los puertos deben estar entre 1 y 65535.",
+    "internalResourceAuthDaemonStrategy": "Ubicación del demonio de autenticación SSSH",
+    "internalResourceAuthDaemonStrategyDescription": "Elija dónde se ejecuta el daemon de autenticación SSH: en el sitio (Newt) o en un host remoto.",
+    "internalResourceAuthDaemonDescription": "El daemon de autenticación SSSH maneja la firma de claves SSH y autenticación PAM para este recurso. Elija si se ejecuta en el sitio (Newt) o en un host remoto separado. Vea <docsLink>la documentación</docsLink> para más.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "Seleccionar estrategia",
+    "internalResourceAuthDaemonStrategyLabel": "Ubicación",
+    "internalResourceAuthDaemonSite": "En el sitio",
+    "internalResourceAuthDaemonSiteDescription": "Auth daemon corre en el sitio (Newt).",
+    "internalResourceAuthDaemonRemote": "Host remoto",
+    "internalResourceAuthDaemonRemoteDescription": "El daemon Auth corre en un host que no es el sitio.",
+    "internalResourceAuthDaemonPort": "Puerto de demonio (opcional)",
    "orgAuthWhatsThis": "¿Dónde puedo encontrar el ID de mi organización?",
    "learnMore": "Más información",
    "backToHome": "Volver a inicio",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "¡Volveremos pronto! Nuestro sitio está actualmente en mantenimiento programado.",
    "maintenancePageMessageDescription": "Mensaje detallado explicando el mantenimiento",
    "maintenancePageTimeTitle": "Tiempo estimado de finalización (Opcional)",
+    "privateMaintenanceScreenTitle": "Pantalla de marcador de posición privada",
+    "privateMaintenanceScreenMessage": "Este dominio se está utilizando en un recurso privado. Conéctese usando el cliente Pangolin para acceder a este recurso.",
+    "privateMaintenanceScreenSteps": "Una vez conectado, si sigues viendo este mensaje, la caché de DNS de tu navegador puede seguir apuntando a la dirección antigua. Para solucionarlo: cierra por completo y vuelve a abrir esta pestaña o tu navegador, luego regresa a esta página.",
    "maintenanceTime": "Ej., 2 horas, 1 de noviembre a las 5:00 PM",
    "maintenanceEstimatedTimeDescription": "Cuando espera que el mantenimiento esté terminado",
    "editDomain": "Editar dominio",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "Habilitar aprobaciones de dispositivo",
    "approvalsEmptyStateStep2Description": "Editar un rol y habilitar la opción 'Requerir aprobaciones de dispositivos'. Los usuarios con este rol necesitarán la aprobación del administrador para nuevos dispositivos.",
    "approvalsEmptyStatePreviewDescription": "Vista previa: Cuando está habilitado, las solicitudes de dispositivo pendientes aparecerán aquí para su revisión",
-    "approvalsEmptyStateButtonText": "Administrar roles"
+    "approvalsEmptyStateButtonText": "Administrar roles",
+    "domainErrorTitle": "Estamos teniendo problemas para verificar su dominio",
+    "idpAdminAutoProvisionPoliciesTabHint": "Configure el mapeo de roles y las políticas de organización en la pestaña <policiesTabLink>Configuración de provisión automática</policiesTabLink>.",
+    "streamingTitle": "Transmisión de Eventos",
+    "streamingDescription": "Transmita eventos desde su organización a destinos externos en tiempo real.",
+    "streamingUnnamedDestination": "Destino sin nombre",
+    "streamingNoUrlConfigured": "No hay URL configurada",
+    "streamingAddDestination": "Añadir destino",
+    "streamingHttpWebhookTitle": "Webhook HTTP",
+    "streamingHttpWebhookDescription": "Enviar eventos a cualquier extremo HTTP con autenticación flexible y plantilla.",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "Transmite eventos a un bucket de almacenamiento de objetos compatible con S3. Próximamente.",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "Reenviar eventos directamente a tu cuenta de Datadog. Próximamente.",
+    "streamingTypePickerDescription": "Elija un tipo de destino para empezar.",
+    "streamingFailedToLoad": "Error al cargar destinos",
+    "streamingUnexpectedError": "Se ha producido un error inesperado.",
+    "streamingFailedToUpdate": "Error al actualizar destino",
+    "streamingDeletedSuccess": "Destino eliminado correctamente",
+    "streamingFailedToDelete": "Error al eliminar destino",
+    "streamingDeleteTitle": "Eliminar destino",
+    "streamingDeleteButtonText": "Eliminar destino",
+    "streamingDeleteDialogAreYouSure": "¿Está seguro que desea eliminar",
+    "streamingDeleteDialogThisDestination": "este destino",
+    "streamingDeleteDialogPermanentlyRemoved": "? Toda la configuración se eliminará permanentemente.",
+    "httpDestEditTitle": "Editar destino",
+    "httpDestAddTitle": "Añadir destino HTTP",
+    "httpDestEditDescription": "Actualizar la configuración para este destino de transmisión de eventos HTTP.",
+    "httpDestAddDescription": "Configure un nuevo extremo HTTP para recibir los eventos de su organización.",
+    "S3DestEditTitle": "Editar destino",
+    "S3DestAddTitle": "Añadir destino S3",
+    "S3DestEditDescription": "Actualice la configuración para este destino de transmisión de eventos S3.",
+    "S3DestAddDescription": "Configure un nuevo punto final S3 para recibir los eventos de su organización.",
+    "datadogDestEditTitle": "Editar destino",
+    "datadogDestAddTitle": "Añadir destino Datadog",
+    "datadogDestEditDescription": "Actualice la configuración para este destino de transmisión de eventos Datadog.",
+    "datadogDestAddDescription": "Configure un nuevo punto final de Datadog para recibir los eventos de su organización.",
+    "httpDestTabSettings": "Ajustes",
+    "httpDestTabHeaders": "Encabezados",
+    "httpDestTabBody": "Cuerpo",
+    "httpDestTabLogs": "Registros",
+    "httpDestNamePlaceholder": "Mi destino HTTP",
+    "httpDestUrlLabel": "URL de destino",
+    "httpDestUrlErrorHttpRequired": "URL debe usar http o https",
+    "httpDestUrlErrorHttpsRequired": "HTTPS es necesario en implementaciones en la nube",
+    "httpDestUrlErrorInvalid": "Introduzca una URL válida (ej. https://example.com/webhook)",
+    "httpDestAuthTitle": "Autenticación",
+    "httpDestAuthDescription": "Elija cómo están autenticadas las solicitudes en su punto final.",
+    "httpDestAuthNoneTitle": "Sin autenticación",
+    "httpDestAuthNoneDescription": "Envía solicitudes sin un encabezado de autorización.",
+    "httpDestAuthBearerTitle": "Tóken de portador",
+    "httpDestAuthBearerDescription": "Añade un encabezado Authorization: Bearer '<token>' a cada solicitud.",
+    "httpDestAuthBearerPlaceholder": "Tu clave o token API",
+    "httpDestAuthBasicTitle": "Auth Básica",
+    "httpDestAuthBasicDescription": "Añade un encabezado Authorization: Basic '<credenciales>'. Proporcione las credenciales como nombredeusuario:contraseña.",
+    "httpDestAuthBasicPlaceholder": "usuario:contraseña",
+    "httpDestAuthCustomTitle": "Cabecera personalizada",
+    "httpDestAuthCustomDescription": "Especifique un nombre de cabecera HTTP personalizado y un valor para la autenticación (por ejemplo, X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "Nombre de cabecera (ej. X-API-Key)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "Valor de cabecera",
+    "httpDestCustomHeadersTitle": "Cabeceras HTTP personalizadas",
+    "httpDestCustomHeadersDescription": "Añadir cabeceras personalizadas a cada petición saliente. Útil para tokens estáticos o un tipo de contenido personalizado. De forma predeterminada, Content Type: application/json es enviado.",
+    "httpDestNoHeadersConfigured": "No hay cabeceras personalizadas. Haga clic en \"Añadir cabecera\" para añadir una.",
+    "httpDestHeaderNamePlaceholder": "Nombre de cabecera",
+    "httpDestHeaderValuePlaceholder": "Valor",
+    "httpDestAddHeader": "Añadir cabecera",
+    "httpDestBodyTemplateTitle": "Plantilla de cuerpo personalizada",
+    "httpDestBodyTemplateDescription": "Controla la estructura de carga de JSON enviada a tu punto final. Si está desactivado, se envía un objeto JSON por defecto para cada evento.",
+    "httpDestEnableBodyTemplate": "Activar plantilla de cuerpo personalizado",
+    "httpDestBodyTemplateLabel": "Plantilla de cuerpo (JSON)",
+    "httpDestBodyTemplateHint": "Utilice variables de plantilla para referenciar los campos del evento en su carga útil.",
+    "httpDestPayloadFormatTitle": "Formato de carga",
+    "httpDestPayloadFormatDescription": "Cómo se serializan los eventos en cada cuerpo de solicitud.",
+    "httpDestFormatJsonArrayTitle": "Matriz JSON",
+    "httpDestFormatJsonArrayDescription": "Una petición por lote, cuerpo es una matriz JSON. Compatible con la mayoría de los webhooks y Datadog.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "Una petición por lote, el cuerpo es JSON delimitado por línea - un objeto por línea, sin arrays externos. Requerido por Splunk HEC, Elastic / OpenSearch, y Grafana Loki.",
+    "httpDestFormatSingleTitle": "Un evento por solicitud",
+    "httpDestFormatSingleDescription": "Envía un HTTP POST separado para cada evento individual. Úsalo sólo para los extremos que no pueden manejar lotes.",
+    "httpDestLogTypesTitle": "Tipos de Log",
+    "httpDestLogTypesDescription": "Elija qué tipos de registro son reenviados a este destino. Sólo los tipos de registro habilitados serán transmitidos.",
+    "httpDestAccessLogsTitle": "Registros de acceso",
+    "httpDestAccessLogsDescription": "Intentos de acceso a recursos, incluyendo solicitudes autenticadas y denegadas.",
+    "httpDestActionLogsTitle": "Registros de acción",
+    "httpDestActionLogsDescription": "Acciones administrativas realizadas por los usuarios dentro de la organización.",
+    "httpDestConnectionLogsTitle": "Registros de conexión",
+    "httpDestConnectionLogsDescription": "Eventos de conexión de sitios y túneles, incluyendo conexiones y desconexiones.",
+    "httpDestRequestLogsTitle": "Registros de Solicitud HTTP",
+    "httpDestRequestLogsDescription": "Registros de peticiones HTTP para recursos proxyficados, incluyendo método, ruta y código de respuesta.",
+    "httpDestSaveChanges": "Guardar Cambios",
+    "httpDestCreateDestination": "Crear destino",
+    "httpDestUpdatedSuccess": "Destino actualizado correctamente",
+    "httpDestCreatedSuccess": "Destino creado correctamente",
+    "httpDestUpdateFailed": "Error al actualizar destino",
+    "httpDestCreateFailed": "Error al crear el destino",
+    "followRedirects": "Seguir redirecciones",
+    "followRedirectsDescription": "Seguir automáticamente las redirecciones HTTP para solicitudes.",
+    "alertingErrorWebhookUrl": "Por favor, introduzca una URL válida para el webhook.",
+    "healthCheckStrategyHttp": "Valida la conectividad y verifica el estado de respuesta HTTP.",
+    "healthCheckStrategyTcp": "Verifica la conectividad TCP solamente, sin inspeccionar la respuesta.",
+    "healthCheckStrategySnmp": "Realiza una solicitud SNMP get para verificar la salud de dispositivos y la infraestructura de red.",
+    "healthCheckStrategyIcmp": "Usa solicitudes de eco ICMP (pings) para verificar si un recurso es alcanzable y receptivo.",
+    "healthCheckTabStrategy": "Estrategia",
+    "healthCheckTabConnection": "Conexión",
+    "healthCheckTabAdvanced": "Avanzado",
+    "healthCheckStrategyNotAvailable": "Esta estrategia no está disponible. Contacte ventas para habilitar esta funcionalidad.",
+    "uptime30d": "Tiempo de actividad (30d)",
+    "idpAddActionCreateNew": "Crear nuevo proveedor de identidad",
+    "idpAddActionImportFromOrg": "Importar de otra organización",
+    "idpImportDialogTitle": "Importar Proveedor de Identidad",
+    "idpImportDialogDescription": "Elija un proveedor de identidad de una organización donde usted sea administrador. Se vinculará a esta organización.",
+    "idpImportSearchPlaceholder": "Buscar por nombre de organización o proveedor...",
+    "idpImportEmpty": "No se encontraron proveedores de identidad.",
+    "idpImportedDescription": "Proveedor de identidad importado con éxito.",
+    "idpDeleteGlobalQuestion": "¿Está seguro de que desea eliminar permanentemente este proveedor de identidad?",
+    "idpDeleteGlobalDescription": "Esto eliminará permanentemente el proveedor de identidad de todas las organizaciones con las que está asociado.",
+    "idpUnassociateTitle": "Desasociar Proveedor de Identidad",
+    "idpUnassociateQuestion": "¿Está seguro de que desea desasociar este proveedor de identidad de esta organización?",
+    "idpUnassociateDescription": "Todos los usuarios asociados con este proveedor de identidad serán eliminados de esta organización, pero el proveedor de identidad continuará existiendo para otras organizaciones asociadas.",
+    "idpUnassociateConfirm": "Confirme Desasociar Proveedor de Identidad",
+    "idpUnassociateWarning": "Esto no se puede deshacer para esta organización.",
+    "idpUnassociatedDescription": "Proveedor de identidad desasociado de esta organización con éxito",
+    "idpUnassociateMenu": "Desasociar",
+    "idpDeleteAllOrgsMenu": "Eliminar",
+    "publicIpEndpoint": "Punto final",
+    "lastTriggeredAt": "Último disparo",
+    "reject": "Rechazar",
+    "uptimeDaysAgo": "Hace {count} días",
+    "uptimeToday": "Hoy",
+    "uptimeNoDataAvailable": "No hay datos disponibles",
+    "uptimeSuffix": "disponibilidad",
+    "uptimeDowntimeSuffix": "tiempo de inactividad",
+    "uptimeTooltipUptimeLabel": "Disponibilidad",
+    "uptimeTooltipDowntimeLabel": "Tiempo de inactividad",
+    "uptimeOngoing": "en curso",
+    "uptimeNoMonitoringData": "No hay datos de monitoreo",
+    "uptimeNoData": "Sin datos",
+    "uptimeMiniBarDown": "Caído",
+    "uptimeSectionTitle": "Disponibilidad",
+    "uptimeSectionDescription": "Disponibilidad durante los últimos {days} días",
+    "uptimeAddAlert": "Agregar alerta",
+    "uptimeViewAlerts": "Ver alertas",
+    "uptimeCreateEmailAlert": "Crear alerta de correo electrónico",
+    "uptimeAlertDescriptionSite": "Recibe notificaciones por correo electrónico cuando este sitio esté fuera de línea o vuelva en línea.",
+    "uptimeAlertDescriptionResource": "Recibe notificaciones por correo electrónico cuando este recurso esté fuera de línea o vuelva en línea.",
+    "uptimeAlertNamePlaceholder": "Nombre de la alerta",
+    "uptimeAdditionalEmails": "Emails adicionales",
+    "uptimeCreateAlert": "Crear alerta",
+    "uptimeAlertNoRecipients": "Sin destinatarios",
+    "uptimeAlertNoRecipientsDescription": "Por favor, agrega al menos un usuario, rol o correo electrónico para notificación.",
+    "uptimeAlertCreated": "Alerta creada",
+    "uptimeAlertCreatedDescription": "Serás notificado cuando cambie de estado.",
+    "uptimeAlertCreateFailed": "Error al crear la alerta",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "Clave",
+    "webhookHeaderValuePlaceholder": "Valor",
+    "alertLabel": "Alerta",
+    "domainPickerWildcardSubdomainNotAllowed": "No se permiten subdominios comodín.",
+    "domainPickerWildcardCertWarning": "Los recursos comodín pueden requerir configuración adicional para funcionar correctamente.",
+    "domainPickerWildcardCertWarningLink": "Más información",
+    "health": "Salud",
+    "domainPendingErrorTitle": "Problema de verificación",
+    "memberPortalTitle": "Recursos",
+    "memberPortalDescription": "Recursos a los que tiene acceso en esta organización",
+    "memberPortalSortBy": "Ordenar por...",
+    "memberPortalSortNameAsc": "Nombre A-Z",
+    "memberPortalSortNameDesc": "Nombre Z-A",
+    "memberPortalSortDomainAsc": "Dominio A-Z",
+    "memberPortalSortDomainDesc": "Dominio Z-A",
+    "memberPortalSortEnabledFirst": "Habilitado Primero",
+    "memberPortalSortDisabledFirst": "Deshabilitado Primero",
+    "memberPortalRefresh": "Actualizar",
+    "memberPortalRefreshResources": "Actualizar Recursos",
+    "memberPortalFailedToLoad": "No se pudieron cargar los recursos",
+    "memberPortalFailedToLoadDescription": "No se pudieron cargar los recursos. Por favor, revise su conexión e intente de nuevo.",
+    "memberPortalUnableToLoad": "No se pudieron cargar los recursos",
+    "memberPortalTryAgain": "Intentar de Nuevo",
+    "memberPortalNoResourcesFound": "No se encontraron Recursos",
+    "memberPortalNoResourcesAvailable": "No Hay Recursos Disponibles",
+    "memberPortalNoResourcesMatchSearch": "No hay recursos que coincidan con \"{query}\". Intenta ajustar tus términos de búsqueda o limpiar la búsqueda para ver todos los recursos.",
+    "memberPortalNoResourcesAccess": "Aún no tiene acceso a ningún recurso. Comuníquese con su administrador para obtener acceso a los recursos que necesita.",
+    "memberPortalClearSearch": "Limpiar Búsqueda",
+    "memberPortalPublicResources": "Recursos Públicos",
+    "memberPortalPublicResourcesDescription": "Aplicaciones web y servicios accesibles vía navegador",
+    "memberPortalCopiedToClipboard": "Copiado al portapapeles",
+    "memberPortalCopiedUrlDescription": "La URL del recurso ha sido copiada a su portapapeles.",
+    "memberPortalOpenResource": "Abrir Recurso",
+    "memberPortalPrivateResources": "Recursos Privados",
+    "memberPortalPrivateResourcesDescription": "Recursos de red interna accesibles vía cliente",
+    "memberPortalResourceDetails": "Detalles del Recurso",
+    "memberPortalMode": "Modo",
+    "memberPortalDestination": "Destino",
+    "memberPortalAlias": "Alias",
+    "memberPortalCopiedAliasDescription": "El alias del recurso ha sido copiado a su portapapeles.",
+    "memberPortalCopiedDestinationDescription": "El destino del recurso ha sido copiado a su portapapeles.",
+    "memberPortalRequiresClientConnection": "Requiere Conexión de Cliente",
+    "memberPortalAuthMethods": "Métodos de Autenticación",
+    "memberPortalSso": "Inicio de Sesión Único (SSO)",
+    "memberPortalPasswordProtected": "Protegido por Contraseña",
+    "memberPortalPinCode": "Código PIN",
+    "memberPortalEmailWhitelist": "Lista Blanca de Correo",
+    "memberPortalResourceDisabled": "Recurso Deshabilitado",
+    "memberPortalShowingResources": "Mostrando {start}-{end} de {total} recursos",
+    "memberPortalPrevious": "Anterior",
+    "memberPortalNext": "Siguiente"
 }
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "이 기능을 활성화하려면 영업팀에 연락하세요.",
+    "contactSalesBookDemo": "데모 예약하기",
+    "contactSalesOr": "또는",
+    "contactSalesContactUs": "문의하기",
    "setupCreate": "조직, 사이트 및 리소스를 생성합니다.",
    "headerAuthCompatibilityInfo": "인증 토큰이 없을 때 401 Unauthorized 응답을 강제하도록 설정합니다. 서버 챌린지 없이 자격 증명을 제공하지 않는 브라우저나 특정 HTTP 라이브러리에 필요합니다.",
    "headerAuthCompatibility": "확장된 호환성",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "유효하지 않거나 만료된 라이센스 키가 감지되었습니다. 모든 기능을 계속 사용하려면 라이센스 조건을 따르십시오.",
    "dismiss": "해제",
    "subscriptionViolationMessage": "현재 계획의 한계를 초과했습니다. 사이트, 사용자 또는 기타 리소스를 제거하여 계획 내에 머물도록 해결하세요.",
+    "trialBannerMessage": "시험 사용 기간이 {countdown} 안에 만료됩니다. 업그레이드하여 액세스를 유지하세요.",
+    "trialBannerExpired": "시험 사용 기간이 만료되었습니다. 지금 업그레이드하여 액세스를 복구하세요.",
+    "billingTrialBannerTitle": "무료 평가판 활성화",
+    "billingTrialBannerDescription": "현재 비즈니스 티어의 무료 평가판을 사용 중입니다. 평가판이 종료되면 계정은 자동으로 기본 티어 기능 및 제한으로 돌아갑니다. 현재 계획의 기능을 유지하려면 언제든지 업그레이드 하세요.",
+    "billingTrialBannerUpgrade": "지금 업그레이드",
+    "billingTrialBadge": "무료 평가판",
+    "trialActive": "무료 체험 활성화됨",
+    "trialExpired": "체험 만료됨",
+    "trialHasEnded": "시험 사용 기간이 종료되었습니다.",
+    "trialDaysRemaining": "{count, plural, other {#일 남음}}",
+    "trialDaysLeftShort": "시험 사용 기간 종료까지 {days}일 남음",
+    "trialGoToBilling": "청구 페이지로 이동",
    "subscriptionViolationViewBilling": "청구 보기",
    "componentsLicenseViolation": "라이센스 위반: 이 서버는 {usedSites} 사이트를 사용하고 있으며, 이는 {maxSites} 사이트의 라이센스 한도를 초과합니다. 모든 기능을 계속 사용하려면 라이센스 조건을 따르십시오.",
    "componentsSupporterMessage": "{tier}로 판골린을 지원해 주셔서 감사합니다!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "구성을 복사했습니다.",
    "searchSitesProgress": "사이트 검색...",
    "siteAdd": "사이트 추가",
+    "sitesTableViewPublicResources": "공용 리소스 보기",
+    "sitesTableViewPrivateResources": "개인 리소스 보기",
    "siteInstallNewt": "Newt 설치",
    "siteInstallNewtDescription": "시스템에서 Newt 실행하기",
    "WgConfiguration": "WireGuard 구성",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "사이트가 업데이트되었습니다.",
    "siteGeneralDescription": "이 사이트에 대한 일반 설정을 구성하세요.",
    "siteSettingDescription": "사이트에서 설정을 구성하세요.",
+    "siteResourcesTab": "리소스",
+    "siteResourcesNoneOnSite": "이 사이트에는 아직 공용 또는 개인 리소스가 없습니다.",
+    "siteResourcesSectionPublic": "공용 리소스",
+    "siteResourcesSectionPrivate": "개인 리소스",
+    "siteResourcesSectionPublicDescription": "도메인이나 포트를 통해 외부에 노출되는 리소스.",
+    "siteResourcesSectionPrivateDescription": "사이트를 통해 개인 네트워크에서 사용할 수 있는 리소스.",
+    "siteResourcesViewAllPublic": "모든 리소스 보기",
+    "siteResourcesViewAllPrivate": "모든 리소스 보기",
+    "siteResourcesDialogDescription": "이 사이트와 연관된 공용 및 개인 리소스의 개요.",
+    "siteResourcesShowMore": "더 보기",
+    "siteResourcesPermissionDenied": "이 리소스를 나열할 권한이 없습니다.",
+    "siteResourcesEmptyPublic": "이 사이트에는 아직 대상 공용 리소스가 없습니다.",
+    "siteResourcesEmptyPrivate": "이 사이트와 연결된 개인 리소스가 아직 없습니다.",
+    "siteResourcesHowToAccess": "액세스 방법",
+    "siteResourcesTargetsOnSite": "이 사이트의 대상",
    "siteSetting": "{siteName} 설정",
    "siteNewtTunnel": "뉴트 사이트 (추천)",
    "siteNewtTunnelDescription": "네트워크의 진입점을 생성하는 가장 쉬운 방법입니다. 추가 설정이 필요 없습니다.",
@@ -148,6 +181,11 @@
    "createLink": "링크 생성",
    "resourcesNotFound": "리소스가 발견되지 않았습니다.",
    "resourceSearch": "리소스 검색",
+    "machineSearch": "기계 검색",
+    "machinesSearch": "기계 클라이언트 검색...",
+    "machineNotFound": "기계를 찾을 수 없습니다",
+    "userDeviceSearch": "사용자 장치 검색",
+    "userDevicesSearch": "사용자 장치 검색...",
    "openMenu": "메뉴 열기",
    "resource": "리소스",
    "title": "제목",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "완전한 도메인 이름을 사용해 RAW 또는 HTTPS로 프록시 요청을 수행합니다.",
    "resourceRaw": "원시 TCP/UDP 리소스",
    "resourceRawDescription": "포트 번호를 사용하여 RAW TCP/UDP로 요청을 프록시합니다.",
+    "resourceRawDescriptionCloud": "포트 번호를 사용하여 원격 노드에 연결해야 합니다. 원격 노드에서 리소스를 사용하려면 사용자 지정 도메인을 사용하십시오.",
    "resourceCreate": "리소스 생성",
    "resourceCreateDescription": "아래 단계를 따라 새 리소스를 생성하세요.",
    "resourceSeeAll": "모든 리소스 보기",
@@ -261,8 +300,11 @@
    "orgMissing": "조직 ID가 누락되었습니다",
    "orgMissingMessage": "조직 ID 없이 초대장을 재생성할 수 없습니다.",
    "accessUsersManage": "사용자 관리",
+    "accessUserManage": "사용자 관리",
    "accessUsersDescription": "이 조직에 액세스할 사용자 초대 및 관리",
    "accessUsersSearch": "사용자 검색...",
+    "accessUsersRoleFilterCount": "{count, plural, other {# 역할}}",
+    "accessUsersRoleFilterClear": "역할 필터 지우기",
    "accessUserCreate": "사용자 생성",
    "accessUserRemove": "사용자 제거",
    "username": "사용자 이름",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "API 키 삭제",
    "apiKeysManage": "API 키 관리",
    "apiKeysDescription": "API 키는 통합 API와 인증하는 데 사용됩니다.",
+    "provisioningKeysTitle": "프로비저닝 키",
+    "provisioningKeysManage": "프로비저닝 키 관리",
+    "provisioningKeysDescription": "프로비저닝 키는 조직의 자동 사이트 프로비저닝 인증에 사용됩니다.",
+    "provisioningManage": "프로비저닝",
+    "provisioningDescription": "프로비저닝 키를 관리하고 승인을 기다리는 사이트를 검토합니다.",
+    "pendingSites": "대기중인 사이트",
+    "siteApproveSuccess": "사이트가 성공적으로 승인되었습니다",
+    "siteApproveError": "사이트 승인 오류",
+    "provisioningKeys": "프로비저닝 키",
+    "searchProvisioningKeys": "프로비저닝 키 검색...",
+    "provisioningKeysAdd": "프로비저닝 키 생성",
+    "provisioningKeysErrorDelete": "프로비저닝 키 삭제 오류",
+    "provisioningKeysErrorDeleteMessage": "프로비저닝 키 삭제 오류",
+    "provisioningKeysQuestionRemove": "이 프로비저닝 키를 조직에서 제거하시겠습니까?",
+    "provisioningKeysMessageRemove": "제거 후에는 이 키를 사이트 프로비저닝에 사용할 수 없습니다.",
+    "provisioningKeysDeleteConfirm": "프로비저닝 키 삭제 확인",
+    "provisioningKeysDelete": "프로비저닝 키 삭제",
+    "provisioningKeysCreate": "프로비저닝 키 생성",
+    "provisioningKeysCreateDescription": "조직을 위한 새로운 프로비저닝 키 생성",
+    "provisioningKeysSeeAll": "모든 프로비저닝 키 보기",
+    "provisioningKeysSave": "프로비저닝 키 저장",
+    "provisioningKeysSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
+    "provisioningKeysErrorCreate": "프로비저닝 키 생성 오류",
+    "provisioningKeysList": "새 프로비저닝 키",
+    "provisioningKeysMaxBatchSize": "최대 배치 크기",
+    "provisioningKeysUnlimitedBatchSize": "무제한 배치 크기 (제한 없음)",
+    "provisioningKeysMaxBatchUnlimited": "무제한",
+    "provisioningKeysMaxBatchSizeInvalid": "유효한 최대 배치 크기를 입력하세요 (1–1,000,000).",
+    "provisioningKeysValidUntil": "유효 기간",
+    "provisioningKeysValidUntilHint": "만료 날짜를 설정하지 않을 경우 빈칸으로 남겨 두세요.",
+    "provisioningKeysValidUntilInvalid": "유효한 날짜와 시간을 입력하세요.",
+    "provisioningKeysNumUsed": "사용 횟수",
+    "provisioningKeysLastUsed": "마지막 사용",
+    "provisioningKeysNoExpiry": "만료 없음",
+    "provisioningKeysNeverUsed": "절대",
+    "provisioningKeysEdit": "프로비저닝 키 수정",
+    "provisioningKeysEditDescription": "이 키의 최대 배치 크기 및 만료 시간을 업데이트하세요.",
+    "provisioningKeysApproveNewSites": "새로운 사이트 승인",
+    "provisioningKeysApproveNewSitesDescription": "이 키를 등록하는 사이트를 자동으로 승인합니다.",
+    "provisioningKeysUpdateError": "프로비저닝 키 업데이트 오류",
+    "provisioningKeysUpdated": "프로비저닝 키가 업데이트되었습니다",
+    "provisioningKeysUpdatedDescription": "변경 사항이 저장되었습니다.",
+    "provisioningKeysBannerTitle": "사이트 프로비저닝 키",
+    "provisioningKeysBannerDescription": "프로비저닝 키를 생성하고 Newt 커넥터와 함께 사용하여 첫 시작 시 사이트를 자동 생성 - 각 사이트에 대한 별도 자격 증명이 필요 없습니다.",
+    "provisioningKeysBannerButtonText": "자세히 알아보기",
+    "pendingSitesBannerTitle": "대기중인 사이트",
+    "pendingSitesBannerDescription": "프로비저닝 키를 사용하여 연결된 사이트가 검토를 위해 여기에 표시됩니다.",
+    "pendingSitesBannerButtonText": "자세히 알아보기",
    "apiKeysSettings": "{apiKeyName} 설정",
    "userTitle": "모든 사용자 관리",
    "userDescription": "시스템의 모든 사용자를 보고 관리합니다",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "라이센스 키 활성화에 실패했습니다.",
    "licenseErrorKeyActivateDescription": "라이센스 키를 활성화하는 동안 오류가 발생했습니다",
    "licenseAbout": "라이센스에 대한 정보",
+    "licenseBannerTitle": "기업 라이선스 활성화",
+    "licenseBannerDescription": "자체 호스팅된 Pangolin 인스턴스에서 기업 기능을 잠금 해제하십시오. 라이선스 키를 구입하여 프리미엄 기능을 활성화하고 아래에 추가하십시오.",
+    "licenseBannerGetLicense": "라이선스 획득",
+    "licenseBannerViewDocs": "문서 보기",
    "communityEdition": "커뮤니티 에디션",
    "licenseAboutDescription": "이것은 상업적 환경에서 Pangolin을 사용하는 비즈니스 및 기업 사용자용입니다. 개인 용도로 Pangolin을 사용하는 경우 이 섹션을 무시할 수 있습니다.",
    "licenseKeyActivated": "라이센스 키가 활성화되었습니다",
@@ -508,9 +602,12 @@
    "userSaved": "사용자 저장됨",
    "userSavedDescription": "사용자가 업데이트되었습니다.",
    "autoProvisioned": "자동 프로비저닝됨",
+    "autoProvisionSettings": "자동 프로비저닝 설정",
    "autoProvisionedDescription": "이 사용자가 ID 공급자에 의해 자동으로 관리될 수 있도록 허용합니다",
    "accessControlsDescription": "이 사용자가 조직에서 접근하고 수행할 수 있는 작업을 관리하세요",
    "accessControlsSubmit": "접근 제어 저장",
+    "singleRolePerUserPlanNotice": "계획에는 사용자당 한 가지 역할만 지원됩니다.",
+    "singleRolePerUserEditionNotice": "이 판에는 사용자당 한 가지 역할만 지원됩니다.",
    "roles": "역할",
    "accessUsersRoles": "사용자 및 역할 관리",
    "accessUsersRolesDescription": "사용자를 초대하고 역할에 추가하여 조직에 대한 접근을 관리하세요",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "유효한 포트 번호를 입력하세요.",
    "targetErrorNoSite": "선택된 사이트 없음",
    "targetErrorNoSiteDescription": "대상을 위해 사이트를 선택하세요.",
+    "targetTargetsCleared": "대상이 제거됨",
+    "targetTargetsClearedDescription": "이 리소스에서 모든 대상이 제거되었습니다",
    "targetCreated": "대상 생성",
    "targetCreatedDescription": "대상이 성공적으로 생성되었습니다.",
    "targetErrorCreate": "대상 생성 실패",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "리소스를 전환하는 데 실패했습니다.",
    "resourcesErrorUpdateDescription": "리소스를 업데이트하는 동안 오류가 발생했습니다.",
    "access": "접속",
+    "accessControl": "액세스 제어",
    "shareLink": "{resource} 공유 링크",
    "resourceSelect": "리소스 선택",
    "shareLinks": "공유 링크",
@@ -667,6 +767,7 @@
    "newtEndpoint": "엔드포인트",
    "newtId": "ID",
    "newtSecretKey": "비밀",
+    "newtVersion": "버전",
    "architecture": "아키텍처",
    "sites": "사이트",
    "siteWgAnyClients": "WireGuard 클라이언트를 사용하여 연결하십시오. 피어 IP를 사용하여 내부 리소스에 접근해야 합니다.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "역할이 제거되었습니다",
    "accessRoleRemovedDescription": "역할이 성공적으로 제거되었습니다.",
    "accessRoleRequiredRemove": "이 역할을 삭제하기 전에 기존 구성원을 전송할 새 역할을 선택하세요.",
+    "network": "네트워크",
    "manage": "관리",
    "sitesNotFound": "사이트를 찾을 수 없습니다.",
    "pangolinServerAdmin": "서버 관리자 - 판골린",
@@ -833,6 +935,7 @@
    "idpDisplayName": "이 신원 공급자를 위한 표시 이름",
    "idpAutoProvisionUsers": "사용자 자동 프로비저닝",
    "idpAutoProvisionUsersDescription": "활성화되면 사용자가 첫 로그인 시 시스템에 자동으로 생성되며, 사용자와 역할 및 조직을 매핑할 수 있습니다.",
+    "idpAutoProvisionConfigureAfterCreate": "아이덴티티 공급자가 생성되면 자동 프로비저닝 설정을 구성할 수 있습니다.",
    "licenseBadge": "EE",
    "idpType": "제공자 유형",
    "idpTypeDescription": "구성할 ID 공급자의 유형을 선택하십시오.",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "기본 역할 매핑",
    "defaultMappingsRoleDescription": "이 표현식의 결과는 조직에서 정의된 역할 이름을 문자열로 반환해야 합니다.",
    "defaultMappingsOrg": "기본 조직 매핑",
-    "defaultMappingsOrgDescription": "이 표현식은 사용자가 조직에 접근할 수 있도록 조직 ID 또는 true를 반환해야 합니다.",
+    "defaultMappingsOrgDescription": "이 표현식은 사용자가 조직에 접근할 수 있도록 조직 ID 또는 true를 반환해야 합니다. 설정되지 않으면, 역할 매핑 정의가 충분합니다: 사용자는 유효한 역할 매핑이 해석되는 한 조직에 허용됩니다.",
    "defaultMappingsSubmit": "기본 매핑 저장",
    "orgPoliciesEdit": "조직 정책 편집",
    "org": "조직",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "앗! 찾고 있는 페이지가 존재하지 않습니다.",
    "overview": "개요",
    "home": "홈",
-    "accessControl": "액세스 제어",
    "settings": "설정",
    "usersAll": "모든 사용자",
    "license": "라이선스",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "사용자 조회",
    "actionGetOrgUser": "조직 사용자 가져오기",
    "actionListOrgDomains": "조직 도메인 목록",
+    "actionGetDomain": "도메인 가져오기",
+    "actionCreateOrgDomain": "도메인 생성",
+    "actionUpdateOrgDomain": "도메인 업데이트",
+    "actionDeleteOrgDomain": "도메인 삭제",
+    "actionGetDNSRecords": "DNS 레코드 가져오기",
+    "actionRestartOrgDomain": "도메인 재시작",
    "actionCreateSite": "사이트 생성",
    "actionDeleteSite": "사이트 삭제",
    "actionGetSite": "사이트 가져오기",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.",
    "setupTokenRequired": "설정 토큰이 필요합니다",
    "actionUpdateSite": "사이트 업데이트",
+    "actionResetSiteBandwidth": "조직 대역폭 재설정",
    "actionListSiteRoles": "허용된 사이트 역할 목록",
    "actionCreateResource": "리소스 생성",
    "actionDeleteResource": "리소스 삭제",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "사용자 제거",
    "actionListUsers": "사용자 목록",
    "actionAddUserRole": "사용자 역할 추가",
+    "actionSetUserOrgRoles": "사용자 역할 설정",
    "actionGenerateAccessToken": "액세스 토큰 생성",
    "actionDeleteAccessToken": "액세스 토큰 삭제",
    "actionListAccessTokens": "액세스 토큰 목록",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "로그 보기",
    "noneSelected": "선택된 항목 없음",
    "orgNotFound2": "조직이 없습니다.",
+    "search": "검색…",
    "searchPlaceholder": "검색...",
    "emptySearchOptions": "옵션이 없습니다",
    "create": "생성",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "비공개",
    "sidebarAccessControl": "액세스 제어",
    "sidebarLogsAndAnalytics": "로그 및 분석",
+    "sidebarTeam": "팀",
    "sidebarUsers": "사용자",
    "sidebarAdmin": "관리자",
    "sidebarInvitations": "초대",
    "sidebarRoles": "역할",
    "sidebarShareableLinks": "링크",
    "sidebarApiKeys": "API 키",
+    "sidebarProvisioning": "프로비저닝",
    "sidebarSettings": "설정",
    "sidebarAllUsers": "모든 사용자",
    "sidebarIdentityProviders": "신원 공급자",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "관리",
    "sidebarLogAndAnalytics": "로그 & 통계",
    "sidebarBluePrints": "청사진",
+    "sidebarAlerting": "알림",
+    "sidebarHealthChecks": "상태 확인",
    "sidebarOrganization": "조직",
+    "sidebarManagement": "관리",
    "sidebarBillingAndLicenses": "결제 및 라이선스",
    "sidebarLogsAnalytics": "분석",
+    "alertingTitle": "알림",
+    "alertingDescription": "알림에 대한 소스, 트리거 및 작업 정의",
+    "alertingRules": "알림 규칙",
+    "alertingSearchRules": "규칙 검색…",
+    "alertingAddRule": "규칙 생성",
+    "alertingColumnSource": "소스",
+    "alertingColumnTrigger": "트리거",
+    "alertingColumnActions": "작업",
+    "alertingColumnEnabled": "활성화됨",
+    "alertingDeleteQuestion": "이 알림 규칙을 삭제하겠습니까.",
+    "alertingDeleteRule": "알림 규칙 삭제",
+    "alertingRuleDeleted": "알림 규칙 삭제됨",
+    "alertingRuleSaved": "알림 규칙 저장됨",
+    "alertingRuleSavedCreatedDescription": "새 알림 규칙이 생성되었습니다. 이 페이지에서 계속 편집할 수 있습니다.",
+    "alertingRuleSavedUpdatedDescription": "이 알림 규칙에 대한 변경 사항이 저장되었습니다.",
+    "alertingEditRule": "알림 규칙 편집",
+    "alertingCreateRule": "알림 규칙 생성",
+    "alertingRuleCredenzaDescription": "무엇을 감시할지, 언제 알릴지, 어떻게 알릴지를 선택하세요.",
+    "alertingRuleNamePlaceholder": "프로덕션 사이트 중단",
+    "alertingRuleEnabled": "규칙 활성화됨",
+    "alertingSectionSource": "소스",
+    "alertingSourceType": "소스 유형",
+    "alertingSourceSite": "사이트",
+    "alertingSourceHealthCheck": "상태 확인",
+    "alertingPickSites": "사이트들",
+    "alertingPickHealthChecks": "상태 확인들",
+    "alertingPickResources": "리소스들",
+    "alertingAllSites": "모든 사이트",
+    "alertingAllSitesDescription": "모든 사이트에서 알림 발동",
+    "alertingSpecificSites": "특정 사이트",
+    "alertingSpecificSitesDescription": "감시할 특정 사이트를 선택하세요",
+    "alertingAllHealthChecks": "모든 상태 확인",
+    "alertingAllHealthChecksDescription": "모든 상태 확인에 대한 알림 발동",
+    "alertingSpecificHealthChecks": "특정 상태 확인",
+    "alertingSpecificHealthChecksDescription": "감시할 특정 상태 확인을 선택하세요",
+    "alertingAllResources": "모든 리소스",
+    "alertingAllResourcesDescription": "모든 리소스에 대한 알림 발동",
+    "alertingSpecificResources": "특정 리소스",
+    "alertingSpecificResourcesDescription": "감시할 특정 리소스를 선택하세요",
+    "alertingSelectResources": "리소스 선택…",
+    "alertingResourcesSelected": "{count}개의 리소스 선택됨",
+    "alertingResourcesEmpty": "앞 10개의 결과에서 타겟이 있는 리소스 없음.",
+    "alertingSectionTrigger": "트리거",
+    "alertingTrigger": "언제 알림을 받을지",
+    "alertingTriggerSiteOnline": "사이트 온라인",
+    "alertingTriggerSiteOffline": "사이트 오프라인",
+    "alertingTriggerSiteToggle": "사이트 상태 변경",
+    "alertingTriggerHcHealthy": "상태 확인 정상",
+    "alertingTriggerHcUnhealthy": "상태 확인 비정상",
+    "alertingTriggerHcToggle": "상태 확인 상태 변경",
+    "alertingTriggerResourceHealthy": "리소스 정상",
+    "alertingTriggerResourceUnhealthy": "리소스 비정상",
+    "alertingTriggerResourceDegraded": "리소스 열화",
+    "alertingSearchHealthChecks": "상태 확인 검색…",
+    "alertingHealthChecksEmpty": "사용 가능한 상태 확인이 없습니다.",
+    "alertingTriggerResourceToggle": "리소스 상태 변경",
+    "alertingSourceResource": "리소스",
+    "alertingSectionActions": "작업",
+    "alertingAddAction": "작업 추가",
+    "alertingActionNotify": "이메일",
+    "alertingActionNotifyDescription": "사용자 또는 역할에게 이메일 알림 전송",
+    "alertingActionWebhook": "웹훅",
+    "alertingActionWebhookDescription": "사용자 정의 엔드포인트로 HTTP 요청 보내기",
+    "alertingExternalIntegration": "외부 통합",
+    "alertingExternalPagerDutyDescription": "사고 관리를 위해 PagerDuty에 알림 보내기",
+    "alertingExternalOpsgenieDescription": "대기 중인 관리자로 Opsgenie에 알림 보내기",
+    "alertingExternalServiceNowDescription": "알림 이벤트로 ServiceNow 사고 생성",
+    "alertingExternalIncidentIoDescription": "알림 이벤트로 Incident.io 워크플로우 트리거",
+    "alertingActionType": "작업 유형",
+    "alertingNotifyUsers": "사용자들",
+    "alertingNotifyRoles": "역할들",
+    "alertingNotifyEmails": "이메일 주소들",
+    "alertingEmailPlaceholder": "이메일 추가 후 Enter 키를 누르세요",
+    "alertingWebhookMethod": "HTTP 메소드",
+    "alertingWebhookSecret": "서명 비밀 (선택 사항)",
+    "alertingWebhookSecretPlaceholder": "HMAC 비밀",
+    "alertingWebhookHeaders": "헤더들",
+    "alertingAddHeader": "헤더 추가",
+    "alertingSelectSites": "사이트 선택…",
+    "alertingSitesSelected": "{count}개의 사이트 선택됨",
+    "alertingSelectHealthChecks": "상태 확인 선택…",
+    "alertingHealthChecksSelected": "{count}개의 상태 확인 선택됨",
+    "alertingNoHealthChecks": "활성화된 상태 확인이 있는 타겟 없음",
+    "alertingHealthCheckStub": "상태 확인 소스 선택은 아직 연결되지 않았습니다 - 트리거 및 작업을 계속 구성할 수 있습니다.",
+    "alertingSelectUsers": "사용자 선택…",
+    "alertingUsersSelected": "{count}명의 사용자 선택됨",
+    "alertingSelectRoles": "역할 선택…",
+    "alertingRolesSelected": "{count}개의 역할 선택됨",
+    "alertingSummarySites": "사이트 ({count})",
+    "alertingSummaryAllSites": "모든 사이트",
+    "alertingSummaryHealthChecks": "상태 확인 ({count})",
+    "alertingSummaryAllHealthChecks": "모든 상태 확인",
+    "alertingSummaryResources": "리소스 ({count})",
+    "alertingSummaryAllResources": "모든 리소스",
+    "alertingErrorNameRequired": "이름을 입력하세요",
+    "alertingErrorActionsMin": "최소한 하나의 작업 추가",
+    "alertingErrorPickSites": "최소한 하나의 사이트 선택",
+    "alertingErrorPickHealthChecks": "최소한 하나의 상태 확인 선택",
+    "alertingErrorPickResources": "최소한 하나의 리소스 선택",
+    "alertingErrorTriggerSite": "사이트 트리거 선택",
+    "alertingErrorTriggerHealth": "상태 확인 트리거 선택",
+    "alertingErrorTriggerResource": "리소스 트리거 선택",
+    "alertingErrorNotifyRecipients": "사용자, 역할 또는 최소 하나의 이메일 선택",
+    "alertingConfigureSource": "소스 구성",
+    "alertingConfigureTrigger": "트리거 구성",
+    "alertingConfigureActions": "작업 구성",
+    "alertingBackToRules": "규칙으로 돌아가기",
+    "alertingRuleCooldown": "냉각 시간 (초)",
+    "alertingRuleCooldownDescription": "같은 규칙에 대해 반복된 알림 사이의 최소 시간. 매번 발생하려면 0으로 설정하세요.",
+    "alertingDraftBadge": "초안 - 이 규칙을 저장하려면 저장",
+    "alertingSidebarHint": "여기에서 편집하려면 캔버스의 단계를 클릭하세요.",
+    "alertingGraphCanvasTitle": "규칙 흐름",
+    "alertingGraphCanvasDescription": "소스, 트리거 및 작업의 시각적 개요입니다. 노드를 선택하여 패널에서 수정할 수 있습니다.",
+    "alertingNodeNotConfigured": "아직 구성되지 않음",
+    "alertingNodeActionsCount": "{count, plural, other {# 작업}}",
+    "alertingNodeRoleSource": "소스",
+    "alertingNodeRoleTrigger": "트리거",
+    "alertingNodeRoleAction": "작업",
+    "alertingTabRules": "알림 규칙",
+    "alertingTabHealthChecks": "상태 확인",
+    "alertingRulesBannerTitle": "알림 받기",
+    "alertingRulesBannerDescription": "각 규칙은 무엇을 감시할지(사이트, 상태 확인, 리소스), 언제 발동할지(예: 오프라인 또는 비정상), 이메일, 웹훅 또는 통합을 통해 팀에 어떻게 알릴지를 연결합니다. 이 목록을 사용하여 규칙을 생성, 활성화 및 관리하세요.",
+    "alertingHealthChecksBannerTitle": "건강 및 리소스 모니터링",
+    "alertingHealthChecksBannerDescription": "상태 확인은 한 번 정의한 HTTP 또는 TCP 모니터링입니다. 그런 다음 이를 알림 규칙의 소스로 사용하여 타겟이 정상 또는 비정상이 되었을 때 알림을 받을 수 있습니다. 리소스의 상태 확인도 여기에 나타납니다.",
+    "standaloneHcTableTitle": "상태 확인",
+    "standaloneHcSearchPlaceholder": "상태 확인 검색…",
+    "standaloneHcAddButton": "상태 확인 생성",
+    "standaloneHcCreateTitle": "상태 확인 생성",
+    "standaloneHcEditTitle": "상태 확인 편집",
+    "standaloneHcDescription": "알림 규칙에 사용할 HTTP 또는 TCP 상태 확인을 구성하세요.",
+    "standaloneHcNameLabel": "이름",
+    "standaloneHcNamePlaceholder": "나의 HTTP 모니터",
+    "standaloneHcDeleteTitle": "상태 확인 삭제",
+    "standaloneHcDeleteQuestion": "이 상태 확인을 삭제하겠습니까.",
+    "standaloneHcDeleted": "상태 확인 삭제됨",
+    "standaloneHcSaved": "상태 확인 저장됨",
+    "standaloneHcColumnHealth": "건강",
+    "standaloneHcColumnMode": "모드",
+    "standaloneHcColumnTarget": "타겟",
+    "standaloneHcHealthStateHealthy": "정상",
+    "standaloneHcHealthStateUnhealthy": "비정상",
+    "standaloneHcHealthStateUnknown": "알 수 없음",
+    "standaloneHcFilterAnySite": "모든 사이트",
+    "standaloneHcFilterAnyResource": "모든 리소스",
+    "standaloneHcFilterMode": "모드",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "핑",
+    "standaloneHcFilterHealth": "건강",
+    "standaloneHcFilterEnabled": "활성화됨",
+    "standaloneHcFilterEnabledOn": "활성화됨",
+    "standaloneHcFilterEnabledOff": "비활성화됨",
+    "standaloneHcFilterSiteIdFallback": "사이트 {id}",
+    "standaloneHcFilterResourceIdFallback": "리소스 {id}",
    "blueprints": "청사진",
    "blueprintsDescription": "선언적 구성을 적용하고 이전 실행을 봅니다",
    "blueprintAdd": "청사진 추가",
@@ -1289,7 +1560,6 @@
    "parsedContents": "구문 분석된 콘텐츠 (읽기 전용)",
    "enableDockerSocket": "Docker 청사진 활성화",
    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 수집을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
-    "enableDockerSocketLink": "자세히 알아보기",
    "viewDockerContainers": "도커 컨테이너 보기",
    "containersIn": "{siteName}의 컨테이너",
    "selectContainerDescription": "이 대상을 위한 호스트 이름으로 사용할 컨테이너를 선택하세요. 포트를 사용하려면 포트를 클릭하세요.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "초기 서버 관리자 계정을 생성하세요. 서버 관리자 계정은 하나만 존재할 수 있습니다. 이러한 자격 증명은 나중에 언제든지 변경할 수 있습니다.",
    "createAdminAccount": "관리자 계정 생성",
    "setupErrorCreateAdmin": "서버 관리자 계정을 생성하는 동안 오류가 발생했습니다.",
-    "certificateStatus": "인증서 상태",
+    "certificateStatus": "인증서",
+    "certificateStatusAutoRefreshHint": "상태가 자동으로 새로 고쳐집니다.",
    "loading": "로딩 중",
    "loadingAnalytics": "분석 로딩 중",
    "restart": "재시작",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "릴리스 노트 보기",
    "newtUpdateAvailable": "업데이트 가능",
    "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
+    "pangolinNodeUpdateAvailableInfo": "Pangolin Node의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
    "domainPickerEnterDomain": "도메인",
    "domainPickerPlaceholder": "myapp.example.com",
    "domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "이름 공간: {namespace}",
    "domainPickerShowMore": "더보기",
    "regionSelectorTitle": "지역 선택",
+    "domainPickerRemoteExitNodeWarning": "제공된 도메인은 원격 종료 노드에 연결된 사이트에서 지원되지 않습니다. 원격 노드에서 리소스를 사용하려면 사용자 지정 도메인을 사용하십시오.",
    "regionSelectorInfo": "지역을 선택하면 위치에 따라 더 나은 성능이 제공됩니다. 서버와 같은 지역에 있을 필요는 없습니다.",
    "regionSelectorPlaceholder": "지역 선택",
    "regionSelectorComingSoon": "곧 출시 예정",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "기능 가용성 알림",
    "billingFeatureLossDescription": "다운그레이드함으로써 새 계획에서 사용할 수 없는 기능은 자동으로 비활성화됩니다. 일부 설정 및 구성은 손실될 수 있습니다. 어떤 기능들이 더 이상 사용 불가능한지 이해하기 위해 가격표를 검토하세요.",
    "billingUsageExceedsLimit": "현재 사용량 ({current})이 제한 ({limit})을 초과합니다",
+    "billingPastDueTitle": "연체된 결제",
+    "billingPastDueDescription": "결제가 연체되었습니다. 현재 이용 중인 플랜 기능을 계속 사용하기 위해 결제 수단을 업데이트해 주세요. 해결되지 않으면 구독이 취소되고 무료 요금제로 전환됩니다.",
+    "billingUnpaidTitle": "결제되지 않은 구독",
+    "billingUnpaidDescription": "구독 결제가 완료되지 않아 무료 요금제로 전환되었습니다. 구독을 복원하려면 결제 수단을 업데이트해 주세요.",
+    "billingIncompleteTitle": "불완전한 결제",
+    "billingIncompleteDescription": "결제가 불완전합니다. 구독을 활성화하기 위해 결제 과정을 완료해 주세요.",
+    "billingIncompleteExpiredTitle": "만료된 결제",
+    "billingIncompleteExpiredDescription": "결제가 완료되지 않아 만료되었습니다. 무료 요금제로 전환되었습니다. 유료 기능에 대한 액세스를 복원하려면 다시 구독해 주세요.",
+    "billingManageSubscription": "구독을 관리하십시오",
+    "billingResolvePaymentIssue": "업그레이드 또는 다운그레이드하기 전에 결제 문제를 해결해 주세요.",
    "signUpTerms": {
        "IAgreeToThe": "동의합니다",
        "termsOfService": "서비스 약관",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "상태 확인 설정",
    "configureHealthCheckDescription": "{target}에 대한 상태 모니터링 설정",
    "enableHealthChecks": "상태 확인 활성화",
+    "healthCheckDisabledStateDescription": "비활성화되면 이 사이트가 상태 확인을 수행하지 않으며 상태가 알 수 없는 것으로 간주됩니다.",
    "enableHealthChecksDescription": "이 대상을 모니터링하여 건강 상태를 확인하세요. 필요에 따라 대상과 다른 엔드포인트를 모니터링할 수 있습니다.",
    "healthScheme": "방법",
    "healthSelectScheme": "방법 선택",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "시간은 초 단위입니다",
    "requireDeviceApproval": "장치 승인 요구",
    "requireDeviceApprovalDescription": "이 역할을 가진 사용자는 장치가 연결되기 전에 관리자의 승인이 필요합니다.",
+    "sshAccess": "SSH 접속",
+    "roleAllowSsh": "SSH 허용",
+    "roleAllowSshAllow": "허용",
+    "roleAllowSshDisallow": "허용 안 함",
+    "roleAllowSshDescription": "이 역할을 가진 사용자가 SSH를 통해 리소스에 연결할 수 있도록 허용합니다. 비활성화되면 역할은 SSH 접속을 사용할 수 없습니다.",
+    "sshSudoMode": "Sudo 접속",
+    "sshSudoModeNone": "없음",
+    "sshSudoModeNoneDescription": "사용자는 sudo로 명령을 실행할 수 없습니다.",
+    "sshSudoModeFull": "전체 Sudo",
+    "sshSudoModeFullDescription": "사용자는 모든 명령을 sudo로 실행할 수 있습니다.",
+    "sshSudoModeCommands": "명령",
+    "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
+    "sshSudo": "Sudo 허용",
+    "sshSudoCommands": "Sudo 명령",
+    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령어의 쉼표로 구분된 목록입니다.",
+    "sshCreateHomeDir": "홈 디렉터리 생성",
+    "sshUnixGroups": "유닉스 그룹",
+    "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
    "retryAttempts": "재시도 횟수",
    "expectedResponseCodes": "예상 응답 코드",
    "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "확인 간격은 최소 5초여야 합니다.",
    "healthCheckTimeoutMin": "시간 초과는 최소 1초여야 합니다.",
    "healthCheckRetryMin": "재시도 횟수는 최소 1회여야 합니다.",
+    "healthCheckMode": "확인 모드",
+    "healthCheckStrategy": "전략",
+    "healthCheckModeDescription": "TCP 모드는 연결성만 확인합니다. HTTP 모드는 HTTP 응답을 확인합니다.",
+    "healthyThreshold": "건강 임계값",
+    "healthyThresholdDescription": "정상으로 표시되기 전에 연속 성공이 필요합니다.",
+    "unhealthyThreshold": "비정상 임계값",
+    "unhealthyThresholdDescription": "비정상으로 표시되기 전에 연속 실패가 필요합니다.",
+    "healthCheckHealthyThresholdMin": "정상 임계값은 최소 1 이상이어야 합니다",
+    "healthCheckUnhealthyThresholdMin": "비정상 임계값은 최소 1 이상이어야 합니다",
    "httpMethod": "HTTP 메소드",
    "selectHttpMethod": "HTTP 메소드 선택",
    "domainPickerSubdomainLabel": "서브도메인",
+    "domainPickerWildcard": "와일드카드",
+    "domainPickerWildcardPaidOnly": "와일드카드 서브도메인은 유료 기능입니다. 이 기능에 액세스하려면 업그레이드하세요.",
    "domainPickerBaseDomainLabel": "기본 도메인",
    "domainPickerSearchDomains": "도메인 검색...",
    "domainPickerNoDomainsFound": "찾을 수 없는 도메인이 없습니다",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "이 주소는 조직의 유틸리티 서브넷의 일부로, 내부 DNS 해석을 사용하여 별칭 레코드를 해석하는 데 사용됩니다.",
    "resourcesTableClients": "클라이언트",
    "resourcesTableAndOnlyAccessibleInternally": "클라이언트와 연결되었을 때만 내부적으로 접근 가능합니다.",
-    "resourcesTableNoTargets": "대상 없음",
    "resourcesTableHealthy": "정상",
    "resourcesTableDegraded": "저하됨",
-    "resourcesTableOffline": "오프라인",
+    "resourcesTableUnhealthy": "비정상",
    "resourcesTableUnknown": "알 수 없음",
    "resourcesTableNotMonitored": "모니터링되지 않음",
+    "resourcesTableNoTargets": "대상 없음",
    "editInternalResourceDialogEditClientResource": "비공개 리소스 수정",
    "editInternalResourceDialogUpdateResourceProperties": "{resourceName}의 리소스 속성과 대상 구성을 업데이트하세요",
    "editInternalResourceDialogResourceProperties": "리소스 속성",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "포트",
    "editInternalResourceDialogModeHost": "호스트",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "스킴",
+    "editInternalResourceDialogEnableSsl": "SSL 활성화",
+    "editInternalResourceDialogEnableSslDescription": "목적지로의 안전한 HTTPS 연결을 위한 SSL/TLS 암호화 활성화.",
    "editInternalResourceDialogDestination": "대상지",
    "editInternalResourceDialogDestinationHostDescription": "사이트 네트워크의 자원 IP 주소입니다.",
    "editInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 또는 호스트 네임 주소입니다.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "이름",
    "createInternalResourceDialogSite": "사이트",
    "selectSite": "사이트 선택...",
+    "multiSitesSelectorSitesCount": "{count, plural, other {# 사이트}}",
    "noSitesFound": "사이트를 찾을 수 없습니다.",
    "createInternalResourceDialogProtocol": "프로토콜",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "포트",
    "createInternalResourceDialogModeHost": "호스트",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "스킴",
+    "createInternalResourceDialogScheme": "스킴",
+    "createInternalResourceDialogEnableSsl": "SSL 활성화",
+    "createInternalResourceDialogEnableSslDescription": "목적지로의 안전한 HTTPS 연결을 위한 SSL/TLS 암호화 활성화.",
    "createInternalResourceDialogDestination": "대상지",
    "createInternalResourceDialogDestinationHostDescription": "사이트 네트워크의 자원 IP 주소입니다.",
    "createInternalResourceDialogDestinationCidrDescription": "사이트 네트워크의 자원 IP 주소입니다.",
    "createInternalResourceDialogAlias": "별칭",
    "createInternalResourceDialogAliasDescription": "이 리소스에 대한 선택적 내부 DNS 별칭입니다.",
+    "internalResourceDownstreamSchemeRequired": "HTTP 리소스에 스킴이 필요합니다",
+    "internalResourceHttpPortRequired": "HTTP 리소스에 목적지 포트가 필요합니다",
    "siteConfiguration": "설정",
    "siteAcceptClientConnections": "클라이언트 연결 허용",
    "siteAcceptClientConnectionsDescription": "사용자 장치와 클라이언트가 이 사이트의 리소스에 접근할 수 있도록 허용하세요. 나중에 변경할 수 있습니다.",
@@ -1851,6 +2178,40 @@
    "exitNode": "종단 노드",
    "country": "국가",
    "rulesMatchCountry": "현재 소스 IP를 기반으로 합니다",
+    "region": "지역",
+    "selectRegion": "지역 선택",
+    "searchRegions": "지역 검색...",
+    "noRegionFound": "지역을 찾을 수 없습니다.",
+    "rulesMatchRegion": "국가의 지역 구성을 선택합니다",
+    "rulesErrorInvalidRegion": "잘못된 지역",
+    "rulesErrorInvalidRegionDescription": "유효한 지역을 선택하세요.",
+    "regionAfrica": "아프리카",
+    "regionNorthernAfrica": "북부 아프리카",
+    "regionEasternAfrica": "동부 아프리카",
+    "regionMiddleAfrica": "중부 아프리카",
+    "regionSouthernAfrica": "남부 아프리카",
+    "regionWesternAfrica": "서부 아프리카",
+    "regionAmericas": "아메리카",
+    "regionCaribbean": "카리브",
+    "regionCentralAmerica": "중앙 아메리카",
+    "regionSouthAmerica": "남아메리카",
+    "regionNorthernAmerica": "북미",
+    "regionAsia": "아시아",
+    "regionCentralAsia": "중앙 아시아",
+    "regionEasternAsia": "동아시아",
+    "regionSouthEasternAsia": "동남아시아",
+    "regionSouthernAsia": "남아시아",
+    "regionWesternAsia": "서아시아",
+    "regionEurope": "유럽",
+    "regionEasternEurope": "동부 유럽",
+    "regionNorthernEurope": "북부 유럽",
+    "regionSouthernEurope": "남부 유럽",
+    "regionWesternEurope": "서부 유럽",
+    "regionOceania": "오세아니아",
+    "regionAustraliaAndNewZealand": "호주와 뉴질랜드",
+    "regionMelanesia": "멜라네시아",
+    "regionMicronesia": "미크로네시아",
+    "regionPolynesia": "폴리네시아",
    "managedSelfHosted": {
        "title": "관리 자체 호스팅",
        "description": "더 신뢰할 수 있고 낮은 유지보수의 자체 호스팅 팡골린 서버, 추가 기능 포함",
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "국제 도메인 감지됨",
    "willbestoredas": "다음으로 저장됩니다:",
-    "roleMappingDescription": "자동 프로비저닝이 활성화되면 사용자가 로그인할 때 역할이 할당되는 방법을 결정합니다.",
+    "roleMappingDescription": "사용자가 이 아이덴티티 공급자로 로그인할 때 역할이 할당되는 방법을 결정합니다.",
    "selectRole": "역할 선택",
    "roleMappingExpression": "표현식",
    "selectRolePlaceholder": "역할 선택",
@@ -1899,6 +2260,25 @@
    "invalidValue": "잘못된 값",
    "idpTypeLabel": "신원 공급자 유형",
    "roleMappingExpressionPlaceholder": "예: contains(groups, 'admin') && 'Admin' || 'Member'",
+    "roleMappingModeFixedRoles": "고정 역할",
+    "roleMappingModeMappingBuilder": "매핑 빌더",
+    "roleMappingModeRawExpression": "원시 표현식",
+    "roleMappingFixedRolesPlaceholderSelect": "하나 이상의 역할을 선택하세요",
+    "roleMappingFixedRolesPlaceholderFreeform": "역할 이름 입력 (조직마다 정확히 일치)",
+    "roleMappingFixedRolesDescriptionSameForAll": "모든 자동 프로비전 사용자에게 동일한 역할 세트를 할당합니다.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "기본 정책의 경우 사용자가 프로비저닝된 조직의 역할 이름을 입력하세요. 이름은 정확히 일치해야 합니다.",
+    "roleMappingClaimPath": "클레임 경로",
+    "roleMappingClaimPathPlaceholder": "그룹",
+    "roleMappingClaimPathDescription": "토큰 페이로드에서 소스 값을 포함하는 경로 (예: 그룹).",
+    "roleMappingMatchValue": "매치 값",
+    "roleMappingAssignRoles": "역할 할당",
+    "roleMappingAddMappingRule": "매핑 규칙 추가",
+    "roleMappingRawExpressionResultDescription": "표현식은 문자열 또는 문자열 배열로 평가되어야 합니다.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "표현식은 문자열 (단일 역할 이름)로 평가되어야 합니다.",
+    "roleMappingMatchValuePlaceholder": "매치 값 (예: 관리자)",
+    "roleMappingAssignRolesPlaceholderFreeform": "역할 이름 입력 (조직마다 정확히)",
+    "roleMappingBuilderFreeformRowHint": "역할 이름은 각 대상 조직의 역할과 일치해야 합니다.",
+    "roleMappingRemoveRule": "제거",
    "idpGoogleConfiguration": "Google 구성",
    "idpGoogleConfigurationDescription": "Google OAuth2 자격 증명을 구성합니다.",
    "idpGoogleClientIdDescription": "Google OAuth2 클라이언트 ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "조직 인증 페이지에 대한 도메인을 선택하세요.",
    "domainPickerProvidedDomain": "제공된 도메인",
    "domainPickerFreeProvidedDomain": "무료 제공된 도메인",
+    "domainPickerFreeDomainsPaidFeature": "제공된 도메인은 유료 기능입니다. 요금제에 도메인이 포함되도록 구독하세요. - 별도로 도메인을 준비할 필요 없습니다.",
    "domainPickerVerified": "검증됨",
    "domainPickerUnverified": "검증되지 않음",
-    "domainPickerInvalidSubdomainStructure": "이 하위 도메인은 잘못된 문자 또는 구조를 포함하고 있습니다. 저장 시 자동으로 정리됩니다.",
+    "domainPickerManual": "수동",
+    "domainPickerInvalidSubdomainStructure": "잘못된 문자는 저장 시 새니타이즈됩니다.",
    "domainPickerError": "오류",
    "domainPickerErrorLoadDomains": "조직 도메인 로드 실패",
    "domainPickerErrorCheckAvailability": "도메인 가용성 확인 실패",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "계속하려면 신원 공급자를 선택하세요.",
    "orgAuthNoIdpConfigured": "이 조직은 구성된 신원 공급자가 없습니다. 대신 Pangolin 아이덴티티로 로그인할 수 있습니다.",
    "orgAuthSignInWithPangolin": "Pangolin으로 로그인",
-    "orgAuthSignInToOrg": "조직에 로그인",
+    "orgAuthSignInToOrg": "조직 아이덴티티 제공자 (SSO)",
    "orgAuthSelectOrgTitle": "조직 로그인",
    "orgAuthSelectOrgDescription": "계속하려면 조직 ID를 입력하십시오.",
    "orgAuthOrgIdPlaceholder": "your-organization",
@@ -2138,7 +2520,7 @@
        "alerts": {
            "commercialUseDisclosure": {
                "title": "사용 공개",
-                "description": "당신의 의도된 사용에 정확히 맞는 라이선스 등급을 선택하세요. 개인 라이선스는 연간 총 수익 100,000 USD 이하의 개인, 비상업적 또는 소규모 상업 활동을 위한 소프트웨어의 무료 사용을 허용합니다. 이러한 제한을 넘는 모든 사용 — 비즈니스, 조직 또는 기타 수익 창출 환경 내에서의 사용 — 은 유효한 엔터프라이즈 라이선스 및 해당 라이선스 수수료의 지불이 필요합니다. 개인 또는 기업 사용자는 모두 Fossorial 상용 라이선스 조건을 준수해야 합니다."
+                "description": "당신의 의도된 사용에 정확히 맞는 라이선스 등급을 선택하세요. 개인 라이선스는 연간 총 수익 100,000 USD 이하의 개인, 비상업적 또는 소규모 상업 활동을 위한 소프트웨어의 무료 사용을 허용합니다. 이러한 제한을 넘는 모든 사용 - 비즈니스, 조직 또는 기타 수익 창출 환경 내에서의 사용 - 은 유효한 엔터프라이즈 라이선스 및 해당 라이선스 수수료의 지불이 필요합니다. 개인 또는 기업 사용자는 모두 Fossorial 상용 라이선스 조건을 준수해야 합니다."
            },
            "trialPeriodInformation": {
                "title": "시험 기간 정보",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "스케일",
-                "description": "기업 기능, 50명의 사용자, 50개의 사이트, 우선 지원."
+                "description": "기업 기능, 50명의 사용자, 100개의 사이트, 그리고 우선 지원."
            }
        },
-        "personalUseOnly": "개인 사용 전용 (무료 라이센스 — 체크아웃 없음)",
+        "personalUseOnly": "개인용으로만 사용 (무료 라이선스 - 결제 없음)",
        "buttons": {
            "continueToCheckout": "결제로 진행"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "유효한 비밀번호",
    "validEmail": "유효한 이메일",
    "validSSO": "유효한 SSO",
+    "connectedClient": "연결된 클라이언트",
    "resourceBlocked": "리소스 차단됨",
    "droppedByRule": "룰에 의해 드롭됨",
    "noSessions": "세션 없음",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "유효한 인증 없음",
    "ip": "IP",
    "reason": "이유",
-    "requestLogs": "요청 로그",
+    "requestLogs": "HTTP 요청 로그",
    "requestAnalytics": "요청 분석",
    "host": "호스트",
    "location": "위치",
    "actionLogs": "작업 로그",
-    "sidebarLogsRequest": "요청 로그",
+    "sidebarLogsRequest": "HTTP 요청 로그",
    "sidebarLogsAccess": "접근 로그",
    "sidebarLogsAction": "작업 로그",
    "logRetention": "로그 보관",
    "logRetentionDescription": "다양한 유형의 로그를 이 조직에 대해 얼마나 오래 보관할지 관리하거나 비활성화합니다",
    "requestLogsDescription": "이 조직의 자원에 대한 상세한 요청 로그를 봅니다",
    "requestAnalyticsDescription": "이 조직의 리소스에 대한 자세한 요청 분석 보기",
-    "logRetentionRequestLabel": "요청 로그 보관",
+    "logRetentionRequestLabel": "HTTP 요청 로그 보관",
    "logRetentionRequestDescription": "요청 로그를 얼마나 오래 보관할지",
    "logRetentionAccessLabel": "접근 로그 보관",
    "logRetentionAccessDescription": "접근 로그를 얼마나 오래 보관할지",
    "logRetentionActionLabel": "작업 로그 보관",
    "logRetentionActionDescription": "작업 로그를 얼마나 오래 보관할지",
+    "logRetentionConnectionLabel": "연결 로그 보유 기간",
+    "logRetentionConnectionDescription": "연결 로그를 얼마나 오래 보유할지",
    "logRetentionDisabled": "비활성화됨",
    "logRetention3Days": "3 일",
    "logRetention7Days": "7 일",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "다음 연도 말",
    "actionLogsDescription": "이 조직에서 수행된 작업의 기록을 봅니다",
    "accessLogsDescription": "이 조직의 자원에 대한 접근 인증 요청을 확인합니다",
-    "licenseRequiredToUse": "이 기능을 사용하려면 <enterpriseLicenseLink>엔터프라이즈 에디션</enterpriseLicenseLink> 라이선스가 필요합니다. 이 기능은 <pangolinCloudLink>판골린 클라우드</pangolinCloudLink>에서도 사용할 수 있습니다.",
-    "ossEnterpriseEditionRequired": "이 기능을 사용하려면 <enterpriseEditionLink>엔터프라이즈 에디션</enterpriseEditionLink>이 필요합니다. 이 기능은 <pangolinCloudLink>판골린 클라우드</pangolinCloudLink>에서도 사용할 수 있습니다.",
+    "connectionLogs": "연결 로그",
+    "connectionLogsDescription": "이 조직의 터널 연결 로그 보기",
+    "sidebarLogsConnection": "연결 로그",
+    "sidebarLogsStreaming": "스트리밍",
+    "sourceAddress": "소스 주소",
+    "destinationAddress": "대상 주소",
+    "duration": "지속 시간",
+    "licenseRequiredToUse": "이 기능을 사용하려면 <enterpriseLicenseLink>엔터프라이즈 에디션</enterpriseLicenseLink> 라이선스가 필요합니다. 이 기능은 <pangolinCloudLink>판골린 클라우드</pangolinCloudLink>에서도 사용할 수 있습니다. <bookADemoLink>데모 또는 POC 체험을 예약하세요</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "이 기능을 사용하려면 <enterpriseEditionLink>엔터프라이즈 에디션</enterpriseEditionLink>이(가) 필요합니다. 이 기능은 <pangolinCloudLink>판골린 클라우드</pangolinCloudLink>에서도 사용할 수 있습니다. <bookADemoLink>데모 또는 POC 체험을 예약하세요</bookADemoLink>.",
    "certResolver": "인증서 해결사",
    "certResolverDescription": "이 리소스에 사용할 인증서 해결사를 선택하세요.",
    "selectCertResolver": "인증서 해결사 선택",
@@ -2448,6 +2840,9 @@
    "machineClients": "기계 클라이언트",
    "install": "설치",
    "run": "실행",
+    "envFile": "환경 파일",
+    "serviceFile": "서비스 파일",
+    "enableAndStart": "활성화 및 시작",
    "clientNameDescription": "나중에 변경할 수 있는 클라이언트의 표시 이름입니다.",
    "clientAddress": "클라이언트 주소(고급)",
    "setupFailedToFetchSubnet": "기본값 로드 실패",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "클라이언트 추가",
    "editInternalResourceDialogDestinationLabel": "대상지",
    "editInternalResourceDialogDestinationDescription": "내부 리소스의 목적지 주소를 지정하세요. 선택한 모드에 따라 이 주소는 호스트명, IP 주소, 또는 CIDR 범위가 될 수 있습니다. 더욱 쉽게 식별할 수 있도록 내부 DNS 별칭을 설정할 수 있습니다.",
+    "internalResourceFormMultiSiteRoutingHelp": "다중 사이트를 선택하면 높은 가용성을 위해 회복력 있는 라우팅 및 페일오버가 가능해집니다.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "자세히 알아보기",
    "editInternalResourceDialogPortRestrictionsDescription": "특정 TCP/UDP 포트에 대한 접근을 제한하거나 모든 포트를 허용/차단하십시오.",
+    "createInternalResourceDialogHttpConfiguration": "HTTP 구성",
+    "createInternalResourceDialogHttpConfigurationDescription": "이 리소스에 HTTP 또는 HTTPS로 도달하기 위한 도메인을 선택하세요.",
+    "editInternalResourceDialogHttpConfiguration": "HTTP 구성",
+    "editInternalResourceDialogHttpConfigurationDescription": "이 리소스에 HTTP 또는 HTTPS로 도달하기 위한 도메인을 선택하세요.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "액세스 제어",
    "editInternalResourceDialogAccessControlDescription": "연결 시 이 리소스에 대한 액세스 권한을 가지는 역할, 사용자, 그리고 머신 클라이언트를 제어합니다. 관리자는 항상 접근할 수 있습니다.",
    "editInternalResourceDialogPortRangeValidationError": "모든 포트에 대해서는 \"*\"로, 아니면 쉼표로 구분된 포트 및 범위 목록(예: \"80,443,8000-9000\")을 설정해야 합니다. 포트는 1에서 65535 사이여야 합니다.",
+    "internalResourceAuthDaemonStrategy": "SSH 인증 데몬 위치",
+    "internalResourceAuthDaemonStrategyDescription": "SSH 인증 데몬이 작동하는 위치를 선택하세요: 사이트(Newt)에서 또는 원격 호스트에서.",
+    "internalResourceAuthDaemonDescription": "SSH 인증 데몬은 이 리소스를 위한 SSH 키 서명과 PAM 인증을 처리합니다. 사이트(Newt)에서 나 별도의 원격 호스트에서 실행할 것인지를 선택하세요. 자세한 내용은 <docsLink>문서</docsLink>를 참조하세요.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "전략 선택",
+    "internalResourceAuthDaemonStrategyLabel": "위치",
+    "internalResourceAuthDaemonSite": "사이트에서 인증 데몬이 실행됩니다(Newt).",
+    "internalResourceAuthDaemonSiteDescription": "인증 데몬이 사이트(Newt)에서 실행됩니다.",
+    "internalResourceAuthDaemonRemote": "원격 호스트",
+    "internalResourceAuthDaemonRemoteDescription": "인증 데몬이 사이트가 아닌 다른 호스트에서 실행됩니다.",
+    "internalResourceAuthDaemonPort": "데몬 포트 (선택 사항)",
    "orgAuthWhatsThis": "조직 ID를 어디에서 찾을 수 있습니까?",
    "learnMore": "자세히 알아보기",
    "backToHome": "홈으로 돌아가기",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "곧 돌아오겠습니다! 사이트는 현재 예정된 유지보수를 진행 중입니다.",
    "maintenancePageMessageDescription": "유지보수를 설명하는 상세 메시지",
    "maintenancePageTimeTitle": "예상 완료 시간(선택 사항)",
+    "privateMaintenanceScreenTitle": "프라이빗 플레이스홀더 화면",
+    "privateMaintenanceScreenMessage": "이 도메인은 개인 리소스에서 사용 중입니다. Pangolin 클라이언트를 사용하여 이 리소스에 액세스하세요.",
+    "privateMaintenanceScreenSteps": "연결된 후에도 이 메시지가 보이면 브라우저의 DNS 캐시가 여전히 이전 주소를 가리킬 수 있습니다. 이를 해결하려면 이 탭이나 브라우저를 완전히 닫고 다시 열고 이 페이지로 돌아가세요.",
    "maintenanceTime": "예: 2시간, 11월 1일 오후 5시",
    "maintenanceEstimatedTimeDescription": "유지보수가 완료될 것으로 예상되는 시간",
    "editDomain": "도메인 수정",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "장치 승인 활성화",
    "approvalsEmptyStateStep2Description": "역할을 편집하고 '장치 승인 요구' 옵션을 활성화하세요. 이 역할을 가진 사용자는 새 장치에 대해 관리자의 승인이 필요합니다.",
    "approvalsEmptyStatePreviewDescription": "미리 보기: 활성화된 경우, 승인 대기 중인 장치 요청이 검토용으로 여기에 표시됩니다.",
-    "approvalsEmptyStateButtonText": "역할 관리"
+    "approvalsEmptyStateButtonText": "역할 관리",
+    "domainErrorTitle": "도메인 확인에 문제가 발생했습니다.",
+    "idpAdminAutoProvisionPoliciesTabHint": "<policiesTabLink>자동 프로비저닝 설정</policiesTabLink> 탭에서 역할 매핑 및 조직 정책을 구성합니다.",
+    "streamingTitle": "이벤트 스트리밍",
+    "streamingDescription": "조직의 이벤트를 외부 목적지로 실시간 전송합니다.",
+    "streamingUnnamedDestination": "이름이 없는 대상지",
+    "streamingNoUrlConfigured": "설정된 URL이 없습니다",
+    "streamingAddDestination": "대상지 추가",
+    "streamingHttpWebhookTitle": "HTTP 웹훅",
+    "streamingHttpWebhookDescription": "유연한 인증 및 템플릿 작성 기능을 갖춘 HTTP 엔드포인트에 이벤트를 전송합니다.",
+    "streamingS3Title": "아마존 S3",
+    "streamingS3Description": "S3 호환 객체 스토리지 버킷에 이벤트를 스트리밍합니다. 곧 제공됩니다.",
+    "streamingDatadogTitle": "데이터독",
+    "streamingDatadogDescription": "이벤트를 직접 Datadog 계정으로 전달합니다. 곧 제공됩니다.",
+    "streamingTypePickerDescription": "목표 유형을 선택하여 시작합니다.",
+    "streamingFailedToLoad": "대상 로드에 실패했습니다",
+    "streamingUnexpectedError": "예기치 않은 오류가 발생했습니다.",
+    "streamingFailedToUpdate": "대상지를 업데이트하는 데 실패했습니다",
+    "streamingDeletedSuccess": "대상지가 성공적으로 삭제되었습니다",
+    "streamingFailedToDelete": "대상지 삭제 실패",
+    "streamingDeleteTitle": "대상지 삭제",
+    "streamingDeleteButtonText": "대상지 삭제",
+    "streamingDeleteDialogAreYouSure": "삭제하시겠습니까",
+    "streamingDeleteDialogThisDestination": "이 대상지",
+    "streamingDeleteDialogPermanentlyRemoved": "? 모든 구성은 영구적으로 제거됩니다.",
+    "httpDestEditTitle": "대상지 수정",
+    "httpDestAddTitle": "HTTP 대상지 추가",
+    "httpDestEditDescription": "이 HTTP 이벤트 스트리밍 대상지의 구성을 업데이트하세요.",
+    "httpDestAddDescription": "조직의 이벤트 수신을 위한 새로운 HTTP 엔드포인트를 구성하세요.",
+    "S3DestEditTitle": "대상지 수정",
+    "S3DestAddTitle": "S3 대상지 추가",
+    "S3DestEditDescription": "이 S3 이벤트 스트리밍 대상지의 구성을 업데이트하세요.",
+    "S3DestAddDescription": "조직의 이벤트를 받기 위한 새로운 S3 엔드포인트를 구성하세요.",
+    "datadogDestEditTitle": "대상지 수정",
+    "datadogDestAddTitle": "Datadog 대상지 추가",
+    "datadogDestEditDescription": "이 Datadog 이벤트 스트리밍 대상지의 구성을 업데이트하세요.",
+    "datadogDestAddDescription": "조직의 이벤트를 받기 위한 새로운 Datadog 엔드포인트를 구성하세요.",
+    "httpDestTabSettings": "설정",
+    "httpDestTabHeaders": "헤더",
+    "httpDestTabBody": "본문",
+    "httpDestTabLogs": "로그",
+    "httpDestNamePlaceholder": "내 HTTP 대상",
+    "httpDestUrlLabel": "대상 URL",
+    "httpDestUrlErrorHttpRequired": "URL은 http 또는 https를 사용해야 합니다",
+    "httpDestUrlErrorHttpsRequired": "클라우드 배포에는 HTTPS가 필요합니다",
+    "httpDestUrlErrorInvalid": "유효한 URL을 입력하세요 (예: https://example.com/webhook)",
+    "httpDestAuthTitle": "인증",
+    "httpDestAuthDescription": "엔드포인트에 대한 요청 인증 방법을 선택하세요.",
+    "httpDestAuthNoneTitle": "인증 없음",
+    "httpDestAuthNoneDescription": "Authorization 헤더 없이 요청을 보냅니다.",
+    "httpDestAuthBearerTitle": "Bearer 토큰",
+    "httpDestAuthBearerDescription": "각 요청에 Authorization: Bearer '<token>' 헤더를 추가합니다.",
+    "httpDestAuthBearerPlaceholder": "API 키 또는 토큰",
+    "httpDestAuthBasicTitle": "기본 인증",
+    "httpDestAuthBasicDescription": "Authorization: Basic '<credentials>' 헤더를 추가합니다. 자격 증명은 사용자 이름:비밀번호로 제공합니다.",
+    "httpDestAuthBasicPlaceholder": "사용자 이름:비밀번호",
+    "httpDestAuthCustomTitle": "사용자 정의 헤더",
+    "httpDestAuthCustomDescription": "인증을 위한 사용자 정의 HTTP 헤더 이름 및 값을 지정하세요 (예: X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "헤더 이름 (예: X-API-Key)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "헤더 값",
+    "httpDestCustomHeadersTitle": "사용자 정의 HTTP 헤더",
+    "httpDestCustomHeadersDescription": "모든 발신 요청에 사용자 정의 헤더를 추가합니다. 정적 토큰 또는 사용자 정의 Content-Type에 유용합니다. 기본적으로 Content-Type: application/json이 전송됩니다.",
+    "httpDestNoHeadersConfigured": "구성된 사용자 정의 헤더가 없습니다. \"헤더 추가\"를 클릭하여 추가하세요.",
+    "httpDestHeaderNamePlaceholder": "헤더 이름",
+    "httpDestHeaderValuePlaceholder": "값",
+    "httpDestAddHeader": "헤더 추가",
+    "httpDestBodyTemplateTitle": "사용자 정의 본문 템플릿",
+    "httpDestBodyTemplateDescription": "엔드포인트에 전송되는 JSON 페이로드 구조를 제어합니다. 비활성화된 경우 각 이벤트에 대해 기본 JSON 객체가 전송됩니다.",
+    "httpDestEnableBodyTemplate": "사용자 정의 본문 템플릿 활성화",
+    "httpDestBodyTemplateLabel": "본문 템플릿 (JSON)",
+    "httpDestBodyTemplateHint": "템플릿 변수를 사용하여 페이로드에서 이벤트 필드를 참조하세요.",
+    "httpDestPayloadFormatTitle": "페이로드 형식",
+    "httpDestPayloadFormatDescription": "각 요청 본문에 이벤트가 시리얼라이즈되는 방식입니다.",
+    "httpDestFormatJsonArrayTitle": "JSON 배열",
+    "httpDestFormatJsonArrayDescription": "각 배치마다 요청 하나씩, 본문은 JSON 배열입니다. 대부분의 일반 웹훅 및 Datadog과 호환됩니다.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "각 배치마다 요청 하나씩, 본문은 줄 구분 JSON - 한 라인에 하나의 객체가 있으며 외부 배열이 없습니다. Splunk HEC, Elastic / OpenSearch, Grafana Loki에 필요합니다.",
+    "httpDestFormatSingleTitle": "각 요청 당 하나의 이벤트",
+    "httpDestFormatSingleDescription": "각 개별 이벤트에 대해 별도의 HTTP POST를 전송합니다. 배치를 처리할 수 없는 엔드포인트에만 사용하세요.",
+    "httpDestLogTypesTitle": "로그 유형",
+    "httpDestLogTypesDescription": "이 대상지에 전달될 로그 유형을 선택하세요. 활성화된 로그 유형만 스트리밍 됩니다.",
+    "httpDestAccessLogsTitle": "접근 로그",
+    "httpDestAccessLogsDescription": "인증 및 거부된 요청을 포함한 리소스 접근 시도.",
+    "httpDestActionLogsTitle": "작업 로그",
+    "httpDestActionLogsDescription": "조직 내에서 사용자가 수행한 관리 작업.",
+    "httpDestConnectionLogsTitle": "연결 로그",
+    "httpDestConnectionLogsDescription": "사이트 및 터널 연결 이벤트, 연결 및 연결 끊기를 포함합니다.",
+    "httpDestRequestLogsTitle": "HTTP 요청 로그",
+    "httpDestRequestLogsDescription": "프록시된 리소스에 대한 HTTP 요청 로그, 메서드, 경로 및 응답 코드를 포함합니다.",
+    "httpDestSaveChanges": "변경 사항 저장",
+    "httpDestCreateDestination": "대상지 생성",
+    "httpDestUpdatedSuccess": "대상지가 성공적으로 업데이트되었습니다",
+    "httpDestCreatedSuccess": "대상지가 성공적으로 생성되었습니다",
+    "httpDestUpdateFailed": "대상지를 업데이트하는 데 실패했습니다",
+    "httpDestCreateFailed": "대상지를 생성하는 데 실패했습니다",
+    "followRedirects": "리디렉션 따라가기",
+    "followRedirectsDescription": "요청에 대해 HTTP 리디렉션을 자동으로 따라갑니다.",
+    "alertingErrorWebhookUrl": "웹훅의 유효한 URL을 입력하세요.",
+    "healthCheckStrategyHttp": "연결성을 확인하고 HTTP 응답 상태를 확인합니다.",
+    "healthCheckStrategyTcp": "응답을 검사하지 않고 TCP 연결성만 확인합니다.",
+    "healthCheckStrategySnmp": "네트워크 장비 및 인프라의 상태를 확인하기 위해 SNMP get 요청을 보냅니다.",
+    "healthCheckStrategyIcmp": "ICMP 에코 요청(핑)을 사용하여 리소스에 대한 접근 가능성을 확인합니다.",
+    "healthCheckTabStrategy": "전략",
+    "healthCheckTabConnection": "연결",
+    "healthCheckTabAdvanced": "고급",
+    "healthCheckStrategyNotAvailable": "이 전략은 사용할 수 없습니다. 기능을 활성화하려면 영업팀에 문의하세요.",
+    "uptime30d": "업타임 (30일)",
+    "idpAddActionCreateNew": "새로운 아이덴티티 공급자 생성",
+    "idpAddActionImportFromOrg": "다른 조직에서 가져오기",
+    "idpImportDialogTitle": "아이덴티티 공급자 가져오기",
+    "idpImportDialogDescription": "관리자인 조직에서 아이덴티티 공급자를 선택하십시오. 이는 이 조직에 연결됩니다.",
+    "idpImportSearchPlaceholder": "조직 또는 공급자 이름으로 검색...",
+    "idpImportEmpty": "아이덴티티 공급자를 찾을 수 없습니다.",
+    "idpImportedDescription": "아이덴티티 공급자가 성공적으로 가져왔습니다.",
+    "idpDeleteGlobalQuestion": "정말로 이 아이덴티티 공급자를 영구적으로 삭제하시겠습니까?",
+    "idpDeleteGlobalDescription": "이것은 연관된 모든 조직에서 아이덴티티 공급자를 영구적으로 삭제합니다.",
+    "idpUnassociateTitle": "아이덴티티 공급자의 연관 해제",
+    "idpUnassociateQuestion": "정말로 이 조직에서 이 아이덴티티 공급자의 연관을 해제하시겠습니까?",
+    "idpUnassociateDescription": "이 아이덴티티 공급자와 연관된 모든 사용자는 이 조직에서 제거될 것이지만, 아이덴티티 공급자는 다른 연관된 조직에 계속해서 존재할 것입니다.",
+    "idpUnassociateConfirm": "아이덴티티 공급자 연관 해제 확인",
+    "idpUnassociateWarning": "이 조직에서 이것은 되돌릴 수 없습니다.",
+    "idpUnassociatedDescription": "아이덴티티 공급자가 이 조직에서 성공적으로 연관 해제되었습니다",
+    "idpUnassociateMenu": "연관 해제",
+    "idpDeleteAllOrgsMenu": "삭제",
+    "publicIpEndpoint": "엔드포인트",
+    "lastTriggeredAt": "마지막 트리거",
+    "reject": "거부",
+    "uptimeDaysAgo": "{count}일 전",
+    "uptimeToday": "오늘",
+    "uptimeNoDataAvailable": "데이터가 없습니다",
+    "uptimeSuffix": "가동 시간",
+    "uptimeDowntimeSuffix": "다운타임",
+    "uptimeTooltipUptimeLabel": "가동 시간",
+    "uptimeTooltipDowntimeLabel": "다운타임",
+    "uptimeOngoing": "진행 중",
+    "uptimeNoMonitoringData": "모니터링 데이터 없음",
+    "uptimeNoData": "데이터 없음",
+    "uptimeMiniBarDown": "중단됨",
+    "uptimeSectionTitle": "가동 시간",
+    "uptimeSectionDescription": "지난 {days}일 동안의 가용성",
+    "uptimeAddAlert": "알림 추가",
+    "uptimeViewAlerts": "알림 보기",
+    "uptimeCreateEmailAlert": "이메일 알림 생성",
+    "uptimeAlertDescriptionSite": "이 사이트가 오프라인 되거나 다시 온라인 될 때 이메일로 알림을 받습니다.",
+    "uptimeAlertDescriptionResource": "이 리소스가 오프라인 되거나 다시 온라인 될 때 이메일로 알림을 받습니다.",
+    "uptimeAlertNamePlaceholder": "알림 이름",
+    "uptimeAdditionalEmails": "추가 이메일",
+    "uptimeCreateAlert": "알림 생성",
+    "uptimeAlertNoRecipients": "수신자 없음",
+    "uptimeAlertNoRecipientsDescription": "통지를 받을 사용자, 역할 또는 이메일을 최소 한 개 추가하세요.",
+    "uptimeAlertCreated": "알림 생성됨",
+    "uptimeAlertCreatedDescription": "상태가 변경되면 통지를 받습니다.",
+    "uptimeAlertCreateFailed": "알림 생성 실패",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "키",
+    "webhookHeaderValuePlaceholder": "값",
+    "alertLabel": "알림",
+    "domainPickerWildcardSubdomainNotAllowed": "와일드카드 서브도메인은 허용되지 않습니다.",
+    "domainPickerWildcardCertWarning": "와일드카드 리소스는 올바르게 작동하려면 추가 구성이 필요할 수 있습니다.",
+    "domainPickerWildcardCertWarningLink": "자세히 알아보기",
+    "health": "건강",
+    "domainPendingErrorTitle": "확인 문제",
+    "memberPortalTitle": "리소스",
+    "memberPortalDescription": "이 조직에서 접근할 수 있는 리소스",
+    "memberPortalSortBy": "정렬 기준...",
+    "memberPortalSortNameAsc": "이름 A-Z",
+    "memberPortalSortNameDesc": "이름 Z-A",
+    "memberPortalSortDomainAsc": "도메인 A-Z",
+    "memberPortalSortDomainDesc": "도메인 Z-A",
+    "memberPortalSortEnabledFirst": "사용 활성화 우선",
+    "memberPortalSortDisabledFirst": "사용 비활성화 우선",
+    "memberPortalRefresh": "새로 고침",
+    "memberPortalRefreshResources": "리소스 새로 고침",
+    "memberPortalFailedToLoad": "리소스를 불러오는 데 실패했습니다",
+    "memberPortalFailedToLoadDescription": "리소스를 불러오는 데 실패했습니다. 연결을 확인하고 다시 시도해 주십시오.",
+    "memberPortalUnableToLoad": "리소스를 가져오는 데 실패했습니다",
+    "memberPortalTryAgain": "다시 시도",
+    "memberPortalNoResourcesFound": "리소스를 발견하지 못했습니다",
+    "memberPortalNoResourcesAvailable": "사용 가능한 리소스가 없습니다",
+    "memberPortalNoResourcesMatchSearch": "\"{query}\"와 일치하는 리소스가 없습니다. 검색어를 수정하거나 검색을 초기화하여 모든 리소스를 확인하십시오.",
+    "memberPortalNoResourcesAccess": "아직 접근할 수 있는 리소스가 없습니다. 필요한 리소스 접근을 위해 관리자에게 문의하세요.",
+    "memberPortalClearSearch": "검색 초기화",
+    "memberPortalPublicResources": "공공 리소스",
+    "memberPortalPublicResourcesDescription": "브라우저를 통해 접근 가능한 웹 애플리케이션 및 서비스",
+    "memberPortalCopiedToClipboard": "클립보드에 복사됨",
+    "memberPortalCopiedUrlDescription": "리소스 URL이 클립보드에 복사되었습니다.",
+    "memberPortalOpenResource": "리소스 열기",
+    "memberPortalPrivateResources": "비공개 리소스",
+    "memberPortalPrivateResourcesDescription": "클라이언트를 통해 접근 가능한 내부 네트워크 리소스",
+    "memberPortalResourceDetails": "리소스 세부 정보",
+    "memberPortalMode": "모드",
+    "memberPortalDestination": "대상지",
+    "memberPortalAlias": "별칭",
+    "memberPortalCopiedAliasDescription": "리소스 별칭이 클립보드에 복사되었습니다.",
+    "memberPortalCopiedDestinationDescription": "리소스 대상지가 클립보드에 복사되었습니다.",
+    "memberPortalRequiresClientConnection": "클라이언트 연결 필요",
+    "memberPortalAuthMethods": "인증 방법",
+    "memberPortalSso": "싱글 사인온 (SSO)",
+    "memberPortalPasswordProtected": "비밀번호 보호",
+    "memberPortalPinCode": "PIN 코드",
+    "memberPortalEmailWhitelist": "이메일 화이트리스트",
+    "memberPortalResourceDisabled": "리소스 비활성화됨",
+    "memberPortalShowingResources": "{start}-{end} 중 {total}개의 리소스를 표시 중",
+    "memberPortalPrevious": "이전",
+    "memberPortalNext": "다음"
 }
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "Kontakt salgsavdelingen for å aktivere denne funksjonen.",
+    "contactSalesBookDemo": "Bestill en demo",
+    "contactSalesOr": "eller",
+    "contactSalesContactUs": "kontakt oss",
    "setupCreate": "Opprett organisasjonen, nettstedet og ressursene",
    "headerAuthCompatibilityInfo": "Aktiver dette for å tvinge frem en 401 Uautorisert-respons når en autentiseringstoken mangler. Dette kreves for nettlesere eller spesifikke HTTP-biblioteker som ikke sender legitimasjon uten en serverutfordring.",
    "headerAuthCompatibility": "Utvidet kompatibilitet",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "Ugyldig eller utgått lisensnøkkel oppdaget. Følg lisensvilkårene for å fortsette å kunne bruke alle funksjonene.",
    "dismiss": "Avvis",
    "subscriptionViolationMessage": "Du er utenfor grensen for gjeldende plan. Rett problemet ved å fjerne nettsteder, brukere eller andre ressurser for å bli innenfor planen din.",
+    "trialBannerMessage": "Din prøveperiode utløper om {countdown}. Oppgrader for å beholde tilgangen.",
+    "trialBannerExpired": "Prøveperioden din har utløpt. Oppgrader nå for å gjenopprette tilgangen.",
+    "billingTrialBannerTitle": "Prøveversjon Aktiv",
+    "billingTrialBannerDescription": "Du har for øyeblikket en gratis prøveversjon på forretningsnivået. Når prøven avsluttes, vil kontoen din automatisk gå tilbake til funksjoner og begrensninger på Basis-nivået. Oppgrader når som helst for å beholde tilgang til de nåværende planens funksjoner.",
+    "billingTrialBannerUpgrade": "Oppgrader nå",
+    "billingTrialBadge": "Prøveversjon",
+    "trialActive": "Gratis prøveversjon aktiv",
+    "trialExpired": "Prøveperioden er utløpt",
+    "trialHasEnded": "Din prøveperiode har avsluttet.",
+    "trialDaysRemaining": "{count, plural, one {# dag igjen} other {# dager igjen}}",
+    "trialDaysLeftShort": "{days}d igjen av prøveperioden",
+    "trialGoToBilling": "Gå til faktureringssiden",
    "subscriptionViolationViewBilling": "Vis fakturering",
    "componentsLicenseViolation": "Lisens Brudd: Denne serveren bruker {usedSites} områder som overskrider den lisensierte grenser av {maxSites} områder. Følg lisensvilkårene for å fortsette å kunne bruke alle funksjonene.",
    "componentsSupporterMessage": "Takk for at du støtter Pangolin som en {tier}!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "Jeg har kopiert konfigurasjonen",
    "searchSitesProgress": "Søker i områder...",
    "siteAdd": "Legg til område",
+    "sitesTableViewPublicResources": "Vis offentlige ressurser",
+    "sitesTableViewPrivateResources": "Vis private ressurser",
    "siteInstallNewt": "Installer Newt",
    "siteInstallNewtDescription": "Få Newt til å kjøre på systemet ditt",
    "WgConfiguration": "WireGuard Konfigurasjon",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "Området har blitt oppdatert.",
    "siteGeneralDescription": "Konfigurer de generelle innstillingene for dette området",
    "siteSettingDescription": "Konfigurere innstillingene på nettstedet",
+    "siteResourcesTab": "Ressurser",
+    "siteResourcesNoneOnSite": "Dette nettstedet har ingen offentlige eller private ressurser enda.",
+    "siteResourcesSectionPublic": "Offentlige ressurser",
+    "siteResourcesSectionPrivate": "Private ressurser",
+    "siteResourcesSectionPublicDescription": "Ressurser eksponert eksternt gjennom domener eller porter.",
+    "siteResourcesSectionPrivateDescription": "Ressurser tilgjengelig på ditt private nettverk gjennom nettstedet.",
+    "siteResourcesViewAllPublic": "Vis alle ressurser",
+    "siteResourcesViewAllPrivate": "Vis alle ressurser",
+    "siteResourcesDialogDescription": "Oversikt over offentlige og private ressurser assosiert med dette nettstedet.",
+    "siteResourcesShowMore": "Vis mer",
+    "siteResourcesPermissionDenied": "Du har ikke tillatelse til å liste opp disse ressursene.",
+    "siteResourcesEmptyPublic": "Ingen offentlige ressurser retter seg mot dette nettstedet enda.",
+    "siteResourcesEmptyPrivate": "Ingen private ressurser er assosiert med dette nettstedet enda.",
+    "siteResourcesHowToAccess": "Hvordan få tilgang",
+    "siteResourcesTargetsOnSite": "Mål på dette nettstedet",
    "siteSetting": "{siteName} Innstillinger",
    "siteNewtTunnel": "Nyhetsnettsted (anbefalt)",
    "siteNewtTunnelDescription": "Lekkeste måte å lage et inngangspunkt til ethvert nettverk. Ingen ekstra oppsett på.",
@@ -148,6 +181,11 @@
    "createLink": "Opprett lenke",
    "resourcesNotFound": "Ingen ressurser funnet",
    "resourceSearch": "Søk i ressurser",
+    "machineSearch": "Søk etter maskiner",
+    "machinesSearch": "Søk etter maskinklienter...",
+    "machineNotFound": "Ingen maskiner funnet",
+    "userDeviceSearch": "Søk etter brukerenheter",
+    "userDevicesSearch": "Søk etter brukerenheter...",
    "openMenu": "Åpne meny",
    "resource": "Ressurs",
    "title": "Tittel",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "Proxy forespørsler over HTTPS ved å bruke et fullstendig kvalifisert domenenavn.",
    "resourceRaw": "Rå TCP/UDP-ressurs",
    "resourceRawDescription": "Proxy forespørsler over rå TCP/UDP ved å bruke et portnummer.",
+    "resourceRawDescriptionCloud": "Proxy forespørsler om rå TCP/UDP ved hjelp av et portnummer. Krever sider for å koble til en ekstern node.",
    "resourceCreate": "Opprett ressurs",
    "resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs",
    "resourceSeeAll": "Se alle ressurser",
@@ -261,8 +300,11 @@
    "orgMissing": "Organisasjons-ID Mangler",
    "orgMissingMessage": "Kan ikke regenerere invitasjon uten en organisasjons-ID.",
    "accessUsersManage": "Administrer brukere",
+    "accessUserManage": "Administrer brukere",
    "accessUsersDescription": "Inviter og behandle brukere med tilgang til denne organisasjonen",
    "accessUsersSearch": "Søk etter brukere...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# rolle} other {# roller}}",
+    "accessUsersRoleFilterClear": "Fjern rollesøkefiltre",
    "accessUserCreate": "Opprett bruker",
    "accessUserRemove": "Fjern bruker",
    "username": "Brukernavn",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "Slett API-nøkkel",
    "apiKeysManage": "Administrer API-nøkler",
    "apiKeysDescription": "API-nøkler brukes for å autentisere med integrasjons-API",
+    "provisioningKeysTitle": "Foreløpig nøkkel",
+    "provisioningKeysManage": "Behandle bestemmende nøkler",
+    "provisioningKeysDescription": "Bestemmelsesnøkler brukes til å godkjenne automatisert nettstedsløsning for din organisasjon.",
+    "provisioningManage": "Levering",
+    "provisioningDescription": "Administrer foreløpig nøkler og gjennomgå ventende nettsteder som venter på godkjenning.",
+    "pendingSites": "Ventende nettsteder",
+    "siteApproveSuccess": "Vellykket godkjenning av nettsted",
+    "siteApproveError": "Feil ved godkjenning av side",
+    "provisioningKeys": "Foreløpig nøkler",
+    "searchProvisioningKeys": "Søk varer i lagrings nøkler...",
+    "provisioningKeysAdd": "Generer fremvisende nøkkel",
+    "provisioningKeysErrorDelete": "Feil under sletting av foreløpig nøkkel",
+    "provisioningKeysErrorDeleteMessage": "Feil under sletting av foreløpig nøkkel",
+    "provisioningKeysQuestionRemove": "Er du sikker på at du vil fjerne denne midlertidig nøkkelen fra organisasjonen?",
+    "provisioningKeysMessageRemove": "Når nøkkelen er fjernet, kan den ikke lenger brukes til anleggsavsetning.",
+    "provisioningKeysDeleteConfirm": "Bekreft sletting av bestemmelsesnøkkel",
+    "provisioningKeysDelete": "Slett bestemmelsesnøkkel",
+    "provisioningKeysCreate": "Generer fremvisende nøkkel",
+    "provisioningKeysCreateDescription": "Generer en ny foreløpig nøkkel til organisasjonen",
+    "provisioningKeysSeeAll": "Se alle foreløpig nøkler",
+    "provisioningKeysSave": "Lagre den midlertidig nøkkelen",
+    "provisioningKeysSaveDescription": "Du kan bare se denne én gang. Kopier det til et sikkert sted.",
+    "provisioningKeysErrorCreate": "Feil under oppretting av foreløpig nøkkel",
+    "provisioningKeysList": "Ny provisorisk nøkkel",
+    "provisioningKeysMaxBatchSize": "Maks størrelse på bunt",
+    "provisioningKeysUnlimitedBatchSize": "Ubegrenset mengde bunt (ingen begrensning)",
+    "provisioningKeysMaxBatchUnlimited": "Ubegrenset",
+    "provisioningKeysMaxBatchSizeInvalid": "Angi en gyldig sjakkstørrelse (1–1 000.000).",
+    "provisioningKeysValidUntil": "Gyldig til",
+    "provisioningKeysValidUntilHint": "La stå tomt for ingen utløp.",
+    "provisioningKeysValidUntilInvalid": "Angi en gyldig dato og klokkeslett.",
+    "provisioningKeysNumUsed": "Antall ganger brukt",
+    "provisioningKeysLastUsed": "Sist brukt",
+    "provisioningKeysNoExpiry": "Ingen utløpsdato",
+    "provisioningKeysNeverUsed": "Aldri",
+    "provisioningKeysEdit": "Rediger bestemmelsesnøkkel",
+    "provisioningKeysEditDescription": "Oppdater maksimal størrelse for bunt og utløpstid for denne nøkkelen.",
+    "provisioningKeysApproveNewSites": "Godkjenn nye nettsteder",
+    "provisioningKeysApproveNewSitesDescription": "Godkjenn automatisk nettsteder som registrerer deg med denne nøkkelen.",
+    "provisioningKeysUpdateError": "Feil under oppdatering av foreløpig nøkkel",
+    "provisioningKeysUpdated": "Foreslå nøkkel oppdatert",
+    "provisioningKeysUpdatedDescription": "Dine endringer er lagret.",
+    "provisioningKeysBannerTitle": "Sidens bestemmende nøkler",
+    "provisioningKeysBannerDescription": "Generer en provisjonsnøkkel og bruk den med Newt-kontakten for automatisk opprettelse av nettsteder ved første oppstart - ingen behov for å sette opp separate legitimasjoner for hvert nettsted.",
+    "provisioningKeysBannerButtonText": "Lær mer",
+    "pendingSitesBannerTitle": "Ventende nettsteder",
+    "pendingSitesBannerDescription": "Nettsteder som kobler seg til ved bruk av en provisjonsnøkkel vises her for vurdering.",
+    "pendingSitesBannerButtonText": "Lær mer",
    "apiKeysSettings": "{apiKeyName} Innstillinger",
    "userTitle": "Administrer alle brukere",
    "userDescription": "Vis og administrer alle brukere i systemet",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "Aktivering av lisensnøkkel feilet",
    "licenseErrorKeyActivateDescription": "Det oppstod en feil under aktivering av lisensnøkkelen.",
    "licenseAbout": "Om Lisensiering",
+    "licenseBannerTitle": "Aktiver din bedriftslisens",
+    "licenseBannerDescription": "Lås opp bedriftsfunksjoner for din egenvertede Pangolin-instans. Kjøp en lisensnøkkel for å aktivere premium-funksjoner og legg den inn nedenfor.",
+    "licenseBannerGetLicense": "Få en lisens",
+    "licenseBannerViewDocs": "Vis dokumentasjon",
    "communityEdition": "Fellesskapsutgave",
    "licenseAboutDescription": "Dette er for bedrifts- og foretaksbrukere som bruker Pangolin i et kommersielt miljø. Hvis du bruker Pangolin til personlig bruk, kan du ignorere denne seksjonen.",
    "licenseKeyActivated": "Lisensnøkkel aktivert",
@@ -508,9 +602,12 @@
    "userSaved": "Bruker lagret",
    "userSavedDescription": "Brukeren har blitt oppdatert.",
    "autoProvisioned": "Auto avlyst",
+    "autoProvisionSettings": "Auto leveringsinnstillinger",
    "autoProvisionedDescription": "Tillat denne brukeren å bli automatisk administrert av en identitetsleverandør",
    "accessControlsDescription": "Administrer hva denne brukeren kan få tilgang til og gjøre i organisasjonen",
    "accessControlsSubmit": "Lagre tilgangskontroller",
+    "singleRolePerUserPlanNotice": "Din plan støtter bare én rolle per bruker.",
+    "singleRolePerUserEditionNotice": "Denne utgaven støtter bare én rolle per bruker.",
    "roles": "Roller",
    "accessUsersRoles": "Administrer brukere og roller",
    "accessUsersRolesDescription": "Inviter brukere og legg dem til roller for å administrere tilgang til organisasjonen",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "Vennligst skriv inn et gyldig portnummer",
    "targetErrorNoSite": "Ingen nettsted valgt",
    "targetErrorNoSiteDescription": "Velg et nettsted for målet",
+    "targetTargetsCleared": "Mål ryddet",
+    "targetTargetsClearedDescription": "Alle mål har blitt fjernet fra denne ressursen",
    "targetCreated": "Mål opprettet",
    "targetCreatedDescription": "Målet har blitt opprettet",
    "targetErrorCreate": "Kunne ikke opprette målet",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "Feilet å slå av/på ressurs",
    "resourcesErrorUpdateDescription": "En feil oppstod under oppdatering av ressursen",
    "access": "Tilgang",
+    "accessControl": "Tilgangskontroll",
    "shareLink": "{resource} Del Lenke",
    "resourceSelect": "Velg ressurs",
    "shareLinks": "Del lenker",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Sikkerhetsnøkkel",
+    "newtVersion": "Versjon",
    "architecture": "Arkitektur",
    "sites": "Områder",
    "siteWgAnyClients": "Bruk hvilken som helst WireGuard klient til å koble til. Du må adressere interne ressurser ved hjelp av peer IP.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "Rolle fjernet",
    "accessRoleRemovedDescription": "Rollen er vellykket fjernet.",
    "accessRoleRequiredRemove": "Før du sletter denne rollen, vennligst velg en ny rolle å overføre eksisterende medlemmer til.",
+    "network": "Nettverk",
    "manage": "Administrer",
    "sitesNotFound": "Ingen områder funnet.",
    "pangolinServerAdmin": "Server Admin - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "Et visningsnavn for denne identitetsleverandøren",
    "idpAutoProvisionUsers": "Automatisk brukerklargjøring",
    "idpAutoProvisionUsersDescription": "Når aktivert, opprettes brukere automatisk i systemet ved første innlogging, med mulighet til å tilordne brukere til roller og organisasjoner.",
+    "idpAutoProvisionConfigureAfterCreate": "Du kan konfigurere autoprovisjonsinnstillingene når identitetsleverandøren er opprettet.",
    "licenseBadge": "EE",
    "idpType": "Leverandørtype",
    "idpTypeDescription": "Velg typen identitetsleverandør du ønsker å konfigurere",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "Standard rolletilordning",
    "defaultMappingsRoleDescription": "Resultatet av dette uttrykket må returnere rollenavnet slik det er definert i organisasjonen som en streng.",
    "defaultMappingsOrg": "Standard organisasjonstilordning",
-    "defaultMappingsOrgDescription": "Dette uttrykket må returnere organisasjons-ID-en eller «true» for å gi brukeren tilgang til organisasjonen.",
+    "defaultMappingsOrgDescription": "Når denne er satt, må uttrykket returnere organisasjons-IDen eller «true» for at brukeren skal få tilgang til den organisasjonen. Når den ikke er satt, er det nok å definere en rolletilordning: brukeren gis tilgang så lenge en gyldig rolletilknytting kan løses for dem i organisasjonen.",
    "defaultMappingsSubmit": "Lagre standard tilordninger",
    "orgPoliciesEdit": "Rediger Organisasjonspolicy",
    "org": "Organisasjon",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "Oops! Siden du leter etter finnes ikke.",
    "overview": "Oversikt",
    "home": "Hjem",
-    "accessControl": "Tilgangskontroll",
    "settings": "Innstillinger",
    "usersAll": "Alle brukere",
    "license": "Lisens",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "Hent bruker",
    "actionGetOrgUser": "Hent organisasjonsbruker",
    "actionListOrgDomains": "List opp organisasjonsdomener",
+    "actionGetDomain": "Få Domene",
+    "actionCreateOrgDomain": "Opprett domene",
+    "actionUpdateOrgDomain": "Oppdater domene",
+    "actionDeleteOrgDomain": "Slett domene",
+    "actionGetDNSRecords": "Hent DNS-oppføringer",
+    "actionRestartOrgDomain": "Omstart Domene",
    "actionCreateSite": "Opprett område",
    "actionDeleteSite": "Slett område",
    "actionGetSite": "Hent område",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "Skriv inn oppsetttoken fra serverkonsollen.",
    "setupTokenRequired": "Oppsetttoken er nødvendig",
    "actionUpdateSite": "Oppdater område",
+    "actionResetSiteBandwidth": "Tilbakestill organisasjons-båndbredde",
    "actionListSiteRoles": "List opp tillatte områderoller",
    "actionCreateResource": "Opprett ressurs",
    "actionDeleteResource": "Slett ressurs",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "Fjern bruker",
    "actionListUsers": "List opp brukere",
    "actionAddUserRole": "Legg til brukerrolle",
+    "actionSetUserOrgRoles": "Angi brukerroller",
    "actionGenerateAccessToken": "Generer tilgangstoken",
    "actionDeleteAccessToken": "Slett tilgangstoken",
    "actionListAccessTokens": "List opp tilgangstokener",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "Vis logger",
    "noneSelected": "Ingen valgt",
    "orgNotFound2": "Ingen organisasjoner funnet.",
+    "search": "Søk…",
    "searchPlaceholder": "Søk...",
    "emptySearchOptions": "Ingen valg funnet",
    "create": "Opprett",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "Privat",
    "sidebarAccessControl": "Tilgangskontroll",
    "sidebarLogsAndAnalytics": "Logger og analyser",
+    "sidebarTeam": "Lag",
    "sidebarUsers": "Brukere",
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Invitasjoner",
    "sidebarRoles": "Roller",
    "sidebarShareableLinks": "Lenker",
    "sidebarApiKeys": "API-nøkler",
+    "sidebarProvisioning": "Levering",
    "sidebarSettings": "Innstillinger",
    "sidebarAllUsers": "Alle brukere",
    "sidebarIdentityProviders": "Identitetsleverandører",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "Administrer",
    "sidebarLogAndAnalytics": "Logg og analyser",
    "sidebarBluePrints": "Tegninger",
+    "sidebarAlerting": "Varsling",
+    "sidebarHealthChecks": "Helsekontroller",
    "sidebarOrganization": "Organisasjon",
+    "sidebarManagement": "Administrasjon",
    "sidebarBillingAndLicenses": "Fakturering & lisenser",
    "sidebarLogsAnalytics": "Analyser",
+    "alertingTitle": "Varsling",
+    "alertingDescription": "Definer kilder, triggere og handlinger for varsler",
+    "alertingRules": "Varslingsregler",
+    "alertingSearchRules": "Søk i regler…",
+    "alertingAddRule": "Opprett regel",
+    "alertingColumnSource": "Kilde",
+    "alertingColumnTrigger": "Utløser",
+    "alertingColumnActions": "Handlinger",
+    "alertingColumnEnabled": "Aktivert",
+    "alertingDeleteQuestion": "Vennligst bekreft at du vil slette denne varslingsregelen.",
+    "alertingDeleteRule": "Slett varslingsregel",
+    "alertingRuleDeleted": "Varslingsregel slettet",
+    "alertingRuleSaved": "Varslingsregel lagret",
+    "alertingRuleSavedCreatedDescription": "Din nye varslingsregel ble opprettet. Du kan fortsette å redigere den på denne siden.",
+    "alertingRuleSavedUpdatedDescription": "Endringene dine i denne varslingsregelen ble lagret.",
+    "alertingEditRule": "Rediger varslingsregel",
+    "alertingCreateRule": "Opprett varslingsregel",
+    "alertingRuleCredenzaDescription": "Velg hva som skal overvåkes, når det skal varsles, og hvordan du vil bli informert",
+    "alertingRuleNamePlaceholder": "Produksjonsside nede",
+    "alertingRuleEnabled": "Regel aktivert",
+    "alertingSectionSource": "Kilde",
+    "alertingSourceType": "Kildetype",
+    "alertingSourceSite": "Område",
+    "alertingSourceHealthCheck": "Helsekontroll",
+    "alertingPickSites": "Områder",
+    "alertingPickHealthChecks": "Helsekontroller",
+    "alertingPickResources": "Ressurser",
+    "alertingAllSites": "Alle områder",
+    "alertingAllSitesDescription": "Varsler for alle områder",
+    "alertingSpecificSites": "Spesifikke områder",
+    "alertingSpecificSitesDescription": "Velg spesifikke områder for overvåking",
+    "alertingAllHealthChecks": "Alle helsekontroller",
+    "alertingAllHealthChecksDescription": "Varsler for alle helsekontroller",
+    "alertingSpecificHealthChecks": "Spesifikke helsekontroller",
+    "alertingSpecificHealthChecksDescription": "Velg spesifikke helsekontroller for overvåking",
+    "alertingAllResources": "Alle ressurser",
+    "alertingAllResourcesDescription": "Varsler for alle ressurser",
+    "alertingSpecificResources": "Spesifikke ressurser",
+    "alertingSpecificResourcesDescription": "Velg spesifikke ressurser for overvåking",
+    "alertingSelectResources": "Velg ressurser…",
+    "alertingResourcesSelected": "{count} ressurser valgt",
+    "alertingResourcesEmpty": "Ingen ressurser med mål i de første 10 resultatene.",
+    "alertingSectionTrigger": "Utløser",
+    "alertingTrigger": "Når skal det varsles",
+    "alertingTriggerSiteOnline": "Nettsted er online",
+    "alertingTriggerSiteOffline": "Nettsted er offline",
+    "alertingTriggerSiteToggle": "Endringer i nettstedstatus",
+    "alertingTriggerHcHealthy": "Helsekontroll sunn",
+    "alertingTriggerHcUnhealthy": "Helsekontroll usunn",
+    "alertingTriggerHcToggle": "Endringer i helsekontrollstatus",
+    "alertingTriggerResourceHealthy": "Ressurs sunn",
+    "alertingTriggerResourceUnhealthy": "Ressurs usunn",
+    "alertingTriggerResourceDegraded": "Ressurs forringet",
+    "alertingSearchHealthChecks": "Søk i helsekontroller…",
+    "alertingHealthChecksEmpty": "Ingen tilgjengelige helsekontroller.",
+    "alertingTriggerResourceToggle": "Endringer i ressursstatus",
+    "alertingSourceResource": "Ressurs",
+    "alertingSectionActions": "Handlinger",
+    "alertingAddAction": "Legg til handling",
+    "alertingActionNotify": "E-post",
+    "alertingActionNotifyDescription": "Send e-postvarsler til brukere eller roller",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "Send en HTTP-forespørsel til et tilpasset endepunkt",
+    "alertingExternalIntegration": "Ekstern integrasjon",
+    "alertingExternalPagerDutyDescription": "Send varsler til PagerDuty for hendelseshåndtering",
+    "alertingExternalOpsgenieDescription": "Rute varsler til Opsgenie for vakt håndtering",
+    "alertingExternalServiceNowDescription": "Opprett ServiceNow hendelser fra varslingseventer",
+    "alertingExternalIncidentIoDescription": "Utløs Incident.io arbeidsflyter fra varsels begivenheter",
+    "alertingActionType": "Handlings type",
+    "alertingNotifyUsers": "Brukere",
+    "alertingNotifyRoles": "Roller",
+    "alertingNotifyEmails": "E-postadresser",
+    "alertingEmailPlaceholder": "Legg til e-post og trykk Enter",
+    "alertingWebhookMethod": "HTTP-metode",
+    "alertingWebhookSecret": "Signeringshemmelig (valgfritt)",
+    "alertingWebhookSecretPlaceholder": "HMAC-hemmelig",
+    "alertingWebhookHeaders": "Overskrifter",
+    "alertingAddHeader": "Legg til header",
+    "alertingSelectSites": "Velg områder…",
+    "alertingSitesSelected": "{count} områder valgt",
+    "alertingSelectHealthChecks": "Velg helsekontroller…",
+    "alertingHealthChecksSelected": "{count} helsekontroller valgt",
+    "alertingNoHealthChecks": "Ingen mål med helsekontroller aktivert",
+    "alertingHealthCheckStub": "Valg av helsekontrollkilde er ikke sluttført ennå - du kan fortsatt konfigurere triggere og handlinger.",
+    "alertingSelectUsers": "Velg brukere…",
+    "alertingUsersSelected": "{count} brukere valgt",
+    "alertingSelectRoles": "Velg roller…",
+    "alertingRolesSelected": "{count} roller valgt",
+    "alertingSummarySites": "Områder ({count})",
+    "alertingSummaryAllSites": "Alle områder",
+    "alertingSummaryHealthChecks": "Helsekontroller ({count})",
+    "alertingSummaryAllHealthChecks": "Alle helsekoner",
+    "alertingSummaryResources": "Ressurser ({count})",
+    "alertingSummaryAllResources": "Alle ressurser",
+    "alertingErrorNameRequired": "Skriv inn et navn",
+    "alertingErrorActionsMin": "Legg til minst én handling",
+    "alertingErrorPickSites": "Velg minst ett område",
+    "alertingErrorPickHealthChecks": "Velg minst én helsekontroll",
+    "alertingErrorPickResources": "Velg minst én ressurs",
+    "alertingErrorTriggerSite": "Velg en triggetjeneste for nettsted",
+    "alertingErrorTriggerHealth": "Velg en triggetjeneste for helsekontroll",
+    "alertingErrorTriggerResource": "Velg en triggetjeneste for ressurs",
+    "alertingErrorNotifyRecipients": "Velg brukere, roller, eller minst én e-post",
+    "alertingConfigureSource": "Konfigurer kilde",
+    "alertingConfigureTrigger": "Konfigurer trigger",
+    "alertingConfigureActions": "Konfigurer handlinger",
+    "alertingBackToRules": "Tilbake til regler",
+    "alertingRuleCooldown": "Nedkjøling (sekunder)",
+    "alertingRuleCooldownDescription": "Minimum tid mellom gjentatte varsler for samme regel. Sett til 0 for å skyte hver gang.",
+    "alertingDraftBadge": "Utkast - lagre for å lagre denne regelen",
+    "alertingSidebarHint": "Klikk på et steg på lerretet for å redigere det her.",
+    "alertingGraphCanvasTitle": "Regel Flyt",
+    "alertingGraphCanvasDescription": "Visuell oversikt over kilde, trigger og handlinger. Velg en node for å redigere den i panelet.",
+    "alertingNodeNotConfigured": "Ikke konfigurert ennå",
+    "alertingNodeActionsCount": "{count, plural, one {# handling} other {# handlinger}}",
+    "alertingNodeRoleSource": "Kilde",
+    "alertingNodeRoleTrigger": "Utløser",
+    "alertingNodeRoleAction": "Handling",
+    "alertingTabRules": "Varslingsregler",
+    "alertingTabHealthChecks": "Helsekontroller",
+    "alertingRulesBannerTitle": "Bli varslet",
+    "alertingRulesBannerDescription": "Hver regel binder sammen hva som skal overvåkes (et område, helsekontroll eller ressurs), når det skal varsles (for eksempel offline eller usunn), og hvordan varsle teamet ditt via e-post, webhooks eller integrasjoner. Bruk denne listen for å opprette, aktivere og administrere disse reglene.",
+    "alertingHealthChecksBannerTitle": "Overvåk helse & ressurser",
+    "alertingHealthChecksBannerDescription": "Helsekontroller er HTTP- eller TCP-monitorer du definerer én gang. Du kan deretter bruke dem som kilder i varslingsregler slik at du blir varslet når et mål blir sunt eller usunt. Helsekontroller på ressurser vises også her.",
+    "standaloneHcTableTitle": "Helsekontroller",
+    "standaloneHcSearchPlaceholder": "Søk i helsekontroller…",
+    "standaloneHcAddButton": "Opprett helsekontroll",
+    "standaloneHcCreateTitle": "Opprett helsekontroll",
+    "standaloneHcEditTitle": "Rediger helsekontroll",
+    "standaloneHcDescription": "Konfigurer en HTTP- eller TCP-helsekontroll for bruk i varslingsregler.",
+    "standaloneHcNameLabel": "Navn",
+    "standaloneHcNamePlaceholder": "Min HTTP-monitor",
+    "standaloneHcDeleteTitle": "Slett helsekontroll",
+    "standaloneHcDeleteQuestion": "Vennligst bekreft at du vil slette denne helsekontrollen.",
+    "standaloneHcDeleted": "Helsekontroll slettet",
+    "standaloneHcSaved": "Helsekontroll lagret",
+    "standaloneHcColumnHealth": "Helse",
+    "standaloneHcColumnMode": "Modus",
+    "standaloneHcColumnTarget": "Mål",
+    "standaloneHcHealthStateHealthy": "Sunn",
+    "standaloneHcHealthStateUnhealthy": "Usunn",
+    "standaloneHcHealthStateUnknown": "Ukjent",
+    "standaloneHcFilterAnySite": "Alle områder",
+    "standaloneHcFilterAnyResource": "Alle ressurser",
+    "standaloneHcFilterMode": "Modus",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "Helse",
+    "standaloneHcFilterEnabled": "Aktivert",
+    "standaloneHcFilterEnabledOn": "Aktivert",
+    "standaloneHcFilterEnabledOff": "Deaktivert",
+    "standaloneHcFilterSiteIdFallback": "Område {id}",
+    "standaloneHcFilterResourceIdFallback": "Ressurs {id}",
    "blueprints": "Tegninger",
    "blueprintsDescription": "Bruk deklarative konfigurasjoner og vis tidligere kjøringer",
    "blueprintAdd": "Legg til blåkopi",
@@ -1289,7 +1560,6 @@
    "parsedContents": "Parastinnhold (kun lese)",
    "enableDockerSocket": "Aktiver Docker blåkopi",
    "enableDockerSocketDescription": "Aktiver skraping av Docker Socket for blueprint Etiketter. Socket bane må brukes for nye.",
-    "enableDockerSocketLink": "Lær mer",
    "viewDockerContainers": "Vis Docker-containere",
    "containersIn": "Containere i {siteName}",
    "selectContainerDescription": "Velg en hvilken som helst container for å bruke som vertsnavn for dette målet. Klikk på en port for å bruke en port.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "Opprett den første serveradministratorkontoen. Det kan bare finnes én serveradministrator. Du kan alltid endre denne påloggingsinformasjonen senere.",
    "createAdminAccount": "Opprett administratorkonto",
    "setupErrorCreateAdmin": "En feil oppstod under opprettelsen av serveradministratorkontoen.",
-    "certificateStatus": "Sertifikatstatus",
+    "certificateStatus": "Sertifikat",
+    "certificateStatusAutoRefreshHint": "Status oppdateres automatisk.",
    "loading": "Laster inn",
    "loadingAnalytics": "Laster inn analyser",
    "restart": "Start på nytt",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "Se utgivelsesnotater",
    "newtUpdateAvailable": "Oppdatering tilgjengelig",
    "newtUpdateAvailableInfo": "En ny versjon av Newt er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.",
+    "pangolinNodeUpdateAvailableInfo": "En ny versjon av Pangolin Node er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.",
    "domainPickerEnterDomain": "Domene",
    "domainPickerPlaceholder": "minapp.eksempel.no",
    "domainPickerDescription": "Skriv inn hele domenet til ressursen for å se tilgjengelige alternativer.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "Navnerom: {namespace}",
    "domainPickerShowMore": "Vis mer",
    "regionSelectorTitle": "Velg Region",
+    "domainPickerRemoteExitNodeWarning": "Tilbudte domener støttes ikke når sider kobles til eksterne avkjøringsnoder. For ressurser som skal være tilgjengelige på eksterne noder, brukes et egendefinert domene i stedet.",
    "regionSelectorInfo": "Å velge en region hjelper oss med å gi bedre ytelse for din lokasjon. Du trenger ikke være i samme region som serveren.",
    "regionSelectorPlaceholder": "Velg en region",
    "regionSelectorComingSoon": "Kommer snart",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "Fremhev tilgjengelig varsel",
    "billingFeatureLossDescription": "Ved å nedgradere vil funksjoner som ikke er tilgjengelige i den nye planen automatisk bli deaktivert. Noen innstillinger og konfigurasjoner kan gå tapt. Vennligst gjennomgå prismatrisen for å forstå hvilke funksjoner som ikke lenger vil være tilgjengelige.",
    "billingUsageExceedsLimit": "Gjeldende bruk ({current}) overskrider grensen ({limit})",
+    "billingPastDueTitle": "Betalingen har forfalt",
+    "billingPastDueDescription": "Betalingen er forfalt. Vennligst oppdater betalingsmetoden din for å fortsette å bruke den gjeldende funksjonsplanen din. Hvis du ikke har løst deg, vil abonnementet ditt avbrytes, og du vil bli tilbakestilt til gratistiden.",
+    "billingUnpaidTitle": "Abonnement ubetalt",
+    "billingUnpaidDescription": "Ditt abonnement er ubetalt og du har blitt tilbakestilt til gratis kasse. Vennligst oppdater din betalingsmetode for å gjenopprette abonnementet.",
+    "billingIncompleteTitle": "Betaling ufullstendig",
+    "billingIncompleteDescription": "Betalingen er ufullstendig. Vennligst fullfør betalingsprosessen for å aktivere abonnementet.",
+    "billingIncompleteExpiredTitle": "Betaling utløpt",
+    "billingIncompleteExpiredDescription": "Din betaling ble aldri fullført, og har utløpt. Du har blitt tilbakestilt til gratis dekk. Vennligst abonner på nytt for å gjenopprette tilgangen til betalte funksjoner.",
+    "billingManageSubscription": "Administrere ditt abonnement",
+    "billingResolvePaymentIssue": "Vennligst løs ditt betalingsproblem før du oppgraderer eller nedgraderer betalingen",
    "signUpTerms": {
        "IAgreeToThe": "Jeg godtar",
        "termsOfService": "brukervilkårene",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "Konfigurer Helsekontroll",
    "configureHealthCheckDescription": "Sett opp helsekontroll for {target}",
    "enableHealthChecks": "Aktiver Helsekontroller",
+    "healthCheckDisabledStateDescription": "Når deaktivert, vil ikke nettstedet utføre helsekontroller, og tilstanden vil anses som ukjent.",
    "enableHealthChecksDescription": "Overvåk helsen til dette målet. Du kan overvåke et annet endepunkt enn målet hvis nødvendig.",
    "healthScheme": "Metode",
    "healthSelectScheme": "Velg metode",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "Tid er i sekunder",
    "requireDeviceApproval": "Krev enhetsgodkjenning",
    "requireDeviceApprovalDescription": "Brukere med denne rollen trenger nye enheter godkjent av en admin før de kan koble seg og få tilgang til ressurser.",
+    "sshAccess": "SSH tilgang",
+    "roleAllowSsh": "Tillat SSH",
+    "roleAllowSshAllow": "Tillat",
+    "roleAllowSshDisallow": "Forby",
+    "roleAllowSshDescription": "Tillat brukere med denne rollen å koble til ressurser via SSH. Når deaktivert får rollen ikke tilgang til SSH.",
+    "sshSudoMode": "Sudo tilgang",
+    "sshSudoModeNone": "Ingen",
+    "sshSudoModeNoneDescription": "Brukeren kan ikke kjøre kommandoer med sudo.",
+    "sshSudoModeFull": "Full Sudo",
+    "sshSudoModeFullDescription": "Brukeren kan kjøre hvilken som helst kommando med sudo.",
+    "sshSudoModeCommands": "Kommandoer",
+    "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
+    "sshSudo": "Tillat sudo",
+    "sshSudoCommands": "Sudo kommandoer",
+    "sshSudoCommandsDescription": "Kommaseparert liste med kommandoer brukeren kan kjøre med sudo.",
+    "sshCreateHomeDir": "Opprett hjemmappe",
+    "sshUnixGroups": "Unix grupper",
+    "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
    "retryAttempts": "Forsøk på nytt",
    "expectedResponseCodes": "Forventede svarkoder",
    "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "Sjekkeintervallet må være minst 5 sekunder",
    "healthCheckTimeoutMin": "Timeout må være minst 1 sekund",
    "healthCheckRetryMin": "Forsøk på nytt må være minst 1",
+    "healthCheckMode": "Sjekk modus",
+    "healthCheckStrategy": "Strategi",
+    "healthCheckModeDescription": "TCP-modus verifiserer kun tilkobling. HTTP-modus validerer HTTP-responsen.",
+    "healthyThreshold": "Sunnhets terskel",
+    "healthyThresholdDescription": "Suksesser på rad som kreves før man markerer som sunn.",
+    "unhealthyThreshold": "Usunn terskel",
+    "unhealthyThresholdDescription": "Feil på rad som kreves før man markerer som usunn.",
+    "healthCheckHealthyThresholdMin": "Sunnhet terskel må være minst 1",
+    "healthCheckUnhealthyThresholdMin": "Usunn terskel må være minst 1",
    "httpMethod": "HTTP-metode",
    "selectHttpMethod": "Velg HTTP-metode",
    "domainPickerSubdomainLabel": "Underdomene",
+    "domainPickerWildcard": "Jokertegn",
+    "domainPickerWildcardPaidOnly": "Jokertegnsubdomener er en betalt funksjon. Vennligst oppgrader for å få tilgang til denne funksjonen.",
    "domainPickerBaseDomainLabel": "Grunndomene",
    "domainPickerSearchDomains": "Søk i domener...",
    "domainPickerNoDomainsFound": "Ingen domener funnet",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "Denne adressen er en del av organisasjonens undernettverk. Den brukes til å løse aliasposter ved hjelp av intern DNS-oppløsning.",
    "resourcesTableClients": "Klienter",
    "resourcesTableAndOnlyAccessibleInternally": "og er kun tilgjengelig internt når de er koblet til med en klient.",
-    "resourcesTableNoTargets": "Ingen mål",
    "resourcesTableHealthy": "Frisk",
    "resourcesTableDegraded": "Nedgradert",
-    "resourcesTableOffline": "Frakoblet",
+    "resourcesTableUnhealthy": "Usunn",
    "resourcesTableUnknown": "Ukjent",
    "resourcesTableNotMonitored": "Ikke overvåket",
+    "resourcesTableNoTargets": "Ingen mål",
    "editInternalResourceDialogEditClientResource": "Rediger Private Ressurser",
    "editInternalResourceDialogUpdateResourceProperties": "Oppdater ressurskonfigurasjonen og få tilgangskontroller for {resourceName}",
    "editInternalResourceDialogResourceProperties": "Ressursegenskaper",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "Port",
    "editInternalResourceDialogModeHost": "Vert",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "Skjema",
+    "editInternalResourceDialogEnableSsl": "Aktiver SSL",
+    "editInternalResourceDialogEnableSslDescription": "Aktiver SSL/TLS-kryptering for sikre HTTPS-tilkoblinger til destinasjonen.",
    "editInternalResourceDialogDestination": "Destinasjon",
    "editInternalResourceDialogDestinationHostDescription": "IP-adressen eller vertsnavnet til ressursen på nettstedets nettverk.",
    "editInternalResourceDialogDestinationIPDescription": "IP eller vertsnavn til ressursen på nettstedets nettverk.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "Navn",
    "createInternalResourceDialogSite": "Område",
    "selectSite": "Velg område...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# sted} other {# steder}}",
    "noSitesFound": "Ingen områder funnet.",
    "createInternalResourceDialogProtocol": "Protokoll",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "Port",
    "createInternalResourceDialogModeHost": "Vert",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "Skjema",
+    "createInternalResourceDialogScheme": "Skjema",
+    "createInternalResourceDialogEnableSsl": "Aktiver SSL",
+    "createInternalResourceDialogEnableSslDescription": "Aktiver SSL/TLS-kryptering for sikre HTTPS-tilkoblinger til destinasjonen.",
    "createInternalResourceDialogDestination": "Destinasjon",
    "createInternalResourceDialogDestinationHostDescription": "IP-adressen eller vertsnavnet til ressursen på nettstedets nettverk.",
    "createInternalResourceDialogDestinationCidrDescription": "CIDR-rekkevidden til ressursen på nettstedets nettverk.",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "Et valgfritt internt DNS-alias for denne ressursen.",
+    "internalResourceDownstreamSchemeRequired": "Skjema er påkrevd for HTTP-ressurser",
+    "internalResourceHttpPortRequired": "Destinasjonsport er nødvendig for HTTP-ressurser",
    "siteConfiguration": "Konfigurasjon",
    "siteAcceptClientConnections": "Godta klientforbindelser",
    "siteAcceptClientConnectionsDescription": "Tillat brukere og klienter å få tilgang til ressurser på denne siden. Dette kan endres senere.",
@@ -1851,6 +2178,40 @@
    "exitNode": "Utgangsnode",
    "country": "Land",
    "rulesMatchCountry": "For tiden basert på kilde IP",
+    "region": "Fylke",
+    "selectRegion": "Velg region",
+    "searchRegions": "Søk etter områder...",
+    "noRegionFound": "Ingen region funnet.",
+    "rulesMatchRegion": "Velg en regional gruppering av land",
+    "rulesErrorInvalidRegion": "Ugyldig område",
+    "rulesErrorInvalidRegionDescription": "Vennligst velg et gyldig område.",
+    "regionAfrica": "Afrika",
+    "regionNorthernAfrica": "[country name] Nord-Afrika",
+    "regionEasternAfrica": "Øst-Afrika",
+    "regionMiddleAfrica": "Middle Africa",
+    "regionSouthernAfrica": "Sør-Afrika",
+    "regionWesternAfrica": "[country name] Vest-Afrika",
+    "regionAmericas": "Amerika",
+    "regionCaribbean": "Karibia",
+    "regionCentralAmerica": "Sentral-Amerika",
+    "regionSouthAmerica": "Sør-Amerika",
+    "regionNorthernAmerica": "Nord-Amerika",
+    "regionAsia": "Asia",
+    "regionCentralAsia": "Sentral-Asia",
+    "regionEasternAsia": "Øst-Asia",
+    "regionSouthEasternAsia": "Sørøst-Asia",
+    "regionSouthernAsia": "Sørlige Asia",
+    "regionWesternAsia": "Vest-Asia",
+    "regionEurope": "Europa",
+    "regionEasternEurope": "Øst-Europa",
+    "regionNorthernEurope": "Nord-Europa",
+    "regionSouthernEurope": "Sørlige Europa",
+    "regionWesternEurope": "Vest-Europa",
+    "regionOceania": "Oceania",
+    "regionAustraliaAndNewZealand": "Australia og New Zealand",
+    "regionMelanesia": "Melanesia",
+    "regionMicronesia": "Micronesia",
+    "regionPolynesia": "Polynesia",
    "managedSelfHosted": {
        "title": "Administrert selv-hostet",
        "description": "Sikre og lavvedlikeholdsservere, selvbetjente Pangolin med ekstra klokker, og understell",
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "Internasjonalt domene oppdaget",
    "willbestoredas": "Vil bli lagret som:",
-    "roleMappingDescription": "Bestem hvordan roller tilordnes brukere når innloggingen er aktivert når autog-rapportering er aktivert.",
+    "roleMappingDescription": "Bestem hvordan roller tildeles brukere når de logger inn med denne identitetsleverandøren.",
    "selectRole": "Velg en rolle",
    "roleMappingExpression": "Uttrykk",
    "selectRolePlaceholder": "Velg en rolle",
@@ -1899,6 +2260,25 @@
    "invalidValue": "Ugyldig verdi",
    "idpTypeLabel": "Identitet leverandør type",
    "roleMappingExpressionPlaceholder": "F.eks. inneholder(grupper, 'admin') && 'Admin' ⋅'Medlem'",
+    "roleMappingModeFixedRoles": "Fast roller",
+    "roleMappingModeMappingBuilder": "Kartlegger bygger",
+    "roleMappingModeRawExpression": "Rå uttrykk",
+    "roleMappingFixedRolesPlaceholderSelect": "Velg en eller flere roller",
+    "roleMappingFixedRolesPlaceholderFreeform": "Skriv inn rollenavn (eksakt treff per organisasjon)",
+    "roleMappingFixedRolesDescriptionSameForAll": "Tilordne den samme rollen som er satt til hver automatisk midlertidig bruker.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "For standard policyer, type rollenavn som eksisterer i hver organisasjon der brukerne tilbys. Navn må stemmer nøyaktig.",
+    "roleMappingClaimPath": "Krev sti",
+    "roleMappingClaimPathPlaceholder": "grupper",
+    "roleMappingClaimPathDescription": "Sti i i token nyttelast som inneholder kildeverdier (for eksempel grupper).",
+    "roleMappingMatchValue": "Treff verdi",
+    "roleMappingAssignRoles": "Tilordne roller",
+    "roleMappingAddMappingRule": "Legg til tilordningsregel",
+    "roleMappingRawExpressionResultDescription": "Uttrykk skal vurderes til en streng eller en tekststreng.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "Uttrykk må evaluere til en streng (en rollenavn).",
+    "roleMappingMatchValuePlaceholder": "Match verdi (for eksempel: admin)",
+    "roleMappingAssignRolesPlaceholderFreeform": "Angi rollenavn (eksakt per org)",
+    "roleMappingBuilderFreeformRowHint": "Rollenavn må samsvare med en rolle i hver målorganisasjon.",
+    "roleMappingRemoveRule": "Fjern",
    "idpGoogleConfiguration": "Google Konfigurasjon",
    "idpGoogleConfigurationDescription": "Konfigurer Google OAuth2 legitimasjonen",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "Velg et domene for organisasjonens autentiseringsside",
    "domainPickerProvidedDomain": "Gitt domene",
    "domainPickerFreeProvidedDomain": "Gratis oppgitt domene",
+    "domainPickerFreeDomainsPaidFeature": "Angitte domener er en betalingsfunksjon. Abonner for å få et domene inkludert i din plan – ingen behov for å ta med ditt eget.",
    "domainPickerVerified": "Bekreftet",
    "domainPickerUnverified": "Uverifisert",
-    "domainPickerInvalidSubdomainStructure": "Dette underdomenet inneholder ugyldige tegn eller struktur. Det vil automatisk bli utsatt når du lagrer.",
+    "domainPickerManual": "Manuell",
+    "domainPickerInvalidSubdomainStructure": "Ugyldige tegn vil bli sanitert når de er lagret.",
    "domainPickerError": "Feil",
    "domainPickerErrorLoadDomains": "Kan ikke laste organisasjonens domener",
    "domainPickerErrorCheckAvailability": "Kunne ikke kontrollere domenetilgjengelighet",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "Velg din identitet leverandør for å fortsette",
    "orgAuthNoIdpConfigured": "Denne organisasjonen har ikke noen identitetstjeneste konfigurert. Du kan i stedet logge inn med Pangolin identiteten din.",
    "orgAuthSignInWithPangolin": "Logg inn med Pangolin",
-    "orgAuthSignInToOrg": "Logg inn på en organisasjon",
+    "orgAuthSignInToOrg": "Organisasjonens identitetsleverandør (SSO)",
    "orgAuthSelectOrgTitle": "Organisasjonsinnlogging",
    "orgAuthSelectOrgDescription": "Skriv inn organisasjons-ID-en din for å fortsette",
    "orgAuthOrgIdPlaceholder": "din-organisasjon",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "Skala",
-                "description": "Enterprise features, 50 brukere, 50 nettsteder og prioritetsstøtte."
+                "description": "Funksjoner for bedrifter, 50 brukere, 100 nettsteder og prioritert support."
            }
        },
-        "personalUseOnly": "Kun personlig bruk (gratis lisens - ingen utsjekking)",
+        "personalUseOnly": "Kun personlig bruk (gratis lisens - ingen kasse)",
        "buttons": {
            "continueToCheckout": "Fortsett til kassen"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "Gyldig passord",
    "validEmail": "Valid email",
    "validSSO": "Valid SSO",
+    "connectedClient": "Tilkoblet klient",
    "resourceBlocked": "Ressurs blokkert",
    "droppedByRule": "Legg i regelen",
    "noSessions": "Ingen økter",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "No Valid Auth",
    "ip": "IP",
    "reason": "Grunn",
-    "requestLogs": "Forespørselslogger (Automatic Translation)",
+    "requestLogs": "HTTP-forespørselslogger",
    "requestAnalytics": "Be om analyser",
    "host": "Vert",
    "location": "Sted",
    "actionLogs": "Handlingslogger",
-    "sidebarLogsRequest": "Forespørselslogger (Automatic Translation)",
+    "sidebarLogsRequest": "HTTP-forespørselslogger",
    "sidebarLogsAccess": "Tilgangslogger (Automatic Translation)",
    "sidebarLogsAction": "Handlingslogger",
    "logRetention": "Logg tilbaketrekning",
    "logRetentionDescription": "Håndter hvor lenge ulike typer logger beholdes for denne organisasjonen, eller deaktiver dem",
    "requestLogsDescription": "Se detaljerte forespørselslogger for ressurser i denne organisasjonen",
    "requestAnalyticsDescription": "Se detaljert rekvisisjonsanalyse for ressurser i denne organisasjonen",
-    "logRetentionRequestLabel": "Be om loggoverføring",
+    "logRetentionRequestLabel": "Be om loggbevaring",
    "logRetentionRequestDescription": "Hvor lenge du vil beholde forespørselslogger",
    "logRetentionAccessLabel": "Få tilgang til loggoverføring",
    "logRetentionAccessDescription": "Hvor lenge du vil beholde adgangslogger",
    "logRetentionActionLabel": "Handlings logg nytt",
    "logRetentionActionDescription": "Hvor lenge handlingen skal lagres",
+    "logRetentionConnectionLabel": "Logg nyhet",
+    "logRetentionConnectionDescription": "Hvor lenge du vil beholde tilkoblingslogger",
    "logRetentionDisabled": "Deaktivert",
    "logRetention3Days": "3 dager",
    "logRetention7Days": "7 dager",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "Slutt på neste år",
    "actionLogsDescription": "Vis historikk for handlinger som er utført i denne organisasjonen",
    "accessLogsDescription": "Vis autoriseringsforespørsler for ressurser i denne organisasjonen",
-    "licenseRequiredToUse": "En <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> lisens er påkrevd for å bruke denne funksjonen. Denne funksjonen er også tilgjengelig i <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
-    "ossEnterpriseEditionRequired": "<enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> er nødvendig for å bruke denne funksjonen. Denne funksjonen er også tilgjengelig i <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
+    "connectionLogs": "Loggfiler for tilkobling",
+    "connectionLogsDescription": "Vis tilkoblingslogger for tunneler i denne organisasjonen",
+    "sidebarLogsConnection": "Loggfiler for tilkobling",
+    "sidebarLogsStreaming": "Strømming",
+    "sourceAddress": "Kilde adresse",
+    "destinationAddress": "Måladresse (Automatic Translation)",
+    "duration": "Varighet",
+    "licenseRequiredToUse": "En <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> lisens eller <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> er påkrevd for å bruke denne funksjonen. <bookADemoLink>Bestill en demo eller POC prøveversjon</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "<enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> er nødvendig for å bruke denne funksjonen. Denne funksjonen er også tilgjengelig i <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>. <bookADemoLink>Bestill en demo eller POC studie</bookADemoLink>.",
    "certResolver": "Sertifikat løser",
    "certResolverDescription": "Velg sertifikatløser som skal brukes for denne ressursen.",
    "selectCertResolver": "Velg sertifikatløser",
@@ -2448,6 +2840,9 @@
    "machineClients": "Maskinklienter",
    "install": "Installer",
    "run": "Kjør",
+    "envFile": "Miljøfil",
+    "serviceFile": "Tjenestefil",
+    "enableAndStart": "Aktiver og start",
    "clientNameDescription": "Visningsnavnet til klienten som kan endres senere.",
    "clientAddress": "Klientadresse (avansert)",
    "setupFailedToFetchSubnet": "Kunne ikke hente standard undernett",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "Legg til klienter",
    "editInternalResourceDialogDestinationLabel": "Destinasjon",
    "editInternalResourceDialogDestinationDescription": "Spesifiser destinasjonsadressen for den interne ressursen. Dette kan være et vertsnavn, IP-adresse eller CIDR-sjikt avhengig av valgt modus. Valgfrie oppsett av intern DNS-alias for enklere identifikasjon.",
+    "internalResourceFormMultiSiteRoutingHelp": "Valg av flere nettsteder muliggjør motstandskraftig ruting og failover for høy tilgjengelighet.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "Lær mer",
    "editInternalResourceDialogPortRestrictionsDescription": "Begrens tilgang til spesifikke TCP/UDP-porter eller tillate/blokkere alle porter.",
+    "createInternalResourceDialogHttpConfiguration": "HTTP-konfigurasjon",
+    "createInternalResourceDialogHttpConfigurationDescription": "Velg domenet klienter vil bruke for å nå denne ressursen via HTTP eller HTTPS.",
+    "editInternalResourceDialogHttpConfiguration": "HTTP-konfigurasjon",
+    "editInternalResourceDialogHttpConfigurationDescription": "Velg domenet klienter vil bruke for å nå denne ressursen via HTTP eller HTTPS.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "Tilgangskontroll",
    "editInternalResourceDialogAccessControlDescription": "Kontroller hvilke roller, brukere og maskinklienter som har tilgang til denne ressursen når den er koblet til. Administratorer har alltid tilgang.",
    "editInternalResourceDialogPortRangeValidationError": "Portsjiktet må være \"*\" for alle porter, eller en kommaseparert liste med porter og sjikt (f.eks. \"80,443,8000-9000\"). Porter må være mellom 1 og 65535.",
+    "internalResourceAuthDaemonStrategy": "SSH Auth Daemon Sted",
+    "internalResourceAuthDaemonStrategyDescription": "Velg hvor SSH-autentisering daemon kjører: på nettstedet (Newt) eller på en ekstern vert.",
+    "internalResourceAuthDaemonDescription": "SSH-godkjenning daemon håndterer SSH-nøkkel signering og PAM autentisering for denne ressursen. Velg om den kjører på nettstedet (Newt) eller på en separat ekstern vert. Se <docsLink>dokumentasjonen</docsLink> for mer.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "Velg strategi",
+    "internalResourceAuthDaemonStrategyLabel": "Sted",
+    "internalResourceAuthDaemonSite": "På nettsted",
+    "internalResourceAuthDaemonSiteDescription": "Autentiser daemon kjører på nettstedet (Newt).",
+    "internalResourceAuthDaemonRemote": "Ekstern vert",
+    "internalResourceAuthDaemonRemoteDescription": "Autentiser daemon kjører på en vert som ikke er nettstedet.",
+    "internalResourceAuthDaemonPort": "Daemon Port (valgfritt)",
    "orgAuthWhatsThis": "Hvor kan jeg finne min organisasjons-ID?",
    "learnMore": "Lær mer",
    "backToHome": "Gå tilbake til start",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "Vi kommer snart tilbake! Vårt nettsted gjennomgår for øyeblikket planlagt vedlikehold.",
    "maintenancePageMessageDescription": "Detaljert beskjed som forklarer vedlikeholdet",
    "maintenancePageTimeTitle": "Estimert ferdigstillelsestid (Valgfritt)",
+    "privateMaintenanceScreenTitle": "Privat plassholder skjerm",
+    "privateMaintenanceScreenMessage": "Dette domenet brukes på en privatressurs. Koble til ved å bruke Pangolin-klienten for å få tilgang til denne ressursen.",
+    "privateMaintenanceScreenSteps": "Når du er koblet til, hvis du fortsatt ser denne meldingen, peker kanskje DNS-cachen til nettleseren din fortsatt til den gamle adressen. For å rette på dette: lukk og åpne denne fanen eller nettleseren på nytt, og naviger deretter tilbake til denne siden.",
    "maintenanceTime": "f.eks. 2 timer, 1. november kl. 17:00",
    "maintenanceEstimatedTimeDescription": "Når du forventer at vedlikeholdet er ferdigstilt",
    "editDomain": "Rediger domene",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "Aktiver enhetsgodkjenninger",
    "approvalsEmptyStateStep2Description": "Rediger en rolle og aktiver alternativet 'Kreve enhetsgodkjenninger'. Brukere med denne rollen vil trenge administratorgodkjenning for nye enheter.",
    "approvalsEmptyStatePreviewDescription": "Forhåndsvisning: Når aktivert, ventende enhets forespørsler vil vises her for vurdering",
-    "approvalsEmptyStateButtonText": "Administrer Roller"
+    "approvalsEmptyStateButtonText": "Administrer Roller",
+    "domainErrorTitle": "Vi har problemer med å verifisere domenet ditt",
+    "idpAdminAutoProvisionPoliciesTabHint": "Konfigurer rollegartlegging og organisasjonspolicyer på <policiesTabLink>Auto leveringsinnstillinger</policiesTabLink> fanen.",
+    "streamingTitle": "Hendelse Strømming",
+    "streamingDescription": "Stream hendelser fra din organisasjon til eksterne destinasjoner i sanntid.",
+    "streamingUnnamedDestination": "Plassering uten navn",
+    "streamingNoUrlConfigured": "Ingen URL konfigurert",
+    "streamingAddDestination": "Legg til mål",
+    "streamingHttpWebhookTitle": "HTTP Webhook",
+    "streamingHttpWebhookDescription": "Send hendelser til alle HTTP-endepunkter med fleksibel autentisering og maling.",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "Strøm hendelser til en S3-kompatibel objektlagringskjøt. Kommer snart.",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "Videresend arrangementer direkte til din Datadog-konto. Kommer snart.",
+    "streamingTypePickerDescription": "Velg en måltype for å komme i gang.",
+    "streamingFailedToLoad": "Kan ikke laste inn destinasjoner",
+    "streamingUnexpectedError": "En uventet feil oppstod.",
+    "streamingFailedToUpdate": "Kunne ikke oppdatere destinasjon",
+    "streamingDeletedSuccess": "Målet ble slettet",
+    "streamingFailedToDelete": "Kunne ikke slette destinasjon",
+    "streamingDeleteTitle": "Slett mål",
+    "streamingDeleteButtonText": "Slett mål",
+    "streamingDeleteDialogAreYouSure": "Er du sikker på at du vil slette",
+    "streamingDeleteDialogThisDestination": "denne destinasjonen",
+    "streamingDeleteDialogPermanentlyRemoved": "? Alle konfigurasjoner vil bli slettet permanent.",
+    "httpDestEditTitle": "Rediger mål",
+    "httpDestAddTitle": "Legg til HTTP-destinasjon",
+    "httpDestEditDescription": "Oppdater konfigurasjonen for denne HTTP-hendelsesstrømmedestinasjonen.",
+    "httpDestAddDescription": "Konfigurer et nytt HTTP endepunkt for å motta organisasjonens hendelser.",
+    "S3DestEditTitle": "Rediger destinasjon",
+    "S3DestAddTitle": "Legg til S3 destinasjon",
+    "S3DestEditDescription": "Oppdatere konfigurasjonen for denne S3-hendelsesstrømmingsdestinasjonen.",
+    "S3DestAddDescription": "Konfigurer et nytt S3-endepunkt for å motta organisasjonens hendelser.",
+    "datadogDestEditTitle": "Rediger destinasjon",
+    "datadogDestAddTitle": "Legg til Datadog destinasjon",
+    "datadogDestEditDescription": "Oppdatere konfigurasjonen for denne Datadog-hendelsesstrømmingsdestinasjonen.",
+    "datadogDestAddDescription": "Konfigurer et nytt Datadog-endepunkt for å motta organisasjonens hendelser.",
+    "httpDestTabSettings": "Innstillinger",
+    "httpDestTabHeaders": "Overskrifter",
+    "httpDestTabBody": "Innhold",
+    "httpDestTabLogs": "Logger",
+    "httpDestNamePlaceholder": "Min HTTP destinasjon",
+    "httpDestUrlLabel": "Destinasjons URL",
+    "httpDestUrlErrorHttpRequired": "URL-adressen må bruke httpp eller https",
+    "httpDestUrlErrorHttpsRequired": "HTTPS er nødvendig for distribusjon av sky",
+    "httpDestUrlErrorInvalid": "Skriv inn en gyldig nettadresse (f.eks. https://eksempel.com/webhook)",
+    "httpDestAuthTitle": "Autentisering",
+    "httpDestAuthDescription": "Velg hvordan ønsker til sluttpunktet ditt er autentisert.",
+    "httpDestAuthNoneTitle": "Ingen godkjenning",
+    "httpDestAuthNoneDescription": "Sender forespørsler uten autorisasjonsoverskrift.",
+    "httpDestAuthBearerTitle": "Bærer Symbol",
+    "httpDestAuthBearerDescription": "Legger til en Autorisasjon: Bearer '<token>' header til hver forespørsel.",
+    "httpDestAuthBearerPlaceholder": "Din API-nøkkel eller token",
+    "httpDestAuthBasicTitle": "Standard Auth",
+    "httpDestAuthBasicDescription": "Legger til en Autorisasjon: Basic '<credentials>' header. Gi legitimasjon som brukernavn:passord.",
+    "httpDestAuthBasicPlaceholder": "brukernavn:passord",
+    "httpDestAuthCustomTitle": "Egendefinert topptekst",
+    "httpDestAuthCustomDescription": "Angi et egendefinert HTTP headers navn og verdi for autentisering (f.eks X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "Topptekst navn (f.eks X-API-Key)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "Header verdi",
+    "httpDestCustomHeadersTitle": "Egendefinerte HTTP-overskrifter",
+    "httpDestCustomHeadersDescription": "Legg til egendefinerte overskrifter til hver utgående forespørsel. Nyttig for statisk tokens eller en egendefinert innholdstype. Som standard blir innholdstype: applikasjon/json sendt.",
+    "httpDestNoHeadersConfigured": "Ingen egendefinerte overskrifter konfigurert. Klikk \"Legg til topptekst\" for å legge til en.",
+    "httpDestHeaderNamePlaceholder": "Navn på topptekst",
+    "httpDestHeaderValuePlaceholder": "Verdi",
+    "httpDestAddHeader": "Legg til topptekst",
+    "httpDestBodyTemplateTitle": "Egendefinert hovedmal",
+    "httpDestBodyTemplateDescription": "Kontroller JSON nyttelaststrukturen sendt til ditt endepunkt. Hvis deaktivert, sendes et standard JSON-objekt for hver hendelse.",
+    "httpDestEnableBodyTemplate": "Aktiver egendefinert meldingsmal",
+    "httpDestBodyTemplateLabel": "Kroppsmal (JSON)",
+    "httpDestBodyTemplateHint": "Bruk designmal variabler for å referere til eventfelt i din betaling.",
+    "httpDestPayloadFormatTitle": "Mål format",
+    "httpDestPayloadFormatDescription": "Hvordan blir hendelser serialisert inn i hver forespørselsorgan.",
+    "httpDestFormatJsonArrayTitle": "JSON liste",
+    "httpDestFormatJsonArrayDescription": "Én forespørsel per batch, innholdet er en JSON-liste. Kompatibel med de mest generiske webhooks og Datadog.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "Én forespørsel per sats, innholdet er nytt avgrenset JSON - et objekt per linje, ingen ytterarray. Kreves av Splunk HEC, Elastisk/OpenSearch, og Grafana Loki.",
+    "httpDestFormatSingleTitle": "En hendelse per forespørsel",
+    "httpDestFormatSingleDescription": "Sender en separat HTTP POST for hver enkelt hendelse. Bruk bare for endepunkter som ikke kan håndtere batcher.",
+    "httpDestLogTypesTitle": "Logg typer",
+    "httpDestLogTypesDescription": "Velg hvilke loggtyper som blir videresendt til dette målet. Bare aktiverte loggtyper vil bli strømmet.",
+    "httpDestAccessLogsTitle": "Tilgangslogger (Automatic Translation)",
+    "httpDestAccessLogsDescription": "Adgangsforsøk for ressurser, inkludert godkjente og nektet forespørsler.",
+    "httpDestActionLogsTitle": "Handlingslogger",
+    "httpDestActionLogsDescription": "Administrative tiltak som utføres av brukere innenfor organisasjonen.",
+    "httpDestConnectionLogsTitle": "Loggfiler for tilkobling",
+    "httpDestConnectionLogsDescription": "Utstyrs- og tunneltilkoblingshendelser, inkludert forbindelser og frakobling.",
+    "httpDestRequestLogsTitle": "HTTP-forespørselslogger",
+    "httpDestRequestLogsDescription": "HTTP-forespørsel logger for bekreftede ressurser, inkludert metode, bane og responskode.",
+    "httpDestSaveChanges": "Lagre endringer",
+    "httpDestCreateDestination": "Opprett mål",
+    "httpDestUpdatedSuccess": "Målet er oppdatert",
+    "httpDestCreatedSuccess": "Målet er opprettet",
+    "httpDestUpdateFailed": "Kunne ikke oppdatere destinasjon",
+    "httpDestCreateFailed": "Kan ikke opprette mål",
+    "followRedirects": "Følg videresendinger",
+    "followRedirectsDescription": "Følg automatisk HTTP-videresendinger for forespørsler.",
+    "alertingErrorWebhookUrl": "Vennligst skriv inn en gyldig URL for webhooken.",
+    "healthCheckStrategyHttp": "Validerer tilkobling og sjekker HTTP-responsstatus.",
+    "healthCheckStrategyTcp": "Bekrefter kun TCP-tilkobling, uten å inspisere responsen.",
+    "healthCheckStrategySnmp": "Utfører en SNMP get-forespørsel for å sjekke helsen til nettverksenheter og infrastruktur.",
+    "healthCheckStrategyIcmp": "Bruker ICMP ekko forespørsler (ping) for å sjekke om en ressurs er tilgjengelig og responsiv.",
+    "healthCheckTabStrategy": "Strategi",
+    "healthCheckTabConnection": "Tilkobling",
+    "healthCheckTabAdvanced": "Avansert",
+    "healthCheckStrategyNotAvailable": "Denne strategien er ikke tilgjengelig. Vennligst kontakt salgsavdelingen for å aktivere denne funksjonen.",
+    "uptime30d": "Oppetid (30d)",
+    "idpAddActionCreateNew": "Opprett ny identitetsleverandør",
+    "idpAddActionImportFromOrg": "Importer fra en annen organisasjon",
+    "idpImportDialogTitle": "Importer identitetsleverandør",
+    "idpImportDialogDescription": "Velg en identitetsleverandør fra en organisasjon der du er admin. Den vil bli knyttet til denne organisasjonen.",
+    "idpImportSearchPlaceholder": "Søk etter organisasjons- eller leverandørnavn...",
+    "idpImportEmpty": "Ingen identitetsleverandører funnet.",
+    "idpImportedDescription": "Identitetsleverandøren ble importert vellykket.",
+    "idpDeleteGlobalQuestion": "Er du sikker på at du vil slette denne identitetsleverandøren permanent?",
+    "idpDeleteGlobalDescription": "Dette vil slette identitetsleverandøren permanent fra alle organisasjoner den er tilknyttet.",
+    "idpUnassociateTitle": "Frakoble identitetsleverandør",
+    "idpUnassociateQuestion": "Er du sikker på at du vil frakoble denne identitetsleverandøren fra denne organisasjonen?",
+    "idpUnassociateDescription": "Alle brukere knyttet til denne identitetsleverandøren vil bli fjernet fra denne organisasjonen, men identitetsleverandøren vil fortsatt eksistere for andre tilknyttede organisasjoner.",
+    "idpUnassociateConfirm": "Bekreft frakobling av identitetsleverandør",
+    "idpUnassociateWarning": "Dette kan ikke angres for denne organisasjonen.",
+    "idpUnassociatedDescription": "Identitetsleverandør er vellykket frakoblet fra denne organisasjonen",
+    "idpUnassociateMenu": "Frakoble",
+    "idpDeleteAllOrgsMenu": "Slett",
+    "publicIpEndpoint": "Endepunkt",
+    "lastTriggeredAt": "Siste utløste",
+    "reject": "Avvis",
+    "uptimeDaysAgo": "{count} days ago",
+    "uptimeToday": "I dag",
+    "uptimeNoDataAvailable": "Ingen data tilgjengelig",
+    "uptimeSuffix": "oppetid",
+    "uptimeDowntimeSuffix": "nedetid",
+    "uptimeTooltipUptimeLabel": "Oppetid",
+    "uptimeTooltipDowntimeLabel": "Nedetid",
+    "uptimeOngoing": "pågående",
+    "uptimeNoMonitoringData": "Ingen overvåkingsdata",
+    "uptimeNoData": "Ingen data",
+    "uptimeMiniBarDown": "Nede",
+    "uptimeSectionTitle": "Oppetid",
+    "uptimeSectionDescription": "Tilgjengelighet de siste {days} dagene",
+    "uptimeAddAlert": "Legg til varsling",
+    "uptimeViewAlerts": "Vis varsler",
+    "uptimeCreateEmailAlert": "Opprett e-postvarsel",
+    "uptimeAlertDescriptionSite": "Få beskjed på e-post når dette nettstedet går offline eller kommer tilbake online.",
+    "uptimeAlertDescriptionResource": "Få beskjed på e-post når denne ressursen går offline eller kommer tilbake online.",
+    "uptimeAlertNamePlaceholder": "Varslingsnavn",
+    "uptimeAdditionalEmails": "Flere e-poster",
+    "uptimeCreateAlert": "Opprett varsling",
+    "uptimeAlertNoRecipients": "Ingen mottakere",
+    "uptimeAlertNoRecipientsDescription": "Vennligst legg til minst én bruker, rolle, eller e-post for å varsle.",
+    "uptimeAlertCreated": "Varsel opprettet",
+    "uptimeAlertCreatedDescription": "Du vil bli varslet når dette endrer status.",
+    "uptimeAlertCreateFailed": "Kunne ikke opprette varsel",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "Nøkkel",
+    "webhookHeaderValuePlaceholder": "Verdi",
+    "alertLabel": "Varsel",
+    "domainPickerWildcardSubdomainNotAllowed": "Jokertegnsubdomener er ikke tillatt.",
+    "domainPickerWildcardCertWarning": "Jokertegnressurser kan kreve ekstra konfigurasjon for å fungere skikkelig.",
+    "domainPickerWildcardCertWarningLink": "Lær mer",
+    "health": "Helse",
+    "domainPendingErrorTitle": "Verifiseringsproblem",
+    "memberPortalTitle": "Ressurser",
+    "memberPortalDescription": "Ressurser du har tilgang til i denne organisasjonen",
+    "memberPortalSortBy": "Sorter etter...",
+    "memberPortalSortNameAsc": "Navn A-Å",
+    "memberPortalSortNameDesc": "Navn Å-A",
+    "memberPortalSortDomainAsc": "Domene A-Å",
+    "memberPortalSortDomainDesc": "Domene Å-A",
+    "memberPortalSortEnabledFirst": "Aktivert først",
+    "memberPortalSortDisabledFirst": "Deaktivert først",
+    "memberPortalRefresh": "Oppdater",
+    "memberPortalRefreshResources": "Oppdater ressurser",
+    "memberPortalFailedToLoad": "Kunne ikke laste inn ressurser",
+    "memberPortalFailedToLoadDescription": "Kunne ikke laste inn ressurser. Vennligst sjekk tilkoblingen din og prøv igjen.",
+    "memberPortalUnableToLoad": "Kan ikke laste inn ressurser",
+    "memberPortalTryAgain": "Prøv igjen",
+    "memberPortalNoResourcesFound": "Ingen ressurser funnet",
+    "memberPortalNoResourcesAvailable": "Ingen ressurser tilgjengelig",
+    "memberPortalNoResourcesMatchSearch": "Ingen ressurser samsvarer med \"{query}\". Prøv å justere søkeordene dine eller fjern søket for å se alle ressurser.",
+    "memberPortalNoResourcesAccess": "Du har ennå ikke tilgang til noen ressurser. Kontakt administratoren din for å få tilgang til de ressursene du trenger.",
+    "memberPortalClearSearch": "Fjern søk",
+    "memberPortalPublicResources": "Offentlige ressurser",
+    "memberPortalPublicResourcesDescription": "Webapplikasjoner og -tjenester tilgjengelige via nettleser",
+    "memberPortalCopiedToClipboard": "Kopiert til utklippstavlen",
+    "memberPortalCopiedUrlDescription": "Ressurs-URL er kopiert til utklippstavlen din.",
+    "memberPortalOpenResource": "Åpne ressurs",
+    "memberPortalPrivateResources": "Private ressurser",
+    "memberPortalPrivateResourcesDescription": "Interne nettverksressurser tilgjengelige via klient",
+    "memberPortalResourceDetails": "Ressursdetaljer",
+    "memberPortalMode": "Modus",
+    "memberPortalDestination": "Destinasjon",
+    "memberPortalAlias": "Navn",
+    "memberPortalCopiedAliasDescription": "Ressursalias er kopiert til utklippstavlen din.",
+    "memberPortalCopiedDestinationDescription": "Ressursdestinasjon er kopiert til utklippstavlen din.",
+    "memberPortalRequiresClientConnection": "Krever klienttilkobling",
+    "memberPortalAuthMethods": "Autentiseringsmetoder",
+    "memberPortalSso": "Enkeltpålogging (SSO)",
+    "memberPortalPasswordProtected": "Passordbeskyttet",
+    "memberPortalPinCode": "PIN-kode",
+    "memberPortalEmailWhitelist": "E-post-hviteliste",
+    "memberPortalResourceDisabled": "Ressurs deaktivert",
+    "memberPortalShowingResources": "Viser {start}-{end} av {total} ressurser",
+    "memberPortalPrevious": "Forrige",
+    "memberPortalNext": "Neste"
 }
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "Neem contact op met de verkoopafdeling om deze functie in te schakelen.",
+    "contactSalesBookDemo": "Boek een demo",
+    "contactSalesOr": "of",
+    "contactSalesContactUs": "neem contact met ons op",
    "setupCreate": "Maak de organisatie, site en bronnen aan",
    "headerAuthCompatibilityInfo": "Schakel dit in om een 401 Niet Geautoriseerd antwoord af te dwingen wanneer een authenticatietoken ontbreekt. Dit is vereist voor browsers of specifieke HTTP-bibliotheken die geen referenties verzenden zonder een serveruitdaging.",
    "headerAuthCompatibility": "Uitgebreide compatibiliteit",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "Ongeldige of verlopen licentiesleutels gedetecteerd. Volg de licentievoorwaarden om alle functies te blijven gebruiken.",
    "dismiss": "Uitschakelen",
    "subscriptionViolationMessage": "U overschrijdt uw huidige abonnement. Corrigeer het probleem door sites, gebruikers of andere bronnen te verwijderen om binnen uw plan te blijven.",
+    "trialBannerMessage": "Uw proefversie verloopt over {countdown}. Upgrade om toegang te behouden.",
+    "trialBannerExpired": "Uw proefperiode is verlopen. Upgrade nu om toegang te herstellen.",
+    "billingTrialBannerTitle": "Proefperiode Actief",
+    "billingTrialBannerDescription": "Je bent momenteel bezig met een gratis proefperiode op het zakelijke niveau. Wanneer de proefperiode eindigt, wordt je account automatisch teruggezet naar de functies en limieten van het Basic-niveau. Upgrade op elk moment om toegang te houden tot de functies van je huidige plan.",
+    "billingTrialBannerUpgrade": "Nu Upgraden",
+    "billingTrialBadge": "Gratis Proefversie",
+    "trialActive": "Gratis proefversie actief",
+    "trialExpired": "Proefversie verlopen",
+    "trialHasEnded": "Uw proefperiode is geëindigd.",
+    "trialDaysRemaining": "{count, plural, one {# dag resterend} other {# dagen resterend}}",
+    "trialDaysLeftShort": "{days}d over in proefversie",
+    "trialGoToBilling": "Ga naar factureringspagina",
    "subscriptionViolationViewBilling": "Facturering bekijken",
    "componentsLicenseViolation": "Licentie overtreding: Deze server gebruikt {usedSites} sites die de gelicentieerde limiet van {maxSites} sites overschrijden. Volg de licentievoorwaarden om door te gaan met het gebruik van alle functies.",
    "componentsSupporterMessage": "Bedankt voor het ondersteunen van Pangolin als {tier}!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "Ik heb de configuratie gekopieerd",
    "searchSitesProgress": "Sites zoeken...",
    "siteAdd": "Site toevoegen",
+    "sitesTableViewPublicResources": "Openbare bronnen bekijken",
+    "sitesTableViewPrivateResources": "Privébronnen bekijken",
    "siteInstallNewt": "Installeer Newt",
    "siteInstallNewtDescription": "Laat Newt draaien op uw systeem",
    "WgConfiguration": "WireGuard Configuratie",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "De site is bijgewerkt.",
    "siteGeneralDescription": "Algemene instellingen voor deze site configureren",
    "siteSettingDescription": "Configureer de instellingen van de site",
+    "siteResourcesTab": "Bronnen",
+    "siteResourcesNoneOnSite": "Deze site heeft nog geen openbare of privébronnen.",
+    "siteResourcesSectionPublic": "Openbare bronnen",
+    "siteResourcesSectionPrivate": "Privébronnen",
+    "siteResourcesSectionPublicDescription": "Bronnen extern blootgesteld via domeinen of poorten.",
+    "siteResourcesSectionPrivateDescription": "Bronnen beschikbaar op uw privénetwerk via de site.",
+    "siteResourcesViewAllPublic": "Bekijk alle bronnen",
+    "siteResourcesViewAllPrivate": "Bekijk alle bronnen",
+    "siteResourcesDialogDescription": "Overzicht van openbare en privébronnen die geassocieerd zijn met deze site.",
+    "siteResourcesShowMore": "Meer weergeven",
+    "siteResourcesPermissionDenied": "U heeft geen toestemming om deze bronnen te vermelden.",
+    "siteResourcesEmptyPublic": "Geen openbare bronnen richten zich nog op deze site.",
+    "siteResourcesEmptyPrivate": "Er zijn nog geen privébronnen gekoppeld aan deze site.",
+    "siteResourcesHowToAccess": "Hoe te openen",
+    "siteResourcesTargetsOnSite": "Doelen op deze site",
    "siteSetting": "{siteName} instellingen",
    "siteNewtTunnel": "Nieuwste site (Aanbevolen)",
    "siteNewtTunnelDescription": "Makkelijkste manier om een ingangspunt in een netwerk te maken. Geen extra opzet.",
@@ -148,6 +181,11 @@
    "createLink": "Koppeling aanmaken",
    "resourcesNotFound": "Geen bronnen gevonden",
    "resourceSearch": "Zoek bronnen",
+    "machineSearch": "Zoek machines",
+    "machinesSearch": "Zoek machine-clients...",
+    "machineNotFound": "Geen machines gevonden",
+    "userDeviceSearch": "Gebruikersapparaten zoeken",
+    "userDevicesSearch": "Gebruikersapparaten zoeken...",
    "openMenu": "Menu openen",
    "resource": "Bron",
    "title": "Aanspreektitel",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "Proxyverzoeken via HTTPS met een volledig gekwalificeerde domeinnaam.",
    "resourceRaw": "TCP/UDP bron",
    "resourceRawDescription": "Proxyverzoeken via ruwe TCP/UDP met een poortnummer.",
+    "resourceRawDescriptionCloud": "Proxy verzoeken over rauwe TCP/UDP met behulp van een poortnummer. Vereist sites om verbinding te maken met een remote node.",
    "resourceCreate": "Bron maken",
    "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
    "resourceSeeAll": "Alle bronnen bekijken",
@@ -261,8 +300,11 @@
    "orgMissing": "Organisatie-ID ontbreekt",
    "orgMissingMessage": "Niet in staat om de uitnodiging te regenereren zonder organisatie-ID.",
    "accessUsersManage": "Gebruikers beheren",
+    "accessUserManage": "Beheer gebruiker",
    "accessUsersDescription": "Nodig uit en beheer gebruikers met toegang tot deze organisatie",
    "accessUsersSearch": "Gebruikers zoeken...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# rol} other {# rollen}}",
+    "accessUsersRoleFilterClear": "Rolfilters wissen",
    "accessUserCreate": "Gebruiker aanmaken",
    "accessUserRemove": "Gebruiker verwijderen",
    "username": "Gebruikersnaam",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "API-sleutel verwijderen",
    "apiKeysManage": "API-sleutels beheren",
    "apiKeysDescription": "API-sleutels worden gebruikt om te verifiëren met de integratie-API",
+    "provisioningKeysTitle": "Vertrekkende sleutel",
+    "provisioningKeysManage": "Beheren van Provisioning Sleutels",
+    "provisioningKeysDescription": "Provisionerende sleutels worden gebruikt om geautomatiseerde sitebepaling voor uw organisatie te verifiëren.",
+    "provisioningManage": "Provisie",
+    "provisioningDescription": "Voorzieningssleutels beheren en sites beoordelen in afwachting van goedkeuring.",
+    "pendingSites": "Openstaande sites",
+    "siteApproveSuccess": "Site succesvol goedgekeurd",
+    "siteApproveError": "Fout bij goedkeuren website",
+    "provisioningKeys": "Verhelderende sleutels",
+    "searchProvisioningKeys": "Zoek provisioningsleutels ...",
+    "provisioningKeysAdd": "Genereer Provisioning Sleutel",
+    "provisioningKeysErrorDelete": "Fout bij verwijderen provisioning sleutel",
+    "provisioningKeysErrorDeleteMessage": "Fout bij verwijderen provisioning sleutel",
+    "provisioningKeysQuestionRemove": "Weet u zeker dat u deze proefsleutel van de organisatie wilt verwijderen?",
+    "provisioningKeysMessageRemove": "Eenmaal verwijderd, kan de sleutel niet meer worden gebruikt voor site-instructie.",
+    "provisioningKeysDeleteConfirm": "Bevestig Verwijderen Provisione-sleutel",
+    "provisioningKeysDelete": "Provisione-sleutel verwijderen",
+    "provisioningKeysCreate": "Genereer Provisioning Sleutel",
+    "provisioningKeysCreateDescription": "Een nieuwe provisioningsleutel voor de organisatie genereren",
+    "provisioningKeysSeeAll": "Bekijk alle provisioning sleutels",
+    "provisioningKeysSave": "Sla de provisioning sleutel op",
+    "provisioningKeysSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een veilige plaats.",
+    "provisioningKeysErrorCreate": "Fout bij aanmaken provisioning sleutel",
+    "provisioningKeysList": "Nieuwe provisioning sleutel",
+    "provisioningKeysMaxBatchSize": "Maximale batchgrootte",
+    "provisioningKeysUnlimitedBatchSize": "Onbeperkte batchgrootte (geen limiet)",
+    "provisioningKeysMaxBatchUnlimited": "Onbeperkt",
+    "provisioningKeysMaxBatchSizeInvalid": "Voer een geldige maximale batchgrootte in (1–1.000,000).",
+    "provisioningKeysValidUntil": "Geldig tot",
+    "provisioningKeysValidUntilHint": "Laat leeg voor geen vervaldatum.",
+    "provisioningKeysValidUntilInvalid": "Voer een geldige datum en tijd in.",
+    "provisioningKeysNumUsed": "Aantal keer gebruikt",
+    "provisioningKeysLastUsed": "Laatst gebruikt",
+    "provisioningKeysNoExpiry": "Geen vervaldatum",
+    "provisioningKeysNeverUsed": "Nooit",
+    "provisioningKeysEdit": "Wijzig Provisioning Sleutel",
+    "provisioningKeysEditDescription": "Werk de maximale batchgrootte en verlooptijd voor deze sleutel bij.",
+    "provisioningKeysApproveNewSites": "Goedkeuren van nieuwe sites",
+    "provisioningKeysApproveNewSitesDescription": "Automatisch sites goedkeuren die zich registreren met deze sleutel.",
+    "provisioningKeysUpdateError": "Fout tijdens bijwerken provisioning sleutel",
+    "provisioningKeysUpdated": "Provisie sleutel bijgewerkt",
+    "provisioningKeysUpdatedDescription": "Uw wijzigingen zijn opgeslagen.",
+    "provisioningKeysBannerTitle": "Bewerkingssleutels voor websites",
+    "provisioningKeysBannerDescription": "Genereer een inrichtingssleutel en gebruik deze met de Newt-connector om automatisch sites te maken bij de eerste opstart - er is geen behoefte om aparte inloggegevens voor elke site in te stellen.",
+    "provisioningKeysBannerButtonText": "Meer informatie",
+    "pendingSitesBannerTitle": "Openstaande sites",
+    "pendingSitesBannerDescription": "Sites die verbinding maken met een inrichtingssleutel verschijnen hier voor beoordeling.",
+    "pendingSitesBannerButtonText": "Meer informatie",
    "apiKeysSettings": "{apiKeyName} instellingen",
    "userTitle": "Alle gebruikers beheren",
    "userDescription": "Bekijk en beheer alle gebruikers in het systeem",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "Licentiesleutel activeren mislukt",
    "licenseErrorKeyActivateDescription": "Er is een fout opgetreden tijdens het activeren van de licentiesleutel.",
    "licenseAbout": "Over licenties",
+    "licenseBannerTitle": "Activeer Uw Enterprise Licentie",
+    "licenseBannerDescription": "Ontgrendel enterprise-functies voor uw zelf-gehoste Pangolin-instantie. Koop een licentiesleutel om premium mogelijkheden te activeren, voeg deze vervolgens hieronder toe.",
+    "licenseBannerGetLicense": "Koop een Licentie",
+    "licenseBannerViewDocs": "Bekijk Documentatie",
    "communityEdition": "Community editie",
    "licenseAboutDescription": "Dit geldt voor gebruikers van bedrijven en ondernemingen die Pangolin in gebruiken in een commerciële omgeving. Als u Pangolin gebruikt voor persoonlijk gebruik, kunt u dit gedeelte negeren.",
    "licenseKeyActivated": "Licentiesleutel geactiveerd",
@@ -508,9 +602,12 @@
    "userSaved": "Gebruiker opgeslagen",
    "userSavedDescription": "De gebruiker is bijgewerkt.",
    "autoProvisioned": "Automatisch bevestigen",
+    "autoProvisionSettings": "Auto Provisie Instellingen",
    "autoProvisionedDescription": "Toestaan dat deze gebruiker automatisch wordt beheerd door een identiteitsprovider",
    "accessControlsDescription": "Beheer wat deze gebruiker toegang heeft tot en doet in de organisatie",
    "accessControlsSubmit": "Bewaar Toegangsbesturing",
+    "singleRolePerUserPlanNotice": "Uw plan ondersteunt slechts één rol per gebruiker.",
+    "singleRolePerUserEditionNotice": "Deze editie ondersteunt slechts één rol per gebruiker.",
    "roles": "Rollen",
    "accessUsersRoles": "Beheer Gebruikers & Rollen",
    "accessUsersRolesDescription": "Nodig gebruikers uit en voeg ze toe aan de rollen om toegang tot de organisatie te beheren",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "Voer een geldig poortnummer in",
    "targetErrorNoSite": "Geen site geselecteerd",
    "targetErrorNoSiteDescription": "Selecteer een site voor het doel",
+    "targetTargetsCleared": "Doelen gewist",
+    "targetTargetsClearedDescription": "Alle doelen zijn verwijderd van deze bron",
    "targetCreated": "Doel aangemaakt",
    "targetCreatedDescription": "Doel is succesvol aangemaakt",
    "targetErrorCreate": "Kan doel niet aanmaken",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "Bron wisselen mislukt",
    "resourcesErrorUpdateDescription": "Er is een fout opgetreden tijdens het bijwerken van het document",
    "access": "Toegangsrechten",
+    "accessControl": "Toegangs controle",
    "shareLink": "{resource} Share link",
    "resourceSelect": "Selecteer resource",
    "shareLinks": "Links delen",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Geheim",
+    "newtVersion": "Versie",
    "architecture": "Architectuur",
    "sites": "Sites",
    "siteWgAnyClients": "Gebruik een willekeurige WireGuard client om verbinding te maken. Je zult interne bronnen moeten aanspreken met behulp van de peer IP.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "Rol verwijderd",
    "accessRoleRemovedDescription": "De rol is succesvol verwijderd.",
    "accessRoleRequiredRemove": "Voordat u deze rol verwijdert, selecteer een nieuwe rol om bestaande leden aan te dragen.",
+    "network": "Netwerk",
    "manage": "Beheren",
    "sitesNotFound": "Geen sites gevonden.",
    "pangolinServerAdmin": "Serverbeheer - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "Een weergavenaam voor deze identiteitsprovider",
    "idpAutoProvisionUsers": "Auto Provisie Gebruikers",
    "idpAutoProvisionUsersDescription": "Wanneer ingeschakeld, worden gebruikers automatisch in het systeem aangemaakt wanneer ze de eerste keer inloggen met de mogelijkheid om gebruikers toe te wijzen aan rollen en organisaties.",
+    "idpAutoProvisionConfigureAfterCreate": "U kunt automatische voorzieningsinstellingen configureren zodra de identiteitsprovider is aangemaakt.",
    "licenseBadge": "EE",
    "idpType": "Type provider",
    "idpTypeDescription": "Selecteer het type identiteitsprovider dat u wilt configureren",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "Standaard Rol Toewijzing",
    "defaultMappingsRoleDescription": "Het resultaat van deze uitdrukking moet de rolnaam zoals gedefinieerd in de organisatie als tekenreeks teruggeven.",
    "defaultMappingsOrg": "Standaard organisatie mapping",
-    "defaultMappingsOrgDescription": "Deze expressie moet de org-ID teruggeven of waar om de gebruiker toegang te geven tot de organisatie.",
+    "defaultMappingsOrgDescription": "Wanneer ingesteld, moet deze expressie de organisatie-ID of waar retourneren voor de gebruiker om toegang te krijgen tot die organisatie. Als het niet is ingesteld, is het definiëren van een roltoewijzing voldoende: de gebruiker is toegestaan zolang een geldige roltoewijzing voor hen binnen de organisatie kan worden opgelost.",
    "defaultMappingsSubmit": "Standaard toewijzingen opslaan",
    "orgPoliciesEdit": "Organisatie beleid bewerken",
    "org": "Organisatie",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "Oeps! De pagina die je zoekt bestaat niet.",
    "overview": "Overzicht.",
    "home": "Startpagina",
-    "accessControl": "Toegangs controle",
    "settings": "Instellingen",
    "usersAll": "Alle gebruikers",
    "license": "Licentie",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "Gebruiker ophalen",
    "actionGetOrgUser": "Krijg organisatie-gebruiker",
    "actionListOrgDomains": "Lijst organisatie domeinen",
+    "actionGetDomain": "Domein verkrijgen",
+    "actionCreateOrgDomain": "Domein aanmaken",
+    "actionUpdateOrgDomain": "Domein bijwerken",
+    "actionDeleteOrgDomain": "Domein verwijderen",
+    "actionGetDNSRecords": "Krijg DNS Records",
+    "actionRestartOrgDomain": "Domein opnieuw starten",
    "actionCreateSite": "Site aanmaken",
    "actionDeleteSite": "Site verwijderen",
    "actionGetSite": "Site ophalen",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "Voer het setup-token in vanaf de serverconsole.",
    "setupTokenRequired": "Setup-token is vereist",
    "actionUpdateSite": "Site bijwerken",
+    "actionResetSiteBandwidth": "Reset organisatieschandbreedte",
    "actionListSiteRoles": "Toon toegestane sitenollen",
    "actionCreateResource": "Bron maken",
    "actionDeleteResource": "Document verwijderen",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "Gebruiker verwijderen",
    "actionListUsers": "Gebruikers weergeven",
    "actionAddUserRole": "Gebruikersrol toevoegen",
+    "actionSetUserOrgRoles": "Stel gebruikersrollen in",
    "actionGenerateAccessToken": "Genereer Toegangstoken",
    "actionDeleteAccessToken": "Verwijder toegangstoken",
    "actionListAccessTokens": "Lijst toegangstokens",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "Logboeken bekijken",
    "noneSelected": "Niet geselecteerd",
    "orgNotFound2": "Geen organisaties gevonden.",
+    "search": "Zoeken…",
    "searchPlaceholder": "Zoeken...",
    "emptySearchOptions": "Geen opties gevonden",
    "create": "Aanmaken",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "Privé",
    "sidebarAccessControl": "Toegangs controle",
    "sidebarLogsAndAnalytics": "Logs & Analytics",
+    "sidebarTeam": "Team",
    "sidebarUsers": "Gebruikers",
    "sidebarAdmin": "Beheerder",
    "sidebarInvitations": "Uitnodigingen",
    "sidebarRoles": "Rollen",
    "sidebarShareableLinks": "Koppelingen",
    "sidebarApiKeys": "API sleutels",
+    "sidebarProvisioning": "Provisie",
    "sidebarSettings": "Instellingen",
    "sidebarAllUsers": "Alle gebruikers",
    "sidebarIdentityProviders": "Identiteit aanbieders",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "Beheren",
    "sidebarLogAndAnalytics": "Log & Analytics",
    "sidebarBluePrints": "Blauwdrukken",
+    "sidebarAlerting": "Waarschuwingen",
+    "sidebarHealthChecks": "Gezondheidscontroles",
    "sidebarOrganization": "Organisatie",
+    "sidebarManagement": "Beheer",
    "sidebarBillingAndLicenses": "Facturatie & Licenties",
    "sidebarLogsAnalytics": "Analyses",
+    "alertingTitle": "Waarschuwingen",
+    "alertingDescription": "Definieer bronnen, triggers en acties voor meldingen",
+    "alertingRules": "Waarschuwingsregels",
+    "alertingSearchRules": "Zoek regels…",
+    "alertingAddRule": "Regel aanmaken",
+    "alertingColumnSource": "Bron",
+    "alertingColumnTrigger": "Trigger",
+    "alertingColumnActions": "Acties",
+    "alertingColumnEnabled": "Ingeschakeld",
+    "alertingDeleteQuestion": "Bevestig alstublieft dat u deze waarschuwingsregel wilt verwijderen.",
+    "alertingDeleteRule": "Verwijder waarschuwingsregel",
+    "alertingRuleDeleted": "Waarschuwingsregel verwijderd",
+    "alertingRuleSaved": "Waarschuwingsregel opgeslagen",
+    "alertingRuleSavedCreatedDescription": "Uw nieuwe waarschuwingsregel is aangemaakt. U kunt deze op deze pagina blijven bewerken.",
+    "alertingRuleSavedUpdatedDescription": "Uw wijzigingen in deze waarschuwingsregel zijn opgeslagen.",
+    "alertingEditRule": "Bewerk waarschuwingsregel",
+    "alertingCreateRule": "Waarschuwingsregel aanmaken",
+    "alertingRuleCredenzaDescription": "Kies wat te bekijken, wanneer het moet gebeuren en hoe te waarschuwen",
+    "alertingRuleNamePlaceholder": "Productiesite offline",
+    "alertingRuleEnabled": "Regel ingeschakeld",
+    "alertingSectionSource": "Bron",
+    "alertingSourceType": "Brontype",
+    "alertingSourceSite": "Site",
+    "alertingSourceHealthCheck": "Gezondheidscontrole",
+    "alertingPickSites": "Sites",
+    "alertingPickHealthChecks": "Gezondheidscontroles",
+    "alertingPickResources": "Bronnen",
+    "alertingAllSites": "Alle sites",
+    "alertingAllSitesDescription": "Waarschuwing voor elke site",
+    "alertingSpecificSites": "Specifieke sites",
+    "alertingSpecificSitesDescription": "Kies specifieke sites om in de gaten te houden",
+    "alertingAllHealthChecks": "Alle Gezondheidscontroles",
+    "alertingAllHealthChecksDescription": "Waarschuwing voor elke gezondheidscontrole",
+    "alertingSpecificHealthChecks": "Specifieke Gezondheidscontroles",
+    "alertingSpecificHealthChecksDescription": "Kies specifieke gezondheidscontroles om in de gaten te houden",
+    "alertingAllResources": "Alle bronnen",
+    "alertingAllResourcesDescription": "Waarschuwing voor elke bron",
+    "alertingSpecificResources": "Specifieke bronnen",
+    "alertingSpecificResourcesDescription": "Kies specifieke bronnen om in de gaten te houden",
+    "alertingSelectResources": "Selecteer bronnen…",
+    "alertingResourcesSelected": "{count} bronnen geselecteerd",
+    "alertingResourcesEmpty": "Geen bronnen met doelen in de eerste 10 resultaten.",
+    "alertingSectionTrigger": "Trigger",
+    "alertingTrigger": "Wanneer te waarschuwen",
+    "alertingTriggerSiteOnline": "Site online",
+    "alertingTriggerSiteOffline": "Site offline",
+    "alertingTriggerSiteToggle": "Site status wijzigt",
+    "alertingTriggerHcHealthy": "Gezondheidscontrole gezond",
+    "alertingTriggerHcUnhealthy": "Gezondheidscontrole ongezond",
+    "alertingTriggerHcToggle": "Gezondheidscontrole status verandert",
+    "alertingTriggerResourceHealthy": "Bron gezond",
+    "alertingTriggerResourceUnhealthy": "Bron ongezond",
+    "alertingTriggerResourceDegraded": "Bron gedegradeerd",
+    "alertingSearchHealthChecks": "Zoek gezondheidscontroles…",
+    "alertingHealthChecksEmpty": "Geen gezondheidscontroles beschikbaar.",
+    "alertingTriggerResourceToggle": "Bronstatus wijzigt",
+    "alertingSourceResource": "Bron",
+    "alertingSectionActions": "Acties",
+    "alertingAddAction": "Actie toevoegen",
+    "alertingActionNotify": "E-mail",
+    "alertingActionNotifyDescription": "Stuur e-mailmeldingen naar gebruikers of rollen",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "Stuur een HTTP-verzoek naar een aangepast eindpunt",
+    "alertingExternalIntegration": "Externe integratie",
+    "alertingExternalPagerDutyDescription": "Stuur waarschuwingen naar PagerDuty voor incidentbeheer",
+    "alertingExternalOpsgenieDescription": "Routeer waarschuwingen naar Opsgenie voor wachtdienstbeheer",
+    "alertingExternalServiceNowDescription": "Maak ServiceNow-incidenten aan vanuit waarschuwingsgebeurtenissen",
+    "alertingExternalIncidentIoDescription": "Trigger Incident.io workflows van waarschuwingsgebeurtenissen",
+    "alertingActionType": "Actietype",
+    "alertingNotifyUsers": "Gebruikers",
+    "alertingNotifyRoles": "Rollen",
+    "alertingNotifyEmails": "E-mailadressen",
+    "alertingEmailPlaceholder": "Voeg e-mail toe en druk op Enter",
+    "alertingWebhookMethod": "HTTP-methode",
+    "alertingWebhookSecret": "Ondertekengeheim (optioneel)",
+    "alertingWebhookSecretPlaceholder": "HMAC-geheim",
+    "alertingWebhookHeaders": "Headers",
+    "alertingAddHeader": "Header toevoegen",
+    "alertingSelectSites": "Selecteer sites…",
+    "alertingSitesSelected": "{count} sites geselecteerd",
+    "alertingSelectHealthChecks": "Selecteer gezondheidscontroles…",
+    "alertingHealthChecksSelected": "{count} gezondheidscontroles geselecteerd",
+    "alertingNoHealthChecks": "Geen doelen met ingeschakelde gezondheidscontroles",
+    "alertingHealthCheckStub": "Gezondheidscontrole brondeselectie is nog niet gekoppeld - u kunt nog steeds triggers en acties configureren.",
+    "alertingSelectUsers": "Selecteer gebruikers…",
+    "alertingUsersSelected": "{count} gebruikers geselecteerd",
+    "alertingSelectRoles": "Selecteer rollen…",
+    "alertingRolesSelected": "{count} rollen geselecteerd",
+    "alertingSummarySites": "Sites ({count})",
+    "alertingSummaryAllSites": "Alle sites",
+    "alertingSummaryHealthChecks": "Gezondheidscontroles ({count})",
+    "alertingSummaryAllHealthChecks": "Alle gezondheidscontroles",
+    "alertingSummaryResources": "Bronnen ({count})",
+    "alertingSummaryAllResources": "Alle bronnen",
+    "alertingErrorNameRequired": "Voer een naam in",
+    "alertingErrorActionsMin": "Voeg minimaal één actie toe",
+    "alertingErrorPickSites": "Selecteer minimaal één site",
+    "alertingErrorPickHealthChecks": "Selecteer minimaal één gezondheidscontrole",
+    "alertingErrorPickResources": "Selecteer minimaal één bron",
+    "alertingErrorTriggerSite": "Kies een site-trigger",
+    "alertingErrorTriggerHealth": "Kies een gezondheidscontrole-trigger",
+    "alertingErrorTriggerResource": "Kies een bron-trigger",
+    "alertingErrorNotifyRecipients": "Kies gebruikers, rollen of ten minste één e-mail",
+    "alertingConfigureSource": "Bron configureren",
+    "alertingConfigureTrigger": "Trigger configureren",
+    "alertingConfigureActions": "Acties configureren",
+    "alertingBackToRules": "Terug naar regels",
+    "alertingRuleCooldown": "Aflkoelperiode (seconden)",
+    "alertingRuleCooldownDescription": "Minimale tijd tussen herhaalwaarschuwingen voor dezelfde regel. Zet op 0 om elke keer te laten vuren.",
+    "alertingDraftBadge": "Concept - opslaan om deze regel op te slaan",
+    "alertingSidebarHint": "Klik op een stap in het canvas om deze hier te bewerken.",
+    "alertingGraphCanvasTitle": "Regelstroom",
+    "alertingGraphCanvasDescription": "Visueel overzicht van bron, trigger en acties. Selecteer een node om deze in het paneel te bewerken.",
+    "alertingNodeNotConfigured": "Nog niet geconfigureerd",
+    "alertingNodeActionsCount": "{count, plural, one {# actie} other {# acties}}",
+    "alertingNodeRoleSource": "Bron",
+    "alertingNodeRoleTrigger": "Trigger",
+    "alertingNodeRoleAction": "Actie",
+    "alertingTabRules": "Waarschuwingsregels",
+    "alertingTabHealthChecks": "Gezondheidscontroles",
+    "alertingRulesBannerTitle": "Meldingen ontvangen",
+    "alertingRulesBannerDescription": "Elke regel koppelt wat te bekijken (een site, gezondheidscontrole of bron), wanneer te vuren (bijvoorbeeld offline of ongezond), en hoe uw team te waarschuwen via e-mail, webhooks of integraties. Gebruik deze lijst om die regels te maken, in te schakelen en te beheren.",
+    "alertingHealthChecksBannerTitle": "Gezondheid & bronnen bewaken",
+    "alertingHealthChecksBannerDescription": "Gezondheidscontroles zijn HTTP- of TCP-monitoren die u één keer definieert. U kunt ze vervolgens als bronnen in waarschuwingsregels gebruiken, zodat u meldingen krijgt wanneer een doelwit gezond of ongezond wordt. Gezondheidscontroles van bronnen verschijnen ook hier.",
+    "standaloneHcTableTitle": "Gezondheidscontroles",
+    "standaloneHcSearchPlaceholder": "Zoek gezondheidscontroles…",
+    "standaloneHcAddButton": "Gezondheidscontrole aanmaken",
+    "standaloneHcCreateTitle": "Gezondheidscontrole aanmaken",
+    "standaloneHcEditTitle": "Gezondheidscontrole bewerken",
+    "standaloneHcDescription": "Configureer een HTTP- of TCP-gezondheidscontrole voor gebruik in waarschuwingsregels.",
+    "standaloneHcNameLabel": "Naam",
+    "standaloneHcNamePlaceholder": "Mijn HTTP-monitor",
+    "standaloneHcDeleteTitle": "Gezondheidscontrole verwijderen",
+    "standaloneHcDeleteQuestion": "Bevestig alstublieft dat u deze gezondheidscontrole wilt verwijderen.",
+    "standaloneHcDeleted": "Gezondheidscontrole verwijderd",
+    "standaloneHcSaved": "Gezondheidscontrole opgeslagen",
+    "standaloneHcColumnHealth": "Gezondheid",
+    "standaloneHcColumnMode": "Modus",
+    "standaloneHcColumnTarget": "Doelwit",
+    "standaloneHcHealthStateHealthy": "Gezond",
+    "standaloneHcHealthStateUnhealthy": "Ongezond",
+    "standaloneHcHealthStateUnknown": "Onbekend",
+    "standaloneHcFilterAnySite": "Alle sites",
+    "standaloneHcFilterAnyResource": "Alle bronnen",
+    "standaloneHcFilterMode": "Modus",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "Gezondheid",
+    "standaloneHcFilterEnabled": "Ingeschakeld",
+    "standaloneHcFilterEnabledOn": "Ingeschakeld",
+    "standaloneHcFilterEnabledOff": "Uitgeschakeld",
+    "standaloneHcFilterSiteIdFallback": "Site {id}",
+    "standaloneHcFilterResourceIdFallback": "Bron {id}",
    "blueprints": "Blauwdrukken",
    "blueprintsDescription": "Gebruik declaratieve configuraties en bekijk vorige uitvoeringen.",
    "blueprintAdd": "Blauwdruk toevoegen",
@@ -1289,7 +1560,6 @@
    "parsedContents": "Geparseerde inhoud (alleen lezen)",
    "enableDockerSocket": "Schakel Docker Blauwdruk in",
    "enableDockerSocketDescription": "Schakel Docker Socket label in voor blauwdruk labels. Pad naar Nieuw.",
-    "enableDockerSocketLink": "Meer informatie",
    "viewDockerContainers": "Bekijk Docker containers",
    "containersIn": "Containers in {siteName}",
    "selectContainerDescription": "Selecteer een container om als hostnaam voor dit doel te gebruiken. Klik op een poort om een poort te gebruiken.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "Maak het eerste serverbeheeraccount aan. Er kan slechts één serverbeheerder bestaan. U kunt deze inloggegevens later altijd wijzigen.",
    "createAdminAccount": "Maak een beheeraccount aan",
    "setupErrorCreateAdmin": "Er is een fout opgetreden bij het maken van het serverbeheerdersaccount.",
-    "certificateStatus": "Certificaatstatus",
+    "certificateStatus": "Certificaat",
+    "certificateStatusAutoRefreshHint": "Status ververst automatisch.",
    "loading": "Bezig met laden",
    "loadingAnalytics": "Laden van Analytics",
    "restart": "Herstarten",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "Uitgaveopmerkingen bekijken",
    "newtUpdateAvailable": "Update beschikbaar",
    "newtUpdateAvailableInfo": "Er is een nieuwe versie van Newt beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
+    "pangolinNodeUpdateAvailableInfo": "Er is een nieuwe versie van Pangolin Node beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
    "domainPickerEnterDomain": "Domein",
    "domainPickerPlaceholder": "mijnapp.voorbeeld.nl",
    "domainPickerDescription": "Voer de volledige domein van de bron in om beschikbare opties te zien.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "Naamruimte: {namespace}",
    "domainPickerShowMore": "Meer weergeven",
    "regionSelectorTitle": "Selecteer Regio",
+    "domainPickerRemoteExitNodeWarning": "Opgegeven domeinen worden niet ondersteund wanneer websites verbinding maken met externe sluitnodes. Gebruik in plaats daarvan een aangepast domein. Om bronnen beschikbaar te maken op externe nodes.",
    "regionSelectorInfo": "Het selecteren van een regio helpt ons om betere prestaties te leveren voor uw locatie. U hoeft niet in dezelfde regio als uw server te zijn.",
    "regionSelectorPlaceholder": "Kies een regio",
    "regionSelectorComingSoon": "Komt binnenkort",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "Kennisgeving beschikbaarheid",
    "billingFeatureLossDescription": "Door downgraden worden functies die niet beschikbaar zijn in het nieuwe abonnement automatisch uitgeschakeld. Sommige instellingen en configuraties kunnen verloren gaan. Raadpleeg de prijsmatrix om te begrijpen welke functies niet langer beschikbaar zijn.",
    "billingUsageExceedsLimit": "Huidig gebruik ({current}) overschrijdt limiet ({limit})",
+    "billingPastDueTitle": "Vervaldatum betaling",
+    "billingPastDueDescription": "Uw betaling is verlopen. Werk uw betaalmethode bij om uw huidige abonnementsfuncties te blijven gebruiken. Als dit niet is opgelost, zal je abonnement worden geannuleerd en zal je worden teruggezet naar de vrije rang.",
+    "billingUnpaidTitle": "Abonnement Onbetaald",
+    "billingUnpaidDescription": "Uw abonnement is niet betaald en u bent teruggekeerd naar het gratis niveau. Update uw betalingsmethode om uw abonnement te herstellen.",
+    "billingIncompleteTitle": "Betaling onvolledig",
+    "billingIncompleteDescription": "Uw betaling is onvolledig. Voltooi alstublieft het betalingsproces om uw abonnement te activeren.",
+    "billingIncompleteExpiredTitle": "Betaling verlopen",
+    "billingIncompleteExpiredDescription": "Uw betaling is nooit voltooid en verlopen. U bent teruggekeerd naar de gratis niveaus. Abonneer u opnieuw om de toegang tot betaalde functies te herstellen.",
+    "billingManageSubscription": "Beheer uw abonnement",
+    "billingResolvePaymentIssue": "Gelieve uw betalingsprobleem op te lossen voor het upgraden of downgraden",
    "signUpTerms": {
        "IAgreeToThe": "Ik ga akkoord met de",
        "termsOfService": "servicevoorwaarden",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "Configureer Gezondheidscontrole",
    "configureHealthCheckDescription": "Stel gezondheid monitor voor {target} in",
    "enableHealthChecks": "Inschakelen Gezondheidscontroles",
+    "healthCheckDisabledStateDescription": "Wanneer uitgeschakeld, zal de site geen gezondheidscontroles uitvoeren en wordt de staat als onbekend beschouwd.",
    "enableHealthChecksDescription": "Controleer de gezondheid van dit doel. U kunt een ander eindpunt monitoren dan het doel indien vereist.",
    "healthScheme": "Methode",
    "healthSelectScheme": "Selecteer methode",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "Tijd is in seconden",
    "requireDeviceApproval": "Vereist goedkeuring van apparaat",
    "requireDeviceApprovalDescription": "Gebruikers met deze rol hebben nieuwe apparaten nodig die door een beheerder zijn goedgekeurd voordat ze verbinding kunnen maken met bronnen en deze kunnen gebruiken.",
+    "sshAccess": "SSH toegang",
+    "roleAllowSsh": "SSH toestaan",
+    "roleAllowSshAllow": "Toestaan",
+    "roleAllowSshDisallow": "Weigeren",
+    "roleAllowSshDescription": "Sta gebruikers met deze rol toe om verbinding te maken met bronnen via SSH. Indien uitgeschakeld kan de rol geen gebruik maken van SSH toegang.",
+    "sshSudoMode": "Sudo toegang",
+    "sshSudoModeNone": "geen",
+    "sshSudoModeNoneDescription": "Gebruiker kan geen commando's uitvoeren met sudo.",
+    "sshSudoModeFull": "Volledige Sudo",
+    "sshSudoModeFullDescription": "Gebruiker kan elk commando uitvoeren met een sudo.",
+    "sshSudoModeCommands": "Opdrachten",
+    "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
+    "sshSudo": "sudo toestaan",
+    "sshSudoCommands": "Sudo Commando's",
+    "sshSudoCommandsDescription": "Komma's gescheiden lijst van commando's waar de gebruiker een sudo mee mag uitvoeren.",
+    "sshCreateHomeDir": "Maak Home Directory",
+    "sshUnixGroups": "Unix groepen",
+    "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
    "retryAttempts": "Herhaal Pogingen",
    "expectedResponseCodes": "Verwachte Reactiecodes",
    "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "Controle interval moet minimaal 5 seconden zijn",
    "healthCheckTimeoutMin": "Timeout moet minimaal 1 seconde zijn",
    "healthCheckRetryMin": "Herhaal pogingen moet minimaal 1 zijn",
+    "healthCheckMode": "Controlemodus",
+    "healthCheckStrategy": "Strategie",
+    "healthCheckModeDescription": "TCP-modus verifieert alleen connectiviteit. HTTP-modus valideert de HTTP-respons.",
+    "healthyThreshold": "Gezonde drempel",
+    "healthyThresholdDescription": "Opeenvolgende successen vereist voordat gemarkeerd wordt als gezond.",
+    "unhealthyThreshold": "Ongezonde drempel",
+    "unhealthyThresholdDescription": "Opeenvolgende fouten vereist voordat gemarkeerd wordt als ongezond.",
+    "healthCheckHealthyThresholdMin": "Gezonde drempel moet minimaal 1 zijn",
+    "healthCheckUnhealthyThresholdMin": "Ongezonde drempel moet minimaal 1 zijn",
    "httpMethod": "HTTP-methode",
    "selectHttpMethod": "Selecteer HTTP-methode",
    "domainPickerSubdomainLabel": "Subdomein",
+    "domainPickerWildcard": "Wildcard",
+    "domainPickerWildcardPaidOnly": "Wildcard-subdomeinen zijn een betaalde functie. Upgrade om deze functie te gebruiken.",
    "domainPickerBaseDomainLabel": "Basisdomein",
    "domainPickerSearchDomains": "Zoek domeinen...",
    "domainPickerNoDomainsFound": "Geen domeinen gevonden",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "Dit adres is onderdeel van het hulpprogramma subnet van de organisatie. Het wordt gebruikt om aliasrecords op te lossen met behulp van interne DNS-resolutie.",
    "resourcesTableClients": "Clienten",
    "resourcesTableAndOnlyAccessibleInternally": "en zijn alleen intern toegankelijk wanneer verbonden met een client.",
-    "resourcesTableNoTargets": "Geen doelen",
    "resourcesTableHealthy": "Gezond",
    "resourcesTableDegraded": "Verminderde",
-    "resourcesTableOffline": "Offline",
+    "resourcesTableUnhealthy": "Ongezond",
    "resourcesTableUnknown": "onbekend",
    "resourcesTableNotMonitored": "Niet gecontroleerd",
+    "resourcesTableNoTargets": "Geen doelen",
    "editInternalResourceDialogEditClientResource": "Privépagina bewerken",
    "editInternalResourceDialogUpdateResourceProperties": "Update de resource configuratie en access control voor {resourceName}",
    "editInternalResourceDialogResourceProperties": "Bron eigenschappen",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "Poort",
    "editInternalResourceDialogModeHost": "Hostnaam",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "Schema",
+    "editInternalResourceDialogEnableSsl": "SSL inschakelen",
+    "editInternalResourceDialogEnableSslDescription": "Schakel SSL/TLS-encryptie in voor beveiligde HTTPS-verbindingen met de bestemming.",
    "editInternalResourceDialogDestination": "Bestemming",
    "editInternalResourceDialogDestinationHostDescription": "Het IP-adres of de hostnaam van de bron op het netwerk van de site.",
    "editInternalResourceDialogDestinationIPDescription": "Het IP of hostnaam adres van de bron op het netwerk van de site.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "Naam",
    "createInternalResourceDialogSite": "Site",
    "selectSite": "Selecteer site...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
    "noSitesFound": "Geen sites gevonden.",
    "createInternalResourceDialogProtocol": "Protocol",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "Poort",
    "createInternalResourceDialogModeHost": "Hostnaam",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "Schema",
+    "createInternalResourceDialogScheme": "Schema",
+    "createInternalResourceDialogEnableSsl": "SSL inschakelen",
+    "createInternalResourceDialogEnableSslDescription": "Schakel SSL/TLS-encryptie in voor beveiligde HTTPS-verbindingen met de bestemming.",
    "createInternalResourceDialogDestination": "Bestemming",
    "createInternalResourceDialogDestinationHostDescription": "Het IP-adres of de hostnaam van de bron op het netwerk van de site.",
    "createInternalResourceDialogDestinationCidrDescription": "Het CIDR-bereik van het document op het netwerk van de site.",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "Een optionele interne DNS-alias voor dit document.",
+    "internalResourceDownstreamSchemeRequired": "Schema is vereist voor HTTP-bronnen",
+    "internalResourceHttpPortRequired": "Bestemmingspoort is vereist voor HTTP-bronnen",
    "siteConfiguration": "Configuratie",
    "siteAcceptClientConnections": "Accepteer clientverbindingen",
    "siteAcceptClientConnectionsDescription": "Sta gebruikersapparaten en clients toegang toe tot bronnen op deze site. Dit kan later worden gewijzigd.",
@@ -1851,6 +2178,40 @@
    "exitNode": "Exit Node",
    "country": "Land",
    "rulesMatchCountry": "Momenteel gebaseerd op bron IP",
+    "region": "Regio",
+    "selectRegion": "Selecteer regio",
+    "searchRegions": "Zoek regio's...",
+    "noRegionFound": "Geen regio gevonden.",
+    "rulesMatchRegion": "Selecteer een regionale groepering van landen",
+    "rulesErrorInvalidRegion": "Ongeldige regio",
+    "rulesErrorInvalidRegionDescription": "Selecteer een geldige regio.",
+    "regionAfrica": "Afrika",
+    "regionNorthernAfrica": "Noord-Afrika",
+    "regionEasternAfrica": "Oost Afrika",
+    "regionMiddleAfrica": "Midden Afrika",
+    "regionSouthernAfrica": "Zuidelijk Afrika",
+    "regionWesternAfrica": "Westelijk Afrika",
+    "regionAmericas": "Amerika's",
+    "regionCaribbean": "Caraïben",
+    "regionCentralAmerica": "Midden-Amerika",
+    "regionSouthAmerica": "Zuid Amerika",
+    "regionNorthernAmerica": "Noord-Amerika",
+    "regionAsia": "Azië",
+    "regionCentralAsia": "Centraal-Azië",
+    "regionEasternAsia": "Oost-Azië",
+    "regionSouthEasternAsia": "Zuid-Oost-Azië",
+    "regionSouthernAsia": "Zuid-Azië",
+    "regionWesternAsia": "Westelijk Azië",
+    "regionEurope": "Europa",
+    "regionEasternEurope": "Oost-Europa",
+    "regionNorthernEurope": "Noord-Europa",
+    "regionSouthernEurope": "Zuid-Europa",
+    "regionWesternEurope": "West-Europa",
+    "regionOceania": "Oceania",
+    "regionAustraliaAndNewZealand": "Australië en Nieuw-Zeeland",
+    "regionMelanesia": "Melanesia",
+    "regionMicronesia": "Micronesia",
+    "regionPolynesia": "Polynesia",
    "managedSelfHosted": {
        "title": "Beheerde Self-Hosted",
        "description": "betrouwbaardere en slecht onderhouden Pangolin server met extra klokken en klokkenluiders",
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "Internationaal Domein Gedetecteerd",
    "willbestoredas": "Zal worden opgeslagen als:",
-    "roleMappingDescription": "Bepaal hoe rollen worden toegewezen aan gebruikers wanneer ze inloggen wanneer Auto Provision is ingeschakeld.",
+    "roleMappingDescription": "Bepaal hoe rollen aan gebruikers worden toegewezen wanneer ze zich aanmelden met deze identiteitsprovider.",
    "selectRole": "Selecteer een rol",
    "roleMappingExpression": "Expressie",
    "selectRolePlaceholder": "Kies een rol",
@@ -1899,6 +2260,25 @@
    "invalidValue": "Ongeldige waarde",
    "idpTypeLabel": "Identiteit provider type",
    "roleMappingExpressionPlaceholder": "bijvoorbeeld bevat (groepen, 'admin') && 'Admin' ½ 'Member'",
+    "roleMappingModeFixedRoles": "Vaste rollen",
+    "roleMappingModeMappingBuilder": "Toewijzing Bouwer",
+    "roleMappingModeRawExpression": "Ruwe expressie",
+    "roleMappingFixedRolesPlaceholderSelect": "Selecteer één of meer rollen",
+    "roleMappingFixedRolesPlaceholderFreeform": "Typ rolnamen (exacte overeenkomst per organisatie)",
+    "roleMappingFixedRolesDescriptionSameForAll": "Wijs dezelfde rolset toe aan elke auto-provisioned gebruiker.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "Voor standaardbeleid, typ rolnamen die bestaan in elke organisatie waar gebruikers worden opgegeven. Namen moeten exact overeenkomen.",
+    "roleMappingClaimPath": "Claim pad",
+    "roleMappingClaimPathPlaceholder": "Groepen",
+    "roleMappingClaimPathDescription": "Pad in de token payload die bronwaarden bevat (bijvoorbeeld groepen).",
+    "roleMappingMatchValue": "Kies een waarde",
+    "roleMappingAssignRoles": "Rollen toewijzen",
+    "roleMappingAddMappingRule": "Toewijzingsregel toevoegen",
+    "roleMappingRawExpressionResultDescription": "Expressie moet een tekenreeks of tekenreeks evalueren.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "Expressie moet evalueren naar een tekenreeks (een naam met één rol).",
+    "roleMappingMatchValuePlaceholder": "Overeenkomende waarde (bijvoorbeeld: admin)",
+    "roleMappingAssignRolesPlaceholderFreeform": "Typ rolnamen (exact per org)",
+    "roleMappingBuilderFreeformRowHint": "Rol namen moeten overeenkomen met een rol in elke doelorganisatie.",
+    "roleMappingRemoveRule": "Verwijderen",
    "idpGoogleConfiguration": "Google Configuratie",
    "idpGoogleConfigurationDescription": "Configureer de Google OAuth2-referenties",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "Selecteer een domein voor de authenticatiepagina van de organisatie",
    "domainPickerProvidedDomain": "Opgegeven domein",
    "domainPickerFreeProvidedDomain": "Gratis verstrekt domein",
+    "domainPickerFreeDomainsPaidFeature": "Geleverde domeinen zijn een betaalde functie. Abonneer je om een domein bij je plan te krijgen - je hoeft er zelf geen mee te brengen.",
    "domainPickerVerified": "Geverifieerd",
    "domainPickerUnverified": "Ongeverifieerd",
-    "domainPickerInvalidSubdomainStructure": "Dit subdomein bevat ongeldige tekens of structuur. Het zal automatisch worden gesaneerd wanneer u opslaat.",
+    "domainPickerManual": "Handleiding",
+    "domainPickerInvalidSubdomainStructure": "Ongeldige tekens worden gesaneerd bij het opslaan.",
    "domainPickerError": "Foutmelding",
    "domainPickerErrorLoadDomains": "Fout bij het laden van organisatiedomeinen",
    "domainPickerErrorCheckAvailability": "Kan domein beschikbaarheid niet controleren",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "Kies uw identiteitsprovider om door te gaan",
    "orgAuthNoIdpConfigured": "Deze organisatie heeft geen identiteitsproviders geconfigureerd. Je kunt in plaats daarvan inloggen met je Pangolin-identiteit.",
    "orgAuthSignInWithPangolin": "Log in met Pangolin",
-    "orgAuthSignInToOrg": "Log in bij een organisatie",
+    "orgAuthSignInToOrg": "Organisatie Identiteitsprovider (SSO)",
    "orgAuthSelectOrgTitle": "Organisatie Inloggen",
    "orgAuthSelectOrgDescription": "Voer je organisatie-ID in om verder te gaan",
    "orgAuthOrgIdPlaceholder": "jouw-organisatie",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "Schaal",
-                "description": "Enterprise functies, 50 gebruikers, 50 sites en prioriteit ondersteuning."
+                "description": "Enterprise-functies, 50 gebruikers, 100 sites en prioritaire ondersteuning."
            }
        },
-        "personalUseOnly": "Alleen persoonlijk gebruik (gratis licentie - geen afrekenen)",
+        "personalUseOnly": "Alleen voor persoonlijk gebruik (gratis licentie - geen afrekening)",
        "buttons": {
            "continueToCheckout": "Doorgaan naar afrekenen"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "Geldig wachtwoord",
    "validEmail": "Valid email",
    "validSSO": "Valid SSO",
+    "connectedClient": "Verbonden Client",
    "resourceBlocked": "Bron geblokkeerd",
    "droppedByRule": "Achtergelaten door regel",
    "noSessions": "Geen sessies",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "No Valid Auth",
    "ip": "IP-adres",
    "reason": "Reden",
-    "requestLogs": "Logboeken aanvragen",
+    "requestLogs": "HTTP-aanvraaglogboeken",
    "requestAnalytics": "Analytics opvragen",
    "host": "Hostnaam",
    "location": "Locatie",
    "actionLogs": "Actie logs",
-    "sidebarLogsRequest": "Logboeken aanvragen",
+    "sidebarLogsRequest": "HTTP-aanvraaglogboeken",
    "sidebarLogsAccess": "Toegang tot logboek",
    "sidebarLogsAction": "Actie logs",
    "logRetention": "Log bewaring",
    "logRetentionDescription": "Beheren hoe lang verschillende soorten logs bewaard worden voor deze organisatie of schakel ze uit",
    "requestLogsDescription": "Bekijk gedetailleerde verzoeklogboeken voor resources in deze organisatie",
    "requestAnalyticsDescription": "Bekijk gedetailleerde request analytics voor resources in deze organisatie",
-    "logRetentionRequestLabel": "Logboekbewaring aanvragen",
+    "logRetentionRequestLabel": "Bewaring van HTTP-aanvraaglogboeken",
    "logRetentionRequestDescription": "Hoe lang de aanvraaglogboeken te behouden",
    "logRetentionAccessLabel": "Toegang logboek bewaring",
    "logRetentionAccessDescription": "Hoe lang de toegangslogboeken behouden blijven",
    "logRetentionActionLabel": "Actie log bewaring",
    "logRetentionActionDescription": "Hoe lang de action logs behouden moeten blijven",
+    "logRetentionConnectionLabel": "Connectie log bewaring",
+    "logRetentionConnectionDescription": "Hoe lang de verbindingslogs onderhouden",
    "logRetentionDisabled": "Uitgeschakeld",
    "logRetention3Days": "3 dagen",
    "logRetention7Days": "7 dagen",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "Einde van volgend jaar",
    "actionLogsDescription": "Bekijk een geschiedenis van acties die worden uitgevoerd in deze organisatie",
    "accessLogsDescription": "Toegangsverificatieverzoeken voor resources in deze organisatie bekijken",
-    "licenseRequiredToUse": "Een <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> licentie is vereist om deze functie te gebruiken. Deze functie is ook beschikbaar in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
-    "ossEnterpriseEditionRequired": "De <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> is vereist om deze functie te gebruiken. Deze functie is ook beschikbaar in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
+    "connectionLogs": "Connectie Logs",
+    "connectionLogsDescription": "Toon verbindingslogs voor tunnels in deze organisatie",
+    "sidebarLogsConnection": "Connectie Logs",
+    "sidebarLogsStreaming": "Streamen",
+    "sourceAddress": "Bron adres",
+    "destinationAddress": "Adres bestemming",
+    "duration": "Duur",
+    "licenseRequiredToUse": "Een <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> licentie of <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> is vereist om deze functie te gebruiken. <bookADemoLink>Boek een demo of POC trial</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "De <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> is vereist om deze functie te gebruiken. Deze functie is ook beschikbaar in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>. <bookADemoLink>Boek een demo of POC trial</bookADemoLink>.",
    "certResolver": "Certificaat Resolver",
    "certResolverDescription": "Selecteer de certificaat resolver die moet worden gebruikt voor deze resource.",
    "selectCertResolver": "Certificaat Resolver selecteren",
@@ -2448,6 +2840,9 @@
    "machineClients": "Machine Clienten",
    "install": "Installeren",
    "run": "Uitvoeren",
+    "envFile": "Omgevingsbestand",
+    "serviceFile": "Servicebestand",
+    "enableAndStart": "Inschakelen en Starten",
    "clientNameDescription": "De weergavenaam van de client die later gewijzigd kan worden.",
    "clientAddress": "Klant adres (Geavanceerd)",
    "setupFailedToFetchSubnet": "Kan standaard subnet niet ophalen",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "Clienten toevoegen",
    "editInternalResourceDialogDestinationLabel": "Bestemming",
    "editInternalResourceDialogDestinationDescription": "Specificeer het bestemmingsadres voor de interne bron. Dit kan een hostnaam, IP-adres of CIDR-bereik zijn, afhankelijk van de geselecteerde modus. Stel optioneel een interne DNS-alias in voor eenvoudigere identificatie.",
+    "internalResourceFormMultiSiteRoutingHelp": "Selecteren van meerdere sites maakt veerkrachtige routing en failover mogelijk voor hoge beschikbaarheid.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "Meer informatie",
    "editInternalResourceDialogPortRestrictionsDescription": "Beperk toegang tot specifieke TCP/UDP-poorten of sta alle poorten toe/blokkeer.",
+    "createInternalResourceDialogHttpConfiguration": "HTTP-configuratie",
+    "createInternalResourceDialogHttpConfigurationDescription": "Kies het domein dat cliënten zullen gebruiken om deze bron via HTTP of HTTPS te bereiken.",
+    "editInternalResourceDialogHttpConfiguration": "HTTP-configuratie",
+    "editInternalResourceDialogHttpConfigurationDescription": "Kies het domein dat cliënten zullen gebruiken om deze bron via HTTP of HTTPS te bereiken.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "Toegangs controle",
    "editInternalResourceDialogAccessControlDescription": "Beheer welke rollen, gebruikers en machineclients toegang hebben tot deze bron wanneer ze zijn verbonden. Beheerders hebben altijd toegang.",
    "editInternalResourceDialogPortRangeValidationError": "Poortbereik moet \"*\" zijn voor alle poorten, of een komma-gescheiden lijst van poorten en bereiken (bijv. \"80,443,8000-9000\"). Poorten moeten tussen 1 en 65535 zijn.",
+    "internalResourceAuthDaemonStrategy": "SSH Auth Daemon locatie",
+    "internalResourceAuthDaemonStrategyDescription": "Kies waar de SSH authenticatie daemon wordt uitgevoerd: op de website (Newt) of op een externe host.",
+    "internalResourceAuthDaemonDescription": "De SSH authenticatie daemon zorgt voor SSH sleutelondertekening en PAM authenticatie voor deze resource. Kies of het wordt uitgevoerd op de website (Nieuw) of op een afzonderlijke externe host. Zie <docsLink>de documentatie</docsLink> voor meer.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "Selecteer strategie",
+    "internalResourceAuthDaemonStrategyLabel": "Locatie",
+    "internalResourceAuthDaemonSite": "In de site",
+    "internalResourceAuthDaemonSiteDescription": "Auth daemon draait op de site (Newt).",
+    "internalResourceAuthDaemonRemote": "Externe host",
+    "internalResourceAuthDaemonRemoteDescription": "Authenticatiedaemon draait op een host die niet de site is.",
+    "internalResourceAuthDaemonPort": "Daemon poort (optioneel)",
    "orgAuthWhatsThis": "Waar kan ik mijn organisatie-ID vinden?",
    "learnMore": "Meer informatie",
    "backToHome": "Ga terug naar startpagina",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "We keren snel terug! Onze site ondergaat momenteel gepland onderhoud.",
    "maintenancePageMessageDescription": "Gedetailleerd bericht dat het onderhoud uitlegt",
    "maintenancePageTimeTitle": "Geschatte voltooiingstijd (optioneel)",
+    "privateMaintenanceScreenTitle": "Privéscherm maintenance screen",
+    "privateMaintenanceScreenMessage": "Dit domein wordt gebruikt op een privébron. Verbind met de Pangolin client om toegang te krijgen tot deze bron.",
+    "privateMaintenanceScreenSteps": "Eenmaal verbonden, als u dit bericht nog steeds ziet, kan het DNS-cache van uw browser nog steeds naar het oude adres wijzen. Om dit te corrigeren: sluit en heropen dit tabblad, of uw browser, dan navigeer weer naar deze pagina.",
    "maintenanceTime": "bijv. 2 uur, 1 nov om 17:00",
    "maintenanceEstimatedTimeDescription": "Wanneer u verwacht dat het onderhoud voltooid is",
    "editDomain": "Domein bewerken",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "Toestel goedkeuringen inschakelen",
    "approvalsEmptyStateStep2Description": "Bewerk een rol en schakel de optie 'Vereist Apparaat Goedkeuringen' in. Gebruikers met deze rol hebben admin goedkeuring nodig voor nieuwe apparaten.",
    "approvalsEmptyStatePreviewDescription": "Voorbeeld: Indien ingeschakeld, zullen in afwachting van apparaatverzoeken hier verschijnen om te beoordelen",
-    "approvalsEmptyStateButtonText": "Rollen beheren"
+    "approvalsEmptyStateButtonText": "Rollen beheren",
+    "domainErrorTitle": "We ondervinden problemen bij het controleren van uw domein",
+    "idpAdminAutoProvisionPoliciesTabHint": "Configureer rolverrekening en organisatie beleid in het <policiesTabLink>Auto Provision Settings</policiesTabLink> tab.",
+    "streamingTitle": "Event streaming",
+    "streamingDescription": "Stream events van uw organisatie naar externe bestemmingen in realtime.",
+    "streamingUnnamedDestination": "Naamloze bestemming",
+    "streamingNoUrlConfigured": "Geen URL ingesteld",
+    "streamingAddDestination": "Bestemming toevoegen",
+    "streamingHttpWebhookTitle": "HTTP Webhook",
+    "streamingHttpWebhookDescription": "Stuur gebeurtenissen naar elk HTTP eindpunt met flexibele authenticatie en template.",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "Stream events naar een S3-compatibele object-opslagemmer. Binnenkort beschikbaar.",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "Stuur gebeurtenissen rechtstreeks door naar je Datadog account. Binnenkort beschikbaar.",
+    "streamingTypePickerDescription": "Kies een bestemmingstype om te beginnen.",
+    "streamingFailedToLoad": "Laden van bestemmingen mislukt",
+    "streamingUnexpectedError": "Er is een onverwachte fout opgetreden.",
+    "streamingFailedToUpdate": "Bijwerken bestemming mislukt",
+    "streamingDeletedSuccess": "Bestemming succesvol verwijderd",
+    "streamingFailedToDelete": "Verwijderen van bestemming mislukt",
+    "streamingDeleteTitle": "Verwijder bestemming",
+    "streamingDeleteButtonText": "Verwijder bestemming",
+    "streamingDeleteDialogAreYouSure": "Weet u zeker dat u wilt verwijderen",
+    "streamingDeleteDialogThisDestination": "deze bestemming",
+    "streamingDeleteDialogPermanentlyRemoved": "? Alle configuratie zal permanent worden verwijderd.",
+    "httpDestEditTitle": "Bewerk bestemming",
+    "httpDestAddTitle": "Voeg HTTP bestemming toe",
+    "httpDestEditDescription": "Werk de configuratie voor deze HTTP-event streaming bestemming bij.",
+    "httpDestAddDescription": "Configureer een nieuw HTTP-eindpunt om de gebeurtenissen van uw organisatie te ontvangen.",
+    "S3DestEditTitle": "Bestemming bewerken",
+    "S3DestAddTitle": "S3-bestemming toevoegen",
+    "S3DestEditDescription": "Werk de configuratie bij voor deze S3-gebeurtenisstreamingbestemming.",
+    "S3DestAddDescription": "Configureer een nieuw S3-eindpunt om de gebeurtenissen van uw organisatie te ontvangen.",
+    "datadogDestEditTitle": "Bestemming bewerken",
+    "datadogDestAddTitle": "Datadog-bestemming toevoegen",
+    "datadogDestEditDescription": "Werk de configuratie bij voor deze Datadog-gebeurtenisstreamingbestemming.",
+    "datadogDestAddDescription": "Configureer een nieuw Datadog-eindpunt om de gebeurtenissen van uw organisatie te ontvangen.",
+    "httpDestTabSettings": "Instellingen",
+    "httpDestTabHeaders": "Kopteksten",
+    "httpDestTabBody": "Lichaam",
+    "httpDestTabLogs": "Logboeken",
+    "httpDestNamePlaceholder": "Mijn HTTP-bestemming",
+    "httpDestUrlLabel": "Bestemming URL",
+    "httpDestUrlErrorHttpRequired": "URL moet http of https gebruiken",
+    "httpDestUrlErrorHttpsRequired": "HTTPS is vereist op cloud implementaties",
+    "httpDestUrlErrorInvalid": "Voer een geldige URL in (bijv. https://example.com/webhook)",
+    "httpDestAuthTitle": "Authenticatie",
+    "httpDestAuthDescription": "Kies hoe verzoeken voor uw eindpunt zijn geverifieerd.",
+    "httpDestAuthNoneTitle": "Geen authenticatie",
+    "httpDestAuthNoneDescription": "Stuurt verzoeken zonder toestemmingskop.",
+    "httpDestAuthBearerTitle": "Betere Token",
+    "httpDestAuthBearerDescription": "Voegt een Authorization: Bearer '<token>' header toe aan elk verzoek.",
+    "httpDestAuthBearerPlaceholder": "Uw API-sleutel of -token",
+    "httpDestAuthBasicTitle": "Basis authenticatie",
+    "httpDestAuthBasicDescription": "Voegt een Authorization: Basic '<credentials>' header toe. Verstrek inloggegevens als gebruikersnaam:wachtwoord.",
+    "httpDestAuthBasicPlaceholder": "Gebruikersnaam:wachtwoord",
+    "httpDestAuthCustomTitle": "Aangepaste koptekst",
+    "httpDestAuthCustomDescription": "Specificeer een aangepaste HTTP header naam en waarde voor authenticatie (bijv. X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "Header naam (bijv. X-API-Key)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "Header waarde",
+    "httpDestCustomHeadersTitle": "Aangepaste HTTP Headers",
+    "httpDestCustomHeadersDescription": "Voeg aangepaste headers toe aan elk uitgaande verzoek. Handig voor statische tokens of een aangepast Content-Type. Standaard Content-Type: application/json wordt verzonden.",
+    "httpDestNoHeadersConfigured": "Geen aangepaste headers geconfigureerd. Klik op \"Header\" om er een toe te voegen.",
+    "httpDestHeaderNamePlaceholder": "Naam koptekst",
+    "httpDestHeaderValuePlaceholder": "Waarde",
+    "httpDestAddHeader": "Koptekst toevoegen",
+    "httpDestBodyTemplateTitle": "Aangepaste Body Sjabloon",
+    "httpDestBodyTemplateDescription": "Bestuur de JSON payload structuur verzonden naar uw eindpunt. Indien uitgeschakeld, wordt een standaard JSON object verzonden voor elke event.",
+    "httpDestEnableBodyTemplate": "Aangepaste lichaam sjabloon inschakelen",
+    "httpDestBodyTemplateLabel": "Body sjabloon (JSON)",
+    "httpDestBodyTemplateHint": "Gebruik sjabloonvariabelen om te verwijzen naar gebeurtenisvelden in uw payload.",
+    "httpDestPayloadFormatTitle": "Payload formaat",
+    "httpDestPayloadFormatDescription": "Hoe evenementen worden geserialiseerd in elk verzoeklichaam.",
+    "httpDestFormatJsonArrayTitle": "JSON matrix",
+    "httpDestFormatJsonArrayDescription": "Eén verzoek per batch, lichaam is een JSON-array. Compatibel met de meeste algemene webhooks en Datadog.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "Eén aanvraag per batch, lichaam is nieuwe JSON gescheiden - één object per regel, geen buitenste array. Vereist door Splunk HEC, Elastic / OpenSearch, en Grafana Loki.",
+    "httpDestFormatSingleTitle": "Eén afspraak per verzoek",
+    "httpDestFormatSingleDescription": "Stuurt een aparte HTTP POST voor elk individueel event. Gebruik alleen voor eindpunten die geen batches kunnen verwerken.",
+    "httpDestLogTypesTitle": "Log soorten",
+    "httpDestLogTypesDescription": "Kies welke log types doorgestuurd worden naar deze bestemming. Alleen ingeschakelde log types worden gestreden.",
+    "httpDestAccessLogsTitle": "Toegang tot logboek",
+    "httpDestAccessLogsDescription": "Hulpbrontoegangspogingen, inclusief geauthenticeerde en weigerde aanvragen.",
+    "httpDestActionLogsTitle": "Actie logs",
+    "httpDestActionLogsDescription": "Administratieve acties uitgevoerd door gebruikers binnen de organisatie.",
+    "httpDestConnectionLogsTitle": "Connectie Logs",
+    "httpDestConnectionLogsDescription": "Verbinding met de Site en tunnel maken verbroken, inclusief verbindingen en verbindingen.",
+    "httpDestRequestLogsTitle": "HTTP-aanvraaglogboeken",
+    "httpDestRequestLogsDescription": "HTTP request logs voor proxied hulpmiddelen, waaronder methode, pad en response code.",
+    "httpDestSaveChanges": "Wijzigingen opslaan",
+    "httpDestCreateDestination": "Maak bestemming aan",
+    "httpDestUpdatedSuccess": "Bestemming succesvol bijgewerkt",
+    "httpDestCreatedSuccess": "Bestemming succesvol aangemaakt",
+    "httpDestUpdateFailed": "Bijwerken bestemming mislukt",
+    "httpDestCreateFailed": "Aanmaken bestemming mislukt",
+    "followRedirects": "Volg omleidingen",
+    "followRedirectsDescription": "Volg automatisch HTTP-omleidingen voor verzoeken.",
+    "alertingErrorWebhookUrl": "Voer een geldige URL voor de webhook in.",
+    "healthCheckStrategyHttp": "Valideert connectiviteit en controleert de HTTP-responsstatus.",
+    "healthCheckStrategyTcp": "Verifieert alleen TCP-connectiviteit zonder de respons te inspecteren.",
+    "healthCheckStrategySnmp": "Maakt een SNMP-verzoek om de gezondheid van netwerkapparaten en infrastructuur te controleren.",
+    "healthCheckStrategyIcmp": "Gebruikt ICMP-verzoeken (pings) om te controleren of een bron bereikbaar en responsief is.",
+    "healthCheckTabStrategy": "Strategie",
+    "healthCheckTabConnection": "Verbinding",
+    "healthCheckTabAdvanced": "Geavanceerd",
+    "healthCheckStrategyNotAvailable": "Deze strategie is niet beschikbaar. Neem contact op met sales om deze functie in te schakelen.",
+    "uptime30d": "Beschikbaarheid (30d)",
+    "idpAddActionCreateNew": "Nieuwe identiteitsprovider aanmaken",
+    "idpAddActionImportFromOrg": "Importeer vanuit een andere organisatie",
+    "idpImportDialogTitle": "Importeer Identiteitsprovider",
+    "idpImportDialogDescription": "Kies een identiteitsprovider van een organisatie waar u beheerder bent. Het wordt gekoppeld aan deze organisatie.",
+    "idpImportSearchPlaceholder": "Zoek op organisatie- of providernamen...",
+    "idpImportEmpty": "Geen identiteitsproviders gevonden.",
+    "idpImportedDescription": "Identiteitsprovider succesvol geïmporteerd.",
+    "idpDeleteGlobalQuestion": "Weet u zeker dat u deze identiteitsprovider permanent wilt verwijderen?",
+    "idpDeleteGlobalDescription": "Hiermee wordt de identiteitsprovider permanent verwijderd uit alle organisaties waarmee het is geassocieerd.",
+    "idpUnassociateTitle": "Koppel Identiteitsprovider los",
+    "idpUnassociateQuestion": "Weet u zeker dat u deze identiteitsprovider van deze organisatie wilt loskoppelen?",
+    "idpUnassociateDescription": "Alle gebruikers die aan deze identiteitsprovider zijn gekoppeld, worden uit deze organisatie verwijderd, maar de identiteitsprovider blijft bestaan voor andere gerelateerde organisaties.",
+    "idpUnassociateConfirm": "Bevestig ontkoppelen identiteitsprovider",
+    "idpUnassociateWarning": "Dit kan niet ongedaan worden gemaakt voor deze organisatie.",
+    "idpUnassociatedDescription": "Identiteitsprovider succesvol losgekoppeld van deze organisatie",
+    "idpUnassociateMenu": "Ontkoppelen",
+    "idpDeleteAllOrgsMenu": "Verwijderen",
+    "publicIpEndpoint": "Eindpunt",
+    "lastTriggeredAt": "Laatste Trigger",
+    "reject": "Afwijzen",
+    "uptimeDaysAgo": "{count} dagen geleden",
+    "uptimeToday": "Vandaag",
+    "uptimeNoDataAvailable": "Geen gegevens beschikbaar",
+    "uptimeSuffix": "werktijd",
+    "uptimeDowntimeSuffix": "uitvaltijd",
+    "uptimeTooltipUptimeLabel": "Werktijd",
+    "uptimeTooltipDowntimeLabel": "Uitvaltijd",
+    "uptimeOngoing": "lopend",
+    "uptimeNoMonitoringData": "Geen monitoringgegevens",
+    "uptimeNoData": "Geen gegevens",
+    "uptimeMiniBarDown": "Onder",
+    "uptimeSectionTitle": "Werktijd",
+    "uptimeSectionDescription": "Beschikbaarheid over de laatste {days} dagen",
+    "uptimeAddAlert": "Alarm toevoegen",
+    "uptimeViewAlerts": "Meldingen bekijken",
+    "uptimeCreateEmailAlert": "E-mailalert aanmaken",
+    "uptimeAlertDescriptionSite": "Ontvang een e-mailbericht wanneer deze site offline gaat of weer online komt.",
+    "uptimeAlertDescriptionResource": "Ontvang een e-mailbericht wanneer deze bron offline gaat of weer online komt.",
+    "uptimeAlertNamePlaceholder": "Waarschuwingsnaam",
+    "uptimeAdditionalEmails": "Extra e-mails",
+    "uptimeCreateAlert": "Alarm aanmaken",
+    "uptimeAlertNoRecipients": "Geen ontvangers",
+    "uptimeAlertNoRecipientsDescription": "Voeg ten minste één gebruiker, rol of e-mail toe om te melden.",
+    "uptimeAlertCreated": "Alarm aangemaakt",
+    "uptimeAlertCreatedDescription": "U wordt op de hoogte gebracht wanneer dit van status verandert.",
+    "uptimeAlertCreateFailed": "Kon alarm niet aanmaken",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "Sleutel",
+    "webhookHeaderValuePlaceholder": "Waarde",
+    "alertLabel": "Waarschuwing",
+    "domainPickerWildcardSubdomainNotAllowed": "Wildcard-subdomeinen zijn niet toegestaan.",
+    "domainPickerWildcardCertWarning": "Wildcard-bronnen hebben mogelijk extra configuratie nodig om correct te werken.",
+    "domainPickerWildcardCertWarningLink": "Meer informatie",
+    "health": "Gezondheid",
+    "domainPendingErrorTitle": "Verificatieprobleem",
+    "memberPortalTitle": "Bronnen",
+    "memberPortalDescription": "Bronnen waartoe je toegang hebt binnen deze organisatie",
+    "memberPortalSortBy": "Sorteren op...",
+    "memberPortalSortNameAsc": "Naam A-Z",
+    "memberPortalSortNameDesc": "Naam Z-A",
+    "memberPortalSortDomainAsc": "Domein A-Z",
+    "memberPortalSortDomainDesc": "Domein Z-A",
+    "memberPortalSortEnabledFirst": "Ingeschakeld Eerst",
+    "memberPortalSortDisabledFirst": "Uitgeschakeld Eerst",
+    "memberPortalRefresh": "Vernieuwen",
+    "memberPortalRefreshResources": "Bronnen Vernieuwen",
+    "memberPortalFailedToLoad": "Fout bij het laden van bronnen",
+    "memberPortalFailedToLoadDescription": "Fout bij het laden van bronnen. Controleer uw verbinding en probeer het opnieuw.",
+    "memberPortalUnableToLoad": "Niet in staat om bronnen te laden",
+    "memberPortalTryAgain": "Probeer Opnieuw",
+    "memberPortalNoResourcesFound": "Geen Bronnen Gevonden",
+    "memberPortalNoResourcesAvailable": "Geen Bronnen Beschikbaar",
+    "memberPortalNoResourcesMatchSearch": "Geen bronnen komen overeen met \"{query}\". Probeer uw zoektermen aan te passen of wis de zoekopdracht om alle bronnen te zien.",
+    "memberPortalNoResourcesAccess": "Je hebt nog geen toegang tot bronnen. Neem contact op met je beheerder om toegang te krijgen tot de benodigde bronnen.",
+    "memberPortalClearSearch": "Zoekopdracht Wissen",
+    "memberPortalPublicResources": "Publieke Bronnen",
+    "memberPortalPublicResourcesDescription": "Webapplicaties en services toegankelijk via browser",
+    "memberPortalCopiedToClipboard": "Gekopieerd naar klembord",
+    "memberPortalCopiedUrlDescription": "Bron URL is naar uw klembord gekopieerd.",
+    "memberPortalOpenResource": "Bron Openen",
+    "memberPortalPrivateResources": "Privé Bronnen",
+    "memberPortalPrivateResourcesDescription": "Interne netwerkbronnen toegankelijk via client",
+    "memberPortalResourceDetails": "Bron Details",
+    "memberPortalMode": "Modus",
+    "memberPortalDestination": "Bestemming",
+    "memberPortalAlias": "Alias",
+    "memberPortalCopiedAliasDescription": "Bron alias is naar uw klembord gekopieerd.",
+    "memberPortalCopiedDestinationDescription": "Bron bestemming is naar uw klembord gekopieerd.",
+    "memberPortalRequiresClientConnection": "Clientverbinding Vereist",
+    "memberPortalAuthMethods": "Authenticatiemethoden",
+    "memberPortalSso": "Single Sign-On (SSO)",
+    "memberPortalPasswordProtected": "Wachtwoord Beveiligd",
+    "memberPortalPinCode": "Pincode",
+    "memberPortalEmailWhitelist": "E-mail whitelist",
+    "memberPortalResourceDisabled": "Bron Uitgeschakeld",
+    "memberPortalShowingResources": "Toont {start}-{end} van {total} bronnen",
+    "memberPortalPrevious": "Vorige",
+    "memberPortalNext": "Volgende"
 }
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "Skontaktuj się z działem sprzedaży, aby włączyć tę funkcję.",
+    "contactSalesBookDemo": "Umów się na demo",
+    "contactSalesOr": "lub",
+    "contactSalesContactUs": "skontaktuj się z nami",
    "setupCreate": "Utwórz organizację, witrynę i zasoby",
    "headerAuthCompatibilityInfo": "Włącz to, aby wymusić odpowiedź Unauthorized 401, gdy brakuje tokena uwierzytelniania. Jest to wymagane dla przeglądarek lub określonych bibliotek HTTP, które nie wysyłają poświadczeń bez wyzwania serwera.",
    "headerAuthCompatibility": "Rozszerzona kompatybilność",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "Wykryto nieprawidłowe lub wygasłe klucze licencyjne. Postępuj zgodnie z warunkami licencji, aby kontynuować korzystanie ze wszystkich funkcji.",
    "dismiss": "Odrzuć",
    "subscriptionViolationMessage": "Nie masz ograniczeń dla aktualnego planu. Popraw problem poprzez usunięcie stron, użytkowników lub innych zasobów, aby pozostać w swoim planie.",
+    "trialBannerMessage": "Twój okres próbny wygasa za {countdown}. Uaktualnij, aby zachować dostęp.",
+    "trialBannerExpired": "Twój okres próbny wygasł. Uaktualnij teraz, aby przywrócić dostęp.",
+    "billingTrialBannerTitle": "Bezpłatna wersja próbna aktywna",
+    "billingTrialBannerDescription": "Obecnie korzystasz z bezpłatnej wersji próbnej na poziomie biznesowym. Po zakończeniu wersji próbnej, Twoje konto automatycznie powróci do funkcji i limitów poziomu Podstawowego. Możesz dokonać uaktualnienia w każdej chwili, aby zachować dostęp do funkcji obecnego planu.",
+    "billingTrialBannerUpgrade": "Uaktualnij teraz",
+    "billingTrialBadge": "Bezpłatna wersja próbna",
+    "trialActive": "Okres próbny aktywny",
+    "trialExpired": "Okres próbny wygasł",
+    "trialHasEnded": "Twój okres próbny dobiegł końca.",
+    "trialDaysRemaining": "{count, plural, one {# dzień pozostaje} few {# dni pozostają} many {# dni pozostaje} other {# dni pozostają}}",
+    "trialDaysLeftShort": "Pozostało {days}d próbny",
+    "trialGoToBilling": "Przejdź do strony rozliczeń",
    "subscriptionViolationViewBilling": "Zobacz rozliczenie",
    "componentsLicenseViolation": "Naruszenie licencji: Ten serwer używa stron {usedSites} , które przekraczają limit licencyjny stron {maxSites} . Postępuj zgodnie z warunkami licencji, aby kontynuować korzystanie ze wszystkich funkcji.",
    "componentsSupporterMessage": "Dziękujemy za wsparcie Pangolina jako {tier}!",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "Skopiowałem konfigurację",
    "searchSitesProgress": "Szukaj witryn...",
    "siteAdd": "Dodaj witrynę",
+    "sitesTableViewPublicResources": "Zobacz zasoby publiczne",
+    "sitesTableViewPrivateResources": "Zobacz zasoby prywatne",
    "siteInstallNewt": "Zainstaluj Newt",
    "siteInstallNewtDescription": "Uruchom Newt w swoim systemie",
    "WgConfiguration": "Konfiguracja WireGuard",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "Strona została zaktualizowana.",
    "siteGeneralDescription": "Skonfiguruj ustawienia ogólne dla tej witryny",
    "siteSettingDescription": "Skonfiguruj ustawienia na stronie",
+    "siteResourcesTab": "Zasoby",
+    "siteResourcesNoneOnSite": "Ta strona nie ma jeszcze żadnych zasobów publicznych ani prywatnych.",
+    "siteResourcesSectionPublic": "Zasoby publiczne",
+    "siteResourcesSectionPrivate": "Zasoby prywatne",
+    "siteResourcesSectionPublicDescription": "Zasoby eksponowane zewnętrznie przez domeny lub porty.",
+    "siteResourcesSectionPrivateDescription": "Zasoby dostępne w twojej prywatnej sieci przez stronę.",
+    "siteResourcesViewAllPublic": "Zobacz wszystkie zasoby",
+    "siteResourcesViewAllPrivate": "Zobacz wszystkie zasoby",
+    "siteResourcesDialogDescription": "Przegląd zasobów publicznych i prywatnych związanych z tą stroną.",
+    "siteResourcesShowMore": "Pokaż więcej",
+    "siteResourcesPermissionDenied": "Nie masz uprawnień do wyświetlania tych zasobów.",
+    "siteResourcesEmptyPublic": "Brak publicznych zasobów powiązanych z tą stroną.",
+    "siteResourcesEmptyPrivate": "Brak prywatnych zasobów powiązanych z tą stroną.",
+    "siteResourcesHowToAccess": "Jak uzyskać dostęp",
+    "siteResourcesTargetsOnSite": "Cele na tej stronie",
    "siteSetting": "Ustawienia {siteName}",
    "siteNewtTunnel": "Newt Site (Rekomendowane)",
    "siteNewtTunnelDescription": "Najprostszy sposób na stworzenie punktu wejścia w sieci. Nie ma dodatkowej konfiguracji.",
@@ -148,6 +181,11 @@
    "createLink": "Utwórz link",
    "resourcesNotFound": "Nie znaleziono zasobów",
    "resourceSearch": "Szukaj zasobów",
+    "machineSearch": "Wyszukiwarki",
+    "machinesSearch": "Szukaj klientów maszyn...",
+    "machineNotFound": "Nie znaleziono maszyn",
+    "userDeviceSearch": "Szukaj urządzeń użytkownika",
+    "userDevicesSearch": "Szukaj urządzeń użytkownika...",
    "openMenu": "Otwórz menu",
    "resource": "Zasoby",
    "title": "Tytuł",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "Proxy zapytań przez HTTPS przy użyciu w pełni kwalifikowanej nazwy domeny.",
    "resourceRaw": "Surowy zasób TCP/UDP",
    "resourceRawDescription": "Proxy zapytań przez surowe TCP/UDP przy użyciu numeru portu.",
+    "resourceRawDescriptionCloud": "Żądania proxy nad surowym TCP/UDP przy użyciu numeru portu. Wymaga stron aby połączyć się ze zdalnym węzłem.",
    "resourceCreate": "Utwórz zasób",
    "resourceCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nowy zasób",
    "resourceSeeAll": "Zobacz wszystkie zasoby",
@@ -261,8 +300,11 @@
    "orgMissing": "Brak ID organizacji",
    "orgMissingMessage": "Nie można ponownie wygenerować zaproszenia bez ID organizacji.",
    "accessUsersManage": "Zarządzaj użytkownikami",
+    "accessUserManage": "Zarządzaj użytkownikiem",
    "accessUsersDescription": "Zaproś użytkowników z dostępem do tej organizacji i zarządzaj nimi",
    "accessUsersSearch": "Szukaj użytkowników...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# rola} few {# role} many {# ról} other {# ról}}",
+    "accessUsersRoleFilterClear": "Wyczyść filtry ról",
    "accessUserCreate": "Utwórz użytkownika",
    "accessUserRemove": "Usuń użytkownika",
    "username": "Nazwa użytkownika",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "Usuń klucz API",
    "apiKeysManage": "Zarządzaj kluczami API",
    "apiKeysDescription": "Klucze API służą do uwierzytelniania z API integracji",
+    "provisioningKeysTitle": "Klucz Zaopatrzenia",
+    "provisioningKeysManage": "Zarządzaj kluczami zaopatrzenia",
+    "provisioningKeysDescription": "Klucze zaopatrzenia są używane do uwierzytelniania zautomatyzowanego zaopatrzenia twojej organizacji.",
+    "provisioningManage": "Dostarczanie",
+    "provisioningDescription": "Zarządzaj kluczami rezerwacji i sprawdzaj oczekujące strony oczekujące na zatwierdzenie.",
+    "pendingSites": "Witryny oczekujące",
+    "siteApproveSuccess": "Witryna została pomyślnie zatwierdzona",
+    "siteApproveError": "Błąd zatwierdzania witryny",
+    "provisioningKeys": "Klucze Zaopatrzenia",
+    "searchProvisioningKeys": "Szukaj kluczy zaopatrzenia...",
+    "provisioningKeysAdd": "Wygeneruj klucz zaopatrzenia",
+    "provisioningKeysErrorDelete": "Błąd podczas usuwania klucza zaopatrzenia",
+    "provisioningKeysErrorDeleteMessage": "Błąd podczas usuwania klucza zaopatrzenia",
+    "provisioningKeysQuestionRemove": "Czy na pewno chcesz usunąć ten klucz rezerwacji z organizacji?",
+    "provisioningKeysMessageRemove": "Po usunięciu, klucz nie może być już używany do tworzenia witryny.",
+    "provisioningKeysDeleteConfirm": "Potwierdź usunięcie klucza zaopatrzenia",
+    "provisioningKeysDelete": "Usuń klucz zaopatrzenia",
+    "provisioningKeysCreate": "Wygeneruj klucz zaopatrzenia",
+    "provisioningKeysCreateDescription": "Wygeneruj nowy klucz tworzenia rezerw dla organizacji",
+    "provisioningKeysSeeAll": "Zobacz wszystkie klucze rezerwacji",
+    "provisioningKeysSave": "Zapisz klucz zaopatrzenia",
+    "provisioningKeysSaveDescription": "Możesz to zobaczyć tylko raz. Skopiuj je do bezpiecznego miejsca.",
+    "provisioningKeysErrorCreate": "Błąd podczas tworzenia klucza zaopatrzenia",
+    "provisioningKeysList": "Nowy klucz rezerwacji",
+    "provisioningKeysMaxBatchSize": "Maksymalny rozmiar partii",
+    "provisioningKeysUnlimitedBatchSize": "Nieograniczony rozmiar partii (bez limitu)",
+    "provisioningKeysMaxBatchUnlimited": "Nieograniczona",
+    "provisioningKeysMaxBatchSizeInvalid": "Wprowadź poprawny maksymalny rozmiar partii (1–1 000,000).",
+    "provisioningKeysValidUntil": "Ważny do",
+    "provisioningKeysValidUntilHint": "Pozostaw puste, aby nie wygasnąć.",
+    "provisioningKeysValidUntilInvalid": "Wprowadź prawidłową datę i godzinę.",
+    "provisioningKeysNumUsed": "Używane czasy",
+    "provisioningKeysLastUsed": "Ostatnio używane",
+    "provisioningKeysNoExpiry": "Brak wygaśnięcia",
+    "provisioningKeysNeverUsed": "Nigdy",
+    "provisioningKeysEdit": "Edytuj klucz zaopatrzenia",
+    "provisioningKeysEditDescription": "Zaktualizuj maksymalny rozmiar partii i czas wygaśnięcia dla tego klucza.",
+    "provisioningKeysApproveNewSites": "Zatwierdź nowe witryny",
+    "provisioningKeysApproveNewSitesDescription": "Automatycznie zatwierdzaj witryny, które rejestrują się za pomocą tego klucza.",
+    "provisioningKeysUpdateError": "Błąd podczas aktualizacji klucza zaopatrzenia",
+    "provisioningKeysUpdated": "Klucz zaopatrzenia zaktualizowany",
+    "provisioningKeysUpdatedDescription": "Twoje zmiany zostały zapisane.",
+    "provisioningKeysBannerTitle": "Klucze Zaopatrzenia witryny",
+    "provisioningKeysBannerDescription": "Wygeneruj klucz provisioning i użyj go z konektorem Newt do automatycznego tworzenia witryn przy pierwszym uruchomieniu - nie ma potrzeby konfigurowania oddzielnych poświadczeń dla każdej witryny.",
+    "provisioningKeysBannerButtonText": "Dowiedz się więcej",
+    "pendingSitesBannerTitle": "Witryny oczekujące",
+    "pendingSitesBannerDescription": "Witryny, które łączą się za pomocą klucza provisioning, pojawią się tutaj do przeglądu.",
+    "pendingSitesBannerButtonText": "Dowiedz się więcej",
    "apiKeysSettings": "Ustawienia {apiKeyName}",
    "userTitle": "Zarządzaj wszystkimi użytkownikami",
    "userDescription": "Zobacz i zarządzaj wszystkimi użytkownikami w systemie",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "Nie udało się aktywować klucza licencji",
    "licenseErrorKeyActivateDescription": "Wystąpił błąd podczas aktywacji klucza licencyjnego.",
    "licenseAbout": "O licencjonowaniu",
+    "licenseBannerTitle": "Aktywuj swoją licencję Enterprise",
+    "licenseBannerDescription": "Odblokuj funkcje korporacyjne dla swojego autonomicznego wdrożenia Pangolin. Kup klucz licencyjny, aby aktywować możliwości premium, a następnie wprowadź go poniżej.",
+    "licenseBannerGetLicense": "Uzyskaj licencję",
+    "licenseBannerViewDocs": "Zobacz dokumentację",
    "communityEdition": "Edycja Społecznościowa",
    "licenseAboutDescription": "Dotyczy to przedsiębiorstw i przedsiębiorstw, którzy stosują Pangolin w środowisku handlowym. Jeśli używasz Pangolin do użytku osobistego, możesz zignorować tę sekcję.",
    "licenseKeyActivated": "Klucz licencyjny aktywowany",
@@ -508,9 +602,12 @@
    "userSaved": "Użytkownik zapisany",
    "userSavedDescription": "Użytkownik został zaktualizowany.",
    "autoProvisioned": "Przesłane automatycznie",
+    "autoProvisionSettings": "Ustawienia automatycznego dostarczania",
    "autoProvisionedDescription": "Pozwól temu użytkownikowi na automatyczne zarządzanie przez dostawcę tożsamości",
    "accessControlsDescription": "Zarządzaj tym, do czego użytkownik ma dostęp i co może robić w organizacji",
    "accessControlsSubmit": "Zapisz kontrole dostępu",
+    "singleRolePerUserPlanNotice": "Twój plan obsługuje tylko jedną rolę na użytkownika.",
+    "singleRolePerUserEditionNotice": "Ta edycja obsługuje tylko jedną rolę na użytkownika.",
    "roles": "Role",
    "accessUsersRoles": "Zarządzaj użytkownikami i rolami",
    "accessUsersRolesDescription": "Zaproś użytkowników i dodaj je do ról do zarządzania dostępem do organizacji",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "Wprowadź prawidłowy numer portu",
    "targetErrorNoSite": "Nie wybrano witryny",
    "targetErrorNoSiteDescription": "Wybierz witrynę docelową",
+    "targetTargetsCleared": "Cele wyczyszczone",
+    "targetTargetsClearedDescription": "Wszystkie cele zostały usunięte z tego zasobu",
    "targetCreated": "Cel utworzony",
    "targetCreatedDescription": "Cel został utworzony pomyślnie",
    "targetErrorCreate": "Nie udało się utworzyć celu",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "Nie udało się przełączyć zasobu",
    "resourcesErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji zasobu",
    "access": "Dostęp",
+    "accessControl": "Kontrola dostępu",
    "shareLink": "Link udostępniania {resource}",
    "resourceSelect": "Wybierz zasób",
    "shareLinks": "Linki udostępniania",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Sekret",
+    "newtVersion": "Wersja",
    "architecture": "Architektura",
    "sites": "Witryny",
    "siteWgAnyClients": "Użyj dowolnego klienta WireGuard, aby się połączyć. Będziesz musiał przekierować wewnętrzne zasoby za pomocą adresu IP.",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "Rola usunięta",
    "accessRoleRemovedDescription": "Rola została pomyślnie usunięta.",
    "accessRoleRequiredRemove": "Przed usunięciem tej roli, wybierz nową rolę do której zostaną przeniesieni obecni członkowie.",
+    "network": "Sieć",
    "manage": "Zarządzaj",
    "sitesNotFound": "Nie znaleziono witryn.",
    "pangolinServerAdmin": "Administrator serwera - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "Nazwa wyświetlana dla tego dostawcy tożsamości",
    "idpAutoProvisionUsers": "Automatyczne tworzenie użytkowników",
    "idpAutoProvisionUsersDescription": "Gdy włączone, użytkownicy będą automatycznie tworzeni w systemie przy pierwszym logowaniu z możliwością mapowania użytkowników do ról i organizacji.",
+    "idpAutoProvisionConfigureAfterCreate": "Możesz skonfigurować automatyczne ustawienia provision, gdy dostawca tożsamości zostanie utworzony.",
    "licenseBadge": "EE",
    "idpType": "Typ dostawcy",
    "idpTypeDescription": "Wybierz typ dostawcy tożsamości, który chcesz skonfigurować",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "Domyślne mapowanie roli",
    "defaultMappingsRoleDescription": "JMESPath do wydobycia informacji o roli z tokena ID. Wynik tego wyrażenia musi zwrócić nazwę roli zdefiniowaną w organizacji jako ciąg znaków.",
    "defaultMappingsOrg": "Domyślne mapowanie organizacji",
-    "defaultMappingsOrgDescription": "JMESPath do wydobycia informacji o organizacji z tokena ID. To wyrażenie musi zwrócić ID organizacji lub true, aby użytkownik mógł uzyskać dostęp do organizacji.",
+    "defaultMappingsOrgDescription": "Gdy jest ustawiona, ta wyrażenie musi zwrócić identyfikator organizacji lub true, aby użytkownik mógł uzyskać dostęp do tej organizacji. Gdy nie jest ustawiona, wystarczające jest zdefiniowanie mapowania ról: użytkownik jest dopuszczony, o ile można rozwiązać dla niego ważne mapowanie ról w organizacji.",
    "defaultMappingsSubmit": "Zapisz domyślne mapowania",
    "orgPoliciesEdit": "Edytuj politykę organizacji",
    "org": "Organizacja",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "Ups! Strona, której szukasz, nie istnieje.",
    "overview": "Przegląd",
    "home": "Strona główna",
-    "accessControl": "Kontrola dostępu",
    "settings": "Ustawienia",
    "usersAll": "Wszyscy użytkownicy",
    "license": "Licencja",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "Pobierz użytkownika",
    "actionGetOrgUser": "Pobierz użytkownika organizacji",
    "actionListOrgDomains": "Lista domen organizacji",
+    "actionGetDomain": "Pobierz domenę",
+    "actionCreateOrgDomain": "Utwórz domenę",
+    "actionUpdateOrgDomain": "Aktualizuj domenę",
+    "actionDeleteOrgDomain": "Usuń domenę",
+    "actionGetDNSRecords": "Pobierz rekordy DNS",
+    "actionRestartOrgDomain": "Zrestartuj domenę",
    "actionCreateSite": "Utwórz witrynę",
    "actionDeleteSite": "Usuń witrynę",
    "actionGetSite": "Pobierz witrynę",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.",
    "setupTokenRequired": "Wymagany jest token konfiguracji",
    "actionUpdateSite": "Aktualizuj witrynę",
+    "actionResetSiteBandwidth": "Zresetuj przepustowość organizacji",
    "actionListSiteRoles": "Lista dozwolonych ról witryny",
    "actionCreateResource": "Utwórz zasób",
    "actionDeleteResource": "Usuń zasób",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "Usuń użytkownika",
    "actionListUsers": "Lista użytkowników",
    "actionAddUserRole": "Dodaj rolę użytkownika",
+    "actionSetUserOrgRoles": "Ustaw role użytkownika",
    "actionGenerateAccessToken": "Wygeneruj token dostępu",
    "actionDeleteAccessToken": "Usuń token dostępu",
    "actionListAccessTokens": "Lista tokenów dostępu",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "Zobacz dzienniki",
    "noneSelected": "Nie wybrano",
    "orgNotFound2": "Nie znaleziono organizacji.",
+    "search": "Szukaj…",
    "searchPlaceholder": "Szukaj...",
    "emptySearchOptions": "Nie znaleziono opcji",
    "create": "Utwórz",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "Prywatny",
    "sidebarAccessControl": "Kontrola dostępu",
    "sidebarLogsAndAnalytics": "Logi i Analityki",
+    "sidebarTeam": "Drużyna",
    "sidebarUsers": "Użytkownicy",
    "sidebarAdmin": "Administrator",
    "sidebarInvitations": "Zaproszenia",
    "sidebarRoles": "Role",
    "sidebarShareableLinks": "Linki",
    "sidebarApiKeys": "Klucze API",
+    "sidebarProvisioning": "Dostarczanie",
    "sidebarSettings": "Ustawienia",
    "sidebarAllUsers": "Wszyscy użytkownicy",
    "sidebarIdentityProviders": "Dostawcy tożsamości",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "Zarządzaj",
    "sidebarLogAndAnalytics": "Dziennik & Analityka",
    "sidebarBluePrints": "Schematy",
+    "sidebarAlerting": "Alarmowanie",
+    "sidebarHealthChecks": "Kontrole zdrowia",
    "sidebarOrganization": "Organizacja",
+    "sidebarManagement": "Zarządzanie",
    "sidebarBillingAndLicenses": "Płatność i licencje",
    "sidebarLogsAnalytics": "Analityka",
+    "alertingTitle": "Alarmowanie",
+    "alertingDescription": "Zdefiniuj źródła, ustawienia, i działania dla powiadomień",
+    "alertingRules": "Reguły alarmowe",
+    "alertingSearchRules": "Szukaj reguł…",
+    "alertingAddRule": "Utwórz Regułę",
+    "alertingColumnSource": "Źródło",
+    "alertingColumnTrigger": "Ustawienie",
+    "alertingColumnActions": "Akcje",
+    "alertingColumnEnabled": "Włączone",
+    "alertingDeleteQuestion": "Potwierdź, że chcesz usunąć tę regułę alarmową.",
+    "alertingDeleteRule": "Usuń regułę alarmową",
+    "alertingRuleDeleted": "Reguła alarmowa usunięta",
+    "alertingRuleSaved": "Reguła alarmowa zapisana",
+    "alertingRuleSavedCreatedDescription": "Nowa reguła alarmowa została utworzona. Możesz ją kontynuować edytować na tej stronie.",
+    "alertingRuleSavedUpdatedDescription": "Twoje zmiany w tej regule alarmowej zostały zapisane.",
+    "alertingEditRule": "Edytuj regułę alarmową",
+    "alertingCreateRule": "Utwórz regułę alarmową",
+    "alertingRuleCredenzaDescription": "Wybierz, co obserwować, kiedy uruchamiać i jak powiadamiać.",
+    "alertingRuleNamePlaceholder": "Strona produkcyjna w dół",
+    "alertingRuleEnabled": "Reguła włączona",
+    "alertingSectionSource": "Źródło",
+    "alertingSourceType": "Typ źródła",
+    "alertingSourceSite": "Witryna",
+    "alertingSourceHealthCheck": "Kontrola zdrowia",
+    "alertingPickSites": "Witryny",
+    "alertingPickHealthChecks": "Kontrole zdrowia",
+    "alertingPickResources": "Zasoby",
+    "alertingAllSites": "Wszystkie witryny",
+    "alertingAllSitesDescription": "Alarm uruchomiony dla dowolnej witryny",
+    "alertingSpecificSites": "Określone witryny",
+    "alertingSpecificSitesDescription": "Wybierz określone witryny do obserwacji",
+    "alertingAllHealthChecks": "Wszystkie Kontrole Zdrowia",
+    "alertingAllHealthChecksDescription": "Alarm uruchomiony dla dowolnej kontroli zdrowia",
+    "alertingSpecificHealthChecks": "Określone Kontrole Zdrowia",
+    "alertingSpecificHealthChecksDescription": "Wybierz określone kontrole zdrowia do obserwacji",
+    "alertingAllResources": "Wszystkie zasoby",
+    "alertingAllResourcesDescription": "Alarm uruchomiony dla dowolnego zasobu",
+    "alertingSpecificResources": "Określone Zasoby",
+    "alertingSpecificResourcesDescription": "Wybierz określone zasoby do obserwacji",
+    "alertingSelectResources": "Wybierz zasoby…",
+    "alertingResourcesSelected": "{count} zasobów wybrano",
+    "alertingResourcesEmpty": "Brak zasobów z celami w pierwszych 10 wynikach.",
+    "alertingSectionTrigger": "Ustawienie",
+    "alertingTrigger": "Kiedy alarmować",
+    "alertingTriggerSiteOnline": "Strona online",
+    "alertingTriggerSiteOffline": "Strona offline",
+    "alertingTriggerSiteToggle": "Status strony zmienia się",
+    "alertingTriggerHcHealthy": "Kontrola zdrowia zdrowa",
+    "alertingTriggerHcUnhealthy": "Kontrola zdrowia niezdrowa",
+    "alertingTriggerHcToggle": "Status kontroli zdrowia zmienia się",
+    "alertingTriggerResourceHealthy": "Zasób zdrowy",
+    "alertingTriggerResourceUnhealthy": "Zasób niezdrowy",
+    "alertingTriggerResourceDegraded": "Zasób pogorszony",
+    "alertingSearchHealthChecks": "Szukaj kontroli zdrowia…",
+    "alertingHealthChecksEmpty": "Brak dostępnych kontroli zdrowia.",
+    "alertingTriggerResourceToggle": "Zmiany statusu zasobu",
+    "alertingSourceResource": "Zasób",
+    "alertingSectionActions": "Akcje",
+    "alertingAddAction": "Dodaj Akcję",
+    "alertingActionNotify": "E-mail",
+    "alertingActionNotifyDescription": "Wyślij powiadomienia e-mail do użytkowników lub ról",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "Wyślij żądanie HTTP do niestandardowego punktu końcowego",
+    "alertingExternalIntegration": "Integracja Zewnętrzna",
+    "alertingExternalPagerDutyDescription": "Przesyłaj alerty do PagerDuty do zarządzania incydentami",
+    "alertingExternalOpsgenieDescription": "Kieruj alerty do Opsgenie dla zarządzania dyżurem",
+    "alertingExternalServiceNowDescription": "Twórz incydenty ServiceNow z alertów",
+    "alertingExternalIncidentIoDescription": "Wyzwalaj przepływy Incident.io z alertów",
+    "alertingActionType": "Typ akcji",
+    "alertingNotifyUsers": "Użytkownicy",
+    "alertingNotifyRoles": "Role",
+    "alertingNotifyEmails": "Adres e-mail",
+    "alertingEmailPlaceholder": "Dodaj e-mail i naciśnij Enter",
+    "alertingWebhookMethod": "Metoda HTTP",
+    "alertingWebhookSecret": "Sekret podpisu (opcjonalny)",
+    "alertingWebhookSecretPlaceholder": "Sekret HMAC",
+    "alertingWebhookHeaders": "Nagłówki",
+    "alertingAddHeader": "Dodaj nagłówek",
+    "alertingSelectSites": "Wybierz witryny…",
+    "alertingSitesSelected": "{count} witryny wybrano",
+    "alertingSelectHealthChecks": "Wybierz wyniki zdrowia…",
+    "alertingHealthChecksSelected": "{count} wyniki zdrowia wybrane",
+    "alertingNoHealthChecks": "Brak celów z aktywowanymi kontrolami zdrowia",
+    "alertingHealthCheckStub": "Wybór źródła kontroli zdrowia jeszcze nie skonfigurowany - możesz nadal skonfigurować wyzwalacze i akcje.",
+    "alertingSelectUsers": "Wybierz użytkowników…",
+    "alertingUsersSelected": "{count} użytkowników wybrano",
+    "alertingSelectRoles": "Wybierz role…",
+    "alertingRolesSelected": "{count} ról wybrano",
+    "alertingSummarySites": "Witryny ({count})",
+    "alertingSummaryAllSites": "Wszystkie witryny",
+    "alertingSummaryHealthChecks": "Kontrole zdrowia ({count})",
+    "alertingSummaryAllHealthChecks": "Wszystkie kontrole zdrowia",
+    "alertingSummaryResources": "Zasoby ({count})",
+    "alertingSummaryAllResources": "Wszystkie zasoby",
+    "alertingErrorNameRequired": "Wprowadź nazwę",
+    "alertingErrorActionsMin": "Dodaj co najmniej jedną akcję",
+    "alertingErrorPickSites": "Wybierz co najmniej jedną witrynę",
+    "alertingErrorPickHealthChecks": "Wybierz co najmniej jedną kontrolę zdrowia",
+    "alertingErrorPickResources": "Wybierz co najmniej jeden zasób",
+    "alertingErrorTriggerSite": "Wybierz wyzwalacz witryny",
+    "alertingErrorTriggerHealth": "Wybierz wyzwalacz kontroli zdrowia",
+    "alertingErrorTriggerResource": "Wybierz wyzwalacz zasobu",
+    "alertingErrorNotifyRecipients": "Wybierz użytkowników, role lub co najmniej jeden e-mail",
+    "alertingConfigureSource": "Skonfiguruj źródło",
+    "alertingConfigureTrigger": "Skonfiguruj wyzwalacz",
+    "alertingConfigureActions": "Skonfiguruj akcje",
+    "alertingBackToRules": "Powrót do reguł",
+    "alertingRuleCooldown": "Czas ochłodzenia (sekundy)",
+    "alertingRuleCooldownDescription": "Minimalny czas między powtórzonymi alarmami dla tej samej reguły. Ustaw na 0, aby wyzwalać za każdym razem.",
+    "alertingDraftBadge": "Szkic - zapisz, aby zachować tę regułę",
+    "alertingSidebarHint": "Kliknij krok na kanwie, aby edytować go tutaj.",
+    "alertingGraphCanvasTitle": "Przepływ reguł",
+    "alertingGraphCanvasDescription": "Wizualny podgląd źródła, wyzwalacza i akcji. Wybierz węzeł, aby edytować go w panelu.",
+    "alertingNodeNotConfigured": "Nie skonfigurowano jeszcze",
+    "alertingNodeActionsCount": "{count, plural, one {# akcja} few {# akcje} many {# akcji} other {# akcji}}",
+    "alertingNodeRoleSource": "Źródło",
+    "alertingNodeRoleTrigger": "Wyzwalacz",
+    "alertingNodeRoleAction": "Akcja",
+    "alertingTabRules": "Reguły Alarmowe",
+    "alertingTabHealthChecks": "Kontrole Zdrowia",
+    "alertingRulesBannerTitle": "Otrzymaj Powiadomienie",
+    "alertingRulesBannerDescription": "Każda reguła wiąże ze sobą co obserwować (np. witryna, kontrola zdrowia czy zasób), kiedy uruchomić (np. offline lub niezdrowy), oraz jak powiadomić zespół przez e-mail, webhooks lub integracje. Użyj tej listy, aby utworzyć, włączyć i zarządzać tymi regułami.",
+    "alertingHealthChecksBannerTitle": "Monitor Zdrowia i Zasobów",
+    "alertingHealthChecksBannerDescription": "Kontrole zdrowia to monitory HTTP lub TCP, które definiujesz raz. Następnie możesz używać ich jako źródeł w regułach alarmowych, aby otrzymywać powiadomienia, kiedy cel stanie się zdrowy lub niezdrowy. Kontrole zdrowia w zasobach również pojawiają się tutaj.",
+    "standaloneHcTableTitle": "Kontrole Zdrowia",
+    "standaloneHcSearchPlaceholder": "Szukaj kontroli zdrowia…",
+    "standaloneHcAddButton": "Utwórz Kontrolę Zdrowia",
+    "standaloneHcCreateTitle": "Utwórz Kontrolę Zdrowia",
+    "standaloneHcEditTitle": "Edytuj Kontrolę Zdrowia",
+    "standaloneHcDescription": "Skonfiguruj kontrolę zdrowia HTTP lub TCP do wykorzystania w regułach alarmowych.",
+    "standaloneHcNameLabel": "Nazwa",
+    "standaloneHcNamePlaceholder": "Mój Monitor HTTP",
+    "standaloneHcDeleteTitle": "Usuń kontrolę zdrowia",
+    "standaloneHcDeleteQuestion": "Potwierdź, że chcesz usunąć tę kontrolę zdrowia.",
+    "standaloneHcDeleted": "Kontrola zdrowia usunięta",
+    "standaloneHcSaved": "Kontrola zdrowia zapisana",
+    "standaloneHcColumnHealth": "Zdrowie",
+    "standaloneHcColumnMode": "Tryb",
+    "standaloneHcColumnTarget": "Cel",
+    "standaloneHcHealthStateHealthy": "Zdrowy",
+    "standaloneHcHealthStateUnhealthy": "Niezdrowy",
+    "standaloneHcHealthStateUnknown": "Nieznany",
+    "standaloneHcFilterAnySite": "Wszystkie witryny",
+    "standaloneHcFilterAnyResource": "Wszystkie zasoby",
+    "standaloneHcFilterMode": "Tryb",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "Zdrowie",
+    "standaloneHcFilterEnabled": "Włączone",
+    "standaloneHcFilterEnabledOn": "Włączone",
+    "standaloneHcFilterEnabledOff": "Wyłączone",
+    "standaloneHcFilterSiteIdFallback": "Witryna {id}",
+    "standaloneHcFilterResourceIdFallback": "Zasób {id}",
    "blueprints": "Schematy",
    "blueprintsDescription": "Zastosuj konfiguracje deklaracyjne i wyświetl poprzednie operacje",
    "blueprintAdd": "Dodaj schemat",
@@ -1289,7 +1560,6 @@
    "parsedContents": "Przetworzona zawartość (tylko do odczytu)",
    "enableDockerSocket": "Włącz schemat dokera",
    "enableDockerSocketDescription": "Włącz etykietowanie kieszeni dokującej dla etykiet schematów. Ścieżka do gniazda musi być dostarczona do Newt.",
-    "enableDockerSocketLink": "Dowiedz się więcej",
    "viewDockerContainers": "Zobacz kontenery dokujące",
    "containersIn": "Pojemniki w {siteName}",
    "selectContainerDescription": "Wybierz dowolny kontener do użycia jako nazwa hosta dla tego celu. Kliknij port, aby użyć portu.",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "Utwórz początkowe konto administratora serwera. Może istnieć tylko jeden administrator serwera. Zawsze można zmienić te dane uwierzytelniające.",
    "createAdminAccount": "Utwórz konto administratora",
    "setupErrorCreateAdmin": "Wystąpił błąd podczas tworzenia konta administratora serwera.",
-    "certificateStatus": "Status certyfikatu",
+    "certificateStatus": "Certyfikat",
+    "certificateStatusAutoRefreshHint": "Status odświeża się automatycznie.",
    "loading": "Ładowanie",
    "loadingAnalytics": "Ładowanie Analityki",
    "restart": "Uruchom ponownie",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "Zobacz informacje o wydaniu",
    "newtUpdateAvailable": "Dostępna aktualizacja",
    "newtUpdateAvailableInfo": "Nowa wersja Newt jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
+    "pangolinNodeUpdateAvailableInfo": "Nowa wersja Pangolin Node jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
    "domainPickerEnterDomain": "Domena",
    "domainPickerPlaceholder": "mojapp.example.com",
    "domainPickerDescription": "Wpisz pełną domenę zasobu, aby zobaczyć dostępne opcje.",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "Przestrzeń nazw: {namespace}",
    "domainPickerShowMore": "Pokaż więcej",
    "regionSelectorTitle": "Wybierz region",
+    "domainPickerRemoteExitNodeWarning": "Podane domeny nie są obsługiwane, gdy witryny łączą się ze zdalnymi węzłami wyjścia. Aby zasoby były dostępne w węzłach zdalnych, użyj domeny niestandardowej.",
    "regionSelectorInfo": "Wybór regionu pomaga nam zapewnić lepszą wydajność dla Twojej lokalizacji. Nie musisz być w tym samym regionie co Twój serwer.",
    "regionSelectorPlaceholder": "Wybierz region",
    "regionSelectorComingSoon": "Wkrótce dostępne",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "Powiadomienie o dostępności funkcji",
    "billingFeatureLossDescription": "Po obniżeniu wartości funkcje niedostępne w nowym planie zostaną automatycznie wyłączone. Niektóre ustawienia i konfiguracje mogą zostać utracone. Zapoznaj się z matrycą cenową, aby zrozumieć, które funkcje nie będą już dostępne.",
    "billingUsageExceedsLimit": "Bieżące użycie ({current}) przekracza limit ({limit})",
+    "billingPastDueTitle": "Płatność w przeszłości",
+    "billingPastDueDescription": "Twoja płatność jest zaległa. Zaktualizuj metodę płatności, aby kontynuować korzystanie z funkcji aktualnego planu. Jeśli nie zostanie rozwiązana, Twoja subskrypcja zostanie anulowana i zostaniesz przywrócony do darmowego poziomu.",
+    "billingUnpaidTitle": "Subskrypcja niezapłacona",
+    "billingUnpaidDescription": "Twoja subskrypcja jest niezapłacona i została przywrócona do darmowego poziomu. Zaktualizuj swoją metodę płatności, aby przywrócić subskrypcję.",
+    "billingIncompleteTitle": "Płatność niezakończona",
+    "billingIncompleteDescription": "Twoja płatność jest niekompletna. Ukończ proces płatności, aby aktywować subskrypcję.",
+    "billingIncompleteExpiredTitle": "Płatność wygasła",
+    "billingIncompleteExpiredDescription": "Twoja płatność nigdy nie została zakończona i wygasła. Zostałeś przywrócony do darmowego poziomu. Zapisz się ponownie, aby przywrócić dostęp do płatnych funkcji.",
+    "billingManageSubscription": "Zarządzaj subskrypcją",
+    "billingResolvePaymentIssue": "Rozwiąż problem z płatnościami przed aktualizacją lub obniżeniem oceny",
    "signUpTerms": {
        "IAgreeToThe": "Zgadzam się z",
        "termsOfService": "warunkami usługi",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "Skonfiguruj Kontrolę Zdrowia",
    "configureHealthCheckDescription": "Skonfiguruj monitorowanie zdrowia dla {target}",
    "enableHealthChecks": "Włącz Kontrole Zdrowia",
+    "healthCheckDisabledStateDescription": "Gdy wyłączone, strona nie będzie wykonywać kontroli zdrowia, a stan zostanie uznany za nieznany.",
    "enableHealthChecksDescription": "Monitoruj zdrowie tego celu. Możesz monitorować inny punkt końcowy niż docelowy w razie potrzeby.",
    "healthScheme": "Metoda",
    "healthSelectScheme": "Wybierz metodę",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "Czas w sekundach",
    "requireDeviceApproval": "Wymagaj zatwierdzenia urządzenia",
    "requireDeviceApprovalDescription": "Użytkownicy o tej roli potrzebują nowych urządzeń zatwierdzonych przez administratora, zanim będą mogli połączyć się i uzyskać dostęp do zasobów.",
+    "sshAccess": "Dostęp SSH",
+    "roleAllowSsh": "Zezwalaj na SSH",
+    "roleAllowSshAllow": "Zezwól",
+    "roleAllowSshDisallow": "Nie zezwalaj",
+    "roleAllowSshDescription": "Zezwalaj użytkownikom z tej roli na łączenie się z zasobami za pomocą SSH. Gdy wyłączone, rola nie może korzystać z dostępu SSH.",
+    "sshSudoMode": "Dostęp Sudo",
+    "sshSudoModeNone": "Brak",
+    "sshSudoModeNoneDescription": "Użytkownik nie może uruchamiać poleceń z sudo.",
+    "sshSudoModeFull": "Pełne Sudo",
+    "sshSudoModeFullDescription": "Użytkownik może uruchomić dowolne polecenie z sudo.",
+    "sshSudoModeCommands": "Polecenia",
+    "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
+    "sshSudo": "Zezwól na sudo",
+    "sshSudoCommands": "Komendy Sudo",
+    "sshSudoCommandsDescription": "Lista poleceń oddzielonych przecinkami, które użytkownik może uruchamiać z sudo.",
+    "sshCreateHomeDir": "Utwórz katalog domowy",
+    "sshUnixGroups": "Grupy Unix",
+    "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
    "retryAttempts": "Próby Ponowienia",
    "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
    "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "Interwał sprawdzania musi wynosić co najmniej 5 sekund",
    "healthCheckTimeoutMin": "Limit czasu musi wynosić co najmniej 1 sekundę",
    "healthCheckRetryMin": "Liczba prób ponowienia musi wynosić co najmniej 1",
+    "healthCheckMode": "Tryb kontroli",
+    "healthCheckStrategy": "Strategia",
+    "healthCheckModeDescription": "Tryb TCP weryfikuje tylko łączność. Tryb HTTP ocenia odpowiedź HTTP.",
+    "healthyThreshold": "Próg zdrowia",
+    "healthyThresholdDescription": "Wymagane sukcesy pod rząd, zanim oznaczy się jako zdrowe.",
+    "unhealthyThreshold": "Próg niezdrowia",
+    "unhealthyThresholdDescription": "Wymagane niepowodzenia z rzędu, zanim oznaczy się jako niezdrowe.",
+    "healthCheckHealthyThresholdMin": "Próg zdrowia musi wynosić co najmniej 1",
+    "healthCheckUnhealthyThresholdMin": "Próg niezdrowia musi wynosić co najmniej 1",
    "httpMethod": "Metoda HTTP",
    "selectHttpMethod": "Wybierz metodę HTTP",
    "domainPickerSubdomainLabel": "Poddomena",
+    "domainPickerWildcard": "Uniwersalny",
+    "domainPickerWildcardPaidOnly": "Uniwersalne subdomeny są płatną funkcją. Proszę dokonać aktualizacji, aby uzyskać dostęp do tej funkcji.",
    "domainPickerBaseDomainLabel": "Domen bazowa",
    "domainPickerSearchDomains": "Szukaj domen...",
    "domainPickerNoDomainsFound": "Nie znaleziono domen",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "Ten adres jest częścią podsieci użyteczności organizacji. Jest używany do rozwiązywania rekordów aliasu przy użyciu wewnętrznej rozdzielczości DNS.",
    "resourcesTableClients": "Klientami",
    "resourcesTableAndOnlyAccessibleInternally": "i są dostępne tylko wewnętrznie po połączeniu z klientem.",
-    "resourcesTableNoTargets": "Brak celów",
    "resourcesTableHealthy": "Zdrowe",
    "resourcesTableDegraded": "Degradacja",
-    "resourcesTableOffline": "Offline",
+    "resourcesTableUnhealthy": "Niezdrowy",
    "resourcesTableUnknown": "Nieznane",
    "resourcesTableNotMonitored": "Nie monitorowano",
+    "resourcesTableNoTargets": "Brak celów",
    "editInternalResourceDialogEditClientResource": "Edytuj Zasoby Prywatne",
    "editInternalResourceDialogUpdateResourceProperties": "Aktualizuj konfigurację zasobów i kontrolę dostępu dla {resourceName}",
    "editInternalResourceDialogResourceProperties": "Właściwości zasobów",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "Port",
    "editInternalResourceDialogModeHost": "Host",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "Schemat",
+    "editInternalResourceDialogEnableSsl": "Włącz SSL",
+    "editInternalResourceDialogEnableSslDescription": "Włącz szyfrowanie SSL/TLS dla bezpiecznych połączeń HTTPS z miejscem docelowym.",
    "editInternalResourceDialogDestination": "Miejsce docelowe",
    "editInternalResourceDialogDestinationHostDescription": "Adres IP lub nazwa hosta zasobu w sieci witryny.",
    "editInternalResourceDialogDestinationIPDescription": "Adres IP lub nazwa hosta zasobu w sieci witryny.",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "Nazwa",
    "createInternalResourceDialogSite": "Witryna",
    "selectSite": "Wybierz stronę...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# witryna} few {# witryny} many {# witryn} other {# witryn}}",
    "noSitesFound": "Nie znaleziono stron.",
    "createInternalResourceDialogProtocol": "Protokół",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "Port",
    "createInternalResourceDialogModeHost": "Host",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "Schemat",
+    "createInternalResourceDialogScheme": "Schemat",
+    "createInternalResourceDialogEnableSsl": "Włącz SSL",
+    "createInternalResourceDialogEnableSslDescription": "Włącz szyfrowanie SSL/TLS dla bezpiecznych połączeń HTTPS z miejscem docelowym.",
    "createInternalResourceDialogDestination": "Miejsce docelowe",
    "createInternalResourceDialogDestinationHostDescription": "Adres IP lub nazwa hosta zasobu w sieci witryny.",
    "createInternalResourceDialogDestinationCidrDescription": "Zakres CIDR zasobu w sieci witryny.",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "Opcjonalny wewnętrzny alias DNS dla tego zasobu.",
+    "internalResourceDownstreamSchemeRequired": "Schemat jest wymagany dla zasobów HTTP",
+    "internalResourceHttpPortRequired": "Port docelowy jest wymagany dla zasobów HTTP",
    "siteConfiguration": "Konfiguracja",
    "siteAcceptClientConnections": "Akceptuj połączenia klienta",
    "siteAcceptClientConnectionsDescription": "Zezwalaj urządzeniom i klientom na dostęp do zasobów na tej stronie. Może to zostać zmienione później.",
@@ -1851,12 +2178,46 @@
    "exitNode": "Węzeł Wyjściowy",
    "country": "Kraj",
    "rulesMatchCountry": "Obecnie bazuje na adresie IP źródła",
+    "region": "Region",
+    "selectRegion": "Wybierz region",
+    "searchRegions": "Szukaj regionów...",
+    "noRegionFound": "Nie znaleziono regionu.",
+    "rulesMatchRegion": "Wybierz regionalną grupę krajów",
+    "rulesErrorInvalidRegion": "Nieprawidłowy region",
+    "rulesErrorInvalidRegionDescription": "Proszę wybrać prawidłowy region.",
+    "regionAfrica": "Afryka",
+    "regionNorthernAfrica": "Afryka Północna",
+    "regionEasternAfrica": "Afryka Wschodnia",
+    "regionMiddleAfrica": "Afryka Środkowa",
+    "regionSouthernAfrica": "Afryka Południowa",
+    "regionWesternAfrica": "Afryka Zachodnia",
+    "regionAmericas": "Ameryka",
+    "regionCaribbean": "Karaiby",
+    "regionCentralAmerica": "Ameryka Środkowa",
+    "regionSouthAmerica": "Ameryka Południowej",
+    "regionNorthernAmerica": "Ameryka Północna",
+    "regionAsia": "Akwakultura",
+    "regionCentralAsia": "Azja Środkowa",
+    "regionEasternAsia": "Azja Wschodnia",
+    "regionSouthEasternAsia": "Azja Południowo-Wschodnia",
+    "regionSouthernAsia": "Azja Południowa",
+    "regionWesternAsia": "Azja Zachodnia",
+    "regionEurope": "Europa",
+    "regionEasternEurope": "Europa Wschodnia",
+    "regionNorthernEurope": "Europa Północna",
+    "regionSouthernEurope": "Europa Południowa",
+    "regionWesternEurope": "Europa Zachodnia",
+    "regionOceania": "Oceania",
+    "regionAustraliaAndNewZealand": "Australia i Nowa Zelandia",
+    "regionMelanesia": "Melanesia",
+    "regionMicronesia": "Micronesia",
+    "regionPolynesia": "Polynesia",
    "managedSelfHosted": {
        "title": "Zarządzane Samodzielnie-Hostingowane",
        "description": "Większa niezawodność i niska konserwacja serwera Pangolin z dodatkowymi dzwonkami i sygnałami",
        "introTitle": "Zarządzany samowystarczalny Pangolin",
        "introDescription": "jest opcją wdrażania zaprojektowaną dla osób, które chcą prostoty i dodatkowej niezawodności, przy jednoczesnym utrzymaniu swoich danych prywatnych i samodzielnych.",
-        "introDetail": "Z tą opcją nadal obsługujesz swój własny węzeł Pangolin — tunele, zakończenie SSL i ruch na Twoim serwerze. Różnica polega na tym, że zarządzanie i monitorowanie odbywa się za pomocą naszej tablicy rozdzielczej, która odblokowuje szereg korzyści:",
+        "introDetail": "Z tą opcją nadal obsługujesz swój własny węzeł Pangolin - tunele, zakończenie SSL i ruch na Twoim serwerze. Różnica polega na tym, że zarządzanie i monitorowanie odbywa się za pomocą naszej tablicy rozdzielczej, która odblokowuje szereg korzyści:",
        "benefitSimplerOperations": {
            "title": "Uproszczone operacje",
            "description": "Nie ma potrzeby uruchamiania własnego serwera pocztowego lub ustawiania skomplikowanych powiadomień. Będziesz mieć kontrolę zdrowia i powiadomienia o przestoju."
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "Wykryto międzynarodową domenę",
    "willbestoredas": "Będą przechowywane jako:",
-    "roleMappingDescription": "Określ jak role są przypisywane do użytkowników podczas logowania się, gdy automatyczne świadczenie jest włączone.",
+    "roleMappingDescription": "Określ, jak role są przypisywane użytkownikom podczas logowania się z tym dostawcą tożsamości.",
    "selectRole": "Wybierz rolę",
    "roleMappingExpression": "Wyrażenie",
    "selectRolePlaceholder": "Wybierz rolę",
@@ -1899,6 +2260,25 @@
    "invalidValue": "Nieprawidłowa wartość",
    "idpTypeLabel": "Typ dostawcy tożsamości",
    "roleMappingExpressionPlaceholder": "np. zawiera(grupy, 'admin') && 'Admin' || 'Członek'",
+    "roleMappingModeFixedRoles": "Stałe role",
+    "roleMappingModeMappingBuilder": "Konstruktor mapowania",
+    "roleMappingModeRawExpression": "Surowe wyrażenie",
+    "roleMappingFixedRolesPlaceholderSelect": "Wybierz jedną lub więcej ról",
+    "roleMappingFixedRolesPlaceholderFreeform": "Wpisz nazwy ról (dopasowanie na organizację)",
+    "roleMappingFixedRolesDescriptionSameForAll": "Przypisz tę samą rolę do każdego automatycznie udostępnionego użytkownika.",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "W przypadku domyślnych zasad nazwy ról typu które istnieją w każdej organizacji, gdzie użytkownicy są zapisywani. Nazwy muszą się dokładnie zgadzać.",
+    "roleMappingClaimPath": "Ścieżka przejęcia",
+    "roleMappingClaimPathPlaceholder": "grupy",
+    "roleMappingClaimPathDescription": "Ścieżka w payloadzie tokenów, która zawiera wartości źródłowe (np. grupy).",
+    "roleMappingMatchValue": "Wartość dopasowania",
+    "roleMappingAssignRoles": "Przypisz role",
+    "roleMappingAddMappingRule": "Dodaj regułę mapowania",
+    "roleMappingRawExpressionResultDescription": "Wyrażenie musi ocenić do tablicy ciągów lub ciągów.",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "Wyrażenie musi oceniać ciąg znaków (pojedyncza nazwa).",
+    "roleMappingMatchValuePlaceholder": "Wartość dopasowania (na przykład: admin)",
+    "roleMappingAssignRolesPlaceholderFreeform": "Wpisz nazwy ról (aktywizacja na org)",
+    "roleMappingBuilderFreeformRowHint": "Nazwy ról muszą pasować do roli w każdej organizacji docelowej.",
+    "roleMappingRemoveRule": "Usuń",
    "idpGoogleConfiguration": "Konfiguracja Google",
    "idpGoogleConfigurationDescription": "Skonfiguruj dane logowania Google OAuth2",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "Wybierz domenę dla strony uwierzytelniania organizacji",
    "domainPickerProvidedDomain": "Dostarczona domena",
    "domainPickerFreeProvidedDomain": "Darmowa oferowana domena",
+    "domainPickerFreeDomainsPaidFeature": "Dostarczane domeny to funkcja płatna. Subskrybuj, aby uzyskać domenę w ramach swojego planu - nie ma potrzeby przynoszenia własnej.",
    "domainPickerVerified": "Zweryfikowano",
    "domainPickerUnverified": "Niezweryfikowane",
-    "domainPickerInvalidSubdomainStructure": "Ta subdomena zawiera nieprawidłowe znaki lub strukturę. Zostanie ona automatycznie oczyszczona po zapisaniu.",
+    "domainPickerManual": "Podręcznik",
+    "domainPickerInvalidSubdomainStructure": "Nieprawidłowe znaki zostaną zsanitowane, gdy zostaną zapisane.",
    "domainPickerError": "Błąd",
    "domainPickerErrorLoadDomains": "Nie udało się załadować domen organizacji",
    "domainPickerErrorCheckAvailability": "Nie udało się sprawdzić dostępności domeny",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "Wybierz swojego dostawcę tożsamości, aby kontynuować",
    "orgAuthNoIdpConfigured": "Ta organizacja nie ma skonfigurowanych żadnych dostawców tożsamości. Zamiast tego możesz zalogować się za pomocą swojej tożsamości Pangolin.",
    "orgAuthSignInWithPangolin": "Zaloguj się używając Pangolin",
-    "orgAuthSignInToOrg": "Zaloguj się do organizacji",
+    "orgAuthSignInToOrg": "Dostawca tożsamości organizacji (SSO)",
    "orgAuthSelectOrgTitle": "Logowanie do organizacji",
    "orgAuthSelectOrgDescription": "Wprowadź identyfikator organizacji, aby kontynuować",
    "orgAuthOrgIdPlaceholder": "twoja-organizacja",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "Skala",
-                "description": "Cechy przedsiębiorstw, 50 użytkowników, 50 obiektów i wsparcie priorytetowe."
+                "description": "Funkcje dla przedsiębiorstw, 50 użytkowników, 100 witryn i priorytetowe wsparcie."
            }
        },
-        "personalUseOnly": "Wyłącznie do użytku osobistego (bezpłatna licencja – brak zamówień)",
+        "personalUseOnly": "Tylko do użytku osobistego (darmowa licencja - bez płatności)",
        "buttons": {
            "continueToCheckout": "Przejdź do zamówienia"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "Prawidłowe hasło",
    "validEmail": "Valid email",
    "validSSO": "Valid SSO",
+    "connectedClient": "Połączony Klient",
    "resourceBlocked": "Zasób zablokowany",
    "droppedByRule": "Upuszczone przez regułę",
    "noSessions": "Brak sesji",
@@ -2277,24 +2660,26 @@
    "noMoreAuthMethods": "No Valid Auth",
    "ip": "IP",
    "reason": "Powód",
-    "requestLogs": "Dzienniki żądań",
+    "requestLogs": "Dzienniki żądań HTTP",
    "requestAnalytics": "Żądanie Analityki",
    "host": "Host",
    "location": "Lokalizacja",
    "actionLogs": "Dzienniki działań",
-    "sidebarLogsRequest": "Dzienniki żądań",
+    "sidebarLogsRequest": "Dzienniki żądań HTTP",
    "sidebarLogsAccess": "Logi dostępu",
    "sidebarLogsAction": "Dzienniki działań",
    "logRetention": "Zachowanie dziennika",
    "logRetentionDescription": "Zarządzaj jak długo różne typy logów są zachowane dla tej organizacji lub wyłącz je",
    "requestLogsDescription": "Zobacz szczegółowe dzienniki żądań zasobów w tej organizacji",
    "requestAnalyticsDescription": "Zobacz szczegółowe analizy żądań dla zasobów w tej organizacji",
-    "logRetentionRequestLabel": "Zachowanie dziennika żądań",
+    "logRetentionRequestLabel": "Przechowywanie dzienników żądań HTTP",
    "logRetentionRequestDescription": "Jak długo zachować dzienniki żądań",
    "logRetentionAccessLabel": "Zachowanie dziennika dostępu",
    "logRetentionAccessDescription": "Jak długo zachować dzienniki dostępu",
    "logRetentionActionLabel": "Zachowanie dziennika akcji",
    "logRetentionActionDescription": "Jak długo zachować dzienniki akcji",
+    "logRetentionConnectionLabel": "Zachowanie dziennika połączeń",
+    "logRetentionConnectionDescription": "Jak długo zachować dzienniki połączeń",
    "logRetentionDisabled": "Wyłączone",
    "logRetention3Days": "3 dni",
    "logRetention7Days": "7 dni",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "Koniec następnego roku",
    "actionLogsDescription": "Zobacz historię działań wykonywanych w tej organizacji",
    "accessLogsDescription": "Wyświetl prośby o autoryzację dostępu do zasobów w tej organizacji",
-    "licenseRequiredToUse": "Do korzystania z tej funkcji wymagana jest licencja <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> . Ta funkcja jest również dostępna w <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
-    "ossEnterpriseEditionRequired": "<enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> jest wymagany do korzystania z tej funkcji. Ta funkcja jest również dostępna w <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
+    "connectionLogs": "Dzienniki połączeń",
+    "connectionLogsDescription": "Wyświetl dzienniki połączeń dla tuneli w tej organizacji",
+    "sidebarLogsConnection": "Dzienniki połączeń",
+    "sidebarLogsStreaming": "Strumieniowanie",
+    "sourceAddress": "Adres źródłowy",
+    "destinationAddress": "Adres docelowy",
+    "duration": "Czas trwania",
+    "licenseRequiredToUse": "Do korzystania z tej funkcji wymagana jest licencja <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> lub <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> . <bookADemoLink>Zarezerwuj wersję demonstracyjną lub wersję próbną POC</bookADemoLink>.",
+    "ossEnterpriseEditionRequired": "<enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> jest wymagany do korzystania z tej funkcji. Ta funkcja jest również dostępna w <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>. <bookADemoLink>Zarezerwuj demo lub okres próbny POC</bookADemoLink>.",
    "certResolver": "Rozwiązywanie certyfikatów",
    "certResolverDescription": "Wybierz resolver certyfikatów do użycia dla tego zasobu.",
    "selectCertResolver": "Wybierz Resolver certyfikatów",
@@ -2448,6 +2840,9 @@
    "machineClients": "Klienci maszyn",
    "install": "Zainstaluj",
    "run": "Uruchom",
+    "envFile": "Plik środowiska",
+    "serviceFile": "Plik serwisu",
+    "enableAndStart": "Włącz i Uruchom",
    "clientNameDescription": "Wyświetlana nazwa klienta, która może zostać zmieniona później.",
    "clientAddress": "Adres klienta (Zaawansowany)",
    "setupFailedToFetchSubnet": "Nie udało się pobrać domyślnej podsieci",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "Dodaj klientów",
    "editInternalResourceDialogDestinationLabel": "Miejsce docelowe",
    "editInternalResourceDialogDestinationDescription": "Określ adres docelowy dla wewnętrznego zasobu. Może to być nazwa hosta, adres IP lub zakres CIDR, w zależności od wybranego trybu. Opcjonalnie ustaw wewnętrzny alias DNS dla łatwiejszej identyfikacji.",
+    "internalResourceFormMultiSiteRoutingHelp": "Wybór wielu stron umożliwia odporne trasowanie i awarię dla wysokiej dostępności.",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "Dowiedz się więcej",
    "editInternalResourceDialogPortRestrictionsDescription": "Ogranicz dostęp do konkretnych portów TCP/UDP lub zezwól/zablokuj wszystkie porty.",
+    "createInternalResourceDialogHttpConfiguration": "Konfiguracja HTTP",
+    "createInternalResourceDialogHttpConfigurationDescription": "Wybierz domenę, której klienci będą używać, aby dotrzeć do tego zasobu przez HTTP lub HTTPS.",
+    "editInternalResourceDialogHttpConfiguration": "Konfiguracja HTTP",
+    "editInternalResourceDialogHttpConfigurationDescription": "Wybierz domenę, której klienci będą używać, aby dotrzeć do tego zasobu przez HTTP lub HTTPS.",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "Kontrola dostępu",
    "editInternalResourceDialogAccessControlDescription": "Kontroluj, które role, użytkownicy i klienci maszyn mają dostęp do tego zasobu po połączeniu. Administratorzy zawsze mają dostęp.",
    "editInternalResourceDialogPortRangeValidationError": "Zakres portów musi być \"*\" dla wszystkich portów lub listą portów i zakresów oddzielonych przecinkami (np. \"80,443,8000-9000\"). Porty muszą znajdować się w przedziale od 1 do 65535.",
+    "internalResourceAuthDaemonStrategy": "SSH Auth Daemon Lokalizacja",
+    "internalResourceAuthDaemonStrategyDescription": "Wybierz, gdzie działa demon uwierzytelniania SSH: na stronie (Newt) lub na zdalnym serwerze.",
+    "internalResourceAuthDaemonDescription": "Uwierzytelnianie SSH obsługuje podpisywanie klucza SSH i uwierzytelnianie PAM dla tego zasobu. Wybierz, czy działa na stronie (Newt), czy na oddzielnym serwerze zdalnym. Zobacz <docsLink>dokumentację</docsLink> dla więcej.",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "Wybierz strategię",
+    "internalResourceAuthDaemonStrategyLabel": "Lokalizacja",
+    "internalResourceAuthDaemonSite": "Na stronie",
+    "internalResourceAuthDaemonSiteDescription": "Demon Auth działa na stronie (nowy).",
+    "internalResourceAuthDaemonRemote": "Zdalny host",
+    "internalResourceAuthDaemonRemoteDescription": "Demon Auth działa na serwerze, który nie jest stroną.",
+    "internalResourceAuthDaemonPort": "Port Daemon (opcjonalnie)",
    "orgAuthWhatsThis": "Gdzie mogę znaleźć swój identyfikator organizacji?",
    "learnMore": "Dowiedz się więcej",
    "backToHome": "Wróć do strony głównej",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "Wrócimy wkrótce! Nasza strona przechodzi obecnie zaplanowaną konserwację.",
    "maintenancePageMessageDescription": "Szczegółowy komunikat wyjaśniający konserwację",
    "maintenancePageTimeTitle": "Szacowany czas zakończenia (opcjonalnie)",
+    "privateMaintenanceScreenTitle": "Ekraan prywatnego utrzymania",
+    "privateMaintenanceScreenMessage": "Ta domena jest wykorzystywana na prywatnym zasobie. Połącz się za pomocą klienta Pangolin, aby uzyskać dostęp do tego zasobu.",
+    "privateMaintenanceScreenSteps": "Po połączeniu, jeśli nadal widzisz tę wiadomość, pamięć podręczna DNS przeglądarki może nadal wskazywać na stary adres. Aby to naprawić: zamknij i otwórz ponownie tę kartę lub przeglądarkę, a następnie przejdź z powrotem na tę stronę.",
    "maintenanceTime": "np. 2 godziny, 1 listopad o 17:00",
    "maintenanceEstimatedTimeDescription": "Kiedy oczekujesz zakończenia konserwacji",
    "editDomain": "Edytuj domenę",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "Włącz zatwierdzanie urządzenia",
    "approvalsEmptyStateStep2Description": "Edytuj rolę i włącz opcję \"Wymagaj zatwierdzenia urządzenia\". Użytkownicy z tą rolą będą potrzebowali zatwierdzenia administratora dla nowych urządzeń.",
    "approvalsEmptyStatePreviewDescription": "Podgląd: Gdy włączone, oczekujące prośby o sprawdzenie pojawią się tutaj",
-    "approvalsEmptyStateButtonText": "Zarządzaj rolami"
+    "approvalsEmptyStateButtonText": "Zarządzaj rolami",
+    "domainErrorTitle": "Mamy problem z weryfikacją Twojej domeny",
+    "idpAdminAutoProvisionPoliciesTabHint": "Skonfiguruj mapowanie ról i zasady organizacji na karcie <policiesTabLink>Auto Provivision Settings</policiesTabLink>.",
+    "streamingTitle": "Strumieniowanie wydarzeń",
+    "streamingDescription": "Wydarzenia strumieniowe z Twojej organizacji do zewnętrznych miejsc przeznaczenia w czasie rzeczywistym.",
+    "streamingUnnamedDestination": "Miejsce przeznaczenia bez nazwy",
+    "streamingNoUrlConfigured": "Brak skonfigurowanego adresu URL",
+    "streamingAddDestination": "Dodaj cel",
+    "streamingHttpWebhookTitle": "Webhook HTTP",
+    "streamingHttpWebhookDescription": "Wyślij zdarzenia do dowolnego punktu końcowego HTTP z elastycznym uwierzytelnianiem i szablonem.",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "Zdarzenia strumieniowe do magazynu obiektów kompatybilnych z S3. Już wkrótce.",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "Przekaż wydarzenia bezpośrednio do Twojego konta Datadog. Już wkrótce.",
+    "streamingTypePickerDescription": "Wybierz typ docelowy, aby rozpocząć.",
+    "streamingFailedToLoad": "Nie udało się załadować miejsc docelowych",
+    "streamingUnexpectedError": "Wystąpił nieoczekiwany błąd.",
+    "streamingFailedToUpdate": "Nie udało się zaktualizować miejsca docelowego",
+    "streamingDeletedSuccess": "Cel usunięty pomyślnie",
+    "streamingFailedToDelete": "Nie udało się usunąć miejsca docelowego",
+    "streamingDeleteTitle": "Usuń cel",
+    "streamingDeleteButtonText": "Usuń cel",
+    "streamingDeleteDialogAreYouSure": "Czy na pewno chcesz usunąć",
+    "streamingDeleteDialogThisDestination": "ten cel",
+    "streamingDeleteDialogPermanentlyRemoved": "? Wszystkie konfiguracje zostaną trwale usunięte.",
+    "httpDestEditTitle": "Edytuj cel",
+    "httpDestAddTitle": "Dodaj cel HTTP",
+    "httpDestEditDescription": "Aktualizuj konfigurację dla tego celu przesyłania strumieniowego zdarzeń HTTP.",
+    "httpDestAddDescription": "Skonfiguruj nowy punkt końcowy HTTP, aby otrzymywać wydarzenia organizacji.",
+    "S3DestEditTitle": "Edytuj Miejsce Docelowe",
+    "S3DestAddTitle": "Dodaj Miejsce Docelowe S3",
+    "S3DestEditDescription": "Zaktualizuj konfigurację dla tego miejsca docelowego strumieniowego zdarzeń S3.",
+    "S3DestAddDescription": "Skonfiguruj nowy punkt końcowy S3, aby odbierać zdarzenia Twojej organizacji.",
+    "datadogDestEditTitle": "Edytuj Miejsce Docelowe",
+    "datadogDestAddTitle": "Dodaj Miejsce Docelowe Datadog",
+    "datadogDestEditDescription": "Zaktualizuj konfigurację dla tego miejsca docelowego strumieniowego zdarzeń Datadog.",
+    "datadogDestAddDescription": "Skonfiguruj nowy punkt końcowy Datadog, aby odbierać zdarzenia Twojej organizacji.",
+    "httpDestTabSettings": "Ustawienia",
+    "httpDestTabHeaders": "Nagłówki",
+    "httpDestTabBody": "Ciało",
+    "httpDestTabLogs": "Logi",
+    "httpDestNamePlaceholder": "Mój cel HTTP",
+    "httpDestUrlLabel": "Adres docelowy",
+    "httpDestUrlErrorHttpRequired": "Adres URL musi używać http lub https",
+    "httpDestUrlErrorHttpsRequired": "HTTPS jest wymagany dla wdrożenia w chmurze",
+    "httpDestUrlErrorInvalid": "Wprowadź poprawny adres URL (np. https://example.com/webhook)",
+    "httpDestAuthTitle": "Uwierzytelnianie",
+    "httpDestAuthDescription": "Wybierz sposób uwierzytelniania żądań do Twojego punktu końcowego.",
+    "httpDestAuthNoneTitle": "Brak uwierzytelniania",
+    "httpDestAuthNoneDescription": "Wysyła żądania bez nagłówka autoryzacji.",
+    "httpDestAuthBearerTitle": "Token Bearer",
+    "httpDestAuthBearerDescription": "Dodaje nagłówek Authorization: Bearer '<token>' do każdego żądania.",
+    "httpDestAuthBearerPlaceholder": "Twój klucz API lub token",
+    "httpDestAuthBasicTitle": "Podstawowa Autoryzacja",
+    "httpDestAuthBasicDescription": "Dodaje nagłówek Authorization: Basic '<credentials>'. Podaj poświadczenia w formacie użytkownik:hasło.",
+    "httpDestAuthBasicPlaceholder": "Nazwa użytkownika:hasło",
+    "httpDestAuthCustomTitle": "Niestandardowy nagłówek",
+    "httpDestAuthCustomDescription": "Określ niestandardową nazwę nagłówka HTTP i wartość dla uwierzytelniania (np. X-API-Key).",
+    "httpDestAuthCustomHeaderNamePlaceholder": "Nazwa nagłówka (np. klucz X-API)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "Wartość nagłówka",
+    "httpDestCustomHeadersTitle": "Niestandardowe nagłówki HTTP",
+    "httpDestCustomHeadersDescription": "Dodaj własne nagłówki do każdego wychodzącego żądania. Przydatne dla tokenów statycznych lub niestandardowego typu zawartości. Domyślnie Content-Type: aplikacja/json jest wysyłane.",
+    "httpDestNoHeadersConfigured": "Nie skonfigurowano nagłówków niestandardowych. Kliknij \"Dodaj nagłówek\", aby go dodać.",
+    "httpDestHeaderNamePlaceholder": "Nazwa nagłówka",
+    "httpDestHeaderValuePlaceholder": "Wartość",
+    "httpDestAddHeader": "Dodaj nagłówek",
+    "httpDestBodyTemplateTitle": "Własny szablon ciała",
+    "httpDestBodyTemplateDescription": "Kontroluj strukturę JSON wysyłaną do Twojego punktu końcowego. Jeśli wyłączone, dla każdego zdarzenia wysyłany jest domyślny obiekt JSON.",
+    "httpDestEnableBodyTemplate": "Włącz niestandardowy szablon ciała",
+    "httpDestBodyTemplateLabel": "Szablon ciała (JSON)",
+    "httpDestBodyTemplateHint": "Użyj zmiennych szablonu do odniesienia pól zdarzeń w twoim payloadzie.",
+    "httpDestPayloadFormatTitle": "Format obciążenia",
+    "httpDestPayloadFormatDescription": "Jak zdarzenia są serializowane w każdym organie żądania.",
+    "httpDestFormatJsonArrayTitle": "Tablica JSON",
+    "httpDestFormatJsonArrayDescription": "Jedna prośba na partię, treść jest tablicą JSON. Kompatybilna z najbardziej ogólnymi webhookami i Datadog.",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "Jedno żądanie na partię, ciałem jest plik JSON rozdzielony na newline-delimited - jeden obiekt na wiersz, bez tablicy zewnętrznej. Wymagane przez Splunk HEC, Elastic / OpenSesearch i Grafana Loki.",
+    "httpDestFormatSingleTitle": "Jedno wydarzenie na żądanie",
+    "httpDestFormatSingleDescription": "Wysyła oddzielny POST HTTP dla każdego zdarzenia. Użyj tylko dla punktów końcowych, które nie mogą obsługiwać partii.",
+    "httpDestLogTypesTitle": "Typy logów",
+    "httpDestLogTypesDescription": "Wybierz, które typy logów są przekazywane do tego miejsca docelowego. Tylko włączone typy logów będą strumieniowane.",
+    "httpDestAccessLogsTitle": "Logi dostępu",
+    "httpDestAccessLogsDescription": "Próby dostępu do zasobów, w tym uwierzytelnione i odrzucone żądania.",
+    "httpDestActionLogsTitle": "Dzienniki działań",
+    "httpDestActionLogsDescription": "Działania administracyjne wykonywane przez użytkowników w organizacji.",
+    "httpDestConnectionLogsTitle": "Dzienniki połączeń",
+    "httpDestConnectionLogsDescription": "Zdarzenia związane z miejscem i tunelem, w tym połączenia i rozłączenia.",
+    "httpDestRequestLogsTitle": "Dzienniki żądań HTTP",
+    "httpDestRequestLogsDescription": "Logi żądań HTTP dla zasobów proxy, w tym metody, ścieżki i kodu odpowiedzi.",
+    "httpDestSaveChanges": "Zapisz zmiany",
+    "httpDestCreateDestination": "Utwórz cel",
+    "httpDestUpdatedSuccess": "Cel został pomyślnie zaktualizowany",
+    "httpDestCreatedSuccess": "Cel został utworzony pomyślnie",
+    "httpDestUpdateFailed": "Nie udało się zaktualizować miejsca docelowego",
+    "httpDestCreateFailed": "Nie udało się utworzyć miejsca docelowego",
+    "followRedirects": "Podążaj za przekierowaniami",
+    "followRedirectsDescription": "Automatycznie podążaj za przekierowaniami HTTP dla żądań.",
+    "alertingErrorWebhookUrl": "Proszę wprowadzić poprawny URL dla web hooka.",
+    "healthCheckStrategyHttp": "Weryfikuje łączność i sprawdza status odpowiedzi HTTP.",
+    "healthCheckStrategyTcp": "Weryfikuje wyłącznie łączność TCP, bez sprawdzania odpowiedzi.",
+    "healthCheckStrategySnmp": "Wykonuje żądanie SNMP get w celu sprawdzenia stanu urządzeń sieciowych i infrastruktury.",
+    "healthCheckStrategyIcmp": "Używa żądań ICMP echo (pingów), aby sprawdzić, czy zasób jest dostępny i reagujący.",
+    "healthCheckTabStrategy": "Strategia",
+    "healthCheckTabConnection": "Łączenie",
+    "healthCheckTabAdvanced": "Zaawansowane",
+    "healthCheckStrategyNotAvailable": "Strategia ta nie jest dostępna. Skontaktuj się z działem sprzedaży, aby włączyć tę funkcję.",
+    "uptime30d": "Czas działania (30d)",
+    "idpAddActionCreateNew": "Utwórz nowego dostawcę tożsamości",
+    "idpAddActionImportFromOrg": "Importuj z innej organizacji",
+    "idpImportDialogTitle": "Importuj dostawcę tożsamości",
+    "idpImportDialogDescription": "Wybierz dostawcę tożsamości z organizacji, w której jesteś administratorem. Zostanie on powiązany z tą organizacją.",
+    "idpImportSearchPlaceholder": "Szukaj według nazwy organizacji lub dostawcy...",
+    "idpImportEmpty": "Nie znaleziono dostawców tożsamości.",
+    "idpImportedDescription": "Dostawca tożsamości został pomyślnie zaimportowany.",
+    "idpDeleteGlobalQuestion": "Czy na pewno chcesz trwale usunąć tego dostawcę tożsamości?",
+    "idpDeleteGlobalDescription": "Spowoduje to trwałe usunięcie dostawcy tożsamości ze wszystkich organizacji, z którymi jest powiązany.",
+    "idpUnassociateTitle": "Odłącz dostawcę tożsamości",
+    "idpUnassociateQuestion": "Czy na pewno chcesz odłączyć tego dostawcę tożsamości od tej organizacji?",
+    "idpUnassociateDescription": "Wszystkie użytkownicy powiązani z tym dostawcą tożsamości zostaną usunięci z tej organizacji, ale dostawca tożsamości będzie nadal istniał dla innych powiązanych organizacji.",
+    "idpUnassociateConfirm": "Potwierdź odłączenie dostawcy tożsamości",
+    "idpUnassociateWarning": "Tego nie można cofnąć dla tej organizacji.",
+    "idpUnassociatedDescription": "Dostawca tożsamości pomyślnie odłączony od tej organizacji",
+    "idpUnassociateMenu": "Odłącz",
+    "idpDeleteAllOrgsMenu": "Usuń",
+    "publicIpEndpoint": "Koniec punktu pracy",
+    "lastTriggeredAt": "Ostatnie Wyzwolenie",
+    "reject": "Odrzuć",
+    "uptimeDaysAgo": "{count} dni temu",
+    "uptimeToday": "Dzisiaj",
+    "uptimeNoDataAvailable": "Brak danych dostępnych",
+    "uptimeSuffix": "czas pracy",
+    "uptimeDowntimeSuffix": "czas przestoju",
+    "uptimeTooltipUptimeLabel": "Czas pracy",
+    "uptimeTooltipDowntimeLabel": "Czas przestoju",
+    "uptimeOngoing": "w toku",
+    "uptimeNoMonitoringData": "Brak danych monitorowania",
+    "uptimeNoData": "Brak danych",
+    "uptimeMiniBarDown": "Nieaktywny",
+    "uptimeSectionTitle": "Czas pracy",
+    "uptimeSectionDescription": "Dostępność za ostatnie {days} dni",
+    "uptimeAddAlert": "Dodaj Alert",
+    "uptimeViewAlerts": "Zobacz Alerty",
+    "uptimeCreateEmailAlert": "Utwórz Alert Email",
+    "uptimeAlertDescriptionSite": "Otrzymuj powiadomienia e-mail, gdy ta strona jest offline lub wraca online.",
+    "uptimeAlertDescriptionResource": "Otrzymuj powiadomienia e-mail, gdy to zasób jest offline lub wraca online.",
+    "uptimeAlertNamePlaceholder": "Nazwa alertu",
+    "uptimeAdditionalEmails": "Dodatkowe adresy e-mail",
+    "uptimeCreateAlert": "Utwórz Alert",
+    "uptimeAlertNoRecipients": "Brak odbiorców",
+    "uptimeAlertNoRecipientsDescription": "Proszę dodać przynajmniej jednego użytkownika, rolę lub adres email do powiadomienia.",
+    "uptimeAlertCreated": "Alert utworzony",
+    "uptimeAlertCreatedDescription": "Zostaniesz powiadomiony, gdy status się zmieni.",
+    "uptimeAlertCreateFailed": "Nie udało się utworzyć alertu",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "Klucz",
+    "webhookHeaderValuePlaceholder": "Wartość",
+    "alertLabel": "Alert",
+    "domainPickerWildcardSubdomainNotAllowed": "Uniwersalne subdomeny nie są dozwolone.",
+    "domainPickerWildcardCertWarning": "Uniwersalne zasoby mogą wymagać dodatkowej konfiguracji, aby działać poprawnie.",
+    "domainPickerWildcardCertWarningLink": "Dowiedz się więcej",
+    "health": "Zdrowie",
+    "domainPendingErrorTitle": "Problem z weryfikacją",
+    "memberPortalTitle": "Zasoby",
+    "memberPortalDescription": "Zasoby, do których masz dostęp w tej organizacji",
+    "memberPortalSortBy": "Sortuj według...",
+    "memberPortalSortNameAsc": "Nazwa A-Z",
+    "memberPortalSortNameDesc": "Nazwa Z-A",
+    "memberPortalSortDomainAsc": "Domena A-Z",
+    "memberPortalSortDomainDesc": "Domena Z-A",
+    "memberPortalSortEnabledFirst": "Włączone najpierw",
+    "memberPortalSortDisabledFirst": "Wyłączone najpierw",
+    "memberPortalRefresh": "Odśwież",
+    "memberPortalRefreshResources": "Odśwież zasoby",
+    "memberPortalFailedToLoad": "Nie udało się załadować zasobów",
+    "memberPortalFailedToLoadDescription": "Nie udało się załadować zasobów. Sprawdź połączenie i spróbuj ponownie.",
+    "memberPortalUnableToLoad": "Nie można załadować zasobów",
+    "memberPortalTryAgain": "Spróbuj ponownie",
+    "memberPortalNoResourcesFound": "Nie znaleziono zasobów",
+    "memberPortalNoResourcesAvailable": "Brak dostępnych zasobów",
+    "memberPortalNoResourcesMatchSearch": "Żadne zasoby nie pasują do „{query}”. Spróbuj dostosować swoje warunki wyszukiwania lub wyczyść wyszukiwanie, aby zobaczyć wszystkie zasoby.",
+    "memberPortalNoResourcesAccess": "Nie masz jeszcze dostępu do żadnych zasobów. Skontaktuj się z administratorem, aby uzyskać dostęp do potrzebnych zasobów.",
+    "memberPortalClearSearch": "Wyczyść wyszukiwanie",
+    "memberPortalPublicResources": "Publiczne zasoby",
+    "memberPortalPublicResourcesDescription": "Aplikacje i usługi internetowe dostępne za pośrednictwem przeglądarki",
+    "memberPortalCopiedToClipboard": "Skopiowano do schowka",
+    "memberPortalCopiedUrlDescription": "URL zasobu został skopiowany do schowka.",
+    "memberPortalOpenResource": "Otwórz zasób",
+    "memberPortalPrivateResources": "Prywatne zasoby",
+    "memberPortalPrivateResourcesDescription": "Zasoby sieci wewnętrznej dostępne za pośrednictwem klienta",
+    "memberPortalResourceDetails": "Szczegóły zasobu",
+    "memberPortalMode": "Tryb",
+    "memberPortalDestination": "Miejsce docelowe",
+    "memberPortalAlias": "Pseudonim",
+    "memberPortalCopiedAliasDescription": "Alias zasobu został skopiowany do schowka.",
+    "memberPortalCopiedDestinationDescription": "Miejsce docelowe zasobu zostało skopiowane do schowka.",
+    "memberPortalRequiresClientConnection": "Wymaga połączenia z klientem",
+    "memberPortalAuthMethods": "Metody uwierzytelniania",
+    "memberPortalSso": "Jednorazowe logowanie (SSO)",
+    "memberPortalPasswordProtected": "Chronione hasłem",
+    "memberPortalPinCode": "Kod PIN",
+    "memberPortalEmailWhitelist": "Biała lista e-mail",
+    "memberPortalResourceDisabled": "Zasób wyłączony",
+    "memberPortalShowingResources": "Wyświetlanie zasobów od {start} do {end} z {total}",
+    "memberPortalPrevious": "Poprzedni",
+    "memberPortalNext": "Następny"
 }
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -1,4 +1,8 @@
 {
+    "contactSalesEnable": "联系销售以启用此功能。",
+    "contactSalesBookDemo": "预订演示",
+    "contactSalesOr": "或",
+    "contactSalesContactUs": "联系我们",
    "setupCreate": "创建组织、站点和资源",
    "headerAuthCompatibilityInfo": "启用此功能以在身份验证令牌缺失时强制返回401未授权响应。对于不在没有服务器挑战的情况下不发送凭证的浏览器或特定HTTP库，这是必需的。",
    "headerAuthCompatibility": "扩展兼容性",
@@ -19,6 +23,18 @@
    "componentsInvalidKey": "检测到无效或过期的许可证密钥。按照许可证条款操作以继续使用所有功能。",
    "dismiss": "忽略",
    "subscriptionViolationMessage": "您的当前计划超出了您的限制。通过移除站点、用户或其他资源以保持在您的计划范围内来纠正问题。",
+    "trialBannerMessage": "您的试用将在 {countdown} 到期。升级以保持访问。",
+    "trialBannerExpired": "您的试用已到期。立即升级以恢复访问。",
+    "billingTrialBannerTitle": "免费试用激活中",
+    "billingTrialBannerDescription": "您目前正在商用层进行免费试用。试用结束后，您的账户将自动回到基础层功能和限制。可随时升级以保持当前计划的功能访问。",
+    "billingTrialBannerUpgrade": "立即升级",
+    "billingTrialBadge": "免费试用",
+    "trialActive": "免费试用中",
+    "trialExpired": "试用到期",
+    "trialHasEnded": "您的试用已结束。",
+    "trialDaysRemaining": "{count, plural, one {# day remaining} other {# days remaining}}",
+    "trialDaysLeftShort": "试用期剩余 {days} 天",
+    "trialGoToBilling": "转到账单页面",
    "subscriptionViolationViewBilling": "查看计费",
    "componentsLicenseViolation": "许可证超限：该服务器使用了 {usedSites} 个站点，已超过授权的 {maxSites} 个。请遵守许可证条款以继续使用全部功能。",
    "componentsSupporterMessage": "感谢您的支持！您现在是 Pangolin 的 {tier} 用户。",
@@ -81,6 +97,8 @@
    "siteConfirmCopy": "我已经复制了配置信息",
    "searchSitesProgress": "搜索站点...",
    "siteAdd": "添加站点",
+    "sitesTableViewPublicResources": "查看公共资源",
+    "sitesTableViewPrivateResources": "查看私有资源",
    "siteInstallNewt": "安装 Newt",
    "siteInstallNewtDescription": "在您的系统中运行 Newt",
    "WgConfiguration": "WireGuard 配置",
@@ -98,6 +116,21 @@
    "siteUpdatedDescription": "网站已更新。",
    "siteGeneralDescription": "配置此站点的常规设置",
    "siteSettingDescription": "配置站点设置",
+    "siteResourcesTab": "资源",
+    "siteResourcesNoneOnSite": "此站点尚无公开或私人资源。",
+    "siteResourcesSectionPublic": "公共资源",
+    "siteResourcesSectionPrivate": "私有资源",
+    "siteResourcesSectionPublicDescription": "通过域名或端口公开的资源。",
+    "siteResourcesSectionPrivateDescription": "通过站点可在您的私有网络上访问的资源。",
+    "siteResourcesViewAllPublic": "查看所有资源",
+    "siteResourcesViewAllPrivate": "查看所有资源",
+    "siteResourcesDialogDescription": "此站点的公开和私有资源概览。",
+    "siteResourcesShowMore": "显示更多",
+    "siteResourcesPermissionDenied": "您无权列出这些资源。",
+    "siteResourcesEmptyPublic": "尚无针对该站点的公共资源。",
+    "siteResourcesEmptyPrivate": "尚无与此站点关联的私有资源。",
+    "siteResourcesHowToAccess": "如何访问",
+    "siteResourcesTargetsOnSite": "此站点上的目标",
    "siteSetting": "{siteName} 设置",
    "siteNewtTunnel": "新站点 (推荐)",
    "siteNewtTunnelDescription": "最简单的方式来创建任何网络的入口。没有额外的设置。",
@@ -148,6 +181,11 @@
    "createLink": "创建链接",
    "resourcesNotFound": "找不到资源",
    "resourceSearch": "搜索资源",
+    "machineSearch": "搜索机",
+    "machinesSearch": "搜索机器客户端...",
+    "machineNotFound": "未找到任何机",
+    "userDeviceSearch": "搜索用户设备",
+    "userDevicesSearch": "搜索用户设备...",
    "openMenu": "打开菜单",
    "resource": "资源",
    "title": "标题",
@@ -175,6 +213,7 @@
    "resourceHTTPDescription": "通过使用完全限定的域名的HTTPS代理请求。",
    "resourceRaw": "TCP/UDP 资源",
    "resourceRawDescription": "通过使用端口号的原始TCP/UDP代理请求。",
+    "resourceRawDescriptionCloud": "正在使用端口号使用 TCP/UDP 代理请求。需要站点连接到远程节点。",
    "resourceCreate": "创建资源",
    "resourceCreateDescription": "按照下面的步骤创建新资源",
    "resourceSeeAll": "查看所有资源",
@@ -261,8 +300,11 @@
    "orgMissing": "缺少组织 ID",
    "orgMissingMessage": "没有组织ID，无法重新生成邀请。",
    "accessUsersManage": "管理用户",
+    "accessUserManage": "管理用户",
    "accessUsersDescription": "邀请和管理访问此组织的用户",
    "accessUsersSearch": "搜索用户...",
+    "accessUsersRoleFilterCount": "{count, plural, one {# role} other {# roles}}",
+    "accessUsersRoleFilterClear": "清除角色过滤器",
    "accessUserCreate": "创建用户",
    "accessUserRemove": "删除用户",
    "username": "用户名",
@@ -322,6 +364,54 @@
    "apiKeysDelete": "删除 API 密钥",
    "apiKeysManage": "管理 API 密钥",
    "apiKeysDescription": "API 密钥用于认证集成 API",
+    "provisioningKeysTitle": "置备密钥",
+    "provisioningKeysManage": "管理置备键",
+    "provisioningKeysDescription": "置备密钥用于验证您组织的自动站点配置。",
+    "provisioningManage": "置备中",
+    "provisioningDescription": "管理预配键和审查等待批准的站点。",
+    "pendingSites": "待定站点",
+    "siteApproveSuccess": "站点批准成功",
+    "siteApproveError": "批准站点出错",
+    "provisioningKeys": "置备键",
+    "searchProvisioningKeys": "搜索配备密钥...",
+    "provisioningKeysAdd": "生成置备键",
+    "provisioningKeysErrorDelete": "删除预配键时出错",
+    "provisioningKeysErrorDeleteMessage": "删除预配键时出错",
+    "provisioningKeysQuestionRemove": "您确定要从组织中删除此预配键吗？",
+    "provisioningKeysMessageRemove": "一旦移除，密钥不能再用于站点预配。",
+    "provisioningKeysDeleteConfirm": "确认删除置备键",
+    "provisioningKeysDelete": "删除置备键",
+    "provisioningKeysCreate": "生成置备键",
+    "provisioningKeysCreateDescription": "为组织生成一个新的预置密钥",
+    "provisioningKeysSeeAll": "查看所有预配键",
+    "provisioningKeysSave": "保存预配键",
+    "provisioningKeysSaveDescription": "您只能看到一次。复制它到一个安全的地方。",
+    "provisioningKeysErrorCreate": "创建预配键时出错",
+    "provisioningKeysList": "新建预配键",
+    "provisioningKeysMaxBatchSize": "最大批量大小",
+    "provisioningKeysUnlimitedBatchSize": "无限批量大小(无限制)",
+    "provisioningKeysMaxBatchUnlimited": "无限制",
+    "provisioningKeysMaxBatchSizeInvalid": "输入一个有效的最大批处理大小(1-1,000,000)。",
+    "provisioningKeysValidUntil": "有效期至",
+    "provisioningKeysValidUntilHint": "留空为无过期。",
+    "provisioningKeysValidUntilInvalid": "输入一个有效的日期和时间。",
+    "provisioningKeysNumUsed": "使用的时间",
+    "provisioningKeysLastUsed": "上次使用",
+    "provisioningKeysNoExpiry": "没有过期",
+    "provisioningKeysNeverUsed": "永不过期",
+    "provisioningKeysEdit": "编辑置备键",
+    "provisioningKeysEditDescription": "更新此密钥的最大批量大小和过期时间。",
+    "provisioningKeysApproveNewSites": "批准新站点",
+    "provisioningKeysApproveNewSitesDescription": "自动批准使用此密钥注册的站点。",
+    "provisioningKeysUpdateError": "更新预配键时出错",
+    "provisioningKeysUpdated": "置备密钥已更新",
+    "provisioningKeysUpdatedDescription": "您的更改已保存。",
+    "provisioningKeysBannerTitle": "站点置备密钥",
+    "provisioningKeysBannerDescription": "生成一个供应密钥，并将其与 Newt 连接器一起使用，以在首次启动时自动创建站点 - 无需为每个站点设置单独的凭据。",
+    "provisioningKeysBannerButtonText": "了解更多",
+    "pendingSitesBannerTitle": "待定站点",
+    "pendingSitesBannerDescription": "使用供应密钥连接的站点将在此显示以供审核。",
+    "pendingSitesBannerButtonText": "了解更多",
    "apiKeysSettings": "{apiKeyName} 设置",
    "userTitle": "管理所有用户",
    "userDescription": "查看和管理系统中的所有用户",
@@ -351,6 +441,10 @@
    "licenseErrorKeyActivate": "激活许可证密钥失败",
    "licenseErrorKeyActivateDescription": "激活许可证密钥时出错。",
    "licenseAbout": "关于许可协议",
+    "licenseBannerTitle": "启用您的企业许可证",
+    "licenseBannerDescription": "为您自行托管的Pangolin实例解锁企业功能。购买许可证密钥以激活高级功能，然后在下方添加。",
+    "licenseBannerGetLicense": "获取许可证",
+    "licenseBannerViewDocs": "查看文档",
    "communityEdition": "社区版",
    "licenseAboutDescription": "这是针对商业环境中使用Pangolin的商业和企业用户。 如果您正在使用 Pangolin 供个人使用，您可以忽略此部分。",
    "licenseKeyActivated": "授权密钥已激活",
@@ -508,9 +602,12 @@
    "userSaved": "用户已保存",
    "userSavedDescription": "用户已更新。",
    "autoProvisioned": "自动设置",
+    "autoProvisionSettings": "自动提供设置",
    "autoProvisionedDescription": "允许此用户由身份提供商自动管理",
    "accessControlsDescription": "管理此用户在组织中可以访问和做什么",
    "accessControlsSubmit": "保存访问控制",
+    "singleRolePerUserPlanNotice": "您的计划仅支持每个用户一个角色。",
+    "singleRolePerUserEditionNotice": "此版本仅支持每个用户一个角色。",
    "roles": "角色",
    "accessUsersRoles": "管理用户和角色",
    "accessUsersRolesDescription": "邀请用户加入角色来管理访问组织",
@@ -567,6 +664,8 @@
    "targetErrorInvalidPortDescription": "请输入有效的端口号",
    "targetErrorNoSite": "没有选择站点",
    "targetErrorNoSiteDescription": "请选择目标站点",
+    "targetTargetsCleared": "目标已清除",
+    "targetTargetsClearedDescription": "所有目标已从此资源中移除",
    "targetCreated": "目标已创建",
    "targetCreatedDescription": "目标已成功创建",
    "targetErrorCreate": "创建目标失败",
@@ -650,6 +749,7 @@
    "resourcesErrorUpdate": "切换资源失败",
    "resourcesErrorUpdateDescription": "更新资源时出错",
    "access": "访问权限",
+    "accessControl": "访问控制",
    "shareLink": "{resource} 的分享链接",
    "resourceSelect": "选择资源",
    "shareLinks": "分享链接",
@@ -667,6 +767,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "密钥",
+    "newtVersion": "版本",
    "architecture": "架构",
    "sites": "站点",
    "siteWgAnyClients": "使用任何 WireGuard 客户端连接。您必须使用对等IP解决内部资源问题。",
@@ -790,6 +891,7 @@
    "accessRoleRemoved": "角色已删除",
    "accessRoleRemovedDescription": "角色已成功删除。",
    "accessRoleRequiredRemove": "删除此角色之前，请选择一个新角色来转移现有成员。",
+    "network": "网络",
    "manage": "管理",
    "sitesNotFound": "未找到站点。",
    "pangolinServerAdmin": "服务器管理员 - Pangolin",
@@ -833,6 +935,7 @@
    "idpDisplayName": "此身份提供商的显示名称",
    "idpAutoProvisionUsers": "自动提供用户",
    "idpAutoProvisionUsersDescription": "如果启用，用户将在首次登录时自动在系统中创建，并且能够映射用户到角色和组织。",
+    "idpAutoProvisionConfigureAfterCreate": "您可以在创建身份提供者后配置自动配置设置。",
    "licenseBadge": "EE",
    "idpType": "提供者类型",
    "idpTypeDescription": "选择您想要配置的身份提供者类型",
@@ -884,7 +987,7 @@
    "defaultMappingsRole": "默认角色映射",
    "defaultMappingsRoleDescription": "此表达式的结果必须返回组织中定义的角色名称作为字符串。",
    "defaultMappingsOrg": "默认组织映射",
-    "defaultMappingsOrgDescription": "此表达式必须返回 组织ID 或 true 才能允许用户访问组织。",
+    "defaultMappingsOrgDescription": "设置时，此表达式必须返回组织ID或true才能让用户访问该组织。如果未设置，定义角色映射就足够了：只要在组织内可以为用户找出有效角色映射，用户就被允许进入。",
    "defaultMappingsSubmit": "保存默认映射",
    "orgPoliciesEdit": "编辑组织策略",
    "org": "组织",
@@ -1037,7 +1140,6 @@
    "pageNotFoundDescription": "哎呀！您正在查找的页面不存在。",
    "overview": "概览",
    "home": "首页",
-    "accessControl": "访问控制",
    "settings": "设置",
    "usersAll": "所有用户",
    "license": "许可协议",
@@ -1100,6 +1202,12 @@
    "actionGetUser": "获取用户",
    "actionGetOrgUser": "获取组织用户",
    "actionListOrgDomains": "列出组织域",
+    "actionGetDomain": "获取域",
+    "actionCreateOrgDomain": "创建域",
+    "actionUpdateOrgDomain": "更新域",
+    "actionDeleteOrgDomain": "删除域",
+    "actionGetDNSRecords": "获取 DNS 记录",
+    "actionRestartOrgDomain": "重新启动域",
    "actionCreateSite": "创建站点",
    "actionDeleteSite": "删除站点",
    "actionGetSite": "获取站点",
@@ -1111,6 +1219,7 @@
    "setupTokenDescription": "从服务器控制台输入设置令牌。",
    "setupTokenRequired": "需要设置令牌",
    "actionUpdateSite": "更新站点",
+    "actionResetSiteBandwidth": "重置组织带宽",
    "actionListSiteRoles": "允许站点角色列表",
    "actionCreateResource": "创建资源",
    "actionDeleteResource": "删除资源",
@@ -1140,6 +1249,7 @@
    "actionRemoveUser": "删除用户",
    "actionListUsers": "列出用户",
    "actionAddUserRole": "添加用户角色",
+    "actionSetUserOrgRoles": "设置用户角色",
    "actionGenerateAccessToken": "生成访问令牌",
    "actionDeleteAccessToken": "删除访问令牌",
    "actionListAccessTokens": "访问令牌",
@@ -1184,6 +1294,7 @@
    "actionViewLogs": "查看日志",
    "noneSelected": "未选择",
    "orgNotFound2": "未找到组织。",
+    "search": "搜索…",
    "searchPlaceholder": "搜索...",
    "emptySearchOptions": "未找到选项",
    "create": "创建",
@@ -1249,12 +1360,14 @@
    "sidebarClientResources": "非公开的",
    "sidebarAccessControl": "访问控制",
    "sidebarLogsAndAnalytics": "日志与分析",
+    "sidebarTeam": "团队",
    "sidebarUsers": "用户",
    "sidebarAdmin": "管理员",
    "sidebarInvitations": "邀请",
    "sidebarRoles": "角色",
    "sidebarShareableLinks": "链接",
    "sidebarApiKeys": "API密钥",
+    "sidebarProvisioning": "置备中",
    "sidebarSettings": "设置",
    "sidebarAllUsers": "所有用户",
    "sidebarIdentityProviders": "身份提供商",
@@ -1266,9 +1379,167 @@
    "sidebarGeneral": "管理",
    "sidebarLogAndAnalytics": "日志与分析",
    "sidebarBluePrints": "蓝图",
+    "sidebarAlerting": "告警",
+    "sidebarHealthChecks": "健康检查",
    "sidebarOrganization": "组织",
+    "sidebarManagement": "管理",
    "sidebarBillingAndLicenses": "帐单和许可证",
    "sidebarLogsAnalytics": "分析",
+    "alertingTitle": "告警",
+    "alertingDescription": "定义通知的来源、触发器和操作",
+    "alertingRules": "告警规则",
+    "alertingSearchRules": "搜索规则…",
+    "alertingAddRule": "创建规则",
+    "alertingColumnSource": "来源",
+    "alertingColumnTrigger": "触发",
+    "alertingColumnActions": "操作",
+    "alertingColumnEnabled": "已启用",
+    "alertingDeleteQuestion": "请确认您要删除此告警规则。",
+    "alertingDeleteRule": "删除告警规则",
+    "alertingRuleDeleted": "告警规则已删除",
+    "alertingRuleSaved": "告警规则已保存",
+    "alertingRuleSavedCreatedDescription": "您的新告警规则已创建。您可以在此页面继续编辑它。",
+    "alertingRuleSavedUpdatedDescription": "对此告警规则的更改已保存。",
+    "alertingEditRule": "编辑告警规则",
+    "alertingCreateRule": "创建告警规则",
+    "alertingRuleCredenzaDescription": "选择要监视的内容、何时触发以及如何通知",
+    "alertingRuleNamePlaceholder": "生产站点故障",
+    "alertingRuleEnabled": "规则已启用",
+    "alertingSectionSource": "来源",
+    "alertingSourceType": "来源类型",
+    "alertingSourceSite": "站点",
+    "alertingSourceHealthCheck": "健康检查",
+    "alertingPickSites": "站点",
+    "alertingPickHealthChecks": "健康检查",
+    "alertingPickResources": "资源",
+    "alertingAllSites": "所有站点",
+    "alertingAllSitesDescription": "任何站点的告警触发",
+    "alertingSpecificSites": "特定站点",
+    "alertingSpecificSitesDescription": "选择要监视的特定站点",
+    "alertingAllHealthChecks": "所有健康检查",
+    "alertingAllHealthChecksDescription": "任何健康检查的告警触发",
+    "alertingSpecificHealthChecks": "特定健康检查",
+    "alertingSpecificHealthChecksDescription": "选择要监视的特定健康检查",
+    "alertingAllResources": "所有资源",
+    "alertingAllResourcesDescription": "任何资源的告警触发",
+    "alertingSpecificResources": "特定资源",
+    "alertingSpecificResourcesDescription": "选择要监视的特定资源",
+    "alertingSelectResources": "选择资源…",
+    "alertingResourcesSelected": "{count} 个资源已选择",
+    "alertingResourcesEmpty": "在前 10 个结果中没有带目标的资源。",
+    "alertingSectionTrigger": "触发",
+    "alertingTrigger": "何时告警",
+    "alertingTriggerSiteOnline": "站点在线",
+    "alertingTriggerSiteOffline": "站点离线",
+    "alertingTriggerSiteToggle": "站点状态变更",
+    "alertingTriggerHcHealthy": "健康检查正常",
+    "alertingTriggerHcUnhealthy": "健康检查不正常",
+    "alertingTriggerHcToggle": "健康检查状态变更",
+    "alertingTriggerResourceHealthy": "资源正常",
+    "alertingTriggerResourceUnhealthy": "资源不正常",
+    "alertingTriggerResourceDegraded": "资源降级",
+    "alertingSearchHealthChecks": "搜索健康检查…",
+    "alertingHealthChecksEmpty": "无可用健康检查。",
+    "alertingTriggerResourceToggle": "资源状态变更",
+    "alertingSourceResource": "资源",
+    "alertingSectionActions": "操作",
+    "alertingAddAction": "新增操作",
+    "alertingActionNotify": "电子邮件",
+    "alertingActionNotifyDescription": "向用户或角色发送电子邮件通知",
+    "alertingActionWebhook": "Webhook",
+    "alertingActionWebhookDescription": "发送 HTTP 请求到自定义终端",
+    "alertingExternalIntegration": "外部集成",
+    "alertingExternalPagerDutyDescription": "将告警发送给 PagerDuty 以进行事件管理",
+    "alertingExternalOpsgenieDescription": "将告警路由到 Opsgenie 进行电话值班管理",
+    "alertingExternalServiceNowDescription": "从告警事件创建 ServiceNow 事件",
+    "alertingExternalIncidentIoDescription": "从告警事件触发 Incident.io 工作流程",
+    "alertingActionType": "操作类型",
+    "alertingNotifyUsers": "用户",
+    "alertingNotifyRoles": "角色",
+    "alertingNotifyEmails": "电子邮件地址",
+    "alertingEmailPlaceholder": "添加电子邮件并按回车键",
+    "alertingWebhookMethod": "HTTP 方法",
+    "alertingWebhookSecret": "签名密钥（可选）",
+    "alertingWebhookSecretPlaceholder": "HMAC 密钥",
+    "alertingWebhookHeaders": "标头",
+    "alertingAddHeader": "添加标头",
+    "alertingSelectSites": "选择站点…",
+    "alertingSitesSelected": "{count} 个站点已选择",
+    "alertingSelectHealthChecks": "选择健康检查…",
+    "alertingHealthChecksSelected": "{count} 个健康检查已选择",
+    "alertingNoHealthChecks": "没有启用健康检查的目标",
+    "alertingHealthCheckStub": "健康检查来源选择尚未配置 - 你仍然可以配置触发器和操作。",
+    "alertingSelectUsers": "选择用户…",
+    "alertingUsersSelected": "{count} 个用户已选择",
+    "alertingSelectRoles": "选择角色…",
+    "alertingRolesSelected": "{count} 个角色已选择",
+    "alertingSummarySites": "站点 ({count})",
+    "alertingSummaryAllSites": "所有站点",
+    "alertingSummaryHealthChecks": "健康检查 ({count})",
+    "alertingSummaryAllHealthChecks": "所有健康检查",
+    "alertingSummaryResources": "资源 ({count})",
+    "alertingSummaryAllResources": "所有资源",
+    "alertingErrorNameRequired": "输入名称",
+    "alertingErrorActionsMin": "添加至少一个操作",
+    "alertingErrorPickSites": "至少选择一个站点",
+    "alertingErrorPickHealthChecks": "至少选择一个健康检查",
+    "alertingErrorPickResources": "至少选择一个资源",
+    "alertingErrorTriggerSite": "选择站点触发器",
+    "alertingErrorTriggerHealth": "选择健康检查触发器",
+    "alertingErrorTriggerResource": "选择资源触发器",
+    "alertingErrorNotifyRecipients": "选择用户、角色或至少一个电子邮件",
+    "alertingConfigureSource": "配置来源",
+    "alertingConfigureTrigger": "配置触发器",
+    "alertingConfigureActions": "配置操作",
+    "alertingBackToRules": "返回规则",
+    "alertingRuleCooldown": "冷却时间（秒）",
+    "alertingRuleCooldownDescription": "相同规则间隔重复告警的最小时间。设置为 0 固定触发。",
+    "alertingDraftBadge": "草稿 - 保存以存储此规则",
+    "alertingSidebarHint": "点击画布上的步骤在此处编辑。",
+    "alertingGraphCanvasTitle": "规则流程",
+    "alertingGraphCanvasDescription": "源、触发器和操作的视觉概况。选择一个节点，在面板上进行编辑。",
+    "alertingNodeNotConfigured": "尚未配置",
+    "alertingNodeActionsCount": "{count, plural, one {# action} other {# actions}}",
+    "alertingNodeRoleSource": "来源",
+    "alertingNodeRoleTrigger": "触发",
+    "alertingNodeRoleAction": "行为",
+    "alertingTabRules": "告警规则",
+    "alertingTabHealthChecks": "健康检查",
+    "alertingRulesBannerTitle": "获取通知",
+    "alertingRulesBannerDescription": "每条规则都连接要监视的对象（站点、健康检查或资源），触发时间（例如离线或不健康），以及如何通过电子邮件、Webhooks 或集成将通知发送给团队。使用此列表创建、启用和管理这些规则。",
+    "alertingHealthChecksBannerTitle": "监视健康和资源",
+    "alertingHealthChecksBannerDescription": "健康检查是您一次定义的 HTTP 或 TCP 监控。然后可以将它们用作告警规则中的来源，以便目标变得正常或不正常时得到通知。资源上的健康检查也会出现在此处。",
+    "standaloneHcTableTitle": "健康检查",
+    "standaloneHcSearchPlaceholder": "搜索健康检查…",
+    "standaloneHcAddButton": "创建健康检查",
+    "standaloneHcCreateTitle": "创建健康检查",
+    "standaloneHcEditTitle": "编辑健康检查",
+    "standaloneHcDescription": "配置 HTTP 或 TCP 健康检查以用于告警规则。",
+    "standaloneHcNameLabel": "名称",
+    "standaloneHcNamePlaceholder": "我的 HTTP 监视器",
+    "standaloneHcDeleteTitle": "删除健康检查",
+    "standaloneHcDeleteQuestion": "请确认您要删除此健康检查。",
+    "standaloneHcDeleted": "健康检查已删除",
+    "standaloneHcSaved": "健康检查已保存",
+    "standaloneHcColumnHealth": "健康",
+    "standaloneHcColumnMode": "模式",
+    "standaloneHcColumnTarget": "目标",
+    "standaloneHcHealthStateHealthy": "健康",
+    "standaloneHcHealthStateUnhealthy": "不健康",
+    "standaloneHcHealthStateUnknown": "未知",
+    "standaloneHcFilterAnySite": "所有站点",
+    "standaloneHcFilterAnyResource": "所有资源",
+    "standaloneHcFilterMode": "模式",
+    "standaloneHcFilterModeHttp": "HTTP",
+    "standaloneHcFilterModeTcp": "TCP",
+    "standaloneHcFilterModeSnmp": "SNMP",
+    "standaloneHcFilterModePing": "Ping",
+    "standaloneHcFilterHealth": "健康",
+    "standaloneHcFilterEnabled": "已启用",
+    "standaloneHcFilterEnabledOn": "已启用",
+    "standaloneHcFilterEnabledOff": "已禁用",
+    "standaloneHcFilterSiteIdFallback": "站点 {id}",
+    "standaloneHcFilterResourceIdFallback": "资源 {id}",
    "blueprints": "蓝图",
    "blueprintsDescription": "应用声明配置并查看先前运行的",
    "blueprintAdd": "添加蓝图",
@@ -1289,7 +1560,6 @@
    "parsedContents": "解析内容 (只读)",
    "enableDockerSocket": "启用 Docker 蓝图",
    "enableDockerSocketDescription": "启用 Docker Socket 标签擦除蓝图标签。套接字路径必须提供给新的。",
-    "enableDockerSocketLink": "了解更多",
    "viewDockerContainers": "查看停靠容器",
    "containersIn": "{siteName} 中的容器",
    "selectContainerDescription": "选择任何容器作为目标的主机名。点击端口使用端口。",
@@ -1331,7 +1601,8 @@
    "initialSetupDescription": "创建初始服务器管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
    "createAdminAccount": "创建管理员帐户",
    "setupErrorCreateAdmin": "创建服务器管理员账户时发生错误。",
-    "certificateStatus": "证书状态",
+    "certificateStatus": "证书",
+    "certificateStatusAutoRefreshHint": "状态自动刷新。",
    "loading": "加载中",
    "loadingAnalytics": "加载分析",
    "restart": "重启",
@@ -1400,6 +1671,7 @@
    "pangolinUpdateAvailableReleaseNotes": "查看发布说明",
    "newtUpdateAvailable": "更新可用",
    "newtUpdateAvailableInfo": "新版本的 Newt 已可用。请更新到最新版本以获得最佳体验。",
+    "pangolinNodeUpdateAvailableInfo": "新版本的 Pangolin Node 已可用。请更新到最新版本以获得最佳体验。",
    "domainPickerEnterDomain": "域名",
    "domainPickerPlaceholder": "example.com",
    "domainPickerDescription": "输入资源的完整域名以查看可用选项。",
@@ -1417,6 +1689,7 @@
    "domainPickerNamespace": "命名空间：{namespace}",
    "domainPickerShowMore": "显示更多",
    "regionSelectorTitle": "选择区域",
+    "domainPickerRemoteExitNodeWarning": "当站点连接到远程退出节点时不支持所提供的域。为了资源可在远程节点上使用，请使用自定义域名。",
    "regionSelectorInfo": "选择区域以帮助提升您所在地的性能。您不必与服务器在相同的区域。",
    "regionSelectorPlaceholder": "选择一个区域",
    "regionSelectorComingSoon": "即将推出",
@@ -1570,6 +1843,16 @@
    "billingFeatureLossWarning": "功能可用通知",
    "billingFeatureLossDescription": "如果降级，新计划中不可用的功能将被自动禁用。一些设置和配置可能会丢失。 请查看定价矩阵以了解哪些功能将不再可用。",
    "billingUsageExceedsLimit": "当前使用量 ({current}) 超出限制 ({limit})",
+    "billingPastDueTitle": "过去到期的付款",
+    "billingPastDueDescription": "您的付款已过期。请更新您的付款方法以继续使用您当前的计划功能。 如果不解决，您的订阅将被取消，您将被恢复到免费等级。",
+    "billingUnpaidTitle": "订阅未付款",
+    "billingUnpaidDescription": "您的订阅未付，您已恢复到免费等级。请更新您的付款方法以恢复您的订阅。",
+    "billingIncompleteTitle": "付款不完成",
+    "billingIncompleteDescription": "您的付款不完整。请完成付款过程以激活您的订阅。",
+    "billingIncompleteExpiredTitle": "付款已过期",
+    "billingIncompleteExpiredDescription": "您的付款尚未完成且已过期。您已恢复到免费级别。请再次订阅以恢复对已支付功能的访问。",
+    "billingManageSubscription": "管理您的订阅",
+    "billingResolvePaymentIssue": "请在升级或降级之前解决您的付款问题",
    "signUpTerms": {
        "IAgreeToThe": "我同意",
        "termsOfService": "服务条款",
@@ -1628,6 +1911,7 @@
    "configureHealthCheck": "配置健康检查",
    "configureHealthCheckDescription": "为 {target} 设置健康监控",
    "enableHealthChecks": "启用健康检查",
+    "healthCheckDisabledStateDescription": "禁用后，站点不会进行健康检查，状态将被视为未知。",
    "enableHealthChecksDescription": "监视此目标的健康状况。如果需要，您可以监视一个不同的终点。",
    "healthScheme": "方法",
    "healthSelectScheme": "选择方法",
@@ -1643,6 +1927,24 @@
    "timeIsInSeconds": "时间以秒为单位",
    "requireDeviceApproval": "需要设备批准",
    "requireDeviceApprovalDescription": "具有此角色的用户需要管理员批准的新设备才能连接和访问资源。",
+    "sshAccess": "SSH 访问",
+    "roleAllowSsh": "允许 SSH",
+    "roleAllowSshAllow": "允许",
+    "roleAllowSshDisallow": "不允许",
+    "roleAllowSshDescription": "允许具有此角色的用户通过 SSH 连接到资源。禁用时，角色不能使用 SSH 访问。",
+    "sshSudoMode": "Sudo 访问",
+    "sshSudoModeNone": "无",
+    "sshSudoModeNoneDescription": "用户不能用sudo运行命令。",
+    "sshSudoModeFull": "全苏多",
+    "sshSudoModeFullDescription": "用户可以用 sudo 运行任何命令。",
+    "sshSudoModeCommands": "命令",
+    "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
+    "sshSudo": "允许Sudo",
+    "sshSudoCommands": "Sudo 命令",
+    "sshSudoCommandsDescription": "逗号分隔的用户允许使用 sudo 运行的命令列表。",
+    "sshCreateHomeDir": "创建主目录",
+    "sshUnixGroups": "Unix 组",
+    "sshUnixGroupsDescription": "用逗号分隔了Unix组，将用户添加到目标主机上。",
    "retryAttempts": "重试次数",
    "expectedResponseCodes": "期望响应代码",
    "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",
@@ -1659,9 +1961,20 @@
    "healthCheckIntervalMin": "检查间隔必须至少为 5 秒",
    "healthCheckTimeoutMin": "超时必须至少为 1 秒",
    "healthCheckRetryMin": "重试次数必须至少为 1 次",
+    "healthCheckMode": "检查模式",
+    "healthCheckStrategy": "策略",
+    "healthCheckModeDescription": "TCP 模式仅验证连接性。HTTP 模式验证 HTTP 响应。",
+    "healthyThreshold": "正常阈值",
+    "healthyThresholdDescription": "标记为正常之前所需的连续成功次数。",
+    "unhealthyThreshold": "不正常阈值",
+    "unhealthyThresholdDescription": "标记为不正常之前所需的连续失败次数。",
+    "healthCheckHealthyThresholdMin": "健康阈值至少为 1",
+    "healthCheckUnhealthyThresholdMin": "不健康阈值至少为 1",
    "httpMethod": "HTTP 方法",
    "selectHttpMethod": "选择 HTTP 方法",
    "domainPickerSubdomainLabel": "子域名",
+    "domainPickerWildcard": "通配符",
+    "domainPickerWildcardPaidOnly": "通配符子域是付费功能。请升级以使用此功能。",
    "domainPickerBaseDomainLabel": "根域名",
    "domainPickerSearchDomains": "搜索域名...",
    "domainPickerNoDomainsFound": "未找到域名",
@@ -1687,12 +2000,12 @@
    "resourcesTableAliasAddressInfo": "此地址是组织实用子网的一部分。它用来使用内部DNS解析来解析别名记录。",
    "resourcesTableClients": "客户端",
    "resourcesTableAndOnlyAccessibleInternally": "且仅在与客户端连接时可内部访问。",
-    "resourcesTableNoTargets": "没有目标",
    "resourcesTableHealthy": "健康的",
    "resourcesTableDegraded": "降级",
-    "resourcesTableOffline": "离线的",
+    "resourcesTableUnhealthy": "不健康",
    "resourcesTableUnknown": "未知的",
    "resourcesTableNotMonitored": "未监视的",
+    "resourcesTableNoTargets": "无目标",
    "editInternalResourceDialogEditClientResource": "编辑私有资源",
    "editInternalResourceDialogUpdateResourceProperties": "更新{resourceName}的资源配置和访问控制。",
    "editInternalResourceDialogResourceProperties": "资源属性",
@@ -1718,6 +2031,11 @@
    "editInternalResourceDialogModePort": "端口",
    "editInternalResourceDialogModeHost": "主机",
    "editInternalResourceDialogModeCidr": "CIDR",
+    "editInternalResourceDialogModeHttp": "HTTP",
+    "editInternalResourceDialogModeHttps": "HTTPS",
+    "editInternalResourceDialogScheme": "方案",
+    "editInternalResourceDialogEnableSsl": "启用 SSL",
+    "editInternalResourceDialogEnableSslDescription": "为目标的安全 HTTPS 连接启用 SSL/TLS 加密。",
    "editInternalResourceDialogDestination": "目标",
    "editInternalResourceDialogDestinationHostDescription": "站点网络上资源的 IP 地址或主机名。",
    "editInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP或主机名地址。",
@@ -1733,6 +2051,7 @@
    "createInternalResourceDialogName": "名称",
    "createInternalResourceDialogSite": "站点",
    "selectSite": "选择站点...",
+    "multiSitesSelectorSitesCount": "{count, plural, one {# site} other {# sites}}",
    "noSitesFound": "未找到站点。",
    "createInternalResourceDialogProtocol": "协议",
    "createInternalResourceDialogTcp": "TCP",
@@ -1761,11 +2080,19 @@
    "createInternalResourceDialogModePort": "端口",
    "createInternalResourceDialogModeHost": "主机",
    "createInternalResourceDialogModeCidr": "CIDR",
+    "createInternalResourceDialogModeHttp": "HTTP",
+    "createInternalResourceDialogModeHttps": "HTTPS",
+    "scheme": "方案",
+    "createInternalResourceDialogScheme": "方案",
+    "createInternalResourceDialogEnableSsl": "启用 SSL",
+    "createInternalResourceDialogEnableSslDescription": "为目标的安全 HTTPS 连接启用 SSL/TLS 加密。",
    "createInternalResourceDialogDestination": "目标",
    "createInternalResourceDialogDestinationHostDescription": "站点网络上资源的 IP 地址或主机名。",
    "createInternalResourceDialogDestinationCidrDescription": "站点网络上资源的 CIDR 范围。",
    "createInternalResourceDialogAlias": "Alias",
    "createInternalResourceDialogAliasDescription": "此资源可选的内部DNS别名。",
+    "internalResourceDownstreamSchemeRequired": "HTTP 资源需要方案",
+    "internalResourceHttpPortRequired": "HTTP 资源需要目的端口",
    "siteConfiguration": "配置",
    "siteAcceptClientConnections": "接受客户端连接",
    "siteAcceptClientConnectionsDescription": "允许用户设备和客户端访问此站点上的资源。这可以稍后更改。",
@@ -1851,12 +2178,46 @@
    "exitNode": "出口节点",
    "country": "国家",
    "rulesMatchCountry": "当前基于源 IP",
+    "region": "地区",
+    "selectRegion": "选择区域",
+    "searchRegions": "搜索区域...",
+    "noRegionFound": "未找到区域。",
+    "rulesMatchRegion": "选择一个区域国家组",
+    "rulesErrorInvalidRegion": "无效区域",
+    "rulesErrorInvalidRegionDescription": "请选择一个有效的区域。",
+    "regionAfrica": "非洲",
+    "regionNorthernAfrica": "B. 北非地区",
+    "regionEasternAfrica": "东部非洲",
+    "regionMiddleAfrica": "中东",
+    "regionSouthernAfrica": "D. 南 非",
+    "regionWesternAfrica": "D. 西部非洲",
+    "regionAmericas": "Americas",
+    "regionCaribbean": "加勒比",
+    "regionCentralAmerica": "中美洲：",
+    "regionSouthAmerica": "南 非",
+    "regionNorthernAmerica": "北美洲：",
+    "regionAsia": "亚洲",
+    "regionCentralAsia": "B. 亚 洲",
+    "regionEasternAsia": "东亚",
+    "regionSouthEasternAsia": "D. 东南亚区域",
+    "regionSouthernAsia": "D. 亚 洲",
+    "regionWesternAsia": "西亚",
+    "regionEurope": "欧洲",
+    "regionEasternEurope": "D. 欧 洲",
+    "regionNorthernEurope": "北欧洲",
+    "regionSouthernEurope": "南欧洲",
+    "regionWesternEurope": "西欧洲",
+    "regionOceania": "Oceania",
+    "regionAustraliaAndNewZealand": "澳大利亚和新西兰",
+    "regionMelanesia": "Melanesia",
+    "regionMicronesia": "Micronesia",
+    "regionPolynesia": "Polynesia",
    "managedSelfHosted": {
        "title": "托管自托管",
        "description": "更可靠和低维护自我托管的 Pangolin 服务器，带有额外的铃声和告密器",
        "introTitle": "托管自托管的潘戈林公司",
        "introDescription": "这是一种部署选择，为那些希望简洁和额外可靠的人设计，同时仍然保持他们的数据的私密性和自我托管性。",
-        "introDetail": "通过此选项，您仍然运行您自己的 Pangolin 节点 — — 您的隧道、SSL 终止，并且流量在您的服务器上保持所有状态。 不同之处在于，管理和监测是通过我们的云层仪表板进行的，该仪表板开启了一些好处：",
+        "introDetail": "通过此选项，您仍然运行您自己的 Pangolin 节点 - - 您的隧道、SSL 终止，并且流量在您的服务器上保持所有状态。 不同之处在于，管理和监测是通过我们的云层仪表板进行的，该仪表板开启了一些好处：",
        "benefitSimplerOperations": {
            "title": "简单的操作",
            "description": "无需运行您自己的邮件服务器或设置复杂的警报。您将从方框中获得健康检查和下限提醒。"
@@ -1889,7 +2250,7 @@
    },
    "internationaldomaindetected": "检测到国际域",
    "willbestoredas": "储存为：",
-    "roleMappingDescription": "确定当用户启用自动配送时如何分配他们的角色。",
+    "roleMappingDescription": "确定当用户使用此身份提供者登陆时如何分配角色。",
    "selectRole": "选择角色",
    "roleMappingExpression": "表达式",
    "selectRolePlaceholder": "选择角色",
@@ -1899,6 +2260,25 @@
    "invalidValue": "无效的值",
    "idpTypeLabel": "身份提供者类型",
    "roleMappingExpressionPlaceholder": "例如: contains(group, 'admin' &'Admin' || 'Member'",
+    "roleMappingModeFixedRoles": "固定角色",
+    "roleMappingModeMappingBuilder": "映射构建器",
+    "roleMappingModeRawExpression": "原始表达式",
+    "roleMappingFixedRolesPlaceholderSelect": "选择一个或多个角色",
+    "roleMappingFixedRolesPlaceholderFreeform": "输入角色名称 (每个组织确切匹配)",
+    "roleMappingFixedRolesDescriptionSameForAll": "将相同的角色分配给每个自动配备的用户。",
+    "roleMappingFixedRolesDescriptionDefaultPolicy": "对于缺省策略，每个提供用户的组织中存在的角色名称类型。名称必须完全匹配。",
+    "roleMappingClaimPath": "认领路径",
+    "roleMappingClaimPathPlaceholder": "组",
+    "roleMappingClaimPathDescription": "包含源值的 token 有效负载路径 (例如组)。",
+    "roleMappingMatchValue": "匹配值",
+    "roleMappingAssignRoles": "分配角色",
+    "roleMappingAddMappingRule": "添加映射规则",
+    "roleMappingRawExpressionResultDescription": "表达式必须值为字符串或字符串。",
+    "roleMappingRawExpressionResultDescriptionSingleRole": "表达式必须计算到字符串(单个角色名称)。",
+    "roleMappingMatchValuePlaceholder": "匹配值(例如: 管理员)",
+    "roleMappingAssignRolesPlaceholderFreeform": "输入角色名称 (每个组织确切)",
+    "roleMappingBuilderFreeformRowHint": "角色名称必须匹配每个目标组织的角色。",
+    "roleMappingRemoveRule": "删除",
    "idpGoogleConfiguration": "Google 配置",
    "idpGoogleConfigurationDescription": "配置 Google OAuth2 凭据",
    "idpGoogleClientIdDescription": "Google OAuth2 Client ID",
@@ -1962,9 +2342,11 @@
    "selectDomainForOrgAuthPage": "选择组织认证页面的域",
    "domainPickerProvidedDomain": "提供的域",
    "domainPickerFreeProvidedDomain": "免费提供的域",
+    "domainPickerFreeDomainsPaidFeature": "提供的域名是付费功能。订阅即可将域名包含在您的计划中-无需自带域名。",
    "domainPickerVerified": "已验证",
    "domainPickerUnverified": "未验证",
-    "domainPickerInvalidSubdomainStructure": "此子域包含无效的字符或结构。当您保存时，它将被自动清除。",
+    "domainPickerManual": "手动",
+    "domainPickerInvalidSubdomainStructure": "保存时将清除无效字符。",
    "domainPickerError": "错误",
    "domainPickerErrorLoadDomains": "加载组织域名失败",
    "domainPickerErrorCheckAvailability": "检查域可用性失败",
@@ -1977,7 +2359,7 @@
    "orgAuthChooseIdpDescription": "选择您的身份提供商以继续",
    "orgAuthNoIdpConfigured": "此机构没有配置任何身份提供者。您可以使用您的 Pangolin 身份登录。",
    "orgAuthSignInWithPangolin": "使用 Pangolin 登录",
-    "orgAuthSignInToOrg": "登录到组织",
+    "orgAuthSignInToOrg": "组织身份提供商 (SSO)",
    "orgAuthSelectOrgTitle": "组织登录",
    "orgAuthSelectOrgDescription": "输入您的组织ID以继续",
    "orgAuthOrgIdPlaceholder": "您的组织",
@@ -2138,7 +2520,7 @@
        "alerts": {
            "commercialUseDisclosure": {
                "title": "使用情况披露",
-                "description": "选择能准确反映您预定用途的许可等级。 个人许可证允许对个人、非商业性或小型商业活动免费使用软件，年收入毛额不到100 000美元。 超出这些限度的任何用途，包括在企业、组织内的用途。 或其他创收环境——需要有效的企业许可证和支付适用的许可证费用。 所有用户，不论是个人还是企业，都必须遵守寄养商业许可证条款。"
+                "description": "选择能准确反映您预定用途的许可等级。 个人许可证允许对个人、非商业性或小型商业活动免费使用软件，年收入毛额不到100 000美元。 超出这些限度的任何用途，包括在企业、组织内的用途。 或其他创收环境--需要有效的企业许可证和支付适用的许可证费用。 所有用户，不论是个人还是企业，都必须遵守寄养商业许可证条款。"
            },
            "trialPeriodInformation": {
                "title": "试用期信息",
@@ -2193,10 +2575,10 @@
            },
            "scale": {
                "title": "缩放比例",
-                "description": "企业特征、50个用户、50个站点和优先支持。"
+                "description": "企业功能，50个用户，100个站点，以及优先支持。"
            }
        },
-        "personalUseOnly": "仅供个人使用 (免费许可证-无签出)",
+        "personalUseOnly": "仅限个人使用（免费许可 - 无需结账）",
        "buttons": {
            "continueToCheckout": "继续签出"
        },
@@ -2270,6 +2652,7 @@
    "validPassword": "有效密码",
    "validEmail": "Valid email",
    "validSSO": "Valid SSO",
+    "connectedClient": "已连接客户端",
    "resourceBlocked": "资源被阻止",
    "droppedByRule": "被规则删除",
    "noSessions": "无会话",
@@ -2289,12 +2672,14 @@
    "logRetentionDescription": "管理不同类型的日志为这个机构保留多长时间或禁用这些日志",
    "requestLogsDescription": "查看此机构资源的详细请求日志",
    "requestAnalyticsDescription": "查看此机构资源的详细请求分析",
-    "logRetentionRequestLabel": "请求日志保留",
+    "logRetentionRequestLabel": "HTTP 请求日志保留",
    "logRetentionRequestDescription": "保留请求日志的时间",
    "logRetentionAccessLabel": "访问日志保留",
    "logRetentionAccessDescription": "保留访问日志的时间",
    "logRetentionActionLabel": "动作日志保留",
    "logRetentionActionDescription": "保留操作日志的时间",
+    "logRetentionConnectionLabel": "连接日志保留",
+    "logRetentionConnectionDescription": "保留连接日志的时间",
    "logRetentionDisabled": "已禁用",
    "logRetention3Days": "3 天",
    "logRetention7Days": "7 天",
@@ -2305,8 +2690,15 @@
    "logRetentionEndOfFollowingYear": "下一年结束",
    "actionLogsDescription": "查看此机构执行的操作历史",
    "accessLogsDescription": "查看此机构资源的访问认证请求",
-    "licenseRequiredToUse": "需要 <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> 许可才能使用此功能。此功能也可在 <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> 中使用。",
-    "ossEnterpriseEditionRequired": "<enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> 需要使用此功能。此功能也可在 <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> 中使用。",
+    "connectionLogs": "连接日志",
+    "connectionLogsDescription": "查看此机构隧道的连接日志",
+    "sidebarLogsConnection": "连接日志",
+    "sidebarLogsStreaming": "流流",
+    "sourceAddress": "源地址",
+    "destinationAddress": "目的地址",
+    "duration": "期限",
+    "licenseRequiredToUse": "使用此功能需要<enterpriseLicenseLink>企业版</enterpriseLicenseLink>许可证或<pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>。<bookADemoLink>预约演示或POC试用</bookADemoLink>。",
+    "ossEnterpriseEditionRequired": "需要 <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> 才能使用此功能。 此功能也可在 <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>上获取。 <bookADemoLink>预订演示或POC 试用</bookADemoLink>。",
    "certResolver": "证书解决器",
    "certResolverDescription": "选择用于此资源的证书解析器。",
    "selectCertResolver": "选择证书解析",
@@ -2448,6 +2840,9 @@
    "machineClients": "机器客户端",
    "install": "安装",
    "run": "运行",
+    "envFile": "环境文件",
+    "serviceFile": "服务文件",
+    "enableAndStart": "启用并启动",
    "clientNameDescription": "可以稍后更改的客户端的显示名称。",
    "clientAddress": "客户端地址 (高级)",
    "setupFailedToFetchSubnet": "获取默认子网失败",
@@ -2496,13 +2891,30 @@
    "editInternalResourceDialogAddClients": "添加客户端",
    "editInternalResourceDialogDestinationLabel": "目标",
    "editInternalResourceDialogDestinationDescription": "指定内部资源的目标地址。根据选择的模式，这可以是主机名、IP地址或CIDR范围。可选的，设置一个内部DNS别名以便于识别。",
+    "internalResourceFormMultiSiteRoutingHelp": "选择多个站点可以实现高可用性的弹性路由和故障转移。",
+    "internalResourceFormMultiSiteRoutingHelpLearnMore": "了解更多",
    "editInternalResourceDialogPortRestrictionsDescription": "限制访问特定的TCP/UDP端口或允许/阻止所有端口。",
+    "createInternalResourceDialogHttpConfiguration": "HTTP 配置",
+    "createInternalResourceDialogHttpConfigurationDescription": "选择客户将使用的域名通过 HTTP 或 HTTPS 访问此资源。",
+    "editInternalResourceDialogHttpConfiguration": "HTTP 配置",
+    "editInternalResourceDialogHttpConfigurationDescription": "选择客户将使用的域名通过 HTTP 或 HTTPS 访问此资源。",
    "editInternalResourceDialogTcp": "TCP",
    "editInternalResourceDialogUdp": "UDP",
    "editInternalResourceDialogIcmp": "ICMP",
    "editInternalResourceDialogAccessControl": "访问控制",
    "editInternalResourceDialogAccessControlDescription": "控制当连接到此资源时，哪些角色、用户和机器客户端可以访问。管理员始终具有访问权。",
    "editInternalResourceDialogPortRangeValidationError": "端口范围必须为\"*\"表示所有端口，或一个用逗号分隔的端口和范围列表（例如：\"80,443,8000-9000\"）。端口必须在1到65535之间。",
+    "internalResourceAuthDaemonStrategy": "SSH 认证守护进程位置",
+    "internalResourceAuthDaemonStrategyDescription": "选择 SSH 身份验证守护进程在哪里运行：站点(新建) 或远程主机。",
+    "internalResourceAuthDaemonDescription": "SSH 身份验证守护程序处理此资源的 SSH 密钥签名和PAM 身份验证。 选择它是在站点(新建)还是在单独的远程主机上运行。请参阅 <docsLink>文档</docsLink>。",
+    "internalResourceAuthDaemonDocsUrl": "https://docs.pangolin.net",
+    "internalResourceAuthDaemonStrategyPlaceholder": "选择策略",
+    "internalResourceAuthDaemonStrategyLabel": "地点",
+    "internalResourceAuthDaemonSite": "在站点",
+    "internalResourceAuthDaemonSiteDescription": "认证守护进程在站点上运行(新建)。",
+    "internalResourceAuthDaemonRemote": "远程主机",
+    "internalResourceAuthDaemonRemoteDescription": "认证守护进程运行在不是站点的主机上。",
+    "internalResourceAuthDaemonPort": "守护进程端口(可选)",
    "orgAuthWhatsThis": "我的组织ID在哪里可以找到？",
    "learnMore": "了解更多",
    "backToHome": "返回首页",
@@ -2524,6 +2936,9 @@
    "maintenancePageMessagePlaceholder": "我们很快回来！ 我们的网站目前正在进行计划中的维护。",
    "maintenancePageMessageDescription": "详细说明维护的消息",
    "maintenancePageTimeTitle": "预计完成时间（可选）",
+    "privateMaintenanceScreenTitle": "私有占位符界面",
+    "privateMaintenanceScreenMessage": "此域名正在私有资源上使用。请连接 Pangolin 客户端以访问此资源。",
+    "privateMaintenanceScreenSteps": "连接后，如果您仍然看到此消息，说明您的浏览器的DNS缓存可能仍指向旧地址。解决方法：完全关闭并重新打开此标签页或浏览器，然后返回此页面。",
    "maintenanceTime": "例如，2小时，11月1日下午5:00",
    "maintenanceEstimatedTimeDescription": "您期望维护完成的时间",
    "editDomain": "编辑域名",
@@ -2632,5 +3047,209 @@
    "approvalsEmptyStateStep2Title": "启用设备批准",
    "approvalsEmptyStateStep2Description": "编辑角色并启用“需要设备审批”选项。具有此角色的用户需要管理员批准新设备。",
    "approvalsEmptyStatePreviewDescription": "预览：如果启用，待处理设备请求将出现在这里供审核",
-    "approvalsEmptyStateButtonText": "管理角色"
+    "approvalsEmptyStateButtonText": "管理角色",
+    "domainErrorTitle": "我们在验证您的域名时遇到了问题",
+    "idpAdminAutoProvisionPoliciesTabHint": "在 <policiesTabLink>自动供应设置</policiesTabLink> 选项卡上配置角色映射和组织策略。",
+    "streamingTitle": "事件流",
+    "streamingDescription": "实时将事件从您的组织流到外部目的地。",
+    "streamingUnnamedDestination": "未命名目标",
+    "streamingNoUrlConfigured": "未配置URL",
+    "streamingAddDestination": "添加目标",
+    "streamingHttpWebhookTitle": "HTTP Webhook",
+    "streamingHttpWebhookDescription": "将事件发送到任意HTTP端点并灵活验证和模板。",
+    "streamingS3Title": "Amazon S3",
+    "streamingS3Description": "将事件串流到 S3 兼容的对象存储桶。即将推出。",
+    "streamingDatadogTitle": "Datadog",
+    "streamingDatadogDescription": "直接转发事件到您的Datadog 帐户。即将推出。",
+    "streamingTypePickerDescription": "选择要开始的目标类型。",
+    "streamingFailedToLoad": "加载目的地失败",
+    "streamingUnexpectedError": "发生意外错误.",
+    "streamingFailedToUpdate": "更新目标失败",
+    "streamingDeletedSuccess": "目标删除成功",
+    "streamingFailedToDelete": "删除目标失败",
+    "streamingDeleteTitle": "删除目标",
+    "streamingDeleteButtonText": "删除目标",
+    "streamingDeleteDialogAreYouSure": "您确定要删除吗？",
+    "streamingDeleteDialogThisDestination": "这个目标",
+    "streamingDeleteDialogPermanentlyRemoved": "? 所有配置将被永久删除。",
+    "httpDestEditTitle": "编辑目标",
+    "httpDestAddTitle": "添加 HTTP 目标",
+    "httpDestEditDescription": "更新此 HTTP 事件流媒体目的地的配置。",
+    "httpDestAddDescription": "配置新的 HTTP 端点来接收您的组织事件。",
+    "S3DestEditTitle": "编辑目的地",
+    "S3DestAddTitle": "添加 S3 目的地",
+    "S3DestEditDescription": "更新此 S3 事件流目的地的配置。",
+    "S3DestAddDescription": "配置新的 S3 终端以接收您的组织事件。",
+    "datadogDestEditTitle": "编辑目的地",
+    "datadogDestAddTitle": "添加 Datadog 目的地",
+    "datadogDestEditDescription": "更新此 Datadog 事件流目的地的配置。",
+    "datadogDestAddDescription": "配置新的 Datadog 终端以接收您的组织事件。",
+    "httpDestTabSettings": "设置",
+    "httpDestTabHeaders": "信头",
+    "httpDestTabBody": "正文内容",
+    "httpDestTabLogs": "日志",
+    "httpDestNamePlaceholder": "我的 HTTP 目标",
+    "httpDestUrlLabel": "目标网址",
+    "httpDestUrlErrorHttpRequired": "URL 必须使用 http 或 https",
+    "httpDestUrlErrorHttpsRequired": "云端部署需要HTTPS",
+    "httpDestUrlErrorInvalid": "输入一个有效的 URL (例如，https://example.com/webhook)",
+    "httpDestAuthTitle": "认证",
+    "httpDestAuthDescription": "选择如何验证您的端点的请求。",
+    "httpDestAuthNoneTitle": "无身份验证",
+    "httpDestAuthNoneDescription": "在没有授权头的情况下发送请求。",
+    "httpDestAuthBearerTitle": "持有者令牌",
+    "httpDestAuthBearerDescription": "在每个请求中添加授权：Bearer “<token>” 头。",
+    "httpDestAuthBearerPlaceholder": "您的 API 密钥或令牌",
+    "httpDestAuthBasicTitle": "基本认证",
+    "httpDestAuthBasicDescription": "添加一个Authorization: Basic \"<凭据>\" 标头。 以用户名：密码形式提供凭据。",
+    "httpDestAuthBasicPlaceholder": "用户名:密码",
+    "httpDestAuthCustomTitle": "自定义标题",
+    "httpDestAuthCustomDescription": "指定自定义 HTTP 头名称和身份验证值 (例如，X-API 键)。",
+    "httpDestAuthCustomHeaderNamePlaceholder": "标题名称(例如X-API-键)",
+    "httpDestAuthCustomHeaderValuePlaceholder": "页眉值",
+    "httpDestCustomHeadersTitle": "自定义 HTTP 头",
+    "httpDestCustomHeadersDescription": "向每个输出请求添加自定义标题。用于静态令牌或自定义内容类型。默认情况下，内容类型：应用程序/json已发送。",
+    "httpDestNoHeadersConfigured": "未配置自定义头。单击\"添加头\"以添加一个。",
+    "httpDestHeaderNamePlaceholder": "标题名称",
+    "httpDestHeaderValuePlaceholder": "值",
+    "httpDestAddHeader": "添加标题",
+    "httpDestBodyTemplateTitle": "自定义实体模板",
+    "httpDestBodyTemplateDescription": "控制发送到您的端点的 JSON 有效载荷结构。如果禁用，将为每个事件发送一个 JSON 默认对象。",
+    "httpDestEnableBodyTemplate": "启用自定义实体模板",
+    "httpDestBodyTemplateLabel": "身体模板 (JSON)",
+    "httpDestBodyTemplateHint": "将模板变量用于您有效载荷中的参考事件字段。",
+    "httpDestPayloadFormatTitle": "有效载荷格式",
+    "httpDestPayloadFormatDescription": "事件如何序列化为每个请求实体。",
+    "httpDestFormatJsonArrayTitle": "JSON 数组",
+    "httpDestFormatJsonArrayDescription": "每批一个请求，实体是一个 JSON 数组。与大多数通用的 Web 钩子和数据兼容。",
+    "httpDestFormatNdjsonTitle": "NDJSON",
+    "httpDestFormatNdjsonDescription": "每批有一个请求，物体是换行符限制的 JSON --每行一个对象，不是外部数组。 Sluk HEC、Elastic / OpenSearch和Grafana Loki所需。",
+    "httpDestFormatSingleTitle": "每个请求一个事件",
+    "httpDestFormatSingleDescription": "为每个事件单独发送一个 HTTP POST。仅用于无法处理批量的端点。",
+    "httpDestLogTypesTitle": "日志类型",
+    "httpDestLogTypesDescription": "选择转发到此目的地的日志类型。只有启用的日志类型才会被连续使用。",
+    "httpDestAccessLogsTitle": "访问日志",
+    "httpDestAccessLogsDescription": "资源访问尝试，包括已验证和拒绝的请求。",
+    "httpDestActionLogsTitle": "操作日志",
+    "httpDestActionLogsDescription": "组织内部用户采取的行政行动。",
+    "httpDestConnectionLogsTitle": "连接日志",
+    "httpDestConnectionLogsDescription": "站点和隧道连接事件，包括连接和断开连接。",
+    "httpDestRequestLogsTitle": "请求日志",
+    "httpDestRequestLogsDescription": "HTTP 请求代理资源日志，包括方法、路径和响应代码。",
+    "httpDestSaveChanges": "保存更改",
+    "httpDestCreateDestination": "创建目标",
+    "httpDestUpdatedSuccess": "目标已成功更新",
+    "httpDestCreatedSuccess": "目标创建成功",
+    "httpDestUpdateFailed": "更新目标失败",
+    "httpDestCreateFailed": "创建目标失败",
+    "followRedirects": "遵循重定向",
+    "followRedirectsDescription": "自动跟踪请求的 HTTP 重定向。",
+    "alertingErrorWebhookUrl": "请输入有效的 Webhook URL。",
+    "healthCheckStrategyHttp": "验证连接并检查 HTTP 响应状态。",
+    "healthCheckStrategyTcp": "只验证 TCP 连接性，不检查响应。",
+    "healthCheckStrategySnmp": "进行 SNMP get 请求以检查网络设备和基础架构的健康状况。",
+    "healthCheckStrategyIcmp": "使用 ICMP 回显请求（ping）检查资源是否可达并响应。",
+    "healthCheckTabStrategy": "策略",
+    "healthCheckTabConnection": "连接",
+    "healthCheckTabAdvanced": "高级",
+    "healthCheckStrategyNotAvailable": "此策略不可用。请联系销售以启用此功能。",
+    "uptime30d": "正常运行时间（30天）",
+    "idpAddActionCreateNew": "创建新的身份提供者",
+    "idpAddActionImportFromOrg": "从另一个组织导入",
+    "idpImportDialogTitle": "导入身份提供者",
+    "idpImportDialogDescription": "从您是管理员的组织中选择一个身份提供者。它将关联到本组织。",
+    "idpImportSearchPlaceholder": "按组织或提供者名称搜索……",
+    "idpImportEmpty": "未找到身份提供者。",
+    "idpImportedDescription": "身份提供者已成功导入。",
+    "idpDeleteGlobalQuestion": "您确定要永久删除此身份提供者吗？",
+    "idpDeleteGlobalDescription": "这将永久删除与其关联的所有组织中的身份提供者。",
+    "idpUnassociateTitle": "取消关联身份提供者",
+    "idpUnassociateQuestion": "您确定要将此身份提供者从此组织中取消关联吗？",
+    "idpUnassociateDescription": "与此身份提供者关联的所有用户将从该组织中移除，但身份提供者仍会继续存在于关联的其他组织中。",
+    "idpUnassociateConfirm": "确认取消关联身份提供者",
+    "idpUnassociateWarning": "此操作无法对该组织撤销。",
+    "idpUnassociatedDescription": "身份提供者已成功从该组织中取消关联",
+    "idpUnassociateMenu": "取消关联",
+    "idpDeleteAllOrgsMenu": "删除",
+    "publicIpEndpoint": "终端",
+    "lastTriggeredAt": "最后触发",
+    "reject": "拒绝",
+    "uptimeDaysAgo": "{count} 天前",
+    "uptimeToday": "今天",
+    "uptimeNoDataAvailable": "暂无数据",
+    "uptimeSuffix": "正常运行时间",
+    "uptimeDowntimeSuffix": "停机时间",
+    "uptimeTooltipUptimeLabel": "正常运行",
+    "uptimeTooltipDowntimeLabel": "停机",
+    "uptimeOngoing": "正在进行",
+    "uptimeNoMonitoringData": "无监控数据",
+    "uptimeNoData": "无数据",
+    "uptimeMiniBarDown": "停机",
+    "uptimeSectionTitle": "正常运行时间",
+    "uptimeSectionDescription": "过去 {days} 天的可用性",
+    "uptimeAddAlert": "添加警报",
+    "uptimeViewAlerts": "查看警报",
+    "uptimeCreateEmailAlert": "创建电子邮件警报",
+    "uptimeAlertDescriptionSite": "当此站点下线或恢复上线时，将通过电子邮件通知您。",
+    "uptimeAlertDescriptionResource": "当此资源下线或恢复上线时，将通过电子邮件通知您。",
+    "uptimeAlertNamePlaceholder": "警报名称",
+    "uptimeAdditionalEmails": "附加电子邮件",
+    "uptimeCreateAlert": "创建警报",
+    "uptimeAlertNoRecipients": "无收件人",
+    "uptimeAlertNoRecipientsDescription": "请至少添加一个用户、角色或电子邮件进行通知。",
+    "uptimeAlertCreated": "警报已创建",
+    "uptimeAlertCreatedDescription": "状态变化时将通知您。",
+    "uptimeAlertCreateFailed": "创建警报失败",
+    "webhookUrlLabel": "URL",
+    "webhookHeaderKeyPlaceholder": "关键字",
+    "webhookHeaderValuePlaceholder": "值",
+    "alertLabel": "警报",
+    "domainPickerWildcardSubdomainNotAllowed": "不允许使用通配符子域。",
+    "domainPickerWildcardCertWarning": "通配符资源可能需要额外配置才能正常工作。",
+    "domainPickerWildcardCertWarningLink": "了解更多",
+    "health": "健康",
+    "domainPendingErrorTitle": "验证问题",
+    "memberPortalTitle": "资源",
+    "memberPortalDescription": "您在此组织中可以访问的资源",
+    "memberPortalSortBy": "排序依据……",
+    "memberPortalSortNameAsc": "名称 A-Z",
+    "memberPortalSortNameDesc": "名称 Z-A",
+    "memberPortalSortDomainAsc": "域名 A-Z",
+    "memberPortalSortDomainDesc": "域名 Z-A",
+    "memberPortalSortEnabledFirst": "启用优先",
+    "memberPortalSortDisabledFirst": "禁用优先",
+    "memberPortalRefresh": "刷新",
+    "memberPortalRefreshResources": "刷新资源",
+    "memberPortalFailedToLoad": "加载资源失败",
+    "memberPortalFailedToLoadDescription": "加载资源失败。请检查您的连接并再试一次。",
+    "memberPortalUnableToLoad": "无法加载资源",
+    "memberPortalTryAgain": "再试一次",
+    "memberPortalNoResourcesFound": "找不到资源",
+    "memberPortalNoResourcesAvailable": "无可用资源",
+    "memberPortalNoResourcesMatchSearch": "没有与\"{query}\"匹配的资源。尝试调整您的搜索词或清除搜索以查看所有资源。",
+    "memberPortalNoResourcesAccess": "您尚无访问任何资源的权限。请联系您的管理员获取所需资源的访问权限。",
+    "memberPortalClearSearch": "清除搜索",
+    "memberPortalPublicResources": "公共资源",
+    "memberPortalPublicResourcesDescription": "通过浏览器可访问的网络应用和服务",
+    "memberPortalCopiedToClipboard": "已复制到剪贴板",
+    "memberPortalCopiedUrlDescription": "资源 URL 已复制到您的剪贴板。",
+    "memberPortalOpenResource": "打开资源",
+    "memberPortalPrivateResources": "私有资源",
+    "memberPortalPrivateResourcesDescription": "通过客户端可访问的内部网络资源",
+    "memberPortalResourceDetails": "资源详情",
+    "memberPortalMode": "模式",
+    "memberPortalDestination": "目标",
+    "memberPortalAlias": "别名",
+    "memberPortalCopiedAliasDescription": "资源别名已复制到您的剪贴板。",
+    "memberPortalCopiedDestinationDescription": "资源目的地已复制到您的剪贴板。",
+    "memberPortalRequiresClientConnection": "需要客户端连接",
+    "memberPortalAuthMethods": "身份验证方法",
+    "memberPortalSso": "单一登录 (SSO)",
+    "memberPortalPasswordProtected": "密码保护",
+    "memberPortalPinCode": "PIN 码",
+    "memberPortalEmailWhitelist": "电子邮件白名单",
+    "memberPortalResourceDisabled": "资源已禁用",
+    "memberPortalShowingResources": "显示 {start}-{end} 共 {total} 个资源",
+    "memberPortalPrevious": "上一页",
+    "memberPortalNext": "下一页"
 }
--- a/messages/zh-TW.json
+++ b/messages/zh-TW.json
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -32,8 +32,8 @@
        "format": "prettier --write ."
    },
    "dependencies": {
-        "@asteasolutions/zod-to-openapi": "8.4.0",
-        "@aws-sdk/client-s3": "3.989.0",
+        "@asteasolutions/zod-to-openapi": "8.4.1",
+        "@aws-sdk/client-s3": "3.1011.0",
        "@faker-js/faker": "10.3.0",
        "@headlessui/react": "2.2.9",
        "@hookform/resolvers": "5.2.2",
@@ -59,16 +59,16 @@
        "@radix-ui/react-tabs": "1.1.13",
        "@radix-ui/react-toast": "1.2.15",
        "@radix-ui/react-tooltip": "1.2.8",
-        "@react-email/components": "1.0.7",
+        "@react-email/components": "1.0.8",
        "@react-email/render": "2.0.4",
-        "@react-email/tailwind": "2.0.4",
-        "@simplewebauthn/browser": "13.2.2",
-        "@simplewebauthn/server": "13.2.2",
+        "@react-email/tailwind": "2.0.5",
+        "@simplewebauthn/browser": "13.3.0",
+        "@simplewebauthn/server": "13.3.0",
        "@tailwindcss/forms": "0.5.11",
        "@tanstack/react-query": "5.90.21",
        "@tanstack/react-table": "8.21.3",
        "arctic": "3.7.0",
-        "axios": "1.13.5",
+        "axios": "1.15.0",
        "better-sqlite3": "11.9.1",
        "canvas-confetti": "1.9.4",
        "class-variance-authority": "0.7.1",
@@ -78,63 +78,63 @@
        "cors": "2.8.6",
        "crypto-js": "4.2.0",
        "d3": "7.9.0",
-        "drizzle-orm": "0.45.1",
+        "drizzle-orm": "0.45.2",
        "express": "5.2.1",
-        "express-rate-limit": "8.2.1",
-        "glob": "13.0.3",
+        "express-rate-limit": "8.3.0",
+        "glob": "13.0.6",
        "helmet": "8.1.0",
        "http-errors": "2.0.1",
        "input-otp": "1.4.2",
-        "ioredis": "5.9.3",
+        "ioredis": "5.10.0",
        "jmespath": "0.16.0",
        "js-yaml": "4.1.1",
        "jsonwebtoken": "9.0.3",
-        "lucide-react": "0.563.0",
+        "lucide-react": "0.577.0",
        "maxmind": "5.0.5",
        "moment": "2.30.1",
-        "next": "15.5.12",
-        "next-intl": "4.8.2",
+        "next": "15.5.15",
+        "next-intl": "4.8.3",
        "next-themes": "0.4.6",
        "nextjs-toploader": "3.9.17",
        "node-cache": "5.1.2",
-        "nodemailer": "8.0.1",
+        "nodemailer": "8.0.5",
        "oslo": "1.2.1",
-        "pg": "8.18.0",
-        "posthog-node": "5.24.15",
+        "pg": "8.20.0",
+        "posthog-node": "5.28.0",
        "qrcode.react": "4.2.0",
        "react": "19.2.4",
-        "react-day-picker": "9.13.2",
+        "react-day-picker": "9.14.0",
        "react-dom": "19.2.4",
        "react-easy-sort": "1.8.0",
-        "react-hook-form": "7.71.1",
-        "react-icons": "5.5.0",
+        "react-hook-form": "7.71.2",
+        "react-icons": "5.6.0",
        "recharts": "2.15.4",
-        "reodotdev": "1.0.0",
+        "reodotdev": "1.1.0",
        "resend": "6.9.2",
        "semver": "7.7.4",
-        "sshpk": "^1.18.0",
-        "stripe": "20.3.1",
+        "sshpk": "1.18.0",
+        "stripe": "20.4.1",
        "swagger-ui-express": "5.0.1",
-        "tailwind-merge": "3.4.0",
+        "tailwind-merge": "3.5.0",
        "topojson-client": "3.1.0",
        "tw-animate-css": "1.4.0",
-        "use-debounce": "^10.1.0",
+        "use-debounce": "10.1.0",
        "uuid": "13.0.0",
        "vaul": "1.1.2",
        "visionscarto-world-atlas": "1.0.0",
        "winston": "3.19.0",
        "winston-daily-rotate-file": "5.0.0",
        "ws": "8.19.0",
-        "yaml": "2.8.2",
+        "yaml": "2.8.3",
        "yargs": "18.0.0",
        "zod": "4.3.6",
        "zod-validation-error": "5.0.0"
    },
    "devDependencies": {
-        "@dotenvx/dotenvx": "1.52.0",
+        "@dotenvx/dotenvx": "1.54.1",
        "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/preview-server": "5.2.8",
-        "@tailwindcss/postcss": "4.1.18",
+        "@react-email/preview-server": "5.2.10",
+        "@tailwindcss/postcss": "4.2.2",
        "@tanstack/react-query-devtools": "5.91.3",
        "@types/better-sqlite3": "7.6.13",
        "@types/cookie-parser": "1.4.10",
@@ -146,31 +146,35 @@
        "@types/jmespath": "0.15.2",
        "@types/js-yaml": "4.0.9",
        "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.2.3",
-        "@types/nodemailer": "7.0.9",
+        "@types/node": "25.3.5",
+        "@types/nodemailer": "7.0.11",
        "@types/nprogress": "0.2.3",
-        "@types/pg": "8.16.0",
+        "@types/pg": "8.18.0",
        "@types/react": "19.2.14",
        "@types/react-dom": "19.2.3",
        "@types/semver": "7.7.1",
-        "@types/sshpk": "^1.17.4",
+        "@types/sshpk": "1.17.4",
        "@types/swagger-ui-express": "4.1.8",
        "@types/topojson-client": "3.1.5",
        "@types/ws": "8.18.1",
        "@types/yargs": "17.0.35",
        "babel-plugin-react-compiler": "1.0.0",
-        "drizzle-kit": "0.31.9",
-        "esbuild": "0.27.3",
+        "drizzle-kit": "0.31.10",
+        "esbuild": "0.27.4",
        "esbuild-node-externals": "1.20.1",
-        "eslint": "9.39.2",
-        "eslint-config-next": "16.1.6",
-        "postcss": "8.5.6",
+        "eslint": "10.0.3",
+        "eslint-config-next": "16.1.7",
+        "postcss": "8.5.8",
        "prettier": "3.8.1",
-        "react-email": "5.2.8",
-        "tailwindcss": "4.1.18",
+        "react-email": "5.2.10",
+        "tailwindcss": "4.2.2",
        "tsc-alias": "1.8.16",
        "tsx": "4.21.0",
        "typescript": "5.9.3",
-        "typescript-eslint": "8.55.0"
+        "typescript-eslint": "8.56.1"
+    },
+    "overrides": {
+        "esbuild": "0.27.4",
+        "dompurify": "3.3.2"
    }
 }
--- a/public/idp/openid.png
+++ b/public/idp/openid.png
--- a/public/screenshots/hero.png
+++ b/public/screenshots/hero.png
--- a/Show More
+++ b/Show More