DeviceShelf Blog

Release history

Every DeviceShelf release on one page — newest first. Expand a version for the full notes.

Deutsch

← All posts

DeviceShelf 1.5.15 — New icon, and a real Windows server installer A refreshed icon across platforms, a status-flicker fix, persisted scan settings, and a proper install.exe for the server.

New app icon across macOS, Windows and Linux. We also fixed a status flicker where a device would bounce between "Active" and idle in the middle of a scan, and your scan depth and the UDP-service toggle now survive a restart.

On the server side, the Windows edition ships a real install.exe and uninstall.exe instead of the batch files Windows liked to block — double-click, confirm the prompt, done. And you can read the dashboard token on any platform, Windows, Docker or the .deb, with deviceshelf-server -token.

DeviceShelf 1.5.14 — English UI and router-based topology English is now the primary interface language, and topology can come straight from your UniFi or router controller.

Two bigger changes. The interface is now English-first across desktop, server and mobile — the other languages are still there, English is just the source they're built from now.

And topology no longer leans on SNMP or LLDP guesswork. Point DeviceShelf at your UniFi or router controller and it reads which device sits on which access point or switch port directly from the controller. A Test button confirms the connection before you rely on it.

DeviceShelf 1.5.13 — Fewer, better alerts on the server Alert-flood control for the server edition, more parity with the desktop, and finer scan preferences.

The 24/7 server edition can flood you when a lot changes at once. This release adds the brakes: low-priority events batch into a digest instead of arriving one by one, alerts route by severity so the urgent ones stand out, and a brief flap no longer pages you offline-then-online a second later.

Alongside that, more of the desktop's features made it into the server, and the desktop's scan settings gained finer control over how deep a scan goes.

DeviceShelf 1.5.12 — Pair your phone by QR Connect the mobile app to a desktop or server by scanning a code — no URL, no token to type.

Adding a computer or server to the mobile app used to mean copying its address and access token onto your phone by hand. Now the desktop and server show a QR code: scan it in the app and you're connected.

Same security: the token still authenticates the connection, you just don't type it in.

DeviceShelf 1.5.11 — Settings that stick Settings now save as you type, and the Fingerbank key gets a Test button.

A round of persistence fixes. If you typed an API key or changed a field and then switched tabs before it lost focus, the change could be dropped. Settings now save as you type, so nothing gets lost on the way out.

While we were in there, the Fingerbank key got a Test button — check it works right where you paste it, instead of finding out later that device fingerprinting was quietly off.

DeviceShelf 1.5.10 — Azure OpenAI as an AI provider Azure OpenAI (Microsoft) is now a selectable AI provider, in desktop, server and mobile.

The AI advisor has always been bring-your-own-key: local, optional, off by default, with Anthropic, OpenAI, OpenRouter, Mistral, Groq, Gemini, or local Ollama. New on the list: Azure OpenAI (Microsoft). Enter your Azure resource endpoint, the deployment name, and your Azure key. It's in desktop, server, and mobile.

One caveat: this is Azure OpenAI, not the M365 Copilot license. The Copilot surface in Word or Teams isn't a callable API; what you can wire in is your company's Azure OpenAI access.

DeviceShelf 1.5.9 — real device names in alerts, a clearer uptime report, and unified server management A batch of fixes from user reports across all three apps: notifications and Live Bandwidth show real device names instead of bare IPs/MACs, traceroute is fixed on networks that blocked it, the server's uptime report gets headers and a downtime duration, and the mobile app's server list is unified into one screen.

A larger batch this time, all from user reports. Desktop, server and mobile all get real changes.

Desktop

  • Online/offline alerts show the real device name. A device coming back online or dropping offline could show its bare IP ("Back online: 192.168.1.197") or even its raw MAC address in the notification, which isn't something you can act on. The name lookup now falls back through the same chain the device list already uses: known name, then the manufacturer looked up from the MAC (available as soon as the device is seen at all), and only as a last resort the address itself.
  • Live Bandwidth stopped flickering. Near-idle devices' throughput is mostly measurement noise, so the list re-sorted itself on almost every update. A bar would flash on for one tick and vanish the next. Rows now sort by cumulative traffic instead of the instantaneous rate, and each device's numbers are smoothed before they're drawn. Devices with no resolved hostname also show their manufacturer now, not a bare IP repeated twice.
  • Traceroute works on networks that silently blocked it. The classic UDP-based probing mode is dropped outright by many firewalls, VPNs and NATs — every hop timed out with 100% loss even on a perfectly fine connection. Traceroute now uses the same ICMP echo probes as a plain ping, which get through where the old mode didn't.
  • Ping, DNS lookup and traceroute now come pre-filled with a working target (1.1.1.1 / google.com), so you can check basic connectivity with one click.
  • The DHCP-fingerprinting hint no longer contradicts itself. The "needs admin rights" warning used to stay visible even after the feature was successfully turned on and running.
  • Two settings-only bugs are fixed too: a pre-existing install's port scanning could silently stay off after an upgrade, with no visible cause. And identity resolution (hostname/vendor) could wipe a device's already-known open ports, and with them the quick-connect SSH/VNC/RDP buttons, whenever that pass didn't also happen to run a fresh port scan.

Server

  • The SLA/uptime report finally explains itself. The devices/checks tables had no column headers at all: three columns of bare numbers, nothing labeling what they meant. There's now a proper header row with hover explanations for each column.
  • The percentage now comes with a concrete duration. "94.6%" forces you to do the math yourself; each row now also shows an approximate downtime ("~1h 20m down") right next to the color-coded percentage.
  • Device rows show the manufacturer, not just the IP, when no hostname is known. It's the same fallback the desktop app already uses.
  • The daily-availability heatmap no longer collapses into one meaningless solid-color block when the report's time window is set to 24h; it always shows enough days to be readable.

Mobile

"Remote servers" (a saved list, read-only view) and "Sync" (LAN discovery, a single shared access code) used to overlap without talking to each other. Both are now one screen. Every DeviceShelf server or desktop you connect to is a saved entry with its own name, address and access code; LAN discovery adds new ones to that same list instead of running a separate flow. For each saved server you can open its own read-only view, or pull its full device list (MAC, manufacturer) into your local scan. This also fixes a real limitation: with two servers on the network, there used to be no way to give each one its own access code.

DeviceShelf 1.5.8 — stable device names and a Wake-on-LAN fix Two desktop fixes: device names no longer flicker back to bare IP addresses while background monitoring runs, and Wake-on-LAN works on machines with more than one active network interface. Desktop only.

Two fixes in the desktop app, both from user reports.

  • Device names stay put during auto-scan. With background monitoring on, the device list kept snapping back to bare IP addresses, especially in live mode with its sweeps every 5 seconds or so. Hostname, MAC, vendor, OS: all gone until enrichment caught up again. The cause: each sweep first checks only who is reachable and reports devices with no identity at all. That bare result overwrote the known one. As of 1.5.8, a resolved identity survives scan ticks and is only ever replaced by a newer resolved value, never by a blank. This holds in the device list as well as in exports and the remote API. Measurements like online state and ping still update on every tick. And if an IP gets reassigned to a different device, DeviceShelf drops the old identity instead of carrying it over.
  • Wake-on-LAN works with more than one network interface. The magic packet used to leave through a socket without broadcast permission. The system may reject that outright, and on machines with several active interfaces (Wi-Fi plus VM bridges, say) the packet could also go out the wrong one. It is now sent as a directed broadcast on every active interface, so the target device gets it no matter which network it sits on. When the send fails, the app shows a proper translated message instead of a raw network error.

The server edition gets 1.5.8 only to keep the version numbers in step; nothing changes on the server. Settings, data and monitors are preserved.

DeviceShelf 1.5.7 — device list and scan range cleanup Three fixes from user feedback: a hint when a filter hides every device; the top-bar scope now follows the range dialog; and an implausible From/To range asks before scanning. Desktop only.

A small follow-up to 1.5.6. All three came from user feedback.

  • A filter that hides everything now says so. The device list used to show a blank table when a search term or the favorites star filtered out every found device — which read as "the scan found nothing", even though the counters up top still reported all devices. Now there's a hint ("‘ei’ hides all 32 devices") with a button that clears the search and the favorites filter.
  • The scope display follows the dialog. The range shown top-left only reflected the last scan and changed only on the next one. Pick a different interface in the range dialog, or type a different From/To, and the header now moves with it immediately. Cancel, and it reverts to the real network.
  • A warning before an implausible range. A From/To spanning two networks (say 192.168.1.1 to 10.37.129.254), a reversed one, or a very large one used to silently trigger a slow scan across the wrong subnet — up to 65534 addresses. Now a dialog asks first; a normal in-subnet range still scans without a prompt.

The server edition gets 1.5.7 only to keep the version numbers in step; nothing changes on the server. Settings, data and monitors are preserved.

DeviceShelf 1.5.6 — clearer notifications Collapsed alert rows now list the individual events with timestamps instead of a confusing “flapped N×” counter; the device-list SSID column is gone. Driven by user feedback.

A small update on top of 1.5.5, driven by user feedback.

  • Clearer collapsed alerts. Multiple alerts for the same device within 10 minutes are still merged into one row — but the badge now reads “N alerts” instead of “flapped N×” (which read like the IP had changed), and the row lists every merged event with its time and detail: offline/back online, port opened/closed, IP changed. You can see exactly what happened without opening the details.
  • SSID column removed. The optional device-list column could only ever show the scanning host’s own Wi-Fi (identical in every row) — a LAN scan cannot determine which SSID a remote device is connected to. That came across as “the column shows nothing”. Your own Wi-Fi name remains in the top bar and the Network view.

The server edition gets 1.5.6 as a pure version-lockstep rebuild with no functional changes. Settings, data and monitors are preserved.

DeviceShelf 1.5.5 — richer MCP tool schemas, more hardening MCP tools now declare output schemas, titles and per-field descriptions for clearer AI-client results, plus follow-up security hardening from the 1.5.4 review. Additive, no behaviour changes.

A small additive follow-up to 1.5.4.

  • Richer MCP tool schemas. Every MCP tool now declares an output schema, a human-readable title and per-field descriptions. AI clients (Claude, Cursor, VS Code and the rest) can show clearer, structured results and pick the right tool without guessing. Purely additive — existing connections keep working unchanged.
  • More hardening. A follow-up pass closing review gaps from the 1.5.4 security sweep — API auth, notifications and the mobile export path.

No behaviour changes. Settings, data and monitors carry over.

DeviceShelf 1.5.4 — security & robustness hardening A 27-fix security and robustness pass — stricter API auth (deny-by-default, brute-force backoff, role-spoof guard, request timeouts), redacted notifications, and hardening across scanning, storage, syslog and mobile. No behaviour changes.

1.5.4 is a focused security and robustness pass — 27 fixes, no new features and no behaviour changes.

API & auth (server edition)

  • Deny-by-default. The token guard now uses an allowlist: only the static dashboard shell is public; /api/*, /metrics and /mcp all require a token. (The previous blocklist had to enumerate private paths and once nearly served /mcp unauthenticated.)
  • Brute-force backoff. After repeated failed auth attempts from one IP, further requests get a 429 for a short cool-off, so a bearer token can't be guessed online.
  • Role-spoof guard. The X-DS-Role header is stripped from incoming requests and only ever set by the guard, so a client can't claim admin to downstream handlers.
  • Request timeouts. Read/header/idle timeouts protect against slow-loris-style connection holding (the SSE dashboard feed is exempt).
  • Weak-token warning at startup if the API token is shorter than 24 characters.

Everything else

  • Notifications redact secrets from payloads, and the send path is more defensive.
  • Hardening across the scanner (ping, UPnP), store, syslog receiver and SNMP discovery, plus a safe-goroutine wrapper so a background panic can't take the server down.
  • Mobile: safer desktop-sync parsing and export.

Recommended update. Settings, data and monitors carry over untouched.

DeviceShelf 1.5.3 — the MCP server ships The server edition now ships the MCP server: read-only, strictly local access to your live inventory and monitoring for AI assistants over the Model Context Protocol. Copy-paste setup for Claude, Cursor, VS Code, Windsurf, Cline and Gemini CLI.

The Model Context Protocol server we previewed is now shipping in the server edition.

  • What it is. Set DEVICESHELF_MCP_ENABLE=true and an AI assistant can query your live network in plain language: "what's online?", "which certificates expire soon?", "what's vulnerable?", all answered from your own data. 14 read-only tools (inventory, monitoring, a one-call security overview) plus guided prompts.
  • Strictly local, read-only. The endpoint runs inside your server, behind the same bearer token, reachable only on your LAN. No cloud connector. Write actions (rename, acknowledge, scan) stay off unless you set DEVICESHELF_MCP_ALLOW_ACTIONS, and device-reported strings are treated as untrusted.
  • Connect any agent. Copy-paste setup for Claude Code, Claude Desktop, Cursor, VS Code (Copilot), Windsurf, Cline and Gemini CLI is on the server page. Most connect over Streamable HTTP natively; ChatGPT needs a public HTTPS tunnel because it runs in the cloud.
  • Licensing. Bundled with any paid license and usable during the 7-day trial.

The desktop app is unchanged from 1.5.2.

DeviceShelf 1.5.2 — server version badge, clearer e-mail setup A small server-focused update. The dashboard shows the running version, e-mail/SMTP setup is clearer, and desktop backend messages are now localized in all seven languages.

A small, backward-compatible follow-up to 1.5.1:

  • Server: the dashboard header now shows the running version (plus a public /api/version endpoint).
  • Server: e-mail/SMTP alert setup is clearer. Common providers (Gmail, Yahoo, Outlook, iCloud …) are auto-detected, and a new help section explains the required app password.
  • Desktop: all backend status and error messages are now localized across the seven supported languages.

Monitors, settings and data carry over unchanged.

DeviceShelf 1.5.1 — push/heartbeat monitors, HTTP keyword checks, read-only access, uptime bars 1.5.1 extends the server edition with push/heartbeat monitors, HTTP keyword and status assertions, per-check retries, a read-only access token, daily uptime bars and JSON config backup. Desktop adds custom device types with auto-detection and a new icon set. Backward-compatible.

1.5.1 builds on the 1.5 monitoring foundation, mostly on the headless server edition, and brings the desktop's device handling up a level.

Server edition

  • Push / heartbeat monitors. A new check type for jobs that should "call home": a cron job, backup or script POSTs to a private /api/push/<token> URL on its schedule. If a heartbeat doesn't arrive within the window you set, the monitor goes down and alerts. Good for things a port check can't see.
  • HTTP keyword and status assertions. HTTP checks can now require an exact status code (e.g. 200, or 401 for an auth-gated endpoint) and assert that the response body contains — or does not contain — a given string. A page that loads fast but shows an error no longer counts as up.
  • Retries before alarm. Each check can require N consecutive failures before it raises an alarm, so a single blip doesn't page you.
  • Read-only access token. Set a second, read-only token (DEVICESHELF_API_VIEWER_TOKEN) to hand out view-only access, either over the API (GET only) or as a read-only dashboard. Every change still needs the full token.
  • Daily availability bars. The reports view now shows a per-day uptime bar for every device and check, alongside the SLA percentages.
  • Configuration backup. Export your settings and monitors as a JSON file (no passwords or tokens) and restore them on the same or another server.
  • REST API documentation. The full server API is now documented, including the new endpoints.

Desktop

  • Custom device types with auto-detection for switches, access points and firewalls, a searchable type picker, a refreshed colorful icon set, and a per-row note tooltip on hover.

Fixes

  • Removed the colored left-edge accent on dashboard cards (cosmetic).
  • The server timeline now labels monitor-check events properly instead of showing a raw key.

Compatibility

Backward-compatible; no breaking changes. Existing configuration and data are kept. The new check options and the read-only token are opt-in, so updating raises no new notifications by itself.

DeviceShelf 1.5 — threshold monitoring, dependencies, alarm lifecycle, server connection 1.5 adds threshold-based checks (ping, TCP, HTTP/JSON, SNMP), dependency-based alarm suppression, an alarm lifecycle (acknowledge, maintenance windows, quiet hours), and desktop-to-server connections. Backward-compatible.

DeviceShelf 1.5 adds monitoring beyond plain reachability. Changes:

New in 1.5

  • Threshold-based checks. Define checks per device with warning and error thresholds. Supported types: ping latency, TCP port reachability, HTTP/HTTPS status (optionally comparing a value extracted from a JSON response via a dot path), and SNMP values.
  • Dependencies. A check can depend on a parent device (e.g. a switch or gateway). When the parent is down, alarms for the dependent checks are suppressed, so an upstream outage produces one alarm instead of one per downstream device.
  • Alarm lifecycle.
  • Acknowledge: mark a known alarm as seen so it stops re-notifying.
  • Maintenance windows: scheduled time ranges in which checks do not raise alarms.
  • Quiet hours: recurring time ranges in which no push notifications are sent.
  • Desktop-to-server connection. The desktop app can connect to one or more headless DeviceShelf servers and read their inventory, subnet, online status, timeline and alarms, and acknowledge alarms remotely.

Compatibility

Backward-compatible; no breaking changes. Existing configuration and data are kept. Checks are opt-in (you create them), so updating raises no new notifications by itself.

DeviceShelf 1.4.2 — Fingerbank device ID, richer alerts & an update notice 1.4.2 adds Fingerbank-powered device identification, far more detailed alerts (IP, vendor, type, OS, ports), and an opt-in update notice, plus everything from 1.4.1 (offline devices, dashboard polish, desktop SSH).

A focused follow-up to the big 1.4.0 release: sharper identification, clearer alerts, and a friendlier update path.

✨ New in 1.4.2

  • Fingerbank device identification. Devices are now identified by their DHCP fingerprint via Fingerbank. That means better guesses for vendor, type and OS, especially on IoT gear.
  • Richer alerts. Alert messages now spell it all out: IP, vendor, device type, OS, open ports and the Fingerbank match. A notification tells you what happened without opening the app.
  • Opt-in update notice. A "check now" button (and an optional on-launch check) lets you know when a new version is out. It never auto-installs — you stay in control.

Also since 1.4.0 (shipped in 1.4.1)

  • Offline devices stay visible in the list instead of disappearing.
  • Dashboard polish: auto-save, a favicon, a clearer WAN explanation, and a live-status fix.
  • Desktop: SSH login and scan-range fixes.

🖥 Server edition (beta)

The 1.4.2 server adds the same passive DHCP fingerprinting (it listens on UDP port 67). Because the container deliberately runs as a non-root user, binding that low port needs one tightly-scoped capability: NET_BIND_SERVICE (no root, no NET_ADMIN, just opening low ports). Without it the server still runs fine, only DHCP/Fingerbank identification is skipped.

Update your compose with --cap-add NET_BIND_SERVICE and pull :1.4.2. Full steps in the server install guide. It's a beta — bug reports & feature requests very welcome.

Get it

Update from inside the app (or hit check for updates), or grab 1.4.2 from deviceshelf.app. As always: local-first, no telemetry, no account.

DeviceShelf 1.4.0 — live monitoring, notifications & a server beta A big release: a notification center, auto/live scan, a smarter device table, in-app rollback, a Windows Npcap prompt, and a pile of fixes. Plus the first beta of the headless 24/7 server edition.

1.4.0 is a big one. Here's everything that's new and fixed, plus the first public beta of the server edition.

✨ New

  • Notification center. A bell in the toolbar collects what changed while you were looking elsewhere: devices arriving and leaving, ports opening, alerts firing.
  • Auto / live scan. Turn it on and DeviceShelf watches your network continuously, refreshing every few seconds instead of waiting for a manual scan.
  • Smarter device table. Sort by any column, connect over RDP in one click, and use per-port gating so a scan does exactly what you want.
  • In-app rollback. Need the previous build? Roll back to an earlier version right from inside the app.
  • Windows Npcap prompt. The Windows installer now tells you when Npcap is needed (for live per-device bandwidth) and links you straight to it.
  • Local-API token UX. Setting up and using the local-API token is simpler and clearer.

🐛 Fixed

  • Fingerbank rate-limit handling. Device-identification lookups no longer trip the provider's rate limit.
  • Scan range / CIDR / save fixes. Custom ranges and CIDR inputs parse correctly, and saving is reliable.

🖥 The server edition enters beta

The headless 24/7 server edition ships for the first time in 1.4.0: continuous, GUI-less monitoring you run in Docker (or install the .deb, now built in CI) on a Linux box or VM. It's covered by your existing license. Same key, no extra cost.

This is a beta. Expect a few rough edges. If you hit a bug or have a feature request, please tell us — your feedback decides where it goes next. Subscribe below to follow along.

Get it

Update from inside the app, or grab 1.4.0 from deviceshelf.app. As always: local-first, no telemetry, no account.

Get release updates

New features, releases and polls — straight to your inbox. No spam, unsubscribe anytime.