Loading current service state from the VPS collector.
These cards stay public and focus on entry points, health, and intent rather than leaking internal-only wiring. The web proxy itself stays auth-protected even though it is part of the public-facing service set.
Deeper details such as listeners, auth-failure logs, process lists, and live host activity now live in the protected ops and task-manager routes.