kulunkilabs/vibenetbackup v1.6.7 on GitHub

What's in v1.6.7

Three commits, grouped by area below. All changes land on top of v1.6.6 — no breaking changes, no config migration required.

Manual backup trigger now honors the destination selection. The /backups/trigger form gained a destination checkbox group; the POST handler accepts destination_ids so runs write to the destinations you pick instead of silently falling back to "the first enabled local destination".
Multi-destination recording in the Backup row. When a backup writes to more than one destination (e.g. local + SMB), all of them are now recorded and rendered as colored badges in the list / detail / history views. Previously only the last successful destination showed.
Proxmox / binary-archive backups now ship to every selected destination, not only local. The binary backup handler used to hard-code destination_type = "local"; it now loops every selected destination and calls a new optional save_binary(hostname, data, extension, config) method on DestinationBackend. LocalDestination and SMBDestination implement it; git-family backends are skipped with a warning (archives in git are unusual). Fixes the long-standing "only Brocade backups hit SMB, Proxmox didn't" issue.

Per-device backup history at /backups/device/<id>/history — full chronological timeline with First / Changed / Unchanged markers computed from the stored config hash (cheap, no diffing per row), and checkboxes to pick any two backups to compare.
Compare view at /backups/compare?a=<id>&b=<id> — unified diff between any two backups of the same device. Normalises older→newer automatically, handles identical configs and archive bundles gracefully.
Destination badges replacing the plain-text "Destination" column across the list / detail / history pages.
Shortcut links: View all / Compare on the device detail page, History and Compare with previous on each backup detail page.

SECRET_KEY self-test at startup. init_db() now probe-decrypts one credential + one notification channel. If the current SECRET_KEY can't decrypt existing ciphertext (data volume wiped, .env regenerated, migration without copying the key, etc.), a clear WARNING is logged with recovery steps instead of silent empty-error backup failures at runtime. Catches the single biggest upgrade footgun.
Device edit form: SSH proxy fields stay visible when values are saved. The "SSH Proxy / Jump Host" section was being hidden whenever the engine was not Netmiko or SCP, which also hid any saved proxy data after an engine switch (no way to see or clear it). The section now stays visible whenever the device has saved proxy values, and a caption clarifies that the fields apply to Netmiko / SCP engines only.

.dockerignore added — keeps .env, *.db, ssh_keys/, backups/, staging-backups/, venv/, .git/, and test caches out of the Docker build context (previous builds baked all of these into the image).
.gitignore covers staging-backups/* except .gitkeep so local test artifacts don't show up as untracked.

Docker: docker compose pull && docker compose up -d — SECRET_KEY persists in the data volume; encrypted credentials continue to decrypt.
Shell / systemd: rerun install.sh; it preserves .env (and therefore SECRET_KEY).

No schema migration beyond what v1.6.x already applied.