feat: add return classification for archive chart, CARD API integration, compliance charts, systemd services

README.md

@@ -12,6 +12,7 @@ A self-hosted vulnerability management dashboard for the NTS-AEO-STEAM and NTS-A
 - [Installation](#installation)
 - [Configuration](#configuration)
 - [Running the Application](#running-the-application)
+  - [Running as systemd services (auto-start on reboot)](#running-as-systemd-services-auto-start-on-reboot)
 - [Features](#features)
   - [Authentication and User Groups](#authentication-and-user-groups)
   - [Home — CVE Management](#home--cve-management)
@@ -251,6 +252,42 @@ cd frontend
 npm start
 ```
 
+### Running as systemd services (auto-start on reboot)
+
+Two systemd unit files are installed to `/etc/systemd/system/` so the dashboard starts automatically when the server boots:
+
+| Unit | What it runs |
+|---|---|
+| `cve-backend.service` | `node server.js` from `backend/` |
+| `cve-frontend.service` | `npm start` from `frontend/` (waits for backend) |
+
+Both services load their respective `.env` files, restart on failure (5-second delay), and append output to `backend/backend.log` and `frontend/frontend.log`.
+
+**First-time setup** (if the units are not yet installed):
+
+```bash
+# Copy the unit files into systemd
+cp systemd/cve-backend.service /etc/systemd/system/
+cp systemd/cve-frontend.service /etc/systemd/system/
+
+# Reload systemd, enable on boot, and start
+systemctl daemon-reload
+systemctl enable --now cve-backend cve-frontend
+```
+
+**Common commands:**
+
+```bash
+systemctl status cve-backend cve-frontend    # Check both services
+systemctl restart cve-backend                 # Restart backend only
+systemctl restart cve-frontend                # Restart frontend only
+systemctl stop cve-backend cve-frontend       # Stop both
+journalctl -u cve-backend -f                  # Follow backend journal
+journalctl -u cve-frontend -f                 # Follow frontend journal
+```
+
+> The helper scripts (`start-servers.sh` / `stop-servers.sh`) still work for ad-hoc use, but systemd is the recommended approach for persistent deployments. If switching to systemd, stop any script-launched processes first with `./stop-servers.sh` to avoid port conflicts.
+
 ### Default ports
 
 | Service | URL |
@@ -742,6 +779,9 @@ cve-dashboard/
 ├── start-servers.sh          # Start backend + frontend in background
 ├── stop-servers.sh           # Stop all servers
 ├── package.json              # Root package.json (backend dependencies)
+├── systemd/                  # systemd unit files for auto-start on boot
+│   ├── cve-backend.service
+│   └── cve-frontend.service
 │
 ├── backend/
 │   ├── server.js             # Express app — routes, middleware, security headers
@@ -983,6 +1023,8 @@ cd ..
 
 # 8. Start servers
 ./start-servers.sh
+# Or, if using systemd services:
+#   systemctl restart cve-backend cve-frontend
 ```
 
 After upgrading, clear your browser cookies and log in fresh — session format changes between versions will invalidate old sessions.