diff --git a/MAC_MINI_SETUP_SUMMARY.md b/MAC_MINI_SETUP_SUMMARY.md
new file mode 100644
index 0000000..1852701
--- /dev/null
+++ b/MAC_MINI_SETUP_SUMMARY.md
@@ -0,0 +1,426 @@
+# 🚀 Mac Mini 2014 OPNsense Router - Implementation Guide
+
+**Transform your Mac mini into an enterprise-grade router with ZERO hardware cost!**
+
+---
+
+## 💻 Your Hardware (PERFECT for this!)
+
+### Mac Mini 2014 Specifications:
+- **CPU:** Intel Core i5 (4th gen) ✅
+- **RAM:** 8GB ✅
+- **Storage:** 500GB SSD ✅
+- **Network:** 3x Gigabit Ethernet (1 onboard + 2 Thunderbolt) ✅
+
+**This hardware is MORE capable than a $400 Protectli!**
+
+### Performance Expectations:
+- ✅ 1 Gbps routing with Deep Packet Inspection
+- ✅ Suricata IDS/IPS + Zenarmor simultaneously  
+- ✅ Handles 50+ devices (you have 22)
+- ✅ VPN server capability
+- ✅ Years of detailed logs
+
+---
+
+## 🎯 Network Configuration
+
+### IP Addressing:
+- **Router:** 10.0.0.254
+- **DHCP Range:** 10.0.0.1 - 10.0.0.200
+- **Gateway:** 10.0.0.254
+- **DNS:** 10.0.0.55 (Home Assistant with AdGuard)
+
+### Static Reservations:
+- 10.0.0.55 - Home Assistant
+- 10.0.0.2 - Archer AX72 Pro (AP mode)
+- Custom exclusions as needed
+
+---
+
+## 📅 4-Phase Implementation Plan
+
+### **Phase 1: Basic Router Setup** (Day 1, 2-3 hours)
+**Goal:** Get internet working through Mac mini
+
+Steps:
+1. Download OPNsense ISO
+2. Create bootable USB
+3. Install on Mac mini (erases macOS!)
+4. Configure WAN/LAN interfaces
+5. Setup DHCP (10.0.0.1-200)
+6. Point DNS to AdGuard (10.0.0.55)
+7. Set Archer AX72 Pro to AP mode
+8. Test connectivity
+
+**Result:** Mac mini routing all traffic, WiFi working via Archer AP
+
+---
+
+### **Phase 2: Advanced Features** (Day 2-3, 3-4 hours)
+**Goal:** Add monitoring, security, optimization
+
+Steps:
+1. Install ntopng (network traffic analysis)
+2. Configure Suricata IDS/IPS (intrusion detection)
+3. Setup device identification:
+   - IP tracking
+   - MAC tracking
+   - NetBIOS/mDNS detection
+   - Periodic nmap scanning
+4. Configure traffic shaping (QoS)
+5. Enable comprehensive logging
+6. Security hardening
+
+**Result:** Enterprise-grade monitoring and security
+
+---
+
+### **Phase 3: Zenarmor Parental Controls** (Day 4-5, 4-6 hours)
+**Goal:** Application-level controls for each child
+
+Steps:
+1. Install Zenarmor (os-sensei)
+2. Run setup wizard
+3. Create policies:
+   - **Bella (14yo):** Strict controls
+   - **Xander (15yo):** Moderate controls  
+   - **William (17yo):** Relaxed controls
+4. Configure application blocking:
+   - Block TikTok, adult content
+   - Limit YouTube, gaming
+   - Allow educational sites
+5. Setup time-based rules:
+   - School hours: Educational only
+   - After school: Limited social/gaming
+   - Bedtime: Block everything
+6. Enable Safe Search enforcement
+7. Configure daily email reports
+
+**Result:** Application-level parental controls (way better than MAC blocking!)
+
+---
+
+### **Phase 4: Home Assistant Integration** (Day 6-7, 2-3 hours)
+**Goal:** Full automation and dashboard control
+
+Steps:
+1. Enable OPNsense API
+2. Install HACS integration in HA
+3. Configure device trackers
+4. Create firewall rules for HA control
+5. Build automations:
+   - Bedtime blocking
+   - School hours restrictions
+   - Bandwidth alerts
+6. Create dashboard
+7. Setup Zenarmor API sensors
+8. Configure notifications
+
+**Result:** Complete control via Home Assistant dashboard
+
+---
+
+## 🎁 What You Get
+
+### Compared to OpenWRT on Archer:
+
+| Feature | OpenWRT | OPNsense on Mac mini |
+|---------|---------|----------------------|
+| **Hardware** | Archer (limited) | Mac mini (powerful) |
+| **CPU** | 880 MHz MIPS | i5 @ 2+ GHz |
+| **RAM** | 512MB | 8GB |
+| **Storage** | 128MB flash | 500GB SSD |
+| **Application Control** | ❌ | ✅ Full DPI |
+| **See What Apps** | ❌ | ✅ YouTube, TikTok, etc. |
+| **Time Quotas** | ❌ | ✅ 2 hours/day per app |
+| **Content Filtering** | ❌ DNS only | ✅ DPI + DNS |
+| **Reporting** | ❌ Manual | ✅ Automated daily |
+| **Cost** | $0 | $0 hardware, $59/year Zenarmor |
+
+**Verdict:** OPNsense on Mac mini is VASTLY superior!
+
+---
+
+## 💰 Cost Comparison
+
+### What You're Saving:
+
+**Hardware Options:**
+- Protectli VP2420: $400-450
+- Qotom J4125: $250
+- **Your Mac mini: $0** ✅
+
+**Software:**
+- OPNsense: FREE
+- Zenarmor Home: $59/year
+- **Total: $59/year** (vs $400+ for new hardware)
+
+**Comparable Commercial Solutions:**
+- Firewalla Gold: $500
+- Qustodio Premium: $138/year (no router!)
+- Circle Home Plus: $130 + $10/month
+
+**You're getting enterprise-grade for consumer prices!**
+
+---
+
+## 📋 Full Implementation Guide
+
+Due to the comprehensive nature of the guide (1,959 lines), the **complete step-by-step guide** is available in:
+
+**Location:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md`
+
+The full guide includes:
+- ✅ Detailed installation instructions
+- ✅ Every configuration step with screenshots
+- ✅ Troubleshooting for each phase
+- ✅ Example configurations
+- ✅ Dashboard YAML code
+- ✅ Automation examples
+- ✅ Security hardening steps
+- ✅ Maintenance procedures
+- ✅ Emergency recovery procedures
+
+---
+
+## 🚦 Quick Start Checklist
+
+### Before You Begin:
+- [ ] Mac mini ready (will erase macOS!)
+- [ ] 8GB+ USB drive for installer
+- [ ] HDMI monitor + USB keyboard
+- [ ] 3x Ethernet cables
+- [ ] 2-3 hours uninterrupted time
+- [ ] Backup any important Mac mini data
+- [ ] Note all current MAC addresses for devices
+
+### Phase 1 (Day 1):
+- [ ] Download OPNsense ISO
+- [ ] Create bootable USB (Rufus on Windows / dd on Mac)
+- [ ] Install OPNsense on Mac mini
+- [ ] Configure WAN (em1) - to modem
+- [ ] Configure LAN (em0) - to network @ 10.0.0.254
+- [ ] Setup DHCP (10.0.0.1-200, DNS 10.0.0.55)
+- [ ] Set static IP for Home Assistant (10.0.0.55)
+- [ ] Configure Archer as AP @ 10.0.0.2
+- [ ] Test internet connectivity
+- [ ] **STOP and test for 24 hours!**
+
+### Phase 2 (Day 2-3):
+- [ ] Install ntopng for monitoring
+- [ ] Install Suricata IDS/IPS
+- [ ] Configure device tracking (IP/MAC/NetBIOS)
+- [ ] Setup traffic shaping
+- [ ] Enable comprehensive logging
+- [ ] **STOP and test for 24 hours!**
+
+### Phase 3 (Day 4-5):
+- [ ] Install Zenarmor (os-sensei)
+- [ ] Run setup wizard
+- [ ] Create policy for Bella (14yo)
+- [ ] Create policy for Xander (15yo)
+- [ ] Create policy for William (17yo)
+- [ ] Configure application blocks/limits
+- [ ] Setup time-based rules
+- [ ] Enable Safe Search
+- [ ] Configure email reports
+- [ ] **STOP and test for 2-3 days!**
+
+### Phase 4 (Day 6-7):
+- [ ] Generate OPNsense API keys
+- [ ] Install HACS OPNsense integration
+- [ ] Configure device trackers
+- [ ] Create firewall rules for HA
+- [ ] Build bedtime automations
+- [ ] Build school hours automations
+- [ ] Create dashboard
+- [ ] Setup Zenarmor API sensors
+- [ ] Test all automations
+- [ ] **DONE!**
+
+---
+
+## ⚠️ Important Notes
+
+### About Erasing macOS:
+- **OPNsense will COMPLETELY ERASE macOS**
+- Backup any important files first
+- Mac mini will become a dedicated router
+- Cannot dual-boot (must choose: macOS OR router)
+- Recommended: Keep it as dedicated router (it's perfect for this!)
+
+### Network Interfaces:
+- **em0:** Onboard Ethernet → LAN (your network)
+- **em1:** Thunderbolt adapter 1 → WAN (to modem)
+- **em2:** Thunderbolt adapter 2 → Spare (future guest network/DMZ)
+
+### DHCP Exclusions:
+OPNsense will avoid assigning these automatically if you set static mappings:
+- 10.0.0.55 - Home Assistant (MUST be static)
+- 10.0.0.2 - Archer AX72 Pro AP
+- 10.0.0.1-10 - Infrastructure devices
+
+### Testing Between Phases:
+**CRITICAL:** Test each phase for 24-48 hours before proceeding!
+- Phase 1 must be rock-solid before Phase 2
+- Phase 2 must be stable before Phase 3
+- Phase 3 must work perfectly before Phase 4
+
+This prevents cascading issues and makes troubleshooting easier.
+
+---
+
+## 🎯 Why Mac Mini is Perfect
+
+### Advantages Over Dedicated Hardware:
+
+**vs Protectli VP2420 ($400):**
+- ✅ Same CPU generation (4th gen Intel)
+- ✅ Same RAM (8GB)
+- ✅ MORE storage (500GB vs 256GB)
+- ✅ Built-in power supply (no adapter)
+- ✅ Thunderbolt expandability
+- ✅ **$0 cost!**
+
+**vs OpenWRT on Archer:**
+- ✅ 4x more CPU power
+- ✅ 16x more RAM
+- ✅ 4000x more storage
+- ✅ Can run Zenarmor (Archer can't)
+- ✅ Can run Suricata effectively
+- ✅ Can store months of logs
+- ✅ Room for unlimited features
+
+**Only Disadvantage:**
+- ❌ Slightly higher power consumption (~20W vs 6-10W)
+- **Offset by:** $400 hardware savings = 6+ years of extra electricity cost
+
+---
+
+## 📊 Example Results
+
+### What You'll See in Zenarmor:
+
+**Bella's Daily Report:**
+```
+Date: December 21, 2025
+
+Total Usage: 2.1 GB
+Applications:
+  1. YouTube - 1.2 GB (Educational: 700MB, Entertainment: 500MB)
+  2. Discord - 400 MB
+  3. Khan Academy - 300 MB
+  4. TikTok - BLOCKED (5 attempts)
+
+Policy Violations: 3
+  - 2:32 PM: Attempted adult site (BLOCKED)
+  - 4:15 PM: Tried to bypass SafeSearch (BLOCKED)  
+  - 5:43 PM: Exceeded TikTok quota (BLOCKED)
+
+Time Online: 4.5 hours
+Bandwidth Quota: 68% used (1433 MB / 2048 MB daily limit)
+
+Alerts: Bella tried to access "proxy-site.com" (bypassing attempt detected)
+```
+
+**Parent Dashboard in Home Assistant:**
+```
+┌─ Router Status ────────────────┐
+│ Uptime: 7 days, 3 hours        │
+│ CPU: 12%                       │
+│ Memory: 34%                    │
+│ Temp: 52°C                     │
+└────────────────────────────────┘
+
+┌─ Bella (14yo) ─────────────────┐
+│ iPhone: 🟢 Connected           │
+│ Desktop: 🔴 Offline            │
+│ Status: ✅ Internet Allowed    │
+│ Today: 1.2 GB / 2 GB          │
+│ Violations: 3                  │
+│ [Block Now] [View Report]      │
+└────────────────────────────────┘
+
+┌─ Network Activity ─────────────┐
+│ [Bandwidth Graph - Last 24h]   │
+│ Download: ▁▂▃▅▇█▇▅▃▂▁         │
+│ Upload:   ▁▁▂▂▃▃▂▂▁▁          │
+└────────────────────────────────┘
+```
+
+---
+
+## 🆘 Quick Troubleshooting
+
+### Internet Not Working:
+1. Check WAN interface (em1) has IP from modem
+2. Test: `ping 8.8.8.8` from OPNsense console
+3. Verify firewall rules allow LAN → WAN
+4. Check DNS is set to 10.0.0.55
+
+### Can't Access OPNsense Web Interface:
+1. Verify laptop is on 10.0.0.x network
+2. Try: https://10.0.0.254
+3. Accept self-signed certificate warning
+4. Check firewall isn't blocking port 443
+
+### DHCP Not Working:
+1. Services > DHCPv4 > LAN - verify enabled
+2. Check range (10.0.0.1-200)
+3. Verify no IP conflicts
+4. Review DHCP logs
+
+### Zenarmor Blocking Too Much:
+1. Services > Zenarmor > Policies
+2. Review categories (adjust as needed)
+3. Add specific sites to whitelist
+4. Check "Educational" category is allowed
+
+### Kids Bypassing Controls:
+1. Check for VPN usage (Zenarmor detects)
+2. Verify MAC addresses correct
+3. Enable TLS inspection (Phase 3)
+4. Review Zenarmor logs
+
+---
+
+## 📞 Support Resources
+
+### Documentation:
+- **Full Guide:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md`
+- **OPNsense Docs:** https://docs.opnsense.org/
+- **Zenarmor Docs:** https://www.zenarmor.com/docs/
+- **Home Assistant:** https://www.home-assistant.io/
+
+### Community:
+- **OPNsense Forum:** https://forum.opnsense.org/
+- **Reddit:** r/OPNsenseFirewall
+- **Zenarmor Forum:** https://forum.opnsense.org/index.php?board=76.0
+
+### This Repository:
+- Issue tracker for questions
+- Example configs
+- Troubleshooting tips
+
+---
+
+## ✅ Ready to Begin?
+
+1. **Read:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md` (full detailed guide)
+2. **Prepare:** Gather hardware, backup data, clear schedule
+3. **Start:** Phase 1 (2-3 hours)
+4. **Test:** 24 hours stability
+5. **Continue:** Phases 2, 3, 4 over next week
+6. **Enjoy:** Enterprise-grade network!
+
+---
+
+**This is the BEST use of your Mac mini 2014 - transform it into a router more powerful than $500 commercial solutions!** 🚀
+
+---
+
+*Last Updated: December 21, 2025*  
+*Hardware: Mac mini 2014, i5, 8GB RAM, 500GB SSD, 3x GbE*  
+*Software: OPNsense 25.1 + Zenarmor + Home Assistant*  
+*Total Cost: $0 hardware (reusing Mac mini) + $59/year Zenarmor*