Proxmox comparison

Proxmox VE is the right comparison for Coppice’s operator surface: one browser UI for compute, storage, networking, snapshots, consoles, tasks, auth, and cluster state. Coppice is not a general-purpose hypervisor manager, but the admin dashboard should feel familiar to a Proxmox operator when the question is “what is running, what changed, can I open a console, can I snapshot/fork it, and what does the host think is healthy?” The canonical descriptive reference for what Proxmox actually does — header chrome, resource tree, datacenter / node / guest tabs, storage and SDN, the bottom task panel — lives at /appendix/proxmox-admin-spec; this page is the row-by-row Coppice parity map keyed against it.

What Proxmox exposes

The current Proxmox VE admin guide describes a browser-based management interface with a top header, resource tree, content panels, built-in HTML5 console, search, task history, syslogs, storage, backup, replication, permissions, HA, and firewall panels. The storage chapter emphasizes pluggable local/shared storage, snapshots, thin provisioning, and shared-storage migration. The firewall chapter describes datacenter/host/VM-level policy with IPv4 and IPv6 support.

Main admin UI inventory

This is the full Proxmox-style UI surface Coppice should either match, intentionally omit, or document as a different primitive. The target is operator parity for Coppice’s scope, not a literal clone of every Linux cluster feature.

Proxmox UI surface	Coppice status	mapping and gap
Top chrome: search, docs/help, create VM, create CT, task viewer, user/session menu	partial	Admin now has search, create-machine entry, task view entry, parity docs link, and structured deep links under `/admin/#/…`. Session/user menu and help drawer are still open. Real `/admin/…` paths need a gateway/static-server rewrite or Astro server adapter because the site builds as static HTML.
Left resource tree: Datacenter, node, guests, templates, storage, pools, diagnostics	closed for single node	The admin dashboard now renders a Proxmox-shaped resource navigator: Datacenter → honor → guests, templates, bhyve pool, volumes, snapshots, schedules, diagnostics, and task/audit feeds.
Content workbench with selected-object tabs	partial	Datacenter/node and guest selections now render tab bars. Guest tabs cover Summary, Console, Hardware, Options, Backup, Snapshots, Firewall, Permissions, Tasks, and Metrics. Storage, backup, node diagnostics, pool inventory, network/firewall, and permissions now have inventory/detail workbenches; host update tabs need deeper editors.
Guest list, guest summary, status, address, usage, lifecycle	closed	`/sandboxes` plus detail fetches render template, state, address, lifecycle, CPU/memory/disk samples, and links into the live demo UI.
Guest console tab: noVNC/SPICE/xterm.js-style access	closed for Coppice guests	Shell, browser/CDP, VS Code/code-server, VNC, RDP, and bhyve framebuffer paths are embedded in the selected guest Console tab. The console can expand in-place over the admin workspace without remounting the iframe.
Guest lifecycle controls: start, shutdown, stop, pause, resume, clone, migrate, console	partial	Coppice exposes pause, resume, kill, snapshot, snapshot+fork, preview URL, Remote-SSH, and direct in-admin console/metrics/snapshot/firewall shortcuts. Start/create is template-backed. Graceful shutdown/start-order/migration forms remain open.
Guest hardware/resources/options	partial	Coppice shows sampled CPU, memory, disk, address, lifecycle, metadata, and a Proxmox-shaped hardware table with CPU/memory/disk/NIC/display rows. Jail CPU, memory, and writable-layer quota edits are live through `PATCH /sandboxes/:id/limits` and are task-recorded; NIC/display editors and bhyve hotplug remain open.
Guest monitor, guest-agent, cloud-init, DNS/network tabs	partial	Coppice has command execution, metadata, Remote-SSH, preview URLs, template startup scripts, and a selected-guest Monitor tab that runs operator commands through `/sandboxes/:id/exec`. Guest-agent detail, cloud-init-style boot forms, and editable boot-network-init panels remain open.
Snapshots and clone/fork tab	closed, different semantics	Coppice has durable ZFS filesystem snapshots and fork. Proxmox VM live snapshots can include memory for supported storage; Coppice’s live-memory story is bhyve pause/resume, not jail fork.
Storage inventory: content, ISO/images, backups, permissions, usage	partial	Persistent volumes, live mounts, snapshots, template datasets, and bhyve pools are visible in the admin storage workbench, with snapshot detail and fork actions. Arbitrary pool/NFS/iSCSI/Ceph-equivalent provisioning remains intentionally out of the single-node scope.
Backup/restore jobs, schedules, retention, backup logs	partial	Scheduled sandboxes, restore-point inventory, and non-destructive snapshot fork restore are exposed in the admin. Retention pruning, destructive restore-over-source, and object-store archive targets remain backend gaps.
Firewall UI at datacenter/node/guest levels: rules, aliases, IP sets, security groups, logs	closed for sandbox egress	Coppice uses per-sandbox pf anchors for IPv4/IPv6 VNET policy and air-gap state flushing. The admin firewall view now shows bridge/NAT policy, datacenter/guest rule tables, aliases/IP sets, per-guest address/air-gap state, VNET diagnostics, and denied/error audit rows. Arbitrary safe rule CRUD and security-group composition remain backend gaps.
Bottom task log and task details: progress, output, cancel, history	closed v1	The gateway now exposes `GET /tasks`, `GET /tasks/events`, `GET /tasks/:id`, `GET /tasks/:id/events`, and `POST /tasks/:id/cancel`. Create, kill, pause, resume, snapshot, fork, and network-policy mutations produce task records with progress messages; the honor rc.d service persists them to `/var/log/coppice/tasks.jsonl`. The admin task explorer reads those records first, then folds in lifecycle/audit history, and task detail rows can request cancellation from the UI. Child-process stdout splicing and real mid-flight cancellation hooks remain hardening work.
Permissions: users, groups, roles, API tokens, realms, pools	partial v1	API keys, scopes, tenant quotas, audit, and CLI login are in place. The admin permissions view shows an access-control summary, privilege matrix, subject/token/role inventory, ACL assignment rows, audit outcome graph, denied/error decisions, and recent access log. The gateway now also exposes a Phase 1 + Phase 3 multi-tenant model — local-realm users, per-user argon2id-hashed API tokens, role grants (built-in `admin`/`operator`/`viewer`), and optional TOTP (RFC-6238, secrets AES-GCM-encrypted at rest). See the auth appendix. Groups (Phase 2) and LDAP/OIDC realms (Phase 4) remain open.
Datacenter options: cluster, HA, replication, migration, resource pools	open	Proxmox is multi-node by design. Coppice is single-host today, but the admin now has a cluster/HA panel that shows the single-node state, live guests, snapshot sources, pool capacity, fabric health, node/overlay link rows, replication job shape, and explicit overlay/replication/fencing/migration backend gaps. The planned FreeBSD path is VXLAN or WireGuard plus ZFS send/recv and a scheduler.
Live migration and replication UI	open	Coppice can pause/resume and fork locally. Cross-host migration needs shared or replicated storage plus network overlay.
Node system UI: shell, network, DNS, time, certs, syslog, repositories, updates	partial	The node panel now shows gateway uptime/counters, VNET wedge bundle metadata, stuck-process probe output, rc.d services, interface/bridge/route/pf state, syslog sources, package updates, repositories, time, DNS, hosts, certificates, bhyve warm-pool inventory, and recent node/API audit. Mutating package/repository/network/time/DNS/cert operations remain backend gaps.
Node disks and ZFS/LVM/Ceph-style storage panels	partial	ZFS-backed templates, snapshots, and volumes are the foundation. The admin storage tab has Proxmox-shaped backend rows, and the node `Disks` tab now reads live `zpool`, `zfs`, `df`, and `gpart` inventory from `/diagnostics/host/storage`. SMART view, pool creation, quota editors, and repair workflows remain backend gaps.
SDN / network fabric panels	partial	VNET, pf, bridge setup, wildcard routing, IPv6, and per-guest network inventory are implemented for single-host sandboxes. A multi-node fabric editor remains open.
Notifications, ACME/certificates, support/subscription panels	open	Coppice has lifecycle webhooks, receipts, and logs. The admin now exposes a notifications/certificates panel with event sources, delivery mix, webhook delivery table, target/matcher inventory, retry/escalation shape, and TLS lifecycle inventory. Target CRUD, retries, email/Slack templates, and ACME/TLS renewal remain backend gaps.
Metrics graphs and recent performance history	partial	Admin has live Prometheus counters, gateway graphs, node aggregate workload graphs, selected-guest metric graphs, and live jail resource-limit editors. Server-side time-series retention, alert thresholds, and bhyve resource editors are still open.
Create VM / Create CT wizard shape	partial	Admin now exposes a Proxmox-shaped create wizard with template, lifecycle, network, hardware, and review sections. It creates from Coppice templates today; bhyve CPU/RAM/disk overrides and guest hotplug are visible but disabled until bhyve reconfigure APIs exist.

What changed in the UI in this pass

The admin dashboard now has a Proxmox-shaped workbench. It polls the same gateway APIs as the rest of the dashboard, then renders:

A fullscreen admin app shell instead of the public-site nav/footer.
Datacenter summary for the single node.
Topbar actions for search, create-machine, tasks, firewall, and the Proxmox parity map.
Structured admin routing via /admin/#/guest/<id>/console so selected resource tabs survive refresh, back/forward, and direct links without breaking the static Astro deployment.
Node inventory for running sandboxes/VMs, with search filtering.
Guest rows grouped under the node, with template/state/address data and an in-admin detail/action panel.
Selected guest summary operations strip for console, metrics, snapshots, firewall, task history, pause/resume, snapshot/fork, preview URL, Remote-SSH, and kill.
Guest tabs for Summary, Console, Monitor, Hardware, Options, Backup, Snapshots, Firewall, Permissions, Tasks, and Metrics.
Selected-guest Monitor tab with presets and arbitrary operator command execution through the gateway exec API.
Proxmox-shaped create-machine wizard with template, lifecycle, network, hardware, and review sections.
Guest Hardware and Options tabs now present table/form affordances for the fields operators expect; jail resource limits are editable and unsafe bhyve/NIC/display mutations remain visibly disabled.
Embedded admin console iframes for shell/VNC/RDP/browser-style views, with an in-page full-console overlay instead of a new browser window. Inventory polling and guest-to-guest navigation preserve mounted console DOM nodes so VNC/RDP sessions do not reload every refresh tick or when switching away and back.
A first-class Metrics resource with gateway counter graphs, node workload history, lifecycle mix, webhook delivery mix, and current per-guest usage.
Per-guest Metrics tabs with CPU, memory, disk, uptime, and log-line sparklines from Prometheus labels.
Storage rows for volumes, durable snapshots, backend inventory, and live node disk/dataset/filesystem/partition inventory.
Storage workbench tables for volumes/live mounts and a snapshot browser with selected restore-point detail.
Backup workbench tables for schedules plus a restore wizard that forks a new sandbox from a selected snapshot.
Node system workbench for gateway service counters, VNET wedge bundles, stuck-process probe output, rc.d service inventory, interface/bridge/route/pf state, node log/source inventory, update/repository/time/DNS/host/cert probes, bhyve pool status, and recent API audit.
Pool workbench using Prometheus-labeled warm-pool ready/in-use/target rows and reconciliation outcomes.
Network/firewall workbench for bridge/NAT policy, per-guest addresses, datacenter/guest rule tables, alias/IP-set inventory, air-gap state, VNET diagnostics, and denied/error audit decisions.
Permissions workbench for auth summary, privilege matrix, subject/token/role inventory, ACL assignment rows, audit outcome graph, denied/error permission decisions, and recent access log.
Cluster/HA workbench for single-node status, lifecycle feed, node/overlay link rows, replication job shape, and named overlay/replication/fencing/ migration gaps.
Notifications/certificates workbench for event sources, webhook delivery mix, delivery table, target/matcher inventory, retry plan, and TLS lifecycle inventory.
A collapsible bottom tool window for tasks, audit, and aggregate metrics.
A task explorer that reads gateway task records, follows /tasks/events for live updates, then combines lifecycle and audit events into one selectable history view with filters, status/progress, raw detail, and cancel-request controls for non-terminal gateway tasks.
The old page sections are no longer below the workbench; receipts, capability map, metrics, snapshots, gateway health, and backlog are all resource-tree destinations inside the admin interface.
The page is now an Astro route plus a hydrated React admin island, so the stateful surface is componentized instead of rebuilt through template-string DOM mutation.

That closes the biggest UX gap without pretending Coppice is a full cluster hypervisor manager. The next Proxmox-shaped closures are:

Bhyve reconfigure APIs for editable guest CPU/RAM/disk hotplug plus NIC/display option editors.
Real cancellation for in-flight jobs plus child stdout/stderr splicing into the task event stream.
Storage manager backends for retention policies, archive/export targets, destructive restore-over-source, and arbitrary host storage pool provisioning.
Host operations editors for package/repository mutation, bridge/VLAN/pf edits, certificate lifecycle, SMART/repair workflows, and installed template versions. Read-only service, syslog, repository/update, DNS/time, certificate, network, and storage probes are already wired into /admin/#/node/honor/*.
Permissions backend CRUD for users, groups, roles, scoped API tokens, pools, and optional external realms/TFA.
Cluster overlay receipt once a second host is available.
Notification target CRUD, retry inspector, email/chat targets, and certificate inventory/renewal jobs.
Firewall rule editor for aliases, IP sets, reusable security groups, and explicit datacenter/node/guest policy composition.

Page-by-page audit (2026-04-27)

This is the granular pass keyed against actual screenshots of pve-manager (under /proxmox/) and the live Coppice /admin route (under /coppice-admin/). Each row names the Proxmox page, the corresponding Coppice route, a verdict, and the specific deltas to ship next.

Proxmox page	Coppice route	screenshots and granular gaps
Datacenter Summary	closed	Proxmox VE Coppice `/admin` Proxmox shows multi-node aggregate Status / Guests / Resources tiles plus a CPU + memory + storage chart strip; Coppice shows the equivalent single-node tiles (live guests, templates, sampled CPU/RAM/disk, schedules, audit/lifecycle counters) and now renders sparklines for gateway counters. Proxmox subscription/repository/health row is N/A here — Coppice is self-hosted, no subscription gate.
Datacenter Storage	partial	Proxmox VE Coppice `/admin` Proxmox lists datacenter-scoped storages with type + content tags (Disk image / ISO / VZDump / Container / Snippets) plus an Add: Directory/LVM/ZFS/NFS/CIFS/Ceph/PBS dialog; Coppice exposes 5 backend rows but no Add-storage form — ship a storage backend wizard for at minimum extra ZFS datasets and an ISO library directory. Proxmox storage Summary tab shows usage chart (week/month) per backend; Coppice shows current usage numerals only — chart per-backend usage history off the existing Prometheus counter. Proxmox content tab supports per-image actions (Restore, Show Configuration, Remove, Edit Notes); Coppice snapshot detail shows fork/restore but not in-place destructive restore — that one is intentionally backend-gated.
Datacenter Firewall	partial	Proxmox VE Coppice `/admin/#/security` Proxmox firewall has Rules, Options, Aliases, IPSet, Security Group, Log subsections at three scopes (datacenter/node/guest); Coppice shows datacenter rule table, alias/IP-set inventory, denied/error audit, and per-guest rule rows but no rule create/edit form — ship a rule editor that writes through the per-sandbox `coppice/sandbox-<short>` pf anchor. Proxmox supports reusable Security Groups composable across guests; Coppice has no group abstraction — model a sharable rule template and reference from sandbox metadata. Proxmox firewall Log tab streams pf-equivalent matches per rule; Coppice surfaces denied/error audit decisions from the gateway but not the underlying pf log — pipe `pflog0` tagged-by-anchor into the audit stream.
Datacenter Backup	partial	Proxmox VE Coppice `/admin/#/backup` Proxmox backup-job edit dialog has 4 tabs (General / Retention / Note Template / Advanced) with cron schedule, target storage, mode (snapshot/suspend/stop), notification policy, retention (keep-last/hourly/daily/weekly/monthly/yearly), Zstandard, mailto, prune; Coppice shows schedule list and a restore wizard but no edit dialog — ship a job editor with the 6 retention buckets and a cron+target form. Proxmox supports PBS as a target with deduplicated incremental backups; Coppice’s only target is a local ZFS snapshot — flag PBS-style remote target as a backend gap. Proxmox shows backup-job last-run status with green/yellow/red plus tail-of-log; Coppice snapshot rows show creation time but no per-job result — wire `tasks/events` backup outcomes into the schedule row.
Node Summary	partial	Proxmox VE Coppice `/admin/#/node/honor/summary` Proxmox node summary shows host CPU usage, IO delay, load average, RAM, KSM, swap, root-fs, kernel/PVE/CPU/manager versions, repo status banner, plus 24-hour CPU + Server-Load graphs; Coppice shows gateway uptime/created/reaped/active sparklines but no host-level CPU/load/RAM/IO panel — surface `top -bn1` + `vmstat` + `swapinfo` output and chart node CPU + load. Proxmox shows kernel + manager versions plus repo update banner; Coppice has version info hidden in the System tab — pull `uname -a`, `freebsd-version -kru`, and `pkg version -vIL=` into the summary header. Proxmox has Reboot/Shutdown/Bulk Actions/Shell buttons in the topbar; Coppice has none at the node scope — ship a graceful reboot/shutdown action gated by an explicit confirmation modal.
Node System / Updates / Repos / Time / DNS	partial	Proxmox VE node sidebar Coppice `/admin/#/node/honor/system` Proxmox sidebar splits into Shell, System (services / network / DNS / hosts / time), Updates, Repositories, Firewall, Disks, Ceph, Replication, Task History, Subscription, plus a per-tab editor; Coppice now has deep-linkable read-only tabs for `/admin/#/node/honor/services`, `/network`, `/updates`, `/repositories`, `/time`, `/dns`, `/hosts`, `/syslog`, and `/certificates`. Proxmox Updates tab runs `apt update` / `apt-get dist-upgrade` with a live log pane; Coppice has no update action — ship `pkg update` + `freebsd-update fetch install` wrapper that streams stdout into the task event channel. Proxmox Time and DNS tabs are editable forms; Coppice shows the host’s `resolv.conf` upstream as text but no editor — wire `local_unbound` forward-zone and `ntpd`/`sntp` targets through a config-write task. Proxmox Certificates tab manages ACME + custom uploads; Coppice exposes a TLS lifecycle view in `/admin/#/notifications` but no upload/renew action — ship ACME automation tied to the existing notifications panel.
Node Disks / ZFS / LVM	partial	Proxmox VE Coppice `/admin/#/storage` Proxmox Disks tab lists physical devices with model/serial/size/health/SMART, plus subtabs for LVM/LVM-Thin/Directory/ZFS pool/Ceph OSD; Coppice shows ZFS dataset rows but no underlying disk inventory — pipe `geom disk list` + `smartctl -a` + `zpool status` into the Disks tab. Proxmox ZFS panel exposes pool create wizard with stripe/mirror/raidz1-3/dRAID and ashift; Coppice has no pool create — flag as backend gap; `zpool create` wrapper with confirmation modal. Proxmox quota and usage editor lets you adjust per-dataset reservation; Coppice has it for the writable layer per-sandbox but not for the dataset/pool — extend the existing limits editor to dataset granularity.
Node Task History	closed	Proxmox VE bottom panel Coppice `/admin/#/tasks` Proxmox bottom panel shows Tasks + Cluster log with start/end/node/user/description/status columns; Coppice has the same shape with All/Task/Lifecycle/Audit/Errors filters, live SSE updates, per-row detail (type/state/target/time/progress/cancel), and a collapsible bottom-tools drawer. Proxmox task detail shows raw stdout/stderr; Coppice task detail shows progress + raw payload but not subprocess stdout — flagged as known hardening item, child-process splicing into `/tasks/events`.
VM Summary	partial	Proxmox VE Coppice guest `summary` Proxmox VM Summary shows status/HA-state/node/CPU-usage/memory-usage/bootdisk-size/IPs plus 5min/hour/day/week/year RRD CPU + Memory + Network + Disk-IO graphs; Coppice shows current-tick CPU/MEM/disk numerals and an editable Notes-equivalent metadata block — ship per-guest sparkline graphs at the same 5 aggregation levels off the existing Prometheus labels. Proxmox has free-form Notes (Markdown) per guest; Coppice has metadata key/value rows but no Markdown notes — add a Notes box backed by sandbox metadata. Proxmox Summary header has Start / Shutdown / Stop / Migrate / Console / More dropdown; Coppice has Pause / Resume / Snapshot / Snapshot+Fork / Preview / SSH / Kill — Migrate is N/A on a single host, but graceful Shutdown vs Kill is missing.
VM Console	closed	Proxmox VE Coppice guest `console` Proxmox offers noVNC + SPICE + xterm.js consoles via a Console dropdown; Coppice’s Console tab tabs through Shell, Files, VNC, RDP and a per-tab open-full overlay — strictly broader than Proxmox. Proxmox console toolbar has Send-Key (Ctrl-Alt-Del, Tab, etc.); Coppice’s xterm-style Shell does not expose chord buttons — add a Send-Key dropdown for VNC sessions.
VM Hardware	partial	Proxmox VE Coppice guest `hardware` Proxmox Hardware lists 11 device kinds (Memory, Processors, BIOS, Display, Machine, SCSI Controller, CD/DVD, Hard Disk, Network Device, Cloud-Init, Audio) with Add / Remove / Edit / Move-disk / Resize-disk / Disk-action buttons; Coppice shows 5 rows (CPU, memory, disk, NIC, display) and only CPU/memory/disk are editable — ship NIC + Display editors and add BIOS + Machine + CD-Drive read-only rows so the hardware table mirrors Proxmox shape. Proxmox supports hot-plug for vCPU/RAM/disk/NIC on supported guests; Coppice jail limits are live but bhyve hot-plug is not — flagged as backend gap pending bhyve reconfigure APIs. Proxmox Cloud-Init row is editable (user/password/ssh-keys/network); Coppice has template startup scripts but no cloud-init row — surface them as a hardware row for symmetry.
VM Options	partial	Proxmox VE Coppice guest `options` Proxmox Options has 18+ rows (Name, Start at boot, Boot Order, OS Type, Use tablet for pointer, Hotplug, ACPI, KVM, Freeze CPU at startup, Use local time, RTC start date, SMBIOS settings, QEMU Agent, Protection, Spice Enhancements, VM State storage, Hookscript, Tags); Coppice shows 4 (timeout action, auto-resume, display mode, boot profile) — ship at minimum Name/Tags/Start-at-boot/QEMU-Agent equivalents (jail boot order, hostname override, agent presence flag). Proxmox Options has a Hookscript field that runs on lifecycle events; Coppice has lifecycle webhooks but not per-guest scripts — wire a per-sandbox hook script reference.
VM Snapshots	closed	Proxmox VE (Snapshots in tab strip) Coppice guest `snapshots` Proxmox snapshots include optional VM state (memory) when storage supports it; Coppice does ZFS snapshots without memory state but offers a snapshot-fork action that Proxmox lacks. Different scope, both reasonable for their backends. Proxmox shows snapshot tree with rollback / remove / edit-description per row; Coppice shows the flat list with restore-via-fork — add an edit-description action.
VM Backup	partial	Proxmox VE Coppice guest `backup` Proxmox per-VM Backup tab lists existing dumps and exposes Backup Now / Restore / Show Configuration / File Restore (single-file extraction without rolling back); Coppice exposes the schedule + restore-fork but not file-restore — the file-restore feature is high value for “I deleted a single file” workflows. Proxmox supports per-job retention overriding storage default; Coppice has no per-guest retention override — extend backup-job edit form to inherit/override.
VM Firewall	partial	Proxmox VE Coppice guest `firewall` Proxmox per-VM Firewall has Rules / Aliases / IPSet / Options / Log subtabs; Coppice shows the rule table and egress allow/deny + an air-gap toggle but no rule-add form — wire a per-sandbox rule editor against the existing `coppice/sandbox-<short>` anchor. Proxmox Options panel toggles enable/dhcp/macfilter/ipfilter/log-level-in/log-level-out/policy-in/policy-out per NIC; Coppice’s air-gap is binary — split into the same per-direction policy + log-level matrix.
VM Permissions	partial	Proxmox VE Coppice guest `permissions` Proxmox per-VM Permissions exposes Add User-Permission / Add Group-Permission / Add API-Token Permission with role pickers (PVEVMUser, PVEVMAdmin, etc.); Coppice shows the audit trail per guest but no add-permission form — ship a per-resource ACL writer that uses the existing scope language. Proxmox propagation flag controls whether ACLs descend; Coppice has datacenter/guest scope but no explicit propagate toggle — add it.
Create VM Wizard	partial	Proxmox VE (General + 6 more steps) Coppice `/admin` Create Proxmox wizard has 8 steps (General / OS / System / Disks / CPU / Memory / Network / Confirm) with backward navigation and per-step validation; Coppice has 4 (Template / Lifecycle / Network / Hardware) with template-backed defaults — extend with explicit OS / System / Disks tabs even if mostly read-only for jail templates. Proxmox OS step picks ISO + guest-OS-type (Linux 6.x / Windows 11 / Solaris / etc.) which drives downstream defaults; Coppice picks template directly — surface guest-OS-family as a metadata column on the template list. Proxmox Confirm step shows the final `qm create` command and a Start-after-create toggle; Coppice’s review step has the toggle but not the command preview — show the equivalent `POST /sandboxes` body.
SDN Zones / VNets / Subnets / Controllers	partial	Proxmox VE Coppice `/admin/#/network` Proxmox SDN supports 5 zone types (Simple, VLAN, QinQ, VXLAN, EVPN) plus Controllers, Fabrics (OpenFabric/OSPF), IPAM, VNet Firewall; Coppice shows the single `coppicenet0` VNET bridge + `coppbhyve0` + jail-NAT anchor — flag VLAN/QinQ/VXLAN/EVPN as cluster-only and document explicitly that single-host scope keeps the one bridge. Proxmox VNet panel adds/deletes per-tenant VNets with a CIDR + zone binding; Coppice’s `IpAllocator` is a single 10.78.0.0/24 pool — multi-tenant network namespacing is open. Proxmox IPAM tab shows reserved/in-use addresses; Coppice shows live per-guest `10.78.0.<M>` assignments but no allocator history — surface free/in-use map plus reservation log.
Permissions: Users / Groups / Roles / Pools / Realms / 2FA	open	Proxmox VE Coppice `/admin/#/permissions` Proxmox Permissions tree splits into Users / API Tokens / Two Factor / Groups / Pools / Roles / Realms (PAM / PVE / LDAP / AD / OpenID); Coppice shows the access-control surface, role matrix, audit outcomes, and recent decisions but no user/group/role/realm CRUD — ship a self-hosted user table and role editor first, then layer realms. Proxmox 2FA supports TOTP / WebAuthn / Recovery Keys; Coppice has API keys + CLI login only — TOTP is the highest-value next 2FA factor. Proxmox Pools group VMs/storage for permission scoping; Coppice has no pool abstraction — model as a labelled subject with sandbox membership.
My Settings	na	Proxmox VE Coppice `/admin` Proxmox My Settings is a per-user UI prefs dialog (dashboard storages, language, theme, console default, browser-cookies); Coppice has no per-user identity in single-node scope — keep N/A until Permissions ships realms. The admin shell already exposes a theme picker in the topbar, which covers the most-used My-Settings field.

Verdict tally: 4 closed, 14 partial, 1 open, 1 na. The partials are concentrated on host operations (node tabs, disks, updates), per-VM options/permissions/firewall depth, and the create-VM wizard step count. The single open row is the user/group/role/realm CRUD under Permissions; everything else is an edit-form gap on top of an already shipped read view.