diff --git a/.coverage b/.coverage
new file mode 100644
index 0000000..b431c15
Binary files /dev/null and b/.coverage differ
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..e948758
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,31 @@
+repos:
+  - repo: https://github.com/psf/black
+    rev: 23.11.0
+    hooks:
+      - id: black
+        language_version: python3.10
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+
+  - repo: local
+    hooks:
+      - id: mypy
+        name: mypy
+        entry: mypy
+        language: system
+        types: [python]
+        args: ["--strict", "shellscope/backend"]
+        pass_filenames: false
+
+      - id: flutter-analyze
+        name: flutter analyze
+        entry: flutter analyze
+        language: system
+        types: [dart]
+        pass_filenames: false
diff --git a/index.html b/index.html
index 852eccb..e913d55 100644
--- a/index.html
+++ b/index.html
@@ -1,223 +1,289 @@
 <!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>ShellScope</title>
-    <style>
-        :root {
-            --bg-color: #050505;
-            --text-color: #E8E3C7;
-            --accent-color: #F5F5DC;
-        }
-
-        * {
-            box-sizing: border-box;
-            margin: 0;
-            padding: 0;
-        }
-
-        body {
-            background-color: var(--bg-color);
-            color: var(--text-color);
-            font-family: 'Courier New', Courier, monospace;
-            line-height: 1.6;
-            margin: 0;
-            display: flex;
-            flex-direction: column;
-            min-height: 100vh;
-        }
-
-        a {
-            text-decoration: none;
-            color: inherit;
-            transition: all 0.2s ease;
-        }
-
-        /* Layout */
-        .container {
-            max-width: 1200px;
-            margin: 0 auto;
-            padding: 0 2rem;
-            width: 100%;
-        }
-
-        /* Navbar */
-        nav {
-            padding: 2rem 0;
-            display: flex;
-            justify-content: space-between;
-            align-items: center;
-        }
-
-        .logo {
-            font-weight: bold;
-            font-size: 1.25rem;
-            letter-spacing: -1px;
-        }
-
-        .nav-links {
-            display: flex;
-            gap: 2rem;
-        }
-
-        .nav-links a:hover {
-            color: var(--accent-color);
-            opacity: 0.8;
-            text-decoration: underline;
-        }
-
-        /* Hero */
-        .hero {
-            padding: 6rem 0;
-            border-bottom: 1px solid rgba(232, 227, 199, 0.1);
-        }
-
-        h1 {
-            font-size: 3.5rem;
-            line-height: 1.1;
-            margin-bottom: 1.5rem;
-            font-weight: normal;
-        }
-
-        .hero p {
-            font-size: 1.25rem;
-            margin-bottom: 3rem;
-            opacity: 0.8;
-            max-width: 700px;
-        }
-
-        .cta-buttons {
-            display: flex;
-            gap: 1.5rem;
-            flex-wrap: wrap;
-        }
-
-        .btn {
-            padding: 1rem 2rem;
-            font-weight: bold;
-            border: 1px solid var(--accent-color);
-            cursor: pointer;
-            display: inline-block;
-        }
-
-        .btn-primary {
-            background-color: var(--accent-color);
-            color: #000;
-        }
-
-        .btn-primary:hover {
-            background-color: #000;
-            color: var(--accent-color);
-        }
-
-        .btn-secondary {
-            background-color: transparent;
-            color: var(--accent-color);
-        }
-
-        .btn-secondary:hover {
-            background-color: var(--accent-color);
-            color: #000;
-        }
-
-        /* Features */
-        .features {
-            padding: 4rem 0;
-            display: grid;
-            grid-template-columns: repeat(3, 1fr);
-            gap: 2rem;
-        }
-
-        .feature-item h3 {
-            font-size: 1.25rem;
-            margin-bottom: 1rem;
-            font-weight: bold;
-            border-bottom: 1px solid var(--accent-color);
-            display: inline-block;
-            padding-bottom: 0.25rem;
-        }
-
-        /* Tech Stack */
-        .tech-stack {
-            padding: 4rem 0;
-            text-align: center;
-            opacity: 0.7;
-            border-top: 1px solid rgba(232, 227, 199, 0.1);
-        }
+<html lang="en" class="dark scroll-smooth">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>ShellScope | Local Flight Recorder for Windows Terminal Activity</title>
+    <meta
+      name="description"
+      content="ShellScope captures transient Windows processes and terminal activity under 100ms with WMI and local SQLite logging."
+    />
+    <script>
+      tailwind = {
+        config: {
+          darkMode: "class",
+          theme: {
+            extend: {
+              boxShadow: {
+                glow: "0 0 0 1px rgba(148,163,184,0.15), 0 10px 30px rgba(2,6,23,0.45)",
+              },
+            },
+          },
+        },
+      };
+    </script>
+    <script src="https://cdn.tailwindcss.com"></script>
+  </head>
+  <body class="bg-gray-50 text-slate-900 antialiased dark:bg-slate-900 dark:text-slate-200">
+    <div class="fixed top-4 left-4 right-4 z-50 px-4">
+      <nav
+        class="mx-auto flex w-full max-w-7xl items-center justify-between rounded-2xl border border-gray-200/70 bg-white/80 px-4 py-3 shadow-glow backdrop-blur-sm dark:border-slate-700 dark:bg-slate-800/80"
+      >
+        <a
+          href="#hero"
+          class="cursor-pointer text-sm font-semibold tracking-wide text-slate-900 transition-colors duration-200 hover:text-slate-600 dark:text-slate-100 dark:hover:text-slate-300"
+          >ShellScope</a
+        >
+        <div class="flex items-center gap-4 text-sm">
+          <a
+            href="#features"
+            class="cursor-pointer transition-colors duration-200 hover:text-indigo-500"
+            >Features</a
+          >
+          <a
+            href="#users"
+            class="cursor-pointer transition-colors duration-200 hover:text-indigo-500"
+            >Users</a
+          >
+          <a
+            href="#installation"
+            class="cursor-pointer transition-colors duration-200 hover:text-indigo-500"
+            >Install</a
+          >
+          <a
+            href="https://github.com/shiks2/shellscope"
+            target="_blank"
+            rel="noopener noreferrer"
+            class="cursor-pointer rounded-lg border border-gray-300 px-3 py-1.5 text-sm font-medium transition-colors duration-200 hover:border-indigo-400 hover:text-indigo-500 dark:border-slate-600 dark:hover:border-indigo-400"
+            >GitHub</a
+          >
+        </div>
+      </nav>
+    </div>
 
-        /* Footer */
-        footer {
-            padding: 2rem 0;
-            text-align: center;
-            font-size: 0.875rem;
-            opacity: 0.5;
-            margin-top: auto;
-            border-top: 1px solid rgba(232, 227, 199, 0.1);
-        }
+    <main>
+      <section id="hero" class="relative flex min-h-screen items-center px-6 pb-16 pt-40">
+        <div class="mx-auto w-full max-w-7xl">
+          <div
+            class="rounded-3xl border border-gray-200 bg-white/80 p-8 shadow-glow backdrop-blur-sm md:p-12 dark:border-slate-700 dark:bg-slate-800/80"
+          >
+            <p class="mb-4 text-sm font-semibold uppercase tracking-[0.2em] text-indigo-500">Developer Tool / System Observability</p>
+            <h1 class="max-w-4xl text-4xl font-bold leading-tight text-slate-900 md:text-6xl dark:text-slate-100">
+              ShellScope: The Local Flight Recorder for Windows.
+            </h1>
+            <p class="mt-6 max-w-3xl text-lg leading-relaxed text-slate-700 dark:text-slate-300">
+              Capture transient processes and terminal activity under 100ms using WMI. Zero cloud dependencies. Logs command-line arguments to local SQLite DB.
+            </p>
+            <div class="mt-10 flex flex-wrap items-center gap-4">
+              <a
+                href="https://github.com/shiks2/shellscope"
+                target="_blank"
+                rel="noopener noreferrer"
+                class="cursor-pointer inline-flex items-center gap-2 rounded-xl bg-indigo-500 px-5 py-3 text-sm font-semibold text-white transition-colors duration-200 hover:bg-indigo-400"
+              >
+                <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                  <path d="M12 .297C5.37.297 0 5.667 0 12.297c0 5.303 3.438 9.8 8.205 11.387.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.727-4.042-1.61-4.042-1.61-.546-1.386-1.333-1.755-1.333-1.755-1.09-.744.083-.729.083-.729 1.205.085 1.84 1.238 1.84 1.238 1.07 1.833 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.605-2.665-.303-5.467-1.335-5.467-5.932 0-1.31.47-2.38 1.236-3.22-.124-.303-.536-1.523.117-3.176 0 0 1.008-.322 3.3 1.23a11.49 11.49 0 0 1 3.003-.404c1.018.005 2.043.137 3.003.404 2.29-1.552 3.296-1.23 3.296-1.23.655 1.653.243 2.873.12 3.176.77.84 1.234 1.91 1.234 3.22 0 4.61-2.807 5.625-5.48 5.922.43.372.813 1.102.813 2.222 0 1.606-.014 2.898-.014 3.293 0 .322.216.694.825.576C20.565 22.092 24 17.595 24 12.297 24 5.667 18.627.297 12 .297Z" />
+                </svg>
+                View on GitHub
+              </a>
+            </div>
+          </div>
+        </div>
+      </section>
 
-        /* Responsive */
-        @media (max-width: 768px) {
-            h1 {
-                font-size: 2.5rem;
-            }
+      <section id="about" class="px-6 py-20">
+        <div class="mx-auto grid w-full max-w-7xl gap-6 md:grid-cols-2">
+          <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+            <h2 class="text-2xl font-semibold text-slate-900 dark:text-slate-100">About ShellScope</h2>
+            <p class="mt-4 leading-relaxed text-slate-700 dark:text-slate-300">
+              ShellScope uses Windows Management Instrumentation (WMI) to capture process creation events, including short-lived "flash" processes (&lt;100ms). Provides audit trail without external dependencies.
+            </p>
+          </article>
+          <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+            <h3 class="text-xl font-semibold text-slate-900 dark:text-slate-100">Highlights</h3>
+            <p class="mt-4 leading-relaxed text-slate-700 dark:text-slate-300">
+              Highlights: Process List (Green: safe, Red: suspicious like -enc), Status (Running/Closed), Real-time dashboard.
+            </p>
+          </article>
+        </div>
+      </section>
 
-            .features {
-                grid-template-columns: 1fr;
-            }
+      <section id="features" class="px-6 py-20">
+        <div class="mx-auto w-full max-w-7xl">
+          <h2 class="text-3xl font-bold text-slate-900 dark:text-slate-100">Core Features</h2>
+          <div class="mt-10 grid gap-6 sm:grid-cols-2 xl:grid-cols-4">
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6 text-indigo-500" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true">
+                <path stroke-linecap="round" stroke-linejoin="round" d="M13 2 3 14h7l-1 8 10-12h-7l1-8Z" />
+              </svg>
+              <h3 class="mt-4 font-semibold text-slate-900 dark:text-slate-100">Transient Process Capture</h3>
+              <p class="mt-2 text-sm text-slate-700 dark:text-slate-300">Detects/logs processes &lt;100ms lifespan.</p>
+            </article>
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6 text-indigo-500" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true">
+                <path stroke-linecap="round" stroke-linejoin="round" d="M8 4h8l4 4v12H4V4h4Z" />
+                <path stroke-linecap="round" stroke-linejoin="round" d="M8 12h8M8 16h5" />
+              </svg>
+              <h3 class="mt-4 font-semibold text-slate-900 dark:text-slate-100">Argument Logging</h3>
+              <p class="mt-2 text-sm text-slate-700 dark:text-slate-300">Captures full command-line args for analysis.</p>
+            </article>
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6 text-indigo-500" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true">
+                <ellipse cx="12" cy="5" rx="7" ry="3" />
+                <path d="M5 5v7c0 1.7 3.1 3 7 3s7-1.3 7-3V5" />
+                <path d="M5 12v7c0 1.7 3.1 3 7 3s7-1.3 7-3v-7" />
+              </svg>
+              <h3 class="mt-4 font-semibold text-slate-900 dark:text-slate-100">Local-First Architecture</h3>
+              <p class="mt-2 text-sm text-slate-700 dark:text-slate-300">SQLite storage, no cloud uploads.</p>
+            </article>
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6 text-indigo-500" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true">
+                <path stroke-linecap="round" stroke-linejoin="round" d="M3 12h4l2-5 4 10 2-5h6" />
+              </svg>
+              <h3 class="mt-4 font-semibold text-slate-900 dark:text-slate-100">Low Resource Usage</h3>
+              <p class="mt-2 text-sm text-slate-700 dark:text-slate-300">Python WMI backend + performant Flutter UI.</p>
+            </article>
+          </div>
+        </div>
+      </section>
 
-            .nav-links {
-                display: none;
-            }
-        }
-    </style>
-</head>
-<body>
-    <header class="container">
-        <nav>
-            <div class="logo">ShellScope</div>
-            <div class="nav-links">
-                <a href="#features">Features</a>
-                <a href="#tech">Tech Stack</a>
-                <a href="https://github.com/shiks2/shellscope">GitHub</a>
+      <section id="stack" class="px-6 py-20">
+        <div class="mx-auto w-full max-w-7xl">
+          <h2 class="text-3xl font-bold text-slate-900 dark:text-slate-100">Tech Stack</h2>
+          <div class="mt-8 grid gap-4 sm:grid-cols-2 lg:grid-cols-4">
+            <div class="cursor-pointer flex items-center gap-3 rounded-xl border border-gray-200 bg-white/80 p-4 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                <path d="M11.981 0C9.626.011 7.611.251 6.75.45c-2.587.575-3.054 1.782-3.054 4.02v2.95h6.11v.983H1.408C.062 8.403 0 9.585 0 11.072v2.855c0 2.218.487 3.533 3.054 4.02 1.018.196 2.173.29 3.295.29h2.117v-2.98c0-2.154 1.86-4.052 4.058-4.052h6.098c1.699 0 3.055-1.398 3.055-3.106V4.47c0-2.066-1.743-3.618-3.055-3.836C16.642.185 14.335-.01 11.98 0Zm-3.306 2.202c.783 0 1.416.65 1.416 1.452 0 .8-.633 1.45-1.416 1.45-.782 0-1.416-.65-1.416-1.45 0-.802.634-1.452 1.416-1.452Z" />
+                <path d="M12.019 24c2.355-.011 4.37-.251 5.231-.45 2.587-.575 3.054-1.782 3.054-4.02v-2.95h-6.11v-.983h8.398c1.346 0 1.408-1.182 1.408-2.67V10.07c0-2.218-.487-3.533-3.054-4.02-1.018-.196-2.173-.29-3.295-.29h-2.117v2.98c0 2.154-1.86 4.052-4.058 4.052H5.378c-1.699 0-3.055 1.398-3.055 3.106v3.63c0 2.066 1.743 3.618 3.055 3.836 1.98.449 4.287.644 6.642.634Zm3.306-2.202c-.783 0-1.416-.65-1.416-1.452 0-.8.633-1.45 1.416-1.45.782 0 1.416.65 1.416 1.45 0 .802-.634 1.452-1.416 1.452Z" />
+              </svg>
+              <span class="font-medium">Python</span>
             </div>
-        </nav>
-    </header>
-
-    <main class="container">
-        <section class="hero">
-            <h1>The Windows Terminal Flight Recorder</h1>
-            <p>Capture transient process activity. Log command arguments. Store everything locally.</p>
-            <div class="cta-buttons">
-                <a href="https://github.com/shiks2/shellscope" class="btn btn-primary">View on GitHub</a>
-                <!-- <a href="#" class="btn btn-secondary">Download Alpha</a> -->
+            <div class="cursor-pointer flex items-center gap-3 rounded-xl border border-gray-200 bg-white/80 p-4 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                <path d="M14.314 0 2.142 12.172l3.62 3.617L21.555 0h-7.24ZM5.76 15.79 0 21.556h7.24l2.14-2.14-3.62-3.626Zm9.14-4.307 3.62 3.625L24 9.69h-7.24l-1.86 1.792Zm-2.268 2.268-2.14 2.14 3.62 3.625h7.24l-5.48-5.765h-3.24Z" />
+              </svg>
+              <span class="font-medium">Flutter</span>
             </div>
-        </section>
-
-        <section id="features" class="features">
-            <div class="feature-item">
-                <h3>Flash Capture</h3>
-                <p>Detects processes with lifespans under 100 milliseconds.</p>
+            <div class="cursor-pointer flex items-center gap-3 rounded-xl border border-gray-200 bg-white/80 p-4 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                <path d="M18.133 0H5.867A5.867 5.867 0 0 0 0 5.867v12.266A5.867 5.867 0 0 0 5.867 24h12.266A5.867 5.867 0 0 0 24 18.133V5.867A5.867 5.867 0 0 0 18.133 0Zm-.667 5.333a1 1 0 1 1 0 2h-3.733a1 1 0 0 1 0-2h3.733Zm-9.6 2h8.267a1 1 0 0 1 0 2H7.867a1 1 0 1 1 0-2Zm8.8 5.334H8.4a1 1 0 1 1 0-2h8.267a1 1 0 1 1 0 2Zm-1.067 4h-7.2a1 1 0 1 1 0-2h7.2a1 1 0 0 1 0 2Z" />
+              </svg>
+              <span class="font-medium">SQLite</span>
             </div>
-            <div class="feature-item">
-                <h3>Deep Visibility</h3>
-                <p>Logs parent PIDs and full command line arguments.</p>
+            <div class="cursor-pointer flex items-center gap-3 rounded-xl border border-gray-200 bg-white/80 p-4 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                <path d="M0 3.449 9.75 2.11v9.43H0V3.45Zm10.875-1.5L24 0v11.403H10.875V1.95ZM0 12.597h9.75v9.43L0 20.69v-8.093Zm10.875 0H24V24l-13.125-1.848v-9.555Z" />
+              </svg>
+              <span class="font-medium">Windows</span>
             </div>
-            <div class="feature-item">
-                <h3>Offline First</h3>
-                <p>Zero cloud dependency. Data is stored in a local SQLite database.</p>
-            </div>
-        </section>
+          </div>
+        </div>
+      </section>
 
-        <section id="tech" class="tech-stack">
-            <p>Built with Flutter, Python WMI, and SQLite.</p>
-        </section>
-    </main>
+      <section id="users" class="px-6 py-20">
+        <div class="mx-auto w-full max-w-7xl">
+          <h2 class="text-3xl font-bold text-slate-900 dark:text-slate-100">Users &amp; Use Cases</h2>
+          <div class="mt-10 grid gap-6 md:grid-cols-3">
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <h3 class="text-lg font-semibold text-slate-900 dark:text-slate-100">Paranoid Developers / SecOps</h3>
+              <p class="mt-3 text-sm leading-relaxed text-slate-700 dark:text-slate-300">Catch malware scripts or debugging flashes ProcMon misses.</p>
+              <p class="mt-3 text-sm text-slate-700 dark:text-slate-300">Use case: forensic replay of exact command lines and parent processes.</p>
+            </article>
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <h3 class="text-lg font-semibold text-slate-900 dark:text-slate-100">SMB IT Admins</h3>
+              <p class="mt-3 text-sm leading-relaxed text-slate-700 dark:text-slate-300">Monitor employee machines for suspicious <code>-enc</code> PowerShell behavior.</p>
+              <p class="mt-3 text-sm text-slate-700 dark:text-slate-300">Use case: compliance logging with local SQLite exports for air-gapped audits.</p>
+            </article>
+            <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+              <h3 class="text-lg font-semibold text-slate-900 dark:text-slate-100">Non-Tech Home Users</h3>
+              <p class="mt-3 text-sm leading-relaxed text-slate-700 dark:text-slate-300">Spot random CMD/PowerShell popups from miners or persistence scripts.</p>
+              <p class="mt-3 text-sm text-slate-700 dark:text-slate-300">Use case: real-time alerts with suspicious commands highlighted in red.</p>
+            </article>
+          </div>
+        </div>
+      </section>
 
-    <footer>
-        <div class="container">
-            <p>&copy; 2026 ShellScope. Released under MIT License.</p>
+      <section id="installation" class="px-6 py-20">
+        <div class="mx-auto grid w-full max-w-7xl gap-8 lg:grid-cols-2">
+          <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+            <h2 class="text-2xl font-semibold text-slate-900 dark:text-slate-100">Installation</h2>
+            <p class="mt-4 text-slate-700 dark:text-slate-300">Prerequisites: Python 3.8+, Flutter SDK, Windows OS.</p>
+            <ol class="mt-6 space-y-3 text-sm text-slate-800 dark:text-slate-200">
+              <li class="rounded-lg border border-gray-200 bg-gray-100/70 px-4 py-3 dark:border-slate-700 dark:bg-slate-900/60"><code>1. git clone https://github.com/shiks2/shellscope.git</code></li>
+              <li class="rounded-lg border border-gray-200 bg-gray-100/70 px-4 py-3 dark:border-slate-700 dark:bg-slate-900/60"><code>2. cd shellscope</code></li>
+              <li class="rounded-lg border border-gray-200 bg-gray-100/70 px-4 py-3 dark:border-slate-700 dark:bg-slate-900/60"><code>3. pip install wmi pywin32</code></li>
+              <li class="rounded-lg border border-gray-200 bg-gray-100/70 px-4 py-3 dark:border-slate-700 dark:bg-slate-900/60"><code>4. flutter run -d windows</code></li>
+            </ol>
+          </article>
+          <article class="cursor-pointer rounded-2xl border border-gray-200 bg-white/80 p-6 backdrop-blur-sm transition-colors duration-200 hover:border-indigo-400 dark:border-slate-700 dark:bg-slate-800/80">
+            <h2 class="text-2xl font-semibold text-slate-900 dark:text-slate-100">Usage Guide</h2>
+            <p class="mt-4 leading-relaxed text-slate-700 dark:text-slate-300">
+              Dashboard shows real-time activity: Process List (Green safe/Red suspicious), Status Indicator (Running/Closed).
+            </p>
+          </article>
         </div>
+      </section>
+
+      <section id="roadmap" class="px-6 py-20">
+        <div class="mx-auto w-full max-w-7xl">
+          <h2 class="text-3xl font-bold text-slate-900 dark:text-slate-100">Roadmap</h2>
+          <div class="mt-10 overflow-hidden rounded-2xl border border-gray-200 bg-white/80 shadow-glow dark:border-slate-700 dark:bg-slate-800/80">
+            <table class="min-w-full divide-y divide-gray-200 text-left text-sm dark:divide-slate-700">
+              <thead class="bg-gray-100/70 dark:bg-slate-900/60">
+                <tr class="text-xs uppercase tracking-wide text-slate-600 dark:text-slate-300">
+                  <th class="px-5 py-3 font-semibold">Phase</th>
+                  <th class="px-5 py-3 font-semibold">Feature</th>
+                  <th class="px-5 py-3 font-semibold">Timeline</th>
+                </tr>
+              </thead>
+              <tbody class="divide-y divide-gray-200 text-slate-800 dark:divide-slate-700 dark:text-slate-200">
+                <tr>
+                  <td class="px-5 py-4 font-semibold">MVP (Now)</td>
+                  <td class="px-5 py-4">Windows WMI capture, Flutter UI, SQLite</td>
+                  <td class="px-5 py-4">Live</td>
+                </tr>
+                <tr>
+                  <td class="px-5 py-4 font-semibold">v1.1</td>
+                  <td class="px-5 py-4">Linux (Netlink), macOS (psutil/Endpoint Security)</td>
+                  <td class="px-5 py-4">Q2 2026</td>
+                </tr>
+                <tr class="bg-emerald-50/70 dark:bg-emerald-950/20">
+                  <td class="px-5 py-4 font-semibold text-emerald-700 dark:text-emerald-300">v2.0 Pro</td>
+                  <td class="px-5 py-4"><span class="font-semibold text-emerald-700 dark:text-emerald-300">Webhook Logs:</span> Send logs to YOUR server via webhook (JSON/SQLite, auth tokens, batching).</td>
+                  <td class="px-5 py-4">Q3 2026</td>
+                </tr>
+                <tr>
+                  <td class="px-5 py-4 font-semibold">v2.1</td>
+                  <td class="px-5 py-4">ETW low-latency, Supabase pro sync (login/export)</td>
+                  <td class="px-5 py-4">Q4 2026</td>
+                </tr>
+                <tr>
+                  <td class="px-5 py-4 font-semibold">Future</td>
+                  <td class="px-5 py-4">Enterprise: central dashboard, anomaly ML</td>
+                  <td class="px-5 py-4">2027</td>
+                </tr>
+              </tbody>
+            </table>
+          </div>
+        </div>
+      </section>
+    </main>
+
+    <footer class="border-t border-gray-200 px-6 py-10 dark:border-slate-800">
+      <div class="mx-auto flex w-full max-w-7xl flex-col gap-3 text-sm text-slate-700 sm:flex-row sm:items-center sm:justify-between dark:text-slate-300">
+        <p>MIT License</p>
+        <a
+          href="https://github.com/shiks2/shellscope"
+          target="_blank"
+          rel="noopener noreferrer"
+          class="cursor-pointer inline-flex items-center gap-2 transition-colors duration-200 hover:text-indigo-500"
+        >
+          <svg class="h-6 w-6" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+            <path d="M12 .297C5.37.297 0 5.667 0 12.297c0 5.303 3.438 9.8 8.205 11.387.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.727-4.042-1.61-4.042-1.61-.546-1.386-1.333-1.755-1.333-1.755-1.09-.744.083-.729.083-.729 1.205.085 1.84 1.238 1.84 1.238 1.07 1.833 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.605-2.665-.303-5.467-1.335-5.467-5.932 0-1.31.47-2.38 1.236-3.22-.124-.303-.536-1.523.117-3.176 0 0 1.008-.322 3.3 1.23a11.49 11.49 0 0 1 3.003-.404c1.018.005 2.043.137 3.003.404 2.29-1.552 3.296-1.23 3.296-1.23.655 1.653.243 2.873.12 3.176.77.84 1.234 1.91 1.234 3.22 0 4.61-2.807 5.625-5.48 5.922.43.372.813 1.102.813 2.222 0 1.606-.014 2.898-.014 3.293 0 .322.216.694.825.576C20.565 22.092 24 17.595 24 12.297 24 5.667 18.627.297 12 .297Z" />
+          </svg>
+          GitHub
+        </a>
+      </div>
     </footer>
-</body>
+  </body>
 </html>
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..b5f6105
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,28 @@
+[tool.black]
+line-length = 88
+target-version = ['py310']
+include = '\.pyi?$'
+
+[tool.mypy]
+python_version = "3.10"
+warn_return_any = true
+warn_unused_configs = true
+disallow_untyped_defs = true
+disallow_incomplete_defs = true
+check_untyped_defs = true
+disallow_untyped_decorators = true
+no_implicit_optional = true
+warn_redundant_casts = true
+warn_unused_ignores = true
+warn_no_return = true
+warn_unreachable = true
+
+[tool.pytest.ini_options]
+minversion = "6.0"
+addopts = "-ra -q --cov=shellscope/backend --cov-report=term-missing"
+testpaths = [
+    "shellscope/backend/tests",
+]
+python_files = "test_*.py"
+python_classes = "Test*"
+python_functions = "test_*"
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..a8cb446
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,8 @@
+wmi==1.5.1
+pywin32==306
+pytest==7.4.3
+mypy==1.8.0
+black==23.11.0
+flake8==6.1.0
+coverage==7.3.2
+pytest-cov==4.1.0
diff --git a/shellscope/backend/db.py b/shellscope/backend/db.py
index b400ee6..57fa245 100644
--- a/shellscope/backend/db.py
+++ b/shellscope/backend/db.py
@@ -1,124 +1,181 @@
 import sqlite3
 import os
 import sys
-import time
+import threading
 from datetime import datetime, timedelta
+from typing import Any, List, Optional
 
 class DatabaseHandler:
-    def __init__(self, db_name: str = "shellscope.db"):
+    def __init__(self, db_name: str = "shellscope.db") -> None:
         self.db_path = self._get_db_path(db_name)
+        self.conn: Optional[sqlite3.Connection] = None
+        self.lock = threading.Lock()
         self.setup()
 
     def _get_db_path(self, db_name: str) -> str:
-        if getattr(sys, 'frozen', False):
+        if db_name == ":memory:":
+            return ":memory:"
+        if getattr(sys, "frozen", False):
             base_path = os.path.dirname(sys.executable)
         else:
             base_path = os.path.dirname(os.path.abspath(__file__))
-            
         return os.path.join(base_path, db_name)
 
+    def _get_connection(self) -> sqlite3.Connection:
+        """Returns a persistent connection or creates one if closed."""
+        if self.conn is None:
+            try:
+                self.conn = sqlite3.connect(self.db_path, check_same_thread=False)
+                # Optimize: WAL mode is crucial for concurrency with the UI reader
+                self.conn.execute("PRAGMA journal_mode=WAL;")
+                # synchronous=NORMAL is faster and safe enough for WAL
+                self.conn.execute("PRAGMA synchronous=NORMAL;")
+            except sqlite3.Error as e:
+                sys.stderr.write(f"DB CONNECT ERROR: {e}\n")
+                raise
+        return self.conn
+
     def setup(self) -> None:
-        """Initialize DB with Lifecycle columns"""
-        try:
-            conn = sqlite3.connect(self.db_path)
-            cursor = conn.cursor()
-            
-            cursor.execute("PRAGMA journal_mode=WAL;")
-            
-            # Check if table exists to see if we need to migrate (drop/recreate for dev)
-            cursor.execute("SELECT name FROM sqlite_master WHERE type='table' AND name='logs';")
-            table_exists = cursor.fetchone()
+        """Initialize DB with Lifecycle columns."""
+        with self.lock:
+            try:
+                conn = self._get_connection()
+                cursor = conn.cursor()
+
+                # Check for migration
+                cursor.execute(
+                    "SELECT name FROM sqlite_master WHERE type='table' AND name='logs';"
+                )
+                table_exists = cursor.fetchone()
 
-            # For simplicity in this dev phase, if we are changing schema, we might need to recreate.
-            # But let's check columns or just try to create with IF NOT EXISTS and hope for best or ALTER.
-            # Given the prompt instruction: "drop the table if it exists or create a new one"
-            # We will DROP to ensure schema match.
-            # WARNING: This wipes history on update. Acceptable for this "dev -> prod" transition step.
-            
-            # Simple migration flag/check: check for 'duration' column.
-            needs_migration = False
-            if table_exists:
-                cursor.execute("PRAGMA table_info(logs)")
-                columns = [info[1] for info in cursor.fetchall()]
-                if 'duration' not in columns:
-                    needs_migration = True
-            
-            if needs_migration:
-                 sys.stderr.write("MIGRATION: Dropping old table to update schema.\n")
-                 cursor.execute("DROP TABLE logs")
+                needs_migration = False
+                if table_exists:
+                    cursor.execute("PRAGMA table_info(logs)")
+                    columns = [info[1] for info in cursor.fetchall()]
+                    if "duration" not in columns:
+                        needs_migration = True
 
-            cursor.execute("""
-                CREATE TABLE IF NOT EXISTS logs (
-                    id INTEGER PRIMARY KEY AUTOINCREMENT,
-                    pid INTEGER,
-                    date TEXT,
-                    time TEXT,
-                    child TEXT,
-                    parent TEXT,
-                    args TEXT,
-                    suspicious INTEGER,
-                    status TEXT,
-                    start_time_epoch REAL,
-                    end_time TEXT,
-                    duration REAL,
-                    is_running INTEGER DEFAULT 1
+                if needs_migration:
+                    sys.stderr.write("MIGRATION: Dropping old table to update schema.\n")
+                    cursor.execute("DROP TABLE logs")
+
+                cursor.execute(
+                    """
+                    CREATE TABLE IF NOT EXISTS logs (
+                        id INTEGER PRIMARY KEY AUTOINCREMENT,
+                        pid INTEGER,
+                        date TEXT,
+                        time TEXT,
+                        child TEXT,
+                        parent TEXT,
+                        args TEXT,
+                        suspicious INTEGER,
+                        status TEXT,
+                        start_time_epoch REAL,
+                        end_time TEXT,
+                        duration REAL,
+                        is_running INTEGER DEFAULT 1
+                    )
+                """
                 )
-            """)
-            conn.commit()
-            conn.close()
-        except sqlite3.Error as e:
-            sys.stderr.write(f"DB SETUP ERROR: {e}\n")
+                conn.commit()
+                # Do not close the persistent connection here
+            except sqlite3.Error as e:
+                sys.stderr.write(f"DB SETUP ERROR: {e}\n")
 
-    def insert_log(self, log_obj) -> None:
+    def insert_log(self, log_obj: Any) -> None:
+        """Inserts a single log entry."""
         try:
-            conn = sqlite3.connect(self.db_path)
-            cursor = conn.cursor()
-            cursor.execute("""
-                INSERT INTO logs (pid, date, time, child, parent, args, suspicious, status, start_time_epoch, is_running)
-                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-            """, log_obj.to_tuple())
-            conn.commit()
-            conn.close()
+            with self.lock:
+                conn = self._get_connection()
+                with conn:
+                    conn.execute(
+                        """
+                        INSERT INTO logs (pid, date, time, child, parent, args, suspicious, status, start_time_epoch, is_running)
+                        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+                    """,
+                        log_obj.to_tuple(),
+                    )
         except Exception as e:
             sys.stderr.write(f"DB INSERT ERROR: {e}\n")
 
+    def insert_logs_batch(self, log_objs: List[Any]) -> None:
+        """Inserts multiple log entries in a single transaction."""
+        if not log_objs:
+            return
+        try:
+            data = [log.to_tuple() for log in log_objs]
+            with self.lock:
+                conn = self._get_connection()
+                with conn:
+                    conn.executemany(
+                        """
+                        INSERT INTO logs (pid, date, time, child, parent, args, suspicious, status, start_time_epoch, is_running)
+                        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+                    """,
+                        data,
+                    )
+        except Exception as e:
+            sys.stderr.write(f"DB BATCH INSERT ERROR: {e}\n")
+
+    def get_process_start_time(self, pid: int) -> float:
+        """Retrieves the start time epoch for a running process."""
+        try:
+            with self.lock:
+                conn = self._get_connection()
+                # Optimization: Use indexed query (pid, is_running)
+                # We assume is_running=1 for active processes.
+                cursor = conn.execute(
+                    "SELECT start_time_epoch FROM logs WHERE pid = ? AND is_running = 1 ORDER BY id DESC LIMIT 1",
+                    (pid,),
+                )
+                row = cursor.fetchone()
+                if row:
+                    return float(row[0])
+        except Exception as e:
+            sys.stderr.write(f"DB GET START TIME ERROR: {e}\n")
+        return 0.0
+
     def update_log_duration(self, pid: int, end_time_str: str, duration: float) -> None:
         """Updates a process entry when it stops."""
         try:
-            conn = sqlite3.connect(self.db_path)
-            cursor = conn.cursor()
-            
-            # Update the most recent running entry for this PID
-            # We use is_running=1 to target the active session. 
-            # If PID reuse happens very fast, we assume the latest one.
-            # We order by id DESC to get the latest.
-            
-            cursor.execute("""
-                UPDATE logs 
-                SET is_running = 0, end_time = ?, duration = ?
-                WHERE pid = ? AND is_running = 1
-            """, (end_time_str, duration, pid))
-            
-            if cursor.rowcount == 0:
-                # This might happen if we missed the start event or it was already closed.
-                # Just ignore or log debug.
-                pass
-                
-            conn.commit()
-            conn.close()
+            with self.lock:
+                conn = self._get_connection()
+                with conn:
+                    cursor = conn.execute(
+                        """
+                        UPDATE logs
+                        SET is_running = 0, end_time = ?, duration = ?
+                        WHERE pid = ? AND is_running = 1
+                    """,
+                        (end_time_str, duration, pid),
+                    )
+                    if cursor.rowcount == 0:
+                        pass
         except Exception as e:
             sys.stderr.write(f"DB UPDATE ERROR: {e}\n")
 
     def prune_old_logs(self, days_to_keep: int = 7) -> None:
         try:
-            conn = sqlite3.connect(self.db_path)
-            cursor = conn.cursor()
-            cutoff_date = (datetime.now() - timedelta(days=days_to_keep)).strftime("%Y-%m-%d")
-            cursor.execute("DELETE FROM logs WHERE date < ?", (cutoff_date,))
-            count = cursor.rowcount
-            conn.commit()
-            conn.close()
+            cutoff_date = (datetime.now() - timedelta(days=days_to_keep)).strftime(
+                "%Y-%m-%d"
+            )
+            with self.lock:
+                conn = self._get_connection()
+                with conn:
+                    cursor = conn.execute("DELETE FROM logs WHERE date < ?", (cutoff_date,))
+                    count = cursor.rowcount
             if count > 0:
                 sys.stderr.write(f"MAINTENANCE: Pruned {count} old logs.\n")
         except Exception as e:
-            sys.stderr.write(f"DB PRUNE ERROR: {e}\n")
\ No newline at end of file
+            sys.stderr.write(f"DB PRUNE ERROR: {e}\n")
+
+    def close(self) -> None:
+        """Closes the persistent connection."""
+        with self.lock:
+            if self.conn:
+                try:
+                    self.conn.close()
+                except Exception:
+                    pass
+                self.conn = None
diff --git a/shellscope/backend/models.py b/shellscope/backend/models.py
index 50282af..d0d15d3 100644
--- a/shellscope/backend/models.py
+++ b/shellscope/backend/models.py
@@ -1,5 +1,5 @@
 import time
-from typing import Tuple, Any
+from typing import Tuple, Any, List, Optional
 
 class ProcessLog:
     def __init__(self, pid: int, child: str, parent: str, args: str, suspicious: bool, status: str = "NEW", is_running: bool = True):
@@ -21,7 +21,7 @@ def __str__(self) -> str:
         return f"[{self.timestamp}] {self.parent} -> {self.child} (PID: {self.pid})"
 
     @classmethod
-    def from_wmi_process(cls, process: Any, parent_name: str, status: str = "NEW", suspicious_keywords: list = None) -> 'ProcessLog':
+    def from_wmi_process(cls, process: Any, parent_name: str, status: str = "NEW", suspicious_keywords: Optional[List[str]] = None) -> 'ProcessLog':
         if suspicious_keywords is None:
             suspicious_keywords = []
 
diff --git a/shellscope/backend/monitor.py b/shellscope/backend/monitor.py
index 32ab8d4..5ead248 100644
--- a/shellscope/backend/monitor.py
+++ b/shellscope/backend/monitor.py
@@ -1,103 +1,163 @@
-import wmi
-import pythoncom
 import sys
 import json
 import time
-import threading
-import sqlite3
-from typing import Any
+from typing import Any, Dict, List, Optional
 from models import ProcessLog
 from db import DatabaseHandler
 
+# Handle optional dependencies for cross-platform dev/testing
+try:
+    import wmi  # type: ignore
+    import pythoncom  # type: ignore
+except ImportError:
+    wmi = None
+    pythoncom = None
+
 # --- CONFIGURATION ---
 TARGET_APPS = ["cmd.exe", "powershell.exe", "wt.exe", "conhost.exe"]
-SUSPICIOUS_KEYWORDS = ['hidden', '-enc', '/c', 'temp', 'downloadstring', 'bypass']
+SUSPICIOUS_KEYWORDS = ["hidden", "-enc", "/c", "temp", "downloadstring", "bypass"]
 RETENTION_DAYS = 7
+MIN_POLL_INTERVAL = 0.5
+MAX_POLL_INTERVAL = 2.0
 
 # --- SETUP ---
 db = DatabaseHandler("shellscope.db")
-db.prune_old_logs(RETENTION_DAYS)
 
-print(f"ENGINE_STARTED")
-sys.stderr.write(f"DEBUG: Logging to {db.db_path}\n")
-sys.stdout.flush()
 
-# --- HELPER FUNCTIONS ---
-def get_parent_name(c_instance, ppid):
+def get_parent_name(c_instance: Any, ppid: Optional[int]) -> str:
+    """Retrieves the name of the parent process given its PID."""
+    if ppid is None:
+        return "N/A"
     try:
-        if ppid is None: return "N/A"
+        # Optimization: Only select Name
         parent_query = c_instance.Win32_Process(ProcessId=ppid)
         if parent_query:
-            return parent_query[0].Name
-    except:
+            return str(parent_query[0].Name)
+    except Exception:
         pass
     return "Unknown (Exited)"
 
-def send_json(payload):
+
+def send_json(payload: Dict[str, Any]) -> None:
+    """Sends a JSON payload to stdout for the UI."""
     try:
         print(f"LOG::{json.dumps(payload)}")
         sys.stdout.flush()
     except Exception as e:
         sys.stderr.write(f"JSON ERROR: {e}\n")
 
+
 # --- SNAPSHOT MONITOR ---
 
-def get_running_targets(c_wmi) -> dict:
-    """Returns a dict of {pid: process_object} for target apps"""
+
+def get_running_targets(c_wmi: Any) -> Dict[str, Any]:
+    """Returns a dict of {unique_key: process_object} for target apps.
+    unique_key is 'pid:creation_date' to handle PID reuse.
+    """
     targets = {}
     try:
-        # Querying all processes is cheap enough every 2 seconds
-        # Or we can filter in WQL: Select * from Win32_Process Where Name='cmd.exe' OR ...
-        # Constructing WQL for specific names is better
-        
         # Win32_Process has Name, ProcessId, ParentProcessId, CommandLine, CreationDate
-        
-        # Build query clause
-        # Name = 'cmd.exe' OR Name = 'powershell.exe' ...
         clauses = [f"Name = '{app}'" for app in TARGET_APPS]
         where_clause = " OR ".join(clauses)
+
+        # Optimization: Select specific columns
         wql = f"SELECT Name, ProcessId, ParentProcessId, CommandLine, CreationDate FROM Win32_Process WHERE {where_clause}"
-        
+
         results = c_wmi.query(wql)
         for proc in results:
-            targets[proc.ProcessId] = proc
-            
+            # Use PID + CreationDate as unique key
+            # CreationDate might be None for some system processes.
+            creation_date = proc.CreationDate or "0"
+            unique_key = f"{proc.ProcessId}:{creation_date}"
+            targets[unique_key] = proc
+
     except Exception as e:
         sys.stderr.write(f"POLLING ERROR: {e}\n")
-        
+
     return targets
 
-def monitor_loop():
-    """Main Loop: Polls process list and diffs with previous state"""
-    pythoncom.CoInitialize() 
+
+def monitor_loop() -> None:
+    """Main Loop: Polls process list and diffs with previous state."""
+    if wmi is None:
+        sys.stderr.write("ERROR: WMI module not found. Is this Windows?\n")
+        return
+
+    pythoncom.CoInitialize()
     c = wmi.WMI()
+
+    # Prune old logs at startup
+    db.prune_old_logs(RETENTION_DAYS)
+
+    print(f"ENGINE_STARTED")
+    sys.stderr.write(f"DEBUG: Logging to {db.db_path}\n")
+    sys.stdout.flush()
+
     print("Monitor loop started (Polling Mode)")
     sys.stdout.flush()
-    
+
     # Initial Snapshot
     prev_snapshot = get_running_targets(c)
-    
+
+    poll_interval = MAX_POLL_INTERVAL
+
     while True:
         try:
-            time.sleep(2)
-            
+            start_time = time.time()
+            time.sleep(poll_interval)
+
             curr_snapshot = get_running_targets(c)
-            
-            # 1. Detect NEW processes (in curr but not in prev)
-            for pid, proc in curr_snapshot.items():
-                if pid not in prev_snapshot:
+
+            new_logs = []
+            activity_detected = False
+
+            # 1. Detect CLOSED processes (in prev but not in curr)
+            for key in prev_snapshot:
+                if key not in curr_snapshot:
+                    activity_detected = True
+                    # Found CLOSED process
+                    # Extract PID from key "pid:creation_date"
+                    pid_str = key.split(":")[0]
+                    pid = int(pid_str)
+
+                    end_time_epoch = time.time()
+
+                    start_time_proc = db.get_process_start_time(pid)
+                    duration = 0.0
+                    if start_time_proc > 0:
+                        duration = end_time_epoch - start_time_proc
+
+                    # If duration is negative (clock skew?), clamp to 0
+                    duration = max(0.0, duration)
+
+                    end_time_str = time.strftime("%H:%M:%S")
+                    db.update_log_duration(pid, end_time_str, duration)
+
+                    # Notify UI
+                    payload = {
+                        "pid": pid,
+                        "status": "CLOSED",
+                        "isRunning": False,
+                        "duration": f"{duration:.2f}s",
+                    }
+                    send_json(payload)
+
+            # 2. Detect NEW processes (in curr but not in prev)
+            for key, proc in curr_snapshot.items():
+                if key not in prev_snapshot:
+                    activity_detected = True
                     # Found NEW process
                     parent_name = get_parent_name(c, proc.ParentProcessId)
-                    
+
                     log = ProcessLog.from_wmi_process(
-                        proc, 
-                        parent_name, 
+                        proc,
+                        parent_name,
                         status="NEW",
-                        suspicious_keywords=SUSPICIOUS_KEYWORDS
+                        suspicious_keywords=SUSPICIOUS_KEYWORDS,
                     )
-                    
-                    db.insert_log(log)
-                    
+
+                    new_logs.append(log)
+
                     payload = {
                         "pid": log.pid,
                         "time": log.timestamp,
@@ -107,53 +167,29 @@ def monitor_loop():
                         "suspicious": bool(log.suspicious),
                         "status": log.status,
                         "isRunning": True,
-                        "duration": "Running"
+                        "duration": "Running",
                     }
                     send_json(payload)
-            
-            # 2. Detect CLOSED processes (in prev but not in curr)
-            for pid in prev_snapshot:
-                if pid not in curr_snapshot:
-                    # Found CLOSED process
-                    
-                    conn = sqlite3.connect(db.db_path)
-                    cursor = conn.cursor()
-                    cursor.execute("SELECT start_time_epoch FROM logs WHERE pid = ? AND is_running = 1", (pid,))
-                    row = cursor.fetchone()
-                    duration = 0.0
-                    
-                    if row:
-                        start_time = row[0]
-                        end_time = time.time()
-                        duration = end_time - start_time
-                        end_time_str = time.strftime("%H:%M:%S")
-                        
-                        cursor.close()
-                        conn.close()
-                        
-                        # Update DB
-                        db.update_log_duration(pid, end_time_str, duration)
-                        
-                        # Notify UI
-                        payload = {
-                            "pid": pid,
-                            "status": "CLOSED",
-                            "isRunning": False,
-                            "duration": f"{duration:.2f}s"
-                        }
-                        send_json(payload)
-                    else:
-                        cursor.close()
-                        conn.close()
-            
+
+            # Batch insert new logs
+            if new_logs:
+                db.insert_logs_batch(new_logs)
+
             # Update state
             prev_snapshot = curr_snapshot
-            
+
+            # Adaptive Polling
+            if activity_detected:
+                poll_interval = max(MIN_POLL_INTERVAL, poll_interval / 2)
+            else:
+                poll_interval = min(MAX_POLL_INTERVAL, poll_interval + 0.1)
+
         except Exception as e:
             sys.stderr.write(f"LOOP ERROR: {e}\n")
+            # Fallback sleep
             time.sleep(1)
 
+
 # --- MAIN ---
 if __name__ == "__main__":
-    # No threads needed for sequential polling
-    monitor_loop()
\ No newline at end of file
+    monitor_loop()
diff --git a/shellscope/backend/tests/conftest.py b/shellscope/backend/tests/conftest.py
new file mode 100644
index 0000000..e683e28
--- /dev/null
+++ b/shellscope/backend/tests/conftest.py
@@ -0,0 +1,23 @@
+import sys
+import os
+from unittest.mock import MagicMock
+import pytest
+
+# Add backend to path so local imports in monitor.py (e.g. 'import models') work
+backend_path = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
+if backend_path not in sys.path:
+    sys.path.insert(0, backend_path)
+
+# Pre-mock wmi and pythoncom before any test imports monitor
+if 'wmi' not in sys.modules:
+    sys.modules['wmi'] = MagicMock()
+if 'pythoncom' not in sys.modules:
+    sys.modules['pythoncom'] = MagicMock()
+
+@pytest.fixture
+def mock_wmi():
+    return sys.modules['wmi']
+
+@pytest.fixture
+def mock_pythoncom():
+    return sys.modules['pythoncom']
diff --git a/shellscope/backend/tests/test_db.py b/shellscope/backend/tests/test_db.py
new file mode 100644
index 0000000..2346b0e
--- /dev/null
+++ b/shellscope/backend/tests/test_db.py
@@ -0,0 +1,105 @@
+import pytest
+import sqlite3
+import os
+from unittest.mock import patch
+from db import DatabaseHandler
+from models import ProcessLog
+
+@pytest.fixture
+def memory_db():
+    # Use in-memory DB for testing
+    handler = DatabaseHandler(":memory:")
+    yield handler
+    handler.close()
+
+def test_db_setup(memory_db):
+    conn = memory_db._get_connection()
+    cursor = conn.cursor()
+    cursor.execute("SELECT name FROM sqlite_master WHERE type='table' AND name='logs'")
+    assert cursor.fetchone() is not None
+
+    # Check columns
+    cursor.execute("PRAGMA table_info(logs)")
+    columns = [info[1] for info in cursor.fetchall()]
+    assert "duration" in columns
+    assert "start_time_epoch" in columns
+
+def test_insert_log(memory_db):
+    log = ProcessLog(100, "child", "parent", "args", False)
+    memory_db.insert_log(log)
+
+    conn = memory_db._get_connection()
+    cursor = conn.cursor()
+    cursor.execute("SELECT pid, child FROM logs")
+    row = cursor.fetchone()
+    assert row[0] == 100
+    assert row[1] == "child"
+
+def test_insert_logs_batch(memory_db):
+    logs = [
+        ProcessLog(101, "c1", "p1", "a1", False),
+        ProcessLog(102, "c2", "p2", "a2", True)
+    ]
+    memory_db.insert_logs_batch(logs)
+
+    conn = memory_db._get_connection()
+    cursor = conn.cursor()
+    cursor.execute("SELECT count(*) FROM logs")
+    assert cursor.fetchone()[0] == 2
+
+def test_update_log_duration(memory_db):
+    log = ProcessLog(100, "child", "parent", "args", False)
+    memory_db.insert_log(log)
+
+    # Update
+    memory_db.update_log_duration(100, "12:00:00", 5.5)
+
+    conn = memory_db._get_connection()
+    cursor = conn.cursor()
+    cursor.execute("SELECT duration, is_running, end_time FROM logs WHERE pid=100")
+    row = cursor.fetchone()
+    assert row[0] == 5.5
+    assert row[1] == 0
+    assert row[2] == "12:00:00"
+
+def test_get_process_start_time(memory_db):
+    log = ProcessLog(100, "child", "parent", "args", False)
+    memory_db.insert_log(log)
+
+    start = memory_db.get_process_start_time(100)
+    assert start == log.start_time_epoch
+
+    # Test non-existent
+    assert memory_db.get_process_start_time(999) == 0.0
+
+def test_prune_old_logs(memory_db):
+    # Insert old log manually
+    conn = memory_db._get_connection()
+    conn.execute("INSERT INTO logs (date) VALUES ('2020-01-01')")
+    conn.execute("INSERT INTO logs (date) VALUES ('2099-01-01')")
+    conn.commit()
+
+    memory_db.prune_old_logs(7)
+
+    cursor = conn.cursor()
+    cursor.execute("SELECT count(*) FROM logs")
+    # Should only have the future one
+    assert cursor.fetchone()[0] == 1
+
+def test_db_exceptions(memory_db):
+    # Test insert_log exception
+    with patch.object(memory_db, '_get_connection', side_effect=Exception("insert error")):
+        # Should catch exception and not crash
+        memory_db.insert_log(None)
+
+    # Test update_log_duration exception
+    with patch.object(memory_db, '_get_connection', side_effect=Exception("update error")):
+        memory_db.update_log_duration(1, "time", 1.0)
+
+    # Test prune_old_logs exception
+    with patch.object(memory_db, '_get_connection', side_effect=Exception("prune error")):
+        memory_db.prune_old_logs(1)
+
+    # Test get_process_start_time exception
+    with patch.object(memory_db, '_get_connection', side_effect=Exception("get error")):
+        assert memory_db.get_process_start_time(1) == 0.0
diff --git a/shellscope/backend/tests/test_monitor.py b/shellscope/backend/tests/test_monitor.py
new file mode 100644
index 0000000..933ae0c
--- /dev/null
+++ b/shellscope/backend/tests/test_monitor.py
@@ -0,0 +1,134 @@
+import pytest
+from unittest.mock import MagicMock, patch
+import sys
+import time
+import os
+
+# Ensure backend path is set (conftest handles it, but explicit here doesn't hurt)
+# Importing monitor after sys.path fix in conftest
+from monitor import get_running_targets, monitor_loop, get_parent_name
+from models import ProcessLog
+from db import DatabaseHandler
+
+class MockProcess:
+    def __init__(self, pid, name, ppid, cmd, date):
+        self.ProcessId = pid
+        self.Name = name
+        self.ParentProcessId = ppid
+        self.CommandLine = cmd
+        self.CreationDate = date
+
+def test_get_running_targets(mock_wmi):
+    """Test parsing of WMI results."""
+    # Setup mock WMI query return
+    c_wmi = MagicMock()
+    mock_wmi.WMI.return_value = c_wmi
+
+    p1 = MockProcess(101, "cmd.exe", 100, "cmd.exe /c echo hi", "20230101000000.000000+000")
+    p2 = MockProcess(102, "powershell.exe", 101, "powershell", None) # No creation date
+
+    c_wmi.query.return_value = [p1, p2]
+
+    targets = get_running_targets(c_wmi)
+
+    assert len(targets) == 2
+    assert "101:20230101000000.000000+000" in targets
+    assert "102:0" in targets
+    assert targets["101:20230101000000.000000+000"].Name == "cmd.exe"
+
+def test_get_parent_name():
+    c_wmi = MagicMock()
+    parent = MockProcess(100, "explorer.exe", 0, "", "")
+    c_wmi.Win32_Process.return_value = [parent]
+
+    name = get_parent_name(c_wmi, 100)
+    assert name == "explorer.exe"
+
+    # Test None
+    assert get_parent_name(c_wmi, None) == "N/A"
+
+    # Test Exception
+    c_wmi.Win32_Process.side_effect = Exception("error")
+    assert get_parent_name(c_wmi, 100) == "Unknown (Exited)"
+
+@patch('monitor.db')
+@patch('monitor.send_json')
+@patch('monitor.time')
+def test_monitor_loop_logic(mock_time, mock_send_json, mock_db, mock_wmi):
+    """Test the monitoring loop logic (detect new/closed)."""
+
+    # Mock time.sleep to raise exception to break the infinite loop
+    # We allow a few iterations. Raising KeyboardInterrupt to bypass the
+    # 'except Exception' block in monitor_loop
+    # Iterations: 1 (NEW pA), 2 (Reuse: CLOSE pA, NEW pA'), 3 (Break)
+    mock_time.sleep.side_effect = [None, None, KeyboardInterrupt("Break Loop")]
+    mock_time.time.return_value = 1000.0
+
+    c_wmi = MagicMock()
+    mock_wmi.WMI.return_value = c_wmi
+
+    pA = MockProcess(101, "cmd.exe", 100, "cmd", "D1")
+    pA_new = MockProcess(101, "cmd.exe", 100, "cmd", "D2")
+
+    # Sequence of snapshots:
+    # 1. Initial: Empty
+    # 2. Loop 1: Process A starts
+    # 3. Loop 2: Process A stops AND Process A' starts (PID reuse)
+
+    c_wmi.query.side_effect = [
+        [],        # Initial
+        [pA],      # Loop 1
+        [pA_new]   # Loop 2
+    ]
+
+    # Mock parent name query
+    c_wmi.Win32_Process.return_value = [MockProcess(100, "explorer.exe", 0, "", "")]
+
+    # Mock DB insert/update
+    mock_db.insert_logs_batch = MagicMock()
+    mock_db.update_log_duration = MagicMock()
+    mock_db.get_process_start_time.return_value = 900.0 # Started at 900
+
+    try:
+        monitor_loop()
+    except KeyboardInterrupt:
+        pass
+
+    # Verification
+
+    # Check calls
+    # Expected:
+    # Loop 1: NEW pA
+    # Loop 2: CLOSED pA, NEW pA_new
+
+    assert mock_send_json.call_count >= 3
+
+    # 1. NEW pA
+    args, _ = mock_send_json.call_args_list[0]
+    assert args[0]['status'] == "NEW"
+    assert args[0]['pid'] == 101
+
+    # 2. CLOSED pA (Must be before NEW pA_new if in same loop iteration)
+    # But wait, send_json is called sequentially.
+    # In monitor logic:
+    #   Detect CLOSED -> send_json(CLOSED)
+    #   Detect NEW -> send_json(NEW)
+    # So call 2 should be CLOSED.
+
+    args, _ = mock_send_json.call_args_list[1]
+    assert args[0]['status'] == "CLOSED"
+    assert args[0]['pid'] == 101
+    assert args[0]['duration'] == "100.00s"
+
+    # 3. NEW pA_new
+    args, _ = mock_send_json.call_args_list[2]
+    assert args[0]['status'] == "NEW"
+    assert args[0]['pid'] == 101
+
+    # Check DB calls
+    # insert_logs_batch called twice (Loop 1, Loop 2)
+    assert mock_db.insert_logs_batch.call_count == 2
+
+    # update_log_duration called once (Loop 2 for pA)
+    mock_db.update_log_duration.assert_called_once()
+    assert mock_db.update_log_duration.call_args[0][0] == 101
diff --git a/shellscope/lib/main.dart b/shellscope/lib/main.dart
index 855f3c9..261c02e 100644
--- a/shellscope/lib/main.dart
+++ b/shellscope/lib/main.dart
@@ -81,9 +81,6 @@ class _MonitorScreenState extends State<MonitorScreen> {
   void _startMonitoring() {
     final dbService = GetIt.instance<DatabaseService>();
 
-    // Initial fetch to populate UI immediately
-    _refreshLogs();
-
     // Subscribe to real-time updates from MonitorService -> DatabaseService
     _logSubscription = dbService.logStream.listen((logs) {
       if (mounted) {
@@ -93,9 +90,12 @@ class _MonitorScreenState extends State<MonitorScreen> {
       }
     });
 
-    // Keep polling as backup (e.g. if python script crashes or for deep history refresh)
-    // but maybe less frequent? keeping 2s for now is fine.
-    _timer = Timer.periodic(const Duration(seconds: 2), (timer) {
+    // Initial fetch to populate UI immediately
+    // This will trigger the stream above
+    _refreshLogs();
+
+    // Keep polling as backup but less frequent (10s)
+    _timer = Timer.periodic(const Duration(seconds: 10), (timer) {
       _refreshLogs();
     });
   }
@@ -112,12 +112,8 @@ class _MonitorScreenState extends State<MonitorScreen> {
 
   Future<void> _refreshLogs() async {
     final dbService = GetIt.instance<DatabaseService>();
-    final logs = await dbService.getLogs();
-    if (mounted) {
-      setState(() {
-        _logs = logs;
-      });
-    }
+    // calling getLogs() will update the stream, which updates the UI
+    await dbService.getLogs();
   }
 
   @override
diff --git a/shellscope/lib/services/database_service.dart b/shellscope/lib/services/database_service.dart
index c8a472b..ff59d23 100644
--- a/shellscope/lib/services/database_service.dart
+++ b/shellscope/lib/services/database_service.dart
@@ -8,10 +8,8 @@ import 'package:shellscope/constants/app_constants.dart';
 import 'package:path/path.dart' as p;
 
 class DatabaseService {
-  Database?
-  _db; // Fixed: internal DB instance should be Database, not DatabaseService
-  // _lastKnownId field removed as internal polling is disabled
-  Timer? _pollingTimer; // To keep track of the timer
+  Database? _db;
+  Timer? _pollingTimer;
 
   // Stream to update UI
   final _controller = StreamController<List<LogEntry>>.broadcast();
@@ -30,13 +28,13 @@ class DatabaseService {
     _db = await openDatabase(
       dbPath,
       readOnly: false,
-    ); // Needs write access for pruning
+    );
 
-    // Prune old logs (Default 7 days, later configurable)
-    await pruneOldLogs(7);
+    // Prune old logs async
+    pruneOldLogs(7);
 
-    // Start Polling
-    _startPolling();
+    // Initial fetch
+    await getLogs();
   }
 
   Future<void> pruneOldLogs(int daysToKeep) async {
@@ -45,12 +43,6 @@ class DatabaseService {
       final now = DateTime.now();
       final cutoff = now.subtract(Duration(days: daysToKeep)).toIso8601String();
 
-      // Assuming 'timestamp' column exists and is comparable string or we rely on SQLite date function
-      // If table uses standard timestamp:
-      // await _db!.rawDelete("DELETE FROM ${AppConstants.logTable} WHERE time < datetime('now', '-$daysToKeep days')");
-      // But since we might be using custom schema, let's look at schema if possible or assume date('now',...) works.
-      // Based on prompt: DELETE FROM logs WHERE date < date('now', '-$daysToKeep days')
-
       await _db!.rawDelete(
         "DELETE FROM ${AppConstants.logTable} WHERE date < ?",
         [cutoff],
@@ -68,45 +60,57 @@ class DatabaseService {
   List<LogEntry> _currentLogs = [];
 
   // Fetch logs for UI polling
-  Future<List<LogEntry>> getLogs() async {
+  Future<List<LogEntry>> getLogs({int limit = 50, int offset = 0}) async {
     if (_db == null) return [];
 
-    // Fetch latest 50 logs directly
     final List<Map<String, dynamic>> maps = await _db!.query(
       AppConstants.logTable,
       orderBy: 'id DESC',
-      limit: 50,
+      limit: limit,
+      offset: offset,
     );
 
-    _currentLogs = maps.map((e) => LogEntry.fromSql(e)).toList();
-    return _currentLogs;
+    if (offset == 0) {
+        _currentLogs = maps.map((e) => LogEntry.fromSql(e)).toList();
+        // Emit initial state
+        _controller.add(List.from(_currentLogs));
+        return _currentLogs;
+    } else {
+        return maps.map((e) => LogEntry.fromSql(e)).toList();
+    }
   }
 
   /// Process valid JSON from Python Monitor
   void processRealTimeLog(Map<String, dynamic> payload) {
     try {
-      // 1. Convert JSON to LogEntry
-      // Note: usage of 'fromSql' or 'fromJson' depends on your model.
-      // The Python script sends "isRunning" (bool) and "pid" (int).
-      // LogEntry.fromJson handles these.
       final newLog = LogEntry.fromJson(payload);
-
-      // 2. Logic:
-      // If Status == NEW/Suspicious -> Add to top
-      // If Status == CLOSED -> Find existing PID in list and update it
-
       bool found = false;
 
-      // We iterate to find if we already have this PID showing "Running"
       for (int i = 0; i < _currentLogs.length; i++) {
         if (_currentLogs[i].pid == newLog.pid) {
-          // If we found it, update the specific entry
-          // But wait, if it's "CLOSED", we want to update the entry to show duration
-          if (!newLog.isRunning) {
-            _currentLogs[i] = newLog; // Replace with the 'Closed' version
+          // Found matching PID.
+          // If we receive CLOSED, we look for the running entry with same PID.
+          if (!newLog.isRunning && _currentLogs[i].isRunning) {
+            // Update the existing entry with duration and status, keeping other info
+            final old = _currentLogs[i];
+            _currentLogs[i] = LogEntry(
+                id: old.id,
+                pid: old.pid,
+                date: old.date,
+                time: old.time,
+                child: old.child,
+                parent: old.parent,
+                args: old.args,
+                suspicious: old.suspicious,
+                status: newLog.status,
+                isRunning: newLog.isRunning,
+                duration: newLog.duration
+            );
             found = true;
+          } else if (newLog.isRunning) {
+             // Duplicate NEW or update? Assume duplicate or same instance update.
+             found = true;
           }
-          // If it's a duplicate "NEW" event (rare), ignore or update
           break;
         }
       }
@@ -127,13 +131,6 @@ class DatabaseService {
     }
   }
 
-  void _startPolling() {
-    // Internal polling disabled in favor of UI polling for now
-    // or keep it if we want stream updates later.
-    // For this refactor, I'll comment it out to avoid double polling overhead
-    // since main.dart is driving the refresh.
-  }
-
   // New stop method to clean up resources
   Future<void> stop() async {
     _pollingTimer?.cancel();
diff --git a/shellscope/lib/services/monitor_service.dart b/shellscope/lib/services/monitor_service.dart
index c5ca523..2b47643 100644
--- a/shellscope/lib/services/monitor_service.dart
+++ b/shellscope/lib/services/monitor_service.dart
@@ -30,41 +30,51 @@ class MonitorService {
       );
 
       // Run python script directly for dev/real-time updates
-      // Using 'python' or 'python3' depends on system. process.start searches PATH.
-      _process = await Process.start('python', [AppConstants.pythonScriptPath]);
+      // Using 'python' as default. Ensure python is in PATH.
+      String pythonCommand = 'python';
+
+      _process = await Process.start(pythonCommand, [AppConstants.pythonScriptPath]);
 
       isRunning.value = true;
       GetIt.instance<MyLogger>().logInfo(
         "Backend started with PID: ${_process!.pid}",
       );
 
-      // Listen to stdout for real-time events
-      _process!.stdout.transform(const SystemEncoding().decoder).listen((data) {
-        // Print raw stdout to console for debugging
-        print("PYTHON_STDOUT: $data");
+      // Listen to stdout for real-time events with correct line splitting
+      _process!.stdout
+          .transform(const SystemEncoding().decoder)
+          .transform(const LineSplitter())
+          .listen((line) {
 
-        final lines = data.split('\n');
-        for (var line in lines) {
-          line = line.trim();
-          if (line.isNotEmpty) {
-            GetIt.instance<MyLogger>().logInfo("PYTHON: $line");
-          }
-          if (line.startsWith("LOG::")) {
-            try {
-              final jsonStr = line.substring(5);
-              final payload = jsonDecode(jsonStr) as Map<String, dynamic>;
-              GetIt.instance<DatabaseService>().processRealTimeLog(payload);
-            } catch (e) {
-              GetIt.instance<MyLogger>().logError("Failed to parse log: $e");
-            }
+        line = line.trim();
+        if (line.isEmpty) return;
+
+        // Log everything from python for debugging (except raw JSON maybe)
+        if (!line.startsWith("LOG::")) {
+             GetIt.instance<MyLogger>().logInfo("PYTHON: $line");
+        }
+
+        if (line.startsWith("LOG::")) {
+          try {
+            final jsonStr = line.substring(5);
+            final payload = jsonDecode(jsonStr) as Map<String, dynamic>;
+            GetIt.instance<DatabaseService>().processRealTimeLog(payload);
+          } catch (e) {
+            GetIt.instance<MyLogger>().logError("Failed to parse log: $e\nLine: $line");
           }
         }
+      }, onError: (e) {
+          GetIt.instance<MyLogger>().logError("Stdout error: $e");
       });
 
       // Listen to stderr for errors
-      _process!.stderr.transform(const SystemEncoding().decoder).listen((data) {
-        print("PYTHON_STDERR: $data");
-        GetIt.instance<MyLogger>().logError("PYTHON_ERR: $data");
+      _process!.stderr
+          .transform(const SystemEncoding().decoder)
+          .transform(const LineSplitter())
+          .listen((line) {
+        if (line.isNotEmpty) {
+             GetIt.instance<MyLogger>().logError("PYTHON_ERR: $line");
+        }
       });
 
       // Listen for exit
diff --git a/shellscope/pubspec.lock b/shellscope/pubspec.lock
index dd5a40f..eaba708 100644
--- a/shellscope/pubspec.lock
+++ b/shellscope/pubspec.lock
@@ -710,5 +710,5 @@ packages:
     source: hosted
     version: "3.1.3"
 sdks:
-  dart: ">=3.10.8 <4.0.0"
+  dart: ">=3.10.3 <4.0.0"
   flutter: ">=3.38.4"
diff --git a/shellscope/pubspec.yaml b/shellscope/pubspec.yaml
index bbeaa29..0e32b30 100644
--- a/shellscope/pubspec.yaml
+++ b/shellscope/pubspec.yaml
@@ -19,7 +19,7 @@ publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 version: 1.0.0+1
 
 environment:
-  sdk: ^3.10.8
+  sdk: ^3.10.0
 
 # Dependencies specify other packages that your package needs in order to work.
 # To automatically upgrade your package dependencies to the latest versions
diff --git a/shellscope/test/widget_test.dart b/shellscope/test/widget_test.dart
index 92becb8..77b578d 100644
--- a/shellscope/test/widget_test.dart
+++ b/shellscope/test/widget_test.dart
@@ -1,30 +1,80 @@
-// This is a basic Flutter widget test.
-//
-// To perform an interaction with a widget in your test, use the WidgetTester
-// utility in the flutter_test package. For example, you can send tap and scroll
-// gestures. You can also use WidgetTester to find child widgets in the widget
-// tree, read text, and verify that the values of widget properties are correct.
-
+import 'dart:async';
 import 'package:flutter/material.dart';
 import 'package:flutter_test/flutter_test.dart';
-
+import 'package:get_it/get_it.dart';
 import 'package:shellscope/main.dart';
+import 'package:shellscope/services/database_service.dart';
+import 'package:shellscope/services/license_service.dart';
+import 'package:shellscope/model/log_entry.dart';
+import 'package:shellscope/services/monitor_service.dart';
+
+// Mocks
+class MockDatabaseService implements DatabaseService {
+  final _controller = StreamController<List<LogEntry>>.broadcast();
+
+  @override
+  Stream<List<LogEntry>> get logStream => _controller.stream;
+
+  @override
+  Future<List<LogEntry>> getLogs({int limit = 50, int offset = 0}) async => [];
+
+  @override
+  Future<void> init() async {}
+
+  @override
+  void processRealTimeLog(Map<String, dynamic> payload) {}
+
+  @override
+  Future<void> pruneOldLogs(int daysToKeep) async {}
+
+  @override
+  Future<void> stop() async {}
+}
+
+class MockLicenseService implements LicenseService {
+  @override
+  Future<bool> isPro() async => false;
+
+  @override
+  Future<void> saveKey(String key) async {}
+
+  @override
+  Future<void> removeKey() async {}
+
+  @override
+  bool validateKey(String key) => true;
+}
+
+class MockMonitorService implements MonitorService {
+  @override
+  ValueNotifier<bool> isRunning = ValueNotifier(true);
+
+  @override
+  void start() {}
+
+  @override
+  void stop() {}
+}
 
 void main() {
-  testWidgets('Counter increments smoke test', (WidgetTester tester) async {
-    // Build our app and trigger a frame.
-    await tester.pumpWidget(const MonitorScreen());
+  setUp(() {
+    GetIt.instance.registerSingleton<DatabaseService>(MockDatabaseService());
+    GetIt.instance.registerSingleton<LicenseService>(MockLicenseService());
+    GetIt.instance.registerSingleton<MonitorService>(MockMonitorService());
+  });
 
-    // Verify that our counter starts at 0.
-    expect(find.text('0'), findsOneWidget);
-    expect(find.text('1'), findsNothing);
+  tearDown(() {
+    GetIt.instance.reset();
+  });
+
+  testWidgets('App smoke test', (WidgetTester tester) async {
+    // Build our app and trigger a frame.
+    await tester.pumpWidget(const MaterialApp(home: MonitorScreen()));
 
-    // Tap the '+' icon and trigger a frame.
-    await tester.tap(find.byIcon(Icons.add));
-    await tester.pump();
+    // Verify that the title is present
+    expect(find.text('ShellScope'), findsOneWidget);
 
-    // Verify that our counter has incremented.
-    expect(find.text('0'), findsNothing);
-    expect(find.text('1'), findsOneWidget);
+    // Verify waiting message
+    expect(find.text('Waiting for activity...'), findsOneWidget);
   });
 }