docs: align guide and screenshots

README.md

@@ -23,10 +23,10 @@ port forwarding management.
 - Key, SSH-agent, password, and key+passphrase auth modes.
 - **Routes / ProxyJump** — manage bastion hosts and jump chains with human-readable display.
 - **Port forwarding** — named local/remote/SOCKS forwards with type selector, validation, and OpenSSH preview.
-- **Tunnel management** — start/stop/restart tunnels, PID tracking, background tunnels, runtime state.
+- **Tunnel management** — start/stop/list background tunnels, PID tracking, runtime state.
 - **Tunnel vs Forward** — clear separation: forward = saved rule, tunnel = running SSH process.
-- Groups, tags, command templates, search, and OpenSSH config generation.
+- Groups, tags, command templates, search by metadata/routes/forward ports, and OpenSSH config generation.
-- Import from `~/.ssh/config`.
+- Import from `~/.ssh/config` and simple tab-separated export.
 
 ## Install
 
@@ -102,6 +102,16 @@ Press `?` on any screen for a compact hotkey reference.
 Press `F1` on any screen for full documentation including routes, port
 forwarding, tunnels, and vault.
 
+### Screenshots
+
+| Main list | Actions | Route edit |
+|-----------|---------|------------|
+| ![Main list](docs/screenshots/screen_1.png) | ![Actions](docs/screenshots/screen_2.png) | ![Route edit](docs/screenshots/screen_3.png) |
+
+| Port forwards | Tunnel manager |
+|---------------|----------------|
+| ![Port forwards](docs/screenshots/screen_4.png) | ![Tunnel manager](docs/screenshots/screen_5.png) |
+
 ### Key Reference
 
 | Key | Action |
@@ -111,7 +121,7 @@ forwarding, tunnels, and vault.
 | Ctrl+E | Edit server |
 | Ctrl+F | Search |
 | Ctrl+W | Manage port forwards for selected server |
-| Ctrl+X | Action menu (connect, tunnels, forwards, route, test, edit, delete) |
+| Ctrl+X | Action menu (connect, tunnels, forwards, route, test, edit, delete, import/export, vault actions) |
 | Ins | Select / deselect a server |
 | ? | Quick help (hotkeys) |
 | F1 | Full documentation |
@@ -166,6 +176,9 @@ sshkeeper forward add web --name "Local PostgreSQL" --type local --local-port 15
 # SOCKS proxy: route browser traffic through SSH server
 sshkeeper forward add bastion --name "SOCKS Proxy" --type dynamic --local-port 1080
 
+# Disable a saved forward
+sshkeeper forward edit 1 --enabled=false
+
 # List forwards for a server
 sshkeeper forward list web
 # [1] Local PostgreSQL  Local   127.0.0.1:15432  127.0.0.1:5432  yes
@@ -201,8 +214,16 @@ sshkeeper tunnel list
 
 # Stop a tunnel
 sshkeeper tunnel stop <id>
+
+# Stop every tracked tunnel
+sshkeeper tunnel stop-all
 ```
 
+Background tunnels run detached with `ssh -N`, require at least one enabled
+forward, and currently support key or SSH-agent authentication only. Use
+foreground `sshkeeper tunnel <alias>` or `--forward-only` for password and
+key-passphrase authentication so the PTY prompt handler can provide the secret.
+
 ### Connect vs Tunnel
 
 | Action | Command | TUI | Description |
@@ -212,7 +233,7 @@ sshkeeper tunnel stop <id>
 | Start tunnels only | `sshkeeper tunnel <alias> --forward-only` | Action menu → Start tunnels only | Foreground tunnel, no shell |
 | Start tunnels in background | `sshkeeper tunnel <alias> --background` | Action menu → Start tunnels in background | Detached tunnel process with PID tracking |
 | Manage port forwards | `sshkeeper forward` | Action menu → Manage port forwards | Add/edit/delete forward rules |
-| Manage tunnels | `sshkeeper tunnel list/stop` | Action menu → Manage tunnels | View running tunnels, stop, restart |
+| Manage tunnels | `sshkeeper tunnel list/stop/stop-all` | Action menu → Manage tunnels | View running tunnels and stop them |
 
 ## Vault
 

docs/guide.md

@@ -294,7 +294,7 @@ Add Server
 ### Поиск
 
 1. Нажмите `Ctrl+F`
-2. Введите запрос (поиск по alias, name, host, user, group, notes, tags)
+2. Введите запрос (поиск по alias, name, host, user, group, notes, tags, route hops, forward ports)
 3. `Enter` — применить фильтр
 4. `Esc` — сбросить
 
@@ -329,7 +329,7 @@ ROUTE:   ⇒ bastion → dmz-gw → … → root@secure.internal:22
 ### Настройка маршрута
 
 **Через TUI:**
-1. Добавьте/редактируйте сервер
+1. Добавьте/редактируйте сервер или выберите `Ctrl+X` → "Manage route"
 2. В поле "Route hops" введите бастионы через запятую: `bastion,dmz-gw`
 3. Или введите адрес напрямую: `user@bastion.example.com:2222`
 
@@ -456,6 +456,12 @@ sshkeeper tunnel web --forward-only
 sshkeeper tunnel web --background
 ```
 
+Фоновый туннель запускается как `ssh -N`, требует хотя бы один включённый
+forward и сейчас поддерживает только `key` или `agent` auth. Для
+`password`/`key_passphrase` используйте foreground-режим (`sshkeeper tunnel web`
+или `--forward-only`), чтобы sshkeeper мог обработать PTY prompt и передать
+секрет из vault.
+
 ### Управление туннелями
 
 **Через TUI:**
@@ -476,6 +482,7 @@ Tunnel Manager
 ```bash
 sshkeeper tunnel list
 sshkeeper tunnel stop <id>
+sshkeeper tunnel stop-all
 ```
 
 ---
@@ -534,6 +541,9 @@ sshkeeper forward add bastion --name "SOCKS Proxy" --type dynamic --local-port 1
 # Список
 sshkeeper forward list web
 
+# Включить/выключить
+sshkeeper forward edit 1 --enabled=false
+
 # Удаление
 sshkeeper forward delete web 1
 ```
@@ -546,6 +556,7 @@ sshkeeper tunnel web --forward-only     # Только туннель
 sshkeeper tunnel web --background       # Фоновый туннель
 sshkeeper tunnel list                   # Список туннелей
 sshkeeper tunnel stop <id>              # Остановить
+sshkeeper tunnel stop-all               # Остановить все tracked туннели
 ```
 
 ### Группы и шаблоны
@@ -596,6 +607,8 @@ Vault хранит SSH-пароли и фразы от ключей в заши
 **Когда НЕ нужен:**
 - `list`, `show`, `search` — только метаданные
 - `add` с auth=key или auth=agent
+- `tunnel list`, `tunnel stop`, `tunnel stop-all`
+- `tunnel <alias> --background`
 - `export`, `ssh-config`
 
 ---
@@ -704,6 +717,10 @@ sshkeeper connect secure
 | Test connection | Проверка подключения |
 | Edit | Редактирование сервера |
 | Delete | Удаление (с подтверждением) |
+| Import | Импорт из `~/.ssh/config` и обновление списка |
+| Export | Выход в терминал и печать экспорта |
+| Vault: lock | Заблокировать vault в текущем процессе |
+| Vault: change password | Выход в терминал и смена master password |
 
 ### Формы (добавление/редактирование)
 

docs/roadmap/v0.2.0.md

@@ -6,7 +6,7 @@ Routes, tunnels and cleaner TUI.
 
 sshkeeper v0.2.0 focuses on real-world SSH workflows where servers are accessed through bastions, jump chains and port forwards, while keeping the TUI simple and discoverable.
 
-## Planned features
+## Delivered features
 
 ### 1. Cleaner TUI action model
 
@@ -28,6 +28,11 @@ sshkeeper v0.2.0 focuses on real-world SSH workflows where servers are accessed
   - Tags
   - Import/export
   - Vault actions
+- TUI action menu entries are wired:
+  - route opens the server edit form focused on route hops
+  - import refreshes the list after importing from `~/.ssh/config`
+  - export and vault password change leave the alt-screen and run in the normal terminal
+  - vault lock locks the vault in the current process
 
 ### 2. Route / ProxyJump UX
 
@@ -68,10 +73,18 @@ sshkeeper v0.2.0 focuses on real-world SSH workflows where servers are accessed
   - `sshkeeper forward delete <alias> <id>`
   - `sshkeeper tunnel <alias>`
   - `sshkeeper tunnel <alias> --forward-only`
+  - `sshkeeper tunnel <alias> --background`
+  - `sshkeeper tunnel list`
+  - `sshkeeper tunnel stop <id>`
+  - `sshkeeper tunnel stop-all`
   - `sshkeeper route show <alias>`
   - `sshkeeper route set <alias> ...`
   - `sshkeeper route clear <alias>`
 
+Background tunnels are tracked by PID and run with `ssh -N`. They currently
+support key and SSH-agent auth; password/key-passphrase auth remains foreground
+only so the PTY prompt handler can provide the secret safely.
+
 ### 5. Search improvements
 
 - Extend search to notes, tags, proxy/jump route and forward ports.
@@ -93,4 +106,4 @@ sshkeeper v0.2.0 focuses on real-world SSH workflows where servers are accessed
   - local port forward
   - dynamic SOCKS proxy
   - forward-only session
-- Add screenshots for route and forwarding screens.
+- Add screenshots for route, forwarding and tunnel screens.