diff --git a/Netgrimoire/Audits/caddy-2026-04-03.md b/Netgrimoire/Audits/caddy-2026-04-03.md
new file mode 100644
index 0000000..b924b02
--- /dev/null
+++ b/Netgrimoire/Audits/caddy-2026-04-03.md
@@ -0,0 +1,47 @@
+---
+title: Audit - caddy.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T03:31:34.043Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T03:31:34.043Z
+---
+
+# Audit Report — caddy.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/stack/caddy/caddy.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT REPORT**
+
+1. **Homepage labels**: There are no homepage-related labels in the provided YAML file.
+   - **FAIL**: Missing homepage labels.
+
+2. **Uptime Kuma labels**: There are no Uptime Kuma-related labels in the provided YAML file.
+   - **FAIL**: Missing Uptime Kuma labels.
+
+3. **Caddy labels on exposed services**:
+   - **PASS**: Caddy service does not have any specific labels as per the provided configuration.
+
+4. **Placement constraints**:
+   - **PASS**: Both `caddy` and `crowdsec` services are constrained to run on the node with hostname `znas`.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - **FAIL**: The volumes are not using the `/DockerVol/<service>` path convention.
+     - `/var/run/docker.sock`
+     - `/export/Docker/caddy/Caddyfile`
+     - `/export/Docker/caddy:/data`
+     - `caddy-logs`
+     - `crowdsec-db`
+
+6. **Network references external netgrimoire overlay**:
+   - **PASS**: The services reference the externally created `netgrimoire` and `vpn` networks.
+
+**VERDICT: FAIL**
+
+The provided YAML file contains several issues that need to be addressed to meet all the audit criteria, including missing homepage and Uptime Kuma labels, non-conforming volume paths, and lack of use of the external `netgrimoire` overlay network.
\ No newline at end of file