diff --git a/Netgrimoire/Audits/phpipam-2026-05-04.md b/Netgrimoire/Audits/phpipam-2026-05-04.md
new file mode 100644
index 0000000..de61ebf
--- /dev/null
+++ b/Netgrimoire/Audits/phpipam-2026-05-04.md
@@ -0,0 +1,44 @@
+---
+title: Audit - phpipam.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:32:29.353Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:32:29.353Z
+---
+
+# Audit Report — phpipam.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/phpipam.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+### Audit Report for `swarm/phpipam.yaml`
+
+#### 1. Homepage Labels:
+- **PASS**: All required homepage labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present and correctly formatted.
+
+#### 2. Uptime Kuma Labels:
+- **FAIL**: No Uptime Kuma services found in the YAML file.
+  
+**Fix**: Add Uptime Kuma services to your Docker Swarm configuration with appropriate labels as specified by your requirements.
+
+#### 3. Caddy Labels on Exposed Services:
+- **PASS**: The `phpipam-web` service has a `caddy=ipam.netgrimoire.com` label, but it lacks the `caddy.reverse_proxy` label.
+  
+**Fix**: Add the missing `caddy.reverse_proxy="{{upstreams 80}}"` label to the `phpipam-web` service.
+
+#### 4. Placement Constraints:
+- **PASS**: All services are constrained to run on a node with `hostname == docker3`.
+
+#### 5. Volumes Use /DockerVol/<service> Path Convention:
+- **PASS**: All services use the `/DockerVol/<service>` path convention for their volumes.
+
+#### 6. Network References External netgrimoire Overlay:
+- **PASS**: The `phpipam-web`, `phpipam-cron`, and `phpipam-mariadb` services all reference the external `netgrimoire` network.
+
+### VERDICT: FAIL
\ No newline at end of file