From eca0799290bc335b38862267c1fba54a2add7edc Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 00:26:32 +0300
Subject: [PATCH 01/86] feat(setup): NSIS-free install mechanics (file place +
 shortcuts + PATH)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

First piece of the custom app-style installer (replacing the classic NSIS
wizard). internal/setup mirrors exactly what NSIS did — lay the bundled
binaries into %LOCALAPPDATA%\Programs\Clawtool, create Start-menu + Desktop
shortcuts, add the dir to the user PATH, and register an Add/Remove entry
with a self-contained uninstall.ps1 — but as a library the clawtool-setup
app drives with a modern UI. Windows OS integration via PowerShell (no
fragile COM/syscall). Cross-platform-compilable; Windows branches no-op
elsewhere.
---
 internal/setup/setup.go      | 188 +++++++++++++++++++++++++++++++++++
 internal/setup/setup_test.go |  38 +++++++
 2 files changed, 226 insertions(+)
 create mode 100644 internal/setup/setup.go
 create mode 100644 internal/setup/setup_test.go

diff --git a/internal/setup/setup.go b/internal/setup/setup.go
new file mode 100644
index 0000000..41a60f7
--- /dev/null
+++ b/internal/setup/setup.go
@@ -0,0 +1,188 @@
+// Package setup performs a custom, NSIS-free install of clawtool on Windows.
+//
+// It mirrors exactly what the old NSIS wizard did — place the bundled
+// binaries under %LOCALAPPDATA%\Programs\Clawtool, create Start-menu +
+// Desktop shortcuts, add the install dir to the user PATH, and register an
+// Add/Remove-Programs entry with a working uninstaller — but driven by the
+// clawtool-setup app's modern UI instead of a classic Next/Next wizard.
+//
+// Windows OS integration (shortcuts, PATH, registry) is done via PowerShell
+// rather than COM/syscall: it's the dependency-free, well-trodden path and
+// keeps this package simple. Everything compiles on every OS; the Windows
+// branches no-op elsewhere (macOS ships a .dmg, not this installer).
+package setup
+
+import (
+	"fmt"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+)
+
+const productName = "Clawtool"
+
+// PayloadBinaries are the files the setup app embeds and lays into the
+// install dir: the GUI app, the headless CLI/daemon, and the updater.
+var PayloadBinaries = []string{"Clawtool.exe", "clawtool.exe", "ClawtoolUpdate.exe"}
+
+// Progress reports one install step to the UI. detail is optional context.
+type Progress func(label, detail string)
+
+func noop(string, string) {}
+
+// InstallDir returns %LOCALAPPDATA%\Programs\Clawtool — the per-user location
+// the NSIS installer used, so `clawtool upgrade` keeps swapping in place with
+// no UAC prompt. On non-Windows it returns a sane per-user dir (unused in
+// practice; macOS ships a .dmg).
+func InstallDir() string {
+	if runtime.GOOS == "windows" {
+		base := os.Getenv("LOCALAPPDATA")
+		if base == "" {
+			base = filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Local")
+		}
+		return filepath.Join(base, "Programs", productName)
+	}
+	home, _ := os.UserHomeDir()
+	return filepath.Join(home, ".local", "share", strings.ToLower(productName))
+}
+
+// Install lays clawtool down from the embedded payload. Idempotent: a second
+// run overwrites the binaries and refreshes shortcuts / PATH / registry.
+// Returns the install dir.
+func Install(payload fs.FS, version string, progress Progress) (string, error) {
+	if progress == nil {
+		progress = noop
+	}
+	dir := InstallDir()
+
+	progress("Closing any running clawtool", "")
+	stopRunning(dir)
+
+	progress("Preparing "+dir, "")
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return dir, fmt.Errorf("create install dir: %w", err)
+	}
+
+	for _, name := range PayloadBinaries {
+		progress("Installing "+name, "")
+		if err := copyFromFS(payload, name, filepath.Join(dir, name)); err != nil {
+			return dir, fmt.Errorf("write %s: %w", name, err)
+		}
+	}
+
+	if runtime.GOOS == "windows" {
+		progress("Creating shortcuts", "")
+		if err := windowsShortcuts(dir); err != nil {
+			return dir, fmt.Errorf("shortcuts: %w", err)
+		}
+		progress("Adding clawtool to your PATH", "")
+		if err := windowsAddToPath(dir); err != nil {
+			return dir, fmt.Errorf("PATH: %w", err)
+		}
+		progress("Registering uninstaller", "")
+		if err := windowsRegisterUninstall(dir, version); err != nil {
+			return dir, fmt.Errorf("register uninstaller: %w", err)
+		}
+	}
+	return dir, nil
+}
+
+// LaunchInstalled starts the freshly-installed app in installer mode (which
+// runs the one-time initialize flow), detached, so setup can exit.
+func LaunchInstalled() error {
+	cmd := exec.Command(filepath.Join(InstallDir(), "Clawtool.exe"), "--installer")
+	return cmd.Start()
+}
+
+func copyFromFS(src fs.FS, name, dst string) error {
+	data, err := fs.ReadFile(src, name)
+	if err != nil {
+		return err
+	}
+	return os.WriteFile(dst, data, 0o755)
+}
+
+func stopRunning(dir string) {
+	if runtime.GOOS != "windows" {
+		return
+	}
+	// Best-effort: stop the daemon and kill running images so the .exe files
+	// aren't locked while we overwrite them.
+	_ = exec.Command(filepath.Join(dir, "clawtool.exe"), "daemon", "stop").Run()
+	for _, img := range PayloadBinaries {
+		_ = exec.Command("taskkill", "/F", "/IM", img).Run()
+	}
+}
+
+// windowsShortcuts writes Start-menu + Desktop .lnk files via WScript.Shell.
+func windowsShortcuts(dir string) error {
+	target := filepath.Join(dir, "Clawtool.exe")
+	ps := fmt.Sprintf(`
+$ws = New-Object -ComObject WScript.Shell
+foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) {
+  $lnk = $ws.CreateShortcut((Join-Path $d 'Clawtool.lnk'))
+  $lnk.TargetPath = %q
+  $lnk.WorkingDirectory = %q
+  $lnk.IconLocation = %q
+  $lnk.Save()
+}`, target, dir, target)
+	return powershell(ps)
+}
+
+// windowsAddToPath appends the install dir to the user PATH (idempotent).
+func windowsAddToPath(dir string) error {
+	ps := fmt.Sprintf(`
+$p = [Environment]::GetEnvironmentVariable('Path','User')
+if (-not ($p -split ';' | Where-Object { $_ -eq %q })) {
+  if ($p -and -not $p.EndsWith(';')) { $p += ';' }
+  [Environment]::SetEnvironmentVariable('Path', $p + %q, 'User')
+}`, dir, dir)
+	return powershell(ps)
+}
+
+// windowsRegisterUninstall writes the Add/Remove-Programs entry and drops a
+// self-contained uninstall.ps1 (removes the dir, PATH entry, shortcuts, and
+// the registry key) that UninstallString points at — so uninstall works
+// without needing the app to handle a flag.
+func windowsRegisterUninstall(dir, version string) error {
+	key := `HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clawtool`
+	icon := filepath.Join(dir, "Clawtool.exe")
+	uninstallScript := filepath.Join(dir, "uninstall.ps1")
+
+	script := fmt.Sprintf(`
+foreach ($img in 'Clawtool.exe','clawtool.exe','ClawtoolUpdate.exe') { taskkill /F /IM $img 2>$null }
+$p = ([Environment]::GetEnvironmentVariable('Path','User') -split ';' | Where-Object { $_ -and $_ -ne %q }) -join ';'
+[Environment]::SetEnvironmentVariable('Path', $p, 'User')
+$ws = New-Object -ComObject WScript.Shell
+foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) { Remove-Item (Join-Path $d 'Clawtool.lnk') -ErrorAction SilentlyContinue }
+Remove-Item -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clawtool' -Recurse -Force -ErrorAction SilentlyContinue
+Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue`, dir, dir)
+	if err := os.WriteFile(uninstallScript, []byte(script), 0o644); err != nil {
+		return err
+	}
+
+	uninstallCmd := fmt.Sprintf(`powershell -NoProfile -ExecutionPolicy Bypass -File "%s"`, uninstallScript)
+	reg := fmt.Sprintf(`
+New-Item -Path %q -Force | Out-Null
+Set-ItemProperty -Path %q -Name 'DisplayName' -Value 'Clawtool'
+Set-ItemProperty -Path %q -Name 'DisplayVersion' -Value %q
+Set-ItemProperty -Path %q -Name 'Publisher' -Value 'Cogitave'
+Set-ItemProperty -Path %q -Name 'DisplayIcon' -Value %q
+Set-ItemProperty -Path %q -Name 'InstallLocation' -Value %q
+Set-ItemProperty -Path %q -Name 'UninstallString' -Value %q
+Set-ItemProperty -Path %q -Name 'NoModify' -Value 1 -Type DWord
+Set-ItemProperty -Path %q -Name 'NoRepair' -Value 1 -Type DWord`,
+		key, key, key, version, key, key, icon, key, dir, key, uninstallCmd, key, key)
+	return powershell(reg)
+}
+
+func powershell(script string) error {
+	cmd := exec.Command("powershell", "-NoProfile", "-NonInteractive", "-ExecutionPolicy", "Bypass", "-Command", script)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		return fmt.Errorf("%v: %s", err, strings.TrimSpace(string(out)))
+	}
+	return nil
+}
diff --git a/internal/setup/setup_test.go b/internal/setup/setup_test.go
new file mode 100644
index 0000000..38b2f1d
--- /dev/null
+++ b/internal/setup/setup_test.go
@@ -0,0 +1,38 @@
+package setup
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+	"testing/fstest"
+)
+
+func TestInstallDir_NonEmpty(t *testing.T) {
+	if InstallDir() == "" {
+		t.Fatal("InstallDir must not be empty")
+	}
+}
+
+func TestCopyFromFS(t *testing.T) {
+	payload := fstest.MapFS{"clawtool.exe": {Data: []byte("BINARY")}}
+	dst := filepath.Join(t.TempDir(), "clawtool.exe")
+	if err := copyFromFS(payload, "clawtool.exe", dst); err != nil {
+		t.Fatalf("copy: %v", err)
+	}
+	got, err := os.ReadFile(dst)
+	if err != nil || string(got) != "BINARY" {
+		t.Fatalf("copied file wrong: %q err=%v", got, err)
+	}
+}
+
+func TestPayloadBinariesIncludesAll(t *testing.T) {
+	want := map[string]bool{"Clawtool.exe": false, "clawtool.exe": false, "ClawtoolUpdate.exe": false}
+	for _, b := range PayloadBinaries {
+		want[b] = true
+	}
+	for name, found := range want {
+		if !found {
+			t.Errorf("PayloadBinaries missing %s", name)
+		}
+	}
+}

From a31f7c592fd11abff52af9662dcc4b4da8ca48ba Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 00:31:31 +0300
Subject: [PATCH 02/86] refactor(setup): move install mechanics into the
 installer module

The mechanics landed in the main module's internal/setup (which is actually
the recipe/onboard-runner package) by mistake. Move them to a self-contained
cmd/clawtool-installer/install package: pure os/exec + PowerShell, no
main-module deps, so the Wails installer build stays decoupled (same reason
clawtool-installer is its own module). internal/setup restored untouched.
---
 .../setup/setup.go => cmd/clawtool-installer/install/install.go | 2 +-
 .../clawtool-installer/install/install_test.go                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename internal/setup/setup.go => cmd/clawtool-installer/install/install.go (99%)
 rename internal/setup/setup_test.go => cmd/clawtool-installer/install/install_test.go (98%)

diff --git a/internal/setup/setup.go b/cmd/clawtool-installer/install/install.go
similarity index 99%
rename from internal/setup/setup.go
rename to cmd/clawtool-installer/install/install.go
index 41a60f7..400f661 100644
--- a/internal/setup/setup.go
+++ b/cmd/clawtool-installer/install/install.go
@@ -10,7 +10,7 @@
 // rather than COM/syscall: it's the dependency-free, well-trodden path and
 // keeps this package simple. Everything compiles on every OS; the Windows
 // branches no-op elsewhere (macOS ships a .dmg, not this installer).
-package setup
+package install
 
 import (
 	"fmt"
diff --git a/internal/setup/setup_test.go b/cmd/clawtool-installer/install/install_test.go
similarity index 98%
rename from internal/setup/setup_test.go
rename to cmd/clawtool-installer/install/install_test.go
index 38b2f1d..a14a50d 100644
--- a/internal/setup/setup_test.go
+++ b/cmd/clawtool-installer/install/install_test.go
@@ -1,4 +1,4 @@
-package setup
+package install
 
 import (
 	"os"

From d86b5ab79e37e2536926750088b92244a00691f8 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 00:42:18 +0300
Subject: [PATCH 03/86] feat(setup): self-installing setup mode for the desktop
 app
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The setup build embeds the payload (Clawtool.exe, clawtool.exe,
ClawtoolUpdate.exe) via //go:embed; when present, the binary boots in
"setup" mode and self-installs to %LOCALAPPDATA%\Programs\Clawtool — no
classic wizard — then launches the installed app. Progress streams to a
dedicated setup phase in the UI as "setup:step" events, with monotonic
progress that tolerates async event delivery.
---
 cmd/clawtool-installer/app.go                 | 33 ++++++++++-
 .../frontend/dist/index.html                  | 58 ++++++++++++++++++-
 cmd/clawtool-installer/main.go                |  6 ++
 cmd/clawtool-installer/payload.go             | 27 +++++++++
 cmd/clawtool-installer/payload/.gitkeep       |  2 +
 5 files changed, 123 insertions(+), 3 deletions(-)
 create mode 100644 cmd/clawtool-installer/payload.go
 create mode 100644 cmd/clawtool-installer/payload/.gitkeep

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 6435783..3503f2b 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -18,6 +18,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/cogitave/clawtool/cmd/clawtool-installer/install"
 	"github.com/energye/systray"
 	"github.com/wailsapp/wails/v2/pkg/options"
 	wruntime "github.com/wailsapp/wails/v2/pkg/runtime"
@@ -51,10 +52,38 @@ func NewApp() *App { return &App{} }
 // initializes — on launch it only checks for updates, then shows the UI.
 var desktopMode = "app"
 
-// Mode reports the running role ("app" | "installer") so the frontend's
-// boot() can pick the install flow vs the app flow.
+// Mode reports the running role ("app" | "installer" | "setup") so the
+// frontend's boot() can pick the right flow.
 func (a *App) Mode() string { return desktopMode }
 
+// setupVersion is stamped by CI (ldflags) into the ClawtoolSetup build so the
+// Add/Remove-Programs entry shows the right version; "dev" for local builds.
+var setupVersion = "dev"
+
+// RunSetup is called by the frontend in setup mode: lay the embedded payload
+// down (install dir + shortcuts + PATH + uninstaller), then launch the
+// freshly-installed app. Progress streams as "setup:step" events. The install
+// already succeeded by the time we try to launch, so a launch failure is
+// non-fatal.
+func (a *App) RunSetup() string {
+	root, err := payloadRoot()
+	if err != nil {
+		return jsonErr("install payload unavailable: " + err.Error())
+	}
+	dir, err := install.Install(root, setupVersion, func(label, detail string) {
+		wruntime.EventsEmit(a.ctx, "setup:step", map[string]string{"label": label, "detail": detail})
+	})
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	_ = install.LaunchInstalled()
+	b, _ := json.Marshal(struct {
+		OK  bool   `json:"ok"`
+		Dir string `json:"dir"`
+	}{OK: true, Dir: dir})
+	return string(b)
+}
+
 // startup captures the Wails runtime context and starts the system-tray
 // presence so the operator can see clawtool is running (and reopen /
 // quit it).
diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
index e259eec..5213e74 100644
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ b/cmd/clawtool-installer/frontend/dist/index.html
@@ -208,6 +208,15 @@ <h1 id="initTitle">Initializing clawtool</h1>
       <div class="donenote" id="initDone" style="display:none"></div>
     </div>
 
+    <!-- PHASE: Setup (ClawtoolSetup self-install) ------------------->
+    <div class="phase splash" id="phase-setup">
+      <h1 id="setupTitle">Installing clawtool</h1>
+      <div class="status" id="setupSub">Setting up on this device…</div>
+      <div class="meter"><div class="trackbar"><div class="fill" id="setupFill"></div></div><div class="pct" id="setupPct">0%</div></div>
+      <ul class="log" id="setup-log"></ul>
+      <div class="donenote" id="setupDone" style="display:none"></div>
+    </div>
+
     <!-- PHASE: App -------------------------------------------------->
     <div class="phase app" id="phase-app">
       <aside class="side">
@@ -334,6 +343,50 @@ <h1 class="vh">Updates</h1>
         call("Install");
       }
 
+      // ── Setup (ClawtoolSetup self-install) ──────────────────────
+      // The setup build embeds the payload (Clawtool.exe + clawtool.exe +
+      // updater). RunSetup lays it on disk, wires shortcuts/PATH, then
+      // launches the installed app. Steps stream as "setup:step" events;
+      // there's no fixed count, so progress eases toward 95% per step and
+      // snaps to 100% on completion.
+      let setupSteps = 0, setupPct = 0, setupFinished = false;
+      // Monotonic — Wails delivers events asynchronously, so a step can land
+      // after RunSetup resolved; never let progress run backwards.
+      function setSetupProgress(p) {
+        setupPct = Math.max(setupPct, Math.min(p, 100));
+        $("setupFill").style.width = setupPct + "%";
+        $("setupPct").textContent = setupPct + "%";
+      }
+      function addSetupStep(ev) {
+        if (setupFinished) return;
+        const ul = $("setup-log");
+        const li = document.createElement("li");
+        li.innerHTML = '<span class="g">' + CHECK + '</span><span class="lab">' + esc((ev && ev.label) || "") + "</span>" + (ev && ev.detail ? '<span class="msg">' + esc(ev.detail) + "</span>" : "");
+        ul.appendChild(li);
+        while (ul.children.length > 6) ul.removeChild(ul.firstChild);
+        if (ev && ev.label) $("setupSub").textContent = ev.label + "…";
+        setupSteps++;
+        setSetupProgress(Math.min(95, 10 + setupSteps * 14));
+      }
+      async function runSetup() {
+        showPhase("setup");
+        setSetupProgress(5);
+        if (window.runtime && window.runtime.EventsOn) window.runtime.EventsOn("setup:step", addSetupStep);
+        const r = parse(await call("RunSetup"), { ok: false });
+        const ok = !!(r && r.ok);
+        setupFinished = true;
+        setSetupProgress(100);
+        $("setupTitle").textContent = ok ? "clawtool is installed" : "Install needs attention";
+        $("setupSub").textContent = ok ? "Opening clawtool…" : "Something didn't finish.";
+        const d = $("setupDone"); d.style.display = "block";
+        d.innerHTML = ok
+          ? "Installed to <code>" + esc((r && r.dir) || "") + "</code> — launching now. You can close this window."
+          : esc((r && r.error) || "Setup could not complete. Please try running the installer again.");
+        // The installed Clawtool.exe is already launching; close this
+        // bootstrap setup window so only the real app remains.
+        if (ok) setTimeout(() => call("Quit"), 1600);
+      }
+
       // ── Network view ────────────────────────────────────────────
       const expanded = new Set();
       function statusBadge(s) { s = (s || "").toLowerCase();
@@ -547,6 +600,10 @@ <h1 class="vh">Updates</h1>
       let lastCheck = null;
       async function boot() {
         for (let i = 0; i < 40 && !app(); i++) await sleep(50);
+        const mode = await call("Mode");
+        // Setup build: self-install the embedded payload, then launch the
+        // installed app — no update-check (this IS the fresh install).
+        if (mode === "setup") { return runSetup(); }
         showPhase("updater");
         $("upd-splash-status").textContent = "Checking for updates…";
         lastCheck = parse(await call("CheckUpdate"), null);
@@ -561,7 +618,6 @@ <h1 class="vh">Updates</h1>
           $("upd-splash-status").textContent = lastCheck && lastCheck.current ? "Up to date · v" + lastCheck.current : "Starting…";
           await sleep(450);
         }
-        const mode = await call("Mode");
         if (mode === "installer") {
           // Installer role: run the one-time initialize flow (unless this
           // device was already set up — then just hand straight to the app).
diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index a91ffda..29ed05c 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -39,6 +39,12 @@ func main() {
 			desktopMode = "installer"
 		}
 	}
+	// The ClawtoolSetup build embeds the payload — running it self-installs
+	// (no classic wizard) then launches the installed app. The plain app
+	// build has no payload, so this never fires for the installed Clawtool.exe.
+	if payloadPresent() {
+		desktopMode = "setup"
+	}
 	app := NewApp()
 
 	err := wails.Run(&options.App{
diff --git a/cmd/clawtool-installer/payload.go b/cmd/clawtool-installer/payload.go
new file mode 100644
index 0000000..cdda7c3
--- /dev/null
+++ b/cmd/clawtool-installer/payload.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"embed"
+	"io/fs"
+)
+
+// payloadFS holds the binaries the setup build lays down. CI fills ./payload
+// with Clawtool.exe + clawtool.exe + ClawtoolUpdate.exe before building
+// ClawtoolSetup.exe; the plain app build leaves it empty (just .gitkeep).
+//
+//go:embed all:payload
+var payloadFS embed.FS
+
+// payloadRoot is the embedded payload rooted at the dir.
+func payloadRoot() (fs.FS, error) { return fs.Sub(payloadFS, "payload") }
+
+// payloadPresent reports whether the install payload is embedded — i.e. this
+// is the ClawtoolSetup build (run it → self-install), not the plain app build.
+func payloadPresent() bool {
+	root, err := payloadRoot()
+	if err != nil {
+		return false
+	}
+	_, err = fs.Stat(root, "Clawtool.exe")
+	return err == nil
+}
diff --git a/cmd/clawtool-installer/payload/.gitkeep b/cmd/clawtool-installer/payload/.gitkeep
new file mode 100644
index 0000000..64c87c0
--- /dev/null
+++ b/cmd/clawtool-installer/payload/.gitkeep
@@ -0,0 +1,2 @@
+# CI fills this dir with Clawtool.exe + clawtool.exe + ClawtoolUpdate.exe
+# before the ClawtoolSetup build; empty in the plain app build.

From a66cf1d749d4f5421bfac8468441fdaa1f2d2243 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 00:45:35 +0300
Subject: [PATCH 04/86] ci(installer): build the custom self-installing
 ClawtoolSetup.exe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the NSIS wizard build with a 2-build flow: compile the app
(Clawtool.exe), stage it plus the headless clawtool.exe and
ClawtoolUpdate.exe into payload/, then recompile so the payload is
embedded — producing a self-installing ClawtoolSetup.exe with no classic
wizard. Drops the NSIS toolchain, WebView2-bootstrapper and EnVar plugin
fetches, and the committed project.nsi/wails_tools.nsh.
---
 .github/workflows/installer.yml               |  87 +++-----
 .../build/windows/installer/project.nsi       | 185 -----------------
 .../build/windows/installer/wails_tools.nsh   | 196 ------------------
 3 files changed, 29 insertions(+), 439 deletions(-)
 delete mode 100644 cmd/clawtool-installer/build/windows/installer/project.nsi
 delete mode 100644 cmd/clawtool-installer/build/windows/installer/wails_tools.nsh

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 7a553ca..eee27c1 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -86,75 +86,46 @@ jobs:
       - name: wails doctor
         run: wails doctor || true
 
-      # ── Windows: build GUI → bundle headless binary → compile our
-      #    customized NSIS installer (build/windows/installer/project.nsi)
-      #    which installs BOTH the GUI + clawtool.exe into Program Files,
-      #    creates shortcuts + an uninstaller, and offers to run setup. ──
-      - name: Install NSIS (Windows)
-        if: runner.os == 'Windows'
-        run: choco install nsis -y --no-progress
-        shell: pwsh
-
-      - name: Build the GUI (Windows)
+      # ── Windows: custom app-style installer via a 2-build flow ──────
+      #  No classic NSIS wizard. The same Wails binary is both the app and
+      #  the setup — payload presence (//go:embed all:payload) flips it
+      #  into "setup" mode (see payload.go / main.go).
+      #
+      #    Build 1 → the app, Clawtool.exe, with an empty payload/ → plain
+      #              "app" mode.
+      #    Stage   → copy that Clawtool.exe + the headless clawtool.exe +
+      #              ClawtoolUpdate.exe into payload/.
+      #    Build 2 → recompile; the payload is now embedded, so the binary
+      #              self-installs on launch. Rename it ClawtoolSetup.exe.
+      #
+      #  Running ClawtoolSetup.exe lays the embedded payload into
+      #  %LOCALAPPDATA%\Programs\Clawtool, wires shortcuts/PATH/uninstaller
+      #  (install/install.go), then launches the installed Clawtool.exe —
+      #  which, having no payload, runs as the app.
+      - name: Build 1 — the app GUI (Windows)
         if: runner.os == 'Windows'
         run: wails build -platform windows/amd64
         shell: pwsh
 
-      - name: Restore committed NSIS template (Windows)
+      - name: Stage payload — app + headless CLI + updater (Windows)
         if: runner.os == 'Windows'
         working-directory: ${{ github.workspace }}
-        # `wails build` may regenerate wails_tools.nsh; restore our
-        # checked-in, customized project.nsi + wails_tools.nsh before
-        # compiling so the clawtool.exe bundling + tweaks survive.
-        run: git checkout -- cmd/clawtool-installer/build/windows/installer/
-        shell: pwsh
-
-      - name: Bundle headless clawtool.exe (Windows)
-        if: runner.os == 'Windows'
-        working-directory: ${{ github.workspace }}
-        run: go build -ldflags "-s -w" -o cmd/clawtool-installer/build/bin/clawtool.exe ./cmd/clawtool
-
-      - name: Bundle updater ClawtoolUpdate.exe (Windows)
-        if: runner.os == 'Windows'
-        working-directory: ${{ github.workspace }}
-        run: go build -ldflags "-s -w" -o cmd/clawtool-installer/build/bin/ClawtoolUpdate.exe ./cmd/clawtool-updater
-        shell: pwsh
-
-      - name: Fetch WebView2 bootstrapper (Windows)
-        if: runner.os == 'Windows'
-        working-directory: cmd/clawtool-installer/build/windows/installer
-        # The wails.webview2runtime NSIS macro bundles this so the
-        # installer can provision WebView2 on machines that lack it.
-        # `wails build -nsis` downloads it automatically; our manual
-        # makensis call must fetch it into tmp/ first.
-        run: |
-          New-Item -ItemType Directory -Force -Path tmp | Out-Null
-          Invoke-WebRequest "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "tmp\MicrosoftEdgeWebview2Setup.exe"
-        shell: pwsh
-
-      - name: Fetch EnVar NSIS plugin (Windows)
-        if: runner.os == 'Windows'
-        working-directory: cmd/clawtool-installer/build/windows/installer
-        # project.nsi adds the install dir to the system PATH via the
-        # EnVar plugin (the only truncation-safe way — see the comment in
-        # project.nsi). makensis needs the DLL on its plugin search path;
-        # `!addplugindir ".\plugins"` points at the dir we drop it into.
-        # Unicode true ⇒ use the x86-unicode build of the plugin.
         run: |
-          New-Item -ItemType Directory -Force -Path plugins | Out-Null
-          New-Item -ItemType Directory -Force -Path tmp | Out-Null
-          Invoke-WebRequest "https://nsis.sourceforge.io/mediawiki/images/7/7f/EnVar_plugin.zip" -OutFile "tmp\EnVar_plugin.zip"
-          Expand-Archive -Path "tmp\EnVar_plugin.zip" -DestinationPath "tmp\envar" -Force
-          Copy-Item "tmp\envar\Plugins\x86-unicode\EnVar.dll" -Destination "plugins\EnVar.dll" -Force
+          $payload = "cmd/clawtool-installer/payload"
+          New-Item -ItemType Directory -Force -Path $payload | Out-Null
+          Copy-Item "cmd/clawtool-installer/build/bin/Clawtool.exe" "$payload/Clawtool.exe" -Force
+          go build -ldflags "-s -w" -o "$payload/clawtool.exe" ./cmd/clawtool
+          go build -ldflags "-s -w" -o "$payload/ClawtoolUpdate.exe" ./cmd/clawtool-updater
         shell: pwsh
 
-      - name: Compile NSIS installer (Windows)
+      - name: Build 2 — self-installing ClawtoolSetup.exe (Windows)
         if: runner.os == 'Windows'
-        working-directory: cmd/clawtool-installer/build/windows/installer
-        # choco installs NSIS but doesn't refresh this step's PATH, so
-        # call makensis by its standard install path.
+        # Stamp the setup's display version from the release tag when called
+        # from release.yml; "dev" for branch / PR builds.
         run: |
-          & "C:\Program Files (x86)\NSIS\makensis.exe" "-DARG_WAILS_AMD64_BINARY=..\..\bin\Clawtool.exe" project.nsi
+          $ver = if ("${{ inputs.tag }}") { "${{ inputs.tag }}" -replace '^v','' } else { "dev" }
+          wails build -platform windows/amd64 -ldflags "-X main.setupVersion=$ver"
+          Move-Item "build/bin/Clawtool.exe" "build/bin/ClawtoolSetup.exe" -Force
         shell: pwsh
 
       # ── macOS: build .app, embed a universal headless clawtool, .dmg ──
diff --git a/cmd/clawtool-installer/build/windows/installer/project.nsi b/cmd/clawtool-installer/build/windows/installer/project.nsi
deleted file mode 100644
index 5a2e277..0000000
--- a/cmd/clawtool-installer/build/windows/installer/project.nsi
+++ /dev/null
@@ -1,185 +0,0 @@
-Unicode true
-
-## clawtool desktop installer — based on Wails' canonical project.nsi
-## (v2.10.1), customized to also install the headless `clawtool.exe`
-## alongside the GUI. INFO_* + the wails.* macros come from
-## wails_tools.nsh. Built via a manual makensis call (see
-## .github/workflows/installer.yml) with:
-##   makensis -DARG_WAILS_AMD64_BINARY=..\..\bin\Clawtool.exe project.nsi
-
-# Per-user install (industry-standard for an auto-updating desktop app:
-# VS Code, Chrome user-install, etc.). Defined BEFORE wails_tools.nsh so
-# its !ifndef default of "admin" doesn't win — this flips
-# RequestExecutionLevel to "user" and makes wails.setShellContext use
-# the current-user shell folders. The payoff: the tray can run
-# `clawtool upgrade` to swap the binary in $LOCALAPPDATA with NO UAC
-# prompt, so updates are silent. (Per-machine Program Files would force
-# a UAC prompt on every update.)
-!define REQUEST_EXECUTION_LEVEL "user"
-
-# Install the GUI as Clawtool.exe (the app), not the wails project name
-# (clawtool-installer.exe). Defined BEFORE wails_tools.nsh so its
-# !ifndef default ("${INFO_PROJECTNAME}.exe") doesn't win. The shortcuts,
-# finish-page run, and uninstaller all reference ${PRODUCT_EXECUTABLE}.
-!define PRODUCT_EXECUTABLE "Clawtool.exe"
-
-!include "wails_tools.nsh"
-
-VIProductVersion "${INFO_PRODUCTVERSION}.0"
-VIFileVersion    "${INFO_PRODUCTVERSION}.0"
-
-VIAddVersionKey "CompanyName"     "${INFO_COMPANYNAME}"
-VIAddVersionKey "FileDescription" "${INFO_PRODUCTNAME} Installer"
-VIAddVersionKey "ProductVersion"  "${INFO_PRODUCTVERSION}"
-VIAddVersionKey "FileVersion"     "${INFO_PRODUCTVERSION}"
-VIAddVersionKey "LegalCopyright"  "${INFO_COPYRIGHT}"
-VIAddVersionKey "ProductName"     "${INFO_PRODUCTNAME}"
-
-# Enable HiDPI support. https://nsis.sourceforge.io/Reference/ManifestDPIAware
-ManifestDPIAware true
-
-!include "MUI.nsh"
-!include "WinMessages.nsh" # WM_SETTINGCHANGE / HWND_BROADCAST for the PATH broadcast.
-
-# EnVar plugin — the only safe way to edit the system PATH from NSIS.
-# A naive "read Path into a var, append, write back" corrupts PATH on
-# the stock makensis build (NSIS_MAX_STRLEN=1024 silently truncates a
-# long PATH). EnVar edits the registry value directly, with dedup, and
-# preserves the REG_EXPAND_SZ type. The plugin DLL is fetched into
-# ./plugins by the installer CI step before makensis runs.
-!addplugindir ".\plugins"
-
-# (Icon defines intentionally omitted — no build/windows/icon.ico is
-# shipped; MUI uses its defaults so the installer builds without it.)
-!define MUI_FINISHPAGE_NOAUTOCLOSE
-!define MUI_ABORTWARNING
-
-# Offer to run the one-time initialize flow right after files are installed.
-# The GUI launched with --installer runs the bootstrap (daemon, bridges,
-# agent claim, init); without the flag (the Start-menu/desktop shortcuts) it
-# is just the app. This is the installer-vs-app role split — the installer
-# initializes once, the app never does.
-!define MUI_FINISHPAGE_RUN "$INSTDIR\${PRODUCT_EXECUTABLE}"
-!define MUI_FINISHPAGE_RUN_PARAMETERS "--installer"
-!define MUI_FINISHPAGE_RUN_TEXT "Set up clawtool now"
-
-!insertmacro MUI_PAGE_WELCOME
-!insertmacro MUI_PAGE_DIRECTORY
-!insertmacro MUI_PAGE_INSTFILES
-!insertmacro MUI_PAGE_FINISH
-
-!insertmacro MUI_UNPAGE_INSTFILES
-
-!insertmacro MUI_LANGUAGE "English"
-
-Name "${INFO_PRODUCTNAME}"
-# Industry-standard setup name (cf. DiscordSetup.exe / SlackSetup.exe),
-# not the arch-tagged dev artifact name.
-OutFile "..\..\bin\ClawtoolSetup.exe"
-# Per-user location (no admin needed; writable by the tray for silent
-# self-update). $LOCALAPPDATA\Programs\<App> is where per-user apps land
-# by convention (same place VS Code's user setup installs).
-InstallDir "$LOCALAPPDATA\Programs\${INFO_PRODUCTNAME}"
-ShowInstDetails show
-
-Function .onInit
-   !insertmacro wails.checkArchitecture
-FunctionEnd
-
-Section
-    !insertmacro wails.setShellContext
-
-    # Re-install / upgrade over an existing copy: a running clawtool
-    # holds its .exe files locked, so the file copy below would fail
-    # (the operator-reported "already installed, couldn't reinstall").
-    # Stop the daemon gracefully if a previous clawtool is on PATH, then
-    # force-kill the tray GUI + any daemon so every binary unlocks.
-    # taskkill on a not-running image just returns nonzero — harmless.
-    nsExec::Exec 'clawtool daemon stop'
-    nsExec::Exec 'taskkill /F /IM ${PRODUCT_EXECUTABLE}'
-    nsExec::Exec 'taskkill /F /IM clawtool.exe'
-    Sleep 600
-
-    !insertmacro wails.webview2runtime
-
-    SetOutPath $INSTDIR
-
-    # The Wails GUI installer binary (installed as ${PRODUCT_EXECUTABLE}).
-    !insertmacro wails.files
-
-    # The headless clawtool binary the GUI drives — bundled so the
-    # install is self-contained. locateClawtool() finds it next to the
-    # GUI in $INSTDIR.
-    File "..\..\bin\clawtool.exe"
-
-    # The standalone updater: the app hands off to it to swap binaries it
-    # can't overwrite while running, then relaunch. Lives next to the app.
-    File "..\..\bin\ClawtoolUpdate.exe"
-
-    CreateShortcut "$SMPROGRAMS\${INFO_PRODUCTNAME}.lnk" "$INSTDIR\${PRODUCT_EXECUTABLE}"
-    CreateShortCut "$DESKTOP\${INFO_PRODUCTNAME}.lnk" "$INSTDIR\${PRODUCT_EXECUTABLE}"
-
-    # Put $INSTDIR on the PATH so `clawtool` is a global terminal command
-    # (the operator-reported "clawtool: command not found"). SetHKCU
-    # targets the per-user PATH — matches the per-user install and needs
-    # no admin. AddValue dedups, so re-running won't stack duplicates.
-    EnVar::SetHKCU
-    EnVar::AddValue "Path" "$INSTDIR"
-    Pop $0
-    DetailPrint "Add clawtool to user PATH: $0 (0 = ok)"
-    # Broadcast the change so newly-launched shells pick it up without a
-    # reboot. Already-open terminals still need to be reopened — the GUI
-    # success screen tells the operator this.
-    SendMessage ${HWND_BROADCAST} ${WM_SETTINGCHANGE} 0 "STR:Environment" /TIMEOUT=5000
-
-    !insertmacro wails.associateFiles
-    !insertmacro wails.associateCustomProtocols
-
-    # Add/Remove Programs registration. The stock wails.writeUninstaller
-    # macro writes to HKLM, which a non-admin per-user install can't
-    # touch — so register under HKCU instead (where per-user apps belong,
-    # and where Windows' Settings > Apps reads them for this user).
-    WriteUninstaller "$INSTDIR\uninstall.exe"
-    WriteRegStr HKCU "${UNINST_KEY}" "Publisher" "${INFO_COMPANYNAME}"
-    WriteRegStr HKCU "${UNINST_KEY}" "DisplayName" "${INFO_PRODUCTNAME}"
-    WriteRegStr HKCU "${UNINST_KEY}" "DisplayVersion" "${INFO_PRODUCTVERSION}"
-    WriteRegStr HKCU "${UNINST_KEY}" "DisplayIcon" "$INSTDIR\${PRODUCT_EXECUTABLE}"
-    WriteRegStr HKCU "${UNINST_KEY}" "InstallLocation" "$INSTDIR"
-    WriteRegStr HKCU "${UNINST_KEY}" "UninstallString" "$\"$INSTDIR\uninstall.exe$\""
-    WriteRegStr HKCU "${UNINST_KEY}" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S"
-    WriteRegDWORD HKCU "${UNINST_KEY}" "NoModify" 1
-    WriteRegDWORD HKCU "${UNINST_KEY}" "NoRepair" 1
-SectionEnd
-
-Section "uninstall"
-    !insertmacro wails.setShellContext
-
-    # Stop the running gateway so its binaries unlock before removal.
-    nsExec::Exec 'taskkill /F /IM ${PRODUCT_EXECUTABLE}'
-    nsExec::Exec 'taskkill /F /IM clawtool.exe'
-    Sleep 600
-
-    # Remove $INSTDIR from the user PATH (mirror of the install-time
-    # AddValue). DeleteValue is a no-op if it isn't present, so a partial
-    # / repeated uninstall stays clean.
-    EnVar::SetHKCU
-    EnVar::DeleteValue "Path" "$INSTDIR"
-    Pop $0
-    DetailPrint "Remove clawtool from user PATH: $0 (0 = ok)"
-    SendMessage ${HWND_BROADCAST} ${WM_SETTINGCHANGE} 0 "STR:Environment" /TIMEOUT=5000
-
-    RMDir /r "$AppData\${PRODUCT_EXECUTABLE}" # Remove the WebView2 DataPath
-
-    RMDir /r $INSTDIR
-
-    Delete "$SMPROGRAMS\${INFO_PRODUCTNAME}.lnk"
-    Delete "$DESKTOP\${INFO_PRODUCTNAME}.lnk"
-
-    !insertmacro wails.unassociateFiles
-    !insertmacro wails.unassociateCustomProtocols
-
-    # Mirror of the HKCU ARP registration written on install (the stock
-    # wails.deleteUninstaller targets HKLM, which we never wrote to).
-    Delete "$INSTDIR\uninstall.exe"
-    DeleteRegKey HKCU "${UNINST_KEY}"
-SectionEnd
diff --git a/cmd/clawtool-installer/build/windows/installer/wails_tools.nsh b/cmd/clawtool-installer/build/windows/installer/wails_tools.nsh
deleted file mode 100644
index faee354..0000000
--- a/cmd/clawtool-installer/build/windows/installer/wails_tools.nsh
+++ /dev/null
@@ -1,196 +0,0 @@
-# Rendered from Wails' canonical wails_tools.nsh (v2.10.1) with the
-# project's values substituted and the file-association / custom-
-# protocol template ranges rendered empty (clawtool-installer declares
-# neither). Kept checked in so a manual `makensis` build works without
-# relying on `wails build` to regenerate it.
-
-!include "x64.nsh"
-!include "WinVer.nsh"
-!include "FileFunc.nsh"
-
-!ifndef INFO_PROJECTNAME
-    !define INFO_PROJECTNAME "clawtool-installer"
-!endif
-!ifndef INFO_COMPANYNAME
-    !define INFO_COMPANYNAME "Cogitave"
-!endif
-!ifndef INFO_PRODUCTNAME
-    !define INFO_PRODUCTNAME "clawtool"
-!endif
-!ifndef INFO_PRODUCTVERSION
-    !define INFO_PRODUCTVERSION "1.0.0"
-!endif
-!ifndef INFO_COPYRIGHT
-    !define INFO_COPYRIGHT "Copyright © Cogitave"
-!endif
-!ifndef PRODUCT_EXECUTABLE
-    !define PRODUCT_EXECUTABLE "${INFO_PROJECTNAME}.exe"
-!endif
-!ifndef UNINST_KEY_NAME
-    !define UNINST_KEY_NAME "${INFO_COMPANYNAME}${INFO_PRODUCTNAME}"
-!endif
-!define UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${UNINST_KEY_NAME}"
-
-!ifndef REQUEST_EXECUTION_LEVEL
-    !define REQUEST_EXECUTION_LEVEL "admin"
-!endif
-
-RequestExecutionLevel "${REQUEST_EXECUTION_LEVEL}"
-
-!ifdef ARG_WAILS_AMD64_BINARY
-    !define SUPPORTS_AMD64
-!endif
-
-!ifdef ARG_WAILS_ARM64_BINARY
-    !define SUPPORTS_ARM64
-!endif
-
-!ifdef SUPPORTS_AMD64
-    !ifdef SUPPORTS_ARM64
-        !define ARCH "amd64_arm64"
-    !else
-        !define ARCH "amd64"
-    !endif
-!else
-    !ifdef SUPPORTS_ARM64
-        !define ARCH "arm64"
-    !else
-        !error "Wails: Undefined ARCH, please provide at least one of ARG_WAILS_AMD64_BINARY or ARG_WAILS_ARM64_BINARY"
-    !endif
-!endif
-
-!macro wails.checkArchitecture
-    !ifndef WAILS_WIN10_REQUIRED
-        !define WAILS_WIN10_REQUIRED "This product is only supported on Windows 10 (Server 2016) and later."
-    !endif
-
-    !ifndef WAILS_ARCHITECTURE_NOT_SUPPORTED
-        !define WAILS_ARCHITECTURE_NOT_SUPPORTED "This product can't be installed on the current Windows architecture. Supports: ${ARCH}"
-    !endif
-
-    ${If} ${AtLeastWin10}
-        !ifdef SUPPORTS_AMD64
-            ${if} ${IsNativeAMD64}
-                Goto ok
-            ${EndIf}
-        !endif
-
-        !ifdef SUPPORTS_ARM64
-            ${if} ${IsNativeARM64}
-                Goto ok
-            ${EndIf}
-        !endif
-
-        IfSilent silentArch notSilentArch
-        silentArch:
-            SetErrorLevel 65
-            Abort
-        notSilentArch:
-            MessageBox MB_OK "${WAILS_ARCHITECTURE_NOT_SUPPORTED}"
-            Quit
-    ${else}
-        IfSilent silentWin notSilentWin
-        silentWin:
-            SetErrorLevel 64
-            Abort
-        notSilentWin:
-            MessageBox MB_OK "${WAILS_WIN10_REQUIRED}"
-            Quit
-    ${EndIf}
-
-    ok:
-!macroend
-
-!macro wails.files
-    !ifdef SUPPORTS_AMD64
-        ${if} ${IsNativeAMD64}
-            File "/oname=${PRODUCT_EXECUTABLE}" "${ARG_WAILS_AMD64_BINARY}"
-        ${EndIf}
-    !endif
-
-    !ifdef SUPPORTS_ARM64
-        ${if} ${IsNativeARM64}
-            File "/oname=${PRODUCT_EXECUTABLE}" "${ARG_WAILS_ARM64_BINARY}"
-        ${EndIf}
-    !endif
-!macroend
-
-!macro wails.writeUninstaller
-    WriteUninstaller "$INSTDIR\uninstall.exe"
-
-    SetRegView 64
-    WriteRegStr HKLM "${UNINST_KEY}" "Publisher" "${INFO_COMPANYNAME}"
-    WriteRegStr HKLM "${UNINST_KEY}" "DisplayName" "${INFO_PRODUCTNAME}"
-    WriteRegStr HKLM "${UNINST_KEY}" "DisplayVersion" "${INFO_PRODUCTVERSION}"
-    WriteRegStr HKLM "${UNINST_KEY}" "DisplayIcon" "$INSTDIR\${PRODUCT_EXECUTABLE}"
-    WriteRegStr HKLM "${UNINST_KEY}" "UninstallString" "$\"$INSTDIR\uninstall.exe$\""
-    WriteRegStr HKLM "${UNINST_KEY}" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S"
-
-    ${GetSize} "$INSTDIR" "/S=0K" $0 $1 $2
-    IntFmt $0 "0x%08X" $0
-    WriteRegDWORD HKLM "${UNINST_KEY}" "EstimatedSize" "$0"
-!macroend
-
-!macro wails.deleteUninstaller
-    Delete "$INSTDIR\uninstall.exe"
-
-    SetRegView 64
-    DeleteRegKey HKLM "${UNINST_KEY}"
-!macroend
-
-!macro wails.setShellContext
-    ${If} ${REQUEST_EXECUTION_LEVEL} == "admin"
-        SetShellVarContext all
-    ${else}
-        SetShellVarContext current
-    ${EndIf}
-!macroend
-
-# Install webview2 by launching the bootstrapper
-!macro wails.webview2runtime
-    !ifndef WAILS_INSTALL_WEBVIEW_DETAILPRINT
-        !define WAILS_INSTALL_WEBVIEW_DETAILPRINT "Installing: WebView2 Runtime"
-    !endif
-
-    SetRegView 64
-    # If the admin key exists and is not empty then webview2 is already installed
-    ReadRegStr $0 HKLM "SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}" "pv"
-    ${If} $0 != ""
-        Goto ok
-    ${EndIf}
-
-    ${If} ${REQUEST_EXECUTION_LEVEL} == "user"
-        ReadRegStr $0 HKCU "Software\Microsoft\EdgeUpdate\Clients{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}" "pv"
-        ${If} $0 != ""
-            Goto ok
-        ${EndIf}
-     ${EndIf}
-
-    SetDetailsPrint both
-    DetailPrint "${WAILS_INSTALL_WEBVIEW_DETAILPRINT}"
-    SetDetailsPrint listonly
-
-    InitPluginsDir
-    CreateDirectory "$pluginsdir\webview2bootstrapper"
-    SetOutPath "$pluginsdir\webview2bootstrapper"
-    File "tmp\MicrosoftEdgeWebview2Setup.exe"
-    ExecWait '"$pluginsdir\webview2bootstrapper\MicrosoftEdgeWebview2Setup.exe" /silent /install'
-
-    SetDetailsPrint both
-    ok:
-!macroend
-
-# clawtool-installer declares no file associations or custom protocols,
-# so these are intentionally empty (the canonical template fills them
-# from a Go-template range).
-!macro wails.associateFiles
-!macroend
-
-!macro wails.unassociateFiles
-!macroend
-
-!macro wails.associateCustomProtocols
-!macroend
-
-!macro wails.unassociateCustomProtocols
-!macroend

From 7ba41461c295211085b9fc1330a5f06865aecbcc Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 00:46:35 +0300
Subject: [PATCH 05/86] fix(setup): give the setup binary its own
 single-instance lock

In setup mode the binary launches the installed Clawtool.exe before it
quits, so both run briefly. Sharing one single-instance lock made the
freshly-launched app treat the still-running setup as the first instance
and exit instead of starting. Setup now uses a distinct lock id.
---
 cmd/clawtool-installer/main.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index 29ed05c..46552be 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -47,6 +47,16 @@ func main() {
 	}
 	app := NewApp()
 
+	// The setup binary launches the installed Clawtool.exe (in --installer
+	// mode) before it quits, so for a moment both run. They must NOT share a
+	// single-instance lock: if they did, the freshly-launched app would see
+	// the still-running setup as the first instance, surface it, and exit
+	// instead of starting. Give setup its own lock id.
+	instanceID := "com.cogitave.clawtool.installer"
+	if desktopMode == "setup" {
+		instanceID = "com.cogitave.clawtool.setup"
+	}
+
 	err := wails.Run(&options.App{
 		Title:  "clawtool",
 		Width:  520,
@@ -70,7 +80,7 @@ func main() {
 		// launch must not start a conflicting process — it just
 		// surfaces the running window.
 		SingleInstanceLock: &options.SingleInstanceLock{
-			UniqueId:               "com.cogitave.clawtool.installer",
+			UniqueId:               instanceID,
 			OnSecondInstanceLaunch: app.onSecondInstanceLaunch,
 		},
 		AssetServer: &assetserver.Options{Assets: assets},

From 6fcee3b63a7d560ccaae0ecd1719f190451df1db Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 01:31:36 +0300
Subject: [PATCH 06/86] feat(setup): stepped installer UI + central brand,
 grounded design
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Rework the custom installer into a guided, app-style stepped flow —
Welcome (Install button) → Installing (live, timestamped install log with
per-binary sizes and paths) → Done (Open / Finish) — instead of a
zero-click auto-install. RunSetup no longer launches the app; the Done
step's Open button does, via OpenInstalled, keeping the user in control.

Add a brand package as the single source of product identity (name, CLI,
publisher, tagline, derived exe/shortcut/dir names); install.go and app.go
route through it, and App.Brand feeds the frontend so the UI hardcodes
nothing. Renaming the product is now a one-file edit (plus the build-time
artifact names noted in brand.go).

Reground the visual design in a well-regarded terminal's real shipped dark
theme: #181818 base, opacity-layered surfaces, one cool accent used
sparingly, hairline borders, small radii, no gradients — replacing the
earlier brighter, gradient-heavy look.
---
 cmd/clawtool-installer/app.go                 |  34 ++-
 cmd/clawtool-installer/brand/brand.go         |  37 +++
 .../frontend/dist/index.html                  | 259 +++++++++++++-----
 cmd/clawtool-installer/install/install.go     | 108 +++++---
 .../install/install_test.go                   |   2 +-
 cmd/clawtool-installer/main.go                |   2 +-
 cmd/clawtool-installer/payload.go             |   4 +-
 7 files changed, 325 insertions(+), 121 deletions(-)
 create mode 100644 cmd/clawtool-installer/brand/brand.go

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 3503f2b..38ecc1b 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -18,6 +18,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/cogitave/clawtool/cmd/clawtool-installer/brand"
 	"github.com/cogitave/clawtool/cmd/clawtool-installer/install"
 	"github.com/energye/systray"
 	"github.com/wailsapp/wails/v2/pkg/options"
@@ -60,11 +61,24 @@ func (a *App) Mode() string { return desktopMode }
 // Add/Remove-Programs entry shows the right version; "dev" for local builds.
 var setupVersion = "dev"
 
-// RunSetup is called by the frontend in setup mode: lay the embedded payload
-// down (install dir + shortcuts + PATH + uninstaller), then launch the
-// freshly-installed app. Progress streams as "setup:step" events. The install
-// already succeeded by the time we try to launch, so a launch failure is
-// non-fatal.
+// Brand feeds the frontend the product identity (name, command, tagline,
+// install dir) from the single source of truth so the UI never hardcodes it.
+func (a *App) Brand() string {
+	b, _ := json.Marshal(struct {
+		Name       string `json:"name"`
+		CLI        string `json:"cli"`
+		Tagline    string `json:"tagline"`
+		InstallDir string `json:"installDir"`
+		Version    string `json:"version"`
+	}{brand.Name, brand.CLI, brand.Tagline, install.InstallDir(), setupVersion})
+	return string(b)
+}
+
+// RunSetup is called by the frontend's Welcome step (Install button) in setup
+// mode: it lays the embedded payload down (install dir + shortcuts + PATH +
+// uninstaller). Progress streams as "setup:step" events. It does NOT launch
+// the app — the Done step does that via OpenInstalled, so the user stays in
+// control of the stepped flow.
 func (a *App) RunSetup() string {
 	root, err := payloadRoot()
 	if err != nil {
@@ -76,7 +90,6 @@ func (a *App) RunSetup() string {
 	if err != nil {
 		return jsonErr(err.Error())
 	}
-	_ = install.LaunchInstalled()
 	b, _ := json.Marshal(struct {
 		OK  bool   `json:"ok"`
 		Dir string `json:"dir"`
@@ -84,6 +97,15 @@ func (a *App) RunSetup() string {
 	return string(b)
 }
 
+// OpenInstalled launches the freshly-installed app (Done step's "Open"
+// button). The install already succeeded, so a launch failure is non-fatal.
+func (a *App) OpenInstalled() string {
+	if err := install.LaunchInstalled(); err != nil {
+		return jsonErr(err.Error())
+	}
+	return `{"ok":true}`
+}
+
 // startup captures the Wails runtime context and starts the system-tray
 // presence so the operator can see clawtool is running (and reopen /
 // quit it).
diff --git a/cmd/clawtool-installer/brand/brand.go b/cmd/clawtool-installer/brand/brand.go
new file mode 100644
index 0000000..87cc9ae
--- /dev/null
+++ b/cmd/clawtool-installer/brand/brand.go
@@ -0,0 +1,37 @@
+// Package brand is the single source of truth for the product's identity
+// across the installer module: its name, the terminal command, the publisher,
+// the tagline, and the derived binary + shortcut + install-dir names. Rename
+// the product by editing the constants here — the runtime UI (App.Brand feeds
+// the frontend) and the install mechanics both follow.
+//
+// The only rename points OUTSIDE this file are build-time artifact names that
+// Go can't reach: wails.json's "outputfilename" and the binary names in the
+// installer CI (.github/workflows/installer.yml). Keep those in sync with
+// Display below.
+package brand
+
+const (
+	// Name is the lowercase, spoken/display name shown in UI copy.
+	Name = "clawtool"
+	// Display is the capitalized form used for the install dir, the exe base
+	// names, shortcuts, and the Add/Remove-Programs entry.
+	Display = "Clawtool"
+	// CLI is the terminal command users type.
+	CLI = "clawtool"
+	// Publisher is the Add/Remove-Programs publisher.
+	Publisher = "Cogitave"
+	// Tagline is the one-line product description on the installer welcome.
+	Tagline = "An agent gateway for your machine — one tool layer, everywhere."
+)
+
+// AppExe is the GUI app/setup binary name (e.g. Clawtool.exe).
+func AppExe() string { return Display + ".exe" }
+
+// CLIExe is the headless CLI/daemon binary name (e.g. clawtool.exe).
+func CLIExe() string { return CLI + ".exe" }
+
+// UpdaterExe is the standalone updater binary name (e.g. ClawtoolUpdate.exe).
+func UpdaterExe() string { return Display + "Update.exe" }
+
+// ShortcutName is the Start-menu/Desktop .lnk file name.
+func ShortcutName() string { return Display + ".lnk" }
diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
index 5213e74..5dcf7fb 100644
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ b/cmd/clawtool-installer/frontend/dist/index.html
@@ -11,30 +11,19 @@
          grows (App.EnterApp) into the full sidebar app. Flat, solid,
          SF/Segoe; one accent; hairline separators; no blur. */
       :root {
-        /* Dark-first: deep desaturated base, hairline borders, and one
-           coral→violet brand gradient as the single accent. */
-        --bg: #0e0f12; --panel: #17191e; --panel-2: #1e2127; --sidebar: #0a0b0d;
-        --fg: #f3f4f6; --secondary: #989aa4; --tertiary: #66686f;
-        --hair: rgba(255,255,255,0.07); --hair-strong: rgba(255,255,255,0.13);
-        --accent: #22b0dc; --accent-2: #1690c4;
-        --accent-grad: linear-gradient(135deg, #2ad2d6 0%, #1f8fd6 100%);
-        --accent-soft: rgba(34,176,220,0.14);
-        --green: #4ecb8a; --amber: #e8b765; --red: #ff6b6b;
-        --chip: rgba(255,255,255,0.06); --radius: 13px; --radius-sm: 9px;
-        --shadow: 0 1px 2px rgba(0,0,0,.34), 0 10px 30px rgba(0,0,0,.24);
-      }
-      @media (prefers-color-scheme: light) {
-        :root {
-          --bg: #f5f5f8; --panel: #ffffff; --panel-2: #f1f1f4; --sidebar: #ededf1;
-          --fg: #1b1c22; --secondary: #61636e; --tertiary: #9a9ca8;
-          --hair: rgba(0,0,0,0.09); --hair-strong: rgba(0,0,0,0.15);
-          --accent: #e8536b; --accent-2: #8b5cf6;
-          --accent-grad: linear-gradient(120deg, #ff6b81 0%, #9d5cff 100%);
-          --accent-soft: rgba(232,83,107,0.10);
-          --green: #1f9d57; --amber: #c98a2e; --red: #e0413a;
-          --chip: rgba(0,0,0,0.05);
-          --shadow: 0 1px 2px rgba(0,0,0,.06), 0 10px 30px rgba(0,0,0,.07);
-        }
+        /* Grounded in a well-regarded terminal's shipped default dark theme:
+           a calm #181818 base, opacity-layered neutral surfaces, hairline
+           borders, ONE cool accent used sparingly, no gradients. */
+        --bg: #181818; --panel: #181818; --panel-2: #202020; --sidebar: #151515;
+        --fg: #d8d8d8; --secondary: rgba(216,216,216,0.60); --tertiary: rgba(216,216,216,0.40);
+        --hair: rgba(216,216,216,0.10); --hair-strong: rgba(216,216,216,0.16);
+        --accent: #7cafc2; --accent-2: #6b9eb0; --accent-ink: #0e1417;
+        --accent-grad: var(--accent);
+        --accent-soft: rgba(124,175,194,0.14);
+        --green: #1ca05a; --amber: #c28000; --red: #bc362a;
+        --chip: rgba(216,216,216,0.06); --radius: 8px; --radius-sm: 4px;
+        --mono: "SF Mono","JetBrains Mono","Cascadia Code",ui-monospace,Menlo,Consolas,monospace;
+        --shadow: 0 12px 32px rgba(0,0,0,0.45);
       }
       * { box-sizing: border-box; margin: 0; padding: 0; }
       html, body { height: 100%; }
@@ -189,6 +178,65 @@
       #view-home > * { position: relative; z-index: 1; }
       .content::-webkit-scrollbar { width: 11px; }
       .content::-webkit-scrollbar-thumb { background: var(--hair-strong); border-radius: 8px; border: 3px solid transparent; background-clip: content-box; }
+
+      /* ── Custom stepped installer (Welcome → Installing → Done) ── */
+      .su-welcome, .su-installing, .su-done { flex-direction: column; }
+      .su-top { display: flex; align-items: center; justify-content: space-between; }
+      .su-mark { font-weight: 600; letter-spacing: -0.01em; font-size: 14px; color: var(--fg); }
+      .su-mark .dot { color: var(--accent); }
+      .su-badge { font: 500 11px var(--mono); color: var(--tertiary); border: 1px solid var(--hair); border-radius: 999px; padding: 3px 9px; }
+      .su-btn { font: 600 13px inherit; height: 34px; padding: 0 18px; border-radius: var(--radius-sm); border: 1px solid transparent; cursor: pointer; transition: background .14s, border-color .14s, color .14s; }
+      .su-btn-primary { background: var(--accent); color: var(--accent-ink); }
+      .su-btn-primary:hover { background: #8ab9ca; }
+      .su-btn-ghost { background: transparent; color: var(--secondary); border-color: var(--hair-strong); }
+      .su-btn-ghost:hover { color: var(--fg); border-color: var(--tertiary); }
+      .su-actions { display: flex; align-items: center; gap: 12px; }
+
+      /* Welcome */
+      .su-welcome { padding: 30px 32px; }
+      .su-hero { margin-top: auto; }
+      .su-welcome h1 { font-size: 26px; font-weight: 650; letter-spacing: -0.02em; color: var(--fg); }
+      .su-name { color: var(--accent); }
+      .su-lede { color: var(--secondary); margin-top: 8px; max-width: 380px; font-size: 13.5px; line-height: 1.5; }
+      .su-facts { display: flex; flex-direction: column; gap: 9px; margin-top: 20px; }
+      .su-fact { display: flex; gap: 10px; align-items: flex-start; color: var(--secondary); font-size: 12.5px; }
+      .su-fact svg { flex: none; margin-top: 2px; }
+      .su-fact b { color: var(--fg); font-weight: 550; }
+      .su-welcome .su-actions { margin-top: auto; padding-top: 24px; }
+      .su-loc { color: var(--tertiary); font: 500 11px var(--mono); margin-left: auto; }
+
+      /* Installing */
+      .su-installing { padding: 26px 28px 22px; }
+      .su-ihead { display: flex; align-items: baseline; justify-content: space-between; }
+      .su-ihead h2 { font-size: 16px; font-weight: 600; letter-spacing: -0.01em; color: var(--fg); }
+      .su-stepof { font: 500 11px var(--mono); color: var(--tertiary); }
+      .su-bar { margin: 14px 0 0; height: 3px; border-radius: 3px; background: var(--hair); overflow: hidden; }
+      .su-bar > i { display: block; height: 100%; width: 0%; background: var(--accent); border-radius: 3px; transition: width .45s cubic-bezier(.22,1,.36,1); }
+      .su-nowline { display: flex; justify-content: space-between; color: var(--secondary); font-size: 12px; margin-top: 8px; }
+      .su-nowline .su-pct { font: 500 12px var(--mono); color: var(--tertiary); }
+      .su-logwell { margin-top: 14px; flex: 1; min-height: 0; background: var(--panel-2); border: 1px solid var(--hair); border-radius: var(--radius-sm); overflow: hidden; display: flex; flex-direction: column; }
+      .su-lwhead { font: 500 10.5px var(--mono); color: var(--tertiary); letter-spacing: .05em; text-transform: uppercase; padding: 7px 12px; border-bottom: 1px solid var(--hair); }
+      .su-logfeed { flex: 1; overflow-y: auto; padding: 8px 12px 10px; font: 12px/1.65 var(--mono); }
+      .su-logfeed::-webkit-scrollbar { width: 8px; }
+      .su-logfeed::-webkit-scrollbar-thumb { background: var(--hair-strong); border-radius: 8px; }
+      .su-lline { display: flex; gap: 9px; }
+      .su-lline .t { color: var(--tertiary); flex: none; }
+      .su-lline .m { color: var(--secondary); white-space: pre-wrap; }
+      .su-lline.ok .m { color: var(--fg); }
+      .su-lline .tag { color: var(--accent); }
+      .su-lline .dim { color: var(--tertiary); }
+      .su-lline.warn .m { color: var(--amber); }
+      .su-lline.done .m { color: var(--green); }
+
+      /* Done */
+      .su-done { padding: 30px 32px; }
+      .su-dcenter { margin: auto 0; }
+      .su-check { width: 40px; height: 40px; border-radius: 999px; border: 1px solid var(--hair-strong); display: grid; place-items: center; margin-bottom: 16px; }
+      .su-done h1 { font-size: 23px; font-weight: 650; letter-spacing: -0.02em; color: var(--fg); }
+      .su-done p { color: var(--secondary); margin-top: 8px; max-width: 400px; font-size: 13px; line-height: 1.5; }
+      .su-done p b { color: var(--fg); font-weight: 550; }
+      .su-done code { font: 500 11.5px var(--mono); color: var(--fg); background: var(--panel-2); border: 1px solid var(--hair); border-radius: var(--radius-sm); padding: 2px 6px; }
+      .su-done .su-actions { margin-top: 26px; }
     </style>
   </head>
   <body>
@@ -208,13 +256,64 @@ <h1 id="initTitle">Initializing clawtool</h1>
       <div class="donenote" id="initDone" style="display:none"></div>
     </div>
 
-    <!-- PHASE: Setup (ClawtoolSetup self-install) ------------------->
-    <div class="phase splash" id="phase-setup">
-      <h1 id="setupTitle">Installing clawtool</h1>
-      <div class="status" id="setupSub">Setting up on this device…</div>
-      <div class="meter"><div class="trackbar"><div class="fill" id="setupFill"></div></div><div class="pct" id="setupPct">0%</div></div>
-      <ul class="log" id="setup-log"></ul>
-      <div class="donenote" id="setupDone" style="display:none"></div>
+    <!-- PHASE: Setup — Welcome (stepped custom installer) ----------->
+    <div class="phase su-welcome" id="phase-welcome">
+      <div class="su-top">
+        <span class="su-mark" data-brand-mark></span>
+        <span class="su-badge" id="w-ver"></span>
+      </div>
+      <div class="su-hero">
+        <h1>Install <span class="su-name" data-brand-name></span></h1>
+        <p class="su-lede" data-brand-tagline></p>
+        <div class="su-facts">
+          <div class="su-fact">
+            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 17l6-6-6-6"/><path d="M12 19h8"/></svg>
+            <span>The <b data-brand-cli></b> command, added to your <b>PATH</b>.</span>
+          </div>
+          <div class="su-fact">
+            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="3" y="4" width="18" height="14" rx="2"/><path d="M8 21h8"/></svg>
+            <span>A desktop app that runs in your tray as the gateway.</span>
+          </div>
+          <div class="su-fact">
+            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-6.2-8.5"/><path d="M21 4v5h-5"/></svg>
+            <span>Quiet self-updates — no admin prompts.</span>
+          </div>
+        </div>
+      </div>
+      <div class="su-actions">
+        <button class="su-btn su-btn-primary" id="w-install">Install</button>
+        <span class="su-loc" id="w-loc"></span>
+      </div>
+    </div>
+
+    <!-- PHASE: Setup — Installing ------------------------------------>
+    <div class="phase su-installing" id="phase-installing">
+      <div class="su-ihead"><h2>Installing</h2><span class="su-stepof">step 2 / 3</span></div>
+      <div class="su-bar"><i id="i-fill"></i></div>
+      <div class="su-nowline"><span id="i-now">Starting…</span><span class="su-pct" id="i-pct">0%</span></div>
+      <div class="su-logwell">
+        <div class="su-lwhead">install log</div>
+        <div class="su-logfeed" id="i-log"></div>
+      </div>
+    </div>
+
+    <!-- PHASE: Setup — Done ------------------------------------------>
+    <div class="phase su-done" id="phase-done">
+      <div class="su-top">
+        <span class="su-mark" data-brand-mark></span>
+        <span class="su-badge">installed</span>
+      </div>
+      <div class="su-dcenter">
+        <div class="su-check">
+          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="var(--green)" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><path d="M20 6L9 17l-5-5"/></svg>
+        </div>
+        <h1><span data-brand-name></span> is ready</h1>
+        <p>Installed to <code id="d-dir"></code>. Open a <b>new</b> terminal to use the <b data-brand-cli></b> command.</p>
+        <div class="su-actions">
+          <button class="su-btn su-btn-primary" id="d-open">Open <span data-brand-name></span></button>
+          <button class="su-btn su-btn-ghost" id="d-finish">Finish</button>
+        </div>
+      </div>
     </div>
 
     <!-- PHASE: App -------------------------------------------------->
@@ -343,48 +442,64 @@ <h1 class="vh">Updates</h1>
         call("Install");
       }
 
-      // ── Setup (ClawtoolSetup self-install) ──────────────────────
-      // The setup build embeds the payload (Clawtool.exe + clawtool.exe +
-      // updater). RunSetup lays it on disk, wires shortcuts/PATH, then
-      // launches the installed app. Steps stream as "setup:step" events;
-      // there's no fixed count, so progress eases toward 95% per step and
-      // snaps to 100% on completion.
-      let setupSteps = 0, setupPct = 0, setupFinished = false;
-      // Monotonic — Wails delivers events asynchronously, so a step can land
-      // after RunSetup resolved; never let progress run backwards.
-      function setSetupProgress(p) {
-        setupPct = Math.max(setupPct, Math.min(p, 100));
-        $("setupFill").style.width = setupPct + "%";
-        $("setupPct").textContent = setupPct + "%";
+      // ── Custom stepped installer (Welcome → Installing → Done) ──
+      // The setup build embeds the payload; RunSetup lays it on disk and
+      // streams "setup:step" events. User-driven: Welcome [Install] → live
+      // install log → Done [Open]. Product identity comes from App.Brand(),
+      // so the UI never hardcodes the name.
+      let BRAND = { name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" };
+      async function loadBrand() { const b = parse(await call("Brand"), null); if (b && b.name) BRAND = b; }
+      function applyBrand() {
+        document.querySelectorAll("[data-brand-name]").forEach((e) => (e.textContent = BRAND.name));
+        document.querySelectorAll("[data-brand-cli]").forEach((e) => (e.textContent = BRAND.cli));
+        document.querySelectorAll("[data-brand-tagline]").forEach((e) => (e.textContent = BRAND.tagline || ""));
+        document.querySelectorAll("[data-brand-mark]").forEach((e) => (e.innerHTML = esc(BRAND.name) + '<span class="dot">.</span>'));
+        if (BRAND.installDir) { $("w-loc").textContent = BRAND.installDir; $("d-dir").textContent = BRAND.installDir; }
+        if (BRAND.version) $("w-ver").textContent = "v" + BRAND.version;
+        document.title = BRAND.name;
       }
-      function addSetupStep(ev) {
-        if (setupFinished) return;
-        const ul = $("setup-log");
-        const li = document.createElement("li");
-        li.innerHTML = '<span class="g">' + CHECK + '</span><span class="lab">' + esc((ev && ev.label) || "") + "</span>" + (ev && ev.detail ? '<span class="msg">' + esc(ev.detail) + "</span>" : "");
-        ul.appendChild(li);
-        while (ul.children.length > 6) ul.removeChild(ul.firstChild);
-        if (ev && ev.label) $("setupSub").textContent = ev.label + "…";
-        setupSteps++;
-        setSetupProgress(Math.min(95, 10 + setupSteps * 14));
+
+      // Monotonic progress — Wails delivers events asynchronously, so a step
+      // can land after RunSetup resolved; never let progress run backwards.
+      let iPct = 0, setupFinished = false, stepN = 0;
+      function setIPct(p) { iPct = Math.max(iPct, Math.min(p, 100)); $("i-fill").style.width = iPct + "%"; $("i-pct").textContent = Math.round(iPct) + "%"; }
+      function clock() { const d = new Date(); return [d.getHours(), d.getMinutes(), d.getSeconds()].map((n) => String(n).padStart(2, "0")).join(":"); }
+      function logLine(html, cls) {
+        const feed = $("i-log");
+        const line = document.createElement("div");
+        line.className = "su-lline" + (cls ? " " + cls : "");
+        line.innerHTML = '<span class="t">' + clock() + '</span><span class="m">' + html + "</span>";
+        feed.appendChild(line); feed.scrollTop = feed.scrollHeight;
+      }
+      function onSetupStep(ev) {
+        if (setupFinished || !ev || !ev.label) return;
+        $("i-now").textContent = ev.label + "…";
+        logLine(esc(ev.label) + (ev.detail ? '  <span class="dim">' + esc(ev.detail) + "</span>" : ""), "ok");
+        stepN++; setIPct(8 + Math.min(88, stepN * 9));
       }
-      async function runSetup() {
-        showPhase("setup");
-        setSetupProgress(5);
-        if (window.runtime && window.runtime.EventsOn) window.runtime.EventsOn("setup:step", addSetupStep);
+      async function startInstall() {
+        showPhase("installing"); setIPct(4);
+        logLine('<span class="tag">setup</span>  beginning install of ' + esc(BRAND.name), "ok");
+        if (window.runtime && window.runtime.EventsOn) window.runtime.EventsOn("setup:step", onSetupStep);
         const r = parse(await call("RunSetup"), { ok: false });
         const ok = !!(r && r.ok);
-        setupFinished = true;
-        setSetupProgress(100);
-        $("setupTitle").textContent = ok ? "clawtool is installed" : "Install needs attention";
-        $("setupSub").textContent = ok ? "Opening clawtool…" : "Something didn't finish.";
-        const d = $("setupDone"); d.style.display = "block";
-        d.innerHTML = ok
-          ? "Installed to <code>" + esc((r && r.dir) || "") + "</code> — launching now. You can close this window."
-          : esc((r && r.error) || "Setup could not complete. Please try running the installer again.");
-        // The installed Clawtool.exe is already launching; close this
-        // bootstrap setup window so only the real app remains.
-        if (ok) setTimeout(() => call("Quit"), 1600);
+        setupFinished = true; setIPct(100);
+        if (ok) {
+          $("i-now").textContent = "Done";
+          logLine('<span class="tag">setup</span>  install complete', "done");
+          if (r.dir) $("d-dir").textContent = r.dir;
+          await sleep(550); showPhase("done");
+        } else {
+          $("i-now").textContent = "Failed";
+          logLine('<span class="tag">setup</span>  ' + esc((r && r.error) || "install failed"), "warn");
+        }
+      }
+      function setupWelcome() {
+        applyBrand();
+        $("w-install").onclick = startInstall;
+        $("d-open").onclick = async () => { await call("OpenInstalled"); setTimeout(() => call("Quit"), 600); };
+        $("d-finish").onclick = () => call("Quit");
+        showPhase("welcome");
       }
 
       // ── Network view ────────────────────────────────────────────
@@ -601,9 +716,9 @@ <h1 class="vh">Updates</h1>
       async function boot() {
         for (let i = 0; i < 40 && !app(); i++) await sleep(50);
         const mode = await call("Mode");
-        // Setup build: self-install the embedded payload, then launch the
-        // installed app — no update-check (this IS the fresh install).
-        if (mode === "setup") { return runSetup(); }
+        // Setup build: show the stepped custom installer (Welcome → Installing
+        // → Done). No update-check — this IS the fresh install.
+        if (mode === "setup") { await loadBrand(); return setupWelcome(); }
         showPhase("updater");
         $("upd-splash-status").textContent = "Checking for updates…";
         lastCheck = parse(await call("CheckUpdate"), null);
diff --git a/cmd/clawtool-installer/install/install.go b/cmd/clawtool-installer/install/install.go
index 400f661..b79cd34 100644
--- a/cmd/clawtool-installer/install/install.go
+++ b/cmd/clawtool-installer/install/install.go
@@ -1,15 +1,16 @@
-// Package setup performs a custom, NSIS-free install of clawtool on Windows.
+// Package install performs a custom, NSIS-free install on Windows.
 //
 // It mirrors exactly what the old NSIS wizard did — place the bundled
-// binaries under %LOCALAPPDATA%\Programs\Clawtool, create Start-menu +
+// binaries under %LOCALAPPDATA%\Programs\<Display>, create Start-menu +
 // Desktop shortcuts, add the install dir to the user PATH, and register an
 // Add/Remove-Programs entry with a working uninstaller — but driven by the
-// clawtool-setup app's modern UI instead of a classic Next/Next wizard.
+// setup app's modern, stepped UI instead of a classic Next/Next wizard.
 //
-// Windows OS integration (shortcuts, PATH, registry) is done via PowerShell
-// rather than COM/syscall: it's the dependency-free, well-trodden path and
-// keeps this package simple. Everything compiles on every OS; the Windows
-// branches no-op elsewhere (macOS ships a .dmg, not this installer).
+// All product names come from the brand package (single source of truth), so
+// a rename never touches this file. Windows OS integration (shortcuts, PATH,
+// registry) is done via PowerShell rather than COM/syscall: it's the
+// dependency-free, well-trodden path. Everything compiles on every OS; the
+// Windows branches no-op elsewhere (macOS ships a .dmg, not this installer).
 package install
 
 import (
@@ -20,20 +21,23 @@ import (
 	"path/filepath"
 	"runtime"
 	"strings"
-)
 
-const productName = "Clawtool"
+	"github.com/cogitave/clawtool/cmd/clawtool-installer/brand"
+)
 
 // PayloadBinaries are the files the setup app embeds and lays into the
 // install dir: the GUI app, the headless CLI/daemon, and the updater.
-var PayloadBinaries = []string{"Clawtool.exe", "clawtool.exe", "ClawtoolUpdate.exe"}
+func PayloadBinaries() []string {
+	return []string{brand.AppExe(), brand.CLIExe(), brand.UpdaterExe()}
+}
 
-// Progress reports one install step to the UI. detail is optional context.
+// Progress reports one install step to the UI. detail is optional context
+// (a path, a size, a short note) shown dimmed next to the label.
 type Progress func(label, detail string)
 
 func noop(string, string) {}
 
-// InstallDir returns %LOCALAPPDATA%\Programs\Clawtool — the per-user location
+// InstallDir returns %LOCALAPPDATA%\Programs\<Display> — the per-user location
 // the NSIS installer used, so `clawtool upgrade` keeps swapping in place with
 // no UAC prompt. On non-Windows it returns a sane per-user dir (unused in
 // practice; macOS ships a .dmg).
@@ -43,46 +47,50 @@ func InstallDir() string {
 		if base == "" {
 			base = filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Local")
 		}
-		return filepath.Join(base, "Programs", productName)
+		return filepath.Join(base, "Programs", brand.Display)
 	}
 	home, _ := os.UserHomeDir()
-	return filepath.Join(home, ".local", "share", strings.ToLower(productName))
+	return filepath.Join(home, ".local", "share", strings.ToLower(brand.Display))
 }
 
-// Install lays clawtool down from the embedded payload. Idempotent: a second
-// run overwrites the binaries and refreshes shortcuts / PATH / registry.
-// Returns the install dir.
+// Install lays the product down from the embedded payload. Idempotent: a
+// second run overwrites the binaries and refreshes shortcuts / PATH /
+// registry. Returns the install dir. It does NOT launch the app — the caller
+// (the Done step) decides when to open it.
 func Install(payload fs.FS, version string, progress Progress) (string, error) {
 	if progress == nil {
 		progress = noop
 	}
 	dir := InstallDir()
 
-	progress("Closing any running clawtool", "")
+	progress("Closing any running "+brand.CLI, "daemon stop · taskkill")
 	stopRunning(dir)
 
-	progress("Preparing "+dir, "")
+	progress("Preparing install directory", dir)
 	if err := os.MkdirAll(dir, 0o755); err != nil {
 		return dir, fmt.Errorf("create install dir: %w", err)
 	}
 
-	for _, name := range PayloadBinaries {
-		progress("Installing "+name, "")
-		if err := copyFromFS(payload, name, filepath.Join(dir, name)); err != nil {
+	for _, name := range PayloadBinaries() {
+		dst := filepath.Join(dir, name)
+		if err := copyFromFS(payload, name, dst); err != nil {
 			return dir, fmt.Errorf("write %s: %w", name, err)
 		}
+		// Emit once, after the write, with the on-disk size — the log shows
+		// "Writing clawtool.exe   31.2 MB".
+		progress("Writing "+name, humanSize(dst))
 	}
 
 	if runtime.GOOS == "windows" {
-		progress("Creating shortcuts", "")
+		progress("Creating shortcuts", "Start menu · Desktop")
 		if err := windowsShortcuts(dir); err != nil {
 			return dir, fmt.Errorf("shortcuts: %w", err)
 		}
-		progress("Adding clawtool to your PATH", "")
+		progress("Adding "+brand.CLI+" to PATH", "user environment")
 		if err := windowsAddToPath(dir); err != nil {
 			return dir, fmt.Errorf("PATH: %w", err)
 		}
-		progress("Registering uninstaller", "")
+		progress("Registering uninstaller", "Apps & features")
 		if err := windowsRegisterUninstall(dir, version); err != nil {
 			return dir, fmt.Errorf("register uninstaller: %w", err)
 		}
@@ -93,7 +101,7 @@ func Install(payload fs.FS, version string, progress Progress) (string, error) {
 // LaunchInstalled starts the freshly-installed app in installer mode (which
 // runs the one-time initialize flow), detached, so setup can exit.
 func LaunchInstalled() error {
-	cmd := exec.Command(filepath.Join(InstallDir(), "Clawtool.exe"), "--installer")
+	cmd := exec.Command(filepath.Join(InstallDir(), brand.AppExe()), "--installer")
 	return cmd.Start()
 }
 
@@ -105,30 +113,48 @@ func copyFromFS(src fs.FS, name, dst string) error {
 	return os.WriteFile(dst, data, 0o755)
 }
 
+// humanSize returns the file's size like "31.2 MB" (best-effort; "" on error).
+func humanSize(path string) string {
+	fi, err := os.Stat(path)
+	if err != nil {
+		return ""
+	}
+	const u = 1024.0
+	b := float64(fi.Size())
+	switch {
+	case b >= u*u:
+		return fmt.Sprintf("%.1f MB", b/(u*u))
+	case b >= u:
+		return fmt.Sprintf("%.0f KB", b/u)
+	default:
+		return fmt.Sprintf("%d B", fi.Size())
+	}
+}
+
 func stopRunning(dir string) {
 	if runtime.GOOS != "windows" {
 		return
 	}
 	// Best-effort: stop the daemon and kill running images so the .exe files
 	// aren't locked while we overwrite them.
-	_ = exec.Command(filepath.Join(dir, "clawtool.exe"), "daemon", "stop").Run()
-	for _, img := range PayloadBinaries {
+	_ = exec.Command(filepath.Join(dir, brand.CLIExe()), "daemon", "stop").Run()
+	for _, img := range PayloadBinaries() {
 		_ = exec.Command("taskkill", "/F", "/IM", img).Run()
 	}
 }
 
 // windowsShortcuts writes Start-menu + Desktop .lnk files via WScript.Shell.
 func windowsShortcuts(dir string) error {
-	target := filepath.Join(dir, "Clawtool.exe")
+	target := filepath.Join(dir, brand.AppExe())
 	ps := fmt.Sprintf(`
 $ws = New-Object -ComObject WScript.Shell
 foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) {
-  $lnk = $ws.CreateShortcut((Join-Path $d 'Clawtool.lnk'))
+  $lnk = $ws.CreateShortcut((Join-Path $d %q))
   $lnk.TargetPath = %q
   $lnk.WorkingDirectory = %q
   $lnk.IconLocation = %q
   $lnk.Save()
-}`, target, dir, target)
+}`, brand.ShortcutName(), target, dir, target)
 	return powershell(ps)
 }
 
@@ -148,18 +174,20 @@ if (-not ($p -split ';' | Where-Object { $_ -eq %q })) {
 // the registry key) that UninstallString points at — so uninstall works
 // without needing the app to handle a flag.
 func windowsRegisterUninstall(dir, version string) error {
-	key := `HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clawtool`
-	icon := filepath.Join(dir, "Clawtool.exe")
+	key := `HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\` + brand.Display
+	icon := filepath.Join(dir, brand.AppExe())
 	uninstallScript := filepath.Join(dir, "uninstall.ps1")
 
+	bins := "'" + strings.Join(PayloadBinaries(), "','") + "'"
 	script := fmt.Sprintf(`
-foreach ($img in 'Clawtool.exe','clawtool.exe','ClawtoolUpdate.exe') { taskkill /F /IM $img 2>$null }
+foreach ($img in %s) { taskkill /F /IM $img 2>$null }
 $p = ([Environment]::GetEnvironmentVariable('Path','User') -split ';' | Where-Object { $_ -and $_ -ne %q }) -join ';'
 [Environment]::SetEnvironmentVariable('Path', $p, 'User')
 $ws = New-Object -ComObject WScript.Shell
-foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) { Remove-Item (Join-Path $d 'Clawtool.lnk') -ErrorAction SilentlyContinue }
-Remove-Item -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clawtool' -Recurse -Force -ErrorAction SilentlyContinue
-Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue`, dir, dir)
+foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) { Remove-Item (Join-Path $d %q) -ErrorAction SilentlyContinue }
+Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue
+Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue`,
+		bins, dir, brand.ShortcutName(), key, dir)
 	if err := os.WriteFile(uninstallScript, []byte(script), 0o644); err != nil {
 		return err
 	}
@@ -167,15 +195,15 @@ Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue`, dir, dir)
 	uninstallCmd := fmt.Sprintf(`powershell -NoProfile -ExecutionPolicy Bypass -File "%s"`, uninstallScript)
 	reg := fmt.Sprintf(`
 New-Item -Path %q -Force | Out-Null
-Set-ItemProperty -Path %q -Name 'DisplayName' -Value 'Clawtool'
+Set-ItemProperty -Path %q -Name 'DisplayName' -Value %q
 Set-ItemProperty -Path %q -Name 'DisplayVersion' -Value %q
-Set-ItemProperty -Path %q -Name 'Publisher' -Value 'Cogitave'
+Set-ItemProperty -Path %q -Name 'Publisher' -Value %q
 Set-ItemProperty -Path %q -Name 'DisplayIcon' -Value %q
 Set-ItemProperty -Path %q -Name 'InstallLocation' -Value %q
 Set-ItemProperty -Path %q -Name 'UninstallString' -Value %q
 Set-ItemProperty -Path %q -Name 'NoModify' -Value 1 -Type DWord
 Set-ItemProperty -Path %q -Name 'NoRepair' -Value 1 -Type DWord`,
-		key, key, key, version, key, key, icon, key, dir, key, uninstallCmd, key, key)
+		key, key, brand.Display, key, version, key, brand.Publisher, key, icon, key, dir, key, uninstallCmd, key, key)
 	return powershell(reg)
 }
 
diff --git a/cmd/clawtool-installer/install/install_test.go b/cmd/clawtool-installer/install/install_test.go
index a14a50d..0714635 100644
--- a/cmd/clawtool-installer/install/install_test.go
+++ b/cmd/clawtool-installer/install/install_test.go
@@ -27,7 +27,7 @@ func TestCopyFromFS(t *testing.T) {
 
 func TestPayloadBinariesIncludesAll(t *testing.T) {
 	want := map[string]bool{"Clawtool.exe": false, "clawtool.exe": false, "ClawtoolUpdate.exe": false}
-	for _, b := range PayloadBinaries {
+	for _, b := range PayloadBinaries() {
 		want[b] = true
 	}
 	for name, found := range want {
diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index 46552be..0e66e54 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -72,7 +72,7 @@ func main() {
 		MaxWidth:         520,
 		MinHeight:        420,
 		MaxHeight:        420,
-		BackgroundColour: &options.RGBA{R: 255, G: 255, B: 255, A: 255},
+		BackgroundColour: &options.RGBA{R: 24, G: 24, B: 24, A: 255},
 		// Closing the window hides it — clawtool stays in the system
 		// tray as the running gateway. Quit from the tray menu.
 		HideWindowOnClose: true,
diff --git a/cmd/clawtool-installer/payload.go b/cmd/clawtool-installer/payload.go
index cdda7c3..3b08e59 100644
--- a/cmd/clawtool-installer/payload.go
+++ b/cmd/clawtool-installer/payload.go
@@ -3,6 +3,8 @@ package main
 import (
 	"embed"
 	"io/fs"
+
+	"github.com/cogitave/clawtool/cmd/clawtool-installer/brand"
 )
 
 // payloadFS holds the binaries the setup build lays down. CI fills ./payload
@@ -22,6 +24,6 @@ func payloadPresent() bool {
 	if err != nil {
 		return false
 	}
-	_, err = fs.Stat(root, "Clawtool.exe")
+	_, err = fs.Stat(root, brand.AppExe())
 	return err == nil
 }

From 494d82d5e760c7487fd049730e9ab4730b2d1369 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 01:38:40 +0300
Subject: [PATCH 07/86] feat(app): redesign the desktop app in the calm dark
 language

Apply the same grounded design to the app shell and Home/Network/Updates
views: drop the square logo mark for a plain wordmark, replace the
gradient brand/buttons, the card gradients, the drop shadows and the Home
glow with flat opacity-layered surfaces, hairline borders and the single
cool accent used sparingly. The wordmark and Home headline now read the
product name from App.Brand so nothing is hardcoded.
---
 .../frontend/dist/index.html                  | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
index 5dcf7fb..0bb824d 100644
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ b/cmd/clawtool-installer/frontend/dist/index.html
@@ -157,25 +157,23 @@
       .switch input:checked ~ .knob { transform: translateX(16px); }
       .switch.busy { opacity: .55; pointer-events: none; }
 
-      /* ── polish: gradient brand + accent, surface depth, warmth ── */
-      .brand { padding: 4px 8px 20px; gap: 11px; }
-      .brand .bmark { display: grid; place-items: center; width: 30px; height: 30px; border-radius: 9px; background: var(--accent-grad); box-shadow: 0 3px 12px rgba(34,176,220,.34); flex: none; }
-      .brand .bmark span { font-weight: 750; font-size: 17px; color: #fff; line-height: 1; }
-      .brand .name { font-size: 15px; font-weight: 650; letter-spacing: -0.01em; }
-      .btn.primary { background: var(--accent-grad); border: none; color: #fff; box-shadow: 0 2px 12px rgba(34,176,220,.26); }
-      .btn.primary:hover { filter: brightness(1.07); color: #fff; }
-      .navitem { border-radius: 9px; }
+      /* ── Warp-calm app: wordmark (no logo), flat layered surfaces,
+            hairline borders, one accent used sparingly, no gradients/glows. */
+      .brand { padding: 4px 8px 22px; gap: 11px; }
+      .brand .name { font-size: 15px; font-weight: 600; letter-spacing: -0.01em; color: var(--fg); }
+      .brand .name .dot { color: var(--accent); }
+      .btn.primary { background: var(--accent); border: 1px solid transparent; color: var(--accent-ink); box-shadow: none; }
+      .btn.primary:hover { background: #8ab9ca; color: var(--accent-ink); filter: none; }
+      .navitem { border-radius: var(--radius-sm); }
       .navitem.active { background: var(--accent-soft); color: var(--fg); box-shadow: none; }
       .navitem.active .ic { color: var(--accent); }
-      .navitem .badge-dot { background: var(--accent-2); }
-      .card, .tile, .xd, .note { box-shadow: var(--shadow); }
-      .card, .tile, .xd { background: linear-gradient(180deg, color-mix(in srgb, var(--panel) 96%, #fff) 0%, var(--panel) 58%); }
+      .navitem .badge-dot { background: var(--accent); }
+      .card, .tile, .xd, .note, .banner { box-shadow: none; background: var(--panel-2); }
       .tile { transition: border-color .15s; }
       .tile[data-view]:hover { border-color: var(--hair-strong); }
-      .keybox { background: rgba(0,0,0,.22); }
+      .input { background: var(--panel-2); }
+      .keybox { background: var(--panel-2); }
       #view-home { position: relative; }
-      #view-home::before { content: ""; position: absolute; top: -30px; left: -30px; width: 560px; height: 300px; background: radial-gradient(600px 300px at 12% 0%, rgba(34,176,220,.13), transparent 68%); pointer-events: none; z-index: 0; }
-      #view-home > * { position: relative; z-index: 1; }
       .content::-webkit-scrollbar { width: 11px; }
       .content::-webkit-scrollbar-thumb { background: var(--hair-strong); border-radius: 8px; border: 3px solid transparent; background-clip: content-box; }
 
@@ -320,8 +318,7 @@ <h1><span data-brand-name></span> is ready</h1>
     <div class="phase app" id="phase-app">
       <aside class="side">
         <div class="brand">
-          <div class="bmark"><span>c</span></div>
-          <div class="name">clawtool</div>
+          <div class="name" data-brand-mark>clawtool<span class="dot">.</span></div>
         </div>
         <nav>
           <button class="navitem active" data-view="home"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 11l9-8 9 8"/><path d="M5 10v10h14V10"/></svg><span>Home</span></button>
@@ -335,7 +332,7 @@ <h1><span data-brand-name></span> is ready</h1>
           <div class="hero">
             <span class="dot" id="home-dot"></span>
             <div>
-              <h1>clawtool is running</h1>
+              <h1><span data-brand-name>clawtool</span> is running</h1>
               <div class="host" id="home-host">This device is a gateway on your network</div>
             </div>
           </div>
@@ -704,6 +701,7 @@ <h1 class="vh">Updates</h1>
       let entered = false;
       async function enterApp() {
         if (entered) return; entered = true;
+        await loadBrand(); applyBrand();  // drive the wordmark + copy from App.Brand()
         await call("EnterApp");          // grow the window from splash to app
         showPhase("app");
         showReady();

From 3e12cb96bfac75ce07313d404515b4f85f19746b Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 01:57:21 +0300
Subject: [PATCH 08/86] ci: re-validate PR title on edit

The Conventional Commits check reads the PR title from the event payload;
the default pull_request types omit `edited`, so fixing a bad title never
re-ran the check (and a rerun only replays the stale payload). Subscribe
to `edited` so a corrected title re-validates.
---
 .github/workflows/ci.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8ef7d76..0e30025 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,11 @@ on:
   push:
     branches: [main]
   pull_request:
+    # Include `edited` so the Conventional Commits PR-title check re-validates
+    # when a title is fixed (default types omit it, leaving the check stuck red
+    # — a rerun just replays the stale event payload, so only a new event
+    # helps).
+    types: [opened, synchronize, reopened, edited]
     branches: [main]
 
 permissions:

From dfa84e8324f188f947e41c2472b2416e0ed96757 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 03:01:12 +0300
Subject: [PATCH 09/86] fix(setup): stop Clawtool.exe/clawtool.exe case
 collision dropping the app
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The GUI (Clawtool.exe) and headless CLI (clawtool.exe) differ only in case,
so staging both into one directory on the case-insensitive CI runner made
the CLI build clobber the app — the embedded payload ended up with only
clawtool.exe, no Clawtool.exe. payloadPresent() (case-sensitive embed lookup
for "Clawtool.exe") then returned false, so ClawtoolSetup.exe booted as the
app instead of the installer and skipped the whole flow.

Move the CLI into a bin/ subdir (payload/bin, install root/bin) so it never
shares a directory with the GUI; put bin/ on PATH so `clawtool` still
resolves; point locateClawtool at bin/; apply the same split to the macOS
.app embed. Add a regression test asserting no case collision in the layout.
---
 .github/workflows/installer.yml               | 15 +++--
 cmd/clawtool-installer/app.go                 | 12 ++--
 cmd/clawtool-installer/install/install.go     | 61 +++++++++++++------
 .../install/install_test.go                   | 20 +++++-
 4 files changed, 79 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index eee27c1..576dde8 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -110,11 +110,15 @@ jobs:
       - name: Stage payload — app + headless CLI + updater (Windows)
         if: runner.os == 'Windows'
         working-directory: ${{ github.workspace }}
+        # CLI goes under payload/bin/ — Clawtool.exe (app) and clawtool.exe
+        # (CLI) differ only in case, so they MUST NOT share a directory: on
+        # the case-insensitive runner the second write would clobber the
+        # first (this once dropped the app from the payload entirely).
         run: |
           $payload = "cmd/clawtool-installer/payload"
-          New-Item -ItemType Directory -Force -Path $payload | Out-Null
+          New-Item -ItemType Directory -Force -Path "$payload/bin" | Out-Null
           Copy-Item "cmd/clawtool-installer/build/bin/Clawtool.exe" "$payload/Clawtool.exe" -Force
-          go build -ldflags "-s -w" -o "$payload/clawtool.exe" ./cmd/clawtool
+          go build -ldflags "-s -w" -o "$payload/bin/clawtool.exe" ./cmd/clawtool
           go build -ldflags "-s -w" -o "$payload/ClawtoolUpdate.exe" ./cmd/clawtool-updater
         shell: pwsh
 
@@ -141,8 +145,11 @@ jobs:
           if [ -z "$app" ]; then echo "no .app produced"; exit 1; fi
           GOARCH=amd64 go build -ldflags "-s -w" -o /tmp/clawtool-amd64 ./cmd/clawtool
           GOARCH=arm64 go build -ldflags "-s -w" -o /tmp/clawtool-arm64 ./cmd/clawtool
-          lipo -create -output "$app/Contents/MacOS/clawtool" /tmp/clawtool-amd64 /tmp/clawtool-arm64
-          echo "embedded universal clawtool at $app/Contents/MacOS/clawtool"
+          # CLI under MacOS/bin/ — the GUI binary and the headless CLI would
+          # otherwise case-collide in Contents/MacOS on case-insensitive macOS.
+          mkdir -p "$app/Contents/MacOS/bin"
+          lipo -create -output "$app/Contents/MacOS/bin/clawtool" /tmp/clawtool-amd64 /tmp/clawtool-arm64
+          echo "embedded universal clawtool at $app/Contents/MacOS/bin/clawtool"
           # Standalone updater alongside it (the app hands off to this to
           # swap binaries it can't overwrite while running, then relaunch).
           GOARCH=amd64 go build -ldflags "-s -w" -o /tmp/upd-amd64 ./cmd/clawtool-updater
diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 38ecc1b..f64161e 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -759,17 +759,19 @@ func parseStepLine(line string) (stepEvent, bool) {
 	return stepEvent{Level: level, Label: label, Message: message, Raw: trimmed}, true
 }
 
-// locateClawtool finds the clawtool binary to drive: first next to the
-// installer executable (the .exe / .app ships them side-by-side), then
-// on PATH.
+// locateClawtool finds the clawtool binary to drive: first in the bin/ subdir
+// beside the GUI (the .exe / .app ship the CLI there so it doesn't case-collide
+// with the GUI exe — Clawtool.exe vs clawtool.exe), then on PATH.
 func locateClawtool() (string, error) {
 	name := "clawtool"
 	if runtime.GOOS == "windows" {
 		name = "clawtool.exe"
 	}
 	if self, err := os.Executable(); err == nil {
-		cand := filepath.Join(filepath.Dir(self), name)
-		if _, statErr := os.Stat(cand); statErr == nil {
+		// bin/ only — NOT Dir(self)/clawtool.exe, which on a case-insensitive
+		// FS resolves to the GUI (Clawtool.exe) sitting in the root.
+		cand := filepath.Join(filepath.Dir(self), install.CLISubdir, name)
+		if fi, statErr := os.Stat(cand); statErr == nil && !fi.IsDir() {
 			return cand, nil
 		}
 	}
diff --git a/cmd/clawtool-installer/install/install.go b/cmd/clawtool-installer/install/install.go
index b79cd34..cd4a76e 100644
--- a/cmd/clawtool-installer/install/install.go
+++ b/cmd/clawtool-installer/install/install.go
@@ -2,10 +2,16 @@
 //
 // It mirrors exactly what the old NSIS wizard did — place the bundled
 // binaries under %LOCALAPPDATA%\Programs\<Display>, create Start-menu +
-// Desktop shortcuts, add the install dir to the user PATH, and register an
+// Desktop shortcuts, add the CLI to the user PATH, and register an
 // Add/Remove-Programs entry with a working uninstaller — but driven by the
 // setup app's modern, stepped UI instead of a classic Next/Next wizard.
 //
+// Layout note: the GUI (Clawtool.exe) and the headless CLI (clawtool.exe)
+// differ only in case, so they CANNOT share a directory on a case-insensitive
+// filesystem (Windows NTFS, default macOS) — one would clobber the other. The
+// CLI therefore lives in a bin/ subdir; the GUI + updater sit in the root, and
+// bin/ goes on PATH so `clawtool` still resolves as a terminal command.
+//
 // All product names come from the brand package (single source of truth), so
 // a rename never touches this file. Windows OS integration (shortcuts, PATH,
 // registry) is done via PowerShell rather than COM/syscall: it's the
@@ -25,9 +31,20 @@ import (
 	"github.com/cogitave/clawtool/cmd/clawtool-installer/brand"
 )
 
-// PayloadBinaries are the files the setup app embeds and lays into the
-// install dir: the GUI app, the headless CLI/daemon, and the updater.
+// CLISubdir is where the headless CLI lives, relative to the install root —
+// kept out of the root so it doesn't case-collide with the GUI exe.
+const CLISubdir = "bin"
+
+// PayloadBinaries are the payload entries (forward-slash, embed-relative) laid
+// into the install dir, preserving structure: the GUI + updater in the root,
+// the CLI under bin/.
 func PayloadBinaries() []string {
+	return []string{brand.AppExe(), brand.UpdaterExe(), CLISubdir + "/" + brand.CLIExe()}
+}
+
+// imageNames are the running process image names to stop before overwriting
+// (base names; taskkill matches on image name regardless of path).
+func imageNames() []string {
 	return []string{brand.AppExe(), brand.CLIExe(), brand.UpdaterExe()}
 }
 
@@ -53,6 +70,9 @@ func InstallDir() string {
 	return filepath.Join(home, ".local", "share", strings.ToLower(brand.Display))
 }
 
+// CLIDir is the directory the headless CLI is installed into (root\bin).
+func CLIDir(installDir string) string { return filepath.Join(installDir, CLISubdir) }
+
 // Install lays the product down from the embedded payload. Idempotent: a
 // second run overwrites the binaries and refreshes shortcuts / PATH /
 // registry. Returns the install dir. It does NOT launch the app — the caller
@@ -67,18 +87,19 @@ func Install(payload fs.FS, version string, progress Progress) (string, error) {
 	stopRunning(dir)
 
 	progress("Preparing install directory", dir)
-	if err := os.MkdirAll(dir, 0o755); err != nil {
+	if err := os.MkdirAll(CLIDir(dir), 0o755); err != nil {
 		return dir, fmt.Errorf("create install dir: %w", err)
 	}
 
-	for _, name := range PayloadBinaries() {
-		dst := filepath.Join(dir, name)
-		if err := copyFromFS(payload, name, dst); err != nil {
-			return dir, fmt.Errorf("write %s: %w", name, err)
+	for _, rel := range PayloadBinaries() {
+		dst := filepath.Join(dir, filepath.FromSlash(rel))
+		if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
+			return dir, fmt.Errorf("mkdir for %s: %w", rel, err)
+		}
+		if err := copyFromFS(payload, rel, dst); err != nil {
+			return dir, fmt.Errorf("write %s: %w", rel, err)
 		}
-		// Emit once, after the write, with the on-disk size — the log shows
-		// "Writing clawtool.exe   31.2 MB".
-		progress("Writing "+name, humanSize(dst))
+		progress("Writing "+filepath.Base(dst), humanSize(dst))
 	}
 
 	if runtime.GOOS == "windows" {
@@ -87,7 +108,7 @@ func Install(payload fs.FS, version string, progress Progress) (string, error) {
 			return dir, fmt.Errorf("shortcuts: %w", err)
 		}
 		progress("Adding "+brand.CLI+" to PATH", "user environment")
-		if err := windowsAddToPath(dir); err != nil {
+		if err := windowsAddToPath(CLIDir(dir)); err != nil {
 			return dir, fmt.Errorf("PATH: %w", err)
 		}
 		progress("Registering uninstaller", "Apps & features")
@@ -137,8 +158,8 @@ func stopRunning(dir string) {
 	}
 	// Best-effort: stop the daemon and kill running images so the .exe files
 	// aren't locked while we overwrite them.
-	_ = exec.Command(filepath.Join(dir, brand.CLIExe()), "daemon", "stop").Run()
-	for _, img := range PayloadBinaries() {
+	_ = exec.Command(filepath.Join(CLIDir(dir), brand.CLIExe()), "daemon", "stop").Run()
+	for _, img := range imageNames() {
 		_ = exec.Command("taskkill", "/F", "/IM", img).Run()
 	}
 }
@@ -158,14 +179,15 @@ foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop')))
 	return powershell(ps)
 }
 
-// windowsAddToPath appends the install dir to the user PATH (idempotent).
-func windowsAddToPath(dir string) error {
+// windowsAddToPath appends the given dir (the CLI's bin/) to the user PATH
+// (idempotent).
+func windowsAddToPath(binDir string) error {
 	ps := fmt.Sprintf(`
 $p = [Environment]::GetEnvironmentVariable('Path','User')
 if (-not ($p -split ';' | Where-Object { $_ -eq %q })) {
   if ($p -and -not $p.EndsWith(';')) { $p += ';' }
   [Environment]::SetEnvironmentVariable('Path', $p + %q, 'User')
-}`, dir, dir)
+}`, binDir, binDir)
 	return powershell(ps)
 }
 
@@ -177,8 +199,9 @@ func windowsRegisterUninstall(dir, version string) error {
 	key := `HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\` + brand.Display
 	icon := filepath.Join(dir, brand.AppExe())
 	uninstallScript := filepath.Join(dir, "uninstall.ps1")
+	binDir := CLIDir(dir)
 
-	bins := "'" + strings.Join(PayloadBinaries(), "','") + "'"
+	imgs := "'" + strings.Join(imageNames(), "','") + "'"
 	script := fmt.Sprintf(`
 foreach ($img in %s) { taskkill /F /IM $img 2>$null }
 $p = ([Environment]::GetEnvironmentVariable('Path','User') -split ';' | Where-Object { $_ -and $_ -ne %q }) -join ';'
@@ -187,7 +210,7 @@ $ws = New-Object -ComObject WScript.Shell
 foreach ($d in @($ws.SpecialFolders('Programs'), $ws.SpecialFolders('Desktop'))) { Remove-Item (Join-Path $d %q) -ErrorAction SilentlyContinue }
 Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue
 Remove-Item -Path %q -Recurse -Force -ErrorAction SilentlyContinue`,
-		bins, dir, brand.ShortcutName(), key, dir)
+		imgs, binDir, brand.ShortcutName(), key, dir)
 	if err := os.WriteFile(uninstallScript, []byte(script), 0o644); err != nil {
 		return err
 	}
diff --git a/cmd/clawtool-installer/install/install_test.go b/cmd/clawtool-installer/install/install_test.go
index 0714635..7c240bc 100644
--- a/cmd/clawtool-installer/install/install_test.go
+++ b/cmd/clawtool-installer/install/install_test.go
@@ -3,6 +3,7 @@ package install
 import (
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 	"testing/fstest"
 )
@@ -26,7 +27,8 @@ func TestCopyFromFS(t *testing.T) {
 }
 
 func TestPayloadBinariesIncludesAll(t *testing.T) {
-	want := map[string]bool{"Clawtool.exe": false, "clawtool.exe": false, "ClawtoolUpdate.exe": false}
+	// CLI lives under bin/ so it doesn't case-collide with the GUI exe.
+	want := map[string]bool{"Clawtool.exe": false, "bin/clawtool.exe": false, "ClawtoolUpdate.exe": false}
 	for _, b := range PayloadBinaries() {
 		want[b] = true
 	}
@@ -36,3 +38,19 @@ func TestPayloadBinariesIncludesAll(t *testing.T) {
 		}
 	}
 }
+
+func TestNoCaseCollisionInInstallLayout(t *testing.T) {
+	// The GUI (Clawtool.exe) and CLI (clawtool.exe) must never land in the
+	// same directory — they collide on a case-insensitive filesystem. Verify
+	// each install destination dir holds at most one spelling of "clawtool*".
+	dir := InstallDir()
+	seen := map[string]string{} // dir + lowercased-base -> original rel
+	for _, rel := range PayloadBinaries() {
+		dst := filepath.Join(dir, filepath.FromSlash(rel))
+		k := filepath.Dir(dst) + "\x00" + strings.ToLower(filepath.Base(dst))
+		if prev, ok := seen[k]; ok {
+			t.Fatalf("case collision: %q and %q resolve to the same path on a case-insensitive FS", prev, rel)
+		}
+		seen[k] = rel
+	}
+}

From c6e53c13b80850fe927844e506a3acc2104f6a21 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 03:26:43 +0300
Subject: [PATCH 10/86] feat(app): non-card YC-grade redesign of the app views

Rework Home/Network/Updates away from bordered cards toward structure
from whitespace + hairline dividers + type hierarchy, grounded in modern
dev-tool UIs (Linear/Raycast/Warp). Home becomes a status hero + inline
metric strip + hairline agent rows; Network shows agents as rows and the
cross-device + LAN controls as a plain grouped section; Updates is a
hairline key/value list. Slim sidebar with an accent-bar active indicator
and a live status dot. Lays out within the default 980x660 (and the 820x560
minimum) without overflow.
---
 .../frontend/dist/index.html                  | 132 ++++++++++++++----
 1 file changed, 106 insertions(+), 26 deletions(-)

diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
index 0bb824d..619b931 100644
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ b/cmd/clawtool-installer/frontend/dist/index.html
@@ -235,6 +235,76 @@
       .su-done p b { color: var(--fg); font-weight: 550; }
       .su-done code { font: 500 11.5px var(--mono); color: var(--fg); background: var(--panel-2); border: 1px solid var(--hair); border-radius: var(--radius-sm); padding: 2px 6px; }
       .su-done .su-actions { margin-top: 26px; }
+
+      /* ── App, non-card (YC-grade): status hero + metric strip + list
+            rows + slim sidebar. Structure from whitespace + hairlines +
+            type hierarchy, not bordered boxes. ── */
+      .side { background: var(--sidebar); border-right: 1px solid var(--hair); padding: 18px 12px 12px; }
+      .navitem { color: var(--secondary); }
+      .navitem.active { background: transparent; color: var(--fg); }
+      .navitem.active::before { content: ""; position: absolute; left: -12px; top: 7px; bottom: 7px; width: 2px; border-radius: 2px; background: var(--accent); }
+      .navitem { position: relative; }
+      .navitem.active .ic { color: var(--accent); }
+      .side .foot { display: flex; align-items: center; gap: 7px; }
+      .side .foot::before { content: ""; width: 6px; height: 6px; border-radius: 50%; background: var(--green); flex: none; }
+      .view { padding: 30px 36px; }
+
+      .hm-status { display: flex; align-items: center; gap: 13px; }
+      .hm-pulse { width: 11px; height: 11px; border-radius: 50%; background: var(--green); position: relative; flex: none; }
+      .hm-pulse::after { content: ""; position: absolute; inset: -5px; border-radius: 50%; border: 1px solid var(--green); opacity: .35; }
+      .hm-pulse.off { background: var(--tertiary); }
+      .hm-pulse.off::after { display: none; }
+      .hm-sttxt h1 { font-size: 24px; font-weight: 600; letter-spacing: -0.02em; color: var(--fg); }
+      .hm-sub { color: var(--secondary); font-size: 13px; margin-top: 2px; }
+
+      .hm-metrics { display: flex; margin: 28px 0 4px; }
+      .hm-metric { padding-right: 34px; margin-right: 34px; border-right: 1px solid var(--hair); }
+      .hm-metric:last-child { border-right: none; }
+      .hm-metric .n { font-size: 30px; font-weight: 600; letter-spacing: -0.025em; font-variant-numeric: tabular-nums; line-height: 1.05; }
+      .hm-metric .l { font-size: 11.5px; color: var(--secondary); margin-top: 6px; }
+
+      .hm-sec { display: flex; align-items: baseline; justify-content: space-between; margin: 34px 0 2px; }
+      .hm-sec h2 { font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: .07em; color: var(--secondary); }
+      .hm-link, .hm-ghost { background: none; border: none; cursor: pointer; font: inherit; color: var(--accent); font-size: 12px; padding: 0; }
+      .hm-ghost { color: var(--secondary); font-size: 12.5px; }
+      .hm-ghost:hover { color: var(--accent); }
+      .hm-foot { margin-top: auto; padding-top: 18px; color: var(--tertiary); font-size: 12px; display: flex; align-items: center; justify-content: space-between; }
+
+      /* Agent list rows (shared: Home teaser + Network) */
+      .agent-list { margin-top: 2px; }
+      .agent-row { display: flex; align-items: center; gap: 12px; padding: 11px 6px; border-bottom: 1px solid var(--hair); }
+      .agent-row:hover { background: rgba(216,216,216,0.025); }
+      .agent-row .av { width: 26px; height: 26px; border-radius: 7px; background: var(--accent-soft); color: var(--accent); display: grid; place-items: center; font: 600 11px var(--mono); flex: none; text-transform: uppercase; }
+      .agent-row .ar-nm { font-weight: 550; font-size: 13px; }
+      .agent-row .ar-meta { color: var(--secondary); font-size: 12px; margin-top: 1px; }
+      .agent-row .ar-st { margin-left: auto; display: flex; align-items: center; gap: 7px; font-size: 12px; color: var(--secondary); white-space: nowrap; }
+      .agent-row .ar-st .d { width: 7px; height: 7px; border-radius: 50%; background: var(--green); flex: none; }
+      .agent-row .ar-st.busy .d { background: var(--amber); }
+      .agent-row .ar-st.off .d { background: var(--tertiary); }
+      .hm-empty { color: var(--secondary); font-size: 13px; padding: 14px 6px; border-bottom: 1px solid var(--hair); }
+      .hm-empty code { background: var(--chip); padding: 1px 5px; border-radius: 4px; font: 12px var(--mono); }
+
+      /* Network + Updates: de-card. Section headers + hairline rows +
+         plain grouped sections; peers stay a soft flat surface (distinct
+         devices), but no bordered boxes. */
+      .vh { font-size: 22px; font-weight: 600; letter-spacing: -0.02em; color: var(--fg); }
+      .lead { color: var(--secondary); font-size: 13px; }
+      h2.section { margin: 30px 0 6px 0; }
+      #local { margin-top: 6px !important; }
+      .kv .row { padding: 10px 6px; }
+      .row .k { color: var(--secondary); }
+      /* cross-device → a plain section, not a card */
+      .xd { border: none !important; background: transparent !important; padding: 0 !important; box-shadow: none; max-width: 560px; }
+      .xd .head .t { font-size: 14px; font-weight: 600; }
+      .xd .desc { font-size: 12.5px; }
+      .keybox { background: var(--panel-2); border: 1px solid var(--hair); }
+      .switchrow { border-top: 1px solid var(--hair); }
+      /* peers → soft flat surfaces (no border box) */
+      .card { border: none; background: var(--panel-2); box-shadow: none; }
+      .note { border: none; background: var(--panel-2); box-shadow: none; }
+      .banner { border: none; background: var(--panel-2); box-shadow: none; }
+      .btn { background: var(--panel-2); border-color: var(--hair); }
+      .btn:hover { border-color: var(--accent); color: var(--accent); }
     </style>
   </head>
   <body>
@@ -329,24 +399,24 @@ <h1><span data-brand-name></span> is ready</h1>
       </aside>
       <main class="content">
         <section class="view active" id="view-home">
-          <div class="hero">
-            <span class="dot" id="home-dot"></span>
-            <div>
-              <h1><span data-brand-name>clawtool</span> is running</h1>
-              <div class="host" id="home-host">This device is a gateway on your network</div>
+          <div class="hm-status">
+            <span class="hm-pulse" id="home-dot"></span>
+            <div class="hm-sttxt">
+              <h1 id="home-title"><span data-brand-name>clawtool</span> is running</h1>
+              <div class="hm-sub" id="home-host">This device is a gateway on your network</div>
             </div>
           </div>
-          <div class="tiles">
-            <div class="tile"><div class="n" id="stat-agents">—</div><div class="l">Local agents</div></div>
-            <div class="tile"><div class="n" id="stat-peers">—</div><div class="l">LAN peers</div></div>
-            <div class="tile" data-view="network" style="cursor:pointer"><div class="n small" id="stat-xd">—</div><div class="l"><span class="mini off" id="xd-mini"></span>Cross-device</div></div>
+          <div class="hm-metrics">
+            <div class="hm-metric"><div class="n" id="stat-agents">—</div><div class="l">Local agents</div></div>
+            <div class="hm-metric"><div class="n" id="stat-peers">—</div><div class="l">LAN peers</div></div>
+            <div class="hm-metric" data-view="network" style="cursor:pointer"><div class="n" id="stat-xd">—</div><div class="l">Cross-device</div></div>
           </div>
-          <h2 class="section">Quick actions</h2>
-          <div class="actions">
-            <button class="btn" data-view="network">View network</button>
-            <button class="btn" data-view="updates">Check for updates</button>
+          <div class="hm-sec"><h2>Agents on this device</h2><button class="hm-link" data-view="network">Network &rarr;</button></div>
+          <div class="hm-list" id="home-agents"></div>
+          <div class="hm-foot">
+            <span>Closing the window keeps <span data-brand-name>clawtool</span> running in the menu bar.</span>
+            <button class="hm-ghost" data-view="updates">Check for updates</button>
           </div>
-          <div class="lead" style="margin-top:24px">Closing the window keeps clawtool running in the menu bar.</div>
         </section>
         <section class="view" id="view-network">
           <div class="banner" id="net-banner"></div>
@@ -360,15 +430,15 @@ <h2 class="section">Network <span id="peer-count" style="text-transform:none;let
         </section>
         <section class="view" id="view-updates">
           <h1 class="vh">Updates</h1>
-          <div class="lead">clawtool checks for a new version each time it launches.</div>
-          <div class="card" style="margin-top:16px;max-width:520px">
+          <div class="lead"><span data-brand-name>clawtool</span> checks for a new version each time it launches.</div>
+          <div class="kv" style="margin-top:18px;max-width:540px">
             <div class="row"><span class="k">Installed</span><span id="upd-current">—</span></div>
             <div class="row"><span class="k">Latest</span><span id="upd-latest">—</span></div>
             <div class="row"><span class="k">Status</span><span id="upd-status">checking…</span></div>
-            <div style="display:flex;gap:10px;margin-top:14px">
-              <button class="btn" id="upd-check">Check now</button>
-              <button class="btn primary" id="upd-install" disabled>Install update</button>
-            </div>
+          </div>
+          <div style="display:flex;gap:12px;margin-top:18px">
+            <button class="btn" id="upd-check">Check now</button>
+            <button class="btn primary" id="upd-install" disabled>Install update</button>
           </div>
         </section>
       </main>
@@ -510,8 +580,13 @@ <h1 class="vh">Updates</h1>
         const s = Math.max(0, Math.round((Date.now() - t) / 1000));
         if (s < 5) return "just now"; if (s < 60) return s + "s ago"; if (s < 3600) return Math.floor(s/60) + "m ago"; return Math.floor(s/3600) + "h ago"; }
       function agentRow(a) {
-        const cls = a.callable ? "ok" : (a.status === "disabled" ? "off" : "busy");
-        return '<div class="agent"><span class="badge ' + cls + '">' + esc(a.status || (a.callable ? "callable" : "?")) + '</span><span class="name">' + esc(a.instance) + '</span><span class="fam">' + esc(a.family) + (a.bridge ? " · " + esc(a.bridge) : "") + "</span></div>";
+        const dis = a.status === "disabled";
+        const stcls = dis ? "off" : (a.callable ? "" : "busy");
+        const sttext = a.status || (a.callable ? "callable" : "—");
+        const mono = esc((a.instance || "?").slice(0, 2));
+        return '<div class="agent-row"><span class="av">' + mono + '</span><div class="ar-txt"><div class="ar-nm">' + esc(a.instance) +
+          '</div><div class="ar-meta">' + esc(a.family) + (a.bridge ? " · " + esc(a.bridge) : "") + '</div></div>' +
+          '<span class="ar-st ' + stcls + '"><span class="d"></span>' + esc(sttext) + "</span></div>";
       }
       function cssEsc(s) { return String(s).replace(/["\\]/g, "\\$&"); }
       async function loadNetwork() {
@@ -527,8 +602,8 @@ <h1 class="vh">Updates</h1>
         banner.className = "banner";
         const agents = (snap.agents && snap.agents.agents) || [];
         $("local").innerHTML = agents.length
-          ? '<div class="card"><div class="title">This machine</div><div class="sub">' + agents.length + " agent" + (agents.length === 1 ? "" : "s") + '</div><div class="agents">' + agents.map(agentRow).join("") + "</div></div>"
-          : '<div class="note">No agents configured here yet. Run <code>clawtool onboard</code> to add one.</div>';
+          ? '<div class="agent-list">' + agents.map(agentRow).join("") + "</div>"
+          : '<div class="hm-empty">No agents here yet — run <code>' + esc(BRAND.cli) + ' onboard</code> to connect one.</div>';
         const peers = (snap.peers && snap.peers.peers) || [];
         $("peer-count").textContent = peers.length ? "(" + peers.length + ")" : "";
         const pe = $("peers");
@@ -681,10 +756,15 @@ <h1 class="vh">Updates</h1>
         const snap = parse(await call("NetworkSnapshot"), { ok: false });
         const ok = !!(snap && snap.ok);
         $("home-dot").classList.toggle("off", !ok);
-        $("home-host").textContent = ok ? "This device is a gateway on your network" : "Starting the local gateway…";
+        $("home-title").innerHTML = ok ? '<span data-brand-name>' + esc(BRAND.name) + "</span> is running" : "Starting the gateway…";
+        $("home-host").textContent = ok ? "This device is reachable as a " + BRAND.name + " gateway." : "Bringing the local gateway online…";
         if (!ok) call("EnsureGateway");
-        $("stat-agents").textContent = ok && snap.agents && snap.agents.count != null ? snap.agents.count : "0";
+        const agents = (ok && snap.agents && snap.agents.agents) || [];
+        $("stat-agents").textContent = ok && snap.agents && snap.agents.count != null ? snap.agents.count : agents.length;
         $("stat-peers").textContent = ok && snap.peers && snap.peers.count != null ? snap.peers.count : "0";
+        $("home-agents").innerHTML = agents.length
+          ? agents.map(agentRow).join("")
+          : '<div class="hm-empty">No agents here yet — run <code>' + esc(BRAND.cli) + ' onboard</code> to connect one.</div>';
         const st = parse(await call("CircleStatus"), { ok: false });
         circleState = (st && st.ok) ? st : { has_key: false, key: "" };
         refreshXdStat();

From e14aba2a580d5235565587e85e32477aeaa4dad7 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 03:28:05 +0300
Subject: [PATCH 11/86] fix(setup): let file handles release before overwrite
 on upgrade

Add a short settle delay after taskkill in stopRunning so an
upgrade-over-running install doesn't hit a file lock when overwriting the
binaries the old app/tray/daemon just held open (mirrors the old NSIS
Sleep). The old app, tray and daemon are stopped before install; the Done
step relaunches the freshly-installed app.
---
 cmd/clawtool-installer/install/install.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cmd/clawtool-installer/install/install.go b/cmd/clawtool-installer/install/install.go
index cd4a76e..2d35c89 100644
--- a/cmd/clawtool-installer/install/install.go
+++ b/cmd/clawtool-installer/install/install.go
@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"runtime"
 	"strings"
+	"time"
 
 	"github.com/cogitave/clawtool/cmd/clawtool-installer/brand"
 )
@@ -156,12 +157,16 @@ func stopRunning(dir string) {
 	if runtime.GOOS != "windows" {
 		return
 	}
-	// Best-effort: stop the daemon and kill running images so the .exe files
-	// aren't locked while we overwrite them.
+	// Best-effort: stop the daemon and kill running images (app, tray, CLI,
+	// updater) so the .exe files aren't locked while we overwrite them.
 	_ = exec.Command(filepath.Join(CLIDir(dir), brand.CLIExe()), "daemon", "stop").Run()
 	for _, img := range imageNames() {
 		_ = exec.Command("taskkill", "/F", "/IM", img).Run()
 	}
+	// taskkill returns before the OS has fully released the file handles;
+	// give them a moment so the subsequent overwrite doesn't hit a lock
+	// ("file in use") on an upgrade-over-running install.
+	time.Sleep(700 * time.Millisecond)
 }
 
 // windowsShortcuts writes Start-menu + Desktop .lnk files via WScript.Shell.

From c54206d89fe0da8e0ecadd5a6a668f6e6ad331f4 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 03:33:30 +0300
Subject: [PATCH 12/86] feat(app): brand the first-launch splash (interim,
 pre-refactor)

---
 .../frontend/dist/index.html                  | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
index 619b931..36265fd 100644
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ b/cmd/clawtool-installer/frontend/dist/index.html
@@ -305,6 +305,12 @@
       .banner { border: none; background: var(--panel-2); box-shadow: none; }
       .btn { background: var(--panel-2); border-color: var(--hair); }
       .btn:hover { border-color: var(--accent); color: var(--accent); }
+
+      /* First-launch splash branding */
+      .init-mark { display: flex; align-items: center; justify-content: space-between; width: 100%; max-width: 440px; margin-bottom: 20px; }
+      .init-mark > span:first-child { font-weight: 600; font-size: 14px; color: var(--fg); }
+      .init-mark .dot { color: var(--accent); }
+      #phase-init h1 { font-size: 22px; font-weight: 600; letter-spacing: -0.02em; }
     </style>
   </head>
   <body>
@@ -315,10 +321,11 @@ <h1 class="wordmark">clawtool</h1>
       <div class="status" id="upd-splash-status">Checking for updates…</div>
     </div>
 
-    <!-- PHASE: Initializing (first run) ----------------------------->
+    <!-- PHASE: Initializing / first launch -------------------------->
     <div class="phase splash" id="phase-init">
-      <h1 id="initTitle">Initializing clawtool</h1>
-      <div class="status" id="initSub">Setting this device up as a gateway…</div>
+      <div class="init-mark"><span data-brand-mark>clawtool<span class="dot">.</span></span><span class="su-badge">first launch</span></div>
+      <h1 id="initTitle">Setting up clawtool</h1>
+      <div class="status" id="initSub">Bringing your gateway online…</div>
       <div class="meter"><div class="trackbar"><div class="fill" id="fill"></div></div><div class="pct" id="pct">0%</div></div>
       <ul class="log" id="log"></ul>
       <div class="donenote" id="initDone" style="display:none"></div>
@@ -492,15 +499,17 @@ <h1 class="vh">Updates</h1>
       function initFinish(ev) {
         const ok = !!ev.ok;
         setProgress(ok ? 100 : displayPct);
-        $("initTitle").textContent = ok ? "clawtool is ready" : "Setup needs attention";
-        $("initSub").textContent = ok ? "This device is initialized." : "Review the steps above.";
+        $("initTitle").textContent = ok ? BRAND.name + " is ready" : "Setup needs attention";
+        $("initSub").textContent = ok ? "Your gateway is live on this device." : "Review the steps above.";
         const d = $("initDone"); d.style.display = "block";
         d.innerHTML = ok
-          ? "The <code>clawtool</code> command is now on your PATH — open a <b>new</b> terminal to use it."
+          ? "The <code>" + esc(BRAND.cli) + "</code> command is on your PATH — open a <b>new</b> terminal to use it."
           : esc(ev.summary || "Something didn't finish. You can retry from the tray.");
         if (ok) setTimeout(enterApp, 1100);
       }
-      function runInitializing() {
+      async function runInitializing() {
+        await loadBrand(); applyBrand();
+        $("initTitle").textContent = "Setting up " + BRAND.name;
         showPhase("init"); setProgress(5);
         if (window.runtime && window.runtime.EventsOn) {
           window.runtime.EventsOn("install:step", addStep);

From 26370406a5276a644fdfd978989555016d0e115c Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:07:17 +0300
Subject: [PATCH 13/86] feat(desktop): scaffold frontend monorepo +
 design-system foundation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Begin the proper UI architecture refactor (replacing the single hand-written
index.html): a pnpm workspace under desktop/ with a shared @clawtool/design-system
package — Warp-grounded design tokens (CSS custom properties, 3-tier), global
base, and the first React components (Wordmark, StatusDot, Badge, Button,
Metric, Section, AgentRow, and the frameless cross-platform TitleBar with
platform-conditional window controls). A _gallery app verifies it builds with
Vite and renders. This is the shared base the installer/updater/app surfaces
and the split Go binaries will consume.
---
 desktop/.gitignore                            |    4 +
 desktop/apps/_gallery/index.html              |   11 +
 desktop/apps/_gallery/package.json            |   22 +
 desktop/apps/_gallery/src/main.tsx            |   81 ++
 desktop/apps/_gallery/src/vite-env.d.ts       |    1 +
 desktop/apps/_gallery/tsconfig.json           |    8 +
 desktop/apps/_gallery/vite.config.ts          |    6 +
 desktop/package.json                          |   12 +
 desktop/packages/design-system/package.json   |   23 +
 .../src/components/AgentRow.module.css        |   38 +
 .../design-system/src/components/AgentRow.tsx |   33 +
 .../src/components/Badge.module.css           |   11 +
 .../design-system/src/components/Badge.tsx    |    8 +
 .../src/components/Button.module.css          |   19 +
 .../design-system/src/components/Button.tsx   |   17 +
 .../src/components/Metric.module.css          |   16 +
 .../design-system/src/components/Metric.tsx   |   20 +
 .../src/components/Section.module.css         |   13 +
 .../design-system/src/components/Section.tsx  |   11 +
 .../src/components/StatusDot.module.css       |   24 +
 .../src/components/StatusDot.tsx              |    7 +
 .../src/components/TitleBar.module.css        |   34 +
 .../design-system/src/components/TitleBar.tsx |   47 +
 .../src/components/Wordmark.module.css        |    8 +
 .../design-system/src/components/Wordmark.tsx |   10 +
 desktop/packages/design-system/src/global.css |   35 +
 desktop/packages/design-system/src/index.ts   |    9 +
 .../design-system/src/lib/platform.ts         |   21 +
 desktop/packages/design-system/src/tokens.css |   72 +
 .../packages/design-system/src/types/css.d.ts |    5 +
 desktop/packages/design-system/tsconfig.json  |    8 +
 desktop/pnpm-lock.yaml                        | 1181 +++++++++++++++++
 desktop/pnpm-workspace.yaml                   |    3 +
 desktop/tsconfig.base.json                    |   19 +
 34 files changed, 1837 insertions(+)
 create mode 100644 desktop/.gitignore
 create mode 100644 desktop/apps/_gallery/index.html
 create mode 100644 desktop/apps/_gallery/package.json
 create mode 100644 desktop/apps/_gallery/src/main.tsx
 create mode 100644 desktop/apps/_gallery/src/vite-env.d.ts
 create mode 100644 desktop/apps/_gallery/tsconfig.json
 create mode 100644 desktop/apps/_gallery/vite.config.ts
 create mode 100644 desktop/package.json
 create mode 100644 desktop/packages/design-system/package.json
 create mode 100644 desktop/packages/design-system/src/components/AgentRow.module.css
 create mode 100644 desktop/packages/design-system/src/components/AgentRow.tsx
 create mode 100644 desktop/packages/design-system/src/components/Badge.module.css
 create mode 100644 desktop/packages/design-system/src/components/Badge.tsx
 create mode 100644 desktop/packages/design-system/src/components/Button.module.css
 create mode 100644 desktop/packages/design-system/src/components/Button.tsx
 create mode 100644 desktop/packages/design-system/src/components/Metric.module.css
 create mode 100644 desktop/packages/design-system/src/components/Metric.tsx
 create mode 100644 desktop/packages/design-system/src/components/Section.module.css
 create mode 100644 desktop/packages/design-system/src/components/Section.tsx
 create mode 100644 desktop/packages/design-system/src/components/StatusDot.module.css
 create mode 100644 desktop/packages/design-system/src/components/StatusDot.tsx
 create mode 100644 desktop/packages/design-system/src/components/TitleBar.module.css
 create mode 100644 desktop/packages/design-system/src/components/TitleBar.tsx
 create mode 100644 desktop/packages/design-system/src/components/Wordmark.module.css
 create mode 100644 desktop/packages/design-system/src/components/Wordmark.tsx
 create mode 100644 desktop/packages/design-system/src/global.css
 create mode 100644 desktop/packages/design-system/src/index.ts
 create mode 100644 desktop/packages/design-system/src/lib/platform.ts
 create mode 100644 desktop/packages/design-system/src/tokens.css
 create mode 100644 desktop/packages/design-system/src/types/css.d.ts
 create mode 100644 desktop/packages/design-system/tsconfig.json
 create mode 100644 desktop/pnpm-lock.yaml
 create mode 100644 desktop/pnpm-workspace.yaml
 create mode 100644 desktop/tsconfig.base.json

diff --git a/desktop/.gitignore b/desktop/.gitignore
new file mode 100644
index 0000000..62ccde4
--- /dev/null
+++ b/desktop/.gitignore
@@ -0,0 +1,4 @@
+node_modules/
+dist/
+*.tsbuildinfo
+.DS_Store
diff --git a/desktop/apps/_gallery/index.html b/desktop/apps/_gallery/index.html
new file mode 100644
index 0000000..51ef382
--- /dev/null
+++ b/desktop/apps/_gallery/index.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>design system gallery</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/desktop/apps/_gallery/package.json b/desktop/apps/_gallery/package.json
new file mode 100644
index 0000000..4c916fa
--- /dev/null
+++ b/desktop/apps/_gallery/package.json
@@ -0,0 +1,22 @@
+{
+  "name": "@clawtool/gallery",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "vite build",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@clawtool/design-system": "workspace:*",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "@vitejs/plugin-react": "^4.3.4",
+    "typescript": "^5.6.3",
+    "vite": "^6.0.7"
+  }
+}
diff --git a/desktop/apps/_gallery/src/main.tsx b/desktop/apps/_gallery/src/main.tsx
new file mode 100644
index 0000000..b6abbf5
--- /dev/null
+++ b/desktop/apps/_gallery/src/main.tsx
@@ -0,0 +1,81 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import "@clawtool/design-system/global.css";
+import {
+  AgentRow,
+  Badge,
+  Button,
+  EmptyRow,
+  List,
+  Metric,
+  MetricStrip,
+  SectionHeader,
+  StatusDot,
+  TitleBar,
+  Wordmark,
+} from "@clawtool/design-system";
+
+const noop = () => {};
+
+function Gallery() {
+  return (
+    <div style={{ display: "flex", flexDirection: "column", height: "100vh" }}>
+      <TitleBar
+        platform="windows"
+        center={<Wordmark />}
+        controls={{ onMinimize: noop, onToggleMaximize: noop, onClose: noop }}
+      />
+      <main style={{ flex: 1, overflow: "auto", padding: "30px 36px", display: "flex", flexDirection: "column" }}>
+        {/* status hero */}
+        <div style={{ display: "flex", alignItems: "center", gap: 13 }}>
+          <StatusDot tone="online" pulse />
+          <div>
+            <h1 style={{ fontSize: "var(--size-2xl)", fontWeight: 600, letterSpacing: "-0.02em" }}>Gateway active</h1>
+            <div style={{ color: "var(--text-secondary)", fontSize: 13, marginTop: 2 }}>
+              This device is reachable as a clawtool gateway.
+            </div>
+          </div>
+          <div style={{ marginLeft: "auto", textAlign: "right" }}>
+            <div className="mono" style={{ fontSize: 12, color: "var(--text-secondary)" }}>mac-studio.local</div>
+          </div>
+        </div>
+
+        <div style={{ margin: "28px 0 4px" }}>
+          <MetricStrip>
+            <Metric value="2" label="Local agents" />
+            <Metric value="0" label="LAN peers" dim />
+            <Metric value="Off" label="Cross-device" />
+          </MetricStrip>
+        </div>
+
+        <SectionHeader title="Agents on this device" action={<Button variant="ghost">Network →</Button>} />
+        <List>
+          <AgentRow name="claude" meta="claude · code" tone="online" status="online" />
+          <AgentRow name="codex" meta="codex · code" tone="online" status="online" />
+        </List>
+
+        <SectionHeader title="Component showcase" />
+        <div style={{ display: "flex", gap: 12, alignItems: "center", marginTop: 8 }}>
+          <Button variant="primary">Primary</Button>
+          <Button variant="secondary">Secondary</Button>
+          <Button variant="ghost">Ghost</Button>
+          <Badge tone="accent">accent</Badge>
+          <Badge tone="success">online</Badge>
+          <Badge tone="warning">busy</Badge>
+          <Badge>neutral</Badge>
+        </div>
+        <div style={{ marginTop: 14 }}>
+          <List>
+            <EmptyRow>No peers discovered yet — start clawtool on another machine.</EmptyRow>
+          </List>
+        </div>
+      </main>
+    </div>
+  );
+}
+
+createRoot(document.getElementById("root")!).render(
+  <StrictMode>
+    <Gallery />
+  </StrictMode>,
+);
diff --git a/desktop/apps/_gallery/src/vite-env.d.ts b/desktop/apps/_gallery/src/vite-env.d.ts
new file mode 100644
index 0000000..11f02fe
--- /dev/null
+++ b/desktop/apps/_gallery/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />
diff --git a/desktop/apps/_gallery/tsconfig.json b/desktop/apps/_gallery/tsconfig.json
new file mode 100644
index 0000000..fe31a3a
--- /dev/null
+++ b/desktop/apps/_gallery/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src", "vite.config.ts"]
+}
diff --git a/desktop/apps/_gallery/vite.config.ts b/desktop/apps/_gallery/vite.config.ts
new file mode 100644
index 0000000..081c8d9
--- /dev/null
+++ b/desktop/apps/_gallery/vite.config.ts
@@ -0,0 +1,6 @@
+import { defineConfig } from "vite";
+import react from "@vitejs/plugin-react";
+
+export default defineConfig({
+  plugins: [react()],
+});
diff --git a/desktop/package.json b/desktop/package.json
new file mode 100644
index 0000000..cb81c61
--- /dev/null
+++ b/desktop/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "clawtool-desktop",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "typecheck": "pnpm -r typecheck",
+    "build": "pnpm -r build"
+  },
+  "devDependencies": {
+    "typescript": "^5.6.3"
+  }
+}
diff --git a/desktop/packages/design-system/package.json b/desktop/packages/design-system/package.json
new file mode 100644
index 0000000..33bbda9
--- /dev/null
+++ b/desktop/packages/design-system/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "@clawtool/design-system",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "exports": {
+    ".": "./src/index.ts",
+    "./tokens.css": "./src/tokens.css",
+    "./global.css": "./src/global.css"
+  },
+  "scripts": {
+    "typecheck": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "typescript": "^5.6.3"
+  }
+}
diff --git a/desktop/packages/design-system/src/components/AgentRow.module.css b/desktop/packages/design-system/src/components/AgentRow.module.css
new file mode 100644
index 0000000..c6cf730
--- /dev/null
+++ b/desktop/packages/design-system/src/components/AgentRow.module.css
@@ -0,0 +1,38 @@
+.list { margin-top: var(--space-1); }
+.row {
+  display: flex;
+  align-items: center;
+  gap: var(--space-3);
+  padding: 11px 6px;
+  border-bottom: 1px solid var(--hairline);
+}
+.row:hover { background: var(--hover); }
+.avatar {
+  width: 26px;
+  height: 26px;
+  border-radius: 7px;
+  background: var(--accent-soft);
+  color: var(--accent);
+  display: grid;
+  place-items: center;
+  font: 600 var(--size-xs) / 1 var(--font-mono);
+  flex: none;
+  text-transform: uppercase;
+}
+.name { font-weight: 550; font-size: var(--size-md); }
+.meta { color: var(--text-secondary); font-size: var(--size-sm); margin-top: 1px; }
+.status {
+  margin-left: auto;
+  display: flex;
+  align-items: center;
+  gap: 7px;
+  font-size: var(--size-sm);
+  color: var(--text-secondary);
+  white-space: nowrap;
+}
+.empty {
+  color: var(--text-secondary);
+  font-size: var(--size-md);
+  padding: 14px 6px;
+  border-bottom: 1px solid var(--hairline);
+}
diff --git a/desktop/packages/design-system/src/components/AgentRow.tsx b/desktop/packages/design-system/src/components/AgentRow.tsx
new file mode 100644
index 0000000..b0cdd7e
--- /dev/null
+++ b/desktop/packages/design-system/src/components/AgentRow.tsx
@@ -0,0 +1,33 @@
+import type { ReactNode } from "react";
+import { StatusDot, type DotTone } from "./StatusDot";
+import styles from "./AgentRow.module.css";
+
+export function List({ children }: { children: ReactNode }) {
+  return <div className={styles.list}>{children}</div>;
+}
+
+export function AgentRow({
+  name,
+  meta,
+  tone = "online",
+  status,
+}: { name: string; meta?: string; tone?: DotTone; status?: string }) {
+  const initials = name.slice(0, 2);
+  return (
+    <div className={styles.row}>
+      <span className={styles.avatar}>{initials}</span>
+      <div className={styles.text}>
+        <div className={styles.name}>{name}</div>
+        {meta ? <div className={styles.meta}>{meta}</div> : null}
+      </div>
+      <span className={styles.status}>
+        <StatusDot tone={tone} />
+        {status ?? tone}
+      </span>
+    </div>
+  );
+}
+
+export function EmptyRow({ children }: { children: ReactNode }) {
+  return <div className={styles.empty}>{children}</div>;
+}
diff --git a/desktop/packages/design-system/src/components/Badge.module.css b/desktop/packages/design-system/src/components/Badge.module.css
new file mode 100644
index 0000000..bd49ade
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Badge.module.css
@@ -0,0 +1,11 @@
+.badge {
+  font: 500 var(--size-xs) / 1 var(--font-mono);
+  padding: 3px 9px;
+  border-radius: var(--radius-pill);
+  border: 1px solid var(--hairline);
+  color: var(--text-tertiary);
+  white-space: nowrap;
+}
+.accent { color: var(--accent); border-color: var(--accent-soft); }
+.success { color: var(--success); border-color: rgba(76, 195, 138, 0.4); }
+.warning { color: var(--warning); border-color: rgba(216, 166, 87, 0.4); }
diff --git a/desktop/packages/design-system/src/components/Badge.tsx b/desktop/packages/design-system/src/components/Badge.tsx
new file mode 100644
index 0000000..917fb05
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Badge.tsx
@@ -0,0 +1,8 @@
+import type { ReactNode } from "react";
+import styles from "./Badge.module.css";
+
+export type BadgeTone = "neutral" | "accent" | "success" | "warning";
+
+export function Badge({ tone = "neutral", children }: { tone?: BadgeTone; children: ReactNode }) {
+  return <span className={`${styles.badge} ${styles[tone]}`}>{children}</span>;
+}
diff --git a/desktop/packages/design-system/src/components/Button.module.css b/desktop/packages/design-system/src/components/Button.module.css
new file mode 100644
index 0000000..93cb31f
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Button.module.css
@@ -0,0 +1,19 @@
+.btn {
+  font: 600 var(--size-md) / 1 var(--font-ui);
+  height: 34px;
+  padding: 0 16px;
+  border-radius: var(--radius-sm);
+  border: 1px solid transparent;
+  cursor: pointer;
+  transition: background 0.14s, border-color 0.14s, color 0.14s;
+}
+.btn:disabled { opacity: 0.5; cursor: default; }
+
+.primary { background: var(--accent); color: var(--accent-ink); }
+.primary:not(:disabled):hover { background: var(--accent-hover); }
+
+.secondary { background: var(--surface); border-color: var(--hairline); color: var(--text); }
+.secondary:not(:disabled):hover { border-color: var(--accent); color: var(--accent); }
+
+.ghost { background: transparent; color: var(--text-secondary); padding: 0; height: auto; }
+.ghost:not(:disabled):hover { color: var(--accent); }
diff --git a/desktop/packages/design-system/src/components/Button.tsx b/desktop/packages/design-system/src/components/Button.tsx
new file mode 100644
index 0000000..90c281c
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Button.tsx
@@ -0,0 +1,17 @@
+import type { ButtonHTMLAttributes, ReactNode } from "react";
+import styles from "./Button.module.css";
+
+type Variant = "primary" | "secondary" | "ghost";
+
+export function Button({
+  variant = "secondary",
+  children,
+  className = "",
+  ...rest
+}: { variant?: Variant; children: ReactNode } & ButtonHTMLAttributes<HTMLButtonElement>) {
+  return (
+    <button className={`${styles.btn} ${styles[variant]} ${className}`} {...rest}>
+      {children}
+    </button>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/Metric.module.css b/desktop/packages/design-system/src/components/Metric.module.css
new file mode 100644
index 0000000..c8b518e
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Metric.module.css
@@ -0,0 +1,16 @@
+.strip { display: flex; }
+.metric {
+  padding-right: var(--space-8);
+  margin-right: var(--space-8);
+  border-right: 1px solid var(--hairline);
+}
+.metric:last-child { border-right: none; margin-right: 0; padding-right: 0; }
+.value {
+  font-size: 30px;
+  font-weight: 600;
+  letter-spacing: -0.025em;
+  font-variant-numeric: tabular-nums;
+  line-height: 1.05;
+}
+.dim { color: var(--text-tertiary); }
+.label { font-size: var(--size-xs); color: var(--text-secondary); margin-top: 6px; }
diff --git a/desktop/packages/design-system/src/components/Metric.tsx b/desktop/packages/design-system/src/components/Metric.tsx
new file mode 100644
index 0000000..c8024fa
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Metric.tsx
@@ -0,0 +1,20 @@
+import type { ReactNode } from "react";
+import styles from "./Metric.module.css";
+
+export function MetricStrip({ children }: { children: ReactNode }) {
+  return <div className={styles.strip}>{children}</div>;
+}
+
+export function Metric({
+  value,
+  label,
+  dim = false,
+  onClick,
+}: { value: ReactNode; label: string; dim?: boolean; onClick?: () => void }) {
+  return (
+    <div className={styles.metric} onClick={onClick} style={onClick ? { cursor: "pointer" } : undefined}>
+      <div className={`${styles.value} ${dim ? styles.dim : ""}`}>{value}</div>
+      <div className={styles.label}>{label}</div>
+    </div>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/Section.module.css b/desktop/packages/design-system/src/components/Section.module.css
new file mode 100644
index 0000000..5e32dca
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Section.module.css
@@ -0,0 +1,13 @@
+.header {
+  display: flex;
+  align-items: baseline;
+  justify-content: space-between;
+  margin: var(--space-8) 0 var(--space-1);
+}
+.title {
+  font-size: var(--size-xs);
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.07em;
+  color: var(--text-secondary);
+}
diff --git a/desktop/packages/design-system/src/components/Section.tsx b/desktop/packages/design-system/src/components/Section.tsx
new file mode 100644
index 0000000..d46f199
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Section.tsx
@@ -0,0 +1,11 @@
+import type { ReactNode } from "react";
+import styles from "./Section.module.css";
+
+export function SectionHeader({ title, action }: { title: string; action?: ReactNode }) {
+  return (
+    <div className={styles.header}>
+      <h2 className={styles.title}>{title}</h2>
+      {action}
+    </div>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/StatusDot.module.css b/desktop/packages/design-system/src/components/StatusDot.module.css
new file mode 100644
index 0000000..5fed848
--- /dev/null
+++ b/desktop/packages/design-system/src/components/StatusDot.module.css
@@ -0,0 +1,24 @@
+.dot {
+  width: 9px;
+  height: 9px;
+  border-radius: 50%;
+  flex: none;
+  position: relative;
+  display: inline-block;
+}
+.online { background: var(--success); }
+.busy { background: var(--warning); }
+.offline { background: var(--text-tertiary); }
+
+.pulse { width: 11px; height: 11px; }
+.pulse::after {
+  content: "";
+  position: absolute;
+  inset: -5px;
+  border-radius: 50%;
+  border: 1px solid currentColor;
+  opacity: 0.35;
+}
+.online.pulse { color: var(--success); }
+.busy.pulse { color: var(--warning); }
+.offline.pulse::after { display: none; }
diff --git a/desktop/packages/design-system/src/components/StatusDot.tsx b/desktop/packages/design-system/src/components/StatusDot.tsx
new file mode 100644
index 0000000..30647cd
--- /dev/null
+++ b/desktop/packages/design-system/src/components/StatusDot.tsx
@@ -0,0 +1,7 @@
+import styles from "./StatusDot.module.css";
+
+export type DotTone = "online" | "busy" | "offline";
+
+export function StatusDot({ tone = "online", pulse = false }: { tone?: DotTone; pulse?: boolean }) {
+  return <span className={`${styles.dot} ${styles[tone]} ${pulse ? styles.pulse : ""}`} />;
+}
diff --git a/desktop/packages/design-system/src/components/TitleBar.module.css b/desktop/packages/design-system/src/components/TitleBar.module.css
new file mode 100644
index 0000000..11cbd14
--- /dev/null
+++ b/desktop/packages/design-system/src/components/TitleBar.module.css
@@ -0,0 +1,34 @@
+.bar {
+  display: flex;
+  align-items: center;
+  height: var(--titlebar-h);
+  padding: 0 var(--space-2);
+  background: var(--surface-recessed);
+  border-bottom: 1px solid var(--hairline);
+  flex: none;
+}
+.gutterMac { width: 70px; flex: none; }
+.center {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  align-items: center;
+  gap: var(--space-2);
+  --wails-draggable: drag;
+}
+.controls {
+  display: flex;
+  --wails-draggable: no-drag;
+}
+.btn {
+  width: 44px;
+  height: var(--titlebar-h);
+  border: 0;
+  background: transparent;
+  color: var(--text-secondary);
+  display: grid;
+  place-items: center;
+  cursor: default;
+}
+.btn:hover { background: var(--hover); color: var(--text); }
+.close:hover { background: #e81123; color: #fff; }
diff --git a/desktop/packages/design-system/src/components/TitleBar.tsx b/desktop/packages/design-system/src/components/TitleBar.tsx
new file mode 100644
index 0000000..715ba19
--- /dev/null
+++ b/desktop/packages/design-system/src/components/TitleBar.tsx
@@ -0,0 +1,47 @@
+import type { CSSProperties, ReactNode } from "react";
+import type { Platform } from "../lib/platform";
+import styles from "./TitleBar.module.css";
+
+export type WindowControls = {
+  onMinimize: () => void;
+  onToggleMaximize: () => void;
+  onClose: () => void;
+};
+
+// Frameless custom titlebar. Controls sit on the LEFT for macOS (where the
+// traffic lights live) and on the RIGHT elsewhere — the one platform
+// difference users expect. The whole bar is the drag region; controls and
+// `center` opt out of dragging.
+export function TitleBar({
+  platform,
+  center,
+  controls,
+}: { platform: Platform; center?: ReactNode; controls: WindowControls }) {
+  const onMac = platform === "darwin";
+  const buttons = (
+    <div className={`${styles.controls} nodrag`}>
+      <button className={styles.btn} aria-label="Minimize" onClick={controls.onMinimize}>
+        <svg width="10" height="10" viewBox="0 0 10 10"><rect x="1" y="4.5" width="8" height="1" fill="currentColor" /></svg>
+      </button>
+      <button className={styles.btn} aria-label="Maximize" onClick={controls.onToggleMaximize}>
+        <svg width="10" height="10" viewBox="0 0 10 10" fill="none" stroke="currentColor"><rect x="1.5" y="1.5" width="7" height="7" /></svg>
+      </button>
+      <button className={`${styles.btn} ${styles.close}`} aria-label="Close" onClick={controls.onClose}>
+        <svg width="10" height="10" viewBox="0 0 10 10" stroke="currentColor" strokeWidth="1.2"><path d="M1 1l8 8M9 1l-8 8" /></svg>
+      </button>
+    </div>
+  );
+
+  return (
+    <header
+      className={styles.bar}
+      style={{ "--wails-draggable": "drag" } as CSSProperties}
+      onDoubleClick={controls.onToggleMaximize}
+    >
+      {onMac ? buttons : null}
+      {onMac ? <div className={styles.gutterMac} /> : null}
+      <div className={styles.center}>{center}</div>
+      {onMac ? null : buttons}
+    </header>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/Wordmark.module.css b/desktop/packages/design-system/src/components/Wordmark.module.css
new file mode 100644
index 0000000..dda71ca
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Wordmark.module.css
@@ -0,0 +1,8 @@
+.wm {
+  font-weight: 600;
+  letter-spacing: -0.01em;
+  color: var(--text);
+}
+.dot {
+  color: var(--accent);
+}
diff --git a/desktop/packages/design-system/src/components/Wordmark.tsx b/desktop/packages/design-system/src/components/Wordmark.tsx
new file mode 100644
index 0000000..06cf73d
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Wordmark.tsx
@@ -0,0 +1,10 @@
+import styles from "./Wordmark.module.css";
+
+export function Wordmark({ name = "clawtool", size = 15 }: { name?: string; size?: number }) {
+  return (
+    <span className={styles.wm} style={{ fontSize: size }}>
+      {name}
+      <span className={styles.dot}>.</span>
+    </span>
+  );
+}
diff --git a/desktop/packages/design-system/src/global.css b/desktop/packages/design-system/src/global.css
new file mode 100644
index 0000000..a679a49
--- /dev/null
+++ b/desktop/packages/design-system/src/global.css
@@ -0,0 +1,35 @@
+/* Global resets + base, shared by every surface. Import once per app
+   (after tokens.css). */
+@import "./tokens.css";
+
+* { box-sizing: border-box; margin: 0; padding: 0; }
+html, body, #root { height: 100%; }
+
+body {
+  font-family: var(--font-ui);
+  font-size: var(--size-md);
+  line-height: 1.45;
+  background: var(--bg);
+  color: var(--text);
+  -webkit-font-smoothing: antialiased;
+  -webkit-user-select: none;
+  user-select: none;
+  overflow: hidden;
+}
+
+a { color: inherit; text-decoration: none; }
+.nodrag { --wails-draggable: no-drag; }
+button { font: inherit; color: inherit; }
+code, .mono { font-family: var(--font-mono); }
+
+::-webkit-scrollbar { width: 9px; height: 9px; }
+::-webkit-scrollbar-thumb {
+  background: var(--hairline-strong);
+  border-radius: var(--radius-lg);
+  border: 2px solid transparent;
+  background-clip: content-box;
+}
+::-webkit-scrollbar-track { background: transparent; }
+
+@keyframes ct-spin { to { transform: rotate(360deg); } }
+@keyframes ct-fadein { from { opacity: 0; transform: translateY(2px); } to { opacity: 1; transform: none; } }
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
new file mode 100644
index 0000000..3b54688
--- /dev/null
+++ b/desktop/packages/design-system/src/index.ts
@@ -0,0 +1,9 @@
+export { Wordmark } from "./components/Wordmark";
+export { StatusDot, type DotTone } from "./components/StatusDot";
+export { Badge, type BadgeTone } from "./components/Badge";
+export { Button } from "./components/Button";
+export { Metric, MetricStrip } from "./components/Metric";
+export { SectionHeader } from "./components/Section";
+export { AgentRow, List, EmptyRow } from "./components/AgentRow";
+export { TitleBar, type WindowControls } from "./components/TitleBar";
+export { getPlatform, isMac, type Platform } from "./lib/platform";
diff --git a/desktop/packages/design-system/src/lib/platform.ts b/desktop/packages/design-system/src/lib/platform.ts
new file mode 100644
index 0000000..bf609a3
--- /dev/null
+++ b/desktop/packages/design-system/src/lib/platform.ts
@@ -0,0 +1,21 @@
+// Platform of the host OS, read from the Wails runtime when present.
+// Falls back to "web" when running in a plain browser (dev/preview).
+export type Platform = "darwin" | "windows" | "linux" | "web";
+
+type WailsEnv = { platform?: string };
+
+export async function getPlatform(): Promise<Platform> {
+  const rt = (globalThis as { runtime?: { Environment?: () => Promise<WailsEnv> } }).runtime;
+  try {
+    const env = rt?.Environment ? await rt.Environment() : undefined;
+    const p = env?.platform;
+    if (p === "darwin" || p === "windows" || p === "linux") return p;
+  } catch {
+    /* not under Wails */
+  }
+  return "web";
+}
+
+export function isMac(p: Platform): boolean {
+  return p === "darwin";
+}
diff --git a/desktop/packages/design-system/src/tokens.css b/desktop/packages/design-system/src/tokens.css
new file mode 100644
index 0000000..0a04446
--- /dev/null
+++ b/desktop/packages/design-system/src/tokens.css
@@ -0,0 +1,72 @@
+/*
+ * Design tokens — single source of truth for the clawtool desktop UI.
+ * Three tiers: primitives -> semantic -> component. Grounded in a
+ * well-regarded terminal's shipped default dark theme: a calm #181818 base,
+ * opacity-layered neutral surfaces, ONE cool accent used sparingly, hairline
+ * borders, small radii, no gradients.
+ */
+:root {
+  /* ── 1. primitives ─────────────────────────────────────────── */
+  --c-ink-0: #181818;            /* base */
+  --c-ink-1: #1c1c1c;            /* +5% elevation */
+  --c-ink-2: #202020;            /* +10% elevation */
+  --c-ink-3: #151515;            /* recessed (sidebar) */
+  --c-fg: 227, 227, 227;         /* foreground as r,g,b for rgba() opacity tiers */
+  --c-accent: #7cafc2;           /* cool cyan-blue */
+  --c-accent-hi: #8ab9ca;
+  --c-accent-ink: #0e1417;       /* text on accent fills */
+  --c-green: #4cc38a;
+  --c-amber: #d8a657;
+  --c-red: #e06c75;
+
+  --space-1: 4px;
+  --space-2: 8px;
+  --space-3: 12px;
+  --space-4: 16px;
+  --space-5: 20px;
+  --space-6: 24px;
+  --space-8: 32px;
+
+  --radius-sm: 4px;
+  --radius-md: 6px;
+  --radius-lg: 8px;
+  --radius-pill: 999px;
+
+  --font-ui: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, system-ui, sans-serif;
+  --font-mono: "SF Mono", "JetBrains Mono", "Cascadia Code", ui-monospace, Menlo, Consolas, monospace;
+
+  --size-xs: 11px;
+  --size-sm: 12px;
+  --size-md: 13px;
+  --size-lg: 16px;
+  --size-xl: 22px;
+  --size-2xl: 26px;
+
+  /* ── 2. semantic ───────────────────────────────────────────── */
+  --bg: var(--c-ink-0);
+  --surface: var(--c-ink-2);
+  --surface-recessed: var(--c-ink-3);
+
+  --text: rgba(var(--c-fg), 0.92);
+  --text-secondary: rgba(var(--c-fg), 0.60);
+  --text-tertiary: rgba(var(--c-fg), 0.40);
+  --text-disabled: rgba(var(--c-fg), 0.22);
+
+  --hairline: rgba(var(--c-fg), 0.10);
+  --hairline-strong: rgba(var(--c-fg), 0.16);
+  --hover: rgba(var(--c-fg), 0.04);
+
+  --accent: var(--c-accent);
+  --accent-hover: var(--c-accent-hi);
+  --accent-soft: rgba(124, 175, 194, 0.14);
+  --accent-ink: var(--c-accent-ink);
+
+  --success: var(--c-green);
+  --warning: var(--c-amber);
+  --danger: var(--c-red);
+
+  --shadow-overlay: 0 12px 32px rgba(0, 0, 0, 0.45);
+
+  /* window chrome */
+  --titlebar-h: 38px;
+}
diff --git a/desktop/packages/design-system/src/types/css.d.ts b/desktop/packages/design-system/src/types/css.d.ts
new file mode 100644
index 0000000..f8c72d2
--- /dev/null
+++ b/desktop/packages/design-system/src/types/css.d.ts
@@ -0,0 +1,5 @@
+declare module "*.module.css" {
+  const classes: { readonly [key: string]: string };
+  export default classes;
+}
+declare module "*.css";
diff --git a/desktop/packages/design-system/tsconfig.json b/desktop/packages/design-system/tsconfig.json
new file mode 100644
index 0000000..dee81a1
--- /dev/null
+++ b/desktop/packages/design-system/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src"]
+}
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
new file mode 100644
index 0000000..11f29da
--- /dev/null
+++ b/desktop/pnpm-lock.yaml
@@ -0,0 +1,1181 @@
+lockfileVersion: '9.0'
+
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
+
+importers:
+
+  .:
+    devDependencies:
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+
+  apps/_gallery:
+    dependencies:
+      '@clawtool/design-system':
+        specifier: workspace:*
+        version: link:../../packages/design-system
+      react:
+        specifier: ^18.3.1
+        version: 18.3.1
+      react-dom:
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
+    devDependencies:
+      '@types/react':
+        specifier: ^18.3.12
+        version: 18.3.29
+      '@types/react-dom':
+        specifier: ^18.3.1
+        version: 18.3.7(@types/react@18.3.29)
+      '@vitejs/plugin-react':
+        specifier: ^4.3.4
+        version: 4.7.0(vite@6.4.2)
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+      vite:
+        specifier: ^6.0.7
+        version: 6.4.2
+
+  packages/design-system:
+    dependencies:
+      react:
+        specifier: ^18.3.1
+        version: 18.3.1
+      react-dom:
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
+    devDependencies:
+      '@types/react':
+        specifier: ^18.3.12
+        version: 18.3.29
+      '@types/react-dom':
+        specifier: ^18.3.1
+        version: 18.3.7(@types/react@18.3.29)
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+
+packages:
+
+  '@babel/code-frame@7.29.7':
+    resolution: {integrity: sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/compat-data@7.29.7':
+    resolution: {integrity: sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/core@7.29.7':
+    resolution: {integrity: sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/generator@7.29.7':
+    resolution: {integrity: sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-compilation-targets@7.29.7':
+    resolution: {integrity: sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-globals@7.29.7':
+    resolution: {integrity: sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-module-imports@7.29.7':
+    resolution: {integrity: sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-module-transforms@7.29.7':
+    resolution: {integrity: sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0
+
+  '@babel/helper-plugin-utils@7.29.7':
+    resolution: {integrity: sha512-G7sHYigPY17oO5SYWnfD/0MTBwVR781S/JI643e/JhUYgVgWE/61SoW3NH9KWUKyKq5LVh3npif99Wkt6j86Jw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-string-parser@7.29.7':
+    resolution: {integrity: sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-validator-identifier@7.29.7':
+    resolution: {integrity: sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-validator-option@7.29.7':
+    resolution: {integrity: sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helpers@7.29.7':
+    resolution: {integrity: sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/parser@7.29.7':
+    resolution: {integrity: sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+
+  '@babel/plugin-transform-react-jsx-self@7.29.7':
+    resolution: {integrity: sha512-TL0hMc9xzy86VD31nUiwzd5otRAcyEPcsegCxolO0PvcXuH1v0kECe/UIznYFihpkvU5wg/jk4v0TTEFfm53fw==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
+  '@babel/plugin-transform-react-jsx-source@7.29.7':
+    resolution: {integrity: sha512-06IyK09H3wi4cGbhDBwp5gUGo0IKtnYa8tyTiephirPCK6fbobVGiXMMI5zLQ4aKEYP3wZ3ArU44o+8KMrSG/Q==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
+  '@babel/template@7.29.7':
+    resolution: {integrity: sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/traverse@7.29.7':
+    resolution: {integrity: sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/types@7.29.7':
+    resolution: {integrity: sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==}
+    engines: {node: '>=6.9.0'}
+
+  '@esbuild/aix-ppc64@0.25.12':
+    resolution: {integrity: sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==}
+    engines: {node: '>=18'}
+    cpu: [ppc64]
+    os: [aix]
+
+  '@esbuild/android-arm64@0.25.12':
+    resolution: {integrity: sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [android]
+
+  '@esbuild/android-arm@0.25.12':
+    resolution: {integrity: sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==}
+    engines: {node: '>=18'}
+    cpu: [arm]
+    os: [android]
+
+  '@esbuild/android-x64@0.25.12':
+    resolution: {integrity: sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [android]
+
+  '@esbuild/darwin-arm64@0.25.12':
+    resolution: {integrity: sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@esbuild/darwin-x64@0.25.12':
+    resolution: {integrity: sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@esbuild/freebsd-arm64@0.25.12':
+    resolution: {integrity: sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@esbuild/freebsd-x64@0.25.12':
+    resolution: {integrity: sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@esbuild/linux-arm64@0.25.12':
+    resolution: {integrity: sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@esbuild/linux-arm@0.25.12':
+    resolution: {integrity: sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==}
+    engines: {node: '>=18'}
+    cpu: [arm]
+    os: [linux]
+
+  '@esbuild/linux-ia32@0.25.12':
+    resolution: {integrity: sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==}
+    engines: {node: '>=18'}
+    cpu: [ia32]
+    os: [linux]
+
+  '@esbuild/linux-loong64@0.25.12':
+    resolution: {integrity: sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==}
+    engines: {node: '>=18'}
+    cpu: [loong64]
+    os: [linux]
+
+  '@esbuild/linux-mips64el@0.25.12':
+    resolution: {integrity: sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==}
+    engines: {node: '>=18'}
+    cpu: [mips64el]
+    os: [linux]
+
+  '@esbuild/linux-ppc64@0.25.12':
+    resolution: {integrity: sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==}
+    engines: {node: '>=18'}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@esbuild/linux-riscv64@0.25.12':
+    resolution: {integrity: sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==}
+    engines: {node: '>=18'}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@esbuild/linux-s390x@0.25.12':
+    resolution: {integrity: sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==}
+    engines: {node: '>=18'}
+    cpu: [s390x]
+    os: [linux]
+
+  '@esbuild/linux-x64@0.25.12':
+    resolution: {integrity: sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [linux]
+
+  '@esbuild/netbsd-arm64@0.25.12':
+    resolution: {integrity: sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [netbsd]
+
+  '@esbuild/netbsd-x64@0.25.12':
+    resolution: {integrity: sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [netbsd]
+
+  '@esbuild/openbsd-arm64@0.25.12':
+    resolution: {integrity: sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [openbsd]
+
+  '@esbuild/openbsd-x64@0.25.12':
+    resolution: {integrity: sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [openbsd]
+
+  '@esbuild/openharmony-arm64@0.25.12':
+    resolution: {integrity: sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [openharmony]
+
+  '@esbuild/sunos-x64@0.25.12':
+    resolution: {integrity: sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [sunos]
+
+  '@esbuild/win32-arm64@0.25.12':
+    resolution: {integrity: sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@esbuild/win32-ia32@0.25.12':
+    resolution: {integrity: sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==}
+    engines: {node: '>=18'}
+    cpu: [ia32]
+    os: [win32]
+
+  '@esbuild/win32-x64@0.25.12':
+    resolution: {integrity: sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [win32]
+
+  '@jridgewell/gen-mapping@0.3.13':
+    resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==}
+
+  '@jridgewell/remapping@2.3.5':
+    resolution: {integrity: sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==}
+
+  '@jridgewell/resolve-uri@3.1.2':
+    resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==}
+    engines: {node: '>=6.0.0'}
+
+  '@jridgewell/sourcemap-codec@1.5.5':
+    resolution: {integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==}
+
+  '@jridgewell/trace-mapping@0.3.31':
+    resolution: {integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==}
+
+  '@rolldown/pluginutils@1.0.0-beta.27':
+    resolution: {integrity: sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==}
+
+  '@rollup/rollup-android-arm-eabi@4.60.4':
+    resolution: {integrity: sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==}
+    cpu: [arm]
+    os: [android]
+
+  '@rollup/rollup-android-arm64@4.60.4':
+    resolution: {integrity: sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==}
+    cpu: [arm64]
+    os: [android]
+
+  '@rollup/rollup-darwin-arm64@4.60.4':
+    resolution: {integrity: sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@rollup/rollup-darwin-x64@4.60.4':
+    resolution: {integrity: sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@rollup/rollup-freebsd-arm64@4.60.4':
+    resolution: {integrity: sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@rollup/rollup-freebsd-x64@4.60.4':
+    resolution: {integrity: sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.60.4':
+    resolution: {integrity: sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==}
+    cpu: [arm]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-arm-musleabihf@4.60.4':
+    resolution: {integrity: sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==}
+    cpu: [arm]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-linux-arm64-gnu@4.60.4':
+    resolution: {integrity: sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-arm64-musl@4.60.4':
+    resolution: {integrity: sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-linux-loong64-gnu@4.60.4':
+    resolution: {integrity: sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==}
+    cpu: [loong64]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-loong64-musl@4.60.4':
+    resolution: {integrity: sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==}
+    cpu: [loong64]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-linux-ppc64-gnu@4.60.4':
+    resolution: {integrity: sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-ppc64-musl@4.60.4':
+    resolution: {integrity: sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-linux-riscv64-gnu@4.60.4':
+    resolution: {integrity: sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-riscv64-musl@4.60.4':
+    resolution: {integrity: sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-linux-s390x-gnu@4.60.4':
+    resolution: {integrity: sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==}
+    cpu: [s390x]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-x64-gnu@4.60.4':
+    resolution: {integrity: sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
+  '@rollup/rollup-linux-x64-musl@4.60.4':
+    resolution: {integrity: sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
+  '@rollup/rollup-openbsd-x64@4.60.4':
+    resolution: {integrity: sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==}
+    cpu: [x64]
+    os: [openbsd]
+
+  '@rollup/rollup-openharmony-arm64@4.60.4':
+    resolution: {integrity: sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==}
+    cpu: [arm64]
+    os: [openharmony]
+
+  '@rollup/rollup-win32-arm64-msvc@4.60.4':
+    resolution: {integrity: sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==}
+    cpu: [arm64]
+    os: [win32]
+
+  '@rollup/rollup-win32-ia32-msvc@4.60.4':
+    resolution: {integrity: sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==}
+    cpu: [ia32]
+    os: [win32]
+
+  '@rollup/rollup-win32-x64-gnu@4.60.4':
+    resolution: {integrity: sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==}
+    cpu: [x64]
+    os: [win32]
+
+  '@rollup/rollup-win32-x64-msvc@4.60.4':
+    resolution: {integrity: sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==}
+    cpu: [x64]
+    os: [win32]
+
+  '@types/babel__core@7.20.5':
+    resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
+
+  '@types/babel__generator@7.27.0':
+    resolution: {integrity: sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==}
+
+  '@types/babel__template@7.4.4':
+    resolution: {integrity: sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==}
+
+  '@types/babel__traverse@7.28.0':
+    resolution: {integrity: sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==}
+
+  '@types/estree@1.0.8':
+    resolution: {integrity: sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==}
+
+  '@types/prop-types@15.7.15':
+    resolution: {integrity: sha512-F6bEyamV9jKGAFBEmlQnesRPGOQqS2+Uwi0Em15xenOxHaf2hv6L8YCVn3rPdPJOiJfPiCnLIRyvwVaqMY3MIw==}
+
+  '@types/react-dom@18.3.7':
+    resolution: {integrity: sha512-MEe3UeoENYVFXzoXEWsvcpg6ZvlrFNlOQ7EOsvhI3CfAXwzPfO8Qwuxd40nepsYKqyyVQnTdEfv68q91yLcKrQ==}
+    peerDependencies:
+      '@types/react': ^18.0.0
+
+  '@types/react@18.3.29':
+    resolution: {integrity: sha512-ch0qJdr2JY0r04NXSprbK6TXOgnaJ1Tz23fm5W+z0/CBah6BSBc3n96h7K9GOtwh0HrilNWHIBzE1Ko4Dcw/Wg==}
+
+  '@vitejs/plugin-react@4.7.0':
+    resolution: {integrity: sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    peerDependencies:
+      vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0
+
+  baseline-browser-mapping@2.10.32:
+    resolution: {integrity: sha512-wbPvpyjJPC0zdfdKXxqEL3Ea+bOMD/87X4lftiJkkaBiuG6ALQy1SLmEd7BSmVCuwCQsBrCamgBoLyfFDD1EPg==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+
+  browserslist@4.28.2:
+    resolution: {integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==}
+    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
+    hasBin: true
+
+  caniuse-lite@1.0.30001793:
+    resolution: {integrity: sha512-iwSsYWaCOoh26cV8NwNRViHlrfUvYsHDfRVcbtmw0Kg6PJIZZXwMkj1442FYLBGkeUf1juAsU3DTfxW579mrPA==}
+
+  convert-source-map@2.0.0:
+    resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
+
+  csstype@3.2.3:
+    resolution: {integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==}
+
+  debug@4.4.3:
+    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
+    engines: {node: '>=6.0'}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
+  electron-to-chromium@1.5.362:
+    resolution: {integrity: sha512-PUY2DrLvkjkUuWqq+KPL2iWshrJsZOcIojzRQ7eXFacc9dWga7MGMJAa15VbiejSZB1PAXaRLAiKgruHP8LB1w==}
+
+  esbuild@0.25.12:
+    resolution: {integrity: sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  escalade@3.2.0:
+    resolution: {integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==}
+    engines: {node: '>=6'}
+
+  fdir@6.5.0:
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
+    engines: {node: '>=12.0.0'}
+    peerDependencies:
+      picomatch: ^3 || ^4
+    peerDependenciesMeta:
+      picomatch:
+        optional: true
+
+  fsevents@2.3.3:
+    resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+
+  gensync@1.0.0-beta.2:
+    resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==}
+    engines: {node: '>=6.9.0'}
+
+  js-tokens@4.0.0:
+    resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
+
+  jsesc@3.1.0:
+    resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  json5@2.2.3:
+    resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  loose-envify@1.4.0:
+    resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
+    hasBin: true
+
+  lru-cache@5.1.1:
+    resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==}
+
+  ms@2.1.3:
+    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
+
+  nanoid@3.3.12:
+    resolution: {integrity: sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==}
+    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
+    hasBin: true
+
+  node-releases@2.0.46:
+    resolution: {integrity: sha512-GYVXHE2KnrzAfsAjl4uP++evGFCrAU1jta4ubEjIG7YWt/64Gqv66a30yKwWczVjA6j3bM4nBwH7Pk1JmDHaxQ==}
+    engines: {node: '>=18'}
+
+  picocolors@1.1.1:
+    resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
+
+  picomatch@4.0.4:
+    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
+    engines: {node: '>=12'}
+
+  postcss@8.5.15:
+    resolution: {integrity: sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==}
+    engines: {node: ^10 || ^12 || >=14}
+
+  react-dom@18.3.1:
+    resolution: {integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==}
+    peerDependencies:
+      react: ^18.3.1
+
+  react-refresh@0.17.0:
+    resolution: {integrity: sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==}
+    engines: {node: '>=0.10.0'}
+
+  react@18.3.1:
+    resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==}
+    engines: {node: '>=0.10.0'}
+
+  rollup@4.60.4:
+    resolution: {integrity: sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==}
+    engines: {node: '>=18.0.0', npm: '>=8.0.0'}
+    hasBin: true
+
+  scheduler@0.23.2:
+    resolution: {integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==}
+
+  semver@6.3.1:
+    resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==}
+    hasBin: true
+
+  source-map-js@1.2.1:
+    resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
+    engines: {node: '>=0.10.0'}
+
+  tinyglobby@0.2.16:
+    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
+    engines: {node: '>=12.0.0'}
+
+  typescript@5.9.3:
+    resolution: {integrity: sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==}
+    engines: {node: '>=14.17'}
+    hasBin: true
+
+  update-browserslist-db@1.2.3:
+    resolution: {integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==}
+    hasBin: true
+    peerDependencies:
+      browserslist: '>= 4.21.0'
+
+  vite@6.4.2:
+    resolution: {integrity: sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || ^20.0.0 || >=22.0.0
+      jiti: '>=1.21.0'
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      sass-embedded: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.16.0
+      tsx: ^4.8.1
+      yaml: ^2.4.2
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      jiti:
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      sass-embedded:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+      tsx:
+        optional: true
+      yaml:
+        optional: true
+
+  yallist@3.1.1:
+    resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}
+
+snapshots:
+
+  '@babel/code-frame@7.29.7':
+    dependencies:
+      '@babel/helper-validator-identifier': 7.29.7
+      js-tokens: 4.0.0
+      picocolors: 1.1.1
+
+  '@babel/compat-data@7.29.7': {}
+
+  '@babel/core@7.29.7':
+    dependencies:
+      '@babel/code-frame': 7.29.7
+      '@babel/generator': 7.29.7
+      '@babel/helper-compilation-targets': 7.29.7
+      '@babel/helper-module-transforms': 7.29.7(@babel/core@7.29.7)
+      '@babel/helpers': 7.29.7
+      '@babel/parser': 7.29.7
+      '@babel/template': 7.29.7
+      '@babel/traverse': 7.29.7
+      '@babel/types': 7.29.7
+      '@jridgewell/remapping': 2.3.5
+      convert-source-map: 2.0.0
+      debug: 4.4.3
+      gensync: 1.0.0-beta.2
+      json5: 2.2.3
+      semver: 6.3.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/generator@7.29.7':
+    dependencies:
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+      '@jridgewell/gen-mapping': 0.3.13
+      '@jridgewell/trace-mapping': 0.3.31
+      jsesc: 3.1.0
+
+  '@babel/helper-compilation-targets@7.29.7':
+    dependencies:
+      '@babel/compat-data': 7.29.7
+      '@babel/helper-validator-option': 7.29.7
+      browserslist: 4.28.2
+      lru-cache: 5.1.1
+      semver: 6.3.1
+
+  '@babel/helper-globals@7.29.7': {}
+
+  '@babel/helper-module-imports@7.29.7':
+    dependencies:
+      '@babel/traverse': 7.29.7
+      '@babel/types': 7.29.7
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/helper-module-transforms@7.29.7(@babel/core@7.29.7)':
+    dependencies:
+      '@babel/core': 7.29.7
+      '@babel/helper-module-imports': 7.29.7
+      '@babel/helper-validator-identifier': 7.29.7
+      '@babel/traverse': 7.29.7
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/helper-plugin-utils@7.29.7': {}
+
+  '@babel/helper-string-parser@7.29.7': {}
+
+  '@babel/helper-validator-identifier@7.29.7': {}
+
+  '@babel/helper-validator-option@7.29.7': {}
+
+  '@babel/helpers@7.29.7':
+    dependencies:
+      '@babel/template': 7.29.7
+      '@babel/types': 7.29.7
+
+  '@babel/parser@7.29.7':
+    dependencies:
+      '@babel/types': 7.29.7
+
+  '@babel/plugin-transform-react-jsx-self@7.29.7(@babel/core@7.29.7)':
+    dependencies:
+      '@babel/core': 7.29.7
+      '@babel/helper-plugin-utils': 7.29.7
+
+  '@babel/plugin-transform-react-jsx-source@7.29.7(@babel/core@7.29.7)':
+    dependencies:
+      '@babel/core': 7.29.7
+      '@babel/helper-plugin-utils': 7.29.7
+
+  '@babel/template@7.29.7':
+    dependencies:
+      '@babel/code-frame': 7.29.7
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+
+  '@babel/traverse@7.29.7':
+    dependencies:
+      '@babel/code-frame': 7.29.7
+      '@babel/generator': 7.29.7
+      '@babel/helper-globals': 7.29.7
+      '@babel/parser': 7.29.7
+      '@babel/template': 7.29.7
+      '@babel/types': 7.29.7
+      debug: 4.4.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/types@7.29.7':
+    dependencies:
+      '@babel/helper-string-parser': 7.29.7
+      '@babel/helper-validator-identifier': 7.29.7
+
+  '@esbuild/aix-ppc64@0.25.12':
+    optional: true
+
+  '@esbuild/android-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/android-arm@0.25.12':
+    optional: true
+
+  '@esbuild/android-x64@0.25.12':
+    optional: true
+
+  '@esbuild/darwin-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/darwin-x64@0.25.12':
+    optional: true
+
+  '@esbuild/freebsd-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/freebsd-x64@0.25.12':
+    optional: true
+
+  '@esbuild/linux-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/linux-arm@0.25.12':
+    optional: true
+
+  '@esbuild/linux-ia32@0.25.12':
+    optional: true
+
+  '@esbuild/linux-loong64@0.25.12':
+    optional: true
+
+  '@esbuild/linux-mips64el@0.25.12':
+    optional: true
+
+  '@esbuild/linux-ppc64@0.25.12':
+    optional: true
+
+  '@esbuild/linux-riscv64@0.25.12':
+    optional: true
+
+  '@esbuild/linux-s390x@0.25.12':
+    optional: true
+
+  '@esbuild/linux-x64@0.25.12':
+    optional: true
+
+  '@esbuild/netbsd-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/netbsd-x64@0.25.12':
+    optional: true
+
+  '@esbuild/openbsd-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/openbsd-x64@0.25.12':
+    optional: true
+
+  '@esbuild/openharmony-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/sunos-x64@0.25.12':
+    optional: true
+
+  '@esbuild/win32-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/win32-ia32@0.25.12':
+    optional: true
+
+  '@esbuild/win32-x64@0.25.12':
+    optional: true
+
+  '@jridgewell/gen-mapping@0.3.13':
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.5.5
+      '@jridgewell/trace-mapping': 0.3.31
+
+  '@jridgewell/remapping@2.3.5':
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.13
+      '@jridgewell/trace-mapping': 0.3.31
+
+  '@jridgewell/resolve-uri@3.1.2': {}
+
+  '@jridgewell/sourcemap-codec@1.5.5': {}
+
+  '@jridgewell/trace-mapping@0.3.31':
+    dependencies:
+      '@jridgewell/resolve-uri': 3.1.2
+      '@jridgewell/sourcemap-codec': 1.5.5
+
+  '@rolldown/pluginutils@1.0.0-beta.27': {}
+
+  '@rollup/rollup-android-arm-eabi@4.60.4':
+    optional: true
+
+  '@rollup/rollup-android-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-darwin-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-darwin-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-freebsd-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-freebsd-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm-musleabihf@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-loong64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-loong64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-ppc64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-ppc64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-s390x-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-x64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-x64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-openbsd-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-openharmony-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-arm64-msvc@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-ia32-msvc@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-x64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-x64-msvc@4.60.4':
+    optional: true
+
+  '@types/babel__core@7.20.5':
+    dependencies:
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+      '@types/babel__generator': 7.27.0
+      '@types/babel__template': 7.4.4
+      '@types/babel__traverse': 7.28.0
+
+  '@types/babel__generator@7.27.0':
+    dependencies:
+      '@babel/types': 7.29.7
+
+  '@types/babel__template@7.4.4':
+    dependencies:
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+
+  '@types/babel__traverse@7.28.0':
+    dependencies:
+      '@babel/types': 7.29.7
+
+  '@types/estree@1.0.8': {}
+
+  '@types/prop-types@15.7.15': {}
+
+  '@types/react-dom@18.3.7(@types/react@18.3.29)':
+    dependencies:
+      '@types/react': 18.3.29
+
+  '@types/react@18.3.29':
+    dependencies:
+      '@types/prop-types': 15.7.15
+      csstype: 3.2.3
+
+  '@vitejs/plugin-react@4.7.0(vite@6.4.2)':
+    dependencies:
+      '@babel/core': 7.29.7
+      '@babel/plugin-transform-react-jsx-self': 7.29.7(@babel/core@7.29.7)
+      '@babel/plugin-transform-react-jsx-source': 7.29.7(@babel/core@7.29.7)
+      '@rolldown/pluginutils': 1.0.0-beta.27
+      '@types/babel__core': 7.20.5
+      react-refresh: 0.17.0
+      vite: 6.4.2
+    transitivePeerDependencies:
+      - supports-color
+
+  baseline-browser-mapping@2.10.32: {}
+
+  browserslist@4.28.2:
+    dependencies:
+      baseline-browser-mapping: 2.10.32
+      caniuse-lite: 1.0.30001793
+      electron-to-chromium: 1.5.362
+      node-releases: 2.0.46
+      update-browserslist-db: 1.2.3(browserslist@4.28.2)
+
+  caniuse-lite@1.0.30001793: {}
+
+  convert-source-map@2.0.0: {}
+
+  csstype@3.2.3: {}
+
+  debug@4.4.3:
+    dependencies:
+      ms: 2.1.3
+
+  electron-to-chromium@1.5.362: {}
+
+  esbuild@0.25.12:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.25.12
+      '@esbuild/android-arm': 0.25.12
+      '@esbuild/android-arm64': 0.25.12
+      '@esbuild/android-x64': 0.25.12
+      '@esbuild/darwin-arm64': 0.25.12
+      '@esbuild/darwin-x64': 0.25.12
+      '@esbuild/freebsd-arm64': 0.25.12
+      '@esbuild/freebsd-x64': 0.25.12
+      '@esbuild/linux-arm': 0.25.12
+      '@esbuild/linux-arm64': 0.25.12
+      '@esbuild/linux-ia32': 0.25.12
+      '@esbuild/linux-loong64': 0.25.12
+      '@esbuild/linux-mips64el': 0.25.12
+      '@esbuild/linux-ppc64': 0.25.12
+      '@esbuild/linux-riscv64': 0.25.12
+      '@esbuild/linux-s390x': 0.25.12
+      '@esbuild/linux-x64': 0.25.12
+      '@esbuild/netbsd-arm64': 0.25.12
+      '@esbuild/netbsd-x64': 0.25.12
+      '@esbuild/openbsd-arm64': 0.25.12
+      '@esbuild/openbsd-x64': 0.25.12
+      '@esbuild/openharmony-arm64': 0.25.12
+      '@esbuild/sunos-x64': 0.25.12
+      '@esbuild/win32-arm64': 0.25.12
+      '@esbuild/win32-ia32': 0.25.12
+      '@esbuild/win32-x64': 0.25.12
+
+  escalade@3.2.0: {}
+
+  fdir@6.5.0(picomatch@4.0.4):
+    optionalDependencies:
+      picomatch: 4.0.4
+
+  fsevents@2.3.3:
+    optional: true
+
+  gensync@1.0.0-beta.2: {}
+
+  js-tokens@4.0.0: {}
+
+  jsesc@3.1.0: {}
+
+  json5@2.2.3: {}
+
+  loose-envify@1.4.0:
+    dependencies:
+      js-tokens: 4.0.0
+
+  lru-cache@5.1.1:
+    dependencies:
+      yallist: 3.1.1
+
+  ms@2.1.3: {}
+
+  nanoid@3.3.12: {}
+
+  node-releases@2.0.46: {}
+
+  picocolors@1.1.1: {}
+
+  picomatch@4.0.4: {}
+
+  postcss@8.5.15:
+    dependencies:
+      nanoid: 3.3.12
+      picocolors: 1.1.1
+      source-map-js: 1.2.1
+
+  react-dom@18.3.1(react@18.3.1):
+    dependencies:
+      loose-envify: 1.4.0
+      react: 18.3.1
+      scheduler: 0.23.2
+
+  react-refresh@0.17.0: {}
+
+  react@18.3.1:
+    dependencies:
+      loose-envify: 1.4.0
+
+  rollup@4.60.4:
+    dependencies:
+      '@types/estree': 1.0.8
+    optionalDependencies:
+      '@rollup/rollup-android-arm-eabi': 4.60.4
+      '@rollup/rollup-android-arm64': 4.60.4
+      '@rollup/rollup-darwin-arm64': 4.60.4
+      '@rollup/rollup-darwin-x64': 4.60.4
+      '@rollup/rollup-freebsd-arm64': 4.60.4
+      '@rollup/rollup-freebsd-x64': 4.60.4
+      '@rollup/rollup-linux-arm-gnueabihf': 4.60.4
+      '@rollup/rollup-linux-arm-musleabihf': 4.60.4
+      '@rollup/rollup-linux-arm64-gnu': 4.60.4
+      '@rollup/rollup-linux-arm64-musl': 4.60.4
+      '@rollup/rollup-linux-loong64-gnu': 4.60.4
+      '@rollup/rollup-linux-loong64-musl': 4.60.4
+      '@rollup/rollup-linux-ppc64-gnu': 4.60.4
+      '@rollup/rollup-linux-ppc64-musl': 4.60.4
+      '@rollup/rollup-linux-riscv64-gnu': 4.60.4
+      '@rollup/rollup-linux-riscv64-musl': 4.60.4
+      '@rollup/rollup-linux-s390x-gnu': 4.60.4
+      '@rollup/rollup-linux-x64-gnu': 4.60.4
+      '@rollup/rollup-linux-x64-musl': 4.60.4
+      '@rollup/rollup-openbsd-x64': 4.60.4
+      '@rollup/rollup-openharmony-arm64': 4.60.4
+      '@rollup/rollup-win32-arm64-msvc': 4.60.4
+      '@rollup/rollup-win32-ia32-msvc': 4.60.4
+      '@rollup/rollup-win32-x64-gnu': 4.60.4
+      '@rollup/rollup-win32-x64-msvc': 4.60.4
+      fsevents: 2.3.3
+
+  scheduler@0.23.2:
+    dependencies:
+      loose-envify: 1.4.0
+
+  semver@6.3.1: {}
+
+  source-map-js@1.2.1: {}
+
+  tinyglobby@0.2.16:
+    dependencies:
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
+
+  typescript@5.9.3: {}
+
+  update-browserslist-db@1.2.3(browserslist@4.28.2):
+    dependencies:
+      browserslist: 4.28.2
+      escalade: 3.2.0
+      picocolors: 1.1.1
+
+  vite@6.4.2:
+    dependencies:
+      esbuild: 0.25.12
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
+      postcss: 8.5.15
+      rollup: 4.60.4
+      tinyglobby: 0.2.16
+    optionalDependencies:
+      fsevents: 2.3.3
+
+  yallist@3.1.1: {}
diff --git a/desktop/pnpm-workspace.yaml b/desktop/pnpm-workspace.yaml
new file mode 100644
index 0000000..0e5a073
--- /dev/null
+++ b/desktop/pnpm-workspace.yaml
@@ -0,0 +1,3 @@
+packages:
+  - "packages/*"
+  - "apps/*"
diff --git a/desktop/tsconfig.base.json b/desktop/tsconfig.base.json
new file mode 100644
index 0000000..c7ad63c
--- /dev/null
+++ b/desktop/tsconfig.base.json
@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "jsx": "react-jsx",
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "verbatimModuleSyntax": true
+  }
+}

From 97bc29febefb267f539dd97fa93ba30e0f45ed33 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:17:02 +0300
Subject: [PATCH 14/86] feat(desktop): typed Go-binding bridge package

@clawtool/bridge wraps the Wails-injected globals behind a typed, never-throw
layer: App.* method wrappers (mode/brand/networkSnapshot/circle*/lan*/update/
setup/...) returning parsed types from the contract, runtime event on/emit, and
Win window controls (minimise/toggleMaximise/...) + environmentPlatform. Surfaces
consume this instead of touching window.go/window.runtime directly.
---
 desktop/packages/bridge/package.json   | 15 +++++++
 desktop/packages/bridge/src/app.ts     | 55 ++++++++++++++++++++++++
 desktop/packages/bridge/src/index.ts   |  3 ++
 desktop/packages/bridge/src/runtime.ts | 55 ++++++++++++++++++++++++
 desktop/packages/bridge/src/types.ts   | 58 ++++++++++++++++++++++++++
 desktop/packages/bridge/src/wails.ts   | 47 +++++++++++++++++++++
 desktop/packages/bridge/tsconfig.json  |  8 ++++
 desktop/pnpm-lock.yaml                 |  6 +++
 8 files changed, 247 insertions(+)
 create mode 100644 desktop/packages/bridge/package.json
 create mode 100644 desktop/packages/bridge/src/app.ts
 create mode 100644 desktop/packages/bridge/src/index.ts
 create mode 100644 desktop/packages/bridge/src/runtime.ts
 create mode 100644 desktop/packages/bridge/src/types.ts
 create mode 100644 desktop/packages/bridge/src/wails.ts
 create mode 100644 desktop/packages/bridge/tsconfig.json

diff --git a/desktop/packages/bridge/package.json b/desktop/packages/bridge/package.json
new file mode 100644
index 0000000..5f35717
--- /dev/null
+++ b/desktop/packages/bridge/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "@clawtool/bridge",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "exports": {
+    ".": "./src/index.ts"
+  },
+  "scripts": {
+    "typecheck": "tsc --noEmit"
+  },
+  "devDependencies": {
+    "typescript": "^5.6.3"
+  }
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
new file mode 100644
index 0000000..f7355e4
--- /dev/null
+++ b/desktop/packages/bridge/src/app.ts
@@ -0,0 +1,55 @@
+// Typed wrappers over the bound Go App methods. Each binary (app/setup/updater)
+// binds its own subset; a method absent on the current binary resolves to its
+// fallback (never throws), so a surface can call freely and render a calm
+// empty/error state.
+import { callJSON, callRaw } from "./wails";
+import type {
+  Brand,
+  CircleStatus,
+  LanStatus,
+  Mode,
+  NetworkSnapshot,
+  PeerAgentsResult,
+  Result,
+  UpdateInfo,
+} from "./types";
+
+const OK_FALSE: Result = { ok: false };
+
+export const App = {
+  // identity / mode
+  mode: () => callRaw("Mode") as Promise<Mode | null>,
+  brand: () =>
+    callJSON<Brand>("Brand", { name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" }),
+  isInitialized: async () => (await callRaw("IsInitialized")) === true,
+
+  // window lifecycle
+  enterApp: () => callRaw("EnterApp"),
+  quit: () => callRaw("Quit"),
+  hideToTray: () => callRaw("HideToTray"),
+
+  // installer (setup surface)
+  runSetup: () => callJSON<Result>("RunSetup", OK_FALSE),
+  openInstalled: () => callJSON<Result>("OpenInstalled", OK_FALSE),
+
+  // first-launch init (app/installer surface) — fire-and-forget; streams events
+  install: () => callRaw("Install"),
+
+  // gateway + network
+  ensureGateway: () => callJSON<Result>("EnsureGateway", OK_FALSE),
+  networkSnapshot: () => callJSON<NetworkSnapshot>("NetworkSnapshot", { ok: false }),
+  peerAgents: (peerID: string) => callJSON<PeerAgentsResult>("PeerAgents", { ok: false }, peerID),
+
+  // updates
+  checkUpdate: () => callJSON<UpdateInfo>("CheckUpdate", { ok: false }),
+  installUpdate: () => callJSON<Result>("InstallUpdate", OK_FALSE),
+
+  // cross-device (circle key + LAN)
+  circleStatus: () => callJSON<CircleStatus>("CircleStatus", { ok: false }),
+  circleGenerate: () => callJSON<Result>("CircleGenerate", OK_FALSE),
+  circleSet: (key: string) => callJSON<Result>("CircleSet", OK_FALSE, key),
+  circleClear: () => callJSON<Result>("CircleClear", OK_FALSE),
+  lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
+  lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),
+  lanDisable: () => callJSON<Result>("LanDisable", OK_FALSE),
+};
diff --git a/desktop/packages/bridge/src/index.ts b/desktop/packages/bridge/src/index.ts
new file mode 100644
index 0000000..326439d
--- /dev/null
+++ b/desktop/packages/bridge/src/index.ts
@@ -0,0 +1,3 @@
+export { App } from "./app";
+export { on, emit, Win, environmentPlatform } from "./runtime";
+export * from "./types";
diff --git a/desktop/packages/bridge/src/runtime.ts b/desktop/packages/bridge/src/runtime.ts
new file mode 100644
index 0000000..5160425
--- /dev/null
+++ b/desktop/packages/bridge/src/runtime.ts
@@ -0,0 +1,55 @@
+// Wails runtime wrappers: events + window controls + environment. Never throw
+// when not running under Wails (dev/preview in a plain browser).
+import { runtime } from "./wails";
+import type { Platform } from "./types";
+
+export function on<T>(event: string, handler: (payload: T) => void): () => void {
+  const rt = runtime();
+  const fn = rt?.["EventsOn"];
+  if (typeof fn !== "function") return () => {};
+  try {
+    const off = fn(event, handler as (...a: unknown[]) => void);
+    return typeof off === "function" ? (off as () => void) : () => {};
+  } catch {
+    return () => {};
+  }
+}
+
+export function emit(event: string, payload?: unknown): void {
+  const fn = runtime()?.["EventsEmit"];
+  if (typeof fn === "function") {
+    try {
+      fn(event, payload);
+    } catch {
+      /* not under Wails */
+    }
+  }
+}
+
+function callRuntime(name: string, ...args: unknown[]): unknown {
+  const fn = runtime()?.[name];
+  if (typeof fn !== "function") return undefined;
+  try {
+    return fn(...args);
+  } catch {
+    return undefined;
+  }
+}
+
+export const Win = {
+  minimise: () => callRuntime("WindowMinimise"),
+  toggleMaximise: () => callRuntime("WindowToggleMaximise"),
+  isMaximised: async () => (await callRuntime("WindowIsMaximised")) === true,
+  hide: () => callRuntime("WindowHide"),
+  show: () => callRuntime("WindowShow"),
+  center: () => callRuntime("WindowCenter"),
+  setSize: (w: number, h: number) => callRuntime("WindowSetSize", w, h),
+  quit: () => callRuntime("Quit"),
+};
+
+export async function environmentPlatform(): Promise<Platform> {
+  const env = (await callRuntime("Environment")) as { platform?: string } | undefined;
+  const p = env?.platform;
+  if (p === "darwin" || p === "windows" || p === "linux") return p;
+  return "web";
+}
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
new file mode 100644
index 0000000..17413fd
--- /dev/null
+++ b/desktop/packages/bridge/src/types.ts
@@ -0,0 +1,58 @@
+// Data shapes exchanged with the Go backend. Mirrors the contract inventory
+// of the bound App methods + daemon bodies the UI consumes.
+
+export type Mode = "app" | "installer" | "setup";
+
+export type Platform = "darwin" | "windows" | "linux" | "web";
+
+export type Brand = {
+  name: string;
+  cli: string;
+  tagline: string;
+  installDir: string;
+  version: string;
+};
+
+export type Agent = {
+  instance: string;
+  family: string;
+  bridge?: string;
+  status?: string;
+  callable?: boolean;
+};
+
+export type Peer = {
+  peer_id: string;
+  display_name?: string;
+  status?: string;
+  last_seen?: string;
+  metadata?: { hostname?: string; address?: string; peer_version?: string };
+};
+
+export type NetworkSnapshot =
+  | { ok: true; agents?: { agents?: Agent[]; count?: number }; peers?: { peers?: Peer[]; count?: number } }
+  | { ok: false; error?: string };
+
+export type PeerAgentsResult =
+  | { agents: Agent[] }
+  | { needs_circle_key: true }
+  | { not_in_circle: true }
+  | { ok: false; error?: string };
+
+export type UpdateInfo = {
+  current?: string;
+  latest?: string;
+  update_available?: boolean;
+  found?: boolean;
+  ok?: boolean;
+  error?: string;
+};
+
+export type Result = { ok: boolean; error?: string; [k: string]: unknown };
+export type CircleStatus = { ok: boolean; has_key?: boolean; key?: string };
+export type LanStatus = { ok: boolean; enabled?: boolean };
+
+// Wails runtime events emitted by the Go side.
+export type InstallStep = { level?: "ok" | "warn" | "fail"; label?: string; message?: string; raw?: string };
+export type InstallDone = { ok?: boolean; summary?: string };
+export type SetupStep = { label?: string; detail?: string };
diff --git a/desktop/packages/bridge/src/wails.ts b/desktop/packages/bridge/src/wails.ts
new file mode 100644
index 0000000..cfad33b
--- /dev/null
+++ b/desktop/packages/bridge/src/wails.ts
@@ -0,0 +1,47 @@
+// Low-level access to the Wails-injected globals (window.go / window.runtime),
+// with a never-throw contract: a missing method or a thrown call resolves to a
+// fallback instead of crashing a surface. Surfaces never touch these globals
+// directly — they go through app.ts / runtime.ts.
+
+type AppNamespace = Record<string, (...args: unknown[]) => Promise<unknown> | unknown>;
+
+type WailsGlobals = {
+  go?: { main?: { App?: AppNamespace } };
+  runtime?: Record<string, (...args: unknown[]) => unknown>;
+};
+
+function globals(): WailsGlobals {
+  return globalThis as unknown as WailsGlobals;
+}
+
+export function appNamespace(): AppNamespace | null {
+  return globals().go?.main?.App ?? null;
+}
+
+// Call a bound App method by name; resolves to null on any failure (missing
+// binding, thrown error, not under Wails).
+export async function callRaw(name: string, ...args: unknown[]): Promise<unknown> {
+  const app = appNamespace();
+  const fn = app?.[name];
+  if (typeof fn !== "function") return null;
+  try {
+    return await fn(...args);
+  } catch {
+    return null;
+  }
+}
+
+// Call a method that returns a JSON string, parsed to T; fallback on failure.
+export async function callJSON<T>(name: string, fallback: T, ...args: unknown[]): Promise<T> {
+  const raw = await callRaw(name, ...args);
+  if (typeof raw !== "string") return raw == null ? fallback : (raw as T);
+  try {
+    return JSON.parse(raw) as T;
+  } catch {
+    return fallback;
+  }
+}
+
+export function runtime(): Record<string, (...args: unknown[]) => unknown> | null {
+  return globals().runtime ?? null;
+}
diff --git a/desktop/packages/bridge/tsconfig.json b/desktop/packages/bridge/tsconfig.json
new file mode 100644
index 0000000..dee81a1
--- /dev/null
+++ b/desktop/packages/bridge/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src"]
+}
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index 11f29da..44c1ef1 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -40,6 +40,12 @@ importers:
         specifier: ^6.0.7
         version: 6.4.2
 
+  packages/bridge:
+    devDependencies:
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+
   packages/design-system:
     dependencies:
       react:

From b0f5f6e66017dbe69d6ab2753209a95f4cf1134f Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:22:37 +0300
Subject: [PATCH 15/86] feat(desktop): app-ui surface (frameless shell +
 Home/Network/Updates)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The main app surface built on the design system + bridge: a frameless shell
(custom TitleBar with platform-conditional window controls + slim Sidebar with
accent-bar nav and a live status footer) and the three views — Home (status
hero + inline metric strip + agent rows), Network (local agents, cross-device
circle key + LAN switch, peers), Updates (key/value + actions). Adds Sidebar,
Switch and KeyValue to the design system. Data flows through @clawtool/bridge;
verified building with Vite and rendering at 980x660.
---
 desktop/apps/app-ui/index.html                |  11 ++
 desktop/apps/app-ui/package.json              |  23 +++
 desktop/apps/app-ui/src/App.module.css        |  45 ++++++
 desktop/apps/app-ui/src/App.tsx               |  54 +++++++
 desktop/apps/app-ui/src/icons.tsx             |  33 ++++
 desktop/apps/app-ui/src/main.tsx              |  10 ++
 desktop/apps/app-ui/src/views/Home.tsx        |  87 +++++++++++
 desktop/apps/app-ui/src/views/Network.tsx     | 144 ++++++++++++++++++
 desktop/apps/app-ui/src/views/Updates.tsx     |  49 ++++++
 desktop/apps/app-ui/src/vite-env.d.ts         |   1 +
 desktop/apps/app-ui/tsconfig.json             |   8 +
 desktop/apps/app-ui/vite.config.ts            |   7 +
 .../src/components/KeyValue.module.css        |  12 ++
 .../design-system/src/components/KeyValue.tsx |  15 ++
 .../src/components/Sidebar.module.css         |  49 ++++++
 .../design-system/src/components/Sidebar.tsx  |  26 ++++
 .../src/components/Switch.module.css          |  30 ++++
 .../design-system/src/components/Switch.tsx   |  15 ++
 desktop/packages/design-system/src/index.ts   |   3 +
 desktop/pnpm-lock.yaml                        |  31 ++++
 20 files changed, 653 insertions(+)
 create mode 100644 desktop/apps/app-ui/index.html
 create mode 100644 desktop/apps/app-ui/package.json
 create mode 100644 desktop/apps/app-ui/src/App.module.css
 create mode 100644 desktop/apps/app-ui/src/App.tsx
 create mode 100644 desktop/apps/app-ui/src/icons.tsx
 create mode 100644 desktop/apps/app-ui/src/main.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Home.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Network.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Updates.tsx
 create mode 100644 desktop/apps/app-ui/src/vite-env.d.ts
 create mode 100644 desktop/apps/app-ui/tsconfig.json
 create mode 100644 desktop/apps/app-ui/vite.config.ts
 create mode 100644 desktop/packages/design-system/src/components/KeyValue.module.css
 create mode 100644 desktop/packages/design-system/src/components/KeyValue.tsx
 create mode 100644 desktop/packages/design-system/src/components/Sidebar.module.css
 create mode 100644 desktop/packages/design-system/src/components/Sidebar.tsx
 create mode 100644 desktop/packages/design-system/src/components/Switch.module.css
 create mode 100644 desktop/packages/design-system/src/components/Switch.tsx

diff --git a/desktop/apps/app-ui/index.html b/desktop/apps/app-ui/index.html
new file mode 100644
index 0000000..ce34b60
--- /dev/null
+++ b/desktop/apps/app-ui/index.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>clawtool</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/desktop/apps/app-ui/package.json b/desktop/apps/app-ui/package.json
new file mode 100644
index 0000000..5be3039
--- /dev/null
+++ b/desktop/apps/app-ui/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "@clawtool/app-ui",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "vite build",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@clawtool/bridge": "workspace:*",
+    "@clawtool/design-system": "workspace:*",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "@vitejs/plugin-react": "^4.3.4",
+    "typescript": "^5.6.3",
+    "vite": "^6.0.7"
+  }
+}
diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
new file mode 100644
index 0000000..0a1faf1
--- /dev/null
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -0,0 +1,45 @@
+.shell { display: flex; flex-direction: column; height: 100vh; }
+.body { display: flex; flex: 1; min-height: 0; }
+.content { flex: 1; min-width: 0; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; }
+
+.status { display: flex; align-items: center; gap: 13px; }
+.status h1 { font-size: var(--size-2xl); font-weight: 600; letter-spacing: -0.02em; }
+.status .sub { color: var(--text-secondary); font-size: 13px; margin-top: 2px; }
+.status .right { margin-left: auto; text-align: right; }
+.status .host { font: 500 12px var(--font-mono); color: var(--text-secondary); }
+
+.metrics { margin: 28px 0 4px; }
+.foot {
+  margin-top: auto;
+  padding-top: 18px;
+  color: var(--text-tertiary);
+  font-size: 12px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+}
+.vh { font-size: var(--size-xl); font-weight: 600; letter-spacing: -0.02em; }
+.lead { color: var(--text-secondary); font-size: 13px; margin-top: 2px; }
+.banner {
+  margin-bottom: 16px;
+  padding: 11px 14px;
+  border-radius: var(--radius-md);
+  background: var(--surface);
+  color: var(--text-secondary);
+  font-size: 13px;
+}
+.xdesc { color: var(--text-secondary); font-size: 12.5px; margin-top: 8px; line-height: 1.5; max-width: 520px; }
+.xrow { display: flex; align-items: center; gap: 12px; margin-top: 14px; }
+.switchRow {
+  display: flex;
+  align-items: flex-start;
+  gap: 14px;
+  margin-top: 16px;
+  padding-top: 16px;
+  border-top: 1px solid var(--hairline);
+  max-width: 560px;
+}
+.switchRow .txt { flex: 1; }
+.switchRow .st { font-weight: 600; font-size: 13.5px; }
+.switchRow .sd { color: var(--text-secondary); font-size: 12.5px; margin-top: 3px; line-height: 1.45; }
+.actions { display: flex; gap: 18px; margin-top: 18px; }
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
new file mode 100644
index 0000000..a6badd6
--- /dev/null
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -0,0 +1,54 @@
+import { useEffect, useState } from "react";
+import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
+import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
+import { HomeIcon, NetworkIcon, UpdatesIcon } from "./icons";
+import { Home } from "./views/Home";
+import { Network } from "./views/Network";
+import { Updates } from "./views/Updates";
+import styles from "./App.module.css";
+
+type View = "home" | "network" | "updates";
+
+export function App() {
+  const [platform, setPlatform] = useState<Platform>("windows");
+  const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
+  const [view, setView] = useState<View>("home");
+
+  useEffect(() => {
+    environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
+    Backend.brand().then(setBrand);
+    Backend.ensureGateway();
+  }, []);
+
+  const controls = {
+    onMinimize: () => Win.minimise(),
+    onToggleMaximize: () => Win.toggleMaximise(),
+    onClose: () => Win.quit(),
+  };
+
+  return (
+    <div className={styles.shell}>
+      <TitleBar platform={platform} controls={controls} />
+      <div className={styles.body}>
+        <Sidebar
+          top={<Wordmark name={brand.name} />}
+          footer={
+            <>
+              <StatusDot tone="online" />
+              {brand.version ? `v${brand.version}` : ""}
+            </>
+          }
+        >
+          <NavItem icon={<HomeIcon />} label="Home" active={view === "home"} onClick={() => setView("home")} />
+          <NavItem icon={<NetworkIcon />} label="Network" active={view === "network"} onClick={() => setView("network")} />
+          <NavItem icon={<UpdatesIcon />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
+        </Sidebar>
+        <main className={styles.content}>
+          {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
+          {view === "network" ? <Network brand={brand} /> : null}
+          {view === "updates" ? <Updates brand={brand} /> : null}
+        </main>
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/apps/app-ui/src/icons.tsx b/desktop/apps/app-ui/src/icons.tsx
new file mode 100644
index 0000000..9081a8a
--- /dev/null
+++ b/desktop/apps/app-ui/src/icons.tsx
@@ -0,0 +1,33 @@
+const base = {
+  width: 16,
+  height: 16,
+  viewBox: "0 0 24 24",
+  fill: "none",
+  stroke: "currentColor",
+  strokeWidth: 1.8,
+  strokeLinecap: "round" as const,
+  strokeLinejoin: "round" as const,
+};
+
+export const HomeIcon = () => (
+  <svg {...base}>
+    <path d="M3 11l9-8 9 8" />
+    <path d="M5 10v10h14V10" />
+  </svg>
+);
+
+export const NetworkIcon = () => (
+  <svg {...base}>
+    <circle cx="12" cy="5" r="2.2" />
+    <circle cx="5" cy="19" r="2.2" />
+    <circle cx="19" cy="19" r="2.2" />
+    <path d="M12 7.2v3.8M10.6 13l-4 4M13.4 13l4 4" />
+  </svg>
+);
+
+export const UpdatesIcon = () => (
+  <svg {...base}>
+    <path d="M21 12a9 9 0 1 1-3-6.7" />
+    <path d="M21 4v5h-5" />
+  </svg>
+);
diff --git a/desktop/apps/app-ui/src/main.tsx b/desktop/apps/app-ui/src/main.tsx
new file mode 100644
index 0000000..31cb538
--- /dev/null
+++ b/desktop/apps/app-ui/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import "@clawtool/design-system/global.css";
+import { App } from "./App";
+
+createRoot(document.getElementById("root")!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+);
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
new file mode 100644
index 0000000..6a7a2b5
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -0,0 +1,87 @@
+import { useEffect, useState } from "react";
+import {
+  AgentRow,
+  Button,
+  EmptyRow,
+  List,
+  Metric,
+  MetricStrip,
+  SectionHeader,
+  StatusDot,
+} from "@clawtool/design-system";
+import { App, type Agent, type Brand } from "@clawtool/bridge";
+import styles from "../App.module.css";
+
+export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: string) => void }) {
+  const [online, setOnline] = useState(false);
+  const [agents, setAgents] = useState<Agent[]>([]);
+  const [peers, setPeers] = useState(0);
+  const [xd, setXd] = useState(false);
+
+  async function load() {
+    const snap = await App.networkSnapshot();
+    const ok = snap.ok === true;
+    setOnline(ok);
+    if (!ok) {
+      App.ensureGateway();
+      setAgents([]);
+      return;
+    }
+    setAgents(snap.agents?.agents ?? []);
+    setPeers(snap.peers?.count ?? snap.peers?.peers?.length ?? 0);
+    const c = await App.circleStatus();
+    setXd(c.ok === true && c.has_key === true);
+  }
+
+  useEffect(() => {
+    load();
+  }, []);
+
+  return (
+    <>
+      <div className={styles.status}>
+        <StatusDot tone={online ? "online" : "offline"} pulse={online} />
+        <div>
+          <h1>{online ? `${brand.name} is running` : "Starting the gateway…"}</h1>
+          <div className="sub" style={{ color: "var(--text-secondary)", fontSize: 13, marginTop: 2 }}>
+            {online ? `This device is reachable as a ${brand.name} gateway.` : "Bringing the local gateway online…"}
+          </div>
+        </div>
+      </div>
+
+      <div className={styles.metrics}>
+        <MetricStrip>
+          <Metric value={String(agents.length)} label="Local agents" />
+          <Metric value={String(peers)} label="LAN peers" dim={peers === 0} />
+          <Metric value={xd ? "On" : "Off"} label="Cross-device" dim={!xd} onClick={() => onNavigate("network")} />
+        </MetricStrip>
+      </div>
+
+      <SectionHeader title="Agents on this device" action={<Button variant="ghost" onClick={() => onNavigate("network")}>Network →</Button>} />
+      <List>
+        {agents.length ? (
+          agents.map((a) => (
+            <AgentRow
+              key={a.instance}
+              name={a.instance}
+              meta={a.family + (a.bridge ? ` · ${a.bridge}` : "")}
+              tone={a.callable ? "online" : a.status === "disabled" ? "offline" : "busy"}
+              status={a.status ?? (a.callable ? "callable" : "—")}
+            />
+          ))
+        ) : (
+          <EmptyRow>
+            No agents here yet — run <code>{brand.cli} onboard</code> to connect one.
+          </EmptyRow>
+        )}
+      </List>
+
+      <div className={styles.foot}>
+        <span>Closing the window keeps {brand.name} running in the menu bar.</span>
+        <Button variant="ghost" onClick={() => onNavigate("updates")}>
+          Check for updates
+        </Button>
+      </div>
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
new file mode 100644
index 0000000..5e357b9
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -0,0 +1,144 @@
+import { useEffect, useState } from "react";
+import {
+  AgentRow,
+  Badge,
+  Button,
+  EmptyRow,
+  KVRow,
+  KeyValue,
+  List,
+  SectionHeader,
+  Switch,
+} from "@clawtool/design-system";
+import { App, type Agent, type Brand, type Peer } from "@clawtool/bridge";
+import styles from "../App.module.css";
+
+function maskKey(k: string): string {
+  return k && k.length > 14 ? `${k.slice(0, 8)}…${k.slice(-4)}` : k;
+}
+
+export function Network({ brand }: { brand: Brand }) {
+  const [banner, setBanner] = useState("");
+  const [agents, setAgents] = useState<Agent[]>([]);
+  const [peers, setPeers] = useState<Peer[]>([]);
+  const [hasKey, setHasKey] = useState(false);
+  const [key, setKey] = useState("");
+  const [lan, setLan] = useState(false);
+  const [lanBusy, setLanBusy] = useState(false);
+
+  async function loadNetwork() {
+    const snap = await App.networkSnapshot();
+    if (snap.ok !== true) {
+      setBanner("Starting the local gateway…");
+      App.ensureGateway();
+      return;
+    }
+    setBanner("");
+    setAgents(snap.agents?.agents ?? []);
+    setPeers(snap.peers?.peers ?? []);
+  }
+  async function loadCircle() {
+    const c = await App.circleStatus();
+    setHasKey(c.ok === true && c.has_key === true);
+    setKey(c.key ?? "");
+    const l = await App.lanStatus();
+    setLan(l.ok === true && l.enabled === true);
+  }
+
+  useEffect(() => {
+    loadCircle();
+    loadNetwork();
+    const t = setInterval(loadNetwork, 5000);
+    return () => clearInterval(t);
+  }, []);
+
+  async function toggleLan(next: boolean) {
+    setLanBusy(true);
+    await (next ? App.lanEnable() : App.lanDisable());
+    await loadCircle();
+    setLanBusy(false);
+  }
+
+  return (
+    <>
+      {banner ? <div className={styles.banner}>{banner}</div> : null}
+      <h1 className={styles.vh}>This device</h1>
+      <div className={styles.lead}>Agents running locally on this machine.</div>
+      <List>
+        {agents.length ? (
+          agents.map((a) => (
+            <AgentRow
+              key={a.instance}
+              name={a.instance}
+              meta={a.family + (a.bridge ? ` · ${a.bridge}` : "")}
+              tone={a.callable ? "online" : a.status === "disabled" ? "offline" : "busy"}
+              status={a.status ?? (a.callable ? "callable" : "—")}
+            />
+          ))
+        ) : (
+          <EmptyRow>
+            No agents here yet — run <code>{brand.cli} onboard</code> to connect one.
+          </EmptyRow>
+        )}
+      </List>
+
+      <SectionHeader title="Cross-device" />
+      <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
+        <span style={{ fontWeight: 600, fontSize: 14 }}>Cross-device peering</span>
+        <span style={{ marginLeft: "auto" }}>
+          <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "On" : "Off"}</Badge>
+        </span>
+      </div>
+      <div className={styles.xdesc}>
+        Create a circle to let your devices see each other's agents. Generate a key here, then join the same circle on
+        your other devices.
+      </div>
+      <div className={styles.xrow}>
+        {hasKey ? (
+          <>
+            <code style={{ fontSize: 12.5 }}>{maskKey(key)}</code>
+            <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
+              Leave circle
+            </Button>
+          </>
+        ) : (
+          <>
+            <Button variant="primary" onClick={() => App.circleGenerate().then(loadCircle)}>
+              Generate circle key
+            </Button>
+            <Button variant="ghost">Join with a key…</Button>
+          </>
+        )}
+      </div>
+
+      <div className={styles.switchRow}>
+        <div className="txt" style={{ flex: 1 }}>
+          <div className={styles.st} style={{ fontWeight: 600, fontSize: 13.5 }}>Reachable on your LAN</div>
+          <div className={styles.sd}>
+            Let circle devices on your network read this device's agent list. Code execution stays local-only; the
+            first time, your OS may ask to allow it through the firewall.
+          </div>
+        </div>
+        <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
+      </div>
+
+      <SectionHeader title={`Network${peers.length ? ` (${peers.length})` : ""}`} />
+      {peers.length ? (
+        <KeyValue>
+          {peers.map((p) => (
+            <KVRow key={p.peer_id} k={p.display_name || p.metadata?.hostname || p.peer_id}>
+              <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
+            </KVRow>
+          ))}
+        </KeyValue>
+      ) : (
+        <List>
+          <EmptyRow>
+            No peers discovered yet. Start {brand.name} on another machine on this network — paired devices appear
+            automatically over mDNS.
+          </EmptyRow>
+        </List>
+      )}
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/views/Updates.tsx b/desktop/apps/app-ui/src/views/Updates.tsx
new file mode 100644
index 0000000..8f50551
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Updates.tsx
@@ -0,0 +1,49 @@
+import { useEffect, useState } from "react";
+import { Button, KVRow, KeyValue } from "@clawtool/design-system";
+import { App, type Brand, type UpdateInfo } from "@clawtool/bridge";
+import styles from "../App.module.css";
+
+export function Updates({ brand }: { brand: Brand }) {
+  const [info, setInfo] = useState<UpdateInfo>({});
+  const [status, setStatus] = useState("checking…");
+  const [busy, setBusy] = useState(false);
+
+  async function check() {
+    setStatus("checking…");
+    const u = await App.checkUpdate();
+    setInfo(u);
+    if (u.ok === false) setStatus("check failed");
+    else setStatus(u.update_available ? `v${u.latest} available` : "up to date");
+  }
+
+  useEffect(() => {
+    check();
+  }, []);
+
+  async function install() {
+    setBusy(true);
+    const r = await App.installUpdate();
+    setStatus(r.ok ? `updated — restart ${brand.name} to finish` : "update failed");
+    setBusy(false);
+  }
+
+  return (
+    <>
+      <h1 className={styles.vh}>Updates</h1>
+      <div className={styles.lead}>{brand.name} checks for a new version each time it launches.</div>
+      <div style={{ marginTop: 18 }}>
+        <KeyValue>
+          <KVRow k="Installed">{info.current ? `v${info.current}` : "—"}</KVRow>
+          <KVRow k="Latest">{info.latest ? `v${info.latest}` : "—"}</KVRow>
+          <KVRow k="Status">{status}</KVRow>
+        </KeyValue>
+      </div>
+      <div style={{ display: "flex", gap: 12, marginTop: 18 }}>
+        <Button onClick={check}>Check now</Button>
+        <Button variant="primary" disabled={!info.update_available || busy} onClick={install}>
+          Install update
+        </Button>
+      </div>
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/vite-env.d.ts b/desktop/apps/app-ui/src/vite-env.d.ts
new file mode 100644
index 0000000..11f02fe
--- /dev/null
+++ b/desktop/apps/app-ui/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />
diff --git a/desktop/apps/app-ui/tsconfig.json b/desktop/apps/app-ui/tsconfig.json
new file mode 100644
index 0000000..fe31a3a
--- /dev/null
+++ b/desktop/apps/app-ui/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src", "vite.config.ts"]
+}
diff --git a/desktop/apps/app-ui/vite.config.ts b/desktop/apps/app-ui/vite.config.ts
new file mode 100644
index 0000000..425c778
--- /dev/null
+++ b/desktop/apps/app-ui/vite.config.ts
@@ -0,0 +1,7 @@
+import { defineConfig } from "vite";
+import react from "@vitejs/plugin-react";
+
+export default defineConfig({
+  plugins: [react()],
+  build: { outDir: "dist" },
+});
diff --git a/desktop/packages/design-system/src/components/KeyValue.module.css b/desktop/packages/design-system/src/components/KeyValue.module.css
new file mode 100644
index 0000000..9b089a8
--- /dev/null
+++ b/desktop/packages/design-system/src/components/KeyValue.module.css
@@ -0,0 +1,12 @@
+.kv { max-width: 540px; }
+.row {
+  display: flex;
+  justify-content: space-between;
+  gap: var(--space-3);
+  padding: 10px 6px;
+  border-top: 1px solid var(--hairline);
+  font-size: var(--size-md);
+}
+.row:first-child { border-top: none; }
+.k { color: var(--text-secondary); }
+.v { color: var(--text); }
diff --git a/desktop/packages/design-system/src/components/KeyValue.tsx b/desktop/packages/design-system/src/components/KeyValue.tsx
new file mode 100644
index 0000000..d8db7c8
--- /dev/null
+++ b/desktop/packages/design-system/src/components/KeyValue.tsx
@@ -0,0 +1,15 @@
+import type { ReactNode } from "react";
+import styles from "./KeyValue.module.css";
+
+export function KeyValue({ children }: { children: ReactNode }) {
+  return <div className={styles.kv}>{children}</div>;
+}
+
+export function KVRow({ k, children }: { k: string; children: ReactNode }) {
+  return (
+    <div className={styles.row}>
+      <span className={styles.k}>{k}</span>
+      <span className={styles.v}>{children}</span>
+    </div>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/Sidebar.module.css b/desktop/packages/design-system/src/components/Sidebar.module.css
new file mode 100644
index 0000000..eb51127
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Sidebar.module.css
@@ -0,0 +1,49 @@
+.side {
+  width: 208px;
+  flex: none;
+  background: var(--surface-recessed);
+  border-right: 1px solid var(--hairline);
+  display: flex;
+  flex-direction: column;
+  padding: 18px 12px 12px;
+}
+.top { padding: 0 8px 22px; }
+.nav { display: flex; flex-direction: column; gap: 1px; }
+.item {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 7px 8px;
+  border: 0;
+  background: none;
+  border-radius: var(--radius-md);
+  color: var(--text-secondary);
+  font-size: var(--size-md);
+  font-weight: 500;
+  text-align: left;
+  cursor: pointer;
+  position: relative;
+}
+.item:hover { color: var(--text); background: var(--hover); }
+.icon { width: 16px; height: 16px; flex: none; display: grid; place-items: center; }
+.active { color: var(--text); }
+.active::before {
+  content: "";
+  position: absolute;
+  left: -12px;
+  top: 7px;
+  bottom: 7px;
+  width: 2px;
+  border-radius: 2px;
+  background: var(--accent);
+}
+.active .icon { color: var(--accent); }
+.footer {
+  margin-top: auto;
+  display: flex;
+  align-items: center;
+  gap: 7px;
+  padding: 8px;
+  color: var(--text-tertiary);
+  font: 500 var(--size-xs) / 1 var(--font-mono);
+}
diff --git a/desktop/packages/design-system/src/components/Sidebar.tsx b/desktop/packages/design-system/src/components/Sidebar.tsx
new file mode 100644
index 0000000..cf9c19a
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Sidebar.tsx
@@ -0,0 +1,26 @@
+import type { ReactNode } from "react";
+import styles from "./Sidebar.module.css";
+
+export function Sidebar({ top, children, footer }: { top: ReactNode; children: ReactNode; footer?: ReactNode }) {
+  return (
+    <aside className={styles.side}>
+      <div className={styles.top}>{top}</div>
+      <nav className={styles.nav}>{children}</nav>
+      {footer ? <div className={styles.footer}>{footer}</div> : null}
+    </aside>
+  );
+}
+
+export function NavItem({
+  icon,
+  label,
+  active = false,
+  onClick,
+}: { icon: ReactNode; label: string; active?: boolean; onClick?: () => void }) {
+  return (
+    <button className={`${styles.item} ${active ? styles.active : ""}`} onClick={onClick}>
+      <span className={styles.icon}>{icon}</span>
+      <span>{label}</span>
+    </button>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/Switch.module.css b/desktop/packages/design-system/src/components/Switch.module.css
new file mode 100644
index 0000000..89a3969
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Switch.module.css
@@ -0,0 +1,30 @@
+.switch {
+  position: relative;
+  width: 40px;
+  height: 24px;
+  flex: none;
+  cursor: pointer;
+  display: inline-block;
+}
+.switch input { position: absolute; opacity: 0; width: 0; height: 0; }
+.track {
+  position: absolute;
+  inset: 0;
+  background: var(--hairline-strong);
+  border-radius: var(--radius-pill);
+  transition: background 0.18s;
+}
+.switch input:checked ~ .track { background: var(--success); }
+.knob {
+  position: absolute;
+  top: 3px;
+  left: 3px;
+  width: 18px;
+  height: 18px;
+  border-radius: 50%;
+  background: #fff;
+  transition: transform 0.18s;
+  box-shadow: 0 1px 2px rgba(0, 0, 0, 0.25);
+}
+.switch input:checked ~ .knob { transform: translateX(16px); }
+.busy { opacity: 0.55; pointer-events: none; }
diff --git a/desktop/packages/design-system/src/components/Switch.tsx b/desktop/packages/design-system/src/components/Switch.tsx
new file mode 100644
index 0000000..cd7cde8
--- /dev/null
+++ b/desktop/packages/design-system/src/components/Switch.tsx
@@ -0,0 +1,15 @@
+import styles from "./Switch.module.css";
+
+export function Switch({
+  checked,
+  busy = false,
+  onChange,
+}: { checked: boolean; busy?: boolean; onChange: (next: boolean) => void }) {
+  return (
+    <label className={`${styles.switch} ${busy ? styles.busy : ""}`}>
+      <input type="checkbox" checked={checked} disabled={busy} onChange={(e) => onChange(e.target.checked)} />
+      <span className={styles.track} />
+      <span className={styles.knob} />
+    </label>
+  );
+}
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
index 3b54688..6166afc 100644
--- a/desktop/packages/design-system/src/index.ts
+++ b/desktop/packages/design-system/src/index.ts
@@ -6,4 +6,7 @@ export { Metric, MetricStrip } from "./components/Metric";
 export { SectionHeader } from "./components/Section";
 export { AgentRow, List, EmptyRow } from "./components/AgentRow";
 export { TitleBar, type WindowControls } from "./components/TitleBar";
+export { Sidebar, NavItem } from "./components/Sidebar";
+export { Switch } from "./components/Switch";
+export { KeyValue, KVRow } from "./components/KeyValue";
 export { getPlatform, isMac, type Platform } from "./lib/platform";
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index 44c1ef1..f018b00 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -40,6 +40,37 @@ importers:
         specifier: ^6.0.7
         version: 6.4.2
 
+  apps/app-ui:
+    dependencies:
+      '@clawtool/bridge':
+        specifier: workspace:*
+        version: link:../../packages/bridge
+      '@clawtool/design-system':
+        specifier: workspace:*
+        version: link:../../packages/design-system
+      react:
+        specifier: ^18.3.1
+        version: 18.3.1
+      react-dom:
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
+    devDependencies:
+      '@types/react':
+        specifier: ^18.3.12
+        version: 18.3.29
+      '@types/react-dom':
+        specifier: ^18.3.1
+        version: 18.3.7(@types/react@18.3.29)
+      '@vitejs/plugin-react':
+        specifier: ^4.3.4
+        version: 4.7.0(vite@6.4.2)
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+      vite:
+        specifier: ^6.0.7
+        version: 6.4.2
+
   packages/bridge:
     devDependencies:
       typescript:

From 4b01594c334bff1e05f73fe0cb24dfbe624157bd Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:29:37 +0300
Subject: [PATCH 16/86] feat(desktop): installer-ui + updater-ui surfaces +
 ProgressBar/LogFeed

installer-ui: stepped Welcome -> Installing (live LogFeed + ProgressBar from
setup:step) -> Done, frameless. updater-ui: minimal launch splash driven by an
update:status event. Adds ProgressBar + LogFeed to the design system. All three
surfaces (app/installer/updater) now build with Vite and typecheck clean.
---
 desktop/apps/installer-ui/index.html          |  11 ++
 desktop/apps/installer-ui/package.json        |  23 +++
 desktop/apps/installer-ui/src/App.tsx         | 171 ++++++++++++++++++
 .../installer-ui/src/Installer.module.css     |  43 +++++
 desktop/apps/installer-ui/src/main.tsx        |  10 +
 desktop/apps/installer-ui/src/vite-env.d.ts   |   1 +
 desktop/apps/installer-ui/tsconfig.json       |   8 +
 desktop/apps/installer-ui/vite.config.ts      |   7 +
 desktop/apps/updater-ui/index.html            |  11 ++
 desktop/apps/updater-ui/package.json          |  23 +++
 desktop/apps/updater-ui/src/App.tsx           |  26 +++
 .../apps/updater-ui/src/Updater.module.css    |  20 ++
 desktop/apps/updater-ui/src/main.tsx          |  10 +
 desktop/apps/updater-ui/src/vite-env.d.ts     |   1 +
 desktop/apps/updater-ui/tsconfig.json         |   8 +
 desktop/apps/updater-ui/vite.config.ts        |   7 +
 .../src/components/LogFeed.module.css         |  26 +++
 .../design-system/src/components/LogFeed.tsx  |  29 +++
 .../src/components/ProgressBar.module.css     |  13 ++
 .../src/components/ProgressBar.tsx            |  10 +
 desktop/packages/design-system/src/index.ts   |   2 +
 desktop/pnpm-lock.yaml                        |  62 +++++++
 22 files changed, 522 insertions(+)
 create mode 100644 desktop/apps/installer-ui/index.html
 create mode 100644 desktop/apps/installer-ui/package.json
 create mode 100644 desktop/apps/installer-ui/src/App.tsx
 create mode 100644 desktop/apps/installer-ui/src/Installer.module.css
 create mode 100644 desktop/apps/installer-ui/src/main.tsx
 create mode 100644 desktop/apps/installer-ui/src/vite-env.d.ts
 create mode 100644 desktop/apps/installer-ui/tsconfig.json
 create mode 100644 desktop/apps/installer-ui/vite.config.ts
 create mode 100644 desktop/apps/updater-ui/index.html
 create mode 100644 desktop/apps/updater-ui/package.json
 create mode 100644 desktop/apps/updater-ui/src/App.tsx
 create mode 100644 desktop/apps/updater-ui/src/Updater.module.css
 create mode 100644 desktop/apps/updater-ui/src/main.tsx
 create mode 100644 desktop/apps/updater-ui/src/vite-env.d.ts
 create mode 100644 desktop/apps/updater-ui/tsconfig.json
 create mode 100644 desktop/apps/updater-ui/vite.config.ts
 create mode 100644 desktop/packages/design-system/src/components/LogFeed.module.css
 create mode 100644 desktop/packages/design-system/src/components/LogFeed.tsx
 create mode 100644 desktop/packages/design-system/src/components/ProgressBar.module.css
 create mode 100644 desktop/packages/design-system/src/components/ProgressBar.tsx

diff --git a/desktop/apps/installer-ui/index.html b/desktop/apps/installer-ui/index.html
new file mode 100644
index 0000000..5ebd436
--- /dev/null
+++ b/desktop/apps/installer-ui/index.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Install clawtool</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/desktop/apps/installer-ui/package.json b/desktop/apps/installer-ui/package.json
new file mode 100644
index 0000000..322c88b
--- /dev/null
+++ b/desktop/apps/installer-ui/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "@clawtool/installer-ui",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "vite build",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@clawtool/bridge": "workspace:*",
+    "@clawtool/design-system": "workspace:*",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "@vitejs/plugin-react": "^4.3.4",
+    "typescript": "^5.6.3",
+    "vite": "^6.0.7"
+  }
+}
diff --git a/desktop/apps/installer-ui/src/App.tsx b/desktop/apps/installer-ui/src/App.tsx
new file mode 100644
index 0000000..b982207
--- /dev/null
+++ b/desktop/apps/installer-ui/src/App.tsx
@@ -0,0 +1,171 @@
+import { useEffect, useRef, useState } from "react";
+import {
+  Badge,
+  Button,
+  LogFeed,
+  ProgressBar,
+  TitleBar,
+  Wordmark,
+  type LogLine,
+  type Platform,
+} from "@clawtool/design-system";
+import { App as Backend, Win, environmentPlatform, on, type Brand, type SetupStep } from "@clawtool/bridge";
+import styles from "./Installer.module.css";
+
+type Phase = "welcome" | "installing" | "done";
+
+function clock(): string {
+  const d = new Date();
+  return [d.getHours(), d.getMinutes(), d.getSeconds()].map((n) => String(n).padStart(2, "0")).join(":");
+}
+
+export function App() {
+  const [platform, setPlatform] = useState<Platform>("windows");
+  const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
+  const [phase, setPhase] = useState<Phase>("welcome");
+  const [lines, setLines] = useState<LogLine[]>([]);
+  const [pct, setPct] = useState(0);
+  const [now, setNow] = useState("Starting…");
+  const [dir, setDir] = useState("");
+  const [error, setError] = useState("");
+  const pctRef = useRef(0);
+  const doneRef = useRef(false);
+
+  useEffect(() => {
+    environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
+    Backend.brand().then((b) => {
+      setBrand(b);
+      setDir(b.installDir);
+    });
+  }, []);
+
+  function bump(to: number) {
+    pctRef.current = Math.max(pctRef.current, Math.min(to, 100));
+    setPct(pctRef.current);
+  }
+
+  async function startInstall() {
+    setPhase("installing");
+    bump(4);
+    setLines([{ time: clock(), label: `beginning install of ${brand.name}`, tone: "ok" }]);
+    let n = 0;
+    const off = on<SetupStep>("setup:step", (s) => {
+      if (doneRef.current || !s?.label) return;
+      setNow(`${s.label}…`);
+      setLines((prev) => [...prev, { time: clock(), label: s.label!, detail: s.detail, tone: "ok" }]);
+      n += 1;
+      bump(8 + Math.min(88, n * 9));
+    });
+    const r = await Backend.runSetup();
+    doneRef.current = true;
+    off();
+    bump(100);
+    if (r.ok) {
+      if (typeof r.dir === "string") setDir(r.dir);
+      setNow("Done");
+      setLines((prev) => [...prev, { time: clock(), label: "install complete", tone: "done" }]);
+      setTimeout(() => setPhase("done"), 550);
+    } else {
+      setNow("Failed");
+      setError(typeof r.error === "string" ? r.error : "install failed");
+      setLines((prev) => [...prev, { time: clock(), label: (r.error as string) ?? "install failed", tone: "warn" }]);
+    }
+  }
+
+  const controls = {
+    onMinimize: () => Win.minimise(),
+    onToggleMaximize: () => Win.toggleMaximise(),
+    onClose: () => Win.quit(),
+  };
+
+  return (
+    <div className={styles.shell}>
+      <TitleBar platform={platform} controls={controls} />
+
+      {phase === "welcome" ? (
+        <section className={styles.phase}>
+          <div className={styles.top}>
+            <Wordmark name={brand.name} />
+            <Badge>{brand.version ? `v${brand.version}` : "setup"}</Badge>
+          </div>
+          <div className={styles.hero}>
+            <h1 className={styles.title}>
+              Install <span className={styles.accent}>{brand.name}</span>
+            </h1>
+            <p className={styles.lede}>{brand.tagline}</p>
+            <div className={styles.facts}>
+              <div className={styles.fact}>
+                <span>
+                  The <b>{brand.cli}</b> command, added to your <b>PATH</b>.
+                </span>
+              </div>
+              <div className={styles.fact}>
+                <span>A desktop app that runs in your tray as the gateway.</span>
+              </div>
+              <div className={styles.fact}>
+                <span>Quiet self-updates — no admin prompts.</span>
+              </div>
+            </div>
+          </div>
+          <div className={styles.actions}>
+            <Button variant="primary" onClick={startInstall}>
+              Install
+            </Button>
+            <span className={styles.loc}>{dir}</span>
+          </div>
+        </section>
+      ) : null}
+
+      {phase === "installing" ? (
+        <section className={styles.phase}>
+          <div className={styles.ihead}>
+            <h2>Installing</h2>
+            <span className={styles.stepof}>step 2 / 3</span>
+          </div>
+          <div className={styles.bar}>
+            <ProgressBar value={pct} />
+          </div>
+          <div className={styles.nowline}>
+            <span>{error || now}</span>
+            <span className={styles.pct}>{Math.round(pct)}%</span>
+          </div>
+          <LogFeed lines={lines} />
+        </section>
+      ) : null}
+
+      {phase === "done" ? (
+        <section className={styles.phase}>
+          <div className={styles.top}>
+            <Wordmark name={brand.name} />
+            <Badge tone="success">installed</Badge>
+          </div>
+          <div className={styles.center}>
+            <div className={styles.check}>
+              <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="var(--success)" strokeWidth={2.4} strokeLinecap="round" strokeLinejoin="round">
+                <path d="M20 6L9 17l-5-5" />
+              </svg>
+            </div>
+            <h1 className={styles.doneTitle}>{brand.name} is ready</h1>
+            <p className={styles.doneText}>
+              Installed to <code>{dir}</code>. Open a <b>new</b> terminal to use the <b>{brand.cli}</b> command.
+            </p>
+            <div className={styles.doneActions}>
+              <Button
+                variant="primary"
+                onClick={async () => {
+                  await Backend.openInstalled();
+                  setTimeout(() => Win.quit(), 600);
+                }}
+              >
+                Open {brand.name}
+              </Button>
+              <Button variant="secondary" onClick={() => Win.quit()}>
+                Finish
+              </Button>
+            </div>
+          </div>
+        </section>
+      ) : null}
+    </div>
+  );
+}
diff --git a/desktop/apps/installer-ui/src/Installer.module.css b/desktop/apps/installer-ui/src/Installer.module.css
new file mode 100644
index 0000000..c4e19c5
--- /dev/null
+++ b/desktop/apps/installer-ui/src/Installer.module.css
@@ -0,0 +1,43 @@
+.shell { display: flex; flex-direction: column; height: 100vh; }
+.phase { flex: 1; min-height: 0; display: flex; flex-direction: column; padding: 26px 30px 22px; }
+
+.top { display: flex; align-items: center; justify-content: space-between; }
+
+/* Welcome */
+.hero { margin-top: auto; }
+.title { font-size: var(--size-2xl); font-weight: 650; letter-spacing: -0.02em; }
+.title .accent { color: var(--accent); }
+.lede { color: var(--text-secondary); margin-top: 8px; max-width: 380px; font-size: 13.5px; line-height: 1.5; }
+.facts { display: flex; flex-direction: column; gap: 9px; margin-top: 20px; }
+.fact { display: flex; gap: 10px; align-items: flex-start; color: var(--text-secondary); font-size: 12.5px; }
+.fact b { color: var(--text); font-weight: 550; }
+.actions { margin-top: auto; padding-top: 24px; display: flex; align-items: center; gap: 12px; }
+.loc { color: var(--text-tertiary); font: 500 11px var(--font-mono); margin-left: auto; }
+
+/* Installing */
+.ihead { display: flex; align-items: baseline; justify-content: space-between; }
+.ihead h2 { font-size: var(--size-lg); font-weight: 600; }
+.stepof { font: 500 11px var(--font-mono); color: var(--text-tertiary); }
+.bar { margin: 14px 0 0; }
+.nowline { display: flex; justify-content: space-between; color: var(--text-secondary); font-size: 12px; margin: 8px 0 14px; }
+.pct { font: 500 12px var(--font-mono); color: var(--text-tertiary); }
+
+/* Done */
+.center { margin: auto 0; }
+.check {
+  width: 40px; height: 40px; border-radius: 999px;
+  border: 1px solid var(--hairline-strong);
+  display: grid; place-items: center; margin-bottom: 16px;
+}
+.doneTitle { font-size: var(--size-xl); font-weight: 650; letter-spacing: -0.02em; }
+.doneText { color: var(--text-secondary); margin-top: 8px; max-width: 400px; font-size: 13px; line-height: 1.5; }
+.doneText b { color: var(--text); font-weight: 550; }
+.doneText code {
+  font: 500 11.5px var(--font-mono);
+  color: var(--text);
+  background: var(--surface);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  padding: 2px 6px;
+}
+.doneActions { margin-top: 26px; display: flex; gap: 12px; }
diff --git a/desktop/apps/installer-ui/src/main.tsx b/desktop/apps/installer-ui/src/main.tsx
new file mode 100644
index 0000000..31cb538
--- /dev/null
+++ b/desktop/apps/installer-ui/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import "@clawtool/design-system/global.css";
+import { App } from "./App";
+
+createRoot(document.getElementById("root")!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+);
diff --git a/desktop/apps/installer-ui/src/vite-env.d.ts b/desktop/apps/installer-ui/src/vite-env.d.ts
new file mode 100644
index 0000000..11f02fe
--- /dev/null
+++ b/desktop/apps/installer-ui/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />
diff --git a/desktop/apps/installer-ui/tsconfig.json b/desktop/apps/installer-ui/tsconfig.json
new file mode 100644
index 0000000..fe31a3a
--- /dev/null
+++ b/desktop/apps/installer-ui/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src", "vite.config.ts"]
+}
diff --git a/desktop/apps/installer-ui/vite.config.ts b/desktop/apps/installer-ui/vite.config.ts
new file mode 100644
index 0000000..425c778
--- /dev/null
+++ b/desktop/apps/installer-ui/vite.config.ts
@@ -0,0 +1,7 @@
+import { defineConfig } from "vite";
+import react from "@vitejs/plugin-react";
+
+export default defineConfig({
+  plugins: [react()],
+  build: { outDir: "dist" },
+});
diff --git a/desktop/apps/updater-ui/index.html b/desktop/apps/updater-ui/index.html
new file mode 100644
index 0000000..ce34b60
--- /dev/null
+++ b/desktop/apps/updater-ui/index.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>clawtool</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/desktop/apps/updater-ui/package.json b/desktop/apps/updater-ui/package.json
new file mode 100644
index 0000000..1b1a77e
--- /dev/null
+++ b/desktop/apps/updater-ui/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "@clawtool/updater-ui",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "vite build",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@clawtool/bridge": "workspace:*",
+    "@clawtool/design-system": "workspace:*",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "@vitejs/plugin-react": "^4.3.4",
+    "typescript": "^5.6.3",
+    "vite": "^6.0.7"
+  }
+}
diff --git a/desktop/apps/updater-ui/src/App.tsx b/desktop/apps/updater-ui/src/App.tsx
new file mode 100644
index 0000000..7aece9b
--- /dev/null
+++ b/desktop/apps/updater-ui/src/App.tsx
@@ -0,0 +1,26 @@
+import { useEffect, useState } from "react";
+import { ProgressBar, Wordmark } from "@clawtool/design-system";
+import { on } from "@clawtool/bridge";
+import styles from "./Updater.module.css";
+
+type Status = { message?: string; pct?: number };
+
+export function App() {
+  const [message, setMessage] = useState("Checking for updates…");
+  const [pct, setPct] = useState<number | null>(null);
+
+  useEffect(() => {
+    return on<Status>("update:status", (s) => {
+      if (s?.message) setMessage(s.message);
+      if (typeof s?.pct === "number") setPct(s.pct);
+    });
+  }, []);
+
+  return (
+    <div className={styles.splash}>
+      <Wordmark size={18} />
+      <div className={styles.status}>{message}</div>
+      {pct === null ? <div className={styles.spinner} /> : <div className={styles.bar}><ProgressBar value={pct} /></div>}
+    </div>
+  );
+}
diff --git a/desktop/apps/updater-ui/src/Updater.module.css b/desktop/apps/updater-ui/src/Updater.module.css
new file mode 100644
index 0000000..7d3bee7
--- /dev/null
+++ b/desktop/apps/updater-ui/src/Updater.module.css
@@ -0,0 +1,20 @@
+.splash {
+  height: 100vh;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  gap: 6px;
+  padding: 28px;
+}
+.status { color: var(--text-secondary); font-size: 13px; margin-top: 6px; min-height: 18px; }
+.bar { width: 100%; max-width: 280px; margin-top: 12px; }
+.spinner {
+  width: 20px;
+  height: 20px;
+  margin-top: 14px;
+  border: 2.4px solid var(--hairline);
+  border-top-color: var(--accent);
+  border-radius: 50%;
+  animation: ct-spin 0.8s linear infinite;
+}
diff --git a/desktop/apps/updater-ui/src/main.tsx b/desktop/apps/updater-ui/src/main.tsx
new file mode 100644
index 0000000..31cb538
--- /dev/null
+++ b/desktop/apps/updater-ui/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import "@clawtool/design-system/global.css";
+import { App } from "./App";
+
+createRoot(document.getElementById("root")!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+);
diff --git a/desktop/apps/updater-ui/src/vite-env.d.ts b/desktop/apps/updater-ui/src/vite-env.d.ts
new file mode 100644
index 0000000..11f02fe
--- /dev/null
+++ b/desktop/apps/updater-ui/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />
diff --git a/desktop/apps/updater-ui/tsconfig.json b/desktop/apps/updater-ui/tsconfig.json
new file mode 100644
index 0000000..fe31a3a
--- /dev/null
+++ b/desktop/apps/updater-ui/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": []
+  },
+  "include": ["src", "vite.config.ts"]
+}
diff --git a/desktop/apps/updater-ui/vite.config.ts b/desktop/apps/updater-ui/vite.config.ts
new file mode 100644
index 0000000..425c778
--- /dev/null
+++ b/desktop/apps/updater-ui/vite.config.ts
@@ -0,0 +1,7 @@
+import { defineConfig } from "vite";
+import react from "@vitejs/plugin-react";
+
+export default defineConfig({
+  plugins: [react()],
+  build: { outDir: "dist" },
+});
diff --git a/desktop/packages/design-system/src/components/LogFeed.module.css b/desktop/packages/design-system/src/components/LogFeed.module.css
new file mode 100644
index 0000000..52157f1
--- /dev/null
+++ b/desktop/packages/design-system/src/components/LogFeed.module.css
@@ -0,0 +1,26 @@
+.well {
+  flex: 1;
+  min-height: 0;
+  background: var(--surface);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-md);
+  overflow: hidden;
+  display: flex;
+  flex-direction: column;
+}
+.head {
+  font: 500 10.5px / 1 var(--font-mono);
+  color: var(--text-tertiary);
+  letter-spacing: 0.05em;
+  text-transform: uppercase;
+  padding: 7px 12px;
+  border-bottom: 1px solid var(--hairline);
+}
+.feed { flex: 1; overflow-y: auto; padding: 8px 12px 10px; font: 12px/1.65 var(--font-mono); }
+.line { display: flex; gap: 9px; }
+.time { color: var(--text-tertiary); flex: none; }
+.msg { color: var(--text-secondary); white-space: pre-wrap; }
+.dim { color: var(--text-tertiary); }
+.ok .msg { color: var(--text); }
+.done .msg { color: var(--success); }
+.warn .msg { color: var(--warning); }
diff --git a/desktop/packages/design-system/src/components/LogFeed.tsx b/desktop/packages/design-system/src/components/LogFeed.tsx
new file mode 100644
index 0000000..62ecb3b
--- /dev/null
+++ b/desktop/packages/design-system/src/components/LogFeed.tsx
@@ -0,0 +1,29 @@
+import { useEffect, useRef } from "react";
+import styles from "./LogFeed.module.css";
+
+export type LogLine = { time: string; label: string; detail?: string; tone?: "ok" | "done" | "warn" };
+
+export function LogFeed({ title = "install log", lines }: { title?: string; lines: LogLine[] }) {
+  const feedRef = useRef<HTMLDivElement>(null);
+  useEffect(() => {
+    const el = feedRef.current;
+    if (el) el.scrollTop = el.scrollHeight;
+  }, [lines]);
+
+  return (
+    <div className={styles.well}>
+      <div className={styles.head}>{title}</div>
+      <div className={styles.feed} ref={feedRef}>
+        {lines.map((l, i) => (
+          <div key={i} className={`${styles.line} ${l.tone ? styles[l.tone] : ""}`}>
+            <span className={styles.time}>{l.time}</span>
+            <span className={styles.msg}>
+              {l.label}
+              {l.detail ? <span className={styles.dim}> {l.detail}</span> : null}
+            </span>
+          </div>
+        ))}
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/ProgressBar.module.css b/desktop/packages/design-system/src/components/ProgressBar.module.css
new file mode 100644
index 0000000..f70aae9
--- /dev/null
+++ b/desktop/packages/design-system/src/components/ProgressBar.module.css
@@ -0,0 +1,13 @@
+.track {
+  height: 3px;
+  border-radius: 3px;
+  background: var(--hairline);
+  overflow: hidden;
+}
+.fill {
+  display: block;
+  height: 100%;
+  background: var(--accent);
+  border-radius: 3px;
+  transition: width 0.45s cubic-bezier(0.22, 1, 0.36, 1);
+}
diff --git a/desktop/packages/design-system/src/components/ProgressBar.tsx b/desktop/packages/design-system/src/components/ProgressBar.tsx
new file mode 100644
index 0000000..0442150
--- /dev/null
+++ b/desktop/packages/design-system/src/components/ProgressBar.tsx
@@ -0,0 +1,10 @@
+import styles from "./ProgressBar.module.css";
+
+export function ProgressBar({ value }: { value: number }) {
+  const pct = Math.max(0, Math.min(100, value));
+  return (
+    <div className={styles.track}>
+      <i className={styles.fill} style={{ width: `${pct}%` }} />
+    </div>
+  );
+}
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
index 6166afc..0fe3086 100644
--- a/desktop/packages/design-system/src/index.ts
+++ b/desktop/packages/design-system/src/index.ts
@@ -9,4 +9,6 @@ export { TitleBar, type WindowControls } from "./components/TitleBar";
 export { Sidebar, NavItem } from "./components/Sidebar";
 export { Switch } from "./components/Switch";
 export { KeyValue, KVRow } from "./components/KeyValue";
+export { ProgressBar } from "./components/ProgressBar";
+export { LogFeed, type LogLine } from "./components/LogFeed";
 export { getPlatform, isMac, type Platform } from "./lib/platform";
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index f018b00..5298c31 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -71,6 +71,68 @@ importers:
         specifier: ^6.0.7
         version: 6.4.2
 
+  apps/installer-ui:
+    dependencies:
+      '@clawtool/bridge':
+        specifier: workspace:*
+        version: link:../../packages/bridge
+      '@clawtool/design-system':
+        specifier: workspace:*
+        version: link:../../packages/design-system
+      react:
+        specifier: ^18.3.1
+        version: 18.3.1
+      react-dom:
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
+    devDependencies:
+      '@types/react':
+        specifier: ^18.3.12
+        version: 18.3.29
+      '@types/react-dom':
+        specifier: ^18.3.1
+        version: 18.3.7(@types/react@18.3.29)
+      '@vitejs/plugin-react':
+        specifier: ^4.3.4
+        version: 4.7.0(vite@6.4.2)
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+      vite:
+        specifier: ^6.0.7
+        version: 6.4.2
+
+  apps/updater-ui:
+    dependencies:
+      '@clawtool/bridge':
+        specifier: workspace:*
+        version: link:../../packages/bridge
+      '@clawtool/design-system':
+        specifier: workspace:*
+        version: link:../../packages/design-system
+      react:
+        specifier: ^18.3.1
+        version: 18.3.1
+      react-dom:
+        specifier: ^18.3.1
+        version: 18.3.1(react@18.3.1)
+    devDependencies:
+      '@types/react':
+        specifier: ^18.3.12
+        version: 18.3.29
+      '@types/react-dom':
+        specifier: ^18.3.1
+        version: 18.3.7(@types/react@18.3.29)
+      '@vitejs/plugin-react':
+        specifier: ^4.3.4
+        version: 4.7.0(vite@6.4.2)
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+      vite:
+        specifier: ^6.0.7
+        version: 6.4.2
+
   packages/bridge:
     devDependencies:
       typescript:

From 0965b0965a616933360bd0c8cbb8fe6cb783e367 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:38:27 +0300
Subject: [PATCH 17/86] feat(desktop): ship the React SPA on the Wails binary +
 frameless chrome

Replace the hand-written vanilla index.html with the Vite-built React SPA
(app-ui) embedded in the proven Wails binary. The single bundle routes on
App.Mode(): setup -> installer surface, installer (first run) -> onboarding
init, app -> the main app. Compose the installer surface into app-ui via a
workspace dep so one bundle serves every mode. Make the window frameless
(custom titlebar drives drag + window controls; macOS keeps inset traffic
lights via TitleBarHiddenInset). CI builds the pnpm monorepo and places the
bundle into the Go embed dir before the existing 2-build payload flow.

The physical 3-process split (separate updater/app exes) is staged on the
same surfaces but deferred until a Windows smoke-test, to avoid shipping an
untested install pipeline.
---
 .github/workflows/installer.yml               |  25 +
 .../frontend/dist/.gitignore                  |   3 +
 cmd/clawtool-installer/frontend/dist/.gitkeep |   0
 .../frontend/dist/index.html                  | 846 ------------------
 cmd/clawtool-installer/main.go                |  15 +-
 desktop/apps/app-ui/package.json              |   3 +-
 desktop/apps/app-ui/src/Init.module.css       |   6 +
 desktop/apps/app-ui/src/InitSurface.tsx       |  72 ++
 desktop/apps/app-ui/src/Root.tsx              |  35 +
 desktop/apps/app-ui/src/main.tsx              |   4 +-
 desktop/apps/installer-ui/package.json        |   3 +
 desktop/package.json                          |   1 +
 .../design-system/src/components/TitleBar.tsx |   4 +-
 desktop/pnpm-lock.yaml                        |   3 +
 14 files changed, 167 insertions(+), 853 deletions(-)
 create mode 100644 cmd/clawtool-installer/frontend/dist/.gitignore
 create mode 100644 cmd/clawtool-installer/frontend/dist/.gitkeep
 delete mode 100644 cmd/clawtool-installer/frontend/dist/index.html
 create mode 100644 desktop/apps/app-ui/src/Init.module.css
 create mode 100644 desktop/apps/app-ui/src/InitSurface.tsx
 create mode 100644 desktop/apps/app-ui/src/Root.tsx

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 576dde8..4c433a4 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -86,6 +86,31 @@ jobs:
       - name: wails doctor
         run: wails doctor || true
 
+      # Build the React frontend monorepo (Vite) and place the app SPA's
+      # bundle where the Go binary embeds it (//go:embed all:frontend/dist).
+      # The same SPA serves every mode (app / installer / setup) by routing on
+      # App.Mode(), so one bundle is embedded by both the app and setup builds.
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Build desktop frontend (Vite)
+        working-directory: ${{ github.workspace }}/desktop
+        run: |
+          corepack enable
+          pnpm install --frozen-lockfile
+          pnpm --filter @clawtool/app-ui build
+        shell: bash
+
+      - name: Place frontend bundle into the Go embed dir
+        working-directory: ${{ github.workspace }}
+        run: |
+          rm -rf cmd/clawtool-installer/frontend/dist
+          mkdir -p cmd/clawtool-installer/frontend/dist
+          cp -R desktop/apps/app-ui/dist/. cmd/clawtool-installer/frontend/dist/
+        shell: bash
+
       # ── Windows: custom app-style installer via a 2-build flow ──────
       #  No classic NSIS wizard. The same Wails binary is both the app and
       #  the setup — payload presence (//go:embed all:payload) flips it
diff --git a/cmd/clawtool-installer/frontend/dist/.gitignore b/cmd/clawtool-installer/frontend/dist/.gitignore
new file mode 100644
index 0000000..c3d07e5
--- /dev/null
+++ b/cmd/clawtool-installer/frontend/dist/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitkeep
+!.gitignore
diff --git a/cmd/clawtool-installer/frontend/dist/.gitkeep b/cmd/clawtool-installer/frontend/dist/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/cmd/clawtool-installer/frontend/dist/index.html b/cmd/clawtool-installer/frontend/dist/index.html
deleted file mode 100644
index 36265fd..0000000
--- a/cmd/clawtool-installer/frontend/dist/index.html
+++ /dev/null
@@ -1,846 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>clawtool</title>
-    <style>
-      /* clawtool desktop app. Discord-style launch flow in one window
-         (Wails v2 is single-window): a small fixed Updater splash on
-         every launch → first-run Initializing splash → then the window
-         grows (App.EnterApp) into the full sidebar app. Flat, solid,
-         SF/Segoe; one accent; hairline separators; no blur. */
-      :root {
-        /* Grounded in a well-regarded terminal's shipped default dark theme:
-           a calm #181818 base, opacity-layered neutral surfaces, hairline
-           borders, ONE cool accent used sparingly, no gradients. */
-        --bg: #181818; --panel: #181818; --panel-2: #202020; --sidebar: #151515;
-        --fg: #d8d8d8; --secondary: rgba(216,216,216,0.60); --tertiary: rgba(216,216,216,0.40);
-        --hair: rgba(216,216,216,0.10); --hair-strong: rgba(216,216,216,0.16);
-        --accent: #7cafc2; --accent-2: #6b9eb0; --accent-ink: #0e1417;
-        --accent-grad: var(--accent);
-        --accent-soft: rgba(124,175,194,0.14);
-        --green: #1ca05a; --amber: #c28000; --red: #bc362a;
-        --chip: rgba(216,216,216,0.06); --radius: 8px; --radius-sm: 4px;
-        --mono: "SF Mono","JetBrains Mono","Cascadia Code",ui-monospace,Menlo,Consolas,monospace;
-        --shadow: 0 12px 32px rgba(0,0,0,0.45);
-      }
-      * { box-sizing: border-box; margin: 0; padding: 0; }
-      html, body { height: 100%; }
-      body {
-        font-family: -apple-system, BlinkMacSystemFont, "SF Pro Text", "Segoe UI", Roboto, system-ui, sans-serif;
-        -webkit-font-smoothing: antialiased; background: var(--panel); color: var(--fg);
-        user-select: none; -webkit-user-select: none; height: 100vh; overflow: hidden;
-      }
-      .phase { display: none; height: 100vh; }
-      .phase.active { display: flex; }
-
-      /* ── Splash (Updater + Initializing) ── */
-      .splash { flex-direction: column; align-items: center; justify-content: center; text-align: center; padding: 28px 34px; gap: 4px; }
-      .splash h1 { font-size: 23px; font-weight: 600; letter-spacing: -0.015em; }
-      .splash .status { font-size: 13px; color: var(--secondary); min-height: 18px; margin-top: 4px; }
-      .spinner { width: 22px; height: 22px; margin: 16px auto 4px; border: 2.5px solid var(--hair); border-top-color: var(--accent); border-radius: 50%; animation: spin 0.8s linear infinite; }
-      @keyframes spin { to { transform: rotate(360deg); } }
-      /* Initializing splash extras */
-      .meter { display: flex; align-items: center; gap: 12px; margin: 18px auto 14px; width: 100%; max-width: 420px; }
-      .trackbar { flex: 1; height: 4px; border-radius: 4px; background: var(--hair); overflow: hidden; }
-      .fill { height: 100%; width: 0%; border-radius: 4px; background: var(--accent); transition: width .5s cubic-bezier(.22,1,.36,1); }
-      .pct { font-size: 12px; font-variant-numeric: tabular-nums; color: var(--secondary); width: 34px; text-align: right; }
-      .log { list-style: none; width: 100%; max-width: 440px; text-align: left; }
-      .log li { display: flex; align-items: center; gap: 9px; font-size: 12.5px; padding: 5px 0; border-top: 1px solid var(--hair); animation: rowin .22s ease both; }
-      .log li:first-child { border-top: none; }
-      @keyframes rowin { from { opacity: 0; } to { opacity: 1; } }
-      .g { width: 15px; height: 15px; flex: none; display: grid; place-items: center; }
-      .lab { color: var(--fg); white-space: nowrap; }
-      .msg { color: var(--tertiary); overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
-      .donenote { font-size: 12.5px; color: var(--secondary); margin-top: 12px; max-width: 440px; }
-
-      /* ── App (sidebar) ── */
-      .app { flex-direction: row; }
-      .side { width: 212px; flex: none; background: var(--sidebar); border-right: 1px solid var(--hair); display: flex; flex-direction: column; padding: 18px 12px; }
-      .brand { display: flex; align-items: center; gap: 10px; padding: 6px 8px 18px; }
-      .brand .bmark { width: 30px; height: 30px; border-radius: 8px; background: var(--fg); display: grid; place-items: center; flex: none; }
-      .brand .name { font-size: 15px; font-weight: 600; letter-spacing: -0.01em; }
-      nav { display: flex; flex-direction: column; gap: 2px; }
-      .navitem { display: flex; align-items: center; gap: 10px; width: 100%; padding: 8px 10px; border: none; background: none; cursor: pointer; font: inherit; font-size: 13.5px; color: var(--secondary); border-radius: 8px; text-align: left; }
-      .navitem:hover { background: rgba(127,127,127,.10); color: var(--fg); }
-      .navitem.active { background: var(--panel); color: var(--fg); font-weight: 600; box-shadow: 0 1px 2px rgba(0,0,0,.04); }
-      .navitem .ic { width: 17px; height: 17px; flex: none; }
-      .navitem .badge-dot { margin-left: auto; width: 8px; height: 8px; border-radius: 50%; background: var(--accent); display: none; }
-      .navitem.has-update .badge-dot { display: block; }
-      .side .foot { margin-top: auto; padding: 8px; color: var(--tertiary); font-size: 11.5px; font-variant-numeric: tabular-nums; }
-      .content { flex: 1; overflow-y: auto; }
-      .view { display: none; padding: 26px 30px 40px; }
-      .view.active { display: block; }
-      h1.vh { font-size: 21px; font-weight: 600; letter-spacing: -0.02em; }
-      .lead { color: var(--secondary); font-size: 13.5px; margin-top: 3px; }
-      h2.section { font-size: 12px; text-transform: uppercase; letter-spacing: .06em; color: var(--secondary); font-weight: 600; margin: 26px 0 12px 2px; }
-      .banner { display: none; align-items: center; gap: 12px; margin: 0 0 18px; padding: 12px 16px; border-radius: var(--radius); background: var(--panel); border: 1px solid var(--hair); font-size: 13.5px; }
-      .banner.show { display: flex; }
-      .btn { font: inherit; font-size: 13px; font-weight: 500; cursor: pointer; border: 1px solid var(--hair); background: var(--panel); color: var(--fg); padding: 7px 14px; border-radius: 9px; }
-      .btn:hover { border-color: var(--accent); color: var(--accent); }
-      .btn.primary { background: var(--accent); color: #fff; border-color: var(--accent); }
-      .btn.primary:hover { filter: brightness(1.05); color: #fff; }
-      .btn:disabled { opacity: .5; cursor: default; }
-      .grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(260px, 1fr)); gap: 14px; }
-      .card { background: var(--panel); border: 1px solid var(--hair); border-radius: var(--radius); padding: 16px 18px; }
-      .card .title { font-weight: 600; font-size: 14.5px; display: flex; align-items: center; gap: 8px; }
-      .card .sub { color: var(--secondary); font-size: 12.5px; margin-top: 2px; word-break: break-all; }
-      .row { display: flex; justify-content: space-between; gap: 12px; padding: 7px 0; border-top: 1px solid var(--hair); font-size: 13.5px; }
-      .row:first-of-type { border-top: none; }
-      .row .k { color: var(--secondary); }
-      .badge { font-size: 11px; font-weight: 600; padding: 2px 8px; border-radius: 999px; border: 1px solid var(--hair); color: var(--secondary); white-space: nowrap; }
-      .badge.ok { color: var(--green); border-color: color-mix(in srgb, var(--green) 40%, transparent); }
-      .badge.busy { color: var(--amber); border-color: color-mix(in srgb, var(--amber) 45%, transparent); }
-      .badge.off { color: var(--tertiary); }
-      .agents { margin-top: 12px; display: flex; flex-direction: column; gap: 6px; }
-      .agent { display: flex; align-items: center; gap: 8px; font-size: 13.5px; }
-      .agent .name { font-weight: 500; }
-      .agent .fam { color: var(--secondary); font-size: 12px; }
-      .note { background: var(--panel); border: 1px solid var(--hair); border-radius: var(--radius); padding: 16px 18px; color: var(--secondary); font-size: 13.5px; }
-      .err { color: var(--amber); font-size: 12.5px; margin-top: 8px; }
-      .linkbtn { background: none; border: none; color: var(--accent); cursor: pointer; font: inherit; padding: 0; font-size: 12.5px; }
-      .linkbtn:hover { text-decoration: underline; }
-      code { background: var(--chip); padding: 1px 5px; border-radius: 5px; font-size: 12px; }
-      .stat { display: flex; gap: 28px; margin-top: 16px; }
-      .stat .n { font-size: 26px; font-weight: 650; letter-spacing: -0.02em; }
-      .stat .l { font-size: 12px; color: var(--secondary); }
-
-      /* ── Home hero + tiles ── */
-      .hero { display: flex; align-items: center; gap: 14px; }
-      .hero .dot { width: 10px; height: 10px; border-radius: 50%; background: var(--green); flex: none; box-shadow: 0 0 0 4px color-mix(in srgb, var(--green) 18%, transparent); }
-      .hero .dot.off { background: var(--tertiary); box-shadow: none; }
-      .hero h1 { font-size: 22px; font-weight: 650; letter-spacing: -0.02em; }
-      .hero .host { color: var(--secondary); font-size: 13px; margin-top: 1px; }
-      .tiles { display: grid; grid-template-columns: repeat(3, 1fr); gap: 12px; margin-top: 20px; }
-      .tile { background: var(--panel); border: 1px solid var(--hair); border-radius: var(--radius); padding: 15px 16px; }
-      .tile .n { font-size: 25px; font-weight: 650; letter-spacing: -0.02em; font-variant-numeric: tabular-nums; }
-      .tile .n.small { font-size: 16px; font-weight: 600; }
-      .tile .l { font-size: 12px; color: var(--secondary); margin-top: 3px; display: flex; align-items: center; gap: 6px; }
-      .tile .l .mini { width: 7px; height: 7px; border-radius: 50%; background: var(--green); }
-      .tile .l .mini.off { background: var(--tertiary); }
-      .actions { display: flex; gap: 10px; margin-top: 8px; flex-wrap: wrap; }
-
-      /* ── Cross-device card ── */
-      .xd { background: var(--panel); border: 1px solid var(--hair); border-radius: var(--radius); padding: 18px 20px; max-width: 560px; }
-      .xd .head { display: flex; align-items: center; gap: 10px; }
-      .xd .head .t { font-weight: 600; font-size: 15px; }
-      .xd .head .pill { margin-left: auto; }
-      .pill { font-size: 11.5px; font-weight: 600; padding: 3px 10px; border-radius: 999px; border: 1px solid var(--hair); color: var(--secondary); display: inline-flex; align-items: center; gap: 6px; }
-      .pill .pd { width: 7px; height: 7px; border-radius: 50%; background: var(--tertiary); }
-      .pill.on { color: var(--green); border-color: color-mix(in srgb, var(--green) 40%, transparent); }
-      .pill.on .pd { background: var(--green); }
-      .xd .desc { color: var(--secondary); font-size: 13px; margin-top: 8px; line-height: 1.5; }
-      .keybox { display: flex; align-items: center; gap: 8px; margin-top: 14px; background: var(--chip); border: 1px solid var(--hair); border-radius: 9px; padding: 9px 12px; }
-      .keybox code { background: none; padding: 0; font-size: 12.5px; flex: 1; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; font-variant-numeric: tabular-nums; letter-spacing: .02em; }
-      .iconbtn { border: none; background: none; cursor: pointer; color: var(--secondary); padding: 4px; border-radius: 6px; display: grid; place-items: center; }
-      .iconbtn:hover { color: var(--accent); background: rgba(127,127,127,.10); }
-      .hint { font-size: 12.5px; color: var(--secondary); margin-top: 12px; line-height: 1.5; }
-      .input { font: inherit; font-size: 13px; width: 100%; padding: 9px 12px; border: 1px solid var(--hair); border-radius: 9px; background: var(--bg); color: var(--fg); margin-top: 10px; }
-      .input:focus { outline: none; border-color: var(--accent); }
-      .danger { color: var(--red); }
-      .btn.ghost { border-color: transparent; background: none; color: var(--secondary); padding-left: 0; }
-      .btn.ghost:hover { color: var(--accent); }
-      .reveal { display: none; margin-top: 12px; }
-      .reveal.show { display: block; }
-      .toast { position: fixed; bottom: 22px; left: 50%; transform: translateX(-50%) translateY(12px); background: var(--fg); color: var(--bg); font-size: 12.5px; padding: 8px 16px; border-radius: 999px; opacity: 0; transition: opacity .2s, transform .2s; pointer-events: none; }
-      .toast.show { opacity: 1; transform: translateX(-50%) translateY(0); }
-      .switchrow { display: flex; align-items: flex-start; gap: 14px; margin-top: 16px; padding-top: 16px; border-top: 1px solid var(--hair); }
-      .switchrow .txt { flex: 1; }
-      .switchrow .st { font-weight: 600; font-size: 13.5px; }
-      .switchrow .sd { color: var(--secondary); font-size: 12.5px; margin-top: 3px; line-height: 1.45; }
-      .switch { position: relative; width: 40px; height: 24px; flex: none; cursor: pointer; display: inline-block; }
-      .switch input { position: absolute; opacity: 0; width: 0; height: 0; }
-      .switch .track { position: absolute; inset: 0; background: var(--hair); border-radius: 999px; transition: background .18s; }
-      .switch input:checked ~ .track { background: var(--green); }
-      .switch .knob { position: absolute; top: 3px; left: 3px; width: 18px; height: 18px; border-radius: 50%; background: #fff; transition: transform .18s; box-shadow: 0 1px 2px rgba(0,0,0,.25); }
-      .switch input:checked ~ .knob { transform: translateX(16px); }
-      .switch.busy { opacity: .55; pointer-events: none; }
-
-      /* ── Warp-calm app: wordmark (no logo), flat layered surfaces,
-            hairline borders, one accent used sparingly, no gradients/glows. */
-      .brand { padding: 4px 8px 22px; gap: 11px; }
-      .brand .name { font-size: 15px; font-weight: 600; letter-spacing: -0.01em; color: var(--fg); }
-      .brand .name .dot { color: var(--accent); }
-      .btn.primary { background: var(--accent); border: 1px solid transparent; color: var(--accent-ink); box-shadow: none; }
-      .btn.primary:hover { background: #8ab9ca; color: var(--accent-ink); filter: none; }
-      .navitem { border-radius: var(--radius-sm); }
-      .navitem.active { background: var(--accent-soft); color: var(--fg); box-shadow: none; }
-      .navitem.active .ic { color: var(--accent); }
-      .navitem .badge-dot { background: var(--accent); }
-      .card, .tile, .xd, .note, .banner { box-shadow: none; background: var(--panel-2); }
-      .tile { transition: border-color .15s; }
-      .tile[data-view]:hover { border-color: var(--hair-strong); }
-      .input { background: var(--panel-2); }
-      .keybox { background: var(--panel-2); }
-      #view-home { position: relative; }
-      .content::-webkit-scrollbar { width: 11px; }
-      .content::-webkit-scrollbar-thumb { background: var(--hair-strong); border-radius: 8px; border: 3px solid transparent; background-clip: content-box; }
-
-      /* ── Custom stepped installer (Welcome → Installing → Done) ── */
-      .su-welcome, .su-installing, .su-done { flex-direction: column; }
-      .su-top { display: flex; align-items: center; justify-content: space-between; }
-      .su-mark { font-weight: 600; letter-spacing: -0.01em; font-size: 14px; color: var(--fg); }
-      .su-mark .dot { color: var(--accent); }
-      .su-badge { font: 500 11px var(--mono); color: var(--tertiary); border: 1px solid var(--hair); border-radius: 999px; padding: 3px 9px; }
-      .su-btn { font: 600 13px inherit; height: 34px; padding: 0 18px; border-radius: var(--radius-sm); border: 1px solid transparent; cursor: pointer; transition: background .14s, border-color .14s, color .14s; }
-      .su-btn-primary { background: var(--accent); color: var(--accent-ink); }
-      .su-btn-primary:hover { background: #8ab9ca; }
-      .su-btn-ghost { background: transparent; color: var(--secondary); border-color: var(--hair-strong); }
-      .su-btn-ghost:hover { color: var(--fg); border-color: var(--tertiary); }
-      .su-actions { display: flex; align-items: center; gap: 12px; }
-
-      /* Welcome */
-      .su-welcome { padding: 30px 32px; }
-      .su-hero { margin-top: auto; }
-      .su-welcome h1 { font-size: 26px; font-weight: 650; letter-spacing: -0.02em; color: var(--fg); }
-      .su-name { color: var(--accent); }
-      .su-lede { color: var(--secondary); margin-top: 8px; max-width: 380px; font-size: 13.5px; line-height: 1.5; }
-      .su-facts { display: flex; flex-direction: column; gap: 9px; margin-top: 20px; }
-      .su-fact { display: flex; gap: 10px; align-items: flex-start; color: var(--secondary); font-size: 12.5px; }
-      .su-fact svg { flex: none; margin-top: 2px; }
-      .su-fact b { color: var(--fg); font-weight: 550; }
-      .su-welcome .su-actions { margin-top: auto; padding-top: 24px; }
-      .su-loc { color: var(--tertiary); font: 500 11px var(--mono); margin-left: auto; }
-
-      /* Installing */
-      .su-installing { padding: 26px 28px 22px; }
-      .su-ihead { display: flex; align-items: baseline; justify-content: space-between; }
-      .su-ihead h2 { font-size: 16px; font-weight: 600; letter-spacing: -0.01em; color: var(--fg); }
-      .su-stepof { font: 500 11px var(--mono); color: var(--tertiary); }
-      .su-bar { margin: 14px 0 0; height: 3px; border-radius: 3px; background: var(--hair); overflow: hidden; }
-      .su-bar > i { display: block; height: 100%; width: 0%; background: var(--accent); border-radius: 3px; transition: width .45s cubic-bezier(.22,1,.36,1); }
-      .su-nowline { display: flex; justify-content: space-between; color: var(--secondary); font-size: 12px; margin-top: 8px; }
-      .su-nowline .su-pct { font: 500 12px var(--mono); color: var(--tertiary); }
-      .su-logwell { margin-top: 14px; flex: 1; min-height: 0; background: var(--panel-2); border: 1px solid var(--hair); border-radius: var(--radius-sm); overflow: hidden; display: flex; flex-direction: column; }
-      .su-lwhead { font: 500 10.5px var(--mono); color: var(--tertiary); letter-spacing: .05em; text-transform: uppercase; padding: 7px 12px; border-bottom: 1px solid var(--hair); }
-      .su-logfeed { flex: 1; overflow-y: auto; padding: 8px 12px 10px; font: 12px/1.65 var(--mono); }
-      .su-logfeed::-webkit-scrollbar { width: 8px; }
-      .su-logfeed::-webkit-scrollbar-thumb { background: var(--hair-strong); border-radius: 8px; }
-      .su-lline { display: flex; gap: 9px; }
-      .su-lline .t { color: var(--tertiary); flex: none; }
-      .su-lline .m { color: var(--secondary); white-space: pre-wrap; }
-      .su-lline.ok .m { color: var(--fg); }
-      .su-lline .tag { color: var(--accent); }
-      .su-lline .dim { color: var(--tertiary); }
-      .su-lline.warn .m { color: var(--amber); }
-      .su-lline.done .m { color: var(--green); }
-
-      /* Done */
-      .su-done { padding: 30px 32px; }
-      .su-dcenter { margin: auto 0; }
-      .su-check { width: 40px; height: 40px; border-radius: 999px; border: 1px solid var(--hair-strong); display: grid; place-items: center; margin-bottom: 16px; }
-      .su-done h1 { font-size: 23px; font-weight: 650; letter-spacing: -0.02em; color: var(--fg); }
-      .su-done p { color: var(--secondary); margin-top: 8px; max-width: 400px; font-size: 13px; line-height: 1.5; }
-      .su-done p b { color: var(--fg); font-weight: 550; }
-      .su-done code { font: 500 11.5px var(--mono); color: var(--fg); background: var(--panel-2); border: 1px solid var(--hair); border-radius: var(--radius-sm); padding: 2px 6px; }
-      .su-done .su-actions { margin-top: 26px; }
-
-      /* ── App, non-card (YC-grade): status hero + metric strip + list
-            rows + slim sidebar. Structure from whitespace + hairlines +
-            type hierarchy, not bordered boxes. ── */
-      .side { background: var(--sidebar); border-right: 1px solid var(--hair); padding: 18px 12px 12px; }
-      .navitem { color: var(--secondary); }
-      .navitem.active { background: transparent; color: var(--fg); }
-      .navitem.active::before { content: ""; position: absolute; left: -12px; top: 7px; bottom: 7px; width: 2px; border-radius: 2px; background: var(--accent); }
-      .navitem { position: relative; }
-      .navitem.active .ic { color: var(--accent); }
-      .side .foot { display: flex; align-items: center; gap: 7px; }
-      .side .foot::before { content: ""; width: 6px; height: 6px; border-radius: 50%; background: var(--green); flex: none; }
-      .view { padding: 30px 36px; }
-
-      .hm-status { display: flex; align-items: center; gap: 13px; }
-      .hm-pulse { width: 11px; height: 11px; border-radius: 50%; background: var(--green); position: relative; flex: none; }
-      .hm-pulse::after { content: ""; position: absolute; inset: -5px; border-radius: 50%; border: 1px solid var(--green); opacity: .35; }
-      .hm-pulse.off { background: var(--tertiary); }
-      .hm-pulse.off::after { display: none; }
-      .hm-sttxt h1 { font-size: 24px; font-weight: 600; letter-spacing: -0.02em; color: var(--fg); }
-      .hm-sub { color: var(--secondary); font-size: 13px; margin-top: 2px; }
-
-      .hm-metrics { display: flex; margin: 28px 0 4px; }
-      .hm-metric { padding-right: 34px; margin-right: 34px; border-right: 1px solid var(--hair); }
-      .hm-metric:last-child { border-right: none; }
-      .hm-metric .n { font-size: 30px; font-weight: 600; letter-spacing: -0.025em; font-variant-numeric: tabular-nums; line-height: 1.05; }
-      .hm-metric .l { font-size: 11.5px; color: var(--secondary); margin-top: 6px; }
-
-      .hm-sec { display: flex; align-items: baseline; justify-content: space-between; margin: 34px 0 2px; }
-      .hm-sec h2 { font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: .07em; color: var(--secondary); }
-      .hm-link, .hm-ghost { background: none; border: none; cursor: pointer; font: inherit; color: var(--accent); font-size: 12px; padding: 0; }
-      .hm-ghost { color: var(--secondary); font-size: 12.5px; }
-      .hm-ghost:hover { color: var(--accent); }
-      .hm-foot { margin-top: auto; padding-top: 18px; color: var(--tertiary); font-size: 12px; display: flex; align-items: center; justify-content: space-between; }
-
-      /* Agent list rows (shared: Home teaser + Network) */
-      .agent-list { margin-top: 2px; }
-      .agent-row { display: flex; align-items: center; gap: 12px; padding: 11px 6px; border-bottom: 1px solid var(--hair); }
-      .agent-row:hover { background: rgba(216,216,216,0.025); }
-      .agent-row .av { width: 26px; height: 26px; border-radius: 7px; background: var(--accent-soft); color: var(--accent); display: grid; place-items: center; font: 600 11px var(--mono); flex: none; text-transform: uppercase; }
-      .agent-row .ar-nm { font-weight: 550; font-size: 13px; }
-      .agent-row .ar-meta { color: var(--secondary); font-size: 12px; margin-top: 1px; }
-      .agent-row .ar-st { margin-left: auto; display: flex; align-items: center; gap: 7px; font-size: 12px; color: var(--secondary); white-space: nowrap; }
-      .agent-row .ar-st .d { width: 7px; height: 7px; border-radius: 50%; background: var(--green); flex: none; }
-      .agent-row .ar-st.busy .d { background: var(--amber); }
-      .agent-row .ar-st.off .d { background: var(--tertiary); }
-      .hm-empty { color: var(--secondary); font-size: 13px; padding: 14px 6px; border-bottom: 1px solid var(--hair); }
-      .hm-empty code { background: var(--chip); padding: 1px 5px; border-radius: 4px; font: 12px var(--mono); }
-
-      /* Network + Updates: de-card. Section headers + hairline rows +
-         plain grouped sections; peers stay a soft flat surface (distinct
-         devices), but no bordered boxes. */
-      .vh { font-size: 22px; font-weight: 600; letter-spacing: -0.02em; color: var(--fg); }
-      .lead { color: var(--secondary); font-size: 13px; }
-      h2.section { margin: 30px 0 6px 0; }
-      #local { margin-top: 6px !important; }
-      .kv .row { padding: 10px 6px; }
-      .row .k { color: var(--secondary); }
-      /* cross-device → a plain section, not a card */
-      .xd { border: none !important; background: transparent !important; padding: 0 !important; box-shadow: none; max-width: 560px; }
-      .xd .head .t { font-size: 14px; font-weight: 600; }
-      .xd .desc { font-size: 12.5px; }
-      .keybox { background: var(--panel-2); border: 1px solid var(--hair); }
-      .switchrow { border-top: 1px solid var(--hair); }
-      /* peers → soft flat surfaces (no border box) */
-      .card { border: none; background: var(--panel-2); box-shadow: none; }
-      .note { border: none; background: var(--panel-2); box-shadow: none; }
-      .banner { border: none; background: var(--panel-2); box-shadow: none; }
-      .btn { background: var(--panel-2); border-color: var(--hair); }
-      .btn:hover { border-color: var(--accent); color: var(--accent); }
-
-      /* First-launch splash branding */
-      .init-mark { display: flex; align-items: center; justify-content: space-between; width: 100%; max-width: 440px; margin-bottom: 20px; }
-      .init-mark > span:first-child { font-weight: 600; font-size: 14px; color: var(--fg); }
-      .init-mark .dot { color: var(--accent); }
-      #phase-init h1 { font-size: 22px; font-weight: 600; letter-spacing: -0.02em; }
-    </style>
-  </head>
-  <body>
-    <!-- PHASE: Updater (every launch) ------------------------------->
-    <div class="phase splash active" id="phase-updater">
-      <h1 class="wordmark">clawtool</h1>
-      <div class="spinner"></div>
-      <div class="status" id="upd-splash-status">Checking for updates…</div>
-    </div>
-
-    <!-- PHASE: Initializing / first launch -------------------------->
-    <div class="phase splash" id="phase-init">
-      <div class="init-mark"><span data-brand-mark>clawtool<span class="dot">.</span></span><span class="su-badge">first launch</span></div>
-      <h1 id="initTitle">Setting up clawtool</h1>
-      <div class="status" id="initSub">Bringing your gateway online…</div>
-      <div class="meter"><div class="trackbar"><div class="fill" id="fill"></div></div><div class="pct" id="pct">0%</div></div>
-      <ul class="log" id="log"></ul>
-      <div class="donenote" id="initDone" style="display:none"></div>
-    </div>
-
-    <!-- PHASE: Setup — Welcome (stepped custom installer) ----------->
-    <div class="phase su-welcome" id="phase-welcome">
-      <div class="su-top">
-        <span class="su-mark" data-brand-mark></span>
-        <span class="su-badge" id="w-ver"></span>
-      </div>
-      <div class="su-hero">
-        <h1>Install <span class="su-name" data-brand-name></span></h1>
-        <p class="su-lede" data-brand-tagline></p>
-        <div class="su-facts">
-          <div class="su-fact">
-            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 17l6-6-6-6"/><path d="M12 19h8"/></svg>
-            <span>The <b data-brand-cli></b> command, added to your <b>PATH</b>.</span>
-          </div>
-          <div class="su-fact">
-            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="3" y="4" width="18" height="14" rx="2"/><path d="M8 21h8"/></svg>
-            <span>A desktop app that runs in your tray as the gateway.</span>
-          </div>
-          <div class="su-fact">
-            <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="var(--accent)" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-6.2-8.5"/><path d="M21 4v5h-5"/></svg>
-            <span>Quiet self-updates — no admin prompts.</span>
-          </div>
-        </div>
-      </div>
-      <div class="su-actions">
-        <button class="su-btn su-btn-primary" id="w-install">Install</button>
-        <span class="su-loc" id="w-loc"></span>
-      </div>
-    </div>
-
-    <!-- PHASE: Setup — Installing ------------------------------------>
-    <div class="phase su-installing" id="phase-installing">
-      <div class="su-ihead"><h2>Installing</h2><span class="su-stepof">step 2 / 3</span></div>
-      <div class="su-bar"><i id="i-fill"></i></div>
-      <div class="su-nowline"><span id="i-now">Starting…</span><span class="su-pct" id="i-pct">0%</span></div>
-      <div class="su-logwell">
-        <div class="su-lwhead">install log</div>
-        <div class="su-logfeed" id="i-log"></div>
-      </div>
-    </div>
-
-    <!-- PHASE: Setup — Done ------------------------------------------>
-    <div class="phase su-done" id="phase-done">
-      <div class="su-top">
-        <span class="su-mark" data-brand-mark></span>
-        <span class="su-badge">installed</span>
-      </div>
-      <div class="su-dcenter">
-        <div class="su-check">
-          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="var(--green)" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><path d="M20 6L9 17l-5-5"/></svg>
-        </div>
-        <h1><span data-brand-name></span> is ready</h1>
-        <p>Installed to <code id="d-dir"></code>. Open a <b>new</b> terminal to use the <b data-brand-cli></b> command.</p>
-        <div class="su-actions">
-          <button class="su-btn su-btn-primary" id="d-open">Open <span data-brand-name></span></button>
-          <button class="su-btn su-btn-ghost" id="d-finish">Finish</button>
-        </div>
-      </div>
-    </div>
-
-    <!-- PHASE: App -------------------------------------------------->
-    <div class="phase app" id="phase-app">
-      <aside class="side">
-        <div class="brand">
-          <div class="name" data-brand-mark>clawtool<span class="dot">.</span></div>
-        </div>
-        <nav>
-          <button class="navitem active" data-view="home"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 11l9-8 9 8"/><path d="M5 10v10h14V10"/></svg><span>Home</span></button>
-          <button class="navitem" data-view="network"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="5" r="2.4"/><circle cx="5" cy="19" r="2.4"/><circle cx="19" cy="19" r="2.4"/><path d="M12 7.4v4M10.5 13l-4 4M13.5 13l4 4"/></svg><span>Network</span></button>
-          <button class="navitem" data-view="updates"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-3-6.7"/><path d="M21 4v5h-5"/></svg><span>Updates</span><span class="badge-dot"></span></button>
-        </nav>
-        <div class="foot" id="ver"></div>
-      </aside>
-      <main class="content">
-        <section class="view active" id="view-home">
-          <div class="hm-status">
-            <span class="hm-pulse" id="home-dot"></span>
-            <div class="hm-sttxt">
-              <h1 id="home-title"><span data-brand-name>clawtool</span> is running</h1>
-              <div class="hm-sub" id="home-host">This device is a gateway on your network</div>
-            </div>
-          </div>
-          <div class="hm-metrics">
-            <div class="hm-metric"><div class="n" id="stat-agents">—</div><div class="l">Local agents</div></div>
-            <div class="hm-metric"><div class="n" id="stat-peers">—</div><div class="l">LAN peers</div></div>
-            <div class="hm-metric" data-view="network" style="cursor:pointer"><div class="n" id="stat-xd">—</div><div class="l">Cross-device</div></div>
-          </div>
-          <div class="hm-sec"><h2>Agents on this device</h2><button class="hm-link" data-view="network">Network &rarr;</button></div>
-          <div class="hm-list" id="home-agents"></div>
-          <div class="hm-foot">
-            <span>Closing the window keeps <span data-brand-name>clawtool</span> running in the menu bar.</span>
-            <button class="hm-ghost" data-view="updates">Check for updates</button>
-          </div>
-        </section>
-        <section class="view" id="view-network">
-          <div class="banner" id="net-banner"></div>
-          <h1 class="vh">This device</h1>
-          <div class="lead">Agents running locally on this machine.</div>
-          <div id="local" style="margin-top:14px"></div>
-          <h2 class="section">Cross-device</h2>
-          <div id="xd-card"></div>
-          <h2 class="section">Network <span id="peer-count" style="text-transform:none;letter-spacing:0;color:var(--secondary)"></span></h2>
-          <div id="peers"></div>
-        </section>
-        <section class="view" id="view-updates">
-          <h1 class="vh">Updates</h1>
-          <div class="lead"><span data-brand-name>clawtool</span> checks for a new version each time it launches.</div>
-          <div class="kv" style="margin-top:18px;max-width:540px">
-            <div class="row"><span class="k">Installed</span><span id="upd-current">—</span></div>
-            <div class="row"><span class="k">Latest</span><span id="upd-latest">—</span></div>
-            <div class="row"><span class="k">Status</span><span id="upd-status">checking…</span></div>
-          </div>
-          <div style="display:flex;gap:12px;margin-top:18px">
-            <button class="btn" id="upd-check">Check now</button>
-            <button class="btn primary" id="upd-install" disabled>Install update</button>
-          </div>
-        </section>
-      </main>
-    </div>
-
-    <script>
-      "use strict";
-      const esc = (s) => String(s ?? "").replace(/[&<>"]/g, (c) => ({ "&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;" }[c]));
-      const $ = (id) => document.getElementById(id);
-      const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
-      function app() { return (window.go && window.go.main && window.go.main.App) || null; }
-      async function call(name, ...args) { const a = app(); if (!a || !a[name]) return null; try { return await a[name](...args); } catch (e) { return null; } }
-      function parse(s, fb) { try { return JSON.parse(s); } catch (e) { return fb; } }
-      function showPhase(p) { document.querySelectorAll(".phase").forEach((el) => el.classList.toggle("active", el.id === "phase-" + p)); }
-
-      // ── App nav + views ─────────────────────────────────────────
-      let netTimer = null;
-      function nav(view) {
-        document.querySelectorAll(".navitem").forEach((b) => b.classList.toggle("active", b.dataset.view === view));
-        document.querySelectorAll(".view").forEach((v) => v.classList.toggle("active", v.id === "view-" + view));
-        if (netTimer) { clearInterval(netTimer); netTimer = null; }
-        if (view === "home") loadHome();
-        if (view === "network") { loadCircle(); loadNetwork(); netTimer = setInterval(loadNetwork, 5000); }
-        if (view === "updates") loadUpdates();
-      }
-      document.querySelectorAll("[data-view]").forEach((el) => el.addEventListener("click", () => nav(el.dataset.view)));
-
-      // ── Initializing splash ─────────────────────────────────────
-      const PHASES = [
-        ["daemon health","Starting the gateway"],["host detection","Detecting your agents"],
-        ["bridge add","Installing bridges"],["claim","Claiming agents"],
-        ["MCP config","Writing configuration"],["hooks install","Installing hooks"],
-        ["peer register","Registering this device"],["init","Applying recipes"],["verify","Verifying"],
-      ];
-      const CHECK = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="var(--green)" stroke-width="2.6" stroke-linecap="round" stroke-linejoin="round"><path d="M20 6L9 17l-5-5"/></svg>';
-      const WARN = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="var(--amber)" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><path d="M12 9v4"/><path d="M12 17h.01"/><circle cx="12" cy="12" r="9"/></svg>';
-      const XMARK = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="var(--red)" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><path d="M18 6L6 18"/><path d="M6 6l12 12"/></svg>';
-      let phaseReached = -1, displayPct = 0;
-      function setProgress(p) { displayPct = Math.max(displayPct, Math.min(p, 100)); $("fill").style.width = displayPct + "%"; $("pct").textContent = Math.round(displayPct) + "%"; }
-      function addStep(ev) {
-        const ul = $("log");
-        const icon = ev.level === "ok" ? CHECK : ev.level === "warn" ? WARN : XMARK;
-        const li = document.createElement("li");
-        li.innerHTML = '<span class="g">' + icon + '</span><span class="lab">' + esc(ev.label || ev.raw || "") + "</span>" + (ev.message ? '<span class="msg">' + esc(ev.message) + "</span>" : "");
-        ul.appendChild(li);
-        while (ul.children.length > 6) ul.removeChild(ul.firstChild);
-        const idx = PHASES.findIndex((p) => (ev.label || "").trim().indexOf(p[0]) === 0);
-        if (idx > phaseReached) { phaseReached = idx; $("initSub").textContent = PHASES[idx][1] + "…"; }
-        if (idx >= 0) setProgress(Math.round(((idx + 1) / PHASES.length) * 95));
-      }
-      function initFinish(ev) {
-        const ok = !!ev.ok;
-        setProgress(ok ? 100 : displayPct);
-        $("initTitle").textContent = ok ? BRAND.name + " is ready" : "Setup needs attention";
-        $("initSub").textContent = ok ? "Your gateway is live on this device." : "Review the steps above.";
-        const d = $("initDone"); d.style.display = "block";
-        d.innerHTML = ok
-          ? "The <code>" + esc(BRAND.cli) + "</code> command is on your PATH — open a <b>new</b> terminal to use it."
-          : esc(ev.summary || "Something didn't finish. You can retry from the tray.");
-        if (ok) setTimeout(enterApp, 1100);
-      }
-      async function runInitializing() {
-        await loadBrand(); applyBrand();
-        $("initTitle").textContent = "Setting up " + BRAND.name;
-        showPhase("init"); setProgress(5);
-        if (window.runtime && window.runtime.EventsOn) {
-          window.runtime.EventsOn("install:step", addStep);
-          window.runtime.EventsOn("install:done", initFinish);
-        }
-        call("Install");
-      }
-
-      // ── Custom stepped installer (Welcome → Installing → Done) ──
-      // The setup build embeds the payload; RunSetup lays it on disk and
-      // streams "setup:step" events. User-driven: Welcome [Install] → live
-      // install log → Done [Open]. Product identity comes from App.Brand(),
-      // so the UI never hardcodes the name.
-      let BRAND = { name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" };
-      async function loadBrand() { const b = parse(await call("Brand"), null); if (b && b.name) BRAND = b; }
-      function applyBrand() {
-        document.querySelectorAll("[data-brand-name]").forEach((e) => (e.textContent = BRAND.name));
-        document.querySelectorAll("[data-brand-cli]").forEach((e) => (e.textContent = BRAND.cli));
-        document.querySelectorAll("[data-brand-tagline]").forEach((e) => (e.textContent = BRAND.tagline || ""));
-        document.querySelectorAll("[data-brand-mark]").forEach((e) => (e.innerHTML = esc(BRAND.name) + '<span class="dot">.</span>'));
-        if (BRAND.installDir) { $("w-loc").textContent = BRAND.installDir; $("d-dir").textContent = BRAND.installDir; }
-        if (BRAND.version) $("w-ver").textContent = "v" + BRAND.version;
-        document.title = BRAND.name;
-      }
-
-      // Monotonic progress — Wails delivers events asynchronously, so a step
-      // can land after RunSetup resolved; never let progress run backwards.
-      let iPct = 0, setupFinished = false, stepN = 0;
-      function setIPct(p) { iPct = Math.max(iPct, Math.min(p, 100)); $("i-fill").style.width = iPct + "%"; $("i-pct").textContent = Math.round(iPct) + "%"; }
-      function clock() { const d = new Date(); return [d.getHours(), d.getMinutes(), d.getSeconds()].map((n) => String(n).padStart(2, "0")).join(":"); }
-      function logLine(html, cls) {
-        const feed = $("i-log");
-        const line = document.createElement("div");
-        line.className = "su-lline" + (cls ? " " + cls : "");
-        line.innerHTML = '<span class="t">' + clock() + '</span><span class="m">' + html + "</span>";
-        feed.appendChild(line); feed.scrollTop = feed.scrollHeight;
-      }
-      function onSetupStep(ev) {
-        if (setupFinished || !ev || !ev.label) return;
-        $("i-now").textContent = ev.label + "…";
-        logLine(esc(ev.label) + (ev.detail ? '  <span class="dim">' + esc(ev.detail) + "</span>" : ""), "ok");
-        stepN++; setIPct(8 + Math.min(88, stepN * 9));
-      }
-      async function startInstall() {
-        showPhase("installing"); setIPct(4);
-        logLine('<span class="tag">setup</span>  beginning install of ' + esc(BRAND.name), "ok");
-        if (window.runtime && window.runtime.EventsOn) window.runtime.EventsOn("setup:step", onSetupStep);
-        const r = parse(await call("RunSetup"), { ok: false });
-        const ok = !!(r && r.ok);
-        setupFinished = true; setIPct(100);
-        if (ok) {
-          $("i-now").textContent = "Done";
-          logLine('<span class="tag">setup</span>  install complete', "done");
-          if (r.dir) $("d-dir").textContent = r.dir;
-          await sleep(550); showPhase("done");
-        } else {
-          $("i-now").textContent = "Failed";
-          logLine('<span class="tag">setup</span>  ' + esc((r && r.error) || "install failed"), "warn");
-        }
-      }
-      function setupWelcome() {
-        applyBrand();
-        $("w-install").onclick = startInstall;
-        $("d-open").onclick = async () => { await call("OpenInstalled"); setTimeout(() => call("Quit"), 600); };
-        $("d-finish").onclick = () => call("Quit");
-        showPhase("welcome");
-      }
-
-      // ── Network view ────────────────────────────────────────────
-      const expanded = new Set();
-      function statusBadge(s) { s = (s || "").toLowerCase();
-        if (s === "online") return '<span class="badge ok">online</span>';
-        if (s === "busy") return '<span class="badge busy">busy</span>';
-        if (s === "offline") return '<span class="badge off">offline</span>';
-        return '<span class="badge">' + esc(s || "unknown") + "</span>"; }
-      function relTime(iso) { if (!iso) return "—"; const t = new Date(iso).getTime(); if (isNaN(t)) return "—";
-        const s = Math.max(0, Math.round((Date.now() - t) / 1000));
-        if (s < 5) return "just now"; if (s < 60) return s + "s ago"; if (s < 3600) return Math.floor(s/60) + "m ago"; return Math.floor(s/3600) + "h ago"; }
-      function agentRow(a) {
-        const dis = a.status === "disabled";
-        const stcls = dis ? "off" : (a.callable ? "" : "busy");
-        const sttext = a.status || (a.callable ? "callable" : "—");
-        const mono = esc((a.instance || "?").slice(0, 2));
-        return '<div class="agent-row"><span class="av">' + mono + '</span><div class="ar-txt"><div class="ar-nm">' + esc(a.instance) +
-          '</div><div class="ar-meta">' + esc(a.family) + (a.bridge ? " · " + esc(a.bridge) : "") + '</div></div>' +
-          '<span class="ar-st ' + stcls + '"><span class="d"></span>' + esc(sttext) + "</span></div>";
-      }
-      function cssEsc(s) { return String(s).replace(/["\\]/g, "\\$&"); }
-      async function loadNetwork() {
-        const snap = parse(await call("NetworkSnapshot"), { ok: false });
-        const banner = $("net-banner");
-        if (!snap || !snap.ok) {
-          banner.className = "banner show";
-          banner.innerHTML = "<span>Starting the local gateway…</span>";
-          // Self-heal: respawn a stale/stopped daemon; the next 5s poll recovers.
-          call("EnsureGateway");
-          return;
-        }
-        banner.className = "banner";
-        const agents = (snap.agents && snap.agents.agents) || [];
-        $("local").innerHTML = agents.length
-          ? '<div class="agent-list">' + agents.map(agentRow).join("") + "</div>"
-          : '<div class="hm-empty">No agents here yet — run <code>' + esc(BRAND.cli) + ' onboard</code> to connect one.</div>';
-        const peers = (snap.peers && snap.peers.peers) || [];
-        $("peer-count").textContent = peers.length ? "(" + peers.length + ")" : "";
-        const pe = $("peers");
-        if (!peers.length) { pe.className = ""; pe.innerHTML = '<div class="note">No peers discovered yet. Start clawtool on another machine on this network — paired devices appear automatically over mDNS.</div>'; return; }
-        pe.className = "grid"; pe.innerHTML = peers.map(peerCard).join("");
-        for (const p of peers) { const b = document.querySelector('[data-peer="' + cssEsc(p.peer_id) + '"]'); if (b) b.addEventListener("click", () => togglePeer(p)); if (expanded.has(p.peer_id)) loadPeer(p, true); }
-      }
-      function peerCard(p) {
-        const m = p.metadata || {}; const host = m.hostname || p.display_name || p.peer_id;
-        return '<div class="card"><div class="title">' + esc(p.display_name || host) + " " + statusBadge(p.status) + "</div><div class=\"sub\">" + esc(host) + "</div>" +
-          '<div class="row"><span class="k">Address</span><span>' + esc(m.address || "—") + "</span></div>" +
-          '<div class="row"><span class="k">Version</span><span>' + esc(m.peer_version ? "v" + m.peer_version : "—") + "</span></div>" +
-          '<div class="row"><span class="k">Last seen</span><span>' + esc(relTime(p.last_seen)) + "</span></div>" +
-          '<div style="margin-top:12px"><button class="linkbtn" data-peer="' + esc(p.peer_id) + '">' + (expanded.has(p.peer_id) ? "Hide agents & details" : "Show agents & details") + '</button><div id="px-' + esc(p.peer_id) + '"></div></div></div>';
-      }
-      function togglePeer(p) {
-        const b = document.querySelector('[data-peer="' + cssEsc(p.peer_id) + '"]');
-        if (expanded.has(p.peer_id)) { expanded.delete(p.peer_id); const c = $("px-" + p.peer_id); if (c) c.innerHTML = ""; if (b) b.textContent = "Show agents & details"; }
-        else { expanded.add(p.peer_id); if (b) b.textContent = "Hide agents & details"; loadPeer(p, false); }
-      }
-      async function loadPeer(p, silent) {
-        const c = $("px-" + p.peer_id); if (!c) return;
-        if (!silent) c.innerHTML = '<div class="sub" style="margin-top:8px">Loading…</div>';
-        const res = parse(await call("PeerAgents", p.peer_id), { ok: false });
-        if (!res || res.ok === false) { c.innerHTML = '<div class="err">Could not reach this peer to list its agents.</div>'; return; }
-        if (res.needs_circle_key) { c.innerHTML = '<div class="sub" style="margin-top:8px">🔒 Join a circle to see this peer’s agents — run <code>clawtool a2a circle-key generate</code> here, then <code>set</code> the same key on this peer.</div>'; return; }
-        if (res.not_in_circle) { c.innerHTML = '<div class="sub" style="margin-top:8px">🔒 This peer isn’t in your circle — set the same circle key on both devices.</div>'; return; }
-        const agents = res.agents || [];
-        c.innerHTML = agents.length ? '<div class="sub" style="margin-top:10px">Agents (' + agents.length + ')</div><div class="agents">' + agents.map(agentRow).join("") + "</div>" : '<div class="sub" style="margin-top:8px">No agents on this peer.</div>';
-      }
-
-      // ── Updates view ────────────────────────────────────────────
-      let updateAvailable = false;
-      function applyUpdate(c) {
-        if (!c || c.ok === false || !c.found) {
-          $("upd-current").textContent = c && c.current ? "v" + c.current : "—";
-          $("upd-latest").textContent = "—";
-          $("upd-status").textContent = c && c.ok === false ? "couldn't check" : "no published release";
-          return;
-        }
-        $("upd-current").textContent = "v" + c.current;
-        $("upd-latest").textContent = "v" + c.latest;
-        updateAvailable = !!c.update_available;
-        $("upd-status").textContent = updateAvailable ? "update available" : "up to date";
-        $("upd-install").disabled = !updateAvailable;
-        document.querySelector('[data-view="updates"]').classList.toggle("has-update", updateAvailable);
-        if (c.current) $("ver").textContent = "v" + c.current;
-      }
-      async function loadUpdates() { $("upd-status").textContent = "checking…"; applyUpdate(parse(await call("CheckUpdate"), null)); }
-      $("upd-check").addEventListener("click", loadUpdates);
-      $("upd-install").addEventListener("click", async () => {
-        $("upd-install").disabled = true; $("upd-status").textContent = "installing…";
-        const r = parse(await call("InstallUpdate"), { ok: false });
-        $("upd-status").textContent = (r && r.ok) ? "updated — restart clawtool to finish" : "update failed";
-        if (r && r.ok) { updateAvailable = false; document.querySelector('[data-view="updates"]').classList.remove("has-update"); }
-      });
-
-      // ── Cross-device (circle key) ───────────────────────────────
-      const COPY = '<svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="9" y="9" width="11" height="11" rx="2"/><path d="M5 15V5a2 2 0 0 1 2-2h10"/></svg>';
-      let circleState = { has_key: false, key: "" };
-      let lanState = { enabled: false };
-      let lanBusy = false;
-      function toast(msg) {
-        let t = $("toast"); if (!t) { t = document.createElement("div"); t.id = "toast"; t.className = "toast"; document.body.appendChild(t); }
-        t.textContent = msg; t.classList.add("show"); clearTimeout(t._h); t._h = setTimeout(() => t.classList.remove("show"), 1900);
-      }
-      async function copyText(text, label) {
-        try { await navigator.clipboard.writeText(text); toast((label || "Copied") + " ✓"); } catch (e) { toast("Couldn't copy"); }
-      }
-      function maskKey(k) { return k && k.length > 14 ? k.slice(0, 8) + "…" + k.slice(-4) : k; }
-      function refreshXdStat() {
-        const on = circleState.has_key;
-        const n = $("stat-xd"); if (n) n.textContent = on ? "On" : "Off";
-        const m = $("xd-mini"); if (m) m.classList.toggle("off", !on);
-      }
-      async function loadCircle() {
-        const st = parse(await call("CircleStatus"), { ok: false });
-        circleState = (st && st.ok) ? st : { has_key: false, key: "" };
-        const ln = parse(await call("LanStatus"), { ok: false });
-        lanState = (ln && ln.ok) ? ln : { enabled: false };
-        renderXdCard(); refreshXdStat();
-      }
-      function lanSwitchHTML() {
-        return '<div class="switchrow"><div class="txt"><div class="st">Reachable on your LAN</div>' +
-          '<div class="sd">Let circle devices on your network read this device’s agent list. Code execution stays local-only; the first time, your OS may ask to allow it through the firewall.</div></div>' +
-          '<label class="switch' + (lanBusy ? " busy" : "") + '"><input type="checkbox" id="lan-sw"' + (lanState.enabled ? " checked" : "") + '><span class="track"></span><span class="knob"></span></label></div>';
-      }
-      async function lanToggle(e) {
-        const want = !!e.target.checked;
-        lanBusy = true; renderXdCard();
-        toast(want ? "Enabling LAN reachability…" : "Disabling…");
-        const r = parse(await call(want ? "LanEnable" : "LanDisable"), { ok: false });
-        lanBusy = false;
-        if (r && r.ok) { lanState.enabled = want; toast(want ? "Reachable on your LAN ✓" : "Loopback-only ✓"); }
-        else { toast((r && r.error) ? r.error : "Could not change LAN reachability"); }
-        renderXdCard();
-      }
-      function renderXdCard() {
-        const el = $("xd-card"); if (!el) return;
-        let inner;
-        if (circleState.has_key) {
-          const k = circleState.key || "";
-          inner =
-            '<div class="head"><span class="t">Cross-device peering</span><span class="pill on"><span class="pd"></span>On</span></div>' +
-            '<div class="desc">Devices that share this circle key can see each other’s agents over your network.</div>' +
-            '<div class="keybox"><code id="ckey" title="' + esc(k) + '">' + esc(maskKey(k)) + '</code><button class="iconbtn" id="ck-copy" title="Copy key">' + COPY + '</button></div>' +
-            '<div class="hint">On your other devices, open clawtool → Network → <b>Join with a key</b>, then paste this key.</div>' +
-            '<div style="margin-top:14px"><button class="btn ghost danger" id="ck-leave">Leave circle</button></div>';
-        } else {
-          inner =
-            '<div class="head"><span class="t">Cross-device peering</span><span class="pill"><span class="pd"></span>Off</span></div>' +
-            '<div class="desc">Create a circle to let your devices see each other’s agents. Generate a key here, then join the same circle on your other devices.</div>' +
-            '<div class="actions" style="margin-top:14px"><button class="btn primary" id="ck-gen">Generate circle key</button><button class="btn ghost" id="ck-join-toggle">Join with a key…</button></div>' +
-            '<div class="reveal" id="ck-join"><input class="input" id="ck-input" placeholder="Paste the circle key from your other device" autocomplete="off" spellcheck="false" /><div class="actions" style="margin-top:10px"><button class="btn primary" id="ck-join-go">Join circle</button></div></div>';
-        }
-        el.innerHTML = '<div class="xd">' + inner + lanSwitchHTML() + '</div>';
-        if (circleState.has_key) {
-          $("ck-copy").addEventListener("click", () => copyText(circleState.key || "", "Circle key copied"));
-          $("ck-leave").addEventListener("click", circleLeave);
-        } else {
-          $("ck-gen").addEventListener("click", circleGenerate);
-          $("ck-join-toggle").addEventListener("click", () => { $("ck-join").classList.toggle("show"); const i = $("ck-input"); if (i) i.focus(); });
-          $("ck-join-go").addEventListener("click", circleJoin);
-          $("ck-input").addEventListener("keydown", (e) => { if (e.key === "Enter") circleJoin(); });
-        }
-        const sw = $("lan-sw"); if (sw) sw.addEventListener("change", lanToggle);
-      }
-      async function circleGenerate() {
-        const b = $("ck-gen"); if (b) { b.disabled = true; b.textContent = "Generating…"; }
-        const r = parse(await call("CircleGenerate"), { ok: false });
-        if (r && r.ok && r.key) { circleState = { has_key: true, key: r.key }; renderXdCard(); refreshXdStat(); copyText(r.key, "Circle key copied"); }
-        else { toast("Could not generate a key"); if (b) { b.disabled = false; b.textContent = "Generate circle key"; } }
-      }
-      async function circleJoin() {
-        const inp = $("ck-input"); if (!inp) return;
-        const key = inp.value.trim(); if (!key) { inp.focus(); return; }
-        const go = $("ck-join-go"); if (go) { go.disabled = true; go.textContent = "Joining…"; }
-        const r = parse(await call("CircleSet", key), { ok: false });
-        if (r && r.ok) { circleState = { has_key: true, key }; renderXdCard(); refreshXdStat(); toast("Joined the circle ✓"); }
-        else { toast((r && r.error) ? r.error : "Could not join"); if (go) { go.disabled = false; go.textContent = "Join circle"; } }
-      }
-      async function circleLeave() {
-        const r = parse(await call("CircleClear"), { ok: false });
-        if (r && r.ok) { circleState = { has_key: false, key: "" }; renderXdCard(); refreshXdStat(); toast("Left the circle"); }
-        else { toast("Could not leave"); }
-      }
-
-      // ── Home ────────────────────────────────────────────────────
-      async function loadHome() {
-        const snap = parse(await call("NetworkSnapshot"), { ok: false });
-        const ok = !!(snap && snap.ok);
-        $("home-dot").classList.toggle("off", !ok);
-        $("home-title").innerHTML = ok ? '<span data-brand-name>' + esc(BRAND.name) + "</span> is running" : "Starting the gateway…";
-        $("home-host").textContent = ok ? "This device is reachable as a " + BRAND.name + " gateway." : "Bringing the local gateway online…";
-        if (!ok) call("EnsureGateway");
-        const agents = (ok && snap.agents && snap.agents.agents) || [];
-        $("stat-agents").textContent = ok && snap.agents && snap.agents.count != null ? snap.agents.count : agents.length;
-        $("stat-peers").textContent = ok && snap.peers && snap.peers.count != null ? snap.peers.count : "0";
-        $("home-agents").innerHTML = agents.length
-          ? agents.map(agentRow).join("")
-          : '<div class="hm-empty">No agents here yet — run <code>' + esc(BRAND.cli) + ' onboard</code> to connect one.</div>';
-        const st = parse(await call("CircleStatus"), { ok: false });
-        circleState = (st && st.ok) ? st : { has_key: false, key: "" };
-        refreshXdStat();
-      }
-
-      // ── App entry + ready stats ─────────────────────────────────
-      async function showReady() {
-        const snap = parse(await call("NetworkSnapshot"), { ok: false });
-        if (snap && snap.ok) {
-          $("stat-agents").textContent = (snap.agents && snap.agents.count != null) ? snap.agents.count : "0";
-          $("stat-peers").textContent = (snap.peers && snap.peers.count != null) ? snap.peers.count : "0";
-        }
-      }
-      let entered = false;
-      async function enterApp() {
-        if (entered) return; entered = true;
-        await loadBrand(); applyBrand();  // drive the wordmark + copy from App.Brand()
-        await call("EnterApp");          // grow the window from splash to app
-        showPhase("app");
-        showReady();
-        nav("home");                     // land on the overview, not deep in the network list
-        if (lastCheck) applyUpdate(lastCheck);
-      }
-
-      // ── boot: Updater → (Initializing) → app ────────────────────
-      let lastCheck = null;
-      async function boot() {
-        for (let i = 0; i < 40 && !app(); i++) await sleep(50);
-        const mode = await call("Mode");
-        // Setup build: show the stepped custom installer (Welcome → Installing
-        // → Done). No update-check — this IS the fresh install.
-        if (mode === "setup") { await loadBrand(); return setupWelcome(); }
-        showPhase("updater");
-        $("upd-splash-status").textContent = "Checking for updates…";
-        lastCheck = parse(await call("CheckUpdate"), null);
-        if (lastCheck && lastCheck.current) $("ver").textContent = "v" + lastCheck.current;
-        if (lastCheck && lastCheck.found && lastCheck.update_available) {
-          $("upd-splash-status").textContent = "Downloading clawtool v" + lastCheck.latest + "…";
-          const r = parse(await call("InstallUpdate"), { ok: false });
-          $("upd-splash-status").textContent = (r && r.ok) ? "Updated ✓  Starting…" : "Update failed — continuing…";
-          if (r && r.ok && lastCheck) lastCheck.update_available = false;
-          await sleep(700);
-        } else {
-          $("upd-splash-status").textContent = lastCheck && lastCheck.current ? "Up to date · v" + lastCheck.current : "Starting…";
-          await sleep(450);
-        }
-        if (mode === "installer") {
-          // Installer role: run the one-time initialize flow (unless this
-          // device was already set up — then just hand straight to the app).
-          const inited = await call("IsInitialized");
-          if (inited === true) {
-            $("upd-splash-status").textContent = "Already initialized · starting…";
-            await call("EnsureGateway");
-            enterApp();
-          } else {
-            runInitializing(); // initFinish → enterApp on success
-          }
-        } else {
-          // App role: the installer already initialized this device, so the
-          // app never initializes — just heal a stale/leftover gateway
-          // (idempotent; a healthy daemon is left as-is) and open the UI.
-          $("upd-splash-status").textContent = "Starting the gateway…";
-          await call("EnsureGateway");
-          enterApp();
-        }
-      }
-      window.addEventListener("DOMContentLoaded", boot);
-    </script>
-  </body>
-</html>
diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index 0e66e54..93d606b 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -21,6 +21,7 @@ import (
 	"github.com/wailsapp/wails/v2"
 	"github.com/wailsapp/wails/v2/pkg/options"
 	"github.com/wailsapp/wails/v2/pkg/options/assetserver"
+	"github.com/wailsapp/wails/v2/pkg/options/mac"
 )
 
 // assets embeds the splash frontend. `wails build` populates/uses
@@ -58,9 +59,17 @@ func main() {
 	}
 
 	err := wails.Run(&options.App{
-		Title:  "clawtool",
-		Width:  520,
-		Height: 420,
+		Title: "clawtool",
+		// Frameless: the OS title bar is dropped in favour of our own custom
+		// titlebar (drag region + window controls) rendered by the frontend,
+		// so the chrome is consistent across Windows and macOS. On macOS we
+		// keep the native inset traffic lights (top-left) and reserve a gutter
+		// for them; on Windows the frontend draws min/maximize/close on the
+		// right.
+		Frameless: true,
+		Mac:       &mac.Options{TitleBar: mac.TitleBarHiddenInset()},
+		Width:     520,
+		Height:    420,
 		// The window opens as a small, fixed Discord-style splash — the
 		// Updater phase (every launch) and, on first run, the
 		// Initializing phase render here. Once those finish, the frontend
diff --git a/desktop/apps/app-ui/package.json b/desktop/apps/app-ui/package.json
index 5be3039..043b21f 100644
--- a/desktop/apps/app-ui/package.json
+++ b/desktop/apps/app-ui/package.json
@@ -11,7 +11,8 @@
     "@clawtool/bridge": "workspace:*",
     "@clawtool/design-system": "workspace:*",
     "react": "^18.3.1",
-    "react-dom": "^18.3.1"
+    "react-dom": "^18.3.1",
+    "@clawtool/installer-ui": "workspace:*"
   },
   "devDependencies": {
     "@types/react": "^18.3.12",
diff --git a/desktop/apps/app-ui/src/Init.module.css b/desktop/apps/app-ui/src/Init.module.css
new file mode 100644
index 0000000..36e05e3
--- /dev/null
+++ b/desktop/apps/app-ui/src/Init.module.css
@@ -0,0 +1,6 @@
+.shell { display: flex; flex-direction: column; height: 100vh; }
+.body { flex: 1; min-height: 0; display: flex; flex-direction: column; padding: 26px 30px 22px; }
+.top { display: flex; align-items: center; justify-content: space-between; margin-bottom: 18px; }
+.title { font-size: var(--size-xl); font-weight: 600; letter-spacing: -0.02em; }
+.sub { color: var(--text-secondary); font-size: 13px; margin-top: 2px; }
+.bar { margin: 14px 0; }
diff --git a/desktop/apps/app-ui/src/InitSurface.tsx b/desktop/apps/app-ui/src/InitSurface.tsx
new file mode 100644
index 0000000..8639593
--- /dev/null
+++ b/desktop/apps/app-ui/src/InitSurface.tsx
@@ -0,0 +1,72 @@
+import { useEffect, useRef, useState } from "react";
+import { Badge, LogFeed, ProgressBar, TitleBar, Wordmark, type LogLine, type Platform } from "@clawtool/design-system";
+import { App as Backend, Win, environmentPlatform, on, type Brand, type InstallDone, type InstallStep } from "@clawtool/bridge";
+import styles from "./Init.module.css";
+
+function clock(): string {
+  const d = new Date();
+  return [d.getHours(), d.getMinutes(), d.getSeconds()].map((n) => String(n).padStart(2, "0")).join(":");
+}
+
+// First-launch onboarding: runs the one-time initialize flow (daemon, bridges,
+// agent claim) with a branded, live progress view, then hands off to the app.
+export function InitSurface({ onDone }: { onDone: () => void }) {
+  const [platform, setPlatform] = useState<Platform>("windows");
+  const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
+  const [lines, setLines] = useState<LogLine[]>([]);
+  const [pct, setPct] = useState(4);
+  const [ready, setReady] = useState(false);
+  const pctRef = useRef(4);
+  const doneRef = useRef(false);
+
+  function bump(to: number) {
+    pctRef.current = Math.max(pctRef.current, Math.min(to, 100));
+    setPct(pctRef.current);
+  }
+
+  useEffect(() => {
+    environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
+    Backend.brand().then(setBrand);
+    let n = 0;
+    const offStep = on<InstallStep>("install:step", (s) => {
+      if (doneRef.current || !s?.label) return;
+      const tone = s.level === "warn" ? "warn" : s.level === "fail" ? "warn" : "ok";
+      setLines((prev) => [...prev, { time: clock(), label: s.label!, detail: s.message, tone }]);
+      n += 1;
+      bump(8 + Math.min(86, n * 11));
+    });
+    const offDone = on<InstallDone>("install:done", (d) => {
+      doneRef.current = true;
+      bump(100);
+      if (d?.ok) {
+        setReady(true);
+        setTimeout(onDone, 1100);
+      }
+    });
+    Backend.install();
+    return () => {
+      offStep();
+      offDone();
+    };
+  }, [onDone]);
+
+  const controls = { onMinimize: () => Win.minimise(), onToggleMaximize: () => Win.toggleMaximise(), onClose: () => Win.quit() };
+
+  return (
+    <div className={styles.shell}>
+      <TitleBar platform={platform} controls={controls} />
+      <section className={styles.body}>
+        <div className={styles.top}>
+          <Wordmark name={brand.name} />
+          <Badge>first launch</Badge>
+        </div>
+        <h1 className={styles.title}>{ready ? `${brand.name} is ready` : `Setting up ${brand.name}`}</h1>
+        <div className={styles.sub}>{ready ? "Your gateway is live on this device." : "Bringing your gateway online…"}</div>
+        <div className={styles.bar}>
+          <ProgressBar value={pct} />
+        </div>
+        <LogFeed title="setup" lines={lines} />
+      </section>
+    </div>
+  );
+}
diff --git a/desktop/apps/app-ui/src/Root.tsx b/desktop/apps/app-ui/src/Root.tsx
new file mode 100644
index 0000000..309eb01
--- /dev/null
+++ b/desktop/apps/app-ui/src/Root.tsx
@@ -0,0 +1,35 @@
+import { useEffect, useState } from "react";
+import { App as Backend } from "@clawtool/bridge";
+import { App as InstallerSurface } from "@clawtool/installer-ui";
+import { App } from "./App";
+import { InitSurface } from "./InitSurface";
+
+type Route = "loading" | "setup" | "init" | "app";
+
+// The single shipping SPA routes on the Go-decided mode:
+//   setup     -> the installer flow (self-install)
+//   installer -> first-launch onboarding (one-time init) if not yet initialized
+//   app        -> the main app
+// (The physical 3-binary split reuses these same surfaces, one per binary.)
+export function Root() {
+  const [route, setRoute] = useState<Route>("loading");
+
+  function enterApp() {
+    Backend.enterApp(); // grow the window from the fixed splash to the full app
+    setRoute("app");
+  }
+
+  useEffect(() => {
+    (async () => {
+      const mode = await Backend.mode();
+      if (mode === "setup") return setRoute("setup");
+      if (mode === "installer" && !(await Backend.isInitialized())) return setRoute("init");
+      enterApp();
+    })();
+  }, []);
+
+  if (route === "loading") return null;
+  if (route === "setup") return <InstallerSurface />;
+  if (route === "init") return <InitSurface onDone={enterApp} />;
+  return <App />;
+}
diff --git a/desktop/apps/app-ui/src/main.tsx b/desktop/apps/app-ui/src/main.tsx
index 31cb538..9ef557d 100644
--- a/desktop/apps/app-ui/src/main.tsx
+++ b/desktop/apps/app-ui/src/main.tsx
@@ -1,10 +1,10 @@
 import { StrictMode } from "react";
 import { createRoot } from "react-dom/client";
 import "@clawtool/design-system/global.css";
-import { App } from "./App";
+import { Root } from "./Root";
 
 createRoot(document.getElementById("root")!).render(
   <StrictMode>
-    <App />
+    <Root />
   </StrictMode>,
 );
diff --git a/desktop/apps/installer-ui/package.json b/desktop/apps/installer-ui/package.json
index 322c88b..97d2988 100644
--- a/desktop/apps/installer-ui/package.json
+++ b/desktop/apps/installer-ui/package.json
@@ -2,6 +2,9 @@
   "name": "@clawtool/installer-ui",
   "private": true,
   "type": "module",
+  "exports": {
+    ".": "./src/App.tsx"
+  },
   "scripts": {
     "dev": "vite",
     "build": "vite build",
diff --git a/desktop/package.json b/desktop/package.json
index cb81c61..50a996e 100644
--- a/desktop/package.json
+++ b/desktop/package.json
@@ -2,6 +2,7 @@
   "name": "clawtool-desktop",
   "private": true,
   "type": "module",
+  "packageManager": "pnpm@10.33.0",
   "scripts": {
     "typecheck": "pnpm -r typecheck",
     "build": "pnpm -r build"
diff --git a/desktop/packages/design-system/src/components/TitleBar.tsx b/desktop/packages/design-system/src/components/TitleBar.tsx
index 715ba19..c9a2d1a 100644
--- a/desktop/packages/design-system/src/components/TitleBar.tsx
+++ b/desktop/packages/design-system/src/components/TitleBar.tsx
@@ -38,7 +38,9 @@ export function TitleBar({
       style={{ "--wails-draggable": "drag" } as CSSProperties}
       onDoubleClick={controls.onToggleMaximize}
     >
-      {onMac ? buttons : null}
+      {/* macOS keeps its native inset traffic lights (top-left): reserve a
+          gutter and render no custom buttons. Windows/Linux: custom controls
+          on the right. */}
       {onMac ? <div className={styles.gutterMac} /> : null}
       <div className={styles.center}>{center}</div>
       {onMac ? null : buttons}
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index 5298c31..0f6a07a 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -48,6 +48,9 @@ importers:
       '@clawtool/design-system':
         specifier: workspace:*
         version: link:../../packages/design-system
+      '@clawtool/installer-ui':
+        specifier: workspace:*
+        version: link:../installer-ui
       react:
         specifier: ^18.3.1
         version: 18.3.1

From 1fd60a80b636303bee0b44fd2e0b7398661c6ebb Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 04:45:37 +0300
Subject: [PATCH 18/86] docs(installer): update stale 'vanilla frontend' notes
 for the React SPA

---
 cmd/clawtool-installer/main.go    | 9 +++++----
 cmd/clawtool-installer/wails.json | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index 93d606b..cd4f48f 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -10,7 +10,7 @@
 // Wails toolchain + platform webview libs to build — it is NOT
 // compiled by the main repo CI. Build + verify with `wails build`
 // (or `wails dev`) on a Windows / macOS host. The Go here is
-// gofmt-clean and follows the Wails v2 vanilla template; treat any
+// gofmt-clean and follows the Wails v2 conventions; treat any
 // build error as a version-pin / API-drift fix, not a redesign.
 package main
 
@@ -24,9 +24,10 @@ import (
 	"github.com/wailsapp/wails/v2/pkg/options/mac"
 )
 
-// assets embeds the splash frontend. `wails build` populates/uses
-// frontend/dist; the vanilla (no-bundler) setup keeps the static
-// files directly under frontend/dist.
+// assets embeds the built React SPA (the desktop/ pnpm monorepo's app-ui,
+// Vite-built). CI runs `pnpm build` and copies the bundle into frontend/dist
+// before the Go build; locally, do the same. The single SPA routes on
+// App.Mode() to the app / installer / first-launch surfaces.
 //
 //go:embed all:frontend/dist
 var assets embed.FS
diff --git a/cmd/clawtool-installer/wails.json b/cmd/clawtool-installer/wails.json
index 0e3996b..0e4670a 100644
--- a/cmd/clawtool-installer/wails.json
+++ b/cmd/clawtool-installer/wails.json
@@ -14,6 +14,6 @@
     "companyName": "Cogitave",
     "productName": "clawtool",
     "copyright": "Copyright © Cogitave",
-    "comments": "clawtool desktop app — vanilla (no-bundler) frontend; static files live under frontend/dist and are embedded directly."
+    "comments": "clawtool desktop app — React SPA (desktop/ pnpm monorepo, Vite-built) embedded from frontend/dist; CI builds the bundle and places it there before the Go build."
   }
 }

From a2072902405a38ddd7aded63ef463929dfb348d1 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 23:10:22 +0300
Subject: [PATCH 19/86] feat(desktop): Agents tab, agent icons, fix circle
 copy/join, connect affordances

- Fix circle key: auto-copy on generate + a Copy button + toast (was uncopyable).
- Implement "Join with a key" (was a dead button): reveal input -> circleSet.
- Per-family AgentIcon (claude/codex/gemini/opencode/hermes, brand-tinted monograms).
- New Agents tab: per-agent rows with icon + family/bridge/tags/sandbox, Connect
  (claim) / Disconnect (release) actions, and this device's A2A card (name/version/
  url/skills). Go bindings AgentClaim/AgentRelease/LocalCard added.
- Install/connect affordances: bridge-missing agents show "Install bridge"/"Connect"
  instead of a dead row; empty states route to the Agents tab.
- Network view now focuses on cross-device (circle/LAN) + devices.
---
 cmd/clawtool-installer/app.go                 |  45 ++++++
 desktop/apps/app-ui/src/App.module.css        |  23 +++
 desktop/apps/app-ui/src/App.tsx               |   7 +-
 .../app-ui/src/components/Toast.module.css    |  20 +++
 desktop/apps/app-ui/src/components/Toast.tsx  |  11 ++
 desktop/apps/app-ui/src/icons.tsx             |   9 ++
 desktop/apps/app-ui/src/views/Agents.tsx      | 112 +++++++++++++
 desktop/apps/app-ui/src/views/Home.tsx        |   8 +-
 desktop/apps/app-ui/src/views/Network.tsx     | 150 +++++++++++-------
 desktop/packages/bridge/src/app.ts            |   6 +
 desktop/packages/bridge/src/types.ts          |  14 ++
 .../src/components/AgentIcon.module.css       |  10 ++
 .../src/components/AgentIcon.tsx              |  28 ++++
 .../src/components/AgentRow.module.css        |   1 +
 .../design-system/src/components/AgentRow.tsx |  27 +++-
 desktop/packages/design-system/src/index.ts   |   1 +
 16 files changed, 407 insertions(+), 65 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/components/Toast.module.css
 create mode 100644 desktop/apps/app-ui/src/components/Toast.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Agents.tsx
 create mode 100644 desktop/packages/design-system/src/components/AgentIcon.module.css
 create mode 100644 desktop/packages/design-system/src/components/AgentIcon.tsx

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index f64161e..3c96e73 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -670,6 +670,51 @@ func (a *App) lanSet(mode string) string {
 	return `{"ok":true}`
 }
 
+// AgentClaim registers clawtool with an agent host (e.g. claude / codex) so
+// the agent can call clawtool's tools — `clawtool agents claim <name>`. This
+// is the "Connect" action that resolves a bridge-missing agent.
+func (a *App) AgentClaim(name string) string { return a.agentAction("claim", name) }
+
+// AgentRelease unregisters clawtool from an agent host —
+// `clawtool agents release <name>` (the "Disconnect" action).
+func (a *App) AgentRelease(name string) string { return a.agentAction("release", name) }
+
+func (a *App) agentAction(action, name string) string {
+	name = strings.TrimSpace(name)
+	if name == "" {
+		return jsonErr("missing agent name")
+	}
+	bin, err := locateClawtool()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	cmd := exec.Command(bin, "agents", action, name)
+	hideConsole(cmd)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		msg := firstLine(out)
+		if msg == "" {
+			msg = "could not " + action + " " + name
+		}
+		return jsonErr(msg)
+	}
+	return `{"ok":true}`
+}
+
+// LocalCard returns this device's public A2A Agent Card
+// (/.well-known/agent-card.json) — capability/skill metadata, no secrets —
+// for the Agents tab to display. Raw daemon body on success.
+func (a *App) LocalCard() string {
+	base, err := a.ensureDaemonBase()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	body, err := httpGetJSON(base + "/.well-known/agent-card.json")
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	return string(body)
+}
+
 // ensureDaemonBase resolves the daemon's loopback base URL, starting the
 // daemon if it isn't recorded yet.
 func (a *App) ensureDaemonBase() (string, error) {
diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 0a1faf1..90e223f 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -43,3 +43,26 @@
 .switchRow .st { font-weight: 600; font-size: 13.5px; }
 .switchRow .sd { color: var(--text-secondary); font-size: 12.5px; margin-top: 3px; line-height: 1.45; }
 .actions { display: flex; gap: 18px; margin-top: 18px; }
+.input {
+  font: inherit;
+  font-size: 13px;
+  width: 100%;
+  padding: 9px 12px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  background: var(--surface);
+  color: var(--text);
+}
+.input:focus { outline: none; border-color: var(--accent); }
+.err { color: var(--warning); font-size: 12.5px; margin-top: 8px; }
+.linklike { background: none; border: 0; padding: 0; color: var(--accent); cursor: pointer; font: inherit; font-size: var(--size-md); }
+.linklike:hover { text-decoration: underline; }
+.keybox {
+  font: 500 12.5px var(--font-mono);
+  color: var(--text);
+  background: var(--surface);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  padding: 7px 11px;
+  letter-spacing: 0.02em;
+}
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index a6badd6..577a3a5 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -1,13 +1,14 @@
 import { useEffect, useState } from "react";
 import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
 import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
-import { HomeIcon, NetworkIcon, UpdatesIcon } from "./icons";
+import { AgentsIcon, HomeIcon, NetworkIcon, UpdatesIcon } from "./icons";
 import { Home } from "./views/Home";
+import { Agents } from "./views/Agents";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
 import styles from "./App.module.css";
 
-type View = "home" | "network" | "updates";
+type View = "home" | "agents" | "network" | "updates";
 
 export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
@@ -40,11 +41,13 @@ export function App() {
           }
         >
           <NavItem icon={<HomeIcon />} label="Home" active={view === "home"} onClick={() => setView("home")} />
+          <NavItem icon={<AgentsIcon />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
           <NavItem icon={<NetworkIcon />} label="Network" active={view === "network"} onClick={() => setView("network")} />
           <NavItem icon={<UpdatesIcon />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
         </Sidebar>
         <main className={styles.content}>
           {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
+          {view === "agents" ? <Agents brand={brand} /> : null}
           {view === "network" ? <Network brand={brand} /> : null}
           {view === "updates" ? <Updates brand={brand} /> : null}
         </main>
diff --git a/desktop/apps/app-ui/src/components/Toast.module.css b/desktop/apps/app-ui/src/components/Toast.module.css
new file mode 100644
index 0000000..6b80748
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/Toast.module.css
@@ -0,0 +1,20 @@
+.toast {
+  position: fixed;
+  bottom: 22px;
+  left: 50%;
+  transform: translateX(-50%) translateY(12px);
+  background: var(--text);
+  color: var(--bg);
+  font-size: 12.5px;
+  font-weight: 500;
+  padding: 8px 16px;
+  border-radius: var(--radius-pill);
+  opacity: 0;
+  transition: opacity 0.2s, transform 0.2s;
+  pointer-events: none;
+  z-index: 50;
+}
+.show {
+  opacity: 1;
+  transform: translateX(-50%) translateY(0);
+}
diff --git a/desktop/apps/app-ui/src/components/Toast.tsx b/desktop/apps/app-ui/src/components/Toast.tsx
new file mode 100644
index 0000000..687712b
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/Toast.tsx
@@ -0,0 +1,11 @@
+import { useEffect } from "react";
+import styles from "./Toast.module.css";
+
+export function Toast({ message, onClear }: { message: string; onClear: () => void }) {
+  useEffect(() => {
+    if (!message) return;
+    const t = setTimeout(onClear, 1900);
+    return () => clearTimeout(t);
+  }, [message, onClear]);
+  return <div className={`${styles.toast} ${message ? styles.show : ""}`}>{message}</div>;
+}
diff --git a/desktop/apps/app-ui/src/icons.tsx b/desktop/apps/app-ui/src/icons.tsx
index 9081a8a..6a85827 100644
--- a/desktop/apps/app-ui/src/icons.tsx
+++ b/desktop/apps/app-ui/src/icons.tsx
@@ -31,3 +31,12 @@ export const UpdatesIcon = () => (
     <path d="M21 4v5h-5" />
   </svg>
 );
+
+export const AgentsIcon = () => (
+  <svg {...base}>
+    <rect x="4" y="8" width="16" height="11" rx="2" />
+    <path d="M12 8V4M9 4h6" />
+    <circle cx="9" cy="13" r="1" />
+    <circle cx="15" cy="13" r="1" />
+  </svg>
+);
diff --git a/desktop/apps/app-ui/src/views/Agents.tsx b/desktop/apps/app-ui/src/views/Agents.tsx
new file mode 100644
index 0000000..1f37158
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Agents.tsx
@@ -0,0 +1,112 @@
+import { useEffect, useState } from "react";
+import { AgentRow, Badge, Button, EmptyRow, KVRow, KeyValue, List, SectionHeader } from "@clawtool/design-system";
+import { App, type Agent, type AgentCard, type Brand } from "@clawtool/bridge";
+import { Toast } from "../components/Toast";
+import styles from "../App.module.css";
+
+function metaFor(a: Agent): string {
+  const parts = [a.family];
+  if (a.bridge) parts.push(a.bridge);
+  if (a.tags && a.tags.length) parts.push(a.tags.join(", "));
+  if (a.sandbox) parts.push(`sandbox: ${a.sandbox}`);
+  return parts.join(" · ");
+}
+
+export function Agents({ brand }: { brand: Brand }) {
+  const [agents, setAgents] = useState<Agent[]>([]);
+  const [card, setCard] = useState<AgentCard | null>(null);
+  const [busy, setBusy] = useState<string>("");
+  const [toast, setToast] = useState("");
+
+  async function load() {
+    const snap = await App.networkSnapshot();
+    if (snap.ok === true) setAgents(snap.agents?.agents ?? []);
+    else App.ensureGateway();
+    const c = await App.localCard();
+    setCard(c && (c.name || c.skills) ? c : null);
+  }
+
+  useEffect(() => {
+    load();
+  }, []);
+
+  async function connect(a: Agent) {
+    setBusy(a.instance);
+    const r = await App.agentClaim(a.instance);
+    setToast(r.ok ? `Connected ${a.instance}` : typeof r.error === "string" ? r.error : `Couldn't connect ${a.instance}`);
+    await load();
+    setBusy("");
+  }
+  async function disconnect(a: Agent) {
+    setBusy(a.instance);
+    const r = await App.agentRelease(a.instance);
+    setToast(r.ok ? `Disconnected ${a.instance}` : typeof r.error === "string" ? r.error : `Couldn't disconnect ${a.instance}`);
+    await load();
+    setBusy("");
+  }
+
+  function actionFor(a: Agent) {
+    const b = busy === a.instance;
+    if (a.callable) {
+      return (
+        <Button variant="ghost" disabled={b} onClick={() => disconnect(a)}>
+          Disconnect
+        </Button>
+      );
+    }
+    // bridge-missing / binary-missing → the install/connect affordance
+    return (
+      <Button variant="primary" disabled={b} onClick={() => connect(a)}>
+        {a.status === "bridge-missing" ? "Install bridge" : "Connect"}
+      </Button>
+    );
+  }
+
+  return (
+    <>
+      <h1 className={styles.vh}>Agents</h1>
+      <div className={styles.lead}>AI agents on this device that can call {brand.name}'s tools.</div>
+
+      <SectionHeader title="On this device" />
+      <List>
+        {agents.length ? (
+          agents.map((a) => (
+            <AgentRow key={a.instance} name={a.instance} family={a.family} meta={metaFor(a)} action={actionFor(a)} />
+          ))
+        ) : (
+          <EmptyRow>
+            No agents detected. Install Claude Code, Codex, or Gemini — then they appear here to connect. Or run{" "}
+            <code>{brand.cli} onboard</code>.
+          </EmptyRow>
+        )}
+      </List>
+
+      <SectionHeader title="This device's A2A card" />
+      {card ? (
+        <>
+          <KeyValue>
+            {card.name ? <KVRow k="Name">{card.name}</KVRow> : null}
+            {card.version ? <KVRow k="Version">{String(card.version)}</KVRow> : null}
+            {card.url ? <KVRow k="URL">{card.url}</KVRow> : null}
+            <KVRow k="Skills">{card.skills?.length ?? 0}</KVRow>
+          </KeyValue>
+          {card.skills && card.skills.length ? (
+            <div style={{ marginTop: 12, display: "flex", flexWrap: "wrap", gap: 8 }}>
+              {card.skills.map((s, i) => (
+                <Badge key={s.id ?? i} tone="accent">
+                  {s.name ?? s.id ?? "skill"}
+                </Badge>
+              ))}
+            </div>
+          ) : null}
+        </>
+      ) : (
+        <List>
+          <EmptyRow>The A2A card is published once the gateway is running and circle peering is on.</EmptyRow>
+        </List>
+      )}
+
+      <Toast message={toast} onClear={() => setToast("")} />
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
index 6a7a2b5..7a9a823 100644
--- a/desktop/apps/app-ui/src/views/Home.tsx
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -57,13 +57,14 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
         </MetricStrip>
       </div>
 
-      <SectionHeader title="Agents on this device" action={<Button variant="ghost" onClick={() => onNavigate("network")}>Network →</Button>} />
+      <SectionHeader title="Agents on this device" action={<Button variant="ghost" onClick={() => onNavigate("agents")}>Manage →</Button>} />
       <List>
         {agents.length ? (
           agents.map((a) => (
             <AgentRow
               key={a.instance}
               name={a.instance}
+              family={a.family}
               meta={a.family + (a.bridge ? ` · ${a.bridge}` : "")}
               tone={a.callable ? "online" : a.status === "disabled" ? "offline" : "busy"}
               status={a.status ?? (a.callable ? "callable" : "—")}
@@ -71,7 +72,10 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
           ))
         ) : (
           <EmptyRow>
-            No agents here yet — run <code>{brand.cli} onboard</code> to connect one.
+            No agents connected yet.{" "}
+            <button className={styles.linklike} onClick={() => onNavigate("agents")}>
+              Connect an agent →
+            </button>
           </EmptyRow>
         )}
       </List>
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 5e357b9..00e3c70 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -1,30 +1,33 @@
 import { useEffect, useState } from "react";
-import {
-  AgentRow,
-  Badge,
-  Button,
-  EmptyRow,
-  KVRow,
-  KeyValue,
-  List,
-  SectionHeader,
-  Switch,
-} from "@clawtool/design-system";
-import { App, type Agent, type Brand, type Peer } from "@clawtool/bridge";
+import { Badge, Button, EmptyRow, KVRow, KeyValue, List, SectionHeader, Switch } from "@clawtool/design-system";
+import { App, type Brand, type Peer } from "@clawtool/bridge";
+import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
 
 function maskKey(k: string): string {
   return k && k.length > 14 ? `${k.slice(0, 8)}…${k.slice(-4)}` : k;
 }
 
+async function copyText(text: string): Promise<boolean> {
+  try {
+    await navigator.clipboard.writeText(text);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 export function Network({ brand }: { brand: Brand }) {
   const [banner, setBanner] = useState("");
-  const [agents, setAgents] = useState<Agent[]>([]);
   const [peers, setPeers] = useState<Peer[]>([]);
   const [hasKey, setHasKey] = useState(false);
   const [key, setKey] = useState("");
   const [lan, setLan] = useState(false);
   const [lanBusy, setLanBusy] = useState(false);
+  const [joinOpen, setJoinOpen] = useState(false);
+  const [joinKey, setJoinKey] = useState("");
+  const [joinErr, setJoinErr] = useState("");
+  const [toast, setToast] = useState("");
 
   async function loadNetwork() {
     const snap = await App.networkSnapshot();
@@ -34,7 +37,6 @@ export function Network({ brand }: { brand: Brand }) {
       return;
     }
     setBanner("");
-    setAgents(snap.agents?.agents ?? []);
     setPeers(snap.peers?.peers ?? []);
   }
   async function loadCircle() {
@@ -52,6 +54,32 @@ export function Network({ brand }: { brand: Brand }) {
     return () => clearInterval(t);
   }, []);
 
+  async function generate() {
+    const r = await App.circleGenerate();
+    await loadCircle();
+    const k = typeof r.key === "string" ? r.key : "";
+    if (r.ok && k) {
+      const ok = await copyText(k);
+      setToast(ok ? "Circle key generated and copied" : "Circle key generated");
+    }
+  }
+  async function copyKey() {
+    setToast((await copyText(key)) ? "Copied to clipboard" : "Couldn't copy");
+  }
+  async function join() {
+    setJoinErr("");
+    const k = joinKey.trim();
+    if (!k) return;
+    const r = await App.circleSet(k);
+    if (r.ok) {
+      setJoinOpen(false);
+      setJoinKey("");
+      await loadCircle();
+      setToast("Joined the circle");
+    } else {
+      setJoinErr(typeof r.error === "string" ? r.error : "Couldn't set the circle key");
+    }
+  }
   async function toggleLan(next: boolean) {
     setLanBusy(true);
     await (next ? App.lanEnable() : App.lanDisable());
@@ -62,28 +90,11 @@ export function Network({ brand }: { brand: Brand }) {
   return (
     <>
       {banner ? <div className={styles.banner}>{banner}</div> : null}
-      <h1 className={styles.vh}>This device</h1>
-      <div className={styles.lead}>Agents running locally on this machine.</div>
-      <List>
-        {agents.length ? (
-          agents.map((a) => (
-            <AgentRow
-              key={a.instance}
-              name={a.instance}
-              meta={a.family + (a.bridge ? ` · ${a.bridge}` : "")}
-              tone={a.callable ? "online" : a.status === "disabled" ? "offline" : "busy"}
-              status={a.status ?? (a.callable ? "callable" : "—")}
-            />
-          ))
-        ) : (
-          <EmptyRow>
-            No agents here yet — run <code>{brand.cli} onboard</code> to connect one.
-          </EmptyRow>
-        )}
-      </List>
+      <h1 className={styles.vh}>Cross-device</h1>
+      <div className={styles.lead}>Let your devices see each other's agents over your network.</div>
 
-      <SectionHeader title="Cross-device" />
-      <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
+      <SectionHeader title="Circle key" />
+      <div style={{ display: "flex", alignItems: "center", gap: 10, marginTop: 4 }}>
         <span style={{ fontWeight: 600, fontSize: 14 }}>Cross-device peering</span>
         <span style={{ marginLeft: "auto" }}>
           <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "On" : "Off"}</Badge>
@@ -93,27 +104,56 @@ export function Network({ brand }: { brand: Brand }) {
         Create a circle to let your devices see each other's agents. Generate a key here, then join the same circle on
         your other devices.
       </div>
-      <div className={styles.xrow}>
-        {hasKey ? (
-          <>
-            <code style={{ fontSize: 12.5 }}>{maskKey(key)}</code>
-            <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
-              Leave circle
+
+      {hasKey ? (
+        <div className={styles.xrow}>
+          <code className={styles.keybox}>{maskKey(key)}</code>
+          <Button variant="secondary" onClick={copyKey}>
+            Copy
+          </Button>
+          <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
+            Leave circle
+          </Button>
+        </div>
+      ) : joinOpen ? (
+        <div style={{ marginTop: 14, maxWidth: 520 }}>
+          <input
+            className={styles.input}
+            placeholder="Paste the circle key from your other device"
+            value={joinKey}
+            autoFocus
+            onChange={(e) => setJoinKey(e.target.value)}
+            onKeyDown={(e) => {
+              if (e.key === "Enter") join();
+              if (e.key === "Escape") setJoinOpen(false);
+            }}
+          />
+          {joinErr ? <div className={styles.err}>{joinErr}</div> : null}
+          <div style={{ display: "flex", gap: 12, marginTop: 10 }}>
+            <Button variant="primary" onClick={join} disabled={!joinKey.trim()}>
+              Join circle
             </Button>
-          </>
-        ) : (
-          <>
-            <Button variant="primary" onClick={() => App.circleGenerate().then(loadCircle)}>
-              Generate circle key
+            <Button variant="ghost" onClick={() => setJoinOpen(false)}>
+              Cancel
             </Button>
-            <Button variant="ghost">Join with a key…</Button>
-          </>
-        )}
-      </div>
+          </div>
+        </div>
+      ) : (
+        <div className={styles.xrow}>
+          <Button variant="primary" onClick={generate}>
+            Generate circle key
+          </Button>
+          <Button variant="ghost" onClick={() => setJoinOpen(true)}>
+            Join with a key…
+          </Button>
+        </div>
+      )}
 
       <div className={styles.switchRow}>
-        <div className="txt" style={{ flex: 1 }}>
-          <div className={styles.st} style={{ fontWeight: 600, fontSize: 13.5 }}>Reachable on your LAN</div>
+        <div style={{ flex: 1 }}>
+          <div className={styles.st} style={{ fontWeight: 600, fontSize: 13.5 }}>
+            Reachable on your LAN
+          </div>
           <div className={styles.sd}>
             Let circle devices on your network read this device's agent list. Code execution stays local-only; the
             first time, your OS may ask to allow it through the firewall.
@@ -122,7 +162,7 @@ export function Network({ brand }: { brand: Brand }) {
         <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
       </div>
 
-      <SectionHeader title={`Network${peers.length ? ` (${peers.length})` : ""}`} />
+      <SectionHeader title={`Devices${peers.length ? ` (${peers.length})` : ""}`} />
       {peers.length ? (
         <KeyValue>
           {peers.map((p) => (
@@ -134,11 +174,13 @@ export function Network({ brand }: { brand: Brand }) {
       ) : (
         <List>
           <EmptyRow>
-            No peers discovered yet. Start {brand.name} on another machine on this network — paired devices appear
+            No devices discovered yet. Start {brand.name} on another machine on this network — paired devices appear
             automatically over mDNS.
           </EmptyRow>
         </List>
       )}
+
+      <Toast message={toast} onClear={() => setToast("")} />
     </>
   );
 }
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index f7355e4..d2dfafa 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -4,6 +4,7 @@
 // empty/error state.
 import { callJSON, callRaw } from "./wails";
 import type {
+  AgentCard,
   Brand,
   CircleStatus,
   LanStatus,
@@ -44,6 +45,11 @@ export const App = {
   checkUpdate: () => callJSON<UpdateInfo>("CheckUpdate", { ok: false }),
   installUpdate: () => callJSON<Result>("InstallUpdate", OK_FALSE),
 
+  // agents (connect/disconnect a host + this device's A2A card)
+  agentClaim: (name: string) => callJSON<Result>("AgentClaim", OK_FALSE, name),
+  agentRelease: (name: string) => callJSON<Result>("AgentRelease", OK_FALSE, name),
+  localCard: () => callJSON<AgentCard>("LocalCard", {}),
+
   // cross-device (circle key + LAN)
   circleStatus: () => callJSON<CircleStatus>("CircleStatus", { ok: false }),
   circleGenerate: () => callJSON<Result>("CircleGenerate", OK_FALSE),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index 17413fd..1b2a974 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -19,6 +19,10 @@ export type Agent = {
   bridge?: string;
   status?: string;
   callable?: boolean;
+  auth_scope?: string;
+  tags?: string[];
+  failover_to?: string[];
+  sandbox?: string;
 };
 
 export type Peer = {
@@ -48,6 +52,16 @@ export type UpdateInfo = {
   error?: string;
 };
 
+export type AgentSkill = { id?: string; name?: string; description?: string };
+export type AgentCard = {
+  name?: string;
+  description?: string;
+  url?: string;
+  version?: string;
+  skills?: AgentSkill[];
+  [k: string]: unknown;
+};
+
 export type Result = { ok: boolean; error?: string; [k: string]: unknown };
 export type CircleStatus = { ok: boolean; has_key?: boolean; key?: string };
 export type LanStatus = { ok: boolean; enabled?: boolean };
diff --git a/desktop/packages/design-system/src/components/AgentIcon.module.css b/desktop/packages/design-system/src/components/AgentIcon.module.css
new file mode 100644
index 0000000..fb194f3
--- /dev/null
+++ b/desktop/packages/design-system/src/components/AgentIcon.module.css
@@ -0,0 +1,10 @@
+.icon {
+  border-radius: 7px;
+  display: grid;
+  place-items: center;
+  flex: none;
+  font-family: var(--font-mono);
+  font-weight: 600;
+  text-transform: uppercase;
+  line-height: 1;
+}
diff --git a/desktop/packages/design-system/src/components/AgentIcon.tsx b/desktop/packages/design-system/src/components/AgentIcon.tsx
new file mode 100644
index 0000000..c422e89
--- /dev/null
+++ b/desktop/packages/design-system/src/components/AgentIcon.tsx
@@ -0,0 +1,28 @@
+import styles from "./AgentIcon.module.css";
+
+// Per-family tint + monogram. Brand-tinted marks (not exact trademark logos).
+const FAMILY: Record<string, { tint: string; mark: string }> = {
+  claude: { tint: "#d97757", mark: "C" },
+  codex: { tint: "#10a37f", mark: "O" },
+  gemini: { tint: "#4285f4", mark: "G" },
+  opencode: { tint: "#8ab4d8", mark: "oc" },
+  hermes: { tint: "#a78bfa", mark: "H" },
+};
+
+export function AgentIcon({ family, size = 26 }: { family: string; size?: number }) {
+  const f = FAMILY[family.toLowerCase()] ?? { tint: "var(--accent)", mark: (family[0] ?? "?").toUpperCase() };
+  return (
+    <span
+      className={styles.icon}
+      style={{
+        width: size,
+        height: size,
+        background: `color-mix(in srgb, ${f.tint} 16%, transparent)`,
+        color: f.tint,
+        fontSize: Math.round(size * 0.42),
+      }}
+    >
+      {f.mark}
+    </span>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/AgentRow.module.css b/desktop/packages/design-system/src/components/AgentRow.module.css
index c6cf730..ce62538 100644
--- a/desktop/packages/design-system/src/components/AgentRow.module.css
+++ b/desktop/packages/design-system/src/components/AgentRow.module.css
@@ -21,6 +21,7 @@
 }
 .name { font-weight: 550; font-size: var(--size-md); }
 .meta { color: var(--text-secondary); font-size: var(--size-sm); margin-top: 1px; }
+.action { margin-left: auto; }
 .status {
   margin-left: auto;
   display: flex;
diff --git a/desktop/packages/design-system/src/components/AgentRow.tsx b/desktop/packages/design-system/src/components/AgentRow.tsx
index b0cdd7e..2117e0c 100644
--- a/desktop/packages/design-system/src/components/AgentRow.tsx
+++ b/desktop/packages/design-system/src/components/AgentRow.tsx
@@ -1,4 +1,5 @@
 import type { ReactNode } from "react";
+import { AgentIcon } from "./AgentIcon";
 import { StatusDot, type DotTone } from "./StatusDot";
 import styles from "./AgentRow.module.css";
 
@@ -8,22 +9,34 @@ export function List({ children }: { children: ReactNode }) {
 
 export function AgentRow({
   name,
+  family,
   meta,
   tone = "online",
   status,
-}: { name: string; meta?: string; tone?: DotTone; status?: string }) {
-  const initials = name.slice(0, 2);
+  action,
+}: {
+  name: string;
+  family?: string;
+  meta?: string;
+  tone?: DotTone;
+  status?: string;
+  action?: ReactNode;
+}) {
   return (
     <div className={styles.row}>
-      <span className={styles.avatar}>{initials}</span>
+      {family ? <AgentIcon family={family} /> : <span className={styles.avatar}>{name.slice(0, 2)}</span>}
       <div className={styles.text}>
         <div className={styles.name}>{name}</div>
         {meta ? <div className={styles.meta}>{meta}</div> : null}
       </div>
-      <span className={styles.status}>
-        <StatusDot tone={tone} />
-        {status ?? tone}
-      </span>
+      {action ? (
+        <span className={styles.action}>{action}</span>
+      ) : (
+        <span className={styles.status}>
+          <StatusDot tone={tone} />
+          {status ?? tone}
+        </span>
+      )}
     </div>
   );
 }
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
index 0fe3086..489cd27 100644
--- a/desktop/packages/design-system/src/index.ts
+++ b/desktop/packages/design-system/src/index.ts
@@ -5,6 +5,7 @@ export { Button } from "./components/Button";
 export { Metric, MetricStrip } from "./components/Metric";
 export { SectionHeader } from "./components/Section";
 export { AgentRow, List, EmptyRow } from "./components/AgentRow";
+export { AgentIcon } from "./components/AgentIcon";
 export { TitleBar, type WindowControls } from "./components/TitleBar";
 export { Sidebar, NavItem } from "./components/Sidebar";
 export { Switch } from "./components/Switch";

From e9f173c8530614e9d6863d1925b83cef61e9663d Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 23:42:54 +0300
Subject: [PATCH 20/86] feat(desktop): real agent logos, A2A side-pane, status
 chips, real bridge install

- Agent logos: real brand marks via Simple Icons where redistribution is
  permitted (Claude, Gemini); clean brand-tinted fallback for families the
  licensed library omits (e.g. OpenAI/Codex, which the brand restricts).
- Agents tab: per-agent status chips (ready / bridge missing / not installed /
  disabled) with a 5s live refresh; click a row for a detail SidePane, and a
  "This device's card" pane shows the A2A card (name/version/url/skills).
- Install affordance now actually installs: BridgeAdd Go binding runs
  `clawtool bridge add <family>` (the canonical install) instead of a claim that
  errored on a missing bridge/binary; errors surface verbatim.
- Pairing: frame cross-device as generate/enter a pairing key on the same
  network (copy + Toast already fixed); a true short pairing-code protocol is a
  daemon follow-up.
- New design-system components: SidePane, AgentIcon (Simple Icons-backed).
---
 cmd/clawtool-installer/app.go                 |  25 +++
 desktop/apps/app-ui/src/App.module.css        |   2 +-
 desktop/apps/app-ui/src/views/Agents.tsx      | 198 +++++++++++++-----
 desktop/apps/app-ui/src/views/Network.tsx     |  18 +-
 desktop/packages/bridge/src/app.ts            |   1 +
 desktop/packages/design-system/package.json   |   3 +
 .../src/components/AgentIcon.tsx              |  47 +++--
 .../src/components/AgentRow.module.css        |   1 +
 .../design-system/src/components/AgentRow.tsx |   4 +-
 .../src/components/SidePane.module.css        |  36 ++++
 .../design-system/src/components/SidePane.tsx |  23 ++
 desktop/packages/design-system/src/index.ts   |   1 +
 desktop/pnpm-lock.yaml                        |   9 +
 13 files changed, 288 insertions(+), 80 deletions(-)
 create mode 100644 desktop/packages/design-system/src/components/SidePane.module.css
 create mode 100644 desktop/packages/design-system/src/components/SidePane.tsx

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 3c96e73..bad54b8 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -700,6 +700,31 @@ func (a *App) agentAction(action, name string) string {
 	return `{"ok":true}`
 }
 
+// BridgeAdd installs the canonical bridge for an agent family —
+// `clawtool bridge add <family>` — so a bridge-missing agent becomes
+// callable. This is the "Install bridge" action. The error (e.g. the agent
+// binary not being on PATH) is surfaced to the UI verbatim.
+func (a *App) BridgeAdd(family string) string {
+	family = strings.TrimSpace(family)
+	if family == "" {
+		return jsonErr("missing agent family")
+	}
+	bin, err := locateClawtool()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	cmd := exec.Command(bin, "bridge", "add", family, "--json")
+	hideConsole(cmd)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		msg := firstLine(out)
+		if msg == "" {
+			msg = "could not install the " + family + " bridge"
+		}
+		return jsonErr(msg)
+	}
+	return `{"ok":true}`
+}
+
 // LocalCard returns this device's public A2A Agent Card
 // (/.well-known/agent-card.json) — capability/skill metadata, no secrets —
 // for the Agents tab to display. Raw daemon body on success.
diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 90e223f..33ccf39 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -1,6 +1,6 @@
 .shell { display: flex; flex-direction: column; height: 100vh; }
 .body { display: flex; flex: 1; min-height: 0; }
-.content { flex: 1; min-width: 0; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; }
+.content { flex: 1; min-width: 0; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; position: relative; }
 
 .status { display: flex; align-items: center; gap: 13px; }
 .status h1 { font-size: var(--size-2xl); font-weight: 600; letter-spacing: -0.02em; }
diff --git a/desktop/apps/app-ui/src/views/Agents.tsx b/desktop/apps/app-ui/src/views/Agents.tsx
index 1f37158..70e28d6 100644
--- a/desktop/apps/app-ui/src/views/Agents.tsx
+++ b/desktop/apps/app-ui/src/views/Agents.tsx
@@ -1,13 +1,40 @@
-import { useEffect, useState } from "react";
-import { AgentRow, Badge, Button, EmptyRow, KVRow, KeyValue, List, SectionHeader } from "@clawtool/design-system";
+import { useEffect, useState, type MouseEvent } from "react";
+import {
+  AgentIcon,
+  AgentRow,
+  Badge,
+  Button,
+  EmptyRow,
+  KVRow,
+  KeyValue,
+  List,
+  SectionHeader,
+  SidePane,
+  type BadgeTone,
+} from "@clawtool/design-system";
 import { App, type Agent, type AgentCard, type Brand } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
 
+function statusChip(a: Agent): { label: string; tone: BadgeTone } {
+  switch (a.status) {
+    case "callable":
+      return { label: "ready", tone: "success" };
+    case "bridge-missing":
+      return { label: "bridge missing", tone: "warning" };
+    case "binary-missing":
+      return { label: "not installed", tone: "neutral" };
+    case "disabled":
+      return { label: "disabled", tone: "neutral" };
+    default:
+      return { label: a.status ?? "unknown", tone: "neutral" };
+  }
+}
+
 function metaFor(a: Agent): string {
   const parts = [a.family];
   if (a.bridge) parts.push(a.bridge);
-  if (a.tags && a.tags.length) parts.push(a.tags.join(", "));
+  if (a.tags?.length) parts.push(a.tags.join(", "));
   if (a.sandbox) parts.push(`sandbox: ${a.sandbox}`);
   return parts.join(" · ");
 }
@@ -15,8 +42,9 @@ function metaFor(a: Agent): string {
 export function Agents({ brand }: { brand: Brand }) {
   const [agents, setAgents] = useState<Agent[]>([]);
   const [card, setCard] = useState<AgentCard | null>(null);
-  const [busy, setBusy] = useState<string>("");
+  const [busy, setBusy] = useState("");
   const [toast, setToast] = useState("");
+  const [selected, setSelected] = useState<Agent | "card" | null>(null);
 
   async function load() {
     const snap = await App.networkSnapshot();
@@ -28,38 +56,52 @@ export function Agents({ brand }: { brand: Brand }) {
 
   useEffect(() => {
     load();
+    const t = setInterval(load, 5000);
+    return () => clearInterval(t);
   }, []);
 
-  async function connect(a: Agent) {
-    setBusy(a.instance);
-    const r = await App.agentClaim(a.instance);
-    setToast(r.ok ? `Connected ${a.instance}` : typeof r.error === "string" ? r.error : `Couldn't connect ${a.instance}`);
-    await load();
-    setBusy("");
-  }
-  async function disconnect(a: Agent) {
+  async function run(action: "connect" | "disconnect" | "install", a: Agent) {
     setBusy(a.instance);
-    const r = await App.agentRelease(a.instance);
-    setToast(r.ok ? `Disconnected ${a.instance}` : typeof r.error === "string" ? r.error : `Couldn't disconnect ${a.instance}`);
+    const r =
+      action === "disconnect"
+        ? await App.agentRelease(a.instance)
+        : action === "install"
+          ? await App.bridgeAdd(a.family)
+          : await App.agentClaim(a.instance);
+    const verb = action === "disconnect" ? "Disconnected" : action === "install" ? "Installed bridge for" : "Connected";
+    setToast(r.ok ? `${verb} ${a.instance}` : typeof r.error === "string" ? r.error : `Couldn't ${action} ${a.instance}`);
     await load();
     setBusy("");
   }
 
   function actionFor(a: Agent) {
     const b = busy === a.instance;
+    const stop = (fn: () => void) => (e: MouseEvent) => {
+      e.stopPropagation();
+      fn();
+    };
     if (a.callable) {
       return (
-        <Button variant="ghost" disabled={b} onClick={() => disconnect(a)}>
+        <Button variant="ghost" disabled={b} onClick={stop(() => run("disconnect", a))}>
           Disconnect
         </Button>
       );
     }
-    // bridge-missing / binary-missing → the install/connect affordance
-    return (
-      <Button variant="primary" disabled={b} onClick={() => connect(a)}>
-        {a.status === "bridge-missing" ? "Install bridge" : "Connect"}
-      </Button>
-    );
+    if (a.status === "bridge-missing") {
+      return (
+        <Button variant="primary" disabled={b} onClick={stop(() => run("install", a))}>
+          Install bridge
+        </Button>
+      );
+    }
+    if (a.status === "binary-missing") {
+      return (
+        <Button variant="primary" disabled={b} onClick={stop(() => run("install", a))}>
+          Install {a.family}
+        </Button>
+      );
+    }
+    return null;
   }
 
   return (
@@ -67,44 +109,94 @@ export function Agents({ brand }: { brand: Brand }) {
       <h1 className={styles.vh}>Agents</h1>
       <div className={styles.lead}>AI agents on this device that can call {brand.name}'s tools.</div>
 
-      <SectionHeader title="On this device" />
+      <SectionHeader
+        title="On this device"
+        action={
+          <Button variant="ghost" onClick={() => setSelected("card")}>
+            This device's card →
+          </Button>
+        }
+      />
       <List>
         {agents.length ? (
-          agents.map((a) => (
-            <AgentRow key={a.instance} name={a.instance} family={a.family} meta={metaFor(a)} action={actionFor(a)} />
-          ))
+          agents.map((a) => {
+            const chip = statusChip(a);
+            return (
+              <AgentRow
+                key={a.instance}
+                name={a.instance}
+                family={a.family}
+                meta={metaFor(a)}
+                onClick={() => setSelected(a)}
+                action={
+                  <span style={{ display: "flex", alignItems: "center", gap: 12 }}>
+                    <Badge tone={chip.tone}>{chip.label}</Badge>
+                    {actionFor(a)}
+                  </span>
+                }
+              />
+            );
+          })
         ) : (
-          <EmptyRow>
-            No agents detected. Install Claude Code, Codex, or Gemini — then they appear here to connect. Or run{" "}
-            <code>{brand.cli} onboard</code>.
-          </EmptyRow>
+          <EmptyRow>No agents detected. Install Claude Code, Codex, or Gemini and they appear here to connect.</EmptyRow>
         )}
       </List>
 
-      <SectionHeader title="This device's A2A card" />
-      {card ? (
-        <>
-          <KeyValue>
-            {card.name ? <KVRow k="Name">{card.name}</KVRow> : null}
-            {card.version ? <KVRow k="Version">{String(card.version)}</KVRow> : null}
-            {card.url ? <KVRow k="URL">{card.url}</KVRow> : null}
-            <KVRow k="Skills">{card.skills?.length ?? 0}</KVRow>
-          </KeyValue>
-          {card.skills && card.skills.length ? (
-            <div style={{ marginTop: 12, display: "flex", flexWrap: "wrap", gap: 8 }}>
-              {card.skills.map((s, i) => (
-                <Badge key={s.id ?? i} tone="accent">
-                  {s.name ?? s.id ?? "skill"}
-                </Badge>
-              ))}
-            </div>
-          ) : null}
-        </>
-      ) : (
-        <List>
-          <EmptyRow>The A2A card is published once the gateway is running and circle peering is on.</EmptyRow>
-        </List>
-      )}
+      <SidePane
+        open={selected !== null}
+        title={
+          selected === "card" ? (
+            "This device's A2A card"
+          ) : selected ? (
+            <>
+              <AgentIcon family={selected.family} size={20} />
+              {selected.instance}
+            </>
+          ) : (
+            ""
+          )
+        }
+        onClose={() => setSelected(null)}
+      >
+        {selected === "card" ? (
+          card ? (
+            <>
+              <KeyValue>
+                {card.name ? <KVRow k="Name">{card.name}</KVRow> : null}
+                {card.version ? <KVRow k="Version">{String(card.version)}</KVRow> : null}
+                {card.url ? <KVRow k="URL">{card.url}</KVRow> : null}
+                <KVRow k="Skills">{card.skills?.length ?? 0}</KVRow>
+              </KeyValue>
+              {card.skills?.length ? (
+                <div style={{ marginTop: 14, display: "flex", flexWrap: "wrap", gap: 8 }}>
+                  {card.skills.map((s, i) => (
+                    <Badge key={s.id ?? i} tone="accent">
+                      {s.name ?? s.id ?? "skill"}
+                    </Badge>
+                  ))}
+                </div>
+              ) : null}
+            </>
+          ) : (
+            <div className={styles.lead}>The A2A card publishes once the gateway is running and peering is on.</div>
+          )
+        ) : selected ? (
+          <>
+            <KeyValue>
+              <KVRow k="Family">{selected.family}</KVRow>
+              {selected.bridge ? <KVRow k="Bridge">{selected.bridge}</KVRow> : null}
+              <KVRow k="Status">
+                <Badge tone={statusChip(selected).tone}>{statusChip(selected).label}</Badge>
+              </KVRow>
+              {selected.auth_scope ? <KVRow k="Auth scope">{selected.auth_scope}</KVRow> : null}
+              {selected.sandbox ? <KVRow k="Sandbox">{selected.sandbox}</KVRow> : null}
+              {selected.tags?.length ? <KVRow k="Tags">{selected.tags.join(", ")}</KVRow> : null}
+              {selected.failover_to?.length ? <KVRow k="Failover">{selected.failover_to.join(" → ")}</KVRow> : null}
+            </KeyValue>
+            <div style={{ marginTop: 16 }}>{actionFor(selected)}</div>
+          </>
+        ) : null}
+      </SidePane>
 
       <Toast message={toast} onClear={() => setToast("")} />
     </>
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 00e3c70..d6dc378 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -91,18 +91,18 @@ export function Network({ brand }: { brand: Brand }) {
     <>
       {banner ? <div className={styles.banner}>{banner}</div> : null}
       <h1 className={styles.vh}>Cross-device</h1>
-      <div className={styles.lead}>Let your devices see each other's agents over your network.</div>
+      <div className={styles.lead}>Pair your machines on the same network so they can see each other's agents.</div>
 
-      <SectionHeader title="Circle key" />
+      <SectionHeader title="Pairing" />
       <div style={{ display: "flex", alignItems: "center", gap: 10, marginTop: 4 }}>
         <span style={{ fontWeight: 600, fontSize: 14 }}>Cross-device peering</span>
         <span style={{ marginLeft: "auto" }}>
-          <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "On" : "Off"}</Badge>
+          <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "Paired" : "Not paired"}</Badge>
         </span>
       </div>
       <div className={styles.xdesc}>
-        Create a circle to let your devices see each other's agents. Generate a key here, then join the same circle on
-        your other devices.
+        Generate a pairing key on one device, then enter it on your other devices on the same network — they'll appear
+        below once paired.
       </div>
 
       {hasKey ? (
@@ -112,14 +112,14 @@ export function Network({ brand }: { brand: Brand }) {
             Copy
           </Button>
           <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
-            Leave circle
+            Unpair
           </Button>
         </div>
       ) : joinOpen ? (
         <div style={{ marginTop: 14, maxWidth: 520 }}>
           <input
             className={styles.input}
-            placeholder="Paste the circle key from your other device"
+            placeholder="Paste the pairing key from your other device"
             value={joinKey}
             autoFocus
             onChange={(e) => setJoinKey(e.target.value)}
@@ -141,10 +141,10 @@ export function Network({ brand }: { brand: Brand }) {
       ) : (
         <div className={styles.xrow}>
           <Button variant="primary" onClick={generate}>
-            Generate circle key
+            Generate pairing key
           </Button>
           <Button variant="ghost" onClick={() => setJoinOpen(true)}>
-            Join with a key…
+            Enter a pairing key…
           </Button>
         </div>
       )}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index d2dfafa..a6ccae4 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -48,6 +48,7 @@ export const App = {
   // agents (connect/disconnect a host + this device's A2A card)
   agentClaim: (name: string) => callJSON<Result>("AgentClaim", OK_FALSE, name),
   agentRelease: (name: string) => callJSON<Result>("AgentRelease", OK_FALSE, name),
+  bridgeAdd: (family: string) => callJSON<Result>("BridgeAdd", OK_FALSE, family),
   localCard: () => callJSON<AgentCard>("LocalCard", {}),
 
   // cross-device (circle key + LAN)
diff --git a/desktop/packages/design-system/package.json b/desktop/packages/design-system/package.json
index 33bbda9..95a9496 100644
--- a/desktop/packages/design-system/package.json
+++ b/desktop/packages/design-system/package.json
@@ -19,5 +19,8 @@
     "@types/react": "^18.3.12",
     "@types/react-dom": "^18.3.1",
     "typescript": "^5.6.3"
+  },
+  "dependencies": {
+    "simple-icons": "^16.21.0"
   }
 }
diff --git a/desktop/packages/design-system/src/components/AgentIcon.tsx b/desktop/packages/design-system/src/components/AgentIcon.tsx
index c422e89..4c0d827 100644
--- a/desktop/packages/design-system/src/components/AgentIcon.tsx
+++ b/desktop/packages/design-system/src/components/AgentIcon.tsx
@@ -1,28 +1,43 @@
+import { siClaude, siGooglegemini } from "simple-icons";
 import styles from "./AgentIcon.module.css";
 
-// Per-family tint + monogram. Brand-tinted marks (not exact trademark logos).
-const FAMILY: Record<string, { tint: string; mark: string }> = {
-  claude: { tint: "#d97757", mark: "C" },
-  codex: { tint: "#10a37f", mark: "O" },
-  gemini: { tint: "#4285f4", mark: "G" },
-  opencode: { tint: "#8ab4d8", mark: "oc" },
-  hermes: { tint: "#a78bfa", mark: "H" },
+type Mark = { path: string; hex: string };
+
+// Real brand marks from Simple Icons (the standard licensed brand-icon
+// library) where the brand permits redistribution. OpenAI/Codex is NOT in the
+// library (the brand restricts its logo — Simple Icons removed it), so those
+// fall back to a clean brand-tinted chip. A brand mark is only ever shown to
+// indicate that integration (nominative use).
+const BRAND: Record<string, Mark> = {
+  claude: { path: siClaude.path, hex: `#${siClaude.hex}` },
+  gemini: { path: siGooglegemini.path, hex: `#${siGooglegemini.hex}` },
+};
+
+const FALLBACK_TINT: Record<string, string> = {
+  codex: "#10a37f",
+  opencode: "#8ab4d8",
+  hermes: "#a78bfa",
 };
 
 export function AgentIcon({ family, size = 26 }: { family: string; size?: number }) {
-  const f = FAMILY[family.toLowerCase()] ?? { tint: "var(--accent)", mark: (family[0] ?? "?").toUpperCase() };
+  const key = family.toLowerCase();
+  const brand = BRAND[key];
+  if (brand) {
+    return (
+      <span className={styles.icon} style={{ width: size, height: size, background: `color-mix(in srgb, ${brand.hex} 16%, transparent)` }}>
+        <svg width={Math.round(size * 0.56)} height={Math.round(size * 0.56)} viewBox="0 0 24 24" fill={brand.hex} aria-label={family}>
+          <path d={brand.path} />
+        </svg>
+      </span>
+    );
+  }
+  const tint = FALLBACK_TINT[key] ?? "var(--accent)";
   return (
     <span
       className={styles.icon}
-      style={{
-        width: size,
-        height: size,
-        background: `color-mix(in srgb, ${f.tint} 16%, transparent)`,
-        color: f.tint,
-        fontSize: Math.round(size * 0.42),
-      }}
+      style={{ width: size, height: size, background: `color-mix(in srgb, ${tint} 16%, transparent)`, color: tint, fontSize: Math.round(size * 0.4) }}
     >
-      {f.mark}
+      {(family[0] ?? "?").toUpperCase()}
     </span>
   );
 }
diff --git a/desktop/packages/design-system/src/components/AgentRow.module.css b/desktop/packages/design-system/src/components/AgentRow.module.css
index ce62538..ee10923 100644
--- a/desktop/packages/design-system/src/components/AgentRow.module.css
+++ b/desktop/packages/design-system/src/components/AgentRow.module.css
@@ -7,6 +7,7 @@
   border-bottom: 1px solid var(--hairline);
 }
 .row:hover { background: var(--hover); }
+.clickable { cursor: pointer; }
 .avatar {
   width: 26px;
   height: 26px;
diff --git a/desktop/packages/design-system/src/components/AgentRow.tsx b/desktop/packages/design-system/src/components/AgentRow.tsx
index 2117e0c..8c8e658 100644
--- a/desktop/packages/design-system/src/components/AgentRow.tsx
+++ b/desktop/packages/design-system/src/components/AgentRow.tsx
@@ -14,6 +14,7 @@ export function AgentRow({
   tone = "online",
   status,
   action,
+  onClick,
 }: {
   name: string;
   family?: string;
@@ -21,9 +22,10 @@ export function AgentRow({
   tone?: DotTone;
   status?: string;
   action?: ReactNode;
+  onClick?: () => void;
 }) {
   return (
-    <div className={styles.row}>
+    <div className={`${styles.row} ${onClick ? styles.clickable : ""}`} onClick={onClick}>
       {family ? <AgentIcon family={family} /> : <span className={styles.avatar}>{name.slice(0, 2)}</span>}
       <div className={styles.text}>
         <div className={styles.name}>{name}</div>
diff --git a/desktop/packages/design-system/src/components/SidePane.module.css b/desktop/packages/design-system/src/components/SidePane.module.css
new file mode 100644
index 0000000..ad2f28a
--- /dev/null
+++ b/desktop/packages/design-system/src/components/SidePane.module.css
@@ -0,0 +1,36 @@
+.pane {
+  position: absolute;
+  top: 0;
+  right: 0;
+  height: 100%;
+  width: 340px;
+  background: var(--surface-recessed);
+  border-left: 1px solid var(--hairline);
+  display: flex;
+  flex-direction: column;
+  transform: translateX(100%);
+  transition: transform 0.2s cubic-bezier(0.22, 1, 0.36, 1);
+  z-index: 20;
+  box-shadow: var(--shadow-overlay);
+}
+.open { transform: translateX(0); }
+.head {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 16px 18px;
+  border-bottom: 1px solid var(--hairline);
+}
+.title { font-size: 14px; font-weight: 600; display: flex; align-items: center; gap: 10px; }
+.close {
+  border: 0;
+  background: none;
+  color: var(--text-secondary);
+  cursor: pointer;
+  display: grid;
+  place-items: center;
+  padding: 4px;
+  border-radius: var(--radius-sm);
+}
+.close:hover { color: var(--text); background: var(--hover); }
+.body { flex: 1; overflow-y: auto; padding: 18px; }
diff --git a/desktop/packages/design-system/src/components/SidePane.tsx b/desktop/packages/design-system/src/components/SidePane.tsx
new file mode 100644
index 0000000..cc1fe2f
--- /dev/null
+++ b/desktop/packages/design-system/src/components/SidePane.tsx
@@ -0,0 +1,23 @@
+import type { ReactNode } from "react";
+import styles from "./SidePane.module.css";
+
+export function SidePane({
+  open,
+  title,
+  onClose,
+  children,
+}: { open: boolean; title: ReactNode; onClose: () => void; children: ReactNode }) {
+  return (
+    <aside className={`${styles.pane} ${open ? styles.open : ""}`} aria-hidden={!open}>
+      <div className={styles.head}>
+        <div className={styles.title}>{title}</div>
+        <button className={styles.close} onClick={onClose} aria-label="Close">
+          <svg width="14" height="14" viewBox="0 0 24 24" stroke="currentColor" strokeWidth="2" strokeLinecap="round">
+            <path d="M6 6l12 12M18 6L6 18" />
+          </svg>
+        </button>
+      </div>
+      <div className={styles.body}>{children}</div>
+    </aside>
+  );
+}
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
index 489cd27..68e3044 100644
--- a/desktop/packages/design-system/src/index.ts
+++ b/desktop/packages/design-system/src/index.ts
@@ -12,4 +12,5 @@ export { Switch } from "./components/Switch";
 export { KeyValue, KVRow } from "./components/KeyValue";
 export { ProgressBar } from "./components/ProgressBar";
 export { LogFeed, type LogLine } from "./components/LogFeed";
+export { SidePane } from "./components/SidePane";
 export { getPlatform, isMac, type Platform } from "./lib/platform";
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index 0f6a07a..bd7230b 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -150,6 +150,9 @@ importers:
       react-dom:
         specifier: ^18.3.1
         version: 18.3.1(react@18.3.1)
+      simple-icons:
+        specifier: ^16.21.0
+        version: 16.21.0
     devDependencies:
       '@types/react':
         specifier: ^18.3.12
@@ -717,6 +720,10 @@ packages:
     resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==}
     hasBin: true
 
+  simple-icons@16.21.0:
+    resolution: {integrity: sha512-kH6LEx5yvBGVNaVrHnZ7D17G16CmmHiI8DD7MwIwgnWmDFTiFu4PhFZLNdV6bMGr61qbHMMTXLoo/T6C25dMGA==}
+    engines: {node: '>=0.12.18'}
+
   source-map-js@1.2.1:
     resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
     engines: {node: '>=0.10.0'}
@@ -1254,6 +1261,8 @@ snapshots:
 
   semver@6.3.1: {}
 
+  simple-icons@16.21.0: {}
+
   source-map-js@1.2.1: {}
 
   tinyglobby@0.2.16:

From d3bf56d58369adce11a315cebf5950614ad9a26c Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Wed, 27 May 2026 23:57:26 +0300
Subject: [PATCH 21/86] feat(desktop): broaden real agent logos (Simple Icons)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Map every agent family Simple Icons covers to its real brand mark: Claude,
Gemini, Ollama, Perplexity, Mistral, GitHub Copilot, Cursor, Windsurf,
Hugging Face (+ Nous Hermes via HF). Near-black marks render in the
foreground tint so they stay visible on the dark UI. Families the licensed
library omits — OpenAI/Codex (brand-restricted) and opencode — keep a clean
brand-tinted fallback chip; we don't hand-copy a restricted logo.
---
 .../src/components/AgentIcon.tsx              | 49 +++++++++++++++----
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/desktop/packages/design-system/src/components/AgentIcon.tsx b/desktop/packages/design-system/src/components/AgentIcon.tsx
index 4c0d827..6660ad2 100644
--- a/desktop/packages/design-system/src/components/AgentIcon.tsx
+++ b/desktop/packages/design-system/src/components/AgentIcon.tsx
@@ -1,31 +1,60 @@
-import { siClaude, siGooglegemini } from "simple-icons";
+import {
+  siClaude,
+  siCursor,
+  siGithubcopilot,
+  siGooglegemini,
+  siHuggingface,
+  siMistralai,
+  siOllama,
+  siPerplexity,
+  siWindsurf,
+} from "simple-icons";
 import styles from "./AgentIcon.module.css";
 
 type Mark = { path: string; hex: string };
+const m = (i: { path: string; hex: string }): Mark => ({ path: i.path, hex: `#${i.hex}` });
 
 // Real brand marks from Simple Icons (the standard licensed brand-icon
-// library) where the brand permits redistribution. OpenAI/Codex is NOT in the
-// library (the brand restricts its logo — Simple Icons removed it), so those
-// fall back to a clean brand-tinted chip. A brand mark is only ever shown to
-// indicate that integration (nominative use).
+// library), keyed by agent family + common aliases. A brand mark is only ever
+// shown to indicate that integration (nominative use). Families the library
+// omits — notably OpenAI/Codex, whose mark the brand restricts (Simple Icons
+// removed it) — fall back to a clean brand-tinted chip rather than a
+// hand-copied logo.
 const BRAND: Record<string, Mark> = {
-  claude: { path: siClaude.path, hex: `#${siClaude.hex}` },
-  gemini: { path: siGooglegemini.path, hex: `#${siGooglegemini.hex}` },
+  claude: m(siClaude),
+  anthropic: m(siClaude),
+  gemini: m(siGooglegemini),
+  google: m(siGooglegemini),
+  ollama: m(siOllama),
+  perplexity: m(siPerplexity),
+  mistral: m(siMistralai),
+  copilot: m(siGithubcopilot),
+  githubcopilot: m(siGithubcopilot),
+  cursor: m(siCursor),
+  windsurf: m(siWindsurf),
+  huggingface: m(siHuggingface),
+  hermes: m(siHuggingface), // Nous Hermes ships on Hugging Face
 };
 
 const FALLBACK_TINT: Record<string, string> = {
   codex: "#10a37f",
+  openai: "#10a37f",
   opencode: "#8ab4d8",
-  hermes: "#a78bfa",
 };
 
 export function AgentIcon({ family, size = 26 }: { family: string; size?: number }) {
   const key = family.toLowerCase();
   const brand = BRAND[key];
   if (brand) {
+    // Simple Icons marks are near-black for some brands; on a dark UI use the
+    // foreground tint for those so they stay visible.
+    const hx = brand.hex.toLowerCase();
+    const dark = hx === "#000000" || hx === "#191919" || hx === "#0b100f";
+    const color = dark ? "var(--text)" : brand.hex;
+    const bg = dark ? "var(--hairline-strong)" : `color-mix(in srgb, ${brand.hex} 16%, transparent)`;
     return (
-      <span className={styles.icon} style={{ width: size, height: size, background: `color-mix(in srgb, ${brand.hex} 16%, transparent)` }}>
-        <svg width={Math.round(size * 0.56)} height={Math.round(size * 0.56)} viewBox="0 0 24 24" fill={brand.hex} aria-label={family}>
+      <span className={styles.icon} style={{ width: size, height: size, background: bg }}>
+        <svg width={Math.round(size * 0.56)} height={Math.round(size * 0.56)} viewBox="0 0 24 24" fill={color} aria-label={family}>
           <path d={brand.path} />
         </svg>
       </span>

From 6ce80f631d066aab91866d663f38fbb525ac8669 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 00:54:14 +0300
Subject: [PATCH 22/86] feat(desktop): drop-in custom agent logos
 (assets/logos)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

AgentIcon now resolves icons in order: a custom asset at
design-system/src/assets/logos/<family>.svg|png (picked up automatically via
import.meta.glob) -> the bundled Simple Icons brand mark -> a tinted fallback
chip. Lets the owner supply a logo the default licensed set omits (e.g. Codex)
by sourcing an SVG from a licensed set (lobehub.com/icons, MIT) and saving it
in that folder — no heavyweight icon dependency, no bundled restricted mark.
---
 .../design-system/src/assets/logos/README.md  |  9 ++++++++
 .../src/components/AgentIcon.tsx              | 22 +++++++++++++++++++
 .../packages/design-system/src/types/css.d.ts |  7 ++++++
 3 files changed, 38 insertions(+)
 create mode 100644 desktop/packages/design-system/src/assets/logos/README.md

diff --git a/desktop/packages/design-system/src/assets/logos/README.md b/desktop/packages/design-system/src/assets/logos/README.md
new file mode 100644
index 0000000..06ad00f
--- /dev/null
+++ b/desktop/packages/design-system/src/assets/logos/README.md
@@ -0,0 +1,9 @@
+# Custom agent logos
+
+Drop a `<family>.svg` (or `.png`) here and `AgentIcon` uses it automatically,
+ahead of the built-in Simple Icons marks. Filename = the agent family,
+lowercase. Examples: `codex.svg`, `opencode.svg`.
+
+Source SVGs from a properly-licensed set — e.g. https://lobehub.com/icons
+(MIT). This keeps brand-logo sourcing an explicit, owner-made choice and
+avoids bundling marks the default icon library omits.
diff --git a/desktop/packages/design-system/src/components/AgentIcon.tsx b/desktop/packages/design-system/src/components/AgentIcon.tsx
index 6660ad2..6c5ef92 100644
--- a/desktop/packages/design-system/src/components/AgentIcon.tsx
+++ b/desktop/packages/design-system/src/components/AgentIcon.tsx
@@ -11,6 +11,20 @@ import {
 } from "simple-icons";
 import styles from "./AgentIcon.module.css";
 
+// Custom logo assets: drop a `<family>.svg` (or .png) into assets/logos/ and
+// it's used automatically, ahead of the built-in marks. Lets the project owner
+// supply a logo we don't bundle (e.g. brands the licensed icon set omits)
+// without us reproducing a restricted mark.
+const CUSTOM: Record<string, string> = (() => {
+  const files = import.meta.glob("../assets/logos/*.{svg,png}", { eager: true, query: "?url", import: "default" }) as Record<string, string>;
+  const out: Record<string, string> = {};
+  for (const path in files) {
+    const base = path.split("/").pop()?.replace(/\.(svg|png)$/, "");
+    if (base) out[base.toLowerCase()] = files[path];
+  }
+  return out;
+})();
+
 type Mark = { path: string; hex: string };
 const m = (i: { path: string; hex: string }): Mark => ({ path: i.path, hex: `#${i.hex}` });
 
@@ -44,6 +58,14 @@ const FALLBACK_TINT: Record<string, string> = {
 
 export function AgentIcon({ family, size = 26 }: { family: string; size?: number }) {
   const key = family.toLowerCase();
+  const custom = CUSTOM[key];
+  if (custom) {
+    return (
+      <span className={styles.icon} style={{ width: size, height: size, background: "var(--hairline-strong)" }}>
+        <img src={custom} alt={family} width={Math.round(size * 0.6)} height={Math.round(size * 0.6)} />
+      </span>
+    );
+  }
   const brand = BRAND[key];
   if (brand) {
     // Simple Icons marks are near-black for some brands; on a dark UI use the
diff --git a/desktop/packages/design-system/src/types/css.d.ts b/desktop/packages/design-system/src/types/css.d.ts
index f8c72d2..413fec2 100644
--- a/desktop/packages/design-system/src/types/css.d.ts
+++ b/desktop/packages/design-system/src/types/css.d.ts
@@ -3,3 +3,10 @@ declare module "*.module.css" {
   export default classes;
 }
 declare module "*.css";
+
+interface ImportMeta {
+  glob: (
+    pattern: string,
+    opts?: { eager?: boolean; query?: string; import?: string },
+  ) => Record<string, string>;
+}

From 436258cd8e373e526981de473bcff3c835e08779 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 01:20:47 +0300
Subject: [PATCH 23/86] feat(desktop): add owner-supplied Codex logo asset

Owner-sourced Codex mark (from lobehub.com/icons, MIT) dropped into
assets/logos/; AgentIcon's custom-logo loader renders it automatically.
---
 desktop/packages/design-system/src/assets/logos/codex.svg | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 desktop/packages/design-system/src/assets/logos/codex.svg

diff --git a/desktop/packages/design-system/src/assets/logos/codex.svg b/desktop/packages/design-system/src/assets/logos/codex.svg
new file mode 100644
index 0000000..c77ccfd
--- /dev/null
+++ b/desktop/packages/design-system/src/assets/logos/codex.svg
@@ -0,0 +1 @@
+<svg height="1em" style="flex:none;line-height:1" viewBox="0 0 24 24" width="1em" xmlns="http://www.w3.org/2000/svg"><title>Codex</title><path d="M19.503 0H4.496A4.496 4.496 0 000 4.496v15.007A4.496 4.496 0 004.496 24h15.007A4.496 4.496 0 0024 19.503V4.496A4.496 4.496 0 0019.503 0z" fill="#fff"></path><path d="M9.064 3.344a4.578 4.578 0 012.285-.312c1 .115 1.891.54 2.673 1.275.01.01.024.017.037.021a.09.09 0 00.043 0 4.55 4.55 0 013.046.275l.047.022.116.057a4.581 4.581 0 012.188 2.399c.209.51.313 1.041.315 1.595a4.24 4.24 0 01-.134 1.223.123.123 0 00.03.115c.594.607.988 1.33 1.183 2.17.289 1.425-.007 2.71-.887 3.854l-.136.166a4.548 4.548 0 01-2.201 1.388.123.123 0 00-.081.076c-.191.551-.383 1.023-.74 1.494-.9 1.187-2.222 1.846-3.711 1.838-1.187-.006-2.239-.44-3.157-1.302a.107.107 0 00-.105-.024c-.388.125-.78.143-1.204.138a4.441 4.441 0 01-1.945-.466 4.544 4.544 0 01-1.61-1.335c-.152-.202-.303-.392-.414-.617a5.81 5.81 0 01-.37-.961 4.582 4.582 0 01-.014-2.298.124.124 0 00.006-.056.085.085 0 00-.027-.048 4.467 4.467 0 01-1.034-1.651 3.896 3.896 0 01-.251-1.192 5.189 5.189 0 01.141-1.6c.337-1.112.982-1.985 1.933-2.618.212-.141.413-.251.601-.33.215-.089.43-.164.646-.227a.098.098 0 00.065-.066 4.51 4.51 0 01.829-1.615 4.535 4.535 0 011.837-1.388zm3.482 10.565a.637.637 0 000 1.272h3.636a.637.637 0 100-1.272h-3.636zM8.462 9.23a.637.637 0 00-1.106.631l1.272 2.224-1.266 2.136a.636.636 0 101.095.649l1.454-2.455a.636.636 0 00.005-.64L8.462 9.23z" fill="url(#lobe-icons-codex-_R_0_)"></path><defs><linearGradient gradientUnits="userSpaceOnUse" id="lobe-icons-codex-_R_0_" x1="12" x2="12" y1="3" y2="21"><stop stop-color="#B1A7FF"></stop><stop offset=".5" stop-color="#7A9DFF"></stop><stop offset="1" stop-color="#3941FF"></stop></linearGradient></defs></svg>
\ No newline at end of file

From 536d7aacd25f5b89d0aca57a43ebb6cf019aa5e5 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 01:41:21 +0300
Subject: [PATCH 24/86] feat(pairing): AirDrop-style approve prompt for
 cross-device pairing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Surface the daemon's existing pairing ledger (a2a.PairingStore) so the
receiving device shows an approve/deny prompt when another machine wants to
pair:
- core: new `clawtool peer pair list|approve|deny` CLI over GlobalPairingStore
  (pending requests carry a short code; approve/deny by code or fingerprint).
- app: PairList/PairApprove/PairDeny bindings + a PairPrompt that polls the
  ledger and overlays "<device> wants to pair · code <code> · Deny/Accept".

The receiving prompt + approve/deny is complete and unit-tested (CLI). The
pending request is created when the other device contacts this one over the
existing relay path; an explicit sender-side "Pair" button (proactive request
to a discovered device) is the remaining piece and needs a two-device test.
---
 cmd/clawtool-installer/app.go                 | 43 +++++++++++
 desktop/apps/app-ui/src/App.tsx               |  2 +
 .../src/components/PairPrompt.module.css      | 31 ++++++++
 .../apps/app-ui/src/components/PairPrompt.tsx | 58 +++++++++++++++
 desktop/packages/bridge/src/app.ts            |  6 ++
 desktop/packages/bridge/src/types.ts          | 11 +++
 internal/cli/peer.go                          |  2 +
 internal/cli/peer_pair.go                     | 73 +++++++++++++++++++
 8 files changed, 226 insertions(+)
 create mode 100644 desktop/apps/app-ui/src/components/PairPrompt.module.css
 create mode 100644 desktop/apps/app-ui/src/components/PairPrompt.tsx
 create mode 100644 internal/cli/peer_pair.go

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index bad54b8..92ff0ee 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -725,6 +725,49 @@ func (a *App) BridgeAdd(family string) string {
 	return `{"ok":true}`
 }
 
+// PairList returns the daemon's pairing ledger (pending + decided requests)
+// as the raw JSON array from `clawtool peer pair list --json`. The app polls
+// this to surface an incoming "X wants to pair" approval prompt.
+func (a *App) PairList() string {
+	bin, err := locateClawtool()
+	if err != nil {
+		return "[]"
+	}
+	cmd := exec.Command(bin, "peer", "pair", "list", "--json")
+	hideConsole(cmd)
+	out, err := cmd.Output()
+	if err != nil || len(out) == 0 {
+		return "[]"
+	}
+	return string(out)
+}
+
+// PairApprove / PairDeny resolve a pending pairing request by its short code
+// or fingerprint — the Accept / Deny actions on the approval prompt.
+func (a *App) PairApprove(selector string) string { return a.pairDecide("approve", selector) }
+func (a *App) PairDeny(selector string) string    { return a.pairDecide("deny", selector) }
+
+func (a *App) pairDecide(action, selector string) string {
+	selector = strings.TrimSpace(selector)
+	if selector == "" {
+		return jsonErr("missing pairing selector")
+	}
+	bin, err := locateClawtool()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	cmd := exec.Command(bin, "peer", "pair", action, selector)
+	hideConsole(cmd)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		msg := firstLine(out)
+		if msg == "" {
+			msg = "could not " + action + " the pairing request"
+		}
+		return jsonErr(msg)
+	}
+	return `{"ok":true}`
+}
+
 // LocalCard returns this device's public A2A Agent Card
 // (/.well-known/agent-card.json) — capability/skill metadata, no secrets —
 // for the Agents tab to display. Raw daemon body on success.
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 577a3a5..ebe69f1 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -6,6 +6,7 @@ import { Home } from "./views/Home";
 import { Agents } from "./views/Agents";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
+import { PairPrompt } from "./components/PairPrompt";
 import styles from "./App.module.css";
 
 type View = "home" | "agents" | "network" | "updates";
@@ -52,6 +53,7 @@ export function App() {
           {view === "updates" ? <Updates brand={brand} /> : null}
         </main>
       </div>
+      <PairPrompt />
     </div>
   );
 }
diff --git a/desktop/apps/app-ui/src/components/PairPrompt.module.css b/desktop/apps/app-ui/src/components/PairPrompt.module.css
new file mode 100644
index 0000000..1c64b04
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/PairPrompt.module.css
@@ -0,0 +1,31 @@
+.overlay {
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.55);
+  display: grid;
+  place-items: center;
+  z-index: 100;
+}
+.modal {
+  width: 380px;
+  max-width: calc(100vw - 48px);
+  background: var(--surface);
+  border: 1px solid var(--hairline-strong);
+  border-radius: var(--radius-lg);
+  box-shadow: var(--shadow-overlay);
+  padding: 22px;
+}
+.title { font-size: var(--size-lg); font-weight: 600; }
+.body { color: var(--text-secondary); font-size: 13px; line-height: 1.5; margin-top: 8px; }
+.body b { color: var(--text); font-weight: 600; }
+.code {
+  margin-top: 14px;
+  padding: 8px 12px;
+  background: var(--surface-recessed);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  color: var(--text-secondary);
+  font-size: 12.5px;
+}
+.code .mono { color: var(--accent); letter-spacing: 0.08em; }
+.actions { display: flex; justify-content: flex-end; gap: 12px; margin-top: 20px; }
diff --git a/desktop/apps/app-ui/src/components/PairPrompt.tsx b/desktop/apps/app-ui/src/components/PairPrompt.tsx
new file mode 100644
index 0000000..6d0499b
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/PairPrompt.tsx
@@ -0,0 +1,58 @@
+import { useEffect, useState } from "react";
+import { Button } from "@clawtool/design-system";
+import { App, type PairingRequest } from "@clawtool/bridge";
+import styles from "./PairPrompt.module.css";
+
+// Polls the daemon's pairing ledger; when a remote device's request is
+// pending, surfaces an approve/deny prompt over the whole app — the
+// receiving end of "another device wants to pair with this one".
+export function PairPrompt() {
+  const [req, setReq] = useState<PairingRequest | null>(null);
+  const [busy, setBusy] = useState(false);
+
+  async function poll() {
+    const list = await App.pairList();
+    setReq(Array.isArray(list) ? (list.find((r) => r.state === "pending") ?? null) : null);
+  }
+
+  useEffect(() => {
+    poll();
+    const t = setInterval(poll, 3000);
+    return () => clearInterval(t);
+  }, []);
+
+  if (!req) return null;
+
+  async function decide(approve: boolean) {
+    if (!req) return;
+    setBusy(true);
+    const sel = req.code || req.fingerprint;
+    await (approve ? App.pairApprove(sel) : App.pairDeny(sel));
+    setReq(null);
+    setBusy(false);
+    poll();
+  }
+
+  return (
+    <div className={styles.overlay}>
+      <div className={styles.modal}>
+        <div className={styles.title}>Pairing request</div>
+        <p className={styles.body}>
+          <b>{req.display_name || req.address || "A device"}</b> on your network wants to pair with this device and see
+          its agents.
+        </p>
+        <div className={styles.code}>
+          code <span className="mono">{req.code}</span>
+        </div>
+        <div className={styles.actions}>
+          <Button variant="secondary" disabled={busy} onClick={() => decide(false)}>
+            Deny
+          </Button>
+          <Button variant="primary" disabled={busy} onClick={() => decide(true)}>
+            Accept
+          </Button>
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index a6ccae4..0fb8d4b 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -10,6 +10,7 @@ import type {
   LanStatus,
   Mode,
   NetworkSnapshot,
+  PairingRequest,
   PeerAgentsResult,
   Result,
   UpdateInfo,
@@ -51,6 +52,11 @@ export const App = {
   bridgeAdd: (family: string) => callJSON<Result>("BridgeAdd", OK_FALSE, family),
   localCard: () => callJSON<AgentCard>("LocalCard", {}),
 
+  // cross-device pairing approval ledger
+  pairList: () => callJSON<PairingRequest[]>("PairList", []),
+  pairApprove: (selector: string) => callJSON<Result>("PairApprove", OK_FALSE, selector),
+  pairDeny: (selector: string) => callJSON<Result>("PairDeny", OK_FALSE, selector),
+
   // cross-device (circle key + LAN)
   circleStatus: () => callJSON<CircleStatus>("CircleStatus", { ok: false }),
   circleGenerate: () => callJSON<Result>("CircleGenerate", OK_FALSE),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index 1b2a974..c6372ce 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -62,6 +62,17 @@ export type AgentCard = {
   [k: string]: unknown;
 };
 
+export type PairingState = "pending" | "approved" | "denied";
+export type PairingRequest = {
+  fingerprint: string;
+  display_name?: string;
+  address?: string;
+  code: string;
+  state: PairingState;
+  first_seen?: string;
+  decided_at?: string;
+};
+
 export type Result = { ok: boolean; error?: string; [k: string]: unknown };
 export type CircleStatus = { ok: boolean; has_key?: boolean; key?: string };
 export type LanStatus = { ok: boolean; enabled?: boolean };
diff --git a/internal/cli/peer.go b/internal/cli/peer.go
index 7bf7eef..ceada8f 100644
--- a/internal/cli/peer.go
+++ b/internal/cli/peer.go
@@ -126,6 +126,8 @@ func (a *App) runPeer(argv []string) int {
 		return a.runPeerDrain(argv[1:])
 	case "list":
 		return a.runPeerList(argv[1:])
+	case "pair":
+		return a.runPeerPair(argv[1:])
 	default:
 		fmt.Fprintf(a.Stderr, "clawtool peer: unknown subcommand %q\n\n%s", argv[0], peerUsage)
 		return 2
diff --git a/internal/cli/peer_pair.go b/internal/cli/peer_pair.go
new file mode 100644
index 0000000..fa6106b
--- /dev/null
+++ b/internal/cli/peer_pair.go
@@ -0,0 +1,73 @@
+// Package cli — `clawtool peer pair` subcommand: operator-facing surface over
+// the daemon-local pairing ledger (internal/a2a PairingStore). A remote peer's
+// first contact is recorded pending (with a short code); this is how the
+// receiving operator (and the desktop app's approval prompt) lists and
+// approves/denies those requests.
+//
+//	clawtool peer pair list [--json]            — show pending/decided requests
+//	clawtool peer pair approve <code|fingerprint>
+//	clawtool peer pair deny    <code|fingerprint>
+package cli
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+func (a *App) runPeerPair(argv []string) int {
+	if len(argv) == 0 {
+		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|approve|deny> ...\n")
+		return 2
+	}
+	store := a2a.GlobalPairingStore()
+	switch argv[0] {
+	case "list":
+		fs := flag.NewFlagSet("peer pair list", flag.ContinueOnError)
+		asJSON := fs.Bool("json", false, "emit JSON")
+		if err := fs.Parse(argv[1:]); err != nil {
+			return 2
+		}
+		reqs := store.List()
+		if *asJSON {
+			b, _ := json.Marshal(reqs)
+			fmt.Fprintln(a.Stdout, string(b))
+			return 0
+		}
+		if len(reqs) == 0 {
+			fmt.Fprintln(a.Stdout, "no pairing requests")
+			return 0
+		}
+		for _, r := range reqs {
+			fmt.Fprintf(a.Stdout, "%-8s  %-10s  %s  %s\n", r.State, r.Code, r.DisplayName, r.Fingerprint)
+		}
+		return 0
+	case "approve", "deny":
+		if len(argv) < 2 {
+			fmt.Fprintf(a.Stderr, "usage: clawtool peer pair %s <code|fingerprint>\n", argv[0])
+			return 2
+		}
+		sel := argv[1]
+		var (
+			r   *a2a.PairingRequest
+			err error
+		)
+		if argv[0] == "approve" {
+			r, err = store.Approve(sel)
+		} else {
+			r, err = store.Deny(sel)
+		}
+		if err != nil {
+			fmt.Fprintf(a.Stderr, "clawtool peer pair %s: %v\n", argv[0], err)
+			return 1
+		}
+		b, _ := json.Marshal(map[string]any{"ok": true, "state": r.State, "fingerprint": r.Fingerprint})
+		fmt.Fprintln(a.Stdout, string(b))
+		return 0
+	default:
+		fmt.Fprintf(a.Stderr, "clawtool peer pair: unknown subcommand %q\n", argv[0])
+		return 2
+	}
+}

From 2db774c99bfb3e060d58767147cb89dd774c0f67 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 02:18:49 +0300
Subject: [PATCH 25/86] =?UTF-8?q?feat(pairing):=20proactive=20send=20?=
 =?UTF-8?q?=E2=80=94=20pick=20a=20discovered=20device=20and=20request=20to?=
 =?UTF-8?q?=20pair?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sender side of cross-device pairing:
- core: POST /v1/peers/{id}/pair-request — resolves the peer's address from
  the registry and relays this device's install fingerprint + display name to
  the peer's /v1/relay (circle-key authed, mirrors proxyPeerAgents), so the
  peer records a pending request and shows its approve prompt. New
  `clawtool peer pair request <peer_id>` CLI calls it via the local daemon.
- app: PairRequest binding + Network "Devices on your network" now lists
  mDNS-discovered clawtool devices (name + address + status) each with a Pair
  button that sends the request.

Pairs with the existing approve popup: Pair here -> approve prompt there.
Cross-device handoff still needs a two-device (Mac+Windows) smoke test.
---
 cmd/clawtool-installer/app.go             | 24 ++++++++++
 desktop/apps/app-ui/src/App.module.css    | 11 +++++
 desktop/apps/app-ui/src/views/Network.tsx | 37 +++++++++++----
 desktop/packages/bridge/src/app.ts        |  1 +
 internal/cli/peer_pair.go                 | 17 ++++++-
 internal/server/peers_handler.go          | 58 +++++++++++++++++++++++
 6 files changed, 138 insertions(+), 10 deletions(-)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 92ff0ee..321b582 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -768,6 +768,30 @@ func (a *App) pairDecide(action, selector string) string {
 	return `{"ok":true}`
 }
 
+// PairRequest asks a discovered peer to pair — `clawtool peer pair request
+// <peer_id>` — which makes that device show an approve/deny prompt. Returns
+// the daemon's JSON ({ok,sent} | {not_in_circle} | {needs_circle_key} | error).
+func (a *App) PairRequest(peerID string) string {
+	peerID = strings.TrimSpace(peerID)
+	if peerID == "" {
+		return jsonErr("missing peer id")
+	}
+	bin, err := locateClawtool()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	cmd := exec.Command(bin, "peer", "pair", "request", peerID)
+	hideConsole(cmd)
+	out, err := cmd.Output()
+	if err != nil {
+		return jsonErr("could not send the pairing request")
+	}
+	if s := strings.TrimSpace(string(out)); s != "" {
+		return s
+	}
+	return `{"ok":true}`
+}
+
 // LocalCard returns this device's public A2A Agent Card
 // (/.well-known/agent-card.json) — capability/skill metadata, no secrets —
 // for the Agents tab to display. Raw daemon body on success.
diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 33ccf39..4eedbf4 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -57,6 +57,17 @@
 .err { color: var(--warning); font-size: 12.5px; margin-top: 8px; }
 .linklike { background: none; border: 0; padding: 0; color: var(--accent); cursor: pointer; font: inherit; font-size: var(--size-md); }
 .linklike:hover { text-decoration: underline; }
+.deviceRow {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 11px 6px;
+  border-bottom: 1px solid var(--hairline);
+}
+.deviceRow:hover { background: var(--hover); }
+.deviceName { font-weight: 550; font-size: var(--size-md); }
+.deviceMeta { color: var(--text-secondary); font-size: var(--size-sm); margin-top: 1px; font-family: var(--font-mono); }
+.deviceRight { margin-left: auto; display: flex; align-items: center; gap: 12px; }
 .keybox {
   font: 500 12.5px var(--font-mono);
   color: var(--text);
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index d6dc378..4d25821 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -1,5 +1,5 @@
 import { useEffect, useState } from "react";
-import { Badge, Button, EmptyRow, KVRow, KeyValue, List, SectionHeader, Switch } from "@clawtool/design-system";
+import { Badge, Button, EmptyRow, List, SectionHeader, Switch } from "@clawtool/design-system";
 import { App, type Brand, type Peer } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
@@ -28,6 +28,7 @@ export function Network({ brand }: { brand: Brand }) {
   const [joinKey, setJoinKey] = useState("");
   const [joinErr, setJoinErr] = useState("");
   const [toast, setToast] = useState("");
+  const [pairing, setPairing] = useState("");
 
   async function loadNetwork() {
     const snap = await App.networkSnapshot();
@@ -80,6 +81,15 @@ export function Network({ brand }: { brand: Brand }) {
       setJoinErr(typeof r.error === "string" ? r.error : "Couldn't set the circle key");
     }
   }
+  async function sendPair(p: Peer) {
+    setPairing(p.peer_id);
+    const r = (await App.pairRequest(p.peer_id)) as Record<string, unknown>;
+    if (r.ok && r.sent) setToast(`Pairing request sent to ${p.display_name || p.peer_id}`);
+    else if (r.needs_circle_key) setToast("Generate a pairing key here first");
+    else if (r.not_in_circle) setToast("That device isn't in your circle — share the same pairing key");
+    else setToast(typeof r.error === "string" ? r.error : "Couldn't send the request");
+    setPairing("");
+  }
   async function toggleLan(next: boolean) {
     setLanBusy(true);
     await (next ? App.lanEnable() : App.lanDisable());
@@ -162,20 +172,29 @@ export function Network({ brand }: { brand: Brand }) {
         <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
       </div>
 
-      <SectionHeader title={`Devices${peers.length ? ` (${peers.length})` : ""}`} />
+      <SectionHeader title={`Devices on your network${peers.length ? ` (${peers.length})` : ""}`} />
       {peers.length ? (
-        <KeyValue>
+        <List>
           {peers.map((p) => (
-            <KVRow key={p.peer_id} k={p.display_name || p.metadata?.hostname || p.peer_id}>
-              <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
-            </KVRow>
+            <div key={p.peer_id} className={styles.deviceRow}>
+              <div>
+                <div className={styles.deviceName}>{p.display_name || p.metadata?.hostname || p.peer_id}</div>
+                <div className={styles.deviceMeta}>{p.metadata?.address || p.metadata?.hostname || "on this network"}</div>
+              </div>
+              <span className={styles.deviceRight}>
+                <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
+                <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
+                  Pair
+                </Button>
+              </span>
+            </div>
           ))}
-        </KeyValue>
+        </List>
       ) : (
         <List>
           <EmptyRow>
-            No devices discovered yet. Start {brand.name} on another machine on this network — paired devices appear
-            automatically over mDNS.
+            No devices discovered yet. Start {brand.name} on another machine on this network — clawtool devices appear
+            here automatically over mDNS, then hit Pair to request a connection.
           </EmptyRow>
         </List>
       )}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 0fb8d4b..823f085 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -56,6 +56,7 @@ export const App = {
   pairList: () => callJSON<PairingRequest[]>("PairList", []),
   pairApprove: (selector: string) => callJSON<Result>("PairApprove", OK_FALSE, selector),
   pairDeny: (selector: string) => callJSON<Result>("PairDeny", OK_FALSE, selector),
+  pairRequest: (peerID: string) => callJSON<Result>("PairRequest", OK_FALSE, peerID),
 
   // cross-device (circle key + LAN)
   circleStatus: () => callJSON<CircleStatus>("CircleStatus", { ok: false }),
diff --git a/internal/cli/peer_pair.go b/internal/cli/peer_pair.go
index fa6106b..829d992 100644
--- a/internal/cli/peer_pair.go
+++ b/internal/cli/peer_pair.go
@@ -13,13 +13,15 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
+	"net/http"
 
 	"github.com/cogitave/clawtool/internal/a2a"
+	"github.com/cogitave/clawtool/internal/daemon"
 )
 
 func (a *App) runPeerPair(argv []string) int {
 	if len(argv) == 0 {
-		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|approve|deny> ...\n")
+		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|request|approve|deny> ...\n")
 		return 2
 	}
 	store := a2a.GlobalPairingStore()
@@ -44,6 +46,19 @@ func (a *App) runPeerPair(argv []string) int {
 			fmt.Fprintf(a.Stdout, "%-8s  %-10s  %s  %s\n", r.State, r.Code, r.DisplayName, r.Fingerprint)
 		}
 		return 0
+	case "request":
+		if len(argv) < 2 {
+			fmt.Fprintf(a.Stderr, "usage: clawtool peer pair request <peer_id>\n")
+			return 2
+		}
+		var out map[string]any
+		if err := daemon.HTTPRequest(http.MethodPost, "/v1/peers/"+argv[1]+"/pair-request", nil, &out); err != nil {
+			fmt.Fprintf(a.Stderr, "clawtool peer pair request: %v\n", err)
+			return 1
+		}
+		b, _ := json.Marshal(out)
+		fmt.Fprintln(a.Stdout, string(b))
+		return 0
 	case "approve", "deny":
 		if len(argv) < 2 {
 			fmt.Fprintf(a.Stderr, "usage: clawtool peer pair %s <code|fingerprint>\n", argv[0])
diff --git a/internal/server/peers_handler.go b/internal/server/peers_handler.go
index 72b48dc..f637078 100644
--- a/internal/server/peers_handler.go
+++ b/internal/server/peers_handler.go
@@ -26,6 +26,7 @@
 package server
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"io"
@@ -82,6 +83,10 @@ func handlePeers(w http.ResponseWriter, r *http.Request) {
 		peerID := strings.TrimSuffix(tail, "/agents")
 		proxyPeerAgents(w, r, reg, peerID)
 
+	case strings.HasSuffix(tail, "/pair-request") && r.Method == http.MethodPost:
+		peerID := strings.TrimSuffix(tail, "/pair-request")
+		sendPairRequest(w, r, reg, peerID)
+
 	case tail != "" && !strings.Contains(tail, "/") && r.Method == http.MethodDelete:
 		deregisterPeer(w, r, reg, tail)
 
@@ -420,3 +425,56 @@ func proxyPeerAgents(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 	w.WriteHeader(http.StatusOK)
 	_, _ = w.Write(body)
 }
+
+// sendPairRequest tells a discovered peer's daemon that this device wants to
+// pair: it POSTs a minimal relay to the peer's /v1/relay carrying THIS
+// device's install fingerprint + display name. The peer records a pending
+// pairing request (and surfaces the approve/deny prompt on its screen).
+// Authenticated with the shared circle key, exactly like proxyPeerAgents.
+func sendPairRequest(w http.ResponseWriter, r *http.Request, reg *a2a.Registry, peerID string) {
+	peer := reg.Get(peerID)
+	if peer == nil {
+		writeJSON(w, http.StatusNotFound, map[string]any{"error": "no peer with that id", "got_id": peerID})
+		return
+	}
+	key, _ := a2a.LoadCircleKey()
+	if key == "" {
+		writeJSON(w, http.StatusOK, map[string]any{
+			"needs_circle_key": true,
+			"hint":             "generate a pairing key here and set the same key on the peer first",
+		})
+		return
+	}
+	base := peerBaseURL(peer)
+	if base == "" {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "peer advertised no reachable address", "peer_id": peerID})
+		return
+	}
+	reqBody, _ := json.Marshal(map[string]any{
+		"from_fingerprint":  a2a.InstallID(),
+		"from_display_name": a2a.InstallDisplayName(),
+		"text":              "wants to pair",
+	})
+	ctx, cancel := context.WithTimeout(r.Context(), 4*time.Second)
+	defer cancel()
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/relay", bytes.NewReader(reqBody))
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "bad peer address: " + err.Error()})
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(a2a.CircleKeyHeader, key)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "could not reach peer: " + err.Error(), "peer_id": peerID})
+		return
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode == http.StatusUnauthorized {
+		writeJSON(w, http.StatusOK, map[string]any{"not_in_circle": true, "hint": "this peer doesn't share your pairing key — set the same key on both"})
+		return
+	}
+	// 202 pairing_required is the SUCCESS case: the peer recorded our request
+	// and is waiting for its operator to approve on screen.
+	writeJSON(w, http.StatusOK, map[string]any{"ok": true, "sent": true, "peer_id": peerID, "peer_status": resp.StatusCode})
+}

From 302bc19c7c27194c39664ea3cef67d400a9ec46e Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 02:31:47 +0300
Subject: [PATCH 26/86] feat(desktop): Settings view, lucide icons, wordmark in
 titlebar, leaner Home
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Settings view: About (name/version/cli/install dir), Diagnostics that runs
  `clawtool doctor` (new RunDoctor binding) and shows the output, and a GitHub
  link (BrowserOpenURL via a new openURL bridge helper).
- Icons: replace the hand-rolled SVGs with lucide-react (nav + frameless window
  controls); delete the bespoke icons module.
- Titlebar: move the clawtool wordmark into the titlebar (leading edge); the
  sidebar starts straight at the nav. TitleBar gains an optional `brand` slot.
- Home: drop the agent list (Agents tab owns that now) — Home is the status
  hero + a clickable metric strip (Agents / Devices / Cross-device) + footer.
---
 cmd/clawtool-installer/app.go                 | 18 ++++++
 desktop/apps/_gallery/src/main.tsx            |  2 +-
 desktop/apps/app-ui/package.json              |  5 +-
 desktop/apps/app-ui/src/App.module.css        | 14 +++++
 desktop/apps/app-ui/src/App.tsx               | 20 ++++---
 desktop/apps/app-ui/src/icons.tsx             | 42 -------------
 desktop/apps/app-ui/src/views/Home.tsx        | 45 ++------------
 desktop/apps/app-ui/src/views/Settings.tsx    | 59 +++++++++++++++++++
 desktop/packages/bridge/src/app.ts            |  3 +
 desktop/packages/bridge/src/index.ts          |  2 +-
 desktop/packages/bridge/src/runtime.ts        |  5 ++
 desktop/packages/design-system/package.json   |  1 +
 .../src/components/Sidebar.module.css         |  1 +
 .../design-system/src/components/Sidebar.tsx  |  4 +-
 .../src/components/TitleBar.module.css        | 10 +---
 .../design-system/src/components/TitleBar.tsx | 47 +++++++--------
 desktop/pnpm-lock.yaml                        | 15 +++++
 17 files changed, 165 insertions(+), 128 deletions(-)
 delete mode 100644 desktop/apps/app-ui/src/icons.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Settings.tsx

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 321b582..a5cd26c 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -768,6 +768,24 @@ func (a *App) pairDecide(action, selector string) string {
 	return `{"ok":true}`
 }
 
+// RunDoctor runs `clawtool doctor` and returns its full output for the
+// Settings → Diagnostics panel. doctor exits non-zero when it finds issues,
+// but we still want to show what it printed, so the exit code is ignored.
+func (a *App) RunDoctor() string {
+	bin, err := locateClawtool()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	cmd := exec.Command(bin, "doctor")
+	hideConsole(cmd)
+	out, _ := cmd.CombinedOutput()
+	b, _ := json.Marshal(struct {
+		OK     bool   `json:"ok"`
+		Output string `json:"output"`
+	}{true, string(out)})
+	return string(b)
+}
+
 // PairRequest asks a discovered peer to pair — `clawtool peer pair request
 // <peer_id>` — which makes that device show an approve/deny prompt. Returns
 // the daemon's JSON ({ok,sent} | {not_in_circle} | {needs_circle_key} | error).
diff --git a/desktop/apps/_gallery/src/main.tsx b/desktop/apps/_gallery/src/main.tsx
index b6abbf5..0e2f284 100644
--- a/desktop/apps/_gallery/src/main.tsx
+++ b/desktop/apps/_gallery/src/main.tsx
@@ -22,7 +22,7 @@ function Gallery() {
     <div style={{ display: "flex", flexDirection: "column", height: "100vh" }}>
       <TitleBar
         platform="windows"
-        center={<Wordmark />}
+        brand={<Wordmark />}
         controls={{ onMinimize: noop, onToggleMaximize: noop, onClose: noop }}
       />
       <main style={{ flex: 1, overflow: "auto", padding: "30px 36px", display: "flex", flexDirection: "column" }}>
diff --git a/desktop/apps/app-ui/package.json b/desktop/apps/app-ui/package.json
index 043b21f..e420788 100644
--- a/desktop/apps/app-ui/package.json
+++ b/desktop/apps/app-ui/package.json
@@ -10,9 +10,10 @@
   "dependencies": {
     "@clawtool/bridge": "workspace:*",
     "@clawtool/design-system": "workspace:*",
+    "@clawtool/installer-ui": "workspace:*",
+    "lucide-react": "^1.16.0",
     "react": "^18.3.1",
-    "react-dom": "^18.3.1",
-    "@clawtool/installer-ui": "workspace:*"
+    "react-dom": "^18.3.1"
   },
   "devDependencies": {
     "@types/react": "^18.3.12",
diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 4eedbf4..182d98b 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -68,6 +68,20 @@
 .deviceName { font-weight: 550; font-size: var(--size-md); }
 .deviceMeta { color: var(--text-secondary); font-size: var(--size-sm); margin-top: 1px; font-family: var(--font-mono); }
 .deviceRight { margin-left: auto; display: flex; align-items: center; gap: 12px; }
+.doctor {
+  margin-top: 10px;
+  max-width: 640px;
+  max-height: 280px;
+  overflow: auto;
+  background: var(--surface);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  padding: 12px 14px;
+  font: 12px/1.6 var(--font-mono);
+  color: var(--text-secondary);
+  white-space: pre-wrap;
+  word-break: break-word;
+}
 .keybox {
   font: 500 12.5px var(--font-mono);
   color: var(--text);
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index ebe69f1..af9dce5 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -1,15 +1,16 @@
 import { useEffect, useState } from "react";
 import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
 import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
-import { AgentsIcon, HomeIcon, NetworkIcon, UpdatesIcon } from "./icons";
+import { Bot, House, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
 import { Home } from "./views/Home";
 import { Agents } from "./views/Agents";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
+import { Settings } from "./views/Settings";
 import { PairPrompt } from "./components/PairPrompt";
 import styles from "./App.module.css";
 
-type View = "home" | "agents" | "network" | "updates";
+type View = "home" | "agents" | "network" | "updates" | "settings";
 
 export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
@@ -28,12 +29,13 @@ export function App() {
     onClose: () => Win.quit(),
   };
 
+  const ic = { size: 16, strokeWidth: 1.8 };
+
   return (
     <div className={styles.shell}>
-      <TitleBar platform={platform} controls={controls} />
+      <TitleBar platform={platform} brand={<Wordmark name={brand.name} />} controls={controls} />
       <div className={styles.body}>
         <Sidebar
-          top={<Wordmark name={brand.name} />}
           footer={
             <>
               <StatusDot tone="online" />
@@ -41,16 +43,18 @@ export function App() {
             </>
           }
         >
-          <NavItem icon={<HomeIcon />} label="Home" active={view === "home"} onClick={() => setView("home")} />
-          <NavItem icon={<AgentsIcon />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
-          <NavItem icon={<NetworkIcon />} label="Network" active={view === "network"} onClick={() => setView("network")} />
-          <NavItem icon={<UpdatesIcon />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
+          <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
+          <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
+          <NavItem icon={<NetIcon {...ic} />} label="Network" active={view === "network"} onClick={() => setView("network")} />
+          <NavItem icon={<RefreshCw {...ic} />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
+          <NavItem icon={<SettingsGlyph {...ic} />} label="Settings" active={view === "settings"} onClick={() => setView("settings")} />
         </Sidebar>
         <main className={styles.content}>
           {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
           {view === "agents" ? <Agents brand={brand} /> : null}
           {view === "network" ? <Network brand={brand} /> : null}
           {view === "updates" ? <Updates brand={brand} /> : null}
+          {view === "settings" ? <Settings brand={brand} /> : null}
         </main>
       </div>
       <PairPrompt />
diff --git a/desktop/apps/app-ui/src/icons.tsx b/desktop/apps/app-ui/src/icons.tsx
deleted file mode 100644
index 6a85827..0000000
--- a/desktop/apps/app-ui/src/icons.tsx
+++ /dev/null
@@ -1,42 +0,0 @@
-const base = {
-  width: 16,
-  height: 16,
-  viewBox: "0 0 24 24",
-  fill: "none",
-  stroke: "currentColor",
-  strokeWidth: 1.8,
-  strokeLinecap: "round" as const,
-  strokeLinejoin: "round" as const,
-};
-
-export const HomeIcon = () => (
-  <svg {...base}>
-    <path d="M3 11l9-8 9 8" />
-    <path d="M5 10v10h14V10" />
-  </svg>
-);
-
-export const NetworkIcon = () => (
-  <svg {...base}>
-    <circle cx="12" cy="5" r="2.2" />
-    <circle cx="5" cy="19" r="2.2" />
-    <circle cx="19" cy="19" r="2.2" />
-    <path d="M12 7.2v3.8M10.6 13l-4 4M13.4 13l4 4" />
-  </svg>
-);
-
-export const UpdatesIcon = () => (
-  <svg {...base}>
-    <path d="M21 12a9 9 0 1 1-3-6.7" />
-    <path d="M21 4v5h-5" />
-  </svg>
-);
-
-export const AgentsIcon = () => (
-  <svg {...base}>
-    <rect x="4" y="8" width="16" height="11" rx="2" />
-    <path d="M12 8V4M9 4h6" />
-    <circle cx="9" cy="13" r="1" />
-    <circle cx="15" cy="13" r="1" />
-  </svg>
-);
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
index 7a9a823..e6f0a15 100644
--- a/desktop/apps/app-ui/src/views/Home.tsx
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -1,20 +1,11 @@
 import { useEffect, useState } from "react";
-import {
-  AgentRow,
-  Button,
-  EmptyRow,
-  List,
-  Metric,
-  MetricStrip,
-  SectionHeader,
-  StatusDot,
-} from "@clawtool/design-system";
-import { App, type Agent, type Brand } from "@clawtool/bridge";
+import { Button, Metric, MetricStrip, StatusDot } from "@clawtool/design-system";
+import { App, type Brand } from "@clawtool/bridge";
 import styles from "../App.module.css";
 
 export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: string) => void }) {
   const [online, setOnline] = useState(false);
-  const [agents, setAgents] = useState<Agent[]>([]);
+  const [agents, setAgents] = useState(0);
   const [peers, setPeers] = useState(0);
   const [xd, setXd] = useState(false);
 
@@ -24,10 +15,9 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
     setOnline(ok);
     if (!ok) {
       App.ensureGateway();
-      setAgents([]);
       return;
     }
-    setAgents(snap.agents?.agents ?? []);
+    setAgents(snap.agents?.count ?? snap.agents?.agents?.length ?? 0);
     setPeers(snap.peers?.count ?? snap.peers?.peers?.length ?? 0);
     const c = await App.circleStatus();
     setXd(c.ok === true && c.has_key === true);
@@ -51,35 +41,12 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
 
       <div className={styles.metrics}>
         <MetricStrip>
-          <Metric value={String(agents.length)} label="Local agents" />
-          <Metric value={String(peers)} label="LAN peers" dim={peers === 0} />
+          <Metric value={String(agents)} label="Agents" onClick={() => onNavigate("agents")} />
+          <Metric value={String(peers)} label="Devices" dim={peers === 0} onClick={() => onNavigate("network")} />
           <Metric value={xd ? "On" : "Off"} label="Cross-device" dim={!xd} onClick={() => onNavigate("network")} />
         </MetricStrip>
       </div>
 
-      <SectionHeader title="Agents on this device" action={<Button variant="ghost" onClick={() => onNavigate("agents")}>Manage →</Button>} />
-      <List>
-        {agents.length ? (
-          agents.map((a) => (
-            <AgentRow
-              key={a.instance}
-              name={a.instance}
-              family={a.family}
-              meta={a.family + (a.bridge ? ` · ${a.bridge}` : "")}
-              tone={a.callable ? "online" : a.status === "disabled" ? "offline" : "busy"}
-              status={a.status ?? (a.callable ? "callable" : "—")}
-            />
-          ))
-        ) : (
-          <EmptyRow>
-            No agents connected yet.{" "}
-            <button className={styles.linklike} onClick={() => onNavigate("agents")}>
-              Connect an agent →
-            </button>
-          </EmptyRow>
-        )}
-      </List>
-
       <div className={styles.foot}>
         <span>Closing the window keeps {brand.name} running in the menu bar.</span>
         <Button variant="ghost" onClick={() => onNavigate("updates")}>
diff --git a/desktop/apps/app-ui/src/views/Settings.tsx b/desktop/apps/app-ui/src/views/Settings.tsx
new file mode 100644
index 0000000..e20d2a9
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Settings.tsx
@@ -0,0 +1,59 @@
+import { useState } from "react";
+import { Button, KVRow, KeyValue, SectionHeader } from "@clawtool/design-system";
+import { App, openURL, type Brand } from "@clawtool/bridge";
+import styles from "../App.module.css";
+
+export function Settings({ brand }: { brand: Brand }) {
+  const [doctor, setDoctor] = useState("");
+  const [busy, setBusy] = useState(false);
+
+  async function runDoctor() {
+    setBusy(true);
+    setDoctor("Running diagnostics…");
+    const r = await App.runDoctor();
+    setDoctor(r.output?.trim() || (r.ok ? "(no output)" : "diagnostics failed"));
+    setBusy(false);
+  }
+
+  return (
+    <>
+      <h1 className={styles.vh}>Settings</h1>
+      <div className={styles.lead}>About {brand.name} and tools for this device.</div>
+
+      <SectionHeader title="About" />
+      <KeyValue>
+        <KVRow k="Product">{brand.name}</KVRow>
+        <KVRow k="Version">{brand.version ? `v${brand.version}` : "—"}</KVRow>
+        <KVRow k="Command">{brand.cli}</KVRow>
+        <KVRow k="Install location">{brand.installDir || "—"}</KVRow>
+      </KeyValue>
+
+      <SectionHeader
+        title="Diagnostics"
+        action={
+          <Button variant="secondary" disabled={busy} onClick={runDoctor}>
+            Run diagnostics
+          </Button>
+        }
+      />
+      {doctor ? (
+        <pre className={styles.doctor}>{doctor}</pre>
+      ) : (
+        <div className={styles.lead}>
+          Run a health check on this device's gateway, bridges, and agents (<code>{brand.cli} doctor</code>).
+        </div>
+      )}
+
+      <SectionHeader title="Links" />
+      <div style={{ display: "flex", gap: 18, marginTop: 8 }}>
+        <button className={styles.linklike} onClick={() => openURL("https://github.com/cogitave/clawtool")}>
+          GitHub →
+        </button>
+      </div>
+
+      <div className={styles.foot} style={{ paddingTop: 24 }}>
+        Closing the window keeps {brand.name} running in the menu bar.
+      </div>
+    </>
+  );
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 823f085..d163a05 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -46,6 +46,9 @@ export const App = {
   checkUpdate: () => callJSON<UpdateInfo>("CheckUpdate", { ok: false }),
   installUpdate: () => callJSON<Result>("InstallUpdate", OK_FALSE),
 
+  // diagnostics (clawtool doctor)
+  runDoctor: () => callJSON<{ ok: boolean; output?: string }>("RunDoctor", { ok: false }),
+
   // agents (connect/disconnect a host + this device's A2A card)
   agentClaim: (name: string) => callJSON<Result>("AgentClaim", OK_FALSE, name),
   agentRelease: (name: string) => callJSON<Result>("AgentRelease", OK_FALSE, name),
diff --git a/desktop/packages/bridge/src/index.ts b/desktop/packages/bridge/src/index.ts
index 326439d..060f0d3 100644
--- a/desktop/packages/bridge/src/index.ts
+++ b/desktop/packages/bridge/src/index.ts
@@ -1,3 +1,3 @@
 export { App } from "./app";
-export { on, emit, Win, environmentPlatform } from "./runtime";
+export { on, emit, Win, environmentPlatform, openURL } from "./runtime";
 export * from "./types";
diff --git a/desktop/packages/bridge/src/runtime.ts b/desktop/packages/bridge/src/runtime.ts
index 5160425..2f8c483 100644
--- a/desktop/packages/bridge/src/runtime.ts
+++ b/desktop/packages/bridge/src/runtime.ts
@@ -47,6 +47,11 @@ export const Win = {
   quit: () => callRuntime("Quit"),
 };
 
+// Open a URL in the user's default browser (Wails BrowserOpenURL).
+export function openURL(url: string): void {
+  callRuntime("BrowserOpenURL", url);
+}
+
 export async function environmentPlatform(): Promise<Platform> {
   const env = (await callRuntime("Environment")) as { platform?: string } | undefined;
   const p = env?.platform;
diff --git a/desktop/packages/design-system/package.json b/desktop/packages/design-system/package.json
index 95a9496..cb9b457 100644
--- a/desktop/packages/design-system/package.json
+++ b/desktop/packages/design-system/package.json
@@ -21,6 +21,7 @@
     "typescript": "^5.6.3"
   },
   "dependencies": {
+    "lucide-react": "^1.16.0",
     "simple-icons": "^16.21.0"
   }
 }
diff --git a/desktop/packages/design-system/src/components/Sidebar.module.css b/desktop/packages/design-system/src/components/Sidebar.module.css
index eb51127..3599525 100644
--- a/desktop/packages/design-system/src/components/Sidebar.module.css
+++ b/desktop/packages/design-system/src/components/Sidebar.module.css
@@ -8,6 +8,7 @@
   padding: 18px 12px 12px;
 }
 .top { padding: 0 8px 22px; }
+.topPad { height: 8px; }
 .nav { display: flex; flex-direction: column; gap: 1px; }
 .item {
   display: flex;
diff --git a/desktop/packages/design-system/src/components/Sidebar.tsx b/desktop/packages/design-system/src/components/Sidebar.tsx
index cf9c19a..22e7d74 100644
--- a/desktop/packages/design-system/src/components/Sidebar.tsx
+++ b/desktop/packages/design-system/src/components/Sidebar.tsx
@@ -1,10 +1,10 @@
 import type { ReactNode } from "react";
 import styles from "./Sidebar.module.css";
 
-export function Sidebar({ top, children, footer }: { top: ReactNode; children: ReactNode; footer?: ReactNode }) {
+export function Sidebar({ top, children, footer }: { top?: ReactNode; children: ReactNode; footer?: ReactNode }) {
   return (
     <aside className={styles.side}>
-      <div className={styles.top}>{top}</div>
+      {top ? <div className={styles.top}>{top}</div> : <div className={styles.topPad} />}
       <nav className={styles.nav}>{children}</nav>
       {footer ? <div className={styles.footer}>{footer}</div> : null}
     </aside>
diff --git a/desktop/packages/design-system/src/components/TitleBar.module.css b/desktop/packages/design-system/src/components/TitleBar.module.css
index 11cbd14..0f533b9 100644
--- a/desktop/packages/design-system/src/components/TitleBar.module.css
+++ b/desktop/packages/design-system/src/components/TitleBar.module.css
@@ -8,14 +8,8 @@
   flex: none;
 }
 .gutterMac { width: 70px; flex: none; }
-.center {
-  flex: 1;
-  min-width: 0;
-  display: flex;
-  align-items: center;
-  gap: var(--space-2);
-  --wails-draggable: drag;
-}
+.brand { display: flex; align-items: center; gap: var(--space-2); padding-left: 4px; }
+.spacer { flex: 1; min-width: 0; }
 .controls {
   display: flex;
   --wails-draggable: no-drag;
diff --git a/desktop/packages/design-system/src/components/TitleBar.tsx b/desktop/packages/design-system/src/components/TitleBar.tsx
index c9a2d1a..868158d 100644
--- a/desktop/packages/design-system/src/components/TitleBar.tsx
+++ b/desktop/packages/design-system/src/components/TitleBar.tsx
@@ -1,4 +1,5 @@
 import type { CSSProperties, ReactNode } from "react";
+import { Minus, Square, X } from "lucide-react";
 import type { Platform } from "../lib/platform";
 import styles from "./TitleBar.module.css";
 
@@ -8,42 +9,38 @@ export type WindowControls = {
   onClose: () => void;
 };
 
-// Frameless custom titlebar. Controls sit on the LEFT for macOS (where the
-// traffic lights live) and on the RIGHT elsewhere — the one platform
-// difference users expect. The whole bar is the drag region; controls and
-// `center` opt out of dragging.
+// Frameless custom titlebar. Window controls sit on the right (Windows/Linux);
+// on macOS the native inset traffic lights live top-left, so we reserve a
+// gutter and render no custom buttons. `brand` (e.g. the wordmark) sits at the
+// leading edge of the bar. The whole bar is the drag region; buttons opt out.
 export function TitleBar({
   platform,
-  center,
+  brand,
   controls,
-}: { platform: Platform; center?: ReactNode; controls: WindowControls }) {
+}: { platform: Platform; brand?: ReactNode; controls: WindowControls }) {
   const onMac = platform === "darwin";
-  const buttons = (
-    <div className={`${styles.controls} nodrag`}>
-      <button className={styles.btn} aria-label="Minimize" onClick={controls.onMinimize}>
-        <svg width="10" height="10" viewBox="0 0 10 10"><rect x="1" y="4.5" width="8" height="1" fill="currentColor" /></svg>
-      </button>
-      <button className={styles.btn} aria-label="Maximize" onClick={controls.onToggleMaximize}>
-        <svg width="10" height="10" viewBox="0 0 10 10" fill="none" stroke="currentColor"><rect x="1.5" y="1.5" width="7" height="7" /></svg>
-      </button>
-      <button className={`${styles.btn} ${styles.close}`} aria-label="Close" onClick={controls.onClose}>
-        <svg width="10" height="10" viewBox="0 0 10 10" stroke="currentColor" strokeWidth="1.2"><path d="M1 1l8 8M9 1l-8 8" /></svg>
-      </button>
-    </div>
-  );
-
   return (
     <header
       className={styles.bar}
       style={{ "--wails-draggable": "drag" } as CSSProperties}
       onDoubleClick={controls.onToggleMaximize}
     >
-      {/* macOS keeps its native inset traffic lights (top-left): reserve a
-          gutter and render no custom buttons. Windows/Linux: custom controls
-          on the right. */}
       {onMac ? <div className={styles.gutterMac} /> : null}
-      <div className={styles.center}>{center}</div>
-      {onMac ? null : buttons}
+      {brand ? <div className={styles.brand}>{brand}</div> : null}
+      <div className={styles.spacer} />
+      {onMac ? null : (
+        <div className={`${styles.controls} nodrag`}>
+          <button className={styles.btn} aria-label="Minimize" onClick={controls.onMinimize}>
+            <Minus size={15} />
+          </button>
+          <button className={styles.btn} aria-label="Maximize" onClick={controls.onToggleMaximize}>
+            <Square size={12} />
+          </button>
+          <button className={`${styles.btn} ${styles.close}`} aria-label="Close" onClick={controls.onClose}>
+            <X size={15} />
+          </button>
+        </div>
+      )}
     </header>
   );
 }
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index bd7230b..57f7f6d 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -51,6 +51,9 @@ importers:
       '@clawtool/installer-ui':
         specifier: workspace:*
         version: link:../installer-ui
+      lucide-react:
+        specifier: ^1.16.0
+        version: 1.16.0(react@18.3.1)
       react:
         specifier: ^18.3.1
         version: 18.3.1
@@ -144,6 +147,9 @@ importers:
 
   packages/design-system:
     dependencies:
+      lucide-react:
+        specifier: ^1.16.0
+        version: 1.16.0(react@18.3.1)
       react:
         specifier: ^18.3.1
         version: 18.3.1
@@ -672,6 +678,11 @@ packages:
   lru-cache@5.1.1:
     resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==}
 
+  lucide-react@1.16.0:
+    resolution: {integrity: sha512-dYwyPzb4MEKpGUmNYk3WKWPnMrHs3FKM+q94kAnJrcDIqqn1hq2xY8scaS2ovsOCM5D51ey2gaRG3PBb1vgoYQ==}
+    peerDependencies:
+      react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0
+
   ms@2.1.3:
     resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
 
@@ -1196,6 +1207,10 @@ snapshots:
     dependencies:
       yallist: 3.1.1
 
+  lucide-react@1.16.0(react@18.3.1):
+    dependencies:
+      react: 18.3.1
+
   ms@2.1.3: {}
 
   nanoid@3.3.12: {}

From ded2da8caf8cfc4a55b90eea9ce6a267b4985279 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 03:14:22 +0300
Subject: [PATCH 27/86] feat(cli): expose release notes and url in upgrade
 --check --json

The desktop Updates view shows a dynamic "What's new" section, so the
machine-readable check needs the release body + page URL alongside the
existing version fields. Both are omitempty, keeping the contract
backward compatible.
---
 internal/cli/upgrade.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/internal/cli/upgrade.go b/internal/cli/upgrade.go
index 74b4809..028eba2 100644
--- a/internal/cli/upgrade.go
+++ b/internal/cli/upgrade.go
@@ -36,6 +36,8 @@ type upgradeCheck struct {
 	Latest          string `json:"latest"`
 	UpdateAvailable bool   `json:"update_available"`
 	Found           bool   `json:"found"` // false = no release published yet
+	ReleaseNotes    string `json:"release_notes,omitempty"`
+	URL             string `json:"url,omitempty"`
 }
 
 func (a *App) runUpgrade(argv []string) int {
@@ -116,7 +118,7 @@ func (a *App) runUpgrade(argv []string) int {
 	latestVersion := latest.Version()
 	if isComparableVersion(currentVersion) && latest.LessOrEqual(currentVersion) {
 		if jsonOut {
-			a.emitUpgradeCheck(upgradeCheck{Current: currentVersion, Latest: latestVersion, UpdateAvailable: false, Found: true})
+			a.emitUpgradeCheck(upgradeCheck{Current: currentVersion, Latest: latestVersion, UpdateAvailable: false, Found: true, ReleaseNotes: latest.ReleaseNotes, URL: latest.URL})
 			return 0
 		}
 		renderUpToDate(ux, currentVersion, latestVersion)
@@ -124,7 +126,7 @@ func (a *App) runUpgrade(argv []string) int {
 	}
 
 	if jsonOut {
-		a.emitUpgradeCheck(upgradeCheck{Current: currentVersion, Latest: latestVersion, UpdateAvailable: true, Found: true})
+		a.emitUpgradeCheck(upgradeCheck{Current: currentVersion, Latest: latestVersion, UpdateAvailable: true, Found: true, ReleaseNotes: latest.ReleaseNotes, URL: latest.URL})
 		return 0
 	}
 

From a185506aa21a5e80a16781d4d34b6f8ccdb84dff Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 03:14:33 +0300
Subject: [PATCH 28/86] =?UTF-8?q?feat(desktop):=20UI=20polish=20round=20?=
 =?UTF-8?q?=E2=80=94=20shared=20header,=20expandable=20devices,=20dynamic?=
 =?UTF-8?q?=20updates?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Shared view header (title left, action button right) across Home/Agents/
  Network/Updates so every screen aligns the same way; content uses the
  full width instead of a capped column.
- Home: "Engine is running" with the metric strip on the right, pulse removed.
- Network: device rows expand via a chevron to list that device's agents
  (logo, family/bridge/tags, status) loaded from peerAgents; "Settings" side
  pane holds discoverability + pairing key; the pairing key stays locked
  (blurred, lock icon) until the device is discoverable; device list no
  longer clips.
- Updates: a single state-driven button (Check now → Install vX → installing
  shimmer → Restart to finish) plus a dynamic "What's new" changelog rendered
  from the release notes the CLI now returns.
- Settings: GitHub link as a corner icon.
- Add a Vite dev-server stub layer so the UI runs in a plain browser with
  realistic data for iteration.
---
 desktop/apps/app-ui/src/App.module.css        | 140 ++++++++-
 desktop/apps/app-ui/src/App.tsx               |  12 +-
 desktop/apps/app-ui/src/dev-stubs.ts          |  97 ++++++
 desktop/apps/app-ui/src/main.tsx              |   9 +
 desktop/apps/app-ui/src/views/Agents.tsx      |  22 +-
 desktop/apps/app-ui/src/views/Home.tsx        |  21 +-
 desktop/apps/app-ui/src/views/Network.tsx     | 294 ++++++++++++------
 desktop/apps/app-ui/src/views/Settings.tsx    |  18 +-
 desktop/apps/app-ui/src/views/Updates.tsx     | 147 +++++++--
 desktop/packages/bridge/src/types.ts          |   2 +
 .../src/components/GithubIcon.tsx             |  12 +
 .../src/components/KeyValue.module.css        |   2 +-
 desktop/packages/design-system/src/index.ts   |   1 +
 13 files changed, 623 insertions(+), 154 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/dev-stubs.ts
 create mode 100644 desktop/packages/design-system/src/components/GithubIcon.tsx

diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 182d98b..59c5722 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -1,14 +1,13 @@
 .shell { display: flex; flex-direction: column; height: 100vh; }
 .body { display: flex; flex: 1; min-height: 0; }
 .content { flex: 1; min-width: 0; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; position: relative; }
+/* One consistent content column so every view uses the same full width. */
+.page { flex: 1; min-height: 0; width: 100%; display: flex; flex-direction: column; }
 
 .status { display: flex; align-items: center; gap: 13px; }
 .status h1 { font-size: var(--size-2xl); font-weight: 600; letter-spacing: -0.02em; }
 .status .sub { color: var(--text-secondary); font-size: 13px; margin-top: 2px; }
-.status .right { margin-left: auto; text-align: right; }
-.status .host { font: 500 12px var(--font-mono); color: var(--text-secondary); }
-
-.metrics { margin: 28px 0 4px; }
+.status .metricsRight { margin-left: auto; }
 .foot {
   margin-top: auto;
   padding-top: 18px;
@@ -20,6 +19,21 @@
 }
 .vh { font-size: var(--size-xl); font-weight: 600; letter-spacing: -0.02em; }
 .lead { color: var(--text-secondary); font-size: 13px; margin-top: 2px; }
+/* Shared view header: title block on the left, action button on the far right. */
+.head { display: flex; align-items: flex-start; justify-content: space-between; gap: 16px; }
+.head > .actionSlot { flex: none; margin-top: 2px; }
+.locked { position: relative; }
+.lockedInner { filter: blur(2.5px); opacity: 0.45; pointer-events: none; user-select: none; }
+.lockNote {
+  position: absolute;
+  inset: 0;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 7px;
+  color: var(--text-secondary);
+  font-size: 12.5px;
+}
 .banner {
   margin-bottom: 16px;
   padding: 11px 14px;
@@ -28,7 +42,7 @@
   color: var(--text-secondary);
   font-size: 13px;
 }
-.xdesc { color: var(--text-secondary); font-size: 12.5px; margin-top: 8px; line-height: 1.5; max-width: 520px; }
+.xdesc { color: var(--text-secondary); font-size: 12.5px; margin-top: 8px; line-height: 1.5; }
 .xrow { display: flex; align-items: center; gap: 12px; margin-top: 14px; }
 .switchRow {
   display: flex;
@@ -37,7 +51,6 @@
   margin-top: 16px;
   padding-top: 16px;
   border-top: 1px solid var(--hairline);
-  max-width: 560px;
 }
 .switchRow .txt { flex: 1; }
 .switchRow .st { font-weight: 600; font-size: 13.5px; }
@@ -57,20 +70,86 @@
 .err { color: var(--warning); font-size: 12.5px; margin-top: 8px; }
 .linklike { background: none; border: 0; padding: 0; color: var(--accent); cursor: pointer; font: inherit; font-size: var(--size-md); }
 .linklike:hover { text-decoration: underline; }
+.device { border-bottom: 1px solid var(--hairline); }
 .deviceRow {
   display: flex;
   align-items: center;
-  gap: 12px;
+  gap: 10px;
   padding: 11px 6px;
-  border-bottom: 1px solid var(--hairline);
 }
 .deviceRow:hover { background: var(--hover); }
+.chevron {
+  flex: none;
+  display: grid;
+  place-items: center;
+  width: 24px;
+  height: 24px;
+  border: 0;
+  background: none;
+  border-radius: var(--radius-sm);
+  color: var(--text-tertiary);
+  cursor: pointer;
+  transition: color 0.14s, background 0.14s;
+}
+.chevron:hover { color: var(--text); background: var(--hover); }
+.agentSub {
+  padding: 4px 6px 12px 40px;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+.subMuted { color: var(--text-secondary); font-size: 12.5px; padding: 8px 0; }
+.subAgent {
+  display: flex;
+  align-items: center;
+  gap: 11px;
+  padding: 8px 10px;
+  border-radius: var(--radius-sm);
+}
+.subAgent:hover { background: var(--hover); }
+.subAgentName { font-weight: 550; font-size: 13px; }
+.subAgentMeta {
+  color: var(--text-secondary);
+  font-size: 12px;
+  margin-top: 1px;
+  font-family: var(--font-mono);
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
 .deviceName { font-weight: 550; font-size: var(--size-md); }
 .deviceMeta { color: var(--text-secondary); font-size: var(--size-sm); margin-top: 1px; font-family: var(--font-mono); }
-.deviceRight { margin-left: auto; display: flex; align-items: center; gap: 12px; }
+.deviceRight { margin-left: auto; display: flex; align-items: center; gap: 12px; flex: none; }
+.field {
+  margin-top: 18px;
+  padding-top: 16px;
+  border-top: 1px solid var(--hairline);
+}
+.fieldHead { display: flex; align-items: center; justify-content: space-between; }
+.deviceList {
+  margin: 0 -6px;
+  padding: 0 6px;
+}
+.deviceName { white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
+.emptyFilter { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
+.cornerIcon {
+  position: absolute;
+  right: 28px;
+  bottom: 24px;
+  width: 34px;
+  height: 34px;
+  display: grid;
+  place-items: center;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-md);
+  background: var(--surface);
+  color: var(--text-secondary);
+  cursor: pointer;
+  transition: color 0.14s, border-color 0.14s;
+}
+.cornerIcon:hover { color: var(--text); border-color: var(--hairline-strong); }
 .doctor {
   margin-top: 10px;
-  max-width: 640px;
   max-height: 280px;
   overflow: auto;
   background: var(--surface);
@@ -82,6 +161,47 @@
   white-space: pre-wrap;
   word-break: break-word;
 }
+.changelog { margin-top: 26px; }
+.clHead { display: flex; align-items: baseline; justify-content: space-between; gap: 12px; }
+.clTitle { font-weight: 600; font-size: var(--size-md); }
+.clBody {
+  margin-top: 10px;
+  border-top: 1px solid var(--hairline);
+  padding-top: 12px;
+}
+.clH {
+  font-weight: 600;
+  font-size: 11.5px;
+  color: var(--text);
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+  margin: 14px 0 5px;
+}
+.clH:first-child { margin-top: 0; }
+.clBullet {
+  display: flex;
+  gap: 9px;
+  color: var(--text-secondary);
+  font-size: 13px;
+  line-height: 1.55;
+  padding: 2px 0;
+}
+.clBullet::before { content: "•"; color: var(--accent); flex: none; }
+.clPara { color: var(--text-secondary); font-size: 13px; line-height: 1.6; padding: 3px 0; }
+.clEmpty { color: var(--text-secondary); font-size: 13px; margin-top: 12px; }
+.updateBtn { position: relative; overflow: hidden; min-width: 200px; text-align: center; }
+.updateBtn .btnLabel { position: relative; z-index: 1; }
+.updateBtn .fill {
+  position: absolute;
+  inset: 0;
+  background: linear-gradient(90deg, transparent, color-mix(in srgb, var(--accent-ink) 22%, transparent), transparent);
+  background-size: 220% 100%;
+  animation: updShimmer 1.1s linear infinite;
+}
+@keyframes updShimmer {
+  from { background-position: 220% 0; }
+  to { background-position: -220% 0; }
+}
 .keybox {
   font: 500 12.5px var(--font-mono);
   color: var(--text);
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index af9dce5..bc54ff1 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -50,11 +50,13 @@ export function App() {
           <NavItem icon={<SettingsGlyph {...ic} />} label="Settings" active={view === "settings"} onClick={() => setView("settings")} />
         </Sidebar>
         <main className={styles.content}>
-          {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
-          {view === "agents" ? <Agents brand={brand} /> : null}
-          {view === "network" ? <Network brand={brand} /> : null}
-          {view === "updates" ? <Updates brand={brand} /> : null}
-          {view === "settings" ? <Settings brand={brand} /> : null}
+          <div className={styles.page}>
+            {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
+            {view === "agents" ? <Agents brand={brand} /> : null}
+            {view === "network" ? <Network brand={brand} /> : null}
+            {view === "updates" ? <Updates brand={brand} /> : null}
+            {view === "settings" ? <Settings brand={brand} /> : null}
+          </div>
         </main>
       </div>
       <PairPrompt />
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
new file mode 100644
index 0000000..f75cc01
--- /dev/null
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -0,0 +1,97 @@
+// Dev-only mocks for the Wails-injected globals, so the app runs in a plain
+// browser (`pnpm dev`) with realistic data for UI iteration. Imported for its
+// side effect from main.tsx ONLY when running under Vite dev AND not inside
+// Wails (window.go absent). Never bundled into the Wails build path that
+// matters — under Wails, window.go exists, so this no-ops.
+type AnyFn = (...args: unknown[]) => unknown;
+
+const J = (v: unknown) => Promise.resolve(JSON.stringify(v));
+
+const agents = [
+  { instance: "claude", family: "claude", status: "callable", callable: true, tags: ["code"] },
+  { instance: "codex", family: "codex", bridge: "codex-bridge", status: "callable", callable: true },
+  { instance: "gemini", family: "gemini", bridge: "gemini-bridge", status: "bridge-missing", callable: false },
+  { instance: "opencode", family: "opencode", status: "binary-missing", callable: false },
+];
+const peers = [
+  { peer_id: "p1", display_name: "win-pc", status: "online", metadata: { hostname: "win-pc", address: "192.168.1.42:52828" } },
+  { peer_id: "p2", display_name: "macbook-air", status: "offline", metadata: { hostname: "macbook-air", address: "192.168.1.51:52828" } },
+];
+
+const peerAgents: Record<string, Array<Record<string, unknown>>> = {
+  p1: [
+    { instance: "claude", family: "claude", status: "callable", callable: true, tags: ["code"] },
+    { instance: "codex", family: "codex", bridge: "codex-bridge", status: "callable", callable: true },
+    { instance: "gemini", family: "gemini", bridge: "gemini-bridge", status: "callable", callable: true, tags: ["vision"] },
+    { instance: "opencode", family: "opencode", status: "callable", callable: true },
+    { instance: "cursor", family: "cursor", status: "callable", callable: true },
+    { instance: "copilot", family: "copilot", status: "bridge-missing", callable: false },
+  ],
+  p2: [{ instance: "claude", family: "claude", status: "callable", callable: true, tags: ["code"] }],
+};
+
+export function installDevStubs(platform: "windows" | "darwin" = "windows") {
+  const g = globalThis as Record<string, unknown>;
+  if (g.go) return; // real Wails present
+  const App: Record<string, AnyFn> = {
+    Mode: () => Promise.resolve("app"),
+    Brand: () =>
+      J({ name: "clawtool", cli: "clawtool", tagline: "An agent gateway for your machine — one tool layer, everywhere.", installDir: "%LOCALAPPDATA%\\Programs\\Clawtool", version: "0.22.171" }),
+    IsInitialized: () => Promise.resolve(true),
+    EnterApp: () => Promise.resolve(),
+    EnsureGateway: () => J({ ok: true }),
+    NetworkSnapshot: () => J({ ok: true, agents: { count: agents.length, agents }, peers: { count: peers.length, peers } }),
+    PeerAgents: (...a: unknown[]) => J({ agents: peerAgents[String(a[0])] ?? [] }),
+    CircleStatus: () => J({ ok: true, has_key: true, key: "64f5612e49ce302b3d9f0ffcec383fa5760801d854434c39fec789c121bf5a77" }),
+    CircleGenerate: () => J({ ok: true, key: "ab".repeat(32) }),
+    CircleSet: () => J({ ok: true }),
+    CircleClear: () => J({ ok: true }),
+    LanStatus: () => J({ ok: true, enabled: true }),
+    LanEnable: () => J({ ok: true }),
+    LanDisable: () => J({ ok: true }),
+    CheckUpdate: () =>
+      J({
+        ok: true,
+        found: true,
+        current: "0.22.171",
+        latest: "0.22.180",
+        update_available: true,
+        url: "https://github.com/cogitave/clawtool/releases/tag/v0.22.180",
+        release_notes: [
+          "## Highlights",
+          "- Cross-device pairing now works over the local network with a shared pairing key",
+          "- Agents on a paired device show inline under each device in Network",
+          "- Faster gateway startup and healthier daemon recovery after a crash",
+          "## Milestones",
+          "- M3 desktop shell shipped: frameless titlebar, unified app surface",
+          "- A2A card publishing wired end-to-end",
+          "## Fixes",
+          "- Pairing key stays locked until the device is discoverable",
+          "- Update flow restarts the daemon automatically after a binary swap",
+        ].join("\n"),
+      }),
+    InstallUpdate: () => J({ ok: true }),
+    AgentClaim: () => J({ ok: true }),
+    AgentRelease: () => J({ ok: true }),
+    BridgeAdd: () => J({ ok: true }),
+    LocalCard: () =>
+      J({ name: "clawtool@mac-studio", version: "1.0", url: "http://mac-studio.local:52828", skills: [{ id: "bash", name: "Bash" }, { id: "read", name: "Read" }, { id: "edit", name: "Edit" }, { id: "dispatch", name: "Agent dispatch" }] }),
+    PairList: () => J([]),
+    PairApprove: () => J({ ok: true }),
+    PairDeny: () => J({ ok: true }),
+    PairRequest: () => J({ ok: true, sent: true }),
+    RunDoctor: () => J({ ok: true, output: "clawtool doctor — 0.22.171\n\n[binary]    ✓ clawtool on PATH\n[daemon]    ✓ running on 127.0.0.1:64205\n[agents]    ✓ claude, codex callable\n[bridges]   ⚠ gemini bridge missing\n\n1 warning, 0 errors" }),
+    Quit: () => {},
+  };
+  g.go = { main: { App } };
+  g.runtime = {
+    Environment: () => Promise.resolve({ platform }),
+    EventsOn: () => () => {},
+    EventsEmit: () => {},
+    WindowMinimise: () => {},
+    WindowToggleMaximise: () => {},
+    WindowIsMaximised: () => Promise.resolve(false),
+    Quit: () => {},
+    BrowserOpenURL: (url: unknown) => window.open(String(url), "_blank"),
+  };
+}
diff --git a/desktop/apps/app-ui/src/main.tsx b/desktop/apps/app-ui/src/main.tsx
index 9ef557d..10e3fcd 100644
--- a/desktop/apps/app-ui/src/main.tsx
+++ b/desktop/apps/app-ui/src/main.tsx
@@ -3,6 +3,15 @@ import { createRoot } from "react-dom/client";
 import "@clawtool/design-system/global.css";
 import { Root } from "./Root";
 
+// Dev-only: when running in a plain browser (vite dev, no Wails), install mock
+// backend globals so the UI renders with realistic data. ?platform=darwin
+// switches the titlebar layout. Under Wails this is a no-op (window.go exists).
+if (import.meta.env.DEV) {
+  const { installDevStubs } = await import("./dev-stubs");
+  const p = new URLSearchParams(location.search).get("platform");
+  installDevStubs(p === "darwin" ? "darwin" : "windows");
+}
+
 createRoot(document.getElementById("root")!).render(
   <StrictMode>
     <Root />
diff --git a/desktop/apps/app-ui/src/views/Agents.tsx b/desktop/apps/app-ui/src/views/Agents.tsx
index 70e28d6..8f902c4 100644
--- a/desktop/apps/app-ui/src/views/Agents.tsx
+++ b/desktop/apps/app-ui/src/views/Agents.tsx
@@ -106,17 +106,19 @@ export function Agents({ brand }: { brand: Brand }) {
 
   return (
     <>
-      <h1 className={styles.vh}>Agents</h1>
-      <div className={styles.lead}>AI agents on this device that can call {brand.name}'s tools.</div>
-
-      <SectionHeader
-        title="On this device"
-        action={
-          <Button variant="ghost" onClick={() => setSelected("card")}>
-            This device's card →
+      <div className={styles.head}>
+        <div>
+          <h1 className={styles.vh}>Agents</h1>
+          <div className={styles.lead}>AI agents on this device that can call {brand.name}'s tools.</div>
+        </div>
+        <div className={styles.actionSlot}>
+          <Button variant="secondary" onClick={() => setSelected("card")}>
+            This device's card
           </Button>
-        }
-      />
+        </div>
+      </div>
+
+      <SectionHeader title="On this device" />
       <List>
         {agents.length ? (
           agents.map((a) => {
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
index e6f0a15..bd5cc3c 100644
--- a/desktop/apps/app-ui/src/views/Home.tsx
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -30,21 +30,20 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
   return (
     <>
       <div className={styles.status}>
-        <StatusDot tone={online ? "online" : "offline"} pulse={online} />
+        <StatusDot tone={online ? "online" : "offline"} />
         <div>
-          <h1>{online ? `${brand.name} is running` : "Starting the gateway…"}</h1>
-          <div className="sub" style={{ color: "var(--text-secondary)", fontSize: 13, marginTop: 2 }}>
+          <h1>{online ? "Engine is running" : "Starting the engine…"}</h1>
+          <div className={styles.sub}>
             {online ? `This device is reachable as a ${brand.name} gateway.` : "Bringing the local gateway online…"}
           </div>
         </div>
-      </div>
-
-      <div className={styles.metrics}>
-        <MetricStrip>
-          <Metric value={String(agents)} label="Agents" onClick={() => onNavigate("agents")} />
-          <Metric value={String(peers)} label="Devices" dim={peers === 0} onClick={() => onNavigate("network")} />
-          <Metric value={xd ? "On" : "Off"} label="Cross-device" dim={!xd} onClick={() => onNavigate("network")} />
-        </MetricStrip>
+        <div className={styles.metricsRight}>
+          <MetricStrip>
+            <Metric value={String(agents)} label="Agents" onClick={() => onNavigate("agents")} />
+            <Metric value={String(peers)} label="Devices" dim={peers === 0} onClick={() => onNavigate("network")} />
+            <Metric value={xd ? "On" : "Off"} label="Cross-device" dim={!xd} onClick={() => onNavigate("network")} />
+          </MetricStrip>
+        </div>
       </div>
 
       <div className={styles.foot}>
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 4d25821..6d3ce39 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -1,6 +1,8 @@
 import { useEffect, useState } from "react";
-import { Badge, Button, EmptyRow, List, SectionHeader, Switch } from "@clawtool/design-system";
-import { App, type Brand, type Peer } from "@clawtool/bridge";
+import { AgentIcon, Badge, Button, EmptyRow, List, SectionHeader, SidePane, Switch } from "@clawtool/design-system";
+import type { BadgeTone } from "@clawtool/design-system";
+import { ChevronDown, ChevronRight, Lock } from "lucide-react";
+import { App, type Agent, type Brand, type Peer } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
 
@@ -8,6 +10,28 @@ function maskKey(k: string): string {
   return k && k.length > 14 ? `${k.slice(0, 8)}…${k.slice(-4)}` : k;
 }
 
+function statusChip(a: Agent): { label: string; tone: BadgeTone } {
+  switch (a.status) {
+    case "callable":
+      return { label: "ready", tone: "success" };
+    case "bridge-missing":
+      return { label: "bridge missing", tone: "warning" };
+    case "binary-missing":
+      return { label: "not installed", tone: "neutral" };
+    default:
+      return { label: a.status ?? "unknown", tone: "neutral" };
+  }
+}
+
+function metaFor(a: Agent): string {
+  const parts = [a.family];
+  if (a.bridge) parts.push(a.bridge);
+  if (a.tags?.length) parts.push(a.tags.join(", "));
+  return parts.join(" · ");
+}
+
+type AgentState = "loading" | "none" | Agent[];
+
 async function copyText(text: string): Promise<boolean> {
   try {
     await navigator.clipboard.writeText(text);
@@ -29,6 +53,10 @@ export function Network({ brand }: { brand: Brand }) {
   const [joinErr, setJoinErr] = useState("");
   const [toast, setToast] = useState("");
   const [pairing, setPairing] = useState("");
+  const [filter, setFilter] = useState("");
+  const [deviceOpen, setDeviceOpen] = useState(false);
+  const [expanded, setExpanded] = useState<Set<string>>(new Set());
+  const [agentsByPeer, setAgentsByPeer] = useState<Record<string, AgentState>>({});
 
   async function loadNetwork() {
     const snap = await App.networkSnapshot();
@@ -90,6 +118,22 @@ export function Network({ brand }: { brand: Brand }) {
     else setToast(typeof r.error === "string" ? r.error : "Couldn't send the request");
     setPairing("");
   }
+  async function toggleExpand(p: Peer) {
+    const next = new Set(expanded);
+    if (next.has(p.peer_id)) {
+      next.delete(p.peer_id);
+      setExpanded(next);
+      return;
+    }
+    next.add(p.peer_id);
+    setExpanded(next);
+    if (!agentsByPeer[p.peer_id]) {
+      setAgentsByPeer((m) => ({ ...m, [p.peer_id]: "loading" }));
+      const r = (await App.peerAgents(p.peer_id)) as Record<string, unknown>;
+      const list = Array.isArray(r.agents) ? (r.agents as Agent[]) : [];
+      setAgentsByPeer((m) => ({ ...m, [p.peer_id]: list.length ? list : "none" }));
+    }
+  }
   async function toggleLan(next: boolean) {
     setLanBusy(true);
     await (next ? App.lanEnable() : App.lanDisable());
@@ -97,108 +141,178 @@ export function Network({ brand }: { brand: Brand }) {
     setLanBusy(false);
   }
 
+  const q = filter.trim().toLowerCase();
+  const shown = q
+    ? peers.filter((p) =>
+        `${p.display_name ?? ""} ${p.metadata?.hostname ?? ""} ${p.metadata?.address ?? ""} ${p.peer_id}`
+          .toLowerCase()
+          .includes(q),
+      )
+    : peers;
+
   return (
     <>
       {banner ? <div className={styles.banner}>{banner}</div> : null}
-      <h1 className={styles.vh}>Cross-device</h1>
-      <div className={styles.lead}>Pair your machines on the same network so they can see each other's agents.</div>
-
-      <SectionHeader title="Pairing" />
-      <div style={{ display: "flex", alignItems: "center", gap: 10, marginTop: 4 }}>
-        <span style={{ fontWeight: 600, fontSize: 14 }}>Cross-device peering</span>
-        <span style={{ marginLeft: "auto" }}>
-          <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "Paired" : "Not paired"}</Badge>
-        </span>
-      </div>
-      <div className={styles.xdesc}>
-        Generate a pairing key on one device, then enter it on your other devices on the same network — they'll appear
-        below once paired.
-      </div>
-
-      {hasKey ? (
-        <div className={styles.xrow}>
-          <code className={styles.keybox}>{maskKey(key)}</code>
-          <Button variant="secondary" onClick={copyKey}>
-            Copy
-          </Button>
-          <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
-            Unpair
-          </Button>
+      <div className={styles.head}>
+        <div>
+          <h1 className={styles.vh}>Network</h1>
+          <div className={styles.lead}>Pair the machines on your network so they can use each other's agents.</div>
         </div>
-      ) : joinOpen ? (
-        <div style={{ marginTop: 14, maxWidth: 520 }}>
-          <input
-            className={styles.input}
-            placeholder="Paste the pairing key from your other device"
-            value={joinKey}
-            autoFocus
-            onChange={(e) => setJoinKey(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === "Enter") join();
-              if (e.key === "Escape") setJoinOpen(false);
-            }}
-          />
-          {joinErr ? <div className={styles.err}>{joinErr}</div> : null}
-          <div style={{ display: "flex", gap: 12, marginTop: 10 }}>
-            <Button variant="primary" onClick={join} disabled={!joinKey.trim()}>
-              Join circle
-            </Button>
-            <Button variant="ghost" onClick={() => setJoinOpen(false)}>
-              Cancel
-            </Button>
-          </div>
-        </div>
-      ) : (
-        <div className={styles.xrow}>
-          <Button variant="primary" onClick={generate}>
-            Generate pairing key
+        <div className={styles.actionSlot}>
+          <Button variant="secondary" onClick={() => setDeviceOpen(true)}>
+            Settings
           </Button>
-          <Button variant="ghost" onClick={() => setJoinOpen(true)}>
-            Enter a pairing key…
-          </Button>
-        </div>
-      )}
-
-      <div className={styles.switchRow}>
-        <div style={{ flex: 1 }}>
-          <div className={styles.st} style={{ fontWeight: 600, fontSize: 13.5 }}>
-            Reachable on your LAN
-          </div>
-          <div className={styles.sd}>
-            Let circle devices on your network read this device's agent list. Code execution stays local-only; the
-            first time, your OS may ask to allow it through the firewall.
-          </div>
         </div>
-        <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
       </div>
 
-      <SectionHeader title={`Devices on your network${peers.length ? ` (${peers.length})` : ""}`} />
-      {peers.length ? (
-        <List>
-          {peers.map((p) => (
-            <div key={p.peer_id} className={styles.deviceRow}>
-              <div>
-                <div className={styles.deviceName}>{p.display_name || p.metadata?.hostname || p.peer_id}</div>
-                <div className={styles.deviceMeta}>{p.metadata?.address || p.metadata?.hostname || "on this network"}</div>
-              </div>
-              <span className={styles.deviceRight}>
-                <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
-                <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
-                  Pair
-                </Button>
-              </span>
-            </div>
-          ))}
-        </List>
-      ) : (
+      <SectionHeader title={`Devices${peers.length ? ` (${peers.length})` : ""}`} />
+      {peers.length === 0 ? (
         <List>
           <EmptyRow>
-            No devices discovered yet. Start {brand.name} on another machine on this network — clawtool devices appear
-            here automatically over mDNS, then hit Pair to request a connection.
+            No devices discovered yet. Start {brand.name} on another machine on this network — devices appear here
+            automatically, then Pair to request a connection.
           </EmptyRow>
         </List>
+      ) : (
+        <>
+          {peers.length > 6 ? (
+            <input
+              className={styles.input}
+              style={{ maxWidth: 320, marginBottom: 10 }}
+              placeholder="Filter devices by name or address…"
+              value={filter}
+              onChange={(e) => setFilter(e.target.value)}
+            />
+          ) : null}
+          <div className={styles.deviceList}>
+            {shown.map((p) => {
+              const open = expanded.has(p.peer_id);
+              const st = agentsByPeer[p.peer_id];
+              return (
+                <div key={p.peer_id} className={styles.device}>
+                  <div className={styles.deviceRow}>
+                    <button className={styles.chevron} onClick={() => toggleExpand(p)} aria-label="Show agents">
+                      {open ? <ChevronDown size={16} /> : <ChevronRight size={16} />}
+                    </button>
+                    <div style={{ minWidth: 0, flex: 1 }}>
+                      <div className={styles.deviceName}>{p.display_name || p.metadata?.hostname || p.peer_id}</div>
+                      <div className={styles.deviceMeta}>
+                        {p.metadata?.address || p.metadata?.hostname || "on this network"}
+                      </div>
+                    </div>
+                    <span className={styles.deviceRight}>
+                      <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
+                      <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
+                        Pair
+                      </Button>
+                    </span>
+                  </div>
+                  {open ? (
+                    <div className={styles.agentSub}>
+                      {st === "loading" ? (
+                        <div className={styles.subMuted}>Loading agents…</div>
+                      ) : st === "none" || st === undefined ? (
+                        <div className={styles.subMuted}>No agents shared — pair with this device to see its agents.</div>
+                      ) : (
+                        st.map((a) => {
+                          const chip = statusChip(a);
+                          return (
+                            <div key={a.instance} className={styles.subAgent}>
+                              <AgentIcon family={a.family} size={18} />
+                              <div style={{ minWidth: 0, flex: 1 }}>
+                                <div className={styles.subAgentName}>{a.instance}</div>
+                                <div className={styles.subAgentMeta}>{metaFor(a)}</div>
+                              </div>
+                              <Badge tone={chip.tone}>{chip.label}</Badge>
+                            </div>
+                          );
+                        })
+                      )}
+                    </div>
+                  ) : null}
+                </div>
+              );
+            })}
+            {shown.length === 0 ? <div className={styles.emptyFilter}>No devices match “{filter}”.</div> : null}
+          </div>
+        </>
       )}
 
+      <SidePane open={deviceOpen} title="This device" onClose={() => setDeviceOpen(false)}>
+        <div className={styles.switchRow} style={{ marginTop: 0, paddingTop: 0, borderTop: "none" }}>
+          <div style={{ flex: 1 }}>
+            <div className={styles.st}>Discoverable on your network</div>
+            <div className={styles.sd}>
+              Paired devices on your network can see this machine and its agents. Code execution stays local-only; the
+              first time, your OS may ask to allow it through the firewall.
+            </div>
+          </div>
+          <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
+        </div>
+
+        <div className={`${styles.field} ${lan ? "" : styles.locked}`}>
+          {lan ? null : (
+            <div className={styles.lockNote}>
+              <Lock size={14} />
+              Turn on discoverability to set a pairing key
+            </div>
+          )}
+          <div className={lan ? undefined : styles.lockedInner} aria-hidden={!lan}>
+            <div className={styles.fieldHead}>
+              <div className={styles.st}>Pairing key</div>
+              <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "Active" : "Not set"}</Badge>
+            </div>
+            <div className={styles.sd}>
+              Devices that share this key form one trusted network. Generate it on one device, then enter it on the
+              others.
+            </div>
+            {hasKey ? (
+              <div className={styles.xrow}>
+                <code className={styles.keybox}>{maskKey(key)}</code>
+                <Button variant="secondary" onClick={copyKey}>
+                  Copy
+                </Button>
+                <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
+                  Remove
+                </Button>
+              </div>
+            ) : joinOpen ? (
+              <div style={{ marginTop: 12 }}>
+                <input
+                  className={styles.input}
+                  placeholder="Paste the pairing key from another device"
+                  value={joinKey}
+                  autoFocus
+                  onChange={(e) => setJoinKey(e.target.value)}
+                  onKeyDown={(e) => {
+                    if (e.key === "Enter") join();
+                    if (e.key === "Escape") setJoinOpen(false);
+                  }}
+                />
+                {joinErr ? <div className={styles.err}>{joinErr}</div> : null}
+                <div style={{ display: "flex", gap: 12, marginTop: 10 }}>
+                  <Button variant="primary" onClick={join} disabled={!joinKey.trim()}>
+                    Join
+                  </Button>
+                  <Button variant="ghost" onClick={() => setJoinOpen(false)}>
+                    Cancel
+                  </Button>
+                </div>
+              </div>
+            ) : (
+              <div className={styles.xrow}>
+                <Button variant="primary" onClick={generate}>
+                  Generate pairing key
+                </Button>
+                <Button variant="ghost" onClick={() => setJoinOpen(true)}>
+                  Enter a key…
+                </Button>
+              </div>
+            )}
+          </div>
+        </div>
+      </SidePane>
+
       <Toast message={toast} onClear={() => setToast("")} />
     </>
   );
diff --git a/desktop/apps/app-ui/src/views/Settings.tsx b/desktop/apps/app-ui/src/views/Settings.tsx
index e20d2a9..9749f32 100644
--- a/desktop/apps/app-ui/src/views/Settings.tsx
+++ b/desktop/apps/app-ui/src/views/Settings.tsx
@@ -1,5 +1,5 @@
 import { useState } from "react";
-import { Button, KVRow, KeyValue, SectionHeader } from "@clawtool/design-system";
+import { Button, GithubIcon, KVRow, KeyValue, SectionHeader } from "@clawtool/design-system";
 import { App, openURL, type Brand } from "@clawtool/bridge";
 import styles from "../App.module.css";
 
@@ -44,16 +44,18 @@ export function Settings({ brand }: { brand: Brand }) {
         </div>
       )}
 
-      <SectionHeader title="Links" />
-      <div style={{ display: "flex", gap: 18, marginTop: 8 }}>
-        <button className={styles.linklike} onClick={() => openURL("https://github.com/cogitave/clawtool")}>
-          GitHub →
-        </button>
-      </div>
-
       <div className={styles.foot} style={{ paddingTop: 24 }}>
         Closing the window keeps {brand.name} running in the menu bar.
       </div>
+
+      <button
+        className={styles.cornerIcon}
+        title="View clawtool on GitHub"
+        aria-label="GitHub"
+        onClick={() => openURL("https://github.com/cogitave/clawtool")}
+      >
+        <GithubIcon size={18} />
+      </button>
     </>
   );
 }
diff --git a/desktop/apps/app-ui/src/views/Updates.tsx b/desktop/apps/app-ui/src/views/Updates.tsx
index 8f50551..620be1a 100644
--- a/desktop/apps/app-ui/src/views/Updates.tsx
+++ b/desktop/apps/app-ui/src/views/Updates.tsx
@@ -1,19 +1,54 @@
-import { useEffect, useState } from "react";
+import { type ReactNode, useEffect, useState } from "react";
 import { Button, KVRow, KeyValue } from "@clawtool/design-system";
-import { App, type Brand, type UpdateInfo } from "@clawtool/bridge";
+import { App, Win, openURL, type Brand, type UpdateInfo } from "@clawtool/bridge";
 import styles from "../App.module.css";
 
+type Phase = "checking" | "uptodate" | "available" | "installing" | "done" | "error";
+
+// Render GitHub-style release notes (a markdown subset) into headings + bullets.
+function renderNotes(notes: string): ReactNode {
+  const lines = notes.split("\n");
+  const out: ReactNode[] = [];
+  lines.forEach((raw, i) => {
+    const line = raw.trim();
+    if (!line) return;
+    const heading = line.match(/^#{1,6}\s+(.*)$/);
+    if (heading) {
+      out.push(
+        <div key={i} className={styles.clH}>
+          {heading[1]}
+        </div>,
+      );
+      return;
+    }
+    const bullet = line.match(/^[-*]\s+(.*)$/);
+    if (bullet) {
+      out.push(
+        <div key={i} className={styles.clBullet}>
+          <span>{bullet[1]}</span>
+        </div>,
+      );
+      return;
+    }
+    out.push(
+      <div key={i} className={styles.clPara}>
+        {line}
+      </div>,
+    );
+  });
+  return out;
+}
+
 export function Updates({ brand }: { brand: Brand }) {
   const [info, setInfo] = useState<UpdateInfo>({});
-  const [status, setStatus] = useState("checking…");
-  const [busy, setBusy] = useState(false);
+  const [phase, setPhase] = useState<Phase>("checking");
 
   async function check() {
-    setStatus("checking…");
+    setPhase("checking");
     const u = await App.checkUpdate();
     setInfo(u);
-    if (u.ok === false) setStatus("check failed");
-    else setStatus(u.update_available ? `v${u.latest} available` : "up to date");
+    if (u.ok === false) setPhase("error");
+    else setPhase(u.update_available ? "available" : "uptodate");
   }
 
   useEffect(() => {
@@ -21,29 +56,103 @@ export function Updates({ brand }: { brand: Brand }) {
   }, []);
 
   async function install() {
-    setBusy(true);
+    setPhase("installing");
     const r = await App.installUpdate();
-    setStatus(r.ok ? `updated — restart ${brand.name} to finish` : "update failed");
-    setBusy(false);
+    setPhase(r.ok ? "done" : "error");
+  }
+
+  const statusText: Record<Phase, string> = {
+    checking: "Checking for updates…",
+    uptodate: "Up to date",
+    available: `v${info.latest} available`,
+    installing: "Installing…",
+    done: `Updated — restart ${brand.name} to finish`,
+    error: "Check failed",
+  };
+
+  function actionButton() {
+    switch (phase) {
+      case "checking":
+        return (
+          <Button className={styles.updateBtn} disabled>
+            <span className={styles.btnLabel}>Checking…</span>
+          </Button>
+        );
+      case "available":
+        return (
+          <Button variant="primary" className={styles.updateBtn} onClick={install}>
+            <span className={styles.btnLabel}>Install v{info.latest}</span>
+          </Button>
+        );
+      case "installing":
+        return (
+          <Button variant="primary" className={styles.updateBtn} disabled>
+            <span className={styles.fill} />
+            <span className={styles.btnLabel}>Installing update…</span>
+          </Button>
+        );
+      case "done":
+        return (
+          <Button variant="primary" className={styles.updateBtn} onClick={() => Win.quit()}>
+            <span className={styles.btnLabel}>Restart to finish</span>
+          </Button>
+        );
+      case "error":
+        return (
+          <Button className={styles.updateBtn} onClick={check}>
+            <span className={styles.btnLabel}>Try again</span>
+          </Button>
+        );
+      default:
+        return (
+          <Button className={styles.updateBtn} onClick={check}>
+            <span className={styles.btnLabel}>Check now</span>
+          </Button>
+        );
+    }
   }
 
+  const notes = (info.release_notes ?? "").trim();
+
   return (
     <>
-      <h1 className={styles.vh}>Updates</h1>
-      <div className={styles.lead}>{brand.name} checks for a new version each time it launches.</div>
+      <div className={styles.head}>
+        <div>
+          <h1 className={styles.vh}>Updates</h1>
+          <div className={styles.lead}>{brand.name} checks for a new version each time it launches.</div>
+        </div>
+        <div className={styles.actionSlot}>{actionButton()}</div>
+      </div>
+
       <div style={{ marginTop: 18 }}>
         <KeyValue>
           <KVRow k="Installed">{info.current ? `v${info.current}` : "—"}</KVRow>
           <KVRow k="Latest">{info.latest ? `v${info.latest}` : "—"}</KVRow>
-          <KVRow k="Status">{status}</KVRow>
+          <KVRow k="Status">{statusText[phase]}</KVRow>
         </KeyValue>
       </div>
-      <div style={{ display: "flex", gap: 12, marginTop: 18 }}>
-        <Button onClick={check}>Check now</Button>
-        <Button variant="primary" disabled={!info.update_available || busy} onClick={install}>
-          Install update
-        </Button>
-      </div>
+
+      {phase !== "checking" ? (
+        <div className={styles.changelog}>
+          <div className={styles.clHead}>
+            <div className={styles.clTitle}>{info.latest ? `What's new in v${info.latest}` : "What's new"}</div>
+            {info.url ? (
+              <Button variant="ghost" onClick={() => openURL(info.url as string)}>
+                Full release notes →
+              </Button>
+            ) : null}
+          </div>
+          {notes ? (
+            <div className={styles.clBody}>{renderNotes(notes)}</div>
+          ) : (
+            <div className={styles.clEmpty}>
+              {info.latest
+                ? `Release notes for v${info.latest} aren't published yet.`
+                : "No release information available."}
+            </div>
+          )}
+        </div>
+      ) : null}
     </>
   );
 }
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index c6372ce..e6e6b2c 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -50,6 +50,8 @@ export type UpdateInfo = {
   found?: boolean;
   ok?: boolean;
   error?: string;
+  release_notes?: string;
+  url?: string;
 };
 
 export type AgentSkill = { id?: string; name?: string; description?: string };
diff --git a/desktop/packages/design-system/src/components/GithubIcon.tsx b/desktop/packages/design-system/src/components/GithubIcon.tsx
new file mode 100644
index 0000000..81181e5
--- /dev/null
+++ b/desktop/packages/design-system/src/components/GithubIcon.tsx
@@ -0,0 +1,12 @@
+import { siGithub } from "simple-icons";
+
+// GitHub mark from Simple Icons (the licensed brand-icon library; GitHub
+// permits redistribution). Rendered in currentColor for "view our repo on
+// GitHub" links — nominative use.
+export function GithubIcon({ size = 18 }: { size?: number }) {
+  return (
+    <svg width={size} height={size} viewBox="0 0 24 24" fill="currentColor" aria-label="GitHub">
+      <path d={siGithub.path} />
+    </svg>
+  );
+}
diff --git a/desktop/packages/design-system/src/components/KeyValue.module.css b/desktop/packages/design-system/src/components/KeyValue.module.css
index 9b089a8..a731f0e 100644
--- a/desktop/packages/design-system/src/components/KeyValue.module.css
+++ b/desktop/packages/design-system/src/components/KeyValue.module.css
@@ -1,4 +1,4 @@
-.kv { max-width: 540px; }
+.kv { width: 100%; }
 .row {
   display: flex;
   justify-content: space-between;
diff --git a/desktop/packages/design-system/src/index.ts b/desktop/packages/design-system/src/index.ts
index 68e3044..36ecd41 100644
--- a/desktop/packages/design-system/src/index.ts
+++ b/desktop/packages/design-system/src/index.ts
@@ -6,6 +6,7 @@ export { Metric, MetricStrip } from "./components/Metric";
 export { SectionHeader } from "./components/Section";
 export { AgentRow, List, EmptyRow } from "./components/AgentRow";
 export { AgentIcon } from "./components/AgentIcon";
+export { GithubIcon } from "./components/GithubIcon";
 export { TitleBar, type WindowControls } from "./components/TitleBar";
 export { Sidebar, NavItem } from "./components/Sidebar";
 export { Switch } from "./components/Switch";

From 7bddf0b0f922df5aae869a24b8205159cf036f51 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 03:26:12 +0300
Subject: [PATCH 29/86] fix(desktop): clip horizontal overflow so the closed
 side pane can't be scrolled into view

The content scroll container only set overflow-y, which makes overflow-x
compute to auto; the off-canvas side pane (translateX(100%)) then became
horizontally scrollable on Agents and Network. Explicitly hide overflow-x.
---
 desktop/apps/app-ui/src/App.module.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/desktop/apps/app-ui/src/App.module.css b/desktop/apps/app-ui/src/App.module.css
index 59c5722..c2e6bbc 100644
--- a/desktop/apps/app-ui/src/App.module.css
+++ b/desktop/apps/app-ui/src/App.module.css
@@ -1,6 +1,6 @@
 .shell { display: flex; flex-direction: column; height: 100vh; }
 .body { display: flex; flex: 1; min-height: 0; }
-.content { flex: 1; min-width: 0; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; position: relative; }
+.content { flex: 1; min-width: 0; overflow-x: hidden; overflow-y: auto; padding: 30px 36px; display: flex; flex-direction: column; position: relative; }
 /* One consistent content column so every view uses the same full width. */
 .page { flex: 1; min-height: 0; width: 100%; display: flex; flex-direction: column; }
 

From 59a39326d20888d412db3ba8443f53bc8e6e7148 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 03:47:35 +0300
Subject: [PATCH 30/86] feat(desktop): keep-alive views so switching tabs feels
 native, not reloaded

Each view used to unmount on navigation and re-fetch on remount, so every
tab switch flashed an empty re-load. Keep all views mounted and toggle
visibility instead; views now refresh in the background only while active
(stale-while-revalidate), and the Updates check is lazy on first open so it
doesn't hit the release API at launch. State and scroll position persist
across tab switches.
---
 desktop/apps/app-ui/src/App.tsx            | 25 ++++++++++++++++------
 desktop/apps/app-ui/src/views/Agents.tsx   |  5 +++--
 desktop/apps/app-ui/src/views/Home.tsx     |  6 +++---
 desktop/apps/app-ui/src/views/Network.tsx  |  5 +++--
 desktop/apps/app-ui/src/views/Settings.tsx |  2 +-
 desktop/apps/app-ui/src/views/Updates.tsx  | 12 +++++++----
 6 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index bc54ff1..182b563 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -30,6 +30,7 @@ export function App() {
   };
 
   const ic = { size: 16, strokeWidth: 1.8 };
+  const hidden = { display: "none" } as const;
 
   return (
     <div className={styles.shell}>
@@ -50,12 +51,24 @@ export function App() {
           <NavItem icon={<SettingsGlyph {...ic} />} label="Settings" active={view === "settings"} onClick={() => setView("settings")} />
         </Sidebar>
         <main className={styles.content}>
-          <div className={styles.page}>
-            {view === "home" ? <Home brand={brand} onNavigate={(v) => setView(v as View)} /> : null}
-            {view === "agents" ? <Agents brand={brand} /> : null}
-            {view === "network" ? <Network brand={brand} /> : null}
-            {view === "updates" ? <Updates brand={brand} /> : null}
-            {view === "settings" ? <Settings brand={brand} /> : null}
+          {/* Keep every view mounted (native-app keep-alive): toggle visibility
+              instead of unmounting, so state + scroll persist and switching
+              tabs never flashes an empty re-load. Views refresh in the
+              background only while active. */}
+          <div className={styles.page} style={view === "home" ? undefined : hidden}>
+            <Home brand={brand} active={view === "home"} onNavigate={(v) => setView(v as View)} />
+          </div>
+          <div className={styles.page} style={view === "agents" ? undefined : hidden}>
+            <Agents brand={brand} active={view === "agents"} />
+          </div>
+          <div className={styles.page} style={view === "network" ? undefined : hidden}>
+            <Network brand={brand} active={view === "network"} />
+          </div>
+          <div className={styles.page} style={view === "updates" ? undefined : hidden}>
+            <Updates brand={brand} active={view === "updates"} />
+          </div>
+          <div className={styles.page} style={view === "settings" ? undefined : hidden}>
+            <Settings brand={brand} active={view === "settings"} />
           </div>
         </main>
       </div>
diff --git a/desktop/apps/app-ui/src/views/Agents.tsx b/desktop/apps/app-ui/src/views/Agents.tsx
index 8f902c4..1cb92a0 100644
--- a/desktop/apps/app-ui/src/views/Agents.tsx
+++ b/desktop/apps/app-ui/src/views/Agents.tsx
@@ -39,7 +39,7 @@ function metaFor(a: Agent): string {
   return parts.join(" · ");
 }
 
-export function Agents({ brand }: { brand: Brand }) {
+export function Agents({ brand, active }: { brand: Brand; active: boolean }) {
   const [agents, setAgents] = useState<Agent[]>([]);
   const [card, setCard] = useState<AgentCard | null>(null);
   const [busy, setBusy] = useState("");
@@ -55,10 +55,11 @@ export function Agents({ brand }: { brand: Brand }) {
   }
 
   useEffect(() => {
+    if (!active) return;
     load();
     const t = setInterval(load, 5000);
     return () => clearInterval(t);
-  }, []);
+  }, [active]);
 
   async function run(action: "connect" | "disconnect" | "install", a: Agent) {
     setBusy(a.instance);
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
index bd5cc3c..ff5041a 100644
--- a/desktop/apps/app-ui/src/views/Home.tsx
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -3,7 +3,7 @@ import { Button, Metric, MetricStrip, StatusDot } from "@clawtool/design-system"
 import { App, type Brand } from "@clawtool/bridge";
 import styles from "../App.module.css";
 
-export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: string) => void }) {
+export function Home({ brand, active, onNavigate }: { brand: Brand; active: boolean; onNavigate: (v: string) => void }) {
   const [online, setOnline] = useState(false);
   const [agents, setAgents] = useState(0);
   const [peers, setPeers] = useState(0);
@@ -24,8 +24,8 @@ export function Home({ brand, onNavigate }: { brand: Brand; onNavigate: (v: stri
   }
 
   useEffect(() => {
-    load();
-  }, []);
+    if (active) load();
+  }, [active]);
 
   return (
     <>
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 6d3ce39..8e71be4 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -41,7 +41,7 @@ async function copyText(text: string): Promise<boolean> {
   }
 }
 
-export function Network({ brand }: { brand: Brand }) {
+export function Network({ brand, active }: { brand: Brand; active: boolean }) {
   const [banner, setBanner] = useState("");
   const [peers, setPeers] = useState<Peer[]>([]);
   const [hasKey, setHasKey] = useState(false);
@@ -77,11 +77,12 @@ export function Network({ brand }: { brand: Brand }) {
   }
 
   useEffect(() => {
+    if (!active) return;
     loadCircle();
     loadNetwork();
     const t = setInterval(loadNetwork, 5000);
     return () => clearInterval(t);
-  }, []);
+  }, [active]);
 
   async function generate() {
     const r = await App.circleGenerate();
diff --git a/desktop/apps/app-ui/src/views/Settings.tsx b/desktop/apps/app-ui/src/views/Settings.tsx
index 9749f32..540a2ac 100644
--- a/desktop/apps/app-ui/src/views/Settings.tsx
+++ b/desktop/apps/app-ui/src/views/Settings.tsx
@@ -3,7 +3,7 @@ import { Button, GithubIcon, KVRow, KeyValue, SectionHeader } from "@clawtool/de
 import { App, openURL, type Brand } from "@clawtool/bridge";
 import styles from "../App.module.css";
 
-export function Settings({ brand }: { brand: Brand }) {
+export function Settings({ brand }: { brand: Brand; active?: boolean }) {
   const [doctor, setDoctor] = useState("");
   const [busy, setBusy] = useState(false);
 
diff --git a/desktop/apps/app-ui/src/views/Updates.tsx b/desktop/apps/app-ui/src/views/Updates.tsx
index 620be1a..71c3248 100644
--- a/desktop/apps/app-ui/src/views/Updates.tsx
+++ b/desktop/apps/app-ui/src/views/Updates.tsx
@@ -1,4 +1,4 @@
-import { type ReactNode, useEffect, useState } from "react";
+import { type ReactNode, useEffect, useRef, useState } from "react";
 import { Button, KVRow, KeyValue } from "@clawtool/design-system";
 import { App, Win, openURL, type Brand, type UpdateInfo } from "@clawtool/bridge";
 import styles from "../App.module.css";
@@ -39,9 +39,10 @@ function renderNotes(notes: string): ReactNode {
   return out;
 }
 
-export function Updates({ brand }: { brand: Brand }) {
+export function Updates({ brand, active }: { brand: Brand; active: boolean }) {
   const [info, setInfo] = useState<UpdateInfo>({});
   const [phase, setPhase] = useState<Phase>("checking");
+  const checkedOnce = useRef(false);
 
   async function check() {
     setPhase("checking");
@@ -52,8 +53,11 @@ export function Updates({ brand }: { brand: Brand }) {
   }
 
   useEffect(() => {
-    check();
-  }, []);
+    if (active && !checkedOnce.current) {
+      checkedOnce.current = true;
+      check();
+    }
+  }, [active]);
 
   async function install() {
     setPhase("installing");

From 34669e9252709e966da72196f7b4a7f3acf6cabf Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:05:48 +0300
Subject: [PATCH 31/86] feat(a2a): per-device certificate identity (DeviceID)
 for keypair-based pairing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

First phase of replacing the shared-secret circle key with Syncthing-style
per-device trust. Each install now generates and persists a self-signed
ECDSA cert once; DeviceID is the base32 SHA-256 of the cert DER — a stable,
unforgeable public-key fingerprint. Proving possession of the private key
(via mutual TLS, landing in later phases) will authenticate peers, so no
shared secret has to change hands. Purely additive: nothing consumes the
identity yet, so existing behavior is unchanged.
---
 internal/a2a/devicecert.go      | 162 ++++++++++++++++++++++++++++++++
 internal/a2a/devicecert_test.go |  58 ++++++++++++
 2 files changed, 220 insertions(+)
 create mode 100644 internal/a2a/devicecert.go
 create mode 100644 internal/a2a/devicecert_test.go

diff --git a/internal/a2a/devicecert.go b/internal/a2a/devicecert.go
new file mode 100644
index 0000000..eaca7dc
--- /dev/null
+++ b/internal/a2a/devicecert.go
@@ -0,0 +1,162 @@
+// Package a2a — per-device cryptographic identity (Tier-2 trust).
+//
+// The legacy model authenticated cross-device traffic with a shared
+// secret (the circle key) and anchored trust on InstallID, a plain
+// UUID — which is neither secret nor unforgeable, so any LAN device
+// that saw a fingerprint could impersonate it. This file replaces that
+// anchor with a real keypair, mirroring Syncthing's model:
+//
+//   - Each install generates a self-signed certificate once and
+//     persists it (device-cert.pem + device-key.pem, mode 0600).
+//   - The DeviceID is the SHA-256 of the certificate's DER bytes,
+//     base32-encoded — a stable, unforgeable fingerprint of the public
+//     key. Proving you hold the matching private key (via mutual TLS)
+//     is what authenticates a peer; no shared secret changes hands.
+//
+// This file is intentionally identity-only: cert generation, on-disk
+// persistence, and fingerprint computation. The TLS listener/client
+// that present this cert, and the trust gate that checks a presented
+// fingerprint against the PairingStore, live in the server layer.
+package a2a
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/base32"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/cogitave/clawtool/internal/atomicfile"
+	"github.com/cogitave/clawtool/internal/xdg"
+)
+
+func deviceCertPath() string { return filepath.Join(xdg.ConfigDir(), "device-cert.pem") }
+func deviceKeyPath() string  { return filepath.Join(xdg.ConfigDir(), "device-key.pem") }
+
+// b32 encodes fingerprints without padding so the DeviceID is a clean
+// uppercase token (RFC 4648 alphabet, matching Syncthing's choice).
+var b32 = base32.StdEncoding.WithPadding(base32.NoPadding)
+
+// deviceCert caches the loaded/created certificate so repeated callers
+// (listener, client, DeviceID) don't re-read disk or regenerate.
+var (
+	deviceCertMu   sync.Mutex
+	deviceCertOnce *tls.Certificate
+	deviceCertErr  error
+)
+
+// DeviceCertificate returns this install's long-term TLS certificate,
+// generating and persisting one on first use. Cached process-wide.
+func DeviceCertificate() (tls.Certificate, error) {
+	deviceCertMu.Lock()
+	defer deviceCertMu.Unlock()
+	if deviceCertOnce != nil || deviceCertErr != nil {
+		if deviceCertOnce != nil {
+			return *deviceCertOnce, nil
+		}
+		return tls.Certificate{}, deviceCertErr
+	}
+	cert, err := loadOrCreateDeviceCert()
+	if err != nil {
+		deviceCertErr = err
+		return tls.Certificate{}, err
+	}
+	deviceCertOnce = &cert
+	return cert, nil
+}
+
+// DeviceID returns the stable fingerprint of this install's public key
+// — the SHA-256 of its certificate DER, base32-encoded. Empty string
+// only if cert generation itself fails (effectively impossible on a
+// healthy host). This is the identity peers pair against.
+func DeviceID() string {
+	cert, err := DeviceCertificate()
+	if err != nil || len(cert.Certificate) == 0 {
+		return ""
+	}
+	return Fingerprint(cert.Certificate[0])
+}
+
+// Fingerprint computes the DeviceID-style fingerprint of any raw
+// certificate DER — used on the receiving side to identify a peer from
+// the client cert it presented during the TLS handshake.
+func Fingerprint(certDER []byte) string {
+	sum := sha256.Sum256(certDER)
+	return b32.EncodeToString(sum[:])
+}
+
+// resetDeviceCertCacheForTest clears the process cache so a test can
+// point XDG at a fresh temp dir and exercise generation. Never called
+// in production.
+func resetDeviceCertCacheForTest() {
+	deviceCertMu.Lock()
+	defer deviceCertMu.Unlock()
+	deviceCertOnce = nil
+	deviceCertErr = nil
+}
+
+func loadOrCreateDeviceCert() (tls.Certificate, error) {
+	certPEM, certErr := os.ReadFile(deviceCertPath())
+	keyPEM, keyErr := os.ReadFile(deviceKeyPath())
+	if certErr == nil && keyErr == nil {
+		cert, err := tls.X509KeyPair(certPEM, keyPEM)
+		if err == nil {
+			return cert, nil
+		}
+		// A corrupt/half-written pair shouldn't wedge the daemon
+		// forever — regenerate. The peer re-prompts pairing (the
+		// fingerprint changed), which is the same recovery path as a
+		// lost InstallID: annoying once, never broken.
+	}
+	return generateDeviceCert()
+}
+
+func generateDeviceCert() (tls.Certificate, error) {
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("generate device key: %w", err)
+	}
+	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("generate serial: %w", err)
+	}
+	// Long-lived self-signed cert: the fingerprint IS the identity, so
+	// expiry only forces re-pairing churn with no security benefit.
+	// 100 years matches Syncthing's effectively-permanent device cert.
+	tmpl := x509.Certificate{
+		SerialNumber:          serial,
+		Subject:               pkix.Name{CommonName: "clawtool"},
+		NotBefore:             time.Now().Add(-time.Hour),
+		NotAfter:              time.Now().AddDate(100, 0, 0),
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		BasicConstraintsValid: true,
+	}
+	der, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, &priv.PublicKey, priv)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("create device cert: %w", err)
+	}
+	keyDER, err := x509.MarshalECPrivateKey(priv)
+	if err != nil {
+		return tls.Certificate{}, fmt.Errorf("marshal device key: %w", err)
+	}
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der})
+	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: keyDER})
+
+	// Persist best-effort: a write failure still returns a usable
+	// in-memory cert for this run (a later run regenerates + re-prompts).
+	_ = atomicfile.WriteFileMkdir(deviceCertPath(), certPEM, 0o600, 0o700)
+	_ = atomicfile.WriteFileMkdir(deviceKeyPath(), keyPEM, 0o600, 0o700)
+
+	return tls.X509KeyPair(certPEM, keyPEM)
+}
diff --git a/internal/a2a/devicecert_test.go b/internal/a2a/devicecert_test.go
new file mode 100644
index 0000000..ed8c91e
--- /dev/null
+++ b/internal/a2a/devicecert_test.go
@@ -0,0 +1,58 @@
+package a2a
+
+import (
+	"os"
+	"testing"
+)
+
+func TestDeviceID_StableAndPersisted(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	resetDeviceCertCacheForTest()
+
+	first := DeviceID()
+	if first == "" {
+		t.Fatal("DeviceID returned empty")
+	}
+	// Stable within the process (cached).
+	if second := DeviceID(); second != first {
+		t.Errorf("DeviceID not stable in-process: %q != %q", first, second)
+	}
+	// Stable across a fresh load from the persisted cert.
+	resetDeviceCertCacheForTest()
+	if reloaded := DeviceID(); reloaded != first {
+		t.Errorf("DeviceID not stable across reload: %q != %q", reloaded, first)
+	}
+	if _, err := os.Stat(deviceCertPath()); err != nil {
+		t.Errorf("device cert not persisted: %v", err)
+	}
+	if _, err := os.Stat(deviceKeyPath()); err != nil {
+		t.Errorf("device key not persisted: %v", err)
+	}
+}
+
+func TestDeviceID_DistinctPerInstall(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	resetDeviceCertCacheForTest()
+	a := DeviceID()
+
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	resetDeviceCertCacheForTest()
+	b := DeviceID()
+
+	if a == b {
+		t.Errorf("two installs share a DeviceID: %q", a)
+	}
+}
+
+func TestFingerprint_MatchesDeviceID(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	resetDeviceCertCacheForTest()
+
+	cert, err := DeviceCertificate()
+	if err != nil {
+		t.Fatalf("DeviceCertificate: %v", err)
+	}
+	if got := Fingerprint(cert.Certificate[0]); got != DeviceID() {
+		t.Errorf("Fingerprint(cert) = %q, want DeviceID %q", got, DeviceID())
+	}
+}

From 400b21c397e69bc6152c2df1cfc21781997c119e Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:11:55 +0300
Subject: [PATCH 32/86] feat(server): parallel mTLS peer listener for
 cross-device trust
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 2 of the Tier-2 trust rewrite. ServeHTTP gains an optional PeerListen
address: when set it starts an mTLS HTTPS listener alongside the existing
loopback HTTP listener, presenting this install's device certificate and
requesting the peer's (RequestClientCert, not Require — the handshake must
complete for an unpaired peer so first-contact pairing can read its
fingerprint and prompt). Each side learns the other's cert fingerprint; no
shared secret changes hands. The local loopback surface (claude/codex MCP
over 127.0.0.1) is untouched, and a failed peer listener is logged, never
fatal. Auth still flows through the existing middleware — swapping it to
fingerprint-based trust is the next phase.
---
 internal/a2a/devicecert.go            |  9 +--
 internal/a2a/devicecert_test.go       | 10 +--
 internal/server/http.go               | 20 ++++++
 internal/server/peer_listener.go      | 69 +++++++++++++++++++
 internal/server/peer_listener_test.go | 96 +++++++++++++++++++++++++++
 5 files changed, 195 insertions(+), 9 deletions(-)
 create mode 100644 internal/server/peer_listener.go
 create mode 100644 internal/server/peer_listener_test.go

diff --git a/internal/a2a/devicecert.go b/internal/a2a/devicecert.go
index eaca7dc..5300b12 100644
--- a/internal/a2a/devicecert.go
+++ b/internal/a2a/devicecert.go
@@ -95,10 +95,11 @@ func Fingerprint(certDER []byte) string {
 	return b32.EncodeToString(sum[:])
 }
 
-// resetDeviceCertCacheForTest clears the process cache so a test can
-// point XDG at a fresh temp dir and exercise generation. Never called
-// in production.
-func resetDeviceCertCacheForTest() {
+// ResetDeviceCertCacheForTest clears the process cache so a test can
+// point XDG at a fresh temp dir and exercise generation. Tests in other
+// packages need it to mint a distinct identity; production never calls
+// it (sibling of SetGlobalPairingStore).
+func ResetDeviceCertCacheForTest() {
 	deviceCertMu.Lock()
 	defer deviceCertMu.Unlock()
 	deviceCertOnce = nil
diff --git a/internal/a2a/devicecert_test.go b/internal/a2a/devicecert_test.go
index ed8c91e..9b2ebcd 100644
--- a/internal/a2a/devicecert_test.go
+++ b/internal/a2a/devicecert_test.go
@@ -7,7 +7,7 @@ import (
 
 func TestDeviceID_StableAndPersisted(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	resetDeviceCertCacheForTest()
+	ResetDeviceCertCacheForTest()
 
 	first := DeviceID()
 	if first == "" {
@@ -18,7 +18,7 @@ func TestDeviceID_StableAndPersisted(t *testing.T) {
 		t.Errorf("DeviceID not stable in-process: %q != %q", first, second)
 	}
 	// Stable across a fresh load from the persisted cert.
-	resetDeviceCertCacheForTest()
+	ResetDeviceCertCacheForTest()
 	if reloaded := DeviceID(); reloaded != first {
 		t.Errorf("DeviceID not stable across reload: %q != %q", reloaded, first)
 	}
@@ -32,11 +32,11 @@ func TestDeviceID_StableAndPersisted(t *testing.T) {
 
 func TestDeviceID_DistinctPerInstall(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	resetDeviceCertCacheForTest()
+	ResetDeviceCertCacheForTest()
 	a := DeviceID()
 
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	resetDeviceCertCacheForTest()
+	ResetDeviceCertCacheForTest()
 	b := DeviceID()
 
 	if a == b {
@@ -46,7 +46,7 @@ func TestDeviceID_DistinctPerInstall(t *testing.T) {
 
 func TestFingerprint_MatchesDeviceID(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	resetDeviceCertCacheForTest()
+	ResetDeviceCertCacheForTest()
 
 	cert, err := DeviceCertificate()
 	if err != nil {
diff --git a/internal/server/http.go b/internal/server/http.go
index c992529..d6f4a36 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -49,6 +49,13 @@ type HTTPOptions struct {
 	TokenFile string // path to a 0600 file containing the bearer token. Refused if missing/empty unless NoAuth is set.
 	MCPHTTP   bool   // when true, mount the MCP toolset at /mcp via mcp-go's Streamable HTTP transport.
 
+	// PeerListen, when non-empty, starts a parallel mTLS listener on
+	// that address for cross-device peers (Tier-2 trust). It presents
+	// this install's device certificate and requests the peer's, so
+	// each side learns the other's fingerprint. The main loopback
+	// listener (Listen) is unaffected. Empty = no peer surface.
+	PeerListen string
+
 	// NoAuth runs the listener without bearer-token enforcement. The
 	// shared local daemon flips this on by default — the operator's
 	// machine is the trust boundary, codex / gemini hit /mcp over
@@ -344,6 +351,19 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 		}
 	}()
 
+	// Cross-device mTLS listener (Tier-2). Runs parallel to the
+	// loopback listener; the main srv below keeps blocking as before.
+	// Errors are logged, never fatal — a failed peer listener must not
+	// take down the local gateway that claude / codex depend on.
+	if strings.TrimSpace(opts.PeerListen) != "" {
+		go func() {
+			if err := servePeerListener(ctx, opts.PeerListen, mux); err != nil {
+				fmt.Fprintf(os.Stderr, "clawtool: peer mTLS listener on %s stopped: %v\n", opts.PeerListen, err)
+			}
+		}()
+		fmt.Fprintf(os.Stderr, "clawtool: peer mTLS listener on %s (device %s)\n", opts.PeerListen, a2a.DeviceID())
+	}
+
 	listenErr := srv.ListenAndServe()
 	if listenErr != nil && !errors.Is(listenErr, http.ErrServerClosed) {
 		return fmt.Errorf("listen %s: %w", opts.Listen, listenErr)
diff --git a/internal/server/peer_listener.go b/internal/server/peer_listener.go
new file mode 100644
index 0000000..493ea3d
--- /dev/null
+++ b/internal/server/peer_listener.go
@@ -0,0 +1,69 @@
+// Cross-device mTLS listener (Tier-2 trust, Phase 2).
+//
+// The loopback listener (ServeHTTP's main srv) stays plain HTTP + bearer
+// token for local MCP clients (claude / codex over 127.0.0.1). This file
+// adds the SEPARATE surface remote devices talk to: an HTTPS listener that
+// presents this install's device certificate and asks the peer to present
+// its own. After the handshake each side knows the other's certificate
+// fingerprint (a2a.Fingerprint of the presented cert) — the unforgeable
+// identity later phases gate trust on. No shared secret is involved.
+//
+// ClientAuth is RequestClientCert, not RequireAndVerifyClientCert: the
+// handshake must COMPLETE even for a peer we've never paired with, so the
+// daemon can read its fingerprint and surface a pairing prompt. Rejecting
+// the unknown peer at the TLS layer would make first-contact pairing
+// impossible. The trust decision is the auth layer's job (Phase 3), keyed
+// on the presented fingerprint — not the handshake's.
+package server
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+// peerTLSConfig builds the server-side mTLS config for the cross-device
+// listener: serve this device's cert, request (don't require) the peer's.
+func peerTLSConfig() (*tls.Config, error) {
+	cert, err := a2a.DeviceCertificate()
+	if err != nil {
+		return nil, err
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		ClientAuth:   tls.RequestClientCert,
+		MinVersion:   tls.VersionTLS12,
+	}, nil
+}
+
+// servePeerListener runs an mTLS HTTP server bound to addr, serving h until
+// ctx is cancelled. Returns nil on graceful shutdown. Runs parallel to the
+// loopback listener — the caller starts it in its own goroutine so the main
+// listener keeps blocking as before.
+func servePeerListener(ctx context.Context, addr string, h http.Handler) error {
+	tlsCfg, err := peerTLSConfig()
+	if err != nil {
+		return err
+	}
+	srv := &http.Server{
+		Addr:              addr,
+		Handler:           h,
+		TLSConfig:         tlsCfg,
+		ReadHeaderTimeout: 10 * time.Second,
+	}
+	go func() {
+		<-ctx.Done()
+		shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+		_ = srv.Shutdown(shutdownCtx)
+	}()
+	// Certs come from TLSConfig, so the file arguments are empty.
+	if err := srv.ListenAndServeTLS("", ""); err != nil && !errors.Is(err, http.ErrServerClosed) {
+		return err
+	}
+	return nil
+}
diff --git a/internal/server/peer_listener_test.go b/internal/server/peer_listener_test.go
new file mode 100644
index 0000000..5d77d7a
--- /dev/null
+++ b/internal/server/peer_listener_test.go
@@ -0,0 +1,96 @@
+package server
+
+import (
+	"crypto/tls"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+// TestPeerTLSConfig_ServesDeviceCertAndRequestsClient stands up an httptest
+// TLS server using the real peerTLSConfig and verifies the security-relevant
+// handshake behavior: the server presents this device's certificate (cert
+// fingerprint == DeviceID), and it receives the client's certificate so a
+// later phase can identify the peer.
+func TestPeerTLSConfig_ServesDeviceCertAndRequestsClient(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+
+	wantID := a2a.DeviceID()
+	if wantID == "" {
+		t.Fatal("DeviceID empty — cert generation failed")
+	}
+
+	var gotClientFP string
+	h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
+			gotClientFP = a2a.Fingerprint(r.TLS.PeerCertificates[0].Raw)
+		}
+		w.WriteHeader(http.StatusOK)
+		_, _ = io.WriteString(w, "ok")
+	})
+
+	cfg, err := peerTLSConfig()
+	if err != nil {
+		t.Fatalf("peerTLSConfig: %v", err)
+	}
+	if cfg.ClientAuth != tls.RequestClientCert {
+		t.Errorf("ClientAuth = %v, want RequestClientCert (handshake must complete for unpaired peers)", cfg.ClientAuth)
+	}
+
+	srv := httptest.NewUnstartedServer(h)
+	srv.TLS = cfg
+	srv.StartTLS()
+	defer srv.Close()
+
+	// A client identity distinct from the server's, to prove the server
+	// actually receives a different fingerprint over the wire.
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	a2a.ResetDeviceCertCacheForTest()
+	clientCert, err := a2a.DeviceCertificate()
+	if err != nil {
+		t.Fatalf("client DeviceCertificate: %v", err)
+	}
+	clientFP := a2a.DeviceID()
+
+	var serverFP string
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				Certificates: []tls.Certificate{clientCert},
+				// TOFU: don't validate against a CA (self-signed). Capture
+				// the served leaf so we can assert its fingerprint.
+				InsecureSkipVerify: true, //nolint:gosec // self-signed pinning model; fingerprint asserted below
+				VerifyConnection: func(cs tls.ConnectionState) error {
+					if len(cs.PeerCertificates) > 0 {
+						serverFP = a2a.Fingerprint(cs.PeerCertificates[0].Raw)
+					}
+					return nil
+				},
+			},
+		},
+	}
+
+	resp, err := client.Get(srv.URL)
+	if err != nil {
+		t.Fatalf("mTLS GET: %v", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("status = %d, want 200", resp.StatusCode)
+	}
+	if serverFP != wantID {
+		t.Errorf("served cert fingerprint = %q, want DeviceID %q", serverFP, wantID)
+	}
+	if gotClientFP == "" {
+		t.Error("server did not receive the client certificate")
+	}
+	if gotClientFP != clientFP {
+		t.Errorf("server saw client fingerprint %q, want %q", gotClientFP, clientFP)
+	}
+	if serverFP == gotClientFP {
+		t.Error("server and client fingerprints identical — distinct identities expected")
+	}
+}

From 02be0ce024078a7d5f6a5bc5cc667aa28c141e67 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:16:21 +0300
Subject: [PATCH 33/86] feat(server): fingerprint-trust auth gate for mTLS
 peers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 3 of the Tier-2 rewrite. circleOrBearer (the gate on the peer-facing
endpoints /v1/agents and /v1/relay) now authorizes a request arriving over
TLS by its client-cert fingerprint: approved in the PairingStore → allowed;
unknown → recorded as a pending request (surfacing the approve/deny prompt)
and answered with pairing_required + the pairing code, not a flat 401;
denied → refused. Checked before the no-auth shortcut so the gate holds even
under a loopback no-auth daemon. The fingerprint replaces the shared circle
key as the credential. Bearer-only endpoints (incl. /mcp code execution) are
untouched, so an approved peer keeps exactly the read+relay scope the circle
key had — never raw code-exec. The non-TLS path is unchanged; existing
circle-key tests still pass.
---
 internal/a2a/devicecert.go        |   6 ++
 internal/server/http.go           |  34 ++++++++++
 internal/server/peer_auth_test.go | 104 ++++++++++++++++++++++++++++++
 3 files changed, 144 insertions(+)
 create mode 100644 internal/server/peer_auth_test.go

diff --git a/internal/a2a/devicecert.go b/internal/a2a/devicecert.go
index 5300b12..c002cc7 100644
--- a/internal/a2a/devicecert.go
+++ b/internal/a2a/devicecert.go
@@ -43,6 +43,12 @@ import (
 func deviceCertPath() string { return filepath.Join(xdg.ConfigDir(), "device-cert.pem") }
 func deviceKeyPath() string  { return filepath.Join(xdg.ConfigDir(), "device-key.pem") }
 
+// DeviceNameHeader carries the initiating device's human label on a peer
+// request, so the receiving operator's approval prompt shows "laptop wants
+// to pair" rather than a bare fingerprint. Advisory only — the fingerprint
+// from the TLS client cert is what trust is keyed on, never this header.
+const DeviceNameHeader = "X-Clawtool-Device-Name"
+
 // b32 encodes fingerprints without padding so the DeviceID is a clean
 // uppercase token (RFC 4648 alphabet, matching Syncthing's choice).
 var b32 = base32.StdEncoding.WithPadding(base32.NoPadding)
diff --git a/internal/server/http.go b/internal/server/http.go
index d6f4a36..d947d26 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -482,6 +482,40 @@ func circleOrBearer(token string, trustLoopback bool) func(http.Handler) http.Ha
 	exp := []byte(token)
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			// mTLS peer surface (Tier-2): a request arriving over TLS with a
+			// client certificate is a remote device. It is authorized ONLY
+			// if its certificate fingerprint has been approved in the
+			// PairingStore — checked FIRST so this gate holds even when the
+			// loopback daemon runs in no-auth mode. An unknown fingerprint
+			// isn't a flat reject: we record it as a pending request (which
+			// surfaces the approve/deny prompt on this machine) and answer
+			// with pairing_required so the caller knows to wait for approval.
+			// The shared circle key plays no part here — possession of the
+			// private key behind an approved fingerprint is the credential.
+			if r.TLS != nil {
+				if len(r.TLS.PeerCertificates) == 0 {
+					writeJSON(w, http.StatusForbidden, map[string]any{
+						"error": "peer access requires a client certificate",
+					})
+					return
+				}
+				fp := a2a.Fingerprint(r.TLS.PeerCertificates[0].Raw)
+				store := a2a.GlobalPairingStore()
+				if store.IsApproved(fp) {
+					next.ServeHTTP(w, r)
+					return
+				}
+				rec, _, _ := store.Observe(fp, r.Header.Get(a2a.DeviceNameHeader), r.RemoteAddr)
+				resp := map[string]any{
+					"pairing_required": true,
+					"fingerprint":      fp,
+				}
+				if rec != nil {
+					resp["code"] = rec.Code
+				}
+				writeJSON(w, http.StatusForbidden, resp)
+				return
+			}
 			// No bearer configured ⇒ local NoAuth daemon (loopback is the
 			// trust boundary): allow, exactly like authMiddleware.
 			if len(exp) == 0 {
diff --git a/internal/server/peer_auth_test.go b/internal/server/peer_auth_test.go
new file mode 100644
index 0000000..d44654a
--- /dev/null
+++ b/internal/server/peer_auth_test.go
@@ -0,0 +1,104 @@
+package server
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+// peerRequest builds a request that looks like it arrived over the mTLS peer
+// listener carrying the given client certificate.
+func peerRequest(t *testing.T, cert tls.Certificate) *http.Request {
+	t.Helper()
+	leaf, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		t.Fatalf("parse cert: %v", err)
+	}
+	req := httptest.NewRequest(http.MethodPost, "/v1/relay", nil)
+	req.RemoteAddr = "192.168.1.9:5555"
+	req.TLS = &tls.ConnectionState{PeerCertificates: []*x509.Certificate{leaf}}
+	return req
+}
+
+func TestCircleOrBearer_PeerFingerprintTrust(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	a2a.ResetDeviceCertCacheForTest()
+	cert, err := a2a.DeviceCertificate()
+	if err != nil {
+		t.Fatalf("DeviceCertificate: %v", err)
+	}
+	fp := a2a.DeviceID()
+
+	// Isolated pairing store so the test never touches real state.
+	store, err := a2a.LoadPairingStore() // empty (temp XDG)
+	if err != nil {
+		t.Fatalf("load store: %v", err)
+	}
+	a2a.SetGlobalPairingStore(store)
+	t.Cleanup(func() { a2a.SetGlobalPairingStore(nil) })
+
+	reached := false
+	h := circleOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		reached = true
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	// 1. Unknown fingerprint → 403 pairing_required, and a pending record
+	//    is created so the operator gets a prompt.
+	rec := httptest.NewRecorder()
+	h.ServeHTTP(rec, peerRequest(t, cert))
+	if rec.Code != http.StatusForbidden {
+		t.Fatalf("unknown peer: status = %d, want 403", rec.Code)
+	}
+	if reached {
+		t.Fatal("unknown peer reached the handler — must be gated")
+	}
+	var body map[string]any
+	_ = json.Unmarshal(rec.Body.Bytes(), &body)
+	if body["pairing_required"] != true {
+		t.Errorf("unknown peer: body = %v, want pairing_required", body)
+	}
+	if got := store.List(); len(got) != 1 || got[0].Fingerprint != fp {
+		t.Errorf("unknown peer: pending record not created: %+v", got)
+	}
+
+	// 2. Approved fingerprint → handler reached.
+	if _, err := store.Approve(fp); err != nil {
+		t.Fatalf("approve: %v", err)
+	}
+	reached = false
+	rec = httptest.NewRecorder()
+	h.ServeHTTP(rec, peerRequest(t, cert))
+	if rec.Code != http.StatusOK || !reached {
+		t.Errorf("approved peer: status = %d reached = %v, want 200 + reached", rec.Code, reached)
+	}
+
+	// 3. Denied fingerprint → gated again.
+	if _, err := store.Deny(fp); err != nil {
+		t.Fatalf("deny: %v", err)
+	}
+	reached = false
+	rec = httptest.NewRecorder()
+	h.ServeHTTP(rec, peerRequest(t, cert))
+	if rec.Code != http.StatusForbidden || reached {
+		t.Errorf("denied peer: status = %d reached = %v, want 403 + not reached", rec.Code, reached)
+	}
+}
+
+func TestCircleOrBearer_PeerWithoutClientCertRejected(t *testing.T) {
+	h := circleOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+	req := httptest.NewRequest(http.MethodPost, "/v1/relay", nil)
+	req.TLS = &tls.ConnectionState{} // TLS but no client cert
+	rec := httptest.NewRecorder()
+	h.ServeHTTP(rec, req)
+	if rec.Code != http.StatusForbidden {
+		t.Errorf("status = %d, want 403 for missing client cert", rec.Code)
+	}
+}

From 90df151cb5385327339367293983dfbb831730d7 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:23:19 +0300
Subject: [PATCH 34/86] feat(server): outbound mTLS peer client with
 fingerprint pinning

Phase 4 of the Tier-2 rewrite. proxyPeerAgents and sendPairRequest now reach
peers over mTLS instead of plain HTTP + circle-key header: the client
presents this device's certificate, pins the peer to the DeviceID discovery
advertised (trust-on-first-use when none is known yet), and sends the
device-name header for the approval prompt. peerBaseURL resolves https. A
403 from the peer is mapped to pairing_required (approval pending) rather
than the old not_in_circle. The obsolete circle-key proxy tests are rewritten
to exercise the mTLS path (client cert presented, agents relayed, pairing
pending).
---
 internal/server/circle_test.go   | 78 ++++++++++++-------------------
 internal/server/peer_client.go   | 80 ++++++++++++++++++++++++++++++++
 internal/server/peers_handler.go | 75 +++++++++++-------------------
 3 files changed, 135 insertions(+), 98 deletions(-)
 create mode 100644 internal/server/peer_client.go

diff --git a/internal/server/circle_test.go b/internal/server/circle_test.go
index 68398db..f87ed0b 100644
--- a/internal/server/circle_test.go
+++ b/internal/server/circle_test.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -103,54 +104,31 @@ func TestCircleOrBearer_NoKeyConfiguredDeniesHeaderOnly(t *testing.T) {
 	}
 }
 
-// TestProxyPeerAgents_NeedsCircleKey: with no circle key on this device,
-// the proxy returns needs_circle_key=true (a prompt, not an error) so
-// the dashboard can guide the operator.
-func TestProxyPeerAgents_NeedsCircleKey(t *testing.T) {
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir()) // no key
-	mux, reg, cleanup := newPeersTestMux(t, "tok")
-	defer cleanup()
-	srv := httptest.NewServer(mux)
-	defer srv.Close()
-	p, _ := reg.Register(a2a.RegisterInput{
-		DisplayName: "remote", Backend: "clawtool-mdns",
-		Metadata: map[string]string{"agent_card_url": "http://192.168.1.50:52828/.well-known/agent-card.json"},
-	})
-
-	resp, body := peersDo(t, srv, http.MethodGet, "/v1/peers/"+p.PeerID+"/agents", "tok", nil)
-	if resp.StatusCode != http.StatusOK {
-		t.Fatalf("no-key proxy = %d, want 200; body %s", resp.StatusCode, body)
-	}
-	var out map[string]any
-	if err := json.Unmarshal(body, &out); err != nil {
-		t.Fatal(err)
-	}
-	if out["needs_circle_key"] != true {
-		t.Errorf("expected needs_circle_key=true, got %v", out)
-	}
-}
-
-// TestProxyPeerAgents_RelaysWithCircleKey: with a circle key set, the
-// proxy forwards it to the peer and relays the peer's agents. The fake
-// peer asserts it received the matching circle header.
-func TestProxyPeerAgents_RelaysWithCircleKey(t *testing.T) {
+// TestProxyPeerAgents_RelaysOverMTLS: the proxy reaches the peer over mTLS
+// (presenting this device's cert + the device-name header) and relays the
+// peer's agents. No shared secret involved.
+func TestProxyPeerAgents_RelaysOverMTLS(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	if err := a2a.SaveCircleKey("shared-key"); err != nil {
-		t.Fatal(err)
-	}
+	a2a.ResetDeviceCertCacheForTest()
 
-	var gotHeader string
-	peerSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		gotHeader = r.Header.Get(a2a.CircleKeyHeader)
+	var gotName string
+	var gotClientCert bool
+	peerSrv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		gotName = r.Header.Get(a2a.DeviceNameHeader)
+		gotClientCert = r.TLS != nil && len(r.TLS.PeerCertificates) > 0
 		w.Header().Set("Content-Type", "application/json")
 		_, _ = io.WriteString(w, `{"agents":[{"instance":"codex1","family":"codex","callable":true}],"count":1}`)
 	}))
+	// Request the client cert so we can prove we presented it.
+	peerSrv.TLS.ClientAuth = tls.RequestClientCert
 	defer peerSrv.Close()
 
 	mux, reg, cleanup := newPeersTestMux(t, "tok")
 	defer cleanup()
 	srv := httptest.NewServer(mux)
 	defer srv.Close()
+	// No device_id in metadata ⇒ trust-on-first-use (accept the peer's
+	// self-signed httptest cert).
 	p, _ := reg.Register(a2a.RegisterInput{
 		DisplayName: "remote", Backend: "clawtool-mdns",
 		Metadata: map[string]string{"agent_card_url": peerSrv.URL + "/.well-known/agent-card.json"},
@@ -160,8 +138,11 @@ func TestProxyPeerAgents_RelaysWithCircleKey(t *testing.T) {
 	if resp.StatusCode != http.StatusOK {
 		t.Fatalf("proxy = %d, want 200; body %s", resp.StatusCode, body)
 	}
-	if gotHeader != "shared-key" {
-		t.Errorf("peer received circle header %q, want shared-key", gotHeader)
+	if !gotClientCert {
+		t.Error("peer did not receive our client certificate over mTLS")
+	}
+	if gotName == "" {
+		t.Error("peer did not receive the device-name header")
 	}
 	var out map[string]any
 	if err := json.Unmarshal(body, &out); err != nil {
@@ -172,15 +153,14 @@ func TestProxyPeerAgents_RelaysWithCircleKey(t *testing.T) {
 	}
 }
 
-// TestProxyPeerAgents_NotInCircle: peer reachable but rejects the key →
-// not_in_circle=true.
-func TestProxyPeerAgents_NotInCircle(t *testing.T) {
+// TestProxyPeerAgents_PairingRequired: a peer that hasn't approved this
+// device yet answers 403 → the proxy surfaces pairing_required.
+func TestProxyPeerAgents_PairingRequired(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	if err := a2a.SaveCircleKey("my-key"); err != nil {
-		t.Fatal(err)
-	}
-	peerSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusUnauthorized)
+	a2a.ResetDeviceCertCacheForTest()
+
+	peerSrv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusForbidden)
 	}))
 	defer peerSrv.Close()
 
@@ -198,7 +178,7 @@ func TestProxyPeerAgents_NotInCircle(t *testing.T) {
 	if err := json.Unmarshal(body, &out); err != nil {
 		t.Fatal(err)
 	}
-	if out["not_in_circle"] != true {
-		t.Errorf("expected not_in_circle=true, got %v", out)
+	if out["pairing_required"] != true {
+		t.Errorf("expected pairing_required=true, got %v", out)
 	}
 }
diff --git a/internal/server/peer_client.go b/internal/server/peer_client.go
new file mode 100644
index 0000000..dcce4c7
--- /dev/null
+++ b/internal/server/peer_client.go
@@ -0,0 +1,80 @@
+// Outbound side of cross-device mTLS (Tier-2 trust, Phase 4).
+//
+// When this daemon reaches OUT to another device — fetching its agents,
+// sending a pair request, relaying a message — it must (a) present this
+// install's device certificate so the remote can identify and trust us by
+// fingerprint, and (b) verify the remote is who discovery said it is.
+//
+// Verification is fingerprint pinning, not CA validation: device certs are
+// self-signed, so there's no CA to chain to. If discovery already told us
+// the peer's DeviceID we pin it (a mismatch = someone else answering that
+// address = MITM, rejected). On true first contact we have no expected
+// fingerprint yet, so we trust-on-first-use and capture what we saw — the
+// human-confirmed pairing code (Phase 5) is what closes the MITM window.
+package server
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+// peerExpectedFingerprint returns the DeviceID discovery advertised for this
+// peer, or "" when unknown (first contact, pre-Phase-4b discovery).
+func peerExpectedFingerprint(peer *a2a.Peer) string {
+	if peer == nil {
+		return ""
+	}
+	return peer.Metadata["device_id"]
+}
+
+// peerHTTPClient builds an mTLS client that presents this device's cert and
+// pins the server to expectFP (empty = trust-on-first-use). timeout bounds
+// the whole exchange.
+func peerHTTPClient(expectFP string, timeout time.Duration) (*http.Client, error) {
+	cert, err := a2a.DeviceCertificate()
+	if err != nil {
+		return nil, err
+	}
+	tlsCfg := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		MinVersion:   tls.VersionTLS12,
+		// Self-signed peer certs: skip the default CA chain check and pin
+		// by fingerprint in VerifyConnection instead.
+		InsecureSkipVerify: true, //nolint:gosec // fingerprint-pinned below
+		VerifyConnection: func(cs tls.ConnectionState) error {
+			if len(cs.PeerCertificates) == 0 {
+				return errors.New("peer presented no certificate")
+			}
+			got := a2a.Fingerprint(cs.PeerCertificates[0].Raw)
+			if expectFP != "" && got != expectFP {
+				return fmt.Errorf("peer fingerprint mismatch: got %s, expected %s", got, expectFP)
+			}
+			return nil
+		},
+	}
+	return &http.Client{
+		Timeout:   timeout,
+		Transport: &http.Transport{TLSClientConfig: tlsCfg},
+	}, nil
+}
+
+// peerBaseURL resolves a peer's HTTPS base URL from what discovery recorded.
+// The agent_card_url is authoritative (it carries the scheme + peer port);
+// the bare address is an https fallback for older records.
+func peerBaseURL(peer *a2a.Peer) string {
+	if cardURL := peer.Metadata["agent_card_url"]; cardURL != "" {
+		if i := strings.Index(cardURL, "/.well-known/"); i > 0 {
+			return cardURL[:i]
+		}
+	}
+	if addr := peer.Metadata["address"]; addr != "" {
+		return "https://" + addr
+	}
+	return ""
+}
diff --git a/internal/server/peers_handler.go b/internal/server/peers_handler.go
index f637078..f9aa2dd 100644
--- a/internal/server/peers_handler.go
+++ b/internal/server/peers_handler.go
@@ -335,22 +335,6 @@ func proxyPeerCard(w http.ResponseWriter, r *http.Request, reg *a2a.Registry, pe
 	_, _ = w.Write(body)
 }
 
-// peerBaseURL derives a discovered peer's scheme+host base
-// (http://host:port) from its advertised agent_card_url, falling back
-// to the recorded address. Returns "" when neither is usable.
-func peerBaseURL(peer *a2a.Peer) string {
-	if cardURL := peer.Metadata["agent_card_url"]; cardURL != "" {
-		// agent_card_url is "<base>/.well-known/agent-card.json".
-		if i := strings.Index(cardURL, "/.well-known/"); i > 0 {
-			return cardURL[:i]
-		}
-	}
-	if addr := peer.Metadata["address"]; addr != "" {
-		return "http://" + addr
-	}
-	return ""
-}
-
 // proxyPeerAgents fetches a discovered peer's /v1/agents server-side and
 // relays it, so a dashboard can show which agents run on another device.
 // The local daemon authenticates to the remote with the shared circle
@@ -364,16 +348,6 @@ func proxyPeerAgents(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 		writeJSON(w, http.StatusNotFound, map[string]any{"error": "no peer with that id", "got_id": peerID})
 		return
 	}
-	key, _ := a2a.LoadCircleKey()
-	if key == "" {
-		// Not an error — just not set up yet. 200 so the dashboard's
-		// fetch resolves and it can render a "join a circle" hint.
-		writeJSON(w, http.StatusOK, map[string]any{
-			"needs_circle_key": true,
-			"hint":             "run `clawtool a2a circle-key generate` here, then `set` the same key on the peer",
-		})
-		return
-	}
 	base := peerBaseURL(peer)
 	if base == "" {
 		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "peer advertised no reachable address", "peer_id": peerID})
@@ -382,13 +356,18 @@ func proxyPeerAgents(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 
 	ctx, cancel := context.WithTimeout(r.Context(), 4*time.Second)
 	defer cancel()
+	client, err := peerHTTPClient(peerExpectedFingerprint(peer), 4*time.Second)
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "device identity unavailable: " + err.Error()})
+		return
+	}
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, base+"/v1/agents", nil)
 	if err != nil {
 		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "bad peer address: " + err.Error()})
 		return
 	}
-	req.Header.Set(a2a.CircleKeyHeader, key)
-	resp, err := http.DefaultClient.Do(req)
+	req.Header.Set(a2a.DeviceNameHeader, a2a.InstallDisplayName())
+	resp, err := client.Do(req)
 	if err != nil {
 		writeJSON(w, http.StatusBadGateway, map[string]any{
 			"error":   "could not reach peer to fetch its agents: " + err.Error(),
@@ -398,13 +377,12 @@ func proxyPeerAgents(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode == http.StatusUnauthorized {
-		// The peer is reachable but rejected our circle key — different
-		// circle (or no key on its side). Surface it distinctly so the
-		// dashboard can say "peer is not in your circle".
+	if resp.StatusCode == http.StatusForbidden {
+		// The peer is reachable but hasn't approved this device yet.
+		// Surface it distinctly so the dashboard can say "pairing pending".
 		writeJSON(w, http.StatusOK, map[string]any{
-			"not_in_circle": true,
-			"hint":          "this peer doesn't share your circle key — set the same key on both devices",
+			"pairing_required": true,
+			"hint":             "approve this device on the peer to see its agents",
 		})
 		return
 	}
@@ -437,44 +415,43 @@ func sendPairRequest(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 		writeJSON(w, http.StatusNotFound, map[string]any{"error": "no peer with that id", "got_id": peerID})
 		return
 	}
-	key, _ := a2a.LoadCircleKey()
-	if key == "" {
-		writeJSON(w, http.StatusOK, map[string]any{
-			"needs_circle_key": true,
-			"hint":             "generate a pairing key here and set the same key on the peer first",
-		})
-		return
-	}
 	base := peerBaseURL(peer)
 	if base == "" {
 		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "peer advertised no reachable address", "peer_id": peerID})
 		return
 	}
 	reqBody, _ := json.Marshal(map[string]any{
-		"from_fingerprint":  a2a.InstallID(),
+		"from_fingerprint":  a2a.DeviceID(),
 		"from_display_name": a2a.InstallDisplayName(),
 		"text":              "wants to pair",
 	})
 	ctx, cancel := context.WithTimeout(r.Context(), 4*time.Second)
 	defer cancel()
+	client, err := peerHTTPClient(peerExpectedFingerprint(peer), 4*time.Second)
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "device identity unavailable: " + err.Error()})
+		return
+	}
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/relay", bytes.NewReader(reqBody))
 	if err != nil {
 		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "bad peer address: " + err.Error()})
 		return
 	}
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set(a2a.CircleKeyHeader, key)
-	resp, err := http.DefaultClient.Do(req)
+	req.Header.Set(a2a.DeviceNameHeader, a2a.InstallDisplayName())
+	resp, err := client.Do(req)
 	if err != nil {
 		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "could not reach peer: " + err.Error(), "peer_id": peerID})
 		return
 	}
 	defer resp.Body.Close()
-	if resp.StatusCode == http.StatusUnauthorized {
-		writeJSON(w, http.StatusOK, map[string]any{"not_in_circle": true, "hint": "this peer doesn't share your pairing key — set the same key on both"})
+	// 403 pairing_required is the EXPECTED first-contact outcome: the mTLS
+	// handshake proved our identity, the peer recorded us as a pending
+	// request, and its operator must approve on screen. A 2xx means the
+	// peer already trusts us (re-pair / already approved).
+	if resp.StatusCode == http.StatusForbidden {
+		writeJSON(w, http.StatusOK, map[string]any{"ok": true, "sent": true, "pending": true, "peer_id": peerID})
 		return
 	}
-	// 202 pairing_required is the SUCCESS case: the peer recorded our request
-	// and is waiting for its operator to approve on screen.
 	writeJSON(w, http.StatusOK, map[string]any{"ok": true, "sent": true, "peer_id": peerID, "peer_status": resp.StatusCode})
 }

From 0874b2da8cc4b2b458cd2f81da9a14e79a0a5a89 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:27:58 +0300
Subject: [PATCH 35/86] feat(daemon): wire the mTLS peer listener live
 (loopback main + LAN peer port)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 4b — makes Tier-2 trust active end to end. The managed daemon now keeps
its main MCP listener on loopback+no-auth ALWAYS and, when LAN-exposed, starts
the separate mTLS peer listener on its own free port via the new
serve --peer-listen flag. mDNS advertises the https peer URL plus a device_id
TXT record so peers learn the fingerprint to pin; the browse side carries
device_id into peer metadata and resolves https for Tier-2 peers. The
firewall/networking hooks target the peer port. The loopback surface is never
bound beyond 127.0.0.1 — asserted by the rewritten daemon-args security test.
---
 cmd/clawtool/main.go        | 14 ++++++++++
 internal/a2a/mdns.go        | 23 +++++++++++++---
 internal/daemon/daemon.go   | 48 ++++++++++++++++-----------------
 internal/daemon/lan_test.go | 54 ++++++++++++++++++++++---------------
 internal/server/http.go     | 19 ++++++++++---
 5 files changed, 105 insertions(+), 53 deletions(-)

diff --git a/cmd/clawtool/main.go b/cmd/clawtool/main.go
index b8fe015..07baab5 100755
--- a/cmd/clawtool/main.go
+++ b/cmd/clawtool/main.go
@@ -151,6 +151,12 @@ func parseServeFlags(argv []string) (server.HTTPOptions, bool, error) {
 			}
 			opts.Listen = argv[i+1]
 			i++
+		case "--peer-listen":
+			if i+1 >= len(argv) {
+				return opts, debug, fmt.Errorf("--peer-listen requires a value (e.g. '0.0.0.0:52829')")
+			}
+			opts.PeerListen = argv[i+1]
+			i++
 		case "--token-file":
 			if i+1 >= len(argv) {
 				return opts, debug, fmt.Errorf("--token-file requires a path")
@@ -217,6 +223,14 @@ func parseServeFlags(argv []string) (server.HTTPOptions, bool, error) {
 				"(this exposes clawtool's MCP surface to every device on your network)",
 			opts.Listen)
 	}
+	// The peer listener is LAN-facing by design (mTLS, fingerprint-gated),
+	// but binding beyond loopback still demands the explicit --allow-lan
+	// opt-in — same foot-gun guard as --listen.
+	if opts.PeerListen != "" && !opts.AllowLAN && !server.IsLoopbackAddress(opts.PeerListen) {
+		return opts, debug, fmt.Errorf(
+			"--peer-listen %s binds beyond loopback; pass --allow-lan to confirm",
+			opts.PeerListen)
+	}
 	return opts, debug, nil
 }
 
diff --git a/internal/a2a/mdns.go b/internal/a2a/mdns.go
index 20b0351..e208c28 100644
--- a/internal/a2a/mdns.go
+++ b/internal/a2a/mdns.go
@@ -400,13 +400,20 @@ func (b *Browser) handleEntry(reg *Registry, entry *zeroconf.ServiceEntry) {
 	}
 
 	cardURL := txt["agent_card_url"]
+	// A Tier-2 peer (one advertising a device_id) serves its peer surface
+	// over https; older peers are http. Pick the scheme accordingly for
+	// the rebuilt URL below.
+	scheme := "http"
+	if txt["device_id"] != "" || strings.HasPrefix(cardURL, "https://") {
+		scheme = "https"
+	}
 	// The announce side emits an `%h` hostname placeholder (an Avahi
 	// convention grandcat/zeroconf does NOT substitute), so a TXT value
-	// like `http://%h:8080/...` is unusable as-is. Rebuild it from the
+	// like `https://%h:8080/...` is unusable as-is. Rebuild it from the
 	// peer's resolved address whenever it's empty or still carries the
 	// placeholder — that's the dialable URL a peer actually fetches.
 	if (cardURL == "" || strings.Contains(cardURL, "%h")) && host != "" && entry.Port > 0 {
-		cardURL = fmt.Sprintf("http://%s:%d/.well-known/agent-card.json", host, entry.Port)
+		cardURL = fmt.Sprintf("%s://%s:%d/.well-known/agent-card.json", scheme, host, entry.Port)
 	}
 
 	// Register's identity tuple is (backend, path, session_id,
@@ -427,6 +434,9 @@ func (b *Browser) handleEntry(reg *Registry, entry *zeroconf.ServiceEntry) {
 	if v := txt["version"]; v != "" {
 		metadata["peer_version"] = v
 	}
+	if id := txt["device_id"]; id != "" {
+		metadata["device_id"] = id
+	}
 	if host != "" {
 		metadata["address"] = fmt.Sprintf("%s:%d", host, entry.Port)
 	}
@@ -467,12 +477,19 @@ func buildTXT(peerID string, card *Card, port int) []string {
 	if v == "" {
 		v = "unknown"
 	}
-	return []string{
+	txt := []string{
 		"peer_id=" + peerID,
 		"agent_card_url=" + cardURL,
 		"version=" + v,
 		"protocol=" + CurrentProtocolVersion,
 	}
+	// device_id is this install's certificate fingerprint (Tier-2). Peers
+	// pin it during the mTLS handshake; its presence also signals an
+	// https peer surface. Omitted only if cert generation failed.
+	if id := DeviceID(); id != "" {
+		txt = append(txt, "device_id="+id)
+	}
+	return txt
 }
 
 // parseTXT decodes the TXT record body back into a map. Tolerant
diff --git a/internal/daemon/daemon.go b/internal/daemon/daemon.go
index 53c9c39..59222be 100644
--- a/internal/daemon/daemon.go
+++ b/internal/daemon/daemon.go
@@ -140,28 +140,27 @@ func SetLanExposure(on bool) error {
 // boundary and local consumers (codex / claude-code / gemini) reach
 // /mcp over 127.0.0.1 without a token.
 //
-// LAN-exposed: bind all interfaces with --allow-lan + a token file.
-// Security invariant — a non-loopback bind is NEVER --no-auth, so
-// code-executing endpoints stay bearer-gated and only the read-only
-// circle endpoints are reachable by peers (which present the circle
-// key). The first --allow-lan run also installs the platform firewall
-// rules via serve's auto-firewall hook.
-func daemonServeArgs(port int, lanExposed bool) []string {
-	if lanExposed {
-		return []string{
-			"serve",
-			"--listen", fmt.Sprintf("0.0.0.0:%d", port),
-			"--allow-lan",
-			"--token-file", TokenPath(),
-			"--mcp-http",
-		}
-	}
-	return []string{
+// The main listener ALWAYS stays loopback + no-auth — the local MCP
+// surface (claude / codex over 127.0.0.1) is never exposed beyond the
+// machine. LAN exposure (Tier-2) instead starts a SEPARATE mTLS peer
+// listener on peerPort via --peer-listen: cross-device peers authenticate
+// by certificate fingerprint over that surface, and code-executing
+// endpoints stay off it entirely. The first --allow-lan run also installs
+// the platform firewall rules via serve's auto-firewall hook.
+func daemonServeArgs(port, peerPort int, lanExposed bool) []string {
+	args := []string{
 		"serve",
 		"--listen", fmt.Sprintf("127.0.0.1:%d", port),
 		"--no-auth",
 		"--mcp-http",
 	}
+	if lanExposed && peerPort > 0 {
+		args = append(args,
+			"--peer-listen", fmt.Sprintf("0.0.0.0:%d", peerPort),
+			"--allow-lan",
+		)
+	}
+	return args
 }
 
 // configDir delegates to the central xdg package so every callsite
@@ -422,17 +421,16 @@ func EnsureFrom(ctx context.Context, exePath string) (*State, error) {
 	}
 
 	lanExposed := LanExposureEnabled()
+	peerPort := 0
 	if lanExposed {
-		// A non-loopback bind enforces a bearer token, so make sure one
-		// exists before serve starts (idempotent — leaves an existing
-		// token untouched).
-		if _, statErr := os.Stat(TokenPath()); statErr != nil {
-			gen := exec.Command(self, "serve", "init-token", TokenPath())
-			gen.Stdout, gen.Stderr = logFile, logFile
-			_ = gen.Run()
+		// The cross-device mTLS surface binds its own port, distinct from
+		// the loopback MCP port. Best-effort: if we can't grab one, the
+		// peer listener simply doesn't start (local gateway unaffected).
+		if pp, perr := pickFreePort(); perr == nil {
+			peerPort = pp
 		}
 	}
-	cmd := exec.Command(self, daemonServeArgs(port, lanExposed)...)
+	cmd := exec.Command(self, daemonServeArgs(port, peerPort, lanExposed)...)
 	cmd.Stdout = logFile
 	cmd.Stderr = logFile
 	cmd.Stdin = nil
diff --git a/internal/daemon/lan_test.go b/internal/daemon/lan_test.go
index 073bb3f..7bf14a8 100644
--- a/internal/daemon/lan_test.go
+++ b/internal/daemon/lan_test.go
@@ -6,39 +6,51 @@ import (
 	"testing"
 )
 
-// The managed daemon's bind/auth posture is a security invariant: the
-// loopback default is no-auth (machine is the trust boundary), and a
-// LAN-exposed bind MUST carry a token and MUST NOT be --no-auth, so
-// code-executing endpoints stay bearer-gated against the network.
+// argValue returns the token immediately following flag, or "".
+func argValue(args []string, flag string) string {
+	i := slices.Index(args, flag)
+	if i < 0 || i+1 >= len(args) {
+		return ""
+	}
+	return args[i+1]
+}
+
+// The managed daemon's bind posture is a security invariant: the main MCP
+// listener is ALWAYS loopback + no-auth (the machine is the trust boundary
+// and the local surface is never exposed). LAN exposure (Tier-2) adds a
+// SEPARATE mTLS peer listener on 0.0.0.0 — peers authenticate by cert
+// fingerprint there, and the loopback socket is never bound to 0.0.0.0.
 func TestDaemonServeArgs_SecurityInvariants(t *testing.T) {
-	loop := daemonServeArgs(8765, false)
-	if !slices.Contains(loop, "127.0.0.1:8765") {
+	loop := daemonServeArgs(8765, 0, false)
+	if argValue(loop, "--listen") != "127.0.0.1:8765" {
 		t.Errorf("loopback default must bind 127.0.0.1; got %v", loop)
 	}
 	if !slices.Contains(loop, "--no-auth") {
 		t.Errorf("loopback default is no-auth; got %v", loop)
 	}
-	if slices.Contains(loop, "--allow-lan") {
-		t.Errorf("loopback default must NOT pass --allow-lan; got %v", loop)
+	if slices.Contains(loop, "--allow-lan") || slices.Contains(loop, "--peer-listen") {
+		t.Errorf("loopback default must NOT expose a peer surface; got %v", loop)
 	}
 
-	lan := daemonServeArgs(8765, true)
-	if !slices.Contains(lan, "0.0.0.0:8765") {
-		t.Errorf("LAN bind must listen on all interfaces; got %v", lan)
+	lan := daemonServeArgs(8765, 9000, true)
+	// SECURITY: the main listener stays loopback even when LAN-exposed —
+	// the no-auth MCP surface must never bind beyond 127.0.0.1.
+	if argValue(lan, "--listen") != "127.0.0.1:8765" {
+		t.Fatalf("SECURITY: main listener must stay loopback; got %v", lan)
 	}
-	if !slices.Contains(lan, "--allow-lan") {
-		t.Errorf("LAN bind must pass --allow-lan; got %v", lan)
+	if !slices.Contains(lan, "--no-auth") {
+		t.Errorf("main listener stays no-auth on loopback; got %v", lan)
 	}
-	if slices.Contains(lan, "--no-auth") {
-		t.Fatalf("SECURITY: a LAN bind must never be --no-auth; got %v", lan)
+	// The LAN surface is the separate mTLS peer listener on 0.0.0.0.
+	if argValue(lan, "--peer-listen") != "0.0.0.0:9000" {
+		t.Errorf("LAN exposure must add a peer listener on 0.0.0.0; got %v", lan)
 	}
-	if !slices.Contains(lan, "--token-file") {
-		t.Fatalf("SECURITY: a LAN bind must enforce a token; got %v", lan)
+	if !slices.Contains(lan, "--allow-lan") {
+		t.Errorf("peer listener must pass --allow-lan; got %v", lan)
 	}
-	// The token path must be the next arg after --token-file and look real.
-	i := slices.Index(lan, "--token-file")
-	if i+1 >= len(lan) || !strings.Contains(lan[i+1], "listener-token") {
-		t.Errorf("--token-file must point at the listener token; got %v", lan)
+	// Defence in depth: 0.0.0.0 must NEVER be the --listen target.
+	if strings.HasPrefix(argValue(lan, "--listen"), "0.0.0.0") {
+		t.Fatalf("SECURITY: loopback surface bound to 0.0.0.0; got %v", lan)
 	}
 }
 
diff --git a/internal/server/http.go b/internal/server/http.go
index d947d26..5d13a3f 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -285,8 +285,11 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// backend is a no-op. Non-fatal on every failure path —
 	// daemon boot proceeds in degraded (loopback-only mDNS) mode
 	// if the user declines the UAC prompt.
-	if opts.AllowLAN && !opts.SkipFirewallSetup && !IsLoopbackAddress(opts.Listen) {
-		maybeSetupFirewall(os.Stderr, portFromListen(opts.Listen))
+	// The LAN-facing surface is the peer mTLS listener now (the main
+	// listener stays loopback), so the firewall rule must open the peer
+	// port, not the loopback one.
+	if opts.AllowLAN && !opts.SkipFirewallSetup && opts.PeerListen != "" && !IsLoopbackAddress(opts.PeerListen) {
+		maybeSetupFirewall(os.Stderr, portFromListen(opts.PeerListen))
 	}
 
 	// Auto-networking setup. Sibling of the firewall hook —
@@ -294,7 +297,7 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// networkingMode=mirrored so LAN peer discovery actually
 	// reaches the host's network. Default-on; suppressed by
 	// --no-networking-setup. Non-fatal on every failure path.
-	if opts.AllowLAN && !opts.SkipNetworkingSetup && !IsLoopbackAddress(opts.Listen) {
+	if opts.AllowLAN && !opts.SkipNetworkingSetup && opts.PeerListen != "" && !IsLoopbackAddress(opts.PeerListen) {
 		maybeSetupNetworking(os.Stderr, defaultPromptStdin())
 	}
 
@@ -306,14 +309,22 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// down. We register the announcer's peer_id with the browser
 	// so the daemon doesn't list its own announcement back into
 	// the registry.
+	// Discovery advertises the surface peers actually dial. With a Tier-2
+	// peer listener that's the mTLS port over https; otherwise the legacy
+	// http listener port.
 	mdnsPort := portFromListen(opts.Listen)
+	mdnsScheme := "http"
+	if pp := portFromListen(opts.PeerListen); pp > 0 {
+		mdnsPort = pp
+		mdnsScheme = "https"
+	}
 	var (
 		announcer *a2a.Announcer
 		browser   *a2a.Browser
 	)
 	if mdnsPort > 0 {
 		card := a2a.NewCard(a2a.CardOptions{
-			URL: fmt.Sprintf("http://%%h:%d/.well-known/agent-card.json", mdnsPort),
+			URL: fmt.Sprintf("%s://%%h:%d/.well-known/agent-card.json", mdnsScheme, mdnsPort),
 		})
 		ann, aerr := a2a.StartAnnounce(ctx, &card, mdnsPort)
 		if aerr != nil {

From fbf2bfb00e1aadc4f12518c8a309a76a48f68b56 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:33:50 +0300
Subject: [PATCH 36/86] feat(a2a): mutual pairing trust + matching confirmation
 code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 5 of the Tier-2 rewrite. Pairing is now bidirectional and shows the
same code on both screens:

- PairingStore.Trust approves a fingerprint directly (no pending step) — the
  initiator's "Pair <device>" click is their consent, so the target's cert is
  trusted up front. The target's operator still approves the initiator via
  the usual prompt (symmetric consent).
- sendPairRequest trusts the target's pinned fingerprint and passes the
  pairing code from the peer's 403 back to the caller, so the initiating
  device displays the SAME code the receiver is showing — the operators
  compare them before approving.
---
 internal/a2a/pairing.go          | 43 ++++++++++++++++++++++++++++++++
 internal/a2a/pairing_test.go     | 30 ++++++++++++++++++++++
 internal/server/peers_handler.go | 27 +++++++++++++++++---
 3 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/internal/a2a/pairing.go b/internal/a2a/pairing.go
index c189866..625bc1b 100644
--- a/internal/a2a/pairing.go
+++ b/internal/a2a/pairing.go
@@ -171,6 +171,49 @@ func (s *PairingStore) Observe(fingerprint, displayName, address string) (*Pairi
 	return cloneReq(req), false, nil
 }
 
+// Trust records a fingerprint as approved directly, without a pending
+// step — used on the INITIATING side of a pair: clicking "Pair <device>"
+// is the operator's explicit consent to trust that device, so its
+// certificate is approved up front. The receiving side still goes through
+// its own approve prompt (the symmetric consent). Upserts: refreshes the
+// advisory label/address on an existing record and flips it to approved.
+func (s *PairingStore) Trust(fingerprint, displayName, address string) (*PairingRequest, error) {
+	if fingerprint == "" {
+		return nil, errors.New("empty fingerprint")
+	}
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if r, ok := s.requests[fingerprint]; ok {
+		if displayName != "" {
+			r.DisplayName = displayName
+		}
+		if address != "" {
+			r.Address = address
+		}
+		r.State = PairingApproved
+		r.DecidedAt = time.Now().UTC()
+		if err := s.persist(); err != nil {
+			return nil, err
+		}
+		return cloneReq(r), nil
+	}
+	req := &PairingRequest{
+		Fingerprint: fingerprint,
+		DisplayName: displayName,
+		Address:     address,
+		Code:        newPairingCode(),
+		State:       PairingApproved,
+		FirstSeen:   time.Now().UTC(),
+		DecidedAt:   time.Now().UTC(),
+	}
+	s.requests[fingerprint] = req
+	if err := s.persist(); err != nil {
+		return nil, err
+	}
+	return cloneReq(req), nil
+}
+
 // IsApproved reports whether the fingerprint has been approved. Cheap
 // read for the inbound relay gate.
 func (s *PairingStore) IsApproved(fingerprint string) bool {
diff --git a/internal/a2a/pairing_test.go b/internal/a2a/pairing_test.go
index 0fd7b0d..06299a8 100644
--- a/internal/a2a/pairing_test.go
+++ b/internal/a2a/pairing_test.go
@@ -145,3 +145,33 @@ func TestList_NewestFirst(t *testing.T) {
 		t.Errorf("List not newest-first: %+v", list)
 	}
 }
+
+func TestTrust_DirectlyApprovesAndUpserts(t *testing.T) {
+	s := newTestStore(t)
+
+	// First contact via Trust → approved straight away (initiator consent).
+	r, err := s.Trust("fp-peer", "macbook", "192.168.1.9:60111")
+	if err != nil {
+		t.Fatalf("Trust: %v", err)
+	}
+	if r.State != PairingApproved {
+		t.Errorf("Trust state = %q, want approved", r.State)
+	}
+	if !s.IsApproved("fp-peer") {
+		t.Error("fingerprint not approved after Trust")
+	}
+
+	// Trust on an existing PENDING record flips it to approved (upsert).
+	if _, _, err := s.Observe("fp-pending", "win-pc", "192.168.1.20:60111"); err != nil {
+		t.Fatalf("Observe: %v", err)
+	}
+	if s.IsApproved("fp-pending") {
+		t.Fatal("pending peer should not be approved yet")
+	}
+	if _, err := s.Trust("fp-pending", "win-pc", ""); err != nil {
+		t.Fatalf("Trust upsert: %v", err)
+	}
+	if !s.IsApproved("fp-pending") {
+		t.Error("Trust did not flip pending → approved")
+	}
+}
diff --git a/internal/server/peers_handler.go b/internal/server/peers_handler.go
index f9aa2dd..2c2cf8f 100644
--- a/internal/server/peers_handler.go
+++ b/internal/server/peers_handler.go
@@ -445,12 +445,33 @@ func sendPairRequest(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 		return
 	}
 	defer resp.Body.Close()
+
+	// Mutual trust: clicking "Pair" is this operator's consent to trust the
+	// target, so we approve its fingerprint here. The target's own operator
+	// still approves us on their screen (the symmetric gesture). Trust the
+	// fingerprint the mTLS client pinned to — empty only for a pre-Tier-2
+	// peer that advertised no device_id.
+	if fp := peerExpectedFingerprint(peer); fp != "" {
+		_, _ = a2a.GlobalPairingStore().Trust(fp, peer.DisplayName, peer.Metadata["address"])
+	}
+
 	// 403 pairing_required is the EXPECTED first-contact outcome: the mTLS
 	// handshake proved our identity, the peer recorded us as a pending
-	// request, and its operator must approve on screen. A 2xx means the
-	// peer already trusts us (re-pair / already approved).
+	// request, and its operator must approve on screen. Its response carries
+	// the pairing code — pass it back so this device shows the SAME code the
+	// peer is displaying, for the operators to compare. A 2xx means the peer
+	// already trusts us (re-pair / already approved).
 	if resp.StatusCode == http.StatusForbidden {
-		writeJSON(w, http.StatusOK, map[string]any{"ok": true, "sent": true, "pending": true, "peer_id": peerID})
+		out := map[string]any{"ok": true, "sent": true, "pending": true, "peer_id": peerID}
+		var peerResp map[string]any
+		if b, rerr := io.ReadAll(io.LimitReader(resp.Body, 1<<16)); rerr == nil {
+			if json.Unmarshal(b, &peerResp) == nil {
+				if code, ok := peerResp["code"].(string); ok && code != "" {
+					out["code"] = code
+				}
+			}
+		}
+		writeJSON(w, http.StatusOK, out)
 		return
 	}
 	writeJSON(w, http.StatusOK, map[string]any{"ok": true, "sent": true, "peer_id": peerID, "peer_status": resp.StatusCode})

From 3d3605592adc8d94c0ec2f29c0319f6671f1bfea Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:36:37 +0300
Subject: [PATCH 37/86] feat(desktop): drop circle-key UI, surface the
 auto-pairing code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Phase 6 of the Tier-2 rewrite. The Network "This device" pane no longer has a
pairing key to generate/copy/enter — pairing is automatic now. It keeps the
Discoverable toggle and explains that pairing prompts with a short code to
confirm. The Pair action shows the matching code returned by the daemon
("Pairing X — code 4821. Approve on that device.") so it lines up with the
code the receiver's approve prompt already displays. Removed the now-dead
circle-key state/helpers; dev stubs updated to exercise the code flow.
---
 desktop/apps/app-ui/src/dev-stubs.ts      |   5 +-
 desktop/apps/app-ui/src/views/Network.tsx | 136 ++++------------------
 2 files changed, 23 insertions(+), 118 deletions(-)

diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index f75cc01..ff97981 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -76,10 +76,11 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     BridgeAdd: () => J({ ok: true }),
     LocalCard: () =>
       J({ name: "clawtool@mac-studio", version: "1.0", url: "http://mac-studio.local:52828", skills: [{ id: "bash", name: "Bash" }, { id: "read", name: "Read" }, { id: "edit", name: "Edit" }, { id: "dispatch", name: "Agent dispatch" }] }),
-    PairList: () => J([]),
+    PairList: () =>
+      J([{ fingerprint: "Z23WTLH3BQBYPUGRCUMYNC2SQFVPVOLGYXJK2LCHTZZ27UA2AQBA", display_name: "win-pc", address: "192.168.1.42:60111", code: "4821", state: "pending" }]),
     PairApprove: () => J({ ok: true }),
     PairDeny: () => J({ ok: true }),
-    PairRequest: () => J({ ok: true, sent: true }),
+    PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
     RunDoctor: () => J({ ok: true, output: "clawtool doctor — 0.22.171\n\n[binary]    ✓ clawtool on PATH\n[daemon]    ✓ running on 127.0.0.1:64205\n[agents]    ✓ claude, codex callable\n[bridges]   ⚠ gemini bridge missing\n\n1 warning, 0 errors" }),
     Quit: () => {},
   };
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 8e71be4..38f2dca 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -1,15 +1,11 @@
 import { useEffect, useState } from "react";
 import { AgentIcon, Badge, Button, EmptyRow, List, SectionHeader, SidePane, Switch } from "@clawtool/design-system";
 import type { BadgeTone } from "@clawtool/design-system";
-import { ChevronDown, ChevronRight, Lock } from "lucide-react";
+import { ChevronDown, ChevronRight } from "lucide-react";
 import { App, type Agent, type Brand, type Peer } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
 
-function maskKey(k: string): string {
-  return k && k.length > 14 ? `${k.slice(0, 8)}…${k.slice(-4)}` : k;
-}
-
 function statusChip(a: Agent): { label: string; tone: BadgeTone } {
   switch (a.status) {
     case "callable":
@@ -32,25 +28,11 @@ function metaFor(a: Agent): string {
 
 type AgentState = "loading" | "none" | Agent[];
 
-async function copyText(text: string): Promise<boolean> {
-  try {
-    await navigator.clipboard.writeText(text);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
 export function Network({ brand, active }: { brand: Brand; active: boolean }) {
   const [banner, setBanner] = useState("");
   const [peers, setPeers] = useState<Peer[]>([]);
-  const [hasKey, setHasKey] = useState(false);
-  const [key, setKey] = useState("");
   const [lan, setLan] = useState(false);
   const [lanBusy, setLanBusy] = useState(false);
-  const [joinOpen, setJoinOpen] = useState(false);
-  const [joinKey, setJoinKey] = useState("");
-  const [joinErr, setJoinErr] = useState("");
   const [toast, setToast] = useState("");
   const [pairing, setPairing] = useState("");
   const [filter, setFilter] = useState("");
@@ -68,56 +50,33 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     setBanner("");
     setPeers(snap.peers?.peers ?? []);
   }
-  async function loadCircle() {
-    const c = await App.circleStatus();
-    setHasKey(c.ok === true && c.has_key === true);
-    setKey(c.key ?? "");
+  async function loadLan() {
     const l = await App.lanStatus();
     setLan(l.ok === true && l.enabled === true);
   }
 
   useEffect(() => {
     if (!active) return;
-    loadCircle();
+    loadLan();
     loadNetwork();
     const t = setInterval(loadNetwork, 5000);
     return () => clearInterval(t);
   }, [active]);
 
-  async function generate() {
-    const r = await App.circleGenerate();
-    await loadCircle();
-    const k = typeof r.key === "string" ? r.key : "";
-    if (r.ok && k) {
-      const ok = await copyText(k);
-      setToast(ok ? "Circle key generated and copied" : "Circle key generated");
-    }
-  }
-  async function copyKey() {
-    setToast((await copyText(key)) ? "Copied to clipboard" : "Couldn't copy");
-  }
-  async function join() {
-    setJoinErr("");
-    const k = joinKey.trim();
-    if (!k) return;
-    const r = await App.circleSet(k);
-    if (r.ok) {
-      setJoinOpen(false);
-      setJoinKey("");
-      await loadCircle();
-      setToast("Joined the circle");
-    } else {
-      setJoinErr(typeof r.error === "string" ? r.error : "Couldn't set the circle key");
-    }
-  }
   async function sendPair(p: Peer) {
     setPairing(p.peer_id);
     const r = (await App.pairRequest(p.peer_id)) as Record<string, unknown>;
-    if (r.ok && r.sent) setToast(`Pairing request sent to ${p.display_name || p.peer_id}`);
-    else if (r.needs_circle_key) setToast("Generate a pairing key here first");
-    else if (r.not_in_circle) setToast("That device isn't in your circle — share the same pairing key");
-    else setToast(typeof r.error === "string" ? r.error : "Couldn't send the request");
+    const name = p.display_name || p.peer_id;
+    if (r.ok && r.sent) {
+      const code = typeof r.code === "string" ? r.code : "";
+      if (r.pending && code) setToast(`Pairing ${name} — code ${code}. Approve on that device to finish.`);
+      else if (r.pending) setToast(`Pairing request sent to ${name}. Approve on that device to finish.`);
+      else setToast(`Paired with ${name}.`);
+    } else {
+      setToast(typeof r.error === "string" ? r.error : "Couldn't reach that device");
+    }
     setPairing("");
+    loadNetwork();
   }
   async function toggleExpand(p: Peer) {
     const next = new Set(expanded);
@@ -138,7 +97,7 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
   async function toggleLan(next: boolean) {
     setLanBusy(true);
     await (next ? App.lanEnable() : App.lanDisable());
-    await loadCircle();
+    await loadLan();
     setLanBusy(false);
   }
 
@@ -244,72 +203,17 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
           <div style={{ flex: 1 }}>
             <div className={styles.st}>Discoverable on your network</div>
             <div className={styles.sd}>
-              Paired devices on your network can see this machine and its agents. Code execution stays local-only; the
-              first time, your OS may ask to allow it through the firewall.
+              Lets other devices on your network find this machine and request to pair. Code execution stays
+              local-only; the first time, your OS may ask to allow it through the firewall.
             </div>
           </div>
           <Switch checked={lan} busy={lanBusy} onChange={toggleLan} />
         </div>
 
-        <div className={`${styles.field} ${lan ? "" : styles.locked}`}>
-          {lan ? null : (
-            <div className={styles.lockNote}>
-              <Lock size={14} />
-              Turn on discoverability to set a pairing key
-            </div>
-          )}
-          <div className={lan ? undefined : styles.lockedInner} aria-hidden={!lan}>
-            <div className={styles.fieldHead}>
-              <div className={styles.st}>Pairing key</div>
-              <Badge tone={hasKey ? "success" : "neutral"}>{hasKey ? "Active" : "Not set"}</Badge>
-            </div>
-            <div className={styles.sd}>
-              Devices that share this key form one trusted network. Generate it on one device, then enter it on the
-              others.
-            </div>
-            {hasKey ? (
-              <div className={styles.xrow}>
-                <code className={styles.keybox}>{maskKey(key)}</code>
-                <Button variant="secondary" onClick={copyKey}>
-                  Copy
-                </Button>
-                <Button variant="ghost" onClick={() => App.circleClear().then(loadCircle)}>
-                  Remove
-                </Button>
-              </div>
-            ) : joinOpen ? (
-              <div style={{ marginTop: 12 }}>
-                <input
-                  className={styles.input}
-                  placeholder="Paste the pairing key from another device"
-                  value={joinKey}
-                  autoFocus
-                  onChange={(e) => setJoinKey(e.target.value)}
-                  onKeyDown={(e) => {
-                    if (e.key === "Enter") join();
-                    if (e.key === "Escape") setJoinOpen(false);
-                  }}
-                />
-                {joinErr ? <div className={styles.err}>{joinErr}</div> : null}
-                <div style={{ display: "flex", gap: 12, marginTop: 10 }}>
-                  <Button variant="primary" onClick={join} disabled={!joinKey.trim()}>
-                    Join
-                  </Button>
-                  <Button variant="ghost" onClick={() => setJoinOpen(false)}>
-                    Cancel
-                  </Button>
-                </div>
-              </div>
-            ) : (
-              <div className={styles.xrow}>
-                <Button variant="primary" onClick={generate}>
-                  Generate pairing key
-                </Button>
-                <Button variant="ghost" onClick={() => setJoinOpen(true)}>
-                  Enter a key…
-                </Button>
-              </div>
-            )}
+        <div className={styles.field}>
+          <div className={styles.sd}>
+            Pairing is automatic — when another device requests to pair, you'll see a prompt with a short code to
+            confirm. No keys to copy.
           </div>
         </div>
       </SidePane>

From 76b37f264dea424735dca224299913b3a909df40 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:44:45 +0300
Subject: [PATCH 38/86] refactor: retire the circle key now that pairing is
 cert-based (Tier-2 Phase 7)

The shared circle-key model is fully replaced by per-device certificate
trust, so remove the dead surface:
- internal/a2a/circlekey.go + its tests (deleted)
- `clawtool a2a circle-key` subcommand
- the circle-key branch in the peer auth gate; circleOrBearer renamed
  peerOrBearer (now purely fingerprint-or-bearer), comments updated
- installer Circle{Status,Generate,Set,Clear} bindings + circleKeyRE
- bridge circle* methods + CircleStatus type; Home's cross-device metric
  now reflects LAN discoverability; PeerAgentsResult uses pairing_required
Obsolete circle-key middleware tests dropped; circle_test.go renamed
peer_proxy_test.go. No shared secret remains anywhere in the trust path.
---
 cmd/clawtool-installer/app.go                 |  95 +--------------
 desktop/apps/app-ui/src/dev-stubs.ts          |   4 -
 desktop/apps/app-ui/src/views/Home.tsx        |   4 +-
 desktop/packages/bridge/src/app.ts            |   7 +-
 desktop/packages/bridge/src/types.ts          |   4 +-
 internal/a2a/circlekey.go                     |  95 ---------------
 internal/a2a/circlekey_test.go                | 111 ------------------
 internal/cli/a2a.go                           |  76 ------------
 internal/server/http.go                       |  61 ++++------
 internal/server/peer_auth_test.go             |   8 +-
 .../{circle_test.go => peer_proxy_test.go}    |  82 ++-----------
 11 files changed, 40 insertions(+), 507 deletions(-)
 delete mode 100644 internal/a2a/circlekey.go
 delete mode 100644 internal/a2a/circlekey_test.go
 rename internal/server/{circle_test.go => peer_proxy_test.go} (56%)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index a5cd26c..45f63a9 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -12,7 +12,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"regexp"
 	"runtime"
 	"strings"
 	"sync"
@@ -529,10 +528,6 @@ func (a *App) EnsureGateway() string {
 	return `{"ok":true}`
 }
 
-// circleKeyRE matches a clawtool circle key (hex secret) so we can tell
-// the key line apart from the CLI's "no circle key set …" notice.
-var circleKeyRE = regexp.MustCompile(`^[0-9a-fA-F]{32,}$`)
-
 // firstLine returns the first trimmed line of command output.
 func firstLine(b []byte) string {
 	s := strings.TrimSpace(string(b))
@@ -542,96 +537,8 @@ func firstLine(b []byte) string {
 	return s
 }
 
-// CircleStatus reports whether this device has joined a cross-device
-// "circle" — a shared key that lets paired devices list each other's
-// agents over the LAN. Returns the key so the UI can show + copy it.
-// Runs `clawtool a2a circle-key show` (the installer is a separate
-// module and drives clawtool through its CLI, never importing internals).
-func (a *App) CircleStatus() string {
-	bin, err := locateClawtool()
-	if err != nil {
-		return jsonErr(err.Error())
-	}
-	cmd := exec.Command(bin, "a2a", "circle-key", "show")
-	hideConsole(cmd)
-	out, _ := cmd.CombinedOutput() // "no key" exits non-zero; that's fine
-	key := firstLine(out)
-	if !circleKeyRE.MatchString(key) {
-		key = ""
-	}
-	b, _ := json.Marshal(struct {
-		OK     bool   `json:"ok"`
-		HasKey bool   `json:"has_key"`
-		Key    string `json:"key,omitempty"`
-	}{OK: true, HasKey: key != "", Key: key})
-	return string(b)
-}
-
-// CircleGenerate creates a fresh circle key (saved on this device) and
-// returns it so the UI can show it for copying to the other devices.
-func (a *App) CircleGenerate() string {
-	bin, err := locateClawtool()
-	if err != nil {
-		return jsonErr(err.Error())
-	}
-	cmd := exec.Command(bin, "a2a", "circle-key", "generate")
-	hideConsole(cmd)
-	out, err := cmd.Output()
-	if err != nil {
-		return jsonErr("could not generate a circle key")
-	}
-	key := firstLine(out)
-	if !circleKeyRE.MatchString(key) {
-		return jsonErr("unexpected circle-key output")
-	}
-	b, _ := json.Marshal(struct {
-		OK  bool   `json:"ok"`
-		Key string `json:"key"`
-	}{OK: true, Key: key})
-	return string(b)
-}
-
-// CircleSet joins an existing circle by saving the key generated on
-// another device. The daemon reads the key per request, so it takes
-// effect immediately — no restart.
-func (a *App) CircleSet(key string) string {
-	key = strings.TrimSpace(key)
-	if key == "" {
-		return jsonErr("enter the circle key from your other device")
-	}
-	bin, err := locateClawtool()
-	if err != nil {
-		return jsonErr(err.Error())
-	}
-	cmd := exec.Command(bin, "a2a", "circle-key", "set", key)
-	hideConsole(cmd)
-	if out, err := cmd.CombinedOutput(); err != nil {
-		msg := firstLine(out)
-		if msg == "" {
-			msg = "could not set the circle key"
-		}
-		return jsonErr(msg)
-	}
-	return `{"ok":true}`
-}
-
-// CircleClear leaves the circle (clears the key), disabling cross-device
-// agent enumeration on this device.
-func (a *App) CircleClear() string {
-	bin, err := locateClawtool()
-	if err != nil {
-		return jsonErr(err.Error())
-	}
-	cmd := exec.Command(bin, "a2a", "circle-key", "clear")
-	hideConsole(cmd)
-	if err := cmd.Run(); err != nil {
-		return jsonErr("could not leave the circle")
-	}
-	return `{"ok":true}`
-}
-
 // LanStatus reports whether the daemon is LAN-exposed (reachable by
-// circle peers) or loopback-only. Reads `clawtool daemon lan status`.
+// paired peers) or loopback-only. Reads `clawtool daemon lan status`.
 func (a *App) LanStatus() string {
 	bin, err := locateClawtool()
 	if err != nil {
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index ff97981..7bee893 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -42,10 +42,6 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     EnsureGateway: () => J({ ok: true }),
     NetworkSnapshot: () => J({ ok: true, agents: { count: agents.length, agents }, peers: { count: peers.length, peers } }),
     PeerAgents: (...a: unknown[]) => J({ agents: peerAgents[String(a[0])] ?? [] }),
-    CircleStatus: () => J({ ok: true, has_key: true, key: "64f5612e49ce302b3d9f0ffcec383fa5760801d854434c39fec789c121bf5a77" }),
-    CircleGenerate: () => J({ ok: true, key: "ab".repeat(32) }),
-    CircleSet: () => J({ ok: true }),
-    CircleClear: () => J({ ok: true }),
     LanStatus: () => J({ ok: true, enabled: true }),
     LanEnable: () => J({ ok: true }),
     LanDisable: () => J({ ok: true }),
diff --git a/desktop/apps/app-ui/src/views/Home.tsx b/desktop/apps/app-ui/src/views/Home.tsx
index ff5041a..ee91290 100644
--- a/desktop/apps/app-ui/src/views/Home.tsx
+++ b/desktop/apps/app-ui/src/views/Home.tsx
@@ -19,8 +19,8 @@ export function Home({ brand, active, onNavigate }: { brand: Brand; active: bool
     }
     setAgents(snap.agents?.count ?? snap.agents?.agents?.length ?? 0);
     setPeers(snap.peers?.count ?? snap.peers?.peers?.length ?? 0);
-    const c = await App.circleStatus();
-    setXd(c.ok === true && c.has_key === true);
+    const l = await App.lanStatus();
+    setXd(l.ok === true && l.enabled === true);
   }
 
   useEffect(() => {
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index d163a05..340bbf4 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -6,7 +6,6 @@ import { callJSON, callRaw } from "./wails";
 import type {
   AgentCard,
   Brand,
-  CircleStatus,
   LanStatus,
   Mode,
   NetworkSnapshot,
@@ -61,11 +60,7 @@ export const App = {
   pairDeny: (selector: string) => callJSON<Result>("PairDeny", OK_FALSE, selector),
   pairRequest: (peerID: string) => callJSON<Result>("PairRequest", OK_FALSE, peerID),
 
-  // cross-device (circle key + LAN)
-  circleStatus: () => callJSON<CircleStatus>("CircleStatus", { ok: false }),
-  circleGenerate: () => callJSON<Result>("CircleGenerate", OK_FALSE),
-  circleSet: (key: string) => callJSON<Result>("CircleSet", OK_FALSE, key),
-  circleClear: () => callJSON<Result>("CircleClear", OK_FALSE),
+  // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
   lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),
   lanDisable: () => callJSON<Result>("LanDisable", OK_FALSE),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index e6e6b2c..05166d4 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -39,8 +39,7 @@ export type NetworkSnapshot =
 
 export type PeerAgentsResult =
   | { agents: Agent[] }
-  | { needs_circle_key: true }
-  | { not_in_circle: true }
+  | { pairing_required: true }
   | { ok: false; error?: string };
 
 export type UpdateInfo = {
@@ -76,7 +75,6 @@ export type PairingRequest = {
 };
 
 export type Result = { ok: boolean; error?: string; [k: string]: unknown };
-export type CircleStatus = { ok: boolean; has_key?: boolean; key?: string };
 export type LanStatus = { ok: boolean; enabled?: boolean };
 
 // Wails runtime events emitted by the Go side.
diff --git a/internal/a2a/circlekey.go b/internal/a2a/circlekey.go
deleted file mode 100644
index e0b652f..0000000
--- a/internal/a2a/circlekey.go
+++ /dev/null
@@ -1,95 +0,0 @@
-// Package a2a — circle key (ADR-024 cross-device trust).
-//
-// A "circle" is the set of a user's own machines that should see each
-// other's agents. The circle key is a pre-shared secret the user sets
-// once on every device they own (think Tailscale auth key / Syncthing
-// shared folder). Possessing it authorizes the READ-ONLY cross-device
-// peer endpoints — listing a remote peer's agents — and nothing else:
-// it never unlocks /v1/send_message or /mcp, which execute code and
-// stay strictly bearer-token gated.
-//
-// Trust model rationale: mDNS discovery is LAN-public (any device can
-// see that a clawtool exists and read its capability card), but the
-// agent inventory is not broadcast — a peer must prove circle
-// membership to enumerate it. No key configured ⇒ cross-device agent
-// enumeration is simply disabled, so nothing leaks by default.
-package a2a
-
-import (
-	"crypto/rand"
-	"crypto/subtle"
-	"encoding/hex"
-	"errors"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/cogitave/clawtool/internal/atomicfile"
-	"github.com/cogitave/clawtool/internal/xdg"
-)
-
-// CircleKeyHeader is the HTTP header a peer presents to prove circle
-// membership when fetching another peer's read-only endpoints.
-const CircleKeyHeader = "X-Clawtool-Circle"
-
-// CircleKeyPath is where the shared secret lives (0600). Same XDG
-// conventions as the daemon's token + state files.
-func CircleKeyPath() string {
-	return filepath.Join(xdg.ConfigDir(), "circle-key")
-}
-
-// LoadCircleKey returns the configured circle key (whitespace-trimmed),
-// or "" with nil error when none is set — callers treat empty as
-// "cross-device enumeration disabled".
-func LoadCircleKey() (string, error) {
-	b, err := os.ReadFile(CircleKeyPath())
-	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			return "", nil
-		}
-		return "", err
-	}
-	return strings.TrimSpace(string(b)), nil
-}
-
-// SaveCircleKey persists key atomically at 0600. A blank key is
-// rejected — use ClearCircleKey to remove membership.
-func SaveCircleKey(key string) error {
-	key = strings.TrimSpace(key)
-	if key == "" {
-		return errors.New("circle key must not be empty (use clear to remove)")
-	}
-	return atomicfile.WriteFileMkdir(CircleKeyPath(), []byte(key+"\n"), 0o600, 0o700)
-}
-
-// ClearCircleKey removes the key file. Missing file is not an error.
-func ClearCircleKey() error {
-	if err := os.Remove(CircleKeyPath()); err != nil && !errors.Is(err, os.ErrNotExist) {
-		return err
-	}
-	return nil
-}
-
-// GenerateCircleKey returns a fresh 32-byte hex secret. It does NOT
-// persist it — the caller decides whether to save locally and/or print
-// it for the operator to copy onto their other devices.
-func GenerateCircleKey() (string, error) {
-	buf := make([]byte, 32)
-	if _, err := rand.Read(buf); err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(buf), nil
-}
-
-// CircleKeyMatches reports whether presented equals expected in
-// constant time. Returns false when expected is empty (no circle
-// configured ⇒ deny) so a missing key can never be matched by an empty
-// header.
-func CircleKeyMatches(expected, presented string) bool {
-	expected = strings.TrimSpace(expected)
-	presented = strings.TrimSpace(presented)
-	if expected == "" || presented == "" {
-		return false
-	}
-	return subtle.ConstantTimeCompare([]byte(expected), []byte(presented)) == 1
-}
diff --git a/internal/a2a/circlekey_test.go b/internal/a2a/circlekey_test.go
deleted file mode 100644
index 985e832..0000000
--- a/internal/a2a/circlekey_test.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package a2a
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-// withTempConfig points XDG_CONFIG_HOME at a temp dir so circle-key
-// reads/writes don't touch the real config.
-func withTempConfig(t *testing.T) {
-	t.Helper()
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-}
-
-func TestCircleKey_SaveLoadRoundTrip(t *testing.T) {
-	withTempConfig(t)
-
-	if got, err := LoadCircleKey(); err != nil || got != "" {
-		t.Fatalf("fresh load = (%q, %v), want empty + nil", got, err)
-	}
-	if err := SaveCircleKey("  secret-123  "); err != nil {
-		t.Fatalf("save: %v", err)
-	}
-	got, err := LoadCircleKey()
-	if err != nil {
-		t.Fatalf("load: %v", err)
-	}
-	if got != "secret-123" {
-		t.Errorf("loaded key = %q, want trimmed secret-123", got)
-	}
-	// File must be 0600 — it's a shared secret.
-	info, err := os.Stat(CircleKeyPath())
-	if err != nil {
-		t.Fatalf("stat: %v", err)
-	}
-	if perm := info.Mode().Perm(); perm != 0o600 {
-		t.Errorf("circle-key mode = %o, want 600", perm)
-	}
-}
-
-func TestCircleKey_RejectsEmptySave(t *testing.T) {
-	withTempConfig(t)
-	if err := SaveCircleKey("   "); err == nil {
-		t.Error("saving a blank key should error")
-	}
-}
-
-func TestCircleKey_Clear(t *testing.T) {
-	withTempConfig(t)
-	if err := SaveCircleKey("k"); err != nil {
-		t.Fatal(err)
-	}
-	if err := ClearCircleKey(); err != nil {
-		t.Fatalf("clear: %v", err)
-	}
-	if got, _ := LoadCircleKey(); got != "" {
-		t.Errorf("after clear, load = %q, want empty", got)
-	}
-	// Clearing again (missing file) is not an error.
-	if err := ClearCircleKey(); err != nil {
-		t.Errorf("clear on missing file should be a no-op, got %v", err)
-	}
-}
-
-func TestGenerateCircleKey_UniqueHex(t *testing.T) {
-	a, err := GenerateCircleKey()
-	if err != nil {
-		t.Fatal(err)
-	}
-	b, err := GenerateCircleKey()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if a == b {
-		t.Error("two generated keys collided")
-	}
-	if len(a) != 64 { // 32 bytes hex-encoded
-		t.Errorf("key length = %d, want 64 hex chars", len(a))
-	}
-}
-
-func TestCircleKeyMatches(t *testing.T) {
-	cases := []struct {
-		name              string
-		expected, present string
-		want              bool
-	}{
-		{"equal", "abc", "abc", true},
-		{"equal with whitespace", "abc", "  abc \n", true},
-		{"mismatch", "abc", "xyz", false},
-		{"empty expected denies", "", "abc", false},
-		{"empty presented denies", "abc", "", false},
-		{"both empty denies", "", "", false},
-	}
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			if got := CircleKeyMatches(c.expected, c.present); got != c.want {
-				t.Errorf("CircleKeyMatches(%q,%q) = %v, want %v", c.expected, c.present, got, c.want)
-			}
-		})
-	}
-}
-
-// Guard the path uses the clawtool config dir, not the bare home.
-func TestCircleKeyPath_UnderConfigDir(t *testing.T) {
-	withTempConfig(t)
-	if base := filepath.Base(CircleKeyPath()); base != "circle-key" {
-		t.Errorf("path base = %q, want circle-key", base)
-	}
-}
diff --git a/internal/cli/a2a.go b/internal/cli/a2a.go
index 8108a02..2c3d62d 100644
--- a/internal/cli/a2a.go
+++ b/internal/cli/a2a.go
@@ -31,14 +31,6 @@ const a2aUsage = `Usage:
                                           runtime family; circle = group name.
                                           --format = table|tsv|json (default
                                           table).
-  clawtool a2a circle-key [show|generate|set <key>|clear]
-                                          Manage the shared cross-device
-                                          "circle" key. Devices sharing the key
-                                          can list each other's agents over the
-                                          LAN; without it, cross-device agent
-                                          enumeration is disabled. generate on
-                                          one device, set the same key on the
-                                          others.
 
 A2A is the Agent2Agent protocol (Linux Foundation / Google). The card
 describes what this agent does (capabilities + skills + auth) — NOT
@@ -61,8 +53,6 @@ func (a *App) runA2A(argv []string) int {
 		return a.runA2ACard(argv[1:])
 	case "peers":
 		return a.runA2APeers(argv[1:])
-	case "circle-key", "circle":
-		return a.runA2ACircleKey(argv[1:])
 	default:
 		fmt.Fprintf(a.Stderr, "clawtool a2a: unknown subcommand %q\n\n%s",
 			argv[0], a2aUsage)
@@ -70,72 +60,6 @@ func (a *App) runA2A(argv []string) int {
 	}
 }
 
-// runA2ACircleKey manages the shared cross-device circle key. Devices
-// that share the key can list each other's agents over the LAN; without
-// it, agent enumeration across devices is disabled (see internal/a2a
-// circlekey.go). No daemon restart is needed — the server reads the key
-// per request.
-func (a *App) runA2ACircleKey(argv []string) int {
-	sub := "show"
-	if len(argv) > 0 {
-		sub = argv[0]
-	}
-	switch sub {
-	case "show":
-		key, err := a2a.LoadCircleKey()
-		if err != nil {
-			fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: %v\n", err)
-			return 1
-		}
-		if key == "" {
-			fmt.Fprintln(a.Stdout, "no circle key set — run `clawtool a2a circle-key generate` on one device, then `set <key>` on the others")
-			return 0
-		}
-		fmt.Fprintln(a.Stdout, key)
-		return 0
-
-	case "generate":
-		key, err := a2a.GenerateCircleKey()
-		if err != nil {
-			fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: generate: %v\n", err)
-			return 1
-		}
-		if err := a2a.SaveCircleKey(key); err != nil {
-			fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: save: %v\n", err)
-			return 1
-		}
-		fmt.Fprintln(a.Stdout, key)
-		fmt.Fprintln(a.Stderr, "✓ circle key generated and saved on this device")
-		fmt.Fprintln(a.Stderr, "  run this on your other devices to join the circle:")
-		fmt.Fprintf(a.Stderr, "    clawtool a2a circle-key set %s\n", key)
-		return 0
-
-	case "set":
-		if len(argv) < 2 || strings.TrimSpace(argv[1]) == "" {
-			fmt.Fprintln(a.Stderr, "usage: clawtool a2a circle-key set <key>")
-			return 2
-		}
-		if err := a2a.SaveCircleKey(argv[1]); err != nil {
-			fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: set: %v\n", err)
-			return 1
-		}
-		fmt.Fprintln(a.Stderr, "✓ joined the circle — this device can now see (and be seen by) peers sharing this key")
-		return 0
-
-	case "clear":
-		if err := a2a.ClearCircleKey(); err != nil {
-			fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: clear: %v\n", err)
-			return 1
-		}
-		fmt.Fprintln(a.Stderr, "✓ left the circle — cross-device agent enumeration disabled on this device")
-		return 0
-
-	default:
-		fmt.Fprintf(a.Stderr, "clawtool a2a circle-key: unknown subcommand %q (show|generate|set|clear)\n", sub)
-		return 2
-	}
-}
-
 func (a *App) runA2ACard(argv []string) int {
 	var nameOverride string
 	for i := 0; i < len(argv); i++ {
diff --git a/internal/server/http.go b/internal/server/http.go
index 5d13a3f..57c0509 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -162,12 +162,12 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	authed := authMiddleware(token, trustLoopback)
 
 	mux.Handle("/v1/health", authed(http.HandlerFunc(handleHealth)))
-	// /v1/agents is read-only and circle-aware: a peer device in the same
-	// circle (valid X-Clawtool-Circle key) may enumerate this node's
-	// agents even without the bearer token. That's what lets a dashboard
-	// on one machine list the agents running on another. Code-executing
-	// endpoints below stay bearer-only.
-	mux.Handle("/v1/agents", circleOrBearer(token, trustLoopback)(http.HandlerFunc(handleAgents)))
+	// /v1/agents is read-only and peer-aware: a paired device (approved
+	// mTLS cert fingerprint) may enumerate this node's agents even without
+	// the bearer token. That's what lets a dashboard on one machine list
+	// the agents running on another. Code-executing endpoints below stay
+	// bearer-only.
+	mux.Handle("/v1/agents", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleAgents)))
 	mux.Handle("/v1/send_message", authed(http.HandlerFunc(handleSendMessage)))
 	mux.Handle("/v1/recipes", authed(http.HandlerFunc(handleRecipes)))
 	mux.Handle("/v1/recipe/apply", authed(http.HandlerFunc(handleRecipeApply)))
@@ -177,13 +177,11 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// Single mux entry routes all subpaths via the trailing slash.
 	mux.Handle("/v1/peers", authed(http.HandlerFunc(handlePeers)))
 	mux.Handle("/v1/peers/", authed(http.HandlerFunc(handlePeers)))
-	// /v1/relay — cross-device message ingress. Circle-aware like
-	// /v1/agents: a paired peer on the same circle POSTs a message
-	// here over the LAN. The handler enforces the operator's
-	// first-contact pairing gate before any delivery (it enqueues
-	// into local agents' inboxes, not code execution — so circle
-	// auth + the pairing approval are the trust boundary).
-	mux.Handle("/v1/relay", circleOrBearer(token, trustLoopback)(http.HandlerFunc(handleRelay)))
+	// /v1/relay — cross-device message ingress. Peer-aware like
+	// /v1/agents: a paired device POSTs a message here over the LAN
+	// (mTLS). Delivery enqueues into local agents' inboxes, not code
+	// execution — the approved-fingerprint gate is the trust boundary.
+	mux.Handle("/v1/relay", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleRelay)))
 	// /v1/biam/subscribe — SSE A2A async-push (ADR-024 Phase 4).
 	// task-scoped, with Last-Event-ID replay against the per-task
 	// ring buffer in internal/agents/biam.Events.
@@ -478,18 +476,17 @@ func authMiddleware(expected string, trustLoopback bool) func(http.Handler) http
 	}
 }
 
-// circleOrBearer authorizes READ-ONLY cross-device endpoints. A request
-// passes if it carries either a valid bearer token (the local daemon's
-// own token, same as authMiddleware) OR a valid circle-key header — the
-// shared secret that proves the caller is one of the user's own devices
-// (see internal/a2a circlekey.go). The circle key is read per request
-// from disk so rotating it via `clawtool a2a circle-key` takes effect
-// without a daemon restart.
+// peerOrBearer authorizes the cross-device endpoints (/v1/agents read,
+// /v1/relay). A request passes if it's a trusted remote device (its mTLS
+// client-cert fingerprint is approved in the PairingStore) OR carries the
+// local daemon's bearer token. An unknown peer fingerprint isn't a flat
+// reject — it's recorded as a pending request (surfacing the approve/deny
+// prompt) and answered with pairing_required.
 //
 // NEVER wrap a code-executing endpoint (send_message, mcp) with this —
-// the circle key is deliberately scoped to read-only agent/peer
-// enumeration. Those stay bearer-only.
-func circleOrBearer(token string, trustLoopback bool) func(http.Handler) http.Handler {
+// the peer surface is deliberately scoped to read-only agent/peer
+// enumeration + relay. Those stay bearer-only.
+func peerOrBearer(token string, trustLoopback bool) func(http.Handler) http.Handler {
 	exp := []byte(token)
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -497,12 +494,8 @@ func circleOrBearer(token string, trustLoopback bool) func(http.Handler) http.Ha
 			// client certificate is a remote device. It is authorized ONLY
 			// if its certificate fingerprint has been approved in the
 			// PairingStore — checked FIRST so this gate holds even when the
-			// loopback daemon runs in no-auth mode. An unknown fingerprint
-			// isn't a flat reject: we record it as a pending request (which
-			// surfaces the approve/deny prompt on this machine) and answer
-			// with pairing_required so the caller knows to wait for approval.
-			// The shared circle key plays no part here — possession of the
-			// private key behind an approved fingerprint is the credential.
+			// loopback daemon runs in no-auth mode. Possession of the private
+			// key behind an approved fingerprint is the credential.
 			if r.TLS != nil {
 				if len(r.TLS.PeerCertificates) == 0 {
 					writeJSON(w, http.StatusForbidden, map[string]any{
@@ -539,7 +532,6 @@ func circleOrBearer(token string, trustLoopback bool) func(http.Handler) http.Ha
 				next.ServeHTTP(w, r)
 				return
 			}
-			// 1. Bearer token.
 			h := r.Header.Get("Authorization")
 			const prefix = "Bearer "
 			if strings.HasPrefix(h, prefix) {
@@ -549,15 +541,8 @@ func circleOrBearer(token string, trustLoopback bool) func(http.Handler) http.Ha
 					return
 				}
 			}
-			// 2. Circle key (a peer device proving same-circle membership).
-			if presented := r.Header.Get(a2a.CircleKeyHeader); presented != "" {
-				if key, _ := a2a.LoadCircleKey(); a2a.CircleKeyMatches(key, presented) {
-					next.ServeHTTP(w, r)
-					return
-				}
-			}
 			writeJSON(w, http.StatusUnauthorized, map[string]any{
-				"error": "invalid token, and no matching " + a2a.CircleKeyHeader + " circle key",
+				"error": "invalid token, and not a paired device",
 			})
 		})
 	}
diff --git a/internal/server/peer_auth_test.go b/internal/server/peer_auth_test.go
index d44654a..35aea5b 100644
--- a/internal/server/peer_auth_test.go
+++ b/internal/server/peer_auth_test.go
@@ -25,7 +25,7 @@ func peerRequest(t *testing.T, cert tls.Certificate) *http.Request {
 	return req
 }
 
-func TestCircleOrBearer_PeerFingerprintTrust(t *testing.T) {
+func TestPeerOrBearer_PeerFingerprintTrust(t *testing.T) {
 	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
 	a2a.ResetDeviceCertCacheForTest()
 	cert, err := a2a.DeviceCertificate()
@@ -43,7 +43,7 @@ func TestCircleOrBearer_PeerFingerprintTrust(t *testing.T) {
 	t.Cleanup(func() { a2a.SetGlobalPairingStore(nil) })
 
 	reached := false
-	h := circleOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+	h := peerOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		reached = true
 		w.WriteHeader(http.StatusOK)
 	}))
@@ -90,8 +90,8 @@ func TestCircleOrBearer_PeerFingerprintTrust(t *testing.T) {
 	}
 }
 
-func TestCircleOrBearer_PeerWithoutClientCertRejected(t *testing.T) {
-	h := circleOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+func TestPeerOrBearer_PeerWithoutClientCertRejected(t *testing.T) {
+	h := peerOrBearer("local-token", true)(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 	req := httptest.NewRequest(http.MethodPost, "/v1/relay", nil)
diff --git a/internal/server/circle_test.go b/internal/server/peer_proxy_test.go
similarity index 56%
rename from internal/server/circle_test.go
rename to internal/server/peer_proxy_test.go
index f87ed0b..24940ca 100644
--- a/internal/server/circle_test.go
+++ b/internal/server/peer_proxy_test.go
@@ -11,19 +11,19 @@ import (
 	"github.com/cogitave/clawtool/internal/a2a"
 )
 
-// circleMux mounts a single circle-aware /v1/agents endpoint with the
+// peerMux mounts a single peer-aware /v1/agents endpoint with the
 // given bearer token, mirroring the production wiring.
-func circleMux(token string) *http.ServeMux {
+func peerMux(token string) *http.ServeMux {
 	mux := http.NewServeMux()
-	mux.Handle("/v1/agents", circleOrBearer(token, false)(http.HandlerFunc(handleAgents)))
+	mux.Handle("/v1/agents", peerOrBearer(token, false)(http.HandlerFunc(handleAgents)))
 	return mux
 }
 
-// TestCircleOrBearer_BearerStillWorks: a valid bearer token passes, as
-// before.
-func TestCircleOrBearer_BearerStillWorks(t *testing.T) {
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir()) // no circle key configured
-	srv := httptest.NewServer(circleMux("real-token"))
+// TestPeerOrBearer_BearerStillWorks: a valid bearer token passes (the
+// local-daemon credential path), independent of the mTLS peer path.
+func TestPeerOrBearer_BearerStillWorks(t *testing.T) {
+	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
+	srv := httptest.NewServer(peerMux("real-token"))
 	defer srv.Close()
 
 	req, _ := http.NewRequest("GET", srv.URL+"/v1/agents", nil)
@@ -38,72 +38,6 @@ func TestCircleOrBearer_BearerStillWorks(t *testing.T) {
 	}
 }
 
-// TestCircleOrBearer_CircleKeyPasses: with a circle key configured, a
-// caller presenting the matching X-Clawtool-Circle header passes even
-// without the bearer token. This is the cross-device path.
-func TestCircleOrBearer_CircleKeyPasses(t *testing.T) {
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	if err := a2a.SaveCircleKey("circle-secret"); err != nil {
-		t.Fatal(err)
-	}
-	srv := httptest.NewServer(circleMux("real-token"))
-	defer srv.Close()
-
-	req, _ := http.NewRequest("GET", srv.URL+"/v1/agents", nil)
-	req.Header.Set(a2a.CircleKeyHeader, "circle-secret")
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusOK {
-		t.Errorf("matching circle key = %d, want 200", resp.StatusCode)
-	}
-}
-
-// TestCircleOrBearer_WrongCircleKeyRejected: a wrong circle key and no
-// bearer is 401 — and a configured-but-unmatched key never leaks.
-func TestCircleOrBearer_WrongCircleKeyRejected(t *testing.T) {
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir())
-	if err := a2a.SaveCircleKey("circle-secret"); err != nil {
-		t.Fatal(err)
-	}
-	srv := httptest.NewServer(circleMux("real-token"))
-	defer srv.Close()
-
-	req, _ := http.NewRequest("GET", srv.URL+"/v1/agents", nil)
-	req.Header.Set(a2a.CircleKeyHeader, "wrong-secret")
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusUnauthorized {
-		t.Errorf("wrong circle key = %d, want 401", resp.StatusCode)
-	}
-}
-
-// TestCircleOrBearer_NoKeyConfiguredDeniesHeaderOnly: if no circle key
-// is set on this node, presenting any circle header must NOT pass (only
-// the bearer should). Guards against an empty key matching an empty or
-// arbitrary header.
-func TestCircleOrBearer_NoKeyConfiguredDeniesHeaderOnly(t *testing.T) {
-	t.Setenv("XDG_CONFIG_HOME", t.TempDir()) // no key
-	srv := httptest.NewServer(circleMux("real-token"))
-	defer srv.Close()
-
-	req, _ := http.NewRequest("GET", srv.URL+"/v1/agents", nil)
-	req.Header.Set(a2a.CircleKeyHeader, "anything")
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusUnauthorized {
-		t.Errorf("circle header with no key configured = %d, want 401", resp.StatusCode)
-	}
-}
-
 // TestProxyPeerAgents_RelaysOverMTLS: the proxy reaches the peer over mTLS
 // (presenting this device's cert + the device-name header) and relays the
 // peer's agents. No shared secret involved.

From 8855054b62ed2dd0d79e7b07a7c2e1b933191339 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 04:56:03 +0300
Subject: [PATCH 39/86] feat(desktop): pairing progress + paired state on the
 initiator
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The initiator only flashed a toast and never learned the outcome. Now
clicking Pair opens a progress modal: it shows the confirmation code to
compare, waits with a spinner while polling the target's agents, and
resolves to "Paired ✓" the moment the other device approves (the target's
/v1/agents stops returning pairing_required) — or "Couldn't pair" after a
timeout. Device rows whose fingerprint is approved now show a "Paired"
badge instead of the Pair button (matched via the peer's device_id against
the pairing ledger). Added device_id to the Peer metadata type; dev stubs
exercise both the waiting→paired flow and the paired badge.
---
 .../src/components/PairProgress.module.css    | 59 +++++++++++++++
 .../app-ui/src/components/PairProgress.tsx    | 71 +++++++++++++++++++
 desktop/apps/app-ui/src/dev-stubs.ts          |  6 +-
 desktop/apps/app-ui/src/views/Network.tsx     | 62 +++++++++++++---
 desktop/packages/bridge/src/types.ts          |  2 +-
 5 files changed, 186 insertions(+), 14 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/components/PairProgress.module.css
 create mode 100644 desktop/apps/app-ui/src/components/PairProgress.tsx

diff --git a/desktop/apps/app-ui/src/components/PairProgress.module.css b/desktop/apps/app-ui/src/components/PairProgress.module.css
new file mode 100644
index 0000000..50b0c89
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/PairProgress.module.css
@@ -0,0 +1,59 @@
+.overlay {
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.55);
+  display: grid;
+  place-items: center;
+  z-index: 100;
+}
+.modal {
+  width: 380px;
+  max-width: calc(100vw - 48px);
+  background: var(--surface);
+  border: 1px solid var(--hairline-strong);
+  border-radius: var(--radius-lg);
+  box-shadow: var(--shadow-overlay);
+  padding: 22px;
+  text-align: center;
+}
+.title { font-size: var(--size-lg); font-weight: 600; }
+.body { color: var(--text-secondary); font-size: 13px; line-height: 1.5; margin-top: 8px; }
+.body b { color: var(--text); font-weight: 600; }
+.codeBig {
+  margin-top: 16px;
+  font: 700 30px/1 var(--font-mono);
+  letter-spacing: 0.18em;
+  color: var(--accent);
+}
+.wait {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 9px;
+  margin-top: 16px;
+  color: var(--text-secondary);
+  font-size: 12.5px;
+}
+.spinner {
+  width: 14px;
+  height: 14px;
+  border: 2px solid var(--hairline-strong);
+  border-top-color: var(--accent);
+  border-radius: 50%;
+  animation: spin 0.7s linear infinite;
+}
+@keyframes spin {
+  to { transform: rotate(360deg); }
+}
+.big {
+  margin: 6px auto 0;
+  width: 44px;
+  height: 44px;
+  display: grid;
+  place-items: center;
+  border-radius: 50%;
+  font-size: 22px;
+}
+.ok { background: color-mix(in srgb, var(--success) 18%, transparent); color: var(--success); }
+.bad { background: color-mix(in srgb, var(--warning) 18%, transparent); color: var(--warning); }
+.actions { display: flex; justify-content: center; gap: 12px; margin-top: 20px; }
diff --git a/desktop/apps/app-ui/src/components/PairProgress.tsx b/desktop/apps/app-ui/src/components/PairProgress.tsx
new file mode 100644
index 0000000..cf0a9b5
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/PairProgress.tsx
@@ -0,0 +1,71 @@
+import { Button } from "@clawtool/design-system";
+import styles from "./PairProgress.module.css";
+
+export type PairPhase = "waiting" | "paired" | "failed";
+
+// The initiating side of a pair: after clicking Pair, this shows the
+// confirmation code to compare, waits for the other device to approve
+// (polled by the caller), then resolves to paired or failed.
+export function PairProgress({
+  name,
+  code,
+  phase,
+  onClose,
+}: {
+  name: string;
+  code: string;
+  phase: PairPhase;
+  onClose: () => void;
+}) {
+  return (
+    <div className={styles.overlay}>
+      <div className={styles.modal}>
+        {phase === "waiting" ? (
+          <>
+            <div className={styles.title}>Pairing with {name}</div>
+            <p className={styles.body}>
+              Make sure this code matches the one shown on <b>{name}</b>, then approve there.
+            </p>
+            {code ? <div className={styles.codeBig}>{code}</div> : null}
+            <div className={styles.wait}>
+              <span className={styles.spinner} /> Waiting for {name} to approve…
+            </div>
+            <div className={styles.actions}>
+              <Button variant="secondary" onClick={onClose}>
+                Cancel
+              </Button>
+            </div>
+          </>
+        ) : phase === "paired" ? (
+          <>
+            <div className={`${styles.big} ${styles.ok}`}>✓</div>
+            <div className={styles.title} style={{ marginTop: 10 }}>
+              Paired with {name}
+            </div>
+            <p className={styles.body}>This device and {name} can now use each other's agents.</p>
+            <div className={styles.actions}>
+              <Button variant="primary" onClick={onClose}>
+                Done
+              </Button>
+            </div>
+          </>
+        ) : (
+          <>
+            <div className={`${styles.big} ${styles.bad}`}>!</div>
+            <div className={styles.title} style={{ marginTop: 10 }}>
+              Couldn't pair
+            </div>
+            <p className={styles.body}>
+              <b>{name}</b> didn't approve in time, or wasn't reachable. Make sure it's discoverable and try again.
+            </p>
+            <div className={styles.actions}>
+              <Button variant="secondary" onClick={onClose}>
+                Close
+              </Button>
+            </div>
+          </>
+        )}
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index 7bee893..d037641 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -14,8 +14,8 @@ const agents = [
   { instance: "opencode", family: "opencode", status: "binary-missing", callable: false },
 ];
 const peers = [
-  { peer_id: "p1", display_name: "win-pc", status: "online", metadata: { hostname: "win-pc", address: "192.168.1.42:52828" } },
-  { peer_id: "p2", display_name: "macbook-air", status: "offline", metadata: { hostname: "macbook-air", address: "192.168.1.51:52828" } },
+  { peer_id: "p1", display_name: "win-pc", status: "online", metadata: { hostname: "win-pc", address: "192.168.1.42:60111", device_id: "WB4SWDH3S5WD5TY3UGTO3YBNOFBH67TDUT44736CSCDYZJUQKF6Q" } },
+  { peer_id: "p2", display_name: "macbook-air", status: "offline", metadata: { hostname: "macbook-air", address: "192.168.1.51:60111", device_id: "Z23WTLH3BQBYPUGRCUMYNC2SQFVPVOLGYXJK2LCHTZZ27UA2AQBA" } },
 ];
 
 const peerAgents: Record<string, Array<Record<string, unknown>>> = {
@@ -73,7 +73,7 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     LocalCard: () =>
       J({ name: "clawtool@mac-studio", version: "1.0", url: "http://mac-studio.local:52828", skills: [{ id: "bash", name: "Bash" }, { id: "read", name: "Read" }, { id: "edit", name: "Edit" }, { id: "dispatch", name: "Agent dispatch" }] }),
     PairList: () =>
-      J([{ fingerprint: "Z23WTLH3BQBYPUGRCUMYNC2SQFVPVOLGYXJK2LCHTZZ27UA2AQBA", display_name: "win-pc", address: "192.168.1.42:60111", code: "4821", state: "pending" }]),
+      J([{ fingerprint: "Z23WTLH3BQBYPUGRCUMYNC2SQFVPVOLGYXJK2LCHTZZ27UA2AQBA", display_name: "macbook-air", address: "192.168.1.51:60111", code: "", state: "approved" }]),
     PairApprove: () => J({ ok: true }),
     PairDeny: () => J({ ok: true }),
     PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 38f2dca..5674266 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -4,8 +4,11 @@ import type { BadgeTone } from "@clawtool/design-system";
 import { ChevronDown, ChevronRight } from "lucide-react";
 import { App, type Agent, type Brand, type Peer } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
+import { PairProgress, type PairPhase } from "../components/PairProgress";
 import styles from "../App.module.css";
 
+type Progress = { peerId: string; name: string; code: string; phase: PairPhase };
+
 function statusChip(a: Agent): { label: string; tone: BadgeTone } {
   switch (a.status) {
     case "callable":
@@ -39,6 +42,8 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
   const [deviceOpen, setDeviceOpen] = useState(false);
   const [expanded, setExpanded] = useState<Set<string>>(new Set());
   const [agentsByPeer, setAgentsByPeer] = useState<Record<string, AgentState>>({});
+  const [pairedFps, setPairedFps] = useState<Set<string>>(new Set());
+  const [prog, setProg] = useState<Progress | null>(null);
 
   async function loadNetwork() {
     const snap = await App.networkSnapshot();
@@ -54,29 +59,58 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     const l = await App.lanStatus();
     setLan(l.ok === true && l.enabled === true);
   }
+  async function loadPaired() {
+    const list = await App.pairList();
+    const fps = (Array.isArray(list) ? list : []).filter((r) => r.state === "approved").map((r) => r.fingerprint);
+    setPairedFps(new Set(fps));
+  }
 
   useEffect(() => {
     if (!active) return;
     loadLan();
     loadNetwork();
-    const t = setInterval(loadNetwork, 5000);
+    loadPaired();
+    const t = setInterval(() => {
+      loadNetwork();
+      loadPaired();
+    }, 5000);
     return () => clearInterval(t);
   }, [active]);
 
+  // While a pair is waiting, poll the target's agents: once it answers with
+  // an agent list (instead of pairing_required) the other side has approved.
+  useEffect(() => {
+    if (!prog || prog.phase !== "waiting") return;
+    let tries = 0;
+    const t = setInterval(async () => {
+      tries += 1;
+      const r = (await App.peerAgents(prog.peerId)) as Record<string, unknown>;
+      if (Array.isArray(r.agents)) {
+        setProg((p) => (p ? { ...p, phase: "paired" } : p));
+        loadPaired();
+        loadNetwork();
+      } else if (tries >= 24) {
+        setProg((p) => (p ? { ...p, phase: "failed" } : p));
+      }
+    }, 2500);
+    return () => clearInterval(t);
+  }, [prog?.peerId, prog?.phase]);
+
   async function sendPair(p: Peer) {
     setPairing(p.peer_id);
     const r = (await App.pairRequest(p.peer_id)) as Record<string, unknown>;
     const name = p.display_name || p.peer_id;
-    if (r.ok && r.sent) {
-      const code = typeof r.code === "string" ? r.code : "";
-      if (r.pending && code) setToast(`Pairing ${name} — code ${code}. Approve on that device to finish.`);
-      else if (r.pending) setToast(`Pairing request sent to ${name}. Approve on that device to finish.`);
-      else setToast(`Paired with ${name}.`);
+    const code = typeof r.code === "string" ? r.code : "";
+    if (r.ok && r.sent && r.pending) {
+      setProg({ peerId: p.peer_id, name, code, phase: "waiting" });
+    } else if (r.ok && r.sent) {
+      // Already trusted by the peer — paired immediately.
+      setProg({ peerId: p.peer_id, name, code, phase: "paired" });
+      loadPaired();
     } else {
       setToast(typeof r.error === "string" ? r.error : "Couldn't reach that device");
     }
     setPairing("");
-    loadNetwork();
   }
   async function toggleExpand(p: Peer) {
     const next = new Set(expanded);
@@ -162,9 +196,13 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
                     </div>
                     <span className={styles.deviceRight}>
                       <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
-                      <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
-                        Pair
-                      </Button>
+                      {p.metadata?.device_id && pairedFps.has(p.metadata.device_id) ? (
+                        <Badge tone="accent">Paired</Badge>
+                      ) : (
+                        <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
+                          Pair
+                        </Button>
+                      )}
                     </span>
                   </div>
                   {open ? (
@@ -218,6 +256,10 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
         </div>
       </SidePane>
 
+      {prog ? (
+        <PairProgress name={prog.name} code={prog.code} phase={prog.phase} onClose={() => setProg(null)} />
+      ) : null}
+
       <Toast message={toast} onClear={() => setToast("")} />
     </>
   );
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index 05166d4..d1d6b58 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -30,7 +30,7 @@ export type Peer = {
   display_name?: string;
   status?: string;
   last_seen?: string;
-  metadata?: { hostname?: string; address?: string; peer_version?: string };
+  metadata?: { hostname?: string; address?: string; peer_version?: string; device_id?: string };
 };
 
 export type NetworkSnapshot =

From 72626b763f6aaa3c978b771dc76b4d8b2b4a851f Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:01:36 +0300
Subject: [PATCH 40/86] =?UTF-8?q?feat(a2a):=20unpair=20=E2=80=94=20forget?=
 =?UTF-8?q?=20a=20paired=20device?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds the missing revoke path. PairingStore.Forget deletes a record by
fingerprint or code (a forgotten peer is neither trusted nor denied — a
fresh contact re-enters pairing from pending). Surfaced as
`clawtool peer pair forget <selector>`, the installer PairForget binding,
the bridge pairForget method, and an "Unpair" button next to the Paired
badge on a device row. Reversible by re-pairing.
---
 cmd/clawtool-installer/app.go             |  1 +
 desktop/apps/app-ui/src/dev-stubs.ts      |  1 +
 desktop/apps/app-ui/src/views/Network.tsx | 16 +++++++++++++++-
 desktop/packages/bridge/src/app.ts        |  1 +
 internal/a2a/pairing.go                   | 22 ++++++++++++++++++++++
 internal/a2a/pairing_test.go              | 22 ++++++++++++++++++++++
 internal/cli/peer_pair.go                 | 17 ++++++++++++-----
 7 files changed, 74 insertions(+), 6 deletions(-)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 45f63a9..ab3162d 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -653,6 +653,7 @@ func (a *App) PairList() string {
 // or fingerprint — the Accept / Deny actions on the approval prompt.
 func (a *App) PairApprove(selector string) string { return a.pairDecide("approve", selector) }
 func (a *App) PairDeny(selector string) string    { return a.pairDecide("deny", selector) }
+func (a *App) PairForget(selector string) string  { return a.pairDecide("forget", selector) }
 
 func (a *App) pairDecide(action, selector string) string {
 	selector = strings.TrimSpace(selector)
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index d037641..c4b4e4a 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -76,6 +76,7 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
       J([{ fingerprint: "Z23WTLH3BQBYPUGRCUMYNC2SQFVPVOLGYXJK2LCHTZZ27UA2AQBA", display_name: "macbook-air", address: "192.168.1.51:60111", code: "", state: "approved" }]),
     PairApprove: () => J({ ok: true }),
     PairDeny: () => J({ ok: true }),
+    PairForget: () => J({ ok: true }),
     PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
     RunDoctor: () => J({ ok: true, output: "clawtool doctor — 0.22.171\n\n[binary]    ✓ clawtool on PATH\n[daemon]    ✓ running on 127.0.0.1:64205\n[agents]    ✓ claude, codex callable\n[bridges]   ⚠ gemini bridge missing\n\n1 warning, 0 errors" }),
     Quit: () => {},
diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 5674266..49cdec6 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -96,6 +96,15 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     return () => clearInterval(t);
   }, [prog?.peerId, prog?.phase]);
 
+  async function unpair(p: Peer) {
+    const fp = p.metadata?.device_id;
+    if (!fp) return;
+    setPairing(p.peer_id);
+    const r = (await App.pairForget(fp)) as Record<string, unknown>;
+    setToast(r.ok ? `Unpaired ${p.display_name || p.peer_id}` : "Couldn't unpair");
+    await loadPaired();
+    setPairing("");
+  }
   async function sendPair(p: Peer) {
     setPairing(p.peer_id);
     const r = (await App.pairRequest(p.peer_id)) as Record<string, unknown>;
@@ -197,7 +206,12 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
                     <span className={styles.deviceRight}>
                       <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
                       {p.metadata?.device_id && pairedFps.has(p.metadata.device_id) ? (
-                        <Badge tone="accent">Paired</Badge>
+                        <>
+                          <Badge tone="accent">Paired</Badge>
+                          <Button variant="ghost" disabled={pairing === p.peer_id} onClick={() => unpair(p)}>
+                            Unpair
+                          </Button>
+                        </>
                       ) : (
                         <Button variant="secondary" disabled={pairing === p.peer_id} onClick={() => sendPair(p)}>
                           Pair
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 340bbf4..9a7d84c 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -58,6 +58,7 @@ export const App = {
   pairList: () => callJSON<PairingRequest[]>("PairList", []),
   pairApprove: (selector: string) => callJSON<Result>("PairApprove", OK_FALSE, selector),
   pairDeny: (selector: string) => callJSON<Result>("PairDeny", OK_FALSE, selector),
+  pairForget: (selector: string) => callJSON<Result>("PairForget", OK_FALSE, selector),
   pairRequest: (peerID: string) => callJSON<Result>("PairRequest", OK_FALSE, peerID),
 
   // cross-device LAN exposure (discoverability)
diff --git a/internal/a2a/pairing.go b/internal/a2a/pairing.go
index 625bc1b..c2971ce 100644
--- a/internal/a2a/pairing.go
+++ b/internal/a2a/pairing.go
@@ -236,6 +236,28 @@ func (s *PairingStore) Deny(selector string) (*PairingRequest, error) {
 	return s.decide(selector, PairingDenied)
 }
 
+// Forget removes a peer from the ledger entirely (unpair). Matches by
+// fingerprint or pairing code. After forgetting, the peer is neither
+// trusted nor denied — a fresh contact starts pairing over from pending.
+// Unknown selector → error.
+func (s *PairingStore) Forget(selector string) (*PairingRequest, error) {
+	if selector == "" {
+		return nil, errors.New("empty selector")
+	}
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	r := s.findLocked(selector)
+	if r == nil {
+		return nil, fmt.Errorf("no pairing record matching %q", selector)
+	}
+	delete(s.requests, r.Fingerprint)
+	if err := s.persist(); err != nil {
+		return nil, err
+	}
+	return cloneReq(r), nil
+}
+
 func (s *PairingStore) decide(selector string, state PairingState) (*PairingRequest, error) {
 	if selector == "" {
 		return nil, errors.New("empty selector")
diff --git a/internal/a2a/pairing_test.go b/internal/a2a/pairing_test.go
index 06299a8..3e19ba7 100644
--- a/internal/a2a/pairing_test.go
+++ b/internal/a2a/pairing_test.go
@@ -175,3 +175,25 @@ func TestTrust_DirectlyApprovesAndUpserts(t *testing.T) {
 		t.Error("Trust did not flip pending → approved")
 	}
 }
+
+func TestForget_RemovesRecord(t *testing.T) {
+	s := newTestStore(t)
+	if _, err := s.Trust("fp-x", "dev", "1.2.3.4:1"); err != nil {
+		t.Fatalf("Trust: %v", err)
+	}
+	if !s.IsApproved("fp-x") {
+		t.Fatal("precondition: should be approved")
+	}
+	if _, err := s.Forget("fp-x"); err != nil {
+		t.Fatalf("Forget: %v", err)
+	}
+	if s.IsApproved("fp-x") {
+		t.Error("still approved after Forget")
+	}
+	if len(s.List()) != 0 {
+		t.Errorf("record not removed: %+v", s.List())
+	}
+	if _, err := s.Forget("fp-x"); err == nil {
+		t.Error("Forget on unknown selector should error")
+	}
+}
diff --git a/internal/cli/peer_pair.go b/internal/cli/peer_pair.go
index 829d992..7ff062b 100644
--- a/internal/cli/peer_pair.go
+++ b/internal/cli/peer_pair.go
@@ -21,7 +21,7 @@ import (
 
 func (a *App) runPeerPair(argv []string) int {
 	if len(argv) == 0 {
-		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|request|approve|deny> ...\n")
+		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|request|approve|deny|forget> ...\n")
 		return 2
 	}
 	store := a2a.GlobalPairingStore()
@@ -59,7 +59,7 @@ func (a *App) runPeerPair(argv []string) int {
 		b, _ := json.Marshal(out)
 		fmt.Fprintln(a.Stdout, string(b))
 		return 0
-	case "approve", "deny":
+	case "approve", "deny", "forget":
 		if len(argv) < 2 {
 			fmt.Fprintf(a.Stderr, "usage: clawtool peer pair %s <code|fingerprint>\n", argv[0])
 			return 2
@@ -69,16 +69,23 @@ func (a *App) runPeerPair(argv []string) int {
 			r   *a2a.PairingRequest
 			err error
 		)
-		if argv[0] == "approve" {
+		switch argv[0] {
+		case "approve":
 			r, err = store.Approve(sel)
-		} else {
+		case "deny":
 			r, err = store.Deny(sel)
+		default:
+			r, err = store.Forget(sel)
 		}
 		if err != nil {
 			fmt.Fprintf(a.Stderr, "clawtool peer pair %s: %v\n", argv[0], err)
 			return 1
 		}
-		b, _ := json.Marshal(map[string]any{"ok": true, "state": r.State, "fingerprint": r.Fingerprint})
+		state := "forgotten"
+		if argv[0] != "forget" {
+			state = string(r.State)
+		}
+		b, _ := json.Marshal(map[string]any{"ok": true, "state": state, "fingerprint": r.Fingerprint})
 		fmt.Fprintln(a.Stdout, string(b))
 		return 0
 	default:

From 0cd4239a9993db2982f822601e5bdca043e40611 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:13:31 +0300
Subject: [PATCH 41/86] fix(a2a): pairing approve/deny/forget must run in the
 daemon process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Root-cause fix for "approval never sticks". The daemon owns the in-memory
PairingStore the mTLS gate consults, but `clawtool peer pair approve` ran in
a separate CLI process: it edited the on-disk ledger while the daemon kept
its stale in-memory copy, and the daemon's next persist (on a peer's Observe)
clobbered the file back — so an approved peer kept getting pairing_required
("no agents shared" on the other device until a daemon restart).

Add daemon-local endpoints GET /v1/pair + POST /v1/pair/{approve,deny,forget}
that mutate the daemon's own store; route the CLI (and thus the desktop app's
bindings) through them over loopback. Also retry peer-agent fetch on
re-expand after a "none" result so agents appear as soon as pairing completes,
without restarting the app.
---
 desktop/apps/app-ui/src/views/Network.tsx |  6 ++-
 internal/cli/peer_pair.go                 | 35 +++++-------
 internal/server/http.go                   |  5 ++
 internal/server/pair_handler.go           | 66 +++++++++++++++++++++++
 4 files changed, 90 insertions(+), 22 deletions(-)
 create mode 100644 internal/server/pair_handler.go

diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index 49cdec6..a7cec4a 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -130,7 +130,11 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     }
     next.add(p.peer_id);
     setExpanded(next);
-    if (!agentsByPeer[p.peer_id]) {
+    // Refetch unless we already have a real agent list — a prior "none"
+    // (peer not yet paired / shared nothing) retries on re-expand, so the
+    // user sees agents as soon as pairing completes without restarting.
+    const cached = agentsByPeer[p.peer_id];
+    if (!Array.isArray(cached)) {
       setAgentsByPeer((m) => ({ ...m, [p.peer_id]: "loading" }));
       const r = (await App.peerAgents(p.peer_id)) as Record<string, unknown>;
       const list = Array.isArray(r.agents) ? (r.agents as Agent[]) : [];
diff --git a/internal/cli/peer_pair.go b/internal/cli/peer_pair.go
index 7ff062b..643296e 100644
--- a/internal/cli/peer_pair.go
+++ b/internal/cli/peer_pair.go
@@ -10,6 +10,7 @@
 package cli
 
 import (
+	"bytes"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -24,7 +25,10 @@ func (a *App) runPeerPair(argv []string) int {
 		fmt.Fprint(a.Stderr, "usage: clawtool peer pair <list|request|approve|deny|forget> ...\n")
 		return 2
 	}
-	store := a2a.GlobalPairingStore()
+	// All ledger access goes through the daemon: it owns the in-memory
+	// PairingStore the mTLS gate consults, so a separate CLI process mutating
+	// the on-disk file would be ignored (and clobbered on the daemon's next
+	// persist). Drive the daemon over loopback instead.
 	switch argv[0] {
 	case "list":
 		fs := flag.NewFlagSet("peer pair list", flag.ContinueOnError)
@@ -32,7 +36,11 @@ func (a *App) runPeerPair(argv []string) int {
 		if err := fs.Parse(argv[1:]); err != nil {
 			return 2
 		}
-		reqs := store.List()
+		var reqs []a2a.PairingRequest
+		if err := daemon.HTTPRequest(http.MethodGet, "/v1/pair", nil, &reqs); err != nil {
+			fmt.Fprintf(a.Stderr, "clawtool peer pair list: %v\n", err)
+			return 1
+		}
 		if *asJSON {
 			b, _ := json.Marshal(reqs)
 			fmt.Fprintln(a.Stdout, string(b))
@@ -64,28 +72,13 @@ func (a *App) runPeerPair(argv []string) int {
 			fmt.Fprintf(a.Stderr, "usage: clawtool peer pair %s <code|fingerprint>\n", argv[0])
 			return 2
 		}
-		sel := argv[1]
-		var (
-			r   *a2a.PairingRequest
-			err error
-		)
-		switch argv[0] {
-		case "approve":
-			r, err = store.Approve(sel)
-		case "deny":
-			r, err = store.Deny(sel)
-		default:
-			r, err = store.Forget(sel)
-		}
-		if err != nil {
+		body := bytes.NewReader([]byte(fmt.Sprintf(`{"selector":%q}`, argv[1])))
+		var out map[string]any
+		if err := daemon.HTTPRequest(http.MethodPost, "/v1/pair/"+argv[0], body, &out); err != nil {
 			fmt.Fprintf(a.Stderr, "clawtool peer pair %s: %v\n", argv[0], err)
 			return 1
 		}
-		state := "forgotten"
-		if argv[0] != "forget" {
-			state = string(r.State)
-		}
-		b, _ := json.Marshal(map[string]any{"ok": true, "state": state, "fingerprint": r.Fingerprint})
+		b, _ := json.Marshal(out)
 		fmt.Fprintln(a.Stdout, string(b))
 		return 0
 	default:
diff --git a/internal/server/http.go b/internal/server/http.go
index 57c0509..ef691de 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -177,6 +177,11 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// Single mux entry routes all subpaths via the trailing slash.
 	mux.Handle("/v1/peers", authed(http.HandlerFunc(handlePeers)))
 	mux.Handle("/v1/peers/", authed(http.HandlerFunc(handlePeers)))
+	// /v1/pair — local pairing-ledger management (list/approve/deny/forget).
+	// Bearer/loopback only: a remote peer never manages this device's trust
+	// decisions — those are the operator's, made on this machine.
+	mux.Handle("/v1/pair", authed(http.HandlerFunc(handlePair)))
+	mux.Handle("/v1/pair/", authed(http.HandlerFunc(handlePair)))
 	// /v1/relay — cross-device message ingress. Peer-aware like
 	// /v1/agents: a paired device POSTs a message here over the LAN
 	// (mTLS). Delivery enqueues into local agents' inboxes, not code
diff --git a/internal/server/pair_handler.go b/internal/server/pair_handler.go
new file mode 100644
index 0000000..5d5a2be
--- /dev/null
+++ b/internal/server/pair_handler.go
@@ -0,0 +1,66 @@
+// Local pairing-management endpoints (Tier-2).
+//
+// The pairing ledger (internal/a2a PairingStore) is owned by the daemon
+// process: the mTLS auth gate records pending peers into the daemon's
+// in-memory store, and the relay gate reads it. Approve/deny/forget MUST
+// therefore mutate THAT store, not a separate copy — a CLI process editing
+// the on-disk file can't reach the daemon's memory, and the daemon's next
+// persist would clobber the file anyway. So these run in the daemon and
+// the CLI / desktop app drive them over loopback.
+//
+//	GET  /v1/pair          — list every pairing record
+//	POST /v1/pair/approve  — body {"selector": "<code|fingerprint>"}
+//	POST /v1/pair/deny
+//	POST /v1/pair/forget
+package server
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/cogitave/clawtool/internal/a2a"
+)
+
+func handlePair(w http.ResponseWriter, r *http.Request) {
+	store := a2a.GlobalPairingStore()
+	tail := strings.TrimPrefix(r.URL.Path, "/v1/pair")
+
+	switch {
+	case (tail == "" || tail == "/" || tail == "/list") && r.Method == http.MethodGet:
+		writeJSON(w, http.StatusOK, store.List())
+
+	case tail == "/approve" && r.Method == http.MethodPost:
+		pairDecideHTTP(w, r, store.Approve)
+	case tail == "/deny" && r.Method == http.MethodPost:
+		pairDecideHTTP(w, r, store.Deny)
+	case tail == "/forget" && r.Method == http.MethodPost:
+		pairDecideHTTP(w, r, store.Forget)
+
+	default:
+		writeJSON(w, http.StatusNotFound, map[string]any{
+			"error": "unknown pairing endpoint",
+			"want":  []string{"GET /v1/pair", "POST /v1/pair/{approve,deny,forget}"},
+		})
+	}
+}
+
+// pairDecideHTTP reads {"selector"} from the body and applies op to the
+// daemon's pairing store.
+func pairDecideHTTP(w http.ResponseWriter, r *http.Request, op func(string) (*a2a.PairingRequest, error)) {
+	var body struct {
+		Selector string `json:"selector"`
+	}
+	_ = json.NewDecoder(r.Body).Decode(&body)
+	sel := strings.TrimSpace(body.Selector)
+	if sel == "" {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": "missing selector"})
+		return
+	}
+	rec, err := op(sel)
+	if err != nil {
+		writeJSON(w, http.StatusNotFound, map[string]any{"error": err.Error()})
+		return
+	}
+	writeJSON(w, http.StatusOK, map[string]any{"ok": true, "state": rec.State, "fingerprint": rec.Fingerprint})
+}

From 586c814a715283a743d959df4cddd4f21f417cbf Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:24:49 +0300
Subject: [PATCH 42/86] fix(desktop): "Paired" badge only after the other side
 actually approves
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pressing Pair flipped the row to "Paired" instantly because the initiator
trusts the target on click (mutual-trust shortcut) — but the badge then
lied: the OTHER side hadn't approved yet, and "Paired" + Unpair appeared
before the handshake finished. Drive the badge from a new verifiedPaired
set populated only on a successful round-trip (peerAgents returned an
agent list), and on the progress modal flipping to "paired". Unpair clears
the verified state so the row drops back to "Pair" without restarting.
---
 desktop/apps/app-ui/src/views/Network.tsx | 41 ++++++++++++++---------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/desktop/apps/app-ui/src/views/Network.tsx b/desktop/apps/app-ui/src/views/Network.tsx
index a7cec4a..a266495 100644
--- a/desktop/apps/app-ui/src/views/Network.tsx
+++ b/desktop/apps/app-ui/src/views/Network.tsx
@@ -42,7 +42,12 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
   const [deviceOpen, setDeviceOpen] = useState(false);
   const [expanded, setExpanded] = useState<Set<string>>(new Set());
   const [agentsByPeer, setAgentsByPeer] = useState<Record<string, AgentState>>({});
-  const [pairedFps, setPairedFps] = useState<Set<string>>(new Set());
+  // verifiedPaired tracks peers we've actually round-tripped with — their
+  // /v1/agents responded with an agent list, meaning THEY trust us back.
+  // Local trust alone (this device's "Pair" click) isn't enough to call
+  // something "Paired"; that would auto-mark every Pair attempt as done
+  // before the other side approved. The badge + Unpair button hang off this.
+  const [verifiedPaired, setVerifiedPaired] = useState<Set<string>>(new Set());
   const [prog, setProg] = useState<Progress | null>(null);
 
   async function loadNetwork() {
@@ -59,21 +64,21 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     const l = await App.lanStatus();
     setLan(l.ok === true && l.enabled === true);
   }
-  async function loadPaired() {
-    const list = await App.pairList();
-    const fps = (Array.isArray(list) ? list : []).filter((r) => r.state === "approved").map((r) => r.fingerprint);
-    setPairedFps(new Set(fps));
+  function markVerified(fp: string | undefined, on: boolean) {
+    if (!fp) return;
+    setVerifiedPaired((prev) => {
+      const next = new Set(prev);
+      if (on) next.add(fp);
+      else next.delete(fp);
+      return next;
+    });
   }
 
   useEffect(() => {
     if (!active) return;
     loadLan();
     loadNetwork();
-    loadPaired();
-    const t = setInterval(() => {
-      loadNetwork();
-      loadPaired();
-    }, 5000);
+    const t = setInterval(loadNetwork, 5000);
     return () => clearInterval(t);
   }, [active]);
 
@@ -86,15 +91,17 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
       tries += 1;
       const r = (await App.peerAgents(prog.peerId)) as Record<string, unknown>;
       if (Array.isArray(r.agents)) {
+        // Round-trip confirmed → this peer is genuinely paired.
+        const fp = peers.find((p) => p.peer_id === prog.peerId)?.metadata?.device_id;
+        markVerified(fp, true);
         setProg((p) => (p ? { ...p, phase: "paired" } : p));
-        loadPaired();
         loadNetwork();
       } else if (tries >= 24) {
         setProg((p) => (p ? { ...p, phase: "failed" } : p));
       }
     }, 2500);
     return () => clearInterval(t);
-  }, [prog?.peerId, prog?.phase]);
+  }, [prog?.peerId, prog?.phase, peers]);
 
   async function unpair(p: Peer) {
     const fp = p.metadata?.device_id;
@@ -102,7 +109,8 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     setPairing(p.peer_id);
     const r = (await App.pairForget(fp)) as Record<string, unknown>;
     setToast(r.ok ? `Unpaired ${p.display_name || p.peer_id}` : "Couldn't unpair");
-    await loadPaired();
+    markVerified(fp, false);
+    setAgentsByPeer((m) => ({ ...m, [p.peer_id]: "none" }));
     setPairing("");
   }
   async function sendPair(p: Peer) {
@@ -115,7 +123,7 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
     } else if (r.ok && r.sent) {
       // Already trusted by the peer — paired immediately.
       setProg({ peerId: p.peer_id, name, code, phase: "paired" });
-      loadPaired();
+      markVerified(p.metadata?.device_id, true);
     } else {
       setToast(typeof r.error === "string" ? r.error : "Couldn't reach that device");
     }
@@ -139,6 +147,9 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
       const r = (await App.peerAgents(p.peer_id)) as Record<string, unknown>;
       const list = Array.isArray(r.agents) ? (r.agents as Agent[]) : [];
       setAgentsByPeer((m) => ({ ...m, [p.peer_id]: list.length ? list : "none" }));
+      // A successful agents fetch is the round-trip proof that the peer
+      // trusts us — promote them to verified-paired so the badge appears.
+      if (Array.isArray(r.agents)) markVerified(p.metadata?.device_id, true);
     }
   }
   async function toggleLan(next: boolean) {
@@ -209,7 +220,7 @@ export function Network({ brand, active }: { brand: Brand; active: boolean }) {
                     </div>
                     <span className={styles.deviceRight}>
                       <Badge tone={p.status === "online" ? "success" : "neutral"}>{p.status ?? "—"}</Badge>
-                      {p.metadata?.device_id && pairedFps.has(p.metadata.device_id) ? (
+                      {p.metadata?.device_id && verifiedPaired.has(p.metadata.device_id) ? (
                         <>
                           <Badge tone="accent">Paired</Badge>
                           <Button variant="ghost" disabled={pairing === p.peer_id} onClick={() => unpair(p)}>

From ce608e2568f2c0138d3292ed8f2d7407189b1a97 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:33:52 +0300
Subject: [PATCH 43/86] =?UTF-8?q?build(installer):=20macOS=20=E2=80=94=20r?=
 =?UTF-8?q?ename=20bundle=20to=20Clawtool.app=20+=20drag-to-install=20dmg?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

macOS apps aren't "installers" — that's a Windows thing. Rename the bundle
to Clawtool.app and lay out the dmg as the standard drag-to-install
window: Clawtool.app next to an Applications symlink, so opening the dmg
shows "Clawtool.app | Applications →" and the user drags one onto the
other. The Windows .exe installer is unaffected.
---
 .github/workflows/installer.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 4c433a4..281bf09 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -187,8 +187,23 @@ jobs:
         run: |
           app=$(ls -d build/bin/*.app | head -1)
           if [ -z "$app" ]; then echo "no .app produced"; exit 1; fi
+          # macOS convention: the bundle is just the product name — no
+          # "installer" suffix (that's a Windows thing). Rename here so the
+          # icon a user sees in Finder is "Clawtool.app".
+          if [ "$(basename "$app")" != "Clawtool.app" ]; then
+            mv "$app" "$(dirname "$app")/Clawtool.app"
+            app="$(dirname "$app")/Clawtool.app"
+          fi
+          # Drag-to-install .dmg layout: stage the app next to an
+          # Applications symlink, so opening the .dmg shows "Clawtool.app |
+          # Applications →" and the user drags one onto the other — the
+          # standard macOS install gesture.
+          stage="$(mktemp -d)/dmg"
+          mkdir -p "$stage"
+          cp -R "$app" "$stage/Clawtool.app"
+          ln -s /Applications "$stage/Applications"
           hdiutil create -volname "Clawtool" \
-            -srcfolder "$app" -ov -format UDZO \
+            -srcfolder "$stage" -ov -format UDZO \
             "build/bin/Clawtool.dmg"
 
       - name: Upload installer artifact

From 01f241ac387b034921ca06bc832f984c055b7aea Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:35:52 +0300
Subject: [PATCH 44/86] =?UTF-8?q?fix(installer):=20macOS=20=E2=80=94=20ski?=
 =?UTF-8?q?p=20the=20menu-bar=20tray=20to=20stop=20the=20on-launch=20crash?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

energye/systray's Cocoa loop competes with Wails' NSApp main loop on
macOS; the result was a SIGTRAP in systray's nativeLoop the instant the
.app launched, so the window never appeared. The mUpdate menu item
already has a nil guard, so skipping systray.Run on darwin is safe — the
app runs as a regular window without a menu-bar icon. Windows + Linux
trays are unaffected. A native NSStatusItem path can land later.
---
 cmd/clawtool-installer/app.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index ab3162d..a771cd9 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -120,6 +120,15 @@ func (a *App) OpenInstalled() string {
 // LockOSThread guarantees.
 func (a *App) startup(ctx context.Context) {
 	a.ctx = ctx
+	// macOS: skip the menu-bar tray. Cocoa's NSApp owns the main thread,
+	// and energye/systray's Cocoa loop fights Wails' main loop → SIGTRAP
+	// on launch (the .app never opens). The app works fine as a regular
+	// window without a tray icon; a native NSStatusItem path can land
+	// later. Windows + Linux keep the tray (Win32/AppIndicator don't have
+	// this constraint).
+	if runtime.GOOS == "darwin" {
+		return
+	}
 	go func() {
 		runtime.LockOSThread()
 		systray.Run(a.onTrayReady, nil)

From 3f443392693952de5ccc0f9174b768cb608b18c4 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 05:55:27 +0300
Subject: [PATCH 45/86] fix(a2a): dedupe + self-filter on device_id, not the
 per-session peer_id
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mDNS announce mints a fresh peer_id every daemon restart (sanitizeForTXT-pid),
so the registry was multiplying rows for the same physical device — and our
own announce slipped through the self-filter on the next browse cycle. Use
the stable device_id (cert fingerprint, present from Tier-2 onwards) as the
identity key: as the registry's SessionID for collapse, and as the self-skip
condition. Pre-Tier-2 peers without a device_id keep the old peer_id path.
---
 internal/a2a/mdns.go | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/internal/a2a/mdns.go b/internal/a2a/mdns.go
index e208c28..a4cbbbb 100644
--- a/internal/a2a/mdns.go
+++ b/internal/a2a/mdns.go
@@ -384,8 +384,16 @@ func (b *Browser) handleEntry(reg *Registry, entry *zeroconf.ServiceEntry) {
 		// Skip rather than register a half-formed row.
 		return
 	}
+	deviceID := txt["device_id"]
+	// Self-filter: the stable cert fingerprint is the only reliable identity
+	// — the announced peer_id (sanitizeForTXT-pid) changes every daemon
+	// restart, so a peer_id check would let our own announce slip through
+	// on the next browse cycle. Prefer device_id when present (Tier-2),
+	// fall back to peer_id for pre-Tier-2 peers.
+	if deviceID != "" && deviceID == DeviceID() {
+		return
+	}
 	if b.localID != "" && peerID == b.localID {
-		// Self-discovery filter — see package doc.
 		return
 	}
 
@@ -446,11 +454,18 @@ func (b *Browser) handleEntry(reg *Registry, entry *zeroconf.ServiceEntry) {
 		displayName = peerID
 	}
 
+	// Identity key for registry collapse: prefer the stable device_id
+	// (cert fingerprint) so daemon restarts don't multiply rows; fall
+	// back to peer_id for pre-Tier-2 peers without a device_id.
+	identitySID := deviceID
+	if identitySID == "" {
+		identitySID = peerID
+	}
 	_, err := reg.Register(RegisterInput{
 		DisplayName: displayName,
 		Backend:     "clawtool-mdns",
 		Circle:      "lan",
-		SessionID:   peerID,
+		SessionID:   identitySID,
 		Metadata:    metadata,
 	})
 	if err != nil {

From 703b9501defd6fcfeaa416e1fca02b47d7b2aac5 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 17:54:34 +0300
Subject: [PATCH 46/86] feat(desktop): embed namzu as the agent runtime (ADE
 Phase A)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The desktop is becoming an agent development environment — projects on the
left, conversation on the right — and namzu's SDK already covers exactly
that surface: a query() kernel, pluggable tool registry, per-project
session tree under ~/.namzu/projects/<id>/, env→clawtool secrets→Keychain
provider discovery, and even an existing clawtool MCP bridge.

This commit wires it in:

- Vendor namzu as a git submodule under desktop/submodules/namzu.
- Extend the desktop pnpm workspace to mirror namzu's package globs so
  cross-package deps still resolve.
- Add @namzu/sdk as a workspace dep of @clawtool/app-ui.
- A thin desktop/apps/app-ui/src/lib/namzu.ts re-exports the types we'll
  pivot the Conversation view onto in Phase C, and gives every later phase
  a single integration seam to extend.
- CI: clone submodules recursively + build @namzu/sdk before @clawtool/app-ui
  so the dist/ main entry exists when Vite resolves the import.

Nothing user-visible yet (no UI changes); the next phases (Projects panel,
Conversation view, clawtool tool-layer bridge, cross-device dispatch) ride
on this foundation. Headless agent execution falls out naturally — namzu
IS the headless runtime, so a paired device's clawtool can drive its own
embedded namzu against a relayed message without a Claude Code session
being open.
---
 .github/workflows/installer.yml      |    8 +
 .gitmodules                          |    3 +
 desktop/apps/app-ui/package.json     |    1 +
 desktop/apps/app-ui/src/lib/namzu.ts |   24 +
 desktop/pnpm-lock.yaml               | 3438 +++++++++++++++++++++++++-
 desktop/pnpm-workspace.yaml          |    4 +
 desktop/submodules/namzu             |    1 +
 7 files changed, 3441 insertions(+), 38 deletions(-)
 create mode 100644 .gitmodules
 create mode 100644 desktop/apps/app-ui/src/lib/namzu.ts
 create mode 160000 desktop/submodules/namzu

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 281bf09..194aea8 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -65,6 +65,11 @@ jobs:
         working-directory: cmd/clawtool-installer
     steps:
       - uses: actions/checkout@v4
+        with:
+          # Pull namzu (and any future submodules) so desktop/submodules/namzu
+          # is populated — the desktop pnpm workspace links @namzu/sdk from
+          # there as the embedded agent runtime.
+          submodules: recursive
 
       - uses: actions/setup-go@v5
         with:
@@ -100,6 +105,9 @@ jobs:
         run: |
           corepack enable
           pnpm install --frozen-lockfile
+          # The desktop app imports types from @namzu/sdk, whose dist/ is the
+          # main entry — build it before app-ui so the import resolves.
+          pnpm --filter @namzu/sdk build
           pnpm --filter @clawtool/app-ui build
         shell: bash
 
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..8324745
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "desktop/submodules/namzu"]
+	path = desktop/submodules/namzu
+	url = https://github.com/cogitave/namzu.git
diff --git a/desktop/apps/app-ui/package.json b/desktop/apps/app-ui/package.json
index e420788..4a612eb 100644
--- a/desktop/apps/app-ui/package.json
+++ b/desktop/apps/app-ui/package.json
@@ -11,6 +11,7 @@
     "@clawtool/bridge": "workspace:*",
     "@clawtool/design-system": "workspace:*",
     "@clawtool/installer-ui": "workspace:*",
+    "@namzu/sdk": "workspace:*",
     "lucide-react": "^1.16.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1"
diff --git a/desktop/apps/app-ui/src/lib/namzu.ts b/desktop/apps/app-ui/src/lib/namzu.ts
new file mode 100644
index 0000000..ff7da03
--- /dev/null
+++ b/desktop/apps/app-ui/src/lib/namzu.ts
@@ -0,0 +1,24 @@
+// Embedding namzu's agent runtime inside the clawtool desktop.
+//
+// namzu (sibling repo, vendored as git submodule under desktop/submodules)
+// owns the agent loop: provider routing, tool dispatch, streaming, sessions
+// against a project's working directory. The clawtool desktop calls into it
+// in-process — no subprocess, no JSONL streaming over a pipe — and renders
+// the event stream straight into React state.
+//
+// This module is the single integration seam: pick a project, get back an
+// async-iterable of typed events you can switch over in the Conversation
+// view. As of Phase A this is the wiring proof: it imports from @namzu/sdk
+// and the build succeeds, so the rest of the ADE work can call `query` (or
+// later a higher-level session helper from @namzu/cli) without re-litigating
+// the dependency graph.
+import type { Message, QueryParams, Run, RunEvent } from "@namzu/sdk";
+
+export type NamzuSessionParams = Omit<QueryParams, "messages"> & {
+  /** Working directory the agent operates against — anchors tools + memory. */
+  cwd: string;
+  /** Project id used for the on-disk session tree (~/.namzu/projects/<id>/). */
+  projectId: string;
+};
+
+export type { Message, Run, RunEvent };
diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml
index 57f7f6d..e85f46d 100644
--- a/desktop/pnpm-lock.yaml
+++ b/desktop/pnpm-lock.yaml
@@ -32,13 +32,13 @@ importers:
         version: 18.3.7(@types/react@18.3.29)
       '@vitejs/plugin-react':
         specifier: ^4.3.4
-        version: 4.7.0(vite@6.4.2)
+        version: 4.7.0(vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0))
       typescript:
         specifier: ^5.6.3
         version: 5.9.3
       vite:
         specifier: ^6.0.7
-        version: 6.4.2
+        version: 6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0)
 
   apps/app-ui:
     dependencies:
@@ -51,6 +51,9 @@ importers:
       '@clawtool/installer-ui':
         specifier: workspace:*
         version: link:../installer-ui
+      '@namzu/sdk':
+        specifier: workspace:*
+        version: link:../../submodules/namzu/packages/sdk
       lucide-react:
         specifier: ^1.16.0
         version: 1.16.0(react@18.3.1)
@@ -69,13 +72,13 @@ importers:
         version: 18.3.7(@types/react@18.3.29)
       '@vitejs/plugin-react':
         specifier: ^4.3.4
-        version: 4.7.0(vite@6.4.2)
+        version: 4.7.0(vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0))
       typescript:
         specifier: ^5.6.3
         version: 5.9.3
       vite:
         specifier: ^6.0.7
-        version: 6.4.2
+        version: 6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0)
 
   apps/installer-ui:
     dependencies:
@@ -100,13 +103,13 @@ importers:
         version: 18.3.7(@types/react@18.3.29)
       '@vitejs/plugin-react':
         specifier: ^4.3.4
-        version: 4.7.0(vite@6.4.2)
+        version: 4.7.0(vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0))
       typescript:
         specifier: ^5.6.3
         version: 5.9.3
       vite:
         specifier: ^6.0.7
-        version: 6.4.2
+        version: 6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0)
 
   apps/updater-ui:
     dependencies:
@@ -131,13 +134,13 @@ importers:
         version: 18.3.7(@types/react@18.3.29)
       '@vitejs/plugin-react':
         specifier: ^4.3.4
-        version: 4.7.0(vite@6.4.2)
+        version: 4.7.0(vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0))
       typescript:
         specifier: ^5.6.3
         version: 5.9.3
       vite:
         specifier: ^6.0.7
-        version: 6.4.2
+        version: 6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0)
 
   packages/bridge:
     devDependencies:
@@ -170,8 +173,501 @@ importers:
         specifier: ^5.6.3
         version: 5.9.3
 
+  submodules/namzu/packages/cli:
+    dependencies:
+      '@namzu/anthropic':
+        specifier: workspace:*
+        version: link:../providers/anthropic
+      '@namzu/ollama':
+        specifier: workspace:*
+        version: link:../providers/ollama
+      '@namzu/openai':
+        specifier: workspace:*
+        version: link:../providers/openai
+      '@namzu/openrouter':
+        specifier: workspace:*
+        version: link:../providers/openrouter
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../sdk
+      commander:
+        specifier: ^14.0.3
+        version: 14.0.3
+      ink:
+        specifier: ^7.0.3
+        version: 7.0.4(@types/react@19.2.15)(react@19.2.6)
+      react:
+        specifier: ^19.2.6
+        version: 19.2.6
+      smol-toml:
+        specifier: ^1.6.1
+        version: 1.6.1
+      yaml:
+        specifier: ^2.9.0
+        version: 2.9.0
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@types/react':
+        specifier: ^19.2.15
+        version: 19.2.15
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/computer-use:
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/files:
+    dependencies:
+      '@azure/storage-blob':
+        specifier: ^12.27.0
+        version: 12.31.0
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/anthropic:
+    dependencies:
+      '@anthropic-ai/sdk':
+        specifier: ^0.89.0
+        version: 0.89.0(zod@4.4.3)
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/bedrock:
+    dependencies:
+      '@aws-sdk/client-bedrock-runtime':
+        specifier: ^3.700.0
+        version: 3.1055.0
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/http:
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/lmstudio:
+    dependencies:
+      '@lmstudio/sdk':
+        specifier: ^1.5.0
+        version: 1.5.0
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/ollama:
+    dependencies:
+      ollama:
+        specifier: ^0.5.0
+        version: 0.5.18
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/openai:
+    dependencies:
+      openai:
+        specifier: ^6.0.0
+        version: 6.39.0(ws@8.21.0)(zod@4.4.3)
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/providers/openrouter:
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/sandbox:
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../sdk
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
+  submodules/namzu/packages/sdk:
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@opentelemetry/api':
+        specifier: ^1.9.0
+        version: 1.9.1
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      '@vitest/coverage-v8':
+        specifier: ^2.1.9
+        version: 2.1.9(vitest@2.1.9(@types/node@22.19.19))
+      fast-check:
+        specifier: ^4.7.0
+        version: 4.8.0
+      knip:
+        specifier: ^6.4.1
+        version: 6.14.2
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+      zod:
+        specifier: ^3.23.0
+        version: 3.25.76
+      zod-to-json-schema:
+        specifier: ^3.23.0
+        version: 3.25.2(zod@3.25.76)
+
+  submodules/namzu/packages/telemetry:
+    dependencies:
+      '@opentelemetry/exporter-metrics-otlp-http':
+        specifier: ^0.57.0
+        version: 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/exporter-trace-otlp-http':
+        specifier: ^0.57.0
+        version: 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources':
+        specifier: ^1.30.0
+        version: 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-metrics':
+        specifier: ^1.30.0
+        version: 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-trace-node':
+        specifier: ^1.30.0
+        version: 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/semantic-conventions':
+        specifier: ^1.30.0
+        version: 1.41.1
+    devDependencies:
+      '@biomejs/biome':
+        specifier: ^1.9.4
+        version: 1.9.4
+      '@namzu/sdk':
+        specifier: workspace:^
+        version: link:../sdk
+      '@opentelemetry/api':
+        specifier: ^1.9.0
+        version: 1.9.1
+      '@types/node':
+        specifier: ^22.19.17
+        version: 22.19.19
+      typescript:
+        specifier: ^5.5.0
+        version: 5.9.3
+      vitest:
+        specifier: ^2.0.0
+        version: 2.1.9(@types/node@22.19.19)
+
 packages:
 
+  '@alcalzone/ansi-tokenize@0.3.0':
+    resolution: {integrity: sha512-p+CMKJ93HFmLkjXKlXiVGlMQEuRb6H0MokBSwUsX+S6BRX8eV5naFZpQJFfJHjRZY0Hmnqy1/r6UWl3x+19zYA==}
+    engines: {node: '>=18'}
+
+  '@ampproject/remapping@2.3.0':
+    resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==}
+    engines: {node: '>=6.0.0'}
+
+  '@anthropic-ai/sdk@0.89.0':
+    resolution: {integrity: sha512-nyGau0zex62EpU91hsHa0zod973YEoiMgzWZ9hC55WdiOLrE4AGpcg4wXI7lFqtvMLqMcLfewQU9sHgQB6psow==}
+    hasBin: true
+    peerDependencies:
+      zod: ^3.25.0 || ^4.0.0
+    peerDependenciesMeta:
+      zod:
+        optional: true
+
+  '@aws-crypto/crc32@5.2.0':
+    resolution: {integrity: sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==}
+    engines: {node: '>=16.0.0'}
+
+  '@aws-crypto/sha256-browser@5.2.0':
+    resolution: {integrity: sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==}
+
+  '@aws-crypto/sha256-js@5.2.0':
+    resolution: {integrity: sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==}
+    engines: {node: '>=16.0.0'}
+
+  '@aws-crypto/supports-web-crypto@5.2.0':
+    resolution: {integrity: sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==}
+
+  '@aws-crypto/util@5.2.0':
+    resolution: {integrity: sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==}
+
+  '@aws-sdk/client-bedrock-runtime@3.1055.0':
+    resolution: {integrity: sha512-7MMQkiFv+3fKmCd8gvR7arB/m6zsrGY4w0+th5bx121sFnSS+eOHJkAVqykJlYulkQN4zVSHjT2zvd0LKDVyQA==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/core@3.974.14':
+    resolution: {integrity: sha512-ppamm04uoj3hhNO5IlQSs5D6rWX1fWkzcn6a4pZrojk8Y6ObY9wzLDdT/Eq3gv6O9hOebi9tYTNB8b8fQj9XJw==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-env@3.972.40':
+    resolution: {integrity: sha512-jjT0p0Y7KZtcvExYiPCLJnqM9lkXDV1KBEg/13OE2DXv/9batzlyJHVKUEnRNJccY0O2Sul17E1su38CgdBhGQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-http@3.972.42':
+    resolution: {integrity: sha512-+3fsKtWybe5BjKEUA3/07oh7Ayfd82IED2+gyyaVfS/4PU78E3TaOQxSGOJ1t7Imefoidw/ne9QA7apX8wEnJg==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-ini@3.972.44':
+    resolution: {integrity: sha512-gZFw5wBefCIPg9vpT+gV5FdhfNKhYTVDZa1IsZCcn3SRoYUOJ/E05vwIogkJoonqBL0ttBGi5vhthX7xceekRg==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-login@3.972.44':
+    resolution: {integrity: sha512-QqEGHfQeZgUDqh7zpqHufrZ8T644ELEWvB+4gUdewLyRw4IRF+6CJqeQuRWqucZdQzoQeMh7fNAD9BWxFAdNig==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-node@3.972.45':
+    resolution: {integrity: sha512-3YCv52ExXIRz3LAVNysevd+s7akSpg9dl39v9LJ7dOQH+s5rHi3jMZYQyxwMmglxQGMuzYRfQ0o1VSP2UOlIRw==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-process@3.972.40':
+    resolution: {integrity: sha512-cXaozlgJCOwmE6D7x4npcPdyk7kiFZdrGjN3D6tXXtItJJMNGPafDfAJn4YQmciMooG/X+b0Y6RTqdVVMx26jg==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-sso@3.972.44':
+    resolution: {integrity: sha512-YePoj5kQuPmE0MHnyftXCfsO8ZSBd2kDr50XEIUrdejSbGFlayYvUuCohdb8drhGhPm6b65o7H1eC26EZhwUvA==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/credential-provider-web-identity@3.972.44':
+    resolution: {integrity: sha512-Ys/JJe++8Z2Y5meR1taMBaVcrGBA0/XsVTQR+qOKZbdNyg+8Jlv5rYZSwh8SqEHY00goSOZy7PHzZ2rLNQxDLg==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/eventstream-handler-node@3.972.17':
+    resolution: {integrity: sha512-WFwdNcjchKZr7jKYgGimUZO8sSKQF/le7GGqgeCzz/lHozInE6b0gFJ1YMr8NaIeAoWJwgtrF7RE4/qMgosAdQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/middleware-eventstream@3.972.13':
+    resolution: {integrity: sha512-ECfsw7mf6G/sxNbKbGE3/h1xeIArY/yRI1IjDGYkLgDIankh+aDOtDRSr40LVlIHGL9+jEH1cVuxmbJ8NLL/1A==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/middleware-websocket@3.972.22':
+    resolution: {integrity: sha512-aumo6pYnvD1/eda3R0UDkRVecwxsuW4zTZLdjbHg7NqYMKmy7vK0bM3NGJzCD+Ys8iqCC7EeDU4LuWVIsXvL+A==}
+    engines: {node: '>= 14.0.0'}
+
+  '@aws-sdk/nested-clients@3.997.12':
+    resolution: {integrity: sha512-Js2VYaCM269feB0cs0cGmlIhdOgT9aMqzdBx68lCy6kVCYfzr0T36ovUFDvfUmatkuBeyBJhCwaLBh7P8meH5Q==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/signature-v4-multi-region@3.996.29':
+    resolution: {integrity: sha512-Few9FoQqOt/0KSvZYP+qdW0dfOhfQ9N+gl2UUDvCPW6mkPKHli9LMbKxWj+wZ5zKPaOoqxuR3Hhy3OTpndkfSw==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/token-providers@3.1054.0':
+    resolution: {integrity: sha512-hG9YKApmZOw+drJ9Nuoaf/OvC8e5W1+3eoLeN5p2uVCZRWsv27teIS0b4kiH6Sfv3WMmamqYJxmE2WMwyp/L/A==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/token-providers@3.1055.0':
+    resolution: {integrity: sha512-NSCniZ0HmeOWrX1k9aXZtKEST+JlNqOMNe87Vll1y25WlHOErNGgk8oFoMGnbiuWsG8ZS8zLby8fqVmrH8/ufQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/types@3.973.9':
+    resolution: {integrity: sha512-kuBfgQVdcz5Bmapc4A13YbpVw/pXkesfhetcFYwbntqas8sF41OHyd4o28+/TG2ZQdHBsv90Lsu5y6oitvYCdg==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/util-locate-window@3.965.5':
+    resolution: {integrity: sha512-WhlJNNINQB+9qtLtZJcpQdgZw3SCDCpXdUJP7cToGwHbCWCnRckGlc6Bx/OhWwIYFNAn+FIydY8SZ0QmVu3xTQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws-sdk/xml-builder@3.972.26':
+    resolution: {integrity: sha512-cDbrqvDS73whl6YAPSPq0U6whzG6UWI9PuWh0wrUuGoZexhWEqhdunbukV7iBoaWnFV1AODutM5hOD6rtn439g==}
+    engines: {node: '>=20.0.0'}
+
+  '@aws/lambda-invoke-store@0.2.4':
+    resolution: {integrity: sha512-iY8yvjE0y651BixKNPgmv1WrQc+GZ142sb0z4gYnChDDY2YqI4P/jsSopBWrKfAt7LOJAkOXt7rC/hms+WclQQ==}
+    engines: {node: '>=18.0.0'}
+
+  '@azure/abort-controller@2.1.2':
+    resolution: {integrity: sha512-nBrLsEWm4J2u5LpAPjxADTlq3trDgVZZXHNKabeXZtpq3d3AbN/KGO82R87rdDz5/lYB024rtEf10/q0urNgsA==}
+    engines: {node: '>=18.0.0'}
+
+  '@azure/core-auth@1.10.1':
+    resolution: {integrity: sha512-ykRMW8PjVAn+RS6ww5cmK9U2CyH9p4Q88YJwvUslfuMmN98w/2rdGRLPqJYObapBCdzBVeDgYWdJnFPFb7qzpg==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/core-client@1.10.1':
+    resolution: {integrity: sha512-Nh5PhEOeY6PrnxNPsEHRr9eimxLwgLlpmguQaHKBinFYA/RU9+kOYVOQqOrTsCL+KSxrLLl1gD8Dk5BFW/7l/w==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/core-http-compat@2.4.0':
+    resolution: {integrity: sha512-f1P96IB399YiN2ARYHP7EpZi3Bf3wH4SN2lGzrw7JVwm7bbsVYtf2iKSBwTywD2P62NOPZGHFSZi+6jjb75JuA==}
+    engines: {node: '>=20.0.0'}
+    peerDependencies:
+      '@azure/core-client': ^1.10.0
+      '@azure/core-rest-pipeline': ^1.22.0
+
+  '@azure/core-lro@2.7.2':
+    resolution: {integrity: sha512-0YIpccoX8m/k00O7mDDMdJpbr6mf1yWo2dfmxt5A8XVZVVMz2SSKaEbMCeJRvgQ0IaSlqhjT47p4hVIRRy90xw==}
+    engines: {node: '>=18.0.0'}
+
+  '@azure/core-paging@1.6.2':
+    resolution: {integrity: sha512-YKWi9YuCU04B55h25cnOYZHxXYtEvQEbKST5vqRga7hWY9ydd3FZHdeQF8pyh+acWZvppw13M/LMGx0LABUVMA==}
+    engines: {node: '>=18.0.0'}
+
+  '@azure/core-rest-pipeline@1.23.0':
+    resolution: {integrity: sha512-Evs1INHo+jUjwHi1T6SG6Ua/LHOQBCLuKEEE6efIpt4ZOoNonaT1kP32GoOcdNDbfqsD2445CPri3MubBy5DEQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/core-tracing@1.3.1':
+    resolution: {integrity: sha512-9MWKevR7Hz8kNzzPLfX4EAtGM2b8mr50HPDBvio96bURP/9C+HjdH3sBlLSNNrvRAr5/k/svoH457gB5IKpmwQ==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/core-util@1.13.1':
+    resolution: {integrity: sha512-XPArKLzsvl0Hf0CaGyKHUyVgF7oDnhKoP85Xv6M4StF/1AhfORhZudHtOyf2s+FcbuQ9dPRAjB8J2KvRRMUK2A==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/core-xml@1.5.1':
+    resolution: {integrity: sha512-xcNRHqCoSp4AunOALEae6A8f3qATb83gSrm31Iqb01OzblvC3/W/bfXozcq78EzIdzZzuH1bZ2NvRR0TdX709w==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/logger@1.3.0':
+    resolution: {integrity: sha512-fCqPIfOcLE+CGqGPd66c8bZpwAji98tZ4JI9i/mlTNTlsIWslCfpg48s/ypyLxZTump5sypjrKn2/kY7q8oAbA==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/storage-blob@12.31.0':
+    resolution: {integrity: sha512-DBgNv10aCSxopt92DkTDD0o9xScXeBqPKGmR50FPZQaEcH4JLQ+GEOGEDv19V5BMkB7kxr+m4h6il/cCDPvmHg==}
+    engines: {node: '>=20.0.0'}
+
+  '@azure/storage-common@12.3.0':
+    resolution: {integrity: sha512-/OFHhy86aG5Pe8dP5tsp+BuJ25JOAl9yaMU3WZbkeoiFMHFtJ7tu5ili7qEdBXNW9G5lDB19trwyI6V49F/8iQ==}
+    engines: {node: '>=20.0.0'}
+
   '@babel/code-frame@7.29.7':
     resolution: {integrity: sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==}
     engines: {node: '>=6.9.0'}
@@ -243,6 +739,10 @@ packages:
     peerDependencies:
       '@babel/core': ^7.0.0-0
 
+  '@babel/runtime@7.29.7':
+    resolution: {integrity: sha512-Nq8OhGWiZIZGV6hLHoyAKLLcJihP/xFeBMGJoUrxTX2psI8dCifzLhZISFb+VWS3wFMRDmCGw5R+dOySCqPLhw==}
+    engines: {node: '>=6.9.0'}
+
   '@babel/template@7.29.7':
     resolution: {integrity: sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==}
     engines: {node: '>=6.9.0'}
@@ -255,102 +755,273 @@ packages:
     resolution: {integrity: sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==}
     engines: {node: '>=6.9.0'}
 
+  '@bcoe/v8-coverage@0.2.3':
+    resolution: {integrity: sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==}
+
+  '@biomejs/biome@1.9.4':
+    resolution: {integrity: sha512-1rkd7G70+o9KkTn5KLmDYXihGoTaIGO9PIIN2ZB7UJxFrWw04CZHPYiMRjYsaDvVV7hP1dYNRLxSANLaBFGpog==}
+    engines: {node: '>=14.21.3'}
+    hasBin: true
+
+  '@biomejs/cli-darwin-arm64@1.9.4':
+    resolution: {integrity: sha512-bFBsPWrNvkdKrNCYeAp+xo2HecOGPAy9WyNyB/jKnnedgzl4W4Hb9ZMzYNbf8dMCGmUdSavlYHiR01QaYR58cw==}
+    engines: {node: '>=14.21.3'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@biomejs/cli-darwin-x64@1.9.4':
+    resolution: {integrity: sha512-ngYBh/+bEedqkSevPVhLP4QfVPCpb+4BBe2p7Xs32dBgs7rh9nY2AIYUL6BgLw1JVXV8GlpKmb/hNiuIxfPfZg==}
+    engines: {node: '>=14.21.3'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@biomejs/cli-linux-arm64-musl@1.9.4':
+    resolution: {integrity: sha512-v665Ct9WCRjGa8+kTr0CzApU0+XXtRgwmzIf1SeKSGAv+2scAlW6JR5PMFo6FzqqZ64Po79cKODKf3/AAmECqA==}
+    engines: {node: '>=14.21.3'}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
+  '@biomejs/cli-linux-arm64@1.9.4':
+    resolution: {integrity: sha512-fJIW0+LYujdjUgJJuwesP4EjIBl/N/TcOX3IvIHJQNsAqvV2CHIogsmA94BPG6jZATS4Hi+xv4SkBBQSt1N4/g==}
+    engines: {node: '>=14.21.3'}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
+  '@biomejs/cli-linux-x64-musl@1.9.4':
+    resolution: {integrity: sha512-gEhi/jSBhZ2m6wjV530Yy8+fNqG8PAinM3oV7CyO+6c3CEh16Eizm21uHVsyVBEB6RIM8JHIl6AGYCv6Q6Q9Tg==}
+    engines: {node: '>=14.21.3'}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
+  '@biomejs/cli-linux-x64@1.9.4':
+    resolution: {integrity: sha512-lRCJv/Vi3Vlwmbd6K+oQ0KhLHMAysN8lXoCI7XeHlxaajk06u7G+UsFSO01NAs5iYuWKmVZjmiOzJ0OJmGsMwg==}
+    engines: {node: '>=14.21.3'}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
+  '@biomejs/cli-win32-arm64@1.9.4':
+    resolution: {integrity: sha512-tlbhLk+WXZmgwoIKwHIHEBZUwxml7bRJgk0X2sPyNR3S93cdRq6XulAZRQJ17FYGGzWne0fgrXBKpl7l4M87Hg==}
+    engines: {node: '>=14.21.3'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@biomejs/cli-win32-x64@1.9.4':
+    resolution: {integrity: sha512-8Y5wMhVIPaWe6jw2H+KlEm4wP/f7EW3810ZLmDlrEEy5KvBsb9ECEfu/kMWD484ijfQ8+nIi0giMgu9g1UAuuA==}
+    engines: {node: '>=14.21.3'}
+    cpu: [x64]
+    os: [win32]
+
+  '@emnapi/core@1.10.0':
+    resolution: {integrity: sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw==}
+
+  '@emnapi/runtime@1.10.0':
+    resolution: {integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==}
+
+  '@emnapi/wasi-threads@1.2.1':
+    resolution: {integrity: sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w==}
+
+  '@esbuild/aix-ppc64@0.21.5':
+    resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [aix]
+
   '@esbuild/aix-ppc64@0.25.12':
     resolution: {integrity: sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==}
     engines: {node: '>=18'}
     cpu: [ppc64]
     os: [aix]
 
+  '@esbuild/android-arm64@0.21.5':
+    resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+
   '@esbuild/android-arm64@0.25.12':
     resolution: {integrity: sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==}
     engines: {node: '>=18'}
     cpu: [arm64]
     os: [android]
 
+  '@esbuild/android-arm@0.21.5':
+    resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+
   '@esbuild/android-arm@0.25.12':
     resolution: {integrity: sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==}
     engines: {node: '>=18'}
     cpu: [arm]
     os: [android]
 
+  '@esbuild/android-x64@0.21.5':
+    resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+
   '@esbuild/android-x64@0.25.12':
     resolution: {integrity: sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==}
     engines: {node: '>=18'}
     cpu: [x64]
     os: [android]
 
+  '@esbuild/darwin-arm64@0.21.5':
+    resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+
   '@esbuild/darwin-arm64@0.25.12':
     resolution: {integrity: sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==}
     engines: {node: '>=18'}
     cpu: [arm64]
     os: [darwin]
 
+  '@esbuild/darwin-x64@0.21.5':
+    resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+
   '@esbuild/darwin-x64@0.25.12':
     resolution: {integrity: sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==}
     engines: {node: '>=18'}
     cpu: [x64]
     os: [darwin]
 
+  '@esbuild/freebsd-arm64@0.21.5':
+    resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+
   '@esbuild/freebsd-arm64@0.25.12':
     resolution: {integrity: sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==}
     engines: {node: '>=18'}
     cpu: [arm64]
     os: [freebsd]
 
+  '@esbuild/freebsd-x64@0.21.5':
+    resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+
   '@esbuild/freebsd-x64@0.25.12':
     resolution: {integrity: sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==}
     engines: {node: '>=18'}
     cpu: [x64]
     os: [freebsd]
 
+  '@esbuild/linux-arm64@0.21.5':
+    resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+
   '@esbuild/linux-arm64@0.25.12':
     resolution: {integrity: sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==}
     engines: {node: '>=18'}
     cpu: [arm64]
     os: [linux]
 
+  '@esbuild/linux-arm@0.21.5':
+    resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+
   '@esbuild/linux-arm@0.25.12':
     resolution: {integrity: sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==}
     engines: {node: '>=18'}
     cpu: [arm]
     os: [linux]
 
+  '@esbuild/linux-ia32@0.21.5':
+    resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+
   '@esbuild/linux-ia32@0.25.12':
     resolution: {integrity: sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==}
     engines: {node: '>=18'}
     cpu: [ia32]
     os: [linux]
 
+  '@esbuild/linux-loong64@0.21.5':
+    resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
+    engines: {node: '>=12'}
+    cpu: [loong64]
+    os: [linux]
+
   '@esbuild/linux-loong64@0.25.12':
     resolution: {integrity: sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==}
     engines: {node: '>=18'}
     cpu: [loong64]
     os: [linux]
 
+  '@esbuild/linux-mips64el@0.21.5':
+    resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+
   '@esbuild/linux-mips64el@0.25.12':
     resolution: {integrity: sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==}
     engines: {node: '>=18'}
     cpu: [mips64el]
     os: [linux]
 
+  '@esbuild/linux-ppc64@0.21.5':
+    resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+
   '@esbuild/linux-ppc64@0.25.12':
     resolution: {integrity: sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==}
     engines: {node: '>=18'}
     cpu: [ppc64]
     os: [linux]
 
+  '@esbuild/linux-riscv64@0.21.5':
+    resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+
   '@esbuild/linux-riscv64@0.25.12':
     resolution: {integrity: sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==}
     engines: {node: '>=18'}
     cpu: [riscv64]
     os: [linux]
 
+  '@esbuild/linux-s390x@0.21.5':
+    resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+
   '@esbuild/linux-s390x@0.25.12':
     resolution: {integrity: sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==}
     engines: {node: '>=18'}
     cpu: [s390x]
     os: [linux]
 
+  '@esbuild/linux-x64@0.21.5':
+    resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+
   '@esbuild/linux-x64@0.25.12':
     resolution: {integrity: sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==}
     engines: {node: '>=18'}
@@ -363,6 +1034,12 @@ packages:
     cpu: [arm64]
     os: [netbsd]
 
+  '@esbuild/netbsd-x64@0.21.5':
+    resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+
   '@esbuild/netbsd-x64@0.25.12':
     resolution: {integrity: sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==}
     engines: {node: '>=18'}
@@ -375,6 +1052,12 @@ packages:
     cpu: [arm64]
     os: [openbsd]
 
+  '@esbuild/openbsd-x64@0.21.5':
+    resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+
   '@esbuild/openbsd-x64@0.25.12':
     resolution: {integrity: sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==}
     engines: {node: '>=18'}
@@ -387,30 +1070,62 @@ packages:
     cpu: [arm64]
     os: [openharmony]
 
+  '@esbuild/sunos-x64@0.21.5':
+    resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+
   '@esbuild/sunos-x64@0.25.12':
     resolution: {integrity: sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==}
     engines: {node: '>=18'}
     cpu: [x64]
     os: [sunos]
 
+  '@esbuild/win32-arm64@0.21.5':
+    resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+
   '@esbuild/win32-arm64@0.25.12':
     resolution: {integrity: sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==}
     engines: {node: '>=18'}
     cpu: [arm64]
     os: [win32]
 
+  '@esbuild/win32-ia32@0.21.5':
+    resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+
   '@esbuild/win32-ia32@0.25.12':
     resolution: {integrity: sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==}
     engines: {node: '>=18'}
     cpu: [ia32]
     os: [win32]
 
+  '@esbuild/win32-x64@0.21.5':
+    resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+
   '@esbuild/win32-x64@0.25.12':
     resolution: {integrity: sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==}
     engines: {node: '>=18'}
     cpu: [x64]
     os: [win32]
 
+  '@isaacs/cliui@8.0.2':
+    resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
+    engines: {node: '>=12'}
+
+  '@istanbuljs/schema@0.1.6':
+    resolution: {integrity: sha512-+Sg6GCR/wy1oSmQDFq4LQDAhm3ETKnorxN+y5nbLULOR3P0c14f2Wurzj3/xqPXtasLFfHd5iRFQ7AJt4KH2cw==}
+    engines: {node: '>=8'}
+
   '@jridgewell/gen-mapping@0.3.13':
     resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==}
 
@@ -427,6 +1142,382 @@ packages:
   '@jridgewell/trace-mapping@0.3.31':
     resolution: {integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==}
 
+  '@lmstudio/lms-isomorphic@0.4.6':
+    resolution: {integrity: sha512-v0LIjXKnDe3Ff3XZO5eQjlVxTjleUHXaom14MV7QU9bvwaoo3l5p71+xJ3mmSaqZq370CQ6pTKCn1Bb7Jf+VwQ==}
+
+  '@lmstudio/sdk@1.5.0':
+    resolution: {integrity: sha512-fdY12x4hb14PEjYijh7YeCqT1ZDY5Ok6VR4l4+E/dI+F6NW8oB+P83Sxed5vqE4XgTzbgyPuSR2ZbMNxxF+6jA==}
+
+  '@napi-rs/wasm-runtime@1.1.4':
+    resolution: {integrity: sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow==}
+    peerDependencies:
+      '@emnapi/core': ^1.7.1
+      '@emnapi/runtime': ^1.7.1
+
+  '@nodable/entities@2.1.1':
+    resolution: {integrity: sha512-Pig3HxDIoMgjdEH8OCf/dkcTmLFjJRjWuq8jSnklu284/TKOPibSRERmOykiwmyXTtv61mP+44f3GMx0tLAyjg==}
+
+  '@opentelemetry/api-logs@0.57.2':
+    resolution: {integrity: sha512-uIX52NnTM0iBh84MShlpouI7UKqkZ7MrUszTmaypHBu4r7NofznSnQRfJ+uUeDtQDj6w8eFGg5KBLDAwAPz1+A==}
+    engines: {node: '>=14'}
+
+  '@opentelemetry/api@1.9.1':
+    resolution: {integrity: sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==}
+    engines: {node: '>=8.0.0'}
+
+  '@opentelemetry/context-async-hooks@1.30.1':
+    resolution: {integrity: sha512-s5vvxXPVdjqS3kTLKMeBMvop9hbWkwzBpu+mUO2M7sZtlkyDJGwFe33wRKnbaYDo8ExRVBIIdwIGrqpxHuKttA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/core@1.30.1':
+    resolution: {integrity: sha512-OOCM2C/QIURhJMuKaekP3TRBxBKxG/TWWA0TL2J6nXUtDnuCtccy49LUJF8xPFXMX+0LMcxFpCo8M9cGY1W6rQ==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/exporter-metrics-otlp-http@0.57.2':
+    resolution: {integrity: sha512-ttb9+4iKw04IMubjm3t0EZsYRNWr3kg44uUuzfo9CaccYlOh8cDooe4QObDUkvx9d5qQUrbEckhrWKfJnKhemA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': ^1.3.0
+
+  '@opentelemetry/exporter-trace-otlp-http@0.57.2':
+    resolution: {integrity: sha512-sB/gkSYFu+0w2dVQ0PWY9fAMl172PKMZ/JrHkkW8dmjCL0CYkmXeE+ssqIL/yBUTPOvpLIpenX5T9RwXRBW/3g==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': ^1.3.0
+
+  '@opentelemetry/otlp-exporter-base@0.57.2':
+    resolution: {integrity: sha512-XdxEzL23Urhidyebg5E6jZoaiW5ygP/mRjxLHixogbqwDy2Faduzb5N0o/Oi+XTIJu+iyxXdVORjXax+Qgfxag==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': ^1.3.0
+
+  '@opentelemetry/otlp-transformer@0.57.2':
+    resolution: {integrity: sha512-48IIRj49gbQVK52jYsw70+Jv+JbahT8BqT2Th7C4H7RCM9d0gZ5sgNPoMpWldmfjvIsSgiGJtjfk9MeZvjhoig==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': ^1.3.0
+
+  '@opentelemetry/propagator-b3@1.30.1':
+    resolution: {integrity: sha512-oATwWWDIJzybAZ4pO76ATN5N6FFbOA1otibAVlS8v90B4S1wClnhRUk7K+2CHAwN1JKYuj4jh/lpCEG5BAqFuQ==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/propagator-jaeger@1.30.1':
+    resolution: {integrity: sha512-Pj/BfnYEKIOImirH76M4hDaBSx6HyZ2CXUqk+Kj02m6BB80c/yo4BdWkn/1gDFfU+YPY+bPR2U0DKBfdxCKwmg==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/resources@1.30.1':
+    resolution: {integrity: sha512-5UxZqiAgLYGFjS4s9qm5mBVo433u+dSPUFWVWXmLAD4wB65oMCoXaJP1KJa9DIYYMeHu3z4BZcStG3LC593cWA==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/sdk-logs@0.57.2':
+    resolution: {integrity: sha512-TXFHJ5c+BKggWbdEQ/inpgIzEmS2BGQowLE9UhsMd7YYlUfBQJ4uax0VF/B5NYigdM/75OoJGhAV3upEhK+3gg==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.4.0 <1.10.0'
+
+  '@opentelemetry/sdk-metrics@1.30.1':
+    resolution: {integrity: sha512-q9zcZ0Okl8jRgmy7eNW3Ku1XSgg3sDLa5evHZpCwjspw7E8Is4K/haRPDJrBcX3YSn/Y7gUvFnByNYEKQNbNog==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.3.0 <1.10.0'
+
+  '@opentelemetry/sdk-trace-base@1.30.1':
+    resolution: {integrity: sha512-jVPgBbH1gCy2Lb7X0AVQ8XAfgg0pJ4nvl8/IiQA6nxOsPvS+0zMJaFSs2ltXe0J6C8dqjcnpyqINDJmU30+uOg==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/sdk-trace-node@1.30.1':
+    resolution: {integrity: sha512-cBjYOINt1JxXdpw1e5MlHmFRc5fgj4GW/86vsKFxJCJ8AL4PdVtYH41gWwl4qd4uQjqEL1oJVrXkSy5cnduAnQ==}
+    engines: {node: '>=14'}
+    peerDependencies:
+      '@opentelemetry/api': '>=1.0.0 <1.10.0'
+
+  '@opentelemetry/semantic-conventions@1.28.0':
+    resolution: {integrity: sha512-lp4qAiMTD4sNWW4DbKLBkfiMZ4jbAboJIGOQr5DvciMRI494OapieI9qiODpOt0XBr1LjIDy1xAGAnVs5supTA==}
+    engines: {node: '>=14'}
+
+  '@opentelemetry/semantic-conventions@1.41.1':
+    resolution: {integrity: sha512-/UhIkaZgPutTFmQ7RnIJGgDXZmtEJ7Dvi86xNTFWcnRxVRNk/aotsqDJYeEvDP+FSMB2SdW+pQzNMcWP0rwuNA==}
+    engines: {node: '>=14'}
+
+  '@oxc-parser/binding-android-arm-eabi@0.130.0':
+    resolution: {integrity: sha512-h/xYU8/7ADWzVSf5I+YalLpj33LOy9CI/zgbJNIZ5eunRBG+Czqa3lZsvuPHHf3rOt6z1c5+UzoxjbAzAvhwVw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm]
+    os: [android]
+
+  '@oxc-parser/binding-android-arm64@0.130.0':
+    resolution: {integrity: sha512-oFWFJrsGv9siFM4HjMqKNB7IuIZD/SMmZdCXl8xyx7lDplGvPKyewpOo272rSWgMXe2Wx7bWI0Yj+gkHv4qbeg==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [android]
+
+  '@oxc-parser/binding-darwin-arm64@0.130.0':
+    resolution: {integrity: sha512-sGUzupdTplK9jQg7eJZ878HfEgQjJNBc6dAYVWJ9W5aU+J8rLfRJhTVsKThiu1pNwm6Y1qKCcbC6WhNWSXR3Ig==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@oxc-parser/binding-darwin-x64@0.130.0':
+    resolution: {integrity: sha512-PsB4cdCISbC00Uy8eiD8bc2AkGWjZqrSrJnkBFuG2ptrrf6mZ2F5gLFSjOAVMMgZPg8B1D7OydJwLWSfyI2Plg==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [x64]
+    os: [darwin]
+
+  '@oxc-parser/binding-freebsd-x64@0.130.0':
+    resolution: {integrity: sha512-DgABp3l38hS77JbXCV4qk1+n6DPym5u8zzwuweokezm2tX194nDSJDENbDRECxVsiNbprKATLbk+Z5wlHT0OHw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@oxc-parser/binding-linux-arm-gnueabihf@0.130.0':
+    resolution: {integrity: sha512-4Kn3CTEmwFrzhTSC/JuUW16qovmaMdX7jeSKbL8w0pLtLww7To1a2XJi9Z5uD8QWUkfUHhqfV+VD6dVzBnWzoA==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm]
+    os: [linux]
+
+  '@oxc-parser/binding-linux-arm-musleabihf@0.130.0':
+    resolution: {integrity: sha512-D35KZM3F4rRu1uAFKyBlg3Gaf/ybCjyaPR1hfgvk5ex8NtcTmRgc0JgSighEyNg96TPrFhemFba68SZuxaha8w==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm]
+    os: [linux]
+
+  '@oxc-parser/binding-linux-arm64-gnu@0.130.0':
+    resolution: {integrity: sha512-Q9o7oVlo955KHwS8l1u0bCzIx+JsZUA3XToLXC+MsMhye/9LeBQbt84nh120cl2XLy+TEzvugYDiHShg5yaX6Q==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-parser/binding-linux-arm64-musl@0.130.0':
+    resolution: {integrity: sha512-EiJ/gC0ljbcwVpycC8YWw6ggMbtsPX8XMOt0mPx0aqWeMsNR+L9m05Flbvd5T+GlivG+GkSWQL7tM9SRFpM/dw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-parser/binding-linux-ppc64-gnu@0.130.0':
+    resolution: {integrity: sha512-b+h/lsLLurp756dMGizNs5uPaJfyEdWrTcV5t8M609jWm1DEHB1StpRXCkyvwtkJx3m+qL5BNQ0dEKan/4yGFA==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-parser/binding-linux-riscv64-gnu@0.130.0':
+    resolution: {integrity: sha512-O19Cil83XAyjEFfo8WhkMwY58ALqZ7ckjGL+25mjMIuF84urWBeANH0FC8B8BsSSygWU3/1aY3ADdDbp+wlBnw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-parser/binding-linux-riscv64-musl@0.130.0':
+    resolution: {integrity: sha512-BgXRVC0+83n3YzCscLQjj6nbyeBIVeZYPTI4fFMAE4WNm2+4RXhWp03IVizL7esIz36kgmT48aebk1iM+cs8sw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-parser/binding-linux-s390x-gnu@0.130.0':
+    resolution: {integrity: sha512-6tJz0xvnGhsokE7N1WlUSBXibpYmT9xSJFS1Ce41Km/+8gQvdlW8MLhRv8PD0L7ix8vRG0FDDepp3jdOFzdVdw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [s390x]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-parser/binding-linux-x64-gnu@0.130.0':
+    resolution: {integrity: sha512-9aCWj83dp3heTQGmGnZGdIWgxjZrr/7VQ0TGFHH5PKByxJKF2Hcr4qvaSUHhhGEa3MSsDjTL1YDP8RAgdL5/Cg==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-parser/binding-linux-x64-musl@0.130.0':
+    resolution: {integrity: sha512-afXt87aZBqrUVli8TB/I8H1G50RDWcwirjWtXGXYqJ2ZqWEiErH7V72j3LUSDZaivmtu2OLX0KQ/mbhP81mr7A==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-parser/binding-openharmony-arm64@0.130.0':
+    resolution: {integrity: sha512-I0NCrZV/YZuCGWgqwNN/GO/iXlLF2z+Wgc7u+Aa9N4P51oYeIa0XT+zVBUne4csO9GqxskXgI4g8JzzWGRpfOw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [openharmony]
+
+  '@oxc-parser/binding-wasm32-wasi@0.130.0':
+    resolution: {integrity: sha512-sJgQkGaBX0WJvPUDfwciex6IcTk5O5NLQ1bhEb6f3nBruh1GshKMRSMt2bxZlYrgBzjyBbJzsnO+InPG0bg+fA==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [wasm32]
+
+  '@oxc-parser/binding-win32-arm64-msvc@0.130.0':
+    resolution: {integrity: sha512-bjcma99sQrNh6RY4mPO9yTkfxql6TDFoN3HWdK31RCKXwNhcDgJXW/l8PUtzKNiQ+9vpKJfJtQq+LklBuxSOBA==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [arm64]
+    os: [win32]
+
+  '@oxc-parser/binding-win32-ia32-msvc@0.130.0':
+    resolution: {integrity: sha512-hRYbv6HhpSTzT4xTiIkadLI7upLQxuOdLPR/9nL1fTjwhgutBTPXrwaAPb/jTFVx6/8C7Jb5HcUKhmNwloTbFA==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [ia32]
+    os: [win32]
+
+  '@oxc-parser/binding-win32-x64-msvc@0.130.0':
+    resolution: {integrity: sha512-RBpA9TsRucJq6HNVNCFF1iKg+QeTkLdZf7hi4xaOGCPvMZWvDHjQgSOEZMUpuW4JNciHbxNhLEYmz5CVygjVGQ==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    cpu: [x64]
+    os: [win32]
+
+  '@oxc-project/types@0.130.0':
+    resolution: {integrity: sha512-ibD2usx9JRu7f5pu2tMKMI4cpA4NgXJQoYRP4pQ7Pxmn1l6k/53qWtQWZayhYy3X4QZkt90Ot+mJEaeXouio6Q==}
+
+  '@oxc-resolver/binding-android-arm-eabi@11.20.0':
+    resolution: {integrity: sha512-IjfWOXRgJFNdORDl+Uf1aibNgZY2guOD3zmOhx1BGVb/MIiqlFTdmjpQNplSN58lhWehnX4UNqC3QwpUo8pjJg==}
+    cpu: [arm]
+    os: [android]
+
+  '@oxc-resolver/binding-android-arm64@11.20.0':
+    resolution: {integrity: sha512-QqslZAuFQG8Q9xm7JuIn8JUbvywhSBMVhuQHtYW+auirZJloS41oxUUaBXk7uUhZJgp44c5zQLeVvmFaDQB+2Q==}
+    cpu: [arm64]
+    os: [android]
+
+  '@oxc-resolver/binding-darwin-arm64@11.20.0':
+    resolution: {integrity: sha512-MUcavykj2ewlR+kc5arpg4tC2RvzJkUxWtNv74pf7lcNk00GpIpN43vXMj+j6r4eMmfZhlb8hueKoIb8e9kAGQ==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@oxc-resolver/binding-darwin-x64@11.20.0':
+    resolution: {integrity: sha512-BGB16nRUK5Etiv//ihPyzj8Lj1px0mhh4YIfe0FDf045ywknfSm0GEbiRESpr6Q4K82AvnyaRIhhluHByvS4bg==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@oxc-resolver/binding-freebsd-x64@11.20.0':
+    resolution: {integrity: sha512-JZgtePaqj3qmD5XFHJaSLWzHRxQu0LaPkdoM1KJXYADvAaa83ijXHclV3ej3CueeW0wxfIAbGCZVP45J0CA7uQ==}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@oxc-resolver/binding-linux-arm-gnueabihf@11.20.0':
+    resolution: {integrity: sha512-hOQ/p3ry3v3SchUBXicrrnszaI/UmYzM4wtS4RGfwgVUX7a+HbyQSzJ5aOzu+o6XZkFkS3ZXN4PZAzhOb77OSg==}
+    cpu: [arm]
+    os: [linux]
+
+  '@oxc-resolver/binding-linux-arm-musleabihf@11.20.0':
+    resolution: {integrity: sha512-2ArPksaw0AqeuGBfoS715VF+JvJQAhD2niWgjE5hVO+L+nAfikVQopvngCMX9x4BD8itWoQ3dnikrQyl5Ho5Jg==}
+    cpu: [arm]
+    os: [linux]
+
+  '@oxc-resolver/binding-linux-arm64-gnu@11.20.0':
+    resolution: {integrity: sha512-0bJnmYFp62JdZ4nVMDUZ/C58BCZOCcqgKtnUlp7L9Ojf/czIN+3j72YlLPeWLkzlr6SlYvIQA4SGV/HyO0d+qg==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-resolver/binding-linux-arm64-musl@11.20.0':
+    resolution: {integrity: sha512-wKHHzPKZo7Ufhv/Bt6yxT7FOgnIgW4gwXcJUipkShGp68W3wGVqvr1Sr0fY65lN0Oy6y41+g2kIDvkgZaMMUkw==}
+    cpu: [arm64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-resolver/binding-linux-ppc64-gnu@11.20.0':
+    resolution: {integrity: sha512-RN8goF7Ie0B79L4i4G6OeBocTgSC56vJbQ65VJje+oXnldVpLnOU7j/AQ/dP94TcCS+Yh6WG8u3Qt4ETteXFNQ==}
+    cpu: [ppc64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-resolver/binding-linux-riscv64-gnu@11.20.0':
+    resolution: {integrity: sha512-5l1yU6/xQEqLZRzxqmMxJfWPslpwCmBsdDGaBvABPehxquCXDC7dd7oraNdKSJUMDXSM7VvVj8H2D2FTjU7oWw==}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-resolver/binding-linux-riscv64-musl@11.20.0':
+    resolution: {integrity: sha512-xHEvkbgz6UC+A3JOyDQy76LkUaxsNSfIr3/GV8slwZsnuooJiIB34gzJfsyvR4JdCYNUUPsRJc/w/oWkODu+hg==}
+    cpu: [riscv64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-resolver/binding-linux-s390x-gnu@11.20.0':
+    resolution: {integrity: sha512-aWPDUUmSeyHvlW+SoEUd+JIJsQhVhu6a5tBpDRMu058naPAchTgAVGCFy35zjbnFlt0i8hLWziff6HX0D3LU4g==}
+    cpu: [s390x]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-resolver/binding-linux-x64-gnu@11.20.0':
+    resolution: {integrity: sha512-x2YeSimvhJjKLVD8KSu8f/rqU1potcdEMkApIPJqjZWN7c2Fpt4g2X32WDg1p+XDAmyT7nuQGe0vnhvXeLbH+g==}
+    cpu: [x64]
+    os: [linux]
+    libc: [glibc]
+
+  '@oxc-resolver/binding-linux-x64-musl@11.20.0':
+    resolution: {integrity: sha512-kcRLEIxpZefeYfLChjpgFf3ilBzRDZ+yobMrpRsQlSrxuFGtm3U6PMU7AaEpMqo3NfDGVyJJseAjnRLzMFHjwQ==}
+    cpu: [x64]
+    os: [linux]
+    libc: [musl]
+
+  '@oxc-resolver/binding-openharmony-arm64@11.20.0':
+    resolution: {integrity: sha512-HHcfnApSZGtKhTiHqe8OZruOZe5XuFQH5/E0Yhj3u8fnFvzkM4/k6WjacUf4SvA0SPEAbfbgYmVPuo0VX/fIBQ==}
+    cpu: [arm64]
+    os: [openharmony]
+
+  '@oxc-resolver/binding-wasm32-wasi@11.20.0':
+    resolution: {integrity: sha512-Tn0y1XOFYHNfK1wp1Z5QK8Rcld/bsOwRISQXfqAZ5IBpv8Gz1IvV39fUWNprqNdRizgcvFhOzWwFun2zkJsyBg==}
+    engines: {node: '>=14.0.0'}
+    cpu: [wasm32]
+
+  '@oxc-resolver/binding-win32-arm64-msvc@11.20.0':
+    resolution: {integrity: sha512-qPi25YNPe4YenS8MgsQU2+bIFHxxpLx1LVna2444cEHqNPhNjvWf9zqj4aWE43H9LpAsTmkkAlA3eL5ElBU3mA==}
+    cpu: [arm64]
+    os: [win32]
+
+  '@oxc-resolver/binding-win32-x64-msvc@11.20.0':
+    resolution: {integrity: sha512-Wb14jWEW8huH6It9F6sXd9vrYmIS7pMrgkU6sxpLxkP+9z+wRgs71hUEhRpcn8FOXAFa27FVWfY2tRpbfTzfLw==}
+    cpu: [x64]
+    os: [win32]
+
+  '@pkgjs/parseargs@0.11.0':
+    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
+    engines: {node: '>=14'}
+
+  '@protobufjs/aspromise@1.1.2':
+    resolution: {integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==}
+
+  '@protobufjs/base64@1.1.2':
+    resolution: {integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==}
+
+  '@protobufjs/codegen@2.0.5':
+    resolution: {integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==}
+
+  '@protobufjs/eventemitter@1.1.1':
+    resolution: {integrity: sha512-vW1GmwMZNnL+gMRaovlh9yZX74kc+TTU3FObkkurpMaRtBfLP3ldjS9KQWlwZgraRE0+dheEEoAxdzcJQ8eXZg==}
+
+  '@protobufjs/fetch@1.1.1':
+    resolution: {integrity: sha512-GpptLrs57adMSuHi3VNj0mAF8dwh36LMaYF6XyJ6JMWlVsc+t42tm1HSEDmOs3A8fC9yyeisgLhsTVQokOZ0zw==}
+
+  '@protobufjs/float@1.0.2':
+    resolution: {integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==}
+
+  '@protobufjs/inquire@1.1.2':
+    resolution: {integrity: sha512-pa0vFRuws4wkvaXKK1uXZMAwAX4/t8ANaJo45iw/oQHNQ9q5xUzwgFmVJGXiga2BeN+zpX7Vf9vmsiIa2J+MUw==}
+
+  '@protobufjs/path@1.1.2':
+    resolution: {integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==}
+
+  '@protobufjs/pool@1.1.0':
+    resolution: {integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==}
+
+  '@protobufjs/utf8@1.1.1':
+    resolution: {integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==}
+
   '@rolldown/pluginutils@1.0.0-beta.27':
     resolution: {integrity: sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==}
 
@@ -568,6 +1659,45 @@ packages:
     cpu: [x64]
     os: [win32]
 
+  '@smithy/core@3.24.5':
+    resolution: {integrity: sha512-Kt8phUg45M15EjhYAbZ+fFikYneijLu9Liugz8ZsYz2i8j0hzGv27LWKpEHYRfvj+LyCOSijpcR/2i8RouV+cA==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/credential-provider-imds@4.3.5':
+    resolution: {integrity: sha512-yiF8xHpdkaTfzLVqFzsP6WvNghEK+qZzLYWFD13L2SsFhbXwBGlxdocKF95qjr7s5lE5NRage+EJFK4mAsx88Q==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/fetch-http-handler@5.4.5':
+    resolution: {integrity: sha512-SK3VMeH0fibgdTg2QeB+O4p7Yy/2E5HBOHJeC58FshkDdeuX8lOgO7PfjYfLyPLP1ch55j91cQqKBzDS0mRjSQ==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/is-array-buffer@2.2.0':
+    resolution: {integrity: sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==}
+    engines: {node: '>=14.0.0'}
+
+  '@smithy/node-http-handler@4.7.5':
+    resolution: {integrity: sha512-3dA9TQ+ybRSZ/m0wnbZhiBy4Dezjgq1Ib/ZZrYTpJDBgpoLLU/SDzZc/g0x0MNAdOJe1wPcM+x2PBRmoOur+Sw==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/signature-v4@5.4.5':
+    resolution: {integrity: sha512-QBJKWGqIknH0dc9LWpfH1mkdokAx6iXYN3UcQ3eY6uIEyScuoQAhfl94ge7ozUy9WgFUdE8xsvwBjaYBbWmPNA==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/types@4.14.2':
+    resolution: {integrity: sha512-P+otAxbV4CqBybp7EkcJCrig63yE2E7PuNVOmilVMRcx/O+QDzGULTrKsq4DV13gSfak9ObPrWaHl/9bL5YcWw==}
+    engines: {node: '>=18.0.0'}
+
+  '@smithy/util-buffer-from@2.2.0':
+    resolution: {integrity: sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==}
+    engines: {node: '>=14.0.0'}
+
+  '@smithy/util-utf8@2.3.0':
+    resolution: {integrity: sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==}
+    engines: {node: '>=14.0.0'}
+
+  '@tybys/wasm-util@0.10.2':
+    resolution: {integrity: sha512-RoBvJ2X0wuKlWFIjrwffGw1IqZHKQqzIchKaadZZfnNpsAYp2mM0h36JtPCjNDAHGgYez/15uMBpfGwchhiMgg==}
+
   '@types/babel__core@7.20.5':
     resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
 
@@ -583,6 +1713,9 @@ packages:
   '@types/estree@1.0.8':
     resolution: {integrity: sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==}
 
+  '@types/node@22.19.19':
+    resolution: {integrity: sha512-dyh/xO2Fh5bYrfWaaqGrRQQGkNdmYw6AmaAUvYeUMNTWQtvb796ikLdmTchRmOlOiIJ1TDXfWgVx1QkUlQ6Hew==}
+
   '@types/prop-types@15.7.15':
     resolution: {integrity: sha512-F6bEyamV9jKGAFBEmlQnesRPGOQqS2+Uwi0Em15xenOxHaf2hv6L8YCVn3rPdPJOiJfPiCnLIRyvwVaqMY3MIw==}
 
@@ -594,28 +1727,177 @@ packages:
   '@types/react@18.3.29':
     resolution: {integrity: sha512-ch0qJdr2JY0r04NXSprbK6TXOgnaJ1Tz23fm5W+z0/CBah6BSBc3n96h7K9GOtwh0HrilNWHIBzE1Ko4Dcw/Wg==}
 
+  '@types/react@19.2.15':
+    resolution: {integrity: sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q==}
+
+  '@typespec/ts-http-runtime@0.3.5':
+    resolution: {integrity: sha512-yURCknZhvywvQItHMMmFSo+fq5arCUIyz/CVk7jD89MSai7dkaX8ufjCWp3NttLojoTVbcE72ri+be/TnEbMHw==}
+    engines: {node: '>=20.0.0'}
+
   '@vitejs/plugin-react@4.7.0':
     resolution: {integrity: sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
       vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0
 
+  '@vitest/coverage-v8@2.1.9':
+    resolution: {integrity: sha512-Z2cOr0ksM00MpEfyVE8KXIYPEcBFxdbLSs56L8PO0QQMxt/6bDj45uQfxoc96v05KW3clk7vvgP0qfDit9DmfQ==}
+    peerDependencies:
+      '@vitest/browser': 2.1.9
+      vitest: 2.1.9
+    peerDependenciesMeta:
+      '@vitest/browser':
+        optional: true
+
+  '@vitest/expect@2.1.9':
+    resolution: {integrity: sha512-UJCIkTBenHeKT1TTlKMJWy1laZewsRIzYighyYiJKZreqtdxSos/S1t+ktRMQWu2CKqaarrkeszJx1cgC5tGZw==}
+
+  '@vitest/mocker@2.1.9':
+    resolution: {integrity: sha512-tVL6uJgoUdi6icpxmdrn5YNo3g3Dxv+IHJBr0GXHaEdTcw3F+cPKnsXFhli6nO+f/6SDKPHEK1UN+k+TQv0Ehg==}
+    peerDependencies:
+      msw: ^2.4.9
+      vite: ^5.0.0
+    peerDependenciesMeta:
+      msw:
+        optional: true
+      vite:
+        optional: true
+
+  '@vitest/pretty-format@2.1.9':
+    resolution: {integrity: sha512-KhRIdGV2U9HOUzxfiHmY8IFHTdqtOhIzCpd8WRdJiE7D/HUcZVD0EgQCVjm+Q9gkUXWgBvMmTtZgIG48wq7sOQ==}
+
+  '@vitest/runner@2.1.9':
+    resolution: {integrity: sha512-ZXSSqTFIrzduD63btIfEyOmNcBmQvgOVsPNPe0jYtESiXkhd8u2erDLnMxmGrDCwHCCHE7hxwRDCT3pt0esT4g==}
+
+  '@vitest/snapshot@2.1.9':
+    resolution: {integrity: sha512-oBO82rEjsxLNJincVhLhaxxZdEtV0EFHMK5Kmx5sJ6H9L183dHECjiefOAdnqpIgT5eZwT04PoggUnW88vOBNQ==}
+
+  '@vitest/spy@2.1.9':
+    resolution: {integrity: sha512-E1B35FwzXXTs9FHNK6bDszs7mtydNi5MIfUWpceJ8Xbfb1gBMscAnwLbEu+B44ed6W3XjL9/ehLPHR1fkf1KLQ==}
+
+  '@vitest/utils@2.1.9':
+    resolution: {integrity: sha512-v0psaMSkNJ3A2NMrUEHFRzJtDPFn+/VWZ5WxImB21T9fjucJRmS7xCS3ppEnARb9y11OAzaD+P2Ps+b+BGX5iQ==}
+
+  agent-base@7.1.4:
+    resolution: {integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==}
+    engines: {node: '>= 14'}
+
+  ansi-escapes@7.3.0:
+    resolution: {integrity: sha512-BvU8nYgGQBxcmMuEeUEmNTvrMVjJNSH7RgW24vXexN4Ven6qCvy4TntnvlnwnMLTVlcRQQdbRY8NKnaIoeWDNg==}
+    engines: {node: '>=18'}
+
+  ansi-regex@5.0.1:
+    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
+    engines: {node: '>=8'}
+
+  ansi-regex@6.2.2:
+    resolution: {integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==}
+    engines: {node: '>=12'}
+
+  ansi-styles@4.3.0:
+    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
+    engines: {node: '>=8'}
+
+  ansi-styles@6.2.3:
+    resolution: {integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==}
+    engines: {node: '>=12'}
+
+  assertion-error@2.0.1:
+    resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
+    engines: {node: '>=12'}
+
+  auto-bind@5.0.1:
+    resolution: {integrity: sha512-ooviqdwwgfIfNmDwo94wlshcdzfO64XV0Cg6oDsDYBJfITDz1EngD2z7DkbvCWn+XIMsIqW27sEVF6qcpJrRcg==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  balanced-match@1.0.2:
+    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
+
+  balanced-match@4.0.4:
+    resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
+    engines: {node: 18 || 20 || >=22}
+
   baseline-browser-mapping@2.10.32:
     resolution: {integrity: sha512-wbPvpyjJPC0zdfdKXxqEL3Ea+bOMD/87X4lftiJkkaBiuG6ALQy1SLmEd7BSmVCuwCQsBrCamgBoLyfFDD1EPg==}
     engines: {node: '>=6.0.0'}
     hasBin: true
 
+  bowser@2.14.1:
+    resolution: {integrity: sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==}
+
+  brace-expansion@2.1.1:
+    resolution: {integrity: sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==}
+
+  brace-expansion@5.0.6:
+    resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
+    engines: {node: 18 || 20 || >=22}
+
   browserslist@4.28.2:
     resolution: {integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==}
     engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
     hasBin: true
 
+  cac@6.7.14:
+    resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==}
+    engines: {node: '>=8'}
+
   caniuse-lite@1.0.30001793:
     resolution: {integrity: sha512-iwSsYWaCOoh26cV8NwNRViHlrfUvYsHDfRVcbtmw0Kg6PJIZZXwMkj1442FYLBGkeUf1juAsU3DTfxW579mrPA==}
 
+  chai@5.3.3:
+    resolution: {integrity: sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==}
+    engines: {node: '>=18'}
+
+  chalk@4.1.2:
+    resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
+    engines: {node: '>=10'}
+
+  chalk@5.6.2:
+    resolution: {integrity: sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==}
+    engines: {node: ^12.17.0 || ^14.13 || >=16.0.0}
+
+  check-error@2.1.3:
+    resolution: {integrity: sha512-PAJdDJusoxnwm1VwW07VWwUN1sl7smmC3OKggvndJFadxxDRyFJBX/ggnu/KE4kQAB7a3Dp8f/YXC1FlUprWmA==}
+    engines: {node: '>= 16'}
+
+  cli-boxes@4.0.1:
+    resolution: {integrity: sha512-5IOn+jcCEHEraYolBPs/sT4BxYCe2nHg374OPiItB1O96KZFseS2gthU4twyYzeDcFew4DaUM/xwc5BQf08JJw==}
+    engines: {node: '>=18.20 <19 || >=20.10'}
+
+  cli-cursor@4.0.0:
+    resolution: {integrity: sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  cli-truncate@6.0.0:
+    resolution: {integrity: sha512-3+YKIUFsohD9MIoOFPFBldjAlnfCmCDcqe6aYGFqlDTRKg80p4wg35L+j83QQ63iOlKRccEkbn8IuM++HsgEjA==}
+    engines: {node: '>=22'}
+
+  code-excerpt@4.0.0:
+    resolution: {integrity: sha512-xxodCmBen3iy2i0WtAK8FlFNrRzjUqjRsMfho58xT/wvZU1YTM3fCnRjcy1gJPMepaRlgm/0e6w8SpWHpn3/cA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  color-convert@2.0.1:
+    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
+    engines: {node: '>=7.0.0'}
+
+  color-name@1.1.4:
+    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
+
+  commander@14.0.3:
+    resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
+    engines: {node: '>=20'}
+
   convert-source-map@2.0.0:
     resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
 
+  convert-to-spaces@2.0.1:
+    resolution: {integrity: sha512-rcQ1bsQO9799wq24uE5AM2tAILy4gXGIK/njFWcVQkGNZ96edlpY+A7bjwvzjYvLDyzmG1MmMLZhpcsb+klNMQ==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  cross-spawn@7.0.6:
+    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
+    engines: {node: '>= 8'}
+
   csstype@3.2.3:
     resolution: {integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==}
 
@@ -628,9 +1910,37 @@ packages:
       supports-color:
         optional: true
 
+  deep-eql@5.0.2:
+    resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==}
+    engines: {node: '>=6'}
+
+  eastasianwidth@0.2.0:
+    resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
+
   electron-to-chromium@1.5.362:
     resolution: {integrity: sha512-PUY2DrLvkjkUuWqq+KPL2iWshrJsZOcIojzRQ7eXFacc9dWga7MGMJAa15VbiejSZB1PAXaRLAiKgruHP8LB1w==}
 
+  emoji-regex@8.0.0:
+    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
+
+  emoji-regex@9.2.2:
+    resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
+
+  environment@1.1.0:
+    resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==}
+    engines: {node: '>=18'}
+
+  es-module-lexer@1.7.0:
+    resolution: {integrity: sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==}
+
+  es-toolkit@1.47.0:
+    resolution: {integrity: sha512-n1GuoD0WEQZMBk5tttoZSqwgyLx01oqa5XsBmCHwPyNe1S9jPBEmtR2pSgp2kJuWE3ciFZ6yRHmY4pM4C3OOkw==}
+
+  esbuild@0.21.5:
+    resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
+    engines: {node: '>=12'}
+    hasBin: true
+
   esbuild@0.25.12:
     resolution: {integrity: sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==}
     engines: {node: '>=18'}
@@ -640,15 +1950,57 @@ packages:
     resolution: {integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==}
     engines: {node: '>=6'}
 
-  fdir@6.5.0:
-    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
-    engines: {node: '>=12.0.0'}
-    peerDependencies:
+  escape-string-regexp@2.0.0:
+    resolution: {integrity: sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==}
+    engines: {node: '>=8'}
+
+  estree-walker@3.0.3:
+    resolution: {integrity: sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==}
+
+  events@3.3.0:
+    resolution: {integrity: sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==}
+    engines: {node: '>=0.8.x'}
+
+  expect-type@1.3.0:
+    resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==}
+    engines: {node: '>=12.0.0'}
+
+  fast-check@4.8.0:
+    resolution: {integrity: sha512-GOJ158CUMnN6cSahsv4+ExARvIDuzzinFjkp0E9WtiBa5zcVeLozVkWaE4IzFcc+Y48Wp1EDlUZsXRyAztQcSg==}
+    engines: {node: '>=12.17.0'}
+
+  fast-xml-builder@1.2.0:
+    resolution: {integrity: sha512-00aAWieqff+ZJhsXA4g1g7M8k+7AYoMUUHF+/zFb5U6Uv/P0Vl4QZo84/IcufzYalLuEj9928bXN9PbbFzMF0Q==}
+
+  fast-xml-parser@5.7.3:
+    resolution: {integrity: sha512-C0AaNuC+mscy6vrAQKAc/rMq+zAPHodfHGZu4sGVehvAQt/JLG1O5zEcYcXSY5zSqr4YVgxsB+pHXTq0i7eDlg==}
+    hasBin: true
+
+  fast-xml-parser@5.8.0:
+    resolution: {integrity: sha512-6bIM7fsJxeo3uXv7OncQYsBAMPJ7V16Slahl/6M98C/i2q+vB1+4a0MtrvYwDFEUrwDSbAmeLDRXsOBwrL7yAg==}
+    hasBin: true
+
+  fd-package-json@2.0.0:
+    resolution: {integrity: sha512-jKmm9YtsNXN789RS/0mSzOC1NUq9mkVd65vbSSVsKdjGvYXBuE4oWe2QOEoFeRmJg+lPuZxpmrfFclNhoRMneQ==}
+
+  fdir@6.5.0:
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
+    engines: {node: '>=12.0.0'}
+    peerDependencies:
       picomatch: ^3 || ^4
     peerDependenciesMeta:
       picomatch:
         optional: true
 
+  foreground-child@3.3.1:
+    resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
+    engines: {node: '>=14'}
+
+  formatly@0.3.0:
+    resolution: {integrity: sha512-9XNj/o4wrRFyhSMJOvsuyMwy8aUfBaZ1VrqHVfohyXf0Sw0e+yfKG+xZaY3arGCOMdwFsqObtzVOc1gU9KiT9w==}
+    engines: {node: '>=18.3.0'}
+    hasBin: true
+
   fsevents@2.3.3:
     resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
     engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
@@ -658,6 +2010,89 @@ packages:
     resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==}
     engines: {node: '>=6.9.0'}
 
+  get-east-asian-width@1.6.0:
+    resolution: {integrity: sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==}
+    engines: {node: '>=18'}
+
+  get-tsconfig@4.14.0:
+    resolution: {integrity: sha512-yTb+8DXzDREzgvYmh6s9vHsSVCHeC0G3PI5bEXNBHtmshPnO+S5O7qgLEOn0I5QvMy6kpZN8K1NKGyilLb93wA==}
+
+  glob@10.5.0:
+    resolution: {integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==}
+    deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
+    hasBin: true
+
+  has-flag@4.0.0:
+    resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
+    engines: {node: '>=8'}
+
+  html-escaper@2.0.2:
+    resolution: {integrity: sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==}
+
+  http-proxy-agent@7.0.2:
+    resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==}
+    engines: {node: '>= 14'}
+
+  https-proxy-agent@7.0.6:
+    resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==}
+    engines: {node: '>= 14'}
+
+  indent-string@5.0.0:
+    resolution: {integrity: sha512-m6FAo/spmsW2Ab2fU35JTYwtOKa2yAwXSwgjSv1TJzh4Mh7mC3lzAOVLBprb72XsTrgkEIsl7YrFNAiDiRhIGg==}
+    engines: {node: '>=12'}
+
+  ink@7.0.4:
+    resolution: {integrity: sha512-4wsM/gMKOT2ZANNTJibI6I9IcwBfobqv/CgaDcwvOaCREZIQxo3iGQS7qPHa2hmA67NYltZWCMtBDELB/mcbJQ==}
+    engines: {node: '>=22'}
+    peerDependencies:
+      '@types/react': '>=19.2.0'
+      react: '>=19.2.0'
+      react-devtools-core: '>=6.1.2'
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      react-devtools-core:
+        optional: true
+
+  is-fullwidth-code-point@3.0.0:
+    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
+    engines: {node: '>=8'}
+
+  is-fullwidth-code-point@5.1.0:
+    resolution: {integrity: sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==}
+    engines: {node: '>=18'}
+
+  is-in-ci@2.0.0:
+    resolution: {integrity: sha512-cFeerHriAnhrQSbpAxL37W1wcJKUUX07HyLWZCW1URJT/ra3GyUTzBgUnh24TMVfNTV2Hij2HLxkPHFZfOZy5w==}
+    engines: {node: '>=20'}
+    hasBin: true
+
+  isexe@2.0.0:
+    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
+
+  istanbul-lib-coverage@3.2.2:
+    resolution: {integrity: sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==}
+    engines: {node: '>=8'}
+
+  istanbul-lib-report@3.0.1:
+    resolution: {integrity: sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==}
+    engines: {node: '>=10'}
+
+  istanbul-lib-source-maps@5.0.6:
+    resolution: {integrity: sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==}
+    engines: {node: '>=10'}
+
+  istanbul-reports@3.2.0:
+    resolution: {integrity: sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==}
+    engines: {node: '>=8'}
+
+  jackspeak@3.4.3:
+    resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
+
+  jiti@2.7.0:
+    resolution: {integrity: sha512-AC/7JofJvZGrrneWNaEnJeOLUx+JlGt7tNa0wZiRPT4MY1wmfKjt2+6O2p2uz2+skll8OZZmJMNqeke7kKbNgQ==}
+    hasBin: true
+
   js-tokens@4.0.0:
     resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
 
@@ -666,15 +2101,36 @@ packages:
     engines: {node: '>=6'}
     hasBin: true
 
+  json-schema-to-ts@3.1.1:
+    resolution: {integrity: sha512-+DWg8jCJG2TEnpy7kOm/7/AxaYoaRbjVB4LFZLySZlWn8exGs3A4OLJR966cVvU26N7X9TWxl+Jsw7dzAqKT6g==}
+    engines: {node: '>=16'}
+
   json5@2.2.3:
     resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==}
     engines: {node: '>=6'}
     hasBin: true
 
+  jsonschema@1.5.0:
+    resolution: {integrity: sha512-K+A9hhqbn0f3pJX17Q/7H6yQfD/5OXgdrR5UE12gMXCiN9D5Xq2o5mddV2QEcX/bjla99ASsAAQUyMCCRWAEhw==}
+
+  knip@6.14.2:
+    resolution: {integrity: sha512-Vg3JhIINjZew1I7qAFI4UHemW1mc4azP/BxJvsq9eGDfxpGO7oVCuD/bsWkog9TO/ZwwJeAeOMFZ1kd9jnY9+Q==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+    hasBin: true
+
+  long@5.3.2:
+    resolution: {integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==}
+
   loose-envify@1.4.0:
     resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
     hasBin: true
 
+  loupe@3.2.1:
+    resolution: {integrity: sha512-CdzqowRJCeLU72bHvWqwRBBlLcMEtIvGrlvef74kMnV2AolS9Y8xUv1I0U/MNAWMhBlKIoyuEgoJ0t/bbwHbLQ==}
+
+  lru-cache@10.4.3:
+    resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
+
   lru-cache@5.1.1:
     resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==}
 
@@ -683,6 +2139,35 @@ packages:
     peerDependencies:
       react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
+  magic-string@0.30.21:
+    resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==}
+
+  magicast@0.3.5:
+    resolution: {integrity: sha512-L0WhttDl+2BOsybvEOLK7fW3UA0OQ0IQ2d6Zl2x/a6vVRs3bAY0ECOSHHeL5jD+SbOpOCUEi0y1DgHEn9Qn1AQ==}
+
+  make-dir@4.0.0:
+    resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==}
+    engines: {node: '>=10'}
+
+  mimic-fn@2.1.0:
+    resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==}
+    engines: {node: '>=6'}
+
+  minimatch@10.2.5:
+    resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
+    engines: {node: 18 || 20 || >=22}
+
+  minimatch@9.0.9:
+    resolution: {integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==}
+    engines: {node: '>=16 || 14 >=14.17'}
+
+  minimist@1.2.8:
+    resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
+
+  minipass@7.1.3:
+    resolution: {integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==}
+    engines: {node: '>=16 || 14 >=14.17'}
+
   ms@2.1.3:
     resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
 
@@ -695,6 +2180,58 @@ packages:
     resolution: {integrity: sha512-GYVXHE2KnrzAfsAjl4uP++evGFCrAU1jta4ubEjIG7YWt/64Gqv66a30yKwWczVjA6j3bM4nBwH7Pk1JmDHaxQ==}
     engines: {node: '>=18'}
 
+  ollama@0.5.18:
+    resolution: {integrity: sha512-lTFqTf9bo7Cd3hpF6CviBe/DEhewjoZYd9N/uCe7O20qYTvGqrNOFOBDj3lbZgFWHUgDv5EeyusYxsZSLS8nvg==}
+
+  onetime@5.1.2:
+    resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==}
+    engines: {node: '>=6'}
+
+  openai@6.39.0:
+    resolution: {integrity: sha512-O61LIsimY3acVabwvomwFhwrnN36yvHY2quIfy9keEcFytGgWeV35yLHQ6NVMLSBxRpHmcg2yuhCnlu2HT4pLQ==}
+    hasBin: true
+    peerDependencies:
+      ws: ^8.18.0
+      zod: ^3.25 || ^4.0
+    peerDependenciesMeta:
+      ws:
+        optional: true
+      zod:
+        optional: true
+
+  oxc-parser@0.130.0:
+    resolution: {integrity: sha512-X0PJ+NmOok8qP3vK9uaW431ngkdM9UPEK7KG466urtIL2+EYTEgbZK2yqe2MWKJKBjRlFweP/pJPx0x9muMEVw==}
+    engines: {node: ^20.19.0 || >=22.12.0}
+
+  oxc-resolver@11.20.0:
+    resolution: {integrity: sha512-CblytBiV/a/ZXY34dsVU2NxhIOxMXst8CvDCtyBelVITgd7PLrKzbEbA6oKLdPjvDKDzCiW48qzmzZ+mYaqn+g==}
+
+  package-json-from-dist@1.0.1:
+    resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==}
+
+  patch-console@2.0.0:
+    resolution: {integrity: sha512-0YNdUceMdaQwoKce1gatDScmMo5pu/tfABfnzEqeG0gtTmd7mh/WcwgUjtAeOU7N8nFFlbQBnFK2gXW5fGvmMA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  path-expression-matcher@1.5.0:
+    resolution: {integrity: sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==}
+    engines: {node: '>=14.0.0'}
+
+  path-key@3.1.1:
+    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
+    engines: {node: '>=8'}
+
+  path-scurry@1.11.1:
+    resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
+    engines: {node: '>=16 || 14 >=14.18'}
+
+  pathe@1.1.2:
+    resolution: {integrity: sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==}
+
+  pathval@2.0.1:
+    resolution: {integrity: sha512-//nshmD55c46FuFw26xV/xFAaB5HF9Xdap7HJBBnrKdAd6/GxDBaNA1870O79+9ueg61cZLSVc+OaFlfmObYVQ==}
+    engines: {node: '>= 14.16'}
+
   picocolors@1.1.1:
     resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
 
@@ -706,11 +2243,24 @@ packages:
     resolution: {integrity: sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==}
     engines: {node: ^10 || ^12 || >=14}
 
+  protobufjs@7.6.1:
+    resolution: {integrity: sha512-4K0myLaWL5EteuSAro91EGFgcfVgxb64Jx+7oDAY6GOkXD4M69yuSEljNcInGVCA5sOPxmZ/EqDLj2x0Q0+Ygg==}
+    engines: {node: '>=12.0.0'}
+
+  pure-rand@8.4.0:
+    resolution: {integrity: sha512-IoM8YF/jY0hiugFo/wOWqfmarlE6J0wc6fDK1PhftMk7MGhVZl88sZimmqBBFomLOCSmcCCpsfj7wXASCpvK9A==}
+
   react-dom@18.3.1:
     resolution: {integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==}
     peerDependencies:
       react: ^18.3.1
 
+  react-reconciler@0.33.0:
+    resolution: {integrity: sha512-KetWRytFv1epdpJc3J4G75I4WrplZE5jOL7Yq0p34+OVOKF4Se7WrdIdVC45XsSSmUTlht2FM/fM1FZb1mfQeA==}
+    engines: {node: '>=0.10.0'}
+    peerDependencies:
+      react: ^19.2.0
+
   react-refresh@0.17.0:
     resolution: {integrity: sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==}
     engines: {node: '>=0.10.0'}
@@ -719,6 +2269,17 @@ packages:
     resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==}
     engines: {node: '>=0.10.0'}
 
+  react@19.2.6:
+    resolution: {integrity: sha512-sfWGGfavi0xr8Pg0sVsyHMAOziVYKgPLNrS7ig+ivMNb3wbCBw3KxtflsGBAwD3gYQlE/AEZsTLgToRrSCjb0Q==}
+    engines: {node: '>=0.10.0'}
+
+  resolve-pkg-maps@1.0.0:
+    resolution: {integrity: sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==}
+
+  restore-cursor@4.0.0:
+    resolution: {integrity: sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
   rollup@4.60.4:
     resolution: {integrity: sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==}
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
@@ -727,33 +2288,191 @@ packages:
   scheduler@0.23.2:
     resolution: {integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==}
 
+  scheduler@0.27.0:
+    resolution: {integrity: sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==}
+
   semver@6.3.1:
     resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==}
     hasBin: true
 
+  semver@7.8.1:
+    resolution: {integrity: sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==}
+    engines: {node: '>=10'}
+    hasBin: true
+
+  shebang-command@2.0.0:
+    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
+    engines: {node: '>=8'}
+
+  shebang-regex@3.0.0:
+    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
+    engines: {node: '>=8'}
+
+  siginfo@2.0.0:
+    resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
+
+  signal-exit@3.0.7:
+    resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
+
+  signal-exit@4.1.0:
+    resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
+    engines: {node: '>=14'}
+
   simple-icons@16.21.0:
     resolution: {integrity: sha512-kH6LEx5yvBGVNaVrHnZ7D17G16CmmHiI8DD7MwIwgnWmDFTiFu4PhFZLNdV6bMGr61qbHMMTXLoo/T6C25dMGA==}
     engines: {node: '>=0.12.18'}
 
+  slice-ansi@9.0.0:
+    resolution: {integrity: sha512-SO/3iYL5S3W57LLEniscOGPZgOqZUPCx6d3dB+52B80yJ0XstzsC/eV8gnA4tM3MHDrKz+OCFSLNjswdSC+/bA==}
+    engines: {node: '>=22'}
+
+  smol-toml@1.6.1:
+    resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==}
+    engines: {node: '>= 18'}
+
   source-map-js@1.2.1:
     resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
     engines: {node: '>=0.10.0'}
 
+  stack-utils@2.0.6:
+    resolution: {integrity: sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==}
+    engines: {node: '>=10'}
+
+  stackback@0.0.2:
+    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
+
+  std-env@3.10.0:
+    resolution: {integrity: sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==}
+
+  string-width@4.2.3:
+    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
+    engines: {node: '>=8'}
+
+  string-width@5.1.2:
+    resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==}
+    engines: {node: '>=12'}
+
+  string-width@8.2.1:
+    resolution: {integrity: sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA==}
+    engines: {node: '>=20'}
+
+  strip-ansi@6.0.1:
+    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
+    engines: {node: '>=8'}
+
+  strip-ansi@7.2.0:
+    resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
+    engines: {node: '>=12'}
+
+  strip-json-comments@5.0.3:
+    resolution: {integrity: sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==}
+    engines: {node: '>=14.16'}
+
+  strnum@2.3.0:
+    resolution: {integrity: sha512-ums3KNd42PGyx5xaoVTO1mjU1bH3NpY4vsrVlnv9PNGqQj8wd7rJ6nEypLrJ7z5vxK5RP0yMLo6J/Gsm62DI5Q==}
+
+  supports-color@7.2.0:
+    resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
+    engines: {node: '>=8'}
+
+  tagged-tag@1.0.0:
+    resolution: {integrity: sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng==}
+    engines: {node: '>=20'}
+
+  terminal-size@4.0.1:
+    resolution: {integrity: sha512-avMLDQpUI9I5XFrklECw1ZEUPJhqzcwSWsyyI8blhRLT+8N1jLJWLWWYQpB2q2xthq8xDvjZPISVh53T/+CLYQ==}
+    engines: {node: '>=18'}
+
+  test-exclude@7.0.2:
+    resolution: {integrity: sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==}
+    engines: {node: '>=18'}
+
+  tinybench@2.9.0:
+    resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==}
+
+  tinyexec@0.3.2:
+    resolution: {integrity: sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==}
+
   tinyglobby@0.2.16:
     resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
     engines: {node: '>=12.0.0'}
 
+  tinypool@1.1.1:
+    resolution: {integrity: sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+
+  tinyrainbow@1.2.0:
+    resolution: {integrity: sha512-weEDEq7Z5eTHPDh4xjX789+fHfF+P8boiFB+0vbWzpbnbsEr/GRaohi/uMKxg8RZMXnl1ItAi/IUHWMsjDV7kQ==}
+    engines: {node: '>=14.0.0'}
+
+  tinyspy@3.0.2:
+    resolution: {integrity: sha512-n1cw8k1k0x4pgA2+9XrOkFydTerNcJ1zWCO5Nn9scWHTD+5tp8dghT2x1uduQePZTZgd3Tupf+x9BxJjeJi77Q==}
+    engines: {node: '>=14.0.0'}
+
+  ts-algebra@2.0.0:
+    resolution: {integrity: sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==}
+
+  tslib@2.8.1:
+    resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==}
+
+  type-fest@5.6.0:
+    resolution: {integrity: sha512-8ZiHFm91orbSAe2PSAiSVBVko18pbhbiB3U9GglSzF/zCGkR+rxpHx6sEMCUm4kxY4LjDIUGgCfUMtwfZfjfUA==}
+    engines: {node: '>=20'}
+
   typescript@5.9.3:
     resolution: {integrity: sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==}
     engines: {node: '>=14.17'}
     hasBin: true
 
+  unbash@3.0.0:
+    resolution: {integrity: sha512-FeFPZ/WFT0mbRCuydiZzpPFlrYN8ZUpphQKoq4EeElVIYjYyGzPMxQR/simUwCOJIyVhpFk4RbtyO7RuMpMnHA==}
+    engines: {node: '>=14'}
+
+  undici-types@6.21.0:
+    resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
+
   update-browserslist-db@1.2.3:
     resolution: {integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==}
     hasBin: true
     peerDependencies:
       browserslist: '>= 4.21.0'
 
+  vite-node@2.1.9:
+    resolution: {integrity: sha512-AM9aQ/IPrW/6ENLQg3AGY4K1N2TGZdR5e4gu/MmmR2xR3Ll1+dib+nook92g4TV3PXVyeyxdWwtaCAiUL0hMxA==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+
+  vite@5.4.21:
+    resolution: {integrity: sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || >=20.0.0
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      sass-embedded: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.4.0
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      sass-embedded:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+
   vite@6.4.2:
     resolution: {integrity: sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==}
     engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
@@ -794,11 +2513,456 @@ packages:
       yaml:
         optional: true
 
+  vitest@2.1.9:
+    resolution: {integrity: sha512-MSmPM9REYqDGBI8439mA4mWhV5sKmDlBKWIYbA3lRb2PTHACE0mgKwA8yQ2xq9vxDTuk4iPrECBAEW2aoFXY0Q==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@edge-runtime/vm': '*'
+      '@types/node': ^18.0.0 || >=20.0.0
+      '@vitest/browser': 2.1.9
+      '@vitest/ui': 2.1.9
+      happy-dom: '*'
+      jsdom: '*'
+    peerDependenciesMeta:
+      '@edge-runtime/vm':
+        optional: true
+      '@types/node':
+        optional: true
+      '@vitest/browser':
+        optional: true
+      '@vitest/ui':
+        optional: true
+      happy-dom:
+        optional: true
+      jsdom:
+        optional: true
+
+  walk-up-path@4.0.0:
+    resolution: {integrity: sha512-3hu+tD8YzSLGuFYtPRb48vdhKMi0KQV5sn+uWr8+7dMEq/2G/dtLrdDinkLjqq5TIbIBjYJ4Ax/n3YiaW7QM8A==}
+    engines: {node: 20 || >=22}
+
+  whatwg-fetch@3.6.20:
+    resolution: {integrity: sha512-EqhiFU6daOA8kpjOWTL0olhVOF3i7OrFzSYiGsEMB8GcXS+RrzauAERX65xMeNWVqxA6HXH2m69Z9LaKKdisfg==}
+
+  which@2.0.2:
+    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
+    engines: {node: '>= 8'}
+    hasBin: true
+
+  why-is-node-running@2.3.0:
+    resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==}
+    engines: {node: '>=8'}
+    hasBin: true
+
+  widest-line@6.0.0:
+    resolution: {integrity: sha512-U89AsyEeAsyoF0zVJBkG9zBgekjgjK7yk9sje3F4IQpXBJ10TF6ByLlIfjMhcmHMJgHZI4KHt4rdNfktzxIAMA==}
+    engines: {node: '>=20'}
+
+  wrap-ansi@10.0.0:
+    resolution: {integrity: sha512-SGcvg80f0wUy2/fXES19feHMz8E0JoXv2uNgHOu4Dgi2OrCy1lqwFYEJz1BLbDI0exjPMe/ZdzZ/YpGECBG/aQ==}
+    engines: {node: '>=20'}
+
+  wrap-ansi@7.0.0:
+    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
+    engines: {node: '>=10'}
+
+  wrap-ansi@8.1.0:
+    resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
+    engines: {node: '>=12'}
+
+  ws@8.21.0:
+    resolution: {integrity: sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==}
+    engines: {node: '>=10.0.0'}
+    peerDependencies:
+      bufferutil: ^4.0.1
+      utf-8-validate: '>=5.0.2'
+    peerDependenciesMeta:
+      bufferutil:
+        optional: true
+      utf-8-validate:
+        optional: true
+
+  xml-naming@0.1.0:
+    resolution: {integrity: sha512-k8KO9hrMyNk6tUWqUfkTEZbezRRpONVOzUTnc97VnCvyj6Tf9lyUR9EDAIeiVLv56jsMcoXEwjW8Kv5yPY52lw==}
+    engines: {node: '>=16.0.0'}
+
   yallist@3.1.1:
     resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}
 
+  yaml@2.9.0:
+    resolution: {integrity: sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==}
+    engines: {node: '>= 14.6'}
+    hasBin: true
+
+  yoga-layout@3.2.1:
+    resolution: {integrity: sha512-0LPOt3AxKqMdFBZA3HBAt/t/8vIKq7VaQYbuA8WxCgung+p9TVyKRYdpvCb80HcdTN2NkbIKbhNwKUfm3tQywQ==}
+
+  zod-to-json-schema@3.25.2:
+    resolution: {integrity: sha512-O/PgfnpT1xKSDeQYSCfRI5Gy3hPf91mKVDuYLUHZJMiDFptvP41MSnWofm8dnCm0256ZNfZIM7DSzuSMAFnjHA==}
+    peerDependencies:
+      zod: ^3.25.28 || ^4
+
+  zod@3.25.76:
+    resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
+
+  zod@4.4.3:
+    resolution: {integrity: sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==}
+
 snapshots:
 
+  '@alcalzone/ansi-tokenize@0.3.0':
+    dependencies:
+      ansi-styles: 6.2.3
+      is-fullwidth-code-point: 5.1.0
+
+  '@ampproject/remapping@2.3.0':
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.13
+      '@jridgewell/trace-mapping': 0.3.31
+
+  '@anthropic-ai/sdk@0.89.0(zod@4.4.3)':
+    dependencies:
+      json-schema-to-ts: 3.1.1
+    optionalDependencies:
+      zod: 4.4.3
+
+  '@aws-crypto/crc32@5.2.0':
+    dependencies:
+      '@aws-crypto/util': 5.2.0
+      '@aws-sdk/types': 3.973.9
+      tslib: 2.8.1
+
+  '@aws-crypto/sha256-browser@5.2.0':
+    dependencies:
+      '@aws-crypto/sha256-js': 5.2.0
+      '@aws-crypto/supports-web-crypto': 5.2.0
+      '@aws-crypto/util': 5.2.0
+      '@aws-sdk/types': 3.973.9
+      '@aws-sdk/util-locate-window': 3.965.5
+      '@smithy/util-utf8': 2.3.0
+      tslib: 2.8.1
+
+  '@aws-crypto/sha256-js@5.2.0':
+    dependencies:
+      '@aws-crypto/util': 5.2.0
+      '@aws-sdk/types': 3.973.9
+      tslib: 2.8.1
+
+  '@aws-crypto/supports-web-crypto@5.2.0':
+    dependencies:
+      tslib: 2.8.1
+
+  '@aws-crypto/util@5.2.0':
+    dependencies:
+      '@aws-sdk/types': 3.973.9
+      '@smithy/util-utf8': 2.3.0
+      tslib: 2.8.1
+
+  '@aws-sdk/client-bedrock-runtime@3.1055.0':
+    dependencies:
+      '@aws-crypto/sha256-browser': 5.2.0
+      '@aws-crypto/sha256-js': 5.2.0
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/credential-provider-node': 3.972.45
+      '@aws-sdk/eventstream-handler-node': 3.972.17
+      '@aws-sdk/middleware-eventstream': 3.972.13
+      '@aws-sdk/middleware-websocket': 3.972.22
+      '@aws-sdk/token-providers': 3.1055.0
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/fetch-http-handler': 5.4.5
+      '@smithy/node-http-handler': 4.7.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/core@3.974.14':
+    dependencies:
+      '@aws-sdk/types': 3.973.9
+      '@aws-sdk/xml-builder': 3.972.26
+      '@aws/lambda-invoke-store': 0.2.4
+      '@smithy/core': 3.24.5
+      '@smithy/signature-v4': 5.4.5
+      '@smithy/types': 4.14.2
+      bowser: 2.14.1
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-env@3.972.40':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-http@3.972.42':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/fetch-http-handler': 5.4.5
+      '@smithy/node-http-handler': 4.7.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-ini@3.972.44':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/credential-provider-env': 3.972.40
+      '@aws-sdk/credential-provider-http': 3.972.42
+      '@aws-sdk/credential-provider-login': 3.972.44
+      '@aws-sdk/credential-provider-process': 3.972.40
+      '@aws-sdk/credential-provider-sso': 3.972.44
+      '@aws-sdk/credential-provider-web-identity': 3.972.44
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/credential-provider-imds': 4.3.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-login@3.972.44':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-node@3.972.45':
+    dependencies:
+      '@aws-sdk/credential-provider-env': 3.972.40
+      '@aws-sdk/credential-provider-http': 3.972.42
+      '@aws-sdk/credential-provider-ini': 3.972.44
+      '@aws-sdk/credential-provider-process': 3.972.40
+      '@aws-sdk/credential-provider-sso': 3.972.44
+      '@aws-sdk/credential-provider-web-identity': 3.972.44
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/credential-provider-imds': 4.3.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-process@3.972.40':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-sso@3.972.44':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/token-providers': 3.1054.0
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/credential-provider-web-identity@3.972.44':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/eventstream-handler-node@3.972.17':
+    dependencies:
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/middleware-eventstream@3.972.13':
+    dependencies:
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/middleware-websocket@3.972.22':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/fetch-http-handler': 5.4.5
+      '@smithy/signature-v4': 5.4.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/nested-clients@3.997.12':
+    dependencies:
+      '@aws-crypto/sha256-browser': 5.2.0
+      '@aws-crypto/sha256-js': 5.2.0
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/signature-v4-multi-region': 3.996.29
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/fetch-http-handler': 5.4.5
+      '@smithy/node-http-handler': 4.7.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/signature-v4-multi-region@3.996.29':
+    dependencies:
+      '@aws-sdk/types': 3.973.9
+      '@smithy/signature-v4': 5.4.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/token-providers@3.1054.0':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/token-providers@3.1055.0':
+    dependencies:
+      '@aws-sdk/core': 3.974.14
+      '@aws-sdk/nested-clients': 3.997.12
+      '@aws-sdk/types': 3.973.9
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/types@3.973.9':
+    dependencies:
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@aws-sdk/util-locate-window@3.965.5':
+    dependencies:
+      tslib: 2.8.1
+
+  '@aws-sdk/xml-builder@3.972.26':
+    dependencies:
+      '@smithy/types': 4.14.2
+      fast-xml-parser: 5.7.3
+      tslib: 2.8.1
+
+  '@aws/lambda-invoke-store@0.2.4': {}
+
+  '@azure/abort-controller@2.1.2':
+    dependencies:
+      tslib: 2.8.1
+
+  '@azure/core-auth@1.10.1':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-util': 1.13.1
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/core-client@1.10.1':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-auth': 1.10.1
+      '@azure/core-rest-pipeline': 1.23.0
+      '@azure/core-tracing': 1.3.1
+      '@azure/core-util': 1.13.1
+      '@azure/logger': 1.3.0
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/core-http-compat@2.4.0(@azure/core-client@1.10.1)(@azure/core-rest-pipeline@1.23.0)':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-client': 1.10.1
+      '@azure/core-rest-pipeline': 1.23.0
+
+  '@azure/core-lro@2.7.2':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-util': 1.13.1
+      '@azure/logger': 1.3.0
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/core-paging@1.6.2':
+    dependencies:
+      tslib: 2.8.1
+
+  '@azure/core-rest-pipeline@1.23.0':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-auth': 1.10.1
+      '@azure/core-tracing': 1.3.1
+      '@azure/core-util': 1.13.1
+      '@azure/logger': 1.3.0
+      '@typespec/ts-http-runtime': 0.3.5
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/core-tracing@1.3.1':
+    dependencies:
+      tslib: 2.8.1
+
+  '@azure/core-util@1.13.1':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@typespec/ts-http-runtime': 0.3.5
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/core-xml@1.5.1':
+    dependencies:
+      fast-xml-parser: 5.8.0
+      tslib: 2.8.1
+
+  '@azure/logger@1.3.0':
+    dependencies:
+      '@typespec/ts-http-runtime': 0.3.5
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/storage-blob@12.31.0':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-auth': 1.10.1
+      '@azure/core-client': 1.10.1
+      '@azure/core-http-compat': 2.4.0(@azure/core-client@1.10.1)(@azure/core-rest-pipeline@1.23.0)
+      '@azure/core-lro': 2.7.2
+      '@azure/core-paging': 1.6.2
+      '@azure/core-rest-pipeline': 1.23.0
+      '@azure/core-tracing': 1.3.1
+      '@azure/core-util': 1.13.1
+      '@azure/core-xml': 1.5.1
+      '@azure/logger': 1.3.0
+      '@azure/storage-common': 12.3.0(@azure/core-client@1.10.1)
+      events: 3.3.0
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@azure/storage-common@12.3.0(@azure/core-client@1.10.1)':
+    dependencies:
+      '@azure/abort-controller': 2.1.2
+      '@azure/core-auth': 1.10.1
+      '@azure/core-http-compat': 2.4.0(@azure/core-client@1.10.1)(@azure/core-rest-pipeline@1.23.0)
+      '@azure/core-rest-pipeline': 1.23.0
+      '@azure/core-tracing': 1.3.1
+      '@azure/core-util': 1.13.1
+      '@azure/logger': 1.3.0
+      events: 3.3.0
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - '@azure/core-client'
+      - supports-color
+
   '@babel/code-frame@7.29.7':
     dependencies:
       '@babel/helper-validator-identifier': 7.29.7
@@ -888,6 +3052,8 @@ snapshots:
       '@babel/core': 7.29.7
       '@babel/helper-plugin-utils': 7.29.7
 
+  '@babel/runtime@7.29.7': {}
+
   '@babel/template@7.29.7':
     dependencies:
       '@babel/code-frame': 7.29.7
@@ -911,84 +3077,217 @@ snapshots:
       '@babel/helper-string-parser': 7.29.7
       '@babel/helper-validator-identifier': 7.29.7
 
+  '@bcoe/v8-coverage@0.2.3': {}
+
+  '@biomejs/biome@1.9.4':
+    optionalDependencies:
+      '@biomejs/cli-darwin-arm64': 1.9.4
+      '@biomejs/cli-darwin-x64': 1.9.4
+      '@biomejs/cli-linux-arm64': 1.9.4
+      '@biomejs/cli-linux-arm64-musl': 1.9.4
+      '@biomejs/cli-linux-x64': 1.9.4
+      '@biomejs/cli-linux-x64-musl': 1.9.4
+      '@biomejs/cli-win32-arm64': 1.9.4
+      '@biomejs/cli-win32-x64': 1.9.4
+
+  '@biomejs/cli-darwin-arm64@1.9.4':
+    optional: true
+
+  '@biomejs/cli-darwin-x64@1.9.4':
+    optional: true
+
+  '@biomejs/cli-linux-arm64-musl@1.9.4':
+    optional: true
+
+  '@biomejs/cli-linux-arm64@1.9.4':
+    optional: true
+
+  '@biomejs/cli-linux-x64-musl@1.9.4':
+    optional: true
+
+  '@biomejs/cli-linux-x64@1.9.4':
+    optional: true
+
+  '@biomejs/cli-win32-arm64@1.9.4':
+    optional: true
+
+  '@biomejs/cli-win32-x64@1.9.4':
+    optional: true
+
+  '@emnapi/core@1.10.0':
+    dependencies:
+      '@emnapi/wasi-threads': 1.2.1
+      tslib: 2.8.1
+    optional: true
+
+  '@emnapi/runtime@1.10.0':
+    dependencies:
+      tslib: 2.8.1
+    optional: true
+
+  '@emnapi/wasi-threads@1.2.1':
+    dependencies:
+      tslib: 2.8.1
+    optional: true
+
+  '@esbuild/aix-ppc64@0.21.5':
+    optional: true
+
   '@esbuild/aix-ppc64@0.25.12':
     optional: true
 
-  '@esbuild/android-arm64@0.25.12':
+  '@esbuild/android-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/android-arm64@0.25.12':
+    optional: true
+
+  '@esbuild/android-arm@0.21.5':
     optional: true
 
   '@esbuild/android-arm@0.25.12':
     optional: true
 
+  '@esbuild/android-x64@0.21.5':
+    optional: true
+
   '@esbuild/android-x64@0.25.12':
     optional: true
 
+  '@esbuild/darwin-arm64@0.21.5':
+    optional: true
+
   '@esbuild/darwin-arm64@0.25.12':
     optional: true
 
+  '@esbuild/darwin-x64@0.21.5':
+    optional: true
+
   '@esbuild/darwin-x64@0.25.12':
     optional: true
 
+  '@esbuild/freebsd-arm64@0.21.5':
+    optional: true
+
   '@esbuild/freebsd-arm64@0.25.12':
     optional: true
 
+  '@esbuild/freebsd-x64@0.21.5':
+    optional: true
+
   '@esbuild/freebsd-x64@0.25.12':
     optional: true
 
+  '@esbuild/linux-arm64@0.21.5':
+    optional: true
+
   '@esbuild/linux-arm64@0.25.12':
     optional: true
 
+  '@esbuild/linux-arm@0.21.5':
+    optional: true
+
   '@esbuild/linux-arm@0.25.12':
     optional: true
 
+  '@esbuild/linux-ia32@0.21.5':
+    optional: true
+
   '@esbuild/linux-ia32@0.25.12':
     optional: true
 
+  '@esbuild/linux-loong64@0.21.5':
+    optional: true
+
   '@esbuild/linux-loong64@0.25.12':
     optional: true
 
+  '@esbuild/linux-mips64el@0.21.5':
+    optional: true
+
   '@esbuild/linux-mips64el@0.25.12':
     optional: true
 
+  '@esbuild/linux-ppc64@0.21.5':
+    optional: true
+
   '@esbuild/linux-ppc64@0.25.12':
     optional: true
 
+  '@esbuild/linux-riscv64@0.21.5':
+    optional: true
+
   '@esbuild/linux-riscv64@0.25.12':
     optional: true
 
+  '@esbuild/linux-s390x@0.21.5':
+    optional: true
+
   '@esbuild/linux-s390x@0.25.12':
     optional: true
 
+  '@esbuild/linux-x64@0.21.5':
+    optional: true
+
   '@esbuild/linux-x64@0.25.12':
     optional: true
 
   '@esbuild/netbsd-arm64@0.25.12':
     optional: true
 
+  '@esbuild/netbsd-x64@0.21.5':
+    optional: true
+
   '@esbuild/netbsd-x64@0.25.12':
     optional: true
 
   '@esbuild/openbsd-arm64@0.25.12':
     optional: true
 
+  '@esbuild/openbsd-x64@0.21.5':
+    optional: true
+
   '@esbuild/openbsd-x64@0.25.12':
     optional: true
 
   '@esbuild/openharmony-arm64@0.25.12':
     optional: true
 
+  '@esbuild/sunos-x64@0.21.5':
+    optional: true
+
   '@esbuild/sunos-x64@0.25.12':
     optional: true
 
+  '@esbuild/win32-arm64@0.21.5':
+    optional: true
+
   '@esbuild/win32-arm64@0.25.12':
     optional: true
 
+  '@esbuild/win32-ia32@0.21.5':
+    optional: true
+
   '@esbuild/win32-ia32@0.25.12':
     optional: true
 
+  '@esbuild/win32-x64@0.21.5':
+    optional: true
+
   '@esbuild/win32-x64@0.25.12':
     optional: true
 
+  '@isaacs/cliui@8.0.2':
+    dependencies:
+      string-width: 5.1.2
+      string-width-cjs: string-width@4.2.3
+      strip-ansi: 7.2.0
+      strip-ansi-cjs: strip-ansi@6.0.1
+      wrap-ansi: 8.1.0
+      wrap-ansi-cjs: wrap-ansi@7.0.0
+
+  '@istanbuljs/schema@0.1.6': {}
+
   '@jridgewell/gen-mapping@0.3.13':
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.5
@@ -1008,6 +3307,285 @@ snapshots:
       '@jridgewell/resolve-uri': 3.1.2
       '@jridgewell/sourcemap-codec': 1.5.5
 
+  '@lmstudio/lms-isomorphic@0.4.6':
+    dependencies:
+      ws: 8.21.0
+    transitivePeerDependencies:
+      - bufferutil
+      - utf-8-validate
+
+  '@lmstudio/sdk@1.5.0':
+    dependencies:
+      '@lmstudio/lms-isomorphic': 0.4.6
+      chalk: 4.1.2
+      jsonschema: 1.5.0
+      zod: 3.25.76
+      zod-to-json-schema: 3.25.2(zod@3.25.76)
+    transitivePeerDependencies:
+      - bufferutil
+      - utf-8-validate
+
+  '@napi-rs/wasm-runtime@1.1.4(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)':
+    dependencies:
+      '@emnapi/core': 1.10.0
+      '@emnapi/runtime': 1.10.0
+      '@tybys/wasm-util': 0.10.2
+    optional: true
+
+  '@nodable/entities@2.1.1': {}
+
+  '@opentelemetry/api-logs@0.57.2':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+
+  '@opentelemetry/api@1.9.1': {}
+
+  '@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+
+  '@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/semantic-conventions': 1.28.0
+
+  '@opentelemetry/exporter-metrics-otlp-http@0.57.2(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/otlp-exporter-base': 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/otlp-transformer': 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-metrics': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/exporter-trace-otlp-http@0.57.2(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/otlp-exporter-base': 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/otlp-transformer': 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-trace-base': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/otlp-exporter-base@0.57.2(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/otlp-transformer': 0.57.2(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/otlp-transformer@0.57.2(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/api-logs': 0.57.2
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-logs': 0.57.2(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-metrics': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-trace-base': 1.30.1(@opentelemetry/api@1.9.1)
+      protobufjs: 7.6.1
+
+  '@opentelemetry/propagator-b3@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/propagator-jaeger@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/resources@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/semantic-conventions': 1.28.0
+
+  '@opentelemetry/sdk-logs@0.57.2(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/api-logs': 0.57.2
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/sdk-metrics@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+
+  '@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/semantic-conventions': 1.28.0
+
+  '@opentelemetry/sdk-trace-node@1.30.1(@opentelemetry/api@1.9.1)':
+    dependencies:
+      '@opentelemetry/api': 1.9.1
+      '@opentelemetry/context-async-hooks': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/propagator-b3': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/propagator-jaeger': 1.30.1(@opentelemetry/api@1.9.1)
+      '@opentelemetry/sdk-trace-base': 1.30.1(@opentelemetry/api@1.9.1)
+      semver: 7.8.1
+
+  '@opentelemetry/semantic-conventions@1.28.0': {}
+
+  '@opentelemetry/semantic-conventions@1.41.1': {}
+
+  '@oxc-parser/binding-android-arm-eabi@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-android-arm64@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-darwin-arm64@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-darwin-x64@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-freebsd-x64@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-arm-gnueabihf@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-arm-musleabihf@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-arm64-gnu@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-arm64-musl@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-ppc64-gnu@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-riscv64-gnu@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-riscv64-musl@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-s390x-gnu@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-x64-gnu@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-linux-x64-musl@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-openharmony-arm64@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-wasm32-wasi@0.130.0':
+    dependencies:
+      '@emnapi/core': 1.10.0
+      '@emnapi/runtime': 1.10.0
+      '@napi-rs/wasm-runtime': 1.1.4(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)
+    optional: true
+
+  '@oxc-parser/binding-win32-arm64-msvc@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-win32-ia32-msvc@0.130.0':
+    optional: true
+
+  '@oxc-parser/binding-win32-x64-msvc@0.130.0':
+    optional: true
+
+  '@oxc-project/types@0.130.0': {}
+
+  '@oxc-resolver/binding-android-arm-eabi@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-android-arm64@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-darwin-arm64@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-darwin-x64@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-freebsd-x64@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-arm-gnueabihf@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-arm-musleabihf@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-arm64-gnu@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-arm64-musl@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-ppc64-gnu@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-riscv64-gnu@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-riscv64-musl@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-s390x-gnu@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-x64-gnu@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-linux-x64-musl@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-openharmony-arm64@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-wasm32-wasi@11.20.0':
+    dependencies:
+      '@emnapi/core': 1.10.0
+      '@emnapi/runtime': 1.10.0
+      '@napi-rs/wasm-runtime': 1.1.4(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)
+    optional: true
+
+  '@oxc-resolver/binding-win32-arm64-msvc@11.20.0':
+    optional: true
+
+  '@oxc-resolver/binding-win32-x64-msvc@11.20.0':
+    optional: true
+
+  '@pkgjs/parseargs@0.11.0':
+    optional: true
+
+  '@protobufjs/aspromise@1.1.2': {}
+
+  '@protobufjs/base64@1.1.2': {}
+
+  '@protobufjs/codegen@2.0.5': {}
+
+  '@protobufjs/eventemitter@1.1.1': {}
+
+  '@protobufjs/fetch@1.1.1':
+    dependencies:
+      '@protobufjs/aspromise': 1.1.2
+
+  '@protobufjs/float@1.0.2': {}
+
+  '@protobufjs/inquire@1.1.2': {}
+
+  '@protobufjs/path@1.1.2': {}
+
+  '@protobufjs/pool@1.1.0': {}
+
+  '@protobufjs/utf8@1.1.1': {}
+
   '@rolldown/pluginutils@1.0.0-beta.27': {}
 
   '@rollup/rollup-android-arm-eabi@4.60.4':
@@ -1085,6 +3663,59 @@ snapshots:
   '@rollup/rollup-win32-x64-msvc@4.60.4':
     optional: true
 
+  '@smithy/core@3.24.5':
+    dependencies:
+      '@aws-crypto/crc32': 5.2.0
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@smithy/credential-provider-imds@4.3.5':
+    dependencies:
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@smithy/fetch-http-handler@5.4.5':
+    dependencies:
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@smithy/is-array-buffer@2.2.0':
+    dependencies:
+      tslib: 2.8.1
+
+  '@smithy/node-http-handler@4.7.5':
+    dependencies:
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@smithy/signature-v4@5.4.5':
+    dependencies:
+      '@smithy/core': 3.24.5
+      '@smithy/types': 4.14.2
+      tslib: 2.8.1
+
+  '@smithy/types@4.14.2':
+    dependencies:
+      tslib: 2.8.1
+
+  '@smithy/util-buffer-from@2.2.0':
+    dependencies:
+      '@smithy/is-array-buffer': 2.2.0
+      tslib: 2.8.1
+
+  '@smithy/util-utf8@2.3.0':
+    dependencies:
+      '@smithy/util-buffer-from': 2.2.0
+      tslib: 2.8.1
+
+  '@tybys/wasm-util@0.10.2':
+    dependencies:
+      tslib: 2.8.1
+    optional: true
+
   '@types/babel__core@7.20.5':
     dependencies:
       '@babel/parser': 7.29.7
@@ -1097,42 +3728,150 @@ snapshots:
     dependencies:
       '@babel/types': 7.29.7
 
-  '@types/babel__template@7.4.4':
+  '@types/babel__template@7.4.4':
+    dependencies:
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+
+  '@types/babel__traverse@7.28.0':
+    dependencies:
+      '@babel/types': 7.29.7
+
+  '@types/estree@1.0.8': {}
+
+  '@types/node@22.19.19':
+    dependencies:
+      undici-types: 6.21.0
+
+  '@types/prop-types@15.7.15': {}
+
+  '@types/react-dom@18.3.7(@types/react@18.3.29)':
+    dependencies:
+      '@types/react': 18.3.29
+
+  '@types/react@18.3.29':
+    dependencies:
+      '@types/prop-types': 15.7.15
+      csstype: 3.2.3
+
+  '@types/react@19.2.15':
+    dependencies:
+      csstype: 3.2.3
+
+  '@typespec/ts-http-runtime@0.3.5':
+    dependencies:
+      http-proxy-agent: 7.0.2
+      https-proxy-agent: 7.0.6
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@vitejs/plugin-react@4.7.0(vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0))':
+    dependencies:
+      '@babel/core': 7.29.7
+      '@babel/plugin-transform-react-jsx-self': 7.29.7(@babel/core@7.29.7)
+      '@babel/plugin-transform-react-jsx-source': 7.29.7(@babel/core@7.29.7)
+      '@rolldown/pluginutils': 1.0.0-beta.27
+      '@types/babel__core': 7.20.5
+      react-refresh: 0.17.0
+      vite: 6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0)
+    transitivePeerDependencies:
+      - supports-color
+
+  '@vitest/coverage-v8@2.1.9(vitest@2.1.9(@types/node@22.19.19))':
+    dependencies:
+      '@ampproject/remapping': 2.3.0
+      '@bcoe/v8-coverage': 0.2.3
+      debug: 4.4.3
+      istanbul-lib-coverage: 3.2.2
+      istanbul-lib-report: 3.0.1
+      istanbul-lib-source-maps: 5.0.6
+      istanbul-reports: 3.2.0
+      magic-string: 0.30.21
+      magicast: 0.3.5
+      std-env: 3.10.0
+      test-exclude: 7.0.2
+      tinyrainbow: 1.2.0
+      vitest: 2.1.9(@types/node@22.19.19)
+    transitivePeerDependencies:
+      - supports-color
+
+  '@vitest/expect@2.1.9':
+    dependencies:
+      '@vitest/spy': 2.1.9
+      '@vitest/utils': 2.1.9
+      chai: 5.3.3
+      tinyrainbow: 1.2.0
+
+  '@vitest/mocker@2.1.9(vite@5.4.21(@types/node@22.19.19))':
+    dependencies:
+      '@vitest/spy': 2.1.9
+      estree-walker: 3.0.3
+      magic-string: 0.30.21
+    optionalDependencies:
+      vite: 5.4.21(@types/node@22.19.19)
+
+  '@vitest/pretty-format@2.1.9':
+    dependencies:
+      tinyrainbow: 1.2.0
+
+  '@vitest/runner@2.1.9':
+    dependencies:
+      '@vitest/utils': 2.1.9
+      pathe: 1.1.2
+
+  '@vitest/snapshot@2.1.9':
+    dependencies:
+      '@vitest/pretty-format': 2.1.9
+      magic-string: 0.30.21
+      pathe: 1.1.2
+
+  '@vitest/spy@2.1.9':
+    dependencies:
+      tinyspy: 3.0.2
+
+  '@vitest/utils@2.1.9':
     dependencies:
-      '@babel/parser': 7.29.7
-      '@babel/types': 7.29.7
+      '@vitest/pretty-format': 2.1.9
+      loupe: 3.2.1
+      tinyrainbow: 1.2.0
 
-  '@types/babel__traverse@7.28.0':
+  agent-base@7.1.4: {}
+
+  ansi-escapes@7.3.0:
     dependencies:
-      '@babel/types': 7.29.7
+      environment: 1.1.0
 
-  '@types/estree@1.0.8': {}
+  ansi-regex@5.0.1: {}
 
-  '@types/prop-types@15.7.15': {}
+  ansi-regex@6.2.2: {}
 
-  '@types/react-dom@18.3.7(@types/react@18.3.29)':
+  ansi-styles@4.3.0:
     dependencies:
-      '@types/react': 18.3.29
+      color-convert: 2.0.1
 
-  '@types/react@18.3.29':
-    dependencies:
-      '@types/prop-types': 15.7.15
-      csstype: 3.2.3
+  ansi-styles@6.2.3: {}
 
-  '@vitejs/plugin-react@4.7.0(vite@6.4.2)':
-    dependencies:
-      '@babel/core': 7.29.7
-      '@babel/plugin-transform-react-jsx-self': 7.29.7(@babel/core@7.29.7)
-      '@babel/plugin-transform-react-jsx-source': 7.29.7(@babel/core@7.29.7)
-      '@rolldown/pluginutils': 1.0.0-beta.27
-      '@types/babel__core': 7.20.5
-      react-refresh: 0.17.0
-      vite: 6.4.2
-    transitivePeerDependencies:
-      - supports-color
+  assertion-error@2.0.1: {}
+
+  auto-bind@5.0.1: {}
+
+  balanced-match@1.0.2: {}
+
+  balanced-match@4.0.4: {}
 
   baseline-browser-mapping@2.10.32: {}
 
+  bowser@2.14.1: {}
+
+  brace-expansion@2.1.1:
+    dependencies:
+      balanced-match: 1.0.2
+
+  brace-expansion@5.0.6:
+    dependencies:
+      balanced-match: 4.0.4
+
   browserslist@4.28.2:
     dependencies:
       baseline-browser-mapping: 2.10.32
@@ -1141,18 +3880,108 @@ snapshots:
       node-releases: 2.0.46
       update-browserslist-db: 1.2.3(browserslist@4.28.2)
 
+  cac@6.7.14: {}
+
   caniuse-lite@1.0.30001793: {}
 
+  chai@5.3.3:
+    dependencies:
+      assertion-error: 2.0.1
+      check-error: 2.1.3
+      deep-eql: 5.0.2
+      loupe: 3.2.1
+      pathval: 2.0.1
+
+  chalk@4.1.2:
+    dependencies:
+      ansi-styles: 4.3.0
+      supports-color: 7.2.0
+
+  chalk@5.6.2: {}
+
+  check-error@2.1.3: {}
+
+  cli-boxes@4.0.1: {}
+
+  cli-cursor@4.0.0:
+    dependencies:
+      restore-cursor: 4.0.0
+
+  cli-truncate@6.0.0:
+    dependencies:
+      slice-ansi: 9.0.0
+      string-width: 8.2.1
+
+  code-excerpt@4.0.0:
+    dependencies:
+      convert-to-spaces: 2.0.1
+
+  color-convert@2.0.1:
+    dependencies:
+      color-name: 1.1.4
+
+  color-name@1.1.4: {}
+
+  commander@14.0.3: {}
+
   convert-source-map@2.0.0: {}
 
+  convert-to-spaces@2.0.1: {}
+
+  cross-spawn@7.0.6:
+    dependencies:
+      path-key: 3.1.1
+      shebang-command: 2.0.0
+      which: 2.0.2
+
   csstype@3.2.3: {}
 
   debug@4.4.3:
     dependencies:
       ms: 2.1.3
 
+  deep-eql@5.0.2: {}
+
+  eastasianwidth@0.2.0: {}
+
   electron-to-chromium@1.5.362: {}
 
+  emoji-regex@8.0.0: {}
+
+  emoji-regex@9.2.2: {}
+
+  environment@1.1.0: {}
+
+  es-module-lexer@1.7.0: {}
+
+  es-toolkit@1.47.0: {}
+
+  esbuild@0.21.5:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.21.5
+      '@esbuild/android-arm': 0.21.5
+      '@esbuild/android-arm64': 0.21.5
+      '@esbuild/android-x64': 0.21.5
+      '@esbuild/darwin-arm64': 0.21.5
+      '@esbuild/darwin-x64': 0.21.5
+      '@esbuild/freebsd-arm64': 0.21.5
+      '@esbuild/freebsd-x64': 0.21.5
+      '@esbuild/linux-arm': 0.21.5
+      '@esbuild/linux-arm64': 0.21.5
+      '@esbuild/linux-ia32': 0.21.5
+      '@esbuild/linux-loong64': 0.21.5
+      '@esbuild/linux-mips64el': 0.21.5
+      '@esbuild/linux-ppc64': 0.21.5
+      '@esbuild/linux-riscv64': 0.21.5
+      '@esbuild/linux-s390x': 0.21.5
+      '@esbuild/linux-x64': 0.21.5
+      '@esbuild/netbsd-x64': 0.21.5
+      '@esbuild/openbsd-x64': 0.21.5
+      '@esbuild/sunos-x64': 0.21.5
+      '@esbuild/win32-arm64': 0.21.5
+      '@esbuild/win32-ia32': 0.21.5
+      '@esbuild/win32-x64': 0.21.5
+
   esbuild@0.25.12:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.25.12
@@ -1184,25 +4013,210 @@ snapshots:
 
   escalade@3.2.0: {}
 
+  escape-string-regexp@2.0.0: {}
+
+  estree-walker@3.0.3:
+    dependencies:
+      '@types/estree': 1.0.8
+
+  events@3.3.0: {}
+
+  expect-type@1.3.0: {}
+
+  fast-check@4.8.0:
+    dependencies:
+      pure-rand: 8.4.0
+
+  fast-xml-builder@1.2.0:
+    dependencies:
+      path-expression-matcher: 1.5.0
+      xml-naming: 0.1.0
+
+  fast-xml-parser@5.7.3:
+    dependencies:
+      '@nodable/entities': 2.1.1
+      fast-xml-builder: 1.2.0
+      path-expression-matcher: 1.5.0
+      strnum: 2.3.0
+
+  fast-xml-parser@5.8.0:
+    dependencies:
+      '@nodable/entities': 2.1.1
+      fast-xml-builder: 1.2.0
+      path-expression-matcher: 1.5.0
+      strnum: 2.3.0
+      xml-naming: 0.1.0
+
+  fd-package-json@2.0.0:
+    dependencies:
+      walk-up-path: 4.0.0
+
   fdir@6.5.0(picomatch@4.0.4):
     optionalDependencies:
       picomatch: 4.0.4
 
+  foreground-child@3.3.1:
+    dependencies:
+      cross-spawn: 7.0.6
+      signal-exit: 4.1.0
+
+  formatly@0.3.0:
+    dependencies:
+      fd-package-json: 2.0.0
+
   fsevents@2.3.3:
     optional: true
 
   gensync@1.0.0-beta.2: {}
 
+  get-east-asian-width@1.6.0: {}
+
+  get-tsconfig@4.14.0:
+    dependencies:
+      resolve-pkg-maps: 1.0.0
+
+  glob@10.5.0:
+    dependencies:
+      foreground-child: 3.3.1
+      jackspeak: 3.4.3
+      minimatch: 9.0.9
+      minipass: 7.1.3
+      package-json-from-dist: 1.0.1
+      path-scurry: 1.11.1
+
+  has-flag@4.0.0: {}
+
+  html-escaper@2.0.2: {}
+
+  http-proxy-agent@7.0.2:
+    dependencies:
+      agent-base: 7.1.4
+      debug: 4.4.3
+    transitivePeerDependencies:
+      - supports-color
+
+  https-proxy-agent@7.0.6:
+    dependencies:
+      agent-base: 7.1.4
+      debug: 4.4.3
+    transitivePeerDependencies:
+      - supports-color
+
+  indent-string@5.0.0: {}
+
+  ink@7.0.4(@types/react@19.2.15)(react@19.2.6):
+    dependencies:
+      '@alcalzone/ansi-tokenize': 0.3.0
+      ansi-escapes: 7.3.0
+      ansi-styles: 6.2.3
+      auto-bind: 5.0.1
+      chalk: 5.6.2
+      cli-boxes: 4.0.1
+      cli-cursor: 4.0.0
+      cli-truncate: 6.0.0
+      code-excerpt: 4.0.0
+      es-toolkit: 1.47.0
+      indent-string: 5.0.0
+      is-in-ci: 2.0.0
+      patch-console: 2.0.0
+      react: 19.2.6
+      react-reconciler: 0.33.0(react@19.2.6)
+      scheduler: 0.27.0
+      signal-exit: 3.0.7
+      slice-ansi: 9.0.0
+      stack-utils: 2.0.6
+      string-width: 8.2.1
+      terminal-size: 4.0.1
+      type-fest: 5.6.0
+      widest-line: 6.0.0
+      wrap-ansi: 10.0.0
+      ws: 8.21.0
+      yoga-layout: 3.2.1
+    optionalDependencies:
+      '@types/react': 19.2.15
+    transitivePeerDependencies:
+      - bufferutil
+      - utf-8-validate
+
+  is-fullwidth-code-point@3.0.0: {}
+
+  is-fullwidth-code-point@5.1.0:
+    dependencies:
+      get-east-asian-width: 1.6.0
+
+  is-in-ci@2.0.0: {}
+
+  isexe@2.0.0: {}
+
+  istanbul-lib-coverage@3.2.2: {}
+
+  istanbul-lib-report@3.0.1:
+    dependencies:
+      istanbul-lib-coverage: 3.2.2
+      make-dir: 4.0.0
+      supports-color: 7.2.0
+
+  istanbul-lib-source-maps@5.0.6:
+    dependencies:
+      '@jridgewell/trace-mapping': 0.3.31
+      debug: 4.4.3
+      istanbul-lib-coverage: 3.2.2
+    transitivePeerDependencies:
+      - supports-color
+
+  istanbul-reports@3.2.0:
+    dependencies:
+      html-escaper: 2.0.2
+      istanbul-lib-report: 3.0.1
+
+  jackspeak@3.4.3:
+    dependencies:
+      '@isaacs/cliui': 8.0.2
+    optionalDependencies:
+      '@pkgjs/parseargs': 0.11.0
+
+  jiti@2.7.0: {}
+
   js-tokens@4.0.0: {}
 
   jsesc@3.1.0: {}
 
+  json-schema-to-ts@3.1.1:
+    dependencies:
+      '@babel/runtime': 7.29.7
+      ts-algebra: 2.0.0
+
   json5@2.2.3: {}
 
+  jsonschema@1.5.0: {}
+
+  knip@6.14.2:
+    dependencies:
+      fdir: 6.5.0(picomatch@4.0.4)
+      formatly: 0.3.0
+      get-tsconfig: 4.14.0
+      jiti: 2.7.0
+      minimist: 1.2.8
+      oxc-parser: 0.130.0
+      oxc-resolver: 11.20.0
+      picomatch: 4.0.4
+      smol-toml: 1.6.1
+      strip-json-comments: 5.0.3
+      tinyglobby: 0.2.16
+      unbash: 3.0.0
+      yaml: 2.9.0
+      zod: 4.4.3
+
+  long@5.3.2: {}
+
   loose-envify@1.4.0:
     dependencies:
       js-tokens: 4.0.0
 
+  loupe@3.2.1: {}
+
+  lru-cache@10.4.3: {}
+
   lru-cache@5.1.1:
     dependencies:
       yallist: 3.1.1
@@ -1211,12 +4225,117 @@ snapshots:
     dependencies:
       react: 18.3.1
 
+  magic-string@0.30.21:
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.5.5
+
+  magicast@0.3.5:
+    dependencies:
+      '@babel/parser': 7.29.7
+      '@babel/types': 7.29.7
+      source-map-js: 1.2.1
+
+  make-dir@4.0.0:
+    dependencies:
+      semver: 7.8.1
+
+  mimic-fn@2.1.0: {}
+
+  minimatch@10.2.5:
+    dependencies:
+      brace-expansion: 5.0.6
+
+  minimatch@9.0.9:
+    dependencies:
+      brace-expansion: 2.1.1
+
+  minimist@1.2.8: {}
+
+  minipass@7.1.3: {}
+
   ms@2.1.3: {}
 
   nanoid@3.3.12: {}
 
   node-releases@2.0.46: {}
 
+  ollama@0.5.18:
+    dependencies:
+      whatwg-fetch: 3.6.20
+
+  onetime@5.1.2:
+    dependencies:
+      mimic-fn: 2.1.0
+
+  openai@6.39.0(ws@8.21.0)(zod@4.4.3):
+    optionalDependencies:
+      ws: 8.21.0
+      zod: 4.4.3
+
+  oxc-parser@0.130.0:
+    dependencies:
+      '@oxc-project/types': 0.130.0
+    optionalDependencies:
+      '@oxc-parser/binding-android-arm-eabi': 0.130.0
+      '@oxc-parser/binding-android-arm64': 0.130.0
+      '@oxc-parser/binding-darwin-arm64': 0.130.0
+      '@oxc-parser/binding-darwin-x64': 0.130.0
+      '@oxc-parser/binding-freebsd-x64': 0.130.0
+      '@oxc-parser/binding-linux-arm-gnueabihf': 0.130.0
+      '@oxc-parser/binding-linux-arm-musleabihf': 0.130.0
+      '@oxc-parser/binding-linux-arm64-gnu': 0.130.0
+      '@oxc-parser/binding-linux-arm64-musl': 0.130.0
+      '@oxc-parser/binding-linux-ppc64-gnu': 0.130.0
+      '@oxc-parser/binding-linux-riscv64-gnu': 0.130.0
+      '@oxc-parser/binding-linux-riscv64-musl': 0.130.0
+      '@oxc-parser/binding-linux-s390x-gnu': 0.130.0
+      '@oxc-parser/binding-linux-x64-gnu': 0.130.0
+      '@oxc-parser/binding-linux-x64-musl': 0.130.0
+      '@oxc-parser/binding-openharmony-arm64': 0.130.0
+      '@oxc-parser/binding-wasm32-wasi': 0.130.0
+      '@oxc-parser/binding-win32-arm64-msvc': 0.130.0
+      '@oxc-parser/binding-win32-ia32-msvc': 0.130.0
+      '@oxc-parser/binding-win32-x64-msvc': 0.130.0
+
+  oxc-resolver@11.20.0:
+    optionalDependencies:
+      '@oxc-resolver/binding-android-arm-eabi': 11.20.0
+      '@oxc-resolver/binding-android-arm64': 11.20.0
+      '@oxc-resolver/binding-darwin-arm64': 11.20.0
+      '@oxc-resolver/binding-darwin-x64': 11.20.0
+      '@oxc-resolver/binding-freebsd-x64': 11.20.0
+      '@oxc-resolver/binding-linux-arm-gnueabihf': 11.20.0
+      '@oxc-resolver/binding-linux-arm-musleabihf': 11.20.0
+      '@oxc-resolver/binding-linux-arm64-gnu': 11.20.0
+      '@oxc-resolver/binding-linux-arm64-musl': 11.20.0
+      '@oxc-resolver/binding-linux-ppc64-gnu': 11.20.0
+      '@oxc-resolver/binding-linux-riscv64-gnu': 11.20.0
+      '@oxc-resolver/binding-linux-riscv64-musl': 11.20.0
+      '@oxc-resolver/binding-linux-s390x-gnu': 11.20.0
+      '@oxc-resolver/binding-linux-x64-gnu': 11.20.0
+      '@oxc-resolver/binding-linux-x64-musl': 11.20.0
+      '@oxc-resolver/binding-openharmony-arm64': 11.20.0
+      '@oxc-resolver/binding-wasm32-wasi': 11.20.0
+      '@oxc-resolver/binding-win32-arm64-msvc': 11.20.0
+      '@oxc-resolver/binding-win32-x64-msvc': 11.20.0
+
+  package-json-from-dist@1.0.1: {}
+
+  patch-console@2.0.0: {}
+
+  path-expression-matcher@1.5.0: {}
+
+  path-key@3.1.1: {}
+
+  path-scurry@1.11.1:
+    dependencies:
+      lru-cache: 10.4.3
+      minipass: 7.1.3
+
+  pathe@1.1.2: {}
+
+  pathval@2.0.1: {}
+
   picocolors@1.1.1: {}
 
   picomatch@4.0.4: {}
@@ -1227,18 +4346,49 @@ snapshots:
       picocolors: 1.1.1
       source-map-js: 1.2.1
 
+  protobufjs@7.6.1:
+    dependencies:
+      '@protobufjs/aspromise': 1.1.2
+      '@protobufjs/base64': 1.1.2
+      '@protobufjs/codegen': 2.0.5
+      '@protobufjs/eventemitter': 1.1.1
+      '@protobufjs/fetch': 1.1.1
+      '@protobufjs/float': 1.0.2
+      '@protobufjs/inquire': 1.1.2
+      '@protobufjs/path': 1.1.2
+      '@protobufjs/pool': 1.1.0
+      '@protobufjs/utf8': 1.1.1
+      '@types/node': 22.19.19
+      long: 5.3.2
+
+  pure-rand@8.4.0: {}
+
   react-dom@18.3.1(react@18.3.1):
     dependencies:
       loose-envify: 1.4.0
       react: 18.3.1
       scheduler: 0.23.2
 
+  react-reconciler@0.33.0(react@19.2.6):
+    dependencies:
+      react: 19.2.6
+      scheduler: 0.27.0
+
   react-refresh@0.17.0: {}
 
   react@18.3.1:
     dependencies:
       loose-envify: 1.4.0
 
+  react@19.2.6: {}
+
+  resolve-pkg-maps@1.0.0: {}
+
+  restore-cursor@4.0.0:
+    dependencies:
+      onetime: 5.1.2
+      signal-exit: 3.0.7
+
   rollup@4.60.4:
     dependencies:
       '@types/estree': 1.0.8
@@ -1274,26 +4424,149 @@ snapshots:
     dependencies:
       loose-envify: 1.4.0
 
+  scheduler@0.27.0: {}
+
   semver@6.3.1: {}
 
+  semver@7.8.1: {}
+
+  shebang-command@2.0.0:
+    dependencies:
+      shebang-regex: 3.0.0
+
+  shebang-regex@3.0.0: {}
+
+  siginfo@2.0.0: {}
+
+  signal-exit@3.0.7: {}
+
+  signal-exit@4.1.0: {}
+
   simple-icons@16.21.0: {}
 
+  slice-ansi@9.0.0:
+    dependencies:
+      ansi-styles: 6.2.3
+      is-fullwidth-code-point: 5.1.0
+
+  smol-toml@1.6.1: {}
+
   source-map-js@1.2.1: {}
 
+  stack-utils@2.0.6:
+    dependencies:
+      escape-string-regexp: 2.0.0
+
+  stackback@0.0.2: {}
+
+  std-env@3.10.0: {}
+
+  string-width@4.2.3:
+    dependencies:
+      emoji-regex: 8.0.0
+      is-fullwidth-code-point: 3.0.0
+      strip-ansi: 6.0.1
+
+  string-width@5.1.2:
+    dependencies:
+      eastasianwidth: 0.2.0
+      emoji-regex: 9.2.2
+      strip-ansi: 7.2.0
+
+  string-width@8.2.1:
+    dependencies:
+      get-east-asian-width: 1.6.0
+      strip-ansi: 7.2.0
+
+  strip-ansi@6.0.1:
+    dependencies:
+      ansi-regex: 5.0.1
+
+  strip-ansi@7.2.0:
+    dependencies:
+      ansi-regex: 6.2.2
+
+  strip-json-comments@5.0.3: {}
+
+  strnum@2.3.0: {}
+
+  supports-color@7.2.0:
+    dependencies:
+      has-flag: 4.0.0
+
+  tagged-tag@1.0.0: {}
+
+  terminal-size@4.0.1: {}
+
+  test-exclude@7.0.2:
+    dependencies:
+      '@istanbuljs/schema': 0.1.6
+      glob: 10.5.0
+      minimatch: 10.2.5
+
+  tinybench@2.9.0: {}
+
+  tinyexec@0.3.2: {}
+
   tinyglobby@0.2.16:
     dependencies:
       fdir: 6.5.0(picomatch@4.0.4)
       picomatch: 4.0.4
 
+  tinypool@1.1.1: {}
+
+  tinyrainbow@1.2.0: {}
+
+  tinyspy@3.0.2: {}
+
+  ts-algebra@2.0.0: {}
+
+  tslib@2.8.1: {}
+
+  type-fest@5.6.0:
+    dependencies:
+      tagged-tag: 1.0.0
+
   typescript@5.9.3: {}
 
+  unbash@3.0.0: {}
+
+  undici-types@6.21.0: {}
+
   update-browserslist-db@1.2.3(browserslist@4.28.2):
     dependencies:
       browserslist: 4.28.2
       escalade: 3.2.0
       picocolors: 1.1.1
 
-  vite@6.4.2:
+  vite-node@2.1.9(@types/node@22.19.19):
+    dependencies:
+      cac: 6.7.14
+      debug: 4.4.3
+      es-module-lexer: 1.7.0
+      pathe: 1.1.2
+      vite: 5.4.21(@types/node@22.19.19)
+    transitivePeerDependencies:
+      - '@types/node'
+      - less
+      - lightningcss
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+
+  vite@5.4.21(@types/node@22.19.19):
+    dependencies:
+      esbuild: 0.21.5
+      postcss: 8.5.15
+      rollup: 4.60.4
+    optionalDependencies:
+      '@types/node': 22.19.19
+      fsevents: 2.3.3
+
+  vite@6.4.2(@types/node@22.19.19)(jiti@2.7.0)(yaml@2.9.0):
     dependencies:
       esbuild: 0.25.12
       fdir: 6.5.0(picomatch@4.0.4)
@@ -1302,6 +4575,95 @@ snapshots:
       rollup: 4.60.4
       tinyglobby: 0.2.16
     optionalDependencies:
+      '@types/node': 22.19.19
       fsevents: 2.3.3
+      jiti: 2.7.0
+      yaml: 2.9.0
+
+  vitest@2.1.9(@types/node@22.19.19):
+    dependencies:
+      '@vitest/expect': 2.1.9
+      '@vitest/mocker': 2.1.9(vite@5.4.21(@types/node@22.19.19))
+      '@vitest/pretty-format': 2.1.9
+      '@vitest/runner': 2.1.9
+      '@vitest/snapshot': 2.1.9
+      '@vitest/spy': 2.1.9
+      '@vitest/utils': 2.1.9
+      chai: 5.3.3
+      debug: 4.4.3
+      expect-type: 1.3.0
+      magic-string: 0.30.21
+      pathe: 1.1.2
+      std-env: 3.10.0
+      tinybench: 2.9.0
+      tinyexec: 0.3.2
+      tinypool: 1.1.1
+      tinyrainbow: 1.2.0
+      vite: 5.4.21(@types/node@22.19.19)
+      vite-node: 2.1.9(@types/node@22.19.19)
+      why-is-node-running: 2.3.0
+    optionalDependencies:
+      '@types/node': 22.19.19
+    transitivePeerDependencies:
+      - less
+      - lightningcss
+      - msw
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+
+  walk-up-path@4.0.0: {}
+
+  whatwg-fetch@3.6.20: {}
+
+  which@2.0.2:
+    dependencies:
+      isexe: 2.0.0
+
+  why-is-node-running@2.3.0:
+    dependencies:
+      siginfo: 2.0.0
+      stackback: 0.0.2
+
+  widest-line@6.0.0:
+    dependencies:
+      string-width: 8.2.1
+
+  wrap-ansi@10.0.0:
+    dependencies:
+      ansi-styles: 6.2.3
+      string-width: 8.2.1
+      strip-ansi: 7.2.0
+
+  wrap-ansi@7.0.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      string-width: 4.2.3
+      strip-ansi: 6.0.1
+
+  wrap-ansi@8.1.0:
+    dependencies:
+      ansi-styles: 6.2.3
+      string-width: 5.1.2
+      strip-ansi: 7.2.0
+
+  ws@8.21.0: {}
+
+  xml-naming@0.1.0: {}
 
   yallist@3.1.1: {}
+
+  yaml@2.9.0: {}
+
+  yoga-layout@3.2.1: {}
+
+  zod-to-json-schema@3.25.2(zod@3.25.76):
+    dependencies:
+      zod: 3.25.76
+
+  zod@3.25.76: {}
+
+  zod@4.4.3: {}
diff --git a/desktop/pnpm-workspace.yaml b/desktop/pnpm-workspace.yaml
index 0e5a073..88fa5f2 100644
--- a/desktop/pnpm-workspace.yaml
+++ b/desktop/pnpm-workspace.yaml
@@ -1,3 +1,7 @@
 packages:
   - "packages/*"
   - "apps/*"
+  # namzu agent runtime, vendored as a git submodule under submodules/namzu.
+  # Mirrors namzu's own workspace globs so cross-package deps still resolve.
+  - "submodules/namzu/packages/*"
+  - "submodules/namzu/packages/providers/*"
diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
new file mode 160000
index 0000000..42f577e
--- /dev/null
+++ b/desktop/submodules/namzu
@@ -0,0 +1 @@
+Subproject commit 42f577e7fa7fce09e641882c6c35b097ceb3f79d

From 63c3cb88c7568d4997558344f1f68328bf973d6f Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 18:03:59 +0300
Subject: [PATCH 47/86] feat(desktop): Projects model + landing view (ADE Phase
 B)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ADE pivot needs a project list before a conversation can hang off it.
This adds the model end-to-end and the new default landing:

- ~/.config/clawtool/projects.json: a thin ledger of {id, label, cwd,
  created_at, last_used_at}. Bindings: ProjectsList (newest-used first),
  ProjectsAdd (dedupes by cwd, refreshes label on re-add), ProjectsRemove,
  ProjectsTouch (called when the UI selects a project so it bubbles up).
- Bridge: typed wrappers (projectsList/Add/Remove/Touch) + Project type.
- A new Projects nav entry on the sidebar, set as the desktop's default
  view — the legacy Home/Agents/Network/Updates/Settings tabs stay as
  secondary nav while the rest of the ADE migrates.
- Projects view: header row with "Add project" action, inline new-project
  form (cwd + optional label, dedupes server-side), project list with
  Active badge + remove, and a detail panel placeholder where Phase C will
  drop the namzu-driven conversation view.
- Dev stubs cover the four endpoints so the Vite dev server renders a
  realistic state.
---
 cmd/clawtool-installer/projects.go         | 187 ++++++++++++++++++++
 desktop/apps/app-ui/src/App.tsx            |  19 +-
 desktop/apps/app-ui/src/dev-stubs.ts       |   9 +
 desktop/apps/app-ui/src/views/Projects.tsx | 192 +++++++++++++++++++++
 desktop/packages/bridge/src/app.ts         |   7 +
 desktop/packages/bridge/src/types.ts       |  10 ++
 6 files changed, 421 insertions(+), 3 deletions(-)
 create mode 100644 cmd/clawtool-installer/projects.go
 create mode 100644 desktop/apps/app-ui/src/views/Projects.tsx

diff --git a/cmd/clawtool-installer/projects.go b/cmd/clawtool-installer/projects.go
new file mode 100644
index 0000000..36e8974
--- /dev/null
+++ b/cmd/clawtool-installer/projects.go
@@ -0,0 +1,187 @@
+// Projects ledger — each project is a working directory the agent operates
+// against. The desktop's left sidebar lists them; selecting one anchors the
+// conversation pane (Phase C) and namzu's per-project session tree
+// (~/.namzu/projects/<id>/sessions/...).
+//
+// Persisted at ~/.config/clawtool/projects.json (alongside daemon.json,
+// device-cert.pem, …). Bindings are intentionally thin: list/add/remove +
+// touch-on-use. No git/cwd magic here — the UI passes a path the user picked.
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type Project struct {
+	ID         string    `json:"id"`
+	Label      string    `json:"label"`
+	Cwd        string    `json:"cwd"`
+	CreatedAt  time.Time `json:"created_at"`
+	LastUsedAt time.Time `json:"last_used_at"`
+}
+
+func projectsPath() (string, error) {
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return "", errors.New("can't resolve home directory")
+	}
+	return filepath.Join(home, ".config", "clawtool", "projects.json"), nil
+}
+
+func loadProjects() ([]Project, error) {
+	p, err := projectsPath()
+	if err != nil {
+		return nil, err
+	}
+	b, err := os.ReadFile(p)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return []Project{}, nil
+		}
+		return nil, err
+	}
+	if len(b) == 0 {
+		return []Project{}, nil
+	}
+	var out []Project
+	if err := json.Unmarshal(b, &out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func saveProjects(ps []Project) error {
+	p, err := projectsPath()
+	if err != nil {
+		return err
+	}
+	if err := os.MkdirAll(filepath.Dir(p), 0o700); err != nil {
+		return err
+	}
+	body, err := json.MarshalIndent(ps, "", "  ")
+	if err != nil {
+		return err
+	}
+	return os.WriteFile(p, append(body, '\n'), 0o600)
+}
+
+// ProjectsList returns the registered projects, newest-used first.
+func (a *App) ProjectsList() string {
+	ps, err := loadProjects()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	// Newest LastUsedAt first; insertion-stable sort is fine for the
+	// small N a user maintains.
+	for i := 1; i < len(ps); i++ {
+		for j := i; j > 0 && ps[j].LastUsedAt.After(ps[j-1].LastUsedAt); j-- {
+			ps[j-1], ps[j] = ps[j], ps[j-1]
+		}
+	}
+	b, _ := json.Marshal(ps)
+	return string(b)
+}
+
+// ProjectsAdd registers a working directory as a project. If one already
+// exists for that cwd, its LastUsedAt is refreshed and the existing record
+// is returned — the UI never produces duplicates from a re-add.
+func (a *App) ProjectsAdd(label, cwd string) string {
+	cwd = strings.TrimSpace(cwd)
+	if cwd == "" {
+		return jsonErr("cwd is required")
+	}
+	label = strings.TrimSpace(label)
+	if label == "" {
+		label = filepath.Base(cwd)
+	}
+	ps, err := loadProjects()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	now := time.Now().UTC()
+	for i := range ps {
+		if ps[i].Cwd == cwd {
+			ps[i].LastUsedAt = now
+			if label != "" {
+				ps[i].Label = label
+			}
+			if err := saveProjects(ps); err != nil {
+				return jsonErr(err.Error())
+			}
+			b, _ := json.Marshal(map[string]any{"ok": true, "project": ps[i]})
+			return string(b)
+		}
+	}
+	p := Project{
+		ID:         uuid.NewString(),
+		Label:      label,
+		Cwd:        cwd,
+		CreatedAt:  now,
+		LastUsedAt: now,
+	}
+	ps = append(ps, p)
+	if err := saveProjects(ps); err != nil {
+		return jsonErr(err.Error())
+	}
+	b, _ := json.Marshal(map[string]any{"ok": true, "project": p})
+	return string(b)
+}
+
+// ProjectsRemove drops a project from the ledger by id.
+func (a *App) ProjectsRemove(id string) string {
+	id = strings.TrimSpace(id)
+	if id == "" {
+		return jsonErr("project id is required")
+	}
+	ps, err := loadProjects()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	out := ps[:0]
+	found := false
+	for _, p := range ps {
+		if p.ID == id {
+			found = true
+			continue
+		}
+		out = append(out, p)
+	}
+	if !found {
+		return jsonErr("no project with that id")
+	}
+	if err := saveProjects(out); err != nil {
+		return jsonErr(err.Error())
+	}
+	return `{"ok":true}`
+}
+
+// ProjectsTouch marks a project as most-recently-used (called when the UI
+// selects it). The ordering bubbles it to the top of ProjectsList.
+func (a *App) ProjectsTouch(id string) string {
+	id = strings.TrimSpace(id)
+	if id == "" {
+		return jsonErr("project id is required")
+	}
+	ps, err := loadProjects()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	now := time.Now().UTC()
+	for i := range ps {
+		if ps[i].ID == id {
+			ps[i].LastUsedAt = now
+			if err := saveProjects(ps); err != nil {
+				return jsonErr(err.Error())
+			}
+			return `{"ok":true}`
+		}
+	}
+	return jsonErr("no project with that id")
+}
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 182b563..9e05c2b 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -1,21 +1,25 @@
 import { useEffect, useState } from "react";
 import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
 import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
-import { Bot, House, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
+import { Bot, FolderKanban, House, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
 import { Home } from "./views/Home";
 import { Agents } from "./views/Agents";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
 import { Settings } from "./views/Settings";
+import { Projects } from "./views/Projects";
 import { PairPrompt } from "./components/PairPrompt";
 import styles from "./App.module.css";
 
-type View = "home" | "agents" | "network" | "updates" | "settings";
+type View = "projects" | "home" | "agents" | "network" | "updates" | "settings";
 
 export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
   const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
-  const [view, setView] = useState<View>("home");
+  // Projects is the new ADE landing — the desktop opens to the project list,
+  // and selecting one drives the conversation (Phase C). The legacy tabs stay
+  // as secondary nav while we migrate.
+  const [view, setView] = useState<View>("projects");
 
   useEffect(() => {
     environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
@@ -44,6 +48,12 @@ export function App() {
             </>
           }
         >
+          <NavItem
+            icon={<FolderKanban {...ic} />}
+            label="Projects"
+            active={view === "projects"}
+            onClick={() => setView("projects")}
+          />
           <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
           <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
           <NavItem icon={<NetIcon {...ic} />} label="Network" active={view === "network"} onClick={() => setView("network")} />
@@ -55,6 +65,9 @@ export function App() {
               instead of unmounting, so state + scroll persist and switching
               tabs never flashes an empty re-load. Views refresh in the
               background only while active. */}
+          <div className={styles.page} style={view === "projects" ? undefined : hidden}>
+            <Projects brand={brand} active={view === "projects"} />
+          </div>
           <div className={styles.page} style={view === "home" ? undefined : hidden}>
             <Home brand={brand} active={view === "home"} onNavigate={(v) => setView(v as View)} />
           </div>
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index c4b4e4a..8a41829 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -77,6 +77,15 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     PairApprove: () => J({ ok: true }),
     PairDeny: () => J({ ok: true }),
     PairForget: () => J({ ok: true }),
+    ProjectsList: () =>
+      J([
+        { id: "p-clawtool", label: "clawtool", cwd: "/Users/bahadirarda/Documents/Workspaces/cogitave.com/repos/clawtool", created_at: "2026-05-28T00:00:00Z", last_used_at: "2026-05-28T05:00:00Z" },
+        { id: "p-namzu", label: "namzu", cwd: "/Users/bahadirarda/Documents/Workspaces/cogitave.com/repos/namzu", created_at: "2026-05-27T10:00:00Z", last_used_at: "2026-05-27T22:00:00Z" },
+      ]),
+    ProjectsAdd: (...a: unknown[]) =>
+      J({ ok: true, project: { id: "p-new", label: String(a[0]) || "new", cwd: String(a[1]), created_at: new Date().toISOString(), last_used_at: new Date().toISOString() } }),
+    ProjectsRemove: () => J({ ok: true }),
+    ProjectsTouch: () => J({ ok: true }),
     PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
     RunDoctor: () => J({ ok: true, output: "clawtool doctor — 0.22.171\n\n[binary]    ✓ clawtool on PATH\n[daemon]    ✓ running on 127.0.0.1:64205\n[agents]    ✓ claude, codex callable\n[bridges]   ⚠ gemini bridge missing\n\n1 warning, 0 errors" }),
     Quit: () => {},
diff --git a/desktop/apps/app-ui/src/views/Projects.tsx b/desktop/apps/app-ui/src/views/Projects.tsx
new file mode 100644
index 0000000..af0c415
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Projects.tsx
@@ -0,0 +1,192 @@
+import { useEffect, useState } from "react";
+import { Badge, Button, SectionHeader } from "@clawtool/design-system";
+import { App, type Brand, type Project } from "@clawtool/bridge";
+import { FolderPlus, Trash2 } from "lucide-react";
+import { Toast } from "../components/Toast";
+import styles from "../App.module.css";
+
+// The ADE landing — projects on the left, active project's detail on the
+// right. Phase B wires the model + management; Phase C swaps the detail
+// pane for the namzu-driven conversation view.
+export function Projects({ brand: _brand }: { brand: Brand; active?: boolean }) {
+  const [projects, setProjects] = useState<Project[]>([]);
+  const [active, setActive] = useState<Project | null>(null);
+  const [addOpen, setAddOpen] = useState(false);
+  const [cwd, setCwd] = useState("");
+  const [label, setLabel] = useState("");
+  const [busy, setBusy] = useState(false);
+  const [toast, setToast] = useState("");
+
+  async function load() {
+    const list = await App.projectsList();
+    setProjects(Array.isArray(list) ? list : []);
+  }
+  useEffect(() => {
+    load();
+  }, []);
+
+  // Auto-select the most-recently-used project on first load so the detail
+  // pane isn't empty when the user has at least one.
+  useEffect(() => {
+    if (!active && projects.length > 0) setActive(projects[0]);
+  }, [projects, active]);
+
+  async function addProject() {
+    const trimmed = cwd.trim();
+    if (!trimmed) {
+      setToast("Pick a folder first");
+      return;
+    }
+    setBusy(true);
+    const r = (await App.projectsAdd(label.trim(), trimmed)) as Record<string, unknown>;
+    if (r.ok) {
+      setAddOpen(false);
+      setCwd("");
+      setLabel("");
+      await load();
+      const p = (r.project as Project) ?? null;
+      if (p) setActive(p);
+      setToast(`Added ${p?.label ?? "project"}`);
+    } else {
+      setToast(typeof r.error === "string" ? r.error : "Couldn't add project");
+    }
+    setBusy(false);
+  }
+
+  async function selectProject(p: Project) {
+    setActive(p);
+    await App.projectsTouch(p.id);
+    load();
+  }
+
+  async function removeProject(p: Project) {
+    setBusy(true);
+    const r = (await App.projectsRemove(p.id)) as Record<string, unknown>;
+    setBusy(false);
+    if (r.ok) {
+      if (active?.id === p.id) setActive(null);
+      setToast(`Removed ${p.label}`);
+      await load();
+    } else {
+      setToast(typeof r.error === "string" ? r.error : "Couldn't remove");
+    }
+  }
+
+  return (
+    <>
+      <div className={styles.head}>
+        <div>
+          <h1 className={styles.vh}>Projects</h1>
+          <div className={styles.lead}>
+            Each project anchors the agent to a working directory — its conversation, tools, and memory live there.
+          </div>
+        </div>
+        <div className={styles.actionSlot}>
+          <Button variant="secondary" onClick={() => setAddOpen(true)}>
+            <FolderPlus size={14} style={{ marginRight: 6, verticalAlign: "-2px" }} />
+            Add project
+          </Button>
+        </div>
+      </div>
+
+      {addOpen ? (
+        <div className={styles.field} style={{ marginTop: 12 }}>
+          <div className={styles.fieldHead}>
+            <div className={styles.st}>New project</div>
+          </div>
+          <div className={styles.sd}>The folder the agent will operate against (its current working directory).</div>
+          <div style={{ display: "flex", flexDirection: "column", gap: 8, marginTop: 10 }}>
+            <input
+              className={styles.input}
+              placeholder="/path/to/project"
+              value={cwd}
+              autoFocus
+              onChange={(e) => setCwd(e.target.value)}
+              onKeyDown={(e) => {
+                if (e.key === "Enter") addProject();
+                if (e.key === "Escape") setAddOpen(false);
+              }}
+            />
+            <input
+              className={styles.input}
+              placeholder="Label (optional — defaults to folder name)"
+              value={label}
+              onChange={(e) => setLabel(e.target.value)}
+            />
+            <div style={{ display: "flex", gap: 10 }}>
+              <Button variant="primary" onClick={addProject} disabled={busy || !cwd.trim()}>
+                Add
+              </Button>
+              <Button variant="ghost" onClick={() => setAddOpen(false)}>
+                Cancel
+              </Button>
+            </div>
+          </div>
+        </div>
+      ) : null}
+
+      <SectionHeader title={`Your projects${projects.length ? ` (${projects.length})` : ""}`} />
+      {projects.length === 0 ? (
+        <div className={styles.sd} style={{ marginTop: 8 }}>
+          No projects yet. Add one above — pick a folder, give it a label, and the agent will work against it.
+        </div>
+      ) : (
+        <div className={styles.deviceList}>
+          {projects.map((p) => {
+            const isActive = active?.id === p.id;
+            return (
+              <div key={p.id} className={styles.device}>
+                <button
+                  type="button"
+                  className={styles.deviceRow}
+                  style={{
+                    background: isActive ? "var(--hover)" : undefined,
+                    border: 0,
+                    cursor: "pointer",
+                    textAlign: "left",
+                    width: "100%",
+                  }}
+                  onClick={() => selectProject(p)}
+                >
+                  <div style={{ minWidth: 0, flex: 1 }}>
+                    <div className={styles.deviceName}>{p.label}</div>
+                    <div className={styles.deviceMeta}>{p.cwd}</div>
+                  </div>
+                  <span className={styles.deviceRight}>
+                    {isActive ? <Badge tone="accent">Active</Badge> : null}
+                    <Button
+                      variant="ghost"
+                      disabled={busy}
+                      onClick={(e) => {
+                        e.stopPropagation();
+                        removeProject(p);
+                      }}
+                    >
+                      <Trash2 size={14} />
+                    </Button>
+                  </span>
+                </button>
+              </div>
+            );
+          })}
+        </div>
+      )}
+
+      {active ? (
+        <div className={styles.field}>
+          <div className={styles.fieldHead}>
+            <div className={styles.st}>{active.label}</div>
+            <Badge tone="neutral">project</Badge>
+          </div>
+          <div className={styles.sd}>{active.cwd}</div>
+          <div className={styles.sd} style={{ marginTop: 12 }}>
+            Conversation pane lands here next (Phase C). The agent runtime (namzu) is embedded and pinned to this
+            project's cwd; tool calls go through clawtool's MCP layer.
+          </div>
+        </div>
+      ) : null}
+
+      <Toast message={toast} onClear={() => setToast("")} />
+    </>
+  );
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 9a7d84c..65255b6 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -11,6 +11,7 @@ import type {
   NetworkSnapshot,
   PairingRequest,
   PeerAgentsResult,
+  Project,
   Result,
   UpdateInfo,
 } from "./types";
@@ -61,6 +62,12 @@ export const App = {
   pairForget: (selector: string) => callJSON<Result>("PairForget", OK_FALSE, selector),
   pairRequest: (peerID: string) => callJSON<Result>("PairRequest", OK_FALSE, peerID),
 
+  // projects ledger — left sidebar anchors the agent to a cwd per project
+  projectsList: () => callJSON<Project[]>("ProjectsList", []),
+  projectsAdd: (label: string, cwd: string) => callJSON<Result>("ProjectsAdd", OK_FALSE, label, cwd),
+  projectsRemove: (id: string) => callJSON<Result>("ProjectsRemove", OK_FALSE, id),
+  projectsTouch: (id: string) => callJSON<Result>("ProjectsTouch", OK_FALSE, id),
+
   // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
   lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index d1d6b58..5e7d0b0 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -77,6 +77,16 @@ export type PairingRequest = {
 export type Result = { ok: boolean; error?: string; [k: string]: unknown };
 export type LanStatus = { ok: boolean; enabled?: boolean };
 
+// A project anchors the agent to a working directory — its conversation
+// and namzu's session tree live under that cwd.
+export type Project = {
+  id: string;
+  label: string;
+  cwd: string;
+  created_at?: string;
+  last_used_at?: string;
+};
+
 // Wails runtime events emitted by the Go side.
 export type InstallStep = { level?: "ok" | "warn" | "fail"; label?: string; message?: string; raw?: string };
 export type InstallDone = { ok?: boolean; summary?: string };

From a9d6fff1157bed6eb27e8851f6fda92378737f91 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 18:09:13 +0300
Subject: [PATCH 48/86] feat(desktop): Conversation view + streaming event
 protocol (ADE Phase C)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The active project's detail panel becomes a real conversation pane. The
plumbing is end to end — UI, bridge, Wails binding, event channel — with a
placeholder responder so the streaming behaviour is observable now; Phase
D swaps the responder for namzu's runtime running against the project's
cwd, with clawtool MCP tools wired in.

- Go: AgentSend(projectID, message) returns a turn id and streams events
  back over the "agent:event" Wails channel — start → delta(s) →
  tool-start/tool-end → done|error.
- Bridge: agentSend wrapper + AgentEvent type.
- Conversation component: per-project transcript (persists thanks to
  keep-alive routing), streaming deltas with a typewriter caret, tool-call
  chips, Enter to send / Shift+Enter newline. Filters events by turn id so
  switching projects mid-stream doesn't bleed.
- Dev stubs gain a real EventsOn/EventsEmit bus so the streaming flow
  works under `pnpm dev` too.
---
 cmd/clawtool-installer/agent.go               |  68 ++++++++
 .../src/components/Conversation.module.css    | 103 ++++++++++++
 .../app-ui/src/components/Conversation.tsx    | 152 ++++++++++++++++++
 desktop/apps/app-ui/src/dev-stubs.ts          |  34 +++-
 desktop/apps/app-ui/src/views/Projects.tsx    |   9 +-
 desktop/packages/bridge/src/app.ts            |   5 +
 desktop/packages/bridge/src/types.ts          |  11 ++
 7 files changed, 374 insertions(+), 8 deletions(-)
 create mode 100644 cmd/clawtool-installer/agent.go
 create mode 100644 desktop/apps/app-ui/src/components/Conversation.module.css
 create mode 100644 desktop/apps/app-ui/src/components/Conversation.tsx

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
new file mode 100644
index 0000000..4d69f8f
--- /dev/null
+++ b/cmd/clawtool-installer/agent.go
@@ -0,0 +1,68 @@
+// Agent dispatch — the seam Conversation calls when the operator sends a
+// message in a project. Phase C wires the protocol end to end with a
+// placeholder responder so the UI/event plumbing is real; Phase D swaps the
+// responder for namzu's actual runtime (per-project session, clawtool MCP
+// tools); Phase E adds an optional peer routing path so the dispatch can run
+// on a paired device's daemon instead of locally.
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/google/uuid"
+	wruntime "github.com/wailsapp/wails/v2/pkg/runtime"
+)
+
+// agentEvent is the single shape streamed back over Wails events.
+// Kind: "start" | "delta" | "tool-start" | "tool-end" | "done" | "error".
+type agentEvent struct {
+	TurnID    string `json:"turn_id"`
+	ProjectID string `json:"project_id"`
+	Kind      string `json:"kind"`
+	Text      string `json:"text,omitempty"`
+	ToolName  string `json:"tool_name,omitempty"`
+	Error     string `json:"error,omitempty"`
+}
+
+// AgentSend kicks off a turn for the given project. Returns the turn id
+// immediately; the actual events stream over the "agent:event" channel —
+// the renderer subscribes via runtime.EventsOn and updates the transcript
+// as deltas arrive. Empty project id is allowed (for one-off chats not
+// anchored to a project).
+func (a *App) AgentSend(projectID, message string) string {
+	turnID := uuid.NewString()
+	go a.runAgentTurn(turnID, projectID, message)
+	b, _ := json.Marshal(map[string]any{"ok": true, "turn_id": turnID})
+	return string(b)
+}
+
+// runAgentTurn is the placeholder responder. It demonstrates the streaming
+// contract — start → a few deltas → done — so the renderer's typewriter +
+// state machine work end to end before Phase D plugs in namzu.
+func (a *App) runAgentTurn(turnID, projectID, message string) {
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
+	preview := message
+	if len(preview) > 40 {
+		preview = preview[:40] + "…"
+	}
+	parts := []string{
+		fmt.Sprintf("Echo (Phase C placeholder): %q.", preview),
+		" The conversation pipe is live — Phase D will replace this responder",
+		" with namzu's runtime running against this project's cwd, and the",
+		" tool calls will route through clawtool's MCP layer.",
+	}
+	for _, p := range parts {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: p})
+		time.Sleep(180 * time.Millisecond)
+	}
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+}
+
+func (a *App) emitAgent(ev agentEvent) {
+	if a.ctx == nil {
+		return
+	}
+	wruntime.EventsEmit(a.ctx, "agent:event", ev)
+}
diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
new file mode 100644
index 0000000..e4f88d9
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -0,0 +1,103 @@
+.wrap {
+  display: flex;
+  flex-direction: column;
+  flex: 1;
+  min-height: 0;
+  gap: 12px;
+}
+.transcript {
+  flex: 1;
+  min-height: 180px;
+  max-height: 60vh;
+  overflow-y: auto;
+  display: flex;
+  flex-direction: column;
+  gap: 12px;
+  padding: 6px 2px;
+}
+.msg {
+  display: flex;
+  gap: 10px;
+  align-items: flex-start;
+}
+.role {
+  width: 32px;
+  height: 32px;
+  border-radius: 50%;
+  display: grid;
+  place-items: center;
+  font-size: 12px;
+  font-weight: 600;
+  letter-spacing: 0.04em;
+  flex: none;
+}
+.user {
+  background: color-mix(in srgb, var(--accent) 16%, transparent);
+  color: var(--accent);
+}
+.assistant {
+  background: var(--surface-recessed);
+  color: var(--text-secondary);
+  border: 1px solid var(--hairline);
+}
+.body {
+  flex: 1;
+  min-width: 0;
+  font-size: 13.5px;
+  line-height: 1.55;
+  color: var(--text);
+  white-space: pre-wrap;
+  padding-top: 5px;
+}
+.body.dim {
+  color: var(--text-secondary);
+}
+.tool {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  margin: 4px 0;
+  padding: 4px 9px;
+  border-radius: var(--radius-sm);
+  background: var(--surface-recessed);
+  border: 1px solid var(--hairline);
+  font-size: 12px;
+  color: var(--text-secondary);
+  font-family: var(--font-mono);
+}
+.caret {
+  display: inline-block;
+  width: 7px;
+  height: 14px;
+  background: var(--accent);
+  vertical-align: -2px;
+  margin-left: 1px;
+  animation: caret 0.9s steps(2) infinite;
+}
+@keyframes caret {
+  0%, 49% { opacity: 1; }
+  50%, 100% { opacity: 0; }
+}
+.composer {
+  display: flex;
+  gap: 8px;
+  align-items: flex-end;
+  border-top: 1px solid var(--hairline);
+  padding-top: 12px;
+}
+.composer textarea {
+  flex: 1;
+  font: inherit;
+  font-size: 13.5px;
+  line-height: 1.5;
+  padding: 10px 12px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  background: var(--surface);
+  color: var(--text);
+  resize: none;
+  min-height: 44px;
+  max-height: 160px;
+}
+.composer textarea:focus { outline: none; border-color: var(--accent); }
+.empty { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
new file mode 100644
index 0000000..83d9c6a
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -0,0 +1,152 @@
+import { useEffect, useRef, useState, type KeyboardEvent } from "react";
+import { Button } from "@clawtool/design-system";
+import { App, on, type AgentEvent, type Project } from "@clawtool/bridge";
+import styles from "./Conversation.module.css";
+
+type Msg =
+  | { kind: "user"; text: string }
+  | { kind: "assistant"; text: string; tools: string[]; streaming: boolean };
+
+// Per-project conversation transcript. Mounted once per project (the
+// containing view stays mounted thanks to keep-alive routing) so the
+// transcript persists when the user navigates away and comes back.
+export function Conversation({ project }: { project: Project }) {
+  const [messages, setMessages] = useState<Msg[]>([]);
+  const [input, setInput] = useState("");
+  const [sending, setSending] = useState(false);
+  const turnRef = useRef<string>("");
+  const scrollRef = useRef<HTMLDivElement | null>(null);
+  const taRef = useRef<HTMLTextAreaElement | null>(null);
+
+  // Subscribe to the agent event stream for THIS project. We filter by
+  // turn id so deltas from a different project's pending turn (e.g. user
+  // switched projects mid-stream) don't bleed into this transcript.
+  useEffect(() => {
+    const off = on<AgentEvent>("agent:event", (ev) => {
+      if (!turnRef.current || ev.turn_id !== turnRef.current) return;
+      if (ev.kind === "delta") {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          next.push({ ...last, text: last.text + (ev.text ?? "") });
+          return next;
+        });
+      } else if (ev.kind === "tool-start" && ev.tool_name) {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          next.push({ ...last, tools: [...last.tools, ev.tool_name as string] });
+          return next;
+        });
+      } else if (ev.kind === "done" || ev.kind === "error") {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          const errSuffix = ev.kind === "error" && ev.error ? `\n\n[error: ${ev.error}]` : "";
+          next.push({ ...last, streaming: false, text: last.text + errSuffix });
+          return next;
+        });
+        setSending(false);
+        turnRef.current = "";
+      }
+    });
+    return () => off();
+  }, []);
+
+  useEffect(() => {
+    const el = scrollRef.current;
+    if (el) el.scrollTop = el.scrollHeight;
+  }, [messages]);
+
+  async function send() {
+    const text = input.trim();
+    if (!text || sending) return;
+    setSending(true);
+    setInput("");
+    setMessages((m) => [
+      ...m,
+      { kind: "user", text },
+      { kind: "assistant", text: "", tools: [], streaming: true },
+    ]);
+    const r = (await App.agentSend(project.id, text)) as Record<string, unknown>;
+    if (r.ok && typeof r.turn_id === "string") {
+      turnRef.current = r.turn_id;
+    } else {
+      // Surface the immediate failure in the assistant slot.
+      setMessages((m) => {
+        const last = m[m.length - 1];
+        if (!last || last.kind !== "assistant") return m;
+        const next = m.slice(0, -1);
+        next.push({
+          ...last,
+          streaming: false,
+          text: typeof r.error === "string" ? `[error: ${r.error}]` : "[error sending message]",
+        });
+        return next;
+      });
+      setSending(false);
+    }
+  }
+
+  function onKey(e: KeyboardEvent<HTMLTextAreaElement>) {
+    if (e.key === "Enter" && !e.shiftKey) {
+      e.preventDefault();
+      send();
+    }
+  }
+
+  return (
+    <div className={styles.wrap}>
+      <div className={styles.transcript} ref={scrollRef}>
+        {messages.length === 0 ? (
+          <div className={styles.empty}>
+            Working in <code>{project.cwd}</code>. Ask the agent for anything.
+          </div>
+        ) : (
+          messages.map((m, i) => (
+            <div key={i} className={styles.msg}>
+              <div className={`${styles.role} ${m.kind === "user" ? styles.user : styles.assistant}`}>
+                {m.kind === "user" ? "YOU" : "AGT"}
+              </div>
+              <div className={styles.body}>
+                {m.kind === "assistant" && m.tools.length > 0 ? (
+                  <div>
+                    {m.tools.map((t, j) => (
+                      <span key={j} className={styles.tool}>
+                        ⚙ {t}
+                      </span>
+                    ))}
+                  </div>
+                ) : null}
+                {m.kind === "assistant" && m.streaming && !m.text ? (
+                  <span className={styles.caret} />
+                ) : (
+                  <>
+                    {m.text}
+                    {m.kind === "assistant" && m.streaming ? <span className={styles.caret} /> : null}
+                  </>
+                )}
+              </div>
+            </div>
+          ))
+        )}
+      </div>
+      <div className={styles.composer}>
+        <textarea
+          ref={taRef}
+          placeholder="Send a message to the agent — Enter to send, Shift+Enter for newline"
+          value={input}
+          onChange={(e) => setInput(e.target.value)}
+          onKeyDown={onKey}
+          disabled={sending}
+        />
+        <Button variant="primary" disabled={sending || !input.trim()} onClick={send}>
+          Send
+        </Button>
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index 8a41829..836cca1 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -86,15 +86,45 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
       J({ ok: true, project: { id: "p-new", label: String(a[0]) || "new", cwd: String(a[1]), created_at: new Date().toISOString(), last_used_at: new Date().toISOString() } }),
     ProjectsRemove: () => J({ ok: true }),
     ProjectsTouch: () => J({ ok: true }),
+    AgentSend: (...a: unknown[]) => {
+      const turnID = `t-${Math.random().toString(36).slice(2, 10)}`;
+      // Simulate streaming so the Conversation UI looks right in dev.
+      setTimeout(() => g.runtime && (g.runtime as Record<string, AnyFn>).EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "start" }), 30);
+      const chunks = [`Echo (dev stub): "${String(a[1] ?? "")}"`, " — streaming via Wails events.", " Phase D will wire the real agent."];
+      let i = 0;
+      const step = () => {
+        if (i >= chunks.length) {
+          (g.runtime as Record<string, AnyFn>)?.EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "done" });
+          return;
+        }
+        (g.runtime as Record<string, AnyFn>)?.EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "delta", text: chunks[i++] });
+        setTimeout(step, 240);
+      };
+      setTimeout(step, 80);
+      return J({ ok: true, turn_id: turnID });
+    },
     PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
     RunDoctor: () => J({ ok: true, output: "clawtool doctor — 0.22.171\n\n[binary]    ✓ clawtool on PATH\n[daemon]    ✓ running on 127.0.0.1:64205\n[agents]    ✓ claude, codex callable\n[bridges]   ⚠ gemini bridge missing\n\n1 warning, 0 errors" }),
     Quit: () => {},
   };
   g.go = { main: { App } };
+  // Minimal in-memory event bus so dev EventsEmit actually reaches the
+  // EventsOn subscribers — needed for the agent streaming flow.
+  const handlers = new Map<string, Set<(p: unknown) => void>>();
   g.runtime = {
     Environment: () => Promise.resolve({ platform }),
-    EventsOn: () => () => {},
-    EventsEmit: () => {},
+    EventsOn: (event: string, cb: (p: unknown) => void) => {
+      let set = handlers.get(event);
+      if (!set) {
+        set = new Set();
+        handlers.set(event, set);
+      }
+      set.add(cb);
+      return () => set?.delete(cb);
+    },
+    EventsEmit: (event: string, payload: unknown) => {
+      handlers.get(event)?.forEach((cb) => cb(payload));
+    },
     WindowMinimise: () => {},
     WindowToggleMaximise: () => {},
     WindowIsMaximised: () => Promise.resolve(false),
diff --git a/desktop/apps/app-ui/src/views/Projects.tsx b/desktop/apps/app-ui/src/views/Projects.tsx
index af0c415..2a5a4f2 100644
--- a/desktop/apps/app-ui/src/views/Projects.tsx
+++ b/desktop/apps/app-ui/src/views/Projects.tsx
@@ -3,6 +3,7 @@ import { Badge, Button, SectionHeader } from "@clawtool/design-system";
 import { App, type Brand, type Project } from "@clawtool/bridge";
 import { FolderPlus, Trash2 } from "lucide-react";
 import { Toast } from "../components/Toast";
+import { Conversation } from "../components/Conversation";
 import styles from "../App.module.css";
 
 // The ADE landing — projects on the left, active project's detail on the
@@ -176,13 +177,9 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
         <div className={styles.field}>
           <div className={styles.fieldHead}>
             <div className={styles.st}>{active.label}</div>
-            <Badge tone="neutral">project</Badge>
-          </div>
-          <div className={styles.sd}>{active.cwd}</div>
-          <div className={styles.sd} style={{ marginTop: 12 }}>
-            Conversation pane lands here next (Phase C). The agent runtime (namzu) is embedded and pinned to this
-            project's cwd; tool calls go through clawtool's MCP layer.
+            <Badge tone="neutral">conversation</Badge>
           </div>
+          <Conversation project={active} />
         </div>
       ) : null}
 
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 65255b6..6287b37 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -68,6 +68,11 @@ export const App = {
   projectsRemove: (id: string) => callJSON<Result>("ProjectsRemove", OK_FALSE, id),
   projectsTouch: (id: string) => callJSON<Result>("ProjectsTouch", OK_FALSE, id),
 
+  // agent dispatch — returns a turn id; deltas/tool-events/done flow over
+  // the "agent:event" channel (subscribe via bridge `on`).
+  agentSend: (projectID: string, message: string) =>
+    callJSON<Result & { turn_id?: string }>("AgentSend", OK_FALSE, projectID, message),
+
   // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
   lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index 5e7d0b0..eca9ec8 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -87,6 +87,17 @@ export type Project = {
   last_used_at?: string;
 };
 
+// Streaming event the agent dispatch emits over the "agent:event" channel.
+// Kinds: "start" | "delta" | "tool-start" | "tool-end" | "done" | "error".
+export type AgentEvent = {
+  turn_id: string;
+  project_id?: string;
+  kind: "start" | "delta" | "tool-start" | "tool-end" | "done" | "error";
+  text?: string;
+  tool_name?: string;
+  error?: string;
+};
+
 // Wails runtime events emitted by the Go side.
 export type InstallStep = { level?: "ok" | "warn" | "fail"; label?: string; message?: string; raw?: string };
 export type InstallDone = { ok?: boolean; summary?: string };

From 9d49fe1aa088307885be38d94069bf61ff5e3aec Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 18:12:31 +0300
Subject: [PATCH 49/86] feat(desktop): tool routing + cwd-grounded agent turns
 (ADE Phase D)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per-turn, the agent now runs against the active project's cwd: a Bash tool
call (ls) emits tool-start / tool-end events so the renderer's tool chips
light up, and the response is grounded in real filesystem state ("saw N
entries in <cwd>"). projectCwd resolves the active project from the on-disk
ledger; execBash runs with a 5s ceiling in the project root.

The placeholder LLM stays in place — the surrounding plumbing (cwd
anchoring, tool routing, streaming, Wails events) is what the real namzu /
Anthropic / OpenRouter swap will plug into. Phase E adds the peerID
parameter so this same turn can run on a paired device's daemon instead.
---
 cmd/clawtool-installer/agent.go | 78 ++++++++++++++++++++++++++++-----
 1 file changed, 68 insertions(+), 10 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 4d69f8f..1e9f736 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -7,8 +7,11 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
+	"os/exec"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -38,28 +41,83 @@ func (a *App) AgentSend(projectID, message string) string {
 	return string(b)
 }
 
-// runAgentTurn is the placeholder responder. It demonstrates the streaming
-// contract — start → a few deltas → done — so the renderer's typewriter +
-// state machine work end to end before Phase D plugs in namzu.
+// runAgentTurn drives one turn against the project's cwd. Phase D wires
+// real tool routing — every turn first inspects the project (an `ls` Bash
+// tool call) so the agent is grounded in the actual filesystem — then
+// echoes a brief summary. The LLM swap (real namzu/Anthropic) is
+// orthogonal: it replaces the deltas without touching the tool plumbing.
 func (a *App) runAgentTurn(turnID, projectID, message string) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
+
+	cwd := a.projectCwd(projectID)
+	if cwd != "" {
+		// Tool routing demo: list the project root via Bash so the
+		// renderer's tool-start / tool-end chips light up and the response
+		// is grounded in real filesystem state.
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-start", ToolName: "Bash"})
+		out, err := execBash(cwd, "ls -1 | head -20")
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-end", ToolName: "Bash"})
+		if err == nil {
+			files := strings.Count(strings.TrimSpace(out), "\n") + 1
+			a.emitAgent(agentEvent{
+				TurnID:    turnID,
+				ProjectID: projectID,
+				Kind:      "delta",
+				Text:      fmt.Sprintf("Working in %s — saw %d top-level entries.\n\n", cwd, files),
+			})
+			time.Sleep(120 * time.Millisecond)
+		}
+	}
+
 	preview := message
-	if len(preview) > 40 {
-		preview = preview[:40] + "…"
+	if len(preview) > 80 {
+		preview = preview[:80] + "…"
 	}
 	parts := []string{
-		fmt.Sprintf("Echo (Phase C placeholder): %q.", preview),
-		" The conversation pipe is live — Phase D will replace this responder",
-		" with namzu's runtime running against this project's cwd, and the",
-		" tool calls will route through clawtool's MCP layer.",
+		fmt.Sprintf("You said: %q\n\n", preview),
+		"Phase D wiring is live: tool calls route through this device's daemon and execute against the active project's cwd. ",
+		"The LLM swap (real namzu runtime / Anthropic / OpenRouter) plugs in here — events stay identical. ",
+		"Phase E adds the optional peerID so this same turn can run on a paired device's daemon instead.",
 	}
 	for _, p := range parts {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: p})
-		time.Sleep(180 * time.Millisecond)
+		time.Sleep(140 * time.Millisecond)
 	}
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
+// projectCwd resolves a project id to its working directory by re-reading
+// the on-disk ledger. Empty when the id is unknown — the responder falls
+// back to a project-less reply.
+func (a *App) projectCwd(projectID string) string {
+	if strings.TrimSpace(projectID) == "" {
+		return ""
+	}
+	ps, err := loadProjects()
+	if err != nil {
+		return ""
+	}
+	for _, p := range ps {
+		if p.ID == projectID {
+			return p.Cwd
+		}
+	}
+	return ""
+}
+
+// execBash runs a one-liner in the project cwd with a 5s ceiling. Output
+// is trimmed so the caller can summarize without re-walking the bytes.
+// Phase D's single tool primitive; richer tools land alongside the real
+// LLM hookup.
+func execBash(cwd, command string) (string, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, "bash", "-lc", command)
+	cmd.Dir = cwd
+	out, err := cmd.CombinedOutput()
+	return strings.TrimSpace(string(out)), err
+}
+
 func (a *App) emitAgent(ev agentEvent) {
 	if a.ctx == nil {
 		return

From 5e1056a45d1fc095883ef0a2352ac2ea4ccb43f9 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 18:15:10 +0300
Subject: [PATCH 50/86] feat(desktop): cross-device agent dispatch via pairing
 (ADE Phase E)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

AgentSend grows an optional peerID — when set, the turn is dispatched to
that paired device's daemon over the existing mTLS peer-relay (the same
transport pairing already authenticated). The local UI shows a "Run on..."
dropdown next to Send, listing the device + every paired peer; selecting
one routes that turn there. Local turns are unchanged.

This is the cross-device primitive the rest of the ADE can build on. The
receiving side currently parks the wrapped clawtool.agent.dispatch payload
in its daemon inbox (and the operator picks it up); receive-side
auto-routing into the peer's local AgentSend lands next so the peer's
agent runs the turn automatically end to end. Either way, the dispatch
goes over the paired-cert transport — no new auth surface.

The dev-stub bus simulates the dispatch path so the dropdown behaviour is
observable under pnpm dev too.
---
 cmd/clawtool-installer/agent.go               | 74 ++++++++++++++++++-
 .../src/components/Conversation.module.css    | 12 +++
 .../app-ui/src/components/Conversation.tsx    | 47 ++++++++++--
 desktop/apps/app-ui/src/dev-stubs.ts          | 27 +++++--
 desktop/packages/bridge/src/app.ts            |  7 +-
 5 files changed, 149 insertions(+), 18 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 1e9f736..279bd23 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -33,14 +33,82 @@ type agentEvent struct {
 // immediately; the actual events stream over the "agent:event" channel —
 // the renderer subscribes via runtime.EventsOn and updates the transcript
 // as deltas arrive. Empty project id is allowed (for one-off chats not
-// anchored to a project).
-func (a *App) AgentSend(projectID, message string) string {
+// anchored to a project). Phase E: a non-empty peerID dispatches the turn
+// to that paired device via the local daemon's peer-relay mechanism
+// instead of running it locally; events still stream over the same channel
+// (the local side reports the dispatch state; the receiver runs the
+// actual turn on its own daemon).
+func (a *App) AgentSend(projectID, message, peerID string) string {
 	turnID := uuid.NewString()
-	go a.runAgentTurn(turnID, projectID, message)
+	if strings.TrimSpace(peerID) != "" {
+		go a.dispatchAgentToPeer(turnID, projectID, message, peerID)
+	} else {
+		go a.runAgentTurn(turnID, projectID, message)
+	}
 	b, _ := json.Marshal(map[string]any{"ok": true, "turn_id": turnID})
 	return string(b)
 }
 
+// dispatchAgentToPeer ships the turn to a paired device. The local clawtool
+// CLI's `peer send` already speaks the mTLS-authenticated peer-relay over
+// the daemon, so we don't reinvent transport — we just wrap the payload as
+// a clawtool agent dispatch (the receiver's daemon can later auto-route it
+// to its own AgentSend; until that lands, the message lands in the peer's
+// inbox where the operator picks it up).
+func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
+	a.emitAgent(agentEvent{
+		TurnID:    turnID,
+		ProjectID: projectID,
+		Kind:      "delta",
+		Text:      fmt.Sprintf("Dispatching to peer %s…\n\n", short(peerID)),
+	})
+
+	bin, err := locateClawtool()
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
+		return
+	}
+	// Wrap the payload so a receiver that's clawtool-agent-aware can route
+	// it back into its local AgentSend; a non-aware receiver still sees a
+	// human-readable message in its inbox.
+	payload := map[string]any{
+		"kind":       "clawtool.agent.dispatch",
+		"project_id": projectID,
+		"message":    message,
+	}
+	body, _ := json.Marshal(payload)
+	ctx, cancel := context.WithTimeout(context.Background(), 6*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, bin, "peer", "send", peerID, string(body))
+	hideConsole(cmd)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		a.emitAgent(agentEvent{
+			TurnID:    turnID,
+			ProjectID: projectID,
+			Kind:      "error",
+			Error:     "could not reach peer: " + firstLine(out),
+		})
+		return
+	}
+	a.emitAgent(agentEvent{
+		TurnID:    turnID,
+		ProjectID: projectID,
+		Kind:      "delta",
+		Text:      fmt.Sprintf("Delivered. The peer's daemon will run the turn against its local cwd; events stay on that device until receive-side streaming lands.\n\nMessage id: %s", firstLine(out)),
+	})
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+}
+
+// short truncates a long fingerprint/peer-id for inline display.
+func short(s string) string {
+	if len(s) > 12 {
+		return s[:12] + "…"
+	}
+	return s
+}
+
 // runAgentTurn drives one turn against the project's cwd. Phase D wires
 // real tool routing — every turn first inspects the project (an `ls` Bash
 // tool call) so the agent is grounded in the actual filesystem — then
diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
index e4f88d9..3549f5a 100644
--- a/desktop/apps/app-ui/src/components/Conversation.module.css
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -101,3 +101,15 @@
 }
 .composer textarea:focus { outline: none; border-color: var(--accent); }
 .empty { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
+.composerActions { display: flex; flex-direction: column; gap: 6px; align-items: stretch; }
+.targetSelect {
+  font: inherit;
+  font-size: 12px;
+  padding: 5px 8px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  background: var(--surface);
+  color: var(--text-secondary);
+  max-width: 180px;
+}
+.targetSelect:focus { outline: none; border-color: var(--accent); color: var(--text); }
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 83d9c6a..c8d1815 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -1,6 +1,6 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
 import { Button } from "@clawtool/design-system";
-import { App, on, type AgentEvent, type Project } from "@clawtool/bridge";
+import { App, on, type AgentEvent, type Peer, type Project } from "@clawtool/bridge";
 import styles from "./Conversation.module.css";
 
 type Msg =
@@ -14,10 +14,31 @@ export function Conversation({ project }: { project: Project }) {
   const [messages, setMessages] = useState<Msg[]>([]);
   const [input, setInput] = useState("");
   const [sending, setSending] = useState(false);
+  const [peers, setPeers] = useState<Peer[]>([]);
+  // Empty string = "Local" (run this device). Otherwise the selected peer id
+  // routes the turn via mTLS relay to that paired device's daemon.
+  const [target, setTarget] = useState("");
   const turnRef = useRef<string>("");
   const scrollRef = useRef<HTMLDivElement | null>(null);
   const taRef = useRef<HTMLTextAreaElement | null>(null);
 
+  // Refresh the paired-peers list so the "Run on" dropdown reflects the
+  // current network. Cheap call; fine to repeat on a small interval.
+  useEffect(() => {
+    let alive = true;
+    async function load() {
+      const snap = await App.networkSnapshot();
+      if (!alive) return;
+      if (snap.ok === true) setPeers(snap.peers?.peers ?? []);
+    }
+    load();
+    const t = setInterval(load, 5000);
+    return () => {
+      alive = false;
+      clearInterval(t);
+    };
+  }, []);
+
   // Subscribe to the agent event stream for THIS project. We filter by
   // turn id so deltas from a different project's pending turn (e.g. user
   // switched projects mid-stream) don't bleed into this transcript.
@@ -71,7 +92,7 @@ export function Conversation({ project }: { project: Project }) {
       { kind: "user", text },
       { kind: "assistant", text: "", tools: [], streaming: true },
     ]);
-    const r = (await App.agentSend(project.id, text)) as Record<string, unknown>;
+    const r = (await App.agentSend(project.id, text, target)) as Record<string, unknown>;
     if (r.ok && typeof r.turn_id === "string") {
       turnRef.current = r.turn_id;
     } else {
@@ -143,9 +164,25 @@ export function Conversation({ project }: { project: Project }) {
           onKeyDown={onKey}
           disabled={sending}
         />
-        <Button variant="primary" disabled={sending || !input.trim()} onClick={send}>
-          Send
-        </Button>
+        <div className={styles.composerActions}>
+          <select
+            className={styles.targetSelect}
+            value={target}
+            onChange={(e) => setTarget(e.target.value)}
+            disabled={sending}
+            title="Run this turn on a paired device instead of locally"
+          >
+            <option value="">Run on this device</option>
+            {peers.map((p) => (
+              <option key={p.peer_id} value={p.peer_id}>
+                {p.display_name || p.peer_id}
+              </option>
+            ))}
+          </select>
+          <Button variant="primary" disabled={sending || !input.trim()} onClick={send}>
+            Send
+          </Button>
+        </div>
       </div>
     </div>
   );
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index 836cca1..084449a 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -88,19 +88,32 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     ProjectsTouch: () => J({ ok: true }),
     AgentSend: (...a: unknown[]) => {
       const turnID = `t-${Math.random().toString(36).slice(2, 10)}`;
-      // Simulate streaming so the Conversation UI looks right in dev.
-      setTimeout(() => g.runtime && (g.runtime as Record<string, AnyFn>).EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "start" }), 30);
-      const chunks = [`Echo (dev stub): "${String(a[1] ?? "")}"`, " — streaming via Wails events.", " Phase D will wire the real agent."];
+      const projectID = String(a[0] ?? "");
+      const message = String(a[1] ?? "");
+      const peerID = String(a[2] ?? "");
+      const rt = g.runtime as Record<string, AnyFn>;
+      const emit = (kind: string, extra: Record<string, unknown> = {}) =>
+        rt?.EventsEmit("agent:event", { turn_id: turnID, project_id: projectID, kind, ...extra });
+      setTimeout(() => emit("start"), 30);
+      let chunks: string[];
+      if (peerID) {
+        chunks = [`Dispatching to peer ${peerID.slice(0, 12)}…\n\n`, "Delivered. The peer's daemon runs the turn against its own cwd."];
+      } else {
+        chunks = ["Working in the project cwd — saw 18 entries.\n\n", `You said: "${message}"\n\n`, "Phase E wiring is live: dispatch is local; pick a paired device in the dropdown to route the turn there."];
+        setTimeout(() => emit("tool-start", { tool_name: "Bash" }), 80);
+        setTimeout(() => emit("tool-end", { tool_name: "Bash" }), 320);
+      }
       let i = 0;
+      const start = peerID ? 80 : 380;
       const step = () => {
         if (i >= chunks.length) {
-          (g.runtime as Record<string, AnyFn>)?.EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "done" });
+          emit("done");
           return;
         }
-        (g.runtime as Record<string, AnyFn>)?.EventsEmit("agent:event", { turn_id: turnID, project_id: String(a[0] ?? ""), kind: "delta", text: chunks[i++] });
-        setTimeout(step, 240);
+        emit("delta", { text: chunks[i++] });
+        setTimeout(step, 220);
       };
-      setTimeout(step, 80);
+      setTimeout(step, start);
       return J({ ok: true, turn_id: turnID });
     },
     PairRequest: () => J({ ok: true, sent: true, pending: true, code: "4821" }),
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 6287b37..7628806 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -69,9 +69,10 @@ export const App = {
   projectsTouch: (id: string) => callJSON<Result>("ProjectsTouch", OK_FALSE, id),
 
   // agent dispatch — returns a turn id; deltas/tool-events/done flow over
-  // the "agent:event" channel (subscribe via bridge `on`).
-  agentSend: (projectID: string, message: string) =>
-    callJSON<Result & { turn_id?: string }>("AgentSend", OK_FALSE, projectID, message),
+  // the "agent:event" channel (subscribe via bridge `on`). A non-empty
+  // peerID dispatches the turn to a paired device via the daemon relay.
+  agentSend: (projectID: string, message: string, peerID = "") =>
+    callJSON<Result & { turn_id?: string }>("AgentSend", OK_FALSE, projectID, message, peerID),
 
   // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),

From 5796f07500f419680ba21085e07f7078ef690ce2 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 23:13:55 +0300
Subject: [PATCH 51/86] =?UTF-8?q?refactor(desktop):=20drill-in=20projects?=
 =?UTF-8?q?=20pattern=20=E2=80=94=20list=20=E2=86=92=20workspace,=20not=20?=
 =?UTF-8?q?side-by-side?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The earlier Projects view kept the list and the conversation panel
side-by-side, which isn't how an agent dev environment is supposed to feel
— a project should be a destination you enter, not a row sitting next to
its own content. Grounded the layout in the vendored open-source reference
(under vendor/, omitted here): a slim navigable list that hands the
selected project up to the shell, and the shell swaps the main area to a
project workspace until the user backs out.

- Projects: drops embedded Conversation + side-by-side detail. Pure list
  with cwd, "recent" badge, remove, and a chevron drill-in cue. Clicking a
  row (or adding one) calls onOpen(project) — the shell takes it from
  there. ProjectsTouch on open keeps newest-used first.
- ProjectWorkspace (new): the full main area for one project — a thin
  header with a back arrow + label + cwd, then the Conversation as the
  work surface taking the rest of the column.
- App shell: tracks openProject. view==="projects" + no openProject shows
  the list; view==="projects" + openProject shows the workspace; the back
  affordance clears openProject and returns to the list. Switching to
  other tabs (Home/Agents/…) preserves the open project so coming back
  drops you straight into the workspace.
---
 desktop/apps/app-ui/src/App.tsx               |  14 +-
 .../app-ui/src/views/ProjectWorkspace.tsx     |  29 ++++
 desktop/apps/app-ui/src/views/Projects.tsx    | 124 ++++++++----------
 3 files changed, 91 insertions(+), 76 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/views/ProjectWorkspace.tsx

diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 9e05c2b..dcbac46 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -8,7 +8,9 @@ import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
 import { Settings } from "./views/Settings";
 import { Projects } from "./views/Projects";
+import { ProjectWorkspace } from "./views/ProjectWorkspace";
 import { PairPrompt } from "./components/PairPrompt";
+import type { Project } from "@clawtool/bridge";
 import styles from "./App.module.css";
 
 type View = "projects" | "home" | "agents" | "network" | "updates" | "settings";
@@ -17,9 +19,10 @@ export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
   const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
   // Projects is the new ADE landing — the desktop opens to the project list,
-  // and selecting one drives the conversation (Phase C). The legacy tabs stay
-  // as secondary nav while we migrate.
+  // and clicking a project drills into its workspace (full main area). The
+  // legacy tabs stay as secondary nav while we migrate.
   const [view, setView] = useState<View>("projects");
+  const [openProject, setOpenProject] = useState<Project | null>(null);
 
   useEffect(() => {
     environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
@@ -65,8 +68,11 @@ export function App() {
               instead of unmounting, so state + scroll persist and switching
               tabs never flashes an empty re-load. Views refresh in the
               background only while active. */}
-          <div className={styles.page} style={view === "projects" ? undefined : hidden}>
-            <Projects brand={brand} active={view === "projects"} />
+          <div className={styles.page} style={view === "projects" && !openProject ? undefined : hidden}>
+            <Projects active={view === "projects" && !openProject} onOpen={(p) => setOpenProject(p)} />
+          </div>
+          <div className={styles.page} style={view === "projects" && openProject ? undefined : hidden}>
+            {openProject ? <ProjectWorkspace project={openProject} onBack={() => setOpenProject(null)} /> : null}
           </div>
           <div className={styles.page} style={view === "home" ? undefined : hidden}>
             <Home brand={brand} active={view === "home"} onNavigate={(v) => setView(v as View)} />
diff --git a/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx b/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx
new file mode 100644
index 0000000..7bf88cb
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx
@@ -0,0 +1,29 @@
+import { Button } from "@clawtool/design-system";
+import { ChevronLeft } from "lucide-react";
+import type { Project } from "@clawtool/bridge";
+import { Conversation } from "../components/Conversation";
+import styles from "../App.module.css";
+
+// One project, full main area: a thin header (back affordance + label + cwd),
+// then the conversation/work surface taking the rest of the column. List and
+// content are NOT side by side — you drill in from Projects to land here, and
+// the back arrow returns to the list.
+export function ProjectWorkspace({ project, onBack }: { project: Project; onBack: () => void }) {
+  return (
+    <>
+      <div className={styles.head}>
+        <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
+          <Button variant="ghost" onClick={onBack} aria-label="Back to projects">
+            <ChevronLeft size={16} style={{ verticalAlign: "-2px" }} />
+            Projects
+          </Button>
+          <div>
+            <h1 className={styles.vh}>{project.label}</h1>
+            <div className={styles.lead}>{project.cwd}</div>
+          </div>
+        </div>
+      </div>
+      <Conversation project={project} />
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/views/Projects.tsx b/desktop/apps/app-ui/src/views/Projects.tsx
index 2a5a4f2..508e8a1 100644
--- a/desktop/apps/app-ui/src/views/Projects.tsx
+++ b/desktop/apps/app-ui/src/views/Projects.tsx
@@ -1,17 +1,17 @@
 import { useEffect, useState } from "react";
 import { Badge, Button, SectionHeader } from "@clawtool/design-system";
-import { App, type Brand, type Project } from "@clawtool/bridge";
-import { FolderPlus, Trash2 } from "lucide-react";
+import { App, type Project } from "@clawtool/bridge";
+import { ChevronRight, FolderPlus, Trash2 } from "lucide-react";
 import { Toast } from "../components/Toast";
-import { Conversation } from "../components/Conversation";
 import styles from "../App.module.css";
 
-// The ADE landing — projects on the left, active project's detail on the
-// right. Phase B wires the model + management; Phase C swaps the detail
-// pane for the namzu-driven conversation view.
-export function Projects({ brand: _brand }: { brand: Brand; active?: boolean }) {
+// Projects is purely a navigation surface — a slim list you drill INTO.
+// Clicking a row hands the project up to the shell; the shell swaps in the
+// per-project workspace as the whole main area (no side-by-side). Add /
+// remove / reorder live here; the actual agent conversation lives in
+// ProjectWorkspace.
+export function Projects({ active, onOpen }: { active?: boolean; onOpen: (p: Project) => void }) {
   const [projects, setProjects] = useState<Project[]>([]);
-  const [active, setActive] = useState<Project | null>(null);
   const [addOpen, setAddOpen] = useState(false);
   const [cwd, setCwd] = useState("");
   const [label, setLabel] = useState("");
@@ -23,14 +23,8 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
     setProjects(Array.isArray(list) ? list : []);
   }
   useEffect(() => {
-    load();
-  }, []);
-
-  // Auto-select the most-recently-used project on first load so the detail
-  // pane isn't empty when the user has at least one.
-  useEffect(() => {
-    if (!active && projects.length > 0) setActive(projects[0]);
-  }, [projects, active]);
+    if (active !== false) load();
+  }, [active]);
 
   async function addProject() {
     const trimmed = cwd.trim();
@@ -46,18 +40,16 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
       setLabel("");
       await load();
       const p = (r.project as Project) ?? null;
-      if (p) setActive(p);
-      setToast(`Added ${p?.label ?? "project"}`);
+      if (p) onOpen(p);
     } else {
       setToast(typeof r.error === "string" ? r.error : "Couldn't add project");
     }
     setBusy(false);
   }
 
-  async function selectProject(p: Project) {
-    setActive(p);
+  async function open(p: Project) {
     await App.projectsTouch(p.id);
-    load();
+    onOpen(p);
   }
 
   async function removeProject(p: Project) {
@@ -65,7 +57,6 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
     const r = (await App.projectsRemove(p.id)) as Record<string, unknown>;
     setBusy(false);
     if (r.ok) {
-      if (active?.id === p.id) setActive(null);
       setToast(`Removed ${p.label}`);
       await load();
     } else {
@@ -79,7 +70,7 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
         <div>
           <h1 className={styles.vh}>Projects</h1>
           <div className={styles.lead}>
-            Each project anchors the agent to a working directory — its conversation, tools, and memory live there.
+            Each project anchors the agent to a working directory — click one to enter its workspace.
           </div>
         </div>
         <div className={styles.actionSlot}>
@@ -95,7 +86,7 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
           <div className={styles.fieldHead}>
             <div className={styles.st}>New project</div>
           </div>
-          <div className={styles.sd}>The folder the agent will operate against (its current working directory).</div>
+          <div className={styles.sd}>The folder the agent will operate against.</div>
           <div style={{ display: "flex", flexDirection: "column", gap: 8, marginTop: 10 }}>
             <input
               className={styles.input}
@@ -126,63 +117,52 @@ export function Projects({ brand: _brand }: { brand: Brand; active?: boolean })
         </div>
       ) : null}
 
-      <SectionHeader title={`Your projects${projects.length ? ` (${projects.length})` : ""}`} />
+      <SectionHeader title={projects.length ? `${projects.length} ${projects.length === 1 ? "project" : "projects"}` : "No projects"} />
       {projects.length === 0 ? (
         <div className={styles.sd} style={{ marginTop: 8 }}>
           No projects yet. Add one above — pick a folder, give it a label, and the agent will work against it.
         </div>
       ) : (
         <div className={styles.deviceList}>
-          {projects.map((p) => {
-            const isActive = active?.id === p.id;
-            return (
-              <div key={p.id} className={styles.device}>
-                <button
-                  type="button"
-                  className={styles.deviceRow}
-                  style={{
-                    background: isActive ? "var(--hover)" : undefined,
-                    border: 0,
-                    cursor: "pointer",
-                    textAlign: "left",
-                    width: "100%",
-                  }}
-                  onClick={() => selectProject(p)}
-                >
-                  <div style={{ minWidth: 0, flex: 1 }}>
-                    <div className={styles.deviceName}>{p.label}</div>
-                    <div className={styles.deviceMeta}>{p.cwd}</div>
-                  </div>
-                  <span className={styles.deviceRight}>
-                    {isActive ? <Badge tone="accent">Active</Badge> : null}
-                    <Button
-                      variant="ghost"
-                      disabled={busy}
-                      onClick={(e) => {
-                        e.stopPropagation();
-                        removeProject(p);
-                      }}
-                    >
-                      <Trash2 size={14} />
-                    </Button>
-                  </span>
-                </button>
-              </div>
-            );
-          })}
+          {projects.map((p) => (
+            <div key={p.id} className={styles.device}>
+              <button
+                type="button"
+                className={styles.deviceRow}
+                style={{
+                  border: 0,
+                  cursor: "pointer",
+                  textAlign: "left",
+                  width: "100%",
+                  background: "transparent",
+                }}
+                onClick={() => open(p)}
+              >
+                <div style={{ minWidth: 0, flex: 1 }}>
+                  <div className={styles.deviceName}>{p.label}</div>
+                  <div className={styles.deviceMeta}>{p.cwd}</div>
+                </div>
+                <span className={styles.deviceRight}>
+                  {p.last_used_at ? <Badge tone="neutral">recent</Badge> : null}
+                  <Button
+                    variant="ghost"
+                    disabled={busy}
+                    onClick={(e) => {
+                      e.stopPropagation();
+                      removeProject(p);
+                    }}
+                    aria-label={`Remove ${p.label}`}
+                  >
+                    <Trash2 size={14} />
+                  </Button>
+                  <ChevronRight size={16} style={{ color: "var(--text-tertiary)" }} />
+                </span>
+              </button>
+            </div>
+          ))}
         </div>
       )}
 
-      {active ? (
-        <div className={styles.field}>
-          <div className={styles.fieldHead}>
-            <div className={styles.st}>{active.label}</div>
-            <Badge tone="neutral">conversation</Badge>
-          </div>
-          <Conversation project={active} />
-        </div>
-      ) : null}
-
       <Toast message={toast} onClear={() => setToast("")} />
     </>
   );

From 6a7496c52c21b94bbfcfb2510fc24b015b060868 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Thu, 28 May 2026 23:15:07 +0300
Subject: [PATCH 52/86] style(design-system): align hover/pressed + accent
 overlays with vendored ADE reference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumped hover from 4% → 6% and introduced a 12% pressed token to mirror
the vendored reference's button hover/click overlay tiers (10% / 20%).
The accent-soft tier dropped 14% → 10% to match the reference's
accent_overlay_1, and a stronger 25% companion (accent-soft-strong) lands
for selected/active states (its accent_overlay_2). Nothing visual breaks;
existing components keep working through the same names.
---
 desktop/packages/design-system/src/tokens.css | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/desktop/packages/design-system/src/tokens.css b/desktop/packages/design-system/src/tokens.css
index 0a04446..3857f40 100644
--- a/desktop/packages/design-system/src/tokens.css
+++ b/desktop/packages/design-system/src/tokens.css
@@ -54,11 +54,17 @@
 
   --hairline: rgba(var(--c-fg), 0.10);
   --hairline-strong: rgba(var(--c-fg), 0.16);
-  --hover: rgba(var(--c-fg), 0.04);
+  /* Hover/active overlays align with the vendored reference's button
+     interactions (hover ~10%, click ~20% over neutral). */
+  --hover: rgba(var(--c-fg), 0.06);
+  --pressed: rgba(var(--c-fg), 0.12);
 
   --accent: var(--c-accent);
   --accent-hover: var(--c-accent-hi);
-  --accent-soft: rgba(124, 175, 194, 0.14);
+  /* Accent overlay tiers — matches the reference's accent_overlay_1..4
+     (10/25/40/60%) used for subtle backgrounds → strong selected states. */
+  --accent-soft: rgba(124, 175, 194, 0.10);
+  --accent-soft-strong: rgba(124, 175, 194, 0.25);
   --accent-ink: var(--c-accent-ink);
 
   --success: var(--c-green);

From f22b30315f9864063baecd7f34a6bc40a6160c02 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 02:02:11 +0300
Subject: [PATCH 53/86] fix(a2a): periodic mDNS re-browse so a peer that moved
 ports refreshes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

zeroconf's Browse keeps an internal instance-name cache that suppresses
re-emission of an entry whose name hasn't changed. A peer restarting
under the same hostname (same display name, new pid → new SRV port)
landed in that cache silently — handleEntry never saw the update, the
registry's address stayed pinned to the old port, and Mac → Windows
dialled a closed socket from there on out ("connection refused on
:53442" while Windows happily talked on :63768 to whoever asked it).

Re-issue Browse on a 20s sub-context (slightly faster than the 25s
reachability probe so a moved peer's address refreshes before the dial
trips on the stale one). The library's cache resets per Browse call, so
the fresh query brings the updated SRV/TXT in and Register's collapse
merges it onto the existing row. Built-in backoff on persistent errors
so a missing mDNS interface doesn't hot-loop.
---
 internal/a2a/mdns.go | 42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/internal/a2a/mdns.go b/internal/a2a/mdns.go
index a4cbbbb..880d560 100644
--- a/internal/a2a/mdns.go
+++ b/internal/a2a/mdns.go
@@ -292,11 +292,37 @@ func StartBrowse(ctx context.Context, reg *Registry, selfPeerID string) (*Browse
 	}
 	browseInst = b
 
-	if err := resolver.Browse(bctx, ServiceType, ServiceDomain, entries); err != nil {
-		cancel()
-		browseInst = nil
-		return nil, fmt.Errorf("a2a mdns: browse: %w", err)
-	}
+	// Re-browse loop: zeroconf's Browse de-dupes by instance name, so a
+	// peer restarting on a new port (same hostname) is silently dropped
+	// instead of re-emitted. Re-issuing Browse with a fresh sub-context
+	// every mdnsRebrowseInterval clears that cache and lets handleEntry
+	// see the updated SRV/TXT, so Registry.Register can merge the new
+	// address. Without this, a discovered peer ages out at its old port
+	// the moment it restarts — the operator-reported "Mac can't reach
+	// Windows after Windows reinstall."
+	b.wg.Add(1)
+	go func() {
+		defer b.wg.Done()
+		for {
+			if bctx.Err() != nil {
+				return
+			}
+			sub, subCancel := context.WithTimeout(bctx, mdnsRebrowseInterval)
+			if err := resolver.Browse(sub, ServiceType, ServiceDomain, entries); err != nil {
+				subCancel()
+				// Don't hot-loop on persistent errors (mDNS interface
+				// went away, etc.); back off the same interval and retry.
+				select {
+				case <-bctx.Done():
+					return
+				case <-time.After(mdnsRebrowseInterval):
+				}
+				continue
+			}
+			<-sub.Done()
+			subCancel()
+		}
+	}()
 
 	b.wg.Add(1)
 	go func() {
@@ -348,6 +374,12 @@ func StartBrowse(ctx context.Context, reg *Registry, selfPeerID string) (*Browse
 // peer never flaps offline between probes.
 const mdnsProbeInterval = 25 * time.Second
 
+// mdnsRebrowseInterval re-issues the mDNS Browse query so the resolver's
+// instance-name cache doesn't suppress an update from a peer that
+// restarted on a new port. Slightly faster than probe so a moved peer's
+// address refreshes before the dial-probe trips on the old one.
+const mdnsRebrowseInterval = 20 * time.Second
+
 // probeMDNSPeers TCP-dials each mDNS-discovered peer's advertised address
 // and refreshes its last_seen (→ online) when the dial succeeds. Peers
 // that don't answer are left to age out via the registry's staleness +

From 2f3db605cce21300d3c9e395629d3d8cc6b5bb50 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 02:04:00 +0300
Subject: [PATCH 54/86] fix(desktop): native folder picker + tilde-expand for
 Add Project
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Add flow asked for a path in a text field and silently kept whatever
got pasted — tilde stayed literal, no validation, and a typo gave the
agent a cwd it couldn't cd into. Made adding a project less painful:

- New ProjectsPickFolder binding opens the native folder picker via
  Wails' OpenDirectoryDialog; returns the picked absolute path or empty
  on cancel.
- "Pick folder…" button next to the text input so the operator doesn't
  have to type/paste at all.
- ProjectsAdd expands ~ → home dir, resolves relatives to absolutes, and
  rejects paths that don't exist or aren't directories (so the error
  surfaces in the Add toast immediately instead of inside the agent's
  first tool call).
---
 cmd/clawtool-installer/projects.go         | 38 ++++++++++++++++++++++
 desktop/apps/app-ui/src/dev-stubs.ts       |  1 +
 desktop/apps/app-ui/src/views/Projects.tsx | 34 ++++++++++++-------
 desktop/packages/bridge/src/app.ts         |  1 +
 4 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/cmd/clawtool-installer/projects.go b/cmd/clawtool-installer/projects.go
index 36e8974..e1848d7 100644
--- a/cmd/clawtool-installer/projects.go
+++ b/cmd/clawtool-installer/projects.go
@@ -17,8 +17,28 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	wruntime "github.com/wailsapp/wails/v2/pkg/runtime"
 )
 
+// ProjectsPickFolder opens the native folder picker so the operator can
+// pick a project's cwd visually instead of typing/pasting a path into a
+// text field (which silently swallowed ~ and made the Add flow painful).
+// Returns the chosen absolute path, or empty when the user cancels.
+func (a *App) ProjectsPickFolder() string {
+	if a.ctx == nil {
+		return jsonErr("window not ready")
+	}
+	path, err := wruntime.OpenDirectoryDialog(a.ctx, wruntime.OpenDialogOptions{
+		Title:                "Pick a project folder",
+		CanCreateDirectories: true,
+	})
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	b, _ := json.Marshal(map[string]any{"ok": true, "path": path})
+	return string(b)
+}
+
 type Project struct {
 	ID         string    `json:"id"`
 	Label      string    `json:"label"`
@@ -97,6 +117,24 @@ func (a *App) ProjectsAdd(label, cwd string) string {
 	if cwd == "" {
 		return jsonErr("cwd is required")
 	}
+	// Expand `~` to the home dir + resolve relatives so an operator who
+	// pastes `~/repos/foo` gets a working project instead of a literal
+	// path the agent can't cd into.
+	if strings.HasPrefix(cwd, "~") {
+		if home, err := os.UserHomeDir(); err == nil && home != "" {
+			cwd = filepath.Join(home, strings.TrimPrefix(cwd, "~"))
+		}
+	}
+	if abs, err := filepath.Abs(cwd); err == nil {
+		cwd = abs
+	}
+	// Verify the path actually exists + is a directory; a stale path makes
+	// the agent's first tool call fail in confusing ways.
+	if fi, err := os.Stat(cwd); err != nil {
+		return jsonErr("folder doesn't exist: " + cwd)
+	} else if !fi.IsDir() {
+		return jsonErr("not a folder: " + cwd)
+	}
 	label = strings.TrimSpace(label)
 	if label == "" {
 		label = filepath.Base(cwd)
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index 084449a..426d8e3 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -86,6 +86,7 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
       J({ ok: true, project: { id: "p-new", label: String(a[0]) || "new", cwd: String(a[1]), created_at: new Date().toISOString(), last_used_at: new Date().toISOString() } }),
     ProjectsRemove: () => J({ ok: true }),
     ProjectsTouch: () => J({ ok: true }),
+    ProjectsPickFolder: () => J({ ok: true, path: "/Users/bahadirarda/Documents/Workspaces/cogitave.com/repos/clawtool" }),
     AgentSend: (...a: unknown[]) => {
       const turnID = `t-${Math.random().toString(36).slice(2, 10)}`;
       const projectID = String(a[0] ?? "");
diff --git a/desktop/apps/app-ui/src/views/Projects.tsx b/desktop/apps/app-ui/src/views/Projects.tsx
index 508e8a1..d1297fe 100644
--- a/desktop/apps/app-ui/src/views/Projects.tsx
+++ b/desktop/apps/app-ui/src/views/Projects.tsx
@@ -88,17 +88,29 @@ export function Projects({ active, onOpen }: { active?: boolean; onOpen: (p: Pro
           </div>
           <div className={styles.sd}>The folder the agent will operate against.</div>
           <div style={{ display: "flex", flexDirection: "column", gap: 8, marginTop: 10 }}>
-            <input
-              className={styles.input}
-              placeholder="/path/to/project"
-              value={cwd}
-              autoFocus
-              onChange={(e) => setCwd(e.target.value)}
-              onKeyDown={(e) => {
-                if (e.key === "Enter") addProject();
-                if (e.key === "Escape") setAddOpen(false);
-              }}
-            />
+            <div style={{ display: "flex", gap: 8 }}>
+              <input
+                className={styles.input}
+                placeholder="/path/to/project"
+                value={cwd}
+                autoFocus
+                onChange={(e) => setCwd(e.target.value)}
+                onKeyDown={(e) => {
+                  if (e.key === "Enter") addProject();
+                  if (e.key === "Escape") setAddOpen(false);
+                }}
+                style={{ flex: 1 }}
+              />
+              <Button
+                variant="secondary"
+                onClick={async () => {
+                  const r = (await App.projectsPickFolder()) as Record<string, unknown>;
+                  if (r.ok && typeof r.path === "string" && r.path) setCwd(r.path);
+                }}
+              >
+                Pick folder…
+              </Button>
+            </div>
             <input
               className={styles.input}
               placeholder="Label (optional — defaults to folder name)"
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 7628806..82767d7 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -67,6 +67,7 @@ export const App = {
   projectsAdd: (label: string, cwd: string) => callJSON<Result>("ProjectsAdd", OK_FALSE, label, cwd),
   projectsRemove: (id: string) => callJSON<Result>("ProjectsRemove", OK_FALSE, id),
   projectsTouch: (id: string) => callJSON<Result>("ProjectsTouch", OK_FALSE, id),
+  projectsPickFolder: () => callJSON<Result & { path?: string }>("ProjectsPickFolder", OK_FALSE),
 
   // agent dispatch — returns a turn id; deltas/tool-events/done flow over
   // the "agent:event" channel (subscribe via bridge `on`). A non-empty

From 0d5a19107e747d09fb04212ec809918ce20ab5cb Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 02:29:03 +0300
Subject: [PATCH 55/86] refactor(desktop): sessions are first-class, projects
 are optional metadata
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The earlier model gated the conversation on a project existing — pick a
folder, fill a form, then talk. The vendored ADE reference shows that's
the inverse of what shipping ADEs do: AIConversation::new() takes zero
fields (conversation.rs:340), initial_working_directory is
Option<String> (history_model.rs:70), and selected_environment_id is
nullable too (environment_selector.rs:38). Sessions are the unit; cwd
and env are optional metadata the composer's chips attach later.

Pivoting clawtool to match:

- New Session ledger at ~/.config/clawtool/sessions.json. Bindings:
  SessionsList (newest-modified first, Recents order), SessionsCreate
  (zero fields required), SessionsTouch, SessionsSetTitle (lazy-derived
  from the first message), SessionsSetCwd, SessionsSetEnv, SessionsRemove.
- Sessions view replaces Projects as the desktop's landing. "+ New
  session" is the primary action: mints a session, opens an empty
  conversation immediately, no form. Recents list below.
- SessionView replaces ProjectWorkspace: thin header + back arrow +
  Conversation occupies the rest of the main area.
- Conversation refactored around a Session (not a Project). Composer
  carries chips ABOVE the editor: environment chip (clickable dropdown
  Local | paired peers) and workspace chip (clickable folder picker /
  attached folder with × to detach). Text-path input is gone. Title is
  lazy-derived from the first user message and saved back.
- AgentSend's lookup tries the session ledger first, falls back to the
  project ledger so older callers keep working during the migration.
- Old Projects.tsx + ProjectWorkspace.tsx removed (no longer wired);
  projects.go stays as a foundation for a later "saved workspaces"
  catalog the workspace chip can pick from.
---
 cmd/clawtool-installer/agent.go               |   9 +-
 cmd/clawtool-installer/sessions.go            | 243 ++++++++++++++++++
 desktop/apps/app-ui/src/App.tsx               |  42 +--
 .../src/components/Conversation.module.css    |  70 +++--
 .../app-ui/src/components/Conversation.tsx    | 137 +++++++---
 desktop/apps/app-ui/src/dev-stubs.ts          |  12 +
 .../app-ui/src/views/ProjectWorkspace.tsx     |  29 ---
 desktop/apps/app-ui/src/views/Projects.tsx    | 181 -------------
 desktop/apps/app-ui/src/views/SessionView.tsx |  36 +++
 desktop/apps/app-ui/src/views/Sessions.tsx    | 114 ++++++++
 desktop/packages/bridge/src/app.ts            |  13 +
 desktop/packages/bridge/src/types.ts          |  12 +
 12 files changed, 612 insertions(+), 286 deletions(-)
 create mode 100644 cmd/clawtool-installer/sessions.go
 delete mode 100644 desktop/apps/app-ui/src/views/ProjectWorkspace.tsx
 delete mode 100644 desktop/apps/app-ui/src/views/Projects.tsx
 create mode 100644 desktop/apps/app-ui/src/views/SessionView.tsx
 create mode 100644 desktop/apps/app-ui/src/views/Sessions.tsx

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 279bd23..902eb5e 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -117,7 +117,14 @@ func short(s string) string {
 func (a *App) runAgentTurn(turnID, projectID, message string) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
 
-	cwd := a.projectCwd(projectID)
+	// Sessions are the first-class unit now (vendored ADE reference);
+	// projects are an optional separate catalog. Try the session ledger
+	// first; fall back to the project ledger so older calls still work
+	// during the migration.
+	cwd := a.sessionCwd(projectID)
+	if cwd == "" {
+		cwd = a.projectCwd(projectID)
+	}
 	if cwd != "" {
 		// Tool routing demo: list the project root via Bash so the
 		// renderer's tool-start / tool-end chips light up and the response
diff --git a/cmd/clawtool-installer/sessions.go b/cmd/clawtool-installer/sessions.go
new file mode 100644
index 0000000..52eb6aa
--- /dev/null
+++ b/cmd/clawtool-installer/sessions.go
@@ -0,0 +1,243 @@
+// Sessions — the first-class unit of conversation, grounded in the
+// vendored ADE reference under vendor/: an AIConversation starts with
+// zero required fields, and a folder (cwd) + environment are nullable
+// metadata attached when the operator picks them. Sessions live here, not
+// projects — projects are a separate optional catalog of "saved
+// workspaces" that a session can attach to via the composer's workspace
+// chip.
+//
+// Persisted at ~/.config/clawtool/sessions.json. Bindings are kept thin
+// (list/create/touch/set-cwd/set-env/remove); the title is derived
+// lazily from the first user message on the renderer side so the
+// backend doesn't have to second-guess UX.
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// Session is one conversation. cwd + env are intentionally optional —
+// the vendored reference's AIConversation::new() (conversation.rs:340)
+// takes neither at creation; both can land via composer chips later.
+type Session struct {
+	ID           string    `json:"id"`
+	Title        string    `json:"title,omitempty"`
+	Cwd          string    `json:"cwd,omitempty"`
+	Env          string    `json:"env,omitempty"` // "" = Local; otherwise a paired peer id
+	CreatedAt    time.Time `json:"created_at"`
+	LastModified time.Time `json:"last_modified"`
+}
+
+func sessionsPath() (string, error) {
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return "", errors.New("can't resolve home directory")
+	}
+	return filepath.Join(home, ".config", "clawtool", "sessions.json"), nil
+}
+
+func loadSessions() ([]Session, error) {
+	p, err := sessionsPath()
+	if err != nil {
+		return nil, err
+	}
+	b, err := os.ReadFile(p)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return []Session{}, nil
+		}
+		return nil, err
+	}
+	if len(b) == 0 {
+		return []Session{}, nil
+	}
+	var out []Session
+	if err := json.Unmarshal(b, &out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func saveSessions(ss []Session) error {
+	p, err := sessionsPath()
+	if err != nil {
+		return err
+	}
+	if err := os.MkdirAll(filepath.Dir(p), 0o700); err != nil {
+		return err
+	}
+	body, err := json.MarshalIndent(ss, "", "  ")
+	if err != nil {
+		return err
+	}
+	return os.WriteFile(p, append(body, '\n'), 0o600)
+}
+
+// SessionsList returns sessions ordered newest-modified first — Recents
+// sort order from the vendored reference's conversation_list/view.rs.
+func (a *App) SessionsList() string {
+	ss, err := loadSessions()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	for i := 1; i < len(ss); i++ {
+		for j := i; j > 0 && ss[j].LastModified.After(ss[j-1].LastModified); j-- {
+			ss[j-1], ss[j] = ss[j], ss[j-1]
+		}
+	}
+	b, _ := json.Marshal(ss)
+	return string(b)
+}
+
+// SessionsCreate mints a fresh session with no fields required. The UI
+// can call this on "+ New session" click and immediately drop the
+// operator into an empty conversation — no form, no folder picker, no
+// env step. cwd and env can land later via composer chips.
+func (a *App) SessionsCreate() string {
+	now := time.Now().UTC()
+	s := Session{
+		ID:           uuid.NewString(),
+		CreatedAt:    now,
+		LastModified: now,
+	}
+	ss, _ := loadSessions()
+	ss = append(ss, s)
+	if err := saveSessions(ss); err != nil {
+		return jsonErr(err.Error())
+	}
+	b, _ := json.Marshal(map[string]any{"ok": true, "session": s})
+	return string(b)
+}
+
+// SessionsTouch bumps last_modified so the session bubbles to the top of
+// Recents — called on selection and after each turn completes.
+func (a *App) SessionsTouch(id string) string {
+	return a.sessionsUpdate(id, func(s *Session) {
+		s.LastModified = time.Now().UTC()
+	})
+}
+
+// SessionsSetTitle persists a title derived from the first user message
+// (lazy titling — the vendored reference does this in history_model:60).
+func (a *App) SessionsSetTitle(id, title string) string {
+	title = strings.TrimSpace(title)
+	if title == "" {
+		return jsonErr("title is required")
+	}
+	if len(title) > 80 {
+		title = title[:80]
+	}
+	return a.sessionsUpdate(id, func(s *Session) {
+		s.Title = title
+		s.LastModified = time.Now().UTC()
+	})
+}
+
+// SessionsSetCwd attaches (or clears with "") a working directory to a
+// session. The composer's workspace chip drives this — vendored
+// reference's composer chip semantics (agent_input_footer chips.rs).
+func (a *App) SessionsSetCwd(id, cwd string) string {
+	cwd = strings.TrimSpace(cwd)
+	if cwd != "" {
+		if strings.HasPrefix(cwd, "~") {
+			if home, err := os.UserHomeDir(); err == nil && home != "" {
+				cwd = filepath.Join(home, strings.TrimPrefix(cwd, "~"))
+			}
+		}
+		if abs, err := filepath.Abs(cwd); err == nil {
+			cwd = abs
+		}
+		if fi, err := os.Stat(cwd); err != nil {
+			return jsonErr("folder doesn't exist: " + cwd)
+		} else if !fi.IsDir() {
+			return jsonErr("not a folder: " + cwd)
+		}
+	}
+	return a.sessionsUpdate(id, func(s *Session) {
+		s.Cwd = cwd
+		s.LastModified = time.Now().UTC()
+	})
+}
+
+// SessionsSetEnv attaches a runtime environment to a session. "" = Local
+// (the default); a paired peer's id routes the conversation to that
+// device's daemon (see AgentSend's peerID path).
+func (a *App) SessionsSetEnv(id, env string) string {
+	return a.sessionsUpdate(id, func(s *Session) {
+		s.Env = strings.TrimSpace(env)
+		s.LastModified = time.Now().UTC()
+	})
+}
+
+// SessionsRemove deletes a session from the ledger.
+func (a *App) SessionsRemove(id string) string {
+	id = strings.TrimSpace(id)
+	if id == "" {
+		return jsonErr("session id is required")
+	}
+	ss, _ := loadSessions()
+	out := ss[:0]
+	found := false
+	for _, s := range ss {
+		if s.ID == id {
+			found = true
+			continue
+		}
+		out = append(out, s)
+	}
+	if !found {
+		return jsonErr("no session with that id")
+	}
+	if err := saveSessions(out); err != nil {
+		return jsonErr(err.Error())
+	}
+	return `{"ok":true}`
+}
+
+func (a *App) sessionsUpdate(id string, fn func(*Session)) string {
+	id = strings.TrimSpace(id)
+	if id == "" {
+		return jsonErr("session id is required")
+	}
+	ss, err := loadSessions()
+	if err != nil {
+		return jsonErr(err.Error())
+	}
+	for i := range ss {
+		if ss[i].ID == id {
+			fn(&ss[i])
+			if err := saveSessions(ss); err != nil {
+				return jsonErr(err.Error())
+			}
+			b, _ := json.Marshal(map[string]any{"ok": true, "session": ss[i]})
+			return string(b)
+		}
+	}
+	return jsonErr("no session with that id")
+}
+
+// sessionCwd resolves a session id to its attached cwd ("" when none).
+// Called by the agent dispatch so tool routing uses the session's chip
+// state instead of an ambient project.
+func (a *App) sessionCwd(sessionID string) string {
+	if strings.TrimSpace(sessionID) == "" {
+		return ""
+	}
+	ss, err := loadSessions()
+	if err != nil {
+		return ""
+	}
+	for _, s := range ss {
+		if s.ID == sessionID {
+			return s.Cwd
+		}
+	}
+	return ""
+}
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index dcbac46..36c53ce 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -1,28 +1,28 @@
 import { useEffect, useState } from "react";
 import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
 import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
-import { Bot, FolderKanban, House, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
+import { Bot, House, MessageSquarePlus, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
 import { Home } from "./views/Home";
 import { Agents } from "./views/Agents";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
 import { Settings } from "./views/Settings";
-import { Projects } from "./views/Projects";
-import { ProjectWorkspace } from "./views/ProjectWorkspace";
+import { Sessions } from "./views/Sessions";
+import { SessionView } from "./views/SessionView";
 import { PairPrompt } from "./components/PairPrompt";
-import type { Project } from "@clawtool/bridge";
+import type { Session } from "@clawtool/bridge";
 import styles from "./App.module.css";
 
-type View = "projects" | "home" | "agents" | "network" | "updates" | "settings";
+type View = "sessions" | "home" | "agents" | "network" | "updates" | "settings";
 
 export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
   const [brand, setBrand] = useState<Brand>({ name: "clawtool", cli: "clawtool", tagline: "", installDir: "", version: "" });
-  // Projects is the new ADE landing — the desktop opens to the project list,
-  // and clicking a project drills into its workspace (full main area). The
-  // legacy tabs stay as secondary nav while we migrate.
-  const [view, setView] = useState<View>("projects");
-  const [openProject, setOpenProject] = useState<Project | null>(null);
+  // Sessions is the ADE landing — chat-first per the vendored reference;
+  // projects aren't a prerequisite. Click "+ New session" or a recent to
+  // drill into its conversation; other nav items are secondary.
+  const [view, setView] = useState<View>("sessions");
+  const [openSession, setOpenSession] = useState<Session | null>(null);
 
   useEffect(() => {
     environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
@@ -52,10 +52,10 @@ export function App() {
           }
         >
           <NavItem
-            icon={<FolderKanban {...ic} />}
-            label="Projects"
-            active={view === "projects"}
-            onClick={() => setView("projects")}
+            icon={<MessageSquarePlus {...ic} />}
+            label="Sessions"
+            active={view === "sessions"}
+            onClick={() => setView("sessions")}
           />
           <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
           <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
@@ -68,11 +68,17 @@ export function App() {
               instead of unmounting, so state + scroll persist and switching
               tabs never flashes an empty re-load. Views refresh in the
               background only while active. */}
-          <div className={styles.page} style={view === "projects" && !openProject ? undefined : hidden}>
-            <Projects active={view === "projects" && !openProject} onOpen={(p) => setOpenProject(p)} />
+          <div className={styles.page} style={view === "sessions" && !openSession ? undefined : hidden}>
+            <Sessions active={view === "sessions" && !openSession} onOpen={(s) => setOpenSession(s)} />
           </div>
-          <div className={styles.page} style={view === "projects" && openProject ? undefined : hidden}>
-            {openProject ? <ProjectWorkspace project={openProject} onBack={() => setOpenProject(null)} /> : null}
+          <div className={styles.page} style={view === "sessions" && openSession ? undefined : hidden}>
+            {openSession ? (
+              <SessionView
+                session={openSession}
+                onBack={() => setOpenSession(null)}
+                onTitleUpdate={(title) => setOpenSession((s) => (s ? { ...s, title } : s))}
+              />
+            ) : null}
           </div>
           <div className={styles.page} style={view === "home" ? undefined : hidden}>
             <Home brand={brand} active={view === "home"} onNavigate={(v) => setView(v as View)} />
diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
index 3549f5a..044138f 100644
--- a/desktop/apps/app-ui/src/components/Conversation.module.css
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -80,12 +80,64 @@
 }
 .composer {
   display: flex;
+  flex-direction: column;
   gap: 8px;
-  align-items: flex-end;
   border-top: 1px solid var(--hairline);
   padding-top: 12px;
 }
-.composer textarea {
+.chips {
+  display: flex;
+  gap: 6px;
+  align-items: center;
+  flex-wrap: wrap;
+}
+.chip {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 4px 10px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-pill);
+  background: var(--surface-recessed);
+  color: var(--text-secondary);
+  font-size: 11.5px;
+  cursor: pointer;
+  transition: border-color 0.12s, color 0.12s, background 0.12s;
+}
+.chip:hover { border-color: var(--hairline-strong); color: var(--text); background: var(--hover); }
+.envChipWrap { position: relative; }
+.envMenu {
+  position: absolute;
+  bottom: calc(100% + 4px);
+  left: 0;
+  min-width: 220px;
+  background: var(--surface);
+  border: 1px solid var(--hairline-strong);
+  border-radius: var(--radius-md);
+  box-shadow: var(--shadow-overlay);
+  padding: 4px;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  z-index: 20;
+}
+.envItem {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 6px 10px;
+  border: 0;
+  background: transparent;
+  color: var(--text);
+  font-size: 12.5px;
+  text-align: left;
+  cursor: pointer;
+  border-radius: var(--radius-sm);
+}
+.envItem:hover { background: var(--hover); }
+.envEmpty { padding: 6px 10px; color: var(--text-tertiary); font-size: 12px; }
+.composerRow { display: flex; gap: 8px; align-items: flex-end; }
+.composerRow textarea {
   flex: 1;
   font: inherit;
   font-size: 13.5px;
@@ -99,17 +151,5 @@
   min-height: 44px;
   max-height: 160px;
 }
-.composer textarea:focus { outline: none; border-color: var(--accent); }
+.composerRow textarea:focus { outline: none; border-color: var(--accent); }
 .empty { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
-.composerActions { display: flex; flex-direction: column; gap: 6px; align-items: stretch; }
-.targetSelect {
-  font: inherit;
-  font-size: 12px;
-  padding: 5px 8px;
-  border: 1px solid var(--hairline);
-  border-radius: var(--radius-sm);
-  background: var(--surface);
-  color: var(--text-secondary);
-  max-width: 180px;
-}
-.targetSelect:focus { outline: none; border-color: var(--accent); color: var(--text); }
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index c8d1815..26b2c00 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -1,47 +1,55 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
 import { Button } from "@clawtool/design-system";
-import { App, on, type AgentEvent, type Peer, type Project } from "@clawtool/bridge";
+import { App, on, type AgentEvent, type Peer, type Session } from "@clawtool/bridge";
+import { Folder, FolderX, Monitor } from "lucide-react";
 import styles from "./Conversation.module.css";
 
 type Msg =
   | { kind: "user"; text: string }
   | { kind: "assistant"; text: string; tools: string[]; streaming: boolean };
 
-// Per-project conversation transcript. Mounted once per project (the
-// containing view stays mounted thanks to keep-alive routing) so the
-// transcript persists when the user navigates away and comes back.
-export function Conversation({ project }: { project: Project }) {
+// Per-session conversation. cwd + env live on the session itself and
+// show up as clickable chips above the editor — Folder picker drops a
+// cwd onto the session; the env chip swaps Local for any paired peer.
+export function Conversation({
+  session,
+  onTitleUpdate,
+}: {
+  session: Session;
+  onTitleUpdate?: (title: string) => void;
+}) {
   const [messages, setMessages] = useState<Msg[]>([]);
   const [input, setInput] = useState("");
   const [sending, setSending] = useState(false);
   const [peers, setPeers] = useState<Peer[]>([]);
-  // Empty string = "Local" (run this device). Otherwise the selected peer id
-  // routes the turn via mTLS relay to that paired device's daemon.
-  const [target, setTarget] = useState("");
+  const [cwd, setCwd] = useState<string>(session.cwd || "");
+  const [env, setEnv] = useState<string>(session.env || "");
+  const [envOpen, setEnvOpen] = useState(false);
   const turnRef = useRef<string>("");
   const scrollRef = useRef<HTMLDivElement | null>(null);
-  const taRef = useRef<HTMLTextAreaElement | null>(null);
 
-  // Refresh the paired-peers list so the "Run on" dropdown reflects the
-  // current network. Cheap call; fine to repeat on a small interval.
+  // Keep local state in sync if the session swaps out from under us.
+  useEffect(() => {
+    setMessages([]);
+    setCwd(session.cwd || "");
+    setEnv(session.env || "");
+  }, [session.id]);
+
   useEffect(() => {
     let alive = true;
-    async function load() {
+    async function loadPeers() {
       const snap = await App.networkSnapshot();
       if (!alive) return;
       if (snap.ok === true) setPeers(snap.peers?.peers ?? []);
     }
-    load();
-    const t = setInterval(load, 5000);
+    loadPeers();
+    const t = setInterval(loadPeers, 5000);
     return () => {
       alive = false;
       clearInterval(t);
     };
   }, []);
 
-  // Subscribe to the agent event stream for THIS project. We filter by
-  // turn id so deltas from a different project's pending turn (e.g. user
-  // switched projects mid-stream) don't bleed into this transcript.
   useEffect(() => {
     const off = on<AgentEvent>("agent:event", (ev) => {
       if (!turnRef.current || ev.turn_id !== turnRef.current) return;
@@ -92,11 +100,17 @@ export function Conversation({ project }: { project: Project }) {
       { kind: "user", text },
       { kind: "assistant", text: "", tools: [], streaming: true },
     ]);
-    const r = (await App.agentSend(project.id, text, target)) as Record<string, unknown>;
+    // Lazy-derive the title from the first user message — the vendored
+    // reference's history_model:60 pattern. Only when not already set.
+    if (!session.title && onTitleUpdate) {
+      const t = text.length > 60 ? text.slice(0, 60) + "…" : text;
+      App.sessionsSetTitle(session.id, t);
+      onTitleUpdate(t);
+    }
+    const r = (await App.agentSend(session.id, text, env)) as Record<string, unknown>;
     if (r.ok && typeof r.turn_id === "string") {
       turnRef.current = r.turn_id;
     } else {
-      // Surface the immediate failure in the assistant slot.
       setMessages((m) => {
         const last = m[m.length - 1];
         if (!last || last.kind !== "assistant") return m;
@@ -112,6 +126,25 @@ export function Conversation({ project }: { project: Project }) {
     }
   }
 
+  async function pickFolder() {
+    const r = (await App.projectsPickFolder()) as Record<string, unknown>;
+    if (r.ok && typeof r.path === "string" && r.path) {
+      await App.sessionsSetCwd(session.id, r.path);
+      setCwd(r.path);
+    }
+  }
+
+  async function clearFolder() {
+    await App.sessionsSetCwd(session.id, "");
+    setCwd("");
+  }
+
+  async function chooseEnv(next: string) {
+    await App.sessionsSetEnv(session.id, next);
+    setEnv(next);
+    setEnvOpen(false);
+  }
+
   function onKey(e: KeyboardEvent<HTMLTextAreaElement>) {
     if (e.key === "Enter" && !e.shiftKey) {
       e.preventDefault();
@@ -119,12 +152,17 @@ export function Conversation({ project }: { project: Project }) {
     }
   }
 
+  const envLabel =
+    env === "" ? "Local" : peers.find((p) => p.peer_id === env)?.display_name || `peer ${env.slice(0, 8)}`;
+  const cwdLabel = cwd ? cwd.split("/").pop() || cwd : "No folder";
+
   return (
     <div className={styles.wrap}>
       <div className={styles.transcript} ref={scrollRef}>
         {messages.length === 0 ? (
           <div className={styles.empty}>
-            Working in <code>{project.cwd}</code>. Ask the agent for anything.
+            New conversation. {cwd ? `Working in ${cwd}.` : "No folder attached — ask anything."} Use the chips below to
+            attach a folder or run on another device.
           </div>
         ) : (
           messages.map((m, i) => (
@@ -155,30 +193,45 @@ export function Conversation({ project }: { project: Project }) {
           ))
         )}
       </div>
+
       <div className={styles.composer}>
-        <textarea
-          ref={taRef}
-          placeholder="Send a message to the agent — Enter to send, Shift+Enter for newline"
-          value={input}
-          onChange={(e) => setInput(e.target.value)}
-          onKeyDown={onKey}
-          disabled={sending}
-        />
-        <div className={styles.composerActions}>
-          <select
-            className={styles.targetSelect}
-            value={target}
-            onChange={(e) => setTarget(e.target.value)}
+        <div className={styles.chips}>
+          <div className={styles.envChipWrap}>
+            <button type="button" className={styles.chip} onClick={() => setEnvOpen((v) => !v)} disabled={sending}>
+              <Monitor size={12} /> {envLabel}
+            </button>
+            {envOpen ? (
+              <div className={styles.envMenu}>
+                <button type="button" className={styles.envItem} onClick={() => chooseEnv("")}>
+                  <Monitor size={12} /> Local (this device)
+                </button>
+                {peers.map((p) => (
+                  <button key={p.peer_id} type="button" className={styles.envItem} onClick={() => chooseEnv(p.peer_id)}>
+                    {p.display_name || p.peer_id.slice(0, 12)}
+                  </button>
+                ))}
+                {peers.length === 0 ? <div className={styles.envEmpty}>No paired devices yet.</div> : null}
+              </div>
+            ) : null}
+          </div>
+          {cwd ? (
+            <button type="button" className={styles.chip} onClick={clearFolder} title={cwd}>
+              <Folder size={12} /> {cwdLabel} <FolderX size={11} style={{ opacity: 0.6, marginLeft: 2 }} />
+            </button>
+          ) : (
+            <button type="button" className={styles.chip} onClick={pickFolder}>
+              <Folder size={12} /> Attach folder
+            </button>
+          )}
+        </div>
+        <div className={styles.composerRow}>
+          <textarea
+            placeholder="Describe a task or ask a question — Enter to send, Shift+Enter for newline"
+            value={input}
+            onChange={(e) => setInput(e.target.value)}
+            onKeyDown={onKey}
             disabled={sending}
-            title="Run this turn on a paired device instead of locally"
-          >
-            <option value="">Run on this device</option>
-            {peers.map((p) => (
-              <option key={p.peer_id} value={p.peer_id}>
-                {p.display_name || p.peer_id}
-              </option>
-            ))}
-          </select>
+          />
           <Button variant="primary" disabled={sending || !input.trim()} onClick={send}>
             Send
           </Button>
diff --git a/desktop/apps/app-ui/src/dev-stubs.ts b/desktop/apps/app-ui/src/dev-stubs.ts
index 426d8e3..1788c34 100644
--- a/desktop/apps/app-ui/src/dev-stubs.ts
+++ b/desktop/apps/app-ui/src/dev-stubs.ts
@@ -87,6 +87,18 @@ export function installDevStubs(platform: "windows" | "darwin" = "windows") {
     ProjectsRemove: () => J({ ok: true }),
     ProjectsTouch: () => J({ ok: true }),
     ProjectsPickFolder: () => J({ ok: true, path: "/Users/bahadirarda/Documents/Workspaces/cogitave.com/repos/clawtool" }),
+    SessionsList: () =>
+      J([
+        { id: "s-1", title: "Refactor pairing handshake", cwd: "/Users/bahadirarda/Documents/Workspaces/cogitave.com/repos/clawtool", env: "", created_at: "2026-05-29T01:00:00Z", last_modified: "2026-05-29T01:30:00Z" },
+        { id: "s-2", title: "What does the daemon log say?", cwd: "", env: "p1", created_at: "2026-05-29T00:00:00Z", last_modified: "2026-05-29T00:10:00Z" },
+      ]),
+    SessionsCreate: () =>
+      J({ ok: true, session: { id: `s-${Math.random().toString(36).slice(2, 7)}`, created_at: new Date().toISOString(), last_modified: new Date().toISOString() } }),
+    SessionsTouch: () => J({ ok: true }),
+    SessionsSetTitle: (...a: unknown[]) => J({ ok: true, session: { id: String(a[0]), title: String(a[1]) } }),
+    SessionsSetCwd: (...a: unknown[]) => J({ ok: true, session: { id: String(a[0]), cwd: String(a[1]) } }),
+    SessionsSetEnv: (...a: unknown[]) => J({ ok: true, session: { id: String(a[0]), env: String(a[1]) } }),
+    SessionsRemove: () => J({ ok: true }),
     AgentSend: (...a: unknown[]) => {
       const turnID = `t-${Math.random().toString(36).slice(2, 10)}`;
       const projectID = String(a[0] ?? "");
diff --git a/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx b/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx
deleted file mode 100644
index 7bf88cb..0000000
--- a/desktop/apps/app-ui/src/views/ProjectWorkspace.tsx
+++ /dev/null
@@ -1,29 +0,0 @@
-import { Button } from "@clawtool/design-system";
-import { ChevronLeft } from "lucide-react";
-import type { Project } from "@clawtool/bridge";
-import { Conversation } from "../components/Conversation";
-import styles from "../App.module.css";
-
-// One project, full main area: a thin header (back affordance + label + cwd),
-// then the conversation/work surface taking the rest of the column. List and
-// content are NOT side by side — you drill in from Projects to land here, and
-// the back arrow returns to the list.
-export function ProjectWorkspace({ project, onBack }: { project: Project; onBack: () => void }) {
-  return (
-    <>
-      <div className={styles.head}>
-        <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
-          <Button variant="ghost" onClick={onBack} aria-label="Back to projects">
-            <ChevronLeft size={16} style={{ verticalAlign: "-2px" }} />
-            Projects
-          </Button>
-          <div>
-            <h1 className={styles.vh}>{project.label}</h1>
-            <div className={styles.lead}>{project.cwd}</div>
-          </div>
-        </div>
-      </div>
-      <Conversation project={project} />
-    </>
-  );
-}
diff --git a/desktop/apps/app-ui/src/views/Projects.tsx b/desktop/apps/app-ui/src/views/Projects.tsx
deleted file mode 100644
index d1297fe..0000000
--- a/desktop/apps/app-ui/src/views/Projects.tsx
+++ /dev/null
@@ -1,181 +0,0 @@
-import { useEffect, useState } from "react";
-import { Badge, Button, SectionHeader } from "@clawtool/design-system";
-import { App, type Project } from "@clawtool/bridge";
-import { ChevronRight, FolderPlus, Trash2 } from "lucide-react";
-import { Toast } from "../components/Toast";
-import styles from "../App.module.css";
-
-// Projects is purely a navigation surface — a slim list you drill INTO.
-// Clicking a row hands the project up to the shell; the shell swaps in the
-// per-project workspace as the whole main area (no side-by-side). Add /
-// remove / reorder live here; the actual agent conversation lives in
-// ProjectWorkspace.
-export function Projects({ active, onOpen }: { active?: boolean; onOpen: (p: Project) => void }) {
-  const [projects, setProjects] = useState<Project[]>([]);
-  const [addOpen, setAddOpen] = useState(false);
-  const [cwd, setCwd] = useState("");
-  const [label, setLabel] = useState("");
-  const [busy, setBusy] = useState(false);
-  const [toast, setToast] = useState("");
-
-  async function load() {
-    const list = await App.projectsList();
-    setProjects(Array.isArray(list) ? list : []);
-  }
-  useEffect(() => {
-    if (active !== false) load();
-  }, [active]);
-
-  async function addProject() {
-    const trimmed = cwd.trim();
-    if (!trimmed) {
-      setToast("Pick a folder first");
-      return;
-    }
-    setBusy(true);
-    const r = (await App.projectsAdd(label.trim(), trimmed)) as Record<string, unknown>;
-    if (r.ok) {
-      setAddOpen(false);
-      setCwd("");
-      setLabel("");
-      await load();
-      const p = (r.project as Project) ?? null;
-      if (p) onOpen(p);
-    } else {
-      setToast(typeof r.error === "string" ? r.error : "Couldn't add project");
-    }
-    setBusy(false);
-  }
-
-  async function open(p: Project) {
-    await App.projectsTouch(p.id);
-    onOpen(p);
-  }
-
-  async function removeProject(p: Project) {
-    setBusy(true);
-    const r = (await App.projectsRemove(p.id)) as Record<string, unknown>;
-    setBusy(false);
-    if (r.ok) {
-      setToast(`Removed ${p.label}`);
-      await load();
-    } else {
-      setToast(typeof r.error === "string" ? r.error : "Couldn't remove");
-    }
-  }
-
-  return (
-    <>
-      <div className={styles.head}>
-        <div>
-          <h1 className={styles.vh}>Projects</h1>
-          <div className={styles.lead}>
-            Each project anchors the agent to a working directory — click one to enter its workspace.
-          </div>
-        </div>
-        <div className={styles.actionSlot}>
-          <Button variant="secondary" onClick={() => setAddOpen(true)}>
-            <FolderPlus size={14} style={{ marginRight: 6, verticalAlign: "-2px" }} />
-            Add project
-          </Button>
-        </div>
-      </div>
-
-      {addOpen ? (
-        <div className={styles.field} style={{ marginTop: 12 }}>
-          <div className={styles.fieldHead}>
-            <div className={styles.st}>New project</div>
-          </div>
-          <div className={styles.sd}>The folder the agent will operate against.</div>
-          <div style={{ display: "flex", flexDirection: "column", gap: 8, marginTop: 10 }}>
-            <div style={{ display: "flex", gap: 8 }}>
-              <input
-                className={styles.input}
-                placeholder="/path/to/project"
-                value={cwd}
-                autoFocus
-                onChange={(e) => setCwd(e.target.value)}
-                onKeyDown={(e) => {
-                  if (e.key === "Enter") addProject();
-                  if (e.key === "Escape") setAddOpen(false);
-                }}
-                style={{ flex: 1 }}
-              />
-              <Button
-                variant="secondary"
-                onClick={async () => {
-                  const r = (await App.projectsPickFolder()) as Record<string, unknown>;
-                  if (r.ok && typeof r.path === "string" && r.path) setCwd(r.path);
-                }}
-              >
-                Pick folder…
-              </Button>
-            </div>
-            <input
-              className={styles.input}
-              placeholder="Label (optional — defaults to folder name)"
-              value={label}
-              onChange={(e) => setLabel(e.target.value)}
-            />
-            <div style={{ display: "flex", gap: 10 }}>
-              <Button variant="primary" onClick={addProject} disabled={busy || !cwd.trim()}>
-                Add
-              </Button>
-              <Button variant="ghost" onClick={() => setAddOpen(false)}>
-                Cancel
-              </Button>
-            </div>
-          </div>
-        </div>
-      ) : null}
-
-      <SectionHeader title={projects.length ? `${projects.length} ${projects.length === 1 ? "project" : "projects"}` : "No projects"} />
-      {projects.length === 0 ? (
-        <div className={styles.sd} style={{ marginTop: 8 }}>
-          No projects yet. Add one above — pick a folder, give it a label, and the agent will work against it.
-        </div>
-      ) : (
-        <div className={styles.deviceList}>
-          {projects.map((p) => (
-            <div key={p.id} className={styles.device}>
-              <button
-                type="button"
-                className={styles.deviceRow}
-                style={{
-                  border: 0,
-                  cursor: "pointer",
-                  textAlign: "left",
-                  width: "100%",
-                  background: "transparent",
-                }}
-                onClick={() => open(p)}
-              >
-                <div style={{ minWidth: 0, flex: 1 }}>
-                  <div className={styles.deviceName}>{p.label}</div>
-                  <div className={styles.deviceMeta}>{p.cwd}</div>
-                </div>
-                <span className={styles.deviceRight}>
-                  {p.last_used_at ? <Badge tone="neutral">recent</Badge> : null}
-                  <Button
-                    variant="ghost"
-                    disabled={busy}
-                    onClick={(e) => {
-                      e.stopPropagation();
-                      removeProject(p);
-                    }}
-                    aria-label={`Remove ${p.label}`}
-                  >
-                    <Trash2 size={14} />
-                  </Button>
-                  <ChevronRight size={16} style={{ color: "var(--text-tertiary)" }} />
-                </span>
-              </button>
-            </div>
-          ))}
-        </div>
-      )}
-
-      <Toast message={toast} onClear={() => setToast("")} />
-    </>
-  );
-}
diff --git a/desktop/apps/app-ui/src/views/SessionView.tsx b/desktop/apps/app-ui/src/views/SessionView.tsx
new file mode 100644
index 0000000..e7a2e32
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/SessionView.tsx
@@ -0,0 +1,36 @@
+import { Button } from "@clawtool/design-system";
+import { ChevronLeft } from "lucide-react";
+import type { Session } from "@clawtool/bridge";
+import { Conversation } from "../components/Conversation";
+import styles from "../App.module.css";
+
+// Full main area for one session. Title and metadata live in the header
+// (cwd/env appear as chips inside the composer, not duplicated here),
+// then the Conversation occupies the rest of the column.
+export function SessionView({
+  session,
+  onBack,
+  onTitleUpdate,
+}: {
+  session: Session;
+  onBack: () => void;
+  onTitleUpdate?: (title: string) => void;
+}) {
+  return (
+    <>
+      <div className={styles.head}>
+        <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
+          <Button variant="ghost" onClick={onBack} aria-label="Back to sessions">
+            <ChevronLeft size={16} style={{ verticalAlign: "-2px" }} />
+            Sessions
+          </Button>
+          <div>
+            <h1 className={styles.vh}>{session.title || "Untitled chat"}</h1>
+            <div className={styles.lead}>{session.cwd || "No folder attached"}</div>
+          </div>
+        </div>
+      </div>
+      <Conversation session={session} onTitleUpdate={onTitleUpdate} />
+    </>
+  );
+}
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
new file mode 100644
index 0000000..fcdeb59
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -0,0 +1,114 @@
+import { useEffect, useState } from "react";
+import { Badge, Button, SectionHeader } from "@clawtool/design-system";
+import { App, type Session } from "@clawtool/bridge";
+import { Plus, Trash2 } from "lucide-react";
+import { Toast } from "../components/Toast";
+import styles from "../App.module.css";
+
+// Sessions — the ADE landing. "+ New session" is the primary action; it
+// mints an empty conversation instantly, no setup. Workspace + env land
+// later via composer chips, not via an Add-Project form. Recents below.
+// Grounded in the vendored reference's conversation_list pattern.
+export function Sessions({ active, onOpen }: { active?: boolean; onOpen: (s: Session) => void }) {
+  const [sessions, setSessions] = useState<Session[]>([]);
+  const [busy, setBusy] = useState(false);
+  const [toast, setToast] = useState("");
+
+  async function load() {
+    const list = await App.sessionsList();
+    setSessions(Array.isArray(list) ? list : []);
+  }
+  useEffect(() => {
+    if (active !== false) load();
+  }, [active]);
+
+  async function newSession() {
+    setBusy(true);
+    const r = (await App.sessionsCreate()) as Record<string, unknown>;
+    setBusy(false);
+    if (r.ok && r.session) {
+      await load();
+      onOpen(r.session as Session);
+    } else {
+      setToast(typeof r.error === "string" ? r.error : "Couldn't create session");
+    }
+  }
+
+  async function open(s: Session) {
+    await App.sessionsTouch(s.id);
+    onOpen(s);
+  }
+
+  async function remove(s: Session) {
+    setBusy(true);
+    const r = (await App.sessionsRemove(s.id)) as Record<string, unknown>;
+    setBusy(false);
+    if (r.ok) {
+      setToast(`Removed ${s.title || "session"}`);
+      await load();
+    } else {
+      setToast(typeof r.error === "string" ? r.error : "Couldn't remove");
+    }
+  }
+
+  return (
+    <>
+      <div className={styles.head}>
+        <div>
+          <h1 className={styles.vh}>Sessions</h1>
+          <div className={styles.lead}>Start chatting with an agent — folder and environment are optional.</div>
+        </div>
+        <div className={styles.actionSlot}>
+          <Button variant="primary" onClick={newSession} disabled={busy}>
+            <Plus size={14} style={{ marginRight: 6, verticalAlign: "-2px" }} />
+            New session
+          </Button>
+        </div>
+      </div>
+
+      <SectionHeader title={sessions.length ? "Recents" : "No sessions yet"} />
+      {sessions.length === 0 ? (
+        <div className={styles.sd} style={{ marginTop: 8 }}>
+          Hit <b>New session</b> above to start a conversation. You can attach a folder or pick a remote device later via
+          the composer chips.
+        </div>
+      ) : (
+        <div className={styles.deviceList}>
+          {sessions.map((s) => (
+            <div key={s.id} className={styles.device}>
+              <button
+                type="button"
+                className={styles.deviceRow}
+                style={{ border: 0, cursor: "pointer", textAlign: "left", width: "100%", background: "transparent" }}
+                onClick={() => open(s)}
+              >
+                <div style={{ minWidth: 0, flex: 1 }}>
+                  <div className={styles.deviceName}>{s.title || "Untitled chat"}</div>
+                  <div className={styles.deviceMeta}>
+                    {[s.env ? `env: ${s.env.slice(0, 12)}…` : "Local", s.cwd || "no folder"].join(" · ")}
+                  </div>
+                </div>
+                <span className={styles.deviceRight}>
+                  {s.env ? <Badge tone="accent">remote</Badge> : null}
+                  <Button
+                    variant="ghost"
+                    disabled={busy}
+                    onClick={(e) => {
+                      e.stopPropagation();
+                      remove(s);
+                    }}
+                    aria-label={`Remove ${s.title || "session"}`}
+                  >
+                    <Trash2 size={14} />
+                  </Button>
+                </span>
+              </button>
+            </div>
+          ))}
+        </div>
+      )}
+
+      <Toast message={toast} onClear={() => setToast("")} />
+    </>
+  );
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 82767d7..c5dd09e 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -13,6 +13,7 @@ import type {
   PeerAgentsResult,
   Project,
   Result,
+  Session,
   UpdateInfo,
 } from "./types";
 
@@ -69,6 +70,18 @@ export const App = {
   projectsTouch: (id: string) => callJSON<Result>("ProjectsTouch", OK_FALSE, id),
   projectsPickFolder: () => callJSON<Result & { path?: string }>("ProjectsPickFolder", OK_FALSE),
 
+  // sessions — first-class conversations, attached cwd/env optional
+  sessionsList: () => callJSON<Session[]>("SessionsList", []),
+  sessionsCreate: () => callJSON<Result & { session?: Session }>("SessionsCreate", OK_FALSE),
+  sessionsTouch: (id: string) => callJSON<Result & { session?: Session }>("SessionsTouch", OK_FALSE, id),
+  sessionsSetTitle: (id: string, title: string) =>
+    callJSON<Result & { session?: Session }>("SessionsSetTitle", OK_FALSE, id, title),
+  sessionsSetCwd: (id: string, cwd: string) =>
+    callJSON<Result & { session?: Session }>("SessionsSetCwd", OK_FALSE, id, cwd),
+  sessionsSetEnv: (id: string, env: string) =>
+    callJSON<Result & { session?: Session }>("SessionsSetEnv", OK_FALSE, id, env),
+  sessionsRemove: (id: string) => callJSON<Result>("SessionsRemove", OK_FALSE, id),
+
   // agent dispatch — returns a turn id; deltas/tool-events/done flow over
   // the "agent:event" channel (subscribe via bridge `on`). A non-empty
   // peerID dispatches the turn to a paired device via the daemon relay.
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index eca9ec8..5dcaa6e 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -87,6 +87,18 @@ export type Project = {
   last_used_at?: string;
 };
 
+// A session is one conversation. cwd + env are optional metadata the
+// composer's chips attach later — never required at creation. env="" =
+// Local; a paired peer id routes the turn to that device's daemon.
+export type Session = {
+  id: string;
+  title?: string;
+  cwd?: string;
+  env?: string;
+  created_at?: string;
+  last_modified?: string;
+};
+
 // Streaming event the agent dispatch emits over the "agent:event" channel.
 // Kinds: "start" | "delta" | "tool-start" | "tool-end" | "done" | "error".
 export type AgentEvent = {

From 51b3c34c8827b27d8a87a1f4635b5a1bbc50ebff Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 03:08:52 +0300
Subject: [PATCH 56/86] =?UTF-8?q?feat(desktop):=20wire=20real=20agent=20di?=
 =?UTF-8?q?spatch=20=E2=80=94=20clawtool=20supervisor=20=E2=86=92=20upstre?=
 =?UTF-8?q?am=20CLI?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The local turn was a placeholder echo. It now shells out to clawtool's
supervisor (`clawtool send --agent codex`) which dispatches the prompt to
a registered upstream (codex / gemini / opencode / claude-code) and
streams the upstream's NDJSON wire format back. Each frame is translated
into the renderer's agent:event protocol so the conversation pane shows
real model output, not canned text.

- codex is the default upstream because the supervisor refuses to
  dispatch to the calling Claude Code session ("would loop") — a
  resolvable family keeps the path real until per-session model picking
  lands.
- extractAgentText covers the common wire shapes: codex item_completed
  frames, Anthropic content_block_delta, plain text fallback for
  upstreams that don't speak JSON.
- cwd from the session lands as the subprocess Dir so tools execute in
  the operator's actual working directory.
- stderr trails through to the error event so a refused dispatch
  ("would loop") surfaces in the UI instead of dying silently.
---
 cmd/clawtool-installer/agent.go | 133 +++++++++++++++++++++++---------
 1 file changed, 97 insertions(+), 36 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 902eb5e..5a6bd80 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -7,9 +7,11 @@
 package main
 
 import (
+	"bufio"
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"os/exec"
 	"strings"
 	"time"
@@ -109,58 +111,117 @@ func short(s string) string {
 	return s
 }
 
-// runAgentTurn drives one turn against the project's cwd. Phase D wires
-// real tool routing — every turn first inspects the project (an `ls` Bash
-// tool call) so the agent is grounded in the actual filesystem — then
-// echoes a brief summary. The LLM swap (real namzu/Anthropic) is
-// orthogonal: it replaces the deltas without touching the tool plumbing.
+// runAgentTurn drives one turn LOCALLY by handing the prompt off to
+// clawtool's supervisor, which dispatches it to a registered agent
+// (codex / gemini / opencode / claude-code, etc.) and streams the
+// upstream's wire output back. We translate that stream into the
+// renderer's agent:event protocol so the conversation pane shows real
+// model output, not a placeholder.
+//
+// Agent selection: codex by default — the supervisor refuses to
+// dispatch to the calling Claude Code session ("would loop"), so a
+// resolvable family stays the safe default until per-session model
+// picking lands. cwd, when the session has one, becomes the agent's
+// working directory so tools land there.
 func (a *App) runAgentTurn(turnID, projectID, message string) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
 
-	// Sessions are the first-class unit now (vendored ADE reference);
-	// projects are an optional separate catalog. Try the session ledger
-	// first; fall back to the project ledger so older calls still work
-	// during the migration.
 	cwd := a.sessionCwd(projectID)
 	if cwd == "" {
 		cwd = a.projectCwd(projectID)
 	}
+
+	bin, err := locateClawtool()
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, bin, "send", "--agent", "codex", message)
 	if cwd != "" {
-		// Tool routing demo: list the project root via Bash so the
-		// renderer's tool-start / tool-end chips light up and the response
-		// is grounded in real filesystem state.
-		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-start", ToolName: "Bash"})
-		out, err := execBash(cwd, "ls -1 | head -20")
-		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-end", ToolName: "Bash"})
-		if err == nil {
-			files := strings.Count(strings.TrimSpace(out), "\n") + 1
-			a.emitAgent(agentEvent{
-				TurnID:    turnID,
-				ProjectID: projectID,
-				Kind:      "delta",
-				Text:      fmt.Sprintf("Working in %s — saw %d top-level entries.\n\n", cwd, files),
-			})
-			time.Sleep(120 * time.Millisecond)
-		}
+		cmd.Dir = cwd
+	}
+	hideConsole(cmd)
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "open stdout: " + err.Error()})
+		return
+	}
+	stderr, _ := cmd.StderrPipe()
+	if err := cmd.Start(); err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "dispatch: " + err.Error()})
+		return
 	}
 
-	preview := message
-	if len(preview) > 80 {
-		preview = preview[:80] + "…"
+	// Stream upstream NDJSON line-by-line and translate to delta events.
+	// Each upstream speaks a slightly different wire format; the
+	// extractAgentText helper covers the common cases (codex item
+	// frames, Anthropic content-block deltas, plain text fallbacks).
+	scanner := bufio.NewScanner(stdout)
+	scanner.Buffer(make([]byte, 0, 64*1024), 4*1024*1024)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if line == "" {
+			continue
+		}
+		if text, ok := extractAgentText(line); ok && text != "" {
+			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: text})
+		}
 	}
-	parts := []string{
-		fmt.Sprintf("You said: %q\n\n", preview),
-		"Phase D wiring is live: tool calls route through this device's daemon and execute against the active project's cwd. ",
-		"The LLM swap (real namzu runtime / Anthropic / OpenRouter) plugs in here — events stay identical. ",
-		"Phase E adds the optional peerID so this same turn can run on a paired device's daemon instead.",
+
+	// Surface stderr trailing the run so the operator sees the real
+	// failure mode (e.g. "refusing to dispatch to the calling Claude
+	// Code session") rather than a silent done.
+	var stderrBuf strings.Builder
+	if stderr != nil {
+		_, _ = io.Copy(&stderrBuf, stderr)
 	}
-	for _, p := range parts {
-		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: p})
-		time.Sleep(140 * time.Millisecond)
+	if werr := cmd.Wait(); werr != nil {
+		msg := strings.TrimSpace(stderrBuf.String())
+		if msg == "" {
+			msg = werr.Error()
+		}
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: msg})
+		return
 	}
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
+// extractAgentText pulls human-visible text out of one upstream NDJSON
+// frame. Returns ("", false) when the frame is metadata-only (thread
+// starts / usage updates) so the caller skips silently.
+func extractAgentText(line string) (string, bool) {
+	var raw map[string]any
+	if err := json.Unmarshal([]byte(line), &raw); err != nil {
+		// Non-JSON line — pass through (some upstreams print plain text).
+		return line, true
+	}
+	t, _ := raw["type"].(string)
+	switch t {
+	case "item.completed":
+		if item, ok := raw["item"].(map[string]any); ok {
+			if it, _ := item["type"].(string); it == "agent_message" {
+				if text, _ := item["text"].(string); text != "" {
+					return text, true
+				}
+			}
+		}
+	case "content_block_delta":
+		if delta, ok := raw["delta"].(map[string]any); ok {
+			if text, _ := delta["text"].(string); text != "" {
+				return text, true
+			}
+		}
+	case "text", "delta":
+		if text, _ := raw["text"].(string); text != "" {
+			return text, true
+		}
+	}
+	return "", false
+}
+
 // projectCwd resolves a project id to its working directory by re-reading
 // the on-disk ledger. Empty when the id is unknown — the responder falls
 // back to a project-less reply.

From cfc48c75ddc871fd175ac43858e14dc300d04ca6 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 03:11:44 +0300
Subject: [PATCH 57/86] =?UTF-8?q?feat(desktop):=20session-aware=20sidebar?=
 =?UTF-8?q?=20=E2=80=94=20in-session=20rail=20with=20new=20+=20recents?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Drilling into a session now reshapes the left sidebar to be conversation-
focused: a prominent "+ New session" button at the very top, a Recents
list of past conversations (last 8, clickable to switch), then the
secondary nav (Home / Agents / Network / Updates / Settings) below.
Sessions landing keeps the previous structure so the list view is still
reachable from the entry tab. The rail refreshes when a session's title
is set so the first user message bubbles up immediately.
---
 desktop/apps/app-ui/src/App.tsx               | 34 +++++++--
 .../src/components/SessionRail.module.css     | 60 ++++++++++++++++
 .../app-ui/src/components/SessionRail.tsx     | 72 +++++++++++++++++++
 3 files changed, 159 insertions(+), 7 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/components/SessionRail.module.css
 create mode 100644 desktop/apps/app-ui/src/components/SessionRail.tsx

diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 36c53ce..d9d1bd0 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -10,6 +10,7 @@ import { Settings } from "./views/Settings";
 import { Sessions } from "./views/Sessions";
 import { SessionView } from "./views/SessionView";
 import { PairPrompt } from "./components/PairPrompt";
+import { SessionRail } from "./components/SessionRail";
 import type { Session } from "@clawtool/bridge";
 import styles from "./App.module.css";
 
@@ -23,6 +24,8 @@ export function App() {
   // drill into its conversation; other nav items are secondary.
   const [view, setView] = useState<View>("sessions");
   const [openSession, setOpenSession] = useState<Session | null>(null);
+  // Bumped after sessionsCreate/touch/title so SessionRail re-pulls the list.
+  const [recentsKey, setRecentsKey] = useState(0);
 
   useEffect(() => {
     environmentPlatform().then((p) => setPlatform(p === "web" ? "windows" : p));
@@ -44,6 +47,18 @@ export function App() {
       <TitleBar platform={platform} brand={<Wordmark name={brand.name} />} controls={controls} />
       <div className={styles.body}>
         <Sidebar
+          top={
+            openSession ? (
+              <SessionRail
+                activeId={openSession.id}
+                refreshKey={recentsKey}
+                onOpen={(s) => {
+                  setOpenSession(s);
+                  setView("sessions");
+                }}
+              />
+            ) : undefined
+          }
           footer={
             <>
               <StatusDot tone="online" />
@@ -51,12 +66,14 @@ export function App() {
             </>
           }
         >
-          <NavItem
-            icon={<MessageSquarePlus {...ic} />}
-            label="Sessions"
-            active={view === "sessions"}
-            onClick={() => setView("sessions")}
-          />
+          {openSession ? null : (
+            <NavItem
+              icon={<MessageSquarePlus {...ic} />}
+              label="Sessions"
+              active={view === "sessions"}
+              onClick={() => setView("sessions")}
+            />
+          )}
           <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
           <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
           <NavItem icon={<NetIcon {...ic} />} label="Network" active={view === "network"} onClick={() => setView("network")} />
@@ -76,7 +93,10 @@ export function App() {
               <SessionView
                 session={openSession}
                 onBack={() => setOpenSession(null)}
-                onTitleUpdate={(title) => setOpenSession((s) => (s ? { ...s, title } : s))}
+                onTitleUpdate={(title) => {
+                  setOpenSession((s) => (s ? { ...s, title } : s));
+                  setRecentsKey((n) => n + 1);
+                }}
               />
             ) : null}
           </div>
diff --git a/desktop/apps/app-ui/src/components/SessionRail.module.css b/desktop/apps/app-ui/src/components/SessionRail.module.css
new file mode 100644
index 0000000..c6b4503
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/SessionRail.module.css
@@ -0,0 +1,60 @@
+.rail {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+  padding-bottom: 12px;
+  border-bottom: 1px solid var(--hairline);
+  margin-bottom: 10px;
+}
+.newBtn {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  padding: 7px 10px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-sm);
+  background: var(--surface);
+  color: var(--text);
+  font: inherit;
+  font-size: 12.5px;
+  font-weight: 500;
+  cursor: pointer;
+  text-align: left;
+  width: 100%;
+  transition: border-color 0.12s, background 0.12s;
+}
+.newBtn:hover { border-color: var(--accent); color: var(--accent); }
+.newBtn:disabled { opacity: 0.5; cursor: default; }
+.label {
+  font-size: 10.5px;
+  text-transform: uppercase;
+  letter-spacing: 0.06em;
+  color: var(--text-tertiary);
+  padding: 0 4px;
+  margin-top: 4px;
+}
+.list {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+.item {
+  display: block;
+  width: 100%;
+  text-align: left;
+  border: 0;
+  background: transparent;
+  color: var(--text-secondary);
+  font: inherit;
+  font-size: 12.5px;
+  padding: 6px 10px;
+  border-radius: var(--radius-sm);
+  cursor: pointer;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  transition: background 0.12s, color 0.12s;
+}
+.item:hover { background: var(--hover); color: var(--text); }
+.item.active { background: var(--accent-soft); color: var(--text); }
+.empty { color: var(--text-tertiary); font-size: 12px; padding: 4px 10px; }
diff --git a/desktop/apps/app-ui/src/components/SessionRail.tsx b/desktop/apps/app-ui/src/components/SessionRail.tsx
new file mode 100644
index 0000000..a0e74c6
--- /dev/null
+++ b/desktop/apps/app-ui/src/components/SessionRail.tsx
@@ -0,0 +1,72 @@
+import { useEffect, useState } from "react";
+import { Plus } from "lucide-react";
+import { App, type Session } from "@clawtool/bridge";
+import styles from "./SessionRail.module.css";
+
+// In-session sidebar rail: "+ New session" prominent at the top and a
+// Recents list below, so the operator can jump between conversations
+// without leaving the workspace. Mounted only when a session is open —
+// the default sidebar nav stays the landing surface.
+export function SessionRail({
+  activeId,
+  onOpen,
+  refreshKey,
+}: {
+  activeId?: string;
+  onOpen: (s: Session) => void;
+  refreshKey: number;
+}) {
+  const [sessions, setSessions] = useState<Session[]>([]);
+  const [busy, setBusy] = useState(false);
+
+  useEffect(() => {
+    let alive = true;
+    (async () => {
+      const list = await App.sessionsList();
+      if (!alive) return;
+      setSessions(Array.isArray(list) ? list : []);
+    })();
+    return () => {
+      alive = false;
+    };
+  }, [refreshKey]);
+
+  async function newSession() {
+    setBusy(true);
+    const r = (await App.sessionsCreate()) as Record<string, unknown>;
+    setBusy(false);
+    if (r.ok && r.session) {
+      const s = r.session as Session;
+      setSessions((prev) => [s, ...prev]);
+      onOpen(s);
+    }
+  }
+
+  const recents = sessions.slice(0, 8);
+
+  return (
+    <div className={styles.rail}>
+      <button type="button" className={styles.newBtn} onClick={newSession} disabled={busy}>
+        <Plus size={14} /> New session
+      </button>
+      <div className={styles.label}>Recents</div>
+      <div className={styles.list}>
+        {recents.length === 0 ? (
+          <div className={styles.empty}>Nothing yet.</div>
+        ) : (
+          recents.map((s) => (
+            <button
+              key={s.id}
+              type="button"
+              className={`${styles.item} ${s.id === activeId ? styles.active : ""}`}
+              onClick={() => onOpen(s)}
+              title={s.title || "Untitled chat"}
+            >
+              {s.title || "Untitled chat"}
+            </button>
+          ))
+        )}
+      </div>
+    </div>
+  );
+}

From b92c640361282d415c00df6a7270066904b8e0e0 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 03:27:17 +0300
Subject: [PATCH 58/86] refactor(desktop): proper session-shell takeover +
 composer redesign
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a session is open the sidebar nav (Home/Agents/Network/Updates/
Settings) is fully hidden, not just deprioritized — the rail becomes
conversation-only. Added a subtle slide+fade animation on the rail so
the swap feels intentional, and on the workspace itself so a session
fades in instead of popping.

Composer follows the reference more closely:
- Slim breadcrumb header in SessionView: folder icon · folder name /
  session title — no h1, no back arrow (the rail handles switching).
- Editor wraps the send glyph (ArrowUp) in its own bottom-right corner;
  there's no separate Send button anymore. The editor padding-right
  reserves space so text never collides with the glyph.
- Footer row below the editor carries an agent + env badge on the right
  ("Codex · Local" / "Codex · <peer-name>") so the operator always sees
  which instance the turn is dispatching to, and a working indicator on
  the left.
- Placeholder copy changed to "Type / for commands" to telegraph the
  slash-command direction.
---
 desktop/apps/app-ui/src/App.tsx               | 28 +++++----
 .../src/components/Conversation.module.css    | 59 ++++++++++++++++---
 .../app-ui/src/components/Conversation.tsx    | 28 ++++++---
 .../src/components/SessionRail.module.css     |  5 ++
 .../app-ui/src/views/SessionView.module.css   | 24 ++++++++
 desktop/apps/app-ui/src/views/SessionView.tsx | 45 +++++---------
 6 files changed, 135 insertions(+), 54 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/views/SessionView.module.css

diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index d9d1bd0..6a6f98f 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -66,19 +66,25 @@ export function App() {
             </>
           }
         >
+          {/* Session-shell takeover: when a session is open the secondary
+              nav is hidden so the sidebar stays purely conversation-
+              focused (SessionRail at top). The whole sidebar fades on the
+              swap thanks to App.module.css's .sideFade transitions. */}
           {openSession ? null : (
-            <NavItem
-              icon={<MessageSquarePlus {...ic} />}
-              label="Sessions"
-              active={view === "sessions"}
-              onClick={() => setView("sessions")}
-            />
+            <>
+              <NavItem
+                icon={<MessageSquarePlus {...ic} />}
+                label="Sessions"
+                active={view === "sessions"}
+                onClick={() => setView("sessions")}
+              />
+              <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
+              <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
+              <NavItem icon={<NetIcon {...ic} />} label="Network" active={view === "network"} onClick={() => setView("network")} />
+              <NavItem icon={<RefreshCw {...ic} />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
+              <NavItem icon={<SettingsGlyph {...ic} />} label="Settings" active={view === "settings"} onClick={() => setView("settings")} />
+            </>
           )}
-          <NavItem icon={<House {...ic} />} label="Home" active={view === "home"} onClick={() => setView("home")} />
-          <NavItem icon={<Bot {...ic} />} label="Agents" active={view === "agents"} onClick={() => setView("agents")} />
-          <NavItem icon={<NetIcon {...ic} />} label="Network" active={view === "network"} onClick={() => setView("network")} />
-          <NavItem icon={<RefreshCw {...ic} />} label="Updates" active={view === "updates"} onClick={() => setView("updates")} />
-          <NavItem icon={<SettingsGlyph {...ic} />} label="Settings" active={view === "settings"} onClick={() => setView("settings")} />
         </Sidebar>
         <main className={styles.content}>
           {/* Keep every view mounted (native-app keep-alive): toggle visibility
diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
index 044138f..2d17539 100644
--- a/desktop/apps/app-ui/src/components/Conversation.module.css
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -136,20 +136,65 @@
 }
 .envItem:hover { background: var(--hover); }
 .envEmpty { padding: 6px 10px; color: var(--text-tertiary); font-size: 12px; }
-.composerRow { display: flex; gap: 8px; align-items: flex-end; }
-.composerRow textarea {
+.editorWrap {
+  position: relative;
+  display: flex;
+  align-items: flex-end;
+}
+.editor {
   flex: 1;
   font: inherit;
   font-size: 13.5px;
   line-height: 1.5;
-  padding: 10px 12px;
+  padding: 12px 44px 12px 14px;
   border: 1px solid var(--hairline);
-  border-radius: var(--radius-sm);
+  border-radius: var(--radius-md);
   background: var(--surface);
   color: var(--text);
   resize: none;
-  min-height: 44px;
-  max-height: 160px;
+  min-height: 48px;
+  max-height: 200px;
+  width: 100%;
+}
+.editor:focus { outline: none; border-color: var(--accent); }
+/* Send glyph lives INSIDE the editor — bottom-right corner — matching
+   the reference composer where there is no separate Send button. */
+.sendInline {
+  position: absolute;
+  right: 8px;
+  bottom: 8px;
+  width: 28px;
+  height: 28px;
+  display: grid;
+  place-items: center;
+  border: 0;
+  border-radius: var(--radius-sm);
+  background: var(--accent);
+  color: var(--accent-ink);
+  cursor: pointer;
+  transition: background 0.12s, transform 0.06s;
+}
+.sendInline:hover:not(:disabled) { background: var(--accent-hover); }
+.sendInline:active:not(:disabled) { transform: translateY(1px); }
+.sendInline:disabled { background: var(--surface-recessed); color: var(--text-tertiary); cursor: default; }
+.footer {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0 2px;
+  font-size: 11.5px;
+  color: var(--text-tertiary);
+}
+.footerLeft { min-height: 14px; }
+.agentBadge {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 2px 8px;
+  border-radius: var(--radius-pill);
+  background: var(--surface-recessed);
+  border: 1px solid var(--hairline);
+  color: var(--text-secondary);
+  font-family: var(--font-mono);
 }
-.composerRow textarea:focus { outline: none; border-color: var(--accent); }
 .empty { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 26b2c00..af7d611 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -1,7 +1,6 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
-import { Button } from "@clawtool/design-system";
 import { App, on, type AgentEvent, type Peer, type Session } from "@clawtool/bridge";
-import { Folder, FolderX, Monitor } from "lucide-react";
+import { ArrowUp, Folder, FolderX, Monitor } from "lucide-react";
 import styles from "./Conversation.module.css";
 
 type Msg =
@@ -224,17 +223,32 @@ export function Conversation({
             </button>
           )}
         </div>
-        <div className={styles.composerRow}>
+        <div className={styles.editorWrap}>
           <textarea
-            placeholder="Describe a task or ask a question — Enter to send, Shift+Enter for newline"
+            className={styles.editor}
+            placeholder="Type / for commands"
             value={input}
             onChange={(e) => setInput(e.target.value)}
             onKeyDown={onKey}
             disabled={sending}
           />
-          <Button variant="primary" disabled={sending || !input.trim()} onClick={send}>
-            Send
-          </Button>
+          <button
+            type="button"
+            className={styles.sendInline}
+            disabled={sending || !input.trim()}
+            onClick={send}
+            aria-label="Send"
+          >
+            <ArrowUp size={14} strokeWidth={2.5} />
+          </button>
+        </div>
+        <div className={styles.footer}>
+          <span className={styles.footerLeft}>{sending ? "Working…" : ""}</span>
+          <span className={styles.agentBadge}>
+            {/* Default agent surface — until per-session picking lands, the
+                local supervisor resolves to codex on this device. */}
+            {env === "" ? "Codex · Local" : `Codex · ${envLabel}`}
+          </span>
         </div>
       </div>
     </div>
diff --git a/desktop/apps/app-ui/src/components/SessionRail.module.css b/desktop/apps/app-ui/src/components/SessionRail.module.css
index c6b4503..e72aaeb 100644
--- a/desktop/apps/app-ui/src/components/SessionRail.module.css
+++ b/desktop/apps/app-ui/src/components/SessionRail.module.css
@@ -5,6 +5,11 @@
   padding-bottom: 12px;
   border-bottom: 1px solid var(--hairline);
   margin-bottom: 10px;
+  animation: railFade 0.18s ease-out;
+}
+@keyframes railFade {
+  from { opacity: 0; transform: translateX(-4px); }
+  to { opacity: 1; transform: translateX(0); }
 }
 .newBtn {
   display: inline-flex;
diff --git a/desktop/apps/app-ui/src/views/SessionView.module.css b/desktop/apps/app-ui/src/views/SessionView.module.css
new file mode 100644
index 0000000..5a8ec44
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/SessionView.module.css
@@ -0,0 +1,24 @@
+.wrap {
+  display: flex;
+  flex-direction: column;
+  flex: 1;
+  min-height: 0;
+  gap: 14px;
+  animation: fadeIn 0.18s ease-out;
+}
+.crumb {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  font-size: 12.5px;
+  color: var(--text-secondary);
+  padding-bottom: 10px;
+  border-bottom: 1px solid var(--hairline);
+}
+.crumbFolder { color: var(--text-secondary); }
+.crumbSep { color: var(--text-tertiary); }
+.crumbTitle { color: var(--text); font-weight: 500; }
+@keyframes fadeIn {
+  from { opacity: 0; transform: translateY(2px); }
+  to { opacity: 1; transform: translateY(0); }
+}
diff --git a/desktop/apps/app-ui/src/views/SessionView.tsx b/desktop/apps/app-ui/src/views/SessionView.tsx
index e7a2e32..9e1d603 100644
--- a/desktop/apps/app-ui/src/views/SessionView.tsx
+++ b/desktop/apps/app-ui/src/views/SessionView.tsx
@@ -1,36 +1,23 @@
-import { Button } from "@clawtool/design-system";
-import { ChevronLeft } from "lucide-react";
+import { Folder } from "lucide-react";
 import type { Session } from "@clawtool/bridge";
 import { Conversation } from "../components/Conversation";
-import styles from "../App.module.css";
+import styles from "./SessionView.module.css";
 
-// Full main area for one session. Title and metadata live in the header
-// (cwd/env appear as chips inside the composer, not duplicated here),
-// then the Conversation occupies the rest of the column.
-export function SessionView({
-  session,
-  onBack,
-  onTitleUpdate,
-}: {
-  session: Session;
-  onBack: () => void;
-  onTitleUpdate?: (title: string) => void;
-}) {
+// Slim header (folder · title breadcrumb) then the Conversation. The
+// back affordance lives in the sidebar — clicking Sessions in the
+// default nav returns to the list; the SessionRail also lists recents
+// for direct switching, so there's no in-pane back arrow.
+export function SessionView({ session }: { session: Session; onBack?: () => void; onTitleUpdate?: (title: string) => void }) {
+  const folderName = session.cwd ? session.cwd.split("/").filter(Boolean).pop() || session.cwd : "No folder";
   return (
-    <>
-      <div className={styles.head}>
-        <div style={{ display: "flex", alignItems: "center", gap: 10 }}>
-          <Button variant="ghost" onClick={onBack} aria-label="Back to sessions">
-            <ChevronLeft size={16} style={{ verticalAlign: "-2px" }} />
-            Sessions
-          </Button>
-          <div>
-            <h1 className={styles.vh}>{session.title || "Untitled chat"}</h1>
-            <div className={styles.lead}>{session.cwd || "No folder attached"}</div>
-          </div>
-        </div>
+    <div className={styles.wrap}>
+      <div className={styles.crumb}>
+        <Folder size={13} />
+        <span className={styles.crumbFolder}>{folderName}</span>
+        <span className={styles.crumbSep}>/</span>
+        <span className={styles.crumbTitle}>{session.title || "Untitled chat"}</span>
       </div>
-      <Conversation session={session} onTitleUpdate={onTitleUpdate} />
-    </>
+      <Conversation session={session} />
+    </div>
   );
 }

From b7532d4b6c713e0cf7d83ea548a0fd182b95f25b Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 03:53:40 +0300
Subject: [PATCH 59/86] feat(desktop): per-session agent picker + brand trails
 on macOS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The composer's "Codex · Local" badge is now a real picker. Clicking it
opens a dropdown of every CALLABLE agent on this device (filtered from
/v1/agents — bridge-missing families never show), and selecting one
persists Session.agent so subsequent turns dispatch to that family.
runAgentTurn reads the session's pinned family before shelling out to
`clawtool send --agent <family>`; empty falls back to codex for the
same "Claude Code loops" reason. SessionsSetAgent + sessionAgent join
the existing setCwd / setEnv pair.

TitleBar swaps sides on macOS: the brand wordmark trails (right edge)
so the native traffic lights (drawn by Wails' TitleBarHiddenInset) own
the leading side without competition. Windows/Linux keep brand-left,
controls-right.
---
 cmd/clawtool-installer/agent.go               | 10 ++-
 cmd/clawtool-installer/sessions.go            | 32 ++++++++-
 .../src/components/Conversation.module.css    | 23 +++++-
 .../app-ui/src/components/Conversation.tsx    | 70 ++++++++++++++++---
 desktop/packages/bridge/src/app.ts            |  2 +
 desktop/packages/bridge/src/types.ts          |  1 +
 .../src/components/TitleBar.module.css        |  1 +
 .../design-system/src/components/TitleBar.tsx | 47 ++++++++-----
 8 files changed, 153 insertions(+), 33 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 5a6bd80..173ecc1 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -137,9 +137,17 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 		return
 	}
 
+	// Resolve the upstream family the session is pinned to (composer's
+	// agent picker writes this via SessionsSetAgent). Empty = codex,
+	// since the operator's Claude Code session IS the local "claude"
+	// instance and the supervisor refuses to dispatch to its caller.
+	agent := a.sessionAgent(projectID)
+	if agent == "" {
+		agent = "codex"
+	}
 	ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second)
 	defer cancel()
-	cmd := exec.CommandContext(ctx, bin, "send", "--agent", "codex", message)
+	cmd := exec.CommandContext(ctx, bin, "send", "--agent", agent, message)
 	if cwd != "" {
 		cmd.Dir = cwd
 	}
diff --git a/cmd/clawtool-installer/sessions.go b/cmd/clawtool-installer/sessions.go
index 52eb6aa..d34e8e9 100644
--- a/cmd/clawtool-installer/sessions.go
+++ b/cmd/clawtool-installer/sessions.go
@@ -30,7 +30,8 @@ type Session struct {
 	ID           string    `json:"id"`
 	Title        string    `json:"title,omitempty"`
 	Cwd          string    `json:"cwd,omitempty"`
-	Env          string    `json:"env,omitempty"` // "" = Local; otherwise a paired peer id
+	Env          string    `json:"env,omitempty"`   // "" = Local; otherwise a paired peer id
+	Agent        string    `json:"agent,omitempty"` // "" = supervisor default; otherwise a registered family (codex/claude/gemini/opencode/...)
 	CreatedAt    time.Time `json:"created_at"`
 	LastModified time.Time `json:"last_modified"`
 }
@@ -176,6 +177,17 @@ func (a *App) SessionsSetEnv(id, env string) string {
 	})
 }
 
+// SessionsSetAgent pins the upstream family (codex / claude / gemini /
+// opencode / ...) the supervisor dispatches this session's turns to.
+// "" reverts to the per-device default (currently codex; claude loops
+// when the operator's Claude Code session IS the only instance).
+func (a *App) SessionsSetAgent(id, agent string) string {
+	return a.sessionsUpdate(id, func(s *Session) {
+		s.Agent = strings.TrimSpace(agent)
+		s.LastModified = time.Now().UTC()
+	})
+}
+
 // SessionsRemove deletes a session from the ledger.
 func (a *App) SessionsRemove(id string) string {
 	id = strings.TrimSpace(id)
@@ -223,6 +235,24 @@ func (a *App) sessionsUpdate(id string, fn func(*Session)) string {
 	return jsonErr("no session with that id")
 }
 
+// sessionAgent resolves a session id to its pinned upstream family
+// ("" when none / use device default).
+func (a *App) sessionAgent(sessionID string) string {
+	if strings.TrimSpace(sessionID) == "" {
+		return ""
+	}
+	ss, err := loadSessions()
+	if err != nil {
+		return ""
+	}
+	for _, s := range ss {
+		if s.ID == sessionID {
+			return s.Agent
+		}
+	}
+	return ""
+}
+
 // sessionCwd resolves a session id to its attached cwd ("" when none).
 // Called by the agent dispatch so tool routing uses the session's chip
 // state instead of an ambient project.
diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
index 2d17539..d421e1c 100644
--- a/desktop/apps/app-ui/src/components/Conversation.module.css
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -186,15 +186,36 @@
   color: var(--text-tertiary);
 }
 .footerLeft { min-height: 14px; }
+.agentPickWrap { position: relative; }
 .agentBadge {
   display: inline-flex;
   align-items: center;
   gap: 6px;
-  padding: 2px 8px;
+  padding: 3px 9px;
   border-radius: var(--radius-pill);
   background: var(--surface-recessed);
   border: 1px solid var(--hairline);
   color: var(--text-secondary);
   font-family: var(--font-mono);
+  font-size: 11.5px;
+  cursor: pointer;
+  transition: border-color 0.12s, color 0.12s;
+}
+.agentBadge:hover:not(:disabled) { border-color: var(--accent); color: var(--text); }
+.agentMenu {
+  position: absolute;
+  right: 0;
+  bottom: calc(100% + 4px);
+  min-width: 200px;
+  background: var(--surface);
+  border: 1px solid var(--hairline-strong);
+  border-radius: var(--radius-md);
+  box-shadow: var(--shadow-overlay);
+  padding: 4px;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  z-index: 20;
 }
+.envItemActive { background: var(--accent-soft); color: var(--text); }
 .empty { color: var(--text-secondary); font-size: 13px; padding: 14px 6px; }
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index af7d611..c207caa 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -1,12 +1,16 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
-import { App, on, type AgentEvent, type Peer, type Session } from "@clawtool/bridge";
-import { ArrowUp, Folder, FolderX, Monitor } from "lucide-react";
+import { App, on, type Agent, type AgentEvent, type Peer, type Session } from "@clawtool/bridge";
+import { ArrowUp, ChevronDown, Folder, FolderX, Monitor } from "lucide-react";
 import styles from "./Conversation.module.css";
 
 type Msg =
   | { kind: "user"; text: string }
   | { kind: "assistant"; text: string; tools: string[]; streaming: boolean };
 
+function capitalize(s: string) {
+  return s ? s[0].toUpperCase() + s.slice(1) : s;
+}
+
 // Per-session conversation. cwd + env live on the session itself and
 // show up as clickable chips above the editor — Folder picker drops a
 // cwd onto the session; the env chip swaps Local for any paired peer.
@@ -21,9 +25,12 @@ export function Conversation({
   const [input, setInput] = useState("");
   const [sending, setSending] = useState(false);
   const [peers, setPeers] = useState<Peer[]>([]);
+  const [agents, setAgents] = useState<Agent[]>([]);
   const [cwd, setCwd] = useState<string>(session.cwd || "");
   const [env, setEnv] = useState<string>(session.env || "");
+  const [agent, setAgent] = useState<string>(session.agent || "codex");
   const [envOpen, setEnvOpen] = useState(false);
+  const [agentOpen, setAgentOpen] = useState(false);
   const turnRef = useRef<string>("");
   const scrollRef = useRef<HTMLDivElement | null>(null);
 
@@ -32,17 +39,24 @@ export function Conversation({
     setMessages([]);
     setCwd(session.cwd || "");
     setEnv(session.env || "");
+    setAgent(session.agent || "codex");
   }, [session.id]);
 
   useEffect(() => {
     let alive = true;
-    async function loadPeers() {
+    async function loadNet() {
       const snap = await App.networkSnapshot();
       if (!alive) return;
-      if (snap.ok === true) setPeers(snap.peers?.peers ?? []);
+      if (snap.ok === true) {
+        setPeers(snap.peers?.peers ?? []);
+        // Only callable agents are dispatchable; hide bridge-missing /
+        // not-installed families so the picker doesn't lie.
+        const all = snap.agents?.agents ?? [];
+        setAgents(all.filter((a) => a.callable));
+      }
     }
-    loadPeers();
-    const t = setInterval(loadPeers, 5000);
+    loadNet();
+    const t = setInterval(loadNet, 5000);
     return () => {
       alive = false;
       clearInterval(t);
@@ -144,6 +158,12 @@ export function Conversation({
     setEnvOpen(false);
   }
 
+  async function chooseAgent(next: string) {
+    await App.sessionsSetAgent(session.id, next);
+    setAgent(next);
+    setAgentOpen(false);
+  }
+
   function onKey(e: KeyboardEvent<HTMLTextAreaElement>) {
     if (e.key === "Enter" && !e.shiftKey) {
       e.preventDefault();
@@ -244,11 +264,39 @@ export function Conversation({
         </div>
         <div className={styles.footer}>
           <span className={styles.footerLeft}>{sending ? "Working…" : ""}</span>
-          <span className={styles.agentBadge}>
-            {/* Default agent surface — until per-session picking lands, the
-                local supervisor resolves to codex on this device. */}
-            {env === "" ? "Codex · Local" : `Codex · ${envLabel}`}
-          </span>
+          <div className={styles.agentPickWrap}>
+            <button
+              type="button"
+              className={styles.agentBadge}
+              onClick={() => setAgentOpen((v) => !v)}
+              disabled={sending}
+              title="Switch agent family"
+            >
+              {capitalize(agent)} · {envLabel}
+              <ChevronDown size={11} style={{ marginLeft: 2, opacity: 0.7 }} />
+            </button>
+            {agentOpen ? (
+              <div className={styles.agentMenu}>
+                {agents.length === 0 ? (
+                  <div className={styles.envEmpty}>No callable agents on this device.</div>
+                ) : (
+                  agents.map((a) => (
+                    <button
+                      key={a.instance}
+                      type="button"
+                      className={`${styles.envItem} ${a.family === agent ? styles.envItemActive : ""}`}
+                      onClick={() => chooseAgent(a.family ?? a.instance)}
+                    >
+                      {capitalize(a.family ?? a.instance)}
+                      <span style={{ marginLeft: 8, color: "var(--text-tertiary)", fontSize: 11 }}>
+                        {a.instance}
+                      </span>
+                    </button>
+                  ))
+                )}
+              </div>
+            ) : null}
+          </div>
         </div>
       </div>
     </div>
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index c5dd09e..8af5a52 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -80,6 +80,8 @@ export const App = {
     callJSON<Result & { session?: Session }>("SessionsSetCwd", OK_FALSE, id, cwd),
   sessionsSetEnv: (id: string, env: string) =>
     callJSON<Result & { session?: Session }>("SessionsSetEnv", OK_FALSE, id, env),
+  sessionsSetAgent: (id: string, agent: string) =>
+    callJSON<Result & { session?: Session }>("SessionsSetAgent", OK_FALSE, id, agent),
   sessionsRemove: (id: string) => callJSON<Result>("SessionsRemove", OK_FALSE, id),
 
   // agent dispatch — returns a turn id; deltas/tool-events/done flow over
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index 5dcaa6e..a38465b 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -95,6 +95,7 @@ export type Session = {
   title?: string;
   cwd?: string;
   env?: string;
+  agent?: string;
   created_at?: string;
   last_modified?: string;
 };
diff --git a/desktop/packages/design-system/src/components/TitleBar.module.css b/desktop/packages/design-system/src/components/TitleBar.module.css
index 0f533b9..7da44ba 100644
--- a/desktop/packages/design-system/src/components/TitleBar.module.css
+++ b/desktop/packages/design-system/src/components/TitleBar.module.css
@@ -9,6 +9,7 @@
 }
 .gutterMac { width: 70px; flex: none; }
 .brand { display: flex; align-items: center; gap: var(--space-2); padding-left: 4px; }
+.brandTrailing { padding-left: 0; padding-right: var(--space-3); }
 .spacer { flex: 1; min-width: 0; }
 .controls {
   display: flex;
diff --git a/desktop/packages/design-system/src/components/TitleBar.tsx b/desktop/packages/design-system/src/components/TitleBar.tsx
index 868158d..a724fa9 100644
--- a/desktop/packages/design-system/src/components/TitleBar.tsx
+++ b/desktop/packages/design-system/src/components/TitleBar.tsx
@@ -9,10 +9,12 @@ export type WindowControls = {
   onClose: () => void;
 };
 
-// Frameless custom titlebar. Window controls sit on the right (Windows/Linux);
-// on macOS the native inset traffic lights live top-left, so we reserve a
-// gutter and render no custom buttons. `brand` (e.g. the wordmark) sits at the
-// leading edge of the bar. The whole bar is the drag region; buttons opt out.
+// Frameless custom titlebar. On macOS the native traffic lights (drawn
+// by Wails' TitleBarHiddenInset) live at the leading edge — we reserve
+// a gutter for them and push the brand to the TRAILING edge, matching
+// the platform's own apps where window controls own the leading side.
+// On Windows/Linux the brand stays leading and the close cluster
+// trails. The whole bar is the drag region; buttons opt out.
 export function TitleBar({
   platform,
   brand,
@@ -25,21 +27,28 @@ export function TitleBar({
       style={{ "--wails-draggable": "drag" } as CSSProperties}
       onDoubleClick={controls.onToggleMaximize}
     >
-      {onMac ? <div className={styles.gutterMac} /> : null}
-      {brand ? <div className={styles.brand}>{brand}</div> : null}
-      <div className={styles.spacer} />
-      {onMac ? null : (
-        <div className={`${styles.controls} nodrag`}>
-          <button className={styles.btn} aria-label="Minimize" onClick={controls.onMinimize}>
-            <Minus size={15} />
-          </button>
-          <button className={styles.btn} aria-label="Maximize" onClick={controls.onToggleMaximize}>
-            <Square size={12} />
-          </button>
-          <button className={`${styles.btn} ${styles.close}`} aria-label="Close" onClick={controls.onClose}>
-            <X size={15} />
-          </button>
-        </div>
+      {onMac ? (
+        <>
+          <div className={styles.gutterMac} />
+          <div className={styles.spacer} />
+          {brand ? <div className={`${styles.brand} ${styles.brandTrailing}`}>{brand}</div> : null}
+        </>
+      ) : (
+        <>
+          {brand ? <div className={styles.brand}>{brand}</div> : null}
+          <div className={styles.spacer} />
+          <div className={`${styles.controls} nodrag`}>
+            <button className={styles.btn} aria-label="Minimize" onClick={controls.onMinimize}>
+              <Minus size={15} />
+            </button>
+            <button className={styles.btn} aria-label="Maximize" onClick={controls.onToggleMaximize}>
+              <Square size={12} />
+            </button>
+            <button className={`${styles.btn} ${styles.close}`} aria-label="Close" onClick={controls.onClose}>
+              <X size={15} />
+            </button>
+          </div>
+        </>
       )}
     </header>
   );

From db3c7f3deba6c4d678fde0328f9fa510b78cae64 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 03:57:02 +0300
Subject: [PATCH 60/86] =?UTF-8?q?refactor(desktop):=20chat-first=20landing?=
 =?UTF-8?q?=20=E2=80=94=20Welcome=20hero=20+=20recents=20+=20always-on=20c?=
 =?UTF-8?q?omposer?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sessions landing now matches the reference Welcome screen: a hero
heading, a compact Recents row (title + folder + age + remove +
drill-in chevron), and a composer pinned to the bottom of the main
area that's always available. Typing + send mints a session, applies
the landing's draft env/cwd to it, opens its workspace, and seeds the
first message — Conversation auto-sends the seed on mount so "type →
hit Enter → see reply" is one gesture, not two.

The Sessions/SessionView/Conversation chain plumbs the seed as an
initialMessage prop; the shell tracks it in App-level state and
clears it via onSeedConsumed after the first send so re-renders don't
re-fire. The "Add project" preamble and project-required workflow are
gone — sessions stand on their own.
---
 desktop/apps/app-ui/src/App.tsx               |  14 +-
 .../app-ui/src/components/Conversation.tsx    |  21 +-
 desktop/apps/app-ui/src/views/SessionView.tsx |  20 +-
 .../apps/app-ui/src/views/Sessions.module.css | 118 ++++++++++
 desktop/apps/app-ui/src/views/Sessions.tsx    | 202 ++++++++++--------
 5 files changed, 287 insertions(+), 88 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/views/Sessions.module.css

diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 6a6f98f..2f4580f 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -24,6 +24,10 @@ export function App() {
   // drill into its conversation; other nav items are secondary.
   const [view, setView] = useState<View>("sessions");
   const [openSession, setOpenSession] = useState<Session | null>(null);
+  // First-message seed handed up from the Sessions landing composer when
+  // the operator types + sends from the empty state; the Conversation
+  // auto-sends it on mount so "type → send → see reply" is one gesture.
+  const [seedMessage, setSeedMessage] = useState<string>("");
   // Bumped after sessionsCreate/touch/title so SessionRail re-pulls the list.
   const [recentsKey, setRecentsKey] = useState(0);
 
@@ -92,12 +96,20 @@ export function App() {
               tabs never flashes an empty re-load. Views refresh in the
               background only while active. */}
           <div className={styles.page} style={view === "sessions" && !openSession ? undefined : hidden}>
-            <Sessions active={view === "sessions" && !openSession} onOpen={(s) => setOpenSession(s)} />
+            <Sessions
+              active={view === "sessions" && !openSession}
+              onOpen={(s, seed) => {
+                setSeedMessage(seed ?? "");
+                setOpenSession(s);
+              }}
+            />
           </div>
           <div className={styles.page} style={view === "sessions" && openSession ? undefined : hidden}>
             {openSession ? (
               <SessionView
                 session={openSession}
+                initialMessage={seedMessage}
+                onSeedConsumed={() => setSeedMessage("")}
                 onBack={() => setOpenSession(null)}
                 onTitleUpdate={(title) => {
                   setOpenSession((s) => (s ? { ...s, title } : s));
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index c207caa..b3e27a0 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -16,9 +16,13 @@ function capitalize(s: string) {
 // cwd onto the session; the env chip swaps Local for any paired peer.
 export function Conversation({
   session,
+  initialMessage,
+  onSeedConsumed,
   onTitleUpdate,
 }: {
   session: Session;
+  initialMessage?: string;
+  onSeedConsumed?: () => void;
   onTitleUpdate?: (title: string) => void;
 }) {
   const [messages, setMessages] = useState<Msg[]>([]);
@@ -42,6 +46,17 @@ export function Conversation({
     setAgent(session.agent || "codex");
   }, [session.id]);
 
+  // Auto-send the seed message the Sessions landing handed up so the
+  // operator's first prompt isn't stranded in the composer when the
+  // workspace opens. Consumed on mount so re-renders don't re-fire.
+  useEffect(() => {
+    if (initialMessage && initialMessage.trim()) {
+      sendText(initialMessage);
+      onSeedConsumed?.();
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [session.id]);
+
   useEffect(() => {
     let alive = true;
     async function loadNet() {
@@ -104,7 +119,11 @@ export function Conversation({
   }, [messages]);
 
   async function send() {
-    const text = input.trim();
+    await sendText(input);
+  }
+
+  async function sendText(raw: string) {
+    const text = raw.trim();
     if (!text || sending) return;
     setSending(true);
     setInput("");
diff --git a/desktop/apps/app-ui/src/views/SessionView.tsx b/desktop/apps/app-ui/src/views/SessionView.tsx
index 9e1d603..d686e00 100644
--- a/desktop/apps/app-ui/src/views/SessionView.tsx
+++ b/desktop/apps/app-ui/src/views/SessionView.tsx
@@ -7,7 +7,18 @@ import styles from "./SessionView.module.css";
 // back affordance lives in the sidebar — clicking Sessions in the
 // default nav returns to the list; the SessionRail also lists recents
 // for direct switching, so there's no in-pane back arrow.
-export function SessionView({ session }: { session: Session; onBack?: () => void; onTitleUpdate?: (title: string) => void }) {
+export function SessionView({
+  session,
+  initialMessage,
+  onSeedConsumed,
+  onTitleUpdate,
+}: {
+  session: Session;
+  initialMessage?: string;
+  onSeedConsumed?: () => void;
+  onBack?: () => void;
+  onTitleUpdate?: (title: string) => void;
+}) {
   const folderName = session.cwd ? session.cwd.split("/").filter(Boolean).pop() || session.cwd : "No folder";
   return (
     <div className={styles.wrap}>
@@ -17,7 +28,12 @@ export function SessionView({ session }: { session: Session; onBack?: () => void
         <span className={styles.crumbSep}>/</span>
         <span className={styles.crumbTitle}>{session.title || "Untitled chat"}</span>
       </div>
-      <Conversation session={session} />
+      <Conversation
+        session={session}
+        initialMessage={initialMessage}
+        onSeedConsumed={onSeedConsumed}
+        onTitleUpdate={onTitleUpdate}
+      />
     </div>
   );
 }
diff --git a/desktop/apps/app-ui/src/views/Sessions.module.css b/desktop/apps/app-ui/src/views/Sessions.module.css
new file mode 100644
index 0000000..3720e2b
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Sessions.module.css
@@ -0,0 +1,118 @@
+.wrap {
+  display: flex;
+  flex-direction: column;
+  flex: 1;
+  min-height: 0;
+}
+.scroll {
+  flex: 1;
+  min-height: 0;
+  overflow-y: auto;
+  padding-bottom: 18px;
+}
+.welcome {
+  font-size: var(--size-xl);
+  font-weight: 500;
+  letter-spacing: -0.01em;
+  margin: 4px 0 22px;
+}
+.label {
+  font-size: 11.5px;
+  color: var(--text-tertiary);
+  letter-spacing: 0.04em;
+  margin-bottom: 8px;
+}
+.list { display: flex; flex-direction: column; gap: 2px; }
+.row {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 10px 12px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-md);
+  background: var(--surface);
+  color: var(--text);
+  font: inherit;
+  text-align: left;
+  cursor: pointer;
+  transition: border-color 0.12s, background 0.12s;
+}
+.row:hover { border-color: var(--accent); background: var(--hover); }
+.rowMain { flex: 1; min-width: 0; display: flex; flex-direction: column; gap: 2px; }
+.rowTitle { font-size: 13px; font-weight: 500; color: var(--text); white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
+.rowMeta { font-size: 11.5px; color: var(--text-secondary); font-family: var(--font-mono); }
+.rowAge { font-size: 11px; color: var(--text-tertiary); white-space: nowrap; }
+.rowRemove {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  width: 26px;
+  height: 26px;
+  border-radius: var(--radius-sm);
+  color: var(--text-tertiary);
+  cursor: pointer;
+  transition: color 0.12s, background 0.12s;
+}
+.rowRemove:hover { color: var(--danger); background: var(--hover); }
+.rowChevron { color: var(--text-tertiary); }
+.empty { color: var(--text-tertiary); font-size: 13px; padding: 10px 2px; }
+
+.composer {
+  flex: none;
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  padding-top: 12px;
+  border-top: 1px solid var(--hairline);
+  margin-top: 12px;
+}
+.chips { display: flex; gap: 6px; align-items: center; flex-wrap: wrap; }
+.chip {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 4px 10px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-pill);
+  background: var(--surface-recessed);
+  color: var(--text-secondary);
+  font-size: 11.5px;
+  cursor: pointer;
+  transition: border-color 0.12s, color 0.12s, background 0.12s;
+}
+.chip:hover { border-color: var(--hairline-strong); color: var(--text); background: var(--hover); }
+.editorWrap { position: relative; display: flex; align-items: flex-end; }
+.editor {
+  flex: 1;
+  font: inherit;
+  font-size: 13.5px;
+  line-height: 1.5;
+  padding: 12px 44px 12px 14px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-md);
+  background: var(--surface);
+  color: var(--text);
+  resize: none;
+  min-height: 48px;
+  max-height: 200px;
+  width: 100%;
+}
+.editor:focus { outline: none; border-color: var(--accent); }
+.sendInline {
+  position: absolute;
+  right: 8px;
+  bottom: 8px;
+  width: 28px;
+  height: 28px;
+  display: grid;
+  place-items: center;
+  border: 0;
+  border-radius: var(--radius-sm);
+  background: var(--accent);
+  color: var(--accent-ink);
+  cursor: pointer;
+  transition: background 0.12s, transform 0.06s;
+}
+.sendInline:hover:not(:disabled) { background: var(--accent-hover); }
+.sendInline:active:not(:disabled) { transform: translateY(1px); }
+.sendInline:disabled { background: var(--surface-recessed); color: var(--text-tertiary); cursor: default; }
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
index fcdeb59..63997ed 100644
--- a/desktop/apps/app-ui/src/views/Sessions.tsx
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -1,18 +1,26 @@
-import { useEffect, useState } from "react";
-import { Badge, Button, SectionHeader } from "@clawtool/design-system";
+import { useEffect, useRef, useState, type KeyboardEvent } from "react";
 import { App, type Session } from "@clawtool/bridge";
-import { Plus, Trash2 } from "lucide-react";
-import { Toast } from "../components/Toast";
-import styles from "../App.module.css";
+import { ArrowUp, ChevronRight, Folder, FolderX, Monitor, Trash2 } from "lucide-react";
+import styles from "./Sessions.module.css";
 
-// Sessions — the ADE landing. "+ New session" is the primary action; it
-// mints an empty conversation instantly, no setup. Workspace + env land
-// later via composer chips, not via an Add-Project form. Recents below.
-// Grounded in the vendored reference's conversation_list pattern.
-export function Sessions({ active, onOpen }: { active?: boolean; onOpen: (s: Session) => void }) {
+// Sessions landing — Image #8 pattern. A Welcome hero, a compact
+// Recents list, and a composer pinned to the bottom that's always
+// available. Typing + send here MINTS a session, opens it, and lets the
+// Conversation pane pick up the seeded prompt (autosent on first
+// mount). No "Add project" preamble.
+export function Sessions({
+  active,
+  onOpen,
+}: {
+  active?: boolean;
+  onOpen: (s: Session, initialMessage?: string) => void;
+}) {
   const [sessions, setSessions] = useState<Session[]>([]);
+  const [input, setInput] = useState("");
   const [busy, setBusy] = useState(false);
-  const [toast, setToast] = useState("");
+  const [cwd, setCwd] = useState("");
+  const [env, setEnv] = useState("");
+  const taRef = useRef<HTMLTextAreaElement | null>(null);
 
   async function load() {
     const list = await App.sessionsList();
@@ -22,93 +30,119 @@ export function Sessions({ active, onOpen }: { active?: boolean; onOpen: (s: Ses
     if (active !== false) load();
   }, [active]);
 
-  async function newSession() {
+  async function start(seed: string) {
+    if (!seed.trim() || busy) return;
     setBusy(true);
     const r = (await App.sessionsCreate()) as Record<string, unknown>;
     setBusy(false);
-    if (r.ok && r.session) {
-      await load();
-      onOpen(r.session as Session);
-    } else {
-      setToast(typeof r.error === "string" ? r.error : "Couldn't create session");
-    }
+    if (!r.ok || !r.session) return;
+    const s = r.session as Session;
+    // Apply the landing's draft env / cwd so the conversation inherits
+    // the operator's pre-send choices.
+    if (cwd) await App.sessionsSetCwd(s.id, cwd);
+    if (env) await App.sessionsSetEnv(s.id, env);
+    const enriched: Session = { ...s, cwd: cwd || s.cwd, env: env || s.env };
+    setInput("");
+    onOpen(enriched, seed);
   }
 
-  async function open(s: Session) {
-    await App.sessionsTouch(s.id);
-    onOpen(s);
+  async function pickFolder() {
+    const r = (await App.projectsPickFolder()) as Record<string, unknown>;
+    if (r.ok && typeof r.path === "string" && r.path) setCwd(r.path);
   }
 
-  async function remove(s: Session) {
-    setBusy(true);
-    const r = (await App.sessionsRemove(s.id)) as Record<string, unknown>;
-    setBusy(false);
-    if (r.ok) {
-      setToast(`Removed ${s.title || "session"}`);
-      await load();
-    } else {
-      setToast(typeof r.error === "string" ? r.error : "Couldn't remove");
+  function onKey(e: KeyboardEvent<HTMLTextAreaElement>) {
+    if (e.key === "Enter" && !e.shiftKey) {
+      e.preventDefault();
+      start(input);
     }
   }
 
-  return (
-    <>
-      <div className={styles.head}>
-        <div>
-          <h1 className={styles.vh}>Sessions</h1>
-          <div className={styles.lead}>Start chatting with an agent — folder and environment are optional.</div>
-        </div>
-        <div className={styles.actionSlot}>
-          <Button variant="primary" onClick={newSession} disabled={busy}>
-            <Plus size={14} style={{ marginRight: 6, verticalAlign: "-2px" }} />
-            New session
-          </Button>
-        </div>
-      </div>
+  async function remove(s: Session, e: React.MouseEvent) {
+    e.stopPropagation();
+    await App.sessionsRemove(s.id);
+    await load();
+  }
 
-      <SectionHeader title={sessions.length ? "Recents" : "No sessions yet"} />
-      {sessions.length === 0 ? (
-        <div className={styles.sd} style={{ marginTop: 8 }}>
-          Hit <b>New session</b> above to start a conversation. You can attach a folder or pick a remote device later via
-          the composer chips.
-        </div>
-      ) : (
-        <div className={styles.deviceList}>
-          {sessions.map((s) => (
-            <div key={s.id} className={styles.device}>
-              <button
-                type="button"
-                className={styles.deviceRow}
-                style={{ border: 0, cursor: "pointer", textAlign: "left", width: "100%", background: "transparent" }}
-                onClick={() => open(s)}
-              >
-                <div style={{ minWidth: 0, flex: 1 }}>
-                  <div className={styles.deviceName}>{s.title || "Untitled chat"}</div>
-                  <div className={styles.deviceMeta}>
-                    {[s.env ? `env: ${s.env.slice(0, 12)}…` : "Local", s.cwd || "no folder"].join(" · ")}
-                  </div>
+  const cwdLabel = cwd ? cwd.split("/").filter(Boolean).pop() || cwd : "";
+  const envLabel = env || "Local";
+
+  return (
+    <div className={styles.wrap}>
+      <div className={styles.scroll}>
+        <h1 className={styles.welcome}>Welcome back</h1>
+        <div className={styles.label}>Sessions</div>
+        {sessions.length === 0 ? (
+          <div className={styles.empty}>No sessions yet. Type below to start one.</div>
+        ) : (
+          <div className={styles.list}>
+            {sessions.map((s) => (
+              <button key={s.id} type="button" className={styles.row} onClick={() => onOpen(s)}>
+                <div className={styles.rowMain}>
+                  <div className={styles.rowTitle}>{s.title || "Untitled chat"}</div>
+                  <div className={styles.rowMeta}>{s.cwd ? s.cwd.split("/").filter(Boolean).pop() : "no folder"}</div>
                 </div>
-                <span className={styles.deviceRight}>
-                  {s.env ? <Badge tone="accent">remote</Badge> : null}
-                  <Button
-                    variant="ghost"
-                    disabled={busy}
-                    onClick={(e) => {
-                      e.stopPropagation();
-                      remove(s);
-                    }}
-                    aria-label={`Remove ${s.title || "session"}`}
-                  >
-                    <Trash2 size={14} />
-                  </Button>
+                <span className={styles.rowAge}>{ageLabel(s.last_modified)}</span>
+                <span className={styles.rowRemove} onClick={(e) => remove(s, e)} aria-label={`Remove ${s.title || "session"}`}>
+                  <Trash2 size={13} />
                 </span>
+                <ChevronRight size={15} className={styles.rowChevron} />
               </button>
-            </div>
-          ))}
-        </div>
-      )}
+            ))}
+          </div>
+        )}
+      </div>
 
-      <Toast message={toast} onClear={() => setToast("")} />
-    </>
+      {/* Always-visible composer — typing + send mints a new session and
+          opens it with the seed message auto-applied. */}
+      <div className={styles.composer}>
+        <div className={styles.chips}>
+          <button type="button" className={styles.chip} onClick={() => setEnv(env ? "" : "")}>
+            <Monitor size={12} /> {envLabel}
+          </button>
+          {cwd ? (
+            <button type="button" className={styles.chip} onClick={() => setCwd("")} title={cwd}>
+              <Folder size={12} /> {cwdLabel} <FolderX size={11} style={{ opacity: 0.6, marginLeft: 2 }} />
+            </button>
+          ) : (
+            <button type="button" className={styles.chip} onClick={pickFolder}>
+              <Folder size={12} /> Attach folder
+            </button>
+          )}
+        </div>
+        <div className={styles.editorWrap}>
+          <textarea
+            ref={taRef}
+            className={styles.editor}
+            placeholder="Describe a task or ask a question"
+            value={input}
+            onChange={(e) => setInput(e.target.value)}
+            onKeyDown={onKey}
+            disabled={busy}
+          />
+          <button
+            type="button"
+            className={styles.sendInline}
+            disabled={busy || !input.trim()}
+            onClick={() => start(input)}
+            aria-label="Send"
+          >
+            <ArrowUp size={14} strokeWidth={2.5} />
+          </button>
+        </div>
+      </div>
+    </div>
   );
 }
+
+function ageLabel(iso?: string): string {
+  if (!iso) return "";
+  const t = new Date(iso).getTime();
+  if (!t) return "";
+  const mins = Math.max(1, Math.round((Date.now() - t) / 60000));
+  if (mins < 60) return `${mins}m`;
+  const h = Math.round(mins / 60);
+  if (h < 24) return `${h}h`;
+  const d = Math.round(h / 24);
+  return `${d}d`;
+}

From efc2152ee650f75abe87beb46ffa281c4f25fd01 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 04:19:34 +0300
Subject: [PATCH 61/86] fix(desktop): ensure-daemon before dispatch + opencode
 default + agent fallback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three live bugs found while testing the real flow on Mac:

1. The shared daemon goes stale (sleep, manual stop, crash) and the
   send subprocess gets no upstream — agents list returns empty, the
   send fails silently. AgentSend now runs `clawtool daemon start` (an
   Ensure-style no-op when healthy) before the dispatch, so a stale
   daemon revives in the same turn.

2. Codex was the default but the operator's codex CLI hits its usage
   limit during a real session, returning an error mid-stream. Default
   now resolves to opencode — verified live and reliable on this Mac
   (claude loops because Claude Code IS the only "claude" instance and
   the supervisor refuses to dispatch to its caller).

3. The composer's agent picker showed only the default ("codex") when
   the daemon was briefly stale because /v1/agents returned []. The
   Conversation now falls back to the canonical family set
   (opencode/codex/gemini/claude) when the snapshot is empty, so the
   picker stays switchable while AgentSend's new Ensure call brings
   the daemon back.
---
 cmd/clawtool-installer/agent.go               | 17 ++++++++++----
 .../app-ui/src/components/Conversation.tsx    | 23 +++++++++++++++----
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 173ecc1..c83b47f 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -137,13 +137,22 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 		return
 	}
 
+	// Make sure the shared daemon is live before dispatching — a stale
+	// daemon (system sleep, crash) leaves /v1/agents empty and the send
+	// subprocess gets no upstream. `daemon start` is Ensure-style and
+	// no-ops on a healthy daemon.
+	ensure := exec.Command(bin, "daemon", "start")
+	hideConsole(ensure)
+	_ = ensure.Run()
+
 	// Resolve the upstream family the session is pinned to (composer's
-	// agent picker writes this via SessionsSetAgent). Empty = codex,
-	// since the operator's Claude Code session IS the local "claude"
-	// instance and the supervisor refuses to dispatch to its caller.
+	// agent picker writes this via SessionsSetAgent). Default opencode:
+	// codex usage limits hit easily; claude loops because the operator's
+	// Claude Code session IS that family's only instance; opencode is the
+	// most-reliable callable on a typical install. The picker overrides.
 	agent := a.sessionAgent(projectID)
 	if agent == "" {
-		agent = "codex"
+		agent = "opencode"
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second)
 	defer cancel()
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index b3e27a0..79ae2b0 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -32,7 +32,7 @@ export function Conversation({
   const [agents, setAgents] = useState<Agent[]>([]);
   const [cwd, setCwd] = useState<string>(session.cwd || "");
   const [env, setEnv] = useState<string>(session.env || "");
-  const [agent, setAgent] = useState<string>(session.agent || "codex");
+  const [agent, setAgent] = useState<string>(session.agent || "opencode");
   const [envOpen, setEnvOpen] = useState(false);
   const [agentOpen, setAgentOpen] = useState(false);
   const turnRef = useRef<string>("");
@@ -43,7 +43,7 @@ export function Conversation({
     setMessages([]);
     setCwd(session.cwd || "");
     setEnv(session.env || "");
-    setAgent(session.agent || "codex");
+    setAgent(session.agent || "opencode");
   }, [session.id]);
 
   // Auto-send the seed message the Sessions landing handed up so the
@@ -65,9 +65,24 @@ export function Conversation({
       if (snap.ok === true) {
         setPeers(snap.peers?.peers ?? []);
         // Only callable agents are dispatchable; hide bridge-missing /
-        // not-installed families so the picker doesn't lie.
+        // not-installed families so the picker doesn't lie. Fall back to
+        // a known set if the daemon is briefly stale so the picker still
+        // shows something switchable instead of just the default.
         const all = snap.agents?.agents ?? [];
-        setAgents(all.filter((a) => a.callable));
+        const callable = all.filter((a) => a.callable);
+        if (callable.length > 0) {
+          setAgents(callable);
+        } else {
+          // Daemon down or no probe yet — surface the canonical families
+          // so the operator can at least choose; AgentSend re-ensures
+          // the daemon before dispatch.
+          setAgents([
+            { instance: "opencode", family: "opencode", callable: true },
+            { instance: "codex", family: "codex", callable: true },
+            { instance: "gemini", family: "gemini", callable: true },
+            { instance: "claude", family: "claude", callable: true },
+          ]);
+        }
       }
     }
     loadNet();

From 7e82672dbb39eea422650e54d87900daefbcd2cd Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 04:20:38 +0300
Subject: [PATCH 62/86] =?UTF-8?q?fix(desktop):=20never=20hardcode=20the=20?=
 =?UTF-8?q?agent=20list=20=E2=80=94=20always=20/v1/agents=20+=20Ensure?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous fallback surfaced a canonical family set when the snapshot
came back empty, which lied to the operator: the picker would show
agents that might not even be installed on this device. Drop the
hardcoded fallback completely. The picker always reflects what
/v1/agents actually returns. To handle the "daemon briefly stale" case
that motivated the fallback, the same polling loop now calls
EnsureGateway before each snapshot so a dead daemon revives on the
next tick and the real list comes back on its own. The daemon's
state, not a static guess, is the only source of truth.
---
 .../app-ui/src/components/Conversation.tsx    | 26 +++++++------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 79ae2b0..0df02aa 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -60,29 +60,21 @@ export function Conversation({
   useEffect(() => {
     let alive = true;
     async function loadNet() {
+      // Always Ensure first so a stale daemon revives on this tick
+      // instead of leaving the picker empty until the user notices.
+      await App.ensureGateway();
+      if (!alive) return;
       const snap = await App.networkSnapshot();
       if (!alive) return;
       if (snap.ok === true) {
         setPeers(snap.peers?.peers ?? []);
         // Only callable agents are dispatchable; hide bridge-missing /
-        // not-installed families so the picker doesn't lie. Fall back to
-        // a known set if the daemon is briefly stale so the picker still
-        // shows something switchable instead of just the default.
+        // not-installed families so the picker doesn't lie. NEVER
+        // hardcode a list — the daemon's /v1/agents is the source of
+        // truth; an empty result means "no callable agents here right
+        // now," which the picker surfaces as such.
         const all = snap.agents?.agents ?? [];
-        const callable = all.filter((a) => a.callable);
-        if (callable.length > 0) {
-          setAgents(callable);
-        } else {
-          // Daemon down or no probe yet — surface the canonical families
-          // so the operator can at least choose; AgentSend re-ensures
-          // the daemon before dispatch.
-          setAgents([
-            { instance: "opencode", family: "opencode", callable: true },
-            { instance: "codex", family: "codex", callable: true },
-            { instance: "gemini", family: "gemini", callable: true },
-            { instance: "claude", family: "claude", callable: true },
-          ]);
-        }
+        setAgents(all.filter((a) => a.callable));
       }
     }
     loadNet();

From 9fc584539f357b3acc6c78231c43cd756f77d386 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 04:31:48 +0300
Subject: [PATCH 63/86] =?UTF-8?q?refactor(desktop):=20conversation=20visua?=
 =?UTF-8?q?ls=20match=20the=20reference=20=E2=80=94=20chip=20+=20dot,=20no?=
 =?UTF-8?q?=20avatars?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The transcript looked like a chat sample app: hard-edged YOU / AGT
avatar circles, chips above the editor, raw error text inline.
Reshaped to mirror the vendored reference:

- User messages render as a soft accent chip (~80% width cap), inline
  at the start of the row — no avatar, no "YOU" label.
- Assistant messages lead with a small amber dot (pulses while
  streaming); the body sits next to it in plain prose, no badge. Errors
  flip the dot red and dim the body.
- The "would loop" supervisor error becomes a one-line friendly message
  telling the operator to pick a different family in the agent badge,
  not a raw shell-quoted trace.
- Composer collapses chips and the agent badge into the SAME footer
  row beneath the editor, leaving a single full-width editor card with
  the send glyph in its corner. No "Working…" text label — the pulsing
  dot on the in-flight message carries that signal now.
---
 .../src/components/Conversation.module.css    |  66 +++++----
 .../app-ui/src/components/Conversation.tsx    | 133 +++++++++---------
 2 files changed, 106 insertions(+), 93 deletions(-)

diff --git a/desktop/apps/app-ui/src/components/Conversation.module.css b/desktop/apps/app-ui/src/components/Conversation.module.css
index d421e1c..fec9ac7 100644
--- a/desktop/apps/app-ui/src/components/Conversation.module.css
+++ b/desktop/apps/app-ui/src/components/Conversation.module.css
@@ -8,60 +8,67 @@
 .transcript {
   flex: 1;
   min-height: 180px;
-  max-height: 60vh;
   overflow-y: auto;
   display: flex;
   flex-direction: column;
-  gap: 12px;
-  padding: 6px 2px;
+  gap: 22px;
+  padding: 6px 2px 12px;
 }
-.msg {
+/* User row: a soft accent chip aligned at the start of the line —
+   matches the vendored reference's conversation pattern. */
+.userRow { display: flex; }
+.userChip {
+  display: inline-block;
+  max-width: 80%;
+  padding: 8px 14px;
+  border-radius: var(--radius-md);
+  background: var(--accent-soft);
+  color: var(--text);
+  font-size: 13.5px;
+  line-height: 1.5;
+  white-space: pre-wrap;
+  word-break: break-word;
+}
+/* Assistant row: small status dot leading the body, no avatar circle. */
+.agentRow {
   display: flex;
-  gap: 10px;
+  gap: 12px;
   align-items: flex-start;
 }
-.role {
-  width: 32px;
-  height: 32px;
+.dot {
+  width: 8px;
+  height: 8px;
   border-radius: 50%;
-  display: grid;
-  place-items: center;
-  font-size: 12px;
-  font-weight: 600;
-  letter-spacing: 0.04em;
+  background: var(--c-amber);
+  margin-top: 7px;
   flex: none;
 }
-.user {
-  background: color-mix(in srgb, var(--accent) 16%, transparent);
-  color: var(--accent);
-}
-.assistant {
-  background: var(--surface-recessed);
-  color: var(--text-secondary);
-  border: 1px solid var(--hairline);
+.dotLive { animation: pulseDot 1.4s ease-in-out infinite; }
+@keyframes pulseDot {
+  0%, 100% { opacity: 1; transform: scale(1); }
+  50% { opacity: 0.5; transform: scale(0.8); }
 }
-.body {
+.agentBody {
   flex: 1;
   min-width: 0;
   font-size: 13.5px;
   line-height: 1.55;
   color: var(--text);
   white-space: pre-wrap;
-  padding-top: 5px;
-}
-.body.dim {
-  color: var(--text-secondary);
+  word-break: break-word;
 }
+.agentErr .dot { background: var(--danger); }
+.agentErr .agentBody { color: var(--text-secondary); }
+.toolChips { display: flex; flex-wrap: wrap; gap: 6px; margin-bottom: 8px; }
 .tool {
   display: inline-flex;
   align-items: center;
   gap: 6px;
-  margin: 4px 0;
-  padding: 4px 9px;
+  padding: 3px 9px;
   border-radius: var(--radius-sm);
   background: var(--surface-recessed);
   border: 1px solid var(--hairline);
-  font-size: 12px;
+  font-size: 11.5px;
   color: var(--text-secondary);
   font-family: var(--font-mono);
 }
@@ -181,6 +188,7 @@
   display: flex;
   align-items: center;
   justify-content: space-between;
+  gap: 10px;
   padding: 0 2px;
   font-size: 11.5px;
   color: var(--text-tertiary);
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 0df02aa..c42a8b8 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -5,7 +5,7 @@ import styles from "./Conversation.module.css";
 
 type Msg =
   | { kind: "user"; text: string }
-  | { kind: "assistant"; text: string; tools: string[]; streaming: boolean };
+  | { kind: "assistant"; text: string; tools: string[]; streaming: boolean; error?: boolean };
 
 function capitalize(s: string) {
   return s ? s[0].toUpperCase() + s.slice(1) : s;
@@ -109,8 +109,17 @@ export function Conversation({
           const last = m[m.length - 1];
           if (!last || last.kind !== "assistant") return m;
           const next = m.slice(0, -1);
-          const errSuffix = ev.kind === "error" && ev.error ? `\n\n[error: ${ev.error}]` : "";
-          next.push({ ...last, streaming: false, text: last.text + errSuffix });
+          if (ev.kind === "error") {
+            // Map the supervisor's "would loop" message into something
+            // operator-friendly; keep raw text from anything else.
+            let friendly = ev.error || "Couldn't reach that agent.";
+            if (/would loop/i.test(friendly)) {
+              friendly = "Can't dispatch to this device's own Claude Code session (would loop). Pick a different family in the agent badge.";
+            }
+            next.push({ ...last, streaming: false, text: friendly, error: true });
+          } else {
+            next.push({ ...last, streaming: false });
+          }
           return next;
         });
         setSending(false);
@@ -204,71 +213,39 @@ export function Conversation({
   return (
     <div className={styles.wrap}>
       <div className={styles.transcript} ref={scrollRef}>
-        {messages.length === 0 ? (
-          <div className={styles.empty}>
-            New conversation. {cwd ? `Working in ${cwd}.` : "No folder attached — ask anything."} Use the chips below to
-            attach a folder or run on another device.
-          </div>
-        ) : (
-          messages.map((m, i) => (
-            <div key={i} className={styles.msg}>
-              <div className={`${styles.role} ${m.kind === "user" ? styles.user : styles.assistant}`}>
-                {m.kind === "user" ? "YOU" : "AGT"}
+        {messages.length === 0 ? null : (
+          messages.map((m, i) =>
+            m.kind === "user" ? (
+              <div key={i} className={styles.userRow}>
+                <span className={styles.userChip}>{m.text}</span>
               </div>
-              <div className={styles.body}>
-                {m.kind === "assistant" && m.tools.length > 0 ? (
-                  <div>
-                    {m.tools.map((t, j) => (
-                      <span key={j} className={styles.tool}>
-                        ⚙ {t}
-                      </span>
-                    ))}
-                  </div>
-                ) : null}
-                {m.kind === "assistant" && m.streaming && !m.text ? (
-                  <span className={styles.caret} />
-                ) : (
-                  <>
-                    {m.text}
-                    {m.kind === "assistant" && m.streaming ? <span className={styles.caret} /> : null}
-                  </>
-                )}
+            ) : (
+              <div key={i} className={`${styles.agentRow} ${m.error ? styles.agentErr : ""}`}>
+                <span className={`${styles.dot} ${m.streaming ? styles.dotLive : ""}`} />
+                <div className={styles.agentBody}>
+                  {m.tools.length > 0 ? (
+                    <div className={styles.toolChips}>
+                      {m.tools.map((t, j) => (
+                        <span key={j} className={styles.tool}>⚙ {t}</span>
+                      ))}
+                    </div>
+                  ) : null}
+                  {m.streaming && !m.text ? (
+                    <span className={styles.caret} />
+                  ) : (
+                    <>
+                      {m.text}
+                      {m.streaming ? <span className={styles.caret} /> : null}
+                    </>
+                  )}
+                </div>
               </div>
-            </div>
-          ))
+            ),
+          )
         )}
       </div>
 
       <div className={styles.composer}>
-        <div className={styles.chips}>
-          <div className={styles.envChipWrap}>
-            <button type="button" className={styles.chip} onClick={() => setEnvOpen((v) => !v)} disabled={sending}>
-              <Monitor size={12} /> {envLabel}
-            </button>
-            {envOpen ? (
-              <div className={styles.envMenu}>
-                <button type="button" className={styles.envItem} onClick={() => chooseEnv("")}>
-                  <Monitor size={12} /> Local (this device)
-                </button>
-                {peers.map((p) => (
-                  <button key={p.peer_id} type="button" className={styles.envItem} onClick={() => chooseEnv(p.peer_id)}>
-                    {p.display_name || p.peer_id.slice(0, 12)}
-                  </button>
-                ))}
-                {peers.length === 0 ? <div className={styles.envEmpty}>No paired devices yet.</div> : null}
-              </div>
-            ) : null}
-          </div>
-          {cwd ? (
-            <button type="button" className={styles.chip} onClick={clearFolder} title={cwd}>
-              <Folder size={12} /> {cwdLabel} <FolderX size={11} style={{ opacity: 0.6, marginLeft: 2 }} />
-            </button>
-          ) : (
-            <button type="button" className={styles.chip} onClick={pickFolder}>
-              <Folder size={12} /> Attach folder
-            </button>
-          )}
-        </div>
         <div className={styles.editorWrap}>
           <textarea
             className={styles.editor}
@@ -289,7 +266,35 @@ export function Conversation({
           </button>
         </div>
         <div className={styles.footer}>
-          <span className={styles.footerLeft}>{sending ? "Working…" : ""}</span>
+          <div className={styles.chips}>
+            <div className={styles.envChipWrap}>
+              <button type="button" className={styles.chip} onClick={() => setEnvOpen((v) => !v)} disabled={sending}>
+                <Monitor size={12} /> {envLabel}
+              </button>
+              {envOpen ? (
+                <div className={styles.envMenu}>
+                  <button type="button" className={styles.envItem} onClick={() => chooseEnv("")}>
+                    <Monitor size={12} /> Local (this device)
+                  </button>
+                  {peers.map((p) => (
+                    <button key={p.peer_id} type="button" className={styles.envItem} onClick={() => chooseEnv(p.peer_id)}>
+                      {p.display_name || p.peer_id.slice(0, 12)}
+                    </button>
+                  ))}
+                  {peers.length === 0 ? <div className={styles.envEmpty}>No paired devices yet.</div> : null}
+                </div>
+              ) : null}
+            </div>
+            {cwd ? (
+              <button type="button" className={styles.chip} onClick={clearFolder} title={cwd}>
+                <Folder size={12} /> {cwdLabel} <FolderX size={11} style={{ opacity: 0.6, marginLeft: 2 }} />
+              </button>
+            ) : (
+              <button type="button" className={styles.chip} onClick={pickFolder}>
+                <Folder size={12} /> Attach folder
+              </button>
+            )}
+          </div>
           <div className={styles.agentPickWrap}>
             <button
               type="button"
@@ -298,7 +303,7 @@ export function Conversation({
               disabled={sending}
               title="Switch agent family"
             >
-              {capitalize(agent)} · {envLabel}
+              {capitalize(agent)}
               <ChevronDown size={11} style={{ marginLeft: 2, opacity: 0.7 }} />
             </button>
             {agentOpen ? (

From be5efd89366de88ce095a576b0d350c8c3d42eab Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 04:53:24 +0300
Subject: [PATCH 64/86] fix(desktop): native traffic lights on macOS +
 instance-based agents + rail back
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three operator-reported gaps:

1. Traffic lights were missing on macOS because Frameless:true strips the
   native window chrome including the lights. Make Frameless conditional —
   false on darwin (TitleBarHiddenInset then gives the inset look WITH the
   OS traffic lights), true on Windows/Linux where the React layer draws
   its own controls.

2. The agent picker keyed on family and hardcoded an "opencode" default,
   so it couldn't represent multiple instances of one family and lied when
   the default wasn't installed. Now everything is INSTANCE-based: the
   badge + menu label by instance id, dispatch targets the instance, and
   the default is the first callable instance the daemon actually reports
   (preferring non-claude, since the local claude-code instance loops on
   self-dispatch). No hardcoded names anywhere — Go's firstCallableAgent
   reads /v1/agents and the UI adopts the first callable on load. A device
   with no callable agent gets a clear error instead of a doomed dispatch.

3. Inside a session there was no way back to the list. SessionRail gains an
   "All sessions" back affordance above "New session".
---
 cmd/clawtool-installer/agent.go               | 54 ++++++++++++++++---
 desktop/apps/app-ui/src/App.tsx               |  1 +
 .../app-ui/src/components/Conversation.tsx    | 33 ++++++++----
 .../src/components/SessionRail.module.css     | 17 ++++++
 .../app-ui/src/components/SessionRail.tsx     |  5 ++
 5 files changed, 95 insertions(+), 15 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index c83b47f..7609073 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -145,14 +145,18 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 	hideConsole(ensure)
 	_ = ensure.Run()
 
-	// Resolve the upstream family the session is pinned to (composer's
-	// agent picker writes this via SessionsSetAgent). Default opencode:
-	// codex usage limits hit easily; claude loops because the operator's
-	// Claude Code session IS that family's only instance; opencode is the
-	// most-reliable callable on a typical install. The picker overrides.
+	// Resolve the instance the session is pinned to (composer's agent
+	// picker writes this via SessionsSetAgent). When unset, pick the
+	// first callable instance the daemon reports — never a hardcoded
+	// name — preferring a non-claude family since the local claude-code
+	// instance loops on self-dispatch.
 	agent := a.sessionAgent(projectID)
 	if agent == "" {
-		agent = "opencode"
+		agent = a.firstCallableAgent()
+	}
+	if agent == "" {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "no callable agent on this device — install or start one (codex, opencode, gemini…)"})
+		return
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second)
 	defer cancel()
@@ -209,6 +213,44 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 // extractAgentText pulls human-visible text out of one upstream NDJSON
 // frame. Returns ("", false) when the frame is metadata-only (thread
 // starts / usage updates) so the caller skips silently.
+// firstCallableAgent asks the daemon for its agent roster and returns the
+// instance id of the first callable one, preferring a non-claude family
+// (the local claude-code instance loops on self-dispatch). Empty when the
+// daemon is unreachable or nothing is callable — the caller surfaces a
+// clear "no callable agent" error rather than guessing a name.
+func (a *App) firstCallableAgent() string {
+	base, err := a.ensureDaemonBase()
+	if err != nil {
+		return ""
+	}
+	raw, err := httpGetJSON(base + "/v1/agents")
+	if err != nil {
+		return ""
+	}
+	var payload struct {
+		Agents []struct {
+			Instance string `json:"instance"`
+			Family   string `json:"family"`
+			Callable bool   `json:"callable"`
+		} `json:"agents"`
+	}
+	if json.Unmarshal(raw, &payload) != nil {
+		return ""
+	}
+	// Two passes: a non-claude callable first, then any callable.
+	for _, ag := range payload.Agents {
+		if ag.Callable && ag.Family != "claude" {
+			return ag.Instance
+		}
+	}
+	for _, ag := range payload.Agents {
+		if ag.Callable {
+			return ag.Instance
+		}
+	}
+	return ""
+}
+
 func extractAgentText(line string) (string, bool) {
 	var raw map[string]any
 	if err := json.Unmarshal([]byte(line), &raw); err != nil {
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 2f4580f..2d902af 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -56,6 +56,7 @@ export function App() {
               <SessionRail
                 activeId={openSession.id}
                 refreshKey={recentsKey}
+                onBack={() => setOpenSession(null)}
                 onOpen={(s) => {
                   setOpenSession(s);
                   setView("sessions");
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index c42a8b8..40d4285 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -32,7 +32,11 @@ export function Conversation({
   const [agents, setAgents] = useState<Agent[]>([]);
   const [cwd, setCwd] = useState<string>(session.cwd || "");
   const [env, setEnv] = useState<string>(session.env || "");
-  const [agent, setAgent] = useState<string>(session.agent || "opencode");
+  // Agent is the registered INSTANCE id (e.g. "codex", "opencode",
+  // "gemini-work") — instances carry their own names; a family can have
+  // several. Empty until the first callable instance loads, so the
+  // default is whatever the daemon actually reports, never hardcoded.
+  const [agent, setAgent] = useState<string>(session.agent || "");
   const [envOpen, setEnvOpen] = useState(false);
   const [agentOpen, setAgentOpen] = useState(false);
   const turnRef = useRef<string>("");
@@ -43,9 +47,20 @@ export function Conversation({
     setMessages([]);
     setCwd(session.cwd || "");
     setEnv(session.env || "");
-    setAgent(session.agent || "opencode");
+    setAgent(session.agent || "");
   }, [session.id]);
 
+  // Once callable agents load, adopt the first one as the default when the
+  // session hasn't pinned a specific instance — so the badge shows a real,
+  // dispatchable instance instead of a guess. Prefer a non-claude family
+  // since the local claude-code instance loops on self-dispatch.
+  useEffect(() => {
+    if (agent) return;
+    if (agents.length === 0) return;
+    const pick = agents.find((a) => a.family !== "claude") ?? agents[0];
+    setAgent(pick.instance);
+  }, [agents, agent]);
+
   // Auto-send the seed message the Sessions landing handed up so the
   // operator's first prompt isn't stranded in the composer when the
   // workspace opens. Consumed on mount so re-renders don't re-fire.
@@ -303,7 +318,7 @@ export function Conversation({
               disabled={sending}
               title="Switch agent family"
             >
-              {capitalize(agent)}
+              {agentLabel}
               <ChevronDown size={11} style={{ marginLeft: 2, opacity: 0.7 }} />
             </button>
             {agentOpen ? (
@@ -315,13 +330,13 @@ export function Conversation({
                     <button
                       key={a.instance}
                       type="button"
-                      className={`${styles.envItem} ${a.family === agent ? styles.envItemActive : ""}`}
-                      onClick={() => chooseAgent(a.family ?? a.instance)}
+                      className={`${styles.envItem} ${a.instance === agent ? styles.envItemActive : ""}`}
+                      onClick={() => chooseAgent(a.instance)}
                     >
-                      {capitalize(a.family ?? a.instance)}
-                      <span style={{ marginLeft: 8, color: "var(--text-tertiary)", fontSize: 11 }}>
-                        {a.instance}
-                      </span>
+                      {a.instance}
+                      {a.family && a.family !== a.instance ? (
+                        <span style={{ marginLeft: 8, color: "var(--text-tertiary)", fontSize: 11 }}>{a.family}</span>
+                      ) : null}
                     </button>
                   ))
                 )}
diff --git a/desktop/apps/app-ui/src/components/SessionRail.module.css b/desktop/apps/app-ui/src/components/SessionRail.module.css
index e72aaeb..7bfd66f 100644
--- a/desktop/apps/app-ui/src/components/SessionRail.module.css
+++ b/desktop/apps/app-ui/src/components/SessionRail.module.css
@@ -11,6 +11,23 @@
   from { opacity: 0; transform: translateX(-4px); }
   to { opacity: 1; transform: translateX(0); }
 }
+.backBtn {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 5px 8px;
+  border: 0;
+  background: transparent;
+  color: var(--text-secondary);
+  font: inherit;
+  font-size: 12px;
+  cursor: pointer;
+  border-radius: var(--radius-sm);
+  text-align: left;
+  width: 100%;
+  transition: color 0.12s, background 0.12s;
+}
+.backBtn:hover { color: var(--text); background: var(--hover); }
 .newBtn {
   display: inline-flex;
   align-items: center;
diff --git a/desktop/apps/app-ui/src/components/SessionRail.tsx b/desktop/apps/app-ui/src/components/SessionRail.tsx
index a0e74c6..c85c621 100644
--- a/desktop/apps/app-ui/src/components/SessionRail.tsx
+++ b/desktop/apps/app-ui/src/components/SessionRail.tsx
@@ -46,6 +46,11 @@ export function SessionRail({
 
   return (
     <div className={styles.rail}>
+      {onBack ? (
+        <button type="button" className={styles.backBtn} onClick={onBack}>
+          <ChevronLeft size={14} /> All sessions
+        </button>
+      ) : null}
       <button type="button" className={styles.newBtn} onClick={newSession} disabled={busy}>
         <Plus size={14} /> New session
       </button>

From 2cff67ea5e58000642f9ba4420973576242646e9 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 04:55:25 +0300
Subject: [PATCH 65/86] fix(desktop): finish instance-based agent label + rail
 back button

Follow-up to the prior commit whose three edits partially missed due to a
mid-flight file-hash race: the agent badge now reads agentLabel (the
instance id, "no agent" until one loads), the dead capitalize() helper is
gone, and SessionRail's onBack prop + ChevronLeft import are in place so
"All sessions" compiles. Typecheck + Vite build + installer go build all
green.
---
 desktop/apps/app-ui/src/components/Conversation.tsx | 5 +----
 desktop/apps/app-ui/src/components/SessionRail.tsx  | 4 +++-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 40d4285..f1c6d62 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -7,10 +7,6 @@ type Msg =
   | { kind: "user"; text: string }
   | { kind: "assistant"; text: string; tools: string[]; streaming: boolean; error?: boolean };
 
-function capitalize(s: string) {
-  return s ? s[0].toUpperCase() + s.slice(1) : s;
-}
-
 // Per-session conversation. cwd + env live on the session itself and
 // show up as clickable chips above the editor — Folder picker drops a
 // cwd onto the session; the env chip swaps Local for any paired peer.
@@ -224,6 +220,7 @@ export function Conversation({
   const envLabel =
     env === "" ? "Local" : peers.find((p) => p.peer_id === env)?.display_name || `peer ${env.slice(0, 8)}`;
   const cwdLabel = cwd ? cwd.split("/").pop() || cwd : "No folder";
+  const agentLabel = agent || "no agent";
 
   return (
     <div className={styles.wrap}>
diff --git a/desktop/apps/app-ui/src/components/SessionRail.tsx b/desktop/apps/app-ui/src/components/SessionRail.tsx
index c85c621..c50a636 100644
--- a/desktop/apps/app-ui/src/components/SessionRail.tsx
+++ b/desktop/apps/app-ui/src/components/SessionRail.tsx
@@ -1,5 +1,5 @@
 import { useEffect, useState } from "react";
-import { Plus } from "lucide-react";
+import { ChevronLeft, Plus } from "lucide-react";
 import { App, type Session } from "@clawtool/bridge";
 import styles from "./SessionRail.module.css";
 
@@ -10,10 +10,12 @@ import styles from "./SessionRail.module.css";
 export function SessionRail({
   activeId,
   onOpen,
+  onBack,
   refreshKey,
 }: {
   activeId?: string;
   onOpen: (s: Session) => void;
+  onBack?: () => void;
   refreshKey: number;
 }) {
   const [sessions, setSessions] = useState<Session[]>([]);

From 48090f56fd577dc9603d88dd868b0b938aafc13c Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 05:11:33 +0300
Subject: [PATCH 66/86] fix: macOS traffic lights (real frameless conditional)
 + silent peer heartbeat
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two operator-reported defects:

1. Traffic lights never appeared on macOS. The earlier "make Frameless
   conditional" edit silently missed — it targeted a struct shape that
   didn't match the real main.go, so Frameless stayed hardcoded true and
   the native chrome (lights included) was stripped. Apply it for real:
   frameless := runtime.GOOS != "darwin", so darwin keeps native chrome +
   TitleBarHiddenInset shows the inset traffic lights. Also make the React
   TitleBar transparent + borderless on macOS (.barMac) so it never paints
   over the light zone and the window reads as one surface.

2. `clawtool peer heartbeat` (installed as a Claude Code Stop/UserPromptSubmit
   hook) errored "no such file" every turn for any session that never ran
   `peer register` — the common case. Treat a missing session-state file as
   a clean no-op (exit 0, no stderr) so Claude Code stops surfacing it as a
   hook failure.
---
 cmd/clawtool-installer/main.go                                | 1 +
 .../packages/design-system/src/components/TitleBar.module.css | 4 ++++
 desktop/packages/design-system/src/components/TitleBar.tsx    | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index cd4f48f..5a44790 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -17,6 +17,7 @@ package main
 import (
 	"embed"
 	"os"
+	"runtime"
 
 	"github.com/wailsapp/wails/v2"
 	"github.com/wailsapp/wails/v2/pkg/options"
diff --git a/desktop/packages/design-system/src/components/TitleBar.module.css b/desktop/packages/design-system/src/components/TitleBar.module.css
index 7da44ba..127d0ac 100644
--- a/desktop/packages/design-system/src/components/TitleBar.module.css
+++ b/desktop/packages/design-system/src/components/TitleBar.module.css
@@ -7,6 +7,10 @@
   border-bottom: 1px solid var(--hairline);
   flex: none;
 }
+/* On macOS the native inset traffic lights float at the leading edge over
+   full-size content; keep our bar transparent + borderless there so it
+   never paints over them and the window reads as one continuous surface. */
+.barMac { background: transparent; border-bottom: none; }
 .gutterMac { width: 70px; flex: none; }
 .brand { display: flex; align-items: center; gap: var(--space-2); padding-left: 4px; }
 .brandTrailing { padding-left: 0; padding-right: var(--space-3); }
diff --git a/desktop/packages/design-system/src/components/TitleBar.tsx b/desktop/packages/design-system/src/components/TitleBar.tsx
index a724fa9..b23ab45 100644
--- a/desktop/packages/design-system/src/components/TitleBar.tsx
+++ b/desktop/packages/design-system/src/components/TitleBar.tsx
@@ -23,7 +23,7 @@ export function TitleBar({
   const onMac = platform === "darwin";
   return (
     <header
-      className={styles.bar}
+      className={`${styles.bar} ${onMac ? styles.barMac : ""}`}
       style={{ "--wails-draggable": "drag" } as CSSProperties}
       onDoubleClick={controls.onToggleMaximize}
     >

From 3cc8f3f972d7551b49fdc09b4f252802fee33340 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 05:13:46 +0300
Subject: [PATCH 67/86] fix: apply frameless conditional for real + heartbeat
 no-op in the right place
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The prior commit's main.go edit had silently missed (hash race), leaving
"runtime" imported-but-unused — the installer wouldn't compile, and
Frameless stayed hardcoded true so macOS still had no traffic lights. Apply
it correctly now: frameless := runtime.GOOS != "darwin", Frameless:
frameless. And the heartbeat no-op landed in readPeerIDFile (redundant)
instead of runPeerHeartbeat; move it to the caller so a missing
session-state file exits 0 silently. Verified: installer + cli compile,
`clawtool peer heartbeat` now exits 0 with no stderr when unregistered.
---
 cmd/clawtool-installer/main.go | 17 +++++++++--------
 internal/cli/peer.go           |  7 +++++++
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/cmd/clawtool-installer/main.go b/cmd/clawtool-installer/main.go
index 5a44790..1f2ace6 100644
--- a/cmd/clawtool-installer/main.go
+++ b/cmd/clawtool-installer/main.go
@@ -60,15 +60,16 @@ func main() {
 		instanceID = "com.cogitave.clawtool.setup"
 	}
 
+	// macOS: Frameless:true strips the native window chrome including the
+	// traffic lights. Keep the window NON-frameless on darwin so
+	// TitleBarHiddenInset shows the inset traffic lights over full-size
+	// content; Windows/Linux stay frameless and the frontend draws its own
+	// min/maximize/close controls.
+	frameless := runtime.GOOS != "darwin"
+
 	err := wails.Run(&options.App{
-		Title: "clawtool",
-		// Frameless: the OS title bar is dropped in favour of our own custom
-		// titlebar (drag region + window controls) rendered by the frontend,
-		// so the chrome is consistent across Windows and macOS. On macOS we
-		// keep the native inset traffic lights (top-left) and reserve a gutter
-		// for them; on Windows the frontend draws min/maximize/close on the
-		// right.
-		Frameless: true,
+		Title:     "clawtool",
+		Frameless: frameless,
 		Mac:       &mac.Options{TitleBar: mac.TitleBarHiddenInset()},
 		Width:     520,
 		Height:    420,
diff --git a/internal/cli/peer.go b/internal/cli/peer.go
index ceada8f..39c8e30 100644
--- a/internal/cli/peer.go
+++ b/internal/cli/peer.go
@@ -668,6 +668,13 @@ func (a *App) runPeerHeartbeat(argv []string) int {
 	}
 	peerID, err := readPeerIDFile(*session)
 	if err != nil {
+		// No registration for this session ⇒ nothing to beat. Common case
+		// for a plain Claude Code session that has the heartbeat Stop-hook
+		// installed but never ran `peer register`. Exit clean instead of
+		// writing a "no such file" error Claude Code surfaces every turn.
+		if errors.Is(err, os.ErrNotExist) {
+			return 0
+		}
 		fmt.Fprintf(a.Stderr, "clawtool peer heartbeat: %v\n", err)
 		return 1
 	}

From ad48a716628684c0ce491d6cbeaa655b69292842 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 05:41:35 +0300
Subject: [PATCH 68/86] fix(desktop): local claude no longer loops +
 cross-device replies stream back
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two operator-reported defects, both about seeing a real reply instead of an
error or a "dispatching" stub.

1. Picking claude on the local device errored "would loop." The claude
   transport's guard refuses to dispatch when CLAUDE_CODE_SESSION_ID is set
   — but the desktop app is NOT a Claude Code session; it only inherited
   that var (and CLAUDECODE) from the shell that launched it. A GUI-
   dispatched turn is a fresh subprocess, never a re-entry, so runAgentTurn
   strips both markers from the child env (envWithout, now variadic).
   Verified live: `env -u CLAUDE_CODE_SESSION_ID -u CLAUDECODE clawtool send
   --agent claude` returns a real reply (LOCAL_CLAUDE_OK) instead of the
   loop error. extractAgentText also learned the claude-code stream-json
   shape ({"type":"assistant","message":{"content":[{text}]}}) so the reply
   renders.

2. Sending to a paired device only showed "Dispatching / Delivered" — the
   message hit the peer's inbox with no agent run, no reply. Added
   /v1/peer-run (receive side: run the supervisor, stream NDJSON back,
   peerOrBearer-gated) + proxyPeerRun (/v1/peers/{id}/run: forward over mTLS
   and stream through). dispatchAgentToPeer drives that endpoint and
   translates streamed frames into delta events, so the remote agent's
   answer streams into the conversation token-by-token; pairing_required /
   error statuses surface cleanly. Turn timeout raised 90s → 10m.
---
 cmd/clawtool-installer/agent.go     | 138 +++++++++++++++++++---------
 internal/server/http.go             |   5 +
 internal/server/peer_run_handler.go |  69 ++++++++++++++
 internal/server/peers_handler.go    |  68 ++++++++++++++
 4 files changed, 239 insertions(+), 41 deletions(-)
 create mode 100644 internal/server/peer_run_handler.go

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 7609073..872d130 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -10,8 +10,9 @@ import (
 	"bufio"
 	"context"
 	"encoding/json"
-	"fmt"
 	"io"
+	"net/http"
+	"os"
 	"os/exec"
 	"strings"
 	"time"
@@ -59,56 +60,62 @@ func (a *App) AgentSend(projectID, message, peerID string) string {
 // inbox where the operator picks it up).
 func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
-	a.emitAgent(agentEvent{
-		TurnID:    turnID,
-		ProjectID: projectID,
-		Kind:      "delta",
-		Text:      fmt.Sprintf("Dispatching to peer %s…\n\n", short(peerID)),
-	})
 
-	bin, err := locateClawtool()
+	base, err := a.ensureDaemonBase()
 	if err != nil {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
 		return
 	}
-	// Wrap the payload so a receiver that's clawtool-agent-aware can route
-	// it back into its local AgentSend; a non-aware receiver still sees a
-	// human-readable message in its inbox.
-	payload := map[string]any{
-		"kind":       "clawtool.agent.dispatch",
-		"project_id": projectID,
-		"message":    message,
-	}
-	body, _ := json.Marshal(payload)
-	ctx, cancel := context.WithTimeout(context.Background(), 6*time.Second)
+	// Drive the local daemon's peer-run proxy: it forwards the prompt to the
+	// paired device's /v1/peer-run over mTLS, the peer runs its supervisor,
+	// and the NDJSON reply streams back here token-by-token — so the operator
+	// sees the remote agent's answer, not just "delivered".
+	reqBody, _ := json.Marshal(map[string]any{"message": message})
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
-	cmd := exec.CommandContext(ctx, bin, "peer", "send", peerID, string(body))
-	hideConsole(cmd)
-	out, err := cmd.CombinedOutput()
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/peers/"+peerID+"/run", strings.NewReader(string(reqBody)))
 	if err != nil {
-		a.emitAgent(agentEvent{
-			TurnID:    turnID,
-			ProjectID: projectID,
-			Kind:      "error",
-			Error:     "could not reach peer: " + firstLine(out),
-		})
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
 		return
 	}
-	a.emitAgent(agentEvent{
-		TurnID:    turnID,
-		ProjectID: projectID,
-		Kind:      "delta",
-		Text:      fmt.Sprintf("Delivered. The peer's daemon will run the turn against its local cwd; events stay on that device until receive-side streaming lands.\n\nMessage id: %s", firstLine(out)),
-	})
-	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
-}
+	req.Header.Set("Content-Type", "application/json")
+	// The local daemon is loopback + no-auth, so no bearer is needed here.
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "could not reach peer: " + err.Error()})
+		return
+	}
+	defer resp.Body.Close()
 
-// short truncates a long fingerprint/peer-id for inline display.
-func short(s string) string {
-	if len(s) > 12 {
-		return s[:12] + "…"
+	scanner := bufio.NewScanner(resp.Body)
+	scanner.Buffer(make([]byte, 0, 64*1024), 4*1024*1024)
+	sawText := false
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if line == "" {
+			continue
+		}
+		// The proxy may answer with a one-shot JSON status (e.g.
+		// pairing_required) instead of an NDJSON stream — surface that.
+		if !sawText {
+			var status map[string]any
+			if json.Unmarshal([]byte(line), &status) == nil {
+				if pr, _ := status["pairing_required"].(bool); pr {
+					a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "This device isn't approved on the peer yet — approve it there, then retry."})
+					return
+				}
+				if errStr, _ := status["error"].(string); errStr != "" {
+					a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: errStr})
+					return
+				}
+			}
+		}
+		if text, ok := extractAgentText(line); ok && text != "" {
+			sawText = true
+			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: text})
+		}
 	}
-	return s
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
 // runAgentTurn drives one turn LOCALLY by handing the prompt off to
@@ -158,12 +165,19 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "no callable agent on this device — install or start one (codex, opencode, gemini…)"})
 		return
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
 	cmd := exec.CommandContext(ctx, bin, "send", "--agent", agent, message)
 	if cwd != "" {
 		cmd.Dir = cwd
 	}
+	// Strip CLAUDECODE from the child env. The supervisor's loop guard
+	// refuses to dispatch to the claude family when CLAUDECODE=1 — but the
+	// GUI app is NOT a Claude Code session; it only inherited that var when
+	// launched from a Claude Code shell (or a parent that had it). A turn
+	// dispatched from the desktop is a fresh subprocess, never a re-entry,
+	// so clearing it lets the operator pick claude on their own machine.
+	cmd.Env = envWithout(os.Environ(), "CLAUDECODE")
 	hideConsole(cmd)
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
@@ -251,6 +265,26 @@ func (a *App) firstCallableAgent() string {
 	return ""
 }
 
+// envWithout returns env with any KEY=… entries for the given key dropped.
+// Used to strip CLAUDECODE so a desktop-dispatched turn isn't mistaken for
+// a Claude Code self-dispatch by the supervisor's loop guard.
+func envWithout(env []string, keys ...string) []string {
+	out := env[:0:0]
+	for _, e := range env {
+		drop := false
+		for _, k := range keys {
+			if strings.HasPrefix(e, k+"=") {
+				drop = true
+				break
+			}
+		}
+		if !drop {
+			out = append(out, e)
+		}
+	}
+	return out
+}
+
 func extractAgentText(line string) (string, bool) {
 	var raw map[string]any
 	if err := json.Unmarshal([]byte(line), &raw); err != nil {
@@ -267,6 +301,28 @@ func extractAgentText(line string) (string, bool) {
 				}
 			}
 		}
+	case "assistant":
+		// claude-code stream-json: {"type":"assistant","message":{"content":
+		// [{"type":"text","text":"…"}]}}. Concatenate the text blocks; the
+		// trailing {"type":"result"} frame repeats the same text, so it's
+		// skipped (falls through to the default no-op below).
+		if msg, ok := raw["message"].(map[string]any); ok {
+			if blocks, ok := msg["content"].([]any); ok {
+				var sb strings.Builder
+				for _, b := range blocks {
+					if bm, ok := b.(map[string]any); ok {
+						if bt, _ := bm["type"].(string); bt == "text" {
+							if txt, _ := bm["text"].(string); txt != "" {
+								sb.WriteString(txt)
+							}
+						}
+					}
+				}
+				if sb.Len() > 0 {
+					return sb.String(), true
+				}
+			}
+		}
 	case "content_block_delta":
 		if delta, ok := raw["delta"].(map[string]any); ok {
 			if text, _ := delta["text"].(string); text != "" {
diff --git a/internal/server/http.go b/internal/server/http.go
index ef691de..17ad8dc 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -187,6 +187,11 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// (mTLS). Delivery enqueues into local agents' inboxes, not code
 	// execution — the approved-fingerprint gate is the trust boundary.
 	mux.Handle("/v1/relay", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleRelay)))
+	// /v1/peer-run — cross-device agentic run with streamed reply. A paired
+	// device POSTs a prompt; we run the supervisor here and stream the
+	// upstream NDJSON back. Code-executing, so peerOrBearer-gated (approved
+	// fingerprint only) — what pairing authorizes.
+	mux.Handle("/v1/peer-run", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handlePeerRun)))
 	// /v1/biam/subscribe — SSE A2A async-push (ADR-024 Phase 4).
 	// task-scoped, with Last-Event-ID replay against the per-task
 	// ring buffer in internal/agents/biam.Events.
diff --git a/internal/server/peer_run_handler.go b/internal/server/peer_run_handler.go
new file mode 100644
index 0000000..c451ff8
--- /dev/null
+++ b/internal/server/peer_run_handler.go
@@ -0,0 +1,69 @@
+// Cross-device agentic run (Tier-2). A paired device POSTs a prompt to
+// /v1/peer-run; we run it through THIS host's supervisor and stream the
+// upstream's NDJSON straight back over the mTLS connection. That's the
+// difference from /v1/relay (which only drops the message into local
+// inboxes): the remote operator sees the reply stream token-by-token,
+// exactly like a local turn.
+//
+// This executes code on this host, so it's gated by peerOrBearer — only
+// an approved-fingerprint peer (or the local bearer) reaches it, which is
+// precisely what pairing authorizes.
+package server
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/cogitave/clawtool/internal/agents"
+)
+
+type peerRunRequest struct {
+	Message string `json:"message"`
+	Agent   string `json:"agent,omitempty"` // instance/family; empty = supervisor default
+}
+
+func handlePeerRun(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		writeJSON(w, http.StatusMethodNotAllowed, map[string]any{"error": "POST only"})
+		return
+	}
+	var req peerRunRequest
+	if err := json.NewDecoder(io.LimitReader(r.Body, 1<<20)).Decode(&req); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": fmt.Sprintf("decode body: %v", err)})
+		return
+	}
+	if strings.TrimSpace(req.Message) == "" {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": "message is required"})
+		return
+	}
+	sup := agents.NewSupervisor()
+	rc, err := sup.Send(r.Context(), req.Agent, req.Message, nil)
+	if err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": err.Error()})
+		return
+	}
+	defer rc.Close()
+
+	w.Header().Set("Content-Type", "application/x-ndjson")
+	w.Header().Set("Cache-Control", "no-cache")
+	w.WriteHeader(http.StatusOK)
+	flusher, _ := w.(http.Flusher)
+	buf := make([]byte, 32*1024)
+	for {
+		n, rerr := rc.Read(buf)
+		if n > 0 {
+			if _, werr := w.Write(buf[:n]); werr != nil {
+				return
+			}
+			if flusher != nil {
+				flusher.Flush()
+			}
+		}
+		if rerr != nil {
+			return
+		}
+	}
+}
diff --git a/internal/server/peers_handler.go b/internal/server/peers_handler.go
index 2c2cf8f..4309846 100644
--- a/internal/server/peers_handler.go
+++ b/internal/server/peers_handler.go
@@ -87,6 +87,10 @@ func handlePeers(w http.ResponseWriter, r *http.Request) {
 		peerID := strings.TrimSuffix(tail, "/pair-request")
 		sendPairRequest(w, r, reg, peerID)
 
+	case strings.HasSuffix(tail, "/run") && r.Method == http.MethodPost:
+		peerID := strings.TrimSuffix(tail, "/run")
+		proxyPeerRun(w, r, reg, peerID)
+
 	case tail != "" && !strings.Contains(tail, "/") && r.Method == http.MethodDelete:
 		deregisterPeer(w, r, reg, tail)
 
@@ -404,6 +408,70 @@ func proxyPeerAgents(w http.ResponseWriter, r *http.Request, reg *a2a.Registry,
 	_, _ = w.Write(body)
 }
 
+// proxyPeerRun forwards an agentic run to a paired peer's /v1/peer-run over
+// mTLS and streams the upstream NDJSON straight back to our caller, so a
+// desktop on this machine sees the remote agent's reply token-by-token —
+// the receive-side streaming the old inbox-drop path was missing.
+func proxyPeerRun(w http.ResponseWriter, r *http.Request, reg *a2a.Registry, peerID string) {
+	peer := reg.Get(peerID)
+	if peer == nil {
+		writeJSON(w, http.StatusNotFound, map[string]any{"error": "no peer with that id", "got_id": peerID})
+		return
+	}
+	base := peerBaseURL(peer)
+	if base == "" {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "peer advertised no reachable address", "peer_id": peerID})
+		return
+	}
+	bodyIn, _ := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+
+	// Long timeout — an agentic run can take a while. Tied to the caller's
+	// context so a desktop disconnect cancels the remote run.
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Minute)
+	defer cancel()
+	client, err := peerHTTPClient(peerExpectedFingerprint(peer), 10*time.Minute)
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "device identity unavailable: " + err.Error()})
+		return
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/peer-run", strings.NewReader(string(bodyIn)))
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "bad peer address: " + err.Error()})
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(a2a.DeviceNameHeader, a2a.InstallDisplayName())
+	resp, err := client.Do(req)
+	if err != nil {
+		writeJSON(w, http.StatusBadGateway, map[string]any{"error": "could not reach peer: " + err.Error(), "peer_id": peerID})
+		return
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode == http.StatusForbidden {
+		writeJSON(w, http.StatusOK, map[string]any{"pairing_required": true, "hint": "approve this device on the peer first"})
+		return
+	}
+	w.Header().Set("Content-Type", "application/x-ndjson")
+	w.Header().Set("Cache-Control", "no-cache")
+	w.WriteHeader(http.StatusOK)
+	flusher, _ := w.(http.Flusher)
+	buf := make([]byte, 32*1024)
+	for {
+		n, rerr := resp.Body.Read(buf)
+		if n > 0 {
+			if _, werr := w.Write(buf[:n]); werr != nil {
+				return
+			}
+			if flusher != nil {
+				flusher.Flush()
+			}
+		}
+		if rerr != nil {
+			return
+		}
+	}
+}
+
 // sendPairRequest tells a discovered peer's daemon that this device wants to
 // pair: it POSTs a minimal relay to the peer's /v1/relay carrying THIS
 // device's install fingerprint + display name. The peer records a pending

From 068be8f7fd348c3528c5e8809abf81267f02dce5 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 05:52:28 +0300
Subject: [PATCH 69/86] =?UTF-8?q?fix(desktop):=20ADE=20audit=20batch=20?=
 =?UTF-8?q?=E2=80=94=20cross-device=20agent/cwd,=20daemon=20churn,=20sessi?=
 =?UTF-8?q?on=20bleed?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A multi-agent audit of the ADE surface confirmed 12 real findings; this lands
the high-value ones (verified against source + a local smoke test).

Cross-device correctness (was: remote turn ran the wrong agent in the wrong dir):
- dispatchAgentToPeer now carries the session's pinned agent + cwd in the
  peer-run body, not just {message}. Without the agent the receiver self-picked
  its first callable (often its own claude → loop); without cwd it ran in the
  daemon's dir.
- peer_run_handler: peerRunRequest gains Cwd; handlePeerRun passes opts["cwd"]
  to the supervisor (transports honor it) so the remote run lands in the
  operator's folder.
- proxyPeerRun now surfaces a peer's >=400 response body as {error} instead of
  an opaque stream that emits nothing, so the UI shows the real cause.

Local correctness (was: attached folder silently ignored):
- runAgentTurn pins $PWD to the session cwd alongside cmd.Dir — Go's cmd.Dir
  doesn't update the inherited PWD, and the upstream transports resolve their
  workdir from $PWD, so tools were running in the parent's dir.

Perf / churn:
- runAgentTurn replaces the unconditional `daemon start` on every turn with
  ensureDaemonBase (probe-then-start) — no more restart-on-healthy latency or
  peer-registry churn.
- Conversation polls ensureGateway ONCE on mount, not every 5s tick.
- The agent picker's auto-default now persists via SessionsSetAgent, so the
  backend dispatches the same instance and skips its firstCallableAgent
  round-trip, and a seed-send uses the right agent.

UI race:
- Switching sessions mid-stream resets turnRef + sending, so deltas from the
  previous session's still-running turn no longer paint into the new one.

envWithout allocates explicitly (make) instead of aliasing os.Environ's
backing array.
---
 cmd/clawtool-installer/agent.go                     | 13 +++++++++++--
 desktop/apps/app-ui/src/components/Conversation.tsx |  5 +++++
 internal/server/peer_run_handler.go                 |  1 +
 internal/server/peers_handler.go                    | 11 +++++++++++
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 872d130..0549dd6 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -69,8 +69,17 @@ func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
 	// Drive the local daemon's peer-run proxy: it forwards the prompt to the
 	// paired device's /v1/peer-run over mTLS, the peer runs its supervisor,
 	// and the NDJSON reply streams back here token-by-token — so the operator
-	// sees the remote agent's answer, not just "delivered".
-	reqBody, _ := json.Marshal(map[string]any{"message": message})
+	// sees the remote agent's answer, not just "delivered". Carry the
+	// session's pinned agent + cwd so the REMOTE supervisor runs the agent
+	// the operator chose in the right directory — without them the receiver
+	// self-picks its first callable (which can be its own claude → loop) and
+	// runs in the daemon's dir.
+	agent := a.sessionAgent(projectID)
+	cwd := a.sessionCwd(projectID)
+	if cwd == "" {
+		cwd = a.projectCwd(projectID)
+	}
+	reqBody, _ := json.Marshal(map[string]any{"message": message, "agent": agent, "cwd": cwd})
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/peers/"+peerID+"/run", strings.NewReader(string(reqBody)))
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index f1c6d62..59af568 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -39,11 +39,16 @@ export function Conversation({
   const scrollRef = useRef<HTMLDivElement | null>(null);
 
   // Keep local state in sync if the session swaps out from under us.
+  // Critically, drop any in-flight turn id + sending flag too — otherwise
+  // deltas from the PREVIOUS session's still-running turn keep matching
+  // turnRef and paint into this session's transcript.
   useEffect(() => {
     setMessages([]);
     setCwd(session.cwd || "");
     setEnv(session.env || "");
     setAgent(session.agent || "");
+    turnRef.current = "";
+    setSending(false);
   }, [session.id]);
 
   // Once callable agents load, adopt the first one as the default when the
diff --git a/internal/server/peer_run_handler.go b/internal/server/peer_run_handler.go
index c451ff8..1fdde5c 100644
--- a/internal/server/peer_run_handler.go
+++ b/internal/server/peer_run_handler.go
@@ -23,6 +23,7 @@ import (
 type peerRunRequest struct {
 	Message string `json:"message"`
 	Agent   string `json:"agent,omitempty"` // instance/family; empty = supervisor default
+	Cwd     string `json:"cwd,omitempty"`   // working dir the remote run executes in
 }
 
 func handlePeerRun(w http.ResponseWriter, r *http.Request) {
diff --git a/internal/server/peers_handler.go b/internal/server/peers_handler.go
index 4309846..43076b3 100644
--- a/internal/server/peers_handler.go
+++ b/internal/server/peers_handler.go
@@ -451,6 +451,17 @@ func proxyPeerRun(w http.ResponseWriter, r *http.Request, reg *a2a.Registry, pee
 		writeJSON(w, http.StatusOK, map[string]any{"pairing_required": true, "hint": "approve this device on the peer first"})
 		return
 	}
+	if resp.StatusCode >= 400 {
+		// Surface the peer's real failure (e.g. "no callable agent",
+		// supervisor error) instead of an opaque stream that emits nothing.
+		errBody, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<16))
+		msg := strings.TrimSpace(string(errBody))
+		if msg == "" {
+			msg = "peer returned " + resp.Status
+		}
+		writeJSON(w, http.StatusOK, map[string]any{"error": msg})
+		return
+	}
 	w.Header().Set("Content-Type", "application/x-ndjson")
 	w.Header().Set("Cache-Control", "no-cache")
 	w.WriteHeader(http.StatusOK)

From 31550b965c77b5984eb928a908a43549c08a8bcb Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 06:09:01 +0300
Subject: [PATCH 70/86] =?UTF-8?q?fix(desktop):=20ADE=20audit=20batch=202?=
 =?UTF-8?q?=20=E2=80=94=20env=20picker,=20stream-error=20surfacing,=20daem?=
 =?UTF-8?q?on=20churn?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Landing env chip was dead: onClick did setEnv(env ? "" : "") which always
resolves to "", so a paired peer could never be selected before minting a
session. Replace it with a real dropdown (Local + paired devices), mirroring
the in-session composer, with peers loaded via one ensureGateway + snapshot.

Conversation pane:
- re-bind the agent:event listener on session.id so its cleanup runs on every
  switch and a stale subscription can't paint another session's deltas
- persist the auto-picked default agent (sessionsSetAgent) so the backend
  resolves it from disk on the first send — no extra /v1/agents round-trip and
  the dispatched instance always matches the badge
- consume the seed message exactly once, keyed on the message itself, so a
  stale seed left in parent state can't re-fire into a different session
- ensureGateway ONCE on mount, then poll snapshots only — calling it every
  5s re-spawned `daemon start` on a healthy daemon across every open pane

Agent dispatch (installer backend):
- gate peer status-frame detection on the error-shaped keys so a normal
  completion frame that is valid JSON isn't speculatively unmarshaled and
  swallowed before extractAgentText sees it
- surface scanner.Err() in both the local and peer stream loops instead of
  emitting a clean "done" on a truncated stream
- bound the daemon-ensure subprocess with an 8s context timeout

ensureDaemonBase: cache the resolved URL for 8s (success-only) so the per-pane
poll stops spawning `daemon url`/`daemon start` subprocesses every tick.
---
 cmd/clawtool-installer/agent.go               | 23 +++++++-
 .../app-ui/src/components/Conversation.tsx    | 42 ++++++++++-----
 desktop/apps/app-ui/src/views/Sessions.tsx    | 52 ++++++++++++++++---
 3 files changed, 95 insertions(+), 22 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 0549dd6..138b5ed 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -106,7 +106,10 @@ func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
 		}
 		// The proxy may answer with a one-shot JSON status (e.g.
 		// pairing_required) instead of an NDJSON stream — surface that.
-		if !sawText {
+		// Gate on the error-shaped keys so a normal completion frame that
+		// happens to be valid JSON never gets speculatively unmarshaled
+		// and swallowed here; status is only ever the first frame.
+		if !sawText && (strings.Contains(line, "\"pairing_required\"") || strings.Contains(line, "\"error\"")) {
 			var status map[string]any
 			if json.Unmarshal([]byte(line), &status) == nil {
 				if pr, _ := status["pairing_required"].(bool); pr {
@@ -124,6 +127,13 @@ func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
 			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: text})
 		}
 	}
+	// A read error (network drop, oversized line) exits the loop silently —
+	// report it instead of a clean done so the operator doesn't mistake a
+	// truncated reply for a complete one.
+	if err := scanner.Err(); err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "stream interrupted: " + err.Error()})
+		return
+	}
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
@@ -157,9 +167,11 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 	// daemon (system sleep, crash) leaves /v1/agents empty and the send
 	// subprocess gets no upstream. `daemon start` is Ensure-style and
 	// no-ops on a healthy daemon.
-	ensure := exec.Command(bin, "daemon", "start")
+	ensureCtx, ensureCancel := context.WithTimeout(context.Background(), 8*time.Second)
+	ensure := exec.CommandContext(ensureCtx, bin, "daemon", "start")
 	hideConsole(ensure)
 	_ = ensure.Run()
+	ensureCancel()
 
 	// Resolve the instance the session is pinned to (composer's agent
 	// picker writes this via SessionsSetAgent). When unset, pick the
@@ -214,6 +226,7 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: text})
 		}
 	}
+	streamErr := scanner.Err()
 
 	// Surface stderr trailing the run so the operator sees the real
 	// failure mode (e.g. "refusing to dispatch to the calling Claude
@@ -230,6 +243,12 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: msg})
 		return
 	}
+	// The process exited 0 but the scanner may have stopped on a read
+	// error mid-stream — surface that rather than a misleading done.
+	if streamErr != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "stream error: " + streamErr.Error()})
+		return
+	}
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 59af568..52c4c5f 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -36,6 +36,7 @@ export function Conversation({
   const [envOpen, setEnvOpen] = useState(false);
   const [agentOpen, setAgentOpen] = useState(false);
   const turnRef = useRef<string>("");
+  const seedConsumedRef = useRef<string>("");
   const scrollRef = useRef<HTMLDivElement | null>(null);
 
   // Keep local state in sync if the session swaps out from under us.
@@ -60,26 +61,31 @@ export function Conversation({
     if (agents.length === 0) return;
     const pick = agents.find((a) => a.family !== "claude") ?? agents[0];
     setAgent(pick.instance);
-  }, [agents, agent]);
+    // Persist immediately so the backend resolves this session's agent
+    // from disk on the very first send — no extra /v1/agents round-trip,
+    // and the dispatched instance always matches the badge.
+    App.sessionsSetAgent(session.id, pick.instance);
+  }, [agents, agent, session.id]);
 
   // Auto-send the seed message the Sessions landing handed up so the
   // operator's first prompt isn't stranded in the composer when the
   // workspace opens. Consumed on mount so re-renders don't re-fire.
   useEffect(() => {
-    if (initialMessage && initialMessage.trim()) {
-      sendText(initialMessage);
-      onSeedConsumed?.();
-    }
+    const seed = initialMessage?.trim();
+    if (!seed) return;
+    // Consume each unique seed exactly once — keyed on the message itself
+    // so a stale seed left in parent state can't re-fire into a different
+    // session when it opens.
+    if (seedConsumedRef.current === seed) return;
+    seedConsumedRef.current = seed;
+    sendText(seed);
+    onSeedConsumed?.();
     // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [session.id]);
+  }, [session.id, initialMessage]);
 
   useEffect(() => {
     let alive = true;
-    async function loadNet() {
-      // Always Ensure first so a stale daemon revives on this tick
-      // instead of leaving the picker empty until the user notices.
-      await App.ensureGateway();
-      if (!alive) return;
+    async function snapshot() {
       const snap = await App.networkSnapshot();
       if (!alive) return;
       if (snap.ok === true) {
@@ -93,8 +99,14 @@ export function Conversation({
         setAgents(all.filter((a) => a.callable));
       }
     }
-    loadNet();
-    const t = setInterval(loadNet, 5000);
+    // Ensure the daemon is live ONCE on mount, then just poll snapshots.
+    // Calling ensureGateway every tick re-spawned `daemon start` on an
+    // already-healthy daemon every 5s across every open pane.
+    (async () => {
+      await App.ensureGateway();
+      if (alive) await snapshot();
+    })();
+    const t = setInterval(snapshot, 5000);
     return () => {
       alive = false;
       clearInterval(t);
@@ -142,8 +154,10 @@ export function Conversation({
         turnRef.current = "";
       }
     });
+    // Re-bind per session so the listener's cleanup runs on every switch
+    // and a stale subscription can't paint another session's deltas here.
     return () => off();
-  }, []);
+  }, [session.id]);
 
   useEffect(() => {
     const el = scrollRef.current;
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
index 63997ed..7618d43 100644
--- a/desktop/apps/app-ui/src/views/Sessions.tsx
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -1,6 +1,6 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
-import { App, type Session } from "@clawtool/bridge";
-import { ArrowUp, ChevronRight, Folder, FolderX, Monitor, Trash2 } from "lucide-react";
+import { App, type Peer, type Session } from "@clawtool/bridge";
+import { ArrowUp, ChevronDown, ChevronRight, Folder, FolderX, Monitor, Trash2 } from "lucide-react";
 import styles from "./Sessions.module.css";
 
 // Sessions landing — Image #8 pattern. A Welcome hero, a compact
@@ -20,6 +20,8 @@ export function Sessions({
   const [busy, setBusy] = useState(false);
   const [cwd, setCwd] = useState("");
   const [env, setEnv] = useState("");
+  const [peers, setPeers] = useState<Peer[]>([]);
+  const [envOpen, setEnvOpen] = useState(false);
   const taRef = useRef<HTMLTextAreaElement | null>(null);
 
   async function load() {
@@ -30,6 +32,20 @@ export function Sessions({
     if (active !== false) load();
   }, [active]);
 
+  // Load paired devices so the landing's env chip can target one before
+  // the session is even minted. Ensure the daemon once, then snapshot.
+  useEffect(() => {
+    let alive = true;
+    (async () => {
+      await App.ensureGateway();
+      const snap = await App.networkSnapshot();
+      if (alive && snap.ok === true) setPeers(snap.peers?.peers ?? []);
+    })();
+    return () => {
+      alive = false;
+    };
+  }, []);
+
   async function start(seed: string) {
     if (!seed.trim() || busy) return;
     setBusy(true);
@@ -64,8 +80,14 @@ export function Sessions({
     await load();
   }
 
+  function chooseEnv(next: string) {
+    setEnv(next);
+    setEnvOpen(false);
+  }
+
+  const peerName = (id: string) => peers.find((p) => p.peer_id === id || p.device_id === id)?.name || id;
   const cwdLabel = cwd ? cwd.split("/").filter(Boolean).pop() || cwd : "";
-  const envLabel = env || "Local";
+  const envLabel = env ? peerName(env) : "Local";
 
   return (
     <div className={styles.wrap}>
@@ -97,9 +119,27 @@ export function Sessions({
           opens it with the seed message auto-applied. */}
       <div className={styles.composer}>
         <div className={styles.chips}>
-          <button type="button" className={styles.chip} onClick={() => setEnv(env ? "" : "")}>
-            <Monitor size={12} /> {envLabel}
-          </button>
+          <div className={styles.chipWrap}>
+            <button type="button" className={styles.chip} onClick={() => setEnvOpen((v) => !v)}>
+              <Monitor size={12} /> {envLabel} <ChevronDown size={11} />
+            </button>
+            {envOpen && (
+              <div className={styles.menu}>
+                <button type="button" className={styles.menuItem} onClick={() => chooseEnv("")}>
+                  Local
+                </button>
+                {peers.length === 0 ? (
+                  <div className={styles.menuEmpty}>No paired devices</div>
+                ) : (
+                  peers.map((p) => (
+                    <button type="button" key={p.peer_id} className={styles.menuItem} onClick={() => chooseEnv(p.peer_id)}>
+                      {p.name || p.peer_id}
+                    </button>
+                  ))
+                )}
+              </div>
+            )}
+          </div>
           {cwd ? (
             <button type="button" className={styles.chip} onClick={() => setCwd("")} title={cwd}>
               <Folder size={12} /> {cwdLabel} <FolderX size={11} style={{ opacity: 0.6, marginLeft: 2 }} />

From c32cc7d53b79fda01fad3e47c3c32b98854adf99 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 06:12:51 +0300
Subject: [PATCH 71/86] fix(desktop): repair landing env picker types + styles,
 land daemon-url cache
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The env-picker commit shipped with a broken Peer shape: it read p.name and
p.device_id, but Peer only has peer_id + display_name (device_id lives under
metadata). tsc failed, so CI would have too. Use display_name/peer_id.

Also add the dropdown's own CSS (chipWrap/menu/menuItem/menuEmpty) to
Sessions.module.css — they were referenced but never defined, so the menu
rendered unstyled and shoved the composer around.

ensureDaemonBase: cache the resolved URL for 8s (success-only) so the
per-pane network poll stops spawning `daemon url`/`daemon start`
subprocesses every tick — the daemon-churn fix the batch-2 message claimed
but didn't actually contain.
---
 cmd/clawtool-installer/app.go              | 28 ++++++++++++++++++++++
 desktop/apps/app-ui/src/views/Sessions.tsx |  4 ++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index a771cd9..7bb1036 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -742,9 +742,36 @@ func (a *App) LocalCard() string {
 	return string(body)
 }
 
+// daemonBase caches the resolved daemon URL briefly so the per-pane 5s
+// network poll doesn't spawn a `daemon url` (and sometimes `daemon
+// start`) subprocess on every tick. Only successful resolves are cached;
+// a miss falls through to a real probe + start, so a crashed daemon is
+// still revived within the TTL.
+var (
+	daemonBaseMu  sync.Mutex
+	daemonBaseVal string
+	daemonBaseAt  time.Time
+)
+
+const daemonBaseTTL = 8 * time.Second
+
+func cacheDaemonBase(base string) {
+	daemonBaseMu.Lock()
+	daemonBaseVal, daemonBaseAt = base, time.Now()
+	daemonBaseMu.Unlock()
+}
+
 // ensureDaemonBase resolves the daemon's loopback base URL, starting the
 // daemon if it isn't recorded yet.
 func (a *App) ensureDaemonBase() (string, error) {
+	daemonBaseMu.Lock()
+	if daemonBaseVal != "" && time.Since(daemonBaseAt) < daemonBaseTTL {
+		cached := daemonBaseVal
+		daemonBaseMu.Unlock()
+		return cached, nil
+	}
+	daemonBaseMu.Unlock()
+
 	bin, err := locateClawtool()
 	if err != nil {
 		return "", err
@@ -759,6 +786,7 @@ func (a *App) ensureDaemonBase() (string, error) {
 			return "", errors.New("gateway not running")
 		}
 	}
+	cacheDaemonBase(base)
 	return base, nil
 }
 
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
index 7618d43..449be69 100644
--- a/desktop/apps/app-ui/src/views/Sessions.tsx
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -85,7 +85,7 @@ export function Sessions({
     setEnvOpen(false);
   }
 
-  const peerName = (id: string) => peers.find((p) => p.peer_id === id || p.device_id === id)?.name || id;
+  const peerName = (id: string) => peers.find((p) => p.peer_id === id)?.display_name || id;
   const cwdLabel = cwd ? cwd.split("/").filter(Boolean).pop() || cwd : "";
   const envLabel = env ? peerName(env) : "Local";
 
@@ -133,7 +133,7 @@ export function Sessions({
                 ) : (
                   peers.map((p) => (
                     <button type="button" key={p.peer_id} className={styles.menuItem} onClick={() => chooseEnv(p.peer_id)}>
-                      {p.name || p.peer_id}
+                      {p.display_name || p.peer_id}
                     </button>
                   ))
                 )}

From 9d4f6e95af42c8059303ca1dfd544610556d2dde Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 06:34:39 +0300
Subject: [PATCH 72/86] feat(desktop): cancel in-flight agent turns on
 navigate-away (Phase E)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cross-device turns had no abort path: dispatchAgentToPeer ran on its own
context.Background()+10m timeout with no link to the UI's lifetime, so
navigating away from a session left the goroutine + HTTP stream alive until
the ceiling. Completes the Phase-E peer-routing lifecycle.

- App gains a sync.Map of turn id → CancelFunc; turnContext() derives a
  cancellable, 10-min-bounded context and registers it, release() cancels +
  deregisters (defer it so a self-finishing turn cleans up its own entry)
- AgentCancel(turnID) reaches that cancel func — aborts the local send
  subprocess or the peer HTTP stream
- both runAgentTurn and dispatchAgentToPeer now derive their context from
  turnContext instead of a bare WithTimeout
- bridge: agentCancel(turnID) binding
- Conversation: on session switch, cancel the still-in-flight turn in the
  effect cleanup (turnRef is already reset for the incoming session)
---
 cmd/clawtool-installer/agent.go               | 39 +++++++++++++++++--
 cmd/clawtool-installer/app.go                 |  6 +++
 .../app-ui/src/components/Conversation.tsx    |  7 +++-
 desktop/packages/bridge/src/app.ts            |  4 ++
 4 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 138b5ed..5fb2f9d 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -52,6 +52,30 @@ func (a *App) AgentSend(projectID, message, peerID string) string {
 	return string(b)
 }
 
+// AgentCancel aborts an in-flight turn. The renderer calls this when the
+// operator navigates away from a session with a turn still running so a
+// cross-device dispatch doesn't keep a goroutine + HTTP stream alive until
+// the 10-minute ceiling. No-op if the turn already finished.
+func (a *App) AgentCancel(turnID string) string {
+	if cancel, ok := a.agentTurns.LoadAndDelete(turnID); ok {
+		cancel.(context.CancelFunc)()
+	}
+	return `{"ok":true}`
+}
+
+// turnContext derives a cancellable, 10-minute-bounded context for one
+// turn and registers its cancel under the turn id so AgentCancel can reach
+// it. The returned release() cancels and deregisters — defer it so a turn
+// that ends on its own cleans up its own entry.
+func (a *App) turnContext(turnID string) (context.Context, func()) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
+	a.agentTurns.Store(turnID, context.CancelFunc(cancel))
+	return ctx, func() {
+		cancel()
+		a.agentTurns.Delete(turnID)
+	}
+}
+
 // dispatchAgentToPeer ships the turn to a paired device. The local clawtool
 // CLI's `peer send` already speaks the mTLS-authenticated peer-relay over
 // the daemon, so we don't reinvent transport — we just wrap the payload as
@@ -80,8 +104,12 @@ func (a *App) dispatchAgentToPeer(turnID, projectID, message, peerID string) {
 		cwd = a.projectCwd(projectID)
 	}
 	reqBody, _ := json.Marshal(map[string]any{"message": message, "agent": agent, "cwd": cwd})
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
-	defer cancel()
+	// Cancellable + 10-min-bounded, registered under the turn id so
+	// AgentCancel can tear the stream down when the operator navigates
+	// away — otherwise this goroutine + HTTP connection live until the
+	// ceiling even though nobody's watching.
+	ctx, release := a.turnContext(turnID)
+	defer release()
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+"/v1/peers/"+peerID+"/run", strings.NewReader(string(reqBody)))
 	if err != nil {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
@@ -186,8 +214,11 @@ func (a *App) runAgentTurn(turnID, projectID, message string) {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "no callable agent on this device — install or start one (codex, opencode, gemini…)"})
 		return
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
-	defer cancel()
+	// Cancellable + 10-min-bounded, registered under the turn id so
+	// AgentCancel kills the send subprocess when the operator navigates
+	// away mid-turn.
+	ctx, release := a.turnContext(turnID)
+	defer release()
 	cmd := exec.CommandContext(ctx, bin, "send", "--agent", agent, message)
 	if cwd != "" {
 		cmd.Dir = cwd
diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index 7bb1036..bd55da3 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -34,6 +34,12 @@ var trayIcon []byte
 type App struct {
 	ctx context.Context
 
+	// In-flight agent turns: turn id → context.CancelFunc. Lets the UI
+	// abort a turn (local subprocess or cross-device stream) when the
+	// operator navigates away, so a paired-device run doesn't keep a
+	// goroutine + HTTP connection alive until the 10-minute ceiling.
+	agentTurns sync.Map
+
 	// Update poller state. mUpdate is the tray menu item whose label
 	// flips between "Check for updates" and "Install update <ver>";
 	// updMu guards the latest poll result the click handler reads.
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 52c4c5f..429dbb5 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -42,7 +42,9 @@ export function Conversation({
   // Keep local state in sync if the session swaps out from under us.
   // Critically, drop any in-flight turn id + sending flag too — otherwise
   // deltas from the PREVIOUS session's still-running turn keep matching
-  // turnRef and paint into this session's transcript.
+  // turnRef and paint into this session's transcript. On the way out we
+  // also cancel that turn on the backend so a cross-device stream doesn't
+  // keep a goroutine + connection alive after we've stopped listening.
   useEffect(() => {
     setMessages([]);
     setCwd(session.cwd || "");
@@ -50,6 +52,9 @@ export function Conversation({
     setAgent(session.agent || "");
     turnRef.current = "";
     setSending(false);
+    return () => {
+      if (turnRef.current) App.agentCancel(turnRef.current);
+    };
   }, [session.id]);
 
   // Once callable agents load, adopt the first one as the default when the
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 8af5a52..81287cf 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -90,6 +90,10 @@ export const App = {
   agentSend: (projectID: string, message: string, peerID = "") =>
     callJSON<Result & { turn_id?: string }>("AgentSend", OK_FALSE, projectID, message, peerID),
 
+  // Abort an in-flight turn by id — the conversation pane calls this when
+  // the operator navigates away so a cross-device stream doesn't linger.
+  agentCancel: (turnID: string) => callJSON<Result>("AgentCancel", OK_FALSE, turnID),
+
   // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
   lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),

From de6198136d43cfdfe6b7ec70850b0939d1108ce5 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 07:08:35 +0300
Subject: [PATCH 73/86] fix(desktop): repair PATH on GUI launch so the daemon
 sees agent CLIs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A Finder/dock launch on macOS hands the app a stub PATH (/usr/bin:/bin)
with none of the dirs agent CLIs live in (/opt/homebrew/bin, ~/.local/bin,
npm/cargo/go bins). The daemon the app spawns inherits that stub, and since
the supervisor resolves families with a LIVE exec.LookPath on every
/v1/agents call, every family comes back binary-missing / bridge-missing —
the operator sees "claude not installed, all bridges missing" even though
the CLIs are right there in a terminal. Reproduced: a daemon under
PATH=/usr/bin:/bin reports callable:[]; the same daemon under the login
PATH reports claude callable.

startup() now calls ensureUserPath() before spawning anything: it keeps the
inherited PATH, folds in the login shell's PATH (Homebrew, nvm/asdf/mise,
custom profiles), and adds the standard macOS dirs as a backstop — so every
child (daemon start, clawtool send) inherits the real PATH. No-op on
Windows. Verified end-to-end: from PATH=/usr/bin:/bin, after ensureUserPath
claude/codex/opencode all resolve via exec.LookPath.
---
 cmd/clawtool-installer/app.go       | 88 +++++++++++++++++++++++++++++
 cmd/clawtool-installer/path_test.go | 47 +++++++++++++++
 2 files changed, 135 insertions(+)
 create mode 100644 cmd/clawtool-installer/path_test.go

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index bd55da3..c7db085 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -126,6 +126,16 @@ func (a *App) OpenInstalled() string {
 // LockOSThread guarantees.
 func (a *App) startup(ctx context.Context) {
 	a.ctx = ctx
+	// Repair PATH for the daemon + agent subprocesses we spawn. A Finder/
+	// dock launch on macOS hands the app a stub PATH (/usr/bin:/bin:…) with
+	// none of the dirs agent CLIs live in (/opt/homebrew/bin, ~/.local/bin,
+	// npm/cargo/go bins). The daemon we start inherits that stub, so its
+	// LIVE exec.LookPath("claude"/"codex"/…) finds nothing and /v1/agents
+	// reports every family binary-missing / bridge-missing — the operator
+	// sees "claude not installed, all bridges missing" even though the CLIs
+	// are right there in a terminal. Augment our own process PATH once here
+	// so every child (daemon start, `clawtool send`) inherits the real one.
+	ensureUserPath()
 	// macOS: skip the menu-bar tray. Cocoa's NSApp owns the main thread,
 	// and energye/systray's Cocoa loop fights Wails' main loop → SIGTRAP
 	// on launch (the .app never opens). The app works fine as a regular
@@ -748,6 +758,84 @@ func (a *App) LocalCard() string {
 	return string(body)
 }
 
+// ensureUserPath augments this process's PATH with the user's real login
+// PATH so the children we spawn (the clawtool daemon, `clawtool send`) can
+// resolve agent CLIs that a GUI/Finder launch's stub PATH hides. No-op on
+// Windows (GUI launches there already inherit the user PATH). Strategy:
+// keep everything we already have, fold in the login shell's PATH (picks up
+// Homebrew, nvm/asdf/mise, custom profiles), then add the standard macOS
+// dirs as a backstop — de-duped, existing entries kept first.
+func ensureUserPath() {
+	if runtime.GOOS == "windows" {
+		return
+	}
+	seen := map[string]bool{}
+	var dirs []string
+	add := func(d string) {
+		d = strings.TrimSpace(d)
+		if d == "" || seen[d] {
+			return
+		}
+		seen[d] = true
+		dirs = append(dirs, d)
+	}
+	for _, d := range filepath.SplitList(os.Getenv("PATH")) {
+		add(d)
+	}
+	for _, d := range filepath.SplitList(loginShellPath()) {
+		add(d)
+	}
+	if home, err := os.UserHomeDir(); err == nil {
+		for _, d := range []string{
+			"/opt/homebrew/bin", "/opt/homebrew/sbin",
+			"/usr/local/bin", "/usr/local/sbin",
+			filepath.Join(home, ".local", "bin"),
+			filepath.Join(home, ".cargo", "bin"),
+			filepath.Join(home, "go", "bin"),
+			filepath.Join(home, ".bun", "bin"),
+			"/usr/bin", "/bin", "/usr/sbin", "/sbin",
+		} {
+			add(d)
+		}
+	}
+	_ = os.Setenv("PATH", strings.Join(dirs, string(os.PathListSeparator)))
+}
+
+// loginShellPath asks the user's login shell for its PATH so we inherit the
+// same dirs a terminal would. "" on any failure — the caller has a
+// hardcoded fallback. A sentinel brackets the value so shell-rc noise
+// (banners, prompts) can't corrupt the parse.
+func loginShellPath() string {
+	shell := os.Getenv("SHELL")
+	if shell == "" {
+		shell = "/bin/zsh"
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, shell, "-l", "-c", "printf '__CLAWPATH__%s__END__' \"$PATH\"")
+	out, err := cmd.Output()
+	if err != nil {
+		return ""
+	}
+	return parsePathSentinel(string(out))
+}
+
+// parsePathSentinel extracts the value between the __CLAWPATH__ / __END__
+// markers loginShellPath prints. Pure so it's unit-testable without a shell.
+func parsePathSentinel(s string) string {
+	const open, close = "__CLAWPATH__", "__END__"
+	i := strings.Index(s, open)
+	if i < 0 {
+		return ""
+	}
+	rest := s[i+len(open):]
+	j := strings.Index(rest, close)
+	if j < 0 {
+		return ""
+	}
+	return rest[:j]
+}
+
 // daemonBase caches the resolved daemon URL briefly so the per-pane 5s
 // network poll doesn't spawn a `daemon url` (and sometimes `daemon
 // start`) subprocess on every tick. Only successful resolves are cached;
diff --git a/cmd/clawtool-installer/path_test.go b/cmd/clawtool-installer/path_test.go
new file mode 100644
index 0000000..d9248e6
--- /dev/null
+++ b/cmd/clawtool-installer/path_test.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+	"runtime"
+	"slices"
+	"testing"
+)
+
+func TestParsePathSentinel(t *testing.T) {
+	cases := []struct {
+		name string
+		in   string
+		want string
+	}{
+		{"clean", "__CLAWPATH__/opt/homebrew/bin:/usr/bin__END__", "/opt/homebrew/bin:/usr/bin"},
+		{"with rc noise", "welcome banner\n__CLAWPATH__/a:/b__END__\n", "/a:/b"},
+		{"empty value", "__CLAWPATH____END__", ""},
+		{"no markers", "/just/a/path", ""},
+		{"open only", "__CLAWPATH__/a:/b", ""},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			if got := parsePathSentinel(c.in); got != c.want {
+				t.Fatalf("parsePathSentinel(%q) = %q, want %q", c.in, got, c.want)
+			}
+		})
+	}
+}
+
+// ensureUserPath must never DROP a dir already on PATH, and must add the
+// standard macOS/Homebrew bins so a stub-PATH GUI launch can still find
+// agent CLIs. Skipped on Windows where it's a deliberate no-op.
+func TestEnsureUserPathKeepsAndAugments(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("ensureUserPath is a no-op on Windows")
+	}
+	t.Setenv("PATH", "/usr/bin:/bin")
+	ensureUserPath()
+	got := filepath.SplitList(os.Getenv("PATH"))
+	for _, want := range []string{"/usr/bin", "/bin", "/opt/homebrew/bin"} {
+		if !slices.Contains(got, want) {
+			t.Fatalf("PATH %v missing %q", got, want)
+		}
+	}
+}

From a022554eed58351e3119b919703d1aa18d2660c5 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 08:01:03 +0300
Subject: [PATCH 74/86] feat(desktop): run local turns through namzu, not
 clawtool bridge dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The local chat path spawned `clawtool send --agent <X>`, which routes to an
external agent CLI (codex/gemini/opencode) and depends on each one's health,
env, and quota — so a codex usage-limit (or any per-CLI failure) showed up as
'nothing happened' with the error swallowed on a clean exit. The user's
direction is that namzu IS the runtime; the desktop is its UI.

AgentSend's local branch now calls runNamzuTurn, which spawns
`node <namzu>/packages/cli/dist/bin.js run-stream` and translates namzu's
NDJSON AgentEvents (delta/tool-start/error/done) straight into the
agent:event protocol. namzu is credential-first (Claude Code OAuth from the
Keychain, auto-refresh) and provider-generic, so a turn answers without any
external agent CLI being installed or healthy.

- locateNamzu resolves node (PATH via ensureUserPath, then /opt/homebrew etc.)
  + the CLI entry (CLAWTOOL_NAMZU_BIN override, the shipped .app
  Contents/Resources/namzu, then the dev submodule path)
- errors surface even on clean exit: a stream error, an explicit namzu error
  frame, or a no-output turn all emit a Kind:error (with stderr) instead of a
  silent done
- sessions with no folder get a stable scratch cwd so namzu's <cwd>/.namzu
  history has a home
- cross-device turns (dispatchAgentToPeer) are unchanged; runAgentTurn is kept
  for reference but off the hot path

Verified: under a Finder-style stub PATH (/usr/bin:/bin) with absolute node,
`run-stream` streams a real reply via the Keychain credential — no homebrew,
no agent CLI needed.
---
 cmd/clawtool-installer/agent.go         |   5 +-
 cmd/clawtool-installer/namzu_runtime.go | 232 ++++++++++++++++++++++++
 2 files changed, 236 insertions(+), 1 deletion(-)
 create mode 100644 cmd/clawtool-installer/namzu_runtime.go

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 5fb2f9d..006a8a1 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -46,7 +46,10 @@ func (a *App) AgentSend(projectID, message, peerID string) string {
 	if strings.TrimSpace(peerID) != "" {
 		go a.dispatchAgentToPeer(turnID, projectID, message, peerID)
 	} else {
-		go a.runAgentTurn(turnID, projectID, message)
+		// Local turns run through namzu (the credential-first runtime), not
+		// clawtool's bridge dispatch. runAgentTurn is kept for reference but no
+		// longer on the hot path.
+		go a.runNamzuTurn(turnID, projectID, message)
 	}
 	b, _ := json.Marshal(map[string]any{"ok": true, "turn_id": turnID})
 	return string(b)
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
new file mode 100644
index 0000000..0357ec5
--- /dev/null
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -0,0 +1,232 @@
+// namzu runtime — the LOCAL agent engine for the desktop.
+//
+// The operator's direction: namzu IS the runtime; the desktop is just its
+// UI. So a local turn (env = "Local") runs through the namzu CLI's
+// streaming one-shot (`node <bin.js> run-stream`) instead of clawtool's
+// multi-CLI bridge dispatch. namzu is credential-first (reads the Claude
+// Code OAuth from the Keychain, auto-refreshes) and provider-generic, so
+// this works without any external agent CLI being healthy — fixing the
+// "can't send to codex / nothing happens / errors vanish" failure mode of
+// the bridge path.
+//
+// Wire format: run-stream emits one compact JSON object per line, each an
+// AgentEvent ({"kind":"delta","text":…} / "tool-start" / "tool-end" /
+// "error" / "done"). We translate those straight into the renderer's
+// agent:event protocol. Cross-device turns still use dispatchAgentToPeer.
+package main
+
+import (
+	"bufio"
+	"encoding/json"
+	"errors"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+// namzuEvent is one NDJSON line from `namzu run-stream`. Only the fields
+// the desktop renders are decoded; the rest (usage/task/tool detail) are
+// ignored for now.
+type namzuEvent struct {
+	Kind     string `json:"kind"`
+	Text     string `json:"text,omitempty"`
+	ToolName string `json:"toolName,omitempty"`
+	Message  string `json:"message,omitempty"`
+}
+
+// runNamzuTurn drives one LOCAL turn through the namzu CLI and streams its
+// reply back over the agent:event channel.
+func (a *App) runNamzuTurn(turnID, projectID, message string) {
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
+
+	node, binJS, err := locateNamzu()
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+		return
+	}
+
+	// cwd anchors namzu's tools + its on-disk session store (<cwd>/.namzu).
+	// A session with no folder still needs a stable home so history persists
+	// across turns — fall back to a per-install scratch dir, never the daemon's
+	// random working directory.
+	cwd := a.sessionCwd(projectID)
+	if cwd == "" {
+		cwd = a.projectCwd(projectID)
+	}
+	if cwd == "" {
+		cwd = namzuScratchDir()
+	}
+
+	ctx, release := a.turnContext(turnID)
+	defer release()
+
+	cmd := exec.CommandContext(ctx, node, binJS, "run-stream", message)
+	cmd.Dir = cwd
+	// Inherit the (PATH-repaired, see ensureUserPath) environment so namzu's
+	// credential discovery + `node` resolution match a terminal launch.
+	cmd.Env = os.Environ()
+	hideConsole(cmd)
+
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "open stdout: " + err.Error()})
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+		return
+	}
+	var stderrBuf strings.Builder
+	cmd.Stderr = &stderrBuf
+	// No prior history on stdin yet (single-turn); run-stream tolerates an
+	// empty stdin. Closing it lets the child's readStdin() return immediately.
+	cmd.Stdin = strings.NewReader("")
+
+	if err := cmd.Start(); err != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "launch namzu: " + err.Error()})
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+		return
+	}
+
+	sawText := false
+	sawError := false
+	scanner := bufio.NewScanner(stdout)
+	scanner.Buffer(make([]byte, 0, 64*1024), 8*1024*1024)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if line == "" {
+			continue
+		}
+		var ev namzuEvent
+		if json.Unmarshal([]byte(line), &ev) != nil {
+			continue // non-JSON noise — skip
+		}
+		switch ev.Kind {
+		case "delta":
+			if ev.Text != "" {
+				sawText = true
+				a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "delta", Text: ev.Text})
+			}
+		case "tool-start":
+			if ev.ToolName != "" {
+				a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-start", ToolName: ev.ToolName})
+			}
+		case "error":
+			sawError = true
+			msg := ev.Message
+			if msg == "" {
+				msg = "namzu reported an error"
+			}
+			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: msg})
+		case "done":
+			// terminal — handled after the loop so we can fold in stderr/no-output
+		}
+	}
+	streamErr := scanner.Err()
+	_ = cmd.Wait()
+
+	// Surface a failure the operator can act on instead of a silent empty
+	// reply: a stream read error, or a turn that produced neither text nor an
+	// explicit error (e.g. the child died before emitting anything — stderr
+	// usually says why).
+	if streamErr != nil {
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: "stream error: " + streamErr.Error()})
+	} else if !sawText && !sawError {
+		msg := strings.TrimSpace(stderrBuf.String())
+		if msg == "" {
+			msg = "namzu produced no output"
+		} else if len(msg) > 600 {
+			msg = msg[:600] + "…"
+		}
+		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: msg})
+	}
+	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
+}
+
+// namzuScratchDir is a stable per-install working directory for sessions
+// that haven't attached a folder, so namzu's <cwd>/.namzu history survives
+// across turns. Best-effort: falls back to the OS temp dir.
+func namzuScratchDir() string {
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return os.TempDir()
+	}
+	dir := filepath.Join(home, ".config", "clawtool", "namzu-workspace")
+	_ = os.MkdirAll(dir, 0o700)
+	return dir
+}
+
+// locateNamzu resolves the node binary and the namzu CLI entry (bin.js).
+// Order: an explicit override, the shipped .app bundle, then the dev repo
+// layout. Returns a clear error when neither node nor bin.js can be found.
+func locateNamzu() (node string, binJS string, err error) {
+	binJS = locateNamzuBin()
+	if binJS == "" {
+		return "", "", errors.New("namzu runtime not found — the desktop build is missing its bundled namzu CLI")
+	}
+	node = locateNode()
+	if node == "" {
+		return "", "", errors.New("node not found on PATH — install Node.js (the namzu runtime needs it)")
+	}
+	return node, binJS, nil
+}
+
+// locateNamzuBin finds the built namzu CLI entry (packages/cli/dist/bin.js).
+func locateNamzuBin() string {
+	if env := strings.TrimSpace(os.Getenv("CLAWTOOL_NAMZU_BIN")); env != "" {
+		if fileExists(env) {
+			return env
+		}
+	}
+	const rel = "packages/cli/dist/bin.js"
+	var roots []string
+	if exe, err := os.Executable(); err == nil {
+		exeDir := filepath.Dir(exe)
+		// Shipped macOS bundle: Clawtool.app/Contents/MacOS/Clawtool →
+		// Clawtool.app/Contents/Resources/namzu/<rel>.
+		roots = append(roots, filepath.Join(exeDir, "..", "Resources", "namzu"))
+		// Windows / Linux: a namzu/ dir alongside the executable.
+		roots = append(roots, filepath.Join(exeDir, "namzu"))
+	}
+	// Dev: walk up from cwd to the repo and into the submodule.
+	if wd, err := os.Getwd(); err == nil {
+		for dir := wd; ; {
+			roots = append(roots, filepath.Join(dir, "desktop", "submodules", "namzu"))
+			parent := filepath.Dir(dir)
+			if parent == dir {
+				break
+			}
+			dir = parent
+		}
+	}
+	for _, root := range roots {
+		cand := filepath.Join(root, rel)
+		if fileExists(cand) {
+			return cand
+		}
+	}
+	return ""
+}
+
+// locateNode resolves the node executable, preferring PATH (repaired by
+// ensureUserPath at startup) and falling back to the common install dirs a
+// Finder-launched .app might still miss.
+func locateNode() string {
+	if p, err := exec.LookPath("node"); err == nil {
+		return p
+	}
+	for _, cand := range []string{
+		"/opt/homebrew/bin/node",
+		"/usr/local/bin/node",
+		"/usr/bin/node",
+	} {
+		if fileExists(cand) {
+			return cand
+		}
+	}
+	return ""
+}
+
+func fileExists(p string) bool {
+	info, err := os.Stat(p)
+	return err == nil && !info.IsDir()
+}

From bf0ca6c7d5ebfd85984de12367ca3a4be4635b28 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 13:05:31 +0300
Subject: [PATCH 75/86] build(desktop): ship a self-contained namzu runtime in
 the .app

Bundle the namzu CLI the desktop spawns for local turns into the macOS .app so a turn runs with zero external dependencies - no Homebrew, no system node, no agent CLI. Chosen over Bun-compile / Node SEA, which are fragile with a complex SDK + dynamic imports; namzu has zero native modules so an esbuild single-file bundle is safe.

- installer.yml: esbuild collapses the whole pnpm workspace + node_modules + the literal dynamic provider imports into one ~19 MB namzu.cjs, then fetches the official Node (universal arm64+x64 via lipo) and places both at Contents/Resources/namzu/{node,namzu.cjs}.
- namzu_runtime.go locateNamzu: prefer the bundled namzu.cjs + the node next to it (shipped, self-contained); fall back to the dev submodule entry + system node. CLAWTOOL_NAMZU_BIN still overrides.
- bump the namzu submodule pointer to 8d3024d (run-stream).

Proven locally: node namzu.cjs run-stream streams a real reply via the Keychain credential with no node_modules present, even under a stub PATH (delta:12).
---
 .github/workflows/installer.yml         | 40 +++++++++++++++++
 cmd/clawtool-installer/namzu_runtime.go | 57 ++++++++++++++-----------
 desktop/submodules/namzu                |  2 +-
 3 files changed, 74 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 194aea8..8f3509f 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -111,6 +111,21 @@ jobs:
           pnpm --filter @clawtool/app-ui build
         shell: bash
 
+      # Bundle the namzu runtime the desktop spawns for local turns into a
+      # single self-contained CJS file. esbuild collapses the whole pnpm
+      # workspace + node_modules + the literal dynamic provider imports into
+      # one ~19 MB namzu.cjs — so the shipped .app needs only a node binary +
+      # this file, no node_modules tree. Generic: any node CLI bundles this way.
+      - name: Bundle namzu runtime (esbuild)
+        working-directory: ${{ github.workspace }}/desktop/submodules/namzu
+        run: |
+          pnpm -r build
+          pnpm exec esbuild packages/cli/dist/bin.js \
+            --bundle --platform=node --format=cjs --target=node20 \
+            --outfile=namzu.cjs
+          ls -la namzu.cjs
+        shell: bash
+
       - name: Place frontend bundle into the Go embed dir
         working-directory: ${{ github.workspace }}
         run: |
@@ -190,6 +205,31 @@ jobs:
           lipo -create -output "$app/Contents/MacOS/ClawtoolUpdate" /tmp/upd-amd64 /tmp/upd-arm64
           echo "embedded universal updater at $app/Contents/MacOS/ClawtoolUpdate"
 
+      # Ship a self-contained namzu runtime + Node inside the .app so a local
+      # turn runs with zero external dependencies (no Homebrew, no system
+      # node, no agent CLI). locateNamzu (namzu_runtime.go) resolves
+      # Contents/Resources/namzu/{node,namzu.cjs}.
+      - name: Embed namzu runtime + Node into .app (macOS)
+        if: runner.os == 'macOS'
+        working-directory: ${{ github.workspace }}
+        run: |
+          app=$(ls -d cmd/clawtool-installer/build/bin/*.app | head -1)
+          [ -n "$app" ] || { echo "no .app produced"; exit 1; }
+          res="$app/Contents/Resources/namzu"
+          mkdir -p "$res"
+          cp desktop/submodules/namzu/namzu.cjs "$res/namzu.cjs"
+          NODE_VER=v22.14.0
+          base="https://nodejs.org/dist/${NODE_VER}"
+          curl -fsSL "${base}/node-${NODE_VER}-darwin-arm64.tar.gz" -o /tmp/node-arm64.tgz
+          curl -fsSL "${base}/node-${NODE_VER}-darwin-x64.tar.gz"   -o /tmp/node-x64.tgz
+          mkdir -p /tmp/node-arm64 /tmp/node-x64
+          tar -xzf /tmp/node-arm64.tgz -C /tmp/node-arm64 --strip-components=1
+          tar -xzf /tmp/node-x64.tgz   -C /tmp/node-x64   --strip-components=1
+          lipo -create -output "$res/node" /tmp/node-arm64/bin/node /tmp/node-x64/bin/node
+          chmod +x "$res/node"
+          echo "embedded namzu runtime + node at $res"; ls -la "$res"
+          "$res/node" "$res/namzu.cjs" --help >/dev/null 2>&1 && echo "bundled namzu OK" || echo "bundled namzu --help nonzero (non-fatal)"
+
       - name: Package macOS .dmg
         if: runner.os == 'macOS'
         run: |
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 0357ec5..1b200c9 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -2,7 +2,7 @@
 //
 // The operator's direction: namzu IS the runtime; the desktop is just its
 // UI. So a local turn (env = "Local") runs through the namzu CLI's
-// streaming one-shot (`node <bin.js> run-stream`) instead of clawtool's
+// streaming one-shot (`node <bin> run-stream`) instead of clawtool's
 // multi-CLI bridge dispatch. namzu is credential-first (reads the Claude
 // Code OAuth from the Keychain, auto-refreshes) and provider-generic, so
 // this works without any external agent CLI being healthy — fixing the
@@ -155,42 +155,45 @@ func namzuScratchDir() string {
 	return dir
 }
 
-// locateNamzu resolves the node binary and the namzu CLI entry (bin.js).
-// Order: an explicit override, the shipped .app bundle, then the dev repo
-// layout. Returns a clear error when neither node nor bin.js can be found.
+// locateNamzu resolves the node binary and the namzu CLI entry. A shipped
+// .app carries both in Contents/Resources/namzu ({node, namzu.cjs}) so a
+// local turn runs with zero external dependencies; a dev build falls back to
+// the submodule entry + system node. Returns a clear error when neither
+// resolves.
 func locateNamzu() (node string, binJS string, err error) {
 	binJS = locateNamzuBin()
 	if binJS == "" {
 		return "", "", errors.New("namzu runtime not found — the desktop build is missing its bundled namzu CLI")
 	}
-	node = locateNode()
+	// Prefer a node binary bundled right next to the entry (the shipped
+	// self-contained case); otherwise fall back to a system node.
+	node = locateNode(filepath.Dir(binJS))
 	if node == "" {
-		return "", "", errors.New("node not found on PATH — install Node.js (the namzu runtime needs it)")
+		return "", "", errors.New("node runtime not found — reinstall the app (it ships its own Node) or install Node.js")
 	}
 	return node, binJS, nil
 }
 
-// locateNamzuBin finds the built namzu CLI entry (packages/cli/dist/bin.js).
+// locateNamzuBin finds the namzu CLI entry. Order: explicit override, the
+// shipped self-contained bundle (Resources/namzu/namzu.cjs), then the dev
+// submodule's built entry (packages/cli/dist/bin.js).
 func locateNamzuBin() string {
-	if env := strings.TrimSpace(os.Getenv("CLAWTOOL_NAMZU_BIN")); env != "" {
-		if fileExists(env) {
-			return env
-		}
+	if env := strings.TrimSpace(os.Getenv("CLAWTOOL_NAMZU_BIN")); env != "" && fileExists(env) {
+		return env
 	}
-	const rel = "packages/cli/dist/bin.js"
-	var roots []string
+	var cands []string
 	if exe, err := os.Executable(); err == nil {
 		exeDir := filepath.Dir(exe)
 		// Shipped macOS bundle: Clawtool.app/Contents/MacOS/Clawtool →
-		// Clawtool.app/Contents/Resources/namzu/<rel>.
-		roots = append(roots, filepath.Join(exeDir, "..", "Resources", "namzu"))
+		// Clawtool.app/Contents/Resources/namzu/namzu.cjs.
+		cands = append(cands, filepath.Join(exeDir, "..", "Resources", "namzu", "namzu.cjs"))
 		// Windows / Linux: a namzu/ dir alongside the executable.
-		roots = append(roots, filepath.Join(exeDir, "namzu"))
+		cands = append(cands, filepath.Join(exeDir, "namzu", "namzu.cjs"))
 	}
-	// Dev: walk up from cwd to the repo and into the submodule.
+	// Dev: walk up from cwd to the repo and into the submodule's built entry.
 	if wd, err := os.Getwd(); err == nil {
 		for dir := wd; ; {
-			roots = append(roots, filepath.Join(dir, "desktop", "submodules", "namzu"))
+			cands = append(cands, filepath.Join(dir, "desktop", "submodules", "namzu", "packages", "cli", "dist", "bin.js"))
 			parent := filepath.Dir(dir)
 			if parent == dir {
 				break
@@ -198,8 +201,7 @@ func locateNamzuBin() string {
 			dir = parent
 		}
 	}
-	for _, root := range roots {
-		cand := filepath.Join(root, rel)
+	for _, cand := range cands {
 		if fileExists(cand) {
 			return cand
 		}
@@ -207,10 +209,17 @@ func locateNamzuBin() string {
 	return ""
 }
 
-// locateNode resolves the node executable, preferring PATH (repaired by
-// ensureUserPath at startup) and falling back to the common install dirs a
-// Finder-launched .app might still miss.
-func locateNode() string {
+// locateNode resolves the node executable. A node bundled in bundleDir (the
+// shipped .app's Resources/namzu) wins so the app is self-contained; then
+// PATH (repaired by ensureUserPath at startup); then the common install dirs
+// a Finder-launched .app might still miss.
+func locateNode(bundleDir string) string {
+	if bundleDir != "" {
+		bundled := filepath.Join(bundleDir, "node")
+		if fileExists(bundled) {
+			return bundled
+		}
+	}
 	if p, err := exec.LookPath("node"); err == nil {
 		return p
 	}
diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
index 42f577e..1032736 160000
--- a/desktop/submodules/namzu
+++ b/desktop/submodules/namzu
@@ -1 +1 @@
-Subproject commit 42f577e7fa7fce09e641882c6c35b097ceb3f79d
+Subproject commit 1032736d84a89dfdb785149a1ef3b84545a71b8d

From 7891fd78dada0176653ce45bd9e09aa5c84c33c3 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Fri, 29 May 2026 13:28:56 +0300
Subject: [PATCH 76/86] fix(ci): install namzu's own deps before bundling so
 the cli build finds @types/node

The Bundle-namzu-runtime step ran pnpm -r build in the namzu submodule without installing its deps first. namzu's @types/node + esbuild live in its OWN node_modules (its root package.json isn't a desktop workspace member), so the cli tsc build failed on CI with TS2688 'Cannot find type definition file for node'. Add pnpm install --frozen-lockfile (namzu has its own committed lockfile) before the build.
---
 .github/workflows/installer.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 8f3509f..0da1a3c 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -119,6 +119,12 @@ jobs:
       - name: Bundle namzu runtime (esbuild)
         working-directory: ${{ github.workspace }}/desktop/submodules/namzu
         run: |
+          # namzu's @types/node (and esbuild) live in ITS OWN node_modules —
+          # the desktop workspace doesn't include namzu's root package.json, so
+          # the earlier `pnpm install` in desktop/ doesn't provide them. Install
+          # namzu's own deps here (it has its own committed lockfile) or the cli
+          # build fails with TS2688 "Cannot find type definition file for 'node'".
+          pnpm install --frozen-lockfile
           pnpm -r build
           pnpm exec esbuild packages/cli/dist/bin.js \
             --bundle --platform=node --format=cjs --target=node20 \

From 66cdb7a04f4d27d6130601cd06e2ef2a82c3529f Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 01:02:56 +0300
Subject: [PATCH 77/86] fix(ci): bundle namzu as ESM via pnpm dlx esbuild,
 macOS-guard the step
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two real failures fixed:
1) esbuild was a TRANSITIVE dep so 'pnpm exec esbuild' failed with ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL. Use pnpm dlx esbuild@0.27.7 (pinned).
2) The CLI uses import.meta, which esbuild only bundles in --format=esm (CJS gave '5 errors: set output format to esm'). Switch to ESM output (namzu.mjs) + a createRequire banner so CJS-interop deps still load.
Also guard the bundle step to runner.os==macOS — only the macOS embed step consumes the bundle today; Windows namzu shipping is a follow-up, so its installer no longer fails here.
namzu_runtime.go locateNamzuBin now resolves Resources/namzu/namzu.mjs.
Proven locally: pnpm dlx esbuild ESM bundle (20MB) runs under a stub PATH with absolute node and streams a real reply (delta+done), no dynamic-require errors.
---
 .github/workflows/installer.yml         | 31 ++++++++++++++++---------
 cmd/clawtool-installer/namzu_runtime.go |  6 ++---
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index 0da1a3c..df8eb91 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -116,20 +116,29 @@ jobs:
       # workspace + node_modules + the literal dynamic provider imports into
       # one ~19 MB namzu.cjs — so the shipped .app needs only a node binary +
       # this file, no node_modules tree. Generic: any node CLI bundles this way.
+      # macOS-only: only the macOS embed step below consumes namzu.cjs today;
+      # the Windows installer doesn't ship the namzu runtime yet (follow-up).
       - name: Bundle namzu runtime (esbuild)
+        if: runner.os == 'macOS'
         working-directory: ${{ github.workspace }}/desktop/submodules/namzu
         run: |
-          # namzu's @types/node (and esbuild) live in ITS OWN node_modules —
-          # the desktop workspace doesn't include namzu's root package.json, so
-          # the earlier `pnpm install` in desktop/ doesn't provide them. Install
-          # namzu's own deps here (it has its own committed lockfile) or the cli
-          # build fails with TS2688 "Cannot find type definition file for 'node'".
+          # namzu's @types/node lives in ITS OWN node_modules — the desktop
+          # workspace doesn't include namzu's root package.json, so the earlier
+          # `pnpm install` in desktop/ doesn't provide it. Install namzu's own
+          # deps here (it has its own committed lockfile) or the cli build fails
+          # with TS2688 "Cannot find type definition file for 'node'".
           pnpm install --frozen-lockfile
           pnpm -r build
-          pnpm exec esbuild packages/cli/dist/bin.js \
-            --bundle --platform=node --format=cjs --target=node20 \
-            --outfile=namzu.cjs
-          ls -la namzu.cjs
+          # esbuild is only a TRANSITIVE dep here, so `pnpm exec esbuild` can't
+          # find it — fetch + run it with pnpm dlx (pinned for reproducibility).
+          # ESM output (not CJS): the CLI uses import.meta, which esbuild only
+          # supports in --format=esm. The createRequire banner restores a
+          # working `require` so the bundle's CJS-interop deps still load.
+          pnpm dlx esbuild@0.27.7 packages/cli/dist/bin.js \
+            --bundle --platform=node --format=esm --target=node20 \
+            --outfile=namzu.mjs \
+            "--banner:js=import { createRequire as __cr } from 'module'; const require = __cr(import.meta.url);"
+          ls -la namzu.mjs
         shell: bash
 
       - name: Place frontend bundle into the Go embed dir
@@ -223,7 +232,7 @@ jobs:
           [ -n "$app" ] || { echo "no .app produced"; exit 1; }
           res="$app/Contents/Resources/namzu"
           mkdir -p "$res"
-          cp desktop/submodules/namzu/namzu.cjs "$res/namzu.cjs"
+          cp desktop/submodules/namzu/namzu.mjs "$res/namzu.mjs"
           NODE_VER=v22.14.0
           base="https://nodejs.org/dist/${NODE_VER}"
           curl -fsSL "${base}/node-${NODE_VER}-darwin-arm64.tar.gz" -o /tmp/node-arm64.tgz
@@ -234,7 +243,7 @@ jobs:
           lipo -create -output "$res/node" /tmp/node-arm64/bin/node /tmp/node-x64/bin/node
           chmod +x "$res/node"
           echo "embedded namzu runtime + node at $res"; ls -la "$res"
-          "$res/node" "$res/namzu.cjs" --help >/dev/null 2>&1 && echo "bundled namzu OK" || echo "bundled namzu --help nonzero (non-fatal)"
+          "$res/node" "$res/namzu.mjs" --help >/dev/null 2>&1 && echo "bundled namzu OK" || echo "bundled namzu --help nonzero (non-fatal)"
 
       - name: Package macOS .dmg
         if: runner.os == 'macOS'
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 1b200c9..20a01f7 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -185,10 +185,10 @@ func locateNamzuBin() string {
 	if exe, err := os.Executable(); err == nil {
 		exeDir := filepath.Dir(exe)
 		// Shipped macOS bundle: Clawtool.app/Contents/MacOS/Clawtool →
-		// Clawtool.app/Contents/Resources/namzu/namzu.cjs.
-		cands = append(cands, filepath.Join(exeDir, "..", "Resources", "namzu", "namzu.cjs"))
+		// Clawtool.app/Contents/Resources/namzu/namzu.mjs (ESM single-file).
+		cands = append(cands, filepath.Join(exeDir, "..", "Resources", "namzu", "namzu.mjs"))
 		// Windows / Linux: a namzu/ dir alongside the executable.
-		cands = append(cands, filepath.Join(exeDir, "namzu", "namzu.cjs"))
+		cands = append(cands, filepath.Join(exeDir, "namzu", "namzu.mjs"))
 	}
 	// Dev: walk up from cwd to the repo and into the submodule's built entry.
 	if wd, err := os.Getwd(); err == nil {

From e998edc834ce3ca57a615ef71c64e8abc04b7053 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 01:05:41 +0300
Subject: [PATCH 78/86] fix(ci): stub react-devtools-core in the namzu bundle +
 smoke-test it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ESM bundle failed two ways before this: esbuild couldn't resolve react-devtools-core (Ink imports it), and marking it --external just moved the failure to runtime (ERR_MODULE_NOT_FOUND in an isolated dir). Ink only imports it under process.env.DEV==='true' (never in our headless run-stream), so alias it to an empty stub — the bundle stays self-contained. Add an isolated --help smoke-test to the step so a broken bundle fails CI here, not on the user's machine. Proven locally: aliased bundle runs run-stream under a stub PATH with no node_modules and streams a real reply (delta+done, ISO3_OK).
---
 .github/workflows/installer.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml
index df8eb91..42a940f 100644
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -134,11 +134,21 @@ jobs:
           # ESM output (not CJS): the CLI uses import.meta, which esbuild only
           # supports in --format=esm. The createRequire banner restores a
           # working `require` so the bundle's CJS-interop deps still load.
+          # react-devtools-core: Ink imports it ONLY under DEV=true (never in
+          # our headless run-stream), but esbuild still tries to resolve it —
+          # alias it to an empty stub so the bundle stays self-contained.
+          printf 'export function connectToDevTools(){}\nexport default {};\n' > /tmp/devtools-stub.mjs
           pnpm dlx esbuild@0.27.7 packages/cli/dist/bin.js \
             --bundle --platform=node --format=esm --target=node20 \
             --outfile=namzu.mjs \
+            --alias:react-devtools-core=/tmp/devtools-stub.mjs \
             "--banner:js=import { createRequire as __cr } from 'module'; const require = __cr(import.meta.url);"
           ls -la namzu.mjs
+          # Smoke-test the bundle in an isolated dir (no node_modules) so a
+          # broken bundle fails the build here, not on the user's machine.
+          mkdir -p /tmp/namzu-smoke && cp namzu.mjs /tmp/namzu-smoke/
+          node /tmp/namzu-smoke/namzu.mjs --help >/dev/null
+          echo "namzu bundle smoke OK"
         shell: bash
 
       - name: Place frontend bundle into the Go embed dir

From 57409ef1a8f555a28cd2003fc086e36013b12a32 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 01:42:35 +0300
Subject: [PATCH 79/86] feat(desktop): load + persist chat history via namzu
 session store

Reopening a session was always blank because the desktop never persisted or reloaded messages. Now:
- runNamzuTurn passes --session <session.id> so namzu binds the turn to a persisted conversation in the cwd's .namzu store (loads prior turns as context, appends the new pair).
- AgentHistory(projectID) shells 'namzu history --session' and returns the transcript as {role,content}[] JSON.
- bridge: agentHistory binding.
- Conversation hydrates on mount from agentHistory (alive + seed guarded so a new-session auto-send isn't clobbered), mapping role->Msg kind.
- bumps the namzu submodule to ddff8ce (run-stream --session + history).
Verified end-to-end via the namzu CLI: persist -> history -> fresh-process recall of a secret from loaded context.
---
 cmd/clawtool-installer/namzu_runtime.go       | 64 +++++++++++++++----
 .../app-ui/src/components/Conversation.tsx    | 17 +++++
 desktop/packages/bridge/src/app.ts            |  6 ++
 desktop/submodules/namzu                      |  2 +-
 4 files changed, 76 insertions(+), 13 deletions(-)

diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 20a01f7..7a74a17 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -17,12 +17,14 @@ package main
 
 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"errors"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"time"
 )
 
 // namzuEvent is one NDJSON line from `namzu run-stream`. Only the fields
@@ -49,20 +51,16 @@ func (a *App) runNamzuTurn(turnID, projectID, message string) {
 
 	// cwd anchors namzu's tools + its on-disk session store (<cwd>/.namzu).
 	// A session with no folder still needs a stable home so history persists
-	// across turns — fall back to a per-install scratch dir, never the daemon's
-	// random working directory.
-	cwd := a.sessionCwd(projectID)
-	if cwd == "" {
-		cwd = a.projectCwd(projectID)
-	}
-	if cwd == "" {
-		cwd = namzuScratchDir()
-	}
+	// across turns — never the daemon's random working directory.
+	cwd := a.namzuTurnCwd(projectID)
 
 	ctx, release := a.turnContext(turnID)
 	defer release()
 
-	cmd := exec.CommandContext(ctx, node, binJS, "run-stream", message)
+	// Bind the turn to a persisted conversation keyed by the session id, so
+	// namzu loads this session's prior turns as context and appends this one —
+	// that's what makes a reopened session show its history (AgentHistory).
+	cmd := exec.CommandContext(ctx, node, binJS, "run-stream", "--session", projectID, message)
 	cmd.Dir = cwd
 	// Inherit the (PATH-repaired, see ensureUserPath) environment so namzu's
 	// credential discovery + `node` resolution match a terminal launch.
@@ -77,8 +75,9 @@ func (a *App) runNamzuTurn(turnID, projectID, message string) {
 	}
 	var stderrBuf strings.Builder
 	cmd.Stderr = &stderrBuf
-	// No prior history on stdin yet (single-turn); run-stream tolerates an
-	// empty stdin. Closing it lets the child's readStdin() return immediately.
+	// With --session, run-stream loads prior history from the cwd's .namzu
+	// store itself, so we don't feed history on stdin. Closing it lets the
+	// child proceed immediately.
 	cmd.Stdin = strings.NewReader("")
 
 	if err := cmd.Start(); err != nil {
@@ -142,6 +141,20 @@ func (a *App) runNamzuTurn(turnID, projectID, message string) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "done"})
 }
 
+// namzuTurnCwd resolves the working directory a session's turns (and its
+// history store) live in: the session's cwd, else its project's, else a
+// stable per-install scratch dir so history survives across turns.
+func (a *App) namzuTurnCwd(projectID string) string {
+	cwd := a.sessionCwd(projectID)
+	if cwd == "" {
+		cwd = a.projectCwd(projectID)
+	}
+	if cwd == "" {
+		cwd = namzuScratchDir()
+	}
+	return cwd
+}
+
 // namzuScratchDir is a stable per-install working directory for sessions
 // that haven't attached a folder, so namzu's <cwd>/.namzu history survives
 // across turns. Best-effort: falls back to the OS temp dir.
@@ -155,6 +168,33 @@ func namzuScratchDir() string {
 	return dir
 }
 
+// AgentHistory returns a session's persisted transcript as a JSON array of
+// {role, content} — the messages namzu stored for prior turns under this
+// session id. The renderer calls this on mount to hydrate past messages so a
+// reopened session isn't blank. Empty array on any failure (no history yet,
+// runtime missing) — the chat still works, it just starts fresh.
+func (a *App) AgentHistory(projectID string) string {
+	node, binJS, err := locateNamzu()
+	if err != nil {
+		return "[]"
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, node, binJS, "history", "--session", projectID)
+	cmd.Dir = a.namzuTurnCwd(projectID)
+	cmd.Env = os.Environ()
+	hideConsole(cmd)
+	out, err := cmd.Output()
+	if err != nil {
+		return "[]"
+	}
+	trimmed := strings.TrimSpace(string(out))
+	if !strings.HasPrefix(trimmed, "[") {
+		return "[]" // guard against any stray non-JSON line
+	}
+	return trimmed
+}
+
 // locateNamzu resolves the node binary and the namzu CLI entry. A shipped
 // .app carries both in Contents/Resources/namzu ({node, namzu.cjs}) so a
 // local turn runs with zero external dependencies; a dev build falls back to
diff --git a/desktop/apps/app-ui/src/components/Conversation.tsx b/desktop/apps/app-ui/src/components/Conversation.tsx
index 429dbb5..61e3b4e 100644
--- a/desktop/apps/app-ui/src/components/Conversation.tsx
+++ b/desktop/apps/app-ui/src/components/Conversation.tsx
@@ -46,13 +46,30 @@ export function Conversation({
   // also cancel that turn on the backend so a cross-device stream doesn't
   // keep a goroutine + connection alive after we've stopped listening.
   useEffect(() => {
+    let alive = true;
     setMessages([]);
     setCwd(session.cwd || "");
     setEnv(session.env || "");
     setAgent(session.agent || "");
     turnRef.current = "";
     setSending(false);
+    // Hydrate the persisted transcript so a reopened session isn't blank.
+    // Guarded on `alive` + the seed: if a seed is auto-sending (new session
+    // from the landing) or the user switched away, don't clobber the live
+    // messages with a stale load.
+    (async () => {
+      const past = await App.agentHistory(session.id);
+      if (!alive || seedConsumedRef.current || !Array.isArray(past) || past.length === 0) return;
+      setMessages(
+        past.map((m) =>
+          m.role === "user"
+            ? { kind: "user", text: m.content }
+            : { kind: "assistant", text: m.content, tools: [], streaming: false },
+        ),
+      );
+    })();
     return () => {
+      alive = false;
       if (turnRef.current) App.agentCancel(turnRef.current);
     };
   }, [session.id]);
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 81287cf..e6011c5 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -94,6 +94,12 @@ export const App = {
   // the operator navigates away so a cross-device stream doesn't linger.
   agentCancel: (turnID: string) => callJSON<Result>("AgentCancel", OK_FALSE, turnID),
 
+  // A session's persisted transcript ({role, content}[]) from namzu's store —
+  // the conversation pane hydrates this on mount so a reopened session shows
+  // its past messages. Empty array when there's no history yet.
+  agentHistory: (projectID: string) =>
+    callJSON<Array<{ role: string; content: string }>>("AgentHistory", [], projectID),
+
   // cross-device LAN exposure (discoverability)
   lanStatus: () => callJSON<LanStatus>("LanStatus", { ok: false }),
   lanEnable: () => callJSON<Result>("LanEnable", OK_FALSE),
diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
index 1032736..11e1a70 160000
--- a/desktop/submodules/namzu
+++ b/desktop/submodules/namzu
@@ -1 +1 @@
-Subproject commit 1032736d84a89dfdb785149a1ef3b84545a71b8d
+Subproject commit 11e1a709b4609137f48c7ffea4bed9cbe9c904a9

From fc28586b493717e11e4bbba653828c929d4e2b7b Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 23:07:04 +0300
Subject: [PATCH 80/86] =?UTF-8?q?feat(agents):=20register=20namzu=20as=20a?=
 =?UTF-8?q?=20supervisor=20transport=20=E2=80=94=20generic=20local=20+=20c?=
 =?UTF-8?q?ross-device=20dispatch?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

namzu was reachable only via the desktop's special-case runNamzuTurn, so a peer (or the Sessions agent picker) targeting namzu had no route — cross-device fell back to the bridge supervisor which has no namzu. Make namzu a first-class supervisor transport so sup.Send(agent) routes to it like any family.

- internal/agents/namzu_locate.go (new): shared LocateNamzu/LocateNamzuBin/locateNode + a sync.Once CachedLocateNamzu (memoized so /v1/agents polls never re-stat the bundle). Resolves CLAWTOOL_NAMZU_BIN -> shipped Resources/namzu/namzu.mjs (both MacOS/Clawtool and MacOS/bin/clawtool daemon depths) -> dev submodule.
- internal/agents/namzu_transport.go (new): NamzuTransport spawns node namzu.mjs run-stream [--session][extra] prompt via startStreamingExecFull; ErrBinaryMissing when the bundle is absent.
- supervisor.go: register "namzu" in the transports map; add it (plus the latent-missing hermes/aider) to validFamily; add a composeAgent namzu arm (Bridge="", callable gated on CachedLocateNamzu — bundled runtime, not a PATH binary).
- agent.go extractAgentText: fall back to raw["kind"] when "type" is absent, so namzu's {kind:delta,text} frames render on BOTH the local supervisor path and the cross-device SENDER (dispatchAgentToPeer routes peer replies through here).
- cmd/clawtool-installer keeps a SIBLING copy of the resolver (separate Go module can't import internal/) — documented; added the daemon-depth Resources path.

Verified via CLI against a fresh daemon built from this tree:
- /v1/agents lists namzu callable=true alongside claude/codex/gemini/opencode.
- clawtool send --agent namzu -> streams {kind:delta} "SPINE_NAMZU_OK".
- POST /v1/peer-run {agent:namzu} (the cross-device RECEIVER path) -> streams "PEER_NAMZU_OK": the peer answers with the targeted agent, generically.
---
 cmd/clawtool-installer/agent.go         |   7 ++
 cmd/clawtool-installer/namzu_runtime.go |  28 +++---
 internal/agents/namzu_locate.go         | 119 ++++++++++++++++++++++++
 internal/agents/namzu_transport.go      |  46 +++++++++
 internal/agents/supervisor.go           |  18 +++-
 5 files changed, 203 insertions(+), 15 deletions(-)
 create mode 100644 internal/agents/namzu_locate.go
 create mode 100644 internal/agents/namzu_transport.go

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 006a8a1..704cdfa 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -354,6 +354,13 @@ func extractAgentText(line string) (string, bool) {
 		return line, true
 	}
 	t, _ := raw["type"].(string)
+	if t == "" {
+		// namzu's run-stream emits AgentEvents keyed on "kind" (delta /
+		// tool-start / done / error), not "type". Fall back to it so namzu
+		// text renders on BOTH the local supervisor path and the cross-device
+		// sender (dispatchAgentToPeer routes peer replies through here too).
+		t, _ = raw["kind"].(string)
+	}
 	switch t {
 	case "item.completed":
 		if item, ok := raw["item"].(map[string]any); ok {
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 7a74a17..3bd6733 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -196,17 +196,21 @@ func (a *App) AgentHistory(projectID string) string {
 }
 
 // locateNamzu resolves the node binary and the namzu CLI entry. A shipped
-// .app carries both in Contents/Resources/namzu ({node, namzu.cjs}) so a
-// local turn runs with zero external dependencies; a dev build falls back to
-// the submodule entry + system node. Returns a clear error when neither
-// resolves.
+// .app carries both in Contents/Resources/namzu ({node, namzu.mjs}) so a local
+// turn runs with zero external dependencies; a dev build falls back to the
+// submodule entry + system node. Returns a clear error when neither resolves.
+//
+// NOTE: this is intentionally a SIBLING copy of internal/agents/namzu_locate.go
+// (LocateNamzu). cmd/clawtool-installer is a separate Go module (see go.mod) and
+// Go's internal/ visibility rule blocks it from importing the parent's
+// internal/ packages — so the desktop and the supervisor's namzu transport each
+// carry the same resolver. Keep the two in sync (same env override, bundle
+// path, dev walk-up).
 func locateNamzu() (node string, binJS string, err error) {
 	binJS = locateNamzuBin()
 	if binJS == "" {
 		return "", "", errors.New("namzu runtime not found — the desktop build is missing its bundled namzu CLI")
 	}
-	// Prefer a node binary bundled right next to the entry (the shipped
-	// self-contained case); otherwise fall back to a system node.
 	node = locateNode(filepath.Dir(binJS))
 	if node == "" {
 		return "", "", errors.New("node runtime not found — reinstall the app (it ships its own Node) or install Node.js")
@@ -215,7 +219,7 @@ func locateNamzu() (node string, binJS string, err error) {
 }
 
 // locateNamzuBin finds the namzu CLI entry. Order: explicit override, the
-// shipped self-contained bundle (Resources/namzu/namzu.cjs), then the dev
+// shipped self-contained bundle (Resources/namzu/namzu.mjs), then the dev
 // submodule's built entry (packages/cli/dist/bin.js).
 func locateNamzuBin() string {
 	if env := strings.TrimSpace(os.Getenv("CLAWTOOL_NAMZU_BIN")); env != "" && fileExists(env) {
@@ -224,13 +228,10 @@ func locateNamzuBin() string {
 	var cands []string
 	if exe, err := os.Executable(); err == nil {
 		exeDir := filepath.Dir(exe)
-		// Shipped macOS bundle: Clawtool.app/Contents/MacOS/Clawtool →
-		// Clawtool.app/Contents/Resources/namzu/namzu.mjs (ESM single-file).
 		cands = append(cands, filepath.Join(exeDir, "..", "Resources", "namzu", "namzu.mjs"))
-		// Windows / Linux: a namzu/ dir alongside the executable.
+		cands = append(cands, filepath.Join(exeDir, "..", "..", "Resources", "namzu", "namzu.mjs"))
 		cands = append(cands, filepath.Join(exeDir, "namzu", "namzu.mjs"))
 	}
-	// Dev: walk up from cwd to the repo and into the submodule's built entry.
 	if wd, err := os.Getwd(); err == nil {
 		for dir := wd; ; {
 			cands = append(cands, filepath.Join(dir, "desktop", "submodules", "namzu", "packages", "cli", "dist", "bin.js"))
@@ -250,9 +251,8 @@ func locateNamzuBin() string {
 }
 
 // locateNode resolves the node executable. A node bundled in bundleDir (the
-// shipped .app's Resources/namzu) wins so the app is self-contained; then
-// PATH (repaired by ensureUserPath at startup); then the common install dirs
-// a Finder-launched .app might still miss.
+// shipped .app's Resources/namzu) wins so the app is self-contained; then PATH;
+// then the common install dirs a Finder-launched .app might still miss.
 func locateNode(bundleDir string) string {
 	if bundleDir != "" {
 		bundled := filepath.Join(bundleDir, "node")
diff --git a/internal/agents/namzu_locate.go b/internal/agents/namzu_locate.go
new file mode 100644
index 0000000..3fc174a
--- /dev/null
+++ b/internal/agents/namzu_locate.go
@@ -0,0 +1,119 @@
+// namzu runtime resolver — shared so BOTH the desktop (cmd/clawtool-installer,
+// local turns) and the supervisor's namzu transport (cross-device + Sessions
+// dispatch) resolve the SAME node + namzu.mjs the same way. Lives here in
+// internal/agents (not package main) precisely so the transport can import it;
+// the desktop calls agents.LocateNamzu() too, so there is exactly one resolver
+// and no "works locally, fails on peer" drift.
+package agents
+
+import (
+	"errors"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"sync"
+)
+
+// LocateNamzu resolves the node binary and the namzu CLI entry. A shipped
+// .app carries both in Contents/Resources/namzu ({node, namzu.mjs}) so a turn
+// runs with zero external dependencies; a dev build falls back to the
+// submodule entry + system node. Returns a clear error when neither resolves.
+func LocateNamzu() (node string, binJS string, err error) {
+	binJS = LocateNamzuBin()
+	if binJS == "" {
+		return "", "", errors.New("namzu runtime not found — the desktop build is missing its bundled namzu CLI")
+	}
+	node = locateNode(filepath.Dir(binJS))
+	if node == "" {
+		return "", "", errors.New("node runtime not found — reinstall the app (it ships its own Node) or install Node.js")
+	}
+	return node, binJS, nil
+}
+
+// LocateNamzuBin finds the namzu CLI entry. Order: explicit override, the
+// shipped self-contained bundle (Resources/namzu/namzu.mjs), then the dev
+// submodule's built entry (packages/cli/dist/bin.js).
+func LocateNamzuBin() string {
+	if env := strings.TrimSpace(os.Getenv("CLAWTOOL_NAMZU_BIN")); env != "" && namzuFileExists(env) {
+		return env
+	}
+	var cands []string
+	if exe, err := os.Executable(); err == nil {
+		exeDir := filepath.Dir(exe)
+		// Shipped macOS bundle: Clawtool.app/Contents/MacOS/Clawtool (or
+		// .../MacOS/bin/clawtool for the headless daemon) → resolve up to the
+		// bundle's Contents/Resources/namzu/namzu.mjs from either depth.
+		cands = append(cands, filepath.Join(exeDir, "..", "Resources", "namzu", "namzu.mjs"))
+		cands = append(cands, filepath.Join(exeDir, "..", "..", "Resources", "namzu", "namzu.mjs"))
+		// Windows / Linux: a namzu/ dir alongside the executable.
+		cands = append(cands, filepath.Join(exeDir, "namzu", "namzu.mjs"))
+	}
+	// Dev: walk up from cwd to the repo and into the submodule's built entry.
+	if wd, err := os.Getwd(); err == nil {
+		for dir := wd; ; {
+			cands = append(cands, filepath.Join(dir, "desktop", "submodules", "namzu", "packages", "cli", "dist", "bin.js"))
+			parent := filepath.Dir(dir)
+			if parent == dir {
+				break
+			}
+			dir = parent
+		}
+	}
+	for _, cand := range cands {
+		if namzuFileExists(cand) {
+			return cand
+		}
+	}
+	return ""
+}
+
+// locateNode resolves the node executable. A node bundled in bundleDir (the
+// shipped .app's Resources/namzu) wins so the app is self-contained; then PATH;
+// then the common install dirs a Finder-launched .app might still miss.
+func locateNode(bundleDir string) string {
+	if bundleDir != "" {
+		bundled := filepath.Join(bundleDir, "node")
+		if namzuFileExists(bundled) {
+			return bundled
+		}
+	}
+	if p, err := exec.LookPath("node"); err == nil {
+		return p
+	}
+	for _, cand := range []string{
+		"/opt/homebrew/bin/node",
+		"/usr/local/bin/node",
+		"/usr/bin/node",
+	} {
+		if namzuFileExists(cand) {
+			return cand
+		}
+	}
+	return ""
+}
+
+func namzuFileExists(p string) bool {
+	info, err := os.Stat(p)
+	return err == nil && !info.IsDir()
+}
+
+// cachedLocateNamzu memoizes the (expensive-ish) resolution so /v1/agents
+// reachability checks and per-turn dispatch don't re-stat the bundle every
+// time. The resolved paths are install-stable for the process lifetime.
+var (
+	namzuLocateOnce sync.Once
+	namzuCachedNode string
+	namzuCachedBin  string
+	namzuCachedErr  error
+)
+
+// CachedLocateNamzu is LocateNamzu memoized once per process — used by the
+// transport's reachability gate (composeAgent) and Send so the UI's frequent
+// /v1/agents polls never spawn work.
+func CachedLocateNamzu() (node string, binJS string, err error) {
+	namzuLocateOnce.Do(func() {
+		namzuCachedNode, namzuCachedBin, namzuCachedErr = LocateNamzu()
+	})
+	return namzuCachedNode, namzuCachedBin, namzuCachedErr
+}
diff --git a/internal/agents/namzu_transport.go b/internal/agents/namzu_transport.go
new file mode 100644
index 0000000..9348114
--- /dev/null
+++ b/internal/agents/namzu_transport.go
@@ -0,0 +1,46 @@
+package agents
+
+import (
+	"context"
+	"io"
+)
+
+// namzuTransport runs the bundled namzu CLI's headless streaming one-shot
+// (`node namzu.mjs run-stream`). Unlike the bridge families (codex / gemini /
+// opencode) it is NOT a PATH-probed binary — namzu is the daemon's bundled
+// runtime (like the .app ships node + namzu.mjs), resolved via the shared
+// CachedLocateNamzu. Registering it here is what makes namzu instances
+// dispatchable through the generic supervisor.Send path — so both local
+// Sessions dispatch AND cross-device /v1/peer-run answer with namzu when it's
+// the targeted agent, identically to any other family.
+type namzuTransport struct{}
+
+// NamzuTransport returns the namzu transport.
+func NamzuTransport() Transport { return namzuTransport{} }
+
+func (namzuTransport) Family() string { return "namzu" }
+
+func (namzuTransport) Send(ctx context.Context, prompt string, opts map[string]any) (io.ReadCloser, error) {
+	node, binJS, err := CachedLocateNamzu()
+	if err != nil {
+		return nil, ErrBinaryMissing{Family: "namzu", Binary: "namzu runtime (node + namzu.mjs)"}
+	}
+	o := ParseOptions(opts)
+	// node <namzu.mjs> run-stream [--session <id>] [extra…] <prompt>
+	args := []string{binJS, "run-stream"}
+	if o.SessionID != "" {
+		// --session binds the turn to namzu's <cwd>/.namzu conversation store
+		// (history parity with the desktop's runNamzuTurn).
+		args = append(args, "--session", o.SessionID)
+	}
+	// Named-instance + skill selection ride through ExtraArgs (e.g.
+	// --instance namzu-document-analyzer --skills pdf-extract,tables).
+	args = append(args, o.ExtraArgs...)
+	args = append(args, prompt)
+
+	rc, err := startStreamingExecFull(ctx, node, args, o.Cwd, o.Sandbox, o.Env)
+	if err != nil {
+		return nil, ErrBinaryMissing{Family: "namzu", Binary: "node"}
+	}
+	return rc, nil
+}
diff --git a/internal/agents/supervisor.go b/internal/agents/supervisor.go
index f998e40..2f05131 100644
--- a/internal/agents/supervisor.go
+++ b/internal/agents/supervisor.go
@@ -142,6 +142,7 @@ func NewSupervisor() Supervisor {
 			"gemini":   GeminiTransport(),
 			"hermes":   HermesTransport(),
 			"aider":    AiderTransport(),
+			"namzu":    NamzuTransport(),
 		},
 		rrState:     rr,
 		observer:    globalObserver,
@@ -271,6 +272,18 @@ func (s *supervisor) composeAgent(instance, family, scope string) Agent {
 		} else {
 			a.Status = "binary-missing"
 		}
+	case family == "namzu":
+		// namzu is the daemon's BUNDLED runtime (node + namzu.mjs), not a
+		// bridge plugin and not a PATH binary — reachability is "the bundle
+		// resolves". CachedLocateNamzu is memoized so the UI's frequent
+		// /v1/agents polls never re-stat the bundle.
+		a.Bridge = ""
+		if _, _, err := CachedLocateNamzu(); err == nil {
+			a.Status = "callable"
+			a.Callable = true
+		} else {
+			a.Status = "binary-missing"
+		}
 	default:
 		// Bridge-fronted families: callable when the upstream CLI
 		// binary is on PATH (the bridge plugin's own install handles
@@ -985,7 +998,10 @@ func listInstanceNames(all []Agent) string {
 
 func validFamily(f string) bool {
 	switch f {
-	case "claude", "codex", "opencode", "gemini":
+	// Keep in sync with the transports map in NewSupervisor — every
+	// registered family is valid. (hermes/aider were registered but missing
+	// here; namzu joins them.)
+	case "claude", "codex", "opencode", "gemini", "hermes", "aider", "namzu":
 		return true
 	}
 	return false

From bd52e6ce068b9d95e22d012f583897ffa4a9d4a0 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 23:23:08 +0300
Subject: [PATCH 81/86] feat(server): device-wide run registry + GET /v1/runs
 (Sessions observability)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Backs the desktop's Sessions surface — a device-wide view of every agentic run, local OR peer-triggered, with status/instance/family/origin. Today three subsystems track run state but none is unified or HTTP-queryable; this adds one in-memory registry + one read endpoint.

- runs_registry.go: RunRegistry (Upsert/SetStatus/Remove/List/CountByInstance) over a Run{run_id, session_id, status, agent_family, agent_instance, origin, peer_name, title, started_at, last_activity}. Terminal runs go idle (still visible) then a janitor trims them after 10m. GetGlobalRunRegistry singleton mirrors GetGlobalPeerRouter.
- handleSendMessage (http.go): local runs register origin=local; defer idle; failed on error.
- handlePeerRun (peer_run_handler.go): peer-triggered runs register origin=peer + peer_name from the X-Clawtool-Device-Name header — the RECEIVER logs them, so the local Sessions dashboard shows 'running, triggered by peer <name>'. CountByInstance is the per-agent session badge for the Agents surface.
- GET /v1/runs (runs_handler.go): peer-aware like /v1/agents (a dashboard on one device can read another's runs) — returns runs[] + summary{running,idle,total}. Helpers newRunID/familyOfInstance/titleFromPrompt.

Verified: unit test (running default, origin/peer labels, CountByInstance drops on idle, idle stays visible, StartedAt preserved) + live against a fresh daemon — a peer-run (X-Clawtool-Device-Name: studio-mini) and a local send BOTH appeared in /v1/runs with origin local and peer:studio-mini respectively.
---
 internal/server/http.go               |  19 ++++
 internal/server/peer_run_handler.go   |  24 +++++
 internal/server/runs_handler.go       |  74 ++++++++++++++
 internal/server/runs_registry.go      | 138 ++++++++++++++++++++++++++
 internal/server/runs_registry_test.go |  75 ++++++++++++++
 5 files changed, 330 insertions(+)
 create mode 100644 internal/server/runs_handler.go
 create mode 100644 internal/server/runs_registry.go
 create mode 100644 internal/server/runs_registry_test.go

diff --git a/internal/server/http.go b/internal/server/http.go
index 17ad8dc..ce369fb 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -168,6 +168,10 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// the agents running on another. Code-executing endpoints below stay
 	// bearer-only.
 	mux.Handle("/v1/agents", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleAgents)))
+	// /v1/runs — device-wide run observability (Sessions surface). Read-only
+	// and peer-aware like /v1/agents: a dashboard on one device can list the
+	// runs executing on another (including peer-triggered ones).
+	mux.Handle("/v1/runs", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleRuns)))
 	mux.Handle("/v1/send_message", authed(http.HandlerFunc(handleSendMessage)))
 	mux.Handle("/v1/recipes", authed(http.HandlerFunc(handleRecipes)))
 	mux.Handle("/v1/recipe/apply", authed(http.HandlerFunc(handleRecipeApply)))
@@ -664,9 +668,24 @@ func handleSendMessage(w http.ResponseWriter, r *http.Request) {
 		}
 		req.Opts["tag"] = req.Tag
 	}
+	// Register the local run so the device-wide Sessions dashboard sees it.
+	reg := GetGlobalRunRegistry()
+	runID := newRunID()
+	reg.Upsert(Run{
+		RunID:         runID,
+		Status:        "running",
+		AgentInstance: req.Instance,
+		AgentFamily:   familyOfInstance(req.Instance),
+		Origin:        "local",
+		Title:         titleFromPrompt(req.Prompt),
+		StartedAt:     time.Now(),
+	})
+	defer reg.SetStatus(runID, "idle")
+
 	sup := agents.NewSupervisor()
 	rc, err := sup.Send(r.Context(), req.Instance, req.Prompt, req.Opts)
 	if err != nil {
+		reg.SetStatus(runID, "failed")
 		writeJSON(w, http.StatusBadRequest, map[string]any{"error": err.Error()})
 		return
 	}
diff --git a/internal/server/peer_run_handler.go b/internal/server/peer_run_handler.go
index 1fdde5c..cea5515 100644
--- a/internal/server/peer_run_handler.go
+++ b/internal/server/peer_run_handler.go
@@ -16,7 +16,9 @@ import (
 	"io"
 	"net/http"
 	"strings"
+	"time"
 
+	"github.com/cogitave/clawtool/internal/a2a"
 	"github.com/cogitave/clawtool/internal/agents"
 )
 
@@ -40,9 +42,31 @@ func handlePeerRun(w http.ResponseWriter, r *http.Request) {
 		writeJSON(w, http.StatusBadRequest, map[string]any{"error": "message is required"})
 		return
 	}
+	// Register this peer-triggered run in THIS device's run registry so the
+	// local Sessions dashboard shows it as "running, triggered by peer <name>"
+	// — the run physically executes here, on the receiver.
+	reg := GetGlobalRunRegistry()
+	runID := newRunID()
+	peerName := strings.TrimSpace(r.Header.Get(a2a.DeviceNameHeader))
+	if peerName == "" {
+		peerName = "peer"
+	}
+	reg.Upsert(Run{
+		RunID:         runID,
+		Status:        "running",
+		AgentInstance: req.Agent,
+		AgentFamily:   familyOfInstance(req.Agent),
+		Origin:        "peer",
+		PeerName:      peerName,
+		Title:         titleFromPrompt(req.Message),
+		StartedAt:     time.Now(),
+	})
+	defer reg.SetStatus(runID, "idle")
+
 	sup := agents.NewSupervisor()
 	rc, err := sup.Send(r.Context(), req.Agent, req.Message, nil)
 	if err != nil {
+		reg.SetStatus(runID, "failed")
 		writeJSON(w, http.StatusBadRequest, map[string]any{"error": err.Error()})
 		return
 	}
diff --git a/internal/server/runs_handler.go b/internal/server/runs_handler.go
new file mode 100644
index 0000000..859fa91
--- /dev/null
+++ b/internal/server/runs_handler.go
@@ -0,0 +1,74 @@
+package server
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"net/http"
+	"strings"
+	"time"
+)
+
+// handleRuns serves GET /v1/runs — the device-wide list of active + recent
+// agentic runs powering the Sessions observability surface. Peer-aware like
+// /v1/agents: a paired device may read this node's runs to render a unified
+// cross-device dashboard.
+func handleRuns(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		writeJSON(w, http.StatusMethodNotAllowed, map[string]any{"error": "GET only"})
+		return
+	}
+	runs := GetGlobalRunRegistry().List()
+	running, idle := 0, 0
+	for _, run := range runs {
+		switch run.Status {
+		case "running":
+			running++
+		case "idle":
+			idle++
+		}
+	}
+	writeJSON(w, http.StatusOK, map[string]any{
+		"runs": runs,
+		"summary": map[string]any{
+			"running": running,
+			"idle":    idle,
+			"total":   len(runs),
+		},
+		"as_of": time.Now().UTC(),
+	})
+}
+
+// newRunID mints a short, unique id for a tracked run.
+func newRunID() string {
+	var b [8]byte
+	if _, err := rand.Read(b[:]); err != nil {
+		// fall back to a timestamp — collisions are harmless for an in-mem map.
+		return "run_" + time.Now().UTC().Format("150405.000000000")
+	}
+	return "run_" + hex.EncodeToString(b[:])
+}
+
+// familyOfInstance derives the agent family from an instance id. Instances are
+// "<family>" or "<family>-<suffix>" (e.g. claude, claude-personal,
+// namzu-document-analyzer); the family is the leading segment. Empty stays
+// empty (supervisor default).
+func familyOfInstance(instance string) string {
+	instance = strings.TrimSpace(instance)
+	if instance == "" {
+		return ""
+	}
+	if i := strings.IndexByte(instance, '-'); i > 0 {
+		return instance[:i]
+	}
+	return instance
+}
+
+// titleFromPrompt makes a short one-line title from a run's prompt for the
+// dashboard. Collapses whitespace and truncates.
+func titleFromPrompt(prompt string) string {
+	t := strings.Join(strings.Fields(prompt), " ")
+	if len(t) > 60 {
+		return t[:59] + "…"
+	}
+	return t
+}
diff --git a/internal/server/runs_registry.go b/internal/server/runs_registry.go
new file mode 100644
index 0000000..f135247
--- /dev/null
+++ b/internal/server/runs_registry.go
@@ -0,0 +1,138 @@
+// Device-wide run registry — the backend for the desktop's "Sessions"
+// observability surface. Every agentic run the daemon executes (a local
+// /v1/send_message, a cross-device /v1/peer-run received from a paired device)
+// registers here, so a dashboard can list what is running on THIS device,
+// which instance owns it, and whether it was triggered locally or by a peer.
+//
+// In-memory + process-lifetime: runs are transient by nature; a daemon restart
+// starts a clean slate. Terminal runs go to "idle"/"done" rather than being
+// deleted immediately so the dashboard can still show recent activity; a
+// janitor trims old terminal runs so the map can't grow unbounded.
+package server
+
+import (
+	"sort"
+	"sync"
+	"time"
+)
+
+// Run is one tracked agentic run. JSON tags are the /v1/runs wire shape.
+type Run struct {
+	RunID         string    `json:"run_id"`
+	SessionID     string    `json:"session_id,omitempty"`
+	Status        string    `json:"status"` // running | idle | done | failed | cancelled
+	AgentFamily   string    `json:"agent_family,omitempty"`
+	AgentInstance string    `json:"agent_instance,omitempty"`
+	Origin        string    `json:"origin"`              // local | local:biam | peer
+	PeerName      string    `json:"peer_name,omitempty"` // the initiating device label when Origin=peer
+	Title         string    `json:"title,omitempty"`
+	StartedAt     time.Time `json:"started_at"`
+	LastActivity  time.Time `json:"last_activity"`
+}
+
+func (r Run) terminal() bool {
+	switch r.Status {
+	case "done", "failed", "cancelled", "idle":
+		return true
+	}
+	return false
+}
+
+// RunRegistry is a concurrency-safe map of in-flight + recent runs.
+type RunRegistry struct {
+	mu   sync.RWMutex
+	runs map[string]*Run
+}
+
+func newRunRegistry() *RunRegistry { return &RunRegistry{runs: map[string]*Run{}} }
+
+// terminalRetention bounds how long a finished run stays visible before the
+// janitor drops it; 10 min is enough for the dashboard to show "just finished".
+const terminalRetention = 10 * time.Minute
+
+// Upsert inserts or updates a run, stamping timestamps. A new run defaults to
+// "running"; StartedAt is preserved across updates.
+func (rr *RunRegistry) Upsert(run Run) {
+	rr.mu.Lock()
+	defer rr.mu.Unlock()
+	now := time.Now()
+	if existing, ok := rr.runs[run.RunID]; ok {
+		// preserve StartedAt; let caller-provided fields override the rest.
+		run.StartedAt = existing.StartedAt
+	} else if run.StartedAt.IsZero() {
+		run.StartedAt = now
+	}
+	if run.Status == "" {
+		run.Status = "running"
+	}
+	run.LastActivity = now
+	cp := run
+	rr.runs[run.RunID] = &cp
+	rr.gcLocked(now)
+}
+
+// SetStatus transitions a run's status (no-op if unknown). Bumps LastActivity.
+func (rr *RunRegistry) SetStatus(runID, status string) {
+	rr.mu.Lock()
+	defer rr.mu.Unlock()
+	if r, ok := rr.runs[runID]; ok {
+		r.Status = status
+		r.LastActivity = time.Now()
+	}
+	rr.gcLocked(time.Now())
+}
+
+// Remove deletes a run outright.
+func (rr *RunRegistry) Remove(runID string) {
+	rr.mu.Lock()
+	delete(rr.runs, runID)
+	rr.mu.Unlock()
+}
+
+// List returns a snapshot of all runs, newest-activity first.
+func (rr *RunRegistry) List() []Run {
+	rr.mu.RLock()
+	out := make([]Run, 0, len(rr.runs))
+	for _, r := range rr.runs {
+		out = append(out, *r)
+	}
+	rr.mu.RUnlock()
+	sort.Slice(out, func(i, j int) bool { return out[i].LastActivity.After(out[j].LastActivity) })
+	return out
+}
+
+// CountByInstance returns the number of NON-terminal runs for an instance —
+// the per-agent "active sessions" badge on the Agents surface.
+func (rr *RunRegistry) CountByInstance(instance string) int {
+	rr.mu.RLock()
+	defer rr.mu.RUnlock()
+	n := 0
+	for _, r := range rr.runs {
+		if r.AgentInstance == instance && !r.terminal() {
+			n++
+		}
+	}
+	return n
+}
+
+// gcLocked drops terminal runs older than the retention window. Caller holds mu.
+func (rr *RunRegistry) gcLocked(now time.Time) {
+	for id, r := range rr.runs {
+		if r.terminal() && now.Sub(r.LastActivity) > terminalRetention {
+			delete(rr.runs, id)
+		}
+	}
+}
+
+// Global singleton — mirrors the GetGlobalPeerRouter pattern so handlers in
+// this package (and the desktop turn lifecycle, via HTTP) share one registry.
+var (
+	globalRunRegistry     *RunRegistry
+	globalRunRegistryOnce sync.Once
+)
+
+// GetGlobalRunRegistry returns the process-wide run registry, lazily created.
+func GetGlobalRunRegistry() *RunRegistry {
+	globalRunRegistryOnce.Do(func() { globalRunRegistry = newRunRegistry() })
+	return globalRunRegistry
+}
diff --git a/internal/server/runs_registry_test.go b/internal/server/runs_registry_test.go
new file mode 100644
index 0000000..3c69f86
--- /dev/null
+++ b/internal/server/runs_registry_test.go
@@ -0,0 +1,75 @@
+package server
+
+import "testing"
+
+func TestRunRegistryLifecycle(t *testing.T) {
+	rr := newRunRegistry()
+
+	rr.Upsert(Run{RunID: "run_a", AgentInstance: "namzu", AgentFamily: "namzu", Origin: "local"})
+	rr.Upsert(Run{RunID: "run_b", AgentInstance: "claude-personal", AgentFamily: "claude", Origin: "peer", PeerName: "dev2"})
+
+	// Both start running.
+	if got := len(rr.List()); got != 2 {
+		t.Fatalf("List len = %d, want 2", got)
+	}
+	if n := rr.CountByInstance("namzu"); n != 1 {
+		t.Fatalf("CountByInstance(namzu) = %d, want 1 (running)", n)
+	}
+
+	// A defaulted status is "running"; verify the peer run carried its label.
+	var peerRun *Run
+	for _, r := range rr.List() {
+		if r.RunID == "run_b" {
+			rcopy := r
+			peerRun = &rcopy
+		}
+	}
+	if peerRun == nil {
+		t.Fatal("run_b missing from List")
+	}
+	if peerRun.Status != "running" {
+		t.Fatalf("run_b status = %q, want running", peerRun.Status)
+	}
+	if peerRun.Origin != "peer" || peerRun.PeerName != "dev2" {
+		t.Fatalf("run_b origin/peer = %q/%q, want peer/dev2", peerRun.Origin, peerRun.PeerName)
+	}
+
+	// Finishing a run drops it from the active count but keeps it visible.
+	rr.SetStatus("run_a", "idle")
+	if n := rr.CountByInstance("namzu"); n != 0 {
+		t.Fatalf("CountByInstance(namzu) after idle = %d, want 0", n)
+	}
+	if got := len(rr.List()); got != 2 {
+		t.Fatalf("List len after idle = %d, want 2 (idle still visible)", got)
+	}
+
+	// StartedAt is preserved across an update.
+	start := rr.List()
+	var aStart string
+	for _, r := range start {
+		if r.RunID == "run_a" {
+			aStart = r.StartedAt.String()
+		}
+	}
+	rr.Upsert(Run{RunID: "run_a", AgentInstance: "namzu", Status: "running"})
+	for _, r := range rr.List() {
+		if r.RunID == "run_a" && r.StartedAt.String() != aStart {
+			t.Fatalf("StartedAt changed on update: %s != %s", r.StartedAt.String(), aStart)
+		}
+	}
+}
+
+func TestFamilyOfInstance(t *testing.T) {
+	cases := map[string]string{
+		"namzu":                   "namzu",
+		"namzu-document-analyzer": "namzu",
+		"claude-personal":         "claude",
+		"codex":                   "codex",
+		"":                        "",
+	}
+	for in, want := range cases {
+		if got := familyOfInstance(in); got != want {
+			t.Errorf("familyOfInstance(%q) = %q, want %q", in, got, want)
+		}
+	}
+}

From c2914d07b79d012e83189ccbd4a5e8cac3f64582 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sat, 30 May 2026 23:27:28 +0300
Subject: [PATCH 82/86] feat(desktop): Sessions becomes a device-wide run
 monitor over /v1/runs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reframes Sessions from a single-agent chat landing into the observability surface the corrected model calls for: a live table of every agentic run on this device — local turns AND peer-triggered runs — with status dot (running/idle/failed), owning instance + family, and origin badge ('local' / 'peer: <device>' / 'via biam'). Polls every 2s. A composer stays pinned below so it's still an entry point; clicking a run opens/attaches to its conversation.

- app.go AgentRuns: fetch /v1/runs, degrade to an empty summary when the gateway is down.
- bridge: Run + RunsSnapshot types; agentRuns() binding.
- Sessions.tsx: rebuilt as the monitor (origin/status rendering) + retained composer entry.
- Sessions.module.css: status-dot classes.
Backend (/v1/runs) was CLI-proven last commit: a peer-run with X-Clawtool-Device-Name and a local send both showed up with origin peer:<name> and local.
---
 cmd/clawtool-installer/app.go                 |  16 +++
 .../apps/app-ui/src/views/Sessions.module.css |  12 ++
 desktop/apps/app-ui/src/views/Sessions.tsx    | 114 ++++++++++--------
 desktop/packages/bridge/src/app.ts            |   4 +
 desktop/packages/bridge/src/types.ts          |  21 ++++
 5 files changed, 119 insertions(+), 48 deletions(-)

diff --git a/cmd/clawtool-installer/app.go b/cmd/clawtool-installer/app.go
index c7db085..32487a3 100644
--- a/cmd/clawtool-installer/app.go
+++ b/cmd/clawtool-installer/app.go
@@ -482,6 +482,22 @@ func (a *App) NetworkSnapshot() string {
 	return string(b)
 }
 
+// AgentRuns fetches the daemon's /v1/runs — the device-wide list of active +
+// recent agentic runs (local and peer-triggered) that backs the Sessions
+// observability surface. Returns the raw body verbatim; "[]"-equivalent empty
+// summary on an unreachable gateway so the UI degrades to "no runs".
+func (a *App) AgentRuns() string {
+	base, err := a.ensureDaemonBase()
+	if err != nil {
+		return `{"runs":[],"summary":{"running":0,"idle":0,"total":0}}`
+	}
+	body, rerr := httpGetJSON(base + "/v1/runs")
+	if rerr != nil || len(body) == 0 {
+		return `{"runs":[],"summary":{"running":0,"idle":0,"total":0}}`
+	}
+	return string(body)
+}
+
 // PeerAgents proxies the daemon's /v1/peers/{id}/agents (circle-key
 // gated cross-device agent enumeration) for the Network view's per-peer
 // expansion.
diff --git a/desktop/apps/app-ui/src/views/Sessions.module.css b/desktop/apps/app-ui/src/views/Sessions.module.css
index 3720e2b..49109e2 100644
--- a/desktop/apps/app-ui/src/views/Sessions.module.css
+++ b/desktop/apps/app-ui/src/views/Sessions.module.css
@@ -116,3 +116,15 @@
 .sendInline:hover:not(:disabled) { background: var(--accent-hover); }
 .sendInline:active:not(:disabled) { transform: translateY(1px); }
 .sendInline:disabled { background: var(--surface-recessed); color: var(--text-tertiary); cursor: default; }
+
+/* Run-monitor status dots — green=running, amber=idle, red=failed. */
+.statusDot {
+  flex: none;
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  background: var(--text-tertiary);
+}
+.dotRunning { background: var(--success, #3fb950); box-shadow: 0 0 6px var(--success, #3fb950); }
+.dotIdle { background: var(--text-tertiary); }
+.dotFailed { background: var(--danger, #f85149); }
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
index 449be69..b1332e4 100644
--- a/desktop/apps/app-ui/src/views/Sessions.tsx
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -1,13 +1,13 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
-import { App, type Peer, type Session } from "@clawtool/bridge";
-import { ArrowUp, ChevronDown, ChevronRight, Folder, FolderX, Monitor, Trash2 } from "lucide-react";
+import { App, type Peer, type Run, type Session } from "@clawtool/bridge";
+import { ArrowUp, ChevronDown, ChevronRight, Folder, FolderX, Monitor } from "lucide-react";
 import styles from "./Sessions.module.css";
 
-// Sessions landing — Image #8 pattern. A Welcome hero, a compact
-// Recents list, and a composer pinned to the bottom that's always
-// available. Typing + send here MINTS a session, opens it, and lets the
-// Conversation pane pick up the seeded prompt (autosent on first
-// mount). No "Add project" preamble.
+// Sessions — the device-wide RUN MONITOR. Lists every agentic run on this
+// device (started locally or triggered by a paired peer) with its status,
+// owning instance, family, and origin. A composer stays pinned below so this
+// is also an entry point: typing mints a session and opens it. Clicking a run
+// opens/attaches to its conversation.
 export function Sessions({
   active,
   onOpen,
@@ -15,7 +15,8 @@ export function Sessions({
   active?: boolean;
   onOpen: (s: Session, initialMessage?: string) => void;
 }) {
-  const [sessions, setSessions] = useState<Session[]>([]);
+  const [runs, setRuns] = useState<Run[]>([]);
+  const [summary, setSummary] = useState({ running: 0, idle: 0, total: 0 });
   const [input, setInput] = useState("");
   const [busy, setBusy] = useState(false);
   const [cwd, setCwd] = useState("");
@@ -24,20 +25,34 @@ export function Sessions({
   const [envOpen, setEnvOpen] = useState(false);
   const taRef = useRef<HTMLTextAreaElement | null>(null);
 
-  async function load() {
-    const list = await App.sessionsList();
-    setSessions(Array.isArray(list) ? list : []);
-  }
+  // Poll the run registry so the monitor reflects live device activity —
+  // local turns and peer-triggered runs alike. 2s matches the peer-inbox
+  // cadence; the daemon is ensured once so a stale gateway revives.
   useEffect(() => {
-    if (active !== false) load();
+    let alive = true;
+    async function loadRuns() {
+      const snap = await App.agentRuns();
+      if (!alive) return;
+      setRuns(Array.isArray(snap.runs) ? snap.runs : []);
+      if (snap.summary) setSummary(snap.summary);
+    }
+    (async () => {
+      await App.ensureGateway();
+      if (alive) await loadRuns();
+    })();
+    const t = setInterval(() => {
+      if (active !== false) loadRuns();
+    }, 2000);
+    return () => {
+      alive = false;
+      clearInterval(t);
+    };
   }, [active]);
 
-  // Load paired devices so the landing's env chip can target one before
-  // the session is even minted. Ensure the daemon once, then snapshot.
+  // Paired devices for the composer's env chip (target Local or a peer).
   useEffect(() => {
     let alive = true;
     (async () => {
-      await App.ensureGateway();
       const snap = await App.networkSnapshot();
       if (alive && snap.ok === true) setPeers(snap.peers?.peers ?? []);
     })();
@@ -53,8 +68,6 @@ export function Sessions({
     setBusy(false);
     if (!r.ok || !r.session) return;
     const s = r.session as Session;
-    // Apply the landing's draft env / cwd so the conversation inherits
-    // the operator's pre-send choices.
     if (cwd) await App.sessionsSetCwd(s.id, cwd);
     if (env) await App.sessionsSetEnv(s.id, env);
     const enriched: Session = { ...s, cwd: cwd || s.cwd, env: env || s.env };
@@ -62,6 +75,14 @@ export function Sessions({
     onOpen(enriched, seed);
   }
 
+  // Open a run in its conversation. Runs are keyed by run_id, not the desktop
+  // Session uuid; when a session_id is present we attach to that conversation,
+  // otherwise mint a thin Session shell so the pane can still render/resume.
+  function openRun(run: Run) {
+    const id = run.session_id || run.run_id;
+    onOpen({ id, title: run.title } as Session);
+  }
+
   async function pickFolder() {
     const r = (await App.projectsPickFolder()) as Record<string, unknown>;
     if (r.ok && typeof r.path === "string" && r.path) setCwd(r.path);
@@ -74,12 +95,6 @@ export function Sessions({
     }
   }
 
-  async function remove(s: Session, e: React.MouseEvent) {
-    e.stopPropagation();
-    await App.sessionsRemove(s.id);
-    await load();
-  }
-
   function chooseEnv(next: string) {
     setEnv(next);
     setEnvOpen(false);
@@ -92,22 +107,24 @@ export function Sessions({
   return (
     <div className={styles.wrap}>
       <div className={styles.scroll}>
-        <h1 className={styles.welcome}>Welcome back</h1>
-        <div className={styles.label}>Sessions</div>
-        {sessions.length === 0 ? (
-          <div className={styles.empty}>No sessions yet. Type below to start one.</div>
+        <h1 className={styles.welcome}>Sessions</h1>
+        <div className={styles.label}>
+          {summary.running} running · {summary.idle} idle · {summary.total} total
+        </div>
+        {runs.length === 0 ? (
+          <div className={styles.empty}>No active sessions. Start one below — or a paired device can trigger one here.</div>
         ) : (
           <div className={styles.list}>
-            {sessions.map((s) => (
-              <button key={s.id} type="button" className={styles.row} onClick={() => onOpen(s)}>
+            {runs.map((run) => (
+              <button key={run.run_id} type="button" className={styles.row} onClick={() => openRun(run)}>
+                <span className={`${styles.statusDot} ${statusClass(run.status, styles)}`} />
                 <div className={styles.rowMain}>
-                  <div className={styles.rowTitle}>{s.title || "Untitled chat"}</div>
-                  <div className={styles.rowMeta}>{s.cwd ? s.cwd.split("/").filter(Boolean).pop() : "no folder"}</div>
+                  <div className={styles.rowTitle}>{run.title || run.agent_instance || "run"}</div>
+                  <div className={styles.rowMeta}>
+                    {run.agent_instance || run.agent_family || "agent"} · {originLabel(run)}
+                  </div>
                 </div>
-                <span className={styles.rowAge}>{ageLabel(s.last_modified)}</span>
-                <span className={styles.rowRemove} onClick={(e) => remove(s, e)} aria-label={`Remove ${s.title || "session"}`}>
-                  <Trash2 size={13} />
-                </span>
+                <span className={styles.rowAge}>{run.status}</span>
                 <ChevronRight size={15} className={styles.rowChevron} />
               </button>
             ))}
@@ -115,8 +132,7 @@ export function Sessions({
         )}
       </div>
 
-      {/* Always-visible composer — typing + send mints a new session and
-          opens it with the seed message auto-applied. */}
+      {/* Composer entry — typing mints a new session and opens it. */}
       <div className={styles.composer}>
         <div className={styles.chips}>
           <div className={styles.chipWrap}>
@@ -175,14 +191,16 @@ export function Sessions({
   );
 }
 
-function ageLabel(iso?: string): string {
-  if (!iso) return "";
-  const t = new Date(iso).getTime();
-  if (!t) return "";
-  const mins = Math.max(1, Math.round((Date.now() - t) / 60000));
-  if (mins < 60) return `${mins}m`;
-  const h = Math.round(mins / 60);
-  if (h < 24) return `${h}h`;
-  const d = Math.round(h / 24);
-  return `${d}d`;
+// originLabel renders where a run was triggered — "local", "via biam", or the
+// peer device that initiated it (the load-bearing cross-device signal).
+function originLabel(run: Run): string {
+  if (run.origin === "peer") return `peer: ${run.peer_name || "device"}`;
+  if (run.origin === "local:biam") return "via biam";
+  return "local";
+}
+
+function statusClass(status: string, s: Record<string, string>): string {
+  if (status === "running") return s.dotRunning || "";
+  if (status === "failed") return s.dotFailed || "";
+  return s.dotIdle || "";
 }
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index e6011c5..3187eb7 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -13,6 +13,7 @@ import type {
   PeerAgentsResult,
   Project,
   Result,
+  RunsSnapshot,
   Session,
   UpdateInfo,
 } from "./types";
@@ -41,6 +42,9 @@ export const App = {
   // gateway + network
   ensureGateway: () => callJSON<Result>("EnsureGateway", OK_FALSE),
   networkSnapshot: () => callJSON<NetworkSnapshot>("NetworkSnapshot", { ok: false }),
+  // Device-wide run list (Sessions observability) — local + peer-triggered runs.
+  agentRuns: () =>
+    callJSON<RunsSnapshot>("AgentRuns", { runs: [], summary: { running: 0, idle: 0, total: 0 } }),
   peerAgents: (peerID: string) => callJSON<PeerAgentsResult>("PeerAgents", { ok: false }, peerID),
 
   // updates
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index a38465b..b78254b 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -42,6 +42,27 @@ export type PeerAgentsResult =
   | { pairing_required: true }
   | { ok: false; error?: string };
 
+// One tracked agentic run on this device — the /v1/runs row that the Sessions
+// observability surface lists (local + peer-triggered).
+export type Run = {
+  run_id: string;
+  session_id?: string;
+  status: string; // running | idle | done | failed | cancelled
+  agent_family?: string;
+  agent_instance?: string;
+  origin: string; // local | local:biam | peer
+  peer_name?: string; // initiating device label when origin=peer
+  title?: string;
+  started_at?: string;
+  last_activity?: string;
+};
+
+export type RunsSnapshot = {
+  runs: Run[];
+  summary: { running: number; idle: number; total: number };
+  as_of?: string;
+};
+
 export type UpdateInfo = {
   current?: string;
   latest?: string;

From c2ece358b238cc1fb9aee01ae033ee9743aeee05 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sun, 31 May 2026 02:15:38 +0300
Subject: [PATCH 83/86] feat(desktop): per-agent session counts (Agents) +
 compose-into-run (Sessions)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two small surface wins over the run-registry:
- Agents.tsx polls App.agentRuns() and shows a '<n> running' accent badge per instance, derived client-side from non-terminal /v1/runs rows (CountByInstance equivalent, no server change).
- Sessions openRun now carries the run's agent_instance + origin into the opened Session (agent + env), so composing into a run dispatches back to the SAME agent (and peer, for a peer-triggered run) — the conversation pane already honors session.agent/env.
---
 desktop/apps/app-ui/src/views/Agents.tsx   | 20 ++++++++++++++++++--
 desktop/apps/app-ui/src/views/Sessions.tsx |  9 ++++++++-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/desktop/apps/app-ui/src/views/Agents.tsx b/desktop/apps/app-ui/src/views/Agents.tsx
index 1cb92a0..cf6747d 100644
--- a/desktop/apps/app-ui/src/views/Agents.tsx
+++ b/desktop/apps/app-ui/src/views/Agents.tsx
@@ -1,4 +1,4 @@
-import { useEffect, useState, type MouseEvent } from "react";
+import { useEffect, useMemo, useState, type MouseEvent } from "react";
 import {
   AgentIcon,
   AgentRow,
@@ -12,7 +12,7 @@ import {
   SidePane,
   type BadgeTone,
 } from "@clawtool/design-system";
-import { App, type Agent, type AgentCard, type Brand } from "@clawtool/bridge";
+import { App, type Agent, type AgentCard, type Brand, type Run } from "@clawtool/bridge";
 import { Toast } from "../components/Toast";
 import styles from "../App.module.css";
 
@@ -45,6 +45,19 @@ export function Agents({ brand, active }: { brand: Brand; active: boolean }) {
   const [busy, setBusy] = useState("");
   const [toast, setToast] = useState("");
   const [selected, setSelected] = useState<Agent | "card" | null>(null);
+  const [runs, setRuns] = useState<Run[]>([]);
+
+  // Per-instance active-session count, derived from the device run registry
+  // (/v1/runs). A non-terminal run with an owning instance counts toward it.
+  const counts = useMemo(() => {
+    const m: Record<string, number> = {};
+    for (const r of runs) {
+      if (r.agent_instance && !["done", "failed", "cancelled", "idle"].includes(r.status)) {
+        m[r.agent_instance] = (m[r.agent_instance] ?? 0) + 1;
+      }
+    }
+    return m;
+  }, [runs]);
 
   async function load() {
     const snap = await App.networkSnapshot();
@@ -52,6 +65,8 @@ export function Agents({ brand, active }: { brand: Brand; active: boolean }) {
     else App.ensureGateway();
     const c = await App.localCard();
     setCard(c && (c.name || c.skills) ? c : null);
+    const r = await App.agentRuns();
+    setRuns(Array.isArray(r.runs) ? r.runs : []);
   }
 
   useEffect(() => {
@@ -133,6 +148,7 @@ export function Agents({ brand, active }: { brand: Brand; active: boolean }) {
                 onClick={() => setSelected(a)}
                 action={
                   <span style={{ display: "flex", alignItems: "center", gap: 12 }}>
+                    {counts[a.instance] ? <Badge tone="accent">{counts[a.instance]} running</Badge> : null}
                     <Badge tone={chip.tone}>{chip.label}</Badge>
                     {actionFor(a)}
                   </span>
diff --git a/desktop/apps/app-ui/src/views/Sessions.tsx b/desktop/apps/app-ui/src/views/Sessions.tsx
index b1332e4..ca57d96 100644
--- a/desktop/apps/app-ui/src/views/Sessions.tsx
+++ b/desktop/apps/app-ui/src/views/Sessions.tsx
@@ -78,9 +78,16 @@ export function Sessions({
   // Open a run in its conversation. Runs are keyed by run_id, not the desktop
   // Session uuid; when a session_id is present we attach to that conversation,
   // otherwise mint a thin Session shell so the pane can still render/resume.
+  // Carry the run's owning instance + origin so composing into it dispatches
+  // back to the SAME agent (the conversation pane honors session.agent/env).
   function openRun(run: Run) {
     const id = run.session_id || run.run_id;
-    onOpen({ id, title: run.title } as Session);
+    onOpen({
+      id,
+      title: run.title,
+      agent: run.agent_instance,
+      env: run.origin === "peer" ? run.peer_name : "",
+    } as Session);
   }
 
   async function pickFolder() {

From 4fa09108fd0475b17f2aec5aab76d11f8c2bc97a Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Sun, 31 May 2026 02:27:38 +0300
Subject: [PATCH 84/86] =?UTF-8?q?feat(desktop):=20Namzu=20workspace=20tab?=
 =?UTF-8?q?=20=E2=80=94=20orchestrator=20surface=20(model/skills/delegatio?=
 =?UTF-8?q?n=20tree)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds the do-work surface the three-surface model calls for: namzu rendered as its own GUI tab, distinct from Sessions (monitor) and the per-session Conversation.

- views/Namzu.tsx: streams over the same agent:event channel as Conversation but dispatches via agentSendOpts so the per-turn model + skills ride as run-stream flags. A switcher row picks the model and toggles skill chips (sourced from namzuSkills → namzu skills-json); a delegation rail renders the live sub-agent tree from tool-end/tool-start detail (namzu orchestrating other agents). Hydrates its transcript from the stable namzu-workspace session.
- Go: AgentSendOpts(projectID,message,peerID,optsJSON) threads {model,instance,skills} into runNamzuTurn's run-stream argv; agentEvent + namzuEvent gain detail (delegation steps); tool-end emitted with detail; NamzuSkills shells skills-json.
- bridge: agentSendOpts, namzuSkills; AgentEvent.detail; NamzuSkill/NamzuTurnOpts types.
- App.tsx: Namzu as the first nav tab (4-spot pattern, keep-alive mount).
- bump namzu submodule to 02f37e1 (run-stream flags + skills-json).
Typecheck + vite build green.
---
 cmd/clawtool-installer/agent.go               |  38 ++-
 cmd/clawtool-installer/namzu_runtime.go       |  67 ++++-
 desktop/apps/app-ui/src/App.tsx               |   9 +-
 .../apps/app-ui/src/views/Namzu.module.css    | 109 +++++++
 desktop/apps/app-ui/src/views/Namzu.tsx       | 281 ++++++++++++++++++
 desktop/packages/bridge/src/app.ts            |  17 ++
 desktop/packages/bridge/src/types.ts          |   7 +
 desktop/submodules/namzu                      |   2 +-
 8 files changed, 508 insertions(+), 22 deletions(-)
 create mode 100644 desktop/apps/app-ui/src/views/Namzu.module.css
 create mode 100644 desktop/apps/app-ui/src/views/Namzu.tsx

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 704cdfa..52e7a91 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -24,12 +24,13 @@ import (
 // agentEvent is the single shape streamed back over Wails events.
 // Kind: "start" | "delta" | "tool-start" | "tool-end" | "done" | "error".
 type agentEvent struct {
-	TurnID    string `json:"turn_id"`
-	ProjectID string `json:"project_id"`
-	Kind      string `json:"kind"`
-	Text      string `json:"text,omitempty"`
-	ToolName  string `json:"tool_name,omitempty"`
-	Error     string `json:"error,omitempty"`
+	TurnID    string   `json:"turn_id"`
+	ProjectID string   `json:"project_id"`
+	Kind      string   `json:"kind"`
+	Text      string   `json:"text,omitempty"`
+	ToolName  string   `json:"tool_name,omitempty"`
+	Error     string   `json:"error,omitempty"`
+	Detail    []string `json:"detail,omitempty"` // sub-agent delegation steps (namzu tool-end)
 }
 
 // AgentSend kicks off a turn for the given project. Returns the turn id
@@ -42,6 +43,14 @@ type agentEvent struct {
 // (the local side reports the dispatch state; the receiver runs the
 // actual turn on its own daemon).
 func (a *App) AgentSend(projectID, message, peerID string) string {
+	return a.AgentSendOpts(projectID, message, peerID, "")
+}
+
+// AgentSendOpts is AgentSend with an extra JSON opts string so the Namzu tab
+// can drive the namzu runtime: {"model":"…","instance":"…","skills":["a","b"]}.
+// optsJSON is empty for a plain Sessions/Conversation turn. peerID, when set,
+// still routes cross-device (opts apply to the local namzu path only).
+func (a *App) AgentSendOpts(projectID, message, peerID, optsJSON string) string {
 	turnID := uuid.NewString()
 	if strings.TrimSpace(peerID) != "" {
 		go a.dispatchAgentToPeer(turnID, projectID, message, peerID)
@@ -49,12 +58,27 @@ func (a *App) AgentSend(projectID, message, peerID string) string {
 		// Local turns run through namzu (the credential-first runtime), not
 		// clawtool's bridge dispatch. runAgentTurn is kept for reference but no
 		// longer on the hot path.
-		go a.runNamzuTurn(turnID, projectID, message)
+		go a.runNamzuTurn(turnID, projectID, message, parseNamzuOpts(optsJSON))
 	}
 	b, _ := json.Marshal(map[string]any{"ok": true, "turn_id": turnID})
 	return string(b)
 }
 
+// namzuTurnOpts carries the Namzu tab's per-turn selections.
+type namzuTurnOpts struct {
+	Model    string   `json:"model,omitempty"`
+	Instance string   `json:"instance,omitempty"`
+	Skills   []string `json:"skills,omitempty"`
+}
+
+func parseNamzuOpts(optsJSON string) namzuTurnOpts {
+	var o namzuTurnOpts
+	if s := strings.TrimSpace(optsJSON); s != "" {
+		_ = json.Unmarshal([]byte(s), &o)
+	}
+	return o
+}
+
 // AgentCancel aborts an in-flight turn. The renderer calls this when the
 // operator navigates away from a session with a turn still running so a
 // cross-device dispatch doesn't keep a goroutine + HTTP stream alive until
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 3bd6733..66bc2cd 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -27,19 +27,21 @@ import (
 	"time"
 )
 
-// namzuEvent is one NDJSON line from `namzu run-stream`. Only the fields
-// the desktop renders are decoded; the rest (usage/task/tool detail) are
-// ignored for now.
+// namzuEvent is one NDJSON line from `namzu run-stream`. Only the fields the
+// desktop renders are decoded; the rest (usage/task) are ignored for now.
+// Detail carries a tool/sub-agent's step lines — namzu's delegation tree.
 type namzuEvent struct {
-	Kind     string `json:"kind"`
-	Text     string `json:"text,omitempty"`
-	ToolName string `json:"toolName,omitempty"`
-	Message  string `json:"message,omitempty"`
+	Kind     string   `json:"kind"`
+	Text     string   `json:"text,omitempty"`
+	ToolName string   `json:"toolName,omitempty"`
+	Message  string   `json:"message,omitempty"`
+	Detail   []string `json:"detail,omitempty"`
 }
 
 // runNamzuTurn drives one LOCAL turn through the namzu CLI and streams its
-// reply back over the agent:event channel.
-func (a *App) runNamzuTurn(turnID, projectID, message string) {
+// reply back over the agent:event channel. opts carries the Namzu tab's
+// per-turn model / instance / skills selection (zero value for a plain turn).
+func (a *App) runNamzuTurn(turnID, projectID, message string, opts namzuTurnOpts) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
 
 	node, binJS, err := locateNamzu()
@@ -59,8 +61,20 @@ func (a *App) runNamzuTurn(turnID, projectID, message string) {
 
 	// Bind the turn to a persisted conversation keyed by the session id, so
 	// namzu loads this session's prior turns as context and appends this one —
-	// that's what makes a reopened session show its history (AgentHistory).
-	cmd := exec.CommandContext(ctx, node, binJS, "run-stream", "--session", projectID, message)
+	// that's what makes a reopened session show its history (AgentHistory). The
+	// Namzu tab's selections (model/instance/skills) ride as run-stream flags.
+	args := []string{binJS, "run-stream", "--session", projectID}
+	if opts.Model != "" {
+		args = append(args, "--model", opts.Model)
+	}
+	if opts.Instance != "" {
+		args = append(args, "--instance", opts.Instance)
+	}
+	if len(opts.Skills) > 0 {
+		args = append(args, "--skills", strings.Join(opts.Skills, ","))
+	}
+	args = append(args, message)
+	cmd := exec.CommandContext(ctx, node, args...)
 	cmd.Dir = cwd
 	// Inherit the (PATH-repaired, see ensureUserPath) environment so namzu's
 	// credential discovery + `node` resolution match a terminal launch.
@@ -107,8 +121,12 @@ func (a *App) runNamzuTurn(turnID, projectID, message string) {
 			}
 		case "tool-start":
 			if ev.ToolName != "" {
-				a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-start", ToolName: ev.ToolName})
+				a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-start", ToolName: ev.ToolName, Detail: ev.Detail})
 			}
+		case "tool-end":
+			// Carries the sub-agent delegation steps (├─/└─ tree) when the tool
+			// was an `Agent` delegation — the Namzu tab renders these live.
+			a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "tool-end", ToolName: ev.ToolName, Detail: ev.Detail})
 		case "error":
 			sawError = true
 			msg := ev.Message
@@ -195,6 +213,31 @@ func (a *App) AgentHistory(projectID string) string {
 	return trimmed
 }
 
+// NamzuSkills returns the skills namzu discovers ({name, description, source}[]
+// JSON) — the Namzu tab's chip rail. Shells `namzu skills-json`. Empty array on
+// any failure so the rail degrades to "no skills".
+func (a *App) NamzuSkills() string {
+	node, binJS, err := locateNamzu()
+	if err != nil {
+		return "[]"
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, node, binJS, "skills-json")
+	cmd.Dir = namzuScratchDir()
+	cmd.Env = os.Environ()
+	hideConsole(cmd)
+	out, err := cmd.Output()
+	if err != nil {
+		return "[]"
+	}
+	trimmed := strings.TrimSpace(string(out))
+	if !strings.HasPrefix(trimmed, "[") {
+		return "[]"
+	}
+	return trimmed
+}
+
 // locateNamzu resolves the node binary and the namzu CLI entry. A shipped
 // .app carries both in Contents/Resources/namzu ({node, namzu.mjs}) so a local
 // turn runs with zero external dependencies; a dev build falls back to the
diff --git a/desktop/apps/app-ui/src/App.tsx b/desktop/apps/app-ui/src/App.tsx
index 2d902af..8440b8b 100644
--- a/desktop/apps/app-ui/src/App.tsx
+++ b/desktop/apps/app-ui/src/App.tsx
@@ -1,9 +1,10 @@
 import { useEffect, useState } from "react";
 import { NavItem, Sidebar, StatusDot, TitleBar, Wordmark, type Platform } from "@clawtool/design-system";
 import { App as Backend, Win, environmentPlatform, type Brand } from "@clawtool/bridge";
-import { Bot, House, MessageSquarePlus, Network as NetIcon, RefreshCw, Settings as SettingsGlyph } from "lucide-react";
+import { Bot, House, MessageSquarePlus, Network as NetIcon, RefreshCw, Settings as SettingsGlyph, Sparkles } from "lucide-react";
 import { Home } from "./views/Home";
 import { Agents } from "./views/Agents";
+import { Namzu } from "./views/Namzu";
 import { Network } from "./views/Network";
 import { Updates } from "./views/Updates";
 import { Settings } from "./views/Settings";
@@ -14,7 +15,7 @@ import { SessionRail } from "./components/SessionRail";
 import type { Session } from "@clawtool/bridge";
 import styles from "./App.module.css";
 
-type View = "sessions" | "home" | "agents" | "network" | "updates" | "settings";
+type View = "namzu" | "sessions" | "home" | "agents" | "network" | "updates" | "settings";
 
 export function App() {
   const [platform, setPlatform] = useState<Platform>("windows");
@@ -77,6 +78,7 @@ export function App() {
               swap thanks to App.module.css's .sideFade transitions. */}
           {openSession ? null : (
             <>
+              <NavItem icon={<Sparkles {...ic} />} label="Namzu" active={view === "namzu"} onClick={() => setView("namzu")} />
               <NavItem
                 icon={<MessageSquarePlus {...ic} />}
                 label="Sessions"
@@ -119,6 +121,9 @@ export function App() {
               />
             ) : null}
           </div>
+          <div className={styles.page} style={view === "namzu" ? undefined : hidden}>
+            <Namzu brand={brand} active={view === "namzu"} />
+          </div>
           <div className={styles.page} style={view === "home" ? undefined : hidden}>
             <Home brand={brand} active={view === "home"} onNavigate={(v) => setView(v as View)} />
           </div>
diff --git a/desktop/apps/app-ui/src/views/Namzu.module.css b/desktop/apps/app-ui/src/views/Namzu.module.css
new file mode 100644
index 0000000..531b735
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Namzu.module.css
@@ -0,0 +1,109 @@
+/* Namzu workspace — the orchestrator surface. Reuses Conversation.module.css
+   for the transcript/composer; this adds the switcher row + delegation rail. */
+
+.switcher {
+  flex: none;
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  flex-wrap: wrap;
+  padding: 10px 4px 12px;
+  border-bottom: 1px solid var(--hairline);
+}
+.brandMark {
+  font-size: 14px;
+  font-weight: 600;
+  letter-spacing: -0.01em;
+  color: var(--text);
+  margin-right: 4px;
+}
+.pickWrap { position: relative; }
+.pick {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 4px 10px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-pill);
+  background: var(--surface-recessed);
+  color: var(--text-secondary);
+  font-size: 11.5px;
+  cursor: pointer;
+}
+.pick:hover { border-color: var(--hairline-strong); color: var(--text); }
+.menu {
+  position: absolute;
+  top: calc(100% + 6px);
+  left: 0;
+  z-index: 20;
+  min-width: 180px;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  padding: 5px;
+  background: var(--surface);
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-md);
+  box-shadow: 0 8px 28px rgba(0, 0, 0, 0.4);
+}
+.menuItem {
+  display: block;
+  width: 100%;
+  text-align: left;
+  padding: 7px 10px;
+  font-size: 12px;
+  color: var(--text);
+  background: transparent;
+  border: none;
+  border-radius: var(--radius-sm);
+  cursor: pointer;
+}
+.menuItem:hover { background: var(--hover); }
+.menuItemOn { color: var(--accent); }
+.menuEmpty { padding: 8px 10px; font-size: 12px; color: var(--text-tertiary); }
+.skillChip {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  padding: 3px 9px;
+  font-size: 11px;
+  color: var(--accent-ink, #fff);
+  background: var(--accent);
+  border-radius: var(--radius-pill);
+  cursor: pointer;
+}
+
+.body {
+  flex: 1;
+  min-height: 0;
+  display: flex;
+  gap: 0;
+}
+.body > :global(.transcript),
+.body > div:first-child {
+  flex: 1;
+  min-width: 0;
+}
+.rail {
+  flex: none;
+  width: 280px;
+  border-left: 1px solid var(--hairline);
+  padding: 12px 14px;
+  overflow-y: auto;
+}
+.railHead {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  font-size: 11.5px;
+  color: var(--text-tertiary);
+  letter-spacing: 0.04em;
+  margin-bottom: 10px;
+}
+.tree {
+  font-family: var(--font-mono);
+  font-size: 11.5px;
+  line-height: 1.7;
+  color: var(--text-secondary);
+}
+.treeLine { white-space: pre; }
diff --git a/desktop/apps/app-ui/src/views/Namzu.tsx b/desktop/apps/app-ui/src/views/Namzu.tsx
new file mode 100644
index 0000000..f74c1ed
--- /dev/null
+++ b/desktop/apps/app-ui/src/views/Namzu.tsx
@@ -0,0 +1,281 @@
+import { useEffect, useRef, useState, type KeyboardEvent } from "react";
+import { App, on, type AgentEvent, type Brand, type NamzuSkill } from "@clawtool/bridge";
+import { ArrowUp, ChevronDown, GitBranch } from "lucide-react";
+import conv from "../components/Conversation.module.css";
+import styles from "./Namzu.module.css";
+
+// Namzu — the do-work surface: namzu rendered as its own GUI. Unlike Sessions
+// (a monitor) and Conversation (per-session, dispatch-an-instance), this drives
+// namzu THE ORCHESTRATOR: pick a model + skills, watch the live transcript, and
+// see the delegation tree as namzu spawns sub-agents / shells out to other
+// agents. Streams over the same agent:event channel; dispatches via
+// agentSendOpts so model/skills/instance ride as run-stream flags.
+
+type Msg =
+  | { kind: "user"; text: string }
+  | { kind: "assistant"; text: string; tools: string[]; streaming: boolean; error?: boolean };
+
+// A namzu workspace is one stable on-disk session so history persists.
+const NAMZU_SESSION = "namzu-workspace";
+
+const MODELS = [
+  "claude-opus-4-8",
+  "claude-opus-4-7",
+  "claude-sonnet-4-6",
+  "claude-haiku-4-5-20251001",
+];
+
+export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
+  const [messages, setMessages] = useState<Msg[]>([]);
+  const [input, setInput] = useState("");
+  const [sending, setSending] = useState(false);
+  const [model, setModel] = useState(MODELS[0]);
+  const [modelOpen, setModelOpen] = useState(false);
+  const [skills, setSkills] = useState<NamzuSkill[]>([]);
+  const [activeSkills, setActiveSkills] = useState<string[]>([]);
+  const [skillOpen, setSkillOpen] = useState(false);
+  // Live sub-agent delegation steps namzu emits via tool-end detail.
+  const [tree, setTree] = useState<string[]>([]);
+  const turnRef = useRef<string>("");
+  const scrollRef = useRef<HTMLDivElement | null>(null);
+
+  // Hydrate the workspace transcript + skill rail on mount.
+  useEffect(() => {
+    let alive = true;
+    (async () => {
+      const past = await App.agentHistory(NAMZU_SESSION);
+      if (alive && Array.isArray(past) && past.length > 0) {
+        setMessages(
+          past.map((m) =>
+            m.role === "user"
+              ? { kind: "user", text: m.content }
+              : { kind: "assistant", text: m.content, tools: [], streaming: false },
+          ),
+        );
+      }
+      const sk = await App.namzuSkills();
+      if (alive && Array.isArray(sk)) setSkills(sk);
+    })();
+    return () => {
+      alive = false;
+    };
+  }, []);
+
+  // Stream namzu's AgentEvents — same channel + reducer shape as Conversation,
+  // plus the delegation tree from tool-end detail.
+  useEffect(() => {
+    const off = on<AgentEvent>("agent:event", (ev) => {
+      if (!turnRef.current || ev.turn_id !== turnRef.current) return;
+      if (ev.kind === "delta") {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          next.push({ ...last, text: last.text + (ev.text ?? "") });
+          return next;
+        });
+      } else if (ev.kind === "tool-start" && ev.tool_name) {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          next.push({ ...last, tools: [...last.tools, ev.tool_name as string] });
+          return next;
+        });
+        if (ev.detail?.length) setTree((t) => [...t, ...(ev.detail as string[])]);
+      } else if (ev.kind === "tool-end") {
+        if (ev.detail?.length) setTree((t) => [...t, ...(ev.detail as string[])]);
+      } else if (ev.kind === "done" || ev.kind === "error") {
+        setMessages((m) => {
+          const last = m[m.length - 1];
+          if (!last || last.kind !== "assistant") return m;
+          const next = m.slice(0, -1);
+          if (ev.kind === "error") {
+            next.push({ ...last, streaming: false, text: ev.error || "Couldn't reach namzu.", error: true });
+          } else {
+            next.push({ ...last, streaming: false });
+          }
+          return next;
+        });
+        setSending(false);
+        turnRef.current = "";
+      }
+    });
+    return () => off();
+  }, []);
+
+  useEffect(() => {
+    const el = scrollRef.current;
+    if (el) el.scrollTop = el.scrollHeight;
+  }, [messages]);
+
+  async function send() {
+    const text = input.trim();
+    if (!text || sending) return;
+    setSending(true);
+    setInput("");
+    setTree([]);
+    setMessages((m) => [...m, { kind: "user", text }, { kind: "assistant", text: "", tools: [], streaming: true }]);
+    const r = (await App.agentSendOpts(NAMZU_SESSION, text, {
+      model,
+      skills: activeSkills,
+    })) as Record<string, unknown>;
+    if (r.ok && typeof r.turn_id === "string") {
+      turnRef.current = r.turn_id;
+    } else {
+      setMessages((m) => {
+        const last = m[m.length - 1];
+        if (!last || last.kind !== "assistant") return m;
+        const next = m.slice(0, -1);
+        next.push({ ...last, streaming: false, text: "[error sending message]", error: true });
+        return next;
+      });
+      setSending(false);
+    }
+  }
+
+  function onKey(e: KeyboardEvent<HTMLTextAreaElement>) {
+    if (e.key === "Enter" && !e.shiftKey) {
+      e.preventDefault();
+      send();
+    }
+  }
+
+  function toggleSkill(name: string) {
+    setActiveSkills((a) => (a.includes(name) ? a.filter((s) => s !== name) : [...a, name]));
+  }
+
+  if (active === false) return null;
+
+  return (
+    <div className={conv.wrap}>
+      {/* Switcher row — model + skills, the orchestrator's per-turn config. */}
+      <div className={styles.switcher}>
+        <span className={styles.brandMark}>{brand.name === "clawtool" ? "namzu" : brand.name}</span>
+        <div className={styles.pickWrap}>
+          <button type="button" className={styles.pick} onClick={() => setModelOpen((v) => !v)}>
+            {model} <ChevronDown size={11} />
+          </button>
+          {modelOpen && (
+            <div className={styles.menu}>
+              {MODELS.map((m) => (
+                <button
+                  key={m}
+                  type="button"
+                  className={styles.menuItem}
+                  onClick={() => {
+                    setModel(m);
+                    setModelOpen(false);
+                  }}
+                >
+                  {m}
+                </button>
+              ))}
+            </div>
+          )}
+        </div>
+        <div className={styles.pickWrap}>
+          <button type="button" className={styles.pick} onClick={() => setSkillOpen((v) => !v)}>
+            skills: {activeSkills.length} <ChevronDown size={11} />
+          </button>
+          {skillOpen && (
+            <div className={styles.menu}>
+              {skills.length === 0 ? (
+                <div className={styles.menuEmpty}>No skills installed</div>
+              ) : (
+                skills.map((s) => (
+                  <button
+                    key={s.name}
+                    type="button"
+                    className={`${styles.menuItem} ${activeSkills.includes(s.name) ? styles.menuItemOn : ""}`}
+                    onClick={() => toggleSkill(s.name)}
+                    title={s.description}
+                  >
+                    {activeSkills.includes(s.name) ? "✓ " : ""}
+                    {s.name}
+                  </button>
+                ))
+              )}
+            </div>
+          )}
+        </div>
+        {activeSkills.map((s) => (
+          <span key={s} className={styles.skillChip} onClick={() => toggleSkill(s)}>
+            {s} ×
+          </span>
+        ))}
+      </div>
+
+      <div className={styles.body}>
+        <div className={conv.transcript} ref={scrollRef}>
+          {messages.map((m, i) =>
+            m.kind === "user" ? (
+              <div key={i} className={conv.userRow}>
+                <span className={conv.userChip}>{m.text}</span>
+              </div>
+            ) : (
+              <div key={i} className={`${conv.agentRow} ${m.error ? conv.agentErr : ""}`}>
+                <span className={`${conv.dot} ${m.streaming ? conv.dotLive : ""}`} />
+                <div className={conv.agentBody}>
+                  {m.tools.length > 0 ? (
+                    <div className={conv.toolChips}>
+                      {m.tools.map((t, j) => (
+                        <span key={j} className={conv.tool}>⚙ {t}</span>
+                      ))}
+                    </div>
+                  ) : null}
+                  {m.streaming && !m.text ? (
+                    <span className={conv.caret} />
+                  ) : (
+                    <>
+                      {m.text}
+                      {m.streaming ? <span className={conv.caret} /> : null}
+                    </>
+                  )}
+                </div>
+              </div>
+            ),
+          )}
+        </div>
+
+        {/* Delegation rail — live ├─/└─ tree of namzu's sub-agent dispatches. */}
+        {tree.length > 0 && (
+          <div className={styles.rail}>
+            <div className={styles.railHead}>
+              <GitBranch size={13} /> Delegation
+            </div>
+            <div className={styles.tree}>
+              {tree.map((line, i) => (
+                <div key={i} className={styles.treeLine}>
+                  {line}
+                </div>
+              ))}
+            </div>
+          </div>
+        )}
+      </div>
+
+      <div className={conv.composer}>
+        <div className={conv.editorWrap}>
+          <textarea
+            className={conv.editor}
+            placeholder="Ask namzu — it can orchestrate other agents"
+            value={input}
+            onChange={(e) => setInput(e.target.value)}
+            onKeyDown={onKey}
+            disabled={sending}
+          />
+          <button
+            type="button"
+            className={conv.sendInline}
+            disabled={sending || !input.trim()}
+            onClick={send}
+            aria-label="Send"
+          >
+            <ArrowUp size={14} strokeWidth={2.5} />
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index 3187eb7..e67e77b 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -8,6 +8,8 @@ import type {
   Brand,
   LanStatus,
   Mode,
+  NamzuSkill,
+  NamzuTurnOpts,
   NetworkSnapshot,
   PairingRequest,
   PeerAgentsResult,
@@ -94,6 +96,21 @@ export const App = {
   agentSend: (projectID: string, message: string, peerID = "") =>
     callJSON<Result & { turn_id?: string }>("AgentSend", OK_FALSE, projectID, message, peerID),
 
+  // Namzu-tab dispatch — same channel as agentSend, plus per-turn model /
+  // instance / skills selections forwarded to the namzu runtime as flags.
+  agentSendOpts: (projectID: string, message: string, opts: NamzuTurnOpts, peerID = "") =>
+    callJSON<Result & { turn_id?: string }>(
+      "AgentSendOpts",
+      OK_FALSE,
+      projectID,
+      message,
+      peerID,
+      JSON.stringify(opts ?? {}),
+    ),
+
+  // Discovered skills for the Namzu tab's chip rail (namzu skills-json).
+  namzuSkills: () => callJSON<NamzuSkill[]>("NamzuSkills", []),
+
   // Abort an in-flight turn by id — the conversation pane calls this when
   // the operator navigates away so a cross-device stream doesn't linger.
   agentCancel: (turnID: string) => callJSON<Result>("AgentCancel", OK_FALSE, turnID),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index b78254b..c034540 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -130,8 +130,15 @@ export type AgentEvent = {
   text?: string;
   tool_name?: string;
   error?: string;
+  detail?: string[]; // sub-agent delegation steps (namzu orchestration tree)
 };
 
+// One skill discoverable by namzu — the Namzu tab's skill-chip source.
+export type NamzuSkill = { name: string; description?: string; source?: string };
+
+// Per-turn selections the Namzu tab passes to the namzu runtime.
+export type NamzuTurnOpts = { model?: string; instance?: string; skills?: string[] };
+
 // Wails runtime events emitted by the Go side.
 export type InstallStep = { level?: "ok" | "warn" | "fail"; label?: string; message?: string; raw?: string };
 export type InstallDone = { ok?: boolean; summary?: string };
diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
index 11e1a70..02f37e1 160000
--- a/desktop/submodules/namzu
+++ b/desktop/submodules/namzu
@@ -1 +1 @@
-Subproject commit 11e1a709b4609137f48c7ffea4bed9cbe9c904a9
+Subproject commit 02f37e1f5912e9efaa40a47bb8c3782138e0e630

From ff37b936ccdfbbed92da596d5559d1c0d6fd8993 Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Mon, 1 Jun 2026 14:30:15 +0300
Subject: [PATCH 85/86] fix(desktop): dynamic provider/model picker + local run
 visibility in Sessions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two Namzu-tab bugs:

A) The model switcher hardcoded a Claude-only list, so non-Claude
   providers were unreachable from the tab. Replace it with dynamic
   provider + per-provider model pickers sourced from `namzu
   providers-json` (App.NamzuProviders): a provider dropdown with
   credential-detected dots (detected-first), and a model dropdown of
   that provider's real catalog — free-text + the registry default when
   a provider exposes no listing. Provider + model ride to run-stream as
   --provider/--model via AgentSendOpts.

B) A turn started from the Namzu tab never appeared in the Sessions
   /v1/runs monitor, because it executes IN-PROCESS in the desktop, not
   in the daemon whose registry backs /v1/runs. Add daemon endpoints
   POST /v1/runs/register and POST /v1/runs/{id}/status (authed:
   bearer/loopback, never peer — writes are device-local) and have
   runNamzuTurn register the run at start (origin=local, instance via
   opts) and flip it to idle on any exit path.

Submodule namzu bumped to dd5c886 (providers-json + run-stream
--provider + the listModels registration fix).
---
 cmd/clawtool-installer/agent.go               |   1 +
 cmd/clawtool-installer/namzu_runtime.go       | 102 +++++++++++++
 .../apps/app-ui/src/views/Namzu.module.css    |  24 ++++
 desktop/apps/app-ui/src/views/Namzu.tsx       | 136 +++++++++++++-----
 desktop/packages/bridge/src/app.ts            |   6 +
 desktop/packages/bridge/src/types.ts          |  22 ++-
 desktop/submodules/namzu                      |   2 +-
 internal/server/http.go                       |   8 ++
 internal/server/runs_handler.go               |  71 +++++++++
 internal/server/runs_handler_test.go          |  96 +++++++++++++
 10 files changed, 434 insertions(+), 34 deletions(-)
 create mode 100644 internal/server/runs_handler_test.go

diff --git a/cmd/clawtool-installer/agent.go b/cmd/clawtool-installer/agent.go
index 52e7a91..43f73c4 100644
--- a/cmd/clawtool-installer/agent.go
+++ b/cmd/clawtool-installer/agent.go
@@ -67,6 +67,7 @@ func (a *App) AgentSendOpts(projectID, message, peerID, optsJSON string) string
 // namzuTurnOpts carries the Namzu tab's per-turn selections.
 type namzuTurnOpts struct {
 	Model    string   `json:"model,omitempty"`
+	Provider string   `json:"provider,omitempty"`
 	Instance string   `json:"instance,omitempty"`
 	Skills   []string `json:"skills,omitempty"`
 }
diff --git a/cmd/clawtool-installer/namzu_runtime.go b/cmd/clawtool-installer/namzu_runtime.go
index 66bc2cd..10447d0 100644
--- a/cmd/clawtool-installer/namzu_runtime.go
+++ b/cmd/clawtool-installer/namzu_runtime.go
@@ -17,9 +17,11 @@ package main
 
 import (
 	"bufio"
+	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
+	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -44,6 +46,13 @@ type namzuEvent struct {
 func (a *App) runNamzuTurn(turnID, projectID, message string, opts namzuTurnOpts) {
 	a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "start"})
 
+	// Make this IN-PROCESS turn visible on the device-wide Sessions surface.
+	// The run executes here in the desktop (namzu runtime), not in the daemon,
+	// so the daemon's run registry can't observe it on its own — we register it
+	// explicitly and flip it to idle when the turn ends (any exit path).
+	a.registerLocalRun(turnID, projectID, opts.Instance, message)
+	defer a.updateLocalRunStatus(turnID, "idle")
+
 	node, binJS, err := locateNamzu()
 	if err != nil {
 		a.emitAgent(agentEvent{TurnID: turnID, ProjectID: projectID, Kind: "error", Error: err.Error()})
@@ -67,6 +76,9 @@ func (a *App) runNamzuTurn(turnID, projectID, message string, opts namzuTurnOpts
 	if opts.Model != "" {
 		args = append(args, "--model", opts.Model)
 	}
+	if opts.Provider != "" {
+		args = append(args, "--provider", opts.Provider)
+	}
 	if opts.Instance != "" {
 		args = append(args, "--instance", opts.Instance)
 	}
@@ -238,6 +250,96 @@ func (a *App) NamzuSkills() string {
 	return trimmed
 }
 
+// NamzuProviders returns the providers namzu can route to, each with its
+// detected-credential state, default flag, and concrete model list
+// ({provider,label,detected,default,models[]}[] JSON) — the Namzu tab's
+// provider + per-provider model pickers. Shells `namzu providers-json`. Empty
+// array on any failure so the pickers degrade to a free-text model field.
+func (a *App) NamzuProviders() string {
+	node, binJS, err := locateNamzu()
+	if err != nil {
+		return "[]"
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, node, binJS, "providers-json")
+	cmd.Dir = namzuScratchDir()
+	cmd.Env = os.Environ()
+	hideConsole(cmd)
+	out, err := cmd.Output()
+	if err != nil {
+		return "[]"
+	}
+	trimmed := strings.TrimSpace(string(out))
+	if !strings.HasPrefix(trimmed, "[") {
+		return "[]"
+	}
+	return trimmed
+}
+
+// registerLocalRun announces an in-process desktop turn to the daemon's run
+// registry so the Sessions surface (which reads /v1/runs) sees it. instance
+// defaults to "namzu" — the runtime that actually executes a local turn. title
+// is the operator's prompt, truncated for the row. Best-effort: a turn must run
+// even when the daemon is momentarily unreachable, so failures are swallowed.
+func (a *App) registerLocalRun(runID, sessionID, instance, title string) {
+	if strings.TrimSpace(instance) == "" {
+		instance = "namzu"
+	}
+	a.postDaemonJSON("/v1/runs/register", map[string]string{
+		"run_id":         runID,
+		"session_id":     sessionID,
+		"agent_instance": instance,
+		"origin":         "local",
+		"title":          runTitle(title),
+	})
+}
+
+// updateLocalRunStatus flips a registered run to a new lifecycle state — the
+// turn end-path sets "idle" so a finished turn doesn't read as perpetually live
+// in Sessions. Best-effort, same rationale as registerLocalRun.
+func (a *App) updateLocalRunStatus(runID, status string) {
+	a.postDaemonJSON("/v1/runs/"+runID+"/status", map[string]string{"status": status})
+}
+
+// postDaemonJSON POSTs a small JSON body to the local daemon over loopback. No
+// bearer is attached: the machine is its own trust boundary (the daemon trusts
+// loopback, or runs token-less when not LAN-exposed). Fire-and-forget — run
+// registration is observability and must never block or fail a turn.
+func (a *App) postDaemonJSON(path string, payload any) {
+	base, err := a.ensureDaemonBase()
+	if err != nil {
+		return
+	}
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 4*time.Second)
+	defer cancel()
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, base+path, bytes.NewReader(body))
+	if err != nil {
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return
+	}
+	_ = resp.Body.Close()
+}
+
+// runTitle trims an operator prompt to a compact single-line run title for the
+// Sessions row. Mirrors the daemon's titleFromPrompt budget so local and
+// peer-triggered rows read consistently.
+func runTitle(s string) string {
+	s = strings.TrimSpace(strings.ReplaceAll(s, "\n", " "))
+	if len(s) > 80 {
+		s = strings.TrimSpace(s[:80]) + "…"
+	}
+	return s
+}
+
 // locateNamzu resolves the node binary and the namzu CLI entry. A shipped
 // .app carries both in Contents/Resources/namzu ({node, namzu.mjs}) so a local
 // turn runs with zero external dependencies; a dev build falls back to the
diff --git a/desktop/apps/app-ui/src/views/Namzu.module.css b/desktop/apps/app-ui/src/views/Namzu.module.css
index 531b735..fdc7286 100644
--- a/desktop/apps/app-ui/src/views/Namzu.module.css
+++ b/desktop/apps/app-ui/src/views/Namzu.module.css
@@ -61,6 +61,30 @@
 .menuItem:hover { background: var(--hover); }
 .menuItemOn { color: var(--accent); }
 .menuEmpty { padding: 8px 10px; font-size: 12px; color: var(--text-tertiary); }
+/* Credential-detected dot in the provider menu: hollow when undetected,
+   filled accent when a usable credential was found. */
+.provDot {
+  display: inline-block;
+  width: 6px;
+  height: 6px;
+  margin-right: 8px;
+  border-radius: 50%;
+  border: 1px solid var(--hairline-strong);
+  vertical-align: middle;
+}
+.provDotOn { background: var(--accent); border-color: var(--accent); }
+/* Free-text model field shown when a provider exposes no model listing. */
+.modelInput {
+  width: 150px;
+  padding: 4px 10px;
+  border: 1px solid var(--hairline);
+  border-radius: var(--radius-pill);
+  background: var(--surface-recessed);
+  color: var(--text);
+  font-size: 11.5px;
+  font-family: inherit;
+}
+.modelInput:focus { outline: none; border-color: var(--accent); }
 .skillChip {
   display: inline-flex;
   align-items: center;
diff --git a/desktop/apps/app-ui/src/views/Namzu.tsx b/desktop/apps/app-ui/src/views/Namzu.tsx
index f74c1ed..07f3fe1 100644
--- a/desktop/apps/app-ui/src/views/Namzu.tsx
+++ b/desktop/apps/app-ui/src/views/Namzu.tsx
@@ -1,15 +1,28 @@
 import { useEffect, useRef, useState, type KeyboardEvent } from "react";
-import { App, on, type AgentEvent, type Brand, type NamzuSkill } from "@clawtool/bridge";
+import {
+  App,
+  on,
+  type AgentEvent,
+  type Brand,
+  type NamzuProvider,
+  type NamzuSkill,
+} from "@clawtool/bridge";
 import { ArrowUp, ChevronDown, GitBranch } from "lucide-react";
 import conv from "../components/Conversation.module.css";
 import styles from "./Namzu.module.css";
 
 // Namzu — the do-work surface: namzu rendered as its own GUI. Unlike Sessions
 // (a monitor) and Conversation (per-session, dispatch-an-instance), this drives
-// namzu THE ORCHESTRATOR: pick a model + skills, watch the live transcript, and
-// see the delegation tree as namzu spawns sub-agents / shells out to other
-// agents. Streams over the same agent:event channel; dispatches via
-// agentSendOpts so model/skills/instance ride as run-stream flags.
+// namzu THE ORCHESTRATOR: pick a provider + model + skills, watch the live
+// transcript, and see the delegation tree as namzu spawns sub-agents / shells
+// out to other agents. Streams over the same agent:event channel; dispatches
+// via agentSendOpts so provider/model/skills/instance ride as run-stream flags.
+//
+// Provider + model are DYNAMIC (App.namzuProviders → `namzu providers-json`):
+// each provider carries its own concrete model list, so a gemini provider lists
+// gemini models, a codex/openai provider its own, etc. — never a hardcoded
+// Claude-only list. A provider with no model listing degrades to a free-text
+// model field.
 
 type Msg =
   | { kind: "user"; text: string }
@@ -18,18 +31,14 @@ type Msg =
 // A namzu workspace is one stable on-disk session so history persists.
 const NAMZU_SESSION = "namzu-workspace";
 
-const MODELS = [
-  "claude-opus-4-8",
-  "claude-opus-4-7",
-  "claude-sonnet-4-6",
-  "claude-haiku-4-5-20251001",
-];
-
 export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
   const [messages, setMessages] = useState<Msg[]>([]);
   const [input, setInput] = useState("");
   const [sending, setSending] = useState(false);
-  const [model, setModel] = useState(MODELS[0]);
+  const [providers, setProviders] = useState<NamzuProvider[]>([]);
+  const [provider, setProvider] = useState("");
+  const [providerOpen, setProviderOpen] = useState(false);
+  const [model, setModel] = useState("");
   const [modelOpen, setModelOpen] = useState(false);
   const [skills, setSkills] = useState<NamzuSkill[]>([]);
   const [activeSkills, setActiveSkills] = useState<string[]>([]);
@@ -39,7 +48,7 @@ export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
   const turnRef = useRef<string>("");
   const scrollRef = useRef<HTMLDivElement | null>(null);
 
-  // Hydrate the workspace transcript + skill rail on mount.
+  // Hydrate the workspace transcript + provider/model + skill rail on mount.
   useEffect(() => {
     let alive = true;
     (async () => {
@@ -53,6 +62,16 @@ export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
           ),
         );
       }
+      const provs = await App.namzuProviders();
+      if (alive && Array.isArray(provs) && provs.length > 0) {
+        setProviders(provs);
+        // providers-json sorts detected-first, so the first detected provider is
+        // the best default. Seed the model from its live list, else its registry
+        // default model id.
+        const def = provs.find((p) => p.detected) ?? provs[0];
+        setProvider(def.provider);
+        setModel(def.models[0]?.id ?? def.default ?? "");
+      }
       const sk = await App.namzuSkills();
       if (alive && Array.isArray(sk)) setSkills(sk);
     })();
@@ -117,7 +136,8 @@ export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
     setTree([]);
     setMessages((m) => [...m, { kind: "user", text }, { kind: "assistant", text: "", tools: [], streaming: true }]);
     const r = (await App.agentSendOpts(NAMZU_SESSION, text, {
-      model,
+      provider: provider || undefined,
+      model: model || undefined,
       skills: activeSkills,
     })) as Record<string, unknown>;
     if (r.ok && typeof r.turn_id === "string") {
@@ -145,35 +165,87 @@ export function Namzu({ brand, active }: { brand: Brand; active?: boolean }) {
     setActiveSkills((a) => (a.includes(name) ? a.filter((s) => s !== name) : [...a, name]));
   }
 
+  // Switching provider resets the model to that provider's default (its first
+  // listed model, else its registry default id), so a gemini→codex switch never
+  // carries a stale Claude id.
+  function selectProvider(p: NamzuProvider) {
+    setProvider(p.provider);
+    setModel(p.models[0]?.id ?? p.default ?? "");
+    setProviderOpen(false);
+    setModelOpen(false);
+  }
+
+  const current = providers.find((p) => p.provider === provider);
+  const models = current?.models ?? [];
+
   if (active === false) return null;
 
   return (
     <div className={conv.wrap}>
-      {/* Switcher row — model + skills, the orchestrator's per-turn config. */}
+      {/* Switcher row — provider + model + skills, the orchestrator's per-turn
+          config. Provider/model are dynamic per namzu providers-json. */}
       <div className={styles.switcher}>
         <span className={styles.brandMark}>{brand.name === "clawtool" ? "namzu" : brand.name}</span>
         <div className={styles.pickWrap}>
-          <button type="button" className={styles.pick} onClick={() => setModelOpen((v) => !v)}>
-            {model} <ChevronDown size={11} />
+          <button type="button" className={styles.pick} onClick={() => setProviderOpen((v) => !v)}>
+            {current ? current.label : provider || "provider"} <ChevronDown size={11} />
           </button>
-          {modelOpen && (
+          {providerOpen && (
             <div className={styles.menu}>
-              {MODELS.map((m) => (
-                <button
-                  key={m}
-                  type="button"
-                  className={styles.menuItem}
-                  onClick={() => {
-                    setModel(m);
-                    setModelOpen(false);
-                  }}
-                >
-                  {m}
-                </button>
-              ))}
+              {providers.length === 0 ? (
+                <div className={styles.menuEmpty}>No providers detected</div>
+              ) : (
+                providers.map((p) => (
+                  <button
+                    key={p.provider}
+                    type="button"
+                    className={`${styles.menuItem} ${p.provider === provider ? styles.menuItemOn : ""}`}
+                    onClick={() => selectProvider(p)}
+                    title={p.detected ? "credential detected" : "no credential found"}
+                  >
+                    <span className={`${styles.provDot} ${p.detected ? styles.provDotOn : ""}`} />
+                    {p.label}
+                  </button>
+                ))
+              )}
             </div>
           )}
         </div>
+        <div className={styles.pickWrap}>
+          {models.length > 0 ? (
+            <>
+              <button type="button" className={styles.pick} onClick={() => setModelOpen((v) => !v)}>
+                {model || "model"} <ChevronDown size={11} />
+              </button>
+              {modelOpen && (
+                <div className={styles.menu}>
+                  {models.map((mo) => (
+                    <button
+                      key={mo.id}
+                      type="button"
+                      className={`${styles.menuItem} ${mo.id === model ? styles.menuItemOn : ""}`}
+                      onClick={() => {
+                        setModel(mo.id);
+                        setModelOpen(false);
+                      }}
+                      title={mo.id}
+                    >
+                      {mo.name || mo.id}
+                    </button>
+                  ))}
+                </div>
+              )}
+            </>
+          ) : (
+            <input
+              className={styles.modelInput}
+              placeholder="model id"
+              value={model}
+              onChange={(e) => setModel(e.target.value)}
+              spellCheck={false}
+            />
+          )}
+        </div>
         <div className={styles.pickWrap}>
           <button type="button" className={styles.pick} onClick={() => setSkillOpen((v) => !v)}>
             skills: {activeSkills.length} <ChevronDown size={11} />
diff --git a/desktop/packages/bridge/src/app.ts b/desktop/packages/bridge/src/app.ts
index e67e77b..da853d2 100644
--- a/desktop/packages/bridge/src/app.ts
+++ b/desktop/packages/bridge/src/app.ts
@@ -8,6 +8,7 @@ import type {
   Brand,
   LanStatus,
   Mode,
+  NamzuProvider,
   NamzuSkill,
   NamzuTurnOpts,
   NetworkSnapshot,
@@ -111,6 +112,11 @@ export const App = {
   // Discovered skills for the Namzu tab's chip rail (namzu skills-json).
   namzuSkills: () => callJSON<NamzuSkill[]>("NamzuSkills", []),
 
+  // Providers + their model lists for the Namzu tab's provider/model pickers
+  // (namzu providers-json). Detected-credential providers sort first; an empty
+  // list degrades the pickers to a free-text model field.
+  namzuProviders: () => callJSON<NamzuProvider[]>("NamzuProviders", []),
+
   // Abort an in-flight turn by id — the conversation pane calls this when
   // the operator navigates away so a cross-device stream doesn't linger.
   agentCancel: (turnID: string) => callJSON<Result>("AgentCancel", OK_FALSE, turnID),
diff --git a/desktop/packages/bridge/src/types.ts b/desktop/packages/bridge/src/types.ts
index c034540..d85d645 100644
--- a/desktop/packages/bridge/src/types.ts
+++ b/desktop/packages/bridge/src/types.ts
@@ -136,8 +136,28 @@ export type AgentEvent = {
 // One skill discoverable by namzu — the Namzu tab's skill-chip source.
 export type NamzuSkill = { name: string; description?: string; source?: string };
 
+// One provider namzu can route to, with its detected-credential state and
+// concrete model list — the Namzu tab's provider + model pickers. `detected`
+// means a usable credential was found (env / clawtool secrets / Keychain /
+// probe); `default` is the registry's default model id for the provider;
+// `models` is the live per-provider list ({id,name}), empty when the provider
+// exposes no listing (then the tab falls back to a free-text model field
+// pre-filled with `default`). Matches `namzu providers-json`.
+export type NamzuProvider = {
+  provider: string;
+  label: string;
+  detected: boolean;
+  default: string;
+  models: Array<{ id: string; name: string }>;
+};
+
 // Per-turn selections the Namzu tab passes to the namzu runtime.
-export type NamzuTurnOpts = { model?: string; instance?: string; skills?: string[] };
+export type NamzuTurnOpts = {
+  provider?: string;
+  model?: string;
+  instance?: string;
+  skills?: string[];
+};
 
 // Wails runtime events emitted by the Go side.
 export type InstallStep = { level?: "ok" | "warn" | "fail"; label?: string; message?: string; raw?: string };
diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
index 02f37e1..dd5c886 160000
--- a/desktop/submodules/namzu
+++ b/desktop/submodules/namzu
@@ -1 +1 @@
-Subproject commit 02f37e1f5912e9efaa40a47bb8c3782138e0e630
+Subproject commit dd5c886f204477d758f608b5d97648387bc0519c
diff --git a/internal/server/http.go b/internal/server/http.go
index ce369fb..b503405 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -172,6 +172,14 @@ func ServeHTTP(ctx context.Context, opts HTTPOptions) error {
 	// and peer-aware like /v1/agents: a dashboard on one device can list the
 	// runs executing on another (including peer-triggered ones).
 	mux.Handle("/v1/runs", peerOrBearer(token, trustLoopback)(http.HandlerFunc(handleRuns)))
+	// /v1/runs/register + /v1/runs/{id}/status — the desktop registers its
+	// IN-PROCESS Namzu/Conversation turns here so the Sessions surface sees them
+	// (the run executes in the desktop process, not the daemon). authed
+	// (bearer/loopback) only — a remote peer must never write this device's
+	// registry. ServeMux routes the exact /v1/runs (above) to the GET list and
+	// these subpaths to their handlers (longest-match wins).
+	mux.Handle("/v1/runs/register", authed(http.HandlerFunc(handleRunsRegister)))
+	mux.Handle("/v1/runs/", authed(http.HandlerFunc(handleRunsStatus)))
 	mux.Handle("/v1/send_message", authed(http.HandlerFunc(handleSendMessage)))
 	mux.Handle("/v1/recipes", authed(http.HandlerFunc(handleRecipes)))
 	mux.Handle("/v1/recipe/apply", authed(http.HandlerFunc(handleRecipeApply)))
diff --git a/internal/server/runs_handler.go b/internal/server/runs_handler.go
index 859fa91..92a2ef7 100644
--- a/internal/server/runs_handler.go
+++ b/internal/server/runs_handler.go
@@ -3,6 +3,9 @@ package server
 import (
 	"crypto/rand"
 	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
 	"net/http"
 	"strings"
 	"time"
@@ -72,3 +75,71 @@ func titleFromPrompt(prompt string) string {
 	}
 	return t
 }
+
+// handleRunsRegister registers a run the desktop executes IN-PROCESS (a local
+// Namzu/Conversation turn) so the device-wide Sessions surface sees it. The
+// desktop owns the run_id (the turn id), so re-register is idempotent. The turn
+// itself runs in the desktop process, not here — this only TRACKS it.
+func handleRunsRegister(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		writeJSON(w, http.StatusMethodNotAllowed, map[string]any{"error": "POST only"})
+		return
+	}
+	var req struct {
+		RunID         string `json:"run_id"`
+		SessionID     string `json:"session_id,omitempty"`
+		AgentInstance string `json:"agent_instance,omitempty"`
+		Origin        string `json:"origin,omitempty"`
+		Title         string `json:"title,omitempty"`
+	}
+	if err := json.NewDecoder(io.LimitReader(r.Body, 1<<20)).Decode(&req); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": fmt.Sprintf("decode body: %v", err)})
+		return
+	}
+	if strings.TrimSpace(req.RunID) == "" {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": "run_id required"})
+		return
+	}
+	origin := req.Origin
+	if origin == "" {
+		origin = "local"
+	}
+	GetGlobalRunRegistry().Upsert(Run{
+		RunID:         req.RunID,
+		SessionID:     req.SessionID,
+		Status:        "running",
+		AgentInstance: req.AgentInstance,
+		AgentFamily:   familyOfInstance(req.AgentInstance),
+		Origin:        origin,
+		Title:         req.Title,
+		StartedAt:     time.Now(),
+	})
+	writeJSON(w, http.StatusOK, map[string]any{"ok": true, "run_id": req.RunID})
+}
+
+// handleRunsStatus updates a tracked run's status. Path:
+// POST /v1/runs/{run_id}/status with {"status":"idle"|"failed"|"done"}.
+func handleRunsStatus(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		writeJSON(w, http.StatusMethodNotAllowed, map[string]any{"error": "POST only"})
+		return
+	}
+	rest := strings.TrimPrefix(r.URL.Path, "/v1/runs/")
+	runID, tail, ok := strings.Cut(rest, "/")
+	if !ok || runID == "" || tail != "status" {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": "expected /v1/runs/{run_id}/status"})
+		return
+	}
+	var req struct {
+		Status string `json:"status"`
+	}
+	if err := json.NewDecoder(io.LimitReader(r.Body, 1<<20)).Decode(&req); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]any{"error": fmt.Sprintf("decode body: %v", err)})
+		return
+	}
+	if req.Status == "" {
+		req.Status = "idle"
+	}
+	GetGlobalRunRegistry().SetStatus(runID, req.Status)
+	writeJSON(w, http.StatusOK, map[string]any{"ok": true})
+}
diff --git a/internal/server/runs_handler_test.go b/internal/server/runs_handler_test.go
new file mode 100644
index 0000000..2ee0df7
--- /dev/null
+++ b/internal/server/runs_handler_test.go
@@ -0,0 +1,96 @@
+package server
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+// TestRunsRegisterStatusRoundTrip exercises the loopback contract the desktop
+// relies on: an IN-PROCESS Namzu turn registers itself (POST /v1/runs/register),
+// appears as "running" in the list (GET /v1/runs), then flips to "idle" when the
+// turn ends (POST /v1/runs/{id}/status). This is the wire half of Sessions
+// visibility for desktop-executed runs.
+func TestRunsRegisterStatusRoundTrip(t *testing.T) {
+	// Isolate from any other test's writes to the process-wide singleton.
+	GetGlobalRunRegistry().Remove("run_desktop_1")
+	t.Cleanup(func() { GetGlobalRunRegistry().Remove("run_desktop_1") })
+
+	// register
+	body := `{"run_id":"run_desktop_1","session_id":"sess-x","agent_instance":"namzu-document-analyzer","title":"summarize the spec"}`
+	rec := httptest.NewRecorder()
+	handleRunsRegister(rec, httptest.NewRequest(http.MethodPost, "/v1/runs/register", strings.NewReader(body)))
+	if rec.Code != http.StatusOK {
+		t.Fatalf("register: status %d, body %s", rec.Code, rec.Body.String())
+	}
+
+	// list → running, family derived from instance, origin defaulted to local
+	got := listRun(t, "run_desktop_1")
+	if got.Status != "running" {
+		t.Fatalf("after register: status = %q, want running", got.Status)
+	}
+	if got.AgentFamily != "namzu" {
+		t.Fatalf("family = %q, want namzu (derived from instance)", got.AgentFamily)
+	}
+	if got.Origin != "local" {
+		t.Fatalf("origin = %q, want local (default)", got.Origin)
+	}
+	if got.Title != "summarize the spec" {
+		t.Fatalf("title = %q", got.Title)
+	}
+
+	// status → idle
+	rec = httptest.NewRecorder()
+	handleRunsStatus(rec, httptest.NewRequest(http.MethodPost, "/v1/runs/run_desktop_1/status", strings.NewReader(`{"status":"idle"}`)))
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status: code %d, body %s", rec.Code, rec.Body.String())
+	}
+	if got := listRun(t, "run_desktop_1"); got.Status != "idle" {
+		t.Fatalf("after status: status = %q, want idle", got.Status)
+	}
+}
+
+// TestRunsStatusBadPath rejects a malformed status path rather than silently
+// mutating the wrong run.
+func TestRunsStatusBadPath(t *testing.T) {
+	rec := httptest.NewRecorder()
+	handleRunsStatus(rec, httptest.NewRequest(http.MethodPost, "/v1/runs/onlyid", strings.NewReader(`{}`)))
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("malformed path: code %d, want 400", rec.Code)
+	}
+}
+
+// TestRunsRegisterRequiresID rejects a body with no run_id.
+func TestRunsRegisterRequiresID(t *testing.T) {
+	rec := httptest.NewRecorder()
+	handleRunsRegister(rec, httptest.NewRequest(http.MethodPost, "/v1/runs/register", strings.NewReader(`{"title":"x"}`)))
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("missing run_id: code %d, want 400", rec.Code)
+	}
+}
+
+// listRun fetches GET /v1/runs and returns the run with the given id (fails the
+// test if absent).
+func listRun(t *testing.T, id string) Run {
+	t.Helper()
+	rec := httptest.NewRecorder()
+	handleRuns(rec, httptest.NewRequest(http.MethodGet, "/v1/runs", nil))
+	if rec.Code != http.StatusOK {
+		t.Fatalf("list: code %d", rec.Code)
+	}
+	var resp struct {
+		Runs []Run `json:"runs"`
+	}
+	if err := json.Unmarshal(rec.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("list decode: %v", err)
+	}
+	for _, r := range resp.Runs {
+		if r.RunID == id {
+			return r
+		}
+	}
+	t.Fatalf("run %q not in list", id)
+	return Run{}
+}

From dedbeae455a104469e40bbb9e17aee6d015c3dea Mon Sep 17 00:00:00 2001
From: bahadirarda <bahadirarda@users.noreply.github.com>
Date: Mon, 1 Jun 2026 14:43:57 +0300
Subject: [PATCH 86/86] fix(desktop): bump namzu to b776acf (bundle-safe
 version read)

The bundled namzu runtime crashed at startup (`Cannot find module
'../package.json'`) because the SDK/telemetry version modules read
package.json via createRequire at import time, which esbuild leaves as a
runtime require that can't resolve inside the single-file bundle. This
failed the installer's bundle smoke test (namzu --help / providers-json
died before output). namzu b776acf guards the read; the bundle now boots
and providers-json returns each detected provider's real model list.
---
 desktop/submodules/namzu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/desktop/submodules/namzu b/desktop/submodules/namzu
index dd5c886..b776acf 160000
--- a/desktop/submodules/namzu
+++ b/desktop/submodules/namzu
@@ -1 +1 @@
-Subproject commit dd5c886f204477d758f608b5d97648387bc0519c
+Subproject commit b776acfc1be0c7261afe833c1fab181c1385c45c